From: Nikolai Kondrashov <Nikolai.Kondrashov@redhat.com>
Date: Fri, 18 Nov 2016 18:08:47 +0000 (+0200)
Subject: Add a few OpenSSL fallback funcs
X-Git-Tag: release_3_0_13~92^2~10
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d9b75be9cf3c41c262b29276184d7b8f89e29ab0;p=thirdparty%2Ffreeradius-server.git

Add a few OpenSSL fallback funcs

Add four fallback function implementations to use in place of functions
removed/deprecated in OpenSSL 1.1. Those are to be used in the following
patches to make the build work and not produce deprecation warnings.
---

diff --git a/configure b/configure
index 779c6fbe0ff..bbefb8b427c 100755
--- a/configure
+++ b/configure
@@ -8785,6 +8785,10 @@ fi
                 for ac_func in \
       SSL_get_client_random \
       SSL_get_server_random \
+      HMAC_CTX_new \
+      HMAC_CTX_free \
+      ASN1_STRING_get0_data \
+      CONF_modules_load_file \
 
 do :
   as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
diff --git a/configure.ac b/configure.ac
index b9fed71d05a..485f66c69f3 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1183,6 +1183,10 @@ if test "x$WITH_OPENSSL" = xyes; then
     AC_CHECK_FUNCS( \
       SSL_get_client_random \
       SSL_get_server_random \
+      HMAC_CTX_new \
+      HMAC_CTX_free \
+      ASN1_STRING_get0_data \
+      CONF_modules_load_file \
     )
     CPPFLAGS="$old_CPPFLAGS"
   fi
diff --git a/src/include/autoconf.h.in b/src/include/autoconf.h.in
index e0a3e50590c..aa91effc75e 100644
--- a/src/include/autoconf.h.in
+++ b/src/include/autoconf.h.in
@@ -32,6 +32,9 @@
 /* Define to 1 if you have the <arpa/inet.h> header file. */
 #undef HAVE_ARPA_INET_H
 
+/* Define to 1 if you have the `ASN1_STRING_get0_data' function. */
+#undef HAVE_ASN1_STRING_GET0_DATA
+
 /* Define if your compiler supports the __bounded__ attribute (usually OpenBSD
    gcc). */
 #undef HAVE_ATTRIBUTE_BOUNDED
@@ -63,6 +66,9 @@
 /* Define to 1 if you have the `collectdclient' library (-lcollectdclient). */
 #undef HAVE_COLLECTDC_H
 
+/* Define to 1 if you have the `CONF_modules_load_file' function. */
+#undef HAVE_CONF_MODULES_LOAD_FILE
+
 /* Do we have the crypt function */
 #undef HAVE_CRYPT
 
@@ -152,6 +158,12 @@
 /* Define to 1 if you have the <history.h> header file. */
 #undef HAVE_HISTORY_H
 
+/* Define to 1 if you have the `HMAC_CTX_free' function. */
+#undef HAVE_HMAC_CTX_FREE
+
+/* Define to 1 if you have the `HMAC_CTX_new' function. */
+#undef HAVE_HMAC_CTX_NEW
+
 /* Define if the function (or macro) htonll exists. */
 #undef HAVE_HTONLL
 
diff --git a/src/include/missing-h b/src/include/missing-h
index 9d59394e4e3..3cc205b0969 100644
--- a/src/include/missing-h
+++ b/src/include/missing-h
@@ -83,6 +83,18 @@ RCSIDH(missing_h, "$Id$")
 #  endif
 #endif
 
+#ifdef HAVE_OPENSSL_HMAC_H
+#  include <openssl/hmac.h>
+#endif
+
+#ifdef HAVE_OPENSSL_ASN1_H
+#  include <openssl/asn1.h>
+#endif
+
+#ifdef HAVE_OPENSSL_CONF_H
+#  include <openssl/conf.h>
+#endif
+
 /*
  *	Don't look for winsock.h if we're on cygwin.
  */
@@ -436,6 +448,46 @@ uint128_t ntohlll(uint128_t num);
 typedef void(*sig_t)(int);
 #endif
 
+#ifdef HAVE_OPENSSL_HMAC_H
+#  ifndef HAVE_HMAC_CTX_NEW
+HMAC_CTX *HMAC_CTX_new(void);
+#  endif
+#  ifndef HAVE_HMAC_CTX_FREE
+void HMAC_CTX_free(HMAC_CTX *ctx);
+#  endif
+#endif
+
+#ifdef HAVE_OPENSSL_ASN1_H
+#  ifndef HAVE_ASN1_STRING_GET0_DATA
+static inline const unsigned char *ASN1_STRING_get0_data(const ASN1_STRING *x)
+{
+	/*
+	 * Trick the compiler into not issuing the warning on qualifier stripping.
+	 * We know that ASN1_STRING_data doesn't change x, and we're casting
+	 * the return value back to const immediately, so it's OK.
+	 */
+	union {
+		const ASN1_STRING	*c;
+		ASN1_STRING		*nc;
+	} const_strip = {.c = x};
+	return ASN1_STRING_data(const_strip.nc);
+}
+#  endif
+#endif
+
+#ifdef HAVE_OPENSSL_CONF_H
+#  ifndef HAVE_CONF_MODULES_LOAD_FILE
+static inline int CONF_modules_load_file(const char *filename,
+					 const char *appname,
+					 unsigned long flags)
+{
+	(void)filename;
+	(void)flags;
+	return OPENSSL_config(appname);
+}
+#  endif
+#endif
+
 #ifdef __cplusplus
 }
 #endif
diff --git a/src/lib/missing.c b/src/lib/missing.c
index 1d73c76090a..00c21361843 100644
--- a/src/lib/missing.c
+++ b/src/lib/missing.c
@@ -315,6 +315,32 @@ uint128_t ntohlll(uint128_t const num)
 }
 #endif
 
+#ifdef HAVE_OPENSSL_HMAC_H
+#  ifndef HAVE_HMAC_CTX_NEW
+HMAC_CTX *HMAC_CTX_new(void)
+{
+	HMAC_CTX *ctx;
+	ctx = OPENSSL_malloc(sizeof(*ctx));
+	memset(ctx, 0, sizeof(*ctx));
+	if (ctx == NULL) {
+                return NULL;
+        }
+        HMAC_CTX_init(ctx);
+	return ctx;
+}
+#  endif
+#  ifndef HAVE_HMAC_CTX_FREE
+void HMAC_CTX_free(HMAC_CTX *ctx)
+{
+        if (ctx == NULL) {
+                return;
+        }
+        HMAC_CTX_cleanup(ctx);
+        OPENSSL_free(ctx);
+}
+#  endif
+#endif
+
 /** Call talloc strdup, setting the type on the new chunk correctly
  *
  * For some bizarre reason the talloc string functions don't set the