lib-dcrypt: Add EC_GROUP_order_bits if missing

Not there in older OpenSSL

diff --git a/m4/ssl.m4 b/m4/ssl.m4
index 7912fa06c104ccbb5def1e11af985d56afbb9c73..f7b6a092644900db1d029dc2da434e0b8a1c7101 100644 (file)
--- a/m4/ssl.m4
+++ b/m4/ssl.m4
@@ -233,6 +233,9 @@ AC_DEFUN([DOVECOT_SSL], [
       AC_CHECK_LIB(ssl, ECDSA_SIG_set0, [
         AC_DEFINE(HAVE_ECDSA_SIG_SET0,, [Build with ECDSA_SIG_set0 support])
       ],, $SSL_LIBS)
+      AC_CHECK_LIB(ssl, EC_GROUP_order_bits, [
+        AC_DEFINE(HAVE_EC_GROUP_order_bits,, [Build with EC_GROUP_order_bits support])
+      ],, $SSL_LIBS)
       AC_CHECK_LIB(ssl, [EVP_PKEY_CTX_new_id], [have_evp_pkey_ctx_new_id="yes"],, $SSL_LIBS)
       AC_CHECK_LIB(ssl, [EC_KEY_new], [have_ec_key_new="yes"],, $SSL_LIBS)
       if test "$have_evp_pkey_ctx_new_id" = "yes" && test "$have_ec_key_new" = "yes"; then

diff --git a/src/lib-dcrypt/dcrypt-openssl.c b/src/lib-dcrypt/dcrypt-openssl.c
index 981392da30c1e79e6a5dd56f9d1623e2e9af0de0..85a9f4505f14c11e3474dd5a70c1e1b8219bb151 100644 (file)
--- a/src/lib-dcrypt/dcrypt-openssl.c
+++ b/src/lib-dcrypt/dcrypt-openssl.c
@@ -181,6 +181,18 @@ dcrypt_openssl_key_string_get_info(const char *key_data,
        const char **encryption_key_hash_r, const char **key_hash_r,
        const char **error_r);
 
+#ifndef HAVE_EC_GROUP_order_bits
+static int EC_GROUP_order_bits(const EC_GROUP *grp)
+{
+       int bits;
+       BIGNUM *bn = BN_new();
+       (void)EC_GROUP_get_order(grp, bn, NULL);
+       bits = BN_num_bits(bn);
+       BN_free(bn);
+       return bits;
+}
+#endif
+
 static bool dcrypt_openssl_error(const char **error_r)
 {
        unsigned long ec;