From patchwork Tue Oct 19 07:23:08 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arne Schwabe X-Patchwork-Id: 2015 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director10.mail.ord1d.rsapps.net ([172.30.191.6]) by backend30.mail.ord1d.rsapps.net with LMTP id cG6+EngNb2FJMAAAIUCqbw (envelope-from ) for ; Tue, 19 Oct 2021 14:24:56 -0400 Received: from proxy9.mail.ord1d.rsapps.net ([172.30.191.6]) by director10.mail.ord1d.rsapps.net with LMTP id cIC7EngNb2HtFgAApN4f7A (envelope-from ) for ; Tue, 19 Oct 2021 14:24:56 -0400 Received: from smtp31.gate.ord1d ([172.30.191.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy9.mail.ord1d.rsapps.net with LMTPS id YEVrEngNb2FXWwAA7h+8OQ (envelope-from ) for ; Tue, 19 Oct 2021 14:24:56 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp31.gate.ord1d.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=rfc2549.org X-Suspicious-Flag: YES X-Classification-ID: dbde9168-3109-11ec-87ce-525400b3ac8c-1-1 Received: from [216.105.38.7] ([216.105.38.7:41502] helo=lists.sourceforge.net) by smtp31.gate.ord1d.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 11/07-02341-77D0F616; Tue, 19 Oct 2021 14:24:56 -0400 Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.92.3) (envelope-from ) id 1mctmc-0000yp-UH; Tue, 19 Oct 2021 18:24:18 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92.3) (envelope-from ) id 1mctmG-0000rP-Lg for openvpn-devel@lists.sourceforge.net; Tue, 19 Oct 2021 18:23:56 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=ALZQAJQnKrkSjU8hDKqA/jIIEmIz0TFeeceOf6j/9mw=; b=D64Xl0tEBpeBANbz80m43MQfiA dZwMCrp3qbWYxfsFXZqN47Fy5yW1c05Ae8/FQPcAFqkGzFVqXXKFDUbNsElfb5aDDGj5M7aRsbnEW xkf+nHYyFWw6CkTpiaBFvbhChdSWUJtdgXTf9frIIitHT6Xg73ZR3osybvtFzt9Ho26E=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=ALZQAJQnKrkSjU8hDKqA/jIIEmIz0TFeeceOf6j/9mw=; b=THCfemmmNdWTDafZiGHKBIgZH5 p9xburjkgz9EibtkFZHo8hyk9mvpQg0g85loMrJR6E1ZMDFdW1HuCDfQeTRpt1ib4nVMkbzyiIIFF O67QmaMOqerO3wFhsjhkL/QlQ6qiSc0ONaTyobzxhiWXL2svyI9KrDDgMjAqF29vmZB4=; Received: from mail.blinkt.de ([192.26.174.232]) by sfi-mx-1.v28.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92.3) id 1mctm4-006Tej-7g for openvpn-devel@lists.sourceforge.net; Tue, 19 Oct 2021 18:23:56 +0000 Received: from kamera.blinkt.de ([2001:638:502:390:20c:29ff:fec8:535c]) by mail.blinkt.de with smtp (Exim 4.94.2 (FreeBSD)) (envelope-from ) id 1mctls-0008aW-MB for openvpn-devel@lists.sourceforge.net; Tue, 19 Oct 2021 20:23:32 +0200 Received: (nullmailer pid 613214 invoked by uid 10006); Tue, 19 Oct 2021 18:23:33 -0000 From: Arne Schwabe To: openvpn-devel@lists.sourceforge.net Date: Tue, 19 Oct 2021 20:23:08 +0200 Message-Id: <20211019182332.613155-4-arne@rfc2549.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20211019182332.613155-1-arne@rfc2549.org> References: <20211019182332.613155-1-arne@rfc2549.org> MIME-Version: 1.0 X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: Engine support is deprecated in OpenSSL 3.0. No longer use the deprecated API when running with OpenSSL 3.0 Signed-off-by: Arne Schwabe --- configure.ac | 2 ++ src/openvpn/crypto_openssl.c | 13 +++++++------ 2 files changed, 9 insertions(+), 6 deletions(-) Content analysis details: (0.3 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record 0.0 SPF_NONE SPF: sender does not publish an SPF Record X-Headers-End: 1mctm4-006Tej-7g Subject: [Openvpn-devel] [PATCH v2 02/16] [OSSL 3.0] Disable engine support for OpenSSL 3.0 X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox Engine support is deprecated in OpenSSL 3.0. No longer use the deprecated API when running with OpenSSL 3.0 Signed-off-by: Arne Schwabe --- configure.ac | 2 ++ src/openvpn/crypto_openssl.c | 13 +++++++------ 2 files changed, 9 insertions(+), 6 deletions(-) diff --git a/configure.ac b/configure.ac index a37dc762f..0f9e203a4 100644 --- a/configure.ac +++ b/configure.ac @@ -813,7 +813,9 @@ if test "${with_crypto_library}" = "openssl"; then if test "${have_openssl_engine}" = "no"; then AC_CHECK_DECL( [ENGINE_cleanup], [have_openssl_engine="yes"],, [[ + #if OPENSSL_VERSION_NUMBER < 0x30000000L #include + #endif ]] ) fi diff --git a/src/openvpn/crypto_openssl.c b/src/openvpn/crypto_openssl.c index 1c800df7f..3a344f266 100644 --- a/src/openvpn/crypto_openssl.c +++ b/src/openvpn/crypto_openssl.c @@ -67,7 +67,7 @@ #warning Some OpenSSL HMAC message digests now support key lengths greater than MAX_HMAC_KEY_LENGTH -- consider increasing MAX_HMAC_KEY_LENGTH #endif -#if HAVE_OPENSSL_ENGINE +#if HAVE_OPENSSL_ENGINE && OPENSSL_VERSION_NUMBER < 0x30000000L #include #include @@ -132,7 +132,7 @@ setup_engine(const char *engine) void crypto_init_lib_engine(const char *engine_name) { -#if HAVE_OPENSSL_ENGINE +#if HAVE_OPENSSL_ENGINE && OPENSSL_VERSION_NUMBER < 0x30000000L if (!engine_initialized) { ASSERT(engine_name); @@ -182,7 +182,7 @@ crypto_uninit_lib(void) fclose(fp); #endif -#if HAVE_OPENSSL_ENGINE +#if HAVE_OPENSSL_ENGINE && OPENSSL_VERSION_NUMBER < 0x30000000L if (engine_initialized) { ENGINE_cleanup(); @@ -368,7 +368,8 @@ show_available_digests(void) void show_available_engines(void) { -#if HAVE_OPENSSL_ENGINE /* Only defined for OpenSSL */ +#if HAVE_OPENSSL_ENGINE && OPENSSL_VERSION_NUMBER < 0x30000000L + /* Only defined for OpenSSL */ ENGINE *e; printf("OpenSSL Crypto Engines\n\n"); @@ -1165,7 +1166,7 @@ memcmp_constant_time(const void *a, const void *b, size_t size) return CRYPTO_memcmp(a, b, size); } -#if HAVE_OPENSSL_ENGINE +#if HAVE_OPENSSL_ENGINE && OPENSSL_VERSION_NUMBER < 0x30000000L static int ui_reader(UI *ui, UI_STRING *uis) { @@ -1189,7 +1190,7 @@ ui_reader(UI *ui, UI_STRING *uis) EVP_PKEY * engine_load_key(const char *file, SSL_CTX *ctx) { -#if HAVE_OPENSSL_ENGINE +#if HAVE_OPENSSL_ENGINE && OPENSSL_VERSION_NUMBER < 0x30000000L UI_METHOD *ui; EVP_PKEY *pkey;