Update OpenSSL calls to work with LibreSSL/newer OpenSSL

RSA_generate_key has been deprecated, and is not available in either LibreSSL or newer OpenSSL that are not compiled with deprecated call support. This commit switches to the still-supported RSA_generate_key_ex, which is supported by both libraries. Note that this is still insufficient for Factor to work under LibreSSL, though we now get a call further than before.
2016-02-22 13:37:54 -05:00 · 2016-02-22 13:37:54 -05:00 · 8073c8a77e
parent 69d5a3a276
commit 8073c8a77e
2 changed files with 30 additions and 12 deletions
--- a/basis/io/sockets/secure/openssl/openssl.factor
+++ b/basis/io/sockets/secure/openssl/openssl.factor
@ -1,14 +1,14 @@
 ! Copyright (C) 2007, 2008, Slava Pestov, Elie CHAFTARI.
 ! See http://factorcode.org/license.txt for BSD license.
 USING: accessors alien alien.c-types alien.data alien.strings
-assocs byte-arrays classes.struct combinators destructors fry io
-io.backend io.buffers io.encodings.8-bit.latin1
+assocs byte-arrays classes.struct combinators destructors fry
+io io.binary io.backend io.buffers io.encodings.8-bit.latin1
 io.encodings.utf8 io.files io.pathnames io.ports io.sockets
 io.sockets.secure io.timeouts kernel libc

-locals math math.order math.parser namespaces openssl
-openssl.libcrypto openssl.libssl random sequences splitting
-unicode.case ;
+locals math math.functions math.order math.parser namespaces
+openssl openssl.libcrypto openssl.libssl random sequences
+splitting unicode.case ;
 IN: io.sockets.secure.openssl

 GENERIC: ssl-method ( symbol -- method )
@ -20,6 +20,18 @@ M: TLSv1  ssl-method drop TLSv1_method ;

 TUPLE: openssl-context < secure-context aliens sessions ;

+<PRIVATE
+
+: bn-bytes-needed ( num -- bytes-required )
+    log2 1 + 8 / ceiling ;
+
+PRIVATE>
+
+: number>bn ( num -- bn )
+    dup bn-bytes-needed >be
+    dup length
+    f BN_bin2bn ; inline
+
 : set-session-cache ( ctx -- )
    handle>>
    [ SSL_SESS_CACHE_BOTH SSL_CTX_set_session_cache_mode ssl-error ]
@ -113,9 +125,13 @@ M: rsa dispose* handle>> RSA_free ;

 : generate-eph-rsa-key ( ctx -- )
    [ handle>> ]
-    [
-        config>> ephemeral-key-bits>> RSA_F4 f f RSA_generate_key
-        dup ssl-error <rsa> &dispose handle>>
+    [| ctx |
+        RSA_new :> rsa-struct
+            rsa-struct
+            ctx config>> ephemeral-key-bits>>
+            RSA_F4 number>bn &BN_clear_free
+            f RSA_generate_key_ex
+        ssl-error rsa-struct <rsa> &dispose handle>>
    ] bi
    SSL_CTX_set_tmp_rsa ssl-error ;

--- a/basis/openssl/libcrypto/libcrypto.factor
+++ b/basis/openssl/libcrypto/libcrypto.factor
@ -5,8 +5,8 @@
 !
 ! export LD_LIBRARY_PATH=/opt/local/lib

-USING: alien alien.c-types alien.libraries alien.syntax
-classes.struct combinators system ;
+USING: alien alien.c-types alien.destructors alien.libraries
+alien.syntax classes.struct combinators system ;

 IN: openssl.libcrypto

@ -180,8 +180,9 @@ FUNCTION: void* PEM_read_bio_DHparams ( void* bp, void* x, void* cb,
 ! rsa.h
 ! ===============================================

-FUNCTION: void* RSA_generate_key ( int num, ulong e, void* callback,
-                                   void* cb_arg )
+FUNCTION: void* RSA_new ( )
+
+FUNCTION: int RSA_generate_key_ex ( void* rsa int bits, void* e, void* cb )

 FUNCTION: int RSA_check_key ( void* rsa )

@ -206,6 +207,7 @@ FUNCTION: void* BN_bin2bn ( void* s, int len, void* ret )
 FUNCTION: int BN_bn2bin ( void* a, void* to )

 FUNCTION: void BN_clear_free ( void* a )
+DESTRUCTOR: BN_clear_free

 ! ===============================================
 ! ec.h