Explorar o código

Merge branch 'maint'

* maint:
  Fix OpenSSL 1.0 compat
  Restore OpenSSL 1.0 support
Bryan Drewery %!s(int64=2) %!d(string=hai) anos
pai
achega
f5dcef7191
Modificáronse 4 ficheiros con 76 adicións e 3 borrados
  1. 0 1
      doc/UPDATES.md
  2. 52 0
      src/compat/openssl.cc
  3. 12 0
      src/libssl.cc
  4. 12 2
      src/openssl.cc

+ 0 - 1
doc/UPDATES.md

@@ -18,7 +18,6 @@
 
 # maint
   * Fix OpenSSL 3 build.
-  * Drop support for OpenSSL < 1.1
 
 # 1.4.10
   * Clear FiSH keys when a client quits.

+ 52 - 0
src/compat/openssl.cc

@@ -1 +1,53 @@
 #include <openssl/opensslv.h>
+/* Provide forward compat functions when built from < 1.1. */
+#if !defined(LIBRESSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER < 0x10100000L
+#include <stdlib.h>
+#include <stdint.h>
+#include "dl.h"
+
+extern "C" {
+typedef int (*OPENSSL_init_ssl_t)(uint64_t a1, const void *a2);
+static int _OPENSSL_init_ssl(uint64_t a1, const void *a2) {
+  if (DLSYM_VAR(OPENSSL_init_ssl) == NULL)
+    if (DLSYM_GLOBAL_SIMPLE(RTLD_NEXT, OPENSSL_init_ssl) == NULL)
+      return 0;
+  return DLSYM_VAR(OPENSSL_init_ssl)(a1, a2);
+}
+
+void _ERR_free_strings(void) __attribute__((const));
+void _ERR_free_strings(void) {
+}
+
+void _EVP_cleanup(void) __attribute__((const));
+void _EVP_cleanup(void) {
+}
+
+void _CRYPTO_cleanup_all_ex_data(void) __attribute__((const));
+void _CRYPTO_cleanup_all_ex_data(void) {
+}
+
+int _SSL_library_init(void) {
+  return _OPENSSL_init_ssl(0, NULL);
+}
+
+#define OPENSSL_INIT_LOAD_CRYPTO_STRINGS    0x00000002L
+#define OPENSSL_INIT_LOAD_SSL_STRINGS       0x00200000L
+void _SSL_load_error_strings(void) {
+    _OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS \
+                     | OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL);
+}
+
+typedef void *(*TLS_client_method_t)(void);
+static const void *_TLS_client_method(void) {
+  if (DLSYM_VAR(TLS_client_method) == NULL)
+    if (DLSYM_GLOBAL_SIMPLE(RTLD_NEXT, TLS_client_method) == NULL)
+      return NULL;
+  return DLSYM_VAR(TLS_client_method)();
+}
+
+const void *_SSLv23_client_method(void) {
+  return _TLS_client_method();
+}
+
+} /* extern "C" */
+#endif	/* OPENSSL_VERSION_NUMBER < 0x10100000L */

+ 12 - 0
src/libssl.cc

@@ -58,9 +58,21 @@ static int load_symbols(void *handle) {
   DLSYM_GLOBAL(handle, SSL_CTX_ctrl);
   DLSYM_GLOBAL(handle, SSL_CTX_set_cipher_list);
   DLSYM_GLOBAL(handle, SSL_CTX_set_tmp_dh_callback);
+#if !defined(LIBRESSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER < 0x10100000L
+  DLSYM_GLOBAL_FWDCOMPAT(handle, SSL_library_init);
+  DLSYM_GLOBAL_FWDCOMPAT(handle, SSL_load_error_strings);
+  /* Some forward-compat is handled in src/compat/openssl.cc. */
+#else
+  /* For SSL_library_init and SSL_load_error_strings. */
   DLSYM_GLOBAL(handle, OPENSSL_init_ssl);
+#endif
+#if !defined(LIBRESSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000L
   DLSYM_GLOBAL(handle, TLS_client_method);
   DLSYM_GLOBAL(handle, SSL_CTX_set_options);
+#else
+  DLSYM_GLOBAL_FWDCOMPAT(handle, SSLv23_client_method);
+  /* Some forward-compat is handled in src/compat/openssl.cc. */
+#endif
 
   return 0;
 }

+ 12 - 2
src/openssl.cc

@@ -76,9 +76,13 @@ int init_openssl() {
 
 #ifdef EGG_SSL_EXT
   /* good place to init ssl stuff */
-  OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS |
-      OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL);
+  SSL_load_error_strings();
+  OpenSSL_add_ssl_algorithms();
+#if !defined(LIBRESSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER < 0x10100000L
+  ssl_ctx = SSL_CTX_new(SSLv23_client_method());
+#else
   ssl_ctx = SSL_CTX_new(TLS_client_method());
+#endif
   if (!ssl_ctx) {
     sdprintf("SSL_CTX_new() failed");
     return 1;
@@ -121,6 +125,12 @@ int uninit_openssl () {
     RAND_write_file(tls_rand_file);
 #endif
 
+#if defined(LIBRESSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER < 0x10100000L
+  ERR_free_strings();
+  EVP_cleanup();
+  CRYPTO_cleanup_all_ex_data();
+#endif
+
   unload_libssl();
   unload_libcrypto();
   return 0;