Merge branch 'refs/heads/t/openssl-header-check'

* refs/heads/t/openssl-header-check:
  build: Check also for CRYPTO_cleanup_all_ex_data.
  build: Detect openssl library/header mismatch.

Two simple fixes for FreeBSD. Tested on 12.0-RELEASE-p10.

Cooking for nine months.

diff --git a/NEWS.md b/NEWS.md
index bbe200102627b929907a78ff5a14792cdc45f720..eda654a6a155e2f4c484bfa3013d7edc7d278aec 100644 (file)
--- a/NEWS.md
+++ b/NEWS.md
@@ -18,6 +18,8 @@ NEWS
 - Cleanup of the audio format handler code.
 - We now build the tree using the .ONESHELL feature of GNU make,
   which results in a significant speedup.
+- Two robustness fixes for FreeBSD.
+
 
 --------------------------------------
 0.6.2 (2018-06-30) "elastic diversity"

diff --git a/configure.ac b/configure.ac
index 053996d1606b13a1ff3da085d59a0f1451f065af..d993e526c8a30bdab55da1dd5a9df6f1ead5b320 100644 (file)
--- a/configure.ac
+++ b/configure.ac
@@ -96,8 +96,24 @@ AC_CHECK_HEADER(openssl/ssl.h, [], [HAVE_OPENSSL=no])
 AC_CHECK_LIB([crypto], [RAND_bytes], [], [HAVE_OPENSSL=no])
 LIB_SUBST_FLAGS(openssl)
 if test $HAVE_OPENSSL = yes; then
-       AC_CHECK_LIB([crypto], [RSA_set0_key],
-               AC_DEFINE([HAVE_RSA_SET0_KEY], [1], [openssl-1.1]))
+       HAVE_RSA_SET0_KEY=yes
+       AC_CHECK_DECL([RSA_set0_key], [], [], [#include <openssl/rsa.h>])
+       AC_CHECK_LIB([crypto], [RSA_set0_key], [], [])
+       if test "$ac_cv_have_decl_RSA_set0_key" != "$ac_cv_lib_crypto_RSA_set0_key"; then
+               AC_MSG_ERROR([openssl header/library mismatch])
+       fi
+       test "$ac_cv_have_decl_RSA_set0_key" = yes &&
+               AC_DEFINE([HAVE_RSA_SET0_KEY], [1], [openssl >= 1.1])
+
+       HAVE_CRYPTO_CLEANUP_ALL_EX_DATA=yes
+       AC_CHECK_DECL([CRYPTO_cleanup_all_ex_data], [],
+               [HAVE_CRYPTO_CLEANUP_ALL_EX_DATA=no],
+               [#include <openssl/rsa.h>])
+       AC_CHECK_LIB([crypto], [CRYPTO_cleanup_all_ex_data], [],
+               [HAVE_CRYPTO_CLEANUP_ALL_EX_DATA=no])
+       test $HAVE_CRYPTO_CLEANUP_ALL_EX_DATA = yes &&
+               AC_DEFINE([HAVE_CRYPTO_CLEANUP_ALL_EX_DATA], [1],
+                       [not available on FreeBSD 12])
 fi
 UNSTASH_FLAGS
 ######################################################################### gcrypt

diff --git a/openssl.c b/openssl.c
index 4895e176ba9cf7f86962d365f3d9514aed0f0180..d11b1049d2a321905ab79ce2af6c1e86fe7b7991 100644 (file)
--- a/openssl.c
+++ b/openssl.c
@@ -57,7 +57,9 @@ void crypt_init(void)
 
 void crypt_shutdown(void)
 {
+#ifdef HAVE_CRYPTO_CLEANUP_ALL_EX_DATA
        CRYPTO_cleanup_all_ex_data();
+#endif
 }
 
 static int get_private_key(const char *path, RSA **rsa)