--- Begin Message ---
I've rewritten the patch, removing deprecated API.
It is much cleaner now; ustream-io-openssl.c has no #if's, and they're
minimized in ustream-openssl.c.
Signed-off-by: Eneas U de Queiroz <[email protected]>
---
openssl_bio_compat.h | 34 ++++++++++++++++++++++++++++++++++
ustream-io-openssl.c | 45 +++------------------------------------------
ustream-openssl.c | 26 ++++++++++++--------------
3 files changed, 49 insertions(+), 56 deletions(-)
create mode 100644 openssl_bio_compat.h
diff --git a/openssl_bio_compat.h b/openssl_bio_compat.h
new file mode 100644
index 0000000..dedc412
--- /dev/null
+++ b/openssl_bio_compat.h
@@ -0,0 +1,34 @@
+#ifndef OPENSSL_BIO_COMPAT_H
+#define OPENSSL_BIO_COMPAT_H
+
+#include <openssl/opensslv.h>
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+
+#include <openssl/bio.h>
+#include <string.h>
+
+#define BIO_get_data(b) (b->ptr)
+#define BIO_set_data(b, v) (b->ptr = v)
+#define BIO_set_init(b, v) (b->init = v)
+#define BIO_set_shutdown(b, v) (b->flags = v)
+#define BIO_meth_set_write(m, f) (m->bwrite = f)
+#define BIO_meth_set_read(m, f) (m->bread = f)
+#define BIO_meth_set_puts(m, f) (m->bputs = f)
+#define BIO_meth_set_gets(m, f) (m->bgets = f)
+#define BIO_meth_set_ctrl(m, f) (m->ctrl = f)
+#define BIO_meth_set_create(m, f) (m->create = f)
+#define BIO_meth_set_destroy(m, f) (m->destroy = f)
+
+static inline BIO_METHOD *BIO_meth_new(int type, const char *name)
+{
+ BIO_METHOD *bm = calloc(1, sizeof(BIO_METHOD));
+ if (bm) {
+ bm->type = type;
+ bm->name = name;
+ }
+ return bm;
+}
+
+#endif /* OPENSSL_VERSION_NUMBER */
+
+#endif /* OPENSSL_BIO_COMPAT_H */
diff --git a/ustream-io-openssl.c b/ustream-io-openssl.c
index 73a2ba6..aa9f401 100644
--- a/ustream-io-openssl.c
+++ b/ustream-io-openssl.c
@@ -21,21 +21,15 @@
#include <libubox/ustream.h>
#include "ustream-ssl.h"
+#include "openssl_bio_compat.h"
#include "ustream-internal.h"
static int
s_ustream_new(BIO *b)
{
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
BIO_set_init(b, 1);
BIO_set_data(b, NULL);
BIO_set_shutdown(b, 0);
-#else
- b->init = 1;
- b->num = 0;
- b->ptr = NULL;
- b->flags = 0;
-#endif
return 1;
}
@@ -45,15 +39,9 @@ s_ustream_free(BIO *b)
if (!b)
return 0;
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
BIO_set_data(b, NULL);
BIO_set_init(b, 0);
BIO_set_shutdown(b, 0);
-#else
- b->ptr = NULL;
- b->init = 0;
- b->flags = 0;
-#endif
return 1;
}
@@ -67,11 +55,7 @@ s_ustream_read(BIO *b, char *buf, int len)
if (!buf || len <= 0)
return 0;
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
s = (struct ustream *)BIO_get_data(b);
-#else
- s = (struct ustream *)b->ptr;
-#endif
if (!s)
return 0;
@@ -100,11 +84,7 @@ s_ustream_write(BIO *b, const char *buf, int len)
if (!buf || len <= 0)
return 0;
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
s = (struct ustream *)BIO_get_data(b);
-#else
- s = (struct ustream *)b->ptr;
-#endif
if (!s)
return 0;
@@ -136,29 +116,13 @@ static long s_ustream_ctrl(BIO *b, int cmd, long num,
void *ptr)
};
}
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
-static BIO_METHOD methods_ustream = {
- 100 | BIO_TYPE_SOURCE_SINK,
- "ustream",
- s_ustream_write,
- s_ustream_read,
- s_ustream_puts,
- s_ustream_gets,
- s_ustream_ctrl,
- s_ustream_new,
- s_ustream_free,
- NULL,
-};
-#endif
-
static BIO *ustream_bio_new(struct ustream *s)
{
BIO *bio;
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
BIO_METHOD *methods_ustream;
- methods_ustream = BIO_meth_new(BIO_get_new_index() |
BIO_TYPE_SOURCE_SINK, "ustream");
+ methods_ustream = BIO_meth_new(100 | BIO_TYPE_SOURCE_SINK, "ustream");
BIO_meth_set_write(methods_ustream, s_ustream_write);
BIO_meth_set_read(methods_ustream, s_ustream_read);
BIO_meth_set_puts(methods_ustream, s_ustream_puts);
@@ -168,10 +132,7 @@ static BIO *ustream_bio_new(struct ustream *s)
BIO_meth_set_destroy(methods_ustream, s_ustream_free);
bio = BIO_new(methods_ustream);
BIO_set_data(bio, s);
-#else
- bio = BIO_new(&methods_ustream);
- bio->ptr = s;
-#endif
+
return bio;
}
diff --git a/ustream-openssl.c b/ustream-openssl.c
index 303b58e..c6839ea 100644
--- a/ustream-openssl.c
+++ b/ustream-openssl.c
@@ -25,42 +25,40 @@
__hidden struct ustream_ssl_ctx *
__ustream_ssl_context_new(bool server)
{
- static bool _init = false;
const void *m;
SSL_CTX *c;
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ static bool _init = false;
+
if (!_init) {
SSL_load_error_strings();
SSL_library_init();
_init = true;
}
+# define TLS_server_method SSLv23_server_method
+# define TLS_client_method SSLv23_client_method
+#endif
- if (server)
-#ifdef CYASSL_OPENSSL_H_
- m = SSLv23_server_method();
-#elif OPENSSL_VERSION_NUMBER >= 0x10100000L
+ if (server) {
m = TLS_server_method();
-#else
- m = TLSv1_2_server_method();
-#endif
- else
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+ } else
m = TLS_client_method();
-#else
- m = SSLv23_client_method();
-#endif
c = SSL_CTX_new((void *) m);
if (!c)
return NULL;
SSL_CTX_set_verify(c, SSL_VERIFY_NONE, NULL);
-#if !defined(OPENSSL_NO_ECDH) && !defined(CYASSL_OPENSSL_H_)
+ SSL_CTX_set_options (c, SSL_OP_NO_COMPRESSION); /* avoid CRIME attack */
+#if !defined(OPENSSL_NO_ECDH) && !defined(CYASSL_OPENSSL_H_) &&
OPENSSL_VERSION_NUMBER < 0x10100000L
SSL_CTX_set_ecdh_auto(c, 1);
#endif
if (server) {
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
SSL_CTX_set_min_proto_version(c, TLS1_2_VERSION);
+#else
+ SSL_CTX_set_options (c, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 |
SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1);
#endif
SSL_CTX_set_cipher_list(c, "DEFAULT:!RC4:@STRENGTH");
}
--
2.16.1
--- End Message ---
