|
0 |
From 3d09f86171e455c8ee8b64a5b33f1f28022b7f2d Mon Sep 17 00:00:00 2001
|
|
1 |
From: =?UTF-8?q?Pawe=C5=82=20Chmielowski?= <pchmielowski@process-one.net>
|
|
2 |
Date: Mon, 27 Jun 2016 12:55:23 +0200
|
|
3 |
Subject: [PATCH] Make compatible with openssl 1.1.0
|
|
4 |
|
|
5 |
This fixes issue #6
|
|
6 |
---
|
|
7 |
c_src/fast_tls_drv.c | 62 ++++++++++++++++++++++++++++++++++------------------
|
|
8 |
configure | 10 +++++++++
|
|
9 |
configure.ac | 5 +++++
|
|
10 |
3 files changed, 56 insertions(+), 21 deletions(-)
|
|
11 |
|
|
12 |
diff --git a/c_src/fast_tls_drv.c b/c_src/fast_tls_drv.c
|
|
13 |
index 11cd956..976485e 100644
|
|
14 |
--- a/c_src/fast_tls_drv.c
|
|
15 |
+++ b/c_src/fast_tls_drv.c
|
|
16 |
@@ -20,11 +20,16 @@
|
|
17 |
#include <erl_driver.h>
|
|
18 |
#include <openssl/err.h>
|
|
19 |
#include <openssl/ssl.h>
|
|
20 |
+#include <openssl/opensslv.h>
|
|
21 |
#include <sys/types.h>
|
|
22 |
#include <sys/stat.h>
|
|
23 |
#include <stdint.h>
|
|
24 |
#include "options.h"
|
|
25 |
|
|
26 |
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
|
27 |
+#define DH_set0_pqg(dh, dh_p, NULL, dh_g) (dh)->p = dh_p; (dh)->g = dh_g
|
|
28 |
+#endif
|
|
29 |
+
|
|
30 |
#define BUF_SIZE 1024
|
|
31 |
|
|
32 |
typedef struct {
|
|
33 |
@@ -103,7 +108,7 @@ ErlDrvBinary *ftls_realloc_binary(ErlDrvBinary *bin, ErlDrvSizeT size) {
|
|
34 |
/**
|
|
35 |
* Prepare the SSL options flag.
|
|
36 |
**/
|
|
37 |
-static int set_option_flag(const char *opt, long *flag)
|
|
38 |
+static int set_option_flag(const char *opt, unsigned long *flag)
|
|
39 |
{
|
|
40 |
ssl_option_t *p;
|
|
41 |
for (p = ssl_options; p->name; p++) {
|
|
42 |
@@ -450,12 +455,16 @@ static int setup_dh(SSL_CTX *ctx, char *dh_file)
|
|
43 |
return 0;
|
|
44 |
}
|
|
45 |
|
|
46 |
- dh->p = BN_bin2bn(dh1024_p, sizeof(dh1024_p), NULL);
|
|
47 |
- dh->g = BN_bin2bn(dh1024_g, sizeof(dh1024_g), NULL);
|
|
48 |
- if (dh->p == NULL || dh->g == NULL) {
|
|
49 |
- DH_free(dh);
|
|
50 |
- return 0;
|
|
51 |
- }
|
|
52 |
+ BIGNUM *dh_p = BN_bin2bn(dh1024_p, sizeof(dh1024_p), NULL);
|
|
53 |
+ BIGNUM *dh_g = BN_bin2bn(dh1024_g, sizeof(dh1024_g), NULL);
|
|
54 |
+ if (dh_p == NULL || dh_g == NULL) {
|
|
55 |
+ BN_free(dh_p);
|
|
56 |
+ BN_free(dh_g);
|
|
57 |
+ DH_free(dh);
|
|
58 |
+ return 0;
|
|
59 |
+ }
|
|
60 |
+
|
|
61 |
+ DH_set0_pqg(dh, dh_p, NULL, dh_g);
|
|
62 |
}
|
|
63 |
|
|
64 |
SSL_CTX_set_options(ctx, SSL_OP_SINGLE_DH_USE);
|
|
65 |
@@ -468,17 +477,14 @@ static int setup_dh(SSL_CTX *ctx, char *dh_file)
|
|
66 |
|
|
67 |
static void ssl_info_callback(const SSL *s, int where, int ret)
|
|
68 |
{
|
|
69 |
- if (where == SSL_CB_ACCEPT_LOOP) {
|
|
70 |
- int state = SSL_get_state(s);
|
|
71 |
- if (state == SSL3_ST_SR_CLNT_HELLO_A ||
|
|
72 |
- state == SSL23_ST_SR_CLNT_HELLO_A) {
|
|
73 |
- tls_data *d = (tls_data *)SSL_get_ex_data(s, ssl_index);
|
|
74 |
- d->handshakes++;
|
|
75 |
- }
|
|
76 |
+ tls_data *d = (tls_data *)SSL_get_ex_data(s, ssl_index);
|
|
77 |
+ if ((where & SSL_CB_HANDSHAKE_START) && d->handshakes) {
|
|
78 |
+ d->handshakes++;
|
|
79 |
+ } else if ((where & SSL_CB_HANDSHAKE_DONE) && !d->handshakes) {
|
|
80 |
+ d->handshakes++;
|
|
81 |
}
|
|
82 |
}
|
|
83 |
|
|
84 |
-
|
|
85 |
#define SET_CERTIFICATE_FILE_ACCEPT 1
|
|
86 |
#define SET_CERTIFICATE_FILE_CONNECT 2
|
|
87 |
#define SET_ENCRYPTED_INPUT 3
|
|
88 |
@@ -591,7 +597,7 @@ static ErlDrvSSizeT tls_drv_control(ErlDrvData handle,
|
|
89 |
protocol_options_len +
|
|
90 |
dh_file_len +
|
|
91 |
ca_file_len + 1);
|
|
92 |
- long options = 0L;
|
|
93 |
+ unsigned long options = 0L;
|
|
94 |
|
|
95 |
if (protocol_options_len != 0) {
|
|
96 |
char *po = strdup(protocol_options), delim[] = "|";
|
|
97 |
@@ -801,9 +807,9 @@ static ErlDrvSSizeT tls_drv_control(ErlDrvData handle,
|
|
98 |
|
|
99 |
if (len == 4)
|
|
100 |
{
|
|
101 |
- unsigned char *b = (unsigned char *)buf;
|
|
102 |
+ unsigned char *b2 = (unsigned char *)buf;
|
|
103 |
req_size =
|
|
104 |
- (b[0] << 24) | (b[1] << 16) | (b[2] << 8) | b[3];
|
|
105 |
+ (b2[0] << 24) | (b2[1] << 16) | (b2[2] << 8) | b2[3];
|
|
106 |
}
|
|
107 |
size = BUF_SIZE + 1;
|
|
108 |
rlen = 1;
|
|
109 |
@@ -925,15 +931,29 @@ ErlDrvEntry tls_driver_entry = {
|
|
110 |
NULL, /* process_exit */
|
|
111 |
NULL /* stop_select */
|
|
112 |
};
|
|
113 |
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
|
114 |
+#define our_alloc driver_alloc
|
|
115 |
+#define our_realloc driver_realloc
|
|
116 |
+#define our_free driver_free
|
|
117 |
+#else
|
|
118 |
+static void *our_alloc(size_t size, const char *file, int line) {
|
|
119 |
+ return driver_alloc(size);
|
|
120 |
+}
|
|
121 |
+static void * our_realloc(void *ptr, size_t size, const char *file, int line) {
|
|
122 |
+ return driver_realloc(ptr, size);
|
|
123 |
+}
|
|
124 |
+
|
|
125 |
+static void our_free(void *ptr, const char *file, int line) {
|
|
126 |
+ driver_free(ptr);
|
|
127 |
+}
|
|
128 |
+#endif
|
|
129 |
|
|
130 |
DRIVER_INIT(fast_tls_drv) /* must match name in driver_entry */
|
|
131 |
{
|
|
132 |
- CRYPTO_set_mem_functions(driver_alloc, driver_realloc, driver_free);
|
|
133 |
+ CRYPTO_set_mem_functions(our_alloc, our_realloc, our_free);
|
|
134 |
OpenSSL_add_ssl_algorithms();
|
|
135 |
SSL_load_error_strings();
|
|
136 |
init_hash_table();
|
|
137 |
ssl_index = SSL_get_ex_new_index(0, "ssl index", NULL, NULL, NULL);
|
|
138 |
return &tls_driver_entry;
|
|
139 |
}
|
|
140 |
-
|
|
141 |
-
|
|
142 |
diff --git a/configure b/configure
|
|
143 |
index 0540a78..ca463fe 100755
|
|
144 |
--- a/configure
|
|
145 |
+++ b/configure
|
|
146 |
@@ -3838,6 +3838,12 @@ if test "x$ac_cv_header_openssl_sha_h" = xyes; then :
|
|
147 |
fi
|
|
148 |
|
|
149 |
|
|
150 |
+ac_fn_c_check_header_mongrel "$LINENO" "openssl/opensslv.h" "ac_cv_header_openssl_opensslv_h" "$ac_includes_default"
|
|
151 |
+if test "x$ac_cv_header_openssl_opensslv_h" = xyes; then :
|
|
152 |
+ OPENSSLV_HEADER=yes
|
|
153 |
+fi
|
|
154 |
+
|
|
155 |
+
|
|
156 |
|
|
157 |
if test "x$SSL_LIB" = "x"; then
|
|
158 |
as_fn_error $? "OpenSSL 'ssl' library was not found" "$LINENO" 5
|
|
159 |
@@ -3859,6 +3865,10 @@ if test "x$SHA_HEADER" = "x"; then
|
|
160 |
as_fn_error $? "OpenSSL header file \"openssl/sha.h\" was not found" "$LINENO" 5
|
|
161 |
fi
|
|
162 |
|
|
163 |
+if test "x$OPENSSLV_HEADER" = "x"; then
|
|
164 |
+ as_fn_error $? "OpenSSL header file \"openssl/opensslv.h\" was not found" "$LINENO" 5
|
|
165 |
+fi
|
|
166 |
+
|
|
167 |
# Check whether --enable-gcov was given.
|
|
168 |
if test "${enable_gcov+set}" = set; then :
|
|
169 |
enableval=$enable_gcov; case "${enableval}" in
|
|
170 |
diff --git a/configure.ac b/configure.ac
|
|
171 |
index 56f36f9..62b6edf 100644
|
|
172 |
--- a/configure.ac
|
|
173 |
+++ b/configure.ac
|
|
174 |
@@ -33,6 +33,7 @@ AC_CHECK_LIB(crypto, SHA1_Init, [CRYPTO_LIB=yes], [], [])
|
|
175 |
AC_CHECK_HEADER(openssl/ssl.h, [SSL_HEADER=yes], [], [])
|
|
176 |
AC_CHECK_HEADER(openssl/err.h, [ERR_HEADER=yes], [], [])
|
|
177 |
AC_CHECK_HEADER(openssl/sha.h, [SHA_HEADER=yes], [], [])
|
|
178 |
+AC_CHECK_HEADER(openssl/opensslv.h, [OPENSSLV_HEADER=yes], [], [])
|
|
179 |
|
|
180 |
if test "x$SSL_LIB" = "x"; then
|
|
181 |
AC_MSG_ERROR([OpenSSL 'ssl' library was not found])
|
|
182 |
@@ -54,6 +55,10 @@ if test "x$SHA_HEADER" = "x"; then
|
|
183 |
AC_MSG_ERROR([OpenSSL header file "openssl/sha.h" was not found])
|
|
184 |
fi
|
|
185 |
|
|
186 |
+if test "x$OPENSSLV_HEADER" = "x"; then
|
|
187 |
+ AC_MSG_ERROR([OpenSSL header file "openssl/opensslv.h" was not found])
|
|
188 |
+fi
|
|
189 |
+
|
|
190 |
AC_ARG_ENABLE(gcov,
|
|
191 |
[AC_HELP_STRING([--enable-gcov], [compile with gcov enabled (default: no)])],
|
|
192 |
[case "${enableval}" in
|
|
193 |
diff --git a/c_src/fast_tls_drv.c b/c_src/fast_tls_drv.c
|
|
194 |
index 976485e..8183957 100644
|
|
195 |
--- a/c_src/fast_tls_drv.c
|
|
196 |
+++ b/c_src/fast_tls_drv.c
|
|
197 |
@@ -346,6 +346,9 @@ static void tls_drv_finish()
|
|
198 |
}
|
|
199 |
|
|
200 |
driver_free(ht.buckets);
|
|
201 |
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
|
|
202 |
+ OPENSSL_cleanup();
|
|
203 |
+#endif
|
|
204 |
}
|
|
205 |
|
|
206 |
static int is_modified(char *file, time_t *known_mtime)
|