From: Aki Tuomi <aki.tuomi@open-xchange.com>
Date: Tue, 14 Apr 2020 15:30:34 +0000 (+0300)
Subject: lib-dcrypt: Add EC_GROUP_order_bits if missing
X-Git-Tag: 2.3.11.2~465
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6af5fb8b9bc88874197bed2624ba5a6cf1d9a375;p=thirdparty%2Fdovecot%2Fcore.git

lib-dcrypt: Add EC_GROUP_order_bits if missing

Not there in older OpenSSL
---

diff --git a/m4/ssl.m4 b/m4/ssl.m4
index 7912fa06c1..f7b6a09264 100644
--- a/m4/ssl.m4
+++ b/m4/ssl.m4
@@ -233,6 +233,9 @@ AC_DEFUN([DOVECOT_SSL], [
       AC_CHECK_LIB(ssl, ECDSA_SIG_set0, [
         AC_DEFINE(HAVE_ECDSA_SIG_SET0,, [Build with ECDSA_SIG_set0 support])
       ],, $SSL_LIBS)
+      AC_CHECK_LIB(ssl, EC_GROUP_order_bits, [
+        AC_DEFINE(HAVE_EC_GROUP_order_bits,, [Build with EC_GROUP_order_bits support])
+      ],, $SSL_LIBS)
       AC_CHECK_LIB(ssl, [EVP_PKEY_CTX_new_id], [have_evp_pkey_ctx_new_id="yes"],, $SSL_LIBS)
       AC_CHECK_LIB(ssl, [EC_KEY_new], [have_ec_key_new="yes"],, $SSL_LIBS)
       if test "$have_evp_pkey_ctx_new_id" = "yes" && test "$have_ec_key_new" = "yes"; then
diff --git a/src/lib-dcrypt/dcrypt-openssl.c b/src/lib-dcrypt/dcrypt-openssl.c
index 981392da30..85a9f4505f 100644
--- a/src/lib-dcrypt/dcrypt-openssl.c
+++ b/src/lib-dcrypt/dcrypt-openssl.c
@@ -181,6 +181,18 @@ dcrypt_openssl_key_string_get_info(const char *key_data,
 	const char **encryption_key_hash_r, const char **key_hash_r,
 	const char **error_r);
 
+#ifndef HAVE_EC_GROUP_order_bits
+static int EC_GROUP_order_bits(const EC_GROUP *grp)
+{
+	int bits;
+	BIGNUM *bn = BN_new();
+	(void)EC_GROUP_get_order(grp, bn, NULL);
+	bits = BN_num_bits(bn);
+	BN_free(bn);
+	return bits;
+}
+#endif
+
 static bool dcrypt_openssl_error(const char **error_r)
 {
 	unsigned long ec;