crypto-util: support OpenSSL 4

OpenSSL 4 broke ABI, so we need to look for both SONAMEs.
Try libcrypto.so.3 first, and fallback to libcrypto.so.4,
so that the older and more stable version is used if both
are installed, giving distros time to fix regressions.

diff --git a/src/shared/crypto-util.c b/src/shared/crypto-util.c
index 5359078f6cf20ec6e1c173c6897f0d8456fbee38..ed6d2a269c772a9ee52fd6ebfb71f76c62dab45a 100644 (file)
--- a/src/shared/crypto-util.c
+++ b/src/shared/crypto-util.c
@@ -335,12 +335,15 @@ DEFINE_TRIVIAL_CLEANUP_FUNC_FULL_RENAME(UI_METHOD*, sym_UI_destroy_method, UI_de
 int dlopen_libcrypto(int log_level) {
 #if HAVE_OPENSSL
         static void *libcrypto_dl = NULL;
+        int r;
 
         LIBCRYPTO_NOTE(SD_ELF_NOTE_DLOPEN_PRIORITY_SUGGESTED);
 
-        return dlopen_many_sym_or_warn(
+        // FIXME: switch order to prefer libcrypto.so.4 in a future version once it has stabilized
+        FOREACH_STRING(soname, "libcrypto.so.3", "libcrypto.so.4") {
+                r = dlopen_many_sym_or_warn(
                         &libcrypto_dl,
-                        "libcrypto.so.3",
+                        soname,
                         log_level,
                         DLSYM_ARG(ASN1_ANY_it),
                         DLSYM_ARG(ASN1_BIT_STRING_it),
@@ -617,6 +620,15 @@ int dlopen_libcrypto(int log_level) {
                         DLSYM_ARG(X509_VERIFY_PARAM_set_hostflags),
                         DLSYM_ARG(X509_VERIFY_PARAM_set1_host),
                         DLSYM_ARG(X509_VERIFY_PARAM_set1_ip));
+                if (r >= 0)
+                        break;
+        }
+        if (r < 0) {
+                log_full_errno(log_level, r, "Neither libcrypto.so.4 nor libcrypto.so.3 could be loaded");
+                return -EOPNOTSUPP; /* turn into recognizable error */
+        }
+
+        return r;
 #else
         return log_full_errno(log_level, SYNTHETIC_ERRNO(EOPNOTSUPP),
                               "libcrypto support is not compiled in.");

diff --git a/src/shared/crypto-util.h b/src/shared/crypto-util.h
index f3494bc6836b34bf313199e8dcbabbca384e1e1f..980c1c60a2a5fcb86eaf891156a1fab2d26c44e1 100644 (file)
--- a/src/shared/crypto-util.h
+++ b/src/shared/crypto-util.h
@@ -37,7 +37,7 @@ int dlopen_libcrypto(int log_level);
         SD_ELF_NOTE_DLOPEN("libcrypto",                                 \
                            "Support for cryptographic operations",      \
                            priority,                                    \
-                           "libcrypto.so.3")
+                           "libcrypto.so.3", "libcrypto.so.4")
 
 #define DLOPEN_LIBCRYPTO(log_level, priority)                           \
         ({                                                              \