diff --git a/src/lib-dcrypt/dcrypt-openssl.c b/src/lib-dcrypt/dcrypt-openssl.c index 8dd6f96..3a21e88 100644 --- a/src/lib-dcrypt/dcrypt-openssl.c +++ b/src/lib-dcrypt/dcrypt-openssl.c @@ -75,6 +75,19 @@ #define OBJ_length(o) ((o)->length) #endif +#if OPENSSL_VERSION_NUMBER < 0x10100000L +# define EVP_MD_CTX_new() EVP_MD_CTX_create() +# define EVP_MD_CTX_free(ctx) EVP_MD_CTX_destroy(ctx) +#endif + +#if OPENSSL_VERSION_NUMBER < 0x10100000L +# define HMAC_Init_ex(ctx, key, key_len, md, impl) \ + HMAC_Init_ex(&(ctx), key, key_len, md, impl) +# define HMAC_Update(ctx, data, len) HMAC_Update(&(ctx), data, len) +# define HMAC_Final(ctx, md, len) HMAC_Final(&(ctx), md, len) +# define HMAC_CTX_free(ctx) HMAC_cleanup(&(ctx)) +#endif + struct dcrypt_context_symmetric { pool_t pool; const EVP_CIPHER *cipher; @@ -429,11 +442,7 @@ static void dcrypt_openssl_ctx_hmac_destroy(struct dcrypt_context_hmac **ctx) { pool_t pool = (*ctx)->pool; -#if OPENSSL_VERSION_NUMBER >= 0x10100000L - if ((*ctx)->ctx) HMAC_CTX_free((*ctx)->ctx); -#else - HMAC_cleanup(&((*ctx)->ctx)); -#endif + HMAC_CTX_free((*ctx)->ctx); pool_unref(&pool); *ctx = NULL; } @@ -475,10 +484,8 @@ bool dcrypt_openssl_ctx_hmac_init(struct dcrypt_context_hmac *ctx, const char ** #if OPENSSL_VERSION_NUMBER >= 0x10100000L ctx->ctx = HMAC_CTX_new(); if (ctx->ctx == NULL) return dcrypt_openssl_error(error_r); - ec = HMAC_Init_ex(ctx->ctx, ctx->key, ctx->klen, ctx->md, NULL); -#else - ec = HMAC_Init_ex(&(ctx->ctx), ctx->key, ctx->klen, ctx->md, NULL); #endif + ec = HMAC_Init_ex(ctx->ctx, ctx->key, ctx->klen, ctx->md, NULL); if (ec != 1) return dcrypt_openssl_error(error_r); return TRUE; } @@ -486,11 +493,7 @@ static bool dcrypt_openssl_ctx_hmac_update(struct dcrypt_context_hmac *ctx, const unsigned char *data, size_t data_len, const char **error_r) { int ec; -#if OPENSSL_VERSION_NUMBER >= 0x10100000L ec = HMAC_Update(ctx->ctx, data, data_len); -#else - ec = HMAC_Update(&(ctx->ctx), data, data_len); -#endif if (ec != 1) return dcrypt_openssl_error(error_r); return TRUE; } @@ -500,14 +503,9 @@ bool dcrypt_openssl_ctx_hmac_final(struct dcrypt_context_hmac *ctx, buffer_t *re int ec; unsigned char buf[HMAC_MAX_MD_CBLOCK]; unsigned int outl; -#if OPENSSL_VERSION_NUMBER >= 0x10100000L ec = HMAC_Final(ctx->ctx, buf, &outl); HMAC_CTX_free(ctx->ctx); ctx->ctx = NULL; -#else - ec = HMAC_Final(&(ctx->ctx), buf, &outl); - HMAC_cleanup(&(ctx->ctx)); -#endif if (ec == 1) { buffer_append(result, buf, outl); } else return dcrypt_openssl_error(error_r); @@ -2135,11 +2133,7 @@ bool dcrypt_openssl_public_key_id_evp(EVP_PKEY *key, const EVP_MD *md, buffer_t long len = BIO_get_mem_data(b, &ptr); unsigned int hlen = sizeof(buf); /* then hash it */ -#if OPENSSL_VERSION_NUMBER >= 0x10100000L EVP_MD_CTX *ctx = EVP_MD_CTX_new(); -#else - EVP_MD_CTX *ctx = EVP_MD_CTX_create(); -#endif if (ctx == NULL || EVP_DigestInit_ex(ctx, md, NULL) < 1 || EVP_DigestUpdate(ctx, (const unsigned char*)ptr, len) < 1 || @@ -2149,11 +2143,7 @@ bool dcrypt_openssl_public_key_id_evp(EVP_PKEY *key, const EVP_MD *md, buffer_t buffer_append(result, buf, hlen); res = TRUE; } -#if OPENSSL_VERSION_NUMBER >= 0x10100000L EVP_MD_CTX_free(ctx); -#else - EVP_MD_CTX_destroy(ctx); -#endif BIO_vfree(b); return res; commit d07678fffe1df100e30e5e624245f2e4d67721a9 Author: Timo Sirainen Date: Sat Feb 25 21:47:01 2017 +0200 lib-dcrypt: Replace #if OPENSSL_VERSION_NUMBER with more explicit checks diff --git a/m4/ssl.m4 b/m4/ssl.m4 index bf22f66..35b77ec 100644 --- a/m4/ssl.m4 +++ b/m4/ssl.m4 @@ -126,6 +126,18 @@ AC_DEFUN([DOVECOT_SSL], [ AC_CHECK_LIB(ssl, ASN1_STRING_get0_data, [ AC_DEFINE(HAVE_ASN1_STRING_GET0_DATA,, [Build with ASN1_STRING_get0_data() support]) ],, $SSL_LIBS) + AC_CHECK_LIB(ssl, HMAC_CTX_new, [ + AC_DEFINE(HAVE_HMAC_CTX_NEW,, [Build with HMAC_CTX_new() support]) + ],, $SSL_LIBS) + AC_CHECK_LIB(ssl, EVP_MD_CTX_new, [ + AC_DEFINE(HAVE_EVP_MD_CTX_NEW,, [Build with EVP_MD_CTX_new() support]) + ],, $SSL_LIBS) + AC_CHECK_LIB(ssl, OBJ_length, [ + AC_DEFINE(HAVE_OBJ_LENGTH,, [Build with OBJ_length() support]) + ],, $SSL_LIBS) + AC_CHECK_LIB(ssl, EVP_PKEY_get0_RSA, [ + AC_DEFINE(HAVE_EVP_PKEY_get0,, [Build with EVP_PKEY_get0_*() support]) + ],, $SSL_LIBS) AC_CHECK_LIB(ssl, [EVP_PKEY_CTX_new_id], [have_evp_pkey_ctx_new_id="yes"],, $SSL_LIBS) AC_CHECK_LIB(ssl, [EC_KEY_new], [have_ec_key_new="yes"],, $SSL_LIBS) if test "$have_evp_pkey_ctx_new_id" = "yes" && test "$have_ec_key_new" = "yes"; then diff --git a/src/lib-dcrypt/dcrypt-openssl.c b/src/lib-dcrypt/dcrypt-openssl.c index 3a21e88..74814b2 100644 --- a/src/lib-dcrypt/dcrypt-openssl.c +++ b/src/lib-dcrypt/dcrypt-openssl.c @@ -69,18 +69,21 @@ 2key algo oid1symmetric algo namesalthash algoroundsE(RSA = i2d_PrivateKey, EC=Private Point)key id **/ -#if OPENSSL_VERSION_NUMBER < 0x10100000L +#ifndef HAVE_EVP_PKEY_get0 #define EVP_PKEY_get0_EC_KEY(x) x->pkey.ec #define EVP_PKEY_get0_RSA(x) x->pkey.rsa +#endif + +#ifndef HAVE_OBJ_LENGTH #define OBJ_length(o) ((o)->length) #endif -#if OPENSSL_VERSION_NUMBER < 0x10100000L +#ifndef HAVE_EVP_MD_CTX_NEW # define EVP_MD_CTX_new() EVP_MD_CTX_create() # define EVP_MD_CTX_free(ctx) EVP_MD_CTX_destroy(ctx) #endif -#if OPENSSL_VERSION_NUMBER < 0x10100000L +#ifndef HAVE_HMAC_CTX_NEW # define HMAC_Init_ex(ctx, key, key_len, md, impl) \ HMAC_Init_ex(&(ctx), key, key_len, md, impl) # define HMAC_Update(ctx, data, len) HMAC_Update(&(ctx), data, len) @@ -105,7 +108,7 @@ struct dcrypt_context_symmetric { struct dcrypt_context_hmac { pool_t pool; const EVP_MD *md; -#if OPENSSL_VERSION_NUMBER >= 0x10100000L +#ifdef HAVE_HMAC_CTX_NEW HMAC_CTX *ctx; #else HMAC_CTX ctx; @@ -481,7 +484,7 @@ bool dcrypt_openssl_ctx_hmac_init(struct dcrypt_context_hmac *ctx, const char ** { int ec; i_assert(ctx->md != NULL); -#if OPENSSL_VERSION_NUMBER >= 0x10100000L +#ifdef HAVE_HMAC_CTX_NEW ctx->ctx = HMAC_CTX_new(); if (ctx->ctx == NULL) return dcrypt_openssl_error(error_r); #endif