From c4c8aa5ba0ec6bf4c6d74c4807b66edfbd91be7c Mon Sep 17 00:00:00 2001 From: Rosen Penev Date: Mon, 11 Jan 2021 01:51:58 -0800 Subject: fix compilation without deprecated OpenSSL APIs (De)initialization is deprecated under OpenSSL 1.0 and above. [TT: Some simplifications, and additional edits.] Signed-off-by: Rosen Penev --- libfetch/common.c | 12 ++++-------- src/apk.c | 26 +------------------------- src/apk_openssl.h | 27 +++++++++++++++++++++++++++ 3 files changed, 32 insertions(+), 33 deletions(-) diff --git a/libfetch/common.c b/libfetch/common.c index e91b0c6..bcba889 100644 --- a/libfetch/common.c +++ b/libfetch/common.c @@ -499,15 +499,11 @@ static int fetch_ssl_setup_client_certificate(SSL_CTX *ctx, int verbose) int fetch_ssl(conn_t *conn, const struct url *URL, int verbose) { - /* Init the SSL library and context */ - if (!SSL_library_init()){ - fprintf(stderr, "SSL library init failed\n"); - return (-1); - } - - SSL_load_error_strings(); - +#if OPENSSL_VERSION_NUMBER < 0x10100000L conn->ssl_meth = SSLv23_client_method(); +#else + conn->ssl_meth = TLS_client_method(); +#endif conn->ssl_ctx = SSL_CTX_new(conn->ssl_meth); SSL_CTX_set_mode(conn->ssl_ctx, SSL_MODE_AUTO_RETRY); diff --git a/src/apk.c b/src/apk.c index 2ff7ce1..1141180 100644 --- a/src/apk.c +++ b/src/apk.c @@ -20,11 +20,6 @@ #include #include -#include -#ifndef OPENSSL_NO_ENGINE -#include -#endif - #include #include "apk_defines.h" @@ -358,25 +353,6 @@ static int parse_options(int argc, char **argv, struct apk_applet *applet, void return 0; } -static void fini_openssl(void) -{ - EVP_cleanup(); -#ifndef OPENSSL_NO_ENGINE - ENGINE_cleanup(); -#endif - CRYPTO_cleanup_all_ex_data(); -} - -static void init_openssl(void) -{ - atexit(fini_openssl); - OpenSSL_add_all_algorithms(); -#ifndef OPENSSL_NO_ENGINE - ENGINE_load_builtin_engines(); - ENGINE_register_all_complete(); -#endif -} - static void setup_automatic_flags(struct apk_ctx *ac) { const char *tmp; @@ -449,7 +425,7 @@ int main(int argc, char **argv) ctx.force |= applet->forced_force; } - init_openssl(); + apk_openssl_init(); setup_automatic_flags(&ctx); fetchConnectionCacheInit(32, 4); diff --git a/src/apk_openssl.h b/src/apk_openssl.h index 4ee6da2..c0abdf2 100644 --- a/src/apk_openssl.h +++ b/src/apk_openssl.h @@ -11,7 +11,11 @@ #define APK_SSL_COMPAT_H #include +#include #include +#ifndef OPENSSL_NO_ENGINE +#include +#endif #if OPENSSL_VERSION_NUMBER < 0x1010000fL || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL) @@ -25,6 +29,29 @@ static inline void EVP_MD_CTX_free(EVP_MD_CTX *mdctx) return EVP_MD_CTX_destroy(mdctx); } +static inline void apk_openssl_cleanup(void) +{ + EVP_cleanup(); +#ifndef OPENSSL_NO_ENGINE + ENGINE_cleanup(); +#endif + CRYPTO_cleanup_all_ex_data(); +} + +static inline void apk_openssl_init(void) +{ + atexit(apk_openssl_cleanup); + OpenSSL_add_all_algorithms(); +#ifndef OPENSSL_NO_ENGINE + ENGINE_load_builtin_engines(); + ENGINE_register_all_complete(); +#endif +} + +#else + +static inline void apk_openssl_init(void) {} + #endif #endif -- cgit v1.2.3-70-g09d2