]>
Commit | Line | Data |
---|---|---|
c09d4c89 JR |
1 | diff -ur ckermit-9.0.302/ck_crp.c ckermit-9.0.302.openssl111/ck_crp.c |
2 | --- ckermit-9.0.302/ck_crp.c 2011-08-20 23:02:21.000000000 +0200 | |
3 | +++ ckermit-9.0.302.openssl111/ck_crp.c 2018-10-21 13:18:30.581182834 +0200 | |
4 | @@ -295,7 +295,7 @@ | |
5 | #define des_new_random_key des_random_key | |
6 | #define des_set_random_generator_seed des_random_seed | |
7 | #endif /* UNIX */ | |
8 | -#define des_fixup_key_parity des_set_odd_parity | |
9 | +#define des_fixup_key_parity DES_set_odd_parity | |
10 | #ifdef OPENSSL_097 | |
11 | #define OPENSSL_ENABLE_OLD_DES_SUPPORT | |
12 | #include <openssl/des.h> | |
13 | @@ -394,7 +394,7 @@ | |
14 | void | |
15 | des_set_random_generator_seed(Block B) | |
16 | { | |
17 | - des_random_seed(B); | |
18 | +// DES_random_seed(B); | |
19 | return; | |
20 | } | |
21 | ||
22 | @@ -403,7 +403,7 @@ | |
23 | void | |
24 | des_fixup_key_parity(Block B) | |
25 | { | |
26 | - des_set_odd_parity(B); | |
27 | + DES_set_odd_parity(B); | |
28 | return; | |
29 | } | |
30 | #endif /* COMMENT */ | |
31 | @@ -415,7 +415,7 @@ | |
32 | This might need to have the "rc = " removed because this | |
33 | is VOID in later, and maybe even all, versions. | |
34 | */ | |
35 | - rc = des_random_key(B); | |
36 | + rc = DES_random_key(B); | |
37 | return(rc); | |
38 | } | |
39 | ||
40 | @@ -2138,8 +2138,9 @@ | |
41 | } | |
42 | ||
43 | #else /* MIT_CURRENT */ | |
44 | - des_new_random_key(fbp->temp_feed); | |
45 | - des_ecb_encrypt(fbp->temp_feed, fbp->temp_feed, | |
46 | + DES_random_key(fbp->temp_feed); | |
47 | + int DES_random_key(DES_cblock *ret); | |
48 | + DES_ecb_encrypt(fbp->temp_feed, fbp->temp_feed, | |
49 | fbp->krbdes_sched, 1); | |
50 | #endif /* MIT_CURRENT */ | |
51 | p = fbp->fb_feed + 3; | |
52 | @@ -2457,14 +2458,14 @@ | |
53 | fb64_stream_key(fbp->krbdes_key, c_stream); | |
54 | ||
55 | if (fbp->once == 0) { | |
56 | - des_set_random_generator_seed(fbp->krbdes_key); | |
57 | +// DES_set_random_generator_seed(fbp->krbdes_key); | |
58 | fbp->once = 1; | |
59 | } | |
60 | ||
61 | memset(fbp->krbdes_sched,0,sizeof(Schedule)); | |
62 | ckhexdump("fb64_session_key",fbp->krbdes_key,8); | |
63 | ||
64 | - rc = des_key_sched(fbp->krbdes_key, fbp->krbdes_sched); | |
65 | + rc = DES_key_sched(fbp->krbdes_key, fbp->krbdes_sched); | |
66 | if ( rc == -1 ) { | |
67 | printf("?Invalid DES key specified for encryption\n"); | |
68 | debug(F110,"fb64_session_key", | |
69 | @@ -2620,7 +2621,7 @@ | |
70 | ckhexdump("fb64_stream_iv",stp->str_ikey,8); | |
71 | ||
72 | #ifndef MIT_CURRENT | |
73 | - rc = des_key_sched(stp->str_ikey, stp->str_sched); | |
74 | + rc = DES_key_sched(stp->str_ikey, stp->str_sched); | |
75 | if ( rc == -1 ) { | |
76 | printf("?Invalid DES key specified for encryption\r\n"); | |
77 | debug(F110,"fb64_stream_iv", | |
78 | @@ -2662,7 +2663,7 @@ | |
79 | ||
80 | ckhexdump("fb64_stream_key",key,8); | |
81 | ||
82 | - rc = des_key_sched(key, stp->str_sched); | |
83 | + rc = DES_key_sched(key, stp->str_sched); | |
84 | if ( rc == -1 ) { | |
85 | printf("?Invalid DES key specified for encryption\r\n"); | |
86 | debug(F110,"fb64_stream_key", | |
87 | @@ -2721,7 +2722,7 @@ | |
88 | #ifdef MIT_CURRENT | |
89 | ecb_encrypt(stp, stp->str_output, b); | |
90 | #else /* MIT_CURRENT */ | |
91 | - des_ecb_encrypt(stp->str_output, b, stp->str_sched, 1); | |
92 | + DES_ecb_encrypt(stp->str_output, b, stp->str_sched, 1); | |
93 | #endif /* MIT_CURRENT */ | |
94 | memcpy(stp->str_feed,b,sizeof(Block)); | |
95 | index = 0; | |
96 | @@ -2759,7 +2760,7 @@ | |
97 | #ifdef MIT_CURRENT | |
98 | ecb_encrypt(stp, stp->str_output, b); | |
99 | #else /* MIT_CURRENT */ | |
100 | - des_ecb_encrypt(stp->str_output, b, stp->str_sched, 1); | |
101 | + DES_ecb_encrypt(stp->str_output, b, stp->str_sched, 1); | |
102 | #endif /* MIT_CURRENT */ | |
103 | memcpy(stp->str_feed, b, sizeof(Block)); | |
104 | stp->str_index = 1; /* Next time will be 1 */ | |
105 | @@ -2805,7 +2806,7 @@ | |
106 | #ifdef MIT_CURRENT | |
107 | ecb_encrypt(stp, stp->str_feed, b); | |
108 | #else /* MIT_CURRENT */ | |
109 | - des_ecb_encrypt(stp->str_feed, b, stp->str_sched, 1); | |
110 | + DES_ecb_encrypt(stp->str_feed, b, stp->str_sched, 1); | |
111 | #endif /* MIT_CURRENT */ | |
112 | memcpy(stp->str_feed,b,sizeof(Block)); | |
113 | index = 0; | |
114 | @@ -2840,7 +2841,7 @@ | |
115 | #ifdef MIT_CURRENT | |
116 | ecb_encrypt(stp, stp->str_feed, b); | |
117 | #else /* MIT_CURRENT */ | |
118 | - des_ecb_encrypt(stp->str_feed, b, stp->str_sched, 1); | |
119 | + DES_ecb_encrypt(stp->str_feed, b, stp->str_sched, 1); | |
120 | #endif /* MIT_CURRENT */ | |
121 | memcpy(stp->str_feed, b, sizeof(Block)); | |
122 | stp->str_index = 1; /* Next time will be 1 */ | |
123 | @@ -2955,19 +2956,19 @@ | |
124 | /* | |
125 | * Create a random feed and send it over. | |
126 | */ | |
127 | - des_new_random_key(fbp->temp_feed); | |
128 | + DES_random_key(fbp->temp_feed); | |
129 | #ifdef LIBDES | |
130 | - des_ecb3_encrypt(fbp->temp_feed, fbp->temp_feed, | |
131 | + DES_ecb3_encrypt(fbp->temp_feed, fbp->temp_feed, | |
132 | fbp->krbdes_sched[0], | |
133 | fbp->krbdes_sched[1], | |
134 | fbp->krbdes_sched[2], | |
135 | 1); | |
136 | #else /* LIBDES */ | |
137 | - des_ecb_encrypt(fbp->temp_feed, fbp->temp_feed, | |
138 | + DES_ecb_encrypt(fbp->temp_feed, fbp->temp_feed, | |
139 | fbp->krbdes_sched[0], 1); | |
140 | - des_ecb_encrypt(fbp->temp_feed, fbp->temp_feed, | |
141 | + DES_ecb_encrypt(fbp->temp_feed, fbp->temp_feed, | |
142 | fbp->krbdes_sched[1], 0); | |
143 | - des_ecb_encrypt(fbp->temp_feed, fbp->temp_feed, | |
144 | + DES_ecb_encrypt(fbp->temp_feed, fbp->temp_feed, | |
145 | fbp->krbdes_sched[2], 1); | |
146 | #endif /* LIBDES */ | |
147 | ||
148 | @@ -3274,7 +3275,7 @@ | |
149 | sizeof(Block) | |
150 | ); | |
151 | if (fbp->once == 0) { | |
152 | - des_set_random_generator_seed(fbp->krbdes_key[0]); | |
153 | +// DES_set_random_generator_seed(fbp->krbdes_key[0]); | |
154 | fbp->once = 1; | |
155 | } | |
156 | ||
157 | @@ -3333,7 +3334,7 @@ | |
158 | for ( i=0;i<3;i++ ) { | |
159 | memset(fbp->krbdes_sched[i],0,sizeof(Schedule)); | |
160 | ||
161 | - rc = des_key_sched(fbp->krbdes_key[i], fbp->krbdes_sched[i]); | |
162 | + rc = DES_key_sched(fbp->krbdes_key[i], fbp->krbdes_sched[i]); | |
163 | if ( rc == -1 ) { | |
164 | printf("?Invalid DES key specified for encryption [DES3,%s]\r\n", | |
165 | server?"server":"client"); | |
166 | @@ -3488,7 +3489,7 @@ | |
167 | ||
168 | ckhexdump("des3_fb64_stream_iv",stp->str_ikey[i],8); | |
169 | ||
170 | - rc = des_key_sched(stp->str_ikey[i], stp->str_sched[i]); | |
171 | + rc = DES_key_sched(stp->str_ikey[i], stp->str_sched[i]); | |
172 | if ( rc == -1 ) { | |
173 | printf("?Invalid DES key specified for encryption [DES3 iv]\r\n"); | |
174 | debug(F110,"des3_fb64_stream_iv", | |
175 | @@ -3521,7 +3522,7 @@ | |
176 | ||
177 | ckhexdump("des3_fb64_stream_key",key[i],8); | |
178 | ||
179 | - rc = des_key_sched(key[i], stp->str_sched[i]); | |
180 | + rc = DES_key_sched(key[i], stp->str_sched[i]); | |
181 | if ( rc == -1 ) { | |
182 | printf("?Invalid DES key specified for encryption [DES3 key]\r\n"); | |
183 | debug(F110,"des3_fb64_stream_key", | |
184 | @@ -3580,14 +3581,14 @@ | |
185 | if (index == sizeof(Block)) { | |
186 | Block b; | |
187 | #ifdef LIBDES | |
188 | - des_ecb3_encrypt(stp->str_output, b, stp->str_sched[0], | |
189 | + DES_ecb3_encrypt(stp->str_output, b, stp->str_sched[0], | |
190 | stp->str_sched[1], stp->str_sched[2], 1); | |
191 | #else /* LIBDES */ | |
192 | - des_ecb_encrypt(stp->str_output, b, | |
193 | + DES_ecb_encrypt(stp->str_output, b, | |
194 | stp->str_sched[0], 1); | |
195 | - des_ecb_encrypt(stp->str_output, b, | |
196 | + DES_ecb_encrypt(stp->str_output, b, | |
197 | stp->str_sched[1], 0); | |
198 | - des_ecb_encrypt(stp->str_output, b, | |
199 | + DES_ecb_encrypt(stp->str_output, b, | |
200 | stp->str_sched[2], 1); | |
201 | #endif /* LIBDES */ | |
202 | memcpy(stp->str_feed,b,sizeof(Block)); | |
203 | @@ -3624,14 +3625,14 @@ | |
204 | if (index == sizeof(Block)) { | |
205 | Block b; | |
206 | #ifdef LIBDES | |
207 | - des_ecb3_encrypt(stp->str_output, b, stp->str_sched[0], | |
208 | + DES_ecb3_encrypt(stp->str_output, b, stp->str_sched[0], | |
209 | stp->str_sched[1], stp->str_sched[2], 1); | |
210 | #else /* LIBDES */ | |
211 | - des_ecb_encrypt(stp->str_output, b, | |
212 | + DES_ecb_encrypt(stp->str_output, b, | |
213 | stp->str_sched[0], 1); | |
214 | - des_ecb_encrypt(stp->str_output, b, | |
215 | + DES_ecb_encrypt(stp->str_output, b, | |
216 | stp->str_sched[1], 0); | |
217 | - des_ecb_encrypt(stp->str_output, b, | |
218 | + DES_ecb_encrypt(stp->str_output, b, | |
219 | stp->str_sched[2], 1); | |
220 | #endif /* LIBDES */ | |
221 | memcpy(stp->str_feed, b, sizeof(Block)); | |
222 | @@ -3680,14 +3681,14 @@ | |
223 | if (index == sizeof(Block)) { | |
224 | Block b; | |
225 | #ifdef LIBDES | |
226 | - des_ecb3_encrypt(stp->str_feed, b, stp->str_sched[0], | |
227 | + DES_ecb3_encrypt(stp->str_feed, b, stp->str_sched[0], | |
228 | stp->str_sched[1], stp->str_sched[2], 1); | |
229 | #else /* LIBDES */ | |
230 | - des_ecb_encrypt(stp->str_output, b, | |
231 | + DES_ecb_encrypt(stp->str_output, b, | |
232 | stp->str_sched[0], 1); | |
233 | - des_ecb_encrypt(stp->str_output, b, | |
234 | + DES_ecb_encrypt(stp->str_output, b, | |
235 | stp->str_sched[1], 0); | |
236 | - des_ecb_encrypt(stp->str_output, b, | |
237 | + DES_ecb_encrypt(stp->str_output, b, | |
238 | stp->str_sched[2], 1); | |
239 | #endif /* LIBDES */ | |
240 | memcpy(stp->str_feed,b,sizeof(Block)); | |
241 | @@ -3721,14 +3722,14 @@ | |
242 | if (index == sizeof(Block)) { | |
243 | Block b; | |
244 | #ifdef LIBDES | |
245 | - des_ecb3_encrypt(stp->str_feed, b, stp->str_sched[0], | |
246 | + DES_ecb3_encrypt(stp->str_feed, b, stp->str_sched[0], | |
247 | stp->str_sched[1], stp->str_sched[2], 1); | |
248 | #else /* LIBDES */ | |
249 | - des_ecb_encrypt(stp->str_output, b, | |
250 | + DES_ecb_encrypt(stp->str_output, b, | |
251 | stp->str_sched[0], 1); | |
252 | - des_ecb_encrypt(stp->str_output, b, | |
253 | + DES_ecb_encrypt(stp->str_output, b, | |
254 | stp->str_sched[1], 0); | |
255 | - des_ecb_encrypt(stp->str_output, b, | |
256 | + DES_ecb_encrypt(stp->str_output, b, | |
257 | stp->str_sched[2], 1); | |
258 | #endif /* LIBDES */ | |
259 | memcpy(stp->str_feed, b, sizeof(Block)); | |
260 | diff -ur ckermit-9.0.302/ck_ssl.c ckermit-9.0.302.openssl111/ck_ssl.c | |
261 | --- ckermit-9.0.302/ck_ssl.c 2018-10-21 13:19:06.894962175 +0200 | |
262 | +++ ckermit-9.0.302.openssl111/ck_ssl.c 2018-10-21 13:05:08.874620118 +0200 | |
263 | @@ -301,7 +301,7 @@ | |
264 | break; | |
265 | default: | |
266 | printf("Error %d while verifying certificate.\r\n", | |
267 | - ctx->error); | |
268 | + X509_STORE_CTX_get_error(ctx)); | |
269 | break; | |
270 | } | |
271 | } | |
272 | @@ -936,10 +936,12 @@ | |
273 | ||
274 | if ((dh=DH_new()) == NULL) | |
275 | return(NULL); | |
276 | - dh->p=BN_bin2bn(dh512_p,sizeof(dh512_p),NULL); | |
277 | - dh->g=BN_bin2bn(dh512_g,sizeof(dh512_g),NULL); | |
278 | - if ((dh->p == NULL) || (dh->g == NULL)) | |
279 | + BIGNUM *p=BN_bin2bn(dh512_p,sizeof(dh512_p),NULL); | |
280 | + BIGNUM *g=BN_bin2bn(dh512_g,sizeof(dh512_g),NULL); | |
281 | + if (DH_set0_pqg(dh, p, NULL, g) == 0) { | |
282 | + DH_free(dh); | |
283 | return(NULL); | |
284 | + } | |
285 | return(dh); | |
286 | } | |
287 | ||
288 | @@ -950,10 +952,12 @@ | |
289 | ||
290 | if ((dh=DH_new()) == NULL) | |
291 | return(NULL); | |
292 | - dh->p=BN_bin2bn(dh768_p,sizeof(dh768_p),NULL); | |
293 | - dh->g=BN_bin2bn(dh768_g,sizeof(dh768_g),NULL); | |
294 | - if ((dh->p == NULL) || (dh->g == NULL)) | |
295 | + BIGNUM *p=BN_bin2bn(dh768_p,sizeof(dh768_p),NULL); | |
296 | + BIGNUM *g=BN_bin2bn(dh768_g,sizeof(dh768_g),NULL); | |
297 | + if (DH_set0_pqg(dh, p, NULL, g) == 0) { | |
298 | + DH_free(dh); | |
299 | return(NULL); | |
300 | + } | |
301 | return(dh); | |
302 | } | |
303 | ||
304 | @@ -964,10 +968,12 @@ | |
305 | ||
306 | if ((dh=DH_new()) == NULL) | |
307 | return(NULL); | |
308 | - dh->p=BN_bin2bn(dh1024_p,sizeof(dh1024_p),NULL); | |
309 | - dh->g=BN_bin2bn(dh1024_g,sizeof(dh1024_g),NULL); | |
310 | - if ((dh->p == NULL) || (dh->g == NULL)) | |
311 | + BIGNUM *p=BN_bin2bn(dh1024_p,sizeof(dh1024_p),NULL); | |
312 | + BIGNUM *g=BN_bin2bn(dh1024_g,sizeof(dh1024_g),NULL); | |
313 | + if (DH_set0_pqg(dh, p, NULL, g) == 0) { | |
314 | + DH_free(dh); | |
315 | return(NULL); | |
316 | + } | |
317 | return(dh); | |
318 | } | |
319 | ||
320 | @@ -978,10 +984,12 @@ | |
321 | ||
322 | if ((dh=DH_new()) == NULL) | |
323 | return(NULL); | |
324 | - dh->p=BN_bin2bn(dh1536_p,sizeof(dh1536_p),NULL); | |
325 | - dh->g=BN_bin2bn(dh1536_g,sizeof(dh1536_g),NULL); | |
326 | - if ((dh->p == NULL) || (dh->g == NULL)) | |
327 | + BIGNUM *p=BN_bin2bn(dh1536_p,sizeof(dh1536_p),NULL); | |
328 | + BIGNUM *g=BN_bin2bn(dh1536_g,sizeof(dh1536_g),NULL); | |
329 | + if (DH_set0_pqg(dh, p, NULL, g) == 0) { | |
330 | + DH_free(dh); | |
331 | return(NULL); | |
332 | + } | |
333 | return(dh); | |
334 | } | |
335 | ||
336 | @@ -992,10 +1000,12 @@ | |
337 | ||
338 | if ((dh=DH_new()) == NULL) | |
339 | return(NULL); | |
340 | - dh->p=BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL); | |
341 | - dh->g=BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL); | |
342 | - if ((dh->p == NULL) || (dh->g == NULL)) | |
343 | + BIGNUM *p=BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL); | |
344 | + BIGNUM *g=BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL); | |
345 | + if (DH_set0_pqg(dh, p, NULL, g) == 0) { | |
346 | + DH_free(dh); | |
347 | return(NULL); | |
348 | + } | |
349 | return(dh); | |
350 | } | |
351 | #endif /* NO_DH */ | |
352 | @@ -1054,11 +1064,15 @@ | |
353 | if (ssl == NULL) | |
354 | return; | |
355 | ||
356 | +#if 0 | |
357 | if (ssl->expand == NULL || ssl->expand->meth == NULL) | |
358 | +#endif | |
359 | printf("Compression: None\r\n"); | |
360 | +#if 0 | |
361 | else { | |
362 | printf("Compression: %s\r\n",ssl->expand->meth->name); | |
363 | } | |
364 | +#endif | |
365 | } | |
366 | ||
367 | int | |
368 | @@ -1457,13 +1471,15 @@ | |
369 | ||
370 | #ifdef ZLIB | |
371 | cm = COMP_zlib(); | |
372 | - if (cm != NULL && cm->type != NID_undef) { | |
373 | + if (cm != NULL && COMP_get_type(cm) != NID_undef) { | |
374 | SSL_COMP_add_compression_method(0xe0, cm); /* EAY's ZLIB ID */ | |
375 | } | |
376 | #endif /* ZLIB */ | |
377 | +#ifdef COMP_RLE | |
378 | cm = COMP_rle(); | |
379 | - if (cm != NULL && cm->type != NID_undef) | |
380 | + if (cm != NULL && COMP_get_type(cm) != NID_undef) | |
381 | SSL_COMP_add_compression_method(0xe1, cm); /* EAY's RLE ID */ | |
382 | +#endif | |
383 | ||
384 | /* Ensure the Random number generator has enough entropy */ | |
385 | if ( !RAND_status() ) { | |
386 | @@ -1483,14 +1499,10 @@ | |
387 | } | |
388 | debug(F110,"ssl_rnd_file",ssl_rnd_file,0); | |
389 | ||
390 | - rc1 = RAND_egd(ssl_rnd_file); | |
391 | - debug(F111,"ssl_once_init","RAND_egd()",rc1); | |
392 | - if ( rc1 <= 0 ) { | |
393 | - rc2 = RAND_load_file(ssl_rnd_file, -1); | |
394 | - debug(F111,"ssl_once_init","RAND_load_file()",rc1); | |
395 | - } | |
396 | + rc2 = RAND_load_file(ssl_rnd_file, -1); | |
397 | + debug(F111,"ssl_once_init","RAND_load_file()",rc2); | |
398 | ||
399 | - if ( rc1 <= 0 && !rc2 ) | |
400 | + if ( !rc2 ) | |
401 | { | |
402 | time_t t = time(NULL); | |
403 | int tlen = sizeof(time_t); | |
404 | @@ -2583,14 +2595,13 @@ | |
405 | int | |
406 | ssl_verify_crl(int ok, X509_STORE_CTX *ctx) | |
407 | { | |
408 | - X509_OBJECT obj; | |
409 | + X509_OBJECT *obj; | |
410 | X509_NAME *subject = NULL; | |
411 | X509_NAME *issuer = NULL; | |
412 | X509 *xs = NULL; | |
413 | X509_CRL *crl = NULL; | |
414 | X509_REVOKED *revoked = NULL; | |
415 | X509_STORE_CTX * store_ctx = NULL; | |
416 | - long serial; | |
417 | BIO *bio = NULL; | |
418 | int i, n, rc; | |
419 | char *cp; | |
420 | @@ -2607,6 +2618,11 @@ | |
421 | if ( !store_ctx ) | |
422 | return(ok); | |
423 | ||
424 | + obj = X509_OBJECT_new(); | |
425 | + if ( !obj ) { | |
426 | + X509_STORE_CTX_free(store_ctx); | |
427 | + return(ok); | |
428 | + } | |
429 | /* | |
430 | * Determine certificate ingredients in advance | |
431 | */ | |
432 | @@ -2649,11 +2665,10 @@ | |
433 | * Try to retrieve a CRL corresponding to the _subject_ of | |
434 | * the current certificate in order to verify it's integrity. | |
435 | */ | |
436 | - memset((char *)&obj, 0, sizeof(obj)); | |
437 | X509_STORE_CTX_init(store_ctx, crl_store, NULL, NULL); | |
438 | - rc = X509_STORE_get_by_subject(store_ctx, X509_LU_CRL, subject, &obj); | |
439 | + rc = X509_STORE_get_by_subject(store_ctx, X509_LU_CRL, subject, obj); | |
440 | X509_STORE_CTX_cleanup(store_ctx); | |
441 | - crl = obj.data.crl; | |
442 | + crl = X509_OBJECT_get0_X509_CRL(obj); | |
443 | if (rc > 0 && crl != NULL) { | |
444 | /* | |
445 | * Verify the signature on this CRL | |
446 | @@ -2661,7 +2676,7 @@ | |
447 | if (X509_CRL_verify(crl, X509_get_pubkey(xs)) <= 0) { | |
448 | fprintf(stderr, "Invalid signature on CRL!\n"); | |
449 | X509_STORE_CTX_set_error(ctx, X509_V_ERR_CRL_SIGNATURE_FAILURE); | |
450 | - X509_OBJECT_free_contents(&obj); | |
451 | + X509_OBJECT_free(obj); | |
452 | X509_STORE_CTX_free(store_ctx); | |
453 | return 0; | |
454 | } | |
455 | @@ -2674,7 +2689,7 @@ | |
456 | fprintf(stderr, "Found CRL has invalid nextUpdate field.\n"); | |
457 | X509_STORE_CTX_set_error(ctx, | |
458 | X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD); | |
459 | - X509_OBJECT_free_contents(&obj); | |
460 | + X509_OBJECT_free(obj); | |
461 | X509_STORE_CTX_free(store_ctx); | |
462 | return 0; | |
463 | } | |
464 | @@ -2683,22 +2698,20 @@ | |
465 | "Found CRL is expired - revoking all certificates until you get updated CRL.\n" | |
466 | ); | |
467 | X509_STORE_CTX_set_error(ctx, X509_V_ERR_CRL_HAS_EXPIRED); | |
468 | - X509_OBJECT_free_contents(&obj); | |
469 | + X509_OBJECT_free(obj); | |
470 | X509_STORE_CTX_free(store_ctx); | |
471 | return 0; | |
472 | } | |
473 | - X509_OBJECT_free_contents(&obj); | |
474 | } | |
475 | ||
476 | /* | |
477 | * Try to retrieve a CRL corresponding to the _issuer_ of | |
478 | * the current certificate in order to check for revocation. | |
479 | */ | |
480 | - memset((char *)&obj, 0, sizeof(obj)); | |
481 | X509_STORE_CTX_init(store_ctx, crl_store, NULL, NULL); | |
482 | - rc = X509_STORE_get_by_subject(store_ctx, X509_LU_CRL, issuer, &obj); | |
483 | + rc = X509_STORE_get_by_subject(store_ctx, X509_LU_CRL, issuer, obj); | |
484 | X509_STORE_CTX_free(store_ctx); /* calls X509_STORE_CTX_cleanup() */ | |
485 | - crl = obj.data.crl; | |
486 | + crl = X509_OBJECT_get0_X509_CRL(obj); | |
487 | if (rc > 0 && crl != NULL) { | |
488 | /* | |
489 | * Check if the current certificate is revoked by this CRL | |
490 | @@ -2706,20 +2719,17 @@ | |
491 | n = sk_X509_REVOKED_num(X509_CRL_get_REVOKED(crl)); | |
492 | for (i = 0; i < n; i++) { | |
493 | revoked = sk_X509_REVOKED_value(X509_CRL_get_REVOKED(crl), i); | |
494 | - if (ASN1_INTEGER_cmp(revoked->serialNumber, | |
495 | + if (ASN1_INTEGER_cmp(X509_REVOKED_get0_serialNumber(revoked), | |
496 | X509_get_serialNumber(xs)) == 0) { | |
497 | ||
498 | - serial = ASN1_INTEGER_get(revoked->serialNumber); | |
499 | - cp = X509_NAME_oneline(issuer, NULL, 0); | |
500 | - free(cp); | |
501 | - | |
502 | X509_STORE_CTX_set_error(ctx, X509_V_ERR_CERT_REVOKED); | |
503 | - X509_OBJECT_free_contents(&obj); | |
504 | + X509_OBJECT_free(obj); | |
505 | return 0; | |
506 | } | |
507 | } | |
508 | - X509_OBJECT_free_contents(&obj); | |
509 | } | |
510 | + X509_OBJECT_free(obj); | |
511 | + X509_STORE_CTX_free(store_ctx); | |
512 | return ok; | |
513 | } | |
514 | ||
515 | @@ -4338,6 +4348,8 @@ | |
516 | FILE *fp; | |
517 | struct passwd *pwd; | |
518 | X509 *file_cert; | |
519 | + const ASN1_BIT_STRING *peer_sig, *file_sig; | |
520 | + const X509_ALGOR *peer_alg, *file_alg; | |
521 | ||
522 | if ( peer_cert == NULL ) | |
523 | return(0); | |
524 | @@ -4350,8 +4362,10 @@ | |
525 | ||
526 | if (!(fp = fopen(buf, "r"))) | |
527 | return 0; | |
528 | + X509_get0_signature(&peer_sig, &peer_alg, peer_cert); | |
529 | while (!r && (file_cert = PEM_read_X509(fp, NULL, NULL, NULL))) { | |
530 | - if (!ASN1_STRING_cmp(peer_cert->signature, file_cert->signature)) | |
531 | + X509_get0_signature(&file_sig, &file_alg, file_cert); | |
532 | + if (!ASN1_STRING_cmp(peer_sig, file_sig)) | |
533 | r = 1; | |
534 | X509_free(file_cert); | |
535 | } |