update for OpenSSL 1.1.0

2016-11-14 13:15:28 +00:00 · 2016-11-14 13:15:28 +00:00 · 69a42ffba8
commit 69a42ffba8
parent c0ba237695
2 changed files with 262 additions and 1 deletions
--- a/apr-util-1.5.4-openssl11.patch
+++ b/apr-util-1.5.4-openssl11.patch
@ -0,0 +1,256 @@
+
+OpenSSL 1.1.0 fixes from apr-util 1.5.x branch.
+
+diff -uap apr-util-1.5.4/build/crypto.m4.openssl11 apr-util-1.5.4/build/crypto.m4
+--- apr-util-1.5.4/build/crypto.m4.openssl11
+++ apr-util-1.5.4/build/crypto.m4
+@@ -88,7 +88,7 @@
+   [
+     if test "$withval" = "yes"; then
+       AC_CHECK_HEADERS(openssl/x509.h, [openssl_have_headers=1])
+-      AC_CHECK_LIB(crypto, BN_init, AC_CHECK_LIB(ssl, SSL_accept, [openssl_have_libs=1],,-lcrypto))
+      AC_CHECK_LIB(crypto, BN_new, AC_CHECK_LIB(ssl, SSL_accept, [openssl_have_libs=1],,-lcrypto))
+       if test "$openssl_have_headers" != "0" && test "$openssl_have_libs" != "0"; then
+         apu_have_openssl=1
+       fi
+@@ -104,7 +104,7 @@
+ 
+       AC_MSG_NOTICE(checking for openssl in $withval)
+       AC_CHECK_HEADERS(openssl/x509.h, [openssl_have_headers=1])
+-      AC_CHECK_LIB(crypto, BN_init, AC_CHECK_LIB(ssl, SSL_accept, [openssl_have_libs=1],,-lcrypto))
+      AC_CHECK_LIB(crypto, BN_new, AC_CHECK_LIB(ssl, SSL_accept, [openssl_have_libs=1],,-lcrypto))
+       if test "$openssl_have_headers" != "0" && test "$openssl_have_libs" != "0"; then
+         apu_have_openssl=1
+         APR_ADDTO(APRUTIL_LDFLAGS, [-L$withval/lib])
+@@ -113,7 +113,7 @@
+ 
+       if test "$apu_have_openssl" != "1"; then
+         AC_CHECK_HEADERS(openssl/x509.h, [openssl_have_headers=1])
+-        AC_CHECK_LIB(crypto, BN_init, AC_CHECK_LIB(ssl, SSL_accept, [openssl_have_libs=1],,-lcrypto))
+        AC_CHECK_LIB(crypto, BN_new, AC_CHECK_LIB(ssl, SSL_accept, [openssl_have_libs=1],,-lcrypto))
+         if test "$openssl_have_headers" != "0" && test "$openssl_have_libs" != "0"; then
+           apu_have_openssl=1
+           APR_ADDTO(APRUTIL_LDFLAGS, [-L$withval/lib])
+diff -uap apr-util-1.5.4/crypto/apr_crypto_openssl.c.openssl11 apr-util-1.5.4/crypto/apr_crypto_openssl.c
+--- apr-util-1.5.4/crypto/apr_crypto_openssl.c.openssl11
+++ apr-util-1.5.4/crypto/apr_crypto_openssl.c
+@@ -64,7 +64,7 @@
+     apr_pool_t *pool;
+     const apr_crypto_driver_t *provider;
+     const apr_crypto_t *f;
+-    EVP_CIPHER_CTX cipherCtx;
+    EVP_CIPHER_CTX *cipherCtx;
+     int initialised;
+     int ivSize;
+     int blockSize;
+@@ -111,7 +111,11 @@
+ static apr_status_t crypto_init(apr_pool_t *pool, const char *params,
+         const apu_err_t **result)
+ {
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+     CRYPTO_malloc_init();
+#else
+    OPENSSL_malloc_init();
+#endif
+     ERR_load_crypto_strings();
+     /* SSL_load_error_strings(); */
+     OpenSSL_add_all_algorithms();
+@@ -124,6 +128,30 @@
+     return APR_SUCCESS;
+ }
+ 
+#if OPENSSL_VERSION_NUMBER < 0x0090802fL
+
+/* Code taken from OpenSSL 0.9.8b, see
+ * https://github.com/openssl/openssl/commit/cf6bc84148cb15af09b292394aaf2b45f0d5af0d
+ */
+
+EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void)
+{
+     EVP_CIPHER_CTX *ctx = OPENSSL_malloc(sizeof *ctx);
+     if (ctx)
+         EVP_CIPHER_CTX_init(ctx);
+     return ctx;
+}
+
+void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx)
+{
+    if (ctx) {
+        EVP_CIPHER_CTX_cleanup(ctx);
+        OPENSSL_free(ctx);
+    }
+}
+
+#endif
+
+ /**
+  * @brief Clean encryption / decryption context.
+  * @note After cleanup, a context is free to be reused if necessary.
+@@ -134,7 +162,7 @@
+ {
+ 
+     if (ctx->initialised) {
+-        EVP_CIPHER_CTX_cleanup(&ctx->cipherCtx);
+        EVP_CIPHER_CTX_free(ctx->cipherCtx);
+         ctx->initialised = 0;
+     }
+ 
+@@ -491,8 +519,10 @@
+             apr_pool_cleanup_null);
+ 
+     /* create a new context for encryption */
+-    EVP_CIPHER_CTX_init(&block->cipherCtx);
+-    block->initialised = 1;
+    if (!block->initialised) {
+        block->cipherCtx = EVP_CIPHER_CTX_new();
+        block->initialised = 1;
+    }
+ 
+     /* generate an IV, if necessary */
+     usedIv = NULL;
+@@ -519,16 +549,16 @@
+ 
+     /* set up our encryption context */
+ #if CRYPTO_OPENSSL_CONST_BUFFERS
+-    if (!EVP_EncryptInit_ex(&block->cipherCtx, key->cipher, config->engine,
+    if (!EVP_EncryptInit_ex(block->cipherCtx, key->cipher, config->engine,
+             key->key, usedIv)) {
+ #else
+-        if (!EVP_EncryptInit_ex(&block->cipherCtx, key->cipher, config->engine, (unsigned char *) key->key, (unsigned char *) usedIv)) {
+        if (!EVP_EncryptInit_ex(block->cipherCtx, key->cipher, config->engine, (unsigned char *) key->key, (unsigned char *) usedIv)) {
+ #endif
+         return APR_EINIT;
+     }
+ 
+     /* Clear up any read padding */
+-    if (!EVP_CIPHER_CTX_set_padding(&block->cipherCtx, key->doPad)) {
+    if (!EVP_CIPHER_CTX_set_padding(block->cipherCtx, key->doPad)) {
+         return APR_EPADDING;
+     }
+ 
+@@ -582,11 +612,16 @@
+     }
+ 
+ #if CRYPT_OPENSSL_CONST_BUFFERS
+-    if (!EVP_EncryptUpdate(&ctx->cipherCtx, (*out), &outl, in, inlen)) {
+    if (!EVP_EncryptUpdate(ctx->cipherCtx, (*out), &outl, in, inlen)) {
+ #else
+-    if (!EVP_EncryptUpdate(&ctx->cipherCtx, (*out), &outl,
+    if (!EVP_EncryptUpdate(ctx->cipherCtx, (*out), &outl,
+             (unsigned char *) in, inlen)) {
+ #endif
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+        EVP_CIPHER_CTX_cleanup(ctx->cipherCtx);
+#else
+        EVP_CIPHER_CTX_reset(ctx->cipherCtx);
+#endif
+         return APR_ECRYPT;
+     }
+     *outlen = outl;
+@@ -616,14 +651,22 @@
+ static apr_status_t crypto_block_encrypt_finish(unsigned char *out,
+         apr_size_t *outlen, apr_crypto_block_t *ctx)
+ {
+    apr_status_t rc = APR_SUCCESS;
+     int len = *outlen;
+ 
+-    if (EVP_EncryptFinal_ex(&ctx->cipherCtx, out, &len) == 0) {
+-        return APR_EPADDING;
+    if (EVP_EncryptFinal_ex(ctx->cipherCtx, out, &len) == 0) {
+        rc = APR_EPADDING;
+     }
+-    *outlen = len;
+    else {
+        *outlen = len;
+    }
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+    EVP_CIPHER_CTX_cleanup(ctx->cipherCtx);
+#else
+    EVP_CIPHER_CTX_reset(ctx->cipherCtx);
+#endif
+ 
+-    return APR_SUCCESS;
+    return rc;
+ 
+ }
+ 
+@@ -662,8 +705,10 @@
+             apr_pool_cleanup_null);
+ 
+     /* create a new context for encryption */
+-    EVP_CIPHER_CTX_init(&block->cipherCtx);
+-    block->initialised = 1;
+    if (!block->initialised) {
+        block->cipherCtx = EVP_CIPHER_CTX_new();
+        block->initialised = 1;
+    }
+ 
+     /* generate an IV, if necessary */
+     if (key->ivSize) {
+@@ -674,16 +719,16 @@
+ 
+     /* set up our encryption context */
+ #if CRYPTO_OPENSSL_CONST_BUFFERS
+-    if (!EVP_DecryptInit_ex(&block->cipherCtx, key->cipher, config->engine,
+    if (!EVP_DecryptInit_ex(block->cipherCtx, key->cipher, config->engine,
+             key->key, iv)) {
+ #else
+-        if (!EVP_DecryptInit_ex(&block->cipherCtx, key->cipher, config->engine, (unsigned char *) key->key, (unsigned char *) iv)) {
+        if (!EVP_DecryptInit_ex(block->cipherCtx, key->cipher, config->engine, (unsigned char *) key->key, (unsigned char *) iv)) {
+ #endif
+         return APR_EINIT;
+     }
+ 
+     /* Clear up any read padding */
+-    if (!EVP_CIPHER_CTX_set_padding(&block->cipherCtx, key->doPad)) {
+    if (!EVP_CIPHER_CTX_set_padding(block->cipherCtx, key->doPad)) {
+         return APR_EPADDING;
+     }
+ 
+@@ -737,11 +782,16 @@
+     }
+ 
+ #if CRYPT_OPENSSL_CONST_BUFFERS
+-    if (!EVP_DecryptUpdate(&ctx->cipherCtx, *out, &outl, in, inlen)) {
+    if (!EVP_DecryptUpdate(ctx->cipherCtx, *out, &outl, in, inlen)) {
+ #else
+-    if (!EVP_DecryptUpdate(&ctx->cipherCtx, *out, &outl, (unsigned char *) in,
+    if (!EVP_DecryptUpdate(ctx->cipherCtx, *out, &outl, (unsigned char *) in,
+             inlen)) {
+ #endif
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+        EVP_CIPHER_CTX_cleanup(ctx->cipherCtx);
+#else
+        EVP_CIPHER_CTX_reset(ctx->cipherCtx);
+#endif
+         return APR_ECRYPT;
+     }
+     *outlen = outl;
+@@ -771,15 +821,22 @@
+ static apr_status_t crypto_block_decrypt_finish(unsigned char *out,
+         apr_size_t *outlen, apr_crypto_block_t *ctx)
+ {
+-
+    apr_status_t rc = APR_SUCCESS;
+     int len = *outlen;
+ 
+-    if (EVP_DecryptFinal_ex(&ctx->cipherCtx, out, &len) == 0) {
+-        return APR_EPADDING;
+    if (EVP_DecryptFinal_ex(ctx->cipherCtx, out, &len) == 0) {
+        rc = APR_EPADDING;
+    }
+    else {
+        *outlen = len;
+     }
+-    *outlen = len;
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+    EVP_CIPHER_CTX_cleanup(ctx->cipherCtx);
+#else
+    EVP_CIPHER_CTX_reset(ctx->cipherCtx);
+#endif
+ 
+-    return APR_SUCCESS;
+    return rc;
+ 
+ }
+ 
--- a/apr-util.spec
+++ b/apr-util.spec
@ -16,7 +16,7 @@
 Summary: Apache Portable Runtime Utility library
 Name: apr-util
 Version: 1.5.4
-Release: 3%{?dist}
+Release: 4%{?dist}
 License: ASL 2.0
 Group: System Environment/Libraries
 URL: http://apr.apache.org/
@ -24,6 +24,7 @@ Source0: http://www.apache.org/dist/apr/%{name}-%{version}.tar.bz2
 Patch1: apr-util-1.2.7-pkgconf.patch
 Patch2: apr-util-1.3.7-nodbmdso.patch
 Patch4: apr-util-1.4.1-private.patch
+Patch5: apr-util-1.5.4-openssl11.patch
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-buildroot
 BuildRequires: autoconf, apr-devel >= 1.3.0
 BuildRequires: %{dbdep}, expat-devel, libuuid-devel
@ -132,6 +133,7 @@ This package provides the NSS crypto support for the apr-util.
 %patch1 -p1 -b .pkgconf
 %patch2 -p1 -b .nodbmdso
 %patch4 -p1 -b .private
+%patch5 -p1 -b .openssl11

 %build
 autoheader && autoconf
@ -245,6 +247,9 @@ rm -rf $RPM_BUILD_ROOT
 %{_datadir}/aclocal/*.m4

 %changelog
+* Mon Nov 14 2016 Joe Orton <jorton@redhat.com> - 1.5.4-4
+- update for OpenSSL 1.1.0
+
 * Wed Feb 03 2016 Fedora Release Engineering <releng@fedoraproject.org> - 1.5.4-3
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild