[From nobody Thu Jun 25 05:54:42 2020
Received: from sonic308-12.consmr.mail.ne1.yahoo.com ([66.163.187.35])
 by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux))
 id 1fU2Rd-0003V9-L4
 for openwrt-devel@lists.openwrt.org; Sat, 16 Jun 2018 04:04:12 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048;
 t=1529121835; bh=XU6Fvtwau59Eau8wU740rav4BJ4NvFYiafW424xyNbg=;
 h=From:To:Cc:Subject:Date:In-Reply-To:References:In-Reply-To:References:From:Subject;
 b=LwNpmPPMU4ty5gXVdtwBAWoHfLRkKH4JApCi6kmf8G/j2gXS7QDHScxfu7Hcvx4lhwUBULoQ+6efyB0Tk1oBMrD+bf/Gjz9unVqdYy5+e98MefUVV6XP14FRrl1NdZPPAG6t56vu6AuC4E7v9GRVl/GRkeyVljOfZO616lQxoyc+VrX8UTRVh8iHoFoyMababj4gJmxY32s5SK+1/Cx6SoD1afD7nX2R/Stu94t7sCPsLVjgQ3FiUlgddeKBaIP+ilErBxOR2L6pz/VeRcbKxteLdm+j9xVTYQK6UyXUw1AavHRs1MoSXCDCW9vk3g7voufIsmE38pzHA/mmVGxcgQ==
X-YMail-OSG: OatSRFkVM1l125NoG74qiL2J7XW2ulM41ebNEDJY_3FzZrUWFYI.F.nxAnQmwnL
 h2gCXTB27ZkgS3HsoTvrMUvmmLY4b1c.5brHII4zJ3vQsOxqTJ83Uo9MGu5ai2pCHBRYCNfqpLEj
 2hPwUh9AKAoBPHiTAEYHqSkohnY5meJpkOOMO6knNFgbRWJdsGSXueOEHYGSo3CGwYo_FirFUiBr
 V4tIOFVcZddE.a6L1kjJZWcQJ_tMZYjikgjoQp8qacvWTRDKsDkN9_yxBYsXr.OoV.igbyqcZae5
 F8cHdkX6rstjZI2CbS7Qa_6xBCtlAK9e2vbHTRPJntsQiirBHhTOHSlKwRY0SKBVtjm19oD3rHWT
 uAjpeD_lwVJyecyVrtGD.W4jasaTN2UJWNiqfCRjyaCWYSdPHf1Vz7CwENhbwreEBWTjzBY_Z_kf
 DbVT4FTwnLsxvgmAGovJOaqw8A08fHB4qx0sY3ezg8.rgdDRH8JLquAL3xs147ecDMC9k51aaIwh
 q3n1r1p2yeF.eIX0uqJ6pB93e8Rbj3tK9D128pg.OvY.SqPvcfLkAd_9sbSJnjCA2vQM9gCT8suE
 TFsDnq.1viRzO3UoAbBiTm6E5fIKoKtg7amliUnJZ45Vf0XPXNvRdiKiWbArC3oEpvlq0ZxSuy3i
 IPOJYFr6b9sdvAzotAABE6DWHNpK8KNMG6n62J9RUrVfSPQS5qpd2luLTuJaymv0lUowse0J1Vsj
 VEN2JPO2u2wzIxVufaNs1Q6uXexHwmnpJfECwRwQHdH_OENN4IiIdoLdxgiGG9acWn.klT41IYXv
 v2XinHLoO.4KlJAIcjEoZMmOsJUfTUUz3QPPhGgKpdga3VpwjDMHkL2Ly5pltIbyk3IPEB7T9Pwz
 dFWS9hwCU.4.Zq4YBl_F96JEpn3eiJKCQyiBpfjEwUKis97.lZqVbQ_acP_DDAnv0A5.RU2Ytv8H
 KlPJyKl3.1GCTsRHAD7YQrRLXZATDJjz63A--
Received: from sonic.gate.mail.ne1.yahoo.com by
 sonic308.consmr.mail.ne1.yahoo.com with HTTP; Sat, 16 Jun 2018 04:03:55 +0000
Received: from 18.175.75.177.infopasa.com.br (EHLO gateway.troianet.com.br)
 ([177.75.175.18])
 by smtp408.mail.ne1.yahoo.com (Oath Hermes SMTP Server) with ESMTPA ID
 cbea9a4f35f8bc13a14a401ee42217cf; 
 Sat, 16 Jun 2018 04:03:52 +0000 (UTC)
From: Eneas U de Queiroz <cote2004-github@yahoo.com>
To: openwrt-devel@lists.openwrt.org
Cc: Eneas U de Queiroz <cote2004-github@yahoo.com>
Subject: [PATCH v3 1/3] ustream-ssl: add openssl-1.1.0 compatibility
Date: Sat, 16 Jun 2018 01:03:41 -0300
Message-Id: <20180616040343.24722-2-cote2004-github@yahoo.com>
X-Mailer: git-send-email 2.16.4
In-Reply-To: <20180616040343.24722-1-cote2004-github@yahoo.com>
References: <20180616040343.24722-1-cote2004-github@yahoo.com>
In-Reply-To: <20180531124520.31010-1-cote2004-github@yahoo.com>
References: <20180531124520.31010-1-cote2004-github@yahoo.com>
X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 
X-CRM114-CacheID: sfid-20180615_210409_762677_8F40320C 
X-CRM114-Status: UNSURE (   9.64  )
X-CRM114-Notice: Please train this message.
X-Spam-Score: 1.3 (+)
X-Spam-Report: SpamAssassin version 3.4.1 on bombadil.infradead.org summary:
 Content analysis details:   (1.3 points)
 pts rule name              description
 ---- ---------------------- --------------------------------------------------
 -0.0 RCVD_IN_DNSWL_NONE     RBL: Sender listed at http://www.dnswl.org/, no
 trust [66.163.187.35 listed in list.dnswl.org]
 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
 (cote2004-github[at]yahoo.com)
 0.0 DKIM_ADSP_CUSTOM_MED   No valid author signature, adsp_override is
 CUSTOM_MED
 -0.0 SPF_PASS               SPF: sender matches SPF record
 0.1 DKIM_SIGNED            Message has a DKIM or DK signature,
 not necessarily valid
 0.0 T_DKIM_INVALID         DKIM-Signature header exists but is not valid
 1.2 NML_ADSP_CUSTOM_MED    ADSP custom_med hit, and not from a mailing list

Patch to compile ustream-ssl with openssl-1.1.0, maintaining
compatibility with openssl 1.0.2.

Fixed flag handling in ustream-io-openssl.c.

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
---
 openssl_bio_compat.h | 33 +++++++++++++++++++++++++++++++++
 ustream-io-openssl.c | 46 ++++++++++++++++++++++------------------------
 ustream-openssl.c    | 30 +++++++++++++++++++-----------
 3 files changed, 74 insertions(+), 35 deletions(-)
 create mode 100644 openssl_bio_compat.h

diff --git a/openssl_bio_compat.h b/openssl_bio_compat.h
new file mode 100644
index 0000000..9355c86
--- /dev/null
+++ b/openssl_bio_compat.h
@@ -0,0 +1,33 @@
+#ifndef OPENSSL_BIO_COMPAT_H
+#define OPENSSL_BIO_COMPAT_H
+
+#include <openssl/opensslv.h>
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+
+#include <openssl/bio.h>
+#include <string.h>
+
+#define BIO_get_data(b) (b->ptr)
+#define BIO_set_data(b, v) (b->ptr = v)
+#define BIO_set_init(b, v) (b->init = v)
+#define BIO_meth_set_write(m, f) (m->bwrite = f)
+#define BIO_meth_set_read(m, f) (m->bread = f)
+#define BIO_meth_set_puts(m, f) (m->bputs = f)
+#define BIO_meth_set_gets(m, f) (m->bgets = f)
+#define BIO_meth_set_ctrl(m, f) (m->ctrl = f)
+#define BIO_meth_set_create(m, f) (m->create = f)
+#define BIO_meth_set_destroy(m, f) (m->destroy = f)
+
+static inline BIO_METHOD *BIO_meth_new(int type, const char *name)
+{
+	BIO_METHOD *bm = calloc(1, sizeof(BIO_METHOD));
+	if (bm) {
+		bm->type = type;
+		bm->name = name;
+	}
+	return bm;
+}
+
+#endif /* OPENSSL_VERSION_NUMBER */
+
+#endif /* OPENSSL_BIO_COMPAT_H */
diff --git a/ustream-io-openssl.c b/ustream-io-openssl.c
index 6711055..606ed4a 100644
--- a/ustream-io-openssl.c
+++ b/ustream-io-openssl.c
@@ -21,15 +21,15 @@
 #include <libubox/ustream.h>
 
 #include "ustream-ssl.h"
+#include "openssl_bio_compat.h"
 #include "ustream-internal.h"
 
 static int
 s_ustream_new(BIO *b)
 {
-	b->init = 1;
-	b->num = 0;
-	b->ptr = NULL;
-	b->flags = 0;
+	BIO_set_init(b, 1);
+	BIO_set_data(b, NULL);
+	BIO_clear_flags(b, ~0);
 	return 1;
 }
 
@@ -39,9 +39,9 @@ s_ustream_free(BIO *b)
 	if (!b)
 		return 0;
 
-	b->ptr = NULL;
-	b->init = 0;
-	b->flags = 0;
+	BIO_set_data(b, NULL);
+	BIO_set_init(b, 0);
+	BIO_clear_flags(b, ~0);
 	return 1;
 }
 
@@ -55,7 +55,7 @@ s_ustream_read(BIO *b, char *buf, int len)
 	if (!buf || len <= 0)
 		return 0;
 
-	s = (struct ustream *)b->ptr;
+	s = (struct ustream *)BIO_get_data(b);
 	if (!s)
 		return 0;
 
@@ -84,7 +84,7 @@ s_ustream_write(BIO *b, const char *buf, int len)
 	if (!buf || len <= 0)
 		return 0;
 
-	s = (struct ustream *)b->ptr;
+	s = (struct ustream *)BIO_get_data(b);
 	if (!s)
 		return 0;
 
@@ -116,25 +116,23 @@ static long s_ustream_ctrl(BIO *b, int cmd, long num, void *ptr)
 	};
 }
 
-static BIO_METHOD methods_ustream = {
-	100 | BIO_TYPE_SOURCE_SINK,
-	"ustream",
-	s_ustream_write,
-	s_ustream_read,
-	s_ustream_puts,
-	s_ustream_gets,
-	s_ustream_ctrl,
-	s_ustream_new,
-	s_ustream_free,
-	NULL,
-};
-
 static BIO *ustream_bio_new(struct ustream *s)
 {
 	BIO *bio;
 
-	bio = BIO_new(&methods_ustream);
-	bio->ptr = s;
+	BIO_METHOD *methods_ustream;
+
+	methods_ustream = BIO_meth_new(100 | BIO_TYPE_SOURCE_SINK, "ustream");
+	BIO_meth_set_write(methods_ustream, s_ustream_write);
+	BIO_meth_set_read(methods_ustream, s_ustream_read);
+	BIO_meth_set_puts(methods_ustream, s_ustream_puts);
+	BIO_meth_set_gets(methods_ustream, s_ustream_gets);
+	BIO_meth_set_ctrl(methods_ustream, s_ustream_ctrl);
+	BIO_meth_set_create(methods_ustream, s_ustream_new);
+	BIO_meth_set_destroy(methods_ustream, s_ustream_free);
+	bio = BIO_new(methods_ustream);
+	BIO_set_data(bio, s);
+
 	return bio;
 }
 
diff --git a/ustream-openssl.c b/ustream-openssl.c
index 91bc4e8..c6839ea 100644
--- a/ustream-openssl.c
+++ b/ustream-openssl.c
@@ -25,35 +25,43 @@
 __hidden struct ustream_ssl_ctx *
 __ustream_ssl_context_new(bool server)
 {
-	static bool _init = false;
 	const void *m;
 	SSL_CTX *c;
 
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+	static bool _init = false;
+
 	if (!_init) {
 		SSL_load_error_strings();
 		SSL_library_init();
 		_init = true;
 	}
-
-	if (server)
-#ifdef CYASSL_OPENSSL_H_
-		m = SSLv23_server_method();
-#else
-		m = TLSv1_2_server_method();
+# define TLS_server_method SSLv23_server_method
+# define TLS_client_method SSLv23_client_method
 #endif
-	else
-		m = SSLv23_client_method();
+
+	if (server) {
+		m = TLS_server_method();
+	} else
+		m = TLS_client_method();
 
 	c = SSL_CTX_new((void *) m);
 	if (!c)
 		return NULL;
 
 	SSL_CTX_set_verify(c, SSL_VERIFY_NONE, NULL);
-#if !defined(OPENSSL_NO_ECDH) && !defined(CYASSL_OPENSSL_H_)
+	SSL_CTX_set_options (c, SSL_OP_NO_COMPRESSION); /* avoid CRIME attack */
+#if !defined(OPENSSL_NO_ECDH) && !defined(CYASSL_OPENSSL_H_) && OPENSSL_VERSION_NUMBER < 0x10100000L
 	SSL_CTX_set_ecdh_auto(c, 1);
 #endif
-	if (server)
+	if (server) {
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+		SSL_CTX_set_min_proto_version(c, TLS1_2_VERSION);
+#else
+		SSL_CTX_set_options (c, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1);
+#endif
 		SSL_CTX_set_cipher_list(c, "DEFAULT:!RC4:@STRENGTH");
+	}
 	SSL_CTX_set_quiet_shutdown(c, 1);
 
 	return (void *) c;
-- 
2.16.4


]