]>
Commit | Line | Data |
---|---|---|
73569c1f JB |
1 | --- freerdp-1.0.2/libfreerdp-core/crypto.h.orig 2013-01-02 22:46:59.000000000 +0100 |
2 | +++ freerdp-1.0.2/libfreerdp-core/crypto.h 2023-02-14 16:04:15.755244644 +0100 | |
3 | @@ -64,12 +64,12 @@ struct crypto_rc4_struct | |
4 | ||
5 | struct crypto_des3_struct | |
6 | { | |
7 | - EVP_CIPHER_CTX des3_ctx; | |
8 | + EVP_CIPHER_CTX * des3_ctx; | |
9 | }; | |
10 | ||
11 | struct crypto_hmac_struct | |
12 | { | |
13 | - HMAC_CTX hmac_ctx; | |
14 | + HMAC_CTX * hmac_ctx; | |
15 | }; | |
16 | ||
17 | struct crypto_cert_struct | |
18 | --- freerdp-1.0.2/libfreerdp-core/crypto.c.orig 2013-01-02 22:46:59.000000000 +0100 | |
19 | +++ freerdp-1.0.2/libfreerdp-core/crypto.c 2023-02-14 16:04:27.131849678 +0100 | |
20 | @@ -75,31 +75,31 @@ void crypto_rc4_free(CryptoRc4 rc4) | |
21 | CryptoDes3 crypto_des3_encrypt_init(const uint8* key, const uint8* ivec) | |
22 | { | |
23 | CryptoDes3 des3 = xmalloc(sizeof(*des3)); | |
24 | - EVP_CIPHER_CTX_init(&des3->des3_ctx); | |
25 | - EVP_EncryptInit_ex(&des3->des3_ctx, EVP_des_ede3_cbc(), NULL, key, ivec); | |
26 | - EVP_CIPHER_CTX_set_padding(&des3->des3_ctx, 0); | |
27 | + des3->des3_ctx = EVP_CIPHER_CTX_new(); | |
28 | + EVP_EncryptInit_ex(des3->des3_ctx, EVP_des_ede3_cbc(), NULL, key, ivec); | |
29 | + EVP_CIPHER_CTX_set_padding(des3->des3_ctx, 0); | |
30 | return des3; | |
31 | } | |
32 | ||
33 | CryptoDes3 crypto_des3_decrypt_init(const uint8* key, const uint8* ivec) | |
34 | { | |
35 | CryptoDes3 des3 = xmalloc(sizeof(*des3)); | |
36 | - EVP_CIPHER_CTX_init(&des3->des3_ctx); | |
37 | - EVP_DecryptInit_ex(&des3->des3_ctx, EVP_des_ede3_cbc(), NULL, key, ivec); | |
38 | - EVP_CIPHER_CTX_set_padding(&des3->des3_ctx, 0); | |
39 | + des3->des3_ctx = EVP_CIPHER_CTX_new(); | |
40 | + EVP_DecryptInit_ex(des3->des3_ctx, EVP_des_ede3_cbc(), NULL, key, ivec); | |
41 | + EVP_CIPHER_CTX_set_padding(des3->des3_ctx, 0); | |
42 | return des3; | |
43 | } | |
44 | ||
45 | void crypto_des3_encrypt(CryptoDes3 des3, uint32 length, const uint8* in_data, uint8* out_data) | |
46 | { | |
47 | int len; | |
48 | - EVP_EncryptUpdate(&des3->des3_ctx, out_data, &len, in_data, length); | |
49 | + EVP_EncryptUpdate(des3->des3_ctx, out_data, &len, in_data, length); | |
50 | } | |
51 | ||
52 | void crypto_des3_decrypt(CryptoDes3 des3, uint32 length, const uint8* in_data, uint8* out_data) | |
53 | { | |
54 | int len; | |
55 | - EVP_DecryptUpdate(&des3->des3_ctx, out_data, &len, in_data, length); | |
56 | + EVP_DecryptUpdate(des3->des3_ctx, out_data, &len, in_data, length); | |
57 | ||
58 | if (length != len) | |
59 | abort(); /* TODO */ | |
60 | @@ -109,37 +109,37 @@ void crypto_des3_free(CryptoDes3 des3) | |
61 | { | |
62 | if (des3 == NULL) | |
63 | return; | |
64 | - EVP_CIPHER_CTX_cleanup(&des3->des3_ctx); | |
65 | + EVP_CIPHER_CTX_free(des3->des3_ctx); | |
66 | xfree(des3); | |
67 | } | |
68 | ||
69 | CryptoHmac crypto_hmac_new(void) | |
70 | { | |
71 | CryptoHmac hmac = xmalloc(sizeof(*hmac)); | |
72 | - HMAC_CTX_init(&hmac->hmac_ctx); | |
73 | + hmac->hmac_ctx = HMAC_CTX_new(); | |
74 | return hmac; | |
75 | } | |
76 | ||
77 | void crypto_hmac_sha1_init(CryptoHmac hmac, const uint8* data, uint32 length) | |
78 | { | |
79 | - HMAC_Init_ex(&hmac->hmac_ctx, data, length, EVP_sha1(), NULL); | |
80 | + HMAC_Init_ex(hmac->hmac_ctx, data, length, EVP_sha1(), NULL); | |
81 | } | |
82 | ||
83 | void crypto_hmac_update(CryptoHmac hmac, const uint8* data, uint32 length) | |
84 | { | |
85 | - HMAC_Update(&hmac->hmac_ctx, data, length); | |
86 | + HMAC_Update(hmac->hmac_ctx, data, length); | |
87 | } | |
88 | ||
89 | void crypto_hmac_final(CryptoHmac hmac, uint8* out_data, uint32 length) | |
90 | { | |
91 | - HMAC_Final(&hmac->hmac_ctx, out_data, &length); | |
92 | + HMAC_Final(hmac->hmac_ctx, out_data, &length); | |
93 | } | |
94 | ||
95 | void crypto_hmac_free(CryptoHmac hmac) | |
96 | { | |
97 | if (hmac == NULL) | |
98 | return; | |
99 | - HMAC_CTX_cleanup(&hmac->hmac_ctx); | |
100 | + HMAC_CTX_free(hmac->hmac_ctx); | |
101 | xfree(hmac); | |
102 | } | |
103 | ||
104 | @@ -236,7 +236,7 @@ static void crypto_rsa_common(const uint | |
105 | uint8* input_reverse; | |
106 | uint8* modulus_reverse; | |
107 | uint8* exponent_reverse; | |
108 | - BIGNUM mod, exp, x, y; | |
109 | + BIGNUM *mod, *exp, *x, *y; | |
110 | ||
111 | input_reverse = (uint8*) xmalloc(2 * key_length + exponent_size); | |
112 | modulus_reverse = input_reverse + key_length; | |
113 | @@ -250,26 +250,26 @@ static void crypto_rsa_common(const uint | |
114 | crypto_reverse(input_reverse, length); | |
115 | ||
116 | ctx = BN_CTX_new(); | |
117 | - BN_init(&mod); | |
118 | - BN_init(&exp); | |
119 | - BN_init(&x); | |
120 | - BN_init(&y); | |
121 | - | |
122 | - BN_bin2bn(modulus_reverse, key_length, &mod); | |
123 | - BN_bin2bn(exponent_reverse, exponent_size, &exp); | |
124 | - BN_bin2bn(input_reverse, length, &x); | |
125 | - BN_mod_exp(&y, &x, &exp, &mod, ctx); | |
126 | + mod = BN_new(); | |
127 | + exp = BN_new(); | |
128 | + x = BN_new(); | |
129 | + y = BN_new(); | |
130 | + | |
131 | + BN_bin2bn(modulus_reverse, key_length, mod); | |
132 | + BN_bin2bn(exponent_reverse, exponent_size, exp); | |
133 | + BN_bin2bn(input_reverse, length, x); | |
134 | + BN_mod_exp(y, x, &exp, &mod, ctx); | |
135 | ||
136 | - output_length = BN_bn2bin(&y, output); | |
137 | + output_length = BN_bn2bin(y, output); | |
138 | crypto_reverse(output, output_length); | |
139 | ||
140 | if (output_length < (int) key_length) | |
141 | memset(output + output_length, 0, key_length - output_length); | |
142 | ||
143 | - BN_free(&y); | |
144 | - BN_clear_free(&x); | |
145 | - BN_free(&exp); | |
146 | - BN_free(&mod); | |
147 | + BN_free(y); | |
148 | + BN_clear_free(x); | |
149 | + BN_free(exp); | |
150 | + BN_free(mod); | |
151 | BN_CTX_free(ctx); | |
152 | xfree(input_reverse); | |
153 | } | |
154 | --- freerdp-1.0.2/libfreerdp-core/ntlmssp.c.orig 2013-01-02 22:46:59.000000000 +0100 | |
155 | +++ freerdp-1.0.2/libfreerdp-core/ntlmssp.c 2023-02-14 16:04:30.035167283 +0100 | |
156 | @@ -456,7 +456,7 @@ void ntlmssp_compute_lm_hash(char* passw | |
157 | char text[14]; | |
158 | char des_key1[8]; | |
159 | char des_key2[8]; | |
160 | - des_key_schedule ks; | |
161 | + DES_key_schedule ks; | |
162 | ||
163 | /* LM("password") = E52CAC67419A9A224A3B108F3FA6CB6D */ | |
164 | ||
165 | @@ -530,7 +530,7 @@ void ntlmssp_compute_lm_response(char* p | |
166 | char des_key1[8]; | |
167 | char des_key2[8]; | |
168 | char des_key3[8]; | |
169 | - des_key_schedule ks; | |
170 | + DES_key_schedule ks; | |
171 | ||
172 | /* A LM hash is 16-bytes long, but the LM response uses a LM hash null-padded to 21 bytes */ | |
173 | memset(hash, '\0', 21); | |
174 | @@ -1154,19 +1154,20 @@ static void ntlmssp_output_version(STREA | |
175 | ||
176 | void ntlmssp_compute_message_integrity_check(NTLMSSP* ntlmssp) | |
177 | { | |
178 | - HMAC_CTX hmac_ctx; | |
179 | + HMAC_CTX *hmac_ctx; | |
180 | ||
181 | /* | |
182 | * Compute the HMAC-MD5 hash of ConcatenationOf(NEGOTIATE_MESSAGE, | |
183 | * CHALLENGE_MESSAGE, AUTHENTICATE_MESSAGE) using the ExportedSessionKey | |
184 | */ | |
185 | ||
186 | - HMAC_CTX_init(&hmac_ctx); | |
187 | - HMAC_Init_ex(&hmac_ctx, ntlmssp->exported_session_key, 16, EVP_md5(), NULL); | |
188 | - HMAC_Update(&hmac_ctx, ntlmssp->negotiate_message.data, ntlmssp->negotiate_message.length); | |
189 | - HMAC_Update(&hmac_ctx, ntlmssp->challenge_message.data, ntlmssp->challenge_message.length); | |
190 | - HMAC_Update(&hmac_ctx, ntlmssp->authenticate_message.data, ntlmssp->authenticate_message.length); | |
191 | - HMAC_Final(&hmac_ctx, ntlmssp->message_integrity_check, NULL); | |
192 | + hmac_ctx = HMAC_CTX_new(); | |
193 | + HMAC_Init_ex(hmac_ctx, ntlmssp->exported_session_key, 16, EVP_md5(), NULL); | |
194 | + HMAC_Update(hmac_ctx, ntlmssp->negotiate_message.data, ntlmssp->negotiate_message.length); | |
195 | + HMAC_Update(hmac_ctx, ntlmssp->challenge_message.data, ntlmssp->challenge_message.length); | |
196 | + HMAC_Update(hmac_ctx, ntlmssp->authenticate_message.data, ntlmssp->authenticate_message.length); | |
197 | + HMAC_Final(hmac_ctx, ntlmssp->message_integrity_check, NULL); | |
198 | + HMAC_CTX_free(hmac_ctx); | |
199 | } | |
200 | ||
201 | /** | |
202 | @@ -1181,17 +1182,17 @@ void ntlmssp_compute_message_integrity_c | |
203 | ||
204 | void ntlmssp_encrypt_message(NTLMSSP* ntlmssp, rdpBlob* msg, rdpBlob* encrypted_msg, uint8* signature) | |
205 | { | |
206 | - HMAC_CTX hmac_ctx; | |
207 | + HMAC_CTX *hmac_ctx; | |
208 | uint8 digest[16]; | |
209 | uint8 checksum[8]; | |
210 | uint32 version = 1; | |
211 | ||
212 | /* Compute the HMAC-MD5 hash of ConcatenationOf(seq_num,msg) using the client signing key */ | |
213 | - HMAC_CTX_init(&hmac_ctx); | |
214 | - HMAC_Init_ex(&hmac_ctx, ntlmssp->client_signing_key, 16, EVP_md5(), NULL); | |
215 | - HMAC_Update(&hmac_ctx, (void*) &ntlmssp->send_seq_num, 4); | |
216 | - HMAC_Update(&hmac_ctx, msg->data, msg->length); | |
217 | - HMAC_Final(&hmac_ctx, digest, NULL); | |
218 | + hmac_ctx = HMAC_CTX_new(); | |
219 | + HMAC_Init_ex(hmac_ctx, ntlmssp->client_signing_key, 16, EVP_md5(), NULL); | |
220 | + HMAC_Update(hmac_ctx, (void*) &ntlmssp->send_seq_num, 4); | |
221 | + HMAC_Update(hmac_ctx, msg->data, msg->length); | |
222 | + HMAC_Final(hmac_ctx, digest, NULL); | |
223 | ||
224 | /* Allocate space for encrypted message */ | |
225 | freerdp_blob_alloc(encrypted_msg, msg->length); | |
226 | @@ -1207,7 +1208,7 @@ void ntlmssp_encrypt_message(NTLMSSP* nt | |
227 | memcpy(&signature[4], (void*) checksum, 8); | |
228 | memcpy(&signature[12], (void*) &(ntlmssp->send_seq_num), 4); | |
229 | ||
230 | - HMAC_CTX_cleanup(&hmac_ctx); | |
231 | + HMAC_CTX_free(hmac_ctx); | |
232 | ||
233 | ntlmssp->send_seq_num++; | |
234 | } | |
235 | @@ -1225,7 +1226,7 @@ void ntlmssp_encrypt_message(NTLMSSP* nt | |
236 | ||
237 | int ntlmssp_decrypt_message(NTLMSSP* ntlmssp, rdpBlob* encrypted_msg, rdpBlob* msg, uint8* signature) | |
238 | { | |
239 | - HMAC_CTX hmac_ctx; | |
240 | + HMAC_CTX *hmac_ctx; | |
241 | uint8 digest[16]; | |
242 | uint8 checksum[8]; | |
243 | uint32 version = 1; | |
244 | @@ -1238,11 +1239,11 @@ int ntlmssp_decrypt_message(NTLMSSP* ntl | |
245 | crypto_rc4(ntlmssp->recv_rc4_seal, encrypted_msg->length, encrypted_msg->data, msg->data); | |
246 | ||
247 | /* Compute the HMAC-MD5 hash of ConcatenationOf(seq_num,msg) using the client signing key */ | |
248 | - HMAC_CTX_init(&hmac_ctx); | |
249 | - HMAC_Init_ex(&hmac_ctx, ntlmssp->server_signing_key, 16, EVP_md5(), NULL); | |
250 | - HMAC_Update(&hmac_ctx, (void*) &ntlmssp->recv_seq_num, 4); | |
251 | - HMAC_Update(&hmac_ctx, msg->data, msg->length); | |
252 | - HMAC_Final(&hmac_ctx, digest, NULL); | |
253 | + hmac_ctx = HMAC_CTX_new(); | |
254 | + HMAC_Init_ex(hmac_ctx, ntlmssp->server_signing_key, 16, EVP_md5(), NULL); | |
255 | + HMAC_Update(hmac_ctx, (void*) &ntlmssp->recv_seq_num, 4); | |
256 | + HMAC_Update(hmac_ctx, msg->data, msg->length); | |
257 | + HMAC_Final(hmac_ctx, digest, NULL); | |
258 | ||
259 | /* RC4-encrypt first 8 bytes of digest */ | |
260 | crypto_rc4(ntlmssp->recv_rc4_seal, 8, digest, checksum); | |
261 | @@ -1252,6 +1253,8 @@ int ntlmssp_decrypt_message(NTLMSSP* ntl | |
262 | memcpy(&expected_signature[4], (void*) checksum, 8); | |
263 | memcpy(&expected_signature[12], (void*) &(ntlmssp->recv_seq_num), 4); | |
264 | ||
265 | + HMAC_CTX_free(hmac_ctx); | |
266 | + | |
267 | if (memcmp(signature, expected_signature, 16) != 0) | |
268 | { | |
269 | /* signature verification failed! */ | |
270 | @@ -1259,8 +1262,6 @@ int ntlmssp_decrypt_message(NTLMSSP* ntl | |
271 | return 0; | |
272 | } | |
273 | ||
274 | - HMAC_CTX_cleanup(&hmac_ctx); | |
275 | - | |
276 | ntlmssp->recv_seq_num++; | |
277 | return 1; | |
278 | } | |
279 | --- freerdp-1.0.2/libfreerdp-core/certificate.c.orig 2013-01-02 22:46:59.000000000 +0100 | |
280 | +++ freerdp-1.0.2/libfreerdp-core/certificate.c 2023-02-14 16:04:32.955151464 +0100 | |
281 | @@ -525,21 +525,21 @@ rdpKey* key_new(const char* keyfile) | |
282 | return NULL; | |
283 | } | |
284 | ||
285 | - if (BN_num_bytes(rsa->e) > 4) | |
286 | + if (BN_num_bytes(RSA_get0_e(rsa)) > 4) | |
287 | { | |
288 | RSA_free(rsa); | |
289 | printf("RSA public exponent too large in %s", keyfile); | |
290 | return NULL; | |
291 | } | |
292 | ||
293 | - freerdp_blob_alloc(&key->modulus, BN_num_bytes(rsa->n)); | |
294 | - BN_bn2bin(rsa->n, key->modulus.data); | |
295 | + freerdp_blob_alloc(&key->modulus, BN_num_bytes(RSA_get0_n(rsa))); | |
296 | + BN_bn2bin(RSA_get0_n(rsa), key->modulus.data); | |
297 | crypto_reverse(key->modulus.data, key->modulus.length); | |
298 | - freerdp_blob_alloc(&key->private_exponent, BN_num_bytes(rsa->d)); | |
299 | - BN_bn2bin(rsa->d, key->private_exponent.data); | |
300 | + freerdp_blob_alloc(&key->private_exponent, BN_num_bytes(RSA_get0_d(rsa))); | |
301 | + BN_bn2bin(RSA_get0_d(rsa), key->private_exponent.data); | |
302 | crypto_reverse(key->private_exponent.data, key->private_exponent.length); | |
303 | memset(key->exponent, 0, sizeof(key->exponent)); | |
304 | - BN_bn2bin(rsa->e, key->exponent + sizeof(key->exponent) - BN_num_bytes(rsa->e)); | |
305 | + BN_bn2bin(RSA_get0_e(rsa), key->exponent + sizeof(key->exponent) - BN_num_bytes(RSA_get0_e(rsa))); | |
306 | crypto_reverse(key->exponent, sizeof(key->exponent)); | |
307 | ||
308 | RSA_free(rsa); |