Created
May 4, 2017 11:04
-
-
Save gavxin/330917d7b96830410e4d219c837b4011 to your computer and use it in GitHub Desktop.
grpc patch for openssl 1.1.0c
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
diff --git a/3rdparty/grpc/src/core/lib/security/credentials/jwt/jwt_verifier.c b/3rdparty/grpc/src/core/lib/security/credentials/jwt/jwt_verifier.c | |
index 0e2a264..61f262c 100644 | |
--- a/3rdparty/grpc/src/core/lib/security/credentials/jwt/jwt_verifier.c | |
+++ b/3rdparty/grpc/src/core/lib/security/credentials/jwt/jwt_verifier.c | |
@@ -482,6 +482,7 @@ static EVP_PKEY *pkey_from_jwk(grpc_exec_ctx *exec_ctx, const grpc_json *json, | |
const grpc_json *key_prop; | |
RSA *rsa = NULL; | |
EVP_PKEY *result = NULL; | |
+ BIGNUM *n = NULL, *e = NULL; | |
GPR_ASSERT(kty != NULL && json != NULL); | |
if (strcmp(kty, "RSA") != 0) { | |
@@ -493,26 +494,33 @@ static EVP_PKEY *pkey_from_jwk(grpc_exec_ctx *exec_ctx, const grpc_json *json, | |
gpr_log(GPR_ERROR, "Could not create rsa key."); | |
goto end; | |
} | |
+ | |
for (key_prop = json->child; key_prop != NULL; key_prop = key_prop->next) { | |
if (strcmp(key_prop->key, "n") == 0) { | |
- rsa->n = | |
- bignum_from_base64(exec_ctx, validate_string_field(key_prop, "n")); | |
- if (rsa->n == NULL) goto end; | |
+ n = bignum_from_base64(exec_ctx, validate_string_field(key_prop, "n")); | |
+ if (n == NULL) goto end; | |
} else if (strcmp(key_prop->key, "e") == 0) { | |
- rsa->e = | |
- bignum_from_base64(exec_ctx, validate_string_field(key_prop, "e")); | |
- if (rsa->e == NULL) goto end; | |
+ e = bignum_from_base64(exec_ctx, validate_string_field(key_prop, "e")); | |
+ if (e == NULL) goto end; | |
} | |
} | |
- if (rsa->e == NULL || rsa->n == NULL) { | |
+ if (e == NULL || n == NULL) { | |
gpr_log(GPR_ERROR, "Missing RSA public key field."); | |
goto end; | |
} | |
+ if (RSA_set0_key(rsa, n, e, NULL)) { | |
+ n = e = NULL; // Now owned by the RSA object | |
+ } else { | |
+ goto end; | |
+ } | |
+ | |
result = EVP_PKEY_new(); | |
EVP_PKEY_set1_RSA(result, rsa); /* uprefs rsa. */ | |
end: | |
if (rsa != NULL) RSA_free(rsa); | |
+ if (n != NULL) BN_free(n); | |
+ if (e != NULL) BN_free(e); | |
return result; | |
} | |
diff --git a/3rdparty/grpc/src/core/tsi/ssl_transport_security.c b/3rdparty/grpc/src/core/tsi/ssl_transport_security.c | |
index 984f745..cee35c1 100644 | |
--- a/3rdparty/grpc/src/core/tsi/ssl_transport_security.c | |
+++ b/3rdparty/grpc/src/core/tsi/ssl_transport_security.c | |
@@ -832,12 +832,14 @@ static tsi_result ssl_protector_unprotect( | |
/* Then, try to write some data to ssl. */ | |
GPR_ASSERT(*protected_frames_bytes_size <= INT_MAX); | |
- written_into_ssl = BIO_write(impl->into_ssl, protected_frames_bytes, | |
- (int)*protected_frames_bytes_size); | |
- if (written_into_ssl < 0) { | |
- gpr_log(GPR_ERROR, "Sending protected frame to ssl failed with %d", | |
- written_into_ssl); | |
- return TSI_INTERNAL_ERROR; | |
+ if (*protected_frames_bytes_size > 0) { | |
+ written_into_ssl = BIO_write(impl->into_ssl, protected_frames_bytes, | |
+ (int)*protected_frames_bytes_size); | |
+ if (written_into_ssl < 0) { | |
+ gpr_log(GPR_ERROR, "Sending protected frame to ssl failed with %d", | |
+ written_into_ssl); | |
+ return TSI_INTERNAL_ERROR; | |
+ } | |
} | |
*protected_frames_bytes_size = (size_t)written_into_ssl; | |
@@ -1295,7 +1297,7 @@ tsi_result tsi_create_ssl_client_handshaker_factory( | |
*factory = NULL; | |
if (pem_root_certs == NULL) return TSI_INVALID_ARGUMENT; | |
- ssl_context = SSL_CTX_new(TLSv1_2_method()); | |
+ ssl_context = SSL_CTX_new(TLS_method()); | |
if (ssl_context == NULL) { | |
gpr_log(GPR_ERROR, "Could not create ssl context."); | |
return TSI_INVALID_ARGUMENT; | |
@@ -1305,6 +1307,11 @@ tsi_result tsi_create_ssl_client_handshaker_factory( | |
impl->ssl_context = ssl_context; | |
do { | |
+ result = SSL_CTX_set_min_proto_version(ssl_context, TLS1_2_VERSION); | |
+ if (result != 1) { | |
+ gpr_log(GPR_ERROR, "Could not set minimum TLS version."); | |
+ break; | |
+ } | |
result = | |
populate_ssl_context(ssl_context, pem_private_key, pem_private_key_size, | |
pem_cert_chain, pem_cert_chain_size, cipher_list); | |
@@ -1415,12 +1422,17 @@ tsi_result tsi_create_ssl_server_handshaker_factory_ex( | |
for (i = 0; i < key_cert_pair_count; i++) { | |
do { | |
- impl->ssl_contexts[i] = SSL_CTX_new(TLSv1_2_method()); | |
+ impl->ssl_contexts[i] = SSL_CTX_new(TLS_method()); | |
if (impl->ssl_contexts[i] == NULL) { | |
gpr_log(GPR_ERROR, "Could not create ssl context."); | |
result = TSI_OUT_OF_RESOURCES; | |
break; | |
} | |
+ result = SSL_CTX_set_min_proto_version(impl->ssl_contexts[i], TLS1_2_VERSION); | |
+ if (result != 1) { | |
+ gpr_log(GPR_ERROR, "Could not set minimum TLS version."); | |
+ break; | |
+ } | |
result = populate_ssl_context( | |
impl->ssl_contexts[i], pem_private_keys[i], pem_private_keys_sizes[i], | |
pem_cert_chains[i], pem_cert_chains_sizes[i], cipher_list); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment