You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@apr.apache.org by yl...@apache.org on 2017/10/08 11:22:53 UTC

svn commit: r1811470 - in /apr/apr/trunk: CHANGES crypto/apr_crypto_openssl.c

Author: ylavic
Date: Sun Oct  8 11:22:53 2017
New Revision: 1811470

URL: http://svn.apache.org/viewvc?rev=1811470&view=rev
Log:
apr_crypto: Fix compatibility with LibreSSL.  PR 61596.

Proposed by: Bernard Spil <brnrd freebsd.org>
Reviewed by: ylavic


Modified:
    apr/apr/trunk/CHANGES
    apr/apr/trunk/crypto/apr_crypto_openssl.c

Modified: apr/apr/trunk/CHANGES
URL: http://svn.apache.org/viewvc/apr/apr/trunk/CHANGES?rev=1811470&r1=1811469&r2=1811470&view=diff
==============================================================================
--- apr/apr/trunk/CHANGES [utf-8] (original)
+++ apr/apr/trunk/CHANGES [utf-8] Sun Oct  8 11:22:53 2017
@@ -1,6 +1,9 @@
                                                      -*- coding: utf-8 -*-
 Changes for APR 2.0.0
 
+  *) apr_crypto: Fix compatibility with LibreSSL.  PR 61596.
+     [Bernard Spil <brnrd freebsd.org>, Yann Ylavic]
+
   *) Don't seek to the end when opening files with APR_FOPEN_APPEND on Windows.
      [Evgeny Kotkov <evgeny.kotkov visualsvn.com>]
 

Modified: apr/apr/trunk/crypto/apr_crypto_openssl.c
URL: http://svn.apache.org/viewvc/apr/apr/trunk/crypto/apr_crypto_openssl.c?rev=1811470&r1=1811469&r2=1811470&view=diff
==============================================================================
--- apr/apr/trunk/crypto/apr_crypto_openssl.c (original)
+++ apr/apr/trunk/crypto/apr_crypto_openssl.c Sun Oct  8 11:22:53 2017
@@ -32,10 +32,23 @@
 #if APU_HAVE_CRYPTO
 
 #include <openssl/evp.h>
+#include <openssl/rand.h>
 #include <openssl/engine.h>
 
 #define LOG_PREFIX "apr_crypto_openssl: "
 
+#ifndef APR_USE_OPENSSL_PRE_1_1_API
+#if defined(LIBRESSL_VERSION_NUMBER)
+/* LibreSSL declares OPENSSL_VERSION_NUMBER == 2.0 but does not include most
+ * changes from OpenSSL >= 1.1 (new functions, macros, deprecations, ...), so
+ * we have to work around this...
+ */
+#define APR_USE_OPENSSL_PRE_1_1_API (1)
+#else
+#define APR_USE_OPENSSL_PRE_1_1_API (OPENSSL_VERSION_NUMBER < 0x10100000L)
+#endif
+#endif
+
 struct apr_crypto_t {
     apr_pool_t *pool;
     const apr_crypto_driver_t *provider;
@@ -118,8 +131,8 @@ static apr_status_t crypto_shutdown_help
 static apr_status_t crypto_init(apr_pool_t *pool, const char *params,
         const apu_err_t **result)
 {
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
-    CRYPTO_malloc_init();
+#if APR_USE_OPENSSL_PRE_1_1_API
+    (void)CRYPTO_malloc_init();
 #else
     OPENSSL_malloc_init();
 #endif
@@ -698,7 +711,7 @@ static apr_status_t crypto_block_encrypt
     if (!EVP_EncryptUpdate(ctx->cipherCtx, (*out), &outl,
             (unsigned char *) in, inlen)) {
 #endif
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if APR_USE_OPENSSL_PRE_1_1_API
         EVP_CIPHER_CTX_cleanup(ctx->cipherCtx);
 #else
         EVP_CIPHER_CTX_reset(ctx->cipherCtx);
@@ -741,7 +754,7 @@ static apr_status_t crypto_block_encrypt
     else {
         *outlen = len;
     }
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if APR_USE_OPENSSL_PRE_1_1_API
     EVP_CIPHER_CTX_cleanup(ctx->cipherCtx);
 #else
     EVP_CIPHER_CTX_reset(ctx->cipherCtx);
@@ -868,7 +881,7 @@ static apr_status_t crypto_block_decrypt
     if (!EVP_DecryptUpdate(ctx->cipherCtx, *out, &outl, (unsigned char *) in,
             inlen)) {
 #endif
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if APR_USE_OPENSSL_PRE_1_1_API
         EVP_CIPHER_CTX_cleanup(ctx->cipherCtx);
 #else
         EVP_CIPHER_CTX_reset(ctx->cipherCtx);
@@ -911,7 +924,7 @@ static apr_status_t crypto_block_decrypt
     else {
         *outlen = len;
     }
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if APR_USE_OPENSSL_PRE_1_1_API
     EVP_CIPHER_CTX_cleanup(ctx->cipherCtx);
 #else
     EVP_CIPHER_CTX_reset(ctx->cipherCtx);