You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

133 lines
4.7 KiB

  1. From 6c825349e1994a991f287e398cf0ead5f790a01b Mon Sep 17 00:00:00 2001
  2. From: Eneas U de Queiroz <cote2004-github@yahoo.com>
  3. Date: Wed, 6 Jun 2018 18:05:33 -0300
  4. Subject: [PATCH] Remove API deprecated in openssl 1.1
  5. With openssl 1.1, we do not call OpenSSL_add_all_algorithms(), as
  6. library initialization is done automatically.
  7. Functions RAND_pseudo_bytes and RSA_generate_key were deprecated as
  8. well.
  9. Also, we need to #include <openssl/bn.h> for BN_num_bytes().
  10. Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
  11. ---
  12. lib/rsa.c | 15 ++++++++++++---
  13. net/common/processors/keepalive-proc.c | 4 ++--
  14. net/common/processors/keepalive2-proc.c | 2 +-
  15. net/common/processors/sendsessionkey-proc.c | 2 +-
  16. net/common/processors/sendsessionkey-v2-proc.c | 2 +-
  17. net/server/user-mgr.c | 4 ++++
  18. tools/ccnet-init.c | 2 ++
  19. 7 files changed, 23 insertions(+), 8 deletions(-)
  20. --- a/lib/rsa.c
  21. +++ b/lib/rsa.c
  22. @@ -4,6 +4,7 @@
  23. #include <openssl/rand.h>
  24. #include <openssl/rsa.h>
  25. #include <openssl/err.h>
  26. +#include <openssl/bn.h>
  27. #include <string.h>
  28. #include <glib.h>
  29. @@ -207,9 +208,17 @@ RSA *
  30. generate_private_key(u_int bits)
  31. {
  32. RSA *private = NULL;
  33. + BIGNUM *e = NULL;
  34. - private = RSA_generate_key(bits, 35, NULL, NULL);
  35. - if (private == NULL)
  36. + private = RSA_new();
  37. + e = BN_new();
  38. + if (private == NULL || e == NULL || !BN_set_word(e, 35) ||
  39. + !RSA_generate_key_ex(private, bits, e, NULL)) {
  40. + RSA_free(private);
  41. + BN_free(e);
  42. g_error ("rsa_generate_private_key: key generation failed.");
  43. + return NULL;
  44. + }
  45. + BN_free(e);
  46. return private;
  47. }
  48. --- a/net/common/processors/keepalive-proc.c
  49. +++ b/net/common/processors/keepalive-proc.c
  50. @@ -401,7 +401,7 @@ static void send_challenge(CcnetProcesso
  51. unsigned char *buf;
  52. int len;
  53. - RAND_pseudo_bytes (priv->random_buf, 40);
  54. + RAND_bytes (priv->random_buf, 40);
  55. buf = public_key_encrypt (peer->pubkey, priv->random_buf, 40, &len);
  56. ccnet_processor_send_update (processor, "311", NULL, (char *)buf, len);
  57. @@ -434,7 +434,7 @@ static void send_challenge_user(CcnetPro
  58. ccnet_debug ("[Keepalive] Send user challenge to %.8s\n",
  59. processor->peer->id);
  60. - RAND_pseudo_bytes (priv->random_buf, 40);
  61. + RAND_bytes (priv->random_buf, 40);
  62. buf = public_key_encrypt (user->pubkey, priv->random_buf, 40, &len);
  63. ccnet_processor_send_update (processor, "321", NULL, (char *)buf, len);
  64. --- a/net/common/processors/keepalive2-proc.c
  65. +++ b/net/common/processors/keepalive2-proc.c
  66. @@ -306,7 +306,7 @@ static void send_challenge(CcnetProcesso
  67. unsigned char *buf;
  68. int len;
  69. - RAND_pseudo_bytes (priv->random_buf, 40);
  70. + RAND_bytes (priv->random_buf, 40);
  71. buf = public_key_encrypt (peer->pubkey, priv->random_buf, 40, &len);
  72. if (len < 0) {
  73. ccnet_debug ("[Keepalive] Failed to encrypt challenge "
  74. --- a/net/common/processors/sendsessionkey-proc.c
  75. +++ b/net/common/processors/sendsessionkey-proc.c
  76. @@ -124,7 +124,7 @@ generate_session_key (CcnetProcessor *pr
  77. unsigned char random_buf[40];
  78. SHA_CTX s;
  79. - RAND_pseudo_bytes (random_buf, sizeof(random_buf));
  80. + RAND_bytes (random_buf, sizeof(random_buf));
  81. SHA1_Init (&s);
  82. SHA1_Update (&s, random_buf, sizeof(random_buf));
  83. --- a/net/common/processors/sendsessionkey-v2-proc.c
  84. +++ b/net/common/processors/sendsessionkey-v2-proc.c
  85. @@ -125,7 +125,7 @@ generate_session_key (CcnetProcessor *pr
  86. unsigned char random_buf[40];
  87. SHA_CTX s;
  88. - RAND_pseudo_bytes (random_buf, sizeof(random_buf));
  89. + RAND_bytes (random_buf, sizeof(random_buf));
  90. SHA1_Init (&s);
  91. SHA1_Update (&s, random_buf, sizeof(random_buf));
  92. --- a/net/server/user-mgr.c
  93. +++ b/net/server/user-mgr.c
  94. @@ -816,9 +816,13 @@ hash_password_pbkdf2_sha256 (const char
  95. char salt_str[SHA256_DIGEST_LENGTH*2+1];
  96. if (!RAND_bytes (salt, sizeof(salt))) {
  97. +#if OPENSSL_VERSION_NUMBER < 0x10100000L || OPENSSL_API_COMPAT < 0x10100000L
  98. ccnet_warning ("Failed to generate salt "
  99. "with RAND_bytes(), use RAND_pseudo_bytes().\n");
  100. RAND_pseudo_bytes (salt, sizeof(salt));
  101. +#else
  102. + ccnet_warning ("Failed to generate salt with RAND_bytes().\n");
  103. +#endif
  104. }
  105. PKCS5_PBKDF2_HMAC (passwd, strlen(passwd),
  106. --- a/tools/ccnet-init.c
  107. +++ b/tools/ccnet-init.c
  108. @@ -108,7 +108,9 @@ main(int argc, char **argv)
  109. config_dir = ccnet_expand_path (config_dir);
  110. /* printf("[conf_dir=%s\n]", config_dir); */
  111. +#if OPENSSL_VERSION_NUMBER < 0x10100000L
  112. OpenSSL_add_all_algorithms();
  113. +#endif
  114. if (RAND_status() != 1) { /* it should be seeded automatically */
  115. fprintf(stderr, "PRNG is not seeded\n");