X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;f=src%2Fmodules%2Fextra%2Fm_ssl_openssl.cpp;h=68f75c87ff96739fd2643fac6e6efc1cdfd1f393;hb=29454be73a7972001e8f53a200119a0af67c8ae6;hp=8843c34f6a9a118b668749fa6979a97619416c50;hpb=bdfde49fb6d9a8787c072b759d4af27584308e1b;p=user%2Fhenk%2Fcode%2Finspircd.git diff --git a/src/modules/extra/m_ssl_openssl.cpp b/src/modules/extra/m_ssl_openssl.cpp index 8843c34f6..68f75c87f 100644 --- a/src/modules/extra/m_ssl_openssl.cpp +++ b/src/modules/extra/m_ssl_openssl.cpp @@ -24,8 +24,9 @@ /// $CompilerFlags: find_compiler_flags("openssl") /// $LinkerFlags: find_linker_flags("openssl" "-lssl -lcrypto") +/// $PackageInfo: require_system("centos") openssl-devel pkgconfig /// $PackageInfo: require_system("darwin") openssl pkg-config -/// $PackageInfo: require_system("ubuntu" "16.04") libssl-dev openssl pkg-config +/// $PackageInfo: require_system("ubuntu") libssl-dev openssl pkg-config #include "inspircd.h" @@ -57,6 +58,15 @@ #define INSPIRCD_OPENSSL_ENABLE_ECDH #endif +// BIO is opaque in OpenSSL 1.1 but the access API does not exist in 1.0 and older. +#if ((defined LIBRESSL_VERSION_NUMBER) || (OPENSSL_VERSION_NUMBER < 0x10100000L)) +# define BIO_get_data(BIO) BIO->ptr +# define BIO_set_data(BIO, VALUE) BIO->ptr = VALUE; +# define BIO_set_init(BIO, VALUE) BIO->init = VALUE; +#else +# define INSPIRCD_OPENSSL_OPAQUE_BIO +#endif + enum issl_status { ISSL_NONE, ISSL_HANDSHAKING, ISSL_OPEN }; static bool SelfSigned = false; @@ -371,7 +381,7 @@ namespace OpenSSL { static int create(BIO* bio) { - bio->init = 1; + BIO_set_init(bio, 1); return 1; } @@ -392,9 +402,25 @@ namespace OpenSSL static int read(BIO* bio, char* buf, int len); static int write(BIO* bio, const char* buf, int len); + +#ifdef INSPIRCD_OPENSSL_OPAQUE_BIO + static BIO_METHOD* alloc() + { + BIO_METHOD* meth = BIO_meth_new(100 | BIO_TYPE_SOURCE_SINK, "inspircd"); + BIO_meth_set_write(meth, OpenSSL::BIOMethod::write); + BIO_meth_set_read(meth, OpenSSL::BIOMethod::read); + BIO_meth_set_ctrl(meth, OpenSSL::BIOMethod::ctrl); + BIO_meth_set_create(meth, OpenSSL::BIOMethod::create); + BIO_meth_set_destroy(meth, OpenSSL::BIOMethod::destroy); + return meth; + } +#endif } } +// BIO_METHOD is opaque in OpenSSL 1.1 so we can't do this. +// See OpenSSL::BIOMethod::alloc for the new method. +#ifndef INSPIRCD_OPENSSL_OPAQUE_BIO static BIO_METHOD biomethods = { (100 | BIO_TYPE_SOURCE_SINK), @@ -408,6 +434,9 @@ static BIO_METHOD biomethods = OpenSSL::BIOMethod::destroy, // destroy, does nothing, see function body for more info NULL // callback_ctrl }; +#else +static BIO_METHOD* biomethods; +#endif static int OnVerify(int preverify_ok, X509_STORE_CTX *ctx) { @@ -557,7 +586,7 @@ class OpenSSLIOHook : public SSLIOHook // to ISSL_NONE so CheckRenego() closes the session status = ISSL_NONE; BIO* bio = SSL_get_rbio(sess); - EventHandler* eh = static_cast(bio->ptr); + EventHandler* eh = static_cast(BIO_get_data(bio)); SocketEngine::Shutdown(eh, 2); } } @@ -600,8 +629,12 @@ class OpenSSLIOHook : public SSLIOHook , profile(sslprofile) { // Create BIO instance and store a pointer to the socket in it which will be used by the read and write functions +#ifdef INSPIRCD_OPENSSL_OPAQUE_BIO + BIO* bio = BIO_new(biomethods); +#else BIO* bio = BIO_new(&biomethods); - bio->ptr = sock; +#endif + BIO_set_data(bio, sock); SSL_set_bio(sess, bio, bio); SSL_set_ex_data(sess, exdataindex, this); @@ -758,7 +791,7 @@ static int OpenSSL::BIOMethod::write(BIO* bio, const char* buffer, int size) { BIO_clear_retry_flags(bio); - StreamSocket* sock = static_cast(bio->ptr); + StreamSocket* sock = static_cast(BIO_get_data(bio)); if (sock->GetEventMask() & FD_WRITE_WILL_BLOCK) { // Writes blocked earlier, don't retry syscall @@ -781,7 +814,7 @@ static int OpenSSL::BIOMethod::read(BIO* bio, char* buffer, int size) { BIO_clear_retry_flags(bio); - StreamSocket* sock = static_cast(bio->ptr); + StreamSocket* sock = static_cast(BIO_get_data(bio)); if (sock->GetEventMask() & FD_READ_WILL_BLOCK) { // Reads blocked earlier, don't retry syscall @@ -891,6 +924,14 @@ class ModuleSSLOpenSSL : public Module // Initialize OpenSSL SSL_library_init(); SSL_load_error_strings(); +#ifdef INSPIRCD_OPENSSL_OPAQUE_BIO + biomethods = OpenSSL::BIOMethod::alloc(); + } + + ~ModuleSSLOpenSSL() + { + BIO_meth_free(biomethods); +#endif } void init() CXX11_OVERRIDE