Merge pull request #7841 from neheb/dovo

dovecot: Make OpenSSL ENGINE support optional
2019-01-09 23:25:02 +02:00 · 2019-01-09 23:25:02 +02:00 · aa19ab2120
parent 01476024ff d9fa9b0fad
commit aa19ab2120
2 changed files with 87 additions and 1 deletions
--- a/mail/dovecot/Makefile
+++ b/mail/dovecot/Makefile
@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk

 PKG_NAME:=dovecot
 PKG_VERSION:=2.3.4
-PKG_RELEASE:=1
+PKG_RELEASE:=2

 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://www.dovecot.org/releases/2.3
--- a/mail/dovecot/patches/110-openssl-engine.patch
+++ b/mail/dovecot/patches/110-openssl-engine.patch
@ -0,0 +1,86 @@
+--- a/src/lib-dcrypt/dcrypt-openssl.c
+++ b/src/lib-dcrypt/dcrypt-openssl.c
+@@ -17,10 +17,12 @@
+ #include <openssl/bio.h>
+ #include <openssl/pem.h>
+ #include <openssl/x509.h>
+-#include <openssl/engine.h>
+ #include <openssl/hmac.h>
+ #include <openssl/objects.h>
+ #include <openssl/bn.h>
+#ifndef OPENSSL_NO_ENGINE
+#include <openssl/engine.h>
+#endif
+ #include "dcrypt.h"
+ #include "dcrypt-private.h"
+ 
+@@ -179,11 +181,13 @@ static bool dcrypt_openssl_error(const char **error_r)
+ static bool dcrypt_openssl_initialize(const struct dcrypt_settings *set,
+ 				      const char **error_r)
+ {
+#ifndef OPENSSL_NO_ENGINE
+ 	if (set->crypto_device != NULL && set->crypto_device[0] != '\0') {
+ 		if (dovecot_openssl_common_global_set_engine(
+ 			set->crypto_device, error_r) <= 0)
+ 			return FALSE;
+ 	}
+#endif
+ 	return TRUE;
+ }
+ 
+--- a/src/lib-ssl-iostream/dovecot-openssl-common.c
+++ b/src/lib-ssl-iostream/dovecot-openssl-common.c
+@@ -5,11 +5,14 @@
+ #include "dovecot-openssl-common.h"
+ 
+ #include <openssl/ssl.h>
+-#include <openssl/engine.h>
+ #include <openssl/rand.h>
+#ifndef OPENSSL_NO_ENGINE
+#include <openssl/engine.h>
+ 
+-static int openssl_init_refcount = 0;
+ static ENGINE *dovecot_openssl_engine;
+#endif
+
+static int openssl_init_refcount = 0;
+ 
+ #ifdef HAVE_SSL_NEW_MEM_FUNCS
+ static void *dovecot_openssl_malloc(size_t size, const char *u0 ATTR_UNUSED, int u1 ATTR_UNUSED)
+@@ -75,17 +78,21 @@ bool dovecot_openssl_common_global_unref(void)
+ 	if (--openssl_init_refcount > 0)
+ 		return TRUE;
+ 
+#ifndef OPENSSL_NO_ENGINE
+ 	if (dovecot_openssl_engine != NULL) {
+ 		ENGINE_finish(dovecot_openssl_engine);
+ 		dovecot_openssl_engine = NULL;
+ 	}
+#endif
+ 	/* OBJ_cleanup() is called automatically by EVP_cleanup() in
+ 	   newer versions. Doesn't hurt to call it anyway. */
+ 	OBJ_cleanup();
+ #ifdef HAVE_SSL_COMP_FREE_COMPRESSION_METHODS
+ 	SSL_COMP_free_compression_methods();
+ #endif
+#ifndef OPENSSL_NO_ENGINE
+ 	ENGINE_cleanup();
+#endif
+ 	EVP_cleanup();
+ 	CRYPTO_cleanup_all_ex_data();
+ #ifdef HAVE_OPENSSL_AUTO_THREAD_DEINIT
+@@ -107,6 +114,7 @@ bool dovecot_openssl_common_global_unref(void)
+ int dovecot_openssl_common_global_set_engine(const char *engine,
+ 					     const char **error_r)
+ {
+#ifndef OPENSSL_NO_ENGINE
+ 	if (dovecot_openssl_engine != NULL)
+ 		return 1;
+ 
+@@ -128,5 +136,6 @@ int dovecot_openssl_common_global_set_engine(const char *engine,
+ 		dovecot_openssl_engine = NULL;
+ 		return -1;
+ 	}
+#endif
+ 	return 1;
+ }