| Message ID | mailman.1934.1527733164.25356.openwrt-devel@lists.openwrt.org |
|---|---|
| State | Superseded |
| Headers | show |
| Series | openssl 1.1.0 patch set | expand |
On Wed, May 30, 2018 at 7:20 PM, Eneas U de Queiroz via openwrt-devel <openwrt-devel@lists.openwrt.org> wrote: > The sender domain has a DMARC Reject/Quarantine policy which disallows > sending mailing list messages using the original "From" header. > > To mitigate this problem, the original message has been wrapped > automatically by the mailing list software. > > ---------- Forwarded message ---------- > From: Eneas U de Queiroz <cote2004-github@yahoo.com> > To: openwrt-devel@lists.openwrt.org > Cc: Eneas U de Queiroz <cote2004-github@yahoo.com> > Bcc: > Date: Wed, 30 May 2018 23:18:37 -0300 > Subject: [PATCH v2 4/4] ustream-ssl: openssl-1.1 compatibility > I've rewritten the patch, removing deprecated API. > > It is much cleaner now; ustream-io-openssl.c has no #if's, and they're > minimized in ustream-openssl.c. This does not apply. > > Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com> > --- > openssl_bio_compat.h | 34 ++++++++++++++++++++++++++++++++++ > ustream-io-openssl.c | 45 +++------------------------------------------ > ustream-openssl.c | 26 ++++++++++++-------------- > 3 files changed, 49 insertions(+), 56 deletions(-) > create mode 100644 openssl_bio_compat.h > > diff --git a/openssl_bio_compat.h b/openssl_bio_compat.h > new file mode 100644 > index 0000000..dedc412 > --- /dev/null > +++ b/openssl_bio_compat.h > @@ -0,0 +1,34 @@ > +#ifndef OPENSSL_BIO_COMPAT_H > +#define OPENSSL_BIO_COMPAT_H > + > +#include <openssl/opensslv.h> > +#if OPENSSL_VERSION_NUMBER < 0x10100000L > + > +#include <openssl/bio.h> > +#include <string.h> > + > +#define BIO_get_data(b) (b->ptr) > +#define BIO_set_data(b, v) (b->ptr = v) > +#define BIO_set_init(b, v) (b->init = v) > +#define BIO_set_shutdown(b, v) (b->flags = v) > +#define BIO_meth_set_write(m, f) (m->bwrite = f) > +#define BIO_meth_set_read(m, f) (m->bread = f) > +#define BIO_meth_set_puts(m, f) (m->bputs = f) > +#define BIO_meth_set_gets(m, f) (m->bgets = f) > +#define BIO_meth_set_ctrl(m, f) (m->ctrl = f) > +#define BIO_meth_set_create(m, f) (m->create = f) > +#define BIO_meth_set_destroy(m, f) (m->destroy = f) > + > +static inline BIO_METHOD *BIO_meth_new(int type, const char *name) > +{ > + BIO_METHOD *bm = calloc(1, sizeof(BIO_METHOD)); > + if (bm) { > + bm->type = type; > + bm->name = name; > + } > + return bm; > +} > + > +#endif /* OPENSSL_VERSION_NUMBER */ > + > +#endif /* OPENSSL_BIO_COMPAT_H */ > diff --git a/ustream-io-openssl.c b/ustream-io-openssl.c > index 73a2ba6..aa9f401 100644 > --- a/ustream-io-openssl.c > +++ b/ustream-io-openssl.c > @@ -21,21 +21,15 @@ > #include <libubox/ustream.h> > > #include "ustream-ssl.h" > +#include "openssl_bio_compat.h" > #include "ustream-internal.h" > > static int > s_ustream_new(BIO *b) > { > -#if OPENSSL_VERSION_NUMBER >= 0x10100000L > BIO_set_init(b, 1); > BIO_set_data(b, NULL); > BIO_set_shutdown(b, 0); > -#else > - b->init = 1; > - b->num = 0; > - b->ptr = NULL; > - b->flags = 0; > -#endif > return 1; > } > > @@ -45,15 +39,9 @@ s_ustream_free(BIO *b) > if (!b) > return 0; > > -#if OPENSSL_VERSION_NUMBER >= 0x10100000L > BIO_set_data(b, NULL); > BIO_set_init(b, 0); > BIO_set_shutdown(b, 0); > -#else > - b->ptr = NULL; > - b->init = 0; > - b->flags = 0; > -#endif > return 1; > } > > @@ -67,11 +55,7 @@ s_ustream_read(BIO *b, char *buf, int len) > if (!buf || len <= 0) > return 0; > > -#if OPENSSL_VERSION_NUMBER >= 0x10100000L > s = (struct ustream *)BIO_get_data(b); > -#else > - s = (struct ustream *)b->ptr; > -#endif > if (!s) > return 0; > > @@ -100,11 +84,7 @@ s_ustream_write(BIO *b, const char *buf, int len) > if (!buf || len <= 0) > return 0; > > -#if OPENSSL_VERSION_NUMBER >= 0x10100000L > s = (struct ustream *)BIO_get_data(b); > -#else > - s = (struct ustream *)b->ptr; > -#endif > if (!s) > return 0; > > @@ -136,29 +116,13 @@ static long s_ustream_ctrl(BIO *b, int cmd, long num, void *ptr) > }; > } > > -#if OPENSSL_VERSION_NUMBER < 0x10100000L > -static BIO_METHOD methods_ustream = { > - 100 | BIO_TYPE_SOURCE_SINK, > - "ustream", > - s_ustream_write, > - s_ustream_read, > - s_ustream_puts, > - s_ustream_gets, > - s_ustream_ctrl, > - s_ustream_new, > - s_ustream_free, > - NULL, > -}; > -#endif > - > static BIO *ustream_bio_new(struct ustream *s) > { > BIO *bio; > > -#if OPENSSL_VERSION_NUMBER >= 0x10100000L > BIO_METHOD *methods_ustream; > > - methods_ustream = BIO_meth_new(BIO_get_new_index() | BIO_TYPE_SOURCE_SINK, "ustream"); > + methods_ustream = BIO_meth_new(100 | BIO_TYPE_SOURCE_SINK, "ustream"); > BIO_meth_set_write(methods_ustream, s_ustream_write); > BIO_meth_set_read(methods_ustream, s_ustream_read); > BIO_meth_set_puts(methods_ustream, s_ustream_puts); > @@ -168,10 +132,7 @@ static BIO *ustream_bio_new(struct ustream *s) > BIO_meth_set_destroy(methods_ustream, s_ustream_free); > bio = BIO_new(methods_ustream); > BIO_set_data(bio, s); > -#else > - bio = BIO_new(&methods_ustream); > - bio->ptr = s; > -#endif > + > return bio; > } > > diff --git a/ustream-openssl.c b/ustream-openssl.c > index 303b58e..c6839ea 100644 > --- a/ustream-openssl.c > +++ b/ustream-openssl.c > @@ -25,42 +25,40 @@ > __hidden struct ustream_ssl_ctx * > __ustream_ssl_context_new(bool server) > { > - static bool _init = false; > const void *m; > SSL_CTX *c; > > +#if OPENSSL_VERSION_NUMBER < 0x10100000L > + static bool _init = false; > + > if (!_init) { > SSL_load_error_strings(); > SSL_library_init(); > _init = true; > } > +# define TLS_server_method SSLv23_server_method > +# define TLS_client_method SSLv23_client_method > +#endif > > - if (server) > -#ifdef CYASSL_OPENSSL_H_ > - m = SSLv23_server_method(); > -#elif OPENSSL_VERSION_NUMBER >= 0x10100000L > + if (server) { > m = TLS_server_method(); > -#else > - m = TLSv1_2_server_method(); > -#endif > - else > -#if OPENSSL_VERSION_NUMBER >= 0x10100000L > + } else > m = TLS_client_method(); > -#else > - m = SSLv23_client_method(); > -#endif > > c = SSL_CTX_new((void *) m); > if (!c) > return NULL; > > SSL_CTX_set_verify(c, SSL_VERIFY_NONE, NULL); > -#if !defined(OPENSSL_NO_ECDH) && !defined(CYASSL_OPENSSL_H_) > + SSL_CTX_set_options (c, SSL_OP_NO_COMPRESSION); /* avoid CRIME attack */ > +#if !defined(OPENSSL_NO_ECDH) && !defined(CYASSL_OPENSSL_H_) && OPENSSL_VERSION_NUMBER < 0x10100000L > SSL_CTX_set_ecdh_auto(c, 1); > #endif > if (server) { > #if OPENSSL_VERSION_NUMBER >= 0x10100000L > SSL_CTX_set_min_proto_version(c, TLS1_2_VERSION); > +#else > + SSL_CTX_set_options (c, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1); > #endif > SSL_CTX_set_cipher_list(c, "DEFAULT:!RC4:@STRENGTH"); > } > -- > 2.16.1 > > > > _______________________________________________ > openwrt-devel mailing list > openwrt-devel@lists.openwrt.org > https://lists.openwrt.org/listinfo/openwrt-devel >
diff --git a/openssl_bio_compat.h b/openssl_bio_compat.h new file mode 100644 index 0000000..dedc412 --- /dev/null +++ b/openssl_bio_compat.h @@ -0,0 +1,34 @@ +#ifndef OPENSSL_BIO_COMPAT_H +#define OPENSSL_BIO_COMPAT_H + +#include <openssl/opensslv.h> +#if OPENSSL_VERSION_NUMBER < 0x10100000L + +#include <openssl/bio.h> +#include <string.h> + +#define BIO_get_data(b) (b->ptr) +#define BIO_set_data(b, v) (b->ptr = v) +#define BIO_set_init(b, v) (b->init = v) +#define BIO_set_shutdown(b, v) (b->flags = v) +#define BIO_meth_set_write(m, f) (m->bwrite = f) +#define BIO_meth_set_read(m, f) (m->bread = f) +#define BIO_meth_set_puts(m, f) (m->bputs = f) +#define BIO_meth_set_gets(m, f) (m->bgets = f) +#define BIO_meth_set_ctrl(m, f) (m->ctrl = f) +#define BIO_meth_set_create(m, f) (m->create = f) +#define BIO_meth_set_destroy(m, f) (m->destroy = f) + +static inline BIO_METHOD *BIO_meth_new(int type, const char *name) +{ + BIO_METHOD *bm = calloc(1, sizeof(BIO_METHOD)); + if (bm) { + bm->type = type; + bm->name = name; + } + return bm; +} + +#endif /* OPENSSL_VERSION_NUMBER */ + +#endif /* OPENSSL_BIO_COMPAT_H */ diff --git a/ustream-io-openssl.c b/ustream-io-openssl.c index 73a2ba6..aa9f401 100644 --- a/ustream-io-openssl.c +++ b/ustream-io-openssl.c @@ -21,21 +21,15 @@ #include <libubox/ustream.h> #include "ustream-ssl.h" +#include "openssl_bio_compat.h" #include "ustream-internal.h" static int s_ustream_new(BIO *b) { -#if OPENSSL_VERSION_NUMBER >= 0x10100000L BIO_set_init(b, 1); BIO_set_data(b, NULL); BIO_set_shutdown(b, 0); -#else - b->init = 1; - b->num = 0; - b->ptr = NULL; - b->flags = 0; -#endif return 1; } @@ -45,15 +39,9 @@ s_ustream_free(BIO *b) if (!b) return 0; -#if OPENSSL_VERSION_NUMBER >= 0x10100000L BIO_set_data(b, NULL); BIO_set_init(b, 0); BIO_set_shutdown(b, 0); -#else - b->ptr = NULL; - b->init = 0; - b->flags = 0; -#endif return 1; } @@ -67,11 +55,7 @@ s_ustream_read(BIO *b, char *buf, int len) if (!buf || len <= 0) return 0; -#if OPENSSL_VERSION_NUMBER >= 0x10100000L s = (struct ustream *)BIO_get_data(b); -#else - s = (struct ustream *)b->ptr; -#endif if (!s) return 0; @@ -100,11 +84,7 @@ s_ustream_write(BIO *b, const char *buf, int len) if (!buf || len <= 0) return 0; -#if OPENSSL_VERSION_NUMBER >= 0x10100000L s = (struct ustream *)BIO_get_data(b); -#else - s = (struct ustream *)b->ptr; -#endif if (!s) return 0; @@ -136,29 +116,13 @@ static long s_ustream_ctrl(BIO *b, int cmd, long num, void *ptr) }; } -#if OPENSSL_VERSION_NUMBER < 0x10100000L -static BIO_METHOD methods_ustream = { - 100 | BIO_TYPE_SOURCE_SINK, - "ustream", - s_ustream_write, - s_ustream_read, - s_ustream_puts, - s_ustream_gets, - s_ustream_ctrl, - s_ustream_new, - s_ustream_free, - NULL, -}; -#endif - static BIO *ustream_bio_new(struct ustream *s) { BIO *bio; -#if OPENSSL_VERSION_NUMBER >= 0x10100000L BIO_METHOD *methods_ustream; - methods_ustream = BIO_meth_new(BIO_get_new_index() | BIO_TYPE_SOURCE_SINK, "ustream"); + methods_ustream = BIO_meth_new(100 | BIO_TYPE_SOURCE_SINK, "ustream"); BIO_meth_set_write(methods_ustream, s_ustream_write); BIO_meth_set_read(methods_ustream, s_ustream_read); BIO_meth_set_puts(methods_ustream, s_ustream_puts); @@ -168,10 +132,7 @@ static BIO *ustream_bio_new(struct ustream *s) BIO_meth_set_destroy(methods_ustream, s_ustream_free); bio = BIO_new(methods_ustream); BIO_set_data(bio, s); -#else - bio = BIO_new(&methods_ustream); - bio->ptr = s; -#endif + return bio; } diff --git a/ustream-openssl.c b/ustream-openssl.c index 303b58e..c6839ea 100644 --- a/ustream-openssl.c +++ b/ustream-openssl.c @@ -25,42 +25,40 @@ __hidden struct ustream_ssl_ctx * __ustream_ssl_context_new(bool server) { - static bool _init = false; const void *m; SSL_CTX *c; +#if OPENSSL_VERSION_NUMBER < 0x10100000L + static bool _init = false; + if (!_init) { SSL_load_error_strings(); SSL_library_init(); _init = true; } +# define TLS_server_method SSLv23_server_method +# define TLS_client_method SSLv23_client_method +#endif - if (server) -#ifdef CYASSL_OPENSSL_H_ - m = SSLv23_server_method(); -#elif OPENSSL_VERSION_NUMBER >= 0x10100000L + if (server) { m = TLS_server_method(); -#else - m = TLSv1_2_server_method(); -#endif - else -#if OPENSSL_VERSION_NUMBER >= 0x10100000L + } else m = TLS_client_method(); -#else - m = SSLv23_client_method(); -#endif c = SSL_CTX_new((void *) m); if (!c) return NULL; SSL_CTX_set_verify(c, SSL_VERIFY_NONE, NULL); -#if !defined(OPENSSL_NO_ECDH) && !defined(CYASSL_OPENSSL_H_) + SSL_CTX_set_options (c, SSL_OP_NO_COMPRESSION); /* avoid CRIME attack */ +#if !defined(OPENSSL_NO_ECDH) && !defined(CYASSL_OPENSSL_H_) && OPENSSL_VERSION_NUMBER < 0x10100000L SSL_CTX_set_ecdh_auto(c, 1); #endif if (server) { #if OPENSSL_VERSION_NUMBER >= 0x10100000L SSL_CTX_set_min_proto_version(c, TLS1_2_VERSION); +#else + SSL_CTX_set_options (c, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1); #endif SSL_CTX_set_cipher_list(c, "DEFAULT:!RC4:@STRENGTH"); }
The sender domain has a DMARC Reject/Quarantine policy which disallows sending mailing list messages using the original "From" header. To mitigate this problem, the original message has been wrapped automatically by the mailing list software. I've rewritten the patch, removing deprecated API. It is much cleaner now; ustream-io-openssl.c has no #if's, and they're minimized in ustream-openssl.c. Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com> --- openssl_bio_compat.h | 34 ++++++++++++++++++++++++++++++++++ ustream-io-openssl.c | 45 +++------------------------------------------ ustream-openssl.c | 26 ++++++++++++-------------- 3 files changed, 49 insertions(+), 56 deletions(-) create mode 100644 openssl_bio_compat.h