[From nobody Thu Jun 25 05:54:40 2020 Received: from sonic311-23.consmr.mail.ne1.yahoo.com ([66.163.188.204]) by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1fODBA-0005NY-Fn for openwrt-devel@lists.openwrt.org; Thu, 31 May 2018 02:19:19 +0000 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1527733133; bh=x69H9eFQjWGHJvk66pqQ9vVHvBNLz/x0EhrW5bJ3boc=; h=From:To:Cc:Subject:Date:In-Reply-To:References:In-Reply-To:References:From:Subject; b=Vs/0Q8DJTvRu04ru+pa2rDh7Xfr1cHh6HwW1aJrz/rVs0JSJ506buaAdB4P+39j+2Qqi9XgaqpL3UHIjuOQ9030GXxauepQ+4260ubV6xePO8uAfra4jVkt7yVWxSB8Xu+6fzhKK6i9eWY6zXfWqDgBcxIaZSls0CSWcTHShlwE2FrnsHEuFbjFSkHFlPlldiJJTKjv61joJJ4Flcu6kqzsm78Y/nYa72b7Tm0bVAICUM++4MWuFATlESzvNlhefo4GrdJDHJl6oCy6wGCe44n7CesV411AR0SjZ3MyulZ5f31s/UI9nn0zUwwiV4HUdrtIS4DPBF4lGGMyxnL9wVQ== X-YMail-OSG: Wu_5rsQVM1kxxVVRCznRDnXluUv6YqIBNHjeEywJXcuSIv_LkjZ09rajN.FTg1Q 5SvE8FmJYOV_sYe.zCNLQvkgGlcvnEbESUkOrujeKCrVmBjaW9mnXQZu9RG8E22NLhO9EEji.QWQ fZPoIgqiLmWk_QHD7CGQnRAzOlDKQUgMxbYSM9S.HPZIZy5YSme7z6ROEui.oeR1S.fnCiUDmpV9 54GmMIalEacsKwXfq69ol2f9R3Y0Nw_CMJJ6wRu3nq76uw_WUElDCN9_moSGzXmzq7xMGb.UeNVA horkXLGk38ESIwmjJwvBzjaw5uOOiHmD7Tg7iFo540szMjvQf2oRBg039i37VvEPDcRomKeubqx5 Gx.FMh09x0swNAFeZr40Zx5ochUOcrN_Ysx6ec7odJU_IC0D.Exae9qLsYqOeEU4kQdqCeLl9sSv Bh13BM8dcG95vk56hw2DFkch3E0JxnpYc.xe6IVg5aGvizwxU9fdZjjBKhJxe3omfFvLuSAiP6SV I6OLs_Dyy6t0VIWMfXe9Yt0OY_eEPLj8OYX8lIMGRUB5ao_RQKMbRfz9SbCrm_KGzbgcCniwJ_Qk T_gmSqib0gcgsNR8UW5ifwWTHsRqZUqKl9FIe9vJgA4JrYq0LfUktKHNjoJSFKdF5q9D_GSOXKXb hpyFQsmAHSccZZVHqcahqScfekRu8gRfPRfsnpwk4d6FMcUR7Vg-- Received: from sonic.gate.mail.ne1.yahoo.com by sonic311.consmr.mail.ne1.yahoo.com with HTTP; Thu, 31 May 2018 02:18:53 +0000 Received: from 18.175.75.177.infopasa.com.br (EHLO gateway.troianet.com.br) ([177.75.175.18]) by smtp420.mail.ne1.yahoo.com (Oath Hermes SMTP Server) with ESMTPA ID 7a11000cd6f5ba63543f8a96f058275b; Thu, 31 May 2018 02:18:48 +0000 (UTC) From: Eneas U de Queiroz <cote2004-github@yahoo.com> To: openwrt-devel@lists.openwrt.org Cc: Eneas U de Queiroz <cote2004-github@yahoo.com> Subject: [PATCH v2 4/4] ustream-ssl: openssl-1.1 compatibility Date: Wed, 30 May 2018 23:18:37 -0300 Message-Id: <20180531021837.22899-5-cote2004-github@yahoo.com> X-Mailer: git-send-email 2.16.1 In-Reply-To: <20180531021837.22899-1-cote2004-github@yahoo.com> References: <20180531021837.22899-1-cote2004-github@yahoo.com> In-Reply-To: <20180522120215.13360-4-cote2004-github@yahoo.com> References: <20180522120215.13360-4-cote2004-github@yahoo.com> X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20180530_191904_580483_DD1D5F46 X-CRM114-Status: GOOD ( 11.83 ) X-Spam-Score: 1.3 (+) X-Spam-Report: SpamAssassin version 3.4.1 on bombadil.infradead.org summary: Content analysis details: (1.3 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no trust [66.163.188.204 listed in list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 DKIM_ADSP_CUSTOM_MED No valid author signature, adsp_override is CUSTOM_MED 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (cote2004-github[at]yahoo.com) 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid 0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid 1.2 NML_ADSP_CUSTOM_MED ADSP custom_med hit, and not from a mailing list I've rewritten the patch, removing deprecated API. It is much cleaner now; ustream-io-openssl.c has no #if's, and they're minimized in ustream-openssl.c. Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com> --- openssl_bio_compat.h | 34 ++++++++++++++++++++++++++++++++++ ustream-io-openssl.c | 45 +++------------------------------------------ ustream-openssl.c | 26 ++++++++++++-------------- 3 files changed, 49 insertions(+), 56 deletions(-) create mode 100644 openssl_bio_compat.h diff --git a/openssl_bio_compat.h b/openssl_bio_compat.h new file mode 100644 index 0000000..dedc412 --- /dev/null +++ b/openssl_bio_compat.h @@ -0,0 +1,34 @@ +#ifndef OPENSSL_BIO_COMPAT_H +#define OPENSSL_BIO_COMPAT_H + +#include <openssl/opensslv.h> +#if OPENSSL_VERSION_NUMBER < 0x10100000L + +#include <openssl/bio.h> +#include <string.h> + +#define BIO_get_data(b) (b->ptr) +#define BIO_set_data(b, v) (b->ptr = v) +#define BIO_set_init(b, v) (b->init = v) +#define BIO_set_shutdown(b, v) (b->flags = v) +#define BIO_meth_set_write(m, f) (m->bwrite = f) +#define BIO_meth_set_read(m, f) (m->bread = f) +#define BIO_meth_set_puts(m, f) (m->bputs = f) +#define BIO_meth_set_gets(m, f) (m->bgets = f) +#define BIO_meth_set_ctrl(m, f) (m->ctrl = f) +#define BIO_meth_set_create(m, f) (m->create = f) +#define BIO_meth_set_destroy(m, f) (m->destroy = f) + +static inline BIO_METHOD *BIO_meth_new(int type, const char *name) +{ + BIO_METHOD *bm = calloc(1, sizeof(BIO_METHOD)); + if (bm) { + bm->type = type; + bm->name = name; + } + return bm; +} + +#endif /* OPENSSL_VERSION_NUMBER */ + +#endif /* OPENSSL_BIO_COMPAT_H */ diff --git a/ustream-io-openssl.c b/ustream-io-openssl.c index 73a2ba6..aa9f401 100644 --- a/ustream-io-openssl.c +++ b/ustream-io-openssl.c @@ -21,21 +21,15 @@ #include <libubox/ustream.h> #include "ustream-ssl.h" +#include "openssl_bio_compat.h" #include "ustream-internal.h" static int s_ustream_new(BIO *b) { -#if OPENSSL_VERSION_NUMBER >= 0x10100000L BIO_set_init(b, 1); BIO_set_data(b, NULL); BIO_set_shutdown(b, 0); -#else - b->init = 1; - b->num = 0; - b->ptr = NULL; - b->flags = 0; -#endif return 1; } @@ -45,15 +39,9 @@ s_ustream_free(BIO *b) if (!b) return 0; -#if OPENSSL_VERSION_NUMBER >= 0x10100000L BIO_set_data(b, NULL); BIO_set_init(b, 0); BIO_set_shutdown(b, 0); -#else - b->ptr = NULL; - b->init = 0; - b->flags = 0; -#endif return 1; } @@ -67,11 +55,7 @@ s_ustream_read(BIO *b, char *buf, int len) if (!buf || len <= 0) return 0; -#if OPENSSL_VERSION_NUMBER >= 0x10100000L s = (struct ustream *)BIO_get_data(b); -#else - s = (struct ustream *)b->ptr; -#endif if (!s) return 0; @@ -100,11 +84,7 @@ s_ustream_write(BIO *b, const char *buf, int len) if (!buf || len <= 0) return 0; -#if OPENSSL_VERSION_NUMBER >= 0x10100000L s = (struct ustream *)BIO_get_data(b); -#else - s = (struct ustream *)b->ptr; -#endif if (!s) return 0; @@ -136,29 +116,13 @@ static long s_ustream_ctrl(BIO *b, int cmd, long num, void *ptr) }; } -#if OPENSSL_VERSION_NUMBER < 0x10100000L -static BIO_METHOD methods_ustream = { - 100 | BIO_TYPE_SOURCE_SINK, - "ustream", - s_ustream_write, - s_ustream_read, - s_ustream_puts, - s_ustream_gets, - s_ustream_ctrl, - s_ustream_new, - s_ustream_free, - NULL, -}; -#endif - static BIO *ustream_bio_new(struct ustream *s) { BIO *bio; -#if OPENSSL_VERSION_NUMBER >= 0x10100000L BIO_METHOD *methods_ustream; - methods_ustream = BIO_meth_new(BIO_get_new_index() | BIO_TYPE_SOURCE_SINK, "ustream"); + methods_ustream = BIO_meth_new(100 | BIO_TYPE_SOURCE_SINK, "ustream"); BIO_meth_set_write(methods_ustream, s_ustream_write); BIO_meth_set_read(methods_ustream, s_ustream_read); BIO_meth_set_puts(methods_ustream, s_ustream_puts); @@ -168,10 +132,7 @@ static BIO *ustream_bio_new(struct ustream *s) BIO_meth_set_destroy(methods_ustream, s_ustream_free); bio = BIO_new(methods_ustream); BIO_set_data(bio, s); -#else - bio = BIO_new(&methods_ustream); - bio->ptr = s; -#endif + return bio; } diff --git a/ustream-openssl.c b/ustream-openssl.c index 303b58e..c6839ea 100644 --- a/ustream-openssl.c +++ b/ustream-openssl.c @@ -25,42 +25,40 @@ __hidden struct ustream_ssl_ctx * __ustream_ssl_context_new(bool server) { - static bool _init = false; const void *m; SSL_CTX *c; +#if OPENSSL_VERSION_NUMBER < 0x10100000L + static bool _init = false; + if (!_init) { SSL_load_error_strings(); SSL_library_init(); _init = true; } +# define TLS_server_method SSLv23_server_method +# define TLS_client_method SSLv23_client_method +#endif - if (server) -#ifdef CYASSL_OPENSSL_H_ - m = SSLv23_server_method(); -#elif OPENSSL_VERSION_NUMBER >= 0x10100000L + if (server) { m = TLS_server_method(); -#else - m = TLSv1_2_server_method(); -#endif - else -#if OPENSSL_VERSION_NUMBER >= 0x10100000L + } else m = TLS_client_method(); -#else - m = SSLv23_client_method(); -#endif c = SSL_CTX_new((void *) m); if (!c) return NULL; SSL_CTX_set_verify(c, SSL_VERIFY_NONE, NULL); -#if !defined(OPENSSL_NO_ECDH) && !defined(CYASSL_OPENSSL_H_) + SSL_CTX_set_options (c, SSL_OP_NO_COMPRESSION); /* avoid CRIME attack */ +#if !defined(OPENSSL_NO_ECDH) && !defined(CYASSL_OPENSSL_H_) && OPENSSL_VERSION_NUMBER < 0x10100000L SSL_CTX_set_ecdh_auto(c, 1); #endif if (server) { #if OPENSSL_VERSION_NUMBER >= 0x10100000L SSL_CTX_set_min_proto_version(c, TLS1_2_VERSION); +#else + SSL_CTX_set_options (c, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1); #endif SSL_CTX_set_cipher_list(c, "DEFAULT:!RC4:@STRENGTH"); } -- 2.16.1 ]