From: Wouter Wijngaards <wouter@nlnetlabs.nl>
Date: Fri, 2 Sep 2016 09:59:09 +0000 (+0000)
Subject: - Fix compile with openssl 1.1.0 with api=1.1.0.
X-Git-Tag: release-1.5.10~21
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3514843818e1a86a9fdafbfaba5ef9bfd029898e;p=thirdparty%2Funbound.git

- Fix compile with openssl 1.1.0 with api=1.1.0.


git-svn-id: file:///svn/unbound/trunk@3844 be551aaa-1e26-0410-a405-d3ace91eadb9
---

diff --git a/config.h.in b/config.h.in
index 9d02382fa..1e4ba1244 100644
--- a/config.h.in
+++ b/config.h.in
@@ -51,6 +51,9 @@
 /* Define to 1 if you have the `chroot' function. */
 #undef HAVE_CHROOT
 
+/* Define to 1 if you have the `CRYPTO_cleanup_all_ex_data' function. */
+#undef HAVE_CRYPTO_CLEANUP_ALL_EX_DATA
+
 /* Define to 1 if you have the `ctime_r' function. */
 #undef HAVE_CTIME_R
 
@@ -116,6 +119,12 @@
 /* Define to 1 if you have the `endservent' function. */
 #undef HAVE_ENDSERVENT
 
+/* Define to 1 if you have the `ERR_free_strings' function. */
+#undef HAVE_ERR_FREE_STRINGS
+
+/* Define to 1 if you have the `ERR_load_crypto_strings' function. */
+#undef HAVE_ERR_LOAD_CRYPTO_STRINGS
+
 /* Define to 1 if you have the `event_base_free' function. */
 #undef HAVE_EVENT_BASE_FREE
 
@@ -131,6 +140,9 @@
 /* Define to 1 if you have the <event.h> header file. */
 #undef HAVE_EVENT_H
 
+/* Define to 1 if you have the `EVP_cleanup' function. */
+#undef HAVE_EVP_CLEANUP
+
 /* Define to 1 if you have the `EVP_MD_CTX_new' function. */
 #undef HAVE_EVP_MD_CTX_NEW
 
@@ -263,12 +275,27 @@
 /* Use libnss for crypto */
 #undef HAVE_NSS
 
+/* Define to 1 if you have the `OpenSSL_add_all_algorithms' function. */
+#undef HAVE_OPENSSL_ADD_ALL_ALGORITHMS
+
+/* Define to 1 if you have the `OpenSSL_add_all_digests' function. */
+#undef HAVE_OPENSSL_ADD_ALL_DIGESTS
+
+/* Define to 1 if you have the <openssl/bn.h> header file. */
+#undef HAVE_OPENSSL_BN_H
+
 /* Define to 1 if you have the `OPENSSL_config' function. */
 #undef HAVE_OPENSSL_CONFIG
 
 /* Define to 1 if you have the <openssl/conf.h> header file. */
 #undef HAVE_OPENSSL_CONF_H
 
+/* Define to 1 if you have the <openssl/dh.h> header file. */
+#undef HAVE_OPENSSL_DH_H
+
+/* Define to 1 if you have the <openssl/dsa.h> header file. */
+#undef HAVE_OPENSSL_DSA_H
+
 /* Define to 1 if you have the <openssl/engine.h> header file. */
 #undef HAVE_OPENSSL_ENGINE_H
 
@@ -278,6 +305,9 @@
 /* Define to 1 if you have the <openssl/rand.h> header file. */
 #undef HAVE_OPENSSL_RAND_H
 
+/* Define to 1 if you have the <openssl/rsa.h> header file. */
+#undef HAVE_OPENSSL_RSA_H
+
 /* Define to 1 if you have the <openssl/ssl.h> header file. */
 #undef HAVE_OPENSSL_SSL_H
 
@@ -302,6 +332,9 @@
 /* Define to 1 if you have the `random' function. */
 #undef HAVE_RANDOM
 
+/* Define to 1 if you have the `RAND_cleanup' function. */
+#undef HAVE_RAND_CLEANUP
+
 /* Define to 1 if you have the `reallocarray' function. */
 #undef HAVE_REALLOCARRAY
 
@@ -359,6 +392,9 @@
 /* Define if you have the SSL libraries installed. */
 #undef HAVE_SSL
 
+/* Define to 1 if you have the `SSL_library_init' function. */
+#undef HAVE_SSL_LIBRARY_INIT
+
 /* Define to 1 if you have the <stdarg.h> header file. */
 #undef HAVE_STDARG_H
 
diff --git a/configure b/configure
index 5541ff3a5..02ede5655 100755
--- a/configure
+++ b/configure
@@ -17430,11 +17430,11 @@ cat confdefs.h - <<_ACEOF >conftest.$ac_ext
 #ifdef __cplusplus
 extern "C"
 #endif
-char OPENSSL_config ();
+char HMAC_Update ();
 int
 main ()
 {
-return OPENSSL_config ();
+return HMAC_Update ();
   ;
   return 0;
 }
@@ -17521,33 +17521,21 @@ else
 	{ $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
 $as_echo "no" >&6; }
 fi
-for ac_header in openssl/conf.h
+for ac_header in openssl/conf.h openssl/engine.h openssl/bn.h openssl/dh.h openssl/dsa.h openssl/rsa.h
 do :
-  ac_fn_c_check_header_compile "$LINENO" "openssl/conf.h" "ac_cv_header_openssl_conf_h" "$ac_includes_default
-"
-if test "x$ac_cv_header_openssl_conf_h" = xyes; then :
-  cat >>confdefs.h <<_ACEOF
-#define HAVE_OPENSSL_CONF_H 1
-_ACEOF
-
-fi
-
-done
-
-for ac_header in openssl/engine.h
-do :
-  ac_fn_c_check_header_compile "$LINENO" "openssl/engine.h" "ac_cv_header_openssl_engine_h" "$ac_includes_default
+  as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
+ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default
 "
-if test "x$ac_cv_header_openssl_engine_h" = xyes; then :
+if eval test \"x\$"$as_ac_Header"\" = x"yes"; then :
   cat >>confdefs.h <<_ACEOF
-#define HAVE_OPENSSL_ENGINE_H 1
+#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1
 _ACEOF
 
 fi
 
 done
 
-for ac_func in OPENSSL_config EVP_sha1 EVP_sha256 EVP_sha512 FIPS_mode EVP_MD_CTX_new
+for ac_func in OPENSSL_config EVP_sha1 EVP_sha256 EVP_sha512 FIPS_mode EVP_MD_CTX_new OpenSSL_add_all_digests EVP_cleanup ERR_load_crypto_strings OpenSSL_add_all_algorithms SSL_library_init CRYPTO_cleanup_all_ex_data ERR_free_strings RAND_cleanup
 do :
   as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
 ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
diff --git a/configure.ac b/configure.ac
index 9e269246c..5aec63875 100644
--- a/configure.ac
+++ b/configure.ac
@@ -653,7 +653,7 @@ SSLLIB="-lssl"
 BAKLIBS="$LIBS"
 LIBS="-lssl $LIBS"
 AC_MSG_CHECKING([if libssl needs -lcrypt32])
-AC_TRY_LINK_FUNC([OPENSSL_config], [
+AC_TRY_LINK_FUNC([HMAC_Update], [
 	AC_MSG_RESULT([no])
 	LIBS="$BAKLIBS"
 ], [
@@ -672,9 +672,8 @@ if grep VERSION_TEXT $ssldir/include/openssl/opensslv.h | grep "LibreSSL" >/dev/
 else
 	AC_MSG_RESULT([no])
 fi
-AC_CHECK_HEADERS([openssl/conf.h],,, [AC_INCLUDES_DEFAULT])
-AC_CHECK_HEADERS([openssl/engine.h],,, [AC_INCLUDES_DEFAULT])
-AC_CHECK_FUNCS([OPENSSL_config EVP_sha1 EVP_sha256 EVP_sha512 FIPS_mode EVP_MD_CTX_new])
+AC_CHECK_HEADERS([openssl/conf.h openssl/engine.h openssl/bn.h openssl/dh.h openssl/dsa.h openssl/rsa.h],,, [AC_INCLUDES_DEFAULT])
+AC_CHECK_FUNCS([OPENSSL_config EVP_sha1 EVP_sha256 EVP_sha512 FIPS_mode EVP_MD_CTX_new OpenSSL_add_all_digests EVP_cleanup ERR_load_crypto_strings OpenSSL_add_all_algorithms SSL_library_init CRYPTO_cleanup_all_ex_data ERR_free_strings RAND_cleanup])
 AC_CHECK_DECLS([SSL_COMP_get_compression_methods,sk_SSL_COMP_pop_free,SSL_CTX_set_ecdh_auto], [], [], [
 AC_INCLUDES_DEFAULT
 #ifdef HAVE_OPENSSL_ERR_H
diff --git a/daemon/daemon.c b/daemon/daemon.c
index b339e7db2..3fd06e241 100644
--- a/daemon/daemon.c
+++ b/daemon/daemon.c
@@ -204,17 +204,29 @@ daemon_init(void)
 	signal_handling_record();
 	checklock_start();
 #ifdef HAVE_SSL
+#  ifdef HAVE_ERR_LOAD_CRYPTO_STRINGS
 	ERR_load_crypto_strings();
+#  endif
 	ERR_load_SSL_strings();
 #  ifdef USE_GOST
 	(void)sldns_key_EVP_load_gost_id();
 #  endif
+#  ifdef HAVE_OPENSSL_ADD_ALL_ALGORITHMS
 	OpenSSL_add_all_algorithms();
+#  else
+	OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS
+		| OPENSSL_INIT_ADD_ALL_DIGESTS
+		| OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL);
+#  endif
 #  if HAVE_DECL_SSL_COMP_GET_COMPRESSION_METHODS
 	/* grab the COMP method ptr because openssl leaks it */
 	comp_meth = (void*)SSL_COMP_get_compression_methods();
 #  endif
+#  ifdef HAVE_SSL_LIBRARY_INIT
 	(void)SSL_library_init();
+#  else
+	(void)OPENSSL_init_ssl(0, NULL);
+#  endif
 #  if defined(HAVE_SSL) && defined(OPENSSL_THREADS) && !defined(THREADS_DISABLED)
 	if(!ub_openssl_lock_init())
 		fatal_exit("could not init openssl locks");
@@ -657,8 +669,12 @@ daemon_delete(struct daemon* daemon)
 #  endif
 	CONF_modules_free();
 #  endif
+#  ifdef HAVE_CRYPTO_CLEANUP_ALL_EX_DATA
 	CRYPTO_cleanup_all_ex_data(); /* safe, no more threads right now */
+#  endif
+#  ifdef HAVE_ERR_FREE_STRINGS
 	ERR_free_strings();
+#  endif
 #  if OPENSSL_VERSION_NUMBER < 0x10100000
 	RAND_cleanup();
 #  endif
diff --git a/daemon/remote.c b/daemon/remote.c
index 4b38e4bc5..4c8375f90 100644
--- a/daemon/remote.c
+++ b/daemon/remote.c
@@ -46,9 +46,12 @@
 #ifdef HAVE_OPENSSL_ERR_H
 #include <openssl/err.h>
 #endif
-#ifndef HEADER_DH_H
+#ifdef HAVE_OPENSSL_DH_H
 #include <openssl/dh.h>
 #endif
+#ifdef HAVE_OPENSSL_BN_H
+#include <openssl/bn.h>
+#endif
 
 #include <ctype.h>
 #include "daemon/remote.h"
diff --git a/daemon/unbound.c b/daemon/unbound.c
index fc3281e4b..7ec6edba1 100644
--- a/daemon/unbound.c
+++ b/daemon/unbound.c
@@ -118,7 +118,11 @@ static void usage()
 	printf("linked libs: %s %s (it uses %s), %s\n", 
 		evnm, evsys, evmethod,
 #ifdef HAVE_SSL
+#  ifdef SSLEAY_VERSION
 		SSLeay_version(SSLEAY_VERSION)
+#  else
+		OpenSSL_version(OPENSSL_VERSION)
+#  endif
 #elif defined(HAVE_NSS)
 		NSS_GetVersion()
 #elif defined(HAVE_NETTLE)
diff --git a/doc/Changelog b/doc/Changelog
index 56aaec941..46224de10 100644
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -1,3 +1,6 @@
+2 September 2016: Wouter
+	- Fix compile with openssl 1.1.0 with api=1.1.0.
+
 1 September 2016: Wouter
 	- RFC 7958 is now out, updated docs for unbound-anchor.
 	- Fix for compile without warnings with openssl 1.1.0.
diff --git a/sldns/keyraw.c b/sldns/keyraw.c
index 8b1c18f2b..8498def7e 100644
--- a/sldns/keyraw.c
+++ b/sldns/keyraw.c
@@ -23,6 +23,15 @@
 #ifdef HAVE_OPENSSL_ENGINE_H
 #  include <openssl/engine.h>
 #endif
+#ifdef HAVE_OPENSSL_BN_H
+#include <openssl/bn.h>
+#endif
+#ifdef HAVE_OPENSSL_RSA_H
+#include <openssl/rsa.h>
+#endif
+#ifdef HAVE_OPENSSL_DSA_H
+#include <openssl/dsa.h>
+#endif
 #endif /* HAVE_SSL */
 
 size_t
diff --git a/smallapp/unbound-anchor.c b/smallapp/unbound-anchor.c
index 756fcf7f0..f5783e1b2 100644
--- a/smallapp/unbound-anchor.c
+++ b/smallapp/unbound-anchor.c
@@ -2311,10 +2311,22 @@ int main(int argc, char* argv[])
 	if(argc != 0)
 		usage();
 
+#ifdef HAVE_ERR_LOAD_CRYPTO_STRINGS
 	ERR_load_crypto_strings();
+#endif
 	ERR_load_SSL_strings();
+#ifdef HAVE_OPENSSL_ADD_ALL_ALGORITHMS
 	OpenSSL_add_all_algorithms();
+#else
+	OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS
+		| OPENSSL_INIT_ADD_ALL_DIGESTS
+		| OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL);
+#endif
+#ifdef HAVE_SSL_LIBRARY_INIT
 	(void)SSL_library_init();
+#else
+	(void)OPENSSL_init_ssl(0, NULL);
+#endif
 
 	if(dolist) do_list_builtin();
 
diff --git a/smallapp/unbound-control.c b/smallapp/unbound-control.c
index 23e265c70..9338f7d75 100644
--- a/smallapp/unbound-control.c
+++ b/smallapp/unbound-control.c
@@ -418,10 +418,22 @@ int main(int argc, char* argv[])
 		cfgfile = CONFIGFILE;
 #endif
 
+#ifdef HAVE_ERR_LOAD_CRYPTO_STRINGS
 	ERR_load_crypto_strings();
+#endif
 	ERR_load_SSL_strings();
+#ifdef HAVE_OPENSSL_ADD_ALL_ALGORITHMS
 	OpenSSL_add_all_algorithms();
+#else
+	OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS
+		| OPENSSL_INIT_ADD_ALL_DIGESTS
+		| OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL);
+#endif
+#ifdef HAVE_SSL_LIBRARY_INIT
 	(void)SSL_library_init();
+#else
+	(void)OPENSSL_init_ssl(0, NULL);
+#endif
 
 	if(!RAND_status()) {
                 /* try to seed it */
diff --git a/testcode/petal.c b/testcode/petal.c
index 24d94a556..8b8eccabd 100644
--- a/testcode/petal.c
+++ b/testcode/petal.c
@@ -634,14 +634,30 @@ int main(int argc, char* argv[])
 #ifdef SIGPIPE
 	(void)signal(SIGPIPE, SIG_IGN);
 #endif
+#ifdef HAVE_ERR_LOAD_CRYPTO_STRINGS
 	ERR_load_crypto_strings();
+#endif
 	ERR_load_SSL_strings();
+#ifdef HAVE_OPENSSL_ADD_ALL_ALGORITHMS
 	OpenSSL_add_all_algorithms();
+#else
+	OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS
+		| OPENSSL_INIT_ADD_ALL_DIGESTS
+		| OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL);
+#endif
+#ifdef HAVE_SSL_LIBRARY_INIT
 	(void)SSL_library_init();
+#else
+	(void)OPENSSL_init_ssl(0, NULL);
+#endif
 
 	do_service(addr, port, key, cert);
 
+#ifdef HAVE_CRYPTO_CLEANUP_ALL_EX_DATA
 	CRYPTO_cleanup_all_ex_data();
+#endif
+#ifdef HAVE_ERR_FREE_STRINGS
 	ERR_free_strings();
+#endif
 	return 0;
 }
diff --git a/testcode/streamtcp.c b/testcode/streamtcp.c
index b78506beb..626a65885 100644
--- a/testcode/streamtcp.c
+++ b/testcode/streamtcp.c
@@ -406,8 +406,18 @@ int main(int argc, char** argv)
 	}
 	if(usessl) {
 		ERR_load_SSL_strings();
+#ifdef HAVE_OPENSSL_ADD_ALL_ALGORITHMS
 		OpenSSL_add_all_algorithms();
-		SSL_library_init();
+#else
+		OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS
+			| OPENSSL_INIT_ADD_ALL_DIGESTS
+			| OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL);
+#endif
+#ifdef HAVE_SSL_LIBRARY_INIT
+		(void)SSL_library_init();
+#else
+		(void)OPENSSL_init_ssl(0, NULL);
+#endif
 	}
 	send_em(svr, udp, usessl, noanswer, argc, argv);
 	checklock_stop();
diff --git a/testcode/unitmain.c b/testcode/unitmain.c
index 3daa7383f..988346a1e 100644
--- a/testcode/unitmain.c
+++ b/testcode/unitmain.c
@@ -588,7 +588,9 @@ main(int argc, char* argv[])
 	}
 	printf("Start of %s unit test.\n", PACKAGE_STRING);
 #ifdef HAVE_SSL
+#  ifdef HAVE_ERR_LOAD_CRYPTO_STRINGS
 	ERR_load_crypto_strings();
+#  endif
 #  ifdef USE_GOST
 	(void)sldns_key_EVP_load_gost_id();
 #  endif
@@ -623,13 +625,21 @@ main(int argc, char* argv[])
 	sldns_key_EVP_unload_gost();
 #  endif
 #  ifdef HAVE_OPENSSL_CONFIG
+#  ifdef HAVE_EVP_CLEANUP
 	EVP_cleanup();
+#  endif
 	ENGINE_cleanup();
 	CONF_modules_free();
 #  endif
+#  ifdef HAVE_CRYPTO_CLEANUP_ALL_EX_DATA
 	CRYPTO_cleanup_all_ex_data();
+#  endif
+#  ifdef HAVE_ERR_FREE_STRINGS
 	ERR_free_strings();
+#  endif
+#  ifdef HAVE_RAND_CLEANUP
 	RAND_cleanup();
+#  endif
 #elif defined(HAVE_NSS)
 	if(NSS_Shutdown() != SECSuccess)
 		fatal_exit("could not shutdown NSS");