Blame - external/subpack/net/softethervpn/patches/120-openssl-deprecated.patch - T108

blob: 4ed0d922289460d8703e45ccb7457bd0d1be8476 [file] [log] [blame]

b.liu	e958203	2025-04-17 19:18:16 +0800	[diff] [blame^]	1	--- a/src/Mayaqua/Encrypt.c
				2	+++ b/src/Mayaqua/Encrypt.c
				3	@@ -120,6 +120,7 @@
				4	#include <openssl/rand.h>
				5	#include <openssl/engine.h>
				6	#include <openssl/bio.h>
				7	+#include <openssl/bn.h>
				8	#include <openssl/x509.h>
				9	#include <openssl/pkcs7.h>
				10	#include <openssl/pkcs12.h>
				11	@@ -128,6 +129,7 @@
				12	#include <openssl/md4.h>
				13	#include <openssl/hmac.h>
				14	#include <openssl/sha.h>
				15	+#include <openssl/rsa.h>
				16	#include <openssl/des.h>
				17	#include <openssl/aes.h>
				18	#include <openssl/dh.h>
				19	@@ -627,7 +629,7 @@ UINT CipherProcess(CIPHER c, void iv,
				20	return 0;
				21	}
				22
				23	- if (EVP_CipherFinal(c->Ctx, ((UCHAR *)dest) + (UINT)r, &r2) == 0)
				24	+ if (EVP_CipherFinal_ex(c->Ctx, ((UCHAR *)dest) + (UINT)r, &r2) == 0)
				25	{
				26	return 0;
				27	}
				28	@@ -926,6 +928,7 @@ BUF BigNumToBuf(const BIGNUM bn)
				29	// Initialization of the lock of OpenSSL
				30	void OpenSSL_InitLock()
				31	{
				32	+#if OPENSSL_VERSION_NUMBER < 0x10100000L
				33	UINT i;
				34
				35	// Initialization of the lock object
				36	@@ -939,11 +942,13 @@ void OpenSSL_InitLock()
				37	// Setting the lock function
				38	CRYPTO_set_locking_callback(OpenSSL_Lock);
				39	CRYPTO_set_id_callback(OpenSSL_Id);
				40	+#endif
				41	}
				42
				43	// Release of the lock of OpenSSL
				44	void OpenSSL_FreeLock()
				45	{
				46	+#if OPENSSL_VERSION_NUMBER < 0x10100000L
				47	UINT i;
				48
				49	for (i = 0;i < ssl_lock_num;i++)
				50	@@ -955,11 +960,13 @@ void OpenSSL_FreeLock()
				51
				52	CRYPTO_set_locking_callback(NULL);
				53	CRYPTO_set_id_callback(NULL);
				54	+#endif
				55	}
				56
				57	// Lock function for OpenSSL
				58	void OpenSSL_Lock(int mode, int n, const char *file, int line)
				59	{
				60	+#if OPENSSL_VERSION_NUMBER < 0x10100000L
				61	LOCK *lock = ssl_lock_obj[n];
				62
				63	if (mode & CRYPTO_LOCK)
				64	@@ -972,12 +979,15 @@ void OpenSSL_Lock(int mode, int n, const
				65	// Unlock
				66	Unlock(lock);
				67	}
				68	+#endif
				69	}
				70
				71	// Return the thread ID
				72	unsigned long OpenSSL_Id(void)
				73	{
				74	+#if OPENSSL_VERSION_NUMBER < 0x10100000L
				75	return (unsigned long)ThreadId();
				76	+#endif
				77	}
				78
				79	// Get the display name of the certificate
				80	@@ -1901,8 +1911,8 @@ X509 NewX509(K pub, K priv, X ca, NA
				81	X509_set_version(x509, 2L);
				82
				83	// Set the Expiration
				84	- t1 = X509_get_notBefore(x509);
				85	- t2 = X509_get_notAfter(x509);
				86	+ t1 = X509_getm_notBefore(x509);
				87	+ t2 = X509_getm_notAfter(x509);
				88	if (!UINT64ToAsn1Time(t1, notBefore))
				89	{
				90	FreeX509(x509);
				91	@@ -2043,8 +2053,8 @@ X509 NewRootX509(K pub, K *priv, NAME
				92	X509_set_version(x509, 2L);
				93
				94	// Set the Expiration
				95	- t1 = X509_get_notBefore(x509);
				96	- t2 = X509_get_notAfter(x509);
				97	+ t1 = X509_getm_notBefore(x509);
				98	+ t2 = X509_getm_notAfter(x509);
				99	if (!UINT64ToAsn1Time(t1, notBefore))
				100	{
				101	FreeX509(x509);
				102	@@ -2698,6 +2708,43 @@ bool RsaCheckEx()
				103
				104	return false;
				105	}
				106	+
				107	+// RSA key generation
				108	+static RSA *RsaGenKey(UINT bit, BN_ULONG e)
				109	+{
				110	+ RSA *rsa = NULL;
				111	+ char errbuf[MAX_SIZE];
				112	+ BIGNUM *bne = NULL;
				113	+
				114	+ if ((bne = BN_new()) == NULL)
				115	+ {
				116	+ Debug("BN_new: err=%s\n", ERR_error_string(ERR_get_error(), errbuf));
				117	+ return NULL;
				118	+ }
				119	+ if (BN_set_word(bne, e) == 0)
				120	+ {
				121	+ Debug("BN_set_word: err=%s\n", ERR_error_string(ERR_get_error(), errbuf));
				122	+ goto fail;
				123	+ }
				124	+ if ((rsa = RSA_new()) == NULL)
				125	+ {
				126	+ Debug("RSA_new: err=%s\n", ERR_error_string(ERR_get_error(), errbuf));
				127	+ goto fail;
				128	+ }
				129	+ if (RSA_generate_key_ex(rsa, bit, bne, NULL) == 0)
				130	+ {
				131	+ Debug("RSA_generate_key_ex: err=%s\n", ERR_error_string(ERR_get_error(), errbuf));
				132	+ goto fail;
				133	+ }
				134	+ BN_free(bne);
				135	+ return rsa;
				136	+
				137	+fail:
				138	+ RSA_free(rsa);
				139	+ BN_free(bne);
				140	+ return NULL;
				141	+}
				142	+
				143	bool RsaCheck()
				144	{
				145	RSA *rsa;
				146	@@ -2711,12 +2758,11 @@ bool RsaCheck()
				147	// Key generation
				148	Lock(openssl_lock);
				149	{
				150	- rsa = RSA_generate_key(bit, RSA_F4, NULL, NULL);
				151	+ rsa = RsaGenKey(bit, RSA_F4);
				152	}
				153	Unlock(openssl_lock);
				154	if (rsa == NULL)
				155	{
				156	- Debug("RSA_generate_key: err=%s\n", ERR_error_string(ERR_get_error(), errbuf));
				157	return false;
				158	}
				159
				160	@@ -2781,12 +2827,11 @@ bool RsaGen(K priv, K pub, UINT bit)
				161	// Key generation
				162	Lock(openssl_lock);
				163	{
				164	- rsa = RSA_generate_key(bit, RSA_F4, NULL, NULL);
				165	+ rsa = RsaGenKey(bit, RSA_F4);
				166	}
				167	Unlock(openssl_lock);
				168	if (rsa == NULL)
				169	{
				170	- Debug("RSA_generate_key: err=%s\n", ERR_error_string(ERR_get_error(), errbuf));
				171	return false;
				172	}
				173
				174	@@ -3896,7 +3941,7 @@ X X509ToX(X509 x509)
				175	{
				176	if (OBJ_obj2nid(ad->method) == NID_ad_ca_issuers && ad->location->type == GEN_URI)
				177	{
				178	- char uri = (char )ASN1_STRING_data(ad->location->d.uniformResourceIdentifier);
				179	+ char uri = (char )ASN1_STRING_get0_data(ad->location->d.uniformResourceIdentifier);
				180
				181	if (IsEmptyStr(uri) == false)
				182	{
				183	@@ -4109,7 +4154,9 @@ void Rand(void *buf, UINT size)
				184	// Delete a thread-specific information that OpenSSL has holded
				185	void FreeOpenSSLThreadState()
				186	{
				187	+#if OPENSSL_VERSION_NUMBER < 0x10100000L
				188	ERR_remove_state(0);
				189	+#endif
				190	}
				191
				192	// Release the Crypt library
				193	@@ -4131,12 +4178,14 @@ void InitCryptLibrary()
				194	CheckIfIntelAesNiSupportedInit();
				195	// RAND_Init_For_SoftEther()
				196	openssl_lock = NewLock();
				197	+#if OPENSSL_VERSION_NUMBER < 0x10100000L
				198	SSL_library_init();
				199	//OpenSSL_add_all_algorithms();
				200	OpenSSL_add_all_ciphers();
				201	OpenSSL_add_all_digests();
				202	ERR_load_crypto_strings();
				203	SSL_load_error_strings();
				204	+#endif
				205
				206	ssl_clientcert_index = SSL_get_ex_new_index(0, "struct SslClientCertInfo *", NULL, NULL, NULL);
				207
				208	--- a/src/Mayaqua/Encrypt.h
				209	+++ b/src/Mayaqua/Encrypt.h
				210	@@ -105,7 +105,7 @@
				211	#ifndef ENCRYPT_H
				212	#define ENCRYPT_H
				213
				214	-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
				215	+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(OPENSSL_NO_CHACHA) && !defined(LIBRESSL_VERSION_NUMBER)
				216	#define USE_OPENSSL_AEAD_CHACHA20POLY1305
				217	#endif
				218
				219	--- a/src/Mayaqua/Network.c
				220	+++ b/src/Mayaqua/Network.c
				221	@@ -18172,7 +18172,7 @@ struct ssl_ctx_st *NewSSLCtx(bool server
				222	SSL_CTX_set_ecdh_auto(ctx, 1);
				223	#endif // SSL_CTX_set_ecdh_auto
				224
				225	-#if OPENSSL_VERSION_NUMBER >= 0x1010100fL
				226	+#if OPENSSL_VERSION_NUMBER >= 0x1010100fL && !defined(LIBRESSL_VERSION_NUMBER)
				227	// For compatibility with VPN 3.0 or older
				228	SSL_CTX_set_security_level(ctx, 0);
				229	#endif
				230	--- a/src/Mayaqua/Secure.c
				231	+++ b/src/Mayaqua/Secure.c
				232	@@ -127,6 +127,7 @@
				233	#include <openssl/pkcs7.h>
				234	#include <openssl/pkcs12.h>
				235	#include <openssl/rc4.h>
				236	+#include <openssl/rsa.h>
				237	#include <openssl/md5.h>
				238	#include <openssl/sha.h>
				239	#include <Mayaqua/Mayaqua.h>