This is an automated email from the git hooks/post-receive script.
git pushed a commit to reference refs/pull/47/head
in repository efl.
View the commit online.
commit 57f18628575d9124eb4e24fdbf2a4522633340ca
Author: Carsten Haitzler <ras...@rasterman.com>
AuthorDate: Mon Apr 28 19:34:31 2025 +0100
efl - openssl - move to new openssl3 and on code from deprecated
---
src/lib/ecore_con/efl_net_ssl_conn-openssl.c | 5 +++
src/lib/ecore_con/efl_net_ssl_ctx-openssl.c | 6 ++++
src/lib/eet/eet_cipher.c | 51 ++++++++++++++++----------
src/lib/emile/emile_cipher_openssl.c | 53 ++++++++++++++++++++--------
4 files changed, 82 insertions(+), 33 deletions(-)
diff --git a/src/lib/ecore_con/efl_net_ssl_conn-openssl.c b/src/lib/ecore_con/efl_net_ssl_conn-openssl.c
index 56c8a595eb..d5257ba90a 100644
--- a/src/lib/ecore_con/efl_net_ssl_conn-openssl.c
+++ b/src/lib/ecore_con/efl_net_ssl_conn-openssl.c
@@ -23,6 +23,11 @@
#include "ecore_con_private.h"
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+# define ERR_get_error_line_data(_a, _b, _c, _d) ERR_get_error_all(_a, _b, NULL, _c, _d)
+# define ERR_peek_error_line_data(_a, _b, _c, _d) ERR_peek_error_all(_a, _b, NULL, _c, _d)
+#endif
+
/* OpenSSL's BIO is the abstraction for I/O, provide one for Efl.Io.* */
static int
efl_net_socket_bio_create(BIO *b)
diff --git a/src/lib/ecore_con/efl_net_ssl_ctx-openssl.c b/src/lib/ecore_con/efl_net_ssl_ctx-openssl.c
index 3cf2d2f90b..93561d8969 100644
--- a/src/lib/ecore_con/efl_net_ssl_ctx-openssl.c
+++ b/src/lib/ecore_con/efl_net_ssl_ctx-openssl.c
@@ -18,6 +18,12 @@ struct _Efl_Net_Ssl_Ctx
#define _efl_net_ssl_ctx_check_errors() \
__efl_net_ssl_ctx_check_errors(__FILE__, __LINE__, __func__)
+
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+# define ERR_get_error_line_data(_a, _b, _c, _d) ERR_get_error_all(_a, _b, NULL, _c, _d)
+# define ERR_peek_error_line_data(_a, _b, _c, _d) ERR_peek_error_all(_a, _b, NULL, _c, _d)
+#endif
+
static unsigned long
__efl_net_ssl_ctx_check_errors(const char *file, int line, const char *fname)
{
diff --git a/src/lib/eet/eet_cipher.c b/src/lib/eet/eet_cipher.c
index d54dd063cc..5e140cb09c 100644
--- a/src/lib/eet/eet_cipher.c
+++ b/src/lib/eet/eet_cipher.c
@@ -35,6 +35,10 @@
# include <openssl/rand.h>
#endif /* ifdef HAVE_CIPHER */
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+#include <openssl/core_names.h>
+#endif
+
#include <Emile.h>
#include "Eet.h"
@@ -137,35 +141,44 @@ eet_identity_print(Eet_Key *key,
FILE *out)
{
#ifdef HAVE_SIGNATURE
- RSA *rsa;
- DSA *dsa;
- DH *dh;
if (!key)
return;
if (!emile_cipher_init()) return ;
- rsa = EVP_PKEY_get1_RSA(key->private_key);
- if (rsa)
+ do
{
- fprintf(out, "Private key (RSA):\n");
- RSA_print_fp(out, rsa, 0);
- }
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+ EVP_PKEY_print_private_fp(out, key->private_key, 0, NULL);
+#else
+ RSA *rsa;
+ DSA *dsa;
+ DH *dh;
- dsa = EVP_PKEY_get1_DSA(key->private_key);
- if (dsa)
- {
- fprintf(out, "Private key (DSA):\n");
- DSA_print_fp(out, dsa, 0);
- }
+ rsa = EVP_PKEY_get1_RSA(key->private_key);
+ if (rsa)
+ {
+ fprintf(out, "Private key (RSA):\n");
+ RSA_print_fp(out, rsa, 0);
+ }
- dh = EVP_PKEY_get1_DH(key->private_key);
- if (dh)
- {
- fprintf(out, "Private key (DH):\n");
- DHparams_print_fp(out, dh);
+ dsa = EVP_PKEY_get1_DSA(key->private_key);
+ if (dsa)
+ {
+ fprintf(out, "Private key (DSA):\n");
+ DSA_print_fp(out, dsa, 0);
+ }
+
+ dh = EVP_PKEY_get1_DH(key->private_key);
+ if (dh)
+ {
+ fprintf(out, "Private key (DH):\n");
+ DHparams_print_fp(out, dh);
+ }
+#endif
}
+ while (0);
fprintf(out, "Public certificate:\n");
X509_print_fp(out, key->certificate);
diff --git a/src/lib/emile/emile_cipher_openssl.c b/src/lib/emile/emile_cipher_openssl.c
index 7dd2033db1..dcc576801d 100644
--- a/src/lib/emile/emile_cipher_openssl.c
+++ b/src/lib/emile/emile_cipher_openssl.c
@@ -313,7 +313,6 @@ EAPI Emile_SSL *
emile_cipher_server_listen(Emile_Cipher_Type t)
{
Emile_SSL *r;
- DH *dh_params = NULL;
int options;
int dh = 0;
@@ -343,20 +342,46 @@ emile_cipher_server_listen(Emile_Cipher_Type t)
if (!r->ssl_ctx) goto on_error;
- dh_params = DH_new();
- if (!dh_params) goto on_error;
- if (!DH_generate_parameters_ex(dh_params, 1024, DH_GENERATOR_5, NULL))
- goto on_error;
- if (!DH_check(dh_params, &dh))
- goto on_error;
- if ((dh & DH_CHECK_P_NOT_PRIME) || (dh & DH_CHECK_P_NOT_SAFE_PRIME))
- goto on_error;
- if (!DH_generate_key(dh_params))
- goto on_error;
- if (!SSL_CTX_set_tmp_dh(r->ssl_ctx, dh_params))
- goto on_error;
- DH_free(dh_params);
+ do
+ {
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+ EVP_PKEY *params = NULL;
+ EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_DH, NULL);
+ if (!pctx)
+ goto on_error;
+ if (EVP_PKEY_paramgen_init(pctx) <= 0)
+ goto on_error2;
+ if (EVP_PKEY_CTX_set_dh_paramgen_prime_len(pctx, 1024) <= 0)
+ goto on_error2;
+ if (EVP_PKEY_CTX_set_dh_paramgen_generator(pctx, 5) <= 0)
+ goto on_error2;
+ if (EVP_PKEY_paramgen(pctx, ¶ms) <= 0)
+ goto on_error2;
+ if (SSL_CTX_set0_tmp_dh_pkey(r->ssl_ctx, params) <= 0)
+ goto on_error2;
+on_error2:
+ if (params) EVP_PKEY_free(params);
+ EVP_PKEY_CTX_free(pctx);
+ if (!params) goto on_error;
+#else
+ DH *dh_params = DH_new();
+ if (!dh_params) goto on_error;
+ if (!DH_generate_parameters_ex(dh_params, 1024, DH_GENERATOR_5, NULL))
+ goto on_error;
+ if (!DH_check(dh_params, &dh))
+ goto on_error;
+ if ((dh & DH_CHECK_P_NOT_PRIME) || (dh & DH_CHECK_P_NOT_SAFE_PRIME))
+ goto on_error;
+ if (!DH_generate_key(dh_params))
+ goto on_error;
+ if (!SSL_CTX_set_tmp_dh(r->ssl_ctx, dh_params))
+ goto on_error;
+ DH_free(dh_params);
+#endif
+ }
+ while (0);
+
INF("DH params successfully generated and applied!");
if (!SSL_CTX_set_cipher_list(r->ssl_ctx,
--
To stop receiving notification emails like this one, please contact
the administrator of this repository.
