Return-Path: 
 <commits-return-13842-apmail-apr-commits-archive=apr.apache.org@apr.apache.org>
X-Original-To: apmail-apr-commits-archive@www.apache.org
Delivered-To: apmail-apr-commits-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 8A4C7186C5
	for <apmail-apr-commits-archive@www.apache.org>;
 Sun,  7 Feb 2016 14:43:45 +0000 (UTC)
Received: (qmail 74164 invoked by uid 500); 7 Feb 2016 14:43:45 -0000
Delivered-To: apmail-apr-commits-archive@apr.apache.org
Received: (qmail 74110 invoked by uid 500); 7 Feb 2016 14:43:45 -0000
Mailing-List: contact commits-help@apr.apache.org; run by ezmlm
Precedence: bulk
List-Post: <mailto:commits@apr.apache.org>
List-Help: <mailto:commits-help@apr.apache.org>
List-Unsubscribe: <mailto:commits-unsubscribe@apr.apache.org>
Reply-To: dev@apr.apache.org
List-Id: <commits.apr.apache.org>
Delivered-To: mailing list commits@apr.apache.org
Received: (qmail 74099 invoked by uid 99); 7 Feb 2016 14:43:45 -0000
Received: from Unknown (HELO spamd2-us-west.apache.org) (209.188.14.142)
    by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 07 Feb 2016 14:43:45 +0000
Received: from localhost (localhost [127.0.0.1])
	by spamd2-us-west.apache.org (ASF Mail Server at spamd2-us-west.apache.org)
 with ESMTP id 0D2D21A0447
	for <commits@apr.apache.org>; Sun,  7 Feb 2016 14:43:45 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at spamd2-us-west.apache.org
X-Spam-Flag: NO
X-Spam-Score: 1.371
X-Spam-Level: *
X-Spam-Status: No, score=1.371 tagged_above=-999 required=6.31
	tests=[KAM_ASCII_DIVIDERS=0.8, KAM_LAZY_DOMAIN_SECURITY=1,
	RP_MATCHES_RCVD=-0.429] autolearn=disabled
Received: from mx1-us-east.apache.org ([10.40.0.8])
	by localhost (spamd2-us-west.apache.org [10.40.0.9]) (amavisd-new,
 port 10024)
	with ESMTP id 2xJWLJhJ_O0M for <commits@apr.apache.org>;
	Sun,  7 Feb 2016 14:43:43 +0000 (UTC)
Received: from mailrelay1-us-west.apache.org (mailrelay1-us-west.apache.org
 [209.188.14.139])
	by mx1-us-east.apache.org (ASF Mail Server at mx1-us-east.apache.org) with
 ESMTP id C7383439BF
	for <commits@apr.apache.org>; Sun,  7 Feb 2016 14:43:42 +0000 (UTC)
Received: from svn01-us-west.apache.org (svn.apache.org [10.41.0.6])
	by mailrelay1-us-west.apache.org (ASF Mail Server at
 mailrelay1-us-west.apache.org) with ESMTP id 486D6E0425
	for <commits@apr.apache.org>; Sun,  7 Feb 2016 14:43:42 +0000 (UTC)
Received: from svn01-us-west.apache.org (localhost [127.0.0.1])
	by svn01-us-west.apache.org (ASF Mail Server at svn01-us-west.apache.org)
 with ESMTP id 3B5993A05EC
	for <commits@apr.apache.org>; Sun,  7 Feb 2016 14:43:42 +0000 (UTC)
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: svn commit: r1728970 - in /apr/apr-util/branches/1.4.x: ./
 build/crypto.m4
 crypto/apr_crypto_openssl.c
Date: Sun, 07 Feb 2016 14:43:42 -0000
To: commits@apr.apache.org
From: rjung@apache.org
X-Mailer: svnmailer-1.0.9
Message-Id: <20160207144342.3B5993A05EC@svn01-us-west.apache.org>

Author: rjung
Date: Sun Feb  7 14:43:41 2016
New Revision: 1728970

URL: http://svn.apache.org/viewvc?rev=1728970&view=rev
Log:
Add support for OpenSSL 1.1.0:
- Switch configure test for OpenSSL libcrypto
  from BN_init() to BN_new().
  - BN_init() is gone in OpenSSL 1.1.0.
    BN_new() exists at least since 0.9.8.
- use OPENSSL_malloc_init() instead of
  CRYPTO_malloc_init
- make cipherCtx a pointer. Type EVP_CIPHER_CTX
  is now opaque.
  - use EVP_CIPHER_CTX_new() in init() functions
    if initialised flag is not set (and set flag)
  - use EVP_CIPHER_CTX_free() in cleanup function
- Improve reuse cleanup
  - call EVP_CIPHER_CTX_reset() resp.
    EVP_CIPHER_CTX_cleanup() in finish functions
  - call EVP_CIPHER_CTX_reset() resp.
    EVP_CIPHER_CTX_cleanup() when Update fails
Backport of r1728958 and r1728963 from trunk
resp. 1728969 from 1.5.x.

Modified:
    apr/apr-util/branches/1.4.x/   (props changed)
    apr/apr-util/branches/1.4.x/build/crypto.m4
    apr/apr-util/branches/1.4.x/crypto/apr_crypto_openssl.c

Propchange: apr/apr-util/branches/1.4.x/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Sun Feb  7 14:43:41 2016
@@ -1,4 +1,4 @@
-/apr/apr/trunk:779396,781403,781409,784519,784592,789965,794508,917837-917838,982408-982409,1127648-1127649,1187984,1207704,1210524,1211987,1214516,1308087,1308131,1308318,1346865,1361811,1362241,1369681,1370626,1390461,1390477,1402870,1402897,1648830,1722547
+/apr/apr/trunk:779396,781403,781409,784519,784592,789965,794508,917837-917838,982408-982409,1127648-1127649,1187984,1207704,1210524,1211987,1214516,1308087,1308131,1308318,1346865,1361811,1362241,1369681,1370626,1390461,1390477,1402870,1402897,1648830,1722547,1728958,1728963
 /apr/apr-util/branches/1.3.x:896410,979221-979222,979232,1001059,1002632,1002648,1002733,1003214,1003255,1003358,1003370,1003376,1003602,1005956,1005962,1006017,1006137,1154885
-/apr/apr-util/branches/1.5.x:1002504,1002584-1002585,1002620,1002622-1002623,1002628,1207683,1207690,1207707,1209594,1210530,1212347,1361814,1362243,1370503,1575514-1575515,1648834,1722552,1722561
+/apr/apr-util/branches/1.5.x:1002504,1002584-1002585,1002620,1002622-1002623,1002628,1207683,1207690,1207707,1209594,1210530,1212347,1361814,1362243,1370503,1575514-1575515,1648834,1722552,1722561,1728969
 /apr/apr-util/trunk:731033-731034,731225,731236,731291,731293,731379,743986,744009,745771,747612,747623,747630

Modified: apr/apr-util/branches/1.4.x/build/crypto.m4
URL: http://svn.apache.org/viewvc/apr/apr-util/branches/1.4.x/build/crypto.m4?rev=1728970&r1=1728969&r2=1728970&view=diff
==============================================================================
--- apr/apr-util/branches/1.4.x/build/crypto.m4 (original)
+++ apr/apr-util/branches/1.4.x/build/crypto.m4 Sun Feb  7 14:43:41 2016
@@ -62,7 +62,7 @@ AC_DEFUN([APU_CHECK_CRYPTO_OPENSSL], [
   [
     if test "$withval" = "yes"; then
       AC_CHECK_HEADERS(openssl/x509.h, [openssl_have_headers=1])
-      AC_CHECK_LIB(crypto, BN_init, AC_CHECK_LIB(ssl, SSL_accept, [openssl_have_libs=1],,-lcrypto))
+      AC_CHECK_LIB(crypto, BN_new, AC_CHECK_LIB(ssl, SSL_accept, [openssl_have_libs=1],,-lcrypto))
       if test "$openssl_have_headers" != "0" && test "$openssl_have_libs" != "0"; then
         apu_have_openssl=1
       fi
@@ -78,7 +78,7 @@ AC_DEFUN([APU_CHECK_CRYPTO_OPENSSL], [
 
       AC_MSG_NOTICE(checking for openssl in $withval)
       AC_CHECK_HEADERS(openssl/x509.h, [openssl_have_headers=1])
-      AC_CHECK_LIB(crypto, BN_init, AC_CHECK_LIB(ssl, SSL_accept, [openssl_have_libs=1],,-lcrypto))
+      AC_CHECK_LIB(crypto, BN_new, AC_CHECK_LIB(ssl, SSL_accept, [openssl_have_libs=1],,-lcrypto))
       if test "$openssl_have_headers" != "0" && test "$openssl_have_libs" != "0"; then
         apu_have_openssl=1
         APR_ADDTO(APRUTIL_LDFLAGS, [-L$withval/lib])
@@ -87,7 +87,7 @@ AC_DEFUN([APU_CHECK_CRYPTO_OPENSSL], [
 
       if test "$apu_have_openssl" != "1"; then
         AC_CHECK_HEADERS(openssl/x509.h, [openssl_have_headers=1])
-        AC_CHECK_LIB(crypto, BN_init, AC_CHECK_LIB(ssl, SSL_accept, [openssl_have_libs=1],,-lcrypto))
+        AC_CHECK_LIB(crypto, BN_new, AC_CHECK_LIB(ssl, SSL_accept, [openssl_have_libs=1],,-lcrypto))
         if test "$openssl_have_headers" != "0" && test "$openssl_have_libs" != "0"; then
           apu_have_openssl=1
           APR_ADDTO(APRUTIL_LDFLAGS, [-L$withval/lib])

Modified: apr/apr-util/branches/1.4.x/crypto/apr_crypto_openssl.c
URL: http://svn.apache.org/viewvc/apr/apr-util/branches/1.4.x/crypto/apr_crypto_openssl.c?rev=1728970&r1=1728969&r2=1728970&view=diff
==============================================================================
--- apr/apr-util/branches/1.4.x/crypto/apr_crypto_openssl.c (original)
+++ apr/apr-util/branches/1.4.x/crypto/apr_crypto_openssl.c Sun Feb  7 14:43:41 2016
@@ -64,7 +64,7 @@ struct apr_crypto_block_t {
     apr_pool_t *pool;
     const apr_crypto_driver_t *provider;
     const apr_crypto_t *f;
-    EVP_CIPHER_CTX cipherCtx;
+    EVP_CIPHER_CTX *cipherCtx;
     int initialised;
     int ivSize;
     int blockSize;
@@ -111,7 +111,11 @@ static apr_status_t crypto_shutdown_help
 static apr_status_t crypto_init(apr_pool_t *pool, const char *params,
         const apu_err_t **result)
 {
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
     CRYPTO_malloc_init();
+#else
+    OPENSSL_malloc_init();
+#endif
     ERR_load_crypto_strings();
     /* SSL_load_error_strings(); */
     OpenSSL_add_all_algorithms();
@@ -134,7 +138,7 @@ static apr_status_t crypto_block_cleanup
 {
 
     if (ctx->initialised) {
-        EVP_CIPHER_CTX_cleanup(&ctx->cipherCtx);
+        EVP_CIPHER_CTX_free(ctx->cipherCtx);
         ctx->initialised = 0;
     }
 
@@ -491,8 +495,10 @@ static apr_status_t crypto_block_encrypt
             apr_pool_cleanup_null);
 
     /* create a new context for encryption */
-    EVP_CIPHER_CTX_init(&block->cipherCtx);
-    block->initialised = 1;
+    if (!block->initialised) {
+        block->cipherCtx = EVP_CIPHER_CTX_new();
+        block->initialised = 1;
+    }
 
     /* generate an IV, if necessary */
     usedIv = NULL;
@@ -519,16 +525,16 @@ static apr_status_t crypto_block_encrypt
 
     /* set up our encryption context */
 #if CRYPTO_OPENSSL_CONST_BUFFERS
-    if (!EVP_EncryptInit_ex(&block->cipherCtx, key->cipher, config->engine,
+    if (!EVP_EncryptInit_ex(block->cipherCtx, key->cipher, config->engine,
             key->key, usedIv)) {
 #else
-        if (!EVP_EncryptInit_ex(&block->cipherCtx, key->cipher, config->engine, (unsigned char *) key->key, (unsigned char *) usedIv)) {
+        if (!EVP_EncryptInit_ex(block->cipherCtx, key->cipher, config->engine, (unsigned char *) key->key, (unsigned char *) usedIv)) {
 #endif
         return APR_EINIT;
     }
 
     /* Clear up any read padding */
-    if (!EVP_CIPHER_CTX_set_padding(&block->cipherCtx, key->doPad)) {
+    if (!EVP_CIPHER_CTX_set_padding(block->cipherCtx, key->doPad)) {
         return APR_EPADDING;
     }
 
@@ -582,11 +588,16 @@ static apr_status_t crypto_block_encrypt
     }
 
 #if CRYPT_OPENSSL_CONST_BUFFERS
-    if (!EVP_EncryptUpdate(&ctx->cipherCtx, (*out), &outl, in, inlen)) {
+    if (!EVP_EncryptUpdate(ctx->cipherCtx, (*out), &outl, in, inlen)) {
 #else
-    if (!EVP_EncryptUpdate(&ctx->cipherCtx, (*out), &outl,
+    if (!EVP_EncryptUpdate(ctx->cipherCtx, (*out), &outl,
             (unsigned char *) in, inlen)) {
 #endif
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+        EVP_CIPHER_CTX_cleanup(ctx->cipherCtx);
+#else
+        EVP_CIPHER_CTX_reset(ctx->cipherCtx);
+#endif
         return APR_ECRYPT;
     }
     *outlen = outl;
@@ -616,14 +627,22 @@ static apr_status_t crypto_block_encrypt
 static apr_status_t crypto_block_encrypt_finish(unsigned char *out,
         apr_size_t *outlen, apr_crypto_block_t *ctx)
 {
+    apr_status_t rc = APR_SUCCESS;
     int len = *outlen;
 
-    if (EVP_EncryptFinal_ex(&ctx->cipherCtx, out, &len) == 0) {
-        return APR_EPADDING;
+    if (EVP_EncryptFinal_ex(ctx->cipherCtx, out, &len) == 0) {
+        rc = APR_EPADDING;
+    }
+    else {
+        *outlen = len;
     }
-    *outlen = len;
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+    EVP_CIPHER_CTX_cleanup(ctx->cipherCtx);
+#else
+    EVP_CIPHER_CTX_reset(ctx->cipherCtx);
+#endif
 
-    return APR_SUCCESS;
+    return rc;
 
 }
 
@@ -662,8 +681,10 @@ static apr_status_t crypto_block_decrypt
             apr_pool_cleanup_null);
 
     /* create a new context for encryption */
-    EVP_CIPHER_CTX_init(&block->cipherCtx);
-    block->initialised = 1;
+    if (!block->initialised) {
+        block->cipherCtx = EVP_CIPHER_CTX_new();
+        block->initialised = 1;
+    }
 
     /* generate an IV, if necessary */
     if (key->ivSize) {
@@ -674,16 +695,16 @@ static apr_status_t crypto_block_decrypt
 
     /* set up our encryption context */
 #if CRYPTO_OPENSSL_CONST_BUFFERS
-    if (!EVP_DecryptInit_ex(&block->cipherCtx, key->cipher, config->engine,
+    if (!EVP_DecryptInit_ex(block->cipherCtx, key->cipher, config->engine,
             key->key, iv)) {
 #else
-        if (!EVP_DecryptInit_ex(&block->cipherCtx, key->cipher, config->engine, (unsigned char *) key->key, (unsigned char *) iv)) {
+        if (!EVP_DecryptInit_ex(block->cipherCtx, key->cipher, config->engine, (unsigned char *) key->key, (unsigned char *) iv)) {
 #endif
         return APR_EINIT;
     }
 
     /* Clear up any read padding */
-    if (!EVP_CIPHER_CTX_set_padding(&block->cipherCtx, key->doPad)) {
+    if (!EVP_CIPHER_CTX_set_padding(block->cipherCtx, key->doPad)) {
         return APR_EPADDING;
     }
 
@@ -737,11 +758,16 @@ static apr_status_t crypto_block_decrypt
     }
 
 #if CRYPT_OPENSSL_CONST_BUFFERS
-    if (!EVP_DecryptUpdate(&ctx->cipherCtx, *out, &outl, in, inlen)) {
+    if (!EVP_DecryptUpdate(ctx->cipherCtx, *out, &outl, in, inlen)) {
 #else
-    if (!EVP_DecryptUpdate(&ctx->cipherCtx, *out, &outl, (unsigned char *) in,
+    if (!EVP_DecryptUpdate(ctx->cipherCtx, *out, &outl, (unsigned char *) in,
             inlen)) {
 #endif
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+        EVP_CIPHER_CTX_cleanup(ctx->cipherCtx);
+#else
+        EVP_CIPHER_CTX_reset(ctx->cipherCtx);
+#endif
         return APR_ECRYPT;
     }
     *outlen = outl;
@@ -771,15 +797,22 @@ static apr_status_t crypto_block_decrypt
 static apr_status_t crypto_block_decrypt_finish(unsigned char *out,
         apr_size_t *outlen, apr_crypto_block_t *ctx)
 {
-
+    apr_status_t rc = APR_SUCCESS;
     int len = *outlen;
 
-    if (EVP_DecryptFinal_ex(&ctx->cipherCtx, out, &len) == 0) {
-        return APR_EPADDING;
+    if (EVP_DecryptFinal_ex(ctx->cipherCtx, out, &len) == 0) {
+        rc = APR_EPADDING;
     }
-    *outlen = len;
+    else {
+        *outlen = len;
+    }
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+    EVP_CIPHER_CTX_cleanup(ctx->cipherCtx);
+#else
+    EVP_CIPHER_CTX_reset(ctx->cipherCtx);
+#endif
 
-    return APR_SUCCESS;
+    return rc;
 
 }