webcit-ng openssl 1.1 compatibility

author Art Cancro <ajc@citadel.org>

Tue, 2 Jan 2018 04:01:25 +0000 (23:01 -0500)

committer Art Cancro <ajc@citadel.org>

Tue, 2 Jan 2018 04:01:25 +0000 (23:01 -0500)
author Art Cancro <ajc@citadel.org>
Tue, 2 Jan 2018 04:01:25 +0000 (23:01 -0500)
committer Art Cancro <ajc@citadel.org>
Tue, 2 Jan 2018 04:01:25 +0000 (23:01 -0500)
diff --git a/citadel/modules/crypto/serv_crypto.c b/citadel/modules/crypto/serv_crypto.c

index 815affd1300a126794b4aa7605216aa40a16adc7..ba9a6d03c2b4575f8c43cf46e730d32618cd0e17 100644 (file)
--- a/citadel/modules/crypto/serv_crypto.c
+++ b/citadel/modules/crypto/serv_crypto.c
@@ -79,7 +79,7 @@ void generate_key(char *keyfilename)
         unsigned long e = RSA_F4;
         FILE *fp;
  
-       if (access(file_crpt_file_key, R_OK) == 0) {
+       if (access(keyfilename, R_OK) == 0) {
                 return;
         }
  
@@ -101,7 +101,7 @@ void generate_key(char *keyfilename)
         // write the key file
         fp = fopen(keyfilename, "w");
         if (fp != NULL) {
-               chmod(file_crpt_file_key, 0600);
+               chmod(keyfilename, 0600);
                 if (PEM_write_RSAPrivateKey(fp, /* the file */
                                         rsa,    /* the key */
                                         NULL,   /* no enc */
@@ -111,7 +111,7 @@ void generate_key(char *keyfilename)
                                         NULL    /* no callbk */
                 ) != 1) {
                         syslog(LOG_ERR, "crypto: cannot write key: %s", ERR_reason_error_string(ERR_get_error()));
-                       unlink(file_crpt_file_key);
+                       unlink(keyfilename);
                 }
                 fclose(fp);
         }
diff --git a/webcit-ng/http.c b/webcit-ng/http.c

index eeb51cfd30bb310118f48452f22ea665bbc1c510..0749a21a1380f50b8fc0b5fc8e1e3159238567c0 100644 (file)
--- a/webcit-ng/http.c
+++ b/webcit-ng/http.c
@@ -62,7 +62,7 @@ int client_readline(struct client_handle *ch, char *buf, int maxbytes)
         int len = 0;
         int c = 0;
  
-       if (buf == NULL) return;
+       if (buf == NULL) return(-1);
  
         while (len < maxbytes) {
                 c = client_read(ch, &buf[len], 1);
diff --git a/webcit-ng/ssl.c b/webcit-ng/ssl.c

index 81764a2526653574781964116a7cc06afaf9fbfe..05d62de6ad8fefc7b2ba0d3111e019212c982dd3 100644 (file)
--- a/webcit-ng/ssl.c
+++ b/webcit-ng/ssl.c
@@ -46,6 +46,62 @@ void ssl_lock(int mode, int n, const char *file, int line)
  }
  
  
+/*
+ * Generate a private key for SSL
+ */
+void generate_key(char *keyfilename)
+{
+       int ret = 0;
+       RSA *rsa = NULL;
+       BIGNUM *bne = NULL;
+       int bits = 2048;
+       unsigned long e = RSA_F4;
+       FILE *fp;
+
+       if (access(keyfilename, R_OK) == 0) {
+               return;
+       }
+
+       syslog(LOG_INFO, "crypto: generating RSA key pair");
+ 
+       // generate rsa key
+       bne = BN_new();
+       ret = BN_set_word(bne,e);
+       if (ret != 1) {
+               goto free_all;
+       }
+ 
+       rsa = RSA_new();
+       ret = RSA_generate_key_ex(rsa, bits, bne, NULL);
+       if (ret != 1) {
+               goto free_all;
+       }
+
+       // write the key file
+       fp = fopen(keyfilename, "w");
+       if (fp != NULL) {
+               chmod(keyfilename, 0600);
+               if (PEM_write_RSAPrivateKey(fp, /* the file */
+                                       rsa,    /* the key */
+                                       NULL,   /* no enc */
+                                       NULL,   /* no passphr */
+                                       0,      /* no passphr */
+                                       NULL,   /* no callbk */
+                                       NULL    /* no callbk */
+               ) != 1) {
+                       syslog(LOG_ERR, "crypto: cannot write key: %s", ERR_reason_error_string(ERR_get_error()));
+                       unlink(keyfilename);
+               }
+               fclose(fp);
+       }
+
+    // 4. free
+free_all:
+    RSA_free(rsa);
+    BN_free(bne);
+}
+
+
  /*
   * Initialize ssl engine, load certs and initialize openssl internals
   */
@@ -62,15 +118,6 @@ void init_ssl(void)
         char buf[SIZ];
         int rv = 0;
  
-       if (!access("/var/run/egd-pool", F_OK)) {
-               RAND_egd("/var/run/egd-pool");
-       }
-
-       if (!RAND_status()) {
-               syslog(LOG_WARNING, "PRNG not adequately seeded, won't do SSL/TLS");
-               return;
-       }
-
         SSLCritters = malloc(CRYPTO_num_locks() * sizeof(pthread_mutex_t *));
         if (!SSLCritters) {
                 syslog(LOG_ERR, "citserver: can't allocate memory!!");
@@ -117,40 +164,7 @@ void init_ssl(void)
         /*
          * If we still don't have a private key, generate one.
          */
-       if (access(CTDL_KEY_PATH, R_OK) != 0) {
-               syslog(LOG_INFO, "Generating RSA key pair.\n");
-               rsa = RSA_generate_key(2048,    /* modulus size */
-                                       65537,  /* exponent */
-                                       NULL,   /* no callback */
-                                       NULL    /* no callback */
-               );
-               if (rsa == NULL) {
-                       syslog(LOG_WARNING, "Key generation failed: %s", ERR_reason_error_string(ERR_get_error()));
-               }
-               if (rsa != NULL) {
-                       fp = fopen(CTDL_KEY_PATH, "w");
-                       if (fp != NULL) {
-                               chmod(CTDL_KEY_PATH, 0600);
-                               if (PEM_write_RSAPrivateKey(fp, /* the file */
-                                                       rsa,    /* the key */
-                                                       NULL,   /* no enc */
-                                                       NULL,   /* no passphr */
-                                                       0,      /* no passphr */
-                                                       NULL,   /* no callbk */
-                                                       NULL    /* no callbk */
-                               ) != 1) {
-                                       syslog(LOG_WARNING, "Cannot write key: %s", ERR_reason_error_string(ERR_get_error()));
-                                       unlink(CTDL_KEY_PATH);
-                               }
-                               fclose(fp);
-                       }
-                       else {
-                               syslog(LOG_WARNING, "Cannot write key: %s", CTDL_KEY_PATH);
-                               exit(1);
-                       }
-                       RSA_free(rsa);
-               }
-       }
+       generate_key(CTDL_KEY_PATH);
  
         /*
          * If there is no certificate file on disk, we will be generating a self-signed certificate
@@ -267,8 +281,8 @@ void init_ssl(void)
                                 if (cer = X509_new(), cer != NULL) {
  
                                         ASN1_INTEGER_set(X509_get_serialNumber(cer), 0);
-                                       X509_set_issuer_name(cer, req->req_info->subject);
-                                       X509_set_subject_name(cer, req->req_info->subject);
+                                       X509_set_issuer_name(cer, X509_REQ_get_subject_name(req));
+                                       X509_set_subject_name(cer, X509_REQ_get_subject_name(req));
                                         X509_gmtime_adj(X509_get_notBefore(cer), 0);
                                         X509_gmtime_adj(X509_get_notAfter(cer),(long)60*60*24*SIGN_DAYS);
  
@@ -368,7 +382,6 @@ void starttls(struct client_handle *ch) {
         else {
                 syslog(LOG_INFO, "SSL_accept success");
         }
-       BIO_set_close(ch->ssl_handle->rbio, BIO_NOCLOSE);
         bits = SSL_CIPHER_get_bits(SSL_get_current_cipher(ch->ssl_handle), &alg_bits);
         syslog(LOG_INFO, "SSL/TLS using %s on %s (%d of %d bits)",
                 SSL_CIPHER_get_name(SSL_get_current_cipher(ch->ssl_handle)),
diff --git a/webcit-ng/webcit.h b/webcit-ng/webcit.h

index 6302d458dff62718d06585b1e2471e3543c816a0..1eae0ca10ed37a406818ade9a9a660964564a8b1 100644 (file)
--- a/webcit-ng/webcit.h
+++ b/webcit-ng/webcit.h
@@ -1,7 +1,7 @@
  /*
   * webcit.h - "header of headers"
   *
- * Copyright (c) 1996-2017 by the citadel.org team
+ * Copyright (c) 1996-2018 by the citadel.org team
   *
   * This program is open source software.  You can redistribute it and/or
   * modify it under the terms of the GNU General Public License, version 3.
@@ -14,6 +14,7 @@
  #include <syslog.h>
  #include <string.h>
  #include <fcntl.h>
+#include <sys/stat.h>
  #include <sys/types.h>
  #include <sys/socket.h>
  #include <netinet/in.h>
diff --git a/webcit/crypto.c b/webcit/crypto.c

index eadfbc9bc5fd778aacdaa296473c0a2e3f67526f..5df3e61a13111d676866ed24b6209d6d7505b839 100644 (file)
--- a/webcit/crypto.c
+++ b/webcit/crypto.c
@@ -59,7 +59,7 @@ void generate_key(char *keyfilename)
         unsigned long e = RSA_F4;
         FILE *fp;
  
-       if (access(file_crpt_file_key, R_OK) == 0) {
+       if (access(keyfilename, R_OK) == 0) {
                 return;
         }
  
@@ -91,7 +91,7 @@ void generate_key(char *keyfilename)
                                         NULL    /* no callbk */
                 ) != 1) {
                         syslog(LOG_ERR, "crypto: cannot write key: %s", ERR_reason_error_string(ERR_get_error()));
-                       unlink(file_crpt_file_key);
+                       unlink(keyfilename);
                 }
                 fclose(fp);
         }
author	Art Cancro <ajc@citadel.org>
	Tue, 2 Jan 2018 04:01:25 +0000 (23:01 -0500)
committer	Art Cancro <ajc@citadel.org>
	Tue, 2 Jan 2018 04:01:25 +0000 (23:01 -0500)
citadel/modules/crypto/serv_crypto.c		patch \| blob \| history
webcit-ng/http.c		patch \| blob \| history
webcit-ng/ssl.c		patch \| blob \| history
webcit-ng/webcit.h		patch \| blob \| history
webcit/crypto.c		patch \| blob \| history