From: Wouter Wijngaards <wouter@nlnetlabs.nl>
Date: Thu, 31 Jan 2019 11:31:55 +0000 (+0000)
Subject: - For openssl 1.0.2 use the CRYPTO_THREADID locking callbacks,
X-Git-Tag: release-1.9.1rc1~34
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=df8f236b62c7ac837e27c6824f13656a441d8860;p=thirdparty%2Funbound.git

- For openssl 1.0.2 use the CRYPTO_THREADID locking callbacks,
  still supports the set_id_callback previous API.  And for 1.1.0
  no locking callbacks are needed.


git-svn-id: file:///svn/unbound/trunk@5094 be551aaa-1e26-0410-a405-d3ace91eadb9
---

diff --git a/config.h.in b/config.h.in
index 545536d63..f0eb7d6aa 100644
--- a/config.h.in
+++ b/config.h.in
@@ -69,6 +69,9 @@
 /* Define to 1 if you have the `CRYPTO_cleanup_all_ex_data' function. */
 #undef HAVE_CRYPTO_CLEANUP_ALL_EX_DATA
 
+/* Define to 1 if you have the `CRYPTO_THREADID_set_callback' function. */
+#undef HAVE_CRYPTO_THREADID_SET_CALLBACK
+
 /* Define to 1 if you have the `ctime_r' function. */
 #undef HAVE_CTIME_R
 
diff --git a/configure b/configure
index 113d3844d..61fb928c1 100755
--- a/configure
+++ b/configure
@@ -17994,7 +17994,7 @@ fi
 
 done
 
-for ac_func in OPENSSL_config EVP_sha1 EVP_sha256 EVP_sha512 FIPS_mode EVP_MD_CTX_new OpenSSL_add_all_digests OPENSSL_init_crypto EVP_cleanup ERR_load_crypto_strings CRYPTO_cleanup_all_ex_data ERR_free_strings RAND_cleanup DSA_SIG_set0 EVP_dss1 EVP_DigestVerify SSL_CTX_set_tlsext_ticket_key_cb EVP_aes_256_cbc EVP_EncryptInit_ex HMAC_Init_ex
+for ac_func in OPENSSL_config EVP_sha1 EVP_sha256 EVP_sha512 FIPS_mode EVP_MD_CTX_new OpenSSL_add_all_digests OPENSSL_init_crypto EVP_cleanup ERR_load_crypto_strings CRYPTO_cleanup_all_ex_data ERR_free_strings RAND_cleanup DSA_SIG_set0 EVP_dss1 EVP_DigestVerify SSL_CTX_set_tlsext_ticket_key_cb EVP_aes_256_cbc EVP_EncryptInit_ex HMAC_Init_ex CRYPTO_THREADID_set_callback
 do :
   as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
 ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
diff --git a/configure.ac b/configure.ac
index afe0c39c5..938f2cf1d 100644
--- a/configure.ac
+++ b/configure.ac
@@ -782,7 +782,7 @@ else
 	AC_MSG_RESULT([no])
 fi
 AC_CHECK_HEADERS([openssl/conf.h openssl/engine.h openssl/bn.h openssl/dh.h openssl/dsa.h openssl/rsa.h],,, [AC_INCLUDES_DEFAULT])
-AC_CHECK_FUNCS([OPENSSL_config EVP_sha1 EVP_sha256 EVP_sha512 FIPS_mode EVP_MD_CTX_new OpenSSL_add_all_digests OPENSSL_init_crypto EVP_cleanup ERR_load_crypto_strings CRYPTO_cleanup_all_ex_data ERR_free_strings RAND_cleanup DSA_SIG_set0 EVP_dss1 EVP_DigestVerify SSL_CTX_set_tlsext_ticket_key_cb EVP_aes_256_cbc EVP_EncryptInit_ex HMAC_Init_ex])
+AC_CHECK_FUNCS([OPENSSL_config EVP_sha1 EVP_sha256 EVP_sha512 FIPS_mode EVP_MD_CTX_new OpenSSL_add_all_digests OPENSSL_init_crypto EVP_cleanup ERR_load_crypto_strings CRYPTO_cleanup_all_ex_data ERR_free_strings RAND_cleanup DSA_SIG_set0 EVP_dss1 EVP_DigestVerify SSL_CTX_set_tlsext_ticket_key_cb EVP_aes_256_cbc EVP_EncryptInit_ex HMAC_Init_ex CRYPTO_THREADID_set_callback])
 
 # these check_funcs need -lssl
 BAKLIBS="$LIBS"
diff --git a/doc/Changelog b/doc/Changelog
index 2229877e8..c28d4ee0f 100644
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -4,6 +4,9 @@
 	- improve documentation for tls-service-key and forward-first.
 	- fixed pkg-config operations, PKG_PROG_PKG_CONFIG moved out of
 	  conditional section, fixes systemd builds, from Enrico Scholz.
+	- For openssl 1.0.2 use the CRYPTO_THREADID locking callbacks,
+	  still supports the set_id_callback previous API.  And for 1.1.0
+	  no locking callbacks are needed.
 
 30 January 2019: Ralph
 	- Fix case in which query timeout can result in marking delegation
diff --git a/util/net_help.c b/util/net_help.c
index 1a4fa8a58..1f62148dd 100644
--- a/util/net_help.c
+++ b/util/net_help.c
@@ -1049,11 +1049,19 @@ void* outgoing_ssl_fd(void* sslctx, int fd)
 static lock_basic_type *ub_openssl_locks = NULL;
 
 /** callback that gets thread id for openssl */
+#ifdef HAVE_CRYPTO_THREADID_SET_CALLBACK
+static void
+ub_crypto_id_cb(CRYPTO_THREADID *id)
+{
+	CRYPTO_THREADID_set_numeric(id, (unsigned long)log_thread_get());
+}
+#else
 static unsigned long
 ub_crypto_id_cb(void)
 {
 	return (unsigned long)log_thread_get();
 }
+#endif
 
 static void
 ub_crypto_lock_cb(int mode, int type, const char *ATTR_UNUSED(file),
@@ -1078,7 +1086,11 @@ int ub_openssl_lock_init(void)
 	for(i=0; i<CRYPTO_num_locks(); i++) {
 		lock_basic_init(&ub_openssl_locks[i]);
 	}
+#  ifdef HAVE_CRYPTO_THREADID_SET_CALLBACK
+	CRYPTO_THREADID_set_callback(&ub_crypto_id_cb);
+#  else
 	CRYPTO_set_id_callback(&ub_crypto_id_cb);
+#  endif
 	CRYPTO_set_locking_callback(&ub_crypto_lock_cb);
 #endif /* OPENSSL_THREADS */
 	return 1;
@@ -1090,7 +1102,11 @@ void ub_openssl_lock_delete(void)
 	int i;
 	if(!ub_openssl_locks)
 		return;
+#  ifdef HAVE_CRYPTO_THREADID_SET_CALLBACK
+	CRYPTO_THREADID_set_callback(NULL);
+#  else
 	CRYPTO_set_id_callback(NULL);
+#  endif
 	CRYPTO_set_locking_callback(NULL);
 	for(i=0; i<CRYPTO_num_locks(); i++) {
 		lock_basic_destroy(&ub_openssl_locks[i]);