1 --- freerdp-1.0.2/libfreerdp-core/crypto.h.orig 2013-01-02 22:46:59.000000000 +0100
2 +++ freerdp-1.0.2/libfreerdp-core/crypto.h 2023-02-14 16:04:15.755244644 +0100
3 @@ -64,12 +64,12 @@ struct crypto_rc4_struct
5 struct crypto_des3_struct
7 - EVP_CIPHER_CTX des3_ctx;
8 + EVP_CIPHER_CTX * des3_ctx;
11 struct crypto_hmac_struct
14 + HMAC_CTX * hmac_ctx;
17 struct crypto_cert_struct
18 --- freerdp-1.0.2/libfreerdp-core/crypto.c.orig 2013-01-02 22:46:59.000000000 +0100
19 +++ freerdp-1.0.2/libfreerdp-core/crypto.c 2023-02-14 16:04:27.131849678 +0100
20 @@ -75,31 +75,31 @@ void crypto_rc4_free(CryptoRc4 rc4)
21 CryptoDes3 crypto_des3_encrypt_init(const uint8* key, const uint8* ivec)
23 CryptoDes3 des3 = xmalloc(sizeof(*des3));
24 - EVP_CIPHER_CTX_init(&des3->des3_ctx);
25 - EVP_EncryptInit_ex(&des3->des3_ctx, EVP_des_ede3_cbc(), NULL, key, ivec);
26 - EVP_CIPHER_CTX_set_padding(&des3->des3_ctx, 0);
27 + des3->des3_ctx = EVP_CIPHER_CTX_new();
28 + EVP_EncryptInit_ex(des3->des3_ctx, EVP_des_ede3_cbc(), NULL, key, ivec);
29 + EVP_CIPHER_CTX_set_padding(des3->des3_ctx, 0);
33 CryptoDes3 crypto_des3_decrypt_init(const uint8* key, const uint8* ivec)
35 CryptoDes3 des3 = xmalloc(sizeof(*des3));
36 - EVP_CIPHER_CTX_init(&des3->des3_ctx);
37 - EVP_DecryptInit_ex(&des3->des3_ctx, EVP_des_ede3_cbc(), NULL, key, ivec);
38 - EVP_CIPHER_CTX_set_padding(&des3->des3_ctx, 0);
39 + des3->des3_ctx = EVP_CIPHER_CTX_new();
40 + EVP_DecryptInit_ex(des3->des3_ctx, EVP_des_ede3_cbc(), NULL, key, ivec);
41 + EVP_CIPHER_CTX_set_padding(des3->des3_ctx, 0);
45 void crypto_des3_encrypt(CryptoDes3 des3, uint32 length, const uint8* in_data, uint8* out_data)
48 - EVP_EncryptUpdate(&des3->des3_ctx, out_data, &len, in_data, length);
49 + EVP_EncryptUpdate(des3->des3_ctx, out_data, &len, in_data, length);
52 void crypto_des3_decrypt(CryptoDes3 des3, uint32 length, const uint8* in_data, uint8* out_data)
55 - EVP_DecryptUpdate(&des3->des3_ctx, out_data, &len, in_data, length);
56 + EVP_DecryptUpdate(des3->des3_ctx, out_data, &len, in_data, length);
60 @@ -109,37 +109,37 @@ void crypto_des3_free(CryptoDes3 des3)
64 - EVP_CIPHER_CTX_cleanup(&des3->des3_ctx);
65 + EVP_CIPHER_CTX_free(des3->des3_ctx);
69 CryptoHmac crypto_hmac_new(void)
71 CryptoHmac hmac = xmalloc(sizeof(*hmac));
72 - HMAC_CTX_init(&hmac->hmac_ctx);
73 + hmac->hmac_ctx = HMAC_CTX_new();
77 void crypto_hmac_sha1_init(CryptoHmac hmac, const uint8* data, uint32 length)
79 - HMAC_Init_ex(&hmac->hmac_ctx, data, length, EVP_sha1(), NULL);
80 + HMAC_Init_ex(hmac->hmac_ctx, data, length, EVP_sha1(), NULL);
83 void crypto_hmac_update(CryptoHmac hmac, const uint8* data, uint32 length)
85 - HMAC_Update(&hmac->hmac_ctx, data, length);
86 + HMAC_Update(hmac->hmac_ctx, data, length);
89 void crypto_hmac_final(CryptoHmac hmac, uint8* out_data, uint32 length)
91 - HMAC_Final(&hmac->hmac_ctx, out_data, &length);
92 + HMAC_Final(hmac->hmac_ctx, out_data, &length);
95 void crypto_hmac_free(CryptoHmac hmac)
99 - HMAC_CTX_cleanup(&hmac->hmac_ctx);
100 + HMAC_CTX_free(hmac->hmac_ctx);
104 @@ -236,7 +236,7 @@ static void crypto_rsa_common(const uint
105 uint8* input_reverse;
106 uint8* modulus_reverse;
107 uint8* exponent_reverse;
108 - BIGNUM mod, exp, x, y;
109 + BIGNUM *mod, *exp, *x, *y;
111 input_reverse = (uint8*) xmalloc(2 * key_length + exponent_size);
112 modulus_reverse = input_reverse + key_length;
113 @@ -250,26 +250,26 @@ static void crypto_rsa_common(const uint
114 crypto_reverse(input_reverse, length);
122 - BN_bin2bn(modulus_reverse, key_length, &mod);
123 - BN_bin2bn(exponent_reverse, exponent_size, &exp);
124 - BN_bin2bn(input_reverse, length, &x);
125 - BN_mod_exp(&y, &x, &exp, &mod, ctx);
131 + BN_bin2bn(modulus_reverse, key_length, mod);
132 + BN_bin2bn(exponent_reverse, exponent_size, exp);
133 + BN_bin2bn(input_reverse, length, x);
134 + BN_mod_exp(y, x, &exp, &mod, ctx);
136 - output_length = BN_bn2bin(&y, output);
137 + output_length = BN_bn2bin(y, output);
138 crypto_reverse(output, output_length);
140 if (output_length < (int) key_length)
141 memset(output + output_length, 0, key_length - output_length);
152 xfree(input_reverse);
154 --- freerdp-1.0.2/libfreerdp-core/ntlmssp.c.orig 2013-01-02 22:46:59.000000000 +0100
155 +++ freerdp-1.0.2/libfreerdp-core/ntlmssp.c 2023-02-14 16:04:30.035167283 +0100
156 @@ -456,7 +456,7 @@ void ntlmssp_compute_lm_hash(char* passw
160 - des_key_schedule ks;
161 + DES_key_schedule ks;
163 /* LM("password") = E52CAC67419A9A224A3B108F3FA6CB6D */
165 @@ -530,7 +530,7 @@ void ntlmssp_compute_lm_response(char* p
169 - des_key_schedule ks;
170 + DES_key_schedule ks;
172 /* A LM hash is 16-bytes long, but the LM response uses a LM hash null-padded to 21 bytes */
173 memset(hash, '\0', 21);
174 @@ -1154,19 +1154,20 @@ static void ntlmssp_output_version(STREA
176 void ntlmssp_compute_message_integrity_check(NTLMSSP* ntlmssp)
179 + HMAC_CTX *hmac_ctx;
182 * Compute the HMAC-MD5 hash of ConcatenationOf(NEGOTIATE_MESSAGE,
183 * CHALLENGE_MESSAGE, AUTHENTICATE_MESSAGE) using the ExportedSessionKey
186 - HMAC_CTX_init(&hmac_ctx);
187 - HMAC_Init_ex(&hmac_ctx, ntlmssp->exported_session_key, 16, EVP_md5(), NULL);
188 - HMAC_Update(&hmac_ctx, ntlmssp->negotiate_message.data, ntlmssp->negotiate_message.length);
189 - HMAC_Update(&hmac_ctx, ntlmssp->challenge_message.data, ntlmssp->challenge_message.length);
190 - HMAC_Update(&hmac_ctx, ntlmssp->authenticate_message.data, ntlmssp->authenticate_message.length);
191 - HMAC_Final(&hmac_ctx, ntlmssp->message_integrity_check, NULL);
192 + hmac_ctx = HMAC_CTX_new();
193 + HMAC_Init_ex(hmac_ctx, ntlmssp->exported_session_key, 16, EVP_md5(), NULL);
194 + HMAC_Update(hmac_ctx, ntlmssp->negotiate_message.data, ntlmssp->negotiate_message.length);
195 + HMAC_Update(hmac_ctx, ntlmssp->challenge_message.data, ntlmssp->challenge_message.length);
196 + HMAC_Update(hmac_ctx, ntlmssp->authenticate_message.data, ntlmssp->authenticate_message.length);
197 + HMAC_Final(hmac_ctx, ntlmssp->message_integrity_check, NULL);
198 + HMAC_CTX_free(hmac_ctx);
202 @@ -1181,17 +1182,17 @@ void ntlmssp_compute_message_integrity_c
204 void ntlmssp_encrypt_message(NTLMSSP* ntlmssp, rdpBlob* msg, rdpBlob* encrypted_msg, uint8* signature)
207 + HMAC_CTX *hmac_ctx;
212 /* Compute the HMAC-MD5 hash of ConcatenationOf(seq_num,msg) using the client signing key */
213 - HMAC_CTX_init(&hmac_ctx);
214 - HMAC_Init_ex(&hmac_ctx, ntlmssp->client_signing_key, 16, EVP_md5(), NULL);
215 - HMAC_Update(&hmac_ctx, (void*) &ntlmssp->send_seq_num, 4);
216 - HMAC_Update(&hmac_ctx, msg->data, msg->length);
217 - HMAC_Final(&hmac_ctx, digest, NULL);
218 + hmac_ctx = HMAC_CTX_new();
219 + HMAC_Init_ex(hmac_ctx, ntlmssp->client_signing_key, 16, EVP_md5(), NULL);
220 + HMAC_Update(hmac_ctx, (void*) &ntlmssp->send_seq_num, 4);
221 + HMAC_Update(hmac_ctx, msg->data, msg->length);
222 + HMAC_Final(hmac_ctx, digest, NULL);
224 /* Allocate space for encrypted message */
225 freerdp_blob_alloc(encrypted_msg, msg->length);
226 @@ -1207,7 +1208,7 @@ void ntlmssp_encrypt_message(NTLMSSP* nt
227 memcpy(&signature[4], (void*) checksum, 8);
228 memcpy(&signature[12], (void*) &(ntlmssp->send_seq_num), 4);
230 - HMAC_CTX_cleanup(&hmac_ctx);
231 + HMAC_CTX_free(hmac_ctx);
233 ntlmssp->send_seq_num++;
235 @@ -1225,7 +1226,7 @@ void ntlmssp_encrypt_message(NTLMSSP* nt
237 int ntlmssp_decrypt_message(NTLMSSP* ntlmssp, rdpBlob* encrypted_msg, rdpBlob* msg, uint8* signature)
240 + HMAC_CTX *hmac_ctx;
244 @@ -1238,11 +1239,11 @@ int ntlmssp_decrypt_message(NTLMSSP* ntl
245 crypto_rc4(ntlmssp->recv_rc4_seal, encrypted_msg->length, encrypted_msg->data, msg->data);
247 /* Compute the HMAC-MD5 hash of ConcatenationOf(seq_num,msg) using the client signing key */
248 - HMAC_CTX_init(&hmac_ctx);
249 - HMAC_Init_ex(&hmac_ctx, ntlmssp->server_signing_key, 16, EVP_md5(), NULL);
250 - HMAC_Update(&hmac_ctx, (void*) &ntlmssp->recv_seq_num, 4);
251 - HMAC_Update(&hmac_ctx, msg->data, msg->length);
252 - HMAC_Final(&hmac_ctx, digest, NULL);
253 + hmac_ctx = HMAC_CTX_new();
254 + HMAC_Init_ex(hmac_ctx, ntlmssp->server_signing_key, 16, EVP_md5(), NULL);
255 + HMAC_Update(hmac_ctx, (void*) &ntlmssp->recv_seq_num, 4);
256 + HMAC_Update(hmac_ctx, msg->data, msg->length);
257 + HMAC_Final(hmac_ctx, digest, NULL);
259 /* RC4-encrypt first 8 bytes of digest */
260 crypto_rc4(ntlmssp->recv_rc4_seal, 8, digest, checksum);
261 @@ -1252,6 +1253,8 @@ int ntlmssp_decrypt_message(NTLMSSP* ntl
262 memcpy(&expected_signature[4], (void*) checksum, 8);
263 memcpy(&expected_signature[12], (void*) &(ntlmssp->recv_seq_num), 4);
265 + HMAC_CTX_free(hmac_ctx);
267 if (memcmp(signature, expected_signature, 16) != 0)
269 /* signature verification failed! */
270 @@ -1259,8 +1262,6 @@ int ntlmssp_decrypt_message(NTLMSSP* ntl
274 - HMAC_CTX_cleanup(&hmac_ctx);
276 ntlmssp->recv_seq_num++;
279 --- freerdp-1.0.2/libfreerdp-core/certificate.c.orig 2013-01-02 22:46:59.000000000 +0100
280 +++ freerdp-1.0.2/libfreerdp-core/certificate.c 2023-02-14 16:04:32.955151464 +0100
281 @@ -525,21 +525,21 @@ rdpKey* key_new(const char* keyfile)
285 - if (BN_num_bytes(rsa->e) > 4)
286 + if (BN_num_bytes(RSA_get0_e(rsa)) > 4)
289 printf("RSA public exponent too large in %s", keyfile);
293 - freerdp_blob_alloc(&key->modulus, BN_num_bytes(rsa->n));
294 - BN_bn2bin(rsa->n, key->modulus.data);
295 + freerdp_blob_alloc(&key->modulus, BN_num_bytes(RSA_get0_n(rsa)));
296 + BN_bn2bin(RSA_get0_n(rsa), key->modulus.data);
297 crypto_reverse(key->modulus.data, key->modulus.length);
298 - freerdp_blob_alloc(&key->private_exponent, BN_num_bytes(rsa->d));
299 - BN_bn2bin(rsa->d, key->private_exponent.data);
300 + freerdp_blob_alloc(&key->private_exponent, BN_num_bytes(RSA_get0_d(rsa)));
301 + BN_bn2bin(RSA_get0_d(rsa), key->private_exponent.data);
302 crypto_reverse(key->private_exponent.data, key->private_exponent.length);
303 memset(key->exponent, 0, sizeof(key->exponent));
304 - BN_bn2bin(rsa->e, key->exponent + sizeof(key->exponent) - BN_num_bytes(rsa->e));
305 + BN_bn2bin(RSA_get0_e(rsa), key->exponent + sizeof(key->exponent) - BN_num_bytes(RSA_get0_e(rsa)));
306 crypto_reverse(key->exponent, sizeof(key->exponent));