diff options
author | rjung <rjung@13f79535-47bb-0310-9956-ffa450edef68> | 2016-02-23 19:09:34 +0000 |
---|---|---|
committer | rjung <rjung@13f79535-47bb-0310-9956-ffa450edef68> | 2016-02-23 19:09:34 +0000 |
commit | 9a3238f9576e6125cf98b07503d49e98f1743b03 (patch) | |
tree | 1819aa2b0f5218b0287be0a645e83eaa1c0a05e2 | |
parent | 7c91f8033272842754f01364351b9b60eb503ae5 (diff) | |
download | libapr-util-1.4.x.tar.gz |
Revert r1728973 and r17289701.4.x
(support for OpenSSL 1.1.0).
Consensus seems to be to no longer maintain
the 1.4.x branch.
git-svn-id: http://svn.apache.org/repos/asf/apr/apr-util/branches/1.4.x@1731930 13f79535-47bb-0310-9956-ffa450edef68
-rw-r--r-- | CHANGES | 3 | ||||
-rw-r--r-- | build/crypto.m4 | 6 | ||||
-rw-r--r-- | crypto/apr_crypto_openssl.c | 83 |
3 files changed, 28 insertions, 64 deletions
@@ -1,9 +1,6 @@ -*- coding: utf-8 -*- Changes with APR-util 1.4.3 - *) apr_crypto_openssl: Add support for OpenSSL 1.1.0. - [Rainer Jung] - *) Fix potential data corruption in apr_brigade_write() and friends if the last bucket of the brigade is a heap bucket that has been split, and there are still references to the next part of the original bucket diff --git a/build/crypto.m4 b/build/crypto.m4 index 97dbb34b..ef1a95db 100644 --- a/build/crypto.m4 +++ b/build/crypto.m4 @@ -62,7 +62,7 @@ AC_DEFUN([APU_CHECK_CRYPTO_OPENSSL], [ [ if test "$withval" = "yes"; then AC_CHECK_HEADERS(openssl/x509.h, [openssl_have_headers=1]) - AC_CHECK_LIB(crypto, BN_new, AC_CHECK_LIB(ssl, SSL_accept, [openssl_have_libs=1],,-lcrypto)) + AC_CHECK_LIB(crypto, BN_init, AC_CHECK_LIB(ssl, SSL_accept, [openssl_have_libs=1],,-lcrypto)) if test "$openssl_have_headers" != "0" && test "$openssl_have_libs" != "0"; then apu_have_openssl=1 fi @@ -78,7 +78,7 @@ AC_DEFUN([APU_CHECK_CRYPTO_OPENSSL], [ AC_MSG_NOTICE(checking for openssl in $withval) AC_CHECK_HEADERS(openssl/x509.h, [openssl_have_headers=1]) - AC_CHECK_LIB(crypto, BN_new, AC_CHECK_LIB(ssl, SSL_accept, [openssl_have_libs=1],,-lcrypto)) + AC_CHECK_LIB(crypto, BN_init, AC_CHECK_LIB(ssl, SSL_accept, [openssl_have_libs=1],,-lcrypto)) if test "$openssl_have_headers" != "0" && test "$openssl_have_libs" != "0"; then apu_have_openssl=1 APR_ADDTO(APRUTIL_LDFLAGS, [-L$withval/lib]) @@ -87,7 +87,7 @@ AC_DEFUN([APU_CHECK_CRYPTO_OPENSSL], [ if test "$apu_have_openssl" != "1"; then AC_CHECK_HEADERS(openssl/x509.h, [openssl_have_headers=1]) - AC_CHECK_LIB(crypto, BN_new, AC_CHECK_LIB(ssl, SSL_accept, [openssl_have_libs=1],,-lcrypto)) + AC_CHECK_LIB(crypto, BN_init, AC_CHECK_LIB(ssl, SSL_accept, [openssl_have_libs=1],,-lcrypto)) if test "$openssl_have_headers" != "0" && test "$openssl_have_libs" != "0"; then apu_have_openssl=1 APR_ADDTO(APRUTIL_LDFLAGS, [-L$withval/lib]) diff --git a/crypto/apr_crypto_openssl.c b/crypto/apr_crypto_openssl.c index 7d61fca4..0740f93f 100644 --- a/crypto/apr_crypto_openssl.c +++ b/crypto/apr_crypto_openssl.c @@ -64,7 +64,7 @@ struct apr_crypto_block_t { apr_pool_t *pool; const apr_crypto_driver_t *provider; const apr_crypto_t *f; - EVP_CIPHER_CTX *cipherCtx; + EVP_CIPHER_CTX cipherCtx; int initialised; int ivSize; int blockSize; @@ -111,11 +111,7 @@ static apr_status_t crypto_shutdown_helper(void *data) static apr_status_t crypto_init(apr_pool_t *pool, const char *params, const apu_err_t **result) { -#if OPENSSL_VERSION_NUMBER < 0x10100000L CRYPTO_malloc_init(); -#else - OPENSSL_malloc_init(); -#endif ERR_load_crypto_strings(); /* SSL_load_error_strings(); */ OpenSSL_add_all_algorithms(); @@ -138,7 +134,7 @@ static apr_status_t crypto_block_cleanup(apr_crypto_block_t *ctx) { if (ctx->initialised) { - EVP_CIPHER_CTX_free(ctx->cipherCtx); + EVP_CIPHER_CTX_cleanup(&ctx->cipherCtx); ctx->initialised = 0; } @@ -495,10 +491,8 @@ static apr_status_t crypto_block_encrypt_init(apr_crypto_block_t **ctx, apr_pool_cleanup_null); /* create a new context for encryption */ - if (!block->initialised) { - block->cipherCtx = EVP_CIPHER_CTX_new(); - block->initialised = 1; - } + EVP_CIPHER_CTX_init(&block->cipherCtx); + block->initialised = 1; /* generate an IV, if necessary */ usedIv = NULL; @@ -525,16 +519,16 @@ static apr_status_t crypto_block_encrypt_init(apr_crypto_block_t **ctx, /* set up our encryption context */ #if CRYPTO_OPENSSL_CONST_BUFFERS - if (!EVP_EncryptInit_ex(block->cipherCtx, key->cipher, config->engine, + if (!EVP_EncryptInit_ex(&block->cipherCtx, key->cipher, config->engine, key->key, usedIv)) { #else - if (!EVP_EncryptInit_ex(block->cipherCtx, key->cipher, config->engine, (unsigned char *) key->key, (unsigned char *) usedIv)) { + if (!EVP_EncryptInit_ex(&block->cipherCtx, key->cipher, config->engine, (unsigned char *) key->key, (unsigned char *) usedIv)) { #endif return APR_EINIT; } /* Clear up any read padding */ - if (!EVP_CIPHER_CTX_set_padding(block->cipherCtx, key->doPad)) { + if (!EVP_CIPHER_CTX_set_padding(&block->cipherCtx, key->doPad)) { return APR_EPADDING; } @@ -588,16 +582,11 @@ static apr_status_t crypto_block_encrypt(unsigned char **out, } #if CRYPT_OPENSSL_CONST_BUFFERS - if (!EVP_EncryptUpdate(ctx->cipherCtx, (*out), &outl, in, inlen)) { + if (!EVP_EncryptUpdate(&ctx->cipherCtx, (*out), &outl, in, inlen)) { #else - if (!EVP_EncryptUpdate(ctx->cipherCtx, (*out), &outl, + if (!EVP_EncryptUpdate(&ctx->cipherCtx, (*out), &outl, (unsigned char *) in, inlen)) { #endif -#if OPENSSL_VERSION_NUMBER < 0x10100000L - EVP_CIPHER_CTX_cleanup(ctx->cipherCtx); -#else - EVP_CIPHER_CTX_reset(ctx->cipherCtx); -#endif return APR_ECRYPT; } *outlen = outl; @@ -627,22 +616,14 @@ static apr_status_t crypto_block_encrypt(unsigned char **out, static apr_status_t crypto_block_encrypt_finish(unsigned char *out, apr_size_t *outlen, apr_crypto_block_t *ctx) { - apr_status_t rc = APR_SUCCESS; int len = *outlen; - if (EVP_EncryptFinal_ex(ctx->cipherCtx, out, &len) == 0) { - rc = APR_EPADDING; - } - else { - *outlen = len; + if (EVP_EncryptFinal_ex(&ctx->cipherCtx, out, &len) == 0) { + return APR_EPADDING; } -#if OPENSSL_VERSION_NUMBER < 0x10100000L - EVP_CIPHER_CTX_cleanup(ctx->cipherCtx); -#else - EVP_CIPHER_CTX_reset(ctx->cipherCtx); -#endif + *outlen = len; - return rc; + return APR_SUCCESS; } @@ -681,10 +662,8 @@ static apr_status_t crypto_block_decrypt_init(apr_crypto_block_t **ctx, apr_pool_cleanup_null); /* create a new context for encryption */ - if (!block->initialised) { - block->cipherCtx = EVP_CIPHER_CTX_new(); - block->initialised = 1; - } + EVP_CIPHER_CTX_init(&block->cipherCtx); + block->initialised = 1; /* generate an IV, if necessary */ if (key->ivSize) { @@ -695,16 +674,16 @@ static apr_status_t crypto_block_decrypt_init(apr_crypto_block_t **ctx, /* set up our encryption context */ #if CRYPTO_OPENSSL_CONST_BUFFERS - if (!EVP_DecryptInit_ex(block->cipherCtx, key->cipher, config->engine, + if (!EVP_DecryptInit_ex(&block->cipherCtx, key->cipher, config->engine, key->key, iv)) { #else - if (!EVP_DecryptInit_ex(block->cipherCtx, key->cipher, config->engine, (unsigned char *) key->key, (unsigned char *) iv)) { + if (!EVP_DecryptInit_ex(&block->cipherCtx, key->cipher, config->engine, (unsigned char *) key->key, (unsigned char *) iv)) { #endif return APR_EINIT; } /* Clear up any read padding */ - if (!EVP_CIPHER_CTX_set_padding(block->cipherCtx, key->doPad)) { + if (!EVP_CIPHER_CTX_set_padding(&block->cipherCtx, key->doPad)) { return APR_EPADDING; } @@ -758,16 +737,11 @@ static apr_status_t crypto_block_decrypt(unsigned char **out, } #if CRYPT_OPENSSL_CONST_BUFFERS - if (!EVP_DecryptUpdate(ctx->cipherCtx, *out, &outl, in, inlen)) { + if (!EVP_DecryptUpdate(&ctx->cipherCtx, *out, &outl, in, inlen)) { #else - if (!EVP_DecryptUpdate(ctx->cipherCtx, *out, &outl, (unsigned char *) in, + if (!EVP_DecryptUpdate(&ctx->cipherCtx, *out, &outl, (unsigned char *) in, inlen)) { #endif -#if OPENSSL_VERSION_NUMBER < 0x10100000L - EVP_CIPHER_CTX_cleanup(ctx->cipherCtx); -#else - EVP_CIPHER_CTX_reset(ctx->cipherCtx); -#endif return APR_ECRYPT; } *outlen = outl; @@ -797,22 +771,15 @@ static apr_status_t crypto_block_decrypt(unsigned char **out, static apr_status_t crypto_block_decrypt_finish(unsigned char *out, apr_size_t *outlen, apr_crypto_block_t *ctx) { - apr_status_t rc = APR_SUCCESS; + int len = *outlen; - if (EVP_DecryptFinal_ex(ctx->cipherCtx, out, &len) == 0) { - rc = APR_EPADDING; - } - else { - *outlen = len; + if (EVP_DecryptFinal_ex(&ctx->cipherCtx, out, &len) == 0) { + return APR_EPADDING; } -#if OPENSSL_VERSION_NUMBER < 0x10100000L - EVP_CIPHER_CTX_cleanup(ctx->cipherCtx); -#else - EVP_CIPHER_CTX_reset(ctx->cipherCtx); -#endif + *outlen = len; - return rc; + return APR_SUCCESS; } |