From: Andre Noll <maan@tuebingen.mpg.de>
Date: Sat, 18 May 2024 20:13:20 +0000 (+0200)
Subject: Merge topic branch t/openssl-3 into next
X-Git-Url: http://git.tuebingen.mpg.de/?a=commitdiff_plain;h=refs%2Fheads%2Fnext;p=paraslash.git

Merge topic branch t/openssl-3 into next

Started on 2023-04-29, Cooking since 2024-05-18.

The series starts with a few cleanups and crypto-backend tweaks to
beat the openssl specific code into shape for the main objective:
the switch of the RSA encryption and decryption routines to the
high-level EVP API. This has become necessary because the old RSA
API functions have been deprecated in openssl-3.

<!--

- The openssl RSA code has been converted to EVP and no longer uses
  any deprecated openssl API functions.

-->

* refs/heads/t/openssl-3:
  openssl: Reactivate openssl warnings.
  openssl: Use the EVP library for RSA private decryption.
  openssl: Use the EVP library for RSA public encryption.
  apc_priv_decrypt: Let the callee allocate the buffer.
  apc_pub_encrypt: Let the callee allocate the buffer.
  openssl: Assume that openssl allocation functions functions succeed.
  openssl: Introduce openssl_perror().
  openssl: Don't pass pointers to RSA structures around.
  openssl: Kill rsa coefficient computations.
  client: Check buffer size returned by apc_priv_decrypt().

# Conflicts:
#	configure.ac
---

3cb32cb9e193c0d7f9246bc424e2aa3d12ab2967
diff --cc configure.ac
index 63b06316,d6796e56..9e90ae5d
--- a/configure.ac
+++ b/configure.ac
@@@ -109,6 -110,20 +109,10 @@@ if test $HAVE_OPENSSL = yes; the
  	will be removed in the next major paraslash release. Please upgrade
  	your openssl installation.])
  	fi
 -
+ 	AC_CHECK_LIB([crypto], [OSSL_PARAM_construct_BN], [HAVE_OSSL_PARAM=yes],
+ 		[HAVE_OSSL_PARAM=no])
+ 	test $HAVE_OSSL_PARAM = yes &&
+ 		AC_DEFINE([HAVE_OSSL_PARAM], [1], [openssl >= 3.0])
 -	HAVE_CRYPTO_CLEANUP_ALL_EX_DATA=yes
 -	AC_CHECK_DECL([CRYPTO_cleanup_all_ex_data], [],
 -		[HAVE_CRYPTO_CLEANUP_ALL_EX_DATA=no],
 -		[#include <openssl/rsa.h>])
 -	AC_CHECK_LIB([crypto], [CRYPTO_cleanup_all_ex_data], [],
 -		[HAVE_CRYPTO_CLEANUP_ALL_EX_DATA=no])
 -	test $HAVE_CRYPTO_CLEANUP_ALL_EX_DATA = yes &&
 -		AC_DEFINE([HAVE_CRYPTO_CLEANUP_ALL_EX_DATA], [1],
 -			[not available on FreeBSD 12])
  	HAVE_OPENSSL_THREAD_STOP=yes
  	AC_CHECK_DECL([OPENSSL_thread_stop], [],
  		[HAVE_OPENSSL_THREAD_STOP=no],