Changeset 95219 in vbox for trunk/src/libs/openssl-3.0.3/crypto/engine

Timestamp:

Jun 8, 2022 7:43:44 AM (3 years ago)

Author:

vboxsync

Message:

libs/openssl: Switched to v3.0.3, bugref:10128

Location:

trunk/src/libs/openssl-3.0.3

Files:

• . (modified) (1 prop)
• crypto/engine/eng_dyn.c (modified) (2 diffs)
• crypto/engine/tb_asnmth.c (modified) (3 diffs)

trunk/src/libs/openssl-3.0.3

@@ -14 +14 @@
 /vendor/openssl/3.0.1:150323-150324
 /vendor/openssl/3.0.2:150728-150729
-/vendor/openssl/current:147554-150727
+/vendor/openssl/3.0.3:151497-151729
+/vendor/openssl/current:147554-151496

@@ -14 +14 @@
 /vendor/openssl/3.0.1:150323-150324
 /vendor/openssl/3.0.2:150728-150729
-/vendor/openssl/current:147554-150727
+/vendor/openssl/3.0.3:151497-151729
+/vendor/openssl/current:147554-151496

trunk/src/libs/openssl-3.0.3/crypto/engine/eng_dyn.c

@@ -402 +402 @@
 }
 
+/*
+ * Unfortunately the version checker does not distinguish between
+ * engines built for openssl 1.1.x and openssl 3.x, but loading
+ * an engine that is built for openssl 1.1.x will cause a fatal
+ * error.  Detect such engines, since EVP_PKEY_base_id is exported
+ * as a function in openssl 1.1.x, while it is named EVP_PKEY_get_base_id
+ * in openssl 3.x.  Therefore we take the presence of that symbol
+ * as an indication that the engine will be incompatible.
+ */
+static int using_libcrypto_11(dynamic_data_ctx *ctx)
+{
+    int ret;
+
+    ERR_set_mark();
+    ret = DSO_bind_func(ctx->dynamic_dso, "EVP_PKEY_base_id") != NULL;
+    ERR_pop_to_mark();
+
+    return ret;
+}
+
 static int dynamic_load(ENGINE *e, dynamic_data_ctx *ctx)
 {
@@ -451 +471 @@
          * We fail if the version checker veto'd the load *or* if it is
          * deferring to us (by returning its version) and we think it is too
-         * old.
-         * Unfortunately the version checker does not distinguish between
-         * engines built for openssl 1.1.x and openssl 3.x, but loading
-         * an engine that is built for openssl 1.1.x will cause a fatal
-         * error.  Detect such engines, since EVP_PKEY_base_id is exported
-         * as a function in openssl 1.1.x, while it is a macro in openssl 3.x,
-         * and therefore only the symbol EVP_PKEY_get_base_id is available
-         * in openssl 3.x.
+         * old. Also fail if this is engine for openssl 1.1.x.
          */
-        if (vcheck_res < OSSL_DYNAMIC_OLDEST
-                || DSO_bind_func(ctx->dynamic_dso,
-                                 "EVP_PKEY_base_id") != NULL) {
+        if (vcheck_res < OSSL_DYNAMIC_OLDEST || using_libcrypto_11(ctx)) {
             /* Fail */
             ctx->bind_engine = NULL;

trunk/src/libs/openssl-3.0.3/crypto/engine/tb_asnmth.c

@@ -1 +1 @@
 /*
- * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2006-2022 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
@@ -153 +153 @@
         if (ameth != NULL
             && ((int)strlen(ameth->pem_str) == len)
-            && strncasecmp(ameth->pem_str, str, len) == 0)
+            && OPENSSL_strncasecmp(ameth->pem_str, str, len) == 0)
             return ameth;
     }
@@ -178 +178 @@
         if (ameth != NULL
                 && ((int)strlen(ameth->pem_str) == lk->len)
-                && strncasecmp(ameth->pem_str, lk->str, lk->len) == 0) {
+                && OPENSSL_strncasecmp(ameth->pem_str, lk->str, lk->len) == 0) {
             lk->e = e;
             lk->ameth = ameth;

@@ -14 +14 @@
 /vendor/openssl/3.0.1:150323-150324
 /vendor/openssl/3.0.2:150728-150729
-/vendor/openssl/current:147554-150727
+/vendor/openssl/3.0.3:151497-151729
+/vendor/openssl/current:147554-151496