summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorylavic <ylavic@13f79535-47bb-0310-9956-ffa450edef68>2017-10-08 11:32:30 +0000
committerylavic <ylavic@13f79535-47bb-0310-9956-ffa450edef68>2017-10-08 11:32:30 +0000
commit604dd682bebe8221a1714344328be2aa24693c1b (patch)
tree4884082a71f45521c62f1173ebbe79a5fb09789f
parent6acade4077aa9355fdd35dccb9ae6beae277dad8 (diff)
downloadlibapr-util-604dd682bebe8221a1714344328be2aa24693c1b.tar.gz
Merge r1811470 from trunk:
apr_crypto: Fix compatibility with LibreSSL. PR 61596. Proposed by: Bernard Spil <brnrd freebsd.org> Reviewed by: ylavic git-svn-id: http://svn.apache.org/repos/asf/apr/apr-util/branches/1.6.x@1811471 13f79535-47bb-0310-9956-ffa450edef68
Diffstat
-rw-r--r--CHANGES3
-rw-r--r--crypto/apr_crypto_openssl.c25
2 files changed, 22 insertions, 6 deletions
diff --git a/CHANGES b/CHANGES
index d836fa9f..de5e8858 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,9 @@
-*- coding: utf-8 -*-
Changes with APR-util 1.6.1
+ *) apr_crypto: Fix compatibility with LibreSSL. PR 61596.
+ [Bernard Spil <brnrd freebsd.org>, Yann Ylavic]
+
*) sdbm: better database/page validation to fail cleanly when corrupted.
[Yann Ylavic]
diff --git a/crypto/apr_crypto_openssl.c b/crypto/apr_crypto_openssl.c
index 8989a2f6..310bb2c7 100644
--- a/crypto/apr_crypto_openssl.c
+++ b/crypto/apr_crypto_openssl.c
@@ -31,10 +31,23 @@
#if APU_HAVE_CRYPTO
#include <openssl/evp.h>
+#include <openssl/rand.h>
#include <openssl/engine.h>
#define LOG_PREFIX "apr_crypto_openssl: "
+#ifndef APR_USE_OPENSSL_PRE_1_1_API
+#if defined(LIBRESSL_VERSION_NUMBER)
+/* LibreSSL declares OPENSSL_VERSION_NUMBER == 2.0 but does not include most
+ * changes from OpenSSL >= 1.1 (new functions, macros, deprecations, ...), so
+ * we have to work around this...
+ */
+#define APR_USE_OPENSSL_PRE_1_1_API (1)
+#else
+#define APR_USE_OPENSSL_PRE_1_1_API (OPENSSL_VERSION_NUMBER < 0x10100000L)
+#endif
+#endif
+
struct apr_crypto_t {
apr_pool_t *pool;
const apr_crypto_driver_t *provider;
@@ -117,8 +130,8 @@ static apr_status_t crypto_shutdown_helper(void *data)
static apr_status_t crypto_init(apr_pool_t *pool, const char *params,
const apu_err_t **result)
{
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
- CRYPTO_malloc_init();
+#if APR_USE_OPENSSL_PRE_1_1_API
+ (void)CRYPTO_malloc_init();
#else
OPENSSL_malloc_init();
#endif
@@ -721,7 +734,7 @@ static apr_status_t crypto_block_encrypt(unsigned char **out,
if (!EVP_EncryptUpdate(ctx->cipherCtx, (*out), &outl,
(unsigned char *) in, inlen)) {
#endif
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if APR_USE_OPENSSL_PRE_1_1_API
EVP_CIPHER_CTX_cleanup(ctx->cipherCtx);
#else
EVP_CIPHER_CTX_reset(ctx->cipherCtx);
@@ -764,7 +777,7 @@ static apr_status_t crypto_block_encrypt_finish(unsigned char *out,
else {
*outlen = len;
}
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if APR_USE_OPENSSL_PRE_1_1_API
EVP_CIPHER_CTX_cleanup(ctx->cipherCtx);
#else
EVP_CIPHER_CTX_reset(ctx->cipherCtx);
@@ -891,7 +904,7 @@ static apr_status_t crypto_block_decrypt(unsigned char **out,
if (!EVP_DecryptUpdate(ctx->cipherCtx, *out, &outl, (unsigned char *) in,
inlen)) {
#endif
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if APR_USE_OPENSSL_PRE_1_1_API
EVP_CIPHER_CTX_cleanup(ctx->cipherCtx);
#else
EVP_CIPHER_CTX_reset(ctx->cipherCtx);
@@ -934,7 +947,7 @@ static apr_status_t crypto_block_decrypt_finish(unsigned char *out,
else {
*outlen = len;
}
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if APR_USE_OPENSSL_PRE_1_1_API
EVP_CIPHER_CTX_cleanup(ctx->cipherCtx);
#else
EVP_CIPHER_CTX_reset(ctx->cipherCtx);
View Lorry Controller Status