summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAlexander Kanavin <alexander.kanavin@linux.intel.com>2017-05-10 17:13:25 +0300
committerRichard Purdie <richard.purdie@linuxfoundation.org>2017-05-18 14:01:39 +0100
commit98efbb3183a33f0a94456fd8cfe040d82a12afc3 (patch)
tree0bb292f71986a0f6263f39741e77fbacb0fa06ea
parent82a47a2748869a20e992b72bcc104ae2ab81a3cc (diff)
downloadopenembedded-core-contrib-98efbb3183a33f0a94456fd8cfe040d82a12afc3.tar.gz
openembedded-core-contrib-98efbb3183a33f0a94456fd8cfe040d82a12afc3.tar.bz2
openembedded-core-contrib-98efbb3183a33f0a94456fd8cfe040d82a12afc3.zip
apr-util: add support for openssl 1.1 via backported patch
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
-rw-r--r--meta/recipes-support/apr/apr-util/openssl-1.1.patch253
-rw-r--r--meta/recipes-support/apr/apr-util_1.5.4.bb1
2 files changed, 254 insertions, 0 deletions
diff --git a/meta/recipes-support/apr/apr-util/openssl-1.1.patch b/meta/recipes-support/apr/apr-util/openssl-1.1.patch
new file mode 100644
index 0000000000..891c14183a
--- /dev/null
+++ b/meta/recipes-support/apr/apr-util/openssl-1.1.patch
@@ -0,0 +1,253 @@
+# commit f163d8b5af9185de80d24b4dd13951dd64872aa6
+# Author: Rainer Jung <rjung@apache.org>
+# Date: Sun Feb 7 14:40:46 2016 +0000
+#
+# Add support for OpenSSL 1.1.0:
+# - Switch configure test for OpenSSL libcrypto
+# from BN_init() to BN_new().
+# - BN_init() is gone in OpenSSL 1.1.0.
+# BN_new() exists at least since 0.9.8.
+# - use OPENSSL_malloc_init() instead of
+# CRYPTO_malloc_init
+# - make cipherCtx a pointer. Type EVP_CIPHER_CTX
+# is now opaque.
+# - use EVP_CIPHER_CTX_new() in init() functions
+# if initialised flag is not set (and set flag)
+# - use EVP_CIPHER_CTX_free() in cleanup function
+# - Improve reuse cleanup
+# - call EVP_CIPHER_CTX_reset() resp.
+# EVP_CIPHER_CTX_cleanup() in finish functions
+# - call EVP_CIPHER_CTX_reset() resp.
+# EVP_CIPHER_CTX_cleanup() when Update fails
+# Backport of r1728958 and r1728963 from trunk.
+#
+#
+# git-svn-id: https://svn.apache.org/repos/asf/apr/apr-util/branches/1.5.x@1728969 13f79535-47bb-0310-9956-ffa450edef68
+#
+
+Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
+Upstream-Status: Backport
+diff --git a/build/crypto.m4 b/build/crypto.m4
+index 9f9be6f..57884e3 100644
+--- a/build/crypto.m4
++++ b/build/crypto.m4
+@@ -88,7 +88,7 @@ AC_DEFUN([APU_CHECK_CRYPTO_OPENSSL], [
+ [
+ if test "$withval" = "yes"; then
+ AC_CHECK_HEADERS(openssl/x509.h, [openssl_have_headers=1])
+- AC_CHECK_LIB(crypto, BN_init, AC_CHECK_LIB(ssl, SSL_accept, [openssl_have_libs=1],,-lcrypto))
++ AC_CHECK_LIB(crypto, BN_new, AC_CHECK_LIB(ssl, SSL_accept, [openssl_have_libs=1],,-lcrypto))
+ if test "$openssl_have_headers" != "0" && test "$openssl_have_libs" != "0"; then
+ apu_have_openssl=1
+ fi
+@@ -104,7 +104,7 @@ AC_DEFUN([APU_CHECK_CRYPTO_OPENSSL], [
+
+ AC_MSG_NOTICE(checking for openssl in $withval)
+ AC_CHECK_HEADERS(openssl/x509.h, [openssl_have_headers=1])
+- AC_CHECK_LIB(crypto, BN_init, AC_CHECK_LIB(ssl, SSL_accept, [openssl_have_libs=1],,-lcrypto))
++ AC_CHECK_LIB(crypto, BN_new, AC_CHECK_LIB(ssl, SSL_accept, [openssl_have_libs=1],,-lcrypto))
+ if test "$openssl_have_headers" != "0" && test "$openssl_have_libs" != "0"; then
+ apu_have_openssl=1
+ APR_ADDTO(APRUTIL_LDFLAGS, [-L$withval/lib])
+@@ -113,7 +113,7 @@ AC_DEFUN([APU_CHECK_CRYPTO_OPENSSL], [
+
+ if test "$apu_have_openssl" != "1"; then
+ AC_CHECK_HEADERS(openssl/x509.h, [openssl_have_headers=1])
+- AC_CHECK_LIB(crypto, BN_init, AC_CHECK_LIB(ssl, SSL_accept, [openssl_have_libs=1],,-lcrypto))
++ AC_CHECK_LIB(crypto, BN_new, AC_CHECK_LIB(ssl, SSL_accept, [openssl_have_libs=1],,-lcrypto))
+ if test "$openssl_have_headers" != "0" && test "$openssl_have_libs" != "0"; then
+ apu_have_openssl=1
+ APR_ADDTO(APRUTIL_LDFLAGS, [-L$withval/lib])
+diff --git a/crypto/apr_crypto_openssl.c b/crypto/apr_crypto_openssl.c
+index 0740f93..7d61fca 100644
+--- a/crypto/apr_crypto_openssl.c
++++ b/crypto/apr_crypto_openssl.c
+@@ -64,7 +64,7 @@ struct apr_crypto_block_t {
+ apr_pool_t *pool;
+ const apr_crypto_driver_t *provider;
+ const apr_crypto_t *f;
+- EVP_CIPHER_CTX cipherCtx;
++ EVP_CIPHER_CTX *cipherCtx;
+ int initialised;
+ int ivSize;
+ int blockSize;
+@@ -111,7 +111,11 @@ static apr_status_t crypto_shutdown_helper(void *data)
+ static apr_status_t crypto_init(apr_pool_t *pool, const char *params,
+ const apu_err_t **result)
+ {
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ CRYPTO_malloc_init();
++#else
++ OPENSSL_malloc_init();
++#endif
+ ERR_load_crypto_strings();
+ /* SSL_load_error_strings(); */
+ OpenSSL_add_all_algorithms();
+@@ -134,7 +138,7 @@ static apr_status_t crypto_block_cleanup(apr_crypto_block_t *ctx)
+ {
+
+ if (ctx->initialised) {
+- EVP_CIPHER_CTX_cleanup(&ctx->cipherCtx);
++ EVP_CIPHER_CTX_free(ctx->cipherCtx);
+ ctx->initialised = 0;
+ }
+
+@@ -491,8 +495,10 @@ static apr_status_t crypto_block_encrypt_init(apr_crypto_block_t **ctx,
+ apr_pool_cleanup_null);
+
+ /* create a new context for encryption */
+- EVP_CIPHER_CTX_init(&block->cipherCtx);
+- block->initialised = 1;
++ if (!block->initialised) {
++ block->cipherCtx = EVP_CIPHER_CTX_new();
++ block->initialised = 1;
++ }
+
+ /* generate an IV, if necessary */
+ usedIv = NULL;
+@@ -519,16 +525,16 @@ static apr_status_t crypto_block_encrypt_init(apr_crypto_block_t **ctx,
+
+ /* set up our encryption context */
+ #if CRYPTO_OPENSSL_CONST_BUFFERS
+- if (!EVP_EncryptInit_ex(&block->cipherCtx, key->cipher, config->engine,
++ if (!EVP_EncryptInit_ex(block->cipherCtx, key->cipher, config->engine,
+ key->key, usedIv)) {
+ #else
+- if (!EVP_EncryptInit_ex(&block->cipherCtx, key->cipher, config->engine, (unsigned char *) key->key, (unsigned char *) usedIv)) {
++ if (!EVP_EncryptInit_ex(block->cipherCtx, key->cipher, config->engine, (unsigned char *) key->key, (unsigned char *) usedIv)) {
+ #endif
+ return APR_EINIT;
+ }
+
+ /* Clear up any read padding */
+- if (!EVP_CIPHER_CTX_set_padding(&block->cipherCtx, key->doPad)) {
++ if (!EVP_CIPHER_CTX_set_padding(block->cipherCtx, key->doPad)) {
+ return APR_EPADDING;
+ }
+
+@@ -582,11 +588,16 @@ static apr_status_t crypto_block_encrypt(unsigned char **out,
+ }
+
+ #if CRYPT_OPENSSL_CONST_BUFFERS
+- if (!EVP_EncryptUpdate(&ctx->cipherCtx, (*out), &outl, in, inlen)) {
++ if (!EVP_EncryptUpdate(ctx->cipherCtx, (*out), &outl, in, inlen)) {
+ #else
+- if (!EVP_EncryptUpdate(&ctx->cipherCtx, (*out), &outl,
++ if (!EVP_EncryptUpdate(ctx->cipherCtx, (*out), &outl,
+ (unsigned char *) in, inlen)) {
+ #endif
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
++ EVP_CIPHER_CTX_cleanup(ctx->cipherCtx);
++#else
++ EVP_CIPHER_CTX_reset(ctx->cipherCtx);
++#endif
+ return APR_ECRYPT;
+ }
+ *outlen = outl;
+@@ -616,14 +627,22 @@ static apr_status_t crypto_block_encrypt(unsigned char **out,
+ static apr_status_t crypto_block_encrypt_finish(unsigned char *out,
+ apr_size_t *outlen, apr_crypto_block_t *ctx)
+ {
++ apr_status_t rc = APR_SUCCESS;
+ int len = *outlen;
+
+- if (EVP_EncryptFinal_ex(&ctx->cipherCtx, out, &len) == 0) {
+- return APR_EPADDING;
++ if (EVP_EncryptFinal_ex(ctx->cipherCtx, out, &len) == 0) {
++ rc = APR_EPADDING;
++ }
++ else {
++ *outlen = len;
+ }
+- *outlen = len;
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
++ EVP_CIPHER_CTX_cleanup(ctx->cipherCtx);
++#else
++ EVP_CIPHER_CTX_reset(ctx->cipherCtx);
++#endif
+
+- return APR_SUCCESS;
++ return rc;
+
+ }
+
+@@ -662,8 +681,10 @@ static apr_status_t crypto_block_decrypt_init(apr_crypto_block_t **ctx,
+ apr_pool_cleanup_null);
+
+ /* create a new context for encryption */
+- EVP_CIPHER_CTX_init(&block->cipherCtx);
+- block->initialised = 1;
++ if (!block->initialised) {
++ block->cipherCtx = EVP_CIPHER_CTX_new();
++ block->initialised = 1;
++ }
+
+ /* generate an IV, if necessary */
+ if (key->ivSize) {
+@@ -674,16 +695,16 @@ static apr_status_t crypto_block_decrypt_init(apr_crypto_block_t **ctx,
+
+ /* set up our encryption context */
+ #if CRYPTO_OPENSSL_CONST_BUFFERS
+- if (!EVP_DecryptInit_ex(&block->cipherCtx, key->cipher, config->engine,
++ if (!EVP_DecryptInit_ex(block->cipherCtx, key->cipher, config->engine,
+ key->key, iv)) {
+ #else
+- if (!EVP_DecryptInit_ex(&block->cipherCtx, key->cipher, config->engine, (unsigned char *) key->key, (unsigned char *) iv)) {
++ if (!EVP_DecryptInit_ex(block->cipherCtx, key->cipher, config->engine, (unsigned char *) key->key, (unsigned char *) iv)) {
+ #endif
+ return APR_EINIT;
+ }
+
+ /* Clear up any read padding */
+- if (!EVP_CIPHER_CTX_set_padding(&block->cipherCtx, key->doPad)) {
++ if (!EVP_CIPHER_CTX_set_padding(block->cipherCtx, key->doPad)) {
+ return APR_EPADDING;
+ }
+
+@@ -737,11 +758,16 @@ static apr_status_t crypto_block_decrypt(unsigned char **out,
+ }
+
+ #if CRYPT_OPENSSL_CONST_BUFFERS
+- if (!EVP_DecryptUpdate(&ctx->cipherCtx, *out, &outl, in, inlen)) {
++ if (!EVP_DecryptUpdate(ctx->cipherCtx, *out, &outl, in, inlen)) {
+ #else
+- if (!EVP_DecryptUpdate(&ctx->cipherCtx, *out, &outl, (unsigned char *) in,
++ if (!EVP_DecryptUpdate(ctx->cipherCtx, *out, &outl, (unsigned char *) in,
+ inlen)) {
+ #endif
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
++ EVP_CIPHER_CTX_cleanup(ctx->cipherCtx);
++#else
++ EVP_CIPHER_CTX_reset(ctx->cipherCtx);
++#endif
+ return APR_ECRYPT;
+ }
+ *outlen = outl;
+@@ -771,15 +797,22 @@ static apr_status_t crypto_block_decrypt(unsigned char **out,
+ static apr_status_t crypto_block_decrypt_finish(unsigned char *out,
+ apr_size_t *outlen, apr_crypto_block_t *ctx)
+ {
+-
++ apr_status_t rc = APR_SUCCESS;
+ int len = *outlen;
+
+- if (EVP_DecryptFinal_ex(&ctx->cipherCtx, out, &len) == 0) {
+- return APR_EPADDING;
++ if (EVP_DecryptFinal_ex(ctx->cipherCtx, out, &len) == 0) {
++ rc = APR_EPADDING;
+ }
+- *outlen = len;
++ else {
++ *outlen = len;
++ }
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
++ EVP_CIPHER_CTX_cleanup(ctx->cipherCtx);
++#else
++ EVP_CIPHER_CTX_reset(ctx->cipherCtx);
++#endif
+
+- return APR_SUCCESS;
++ return rc;
+
+ }
+
diff --git a/meta/recipes-support/apr/apr-util_1.5.4.bb b/meta/recipes-support/apr/apr-util_1.5.4.bb
index 2b8676fef3..64f4d94d8b 100644
--- a/meta/recipes-support/apr/apr-util_1.5.4.bb
+++ b/meta/recipes-support/apr/apr-util_1.5.4.bb
@@ -13,6 +13,7 @@ SRC_URI = "${APACHE_MIRROR}/apr/${BPN}-${PV}.tar.gz \
file://configfix.patch \
file://configure_fixes.patch \
file://run-ptest \
+ file://openssl-1.1.patch \
"
SRC_URI[md5sum] = "866825c04da827c6e5f53daff5569f42"