From patchwork Sat Aug 25 09:16:56 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bernd Kuhls X-Patchwork-Id: 962150 Return-Path: X-Original-To: incoming-buildroot@patchwork.ozlabs.org Delivered-To: patchwork-incoming-buildroot@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=busybox.net (client-ip=140.211.166.138; helo=whitealder.osuosl.org; envelope-from=buildroot-bounces@busybox.net; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=t-online.de Received: from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 41yCGQ4kYbz9s4s for ; Sat, 25 Aug 2018 19:17:18 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by whitealder.osuosl.org (Postfix) with ESMTP id 7819085DB1; Sat, 25 Aug 2018 09:17:13 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from whitealder.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qBCF7t8x0bAT; Sat, 25 Aug 2018 09:17:11 +0000 (UTC) Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34]) by whitealder.osuosl.org (Postfix) with ESMTP id 0700285D72; Sat, 25 Aug 2018 09:17:11 +0000 (UTC) X-Original-To: buildroot@lists.busybox.net Delivered-To: buildroot@osuosl.org Received: from silver.osuosl.org (smtp3.osuosl.org [140.211.166.136]) by ash.osuosl.org (Postfix) with ESMTP id 2A7AA1CF264 for ; Sat, 25 Aug 2018 09:17:10 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by silver.osuosl.org (Postfix) with ESMTP id 286F121F74 for ; Sat, 25 Aug 2018 09:17:10 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from silver.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ktr7dE5DCSOc for ; Sat, 25 Aug 2018 09:17:07 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from mailout12.t-online.de (mailout12.t-online.de [194.25.134.22]) by silver.osuosl.org (Postfix) with ESMTPS id 1CDC12157D for ; Sat, 25 Aug 2018 09:17:07 +0000 (UTC) Received: from fwd06.aul.t-online.de (fwd06.aul.t-online.de [172.20.26.150]) by mailout12.t-online.de (Postfix) with SMTP id CD2C041D68FF; Sat, 25 Aug 2018 11:17:04 +0200 (CEST) Received: from fli4l.lan.fli4l (ZkxCuoZ-8hnQkoxQFhZc5WtOShzl1V1a5yzC1CVMoe75a89NPP7OR5aFjVtYI1fZ+D@[91.58.2.49]) by fwd06.t-online.de with (TLSv1:ECDHE-RSA-AES256-SHA encrypted) esmtp id 1ftUgp-241Mi80; Sat, 25 Aug 2018 11:17:03 +0200 Received: from mahler.lan.fli4l ([192.168.1.1]:44964 helo=kuhls.lan.fli4l) by fli4l.lan.fli4l with esmtp (Exim 4.91) (envelope-from ) id 1ftUgo-0003CG-NG; Sat, 25 Aug 2018 11:17:03 +0200 From: Bernd Kuhls To: buildroot@buildroot.org Date: Sat, 25 Aug 2018 11:16:56 +0200 Message-Id: <20180825091702.28471-2-bernd.kuhls@t-online.de> X-Mailer: git-send-email 2.18.0 In-Reply-To: <20180825091702.28471-1-bernd.kuhls@t-online.de> References: <20180825091702.28471-1-bernd.kuhls@t-online.de> X-ID: ZkxCuoZ-8hnQkoxQFhZc5WtOShzl1V1a5yzC1CVMoe75a89NPP7OR5aFjVtYI1fZ+D X-TOI-MSGID: c5313761-f9e8-4227-9834-1139bd0cb95b Subject: [Buildroot] [PATCH/next 1/7] package/ecryptfs-utils: Fix build with OpenSSL 1.1.x X-BeenThere: buildroot@busybox.net X-Mailman-Version: 2.1.24 Precedence: list List-Id: Discussion and development of buildroot List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Marcin Bis MIME-Version: 1.0 Errors-To: buildroot-bounces@busybox.net Sender: "buildroot" Signed-off-by: Bernd Kuhls --- package/ecryptfs-utils/0002-openssl110.patch | 173 +++++++++++++++++++ 1 file changed, 173 insertions(+) create mode 100644 package/ecryptfs-utils/0002-openssl110.patch diff --git a/package/ecryptfs-utils/0002-openssl110.patch b/package/ecryptfs-utils/0002-openssl110.patch new file mode 100644 index 0000000000..3ae29a607b --- /dev/null +++ b/package/ecryptfs-utils/0002-openssl110.patch @@ -0,0 +1,173 @@ +Fix build with OpenSSL 1.1.x + +Downloaded from upstream commit +https://code.launchpad.net/~jelle-vdwaa/ecryptfs/ecryptfs/+merge/319746 + +Signed-off-by: Bernd Kuhls + +=== modified file 'src/key_mod/ecryptfs_key_mod_openssl.c' +--- a/src/key_mod/ecryptfs_key_mod_openssl.c 2013-10-25 19:45:09 +0000 ++++ b/src/key_mod/ecryptfs_key_mod_openssl.c 2017-06-02 18:27:28 +0000 +@@ -41,6 +41,7 @@ + #include + #include + #include ++#include + #include + #include + #include +@@ -55,6 +56,19 @@ + char *passphrase; + }; + ++#if OPENSSL_VERSION_NUMBER < 0x10100000L ++static void RSA_get0_key(const RSA *r, ++ const BIGNUM **n, const BIGNUM **e, const BIGNUM **d) ++{ ++ if (n != NULL) ++ *n = r->n; ++ if (e != NULL) ++ *e = r->e; ++ if (d != NULL) ++ *d = r->d; ++} ++#endif ++ + static void + ecryptfs_openssl_destroy_openssl_data(struct openssl_data *openssl_data) + { +@@ -142,6 +156,7 @@ + { + int len, nbits, ebits, i; + int nbytes, ebytes; ++ const BIGNUM *key_n, *key_e; + unsigned char *hash; + unsigned char *data = NULL; + int rc = 0; +@@ -152,11 +167,13 @@ + rc = -ENOMEM; + goto out; + } +- nbits = BN_num_bits(key->n); ++ RSA_get0_key(key, &key_n, NULL, NULL); ++ nbits = BN_num_bits(key_n); + nbytes = nbits / 8; + if (nbits % 8) + nbytes++; +- ebits = BN_num_bits(key->e); ++ RSA_get0_key(key, NULL, &key_e, NULL); ++ ebits = BN_num_bits(key_e); + ebytes = ebits / 8; + if (ebits % 8) + ebytes++; +@@ -179,11 +196,13 @@ + data[i++] = '\02'; + data[i++] = (nbits >> 8); + data[i++] = nbits; +- BN_bn2bin(key->n, &(data[i])); ++ RSA_get0_key(key, &key_n, NULL, NULL); ++ BN_bn2bin(key_n, &(data[i])); + i += nbytes; + data[i++] = (ebits >> 8); + data[i++] = ebits; +- BN_bn2bin(key->e, &(data[i])); ++ RSA_get0_key(key, NULL, &key_e, NULL); ++ BN_bn2bin(key_e, &(data[i])); + i += ebytes; + SHA1(data, len + 3, hash); + to_hex(sig, (char *)hash, ECRYPTFS_SIG_SIZE); +@@ -278,7 +297,9 @@ + BIO *in = NULL; + int rc; + ++ #if OPENSSL_VERSION_NUMBER < 0x10100000L + CRYPTO_malloc_init(); ++ #endif + ERR_load_crypto_strings(); + OpenSSL_add_all_algorithms(); + ENGINE_load_builtin_engines(); + +=== modified file 'src/key_mod/ecryptfs_key_mod_pkcs11_helper.c' +--- a/src/key_mod/ecryptfs_key_mod_pkcs11_helper.c 2013-10-25 19:45:09 +0000 ++++ b/src/key_mod/ecryptfs_key_mod_pkcs11_helper.c 2017-06-02 18:27:28 +0000 +@@ -41,6 +41,7 @@ + #include + #include + #include ++#include + #include + #include + #include +@@ -77,6 +78,19 @@ + typedef const unsigned char *__pkcs11_openssl_d2i_t; + #endif + ++#if OPENSSL_VERSION_NUMBER < 0x10100000L ++static void RSA_get0_key(const RSA *r, ++ const BIGNUM **n, const BIGNUM **e, const BIGNUM **d) ++{ ++ if (n != NULL) ++ *n = r->n; ++ if (e != NULL) ++ *e = r->e; ++ if (d != NULL) ++ *d = r->d; ++} ++#endif ++ + /** + * ecryptfs_pkcs11h_deserialize + * @pkcs11h_data: The deserialized version of the key module data; +@@ -282,7 +296,11 @@ + goto out; + } + ++ #if OPENSSL_VERSION_NUMBER < 0x10100000L + if (pubkey->type != EVP_PKEY_RSA) { ++ #else ++ if (EVP_PKEY_base_id(pubkey) != EVP_PKEY_RSA) { ++ #endif + syslog(LOG_ERR, "PKCS#11: Invalid public key algorithm"); + rc = -EIO; + goto out; +@@ -318,6 +336,7 @@ + int nbytes, ebytes; + char *hash = NULL; + char *data = NULL; ++ const BIGNUM *rsa_n, *rsa_e; + int rc; + + if ((rc = ecryptfs_pkcs11h_get_public_key(&rsa, blob))) { +@@ -331,11 +350,13 @@ + rc = -ENOMEM; + goto out; + } +- nbits = BN_num_bits(rsa->n); ++ RSA_get0_key(rsa, &rsa_n, NULL, NULL); ++ nbits = BN_num_bits(rsa_n); + nbytes = nbits / 8; + if (nbits % 8) + nbytes++; +- ebits = BN_num_bits(rsa->e); ++ RSA_get0_key(rsa, NULL, &rsa_e, NULL); ++ ebits = BN_num_bits(rsa_e); + ebytes = ebits / 8; + if (ebits % 8) + ebytes++; +@@ -358,11 +379,13 @@ + data[i++] = '\02'; + data[i++] = (char)(nbits >> 8); + data[i++] = (char)nbits; +- BN_bn2bin(rsa->n, &(data[i])); ++ RSA_get0_key(rsa, &rsa_n, NULL, NULL); ++ BN_bn2bin(rsa_n, &(data[i])); + i += nbytes; + data[i++] = (char)(ebits >> 8); + data[i++] = (char)ebits; +- BN_bn2bin(rsa->e, &(data[i])); ++ RSA_get0_key(rsa, NULL, &rsa_e, NULL); ++ BN_bn2bin(rsa_e, &(data[i])); + i += ebytes; + SHA1(data, len + 3, hash); + to_hex(sig, hash, ECRYPTFS_SIG_SIZE); + From patchwork Sat Aug 25 09:16:57 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bernd Kuhls X-Patchwork-Id: 962153 Return-Path: X-Original-To: incoming-buildroot@patchwork.ozlabs.org Delivered-To: patchwork-incoming-buildroot@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=busybox.net (client-ip=140.211.166.138; helo=whitealder.osuosl.org; envelope-from=buildroot-bounces@busybox.net; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=t-online.de Received: from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 41yCGW3Dybz9s3Z for ; Sat, 25 Aug 2018 19:17:23 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by whitealder.osuosl.org (Postfix) with ESMTP id 8065485E54; Sat, 25 Aug 2018 09:17:21 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from whitealder.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XtkeADaVWnVo; Sat, 25 Aug 2018 09:17:19 +0000 (UTC) Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34]) by whitealder.osuosl.org (Postfix) with ESMTP id 23FE585DB9; Sat, 25 Aug 2018 09:17:19 +0000 (UTC) X-Original-To: buildroot@lists.busybox.net Delivered-To: buildroot@osuosl.org Received: from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138]) by ash.osuosl.org (Postfix) with ESMTP id 73E961CF264 for ; Sat, 25 Aug 2018 09:17:15 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by whitealder.osuosl.org (Postfix) with ESMTP id 6F7B985DE6 for ; Sat, 25 Aug 2018 09:17:15 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from whitealder.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HfZBnczccn4A for ; Sat, 25 Aug 2018 09:17:13 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from mailout03.t-online.de (mailout03.t-online.de [194.25.134.81]) by whitealder.osuosl.org (Postfix) with ESMTPS id 8824185D72 for ; Sat, 25 Aug 2018 09:17:13 +0000 (UTC) Received: from fwd26.aul.t-online.de (fwd26.aul.t-online.de [172.20.26.131]) by mailout03.t-online.de (Postfix) with SMTP id 9311E4234444; Sat, 25 Aug 2018 11:17:11 +0200 (CEST) Received: from fli4l.lan.fli4l (GEcSDQZSZhMDzRlRSv+c8AdUSkAVm0Uy1I4pwInsfKPXC02iy5qDwnBDO1byQn+gGv@[91.58.2.49]) by fwd26.t-online.de with (TLSv1:ECDHE-RSA-AES256-SHA encrypted) esmtp id 1ftUgq-1L1OUq0; Sat, 25 Aug 2018 11:17:04 +0200 Received: from mahler.lan.fli4l ([192.168.1.1]:44964 helo=kuhls.lan.fli4l) by fli4l.lan.fli4l with esmtp (Exim 4.91) (envelope-from ) id 1ftUgp-0003CG-4D; Sat, 25 Aug 2018 11:17:03 +0200 From: Bernd Kuhls To: buildroot@buildroot.org Date: Sat, 25 Aug 2018 11:16:57 +0200 Message-Id: <20180825091702.28471-3-bernd.kuhls@t-online.de> X-Mailer: git-send-email 2.18.0 In-Reply-To: <20180825091702.28471-1-bernd.kuhls@t-online.de> References: <20180825091702.28471-1-bernd.kuhls@t-online.de> X-ID: GEcSDQZSZhMDzRlRSv+c8AdUSkAVm0Uy1I4pwInsfKPXC02iy5qDwnBDO1byQn+gGv X-TOI-MSGID: 77ed89e9-f38a-4ad1-82a2-1f33fa225b83 Subject: [Buildroot] [PATCH/next 2/7] package/ibrcommon: add openssl 1.1 compatibility X-BeenThere: buildroot@busybox.net X-Mailman-Version: 2.1.24 Precedence: list List-Id: Discussion and development of buildroot List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Marcin Bis MIME-Version: 1.0 Errors-To: buildroot-bounces@busybox.net Sender: "buildroot" Added license hashes. Signed-off-by: Bernd Kuhls --- ...-added-openssl-1.1-compatibility-264.patch | 357 ++++++++++++++++++ package/ibrcommon/ibrcommon.hash | 2 + 2 files changed, 359 insertions(+) create mode 100644 package/ibrcommon/0002-ibrcommon-added-openssl-1.1-compatibility-264.patch diff --git a/package/ibrcommon/0002-ibrcommon-added-openssl-1.1-compatibility-264.patch b/package/ibrcommon/0002-ibrcommon-added-openssl-1.1-compatibility-264.patch new file mode 100644 index 0000000000..90e5147f54 --- /dev/null +++ b/package/ibrcommon/0002-ibrcommon-added-openssl-1.1-compatibility-264.patch @@ -0,0 +1,357 @@ +From a801d10a081e3130e24042256a43190c9eb6c112 Mon Sep 17 00:00:00 2001 +From: Eneas Queiroz <35331380+cotequeiroz@users.noreply.github.com> +Date: Wed, 23 May 2018 03:09:02 -0300 +Subject: [PATCH] ibrcommon: added openssl 1.1 compatibility (#264) + +This patch adds compatibility to openssl 1.1.0. + +Backported from master branch: +https://github.com/ibrdtn/ibrdtn/commit/a801d10a081e3130e24042256a43190c9eb6c112 + +Signed-off-by: Eneas U de Queiroz +Signed-off-by: Bernd Kuhls +--- + ibrcommon/ibrcommon/ssl/HMacStream.cpp | 11 +++--- + ibrcommon/ibrcommon/ssl/HMacStream.h | 2 +- + ibrcommon/ibrcommon/ssl/RSASHA256Stream.cpp | 28 +++++++------ + ibrcommon/ibrcommon/ssl/RSASHA256Stream.h | 2 +- + ibrcommon/ibrcommon/ssl/iostreamBIO.cpp | 44 ++++++++++++++++----- + ibrcommon/ibrcommon/ssl/openssl_compat.h | 38 ++++++++++++++++++ + 6 files changed, 95 insertions(+), 30 deletions(-) + create mode 100644 ibrcommon/ibrcommon/ssl/openssl_compat.h + +diff --git a/ibrcommon/ssl/HMacStream.cpp b/ibrcommon/ssl/HMacStream.cpp +index e5d317e3..66d8ce42 100644 +--- a/ibrcommon/ssl/HMacStream.cpp ++++ b/ibrcommon/ssl/HMacStream.cpp +@@ -20,29 +20,30 @@ + */ + + #include "ibrcommon/ssl/HMacStream.h" ++#include "openssl_compat.h" + + namespace ibrcommon + { + HMacStream::HMacStream(const unsigned char * const key, const int key_size) + : HashStream(EVP_MAX_MD_SIZE, BUFF_SIZE), key_(key), key_size_(key_size) + { +- HMAC_CTX_init(&ctx_); +- HMAC_Init_ex(&ctx_, key_, key_size_, EVP_sha1(), NULL); ++ ctx_ = HMAC_CTX_new(); ++ HMAC_Init_ex(ctx_, key_, key_size_, EVP_sha1(), NULL); + } + + HMacStream::~HMacStream() + { +- HMAC_CTX_cleanup(&ctx_); ++ HMAC_CTX_free(ctx_); + } + + void HMacStream::update(char *buf, const size_t size) + { + // hashing +- HMAC_Update(&ctx_, (unsigned char*)buf, size); ++ HMAC_Update(ctx_, (unsigned char*)buf, size); + } + + void HMacStream::finalize(char * hash, unsigned int &size) + { +- HMAC_Final(&ctx_, (unsigned char*)hash, &size); ++ HMAC_Final(ctx_, (unsigned char*)hash, &size); + } + } +diff --git a/ibrcommon/ssl/HMacStream.h b/ibrcommon/ssl/HMacStream.h +index 7dcea168..d04bceb8 100644 +--- a/ibrcommon/ssl/HMacStream.h ++++ b/ibrcommon/ssl/HMacStream.h +@@ -44,7 +44,7 @@ namespace ibrcommon + const unsigned char * const key_; + const int key_size_; + +- HMAC_CTX ctx_; ++ HMAC_CTX* ctx_; + }; + } + +diff --git a/ibrcommon/ssl/RSASHA256Stream.cpp b/ibrcommon/ssl/RSASHA256Stream.cpp +index d94430ed..d25c5d2f 100644 +--- a/ibrcommon/ssl/RSASHA256Stream.cpp ++++ b/ibrcommon/ssl/RSASHA256Stream.cpp +@@ -21,6 +21,7 @@ + + #include "ibrcommon/ssl/RSASHA256Stream.h" + #include "ibrcommon/Logger.h" ++#include "openssl_compat.h" + #include + + namespace ibrcommon +@@ -30,11 +31,11 @@ namespace ibrcommon + { + // Initialize get pointer. This should be zero so that underflow is called upon first read. + setp(&out_buf_[0], &out_buf_[BUFF_SIZE - 1]); +- EVP_MD_CTX_init(&_ctx); ++ _ctx = EVP_MD_CTX_new(); + + if (!_verify) + { +- if (!EVP_SignInit_ex(&_ctx, EVP_sha256(), NULL)) ++ if (!EVP_SignInit_ex(_ctx, EVP_sha256(), NULL)) + { + IBRCOMMON_LOGGER_TAG("RSASHA256Stream", critical) << "failed to initialize the signature function" << IBRCOMMON_LOGGER_ENDL; + ERR_print_errors_fp(stderr); +@@ -42,7 +43,7 @@ namespace ibrcommon + } + else + { +- if (!EVP_VerifyInit_ex(&_ctx, EVP_sha256(), NULL)) ++ if (!EVP_VerifyInit_ex(_ctx, EVP_sha256(), NULL)) + { + IBRCOMMON_LOGGER_TAG("RSASHA256Stream", critical) << "failed to initialize the verification function" << IBRCOMMON_LOGGER_ENDL; + ERR_print_errors_fp(stderr); +@@ -52,18 +53,19 @@ namespace ibrcommon + + RSASHA256Stream::~RSASHA256Stream() + { +- EVP_MD_CTX_cleanup(&_ctx); ++ EVP_MD_CTX_free(_ctx); + } + + void RSASHA256Stream::reset() + { +- EVP_MD_CTX_cleanup(&_ctx); +- +- EVP_MD_CTX_init(&_ctx); ++#if OPENSSL_VERSION_NUMBER < 0x10100000L ++ EVP_MD_CTX_cleanup(_ctx); ++#endif ++ EVP_MD_CTX_init(_ctx); + + if (!_verify) + { +- if (!EVP_SignInit_ex(&_ctx, EVP_sha256(), NULL)) ++ if (!EVP_SignInit_ex(_ctx, EVP_sha256(), NULL)) + { + IBRCOMMON_LOGGER_TAG("RSASHA256Stream", critical) << "failed to initialize the signature function" << IBRCOMMON_LOGGER_ENDL; + ERR_print_errors_fp(stderr); +@@ -71,7 +73,7 @@ namespace ibrcommon + } + else + { +- if (!EVP_VerifyInit_ex(&_ctx, EVP_sha256(), NULL)) ++ if (!EVP_VerifyInit_ex(_ctx, EVP_sha256(), NULL)) + { + IBRCOMMON_LOGGER_TAG("RSASHA256Stream", critical) << "failed to initialize the verfication function" << IBRCOMMON_LOGGER_ENDL; + ERR_print_errors_fp(stderr); +@@ -91,7 +93,7 @@ namespace ibrcommon + std::vector sign(EVP_PKEY_size(_pkey)); + unsigned int size = EVP_PKEY_size(_pkey); + +- _return_code = EVP_SignFinal(&_ctx, &sign[0], &size, _pkey); ++ _return_code = EVP_SignFinal(_ctx, &sign[0], &size, _pkey); + + _sign = std::string((const char*)&sign[0], size); + +@@ -107,7 +109,7 @@ namespace ibrcommon + if (!_sign_valid) + { + sync(); +- _return_code = EVP_VerifyFinal(&_ctx, reinterpret_cast(their_sign.c_str()), static_cast(their_sign.size()), _pkey); ++ _return_code = EVP_VerifyFinal(_ctx, reinterpret_cast(their_sign.c_str()), static_cast(their_sign.size()), _pkey); + _sign_valid = true; + } + return _return_code; +@@ -145,7 +147,7 @@ namespace ibrcommon + if (!_verify) + // hashing + { +- if (!EVP_SignUpdate(&_ctx, &out_buf_[0], iend - ibegin)) ++ if (!EVP_SignUpdate(_ctx, &out_buf_[0], iend - ibegin)) + { + IBRCOMMON_LOGGER_TAG("RSASHA256Stream", critical) << "failed to feed data into the signature function" << IBRCOMMON_LOGGER_ENDL; + ERR_print_errors_fp(stderr); +@@ -153,7 +155,7 @@ namespace ibrcommon + } + else + { +- if (!EVP_VerifyUpdate(&_ctx, &out_buf_[0], iend - ibegin)) ++ if (!EVP_VerifyUpdate(_ctx, &out_buf_[0], iend - ibegin)) + { + IBRCOMMON_LOGGER_TAG("RSASHA256Stream", critical) << "failed to feed data into the verification function" << IBRCOMMON_LOGGER_ENDL; + ERR_print_errors_fp(stderr); +diff --git a/ibrcommon/ssl/RSASHA256Stream.h b/ibrcommon/ssl/RSASHA256Stream.h +index 344f8e10..6f3a1168 100644 +--- a/ibrcommon/ssl/RSASHA256Stream.h ++++ b/ibrcommon/ssl/RSASHA256Stream.h +@@ -106,7 +106,7 @@ namespace ibrcommon + + /** the context in which the streamed data will be feed into for + calculation of the hash/signature */ +- EVP_MD_CTX _ctx; ++ EVP_MD_CTX * _ctx; + + /** tells if the context needs to be finalized to get a valid signature or + verification */ +diff --git a/ibrcommon/ssl/iostreamBIO.cpp b/ibrcommon/ssl/iostreamBIO.cpp +index 18c1b55c..ea6c63eb 100644 +--- a/ibrcommon/ssl/iostreamBIO.cpp ++++ b/ibrcommon/ssl/iostreamBIO.cpp +@@ -23,6 +23,7 @@ + + #include "ibrcommon/Logger.h" + ++#include "openssl_compat.h" + #include + + namespace ibrcommon +@@ -42,7 +43,20 @@ static int create(BIO *bio); + //static int destroy(BIO *bio); + //static long (*callback_ctrl)(BIO *, int, bio_info_cb *); + +- ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++BIO_METHOD * BIO_iostream_method() ++{ ++ static BIO_METHOD *iostream_method = NULL; ++ if (iostream_method) { ++ iostream_method = BIO_meth_new(iostreamBIO::type, iostreamBIO::name); ++ BIO_meth_set_write(iostream_method, bwrite); ++ BIO_meth_set_read(iostream_method, bread); ++ BIO_meth_set_ctrl(iostream_method, ctrl); ++ BIO_meth_set_create(iostream_method, create); ++ } ++ return iostream_method; ++} ++#else + static BIO_METHOD iostream_method = + { + iostreamBIO::type, +@@ -56,12 +70,17 @@ static BIO_METHOD iostream_method = + NULL,//destroy, + NULL//callback_ctrl + }; ++BIO_METHOD * BIO_iostream_method() ++{ ++ return &iostream_method; ++} ++#endif + + iostreamBIO::iostreamBIO(iostream *stream) + : _stream(stream) + { + /* create BIO */ +- _bio = BIO_new(&iostream_method); ++ _bio = BIO_new(BIO_iostream_method()); + if(!_bio){ + /* creation failed, throw exception */ + char err_buf[ERR_BUF_SIZE]; +@@ -72,7 +91,7 @@ iostreamBIO::iostreamBIO(iostream *stream) + } + + /* save the iostream in the bio object */ +- _bio->ptr = stream; ++ BIO_set_data(_bio, (void *) stream); + } + + BIO * iostreamBIO::getBIO(){ +@@ -81,10 +100,10 @@ BIO * iostreamBIO::getBIO(){ + + static int create(BIO *bio) + { +- bio->ptr = NULL; +- /* (from openssl memory bio) */ +- bio->shutdown=1; +- bio->init=1; ++ BIO_set_data(bio, NULL); ++ BIO_set_shutdown(bio, 1); ++ BIO_set_init(bio, 1); ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + /* from bss_mem.c (openssl): + * bio->num is used to hold the value to return on 'empty', if it is + * 0, should_retry is not set +@@ -93,6 +112,7 @@ static int create(BIO *bio) + * it is set to 0 since the underlying stream is blocking + */ + bio->num= 0; ++#endif + + return 1; + } +@@ -102,7 +122,7 @@ static int create(BIO *bio) + static long ctrl(BIO *bio, int cmd, long num, void *) + { + long ret; +- iostream *stream = reinterpret_cast(bio->ptr); ++ iostream *stream = reinterpret_cast(BIO_get_data(bio)); + + IBRCOMMON_LOGGER_DEBUG_TAG("iostreamBIO", 90) << "ctrl called, cmd: " << cmd << ", num: " << num << "." << IBRCOMMON_LOGGER_ENDL; + +@@ -147,8 +167,12 @@ static long ctrl(BIO *bio, int cmd, long num, void *) + + static int bread(BIO *bio, char *buf, int len) + { +- iostream *stream = reinterpret_cast(bio->ptr); ++ iostream *stream = reinterpret_cast(BIO_get_data(bio)); ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++ int num_bytes = 0; ++#else + int num_bytes = bio->num; ++#endif + + try{ + /* make sure to read at least 1 byte and then read as much as we can */ +@@ -170,7 +194,7 @@ static int bwrite(BIO *bio, const char *buf, int len) + if(len == 0){ + return 0; + } +- iostream *stream = reinterpret_cast(bio->ptr); ++ iostream *stream = reinterpret_cast(BIO_get_data(bio)); + + /* write the data */ + try{ +diff --git a/ibrcommon/ssl/openssl_compat.h b/ibrcommon/ssl/openssl_compat.h +new file mode 100644 +index 00000000..e491677f +--- /dev/null ++++ b/ibrcommon/ssl/openssl_compat.h +@@ -0,0 +1,38 @@ ++#ifndef OPENSSL_COMPAT_H ++#define OPENSSL_COMPAT_H ++ ++#include ++#if OPENSSL_VERSION_NUMBER < 0x10100000L ++ ++#include ++#include ++ ++static inline EVP_MD_CTX * EVP_MD_CTX_new() ++{ ++ EVP_MD_CTX *ctx; ++ ++ ctx = (EVP_MD_CTX *) OPENSSL_malloc(sizeof(EVP_MD_CTX)); ++ EVP_MD_CTX_init(ctx); ++ return ctx; ++} ++#define EVP_MD_CTX_free(c) if (c != NULL) OPENSSL_free(c) ++ ++static inline HMAC_CTX * HMAC_CTX_new() ++{ ++ HMAC_CTX *ctx; ++ ++ ctx = (HMAC_CTX *) OPENSSL_malloc(sizeof(HMAC_CTX)); ++ HMAC_CTX_init(ctx); ++ return ctx; ++} ++#define HMAC_CTX_free(c) if (c != NULL) OPENSSL_free(c) ++ ++#define BIO_get_data(b) b->ptr ++#define BIO_set_data(b, v) b->ptr=v ++#define BIO_set_shutdown(b, v) b->shutdown=v ++#define BIO_set_init(b, v) b->init=v ++ ++#endif /* OPENSSL_VERSION_NUMBER */ ++ ++#endif /* OPENSSL_COMPAT_H */ ++ +-- +2.18.0 + diff --git a/package/ibrcommon/ibrcommon.hash b/package/ibrcommon/ibrcommon.hash index 21a0ec6f19..9d13f06d38 100644 --- a/package/ibrcommon/ibrcommon.hash +++ b/package/ibrcommon/ibrcommon.hash @@ -1,2 +1,4 @@ # Locally calculated sha256 9c457c1ebc01e6216524636628c647bef34ab11bd96f0e0788be8749374fdc20 ibrcommon-1.0.1.tar.gz +sha256 1a0b57773a46d9d4cc2f0d1780a17acc38af506bb1e0234aaa85f8ccd6dc0b92 COPYING +sha256 9b8a430c2136ebcf76bd37f50da7d7a80ede413ec6604cc4694ea536e779854c README From patchwork Sat Aug 25 09:16:58 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bernd Kuhls X-Patchwork-Id: 962152 Return-Path: X-Original-To: incoming-buildroot@patchwork.ozlabs.org Delivered-To: patchwork-incoming-buildroot@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=busybox.net (client-ip=140.211.166.133; helo=hemlock.osuosl.org; envelope-from=buildroot-bounces@busybox.net; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=t-online.de Received: from hemlock.osuosl.org (smtp2.osuosl.org [140.211.166.133]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 41yCGT5WZlz9s3Z for ; Sat, 25 Aug 2018 19:17:21 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by hemlock.osuosl.org (Postfix) with ESMTP id 0342486620; Sat, 25 Aug 2018 09:17:17 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from hemlock.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UrKGy4LThEkZ; Sat, 25 Aug 2018 09:17:14 +0000 (UTC) Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34]) by hemlock.osuosl.org (Postfix) with ESMTP id 6D75982753; Sat, 25 Aug 2018 09:17:14 +0000 (UTC) X-Original-To: buildroot@lists.busybox.net Delivered-To: buildroot@osuosl.org Received: from hemlock.osuosl.org (smtp2.osuosl.org [140.211.166.133]) by ash.osuosl.org (Postfix) with ESMTP id 5660B1CF264 for ; Sat, 25 Aug 2018 09:17:11 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by hemlock.osuosl.org (Postfix) with ESMTP id 53C0B82753 for ; Sat, 25 Aug 2018 09:17:11 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from hemlock.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ACnT1JHGtTqB for ; Sat, 25 Aug 2018 09:17:08 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from mailout04.t-online.de (mailout04.t-online.de [194.25.134.18]) by hemlock.osuosl.org (Postfix) with ESMTPS id 78939826EA for ; Sat, 25 Aug 2018 09:17:08 +0000 (UTC) Received: from fwd34.aul.t-online.de (fwd34.aul.t-online.de [172.20.26.145]) by mailout04.t-online.de (Postfix) with SMTP id 63CF041B2B30; Sat, 25 Aug 2018 11:17:06 +0200 (CEST) Received: from fli4l.lan.fli4l (Tt3XLGZ1Zh8XaR2Zx-9WJ4YxN4148962AK2oJAmhnSuC7P35VUAZ4CpXGcrsqcRQyz@[91.58.2.49]) by fwd34.t-online.de with (TLSv1:ECDHE-RSA-AES256-SHA encrypted) esmtp id 1ftUgr-1Xulfc0; Sat, 25 Aug 2018 11:17:05 +0200 Received: from mahler.lan.fli4l ([192.168.1.1]:44964 helo=kuhls.lan.fli4l) by fli4l.lan.fli4l with esmtp (Exim 4.91) (envelope-from ) id 1ftUgq-0003CG-0n; Sat, 25 Aug 2018 11:17:05 +0200 From: Bernd Kuhls To: buildroot@buildroot.org Date: Sat, 25 Aug 2018 11:16:58 +0200 Message-Id: <20180825091702.28471-4-bernd.kuhls@t-online.de> X-Mailer: git-send-email 2.18.0 In-Reply-To: <20180825091702.28471-1-bernd.kuhls@t-online.de> References: <20180825091702.28471-1-bernd.kuhls@t-online.de> X-ID: Tt3XLGZ1Zh8XaR2Zx-9WJ4YxN4148962AK2oJAmhnSuC7P35VUAZ4CpXGcrsqcRQyz X-TOI-MSGID: 9cca86d3-3f06-489f-99a7-28d92acea8c8 Subject: [Buildroot] [PATCH/next 3/7] package/ipsec-tools: Fix build with OpenSSL 1.1.x X-BeenThere: buildroot@busybox.net X-Mailman-Version: 2.1.24 Precedence: list List-Id: Discussion and development of buildroot List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Marcin Bis MIME-Version: 1.0 Errors-To: buildroot-bounces@busybox.net Sender: "buildroot" Signed-off-by: Bernd Kuhls --- package/ipsec-tools/0006-openssl-1.1.patch | 1104 ++++++++++++++++++++ 1 file changed, 1104 insertions(+) create mode 100644 package/ipsec-tools/0006-openssl-1.1.patch diff --git a/package/ipsec-tools/0006-openssl-1.1.patch b/package/ipsec-tools/0006-openssl-1.1.patch new file mode 100644 index 0000000000..39a7da988d --- /dev/null +++ b/package/ipsec-tools/0006-openssl-1.1.patch @@ -0,0 +1,1104 @@ +From 071fec7181255b9234add44865a435dfdefee520 Mon Sep 17 00:00:00 2001 +In-Reply-To: <20180528120513.560-1-cote2004-github@yahoo.com> +References: <20180528120513.560-1-cote2004-github@yahoo.com> +From: Eneas U de Queiroz +Date: Wed, 30 May 2018 15:42:20 -0300 +Subject: [PATCH] ipsec-tools: add openssl 1.1 support +To: equeiroz@troianet.com.br + +This patch updates the calls to openssl 1.1 API, and adds a +compatibility layer so it compiles with (at least) openssl 1.0.2, I +haven't tested it with lower versions, but all that's needed is to edit +the openssl_compat.* files and add the missing functions there--they're +usually trivial. + +Signed-off-by: Eneas U de Queiroz + +Downloaded from +https://github.com/openwrt/packages/blob/master/net/ipsec-tools/patches/015-openssl-1.1.patch + +Patch was sent upstream: +https://sourceforge.net/p/ipsec-tools/mailman/ipsec-tools-devel/thread/20180528120513.560-1-cote2004-github%40yahoo.com/#msg36327963 + +Signed-off-by: Bernd Kuhls +--- + src/racoon/Makefile.am | 10 +-- + src/racoon/algorithm.c | 6 +- + src/racoon/cfparse.y | 2 +- + src/racoon/crypto_openssl.c | 197 +++++++++++++++++++++------------------- + src/racoon/crypto_openssl.h | 2 +- + src/racoon/eaytest.c | 7 +- + src/racoon/ipsec_doi.c | 2 +- + src/racoon/openssl_compat.c | 213 ++++++++++++++++++++++++++++++++++++++++++++ + src/racoon/openssl_compat.h | 45 ++++++++++ + src/racoon/plainrsa-gen.c | 41 +++++---- + src/racoon/prsa_par.y | 28 ++++-- + src/racoon/rsalist.c | 5 +- + 12 files changed, 431 insertions(+), 127 deletions(-) + create mode 100644 src/racoon/openssl_compat.c + create mode 100644 src/racoon/openssl_compat.h + +diff --git a/src/racoon/Makefile.am b/src/racoon/Makefile.am +index dbaded9..4c585f3 100644 +--- a/src/racoon/Makefile.am ++++ b/src/racoon/Makefile.am +@@ -4,7 +4,7 @@ sbin_PROGRAMS = racoon racoonctl plainrsa-gen + noinst_PROGRAMS = eaytest + include_racoon_HEADERS = racoonctl.h var.h vmbuf.h misc.h gcmalloc.h admin.h \ + schedule.h sockmisc.h isakmp_var.h isakmp.h isakmp_xauth.h \ +- isakmp_cfg.h isakmp_unity.h ipsec_doi.h evt.h ++ isakmp_cfg.h isakmp_unity.h ipsec_doi.h evt.h openssl_compat.h + lib_LTLIBRARIES = libracoon.la + + adminsockdir=${localstatedir}/racoon +@@ -32,7 +32,7 @@ racoon_SOURCES = \ + gssapi.c dnssec.c getcertsbyname.c privsep.c \ + pfkey.c admin.c evt.c ipsec_doi.c oakley.c grabmyaddr.c vendorid.c \ + policy.c localconf.c remoteconf.c crypto_openssl.c algorithm.c \ +- proposal.c sainfo.c strnames.c \ ++ openssl_compat.c proposal.c sainfo.c strnames.c \ + plog.c logger.c schedule.c str2val.c \ + safefile.c backupsa.c genlist.c rsalist.c \ + cftoken.l cfparse.y prsa_tok.l prsa_par.y +@@ -51,12 +51,12 @@ libracoon_la_SOURCES = kmpstat.c vmbuf.c sockmisc.c misc.c + libracoon_la_CFLAGS = -DNOUSE_PRIVSEP $(AM_CFLAGS) + + plainrsa_gen_SOURCES = plainrsa-gen.c plog.c \ +- crypto_openssl.c logger.c ++ crypto_openssl.c logger.c openssl_compat.c + EXTRA_plainrsa_gen_SOURCES = $(MISSING_ALGOS) + plainrsa_gen_LDADD = $(CRYPTOBJS) vmbuf.o misc.o + plainrsa_gen_DEPENDENCIES = $(CRYPTOBJS) vmbuf.o misc.o + +-eaytest_SOURCES = eaytest.c plog.c logger.c ++eaytest_SOURCES = eaytest.c plog.c logger.c openssl_compat.c + EXTRA_eaytest_SOURCES = missing/crypto/sha2/sha2.c + eaytest_LDADD = crypto_openssl_test.o vmbuf.o str2val.o misc_noplog.o \ + $(CRYPTOBJS) +@@ -75,7 +75,7 @@ noinst_HEADERS = \ + debugrm.h isakmp.h misc.h sainfo.h \ + dhgroup.h isakmp_agg.h netdb_dnssec.h schedule.h \ + isakmp_cfg.h isakmp_xauth.h isakmp_unity.h isakmp_frag.h \ +- throttle.h privsep.h \ ++ throttle.h privsep.h openssl_compat.h \ + cfparse_proto.h cftoken_proto.h genlist.h rsalist.h \ + missing/crypto/sha2/sha2.h missing/crypto/rijndael/rijndael_local.h \ + missing/crypto/rijndael/rijndael-api-fst.h \ +diff --git a/src/racoon/algorithm.c b/src/racoon/algorithm.c +index 3fd50f6..66c874b 100644 +--- a/src/racoon/algorithm.c ++++ b/src/racoon/algorithm.c +@@ -128,7 +128,7 @@ static struct enc_algorithm oakley_encdef[] = { + { "aes", algtype_aes, OAKLEY_ATTR_ENC_ALG_AES, 16, + eay_aes_encrypt, eay_aes_decrypt, + eay_aes_weakkey, eay_aes_keylen, }, +-#ifdef HAVE_OPENSSL_CAMELLIA_H ++#if defined(HAVE_OPENSSL_CAMELLIA_H) && ! defined(OPENSSL_NO_CAMELLIA) + { "camellia", algtype_camellia, OAKLEY_ATTR_ENC_ALG_CAMELLIA, 16, + eay_camellia_encrypt, eay_camellia_decrypt, + eay_camellia_weakkey, eay_camellia_keylen, }, +@@ -168,7 +168,7 @@ static struct enc_algorithm ipsec_encdef[] = { + { "twofish", algtype_twofish, IPSECDOI_ESP_TWOFISH, 16, + NULL, NULL, + NULL, eay_twofish_keylen, }, +-#ifdef HAVE_OPENSSL_IDEA_H ++#if defined(HAVE_OPENSSL_IDEA_H) && ! defined(OPENSSL_NO_IDEA) + { "3idea", algtype_3idea, IPSECDOI_ESP_3IDEA, 8, + NULL, NULL, + NULL, NULL, }, +@@ -179,7 +179,7 @@ static struct enc_algorithm ipsec_encdef[] = { + { "rc4", algtype_rc4, IPSECDOI_ESP_RC4, 8, + NULL, NULL, + NULL, NULL, }, +-#ifdef HAVE_OPENSSL_CAMELLIA_H ++#if defined(HAVE_OPENSSL_CAMELLIA_H) && ! defined(OPENSSL_NO_CAMELLIA) + { "camellia", algtype_camellia, IPSECDOI_ESP_CAMELLIA, 16, + NULL, NULL, + NULL, eay_camellia_keylen, }, +diff --git a/src/racoon/cfparse.y b/src/racoon/cfparse.y +index 0d9bd67..8415752 100644 +--- a/src/racoon/cfparse.y ++++ b/src/racoon/cfparse.y +@@ -2564,7 +2564,7 @@ set_isakmp_proposal(rmconf) + plog(LLV_DEBUG2, LOCATION, NULL, + "encklen=%d\n", s->encklen); + +- memset(types, 0, ARRAYLEN(types)); ++ memset(types, 0, sizeof types); + types[algclass_isakmp_enc] = s->algclass[algclass_isakmp_enc]; + types[algclass_isakmp_hash] = s->algclass[algclass_isakmp_hash]; + types[algclass_isakmp_dh] = s->algclass[algclass_isakmp_dh]; +diff --git a/src/racoon/crypto_openssl.c b/src/racoon/crypto_openssl.c +index 55b076a..8fb358f 100644 +--- a/src/racoon/crypto_openssl.c ++++ b/src/racoon/crypto_openssl.c +@@ -90,6 +90,7 @@ + #endif + #endif + #include "plog.h" ++#include "openssl_compat.h" + + #define USE_NEW_DES_API + +@@ -316,9 +317,12 @@ eay_cmp_asn1dn(n1, n2) + i = idx+1; + goto end; + } +- if ((ea->value->length == 1 && ea->value->data[0] == '*') || +- (eb->value->length == 1 && eb->value->data[0] == '*')) { +- if (OBJ_cmp(ea->object,eb->object)) { ++ ASN1_STRING *sa = X509_NAME_ENTRY_get_data(ea); ++ ASN1_STRING *sb = X509_NAME_ENTRY_get_data(eb); ++ if ((ASN1_STRING_length(sa) == 1 && ASN1_STRING_get0_data(sa)[0] == '*') || ++ (ASN1_STRING_length(sb) == 1 && ASN1_STRING_get0_data(sb)[0] == '*')) { ++ if (OBJ_cmp(X509_NAME_ENTRY_get_object(ea), ++ X509_NAME_ENTRY_get_object(eb))) { + i = idx+1; + goto end; + } +@@ -430,7 +434,7 @@ cb_check_cert_local(ok, ctx) + + if (!ok) { + X509_NAME_oneline( +- X509_get_subject_name(ctx->current_cert), ++ X509_get_subject_name(X509_STORE_CTX_get_current_cert(ctx)), + buf, + 256); + /* +@@ -438,7 +442,8 @@ cb_check_cert_local(ok, ctx) + * ok if they are self signed. But we should still warn + * the user. + */ +- switch (ctx->error) { ++ int ctx_error = X509_STORE_CTX_get_error(ctx); ++ switch (ctx_error) { + case X509_V_ERR_CERT_HAS_EXPIRED: + case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: + case X509_V_ERR_INVALID_CA: +@@ -453,9 +458,9 @@ cb_check_cert_local(ok, ctx) + } + plog(log_tag, LOCATION, NULL, + "%s(%d) at depth:%d SubjectName:%s\n", +- X509_verify_cert_error_string(ctx->error), +- ctx->error, +- ctx->error_depth, ++ X509_verify_cert_error_string(ctx_error), ++ ctx_error, ++ X509_STORE_CTX_get_error_depth(ctx), + buf); + } + ERR_clear_error(); +@@ -477,10 +482,11 @@ cb_check_cert_remote(ok, ctx) + + if (!ok) { + X509_NAME_oneline( +- X509_get_subject_name(ctx->current_cert), ++ X509_get_subject_name(X509_STORE_CTX_get_current_cert(ctx)), + buf, + 256); +- switch (ctx->error) { ++ int ctx_error=X509_STORE_CTX_get_error(ctx); ++ switch (ctx_error) { + case X509_V_ERR_UNABLE_TO_GET_CRL: + ok = 1; + log_tag = LLV_WARNING; +@@ -490,9 +496,9 @@ cb_check_cert_remote(ok, ctx) + } + plog(log_tag, LOCATION, NULL, + "%s(%d) at depth:%d SubjectName:%s\n", +- X509_verify_cert_error_string(ctx->error), +- ctx->error, +- ctx->error_depth, ++ X509_verify_cert_error_string(ctx_error), ++ ctx_error, ++ X509_STORE_CTX_get_error_depth(ctx), + buf); + } + ERR_clear_error(); +@@ -516,14 +522,15 @@ eay_get_x509asn1subjectname(cert) + if (x509 == NULL) + goto error; + ++ X509_NAME *subject_name = X509_get_subject_name(x509); + /* get the length of the name */ +- len = i2d_X509_NAME(x509->cert_info->subject, NULL); ++ len = i2d_X509_NAME(subject_name, NULL); + name = vmalloc(len); + if (!name) + goto error; + /* get the name */ + bp = (unsigned char *) name->v; +- len = i2d_X509_NAME(x509->cert_info->subject, &bp); ++ len = i2d_X509_NAME(subject_name, &bp); + + X509_free(x509); + +@@ -661,15 +668,16 @@ eay_get_x509asn1issuername(cert) + if (x509 == NULL) + goto error; + ++ X509_NAME *issuer_name = X509_get_issuer_name(x509); + /* get the length of the name */ +- len = i2d_X509_NAME(x509->cert_info->issuer, NULL); ++ len = i2d_X509_NAME(issuer_name, NULL); + name = vmalloc(len); + if (name == NULL) + goto error; + + /* get the name */ + bp = (unsigned char *) name->v; +- len = i2d_X509_NAME(x509->cert_info->issuer, &bp); ++ len = i2d_X509_NAME(issuer_name, &bp); + + X509_free(x509); + +@@ -850,7 +858,7 @@ eay_check_x509sign(source, sig, cert) + return -1; + } + +- res = eay_rsa_verify(source, sig, evp->pkey.rsa); ++ res = eay_rsa_verify(source, sig, EVP_PKEY_get0_RSA(evp)); + + EVP_PKEY_free(evp); + X509_free(x509); +@@ -992,7 +1000,7 @@ eay_get_x509sign(src, privkey) + if (evp == NULL) + return NULL; + +- sig = eay_rsa_sign(src, evp->pkey.rsa); ++ sig = eay_rsa_sign(src, EVP_PKEY_get0_RSA(evp)); + + EVP_PKEY_free(evp); + +@@ -1079,7 +1087,11 @@ eay_strerror() + int line, flags; + unsigned long es; + ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++ es = 0; /* even when allowed by OPENSSL_API_COMPAT, it is defined as 0 */ ++#else + es = CRYPTO_thread_id(); ++#endif + + while ((l = ERR_get_error_line_data(&file, &line, &data, &flags)) != 0){ + n = snprintf(ebuf + len, sizeof(ebuf) - len, +@@ -1100,7 +1112,7 @@ vchar_t * + evp_crypt(vchar_t *data, vchar_t *key, vchar_t *iv, const EVP_CIPHER *e, int enc) + { + vchar_t *res; +- EVP_CIPHER_CTX ctx; ++ EVP_CIPHER_CTX *ctx; + + if (!e) + return NULL; +@@ -1111,7 +1123,7 @@ evp_crypt(vchar_t *data, vchar_t *key, vchar_t *iv, const EVP_CIPHER *e, int enc + if ((res = vmalloc(data->l)) == NULL) + return NULL; + +- EVP_CIPHER_CTX_init(&ctx); ++ ctx = EVP_CIPHER_CTX_new(); + + switch(EVP_CIPHER_nid(e)){ + case NID_bf_cbc: +@@ -1125,54 +1137,41 @@ evp_crypt(vchar_t *data, vchar_t *key, vchar_t *iv, const EVP_CIPHER *e, int enc + /* XXX: can we do that also for algos with a fixed key size ? + */ + /* init context without key/iv +- */ +- if (!EVP_CipherInit(&ctx, e, NULL, NULL, enc)) +- { +- OpenSSL_BUG(); +- vfree(res); +- return NULL; +- } ++ */ ++ if (!EVP_CipherInit(ctx, e, NULL, NULL, enc)) ++ goto out; + +- /* update key size +- */ +- if (!EVP_CIPHER_CTX_set_key_length(&ctx, key->l)) +- { +- OpenSSL_BUG(); +- vfree(res); +- return NULL; +- } +- +- /* finalize context init with desired key size +- */ +- if (!EVP_CipherInit(&ctx, NULL, (u_char *) key->v, ++ /* update key size ++ */ ++ if (!EVP_CIPHER_CTX_set_key_length(ctx, key->l)) ++ goto out; ++ ++ /* finalize context init with desired key size ++ */ ++ if (!EVP_CipherInit(ctx, NULL, (u_char *) key->v, + (u_char *) iv->v, enc)) +- { +- OpenSSL_BUG(); +- vfree(res); +- return NULL; +- } ++ goto out; + break; + default: +- if (!EVP_CipherInit(&ctx, e, (u_char *) key->v, +- (u_char *) iv->v, enc)) { +- OpenSSL_BUG(); +- vfree(res); +- return NULL; +- } ++ if (!EVP_CipherInit(ctx, e, (u_char *) key->v, ++ (u_char *) iv->v, enc)) ++ goto out; + } + + /* disable openssl padding */ +- EVP_CIPHER_CTX_set_padding(&ctx, 0); ++ EVP_CIPHER_CTX_set_padding(ctx, 0); + +- if (!EVP_Cipher(&ctx, (u_char *) res->v, (u_char *) data->v, data->l)) { +- OpenSSL_BUG(); +- vfree(res); +- return NULL; +- } ++ if (!EVP_Cipher(ctx, (u_char *) res->v, (u_char *) data->v, data->l)) ++ goto out; + +- EVP_CIPHER_CTX_cleanup(&ctx); ++ EVP_CIPHER_CTX_free(ctx); + + return res; ++out: ++ EVP_CIPHER_CTX_free(ctx); ++ OpenSSL_BUG(); ++ vfree(res); ++ return NULL; + } + + int +@@ -1230,7 +1229,7 @@ eay_des_keylen(len) + return evp_keylen(len, EVP_des_cbc()); + } + +-#ifdef HAVE_OPENSSL_IDEA_H ++#if defined(HAVE_OPENSSL_IDEA_H) && ! defined(OPENSSL_NO_IDEA) + /* + * IDEA-CBC + */ +@@ -1587,7 +1586,7 @@ eay_aes_keylen(len) + return len; + } + +-#if defined(HAVE_OPENSSL_CAMELLIA_H) ++#if defined(HAVE_OPENSSL_CAMELLIA_H) && ! defined(OPENSSL_NO_CAMELLIA) + /* + * CAMELLIA-CBC + */ +@@ -1680,9 +1679,9 @@ eay_hmac_init(key, md) + vchar_t *key; + const EVP_MD *md; + { +- HMAC_CTX *c = racoon_malloc(sizeof(*c)); ++ HMAC_CTX *c = HMAC_CTX_new(); + +- HMAC_Init(c, key->v, key->l, md); ++ HMAC_Init_ex(c, key->v, key->l, md, NULL); + + return (caddr_t)c; + } +@@ -1761,8 +1760,7 @@ eay_hmacsha2_512_final(c) + + HMAC_Final((HMAC_CTX *)c, (unsigned char *) res->v, &l); + res->l = l; +- HMAC_cleanup((HMAC_CTX *)c); +- (void)racoon_free(c); ++ HMAC_CTX_free((HMAC_CTX *)c); + + if (SHA512_DIGEST_LENGTH != res->l) { + plog(LLV_ERROR, LOCATION, NULL, +@@ -1811,8 +1809,7 @@ eay_hmacsha2_384_final(c) + + HMAC_Final((HMAC_CTX *)c, (unsigned char *) res->v, &l); + res->l = l; +- HMAC_cleanup((HMAC_CTX *)c); +- (void)racoon_free(c); ++ HMAC_CTX_free((HMAC_CTX *)c); + + if (SHA384_DIGEST_LENGTH != res->l) { + plog(LLV_ERROR, LOCATION, NULL, +@@ -1861,8 +1858,7 @@ eay_hmacsha2_256_final(c) + + HMAC_Final((HMAC_CTX *)c, (unsigned char *) res->v, &l); + res->l = l; +- HMAC_cleanup((HMAC_CTX *)c); +- (void)racoon_free(c); ++ HMAC_CTX_free((HMAC_CTX *)c); + + if (SHA256_DIGEST_LENGTH != res->l) { + plog(LLV_ERROR, LOCATION, NULL, +@@ -1912,8 +1908,7 @@ eay_hmacsha1_final(c) + + HMAC_Final((HMAC_CTX *)c, (unsigned char *) res->v, &l); + res->l = l; +- HMAC_cleanup((HMAC_CTX *)c); +- (void)racoon_free(c); ++ HMAC_CTX_free((HMAC_CTX *)c); + + if (SHA_DIGEST_LENGTH != res->l) { + plog(LLV_ERROR, LOCATION, NULL, +@@ -1962,8 +1957,7 @@ eay_hmacmd5_final(c) + + HMAC_Final((HMAC_CTX *)c, (unsigned char *) res->v, &l); + res->l = l; +- HMAC_cleanup((HMAC_CTX *)c); +- (void)racoon_free(c); ++ HMAC_CTX_free((HMAC_CTX *)c); + + if (MD5_DIGEST_LENGTH != res->l) { + plog(LLV_ERROR, LOCATION, NULL, +@@ -2266,6 +2260,7 @@ eay_dh_generate(prime, g, publen, pub, priv) + u_int32_t g; + { + BIGNUM *p = NULL; ++ BIGNUM *BNg = NULL; + DH *dh = NULL; + int error = -1; + +@@ -2276,25 +2271,28 @@ eay_dh_generate(prime, g, publen, pub, priv) + + if ((dh = DH_new()) == NULL) + goto end; +- dh->p = p; +- p = NULL; /* p is now part of dh structure */ +- dh->g = NULL; +- if ((dh->g = BN_new()) == NULL) ++ if ((BNg = BN_new()) == NULL) + goto end; +- if (!BN_set_word(dh->g, g)) ++ if (!BN_set_word(BNg, g)) + goto end; ++ if (! DH_set0_pqg(dh, p, NULL, BNg)) ++ goto end; ++ BNg = NULL; ++ p = NULL; /* p is now part of dh structure */ + + if (publen != 0) +- dh->length = publen; ++ DH_set_length(dh, publen); + + /* generate public and private number */ + if (!DH_generate_key(dh)) + goto end; + + /* copy results to buffers */ +- if (eay_bn2v(pub, dh->pub_key) < 0) ++ BIGNUM *pub_key, *priv_key; ++ DH_get0_key(dh, (const BIGNUM**) &pub_key, (const BIGNUM**) &priv_key); ++ if (eay_bn2v(pub, pub_key) < 0) + goto end; +- if (eay_bn2v(priv, dh->priv_key) < 0) { ++ if (eay_bn2v(priv, priv_key) < 0) { + vfree(*pub); + goto end; + } +@@ -2306,6 +2304,8 @@ end: + DH_free(dh); + if (p != 0) + BN_free(p); ++ if (BNg != 0) ++ BN_free(BNg); + return(error); + } + +@@ -2319,6 +2319,10 @@ eay_dh_compute(prime, g, pub, priv, pub2, key) + int l; + unsigned char *v = NULL; + int error = -1; ++ BIGNUM *p = BN_new(); ++ BIGNUM *BNg = BN_new(); ++ BIGNUM *pub_key = BN_new(); ++ BIGNUM *priv_key = BN_new(); + + /* make public number to compute */ + if (eay_v2bn(&dh_pub, pub2) < 0) +@@ -2327,19 +2331,21 @@ eay_dh_compute(prime, g, pub, priv, pub2, key) + /* make DH structure */ + if ((dh = DH_new()) == NULL) + goto end; +- if (eay_v2bn(&dh->p, prime) < 0) ++ if (p == NULL || BNg == NULL || pub_key == NULL || priv_key == NULL) + goto end; +- if (eay_v2bn(&dh->pub_key, pub) < 0) ++ ++ if (eay_v2bn(&p, prime) < 0) + goto end; +- if (eay_v2bn(&dh->priv_key, priv) < 0) ++ if (eay_v2bn(&pub_key, pub) < 0) + goto end; +- dh->length = pub2->l * 8; +- +- dh->g = NULL; +- if ((dh->g = BN_new()) == NULL) ++ if (eay_v2bn(&priv_key, priv) < 0) + goto end; +- if (!BN_set_word(dh->g, g)) ++ if (!BN_set_word(BNg, g)) + goto end; ++ DH_set0_key(dh, pub_key, priv_key); ++ DH_set_length(dh, pub2->l * 8); ++ DH_set0_pqg(dh, p, NULL, BNg); ++ pub_key = priv_key = p = BNg = NULL; + + if ((v = racoon_calloc(prime->l, sizeof(u_char))) == NULL) + goto end; +@@ -2350,6 +2356,14 @@ eay_dh_compute(prime, g, pub, priv, pub2, key) + error = 0; + + end: ++ if (p != NULL) ++ BN_free(p); ++ if (BNg != NULL) ++ BN_free(BNg); ++ if (pub_key != NULL) ++ BN_free(pub_key); ++ if (priv_key != NULL) ++ BN_free(priv_key); + if (dh_pub != NULL) + BN_free(dh_pub); + if (dh != NULL) +@@ -2400,12 +2414,14 @@ eay_bn2v(var, bn) + void + eay_init() + { ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + OpenSSL_add_all_algorithms(); + ERR_load_crypto_strings(); + #ifdef HAVE_OPENSSL_ENGINE_H + ENGINE_load_builtin_engines(); + ENGINE_register_all_complete(); + #endif ++#endif + } + + vchar_t * +@@ -2504,8 +2520,7 @@ binbuf_pubkey2rsa(vchar_t *binbuf) + goto out; + } + +- rsa_pub->n = mod; +- rsa_pub->e = exp; ++ RSA_set0_key(rsa_pub, mod, exp, NULL); + + out: + return rsa_pub; +@@ -2582,5 +2597,5 @@ eay_random() + const char * + eay_version() + { +- return SSLeay_version(SSLEAY_VERSION); ++ return OpenSSL_version(OPENSSL_VERSION); + } +diff --git a/src/racoon/crypto_openssl.h b/src/racoon/crypto_openssl.h +index 66fac73..ee5b765 100644 +--- a/src/racoon/crypto_openssl.h ++++ b/src/racoon/crypto_openssl.h +@@ -124,7 +124,7 @@ extern vchar_t *eay_aes_decrypt __P((vchar_t *, vchar_t *, vchar_t *)); + extern int eay_aes_weakkey __P((vchar_t *)); + extern int eay_aes_keylen __P((int)); + +-#if defined(HAVE_OPENSSL_CAMELLIA_H) ++#if defined(HAVE_OPENSSL_CAMELLIA_H) && ! defined(OPENSSL_NO_CAMELLIA) + /* Camellia */ + extern vchar_t *eay_camellia_encrypt __P((vchar_t *, vchar_t *, vchar_t *)); + extern vchar_t *eay_camellia_decrypt __P((vchar_t *, vchar_t *, vchar_t *)); +diff --git a/src/racoon/eaytest.c b/src/racoon/eaytest.c +index 1474bdc..ae09db3 100644 +--- a/src/racoon/eaytest.c ++++ b/src/racoon/eaytest.c +@@ -62,6 +62,7 @@ + #include "dhgroup.h" + #include "crypto_openssl.h" + #include "gnuc.h" ++#include "openssl_compat.h" + + #include "package_version.h" + +@@ -103,7 +104,7 @@ rsa_verify_with_pubkey(src, sig, pubkey_txt) + printf ("PEM_read_PUBKEY(): %s\n", eay_strerror()); + return -1; + } +- error = eay_check_rsasign(src, sig, evp->pkey.rsa); ++ error = eay_check_rsasign(src, sig, EVP_PKEY_get0_RSA(evp)); + + return error; + } +@@ -698,7 +699,7 @@ ciphertest(ac, av) + eay_cast_encrypt, eay_cast_decrypt) < 0) + return -1; + +-#ifdef HAVE_OPENSSL_IDEA_H ++#if defined(HAVE_OPENSSL_IDEA_H) && ! defined(OPENSSL_NO_IDEA) + if (ciphertest_1 ("IDEA", + &data, 8, + &key, key.l, +@@ -715,7 +716,7 @@ ciphertest(ac, av) + eay_rc5_encrypt, eay_rc5_decrypt) < 0) + return -1; + #endif +-#if defined(HAVE_OPENSSL_CAMELLIA_H) ++#if defined(HAVE_OPENSSL_CAMELLIA_H) && ! defined(OPENSSL_NO_CAMELLIA) + if (ciphertest_1 ("CAMELLIA", + &data, 16, + &key, key.l, +diff --git a/src/racoon/ipsec_doi.c b/src/racoon/ipsec_doi.c +index 84a4c71..b52469f 100644 +--- a/src/racoon/ipsec_doi.c ++++ b/src/racoon/ipsec_doi.c +@@ -715,7 +715,7 @@ out: + /* key length must not be specified on some algorithms */ + if (keylen) { + if (sa->enctype == OAKLEY_ATTR_ENC_ALG_DES +-#ifdef HAVE_OPENSSL_IDEA_H ++#if defined(HAVE_OPENSSL_IDEA_H) && ! defined(OPENSSL_NO_IDEA) + || sa->enctype == OAKLEY_ATTR_ENC_ALG_IDEA + #endif + || sa->enctype == OAKLEY_ATTR_ENC_ALG_3DES) { +diff --git a/src/racoon/openssl_compat.c b/src/racoon/openssl_compat.c +new file mode 100644 +index 0000000..864b5fb +--- /dev/null ++++ b/src/racoon/openssl_compat.c +@@ -0,0 +1,213 @@ ++/* ++ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. ++ * ++ * Licensed under the OpenSSL license (the "License"). You may not use ++ * this file except in compliance with the License. You can obtain a copy ++ * in the file LICENSE in the source distribution or at ++ * https://www.openssl.org/source/license.html ++ */ ++ ++#include "openssl_compat.h" ++ ++#if OPENSSL_VERSION_NUMBER < 0x10100000L ++ ++#include ++ ++static void *OPENSSL_zalloc(size_t num) ++{ ++ void *ret = OPENSSL_malloc(num); ++ ++ if (ret != NULL) ++ memset(ret, 0, num); ++ return ret; ++} ++ ++int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d) ++{ ++ /* If the fields n and e in r are NULL, the corresponding input ++ * parameters MUST be non-NULL for n and e. d may be ++ * left NULL (in case only the public key is used). ++ */ ++ if ((r->n == NULL && n == NULL) ++ || (r->e == NULL && e == NULL)) ++ return 0; ++ ++ if (n != NULL) { ++ BN_free(r->n); ++ r->n = n; ++ } ++ if (e != NULL) { ++ BN_free(r->e); ++ r->e = e; ++ } ++ if (d != NULL) { ++ BN_free(r->d); ++ r->d = d; ++ } ++ ++ return 1; ++} ++ ++int RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q) ++{ ++ /* If the fields p and q in r are NULL, the corresponding input ++ * parameters MUST be non-NULL. ++ */ ++ if ((r->p == NULL && p == NULL) ++ || (r->q == NULL && q == NULL)) ++ return 0; ++ ++ if (p != NULL) { ++ BN_free(r->p); ++ r->p = p; ++ } ++ if (q != NULL) { ++ BN_free(r->q); ++ r->q = q; ++ } ++ ++ return 1; ++} ++ ++int RSA_set0_crt_params(RSA *r, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp) ++{ ++ /* If the fields dmp1, dmq1 and iqmp in r are NULL, the corresponding input ++ * parameters MUST be non-NULL. ++ */ ++ if ((r->dmp1 == NULL && dmp1 == NULL) ++ || (r->dmq1 == NULL && dmq1 == NULL) ++ || (r->iqmp == NULL && iqmp == NULL)) ++ return 0; ++ ++ if (dmp1 != NULL) { ++ BN_free(r->dmp1); ++ r->dmp1 = dmp1; ++ } ++ if (dmq1 != NULL) { ++ BN_free(r->dmq1); ++ r->dmq1 = dmq1; ++ } ++ if (iqmp != NULL) { ++ BN_free(r->iqmp); ++ r->iqmp = iqmp; ++ } ++ ++ return 1; ++} ++ ++void RSA_get0_key(const RSA *r, ++ const BIGNUM **n, const BIGNUM **e, const BIGNUM **d) ++{ ++ if (n != NULL) ++ *n = r->n; ++ if (e != NULL) ++ *e = r->e; ++ if (d != NULL) ++ *d = r->d; ++} ++ ++void RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q) ++{ ++ if (p != NULL) ++ *p = r->p; ++ if (q != NULL) ++ *q = r->q; ++} ++ ++void RSA_get0_crt_params(const RSA *r, ++ const BIGNUM **dmp1, const BIGNUM **dmq1, ++ const BIGNUM **iqmp) ++{ ++ if (dmp1 != NULL) ++ *dmp1 = r->dmp1; ++ if (dmq1 != NULL) ++ *dmq1 = r->dmq1; ++ if (iqmp != NULL) ++ *iqmp = r->iqmp; ++} ++ ++int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g) ++{ ++ /* If the fields p and g in d are NULL, the corresponding input ++ * parameters MUST be non-NULL. q may remain NULL. ++ */ ++ if ((dh->p == NULL && p == NULL) ++ || (dh->g == NULL && g == NULL)) ++ return 0; ++ ++ if (p != NULL) { ++ BN_free(dh->p); ++ dh->p = p; ++ } ++ if (q != NULL) { ++ BN_free(dh->q); ++ dh->q = q; ++ } ++ if (g != NULL) { ++ BN_free(dh->g); ++ dh->g = g; ++ } ++ ++ if (q != NULL) { ++ dh->length = BN_num_bits(q); ++ } ++ ++ return 1; ++} ++ ++void DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key) ++{ ++ if (pub_key != NULL) ++ *pub_key = dh->pub_key; ++ if (priv_key != NULL) ++ *priv_key = dh->priv_key; ++} ++ ++int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key) ++{ ++ /* If the field pub_key in dh is NULL, the corresponding input ++ * parameters MUST be non-NULL. The priv_key field may ++ * be left NULL. ++ */ ++ if (dh->pub_key == NULL && pub_key == NULL) ++ return 0; ++ ++ if (pub_key != NULL) { ++ BN_free(dh->pub_key); ++ dh->pub_key = pub_key; ++ } ++ if (priv_key != NULL) { ++ BN_free(dh->priv_key); ++ dh->priv_key = priv_key; ++ } ++ ++ return 1; ++} ++ ++int DH_set_length(DH *dh, long length) ++{ ++ dh->length = length; ++ return 1; ++} ++ ++HMAC_CTX *HMAC_CTX_new(void) ++{ ++ return OPENSSL_zalloc(sizeof(HMAC_CTX)); ++} ++ ++void HMAC_CTX_free(HMAC_CTX *ctx) ++{ ++ HMAC_CTX_cleanup(ctx); ++ OPENSSL_free(ctx); ++} ++ ++RSA *EVP_PKEY_get0_RSA(EVP_PKEY *pkey) ++{ ++ if (pkey->type != EVP_PKEY_RSA) { ++ return NULL; ++ } ++ return pkey->pkey.rsa; ++} ++ ++ ++#endif /* OPENSSL_VERSION_NUMBER */ +diff --git a/src/racoon/openssl_compat.h b/src/racoon/openssl_compat.h +new file mode 100644 +index 0000000..9e152c2 +--- /dev/null ++++ b/src/racoon/openssl_compat.h +@@ -0,0 +1,45 @@ ++#ifndef OPENSSL_COMPAT_H ++#define OPENSSL_COMPAT_H ++ ++#include ++#if OPENSSL_VERSION_NUMBER < 0x10100000L ++ ++#include ++#include ++#include ++#include ++ ++int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d); ++int RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q); ++int RSA_set0_crt_params(RSA *r, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp); ++void RSA_get0_key(const RSA *r, const BIGNUM **n, const BIGNUM **e, const BIGNUM **d); ++void RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q); ++void RSA_get0_crt_params(const RSA *r, const BIGNUM **dmp1, const BIGNUM **dmq1, const BIGNUM **iqmp); ++ ++int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g); ++void DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key); ++int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key); ++int DH_set_length(DH *dh, long length); ++ ++HMAC_CTX *HMAC_CTX_new(void); ++void HMAC_CTX_free(HMAC_CTX* ctx); ++ ++RSA *EVP_PKEY_get0_RSA(EVP_PKEY *pkey); ++ ++#define ASN1_STRING_length(s) s->length ++#define ASN1_STRING_get0_data(s) s->data ++ ++#define X509_get_subject_name(x) x->cert_info->subject ++#define X509_get_issuer_name(x) x->cert_info->issuer ++#define X509_NAME_ENTRY_get_data(n) n->value ++#define X509_NAME_ENTRY_get_object(n) n->object ++#define X509_STORE_CTX_get_current_cert(ctx) ctx->current_cert ++#define X509_STORE_CTX_get_error(ctx) ctx->error ++#define X509_STORE_CTX_get_error_depth(ctx) ctx->error_depth ++ ++#define OPENSSL_VERSION SSLEAY_VERSION ++#define OpenSSL_version SSLeay_version ++ ++#endif /* OPENSSL_VERSION_NUMBER */ ++ ++#endif /* OPENSSL_COMPAT_H */ +diff --git a/src/racoon/plainrsa-gen.c b/src/racoon/plainrsa-gen.c +index cad1861..b949b08 100644 +--- a/src/racoon/plainrsa-gen.c ++++ b/src/racoon/plainrsa-gen.c +@@ -60,6 +60,7 @@ + #include "vmbuf.h" + #include "plog.h" + #include "crypto_openssl.h" ++#include "openssl_compat.h" + + #include "package_version.h" + +@@ -90,12 +91,14 @@ mix_b64_pubkey(const RSA *key) + char *binbuf; + long binlen, ret; + vchar_t *res; +- +- binlen = 1 + BN_num_bytes(key->e) + BN_num_bytes(key->n); ++ const BIGNUM *e, *n; ++ ++ RSA_get0_key(key, &n, &e, NULL); ++ binlen = 1 + BN_num_bytes(e) + BN_num_bytes(n); + binbuf = malloc(binlen); + memset(binbuf, 0, binlen); +- binbuf[0] = BN_bn2bin(key->e, (unsigned char *) &binbuf[1]); +- ret = BN_bn2bin(key->n, (unsigned char *) (&binbuf[binbuf[0] + 1])); ++ binbuf[0] = BN_bn2bin(e, (unsigned char *) &binbuf[1]); ++ ret = BN_bn2bin(n, (unsigned char *) (&binbuf[binbuf[0] + 1])); + if (1 + binbuf[0] + ret != binlen) { + plog(LLV_ERROR, LOCATION, NULL, + "Pubkey generation failed. This is really strange...\n"); +@@ -131,16 +134,20 @@ print_rsa_key(FILE *fp, const RSA *key) + + fprintf(fp, "# : PUB 0s%s\n", pubkey64->v); + fprintf(fp, ": RSA\t{\n"); +- fprintf(fp, "\t# RSA %d bits\n", BN_num_bits(key->n)); ++ const BIGNUM *n, *e, *d, *p, *q, *dmp1, *dmq1, *iqmp; ++ RSA_get0_key(key, &n, &e, &d); ++ RSA_get0_factors(key, &p, &q); ++ RSA_get0_crt_params(key, &dmp1, &dmq1, &iqmp); ++ fprintf(fp, "\t# RSA %d bits\n", BN_num_bits(n)); + fprintf(fp, "\t# pubkey=0s%s\n", pubkey64->v); +- fprintf(fp, "\tModulus: 0x%s\n", lowercase(BN_bn2hex(key->n))); +- fprintf(fp, "\tPublicExponent: 0x%s\n", lowercase(BN_bn2hex(key->e))); +- fprintf(fp, "\tPrivateExponent: 0x%s\n", lowercase(BN_bn2hex(key->d))); +- fprintf(fp, "\tPrime1: 0x%s\n", lowercase(BN_bn2hex(key->p))); +- fprintf(fp, "\tPrime2: 0x%s\n", lowercase(BN_bn2hex(key->q))); +- fprintf(fp, "\tExponent1: 0x%s\n", lowercase(BN_bn2hex(key->dmp1))); +- fprintf(fp, "\tExponent2: 0x%s\n", lowercase(BN_bn2hex(key->dmq1))); +- fprintf(fp, "\tCoefficient: 0x%s\n", lowercase(BN_bn2hex(key->iqmp))); ++ fprintf(fp, "\tModulus: 0x%s\n", lowercase(BN_bn2hex(n))); ++ fprintf(fp, "\tPublicExponent: 0x%s\n", lowercase(BN_bn2hex(e))); ++ fprintf(fp, "\tPrivateExponent: 0x%s\n", lowercase(BN_bn2hex(d))); ++ fprintf(fp, "\tPrime1: 0x%s\n", lowercase(BN_bn2hex(p))); ++ fprintf(fp, "\tPrime2: 0x%s\n", lowercase(BN_bn2hex(q))); ++ fprintf(fp, "\tExponent1: 0x%s\n", lowercase(BN_bn2hex(dmp1))); ++ fprintf(fp, "\tExponent2: 0x%s\n", lowercase(BN_bn2hex(dmq1))); ++ fprintf(fp, "\tCoefficient: 0x%s\n", lowercase(BN_bn2hex(iqmp))); + fprintf(fp, " }\n"); + + vfree(pubkey64); +@@ -203,11 +210,13 @@ int + gen_rsa_key(FILE *fp, size_t bits, unsigned long exp) + { + int ret; +- RSA *key; ++ RSA *key = RSA_new(); ++ BIGNUM *e = BN_new(); + +- key = RSA_generate_key(bits, exp, NULL, NULL); +- if (!key) { ++ BN_set_word(e, exp); ++ if (! RSA_generate_key_ex(key, bits, e, NULL)) { + fprintf(stderr, "RSA_generate_key(): %s\n", eay_strerror()); ++ RSA_free(key); + return -1; + } + +diff --git a/src/racoon/prsa_par.y b/src/racoon/prsa_par.y +index 1987e4d..27ce4c6 100644 +--- a/src/racoon/prsa_par.y ++++ b/src/racoon/prsa_par.y +@@ -68,6 +68,7 @@ + #include "isakmp_var.h" + #include "handler.h" + #include "crypto_openssl.h" ++#include "openssl_compat.h" + #include "sockmisc.h" + #include "rsalist.h" + +@@ -85,7 +86,18 @@ char *prsa_cur_fname = NULL; + struct genlist *prsa_cur_list = NULL; + enum rsa_key_type prsa_cur_type = RSA_TYPE_ANY; + +-static RSA *rsa_cur; ++struct my_rsa_st { ++ BIGNUM *n; ++ BIGNUM *e; ++ BIGNUM *d; ++ BIGNUM *p; ++ BIGNUM *q; ++ BIGNUM *dmp1; ++ BIGNUM *dmq1; ++ BIGNUM *iqmp; ++}; ++ ++static struct my_rsa_st *rsa_cur; + + void + prsaerror(const char *s, ...) +@@ -201,8 +213,12 @@ rsa_statement: + rsa_cur->iqmp = NULL; + } + } +- $$ = rsa_cur; +- rsa_cur = RSA_new(); ++ RSA * rsa_tmp = RSA_new(); ++ RSA_set0_key(rsa_tmp, rsa_cur->n, rsa_cur->e, rsa_cur->d); ++ RSA_set0_factors(rsa_tmp, rsa_cur->p, rsa_cur->q); ++ RSA_set0_crt_params(rsa_tmp, rsa_cur->dmp1, rsa_cur->dmq1, rsa_cur->iqmp); ++ $$ = rsa_tmp; ++ memset(rsa_cur, 0, sizeof(struct my_rsa_st)); + } + | TAG_PUB BASE64 + { +@@ -351,10 +367,12 @@ prsa_parse_file(struct genlist *list, char *fname, enum rsa_key_type type) + prsa_cur_fname = fname; + prsa_cur_list = list; + prsa_cur_type = type; +- rsa_cur = RSA_new(); ++ rsa_cur = malloc(sizeof(struct my_rsa_st)); ++ memset(rsa_cur, 0, sizeof(struct my_rsa_st)); + ret = prsaparse(); + if (rsa_cur) { +- RSA_free(rsa_cur); ++ memset(rsa_cur, 0, sizeof(struct my_rsa_st)); ++ free(rsa_cur); + rsa_cur = NULL; + } + fclose (fp); +diff --git a/src/racoon/rsalist.c b/src/racoon/rsalist.c +index f152c82..96e8363 100644 +--- a/src/racoon/rsalist.c ++++ b/src/racoon/rsalist.c +@@ -52,6 +52,7 @@ + #include "genlist.h" + #include "remoteconf.h" + #include "crypto_openssl.h" ++#include "openssl_compat.h" + + #ifndef LIST_FIRST + #define LIST_FIRST(head) ((head)->lh_first) +@@ -98,7 +99,9 @@ rsa_key_dup(struct rsa_key *key) + return NULL; + + if (key->rsa) { +- new->rsa = key->rsa->d != NULL ? RSAPrivateKey_dup(key->rsa) : RSAPublicKey_dup(key->rsa); ++ const BIGNUM *d; ++ RSA_get0_key(key->rsa, NULL, NULL, &d); ++ new->rsa = (d != NULL ? RSAPrivateKey_dup(key->rsa) : RSAPublicKey_dup(key->rsa)); + if (new->rsa == NULL) + goto dup_error; + } +-- +2.16.1 + From patchwork Sat Aug 25 09:16:59 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bernd Kuhls X-Patchwork-Id: 962155 Return-Path: X-Original-To: incoming-buildroot@patchwork.ozlabs.org Delivered-To: patchwork-incoming-buildroot@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=busybox.net (client-ip=140.211.166.133; helo=hemlock.osuosl.org; envelope-from=buildroot-bounces@busybox.net; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=t-online.de Received: from hemlock.osuosl.org (smtp2.osuosl.org [140.211.166.133]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 41yCGc0GrWz9s3Z for ; Sat, 25 Aug 2018 19:17:27 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by hemlock.osuosl.org (Postfix) with ESMTP id 17ED387C0C; Sat, 25 Aug 2018 09:17:26 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from hemlock.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qBuKfaU5dQhx; Sat, 25 Aug 2018 09:17:19 +0000 (UTC) Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34]) by hemlock.osuosl.org (Postfix) with ESMTP id CB02C82858; Sat, 25 Aug 2018 09:17:19 +0000 (UTC) X-Original-To: buildroot@lists.busybox.net Delivered-To: buildroot@osuosl.org Received: from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138]) by ash.osuosl.org (Postfix) with ESMTP id DA47F1CF264 for ; Sat, 25 Aug 2018 09:17:15 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by whitealder.osuosl.org (Postfix) with ESMTP id D609085D72 for ; Sat, 25 Aug 2018 09:17:15 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from whitealder.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2nn+Nmki0j6K for ; Sat, 25 Aug 2018 09:17:14 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from mailout08.t-online.de (mailout08.t-online.de [194.25.134.20]) by whitealder.osuosl.org (Postfix) with ESMTPS id 88DDE85DD3 for ; Sat, 25 Aug 2018 09:17:14 +0000 (UTC) Received: from fwd34.aul.t-online.de (fwd34.aul.t-online.de [172.20.26.145]) by mailout08.t-online.de (Postfix) with SMTP id 31BA341D87A5; Sat, 25 Aug 2018 11:17:13 +0200 (CEST) Received: from fli4l.lan.fli4l (rfalbGZEZhEySrVUEhCFB2DcBaJzJ-KGOBoh-P3cxyGXvXZTNn9VSjm1ABMMWUfQrT@[91.58.2.49]) by fwd34.t-online.de with (TLSv1:ECDHE-RSA-AES256-SHA encrypted) esmtp id 1ftUgs-1YcURk0; Sat, 25 Aug 2018 11:17:06 +0200 Received: from mahler.lan.fli4l ([192.168.1.1]:44964 helo=kuhls.lan.fli4l) by fli4l.lan.fli4l with esmtp (Exim 4.91) (envelope-from ) id 1ftUgr-0003CG-AF; Sat, 25 Aug 2018 11:17:05 +0200 From: Bernd Kuhls To: buildroot@buildroot.org Date: Sat, 25 Aug 2018 11:16:59 +0200 Message-Id: <20180825091702.28471-5-bernd.kuhls@t-online.de> X-Mailer: git-send-email 2.18.0 In-Reply-To: <20180825091702.28471-1-bernd.kuhls@t-online.de> References: <20180825091702.28471-1-bernd.kuhls@t-online.de> X-ID: rfalbGZEZhEySrVUEhCFB2DcBaJzJ-KGOBoh-P3cxyGXvXZTNn9VSjm1ABMMWUfQrT X-TOI-MSGID: f17e2500-c8d0-4879-8a44-ec08a56351f7 Subject: [Buildroot] [PATCH/next 4/7] package/liboauth: Fix build with OpenSSL 1.1.x X-BeenThere: buildroot@busybox.net X-Mailman-Version: 2.1.24 Precedence: list List-Id: Discussion and development of buildroot List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Marcin Bis MIME-Version: 1.0 Errors-To: buildroot-bounces@busybox.net Sender: "buildroot" Signed-off-by: Bernd Kuhls --- package/liboauth/0001-openssl-1.1.0.patch | 154 ++++++++++++++++++++++ 1 file changed, 154 insertions(+) create mode 100644 package/liboauth/0001-openssl-1.1.0.patch diff --git a/package/liboauth/0001-openssl-1.1.0.patch b/package/liboauth/0001-openssl-1.1.0.patch new file mode 100644 index 0000000000..a33ac0a20b --- /dev/null +++ b/package/liboauth/0001-openssl-1.1.0.patch @@ -0,0 +1,154 @@ +Submitted by: DJ Lucas (dj_AT_linuxfromscratch_DOT_org) +Date: 2017-05-27 +Initial Package Version: 1.0.3 +Update by: Bruce Dubbs +Date: 2017-06-14 +Upstream Status: Submitted +Origin: https://github.com/x42/liboauth/issues/9 +Description: Fixes build issue with OpenSSL-1.1.0. +Update: Additional fix from upstream. Three lines changed. + +Downloaded from +http://www.linuxfromscratch.org/patches/blfs/svn/liboauth-1.0.3-openssl-1.1.0-2.patch + +Patch was sent upstream: https://github.com/x42/liboauth/issues/9 + +Signed-off-by: Bernd Kuhls + +diff -Naurp liboauth-1.0.3-orig/src/hash.c liboauth-1.0.3/src/hash.c +--- liboauth-1.0.3-orig/src/hash.c 2013-10-04 08:02:50.000000000 -0500 ++++ liboauth-1.0.3/src/hash.c 2017-05-27 00:51:04.708633351 -0500 +@@ -362,6 +362,11 @@ looser: + #include "oauth.h" // base64 encode fn's. + #include + ++#if OPENSSL_VERSION_NUMBER < 0x10100000 ++#define EVP_MD_CTX_new EVP_MD_CTX_create ++#define EVP_MD_CTX_free EVP_MD_CTX_destroy ++#endif ++ + char *oauth_sign_hmac_sha1 (const char *m, const char *k) { + return(oauth_sign_hmac_sha1_raw (m, strlen(m), k, strlen(k))); + } +@@ -386,7 +391,7 @@ char *oauth_sign_rsa_sha1 (const char *m + unsigned char *sig = NULL; + unsigned char *passphrase = NULL; + unsigned int len=0; +- EVP_MD_CTX md_ctx; ++ EVP_MD_CTX *md_ctx; + + EVP_PKEY *pkey; + BIO *in; +@@ -399,24 +404,31 @@ char *oauth_sign_rsa_sha1 (const char *m + return xstrdup("liboauth/OpenSSL: can not read private key"); + } + ++ md_ctx = EVP_MD_CTX_new(); ++ if (md_ctx == NULL) { ++ return xstrdup("liboauth/OpenSSL: failed to allocate EVP_MD_CTX"); ++ } ++ + len = EVP_PKEY_size(pkey); + sig = (unsigned char*)xmalloc((len+1)*sizeof(char)); + +- EVP_SignInit(&md_ctx, EVP_sha1()); +- EVP_SignUpdate(&md_ctx, m, strlen(m)); +- if (EVP_SignFinal (&md_ctx, sig, &len, pkey)) { ++ EVP_SignInit(md_ctx, EVP_sha1()); ++ EVP_SignUpdate(md_ctx, m, strlen(m)); ++ if (EVP_SignFinal (md_ctx, sig, &len, pkey)) { + char *tmp; + sig[len] = '\0'; + tmp = oauth_encode_base64(len,sig); + OPENSSL_free(sig); + EVP_PKEY_free(pkey); ++ EVP_MD_CTX_free(md_ctx); + return tmp; + } ++ EVP_MD_CTX_free(md_ctx); + return xstrdup("liboauth/OpenSSL: rsa-sha1 signing failed"); + } + + int oauth_verify_rsa_sha1 (const char *m, const char *c, const char *s) { +- EVP_MD_CTX md_ctx; ++ EVP_MD_CTX *md_ctx; + EVP_PKEY *pkey; + BIO *in; + X509 *cert = NULL; +@@ -437,13 +449,18 @@ int oauth_verify_rsa_sha1 (const char *m + return -2; + } + ++ md_ctx = EVP_MD_CTX_new(); ++ if (md_ctx == NULL) { ++ return -2; ++ } ++ + b64d= (unsigned char*) xmalloc(sizeof(char)*strlen(s)); + slen = oauth_decode_base64(b64d, s); + +- EVP_VerifyInit(&md_ctx, EVP_sha1()); +- EVP_VerifyUpdate(&md_ctx, m, strlen(m)); +- err = EVP_VerifyFinal(&md_ctx, b64d, slen, pkey); +- EVP_MD_CTX_cleanup(&md_ctx); ++ EVP_VerifyInit(md_ctx, EVP_sha1()); ++ EVP_VerifyUpdate(md_ctx, m, strlen(m)); ++ err = EVP_VerifyFinal(md_ctx, b64d, slen, pkey); ++ EVP_MD_CTX_free(pkey); + EVP_PKEY_free(pkey); + xfree(b64d); + return (err); +@@ -455,35 +472,41 @@ int oauth_verify_rsa_sha1 (const char *m + */ + char *oauth_body_hash_file(char *filename) { + unsigned char fb[BUFSIZ]; +- EVP_MD_CTX ctx; ++ EVP_MD_CTX *ctx; + size_t len=0; + unsigned char *md; + FILE *F= fopen(filename, "r"); + if (!F) return NULL; + +- EVP_MD_CTX_init(&ctx); +- EVP_DigestInit(&ctx,EVP_sha1()); ++ ctx = EVP_MD_CTX_new(); ++ if (ctx == NULL) { ++ return xstrdup("liboauth/OpenSSL: failed to allocate EVP_MD_CTX"); ++ } ++ EVP_DigestInit(ctx,EVP_sha1()); + while (!feof(F) && (len=fread(fb,sizeof(char),BUFSIZ, F))>0) { +- EVP_DigestUpdate(&ctx, fb, len); ++ EVP_DigestUpdate(ctx, fb, len); + } + fclose(F); + len=0; + md=(unsigned char*) xcalloc(EVP_MD_size(EVP_sha1()),sizeof(unsigned char)); +- EVP_DigestFinal(&ctx, md,(unsigned int*) &len); +- EVP_MD_CTX_cleanup(&ctx); ++ EVP_DigestFinal(ctx, md,(unsigned int*) &len); ++ EVP_MD_CTX_free(ctx); + return oauth_body_hash_encode(len, md); + } + + char *oauth_body_hash_data(size_t length, const char *data) { +- EVP_MD_CTX ctx; ++ EVP_MD_CTX *ctx; + size_t len=0; + unsigned char *md; + md=(unsigned char*) xcalloc(EVP_MD_size(EVP_sha1()),sizeof(unsigned char)); +- EVP_MD_CTX_init(&ctx); +- EVP_DigestInit(&ctx,EVP_sha1()); +- EVP_DigestUpdate(&ctx, data, length); +- EVP_DigestFinal(&ctx, md,(unsigned int*) &len); +- EVP_MD_CTX_cleanup(&ctx); ++ ctx = EVP_MD_CTX_new(); ++ if (ctx == NULL) { ++ return xstrdup("liboauth/OpenSSL: failed to allocate EVP_MD_CTX"); ++ } ++ EVP_DigestInit(ctx,EVP_sha1()); ++ EVP_DigestUpdate(ctx, data, length); ++ EVP_DigestFinal(ctx, md,(unsigned int*) &len); ++ EVP_MD_CTX_free(ctx); + return oauth_body_hash_encode(len, md); + } + From patchwork Sat Aug 25 09:17:00 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bernd Kuhls X-Patchwork-Id: 962156 Return-Path: X-Original-To: incoming-buildroot@patchwork.ozlabs.org Delivered-To: patchwork-incoming-buildroot@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=busybox.net (client-ip=140.211.166.136; helo=silver.osuosl.org; envelope-from=buildroot-bounces@busybox.net; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=t-online.de Received: from silver.osuosl.org (smtp3.osuosl.org [140.211.166.136]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 41yCGg0hzrz9s3Z for ; Sat, 25 Aug 2018 19:17:31 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by silver.osuosl.org (Postfix) with ESMTP id 146CC22115; Sat, 25 Aug 2018 09:17:29 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from silver.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EQNWKscxD7A4; Sat, 25 Aug 2018 09:17:24 +0000 (UTC) Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34]) by silver.osuosl.org (Postfix) with ESMTP id B8E98220CE; Sat, 25 Aug 2018 09:17:22 +0000 (UTC) X-Original-To: buildroot@lists.busybox.net Delivered-To: buildroot@osuosl.org Received: from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138]) by ash.osuosl.org (Postfix) with ESMTP id CF6941CF3B8 for ; Sat, 25 Aug 2018 09:17:16 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by whitealder.osuosl.org (Postfix) with ESMTP id C976C85DCE for ; Sat, 25 Aug 2018 09:17:16 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from whitealder.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7U0XkvvDka75 for ; Sat, 25 Aug 2018 09:17:13 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from mailout02.t-online.de (mailout02.t-online.de [194.25.134.17]) by whitealder.osuosl.org (Postfix) with ESMTPS id 8825385DB9 for ; Sat, 25 Aug 2018 09:17:13 +0000 (UTC) Received: from fwd12.aul.t-online.de (fwd12.aul.t-online.de [172.20.26.241]) by mailout02.t-online.de (Postfix) with SMTP id EA21141A0D17; Sat, 25 Aug 2018 11:17:11 +0200 (CEST) Received: from fli4l.lan.fli4l (VsmJv4ZdrhnbtRp3IHyG1npwvq0-Zbzsc8ZPT-a9mQZQII5dMFF3evRdbb+sH4FQEX@[91.58.2.49]) by fwd12.t-online.de with (TLSv1:ECDHE-RSA-AES256-SHA encrypted) esmtp id 1ftUgs-3GsF7Y0; Sat, 25 Aug 2018 11:17:06 +0200 Received: from mahler.lan.fli4l ([192.168.1.1]:44964 helo=kuhls.lan.fli4l) by fli4l.lan.fli4l with esmtp (Exim 4.91) (envelope-from ) id 1ftUgr-0003CG-Tv; Sat, 25 Aug 2018 11:17:06 +0200 From: Bernd Kuhls To: buildroot@buildroot.org Date: Sat, 25 Aug 2018 11:17:00 +0200 Message-Id: <20180825091702.28471-6-bernd.kuhls@t-online.de> X-Mailer: git-send-email 2.18.0 In-Reply-To: <20180825091702.28471-1-bernd.kuhls@t-online.de> References: <20180825091702.28471-1-bernd.kuhls@t-online.de> X-ID: VsmJv4ZdrhnbtRp3IHyG1npwvq0-Zbzsc8ZPT-a9mQZQII5dMFF3evRdbb+sH4FQEX X-TOI-MSGID: 16703ab4-2fb1-41a1-8b74-51246144d6d2 Subject: [Buildroot] [PATCH/next 5/7] package/libtorrent: Fix build with OpenSSL 1.1.x X-BeenThere: buildroot@busybox.net X-Mailman-Version: 2.1.24 Precedence: list List-Id: Discussion and development of buildroot List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Marcin Bis MIME-Version: 1.0 Errors-To: buildroot-bounces@busybox.net Sender: "buildroot" Signed-off-by: Bernd Kuhls --- package/libtorrent/0002-openssl110.patch | 109 +++++++++++++++++++++++ 1 file changed, 109 insertions(+) create mode 100644 package/libtorrent/0002-openssl110.patch diff --git a/package/libtorrent/0002-openssl110.patch b/package/libtorrent/0002-openssl110.patch new file mode 100644 index 0000000000..b0cfc2deef --- /dev/null +++ b/package/libtorrent/0002-openssl110.patch @@ -0,0 +1,109 @@ +From 7b29b6bd2547e72e22b9b7981df27092842d2a10 Mon Sep 17 00:00:00 2001 +From: rakshasa +Date: Tue, 20 Dec 2016 19:51:02 +0900 +Subject: [PATCH] Added support for openssl 1.1. + +Downloaded from upstream commit +https://github.com/rakshasa/libtorrent/commit/7b29b6bd2547e72e22b9b7981df27092842d2a10 + +Signed-off-by: Bernd Kuhls +--- + configure.ac | 4 ++++ + src/utils/diffie_hellman.cc | 36 ++++++++++++++++++++++++++++++++++-- + 2 files changed, 38 insertions(+), 2 deletions(-) + +diff --git a/configure.ac b/configure.ac +index 5b1ea237..b885714d 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -71,12 +71,15 @@ AC_ARG_ENABLE(openssl, + [ --disable-openssl Don't use OpenSSL's SHA1 implementation.], + [ + if test "$enableval" = "yes"; then ++dnl move to scripts. + PKG_CHECK_MODULES(OPENSSL, libcrypto, + CXXFLAGS="$CXXFLAGS $OPENSSL_CFLAGS"; + LIBS="$LIBS $OPENSSL_LIBS") + + AC_DEFINE(USE_OPENSSL, 1, Using OpenSSL.) + AC_DEFINE(USE_OPENSSL_SHA, 1, Using OpenSSL's SHA1 implementation.) ++ AC_CHECK_LIB([crypto], [DH_set0_pqg], [AC_DEFINE(USE_OPENSSL_1_1, 1, Using OpenSSL 1.1.)]) ++ + else + AC_DEFINE(USE_NSS_SHA, 1, Using Mozilla's SHA1 implementation.) + fi +@@ -87,6 +90,7 @@ AC_ARG_ENABLE(openssl, + + AC_DEFINE(USE_OPENSSL, 1, Using OpenSSL.) + AC_DEFINE(USE_OPENSSL_SHA, 1, Using OpenSSL's SHA1 implementation.) ++ AC_CHECK_LIB([crypto], [DH_set0_pqg], [AC_DEFINE(USE_OPENSSL_1_1, 1, Using OpenSSL 1.1.)]) + ] + ) + +diff --git a/src/utils/diffie_hellman.cc b/src/utils/diffie_hellman.cc +index aa653d45..7ec13165 100644 +--- a/src/utils/diffie_hellman.cc ++++ b/src/utils/diffie_hellman.cc +@@ -54,11 +54,23 @@ DiffieHellman::DiffieHellman(const unsigned char *prime, int primeLength, + m_secret(NULL), m_size(0) { + + #ifdef USE_OPENSSL ++ + m_dh = DH_new(); ++ ++#ifdef USE_OPENSSL_1_1 ++ BIGNUM * const dh_p = BN_bin2bn(prime, primeLength, NULL); ++ BIGNUM * const dh_g = BN_bin2bn(generator, generatorLength, NULL); ++ ++ if (dh_p == NULL || dh_g == NULL || ++ !DH_set0_pqg(m_dh, dh_p, NULL, dh_g)) ++ throw internal_error("Could not generate Diffie-Hellman parameters"); ++#else + m_dh->p = BN_bin2bn(prime, primeLength, NULL); + m_dh->g = BN_bin2bn(generator, generatorLength, NULL); ++#endif + + DH_generate_key(m_dh); ++ + #else + throw internal_error("Compiled without encryption support."); + #endif +@@ -74,7 +86,19 @@ DiffieHellman::~DiffieHellman() { + bool + DiffieHellman::is_valid() const { + #ifdef USE_OPENSSL ++ if (m_dh == NULL) ++ return false; ++ ++#ifdef USE_OPENSSL_1_1 ++ const BIGNUM *pub_key; ++ ++ DH_get0_key(m_dh, &pub_key, NULL); ++ ++ return pub_key != NULL; ++#else + return m_dh != NULL && m_dh->pub_key != NULL; ++#endif ++ + #else + return false; + #endif +@@ -103,8 +127,16 @@ DiffieHellman::store_pub_key(unsigned char* dest, unsigned int length) { + #ifdef USE_OPENSSL + std::memset(dest, 0, length); + +- if ((int)length >= BN_num_bytes(m_dh->pub_key)) +- BN_bn2bin(m_dh->pub_key, dest + length - BN_num_bytes(m_dh->pub_key)); ++ const BIGNUM *pub_key; ++ ++#ifdef USE_OPENSSL_1_1 ++ DH_get0_key(m_dh, &pub_key, NULL); ++#else ++ pub_key = m_dh->pub_key; ++#endif ++ ++ if ((int)length >= BN_num_bytes(pub_key)) ++ BN_bn2bin(pub_key, dest + length - BN_num_bytes(pub_key)); + #endif + } + From patchwork Sat Aug 25 09:17:01 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bernd Kuhls X-Patchwork-Id: 962157 Return-Path: X-Original-To: incoming-buildroot@patchwork.ozlabs.org Delivered-To: patchwork-incoming-buildroot@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=busybox.net (client-ip=140.211.166.138; helo=whitealder.osuosl.org; envelope-from=buildroot-bounces@busybox.net; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=t-online.de Received: from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 41yCGm0snNz9s3Z for ; Sat, 25 Aug 2018 19:17:36 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by whitealder.osuosl.org (Postfix) with ESMTP id 6255385D5C; Sat, 25 Aug 2018 09:17:34 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from whitealder.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5b17WAyZd9zY; Sat, 25 Aug 2018 09:17:32 +0000 (UTC) Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34]) by whitealder.osuosl.org (Postfix) with ESMTP id 7043D85D72; Sat, 25 Aug 2018 09:17:32 +0000 (UTC) X-Original-To: buildroot@lists.busybox.net Delivered-To: buildroot@osuosl.org Received: from hemlock.osuosl.org (smtp2.osuosl.org [140.211.166.133]) by ash.osuosl.org (Postfix) with ESMTP id 4477F1CF264 for ; Sat, 25 Aug 2018 09:17:22 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by hemlock.osuosl.org (Postfix) with ESMTP id 39A3086629 for ; Sat, 25 Aug 2018 09:17:22 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from hemlock.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xoVxZK0y35pA for ; Sat, 25 Aug 2018 09:17:18 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from mailout07.t-online.de (mailout07.t-online.de [194.25.134.83]) by hemlock.osuosl.org (Postfix) with ESMTPS id 5BA5386C9A for ; Sat, 25 Aug 2018 09:17:18 +0000 (UTC) Received: from fwd41.aul.t-online.de (fwd41.aul.t-online.de [172.20.27.139]) by mailout07.t-online.de (Postfix) with SMTP id 56B0C4228A8A; Sat, 25 Aug 2018 11:17:16 +0200 (CEST) Received: from fli4l.lan.fli4l (ZkxCuZZvYhOVmuq9xv2atwXVQFzJCQtCJTe8wpWUhHcEavOulZIxEHFh8y0kyrswC1@[91.58.2.49]) by fwd41.t-online.de with (TLSv1:ECDHE-RSA-AES256-SHA encrypted) esmtp id 1ftUgt-1VKB6m0; Sat, 25 Aug 2018 11:17:07 +0200 Received: from mahler.lan.fli4l ([192.168.1.1]:44964 helo=kuhls.lan.fli4l) by fli4l.lan.fli4l with esmtp (Exim 4.91) (envelope-from ) id 1ftUgs-0003CG-EP; Sat, 25 Aug 2018 11:17:06 +0200 From: Bernd Kuhls To: buildroot@buildroot.org Date: Sat, 25 Aug 2018 11:17:01 +0200 Message-Id: <20180825091702.28471-7-bernd.kuhls@t-online.de> X-Mailer: git-send-email 2.18.0 In-Reply-To: <20180825091702.28471-1-bernd.kuhls@t-online.de> References: <20180825091702.28471-1-bernd.kuhls@t-online.de> X-ID: ZkxCuZZvYhOVmuq9xv2atwXVQFzJCQtCJTe8wpWUhHcEavOulZIxEHFh8y0kyrswC1 X-TOI-MSGID: 186658de-40e2-4b64-ab9c-50071a2f6d53 Subject: [Buildroot] [PATCH/next 6/7] package/pound: Fix build with OpenSSL 1.1.x X-BeenThere: buildroot@busybox.net X-Mailman-Version: 2.1.24 Precedence: list List-Id: Discussion and development of buildroot List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Marcin Bis MIME-Version: 1.0 Errors-To: buildroot-bounces@busybox.net Sender: "buildroot" Signed-off-by: Bernd Kuhls --- package/pound/0002-fix-openssl-1.1.0.patch | 331 +++++++++++++++++++++ 1 file changed, 331 insertions(+) create mode 100644 package/pound/0002-fix-openssl-1.1.0.patch diff --git a/package/pound/0002-fix-openssl-1.1.0.patch b/package/pound/0002-fix-openssl-1.1.0.patch new file mode 100644 index 0000000000..a94a6386b7 --- /dev/null +++ b/package/pound/0002-fix-openssl-1.1.0.patch @@ -0,0 +1,331 @@ +From a2c9dde4d055ea8942afb150b7fc3a807d4e5d60 Mon Sep 17 00:00:00 2001 +From: Sergey Poznyakoff +Date: Wed, 28 Feb 2018 13:44:01 +0000 +Subject: [PATCH] Support for Openssl 1.1 + +Downloaded from github fork: +https://github.com/graygnuorg/pound/commit/a2c9dde4d055ea8942afb150b7fc3a807d4e5d60 + +This patch was announced on the upstream mailinglist: +http://www.apsis.ch/pound/pound_list/archive/2018/2018-03/1519920322000 + +Signed-off-by: Bernd Kuhls +--- + .gitignore | 15 ++++++++ + config.c | 17 +++++++-- + http.c | 12 ++++++- + pound.h | 4 ++- + svc.c | 101 +++++++++++++++++++++++++++++++++++++++++++---------- + 5 files changed, 125 insertions(+), 24 deletions(-) + create mode 100644 .gitignore + +diff --git a/config.c b/config.c +index d41a3ee..e8fec0f 100644 +--- a/config.c ++++ b/config.c +@@ -174,6 +174,16 @@ conf_fgets(char *buf, const int max) + } + } + ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++# define general_name_string(n) \ ++ strndup(ASN1_STRING_get0_data(n->d.dNSName), \ ++ ASN1_STRING_length(n->d.dNSName) + 1) ++#else ++# define general_name_string(n) \ ++ strndup(ASN1_STRING_data(n->d.dNSName), \ ++ ASN1_STRING_length(n->d.dNSName) + 1) ++#endif ++ + unsigned char ** + get_subjectaltnames(X509 *x509, unsigned int *count) + { +@@ -194,8 +204,7 @@ get_subjectaltnames(X509 *x509, unsigned int *count) + name = sk_GENERAL_NAME_pop(san_stack); + switch(name->type) { + case GEN_DNS: +- temp[local_count] = strndup(ASN1_STRING_data(name->d.dNSName), ASN1_STRING_length(name->d.dNSName) +- + 1); ++ temp[local_count] = general_name_string(name); + if(temp[local_count] == NULL) + conf_err("out of memory"); + local_count++; +@@ -565,7 +574,9 @@ parse_service(const char *svc_name) + pthread_mutex_init(&res->mut, NULL); + if(svc_name) + strncpy(res->name, svc_name, KEY_SIZE); +-#if OPENSSL_VERSION_NUMBER >= 0x10000000L ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++ if((res->sessions = lh_TABNODE_new(t_hash, t_cmp)) == NULL) ++#elif OPENSSL_VERSION_NUMBER >= 0x10000000L + if((res->sessions = LHM_lh_new(TABNODE, t)) == NULL) + #else + if((res->sessions = lh_new(LHASH_HASH_FN(t_hash), LHASH_COMP_FN(t_cmp))) == NULL) +diff --git a/http.c b/http.c +index dd211e4..c8e756a 100644 +--- a/http.c ++++ b/http.c +@@ -527,12 +527,22 @@ log_bytes(char *res, const LONG cnt) + + /* Cleanup code. This should really be in the pthread_cleanup_push, except for bugs in some implementations */ + ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++# define clear_error() ++#elif OPENSSL_VERSION_NUMBER >= 0x10000000L ++# define clear_error() \ ++ if(ssl != NULL) { ERR_clear_error(); ERR_remove_thread_state(NULL); } ++#else ++# define clear_error() \ ++ if(ssl != NULL) { ERR_clear_error(); ERR_remove_state(0); } ++#endif ++ + #define clean_all() { \ + if(ssl != NULL) { BIO_ssl_shutdown(cl); } \ + if(be != NULL) { BIO_flush(be); BIO_reset(be); BIO_free_all(be); be = NULL; } \ + if(cl != NULL) { BIO_flush(cl); BIO_reset(cl); BIO_free_all(cl); cl = NULL; } \ + if(x509 != NULL) { X509_free(x509); x509 = NULL; } \ +- if(ssl != NULL) { ERR_clear_error(); ERR_remove_state(0); } \ ++ clear_error(); \ + } + + /* +diff --git a/pound.h b/pound.h +index fa22c36..9603b91 100644 +--- a/pound.h ++++ b/pound.h +@@ -344,7 +344,9 @@ typedef struct _tn { + /* maximal session key size */ + #define KEY_SIZE 127 + +-#if OPENSSL_VERSION_NUMBER >= 0x10000000L ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++ DEFINE_LHASH_OF(TABNODE); ++#elif OPENSSL_VERSION_NUMBER >= 0x10000000L + DECLARE_LHASH_OF(TABNODE); + #endif + +diff --git a/svc.c b/svc.c +index 60ba488..063b92c 100644 +--- a/svc.c ++++ b/svc.c +@@ -27,10 +27,17 @@ + + #include "pound.h" + ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++# define TABNODE_GET_DOWN_LOAD(t) lh_TABNODE_get_down_load(t) ++# define TABNODE_SET_DOWN_LOAD(t,n) lh_TABNODE_set_down_load(t,n) ++#else + #ifndef LHASH_OF + #define LHASH_OF(x) LHASH + #define CHECKED_LHASH_OF(type, h) h + #endif ++# define TABNODE_GET_DOWN_LOAD(t) (CHECKED_LHASH_OF(TABNODE, t)->down_load) ++# define TABNODE_SET_DOWN_LOAD(t,n) (CHECKED_LHASH_OF(TABNODE, t)->down_load = n) ++#endif + + /* + * Add a new key/content pair to a hash table +@@ -58,7 +65,9 @@ t_add(LHASH_OF(TABNODE) *const tab, const char *key, const void *content, const + } + memcpy(t->content, content, cont_len); + t->last_acc = time(NULL); +-#if OPENSSL_VERSION_NUMBER >= 0x10000000L ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++ if((old = lh_TABNODE_insert(tab, t)) != NULL) { ++#elif OPENSSL_VERSION_NUMBER >= 0x10000000L + if((old = LHM_lh_insert(TABNODE, tab, t)) != NULL) { + #else + if((old = (TABNODE *)lh_insert(tab, t)) != NULL) { +@@ -82,7 +91,9 @@ t_find(LHASH_OF(TABNODE) *const tab, char *const key) + TABNODE t, *res; + + t.key = key; +-#if OPENSSL_VERSION_NUMBER >= 0x10000000L ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++ if((res = lh_TABNODE_retrieve(tab, &t)) != NULL) { ++#elif OPENSSL_VERSION_NUMBER >= 0x10000000L + if((res = (TABNODE *)LHM_lh_retrieve(TABNODE, tab, &t)) != NULL) { + #else + if((res = (TABNODE *)lh_retrieve(tab, &t)) != NULL) { +@@ -102,7 +113,9 @@ t_remove(LHASH_OF(TABNODE) *const tab, char *const key) + TABNODE t, *res; + + t.key = key; +-#if OPENSSL_VERSION_NUMBER >= 0x10000000L ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++ if((res = lh_TABNODE_delete(tab, &t)) != NULL) { ++#elif OPENSSL_VERSION_NUMBER >= 0x10000000L + if((res = LHM_lh_delete(TABNODE, tab, &t)) != NULL) { + #else + if((res = (TABNODE *)lh_delete(tab, &t)) != NULL) { +@@ -127,7 +140,9 @@ t_old_doall_arg(TABNODE *t, ALL_ARG *a) + TABNODE *res; + + if(t->last_acc < a->lim) +-#if OPENSSL_VERSION_NUMBER >= 0x10000000L ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++ if((res = lh_TABNODE_delete(a->tab, t)) != NULL) { ++#elif OPENSSL_VERSION_NUMBER >= 0x10000000L + if((res = LHM_lh_delete(TABNODE, a->tab, t)) != NULL) { + #else + if((res = lh_delete(a->tab, t)) != NULL) { +@@ -145,6 +160,10 @@ IMPLEMENT_LHASH_DOALL_ARG_FN(t_old, TABNODE, ALL_ARG) + IMPLEMENT_LHASH_DOALL_ARG_FN(t_old, TABNODE *, ALL_ARG *) + #endif + ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++IMPLEMENT_LHASH_DOALL_ARG(TABNODE,ALL_ARG); ++#endif ++ + /* + * Expire all old nodes + */ +@@ -156,14 +175,16 @@ t_expire(LHASH_OF(TABNODE) *const tab, const time_t lim) + + a.tab = tab; + a.lim = lim; +- down_load = CHECKED_LHASH_OF(TABNODE, tab)->down_load; +- CHECKED_LHASH_OF(TABNODE, tab)->down_load = 0; +-#if OPENSSL_VERSION_NUMBER >= 0x10000000L ++ down_load = TABNODE_GET_DOWN_LOAD(tab); ++ TABNODE_SET_DOWN_LOAD(tab, 0); ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++ lh_TABNODE_doall_ALL_ARG(tab, t_old_doall_arg, &a); ++#elif OPENSSL_VERSION_NUMBER >= 0x10000000L + LHM_lh_doall_arg(TABNODE, tab, LHASH_DOALL_ARG_FN(t_old), ALL_ARG, &a); + #else + lh_doall_arg(tab, LHASH_DOALL_ARG_FN(t_old), &a); + #endif +- CHECKED_LHASH_OF(TABNODE, tab)->down_load = down_load; ++ TABNODE_SET_DOWN_LOAD(tab, down_load); + return; + } + +@@ -173,7 +194,9 @@ t_cont_doall_arg(TABNODE *t, ALL_ARG *arg) + TABNODE *res; + + if(memcmp(t->content, arg->content, arg->cont_len) == 0) +-#if OPENSSL_VERSION_NUMBER >= 0x10000000L ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++ if((res = lh_TABNODE_delete(arg->tab, t)) != NULL) { ++#elif OPENSSL_VERSION_NUMBER >= 0x10000000L + if((res = LHM_lh_delete(TABNODE, arg->tab, t)) != NULL) { + #else + if((res = lh_delete(arg->tab, t)) != NULL) { +@@ -203,15 +226,16 @@ t_clean(LHASH_OF(TABNODE) *const tab, void *const content, const size_t cont_len + a.tab = tab; + a.content = content; + a.cont_len = cont_len; +- down_load = CHECKED_LHASH_OF(TABNODE, tab)->down_load; +- CHECKED_LHASH_OF(TABNODE, tab)->down_load = 0; +-#if OPENSSL_VERSION_NUMBER >= 0x10000000L ++ down_load = TABNODE_GET_DOWN_LOAD(tab); ++ TABNODE_SET_DOWN_LOAD(tab, 0); ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++ lh_TABNODE_doall_ALL_ARG(tab, t_cont_doall_arg, &a); ++#elif OPENSSL_VERSION_NUMBER >= 0x10000000L + LHM_lh_doall_arg(TABNODE, tab, LHASH_DOALL_ARG_FN(t_cont), ALL_ARG, &a); + #else + lh_doall_arg(tab, LHASH_DOALL_ARG_FN(t_cont), &a); + #endif +- CHECKED_LHASH_OF(TABNODE, tab)->down_load = down_load; +- return; ++ TABNODE_SET_DOWN_LOAD(tab, down_load); + } + + /* +@@ -1262,6 +1286,31 @@ RSA_tmp_callback(/* not used */SSL *ssl, /* not used */int is_export, int keylen + return res; + } + ++static int ++generate_key(RSA **ret_rsa, unsigned long bits) ++{ ++#if OPENSSL_VERSION_NUMBER > 0x00908000L ++ int rc = 0; ++ RSA *rsa; ++ ++ rsa = RSA_new(); ++ if (rsa) { ++ BIGNUM *bne = BN_new(); ++ if (BN_set_word(bne, RSA_F4)) ++ rc = RSA_generate_key_ex(rsa, bits, bne, NULL); ++ BN_free(bne); ++ if (rc) ++ *ret_rsa = rsa; ++ else ++ RSA_free(rsa); ++ } ++ return rc; ++#else ++ *ret_rsa = RSA_generate_key(bits, RSA_F4, NULL, NULL); ++ return *ret_rsa != NULL; ++#endif ++} ++ + /* + * Periodically regenerate ephemeral RSA keys + * runs every T_RSA_KEYS seconds +@@ -1274,8 +1323,9 @@ do_RSAgen(void) + RSA *t_RSA1024_keys[N_RSA_KEYS]; + + for(n = 0; n < N_RSA_KEYS; n++) { +- t_RSA512_keys[n] = RSA_generate_key(512, RSA_F4, NULL, NULL); +- t_RSA1024_keys[n] = RSA_generate_key(1024, RSA_F4, NULL, NULL); ++ /* FIXME: Error handling */ ++ generate_key(&t_RSA512_keys[n], 512); ++ generate_key(&t_RSA1024_keys[n], 1024); + } + if(ret_val = pthread_mutex_lock(&RSA_mut)) + logmsg(LOG_WARNING, "thr_RSAgen() lock: %s", strerror(ret_val)); +@@ -1329,11 +1379,11 @@ init_timer(void) + * Pre-generate ephemeral RSA keys + */ + for(n = 0; n < N_RSA_KEYS; n++) { +- if((RSA512_keys[n] = RSA_generate_key(512, RSA_F4, NULL, NULL)) == NULL) { ++ if(!generate_key(&RSA512_keys[n], 512)) { + logmsg(LOG_WARNING,"RSA_generate(%d, 512) failed", n); + return; + } +- if((RSA1024_keys[n] = RSA_generate_key(1024, RSA_F4, NULL, NULL)) == NULL) { ++ if(!generate_key(&RSA1024_keys[n], 1024)) { + logmsg(LOG_WARNING,"RSA_generate(%d, 1024) failed", n); + return; + } +@@ -1420,6 +1470,10 @@ IMPLEMENT_LHASH_DOALL_ARG_FN(t_dump, TABNODE, DUMP_ARG) + IMPLEMENT_LHASH_DOALL_ARG_FN(t_dump, TABNODE *, DUMP_ARG *) + #endif + ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++IMPLEMENT_LHASH_DOALL_ARG(TABNODE,DUMP_ARG); ++#endif ++ + /* + * write sessions to the control socket + */ +@@ -1430,7 +1484,9 @@ dump_sess(const int control_sock, LHASH_OF(TABNODE) *const sess, BACKEND *const + + a.control_sock = control_sock; + a.backends = backends; +-#if OPENSSL_VERSION_NUMBER >= 0x10000000L ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++ lh_TABNODE_doall_DUMP_ARG(sess, t_dump_doall_arg, &a); ++#elif OPENSSL_VERSION_NUMBER >= 0x10000000L + LHM_lh_doall_arg(TABNODE, sess, LHASH_DOALL_ARG_FN(t_dump), DUMP_ARG, &a); + #else + lh_doall_arg(sess, LHASH_DOALL_ARG_FN(t_dump), &a); +@@ -1664,6 +1720,13 @@ thr_control(void *arg) + } + } + ++#ifndef SSL3_ST_SR_CLNT_HELLO_A ++# define SSL3_ST_SR_CLNT_HELLO_A (0x110|SSL_ST_ACCEPT) ++#endif ++#ifndef SSL23_ST_SR_CLNT_HELLO_A ++# define SSL23_ST_SR_CLNT_HELLO_A (0x210|SSL_ST_ACCEPT) ++#endif ++ + void + SSLINFO_callback(const SSL *ssl, int where, int rc) + { From patchwork Sat Aug 25 09:17:02 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Bernd Kuhls X-Patchwork-Id: 962154 Return-Path: X-Original-To: incoming-buildroot@patchwork.ozlabs.org Delivered-To: patchwork-incoming-buildroot@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=busybox.net (client-ip=140.211.166.136; helo=silver.osuosl.org; envelope-from=buildroot-bounces@busybox.net; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=t-online.de Received: from silver.osuosl.org (smtp3.osuosl.org [140.211.166.136]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 41yCGY15bWz9s3Z for ; Sat, 25 Aug 2018 19:17:24 +1000 (AEST) Received: from localhost (localhost [127.0.0.1]) by silver.osuosl.org (Postfix) with ESMTP id 7B29D220E2; Sat, 25 Aug 2018 09:17:23 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from silver.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DB5hqH-AS8Kx; Sat, 25 Aug 2018 09:17:22 +0000 (UTC) Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34]) by silver.osuosl.org (Postfix) with ESMTP id 1D52121F74; Sat, 25 Aug 2018 09:17:22 +0000 (UTC) X-Original-To: buildroot@lists.busybox.net Delivered-To: buildroot@osuosl.org Received: from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138]) by ash.osuosl.org (Postfix) with ESMTP id 979371CF264 for ; Sat, 25 Aug 2018 09:17:16 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by whitealder.osuosl.org (Postfix) with ESMTP id 93F9685D72 for ; Sat, 25 Aug 2018 09:17:16 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from whitealder.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rgkNd1duBxRd for ; Sat, 25 Aug 2018 09:17:15 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from mailout05.t-online.de (mailout05.t-online.de [194.25.134.82]) by whitealder.osuosl.org (Postfix) with ESMTPS id 4DDDF85DCE for ; Sat, 25 Aug 2018 09:17:15 +0000 (UTC) Received: from fwd34.aul.t-online.de (fwd34.aul.t-online.de [172.20.26.145]) by mailout05.t-online.de (Postfix) with SMTP id 347FB4262FC3; Sat, 25 Aug 2018 11:17:13 +0200 (CEST) Received: from fli4l.lan.fli4l (Tz0POUZrQhBjK9JMUGFvw8bhjInCnMwYZ5d7zBD--iIC8GN2-eWWB7mK6hghwo-QEs@[91.58.2.49]) by fwd34.t-online.de with (TLSv1:ECDHE-RSA-AES256-SHA encrypted) esmtp id 1ftUgt-1aX0We0; Sat, 25 Aug 2018 11:17:07 +0200 Received: from mahler.lan.fli4l ([192.168.1.1]:44964 helo=kuhls.lan.fli4l) by fli4l.lan.fli4l with esmtp (Exim 4.91) (envelope-from ) id 1ftUgt-0003CG-1H; Sat, 25 Aug 2018 11:17:07 +0200 From: Bernd Kuhls To: buildroot@buildroot.org Date: Sat, 25 Aug 2018 11:17:02 +0200 Message-Id: <20180825091702.28471-8-bernd.kuhls@t-online.de> X-Mailer: git-send-email 2.18.0 In-Reply-To: <20180825091702.28471-1-bernd.kuhls@t-online.de> References: <20180825091702.28471-1-bernd.kuhls@t-online.de> X-ID: Tz0POUZrQhBjK9JMUGFvw8bhjInCnMwYZ5d7zBD--iIC8GN2-eWWB7mK6hghwo-QEs X-TOI-MSGID: 782245b5-5f60-495f-9d77-2dcbcce8827f Subject: [Buildroot] [PATCH/next 7/7] package/rdesktop: Fix build with OpenSSL 1.1.x X-BeenThere: buildroot@busybox.net X-Mailman-Version: 2.1.24 Precedence: list List-Id: Discussion and development of buildroot List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Marcin Bis MIME-Version: 1.0 Errors-To: buildroot-bounces@busybox.net Sender: "buildroot" Signed-off-by: Bernd Kuhls --- package/rdesktop/0002-openssl11.patch | 130 ++++++++++++++++++++++++++ 1 file changed, 130 insertions(+) create mode 100644 package/rdesktop/0002-openssl11.patch diff --git a/package/rdesktop/0002-openssl11.patch b/package/rdesktop/0002-openssl11.patch new file mode 100644 index 0000000000..050d6f6903 --- /dev/null +++ b/package/rdesktop/0002-openssl11.patch @@ -0,0 +1,130 @@ +From bd6aa6acddf0ba640a49834807872f4cc0d0a773 Mon Sep 17 00:00:00 2001 +From: Jani Hakala +Date: Thu, 16 Jun 2016 14:28:15 +0300 +Subject: [PATCH] Fix OpenSSL 1.1 compability issues + +Some data types have been made opaque in OpenSSL version 1.1 so +stack allocation and accessing struct fields directly does not work. + +Downloaded from upstream commit +https://github.com/rdesktop/rdesktop/commit/bd6aa6acddf0ba640a49834807872f4cc0d0a773 + +Signed-off-by: Bernd Kuhls +--- + ssl.c | 65 ++++++++++++++++++++++++++++++++++++----------------------- + 1 file changed, 40 insertions(+), 25 deletions(-) + +diff --git a/ssl.c b/ssl.c +index 48751255..032e9b9e 100644 +--- a/ssl.c ++++ b/ssl.c +@@ -88,7 +88,7 @@ rdssl_rsa_encrypt(uint8 * out, uint8 * in, int len, uint32 modulus_size, uint8 * + uint8 * exponent) + { + BN_CTX *ctx; +- BIGNUM mod, exp, x, y; ++ BIGNUM *mod, *exp, *x, *y; + uint8 inr[SEC_MAX_MODULUS_SIZE]; + int outlen; + +@@ -98,24 +98,24 @@ rdssl_rsa_encrypt(uint8 * out, uint8 * in, int len, uint32 modulus_size, uint8 * + reverse(inr, len); + + ctx = BN_CTX_new(); +- BN_init(&mod); +- BN_init(&exp); +- BN_init(&x); +- BN_init(&y); +- +- BN_bin2bn(modulus, modulus_size, &mod); +- BN_bin2bn(exponent, SEC_EXPONENT_SIZE, &exp); +- BN_bin2bn(inr, len, &x); +- BN_mod_exp(&y, &x, &exp, &mod, ctx); +- outlen = BN_bn2bin(&y, out); ++ mod = BN_new(); ++ exp = BN_new(); ++ x = BN_new(); ++ y = BN_new(); ++ ++ BN_bin2bn(modulus, modulus_size, mod); ++ BN_bin2bn(exponent, SEC_EXPONENT_SIZE, exp); ++ BN_bin2bn(inr, len, x); ++ BN_mod_exp(y, x, exp, mod, ctx); ++ outlen = BN_bn2bin(y, out); + reverse(out, outlen); + if (outlen < (int) modulus_size) + memset(out + outlen, 0, modulus_size - outlen); + +- BN_free(&y); +- BN_clear_free(&x); +- BN_free(&exp); +- BN_free(&mod); ++ BN_free(y); ++ BN_clear_free(x); ++ BN_free(exp); ++ BN_free(mod); + BN_CTX_free(ctx); + } + +@@ -146,12 +146,20 @@ rdssl_cert_to_rkey(RDSSL_CERT * cert, uint32 * key_len) + + Kudos to Richard Levitte for the following (. intiutive .) + lines of code that resets the OID and let's us extract the key. */ +- nid = OBJ_obj2nid(cert->cert_info->key->algor->algorithm); ++ ++ X509_PUBKEY *key = NULL; ++ X509_ALGOR *algor = NULL; ++ ++ key = X509_get_X509_PUBKEY(cert); ++ algor = X509_PUBKEY_get0_param(NULL, NULL, 0, &algor, key); ++ ++ nid = OBJ_obj2nid(algor->algorithm); ++ + if ((nid == NID_md5WithRSAEncryption) || (nid == NID_shaWithRSAEncryption)) + { + DEBUG_RDP5(("Re-setting algorithm type to RSA in server certificate\n")); +- ASN1_OBJECT_free(cert->cert_info->key->algor->algorithm); +- cert->cert_info->key->algor->algorithm = OBJ_nid2obj(NID_rsaEncryption); ++ X509_PUBKEY_set0_param(key, OBJ_nid2obj(NID_rsaEncryption), ++ 0, NULL, NULL, 0); + } + epk = X509_get_pubkey(cert); + if (NULL == epk) +@@ -201,14 +209,24 @@ rdssl_rkey_get_exp_mod(RDSSL_RKEY * rkey, uint8 * exponent, uint32 max_exp_len, + { + int len; + +- if ((BN_num_bytes(rkey->e) > (int) max_exp_len) || +- (BN_num_bytes(rkey->n) > (int) max_mod_len)) ++ BIGNUM *e = NULL; ++ BIGNUM *n = NULL; ++ ++#if OPENSSL_VERSION_NUMBER < 0x10100000L ++ e = rkey->e; ++ n = rkey->n; ++#else ++ RSA_get0_key(rkey, &e, &n, NULL); ++#endif ++ ++ if ((BN_num_bytes(e) > (int) max_exp_len) || ++ (BN_num_bytes(n) > (int) max_mod_len)) + { + return 1; + } +- len = BN_bn2bin(rkey->e, exponent); ++ len = BN_bn2bin(e, exponent); + reverse(exponent, len); +- len = BN_bn2bin(rkey->n, modulus); ++ len = BN_bn2bin(n, modulus); + reverse(modulus, len); + return 0; + } +@@ -229,8 +247,5 @@ void + rdssl_hmac_md5(const void *key, int key_len, const unsigned char *msg, int msg_len, + unsigned char *md) + { +- HMAC_CTX ctx; +- HMAC_CTX_init(&ctx); + HMAC(EVP_md5(), key, key_len, msg, msg_len, md, NULL); +- HMAC_CTX_cleanup(&ctx); + }