--- freerdp-1.0.2/libfreerdp-core/crypto.h.orig 2013-01-02 22:46:59.000000000 +0100 +++ freerdp-1.0.2/libfreerdp-core/crypto.h 2023-02-14 16:04:15.755244644 +0100 @@ -64,12 +64,12 @@ struct crypto_rc4_struct struct crypto_des3_struct { - EVP_CIPHER_CTX des3_ctx; + EVP_CIPHER_CTX * des3_ctx; }; struct crypto_hmac_struct { - HMAC_CTX hmac_ctx; + HMAC_CTX * hmac_ctx; }; struct crypto_cert_struct --- freerdp-1.0.2/libfreerdp-core/crypto.c.orig 2013-01-02 22:46:59.000000000 +0100 +++ freerdp-1.0.2/libfreerdp-core/crypto.c 2023-02-14 16:04:27.131849678 +0100 @@ -75,31 +75,31 @@ void crypto_rc4_free(CryptoRc4 rc4) CryptoDes3 crypto_des3_encrypt_init(const uint8* key, const uint8* ivec) { CryptoDes3 des3 = xmalloc(sizeof(*des3)); - EVP_CIPHER_CTX_init(&des3->des3_ctx); - EVP_EncryptInit_ex(&des3->des3_ctx, EVP_des_ede3_cbc(), NULL, key, ivec); - EVP_CIPHER_CTX_set_padding(&des3->des3_ctx, 0); + des3->des3_ctx = EVP_CIPHER_CTX_new(); + EVP_EncryptInit_ex(des3->des3_ctx, EVP_des_ede3_cbc(), NULL, key, ivec); + EVP_CIPHER_CTX_set_padding(des3->des3_ctx, 0); return des3; } CryptoDes3 crypto_des3_decrypt_init(const uint8* key, const uint8* ivec) { CryptoDes3 des3 = xmalloc(sizeof(*des3)); - EVP_CIPHER_CTX_init(&des3->des3_ctx); - EVP_DecryptInit_ex(&des3->des3_ctx, EVP_des_ede3_cbc(), NULL, key, ivec); - EVP_CIPHER_CTX_set_padding(&des3->des3_ctx, 0); + des3->des3_ctx = EVP_CIPHER_CTX_new(); + EVP_DecryptInit_ex(des3->des3_ctx, EVP_des_ede3_cbc(), NULL, key, ivec); + EVP_CIPHER_CTX_set_padding(des3->des3_ctx, 0); return des3; } void crypto_des3_encrypt(CryptoDes3 des3, uint32 length, const uint8* in_data, uint8* out_data) { int len; - EVP_EncryptUpdate(&des3->des3_ctx, out_data, &len, in_data, length); + EVP_EncryptUpdate(des3->des3_ctx, out_data, &len, in_data, length); } void crypto_des3_decrypt(CryptoDes3 des3, uint32 length, const uint8* in_data, uint8* out_data) { int len; - EVP_DecryptUpdate(&des3->des3_ctx, out_data, &len, in_data, length); + EVP_DecryptUpdate(des3->des3_ctx, out_data, &len, in_data, length); if (length != len) abort(); /* TODO */ @@ -109,37 +109,37 @@ void crypto_des3_free(CryptoDes3 des3) { if (des3 == NULL) return; - EVP_CIPHER_CTX_cleanup(&des3->des3_ctx); + EVP_CIPHER_CTX_free(des3->des3_ctx); xfree(des3); } CryptoHmac crypto_hmac_new(void) { CryptoHmac hmac = xmalloc(sizeof(*hmac)); - HMAC_CTX_init(&hmac->hmac_ctx); + hmac->hmac_ctx = HMAC_CTX_new(); return hmac; } void crypto_hmac_sha1_init(CryptoHmac hmac, const uint8* data, uint32 length) { - HMAC_Init_ex(&hmac->hmac_ctx, data, length, EVP_sha1(), NULL); + HMAC_Init_ex(hmac->hmac_ctx, data, length, EVP_sha1(), NULL); } void crypto_hmac_update(CryptoHmac hmac, const uint8* data, uint32 length) { - HMAC_Update(&hmac->hmac_ctx, data, length); + HMAC_Update(hmac->hmac_ctx, data, length); } void crypto_hmac_final(CryptoHmac hmac, uint8* out_data, uint32 length) { - HMAC_Final(&hmac->hmac_ctx, out_data, &length); + HMAC_Final(hmac->hmac_ctx, out_data, &length); } void crypto_hmac_free(CryptoHmac hmac) { if (hmac == NULL) return; - HMAC_CTX_cleanup(&hmac->hmac_ctx); + HMAC_CTX_free(hmac->hmac_ctx); xfree(hmac); } @@ -236,7 +236,7 @@ static void crypto_rsa_common(const uint uint8* input_reverse; uint8* modulus_reverse; uint8* exponent_reverse; - BIGNUM mod, exp, x, y; + BIGNUM *mod, *exp, *x, *y; input_reverse = (uint8*) xmalloc(2 * key_length + exponent_size); modulus_reverse = input_reverse + key_length; @@ -250,26 +250,26 @@ static void crypto_rsa_common(const uint crypto_reverse(input_reverse, length); ctx = BN_CTX_new(); - BN_init(&mod); - BN_init(&exp); - BN_init(&x); - BN_init(&y); - - BN_bin2bn(modulus_reverse, key_length, &mod); - BN_bin2bn(exponent_reverse, exponent_size, &exp); - BN_bin2bn(input_reverse, length, &x); - BN_mod_exp(&y, &x, &exp, &mod, ctx); + mod = BN_new(); + exp = BN_new(); + x = BN_new(); + y = BN_new(); + + BN_bin2bn(modulus_reverse, key_length, mod); + BN_bin2bn(exponent_reverse, exponent_size, exp); + BN_bin2bn(input_reverse, length, x); + BN_mod_exp(y, x, &exp, &mod, ctx); - output_length = BN_bn2bin(&y, output); + output_length = BN_bn2bin(y, output); crypto_reverse(output, output_length); if (output_length < (int) key_length) memset(output + output_length, 0, key_length - output_length); - BN_free(&y); - BN_clear_free(&x); - BN_free(&exp); - BN_free(&mod); + BN_free(y); + BN_clear_free(x); + BN_free(exp); + BN_free(mod); BN_CTX_free(ctx); xfree(input_reverse); } --- freerdp-1.0.2/libfreerdp-core/ntlmssp.c.orig 2013-01-02 22:46:59.000000000 +0100 +++ freerdp-1.0.2/libfreerdp-core/ntlmssp.c 2023-02-14 16:04:30.035167283 +0100 @@ -456,7 +456,7 @@ void ntlmssp_compute_lm_hash(char* passw char text[14]; char des_key1[8]; char des_key2[8]; - des_key_schedule ks; + DES_key_schedule ks; /* LM("password") = E52CAC67419A9A224A3B108F3FA6CB6D */ @@ -530,7 +530,7 @@ void ntlmssp_compute_lm_response(char* p char des_key1[8]; char des_key2[8]; char des_key3[8]; - des_key_schedule ks; + DES_key_schedule ks; /* A LM hash is 16-bytes long, but the LM response uses a LM hash null-padded to 21 bytes */ memset(hash, '\0', 21); @@ -1154,19 +1154,20 @@ static void ntlmssp_output_version(STREA void ntlmssp_compute_message_integrity_check(NTLMSSP* ntlmssp) { - HMAC_CTX hmac_ctx; + HMAC_CTX *hmac_ctx; /* * Compute the HMAC-MD5 hash of ConcatenationOf(NEGOTIATE_MESSAGE, * CHALLENGE_MESSAGE, AUTHENTICATE_MESSAGE) using the ExportedSessionKey */ - HMAC_CTX_init(&hmac_ctx); - HMAC_Init_ex(&hmac_ctx, ntlmssp->exported_session_key, 16, EVP_md5(), NULL); - HMAC_Update(&hmac_ctx, ntlmssp->negotiate_message.data, ntlmssp->negotiate_message.length); - HMAC_Update(&hmac_ctx, ntlmssp->challenge_message.data, ntlmssp->challenge_message.length); - HMAC_Update(&hmac_ctx, ntlmssp->authenticate_message.data, ntlmssp->authenticate_message.length); - HMAC_Final(&hmac_ctx, ntlmssp->message_integrity_check, NULL); + hmac_ctx = HMAC_CTX_new(); + HMAC_Init_ex(hmac_ctx, ntlmssp->exported_session_key, 16, EVP_md5(), NULL); + HMAC_Update(hmac_ctx, ntlmssp->negotiate_message.data, ntlmssp->negotiate_message.length); + HMAC_Update(hmac_ctx, ntlmssp->challenge_message.data, ntlmssp->challenge_message.length); + HMAC_Update(hmac_ctx, ntlmssp->authenticate_message.data, ntlmssp->authenticate_message.length); + HMAC_Final(hmac_ctx, ntlmssp->message_integrity_check, NULL); + HMAC_CTX_free(hmac_ctx); } /** @@ -1181,17 +1182,17 @@ void ntlmssp_compute_message_integrity_c void ntlmssp_encrypt_message(NTLMSSP* ntlmssp, rdpBlob* msg, rdpBlob* encrypted_msg, uint8* signature) { - HMAC_CTX hmac_ctx; + HMAC_CTX *hmac_ctx; uint8 digest[16]; uint8 checksum[8]; uint32 version = 1; /* Compute the HMAC-MD5 hash of ConcatenationOf(seq_num,msg) using the client signing key */ - HMAC_CTX_init(&hmac_ctx); - HMAC_Init_ex(&hmac_ctx, ntlmssp->client_signing_key, 16, EVP_md5(), NULL); - HMAC_Update(&hmac_ctx, (void*) &ntlmssp->send_seq_num, 4); - HMAC_Update(&hmac_ctx, msg->data, msg->length); - HMAC_Final(&hmac_ctx, digest, NULL); + hmac_ctx = HMAC_CTX_new(); + HMAC_Init_ex(hmac_ctx, ntlmssp->client_signing_key, 16, EVP_md5(), NULL); + HMAC_Update(hmac_ctx, (void*) &ntlmssp->send_seq_num, 4); + HMAC_Update(hmac_ctx, msg->data, msg->length); + HMAC_Final(hmac_ctx, digest, NULL); /* Allocate space for encrypted message */ freerdp_blob_alloc(encrypted_msg, msg->length); @@ -1207,7 +1208,7 @@ void ntlmssp_encrypt_message(NTLMSSP* nt memcpy(&signature[4], (void*) checksum, 8); memcpy(&signature[12], (void*) &(ntlmssp->send_seq_num), 4); - HMAC_CTX_cleanup(&hmac_ctx); + HMAC_CTX_free(hmac_ctx); ntlmssp->send_seq_num++; } @@ -1225,7 +1226,7 @@ void ntlmssp_encrypt_message(NTLMSSP* nt int ntlmssp_decrypt_message(NTLMSSP* ntlmssp, rdpBlob* encrypted_msg, rdpBlob* msg, uint8* signature) { - HMAC_CTX hmac_ctx; + HMAC_CTX *hmac_ctx; uint8 digest[16]; uint8 checksum[8]; uint32 version = 1; @@ -1238,11 +1239,11 @@ int ntlmssp_decrypt_message(NTLMSSP* ntl crypto_rc4(ntlmssp->recv_rc4_seal, encrypted_msg->length, encrypted_msg->data, msg->data); /* Compute the HMAC-MD5 hash of ConcatenationOf(seq_num,msg) using the client signing key */ - HMAC_CTX_init(&hmac_ctx); - HMAC_Init_ex(&hmac_ctx, ntlmssp->server_signing_key, 16, EVP_md5(), NULL); - HMAC_Update(&hmac_ctx, (void*) &ntlmssp->recv_seq_num, 4); - HMAC_Update(&hmac_ctx, msg->data, msg->length); - HMAC_Final(&hmac_ctx, digest, NULL); + hmac_ctx = HMAC_CTX_new(); + HMAC_Init_ex(hmac_ctx, ntlmssp->server_signing_key, 16, EVP_md5(), NULL); + HMAC_Update(hmac_ctx, (void*) &ntlmssp->recv_seq_num, 4); + HMAC_Update(hmac_ctx, msg->data, msg->length); + HMAC_Final(hmac_ctx, digest, NULL); /* RC4-encrypt first 8 bytes of digest */ crypto_rc4(ntlmssp->recv_rc4_seal, 8, digest, checksum); @@ -1252,6 +1253,8 @@ int ntlmssp_decrypt_message(NTLMSSP* ntl memcpy(&expected_signature[4], (void*) checksum, 8); memcpy(&expected_signature[12], (void*) &(ntlmssp->recv_seq_num), 4); + HMAC_CTX_free(hmac_ctx); + if (memcmp(signature, expected_signature, 16) != 0) { /* signature verification failed! */ @@ -1259,8 +1262,6 @@ int ntlmssp_decrypt_message(NTLMSSP* ntl return 0; } - HMAC_CTX_cleanup(&hmac_ctx); - ntlmssp->recv_seq_num++; return 1; } --- freerdp-1.0.2/libfreerdp-core/certificate.c.orig 2013-01-02 22:46:59.000000000 +0100 +++ freerdp-1.0.2/libfreerdp-core/certificate.c 2023-02-14 16:04:32.955151464 +0100 @@ -525,21 +525,21 @@ rdpKey* key_new(const char* keyfile) return NULL; } - if (BN_num_bytes(rsa->e) > 4) + if (BN_num_bytes(RSA_get0_e(rsa)) > 4) { RSA_free(rsa); printf("RSA public exponent too large in %s", keyfile); return NULL; } - freerdp_blob_alloc(&key->modulus, BN_num_bytes(rsa->n)); - BN_bn2bin(rsa->n, key->modulus.data); + freerdp_blob_alloc(&key->modulus, BN_num_bytes(RSA_get0_n(rsa))); + BN_bn2bin(RSA_get0_n(rsa), key->modulus.data); crypto_reverse(key->modulus.data, key->modulus.length); - freerdp_blob_alloc(&key->private_exponent, BN_num_bytes(rsa->d)); - BN_bn2bin(rsa->d, key->private_exponent.data); + freerdp_blob_alloc(&key->private_exponent, BN_num_bytes(RSA_get0_d(rsa))); + BN_bn2bin(RSA_get0_d(rsa), key->private_exponent.data); crypto_reverse(key->private_exponent.data, key->private_exponent.length); memset(key->exponent, 0, sizeof(key->exponent)); - BN_bn2bin(rsa->e, key->exponent + sizeof(key->exponent) - BN_num_bytes(rsa->e)); + BN_bn2bin(RSA_get0_e(rsa), key->exponent + sizeof(key->exponent) - BN_num_bytes(RSA_get0_e(rsa))); crypto_reverse(key->exponent, sizeof(key->exponent)); RSA_free(rsa);