[OpenWrt-Devel] [RFC PATCH ustream-ssl] openssl: support OpenSSL 1.1.x API

Jo-Philipp Wich jo at mein.io
Sun May 20 16:26:33 EDT 2018 

This commit changes ustream-ssl to support OpenSSL 1.1x as backend.

OpenSSL 1.1.x made the BIO and BIO_METHOD structures opaque and
introduced new getter/setter APIs to deal with them, therfore define
forward-compat stubs for older OpenSSL versions and change the code in
ustream-io-openssl.c to only use the new API.

The new OpenSSL version also deprecated the use of TLSv1_2_server_method()
in favor to versionless method names, therefor use TLS_server_method() for
version 1.1.0 and later.

Finally, even the library initialization is not compatible anymore as
version 1.1.0 deprecated SSL_library_init() and SSL_load_error_string() in
favor to calling OPENSSL_init_ssl() instead, so adjust the ustream
initalization to use either variant, depending on the OpenSSL version.

Signed-off-by: Jo-Philipp Wich <jo at mein.io>
---
 ustream-io-openssl.c | 73 +++++++++++++++++++++++++++++++++++-----------------
 ustream-openssl.c    | 10 +++++--
 2 files changed, 58 insertions(+), 25 deletions(-)

diff --git a/ustream-io-openssl.c b/ustream-io-openssl.c
index 6711055..0e45e5f 100644
--- a/ustream-io-openssl.c
+++ b/ustream-io-openssl.c
@@ -23,13 +23,37 @@
 #include "ustream-ssl.h"
 #include "ustream-internal.h"
 
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+# define BIO_get_data(b) (b->ptr)
+# define BIO_set_init(b, v) (b->init = v)
+# define BIO_set_data(b, v) (b->ptr = v)
+# define BIO_meth_set_write(m, f) (m->bwrite = f)
+# define BIO_meth_set_read(m, f) (m->bread = f)
+# define BIO_meth_set_puts(m, f) (m->bputs = f)
+# define BIO_meth_set_gets(m, f) (m->bgets = f)
+# define BIO_meth_set_ctrl(m, f) (m->ctrl = f)
+# define BIO_meth_set_create(m, f) (m->create = f)
+# define BIO_meth_set_destroy(m, f) (m->destroy = f)
+
+static BIO_METHOD *BIO_meth_new(int type, const char *name)
+{
+	BIO_METHOD *bm;
+
+	bm = calloc(1, sizeof(*bm));
+
+	if (bm) {
+		bm->type = type;
+		bm->name = name;
+	}
+
+	return bm;
+}
+#endif
+
 static int
 s_ustream_new(BIO *b)
 {
-	b->init = 1;
-	b->num = 0;
-	b->ptr = NULL;
-	b->flags = 0;
+	BIO_set_init(b, 1);
 	return 1;
 }
 
@@ -39,9 +63,8 @@ s_ustream_free(BIO *b)
 	if (!b)
 		return 0;
 
-	b->ptr = NULL;
-	b->init = 0;
-	b->flags = 0;
+	BIO_set_init(b, 0);
+	BIO_set_data(b, NULL);
 	return 1;
 }
 
@@ -55,7 +78,7 @@ s_ustream_read(BIO *b, char *buf, int len)
 	if (!buf || len <= 0)
 		return 0;
 
-	s = (struct ustream *)b->ptr;
+	s = (struct ustream *)BIO_get_data(b);
 	if (!s)
 		return 0;
 
@@ -84,7 +107,7 @@ s_ustream_write(BIO *b, const char *buf, int len)
 	if (!buf || len <= 0)
 		return 0;
 
-	s = (struct ustream *)b->ptr;
+	s = (struct ustream *)BIO_get_data(b);
 	if (!s)
 		return 0;
 
@@ -116,25 +139,29 @@ static long s_ustream_ctrl(BIO *b, int cmd, long num, void *ptr)
 	};
 }
 
-static BIO_METHOD methods_ustream = {
-	100 | BIO_TYPE_SOURCE_SINK,
-	"ustream",
-	s_ustream_write,
-	s_ustream_read,
-	s_ustream_puts,
-	s_ustream_gets,
-	s_ustream_ctrl,
-	s_ustream_new,
-	s_ustream_free,
-	NULL,
-};
+static BIO_METHOD *methods_ustream;
 
 static BIO *ustream_bio_new(struct ustream *s)
 {
 	BIO *bio;
 
-	bio = BIO_new(&methods_ustream);
-	bio->ptr = s;
+	if (!methods_ustream) {
+		methods_ustream = BIO_meth_new(100 | BIO_TYPE_SOURCE_SINK, "ustream");
+
+		if (!methods_ustream)
+			return NULL;
+
+		BIO_meth_set_write(methods_ustream, s_ustream_write);
+		BIO_meth_set_read(methods_ustream, s_ustream_read);
+		BIO_meth_set_puts(methods_ustream, s_ustream_puts);
+		BIO_meth_set_gets(methods_ustream, s_ustream_gets);
+		BIO_meth_set_ctrl(methods_ustream, s_ustream_ctrl);
+		BIO_meth_set_create(methods_ustream, s_ustream_new);
+		BIO_meth_set_destroy(methods_ustream, s_ustream_free);
+	}
+
+	bio = BIO_new(methods_ustream);
+	BIO_set_data(bio, s);
 	return bio;
 }
 
diff --git a/ustream-openssl.c b/ustream-openssl.c
index eb03dab..6ea6429 100644
--- a/ustream-openssl.c
+++ b/ustream-openssl.c
@@ -30,16 +30,22 @@ __ustream_ssl_context_new(bool server)
 	SSL_CTX *c;
 
 	if (!_init) {
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
 		SSL_load_error_strings();
 		SSL_library_init();
+#else
+		OPENSSL_init_ssl(0, NULL);
+#endif
 		_init = true;
 	}
 
 	if (server)
-#ifdef CYASSL_OPENSSL_H_
+#if defined(CYASSL_OPENSSL_H_)
 		m = SSLv23_server_method();
-#else
+#elif OPENSSL_VERSION_NUMBER < 0x10100000L
 		m = TLSv1_2_server_method();
+#else
+		m = TLS_server_method();
 #endif
 	else
 		m = SSLv23_client_method();
-- 
2.11.0


_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
http://lists.infradead.org/mailman/listinfo/openwrt-devel

More information about the openwrt-devel mailing list