API tools faq
paste
Advertisement
Guest User

grpc-1.2.5-openssl-1.1.patch

a guest
Apr 25th, 2017
156
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Diff 4.53 KB | None | 0 0
raw download clone embed print report
  1. diff -ur grpc-1.2.5.orig/src/core/lib/security/credentials/jwt/jwt_verifier.c grpc-1.2.5/src/core/lib/security/credentials/jwt/jwt_verifier.c
  2. --- grpc-1.2.5.orig/src/core/lib/security/credentials/jwt/jwt_verifier.c    2017-04-20 02:35:34.000000000 +0100
  3. +++ grpc-1.2.5/src/core/lib/security/credentials/jwt/jwt_verifier.c 2017-04-25 12:05:10.952748903 +0100
  4. @@ -482,6 +482,7 @@
  5.    const grpc_json *key_prop;
  6.    RSA *rsa = NULL;
  7.    EVP_PKEY *result = NULL;
  8. +  BIGNUM *n = NULL, *e = NULL;
  9.  
  10.    GPR_ASSERT(kty != NULL && json != NULL);
  11.    if (strcmp(kty, "RSA") != 0) {
  12. @@ -495,20 +496,26 @@
  13.    }
  14.    for (key_prop = json->child; key_prop != NULL; key_prop = key_prop->next) {
  15.      if (strcmp(key_prop->key, "n") == 0) {
  16. -      rsa->n =
  17. -          bignum_from_base64(exec_ctx, validate_string_field(key_prop, "n"));
  18. -      if (rsa->n == NULL) goto end;
  19. +      n = bignum_from_base64(exec_ctx, validate_string_field(key_prop, "n"));
  20. +      if (n == NULL) goto end;
  21.      } else if (strcmp(key_prop->key, "e") == 0) {
  22. -      rsa->e =
  23. -          bignum_from_base64(exec_ctx, validate_string_field(key_prop, "e"));
  24. -      if (rsa->e == NULL) goto end;
  25. +      e = bignum_from_base64(exec_ctx, validate_string_field(key_prop, "e"));
  26. +      if (e == NULL) goto end;
  27.      }
  28.    }
  29. -  if (rsa->e == NULL || rsa->n == NULL) {
  30. +  if (e == NULL || n == NULL) {
  31.      gpr_log(GPR_ERROR, "Missing RSA public key field.");
  32.      goto end;
  33.    }
  34. +  if (RSA_set0_key(rsa, n, e, NULL)) {
  35. +    n = e = NULL;  // Now owned by the RSA object.
  36. +  } else {
  37. +    goto end;
  38. +  }
  39. +
  40.    result = EVP_PKEY_new();
  41. +  if (n != NULL) BN_free(n);
  42. +  if (e != NULL) BN_free(e);
  43.    EVP_PKEY_set1_RSA(result, rsa); /* uprefs rsa. */
  44.  
  45.  end:
  46. diff -ur grpc-1.2.5.orig/src/core/lib/tsi/ssl_transport_security.c grpc-1.2.5/src/core/lib/tsi/ssl_transport_security.c
  47. --- grpc-1.2.5.orig/src/core/lib/tsi/ssl_transport_security.c   2017-04-20 02:35:34.000000000 +0100
  48. +++ grpc-1.2.5/src/core/lib/tsi/ssl_transport_security.c    2017-04-25 13:14:09.393354748 +0100
  49. @@ -129,34 +129,11 @@
  50.  /* --- Library Initialization. ---*/
  51.  
  52.  static gpr_once init_openssl_once = GPR_ONCE_INIT;
  53. -static gpr_mu *openssl_mutexes = NULL;
  54. -
  55. -static void openssl_locking_cb(int mode, int type, const char *file, int line) {
  56. -  if (mode & CRYPTO_LOCK) {
  57. -    gpr_mu_lock(&openssl_mutexes[type]);
  58. -  } else {
  59. -    gpr_mu_unlock(&openssl_mutexes[type]);
  60. -  }
  61. -}
  62. -
  63. -static unsigned long openssl_thread_id_cb(void) {
  64. -  return (unsigned long)gpr_thd_currentid();
  65. -}
  66.  
  67.  static void init_openssl(void) {
  68. -  int i;
  69. -  int num_locks;
  70.    SSL_library_init();
  71.    SSL_load_error_strings();
  72.    OpenSSL_add_all_algorithms();
  73. -  num_locks = CRYPTO_num_locks();
  74. -  GPR_ASSERT(num_locks > 0);
  75. -  openssl_mutexes = gpr_malloc((size_t)num_locks * sizeof(gpr_mu));
  76. -  for (i = 0; i < CRYPTO_num_locks(); i++) {
  77. -    gpr_mu_init(&openssl_mutexes[i]);
  78. -  }
  79. -  CRYPTO_set_locking_callback(openssl_locking_cb);
  80. -  CRYPTO_set_id_callback(openssl_thread_id_cb);
  81.  }
  82.  
  83.  /* --- Ssl utils. ---*/
  84. @@ -1328,7 +1305,7 @@
  85.    *factory = NULL;
  86.    if (pem_root_certs == NULL) return TSI_INVALID_ARGUMENT;
  87.  
  88. -  ssl_context = SSL_CTX_new(TLSv1_2_method());
  89. +  ssl_context = SSL_CTX_new(TLS_method());
  90.    if (ssl_context == NULL) {
  91.      gpr_log(GPR_ERROR, "Could not create ssl context.");
  92.      return TSI_INVALID_ARGUMENT;
  93. @@ -1338,6 +1315,12 @@
  94.    impl->ssl_context = ssl_context;
  95.  
  96.    do {
  97. +    result = SSL_CTX_set_min_proto_version(ssl_context, TLS1_2_VERSION);
  98. +    if (result != TSI_OK) {
  99. +      gpr_log(GPR_ERROR, "Could not set minimum TLS version.");
  100. +      break;
  101. +    }
  102. +
  103.      result =
  104.          populate_ssl_context(ssl_context, pem_private_key, pem_private_key_size,
  105.                               pem_cert_chain, pem_cert_chain_size, cipher_list);
  106. @@ -1454,12 +1437,17 @@
  107.  
  108.    for (i = 0; i < key_cert_pair_count; i++) {
  109.      do {
  110. -      impl->ssl_contexts[i] = SSL_CTX_new(TLSv1_2_method());
  111. +      impl->ssl_contexts[i] = SSL_CTX_new(TLS_method());
  112.        if (impl->ssl_contexts[i] == NULL) {
  113.          gpr_log(GPR_ERROR, "Could not create ssl context.");
  114.          result = TSI_OUT_OF_RESOURCES;
  115.          break;
  116.        }
  117. +      result = SSL_CTX_set_min_proto_version(impl->ssl_contexts[i], TLS1_2_VERSION);
  118. +      if (result != TSI_OK) {
  119. +        gpr_log(GPR_ERROR, "Could not set minimum TLS version.");
  120. +        break;
  121. +      }
  122.        result = populate_ssl_context(
  123.            impl->ssl_contexts[i], pem_private_keys[i], pem_private_keys_sizes[i],
  124.            pem_cert_chains[i], pem_cert_chains_sizes[i], cipher_list);
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!