PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-07 13:11:28 +00:00
Code Issues Projects Releases Wiki Activity

Build based on OpenSSL version, not API level. Fixes #2516

Browse Source
This commit is contained in:
dmiller
2022-09-06 22:39:34 +00:00
parent 9732e6979e
commit d6bea8dcde
9 changed files with 24 additions and 75 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
ncat/http_digest.c
View File

@@ -133,7 +133,7 @@ int http_digest_init_secret(void)
return 0; return 0;
} }
#if OPENSSL_API_LEVEL < 10100 #if OPENSSL_VERSION_NUMBER < 0x10100000L
#define EVP_MD_CTX_new EVP_MD_CTX_create #define EVP_MD_CTX_new EVP_MD_CTX_create
#define EVP_MD_CTX_free EVP_MD_CTX_destroy #define EVP_MD_CTX_free EVP_MD_CTX_destroy
#endif #endif

2
ncat/ncat_connect.c
View File

@@ -82,7 +82,7 @@
#include <openssl/err.h> #include <openssl/err.h>
/* Deprecated in OpenSSL 3.0 */ /* Deprecated in OpenSSL 3.0 */
#if OPENSSL_API_LEVEL >= 30000 #if OPENSSL_VERSION_NUMBER >= 0x30000000L
# define SSL_get_peer_certificate SSL_get1_peer_certificate # define SSL_get_peer_certificate SSL_get1_peer_certificate
#endif #endif
#endif #endif

6
ncat/ncat_ssl.c
View File

@@ -80,7 +80,7 @@
#define FUNC_ASN1_STRING_data ASN1_STRING_data #define FUNC_ASN1_STRING_data ASN1_STRING_data
#endif #endif
#if OPENSSL_API_LEVEL >= 30000 #if OPENSSL_VERSION_NUMBER >= 0x30000000L
#include <openssl/provider.h> #include <openssl/provider.h>
/* Deprecated in OpenSSL 3.0 */ /* Deprecated in OpenSSL 3.0 */
#define SSL_get_peer_certificate SSL_get1_peer_certificate #define SSL_get_peer_certificate SSL_get1_peer_certificate
@@ -117,7 +117,7 @@ SSL_CTX *setup_ssl_listen(void)
OpenSSL_add_all_algorithms(); OpenSSL_add_all_algorithms();
ERR_load_crypto_strings(); ERR_load_crypto_strings();
SSL_load_error_strings(); SSL_load_error_strings();
#elif OPENSSL_API_LEVEL >= 30000 #elif OPENSSL_VERSION_NUMBER >= 0x30000000L
if (NULL == OSSL_PROVIDER_load(NULL, "legacy")) if (NULL == OSSL_PROVIDER_load(NULL, "legacy"))
{ {
loguser("OpenSSL legacy provider failed to load.\n"); loguser("OpenSSL legacy provider failed to load.\n");
@@ -477,7 +477,7 @@ static int ssl_gen_cert(X509 **cert, EVP_PKEY **key)
const char *commonName = "localhost"; const char *commonName = "localhost";
char dNSName[128]; char dNSName[128];
int rc; int rc;
#if OPENSSL_API_LEVEL < 30000 #if OPENSSL_VERSION_NUMBER < 0x30000000L
int ret = 0; int ret = 0;
RSA *rsa = NULL; RSA *rsa = NULL;
BIGNUM *bne = NULL; BIGNUM *bne = NULL;

12
ncat/ncat_ssl.h
View File

@@ -67,18 +67,6 @@
#include <openssl/ssl.h> #include <openssl/ssl.h>
#include <openssl/err.h> #include <openssl/err.h>
/* OPENSSL_API_LEVEL per OpenSSL 3.0: decimal MMmmpp */
#ifndef OPENSSL_API_LEVEL
# if OPENSSL_API_COMPAT < 0x900000L
# define OPENSSL_API_LEVEL (OPENSSL_API_COMPAT)
# else
# define OPENSSL_API_LEVEL \
(((OPENSSL_API_COMPAT >> 28) & 0xF) * 10000 \
+ ((OPENSSL_API_COMPAT >> 20) & 0xFF) * 100 \
+ ((OPENSSL_API_COMPAT >> 12) & 0xFF))
# endif
#endif
#define NCAT_CA_CERTS_FILE "ca-bundle.crt" #define NCAT_CA_CERTS_FILE "ca-bundle.crt"
enum { enum {

4
ncat/test/test-wildcard.c
View File

@@ -20,7 +20,7 @@ are rejected. The SSL transactions happen over OpenSSL BIO pairs.
#include "ncat_core.h" #include "ncat_core.h"
#include "ncat_ssl.h" #include "ncat_ssl.h"
#if OPENSSL_API_LEVEL < 30000 #if OPENSSL_VERSION_NUMBER < 0x30000000L
#include <openssl/bn.h> #include <openssl/bn.h>
#endif #endif
@@ -294,7 +294,7 @@ stack_err:
static int gen_cert(X509 **cert, EVP_PKEY **key, static int gen_cert(X509 **cert, EVP_PKEY **key,
const struct lstr commonNames[], const struct lstr dNSNames[]) const struct lstr commonNames[], const struct lstr dNSNames[])
{ {
#if OPENSSL_API_LEVEL < 30000 #if OPENSSL_VERSION_NUMBER < 0x30000000L
int rc, ret=0; int rc, ret=0;
RSA *rsa = NULL; RSA *rsa = NULL;
BIGNUM *bne = NULL; BIGNUM *bne = NULL;

28
nse_openssl.cc
View File

@@ -20,6 +20,9 @@
#define FUNC_EVP_CIPHER_CTX_init EVP_CIPHER_CTX_reset #define FUNC_EVP_CIPHER_CTX_init EVP_CIPHER_CTX_reset
#define FUNC_EVP_CIPHER_CTX_cleanup EVP_CIPHER_CTX_reset #define FUNC_EVP_CIPHER_CTX_cleanup EVP_CIPHER_CTX_reset
#define PASS_EVP_CTX(ctx) (ctx) #define PASS_EVP_CTX(ctx) (ctx)
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
# include <openssl/provider.h>
#endif
#else #else
#define FUNC_EVP_MD_CTX_init EVP_MD_CTX_init #define FUNC_EVP_MD_CTX_init EVP_MD_CTX_init
#define FUNC_EVP_MD_CTX_cleanup EVP_MD_CTX_cleanup #define FUNC_EVP_MD_CTX_cleanup EVP_MD_CTX_cleanup
@@ -37,23 +40,6 @@ extern NmapOps o;
#include "nse_openssl.h" #include "nse_openssl.h"
/* OPENSSL_API_LEVEL per OpenSSL 3.0: decimal MMmmpp */
#ifndef OPENSSL_API_LEVEL
# if OPENSSL_API_COMPAT < 0x900000L
# define OPENSSL_API_LEVEL (OPENSSL_API_COMPAT)
# else
# define OPENSSL_API_LEVEL \
(((OPENSSL_API_COMPAT >> 28) & 0xF) * 10000 \
+ ((OPENSSL_API_COMPAT >> 20) & 0xFF) * 100 \
+ ((OPENSSL_API_COMPAT >> 12) & 0xFF))
# endif
#endif
#if OPENSSL_API_LEVEL >= 30000
#include <openssl/provider.h>
#endif
#define NSE_SSL_LUA_ERR(_L) \ #define NSE_SSL_LUA_ERR(_L) \
luaL_error(_L, "OpenSSL error: %s", ERR_error_string(ERR_get_error(), NULL)) luaL_error(_L, "OpenSSL error: %s", ERR_error_string(ERR_get_error(), NULL))
@@ -184,7 +170,7 @@ static int l_bignum_is_prime( lua_State *L ) /** bignum_is_prime( BIGNUM p ) */
bignum_data_t * p = (bignum_data_t *) luaL_checkudata( L, 1, "BIGNUM" ); bignum_data_t * p = (bignum_data_t *) luaL_checkudata( L, 1, "BIGNUM" );
BN_CTX * ctx = BN_CTX_new(); BN_CTX * ctx = BN_CTX_new();
int is_prime = int is_prime =
#if OPENSSL_API_LEVEL < 30000 #if OPENSSL_VERSION_NUMBER < 0x30000000L
BN_is_prime_ex( p->bn, BN_prime_checks, ctx, NULL ); BN_is_prime_ex( p->bn, BN_prime_checks, ctx, NULL );
#else #else
BN_check_prime( p->bn, ctx, NULL ); BN_check_prime( p->bn, ctx, NULL );
@@ -199,7 +185,7 @@ static int l_bignum_is_safe_prime( lua_State *L ) /** bignum_is_safe_prime( BIGN
bignum_data_t * p = (bignum_data_t *) luaL_checkudata( L, 1, "BIGNUM" ); bignum_data_t * p = (bignum_data_t *) luaL_checkudata( L, 1, "BIGNUM" );
BN_CTX * ctx = BN_CTX_new(); BN_CTX * ctx = BN_CTX_new();
int is_prime = int is_prime =
#if OPENSSL_API_LEVEL < 30000 #if OPENSSL_VERSION_NUMBER < 0x30000000L
BN_is_prime_ex( p->bn, BN_prime_checks, ctx, NULL ); BN_is_prime_ex( p->bn, BN_prime_checks, ctx, NULL );
#else #else
BN_check_prime( p->bn, ctx, NULL ); BN_check_prime( p->bn, ctx, NULL );
@@ -210,7 +196,7 @@ static int l_bignum_is_safe_prime( lua_State *L ) /** bignum_is_safe_prime( BIGN
BN_sub_word( n, (BN_ULONG)1 ); BN_sub_word( n, (BN_ULONG)1 );
BN_div_word( n, (BN_ULONG)2 ); BN_div_word( n, (BN_ULONG)2 );
is_safe = is_safe =
#if OPENSSL_API_LEVEL < 30000 #if OPENSSL_VERSION_NUMBER < 0x30000000L
BN_is_prime_ex( n, BN_prime_checks, ctx, NULL ); BN_is_prime_ex( n, BN_prime_checks, ctx, NULL );
#else #else
BN_check_prime( n, ctx, NULL ); BN_check_prime( n, ctx, NULL );
@@ -582,7 +568,7 @@ LUALIB_API int luaopen_openssl(lua_State *L) {
#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined LIBRESSL_VERSION_NUMBER #if OPENSSL_VERSION_NUMBER < 0x10100000L || defined LIBRESSL_VERSION_NUMBER
OpenSSL_add_all_algorithms(); OpenSSL_add_all_algorithms();
ERR_load_crypto_strings(); ERR_load_crypto_strings();
#elif OPENSSL_API_LEVEL >= 30000 #elif OPENSSL_VERSION_NUMBER >= 0x30000000L
if (NULL == OSSL_PROVIDER_load(NULL, "legacy") && o.debugging > 1) if (NULL == OSSL_PROVIDER_load(NULL, "legacy") && o.debugging > 1)
{ {
// Legacy provider may not be available. // Legacy provider may not be available.

24
nse_ssl_cert.cc
View File

@@ -89,19 +89,7 @@
#define X509_get0_notAfter X509_get_notAfter #define X509_get0_notAfter X509_get_notAfter
#endif #endif
/* OPENSSL_API_LEVEL per OpenSSL 3.0: decimal MMmmpp */ #if OPENSSL_VERSION_NUMBER >= 0x30000000L
#ifndef OPENSSL_API_LEVEL
# if OPENSSL_API_COMPAT < 0x900000L
# define OPENSSL_API_LEVEL (OPENSSL_API_COMPAT)
# else
# define OPENSSL_API_LEVEL \
(((OPENSSL_API_COMPAT >> 28) & 0xF) * 10000 \
+ ((OPENSSL_API_COMPAT >> 20) & 0xFF) * 100 \
+ ((OPENSSL_API_COMPAT >> 12) & 0xFF))
# endif
#endif
#if OPENSSL_API_LEVEL >= 30000
#include <openssl/core_names.h> #include <openssl/core_names.h>
/* Deprecated in OpenSSL 3.0 */ /* Deprecated in OpenSSL 3.0 */
#define SSL_get_peer_certificate SSL_get1_peer_certificate #define SSL_get_peer_certificate SSL_get1_peer_certificate
@@ -459,7 +447,7 @@ static const char *pkey_type_to_string(int type)
} }
int lua_push_ecdhparams(lua_State *L, EVP_PKEY *pubkey) { int lua_push_ecdhparams(lua_State *L, EVP_PKEY *pubkey) {
#if OPENSSL_API_LEVEL >= 30000 #if OPENSSL_VERSION_NUMBER >= 0x30000000L
char tmp[64] = {0}; char tmp[64] = {0};
size_t len = 0; size_t len = 0;
/* This structure (ecdhparams.curve_params) comes from tls.lua */ /* This structure (ecdhparams.curve_params) comes from tls.lua */
@@ -634,7 +622,7 @@ static int parse_ssl_cert(lua_State *L, X509 *cert)
else else
#endif #endif
if (pkey_type == EVP_PKEY_RSA) { if (pkey_type == EVP_PKEY_RSA) {
#if OPENSSL_API_LEVEL < 30000 #if OPENSSL_VERSION_NUMBER < 0x30000000L
RSA *rsa = EVP_PKEY_get1_RSA(pubkey); RSA *rsa = EVP_PKEY_get1_RSA(pubkey);
if (rsa) { if (rsa) {
#endif #endif
@@ -643,7 +631,7 @@ static int parse_ssl_cert(lua_State *L, X509 *cert)
luaL_getmetatable( L, "BIGNUM" ); luaL_getmetatable( L, "BIGNUM" );
lua_setmetatable( L, -2 ); lua_setmetatable( L, -2 );
#if HAVE_OPAQUE_STRUCTS #if HAVE_OPAQUE_STRUCTS
#if OPENSSL_API_LEVEL < 30000 #if OPENSSL_VERSION_NUMBER < 0x30000000L
const BIGNUM *n = NULL, *e = NULL; const BIGNUM *n = NULL, *e = NULL;
data->should_free = false; data->should_free = false;
RSA_get0_key(rsa, &n, &e, NULL); RSA_get0_key(rsa, &n, &e, NULL);
@@ -663,7 +651,7 @@ static int parse_ssl_cert(lua_State *L, X509 *cert)
luaL_getmetatable( L, "BIGNUM" ); luaL_getmetatable( L, "BIGNUM" );
lua_setmetatable( L, -2 ); lua_setmetatable( L, -2 );
#if HAVE_OPAQUE_STRUCTS #if HAVE_OPAQUE_STRUCTS
#if OPENSSL_API_LEVEL < 30000 #if OPENSSL_VERSION_NUMBER < 0x30000000L
data->should_free = false; data->should_free = false;
#else #else
data->should_free = true; data->should_free = true;
@@ -673,7 +661,7 @@ static int parse_ssl_cert(lua_State *L, X509 *cert)
data->bn = rsa->n; data->bn = rsa->n;
#endif #endif
lua_setfield(L, -2, "modulus"); lua_setfield(L, -2, "modulus");
#if OPENSSL_API_LEVEL < 30000 #if OPENSSL_VERSION_NUMBER < 0x30000000L
RSA_free(rsa); RSA_free(rsa);
} }
#endif #endif

4
nsock/src/nsock_ssl.c
View File

@@ -64,7 +64,7 @@
#include "netutils.h" #include "netutils.h"
#if HAVE_OPENSSL #if HAVE_OPENSSL
#if OPENSSL_API_LEVEL >= 30000 #if OPENSSL_VERSION_NUMBER >= 0x30000000L
#include <openssl/provider.h> #include <openssl/provider.h>
#endif #endif
@@ -120,7 +120,7 @@ static SSL_CTX *ssl_init_helper(const SSL_METHOD *method) {
SSL_library_init(); SSL_library_init();
#else #else
OPENSSL_atexit(nsock_ssl_atexit); OPENSSL_atexit(nsock_ssl_atexit);
#if OPENSSL_API_LEVEL >= 30000 #if OPENSSL_VERSION_NUMBER >= 0x30000000L
if (NULL == OSSL_PROVIDER_load(NULL, "legacy")) if (NULL == OSSL_PROVIDER_load(NULL, "legacy"))
{ {
nsock_log_error("OpenSSL legacy provider failed to load.\n"); nsock_log_error("OpenSSL legacy provider failed to load.\n");

15
nsock/src/nsock_ssl.h
View File

@@ -69,20 +69,7 @@
#include <openssl/err.h> #include <openssl/err.h>
#include <openssl/rand.h> #include <openssl/rand.h>
/* OPENSSL_API_LEVEL per OpenSSL 3.0: decimal MMmmpp */ #if OPENSSL_VERSION_NUMBER >= 0x30000000L
#ifndef OPENSSL_API_LEVEL
# if OPENSSL_API_COMPAT < 0x900000L
# define OPENSSL_API_LEVEL (OPENSSL_API_COMPAT)
# else
# define OPENSSL_API_LEVEL \
(((OPENSSL_API_COMPAT >> 28) & 0xF) * 10000 \
+ ((OPENSSL_API_COMPAT >> 20) & 0xFF) * 100 \
+ ((OPENSSL_API_COMPAT >> 12) & 0xFF))
# endif
#endif
#if OPENSSL_API_LEVEL >= 30000
/* Deprecated in OpenSSL 3.0 */ /* Deprecated in OpenSSL 3.0 */
#define SSL_get_peer_certificate SSL_get1_peer_certificate #define SSL_get_peer_certificate SSL_get1_peer_certificate
#endif #endif