Brad Bishop | 1a4b7ee | 2018-12-16 17:11:34 -0800 | [diff] [blame^] | 1 | From 0c35749891bf834c1f3c1c4c330266bd2f4733cc Mon Sep 17 00:00:00 2001 |
| 2 | From: Khem Raj <raj.khem@gmail.com> |
| 3 | Date: Sun, 9 Sep 2018 10:40:09 -0700 |
| 4 | Subject: [PATCH] Forward port to OpenSSL 1.1.x |
| 5 | |
| 6 | * import patch from debian |
| 7 | https://sources.debian.org/src/wvstreams/4.6.1-14/debian/patches/wvstreams_openssl1.1.patch |
| 8 | Author: Reiner Herrmann <reiner@reiner-h.de> |
| 9 | |
| 10 | Upstream-Status: Submitted [https://github.com/apenwarr/wvstreams/pull/2] |
| 11 | Signed-off-by: Khem Raj <raj.khem@gmail.com> |
| 12 | --- |
| 13 | crypto/wvcrl.cc | 38 +++++++++++++------------------------- |
| 14 | crypto/wvdiffiehellman.cc | 30 +++++++++++++++++++----------- |
| 15 | crypto/wvdigest.cc | 16 ++++++++-------- |
| 16 | crypto/wvocsp.cc | 35 +++++++++-------------------------- |
| 17 | crypto/wvx509.cc | 31 ++++++++++++++++--------------- |
| 18 | crypto/wvx509mgr.cc | 27 ++++++++++++++++----------- |
| 19 | include/wvdiffiehellman.h | 2 +- |
| 20 | include/wvdigest.h | 14 ++++++-------- |
| 21 | include/wvtripledes.h | 10 +++++----- |
| 22 | 9 files changed, 93 insertions(+), 110 deletions(-) |
| 23 | |
| 24 | diff --git a/crypto/wvcrl.cc b/crypto/wvcrl.cc |
| 25 | index fa00c76..880ad85 100644 |
| 26 | --- a/crypto/wvcrl.cc |
| 27 | +++ b/crypto/wvcrl.cc |
| 28 | @@ -357,31 +357,19 @@ bool WvCRL::isrevoked(WvStringParm serial_number) const |
| 29 | ASN1_INTEGER *serial = serial_to_int(serial_number); |
| 30 | if (serial) |
| 31 | { |
| 32 | - X509_REVOKED mayberevoked; |
| 33 | - mayberevoked.serialNumber = serial; |
| 34 | - if (crl->crl->revoked) |
| 35 | - { |
| 36 | - int idx = sk_X509_REVOKED_find(crl->crl->revoked, |
| 37 | - &mayberevoked); |
| 38 | - ASN1_INTEGER_free(serial); |
| 39 | - if (idx >= 0) |
| 40 | - { |
| 41 | - debug("Certificate is revoked.\n"); |
| 42 | - return true; |
| 43 | - } |
| 44 | - else |
| 45 | - { |
| 46 | - debug("Certificate is not revoked.\n"); |
| 47 | - return false; |
| 48 | - } |
| 49 | - } |
| 50 | - else |
| 51 | - { |
| 52 | - ASN1_INTEGER_free(serial); |
| 53 | - debug("CRL does not have revoked list.\n"); |
| 54 | - return false; |
| 55 | - } |
| 56 | - |
| 57 | + X509_REVOKED *revoked_entry = NULL; |
| 58 | + int idx = X509_CRL_get0_by_serial(crl, &revoked_entry, serial); |
| 59 | + ASN1_INTEGER_free(serial); |
| 60 | + if (idx >= 1 || revoked_entry) |
| 61 | + { |
| 62 | + debug("Certificate is revoked.\n"); |
| 63 | + return true; |
| 64 | + } |
| 65 | + else |
| 66 | + { |
| 67 | + debug("Certificate is not revoked.\n"); |
| 68 | + return false; |
| 69 | + } |
| 70 | } |
| 71 | else |
| 72 | debug(WvLog::Warning, "Can't convert serial number to ASN1 format. " |
| 73 | diff --git a/crypto/wvdiffiehellman.cc b/crypto/wvdiffiehellman.cc |
| 74 | index 7c0bf32..15cd104 100644 |
| 75 | --- a/crypto/wvdiffiehellman.cc |
| 76 | +++ b/crypto/wvdiffiehellman.cc |
| 77 | @@ -39,24 +39,25 @@ WvDiffieHellman::WvDiffieHellman(const unsigned char *_key, int _keylen, |
| 78 | { |
| 79 | int problems; |
| 80 | int check; |
| 81 | - { |
| 82 | + |
| 83 | info = DH_new(); |
| 84 | - info->p = BN_bin2bn(_key, _keylen, NULL); |
| 85 | + BIGNUM *p = BN_bin2bn(_key, _keylen, NULL); |
| 86 | // info->p->top = 0; |
| 87 | // info->p->dmax = _keylen * 8 / BN_BITS2; |
| 88 | // info->p->neg = 0; |
| 89 | // info->p->flags = 0; |
| 90 | |
| 91 | - info->g = BN_new(); |
| 92 | - BN_set_word(info->g, generator); |
| 93 | + BIGNUM *g = BN_new(); |
| 94 | + BN_set_word(g, generator); |
| 95 | // info->g->d = &generator; |
| 96 | // info->g->top = 0; |
| 97 | // info->g->dmax = 1; |
| 98 | // info->g->neg = 0; |
| 99 | // info->g->flags = 0; |
| 100 | - } |
| 101 | |
| 102 | - check = BN_mod_word(info->p, 24); |
| 103 | + DH_set0_pqg(info, p, NULL, g); |
| 104 | + |
| 105 | + check = BN_mod_word(p, 24); |
| 106 | DH_check(info, &problems); |
| 107 | if (problems & DH_CHECK_P_NOT_PRIME) |
| 108 | log(WvLog::Error, "Using a composite number for authentication.\n"); |
| 109 | @@ -64,7 +65,7 @@ WvDiffieHellman::WvDiffieHellman(const unsigned char *_key, int _keylen, |
| 110 | log(WvLog::Error,"Using an unsafe prime number for authentication.\n"); |
| 111 | if (problems & DH_NOT_SUITABLE_GENERATOR) |
| 112 | log(WvLog::Error, "Can you just use 2 instead of %s (%s)!!\n", |
| 113 | - BN_bn2hex(info->g), check); |
| 114 | + BN_bn2hex(g), check); |
| 115 | if (problems & DH_UNABLE_TO_CHECK_GENERATOR) |
| 116 | log(WvLog::Notice, "Using a strange argument for diffie-hellman.\n"); |
| 117 | DH_generate_key(info); |
| 118 | @@ -72,18 +73,23 @@ WvDiffieHellman::WvDiffieHellman(const unsigned char *_key, int _keylen, |
| 119 | |
| 120 | int WvDiffieHellman::pub_key_len() |
| 121 | { |
| 122 | - return BN_num_bytes(info->pub_key); |
| 123 | + const BIGNUM *pub_key = NULL; |
| 124 | + DH_get0_key(info, &pub_key, NULL); |
| 125 | + return BN_num_bytes(pub_key); |
| 126 | } |
| 127 | |
| 128 | int WvDiffieHellman::get_public_value(WvBuf &outbuf, int len) |
| 129 | { |
| 130 | - int key_len = BN_num_bytes(info->pub_key); |
| 131 | + const BIGNUM *pub_key = NULL; |
| 132 | + DH_get0_key(info, &pub_key, NULL); |
| 133 | + |
| 134 | + int key_len = BN_num_bytes(pub_key); |
| 135 | if (key_len < len) |
| 136 | len = key_len; |
| 137 | |
| 138 | // alloca is stack allocated, don't free it. |
| 139 | unsigned char *foo = (unsigned char*)alloca(key_len); |
| 140 | - BN_bn2bin(info->pub_key, foo); |
| 141 | + BN_bn2bin(pub_key, foo); |
| 142 | outbuf.put(foo, len); |
| 143 | |
| 144 | return len; |
| 145 | @@ -91,8 +97,10 @@ int WvDiffieHellman::get_public_value(WvBuf &outbuf, int len) |
| 146 | |
| 147 | bool WvDiffieHellman::create_secret(WvBuf &inbuf, size_t in_len, WvBuf& outbuf) |
| 148 | { |
| 149 | + const BIGNUM *pub_key = NULL; |
| 150 | + DH_get0_key(info, &pub_key, NULL); |
| 151 | unsigned char *foo = (unsigned char *)alloca(DH_size(info)); |
| 152 | - log("My public value\n%s\nYour public value\n%s\n",BN_bn2hex(info->pub_key), |
| 153 | + log("My public value\n%s\nYour public value\n%s\n",BN_bn2hex(pub_key), |
| 154 | hexdump_buffer(inbuf.peek(0, in_len), in_len, false)); |
| 155 | int len = DH_compute_key (foo, BN_bin2bn(inbuf.get(in_len), in_len, NULL), |
| 156 | info); |
| 157 | diff --git a/crypto/wvdigest.cc b/crypto/wvdigest.cc |
| 158 | index 150edee..73ebb5d 100644 |
| 159 | --- a/crypto/wvdigest.cc |
| 160 | +++ b/crypto/wvdigest.cc |
| 161 | @@ -13,10 +13,10 @@ |
| 162 | |
| 163 | /***** WvEVPMDDigest *****/ |
| 164 | |
| 165 | -WvEVPMDDigest::WvEVPMDDigest(const env_md_st *_evpmd) : |
| 166 | +WvEVPMDDigest::WvEVPMDDigest(const EVP_MD*_evpmd) : |
| 167 | evpmd(_evpmd), active(false) |
| 168 | { |
| 169 | - evpctx = new EVP_MD_CTX; |
| 170 | + evpctx = EVP_MD_CTX_new(); |
| 171 | _reset(); |
| 172 | } |
| 173 | |
| 174 | @@ -24,7 +24,7 @@ WvEVPMDDigest::WvEVPMDDigest(const env_md_st *_evpmd) : |
| 175 | WvEVPMDDigest::~WvEVPMDDigest() |
| 176 | { |
| 177 | cleanup(); |
| 178 | - delete evpctx; |
| 179 | + EVP_MD_CTX_free(evpctx); |
| 180 | } |
| 181 | |
| 182 | |
| 183 | @@ -60,7 +60,7 @@ bool WvEVPMDDigest::_reset() |
| 184 | // the typecast is necessary for API compatibility with different |
| 185 | // versions of openssl. None of them *actually* change the contents of |
| 186 | // the pointer. |
| 187 | - EVP_DigestInit(evpctx, (env_md_st *)evpmd); |
| 188 | + EVP_DigestInit(evpctx, evpmd); |
| 189 | active = true; |
| 190 | return true; |
| 191 | } |
| 192 | @@ -79,7 +79,7 @@ void WvEVPMDDigest::cleanup() |
| 193 | |
| 194 | size_t WvEVPMDDigest::digestsize() const |
| 195 | { |
| 196 | - return EVP_MD_size((env_md_st *)evpmd); |
| 197 | + return EVP_MD_size(evpmd); |
| 198 | } |
| 199 | |
| 200 | |
| 201 | @@ -104,14 +104,14 @@ WvHMACDigest::WvHMACDigest(WvEVPMDDigest *_digest, |
| 202 | { |
| 203 | key = new unsigned char[keysize]; |
| 204 | memcpy(key, _key, keysize); |
| 205 | - hmacctx = new HMAC_CTX; |
| 206 | + hmacctx = HMAC_CTX_new(); |
| 207 | _reset(); |
| 208 | } |
| 209 | |
| 210 | WvHMACDigest::~WvHMACDigest() |
| 211 | { |
| 212 | cleanup(); |
| 213 | - delete hmacctx; |
| 214 | + HMAC_CTX_free(hmacctx); |
| 215 | deletev key; |
| 216 | delete digest; |
| 217 | } |
| 218 | @@ -145,7 +145,7 @@ bool WvHMACDigest::_finish(WvBuf &outbuf) |
| 219 | bool WvHMACDigest::_reset() |
| 220 | { |
| 221 | cleanup(); |
| 222 | - HMAC_Init(hmacctx, key, keysize, (env_md_st *)digest->getevpmd()); |
| 223 | + HMAC_Init(hmacctx, key, keysize, digest->getevpmd()); |
| 224 | active = true; |
| 225 | return true; |
| 226 | } |
| 227 | diff --git a/crypto/wvocsp.cc b/crypto/wvocsp.cc |
| 228 | index ddb2de4..7d5da07 100644 |
| 229 | --- a/crypto/wvocsp.cc |
| 230 | +++ b/crypto/wvocsp.cc |
| 231 | @@ -118,9 +118,10 @@ bool WvOCSPResp::check_nonce(const WvOCSPReq &req) const |
| 232 | |
| 233 | bool WvOCSPResp::signedbycert(const WvX509 &cert) const |
| 234 | { |
| 235 | - EVP_PKEY *skey = X509_get_pubkey(cert.cert); |
| 236 | - int i = OCSP_BASICRESP_verify(bs, skey, 0); |
| 237 | - EVP_PKEY_free(skey); |
| 238 | + STACK_OF(X509) *sk = sk_X509_new_null(); |
| 239 | + sk_X509_push(sk, cert.cert); |
| 240 | + int i = OCSP_basic_verify(bs, sk, NULL, OCSP_NOVERIFY); |
| 241 | + sk_X509_free(sk); |
| 242 | |
| 243 | if(i > 0) |
| 244 | return true; |
| 245 | @@ -131,33 +132,15 @@ bool WvOCSPResp::signedbycert(const WvX509 &cert) const |
| 246 | |
| 247 | WvX509 WvOCSPResp::get_signing_cert() const |
| 248 | { |
| 249 | - if (!bs || !sk_X509_num(bs->certs)) |
| 250 | + const STACK_OF(X509) *certs = OCSP_resp_get0_certs(bs); |
| 251 | + if (!bs || !sk_X509_num(certs)) |
| 252 | return WvX509(); |
| 253 | |
| 254 | - // note: the following bit of code is taken almost verbatim from |
| 255 | - // ocsp_vfy.c in OpenSSL 0.9.8. Copyright and attribution should |
| 256 | - // properly belong to them |
| 257 | - |
| 258 | - OCSP_RESPID *id = bs->tbsResponseData->responderId; |
| 259 | - |
| 260 | - if (id->type == V_OCSP_RESPID_NAME) |
| 261 | - { |
| 262 | - X509 *x = X509_find_by_subject(bs->certs, id->value.byName); |
| 263 | - if (x) |
| 264 | - return WvX509(X509_dup(x)); |
| 265 | + X509 *signer = NULL; |
| 266 | + if (OCSP_resp_get0_signer(bs, &signer, NULL) == 1) { |
| 267 | + return WvX509(X509_dup(signer)); |
| 268 | } |
| 269 | |
| 270 | - if (id->value.byKey->length != SHA_DIGEST_LENGTH) return NULL; |
| 271 | - unsigned char tmphash[SHA_DIGEST_LENGTH]; |
| 272 | - unsigned char *keyhash = id->value.byKey->data; |
| 273 | - for (int i = 0; i < sk_X509_num(bs->certs); i++) |
| 274 | - { |
| 275 | - X509 *x = sk_X509_value(bs->certs, i); |
| 276 | - X509_pubkey_digest(x, EVP_sha1(), tmphash, NULL); |
| 277 | - if(!memcmp(keyhash, tmphash, SHA_DIGEST_LENGTH)) |
| 278 | - return WvX509(X509_dup(x)); |
| 279 | - } |
| 280 | - |
| 281 | return WvX509(); |
| 282 | } |
| 283 | |
| 284 | diff --git a/crypto/wvx509.cc b/crypto/wvx509.cc |
| 285 | index e4925ce..984156c 100644 |
| 286 | --- a/crypto/wvx509.cc |
| 287 | +++ b/crypto/wvx509.cc |
| 288 | @@ -974,7 +974,7 @@ static void add_aia(WvStringParm type, WvString identifier, |
| 289 | sk_ACCESS_DESCRIPTION_push(ainfo, acc); |
| 290 | acc->method = OBJ_txt2obj(type.cstr(), 0); |
| 291 | acc->location->type = GEN_URI; |
| 292 | - acc->location->d.ia5 = M_ASN1_IA5STRING_new(); |
| 293 | + acc->location->d.ia5 = ASN1_IA5STRING_new(); |
| 294 | unsigned char *cident |
| 295 | = reinterpret_cast<unsigned char *>(identifier.edit()); |
| 296 | ASN1_STRING_set(acc->location->d.ia5, cident, identifier.len()); |
| 297 | @@ -1059,7 +1059,7 @@ void WvX509::set_crl_urls(WvStringList &urls) |
| 298 | GENERAL_NAMES *uris = GENERAL_NAMES_new(); |
| 299 | GENERAL_NAME *uri = GENERAL_NAME_new(); |
| 300 | uri->type = GEN_URI; |
| 301 | - uri->d.ia5 = M_ASN1_IA5STRING_new(); |
| 302 | + uri->d.ia5 = ASN1_IA5STRING_new(); |
| 303 | unsigned char *cident |
| 304 | = reinterpret_cast<unsigned char *>(i().edit()); |
| 305 | ASN1_STRING_set(uri->d.ia5, cident, i().len()); |
| 306 | @@ -1162,10 +1162,11 @@ WvString WvX509::get_extension(int nid) const |
| 307 | #else |
| 308 | X509V3_EXT_METHOD *method = X509V3_EXT_get(ext); |
| 309 | #endif |
| 310 | + ASN1_OCTET_STRING *ext_data_str = X509_EXTENSION_get_data(ext); |
| 311 | if (!method) |
| 312 | { |
| 313 | WvDynBuf buf; |
| 314 | - buf.put(ext->value->data, ext->value->length); |
| 315 | + buf.put(ext_data_str->data, ext_data_str->length); |
| 316 | retval = buf.getstr(); |
| 317 | } |
| 318 | else |
| 319 | @@ -1176,21 +1177,21 @@ WvString WvX509::get_extension(int nid) const |
| 320 | // even though it's const (at least as of version 0.9.8e). |
| 321 | // gah. |
| 322 | #if OPENSSL_VERSION_NUMBER >= 0x0090800fL |
| 323 | - const unsigned char * ext_value_data = ext->value->data; |
| 324 | + const unsigned char * ext_value_data = ext_data_str->data; |
| 325 | #else |
| 326 | unsigned char *ext_value_data = ext->value->data; |
| 327 | #endif |
| 328 | if (method->it) |
| 329 | { |
| 330 | ext_data = ASN1_item_d2i(NULL, &ext_value_data, |
| 331 | - ext->value->length, |
| 332 | + ext_data_str->length, |
| 333 | ASN1_ITEM_ptr(method->it)); |
| 334 | TRACE("Applied generic conversion!\n"); |
| 335 | } |
| 336 | else |
| 337 | { |
| 338 | ext_data = method->d2i(NULL, &ext_value_data, |
| 339 | - ext->value->length); |
| 340 | + ext_data_str->length); |
| 341 | TRACE("Applied method specific conversion!\n"); |
| 342 | } |
| 343 | |
| 344 | @@ -1325,13 +1326,13 @@ bool WvX509::verify(WvBuf &original, WvStringParm signature) const |
| 345 | return false; |
| 346 | |
| 347 | /* Verify the signature */ |
| 348 | - EVP_MD_CTX sig_ctx; |
| 349 | - EVP_VerifyInit(&sig_ctx, EVP_sha1()); |
| 350 | - EVP_VerifyUpdate(&sig_ctx, original.peek(0, original.used()), |
| 351 | + EVP_MD_CTX *sig_ctx = EVP_MD_CTX_new(); |
| 352 | + EVP_VerifyInit(sig_ctx, EVP_sha1()); |
| 353 | + EVP_VerifyUpdate(sig_ctx, original.peek(0, original.used()), |
| 354 | original.used()); |
| 355 | - int sig_err = EVP_VerifyFinal(&sig_ctx, sig_buf, sig_size, pk); |
| 356 | + int sig_err = EVP_VerifyFinal(sig_ctx, sig_buf, sig_size, pk); |
| 357 | EVP_PKEY_free(pk); |
| 358 | - EVP_MD_CTX_cleanup(&sig_ctx); // Again, not my fault... |
| 359 | + EVP_MD_CTX_free(sig_ctx); // Again, not my fault... |
| 360 | if (sig_err != 1) |
| 361 | { |
| 362 | debug("Verify failed!\n"); |
| 363 | @@ -1450,19 +1451,19 @@ void WvX509::set_ski() |
| 364 | { |
| 365 | CHECK_CERT_EXISTS_SET("ski"); |
| 366 | |
| 367 | - ASN1_OCTET_STRING *oct = M_ASN1_OCTET_STRING_new(); |
| 368 | - ASN1_BIT_STRING *pk = cert->cert_info->key->public_key; |
| 369 | + ASN1_OCTET_STRING *oct = ASN1_OCTET_STRING_new(); |
| 370 | + ASN1_BIT_STRING *pk = X509_get0_pubkey_bitstr(cert); |
| 371 | unsigned char pkey_dig[EVP_MAX_MD_SIZE]; |
| 372 | unsigned int diglen; |
| 373 | |
| 374 | EVP_Digest(pk->data, pk->length, pkey_dig, &diglen, EVP_sha1(), NULL); |
| 375 | |
| 376 | - M_ASN1_OCTET_STRING_set(oct, pkey_dig, diglen); |
| 377 | + ASN1_OCTET_STRING_set(oct, pkey_dig, diglen); |
| 378 | X509_EXTENSION *ext = X509V3_EXT_i2d(NID_subject_key_identifier, 0, |
| 379 | oct); |
| 380 | X509_add_ext(cert, ext, -1); |
| 381 | X509_EXTENSION_free(ext); |
| 382 | - M_ASN1_OCTET_STRING_free(oct); |
| 383 | + ASN1_OCTET_STRING_free(oct); |
| 384 | } |
| 385 | |
| 386 | |
| 387 | diff --git a/crypto/wvx509mgr.cc b/crypto/wvx509mgr.cc |
| 388 | index f249eec..156d3a4 100644 |
| 389 | --- a/crypto/wvx509mgr.cc |
| 390 | +++ b/crypto/wvx509mgr.cc |
| 391 | @@ -350,6 +350,8 @@ bool WvX509Mgr::signcert(WvX509 &unsignedcert) const |
| 392 | return false; |
| 393 | } |
| 394 | |
| 395 | + uint32_t ex_flags = X509_get_extension_flags(cert); |
| 396 | + uint32_t ex_kusage = X509_get_key_usage(cert); |
| 397 | if (cert == unsignedcert.cert) |
| 398 | { |
| 399 | debug("Self Signing!\n"); |
| 400 | @@ -362,8 +364,8 @@ bool WvX509Mgr::signcert(WvX509 &unsignedcert) const |
| 401 | return false; |
| 402 | } |
| 403 | #endif |
| 404 | - else if (!((cert->ex_flags & EXFLAG_KUSAGE) && |
| 405 | - (cert->ex_kusage & KU_KEY_CERT_SIGN))) |
| 406 | + else if (!((ex_flags & EXFLAG_KUSAGE) && |
| 407 | + (ex_kusage & KU_KEY_CERT_SIGN))) |
| 408 | { |
| 409 | debug("This Certificate is not allowed to sign certificates!\n"); |
| 410 | return false; |
| 411 | @@ -390,6 +392,8 @@ bool WvX509Mgr::signcert(WvX509 &unsignedcert) const |
| 412 | |
| 413 | bool WvX509Mgr::signcrl(WvCRL &crl) const |
| 414 | { |
| 415 | + uint32_t ex_flags = X509_get_extension_flags(cert); |
| 416 | + uint32_t ex_kusage = X509_get_key_usage(cert); |
| 417 | if (!isok() || !crl.isok()) |
| 418 | { |
| 419 | debug(WvLog::Warning, "Asked to sign CRL, but certificate or CRL (or " |
| 420 | @@ -403,12 +407,12 @@ bool WvX509Mgr::signcrl(WvCRL &crl) const |
| 421 | "CRLs!\n"); |
| 422 | return false; |
| 423 | } |
| 424 | - else if (!((cert->ex_flags & EXFLAG_KUSAGE) && |
| 425 | - (cert->ex_kusage & KU_CRL_SIGN))) |
| 426 | + else if (!((ex_flags & EXFLAG_KUSAGE) && |
| 427 | + (ex_kusage & KU_CRL_SIGN))) |
| 428 | { |
| 429 | debug("Certificate not allowed to sign CRLs! (%s %s)\n", |
| 430 | - (cert->ex_flags & EXFLAG_KUSAGE), |
| 431 | - (cert->ex_kusage & KU_CRL_SIGN)); |
| 432 | + (ex_flags & EXFLAG_KUSAGE), |
| 433 | + (ex_kusage & KU_CRL_SIGN)); |
| 434 | return false; |
| 435 | } |
| 436 | #endif |
| 437 | @@ -454,7 +458,6 @@ WvString WvX509Mgr::sign(WvBuf &data) const |
| 438 | { |
| 439 | assert(rsa); |
| 440 | |
| 441 | - EVP_MD_CTX sig_ctx; |
| 442 | unsigned char sig_buf[4096]; |
| 443 | |
| 444 | EVP_PKEY *pk = EVP_PKEY_new(); |
| 445 | @@ -467,20 +470,22 @@ WvString WvX509Mgr::sign(WvBuf &data) const |
| 446 | return WvString::null; |
| 447 | } |
| 448 | |
| 449 | - EVP_SignInit(&sig_ctx, EVP_sha1()); |
| 450 | - EVP_SignUpdate(&sig_ctx, data.peek(0, data.used()), data.used()); |
| 451 | + EVP_MD_CTX *sig_ctx = EVP_MD_CTX_new(); |
| 452 | + EVP_SignInit(sig_ctx, EVP_sha1()); |
| 453 | + EVP_SignUpdate(sig_ctx, data.peek(0, data.used()), data.used()); |
| 454 | unsigned int sig_len = sizeof(sig_buf); |
| 455 | - int sig_err = EVP_SignFinal(&sig_ctx, sig_buf, |
| 456 | + int sig_err = EVP_SignFinal(sig_ctx, sig_buf, |
| 457 | &sig_len, pk); |
| 458 | if (sig_err != 1) |
| 459 | { |
| 460 | debug("Error while signing.\n"); |
| 461 | EVP_PKEY_free(pk); |
| 462 | + EVP_MD_CTX_free(sig_ctx); |
| 463 | return WvString::null; |
| 464 | } |
| 465 | |
| 466 | EVP_PKEY_free(pk); |
| 467 | - EVP_MD_CTX_cleanup(&sig_ctx); // this isn't my fault :// |
| 468 | + EVP_MD_CTX_free(sig_ctx); // this isn't my fault :// |
| 469 | WvDynBuf buf; |
| 470 | buf.put(sig_buf, sig_len); |
| 471 | debug("Signature size: %s\n", buf.used()); |
| 472 | diff --git a/include/wvdiffiehellman.h b/include/wvdiffiehellman.h |
| 473 | index af75ffa..a2d001f 100644 |
| 474 | --- a/include/wvdiffiehellman.h |
| 475 | +++ b/include/wvdiffiehellman.h |
| 476 | @@ -27,7 +27,7 @@ public: |
| 477 | bool create_secret(WvBuf &inbuf, size_t in_len, WvBuf& outbuf); |
| 478 | |
| 479 | protected: |
| 480 | - struct dh_st *info; |
| 481 | + DH *info; |
| 482 | BN_ULONG generator; |
| 483 | |
| 484 | private: |
| 485 | diff --git a/include/wvdigest.h b/include/wvdigest.h |
| 486 | index fdc39bd..f2eed40 100644 |
| 487 | --- a/include/wvdigest.h |
| 488 | +++ b/include/wvdigest.h |
| 489 | @@ -9,10 +9,8 @@ |
| 490 | |
| 491 | #include "wvencoder.h" |
| 492 | #include <stdint.h> |
| 493 | +#include <openssl/evp.h> |
| 494 | |
| 495 | -struct env_md_st; |
| 496 | -struct env_md_ctx_st; |
| 497 | -struct hmac_ctx_st; |
| 498 | |
| 499 | /** |
| 500 | * Superclass for all message digests. |
| 501 | @@ -45,8 +43,8 @@ public: |
| 502 | class WvEVPMDDigest : public WvDigest |
| 503 | { |
| 504 | friend class WvHMACDigest; |
| 505 | - const env_md_st *evpmd; |
| 506 | - env_md_ctx_st *evpctx; |
| 507 | + const EVP_MD *evpmd; |
| 508 | + EVP_MD_CTX *evpctx; |
| 509 | bool active; |
| 510 | |
| 511 | public: |
| 512 | @@ -54,13 +52,13 @@ public: |
| 513 | virtual size_t digestsize() const; |
| 514 | |
| 515 | protected: |
| 516 | - WvEVPMDDigest(const env_md_st *_evpmd); |
| 517 | + WvEVPMDDigest(const EVP_MD *_evpmd); |
| 518 | virtual bool _encode(WvBuf &inbuf, WvBuf &outbuf, |
| 519 | bool flush); // consumes input |
| 520 | virtual bool _finish(WvBuf &outbuf); // outputs digest |
| 521 | virtual bool _reset(); // supported: resets digest value |
| 522 | |
| 523 | - const env_md_st *getevpmd() |
| 524 | + const EVP_MD *getevpmd() |
| 525 | { return evpmd; } |
| 526 | |
| 527 | private: |
| 528 | @@ -104,7 +102,7 @@ class WvHMACDigest : public WvDigest |
| 529 | WvEVPMDDigest *digest; |
| 530 | unsigned char *key; |
| 531 | size_t keysize; |
| 532 | - hmac_ctx_st *hmacctx; |
| 533 | + HMAC_CTX *hmacctx; |
| 534 | bool active; |
| 535 | |
| 536 | public: |
| 537 | diff --git a/include/wvtripledes.h b/include/wvtripledes.h |
| 538 | index 185fe8a..a442e7a 100644 |
| 539 | --- a/include/wvtripledes.h |
| 540 | +++ b/include/wvtripledes.h |
| 541 | @@ -70,11 +70,11 @@ protected: |
| 542 | |
| 543 | private: |
| 544 | Mode mode; |
| 545 | - des_cblock key; |
| 546 | - des_key_schedule deskey1; |
| 547 | - des_key_schedule deskey2; |
| 548 | - des_key_schedule deskey3; |
| 549 | - des_cblock ivec; // initialization vector |
| 550 | + DES_cblock key; |
| 551 | + DES_key_schedule deskey1; |
| 552 | + DES_key_schedule deskey2; |
| 553 | + DES_key_schedule deskey3; |
| 554 | + DES_cblock ivec; // initialization vector |
| 555 | int ivecoff; // current offset into initvec |
| 556 | }; |
| 557 | |