From e1acfafa497333c79247a17a0378855b9de9d2c4 Mon Sep 17 00:00:00 2001 From: Futaura Date: Sun, 7 Aug 2022 15:03:32 +0100 Subject: [PATCH] amissl: make AmiSSL v5 a minimum requirement AmiSSL v5 is the latest version, featuring a port of OpenSSL 3.0. Support for previous OpenSSL 1.1.x versions has been dropped, so makes sense to enforce v5 as the minimum requirement. This also allows all the AmiSSL stub workarounds to be removed as they are now provided in a link library in the AmiSSL SDK. Closes #9267 --- configure.ac | 2 +- lib/amigaos.c | 33 --------------------------------- lib/amigaos.h | 5 ----- lib/md4.c | 3 ++- lib/md5.c | 2 +- lib/vtls/openssl.c | 8 -------- m4/curl-amissl.m4 | 39 ++++++++++++++++++++++++++++++++------- 7 files changed, 36 insertions(+), 56 deletions(-) diff --git a/configure.ac b/configure.ac index 555940942..6f19a5f4c 100644 --- a/configure.ac +++ b/configure.ac @@ -1942,7 +1942,7 @@ if test "x$curl_cv_native_windows" = "xyes" && LIBS="-lbcrypt $LIBS" fi -case "x$OPENSSL_ENABLED$GNUTLS_ENABLED$NSS_ENABLED$MBEDTLS_ENABLED$WOLFSSL_ENABLED$SCHANNEL_ENABLED$SECURETRANSPORT_ENABLED$BEARSSL_ENABLED$AMISSL_ENABLED$RUSTLS_ENABLED" +case "x$OPENSSL_ENABLED$GNUTLS_ENABLED$NSS_ENABLED$MBEDTLS_ENABLED$WOLFSSL_ENABLED$SCHANNEL_ENABLED$SECURETRANSPORT_ENABLED$BEARSSL_ENABLED$RUSTLS_ENABLED" in x) AC_MSG_WARN([SSL disabled, you will not be able to use HTTPS, FTPS, NTLM and more.]) diff --git a/lib/amigaos.c b/lib/amigaos.c index 6c144095f..d76f5b03f 100644 --- a/lib/amigaos.c +++ b/lib/amigaos.c @@ -87,38 +87,5 @@ ADD2EXIT(Curl_amiga_cleanup, -50); #endif /* HAVE_PROTO_BSDSOCKET_H */ -#ifdef USE_AMISSL -void Curl_amiga_X509_free(X509 *a) -{ - X509_free(a); -} - -/* AmiSSL replaces many functions with macros. Curl requires pointer - * to some of these functions. Thus, we have to encapsulate these macros. - */ - -#include "warnless.h" - -int (SHA256_Init)(SHA256_CTX *c) -{ - return SHA256_Init(c); -}; - -int (SHA256_Update)(SHA256_CTX *c, const void *data, size_t len) -{ - return SHA256_Update(c, data, curlx_uztoui(len)); -}; - -int (SHA256_Final)(unsigned char *md, SHA256_CTX *c) -{ - return SHA256_Final(md, c); -}; - -void (X509_INFO_free)(X509_INFO *a) -{ - X509_INFO_free(a); -}; - -#endif /* USE_AMISSL */ #endif /* __AMIGA__ */ diff --git a/lib/amigaos.h b/lib/amigaos.h index 8757aa8e7..5255194dc 100644 --- a/lib/amigaos.h +++ b/lib/amigaos.h @@ -37,10 +37,5 @@ void Curl_amiga_cleanup(); #endif -#ifdef USE_AMISSL -#include -void Curl_amiga_X509_free(X509 *a); -#endif /* USE_AMISSL */ - #endif /* HEADER_CURL_AMIGAOS_H */ diff --git a/lib/md4.c b/lib/md4.c index 63bade00d..e976fe7bd 100644 --- a/lib/md4.c +++ b/lib/md4.c @@ -32,7 +32,8 @@ #ifdef USE_OPENSSL #include -#if defined(OPENSSL_VERSION_MAJOR) && (OPENSSL_VERSION_MAJOR >= 3) +#if defined(OPENSSL_VERSION_MAJOR) && (OPENSSL_VERSION_MAJOR >= 3) && \ + !defined(USE_AMISSL) /* OpenSSL 3.0.0 marks the MD4 functions as deprecated */ #define OPENSSL_NO_MD4 #endif diff --git a/lib/md5.c b/lib/md5.c index 2164e15ff..5be639929 100644 --- a/lib/md5.c +++ b/lib/md5.c @@ -41,7 +41,7 @@ #endif #endif /* USE_MBEDTLS */ -#if defined(USE_OPENSSL) && !defined(USE_AMISSL) +#ifdef USE_OPENSSL #include #if !defined(OPENSSL_NO_MD5) && !defined(OPENSSL_NO_DEPRECATED_3_0) #define USE_OPENSSL_MD5 diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c index 25e065d6c..5a7a61240 100644 --- a/lib/vtls/openssl.c +++ b/lib/vtls/openssl.c @@ -78,10 +78,6 @@ #include #include -#ifdef USE_AMISSL -#include "amigaos.h" -#endif - #if (OPENSSL_VERSION_NUMBER >= 0x0090808fL) && !defined(OPENSSL_NO_OCSP) #include #endif @@ -996,11 +992,7 @@ int cert_stuff(struct Curl_easy *data, fail: EVP_PKEY_free(pri); X509_free(x509); -#ifdef USE_AMISSL - sk_X509_pop_free(ca, Curl_amiga_X509_free); -#else sk_X509_pop_free(ca, X509_free); -#endif if(!cert_done) return 0; /* failure! */ break; diff --git a/m4/curl-amissl.m4 b/m4/curl-amissl.m4 index df07bdb29..dfa626da9 100644 --- a/m4/curl-amissl.m4 +++ b/m4/curl-amissl.m4 @@ -23,21 +23,46 @@ #*************************************************************************** AC_DEFUN([CURL_WITH_AMISSL], [ -AC_MSG_CHECKING([whether to enable Amiga native SSL/TLS (AmiSSL)]) +AC_MSG_CHECKING([whether to enable Amiga native SSL/TLS (AmiSSL v5)]) if test "$HAVE_PROTO_BSDSOCKET_H" = "1"; then if test "x$OPT_AMISSL" != xno; then ssl_msg= - if test "x$OPT_AMISSL" != "xno"; then - AC_MSG_RESULT(yes) + AC_COMPILE_IFELSE([ + AC_LANG_PROGRAM([[ + #include + #include + ]],[[ + #if defined(AMISSL_CURRENT_VERSION) && (AMISSL_CURRENT_VERSION >= AMISSL_V303) && \ + defined(OPENSSL_VERSION_MAJOR) && (OPENSSL_VERSION_MAJOR >= 3) && \ + defined(PROTO_AMISSL_H) + return 0; + #else + #error not AmiSSL v5 / OpenSSL 3 + #endif + ]]) + ],[ + AC_MSG_RESULT([yes]) ssl_msg="AmiSSL" test amissl != "$DEFAULT_SSL_BACKEND" || VALID_DEFAULT_SSL_BACKEND=yes AMISSL_ENABLED=1 - LIBS="-lamisslauto $LIBS" + OPENSSL_ENABLED=1 + # Use AmiSSL's built-in ca bundle + check_for_ca_bundle=1 + with_ca_fallback=yes + LIBS="-lamisslstubs -lamisslauto $LIBS" AC_DEFINE(USE_AMISSL, 1, [if AmiSSL is in use]) AC_DEFINE(USE_OPENSSL, 1, [if OpenSSL is in use]) - else - AC_MSG_RESULT(no) - fi + AC_DEFINE_UNQUOTED(HAVE_OPENSSL3, 1, [Define to 1 if using OpenSSL 3 or later.]) + AC_CHECK_HEADERS(openssl/x509.h openssl/rsa.h openssl/crypto.h \ + openssl/pem.h openssl/ssl.h openssl/err.h) + dnl OpenSSLv3 marks the DES functions deprecated but we have no + dnl replacements (yet) so tell the compiler to not warn for them + dnl + dnl Ask OpenSSL to suppress the warnings. + CPPFLAGS="$CPPFLAGS -DOPENSSL_SUPPRESS_DEPRECATED" + ],[ + AC_MSG_RESULT([no]) + ]) test -z "$ssl_msg" || ssl_backends="${ssl_backends:+$ssl_backends, }$ssl_msg" else AC_MSG_RESULT(no)