From a9f707c8132213d9cf208b79c89ee4ce4020e686 Mon Sep 17 00:00:00 2001 From: Rosen Penev Date: Mon, 22 Jul 2019 09:40:43 -0700 Subject: [PATCH 1/3] Switch to OpenSSL THREADID API The old threading API was deprecated in OpenSSL 1.0. --- src/Mayaqua/Encrypt.c | 18 ++++++++++-------- src/Mayaqua/Encrypt.h | 1 - 2 files changed, 10 insertions(+), 9 deletions(-) diff --git a/src/Mayaqua/Encrypt.c b/src/Mayaqua/Encrypt.c index 5901f0cc..0688cacd 100644 --- a/src/Mayaqua/Encrypt.c +++ b/src/Mayaqua/Encrypt.c @@ -758,6 +758,14 @@ BUF *BigNumToBuf(const BIGNUM *bn) return b; } +#if OPENSSL_VERSION_NUMBER < 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) +// Return the thread ID +static void OpenSSL_Id(CRYPTO_THREADID *id) +{ + CRYPTO_THREADID_set_numeric(id, (unsigned long)ThreadId()); +} +#endif + // Initialization of the lock of OpenSSL void OpenSSL_InitLock() { @@ -774,7 +782,7 @@ void OpenSSL_InitLock() // Setting the lock function CRYPTO_set_locking_callback(OpenSSL_Lock); - CRYPTO_set_id_callback(OpenSSL_Id); + CRYPTO_THREADID_set_callback(OpenSSL_Id); #endif } @@ -792,7 +800,7 @@ void OpenSSL_FreeLock() ssl_lock_obj = NULL; CRYPTO_set_locking_callback(NULL); - CRYPTO_set_id_callback(NULL); + CRYPTO_THREADID_set_callback(NULL); #endif } @@ -815,12 +823,6 @@ void OpenSSL_Lock(int mode, int n, const char *file, int line) #endif } -// Return the thread ID -unsigned long OpenSSL_Id(void) -{ - return (unsigned long)ThreadId(); -} - char *OpenSSL_Error() { return ERR_error_string(ERR_get_error(), NULL); diff --git a/src/Mayaqua/Encrypt.h b/src/Mayaqua/Encrypt.h index 2cc05c29..dc82c562 100644 --- a/src/Mayaqua/Encrypt.h +++ b/src/Mayaqua/Encrypt.h @@ -416,7 +416,6 @@ bool IsAesNiSupported(); void OpenSSL_InitLock(); void OpenSSL_FreeLock(); void OpenSSL_Lock(int mode, int n, const char *file, int line); -unsigned long OpenSSL_Id(void); void FreeOpenSSLThreadState(); char *OpenSSL_Error(); From d57fc3524c2317242583a825ef64e7b9e85df83c Mon Sep 17 00:00:00 2001 From: Rosen Penev Date: Mon, 22 Jul 2019 09:48:17 -0700 Subject: [PATCH 2/3] Fix LibreSSL support My previous patch used a wrong if directive, which disabled removed (de)initialization and threading for LibreSSL. This most likely causes issues at runtime. --- src/Mayaqua/Encrypt.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/src/Mayaqua/Encrypt.c b/src/Mayaqua/Encrypt.c index 0688cacd..de74c531 100644 --- a/src/Mayaqua/Encrypt.c +++ b/src/Mayaqua/Encrypt.c @@ -758,7 +758,7 @@ BUF *BigNumToBuf(const BIGNUM *bn) return b; } -#if OPENSSL_VERSION_NUMBER < 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) +#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) // Return the thread ID static void OpenSSL_Id(CRYPTO_THREADID *id) { @@ -769,7 +769,7 @@ static void OpenSSL_Id(CRYPTO_THREADID *id) // Initialization of the lock of OpenSSL void OpenSSL_InitLock() { -#if OPENSSL_VERSION_NUMBER < 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) +#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) UINT i; // Initialization of the lock object @@ -789,7 +789,7 @@ void OpenSSL_InitLock() // Release of the lock of OpenSSL void OpenSSL_FreeLock() { -#if OPENSSL_VERSION_NUMBER < 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) +#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) UINT i; for (i = 0;i < ssl_lock_num;i++) @@ -807,7 +807,7 @@ void OpenSSL_FreeLock() // Lock function for OpenSSL void OpenSSL_Lock(int mode, int n, const char *file, int line) { -#if OPENSSL_VERSION_NUMBER < 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) +#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) LOCK *lock = ssl_lock_obj[n]; if (mode & CRYPTO_LOCK) @@ -3731,7 +3731,7 @@ void FreeCryptLibrary() openssl_lock = NULL; // RAND_Free_For_SoftEther(); OpenSSL_FreeLock(); -#if OPENSSL_VERSION_NUMBER < 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) +#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) #ifdef OPENSSL_FIPS FIPS_mode_set(0); #endif @@ -3756,7 +3756,7 @@ void InitCryptLibrary() { char tmp[16]; -#if OPENSSL_VERSION_NUMBER < 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) +#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) // RAND_Init_For_SoftEther() openssl_lock = NewLock(); SSL_library_init(); From ad33008a2962b202b8a0e579e49d2c9521d9ddea Mon Sep 17 00:00:00 2001 From: Ilya Shipitsin Date: Sun, 21 Jul 2019 20:29:29 +0500 Subject: [PATCH 3/3] add "no-deprecated" to openssl builds "no-deprecated" is widely used in openwrt devices --- .ci/build-openssl.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.ci/build-openssl.sh b/.ci/build-openssl.sh index e52943df..e483f778 100755 --- a/.ci/build-openssl.sh +++ b/.ci/build-openssl.sh @@ -12,7 +12,7 @@ build_openssl () { if [[ "$(cat ${OPENSSL_INSTALL_DIR}/.openssl-version)" != "${OPENSSL_VERSION}" ]]; then tar zxf "download-cache/openssl-${OPENSSL_VERSION}.tar.gz" cd "openssl-${OPENSSL_VERSION}/" - ./config shared --prefix="${OPENSSL_INSTALL_DIR}" --openssldir="${OPENSSL_INSTALL_DIR}" -DPURIFY + ./config shared no-deprecated --prefix="${OPENSSL_INSTALL_DIR}" --openssldir="${OPENSSL_INSTALL_DIR}" -DPURIFY make -j $(nproc || sysctl -n hw.ncpu || echo 4) all make install_sw echo "${OPENSSL_VERSION}" > "${OPENSSL_INSTALL_DIR}/.openssl-version"