openssl-util: allow to build with openssl without UI support

When OpenSSL is built without UI support, OPENSSL_NO_UI_CONSOLE is
defined. Or, even openssl is built with UI support, people may want to
build systemd without using OpenSSL's UI feature by specifying
-Dc_args='-DOPENSSL_NO_UI_CONSOLE=1'. This adds support for such cases.

Not tested, but hopefully, now systemd can be built with other ssl library,
like BoringSSL, which deos not support UIs.

Closes #38024.

diff --git a/src/shared/openssl-util.c b/src/shared/openssl-util.c
index 57b638596aa53ce2c22fb2f298e10b98703a6088..4b5c495df658c192019ccc73b09d89b46c7d7011 100644 (file)
--- a/src/shared/openssl-util.c
+++ b/src/shared/openssl-util.c
@@ -24,7 +24,9 @@ DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(ENGINE*, ENGINE_free, NULL);
 REENABLE_WARNING;
 #  endif
 
+#ifndef OPENSSL_NO_UI_CONSOLE
 DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(UI_METHOD*, UI_destroy_method, NULL);
+#endif
 
 /* For each error in the OpenSSL thread error queue, log the provided message and the OpenSSL error
  * string. If there are no errors in the OpenSSL thread queue, this logs the message with "No OpenSSL
@@ -1467,6 +1469,7 @@ static int load_key_from_engine(const char *engine, const char *private_key_uri,
 #endif
 }
 
+#ifndef OPENSSL_NO_UI_CONSOLE
 static int openssl_ask_password_ui_read(UI *ui, UI_STRING *uis) {
         int r;
 
@@ -1502,6 +1505,7 @@ static int openssl_ask_password_ui_read(UI *ui, UI_STRING *uis) {
                 return (UI_method_get_reader(UI_OpenSSL()))(ui, uis);
         }
 }
+#endif
 
 static int openssl_load_private_key_from_file(const char *path, EVP_PKEY **ret) {
         _cleanup_(erase_and_freep) char *rawkey = NULL;
@@ -1539,6 +1543,7 @@ static int openssl_load_private_key_from_file(const char *path, EVP_PKEY **ret)
 static int openssl_ask_password_ui_new(const AskPasswordRequest *request, OpenSSLAskPasswordUI **ret) {
         assert(ret);
 
+#ifndef OPENSSL_NO_UI_CONSOLE
         _cleanup_(UI_destroy_methodp) UI_METHOD *method = UI_create_method("systemd-ask-password");
         if (!method)
                 return log_openssl_errors("Failed to initialize openssl user interface");
@@ -1562,6 +1567,9 @@ static int openssl_ask_password_ui_new(const AskPasswordRequest *request, OpenSS
 
         *ret = TAKE_PTR(ui);
         return 0;
+#else
+        return -EOPNOTSUPP;
+#endif
 }
 
 static int load_x509_certificate_from_file(const char *path, X509 **ret) {
@@ -1640,7 +1648,7 @@ static int load_x509_certificate_from_provider(const char *provider, const char
 #endif
 
 OpenSSLAskPasswordUI* openssl_ask_password_ui_free(OpenSSLAskPasswordUI *ui) {
-#if HAVE_OPENSSL
+#if HAVE_OPENSSL && !defined(OPENSSL_NO_UI_CONSOLE)
         if (!ui)
                 return NULL;
 

diff --git a/src/shared/openssl-util.h b/src/shared/openssl-util.h
index 6bcb16af31296d97cb14a03318df6fcaa8aa3855..f6c697672b3e7fa363ed650d47a4e0368e087d7a 100644 (file)
--- a/src/shared/openssl-util.h
+++ b/src/shared/openssl-util.h
@@ -38,7 +38,9 @@ int parse_openssl_key_source_argument(const char *argument, char **private_key_s
 #  include <openssl/opensslv.h>         /* IWYU pragma: export */
 #  include <openssl/pkcs7.h>            /* IWYU pragma: export */
 #  include <openssl/ssl.h>              /* IWYU pragma: export */
-#  include <openssl/ui.h>               /* IWYU pragma: export */
+#  ifndef OPENSSL_NO_UI_CONSOLE
+#    include <openssl/ui.h>             /* IWYU pragma: export */
+#  endif
 #  include <openssl/x509v3.h>           /* IWYU pragma: export */
 #  ifndef OPENSSL_VERSION_MAJOR
 /* OPENSSL_VERSION_MAJOR macro was added in OpenSSL 3. Thus, if it doesn't exist,  we must be before OpenSSL 3. */