Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP2:GA
xml-security-c
xml-security-c-1.7.3_openssl1.1.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File xml-security-c-1.7.3_openssl1.1.patch of Package xml-security-c
diff -U3 -r xml-security-c-1.7.3.orig/xsec/enc/OpenSSL/OpenSSLCryptoBase64.cpp xml-security-c-1.7.3/xsec/enc/OpenSSL/OpenSSLCryptoBase64.cpp --- xml-security-c-1.7.3.orig/xsec/enc/OpenSSL/OpenSSLCryptoBase64.cpp 2012-07-23 19:56:11.000000000 +0300 +++ xml-security-c-1.7.3/xsec/enc/OpenSSL/OpenSSLCryptoBase64.cpp 2017-02-19 20:37:10.000000000 +0200 @@ -44,6 +44,15 @@ XERCES_CPP_NAMESPACE_USE +OpenSSLCryptoBase64::OpenSSLCryptoBase64() { + m_ectx = EVP_ENCODE_CTX_new(); + m_dctx = EVP_ENCODE_CTX_new(); +} + +OpenSSLCryptoBase64::~OpenSSLCryptoBase64() { + EVP_ENCODE_CTX_free(m_ectx); + EVP_ENCODE_CTX_free(m_dctx); +} // -------------------------------------------------------------------------------- // Decoding @@ -51,7 +60,7 @@ void OpenSSLCryptoBase64::decodeInit(void) { - EVP_DecodeInit(&m_dctx); + EVP_DecodeInit(m_dctx); } @@ -70,7 +79,7 @@ } - rc = EVP_DecodeUpdate(&m_dctx, + rc = EVP_DecodeUpdate(m_dctx, outData, &outLen, (unsigned char *) inData, @@ -99,7 +108,7 @@ int outLen; outLen = outLength; - EVP_DecodeFinal(&m_dctx, outData, &outLen); + EVP_DecodeFinal(m_dctx, outData, &outLen); return outLen; @@ -111,7 +120,7 @@ void OpenSSLCryptoBase64::encodeInit(void) { - EVP_EncodeInit(&m_ectx); + EVP_EncodeInit(m_ectx); } @@ -130,7 +139,7 @@ } - EVP_EncodeUpdate(&m_ectx, + EVP_EncodeUpdate(m_ectx, outData, &outLen, (unsigned char *) inData, @@ -153,7 +162,7 @@ int outLen; outLen = outLength; - EVP_EncodeFinal(&m_ectx, outData, &outLen); + EVP_EncodeFinal(m_ectx, outData, &outLen); return outLen; diff -U3 -r xml-security-c-1.7.3.orig/xsec/enc/OpenSSL/OpenSSLCryptoBase64.hpp xml-security-c-1.7.3/xsec/enc/OpenSSL/OpenSSLCryptoBase64.hpp --- xml-security-c-1.7.3.orig/xsec/enc/OpenSSL/OpenSSLCryptoBase64.hpp 2012-07-23 19:56:11.000000000 +0300 +++ xml-security-c-1.7.3/xsec/enc/OpenSSL/OpenSSLCryptoBase64.hpp 2017-02-19 10:46:50.000000000 +0200 @@ -66,8 +66,8 @@ public : - OpenSSLCryptoBase64() {}; - virtual ~OpenSSLCryptoBase64() {}; + OpenSSLCryptoBase64(); + virtual ~OpenSSLCryptoBase64(); /** @name Decoding Functions */ //@{ @@ -189,20 +189,20 @@ * \brief Get OpenSSL encode context structure */ - EVP_ENCODE_CTX * getOpenSSLEncodeEVP_ENCODE_CTX(void) {return &m_ectx;} + EVP_ENCODE_CTX * getOpenSSLEncodeEVP_ENCODE_CTX(void) {return m_ectx;} /** * \brief Get OpenSSL encode context structure */ - EVP_ENCODE_CTX * getOpenSSLDecodeEVP_ENCODE_CTX(void) {return &m_dctx;} + EVP_ENCODE_CTX * getOpenSSLDecodeEVP_ENCODE_CTX(void) {return m_dctx;} //@} private : - EVP_ENCODE_CTX m_ectx; // Encode context - EVP_ENCODE_CTX m_dctx; // Decode context + EVP_ENCODE_CTX *m_ectx; // Encode context + EVP_ENCODE_CTX *m_dctx; // Decode context }; diff -U3 -r xml-security-c-1.7.3.orig/xsec/enc/OpenSSL/OpenSSLCryptoHash.cpp xml-security-c-1.7.3/xsec/enc/OpenSSL/OpenSSLCryptoHash.cpp --- xml-security-c-1.7.3.orig/xsec/enc/OpenSSL/OpenSSLCryptoHash.cpp 2012-07-23 19:56:11.000000000 +0300 +++ xml-security-c-1.7.3/xsec/enc/OpenSSL/OpenSSLCryptoHash.cpp 2017-02-19 20:48:48.000000000 +0200 @@ -40,6 +40,7 @@ OpenSSLCryptoHash::OpenSSLCryptoHash(HashType alg) { + m_mdctx = EVP_MD_CTX_create(); switch (alg) { case (XSECCryptoHash::HASH_SHA1) : @@ -104,7 +105,7 @@ "OpenSSL:Hash - Error loading Message Digest"); } - EVP_DigestInit(&m_mdctx, mp_md); + EVP_DigestInit(m_mdctx, mp_md); m_hashType = alg; } @@ -112,7 +113,7 @@ OpenSSLCryptoHash::~OpenSSLCryptoHash() { - EVP_MD_CTX_cleanup(&m_mdctx); + EVP_MD_CTX_free(m_mdctx); } @@ -121,16 +122,16 @@ // Hashing Activities void OpenSSLCryptoHash::reset(void) { - EVP_MD_CTX_cleanup(&m_mdctx); - - EVP_DigestInit(&m_mdctx, mp_md); + EVP_MD_CTX_free(m_mdctx); + m_mdctx = EVP_MD_CTX_new(); + EVP_DigestInit(m_mdctx, mp_md); } void OpenSSLCryptoHash::hash(unsigned char * data, unsigned int length) { - EVP_DigestUpdate(&m_mdctx, data, length); + EVP_DigestUpdate(m_mdctx, data, length); } unsigned int OpenSSLCryptoHash::finish(unsigned char * hash, @@ -140,7 +141,7 @@ // Finish up and copy out hash, returning the length - EVP_DigestFinal(&m_mdctx, m_mdValue, &m_mdLen); + EVP_DigestFinal(m_mdctx, m_mdValue, &m_mdLen); // Copy to output buffer diff -U3 -r xml-security-c-1.7.3.orig/xsec/enc/OpenSSL/OpenSSLCryptoHash.hpp xml-security-c-1.7.3/xsec/enc/OpenSSL/OpenSSLCryptoHash.hpp --- xml-security-c-1.7.3.orig/xsec/enc/OpenSSL/OpenSSLCryptoHash.hpp 2012-07-23 19:56:11.000000000 +0300 +++ xml-security-c-1.7.3/xsec/enc/OpenSSL/OpenSSLCryptoHash.hpp 2017-02-19 10:42:32.000000000 +0200 @@ -138,7 +138,7 @@ * \brief Get OpenSSL hash context structure */ - EVP_MD_CTX * getOpenSSLEVP_MD_CTX(void) {return &m_mdctx;} + EVP_MD_CTX * getOpenSSLEVP_MD_CTX(void) {return m_mdctx;} //@} @@ -148,7 +148,7 @@ // Not implemented constructors OpenSSLCryptoHash(); - EVP_MD_CTX m_mdctx; // Context for digest + EVP_MD_CTX *m_mdctx; // Context for digest const EVP_MD * mp_md; // Digest instance unsigned char m_mdValue[EVP_MAX_MD_SIZE]; // Final output unsigned int m_mdLen; // Length of digest diff -U3 -r xml-security-c-1.7.3.orig/xsec/enc/OpenSSL/OpenSSLCryptoHashHMAC.cpp xml-security-c-1.7.3/xsec/enc/OpenSSL/OpenSSLCryptoHashHMAC.cpp --- xml-security-c-1.7.3.orig/xsec/enc/OpenSSL/OpenSSLCryptoHashHMAC.cpp 2012-07-23 19:56:11.000000000 +0300 +++ xml-security-c-1.7.3/xsec/enc/OpenSSL/OpenSSLCryptoHashHMAC.cpp 2017-02-19 20:50:03.000000000 +0200 @@ -43,6 +43,7 @@ OpenSSLCryptoHashHMAC::OpenSSLCryptoHashHMAC(HashType alg) { // Initialise the digest + m_hctx = HMAC_CTX_new(); switch (alg) { @@ -127,7 +128,7 @@ m_keyLen = ((XSECCryptoKeyHMAC *) key)->getKey(m_keyBuf); - HMAC_Init(&m_hctx, + HMAC_Init(m_hctx, m_keyBuf.rawBuffer(), m_keyLen, mp_md); @@ -139,7 +140,7 @@ OpenSSLCryptoHashHMAC::~OpenSSLCryptoHashHMAC() { if (m_initialised) - HMAC_CTX_cleanup(&m_hctx); + HMAC_CTX_free(m_hctx); } @@ -151,9 +152,9 @@ if (m_initialised) { - HMAC_CTX_cleanup(&m_hctx); - - HMAC_Init(&m_hctx, + HMAC_CTX_free(m_hctx); + m_hctx = HMAC_CTX_new(); + HMAC_Init(m_hctx, m_keyBuf.rawBuffer(), m_keyLen, mp_md); @@ -170,7 +171,7 @@ "OpenSSL:HashHMAC - hash called prior to setKey"); - HMAC_Update(&m_hctx, data, (int) length); + HMAC_Update(m_hctx, data, (int) length); } @@ -181,7 +182,7 @@ // Finish up and copy out hash, returning the length - HMAC_Final(&m_hctx, m_mdValue, &m_mdLen); + HMAC_Final(m_hctx, m_mdValue, &m_mdLen); // Copy to output buffer diff -U3 -r xml-security-c-1.7.3.orig/xsec/enc/OpenSSL/OpenSSLCryptoHashHMAC.hpp xml-security-c-1.7.3/xsec/enc/OpenSSL/OpenSSLCryptoHashHMAC.hpp --- xml-security-c-1.7.3.orig/xsec/enc/OpenSSL/OpenSSLCryptoHashHMAC.hpp 2012-07-23 19:56:11.000000000 +0300 +++ xml-security-c-1.7.3/xsec/enc/OpenSSL/OpenSSLCryptoHashHMAC.hpp 2017-02-19 10:50:19.000000000 +0200 @@ -162,7 +162,7 @@ * \brief Get OpenSSL Hash Context */ - HMAC_CTX * getOpenSSLHMAC_CTX(void) {return &m_hctx;} + HMAC_CTX * getOpenSSLHMAC_CTX(void) {return m_hctx;} //@} @@ -175,7 +175,7 @@ unsigned char m_mdValue[EVP_MAX_MD_SIZE]; // Final output unsigned int m_mdLen; // Length of digest HashType m_hashType; // What type of hash is this? - HMAC_CTX m_hctx; // Context for HMAC + HMAC_CTX *m_hctx; // Context for HMAC safeBuffer m_keyBuf; // The loaded key unsigned int m_keyLen; // The loaded key length bool m_initialised; diff -U3 -r xml-security-c-1.7.3.orig/xsec/enc/OpenSSL/OpenSSLCryptoKeyDSA.cpp xml-security-c-1.7.3/xsec/enc/OpenSSL/OpenSSLCryptoKeyDSA.cpp --- xml-security-c-1.7.3.orig/xsec/enc/OpenSSL/OpenSSLCryptoKeyDSA.cpp 2015-01-29 04:52:17.000000000 +0200 +++ xml-security-c-1.7.3/xsec/enc/OpenSSL/OpenSSLCryptoKeyDSA.cpp 2017-02-19 22:39:29.000000000 +0200 @@ -64,13 +64,15 @@ if (mp_dsaKey == NULL) return KEY_NONE; - if (mp_dsaKey->priv_key != NULL && mp_dsaKey->pub_key != NULL) + const BIGNUM *pub_key = 0, *priv_key = 0; + DSA_get0_key(mp_dsaKey, &pub_key, &priv_key); + if (priv_key != NULL && pub_key != NULL) return KEY_DSA_PAIR; - if (mp_dsaKey->priv_key != NULL) + if (priv_key != NULL) return KEY_DSA_PRIVATE; - if (mp_dsaKey->pub_key != NULL) + if (pub_key != NULL) return KEY_DSA_PUBLIC; return KEY_NONE; @@ -82,7 +84,7 @@ if (mp_dsaKey == NULL) mp_dsaKey = DSA_new(); - mp_dsaKey->p = OpenSSLCryptoBase64::b642BN((char *) b64, len); + DSA_set0_pqg(mp_dsaKey, OpenSSLCryptoBase64::b642BN((char *) b64, len), 0, 0); } @@ -91,7 +93,7 @@ if (mp_dsaKey == NULL) mp_dsaKey = DSA_new(); - mp_dsaKey->q = OpenSSLCryptoBase64::b642BN((char *) b64, len); + DSA_set0_pqg(mp_dsaKey, 0, OpenSSLCryptoBase64::b642BN((char *) b64, len), 0); } @@ -100,7 +102,7 @@ if (mp_dsaKey == NULL) mp_dsaKey = DSA_new(); - mp_dsaKey->g = OpenSSLCryptoBase64::b642BN((char *) b64, len); + DSA_set0_pqg(mp_dsaKey, 0, 0, OpenSSLCryptoBase64::b642BN((char *) b64, len)); } @@ -109,7 +111,7 @@ if (mp_dsaKey == NULL) mp_dsaKey = DSA_new(); - mp_dsaKey->pub_key = OpenSSLCryptoBase64::b642BN((char *) b64, len); + DSA_set0_key(mp_dsaKey, OpenSSLCryptoBase64::b642BN((char *) b64, len), 0); } @@ -130,20 +132,15 @@ mp_dsaKey = DSA_new(); - if (k == NULL || k->type != EVP_PKEY_DSA) + if (k == NULL || EVP_PKEY_base_id(k) != EVP_PKEY_DSA) return; // Nothing to do with us - - if (k->pkey.dsa->p) - mp_dsaKey->p = BN_dup(k->pkey.dsa->p); - if (k->pkey.dsa->q) - mp_dsaKey->q = BN_dup(k->pkey.dsa->q); - if (k->pkey.dsa->g) - mp_dsaKey->g = BN_dup(k->pkey.dsa->g); - if (k->pkey.dsa->pub_key) - mp_dsaKey->pub_key = BN_dup(k->pkey.dsa->pub_key); - if (k->pkey.dsa->priv_key) - mp_dsaKey->priv_key = BN_dup(k->pkey.dsa->priv_key); + DSA *dsa = EVP_PKEY_get0_DSA(k); + const BIGNUM *p = 0, *q = 0, *g = 0, *pub_key = 0, *priv_key = 0; + DSA_get0_pqg(dsa, &p, &q, &g); + DSA_get0_key(dsa, &pub_key, &priv_key); + DSA_set0_pqg(mp_dsaKey, BN_dup(p), BN_dup(q), BN_dup(g)); + DSA_set0_key(mp_dsaKey, BN_dup(pub_key), BN_dup(priv_key)); } @@ -175,9 +172,9 @@ unsigned char* sigVal = new unsigned char[sigLen + 1]; ArrayJanitor<unsigned char> j_sigVal(sigVal); - EVP_ENCODE_CTX m_dctx; - EVP_DecodeInit(&m_dctx); - int rc = EVP_DecodeUpdate(&m_dctx, + EVP_ENCODE_CTX *m_dctx = EVP_ENCODE_CTX_new(); + EVP_DecodeInit(m_dctx); + int rc = EVP_DecodeUpdate(m_dctx, sigVal, &sigValLen, (unsigned char *) cleanedBase64Signature, @@ -190,7 +187,8 @@ } int t = 0; - EVP_DecodeFinal(&m_dctx, &sigVal[sigValLen], &t); + EVP_DecodeFinal(m_dctx, &sigVal[sigValLen], &t); + EVP_ENCODE_CTX_free(m_dctx); sigValLen += t; @@ -223,12 +221,7 @@ } DSA_SIG * dsa_sig = DSA_SIG_new(); - - dsa_sig->r = BN_dup(R); - dsa_sig->s = BN_dup(S); - - BN_free(R); - BN_free(S); + DSA_SIG_set0(dsa_sig, R, S); // Now we have a signature and a key - lets check @@ -267,6 +260,8 @@ DSA_SIG * dsa_sig; dsa_sig = DSA_do_sign(hashBuf, hashLen, mp_dsaKey); + const BIGNUM *r = 0, *s = 0; + DSA_SIG_get0(dsa_sig, &r, &s); if (dsa_sig == NULL) { @@ -277,10 +272,10 @@ // Now turn the signature into a base64 string - unsigned char* rawSigBuf = new unsigned char[(BN_num_bits(dsa_sig->r) + BN_num_bits(dsa_sig->s) + 7) / 8]; + unsigned char* rawSigBuf = new unsigned char[(BN_num_bits(r) + BN_num_bits(s) + 7) / 8]; ArrayJanitor<unsigned char> j_sigbuf(rawSigBuf); - unsigned int rawLen = BN_bn2bin(dsa_sig->r, rawSigBuf); + unsigned int rawLen = BN_bn2bin(r, rawSigBuf); if (rawLen <= 0) { @@ -289,7 +284,7 @@ } - unsigned int rawLenS = BN_bn2bin(dsa_sig->s, (unsigned char *) &rawSigBuf[rawLen]); + unsigned int rawLenS = BN_bn2bin(s, (unsigned char *) &rawSigBuf[rawLen]); if (rawLenS <= 0) { @@ -339,16 +334,11 @@ ret->mp_dsaKey = DSA_new(); // Duplicate parameters - if (mp_dsaKey->p) - ret->mp_dsaKey->p = BN_dup(mp_dsaKey->p); - if (mp_dsaKey->q) - ret->mp_dsaKey->q = BN_dup(mp_dsaKey->q); - if (mp_dsaKey->g) - ret->mp_dsaKey->g = BN_dup(mp_dsaKey->g); - if (mp_dsaKey->pub_key) - ret->mp_dsaKey->pub_key = BN_dup(mp_dsaKey->pub_key); - if (mp_dsaKey->priv_key) - ret->mp_dsaKey->priv_key = BN_dup(mp_dsaKey->priv_key); + const BIGNUM *p = 0, *q = 0, *g = 0, *pub_key = 0, *priv_key = 0; + DSA_get0_pqg(mp_dsaKey, &p, &q, &g); + DSA_get0_key(mp_dsaKey, &pub_key, &priv_key); + DSA_set0_pqg(ret->mp_dsaKey, BN_dup(p), BN_dup(q), BN_dup(g)); + DSA_set0_key(ret->mp_dsaKey, BN_dup(pub_key), BN_dup(priv_key)); return ret; diff -U3 -r xml-security-c-1.7.3.orig/xsec/enc/OpenSSL/OpenSSLCryptoKeyEC.cpp xml-security-c-1.7.3/xsec/enc/OpenSSL/OpenSSLCryptoKeyEC.cpp --- xml-security-c-1.7.3.orig/xsec/enc/OpenSSL/OpenSSLCryptoKeyEC.cpp 2015-02-03 02:57:48.000000000 +0200 +++ xml-security-c-1.7.3/xsec/enc/OpenSSL/OpenSSLCryptoKeyEC.cpp 2017-02-19 21:57:57.000000000 +0200 @@ -128,10 +128,10 @@ // Create a new key to be loaded as we go - if (k == NULL || k->type != EVP_PKEY_EC) + if (k == NULL || EVP_PKEY_base_id(k) != EVP_PKEY_EC) return; // Nothing to do with us - mp_ecKey = EC_KEY_dup(k->pkey.ec); + mp_ecKey = EC_KEY_dup(EVP_PKEY_get0_EC_KEY(k)); } // -------------------------------------------------------------------------------- @@ -162,9 +162,9 @@ unsigned char* sigVal = new unsigned char[sigLen + 1]; ArrayJanitor<unsigned char> j_sigVal(sigVal); - EVP_ENCODE_CTX m_dctx; - EVP_DecodeInit(&m_dctx); - int rc = EVP_DecodeUpdate(&m_dctx, + EVP_ENCODE_CTX *m_dctx = EVP_ENCODE_CTX_new(); + EVP_DecodeInit(m_dctx); + int rc = EVP_DecodeUpdate(m_dctx, sigVal, &sigValLen, (unsigned char *) cleanedBase64Signature, @@ -177,7 +177,8 @@ } int t = 0; - EVP_DecodeFinal(&m_dctx, &sigVal[sigValLen], &t); + EVP_DecodeFinal(m_dctx, &sigVal[sigValLen], &t); + EVP_ENCODE_CTX_free(m_dctx); sigValLen += t; @@ -189,8 +190,9 @@ // Translate to BNs by splitting in half, and thence to ECDSA_SIG ECDSA_SIG * dsa_sig = ECDSA_SIG_new(); - dsa_sig->r = BN_bin2bn(sigVal, sigValLen / 2, NULL); - dsa_sig->s = BN_bin2bn(&sigVal[sigValLen / 2], sigValLen / 2, NULL); + ECDSA_SIG_set0(dsa_sig, + BN_bin2bn(sigVal, sigValLen / 2, NULL), + BN_bin2bn(&sigVal[sigValLen / 2], sigValLen / 2, NULL)); // Now we have a signature and a key - lets check @@ -228,6 +230,8 @@ ECDSA_SIG * dsa_sig; dsa_sig = ECDSA_do_sign(hashBuf, hashLen, mp_ecKey); + const BIGNUM *r, *s; + ECDSA_SIG_get0(dsa_sig, &r, &s); if (dsa_sig == NULL) { throw XSECCryptoException(XSECCryptoException::ECError, @@ -263,14 +267,14 @@ memset(rawSigBuf, 0, keyLen * 2); ArrayJanitor<unsigned char> j_sigbuf(rawSigBuf); - unsigned int rawLen = (BN_num_bits(dsa_sig->r) + 7) / 8; - if (BN_bn2bin(dsa_sig->r, rawSigBuf + keyLen - rawLen) <= 0) { + unsigned int rawLen = (BN_num_bits(r) + 7) / 8; + if (BN_bn2bin(r, rawSigBuf + keyLen - rawLen) <= 0) { throw XSECCryptoException(XSECCryptoException::ECError, "OpenSSL:EC - Error copying signature 'r' value to buffer"); } - rawLen = (BN_num_bits(dsa_sig->s) + 7) / 8; - if (BN_bn2bin(dsa_sig->s, rawSigBuf + keyLen + keyLen - rawLen) <= 0) { + rawLen = (BN_num_bits(s) + 7) / 8; + if (BN_bn2bin(s, rawSigBuf + keyLen + keyLen - rawLen) <= 0) { throw XSECCryptoException(XSECCryptoException::ECError, "OpenSSL:EC - Error copying signature 's' value to buffer"); } diff -U3 -r xml-security-c-1.7.3.orig/xsec/enc/OpenSSL/OpenSSLCryptoKeyRSA.cpp xml-security-c-1.7.3/xsec/enc/OpenSSL/OpenSSLCryptoKeyRSA.cpp --- xml-security-c-1.7.3.orig/xsec/enc/OpenSSL/OpenSSLCryptoKeyRSA.cpp 2012-07-23 19:56:11.000000000 +0300 +++ xml-security-c-1.7.3/xsec/enc/OpenSSL/OpenSSLCryptoKeyRSA.cpp 2017-02-19 21:53:14.000000000 +0200 @@ -326,13 +326,15 @@ if (mp_rsaKey == NULL) return KEY_NONE; - if (mp_rsaKey->n != NULL && mp_rsaKey->d != NULL) + const BIGNUM *n = 0, *e = 0, *d = 0; + RSA_get0_key(mp_rsaKey, &n, &e, &d); + if (n != NULL && d != NULL) return KEY_RSA_PAIR; - if (mp_rsaKey->d != NULL) + if (d != NULL) return KEY_RSA_PRIVATE; - if (mp_rsaKey->n != NULL) + if (n != NULL) return KEY_RSA_PUBLIC; return KEY_NONE; @@ -344,7 +346,7 @@ if (mp_rsaKey == NULL) mp_rsaKey = RSA_new(); - mp_rsaKey->n = OpenSSLCryptoBase64::b642BN((char *) b64, len); + RSA_set0_key(mp_rsaKey, OpenSSLCryptoBase64::b642BN((char *) b64, len), 0, 0); } @@ -353,7 +355,7 @@ if (mp_rsaKey == NULL) mp_rsaKey = RSA_new(); - mp_rsaKey->e = OpenSSLCryptoBase64::b642BN((char *) b64, len); + RSA_set0_key(mp_rsaKey, 0, OpenSSLCryptoBase64::b642BN((char *) b64, len), 0); } @@ -369,32 +371,17 @@ mp_rsaKey = RSA_new(); - if (k == NULL || k->type != EVP_PKEY_RSA) + if (k == NULL || EVP_PKEY_base_id(k) != EVP_PKEY_RSA) return; // Nothing to do with us - if (k->pkey.rsa->n) - mp_rsaKey->n = BN_dup(k->pkey.rsa->n); - - if (k->pkey.rsa->e) - mp_rsaKey->e = BN_dup(k->pkey.rsa->e); - - if (k->pkey.rsa->d) - mp_rsaKey->d = BN_dup(k->pkey.rsa->d); - - if (k->pkey.rsa->p) - mp_rsaKey->p = BN_dup(k->pkey.rsa->p); - - if (k->pkey.rsa->q) - mp_rsaKey->q = BN_dup(k->pkey.rsa->q); - - if (k->pkey.rsa->dmp1) - mp_rsaKey->dmp1 = BN_dup(k->pkey.rsa->dmp1); - - if (k->pkey.rsa->dmq1) - mp_rsaKey->dmq1 = BN_dup(k->pkey.rsa->dmq1); - - if (k->pkey.rsa->iqmp) - mp_rsaKey->iqmp = BN_dup(k->pkey.rsa->iqmp); + RSA *rsa = EVP_PKEY_get0_RSA(k); + const BIGNUM *n = 0, *e = 0, *d = 0, *p = 0, *q = 0, *dmp1 = 0, *dmq1 = 0, *iqmp = 0; + RSA_get0_key(rsa, &n, &e, &d); + RSA_get0_factors(rsa, &p, &q); + RSA_get0_crt_params(rsa, &dmp1, &dmq1, &iqmp); + RSA_set0_key(mp_rsaKey, BN_dup(n), BN_dup(e), BN_dup(d)); + RSA_set0_factors(mp_rsaKey, BN_dup(p), BN_dup(q)); + RSA_set0_crt_params(mp_rsaKey, BN_dup(dmp1), BN_dup(dmq1), BN_dup(iqmp)); } @@ -427,9 +414,9 @@ unsigned char* sigVal = new unsigned char[sigLen + 1]; ArrayJanitor<unsigned char> j_sigVal(sigVal); - EVP_ENCODE_CTX m_dctx; - EVP_DecodeInit(&m_dctx); - int rc = EVP_DecodeUpdate(&m_dctx, + EVP_ENCODE_CTX *m_dctx = EVP_ENCODE_CTX_new(); + EVP_DecodeInit(m_dctx); + int rc = EVP_DecodeUpdate(m_dctx, sigVal, &sigValLen, (unsigned char *) cleanedBase64Signature, @@ -442,7 +429,8 @@ } int t = 0; - EVP_DecodeFinal(&m_dctx, &sigVal[sigValLen], &t); + EVP_DecodeFinal(m_dctx, &sigVal[sigValLen], &t); + EVP_ENCODE_CTX_free(m_dctx); sigValLen += t; @@ -979,29 +967,13 @@ // Duplicate parameters - if (mp_rsaKey->n) - ret->mp_rsaKey->n = BN_dup(mp_rsaKey->n); - - if (mp_rsaKey->e) - ret->mp_rsaKey->e = BN_dup(mp_rsaKey->e); - - if (mp_rsaKey->d) - ret->mp_rsaKey->d = BN_dup(mp_rsaKey->d); - - if (mp_rsaKey->p) - ret->mp_rsaKey->p = BN_dup(mp_rsaKey->p); - - if (mp_rsaKey->q) - ret->mp_rsaKey->q = BN_dup(mp_rsaKey->q); - - if (mp_rsaKey->dmp1) - ret->mp_rsaKey->dmp1 = BN_dup(mp_rsaKey->dmp1); - - if (mp_rsaKey->dmq1) - ret->mp_rsaKey->dmq1 = BN_dup(mp_rsaKey->dmq1); - - if (mp_rsaKey->iqmp) - ret->mp_rsaKey->iqmp = BN_dup(mp_rsaKey->iqmp); + const BIGNUM *n = 0, *e = 0, *d = 0, *p = 0, *q = 0, *dmp1 = 0, *dmq1 = 0, *iqmp = 0; + RSA_get0_key(mp_rsaKey, &n, &e, &d); + RSA_get0_factors(mp_rsaKey, &p, &q); + RSA_get0_crt_params(mp_rsaKey, &dmp1, &dmq1, &iqmp); + RSA_set0_key(ret->mp_rsaKey, BN_dup(n), BN_dup(e), BN_dup(d)); + RSA_set0_factors(ret->mp_rsaKey, BN_dup(p), BN_dup(q)); + RSA_set0_crt_params(ret->mp_rsaKey, BN_dup(dmp1), BN_dup(dmq1), BN_dup(iqmp)); return ret; diff -U3 -r xml-security-c-1.7.3.orig/xsec/enc/OpenSSL/OpenSSLCryptoProvider.cpp xml-security-c-1.7.3/xsec/enc/OpenSSL/OpenSSLCryptoProvider.cpp --- xml-security-c-1.7.3.orig/xsec/enc/OpenSSL/OpenSSLCryptoProvider.cpp 2012-07-23 19:56:11.000000000 +0300 +++ xml-security-c-1.7.3/xsec/enc/OpenSSL/OpenSSLCryptoProvider.cpp 2017-02-19 21:28:15.000000000 +0200 @@ -343,7 +343,7 @@ if (pkey) { XSECCryptoKey* ret = NULL; try { - switch (pkey->type) { + switch (EVP_PKEY_base_id(pkey)) { case EVP_PKEY_RSA: ret = new OpenSSLCryptoKeyRSA(pkey); break; diff -U3 -r xml-security-c-1.7.3.orig/xsec/enc/OpenSSL/OpenSSLCryptoSymmetricKey.cpp xml-security-c-1.7.3/xsec/enc/OpenSSL/OpenSSLCryptoSymmetricKey.cpp --- xml-security-c-1.7.3.orig/xsec/enc/OpenSSL/OpenSSLCryptoSymmetricKey.cpp 2015-01-29 04:52:17.000000000 +0200 +++ xml-security-c-1.7.3/xsec/enc/OpenSSL/OpenSSLCryptoSymmetricKey.cpp 2017-02-19 21:24:51.000000000 +0200 @@ -56,7 +56,8 @@ m_keyLen(0), m_initialised(false) { - EVP_CIPHER_CTX_init(&m_ctx); + m_ctx = EVP_CIPHER_CTX_new(); + EVP_CIPHER_CTX_init(m_ctx); m_keyBuf.isSensitive(); } @@ -65,7 +66,7 @@ // Clean up the context - EVP_CIPHER_CTX_cleanup(&m_ctx); + EVP_CIPHER_CTX_free(m_ctx); } // -------------------------------------------------------------------------------- @@ -149,17 +150,17 @@ with 0.9.6 */ #if defined(XSEC_OPENSSL_CONST_BUFFERS) - EVP_DecryptInit(&m_ctx, EVP_des_ede3_cbc(),m_keyBuf.rawBuffer(), iv); + EVP_DecryptInit(m_ctx, EVP_des_ede3_cbc(),m_keyBuf.rawBuffer(), iv); #else - EVP_DecryptInit(&m_ctx, EVP_des_ede3_cbc(),(unsigned char *) m_keyBuf.rawBuffer(), (unsigned char *) iv); + EVP_DecryptInit(m_ctx, EVP_des_ede3_cbc(),(unsigned char *) m_keyBuf.rawBuffer(), (unsigned char *) iv); #endif m_ivSize = 8; } else if (m_keyMode == MODE_ECB) { #if defined(XSEC_OPENSSL_CONST_BUFFERS) - EVP_DecryptInit(&m_ctx, EVP_des_ecb(), m_keyBuf.rawBuffer(), NULL); + EVP_DecryptInit(m_ctx, EVP_des_ecb(), m_keyBuf.rawBuffer(), NULL); #else - EVP_DecryptInit(&m_ctx, EVP_des_ecb(), (unsigned char *) m_keyBuf.rawBuffer(), NULL); + EVP_DecryptInit(m_ctx, EVP_des_ecb(), (unsigned char *) m_keyBuf.rawBuffer(), NULL); #endif m_ivSize = 0; } @@ -184,7 +185,7 @@ return 0; // Cannot initialise without an IV } - EVP_DecryptInit_ex(&m_ctx, EVP_aes_128_cbc(), NULL, m_keyBuf.rawBuffer(), iv); + EVP_DecryptInit_ex(m_ctx, EVP_aes_128_cbc(), NULL, m_keyBuf.rawBuffer(), iv); } #if defined (XSEC_OPENSSL_HAVE_GCM) @@ -207,15 +208,15 @@ } // We have everything, so we can fully init. - EVP_CipherInit(&m_ctx, EVP_aes_128_gcm(), NULL, NULL, 0); - EVP_CIPHER_CTX_ctrl(&m_ctx, EVP_CTRL_GCM_SET_IVLEN, 12, NULL); - EVP_CIPHER_CTX_ctrl(&m_ctx, EVP_CTRL_GCM_SET_TAG, 16, (void*)m_tagBuf.rawBuffer()); - EVP_CipherInit(&m_ctx, NULL, m_keyBuf.rawBuffer(), iv, 0); + EVP_CipherInit(m_ctx, EVP_aes_128_gcm(), NULL, NULL, 0); + EVP_CIPHER_CTX_ctrl(m_ctx, EVP_CTRL_GCM_SET_IVLEN, 12, NULL); + EVP_CIPHER_CTX_ctrl(m_ctx, EVP_CTRL_GCM_SET_TAG, 16, (void*)m_tagBuf.rawBuffer()); + EVP_CipherInit(m_ctx, NULL, m_keyBuf.rawBuffer(), iv, 0); } #endif else if (m_keyMode == MODE_ECB) { - EVP_DecryptInit_ex(&m_ctx, EVP_aes_128_ecb(), NULL, m_keyBuf.rawBuffer(), NULL); + EVP_DecryptInit_ex(m_ctx, EVP_aes_128_ecb(), NULL, m_keyBuf.rawBuffer(), NULL); } else { @@ -236,7 +237,7 @@ return 0; // Cannot initialise without an IV } - EVP_DecryptInit_ex(&m_ctx, EVP_aes_192_cbc(), NULL, m_keyBuf.rawBuffer(), iv); + EVP_DecryptInit_ex(m_ctx, EVP_aes_192_cbc(), NULL, m_keyBuf.rawBuffer(), iv); } #if defined (XSEC_OPENSSL_HAVE_GCM) @@ -259,16 +260,16 @@ } // We have everything, so we can fully init. - EVP_CipherInit(&m_ctx, EVP_aes_192_gcm(), NULL, NULL, 0); - EVP_CIPHER_CTX_ctrl(&m_ctx, EVP_CTRL_GCM_SET_IVLEN, 12, NULL); - EVP_CIPHER_CTX_ctrl(&m_ctx, EVP_CTRL_GCM_SET_TAG, 16, (void*)m_tagBuf.rawBuffer()); - EVP_CipherInit(&m_ctx, NULL, m_keyBuf.rawBuffer(), iv, 0); + EVP_CipherInit(m_ctx, EVP_aes_192_gcm(), NULL, NULL, 0); + EVP_CIPHER_CTX_ctrl(m_ctx, EVP_CTRL_GCM_SET_IVLEN, 12, NULL); + EVP_CIPHER_CTX_ctrl(m_ctx, EVP_CTRL_GCM_SET_TAG, 16, (void*)m_tagBuf.rawBuffer()); + EVP_CipherInit(m_ctx, NULL, m_keyBuf.rawBuffer(), iv, 0); } #endif else if (m_keyMode == MODE_ECB) { - EVP_DecryptInit_ex(&m_ctx, EVP_aes_192_ecb(), NULL, m_keyBuf.rawBuffer(), NULL); + EVP_DecryptInit_ex(m_ctx, EVP_aes_192_ecb(), NULL, m_keyBuf.rawBuffer(), NULL); } else { @@ -289,7 +290,7 @@ return 0; // Cannot initialise without an IV } - EVP_DecryptInit_ex(&m_ctx, EVP_aes_256_cbc(), NULL, m_keyBuf.rawBuffer(), iv); + EVP_DecryptInit_ex(m_ctx, EVP_aes_256_cbc(), NULL, m_keyBuf.rawBuffer(), iv); } #if defined (XSEC_OPENSSL_HAVE_GCM) @@ -312,16 +313,16 @@ } // We have everything, so we can fully init. - EVP_CipherInit(&m_ctx, EVP_aes_256_gcm(), NULL, NULL, 0); - EVP_CIPHER_CTX_ctrl(&m_ctx, EVP_CTRL_GCM_SET_IVLEN, 12, NULL); - EVP_CIPHER_CTX_ctrl(&m_ctx, EVP_CTRL_GCM_SET_TAG, 16, (void*)m_tagBuf.rawBuffer()); - EVP_CipherInit(&m_ctx, NULL, m_keyBuf.rawBuffer(), iv, 0); + EVP_CipherInit(m_ctx, EVP_aes_256_gcm(), NULL, NULL, 0); + EVP_CIPHER_CTX_ctrl(m_ctx, EVP_CTRL_GCM_SET_IVLEN, 12, NULL); + EVP_CIPHER_CTX_ctrl(m_ctx, EVP_CTRL_GCM_SET_TAG, 16, (void*)m_tagBuf.rawBuffer()); + EVP_CipherInit(m_ctx, NULL, m_keyBuf.rawBuffer(), iv, 0); } #endif else if (m_keyMode == MODE_ECB) { - EVP_DecryptInit_ex(&m_ctx, EVP_aes_256_ecb(), NULL, m_keyBuf.rawBuffer(), NULL); + EVP_DecryptInit_ex(m_ctx, EVP_aes_256_ecb(), NULL, m_keyBuf.rawBuffer(), NULL); } else { @@ -371,7 +372,7 @@ // Disable OpenSSL padding - The interop samples have broken PKCS padding - AARGHH #if defined (XSEC_OPENSSL_CANSET_PADDING) - EVP_CIPHER_CTX_set_padding(&m_ctx, 0); + EVP_CIPHER_CTX_set_padding(m_ctx, 0); #endif // Return number of bytes chewed up by IV @@ -439,9 +440,9 @@ } #if defined (XSEC_OPENSSL_CONST_BUFFERS) - if (EVP_DecryptUpdate(&m_ctx, &plainBuf[m_bytesInLastBlock], &outl, &inBuf[offset], inLength - offset) == 0) { + if (EVP_DecryptUpdate(m_ctx, &plainBuf[m_bytesInLastBlock], &outl, &inBuf[offset], inLength - offset) == 0) { #else - if (EVP_DecryptUpdate(&m_ctx, &plainBuf[m_bytesInLastBlock], &outl, (unsigned char *) &inBuf[offset], inLength - offset) == 0) { + if (EVP_DecryptUpdate(m_ctx, &plainBuf[m_bytesInLastBlock], &outl, (unsigned char *) &inBuf[offset], inLength - offset) == 0) { #endif throw XSECCryptoException(XSECCryptoException::SymmetricError, "OpenSSL:SymmetricKey - Error during OpenSSL decrypt"); @@ -476,7 +477,7 @@ #if defined (XSEC_OPENSSL_CANSET_PADDING) - if (EVP_DecryptFinal(&m_ctx, plainBuf, &outl) == 0) { + if (EVP_DecryptFinal(m_ctx, plainBuf, &outl) == 0) { throw XSECCryptoException(XSECCryptoException::SymmetricError, "OpenSSL:SymmetricKey - Error during OpenSSL decrypt finalisation"); @@ -544,7 +545,7 @@ We can then clean that up ourselves */ - if (EVP_DecryptUpdate(&m_ctx, &scrPlainBuf[offset], &outl, cipherBuf, m_blockSize) == 0) { + if (EVP_DecryptUpdate(m_ctx, &scrPlainBuf[offset], &outl, cipherBuf, m_blockSize) == 0) { throw XSECCryptoException(XSECCryptoException::SymmetricError, "OpenSSL:SymmetricKey - Error cecrypting final block during OpenSSL"); } @@ -641,16 +642,16 @@ } #if defined (XSEC_OPENSSL_CONST_BUFFERS) - EVP_EncryptInit(&m_ctx, EVP_des_ede3_cbc(), m_keyBuf.rawBuffer(), usedIV); + EVP_EncryptInit(m_ctx, EVP_des_ede3_cbc(), m_keyBuf.rawBuffer(), usedIV); #else - EVP_EncryptInit(&m_ctx, EVP_des_ede3_cbc(), (unsigned char *) m_keyBuf.rawBuffer(), (unsigned char *) usedIV); + EVP_EncryptInit(m_ctx, EVP_des_ede3_cbc(), (unsigned char *) m_keyBuf.rawBuffer(), (unsigned char *) usedIV); #endif } else if (m_keyMode == MODE_ECB) { #if defined (XSEC_OPENSSL_CONST_BUFFERS) - EVP_EncryptInit(&m_ctx, EVP_des_ede3_ecb(), m_keyBuf.rawBuffer(), NULL); + EVP_EncryptInit(m_ctx, EVP_des_ede3_ecb(), m_keyBuf.rawBuffer(), NULL); #else - EVP_EncryptInit(&m_ctx, EVP_des_ede3(), (unsigned char *) m_keyBuf.rawBuffer(), NULL); + EVP_EncryptInit(m_ctx, EVP_des_ede3(), (unsigned char *) m_keyBuf.rawBuffer(), NULL); #endif } else { @@ -684,11 +685,11 @@ else usedIV = iv; - EVP_EncryptInit_ex(&m_ctx, EVP_aes_128_cbc(), NULL, m_keyBuf.rawBuffer(), usedIV); + EVP_EncryptInit_ex(m_ctx, EVP_aes_128_cbc(), NULL, m_keyBuf.rawBuffer(), usedIV); } else if (m_keyMode == MODE_ECB) { - EVP_EncryptInit_ex(&m_ctx, EVP_aes_128_ecb(), NULL, m_keyBuf.rawBuffer(), NULL); + EVP_EncryptInit_ex(m_ctx, EVP_aes_128_ecb(), NULL, m_keyBuf.rawBuffer(), NULL); } #ifdef XSEC_OPENSSL_HAVE_GCM @@ -708,7 +709,7 @@ else usedIV = iv; - EVP_EncryptInit_ex(&m_ctx, EVP_aes_128_gcm(), NULL, m_keyBuf.rawBuffer(), usedIV); + EVP_EncryptInit_ex(m_ctx, EVP_aes_128_gcm(), NULL, m_keyBuf.rawBuffer(), usedIV); } #endif else { @@ -739,7 +740,7 @@ else usedIV = iv; - EVP_EncryptInit_ex(&m_ctx, EVP_aes_192_cbc(), NULL, m_keyBuf.rawBuffer(), usedIV); + EVP_EncryptInit_ex(m_ctx, EVP_aes_192_cbc(), NULL, m_keyBuf.rawBuffer(), usedIV); } #ifdef XSEC_OPENSSL_HAVE_GCM @@ -759,12 +760,12 @@ else usedIV = iv; - EVP_EncryptInit_ex(&m_ctx, EVP_aes_192_gcm(), NULL, m_keyBuf.rawBuffer(), usedIV); + EVP_EncryptInit_ex(m_ctx, EVP_aes_192_gcm(), NULL, m_keyBuf.rawBuffer(), usedIV); } #endif else if (m_keyMode == MODE_ECB) { - EVP_EncryptInit_ex(&m_ctx, EVP_aes_192_ecb(), NULL, m_keyBuf.rawBuffer(), NULL); + EVP_EncryptInit_ex(m_ctx, EVP_aes_192_ecb(), NULL, m_keyBuf.rawBuffer(), NULL); } else { throw XSECCryptoException(XSECCryptoException::SymmetricError, @@ -793,7 +794,7 @@ else usedIV = iv; - EVP_EncryptInit_ex(&m_ctx, EVP_aes_256_cbc(), NULL, m_keyBuf.rawBuffer(), usedIV); + EVP_EncryptInit_ex(m_ctx, EVP_aes_256_cbc(), NULL, m_keyBuf.rawBuffer(), usedIV); } #ifdef XSEC_OPENSSL_HAVE_GCM @@ -813,12 +814,12 @@ else usedIV = iv; - EVP_EncryptInit_ex(&m_ctx, EVP_aes_256_gcm(), NULL, m_keyBuf.rawBuffer(), usedIV); + EVP_EncryptInit_ex(m_ctx, EVP_aes_256_gcm(), NULL, m_keyBuf.rawBuffer(), usedIV); } #endif else if (m_keyMode == MODE_ECB) { - EVP_EncryptInit_ex(&m_ctx, EVP_aes_256_ecb(), NULL, m_keyBuf.rawBuffer(), NULL); + EVP_EncryptInit_ex(m_ctx, EVP_aes_256_ecb(), NULL, m_keyBuf.rawBuffer(), NULL); } else { @@ -864,10 +865,10 @@ #if defined (XSEC_OPENSSL_CANSET_PADDING) // Setup padding if (m_doPad) { - EVP_CIPHER_CTX_set_padding(&m_ctx, 1); + EVP_CIPHER_CTX_set_padding(m_ctx, 1); } else { - EVP_CIPHER_CTX_set_padding(&m_ctx, 0); + EVP_CIPHER_CTX_set_padding(m_ctx, 0); } #endif @@ -908,9 +909,9 @@ } #if defined (XSEC_OPENSSL_CONST_BUFFERS) - if (EVP_EncryptUpdate(&m_ctx, &cipherBuf[offset], &outl, inBuf, inLength) == 0) { + if (EVP_EncryptUpdate(m_ctx, &cipherBuf[offset], &outl, inBuf, inLength) == 0) { #else - if (EVP_EncryptUpdate(&m_ctx, &cipherBuf[offset], &outl, (unsigned char *) inBuf, inLength) == 0) { + if (EVP_EncryptUpdate(m_ctx, &cipherBuf[offset], &outl, (unsigned char *) inBuf, inLength) == 0) { #endif throw XSECCryptoException(XSECCryptoException::SymmetricError, @@ -929,7 +930,7 @@ int outl = maxOutLength; m_initialised = false; - if (EVP_EncryptFinal(&m_ctx, cipherBuf, &outl) == 0) { + if (EVP_EncryptFinal(m_ctx, cipherBuf, &outl) == 0) { throw XSECCryptoException(XSECCryptoException::SymmetricError, "OpenSSLSymmetricKey::encryptFinish - Error during OpenSSL decrypt finalisation"); @@ -962,7 +963,7 @@ } if (m_keyMode == MODE_GCM) { #ifdef XSEC_OPENSSL_HAVE_GCM - EVP_CIPHER_CTX_ctrl(&m_ctx, EVP_CTRL_GCM_GET_TAG, taglen, cipherBuf + outl); + EVP_CIPHER_CTX_ctrl(m_ctx, EVP_CTRL_GCM_GET_TAG, taglen, cipherBuf + outl); outl += taglen; #else throw XSECCryptoException(XSECCryptoException::SymmetricError, diff -U3 -r xml-security-c-1.7.3.orig/xsec/enc/OpenSSL/OpenSSLCryptoSymmetricKey.hpp xml-security-c-1.7.3/xsec/enc/OpenSSL/OpenSSLCryptoSymmetricKey.hpp --- xml-security-c-1.7.3.orig/xsec/enc/OpenSSL/OpenSSLCryptoSymmetricKey.hpp 2012-07-23 19:56:11.000000000 +0300 +++ xml-security-c-1.7.3/xsec/enc/OpenSSL/OpenSSLCryptoSymmetricKey.hpp 2017-02-19 21:25:39.000000000 +0200 @@ -283,13 +283,13 @@ * \brief Get OpenSSL cipher context structure */ - EVP_CIPHER_CTX * getOpenSSLEVP_CIPHER_CTX(void) {return &m_ctx;} + EVP_CIPHER_CTX * getOpenSSLEVP_CIPHER_CTX(void) {return m_ctx;} /** * \brief Get OpenSSL cipher context structure */ - const EVP_CIPHER_CTX * getOpenSSLEVP_CIPHER_CTX(void) const {return &m_ctx;} + const EVP_CIPHER_CTX * getOpenSSLEVP_CIPHER_CTX(void) const {return m_ctx;} //@} @@ -307,7 +307,7 @@ // Private variables SymmetricKeyType m_keyType; SymmetricKeyMode m_keyMode; - EVP_CIPHER_CTX m_ctx; // OpenSSL Cipher Context structure + EVP_CIPHER_CTX *m_ctx; // OpenSSL Cipher Context structure safeBuffer m_keyBuf; // Holder of the key safeBuffer m_tagBuf; // Holder of authentication tag unsigned int m_keyLen; diff -U3 -r xml-security-c-1.7.3.orig/xsec/enc/OpenSSL/OpenSSLCryptoX509.cpp xml-security-c-1.7.3/xsec/enc/OpenSSL/OpenSSLCryptoX509.cpp --- xml-security-c-1.7.3.orig/xsec/enc/OpenSSL/OpenSSLCryptoX509.cpp 2012-07-23 19:56:11.000000000 +0300 +++ xml-security-c-1.7.3/xsec/enc/OpenSSL/OpenSSLCryptoX509.cpp 2017-02-19 21:09:40.000000000 +0200 @@ -191,7 +191,7 @@ XSECCryptoKey::KeyType ret; - switch (pkey->type) { + switch (EVP_PKEY_base_id(pkey)) { case EVP_PKEY_DSA : @@ -241,7 +241,7 @@ "OpenSSL:X509 - cannot retrieve public key from cert"); } - switch (pkey->type) { + switch (EVP_PKEY_base_id(pkey)) { case EVP_PKEY_DSA : diff -U3 -r xml-security-c-1.7.3.orig/xsec/tools/checksig/InteropResolver.cpp xml-security-c-1.7.3/xsec/tools/checksig/InteropResolver.cpp --- xml-security-c-1.7.3.orig/xsec/tools/checksig/InteropResolver.cpp 2012-07-23 19:56:10.000000000 +0300 +++ xml-security-c-1.7.3/xsec/tools/checksig/InteropResolver.cpp 2017-02-19 22:33:50.000000000 +0200 @@ -318,7 +318,7 @@ char * cserial = XMLString::transcode(serial); char * xserial; - BIGNUM * bnserial = ASN1_INTEGER_to_BN(x->cert_info->serialNumber, NULL); + BIGNUM * bnserial = ASN1_INTEGER_to_BN(X509_get0_serialNumber(x), NULL); xserial = BN_bn2dec(bnserial); BN_free(bnserial); @@ -360,8 +360,7 @@ if (xlen != 0) { // Have a buffer with a number in it - STACK_OF(X509_EXTENSION) *exts; - exts = x->cert_info->extensions; + const STACK_OF(X509_EXTENSION) *exts = X509_get0_extensions(x); if (exts != NULL) { @@ -379,8 +378,8 @@ memcpy(&octxski[2], xski, xlen); ext = sk_X509_EXTENSION_value(exts,extn); - ASN1_OCTET_STRING *skid = ext->value; - ASN1_OCTET_STRING * xskid = M_ASN1_OCTET_STRING_new(); + ASN1_OCTET_STRING *skid = X509_EXTENSION_get_data(ext); + ASN1_OCTET_STRING * xskid = ASN1_OCTET_STRING_new(); ASN1_STRING_set(xskid, octxski, xlen+2); if (ASN1_OCTET_STRING_cmp(xskid, skid) == 0) { @@ -602,12 +601,12 @@ // Now check if the cert is in the CRL (code lifted from OpenSSL x509_vfy.c int idx; - X509_REVOKED rtmp; + X509_REVOKED *rtmp = X509_REVOKED_new(); /* Look for serial number of certificate in CRL */ - rtmp.serialNumber = X509_get_serialNumber(x); - idx = sk_X509_REVOKED_find(c->crl->revoked, &rtmp); + X509_REVOKED_set_serialNumber(rtmp, X509_get_serialNumber(x)); + idx = sk_X509_REVOKED_find(X509_CRL_get_REVOKED(c), rtmp); /* Not found: OK */ diff -U3 -r xml-security-c-1.7.3.orig/xsec/tools/cipher/XencInteropResolver.cpp xml-security-c-1.7.3/xsec/tools/cipher/XencInteropResolver.cpp --- xml-security-c-1.7.3.orig/xsec/tools/cipher/XencInteropResolver.cpp 2012-07-23 19:56:10.000000000 +0300 +++ xml-security-c-1.7.3/xsec/tools/cipher/XencInteropResolver.cpp 2017-02-19 22:34:57.000000000 +0200 @@ -521,7 +521,7 @@ X509 * x509 = OSSLX509->getOpenSSLX509(); // Check the serial number - BIGNUM * bnserial = ASN1_INTEGER_to_BN(x509->cert_info->serialNumber, NULL); + BIGNUM * bnserial = ASN1_INTEGER_to_BN(X509_get0_serialNumber(x509), NULL); BN_free(bnserial); BIO * rsaFile = createFileBIO(mp_baseURI, "rsa.p8"); diff -U3 -r xml-security-c-1.7.3.orig/xsec/tools/cipher/cipher.cpp xml-security-c-1.7.3/xsec/tools/cipher/cipher.cpp --- xml-security-c-1.7.3.orig/xsec/tools/cipher/cipher.cpp 2015-01-30 05:55:09.000000000 +0200 +++ xml-security-c-1.7.3/xsec/tools/cipher/cipher.cpp 2017-02-19 22:37:17.000000000 +0200 @@ -517,7 +517,7 @@ pkey = X509_get_pubkey(x); - if (pkey == NULL || pkey->type != EVP_PKEY_RSA) { + if (pkey == NULL || EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA) { cerr << "Error extracting RSA key from certificate" << endl; } diff -U3 -r xml-security-c-1.7.3.orig/xsec/tools/templatesign/templatesign.cpp xml-security-c-1.7.3/xsec/tools/templatesign/templatesign.cpp --- xml-security-c-1.7.3.orig/xsec/tools/templatesign/templatesign.cpp 2015-01-30 05:55:09.000000000 +0200 +++ xml-security-c-1.7.3/xsec/tools/templatesign/templatesign.cpp 2017-02-19 21:31:14.000000000 +0200 @@ -726,7 +726,7 @@ // Check type is correct - if (pkey->type != EVP_PKEY_DSA) { + if (EVP_PKEY_base_id(pkey) != EVP_PKEY_DSA) { cerr << "DSA Key requested, but OpenSSL loaded something else\n"; exit (1); } @@ -739,7 +739,7 @@ // Check type is correct - if (pkey->type != EVP_PKEY_EC) { + if (EVP_PKEY_base_id(pkey) != EVP_PKEY_EC) { cerr << "EC Key requested, but OpenSSL loaded something else\n"; exit (1); } @@ -749,7 +749,7 @@ } # endif else { - if (pkey->type != EVP_PKEY_RSA) { + if (EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA) { cerr << "RSA Key requested, but OpenSSL loaded something else\n"; exit (1); } diff -U3 -r xml-security-c-1.7.3.orig/xsec/tools/xklient/xklient.cpp xml-security-c-1.7.3/xsec/tools/xklient/xklient.cpp --- xml-security-c-1.7.3.orig/xsec/tools/xklient/xklient.cpp 2012-07-23 19:56:10.000000000 +0300 +++ xml-security-c-1.7.3/xsec/tools/xklient/xklient.cpp 2017-02-19 22:58:32.000000000 +0200 @@ -284,7 +284,7 @@ #if defined (XSEC_HAVE_OPENSSL) -XMLCh * BN2b64(BIGNUM * bn) { +XMLCh * BN2b64(const BIGNUM * bn) { int bytes = BN_num_bytes(bn); unsigned char * binbuf = new unsigned char[bytes + 1]; @@ -606,7 +606,7 @@ // Check type is correct - if (pkey->type != EVP_PKEY_DSA) { + if (EVP_PKEY_base_id(pkey) != EVP_PKEY_DSA) { cerr << "DSA Key requested, but OpenSSL loaded something else\n"; return NULL; } @@ -615,10 +615,14 @@ // Create the XSEC OpenSSL interface key = new OpenSSLCryptoKeyDSA(pkey); - XMLCh * P = BN2b64(pkey->pkey.dsa->p); - XMLCh * Q = BN2b64(pkey->pkey.dsa->q); - XMLCh * G = BN2b64(pkey->pkey.dsa->g); - XMLCh * Y = BN2b64(pkey->pkey.dsa->pub_key); + DSA *dsa = EVP_PKEY_get0_DSA(pkey); + const BIGNUM *p, *q, *g, *pub_key; + DSA_get0_pqg(dsa, &p, &q, &g); + DSA_get0_key(dsa, &pub_key, 0); + XMLCh * P = BN2b64(p); + XMLCh * Q = BN2b64(q); + XMLCh * G = BN2b64(g); + XMLCh * Y = BN2b64(pub_key); sig->appendDSAKeyValue(P,Q,G,Y); @@ -628,15 +632,18 @@ XSEC_RELEASE_XMLCH(Y); } else { - if (pkey->type != EVP_PKEY_RSA) { + if (EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA) { cerr << "RSA Key requested, but OpenSSL loaded something else\n"; exit (1); } sig = lr->addSignature(CANON_C14N_NOC, SIGNATURE_RSA, HASH_SHA1); key = new OpenSSLCryptoKeyRSA(pkey); - XMLCh * mod = BN2b64(pkey->pkey.rsa->n); - XMLCh * exp = BN2b64(pkey->pkey.rsa->e); + RSA *rsa = EVP_PKEY_get0_RSA(pkey); + const BIGNUM *n, *e; + RSA_get0_key(rsa, &n, &e, 0); + XMLCh * mod = BN2b64(n); + XMLCh * exp = BN2b64(e); sig->appendRSAKeyValue(mod, exp); XSEC_RELEASE_XMLCH(mod); XSEC_RELEASE_XMLCH(exp); @@ -878,7 +885,7 @@ // Check type is correct - if (pkey->type != EVP_PKEY_DSA) { + if (EVP_PKEY_base_id(pkey) != EVP_PKEY_DSA) { cerr << "DSA Key requested, but OpenSSL loaded something else\n"; return NULL; } @@ -887,10 +894,14 @@ // Create the XSEC OpenSSL interface key = new OpenSSLCryptoKeyDSA(pkey); - XMLCh * P = BN2b64(pkey->pkey.dsa->p); - XMLCh * Q = BN2b64(pkey->pkey.dsa->q); - XMLCh * G = BN2b64(pkey->pkey.dsa->g); - XMLCh * Y = BN2b64(pkey->pkey.dsa->pub_key); + DSA *dsa = EVP_PKEY_get0_DSA(pkey); + const BIGNUM *p, *q, *g, *pub_key; + DSA_get0_pqg(dsa, &p, &q, &g); + DSA_get0_key(dsa, &pub_key, 0); + XMLCh * P = BN2b64(p); + XMLCh * Q = BN2b64(q); + XMLCh * G = BN2b64(g); + XMLCh * Y = BN2b64(pub_key); sig->appendDSAKeyValue(P,Q,G,Y); @@ -900,15 +911,18 @@ XSEC_RELEASE_XMLCH(Y); } else { - if (pkey->type != EVP_PKEY_RSA) { + if (EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA) { cerr << "RSA Key requested, but OpenSSL loaded something else\n"; exit (1); } sig = vr->addSignature(CANON_C14N_NOC, SIGNATURE_RSA, HASH_SHA1); key = new OpenSSLCryptoKeyRSA(pkey); - XMLCh * mod = BN2b64(pkey->pkey.rsa->n); - XMLCh * exp = BN2b64(pkey->pkey.rsa->e); + RSA *rsa = EVP_PKEY_get0_RSA(pkey); + const BIGNUM *n, *e; + RSA_get0_key(rsa, &n, &e, 0); + XMLCh * mod = BN2b64(n); + XMLCh * exp = BN2b64(e); sig->appendRSAKeyValue(mod, exp); XSEC_RELEASE_XMLCH(mod); XSEC_RELEASE_XMLCH(exp); @@ -1229,7 +1243,7 @@ // Check type is correct - if (pkey->type != EVP_PKEY_DSA) { + if (EVP_PKEY_base_id(pkey) != EVP_PKEY_DSA) { cerr << "DSA Key requested, but OpenSSL loaded something else\n"; return NULL; } @@ -1238,10 +1252,14 @@ // Create the XSEC OpenSSL interface key = new OpenSSLCryptoKeyDSA(pkey); - XMLCh * P = BN2b64(pkey->pkey.dsa->p); - XMLCh * Q = BN2b64(pkey->pkey.dsa->q); - XMLCh * G = BN2b64(pkey->pkey.dsa->g); - XMLCh * Y = BN2b64(pkey->pkey.dsa->pub_key); + DSA *dsa = EVP_PKEY_get0_DSA(pkey); + const BIGNUM *p, *q, *g, *pub_key; + DSA_get0_pqg(dsa, &p, &q, &g); + DSA_get0_key(dsa, &pub_key, 0); + XMLCh * P = BN2b64(p); + XMLCh * Q = BN2b64(q); + XMLCh * G = BN2b64(g); + XMLCh * Y = BN2b64(pub_key); sig->appendDSAKeyValue(P,Q,G,Y); @@ -1251,15 +1269,18 @@ XSEC_RELEASE_XMLCH(Y); } else { - if (pkey->type != EVP_PKEY_RSA) { + if (EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA) { cerr << "RSA Key requested, but OpenSSL loaded something else\n"; exit (1); } sig = rr->addSignature(CANON_C14N_NOC, SIGNATURE_RSA, HASH_SHA1); key = new OpenSSLCryptoKeyRSA(pkey); - XMLCh * mod = BN2b64(pkey->pkey.rsa->n); - XMLCh * exp = BN2b64(pkey->pkey.rsa->e); + RSA *rsa = EVP_PKEY_get0_RSA(pkey); + const BIGNUM *n, *e; + RSA_get0_key(rsa, &n, &e, 0); + XMLCh * mod = BN2b64(n); + XMLCh * exp = BN2b64(e); sig->appendRSAKeyValue(mod, exp); XSEC_RELEASE_XMLCH(mod); XSEC_RELEASE_XMLCH(exp); @@ -1326,7 +1347,7 @@ // Check type is correct - if (pkey->type != EVP_PKEY_DSA) { + if (EVP_PKEY_base_id(pkey) != EVP_PKEY_DSA) { cerr << "DSA Key requested, but OpenSSL loaded something else\n"; return NULL; } @@ -1334,10 +1355,14 @@ proofOfPossessionKey = new OpenSSLCryptoKeyDSA(pkey); proofOfPossessionSm = SIGNATURE_DSA; - XMLCh * P = BN2b64(pkey->pkey.dsa->p); - XMLCh * Q = BN2b64(pkey->pkey.dsa->q); - XMLCh * G = BN2b64(pkey->pkey.dsa->g); - XMLCh * Y = BN2b64(pkey->pkey.dsa->pub_key); + DSA *dsa = EVP_PKEY_get0_DSA(pkey); + const BIGNUM *p, *q, *g, *pub_key; + DSA_get0_pqg(dsa, &p, &q, &g); + DSA_get0_key(dsa, &pub_key, 0); + XMLCh * P = BN2b64(p); + XMLCh * Q = BN2b64(q); + XMLCh * G = BN2b64(g); + XMLCh * Y = BN2b64(pub_key); pkb->appendDSAKeyValue(P,Q,G,Y); @@ -1347,7 +1372,7 @@ XSEC_RELEASE_XMLCH(Y); } else { - if (pkey->type != EVP_PKEY_RSA) { + if (EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA) { cerr << "RSA Key requested, but OpenSSL loaded something else\n"; exit (1); } @@ -1355,8 +1380,11 @@ proofOfPossessionKey = new OpenSSLCryptoKeyRSA(pkey); proofOfPossessionSm = SIGNATURE_RSA; - XMLCh * mod = BN2b64(pkey->pkey.rsa->n); - XMLCh * exp = BN2b64(pkey->pkey.rsa->e); + RSA *rsa = EVP_PKEY_get0_RSA(pkey); + const BIGNUM *n, *e; + RSA_get0_key(rsa, &n, &e, 0); + XMLCh * mod = BN2b64(n); + XMLCh * exp = BN2b64(e); pkb->appendRSAKeyValue(mod, exp); XSEC_RELEASE_XMLCH(mod); XSEC_RELEASE_XMLCH(exp); @@ -1622,7 +1650,7 @@ // Check type is correct - if (pkey->type != EVP_PKEY_DSA) { + if (EVP_PKEY_base_id(pkey) != EVP_PKEY_DSA) { cerr << "DSA Key requested, but OpenSSL loaded something else\n"; return NULL; } @@ -1631,10 +1659,14 @@ // Create the XSEC OpenSSL interface key = new OpenSSLCryptoKeyDSA(pkey); - XMLCh * P = BN2b64(pkey->pkey.dsa->p); - XMLCh * Q = BN2b64(pkey->pkey.dsa->q); - XMLCh * G = BN2b64(pkey->pkey.dsa->g); - XMLCh * Y = BN2b64(pkey->pkey.dsa->pub_key); + DSA *dsa = EVP_PKEY_get0_DSA(pkey); + const BIGNUM *p, *q, *g, *pub_key; + DSA_get0_pqg(dsa, &p, &q, &g); + DSA_get0_key(dsa, &pub_key, 0); + XMLCh * P = BN2b64(p); + XMLCh * Q = BN2b64(q); + XMLCh * G = BN2b64(g); + XMLCh * Y = BN2b64(pub_key); sig->appendDSAKeyValue(P,Q,G,Y); @@ -1644,15 +1676,18 @@ XSEC_RELEASE_XMLCH(Y); } else { - if (pkey->type != EVP_PKEY_RSA) { + if (EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA) { cerr << "RSA Key requested, but OpenSSL loaded something else\n"; exit (1); } sig = rr->addSignature(CANON_C14N_NOC, SIGNATURE_RSA, HASH_SHA1); key = new OpenSSLCryptoKeyRSA(pkey); - XMLCh * mod = BN2b64(pkey->pkey.rsa->n); - XMLCh * exp = BN2b64(pkey->pkey.rsa->e); + RSA *rsa = EVP_PKEY_get0_RSA(pkey); + const BIGNUM *n, *e; + RSA_get0_key(rsa, &n, &e, 0); + XMLCh * mod = BN2b64(n); + XMLCh * exp = BN2b64(e); sig->appendRSAKeyValue(mod, exp); XSEC_RELEASE_XMLCH(mod); XSEC_RELEASE_XMLCH(exp); @@ -1719,15 +1754,19 @@ // Check type is correct - if (pkey->type != EVP_PKEY_DSA) { + if (EVP_PKEY_base_id(pkey) != EVP_PKEY_DSA) { cerr << "DSA Key requested, but OpenSSL loaded something else\n"; return NULL; } - XMLCh * P = BN2b64(pkey->pkey.dsa->p); - XMLCh * Q = BN2b64(pkey->pkey.dsa->q); - XMLCh * G = BN2b64(pkey->pkey.dsa->g); - XMLCh * Y = BN2b64(pkey->pkey.dsa->pub_key); + DSA *dsa = EVP_PKEY_get0_DSA(pkey); + const BIGNUM *p, *q, *g, *pub_key; + DSA_get0_pqg(dsa, &p, &q, &g); + DSA_get0_key(dsa, &pub_key, 0); + XMLCh * P = BN2b64(p); + XMLCh * Q = BN2b64(q); + XMLCh * G = BN2b64(g); + XMLCh * Y = BN2b64(pub_key); rkb->appendDSAKeyValue(P,Q,G,Y); @@ -1737,13 +1776,16 @@ XSEC_RELEASE_XMLCH(Y); } else { - if (pkey->type != EVP_PKEY_RSA) { + if (EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA) { cerr << "RSA Key requested, but OpenSSL loaded something else\n"; exit (1); } - XMLCh * mod = BN2b64(pkey->pkey.rsa->n); - XMLCh * exp = BN2b64(pkey->pkey.rsa->e); + RSA *rsa = EVP_PKEY_get0_RSA(pkey); + const BIGNUM *n, *e; + RSA_get0_key(rsa, &n, &e, 0); + XMLCh * mod = BN2b64(n); + XMLCh * exp = BN2b64(e); rkb->appendRSAKeyValue(mod, exp); XSEC_RELEASE_XMLCH(mod); XSEC_RELEASE_XMLCH(exp); @@ -1977,7 +2019,7 @@ // Check type is correct - if (pkey->type != EVP_PKEY_DSA) { + if (EVP_PKEY_base_id(pkey) != EVP_PKEY_DSA) { cerr << "DSA Key requested, but OpenSSL loaded something else\n"; return NULL; } @@ -1986,10 +2028,14 @@ // Create the XSEC OpenSSL interface key = new OpenSSLCryptoKeyDSA(pkey); - XMLCh * P = BN2b64(pkey->pkey.dsa->p); - XMLCh * Q = BN2b64(pkey->pkey.dsa->q); - XMLCh * G = BN2b64(pkey->pkey.dsa->g); - XMLCh * Y = BN2b64(pkey->pkey.dsa->pub_key); + DSA *dsa = EVP_PKEY_get0_DSA(pkey); + const BIGNUM *p, *q, *g, *pub_key; + DSA_get0_pqg(dsa, &p, &q, &g); + DSA_get0_key(dsa, &pub_key, 0); + XMLCh * P = BN2b64(p); + XMLCh * Q = BN2b64(q); + XMLCh * G = BN2b64(g); + XMLCh * Y = BN2b64(pub_key); sig->appendDSAKeyValue(P,Q,G,Y); @@ -1999,15 +2045,18 @@ XSEC_RELEASE_XMLCH(Y); } else { - if (pkey->type != EVP_PKEY_RSA) { + if (EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA) { cerr << "RSA Key requested, but OpenSSL loaded something else\n"; exit (1); } sig = rr->addSignature(CANON_C14N_NOC, SIGNATURE_RSA, HASH_SHA1); key = new OpenSSLCryptoKeyRSA(pkey); - XMLCh * mod = BN2b64(pkey->pkey.rsa->n); - XMLCh * exp = BN2b64(pkey->pkey.rsa->e); + RSA *rsa = EVP_PKEY_get0_RSA(pkey); + const BIGNUM *n, *e; + RSA_get0_key(rsa, &n, &e, 0); + XMLCh * mod = BN2b64(n); + XMLCh * exp = BN2b64(e); sig->appendRSAKeyValue(mod, exp); XSEC_RELEASE_XMLCH(mod); XSEC_RELEASE_XMLCH(exp); @@ -2074,7 +2123,7 @@ // Check type is correct - if (pkey->type != EVP_PKEY_DSA) { + if (EVP_PKEY_base_id(pkey) != EVP_PKEY_DSA) { cerr << "DSA Key requested, but OpenSSL loaded something else\n"; return NULL; } @@ -2082,10 +2131,14 @@ proofOfPossessionKey = new OpenSSLCryptoKeyDSA(pkey); proofOfPossessionSm = SIGNATURE_DSA; - XMLCh * P = BN2b64(pkey->pkey.dsa->p); - XMLCh * Q = BN2b64(pkey->pkey.dsa->q); - XMLCh * G = BN2b64(pkey->pkey.dsa->g); - XMLCh * Y = BN2b64(pkey->pkey.dsa->pub_key); + DSA *dsa = EVP_PKEY_get0_DSA(pkey); + const BIGNUM *p, *q, *g, *pub_key; + DSA_get0_pqg(dsa, &p, &q, &g); + DSA_get0_key(dsa, &pub_key, 0); + XMLCh * P = BN2b64(p); + XMLCh * Q = BN2b64(q); + XMLCh * G = BN2b64(g); + XMLCh * Y = BN2b64(pub_key); pkb->appendDSAKeyValue(P,Q,G,Y); @@ -2095,7 +2148,7 @@ XSEC_RELEASE_XMLCH(Y); } else { - if (pkey->type != EVP_PKEY_RSA) { + if (EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA) { cerr << "RSA Key requested, but OpenSSL loaded something else\n"; exit (1); } @@ -2103,8 +2156,11 @@ proofOfPossessionKey = new OpenSSLCryptoKeyRSA(pkey); proofOfPossessionSm = SIGNATURE_RSA; - XMLCh * mod = BN2b64(pkey->pkey.rsa->n); - XMLCh * exp = BN2b64(pkey->pkey.rsa->e); + RSA *rsa = EVP_PKEY_get0_RSA(pkey); + const BIGNUM *n, *e; + RSA_get0_key(rsa, &n, &e, 0); + XMLCh * mod = BN2b64(n); + XMLCh * exp = BN2b64(e); pkb->appendRSAKeyValue(mod, exp); XSEC_RELEASE_XMLCH(mod); XSEC_RELEASE_XMLCH(exp); @@ -2371,7 +2427,7 @@ // Check type is correct - if (pkey->type != EVP_PKEY_DSA) { + if (EVP_PKEY_base_id(pkey) != EVP_PKEY_DSA) { cerr << "DSA Key requested, but OpenSSL loaded something else\n"; return NULL; } @@ -2380,10 +2436,14 @@ // Create the XSEC OpenSSL interface key = new OpenSSLCryptoKeyDSA(pkey); - XMLCh * P = BN2b64(pkey->pkey.dsa->p); - XMLCh * Q = BN2b64(pkey->pkey.dsa->q); - XMLCh * G = BN2b64(pkey->pkey.dsa->g); - XMLCh * Y = BN2b64(pkey->pkey.dsa->pub_key); + DSA *dsa = EVP_PKEY_get0_DSA(pkey); + const BIGNUM *p, *q, *g, *pub_key; + DSA_get0_pqg(dsa, &p, &q, &g); + DSA_get0_key(dsa, &pub_key, 0); + XMLCh * P = BN2b64(p); + XMLCh * Q = BN2b64(q); + XMLCh * G = BN2b64(g); + XMLCh * Y = BN2b64(pub_key); sig->appendDSAKeyValue(P,Q,G,Y); @@ -2393,15 +2453,18 @@ XSEC_RELEASE_XMLCH(Y); } else { - if (pkey->type != EVP_PKEY_RSA) { + if (EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA) { cerr << "RSA Key requested, but OpenSSL loaded something else\n"; exit (1); } sig = rr->addSignature(CANON_C14N_NOC, SIGNATURE_RSA, HASH_SHA1); key = new OpenSSLCryptoKeyRSA(pkey); - XMLCh * mod = BN2b64(pkey->pkey.rsa->n); - XMLCh * exp = BN2b64(pkey->pkey.rsa->e); + RSA *rsa = EVP_PKEY_get0_RSA(pkey); + const BIGNUM *n, *e; + RSA_get0_key(rsa, &n, &e, 0); + XMLCh * mod = BN2b64(n); + XMLCh * exp = BN2b64(e); sig->appendRSAKeyValue(mod, exp); XSEC_RELEASE_XMLCH(mod); XSEC_RELEASE_XMLCH(exp); @@ -2468,15 +2531,19 @@ // Check type is correct - if (pkey->type != EVP_PKEY_DSA) { + if (EVP_PKEY_base_id(pkey) != EVP_PKEY_DSA) { cerr << "DSA Key requested, but OpenSSL loaded something else\n"; return NULL; } - XMLCh * P = BN2b64(pkey->pkey.dsa->p); - XMLCh * Q = BN2b64(pkey->pkey.dsa->q); - XMLCh * G = BN2b64(pkey->pkey.dsa->g); - XMLCh * Y = BN2b64(pkey->pkey.dsa->pub_key); + DSA *dsa = EVP_PKEY_get0_DSA(pkey); + const BIGNUM *p, *q, *g, *pub_key; + DSA_get0_pqg(dsa, &p, &q, &g); + DSA_get0_key(dsa, &pub_key, 0); + XMLCh * P = BN2b64(p); + XMLCh * Q = BN2b64(q); + XMLCh * G = BN2b64(g); + XMLCh * Y = BN2b64(pub_key); rkb->appendDSAKeyValue(P,Q,G,Y); @@ -2486,13 +2553,16 @@ XSEC_RELEASE_XMLCH(Y); } else { - if (pkey->type != EVP_PKEY_RSA) { + if (EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA) { cerr << "RSA Key requested, but OpenSSL loaded something else\n"; exit (1); } - XMLCh * mod = BN2b64(pkey->pkey.rsa->n); - XMLCh * exp = BN2b64(pkey->pkey.rsa->e); + RSA *rsa = EVP_PKEY_get0_RSA(pkey); + const BIGNUM *n, *e; + RSA_get0_key(rsa, &n, &e, 0); + XMLCh * mod = BN2b64(n); + XMLCh * exp = BN2b64(e); rkb->appendRSAKeyValue(mod, exp); XSEC_RELEASE_XMLCH(mod); XSEC_RELEASE_XMLCH(exp); @@ -3251,14 +3321,17 @@ // Create the RSA key file RSA * rsa = RSA_new(); - rsa->n = OpenSSLCryptoBase64::b642BN(sModulus, (unsigned int) strlen(sModulus)); - rsa->e = OpenSSLCryptoBase64::b642BN(sExponent, (unsigned int) strlen(sExponent)); - rsa->d = OpenSSLCryptoBase64::b642BN(sD, (unsigned int) strlen(sD)); - rsa->p = OpenSSLCryptoBase64::b642BN(sP, (unsigned int) strlen(sP)); - rsa->q = OpenSSLCryptoBase64::b642BN(sQ, (unsigned int) strlen(sQ)); - rsa->dmp1 = OpenSSLCryptoBase64::b642BN(sDP, (unsigned int) strlen(sDP)); - rsa->dmq1 = OpenSSLCryptoBase64::b642BN(sDQ, (unsigned int) strlen(sDQ)); - rsa->iqmp = OpenSSLCryptoBase64::b642BN(sInverseQ, (unsigned int) strlen(sInverseQ)); + RSA_set0_key(rsa, + OpenSSLCryptoBase64::b642BN(sModulus, (unsigned int) strlen(sModulus)), + OpenSSLCryptoBase64::b642BN(sExponent, (unsigned int) strlen(sExponent)), + OpenSSLCryptoBase64::b642BN(sD, (unsigned int) strlen(sD))); + RSA_set0_factors(rsa, + OpenSSLCryptoBase64::b642BN(sP, (unsigned int) strlen(sP)), + OpenSSLCryptoBase64::b642BN(sQ, (unsigned int) strlen(sQ))); + RSA_set0_crt_params(rsa, + OpenSSLCryptoBase64::b642BN(sDP, (unsigned int) strlen(sDP)), + OpenSSLCryptoBase64::b642BN(sDQ, (unsigned int) strlen(sDQ)), + OpenSSLCryptoBase64::b642BN(sInverseQ, (unsigned int) strlen(sInverseQ))); // Write it to disk BIO *out; @@ -3367,14 +3440,17 @@ // Create the RSA key file RSA * rsa = RSA_new(); - rsa->n = OpenSSLCryptoBase64::b642BN(sModulus, (unsigned int) strlen(sModulus)); - rsa->e = OpenSSLCryptoBase64::b642BN(sExponent, (unsigned int) strlen(sExponent)); - rsa->d = OpenSSLCryptoBase64::b642BN(sD, (unsigned int) strlen(sD)); - rsa->p = OpenSSLCryptoBase64::b642BN(sP, (unsigned int) strlen(sP)); - rsa->q = OpenSSLCryptoBase64::b642BN(sQ, (unsigned int) strlen(sQ)); - rsa->dmp1 = OpenSSLCryptoBase64::b642BN(sDP, (unsigned int) strlen(sDP)); - rsa->dmq1 = OpenSSLCryptoBase64::b642BN(sDQ, (unsigned int) strlen(sDQ)); - rsa->iqmp = OpenSSLCryptoBase64::b642BN(sInverseQ, (unsigned int) strlen(sInverseQ)); + RSA_set0_key(rsa, + OpenSSLCryptoBase64::b642BN(sModulus, (unsigned int) strlen(sModulus)), + OpenSSLCryptoBase64::b642BN(sExponent, (unsigned int) strlen(sExponent)), + OpenSSLCryptoBase64::b642BN(sD, (unsigned int) strlen(sD))); + RSA_set0_factors(rsa, + OpenSSLCryptoBase64::b642BN(sP, (unsigned int) strlen(sP)), + OpenSSLCryptoBase64::b642BN(sQ, (unsigned int) strlen(sQ))); + RSA_set0_crt_params(rsa, + OpenSSLCryptoBase64::b642BN(sDP, (unsigned int) strlen(sDP)), + OpenSSLCryptoBase64::b642BN(sDQ, (unsigned int) strlen(sDQ)), + OpenSSLCryptoBase64::b642BN(sInverseQ, (unsigned int) strlen(sInverseQ))); // Write it to disk BIO *out;
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor
