[packages/freerdp.git] / freerdp-openssl.patch

--- freerdp-1.0.2/libfreerdp-core/crypto.h.orig	2013-01-02 22:46:59.000000000 +0100
+++ freerdp-1.0.2/libfreerdp-core/crypto.h	2023-02-14 16:04:15.755244644 +0100
@@ -64,12 +64,12 @@ struct crypto_rc4_struct
 
 struct crypto_des3_struct
 {
-	EVP_CIPHER_CTX des3_ctx;
+	EVP_CIPHER_CTX * des3_ctx;
 };
 
 struct crypto_hmac_struct
 {
-	HMAC_CTX hmac_ctx;
+	HMAC_CTX * hmac_ctx;
 };
 
 struct crypto_cert_struct
--- freerdp-1.0.2/libfreerdp-core/crypto.c.orig	2013-01-02 22:46:59.000000000 +0100
+++ freerdp-1.0.2/libfreerdp-core/crypto.c	2023-02-14 16:04:27.131849678 +0100
@@ -75,31 +75,31 @@ void crypto_rc4_free(CryptoRc4 rc4)
 CryptoDes3 crypto_des3_encrypt_init(const uint8* key, const uint8* ivec)
 {
 	CryptoDes3 des3 = xmalloc(sizeof(*des3));
-	EVP_CIPHER_CTX_init(&des3->des3_ctx);
-	EVP_EncryptInit_ex(&des3->des3_ctx, EVP_des_ede3_cbc(), NULL, key, ivec);
-	EVP_CIPHER_CTX_set_padding(&des3->des3_ctx, 0);
+	des3->des3_ctx = EVP_CIPHER_CTX_new();
+	EVP_EncryptInit_ex(des3->des3_ctx, EVP_des_ede3_cbc(), NULL, key, ivec);
+	EVP_CIPHER_CTX_set_padding(des3->des3_ctx, 0);
 	return des3;
 }
 
 CryptoDes3 crypto_des3_decrypt_init(const uint8* key, const uint8* ivec)
 {
 	CryptoDes3 des3 = xmalloc(sizeof(*des3));
-	EVP_CIPHER_CTX_init(&des3->des3_ctx);
-	EVP_DecryptInit_ex(&des3->des3_ctx, EVP_des_ede3_cbc(), NULL, key, ivec);
-	EVP_CIPHER_CTX_set_padding(&des3->des3_ctx, 0);
+	des3->des3_ctx = EVP_CIPHER_CTX_new();
+	EVP_DecryptInit_ex(des3->des3_ctx, EVP_des_ede3_cbc(), NULL, key, ivec);
+	EVP_CIPHER_CTX_set_padding(des3->des3_ctx, 0);
 	return des3;
 }
 
 void crypto_des3_encrypt(CryptoDes3 des3, uint32 length, const uint8* in_data, uint8* out_data)
 {
 	int len;
-	EVP_EncryptUpdate(&des3->des3_ctx, out_data, &len, in_data, length);
+	EVP_EncryptUpdate(des3->des3_ctx, out_data, &len, in_data, length);
 }
 
 void crypto_des3_decrypt(CryptoDes3 des3, uint32 length, const uint8* in_data, uint8* out_data)
 {
 	int len;
-	EVP_DecryptUpdate(&des3->des3_ctx, out_data, &len, in_data, length);
+	EVP_DecryptUpdate(des3->des3_ctx, out_data, &len, in_data, length);
 
 	if (length != len)
 		abort(); /* TODO */
@@ -109,37 +109,37 @@ void crypto_des3_free(CryptoDes3 des3)
 {
 	if (des3 == NULL)
 		return;
-	EVP_CIPHER_CTX_cleanup(&des3->des3_ctx);
+	EVP_CIPHER_CTX_free(des3->des3_ctx);
 	xfree(des3);
 }
 
 CryptoHmac crypto_hmac_new(void)
 {
 	CryptoHmac hmac = xmalloc(sizeof(*hmac));
-	HMAC_CTX_init(&hmac->hmac_ctx);
+	hmac->hmac_ctx = HMAC_CTX_new();
 	return hmac;
 }
 
 void crypto_hmac_sha1_init(CryptoHmac hmac, const uint8* data, uint32 length)
 {
-	HMAC_Init_ex(&hmac->hmac_ctx, data, length, EVP_sha1(), NULL);
+	HMAC_Init_ex(hmac->hmac_ctx, data, length, EVP_sha1(), NULL);
 }
 
 void crypto_hmac_update(CryptoHmac hmac, const uint8* data, uint32 length)
 {
-	HMAC_Update(&hmac->hmac_ctx, data, length);
+	HMAC_Update(hmac->hmac_ctx, data, length);
 }
 
 void crypto_hmac_final(CryptoHmac hmac, uint8* out_data, uint32 length)
 {
-	HMAC_Final(&hmac->hmac_ctx, out_data, &length);
+	HMAC_Final(hmac->hmac_ctx, out_data, &length);
 }
 
 void crypto_hmac_free(CryptoHmac hmac)
 {
 	if (hmac == NULL)
 		return;
-	HMAC_CTX_cleanup(&hmac->hmac_ctx);
+	HMAC_CTX_free(hmac->hmac_ctx);
 	xfree(hmac);
 }
 
@@ -236,7 +236,7 @@ static void crypto_rsa_common(const uint
 	uint8* input_reverse;
 	uint8* modulus_reverse;
 	uint8* exponent_reverse;
-	BIGNUM mod, exp, x, y;
+	BIGNUM *mod, *exp, *x, *y;
 
 	input_reverse = (uint8*) xmalloc(2 * key_length + exponent_size);
 	modulus_reverse = input_reverse + key_length;
@@ -250,26 +250,26 @@ static void crypto_rsa_common(const uint
 	crypto_reverse(input_reverse, length);
 
 	ctx = BN_CTX_new();
-	BN_init(&mod);
-	BN_init(&exp);
-	BN_init(&x);
-	BN_init(&y);
-
-	BN_bin2bn(modulus_reverse, key_length, &mod);
-	BN_bin2bn(exponent_reverse, exponent_size, &exp);
-	BN_bin2bn(input_reverse, length, &x);
-	BN_mod_exp(&y, &x, &exp, &mod, ctx);
+	mod = BN_new();
+	exp = BN_new();
+	x = BN_new();
+	y = BN_new();
+
+	BN_bin2bn(modulus_reverse, key_length, mod);
+	BN_bin2bn(exponent_reverse, exponent_size, exp);
+	BN_bin2bn(input_reverse, length, x);
+	BN_mod_exp(y, x, &exp, &mod, ctx);
 
-	output_length = BN_bn2bin(&y, output);
+	output_length = BN_bn2bin(y, output);
 	crypto_reverse(output, output_length);
 
 	if (output_length < (int) key_length)
 		memset(output + output_length, 0, key_length - output_length);
 
-	BN_free(&y);
-	BN_clear_free(&x);
-	BN_free(&exp);
-	BN_free(&mod);
+	BN_free(y);
+	BN_clear_free(x);
+	BN_free(exp);
+	BN_free(mod);
 	BN_CTX_free(ctx);
 	xfree(input_reverse);
 }
--- freerdp-1.0.2/libfreerdp-core/ntlmssp.c.orig	2013-01-02 22:46:59.000000000 +0100
+++ freerdp-1.0.2/libfreerdp-core/ntlmssp.c	2023-02-14 16:04:30.035167283 +0100
@@ -456,7 +456,7 @@ void ntlmssp_compute_lm_hash(char* passw
 	char text[14];
 	char des_key1[8];
 	char des_key2[8];
-	des_key_schedule ks;
+	DES_key_schedule ks;
 
 	/* LM("password") = E52CAC67419A9A224A3B108F3FA6CB6D */
 
@@ -530,7 +530,7 @@ void ntlmssp_compute_lm_response(char* p
 	char des_key1[8];
 	char des_key2[8];
 	char des_key3[8];
-	des_key_schedule ks;
+	DES_key_schedule ks;
 
 	/* A LM hash is 16-bytes long, but the LM response uses a LM hash null-padded to 21 bytes */
 	memset(hash, '\0', 21);
@@ -1154,19 +1154,20 @@ static void ntlmssp_output_version(STREA
 
 void ntlmssp_compute_message_integrity_check(NTLMSSP* ntlmssp)
 {
-	HMAC_CTX hmac_ctx;
+	HMAC_CTX *hmac_ctx;
 
 	/* 
 	 * Compute the HMAC-MD5 hash of ConcatenationOf(NEGOTIATE_MESSAGE,
 	 * CHALLENGE_MESSAGE, AUTHENTICATE_MESSAGE) using the ExportedSessionKey
 	 */
 
-	HMAC_CTX_init(&hmac_ctx);
-	HMAC_Init_ex(&hmac_ctx, ntlmssp->exported_session_key, 16, EVP_md5(), NULL);
-	HMAC_Update(&hmac_ctx, ntlmssp->negotiate_message.data, ntlmssp->negotiate_message.length);
-	HMAC_Update(&hmac_ctx, ntlmssp->challenge_message.data, ntlmssp->challenge_message.length);
-	HMAC_Update(&hmac_ctx, ntlmssp->authenticate_message.data, ntlmssp->authenticate_message.length);
-	HMAC_Final(&hmac_ctx, ntlmssp->message_integrity_check, NULL);
+	hmac_ctx = HMAC_CTX_new();
+	HMAC_Init_ex(hmac_ctx, ntlmssp->exported_session_key, 16, EVP_md5(), NULL);
+	HMAC_Update(hmac_ctx, ntlmssp->negotiate_message.data, ntlmssp->negotiate_message.length);
+	HMAC_Update(hmac_ctx, ntlmssp->challenge_message.data, ntlmssp->challenge_message.length);
+	HMAC_Update(hmac_ctx, ntlmssp->authenticate_message.data, ntlmssp->authenticate_message.length);
+	HMAC_Final(hmac_ctx, ntlmssp->message_integrity_check, NULL);
+	HMAC_CTX_free(hmac_ctx);
 }
 
 /**
@@ -1181,17 +1182,17 @@ void ntlmssp_compute_message_integrity_c
 
 void ntlmssp_encrypt_message(NTLMSSP* ntlmssp, rdpBlob* msg, rdpBlob* encrypted_msg, uint8* signature)
 {
-	HMAC_CTX hmac_ctx;
+	HMAC_CTX *hmac_ctx;
 	uint8 digest[16];
 	uint8 checksum[8];
 	uint32 version = 1;
 
 	/* Compute the HMAC-MD5 hash of ConcatenationOf(seq_num,msg) using the client signing key */
-	HMAC_CTX_init(&hmac_ctx);
-	HMAC_Init_ex(&hmac_ctx, ntlmssp->client_signing_key, 16, EVP_md5(), NULL);
-	HMAC_Update(&hmac_ctx, (void*) &ntlmssp->send_seq_num, 4);
-	HMAC_Update(&hmac_ctx, msg->data, msg->length);
-	HMAC_Final(&hmac_ctx, digest, NULL);
+	hmac_ctx = HMAC_CTX_new();
+	HMAC_Init_ex(hmac_ctx, ntlmssp->client_signing_key, 16, EVP_md5(), NULL);
+	HMAC_Update(hmac_ctx, (void*) &ntlmssp->send_seq_num, 4);
+	HMAC_Update(hmac_ctx, msg->data, msg->length);
+	HMAC_Final(hmac_ctx, digest, NULL);
 
 	/* Allocate space for encrypted message */
 	freerdp_blob_alloc(encrypted_msg, msg->length);
@@ -1207,7 +1208,7 @@ void ntlmssp_encrypt_message(NTLMSSP* nt
 	memcpy(&signature[4], (void*) checksum, 8);
 	memcpy(&signature[12], (void*) &(ntlmssp->send_seq_num), 4);
 
-	HMAC_CTX_cleanup(&hmac_ctx);
+	HMAC_CTX_free(hmac_ctx);
 
 	ntlmssp->send_seq_num++;
 }
@@ -1225,7 +1226,7 @@ void ntlmssp_encrypt_message(NTLMSSP* nt
 
 int ntlmssp_decrypt_message(NTLMSSP* ntlmssp, rdpBlob* encrypted_msg, rdpBlob* msg, uint8* signature)
 {
-	HMAC_CTX hmac_ctx;
+	HMAC_CTX *hmac_ctx;
 	uint8 digest[16];
 	uint8 checksum[8];
 	uint32 version = 1;
@@ -1238,11 +1239,11 @@ int ntlmssp_decrypt_message(NTLMSSP* ntl
 	crypto_rc4(ntlmssp->recv_rc4_seal, encrypted_msg->length, encrypted_msg->data, msg->data);
 
 	/* Compute the HMAC-MD5 hash of ConcatenationOf(seq_num,msg) using the client signing key */
-	HMAC_CTX_init(&hmac_ctx);
-	HMAC_Init_ex(&hmac_ctx, ntlmssp->server_signing_key, 16, EVP_md5(), NULL);
-	HMAC_Update(&hmac_ctx, (void*) &ntlmssp->recv_seq_num, 4);
-	HMAC_Update(&hmac_ctx, msg->data, msg->length);
-	HMAC_Final(&hmac_ctx, digest, NULL);
+	hmac_ctx = HMAC_CTX_new();
+	HMAC_Init_ex(hmac_ctx, ntlmssp->server_signing_key, 16, EVP_md5(), NULL);
+	HMAC_Update(hmac_ctx, (void*) &ntlmssp->recv_seq_num, 4);
+	HMAC_Update(hmac_ctx, msg->data, msg->length);
+	HMAC_Final(hmac_ctx, digest, NULL);
 
 	/* RC4-encrypt first 8 bytes of digest */
 	crypto_rc4(ntlmssp->recv_rc4_seal, 8, digest, checksum);
@@ -1252,6 +1253,8 @@ int ntlmssp_decrypt_message(NTLMSSP* ntl
 	memcpy(&expected_signature[4], (void*) checksum, 8);
 	memcpy(&expected_signature[12], (void*) &(ntlmssp->recv_seq_num), 4);
 
+	HMAC_CTX_free(hmac_ctx);
+
 	if (memcmp(signature, expected_signature, 16) != 0)
 	{
 		/* signature verification failed! */
@@ -1259,8 +1262,6 @@ int ntlmssp_decrypt_message(NTLMSSP* ntl
 		return 0;
 	}
 
-	HMAC_CTX_cleanup(&hmac_ctx);
-
 	ntlmssp->recv_seq_num++;
 	return 1;
 }
--- freerdp-1.0.2/libfreerdp-core/certificate.c.orig	2013-01-02 22:46:59.000000000 +0100
+++ freerdp-1.0.2/libfreerdp-core/certificate.c	2023-02-14 16:04:32.955151464 +0100
@@ -525,21 +525,21 @@ rdpKey* key_new(const char* keyfile)
 			return NULL;
 	}
 
-	if (BN_num_bytes(rsa->e) > 4)
+	if (BN_num_bytes(RSA_get0_e(rsa)) > 4)
 	{
 		RSA_free(rsa);
 		printf("RSA public exponent too large in %s", keyfile);
 		return NULL;
 	}
 
-	freerdp_blob_alloc(&key->modulus, BN_num_bytes(rsa->n));
-	BN_bn2bin(rsa->n, key->modulus.data);
+	freerdp_blob_alloc(&key->modulus, BN_num_bytes(RSA_get0_n(rsa)));
+	BN_bn2bin(RSA_get0_n(rsa), key->modulus.data);
 	crypto_reverse(key->modulus.data, key->modulus.length);
-	freerdp_blob_alloc(&key->private_exponent, BN_num_bytes(rsa->d));
-	BN_bn2bin(rsa->d, key->private_exponent.data);
+	freerdp_blob_alloc(&key->private_exponent, BN_num_bytes(RSA_get0_d(rsa)));
+	BN_bn2bin(RSA_get0_d(rsa), key->private_exponent.data);
 	crypto_reverse(key->private_exponent.data, key->private_exponent.length);
 	memset(key->exponent, 0, sizeof(key->exponent));
-	BN_bn2bin(rsa->e, key->exponent + sizeof(key->exponent) - BN_num_bytes(rsa->e));
+	BN_bn2bin(RSA_get0_e(rsa), key->exponent + sizeof(key->exponent) - BN_num_bytes(RSA_get0_e(rsa)));
 	crypto_reverse(key->exponent, sizeof(key->exponent));
 
 	RSA_free(rsa);
Commit	Line	Data
73569c1f JB	1	--- freerdp-1.0.2/libfreerdp-core/crypto.h.orig 2013-01-02 22:46:59.000000000 +0100
	2	+++ freerdp-1.0.2/libfreerdp-core/crypto.h 2023-02-14 16:04:15.755244644 +0100
	3	@@ -64,12 +64,12 @@ struct crypto_rc4_struct
	4
	5	struct crypto_des3_struct
	6	{
	7	- EVP_CIPHER_CTX des3_ctx;
	8	+ EVP_CIPHER_CTX * des3_ctx;
	9	};
	10
	11	struct crypto_hmac_struct
	12	{
	13	- HMAC_CTX hmac_ctx;
	14	+ HMAC_CTX * hmac_ctx;
	15	};
	16
	17	struct crypto_cert_struct
	18	--- freerdp-1.0.2/libfreerdp-core/crypto.c.orig 2013-01-02 22:46:59.000000000 +0100
	19	+++ freerdp-1.0.2/libfreerdp-core/crypto.c 2023-02-14 16:04:27.131849678 +0100
	20	@@ -75,31 +75,31 @@ void crypto_rc4_free(CryptoRc4 rc4)
	21	CryptoDes3 crypto_des3_encrypt_init(const uint8* key, const uint8* ivec)
	22	{
	23	CryptoDes3 des3 = xmalloc(sizeof(*des3));
	24	- EVP_CIPHER_CTX_init(&des3->des3_ctx);
	25	- EVP_EncryptInit_ex(&des3->des3_ctx, EVP_des_ede3_cbc(), NULL, key, ivec);
	26	- EVP_CIPHER_CTX_set_padding(&des3->des3_ctx, 0);
	27	+ des3->des3_ctx = EVP_CIPHER_CTX_new();
	28	+ EVP_EncryptInit_ex(des3->des3_ctx, EVP_des_ede3_cbc(), NULL, key, ivec);
	29	+ EVP_CIPHER_CTX_set_padding(des3->des3_ctx, 0);
	30	return des3;
	31	}
	32
	33	CryptoDes3 crypto_des3_decrypt_init(const uint8* key, const uint8* ivec)
	34	{
	35	CryptoDes3 des3 = xmalloc(sizeof(*des3));
	36	- EVP_CIPHER_CTX_init(&des3->des3_ctx);
	37	- EVP_DecryptInit_ex(&des3->des3_ctx, EVP_des_ede3_cbc(), NULL, key, ivec);
	38	- EVP_CIPHER_CTX_set_padding(&des3->des3_ctx, 0);
	39	+ des3->des3_ctx = EVP_CIPHER_CTX_new();
	40	+ EVP_DecryptInit_ex(des3->des3_ctx, EVP_des_ede3_cbc(), NULL, key, ivec);
	41	+ EVP_CIPHER_CTX_set_padding(des3->des3_ctx, 0);
	42	return des3;
	43	}
	44
	45	void crypto_des3_encrypt(CryptoDes3 des3, uint32 length, const uint8* in_data, uint8* out_data)
	46	{
	47	int len;
	48	- EVP_EncryptUpdate(&des3->des3_ctx, out_data, &len, in_data, length);
	49	+ EVP_EncryptUpdate(des3->des3_ctx, out_data, &len, in_data, length);
	50	}
	51
	52	void crypto_des3_decrypt(CryptoDes3 des3, uint32 length, const uint8* in_data, uint8* out_data)
	53	{
	54	int len;
	55	- EVP_DecryptUpdate(&des3->des3_ctx, out_data, &len, in_data, length);
	56	+ EVP_DecryptUpdate(des3->des3_ctx, out_data, &len, in_data, length);
	57
	58	if (length != len)
	59	abort(); /* TODO */
	60	@@ -109,37 +109,37 @@ void crypto_des3_free(CryptoDes3 des3)
	61	{
	62	if (des3 == NULL)
	63	return;
	64	- EVP_CIPHER_CTX_cleanup(&des3->des3_ctx);
65	+ EVP_CIPHER_CTX_free(des3->des3_ctx);
66	xfree(des3);
67	}
68
69	CryptoHmac crypto_hmac_new(void)
70	{
71	CryptoHmac hmac = xmalloc(sizeof(*hmac));
72	- HMAC_CTX_init(&hmac->hmac_ctx);
73	+ hmac->hmac_ctx = HMAC_CTX_new();
74	return hmac;
75	}
76
77	void crypto_hmac_sha1_init(CryptoHmac hmac, const uint8* data, uint32 length)
78	{
79	- HMAC_Init_ex(&hmac->hmac_ctx, data, length, EVP_sha1(), NULL);
80	+ HMAC_Init_ex(hmac->hmac_ctx, data, length, EVP_sha1(), NULL);
81	}
82
83	void crypto_hmac_update(CryptoHmac hmac, const uint8* data, uint32 length)
84	{
85	- HMAC_Update(&hmac->hmac_ctx, data, length);
86	+ HMAC_Update(hmac->hmac_ctx, data, length);
87	}
88
89	void crypto_hmac_final(CryptoHmac hmac, uint8* out_data, uint32 length)
90	{
91	- HMAC_Final(&hmac->hmac_ctx, out_data, &length);
92	+ HMAC_Final(hmac->hmac_ctx, out_data, &length);
93	}
94
95	void crypto_hmac_free(CryptoHmac hmac)
96	{
97	if (hmac == NULL)
98	return;
99	- HMAC_CTX_cleanup(&hmac->hmac_ctx);
100	+ HMAC_CTX_free(hmac->hmac_ctx);
101	xfree(hmac);
102	}
103
104	@@ -236,7 +236,7 @@ static void crypto_rsa_common(const uint
105	uint8* input_reverse;
106	uint8* modulus_reverse;
107	uint8* exponent_reverse;
108	- BIGNUM mod, exp, x, y;
109	+ BIGNUM mod, exp, x, y;
110
111	input_reverse = (uint8) xmalloc(2 key_length + exponent_size);
112	modulus_reverse = input_reverse + key_length;
113	@@ -250,26 +250,26 @@ static void crypto_rsa_common(const uint
114	crypto_reverse(input_reverse, length);
115
116	ctx = BN_CTX_new();
117	- BN_init(&mod);
118	- BN_init(&exp);
119	- BN_init(&x);
120	- BN_init(&y);
121	-
122	- BN_bin2bn(modulus_reverse, key_length, &mod);
123	- BN_bin2bn(exponent_reverse, exponent_size, &exp);
124	- BN_bin2bn(input_reverse, length, &x);
125	- BN_mod_exp(&y, &x, &exp, &mod, ctx);
126	+ mod = BN_new();
127	+ exp = BN_new();
128	+ x = BN_new();
129	+ y = BN_new();
130	+
131	+ BN_bin2bn(modulus_reverse, key_length, mod);
132	+ BN_bin2bn(exponent_reverse, exponent_size, exp);
133	+ BN_bin2bn(input_reverse, length, x);
134	+ BN_mod_exp(y, x, &exp, &mod, ctx);
135
136	- output_length = BN_bn2bin(&y, output);
137	+ output_length = BN_bn2bin(y, output);
138	crypto_reverse(output, output_length);
139
140	if (output_length < (int) key_length)
141	memset(output + output_length, 0, key_length - output_length);
142
143	- BN_free(&y);
144	- BN_clear_free(&x);
145	- BN_free(&exp);
146	- BN_free(&mod);
147	+ BN_free(y);
148	+ BN_clear_free(x);
149	+ BN_free(exp);
150	+ BN_free(mod);
151	BN_CTX_free(ctx);
152	xfree(input_reverse);
153	}
154	--- freerdp-1.0.2/libfreerdp-core/ntlmssp.c.orig 2013-01-02 22:46:59.000000000 +0100
155	+++ freerdp-1.0.2/libfreerdp-core/ntlmssp.c 2023-02-14 16:04:30.035167283 +0100
156	@@ -456,7 +456,7 @@ void ntlmssp_compute_lm_hash(char* passw
157	char text[14];
158	char des_key1[8];
159	char des_key2[8];
160	- des_key_schedule ks;
161	+ DES_key_schedule ks;
162
163	/* LM("password") = E52CAC67419A9A224A3B108F3FA6CB6D */
164
165	@@ -530,7 +530,7 @@ void ntlmssp_compute_lm_response(char* p
166	char des_key1[8];
167	char des_key2[8];
168	char des_key3[8];
169	- des_key_schedule ks;
170	+ DES_key_schedule ks;
171
172	/* A LM hash is 16-bytes long, but the LM response uses a LM hash null-padded to 21 bytes */
173	memset(hash, '\0', 21);
174	@@ -1154,19 +1154,20 @@ static void ntlmssp_output_version(STREA
175
176	void ntlmssp_compute_message_integrity_check(NTLMSSP* ntlmssp)
177	{
178	- HMAC_CTX hmac_ctx;
179	+ HMAC_CTX *hmac_ctx;
180
181	/*
182	* Compute the HMAC-MD5 hash of ConcatenationOf(NEGOTIATE_MESSAGE,
183	* CHALLENGE_MESSAGE, AUTHENTICATE_MESSAGE) using the ExportedSessionKey
184	*/
185
186	- HMAC_CTX_init(&hmac_ctx);
187	- HMAC_Init_ex(&hmac_ctx, ntlmssp->exported_session_key, 16, EVP_md5(), NULL);
188	- HMAC_Update(&hmac_ctx, ntlmssp->negotiate_message.data, ntlmssp->negotiate_message.length);
189	- HMAC_Update(&hmac_ctx, ntlmssp->challenge_message.data, ntlmssp->challenge_message.length);
190	- HMAC_Update(&hmac_ctx, ntlmssp->authenticate_message.data, ntlmssp->authenticate_message.length);
191	- HMAC_Final(&hmac_ctx, ntlmssp->message_integrity_check, NULL);
192	+ hmac_ctx = HMAC_CTX_new();
193	+ HMAC_Init_ex(hmac_ctx, ntlmssp->exported_session_key, 16, EVP_md5(), NULL);
194	+ HMAC_Update(hmac_ctx, ntlmssp->negotiate_message.data, ntlmssp->negotiate_message.length);
195	+ HMAC_Update(hmac_ctx, ntlmssp->challenge_message.data, ntlmssp->challenge_message.length);
196	+ HMAC_Update(hmac_ctx, ntlmssp->authenticate_message.data, ntlmssp->authenticate_message.length);
197	+ HMAC_Final(hmac_ctx, ntlmssp->message_integrity_check, NULL);
198	+ HMAC_CTX_free(hmac_ctx);
199	}
200
201	/**
202	@@ -1181,17 +1182,17 @@ void ntlmssp_compute_message_integrity_c
203
204	void ntlmssp_encrypt_message(NTLMSSP* ntlmssp, rdpBlob* msg, rdpBlob* encrypted_msg, uint8* signature)
205	{
206	- HMAC_CTX hmac_ctx;
207	+ HMAC_CTX *hmac_ctx;
208	uint8 digest[16];
209	uint8 checksum[8];
210	uint32 version = 1;
211
212	/* Compute the HMAC-MD5 hash of ConcatenationOf(seq_num,msg) using the client signing key */
213	- HMAC_CTX_init(&hmac_ctx);
214	- HMAC_Init_ex(&hmac_ctx, ntlmssp->client_signing_key, 16, EVP_md5(), NULL);
215	- HMAC_Update(&hmac_ctx, (void*) &ntlmssp->send_seq_num, 4);
216	- HMAC_Update(&hmac_ctx, msg->data, msg->length);
217	- HMAC_Final(&hmac_ctx, digest, NULL);
218	+ hmac_ctx = HMAC_CTX_new();
219	+ HMAC_Init_ex(hmac_ctx, ntlmssp->client_signing_key, 16, EVP_md5(), NULL);
220	+ HMAC_Update(hmac_ctx, (void*) &ntlmssp->send_seq_num, 4);
221	+ HMAC_Update(hmac_ctx, msg->data, msg->length);
222	+ HMAC_Final(hmac_ctx, digest, NULL);
223
224	/* Allocate space for encrypted message */
225	freerdp_blob_alloc(encrypted_msg, msg->length);
226	@@ -1207,7 +1208,7 @@ void ntlmssp_encrypt_message(NTLMSSP* nt
227	memcpy(&signature[4], (void*) checksum, 8);
228	memcpy(&signature[12], (void*) &(ntlmssp->send_seq_num), 4);
229
230	- HMAC_CTX_cleanup(&hmac_ctx);
231	+ HMAC_CTX_free(hmac_ctx);
232
233	ntlmssp->send_seq_num++;
234	}
235	@@ -1225,7 +1226,7 @@ void ntlmssp_encrypt_message(NTLMSSP* nt
236
237	int ntlmssp_decrypt_message(NTLMSSP* ntlmssp, rdpBlob* encrypted_msg, rdpBlob* msg, uint8* signature)
238	{
239	- HMAC_CTX hmac_ctx;
240	+ HMAC_CTX *hmac_ctx;
241	uint8 digest[16];
242	uint8 checksum[8];
243	uint32 version = 1;
244	@@ -1238,11 +1239,11 @@ int ntlmssp_decrypt_message(NTLMSSP* ntl
245	crypto_rc4(ntlmssp->recv_rc4_seal, encrypted_msg->length, encrypted_msg->data, msg->data);
246
247	/* Compute the HMAC-MD5 hash of ConcatenationOf(seq_num,msg) using the client signing key */
248	- HMAC_CTX_init(&hmac_ctx);
249	- HMAC_Init_ex(&hmac_ctx, ntlmssp->server_signing_key, 16, EVP_md5(), NULL);
250	- HMAC_Update(&hmac_ctx, (void*) &ntlmssp->recv_seq_num, 4);
251	- HMAC_Update(&hmac_ctx, msg->data, msg->length);
252	- HMAC_Final(&hmac_ctx, digest, NULL);
253	+ hmac_ctx = HMAC_CTX_new();
254	+ HMAC_Init_ex(hmac_ctx, ntlmssp->server_signing_key, 16, EVP_md5(), NULL);
255	+ HMAC_Update(hmac_ctx, (void*) &ntlmssp->recv_seq_num, 4);
256	+ HMAC_Update(hmac_ctx, msg->data, msg->length);
257	+ HMAC_Final(hmac_ctx, digest, NULL);
258
259	/* RC4-encrypt first 8 bytes of digest */
260	crypto_rc4(ntlmssp->recv_rc4_seal, 8, digest, checksum);
261	@@ -1252,6 +1253,8 @@ int ntlmssp_decrypt_message(NTLMSSP* ntl
262	memcpy(&expected_signature[4], (void*) checksum, 8);
263	memcpy(&expected_signature[12], (void*) &(ntlmssp->recv_seq_num), 4);
264
265	+ HMAC_CTX_free(hmac_ctx);
266	+
267	if (memcmp(signature, expected_signature, 16) != 0)
268	{
269	/* signature verification failed! */
270	@@ -1259,8 +1262,6 @@ int ntlmssp_decrypt_message(NTLMSSP* ntl
271	return 0;
272	}
273
274	- HMAC_CTX_cleanup(&hmac_ctx);
275	-
276	ntlmssp->recv_seq_num++;
277	return 1;
278	}
279	--- freerdp-1.0.2/libfreerdp-core/certificate.c.orig 2013-01-02 22:46:59.000000000 +0100
280	+++ freerdp-1.0.2/libfreerdp-core/certificate.c 2023-02-14 16:04:32.955151464 +0100
281	@@ -525,21 +525,21 @@ rdpKey* key_new(const char* keyfile)
282	return NULL;
283	}
284
285	- if (BN_num_bytes(rsa->e) > 4)
286	+ if (BN_num_bytes(RSA_get0_e(rsa)) > 4)
287	{
288	RSA_free(rsa);
289	printf("RSA public exponent too large in %s", keyfile);
290	return NULL;
291	}
292
293	- freerdp_blob_alloc(&key->modulus, BN_num_bytes(rsa->n));
294	- BN_bn2bin(rsa->n, key->modulus.data);
295	+ freerdp_blob_alloc(&key->modulus, BN_num_bytes(RSA_get0_n(rsa)));
296	+ BN_bn2bin(RSA_get0_n(rsa), key->modulus.data);
297	crypto_reverse(key->modulus.data, key->modulus.length);
298	- freerdp_blob_alloc(&key->private_exponent, BN_num_bytes(rsa->d));
299	- BN_bn2bin(rsa->d, key->private_exponent.data);
300	+ freerdp_blob_alloc(&key->private_exponent, BN_num_bytes(RSA_get0_d(rsa)));
301	+ BN_bn2bin(RSA_get0_d(rsa), key->private_exponent.data);
302	crypto_reverse(key->private_exponent.data, key->private_exponent.length);
303	memset(key->exponent, 0, sizeof(key->exponent));
304	- BN_bn2bin(rsa->e, key->exponent + sizeof(key->exponent) - BN_num_bytes(rsa->e));
305	+ BN_bn2bin(RSA_get0_e(rsa), key->exponent + sizeof(key->exponent) - BN_num_bytes(RSA_get0_e(rsa)));
306	crypto_reverse(key->exponent, sizeof(key->exponent));
307
308	RSA_free(rsa);