diff options
Diffstat (limited to 'recipes-connectivity')
-rw-r--r-- | recipes-connectivity/openssl/openssl/0001-eng_dyn-Avoid-spurious-errors-when-checking-for-3.x-.patch | 67 | ||||
-rw-r--r-- | recipes-connectivity/openssl/openssl_1.1.1n.bb | 1 |
2 files changed, 68 insertions, 0 deletions
diff --git a/recipes-connectivity/openssl/openssl/0001-eng_dyn-Avoid-spurious-errors-when-checking-for-3.x-.patch b/recipes-connectivity/openssl/openssl/0001-eng_dyn-Avoid-spurious-errors-when-checking-for-3.x-.patch new file mode 100644 index 0000000..c074d30 --- /dev/null +++ b/recipes-connectivity/openssl/openssl/0001-eng_dyn-Avoid-spurious-errors-when-checking-for-3.x-.patch @@ -0,0 +1,67 @@ +From d6bf4a2218aeb246ba7d34f02e895c37569c8265 Mon Sep 17 00:00:00 2001 +From: Tomas Mraz <tomas@openssl.org> +Date: Wed, 16 Mar 2022 12:09:52 +0100 +Subject: [PATCH] eng_dyn: Avoid spurious errors when checking for 3.x engine + +Reviewed-by: Paul Dale <pauli@openssl.org> +Reviewed-by: Richard Levitte <levitte@openssl.org> +(Merged from https://github.com/openssl/openssl/pull/17902) +--- + crypto/engine/eng_dyn.c | 33 ++++++++++++++++++++++----------- + 1 file changed, 22 insertions(+), 11 deletions(-) + +diff --git a/crypto/engine/eng_dyn.c b/crypto/engine/eng_dyn.c +index 6a0ddc162d..27d7b893cd 100644 +--- a/crypto/engine/eng_dyn.c ++++ b/crypto/engine/eng_dyn.c +@@ -393,6 +393,26 @@ static int int_load(dynamic_data_ctx *ctx) + return 0; + } + ++/* ++ * Unfortunately the version checker does not distinguish between ++ * engines built for openssl 1.1.x and openssl 3.x, but loading ++ * an engine that is built for openssl 3.x will cause a fatal ++ * error. Detect such engines, since EVP_PKEY_get_base_id is exported ++ * as a function in openssl 3.x, while it is named EVP_PKEY_base_id ++ * in openssl 1.1.x. Therefore we take the presence of that symbol ++ * as an indication that the engine will be incompatible. ++ */ ++static int using_libcrypto_3(dynamic_data_ctx *ctx) ++{ ++ int ret; ++ ++ ERR_set_mark(); ++ ret = DSO_bind_func(ctx->dynamic_dso, "EVP_PKEY_get_base_id") != NULL; ++ ERR_pop_to_mark(); ++ ++ return ret; ++} ++ + static int dynamic_load(ENGINE *e, dynamic_data_ctx *ctx) + { + ENGINE cpy; +@@ -442,18 +462,9 @@ static int dynamic_load(ENGINE *e, dynamic_data_ctx *ctx) + /* + * We fail if the version checker veto'd the load *or* if it is + * deferring to us (by returning its version) and we think it is too +- * old. +- * Unfortunately the version checker does not distinguish between +- * engines built for openssl 1.1.x and openssl 3.x, but loading +- * an engine that is built for openssl 3.x will cause a fatal +- * error. Detect such engines, since EVP_PKEY_get_base_id is exported +- * as a function in openssl 3.x, while it is named EVP_PKEY_base_id +- * in openssl 1.1.x. Therefore we take the presence of that symbol +- * as an indication that the engine will be incompatible. ++ * old. Also fail if this is engine for openssl 3.x. + */ +- if (vcheck_res < OSSL_DYNAMIC_OLDEST +- || DSO_bind_func(ctx->dynamic_dso, +- "EVP_PKEY_get_base_id") != NULL) { ++ if (vcheck_res < OSSL_DYNAMIC_OLDEST || using_libcrypto_3(ctx)) { + /* Fail */ + ctx->bind_engine = NULL; + ctx->v_check = NULL; +-- +2.25.1 + diff --git a/recipes-connectivity/openssl/openssl_1.1.1n.bb b/recipes-connectivity/openssl/openssl_1.1.1n.bb index f3a2c54..434e7b1 100644 --- a/recipes-connectivity/openssl/openssl_1.1.1n.bb +++ b/recipes-connectivity/openssl/openssl_1.1.1n.bb @@ -15,6 +15,7 @@ SRC_URI = "https://www.openssl.org/source/openssl-${PV}.tar.gz \ file://run-ptest \ file://0001-skip-test_symbol_presence.patch \ file://0001-buildinfo-strip-sysroot-and-debug-prefix-map-from-co.patch \ + file://0001-eng_dyn-Avoid-spurious-errors-when-checking-for-3.x-.patch \ file://afalg.patch \ file://reproducible.patch \ " |