Fix openssl support

	Let's detect needed features in configure instead of relying on
	defines coming from openssl headers since they have proven not
	to be reliable

	* m4/sxe-crypto.m4 (SXE_OPENSSL_VERSION): Update versions of
	openssl supported.
	(SXE_TRY_OPENSSL_BIN_PREFIX): Update headers checked.
	(SXE_CHECK_OPENSSL_LOCS): Ditto.
	(SXE_CHECK_OPENSSL_FEATURES): Check for types and make openssl not
	available if missing.

	* src/openssl.h: Update guards on includes
	(Lisp_SSL_CONN): Assume types are available as
	configure should not include openssl for compilation if they
	are not available.

Signed-off-by: Nelson Ferreira <nelson.ferreira@ieee.org>

diff --git a/m4/sxe-crypto.m4 b/m4/sxe-crypto.m4
index 4af3e69..bae9e1b 100644 (file)
--- a/m4/sxe-crypto.m4
+++ b/m4/sxe-crypto.m4
@@ -19,8 +19,9 @@ AC_DEFUN([SXE_OPENSSL_VERSION], [dnl
        AC_MSG_RESULT([$OPENSSL_VERSION])
 
        AC_MSG_CHECKING([whether OpenSSL version is recent enough])
-       ## we allow 0.9.7e-?, 0.9.8* and 0.9.9*
-       allowed_versions="0.9.7[e-z] 0.9.8* 0.9.9* 1.0.0*"
+       ## we allow 0.9.8z*, 1.0.0[n-z]* 1.0.1[mz]* 1.0.2*
+       ## As vulnerabilities are uncovered we should update this
+       allowed_versions="0.9.8z 1.0.0[[n-z]] 1.0.1[[m-z]] 1.0.2[[d-z]]"
        OPENSSL_SANE_P=no
        for ver in $allowed_versions; do
               if echo "$OPENSSL_VERSION" | ${GREP-grep} -q "$ver"; then
@@ -72,6 +73,12 @@ AC_DEFUN([SXE_TRY_OPENSSL_BIN_PREFIX], [dnl
        SXE_APPEND_UNDUP([$OPENSSL_LDFLAGS], [LDFLAGS])
 
        ## check again
+       SXE_CHECK_HEADERS([openssl/opensslconf.h])
+       SXE_CHECK_HEADERS([openssl/evp.h])
+       SXE_CHECK_HEADERS([openssl/rand.h openssl/hmac.h])
+       SXE_CHECK_HEADERS([openssl/rsa.h openssl/dsa.h])
+       SXE_CHECK_HEADERS([openssl/ec.h openssl/ecdh.h])
+       SXE_CHECK_HEADERS([openssl/ecdsa.h openssl/dh.h])
        SXE_CHECK_HEADERS([openssl/crypto.h])
        SXE_CHECK_HEADERS([openssl/x509.h openssl/pem.h])
        SXE_CHECK_HEADERS([openssl/ssl.h openssl/bio.h])
@@ -96,6 +103,12 @@ AC_DEFUN([SXE_CHECK_OPENSSL_LOCS], [dnl
 
        dnl Look for these standard header file locations
        OPENSSL_LIBS="-lssl -lcrypto"
+       SXE_CHECK_HEADERS([openssl/opensslconf.h])
+       SXE_CHECK_HEADERS([openssl/evp.h])
+       SXE_CHECK_HEADERS([openssl/rand.h openssl/hmac.h])
+       SXE_CHECK_HEADERS([openssl/rsa.h openssl/dsa.h])
+       SXE_CHECK_HEADERS([openssl/ec.h openssl/ecdh.h])
+       SXE_CHECK_HEADERS([openssl/ecdsa.h openssl/dh.h])
        SXE_CHECK_HEADERS([openssl/crypto.h])
        SXE_CHECK_HEADERS([openssl/x509.h openssl/pem.h])
        SXE_CHECK_HEADERS([openssl/ssl.h openssl/bio.h])
@@ -149,10 +162,82 @@ AC_DEFUN([SXE_CHECK_OPENSSL_FEATURES], [dnl
                AC_DEFINE([OPENSSL_NO_DH], [1], [Description here!])
        fi
 
+       AC_CHECK_TYPES([SSL], [:], [:], [
+#if defined HAVE_OPENSSL_OPENSSLCONF_H
+# include <openssl/opensslconf.h>
+#endif
+#if defined HAVE_OPENSSL_SSL_H
+# include <openssl/ssl.h>
+#endif
+               ])
+       AC_CHECK_TYPES([SSL_METHOD], [:], [:], [
+#if defined HAVE_OPENSSL_OPENSSLCONF_H
+# include <openssl/opensslconf.h>
+#endif
+#if defined HAVE_OPENSSL_SSL_H
+# include <openssl/ssl.h>
+#endif
+               ])
+       AC_CHECK_TYPES([SSL_CTX], [:], [:], [
+#if defined HAVE_OPENSSL_OPENSSLCONF_H
+# include <openssl/opensslconf.h>
+#endif
+#if defined HAVE_OPENSSL_SSL_H
+# include <openssl/ssl.h>
+#endif
+               ])
+       AC_CHECK_TYPES([BIO], [:], [:], [
+#if defined HAVE_OPENSSL_OPENSSLCONF_H
+# include <openssl/opensslconf.h>
+#endif
+#if defined HAVE_OPENSSL_SSL_H
+# include <openssl/ssl.h>
+#endif
+#if defined HAVE_OPENSSL_BIO_H
+# include <openssl/bio.h>
+#endif
+               ])
+       AC_CHECK_TYPES([X509], [:], [:], [
+#if defined HAVE_OPENSSL_OPENSSLCONF_H
+# include <openssl/opensslconf.h>
+#endif
+#if defined HAVE_OPENSSL_SSL_H
+# include <openssl/ssl.h>
+#endif
+#if defined HAVE_OPENSSL_X509_H
+# include <openssl/x509.h>
+#endif
+               ])
+       AC_CHECK_TYPES([EVP_PKEY], [:], [:], [
+#if defined HAVE_OPENSSL_OPENSSLCONF_H
+# include <openssl/opensslconf.h>
+#endif
+#if defined HAVE_OPENSSL_EVP_H
+# include <openssl/evp.h>
+#endif
+#if defined HAVE_OPENSSL_SSL_H
+# include <openssl/ssl.h>
+#endif
+#if defined HAVE_OPENSSL_X509_H
+# include <openssl/x509.h>
+#endif
+               ])
        dnl check for libssl support
        AC_CHECK_LIB([ssl], [SSL_new], [openssl_ssl=yes], [openssl_ssl=no])
-       if test "$openssl_ssl" = "yes"; then
-               AC_DEFINE([OPENSSL_SSL], [1], [Description here!])
+       AC_MSG_CHECKING([for openssl types sufficent])
+       if test "x$ac_cv_type_EVP_PKEY"   = xyes -a \
+                "x$ac_cv_type_X509"       = xyes -a \
+                "x$ac_cv_type_BIO"        = xyes -a \
+                "x$ac_cv_type_SSL"        = xyes -a \
+                "x$ac_cv_type_SSL_METHOD" = xyes -a \
+                "x$ac_cv_type_SSL_CTX"    = xyes; then
+               AC_MSG_RESULT([yes])
+               if test "$openssl_ssl" = "yes"; then
+                       AC_DEFINE([OPENSSL_SSL], [1], [Description here!])
+               fi
+       else
+               have_openssl=no
+               AC_MSG_RESULT([no])
        fi
 ])dnl SXE_CHECK_OPENSSL_FEATURES
 

diff --git a/src/openssl.h b/src/openssl.h
index acc1c69..053ac72 100644 (file)
--- a/src/openssl.h
+++ b/src/openssl.h
@@ -24,36 +24,58 @@ along with this program.  If not, see <http://www.gnu.org/licenses/>. */
 #define INCLUDED_openssl_h_ 1
 
 /* this is to determine what has been configured */
+#ifdef HAVE_OPENSSL_OPENSSLCONF_H
 #include <openssl/opensslconf.h>
+#endif
 
+#ifdef HAVE_OPENSSL_EVP_H
 #include <openssl/evp.h>
+#endif
+
+#ifdef HAVE_OPENSSL_RAND_H
 #include <openssl/rand.h>
+#endif
+
+#ifdef HAVE_OPENSSL_HMAC_H
 #include <openssl/hmac.h>
+#endif
 
 /* special asymmetric crypto systems */
+#ifdef HAVE_OPENSSL_RSA_H
 #ifndef OPENSSL_NO_RSA
 #include <openssl/rsa.h>
 #endif
+#endif
 
+#ifdef HAVE_OPENSSL_DSA_H
 #ifndef OPENSSL_NO_DSA
 #include <openssl/dsa.h>
 #endif
+#endif
 
+#ifdef HAVE_OPENSSL_EC_H
 #ifndef OPENSSL_NO_EC
 #include <openssl/ec.h>
 #endif
+#endif
 
+#ifdef HAVE_OPENSSL_ECDH_H
 #ifndef OPENSSL_NO_ECDH
 #include <openssl/ecdh.h>
 #endif
+#endif
 
+#ifdef HAVE_OPENSSL_ECDSA_H
 #ifndef OPENSSL_NO_ECDSA
 #include <openssl/ecdsa.h>
 #endif
+#endif
 
+#ifdef HAVE_OPENSSL_DH
 #ifndef OPENSSL_NO_DH
 #include <openssl/dh.h>
 #endif
+#endif
 
 #if defined HAVE_OPENSSL_X509_H
 # include <openssl/x509.h>
@@ -84,8 +106,6 @@ DECLARE_LRECORD(evp_pkey, Lisp_EVP_PKEY);
 #define CHECK_EVPPKEY(x)       CHECK_RECORD (x, evp_pkey)
 #define wrap_evppkey(p)                wrap_object(p)
 
-
-#if !defined(OPENSSL_NO_SSL2) || !defined(OPENSSL_NO_SSL3)
 /* opaque SSL_CONN object structure
  * this is just an ssl-ish wrap around the process object
  */
@@ -135,5 +155,4 @@ DECLARE_LRECORD(ssl_conn, Lisp_SSL_CONN);
 #define OSSL_DEBUG_FLAG
 #endif
 
-#endif /* !OPENSSL_NO_SSL2 || !OPENSSL_NO_SSL3 */
 #endif /* INCLUDED_openssl_h_ */