[From nobody Thu Jun 25 05:54:39 2020 Received: from sonic302-21.consmr.mail.ne1.yahoo.com ([66.163.186.147]) by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1fL60F-0006qM-VB for openwrt-devel@lists.openwrt.org; Tue, 22 May 2018 12:03:08 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1526990563; bh=oVXBk4ne1I6vEYqtMzuzbki0F7teMxoir5fOMQ+W+OE=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From:Subject; b=madsyWRn4EYC6DAOBdJXCUS6rI6L7RsvrqmO862Ghk7wi+05N3fhvp73V6xDIjSIDp+bYll411PCieLmvAv/lhSApVWJskwR66+6JXZBMGxUzj48TydX6amTII1fEmwZ+WhDNmsBWRcmBVGUjEa3JiVC7djdB5AcINh5E/aAJeBkMqiybjeWCk0Vt+7MTnpfyVmTdW4WOrSa3Z5sLnnH8e5mo5f9EOr0CcqOQiQsx2AlaZ+TQoQ+nTBDVYjWEthMI7vo5D7id8THuzLUHmDVeXcqTDC1pz5GIhGijr7pK9pq60TchrVnTlfc8w0eKquu7ESUgIboET0mHxS8e7SLwA== X-YMail-OSG: qLIQZzkVM1ke3JaMnnxZy1uDr1zQAumX5k0obgXcrg9fAOrvgfPEd225Gv4YohL nDaqv1QnL7TdtvFrspg3nDtmC6pR6OYVq65_qHx9mxaBkrl0rYsLZRNferVT3U6KkFPcbFX4Oj8g b.dwkhhapOLRfzBz6Tv6xzVao_e1WmmxlRnwVlw8tY82Gh_Sq6y11r2QHL8mZFlcGX0bgQ6MPdjU gR3OspagUHhyIcOSSMpWNn7l474PC57EUztB.CoG5TkRdFRP.5hgXB2jcDt_u3b5qrw1ye5gYALd .3H8ouGNt6Lpgwl96HiM1T5UROdCpjvZzjTK7FjEWYIcsoS29nGateFhpAIzKlPXUDOxdbISlEgH cxVbtJNMtSDh1OK3Gucv7.MWc2EsrIWRjwk.EbviAcGMOovOhpreltAL2N9JiLZ71p5qWEhbiyVp RjNL6s97mZoJXTeX8bzqbsvBL97GYyfPVZUWlv13J501lROSXxsZSBvMbBl9TxWGix92cqnmhH1X kSwp4eBKJqm1oYnXHTy7QfSPXX8.whNxhVs3wyNAVNNrwvkfJjB8E_.jxbGRto2MapNA4rGdPUeD z8lRDd_EJpTV69aXEl0nD9SCvDoowrZa1HQYbnckSSB2OpX.0gT_wM94_.JF9ApA7XDndgJR7Q5k WThnRVFcj8rFo02UBFzna4Q-- Received: from sonic.gate.mail.ne1.yahoo.com by sonic302.consmr.mail.ne1.yahoo.com with HTTP; Tue, 22 May 2018 12:02:43 +0000 Received: from 18.175.75.177.infopasa.com.br (EHLO gateway.troianet.com.br) ([177.75.175.18]) by smtp405.mail.ne1.yahoo.com (Oath Hermes SMTP Server) with ESMTPA ID 2c15e9df25ff612fbc479d6c5c9b24cc; Tue, 22 May 2018 12:02:42 +0000 (UTC) From: Eneas U de Queiroz <cote2004-github@yahoo.com> To: openwrt-devel@lists.openwrt.org Cc: John Crispin <john@phrozen.org>, Eneas U de Queiroz <cote2004-github@yahoo.com> Subject: [PATCH 4/4] ustream-ssl: openssl-1.1 compatibility Date: Tue, 22 May 2018 09:02:15 -0300 Message-Id: <20180522120215.13360-4-cote2004-github@yahoo.com> X-Mailer: git-send-email 2.16.1 In-Reply-To: <20180522120215.13360-1-cote2004-github@yahoo.com> References: <30f4d3c4-ed06-521a-28ee-d5b2e61ce667@phrozen.org> <20180522120215.13360-1-cote2004-github@yahoo.com> X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20180522_050256_084740_EDFBD374 X-CRM114-Status: UNSURE ( 7.50 ) X-CRM114-Notice: Please train this message. X-Spam-Score: -0.1 (/) X-Spam-Report: SpamAssassin version 3.4.1 on bombadil.infradead.org summary: Content analysis details: (-0.1 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no trust [66.163.186.147 listed in list.dnswl.org] 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (cote2004-github[at]yahoo.com) -0.0 SPF_PASS SPF: sender matches SPF record -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain Patch to compile ustream-ssl with openssl-1.1.0. Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com> --- ustream-io-openssl.c | 37 +++++++++++++++++++++++++++++++++++++ ustream-openssl.c | 12 +++++++++++- 2 files changed, 48 insertions(+), 1 deletion(-) diff --git a/ustream-io-openssl.c b/ustream-io-openssl.c index 6711055..73a2ba6 100644 --- a/ustream-io-openssl.c +++ b/ustream-io-openssl.c @@ -26,10 +26,16 @@ static int s_ustream_new(BIO *b) { +#if OPENSSL_VERSION_NUMBER >= 0x10100000L + BIO_set_init(b, 1); + BIO_set_data(b, NULL); + BIO_set_shutdown(b, 0); +#else b->init = 1; b->num = 0; b->ptr = NULL; b->flags = 0; +#endif return 1; } @@ -39,9 +45,15 @@ s_ustream_free(BIO *b) if (!b) return 0; +#if OPENSSL_VERSION_NUMBER >= 0x10100000L + BIO_set_data(b, NULL); + BIO_set_init(b, 0); + BIO_set_shutdown(b, 0); +#else b->ptr = NULL; b->init = 0; b->flags = 0; +#endif return 1; } @@ -55,7 +67,11 @@ s_ustream_read(BIO *b, char *buf, int len) if (!buf || len <= 0) return 0; +#if OPENSSL_VERSION_NUMBER >= 0x10100000L + s = (struct ustream *)BIO_get_data(b); +#else s = (struct ustream *)b->ptr; +#endif if (!s) return 0; @@ -84,7 +100,11 @@ s_ustream_write(BIO *b, const char *buf, int len) if (!buf || len <= 0) return 0; +#if OPENSSL_VERSION_NUMBER >= 0x10100000L + s = (struct ustream *)BIO_get_data(b); +#else s = (struct ustream *)b->ptr; +#endif if (!s) return 0; @@ -116,6 +136,7 @@ static long s_ustream_ctrl(BIO *b, int cmd, long num, void *ptr) }; } +#if OPENSSL_VERSION_NUMBER < 0x10100000L static BIO_METHOD methods_ustream = { 100 | BIO_TYPE_SOURCE_SINK, "ustream", @@ -128,13 +149,29 @@ static BIO_METHOD methods_ustream = { s_ustream_free, NULL, }; +#endif static BIO *ustream_bio_new(struct ustream *s) { BIO *bio; +#if OPENSSL_VERSION_NUMBER >= 0x10100000L + BIO_METHOD *methods_ustream; + + methods_ustream = BIO_meth_new(BIO_get_new_index() | BIO_TYPE_SOURCE_SINK, "ustream"); + BIO_meth_set_write(methods_ustream, s_ustream_write); + BIO_meth_set_read(methods_ustream, s_ustream_read); + BIO_meth_set_puts(methods_ustream, s_ustream_puts); + BIO_meth_set_gets(methods_ustream, s_ustream_gets); + BIO_meth_set_ctrl(methods_ustream, s_ustream_ctrl); + BIO_meth_set_create(methods_ustream, s_ustream_new); + BIO_meth_set_destroy(methods_ustream, s_ustream_free); + bio = BIO_new(methods_ustream); + BIO_set_data(bio, s); +#else bio = BIO_new(&methods_ustream); bio->ptr = s; +#endif return bio; } diff --git a/ustream-openssl.c b/ustream-openssl.c index eb03dab..52b7c21 100644 --- a/ustream-openssl.c +++ b/ustream-openssl.c @@ -38,11 +38,17 @@ __ustream_ssl_context_new(bool server) if (server) #ifdef CYASSL_OPENSSL_H_ m = SSLv23_server_method(); +#elif OPENSSL_VERSION_NUMBER >= 0x10100000L + m = TLS_server_method(); #else m = TLSv1_2_server_method(); #endif else +#if OPENSSL_VERSION_NUMBER >= 0x10100000L + m = TLS_client_method(); +#else m = SSLv23_client_method(); +#endif c = SSL_CTX_new((void *) m); if (!c) @@ -52,8 +58,12 @@ __ustream_ssl_context_new(bool server) #ifndef OPENSSL_NO_ECDH SSL_CTX_set_ecdh_auto(c, 1); #endif - if (server) + if (server) { +#if OPENSSL_VERSION_NUMBER >= 0x10100000L + SSL_CTX_set_min_proto_version(c, TLS1_2_VERSION); +#endif SSL_CTX_set_cipher_list(c, "DEFAULT:!RC4:@STRENGTH"); + } SSL_CTX_set_quiet_shutdown(c, 1); return (void *) c; -- 2.16.1 ]