Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- diff -ur grpc-1.2.5.orig/src/core/lib/security/credentials/jwt/jwt_verifier.c grpc-1.2.5/src/core/lib/security/credentials/jwt/jwt_verifier.c
- --- grpc-1.2.5.orig/src/core/lib/security/credentials/jwt/jwt_verifier.c 2017-04-20 02:35:34.000000000 +0100
- +++ grpc-1.2.5/src/core/lib/security/credentials/jwt/jwt_verifier.c 2017-04-25 12:05:10.952748903 +0100
- @@ -482,6 +482,7 @@
- const grpc_json *key_prop;
- RSA *rsa = NULL;
- EVP_PKEY *result = NULL;
- + BIGNUM *n = NULL, *e = NULL;
- GPR_ASSERT(kty != NULL && json != NULL);
- if (strcmp(kty, "RSA") != 0) {
- @@ -495,20 +496,26 @@
- }
- for (key_prop = json->child; key_prop != NULL; key_prop = key_prop->next) {
- if (strcmp(key_prop->key, "n") == 0) {
- - rsa->n =
- - bignum_from_base64(exec_ctx, validate_string_field(key_prop, "n"));
- - if (rsa->n == NULL) goto end;
- + n = bignum_from_base64(exec_ctx, validate_string_field(key_prop, "n"));
- + if (n == NULL) goto end;
- } else if (strcmp(key_prop->key, "e") == 0) {
- - rsa->e =
- - bignum_from_base64(exec_ctx, validate_string_field(key_prop, "e"));
- - if (rsa->e == NULL) goto end;
- + e = bignum_from_base64(exec_ctx, validate_string_field(key_prop, "e"));
- + if (e == NULL) goto end;
- }
- }
- - if (rsa->e == NULL || rsa->n == NULL) {
- + if (e == NULL || n == NULL) {
- gpr_log(GPR_ERROR, "Missing RSA public key field.");
- goto end;
- }
- + if (RSA_set0_key(rsa, n, e, NULL)) {
- + n = e = NULL; // Now owned by the RSA object.
- + } else {
- + goto end;
- + }
- +
- result = EVP_PKEY_new();
- + if (n != NULL) BN_free(n);
- + if (e != NULL) BN_free(e);
- EVP_PKEY_set1_RSA(result, rsa); /* uprefs rsa. */
- end:
- diff -ur grpc-1.2.5.orig/src/core/lib/tsi/ssl_transport_security.c grpc-1.2.5/src/core/lib/tsi/ssl_transport_security.c
- --- grpc-1.2.5.orig/src/core/lib/tsi/ssl_transport_security.c 2017-04-20 02:35:34.000000000 +0100
- +++ grpc-1.2.5/src/core/lib/tsi/ssl_transport_security.c 2017-04-25 13:14:09.393354748 +0100
- @@ -129,34 +129,11 @@
- /* --- Library Initialization. ---*/
- static gpr_once init_openssl_once = GPR_ONCE_INIT;
- -static gpr_mu *openssl_mutexes = NULL;
- -
- -static void openssl_locking_cb(int mode, int type, const char *file, int line) {
- - if (mode & CRYPTO_LOCK) {
- - gpr_mu_lock(&openssl_mutexes[type]);
- - } else {
- - gpr_mu_unlock(&openssl_mutexes[type]);
- - }
- -}
- -
- -static unsigned long openssl_thread_id_cb(void) {
- - return (unsigned long)gpr_thd_currentid();
- -}
- static void init_openssl(void) {
- - int i;
- - int num_locks;
- SSL_library_init();
- SSL_load_error_strings();
- OpenSSL_add_all_algorithms();
- - num_locks = CRYPTO_num_locks();
- - GPR_ASSERT(num_locks > 0);
- - openssl_mutexes = gpr_malloc((size_t)num_locks * sizeof(gpr_mu));
- - for (i = 0; i < CRYPTO_num_locks(); i++) {
- - gpr_mu_init(&openssl_mutexes[i]);
- - }
- - CRYPTO_set_locking_callback(openssl_locking_cb);
- - CRYPTO_set_id_callback(openssl_thread_id_cb);
- }
- /* --- Ssl utils. ---*/
- @@ -1328,7 +1305,7 @@
- *factory = NULL;
- if (pem_root_certs == NULL) return TSI_INVALID_ARGUMENT;
- - ssl_context = SSL_CTX_new(TLSv1_2_method());
- + ssl_context = SSL_CTX_new(TLS_method());
- if (ssl_context == NULL) {
- gpr_log(GPR_ERROR, "Could not create ssl context.");
- return TSI_INVALID_ARGUMENT;
- @@ -1338,6 +1315,12 @@
- impl->ssl_context = ssl_context;
- do {
- + result = SSL_CTX_set_min_proto_version(ssl_context, TLS1_2_VERSION);
- + if (result != TSI_OK) {
- + gpr_log(GPR_ERROR, "Could not set minimum TLS version.");
- + break;
- + }
- +
- result =
- populate_ssl_context(ssl_context, pem_private_key, pem_private_key_size,
- pem_cert_chain, pem_cert_chain_size, cipher_list);
- @@ -1454,12 +1437,17 @@
- for (i = 0; i < key_cert_pair_count; i++) {
- do {
- - impl->ssl_contexts[i] = SSL_CTX_new(TLSv1_2_method());
- + impl->ssl_contexts[i] = SSL_CTX_new(TLS_method());
- if (impl->ssl_contexts[i] == NULL) {
- gpr_log(GPR_ERROR, "Could not create ssl context.");
- result = TSI_OUT_OF_RESOURCES;
- break;
- }
- + result = SSL_CTX_set_min_proto_version(impl->ssl_contexts[i], TLS1_2_VERSION);
- + if (result != TSI_OK) {
- + gpr_log(GPR_ERROR, "Could not set minimum TLS version.");
- + break;
- + }
- result = populate_ssl_context(
- impl->ssl_contexts[i], pem_private_keys[i], pem_private_keys_sizes[i],
- pem_cert_chains[i], pem_cert_chains_sizes[i], cipher_list);
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement