1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
|
This patch has been tested with OpenSSL 1.0.2q, 1.1.0j and 1.1.1a
with and without support for deprecated OpenSSL APIs.
--- a/configure.ac
+++ b/configure.ac
@@ -860,26 +860,10 @@ then
AC_SEARCH_LIBS([ERR_peek_error], [crypto], ,
AC_MSG_ERROR([libcrypto not found]))
- AC_SEARCH_LIBS([SSL_library_init], [ssl], ,
- [
- if test x"$enable_shared" = x"yes"
- then
- AC_MSG_ERROR([Cannot build shared opendkim
- against static openssl libraries.
- Configure with --disable-shared
- to get this working or obtain a
- shared libssl library for
- opendkim to use.])
- fi
-
- # avoid caching issue - last result of SSL_library_init
- # shouldn't be cached for this next check
- unset ac_cv_search_SSL_library_init
- LIBCRYPTO_LIBS="$LIBCRYPTO_LIBS -ldl"
- AC_SEARCH_LIBS([SSL_library_init], [ssl], ,
- AC_MSG_ERROR([libssl not found]), [-ldl])
- ]
- )
+ od_have_ossl="no"
+ AC_CHECK_LIB(ssl, OPENSSL_init_ssl, [od_have_ossl="yes"])
+ AC_CHECK_LIB(ssl, SSL_library_init, [od_have_ossl="yes"])
+ AS_IF([test "x$od_have_ossl" = xno], [AC_MSG_ERROR([libssl not found])])
AC_CHECK_DECL([SHA256_DIGEST_LENGTH],
AC_DEFINE([HAVE_SHA256], 1,
--- a/opendkim/opendkim-crypto.c
+++ b/opendkim/opendkim-crypto.c
@@ -139,6 +139,7 @@ static unsigned int nmutexes = 0;
static unsigned long threadid = 0L;
static pthread_mutex_t *mutexes = NULL;
+#if OPENSSL_VERSION_NUMBER < 0x10100000
/*
** DKIMF_CRYPTO_LOCK_CALLBACK -- locking callback for libcrypto
**
@@ -166,6 +167,7 @@ dkimf_crypto_lock_callback(int mode, int
assert(status == 0);
}
+#endif
/*
** DKIMF_CRYPTO_GET_ID -- generate/retrieve thread ID
@@ -208,21 +210,15 @@ dkimf_crypto_get_id(void)
static void
dkimf_crypto_free_id(void *ptr)
{
- /*
- ** Trick dkimf_crypto_get_id(); the thread-specific pointer has
- ** already been cleared at this point, but dkimf_crypto_get_id()
- ** may be called by ERR_remove_state() which will then allocate a
- ** new thread pointer if the thread-specific pointer is NULL. This
- ** means a memory leak of thread IDs and, on Solaris, an infinite loop
- ** because the destructor (indirectly) re-sets the thread-specific
- ** pointer to something not NULL. See pthread_key_create(3).
- */
-
if (ptr != NULL)
{
assert(pthread_setspecific(id_key, ptr) == 0);
- ERR_remove_state(0);
+#if OPENSSL_VERSION_NUMBER >= 0x10100000
+ OPENSSL_thread_stop();
+#else
+ ERR_remove_thread_state(NULL);
+#endif
free(ptr);
@@ -300,6 +296,7 @@ dkimf_crypto_dyn_destroy(struct CRYPTO_d
** None.
*/
+#if OPENSSL_VERSION_NUMBER < 0x10100000
static void
dkimf_crypto_dyn_lock(int mode, struct CRYPTO_dynlock_value *lock,
/* UNUSED */ const char *file,
@@ -316,6 +313,7 @@ dkimf_crypto_dyn_lock(int mode, struct C
assert(status == 0);
}
+#endif
/*
** DKIMF_CRYPTO_INIT -- set up openssl dependencies
@@ -335,7 +333,12 @@ dkimf_crypto_init(void)
int n;
int status;
+#if OPENSSL_VERSION_NUMBER < 0x10100000
n = CRYPTO_num_locks();
+#else
+ // see openssl/crypto.h for more details
+ n = 1;
+#endif
mutexes = (pthread_mutex_t *) malloc(n * sizeof(pthread_mutex_t));
if (mutexes == NULL)
return errno;
@@ -357,15 +360,22 @@ dkimf_crypto_init(void)
if (status != 0)
return status;
+#if OPENSSL_VERSION_NUMBER < 0x10100000
SSL_load_error_strings();
SSL_library_init();
ERR_load_crypto_strings();
+#else
+ OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS | OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL);
+ OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL);
+#endif
+#if OPENSSL_VERSION_NUMBER < 0x10000000
CRYPTO_set_id_callback(&dkimf_crypto_get_id);
CRYPTO_set_locking_callback(&dkimf_crypto_lock_callback);
CRYPTO_set_dynlock_create_callback(&dkimf_crypto_dyn_create);
CRYPTO_set_dynlock_lock_callback(&dkimf_crypto_dyn_lock);
CRYPTO_set_dynlock_destroy_callback(&dkimf_crypto_dyn_destroy);
+#endif
#ifdef USE_OPENSSL_ENGINE
if (!SSL_set_engine(NULL))
@@ -392,11 +402,15 @@ dkimf_crypto_free(void)
{
if (crypto_init_done)
{
+#if OPENSSL_VERSION_NUMBER >= 0x10100000
+ OPENSSL_thread_stop();
+#else
CRYPTO_cleanup_all_ex_data();
CONF_modules_free();
EVP_cleanup();
ERR_free_strings();
- ERR_remove_state(0);
+ ERR_remove_thread_state(NULL);
+#endif
if (nmutexes > 0)
{
--- a/libopendkim/dkim.c
+++ b/libopendkim/dkim.c
@@ -4195,8 +4195,10 @@ dkim_init_openssl(void)
{
pthread_mutex_lock(&openssl_lock);
+#if OPENSSL_VERSION_NUMBER < 0x10100000
if (openssl_refcount == 0)
OpenSSL_add_all_algorithms();
+#endif
openssl_refcount++;
pthread_mutex_unlock(&openssl_lock);
@@ -4220,8 +4222,10 @@ dkim_close_openssl(void)
pthread_mutex_lock(&openssl_lock);
openssl_refcount--;
+#if OPENSSL_VERSION_NUMBER < 0x10100000
if (openssl_refcount == 0)
EVP_cleanup();
+#endif
pthread_mutex_unlock(&openssl_lock);
}
--- a/opendkim/opendkim-testkey.c
+++ b/opendkim/opendkim-testkey.c
@@ -452,7 +452,11 @@ main(int argc, char **argv)
memset(err, '\0', sizeof err);
#ifndef USE_GNUTLS
+#if OPENSSL_VERSION_NUMBER < 0x10100000
ERR_load_crypto_strings();
+#else
+ OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL);
+#endif
#endif /* ! USE_GNUTLS */
/* process a KeyTable if specified and not overridden */
--- a/opendkim/opendkim.c
+++ b/opendkim/opendkim.c
@@ -15540,7 +15540,11 @@ main(int argc, char **argv)
printf("\tCompiled with GnuTLS %s\n", GNUTLS_VERSION);
#else /* USE_GNUTLS */
printf("\tCompiled with %s\n",
+#if OPENSSL_VERSION_NUMBER < 0x10100000
SSLeay_version(SSLEAY_VERSION));
+#else
+ OpenSSL_version(OPENSSL_VERSION));
+#endif
#endif /* USE_GNUTLS */
printf("\tSMFI_VERSION 0x%x\n", SMFI_VERSION);
#ifdef HAVE_SMFI_VERSION
|