[Libreoffice-commits] online.git: Branch 'libreoffice-5-4' - net/Ssl.cpp

[Pranav Kant]

 net/Ssl.cpp |3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

New commits:
commit 97aa646a4f57bdde5857ce05f282627893674a36
Author: Pranav Kant 
Date:   Mon Nov 27 16:29:26 2017 +0530

tdf#114073: Potential fix for crash with openssl1.1

Using null ssl context to set options is surely not a good idea:

unsigned long SSL_CTX_set_options(SSL_CTX *ctx, unsigned long op)
{
return ctx->options |= op;
}

Change-Id: I2700350e0c3928e372488c81b8111c9ab0b48e06
(cherry picked from commit 483a5d68e5f7e6b145d957c50120cd05c436387b)
Reviewed-on: https://gerrit.libreoffice.org/49016
Reviewed-by: Samuel Mehrbrodt 
Tested-by: Samuel Mehrbrodt 

diff --git a/net/Ssl.cpp b/net/Ssl.cpp
index 5a9f8280..bae18a9f 100644
--- a/net/Ssl.cpp
+++ b/net/Ssl.cpp
@@ -47,8 +47,7 @@ SslContext::SslContext(const std::string& certFilePath,
 #endif
 
 #if OPENSSL_VERSION_NUMBER >= 0x1013L
-SSL_CTX_set_options(nullptr, 0);
-OPENSSL_init_ssl(OPENSSL_INIT_LOAD_CONFIG, NULL);
+OPENSSL_init_ssl(OPENSSL_INIT_LOAD_CONFIG, nullptr);
 #else
 SSL_library_init();
 SSL_load_error_strings();
___
Libreoffice-commits mailing list
libreoffice-comm...@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/libreoffice-commits

[Libreoffice-commits] online.git: Branch 'libreoffice-5-4' - net/Ssl.cpp

[Christian Glombek]

 net/Ssl.cpp |   16 +++-
 1 file changed, 15 insertions(+), 1 deletion(-)

New commits:
commit fa6cdb4db0a80b85042d2ebc43bbf28d2e30d7eb
Author: Christian Glombek 
Date:   Sat Sep 16 08:38:01 2017 +0200

Add Support for OpenSSL 1.1.0

Change-Id: I0aa58b893e8577bba94fa45c0c4c81449b12e4e2
Reviewed-on: https://gerrit.libreoffice.org/42511
Reviewed-by: Thorsten Behrens 
Reviewed-by: Jan Holesovsky 
Tested-by: Jan Holesovsky 

diff --git a/net/Ssl.cpp b/net/Ssl.cpp
index e350257c..64f279d4 100644
--- a/net/Ssl.cpp
+++ b/net/Ssl.cpp
@@ -42,13 +42,18 @@ SslContext::SslContext(const std::string& certFilePath,
 _mutexes.emplace_back(new std::mutex);
 }
 
-#if OPENSSL_VERSION_NUMBER >= 0x0907000L
+#if OPENSSL_VERSION_NUMBER >= 0x0907000L && OPENSSL_VERSION_NUMBER < 
0x1013L
 OPENSSL_config(nullptr);
 #endif
 
+#if OPENSSL_VERSION_NUMBER >= 0x1013L
+SSL_CTX_set_options(nullptr, 0);
+OPENSSL_init_ssl(OPENSSL_INIT_LOAD_CONFIG, NULL);
+#else
 SSL_library_init();
 SSL_load_error_strings();
 OpenSSL_add_all_algorithms();
+#endif
 
 CRYPTO_set_locking_callback(::lock);
 CRYPTO_set_id_callback(::id);
@@ -233,10 +238,19 @@ void SslContext::initDH()
 throw std::runtime_error("Error creating Diffie-Hellman parameters: " 
+ msg);
 }
 
+#if OPENSSL_VERSION_NUMBER >= 0x1013L
+// OpenSSL v1.1.0 has public API changes
+// p, g and length of the Diffie-Hellman param can't be set directly 
anymore,
+// instead DH_set0_pqg and DH_set_length are used
+BIGNUM* p = BN_bin2bn(dh1024_p, sizeof(dh1024_p), 0);
+BIGNUM* g = BN_bin2bn(dh1024_g, sizeof(dh1024_g), 0);
+if ((DH_set0_pqg(dh, p, NULL, g) == 0) || (DH_set_length(dh, 160) == 0))
+#else
 dh->p = BN_bin2bn(dh1024_p, sizeof(dh1024_p), 0);
 dh->g = BN_bin2bn(dh1024_g, sizeof(dh1024_g), 0);
 dh->length = 160;
 if ((!dh->p) || (!dh->g))
+#endif
 {
 DH_free(dh);
 throw std::runtime_error("Error creating Diffie-Hellman parameters");
___
Libreoffice-commits mailing list
libreoffice-comm...@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/libreoffice-commits