opendkim: support OpenSSL 1.1 with/without deprecated APIs

This patch enables support of OpenSSL 1.1+ with and without
deprecated OpenSSL APIs.

Signed-off-by: Val Kulkov <val.kulkov@gmail.com>

diff --git a/mail/opendkim/Makefile b/mail/opendkim/Makefile
index 6a64e2c634e1137fcea5608f5772abe66965dbce..eaf0f81e6e4c97c52f5239b888494438a467b6db 100644 (file)
--- a/mail/opendkim/Makefile
+++ b/mail/opendkim/Makefile
@@ -8,7 +8,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=opendkim
 PKG_VERSION:=2.10.3
-PKG_RELEASE:=2
+PKG_RELEASE:=3
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=@SF/$(PKG_NAME)

diff --git a/mail/opendkim/patches/010-openssl_1.1.0_compat.patch b/mail/opendkim/patches/010-openssl_1.1.0_compat.patch
deleted file mode 100644 (file)
index 3839908..0000000
--- a/mail/opendkim/patches/010-openssl_1.1.0_compat.patch
+++ /dev/null
@@ -1,90 +0,0 @@
-Description: Build and work with either openssl 1.0.2 or 1.1.0
-   * Add patch to build with either openssl 1.0.2 or 1.1.0 (Closes: #828466)
-     - Thanks to Sebastian Andrzej Siewior for the patch
-Author: Sebastian Andrzej Siewior
-Bug-Debian: http://bugs.debian.org/828466
-Origin: vendor
-Forwarded: no
-Reviewed-By: Scott Kitterman <scott@kitterman.com>
-Last-Update: <YYYY-MM-DD>
-
---- opendkim-2.11.0~alpha.orig/configure.ac
-+++ opendkim-2.11.0~alpha/configure.ac
-@@ -864,26 +864,28 @@ then
-       AC_SEARCH_LIBS([ERR_peek_error], [crypto], ,
-                      AC_MSG_ERROR([libcrypto not found]))
- 
--      AC_SEARCH_LIBS([SSL_library_init], [ssl], ,
--              [
--                      if test x"$enable_shared" = x"yes"
--                      then
--                              AC_MSG_ERROR([Cannot build shared opendkim
--                                            against static openssl libraries.
--                                            Configure with --disable-shared
--                                            to get this working or obtain a
--                                            shared libssl library for
--                                            opendkim to use.])
--                      fi
- 
--                      # avoid caching issue - last result of SSL_library_init
--                      # shouldn't be cached for this next check
--                      unset ac_cv_search_SSL_library_init
--                      LIBCRYPTO_LIBS="$LIBCRYPTO_LIBS -ldl"
--                      AC_SEARCH_LIBS([SSL_library_init], [ssl], ,
--                                     AC_MSG_ERROR([libssl not found]), [-ldl])
--              ]
--      )
-+      AC_LINK_IFELSE(
-+                     [AC_LANG_PROGRAM([[#include <openssl/ssl.h>]],
-+                                      [[SSL_library_init();]])],
-+                                      [od_have_ossl="yes";],
-+                                      [od_have_ossl="no";])
-+      if test x"$od_have_ossl" = x"no"
-+      then
-+              if test x"$enable_shared" = x"yes"
-+              then
-+                      AC_MSG_ERROR([Cannot build shared opendkim
-+                                    against static openssl libraries.
-+                                    Configure with --disable-shared
-+                                    to get this working or obtain a
-+                                    shared libssl library for
-+                                    opendkim to use.])
-+              fi
-+
-+              LIBCRYPTO_LIBS="$LIBCRYPTO_LIBS -ldl"
-+              AC_SEARCH_LIBS([SSL_library_init], [ssl], ,
-+                             AC_MSG_ERROR([libssl not found]), [-ldl])
-+      fi
- 
-       AC_CHECK_DECL([SHA256_DIGEST_LENGTH],
-                       AC_DEFINE([HAVE_SHA256], 1,
---- opendkim-2.11.0~alpha.orig/opendkim/opendkim-crypto.c
-+++ opendkim-2.11.0~alpha/opendkim/opendkim-crypto.c
-@@ -222,7 +222,11 @@ dkimf_crypto_free_id(void *ptr)
-       {
-               assert(pthread_setspecific(id_key, ptr) == 0);
- 
-+#if OPENSSL_VERSION_NUMBER >= 0x10100000
-+              OPENSSL_thread_stop();
-+#else
-               ERR_remove_state(0);
-+#endif
- 
-               free(ptr);
- 
-@@ -392,11 +396,15 @@ dkimf_crypto_free(void)
- {
-       if (crypto_init_done)
-       {
-+#if OPENSSL_VERSION_NUMBER >= 0x10100000
-+              OPENSSL_thread_stop();
-+#else
-               CRYPTO_cleanup_all_ex_data();
-               CONF_modules_free();
-               EVP_cleanup();
-               ERR_free_strings();
-               ERR_remove_state(0);
-+#endif
- 
-               if (nmutexes > 0)
-               {

diff --git a/mail/opendkim/patches/010-openssl_1.1_compat.patch b/mail/opendkim/patches/010-openssl_1.1_compat.patch
new file mode 100644 (file)
index 0000000..ed92fff
--- /dev/null
+++ b/mail/opendkim/patches/010-openssl_1.1_compat.patch
@@ -0,0 +1,202 @@
+This patch has been tested with OpenSSL 1.0.2q, 1.1.0j and 1.1.1a
+with and without support for deprecated OpenSSL APIs.
+
+--- a/configure.ac
++++ b/configure.ac
+@@ -860,26 +860,10 @@ then
+       AC_SEARCH_LIBS([ERR_peek_error], [crypto], ,
+                      AC_MSG_ERROR([libcrypto not found]))
+ 
+-      AC_SEARCH_LIBS([SSL_library_init], [ssl], ,
+-              [
+-                      if test x"$enable_shared" = x"yes"
+-                      then
+-                              AC_MSG_ERROR([Cannot build shared opendkim
+-                                            against static openssl libraries.
+-                                            Configure with --disable-shared
+-                                            to get this working or obtain a
+-                                            shared libssl library for
+-                                            opendkim to use.])
+-                      fi
+-
+-                      # avoid caching issue - last result of SSL_library_init
+-                      # shouldn't be cached for this next check
+-                      unset ac_cv_search_SSL_library_init
+-                      LIBCRYPTO_LIBS="$LIBCRYPTO_LIBS -ldl"
+-                      AC_SEARCH_LIBS([SSL_library_init], [ssl], ,
+-                                     AC_MSG_ERROR([libssl not found]), [-ldl])
+-              ]
+-      )
++      od_have_ossl="no"
++      AC_CHECK_LIB(ssl, OPENSSL_init_ssl, [od_have_ossl="yes"])
++      AC_CHECK_LIB(ssl, SSL_library_init, [od_have_ossl="yes"])
++      AS_IF([test "x$od_have_ossl" = xno], [AC_MSG_ERROR([libssl not found])])
+ 
+       AC_CHECK_DECL([SHA256_DIGEST_LENGTH],
+                       AC_DEFINE([HAVE_SHA256], 1,
+--- a/opendkim/opendkim-crypto.c
++++ b/opendkim/opendkim-crypto.c
+@@ -139,6 +139,7 @@ static unsigned int nmutexes = 0;
+ static unsigned long threadid = 0L;
+ static pthread_mutex_t *mutexes = NULL;
+ 
++#if OPENSSL_VERSION_NUMBER < 0x10100000
+ /*
+ **  DKIMF_CRYPTO_LOCK_CALLBACK -- locking callback for libcrypto
+ **
+@@ -166,6 +167,7 @@ dkimf_crypto_lock_callback(int mode, int
+ 
+       assert(status == 0);
+ }
++#endif
+ 
+ /*
+ **  DKIMF_CRYPTO_GET_ID -- generate/retrieve thread ID
+@@ -208,21 +210,15 @@ dkimf_crypto_get_id(void)
+ static void
+ dkimf_crypto_free_id(void *ptr)
+ {
+-      /*
+-      **  Trick dkimf_crypto_get_id(); the thread-specific pointer has
+-      **  already been cleared at this point, but dkimf_crypto_get_id()
+-      **  may be called by ERR_remove_state() which will then allocate a
+-      **  new thread pointer if the thread-specific pointer is NULL.  This
+-      **  means a memory leak of thread IDs and, on Solaris, an infinite loop
+-      **  because the destructor (indirectly) re-sets the thread-specific
+-      **  pointer to something not NULL.  See pthread_key_create(3).
+-      */
+-
+       if (ptr != NULL)
+       {
+               assert(pthread_setspecific(id_key, ptr) == 0);
+ 
+-              ERR_remove_state(0);
++#if OPENSSL_VERSION_NUMBER >= 0x10100000
++              OPENSSL_thread_stop();
++#else
++              ERR_remove_thread_state(NULL);
++#endif
+ 
+               free(ptr);
+ 
+@@ -300,6 +296,7 @@ dkimf_crypto_dyn_destroy(struct CRYPTO_d
+ **    None.
+ */
+ 
++#if OPENSSL_VERSION_NUMBER < 0x10100000
+ static void
+ dkimf_crypto_dyn_lock(int mode, struct CRYPTO_dynlock_value *lock,
+                       /* UNUSED */ const char *file,
+@@ -316,6 +313,7 @@ dkimf_crypto_dyn_lock(int mode, struct C
+ 
+       assert(status == 0);
+ }
++#endif
+ 
+ /*
+ **  DKIMF_CRYPTO_INIT -- set up openssl dependencies
+@@ -335,7 +333,12 @@ dkimf_crypto_init(void)
+       int n;
+       int status;
+ 
++#if OPENSSL_VERSION_NUMBER < 0x10100000
+       n = CRYPTO_num_locks();
++#else
++      // see openssl/crypto.h for more details
++      n = 1;
++#endif
+       mutexes = (pthread_mutex_t *) malloc(n * sizeof(pthread_mutex_t));
+       if (mutexes == NULL)
+               return errno;
+@@ -357,15 +360,22 @@ dkimf_crypto_init(void)
+       if (status != 0)
+               return status;
+ 
++#if OPENSSL_VERSION_NUMBER < 0x10100000
+       SSL_load_error_strings();
+       SSL_library_init();
+       ERR_load_crypto_strings();
++#else
++      OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS | OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL);
++      OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL);
++#endif
+ 
++#if OPENSSL_VERSION_NUMBER < 0x10000000
+       CRYPTO_set_id_callback(&dkimf_crypto_get_id);
+       CRYPTO_set_locking_callback(&dkimf_crypto_lock_callback);
+       CRYPTO_set_dynlock_create_callback(&dkimf_crypto_dyn_create);
+       CRYPTO_set_dynlock_lock_callback(&dkimf_crypto_dyn_lock);
+       CRYPTO_set_dynlock_destroy_callback(&dkimf_crypto_dyn_destroy);
++#endif
+ 
+ #ifdef USE_OPENSSL_ENGINE
+       if (!SSL_set_engine(NULL))
+@@ -392,11 +402,15 @@ dkimf_crypto_free(void)
+ {
+       if (crypto_init_done)
+       {
++#if OPENSSL_VERSION_NUMBER >= 0x10100000
++              OPENSSL_thread_stop();
++#else
+               CRYPTO_cleanup_all_ex_data();
+               CONF_modules_free();
+               EVP_cleanup();
+               ERR_free_strings();
+-              ERR_remove_state(0);
++              ERR_remove_thread_state(NULL);
++#endif
+ 
+               if (nmutexes > 0)
+               {
+--- a/libopendkim/dkim.c
++++ b/libopendkim/dkim.c
+@@ -4195,8 +4195,10 @@ dkim_init_openssl(void)
+ {
+       pthread_mutex_lock(&openssl_lock);
+ 
++#if OPENSSL_VERSION_NUMBER < 0x10100000
+       if (openssl_refcount == 0)
+               OpenSSL_add_all_algorithms();
++#endif
+       openssl_refcount++;
+ 
+       pthread_mutex_unlock(&openssl_lock);
+@@ -4220,8 +4222,10 @@ dkim_close_openssl(void)
+       pthread_mutex_lock(&openssl_lock);
+ 
+       openssl_refcount--;
++#if OPENSSL_VERSION_NUMBER < 0x10100000
+       if (openssl_refcount == 0)
+               EVP_cleanup();
++#endif
+ 
+       pthread_mutex_unlock(&openssl_lock);
+ }
+--- a/opendkim/opendkim-testkey.c
++++ b/opendkim/opendkim-testkey.c
+@@ -452,7 +452,11 @@ main(int argc, char **argv)
+       memset(err, '\0', sizeof err);
+ 
+ #ifndef USE_GNUTLS
++#if OPENSSL_VERSION_NUMBER < 0x10100000
+       ERR_load_crypto_strings();
++#else
++      OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL);
++#endif
+ #endif /* ! USE_GNUTLS */
+ 
+       /* process a KeyTable if specified and not overridden */
+--- a/opendkim/opendkim.c
++++ b/opendkim/opendkim.c
+@@ -15540,7 +15540,11 @@ main(int argc, char **argv)
+                       printf("\tCompiled with GnuTLS %s\n", GNUTLS_VERSION);
+ #else /* USE_GNUTLS */
+                       printf("\tCompiled with %s\n",
++#if OPENSSL_VERSION_NUMBER < 0x10100000
+                              SSLeay_version(SSLEAY_VERSION));
++#else
++                             OpenSSL_version(OPENSSL_VERSION));
++#endif
+ #endif /* USE_GNUTLS */
+                       printf("\tSMFI_VERSION 0x%x\n", SMFI_VERSION);
+ #ifdef HAVE_SMFI_VERSION