From a6206e51576967083c7c7b92ab47356f8efa5b8b Mon Sep 17 00:00:00 2001 From: Vladislav Grishenko Date: Fri, 26 Oct 2018 20:52:15 +0500 Subject: sstp: fix build with openssl 1.1.0-1.1.0g --- accel-pppd/ctrl/sstp/sstp.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) (limited to 'accel-pppd') diff --git a/accel-pppd/ctrl/sstp/sstp.c b/accel-pppd/ctrl/sstp/sstp.c index af6bc77e..4e290598 100644 --- a/accel-pppd/ctrl/sstp/sstp.c +++ b/accel-pppd/ctrl/sstp/sstp.c @@ -2328,15 +2328,17 @@ static int ssl_servername(SSL *ssl, int *al, void *arg) } #endif -#if !defined(SSL_OP_NO_RENGOTIATION) && defined(SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) +#ifndef SSL_OP_NO_RENEGOTIATION +#if OPENSSL_VERSION_NUMBER < 0x10100000L && defined(SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) static void ssl_info_cb(const SSL *ssl, int where, int ret) { - if ((where & SSL_CB_HANDSHAKE_DONE) != 0) { + if (where & SSL_CB_HANDSHAKE_DONE) { /* disable renegotiation (CVE-2009-3555) */ ssl->s3->flags |= SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS; } } #endif +#endif static void ssl_load_config(struct sstp_serv_t *serv, const char *servername) { @@ -2487,8 +2489,10 @@ static void ssl_load_config(struct sstp_serv_t *serv, const char *servername) log_warn("sstp: SSL server name check error: %s\n", ERR_error_string(ERR_get_error(), NULL)); #endif -#if !defined(SSL_OP_NO_RENGOTIATION) && defined(SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) +#ifndef SSL_OP_NO_RENEGOTIATION +#if OPENSSL_VERSION_NUMBER < 0x10100000L && defined(SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) SSL_CTX_set_info_callback(ssl_ctx, ssl_info_cb); +#endif #endif } else { /* legacy option, to be removed */ -- cgit v1.2.3 From 2d4093196ad0ed39da46a2d9e814584238929378 Mon Sep 17 00:00:00 2001 From: Vladislav Grishenko Date: Fri, 26 Oct 2018 20:53:10 +0500 Subject: sstp: fix build w/o openssl --- accel-pppd/ctrl/sstp/sstp.c | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) (limited to 'accel-pppd') diff --git a/accel-pppd/ctrl/sstp/sstp.c b/accel-pppd/ctrl/sstp/sstp.c index 4e290598..3b65103a 100644 --- a/accel-pppd/ctrl/sstp/sstp.c +++ b/accel-pppd/ctrl/sstp/sstp.c @@ -1492,10 +1492,15 @@ static int sstp_recv_msg_call_connected(struct sstp_conn_t *conn, struct sstp_ct struct { struct sstp_ctrl_hdr hdr; struct sstp_attrib_crypto_binding attr; - } __attribute__((packed)) buf, *msg = (void *)hdr; - uint8_t md[EVP_MAX_MD_SIZE], hash, *ptr; + } __attribute__((packed)) *msg = (void *)hdr; + uint8_t hash; + unsigned int len; +#ifdef CRYPTO_OPENSSL + typeof(*msg) buf; + uint8_t md[EVP_MAX_MD_SIZE], *ptr; const EVP_MD *evp; - unsigned int len, mdlen; + unsigned int mdlen; +#endif if (conf_verbose) log_ppp_info2("recv [SSTP SSTP_MSG_CALL_CONNECTED]\n"); @@ -1533,7 +1538,9 @@ static int sstp_recv_msg_call_connected(struct sstp_conn_t *conn, struct sstp_ct log_ppp_error("sstp: invalid SHA256 Cert Hash"); return sstp_abort(conn, 0); } +#ifdef CRYPTO_OPENSSL evp = EVP_sha256(); +#endif } else if (hash & CERT_HASH_PROTOCOL_SHA1) { len = SHA_DIGEST_LENGTH; if (conf_hash_sha1.len == len && @@ -1541,13 +1548,16 @@ static int sstp_recv_msg_call_connected(struct sstp_conn_t *conn, struct sstp_ct log_ppp_error("sstp: invalid SHA1 Cert Hash"); return sstp_abort(conn, 0); } +#ifdef CRYPTO_OPENSSL evp = EVP_sha1(); +#endif } else { log_ppp_error("sstp: invalid Hash Protocol 0x%02x\n", msg->attr.hash_protocol_bitmask); return sstp_abort(conn, 0); } +#ifdef CRYPTO_OPENSSL if (conn->hlak_key) { ptr = mempcpy(md, SSTP_CMK_SEED, SSTP_CMK_SEED_SIZE); *ptr++ = len; @@ -1565,6 +1575,7 @@ static int sstp_recv_msg_call_connected(struct sstp_conn_t *conn, struct sstp_ct return sstp_abort(conn, 0); } } +#endif conn->sstp_state = STATE_SERVER_CALL_CONNECTED; -- cgit v1.2.3