From 69a42ffba8114c5fce2b843f2f22a03cfb286a5e Mon Sep 17 00:00:00 2001 From: Joe Orton Date: Mon, 14 Nov 2016 13:15:28 +0000 Subject: [PATCH] update for OpenSSL 1.1.0 --- apr-util-1.5.4-openssl11.patch | 256 +++++++++++++++++++++++++++++++++ apr-util.spec | 7 +- 2 files changed, 262 insertions(+), 1 deletion(-) create mode 100644 apr-util-1.5.4-openssl11.patch diff --git a/apr-util-1.5.4-openssl11.patch b/apr-util-1.5.4-openssl11.patch new file mode 100644 index 0000000..dfe28e4 --- /dev/null +++ b/apr-util-1.5.4-openssl11.patch @@ -0,0 +1,256 @@ + +OpenSSL 1.1.0 fixes from apr-util 1.5.x branch. + +diff -uap apr-util-1.5.4/build/crypto.m4.openssl11 apr-util-1.5.4/build/crypto.m4 +--- apr-util-1.5.4/build/crypto.m4.openssl11 ++++ apr-util-1.5.4/build/crypto.m4 +@@ -88,7 +88,7 @@ + [ + if test "$withval" = "yes"; then + AC_CHECK_HEADERS(openssl/x509.h, [openssl_have_headers=1]) +- AC_CHECK_LIB(crypto, BN_init, AC_CHECK_LIB(ssl, SSL_accept, [openssl_have_libs=1],,-lcrypto)) ++ AC_CHECK_LIB(crypto, BN_new, AC_CHECK_LIB(ssl, SSL_accept, [openssl_have_libs=1],,-lcrypto)) + if test "$openssl_have_headers" != "0" && test "$openssl_have_libs" != "0"; then + apu_have_openssl=1 + fi +@@ -104,7 +104,7 @@ + + AC_MSG_NOTICE(checking for openssl in $withval) + AC_CHECK_HEADERS(openssl/x509.h, [openssl_have_headers=1]) +- AC_CHECK_LIB(crypto, BN_init, AC_CHECK_LIB(ssl, SSL_accept, [openssl_have_libs=1],,-lcrypto)) ++ AC_CHECK_LIB(crypto, BN_new, AC_CHECK_LIB(ssl, SSL_accept, [openssl_have_libs=1],,-lcrypto)) + if test "$openssl_have_headers" != "0" && test "$openssl_have_libs" != "0"; then + apu_have_openssl=1 + APR_ADDTO(APRUTIL_LDFLAGS, [-L$withval/lib]) +@@ -113,7 +113,7 @@ + + if test "$apu_have_openssl" != "1"; then + AC_CHECK_HEADERS(openssl/x509.h, [openssl_have_headers=1]) +- AC_CHECK_LIB(crypto, BN_init, AC_CHECK_LIB(ssl, SSL_accept, [openssl_have_libs=1],,-lcrypto)) ++ AC_CHECK_LIB(crypto, BN_new, AC_CHECK_LIB(ssl, SSL_accept, [openssl_have_libs=1],,-lcrypto)) + if test "$openssl_have_headers" != "0" && test "$openssl_have_libs" != "0"; then + apu_have_openssl=1 + APR_ADDTO(APRUTIL_LDFLAGS, [-L$withval/lib]) +diff -uap apr-util-1.5.4/crypto/apr_crypto_openssl.c.openssl11 apr-util-1.5.4/crypto/apr_crypto_openssl.c +--- apr-util-1.5.4/crypto/apr_crypto_openssl.c.openssl11 ++++ apr-util-1.5.4/crypto/apr_crypto_openssl.c +@@ -64,7 +64,7 @@ + apr_pool_t *pool; + const apr_crypto_driver_t *provider; + const apr_crypto_t *f; +- EVP_CIPHER_CTX cipherCtx; ++ EVP_CIPHER_CTX *cipherCtx; + int initialised; + int ivSize; + int blockSize; +@@ -111,7 +111,11 @@ + static apr_status_t crypto_init(apr_pool_t *pool, const char *params, + const apu_err_t **result) + { ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + CRYPTO_malloc_init(); ++#else ++ OPENSSL_malloc_init(); ++#endif + ERR_load_crypto_strings(); + /* SSL_load_error_strings(); */ + OpenSSL_add_all_algorithms(); +@@ -124,6 +128,30 @@ + return APR_SUCCESS; + } + ++#if OPENSSL_VERSION_NUMBER < 0x0090802fL ++ ++/* Code taken from OpenSSL 0.9.8b, see ++ * https://github.com/openssl/openssl/commit/cf6bc84148cb15af09b292394aaf2b45f0d5af0d ++ */ ++ ++EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void) ++{ ++ EVP_CIPHER_CTX *ctx = OPENSSL_malloc(sizeof *ctx); ++ if (ctx) ++ EVP_CIPHER_CTX_init(ctx); ++ return ctx; ++} ++ ++void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx) ++{ ++ if (ctx) { ++ EVP_CIPHER_CTX_cleanup(ctx); ++ OPENSSL_free(ctx); ++ } ++} ++ ++#endif ++ + /** + * @brief Clean encryption / decryption context. + * @note After cleanup, a context is free to be reused if necessary. +@@ -134,7 +162,7 @@ + { + + if (ctx->initialised) { +- EVP_CIPHER_CTX_cleanup(&ctx->cipherCtx); ++ EVP_CIPHER_CTX_free(ctx->cipherCtx); + ctx->initialised = 0; + } + +@@ -491,8 +519,10 @@ + apr_pool_cleanup_null); + + /* create a new context for encryption */ +- EVP_CIPHER_CTX_init(&block->cipherCtx); +- block->initialised = 1; ++ if (!block->initialised) { ++ block->cipherCtx = EVP_CIPHER_CTX_new(); ++ block->initialised = 1; ++ } + + /* generate an IV, if necessary */ + usedIv = NULL; +@@ -519,16 +549,16 @@ + + /* set up our encryption context */ + #if CRYPTO_OPENSSL_CONST_BUFFERS +- if (!EVP_EncryptInit_ex(&block->cipherCtx, key->cipher, config->engine, ++ if (!EVP_EncryptInit_ex(block->cipherCtx, key->cipher, config->engine, + key->key, usedIv)) { + #else +- if (!EVP_EncryptInit_ex(&block->cipherCtx, key->cipher, config->engine, (unsigned char *) key->key, (unsigned char *) usedIv)) { ++ if (!EVP_EncryptInit_ex(block->cipherCtx, key->cipher, config->engine, (unsigned char *) key->key, (unsigned char *) usedIv)) { + #endif + return APR_EINIT; + } + + /* Clear up any read padding */ +- if (!EVP_CIPHER_CTX_set_padding(&block->cipherCtx, key->doPad)) { ++ if (!EVP_CIPHER_CTX_set_padding(block->cipherCtx, key->doPad)) { + return APR_EPADDING; + } + +@@ -582,11 +612,16 @@ + } + + #if CRYPT_OPENSSL_CONST_BUFFERS +- if (!EVP_EncryptUpdate(&ctx->cipherCtx, (*out), &outl, in, inlen)) { ++ if (!EVP_EncryptUpdate(ctx->cipherCtx, (*out), &outl, in, inlen)) { + #else +- if (!EVP_EncryptUpdate(&ctx->cipherCtx, (*out), &outl, ++ if (!EVP_EncryptUpdate(ctx->cipherCtx, (*out), &outl, + (unsigned char *) in, inlen)) { + #endif ++#if OPENSSL_VERSION_NUMBER < 0x10100000L ++ EVP_CIPHER_CTX_cleanup(ctx->cipherCtx); ++#else ++ EVP_CIPHER_CTX_reset(ctx->cipherCtx); ++#endif + return APR_ECRYPT; + } + *outlen = outl; +@@ -616,14 +651,22 @@ + static apr_status_t crypto_block_encrypt_finish(unsigned char *out, + apr_size_t *outlen, apr_crypto_block_t *ctx) + { ++ apr_status_t rc = APR_SUCCESS; + int len = *outlen; + +- if (EVP_EncryptFinal_ex(&ctx->cipherCtx, out, &len) == 0) { +- return APR_EPADDING; ++ if (EVP_EncryptFinal_ex(ctx->cipherCtx, out, &len) == 0) { ++ rc = APR_EPADDING; + } +- *outlen = len; ++ else { ++ *outlen = len; ++ } ++#if OPENSSL_VERSION_NUMBER < 0x10100000L ++ EVP_CIPHER_CTX_cleanup(ctx->cipherCtx); ++#else ++ EVP_CIPHER_CTX_reset(ctx->cipherCtx); ++#endif + +- return APR_SUCCESS; ++ return rc; + + } + +@@ -662,8 +705,10 @@ + apr_pool_cleanup_null); + + /* create a new context for encryption */ +- EVP_CIPHER_CTX_init(&block->cipherCtx); +- block->initialised = 1; ++ if (!block->initialised) { ++ block->cipherCtx = EVP_CIPHER_CTX_new(); ++ block->initialised = 1; ++ } + + /* generate an IV, if necessary */ + if (key->ivSize) { +@@ -674,16 +719,16 @@ + + /* set up our encryption context */ + #if CRYPTO_OPENSSL_CONST_BUFFERS +- if (!EVP_DecryptInit_ex(&block->cipherCtx, key->cipher, config->engine, ++ if (!EVP_DecryptInit_ex(block->cipherCtx, key->cipher, config->engine, + key->key, iv)) { + #else +- if (!EVP_DecryptInit_ex(&block->cipherCtx, key->cipher, config->engine, (unsigned char *) key->key, (unsigned char *) iv)) { ++ if (!EVP_DecryptInit_ex(block->cipherCtx, key->cipher, config->engine, (unsigned char *) key->key, (unsigned char *) iv)) { + #endif + return APR_EINIT; + } + + /* Clear up any read padding */ +- if (!EVP_CIPHER_CTX_set_padding(&block->cipherCtx, key->doPad)) { ++ if (!EVP_CIPHER_CTX_set_padding(block->cipherCtx, key->doPad)) { + return APR_EPADDING; + } + +@@ -737,11 +782,16 @@ + } + + #if CRYPT_OPENSSL_CONST_BUFFERS +- if (!EVP_DecryptUpdate(&ctx->cipherCtx, *out, &outl, in, inlen)) { ++ if (!EVP_DecryptUpdate(ctx->cipherCtx, *out, &outl, in, inlen)) { + #else +- if (!EVP_DecryptUpdate(&ctx->cipherCtx, *out, &outl, (unsigned char *) in, ++ if (!EVP_DecryptUpdate(ctx->cipherCtx, *out, &outl, (unsigned char *) in, + inlen)) { + #endif ++#if OPENSSL_VERSION_NUMBER < 0x10100000L ++ EVP_CIPHER_CTX_cleanup(ctx->cipherCtx); ++#else ++ EVP_CIPHER_CTX_reset(ctx->cipherCtx); ++#endif + return APR_ECRYPT; + } + *outlen = outl; +@@ -771,15 +821,22 @@ + static apr_status_t crypto_block_decrypt_finish(unsigned char *out, + apr_size_t *outlen, apr_crypto_block_t *ctx) + { +- ++ apr_status_t rc = APR_SUCCESS; + int len = *outlen; + +- if (EVP_DecryptFinal_ex(&ctx->cipherCtx, out, &len) == 0) { +- return APR_EPADDING; ++ if (EVP_DecryptFinal_ex(ctx->cipherCtx, out, &len) == 0) { ++ rc = APR_EPADDING; ++ } ++ else { ++ *outlen = len; + } +- *outlen = len; ++#if OPENSSL_VERSION_NUMBER < 0x10100000L ++ EVP_CIPHER_CTX_cleanup(ctx->cipherCtx); ++#else ++ EVP_CIPHER_CTX_reset(ctx->cipherCtx); ++#endif + +- return APR_SUCCESS; ++ return rc; + + } + diff --git a/apr-util.spec b/apr-util.spec index 105a7d5..675f2ff 100644 --- a/apr-util.spec +++ b/apr-util.spec @@ -16,7 +16,7 @@ Summary: Apache Portable Runtime Utility library Name: apr-util Version: 1.5.4 -Release: 3%{?dist} +Release: 4%{?dist} License: ASL 2.0 Group: System Environment/Libraries URL: http://apr.apache.org/ @@ -24,6 +24,7 @@ Source0: http://www.apache.org/dist/apr/%{name}-%{version}.tar.bz2 Patch1: apr-util-1.2.7-pkgconf.patch Patch2: apr-util-1.3.7-nodbmdso.patch Patch4: apr-util-1.4.1-private.patch +Patch5: apr-util-1.5.4-openssl11.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-buildroot BuildRequires: autoconf, apr-devel >= 1.3.0 BuildRequires: %{dbdep}, expat-devel, libuuid-devel @@ -132,6 +133,7 @@ This package provides the NSS crypto support for the apr-util. %patch1 -p1 -b .pkgconf %patch2 -p1 -b .nodbmdso %patch4 -p1 -b .private +%patch5 -p1 -b .openssl11 %build autoheader && autoconf @@ -245,6 +247,9 @@ rm -rf $RPM_BUILD_ROOT %{_datadir}/aclocal/*.m4 %changelog +* Mon Nov 14 2016 Joe Orton - 1.5.4-4 +- update for OpenSSL 1.1.0 + * Wed Feb 03 2016 Fedora Release Engineering - 1.5.4-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild