diff options
author | ylavic <ylavic@13f79535-47bb-0310-9956-ffa450edef68> | 2017-10-08 11:32:30 +0000 |
---|---|---|
committer | ylavic <ylavic@13f79535-47bb-0310-9956-ffa450edef68> | 2017-10-08 11:32:30 +0000 |
commit | 604dd682bebe8221a1714344328be2aa24693c1b (patch) | |
tree | 4884082a71f45521c62f1173ebbe79a5fb09789f | |
parent | 6acade4077aa9355fdd35dccb9ae6beae277dad8 (diff) | |
download | libapr-util-604dd682bebe8221a1714344328be2aa24693c1b.tar.gz |
Merge r1811470 from trunk:
apr_crypto: Fix compatibility with LibreSSL. PR 61596.
Proposed by: Bernard Spil <brnrd freebsd.org>
Reviewed by: ylavic
git-svn-id: http://svn.apache.org/repos/asf/apr/apr-util/branches/1.6.x@1811471 13f79535-47bb-0310-9956-ffa450edef68
-rw-r--r-- | CHANGES | 3 | ||||
-rw-r--r-- | crypto/apr_crypto_openssl.c | 25 |
2 files changed, 22 insertions, 6 deletions
@@ -1,6 +1,9 @@ -*- coding: utf-8 -*- Changes with APR-util 1.6.1 + *) apr_crypto: Fix compatibility with LibreSSL. PR 61596. + [Bernard Spil <brnrd freebsd.org>, Yann Ylavic] + *) sdbm: better database/page validation to fail cleanly when corrupted. [Yann Ylavic] diff --git a/crypto/apr_crypto_openssl.c b/crypto/apr_crypto_openssl.c index 8989a2f6..310bb2c7 100644 --- a/crypto/apr_crypto_openssl.c +++ b/crypto/apr_crypto_openssl.c @@ -31,10 +31,23 @@ #if APU_HAVE_CRYPTO #include <openssl/evp.h> +#include <openssl/rand.h> #include <openssl/engine.h> #define LOG_PREFIX "apr_crypto_openssl: " +#ifndef APR_USE_OPENSSL_PRE_1_1_API +#if defined(LIBRESSL_VERSION_NUMBER) +/* LibreSSL declares OPENSSL_VERSION_NUMBER == 2.0 but does not include most + * changes from OpenSSL >= 1.1 (new functions, macros, deprecations, ...), so + * we have to work around this... + */ +#define APR_USE_OPENSSL_PRE_1_1_API (1) +#else +#define APR_USE_OPENSSL_PRE_1_1_API (OPENSSL_VERSION_NUMBER < 0x10100000L) +#endif +#endif + struct apr_crypto_t { apr_pool_t *pool; const apr_crypto_driver_t *provider; @@ -117,8 +130,8 @@ static apr_status_t crypto_shutdown_helper(void *data) static apr_status_t crypto_init(apr_pool_t *pool, const char *params, const apu_err_t **result) { -#if OPENSSL_VERSION_NUMBER < 0x10100000L - CRYPTO_malloc_init(); +#if APR_USE_OPENSSL_PRE_1_1_API + (void)CRYPTO_malloc_init(); #else OPENSSL_malloc_init(); #endif @@ -721,7 +734,7 @@ static apr_status_t crypto_block_encrypt(unsigned char **out, if (!EVP_EncryptUpdate(ctx->cipherCtx, (*out), &outl, (unsigned char *) in, inlen)) { #endif -#if OPENSSL_VERSION_NUMBER < 0x10100000L +#if APR_USE_OPENSSL_PRE_1_1_API EVP_CIPHER_CTX_cleanup(ctx->cipherCtx); #else EVP_CIPHER_CTX_reset(ctx->cipherCtx); @@ -764,7 +777,7 @@ static apr_status_t crypto_block_encrypt_finish(unsigned char *out, else { *outlen = len; } -#if OPENSSL_VERSION_NUMBER < 0x10100000L +#if APR_USE_OPENSSL_PRE_1_1_API EVP_CIPHER_CTX_cleanup(ctx->cipherCtx); #else EVP_CIPHER_CTX_reset(ctx->cipherCtx); @@ -891,7 +904,7 @@ static apr_status_t crypto_block_decrypt(unsigned char **out, if (!EVP_DecryptUpdate(ctx->cipherCtx, *out, &outl, (unsigned char *) in, inlen)) { #endif -#if OPENSSL_VERSION_NUMBER < 0x10100000L +#if APR_USE_OPENSSL_PRE_1_1_API EVP_CIPHER_CTX_cleanup(ctx->cipherCtx); #else EVP_CIPHER_CTX_reset(ctx->cipherCtx); @@ -934,7 +947,7 @@ static apr_status_t crypto_block_decrypt_finish(unsigned char *out, else { *outlen = len; } -#if OPENSSL_VERSION_NUMBER < 0x10100000L +#if APR_USE_OPENSSL_PRE_1_1_API EVP_CIPHER_CTX_cleanup(ctx->cipherCtx); #else EVP_CIPHER_CTX_reset(ctx->cipherCtx); |