summarylogtreecommitdiffstats
path: root/openssl-1.1.diff
diff options
context:
space:
mode:
Diffstat (limited to 'openssl-1.1.diff')
-rw-r--r--openssl-1.1.diff310
1 files changed, 310 insertions, 0 deletions
diff --git a/openssl-1.1.diff b/openssl-1.1.diff
new file mode 100644
index 00000000000..acac9ab6092
--- /dev/null
+++ b/openssl-1.1.diff
@@ -0,0 +1,310 @@
+diff -ur ccnet-server-v6.0.10/lib/rsa.c ccnet-server/lib/rsa.c
+--- ccnet-server-v6.0.10/lib/rsa.c 2017-05-14 09:14:22.274184846 +0200
++++ ccnet-server/lib/rsa.c 2017-05-14 13:33:46.600971500 +0200
+@@ -11,13 +11,55 @@
+ #include "rsa.h"
+ #include "utils.h"
+
++/* Forward compatibility functions if libssl < 1.1.0. */
++
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
++
++int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d)
++{
++ /* If the fields n and e in r are NULL, the corresponding input
++ * parameters MUST be non-NULL for n and e. d may be
++ * left NULL (in case only the public key is used).
++ */
++ if ((r->n == NULL && n == NULL)
++ || (r->e == NULL && e == NULL))
++ return 0;
++ if (n != NULL) {
++ BN_free(r->n);
++ r->n = n;
++ }
++ if (e != NULL) {
++ BN_free(r->e);
++ r->e = e;
++ }
++ if (d != NULL) {
++ BN_free(r->d);
++ r->d = d;
++ }
++ return 1;
++}
++
++void RSA_get0_key(const RSA *r,
++ const BIGNUM **n, const BIGNUM **e, const BIGNUM **d)
++{
++ if (n != NULL)
++ *n = r->n;
++ if (e != NULL)
++ *e = r->e;
++ if (d != NULL)
++ *d = r->d;
++}
++
++#endif
++
+ RSA*
+ private_key_to_pub(RSA *priv)
+ {
+ RSA *pub = RSA_new();
++ const BIGNUM *n, *e;
+
+- pub->n = BN_dup(priv->n);
+- pub->e = BN_dup(priv->e);
++ RSA_get0_key (priv, &n, &e, NULL);
++ RSA_set0_key (pub, BN_dup(n), BN_dup(e), NULL);
+
+ return pub;
+ }
+@@ -28,18 +70,21 @@
+ GString *buf = g_string_new(NULL);
+ unsigned char *temp;
+ char *coded;
++ const BIGNUM *n, *e;
+
+- gsize len = BN_num_bytes(rsa->n);
++ RSA_get0_key (rsa, &n, &e, NULL);
++
++ gsize len = BN_num_bytes(n);
+ temp = malloc(len);
+- BN_bn2bin(rsa->n, temp);
++ BN_bn2bin(n, temp);
+ coded = g_base64_encode(temp, len);
+ g_string_append (buf, coded);
+ g_string_append_c (buf, ' ');
+ g_free(coded);
+
+- len = BN_num_bytes(rsa->e);
++ len = BN_num_bytes(e);
+ temp = realloc(temp, len);
+- BN_bn2bin(rsa->e, temp);
++ BN_bn2bin(e, temp);
+ coded = g_base64_encode(temp, len);
+ g_string_append (buf, coded);
+ g_free(coded);
+@@ -54,18 +99,21 @@
+ {
+ unsigned char *temp;
+ char *coded;
++ const BIGNUM *n, *e;
++
++ RSA_get0_key (rsa, &n, &e, NULL);
+
+- gsize len = BN_num_bytes(rsa->n);
++ gsize len = BN_num_bytes(n);
+ temp = malloc(len);
+- BN_bn2bin(rsa->n, temp);
++ BN_bn2bin(n, temp);
+ coded = g_base64_encode(temp, len);
+ g_string_append (buf, coded);
+ g_string_append_c (buf, ' ');
+ g_free(coded);
+
+- len = BN_num_bytes(rsa->e);
++ len = BN_num_bytes(e);
+ temp = realloc(temp, len);
+- BN_bn2bin(rsa->e, temp);
++ BN_bn2bin(e, temp);
+ coded = g_base64_encode(temp, len);
+ g_string_append (buf, coded);
+ g_free(coded);
+@@ -86,24 +134,31 @@
+ *p = '\0';
+
+ RSA *key = RSA_new();
++ BIGNUM *n = NULL, *e = NULL;
+
+ num = g_base64_decode(str, &len);
+- key->n = BN_bin2bn(num, len, NULL);
+- if (!key->n)
++ n = BN_bin2bn(num, len, NULL);
++ if (!n)
+ goto err;
+ g_free(num);
+
+ num = g_base64_decode(p+1, &len);
+- key->e = BN_bin2bn(num, len, NULL);
+- if (!key->e)
++ e = BN_bin2bn(num, len, NULL);
++ if (!e)
+ goto err;
+ g_free(num);
+
++ RSA_set0_key (key, n, e, NULL);
++
+ *p = ' ';
+ return key;
+ err:
+ *p = ' ';
+ RSA_free (key);
++ if (n)
++ BN_free (n);
++ if (e)
++ BN_free (e);
+ g_free(num);
+ return NULL;
+ }
+@@ -153,9 +208,22 @@
+ generate_private_key(u_int bits)
+ {
+ RSA *private = NULL;
+-
+- private = RSA_generate_key(bits, 35, NULL, NULL);
+- if (private == NULL)
+- g_error ("rsa_generate_private_key: key generation failed.");
++ BIGNUM* bne = NULL;
++
++ bne = BN_new();
++ if (!BN_set_word(bne, RSA_3))
++ goto free_all;
++
++ private = RSA_new();
++
++ if (!RSA_generate_key_ex(private, bits, bne, NULL))
++ goto free_all;
++
+ return private;
++
++free_all:
++ RSA_free(private);
++ BN_free(bne);
++ g_error ("rsa_generate_private_key: key generation failed.");
++ return NULL;
+ }
+diff -ur ccnet-server-v6.0.10/lib/utils.c ccnet-server/lib/utils.c
+--- ccnet-server-v6.0.10/lib/utils.c 2017-05-14 09:14:22.274184846 +0200
++++ ccnet-server/lib/utils.c 2017-05-14 09:51:57.671395998 +0200
+@@ -1053,14 +1053,14 @@
+ return -1;
+ }
+
+- EVP_CIPHER_CTX ctx;
++ EVP_CIPHER_CTX *ctx;
+ int ret;
+ int blks;
+
+ /* Prepare CTX for encryption. */
+- EVP_CIPHER_CTX_init (&ctx);
++ ctx = EVP_CIPHER_CTX_new ();
+
+- ret = EVP_EncryptInit_ex (&ctx,
++ ret = EVP_EncryptInit_ex (ctx,
+ EVP_aes_256_cbc(), /* cipher mode */
+ NULL, /* engine, NULL for default */
+ key, /* derived key */
+@@ -1068,6 +1068,7 @@
+
+ if (ret == ENC_FAILURE) {
+ g_warning ("error init\n");
++ EVP_CIPHER_CTX_free (ctx);
+ return -1;
+ }
+
+@@ -1089,7 +1090,7 @@
+ int update_len, final_len;
+
+ /* Do the encryption. */
+- ret = EVP_EncryptUpdate (&ctx,
++ ret = EVP_EncryptUpdate (ctx,
+ (unsigned char*)*data_out,
+ &update_len,
+ (unsigned char*)data_in,
+@@ -1100,7 +1101,7 @@
+ }
+
+ /* Finish the possible partial block. */
+- ret = EVP_EncryptFinal_ex (&ctx,
++ ret = EVP_EncryptFinal_ex (ctx,
+ (unsigned char*)*data_out + update_len,
+ &final_len);
+ *out_len = update_len + final_len;
+@@ -1109,11 +1110,11 @@
+ goto enc_error;
+ }
+
+- EVP_CIPHER_CTX_cleanup (&ctx);
++ EVP_CIPHER_CTX_free (ctx);
+ return 0;
+
+ enc_error:
+- EVP_CIPHER_CTX_cleanup (&ctx);
++ EVP_CIPHER_CTX_free (ctx);
+ *out_len = -1;
+ if (*data_out != NULL)
+ g_free (*data_out);
+@@ -1138,22 +1139,24 @@
+ return -1;
+ }
+
+- EVP_CIPHER_CTX ctx;
++ EVP_CIPHER_CTX *ctx;
+ int ret;
+
+ *data_out = NULL;
+ *out_len = -1;
+
+ /* Prepare CTX for decryption. */
+- EVP_CIPHER_CTX_init (&ctx);
+- ret = EVP_DecryptInit_ex (&ctx,
++ ctx = EVP_CIPHER_CTX_new ();
++ ret = EVP_DecryptInit_ex (ctx,
+ EVP_aes_256_cbc(), /* cipher mode */
+ NULL, /* engine, NULL for default */
+ key, /* derived key */
+ iv); /* initial vector */
+
+- if (ret == DEC_FAILURE)
++ if (ret == DEC_FAILURE) {
++ EVP_CIPHER_CTX_free (ctx);
+ return -1;
++ }
+
+ /* Allocating output buffer. */
+ *data_out = (char *)g_malloc (in_len);
+@@ -1165,7 +1168,7 @@
+ int update_len, final_len;
+
+ /* Do the decryption. */
+- ret = EVP_DecryptUpdate (&ctx,
++ ret = EVP_DecryptUpdate (ctx,
+ (unsigned char*)*data_out,
+ &update_len,
+ (unsigned char*)data_in,
+@@ -1174,7 +1177,7 @@
+ goto dec_error;
+
+ /* Finish the possible partial block. */
+- ret = EVP_DecryptFinal_ex (&ctx,
++ ret = EVP_DecryptFinal_ex (ctx,
+ (unsigned char*)*data_out + update_len,
+ &final_len);
+ *out_len = update_len + final_len;
+@@ -1182,11 +1185,11 @@
+ if (ret == DEC_FAILURE || *out_len > in_len)
+ goto dec_error;
+
+- EVP_CIPHER_CTX_cleanup (&ctx);
++ EVP_CIPHER_CTX_free (ctx);
+ return 0;
+
+ dec_error:
+- EVP_CIPHER_CTX_cleanup (&ctx);
++ EVP_CIPHER_CTX_free (ctx);
+ *out_len = -1;
+ if (*data_out != NULL)
+ g_free (*data_out);
+diff -ur ccnet-server-v6.0.10/tools/ccnet-init.c ccnet-server/tools/ccnet-init.c
+--- ccnet-server-v6.0.10/tools/ccnet-init.c 2017-05-14 09:14:22.282184865 +0200
++++ ccnet-server/tools/ccnet-init.c 2017-05-14 09:57:45.256750068 +0200
+@@ -162,7 +162,7 @@
+
+ config_dir = ccnet_expand_path (config_dir);
+ /* printf("[conf_dir=%s\n]", config_dir); */
+- SSLeay_add_all_algorithms();
++ OpenSSL_add_all_algorithms();
+
+ if (RAND_status() != 1) { /* it should be seeded automatically */
+ fprintf(stderr, "PRNG is not seeded\n");