Prechádzať zdrojové kódy

Merge branch 'openssl1.1' into maint

* openssl1.1:
  RTLD_SELF is not portable
  Don't bother with non-portable unused attribute
  Update docs
  Add forward-compat for OpenSSL 1.1.
  OpenSSL 1.1 uses SOVERSION 1.1 not 1.1.0 like expected
  DLSYM: Only add to my_symbols if it loads successfully
  Don't clear global b_prime/b_generator (see 7e7beb95660)
  Support OpenSSL 1.1.
  Add 4096 dhparam
  Update dhparam for OpenSSL 1.1.
  Update FiSH support from ZNC's fish.cpp [1]
Bryan Drewery 8 rokov pred
rodič
commit
b3b9d45573
12 zmenil súbory, kde vykonal 286 pridanie a 27 odobranie
  1. 2 0
      doc/UPDATES.md
  2. 1 0
      src/Makefile.in
  3. 49 0
      src/compat/openssl.cc
  4. 27 4
      src/crypto/dh_util.cc
  5. 143 6
      src/dhparam.cc
  6. 1 0
      src/dl.cc
  7. 26 1
      src/dl.h
  8. 1 1
      src/generate_defs.sh
  9. 12 7
      src/libcrypto.cc
  10. 19 6
      src/libssl.cc
  11. 0 2
      src/libtcl.cc
  12. 5 0
      src/openssl.cc

+ 2 - 0
doc/UPDATES.md

@@ -1,3 +1,5 @@
+* Fix OpenSSL 1.1 build (API) and forward-runtime (ABI) compatibility.
+
 # maint
   * Fix various compile warnings
   * Fix ptrace detection on OpenBSD (after 1.4.6 regression for the Linux fix)

+ 1 - 0
src/Makefile.in

@@ -75,6 +75,7 @@ OBJS = auth.So \
 	compat/snprintf.o \
 	compat/memmem.o \
 	compat/memutil.o \
+	compat/openssl.o \
 	compat/strlcpy.o \
 	compat/strsep.o \
 	crypto/aes_util.o \

+ 49 - 0
src/compat/openssl.cc

@@ -0,0 +1,49 @@
+#include <openssl/opensslv.h>
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#include <stdlib.h>
+#include <stdint.h>
+#include "dl.h"
+
+extern "C" {
+typedef int (*OPENSSL_init_ssl_t)(uint64_t a1, const void *a2);
+int _OPENSSL_init_ssl(uint64_t a1, const void *a2) {
+  if (DLSYM_VAR(OPENSSL_init_ssl) == NULL)
+    if (DLSYM_GLOBAL_SIMPLE(RTLD_NEXT, OPENSSL_init_ssl) == NULL)
+      return 0;
+  return DLSYM_VAR(OPENSSL_init_ssl)(a1, a2);
+}
+
+void _ERR_free_strings(void) {
+}
+
+void _EVP_cleanup(void) {
+}
+
+void _CRYPTO_cleanup_all_ex_data(void) {
+}
+
+int _SSL_library_init(void) {
+  return _OPENSSL_init_ssl(0, NULL);
+}
+
+#define OPENSSL_INIT_LOAD_CRYPTO_STRINGS    0x00000002L
+#define OPENSSL_INIT_LOAD_SSL_STRINGS       0x00200000L
+void _SSL_load_error_strings(void) {
+    _OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS \
+                     | OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL);
+}
+
+typedef void *(*TLS_client_method_t)(void);
+const void *_TLS_client_method(void) {
+  if (DLSYM_VAR(TLS_client_method) == NULL)
+    if (DLSYM_GLOBAL_SIMPLE(RTLD_NEXT, TLS_client_method) == NULL)
+      return NULL;
+  return DLSYM_VAR(TLS_client_method)();
+}
+
+const void *_SSLv23_client_method(void) {
+  return _TLS_client_method();
+}
+
+} /* extern "C" */
+#endif	/* OPENSSL_VERSION_NUMBER < 0x10100000L */

+ 27 - 4
src/crypto/dh_util.cc

@@ -81,10 +81,17 @@ bd::String fishBase64Decode(const bd::String& str) {
 
 void DH1080_gen(bd::String& privateKey, bd::String& publicKeyB64) {
   DH *dh = NULL;
+  const BIGNUM *priv_key, *pub_key;
 
   dh = DH_new();
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+  if (b_prime == NULL || b_generator == NULL ||
+      !DH_set0_pqg(dh, BN_dup(b_prime), NULL, BN_dup(b_generator)))
+    return;
+#else
   dh->p = BN_dup(b_prime);
   dh->g = BN_dup(b_generator);
+#endif
 
   if (!DH_generate_key(dh)) {
     DH_free(dh);
@@ -92,14 +99,20 @@ void DH1080_gen(bd::String& privateKey, bd::String& publicKeyB64) {
   }
 
   // Get private key
-  privateKey.resize(BN_num_bytes(dh->priv_key), 0);
-  BN_bn2bin(dh->priv_key, reinterpret_cast<unsigned char*>(privateKey.mdata()));
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+  DH_get0_key(dh, &pub_key, &priv_key);
+#else
+  priv_key = dh->priv_key;
+  pub_key = dh->pub_key;
+#endif
+  privateKey.resize(BN_num_bytes(priv_key), 0);
+  BN_bn2bin(priv_key, reinterpret_cast<unsigned char*>(privateKey.mdata()));
 
   // Get public key
   bd::String publicKey;
   // Resize as the mdata() modification won't update the internal length, but resize() will
-  publicKey.resize(static_cast<size_t>(BN_num_bytes(dh->pub_key)));
-  BN_bn2bin(dh->pub_key, reinterpret_cast<unsigned char*>(publicKey.mdata()));;
+  publicKey.resize(static_cast<size_t>(BN_num_bytes(pub_key)));
+  BN_bn2bin(pub_key, reinterpret_cast<unsigned char*>(publicKey.mdata()));;
 
   // base64 encode
   publicKeyB64 = fishBase64Encode(publicKey);
@@ -113,12 +126,22 @@ bool DH1080_comp(const bd::String privateKey, const bd::String theirPublicKeyB64
 
 
   dh = DH_new();
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+  if (b_prime == NULL || b_generator == NULL ||
+      !DH_set0_pqg(dh, BN_dup(b_prime), NULL, BN_dup(b_generator)))
+    return false;
+#else
   dh->p = BN_dup(b_prime);
   dh->g = BN_dup(b_generator);
+#endif
 
   // Setup my private key
   b_myPrivkey = BN_bin2bn(reinterpret_cast<const unsigned char*>(privateKey.data()), privateKey.length(), NULL);
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+  DH_set0_key(dh, NULL, b_myPrivkey);
+#else
   dh->priv_key = b_myPrivkey;
+#endif
 
   // Prep their public key
   bd::String theirPublicKey(fishBase64Decode(theirPublicKeyB64));

+ 143 - 6
src/dhparam.cc

@@ -27,12 +27,25 @@ DH *get_dh2048() {
     0x02,
   };
   DH *dh;
+  BIGNUM *dhp_bn, *dhg_bn;
 
   if ((dh=DH_new()) == NULL) return(NULL);
-  dh->p=BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL);
-  dh->g=BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL);
+  dhp_bn = BN_bin2bn(dh2048_p, sizeof(dh2048_p), NULL);
+  dhg_bn = BN_bin2bn(dh2048_g, sizeof(dh2048_g), NULL);
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+  if (dhp_bn == NULL || dhg_bn == NULL
+      || !DH_set0_pqg(dh, dhp_bn, NULL, dhg_bn)) {
+    DH_free(dh);
+    BN_free(dhp_bn);
+    BN_free(dhg_bn);
+    return NULL;
+  }
+#else
+  dh->p = dhp_bn;
+  dh->g = dhg_bn;
   if ((dh->p == NULL) || (dh->g == NULL))
   { DH_free(dh); return(NULL); }
+#endif
   return(dh);
 }
 /*
@@ -64,12 +77,25 @@ DH *get_dh1024() {
     0x02,
   };
   DH *dh;
+  BIGNUM *dhp_bn, *dhg_bn;
 
   if ((dh=DH_new()) == NULL) return(NULL);
-  dh->p=BN_bin2bn(dh1024_p,sizeof(dh1024_p),NULL);
-  dh->g=BN_bin2bn(dh1024_g,sizeof(dh1024_g),NULL);
+  dhp_bn = BN_bin2bn(dh1024_p, sizeof(dh1024_p), NULL);
+  dhg_bn = BN_bin2bn(dh1024_g, sizeof(dh1024_g), NULL);
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+  if (dhp_bn == NULL || dhg_bn == NULL
+      || !DH_set0_pqg(dh, dhp_bn, NULL, dhg_bn)) {
+    DH_free(dh);
+    BN_free(dhp_bn);
+    BN_free(dhg_bn);
+    return NULL;
+  }
+#else
+  dh->p = dhp_bn;
+  dh->g = dhg_bn;
   if ((dh->p == NULL) || (dh->g == NULL))
   { DH_free(dh); return(NULL); }
+#endif
   return(dh);
 }
 /*
@@ -92,12 +118,25 @@ DH *get_dh512() {
     0x02,
   };
   DH *dh;
+  BIGNUM *dhp_bn, *dhg_bn;
 
   if ((dh=DH_new()) == NULL) return(NULL);
-  dh->p=BN_bin2bn(dh512_p,sizeof(dh512_p),NULL);
-  dh->g=BN_bin2bn(dh512_g,sizeof(dh512_g),NULL);
+  dhp_bn = BN_bin2bn(dh512_p, sizeof(dh512_p), NULL);
+  dhg_bn = BN_bin2bn(dh512_g, sizeof(dh512_g), NULL);
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+  if (dhp_bn == NULL || dhg_bn == NULL
+      || !DH_set0_pqg(dh, dhp_bn, NULL, dhg_bn)) {
+    DH_free(dh);
+    BN_free(dhp_bn);
+    BN_free(dhg_bn);
+    return NULL;
+  }
+#else
+  dh->p = dhp_bn;
+  dh->g = dhg_bn;
   if ((dh->p == NULL) || (dh->g == NULL))
   { DH_free(dh); return(NULL); }
+#endif
   return(dh);
 }
 /*
@@ -106,4 +145,102 @@ DH *get_dh512() {
    iDezzV0CAwY1RzzZRJm7m0wkssATAgEC
    -----END DH PARAMETERS-----
    */
+
+DH *get_dh4096()
+{
+    static unsigned char dhp_4096[] = {
+	0xDB, 0xEA, 0x68, 0x34, 0x68, 0xC4, 0xB8, 0xB0, 0xDA, 0x5C, 
+	0xFF, 0x8E, 0x4D, 0xA0, 0xD2, 0x50, 0x60, 0xCC, 0x5E, 0x48, 
+	0xDD, 0x38, 0xC8, 0x72, 0x71, 0xA6, 0xFE, 0x73, 0x91, 0x32, 
+	0xB5, 0x41, 0xB4, 0x2C, 0x19, 0xB6, 0x86, 0x66, 0xC2, 0x01, 
+	0x96, 0xF9, 0xB5, 0x9C, 0x5D, 0xC9, 0xA1, 0x15, 0xEC, 0x59, 
+	0x8A, 0xDB, 0xE6, 0xEB, 0x99, 0xB0, 0xDA, 0x04, 0x7C, 0x65, 
+	0x58, 0x89, 0xEA, 0x89, 0x4B, 0x53, 0x9C, 0x43, 0x60, 0xC7, 
+	0x42, 0x1D, 0xB5, 0x29, 0x35, 0xD3, 0x29, 0x94, 0x3C, 0x44, 
+	0x82, 0x63, 0x4A, 0xF2, 0xA1, 0xE0, 0x09, 0x81, 0x53, 0x8F, 
+	0xB3, 0xCD, 0x0D, 0x3F, 0x06, 0x4D, 0x56, 0x9F, 0x98, 0x0F, 
+	0x5F, 0x98, 0x95, 0x07, 0x09, 0xC4, 0xFE, 0x5B, 0x32, 0xBA, 
+	0x16, 0xDA, 0xB9, 0x58, 0xF3, 0x99, 0x73, 0x82, 0xC8, 0x06, 
+	0x9D, 0x06, 0x94, 0x89, 0x0B, 0x0E, 0xB7, 0xE7, 0x18, 0x90, 
+	0x6F, 0x91, 0xAB, 0xEA, 0x5F, 0xD0, 0xC0, 0xBE, 0xD4, 0x9E, 
+	0x05, 0x4E, 0xC7, 0x5A, 0x13, 0x6D, 0x64, 0x5F, 0x87, 0xC6, 
+	0x0A, 0x01, 0x74, 0x6A, 0x43, 0x05, 0x0A, 0xD6, 0xAA, 0x57, 
+	0x00, 0xC0, 0x26, 0x58, 0xEF, 0x8E, 0xF2, 0x20, 0x57, 0x79, 
+	0xBF, 0x50, 0x9D, 0x3D, 0x05, 0xFB, 0xBA, 0xB4, 0x98, 0x72, 
+	0xBE, 0x93, 0x2A, 0x45, 0x39, 0xA7, 0x6D, 0x97, 0x4A, 0x5A, 
+	0x50, 0x8F, 0x8A, 0xC9, 0x02, 0x34, 0x4A, 0x94, 0x52, 0xC1, 
+	0x9A, 0xDB, 0x07, 0x88, 0x2B, 0xED, 0x00, 0x84, 0x58, 0x95, 
+	0x2F, 0x04, 0xE1, 0x76, 0x03, 0x88, 0x1A, 0x1B, 0xBB, 0x21, 
+	0x00, 0x19, 0x90, 0xE5, 0xD6, 0x11, 0xA6, 0x47, 0x17, 0xFF, 
+	0x31, 0xD5, 0xE1, 0xA3, 0x3F, 0xE4, 0x9A, 0xFB, 0xE5, 0x0D, 
+	0xC6, 0xA2, 0x21, 0x1B, 0xBE, 0xA5, 0x39, 0xD2, 0x2D, 0xB0, 
+	0x68, 0xF5, 0xDB, 0x2B, 0x3C, 0x3C, 0xE6, 0x07, 0xC3, 0x59, 
+	0xFC, 0x06, 0xA1, 0x20, 0x73, 0xAB, 0x59, 0xEA, 0xD8, 0x52, 
+	0x73, 0xA7, 0x27, 0x47, 0x7A, 0xBB, 0x76, 0xB9, 0x0E, 0x82, 
+	0x4A, 0xB2, 0x70, 0x7B, 0xA8, 0xF5, 0x34, 0x41, 0xF0, 0x55, 
+	0x15, 0x83, 0x73, 0xDC, 0xDE, 0x28, 0x24, 0x78, 0x34, 0x0F, 
+	0x4F, 0xCB, 0x5A, 0x21, 0xE8, 0x25, 0x22, 0xAB, 0xD8, 0xFF, 
+	0x5F, 0x79, 0xAE, 0xF5, 0x15, 0x54, 0xB3, 0xDC, 0xA1, 0x3D, 
+	0x84, 0x14, 0x08, 0xEF, 0xFC, 0xC0, 0x72, 0xB4, 0x3F, 0xF6, 
+	0x9C, 0x19, 0xBF, 0x03, 0x58, 0xDD, 0xA0, 0xF5, 0x2C, 0xD4, 
+	0x10, 0xC6, 0x7E, 0xD6, 0x00, 0x6A, 0xC8, 0xA3, 0x21, 0x49, 
+	0xF3, 0x00, 0xAF, 0x74, 0x53, 0xD6, 0x4D, 0xC1, 0xA6, 0x38, 
+	0xFA, 0x7D, 0xEC, 0x29, 0xFE, 0x05, 0xC4, 0xDE, 0xF3, 0x44, 
+	0xD4, 0x6D, 0xD4, 0x28, 0xB1, 0x69, 0x76, 0x16, 0x98, 0x57, 
+	0x95, 0xAB, 0x1A, 0x48, 0xD4, 0x4D, 0x54, 0xF2, 0x25, 0xCA, 
+	0x0F, 0xDE, 0x1C, 0x8A, 0x37, 0xA3, 0xD2, 0xFD, 0x3D, 0x25, 
+	0x68, 0xF7, 0x3C, 0xD0, 0x00, 0xF5, 0xD4, 0xC5, 0x3B, 0xB0, 
+	0x4B, 0xFE, 0xE5, 0x65, 0x65, 0xA6, 0x49, 0x7C, 0x6C, 0x8C, 
+	0x05, 0x2D, 0x37, 0x05, 0xFA, 0xEC, 0x5B, 0x8B, 0xB0, 0xAA, 
+	0x0A, 0x7F, 0x8E, 0x97, 0x7A, 0x2A, 0x04, 0x75, 0x3E, 0x60, 
+	0xE3, 0xBD, 0xDC, 0xC7, 0x08, 0x21, 0xFA, 0x46, 0x89, 0x12, 
+	0x02, 0x02, 0xDE, 0x2D, 0x47, 0xFD, 0x3D, 0xC3, 0x4C, 0x9E, 
+	0x3F, 0x0C, 0xF3, 0x05, 0x74, 0xD2, 0x00, 0x8F, 0x09, 0xA2, 
+	0x9E, 0x8E, 0x64, 0x63, 0x91, 0xA0, 0xA0, 0x54, 0xCD, 0x70, 
+	0xB3, 0x81, 0x07, 0x94, 0xE7, 0x81, 0x69, 0x97, 0xFD, 0x41, 
+	0x58, 0xB6, 0x00, 0x37, 0x25, 0x28, 0xC3, 0x55, 0x92, 0xC0, 
+	0x12, 0x0A, 0x4E, 0x86, 0x75, 0xF5, 0x7D, 0x15, 0x36, 0xC9, 
+	0x52, 0x33
+    };
+    static unsigned char dhg_4096[] = {
+	0x02
+    };
+    DH *dh = DH_new();
+    BIGNUM *dhp_bn, *dhg_bn;
+
+    if (dh == NULL)
+        return NULL;
+    dhp_bn = BN_bin2bn(dhp_4096, sizeof(dhp_4096), NULL);
+    dhg_bn = BN_bin2bn(dhg_4096, sizeof(dhg_4096), NULL);
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+  if (dhp_bn == NULL || dhg_bn == NULL
+      || !DH_set0_pqg(dh, dhp_bn, NULL, dhg_bn)) {
+    DH_free(dh);
+    BN_free(dhp_bn);
+    BN_free(dhg_bn);
+    return NULL;
+  }
+#else
+  dh->p = dhp_bn;
+  dh->g = dhg_bn;
+  if ((dh->p == NULL) || (dh->g == NULL))
+  { DH_free(dh); return(NULL); }
+#endif
+    return dh;
+}
+/*
+-----BEGIN DH PARAMETERS-----
+MIICCAKCAgEA2+poNGjEuLDaXP+OTaDSUGDMXkjdOMhycab+c5EytUG0LBm2hmbC
+AZb5tZxdyaEV7FmK2+brmbDaBHxlWInqiUtTnENgx0IdtSk10ymUPESCY0ryoeAJ
+gVOPs80NPwZNVp+YD1+YlQcJxP5bMroW2rlY85lzgsgGnQaUiQsOt+cYkG+Rq+pf
+0MC+1J4FTsdaE21kX4fGCgF0akMFCtaqVwDAJljvjvIgV3m/UJ09Bfu6tJhyvpMq
+RTmnbZdKWlCPiskCNEqUUsGa2weIK+0AhFiVLwThdgOIGhu7IQAZkOXWEaZHF/8x
+1eGjP+Sa++UNxqIhG76lOdItsGj12ys8POYHw1n8BqEgc6tZ6thSc6cnR3q7drkO
+gkqycHuo9TRB8FUVg3Pc3igkeDQPT8taIeglIqvY/195rvUVVLPcoT2EFAjv/MBy
+tD/2nBm/A1jdoPUs1BDGftYAasijIUnzAK90U9ZNwaY4+n3sKf4FxN7zRNRt1Cix
+aXYWmFeVqxpI1E1U8iXKD94cijej0v09JWj3PNAA9dTFO7BL/uVlZaZJfGyMBS03
+BfrsW4uwqgp/jpd6KgR1PmDjvdzHCCH6RokSAgLeLUf9PcNMnj8M8wV00gCPCaKe
+jmRjkaCgVM1ws4EHlOeBaZf9QVi2ADclKMNVksASCk6GdfV9FTbJUjMCAQI=
+-----END DH PARAMETERS-----
+*/
 /* vim: set sts=2 sw=2 ts=8 et: */

+ 1 - 0
src/dl.cc

@@ -32,5 +32,6 @@
 #include <bdlib/src/Array.h>
 #include <bdlib/src/HashTable.h>
 
+const char *dlsym_error;
 bd::HashTable<bd::String, FunctionPtr> dl_symbol_table;
 /* vim: set sts=2 sw=2 ts=8 et: */

+ 26 - 1
src/dl.h

@@ -7,6 +7,8 @@
 #include <bdlib/src/String.h>
 #include <bdlib/src/HashTable.h>
 
+extern const char *dlsym_error;
+
 #define DLSYM(_handle, x) \
   dlerror(); \
   x##_t x; \
@@ -17,23 +19,46 @@
     return(1); \
   }
 
+#define DLSYM_GLOBAL_FWDCOMPAT(_handle, x) do { \
+  dlerror(); \
+  if ((dl_symbol_table[#x] = (FunctionPtr) ((x##_t) dlsym(_handle, #x))) == \
+    NULL) { \
+    if ((dl_symbol_table[#x] = \
+      (FunctionPtr) ((x##_t) dlsym(NULL, "_" #x))) == NULL) { \
+      dlsym_error = dlerror(); \
+      if (dlsym_error) { \
+        fprintf(stderr, "%s", dlsym_error); \
+        return(1); \
+      } \
+    } \
+  } else { \
+    my_symbols << #x; \
+  } \
+} while (0)
+
 #define DLSYM_GLOBAL(_handle, x) do { \
   dlerror(); \
   dl_symbol_table[#x] = (FunctionPtr) ((x##_t) dlsym(_handle, #x)); \
-  my_symbols << #x; \
   dlsym_error = dlerror(); \
   if (dlsym_error) { \
     fprintf(stderr, "%s", dlsym_error); \
     return(1); \
   } \
+  my_symbols << #x; \
 } while (0)
 
+#define DLSYM_GLOBAL_SIMPLE(_handle, x) ( \
+  dl_symbol_table[#x] = (FunctionPtr) ((x##_t) dlsym(_handle, #x)), \
+  dl_symbol_table[#x] \
+)
+
 #define DLSYM_VAR(x) ((x##_t)dl_symbol_table[#x])
 
 extern bd::HashTable<bd::String, FunctionPtr> dl_symbol_table;
 
 #ifdef GENERATE_DEFS
 #undef DLSYM_GLOBAL
+#undef DLSYM_GLOBAL_FWDCOMPAT
 #endif
 
 #endif /* !_DL_H_ */

+ 1 - 1
src/generate_defs.sh

@@ -51,7 +51,7 @@ for file in ${files}; do
   mv $TMPFILE.sed $TMPFILE
   cd ..
 
-  for symbol in $($SED -n -e 's/.*DLSYM_GLOBAL(.*, \([^)]*\).*/\1/p' $TMPFILE|sort -u); do
+  for symbol in $($SED -n -e 's/.*DLSYM_GLOBAL[^ (]*(.*, \([^)]*\).*/\1/p' $TMPFILE|sort -u); do
     # Check if the typedef is already defined ...
     typedef=$(grep "^typedef .*(\*${symbol}_t)" ${dirname}/${basename}.h)
     # ... if not, generate it

+ 12 - 7
src/libcrypto.cc

@@ -38,8 +38,6 @@ void *libcrypto_handle = NULL;
 static bd::Array<bd::String> my_symbols;
 
 static int load_symbols(void *handle) {
-  const char *dlsym_error = NULL;
-
   DLSYM_GLOBAL(handle, AES_cbc_encrypt);
   DLSYM_GLOBAL(handle, AES_decrypt);
   DLSYM_GLOBAL(handle, AES_encrypt);
@@ -49,7 +47,6 @@ static int load_symbols(void *handle) {
   DLSYM_GLOBAL(handle, BF_encrypt);
   DLSYM_GLOBAL(handle, BF_set_key);
   DLSYM_GLOBAL(handle, ERR_error_string);
-  DLSYM_GLOBAL(handle, ERR_free_strings);
   DLSYM_GLOBAL(handle, ERR_get_error);
   DLSYM_GLOBAL(handle, OPENSSL_cleanse);
   DLSYM_GLOBAL(handle, RAND_file_name);
@@ -81,9 +78,17 @@ static int load_symbols(void *handle) {
   DLSYM_GLOBAL(handle, DH_new);
   DLSYM_GLOBAL(handle, DH_size);
 
-  DLSYM_GLOBAL(handle, EVP_cleanup);
-  DLSYM_GLOBAL(handle, CRYPTO_cleanup_all_ex_data);
-
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+  /* For dh_util.cc */
+  DLSYM_GLOBAL(handle, DH_get0_key);
+  DLSYM_GLOBAL(handle, DH_set0_key);
+  DLSYM_GLOBAL(handle, DH_set0_pqg);
+  DLSYM_GLOBAL(handle, BN_free);
+#else
+  DLSYM_GLOBAL_FWDCOMPAT(handle, ERR_free_strings);
+  DLSYM_GLOBAL_FWDCOMPAT(handle, EVP_cleanup);
+  DLSYM_GLOBAL_FWDCOMPAT(handle, CRYPTO_cleanup_all_ex_data);
+#endif
 
   return 0;
 }
@@ -96,7 +101,7 @@ int load_libcrypto() {
 
   sdprintf("Loading libcrypto");
 
-  bd::Array<bd::String> libs_list(bd::String("libcrypto.so." SHLIB_VERSION_NUMBER " libcrypto.so libcrypto.so.1.0.0 libcrypto.so.0.9.8 libcrypto.so.8 libcrypto.so.7 libcrypto.so.6").split(' '));
+  bd::Array<bd::String> libs_list(bd::String("libcrypto.so." SHLIB_VERSION_NUMBER " libcrypto.so libcrypto.so.1.1 libcrypto.so.1.0.0 libcrypto.so.0.9.8 libcrypto.so.10 libcrypto.so.9 libcrypto.so.8 libcrypto.so.7 libcrypto.so.6").split(' '));
 
   for (size_t i = 0; i < libs_list.length(); ++i) {
     dlerror(); // Clear Errors

+ 19 - 6
src/libssl.cc

@@ -38,25 +38,38 @@ void *libssl_handle = NULL;
 static bd::Array<bd::String> my_symbols;
 
 static int load_symbols(void *handle) {
-  const char *dlsym_error = NULL;
-
   DLSYM_GLOBAL(handle, SSL_get_error);
   DLSYM_GLOBAL(handle, SSL_connect);
   DLSYM_GLOBAL(handle, SSL_CTX_free);
   DLSYM_GLOBAL(handle, SSL_CTX_new);
   DLSYM_GLOBAL(handle, SSL_free);
-  DLSYM_GLOBAL(handle, SSL_library_init);
-  DLSYM_GLOBAL(handle, SSL_load_error_strings);
   DLSYM_GLOBAL(handle, SSL_new);
   DLSYM_GLOBAL(handle, SSL_pending);
   DLSYM_GLOBAL(handle, SSL_read);
   DLSYM_GLOBAL(handle, SSL_set_fd);
   DLSYM_GLOBAL(handle, SSL_shutdown);
-  DLSYM_GLOBAL(handle, SSLv23_client_method);
   DLSYM_GLOBAL(handle, SSL_write);
   DLSYM_GLOBAL(handle, SSL_CTX_ctrl);
   DLSYM_GLOBAL(handle, SSL_CTX_set_cipher_list);
   DLSYM_GLOBAL(handle, SSL_CTX_set_tmp_dh_callback);
+#if defined(OPENSSL_API_COMPAT) && OPENSSL_API_COMPAT < 0x10100000L
+  /* For SSL_library_init and SSL_load_error_strings. */
+  DLSYM_GLOBAL(handle, OPENSSL_init_ssl);
+#else
+  DLSYM_GLOBAL_FWDCOMPAT(handle, SSL_library_init);
+  DLSYM_GLOBAL_FWDCOMPAT(handle, SSL_load_error_strings);
+  /* Some forward-compat is handled in src/compat/openssl.cc. */
+#endif
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+  /* For SSLv23_client_method */
+  DLSYM_GLOBAL(handle, TLS_client_method);
+  /* For SSLv23_method */
+  DLSYM_GLOBAL(handle, TLS_method);
+  DLSYM_GLOBAL(handle, SSL_CTX_set_options);
+#else
+  DLSYM_GLOBAL_FWDCOMPAT(handle, SSLv23_client_method);
+  /* Some forward-compat is handled in src/compat/openssl.cc. */
+#endif
 
   return 0;
 }
@@ -69,7 +82,7 @@ int load_libssl() {
 
   sdprintf("Loading libssl");
 
-  bd::Array<bd::String> libs_list(bd::String("libssl.so." SHLIB_VERSION_NUMBER " libssl.so libssl.so.1.0.0 libssl.so.0.9.8 libssl.so.8 libssl.so.7 libssl.so.6").split(' '));
+  bd::Array<bd::String> libs_list(bd::String("libssl.so." SHLIB_VERSION_NUMBER " libssl.so libssl.so.1.1 libssl.so.1.0.0 libssl.so.0.9.8 libssl.so.10 libssl.so.9 libssl.so.8 libssl.so.7 libssl.so.6").split(' '));
 
   for (size_t i = 0; i < libs_list.length(); ++i) {
     dlerror(); // Clear Errors

+ 0 - 2
src/libtcl.cc

@@ -45,8 +45,6 @@ void initialize_binds_tcl();
 
 static int load_symbols(void *handle) {
 #ifdef USE_SCRIPT_TCL
-  const char *dlsym_error = NULL;
-
   DLSYM_GLOBAL(handle, Tcl_Eval);
   DLSYM_GLOBAL(handle, Tcl_GetStringResult);
   DLSYM_GLOBAL(handle, Tcl_DeleteInterp);

+ 5 - 0
src/openssl.cc

@@ -49,6 +49,9 @@ static DH* tmp_dh_callback(SSL* ssl, int is_export, int keylength) {
   DH *ret = NULL;
 
   switch (keylength) {
+    case 4096:
+      ret = get_dh4096();
+      break;
     case 2048:
       ret = get_dh2048();
       break;
@@ -118,9 +121,11 @@ int uninit_openssl () {
     RAND_write_file(tls_rand_file);
 #endif
 
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
   ERR_free_strings();
   EVP_cleanup();
   CRYPTO_cleanup_all_ex_data();
+#endif
 
   unload_libssl();
   unload_libcrypto();