1 diff -ur ckermit-9.0.302/ck_crp.c ckermit-9.0.302.openssl111/ck_crp.c
2 --- ckermit-9.0.302/ck_crp.c 2011-08-20 23:02:21.000000000 +0200
3 +++ ckermit-9.0.302.openssl111/ck_crp.c 2018-10-21 13:18:30.581182834 +0200
5 #define des_new_random_key des_random_key
6 #define des_set_random_generator_seed des_random_seed
8 -#define des_fixup_key_parity des_set_odd_parity
9 +#define des_fixup_key_parity DES_set_odd_parity
11 #define OPENSSL_ENABLE_OLD_DES_SUPPORT
12 #include <openssl/des.h>
15 des_set_random_generator_seed(Block B)
18 +// DES_random_seed(B);
24 des_fixup_key_parity(Block B)
26 - des_set_odd_parity(B);
27 + DES_set_odd_parity(B);
32 This might need to have the "rc = " removed because this
33 is VOID in later, and maybe even all, versions.
35 - rc = des_random_key(B);
36 + rc = DES_random_key(B);
43 #else /* MIT_CURRENT */
44 - des_new_random_key(fbp->temp_feed);
45 - des_ecb_encrypt(fbp->temp_feed, fbp->temp_feed,
46 + DES_random_key(fbp->temp_feed);
47 + int DES_random_key(DES_cblock *ret);
48 + DES_ecb_encrypt(fbp->temp_feed, fbp->temp_feed,
49 fbp->krbdes_sched, 1);
50 #endif /* MIT_CURRENT */
52 @@ -2457,14 +2458,14 @@
53 fb64_stream_key(fbp->krbdes_key, c_stream);
56 - des_set_random_generator_seed(fbp->krbdes_key);
57 +// DES_set_random_generator_seed(fbp->krbdes_key);
61 memset(fbp->krbdes_sched,0,sizeof(Schedule));
62 ckhexdump("fb64_session_key",fbp->krbdes_key,8);
64 - rc = des_key_sched(fbp->krbdes_key, fbp->krbdes_sched);
65 + rc = DES_key_sched(fbp->krbdes_key, fbp->krbdes_sched);
67 printf("?Invalid DES key specified for encryption\n");
68 debug(F110,"fb64_session_key",
70 ckhexdump("fb64_stream_iv",stp->str_ikey,8);
73 - rc = des_key_sched(stp->str_ikey, stp->str_sched);
74 + rc = DES_key_sched(stp->str_ikey, stp->str_sched);
76 printf("?Invalid DES key specified for encryption\r\n");
77 debug(F110,"fb64_stream_iv",
80 ckhexdump("fb64_stream_key",key,8);
82 - rc = des_key_sched(key, stp->str_sched);
83 + rc = DES_key_sched(key, stp->str_sched);
85 printf("?Invalid DES key specified for encryption\r\n");
86 debug(F110,"fb64_stream_key",
89 ecb_encrypt(stp, stp->str_output, b);
90 #else /* MIT_CURRENT */
91 - des_ecb_encrypt(stp->str_output, b, stp->str_sched, 1);
92 + DES_ecb_encrypt(stp->str_output, b, stp->str_sched, 1);
93 #endif /* MIT_CURRENT */
94 memcpy(stp->str_feed,b,sizeof(Block));
98 ecb_encrypt(stp, stp->str_output, b);
99 #else /* MIT_CURRENT */
100 - des_ecb_encrypt(stp->str_output, b, stp->str_sched, 1);
101 + DES_ecb_encrypt(stp->str_output, b, stp->str_sched, 1);
102 #endif /* MIT_CURRENT */
103 memcpy(stp->str_feed, b, sizeof(Block));
104 stp->str_index = 1; /* Next time will be 1 */
105 @@ -2805,7 +2806,7 @@
107 ecb_encrypt(stp, stp->str_feed, b);
108 #else /* MIT_CURRENT */
109 - des_ecb_encrypt(stp->str_feed, b, stp->str_sched, 1);
110 + DES_ecb_encrypt(stp->str_feed, b, stp->str_sched, 1);
111 #endif /* MIT_CURRENT */
112 memcpy(stp->str_feed,b,sizeof(Block));
114 @@ -2840,7 +2841,7 @@
116 ecb_encrypt(stp, stp->str_feed, b);
117 #else /* MIT_CURRENT */
118 - des_ecb_encrypt(stp->str_feed, b, stp->str_sched, 1);
119 + DES_ecb_encrypt(stp->str_feed, b, stp->str_sched, 1);
120 #endif /* MIT_CURRENT */
121 memcpy(stp->str_feed, b, sizeof(Block));
122 stp->str_index = 1; /* Next time will be 1 */
123 @@ -2955,19 +2956,19 @@
125 * Create a random feed and send it over.
127 - des_new_random_key(fbp->temp_feed);
128 + DES_random_key(fbp->temp_feed);
130 - des_ecb3_encrypt(fbp->temp_feed, fbp->temp_feed,
131 + DES_ecb3_encrypt(fbp->temp_feed, fbp->temp_feed,
132 fbp->krbdes_sched[0],
133 fbp->krbdes_sched[1],
134 fbp->krbdes_sched[2],
137 - des_ecb_encrypt(fbp->temp_feed, fbp->temp_feed,
138 + DES_ecb_encrypt(fbp->temp_feed, fbp->temp_feed,
139 fbp->krbdes_sched[0], 1);
140 - des_ecb_encrypt(fbp->temp_feed, fbp->temp_feed,
141 + DES_ecb_encrypt(fbp->temp_feed, fbp->temp_feed,
142 fbp->krbdes_sched[1], 0);
143 - des_ecb_encrypt(fbp->temp_feed, fbp->temp_feed,
144 + DES_ecb_encrypt(fbp->temp_feed, fbp->temp_feed,
145 fbp->krbdes_sched[2], 1);
148 @@ -3274,7 +3275,7 @@
151 if (fbp->once == 0) {
152 - des_set_random_generator_seed(fbp->krbdes_key[0]);
153 +// DES_set_random_generator_seed(fbp->krbdes_key[0]);
157 @@ -3333,7 +3334,7 @@
158 for ( i=0;i<3;i++ ) {
159 memset(fbp->krbdes_sched[i],0,sizeof(Schedule));
161 - rc = des_key_sched(fbp->krbdes_key[i], fbp->krbdes_sched[i]);
162 + rc = DES_key_sched(fbp->krbdes_key[i], fbp->krbdes_sched[i]);
164 printf("?Invalid DES key specified for encryption [DES3,%s]\r\n",
165 server?"server":"client");
166 @@ -3488,7 +3489,7 @@
168 ckhexdump("des3_fb64_stream_iv",stp->str_ikey[i],8);
170 - rc = des_key_sched(stp->str_ikey[i], stp->str_sched[i]);
171 + rc = DES_key_sched(stp->str_ikey[i], stp->str_sched[i]);
173 printf("?Invalid DES key specified for encryption [DES3 iv]\r\n");
174 debug(F110,"des3_fb64_stream_iv",
175 @@ -3521,7 +3522,7 @@
177 ckhexdump("des3_fb64_stream_key",key[i],8);
179 - rc = des_key_sched(key[i], stp->str_sched[i]);
180 + rc = DES_key_sched(key[i], stp->str_sched[i]);
182 printf("?Invalid DES key specified for encryption [DES3 key]\r\n");
183 debug(F110,"des3_fb64_stream_key",
184 @@ -3580,14 +3581,14 @@
185 if (index == sizeof(Block)) {
188 - des_ecb3_encrypt(stp->str_output, b, stp->str_sched[0],
189 + DES_ecb3_encrypt(stp->str_output, b, stp->str_sched[0],
190 stp->str_sched[1], stp->str_sched[2], 1);
192 - des_ecb_encrypt(stp->str_output, b,
193 + DES_ecb_encrypt(stp->str_output, b,
194 stp->str_sched[0], 1);
195 - des_ecb_encrypt(stp->str_output, b,
196 + DES_ecb_encrypt(stp->str_output, b,
197 stp->str_sched[1], 0);
198 - des_ecb_encrypt(stp->str_output, b,
199 + DES_ecb_encrypt(stp->str_output, b,
200 stp->str_sched[2], 1);
202 memcpy(stp->str_feed,b,sizeof(Block));
203 @@ -3624,14 +3625,14 @@
204 if (index == sizeof(Block)) {
207 - des_ecb3_encrypt(stp->str_output, b, stp->str_sched[0],
208 + DES_ecb3_encrypt(stp->str_output, b, stp->str_sched[0],
209 stp->str_sched[1], stp->str_sched[2], 1);
211 - des_ecb_encrypt(stp->str_output, b,
212 + DES_ecb_encrypt(stp->str_output, b,
213 stp->str_sched[0], 1);
214 - des_ecb_encrypt(stp->str_output, b,
215 + DES_ecb_encrypt(stp->str_output, b,
216 stp->str_sched[1], 0);
217 - des_ecb_encrypt(stp->str_output, b,
218 + DES_ecb_encrypt(stp->str_output, b,
219 stp->str_sched[2], 1);
221 memcpy(stp->str_feed, b, sizeof(Block));
222 @@ -3680,14 +3681,14 @@
223 if (index == sizeof(Block)) {
226 - des_ecb3_encrypt(stp->str_feed, b, stp->str_sched[0],
227 + DES_ecb3_encrypt(stp->str_feed, b, stp->str_sched[0],
228 stp->str_sched[1], stp->str_sched[2], 1);
230 - des_ecb_encrypt(stp->str_output, b,
231 + DES_ecb_encrypt(stp->str_output, b,
232 stp->str_sched[0], 1);
233 - des_ecb_encrypt(stp->str_output, b,
234 + DES_ecb_encrypt(stp->str_output, b,
235 stp->str_sched[1], 0);
236 - des_ecb_encrypt(stp->str_output, b,
237 + DES_ecb_encrypt(stp->str_output, b,
238 stp->str_sched[2], 1);
240 memcpy(stp->str_feed,b,sizeof(Block));
241 @@ -3721,14 +3722,14 @@
242 if (index == sizeof(Block)) {
245 - des_ecb3_encrypt(stp->str_feed, b, stp->str_sched[0],
246 + DES_ecb3_encrypt(stp->str_feed, b, stp->str_sched[0],
247 stp->str_sched[1], stp->str_sched[2], 1);
249 - des_ecb_encrypt(stp->str_output, b,
250 + DES_ecb_encrypt(stp->str_output, b,
251 stp->str_sched[0], 1);
252 - des_ecb_encrypt(stp->str_output, b,
253 + DES_ecb_encrypt(stp->str_output, b,
254 stp->str_sched[1], 0);
255 - des_ecb_encrypt(stp->str_output, b,
256 + DES_ecb_encrypt(stp->str_output, b,
257 stp->str_sched[2], 1);
259 memcpy(stp->str_feed, b, sizeof(Block));
260 diff -ur ckermit-9.0.302/ck_ssl.c ckermit-9.0.302.openssl111/ck_ssl.c
261 --- ckermit-9.0.302/ck_ssl.c 2018-10-21 13:19:06.894962175 +0200
262 +++ ckermit-9.0.302.openssl111/ck_ssl.c 2018-10-21 13:05:08.874620118 +0200
266 printf("Error %d while verifying certificate.\r\n",
268 + X509_STORE_CTX_get_error(ctx));
272 @@ -936,10 +936,12 @@
274 if ((dh=DH_new()) == NULL)
276 - dh->p=BN_bin2bn(dh512_p,sizeof(dh512_p),NULL);
277 - dh->g=BN_bin2bn(dh512_g,sizeof(dh512_g),NULL);
278 - if ((dh->p == NULL) || (dh->g == NULL))
279 + BIGNUM *p=BN_bin2bn(dh512_p,sizeof(dh512_p),NULL);
280 + BIGNUM *g=BN_bin2bn(dh512_g,sizeof(dh512_g),NULL);
281 + if (DH_set0_pqg(dh, p, NULL, g) == 0) {
288 @@ -950,10 +952,12 @@
290 if ((dh=DH_new()) == NULL)
292 - dh->p=BN_bin2bn(dh768_p,sizeof(dh768_p),NULL);
293 - dh->g=BN_bin2bn(dh768_g,sizeof(dh768_g),NULL);
294 - if ((dh->p == NULL) || (dh->g == NULL))
295 + BIGNUM *p=BN_bin2bn(dh768_p,sizeof(dh768_p),NULL);
296 + BIGNUM *g=BN_bin2bn(dh768_g,sizeof(dh768_g),NULL);
297 + if (DH_set0_pqg(dh, p, NULL, g) == 0) {
304 @@ -964,10 +968,12 @@
306 if ((dh=DH_new()) == NULL)
308 - dh->p=BN_bin2bn(dh1024_p,sizeof(dh1024_p),NULL);
309 - dh->g=BN_bin2bn(dh1024_g,sizeof(dh1024_g),NULL);
310 - if ((dh->p == NULL) || (dh->g == NULL))
311 + BIGNUM *p=BN_bin2bn(dh1024_p,sizeof(dh1024_p),NULL);
312 + BIGNUM *g=BN_bin2bn(dh1024_g,sizeof(dh1024_g),NULL);
313 + if (DH_set0_pqg(dh, p, NULL, g) == 0) {
320 @@ -978,10 +984,12 @@
322 if ((dh=DH_new()) == NULL)
324 - dh->p=BN_bin2bn(dh1536_p,sizeof(dh1536_p),NULL);
325 - dh->g=BN_bin2bn(dh1536_g,sizeof(dh1536_g),NULL);
326 - if ((dh->p == NULL) || (dh->g == NULL))
327 + BIGNUM *p=BN_bin2bn(dh1536_p,sizeof(dh1536_p),NULL);
328 + BIGNUM *g=BN_bin2bn(dh1536_g,sizeof(dh1536_g),NULL);
329 + if (DH_set0_pqg(dh, p, NULL, g) == 0) {
336 @@ -992,10 +1000,12 @@
338 if ((dh=DH_new()) == NULL)
340 - dh->p=BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL);
341 - dh->g=BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL);
342 - if ((dh->p == NULL) || (dh->g == NULL))
343 + BIGNUM *p=BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL);
344 + BIGNUM *g=BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL);
345 + if (DH_set0_pqg(dh, p, NULL, g) == 0) {
352 @@ -1054,11 +1064,15 @@
357 if (ssl->expand == NULL || ssl->expand->meth == NULL)
359 printf("Compression: None\r\n");
362 printf("Compression: %s\r\n",ssl->expand->meth->name);
368 @@ -1457,13 +1471,15 @@
372 - if (cm != NULL && cm->type != NID_undef) {
373 + if (cm != NULL && COMP_get_type(cm) != NID_undef) {
374 SSL_COMP_add_compression_method(0xe0, cm); /* EAY's ZLIB ID */
379 - if (cm != NULL && cm->type != NID_undef)
380 + if (cm != NULL && COMP_get_type(cm) != NID_undef)
381 SSL_COMP_add_compression_method(0xe1, cm); /* EAY's RLE ID */
384 /* Ensure the Random number generator has enough entropy */
385 if ( !RAND_status() ) {
386 @@ -1483,14 +1499,10 @@
388 debug(F110,"ssl_rnd_file",ssl_rnd_file,0);
390 - rc1 = RAND_egd(ssl_rnd_file);
391 - debug(F111,"ssl_once_init","RAND_egd()",rc1);
393 - rc2 = RAND_load_file(ssl_rnd_file, -1);
394 - debug(F111,"ssl_once_init","RAND_load_file()",rc1);
396 + rc2 = RAND_load_file(ssl_rnd_file, -1);
397 + debug(F111,"ssl_once_init","RAND_load_file()",rc2);
399 - if ( rc1 <= 0 && !rc2 )
402 time_t t = time(NULL);
403 int tlen = sizeof(time_t);
404 @@ -2583,14 +2595,13 @@
406 ssl_verify_crl(int ok, X509_STORE_CTX *ctx)
410 X509_NAME *subject = NULL;
411 X509_NAME *issuer = NULL;
413 X509_CRL *crl = NULL;
414 X509_REVOKED *revoked = NULL;
415 X509_STORE_CTX * store_ctx = NULL;
420 @@ -2607,6 +2618,11 @@
424 + obj = X509_OBJECT_new();
426 + X509_STORE_CTX_free(store_ctx);
430 * Determine certificate ingredients in advance
432 @@ -2649,11 +2665,10 @@
433 * Try to retrieve a CRL corresponding to the _subject_ of
434 * the current certificate in order to verify it's integrity.
436 - memset((char *)&obj, 0, sizeof(obj));
437 X509_STORE_CTX_init(store_ctx, crl_store, NULL, NULL);
438 - rc = X509_STORE_get_by_subject(store_ctx, X509_LU_CRL, subject, &obj);
439 + rc = X509_STORE_get_by_subject(store_ctx, X509_LU_CRL, subject, obj);
440 X509_STORE_CTX_cleanup(store_ctx);
441 - crl = obj.data.crl;
442 + crl = X509_OBJECT_get0_X509_CRL(obj);
443 if (rc > 0 && crl != NULL) {
445 * Verify the signature on this CRL
446 @@ -2661,7 +2676,7 @@
447 if (X509_CRL_verify(crl, X509_get_pubkey(xs)) <= 0) {
448 fprintf(stderr, "Invalid signature on CRL!\n");
449 X509_STORE_CTX_set_error(ctx, X509_V_ERR_CRL_SIGNATURE_FAILURE);
450 - X509_OBJECT_free_contents(&obj);
451 + X509_OBJECT_free(obj);
452 X509_STORE_CTX_free(store_ctx);
455 @@ -2674,7 +2689,7 @@
456 fprintf(stderr, "Found CRL has invalid nextUpdate field.\n");
457 X509_STORE_CTX_set_error(ctx,
458 X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD);
459 - X509_OBJECT_free_contents(&obj);
460 + X509_OBJECT_free(obj);
461 X509_STORE_CTX_free(store_ctx);
464 @@ -2683,22 +2698,20 @@
465 "Found CRL is expired - revoking all certificates until you get updated CRL.\n"
467 X509_STORE_CTX_set_error(ctx, X509_V_ERR_CRL_HAS_EXPIRED);
468 - X509_OBJECT_free_contents(&obj);
469 + X509_OBJECT_free(obj);
470 X509_STORE_CTX_free(store_ctx);
473 - X509_OBJECT_free_contents(&obj);
477 * Try to retrieve a CRL corresponding to the _issuer_ of
478 * the current certificate in order to check for revocation.
480 - memset((char *)&obj, 0, sizeof(obj));
481 X509_STORE_CTX_init(store_ctx, crl_store, NULL, NULL);
482 - rc = X509_STORE_get_by_subject(store_ctx, X509_LU_CRL, issuer, &obj);
483 + rc = X509_STORE_get_by_subject(store_ctx, X509_LU_CRL, issuer, obj);
484 X509_STORE_CTX_free(store_ctx); /* calls X509_STORE_CTX_cleanup() */
485 - crl = obj.data.crl;
486 + crl = X509_OBJECT_get0_X509_CRL(obj);
487 if (rc > 0 && crl != NULL) {
489 * Check if the current certificate is revoked by this CRL
490 @@ -2706,20 +2719,17 @@
491 n = sk_X509_REVOKED_num(X509_CRL_get_REVOKED(crl));
492 for (i = 0; i < n; i++) {
493 revoked = sk_X509_REVOKED_value(X509_CRL_get_REVOKED(crl), i);
494 - if (ASN1_INTEGER_cmp(revoked->serialNumber,
495 + if (ASN1_INTEGER_cmp(X509_REVOKED_get0_serialNumber(revoked),
496 X509_get_serialNumber(xs)) == 0) {
498 - serial = ASN1_INTEGER_get(revoked->serialNumber);
499 - cp = X509_NAME_oneline(issuer, NULL, 0);
502 X509_STORE_CTX_set_error(ctx, X509_V_ERR_CERT_REVOKED);
503 - X509_OBJECT_free_contents(&obj);
504 + X509_OBJECT_free(obj);
508 - X509_OBJECT_free_contents(&obj);
510 + X509_OBJECT_free(obj);
511 + X509_STORE_CTX_free(store_ctx);
515 @@ -4338,6 +4348,8 @@
519 + const ASN1_BIT_STRING *peer_sig, *file_sig;
520 + const X509_ALGOR *peer_alg, *file_alg;
522 if ( peer_cert == NULL )
524 @@ -4350,8 +4362,10 @@
526 if (!(fp = fopen(buf, "r")))
528 + X509_get0_signature(&peer_sig, &peer_alg, peer_cert);
529 while (!r && (file_cert = PEM_read_X509(fp, NULL, NULL, NULL))) {
530 - if (!ASN1_STRING_cmp(peer_cert->signature, file_cert->signature))
531 + X509_get0_signature(&file_sig, &file_alg, file_cert);
532 + if (!ASN1_STRING_cmp(peer_sig, file_sig))
534 X509_free(file_cert);