You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@guacamole.apache.org by jm...@apache.org on 2017/03/01 02:50:37 UTC
[1/4] incubator-guacamole-server git commit: GUACAMOLE-205: Use
semantically-named macro rather than repeatedly and explicitly check OpenSSL
version.
Repository: incubator-guacamole-server
Updated Branches:
refs/heads/master c8fca9489 -> 1f8dbb265
GUACAMOLE-205: Use semantically-named macro rather than repeatedly and explicitly check OpenSSL version.
Project: http://git-wip-us.apache.org/repos/asf/incubator-guacamole-server/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-guacamole-server/commit/270d51d4
Tree: http://git-wip-us.apache.org/repos/asf/incubator-guacamole-server/tree/270d51d4
Diff: http://git-wip-us.apache.org/repos/asf/incubator-guacamole-server/diff/270d51d4
Branch: refs/heads/master
Commit: 270d51d4d4a121c331fbf3bab34e50b1f3b589d4
Parents: 98a5faa
Author: Michael Jumper <mj...@apache.org>
Authored: Tue Feb 28 12:01:43 2017 -0800
Committer: Michael Jumper <mj...@apache.org>
Committed: Tue Feb 28 13:01:30 2017 -0800
----------------------------------------------------------------------
configure.ac | 20 ++++++++++++++++++++
src/common-ssh/ssh.c | 6 +++---
src/guacd/daemon.c | 6 +++---
3 files changed, 26 insertions(+), 6 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-guacamole-server/blob/270d51d4/configure.ac
----------------------------------------------------------------------
diff --git a/configure.ac b/configure.ac
index cf6386e..c9391ed 100644
--- a/configure.ac
+++ b/configure.ac
@@ -261,6 +261,26 @@ then
[Whether libssl provides RSA_get0_key()])],,
[#include <openssl/rsa.h>])
+ # OpenSSL 1.1 does away with explicit threading callbacks
+ AC_MSG_CHECKING([whether libssl requires threading callbacks])
+ AC_COMPILE_IFELSE([AC_LANG_SOURCE([[
+
+ #include <openssl/opensslv.h>
+
+ #if OPENSSL_VERSION_NUMBER < 0x10100000L
+ #error Threading callbacks required.
+ #endif
+
+ int main() {
+ return 0;
+ }
+
+ ]])],
+ [AC_MSG_RESULT([no])],
+ [AC_MSG_RESULT([yes])
+ AC_DEFINE([OPENSSL_REQUIRES_THREADING_CALLBACKS],,
+ [Whether OpenSSL requires explicit threading callbacks for threadsafety])])
+
fi
fi
http://git-wip-us.apache.org/repos/asf/incubator-guacamole-server/blob/270d51d4/src/common-ssh/ssh.c
----------------------------------------------------------------------
diff --git a/src/common-ssh/ssh.c b/src/common-ssh/ssh.c
index 266f65d..57bc821 100644
--- a/src/common-ssh/ssh.c
+++ b/src/common-ssh/ssh.c
@@ -45,7 +45,7 @@
GCRY_THREAD_OPTION_PTHREAD_IMPL;
#endif
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#ifdef OPENSSL_REQUIRES_THREADING_CALLBACKS
/**
* Array of mutexes, used by OpenSSL.
*/
@@ -147,7 +147,7 @@ int guac_common_ssh_init(guac_client* client) {
}
#endif
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#ifdef OPENSSL_REQUIRES_THREADING_CALLBACKS
/* Init threadsafety in OpenSSL */
guac_common_ssh_openssl_init_locks(CRYPTO_num_locks());
CRYPTO_set_id_callback(guac_common_ssh_openssl_id_callback);
@@ -167,7 +167,7 @@ int guac_common_ssh_init(guac_client* client) {
}
void guac_common_ssh_uninit() {
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#ifdef OPENSSL_REQUIRES_THREADING_CALLBACKS
guac_common_ssh_openssl_free_locks(CRYPTO_num_locks());
#endif
}
http://git-wip-us.apache.org/repos/asf/incubator-guacamole-server/blob/270d51d4/src/guacd/daemon.c
----------------------------------------------------------------------
diff --git a/src/guacd/daemon.c b/src/guacd/daemon.c
index 082e0be..3adf433 100644
--- a/src/guacd/daemon.c
+++ b/src/guacd/daemon.c
@@ -153,7 +153,7 @@ static int daemonize() {
}
#ifdef ENABLE_SSL
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#ifdef OPENSSL_REQUIRES_THREADING_CALLBACKS
/**
* Array of mutexes, used by OpenSSL.
*/
@@ -361,7 +361,7 @@ int main(int argc, char* argv[]) {
guacd_log(GUAC_LOG_INFO, "Communication will require SSL/TLS.");
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#ifdef OPENSSL_REQUIRES_THREADING_CALLBACKS
/* Init threadsafety in OpenSSL */
guacd_openssl_init_locks(CRYPTO_num_locks());
CRYPTO_set_id_callback(guacd_openssl_id_callback);
@@ -494,7 +494,7 @@ int main(int argc, char* argv[]) {
#ifdef ENABLE_SSL
if (ssl_context != NULL) {
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#ifdef OPENSSL_REQUIRES_THREADING_CALLBACKS
guacd_openssl_free_locks(CRYPTO_num_locks());
#endif
SSL_CTX_free(ssl_context);
[3/4] incubator-guacamole-server git commit: GUACAMOLE-205: Update to
1.1 version of OpenSSL API.
Posted by jm...@apache.org.
GUACAMOLE-205: Update to 1.1 version of OpenSSL API.
Project: http://git-wip-us.apache.org/repos/asf/incubator-guacamole-server/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-guacamole-server/commit/dbfb782d
Tree: http://git-wip-us.apache.org/repos/asf/incubator-guacamole-server/tree/dbfb782d
Diff: http://git-wip-us.apache.org/repos/asf/incubator-guacamole-server/diff/dbfb782d
Branch: refs/heads/master
Commit: dbfb782dd5b0d3a71d59e3c78ae60d375b990b9c
Parents: c8fca94
Author: Michael Jumper <mj...@apache.org>
Authored: Mon Feb 27 10:40:18 2017 -0800
Committer: Michael Jumper <mj...@apache.org>
Committed: Tue Feb 28 13:01:30 2017 -0800
----------------------------------------------------------------------
configure.ac | 25 ++++++++++
src/common-ssh/buffer.c | 2 +-
src/common-ssh/common-ssh/buffer.h | 2 +-
src/common-ssh/key.c | 84 ++++++++++++++++++++++++++-------
src/common-ssh/ssh.c | 6 +++
src/guacd/daemon.c | 6 +++
6 files changed, 106 insertions(+), 19 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-guacamole-server/blob/dbfb782d/configure.ac
----------------------------------------------------------------------
diff --git a/configure.ac b/configure.ac
index 01ebdb2..cf6386e 100644
--- a/configure.ac
+++ b/configure.ac
@@ -236,6 +236,31 @@ then
--------------------------------------------])
else
AC_DEFINE([ENABLE_SSL],, [Whether SSL-related support is enabled])
+
+ # OpenSSL 1.1 accessor function for DSA signature values
+ AC_CHECK_DECL([DSA_SIG_get0],
+ [AC_DEFINE([HAVE_DSA_SIG_GET0],,
+ [Whether libssl provides DSA_SIG_get0()])],,
+ [#include <openssl/dsa.h>])
+
+ # OpenSSL 1.1 accessor function for DSA public key parameters
+ AC_CHECK_DECL([DSA_get0_pqg],
+ [AC_DEFINE([HAVE_DSA_GET0_PQG],,
+ [Whether libssl provides DSA_get0_pqg()])],,
+ [#include <openssl/dsa.h>])
+
+ # OpenSSL 1.1 accessor function for DSA public/private key values
+ AC_CHECK_DECL([DSA_get0_key],
+ [AC_DEFINE([HAVE_DSA_GET0_KEY],,
+ [Whether libssl provides DSA_get0_key()])],,
+ [#include <openssl/dsa.h>])
+
+ # OpenSSL 1.1 accessor function for RSA public/private key values
+ AC_CHECK_DECL([RSA_get0_key],
+ [AC_DEFINE([HAVE_RSA_GET0_KEY],,
+ [Whether libssl provides RSA_get0_key()])],,
+ [#include <openssl/rsa.h>])
+
fi
fi
http://git-wip-us.apache.org/repos/asf/incubator-guacamole-server/blob/dbfb782d/src/common-ssh/buffer.c
----------------------------------------------------------------------
diff --git a/src/common-ssh/buffer.c b/src/common-ssh/buffer.c
index b3d8d57..aa79baf 100644
--- a/src/common-ssh/buffer.c
+++ b/src/common-ssh/buffer.c
@@ -54,7 +54,7 @@ void guac_common_ssh_buffer_write_data(char** buffer, const char* data,
*buffer += length;
}
-void guac_common_ssh_buffer_write_bignum(char** buffer, BIGNUM* value) {
+void guac_common_ssh_buffer_write_bignum(char** buffer, const BIGNUM* value) {
unsigned char* bn_buffer;
int length;
http://git-wip-us.apache.org/repos/asf/incubator-guacamole-server/blob/dbfb782d/src/common-ssh/common-ssh/buffer.h
----------------------------------------------------------------------
diff --git a/src/common-ssh/common-ssh/buffer.h b/src/common-ssh/common-ssh/buffer.h
index b42a2ac..7627f06 100644
--- a/src/common-ssh/common-ssh/buffer.h
+++ b/src/common-ssh/common-ssh/buffer.h
@@ -76,7 +76,7 @@ void guac_common_ssh_buffer_write_string(char** buffer, const char* string,
* @param value
* The value to write.
*/
-void guac_common_ssh_buffer_write_bignum(char** buffer, BIGNUM* value);
+void guac_common_ssh_buffer_write_bignum(char** buffer, const BIGNUM* value);
/**
* Writes the given data the given buffer, advancing the buffer pointer by the
http://git-wip-us.apache.org/repos/asf/incubator-guacamole-server/blob/dbfb782d/src/common-ssh/key.c
----------------------------------------------------------------------
diff --git a/src/common-ssh/key.c b/src/common-ssh/key.c
index 82a3252..4a3f30b 100644
--- a/src/common-ssh/key.c
+++ b/src/common-ssh/key.c
@@ -53,6 +53,9 @@ guac_common_ssh_key* guac_common_ssh_key_alloc(char* data, int length,
RSA* rsa_key;
+ const BIGNUM* key_e;
+ const BIGNUM* key_n;
+
/* Read key */
rsa_key = PEM_read_bio_RSAPrivateKey(key_bio, NULL, NULL, passphrase);
if (rsa_key == NULL)
@@ -69,10 +72,18 @@ guac_common_ssh_key* guac_common_ssh_key_alloc(char* data, int length,
public_key = malloc(4096);
pos = public_key;
- /* Derive public key */
+ /* Retrieve public key */
+#ifdef HAVE_RSA_GET0_KEY
+ RSA_get0_key(rsa_key, &key_n, &key_e, NULL);
+#else
+ key_n = rsa_key->n;
+ key_e = rsa_key->e;
+#endif
+
+ /* Send public key formatted for SSH */
guac_common_ssh_buffer_write_string(&pos, "ssh-rsa", sizeof("ssh-rsa")-1);
- guac_common_ssh_buffer_write_bignum(&pos, rsa_key->e);
- guac_common_ssh_buffer_write_bignum(&pos, rsa_key->n);
+ guac_common_ssh_buffer_write_bignum(&pos, key_e);
+ guac_common_ssh_buffer_write_bignum(&pos, key_n);
/* Save public key to structure */
key->public_key = public_key;
@@ -87,6 +98,11 @@ guac_common_ssh_key* guac_common_ssh_key_alloc(char* data, int length,
DSA* dsa_key;
+ const BIGNUM* key_p;
+ const BIGNUM* key_q;
+ const BIGNUM* key_g;
+ const BIGNUM* pub_key;
+
/* Read key */
dsa_key = PEM_read_bio_DSAPrivateKey(key_bio, NULL, NULL, passphrase);
if (dsa_key == NULL)
@@ -103,12 +119,28 @@ guac_common_ssh_key* guac_common_ssh_key_alloc(char* data, int length,
public_key = malloc(4096);
pos = public_key;
- /* Derive public key */
+ /* Retrieve public key parameters */
+#ifdef HAVE_DSA_GET0_PQG
+ DSA_get0_pqg(dsa_key, &key_p, &key_q, &key_g);
+#else
+ key_p = dsa_key->p;
+ key_q = dsa_key->q;
+ key_g = dsa_key->g;
+#endif
+
+ /* Retrieve public key */
+#ifdef HAVE_DSA_GET0_KEY
+ DSA_get0_key(dsa_key, &pub_key, NULL);
+#else
+ pub_key = dsa_key->pub_key;
+#endif
+
+ /* Send public key formatted for SSH */
guac_common_ssh_buffer_write_string(&pos, "ssh-dss", sizeof("ssh-dss")-1);
- guac_common_ssh_buffer_write_bignum(&pos, dsa_key->p);
- guac_common_ssh_buffer_write_bignum(&pos, dsa_key->q);
- guac_common_ssh_buffer_write_bignum(&pos, dsa_key->g);
- guac_common_ssh_buffer_write_bignum(&pos, dsa_key->pub_key);
+ guac_common_ssh_buffer_write_bignum(&pos, key_p);
+ guac_common_ssh_buffer_write_bignum(&pos, key_q);
+ guac_common_ssh_buffer_write_bignum(&pos, key_g);
+ guac_common_ssh_buffer_write_bignum(&pos, pub_key);
/* Save public key to structure */
key->public_key = public_key;
@@ -156,7 +188,6 @@ int guac_common_ssh_key_sign(guac_common_ssh_key* key, const char* data,
int length, unsigned char* sig) {
const EVP_MD* md;
- EVP_MD_CTX md_ctx;
unsigned char digest[EVP_MAX_MD_SIZE];
unsigned int dlen, len;
@@ -165,10 +196,18 @@ int guac_common_ssh_key_sign(guac_common_ssh_key* key, const char* data,
if ((md = EVP_get_digestbynid(NID_sha1)) == NULL)
return -1;
+ /* Allocate digest context */
+ EVP_MD_CTX* md_ctx = EVP_MD_CTX_create();
+ if (md_ctx == NULL)
+ return -1;
+
/* Digest data */
- EVP_DigestInit(&md_ctx, md);
- EVP_DigestUpdate(&md_ctx, data, length);
- EVP_DigestFinal(&md_ctx, digest, &dlen);
+ EVP_DigestInit(md_ctx, md);
+ EVP_DigestUpdate(md_ctx, data, length);
+ EVP_DigestFinal(md_ctx, digest, &dlen);
+
+ /* Digest context no longer needed */
+ EVP_MD_CTX_destroy(md_ctx);
/* Sign with key */
switch (key->type) {
@@ -183,9 +222,20 @@ int guac_common_ssh_key_sign(guac_common_ssh_key* key, const char* data,
DSA_SIG* dsa_sig = DSA_do_sign(digest, dlen, key->dsa);
if (dsa_sig != NULL) {
+ const BIGNUM* sig_r;
+ const BIGNUM* sig_s;
+
+ /* Retrieve DSA signature values */
+#ifdef HAVE_DSA_SIG_GET0
+ DSA_SIG_get0(dsa_sig, &sig_r, &sig_s);
+#else
+ sig_r = dsa_sig->r;
+ sig_s = dsa_sig->s;
+#endif
+
/* Compute size of each half of signature */
- int rlen = BN_num_bytes(dsa_sig->r);
- int slen = BN_num_bytes(dsa_sig->s);
+ int rlen = BN_num_bytes(sig_r);
+ int slen = BN_num_bytes(sig_s);
/* Ensure each number is within the required size */
if (rlen > DSA_SIG_NUMBER_SIZE || slen > DSA_SIG_NUMBER_SIZE)
@@ -195,11 +245,11 @@ int guac_common_ssh_key_sign(guac_common_ssh_key* key, const char* data,
memset(sig, 0, DSA_SIG_SIZE);
/* Add R at the end of the first block of the signature */
- BN_bn2bin(dsa_sig->r, sig + DSA_SIG_SIZE
- - DSA_SIG_NUMBER_SIZE - rlen);
+ BN_bn2bin(sig_r, sig + DSA_SIG_SIZE
+ - DSA_SIG_NUMBER_SIZE - rlen);
/* Add S at the end of the second block of the signature */
- BN_bn2bin(dsa_sig->s, sig + DSA_SIG_SIZE - slen);
+ BN_bn2bin(sig_s, sig + DSA_SIG_SIZE - slen);
/* Done */
DSA_SIG_free(dsa_sig);
http://git-wip-us.apache.org/repos/asf/incubator-guacamole-server/blob/dbfb782d/src/common-ssh/ssh.c
----------------------------------------------------------------------
diff --git a/src/common-ssh/ssh.c b/src/common-ssh/ssh.c
index e4b0d38..266f65d 100644
--- a/src/common-ssh/ssh.c
+++ b/src/common-ssh/ssh.c
@@ -45,6 +45,7 @@
GCRY_THREAD_OPTION_PTHREAD_IMPL;
#endif
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
/**
* Array of mutexes, used by OpenSSL.
*/
@@ -133,6 +134,7 @@ static void guac_common_ssh_openssl_free_locks(int count) {
free(guac_common_ssh_openssl_locks);
}
+#endif
int guac_common_ssh_init(guac_client* client) {
@@ -145,10 +147,12 @@ int guac_common_ssh_init(guac_client* client) {
}
#endif
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
/* Init threadsafety in OpenSSL */
guac_common_ssh_openssl_init_locks(CRYPTO_num_locks());
CRYPTO_set_id_callback(guac_common_ssh_openssl_id_callback);
CRYPTO_set_locking_callback(guac_common_ssh_openssl_locking_callback);
+#endif
/* Init OpenSSL */
SSL_library_init();
@@ -163,7 +167,9 @@ int guac_common_ssh_init(guac_client* client) {
}
void guac_common_ssh_uninit() {
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
guac_common_ssh_openssl_free_locks(CRYPTO_num_locks());
+#endif
}
/**
http://git-wip-us.apache.org/repos/asf/incubator-guacamole-server/blob/dbfb782d/src/guacd/daemon.c
----------------------------------------------------------------------
diff --git a/src/guacd/daemon.c b/src/guacd/daemon.c
index 1ce1c2f..082e0be 100644
--- a/src/guacd/daemon.c
+++ b/src/guacd/daemon.c
@@ -153,6 +153,7 @@ static int daemonize() {
}
#ifdef ENABLE_SSL
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
/**
* Array of mutexes, used by OpenSSL.
*/
@@ -242,6 +243,7 @@ static void guacd_openssl_free_locks(int count) {
}
#endif
+#endif
int main(int argc, char* argv[]) {
@@ -359,10 +361,12 @@ int main(int argc, char* argv[]) {
guacd_log(GUAC_LOG_INFO, "Communication will require SSL/TLS.");
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
/* Init threadsafety in OpenSSL */
guacd_openssl_init_locks(CRYPTO_num_locks());
CRYPTO_set_id_callback(guacd_openssl_id_callback);
CRYPTO_set_locking_callback(guacd_openssl_locking_callback);
+#endif
/* Init SSL */
SSL_library_init();
@@ -490,7 +494,9 @@ int main(int argc, char* argv[]) {
#ifdef ENABLE_SSL
if (ssl_context != NULL) {
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
guacd_openssl_free_locks(CRYPTO_num_locks());
+#endif
SSL_CTX_free(ssl_context);
}
#endif
[2/4] incubator-guacamole-server git commit: GUACAMOLE-205: Provide
OpenSSL 1.1 API shims for missing accessors.
Posted by jm...@apache.org.
GUACAMOLE-205: Provide OpenSSL 1.1 API shims for missing accessors.
Project: http://git-wip-us.apache.org/repos/asf/incubator-guacamole-server/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-guacamole-server/commit/98a5faaa
Tree: http://git-wip-us.apache.org/repos/asf/incubator-guacamole-server/tree/98a5faaa
Diff: http://git-wip-us.apache.org/repos/asf/incubator-guacamole-server/diff/98a5faaa
Branch: refs/heads/master
Commit: 98a5faaa7762c4298308148138bb0195ac93fd8f
Parents: dbfb782
Author: Michael Jumper <mj...@apache.org>
Authored: Mon Feb 27 12:44:52 2017 -0800
Committer: Michael Jumper <mj...@apache.org>
Committed: Tue Feb 28 13:01:30 2017 -0800
----------------------------------------------------------------------
src/common-ssh/Makefile.am | 14 ++++---
src/common-ssh/common-ssh/dsa-compat.h | 61 +++++++++++++++++++++++++++++
src/common-ssh/common-ssh/rsa-compat.h | 40 +++++++++++++++++++
src/common-ssh/dsa-compat.c | 59 ++++++++++++++++++++++++++++
src/common-ssh/key.c | 26 ++----------
src/common-ssh/rsa-compat.c | 38 ++++++++++++++++++
6 files changed, 210 insertions(+), 28 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-guacamole-server/blob/98a5faaa/src/common-ssh/Makefile.am
----------------------------------------------------------------------
diff --git a/src/common-ssh/Makefile.am b/src/common-ssh/Makefile.am
index c05f264..b839ab0 100644
--- a/src/common-ssh/Makefile.am
+++ b/src/common-ssh/Makefile.am
@@ -24,16 +24,20 @@ noinst_LTLIBRARIES = libguac_common_ssh.la
libguac_common_ssh_la_SOURCES = \
buffer.c \
+ dsa-compat.c \
+ rsa-compat.c \
sftp.c \
ssh.c \
key.c \
user.c
-noinst_HEADERS = \
- common-ssh/buffer.h \
- common-ssh/key.h \
- common-ssh/sftp.h \
- common-ssh/ssh.h \
+noinst_HEADERS = \
+ common-ssh/buffer.h \
+ common-ssh/dsa-compat.h \
+ common-ssh/rsa-compat.h \
+ common-ssh/key.h \
+ common-ssh/sftp.h \
+ common-ssh/ssh.h \
common-ssh/user.h
libguac_common_ssh_la_CFLAGS = \
http://git-wip-us.apache.org/repos/asf/incubator-guacamole-server/blob/98a5faaa/src/common-ssh/common-ssh/dsa-compat.h
----------------------------------------------------------------------
diff --git a/src/common-ssh/common-ssh/dsa-compat.h b/src/common-ssh/common-ssh/dsa-compat.h
new file mode 100644
index 0000000..9bc4f8a
--- /dev/null
+++ b/src/common-ssh/common-ssh/dsa-compat.h
@@ -0,0 +1,61 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+#ifndef GUAC_COMMON_SSH_DSA_COMPAT_H
+#define GUAC_COMMON_SSH_DSA_COMPAT_H
+
+#include "config.h"
+
+#include <openssl/bn.h>
+#include <openssl/dsa.h>
+
+#ifndef HAVE_DSA_GET0_PQG
+/**
+ * DSA_get0_pqg() implementation for versions of OpenSSL which lack this
+ * function (pre 1.1).
+ *
+ * See: https://www.openssl.org/docs/man1.1.0/crypto/DSA_get0_pqg.html
+ */
+void DSA_get0_pqg(const DSA* dsa_key, const BIGNUM** p,
+ const BIGNUM** q, const BIGNUM** g);
+#endif
+
+#ifndef HAVE_DSA_GET0_KEY
+/**
+ * DSA_get0_key() implementation for versions of OpenSSL which lack this
+ * function (pre 1.1).
+ *
+ * See: https://www.openssl.org/docs/man1.1.0/crypto/DSA_get0_key.html
+ */
+void DSA_get0_key(const DSA* dsa_key, const BIGNUM** pub_key,
+ const BIGNUM** priv_key);
+#endif
+
+#ifndef HAVE_DSA_SIG_GET0
+/**
+ * DSA_SIG_get0() implementation for versions of OpenSSL which lack this
+ * function (pre 1.1).
+ *
+ * See: https://www.openssl.org/docs/man1.1.0/crypto/DSA_SIG_get0.html
+ */
+void DSA_SIG_get0(const DSA_SIG* dsa_sig, const BIGNUM** r, const BIGNUM** s);
+#endif
+
+#endif
+
http://git-wip-us.apache.org/repos/asf/incubator-guacamole-server/blob/98a5faaa/src/common-ssh/common-ssh/rsa-compat.h
----------------------------------------------------------------------
diff --git a/src/common-ssh/common-ssh/rsa-compat.h b/src/common-ssh/common-ssh/rsa-compat.h
new file mode 100644
index 0000000..5c6763b
--- /dev/null
+++ b/src/common-ssh/common-ssh/rsa-compat.h
@@ -0,0 +1,40 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+#ifndef GUAC_COMMON_SSH_RSA_COMPAT_H
+#define GUAC_COMMON_SSH_RSA_COMPAT_H
+
+#include "config.h"
+
+#include <openssl/bn.h>
+#include <openssl/rsa.h>
+
+#ifndef HAVE_RSA_GET0_KEY
+/**
+ * RSA_get0_key() implementation for versions of OpenSSL which lack this
+ * function (pre 1.1).
+ *
+ * See: https://www.openssl.org/docs/man1.1.0/crypto/RSA_get0_key.html
+ */
+void RSA_get0_key(const RSA* rsa_key, const BIGNUM** n,
+ const BIGNUM** e, const BIGNUM**d);
+#endif
+
+#endif
+
http://git-wip-us.apache.org/repos/asf/incubator-guacamole-server/blob/98a5faaa/src/common-ssh/dsa-compat.c
----------------------------------------------------------------------
diff --git a/src/common-ssh/dsa-compat.c b/src/common-ssh/dsa-compat.c
new file mode 100644
index 0000000..82ec3d0
--- /dev/null
+++ b/src/common-ssh/dsa-compat.c
@@ -0,0 +1,59 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+#include "config.h"
+
+#include <openssl/bn.h>
+#include <openssl/dsa.h>
+
+#include <stdlib.h>
+
+#ifndef HAVE_DSA_GET0_PQG
+void DSA_get0_pqg(const DSA* dsa_key, const BIGNUM** p,
+ const BIGNUM** q, const BIGNUM** g) {
+
+ /* Retrieve all requested internal values */
+ if (p != NULL) *p = dsa_key->p;
+ if (q != NULL) *q = dsa_key->q;
+ if (g != NULL) *g = dsa_key->g;
+
+}
+#endif
+
+#ifndef HAVE_DSA_GET0_KEY
+void DSA_get0_key(const DSA* dsa_key, const BIGNUM** pub_key,
+ const BIGNUM** priv_key) {
+
+ /* Retrieve all requested internal values */
+ if (pub_key != NULL) *pub_key = dsa_key->pub_key;
+ if (priv_key != NULL) *priv_key = dsa_key->priv_key;
+
+}
+#endif
+
+#ifndef HAVE_DSA_SIG_GET0
+void DSA_SIG_get0(const DSA_SIG* dsa_sig, const BIGNUM** r, const BIGNUM** s) {
+
+ /* Retrieve all requested internal values */
+ if (r != NULL) *r = dsa_sig->r;
+ if (s != NULL) *s = dsa_sig->s;
+
+}
+#endif
+
http://git-wip-us.apache.org/repos/asf/incubator-guacamole-server/blob/98a5faaa/src/common-ssh/key.c
----------------------------------------------------------------------
diff --git a/src/common-ssh/key.c b/src/common-ssh/key.c
index 4a3f30b..a05d696 100644
--- a/src/common-ssh/key.c
+++ b/src/common-ssh/key.c
@@ -20,7 +20,9 @@
#include "config.h"
#include "common-ssh/buffer.h"
+#include "common-ssh/dsa-compat.h"
#include "common-ssh/key.h"
+#include "common-ssh/rsa-compat.h"
#include <openssl/bio.h>
#include <openssl/bn.h>
@@ -73,12 +75,7 @@ guac_common_ssh_key* guac_common_ssh_key_alloc(char* data, int length,
pos = public_key;
/* Retrieve public key */
-#ifdef HAVE_RSA_GET0_KEY
RSA_get0_key(rsa_key, &key_n, &key_e, NULL);
-#else
- key_n = rsa_key->n;
- key_e = rsa_key->e;
-#endif
/* Send public key formatted for SSH */
guac_common_ssh_buffer_write_string(&pos, "ssh-rsa", sizeof("ssh-rsa")-1);
@@ -119,21 +116,9 @@ guac_common_ssh_key* guac_common_ssh_key_alloc(char* data, int length,
public_key = malloc(4096);
pos = public_key;
- /* Retrieve public key parameters */
-#ifdef HAVE_DSA_GET0_PQG
- DSA_get0_pqg(dsa_key, &key_p, &key_q, &key_g);
-#else
- key_p = dsa_key->p;
- key_q = dsa_key->q;
- key_g = dsa_key->g;
-#endif
-
/* Retrieve public key */
-#ifdef HAVE_DSA_GET0_KEY
+ DSA_get0_pqg(dsa_key, &key_p, &key_q, &key_g);
DSA_get0_key(dsa_key, &pub_key, NULL);
-#else
- pub_key = dsa_key->pub_key;
-#endif
/* Send public key formatted for SSH */
guac_common_ssh_buffer_write_string(&pos, "ssh-dss", sizeof("ssh-dss")-1);
@@ -226,12 +211,7 @@ int guac_common_ssh_key_sign(guac_common_ssh_key* key, const char* data,
const BIGNUM* sig_s;
/* Retrieve DSA signature values */
-#ifdef HAVE_DSA_SIG_GET0
DSA_SIG_get0(dsa_sig, &sig_r, &sig_s);
-#else
- sig_r = dsa_sig->r;
- sig_s = dsa_sig->s;
-#endif
/* Compute size of each half of signature */
int rlen = BN_num_bytes(sig_r);
http://git-wip-us.apache.org/repos/asf/incubator-guacamole-server/blob/98a5faaa/src/common-ssh/rsa-compat.c
----------------------------------------------------------------------
diff --git a/src/common-ssh/rsa-compat.c b/src/common-ssh/rsa-compat.c
new file mode 100644
index 0000000..915536a
--- /dev/null
+++ b/src/common-ssh/rsa-compat.c
@@ -0,0 +1,38 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+#include "config.h"
+
+#include <openssl/bn.h>
+#include <openssl/rsa.h>
+
+#include <stdlib.h>
+
+#ifndef HAVE_RSA_GET0_KEY
+void RSA_get0_key(const RSA* rsa_key, const BIGNUM** n,
+ const BIGNUM** e, const BIGNUM**d) {
+
+ /* Retrieve all requested internal values */
+ if (n != NULL) *n = rsa_key->n;
+ if (e != NULL) *e = rsa_key->e;
+ if (d != NULL) *d = rsa_key->d;
+
+}
+#endif
+
[4/4] incubator-guacamole-server git commit: GUACAMOLE-205: Merge
OpenSSL 1.1 version API upgrade.
Posted by jm...@apache.org.
GUACAMOLE-205: Merge OpenSSL 1.1 version API upgrade.
Project: http://git-wip-us.apache.org/repos/asf/incubator-guacamole-server/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-guacamole-server/commit/1f8dbb26
Tree: http://git-wip-us.apache.org/repos/asf/incubator-guacamole-server/tree/1f8dbb26
Diff: http://git-wip-us.apache.org/repos/asf/incubator-guacamole-server/diff/1f8dbb26
Branch: refs/heads/master
Commit: 1f8dbb265e2327683c2bd072d3b009ec6c92425a
Parents: c8fca94 270d51d
Author: James Muehlner <ja...@guac-dev.org>
Authored: Tue Feb 28 18:47:29 2017 -0800
Committer: James Muehlner <ja...@guac-dev.org>
Committed: Tue Feb 28 18:49:44 2017 -0800
----------------------------------------------------------------------
configure.ac | 45 ++++++++++++++++++++
src/common-ssh/Makefile.am | 14 ++++---
src/common-ssh/buffer.c | 2 +-
src/common-ssh/common-ssh/buffer.h | 2 +-
src/common-ssh/common-ssh/dsa-compat.h | 61 +++++++++++++++++++++++++++
src/common-ssh/common-ssh/rsa-compat.h | 40 ++++++++++++++++++
src/common-ssh/dsa-compat.c | 59 ++++++++++++++++++++++++++
src/common-ssh/key.c | 64 +++++++++++++++++++++--------
src/common-ssh/rsa-compat.c | 38 +++++++++++++++++
src/common-ssh/ssh.c | 6 +++
src/guacd/daemon.c | 6 +++
11 files changed, 313 insertions(+), 24 deletions(-)
----------------------------------------------------------------------