From b7a277472bf6264aa69a72c248542ea0e879ab76 Mon Sep 17 00:00:00 2001 From: Gerhard Rieger Date: Sun, 3 Jan 2021 07:43:00 +0100 Subject: [PATCH] With OPENSSL_API_COMPAT=0x10000000L the files openssl/dh.h, openssl/bn.h must be included --- CHANGES | 7 +++++++ config.h.in | 6 ++++++ configure.ac | 15 ++++++++------- sslcls.c | 14 ++++++++++++++ sslcls.h | 2 ++ sysincludes.h | 2 ++ xio-openssl.c | 13 ++++++++++--- 7 files changed, 49 insertions(+), 10 deletions(-) diff --git a/CHANGES b/CHANGES index a70cc89..c324fac 100644 --- a/CHANGES +++ b/CHANGES @@ -101,6 +101,13 @@ Porting: OpenSSL set-macros and substitute deprecated version-specific methods. Test: OPENSSL_MIN_VERSION + With OpenSSL use OPENSSL_init_SSL when available, instead of deprecated + SSL_library_init. + + With OPENSSL_API_COMPAT=0x10000000L the files openssl/dh.h, openssl/bn.h + must explicitely be included. + Thanks to Rosen Penev for reporting and sending a patch. + Testing: test.sh now produces a list of tests that could not be performed for any reason. This helps to analyse these cases. diff --git a/config.h.in b/config.h.in index 3b963c6..446ae9e 100644 --- a/config.h.in +++ b/config.h.in @@ -447,6 +447,12 @@ # define HAVE_TERMIOS_SPEED 1 #endif +/* Define if you have the OPENSSL_init_ssl function */ +#undef HAVE_OPENSSL_init_ssl + +/* Define if you have the SSL_library_init function */ +#undef HAVE_SSL_library_init + /* Define if you have the SSLv2 client and server method functions. not in new openssl */ #undef HAVE_SSLv2_client_method #undef HAVE_SSLv2_server_method diff --git a/configure.ac b/configure.ac index 3242dce..9b0dfe8 100644 --- a/configure.ac +++ b/configure.ac @@ -550,17 +550,16 @@ if test -n "$WITH_OPENSSL" -a "$sc_cv_have_openssl_ssl_h" = 'yes'; then AC_CACHE_VAL(sc_cv_have_libssl, [ LIBS0="$LIBS" if test -n "$OPENSSL_BASE"; then - L="$OPENSSL_BASE/lib"; LIBS="$LIBS -L$L -lssl" + L="$OPENSSL_BASE/lib"; LIBS="$LIBS -L$L -lssl -lcrypto" else - LIBS="$LIBS -lssl" + LIBS="$LIBS -lssl -lcrypto" fi AC_TRY_LINK([#include ], - [SSL_library_init();ERR_error_string()], - [sc_cv_have_libssl='yes'], - [ LIBS="$LIBS -lcrypto" - AC_TRY_LINK([#include ], + [OPENSSL_init_ssl(0,NULL)], + [sc_cv_have_libssl='yes'; sc_cv_have_OPENSSL_init_ssl='yes'; AC_DEFINE(HAVE_OPENSSL_init_ssl)], + [AC_TRY_LINK([#include ], [SSL_library_init()], - [sc_cv_have_libssl='yes'], + [sc_cv_have_libssl='yes'; sc_cv_have_SSL_library_init='yes'; AC_DEFINE(HAVE_SSL_library_init)], [sc_cv_have_libssl='no']) ]) if test "$sc_cv_have_libssl" != 'yes'; then @@ -1521,6 +1520,8 @@ AC_CHECK_FUNC(ASN1_STRING_get0_data, AC_DEFINE(HAVE_ASN1_STRING_get0_data), AC_C AC_CHECK_FUNC(RAND_status, AC_DEFINE(HAVE_RAND_status)) AC_CHECK_FUNC(SSL_CTX_clear_mode, AC_DEFINE(HAVE_SSL_CTX_clear_mode)) AC_CHECK_FUNC(SSL_set_tlsext_host_name, AC_DEFINE(HAVE_SSL_set_tlsext_host_name)) +AC_CHECK_FUNC(SSL_library_init, AC_DEFINE(HAVE_SSL_library_init)) +AC_CHECK_FUNC(ERR_error_string, AC_DEFINE(HAVE_ERR_error_string)) AC_MSG_CHECKING(for type EC_KEY) AC_CACHE_VAL(sc_cv_type_EC_TYPE, diff --git a/sslcls.c b/sslcls.c index 48943fe..a05e382 100644 --- a/sslcls.c +++ b/sslcls.c @@ -21,12 +21,25 @@ #include "sysutils.h" #include "sycls.h" +#if HAVE_OPENSSL_init_ssl +int sycOPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings) { + int result; + Debug2("OPENSSL_init_ssl("F_uint64_t", %p)", opts, settings); + result = OPENSSL_init_ssl(opts, settings); + Debug1("OPENSSL_init_ssl() -> %d", result); + return result; +} +#endif + +#if !HAVE_OPENSSL_init_ssl void sycSSL_load_error_strings(void) { Debug("SSL_load_error_strings()"); SSL_load_error_strings(); Debug("SSL_load_error_strings() ->"); } +#endif +#if !HAVE_OPENSSL_init_ssl int sycSSL_library_init(void) { int result; Debug("SSL_library_init()"); @@ -34,6 +47,7 @@ int sycSSL_library_init(void) { Debug1("SSL_library_init() -> %d", result); return result; } +#endif #if HAVE_TLS_client_method const SSL_METHOD *sycTLS_client_method(void) { diff --git a/sslcls.h b/sslcls.h index c4c2d7d..a62237e 100644 --- a/sslcls.h +++ b/sslcls.h @@ -8,6 +8,7 @@ #if WITH_SYCLS #if WITH_OPENSSL +int sycOPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings); void sycSSL_load_error_strings(void); int sycSSL_library_init(void); const SSL_METHOD *sycTLS_client_method(void); @@ -73,6 +74,7 @@ const char *sycSSL_COMP_get_name(const COMP_METHOD *comp); #if WITH_OPENSSL +#define sycOPENSSL_init_ssl(o,s) OPENSSL_init_ssl(o,s) #define sycSSL_load_error_strings() SSL_load_error_strings() #define sycSSL_library_init() SSL_library_init() #define sycTLS_client_method() TLS_client_method() diff --git a/sysincludes.h b/sysincludes.h index 4a63cc4..4170f27 100644 --- a/sysincludes.h +++ b/sysincludes.h @@ -184,6 +184,8 @@ #include #include #include +#include +#include #endif #if HAVE_LINUX_VM_SOCKETS_H #include diff --git a/xio-openssl.c b/xio-openssl.c index 38645c2..473cedc 100644 --- a/xio-openssl.c +++ b/xio-openssl.c @@ -956,14 +956,21 @@ int openssl_delete_cert_info(); + /* OpenSSL preparation */ +#if HAVE_OPENSSL_init_ssl + { + OPENSSL_INIT_SETTINGS *settings; + settings = OPENSSL_INIT_new(); + sycOPENSSL_init_ssl(0, settings); + } +#else + sycSSL_library_init(); OpenSSL_add_all_algorithms(); OpenSSL_add_all_ciphers(); OpenSSL_add_all_digests(); sycSSL_load_error_strings(); +#endif - /* OpenSSL preparation */ - sycSSL_library_init(); - /*! actions_to_seed_PRNG();*/ if (!server) {