|
|
- From afeb62f01ad6e610cd19dcde0ceffc018b3247ec Mon Sep 17 00:00:00 2001
- From: Eneas U de Queiroz <cote2004-github@yahoo.com>
- Date: Wed, 6 Jun 2018 18:05:33 -0300
- Subject: [PATCH] Remove API deprecated in openssl 1.1
-
- With openssl 1.1, we do not call OpenSSL_add_all_algorithms(), as
- library initialization is done automatically.
- Functions RAND_pseudo_bytes and RSA_generate_key were deprecated as
- well.
- Also, we need to #include <openssl/bn.h> for BN_num_bytes().
-
- Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
- ---
- lib/rsa.c | 19 ++++++++++++++-----
- net/common/processors/keepalive-proc.c | 4 ++--
- net/common/processors/keepalive2-proc.c | 2 +-
- net/common/processors/sendsessionkey-proc.c | 2 +-
- net/common/processors/sendsessionkey-v2-proc.c | 2 +-
- net/server/user-mgr.c | 4 ++++
- tools/ccnet-init.c | 2 ++
- 7 files changed, 25 insertions(+), 10 deletions(-)
-
- diff --git a/lib/rsa.c b/lib/rsa.c
- index 7cca150..23abb82 100644
- --- a/lib/rsa.c
- +++ b/lib/rsa.c
- @@ -4,6 +4,7 @@
- #include <openssl/rand.h>
- #include <openssl/rsa.h>
- #include <openssl/err.h>
- +#include <openssl/bn.h>
-
- #include <string.h>
- #include <glib.h>
- @@ -207,9 +208,17 @@ RSA *
- generate_private_key(u_int bits)
- {
- RSA *private = NULL;
- -
- - private = RSA_generate_key(bits, 35, NULL, NULL);
- - if (private == NULL)
- - g_error ("rsa_generate_private_key: key generation failed.");
- - return private;
- + BIGNUM *e = NULL;
- +
- + private = RSA_new();
- + e = BN_new();
- + if (private == NULL || e == NULL || !BN_set_word(e, 35) ||
- + !RSA_generate_key_ex(private, bits, e, NULL)) {
- + RSA_free(private);
- + BN_free(e);
- + g_error ("rsa_generate_private_key: key generation failed.");
- + return NULL;
- + }
- + BN_free(e);
- + return private;
- }
- diff --git a/net/common/processors/keepalive-proc.c b/net/common/processors/keepalive-proc.c
- index 609d102..42a0c23 100644
- --- a/net/common/processors/keepalive-proc.c
- +++ b/net/common/processors/keepalive-proc.c
- @@ -401,7 +401,7 @@ static void send_challenge(CcnetProcessor *processor)
- unsigned char *buf;
- int len;
-
- - RAND_pseudo_bytes (priv->random_buf, 40);
- + RAND_bytes (priv->random_buf, 40);
- buf = public_key_encrypt (peer->pubkey, priv->random_buf, 40, &len);
- ccnet_processor_send_update (processor, "311", NULL, (char *)buf, len);
-
- @@ -434,7 +434,7 @@ static void send_challenge_user(CcnetProcessor *processor, CcnetUser *user)
-
- ccnet_debug ("[Keepalive] Send user challenge to %.8s\n",
- processor->peer->id);
- - RAND_pseudo_bytes (priv->random_buf, 40);
- + RAND_bytes (priv->random_buf, 40);
- buf = public_key_encrypt (user->pubkey, priv->random_buf, 40, &len);
- ccnet_processor_send_update (processor, "321", NULL, (char *)buf, len);
-
- diff --git a/net/common/processors/keepalive2-proc.c b/net/common/processors/keepalive2-proc.c
- index d3e799e..d81c266 100644
- --- a/net/common/processors/keepalive2-proc.c
- +++ b/net/common/processors/keepalive2-proc.c
- @@ -306,7 +306,7 @@ static void send_challenge(CcnetProcessor *processor)
- unsigned char *buf;
- int len;
-
- - RAND_pseudo_bytes (priv->random_buf, 40);
- + RAND_bytes (priv->random_buf, 40);
- buf = public_key_encrypt (peer->pubkey, priv->random_buf, 40, &len);
- if (len < 0) {
- ccnet_debug ("[Keepalive] Failed to encrypt challenge "
- diff --git a/net/common/processors/sendsessionkey-proc.c b/net/common/processors/sendsessionkey-proc.c
- index 3ec2757..10c3340 100644
- --- a/net/common/processors/sendsessionkey-proc.c
- +++ b/net/common/processors/sendsessionkey-proc.c
- @@ -124,7 +124,7 @@ generate_session_key (CcnetProcessor *processor, int *len_p)
- unsigned char random_buf[40];
- SHA_CTX s;
-
- - RAND_pseudo_bytes (random_buf, sizeof(random_buf));
- + RAND_bytes (random_buf, sizeof(random_buf));
-
- SHA1_Init (&s);
- SHA1_Update (&s, random_buf, sizeof(random_buf));
- diff --git a/net/common/processors/sendsessionkey-v2-proc.c b/net/common/processors/sendsessionkey-v2-proc.c
- index c1c6924..4805ba6 100644
- --- a/net/common/processors/sendsessionkey-v2-proc.c
- +++ b/net/common/processors/sendsessionkey-v2-proc.c
- @@ -125,7 +125,7 @@ generate_session_key (CcnetProcessor *processor, int *len_p)
- unsigned char random_buf[40];
- SHA_CTX s;
-
- - RAND_pseudo_bytes (random_buf, sizeof(random_buf));
- + RAND_bytes (random_buf, sizeof(random_buf));
-
- SHA1_Init (&s);
- SHA1_Update (&s, random_buf, sizeof(random_buf));
- diff --git a/net/server/user-mgr.c b/net/server/user-mgr.c
- index 0973959..3f0c3b3 100644
- --- a/net/server/user-mgr.c
- +++ b/net/server/user-mgr.c
- @@ -811,9 +811,13 @@ hash_password_pbkdf2_sha256 (const char *passwd,
- char salt_str[SHA256_DIGEST_LENGTH*2+1];
-
- if (!RAND_bytes (salt, sizeof(salt))) {
- +#if OPENSSL_VERSION_NUMBER < 0x10100000L || OPENSSL_API_COMPAT < 0x10100000L
- ccnet_warning ("Failed to generate salt "
- "with RAND_bytes(), use RAND_pseudo_bytes().\n");
- RAND_pseudo_bytes (salt, sizeof(salt));
- +#else
- + ccnet_warning ("Failed to generate salt with RAND_bytes().\n");
- +#endif
- }
-
- PKCS5_PBKDF2_HMAC (passwd, strlen(passwd),
- diff --git a/tools/ccnet-init.c b/tools/ccnet-init.c
- index 4748962..28c9995 100644
- --- a/tools/ccnet-init.c
- +++ b/tools/ccnet-init.c
- @@ -162,7 +162,9 @@ main(int argc, char **argv)
-
- config_dir = ccnet_expand_path (config_dir);
- /* printf("[conf_dir=%s\n]", config_dir); */
- +#if OPENSSL_VERSION_NUMBER < 0x10100000L
- OpenSSL_add_all_algorithms();
- +#endif
-
- if (RAND_status() != 1) { /* it should be seeded automatically */
- fprintf(stderr, "PRNG is not seeded\n");
- --
- 2.16.4
-
|