From: Andre Noll Date: Tue, 17 Sep 2024 15:52:07 +0000 (+0200) Subject: Merge topic branch t/openssl-3 into master X-Git-Url: http://git.tue.mpg.de/?a=commitdiff_plain;h=HEAD;p=paraslash.git Merge topic branch t/openssl-3 into master The series starts with a few cleanups and crypto-backend tweaks to beat the openssl specific code into shape for the main objective: the switch of the RSA encryption and decryption routines to the high-level EVP API. This has become necessary because the old RSA API functions have been deprecated in openssl-3. This merge conflicted against commit a18458cff51c (No longer check for CRYPTO_cleanup_all_ex_data()). The resolution is to remove the checks which that commit removed and to add the checks which commit 0485079436ad (openssl: Use the EVP library for RSA public encryption) of this series introduced. Cooking for four months. * refs/heads/t/openssl-3: openssl: Reactivate openssl warnings. openssl: Use the EVP library for RSA private decryption. openssl: Use the EVP library for RSA public encryption. apc_priv_decrypt: Let the callee allocate the buffer. apc_pub_encrypt: Let the callee allocate the buffer. openssl: Assume that openssl allocation functions functions succeed. openssl: Introduce openssl_perror(). openssl: Don't pass pointers to RSA structures around. openssl: Kill rsa coefficient computations. client: Check buffer size returned by apc_priv_decrypt(). --- 7d391cdac1e8790bd5b6dd3ed56ed2c8d4a58de7 diff --cc NEWS.md index 935e8493,d5812289..0886b26e --- a/NEWS.md +++ b/NEWS.md @@@ -5,15 -5,6 +5,17 @@@ NEW 0.7.4 (to be announced) "genetic contraction" --------------------------------------------- ++- The openssl RSA code has been converted to EVP and no longer uses ++ any deprecated openssl API functions. +- Simplification of the build system. The only visible effect is + that configure no longer prints a summary at the end. +- para_play is no longer built if libreadline is not installed. +- Speedups for the buffer tree code, which particularly improves the + performance of para_play for large mp3 files. +- The chunk table and mbox listing modes of the ls server command + have been deprecated. They still work, but a warning is issued to + inform the user about the deprecated option. + Downloads: [tarball](./releases/paraslash-git.tar.xz) diff --cc configure.ac index 63b06316,d6796e56..9e90ae5d --- a/configure.ac +++ b/configure.ac @@@ -109,6 -110,20 +109,10 @@@ if test $HAVE_OPENSSL = yes; the will be removed in the next major paraslash release. Please upgrade your openssl installation.]) fi - + AC_CHECK_LIB([crypto], [OSSL_PARAM_construct_BN], [HAVE_OSSL_PARAM=yes], + [HAVE_OSSL_PARAM=no]) + test $HAVE_OSSL_PARAM = yes && + AC_DEFINE([HAVE_OSSL_PARAM], [1], [openssl >= 3.0]) - HAVE_CRYPTO_CLEANUP_ALL_EX_DATA=yes - AC_CHECK_DECL([CRYPTO_cleanup_all_ex_data], [], - [HAVE_CRYPTO_CLEANUP_ALL_EX_DATA=no], - [#include ]) - AC_CHECK_LIB([crypto], [CRYPTO_cleanup_all_ex_data], [], - [HAVE_CRYPTO_CLEANUP_ALL_EX_DATA=no]) - test $HAVE_CRYPTO_CLEANUP_ALL_EX_DATA = yes && - AC_DEFINE([HAVE_CRYPTO_CLEANUP_ALL_EX_DATA], [1], - [not available on FreeBSD 12]) HAVE_OPENSSL_THREAD_STOP=yes AC_CHECK_DECL([OPENSSL_thread_stop], [], [HAVE_OPENSSL_THREAD_STOP=no],