You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

153 lines
5.6 KiB

  1. From afeb62f01ad6e610cd19dcde0ceffc018b3247ec Mon Sep 17 00:00:00 2001
  2. From: Eneas U de Queiroz <cote2004-github@yahoo.com>
  3. Date: Wed, 6 Jun 2018 18:05:33 -0300
  4. Subject: [PATCH] Remove API deprecated in openssl 1.1
  5. With openssl 1.1, we do not call OpenSSL_add_all_algorithms(), as
  6. library initialization is done automatically.
  7. Functions RAND_pseudo_bytes and RSA_generate_key were deprecated as
  8. well.
  9. Also, we need to #include <openssl/bn.h> for BN_num_bytes().
  10. Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
  11. ---
  12. lib/rsa.c | 19 ++++++++++++++-----
  13. net/common/processors/keepalive-proc.c | 4 ++--
  14. net/common/processors/keepalive2-proc.c | 2 +-
  15. net/common/processors/sendsessionkey-proc.c | 2 +-
  16. net/common/processors/sendsessionkey-v2-proc.c | 2 +-
  17. net/server/user-mgr.c | 4 ++++
  18. tools/ccnet-init.c | 2 ++
  19. 7 files changed, 25 insertions(+), 10 deletions(-)
  20. diff --git a/lib/rsa.c b/lib/rsa.c
  21. index 7cca150..23abb82 100644
  22. --- a/lib/rsa.c
  23. +++ b/lib/rsa.c
  24. @@ -4,6 +4,7 @@
  25. #include <openssl/rand.h>
  26. #include <openssl/rsa.h>
  27. #include <openssl/err.h>
  28. +#include <openssl/bn.h>
  29. #include <string.h>
  30. #include <glib.h>
  31. @@ -207,9 +208,17 @@ RSA *
  32. generate_private_key(u_int bits)
  33. {
  34. RSA *private = NULL;
  35. -
  36. - private = RSA_generate_key(bits, 35, NULL, NULL);
  37. - if (private == NULL)
  38. - g_error ("rsa_generate_private_key: key generation failed.");
  39. - return private;
  40. + BIGNUM *e = NULL;
  41. +
  42. + private = RSA_new();
  43. + e = BN_new();
  44. + if (private == NULL || e == NULL || !BN_set_word(e, 35) ||
  45. + !RSA_generate_key_ex(private, bits, e, NULL)) {
  46. + RSA_free(private);
  47. + BN_free(e);
  48. + g_error ("rsa_generate_private_key: key generation failed.");
  49. + return NULL;
  50. + }
  51. + BN_free(e);
  52. + return private;
  53. }
  54. diff --git a/net/common/processors/keepalive-proc.c b/net/common/processors/keepalive-proc.c
  55. index 609d102..42a0c23 100644
  56. --- a/net/common/processors/keepalive-proc.c
  57. +++ b/net/common/processors/keepalive-proc.c
  58. @@ -401,7 +401,7 @@ static void send_challenge(CcnetProcessor *processor)
  59. unsigned char *buf;
  60. int len;
  61. - RAND_pseudo_bytes (priv->random_buf, 40);
  62. + RAND_bytes (priv->random_buf, 40);
  63. buf = public_key_encrypt (peer->pubkey, priv->random_buf, 40, &len);
  64. ccnet_processor_send_update (processor, "311", NULL, (char *)buf, len);
  65. @@ -434,7 +434,7 @@ static void send_challenge_user(CcnetProcessor *processor, CcnetUser *user)
  66. ccnet_debug ("[Keepalive] Send user challenge to %.8s\n",
  67. processor->peer->id);
  68. - RAND_pseudo_bytes (priv->random_buf, 40);
  69. + RAND_bytes (priv->random_buf, 40);
  70. buf = public_key_encrypt (user->pubkey, priv->random_buf, 40, &len);
  71. ccnet_processor_send_update (processor, "321", NULL, (char *)buf, len);
  72. diff --git a/net/common/processors/keepalive2-proc.c b/net/common/processors/keepalive2-proc.c
  73. index d3e799e..d81c266 100644
  74. --- a/net/common/processors/keepalive2-proc.c
  75. +++ b/net/common/processors/keepalive2-proc.c
  76. @@ -306,7 +306,7 @@ static void send_challenge(CcnetProcessor *processor)
  77. unsigned char *buf;
  78. int len;
  79. - RAND_pseudo_bytes (priv->random_buf, 40);
  80. + RAND_bytes (priv->random_buf, 40);
  81. buf = public_key_encrypt (peer->pubkey, priv->random_buf, 40, &len);
  82. if (len < 0) {
  83. ccnet_debug ("[Keepalive] Failed to encrypt challenge "
  84. diff --git a/net/common/processors/sendsessionkey-proc.c b/net/common/processors/sendsessionkey-proc.c
  85. index 3ec2757..10c3340 100644
  86. --- a/net/common/processors/sendsessionkey-proc.c
  87. +++ b/net/common/processors/sendsessionkey-proc.c
  88. @@ -124,7 +124,7 @@ generate_session_key (CcnetProcessor *processor, int *len_p)
  89. unsigned char random_buf[40];
  90. SHA_CTX s;
  91. - RAND_pseudo_bytes (random_buf, sizeof(random_buf));
  92. + RAND_bytes (random_buf, sizeof(random_buf));
  93. SHA1_Init (&s);
  94. SHA1_Update (&s, random_buf, sizeof(random_buf));
  95. diff --git a/net/common/processors/sendsessionkey-v2-proc.c b/net/common/processors/sendsessionkey-v2-proc.c
  96. index c1c6924..4805ba6 100644
  97. --- a/net/common/processors/sendsessionkey-v2-proc.c
  98. +++ b/net/common/processors/sendsessionkey-v2-proc.c
  99. @@ -125,7 +125,7 @@ generate_session_key (CcnetProcessor *processor, int *len_p)
  100. unsigned char random_buf[40];
  101. SHA_CTX s;
  102. - RAND_pseudo_bytes (random_buf, sizeof(random_buf));
  103. + RAND_bytes (random_buf, sizeof(random_buf));
  104. SHA1_Init (&s);
  105. SHA1_Update (&s, random_buf, sizeof(random_buf));
  106. diff --git a/net/server/user-mgr.c b/net/server/user-mgr.c
  107. index 0973959..3f0c3b3 100644
  108. --- a/net/server/user-mgr.c
  109. +++ b/net/server/user-mgr.c
  110. @@ -811,9 +811,13 @@ hash_password_pbkdf2_sha256 (const char *passwd,
  111. char salt_str[SHA256_DIGEST_LENGTH*2+1];
  112. if (!RAND_bytes (salt, sizeof(salt))) {
  113. +#if OPENSSL_VERSION_NUMBER < 0x10100000L || OPENSSL_API_COMPAT < 0x10100000L
  114. ccnet_warning ("Failed to generate salt "
  115. "with RAND_bytes(), use RAND_pseudo_bytes().\n");
  116. RAND_pseudo_bytes (salt, sizeof(salt));
  117. +#else
  118. + ccnet_warning ("Failed to generate salt with RAND_bytes().\n");
  119. +#endif
  120. }
  121. PKCS5_PBKDF2_HMAC (passwd, strlen(passwd),
  122. diff --git a/tools/ccnet-init.c b/tools/ccnet-init.c
  123. index 4748962..28c9995 100644
  124. --- a/tools/ccnet-init.c
  125. +++ b/tools/ccnet-init.c
  126. @@ -162,7 +162,9 @@ main(int argc, char **argv)
  127. config_dir = ccnet_expand_path (config_dir);
  128. /* printf("[conf_dir=%s\n]", config_dir); */
  129. +#if OPENSSL_VERSION_NUMBER < 0x10100000L
  130. OpenSSL_add_all_algorithms();
  131. +#endif
  132. if (RAND_status() != 1) { /* it should be seeded automatically */
  133. fprintf(stderr, "PRNG is not seeded\n");
  134. --
  135. 2.16.4