Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 592124 Details for
Bug 674246
www-servers/cherokee-1.2.104 : cryptor_libssl_dh_512.c:21:4: error: dereferencing pointer to incomplete type DH {aka struct dh_st }
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
OpenSSL 1.1 support #1196 patch
cherokee-openssl-1.1.patch (text/plain), 7.76 KB, created by
Sandino Araico Sanchez
on 2019-10-08 09:19:15 UTC
(
hide
)
Description:
OpenSSL 1.1 support #1196 patch
Filename:
MIME Type:
Creator:
Sandino Araico Sanchez
Created:
2019-10-08 09:19:15 UTC
Size:
7.76 KB
patch
obsolete
>diff --git a/cherokee/cryptor_libssl.c b/cherokee/cryptor_libssl.c >index 74af1cb5..fabf9912 100644 >--- a/cherokee/cryptor_libssl.c >+++ b/cherokee/cryptor_libssl.c >@@ -53,6 +53,8 @@ static DH *dh_param_1024 = NULL; > static DH *dh_param_2048 = NULL; > static DH *dh_param_4096 = NULL; > >+#include "cryptor_libssl_compat.h" >+ > #include "cryptor_libssl_dh_512.c" > #include "cryptor_libssl_dh_1024.c" > #include "cryptor_libssl_dh_2048.c" >@@ -238,13 +240,13 @@ cherokee_cryptor_libssl_find_vserver (SSL *ssl, > /* SSL_set_SSL_CTX() only change certificates. We need to > * changes more options by hand. > */ >- SSL_set_options(ssl, SSL_CTX_get_options(ssl->ctx)); >+ SSL_set_options(ssl, SSL_CTX_get_options(ctx)); > > if ((SSL_get_verify_mode(ssl) == SSL_VERIFY_NONE) || > (SSL_num_renegotiations(ssl) == 0)) { > >- SSL_set_verify(ssl, SSL_CTX_get_verify_mode(ssl->ctx), >- SSL_CTX_get_verify_callback(ssl->ctx)); >+ SSL_set_verify(ssl, SSL_CTX_get_verify_mode(ctx), >+ SSL_CTX_get_verify_callback(ctx)); > } > > return ret_ok; >@@ -790,11 +792,13 @@ _socket_init_tls (cherokee_cryptor_socket_libssl_t *cryp, > } > #endif > >+#if OPENSSL_VERSION_NUMBER < 0x10100000L > /* Disable Ciphers renegotiation (CVE-2009-3555) > */ > if (cryp->session->s3) { > cryp->session->s3->flags |= SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS; > } >+#endif > > return ret_ok; > } >@@ -1330,10 +1334,15 @@ PLUGIN_INIT_NAME(libssl) (cherokee_plugin_loader_t *loader) > > /* Init OpenSSL > */ >- OPENSSL_config (NULL); >+#if OPENSSL_VERSION_NUMBER < 0x10100000L >+ OPENSSL_config(NULL); > SSL_library_init(); > SSL_load_error_strings(); > OpenSSL_add_all_algorithms(); >+#else >+ OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS | OPENSSL_INIT_ADD_ALL_CIPHERS | OPENSSL_INIT_ADD_ALL_DIGESTS, NULL); >+ OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, NULL); >+#endif > > /* Ensure PRNG has been seeded with enough data > */ >diff --git a/cherokee/cryptor_libssl_compat.h b/cherokee/cryptor_libssl_compat.h >new file mode 100644 >index 00000000..832a122a >--- /dev/null >+++ b/cherokee/cryptor_libssl_compat.h >@@ -0,0 +1,36 @@ >+#if OPENSSL_VERSION_NUMBER < 0x10100000L >+#include <string.h> >+#include <openssl/engine.h> >+ >+int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g) >+{ >+ /* If the fields p and g in d are NULL, the corresponding input >+ * parameters MUST be non-NULL. q may remain NULL. >+ */ >+ >+ if ((dh->p == NULL && p == NULL) >+ || (dh->g == NULL && g == NULL)) >+ return 0; >+ >+ if (p != NULL) { >+ BN_free(dh->p); >+ dh->p = p; >+ } >+ >+ if (q != NULL) { >+ BN_free(dh->q); >+ dh->q = q; >+ } >+ >+ if (g != NULL) { >+ BN_free(dh->g); >+ dh->g = g; >+ } >+ >+ if (q != NULL) { >+ dh->length = BN_num_bits(q); >+ } >+ >+ return 1; >+} >+#endif >diff --git a/cherokee/cryptor_libssl_dh_1024.c b/cherokee/cryptor_libssl_dh_1024.c >index 7f7702d5..74a56c38 100644 >--- a/cherokee/cryptor_libssl_dh_1024.c >+++ b/cherokee/cryptor_libssl_dh_1024.c >@@ -2,9 +2,10 @@ > #ifndef HEADER_DH_H > #include <openssl/dh.h> > #endif >+ > static DH *get_dh1024() > { >- static unsigned char dh1024_p[]={ >+ static unsigned char dhp_1024[]={ > 0x85,0x08,0xFF,0x6C,0xC1,0x0C,0x23,0x55,0xC5,0xF8,0x3D,0x47, > 0x6F,0x23,0x36,0xDA,0x98,0xF3,0xE4,0x56,0xCD,0xA0,0xF3,0x02, > 0x18,0xB0,0xCB,0xD2,0x92,0x4B,0xDC,0x76,0x2B,0x24,0x2B,0x20, >@@ -17,16 +18,20 @@ static DH *get_dh1024() > 0xF4,0xB8,0xB7,0x5B,0xEF,0x7E,0x06,0x43,0x2A,0x8E,0x33,0x69, > 0x71,0x65,0x35,0xBF,0xCB,0xCD,0xB0,0x5B, > }; >- static unsigned char dh1024_g[]={ >+ static unsigned char dhg_1024[]={ > 0x02, > }; > DH *dh; >+ BIGNUM *dhp_bn, *dhg_bn; > > if ((dh=DH_new()) == NULL) return(NULL); >- dh->p=BN_bin2bn(dh1024_p,sizeof(dh1024_p),NULL); >- dh->g=BN_bin2bn(dh1024_g,sizeof(dh1024_g),NULL); >- if ((dh->p == NULL) || (dh->g == NULL)) { >- DH_free(dh); return(NULL); >+ dhp_bn = BN_bin2bn(dhp_1024, sizeof (dhp_1024), NULL); >+ dhg_bn = BN_bin2bn(dhg_1024, sizeof (dhg_1024), NULL); >+ if (!DH_set0_pqg(dh, dhp_bn, NULL, dhg_bn)) { >+ DH_free(dh); >+ BN_free(dhp_bn); >+ BN_free(dhg_bn); >+ return(NULL); > } > return(dh); > } >diff --git a/cherokee/cryptor_libssl_dh_2048.c b/cherokee/cryptor_libssl_dh_2048.c >index 392361ec..dbb481aa 100644 >--- a/cherokee/cryptor_libssl_dh_2048.c >+++ b/cherokee/cryptor_libssl_dh_2048.c >@@ -2,9 +2,10 @@ > #ifndef HEADER_DH_H > #include <openssl/dh.h> > #endif >+ > static DH *get_dh2048() > { >- static unsigned char dh2048_p[]={ >+ static unsigned char dhp_2048[]={ > 0xC8,0xF1,0xD4,0x48,0xB6,0x11,0x5B,0x2B,0x9E,0x3D,0xE4,0x49, > 0x0A,0xC4,0x8A,0x0B,0xFF,0xAC,0x09,0x4F,0x88,0x91,0x08,0xB8, > 0x7D,0x71,0xB7,0x7D,0x87,0x44,0x09,0x70,0x15,0xFF,0x0C,0xAF, >@@ -28,16 +29,20 @@ static DH *get_dh2048() > 0x7C,0x83,0xB9,0x40,0x7A,0x2E,0xA4,0x1D,0x85,0x68,0x69,0x66, > 0xF8,0xAA,0x70,0x6B, > }; >- static unsigned char dh2048_g[]={ >+ static unsigned char dhg_2048[]={ > 0x02, > }; > DH *dh; >+ BIGNUM *dhp_bn, *dhg_bn; > > if ((dh=DH_new()) == NULL) return(NULL); >- dh->p=BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL); >- dh->g=BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL); >- if ((dh->p == NULL) || (dh->g == NULL)) { >- DH_free(dh); return(NULL); >+ dhp_bn = BN_bin2bn(dhp_2048, sizeof (dhp_2048), NULL); >+ dhg_bn = BN_bin2bn(dhg_2048, sizeof (dhg_2048), NULL); >+ if (!DH_set0_pqg(dh, dhp_bn, NULL, dhg_bn)) { >+ DH_free(dh); >+ BN_free(dhp_bn); >+ BN_free(dhg_bn); >+ return(NULL); > } > return(dh); > } >diff --git a/cherokee/cryptor_libssl_dh_4096.c b/cherokee/cryptor_libssl_dh_4096.c >index 94845775..aeaf3abc 100644 >--- a/cherokee/cryptor_libssl_dh_4096.c >+++ b/cherokee/cryptor_libssl_dh_4096.c >@@ -2,9 +2,10 @@ > #ifndef HEADER_DH_H > #include <openssl/dh.h> > #endif >+ > static DH *get_dh4096() > { >- static unsigned char dh4096_p[]={ >+ static unsigned char dhp_4096[]={ > 0xD2,0xB2,0x5E,0x24,0x83,0x8E,0x04,0x17,0x39,0xAB,0x99,0x5A, > 0xAB,0x0C,0x15,0x3C,0x95,0xE0,0xE4,0x48,0x3F,0xE4,0x22,0x48, > 0xCA,0x19,0xCA,0xD0,0x9E,0xA7,0x09,0xD0,0x97,0x0F,0x31,0x49, >@@ -49,16 +50,20 @@ static DH *get_dh4096() > 0xE9,0xD3,0x8C,0x4A,0x7C,0x49,0x36,0x84,0xBF,0xD0,0xE0,0x45, > 0x2C,0x74,0xC9,0x6D,0x09,0xDE,0xA1,0x33, > }; >- static unsigned char dh4096_g[]={ >+ static unsigned char dhg_4096[]={ > 0x02, > }; > DH *dh; >+ BIGNUM *dhp_bn, *dhg_bn; > > if ((dh=DH_new()) == NULL) return(NULL); >- dh->p=BN_bin2bn(dh4096_p,sizeof(dh4096_p),NULL); >- dh->g=BN_bin2bn(dh4096_g,sizeof(dh4096_g),NULL); >- if ((dh->p == NULL) || (dh->g == NULL)) { >- DH_free(dh); return(NULL); >+ dhp_bn = BN_bin2bn(dhp_4096, sizeof (dhp_4096), NULL); >+ dhg_bn = BN_bin2bn(dhg_4096, sizeof (dhg_4096), NULL); >+ if (!DH_set0_pqg(dh, dhp_bn, NULL, dhg_bn)) { >+ DH_free(dh); >+ BN_free(dhp_bn); >+ BN_free(dhg_bn); >+ return(NULL); > } > return(dh); > } >diff --git a/cherokee/cryptor_libssl_dh_512.c b/cherokee/cryptor_libssl_dh_512.c >index bc1d8778..ed776636 100644 >--- a/cherokee/cryptor_libssl_dh_512.c >+++ b/cherokee/cryptor_libssl_dh_512.c >@@ -2,9 +2,10 @@ > #ifndef HEADER_DH_H > #include <openssl/dh.h> > #endif >+ > static DH *get_dh512() > { >- static unsigned char dh512_p[]={ >+ static unsigned char dhp_512[]={ > 0xED,0x78,0x7E,0x95,0xB9,0x05,0xD5,0x00,0x38,0xC6,0x6B,0x49, > 0x78,0x22,0x78,0x43,0x8D,0xCC,0xF9,0x83,0x18,0xBB,0x6E,0xFE, > 0xCD,0x90,0xC3,0x84,0xA8,0x5C,0x04,0x84,0xEB,0x85,0x1D,0x5B, >@@ -12,16 +13,20 @@ static DH *get_dh512() > 0xA5,0xA7,0x10,0x7D,0x43,0x1B,0x6F,0xAD,0xA8,0xA1,0xB0,0xD3, > 0xD9,0x23,0xD1,0x83, > }; >- static unsigned char dh512_g[]={ >+ static unsigned char dhg_512[]={ > 0x02, > }; > DH *dh; >+ BIGNUM *dhp_bn, *dhg_bn; > > if ((dh=DH_new()) == NULL) return(NULL); >- dh->p=BN_bin2bn(dh512_p,sizeof(dh512_p),NULL); >- dh->g=BN_bin2bn(dh512_g,sizeof(dh512_g),NULL); >- if ((dh->p == NULL) || (dh->g == NULL)) { >- DH_free(dh); return(NULL); >+ dhp_bn = BN_bin2bn(dhp_512, sizeof (dhp_512), NULL); >+ dhg_bn = BN_bin2bn(dhg_512, sizeof (dhg_512), NULL); >+ if (!DH_set0_pqg(dh, dhp_bn, NULL, dhg_bn)) { >+ DH_free(dh); >+ BN_free(dhp_bn); >+ BN_free(dhg_bn); >+ return(NULL); > } > return(dh); > }
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=592124">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 674246
:
559314
|
559316
|
559318
|
559320
|
559322
|
559324
|
559328
| 592124 |
592126
