From patchwork Sun May 20 20:26:33 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jo-Philipp Wich X-Patchwork-Id: 917269 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=lists.openwrt.org (client-ip=2607:7c80:54:e::133; helo=bombadil.infradead.org; envelope-from=openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=mein.io Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=lists.infradead.org header.i=@lists.infradead.org header.b="pHrRfLSp"; dkim-atps=neutral Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 40ptk70z01z9s3c for ; Mon, 21 May 2018 06:27:11 +1000 (AEST) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.infradead.org; s=bombadil.20170209; h=Sender: Content-Transfer-Encoding:Content-Type:MIME-Version:Cc:List-Subscribe: List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id:Subject:Message-Id: Date:To:From:Reply-To:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References: List-Owner; bh=1svTl0tOXW3u7XeaFNKF789zKhFKO36SGh2samflg+o=; b=pHrRfLSpDyT1ue 2xGKtWZMWJRbIFbi1zjopWODpZmPsR7vnYKh2PJdOpuSjqEs/6y5WPObzlHDFxlW3BOwTtOuRxsmK CGI9hUbsGs6c49coI4wc906vfvlLhSJhVMY/JAJXGP81qUciS+cCk3Bf/6H3v3KKcGdU7SMiltQuv eIdCMC3krHcmfir6ktPRoRjIqGX0xwJ1NBiQNiLIN3BZPEF2+TGrZ0WFD8/uiO5dkA/Q7ss44TFlb xp2XRbVX3txeup3cw8SFeIV4HiigQyLfH5u5dEX4Q4QRXfWCE4LiRbbI4aN6kY5Aru1ocWp+6exkD lOnBNvIaBR/DHbGwBHcg==; Received: from localhost ([127.0.0.1] helo=bombadil.infradead.org) by bombadil.infradead.org with esmtp (Exim 4.90_1 #2 (Red Hat Linux)) id 1fKUv6-0006c4-4n; Sun, 20 May 2018 20:27:08 +0000 Received: from mxout01.bytecamp.net ([212.204.60.217]) by bombadil.infradead.org with esmtps (Exim 4.90_1 #2 (Red Hat Linux)) id 1fKUut-0005q5-VL for openwrt-devel@lists.openwrt.org; Sun, 20 May 2018 20:27:05 +0000 Received: by mxout01.bytecamp.net (Postfix, from userid 1001) id 3D4E1575536; Sun, 20 May 2018 22:26:40 +0200 (CEST) Received: from mail.bytecamp.net (mail.bytecamp.net [212.204.60.9]) by mxout01.bytecamp.net (Postfix) with ESMTP id D57C956F2D7 for ; Sun, 20 May 2018 22:26:39 +0200 (CEST) Received: (qmail 44960 invoked from network); 20 May 2018 22:26:39 +0200 Received: from unknown (HELO localhost.localdomain) (jo%wwsnet.net@95.90.23.197) by mail.bytecamp.net with ESMTPS (DHE-RSA-AES128-GCM-SHA256 encrypted); 20 May 2018 22:26:39 +0200 From: Jo-Philipp Wich To: openwrt-devel@lists.openwrt.org Date: Sun, 20 May 2018 22:26:33 +0200 Message-Id: <20180520202633.8175-1-jo@mein.io> X-Mailer: git-send-email 2.11.0 X-CRM114-Version: 20100106-BlameMichelson ( TRE 0.8.0 (BSD) ) MR-646709E3 X-CRM114-CacheID: sfid-20180520_132656_397370_6C6986C4 X-CRM114-Status: GOOD ( 11.38 ) X-Spam-Score: -0.7 (/) X-Spam-Report: SpamAssassin version 3.4.1 on bombadil.infradead.org summary: Content analysis details: (-0.7 points) pts rule name description ---- ---------------------- -------------------------------------------------- -0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at http://www.dnswl.org/, low trust [212.204.60.217 listed in list.dnswl.org] Subject: [OpenWrt-Devel] [RFC PATCH ustream-ssl] openssl: support OpenSSL 1.1.x API X-BeenThere: openwrt-devel@lists.openwrt.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Jo-Philipp Wich , nbd@nbd.name MIME-Version: 1.0 Sender: "openwrt-devel" Errors-To: openwrt-devel-bounces+incoming=patchwork.ozlabs.org@lists.openwrt.org This commit changes ustream-ssl to support OpenSSL 1.1x as backend. OpenSSL 1.1.x made the BIO and BIO_METHOD structures opaque and introduced new getter/setter APIs to deal with them, therfore define forward-compat stubs for older OpenSSL versions and change the code in ustream-io-openssl.c to only use the new API. The new OpenSSL version also deprecated the use of TLSv1_2_server_method() in favor to versionless method names, therefor use TLS_server_method() for version 1.1.0 and later. Finally, even the library initialization is not compatible anymore as version 1.1.0 deprecated SSL_library_init() and SSL_load_error_string() in favor to calling OPENSSL_init_ssl() instead, so adjust the ustream initalization to use either variant, depending on the OpenSSL version. Signed-off-by: Jo-Philipp Wich --- ustream-io-openssl.c | 73 +++++++++++++++++++++++++++++++++++----------------- ustream-openssl.c | 10 +++++-- 2 files changed, 58 insertions(+), 25 deletions(-) diff --git a/ustream-io-openssl.c b/ustream-io-openssl.c index 6711055..0e45e5f 100644 --- a/ustream-io-openssl.c +++ b/ustream-io-openssl.c @@ -23,13 +23,37 @@ #include "ustream-ssl.h" #include "ustream-internal.h" +#if OPENSSL_VERSION_NUMBER < 0x10100000L +# define BIO_get_data(b) (b->ptr) +# define BIO_set_init(b, v) (b->init = v) +# define BIO_set_data(b, v) (b->ptr = v) +# define BIO_meth_set_write(m, f) (m->bwrite = f) +# define BIO_meth_set_read(m, f) (m->bread = f) +# define BIO_meth_set_puts(m, f) (m->bputs = f) +# define BIO_meth_set_gets(m, f) (m->bgets = f) +# define BIO_meth_set_ctrl(m, f) (m->ctrl = f) +# define BIO_meth_set_create(m, f) (m->create = f) +# define BIO_meth_set_destroy(m, f) (m->destroy = f) + +static BIO_METHOD *BIO_meth_new(int type, const char *name) +{ + BIO_METHOD *bm; + + bm = calloc(1, sizeof(*bm)); + + if (bm) { + bm->type = type; + bm->name = name; + } + + return bm; +} +#endif + static int s_ustream_new(BIO *b) { - b->init = 1; - b->num = 0; - b->ptr = NULL; - b->flags = 0; + BIO_set_init(b, 1); return 1; } @@ -39,9 +63,8 @@ s_ustream_free(BIO *b) if (!b) return 0; - b->ptr = NULL; - b->init = 0; - b->flags = 0; + BIO_set_init(b, 0); + BIO_set_data(b, NULL); return 1; } @@ -55,7 +78,7 @@ s_ustream_read(BIO *b, char *buf, int len) if (!buf || len <= 0) return 0; - s = (struct ustream *)b->ptr; + s = (struct ustream *)BIO_get_data(b); if (!s) return 0; @@ -84,7 +107,7 @@ s_ustream_write(BIO *b, const char *buf, int len) if (!buf || len <= 0) return 0; - s = (struct ustream *)b->ptr; + s = (struct ustream *)BIO_get_data(b); if (!s) return 0; @@ -116,25 +139,29 @@ static long s_ustream_ctrl(BIO *b, int cmd, long num, void *ptr) }; } -static BIO_METHOD methods_ustream = { - 100 | BIO_TYPE_SOURCE_SINK, - "ustream", - s_ustream_write, - s_ustream_read, - s_ustream_puts, - s_ustream_gets, - s_ustream_ctrl, - s_ustream_new, - s_ustream_free, - NULL, -}; +static BIO_METHOD *methods_ustream; static BIO *ustream_bio_new(struct ustream *s) { BIO *bio; - bio = BIO_new(&methods_ustream); - bio->ptr = s; + if (!methods_ustream) { + methods_ustream = BIO_meth_new(100 | BIO_TYPE_SOURCE_SINK, "ustream"); + + if (!methods_ustream) + return NULL; + + BIO_meth_set_write(methods_ustream, s_ustream_write); + BIO_meth_set_read(methods_ustream, s_ustream_read); + BIO_meth_set_puts(methods_ustream, s_ustream_puts); + BIO_meth_set_gets(methods_ustream, s_ustream_gets); + BIO_meth_set_ctrl(methods_ustream, s_ustream_ctrl); + BIO_meth_set_create(methods_ustream, s_ustream_new); + BIO_meth_set_destroy(methods_ustream, s_ustream_free); + } + + bio = BIO_new(methods_ustream); + BIO_set_data(bio, s); return bio; } diff --git a/ustream-openssl.c b/ustream-openssl.c index eb03dab..6ea6429 100644 --- a/ustream-openssl.c +++ b/ustream-openssl.c @@ -30,16 +30,22 @@ __ustream_ssl_context_new(bool server) SSL_CTX *c; if (!_init) { +#if OPENSSL_VERSION_NUMBER < 0x10100000L SSL_load_error_strings(); SSL_library_init(); +#else + OPENSSL_init_ssl(0, NULL); +#endif _init = true; } if (server) -#ifdef CYASSL_OPENSSL_H_ +#if defined(CYASSL_OPENSSL_H_) m = SSLv23_server_method(); -#else +#elif OPENSSL_VERSION_NUMBER < 0x10100000L m = TLSv1_2_server_method(); +#else + m = TLS_server_method(); #endif else m = SSLv23_client_method();