On Wed, May 30, 2018 at 7:20 PM, Eneas U de Queiroz via openwrt-devel <[email protected]> wrote: > The sender domain has a DMARC Reject/Quarantine policy which disallows > sending mailing list messages using the original "From" header. > > To mitigate this problem, the original message has been wrapped > automatically by the mailing list software. > > ---------- Forwarded message ---------- > From: Eneas U de Queiroz <[email protected]> > To: [email protected] > Cc: Eneas U de Queiroz <[email protected]> > Bcc: > Date: Wed, 30 May 2018 23:18:37 -0300 > Subject: [PATCH v2 4/4] ustream-ssl: openssl-1.1 compatibility > I've rewritten the patch, removing deprecated API. > > It is much cleaner now; ustream-io-openssl.c has no #if's, and they're > minimized in ustream-openssl.c. This does not apply. > > Signed-off-by: Eneas U de Queiroz <[email protected]> > --- > openssl_bio_compat.h | 34 ++++++++++++++++++++++++++++++++++ > ustream-io-openssl.c | 45 +++------------------------------------------ > ustream-openssl.c | 26 ++++++++++++-------------- > 3 files changed, 49 insertions(+), 56 deletions(-) > create mode 100644 openssl_bio_compat.h > > diff --git a/openssl_bio_compat.h b/openssl_bio_compat.h > new file mode 100644 > index 0000000..dedc412 > --- /dev/null > +++ b/openssl_bio_compat.h > @@ -0,0 +1,34 @@ > +#ifndef OPENSSL_BIO_COMPAT_H > +#define OPENSSL_BIO_COMPAT_H > + > +#include <openssl/opensslv.h> > +#if OPENSSL_VERSION_NUMBER < 0x10100000L > + > +#include <openssl/bio.h> > +#include <string.h> > + > +#define BIO_get_data(b) (b->ptr) > +#define BIO_set_data(b, v) (b->ptr = v) > +#define BIO_set_init(b, v) (b->init = v) > +#define BIO_set_shutdown(b, v) (b->flags = v) > +#define BIO_meth_set_write(m, f) (m->bwrite = f) > +#define BIO_meth_set_read(m, f) (m->bread = f) > +#define BIO_meth_set_puts(m, f) (m->bputs = f) > +#define BIO_meth_set_gets(m, f) (m->bgets = f) > +#define BIO_meth_set_ctrl(m, f) (m->ctrl = f) > +#define BIO_meth_set_create(m, f) (m->create = f) > +#define BIO_meth_set_destroy(m, f) (m->destroy = f) > + > +static inline BIO_METHOD *BIO_meth_new(int type, const char *name) > +{ > + BIO_METHOD *bm = calloc(1, sizeof(BIO_METHOD)); > + if (bm) { > + bm->type = type; > + bm->name = name; > + } > + return bm; > +} > + > +#endif /* OPENSSL_VERSION_NUMBER */ > + > +#endif /* OPENSSL_BIO_COMPAT_H */ > diff --git a/ustream-io-openssl.c b/ustream-io-openssl.c > index 73a2ba6..aa9f401 100644 > --- a/ustream-io-openssl.c > +++ b/ustream-io-openssl.c > @@ -21,21 +21,15 @@ > #include <libubox/ustream.h> > > #include "ustream-ssl.h" > +#include "openssl_bio_compat.h" > #include "ustream-internal.h" > > static int > s_ustream_new(BIO *b) > { > -#if OPENSSL_VERSION_NUMBER >= 0x10100000L > BIO_set_init(b, 1); > BIO_set_data(b, NULL); > BIO_set_shutdown(b, 0); > -#else > - b->init = 1; > - b->num = 0; > - b->ptr = NULL; > - b->flags = 0; > -#endif > return 1; > } > > @@ -45,15 +39,9 @@ s_ustream_free(BIO *b) > if (!b) > return 0; > > -#if OPENSSL_VERSION_NUMBER >= 0x10100000L > BIO_set_data(b, NULL); > BIO_set_init(b, 0); > BIO_set_shutdown(b, 0); > -#else > - b->ptr = NULL; > - b->init = 0; > - b->flags = 0; > -#endif > return 1; > } > > @@ -67,11 +55,7 @@ s_ustream_read(BIO *b, char *buf, int len) > if (!buf || len <= 0) > return 0; > > -#if OPENSSL_VERSION_NUMBER >= 0x10100000L > s = (struct ustream *)BIO_get_data(b); > -#else > - s = (struct ustream *)b->ptr; > -#endif > if (!s) > return 0; > > @@ -100,11 +84,7 @@ s_ustream_write(BIO *b, const char *buf, int len) > if (!buf || len <= 0) > return 0; > > -#if OPENSSL_VERSION_NUMBER >= 0x10100000L > s = (struct ustream *)BIO_get_data(b); > -#else > - s = (struct ustream *)b->ptr; > -#endif > if (!s) > return 0; > > @@ -136,29 +116,13 @@ static long s_ustream_ctrl(BIO *b, int cmd, long num, > void *ptr) > }; > } > > -#if OPENSSL_VERSION_NUMBER < 0x10100000L > -static BIO_METHOD methods_ustream = { > - 100 | BIO_TYPE_SOURCE_SINK, > - "ustream", > - s_ustream_write, > - s_ustream_read, > - s_ustream_puts, > - s_ustream_gets, > - s_ustream_ctrl, > - s_ustream_new, > - s_ustream_free, > - NULL, > -}; > -#endif > - > static BIO *ustream_bio_new(struct ustream *s) > { > BIO *bio; > > -#if OPENSSL_VERSION_NUMBER >= 0x10100000L > BIO_METHOD *methods_ustream; > > - methods_ustream = BIO_meth_new(BIO_get_new_index() | > BIO_TYPE_SOURCE_SINK, "ustream"); > + methods_ustream = BIO_meth_new(100 | BIO_TYPE_SOURCE_SINK, "ustream"); > BIO_meth_set_write(methods_ustream, s_ustream_write); > BIO_meth_set_read(methods_ustream, s_ustream_read); > BIO_meth_set_puts(methods_ustream, s_ustream_puts); > @@ -168,10 +132,7 @@ static BIO *ustream_bio_new(struct ustream *s) > BIO_meth_set_destroy(methods_ustream, s_ustream_free); > bio = BIO_new(methods_ustream); > BIO_set_data(bio, s); > -#else > - bio = BIO_new(&methods_ustream); > - bio->ptr = s; > -#endif > + > return bio; > } > > diff --git a/ustream-openssl.c b/ustream-openssl.c > index 303b58e..c6839ea 100644 > --- a/ustream-openssl.c > +++ b/ustream-openssl.c > @@ -25,42 +25,40 @@ > __hidden struct ustream_ssl_ctx * > __ustream_ssl_context_new(bool server) > { > - static bool _init = false; > const void *m; > SSL_CTX *c; > > +#if OPENSSL_VERSION_NUMBER < 0x10100000L > + static bool _init = false; > + > if (!_init) { > SSL_load_error_strings(); > SSL_library_init(); > _init = true; > } > +# define TLS_server_method SSLv23_server_method > +# define TLS_client_method SSLv23_client_method > +#endif > > - if (server) > -#ifdef CYASSL_OPENSSL_H_ > - m = SSLv23_server_method(); > -#elif OPENSSL_VERSION_NUMBER >= 0x10100000L > + if (server) { > m = TLS_server_method(); > -#else > - m = TLSv1_2_server_method(); > -#endif > - else > -#if OPENSSL_VERSION_NUMBER >= 0x10100000L > + } else > m = TLS_client_method(); > -#else > - m = SSLv23_client_method(); > -#endif > > c = SSL_CTX_new((void *) m); > if (!c) > return NULL; > > SSL_CTX_set_verify(c, SSL_VERIFY_NONE, NULL); > -#if !defined(OPENSSL_NO_ECDH) && !defined(CYASSL_OPENSSL_H_) > + SSL_CTX_set_options (c, SSL_OP_NO_COMPRESSION); /* avoid CRIME attack > */ > +#if !defined(OPENSSL_NO_ECDH) && !defined(CYASSL_OPENSSL_H_) && > OPENSSL_VERSION_NUMBER < 0x10100000L > SSL_CTX_set_ecdh_auto(c, 1); > #endif > if (server) { > #if OPENSSL_VERSION_NUMBER >= 0x10100000L > SSL_CTX_set_min_proto_version(c, TLS1_2_VERSION); > +#else > + SSL_CTX_set_options (c, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | > SSL_OP_NO_TLSv1 | SSL_OP_NO_TLSv1_1); > #endif > SSL_CTX_set_cipher_list(c, "DEFAULT:!RC4:@STRENGTH"); > } > -- > 2.16.1 > > > > _______________________________________________ > openwrt-devel mailing list > [email protected] > https://lists.openwrt.org/listinfo/openwrt-devel >
_______________________________________________ openwrt-devel mailing list [email protected] https://lists.openwrt.org/listinfo/openwrt-devel
