You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

151 lines
5.5 KiB

From 6c825349e1994a991f287e398cf0ead5f790a01b Mon Sep 17 00:00:00 2001
From: Eneas U de Queiroz <cote2004-github@yahoo.com>
Date: Wed, 6 Jun 2018 18:05:33 -0300
Subject: [PATCH] Remove API deprecated in openssl 1.1
With openssl 1.1, we do not call OpenSSL_add_all_algorithms(), as
library initialization is done automatically.
Functions RAND_pseudo_bytes and RSA_generate_key were deprecated as
well.
Also, we need to #include <openssl/bn.h> for BN_num_bytes().
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
---
lib/rsa.c | 15 ++++++++++++---
net/common/processors/keepalive-proc.c | 4 ++--
net/common/processors/keepalive2-proc.c | 2 +-
net/common/processors/sendsessionkey-proc.c | 2 +-
net/common/processors/sendsessionkey-v2-proc.c | 2 +-
net/server/user-mgr.c | 4 ++++
tools/ccnet-init.c | 2 ++
7 files changed, 23 insertions(+), 8 deletions(-)
diff --git a/lib/rsa.c b/lib/rsa.c
index 7cca150..d969a62 100644
--- a/lib/rsa.c
+++ b/lib/rsa.c
@@ -4,6 +4,7 @@
#include <openssl/rand.h>
#include <openssl/rsa.h>
#include <openssl/err.h>
+#include <openssl/bn.h>
#include <string.h>
#include <glib.h>
@@ -207,9 +208,17 @@ RSA *
generate_private_key(u_int bits)
{
RSA *private = NULL;
-
- private = RSA_generate_key(bits, 35, NULL, NULL);
- if (private == NULL)
+ BIGNUM *e = NULL;
+
+ private = RSA_new();
+ e = BN_new();
+ if (private == NULL || e == NULL || !BN_set_word(e, 35) ||
+ !RSA_generate_key_ex(private, bits, e, NULL)) {
+ RSA_free(private);
+ BN_free(e);
g_error ("rsa_generate_private_key: key generation failed.");
+ return NULL;
+ }
+ BN_free(e);
return private;
}
diff --git a/net/common/processors/keepalive-proc.c b/net/common/processors/keepalive-proc.c
index 609d102..42a0c23 100644
--- a/net/common/processors/keepalive-proc.c
+++ b/net/common/processors/keepalive-proc.c
@@ -401,7 +401,7 @@ static void send_challenge(CcnetProcessor *processor)
unsigned char *buf;
int len;
- RAND_pseudo_bytes (priv->random_buf, 40);
+ RAND_bytes (priv->random_buf, 40);
buf = public_key_encrypt (peer->pubkey, priv->random_buf, 40, &len);
ccnet_processor_send_update (processor, "311", NULL, (char *)buf, len);
@@ -434,7 +434,7 @@ static void send_challenge_user(CcnetProcessor *processor, CcnetUser *user)
ccnet_debug ("[Keepalive] Send user challenge to %.8s\n",
processor->peer->id);
- RAND_pseudo_bytes (priv->random_buf, 40);
+ RAND_bytes (priv->random_buf, 40);
buf = public_key_encrypt (user->pubkey, priv->random_buf, 40, &len);
ccnet_processor_send_update (processor, "321", NULL, (char *)buf, len);
diff --git a/net/common/processors/keepalive2-proc.c b/net/common/processors/keepalive2-proc.c
index d3e799e..d81c266 100644
--- a/net/common/processors/keepalive2-proc.c
+++ b/net/common/processors/keepalive2-proc.c
@@ -306,7 +306,7 @@ static void send_challenge(CcnetProcessor *processor)
unsigned char *buf;
int len;
- RAND_pseudo_bytes (priv->random_buf, 40);
+ RAND_bytes (priv->random_buf, 40);
buf = public_key_encrypt (peer->pubkey, priv->random_buf, 40, &len);
if (len < 0) {
ccnet_debug ("[Keepalive] Failed to encrypt challenge "
diff --git a/net/common/processors/sendsessionkey-proc.c b/net/common/processors/sendsessionkey-proc.c
index 3ec2757..10c3340 100644
--- a/net/common/processors/sendsessionkey-proc.c
+++ b/net/common/processors/sendsessionkey-proc.c
@@ -124,7 +124,7 @@ generate_session_key (CcnetProcessor *processor, int *len_p)
unsigned char random_buf[40];
SHA_CTX s;
- RAND_pseudo_bytes (random_buf, sizeof(random_buf));
+ RAND_bytes (random_buf, sizeof(random_buf));
SHA1_Init (&s);
SHA1_Update (&s, random_buf, sizeof(random_buf));
diff --git a/net/common/processors/sendsessionkey-v2-proc.c b/net/common/processors/sendsessionkey-v2-proc.c
index c1c6924..4805ba6 100644
--- a/net/common/processors/sendsessionkey-v2-proc.c
+++ b/net/common/processors/sendsessionkey-v2-proc.c
@@ -125,7 +125,7 @@ generate_session_key (CcnetProcessor *processor, int *len_p)
unsigned char random_buf[40];
SHA_CTX s;
- RAND_pseudo_bytes (random_buf, sizeof(random_buf));
+ RAND_bytes (random_buf, sizeof(random_buf));
SHA1_Init (&s);
SHA1_Update (&s, random_buf, sizeof(random_buf));
diff --git a/net/server/user-mgr.c b/net/server/user-mgr.c
index 8a356f0..7a3f5cb 100644
--- a/net/server/user-mgr.c
+++ b/net/server/user-mgr.c
@@ -816,9 +816,13 @@ hash_password_pbkdf2_sha256 (const char *passwd,
char salt_str[SHA256_DIGEST_LENGTH*2+1];
if (!RAND_bytes (salt, sizeof(salt))) {
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || OPENSSL_API_COMPAT < 0x10100000L
ccnet_warning ("Failed to generate salt "
"with RAND_bytes(), use RAND_pseudo_bytes().\n");
RAND_pseudo_bytes (salt, sizeof(salt));
+#else
+ ccnet_warning ("Failed to generate salt with RAND_bytes().\n");
+#endif
}
PKCS5_PBKDF2_HMAC (passwd, strlen(passwd),
diff --git a/tools/ccnet-init.c b/tools/ccnet-init.c
index 4748962..28c9995 100644
--- a/tools/ccnet-init.c
+++ b/tools/ccnet-init.c
@@ -162,7 +162,9 @@ main(int argc, char **argv)
config_dir = ccnet_expand_path (config_dir);
/* printf("[conf_dir=%s\n]", config_dir); */
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
OpenSSL_add_all_algorithms();
+#endif
if (RAND_status() != 1) { /* it should be seeded automatically */
fprintf(stderr, "PRNG is not seeded\n");
--
2.19.1