Fix build with OpenSSL 1.1.x

Obtained from: https://chromium-review.googlesource.com/c/chromiumos/third_party/tlsdate/+/549533
author: Sunpoet Po-Chuan Hsieh <sunpoet@FreeBSD.org> 2018-10-16 20:03:54 +0000
committer: Sunpoet Po-Chuan Hsieh <sunpoet@FreeBSD.org> 2018-10-16 20:03:54 +0000
commit: 4f095dd966a10beee7077e0ea558b38839f87f62 (patch)
tree: a17fb1df741ede278078c24e6381ab4b9707568d /sysutils/tlsdate
parent: 28d0f6e68e0d6eb4b2f695cec047f58d169d33c7 (diff)
download: ports-4f095dd966a10beee7077e0ea558b38839f87f62.tar.gz
ports-4f095dd966a10beee7077e0ea558b38839f87f62.zip
4 files changed, 637 insertions, 2 deletions
diff --git a/sysutils/tlsdate/files/patch-src_openssl__compat.h b/sysutils/tlsdate/files/patch-src_openssl__compat.h
new file mode 100644
index 000000000000..3a38722c81ab
--- /dev/null
+++ b/sysutils/tlsdate/files/patch-src_openssl__compat.h
@@ -0,0 +1,36 @@
+Obtained from:	https://chromium-review.googlesource.com/c/chromiumos/third_party/tlsdate/+/549533
+
+--- src/openssl_compat.h.orig	2018-10-16 13:25:06 UTC
++++ src/openssl_compat.h
+@@ -0,0 +1,31 @@
++/*
++ * openssl_compat.h - OpenSSL 1.1 Compatability Layer
++ * Copyright 2017 The Chromium OS Authors. All rights reserved.
++ * Use of this source code is governed by a BSD-style license that can be
++ * found in the LICENSE file.
++ */
++#ifndef SRC_OPENSSL_COMPAT_H_
++#define SRC_OPENSSL_COMPAT_H_
++
++#include <openssl/bio.h>
++
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
++
++static inline void BIO_set_data(BIO *a, void *ptr)
++{
++  a->ptr = ptr;
++}
++
++static inline void *BIO_get_data(BIO *a)
++{
++  return a ? a->ptr : NULL;
++}
++
++static inline void BIO_set_init(BIO *a, int init)
++{
++  a->init = init;
++}
++
++#endif
++
++#endif /* SRC_OPENSSL_COMPAT_H_ */
diff --git a/sysutils/tlsdate/files/patch-src_proxy-bio.c b/sysutils/tlsdate/files/patch-src_proxy-bio.c
new file mode 100644
index 000000000000..a9a7419ebd8b
--- /dev/null
+++ b/sysutils/tlsdate/files/patch-src_proxy-bio.c
@@ -0,0 +1,332 @@
+Obtained from:	https://chromium-review.googlesource.com/c/chromiumos/third_party/tlsdate/+/549533
+
+--- src/proxy-bio.c.orig	2015-05-28 18:49:40 UTC
++++ src/proxy-bio.c
+@@ -35,6 +35,7 @@
+ #include "src/common/strnlen.h"
+ #endif
+ 
++#include "src/openssl_compat.h"
+ #include "src/proxy-bio.h"
+ 
+ int socks4a_connect (BIO *b);
+@@ -50,29 +51,29 @@ int proxy_new (BIO *b)
+   ctx->connect = NULL;
+   ctx->host = NULL;
+   ctx->port = 0;
+-  b->init = 1;
+-  b->flags = 0;
+-  b->ptr = ctx;
++  BIO_set_init(b, 1);
++  BIO_clear_flags(b, ~0);
++  BIO_set_data(b, ctx);
+   return 1;
+ }
+ 
+ int proxy_free (BIO *b)
+ {
+   struct proxy_ctx *c;
+-  if (!b || !b->ptr)
++  if (!b || !BIO_get_data(b))
+     return 1;
+-  c = (struct proxy_ctx *) b->ptr;
++  c = (struct proxy_ctx *) BIO_get_data(b);
+   if (c->host)
+     free (c->host);
+   c->host = NULL;
+-  b->ptr = NULL;
++  BIO_set_data(b, NULL);
+   free (c);
+   return 1;
+ }
+ 
+ int socks4a_connect (BIO *b)
+ {
+-  struct proxy_ctx *ctx = (struct proxy_ctx *) b->ptr;
++  struct proxy_ctx *ctx = (struct proxy_ctx *) BIO_get_data(b);
+   int r;
+   unsigned char buf[NI_MAXHOST + 16];
+   uint16_t port_n = htons (ctx->port);
+@@ -102,13 +103,13 @@ int socks4a_connect (BIO *b)
+ 
+   memcpy (buf + sz, ctx->host, strlen (ctx->host) + 1);
+   sz += strlen (ctx->host) + 1;
+-  r = BIO_write (b->next_bio, buf, sz);
++  r = BIO_write (BIO_next(b), buf, sz);
+   if ( -1 == r )
+     return -1;
+   if ( (size_t) r != sz)
+     return 0;
+   /* server reply: 1 + 1 + 2 + 4 */
+-  r = BIO_read (b->next_bio, buf, 8);
++  r = BIO_read (BIO_next(b), buf, 8);
+   if ( -1 == r )
+     return -1;
+   if ( (size_t) r != 8)
+@@ -126,7 +127,7 @@ int socks5_connect (BIO *b)
+ {
+   unsigned char buf[NI_MAXHOST + 16];
+   int r;
+-  struct proxy_ctx *ctx = (struct proxy_ctx *) b->ptr;
++  struct proxy_ctx *ctx = (struct proxy_ctx *) BIO_get_data(b);
+   uint16_t port_n = htons (ctx->port);
+   size_t sz = 0;
+   /* the length for SOCKS addresses is only one byte. */
+@@ -145,10 +146,10 @@ int socks5_connect (BIO *b)
+   buf[0] = 0x05;
+   buf[1] = 0x01;
+   buf[2] = 0x00;
+-  r = BIO_write (b->next_bio, buf, 3);
++  r = BIO_write (BIO_next(b), buf, 3);
+   if (r != 3)
+     return 0;
+-  r = BIO_read (b->next_bio, buf, 2);
++  r = BIO_read (BIO_next(b), buf, 2);
+   if (r != 2)
+     return 0;
+   if (buf[0] != 0x05 || buf[1] != 0x00)
+@@ -175,7 +176,7 @@ int socks5_connect (BIO *b)
+   sz += strlen (ctx->host);
+   memcpy (buf + sz, &port_n, sizeof (port_n));
+   sz += sizeof (port_n);
+-  r = BIO_write (b->next_bio, buf, sz);
++  r = BIO_write (BIO_next(b), buf, sz);
+   if ( -1 == r )
+     return -1;
+   if ( (size_t) r != sz)
+@@ -190,7 +191,7 @@ int socks5_connect (BIO *b)
+    * 2b: port, network byte order
+    */
+   /* grab up through the addr type */
+-  r = BIO_read (b->next_bio, buf, 4);
++  r = BIO_read (BIO_next(b), buf, 4);
+   if ( -1 == r )
+     return -1;
+   if (r != 4)
+@@ -203,14 +204,14 @@ int socks5_connect (BIO *b)
+   if (buf[3] == 0x03)
+     {
+       unsigned int len;
+-      r = BIO_read (b->next_bio, buf + 4, 1);
++      r = BIO_read (BIO_next(b), buf + 4, 1);
+       if (r != 1)
+         return 0;
+       /* host (buf[4] bytes) + port (2 bytes) */
+       len = buf[4] + 2;
+       while (len)
+         {
+-          r = BIO_read (b->next_bio, buf + 5, min (len, sizeof (buf)));
++          r = BIO_read (BIO_next(b), buf + 5, min (len, sizeof (buf)));
+           if (r <= 0)
+             return 0;
+           len -= min (len, r);
+@@ -219,7 +220,7 @@ int socks5_connect (BIO *b)
+   else if (buf[3] == 0x01)
+     {
+       /* 4 bytes ipv4 addr, 2 bytes port */
+-      r = BIO_read (b->next_bio, buf + 4, 6);
++      r = BIO_read (BIO_next(b), buf + 4, 6);
+       if (r != 6)
+         return 0;
+     }
+@@ -248,30 +249,30 @@ int sock_gets (BIO *b, char *buf, size_t
+ int http_connect (BIO *b)
+ {
+   int r;
+-  struct proxy_ctx *ctx = (struct proxy_ctx *) b->ptr;
++  struct proxy_ctx *ctx = (struct proxy_ctx *) BIO_get_data(b);
+   char buf[4096];
+   int retcode;
+   snprintf (buf, sizeof (buf), "CONNECT %s:%d HTTP/1.1\r\n",
+             ctx->host, ctx->port);
+-  r = BIO_write (b->next_bio, buf, strlen (buf));
++  r = BIO_write (BIO_next(b), buf, strlen (buf));
+   if ( -1 == r )
+     return -1;
+   if ( (size_t) r != strlen(buf))
+     return 0;
+   /* required by RFC 2616 14.23 */
+   snprintf (buf, sizeof (buf), "Host: %s:%d\r\n", ctx->host, ctx->port);
+-  r = BIO_write (b->next_bio, buf, strlen (buf));
++  r = BIO_write (BIO_next(b), buf, strlen (buf));
+   if ( -1 == r )
+     return -1;
+   if ( (size_t) r != strlen(buf))
+     return 0;
+   strcpy (buf, "\r\n");
+-  r = BIO_write (b->next_bio, buf, strlen (buf));
++  r = BIO_write (BIO_next(b), buf, strlen (buf));
+   if ( -1 == r )
+     return -1;
+   if ( (size_t) r != strlen(buf))
+     return 0;
+-  r = sock_gets (b->next_bio, buf, sizeof (buf));
++  r = sock_gets (BIO_next(b), buf, sizeof (buf));
+   if (r)
+     return 0;
+   /* use %*s to ignore the version */
+@@ -279,7 +280,7 @@ int http_connect (BIO *b)
+     return 0;
+   if (retcode < 200 || retcode > 299)
+     return 0;
+-  while (! (r = sock_gets (b->next_bio, buf, sizeof (buf))))
++  while (! (r = sock_gets (BIO_next(b), buf, sizeof (buf))))
+     {
+       if (!strcmp (buf, "\r\n"))
+         {
+@@ -294,12 +295,12 @@ int http_connect (BIO *b)
+ int proxy_write (BIO *b, const char *buf, int sz)
+ {
+   int r;
+-  struct proxy_ctx *ctx = (struct proxy_ctx *) b->ptr;
++  struct proxy_ctx *ctx = (struct proxy_ctx *) BIO_get_data(b);
+ 
+   assert (buf);
+   if (sz <= 0)
+     return 0;
+-  if (!b->next_bio)
++  if (!BIO_next(b))
+     return 0;
+   if (!ctx->connected)
+     {
+@@ -307,7 +308,7 @@ int proxy_write (BIO *b, const char *buf
+       if (!ctx->connect (b))
+         return 0;
+     }
+-  r = BIO_write (b->next_bio, buf, sz);
++  r = BIO_write (BIO_next(b), buf, sz);
+   BIO_clear_retry_flags (b);
+   BIO_copy_next_retry (b);
+   return r;
+@@ -316,10 +317,10 @@ int proxy_write (BIO *b, const char *buf
+ int proxy_read (BIO *b, char *buf, int sz)
+ {
+   int r;
+-  struct proxy_ctx *ctx = (struct proxy_ctx *) b->ptr;
++  struct proxy_ctx *ctx = (struct proxy_ctx *) BIO_get_data(b);
+ 
+   assert (buf);
+-  if (!b->next_bio)
++  if (!BIO_next(b))
+     return 0;
+   if (!ctx->connected)
+     {
+@@ -327,7 +328,7 @@ int proxy_read (BIO *b, char *buf, int s
+       if (!ctx->connect (b))
+         return 0;
+     }
+-  r = BIO_read (b->next_bio, buf, sz);
++  r = BIO_read (BIO_next(b), buf, sz);
+   BIO_clear_retry_flags (b);
+   BIO_copy_next_retry (b);
+   return r;
+@@ -337,43 +338,45 @@ long proxy_ctrl (BIO *b, int cmd, long n
+ {
+   long ret;
+   struct proxy_ctx *ctx;
+-  if (!b->next_bio)
++  if (!BIO_next(b))
+     return 0;
+-  ctx = (struct proxy_ctx *) b->ptr;
++  ctx = (struct proxy_ctx *) BIO_get_data(b);
+   assert (ctx);
+   switch (cmd)
+     {
+     case BIO_C_DO_STATE_MACHINE:
+       BIO_clear_retry_flags (b);
+-      ret = BIO_ctrl (b->next_bio, cmd, num, ptr);
++      ret = BIO_ctrl (BIO_next(b), cmd, num, ptr);
+       BIO_copy_next_retry (b);
+       break;
+     case BIO_CTRL_DUP:
+       ret = 0;
+       break;
+     default:
+-      ret = BIO_ctrl (b->next_bio, cmd, num, ptr);
++      ret = BIO_ctrl (BIO_next(b), cmd, num, ptr);
+     }
+   return ret;
+ }
+ 
+ int proxy_gets (BIO *b, char *buf, int size)
+ {
+-  return BIO_gets (b->next_bio, buf, size);
++  return BIO_gets (BIO_next(b), buf, size);
+ }
+ 
+ int proxy_puts (BIO *b, const char *str)
+ {
+-  return BIO_puts (b->next_bio, str);
++  return BIO_puts (BIO_next(b), str);
+ }
+ 
+ long proxy_callback_ctrl (BIO *b, int cmd, bio_info_cb *fp)
+ {
+-  if (!b->next_bio)
++  if (!BIO_next(b))
+     return 0;
+-  return BIO_callback_ctrl (b->next_bio, cmd, fp);
++  return BIO_callback_ctrl (BIO_next(b), cmd, fp);
+ }
+ 
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
++
+ BIO_METHOD proxy_methods =
+ {
+   BIO_TYPE_MEM,
+@@ -393,6 +396,29 @@ BIO_METHOD *BIO_f_proxy()
+   return &proxy_methods;
+ }
+ 
++#else
++
++static BIO_METHOD *proxy_methods;
++
++BIO_METHOD *BIO_f_proxy()
++{
++  if (!proxy_methods) {
++    proxy_methods = BIO_meth_new(BIO_TYPE_MEM, "proxy");
++    BIO_meth_set_write(proxy_methods, proxy_write);
++    BIO_meth_set_read(proxy_methods, proxy_read);
++    BIO_meth_set_puts(proxy_methods, proxy_puts);
++    BIO_meth_set_gets(proxy_methods, proxy_gets);
++    BIO_meth_set_ctrl(proxy_methods, proxy_ctrl);
++    BIO_meth_set_create(proxy_methods, proxy_new);
++    BIO_meth_set_destroy(proxy_methods, proxy_free);
++    BIO_meth_set_callback_ctrl(proxy_methods, proxy_callback_ctrl);
++  }
++
++  return proxy_methods;
++}
++
++#endif
++
+ /* API starts here */
+ 
+ BIO API *BIO_new_proxy()
+@@ -402,7 +428,7 @@ BIO API *BIO_new_proxy()
+ 
+ int API BIO_proxy_set_type (BIO *b, const char *type)
+ {
+-  struct proxy_ctx *ctx = (struct proxy_ctx *) b->ptr;
++  struct proxy_ctx *ctx = (struct proxy_ctx *) BIO_get_data(b);
+   if (!strcmp (type, "socks5"))
+     ctx->connect = socks5_connect;
+   else if (!strcmp (type, "socks4a"))
+@@ -416,7 +442,7 @@ int API BIO_proxy_set_type (BIO *b, cons
+ 
+ int API BIO_proxy_set_host (BIO *b, const char *host)
+ {
+-  struct proxy_ctx *ctx = (struct proxy_ctx *) b->ptr;
++  struct proxy_ctx *ctx = (struct proxy_ctx *) BIO_get_data(b);
+   if (strnlen (host, NI_MAXHOST) == NI_MAXHOST)
+     return 1;
+   ctx->host = strdup (host);
+@@ -425,6 +451,6 @@ int API BIO_proxy_set_host (BIO *b, cons
+ 
+ void API BIO_proxy_set_port (BIO *b, uint16_t port)
+ {
+-  struct proxy_ctx *ctx = (struct proxy_ctx *) b->ptr;
++  struct proxy_ctx *ctx = (struct proxy_ctx *) BIO_get_data(b);
+   ctx->port = port;
+ }
diff --git a/sysutils/tlsdate/files/patch-src_test-bio.c b/sysutils/tlsdate/files/patch-src_test-bio.c
new file mode 100644
index 000000000000..545c3ca8d072
--- /dev/null
+++ b/sysutils/tlsdate/files/patch-src_test-bio.c
@@ -0,0 +1,81 @@
+Obtained from:	https://chromium-review.googlesource.com/c/chromiumos/third_party/tlsdate/+/549533
+
+--- src/test-bio.c.orig	2015-05-28 18:49:40 UTC
++++ src/test-bio.c
+@@ -15,6 +15,7 @@
+ #include <assert.h>
+ #include <string.h>
+ 
++#include "src/openssl_compat.h"
+ #include "src/test-bio.h"
+ #include "src/util.h"
+ 
+@@ -34,7 +35,7 @@ struct test_ctx
+ 
+ static struct test_ctx *bio_ctx (BIO *b)
+ {
+-  struct test_ctx *ctx = b->ptr;
++  struct test_ctx *ctx = BIO_get_data(b);
+   assert (ctx->magic == kMagic);
+   return ctx;
+ }
+@@ -70,16 +71,16 @@ int test_new (BIO *b)
+   ctx->insz = 0;
+   ctx->out = NULL;
+   ctx->outsz = 0;
+-  b->init = 1;
+-  b->flags = 0;
+-  b->ptr = ctx;
++  BIO_set_init(b, 1);
++  BIO_clear_flags(b, ~0);
++  BIO_set_data(b, ctx);
+   return 1;
+ }
+ 
+ int test_free (BIO *b)
+ {
+   struct test_ctx *ctx;
+-  if (!b || !b->ptr)
++  if (!b || !BIO_get_data(b))
+     return 1;
+   ctx = bio_ctx (b);
+   free (ctx->in);
+@@ -114,6 +115,8 @@ long test_callback_ctrl (BIO *b, int cmd
+   return 0;
+ }
+ 
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
++
+ BIO_METHOD test_methods =
+ {
+   BIO_TYPE_SOCKET,
+@@ -133,6 +136,29 @@ BIO_METHOD *BIO_s_test()
+   return &test_methods;
+ }
+ 
++#else
++
++static BIO_METHOD *test_methods;
++
++BIO_METHOD *BIO_s_test()
++{
++  if (!test_methods) {
++    test_methods = BIO_meth_new(BIO_TYPE_SOCKET, "test");
++    BIO_meth_set_write(test_methods, test_write);
++    BIO_meth_set_read(test_methods, test_read);
++    BIO_meth_set_puts(test_methods, NULL);
++    BIO_meth_set_gets(test_methods, NULL);
++    BIO_meth_set_ctrl(test_methods, test_ctrl);
++    BIO_meth_set_create(test_methods, test_new);
++    BIO_meth_set_destroy(test_methods, test_free);
++    BIO_meth_set_callback_ctrl(test_methods, test_callback_ctrl);
++  }
++
++  return test_methods;
++}
++
++#endif
++
+ BIO API *BIO_new_test()
+ {
+   return BIO_new (BIO_s_test());
diff --git a/sysutils/tlsdate/files/patch-src_tlsdate-helper.c b/sysutils/tlsdate/files/patch-src_tlsdate-helper.c
index 3d99857dc42e..7cebac427cc1 100644
--- a/sysutils/tlsdate/files/patch-src_tlsdate-helper.c
+++ b/sysutils/tlsdate/files/patch-src_tlsdate-helper.c
@@ -1,15 +1,201 @@
+Obtained from:	https://chromium-review.googlesource.com/c/chromiumos/third_party/tlsdate/+/549533
+
 --- src/tlsdate-helper.c.orig	2015-05-28 18:49:40 UTC
 +++ src/tlsdate-helper.c
-@@ -1133,10 +1133,12 @@ run_ssl (uint32_t *time_map, int time_is
+@@ -370,11 +370,29 @@ xfree (void *ptr)
+   free(ptr);
+ }
+ 
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
++size_t
++SSL_get_server_random(const SSL *ssl, unsigned char *out, size_t outlen)
++{
++  size_t ret = min(outlen, sizeof(uint32_t));
++  // Per https://www.openssl.org/docs/man1.1.0/ssl/SSL_get_server_random.html
++  // If outlen is 0, return the maximum number of bytes that would be copied.
++  if (!outlen)
++    return sizeof(uint32_t);
++  memcpy(out, ssl->s3->server_random, ret);
++  return ret;
++}
++#endif
++
+ void
+ openssl_time_callback (const SSL* ssl, int where, int ret)
+ {
+   if (where == SSL_CB_CONNECT_LOOP &&
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+       (ssl->state == SSL3_ST_CR_SRVR_HELLO_A || ssl->state == SSL3_ST_CR_SRVR_HELLO_B))
++#else
++      (SSL_get_state(ssl) == TLS_ST_CR_SRVR_HELLO))
++#endif
+   {
+     // XXX TODO: If we want to trust the remote system for time,
+     // can we just read that time out of the remote system and if the
+@@ -387,7 +405,7 @@ openssl_time_callback (const SSL* ssl, i
+     uint32_t max_reasonable_time = MAX_REASONABLE_TIME;
+     uint32_t server_time;
+     verb("V: freezing time for x509 verification");
+-    memcpy(&server_time, ssl->s3->server_random, sizeof(uint32_t));
++    SSL_get_server_random(ssl, (unsigned char *)&server_time, sizeof (uint32_t));
+     if (compiled_time < ntohl(server_time)
+         &&
+         ntohl(server_time) < max_reasonable_time)
+@@ -395,7 +413,7 @@ openssl_time_callback (const SSL* ssl, i
+       verb("V: remote peer provided: %d, preferred over compile time: %d",
+             ntohl(server_time), compiled_time);
+       verb("V: freezing time with X509_VERIFY_PARAM_set_time");
+-      X509_VERIFY_PARAM_set_time(ssl->ctx->cert_store->param,
++      X509_VERIFY_PARAM_set_time(SSL_get0_param((SSL *)ssl),
+                                  (time_t) ntohl(server_time) + 86400);
+     } else {
+       die("V: the remote server is a false ticker! server: %d compile: %d",
+@@ -404,6 +422,12 @@ openssl_time_callback (const SSL* ssl, i
+   }
+ }
+ 
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#define EVP_PKEY_BN_bits(p, k) BN_num_bits((p)->pkey.k)
++#else
++#define EVP_PKEY_BN_bits(p, k) EVP_PKEY_bits(p)
++#endif
++
+ uint32_t
+ get_certificate_keybits (EVP_PKEY *public_key)
+ {
+@@ -411,39 +435,39 @@ get_certificate_keybits (EVP_PKEY *publi
+     In theory, we could use check_bitlen_dsa() and check_bitlen_rsa()
+    */
+   uint32_t key_bits;
+-  switch (public_key->type)
++  switch (EVP_PKEY_id(public_key))
+   {
+     case EVP_PKEY_RSA:
+       verb("V: key type: EVP_PKEY_RSA");
+-      key_bits = BN_num_bits(public_key->pkey.rsa->n);
++      key_bits = EVP_PKEY_BN_bits(public_key, rsa->n);
+       break;
+     case EVP_PKEY_RSA2:
+       verb("V: key type: EVP_PKEY_RSA2");
+-      key_bits = BN_num_bits(public_key->pkey.rsa->n);
++      key_bits = EVP_PKEY_BN_bits(public_key, rsa->n);
+       break;
+     case EVP_PKEY_DSA:
+       verb("V: key type: EVP_PKEY_DSA");
+-      key_bits = BN_num_bits(public_key->pkey.dsa->p);
++      key_bits = EVP_PKEY_BN_bits(public_key, dsa->p);
+       break;
+     case EVP_PKEY_DSA1:
+       verb("V: key type: EVP_PKEY_DSA1");
+-      key_bits = BN_num_bits(public_key->pkey.dsa->p);
++      key_bits = EVP_PKEY_BN_bits(public_key, dsa->p);
+       break;
+     case EVP_PKEY_DSA2:
+       verb("V: key type: EVP_PKEY_DSA2");
+-      key_bits = BN_num_bits(public_key->pkey.dsa->p);
++      key_bits = EVP_PKEY_BN_bits(public_key, dsa->p);
+       break;
+     case EVP_PKEY_DSA3:
+       verb("V: key type: EVP_PKEY_DSA3");
+-      key_bits = BN_num_bits(public_key->pkey.dsa->p);
++      key_bits = EVP_PKEY_BN_bits(public_key, dsa->p);
+       break;
+     case EVP_PKEY_DSA4:
+       verb("V: key type: EVP_PKEY_DSA4");
+-      key_bits = BN_num_bits(public_key->pkey.dsa->p);
++      key_bits = EVP_PKEY_BN_bits(public_key, dsa->p);
+       break;
+     case EVP_PKEY_DH:
+       verb("V: key type: EVP_PKEY_DH");
+-      key_bits = BN_num_bits(public_key->pkey.dh->pub_key);
++      key_bits = EVP_PKEY_BN_bits(public_key, dh->pub_key);
+       break;
+     case EVP_PKEY_EC:
+       verb("V: key type: EVP_PKEY_EC");
+@@ -681,7 +705,9 @@ check_san (SSL *ssl, const char *hostnam
+ 
+         int j;
+         void *extvalstr;
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+         const unsigned char *tmp;
++#endif
+ 
+         STACK_OF(CONF_VALUE) *val;
+         CONF_VALUE *nval;
+@@ -695,6 +721,7 @@ check_san (SSL *ssl, const char *hostnam
+           break;
+         }
+ 
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+         tmp = ext->value->data;
+         if (method->it)
+         {
+@@ -703,7 +730,9 @@ check_san (SSL *ssl, const char *hostnam
+         } else {
+           extvalstr = method->d2i(NULL, &tmp, ext->value->length);
+         }
+-
++#else
++	extvalstr = X509V3_EXT_d2i(ext);
++#endif
+         if (!extvalstr)
+         {
+           break;
+@@ -886,11 +915,11 @@ check_key_length (SSL *ssl)
+   }
+ 
+   key_bits = get_certificate_keybits (public_key);
+-  if (MIN_PUB_KEY_LEN >= key_bits && public_key->type != EVP_PKEY_EC)
++  if (MIN_PUB_KEY_LEN >= key_bits && EVP_PKEY_id(public_key) != EVP_PKEY_EC)
+   {
+     die ("Unsafe public key size: %d bits", key_bits);
+   } else {
+-     if (public_key->type == EVP_PKEY_EC)
++     if (EVP_PKEY_id(public_key) == EVP_PKEY_EC)
+        if(key_bits >= MIN_ECC_PUB_KEY_LEN
+           && key_bits <= MAX_ECC_PUB_KEY_LEN)
+        {
+@@ -1129,20 +1158,34 @@ run_ssl (uint32_t *time_map, int time_is
+   SSL_library_init();
+ 
+   ctx = NULL;
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+   if (0 == strcmp("sslv23", protocol))
    {
      verb ("V: using SSLv23_client_method()");
      ctx = SSL_CTX_new(SSLv23_client_method());
-+#ifndef OPENSSL_NO_SSL3
++#ifndef OPENSSL_NO_SSL3_METHOD
    } else if (0 == strcmp("sslv3", protocol))
    {
      verb ("V: using SSLv3_client_method()");
      ctx = SSL_CTX_new(SSLv3_client_method());
 +#endif
++#ifndef OPENSSL_NO_TLS1_METHOD
    } else if (0 == strcmp("tlsv1", protocol))
    {
      verb ("V: using TLSv1_client_method()");
+     ctx = SSL_CTX_new(TLSv1_client_method());
++#endif
+   } else
+     die("Unsupported protocol `%s'", protocol);
++#else /* OPENSSL_VERSION_NUMBER < 0x10100000L */
++  /*
++   * Use general-purpose version-flexible SSL/TLS method. The actual protocol
++   * version used will be negotiated to the highest version mutually supported
++   * by the client and the server.
++   */
++  verb ("V: using TLS_client_method()\n");
++  ctx = SSL_CTX_new(TLS_client_method());
++#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
+ 
+   if (ctx == NULL)
+     die("OpenSSL failed to support protocol `%s'", protocol);
+@@ -1204,7 +1247,7 @@ run_ssl (uint32_t *time_map, int time_is
+ 
+   // from /usr/include/openssl/ssl3.h
+   //  ssl->s3->server_random is an unsigned char of 32 bits
+-  memcpy(&result_time, ssl->s3->server_random, sizeof (uint32_t));
++  SSL_get_server_random(ssl, (unsigned char *)&result_time, sizeof (uint32_t));
+   verb("V: In TLS response, T=%lu", (unsigned long)ntohl(result_time));
+ 
+   if (http) {
author	Sunpoet Po-Chuan Hsieh <sunpoet@FreeBSD.org>	2018-10-16 20:03:54 +0000
committer	Sunpoet Po-Chuan Hsieh <sunpoet@FreeBSD.org>	2018-10-16 20:03:54 +0000
commit	4f095dd966a10beee7077e0ea558b38839f87f62 (patch)
tree	a17fb1df741ede278078c24e6381ab4b9707568d /sysutils/tlsdate
parent	28d0f6e68e0d6eb4b2f695cec047f58d169d33c7 (diff)
download	ports-4f095dd966a10beee7077e0ea558b38839f87f62.tar.gz ports-4f095dd966a10beee7077e0ea558b38839f87f62.zip