1 From bd6aa6acddf0ba640a49834807872f4cc0d0a773 Mon Sep 17 00:00:00 2001
2 From: Jani Hakala <jjhakala@gmail.com>
3 Date: Thu, 16 Jun 2016 14:28:15 +0300
4 Subject: [PATCH] Fix OpenSSL 1.1 compability issues
6 Some data types have been made opaque in OpenSSL version 1.1 so
7 stack allocation and accessing struct fields directly does not work.
9 ssl.c | 65 ++++++++++++++++++++++++++++++++++++-----------------------
10 1 file changed, 40 insertions(+), 25 deletions(-)
12 diff --git a/ssl.c b/ssl.c
13 index 48751255..032e9b9e 100644
16 @@ -88,7 +88,7 @@ rdssl_rsa_encrypt(uint8 * out, uint8 * in, int len, uint32 modulus_size, uint8 *
20 - BIGNUM mod, exp, x, y;
21 + BIGNUM *mod, *exp, *x, *y;
22 uint8 inr[SEC_MAX_MODULUS_SIZE];
25 @@ -98,24 +98,24 @@ rdssl_rsa_encrypt(uint8 * out, uint8 * in, int len, uint32 modulus_size, uint8 *
34 - BN_bin2bn(modulus, modulus_size, &mod);
35 - BN_bin2bn(exponent, SEC_EXPONENT_SIZE, &exp);
36 - BN_bin2bn(inr, len, &x);
37 - BN_mod_exp(&y, &x, &exp, &mod, ctx);
38 - outlen = BN_bn2bin(&y, out);
44 + BN_bin2bn(modulus, modulus_size, mod);
45 + BN_bin2bn(exponent, SEC_EXPONENT_SIZE, exp);
46 + BN_bin2bn(inr, len, x);
47 + BN_mod_exp(y, x, exp, mod, ctx);
48 + outlen = BN_bn2bin(y, out);
50 if (outlen < (int) modulus_size)
51 memset(out + outlen, 0, modulus_size - outlen);
64 @@ -146,12 +146,20 @@ rdssl_cert_to_rkey(RDSSL_CERT * cert, uint32 * key_len)
66 Kudos to Richard Levitte for the following (. intiutive .)
67 lines of code that resets the OID and let's us extract the key. */
68 - nid = OBJ_obj2nid(cert->cert_info->key->algor->algorithm);
70 + X509_PUBKEY *key = NULL;
71 + X509_ALGOR *algor = NULL;
73 + key = X509_get_X509_PUBKEY(cert);
74 + algor = X509_PUBKEY_get0_param(NULL, NULL, 0, &algor, key);
76 + nid = OBJ_obj2nid(algor->algorithm);
78 if ((nid == NID_md5WithRSAEncryption) || (nid == NID_shaWithRSAEncryption))
80 DEBUG_RDP5(("Re-setting algorithm type to RSA in server certificate\n"));
81 - ASN1_OBJECT_free(cert->cert_info->key->algor->algorithm);
82 - cert->cert_info->key->algor->algorithm = OBJ_nid2obj(NID_rsaEncryption);
83 + X509_PUBKEY_set0_param(key, OBJ_nid2obj(NID_rsaEncryption),
86 epk = X509_get_pubkey(cert);
88 @@ -201,14 +209,24 @@ rdssl_rkey_get_exp_mod(RDSSL_RKEY * rkey, uint8 * exponent, uint32 max_exp_len,
92 - if ((BN_num_bytes(rkey->e) > (int) max_exp_len) ||
93 - (BN_num_bytes(rkey->n) > (int) max_mod_len))
97 +#if OPENSSL_VERSION_NUMBER < 0x10100000L
101 + RSA_get0_key(rkey, &e, &n, NULL);
104 + if ((BN_num_bytes(e) > (int) max_exp_len) ||
105 + (BN_num_bytes(n) > (int) max_mod_len))
109 - len = BN_bn2bin(rkey->e, exponent);
110 + len = BN_bn2bin(e, exponent);
111 reverse(exponent, len);
112 - len = BN_bn2bin(rkey->n, modulus);
113 + len = BN_bn2bin(n, modulus);
114 reverse(modulus, len);
117 @@ -229,8 +247,5 @@ void
118 rdssl_hmac_md5(const void *key, int key_len, const unsigned char *msg, int msg_len,
122 - HMAC_CTX_init(&ctx);
123 HMAC(EVP_md5(), key, key_len, msg, msg_len, md, NULL);
124 - HMAC_CTX_cleanup(&ctx);