webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-05-11 01:38:25 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'openssl-11' into next

Browse Source
This commit is contained in:
Michael Tremer
2018-02-21 12:21:10 +00:00
parent cb8a6bf5a4 a4fd232541
commit 9434bffaf2
32 changed files with 9613 additions and 472 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
src/patches/elinks-0.11.0-ssl-noegd.patch Normal file
View File

@@ -0,0 +1,21 @@
--- elinks-0.11.0/src/network/ssl/ssl.c.noegd 2006-01-10 09:24:50.000000000 +0100
+++ elinks-0.11.0/src/network/ssl/ssl.c 2006-01-10 09:25:01.000000000 +0100
@@ -44,18 +44,6 @@ SSL_CTX *context = NULL;
static void
init_openssl(struct module *module)
{
- unsigned char f_randfile[PATH_MAX];
-
- /* In a nutshell, on OS's without a /dev/urandom, the OpenSSL library
- * cannot initialize the PRNG and so every attempt to use SSL fails.
- * It's actually an OpenSSL FAQ, and according to them, it's up to the
- * application coders to seed the RNG. -- William Yodlowsky */
- if (RAND_egd(RAND_file_name(f_randfile, sizeof(f_randfile))) < 0) {
- /* Not an EGD, so read and write to it */
- if (RAND_load_file(f_randfile, -1))
- RAND_write_file(f_randfile);
- }
-
SSLeay_add_ssl_algorithms();
context = SSL_CTX_new(SSLv23_client_method());
SSL_CTX_set_options(context, SSL_OP_ALL);

73
src/patches/elinks-0.12pre6-openssl11.patch Normal file
View File

@@ -0,0 +1,73 @@
From d83c0edf4c6ae42359ff856d7a879ecba5769595 Mon Sep 17 00:00:00 2001
From: Kamil Dudka <kdudka@redhat.com>
Date: Fri, 17 Feb 2017 16:51:41 +0100
Subject: [PATCH 1/2] fix compatibility with OpenSSL 1.1
---
src/network/ssl/socket.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/network/ssl/socket.c b/src/network/ssl/socket.c
index c9e2be4..467fc48 100644
--- a/src/network/ssl/socket.c
+++ b/src/network/ssl/socket.c
@@ -83,7 +83,7 @@ static void
ssl_set_no_tls(struct socket *socket)
{
#ifdef CONFIG_OPENSSL
- ((ssl_t *) socket->ssl)->options |= SSL_OP_NO_TLSv1;
+ SSL_set_options((ssl_t *) socket->ssl, SSL_OP_NO_TLSv1);
#elif defined(CONFIG_GNUTLS)
{
/* GnuTLS does not support SSLv2 because it is "insecure".
@@ -419,7 +419,7 @@ ssl_connect(struct socket *socket)
}
if (client_cert) {
- SSL_CTX *ctx = ((SSL *) socket->ssl)->ctx;
+ SSL_CTX *ctx = SSL_get_SSL_CTX((SSL *) socket->ssl);
SSL_CTX_use_certificate_chain_file(ctx, client_cert);
SSL_CTX_use_PrivateKey_file(ctx, client_cert,
--
2.7.4
From ec952cc5b79973bee73fcfc813159d40c22b7228 Mon Sep 17 00:00:00 2001
From: Tomas Mraz <tmraz@fedoraproject.org>
Date: Fri, 17 Feb 2017 16:44:11 +0100
Subject: [PATCH 2/2] drop disablement of TLS1.0 on second attempt to connect
It would not work correctly anyway and the code does not build
with OpenSSL-1.1.0.
---
src/network/ssl/socket.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/src/network/ssl/socket.c b/src/network/ssl/socket.c
index 467fc48..b981c1e 100644
--- a/src/network/ssl/socket.c
+++ b/src/network/ssl/socket.c
@@ -82,6 +82,11 @@
static void
ssl_set_no_tls(struct socket *socket)
{
+#if 0
+/* This implements the insecure renegotiation, which should not be used.
+ * The code also would not work on current Fedora (>= Fedora 23) anyway,
+ * because it would just switch off TLS 1.0 keeping TLS 1.1 and 1.2 enabled.
+ */
#ifdef CONFIG_OPENSSL
SSL_set_options((ssl_t *) socket->ssl, SSL_OP_NO_TLSv1);
#elif defined(CONFIG_GNUTLS)
@@ -96,6 +101,7 @@ ssl_set_no_tls(struct socket *socket)
gnutls_protocol_set_priority(*(ssl_t *) socket->ssl, protocol_priority);
}
#endif
+#endif
}
#ifdef USE_OPENSSL
--
2.7.4

303
src/patches/net-snmp-5.7.3-openssl.patch Normal file
View File

@@ -0,0 +1,303 @@
diff -urNp old/apps/snmpusm.c new/apps/snmpusm.c
--- old/apps/snmpusm.c 2014-12-08 21:23:22.000000000 +0100
+++ new/apps/snmpusm.c 2017-02-20 15:20:36.994022905 +0100
@@ -190,7 +190,7 @@ get_USM_DH_key(netsnmp_variable_list *va
oid *keyoid, size_t keyoid_len) {
u_char *dhkeychange;
DH *dh;
- BIGNUM *other_pub;
+ BIGNUM *p, *g, *pub_key, *other_pub;
u_char *key;
size_t key_len;
@@ -205,25 +205,29 @@ get_USM_DH_key(netsnmp_variable_list *va
dh = d2i_DHparams(NULL, &cp, dhvar->val_len);
}
- if (!dh || !dh->g || !dh->p) {
+ if (dh)
+ DH_get0_pqg(dh, &p, NULL, &g);
+
+ if (!dh || !g || !p) {
SNMP_FREE(dhkeychange);
return SNMPERR_GENERR;
}
- DH_generate_key(dh);
- if (!dh->pub_key) {
+ if (!DH_generate_key(dh)) {
SNMP_FREE(dhkeychange);
return SNMPERR_GENERR;
}
- if (vars->val_len != (unsigned int)BN_num_bytes(dh->pub_key)) {
+ DH_get0_key(dh, &pub_key, NULL);
+
+ if (vars->val_len != (unsigned int)BN_num_bytes(pub_key)) {
SNMP_FREE(dhkeychange);
fprintf(stderr,"incorrect diffie-helman lengths (%lu != %d)\n",
- (unsigned long)vars->val_len, BN_num_bytes(dh->pub_key));
+ (unsigned long)vars->val_len, BN_num_bytes(pub_key));
return SNMPERR_GENERR;
}
- BN_bn2bin(dh->pub_key, dhkeychange + vars->val_len);
+ BN_bn2bin(pub_key, dhkeychange + vars->val_len);
key_len = DH_size(dh);
if (!key_len) {
diff -urNp old/configure new/configure
--- old/configure 2017-02-20 10:08:16.440396223 +0100
+++ new/configure 2017-02-20 10:57:15.749734281 +0100
@@ -23176,9 +23176,9 @@ $as_echo "#define HAVE_AES_CFB128_ENCRYP
fi
- as_ac_Lib=`$as_echo "ac_cv_lib_${CRYPTO}''_EVP_MD_CTX_create" | $as_tr_sh`
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for EVP_MD_CTX_create in -l${CRYPTO}" >&5
-$as_echo_n "checking for EVP_MD_CTX_create in -l${CRYPTO}... " >&6; }
+ as_ac_Lib=`$as_echo "ac_cv_lib_${CRYPTO}''_EVP_MD_CTX_new" | $as_tr_sh`
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for EVP_MD_CTX_new in -l${CRYPTO}" >&5
+$as_echo_n "checking for EVP_MD_CTX_new in -l${CRYPTO}... " >&6; }
if eval \${$as_ac_Lib+:} false; then :
$as_echo_n "(cached) " >&6
else
@@ -23193,11 +23193,11 @@ cat confdefs.h - <<_ACEOF >conftest.$ac_
#ifdef __cplusplus
extern "C"
#endif
-char EVP_MD_CTX_create ();
+char EVP_MD_CTX_new ();
int
main ()
{
-return EVP_MD_CTX_create ();
+return EVP_MD_CTX_new ();
;
return 0;
}
@@ -23216,10 +23216,10 @@ eval ac_res=\$$as_ac_Lib
$as_echo "$ac_res" >&6; }
if eval test \"x\$"$as_ac_Lib"\" = x"yes"; then :
-$as_echo "#define HAVE_EVP_MD_CTX_CREATE /**/" >>confdefs.h
+$as_echo "#define HAVE_EVP_MD_CTX_NEW /**/" >>confdefs.h
-$as_echo "#define HAVE_EVP_MD_CTX_DESTROY /**/" >>confdefs.h
+$as_echo "#define HAVE_EVP_MD_CTX_FREE /**/" >>confdefs.h
fi
@@ -23293,7 +23293,7 @@ char SSL_library_init ();
int
main ()
{
-return SSL_library_init ();
+return OPENSSL_init_ssl(0, NULL);
;
return 0;
}
diff -urNp old/configure.d/config_os_libs2 new/configure.d/config_os_libs2
--- old/configure.d/config_os_libs2 2014-12-08 21:23:22.000000000 +0100
+++ new/configure.d/config_os_libs2 2017-02-20 10:56:21.041616611 +0100
@@ -292,11 +292,11 @@ if test "x$tryopenssl" != "xno" -a "x$tr
AC_DEFINE(HAVE_AES_CFB128_ENCRYPT, 1,
[Define to 1 if you have the `AES_cfb128_encrypt' function.]))
- AC_CHECK_LIB(${CRYPTO}, EVP_MD_CTX_create,
- AC_DEFINE([HAVE_EVP_MD_CTX_CREATE], [],
- [Define to 1 if you have the `EVP_MD_CTX_create' function.])
- AC_DEFINE([HAVE_EVP_MD_CTX_DESTROY], [],
- [Define to 1 if you have the `EVP_MD_CTX_destroy' function.]))
+ AC_CHECK_LIB(${CRYPTO}, EVP_MD_CTX_new,
+ AC_DEFINE([HAVE_EVP_MD_CTX_NEW], [],
+ [Define to 1 if you have the `EVP_MD_CTX_new' function.])
+ AC_DEFINE([HAVE_EVP_MD_CTX_FREE], [],
+ [Define to 1 if you have the `EVP_MD_CTX_free' function.]))
fi
if echo " $transport_result_list " | $GREP "DTLS" > /dev/null; then
AC_CHECK_LIB(ssl, DTLSv1_method,
@@ -307,7 +307,7 @@ if test "x$tryopenssl" != "xno" -a "x$tr
TLSPROG=yes
fi
if echo " $transport_result_list " | $GREP "TLS" > /dev/null; then
- AC_CHECK_LIB(ssl, SSL_library_init,
+ AC_CHECK_LIB(ssl, OPENSSL_init_ssl,
AC_DEFINE(HAVE_LIBSSL, 1,
[Define to 1 if you have the `ssl' library (-lssl).])
LIBCRYPTO=" -lssl $LIBCRYPTO",
diff -urNp old/include/net-snmp/net-snmp-config.h.in new/include/net-snmp/net-snmp-config.h.in
--- old/include/net-snmp/net-snmp-config.h.in 2017-02-20 10:08:16.443522417 +0100
+++ new/include/net-snmp/net-snmp-config.h.in 2017-02-20 10:24:05.790584283 +0100
@@ -149,11 +149,11 @@
/* Define to 1 if you have the `eval_pv' function. */
#undef HAVE_EVAL_PV
-/* Define to 1 if you have the `EVP_MD_CTX_create' function. */
-#undef HAVE_EVP_MD_CTX_CREATE
+/* Define to 1 if you have the `EVP_MD_CTX_new' function. */
+#undef HAVE_EVP_MD_CTX_NEW
-/* Define to 1 if you have the `EVP_MD_CTX_destroy' function. */
-#undef HAVE_EVP_MD_CTX_DESTROY
+/* Define to 1 if you have the `EVP_MD_CTX_free' function. */
+#undef HAVE_EVP_MD_CTX_FREE
/* Define if you have EVP_sha224/256 in openssl */
#undef HAVE_EVP_SHA224
diff -urNp old/snmplib/keytools.c new/snmplib/keytools.c
--- old/snmplib/keytools.c 2014-12-08 21:23:22.000000000 +0100
+++ new/snmplib/keytools.c 2017-02-20 10:30:27.412068264 +0100
@@ -149,8 +149,8 @@ generate_Ku(const oid * hashtype, u_int
*/
#ifdef NETSNMP_USE_OPENSSL
-#ifdef HAVE_EVP_MD_CTX_CREATE
- ctx = EVP_MD_CTX_create();
+#ifdef HAVE_EVP_MD_CTX_NEW
+ ctx = EVP_MD_CTX_new();
#else
ctx = malloc(sizeof(*ctx));
if (!EVP_MD_CTX_init(ctx))
@@ -259,8 +259,8 @@ generate_Ku(const oid * hashtype, u_int
memset(buf, 0, sizeof(buf));
#ifdef NETSNMP_USE_OPENSSL
if (ctx) {
-#ifdef HAVE_EVP_MD_CTX_DESTROY
- EVP_MD_CTX_destroy(ctx);
+#ifdef HAVE_EVP_MD_CTX_FREE
+ EVP_MD_CTX_free(ctx);
#else
EVP_MD_CTX_cleanup(ctx);
free(ctx);
diff -urNp old/snmplib/scapi.c new/snmplib/scapi.c
--- old/snmplib/scapi.c 2014-12-08 21:23:22.000000000 +0100
+++ new/snmplib/scapi.c 2017-02-20 10:27:34.152379515 +0100
@@ -486,14 +486,14 @@ sc_hash(const oid * hashtype, size_t has
}
/** initialize the pointer */
-#ifdef HAVE_EVP_MD_CTX_CREATE
- cptr = EVP_MD_CTX_create();
+#ifdef HAVE_EVP_MD_CTX_NEW
+ cptr = EVP_MD_CTX_new();
#else
cptr = malloc(sizeof(*cptr));
#if defined(OLD_DES)
memset(cptr, 0, sizeof(*cptr));
#else
- EVP_MD_CTX_init(cptr);
+ EVP_MD_CTX_init(&cptr);
#endif
#endif
if (!EVP_DigestInit(cptr, hashfn)) {
@@ -507,11 +507,11 @@ sc_hash(const oid * hashtype, size_t has
/** do the final pass */
EVP_DigestFinal(cptr, MAC, &tmp_len);
*MAC_len = tmp_len;
-#ifdef HAVE_EVP_MD_CTX_DESTROY
- EVP_MD_CTX_destroy(cptr);
+#ifdef HAVE_EVP_MD_CTX_FREE
+ EVP_MD_CTX_free(cptr);
#else
#if !defined(OLD_DES)
- EVP_MD_CTX_cleanup(cptr);
+ EVP_MD_CTX_cleanup(&cptr);
#endif
free(cptr);
#endif
diff -urNp old/snmplib/snmp_openssl.c new/snmplib/snmp_openssl.c
--- old/snmplib/snmp_openssl.c 2014-12-08 21:23:22.000000000 +0100
+++ new/snmplib/snmp_openssl.c 2017-02-20 12:46:00.059727928 +0100
@@ -47,7 +47,7 @@ void netsnmp_init_openssl(void) {
DEBUGMSGTL(("snmp_openssl", "initializing\n"));
/* Initializing OpenSSL */
- SSL_library_init();
+ OPENSSL_init_ssl(0, NULL);
SSL_load_error_strings();
ERR_load_BIO_strings();
OpenSSL_add_all_algorithms();
@@ -164,11 +164,11 @@ netsnmp_openssl_cert_dump_names(X509 *oc
oname_entry = X509_NAME_get_entry(osubj_name, i);
netsnmp_assert(NULL != oname_entry);
- if (oname_entry->value->type != V_ASN1_PRINTABLESTRING)
+ if (X509_NAME_ENTRY_get_data(oname_entry)->type != V_ASN1_PRINTABLESTRING)
continue;
/** get NID */
- onid = OBJ_obj2nid(oname_entry->object);
+ onid = OBJ_obj2nid(X509_NAME_ENTRY_get_object(oname_entry));
if (onid == NID_undef) {
prefix_long = prefix_short = "UNKNOWN";
}
@@ -179,9 +179,9 @@ netsnmp_openssl_cert_dump_names(X509 *oc
DEBUGMSGT(("9:cert:dump:names",
"[%02d] NID type %d, ASN type %d\n", i, onid,
- oname_entry->value->type));
+ X509_NAME_ENTRY_get_data(oname_entry)->type));
DEBUGMSGT(("9:cert:dump:names", "%s/%s: '%s'\n", prefix_long,
- prefix_short, ASN1_STRING_data(oname_entry->value)));
+ prefix_short, ASN1_STRING_data(X509_NAME_ENTRY_get_data(oname_entry))));
}
}
#endif /* NETSNMP_FEATURE_REMOVE_CERT_DUMP_NAMES */
@@ -470,7 +470,7 @@ netsnmp_openssl_cert_get_hash_type(X509
if (NULL == ocert)
return 0;
- return _nid2ht(OBJ_obj2nid(ocert->sig_alg->algorithm));
+ return _nid2ht(X509_get_signature_nid(ocert));
}
/**
@@ -487,7 +487,7 @@ netsnmp_openssl_cert_get_fingerprint(X50
if (NULL == ocert)
return NULL;
- nid = OBJ_obj2nid(ocert->sig_alg->algorithm);
+ nid = X509_get_signature_nid(ocert);
DEBUGMSGT(("9:openssl:fingerprint", "alg %d, cert nid %d (%d)\n", alg, nid,
_nid2ht(nid)));
diff -urNp old/win32/net-snmp/net-snmp-config.h new/win32/net-snmp/net-snmp-config.h
--- old/win32/net-snmp/net-snmp-config.h 2014-12-08 21:23:22.000000000 +0100
+++ new/win32/net-snmp/net-snmp-config.h 2017-02-20 10:23:20.796778512 +0100
@@ -1366,11 +1366,11 @@
/* Define to 1 if you have the <openssl/aes.h> header file. */
#define HAVE_OPENSSL_AES_H 1
-/* Define to 1 if you have the `EVP_MD_CTX_create' function. */
-#define HAVE_EVP_MD_CTX_CREATE 1
+/* Define to 1 if you have the `EVP_MD_CTX_new' function. */
+#define HAVE_EVP_MD_CTX_NEW 1
-/* Define to 1 if you have the `EVP_MD_CTX_destroy' function. */
-#define HAVE_EVP_MD_CTX_DESTROY 1
+/* Define to 1 if you have the `EVP_MD_CTX_free' function. */
+#define HAVE_EVP_MD_CTX_FREE 1
/* Define to 1 if you have the `AES_cfb128_encrypt' function. */
#define HAVE_AES_CFB128_ENCRYPT 1
diff -urNp old/win32/net-snmp/net-snmp-config.h.in new/win32/net-snmp/net-snmp-config.h.in
--- old/win32/net-snmp/net-snmp-config.h.in 2014-12-08 21:23:22.000000000 +0100
+++ new/win32/net-snmp/net-snmp-config.h.in 2017-02-20 10:22:51.348367754 +0100
@@ -1366,11 +1366,11 @@
/* Define to 1 if you have the <openssl/aes.h> header file. */
#define HAVE_OPENSSL_AES_H 1
-/* Define to 1 if you have the `EVP_MD_CTX_create' function. */
-#define HAVE_EVP_MD_CTX_CREATE 1
+/* Define to 1 if you have the `EVP_MD_CTX_new' function. */
+#define HAVE_EVP_MD_CTX_NEW 1
-/* Define to 1 if you have the `EVP_MD_CTX_destroy' function. */
-#define HAVE_EVP_MD_CTX_DESTROY 1
+/* Define to 1 if you have the `EVP_MD_CTX_free' function. */
+#define HAVE_EVP_MD_CTX_FREE 1
/* Define to 1 if you have the `AES_cfb128_encrypt' function. */
#define HAVE_AES_CFB128_ENCRYPT 1

1982
src/patches/openssh-7.6p1-openssl-1.1.0.patch Normal file
View File

File diff suppressed because it is too large Load Diff

340
src/patches/openssl-1.0.2-fix_parallel_build-1.patch
View File

@@ -1,340 +0,0 @@
Submitted By: Armin K. <krejzi at email dot com>
Date: 2015-01-23
Initial Package Version: 1.0.1e
Upstream Status: Unknown
Origin: https://github.com/Alexpux/Qt-builds/tree/master/patches/openssl
Description: Fixes build when using more than one make job to build the package.
--- a/crypto/Makefile 2015-01-22 17:12:09.000000000 +0100
+++ b/crypto/Makefile 2015-01-23 16:42:13.460175569 +0100
@@ -85,11 +85,11 @@
@if [ -z "$(THIS)" ]; then $(MAKE) -f $(TOP)/Makefile reflect THIS=$@; fi
subdirs:
- @target=all; $(RECURSIVE_MAKE)
+ +@target=all; $(RECURSIVE_MAKE)
files:
$(PERL) $(TOP)/util/files.pl "CPUID_OBJ=$(CPUID_OBJ)" Makefile >> $(TOP)/MINFO
- @target=files; $(RECURSIVE_MAKE)
+ +@target=files; $(RECURSIVE_MAKE)
links:
@$(PERL) $(TOP)/util/mklink.pl ../include/openssl $(EXHEADER)
@@ -100,7 +100,7 @@
# lib: $(LIB): are splitted to avoid end-less loop
lib: $(LIB)
@touch lib
-$(LIB): $(LIBOBJ)
+$(LIB): $(LIBOBJ) | subdirs
$(AR) $(LIB) $(LIBOBJ)
test -z "$(FIPSLIBDIR)" || $(AR) $(LIB) $(FIPSLIBDIR)fipscanister.o
$(RANLIB) $(LIB) || echo Never mind.
@@ -111,7 +111,7 @@
fi
libs:
- @target=lib; $(RECURSIVE_MAKE)
+ +@target=lib; $(RECURSIVE_MAKE)
install:
@[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
@@ -120,7 +120,7 @@
(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
done;
- @target=install; $(RECURSIVE_MAKE)
+ +@target=install; $(RECURSIVE_MAKE)
lint:
@target=lint; $(RECURSIVE_MAKE)
--- a/engines/Makefile 2015-01-22 17:12:24.000000000 +0100
+++ b/engines/Makefile 2015-01-23 16:42:13.461175596 +0100
@@ -72,7 +72,7 @@
all: lib subdirs
-lib: $(LIBOBJ)
+lib: $(LIBOBJ) | subdirs
@if [ -n "$(SHARED_LIBS)" ]; then \
set -e; \
for l in $(LIBNAMES); do \
@@ -89,7 +89,7 @@
subdirs:
echo $(EDIRS)
- @target=all; $(RECURSIVE_MAKE)
+ +@target=all; $(RECURSIVE_MAKE)
files:
$(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
@@ -128,7 +128,7 @@
mv -f $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx.new $(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines/$$pfx$$l$$sfx ); \
done; \
fi
- @target=install; $(RECURSIVE_MAKE)
+ +@target=install; $(RECURSIVE_MAKE)
tags:
ctags $(SRC)
--- a/Makefile.org 2015-01-22 15:58:06.000000000 +0100
+++ b/Makefile.org 2015-01-23 16:42:13.461175596 +0100
@@ -274,17 +274,17 @@
build_libs: build_crypto build_ssl build_engines
build_crypto:
- @dir=crypto; target=all; $(BUILD_ONE_CMD)
-build_ssl:
- @dir=ssl; target=all; $(BUILD_ONE_CMD)
-build_engines:
- @dir=engines; target=all; $(BUILD_ONE_CMD)
-build_apps:
- @dir=apps; target=all; $(BUILD_ONE_CMD)
-build_tests:
- @dir=test; target=all; $(BUILD_ONE_CMD)
-build_tools:
- @dir=tools; target=all; $(BUILD_ONE_CMD)
+ +@dir=crypto; target=all; $(BUILD_ONE_CMD)
+build_ssl: build_crypto
+ +@dir=ssl; target=all; $(BUILD_ONE_CMD)
+build_engines: build_crypto
+ +@dir=engines; target=all; $(BUILD_ONE_CMD)
+build_apps: build_libs
+ +@dir=apps; target=all; $(BUILD_ONE_CMD)
+build_tests: build_libs
+ +@dir=test; target=all; $(BUILD_ONE_CMD)
+build_tools: build_libs
+ +@dir=tools; target=all; $(BUILD_ONE_CMD)
all_testapps: build_libs build_testapps
build_testapps:
@@ -536,9 +536,9 @@
dist_pem_h:
(cd crypto/pem; $(MAKE) -e $(BUILDENV) pem.h; $(MAKE) clean)
-install: all install_docs install_sw
+install: install_docs install_sw
-install_sw:
+install_dirs:
@$(PERL) $(TOP)/util/mkdir-p.pl $(INSTALL_PREFIX)$(INSTALLTOP)/bin \
$(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR) \
$(INSTALL_PREFIX)$(INSTALLTOP)/$(LIBDIR)/engines \
@@ -547,12 +547,19 @@
$(INSTALL_PREFIX)$(OPENSSLDIR)/misc \
$(INSTALL_PREFIX)$(OPENSSLDIR)/certs \
$(INSTALL_PREFIX)$(OPENSSLDIR)/private
+ @$(PERL) $(TOP)/util/mkdir-p.pl \
+ $(INSTALL_PREFIX)$(MANDIR)/man1 \
+ $(INSTALL_PREFIX)$(MANDIR)/man3 \
+ $(INSTALL_PREFIX)$(MANDIR)/man5 \
+ $(INSTALL_PREFIX)$(MANDIR)/man7
+
+install_sw: install_dirs
@set -e; headerlist="$(EXHEADER)"; for i in $$headerlist;\
do \
(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
done;
- @set -e; target=install; $(RECURSIVE_BUILD_CMD)
+ +@set -e; target=install; $(RECURSIVE_BUILD_CMD)
@set -e; liblist="$(LIBS)"; for i in $$liblist ;\
do \
if [ -f "$$i" ]; then \
@@ -636,12 +643,7 @@
done; \
done
-install_docs:
- @$(PERL) $(TOP)/util/mkdir-p.pl \
- $(INSTALL_PREFIX)$(MANDIR)/man1 \
- $(INSTALL_PREFIX)$(MANDIR)/man3 \
- $(INSTALL_PREFIX)$(MANDIR)/man5 \
- $(INSTALL_PREFIX)$(MANDIR)/man7
+install_docs: install_dirs
@pod2man="`cd ./util; ./pod2mantest $(PERL)`"; \
here="`pwd`"; \
filecase=; \
--- a/Makefile.shared 2015-01-20 13:33:36.000000000 +0100
+++ b/Makefile.shared 2015-01-23 16:42:13.461175596 +0100
@@ -105,6 +105,7 @@
SHAREDFLAGS="$${SHAREDFLAGS:-$(CFLAGS) $(SHARED_LDFLAGS)}"; \
LIBPATH=`for x in $$LIBDEPS; do echo $$x; done | sed -e 's/^ *-L//;t' -e d | uniq`; \
LIBPATH=`echo $$LIBPATH | sed -e 's/ /:/g'`; \
+ [ -e $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX ] && exit 0; \
LD_LIBRARY_PATH=$$LIBPATH:$$LD_LIBRARY_PATH \
$${SHAREDCMD} $${SHAREDFLAGS} \
-o $$SHLIB$$SHLIB_SOVER$$SHLIB_SUFFIX \
@@ -122,6 +123,7 @@
done; \
fi; \
if [ -n "$$SHLIB_SOVER" ]; then \
+ [ -e "$$SHLIB$$SHLIB_SUFFIX" ] || \
( $(SET_X); rm -f $$SHLIB$$SHLIB_SUFFIX; \
ln -s $$prev $$SHLIB$$SHLIB_SUFFIX ); \
fi; \
--- a/test/Makefile 2015-01-22 17:12:26.000000000 +0100
+++ b/test/Makefile 2015-01-23 16:42:13.461175596 +0100
@@ -132,7 +132,7 @@
tags:
ctags $(SRC)
-tests: exe apps $(TESTS)
+tests: exe $(TESTS)
apps:
@(cd ..; $(MAKE) DIRS=apps all)
@@ -398,109 +398,109 @@
link_app.$${shlib_target}
$(RSATEST)$(EXE_EXT): $(RSATEST).o $(DLIBCRYPTO)
- @target=$(RSATEST); $(BUILD_CMD)
+ +@target=$(RSATEST); $(BUILD_CMD)
$(BNTEST)$(EXE_EXT): $(BNTEST).o $(DLIBCRYPTO)
- @target=$(BNTEST); $(BUILD_CMD)
+ +@target=$(BNTEST); $(BUILD_CMD)
$(ECTEST)$(EXE_EXT): $(ECTEST).o $(DLIBCRYPTO)
- @target=$(ECTEST); $(BUILD_CMD)
+ +@target=$(ECTEST); $(BUILD_CMD)
$(EXPTEST)$(EXE_EXT): $(EXPTEST).o $(DLIBCRYPTO)
- @target=$(EXPTEST); $(BUILD_CMD)
+ +@target=$(EXPTEST); $(BUILD_CMD)
$(IDEATEST)$(EXE_EXT): $(IDEATEST).o $(DLIBCRYPTO)
- @target=$(IDEATEST); $(BUILD_CMD)
+ +@target=$(IDEATEST); $(BUILD_CMD)
$(MD2TEST)$(EXE_EXT): $(MD2TEST).o $(DLIBCRYPTO)
- @target=$(MD2TEST); $(BUILD_CMD)
+ +@target=$(MD2TEST); $(BUILD_CMD)
$(SHATEST)$(EXE_EXT): $(SHATEST).o $(DLIBCRYPTO)
- @target=$(SHATEST); $(BUILD_CMD)
+ +@target=$(SHATEST); $(BUILD_CMD)
$(SHA1TEST)$(EXE_EXT): $(SHA1TEST).o $(DLIBCRYPTO)
- @target=$(SHA1TEST); $(BUILD_CMD)
+ +@target=$(SHA1TEST); $(BUILD_CMD)
$(SHA256TEST)$(EXE_EXT): $(SHA256TEST).o $(DLIBCRYPTO)
- @target=$(SHA256TEST); $(BUILD_CMD)
+ +@target=$(SHA256TEST); $(BUILD_CMD)
$(SHA512TEST)$(EXE_EXT): $(SHA512TEST).o $(DLIBCRYPTO)
- @target=$(SHA512TEST); $(BUILD_CMD)
+ +@target=$(SHA512TEST); $(BUILD_CMD)
$(RMDTEST)$(EXE_EXT): $(RMDTEST).o $(DLIBCRYPTO)
- @target=$(RMDTEST); $(BUILD_CMD)
+ +@target=$(RMDTEST); $(BUILD_CMD)
$(MDC2TEST)$(EXE_EXT): $(MDC2TEST).o $(DLIBCRYPTO)
- @target=$(MDC2TEST); $(BUILD_CMD)
+ +@target=$(MDC2TEST); $(BUILD_CMD)
$(MD4TEST)$(EXE_EXT): $(MD4TEST).o $(DLIBCRYPTO)
- @target=$(MD4TEST); $(BUILD_CMD)
+ +@target=$(MD4TEST); $(BUILD_CMD)
$(MD5TEST)$(EXE_EXT): $(MD5TEST).o $(DLIBCRYPTO)
- @target=$(MD5TEST); $(BUILD_CMD)
+ +@target=$(MD5TEST); $(BUILD_CMD)
$(HMACTEST)$(EXE_EXT): $(HMACTEST).o $(DLIBCRYPTO)
- @target=$(HMACTEST); $(BUILD_CMD)
+ +@target=$(HMACTEST); $(BUILD_CMD)
$(WPTEST)$(EXE_EXT): $(WPTEST).o $(DLIBCRYPTO)
- @target=$(WPTEST); $(BUILD_CMD)
+ +@target=$(WPTEST); $(BUILD_CMD)
$(RC2TEST)$(EXE_EXT): $(RC2TEST).o $(DLIBCRYPTO)
- @target=$(RC2TEST); $(BUILD_CMD)
+ +@target=$(RC2TEST); $(BUILD_CMD)
$(BFTEST)$(EXE_EXT): $(BFTEST).o $(DLIBCRYPTO)
- @target=$(BFTEST); $(BUILD_CMD)
+ +@target=$(BFTEST); $(BUILD_CMD)
$(CASTTEST)$(EXE_EXT): $(CASTTEST).o $(DLIBCRYPTO)
- @target=$(CASTTEST); $(BUILD_CMD)
+ +@target=$(CASTTEST); $(BUILD_CMD)
$(RC4TEST)$(EXE_EXT): $(RC4TEST).o $(DLIBCRYPTO)
- @target=$(RC4TEST); $(BUILD_CMD)
+ +@target=$(RC4TEST); $(BUILD_CMD)
$(RC5TEST)$(EXE_EXT): $(RC5TEST).o $(DLIBCRYPTO)
- @target=$(RC5TEST); $(BUILD_CMD)
+ +@target=$(RC5TEST); $(BUILD_CMD)
$(DESTEST)$(EXE_EXT): $(DESTEST).o $(DLIBCRYPTO)
- @target=$(DESTEST); $(BUILD_CMD)
+ +@target=$(DESTEST); $(BUILD_CMD)
$(RANDTEST)$(EXE_EXT): $(RANDTEST).o $(DLIBCRYPTO)
- @target=$(RANDTEST); $(BUILD_CMD)
+ +@target=$(RANDTEST); $(BUILD_CMD)
$(DHTEST)$(EXE_EXT): $(DHTEST).o $(DLIBCRYPTO)
- @target=$(DHTEST); $(BUILD_CMD)
+ +@target=$(DHTEST); $(BUILD_CMD)
$(DSATEST)$(EXE_EXT): $(DSATEST).o $(DLIBCRYPTO)
- @target=$(DSATEST); $(BUILD_CMD)
+ +@target=$(DSATEST); $(BUILD_CMD)
$(METHTEST)$(EXE_EXT): $(METHTEST).o $(DLIBCRYPTO)
- @target=$(METHTEST); $(BUILD_CMD)
+ +@target=$(METHTEST); $(BUILD_CMD)
$(SSLTEST)$(EXE_EXT): $(SSLTEST).o $(DLIBSSL) $(DLIBCRYPTO)
- @target=$(SSLTEST); $(FIPS_BUILD_CMD)
+ +@target=$(SSLTEST); $(FIPS_BUILD_CMD)
$(ENGINETEST)$(EXE_EXT): $(ENGINETEST).o $(DLIBCRYPTO)
- @target=$(ENGINETEST); $(BUILD_CMD)
+ +@target=$(ENGINETEST); $(BUILD_CMD)
$(EVPTEST)$(EXE_EXT): $(EVPTEST).o $(DLIBCRYPTO)
- @target=$(EVPTEST); $(BUILD_CMD)
+ +@target=$(EVPTEST); $(BUILD_CMD)
$(ECDSATEST)$(EXE_EXT): $(ECDSATEST).o $(DLIBCRYPTO)
- @target=$(ECDSATEST); $(BUILD_CMD)
+ +@target=$(ECDSATEST); $(BUILD_CMD)
$(ECDHTEST)$(EXE_EXT): $(ECDHTEST).o $(DLIBCRYPTO)
- @target=$(ECDHTEST); $(BUILD_CMD)
+ +@target=$(ECDHTEST); $(BUILD_CMD)
$(IGETEST)$(EXE_EXT): $(IGETEST).o $(DLIBCRYPTO)
- @target=$(IGETEST); $(BUILD_CMD)
+ +@target=$(IGETEST); $(BUILD_CMD)
$(JPAKETEST)$(EXE_EXT): $(JPAKETEST).o $(DLIBCRYPTO)
- @target=$(JPAKETEST); $(BUILD_CMD)
+ +@target=$(JPAKETEST); $(BUILD_CMD)
$(ASN1TEST)$(EXE_EXT): $(ASN1TEST).o $(DLIBCRYPTO)
- @target=$(ASN1TEST); $(BUILD_CMD)
+ +@target=$(ASN1TEST); $(BUILD_CMD)
$(SRPTEST)$(EXE_EXT): $(SRPTEST).o $(DLIBCRYPTO)
- @target=$(SRPTEST); $(BUILD_CMD)
+ +@target=$(SRPTEST); $(BUILD_CMD)
$(V3NAMETEST)$(EXE_EXT): $(V3NAMETEST).o $(DLIBCRYPTO)
@target=$(V3NAMETEST); $(BUILD_CMD)
@@ -522,7 +522,7 @@
# fi
dummytest$(EXE_EXT): dummytest.o $(DLIBCRYPTO)
- @target=dummytest; $(BUILD_CMD)
+ +@target=dummytest; $(BUILD_CMD)
# DO NOT DELETE THIS LINE -- make depend depends on it.

34
src/patches/openssl-1.0.2a_auto_enable_padlock.patch
View File

@@ -1,34 +0,0 @@
diff -Naur openssl-1.0.2a.org/crypto/engine/eng_all.c openssl-1.0.2a/crypto/engine/eng_all.c
--- openssl-1.0.2a.org/crypto/engine/eng_all.c 2015-03-19 14:30:36.000000000 +0100
+++ openssl-1.0.2a/crypto/engine/eng_all.c 2015-04-27 12:27:05.063569969 +0200
@@ -120,6 +120,14 @@
ENGINE_load_capi();
# endif
#endif
+#ifdef OPENSSL_NO_STATIC_ENGINE
+ ENGINE *e;
+ e = ENGINE_by_id("padlock");
+ if (e != NULL) {
+ ENGINE_add(e);
+ ENGINE_free(e);
+ }
+#endif
ENGINE_register_all_complete();
}
diff -Naur openssl-1.0.2a.org/ssl/ssl_algs.c openssl-1.0.2a/ssl/ssl_algs.c
--- openssl-1.0.2a.org/ssl/ssl_algs.c 2015-03-19 14:30:36.000000000 +0100
+++ openssl-1.0.2a/ssl/ssl_algs.c 2015-04-27 11:04:27.893399695 +0200
@@ -151,5 +151,12 @@
#endif
/* initialize cipher/digest methods table */
ssl_load_ciphers();
+
+ /* Init available hardware crypto engines */
+ ENGINE_load_builtin_engines();
+ ENGINE_register_all_complete();
+ ENGINE * padlock = ENGINE_by_id("padlock");
+ if (padlock) ENGINE_set_default_ciphers(padlock);
+
return (1);
}

86
src/patches/openssl-1.1.0-disable-ssl3.patch Normal file
View File

@@ -0,0 +1,86 @@
diff -up openssl-1.1.0f/apps/s_client.c.disable-ssl3 openssl-1.1.0f/apps/s_client.c
--- openssl-1.1.0f/apps/s_client.c.disable-ssl3 2017-06-05 15:42:44.838853312 +0200
+++ openssl-1.1.0f/apps/s_client.c 2017-07-17 14:50:06.468821871 +0200
@@ -1486,6 +1486,9 @@ int s_client_main(int argc, char **argv)
if (sdebug)
ssl_ctx_security_debug(ctx, sdebug);
+ if (min_version == SSL3_VERSION && max_version == SSL3_VERSION)
+ SSL_CTX_clear_options(ctx, SSL_OP_NO_SSLv3);
+
if (ssl_config) {
if (SSL_CTX_config(ctx, ssl_config) == 0) {
BIO_printf(bio_err, "Error using configuration \"%s\"\n",
diff -up openssl-1.1.0f/apps/s_server.c.disable-ssl3 openssl-1.1.0f/apps/s_server.c
--- openssl-1.1.0f/apps/s_server.c.disable-ssl3 2017-05-25 14:46:18.000000000 +0200
+++ openssl-1.1.0f/apps/s_server.c 2017-07-17 14:49:50.434447583 +0200
@@ -1614,6 +1614,10 @@ int s_server_main(int argc, char *argv[]
}
if (sdebug)
ssl_ctx_security_debug(ctx, sdebug);
+
+ if (min_version == SSL3_VERSION && max_version == SSL3_VERSION)
+ SSL_CTX_clear_options(ctx, SSL_OP_NO_SSLv3);
+
if (ssl_config) {
if (SSL_CTX_config(ctx, ssl_config) == 0) {
BIO_printf(bio_err, "Error using configuration \"%s\"\n",
diff -up openssl-1.1.0/ssl/ssl_lib.c.disable-ssl3 openssl-1.1.0/ssl/ssl_lib.c
--- openssl-1.1.0/ssl/ssl_lib.c.disable-ssl3 2016-08-25 17:29:22.000000000 +0200
+++ openssl-1.1.0/ssl/ssl_lib.c 2016-09-08 11:08:05.252082263 +0200
@@ -2470,6 +2470,13 @@ SSL_CTX *SSL_CTX_new(const SSL_METHOD *m
* or by using the SSL_CONF library.
*/
ret->options |= SSL_OP_NO_COMPRESSION;
+ /*
+ * Disable SSLv3 by default. Applications can
+ * re-enable it by configuring
+ * SSL_CTX_clear_options(ctx, SSL_OP_NO_SSLv3);
+ * or by using the SSL_CONF library.
+ */
+ ret->options |= SSL_OP_NO_SSLv3;
ret->tlsext_status_type = -1;
diff -up openssl-1.1.0/test/ssl_test.c.disable-ssl3 openssl-1.1.0/test/ssl_test.c
--- openssl-1.1.0/test/ssl_test.c.disable-ssl3 2016-09-08 11:08:05.252082263 +0200
+++ openssl-1.1.0/test/ssl_test.c 2016-09-08 11:11:44.802005886 +0200
@@ -258,6 +258,7 @@ static int execute_test(SSL_TEST_FIXTURE
SSL_TEST_SERVERNAME_CB_NONE) {
server2_ctx = SSL_CTX_new(TLS_server_method());
TEST_check(server2_ctx != NULL);
+ SSL_CTX_clear_options(server2_ctx, SSL_OP_NO_SSLv3);
}
client_ctx = SSL_CTX_new(TLS_client_method());
@@ -266,11 +267,15 @@ static int execute_test(SSL_TEST_FIXTURE
resume_client_ctx = SSL_CTX_new(TLS_client_method());
TEST_check(resume_server_ctx != NULL);
TEST_check(resume_client_ctx != NULL);
+ SSL_CTX_clear_options(resume_server_ctx, SSL_OP_NO_SSLv3);
+ SSL_CTX_clear_options(resume_client_ctx, SSL_OP_NO_SSLv3);
}
}
TEST_check(server_ctx != NULL);
TEST_check(client_ctx != NULL);
+ SSL_CTX_clear_options(server_ctx, SSL_OP_NO_SSLv3);
+ SSL_CTX_clear_options(client_ctx, SSL_OP_NO_SSLv3);
TEST_check(CONF_modules_load(conf, fixture.test_app, 0) > 0);
diff -up openssl-1.1.0/test/ssltest_old.c.disable-ssl3 openssl-1.1.0/test/ssltest_old.c
--- openssl-1.1.0/test/ssltest_old.c.disable-ssl3 2016-08-25 17:29:23.000000000 +0200
+++ openssl-1.1.0/test/ssltest_old.c 2016-09-08 11:08:05.253082286 +0200
@@ -1456,6 +1456,11 @@ int main(int argc, char *argv[])
ERR_print_errors(bio_err);
goto end;
}
+
+ SSL_CTX_clear_options(c_ctx, SSL_OP_NO_SSLv3);
+ SSL_CTX_clear_options(s_ctx, SSL_OP_NO_SSLv3);
+ SSL_CTX_clear_options(s_ctx2, SSL_OP_NO_SSLv3);
+
/*
* Since we will use low security ciphersuites and keys for testing set
* security level to zero by default. Tests can override this by adding

261
src/patches/transmission-2.92-openssl-1.1.0.patch Normal file
View File

@@ -0,0 +1,261 @@
From f91cf5ad8c677b61ceb0bf5877b87f9e93256dd7 Mon Sep 17 00:00:00 2001
From: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Date: Mon, 5 Sep 2016 21:49:07 +0000
Subject: [PATCH] transmission: build against openssl 1.1.0
Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
---
libtransmission/crypto-utils-openssl.c | 73 ++++++++++++++++++++++++++++++++--
1 file changed, 69 insertions(+), 4 deletions(-)
diff --git a/libtransmission/crypto-utils-openssl.c b/libtransmission/crypto-utils-openssl.c
index c4539dc..972e24a 100644
--- a/libtransmission/crypto-utils-openssl.c
+++ b/libtransmission/crypto-utils-openssl.c
@@ -229,6 +229,61 @@ tr_rc4_process (tr_rc4_ctx_t handle,
****
***/
+#if OPENSSL_VERSION_NUMBER < 0x10100000
+static inline int
+DH_set0_pqg (DH * dh,
+ BIGNUM * p,
+ BIGNUM * q,
+ BIGNUM * g)
+{
+ /* If the fields p and g in d are NULL, the corresponding input
+ * parameters MUST be non-NULL. q may remain NULL.
+ */
+ if ((dh->p == NULL && p == NULL)
+ || (dh->g == NULL && g == NULL))
+ return 0;
+
+ if (p != NULL) {
+ BN_free (dh->p);
+ dh->p = p;
+ }
+ if (q != NULL) {
+ BN_free (dh->q);
+ dh->q = q;
+ }
+ if (g != NULL) {
+ BN_free (dh->g);
+ dh->g = g;
+ }
+
+ if (q != NULL) {
+ dh->length = BN_num_bits (q);
+ }
+
+ return 1;
+}
+
+static inline int
+DH_set_length (DH * dh,
+ long length)
+{
+ dh->length = length;
+ return 1;
+}
+
+static inline void
+DH_get0_key(const DH * dh,
+ const BIGNUM ** pub_key,
+ const BIGNUM ** priv_key)
+{
+ if (pub_key != NULL)
+ *pub_key = dh->pub_key;
+ if (priv_key != NULL)
+ *priv_key = dh->priv_key;
+}
+
+#endif
+
tr_dh_ctx_t
tr_dh_new (const uint8_t * prime_num,
size_t prime_num_length,
@@ -236,13 +291,19 @@ tr_dh_new (const uint8_t * prime_num,
size_t generator_num_length)
{
DH * handle = DH_new ();
+ BIGNUM * p, * g;
assert (prime_num != NULL);
assert (generator_num != NULL);
+ p = BN_bin2bn (prime_num, prime_num_length, NULL);
+ g = BN_bin2bn (generator_num, generator_num_length, NULL);
- if (!check_pointer (handle->p = BN_bin2bn (prime_num, prime_num_length, NULL)) ||
- !check_pointer (handle->g = BN_bin2bn (generator_num, generator_num_length, NULL)))
+ if (!check_pointer (p) ||
+ !check_pointer (g) ||
+ !DH_set0_pqg (handle, p, NULL, g))
{
+ BN_free (p);
+ BN_free (g);
DH_free (handle);
handle = NULL;
}
@@ -267,16 +328,20 @@ tr_dh_make_key (tr_dh_ctx_t raw_handle,
{
DH * handle = raw_handle;
int dh_size, my_public_key_length;
+ const BIGNUM * hand_pub_key;
assert (handle != NULL);
assert (public_key != NULL);
- handle->length = private_key_length * 8;
+
+ DH_set_length(handle, private_key_length * 8);
if (!check_result (DH_generate_key (handle)))
return false;
- my_public_key_length = BN_bn2bin (handle->pub_key, public_key);
+ DH_get0_key (handle, &hand_pub_key, NULL);
+
+ my_public_key_length = BN_bn2bin (hand_pub_key, public_key);
dh_size = DH_size (handle);
tr_dh_align_key (public_key, my_public_key_length, dh_size);
From 8c8386a7f3f482a9c917f51d28e0042e55f56b3e Mon Sep 17 00:00:00 2001
From: Mike Gelfand <mikedld@mikedld.com>
Date: Wed, 7 Sep 2016 01:09:04 +0300
Subject: [PATCH] Fix coding style and building with !TR_LIGHTWEIGHT
---
libtransmission/crypto-utils-openssl.c | 60 +++++++++++++++++++---------------
1 file changed, 33 insertions(+), 27 deletions(-)
diff --git a/libtransmission/crypto-utils-openssl.c b/libtransmission/crypto-utils-openssl.c
index 972e24a..9fd2c58 100644
--- a/libtransmission/crypto-utils-openssl.c
+++ b/libtransmission/crypto-utils-openssl.c
@@ -14,6 +14,7 @@
#include <assert.h>
#include <openssl/bn.h>
+#include <openssl/crypto.h>
#include <openssl/dh.h>
#include <openssl/err.h>
#include <openssl/evp.h>
@@ -48,7 +49,12 @@ log_openssl_error (const char * file,
static bool strings_loaded = false;
if (!strings_loaded)
{
+#if OPENSSL_VERSION_NUMBER < 0x10100000
ERR_load_crypto_strings ();
+#else
+ OPENSSL_init_crypto (OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL);
+#endif
+
strings_loaded = true;
}
#endif
@@ -230,6 +236,7 @@ tr_rc4_process (tr_rc4_ctx_t handle,
***/
#if OPENSSL_VERSION_NUMBER < 0x10100000
+
static inline int
DH_set0_pqg (DH * dh,
BIGNUM * p,
@@ -237,28 +244,29 @@ DH_set0_pqg (DH * dh,
BIGNUM * g)
{
/* If the fields p and g in d are NULL, the corresponding input
- * parameters MUST be non-NULL. q may remain NULL.
+ * parameters MUST be non-NULL. q may remain NULL.
*/
- if ((dh->p == NULL && p == NULL)
- || (dh->g == NULL && g == NULL))
+ if ((dh->p == NULL && p == NULL) || (dh->g == NULL && g == NULL))
return 0;
- if (p != NULL) {
- BN_free (dh->p);
- dh->p = p;
- }
- if (q != NULL) {
- BN_free (dh->q);
- dh->q = q;
- }
- if (g != NULL) {
- BN_free (dh->g);
- dh->g = g;
- }
-
- if (q != NULL) {
+ if (p != NULL)
+ {
+ BN_free (dh->p);
+ dh->p = p;
+ }
+ if (q != NULL)
+ {
+ BN_free (dh->q);
+ dh->q = q;
+ }
+ if (g != NULL)
+ {
+ BN_free (dh->g);
+ dh->g = g;
+ }
+
+ if (q != NULL)
dh->length = BN_num_bits (q);
- }
return 1;
}
@@ -267,8 +275,8 @@ static inline int
DH_set_length (DH * dh,
long length)
{
- dh->length = length;
- return 1;
+ dh->length = length;
+ return 1;
}
static inline void
@@ -295,12 +303,11 @@ tr_dh_new (const uint8_t * prime_num,
assert (prime_num != NULL);
assert (generator_num != NULL);
+
p = BN_bin2bn (prime_num, prime_num_length, NULL);
g = BN_bin2bn (generator_num, generator_num_length, NULL);
- if (!check_pointer (p) ||
- !check_pointer (g) ||
- !DH_set0_pqg (handle, p, NULL, g))
+ if (!check_pointer (p) || !check_pointer (g) || !DH_set0_pqg (handle, p, NULL, g))
{
BN_free (p);
BN_free (g);
@@ -328,20 +335,19 @@ tr_dh_make_key (tr_dh_ctx_t raw_handle,
{
DH * handle = raw_handle;
int dh_size, my_public_key_length;
- const BIGNUM * hand_pub_key;
+ const BIGNUM * my_public_key;
assert (handle != NULL);
assert (public_key != NULL);
-
DH_set_length(handle, private_key_length * 8);
if (!check_result (DH_generate_key (handle)))
return false;
- DH_get0_key (handle, &hand_pub_key, NULL);
+ DH_get0_key (handle, &my_public_key, NULL);
- my_public_key_length = BN_bn2bin (hand_pub_key, public_key);
+ my_public_key_length = BN_bn2bin (my_public_key, public_key);
dh_size = DH_size (handle);
tr_dh_align_key (public_key, my_public_key_length, dh_size);