]>
Commit | Line | Data |
---|---|---|
cbc7284e AM |
1 | Description: Fix FTBFS with openssl 1.1 |
2 | Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> | |
3 | Bug-Debian: https://bugs.debian.org/828594 | |
4 | Forwarded: https://github.com/openlink/virtuoso-opensource/pull/583 | |
5 | Last-Update: Fri, 17 Aug 2018 14:21:44 +0200 (by Andreas Tille <tille@debian.org>) | |
6 | ||
7 | --- | |
8 | ||
9 | From 823092cccbd8e2ab9bfad6c3d3df791a7ffa76fc Mon Sep 17 00:00:00 2001 | |
10 | From: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> | |
11 | Date: Mon, 5 Sep 2016 10:49:54 +0000 | |
12 | Subject: [PATCH] virtuoso-opensource: build against openssl 1.1.0 | |
13 | ||
14 | Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc> | |
15 | --- | |
16 | libsrc/Dk/Dkernel.c | 6 +- | |
17 | libsrc/Wi/bif_crypto.c | 120 ++++++++++-------- | |
18 | libsrc/Wi/http.c | 2 +- | |
19 | libsrc/Wi/xmlenc.c | 319 +++++++++++++++++++++++++++-------------------- | |
20 | libsrc/Wi/xmlenc.h | 193 ++++++++++++++++++++++++++-- | |
21 | libsrc/Wi/xmlenc_algos.c | 132 +++++++++++--------- | |
22 | libsrc/util/sslengine.c | 6 +- | |
23 | 7 files changed, 524 insertions(+), 254 deletions(-) | |
24 | ||
25 | --- a/libsrc/Wi/bif_crypto.c | |
26 | +++ b/libsrc/Wi/bif_crypto.c | |
27 | @@ -181,21 +181,26 @@ box_hmac (caddr_t box, caddr_t key, int | |
28 | unsigned char temp[EVP_MAX_MD_SIZE]; | |
29 | unsigned int size = 0; | |
30 | caddr_t res = NULL; | |
31 | - HMAC_CTX ctx; | |
32 | + HMAC_CTX *ctx; | |
33 | const EVP_MD *md = EVP_sha1 (); | |
34 | ||
35 | if (alg == 1) | |
36 | md = EVP_ripemd160 (); | |
37 | ||
38 | - HMAC_Init (&ctx, key, box_length (key) - DV_STRINGP (key) ? 1 : 0, md); | |
39 | - box_hmac_1 (box, &ctx); | |
40 | - HMAC_Final (&ctx, temp, &size); | |
41 | + ctx = HMAC_CTX_new(); | |
42 | + if (!ctx) | |
43 | + return res; | |
44 | + | |
45 | + HMAC_Init_ex (ctx, key, box_length (key) - DV_STRINGP (key) ? 1 : 0, md, NULL); | |
46 | + box_hmac_1 (box, ctx); | |
47 | + HMAC_Final (ctx, temp, &size); | |
48 | if (size) | |
49 | { | |
50 | res = dk_alloc_box (size + 1, DV_SHORT_STRING); | |
51 | memcpy (res, temp, size); | |
52 | res[size] = 0; | |
53 | } | |
54 | + HMAC_CTX_free(ctx); | |
55 | return res; | |
56 | } | |
57 | ||
58 | @@ -347,14 +352,12 @@ asn1_parse_to_xml (BIO * bp, unsigned ch | |
59 | { | |
60 | int ii; | |
61 | ||
62 | - opp = op; | |
63 | - ii = d2i_ASN1_BOOLEAN (NULL, (const unsigned char **)&opp, len + hl); | |
64 | - if (ii < 0) | |
65 | + if (len + hl < 1) | |
66 | { | |
67 | if (BIO_write (bp, "Bad boolean\n", 12)) | |
68 | goto end; | |
69 | } | |
70 | - BIO_printf (bp, "%d", ii); | |
71 | + BIO_printf (bp, "%d", p[0]); | |
72 | } | |
73 | else if (tag == V_ASN1_BMPSTRING) | |
74 | { | |
75 | @@ -415,7 +418,7 @@ asn1_parse_to_xml (BIO * bp, unsigned ch | |
76 | } | |
77 | if (os != NULL) | |
78 | { | |
79 | - M_ASN1_OCTET_STRING_free (os); | |
80 | + ASN1_STRING_free (os); | |
81 | os = NULL; | |
82 | } | |
83 | } | |
84 | @@ -448,7 +451,7 @@ asn1_parse_to_xml (BIO * bp, unsigned ch | |
85 | if (BIO_write (bp, "BAD INTEGER", 11) <= 0) | |
86 | goto end; | |
87 | } | |
88 | - M_ASN1_INTEGER_free (bs); | |
89 | + ASN1_STRING_free (bs); | |
90 | } | |
91 | else if (tag == V_ASN1_ENUMERATED) | |
92 | { | |
93 | @@ -479,7 +482,7 @@ asn1_parse_to_xml (BIO * bp, unsigned ch | |
94 | if (BIO_write (bp, "BAD ENUMERATED", 11) <= 0) | |
95 | goto end; | |
96 | } | |
97 | - M_ASN1_ENUMERATED_free (bs); | |
98 | + ASN1_STRING_free (bs); | |
99 | } | |
100 | else if (len > 0 && dump) | |
101 | { | |
102 | @@ -515,7 +518,7 @@ end: | |
103 | if (o != NULL) | |
104 | ASN1_OBJECT_free (o); | |
105 | if (os != NULL) | |
106 | - M_ASN1_OCTET_STRING_free (os); | |
107 | + ASN1_STRING_free (os); | |
108 | *pp = p; | |
109 | return (ret); | |
110 | } | |
111 | @@ -723,7 +726,7 @@ bio_to_strses (BIO * out_bio) | |
112 | int len = BIO_get_mem_data (out_bio, &ptr); | |
113 | int to_read = len, readed = 0; | |
114 | ||
115 | - to_free = ((BUF_MEM *) out_bio->ptr)->data; | |
116 | + to_free = ((BUF_MEM *) BIO_get_data(out_bio))->data; | |
117 | BIO_set_flags (out_bio, BIO_FLAGS_MEM_RDONLY); | |
118 | CATCH_WRITE_FAIL (ses) | |
119 | { | |
120 | @@ -735,7 +738,7 @@ bio_to_strses (BIO * out_bio) | |
121 | } while (to_read > 0); | |
122 | } | |
123 | END_WRITE_FAIL (ses); | |
124 | - ((BUF_MEM *) out_bio->ptr)->data = to_free; | |
125 | + ((BUF_MEM *) BIO_get_data(out_bio))->data = to_free; | |
126 | BIO_clear_flags (out_bio, BIO_FLAGS_MEM_RDONLY); | |
127 | return ses; | |
128 | } | |
129 | @@ -770,7 +773,7 @@ bif_smime_verify (caddr_t * qst, caddr_t | |
130 | if (DV_TYPE_OF (msg) == DV_STRING_SESSION) | |
131 | { | |
132 | in_bio = strses_to_bio ((dk_session_t *) msg); | |
133 | - to_free = ((BUF_MEM *) in_bio->ptr)->data; | |
134 | + to_free = ((BUF_MEM *) BIO_get_data(in_bio))->data; | |
135 | BIO_set_flags (in_bio, BIO_FLAGS_MEM_RDONLY); | |
136 | } | |
137 | else | |
138 | @@ -780,7 +783,7 @@ bif_smime_verify (caddr_t * qst, caddr_t | |
139 | p7 = SMIME_read_PKCS7 (in_bio, &data_bio); | |
140 | if (to_free) | |
141 | { | |
142 | - ((BUF_MEM *) in_bio->ptr)->data = to_free; | |
143 | + ((BUF_MEM *) BIO_get_data(in_bio))->data = to_free; | |
144 | BIO_clear_flags (in_bio, BIO_FLAGS_MEM_RDONLY); | |
145 | } | |
146 | BIO_free (in_bio); | |
147 | @@ -924,16 +927,20 @@ bif_smime_sign (caddr_t * qst, caddr_t * | |
148 | } | |
149 | ||
150 | certs = sk_X509_new_null (); | |
151 | - if (store && store->objs) | |
152 | + | |
153 | + if (store && X509_STORE_get0_objects(store)) | |
154 | { | |
155 | - for (inx = 0; inx < sk_X509_OBJECT_num (store->objs); inx++) | |
156 | + STACK_OF(X509_OBJECT) *store_objs = X509_STORE_get0_objects(store); | |
157 | + | |
158 | + for (inx = 0; inx < sk_X509_OBJECT_num (store_objs); inx++) | |
159 | { | |
160 | - X509_OBJECT *obj = sk_X509_OBJECT_value (store->objs, inx); | |
161 | - if (obj->type == X509_LU_X509) | |
162 | - sk_X509_push (certs, X509_dup (obj->data.x509)); | |
163 | + X509_OBJECT *obj = sk_X509_OBJECT_value (store_objs, inx); | |
164 | + if (X509_OBJECT_get_type(obj) == X509_LU_X509) | |
165 | + sk_X509_push (certs, X509_dup (X509_OBJECT_get0_X509(obj))); | |
166 | } | |
167 | ||
168 | } | |
169 | + | |
170 | if (store) | |
171 | X509_STORE_free (store); | |
172 | in_bio = BIO_new_mem_buf (msg, box_length (msg) - 1); | |
173 | @@ -1005,15 +1012,19 @@ bif_smime_encrypt (caddr_t * qst, caddr_ | |
174 | sqlr_new_error ("42000", "CR006", "No recipient certificates"); | |
175 | ||
176 | certs = sk_X509_new_null (); | |
177 | - if (store && store->objs) | |
178 | + | |
179 | + if (store && X509_STORE_get0_objects(store)) | |
180 | { | |
181 | - for (inx = 0; inx < sk_X509_OBJECT_num (store->objs); inx++) | |
182 | + STACK_OF(X509_OBJECT) *store_objs = X509_STORE_get0_objects(store); | |
183 | + | |
184 | + for (inx = 0; inx < sk_X509_OBJECT_num (store_objs); inx++) | |
185 | { | |
186 | - X509_OBJECT *obj = sk_X509_OBJECT_value (store->objs, inx); | |
187 | - if (obj->type == X509_LU_X509) | |
188 | - sk_X509_push (certs, X509_dup (obj->data.x509)); | |
189 | + X509_OBJECT *obj = sk_X509_OBJECT_value (store_objs, inx); | |
190 | + if (X509_OBJECT_get_type(obj) == X509_LU_X509) | |
191 | + sk_X509_push (certs, X509_dup (X509_OBJECT_get0_X509(obj))); | |
192 | } | |
193 | } | |
194 | + | |
195 | if (store) | |
196 | X509_STORE_free (store); | |
197 | in_bio = BIO_new_mem_buf (msg, box_length (msg) - 1); | |
198 | @@ -1181,7 +1192,7 @@ x509_certificate_verify_cb (int ok, X509 | |
199 | char *opts = (char *) X509_STORE_CTX_get_app_data (ctx); | |
200 | if (!ok && opts) | |
201 | { | |
202 | - switch (ctx->error) | |
203 | + switch (X509_STORE_CTX_get_error(ctx)) | |
204 | { | |
205 | case X509_V_ERR_CERT_HAS_EXPIRED: | |
206 | if (strstr (opts, "expired")) | |
207 | @@ -1287,7 +1298,7 @@ bif_x509_certificate_verify (caddr_t * q | |
208 | if (!i) | |
209 | { | |
210 | const char *err_str; | |
211 | - err_str = X509_verify_cert_error_string (csc->error); | |
212 | + err_str = X509_verify_cert_error_string (X509_STORE_CTX_get_error(csc)); | |
213 | *err_ret = srv_make_new_error ("22023", "CR015", "X509 error: %s", err_str); | |
214 | } | |
215 | ||
216 | @@ -1308,20 +1319,16 @@ err_ret: | |
217 | #define VIRT_CERT_EXT "2.16.840.1.1113.1" | |
218 | ||
219 | static caddr_t | |
220 | -BN_box (BIGNUM * x) | |
221 | +BN_box (const BIGNUM *x) | |
222 | { | |
223 | size_t buf_len, n; | |
224 | caddr_t buf; | |
225 | buf_len = (size_t) BN_num_bytes (x); | |
226 | - if (buf_len <= BN_BYTES) | |
227 | - buf = box_num ((unsigned long) x->d[0]); | |
228 | - else | |
229 | - { | |
230 | - buf = dk_alloc_box (buf_len, DV_BIN); | |
231 | - n = BN_bn2bin (x, (unsigned char *) buf); | |
232 | - if (n != buf_len) | |
233 | - GPF_T; | |
234 | - } | |
235 | + /* did not figure out where buf is free()ed */ | |
236 | + buf = dk_alloc_box (buf_len, DV_BIN); | |
237 | + n = BN_bn2bin (x, (unsigned char *) buf); | |
238 | + if (n != buf_len) | |
239 | + GPF_T; | |
240 | return buf; | |
241 | } | |
242 | ||
243 | @@ -1498,7 +1505,7 @@ bif_get_certificate_info (caddr_t * qst, | |
244 | int i; | |
245 | char tmp[1024]; | |
246 | char *ext_oid = (char *) (BOX_ELEMENTS (args) > 4 ? bif_string_arg (qst, args, 4, "get_certificate_info") : VIRT_CERT_EXT); | |
247 | - STACK_OF (X509_EXTENSION) * exts = cert->cert_info->extensions; | |
248 | + const STACK_OF (X509_EXTENSION) * exts = X509_get0_extensions(cert); | |
249 | for (i = 0; i < sk_X509_EXTENSION_num (exts); i++) | |
250 | { | |
251 | X509_EXTENSION *ex = sk_X509_EXTENSION_value (exts, i); | |
252 | @@ -1510,7 +1517,7 @@ bif_get_certificate_info (caddr_t * qst, | |
253 | char *data_ptr; | |
254 | BIO *mem = BIO_new (BIO_s_mem ()); | |
255 | if (!X509V3_EXT_print (mem, ex, 0, 0)) | |
256 | - M_ASN1_OCTET_STRING_print (mem, ex->value); | |
257 | + ASN1_STRING_print (mem, X509_EXTENSION_get_data(ex)); | |
258 | len = BIO_get_mem_data (mem, &data_ptr); | |
259 | if (len > 0 && data_ptr) | |
260 | { | |
261 | @@ -1537,18 +1544,23 @@ bif_get_certificate_info (caddr_t * qst, | |
262 | if (k) | |
263 | { | |
264 | #ifdef EVP_PKEY_RSA | |
265 | - if (k->type == EVP_PKEY_RSA) | |
266 | + if (EVP_PKEY_id(k) == EVP_PKEY_RSA) | |
267 | { | |
268 | - RSA *x = k->pkey.rsa; | |
269 | - ret = list (3, box_dv_short_string ("RSAPublicKey"), BN_box (x->e), BN_box (x->n)); | |
270 | + const BIGNUM *n, *e; | |
271 | + | |
272 | + RSA_get0_key(EVP_PKEY_get0_RSA(k), &n, &e, NULL); | |
273 | + | |
274 | + ret = list (3, box_dv_short_string ("RSAPublicKey"), BN_box (e), BN_box (n)); | |
275 | } | |
276 | else | |
277 | #endif | |
278 | #ifdef EVP_PKEY_DSA | |
279 | - if (k->type == EVP_PKEY_DSA) | |
280 | + if (EVP_PKEY_id(k) == EVP_PKEY_DSA) | |
281 | { | |
282 | - DSA *x = k->pkey.dsa; | |
283 | - ret = list (2, box_dv_short_string ("DSAPublicKey"), BN_box (x->pub_key)); | |
284 | + const BIGNUM *pub_key; | |
285 | + | |
286 | + DSA_get0_key(EVP_PKEY_get0_DSA(k), &pub_key, NULL); | |
287 | + ret = list (2, box_dv_short_string ("DSAPublicKey"), BN_box (pub_key)); | |
288 | } | |
289 | else | |
290 | #endif | |
291 | @@ -1567,13 +1579,13 @@ bif_get_certificate_info (caddr_t * qst, | |
292 | int n, i, len; | |
293 | char *s, *data_ptr; | |
294 | BIO *mem = BIO_new (BIO_s_mem ()); | |
295 | - for (i = 0; NULL != subj && i < sk_X509_NAME_ENTRY_num(subj->entries); i++) | |
296 | + for (i = 0; NULL != subj && i < X509_NAME_entry_count(subj); i++) | |
297 | { | |
298 | - ne = sk_X509_NAME_ENTRY_value(subj->entries,i); | |
299 | - n = OBJ_obj2nid (ne->object); | |
300 | + ne = X509_NAME_get_entry(subj, i); | |
301 | + n = OBJ_obj2nid (X509_NAME_ENTRY_get_object(ne)); | |
302 | if ((n == NID_undef) || ((s = (char *) OBJ_nid2sn (n)) == NULL)) | |
303 | { | |
304 | - i2t_ASN1_OBJECT (buffer, sizeof (buffer), ne->object); | |
305 | + i2t_ASN1_OBJECT (buffer, sizeof (buffer), X509_NAME_ENTRY_get_object(ne)); | |
306 | s = buffer; | |
307 | } | |
308 | if (!strcmp (s, attr)) | |
309 | @@ -1582,9 +1594,10 @@ bif_get_certificate_info (caddr_t * qst, | |
310 | break; | |
311 | } | |
312 | } | |
313 | + | |
314 | if (ne_ret) | |
315 | { | |
316 | - ASN1_STRING_print (mem, ne_ret->value); | |
317 | + ASN1_STRING_print (mem, X509_NAME_ENTRY_get_data(ne_ret)); | |
318 | len = BIO_get_mem_data (mem, &data_ptr); | |
319 | if (len > 0 && data_ptr) | |
320 | { | |
321 | @@ -1605,17 +1618,17 @@ bif_get_certificate_info (caddr_t * qst, | |
322 | dk_set_t set = NULL; | |
323 | caddr_t val; | |
324 | BIO *mem = BIO_new (BIO_s_mem ()); | |
325 | - for (i = 0; NULL != subj && i < sk_X509_NAME_ENTRY_num(subj->entries); i++) | |
326 | + for (i = 0; NULL != subj && i < X509_NAME_entry_count(subj); i++) | |
327 | { | |
328 | val = NULL; | |
329 | - ne = sk_X509_NAME_ENTRY_value(subj->entries,i); | |
330 | - n = OBJ_obj2nid (ne->object); | |
331 | + ne = X509_NAME_get_entry(subj, i); | |
332 | + n = OBJ_obj2nid (X509_NAME_ENTRY_get_object(ne)); | |
333 | if ((n == NID_undef) || ((s = (char *) OBJ_nid2sn (n)) == NULL)) | |
334 | { | |
335 | - i2t_ASN1_OBJECT (buffer, sizeof (buffer), ne->object); | |
336 | + i2t_ASN1_OBJECT (buffer, sizeof (buffer), X509_NAME_ENTRY_get_object(ne)); | |
337 | s = buffer; | |
338 | } | |
339 | - ASN1_STRING_print (mem, ne->value); | |
340 | + ASN1_STRING_print (mem, X509_NAME_ENTRY_get_data(ne)); | |
341 | len = BIO_get_mem_data (mem, &data_ptr); | |
342 | if (len > 0 && data_ptr) | |
343 | { | |
344 | @@ -1629,18 +1642,22 @@ bif_get_certificate_info (caddr_t * qst, | |
345 | } | |
346 | BIO_free (mem); | |
347 | ret = list_to_array (dk_set_nreverse (set)); | |
348 | + | |
349 | break; | |
350 | } | |
351 | case 12: | |
352 | { | |
353 | const unsigned char *s; | |
354 | int i, n; | |
355 | - const ASN1_STRING *sig = cert->signature; | |
356 | - X509_ALGOR *sigalg = cert->sig_alg; | |
357 | + const ASN1_STRING *sig; | |
358 | + const X509_ALGOR *sigalg; | |
359 | + const ASN1_OBJECT *sig_alg_algorithm; | |
360 | char buf[80]; | |
361 | caddr_t val; | |
362 | ||
363 | - i2t_ASN1_OBJECT(buf,sizeof (buf), sigalg->algorithm); | |
364 | + X509_get0_signature(&sig, &sigalg, cert); | |
365 | + X509_ALGOR_get0(&sig_alg_algorithm, NULL, NULL, sigalg); | |
366 | + i2t_ASN1_OBJECT(buf,sizeof (buf), sig_alg_algorithm); | |
367 | ||
368 | n = sig->length; | |
369 | s = sig->data; | |
370 | @@ -1660,11 +1677,11 @@ bif_get_certificate_info (caddr_t * qst, | |
371 | if (k) | |
372 | { | |
373 | #ifdef EVP_PKEY_RSA | |
374 | - if (k->type == EVP_PKEY_RSA) | |
375 | + if (EVP_PKEY_id(k) == EVP_PKEY_RSA) | |
376 | { | |
377 | char *data_ptr; | |
378 | int len; | |
379 | - RSA *x = k->pkey.rsa; | |
380 | + RSA *x = EVP_PKEY_get0_RSA(k); | |
381 | b = BIO_new (BIO_s_mem()); | |
382 | i2d_RSA_PUBKEY_bio (b, x); | |
383 | len = BIO_get_mem_data (b, &data_ptr); | |
384 | --- a/libsrc/Wi/xmlenc.c | |
385 | +++ b/libsrc/Wi/xmlenc.c | |
386 | @@ -1215,36 +1215,45 @@ void xenc_key_remove (xenc_key_t * key, | |
387 | } | |
388 | ||
389 | ||
390 | -static void | |
391 | -genrsa_cb(int p, int n, void *arg) | |
392 | -{ | |
393 | -#ifdef LINT | |
394 | - p=n; | |
395 | -#endif | |
396 | -} | |
397 | - | |
398 | int | |
399 | __xenc_key_rsa_init (char *name) | |
400 | { | |
401 | RSA *rsa = NULL; | |
402 | - int num=1024; | |
403 | - unsigned long f4=RSA_F4; | |
404 | + BIGNUM *bn = NULL; | |
405 | int r; | |
406 | + | |
407 | xenc_key_t * pkey = xenc_get_key_by_name (name, 1); | |
408 | if (NULL == pkey) | |
409 | SQLR_NEW_KEY_ERROR (name); | |
410 | ||
411 | - rsa=RSA_generate_key(num,f4,genrsa_cb,NULL); | |
412 | + rsa = RSA_new(); | |
413 | + if (!rsa) | |
414 | + goto out; | |
415 | + bn = BN_new(); | |
416 | + if (!bn) | |
417 | + goto out; | |
418 | + if (!BN_set_word(bn, RSA_F4)) | |
419 | + goto out; | |
420 | + | |
421 | + if (!RSA_generate_key_ex(rsa, 1024, bn, NULL)) | |
422 | + goto out; | |
423 | + | |
424 | r = RSA_check_key(rsa); | |
425 | + if (r != 1) | |
426 | + goto out; | |
427 | pkey->ki.rsa.pad = RSA_PKCS1_PADDING; | |
428 | - if (rsa == NULL) | |
429 | - { | |
430 | - sqlr_new_error ("42000", "XENC06", | |
431 | - "RSA parameters generation error"); | |
432 | - } | |
433 | pkey->xek_rsa = rsa; | |
434 | pkey->xek_private_rsa = rsa; | |
435 | + BN_free(bn); | |
436 | return 0; | |
437 | +out: | |
438 | + if (bn) | |
439 | + BN_free(bn); | |
440 | + if (rsa) | |
441 | + RSA_free(rsa); | |
442 | + sqlr_new_error ("42000", "XENC06", | |
443 | + "RSA parameters generation error"); | |
444 | + return -1; | |
445 | } | |
446 | ||
447 | ||
448 | @@ -1455,19 +1464,19 @@ xenc_key_t * xenc_key_create_from_x509_c | |
449 | ||
450 | if (pkey) | |
451 | { | |
452 | - switch (EVP_PKEY_type (pkey->type)) | |
453 | + switch (EVP_PKEY_type (EVP_PKEY_id(pkey))) | |
454 | { | |
455 | case EVP_PKEY_DSA: | |
456 | sign_algoname = DSIG_DSA_SHA1_ALGO; | |
457 | enc_algoname = XENC_DSA_ALGO; | |
458 | - dsa = pkey->pkey.dsa; | |
459 | - private_dsa = private_key ? private_key->pkey.dsa : 0; | |
460 | + dsa = EVP_PKEY_get0_DSA(pkey); | |
461 | + private_dsa = private_key ? EVP_PKEY_get0_DSA(private_key) : 0; | |
462 | break; | |
463 | case EVP_PKEY_RSA: | |
464 | sign_algoname = DSIG_RSA_SHA1_ALGO; | |
465 | enc_algoname = XENC_RSA_ALGO; | |
466 | - rsa = pkey->pkey.rsa; | |
467 | - private_rsa = private_key ? private_key->pkey.rsa : 0; | |
468 | + rsa = EVP_PKEY_get0_RSA(pkey); | |
469 | + private_rsa = private_key ? EVP_PKEY_get0_RSA(private_key) : 0; | |
470 | break; | |
471 | default: | |
472 | goto finish; | |
473 | @@ -1516,13 +1525,6 @@ xenc_key_t * xenc_key_create_from_x509_c | |
474 | return k; | |
475 | } | |
476 | ||
477 | -static void dh_cb(int p, int n, void *arg) | |
478 | -{ | |
479 | -#ifdef LINT | |
480 | - p=n; | |
481 | -#endif | |
482 | -} | |
483 | - | |
484 | static /*xenc_key_DSA_create */ | |
485 | caddr_t bif_xenc_key_dsa_create (caddr_t * qst, caddr_t * err_r, state_slot_t ** args) | |
486 | { | |
487 | @@ -1588,15 +1590,21 @@ caddr_t bif_xenc_key_DH_create (caddr_t | |
488 | dh = DH_new (); | |
489 | bn_p = BN_bin2bn ((unsigned char *)mod, p_len, NULL); | |
490 | bn_g = BN_bin2bn (g_bin, 1, NULL); | |
491 | - dh->p = bn_p; | |
492 | - dh->g = bn_g; | |
493 | + if (dh) | |
494 | + DH_set0_pqg(dh, bn_p, NULL, bn_g); | |
495 | ||
496 | dk_free_box (mod_b64); | |
497 | dk_free_box (mod); | |
498 | } | |
499 | else | |
500 | { | |
501 | - dh = DH_generate_parameters (num, g, dh_cb, NULL); | |
502 | + dh = DH_new(); | |
503 | + if (dh) { | |
504 | + if (!DH_generate_parameters_ex(dh, num, g, NULL)) { | |
505 | + DH_free(dh); | |
506 | + dh = NULL; | |
507 | + } | |
508 | + } | |
509 | } | |
510 | if (!dh) | |
511 | { | |
512 | @@ -1626,7 +1634,7 @@ caddr_t bif_xenc_DH_get_params (caddr_t | |
513 | int n, len; | |
514 | caddr_t buf = NULL, ret, b64; | |
515 | DH *dh; | |
516 | - BIGNUM *num; | |
517 | + const BIGNUM *num; | |
518 | ||
519 | mutex_enter (xenc_keys_mtx); | |
520 | key = xenc_get_key_by_name (name, 0); | |
521 | @@ -1641,19 +1649,19 @@ caddr_t bif_xenc_DH_get_params (caddr_t | |
522 | switch (param) | |
523 | { | |
524 | case 1: | |
525 | - num = dh->p; | |
526 | + DH_get0_pqg(dh, &num, NULL, NULL); | |
527 | break; | |
528 | case 2: | |
529 | - num = dh->g; | |
530 | + DH_get0_pqg(dh, NULL, NULL, &num); | |
531 | break; | |
532 | case 3: | |
533 | - num = dh->pub_key; | |
534 | + DH_get0_key(dh, &num, NULL); | |
535 | break; | |
536 | case 4: | |
537 | - num = dh->priv_key; | |
538 | + DH_get0_key(dh, NULL, &num); | |
539 | break; | |
540 | default: | |
541 | - num = dh->pub_key; | |
542 | + DH_get0_key(dh, &num, NULL); | |
543 | } | |
544 | ||
545 | buf_len = (size_t)BN_num_bytes(num); | |
546 | @@ -1811,7 +1819,15 @@ caddr_t bif_xenc_key_rsa_create (caddr_t | |
547 | xenc_key_t * k; | |
548 | caddr_t name = bif_string_arg (qst, args, 0, "xenc_key_RSA_create"); | |
549 | int num = (int) bif_long_arg (qst, args, 1, "xenc_key_RSA_create"); | |
550 | - RSA *rsa = NULL; | |
551 | + RSA *rsa; | |
552 | + BIGNUM *bn; | |
553 | + | |
554 | + rsa = RSA_new(); | |
555 | + bn = BN_new(); | |
556 | + if (!rsa || !bn) | |
557 | + goto out; | |
558 | + if (!BN_set_word(bn, RSA_F4)) | |
559 | + goto out; | |
560 | ||
561 | mutex_enter (xenc_keys_mtx); | |
562 | if (NULL == (k = xenc_key_create (name, XENC_RSA_ALGO , DSIG_RSA_SHA1_ALGO, 0))) | |
563 | @@ -1820,12 +1836,11 @@ caddr_t bif_xenc_key_rsa_create (caddr_t | |
564 | SQLR_NEW_KEY_EXIST_ERROR (name); | |
565 | } | |
566 | ||
567 | - rsa = RSA_generate_key (num, RSA_F4, NULL, NULL); | |
568 | - | |
569 | - if (rsa == NULL) | |
570 | - { | |
571 | - sqlr_new_error ("42000", "XENC06", "RSA generation error"); | |
572 | - } | |
573 | + if (!RSA_generate_key_ex (rsa, num, bn, NULL)) { | |
574 | + mutex_leave (xenc_keys_mtx); | |
575 | + goto out; | |
576 | + } | |
577 | + BN_free(bn); | |
578 | ||
579 | k->xek_rsa = RSAPublicKey_dup (rsa); | |
580 | k->xek_private_rsa = rsa; | |
581 | @@ -1839,6 +1854,13 @@ caddr_t bif_xenc_key_rsa_create (caddr_t | |
582 | ||
583 | mutex_leave (xenc_keys_mtx); | |
584 | return NULL; | |
585 | +out: | |
586 | + if (bn) | |
587 | + BN_free(bn); | |
588 | + if (rsa) | |
589 | + RSA_free(rsa); | |
590 | + sqlr_new_error ("42000", "XENC06", "RSA generation error"); | |
591 | + return NULL; | |
592 | } | |
593 | ||
594 | xenc_key_t * | |
595 | @@ -2034,7 +2056,13 @@ int __xenc_key_dsa_init (char *name, int | |
596 | SQLR_NEW_KEY_ERROR (name); | |
597 | ||
598 | RAND_poll (); | |
599 | - dsa = DSA_generate_parameters(num, NULL, 0, NULL, NULL, dh_cb, NULL); | |
600 | + dsa = DSA_new(); | |
601 | + if (dsa) { | |
602 | + if (!DSA_generate_parameters_ex(dsa, num, NULL, 0, NULL, NULL, NULL)) { | |
603 | + DSA_free(dsa); | |
604 | + dsa = NULL; | |
605 | + } | |
606 | + } | |
607 | if (dsa == NULL) | |
608 | { | |
609 | sqlr_new_error ("42000", "XENC11", | |
610 | @@ -2058,7 +2086,13 @@ int __xenc_key_dh_init (char *name, int | |
611 | if (NULL == pkey) | |
612 | SQLR_NEW_KEY_ERROR (name); | |
613 | ||
614 | - dh = DH_generate_parameters (num, g, dh_cb, NULL); | |
615 | + dh = DH_new(); | |
616 | + if (dh) { | |
617 | + if (!DH_generate_parameters_ex(dh, num, g, NULL)) { | |
618 | + DH_free(dh); | |
619 | + dh = NULL; | |
620 | + } | |
621 | + } | |
622 | if (!dh) | |
623 | { | |
624 | sqlr_new_error ("42000", "XENC11", | |
625 | @@ -2280,12 +2314,12 @@ bif_xenc_key_rsa_read (caddr_t * qst, ca | |
626 | { | |
627 | in = BIO_new_mem_buf (key_base64, len); | |
628 | pkey = d2i_PUBKEY_bio (in, NULL); | |
629 | - if (pkey && pkey->type == EVP_PKEY_RSA) | |
630 | - p = pkey->pkey.rsa; | |
631 | + if (pkey && EVP_PKEY_id(pkey) == EVP_PKEY_RSA) | |
632 | + p = EVP_PKEY_get0_RSA(pkey); | |
633 | BIO_reset (in); | |
634 | pkkey = d2i_PrivateKey_bio (in, NULL); | |
635 | - if (pkkey && pkkey->type == EVP_PKEY_RSA) | |
636 | - r = pkkey->pkey.rsa; | |
637 | + if (pkkey && EVP_PKEY_id(pkkey) == EVP_PKEY_RSA) | |
638 | + r = EVP_PKEY_get0_RSA(pkkey); | |
639 | BIO_free (in); | |
640 | } | |
641 | else | |
642 | @@ -2304,9 +2338,11 @@ bif_xenc_key_rsa_read (caddr_t * qst, ca | |
643 | ||
644 | if (!p) | |
645 | { | |
646 | + const BIGNUM *n, *e; | |
647 | + | |
648 | + RSA_get0_key(r, &n, &e, NULL); | |
649 | p = RSA_new (); | |
650 | - p->n = BN_dup (r->n); | |
651 | - p->e = BN_dup (r->e); | |
652 | + RSA_set0_key(p, BN_dup(n), BN_dup(e), NULL); | |
653 | } | |
654 | ||
655 | mutex_enter (xenc_keys_mtx); | |
656 | @@ -2355,14 +2391,13 @@ bif_xenc_key_rsa_construct (caddr_t * qs | |
657 | p = RSA_new (); | |
658 | n = BN_bin2bn ((unsigned char *) mod, box_length (mod) - 1, NULL); | |
659 | e = BN_bin2bn ((unsigned char *) exp, box_length (exp) - 1, NULL); | |
660 | - p->n = n; | |
661 | - p->e = e; | |
662 | + RSA_set0_key(p, n, e, NULL); | |
663 | if (pexp) | |
664 | { | |
665 | pk = RSA_new (); | |
666 | - pk->d = BN_bin2bn ((unsigned char *) pexp, box_length (pexp) - 1, NULL); | |
667 | - pk->n = BN_dup (n); | |
668 | - pk->e = BN_dup (e); | |
669 | + RSA_set0_key(p, BN_dup(n), | |
670 | + BN_dup(e), | |
671 | + BN_bin2bn ((unsigned char *) pexp, box_length (pexp) - 1, NULL)); | |
672 | } | |
673 | mutex_enter (xenc_keys_mtx); | |
674 | k = xenc_key_create (name, XENC_RSA_ALGO, DSIG_RSA_SHA1_ALGO, 0); | |
675 | @@ -4086,7 +4121,7 @@ void xenc_tag_free (xenc_tag_t * t) | |
676 | #endif | |
677 | } | |
678 | ||
679 | -xenc_tag_t * xenc_tag_add_child_BN (xenc_tag_t * tag, BIGNUM * bn) | |
680 | +static xenc_tag_t * xenc_tag_add_child_BN (xenc_tag_t * tag, const BIGNUM * bn) | |
681 | { | |
682 | char * buffer = dk_alloc_box (BN_num_bytes (bn), DV_BIN); | |
683 | char * buffer_base64 = dk_alloc_box (box_length (buffer) * 2, DV_STRING); | |
684 | @@ -4111,12 +4146,15 @@ caddr_t ** xenc_generate_ext_info (xenc_ | |
685 | caddr_t ** array; | |
686 | if (key->xek_type == DSIG_KEY_RSA) | |
687 | { | |
688 | + const BIGNUM *rsa_n, *rsa_e; | |
689 | + | |
690 | + RSA_get0_key(key->ki.rsa.rsa_st, &rsa_n, &rsa_e, NULL); | |
691 | xenc_tag_t * rsakeyval = xenc_tag_create (DSIG_URI, ":RSAKeyValue"); | |
692 | xenc_tag_t * rsamodulus = xenc_tag_create (DSIG_URI, ":Modulus"); | |
693 | xenc_tag_t * rsaexponent = xenc_tag_create (DSIG_URI, ":Exponent"); | |
694 | ||
695 | - xenc_tag_add_child_BN (rsamodulus, key->ki.rsa.rsa_st->n); | |
696 | - xenc_tag_add_child_BN (rsaexponent, key->ki.rsa.rsa_st->e); | |
697 | + xenc_tag_add_child_BN (rsamodulus, rsa_n); | |
698 | + xenc_tag_add_child_BN (rsaexponent, rsa_e); | |
699 | ||
700 | xenc_tag_add_child (rsakeyval, xenc_tag_finalize (rsamodulus)); | |
701 | xenc_tag_add_child (rsakeyval, xenc_tag_finalize (rsaexponent)); | |
702 | @@ -4135,12 +4173,15 @@ caddr_t ** xenc_generate_ext_info (xenc_ | |
703 | xenc_tag_t * g = xenc_tag_create (DSIG_URI, ":G"); | |
704 | xenc_tag_t * y = xenc_tag_create (DSIG_URI, ":Y"); | |
705 | DSA * dsa = key->ki.dsa.dsa_st; | |
706 | + const BIGNUM *dsa_p, *dsa_q, *dsa_g, *dsa_pub_key; | |
707 | ||
708 | + DSA_get0_pqg(dsa, &dsa_p, &dsa_q, &dsa_g); | |
709 | + DSA_get0_key(dsa, &dsa_pub_key, NULL); | |
710 | ||
711 | - xenc_tag_add_child_BN (p, dsa->p); | |
712 | - xenc_tag_add_child_BN (p, dsa->q); | |
713 | - xenc_tag_add_child_BN (p, dsa->g); | |
714 | - xenc_tag_add_child_BN (p, dsa->pub_key); | |
715 | + xenc_tag_add_child_BN (p, dsa_p); | |
716 | + xenc_tag_add_child_BN (p, dsa_q); | |
717 | + xenc_tag_add_child_BN (p, dsa_g); | |
718 | + xenc_tag_add_child_BN (p, dsa_pub_key); | |
719 | ||
720 | xenc_tag_add_child (dsakeyval, xenc_tag_finalize (p)); | |
721 | xenc_tag_add_child (dsakeyval, xenc_tag_finalize (q)); | |
722 | @@ -6187,7 +6228,7 @@ caddr_t xenc_x509_get_key_identifier (X5 | |
723 | ||
724 | ret = dk_alloc_box (ikeyid->length, DV_BIN); | |
725 | memcpy (ret, ikeyid->data, ikeyid->length); | |
726 | - M_ASN1_OCTET_STRING_free(ikeyid); | |
727 | + ASN1_STRING_free(ikeyid); | |
728 | return ret; | |
729 | } | |
730 | ||
731 | @@ -6247,7 +6288,7 @@ bif_x509_get_subject (caddr_t * qst, cad | |
732 | ||
733 | ret = dk_alloc_box (ikeyid->length, DV_BIN); | |
734 | memcpy (ret, ikeyid->data, ikeyid->length); | |
735 | - M_ASN1_OCTET_STRING_free(ikeyid); | |
736 | + ASN1_STRING_free(ikeyid); | |
737 | return ret; | |
738 | } | |
739 | ||
740 | @@ -6806,7 +6847,7 @@ bif_xenc_x509_csr_generate (caddr_t * qs | |
741 | sk_X509_EXTENSION_push(st_exts, ex); | |
742 | } | |
743 | X509_REQ_add_extensions(x, st_exts); | |
744 | - if (!X509_REQ_sign (x, pk, (pk->type == EVP_PKEY_RSA ? EVP_md5() : EVP_dss1()))) | |
745 | + if (!X509_REQ_sign (x, pk, (EVP_PKEY_id(pk) == EVP_PKEY_RSA ? EVP_md5() : EVP_sha1()))) | |
746 | { | |
747 | pk = NULL; /* keep one in the xenc_key */ | |
748 | *err_ret = srv_make_new_error ("42000", "XECXX", "Can not sign certificate : %s", get_ssl_error_text (buf, sizeof (buf))); | |
749 | @@ -6945,17 +6986,17 @@ bif_xenc_x509_from_csr (caddr_t * qst, c | |
750 | *err_ret = srv_make_new_error ("42000", "XECXX", "Can not sign certificate"); | |
751 | goto err; | |
752 | } | |
753 | - switch (EVP_PKEY_type (cli_pk->type)) | |
754 | + switch (EVP_PKEY_type (EVP_PKEY_id(cli_pk))) | |
755 | { | |
756 | case EVP_PKEY_DSA: | |
757 | sign_algoname = DSIG_DSA_SHA1_ALGO; | |
758 | enc_algoname = XENC_DSA_ALGO; | |
759 | - dsa = cli_pk->pkey.dsa; | |
760 | + dsa = EVP_PKEY_get0_DSA(cli_pk); | |
761 | break; | |
762 | case EVP_PKEY_RSA: | |
763 | sign_algoname = DSIG_RSA_SHA1_ALGO; | |
764 | enc_algoname = XENC_RSA_ALGO; | |
765 | - rsa = cli_pk->pkey.rsa; | |
766 | + rsa = EVP_PKEY_get0_RSA(cli_pk); | |
767 | break; | |
768 | default: | |
769 | *err_ret = srv_make_new_error ("42000", "XECXX", "The type of public key is not supported mus tbe RSA or DSA"); | |
770 | @@ -7152,16 +7193,16 @@ bif_xenc_pubkey_pem_export (caddr_t * qs | |
771 | { | |
772 | k = X509_get_pubkey (key->xek_x509); | |
773 | #ifdef EVP_PKEY_RSA | |
774 | - if (k->type == EVP_PKEY_RSA) | |
775 | + if (EVP_PKEY_id(k) == EVP_PKEY_RSA) | |
776 | { | |
777 | - RSA * x = k->pkey.rsa; | |
778 | + RSA *x = EVP_PKEY_get0_RSA(k); | |
779 | PEM_write_bio_RSA_PUBKEY (b, x); | |
780 | } | |
781 | #endif | |
782 | #ifdef EVP_PKEY_DSA | |
783 | - if (k->type == EVP_PKEY_DSA) | |
784 | + if (EVP_PKEY_id(k) == EVP_PKEY_DSA) | |
785 | { | |
786 | - DSA * x = k->pkey.dsa; | |
787 | + DSA * x = EVP_PKEY_get0_DSA(k); | |
788 | PEM_write_bio_DSA_PUBKEY (b, x); | |
789 | } | |
790 | #endif | |
791 | @@ -7208,16 +7249,16 @@ bif_xenc_pubkey_der_export (caddr_t * qs | |
792 | { | |
793 | k = X509_get_pubkey (key->xek_x509); | |
794 | #ifdef EVP_PKEY_RSA | |
795 | - if (k->type == EVP_PKEY_RSA) | |
796 | + if (EVP_PKEY_id(k) == EVP_PKEY_RSA) | |
797 | { | |
798 | - RSA * x = k->pkey.rsa; | |
799 | + RSA * x = EVP_PKEY_get0_RSA(k); | |
800 | i2d_RSA_PUBKEY_bio (b, x); | |
801 | } | |
802 | #endif | |
803 | #ifdef EVP_PKEY_DSA | |
804 | - if (k->type == EVP_PKEY_DSA) | |
805 | + if (EVP_PKEY_id(k) == EVP_PKEY_DSA) | |
806 | { | |
807 | - DSA * x = k->pkey.dsa; | |
808 | + DSA * x = EVP_PKEY_get0_DSA(k); | |
809 | i2d_DSA_PUBKEY_bio (b, x); | |
810 | } | |
811 | #endif | |
812 | @@ -7245,7 +7286,7 @@ err: | |
813 | } | |
814 | ||
815 | static caddr_t | |
816 | -BN2binbox (BIGNUM * x) | |
817 | +BN2binbox (const BIGNUM * x) | |
818 | { | |
819 | size_t buf_len, n; | |
820 | caddr_t buf; | |
821 | @@ -7280,8 +7321,14 @@ static caddr_t | |
822 | xenc_rsa_pub_magic (RSA * x) | |
823 | { | |
824 | caddr_t ret; | |
825 | - caddr_t n = BN2binbox (x->n); /* modulus */ | |
826 | - caddr_t e = BN2binbox (x->e); /* public exponent */ | |
827 | + caddr_t n; | |
828 | + caddr_t e; | |
829 | + const BIGNUM *rsa_n, *rsa_e; | |
830 | + | |
831 | + RSA_get0_key(x, &rsa_n, &rsa_e, NULL); | |
832 | + n = BN2binbox (rsa_n); /* modulus */ | |
833 | + e = BN2binbox (rsa_e); /* public exponent */ | |
834 | + | |
835 | n = xenc_encode_base64_binbox (n, 1); | |
836 | e = xenc_encode_base64_binbox (e, 1); | |
837 | ret = dk_alloc_box (box_length (n) + box_length (e) + 4 /* two dots - one trailing zero + RSA prefix */, DV_STRING); | |
838 | @@ -7306,9 +7353,9 @@ bif_xenc_pubkey_magic_export (caddr_t * | |
839 | { | |
840 | k = X509_get_pubkey (key->xek_x509); | |
841 | #ifdef EVP_PKEY_RSA | |
842 | - if (k->type == EVP_PKEY_RSA) | |
843 | + if (EVP_PKEY_id(k) == EVP_PKEY_RSA) | |
844 | { | |
845 | - RSA * x = k->pkey.rsa; | |
846 | + RSA * x = EVP_PKEY_get0_RSA(k); | |
847 | ret = xenc_rsa_pub_magic (x); | |
848 | } | |
849 | #endif | |
850 | @@ -7349,10 +7396,16 @@ static caddr_t | |
851 | xenc_rsa_pub_ssh_export (RSA * x) | |
852 | { | |
853 | static char * ssh_header = "\x00\x00\x00\x07ssh-rsa"; | |
854 | + const BIGNUM *rsa_n, *rsa_e; | |
855 | caddr_t ret; | |
856 | int len, pos; | |
857 | - caddr_t n = BN2binbox (x->n); /* modulus */ | |
858 | - caddr_t e = BN2binbox (x->e); /* public exponent */ | |
859 | + caddr_t n; | |
860 | + caddr_t e; | |
861 | + | |
862 | + RSA_get0_key(x, &rsa_n, &rsa_e, NULL); | |
863 | + n = BN2binbox (rsa_n); /* modulus */ | |
864 | + e = BN2binbox (rsa_e); /* public exponent */ | |
865 | + | |
866 | len = 11 + 8 + box_length (n) + box_length (e); | |
867 | if (n[0] & 0x80) | |
868 | len ++; | |
869 | @@ -7383,9 +7436,9 @@ bif_xenc_pubkey_ssh_export (caddr_t * qs | |
870 | { | |
871 | k = X509_get_pubkey (key->xek_x509); | |
872 | #ifdef EVP_PKEY_RSA | |
873 | - if (k->type == EVP_PKEY_RSA) | |
874 | + if (EVP_PKEY_id(k) == EVP_PKEY_RSA) | |
875 | { | |
876 | - RSA * x = k->pkey.rsa; | |
877 | + RSA * x = EVP_PKEY_get0_RSA(k); | |
878 | ret = xenc_rsa_pub_ssh_export (x); | |
879 | } | |
880 | #endif | |
881 | @@ -7418,7 +7471,7 @@ bif_xenc_SPKI_read (caddr_t * qst, caddr | |
882 | return NULL; | |
883 | } | |
884 | pk = NETSCAPE_SPKI_get_pubkey (spki); | |
885 | - if (!pk || pk->type != EVP_PKEY_RSA) | |
886 | + if (!pk || EVP_PKEY_id(pk) != EVP_PKEY_RSA) | |
887 | { | |
888 | NETSCAPE_SPKI_free (spki); | |
889 | *err_ret = srv_make_new_error ("42000", "XECXX", "Can not retrieve RSA key"); | |
890 | @@ -7595,14 +7648,14 @@ bif_xenc_x509_ca_certs_list (caddr_t * q | |
891 | sec_check_dba ((QI*)qst, me); | |
892 | in = BIO_new (BIO_s_mem ()); | |
893 | mutex_enter (xenc_keys_mtx); | |
894 | - certs = CA_certs->objs; | |
895 | + certs = X509_STORE_get0_objects(CA_certs); | |
896 | len = sk_X509_OBJECT_num (certs); | |
897 | for (i = 0; i < len; i++) | |
898 | { | |
899 | X509_OBJECT * obj = sk_X509_OBJECT_value (certs, i); | |
900 | - if (obj->type == X509_LU_X509) | |
901 | + if (X509_OBJECT_get_type(obj) == X509_LU_X509) | |
902 | { | |
903 | - X509 *x = obj->data.x509; | |
904 | + X509 *x = X509_OBJECT_get0_X509(obj); | |
905 | caddr_t itm; | |
906 | int blen; | |
907 | BIO_reset (in); | |
908 | --- a/libsrc/Wi/xmlenc.h | |
909 | +++ b/libsrc/Wi/xmlenc.h | |
910 | @@ -38,6 +38,7 @@ | |
911 | #include <openssl/dsa.h> | |
912 | #include <openssl/rsa.h> | |
913 | #include <openssl/des.h> | |
914 | +#include <openssl/hmac.h> | |
915 | ||
916 | #ifdef AES_ENC_ENABLE | |
917 | #include <openssl/aes.h> | |
918 | @@ -631,5 +632,183 @@ caddr_t * xml_find_any_child (caddr_t * | |
919 | ||
920 | extern dk_mutex_t * xenc_keys_mtx; | |
921 | ||
922 | +#if OPENSSL_VERSION_NUMBER < 0x10100000 | |
923 | + | |
924 | +static inline HMAC_CTX *HMAC_CTX_new(void) | |
925 | +{ | |
926 | + HMAC_CTX *p; | |
927 | + | |
928 | + p = calloc(1, sizeof(HMAC_CTX)); | |
929 | + if (!p) | |
930 | + return p; | |
931 | + HMAC_CTX_init(p); | |
932 | + return p; | |
933 | +} | |
934 | + | |
935 | +static inline void HMAC_CTX_free(HMAC_CTX *ctx) | |
936 | +{ | |
937 | + HMAC_CTX_cleanup(ctx); | |
938 | + free(ctx); | |
939 | +} | |
940 | + | |
941 | +static inline void RSA_get0_key(const RSA *r, const BIGNUM **n, | |
942 | + const BIGNUM **e, const BIGNUM **d) | |
943 | +{ | |
944 | + if (n != NULL) | |
945 | + *n = r->n; | |
946 | + if (e != NULL) | |
947 | + *e = r->e; | |
948 | + if (d != NULL) | |
949 | + *d = r->d; | |
950 | +} | |
951 | + | |
952 | +static inline void RSA_get0_factors(const RSA *r, const BIGNUM **p, | |
953 | + const BIGNUM **q) | |
954 | +{ | |
955 | + if (p != NULL) | |
956 | + *p = r->p; | |
957 | + if (q != NULL) | |
958 | + *q = r->q; | |
959 | +} | |
960 | + | |
961 | +static inline RSA *EVP_PKEY_get0_RSA(EVP_PKEY *pkey) | |
962 | +{ | |
963 | + if (pkey->type != EVP_PKEY_RSA) | |
964 | + return NULL; | |
965 | + return pkey->pkey.rsa; | |
966 | +} | |
967 | + | |
968 | +static inline void DH_get0_key(const DH *dh, const BIGNUM **pub_key, | |
969 | + const BIGNUM **priv_key) | |
970 | +{ | |
971 | + if (pub_key != NULL) | |
972 | + *pub_key = dh->pub_key; | |
973 | + if (priv_key != NULL) | |
974 | + *priv_key = dh->priv_key; | |
975 | +} | |
976 | + | |
977 | + | |
978 | +static inline void DH_get0_pqg(const DH *dh, const BIGNUM **p, const BIGNUM **q, | |
979 | + const BIGNUM **g) | |
980 | +{ | |
981 | + if (p != NULL) | |
982 | + *p = dh->p; | |
983 | + if (q != NULL) | |
984 | + *q = dh->q; | |
985 | + if (g != NULL) | |
986 | + *g = dh->g; | |
987 | +} | |
988 | + | |
989 | +static inline DSA *EVP_PKEY_get0_DSA(EVP_PKEY *pkey) | |
990 | +{ | |
991 | + if (pkey->type != EVP_PKEY_DSA) | |
992 | + return NULL; | |
993 | + return pkey->pkey.dsa; | |
994 | +} | |
995 | + | |
996 | +static inline int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g) | |
997 | +{ | |
998 | + /* If the fields p and g in d are NULL, the corresponding input | |
999 | + * parameters MUST be non-NULL. q may remain NULL. | |
1000 | + */ | |
1001 | + if ((dh->p == NULL && p == NULL) | |
1002 | + || (dh->g == NULL && g == NULL)) | |
1003 | + return 0; | |
1004 | + | |
1005 | + if (p != NULL) { | |
1006 | + BN_free(dh->p); | |
1007 | + dh->p = p; | |
1008 | + } | |
1009 | + if (q != NULL) { | |
1010 | + BN_free(dh->q); | |
1011 | + dh->q = q; | |
1012 | + } | |
1013 | + if (g != NULL) { | |
1014 | + BN_free(dh->g); | |
1015 | + dh->g = g; | |
1016 | + } | |
1017 | + | |
1018 | + if (q != NULL) { | |
1019 | + dh->length = BN_num_bits(q); | |
1020 | + } | |
1021 | + | |
1022 | + return 1; | |
1023 | +} | |
1024 | + | |
1025 | +static inline int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d) | |
1026 | +{ | |
1027 | + /* If the fields n and e in r are NULL, the corresponding input | |
1028 | + * parameters MUST be non-NULL for n and e. d may be | |
1029 | + * left NULL (in case only the public key is used). | |
1030 | + */ | |
1031 | + if ((r->n == NULL && n == NULL) | |
1032 | + || (r->e == NULL && e == NULL)) | |
1033 | + return 0; | |
1034 | + | |
1035 | + if (n != NULL) { | |
1036 | + BN_free(r->n); | |
1037 | + r->n = n; | |
1038 | + } | |
1039 | + if (e != NULL) { | |
1040 | + BN_free(r->e); | |
1041 | + r->e = e; | |
1042 | + } | |
1043 | + if (d != NULL) { | |
1044 | + BN_free(r->d); | |
1045 | + r->d = d; | |
1046 | + } | |
1047 | + | |
1048 | + return 1; | |
1049 | +} | |
1050 | + | |
1051 | +static inline void DSA_get0_pqg(const DSA *d, const BIGNUM **p, | |
1052 | + const BIGNUM **q, const BIGNUM **g) | |
1053 | +{ | |
1054 | + if (p != NULL) | |
1055 | + *p = d->p; | |
1056 | + if (q != NULL) | |
1057 | + *q = d->q; | |
1058 | + if (g != NULL) | |
1059 | + *g = d->g; | |
1060 | +} | |
1061 | + | |
1062 | +static inline void DSA_get0_key(const DSA *d, const BIGNUM **pub_key, | |
1063 | + const BIGNUM **priv_key) | |
1064 | +{ | |
1065 | + if (pub_key != NULL) | |
1066 | + *pub_key = d->pub_key; | |
1067 | + if (priv_key != NULL) | |
1068 | + *priv_key = d->priv_key; | |
1069 | +} | |
1070 | + | |
1071 | +static inline const STACK_OF(X509_EXTENSION) *X509_get0_extensions(const X509 *x) | |
1072 | +{ | |
1073 | + return x->cert_info->extensions; | |
1074 | +} | |
1075 | + | |
1076 | +static inline int X509_up_ref(X509 *x) | |
1077 | +{ | |
1078 | + return CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509); | |
1079 | +} | |
1080 | + | |
1081 | +static inline STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(X509_STORE *v) | |
1082 | +{ | |
1083 | + return v->objs; | |
1084 | +} | |
1085 | + | |
1086 | +static inline int X509_OBJECT_get_type(const X509_OBJECT *a) | |
1087 | +{ | |
1088 | + return a->type; | |
1089 | +} | |
1090 | + | |
1091 | +static inline X509 *X509_OBJECT_get0_X509(const X509_OBJECT *a) | |
1092 | +{ | |
1093 | + if (a == NULL || a->type != X509_LU_X509) | |
1094 | + return NULL; | |
1095 | + return a->data.x509; | |
1096 | +} | |
1097 | + | |
1098 | +#endif | |
1099 | + | |
1100 | #endif | |
1101 | ||
1102 | --- a/libsrc/Wi/xmlenc_algos.c | |
1103 | +++ b/libsrc/Wi/xmlenc_algos.c | |
1104 | @@ -1149,7 +1149,7 @@ int | |
1105 | dsig_hmac_sha256_digest (dk_session_t * ses_in, long len, xenc_key_t * key, caddr_t * sign_out) | |
1106 | { | |
1107 | unsigned char * data; | |
1108 | - HMAC_CTX ctx; | |
1109 | + HMAC_CTX *ctx; | |
1110 | unsigned char key_data[32 * 8]; | |
1111 | unsigned char md [SHA256_DIGEST_LENGTH + 1]; | |
1112 | unsigned char md64 [SHA256_DIGEST_LENGTH * 2 + 1]; | |
1113 | @@ -1182,7 +1182,9 @@ dsig_hmac_sha256_digest (dk_session_t * | |
1114 | default: | |
1115 | return 0; | |
1116 | } | |
1117 | - | |
1118 | + ctx = HMAC_CTX_new(); | |
1119 | + if (!ctx) | |
1120 | + return 0; | |
1121 | ||
1122 | data = (unsigned char *) dk_alloc_box (len, DV_C_STRING); | |
1123 | CATCH_READ_FAIL (ses_in) | |
1124 | @@ -1192,14 +1194,15 @@ dsig_hmac_sha256_digest (dk_session_t * | |
1125 | FAILED | |
1126 | { | |
1127 | dk_free_box ((box_t) data); | |
1128 | + HMAC_CTX_free(ctx); | |
1129 | return 0; | |
1130 | } | |
1131 | END_READ_FAIL (ses_in); | |
1132 | ||
1133 | - HMAC_Init(&ctx, (void*) key_data , key_len, EVP_sha256 ()); | |
1134 | - HMAC_Update(&ctx, data, len); | |
1135 | - HMAC_Final(&ctx, md, &hmac_len); | |
1136 | - HMAC_cleanup(&ctx); | |
1137 | + HMAC_Init_ex(ctx, (void*) key_data , key_len, EVP_sha256 (), NULL); | |
1138 | + HMAC_Update(ctx, data, len); | |
1139 | + HMAC_Final(ctx, md, &hmac_len); | |
1140 | + HMAC_CTX_free(ctx); | |
1141 | ||
1142 | if (hmac_len != SHA256_DIGEST_LENGTH) | |
1143 | GPF_T; | |
1144 | @@ -1220,7 +1223,7 @@ dsig_hmac_sha256_digest (dk_session_t * | |
1145 | int | |
1146 | dsig_hmac_sha256_verify (dk_session_t * ses_in, long len, xenc_key_t * key, caddr_t digest) | |
1147 | { | |
1148 | - HMAC_CTX ctx; | |
1149 | + HMAC_CTX *ctx; | |
1150 | unsigned char * data; | |
1151 | unsigned char key_data[3 * 8]; | |
1152 | unsigned char md [SHA256_DIGEST_LENGTH + 1]; | |
1153 | @@ -1249,6 +1252,9 @@ dsig_hmac_sha256_verify (dk_session_t * | |
1154 | return 0; | |
1155 | } | |
1156 | ||
1157 | + ctx = HMAC_CTX_new(); | |
1158 | + if (!ctx) | |
1159 | + return 0; | |
1160 | ||
1161 | data = (unsigned char *) dk_alloc_box (len, DV_C_STRING); | |
1162 | CATCH_READ_FAIL (ses_in) | |
1163 | @@ -1258,14 +1264,15 @@ dsig_hmac_sha256_verify (dk_session_t * | |
1164 | FAILED | |
1165 | { | |
1166 | dk_free_box ((box_t) data); | |
1167 | + HMAC_CTX_free(ctx); | |
1168 | return 0; | |
1169 | } | |
1170 | END_READ_FAIL (ses_in); | |
1171 | ||
1172 | - HMAC_Init(&ctx, (void*) key_data , key_len, EVP_sha256 ()); | |
1173 | - HMAC_Update(&ctx, data, len); | |
1174 | - HMAC_Final(&ctx, md, &hmac_len); | |
1175 | - HMAC_cleanup(&ctx); | |
1176 | + HMAC_Init_ex(ctx, (void*) key_data , key_len, EVP_sha256 (), NULL); | |
1177 | + HMAC_Update(ctx, data, len); | |
1178 | + HMAC_Final(ctx, md, &hmac_len); | |
1179 | + HMAC_CTX_free(ctx); | |
1180 | dk_free_box ((box_t) data); | |
1181 | ||
1182 | len1 = xenc_encode_base64 ((char *)md, md64, hmac_len); | |
1183 | @@ -1586,7 +1593,7 @@ int | |
1184 | dsig_hmac_sha1_digest (dk_session_t * ses_in, long len, xenc_key_t * key, caddr_t * sign_out) | |
1185 | { | |
1186 | unsigned char * data; | |
1187 | - HMAC_CTX ctx; | |
1188 | + HMAC_CTX *ctx; | |
1189 | unsigned char key_data[32 * 8]; | |
1190 | unsigned char md [SHA_DIGEST_LENGTH + 1]; | |
1191 | unsigned char md64 [SHA_DIGEST_LENGTH * 2 + 1]; | |
1192 | @@ -1620,6 +1627,9 @@ dsig_hmac_sha1_digest (dk_session_t * se | |
1193 | return 0; | |
1194 | } | |
1195 | ||
1196 | + ctx = HMAC_CTX_new(); | |
1197 | + if (!ctx) | |
1198 | + return 0; | |
1199 | ||
1200 | data = (unsigned char *) dk_alloc_box (len, DV_C_STRING); | |
1201 | CATCH_READ_FAIL (ses_in) | |
1202 | @@ -1629,14 +1639,15 @@ dsig_hmac_sha1_digest (dk_session_t * se | |
1203 | FAILED | |
1204 | { | |
1205 | dk_free_box ((box_t) data); | |
1206 | + HMAC_CTX_free(ctx); | |
1207 | return 0; | |
1208 | } | |
1209 | END_READ_FAIL (ses_in); | |
1210 | ||
1211 | - HMAC_Init(&ctx, (void*) key_data , key_len, EVP_sha1 ()); | |
1212 | - HMAC_Update(&ctx, data, len); | |
1213 | - HMAC_Final(&ctx, md, &hmac_len); | |
1214 | - HMAC_cleanup(&ctx); | |
1215 | + HMAC_Init_ex(ctx, (void*) key_data , key_len, EVP_sha1 (), NULL); | |
1216 | + HMAC_Update(ctx, data, len); | |
1217 | + HMAC_Final(ctx, md, &hmac_len); | |
1218 | + HMAC_CTX_free(ctx); | |
1219 | ||
1220 | if (hmac_len != SHA_DIGEST_LENGTH) | |
1221 | GPF_T; | |
1222 | @@ -1657,7 +1668,7 @@ dsig_hmac_sha1_digest (dk_session_t * se | |
1223 | int | |
1224 | dsig_hmac_sha1_verify (dk_session_t * ses_in, long len, xenc_key_t * key, caddr_t digest) | |
1225 | { | |
1226 | - HMAC_CTX ctx; | |
1227 | + HMAC_CTX *ctx; | |
1228 | unsigned char * data; | |
1229 | unsigned char key_data[3 * 8]; | |
1230 | unsigned char md [SHA_DIGEST_LENGTH + 1]; | |
1231 | @@ -1686,6 +1697,9 @@ dsig_hmac_sha1_verify (dk_session_t * se | |
1232 | return 0; | |
1233 | } | |
1234 | ||
1235 | + ctx = HMAC_CTX_new(); | |
1236 | + if (!ctx) | |
1237 | + return 0; | |
1238 | ||
1239 | data = (unsigned char *) dk_alloc_box (len, DV_C_STRING); | |
1240 | CATCH_READ_FAIL (ses_in) | |
1241 | @@ -1695,14 +1709,15 @@ dsig_hmac_sha1_verify (dk_session_t * se | |
1242 | FAILED | |
1243 | { | |
1244 | dk_free_box ((box_t) data); | |
1245 | + HMAC_CTX_free(ctx); | |
1246 | return 0; | |
1247 | } | |
1248 | END_READ_FAIL (ses_in); | |
1249 | ||
1250 | - HMAC_Init(&ctx, (void*) key_data , key_len, EVP_sha1 ()); | |
1251 | - HMAC_Update(&ctx, data, len); | |
1252 | - HMAC_Final(&ctx, md, &hmac_len); | |
1253 | - HMAC_cleanup(&ctx); | |
1254 | + HMAC_Init_ex(ctx, (void*) key_data , key_len, EVP_sha1 (), NULL); | |
1255 | + HMAC_Update(ctx, data, len); | |
1256 | + HMAC_Final(ctx, md, &hmac_len); | |
1257 | + HMAC_CTX_free(ctx); | |
1258 | dk_free_box ((box_t) data); | |
1259 | ||
1260 | len1 = xenc_encode_base64 ((char *)md, md64, hmac_len); | |
1261 | @@ -1763,7 +1778,7 @@ int xenc_aes_encryptor (dk_session_t * s | |
1262 | caddr_t outbuf_beg; | |
1263 | int len; | |
1264 | caddr_t encoded_out; | |
1265 | - EVP_CIPHER_CTX ctx; | |
1266 | + EVP_CIPHER_CTX *ctx; | |
1267 | unsigned char * ivec = &key->ki.aes.iv[0]; | |
1268 | ||
1269 | CATCH_READ_FAIL (ses_in) | |
1270 | @@ -1778,7 +1793,7 @@ int xenc_aes_encryptor (dk_session_t * s | |
1271 | END_READ_FAIL (ses_in); | |
1272 | ||
1273 | #if 1 | |
1274 | - EVP_CIPHER_CTX_init(&ctx); | |
1275 | + ctx = EVP_CIPHER_CTX_new(); | |
1276 | outbuf_beg = dk_alloc_box (box_length (text) + 16, DV_BIN); | |
1277 | memcpy (outbuf_beg, ivec, 16); | |
1278 | outbuf = outbuf_beg + 16; | |
1279 | @@ -1786,20 +1801,19 @@ int xenc_aes_encryptor (dk_session_t * s | |
1280 | switch (key->ki.aes.bits) | |
1281 | { | |
1282 | case 128: | |
1283 | - EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, key->ki.aes.k, ivec); | |
1284 | + EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, key->ki.aes.k, ivec); | |
1285 | break; | |
1286 | case 192: | |
1287 | - EVP_EncryptInit_ex(&ctx, EVP_aes_192_cbc(), NULL, key->ki.aes.k, ivec); | |
1288 | + EVP_EncryptInit_ex(ctx, EVP_aes_192_cbc(), NULL, key->ki.aes.k, ivec); | |
1289 | break; | |
1290 | case 256: | |
1291 | - EVP_EncryptInit_ex(&ctx, EVP_aes_256_cbc(), NULL, key->ki.aes.k, ivec); | |
1292 | + EVP_EncryptInit_ex(ctx, EVP_aes_256_cbc(), NULL, key->ki.aes.k, ivec); | |
1293 | break; | |
1294 | default: | |
1295 | GPF_T1 ("Unsupported key size"); | |
1296 | } | |
1297 | - if(!EVP_EncryptUpdate(&ctx, (unsigned char *)outbuf, &outlen, (unsigned char *)text, box_length (text))) | |
1298 | + if(!EVP_EncryptUpdate(ctx, (unsigned char *)outbuf, &outlen, (unsigned char *)text, box_length (text))) | |
1299 | { | |
1300 | - EVP_CIPHER_CTX_cleanup(&ctx); | |
1301 | dk_free_box (text); | |
1302 | dk_free_box (outbuf_beg); | |
1303 | xenc_report_error (t, 500, XENC_ENC_ERR, "AES encryption internal error #2"); | |
1304 | @@ -1812,7 +1826,7 @@ int xenc_aes_encryptor (dk_session_t * s | |
1305 | xenc_report_error (t, 500, XENC_ENC_ERR, "AES encryption internal error #3"); | |
1306 | } */ | |
1307 | /* outlen += tmplen; */ | |
1308 | - EVP_CIPHER_CTX_cleanup(&ctx); | |
1309 | + EVP_CIPHER_CTX_free(ctx); | |
1310 | ||
1311 | #else | |
1312 | outbuf_beg = dk_alloc_box (box_length (text) + 16 /* iv */, DV_BIN); | |
1313 | @@ -2050,6 +2064,7 @@ xenc_rsa_decryptor (dk_session_t * ses_i | |
1314 | int len = 0; | |
1315 | int keysize; | |
1316 | RSA * rsa = key->xek_private_rsa; | |
1317 | + const BIGNUM *p, *q; | |
1318 | ||
1319 | if (!seslen) | |
1320 | { | |
1321 | @@ -2062,9 +2077,9 @@ xenc_rsa_decryptor (dk_session_t * ses_i | |
1322 | xenc_report_error (t, 500 + strlen (key->xek_name), XENC_ENC_ERR, "could not make RSA decryption [key %s is not RSA]", key->xek_name); | |
1323 | return 0; | |
1324 | } | |
1325 | + RSA_get0_factors(rsa, &p, &q); | |
1326 | if (!rsa || | |
1327 | - !rsa->p || | |
1328 | - !rsa->q) | |
1329 | + !p || !q) | |
1330 | { | |
1331 | if (key->xek_x509_KI) | |
1332 | key = xenc_get_key_by_keyidentifier (key->xek_x509_KI, 1); | |
1333 | --- a/libsrc/util/sslengine.c | |
1334 | +++ b/libsrc/util/sslengine.c | |
1335 | @@ -29,7 +29,11 @@ | |
1336 | int | |
1337 | ssl_engine_startup (void) | |
1338 | { | |
1339 | - CRYPTO_malloc_init (); | |
1340 | +#if OPENSSL_VERSION_NUMBER < 0x10100000 | |
1341 | + CRYPTO_malloc_init (); | |
1342 | +#else | |
1343 | + OPENSSL_malloc_init(); | |
1344 | +#endif | |
1345 | ERR_load_crypto_strings(); | |
1346 | OpenSSL_add_all_algorithms(); | |
1347 | ||
1348 | --- a/libsrc/Wi/http.c | |
1349 | +++ b/libsrc/Wi/http.c | |
1350 | @@ -8886,7 +8886,7 @@ ssl_server_set_certificate (SSL_CTX* ssl | |
1351 | log_error ("SSL: The stored certificate '%s' can not be used as extra chain certificate", tok); | |
1352 | break; | |
1353 | } | |
1354 | - CRYPTO_add(&k->xek_x509->references, 1, CRYPTO_LOCK_X509); | |
1355 | + X509_up_ref(k->xek_x509); | |
1356 | tok = strtok_r (NULL, ",", &tok_s); | |
1357 | } | |
1358 | dk_free_box (str); | |
1359 | @@ -9949,7 +9949,7 @@ bif_https_renegotiate (caddr_t *qst, cad | |
1360 | cli_ssl_get_error_string (err_buf, sizeof (err_buf)); | |
1361 | sqlr_new_error ("42000", "..002", "SSL_do_handshake failed %s", err_buf); | |
1362 | } | |
1363 | - ssl->state = SSL_ST_ACCEPT; | |
1364 | + SSL_set_accept_state(ssl); | |
1365 | while (SSL_renegotiate_pending (ssl) && ctr < 1000) | |
1366 | { | |
1367 | timeout_t to = { 0, 1000 }; | |
1368 | --- a/libsrc/Dk/Dkernel.c | |
1369 | +++ b/libsrc/Dk/Dkernel.c | |
1370 | @@ -5280,7 +5280,11 @@ ssl_server_init () | |
1371 | } | |
1372 | #endif | |
1373 | ||
1374 | - SSLeay_add_all_algorithms (); | |
1375 | +#if OPENSSL_VERSION_NUMBER < 0x10100000 | |
1376 | + SSLeay_add_all_algorithms(); | |
1377 | +#else | |
1378 | + OpenSSL_add_all_algorithms(); | |
1379 | +#endif | |
1380 | PKCS12_PBE_add (); /* stub */ | |
1381 | ||
1382 | #ifdef NO_THREAD | |
1383 | --- a/configure.ac | |
1384 | +++ b/configure.ac | |
1385 | @@ -881,17 +881,6 @@ AC_TRY_COMPILE([ | |
1386 | ]) | |
1387 | ||
1388 | AC_MSG_CHECKING([OpenSSL version]) | |
1389 | -AC_TRY_COMPILE([ | |
1390 | -#include <openssl/opensslv.h> | |
1391 | -],[ | |
1392 | -#if OPENSSL_VERSION_NUMBER >= 0x1010000fL | |
1393 | -#error OpenSSL version too new | |
1394 | -#endif | |
1395 | - ],[ | |
1396 | - AC_MSG_RESULT([< 1.1.0]) | |
1397 | - ],[ | |
1398 | - AC_MSG_ERROR([OpenSSL version 1.1.0 or greater is currently not supported.]) | |
1399 | - ]) | |
1400 | ||
1401 | AC_MSG_CHECKING([usability of the OpenSSL header files and library in ${openssl_dir}]) | |
1402 | AC_TRY_RUN([ | |
1403 | --- virtuoso-opensource-7.2.5/libsrc/Dk/Dkernel.c~ 2018-09-15 23:47:58.000000000 +0200 | |
1404 | +++ virtuoso-opensource-7.2.5/libsrc/Dk/Dkernel.c 2018-09-15 23:52:13.471232310 +0200 | |
1405 | @@ -5149,9 +5149,12 @@ ssl_ctx_set_protocol_options(SSL_CTX *ct | |
1406 | disable = 1; | |
1407 | } | |
1408 | ||
1409 | +#if defined (SSL_OP_NO_SSLv3) | |
1410 | if (!strcasecmp (name, "SSLv3")) | |
1411 | opt = SSL_PROTOCOL_SSLV3; | |
1412 | - else if (!strcasecmp (name, "TLSv1") || !strcasecmp (name, "TLSv1.0")) | |
1413 | + else | |
1414 | +#endif | |
1415 | + if (!strcasecmp (name, "TLSv1") || !strcasecmp (name, "TLSv1.0")) | |
1416 | opt = SSL_PROTOCOL_TLSV1; | |
1417 | #if defined (SSL_OP_NO_TLSv1_1) | |
1418 | else if (!strcasecmp (name, "TLSv1_1") || !strcasecmp (name, "TLSv1.1")) | |
1419 | --- virtuoso-opensource-7.2.5/libsrc/Dk/Dkernel.c~ 2018-09-15 23:52:48.000000000 +0200 | |
1420 | +++ virtuoso-opensource-7.2.5/libsrc/Dk/Dkernel.c 2018-09-15 23:58:57.068780828 +0200 | |
1421 | @@ -5087,6 +5087,7 @@ ssl_thread_setup () | |
1422 | #define SSL_PROTOCOL_TLSV1 (1<<2) | |
1423 | #define SSL_PROTOCOL_TLSV1_1 (1<<3) | |
1424 | #define SSL_PROTOCOL_TLSV1_2 (1<<4) | |
1425 | +#define SSL_PROTOCOL_TLSV1_3 (1<<5) | |
1426 | ||
1427 | #if OPENSSL_VERSION_NUMBER >= 0x1000100FL | |
1428 | #define SSL_PROTOCOL_ALL (SSL_PROTOCOL_TLSV1_1|SSL_PROTOCOL_TLSV1_2) | |
1429 | --- virtuoso-opensource-7.2.5/libsrc/Wi/xmlenc.c~ 2018-09-16 00:08:33.000000000 +0200 | |
1430 | +++ virtuoso-opensource-7.2.5/libsrc/Wi/xmlenc.c 2018-09-16 00:20:07.956376505 +0200 | |
1431 | @@ -7073,19 +7073,21 @@ bif_xenc_pkcs12_export (caddr_t * qst, c | |
1432 | if (export_chain) | |
1433 | { | |
1434 | int i; | |
1435 | - X509_STORE_CTX store_ctx; | |
1436 | - X509_STORE_CTX_init (&store_ctx, CA_certs, x, NULL); | |
1437 | - if (X509_verify_cert (&store_ctx) > 0) | |
1438 | - chain = X509_STORE_CTX_get1_chain (&store_ctx); | |
1439 | + X509_STORE_CTX *store_ctx; | |
1440 | + store_ctx = EVP_MD_CTX_create(); | |
1441 | + if (!X509_STORE_CTX_init (store_ctx, CA_certs, x, NULL)) | |
1442 | + goto err; | |
1443 | + if (X509_verify_cert (store_ctx) > 0) | |
1444 | + chain = X509_STORE_CTX_get1_chain (store_ctx); | |
1445 | else | |
1446 | { | |
1447 | const char *err_str; | |
1448 | - err_str = X509_verify_cert_error_string (store_ctx.error); | |
1449 | + err_str = X509_verify_cert_error_string (X509_STORE_CTX_get_error(store_ctx)); | |
1450 | *err_ret = srv_make_new_error ("22023", "XENCX", "X509 error: %s", err_str); | |
1451 | - X509_STORE_CTX_cleanup (&store_ctx); | |
1452 | + X509_STORE_CTX_free (store_ctx); | |
1453 | goto err; | |
1454 | } | |
1455 | - X509_STORE_CTX_cleanup (&store_ctx); | |
1456 | + X509_STORE_CTX_free (store_ctx); | |
1457 | if (chain) | |
1458 | { | |
1459 | certs = sk_X509_new_null (); |