diff options
Diffstat (limited to 'openssl-1.1.diff')
-rw-r--r-- | openssl-1.1.diff | 310 |
1 files changed, 310 insertions, 0 deletions
diff --git a/openssl-1.1.diff b/openssl-1.1.diff new file mode 100644 index 000000000000..acac9ab6092d --- /dev/null +++ b/openssl-1.1.diff @@ -0,0 +1,310 @@ +diff -ur ccnet-server-v6.0.10/lib/rsa.c ccnet-server/lib/rsa.c +--- ccnet-server-v6.0.10/lib/rsa.c 2017-05-14 09:14:22.274184846 +0200 ++++ ccnet-server/lib/rsa.c 2017-05-14 13:33:46.600971500 +0200 +@@ -11,13 +11,55 @@ + #include "rsa.h" + #include "utils.h" + ++/* Forward compatibility functions if libssl < 1.1.0. */ ++ ++#if OPENSSL_VERSION_NUMBER < 0x10100000L ++ ++int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d) ++{ ++ /* If the fields n and e in r are NULL, the corresponding input ++ * parameters MUST be non-NULL for n and e. d may be ++ * left NULL (in case only the public key is used). ++ */ ++ if ((r->n == NULL && n == NULL) ++ || (r->e == NULL && e == NULL)) ++ return 0; ++ if (n != NULL) { ++ BN_free(r->n); ++ r->n = n; ++ } ++ if (e != NULL) { ++ BN_free(r->e); ++ r->e = e; ++ } ++ if (d != NULL) { ++ BN_free(r->d); ++ r->d = d; ++ } ++ return 1; ++} ++ ++void RSA_get0_key(const RSA *r, ++ const BIGNUM **n, const BIGNUM **e, const BIGNUM **d) ++{ ++ if (n != NULL) ++ *n = r->n; ++ if (e != NULL) ++ *e = r->e; ++ if (d != NULL) ++ *d = r->d; ++} ++ ++#endif ++ + RSA* + private_key_to_pub(RSA *priv) + { + RSA *pub = RSA_new(); ++ const BIGNUM *n, *e; + +- pub->n = BN_dup(priv->n); +- pub->e = BN_dup(priv->e); ++ RSA_get0_key (priv, &n, &e, NULL); ++ RSA_set0_key (pub, BN_dup(n), BN_dup(e), NULL); + + return pub; + } +@@ -28,18 +70,21 @@ + GString *buf = g_string_new(NULL); + unsigned char *temp; + char *coded; ++ const BIGNUM *n, *e; + +- gsize len = BN_num_bytes(rsa->n); ++ RSA_get0_key (rsa, &n, &e, NULL); ++ ++ gsize len = BN_num_bytes(n); + temp = malloc(len); +- BN_bn2bin(rsa->n, temp); ++ BN_bn2bin(n, temp); + coded = g_base64_encode(temp, len); + g_string_append (buf, coded); + g_string_append_c (buf, ' '); + g_free(coded); + +- len = BN_num_bytes(rsa->e); ++ len = BN_num_bytes(e); + temp = realloc(temp, len); +- BN_bn2bin(rsa->e, temp); ++ BN_bn2bin(e, temp); + coded = g_base64_encode(temp, len); + g_string_append (buf, coded); + g_free(coded); +@@ -54,18 +99,21 @@ + { + unsigned char *temp; + char *coded; ++ const BIGNUM *n, *e; ++ ++ RSA_get0_key (rsa, &n, &e, NULL); + +- gsize len = BN_num_bytes(rsa->n); ++ gsize len = BN_num_bytes(n); + temp = malloc(len); +- BN_bn2bin(rsa->n, temp); ++ BN_bn2bin(n, temp); + coded = g_base64_encode(temp, len); + g_string_append (buf, coded); + g_string_append_c (buf, ' '); + g_free(coded); + +- len = BN_num_bytes(rsa->e); ++ len = BN_num_bytes(e); + temp = realloc(temp, len); +- BN_bn2bin(rsa->e, temp); ++ BN_bn2bin(e, temp); + coded = g_base64_encode(temp, len); + g_string_append (buf, coded); + g_free(coded); +@@ -86,24 +134,31 @@ + *p = '\0'; + + RSA *key = RSA_new(); ++ BIGNUM *n = NULL, *e = NULL; + + num = g_base64_decode(str, &len); +- key->n = BN_bin2bn(num, len, NULL); +- if (!key->n) ++ n = BN_bin2bn(num, len, NULL); ++ if (!n) + goto err; + g_free(num); + + num = g_base64_decode(p+1, &len); +- key->e = BN_bin2bn(num, len, NULL); +- if (!key->e) ++ e = BN_bin2bn(num, len, NULL); ++ if (!e) + goto err; + g_free(num); + ++ RSA_set0_key (key, n, e, NULL); ++ + *p = ' '; + return key; + err: + *p = ' '; + RSA_free (key); ++ if (n) ++ BN_free (n); ++ if (e) ++ BN_free (e); + g_free(num); + return NULL; + } +@@ -153,9 +208,22 @@ + generate_private_key(u_int bits) + { + RSA *private = NULL; +- +- private = RSA_generate_key(bits, 35, NULL, NULL); +- if (private == NULL) +- g_error ("rsa_generate_private_key: key generation failed."); ++ BIGNUM* bne = NULL; ++ ++ bne = BN_new(); ++ if (!BN_set_word(bne, RSA_3)) ++ goto free_all; ++ ++ private = RSA_new(); ++ ++ if (!RSA_generate_key_ex(private, bits, bne, NULL)) ++ goto free_all; ++ + return private; ++ ++free_all: ++ RSA_free(private); ++ BN_free(bne); ++ g_error ("rsa_generate_private_key: key generation failed."); ++ return NULL; + } +diff -ur ccnet-server-v6.0.10/lib/utils.c ccnet-server/lib/utils.c +--- ccnet-server-v6.0.10/lib/utils.c 2017-05-14 09:14:22.274184846 +0200 ++++ ccnet-server/lib/utils.c 2017-05-14 09:51:57.671395998 +0200 +@@ -1053,14 +1053,14 @@ + return -1; + } + +- EVP_CIPHER_CTX ctx; ++ EVP_CIPHER_CTX *ctx; + int ret; + int blks; + + /* Prepare CTX for encryption. */ +- EVP_CIPHER_CTX_init (&ctx); ++ ctx = EVP_CIPHER_CTX_new (); + +- ret = EVP_EncryptInit_ex (&ctx, ++ ret = EVP_EncryptInit_ex (ctx, + EVP_aes_256_cbc(), /* cipher mode */ + NULL, /* engine, NULL for default */ + key, /* derived key */ +@@ -1068,6 +1068,7 @@ + + if (ret == ENC_FAILURE) { + g_warning ("error init\n"); ++ EVP_CIPHER_CTX_free (ctx); + return -1; + } + +@@ -1089,7 +1090,7 @@ + int update_len, final_len; + + /* Do the encryption. */ +- ret = EVP_EncryptUpdate (&ctx, ++ ret = EVP_EncryptUpdate (ctx, + (unsigned char*)*data_out, + &update_len, + (unsigned char*)data_in, +@@ -1100,7 +1101,7 @@ + } + + /* Finish the possible partial block. */ +- ret = EVP_EncryptFinal_ex (&ctx, ++ ret = EVP_EncryptFinal_ex (ctx, + (unsigned char*)*data_out + update_len, + &final_len); + *out_len = update_len + final_len; +@@ -1109,11 +1110,11 @@ + goto enc_error; + } + +- EVP_CIPHER_CTX_cleanup (&ctx); ++ EVP_CIPHER_CTX_free (ctx); + return 0; + + enc_error: +- EVP_CIPHER_CTX_cleanup (&ctx); ++ EVP_CIPHER_CTX_free (ctx); + *out_len = -1; + if (*data_out != NULL) + g_free (*data_out); +@@ -1138,22 +1139,24 @@ + return -1; + } + +- EVP_CIPHER_CTX ctx; ++ EVP_CIPHER_CTX *ctx; + int ret; + + *data_out = NULL; + *out_len = -1; + + /* Prepare CTX for decryption. */ +- EVP_CIPHER_CTX_init (&ctx); +- ret = EVP_DecryptInit_ex (&ctx, ++ ctx = EVP_CIPHER_CTX_new (); ++ ret = EVP_DecryptInit_ex (ctx, + EVP_aes_256_cbc(), /* cipher mode */ + NULL, /* engine, NULL for default */ + key, /* derived key */ + iv); /* initial vector */ + +- if (ret == DEC_FAILURE) ++ if (ret == DEC_FAILURE) { ++ EVP_CIPHER_CTX_free (ctx); + return -1; ++ } + + /* Allocating output buffer. */ + *data_out = (char *)g_malloc (in_len); +@@ -1165,7 +1168,7 @@ + int update_len, final_len; + + /* Do the decryption. */ +- ret = EVP_DecryptUpdate (&ctx, ++ ret = EVP_DecryptUpdate (ctx, + (unsigned char*)*data_out, + &update_len, + (unsigned char*)data_in, +@@ -1174,7 +1177,7 @@ + goto dec_error; + + /* Finish the possible partial block. */ +- ret = EVP_DecryptFinal_ex (&ctx, ++ ret = EVP_DecryptFinal_ex (ctx, + (unsigned char*)*data_out + update_len, + &final_len); + *out_len = update_len + final_len; +@@ -1182,11 +1185,11 @@ + if (ret == DEC_FAILURE || *out_len > in_len) + goto dec_error; + +- EVP_CIPHER_CTX_cleanup (&ctx); ++ EVP_CIPHER_CTX_free (ctx); + return 0; + + dec_error: +- EVP_CIPHER_CTX_cleanup (&ctx); ++ EVP_CIPHER_CTX_free (ctx); + *out_len = -1; + if (*data_out != NULL) + g_free (*data_out); +diff -ur ccnet-server-v6.0.10/tools/ccnet-init.c ccnet-server/tools/ccnet-init.c +--- ccnet-server-v6.0.10/tools/ccnet-init.c 2017-05-14 09:14:22.282184865 +0200 ++++ ccnet-server/tools/ccnet-init.c 2017-05-14 09:57:45.256750068 +0200 +@@ -162,7 +162,7 @@ + + config_dir = ccnet_expand_path (config_dir); + /* printf("[conf_dir=%s\n]", config_dir); */ +- SSLeay_add_all_algorithms(); ++ OpenSSL_add_all_algorithms(); + + if (RAND_status() != 1) { /* it should be seeded automatically */ + fprintf(stderr, "PRNG is not seeded\n"); |