Projects
Kolab:Winterfell
cyrus-imapd-3
0001-Openssl-3.0-fixes.patch
Log In
Username
Password
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 0001-Openssl-3.0-fixes.patch of Package cyrus-imapd-3
From 2c816fac8d7f69539b0dde34fa74a55257232d16 Mon Sep 17 00:00:00 2001 From: Christian Mollekopf <mollekopf@apheleia-it.ch> Date: Fri, 14 Oct 2022 17:00:07 +0200 Subject: [PATCH] Openssl 3.0 fixes --- imap/tls.c | 31 +++++++++++++++++++------------ imtest/imtest.c | 12 +++++++----- 2 files changed, 26 insertions(+), 17 deletions(-) diff --git a/imap/tls.c b/imap/tls.c index 7951c98e3..df6c9cd61 100644 --- a/imap/tls.c +++ b/imap/tls.c @@ -149,7 +149,7 @@ static int tls_serverengine = 0; /* server engine initialized? */ static int tls_clientengine = 0; /* client engine initialized? */ static int do_dump = 0; /* actively dumping protocol? */ -#if (OPENSSL_VERSION_NUMBER >= 0x0090800fL) +#if (OPENSSL_VERSION_NUMBER >= 0x0090800fL) && (OPENSSL_VERSION_NUMBER < 0x30000000L) static DH *dh_params = NULL; #endif @@ -240,7 +240,7 @@ static int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g) } #endif -#if (OPENSSL_VERSION_NUMBER >= 0x0090800fL) +#if (OPENSSL_VERSION_NUMBER >= 0x0090800fL) && (OPENSSL_VERSION_NUMBER < 0x30000000L) /* Logic copied from OpenSSL apps/s_server.c: give the TLS context * DH params to work with DHE-* cipher suites. Hardcoded fallback * in case no DH params in server_key or server_cert. @@ -739,7 +739,6 @@ EXPORTED int tls_init_serverengine(const char *ident, const char *client_ca_file; const char *server_ca_file; const char *server_cert_file; - const char *server_dhparam_file; const char *server_key_file; const char *crl_file_path; enum enum_value tls_client_certs; @@ -883,7 +882,6 @@ EXPORTED int tls_init_serverengine(const char *ident, server_ca_file = config_getstring(IMAPOPT_TLS_SERVER_CA_FILE); server_cert_file = config_getstring(IMAPOPT_TLS_SERVER_CERT); - server_dhparam_file = config_getstring(IMAPOPT_TLS_SERVER_DHPARAM); server_key_file = config_getstring(IMAPOPT_TLS_SERVER_KEY); if (config_debug) { @@ -949,8 +947,11 @@ EXPORTED int tls_init_serverengine(const char *ident, SSL_CTX_set_tmp_rsa_callback(s_ctx, tmp_rsa_cb); #endif -#if (OPENSSL_VERSION_NUMBER >= 0x0090800fL) +#if (OPENSSL_VERSION_NUMBER >= 0x30000000L) + SSL_CTX_set_dh_auto(s_ctx, 1); +#elif (OPENSSL_VERSION_NUMBER >= 0x0090800fL) /* Load DH params for DHE-* key exchanges */ + const char *server_dhparam_file = config_getstring(IMAPOPT_TLS_SERVER_DHPARAM); dh_params = load_dh_param(server_dhparam_file, server_key_file, server_cert_file); SSL_CTX_set_tmp_dh(s_ctx, dh_params); #endif @@ -959,12 +960,16 @@ EXPORTED int tls_init_serverengine(const char *ident, const char *ec = config_getstring(IMAPOPT_TLS_ECCURVE); int openssl_nid = OBJ_sn2nid(ec); if (openssl_nid != 0) { +#if (OPENSSL_VERSION_NUMBER >= 0x30000000L) + SSL_CTX_set1_curves(s_ctx, &openssl_nid, 1); +#else EC_KEY *ecdh; ecdh = EC_KEY_new_by_curve_name(openssl_nid); if (ecdh != NULL) { SSL_CTX_set_tmp_ecdh(s_ctx, ecdh); EC_KEY_free(ecdh); } +#endif } #endif @@ -1086,20 +1091,22 @@ EXPORTED int tls_init_serverengine(const char *ident, /* taken from OpenSSL apps/s_cb.c */ -static long bio_dump_cb(BIO * bio, int cmd, const char *argp, int argi, - long argl __attribute__((unused)), long ret) +static long bio_dump_cb(BIO * bio, int cmd, const char *argp, + size_t len __attribute__((unused)), int argi, + long argl __attribute__((unused)), int ret, + size_t *processed __attribute__((unused))) { if (!do_dump) return (ret); if (cmd == (BIO_CB_READ | BIO_CB_RETURN)) { - printf("read from %08lX [%08lX] (%d bytes => %ld (0x%lX))", + printf("read from %08lX [%08lX] (%d bytes => %d (0x%X))", (unsigned long)bio, (unsigned long)argp, argi, ret, ret); tls_dump(argp, (int) ret); return (ret); } else if (cmd == (BIO_CB_WRITE | BIO_CB_RETURN)) { - printf("write to %08lX [%08lX] (%d bytes => %ld (0x%lX))", + printf("write to %08lX [%08lX] (%d bytes => %d (0x%X))", (unsigned long) bio, (unsigned long)argp, argi, ret, ret); tls_dump(argp, (int) ret); @@ -1171,7 +1178,7 @@ EXPORTED int tls_start_servertls(int readfd, int writefd, int timeout, * created for us, so we can use it for debugging purposes. */ if (var_imapd_tls_loglevel >= 3) - BIO_set_callback(SSL_get_rbio(tls_conn), bio_dump_cb); + BIO_set_callback_ex(SSL_get_rbio(tls_conn), bio_dump_cb); /* Dump the negotiation for loglevels 3 and 4*/ if (var_imapd_tls_loglevel >= 3) @@ -1402,7 +1409,7 @@ EXPORTED int tls_shutdown_serverengine(void) sess_dbopen = 0; } -#if (OPENSSL_VERSION_NUMBER >= 0x0090800fL) +#if (OPENSSL_VERSION_NUMBER >= 0x0090800fL) && (OPENSSL_VERSION_NUMBER < 0x30000000L) if (dh_params) DH_free(dh_params); #endif } @@ -1659,7 +1666,7 @@ HIDDEN int tls_start_clienttls(int readfd, int writefd, * created for us, so we can use it for debugging purposes. */ if (var_proxy_tls_loglevel >= 3) - BIO_set_callback(SSL_get_rbio(tls_conn), bio_dump_cb); + BIO_set_callback_ex(SSL_get_rbio(tls_conn), bio_dump_cb); /* Dump the negotiation for loglevels 3 and 4*/ if (var_proxy_tls_loglevel >= 3) diff --git a/imtest/imtest.c b/imtest/imtest.c index a6fcf91e6..ca241fa61 100644 --- a/imtest/imtest.c +++ b/imtest/imtest.c @@ -630,20 +630,22 @@ static int tls_dump(const char *s, int len) /* taken from OpenSSL apps/s_cb.c */ -static long bio_dump_cb(BIO * bio, int cmd, const char *argp, int argi, - long argl __attribute__((unused)), long ret) +static long bio_dump_cb(BIO * bio, int cmd, const char *argp, + size_t len __attribute__((unused)), int argi, + long argl __attribute__((unused)), int ret, + size_t *processed __attribute__((unused))) { if (!do_dump) return (ret); if (cmd == (BIO_CB_READ | BIO_CB_RETURN)) { - printf("read from %08lX [%08lX] (%d bytes => %ld (0x%lX))\n", + printf("read from %08lX [%08lX] (%d bytes => %d (0x%X))\n", (unsigned long) bio, (unsigned long) argp, argi, ret, ret); tls_dump(argp, (int) ret); return (ret); } else if (cmd == (BIO_CB_WRITE | BIO_CB_RETURN)) { - printf("write to %08lX [%08lX] (%d bytes => %ld (0x%lX))\n", + printf("write to %08lX [%08lX] (%d bytes => %d (0x%X))\n", (unsigned long) bio, (unsigned long) argp, argi, ret, ret); tls_dump(argp, (int) ret); @@ -686,7 +688,7 @@ static int tls_start_clienttls(unsigned *layer, char **authid) * created for us, so we can use it for debugging purposes. */ if (verbose==1) - BIO_set_callback(SSL_get_rbio(tls_conn), bio_dump_cb); + BIO_set_callback_ex(SSL_get_rbio(tls_conn), bio_dump_cb); /* Dump the negotiation for loglevels 3 and 4 */ if (verbose==1) -- 2.37.3
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.