From 2842165415a637939d24aa3e4a40fec0bba84f42 Mon Sep 17 00:00:00 2001 From: "Carsten Haitzler (Rasterman)" Date: Wed, 4 Jan 2017 17:44:13 +0900 Subject: [PATCH] openssl 1.1 build break fixes this fixes building against openssl 1.1 since it broke api in various ways by hiding structs and deprecating api's (this causes warnings not breaks unlike the struct hiding). this adapts to these changes and makes efl build again. @fix --- src/lib/ecore_con/efl_net_ssl_conn-openssl.c | 70 ++++++++++++++++---- src/lib/ecore_con/efl_net_ssl_ctx-openssl.c | 4 ++ src/lib/eet/eet_cipher.c | 29 ++++++++ src/lib/emile/emile_cipher_openssl.c | 15 +++++ 4 files changed, 106 insertions(+), 12 deletions(-) diff --git a/src/lib/ecore_con/efl_net_ssl_conn-openssl.c b/src/lib/ecore_con/efl_net_ssl_conn-openssl.c index 3ecabea3e7..88bb3bc204 100644 --- a/src/lib/ecore_con/efl_net_ssl_conn-openssl.c +++ b/src/lib/ecore_con/efl_net_ssl_conn-openssl.c @@ -33,10 +33,16 @@ static int efl_net_socket_bio_create(BIO *b) { +#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) + BIO_set_init(b, 1); + BIO_set_data(b, NULL); + BIO_set_flags(b, 0); +#else b->init = 1; b->num = 0; b->ptr = NULL; b->flags = 0; +#endif return 1; } @@ -44,9 +50,15 @@ static int efl_net_socket_bio_destroy(BIO *b) { if (!b) return 0; +#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) + BIO_set_init(b, 0); + BIO_set_data(b, NULL); + BIO_set_flags(b, 0); +#else b->init = 0; b->ptr = NULL; b->flags = 0; +#endif return 1; } @@ -57,7 +69,11 @@ efl_net_socket_bio_read(BIO *b, char *buf, int len) .mem = buf, .len = len }; +#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) + Eo *sock = BIO_get_data(b); +#else Eo *sock = b->ptr; +#endif Eina_Error err; if ((!buf) || (len <= 0)) return 0; @@ -89,7 +105,11 @@ efl_net_socket_bio_write(BIO *b, const char *buf, int len) .mem = buf, .len = len }; +#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) + Eo *sock = BIO_get_data(b); +#else Eo *sock = b->ptr; +#endif Eina_Error err; if ((!buf) || (len <= 0)) return 0; @@ -129,17 +149,39 @@ efl_net_socket_bio_puts(BIO *b, const char *str) return efl_net_socket_bio_write(b, str, strlen(str)); } -static BIO_METHOD efl_net_socket_bio = { - 0x400, /* 0x400 means source & sink */ - "efl_net_socket wrapper", - efl_net_socket_bio_write, - efl_net_socket_bio_read, - efl_net_socket_bio_puts, - NULL, /* no gets */ - efl_net_socket_bio_ctrl, - efl_net_socket_bio_create, - efl_net_socket_bio_destroy -}; +static BIO_METHOD * +__efl_net_socket_bio_get(void) +{ +#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) + static BIO_METHOD *efl_net_socket_bio = NULL; + + if (efl_net_socket_bio) return efl_net_socket_bio; + efl_net_socket_bio = BIO_meth_new(0x400 /* 0x400 means source & sink */, + "efl_net_socket wrapper"); + BIO_meth_set_write(efl_net_socket_bio, efl_net_socket_bio_write); + BIO_meth_set_read(efl_net_socket_bio, efl_net_socket_bio_read); + BIO_meth_set_puts(efl_net_socket_bio, efl_net_socket_bio_puts); + BIO_meth_set_ctrl(efl_net_socket_bio, efl_net_socket_bio_ctrl); + BIO_meth_set_create(efl_net_socket_bio, efl_net_socket_bio_create); + BIO_meth_set_destroy(efl_net_socket_bio, efl_net_socket_bio_destroy); + // FIXME: some day we need to clean up, but for now a singleton alloc is ok + // BIO_meth_free(efl_net_socket_bio); + return efl_net_socket_bio; +#else + static BIO_METHOD efl_net_socket_bio = { + 0x400, /* 0x400 means source & sink */ + "efl_net_socket wrapper", + efl_net_socket_bio_write, + efl_net_socket_bio_read, + efl_net_socket_bio_puts, + NULL, /* no gets */ + efl_net_socket_bio_ctrl, + efl_net_socket_bio_create, + efl_net_socket_bio_destroy + }; + return &efl_net_socket_bio; +#endif +} struct _Efl_Net_Ssl_Conn { @@ -314,10 +356,14 @@ efl_net_ssl_conn_setup(Efl_Net_Ssl_Conn *conn, Eina_Bool is_dialer, Efl_Net_Sock conn->ssl = efl_net_ssl_context_connection_new(context); EINA_SAFETY_ON_NULL_RETURN_VAL(conn->ssl, ENOSYS); - conn->bio = BIO_new(&efl_net_socket_bio); + conn->bio = BIO_new(__efl_net_socket_bio_get()); EINA_SAFETY_ON_NULL_GOTO(conn->bio, error_bio); +#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) + BIO_set_data(conn->bio, sock); +#else conn->bio->ptr = sock; +#endif SSL_set_bio(conn->ssl, conn->bio, conn->bio); if (is_dialer) diff --git a/src/lib/ecore_con/efl_net_ssl_ctx-openssl.c b/src/lib/ecore_con/efl_net_ssl_ctx-openssl.c index 12614c728b..ce87b91bee 100644 --- a/src/lib/ecore_con/efl_net_ssl_ctx-openssl.c +++ b/src/lib/ecore_con/efl_net_ssl_ctx-openssl.c @@ -272,6 +272,7 @@ efl_net_ssl_ctx_setup(Efl_Net_Ssl_Ctx *ctx, Efl_Net_Ssl_Ctx_Config cfg) ERR("ssl_ctx=%p SSLv3 is disabled in your OpenSSL build", ctx); #endif break; +#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) case EFL_NET_SSL_CIPHER_TLSV1: ctx->ssl_ctx = SSL_CTX_new(TLSv1_client_method()); break; @@ -281,6 +282,7 @@ efl_net_ssl_ctx_setup(Efl_Net_Ssl_Ctx *ctx, Efl_Net_Ssl_Ctx_Config cfg) case EFL_NET_SSL_CIPHER_TLSV1_2: ctx->ssl_ctx = SSL_CTX_new(TLSv1_2_client_method()); break; +#endif default: ERR("ssl_ctx=%p unsupported cipher %d", ctx, cfg.cipher); return EINVAL; @@ -302,6 +304,7 @@ efl_net_ssl_ctx_setup(Efl_Net_Ssl_Ctx *ctx, Efl_Net_Ssl_Ctx_Config cfg) ERR("ssl_ctx=%p SSLv3 is disabled in your OpenSSL build", ctx); #endif break; +#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) case EFL_NET_SSL_CIPHER_TLSV1: ctx->ssl_ctx = SSL_CTX_new(TLSv1_server_method()); break; @@ -311,6 +314,7 @@ efl_net_ssl_ctx_setup(Efl_Net_Ssl_Ctx *ctx, Efl_Net_Ssl_Ctx_Config cfg) case EFL_NET_SSL_CIPHER_TLSV1_2: ctx->ssl_ctx = SSL_CTX_new(TLSv1_2_server_method()); break; +#endif default: ERR("ssl_ctx=%p unsupported cipher %d", ctx, cfg.cipher); return EINVAL; diff --git a/src/lib/eet/eet_cipher.c b/src/lib/eet/eet_cipher.c index cf9ef71a56..ea4880edcb 100644 --- a/src/lib/eet/eet_cipher.c +++ b/src/lib/eet/eet_cipher.c @@ -475,7 +475,11 @@ eet_identity_sign(FILE *fp, gnutls_datum_t signum = { NULL, 0 }; gnutls_privkey_t privkey; # else /* ifdef HAVE_GNUTLS */ +# if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) + EVP_MD_CTX *md_ctx; +# else EVP_MD_CTX md_ctx; +# endif unsigned int sign_len = 0; int cert_len = 0; # endif /* ifdef HAVE_GNUTLS */ @@ -561,12 +565,24 @@ eet_identity_sign(FILE *fp, } /* Do the signature. */ +#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) + md_ctx = EVP_MD_CTX_new(); + EVP_SignInit(md_ctx, EVP_sha1()); + EVP_SignUpdate(md_ctx, data, st_buf.st_size); + err = EVP_SignFinal(md_ctx, + sign, + (unsigned int *)&sign_len, + key->private_key); + EVP_MD_CTX_free(md_ctx); +#else EVP_SignInit(&md_ctx, EVP_sha1()); EVP_SignUpdate(&md_ctx, data, st_buf.st_size); err = EVP_SignFinal(&md_ctx, sign, (unsigned int *)&sign_len, key->private_key); + EVP_MD_CTX_cleanup(&md_ctx); +#endif if (err != 1) { ERR_print_errors_fp(stdout); @@ -738,7 +754,11 @@ eet_identity_check(const void *data_base, const unsigned char *tmp; EVP_PKEY *pkey; X509 *x509; +#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) + EVP_MD_CTX *md_ctx; +#else EVP_MD_CTX md_ctx; +#endif int err; /* Strange but d2i_X509 seems to put 0 all over the place. */ @@ -757,9 +777,18 @@ eet_identity_check(const void *data_base, } /* Verify the signature */ +#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) + md_ctx = EVP_MD_CTX_new(); + EVP_VerifyInit(md_ctx, EVP_sha1()); + EVP_VerifyUpdate(md_ctx, data_base, data_length); + err = EVP_VerifyFinal(md_ctx, sign, sign_len, pkey); + EVP_MD_CTX_free(md_ctx); +#else EVP_VerifyInit(&md_ctx, EVP_sha1()); EVP_VerifyUpdate(&md_ctx, data_base, data_length); err = EVP_VerifyFinal(&md_ctx, sign, sign_len, pkey); + EVP_MD_CTX_cleanup(&md_ctx); +#endif X509_free(x509); EVP_PKEY_free(pkey); diff --git a/src/lib/emile/emile_cipher_openssl.c b/src/lib/emile/emile_cipher_openssl.c index efd9324a5c..9e0cc04422 100644 --- a/src/lib/emile/emile_cipher_openssl.c +++ b/src/lib/emile/emile_cipher_openssl.c @@ -75,6 +75,16 @@ emile_binbuf_sha1(const Eina_Binbuf * data, unsigned char digest[20]) { const EVP_MD *md = EVP_sha1(); Eina_Slice slice = eina_binbuf_slice_get(data); +#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) + EVP_MD_CTX *ctx = EVP_MD_CTX_new(); + + EVP_DigestInit_ex(ctx, md, NULL); + + EVP_DigestUpdate(ctx, slice.mem, slice.len); + EVP_DigestFinal_ex(ctx, digest, NULL); + + EVP_MD_CTX_free(ctx); +#else EVP_MD_CTX ctx; EVP_MD_CTX_init(&ctx); @@ -84,6 +94,7 @@ emile_binbuf_sha1(const Eina_Binbuf * data, unsigned char digest[20]) EVP_DigestFinal_ex(&ctx, digest, NULL); EVP_MD_CTX_cleanup(&ctx); +#endif return EINA_TRUE; } @@ -308,9 +319,11 @@ emile_cipher_server_listen(Emile_Cipher_Type t) SSL_CTX_set_options(r->ssl_ctx, options | SSL_OP_NO_SSLv2 | SSL_OP_SINGLE_DH_USE); break; +#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) case EMILE_TLSv1: r->ssl_ctx = SSL_CTX_new(TLSv1_server_method()); break; +#endif default: free(r); return NULL; @@ -754,8 +767,10 @@ emile_cipher_server_connect(Emile_Cipher_Type t) options | SSL_OP_NO_SSLv2 | SSL_OP_SINGLE_DH_USE); break; case EMILE_TLSv1: +#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) r->ssl_ctx = SSL_CTX_new(TLSv1_client_method()); break; +#endif default: free(r); return NULL;