- For openssl 1.0.2 use the CRYPTO_THREADID locking callbacks,

  still supports the set_id_callback previous API.  And for 1.1.0
  no locking callbacks are needed.

git-svn-id: file:///svn/unbound/trunk@5094 be551aaa-1e26-0410-a405-d3ace91eadb9

diff --git a/config.h.in b/config.h.in
index 545536d63126104512363ba4bd3a5cda06e118cb..f0eb7d6aa9f87147a135245439e78545221433df 100644 (file)
--- a/config.h.in
+++ b/config.h.in
@@ -69,6 +69,9 @@
 /* Define to 1 if you have the `CRYPTO_cleanup_all_ex_data' function. */
 #undef HAVE_CRYPTO_CLEANUP_ALL_EX_DATA
 
+/* Define to 1 if you have the `CRYPTO_THREADID_set_callback' function. */
+#undef HAVE_CRYPTO_THREADID_SET_CALLBACK
+
 /* Define to 1 if you have the `ctime_r' function. */
 #undef HAVE_CTIME_R
 

diff --git a/configure b/configure
index 113d3844d3f0026ab18ba49d2d25da2e66008d6e..61fb928c1a5a19ba008e4afdcae2865c38a8ef6d 100755 (executable)
--- a/configure
+++ b/configure
@@ -17994,7 +17994,7 @@ fi
 
 done
 
-for ac_func in OPENSSL_config EVP_sha1 EVP_sha256 EVP_sha512 FIPS_mode EVP_MD_CTX_new OpenSSL_add_all_digests OPENSSL_init_crypto EVP_cleanup ERR_load_crypto_strings CRYPTO_cleanup_all_ex_data ERR_free_strings RAND_cleanup DSA_SIG_set0 EVP_dss1 EVP_DigestVerify SSL_CTX_set_tlsext_ticket_key_cb EVP_aes_256_cbc EVP_EncryptInit_ex HMAC_Init_ex
+for ac_func in OPENSSL_config EVP_sha1 EVP_sha256 EVP_sha512 FIPS_mode EVP_MD_CTX_new OpenSSL_add_all_digests OPENSSL_init_crypto EVP_cleanup ERR_load_crypto_strings CRYPTO_cleanup_all_ex_data ERR_free_strings RAND_cleanup DSA_SIG_set0 EVP_dss1 EVP_DigestVerify SSL_CTX_set_tlsext_ticket_key_cb EVP_aes_256_cbc EVP_EncryptInit_ex HMAC_Init_ex CRYPTO_THREADID_set_callback
 do :
   as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
 ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"

diff --git a/configure.ac b/configure.ac
index afe0c39c5d41106f359d14f76f1b180f4270d87d..938f2cf1d3d72e07abc0649e9d3ce19ae4d81ae4 100644 (file)
--- a/configure.ac
+++ b/configure.ac
@@ -782,7 +782,7 @@ else
        AC_MSG_RESULT([no])
 fi
 AC_CHECK_HEADERS([openssl/conf.h openssl/engine.h openssl/bn.h openssl/dh.h openssl/dsa.h openssl/rsa.h],,, [AC_INCLUDES_DEFAULT])
-AC_CHECK_FUNCS([OPENSSL_config EVP_sha1 EVP_sha256 EVP_sha512 FIPS_mode EVP_MD_CTX_new OpenSSL_add_all_digests OPENSSL_init_crypto EVP_cleanup ERR_load_crypto_strings CRYPTO_cleanup_all_ex_data ERR_free_strings RAND_cleanup DSA_SIG_set0 EVP_dss1 EVP_DigestVerify SSL_CTX_set_tlsext_ticket_key_cb EVP_aes_256_cbc EVP_EncryptInit_ex HMAC_Init_ex])
+AC_CHECK_FUNCS([OPENSSL_config EVP_sha1 EVP_sha256 EVP_sha512 FIPS_mode EVP_MD_CTX_new OpenSSL_add_all_digests OPENSSL_init_crypto EVP_cleanup ERR_load_crypto_strings CRYPTO_cleanup_all_ex_data ERR_free_strings RAND_cleanup DSA_SIG_set0 EVP_dss1 EVP_DigestVerify SSL_CTX_set_tlsext_ticket_key_cb EVP_aes_256_cbc EVP_EncryptInit_ex HMAC_Init_ex CRYPTO_THREADID_set_callback])
 
 # these check_funcs need -lssl
 BAKLIBS="$LIBS"

diff --git a/doc/Changelog b/doc/Changelog
index 2229877e8664af105d900d6415b79eb16e5a0168..c28d4ee0f256d0d64e19589ab4fcb5cb42293bd1 100644 (file)
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -4,6 +4,9 @@
        - improve documentation for tls-service-key and forward-first.
        - fixed pkg-config operations, PKG_PROG_PKG_CONFIG moved out of
          conditional section, fixes systemd builds, from Enrico Scholz.
+       - For openssl 1.0.2 use the CRYPTO_THREADID locking callbacks,
+         still supports the set_id_callback previous API.  And for 1.1.0
+         no locking callbacks are needed.
 
 30 January 2019: Ralph
        - Fix case in which query timeout can result in marking delegation

diff --git a/util/net_help.c b/util/net_help.c
index 1a4fa8a58e6f307c8dc19504125891fc93e9b800..1f62148ddc5936e7cb795d463afa8a9cd84bbf44 100644 (file)
--- a/util/net_help.c
+++ b/util/net_help.c
@@ -1049,11 +1049,19 @@ void* outgoing_ssl_fd(void* sslctx, int fd)
 static lock_basic_type *ub_openssl_locks = NULL;
 
 /** callback that gets thread id for openssl */
+#ifdef HAVE_CRYPTO_THREADID_SET_CALLBACK
+static void
+ub_crypto_id_cb(CRYPTO_THREADID *id)
+{
+       CRYPTO_THREADID_set_numeric(id, (unsigned long)log_thread_get());
+}
+#else
 static unsigned long
 ub_crypto_id_cb(void)
 {
        return (unsigned long)log_thread_get();
 }
+#endif
 
 static void
 ub_crypto_lock_cb(int mode, int type, const char *ATTR_UNUSED(file),
@@ -1078,7 +1086,11 @@ int ub_openssl_lock_init(void)
        for(i=0; i<CRYPTO_num_locks(); i++) {
                lock_basic_init(&ub_openssl_locks[i]);
        }
+#  ifdef HAVE_CRYPTO_THREADID_SET_CALLBACK
+       CRYPTO_THREADID_set_callback(&ub_crypto_id_cb);
+#  else
        CRYPTO_set_id_callback(&ub_crypto_id_cb);
+#  endif
        CRYPTO_set_locking_callback(&ub_crypto_lock_cb);
 #endif /* OPENSSL_THREADS */
        return 1;
@@ -1090,7 +1102,11 @@ void ub_openssl_lock_delete(void)
        int i;
        if(!ub_openssl_locks)
                return;
+#  ifdef HAVE_CRYPTO_THREADID_SET_CALLBACK
+       CRYPTO_THREADID_set_callback(NULL);
+#  else
        CRYPTO_set_id_callback(NULL);
+#  endif
        CRYPTO_set_locking_callback(NULL);
        for(i=0; i<CRYPTO_num_locks(); i++) {
                lock_basic_destroy(&ub_openssl_locks[i]);