[Openvpn-devel,v2,02/16,OSSL,3.0] Disable engine support for OpenSSL 3.0

Message ID 20211019182332.613155-4-arne@rfc2549.org
State Superseded
Headers show
Series
  • Untitled series #1304
Related show

Commit Message

Arne Schwabe Oct. 19, 2021, 6:23 p.m.
Engine support is deprecated in OpenSSL 3.0. No longer use the deprecated API
when running with OpenSSL 3.0

Signed-off-by: Arne Schwabe <arne@rfc2549.org>
---
 configure.ac                 |  2 ++
 src/openvpn/crypto_openssl.c | 13 +++++++------
 2 files changed, 9 insertions(+), 6 deletions(-)

Patch

diff --git a/configure.ac b/configure.ac
index a37dc762f..0f9e203a4 100644
--- a/configure.ac
+++ b/configure.ac
@@ -813,7 +813,9 @@  if test "${with_crypto_library}" = "openssl"; then
 	if test "${have_openssl_engine}" = "no"; then
 		AC_CHECK_DECL( [ENGINE_cleanup], [have_openssl_engine="yes"],,
 			[[
+			    #if OPENSSL_VERSION_NUMBER < 0x30000000L
 				#include <openssl/engine.h>
+				#endif
 			]]
 		)
 	fi
diff --git a/src/openvpn/crypto_openssl.c b/src/openvpn/crypto_openssl.c
index 1c800df7f..3a344f266 100644
--- a/src/openvpn/crypto_openssl.c
+++ b/src/openvpn/crypto_openssl.c
@@ -67,7 +67,7 @@ 
 #warning Some OpenSSL HMAC message digests now support key lengths greater than MAX_HMAC_KEY_LENGTH -- consider increasing MAX_HMAC_KEY_LENGTH
 #endif
 
-#if HAVE_OPENSSL_ENGINE
+#if HAVE_OPENSSL_ENGINE && OPENSSL_VERSION_NUMBER < 0x30000000L
 #include <openssl/ui.h>
 #include <openssl/engine.h>
 
@@ -132,7 +132,7 @@  setup_engine(const char *engine)
 void
 crypto_init_lib_engine(const char *engine_name)
 {
-#if HAVE_OPENSSL_ENGINE
+#if HAVE_OPENSSL_ENGINE && OPENSSL_VERSION_NUMBER < 0x30000000L
     if (!engine_initialized)
     {
         ASSERT(engine_name);
@@ -182,7 +182,7 @@  crypto_uninit_lib(void)
     fclose(fp);
 #endif
 
-#if HAVE_OPENSSL_ENGINE
+#if HAVE_OPENSSL_ENGINE && OPENSSL_VERSION_NUMBER < 0x30000000L
     if (engine_initialized)
     {
         ENGINE_cleanup();
@@ -368,7 +368,8 @@  show_available_digests(void)
 void
 show_available_engines(void)
 {
-#if HAVE_OPENSSL_ENGINE /* Only defined for OpenSSL */
+#if HAVE_OPENSSL_ENGINE && OPENSSL_VERSION_NUMBER < 0x30000000L
+    /* Only defined for OpenSSL */
     ENGINE *e;
 
     printf("OpenSSL Crypto Engines\n\n");
@@ -1165,7 +1166,7 @@  memcmp_constant_time(const void *a, const void *b, size_t size)
     return CRYPTO_memcmp(a, b, size);
 }
 
-#if HAVE_OPENSSL_ENGINE
+#if HAVE_OPENSSL_ENGINE && OPENSSL_VERSION_NUMBER < 0x30000000L
 static int
 ui_reader(UI *ui, UI_STRING *uis)
 {
@@ -1189,7 +1190,7 @@  ui_reader(UI *ui, UI_STRING *uis)
 EVP_PKEY *
 engine_load_key(const char *file, SSL_CTX *ctx)
 {
-#if HAVE_OPENSSL_ENGINE
+#if HAVE_OPENSSL_ENGINE && OPENSSL_VERSION_NUMBER < 0x30000000L
     UI_METHOD *ui;
     EVP_PKEY *pkey;