From: Art Cancro <ajc@citadel.org>
Date: Tue, 2 Jan 2018 04:01:25 +0000 (-0500)
Subject: webcit-ng openssl 1.1 compatibility
X-Git-Tag: v939~467
X-Git-Url: https://code.citadel.org/?p=citadel.git;a=commitdiff_plain;h=7f7214d4e20d34e813eef0794e55d1a1fe835f93

webcit-ng openssl 1.1 compatibility
---

diff --git a/citadel/modules/crypto/serv_crypto.c b/citadel/modules/crypto/serv_crypto.c
index 815affd13..ba9a6d03c 100644
--- a/citadel/modules/crypto/serv_crypto.c
+++ b/citadel/modules/crypto/serv_crypto.c
@@ -79,7 +79,7 @@ void generate_key(char *keyfilename)
 	unsigned long e = RSA_F4;
 	FILE *fp;
 
-	if (access(file_crpt_file_key, R_OK) == 0) {
+	if (access(keyfilename, R_OK) == 0) {
 		return;
 	}
 
@@ -101,7 +101,7 @@ void generate_key(char *keyfilename)
 	// write the key file
 	fp = fopen(keyfilename, "w");
 	if (fp != NULL) {
-		chmod(file_crpt_file_key, 0600);
+		chmod(keyfilename, 0600);
 		if (PEM_write_RSAPrivateKey(fp,	/* the file */
 					rsa,	/* the key */
 					NULL,	/* no enc */
@@ -111,7 +111,7 @@ void generate_key(char *keyfilename)
 					NULL	/* no callbk */
 		) != 1) {
 			syslog(LOG_ERR, "crypto: cannot write key: %s", ERR_reason_error_string(ERR_get_error()));
-			unlink(file_crpt_file_key);
+			unlink(keyfilename);
 		}
 		fclose(fp);
 	}
diff --git a/webcit-ng/http.c b/webcit-ng/http.c
index eeb51cfd3..0749a21a1 100644
--- a/webcit-ng/http.c
+++ b/webcit-ng/http.c
@@ -62,7 +62,7 @@ int client_readline(struct client_handle *ch, char *buf, int maxbytes)
 	int len = 0;
 	int c = 0;
 
-	if (buf == NULL) return;
+	if (buf == NULL) return(-1);
 
 	while (len < maxbytes) {
 		c = client_read(ch, &buf[len], 1);
diff --git a/webcit-ng/ssl.c b/webcit-ng/ssl.c
index 81764a252..05d62de6a 100644
--- a/webcit-ng/ssl.c
+++ b/webcit-ng/ssl.c
@@ -46,6 +46,62 @@ void ssl_lock(int mode, int n, const char *file, int line)
 }
 
 
+/*
+ * Generate a private key for SSL
+ */
+void generate_key(char *keyfilename)
+{
+	int ret = 0;
+	RSA *rsa = NULL;
+	BIGNUM *bne = NULL;
+	int bits = 2048;
+	unsigned long e = RSA_F4;
+	FILE *fp;
+
+	if (access(keyfilename, R_OK) == 0) {
+		return;
+	}
+
+	syslog(LOG_INFO, "crypto: generating RSA key pair");
+ 
+	// generate rsa key
+	bne = BN_new();
+	ret = BN_set_word(bne,e);
+	if (ret != 1) {
+		goto free_all;
+	}
+ 
+	rsa = RSA_new();
+	ret = RSA_generate_key_ex(rsa, bits, bne, NULL);
+	if (ret != 1) {
+		goto free_all;
+	}
+
+	// write the key file
+	fp = fopen(keyfilename, "w");
+	if (fp != NULL) {
+		chmod(keyfilename, 0600);
+		if (PEM_write_RSAPrivateKey(fp,	/* the file */
+					rsa,	/* the key */
+					NULL,	/* no enc */
+					NULL,	/* no passphr */
+					0,	/* no passphr */
+					NULL,	/* no callbk */
+					NULL	/* no callbk */
+		) != 1) {
+			syslog(LOG_ERR, "crypto: cannot write key: %s", ERR_reason_error_string(ERR_get_error()));
+			unlink(keyfilename);
+		}
+		fclose(fp);
+	}
+
+    // 4. free
+free_all:
+    RSA_free(rsa);
+    BN_free(bne);
+}
+
+
 /*
  * Initialize ssl engine, load certs and initialize openssl internals
  */
@@ -62,15 +118,6 @@ void init_ssl(void)
 	char buf[SIZ];
 	int rv = 0;
 
-	if (!access("/var/run/egd-pool", F_OK)) {
-		RAND_egd("/var/run/egd-pool");
-	}
-
-	if (!RAND_status()) {
-		syslog(LOG_WARNING, "PRNG not adequately seeded, won't do SSL/TLS");
-		return;
-	}
-
 	SSLCritters = malloc(CRYPTO_num_locks() * sizeof(pthread_mutex_t *));
 	if (!SSLCritters) {
 		syslog(LOG_ERR, "citserver: can't allocate memory!!");
@@ -117,40 +164,7 @@ void init_ssl(void)
 	/*
 	 * If we still don't have a private key, generate one.
 	 */
-	if (access(CTDL_KEY_PATH, R_OK) != 0) {
-		syslog(LOG_INFO, "Generating RSA key pair.\n");
-		rsa = RSA_generate_key(2048,	/* modulus size */
-					65537,	/* exponent */
-					NULL,	/* no callback */
-					NULL	/* no callback */
-		);
-		if (rsa == NULL) {
-			syslog(LOG_WARNING, "Key generation failed: %s", ERR_reason_error_string(ERR_get_error()));
-		}
-		if (rsa != NULL) {
-			fp = fopen(CTDL_KEY_PATH, "w");
-			if (fp != NULL) {
-				chmod(CTDL_KEY_PATH, 0600);
-				if (PEM_write_RSAPrivateKey(fp,	/* the file */
-							rsa,	/* the key */
-							NULL,	/* no enc */
-							NULL,	/* no passphr */
-							0,	/* no passphr */
-							NULL,	/* no callbk */
-							NULL	/* no callbk */
-				) != 1) {
-					syslog(LOG_WARNING, "Cannot write key: %s", ERR_reason_error_string(ERR_get_error()));
-					unlink(CTDL_KEY_PATH);
-				}
-				fclose(fp);
-			}
-			else {
-				syslog(LOG_WARNING, "Cannot write key: %s", CTDL_KEY_PATH);
-				exit(1);
-			}
-			RSA_free(rsa);
-		}
-	}
+	generate_key(CTDL_KEY_PATH);
 
 	/*
 	 * If there is no certificate file on disk, we will be generating a self-signed certificate
@@ -267,8 +281,8 @@ void init_ssl(void)
 				if (cer = X509_new(), cer != NULL) {
 
 					ASN1_INTEGER_set(X509_get_serialNumber(cer), 0);
-					X509_set_issuer_name(cer, req->req_info->subject);
-					X509_set_subject_name(cer, req->req_info->subject);
+					X509_set_issuer_name(cer, X509_REQ_get_subject_name(req));
+					X509_set_subject_name(cer, X509_REQ_get_subject_name(req));
 					X509_gmtime_adj(X509_get_notBefore(cer), 0);
 					X509_gmtime_adj(X509_get_notAfter(cer),(long)60*60*24*SIGN_DAYS);
 
@@ -368,7 +382,6 @@ void starttls(struct client_handle *ch) {
 	else {
 		syslog(LOG_INFO, "SSL_accept success");
 	}
-	BIO_set_close(ch->ssl_handle->rbio, BIO_NOCLOSE);
 	bits = SSL_CIPHER_get_bits(SSL_get_current_cipher(ch->ssl_handle), &alg_bits);
 	syslog(LOG_INFO, "SSL/TLS using %s on %s (%d of %d bits)",
 		SSL_CIPHER_get_name(SSL_get_current_cipher(ch->ssl_handle)),
diff --git a/webcit-ng/webcit.h b/webcit-ng/webcit.h
index 6302d458d..1eae0ca10 100644
--- a/webcit-ng/webcit.h
+++ b/webcit-ng/webcit.h
@@ -1,7 +1,7 @@
 /*
  * webcit.h - "header of headers"
  *
- * Copyright (c) 1996-2017 by the citadel.org team
+ * Copyright (c) 1996-2018 by the citadel.org team
  *
  * This program is open source software.  You can redistribute it and/or
  * modify it under the terms of the GNU General Public License, version 3.
@@ -14,6 +14,7 @@
 #include <syslog.h>
 #include <string.h>
 #include <fcntl.h>
+#include <sys/stat.h>
 #include <sys/types.h>
 #include <sys/socket.h>
 #include <netinet/in.h>
diff --git a/webcit/crypto.c b/webcit/crypto.c
index eadfbc9bc..5df3e61a1 100644
--- a/webcit/crypto.c
+++ b/webcit/crypto.c
@@ -59,7 +59,7 @@ void generate_key(char *keyfilename)
 	unsigned long e = RSA_F4;
 	FILE *fp;
 
-	if (access(file_crpt_file_key, R_OK) == 0) {
+	if (access(keyfilename, R_OK) == 0) {
 		return;
 	}
 
@@ -91,7 +91,7 @@ void generate_key(char *keyfilename)
 					NULL	/* no callbk */
 		) != 1) {
 			syslog(LOG_ERR, "crypto: cannot write key: %s", ERR_reason_error_string(ERR_get_error()));
-			unlink(file_crpt_file_key);
+			unlink(keyfilename);
 		}
 		fclose(fp);
 	}