From patchwork Tue Oct 19 18:23:08 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: [Openvpn-devel,v2,02/16,OSSL,3.0] Disable engine support for OpenSSL 3.0 X-Patchwork-Submitter: Arne Schwabe X-Patchwork-Id: 2015 Message-Id: <20211019182332.613155-4-arne@rfc2549.org> To: openvpn-devel@lists.sourceforge.net Date: Tue, 19 Oct 2021 20:23:08 +0200 From: Arne Schwabe List-Id: Engine support is deprecated in OpenSSL 3.0. No longer use the deprecated API when running with OpenSSL 3.0 Signed-off-by: Arne Schwabe --- configure.ac | 2 ++ src/openvpn/crypto_openssl.c | 13 +++++++------ 2 files changed, 9 insertions(+), 6 deletions(-) diff --git a/configure.ac b/configure.ac index a37dc762f..0f9e203a4 100644 --- a/configure.ac +++ b/configure.ac @@ -813,7 +813,9 @@ if test "${with_crypto_library}" = "openssl"; then if test "${have_openssl_engine}" = "no"; then AC_CHECK_DECL( [ENGINE_cleanup], [have_openssl_engine="yes"],, [[ + #if OPENSSL_VERSION_NUMBER < 0x30000000L #include + #endif ]] ) fi diff --git a/src/openvpn/crypto_openssl.c b/src/openvpn/crypto_openssl.c index 1c800df7f..3a344f266 100644 --- a/src/openvpn/crypto_openssl.c +++ b/src/openvpn/crypto_openssl.c @@ -67,7 +67,7 @@ #warning Some OpenSSL HMAC message digests now support key lengths greater than MAX_HMAC_KEY_LENGTH -- consider increasing MAX_HMAC_KEY_LENGTH #endif -#if HAVE_OPENSSL_ENGINE +#if HAVE_OPENSSL_ENGINE && OPENSSL_VERSION_NUMBER < 0x30000000L #include #include @@ -132,7 +132,7 @@ setup_engine(const char *engine) void crypto_init_lib_engine(const char *engine_name) { -#if HAVE_OPENSSL_ENGINE +#if HAVE_OPENSSL_ENGINE && OPENSSL_VERSION_NUMBER < 0x30000000L if (!engine_initialized) { ASSERT(engine_name); @@ -182,7 +182,7 @@ crypto_uninit_lib(void) fclose(fp); #endif -#if HAVE_OPENSSL_ENGINE +#if HAVE_OPENSSL_ENGINE && OPENSSL_VERSION_NUMBER < 0x30000000L if (engine_initialized) { ENGINE_cleanup(); @@ -368,7 +368,8 @@ show_available_digests(void) void show_available_engines(void) { -#if HAVE_OPENSSL_ENGINE /* Only defined for OpenSSL */ +#if HAVE_OPENSSL_ENGINE && OPENSSL_VERSION_NUMBER < 0x30000000L + /* Only defined for OpenSSL */ ENGINE *e; printf("OpenSSL Crypto Engines\n\n"); @@ -1165,7 +1166,7 @@ memcmp_constant_time(const void *a, const void *b, size_t size) return CRYPTO_memcmp(a, b, size); } -#if HAVE_OPENSSL_ENGINE +#if HAVE_OPENSSL_ENGINE && OPENSSL_VERSION_NUMBER < 0x30000000L static int ui_reader(UI *ui, UI_STRING *uis) { @@ -1189,7 +1190,7 @@ ui_reader(UI *ui, UI_STRING *uis) EVP_PKEY * engine_load_key(const char *file, SSL_CTX *ctx) { -#if HAVE_OPENSSL_ENGINE +#if HAVE_OPENSSL_ENGINE && OPENSSL_VERSION_NUMBER < 0x30000000L UI_METHOD *ui; EVP_PKEY *pkey;