Movatterモバイル変換


[0]ホーム

URL:


Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

Sign up
Appearance settings

Commit4e91330

Browse files
committed
Support OpenSSL 1.1.0 in 9.3 and 9.2.
This commit back-patches the equivalent of the 9.5-branch commitse2838c5 and48e5ba6, so that we can work with OpenSSL 1.1.0in all supported branches.Original patches by Andreas Karlsson and Heikki Linnakangas,back-patching work by Andreas Karlsson.Patch:https://postgr.es/m/0c817abb-3f7d-20fb-583a-58f7593a0bea@proxel.seDiscussion:https://postgr.es/m/5129.1492293840@sss.pgh.pa.us
1 parentfbfeceb commit4e91330

File tree

11 files changed

+464
-88
lines changed

11 files changed

+464
-88
lines changed

‎configure

Lines changed: 235 additions & 22 deletions
Original file line numberDiff line numberDiff line change
@@ -9524,9 +9524,9 @@ $as_echo "$as_me: error: library 'crypto' is required for OpenSSL" >&2;}
95249524
fi
95259525

95269526

9527-
{ $as_echo "$as_me:$LINENO: checking forSSL_library_init in -lssl" >&5
9528-
$as_echo_n "checking forSSL_library_init in -lssl... " >&6; }
9529-
if test "${ac_cv_lib_ssl_SSL_library_init+set}" = set; then
9527+
{ $as_echo "$as_me:$LINENO: checking forSSL_new in -lssl" >&5
9528+
$as_echo_n "checking forSSL_new in -lssl... " >&6; }
9529+
if test "${ac_cv_lib_ssl_SSL_new+set}" = set; then
95309530
$as_echo_n "(cached) " >&6
95319531
else
95329532
ac_check_lib_save_LIBS=$LIBS
@@ -9544,11 +9544,11 @@ cat >>conftest.$ac_ext <<_ACEOF
95449544
#ifdef __cplusplus
95459545
extern "C"
95469546
#endif
9547-
charSSL_library_init ();
9547+
charSSL_new ();
95489548
int
95499549
main ()
95509550
{
9551-
returnSSL_library_init ();
9551+
returnSSL_new ();
95529552
;
95539553
return 0;
95549554
}
@@ -9574,22 +9574,22 @@ $as_echo "$ac_try_echo") >&5
95749574
test "$cross_compiling" = yes ||
95759575
$as_test_x conftest$ac_exeext
95769576
}; then
9577-
ac_cv_lib_ssl_SSL_library_init=yes
9577+
ac_cv_lib_ssl_SSL_new=yes
95789578
else
95799579
$as_echo "$as_me: failed program was:" >&5
95809580
sed 's/^/| /' conftest.$ac_ext >&5
95819581

9582-
ac_cv_lib_ssl_SSL_library_init=no
9582+
ac_cv_lib_ssl_SSL_new=no
95839583
fi
95849584

95859585
rm -rf conftest.dSYM
95869586
rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
95879587
conftest$ac_exeext conftest.$ac_ext
95889588
LIBS=$ac_check_lib_save_LIBS
95899589
fi
9590-
{ $as_echo "$as_me:$LINENO: result: $ac_cv_lib_ssl_SSL_library_init" >&5
9591-
$as_echo "$ac_cv_lib_ssl_SSL_library_init" >&6; }
9592-
if test "x$ac_cv_lib_ssl_SSL_library_init" = x""yes; then
9590+
{ $as_echo "$as_me:$LINENO: result: $ac_cv_lib_ssl_SSL_new" >&5
9591+
$as_echo "$ac_cv_lib_ssl_SSL_new" >&6; }
9592+
if test "x$ac_cv_lib_ssl_SSL_new" = x""yes; then
95939593
cat >>confdefs.h <<_ACEOF
95949594
#define HAVE_LIBSSL 1
95959595
_ACEOF
@@ -9694,9 +9694,9 @@ $as_echo "$as_me: error: library 'eay32' or 'crypto' is required for OpenSSL" >&
96949694
{ (exit 1); exit 1; }; }
96959695
fi
96969696

9697-
{ $as_echo "$as_me:$LINENO: checking for library containingSSL_library_init" >&5
9698-
$as_echo_n "checking for library containingSSL_library_init... " >&6; }
9699-
if test "${ac_cv_search_SSL_library_init+set}" = set; then
9697+
{ $as_echo "$as_me:$LINENO: checking for library containingSSL_new" >&5
9698+
$as_echo_n "checking for library containingSSL_new... " >&6; }
9699+
if test "${ac_cv_search_SSL_new+set}" = set; then
97009700
$as_echo_n "(cached) " >&6
97019701
else
97029702
ac_func_search_save_LIBS=$LIBS
@@ -9713,11 +9713,11 @@ cat >>conftest.$ac_ext <<_ACEOF
97139713
#ifdef __cplusplus
97149714
extern "C"
97159715
#endif
9716-
charSSL_library_init ();
9716+
charSSL_new ();
97179717
int
97189718
main ()
97199719
{
9720-
returnSSL_library_init ();
9720+
returnSSL_new ();
97219721
;
97229722
return 0;
97239723
}
@@ -9750,7 +9750,7 @@ $as_echo "$ac_try_echo") >&5
97509750
test "$cross_compiling" = yes ||
97519751
$as_test_x conftest$ac_exeext
97529752
}; then
9753-
ac_cv_search_SSL_library_init=$ac_res
9753+
ac_cv_search_SSL_new=$ac_res
97549754
else
97559755
$as_echo "$as_me: failed program was:" >&5
97569756
sed 's/^/| /' conftest.$ac_ext >&5
@@ -9761,21 +9761,21 @@ fi
97619761
rm -rf conftest.dSYM
97629762
rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
97639763
conftest$ac_exeext
9764-
if test "${ac_cv_search_SSL_library_init+set}" = set; then
9764+
if test "${ac_cv_search_SSL_new+set}" = set; then
97659765
break
97669766
fi
97679767
done
9768-
if test "${ac_cv_search_SSL_library_init+set}" = set; then
9768+
if test "${ac_cv_search_SSL_new+set}" = set; then
97699769
:
97709770
else
9771-
ac_cv_search_SSL_library_init=no
9771+
ac_cv_search_SSL_new=no
97729772
fi
97739773
rm conftest.$ac_ext
97749774
LIBS=$ac_func_search_save_LIBS
97759775
fi
9776-
{ $as_echo "$as_me:$LINENO: result: $ac_cv_search_SSL_library_init" >&5
9777-
$as_echo "$ac_cv_search_SSL_library_init" >&6; }
9778-
ac_res=$ac_cv_search_SSL_library_init
9776+
{ $as_echo "$as_me:$LINENO: result: $ac_cv_search_SSL_new" >&5
9777+
$as_echo "$ac_cv_search_SSL_new" >&6; }
9778+
ac_res=$ac_cv_search_SSL_new
97799779
if test "$ac_res" != no; then
97809780
test "$ac_res" = "none required" || LIBS="$ac_res $LIBS"
97819781

@@ -9786,6 +9786,219 @@ $as_echo "$as_me: error: library 'ssleay32' or 'ssl' is required for OpenSSL" >&
97869786
fi
97879787

97889788
fi
9789+
# Functions introduced in OpenSSL 1.1.0. We used to check for
9790+
# OPENSSL_VERSION_NUMBER, but that didn't work with 1.1.0, because LibreSSL
9791+
# defines OPENSSL_VERSION_NUMBER to claim version 2.0.0, even though it
9792+
# doesn't have these OpenSSL 1.1.0 functions. So check for individual
9793+
# functions.
9794+
9795+
9796+
9797+
9798+
for ac_func in OPENSSL_init_ssl BIO_meth_new ASN1_STRING_get0_data RAND_OpenSSL
9799+
do
9800+
as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
9801+
{ $as_echo "$as_me:$LINENO: checking for $ac_func" >&5
9802+
$as_echo_n "checking for $ac_func... " >&6; }
9803+
if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then
9804+
$as_echo_n "(cached) " >&6
9805+
else
9806+
cat >conftest.$ac_ext <<_ACEOF
9807+
/* confdefs.h. */
9808+
_ACEOF
9809+
cat confdefs.h >>conftest.$ac_ext
9810+
cat >>conftest.$ac_ext <<_ACEOF
9811+
/* end confdefs.h. */
9812+
/* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func.
9813+
For example, HP-UX 11i <limits.h> declares gettimeofday. */
9814+
#define $ac_func innocuous_$ac_func
9815+
9816+
/* System header to define __stub macros and hopefully few prototypes,
9817+
which can conflict with char $ac_func (); below.
9818+
Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
9819+
<limits.h> exists even on freestanding compilers. */
9820+
9821+
#ifdef __STDC__
9822+
# include <limits.h>
9823+
#else
9824+
# include <assert.h>
9825+
#endif
9826+
9827+
#undef $ac_func
9828+
9829+
/* Override any GCC internal prototype to avoid an error.
9830+
Use char because int might match the return type of a GCC
9831+
builtin and then its argument prototype would still apply. */
9832+
#ifdef __cplusplus
9833+
extern "C"
9834+
#endif
9835+
char $ac_func ();
9836+
/* The GNU C library defines this for functions which it implements
9837+
to always fail with ENOSYS. Some functions are actually named
9838+
something starting with __ and the normal name is an alias. */
9839+
#if defined __stub_$ac_func || defined __stub___$ac_func
9840+
choke me
9841+
#endif
9842+
9843+
int
9844+
main ()
9845+
{
9846+
return $ac_func ();
9847+
;
9848+
return 0;
9849+
}
9850+
_ACEOF
9851+
rm -f conftest.$ac_objext conftest$ac_exeext
9852+
if { (ac_try="$ac_link"
9853+
case "(($ac_try" in
9854+
*\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
9855+
*) ac_try_echo=$ac_try;;
9856+
esac
9857+
eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
9858+
$as_echo "$ac_try_echo") >&5
9859+
(eval "$ac_link") 2>conftest.er1
9860+
ac_status=$?
9861+
grep -v '^ *+' conftest.er1 >conftest.err
9862+
rm -f conftest.er1
9863+
cat conftest.err >&5
9864+
$as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
9865+
(exit $ac_status); } && {
9866+
test -z "$ac_c_werror_flag" ||
9867+
test ! -s conftest.err
9868+
} && test -s conftest$ac_exeext && {
9869+
test "$cross_compiling" = yes ||
9870+
$as_test_x conftest$ac_exeext
9871+
}; then
9872+
eval "$as_ac_var=yes"
9873+
else
9874+
$as_echo "$as_me: failed program was:" >&5
9875+
sed 's/^/| /' conftest.$ac_ext >&5
9876+
9877+
eval "$as_ac_var=no"
9878+
fi
9879+
9880+
rm -rf conftest.dSYM
9881+
rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
9882+
conftest$ac_exeext conftest.$ac_ext
9883+
fi
9884+
ac_res=`eval 'as_val=${'$as_ac_var'}
9885+
$as_echo "$as_val"'`
9886+
{ $as_echo "$as_me:$LINENO: result: $ac_res" >&5
9887+
$as_echo "$ac_res" >&6; }
9888+
as_val=`eval 'as_val=${'$as_ac_var'}
9889+
$as_echo "$as_val"'`
9890+
if test "x$as_val" = x""yes; then
9891+
cat >>confdefs.h <<_ACEOF
9892+
#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
9893+
_ACEOF
9894+
9895+
fi
9896+
done
9897+
9898+
# OpenSSL versions before 1.1.0 required setting callback functions, for
9899+
# thread-safety. In 1.1.0, it's no longer required, and CRYPTO_lock()
9900+
# function was removed.
9901+
9902+
for ac_func in CRYPTO_lock
9903+
do
9904+
as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
9905+
{ $as_echo "$as_me:$LINENO: checking for $ac_func" >&5
9906+
$as_echo_n "checking for $ac_func... " >&6; }
9907+
if { as_var=$as_ac_var; eval "test \"\${$as_var+set}\" = set"; }; then
9908+
$as_echo_n "(cached) " >&6
9909+
else
9910+
cat >conftest.$ac_ext <<_ACEOF
9911+
/* confdefs.h. */
9912+
_ACEOF
9913+
cat confdefs.h >>conftest.$ac_ext
9914+
cat >>conftest.$ac_ext <<_ACEOF
9915+
/* end confdefs.h. */
9916+
/* Define $ac_func to an innocuous variant, in case <limits.h> declares $ac_func.
9917+
For example, HP-UX 11i <limits.h> declares gettimeofday. */
9918+
#define $ac_func innocuous_$ac_func
9919+
9920+
/* System header to define __stub macros and hopefully few prototypes,
9921+
which can conflict with char $ac_func (); below.
9922+
Prefer <limits.h> to <assert.h> if __STDC__ is defined, since
9923+
<limits.h> exists even on freestanding compilers. */
9924+
9925+
#ifdef __STDC__
9926+
# include <limits.h>
9927+
#else
9928+
# include <assert.h>
9929+
#endif
9930+
9931+
#undef $ac_func
9932+
9933+
/* Override any GCC internal prototype to avoid an error.
9934+
Use char because int might match the return type of a GCC
9935+
builtin and then its argument prototype would still apply. */
9936+
#ifdef __cplusplus
9937+
extern "C"
9938+
#endif
9939+
char $ac_func ();
9940+
/* The GNU C library defines this for functions which it implements
9941+
to always fail with ENOSYS. Some functions are actually named
9942+
something starting with __ and the normal name is an alias. */
9943+
#if defined __stub_$ac_func || defined __stub___$ac_func
9944+
choke me
9945+
#endif
9946+
9947+
int
9948+
main ()
9949+
{
9950+
return $ac_func ();
9951+
;
9952+
return 0;
9953+
}
9954+
_ACEOF
9955+
rm -f conftest.$ac_objext conftest$ac_exeext
9956+
if { (ac_try="$ac_link"
9957+
case "(($ac_try" in
9958+
*\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
9959+
*) ac_try_echo=$ac_try;;
9960+
esac
9961+
eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
9962+
$as_echo "$ac_try_echo") >&5
9963+
(eval "$ac_link") 2>conftest.er1
9964+
ac_status=$?
9965+
grep -v '^ *+' conftest.er1 >conftest.err
9966+
rm -f conftest.er1
9967+
cat conftest.err >&5
9968+
$as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
9969+
(exit $ac_status); } && {
9970+
test -z "$ac_c_werror_flag" ||
9971+
test ! -s conftest.err
9972+
} && test -s conftest$ac_exeext && {
9973+
test "$cross_compiling" = yes ||
9974+
$as_test_x conftest$ac_exeext
9975+
}; then
9976+
eval "$as_ac_var=yes"
9977+
else
9978+
$as_echo "$as_me: failed program was:" >&5
9979+
sed 's/^/| /' conftest.$ac_ext >&5
9980+
9981+
eval "$as_ac_var=no"
9982+
fi
9983+
9984+
rm -rf conftest.dSYM
9985+
rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
9986+
conftest$ac_exeext conftest.$ac_ext
9987+
fi
9988+
ac_res=`eval 'as_val=${'$as_ac_var'}
9989+
$as_echo "$as_val"'`
9990+
{ $as_echo "$as_me:$LINENO: result: $ac_res" >&5
9991+
$as_echo "$ac_res" >&6; }
9992+
as_val=`eval 'as_val=${'$as_ac_var'}
9993+
$as_echo "$as_val"'`
9994+
if test "x$as_val" = x""yes; then
9995+
cat >>confdefs.h <<_ACEOF
9996+
#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1
9997+
_ACEOF
9998+
9999+
fi
10000+
done
10001+
978910002
fi
979010003

979110004
if test "$with_pam" = yes ; then

‎configure.in

Lines changed: 12 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -951,11 +951,21 @@ if test "$with_openssl" = yes ; then
951951
dnl Order matters!
952952
if test "$PORTNAME" != "win32"; then
953953
AC_CHECK_LIB(crypto, CRYPTO_new_ex_data, [], [AC_MSG_ERROR([library 'crypto' is required for OpenSSL])])
954-
AC_CHECK_LIB(ssl,SSL_library_init, [], [AC_MSG_ERROR([library 'ssl' is required for OpenSSL])])
954+
AC_CHECK_LIB(ssl,SSL_new, [], [AC_MSG_ERROR([library 'ssl' is required for OpenSSL])])
955955
else
956956
AC_SEARCH_LIBS(CRYPTO_new_ex_data, eay32 crypto, [], [AC_MSG_ERROR([library 'eay32' or 'crypto' is required for OpenSSL])])
957-
AC_SEARCH_LIBS(SSL_library_init, ssleay32 ssl, [], [AC_MSG_ERROR([library 'ssleay32' or 'ssl' is required for OpenSSL])])
957+
AC_SEARCH_LIBS(SSL_new, ssleay32 ssl, [], [AC_MSG_ERROR([library 'ssleay32' or 'ssl' is required for OpenSSL])])
958958
fi
959+
# Functions introduced in OpenSSL 1.1.0. We used to check for
960+
# OPENSSL_VERSION_NUMBER, but that didn't work with 1.1.0, because LibreSSL
961+
# defines OPENSSL_VERSION_NUMBER to claim version 2.0.0, even though it
962+
# doesn't have these OpenSSL 1.1.0 functions. So check for individual
963+
# functions.
964+
AC_CHECK_FUNCS([OPENSSL_init_ssl BIO_meth_new ASN1_STRING_get0_data RAND_OpenSSL])
965+
# OpenSSL versions before 1.1.0 required setting callback functions, for
966+
# thread-safety. In 1.1.0, it's no longer required, and CRYPTO_lock()
967+
# function was removed.
968+
AC_CHECK_FUNCS([CRYPTO_lock])
959969
fi
960970

961971
if test "$with_pam" = yes ; then

‎contrib/pgcrypto/internal.c

Lines changed: 0 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -620,15 +620,6 @@ px_find_cipher(const char *name, PX_Cipher **res)
620620
* Randomness provider
621621
*/
622622

623-
/*
624-
* Use always strong randomness.
625-
*/
626-
int
627-
px_get_pseudo_random_bytes(uint8*dst,unsignedcount)
628-
{
629-
returnpx_get_random_bytes(dst,count);
630-
}
631-
632623
statictime_tseed_time=0;
633624
statictime_tcheck_time=0;
634625

0 commit comments

Comments
 (0)

[8]ページ先頭

©2009-2025 Movatter.jp