]> git.pld-linux.org Git - packages/virtuoso.git/blame - openssl.patch
projects / packages / virtuoso.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
rebuild with openssl 3.0.0
[packages/virtuoso.git] / openssl.patch
CommitLineData
cbc7284e
AM		 1Description: Fix FTBFS with openssl 1.1
2Author: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
3Bug-Debian: https://bugs.debian.org/828594
4Forwarded: https://github.com/openlink/virtuoso-opensource/pull/583
5Last-Update: Fri, 17 Aug 2018 14:21:44 +0200 (by Andreas Tille <tille@debian.org>)
6
7---
8
9From 823092cccbd8e2ab9bfad6c3d3df791a7ffa76fc Mon Sep 17 00:00:00 2001
10From: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
11Date: Mon, 5 Sep 2016 10:49:54 +0000
12Subject: [PATCH] virtuoso-opensource: build against openssl 1.1.0
13
14Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
15---
16 libsrc/Dk/Dkernel.c | 6 +-
17 libsrc/Wi/bif_crypto.c | 120 ++++++++++--------
18 libsrc/Wi/http.c | 2 +-
19 libsrc/Wi/xmlenc.c | 319 +++++++++++++++++++++++++++--------------------
20 libsrc/Wi/xmlenc.h | 193 ++++++++++++++++++++++++++--
21 libsrc/Wi/xmlenc_algos.c | 132 +++++++++++---------
22 libsrc/util/sslengine.c | 6 +-
23 7 files changed, 524 insertions(+), 254 deletions(-)
24
25--- a/libsrc/Wi/bif_crypto.c
26+++ b/libsrc/Wi/bif_crypto.c
27@@ -181,21 +181,26 @@ box_hmac (caddr_t box, caddr_t key, int
28 unsigned char temp[EVP_MAX_MD_SIZE];
29 unsigned int size = 0;
30 caddr_t res = NULL;
31- HMAC_CTX ctx;
32+ HMAC_CTX *ctx;
33 const EVP_MD *md = EVP_sha1 ();
34
35 if (alg == 1)
36 md = EVP_ripemd160 ();
37
38- HMAC_Init (&ctx, key, box_length (key) - DV_STRINGP (key) ? 1 : 0, md);
39- box_hmac_1 (box, &ctx);
40- HMAC_Final (&ctx, temp, &size);
41+ ctx = HMAC_CTX_new();
42+ if (!ctx)
43+ return res;
44+
45+ HMAC_Init_ex (ctx, key, box_length (key) - DV_STRINGP (key) ? 1 : 0, md, NULL);
46+ box_hmac_1 (box, ctx);
47+ HMAC_Final (ctx, temp, &size);
48 if (size)
49 {
50 res = dk_alloc_box (size + 1, DV_SHORT_STRING);
51 memcpy (res, temp, size);
52 res[size] = 0;
53 }
54+ HMAC_CTX_free(ctx);
55 return res;
56 }
57
58@@ -347,14 +352,12 @@ asn1_parse_to_xml (BIO * bp, unsigned ch
59 {
60 int ii;
61
62- opp = op;
63- ii = d2i_ASN1_BOOLEAN (NULL, (const unsigned char **)&opp, len + hl);
64- if (ii < 0)
65+ if (len + hl < 1)
66 {
67 if (BIO_write (bp, "Bad boolean\n", 12))
68 goto end;
69 }
70- BIO_printf (bp, "%d", ii);
71+ BIO_printf (bp, "%d", p[0]);
72 }
73 else if (tag == V_ASN1_BMPSTRING)
74 {
75@@ -415,7 +418,7 @@ asn1_parse_to_xml (BIO * bp, unsigned ch
76 }
77 if (os != NULL)
78 {
79- M_ASN1_OCTET_STRING_free (os);
80+ ASN1_STRING_free (os);
81 os = NULL;
82 }
83 }
84@@ -448,7 +451,7 @@ asn1_parse_to_xml (BIO * bp, unsigned ch
85 if (BIO_write (bp, "BAD INTEGER", 11) <= 0)
86 goto end;
87 }
88- M_ASN1_INTEGER_free (bs);
89+ ASN1_STRING_free (bs);
90 }
91 else if (tag == V_ASN1_ENUMERATED)
92 {
93@@ -479,7 +482,7 @@ asn1_parse_to_xml (BIO * bp, unsigned ch
94 if (BIO_write (bp, "BAD ENUMERATED", 11) <= 0)
95 goto end;
96 }
97- M_ASN1_ENUMERATED_free (bs);
98+ ASN1_STRING_free (bs);
99 }
100 else if (len > 0 && dump)
101 {
102@@ -515,7 +518,7 @@ end:
103 if (o != NULL)
104 ASN1_OBJECT_free (o);
105 if (os != NULL)
106- M_ASN1_OCTET_STRING_free (os);
107+ ASN1_STRING_free (os);
108 *pp = p;
109 return (ret);
110 }
111@@ -723,7 +726,7 @@ bio_to_strses (BIO * out_bio)
112 int len = BIO_get_mem_data (out_bio, &ptr);
113 int to_read = len, readed = 0;
114
115- to_free = ((BUF_MEM *) out_bio->ptr)->data;
116+ to_free = ((BUF_MEM *) BIO_get_data(out_bio))->data;
117 BIO_set_flags (out_bio, BIO_FLAGS_MEM_RDONLY);
118 CATCH_WRITE_FAIL (ses)
119 {
120@@ -735,7 +738,7 @@ bio_to_strses (BIO * out_bio)
121 } while (to_read > 0);
122 }
123 END_WRITE_FAIL (ses);
124- ((BUF_MEM *) out_bio->ptr)->data = to_free;
125+ ((BUF_MEM *) BIO_get_data(out_bio))->data = to_free;
126 BIO_clear_flags (out_bio, BIO_FLAGS_MEM_RDONLY);
127 return ses;
128 }
129@@ -770,7 +773,7 @@ bif_smime_verify (caddr_t * qst, caddr_t
130 if (DV_TYPE_OF (msg) == DV_STRING_SESSION)
131 {
132 in_bio = strses_to_bio ((dk_session_t *) msg);
133- to_free = ((BUF_MEM *) in_bio->ptr)->data;
134+ to_free = ((BUF_MEM *) BIO_get_data(in_bio))->data;
135 BIO_set_flags (in_bio, BIO_FLAGS_MEM_RDONLY);
136 }
137 else
138@@ -780,7 +783,7 @@ bif_smime_verify (caddr_t * qst, caddr_t
139 p7 = SMIME_read_PKCS7 (in_bio, &data_bio);
140 if (to_free)
141 {
142- ((BUF_MEM *) in_bio->ptr)->data = to_free;
143+ ((BUF_MEM *) BIO_get_data(in_bio))->data = to_free;
144 BIO_clear_flags (in_bio, BIO_FLAGS_MEM_RDONLY);
145 }
146 BIO_free (in_bio);
147@@ -924,16 +927,20 @@ bif_smime_sign (caddr_t * qst, caddr_t *
148 }
149
150 certs = sk_X509_new_null ();
151- if (store && store->objs)
152+
153+ if (store && X509_STORE_get0_objects(store))
154 {
155- for (inx = 0; inx < sk_X509_OBJECT_num (store->objs); inx++)
156+ STACK_OF(X509_OBJECT) *store_objs = X509_STORE_get0_objects(store);
157+
158+ for (inx = 0; inx < sk_X509_OBJECT_num (store_objs); inx++)
159 {
160- X509_OBJECT *obj = sk_X509_OBJECT_value (store->objs, inx);
161- if (obj->type == X509_LU_X509)
162- sk_X509_push (certs, X509_dup (obj->data.x509));
163+ X509_OBJECT *obj = sk_X509_OBJECT_value (store_objs, inx);
164+ if (X509_OBJECT_get_type(obj) == X509_LU_X509)
165+ sk_X509_push (certs, X509_dup (X509_OBJECT_get0_X509(obj)));
166 }
167
168 }
169+
170 if (store)
171 X509_STORE_free (store);
172 in_bio = BIO_new_mem_buf (msg, box_length (msg) - 1);
173@@ -1005,15 +1012,19 @@ bif_smime_encrypt (caddr_t * qst, caddr_
174 sqlr_new_error ("42000", "CR006", "No recipient certificates");
175
176 certs = sk_X509_new_null ();
177- if (store && store->objs)
178+
179+ if (store && X509_STORE_get0_objects(store))
180 {
181- for (inx = 0; inx < sk_X509_OBJECT_num (store->objs); inx++)
182+ STACK_OF(X509_OBJECT) *store_objs = X509_STORE_get0_objects(store);
183+
184+ for (inx = 0; inx < sk_X509_OBJECT_num (store_objs); inx++)
185 {
186- X509_OBJECT *obj = sk_X509_OBJECT_value (store->objs, inx);
187- if (obj->type == X509_LU_X509)
188- sk_X509_push (certs, X509_dup (obj->data.x509));
189+ X509_OBJECT *obj = sk_X509_OBJECT_value (store_objs, inx);
190+ if (X509_OBJECT_get_type(obj) == X509_LU_X509)
191+ sk_X509_push (certs, X509_dup (X509_OBJECT_get0_X509(obj)));
192 }
193 }
194+
195 if (store)
196 X509_STORE_free (store);
197 in_bio = BIO_new_mem_buf (msg, box_length (msg) - 1);
198@@ -1181,7 +1192,7 @@ x509_certificate_verify_cb (int ok, X509
199 char *opts = (char *) X509_STORE_CTX_get_app_data (ctx);
200 if (!ok && opts)
201 {
202- switch (ctx->error)
203+ switch (X509_STORE_CTX_get_error(ctx))
204 {
205 case X509_V_ERR_CERT_HAS_EXPIRED:
206 if (strstr (opts, "expired"))
207@@ -1287,7 +1298,7 @@ bif_x509_certificate_verify (caddr_t * q
208 if (!i)
209 {
210 const char *err_str;
211- err_str = X509_verify_cert_error_string (csc->error);
212+ err_str = X509_verify_cert_error_string (X509_STORE_CTX_get_error(csc));
213 *err_ret = srv_make_new_error ("22023", "CR015", "X509 error: %s", err_str);
214 }
215
216@@ -1308,20 +1319,16 @@ err_ret:
217 #define VIRT_CERT_EXT "2.16.840.1.1113.1"
218
219 static caddr_t
220-BN_box (BIGNUM * x)
221+BN_box (const BIGNUM *x)
222 {
223 size_t buf_len, n;
224 caddr_t buf;
225 buf_len = (size_t) BN_num_bytes (x);
226- if (buf_len <= BN_BYTES)
227- buf = box_num ((unsigned long) x->d[0]);
228- else
229- {
230- buf = dk_alloc_box (buf_len, DV_BIN);
231- n = BN_bn2bin (x, (unsigned char *) buf);
232- if (n != buf_len)
233- GPF_T;
234- }
235+ /* did not figure out where buf is free()ed */
236+ buf = dk_alloc_box (buf_len, DV_BIN);
237+ n = BN_bn2bin (x, (unsigned char *) buf);
238+ if (n != buf_len)
239+ GPF_T;
240 return buf;
241 }
242
243@@ -1498,7 +1505,7 @@ bif_get_certificate_info (caddr_t * qst,
244 int i;
245 char tmp[1024];
246 char *ext_oid = (char *) (BOX_ELEMENTS (args) > 4 ? bif_string_arg (qst, args, 4, "get_certificate_info") : VIRT_CERT_EXT);
247- STACK_OF (X509_EXTENSION) * exts = cert->cert_info->extensions;
248+ const STACK_OF (X509_EXTENSION) * exts = X509_get0_extensions(cert);
249 for (i = 0; i < sk_X509_EXTENSION_num (exts); i++)
250 {
251 X509_EXTENSION *ex = sk_X509_EXTENSION_value (exts, i);
252@@ -1510,7 +1517,7 @@ bif_get_certificate_info (caddr_t * qst,
253 char *data_ptr;
254 BIO *mem = BIO_new (BIO_s_mem ());
255 if (!X509V3_EXT_print (mem, ex, 0, 0))
256- M_ASN1_OCTET_STRING_print (mem, ex->value);
257+ ASN1_STRING_print (mem, X509_EXTENSION_get_data(ex));
258 len = BIO_get_mem_data (mem, &data_ptr);
259 if (len > 0 && data_ptr)
260 {
261@@ -1537,18 +1544,23 @@ bif_get_certificate_info (caddr_t * qst,
262 if (k)
263 {
264 #ifdef EVP_PKEY_RSA
265- if (k->type == EVP_PKEY_RSA)
266+ if (EVP_PKEY_id(k) == EVP_PKEY_RSA)
267 {
268- RSA *x = k->pkey.rsa;
269- ret = list (3, box_dv_short_string ("RSAPublicKey"), BN_box (x->e), BN_box (x->n));
270+ const BIGNUM *n, *e;
271+
272+ RSA_get0_key(EVP_PKEY_get0_RSA(k), &n, &e, NULL);
273+
274+ ret = list (3, box_dv_short_string ("RSAPublicKey"), BN_box (e), BN_box (n));
275 }
276 else
277 #endif
278 #ifdef EVP_PKEY_DSA
279- if (k->type == EVP_PKEY_DSA)
280+ if (EVP_PKEY_id(k) == EVP_PKEY_DSA)
281 {
282- DSA *x = k->pkey.dsa;
283- ret = list (2, box_dv_short_string ("DSAPublicKey"), BN_box (x->pub_key));
284+ const BIGNUM *pub_key;
285+
286+ DSA_get0_key(EVP_PKEY_get0_DSA(k), &pub_key, NULL);
287+ ret = list (2, box_dv_short_string ("DSAPublicKey"), BN_box (pub_key));
288 }
289 else
290 #endif
291@@ -1567,13 +1579,13 @@ bif_get_certificate_info (caddr_t * qst,
292 int n, i, len;
293 char *s, *data_ptr;
294 BIO *mem = BIO_new (BIO_s_mem ());
295- for (i = 0; NULL != subj && i < sk_X509_NAME_ENTRY_num(subj->entries); i++)
296+ for (i = 0; NULL != subj && i < X509_NAME_entry_count(subj); i++)
297 {
298- ne = sk_X509_NAME_ENTRY_value(subj->entries,i);
299- n = OBJ_obj2nid (ne->object);
300+ ne = X509_NAME_get_entry(subj, i);
301+ n = OBJ_obj2nid (X509_NAME_ENTRY_get_object(ne));
302 if ((n == NID_undef) || ((s = (char *) OBJ_nid2sn (n)) == NULL))
303 {
304- i2t_ASN1_OBJECT (buffer, sizeof (buffer), ne->object);
305+ i2t_ASN1_OBJECT (buffer, sizeof (buffer), X509_NAME_ENTRY_get_object(ne));
306 s = buffer;
307 }
308 if (!strcmp (s, attr))
309@@ -1582,9 +1594,10 @@ bif_get_certificate_info (caddr_t * qst,
310 break;
311 }
312 }
313+
314 if (ne_ret)
315 {
316- ASN1_STRING_print (mem, ne_ret->value);
317+ ASN1_STRING_print (mem, X509_NAME_ENTRY_get_data(ne_ret));
318 len = BIO_get_mem_data (mem, &data_ptr);
319 if (len > 0 && data_ptr)
320 {
321@@ -1605,17 +1618,17 @@ bif_get_certificate_info (caddr_t * qst,
322 dk_set_t set = NULL;
323 caddr_t val;
324 BIO *mem = BIO_new (BIO_s_mem ());
325- for (i = 0; NULL != subj && i < sk_X509_NAME_ENTRY_num(subj->entries); i++)
326+ for (i = 0; NULL != subj && i < X509_NAME_entry_count(subj); i++)
327 {
328 val = NULL;
329- ne = sk_X509_NAME_ENTRY_value(subj->entries,i);
330- n = OBJ_obj2nid (ne->object);
331+ ne = X509_NAME_get_entry(subj, i);
332+ n = OBJ_obj2nid (X509_NAME_ENTRY_get_object(ne));
333 if ((n == NID_undef) || ((s = (char *) OBJ_nid2sn (n)) == NULL))
334 {
335- i2t_ASN1_OBJECT (buffer, sizeof (buffer), ne->object);
336+ i2t_ASN1_OBJECT (buffer, sizeof (buffer), X509_NAME_ENTRY_get_object(ne));
337 s = buffer;
338 }
339- ASN1_STRING_print (mem, ne->value);
340+ ASN1_STRING_print (mem, X509_NAME_ENTRY_get_data(ne));
341 len = BIO_get_mem_data (mem, &data_ptr);
342 if (len > 0 && data_ptr)
343 {
344@@ -1629,18 +1642,22 @@ bif_get_certificate_info (caddr_t * qst,
345 }
346 BIO_free (mem);
347 ret = list_to_array (dk_set_nreverse (set));
348+
349 break;
350 }
351 case 12:
352 {
353 const unsigned char *s;
354 int i, n;
355- const ASN1_STRING *sig = cert->signature;
356- X509_ALGOR *sigalg = cert->sig_alg;
357+ const ASN1_STRING *sig;
358+ const X509_ALGOR *sigalg;
359+ const ASN1_OBJECT *sig_alg_algorithm;
360 char buf[80];
361 caddr_t val;
362
363- i2t_ASN1_OBJECT(buf,sizeof (buf), sigalg->algorithm);
364+ X509_get0_signature(&sig, &sigalg, cert);
365+ X509_ALGOR_get0(&sig_alg_algorithm, NULL, NULL, sigalg);
366+ i2t_ASN1_OBJECT(buf,sizeof (buf), sig_alg_algorithm);
367
368 n = sig->length;
369 s = sig->data;
370@@ -1660,11 +1677,11 @@ bif_get_certificate_info (caddr_t * qst,
371 if (k)
372 {
373 #ifdef EVP_PKEY_RSA
374- if (k->type == EVP_PKEY_RSA)
375+ if (EVP_PKEY_id(k) == EVP_PKEY_RSA)
376 {
377 char *data_ptr;
378 int len;
379- RSA *x = k->pkey.rsa;
380+ RSA *x = EVP_PKEY_get0_RSA(k);
381 b = BIO_new (BIO_s_mem());
382 i2d_RSA_PUBKEY_bio (b, x);
383 len = BIO_get_mem_data (b, &data_ptr);
384--- a/libsrc/Wi/xmlenc.c
385+++ b/libsrc/Wi/xmlenc.c
386@@ -1215,36 +1215,45 @@ void xenc_key_remove (xenc_key_t * key,
387 }
388
389
390-static void
391-genrsa_cb(int p, int n, void *arg)
392-{
393-#ifdef LINT
394- p=n;
395-#endif
396-}
397-
398 int
399 __xenc_key_rsa_init (char *name)
400 {
401 RSA *rsa = NULL;
402- int num=1024;
403- unsigned long f4=RSA_F4;
404+ BIGNUM *bn = NULL;
405 int r;
406+
407 xenc_key_t * pkey = xenc_get_key_by_name (name, 1);
408 if (NULL == pkey)
409 SQLR_NEW_KEY_ERROR (name);
410
411- rsa=RSA_generate_key(num,f4,genrsa_cb,NULL);
412+ rsa = RSA_new();
413+ if (!rsa)
414+ goto out;
415+ bn = BN_new();
416+ if (!bn)
417+ goto out;
418+ if (!BN_set_word(bn, RSA_F4))
419+ goto out;
420+
421+ if (!RSA_generate_key_ex(rsa, 1024, bn, NULL))
422+ goto out;
423+
424 r = RSA_check_key(rsa);
425+ if (r != 1)
426+ goto out;
427 pkey->ki.rsa.pad = RSA_PKCS1_PADDING;
428- if (rsa == NULL)
429- {
430- sqlr_new_error ("42000", "XENC06",
431- "RSA parameters generation error");
432- }
433 pkey->xek_rsa = rsa;
434 pkey->xek_private_rsa = rsa;
435+ BN_free(bn);
436 return 0;
437+out:
438+ if (bn)
439+ BN_free(bn);
440+ if (rsa)
441+ RSA_free(rsa);
442+ sqlr_new_error ("42000", "XENC06",
443+ "RSA parameters generation error");
444+ return -1;
445 }
446
447
448@@ -1455,19 +1464,19 @@ xenc_key_t * xenc_key_create_from_x509_c
449
450 if (pkey)
451 {
452- switch (EVP_PKEY_type (pkey->type))
453+ switch (EVP_PKEY_type (EVP_PKEY_id(pkey)))
454 {
455 case EVP_PKEY_DSA:
456 sign_algoname = DSIG_DSA_SHA1_ALGO;
457 enc_algoname = XENC_DSA_ALGO;
458- dsa = pkey->pkey.dsa;
459- private_dsa = private_key ? private_key->pkey.dsa : 0;
460+ dsa = EVP_PKEY_get0_DSA(pkey);
461+ private_dsa = private_key ? EVP_PKEY_get0_DSA(private_key) : 0;
462 break;
463 case EVP_PKEY_RSA:
464 sign_algoname = DSIG_RSA_SHA1_ALGO;
465 enc_algoname = XENC_RSA_ALGO;
466- rsa = pkey->pkey.rsa;
467- private_rsa = private_key ? private_key->pkey.rsa : 0;
468+ rsa = EVP_PKEY_get0_RSA(pkey);
469+ private_rsa = private_key ? EVP_PKEY_get0_RSA(private_key) : 0;
470 break;
471 default:
472 goto finish;
473@@ -1516,13 +1525,6 @@ xenc_key_t * xenc_key_create_from_x509_c
474 return k;
475 }
476
477-static void dh_cb(int p, int n, void *arg)
478-{
479-#ifdef LINT
480- p=n;
481-#endif
482-}
483-
484 static /*xenc_key_DSA_create */
485 caddr_t bif_xenc_key_dsa_create (caddr_t * qst, caddr_t * err_r, state_slot_t ** args)
486 {
487@@ -1588,15 +1590,21 @@ caddr_t bif_xenc_key_DH_create (caddr_t
488 dh = DH_new ();
489 bn_p = BN_bin2bn ((unsigned char *)mod, p_len, NULL);
490 bn_g = BN_bin2bn (g_bin, 1, NULL);
491- dh->p = bn_p;
492- dh->g = bn_g;
493+ if (dh)
494+ DH_set0_pqg(dh, bn_p, NULL, bn_g);
495
496 dk_free_box (mod_b64);
497 dk_free_box (mod);
498 }
499 else
500 {
501- dh = DH_generate_parameters (num, g, dh_cb, NULL);
502+ dh = DH_new();
503+ if (dh) {
504+ if (!DH_generate_parameters_ex(dh, num, g, NULL)) {
505+ DH_free(dh);
506+ dh = NULL;
507+ }
508+ }
509 }
510 if (!dh)
511 {
512@@ -1626,7 +1634,7 @@ caddr_t bif_xenc_DH_get_params (caddr_t
513 int n, len;
514 caddr_t buf = NULL, ret, b64;
515 DH *dh;
516- BIGNUM *num;
517+ const BIGNUM *num;
518
519 mutex_enter (xenc_keys_mtx);
520 key = xenc_get_key_by_name (name, 0);
521@@ -1641,19 +1649,19 @@ caddr_t bif_xenc_DH_get_params (caddr_t
522 switch (param)
523 {
524 case 1:
525- num = dh->p;
526+ DH_get0_pqg(dh, &num, NULL, NULL);
527 break;
528 case 2:
529- num = dh->g;
530+ DH_get0_pqg(dh, NULL, NULL, &num);
531 break;
532 case 3:
533- num = dh->pub_key;
534+ DH_get0_key(dh, &num, NULL);
535 break;
536 case 4:
537- num = dh->priv_key;
538+ DH_get0_key(dh, NULL, &num);
539 break;
540 default:
541- num = dh->pub_key;
542+ DH_get0_key(dh, &num, NULL);
543 }
544
545 buf_len = (size_t)BN_num_bytes(num);
546@@ -1811,7 +1819,15 @@ caddr_t bif_xenc_key_rsa_create (caddr_t
547 xenc_key_t * k;
548 caddr_t name = bif_string_arg (qst, args, 0, "xenc_key_RSA_create");
549 int num = (int) bif_long_arg (qst, args, 1, "xenc_key_RSA_create");
550- RSA *rsa = NULL;
551+ RSA *rsa;
552+ BIGNUM *bn;
553+
554+ rsa = RSA_new();
555+ bn = BN_new();
556+ if (!rsa || !bn)
557+ goto out;
558+ if (!BN_set_word(bn, RSA_F4))
559+ goto out;
560
561 mutex_enter (xenc_keys_mtx);
562 if (NULL == (k = xenc_key_create (name, XENC_RSA_ALGO , DSIG_RSA_SHA1_ALGO, 0)))
563@@ -1820,12 +1836,11 @@ caddr_t bif_xenc_key_rsa_create (caddr_t
564 SQLR_NEW_KEY_EXIST_ERROR (name);
565 }
566
567- rsa = RSA_generate_key (num, RSA_F4, NULL, NULL);
568-
569- if (rsa == NULL)
570- {
571- sqlr_new_error ("42000", "XENC06", "RSA generation error");
572- }
573+ if (!RSA_generate_key_ex (rsa, num, bn, NULL)) {
574+ mutex_leave (xenc_keys_mtx);
575+ goto out;
576+ }
577+ BN_free(bn);
578
579 k->xek_rsa = RSAPublicKey_dup (rsa);
580 k->xek_private_rsa = rsa;
581@@ -1839,6 +1854,13 @@ caddr_t bif_xenc_key_rsa_create (caddr_t
582
583 mutex_leave (xenc_keys_mtx);
584 return NULL;
585+out:
586+ if (bn)
587+ BN_free(bn);
588+ if (rsa)
589+ RSA_free(rsa);
590+ sqlr_new_error ("42000", "XENC06", "RSA generation error");
591+ return NULL;
592 }
593
594 xenc_key_t *
595@@ -2034,7 +2056,13 @@ int __xenc_key_dsa_init (char *name, int
596 SQLR_NEW_KEY_ERROR (name);
597
598 RAND_poll ();
599- dsa = DSA_generate_parameters(num, NULL, 0, NULL, NULL, dh_cb, NULL);
600+ dsa = DSA_new();
601+ if (dsa) {
602+ if (!DSA_generate_parameters_ex(dsa, num, NULL, 0, NULL, NULL, NULL)) {
603+ DSA_free(dsa);
604+ dsa = NULL;
605+ }
606+ }
607 if (dsa == NULL)
608 {
609 sqlr_new_error ("42000", "XENC11",
610@@ -2058,7 +2086,13 @@ int __xenc_key_dh_init (char *name, int
611 if (NULL == pkey)
612 SQLR_NEW_KEY_ERROR (name);
613
614- dh = DH_generate_parameters (num, g, dh_cb, NULL);
615+ dh = DH_new();
616+ if (dh) {
617+ if (!DH_generate_parameters_ex(dh, num, g, NULL)) {
618+ DH_free(dh);
619+ dh = NULL;
620+ }
621+ }
622 if (!dh)
623 {
624 sqlr_new_error ("42000", "XENC11",
625@@ -2280,12 +2314,12 @@ bif_xenc_key_rsa_read (caddr_t * qst, ca
626 {
627 in = BIO_new_mem_buf (key_base64, len);
628 pkey = d2i_PUBKEY_bio (in, NULL);
629- if (pkey && pkey->type == EVP_PKEY_RSA)
630- p = pkey->pkey.rsa;
631+ if (pkey && EVP_PKEY_id(pkey) == EVP_PKEY_RSA)
632+ p = EVP_PKEY_get0_RSA(pkey);
633 BIO_reset (in);
634 pkkey = d2i_PrivateKey_bio (in, NULL);
635- if (pkkey && pkkey->type == EVP_PKEY_RSA)
636- r = pkkey->pkey.rsa;
637+ if (pkkey && EVP_PKEY_id(pkkey) == EVP_PKEY_RSA)
638+ r = EVP_PKEY_get0_RSA(pkkey);
639 BIO_free (in);
640 }
641 else
642@@ -2304,9 +2338,11 @@ bif_xenc_key_rsa_read (caddr_t * qst, ca
643
644 if (!p)
645 {
646+ const BIGNUM *n, *e;
647+
648+ RSA_get0_key(r, &n, &e, NULL);
649 p = RSA_new ();
650- p->n = BN_dup (r->n);
651- p->e = BN_dup (r->e);
652+ RSA_set0_key(p, BN_dup(n), BN_dup(e), NULL);
653 }
654
655 mutex_enter (xenc_keys_mtx);
656@@ -2355,14 +2391,13 @@ bif_xenc_key_rsa_construct (caddr_t * qs
657 p = RSA_new ();
658 n = BN_bin2bn ((unsigned char *) mod, box_length (mod) - 1, NULL);
659 e = BN_bin2bn ((unsigned char *) exp, box_length (exp) - 1, NULL);
660- p->n = n;
661- p->e = e;
662+ RSA_set0_key(p, n, e, NULL);
663 if (pexp)
664 {
665 pk = RSA_new ();
666- pk->d = BN_bin2bn ((unsigned char *) pexp, box_length (pexp) - 1, NULL);
667- pk->n = BN_dup (n);
668- pk->e = BN_dup (e);
669+ RSA_set0_key(p, BN_dup(n),
670+ BN_dup(e),
671+ BN_bin2bn ((unsigned char *) pexp, box_length (pexp) - 1, NULL));
672 }
673 mutex_enter (xenc_keys_mtx);
674 k = xenc_key_create (name, XENC_RSA_ALGO, DSIG_RSA_SHA1_ALGO, 0);
675@@ -4086,7 +4121,7 @@ void xenc_tag_free (xenc_tag_t * t)
676 #endif
677 }
678
679-xenc_tag_t * xenc_tag_add_child_BN (xenc_tag_t * tag, BIGNUM * bn)
680+static xenc_tag_t * xenc_tag_add_child_BN (xenc_tag_t * tag, const BIGNUM * bn)
681 {
682 char * buffer = dk_alloc_box (BN_num_bytes (bn), DV_BIN);
683 char * buffer_base64 = dk_alloc_box (box_length (buffer) * 2, DV_STRING);
684@@ -4111,12 +4146,15 @@ caddr_t ** xenc_generate_ext_info (xenc_
685 caddr_t ** array;
686 if (key->xek_type == DSIG_KEY_RSA)
687 {
688+ const BIGNUM *rsa_n, *rsa_e;
689+
690+ RSA_get0_key(key->ki.rsa.rsa_st, &rsa_n, &rsa_e, NULL);
691 xenc_tag_t * rsakeyval = xenc_tag_create (DSIG_URI, ":RSAKeyValue");
692 xenc_tag_t * rsamodulus = xenc_tag_create (DSIG_URI, ":Modulus");
693 xenc_tag_t * rsaexponent = xenc_tag_create (DSIG_URI, ":Exponent");
694
695- xenc_tag_add_child_BN (rsamodulus, key->ki.rsa.rsa_st->n);
696- xenc_tag_add_child_BN (rsaexponent, key->ki.rsa.rsa_st->e);
697+ xenc_tag_add_child_BN (rsamodulus, rsa_n);
698+ xenc_tag_add_child_BN (rsaexponent, rsa_e);
699
700 xenc_tag_add_child (rsakeyval, xenc_tag_finalize (rsamodulus));
701 xenc_tag_add_child (rsakeyval, xenc_tag_finalize (rsaexponent));
702@@ -4135,12 +4173,15 @@ caddr_t ** xenc_generate_ext_info (xenc_
703 xenc_tag_t * g = xenc_tag_create (DSIG_URI, ":G");
704 xenc_tag_t * y = xenc_tag_create (DSIG_URI, ":Y");
705 DSA * dsa = key->ki.dsa.dsa_st;
706+ const BIGNUM *dsa_p, *dsa_q, *dsa_g, *dsa_pub_key;
707
708+ DSA_get0_pqg(dsa, &dsa_p, &dsa_q, &dsa_g);
709+ DSA_get0_key(dsa, &dsa_pub_key, NULL);
710
711- xenc_tag_add_child_BN (p, dsa->p);
712- xenc_tag_add_child_BN (p, dsa->q);
713- xenc_tag_add_child_BN (p, dsa->g);
714- xenc_tag_add_child_BN (p, dsa->pub_key);
715+ xenc_tag_add_child_BN (p, dsa_p);
716+ xenc_tag_add_child_BN (p, dsa_q);
717+ xenc_tag_add_child_BN (p, dsa_g);
718+ xenc_tag_add_child_BN (p, dsa_pub_key);
719
720 xenc_tag_add_child (dsakeyval, xenc_tag_finalize (p));
721 xenc_tag_add_child (dsakeyval, xenc_tag_finalize (q));
722@@ -6187,7 +6228,7 @@ caddr_t xenc_x509_get_key_identifier (X5
723
724 ret = dk_alloc_box (ikeyid->length, DV_BIN);
725 memcpy (ret, ikeyid->data, ikeyid->length);
726- M_ASN1_OCTET_STRING_free(ikeyid);
727+ ASN1_STRING_free(ikeyid);
728 return ret;
729 }
730
731@@ -6247,7 +6288,7 @@ bif_x509_get_subject (caddr_t * qst, cad
732
733 ret = dk_alloc_box (ikeyid->length, DV_BIN);
734 memcpy (ret, ikeyid->data, ikeyid->length);
735- M_ASN1_OCTET_STRING_free(ikeyid);
736+ ASN1_STRING_free(ikeyid);
737 return ret;
738 }
739
740@@ -6806,7 +6847,7 @@ bif_xenc_x509_csr_generate (caddr_t * qs
741 sk_X509_EXTENSION_push(st_exts, ex);
742 }
743 X509_REQ_add_extensions(x, st_exts);
744- if (!X509_REQ_sign (x, pk, (pk->type == EVP_PKEY_RSA ? EVP_md5() : EVP_dss1())))
745+ if (!X509_REQ_sign (x, pk, (EVP_PKEY_id(pk) == EVP_PKEY_RSA ? EVP_md5() : EVP_sha1())))
746 {
747 pk = NULL; /* keep one in the xenc_key */
748 *err_ret = srv_make_new_error ("42000", "XECXX", "Can not sign certificate : %s", get_ssl_error_text (buf, sizeof (buf)));
749@@ -6945,17 +6986,17 @@ bif_xenc_x509_from_csr (caddr_t * qst, c
750 *err_ret = srv_make_new_error ("42000", "XECXX", "Can not sign certificate");
751 goto err;
752 }
753- switch (EVP_PKEY_type (cli_pk->type))
754+ switch (EVP_PKEY_type (EVP_PKEY_id(cli_pk)))
755 {
756 case EVP_PKEY_DSA:
757 sign_algoname = DSIG_DSA_SHA1_ALGO;
758 enc_algoname = XENC_DSA_ALGO;
759- dsa = cli_pk->pkey.dsa;
760+ dsa = EVP_PKEY_get0_DSA(cli_pk);
761 break;
762 case EVP_PKEY_RSA:
763 sign_algoname = DSIG_RSA_SHA1_ALGO;
764 enc_algoname = XENC_RSA_ALGO;
765- rsa = cli_pk->pkey.rsa;
766+ rsa = EVP_PKEY_get0_RSA(cli_pk);
767 break;
768 default:
769 *err_ret = srv_make_new_error ("42000", "XECXX", "The type of public key is not supported mus tbe RSA or DSA");
770@@ -7152,16 +7193,16 @@ bif_xenc_pubkey_pem_export (caddr_t * qs
771 {
772 k = X509_get_pubkey (key->xek_x509);
773 #ifdef EVP_PKEY_RSA
774- if (k->type == EVP_PKEY_RSA)
775+ if (EVP_PKEY_id(k) == EVP_PKEY_RSA)
776 {
777- RSA * x = k->pkey.rsa;
778+ RSA *x = EVP_PKEY_get0_RSA(k);
779 PEM_write_bio_RSA_PUBKEY (b, x);
780 }
781 #endif
782 #ifdef EVP_PKEY_DSA
783- if (k->type == EVP_PKEY_DSA)
784+ if (EVP_PKEY_id(k) == EVP_PKEY_DSA)
785 {
786- DSA * x = k->pkey.dsa;
787+ DSA * x = EVP_PKEY_get0_DSA(k);
788 PEM_write_bio_DSA_PUBKEY (b, x);
789 }
790 #endif
791@@ -7208,16 +7249,16 @@ bif_xenc_pubkey_der_export (caddr_t * qs
792 {
793 k = X509_get_pubkey (key->xek_x509);
794 #ifdef EVP_PKEY_RSA
795- if (k->type == EVP_PKEY_RSA)
796+ if (EVP_PKEY_id(k) == EVP_PKEY_RSA)
797 {
798- RSA * x = k->pkey.rsa;
799+ RSA * x = EVP_PKEY_get0_RSA(k);
800 i2d_RSA_PUBKEY_bio (b, x);
801 }
802 #endif
803 #ifdef EVP_PKEY_DSA
804- if (k->type == EVP_PKEY_DSA)
805+ if (EVP_PKEY_id(k) == EVP_PKEY_DSA)
806 {
807- DSA * x = k->pkey.dsa;
808+ DSA * x = EVP_PKEY_get0_DSA(k);
809 i2d_DSA_PUBKEY_bio (b, x);
810 }
811 #endif
812@@ -7245,7 +7286,7 @@ err:
813 }
814
815 static caddr_t
816-BN2binbox (BIGNUM * x)
817+BN2binbox (const BIGNUM * x)
818 {
819 size_t buf_len, n;
820 caddr_t buf;
821@@ -7280,8 +7321,14 @@ static caddr_t
822 xenc_rsa_pub_magic (RSA * x)
823 {
824 caddr_t ret;
825- caddr_t n = BN2binbox (x->n); /* modulus */
826- caddr_t e = BN2binbox (x->e); /* public exponent */
827+ caddr_t n;
828+ caddr_t e;
829+ const BIGNUM *rsa_n, *rsa_e;
830+
831+ RSA_get0_key(x, &rsa_n, &rsa_e, NULL);
832+ n = BN2binbox (rsa_n); /* modulus */
833+ e = BN2binbox (rsa_e); /* public exponent */
834+
835 n = xenc_encode_base64_binbox (n, 1);
836 e = xenc_encode_base64_binbox (e, 1);
837 ret = dk_alloc_box (box_length (n) + box_length (e) + 4 /* two dots - one trailing zero + RSA prefix */, DV_STRING);
838@@ -7306,9 +7353,9 @@ bif_xenc_pubkey_magic_export (caddr_t *
839 {
840 k = X509_get_pubkey (key->xek_x509);
841 #ifdef EVP_PKEY_RSA
842- if (k->type == EVP_PKEY_RSA)
843+ if (EVP_PKEY_id(k) == EVP_PKEY_RSA)
844 {
845- RSA * x = k->pkey.rsa;
846+ RSA * x = EVP_PKEY_get0_RSA(k);
847 ret = xenc_rsa_pub_magic (x);
848 }
849 #endif
850@@ -7349,10 +7396,16 @@ static caddr_t
851 xenc_rsa_pub_ssh_export (RSA * x)
852 {
853 static char * ssh_header = "\x00\x00\x00\x07ssh-rsa";
854+ const BIGNUM *rsa_n, *rsa_e;
855 caddr_t ret;
856 int len, pos;
857- caddr_t n = BN2binbox (x->n); /* modulus */
858- caddr_t e = BN2binbox (x->e); /* public exponent */
859+ caddr_t n;
860+ caddr_t e;
861+
862+ RSA_get0_key(x, &rsa_n, &rsa_e, NULL);
863+ n = BN2binbox (rsa_n); /* modulus */
864+ e = BN2binbox (rsa_e); /* public exponent */
865+
866 len = 11 + 8 + box_length (n) + box_length (e);
867 if (n[0] & 0x80)
868 len ++;
869@@ -7383,9 +7436,9 @@ bif_xenc_pubkey_ssh_export (caddr_t * qs
870 {
871 k = X509_get_pubkey (key->xek_x509);
872 #ifdef EVP_PKEY_RSA
873- if (k->type == EVP_PKEY_RSA)
874+ if (EVP_PKEY_id(k) == EVP_PKEY_RSA)
875 {
876- RSA * x = k->pkey.rsa;
877+ RSA * x = EVP_PKEY_get0_RSA(k);
878 ret = xenc_rsa_pub_ssh_export (x);
879 }
880 #endif
881@@ -7418,7 +7471,7 @@ bif_xenc_SPKI_read (caddr_t * qst, caddr
882 return NULL;
883 }
884 pk = NETSCAPE_SPKI_get_pubkey (spki);
885- if (!pk || pk->type != EVP_PKEY_RSA)
886+ if (!pk || EVP_PKEY_id(pk) != EVP_PKEY_RSA)
887 {
888 NETSCAPE_SPKI_free (spki);
889 *err_ret = srv_make_new_error ("42000", "XECXX", "Can not retrieve RSA key");
890@@ -7595,14 +7648,14 @@ bif_xenc_x509_ca_certs_list (caddr_t * q
891 sec_check_dba ((QI*)qst, me);
892 in = BIO_new (BIO_s_mem ());
893 mutex_enter (xenc_keys_mtx);
894- certs = CA_certs->objs;
895+ certs = X509_STORE_get0_objects(CA_certs);
896 len = sk_X509_OBJECT_num (certs);
897 for (i = 0; i < len; i++)
898 {
899 X509_OBJECT * obj = sk_X509_OBJECT_value (certs, i);
900- if (obj->type == X509_LU_X509)
901+ if (X509_OBJECT_get_type(obj) == X509_LU_X509)
902 {
903- X509 *x = obj->data.x509;
904+ X509 *x = X509_OBJECT_get0_X509(obj);
905 caddr_t itm;
906 int blen;
907 BIO_reset (in);
908--- a/libsrc/Wi/xmlenc.h
909+++ b/libsrc/Wi/xmlenc.h
910@@ -38,6 +38,7 @@
911 #include <openssl/dsa.h>
912 #include <openssl/rsa.h>
913 #include <openssl/des.h>
914+#include <openssl/hmac.h>
915
916 #ifdef AES_ENC_ENABLE
917 #include <openssl/aes.h>
918@@ -631,5 +632,183 @@ caddr_t * xml_find_any_child (caddr_t *
919
920 extern dk_mutex_t * xenc_keys_mtx;
921
922+#if OPENSSL_VERSION_NUMBER < 0x10100000
923+
924+static inline HMAC_CTX *HMAC_CTX_new(void)
925+{
926+ HMAC_CTX *p;
927+
928+ p = calloc(1, sizeof(HMAC_CTX));
929+ if (!p)
930+ return p;
931+ HMAC_CTX_init(p);
932+ return p;
933+}
934+
935+static inline void HMAC_CTX_free(HMAC_CTX *ctx)
936+{
937+ HMAC_CTX_cleanup(ctx);
938+ free(ctx);
939+}
940+
941+static inline void RSA_get0_key(const RSA *r, const BIGNUM **n,
942+ const BIGNUM **e, const BIGNUM **d)
943+{
944+ if (n != NULL)
945+ *n = r->n;
946+ if (e != NULL)
947+ *e = r->e;
948+ if (d != NULL)
949+ *d = r->d;
950+}
951+
952+static inline void RSA_get0_factors(const RSA *r, const BIGNUM **p,
953+ const BIGNUM **q)
954+{
955+ if (p != NULL)
956+ *p = r->p;
957+ if (q != NULL)
958+ *q = r->q;
959+}
960+
961+static inline RSA *EVP_PKEY_get0_RSA(EVP_PKEY *pkey)
962+{
963+ if (pkey->type != EVP_PKEY_RSA)
964+ return NULL;
965+ return pkey->pkey.rsa;
966+}
967+
968+static inline void DH_get0_key(const DH *dh, const BIGNUM **pub_key,
969+ const BIGNUM **priv_key)
970+{
971+ if (pub_key != NULL)
972+ *pub_key = dh->pub_key;
973+ if (priv_key != NULL)
974+ *priv_key = dh->priv_key;
975+}
976+
977+
978+static inline void DH_get0_pqg(const DH *dh, const BIGNUM **p, const BIGNUM **q,
979+ const BIGNUM **g)
980+{
981+ if (p != NULL)
982+ *p = dh->p;
983+ if (q != NULL)
984+ *q = dh->q;
985+ if (g != NULL)
986+ *g = dh->g;
987+}
988+
989+static inline DSA *EVP_PKEY_get0_DSA(EVP_PKEY *pkey)
990+{
991+ if (pkey->type != EVP_PKEY_DSA)
992+ return NULL;
993+ return pkey->pkey.dsa;
994+}
995+
996+static inline int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g)
997+{
998+ /* If the fields p and g in d are NULL, the corresponding input
999+ * parameters MUST be non-NULL. q may remain NULL.
1000+ */
1001+ if ((dh->p == NULL && p == NULL)
1002+ || (dh->g == NULL && g == NULL))
1003+ return 0;
1004+
1005+ if (p != NULL) {
1006+ BN_free(dh->p);
1007+ dh->p = p;
1008+ }
1009+ if (q != NULL) {
1010+ BN_free(dh->q);
1011+ dh->q = q;
1012+ }
1013+ if (g != NULL) {
1014+ BN_free(dh->g);
1015+ dh->g = g;
1016+ }
1017+
1018+ if (q != NULL) {
1019+ dh->length = BN_num_bits(q);
1020+ }
1021+
1022+ return 1;
1023+}
1024+
1025+static inline int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d)
1026+{
1027+ /* If the fields n and e in r are NULL, the corresponding input
1028+ * parameters MUST be non-NULL for n and e. d may be
1029+ * left NULL (in case only the public key is used).
1030+ */
1031+ if ((r->n == NULL && n == NULL)
1032+ || (r->e == NULL && e == NULL))
1033+ return 0;
1034+
1035+ if (n != NULL) {
1036+ BN_free(r->n);
1037+ r->n = n;
1038+ }
1039+ if (e != NULL) {
1040+ BN_free(r->e);
1041+ r->e = e;
1042+ }
1043+ if (d != NULL) {
1044+ BN_free(r->d);
1045+ r->d = d;
1046+ }
1047+
1048+ return 1;
1049+}
1050+
1051+static inline void DSA_get0_pqg(const DSA *d, const BIGNUM **p,
1052+ const BIGNUM **q, const BIGNUM **g)
1053+{
1054+ if (p != NULL)
1055+ *p = d->p;
1056+ if (q != NULL)
1057+ *q = d->q;
1058+ if (g != NULL)
1059+ *g = d->g;
1060+}
1061+
1062+static inline void DSA_get0_key(const DSA *d, const BIGNUM **pub_key,
1063+ const BIGNUM **priv_key)
1064+{
1065+ if (pub_key != NULL)
1066+ *pub_key = d->pub_key;
1067+ if (priv_key != NULL)
1068+ *priv_key = d->priv_key;
1069+}
1070+
1071+static inline const STACK_OF(X509_EXTENSION) *X509_get0_extensions(const X509 *x)
1072+{
1073+ return x->cert_info->extensions;
1074+}
1075+
1076+static inline int X509_up_ref(X509 *x)
1077+{
1078+ return CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
1079+}
1080+
1081+static inline STACK_OF(X509_OBJECT) *X509_STORE_get0_objects(X509_STORE *v)
1082+{
1083+ return v->objs;
1084+}
1085+
1086+static inline int X509_OBJECT_get_type(const X509_OBJECT *a)
1087+{
1088+ return a->type;
1089+}
1090+
1091+static inline X509 *X509_OBJECT_get0_X509(const X509_OBJECT *a)
1092+{
1093+ if (a == NULL || a->type != X509_LU_X509)
1094+ return NULL;
1095+ return a->data.x509;
1096+}
1097+
1098+#endif
1099+
1100 #endif
1101
1102--- a/libsrc/Wi/xmlenc_algos.c
1103+++ b/libsrc/Wi/xmlenc_algos.c
1104@@ -1149,7 +1149,7 @@ int
1105 dsig_hmac_sha256_digest (dk_session_t * ses_in, long len, xenc_key_t * key, caddr_t * sign_out)
1106 {
1107 unsigned char * data;
1108- HMAC_CTX ctx;
1109+ HMAC_CTX *ctx;
1110 unsigned char key_data[32 * 8];
1111 unsigned char md [SHA256_DIGEST_LENGTH + 1];
1112 unsigned char md64 [SHA256_DIGEST_LENGTH * 2 + 1];
1113@@ -1182,7 +1182,9 @@ dsig_hmac_sha256_digest (dk_session_t *
1114 default:
1115 return 0;
1116 }
1117-
1118+ ctx = HMAC_CTX_new();
1119+ if (!ctx)
1120+ return 0;
1121
1122 data = (unsigned char *) dk_alloc_box (len, DV_C_STRING);
1123 CATCH_READ_FAIL (ses_in)
1124@@ -1192,14 +1194,15 @@ dsig_hmac_sha256_digest (dk_session_t *
1125 FAILED
1126 {
1127 dk_free_box ((box_t) data);
1128+ HMAC_CTX_free(ctx);
1129 return 0;
1130 }
1131 END_READ_FAIL (ses_in);
1132
1133- HMAC_Init(&ctx, (void*) key_data , key_len, EVP_sha256 ());
1134- HMAC_Update(&ctx, data, len);
1135- HMAC_Final(&ctx, md, &hmac_len);
1136- HMAC_cleanup(&ctx);
1137+ HMAC_Init_ex(ctx, (void*) key_data , key_len, EVP_sha256 (), NULL);
1138+ HMAC_Update(ctx, data, len);
1139+ HMAC_Final(ctx, md, &hmac_len);
1140+ HMAC_CTX_free(ctx);
1141
1142 if (hmac_len != SHA256_DIGEST_LENGTH)
1143 GPF_T;
1144@@ -1220,7 +1223,7 @@ dsig_hmac_sha256_digest (dk_session_t *
1145 int
1146 dsig_hmac_sha256_verify (dk_session_t * ses_in, long len, xenc_key_t * key, caddr_t digest)
1147 {
1148- HMAC_CTX ctx;
1149+ HMAC_CTX *ctx;
1150 unsigned char * data;
1151 unsigned char key_data[3 * 8];
1152 unsigned char md [SHA256_DIGEST_LENGTH + 1];
1153@@ -1249,6 +1252,9 @@ dsig_hmac_sha256_verify (dk_session_t *
1154 return 0;
1155 }
1156
1157+ ctx = HMAC_CTX_new();
1158+ if (!ctx)
1159+ return 0;
1160
1161 data = (unsigned char *) dk_alloc_box (len, DV_C_STRING);
1162 CATCH_READ_FAIL (ses_in)
1163@@ -1258,14 +1264,15 @@ dsig_hmac_sha256_verify (dk_session_t *
1164 FAILED
1165 {
1166 dk_free_box ((box_t) data);
1167+ HMAC_CTX_free(ctx);
1168 return 0;
1169 }
1170 END_READ_FAIL (ses_in);
1171
1172- HMAC_Init(&ctx, (void*) key_data , key_len, EVP_sha256 ());
1173- HMAC_Update(&ctx, data, len);
1174- HMAC_Final(&ctx, md, &hmac_len);
1175- HMAC_cleanup(&ctx);
1176+ HMAC_Init_ex(ctx, (void*) key_data , key_len, EVP_sha256 (), NULL);
1177+ HMAC_Update(ctx, data, len);
1178+ HMAC_Final(ctx, md, &hmac_len);
1179+ HMAC_CTX_free(ctx);
1180 dk_free_box ((box_t) data);
1181
1182 len1 = xenc_encode_base64 ((char *)md, md64, hmac_len);
1183@@ -1586,7 +1593,7 @@ int
1184 dsig_hmac_sha1_digest (dk_session_t * ses_in, long len, xenc_key_t * key, caddr_t * sign_out)
1185 {
1186 unsigned char * data;
1187- HMAC_CTX ctx;
1188+ HMAC_CTX *ctx;
1189 unsigned char key_data[32 * 8];
1190 unsigned char md [SHA_DIGEST_LENGTH + 1];
1191 unsigned char md64 [SHA_DIGEST_LENGTH * 2 + 1];
1192@@ -1620,6 +1627,9 @@ dsig_hmac_sha1_digest (dk_session_t * se
1193 return 0;
1194 }
1195
1196+ ctx = HMAC_CTX_new();
1197+ if (!ctx)
1198+ return 0;
1199
1200 data = (unsigned char *) dk_alloc_box (len, DV_C_STRING);
1201 CATCH_READ_FAIL (ses_in)
1202@@ -1629,14 +1639,15 @@ dsig_hmac_sha1_digest (dk_session_t * se
1203 FAILED
1204 {
1205 dk_free_box ((box_t) data);
1206+ HMAC_CTX_free(ctx);
1207 return 0;
1208 }
1209 END_READ_FAIL (ses_in);
1210
1211- HMAC_Init(&ctx, (void*) key_data , key_len, EVP_sha1 ());
1212- HMAC_Update(&ctx, data, len);
1213- HMAC_Final(&ctx, md, &hmac_len);
1214- HMAC_cleanup(&ctx);
1215+ HMAC_Init_ex(ctx, (void*) key_data , key_len, EVP_sha1 (), NULL);
1216+ HMAC_Update(ctx, data, len);
1217+ HMAC_Final(ctx, md, &hmac_len);
1218+ HMAC_CTX_free(ctx);
1219
1220 if (hmac_len != SHA_DIGEST_LENGTH)
1221 GPF_T;
1222@@ -1657,7 +1668,7 @@ dsig_hmac_sha1_digest (dk_session_t * se
1223 int
1224 dsig_hmac_sha1_verify (dk_session_t * ses_in, long len, xenc_key_t * key, caddr_t digest)
1225 {
1226- HMAC_CTX ctx;
1227+ HMAC_CTX *ctx;
1228 unsigned char * data;
1229 unsigned char key_data[3 * 8];
1230 unsigned char md [SHA_DIGEST_LENGTH + 1];
1231@@ -1686,6 +1697,9 @@ dsig_hmac_sha1_verify (dk_session_t * se
1232 return 0;
1233 }
1234
1235+ ctx = HMAC_CTX_new();
1236+ if (!ctx)
1237+ return 0;
1238
1239 data = (unsigned char *) dk_alloc_box (len, DV_C_STRING);
1240 CATCH_READ_FAIL (ses_in)
1241@@ -1695,14 +1709,15 @@ dsig_hmac_sha1_verify (dk_session_t * se
1242 FAILED
1243 {
1244 dk_free_box ((box_t) data);
1245+ HMAC_CTX_free(ctx);
1246 return 0;
1247 }
1248 END_READ_FAIL (ses_in);
1249
1250- HMAC_Init(&ctx, (void*) key_data , key_len, EVP_sha1 ());
1251- HMAC_Update(&ctx, data, len);
1252- HMAC_Final(&ctx, md, &hmac_len);
1253- HMAC_cleanup(&ctx);
1254+ HMAC_Init_ex(ctx, (void*) key_data , key_len, EVP_sha1 (), NULL);
1255+ HMAC_Update(ctx, data, len);
1256+ HMAC_Final(ctx, md, &hmac_len);
1257+ HMAC_CTX_free(ctx);
1258 dk_free_box ((box_t) data);
1259
1260 len1 = xenc_encode_base64 ((char *)md, md64, hmac_len);
1261@@ -1763,7 +1778,7 @@ int xenc_aes_encryptor (dk_session_t * s
1262 caddr_t outbuf_beg;
1263 int len;
1264 caddr_t encoded_out;
1265- EVP_CIPHER_CTX ctx;
1266+ EVP_CIPHER_CTX *ctx;
1267 unsigned char * ivec = &key->ki.aes.iv[0];
1268
1269 CATCH_READ_FAIL (ses_in)
1270@@ -1778,7 +1793,7 @@ int xenc_aes_encryptor (dk_session_t * s
1271 END_READ_FAIL (ses_in);
1272
1273 #if 1
1274- EVP_CIPHER_CTX_init(&ctx);
1275+ ctx = EVP_CIPHER_CTX_new();
1276 outbuf_beg = dk_alloc_box (box_length (text) + 16, DV_BIN);
1277 memcpy (outbuf_beg, ivec, 16);
1278 outbuf = outbuf_beg + 16;
1279@@ -1786,20 +1801,19 @@ int xenc_aes_encryptor (dk_session_t * s
1280 switch (key->ki.aes.bits)
1281 {
1282 case 128:
1283- EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, key->ki.aes.k, ivec);
1284+ EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, key->ki.aes.k, ivec);
1285 break;
1286 case 192:
1287- EVP_EncryptInit_ex(&ctx, EVP_aes_192_cbc(), NULL, key->ki.aes.k, ivec);
1288+ EVP_EncryptInit_ex(ctx, EVP_aes_192_cbc(), NULL, key->ki.aes.k, ivec);
1289 break;
1290 case 256:
1291- EVP_EncryptInit_ex(&ctx, EVP_aes_256_cbc(), NULL, key->ki.aes.k, ivec);
1292+ EVP_EncryptInit_ex(ctx, EVP_aes_256_cbc(), NULL, key->ki.aes.k, ivec);
1293 break;
1294 default:
1295 GPF_T1 ("Unsupported key size");
1296 }
1297- if(!EVP_EncryptUpdate(&ctx, (unsigned char *)outbuf, &outlen, (unsigned char *)text, box_length (text)))
1298+ if(!EVP_EncryptUpdate(ctx, (unsigned char *)outbuf, &outlen, (unsigned char *)text, box_length (text)))
1299 {
1300- EVP_CIPHER_CTX_cleanup(&ctx);
1301 dk_free_box (text);
1302 dk_free_box (outbuf_beg);
1303 xenc_report_error (t, 500, XENC_ENC_ERR, "AES encryption internal error #2");
1304@@ -1812,7 +1826,7 @@ int xenc_aes_encryptor (dk_session_t * s
1305 xenc_report_error (t, 500, XENC_ENC_ERR, "AES encryption internal error #3");
1306 } */
1307 /* outlen += tmplen; */
1308- EVP_CIPHER_CTX_cleanup(&ctx);
1309+ EVP_CIPHER_CTX_free(ctx);
1310
1311 #else
1312 outbuf_beg = dk_alloc_box (box_length (text) + 16 /* iv */, DV_BIN);
1313@@ -2050,6 +2064,7 @@ xenc_rsa_decryptor (dk_session_t * ses_i
1314 int len = 0;
1315 int keysize;
1316 RSA * rsa = key->xek_private_rsa;
1317+ const BIGNUM *p, *q;
1318
1319 if (!seslen)
1320 {
1321@@ -2062,9 +2077,9 @@ xenc_rsa_decryptor (dk_session_t * ses_i
1322 xenc_report_error (t, 500 + strlen (key->xek_name), XENC_ENC_ERR, "could not make RSA decryption [key %s is not RSA]", key->xek_name);
1323 return 0;
1324 }
1325+ RSA_get0_factors(rsa, &p, &q);
1326 if (!rsa ||
1327- !rsa->p ||
1328- !rsa->q)
1329+ !p || !q)
1330 {
1331 if (key->xek_x509_KI)
1332 key = xenc_get_key_by_keyidentifier (key->xek_x509_KI, 1);
1333--- a/libsrc/util/sslengine.c
1334+++ b/libsrc/util/sslengine.c
1335@@ -29,7 +29,11 @@
1336 int
1337 ssl_engine_startup (void)
1338 {
1339- CRYPTO_malloc_init ();
1340+#if OPENSSL_VERSION_NUMBER < 0x10100000
1341+ CRYPTO_malloc_init ();
1342+#else
1343+ OPENSSL_malloc_init();
1344+#endif
1345 ERR_load_crypto_strings();
1346 OpenSSL_add_all_algorithms();
1347
1348--- a/libsrc/Wi/http.c
1349+++ b/libsrc/Wi/http.c
1350@@ -8886,7 +8886,7 @@ ssl_server_set_certificate (SSL_CTX* ssl
1351 log_error ("SSL: The stored certificate '%s' can not be used as extra chain certificate", tok);
1352 break;
1353 }
1354- CRYPTO_add(&k->xek_x509->references, 1, CRYPTO_LOCK_X509);
1355+ X509_up_ref(k->xek_x509);
1356 tok = strtok_r (NULL, ",", &tok_s);
1357 }
1358 dk_free_box (str);
1359@@ -9949,7 +9949,7 @@ bif_https_renegotiate (caddr_t *qst, cad
1360 cli_ssl_get_error_string (err_buf, sizeof (err_buf));
1361 sqlr_new_error ("42000", "..002", "SSL_do_handshake failed %s", err_buf);
1362 }
1363- ssl->state = SSL_ST_ACCEPT;
1364+ SSL_set_accept_state(ssl);
1365 while (SSL_renegotiate_pending (ssl) && ctr < 1000)
1366 {
1367 timeout_t to = { 0, 1000 };
1368--- a/libsrc/Dk/Dkernel.c
1369+++ b/libsrc/Dk/Dkernel.c
1370@@ -5280,7 +5280,11 @@ ssl_server_init ()
1371 }
1372 #endif
1373
1374- SSLeay_add_all_algorithms ();
1375+#if OPENSSL_VERSION_NUMBER < 0x10100000
1376+ SSLeay_add_all_algorithms();
1377+#else
1378+ OpenSSL_add_all_algorithms();
1379+#endif
1380 PKCS12_PBE_add (); /* stub */
1381
1382 #ifdef NO_THREAD
1383--- a/configure.ac
1384+++ b/configure.ac
1385@@ -881,17 +881,6 @@ AC_TRY_COMPILE([
1386 ])
1387
1388 AC_MSG_CHECKING([OpenSSL version])
1389-AC_TRY_COMPILE([
1390-#include <openssl/opensslv.h>
1391-],[
1392-#if OPENSSL_VERSION_NUMBER >= 0x1010000fL
1393-#error OpenSSL version too new
1394-#endif
1395- ],[
1396- AC_MSG_RESULT([< 1.1.0])
1397- ],[
1398- AC_MSG_ERROR([OpenSSL version 1.1.0 or greater is currently not supported.])
1399- ])
1400
1401 AC_MSG_CHECKING([usability of the OpenSSL header files and library in ${openssl_dir}])
1402 AC_TRY_RUN([
1403--- virtuoso-opensource-7.2.5/libsrc/Dk/Dkernel.c~ 2018-09-15 23:47:58.000000000 +0200
1404+++ virtuoso-opensource-7.2.5/libsrc/Dk/Dkernel.c 2018-09-15 23:52:13.471232310 +0200
1405@@ -5149,9 +5149,12 @@ ssl_ctx_set_protocol_options(SSL_CTX *ct
1406 disable = 1;
1407 }
1408
1409+#if defined (SSL_OP_NO_SSLv3)
1410 if (!strcasecmp (name, "SSLv3"))
1411 opt = SSL_PROTOCOL_SSLV3;
1412- else if (!strcasecmp (name, "TLSv1") || !strcasecmp (name, "TLSv1.0"))
1413+ else
1414+#endif
1415+ if (!strcasecmp (name, "TLSv1") || !strcasecmp (name, "TLSv1.0"))
1416 opt = SSL_PROTOCOL_TLSV1;
1417 #if defined (SSL_OP_NO_TLSv1_1)
1418 else if (!strcasecmp (name, "TLSv1_1") || !strcasecmp (name, "TLSv1.1"))
1419--- virtuoso-opensource-7.2.5/libsrc/Dk/Dkernel.c~ 2018-09-15 23:52:48.000000000 +0200
1420+++ virtuoso-opensource-7.2.5/libsrc/Dk/Dkernel.c 2018-09-15 23:58:57.068780828 +0200
1421@@ -5087,6 +5087,7 @@ ssl_thread_setup ()
1422 #define SSL_PROTOCOL_TLSV1 (1<<2)
1423 #define SSL_PROTOCOL_TLSV1_1 (1<<3)
1424 #define SSL_PROTOCOL_TLSV1_2 (1<<4)
1425+#define SSL_PROTOCOL_TLSV1_3 (1<<5)
1426
1427 #if OPENSSL_VERSION_NUMBER >= 0x1000100FL
1428 #define SSL_PROTOCOL_ALL (SSL_PROTOCOL_TLSV1_1|SSL_PROTOCOL_TLSV1_2)
1429--- virtuoso-opensource-7.2.5/libsrc/Wi/xmlenc.c~ 2018-09-16 00:08:33.000000000 +0200
1430+++ virtuoso-opensource-7.2.5/libsrc/Wi/xmlenc.c 2018-09-16 00:20:07.956376505 +0200
1431@@ -7073,19 +7073,21 @@ bif_xenc_pkcs12_export (caddr_t * qst, c
1432 if (export_chain)
1433 {
1434 int i;
1435- X509_STORE_CTX store_ctx;
1436- X509_STORE_CTX_init (&store_ctx, CA_certs, x, NULL);
1437- if (X509_verify_cert (&store_ctx) > 0)
1438- chain = X509_STORE_CTX_get1_chain (&store_ctx);
1439+ X509_STORE_CTX *store_ctx;
1440+ store_ctx = EVP_MD_CTX_create();
1441+ if (!X509_STORE_CTX_init (store_ctx, CA_certs, x, NULL))
1442+ goto err;
1443+ if (X509_verify_cert (store_ctx) > 0)
1444+ chain = X509_STORE_CTX_get1_chain (store_ctx);
1445 else
1446 {
1447 const char *err_str;
1448- err_str = X509_verify_cert_error_string (store_ctx.error);
1449+ err_str = X509_verify_cert_error_string (X509_STORE_CTX_get_error(store_ctx));
1450 *err_ret = srv_make_new_error ("22023", "XENCX", "X509 error: %s", err_str);
1451- X509_STORE_CTX_cleanup (&store_ctx);
1452+ X509_STORE_CTX_free (store_ctx);
1453 goto err;
1454 }
1455- X509_STORE_CTX_cleanup (&store_ctx);
1456+ X509_STORE_CTX_free (store_ctx);
1457 if (chain)
1458 {
1459 certs = sk_X509_new_null ();
OpenLink Virtuoso Database System
This page took 0.405424 seconds and 4 git commands to generate.