diff options
Diffstat (limited to 'pkgs/os-specific/linux/chromium-os/libbrillo/0004-libbrillo-Update-for-OpenSSL-1.1.patch')
-rw-r--r-- | pkgs/os-specific/linux/chromium-os/libbrillo/0004-libbrillo-Update-for-OpenSSL-1.1.patch | 218 |
1 files changed, 218 insertions, 0 deletions
diff --git a/pkgs/os-specific/linux/chromium-os/libbrillo/0004-libbrillo-Update-for-OpenSSL-1.1.patch b/pkgs/os-specific/linux/chromium-os/libbrillo/0004-libbrillo-Update-for-OpenSSL-1.1.patch new file mode 100644 index 00000000000..6bdb61c4997 --- /dev/null +++ b/pkgs/os-specific/linux/chromium-os/libbrillo/0004-libbrillo-Update-for-OpenSSL-1.1.patch @@ -0,0 +1,218 @@ +From ad7338d648cfeffbd595e9a7681f746ce834d59e Mon Sep 17 00:00:00 2001 +From: Daniel Kurtz <djkurtz@chromium.org> +Date: Mon, 3 Jun 2019 16:46:17 -0600 +Subject: [PATCH 4/9] libbrillo: Update for OpenSSL 1.1 + +OpenSSL 1.1 has made significant non-backwards compatible changes to its +API as outlined in: +https://wiki.openssl.org/index.php/OpenSSL_1.1.0_Changes + +Note: There are cases (sludge, tael, tatl), where libbrillo is built +against a libchrome that has been built w/out libbase-crypto (ie, +USE="-crypto"). For this reason, we don't use its libcrypto-compat.h. + +BUG=chromium:737445 +TEST=cros_workon --board=sarien start libbrillo +TEST=w/ openssl-1.0.2t: FEATURES=test emerge-sarien libbrillo +TEST=w/ openssl-1.1.0j: FEATURES=test emerge-sarien libbrillo + => Both build and pass all unittests + +Change-Id: I911c733e63ccbe58b7d9ef6d8e84c9e121056725 +Reviewed-on: https://chromium-review.googlesource.com/1641754 +Tested-by: Daniel Kurtz <djkurtz@chromium.org> +Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com> +Legacy-Commit-Queue: Commit Bot <commit-bot@chromium.org> +Reviewed-by: Mike Frysinger <vapier@chromium.org> +Reviewed-by: Nick Crews <ncrews@chromium.org> +--- + .../brillo/streams/openssl_stream_bio.cc | 75 ++++++++++++++++--- + libbrillo/brillo/streams/tls_stream.cc | 7 +- + libbrillo/policy/device_policy_impl.cc | 10 ++- + 3 files changed, 77 insertions(+), 15 deletions(-) + +diff --git a/libbrillo/brillo/streams/openssl_stream_bio.cc b/libbrillo/brillo/streams/openssl_stream_bio.cc +index a63d9c0cc..478b11233 100644 +--- a/libbrillo/brillo/streams/openssl_stream_bio.cc ++++ b/libbrillo/brillo/streams/openssl_stream_bio.cc +@@ -13,9 +13,32 @@ namespace brillo { + + namespace { + ++// TODO(crbug.com/984789): Remove once support for OpenSSL <1.1 is dropped. ++#if OPENSSL_VERSION_NUMBER < 0x10100000L ++static void BIO_set_data(BIO* a, void* ptr) { ++ a->ptr = ptr; ++} ++ ++static void* BIO_get_data(BIO* a) { ++ return a->ptr; ++} ++ ++static void BIO_set_init(BIO* a, int init) { ++ a->init = init; ++} ++ ++static int BIO_get_init(BIO* a) { ++ return a->init; ++} ++ ++static void BIO_set_shutdown(BIO* a, int shut) { ++ a->shutdown = shut; ++} ++#endif ++ + // Internal functions for implementing OpenSSL BIO on brillo::Stream. + int stream_write(BIO* bio, const char* buf, int size) { +- brillo::Stream* stream = static_cast<brillo::Stream*>(bio->ptr); ++ brillo::Stream* stream = static_cast<brillo::Stream*>(BIO_get_data(bio)); + size_t written = 0; + BIO_clear_retry_flags(bio); + if (!stream->WriteNonBlocking(buf, size, &written, nullptr)) +@@ -30,7 +53,7 @@ int stream_write(BIO* bio, const char* buf, int size) { + } + + int stream_read(BIO* bio, char* buf, int size) { +- brillo::Stream* stream = static_cast<brillo::Stream*>(bio->ptr); ++ brillo::Stream* stream = static_cast<brillo::Stream*>(BIO_get_data(bio)); + size_t read = 0; + BIO_clear_retry_flags(bio); + bool eos = false; +@@ -49,16 +72,16 @@ int stream_read(BIO* bio, char* buf, int size) { + // NOLINTNEXTLINE(runtime/int) + long stream_ctrl(BIO* bio, int cmd, long /* num */, void* /* ptr */) { + if (cmd == BIO_CTRL_FLUSH) { +- brillo::Stream* stream = static_cast<brillo::Stream*>(bio->ptr); ++ brillo::Stream* stream = static_cast<brillo::Stream*>(BIO_get_data(bio)); + return stream->FlushBlocking(nullptr) ? 1 : 0; + } + return 0; + } + + int stream_new(BIO* bio) { +- bio->shutdown = 0; // By default do not close underlying stream on shutdown. +- bio->init = 0; +- bio->num = -1; // not used. ++ // By default do not close underlying stream on shutdown. ++ BIO_set_shutdown(bio, 0); ++ BIO_set_init(bio, 0); + return 1; + } + +@@ -66,13 +89,17 @@ int stream_free(BIO* bio) { + if (!bio) + return 0; + +- if (bio->init) { +- bio->ptr = nullptr; +- bio->init = 0; ++ if (BIO_get_init(bio)) { ++ BIO_set_data(bio, nullptr); ++ BIO_set_init(bio, 0); + } + return 1; + } + ++#if OPENSSL_VERSION_NUMBER < 0x10100000L ++// TODO(crbug.com/984789): Remove #ifdef once support for OpenSSL <1.1 is ++// dropped. ++ + // BIO_METHOD structure describing the BIO built on top of brillo::Stream. + BIO_METHOD stream_method = { + 0x7F | BIO_TYPE_SOURCE_SINK, // type: 0x7F is an arbitrary unused type ID. +@@ -87,13 +114,37 @@ BIO_METHOD stream_method = { + nullptr, // callback function, not used + }; + ++BIO_METHOD* stream_get_method() { ++ return &stream_method; ++} ++ ++#else ++ ++BIO_METHOD* stream_get_method() { ++ static BIO_METHOD* stream_method; ++ ++ if (!stream_method) { ++ stream_method = BIO_meth_new(BIO_get_new_index() | BIO_TYPE_SOURCE_SINK, ++ "stream"); ++ BIO_meth_set_write(stream_method, stream_write); ++ BIO_meth_set_read(stream_method, stream_read); ++ BIO_meth_set_ctrl(stream_method, stream_ctrl); ++ BIO_meth_set_create(stream_method, stream_new); ++ BIO_meth_set_destroy(stream_method, stream_free); ++ } ++ ++ return stream_method; ++} ++ ++#endif ++ + } // anonymous namespace + + BIO* BIO_new_stream(brillo::Stream* stream) { +- BIO* bio = BIO_new(&stream_method); ++ BIO* bio = BIO_new(stream_get_method()); + if (bio) { +- bio->ptr = stream; +- bio->init = 1; ++ BIO_set_data(bio, stream); ++ BIO_set_init(bio, 1); + } + return bio; + } +diff --git a/libbrillo/brillo/streams/tls_stream.cc b/libbrillo/brillo/streams/tls_stream.cc +index 603bd1d54..cc63258db 100644 +--- a/libbrillo/brillo/streams/tls_stream.cc ++++ b/libbrillo/brillo/streams/tls_stream.cc +@@ -68,6 +68,11 @@ const char kCACertificatePath[] = + + namespace brillo { + ++// TODO(crbug.com/984789): Remove once support for OpenSSL <1.1 is dropped. ++#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#define TLS_client_method() TLSv1_2_client_method() ++#endif ++ + // Helper implementation of TLS stream used to hide most of OpenSSL inner + // workings from the users of brillo::TlsStream. + class TlsStream::TlsStreamImpl { +@@ -342,7 +347,7 @@ bool TlsStream::TlsStreamImpl::Init(StreamPtr socket, + const base::Closure& success_callback, + const Stream::ErrorCallback& error_callback, + ErrorPtr* error) { +- ctx_.reset(SSL_CTX_new(TLSv1_2_client_method())); ++ ctx_.reset(SSL_CTX_new(TLS_client_method())); + if (!ctx_) + return ReportError(error, FROM_HERE, "Cannot create SSL_CTX"); + +diff --git a/libbrillo/policy/device_policy_impl.cc b/libbrillo/policy/device_policy_impl.cc +index eaf90c96a..3f96d12ee 100644 +--- a/libbrillo/policy/device_policy_impl.cc ++++ b/libbrillo/policy/device_policy_impl.cc +@@ -30,6 +30,12 @@ namespace em = enterprise_management; + + namespace policy { + ++// TODO(crbug.com/984789): Remove once support for OpenSSL <1.1 is dropped. ++#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#define EVP_MD_CTX_new EVP_MD_CTX_create ++#define EVP_MD_CTX_free EVP_MD_CTX_destroy ++#endif ++ + // Maximum value of RollbackAllowedMilestones policy. + const int kMaxRollbackAllowedMilestones = 4; + +@@ -55,8 +61,8 @@ bool ReadPublicKeyFromFile(const base::FilePath& key_file, + bool VerifySignature(const std::string& signed_data, + const std::string& signature, + const std::string& public_key) { +- std::unique_ptr<EVP_MD_CTX, void (*)(EVP_MD_CTX *)> ctx(EVP_MD_CTX_create(), +- EVP_MD_CTX_destroy); ++ std::unique_ptr<EVP_MD_CTX, void (*)(EVP_MD_CTX *)> ctx(EVP_MD_CTX_new(), ++ EVP_MD_CTX_free); + if (!ctx) + return false; + +-- +2.23.0 + |