From 8fca4e413bd14d2ef7c0d8e3fc5663ef6f8a4a3c Mon Sep 17 00:00:00 2001 From: Timothy Pearson Date: Sat, 2 Mar 2019 17:49:38 -0600 Subject: [PATCH] Update for OpenSSL 1.1 --- common/ssl_calls.c | 99 +++++++++++++++++++++++----------------------- 1 file changed, 49 insertions(+), 50 deletions(-) diff --git a/common/ssl_calls.c b/common/ssl_calls.c index b7eb6131..005d6a62 100644 --- a/common/ssl_calls.c +++ b/common/ssl_calls.c @@ -170,7 +170,7 @@ ssl_des3_encrypt_info_create(const char *key, const char* ivec) const tui8 *lkey; const tui8 *livec; - des3_ctx = (EVP_CIPHER_CTX *) g_malloc(sizeof(EVP_CIPHER_CTX), 1); + des3_ctx = EVP_CIPHER_CTX_new(); EVP_CIPHER_CTX_init(des3_ctx); lkey = (const tui8 *) key; livec = (const tui8 *) ivec; @@ -187,7 +187,7 @@ ssl_des3_decrypt_info_create(const char *key, const char* ivec) const tui8 *lkey; const tui8 *livec; - des3_ctx = g_malloc(sizeof(EVP_CIPHER_CTX), 1); + des3_ctx = EVP_CIPHER_CTX_new(); EVP_CIPHER_CTX_init(des3_ctx); lkey = (const tui8 *) key; livec = (const tui8 *) ivec; @@ -205,8 +205,7 @@ ssl_des3_info_delete(void *des3) des3_ctx = (EVP_CIPHER_CTX *) des3; if (des3_ctx != 0) { - EVP_CIPHER_CTX_cleanup(des3_ctx); - g_free(des3_ctx); + EVP_CIPHER_CTX_free(des3_ctx); } } @@ -250,8 +249,7 @@ ssl_hmac_info_create(void) { HMAC_CTX *hmac_ctx; - hmac_ctx = (HMAC_CTX *) g_malloc(sizeof(HMAC_CTX), 1); - HMAC_CTX_init(hmac_ctx); + hmac_ctx = HMAC_CTX_new(); return hmac_ctx; } @@ -264,8 +262,7 @@ ssl_hmac_info_delete(void *hmac) hmac_ctx = (HMAC_CTX *) hmac; if (hmac_ctx != 0) { - HMAC_CTX_cleanup(hmac_ctx); - g_free(hmac_ctx); + HMAC_CTX_free(hmac_ctx); } } @@ -332,10 +329,10 @@ ssl_mod_exp(char *out, int out_len, char *in, int in_len, char *mod, int mod_len, char *exp, int exp_len) { BN_CTX *ctx; - BIGNUM lmod; - BIGNUM lexp; - BIGNUM lin; - BIGNUM lout; + BIGNUM* lmod; + BIGNUM* lexp; + BIGNUM* lin; + BIGNUM* lout; int rv; char *l_out; char *l_in; @@ -353,15 +350,15 @@ ssl_mod_exp(char *out, int out_len, char *in, int in_len, ssl_reverse_it(l_mod, mod_len); ssl_reverse_it(l_exp, exp_len); ctx = BN_CTX_new(); - BN_init(&lmod); - BN_init(&lexp); - BN_init(&lin); - BN_init(&lout); - BN_bin2bn((tui8 *)l_mod, mod_len, &lmod); - BN_bin2bn((tui8 *)l_exp, exp_len, &lexp); - BN_bin2bn((tui8 *)l_in, in_len, &lin); - BN_mod_exp(&lout, &lin, &lexp, &lmod, ctx); - rv = BN_bn2bin(&lout, (tui8 *)l_out); + lmod = BN_new(); + lexp = BN_new(); + lin = BN_new(); + lout = BN_new(); + BN_bin2bn((tui8*)l_mod, mod_len, lmod); + BN_bin2bn((tui8*)l_exp, exp_len, lexp); + BN_bin2bn((tui8*)l_in, in_len, lin); + BN_mod_exp(lout, lin, lexp, lmod, ctx); + rv = BN_bn2bin(lout, (tui8*)l_out); if (rv <= out_len) { @@ -373,10 +370,10 @@ ssl_mod_exp(char *out, int out_len, char *in, int in_len, rv = 0; } - BN_free(&lin); - BN_free(&lout); - BN_free(&lexp); - BN_free(&lmod); + BN_free(lin); + BN_free(lout); + BN_free(lexp); + BN_free(lmod); BN_CTX_free(ctx); g_free(l_out); g_free(l_in); @@ -401,7 +398,6 @@ ssl_gen_key_xrdp1(int key_size_in_bits, char *exp, int exp_len, tui8 *lexp; int error; int len; - int diff; if ((exp_len != 4) || ((mod_len != 64) && (mod_len != 256)) || ((pri_len != 64) && (pri_len != 256))) @@ -409,9 +405,8 @@ ssl_gen_key_xrdp1(int key_size_in_bits, char *exp, int exp_len, return 1; } - diff = 0; - lmod = (char *)g_malloc(mod_len, 1); - lpri = (char *)g_malloc(pri_len, 1); + lmod = (char *)g_malloc(mod_len, 0); + lpri = (char *)g_malloc(pri_len, 0); lexp = (tui8 *)exp; my_e = lexp[0]; my_e |= lexp[1] << 8; @@ -424,27 +419,29 @@ ssl_gen_key_xrdp1(int key_size_in_bits, char *exp, int exp_len, if (error == 0) { - len = BN_num_bytes(my_key->n); - error = (len < 1) || (len > mod_len); - diff = mod_len - len; + RSA_get0_key(my_key, &key_n, NULL, &key_d); + } + if (error == 0) + { + len = BN_num_bytes(key_n); + error = len != mod_len; } if (error == 0) { - BN_bn2bin(my_key->n, (tui8 *)(lmod + diff)); + BN_bn2bin(key_n, (tui8 *)lmod); ssl_reverse_it(lmod, mod_len); } if (error == 0) { - len = BN_num_bytes(my_key->d); - error = (len < 1) || (len > pri_len); - diff = pri_len - len; + len = BN_num_bytes(key_d); + error = len != pri_len; } if (error == 0) { - BN_bn2bin(my_key->d, (tui8 *)(lpri + diff)); + BN_bn2bin(key_d, (tui8 *)lpri); ssl_reverse_it(lpri, pri_len); } @@ -475,7 +472,8 @@ ssl_gen_key_xrdp1(int key_size_in_bits, char *exp, int exp_len, char *lpri; int error; int len; - int diff; + const BIGNUM* key_n; + const BIGNUM* key_d; if ((exp_len != 4) || ((mod_len != 64) && (mod_len != 256)) || ((pri_len != 64) && (pri_len != 256))) @@ -483,10 +481,9 @@ ssl_gen_key_xrdp1(int key_size_in_bits, char *exp, int exp_len, return 1; } - diff = 0; - lexp = (char *)g_malloc(exp_len, 1); - lmod = (char *)g_malloc(mod_len, 1); - lpri = (char *)g_malloc(pri_len, 1); + lexp = (char *)g_malloc(exp_len, 0); + lmod = (char *)g_malloc(mod_len, 0); + lpri = (char *)g_malloc(pri_len, 0); g_memcpy(lexp, exp, exp_len); ssl_reverse_it(lexp, exp_len); my_e = BN_new(); @@ -496,27 +493,29 @@ ssl_gen_key_xrdp1(int key_size_in_bits, char *exp, int exp_len, if (error == 0) { - len = BN_num_bytes(my_key->n); - error = (len < 1) || (len > mod_len); - diff = mod_len - len; + RSA_get0_key(my_key, &key_n, NULL, &key_d); + } + if (error == 0) + { + len = BN_num_bytes(key_n); + error = len != mod_len; } if (error == 0) { - BN_bn2bin(my_key->n, (tui8 *)(lmod + diff)); + BN_bn2bin(key_n, (tui8 *)lmod); ssl_reverse_it(lmod, mod_len); } if (error == 0) { - len = BN_num_bytes(my_key->d); - error = (len < 1) || (len > pri_len); - diff = pri_len - len; + len = BN_num_bytes(key_d); + error = len != pri_len; } if (error == 0) { - BN_bn2bin(my_key->d, (tui8 *)(lpri + diff)); + BN_bn2bin(key_d, (tui8 *)lpri); ssl_reverse_it(lpri, pri_len); }