diff options
author | ryoon <ryoon@pkgsrc.org> | 2018-04-30 06:50:58 +0000 |
---|---|---|
committer | ryoon <ryoon@pkgsrc.org> | 2018-04-30 06:50:58 +0000 |
commit | b83f3a6d67ed8910b19552700fd2be10c455ca9a (patch) | |
tree | 63ae4f023ffb2788659f5c274b7ab76fda0c8e54 /security | |
parent | 483dcd0a88b3730de0bd64dae2157f3e41018645 (diff) | |
download | pkgsrc-b83f3a6d67ed8910b19552700fd2be10c455ca9a.tar.gz |
Revert previous security/openssl is 1.0
Pointed by wiz@, thank you.
Diffstat (limited to 'security')
19 files changed, 5 insertions, 1736 deletions
diff --git a/security/xml-security-c/distinfo b/security/xml-security-c/distinfo index 1b1c128eb3e..ea33a9daf4f 100644 --- a/security/xml-security-c/distinfo +++ b/security/xml-security-c/distinfo @@ -1,25 +1,8 @@ -$NetBSD: distinfo,v 1.9 2018/04/30 05:25:24 ryoon Exp $ +$NetBSD: distinfo,v 1.10 2018/04/30 06:50:58 ryoon Exp $ SHA1 (xml-security-c-1.7.3.tar.gz) = bcbe98e0bd3695a0b961a223cce53e2f35c4681b RMD160 (xml-security-c-1.7.3.tar.gz) = f0c9c3668a3ff2e13647909b926e20fdba828ad2 SHA512 (xml-security-c-1.7.3.tar.gz) = ea46709d6706edf345e19132d9998774e50dc7b5947a7b4a55e3627998f5ac66f976fdff0a5015ef3cee73c03c04f3c4cf993efd397082491c2000c6548b89d2 Size (xml-security-c-1.7.3.tar.gz) = 909320 bytes SHA1 (patch-xsec_Makefile.in) = f610c63b888f8f744a5de5b47975eb7dc4aee55b -SHA1 (patch-xsec_enc_OpenSSL_OpenSSLCryptoBase64.cpp) = b66c6be973b29e02657c2eaffe331f311a8c7214 -SHA1 (patch-xsec_enc_OpenSSL_OpenSSLCryptoBase64.hpp) = ceb72c460f7ee9341047b1517306bf02cb8c3756 -SHA1 (patch-xsec_enc_OpenSSL_OpenSSLCryptoHash.cpp) = b8614ee4f947b88988b3e9b40fc35a080145ac2f -SHA1 (patch-xsec_enc_OpenSSL_OpenSSLCryptoHash.hpp) = 19628ec1aefa7e62ffec19e99968a97295717d1b -SHA1 (patch-xsec_enc_OpenSSL_OpenSSLCryptoHashHMAC.cpp) = fc1aa0983bc7eb72b75f8d1f35637a2d3376ec54 -SHA1 (patch-xsec_enc_OpenSSL_OpenSSLCryptoHashHMAC.hpp) = 1ae06a624875c97598b1d88f6260d8e49b311566 -SHA1 (patch-xsec_enc_OpenSSL_OpenSSLCryptoKeyDSA.cpp) = 7a483f89b19cdcf3993c7940d3bc50afba2aa186 -SHA1 (patch-xsec_enc_OpenSSL_OpenSSLCryptoKeyEC.cpp) = 6e8415da5b6a9cb9f093f66cfd490a96625a7fbb -SHA1 (patch-xsec_enc_OpenSSL_OpenSSLCryptoKeyRSA.cpp) = 57f7df09f24e0245802cf039471325c640ce849b -SHA1 (patch-xsec_enc_OpenSSL_OpenSSLCryptoProvider.cpp) = a5eb8e4b636b0bfba71f4c580509d09f43adb5bc -SHA1 (patch-xsec_enc_OpenSSL_OpenSSLCryptoSymmetricKey.cpp) = dda82e60360708f286af697ac34671cb9e363c83 -SHA1 (patch-xsec_enc_OpenSSL_OpenSSLCryptoSymmetricKey.hpp) = 6d7757997addc269c3c93ef3ddecd97449af6fc4 -SHA1 (patch-xsec_enc_OpenSSL_OpenSSLCryptoX509.cpp) = 1ed63c79f7339ed4a50479766311fc0833a2b63a -SHA1 (patch-xsec_tools_checksig_InteropResolver.cpp) = f71158bbe946eedc69558789ea39513762a6d8d1 -SHA1 (patch-xsec_tools_cipher_XencInteropResolver.cpp) = b36653313698c6bdf849f948dee2d2d0dafc6d2c -SHA1 (patch-xsec_tools_cipher_cipher.cpp) = 86c91a43e799f757efd445690de6a5b07c56eefd -SHA1 (patch-xsec_tools_templatesign_templatesign.cpp) = 9068b2641eeb01dba14895b5514628d10f5f2c5f -SHA1 (patch-xsec_tools_xklient_xklient.cpp) = ca4deeded395f0094ce91873c0c904385833a103 +SHA1 (patch-xsec_tools_checksig_InteropResolver.cpp) = bdc668a7f0212113d0efbaf189e7021a44108e26 diff --git a/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoBase64.cpp b/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoBase64.cpp deleted file mode 100644 index ac13d793c67..00000000000 --- a/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoBase64.cpp +++ /dev/null @@ -1,74 +0,0 @@ -$NetBSD: patch-xsec_enc_OpenSSL_OpenSSLCryptoBase64.cpp,v 1.1 2018/04/30 05:25:24 ryoon Exp $ - ---- xsec/enc/OpenSSL/OpenSSLCryptoBase64.cpp.orig 2012-07-23 16:56:11.000000000 +0000 -+++ xsec/enc/OpenSSL/OpenSSLCryptoBase64.cpp -@@ -44,6 +44,15 @@ - - XERCES_CPP_NAMESPACE_USE - -+OpenSSLCryptoBase64::OpenSSLCryptoBase64() { -+ m_ectx = EVP_ENCODE_CTX_new(); -+ m_dctx = EVP_ENCODE_CTX_new(); -+} -+ -+OpenSSLCryptoBase64::~OpenSSLCryptoBase64() { -+ EVP_ENCODE_CTX_free(m_ectx); -+ EVP_ENCODE_CTX_free(m_dctx); -+} - - // -------------------------------------------------------------------------------- - // Decoding -@@ -51,7 +60,7 @@ XERCES_CPP_NAMESPACE_USE - - void OpenSSLCryptoBase64::decodeInit(void) { - -- EVP_DecodeInit(&m_dctx); -+ EVP_DecodeInit(m_dctx); - - } - -@@ -70,7 +79,7 @@ unsigned int OpenSSLCryptoBase64::decode - - } - -- rc = EVP_DecodeUpdate(&m_dctx, -+ rc = EVP_DecodeUpdate(m_dctx, - outData, - &outLen, - (unsigned char *) inData, -@@ -99,7 +108,7 @@ unsigned int OpenSSLCryptoBase64::decode - int outLen; - outLen = outLength; - -- EVP_DecodeFinal(&m_dctx, outData, &outLen); -+ EVP_DecodeFinal(m_dctx, outData, &outLen); - - return outLen; - -@@ -111,7 +120,7 @@ unsigned int OpenSSLCryptoBase64::decode - - void OpenSSLCryptoBase64::encodeInit(void) { - -- EVP_EncodeInit(&m_ectx); -+ EVP_EncodeInit(m_ectx); - - } - -@@ -130,7 +139,7 @@ unsigned int OpenSSLCryptoBase64::encode - - } - -- EVP_EncodeUpdate(&m_ectx, -+ EVP_EncodeUpdate(m_ectx, - outData, - &outLen, - (unsigned char *) inData, -@@ -153,7 +162,7 @@ unsigned int OpenSSLCryptoBase64::encode - int outLen; - outLen = outLength; - -- EVP_EncodeFinal(&m_ectx, outData, &outLen); -+ EVP_EncodeFinal(m_ectx, outData, &outLen); - - return outLen; - diff --git a/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoBase64.hpp b/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoBase64.hpp deleted file mode 100644 index fe7f58a9480..00000000000 --- a/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoBase64.hpp +++ /dev/null @@ -1,40 +0,0 @@ -$NetBSD: patch-xsec_enc_OpenSSL_OpenSSLCryptoBase64.hpp,v 1.1 2018/04/30 05:25:24 ryoon Exp $ - ---- xsec/enc/OpenSSL/OpenSSLCryptoBase64.hpp.orig 2012-07-23 16:56:11.000000000 +0000 -+++ xsec/enc/OpenSSL/OpenSSLCryptoBase64.hpp -@@ -66,8 +66,8 @@ class DSIG_EXPORT OpenSSLCryptoBase64 : - public : - - -- OpenSSLCryptoBase64() {}; -- virtual ~OpenSSLCryptoBase64() {}; -+ OpenSSLCryptoBase64(); -+ virtual ~OpenSSLCryptoBase64(); - - /** @name Decoding Functions */ - //@{ -@@ -189,20 +189,20 @@ public : - * \brief Get OpenSSL encode context structure - */ - -- EVP_ENCODE_CTX * getOpenSSLEncodeEVP_ENCODE_CTX(void) {return &m_ectx;} -+ EVP_ENCODE_CTX * getOpenSSLEncodeEVP_ENCODE_CTX(void) {return m_ectx;} - - /** - * \brief Get OpenSSL encode context structure - */ - -- EVP_ENCODE_CTX * getOpenSSLDecodeEVP_ENCODE_CTX(void) {return &m_dctx;} -+ EVP_ENCODE_CTX * getOpenSSLDecodeEVP_ENCODE_CTX(void) {return m_dctx;} - - //@} - - private : - -- EVP_ENCODE_CTX m_ectx; // Encode context -- EVP_ENCODE_CTX m_dctx; // Decode context -+ EVP_ENCODE_CTX *m_ectx; // Encode context -+ EVP_ENCODE_CTX *m_dctx; // Decode context - - }; - diff --git a/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoHash.cpp b/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoHash.cpp deleted file mode 100644 index f1b8623b28b..00000000000 --- a/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoHash.cpp +++ /dev/null @@ -1,60 +0,0 @@ -$NetBSD: patch-xsec_enc_OpenSSL_OpenSSLCryptoHash.cpp,v 1.1 2018/04/30 05:25:24 ryoon Exp $ - ---- xsec/enc/OpenSSL/OpenSSLCryptoHash.cpp.orig 2012-07-23 16:56:11.000000000 +0000 -+++ xsec/enc/OpenSSL/OpenSSLCryptoHash.cpp -@@ -40,6 +40,7 @@ - - OpenSSLCryptoHash::OpenSSLCryptoHash(HashType alg) { - -+ m_mdctx = EVP_MD_CTX_create(); - switch (alg) { - - case (XSECCryptoHash::HASH_SHA1) : -@@ -104,7 +105,7 @@ OpenSSLCryptoHash::OpenSSLCryptoHash(Has - "OpenSSL:Hash - Error loading Message Digest"); - } - -- EVP_DigestInit(&m_mdctx, mp_md); -+ EVP_DigestInit(m_mdctx, mp_md); - m_hashType = alg; - - } -@@ -112,7 +113,7 @@ OpenSSLCryptoHash::OpenSSLCryptoHash(Has - - OpenSSLCryptoHash::~OpenSSLCryptoHash() { - -- EVP_MD_CTX_cleanup(&m_mdctx); -+ EVP_MD_CTX_free(m_mdctx); - - } - -@@ -121,16 +122,16 @@ OpenSSLCryptoHash::~OpenSSLCryptoHash() - // Hashing Activities - void OpenSSLCryptoHash::reset(void) { - -- EVP_MD_CTX_cleanup(&m_mdctx); -- -- EVP_DigestInit(&m_mdctx, mp_md); -+ EVP_MD_CTX_free(m_mdctx); -+ m_mdctx = EVP_MD_CTX_new(); -+ EVP_DigestInit(m_mdctx, mp_md); - - } - - void OpenSSLCryptoHash::hash(unsigned char * data, - unsigned int length) { - -- EVP_DigestUpdate(&m_mdctx, data, length); -+ EVP_DigestUpdate(m_mdctx, data, length); - - } - unsigned int OpenSSLCryptoHash::finish(unsigned char * hash, -@@ -140,7 +141,7 @@ unsigned int OpenSSLCryptoHash::finish(u - - // Finish up and copy out hash, returning the length - -- EVP_DigestFinal(&m_mdctx, m_mdValue, &m_mdLen); -+ EVP_DigestFinal(m_mdctx, m_mdValue, &m_mdLen); - - // Copy to output buffer - diff --git a/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoHash.hpp b/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoHash.hpp deleted file mode 100644 index 5a47be2ebea..00000000000 --- a/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoHash.hpp +++ /dev/null @@ -1,22 +0,0 @@ -$NetBSD: patch-xsec_enc_OpenSSL_OpenSSLCryptoHash.hpp,v 1.1 2018/04/30 05:25:24 ryoon Exp $ - ---- xsec/enc/OpenSSL/OpenSSLCryptoHash.hpp.orig 2012-07-23 16:56:11.000000000 +0000 -+++ xsec/enc/OpenSSL/OpenSSLCryptoHash.hpp -@@ -138,7 +138,7 @@ public : - * \brief Get OpenSSL hash context structure - */ - -- EVP_MD_CTX * getOpenSSLEVP_MD_CTX(void) {return &m_mdctx;} -+ EVP_MD_CTX * getOpenSSLEVP_MD_CTX(void) {return m_mdctx;} - - //@} - -@@ -148,7 +148,7 @@ private: - // Not implemented constructors - OpenSSLCryptoHash(); - -- EVP_MD_CTX m_mdctx; // Context for digest -+ EVP_MD_CTX *m_mdctx; // Context for digest - const EVP_MD * mp_md; // Digest instance - unsigned char m_mdValue[EVP_MAX_MD_SIZE]; // Final output - unsigned int m_mdLen; // Length of digest diff --git a/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoHashHMAC.cpp b/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoHashHMAC.cpp deleted file mode 100644 index 4832c147d87..00000000000 --- a/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoHashHMAC.cpp +++ /dev/null @@ -1,61 +0,0 @@ -$NetBSD: patch-xsec_enc_OpenSSL_OpenSSLCryptoHashHMAC.cpp,v 1.1 2018/04/30 05:25:24 ryoon Exp $ - ---- xsec/enc/OpenSSL/OpenSSLCryptoHashHMAC.cpp.orig 2012-07-23 16:56:11.000000000 +0000 -+++ xsec/enc/OpenSSL/OpenSSLCryptoHashHMAC.cpp -@@ -43,6 +43,7 @@ - OpenSSLCryptoHashHMAC::OpenSSLCryptoHashHMAC(HashType alg) { - - // Initialise the digest -+ m_hctx = HMAC_CTX_new(); - - switch (alg) { - -@@ -127,7 +128,7 @@ void OpenSSLCryptoHashHMAC::setKey(XSECC - m_keyLen = ((XSECCryptoKeyHMAC *) key)->getKey(m_keyBuf); - - -- HMAC_Init(&m_hctx, -+ HMAC_Init(m_hctx, - m_keyBuf.rawBuffer(), - m_keyLen, - mp_md); -@@ -139,7 +140,7 @@ void OpenSSLCryptoHashHMAC::setKey(XSECC - OpenSSLCryptoHashHMAC::~OpenSSLCryptoHashHMAC() { - - if (m_initialised) -- HMAC_CTX_cleanup(&m_hctx); -+ HMAC_CTX_free(m_hctx); - - } - -@@ -151,9 +152,9 @@ void OpenSSLCryptoHashHMAC::reset(void) - - if (m_initialised) { - -- HMAC_CTX_cleanup(&m_hctx); -- -- HMAC_Init(&m_hctx, -+ HMAC_CTX_free(m_hctx); -+ m_hctx = HMAC_CTX_new(); -+ HMAC_Init(m_hctx, - m_keyBuf.rawBuffer(), - m_keyLen, - mp_md); -@@ -170,7 +171,7 @@ void OpenSSLCryptoHashHMAC::hash(unsigne - "OpenSSL:HashHMAC - hash called prior to setKey"); - - -- HMAC_Update(&m_hctx, data, (int) length); -+ HMAC_Update(m_hctx, data, (int) length); - - } - -@@ -181,7 +182,7 @@ unsigned int OpenSSLCryptoHashHMAC::fini - - // Finish up and copy out hash, returning the length - -- HMAC_Final(&m_hctx, m_mdValue, &m_mdLen); -+ HMAC_Final(m_hctx, m_mdValue, &m_mdLen); - - // Copy to output buffer - diff --git a/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoHashHMAC.hpp b/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoHashHMAC.hpp deleted file mode 100644 index 4e89fa74ba6..00000000000 --- a/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoHashHMAC.hpp +++ /dev/null @@ -1,22 +0,0 @@ -$NetBSD: patch-xsec_enc_OpenSSL_OpenSSLCryptoHashHMAC.hpp,v 1.1 2018/04/30 05:25:24 ryoon Exp $ - ---- xsec/enc/OpenSSL/OpenSSLCryptoHashHMAC.hpp.orig 2012-07-23 16:56:11.000000000 +0000 -+++ xsec/enc/OpenSSL/OpenSSLCryptoHashHMAC.hpp -@@ -162,7 +162,7 @@ public : - * \brief Get OpenSSL Hash Context - */ - -- HMAC_CTX * getOpenSSLHMAC_CTX(void) {return &m_hctx;} -+ HMAC_CTX * getOpenSSLHMAC_CTX(void) {return m_hctx;} - - //@} - -@@ -175,7 +175,7 @@ private: - unsigned char m_mdValue[EVP_MAX_MD_SIZE]; // Final output - unsigned int m_mdLen; // Length of digest - HashType m_hashType; // What type of hash is this? -- HMAC_CTX m_hctx; // Context for HMAC -+ HMAC_CTX *m_hctx; // Context for HMAC - safeBuffer m_keyBuf; // The loaded key - unsigned int m_keyLen; // The loaded key length - bool m_initialised; diff --git a/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoKeyDSA.cpp b/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoKeyDSA.cpp deleted file mode 100644 index b4e38221b69..00000000000 --- a/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoKeyDSA.cpp +++ /dev/null @@ -1,177 +0,0 @@ -$NetBSD: patch-xsec_enc_OpenSSL_OpenSSLCryptoKeyDSA.cpp,v 1.1 2018/04/30 05:25:24 ryoon Exp $ - ---- xsec/enc/OpenSSL/OpenSSLCryptoKeyDSA.cpp.orig 2015-01-29 02:52:17.000000000 +0000 -+++ xsec/enc/OpenSSL/OpenSSLCryptoKeyDSA.cpp -@@ -64,13 +64,15 @@ XSECCryptoKey::KeyType OpenSSLCryptoKeyD - if (mp_dsaKey == NULL) - return KEY_NONE; - -- if (mp_dsaKey->priv_key != NULL && mp_dsaKey->pub_key != NULL) -+ const BIGNUM *pub_key = 0, *priv_key = 0; -+ DSA_get0_key(mp_dsaKey, &pub_key, &priv_key); -+ if (priv_key != NULL && pub_key != NULL) - return KEY_DSA_PAIR; - -- if (mp_dsaKey->priv_key != NULL) -+ if (priv_key != NULL) - return KEY_DSA_PRIVATE; - -- if (mp_dsaKey->pub_key != NULL) -+ if (pub_key != NULL) - return KEY_DSA_PUBLIC; - - return KEY_NONE; -@@ -82,7 +84,7 @@ void OpenSSLCryptoKeyDSA::loadPBase64Big - if (mp_dsaKey == NULL) - mp_dsaKey = DSA_new(); - -- mp_dsaKey->p = OpenSSLCryptoBase64::b642BN((char *) b64, len); -+ DSA_set0_pqg(mp_dsaKey, OpenSSLCryptoBase64::b642BN((char *) b64, len), 0, 0); - - } - -@@ -91,7 +93,7 @@ void OpenSSLCryptoKeyDSA::loadQBase64Big - if (mp_dsaKey == NULL) - mp_dsaKey = DSA_new(); - -- mp_dsaKey->q = OpenSSLCryptoBase64::b642BN((char *) b64, len); -+ DSA_set0_pqg(mp_dsaKey, 0, OpenSSLCryptoBase64::b642BN((char *) b64, len), 0); - - } - -@@ -100,7 +102,7 @@ void OpenSSLCryptoKeyDSA::loadGBase64Big - if (mp_dsaKey == NULL) - mp_dsaKey = DSA_new(); - -- mp_dsaKey->g = OpenSSLCryptoBase64::b642BN((char *) b64, len); -+ DSA_set0_pqg(mp_dsaKey, 0, 0, OpenSSLCryptoBase64::b642BN((char *) b64, len)); - - } - -@@ -109,7 +111,7 @@ void OpenSSLCryptoKeyDSA::loadYBase64Big - if (mp_dsaKey == NULL) - mp_dsaKey = DSA_new(); - -- mp_dsaKey->pub_key = OpenSSLCryptoBase64::b642BN((char *) b64, len); -+ DSA_set0_key(mp_dsaKey, OpenSSLCryptoBase64::b642BN((char *) b64, len), 0); - - } - -@@ -130,20 +132,15 @@ OpenSSLCryptoKeyDSA::OpenSSLCryptoKeyDSA - - mp_dsaKey = DSA_new(); - -- if (k == NULL || k->type != EVP_PKEY_DSA) -+ if (k == NULL || EVP_PKEY_base_id(k) != EVP_PKEY_DSA) - return; // Nothing to do with us - -- -- if (k->pkey.dsa->p) -- mp_dsaKey->p = BN_dup(k->pkey.dsa->p); -- if (k->pkey.dsa->q) -- mp_dsaKey->q = BN_dup(k->pkey.dsa->q); -- if (k->pkey.dsa->g) -- mp_dsaKey->g = BN_dup(k->pkey.dsa->g); -- if (k->pkey.dsa->pub_key) -- mp_dsaKey->pub_key = BN_dup(k->pkey.dsa->pub_key); -- if (k->pkey.dsa->priv_key) -- mp_dsaKey->priv_key = BN_dup(k->pkey.dsa->priv_key); -+ DSA *dsa = EVP_PKEY_get0_DSA(k); -+ const BIGNUM *p = 0, *q = 0, *g = 0, *pub_key = 0, *priv_key = 0; -+ DSA_get0_pqg(dsa, &p, &q, &g); -+ DSA_get0_key(dsa, &pub_key, &priv_key); -+ DSA_set0_pqg(mp_dsaKey, BN_dup(p), BN_dup(q), BN_dup(g)); -+ DSA_set0_key(mp_dsaKey, BN_dup(pub_key), BN_dup(priv_key)); - - } - -@@ -175,9 +172,9 @@ bool OpenSSLCryptoKeyDSA::verifyBase64Si - unsigned char* sigVal = new unsigned char[sigLen + 1]; - ArrayJanitor<unsigned char> j_sigVal(sigVal); - -- EVP_ENCODE_CTX m_dctx; -- EVP_DecodeInit(&m_dctx); -- int rc = EVP_DecodeUpdate(&m_dctx, -+ EVP_ENCODE_CTX *m_dctx = EVP_ENCODE_CTX_new(); -+ EVP_DecodeInit(m_dctx); -+ int rc = EVP_DecodeUpdate(m_dctx, - sigVal, - &sigValLen, - (unsigned char *) cleanedBase64Signature, -@@ -190,7 +187,8 @@ bool OpenSSLCryptoKeyDSA::verifyBase64Si - } - int t = 0; - -- EVP_DecodeFinal(&m_dctx, &sigVal[sigValLen], &t); -+ EVP_DecodeFinal(m_dctx, &sigVal[sigValLen], &t); -+ EVP_ENCODE_CTX_free(m_dctx); - - sigValLen += t; - -@@ -223,12 +221,7 @@ bool OpenSSLCryptoKeyDSA::verifyBase64Si - } - - DSA_SIG * dsa_sig = DSA_SIG_new(); -- -- dsa_sig->r = BN_dup(R); -- dsa_sig->s = BN_dup(S); -- -- BN_free(R); -- BN_free(S); -+ DSA_SIG_set0(dsa_sig, R, S); - - // Now we have a signature and a key - lets check - -@@ -267,6 +260,8 @@ unsigned int OpenSSLCryptoKeyDSA::signBa - DSA_SIG * dsa_sig; - - dsa_sig = DSA_do_sign(hashBuf, hashLen, mp_dsaKey); -+ const BIGNUM *r = 0, *s = 0; -+ DSA_SIG_get0(dsa_sig, &r, &s); - - if (dsa_sig == NULL) { - -@@ -277,10 +272,10 @@ unsigned int OpenSSLCryptoKeyDSA::signBa - - // Now turn the signature into a base64 string - -- unsigned char* rawSigBuf = new unsigned char[(BN_num_bits(dsa_sig->r) + BN_num_bits(dsa_sig->s) + 7) / 8]; -+ unsigned char* rawSigBuf = new unsigned char[(BN_num_bits(r) + BN_num_bits(s) + 7) / 8]; - ArrayJanitor<unsigned char> j_sigbuf(rawSigBuf); - -- unsigned int rawLen = BN_bn2bin(dsa_sig->r, rawSigBuf); -+ unsigned int rawLen = BN_bn2bin(r, rawSigBuf); - - if (rawLen <= 0) { - -@@ -289,7 +284,7 @@ unsigned int OpenSSLCryptoKeyDSA::signBa - - } - -- unsigned int rawLenS = BN_bn2bin(dsa_sig->s, (unsigned char *) &rawSigBuf[rawLen]); -+ unsigned int rawLenS = BN_bn2bin(s, (unsigned char *) &rawSigBuf[rawLen]); - - if (rawLenS <= 0) { - -@@ -339,16 +334,11 @@ XSECCryptoKey * OpenSSLCryptoKeyDSA::clo - ret->mp_dsaKey = DSA_new(); - - // Duplicate parameters -- if (mp_dsaKey->p) -- ret->mp_dsaKey->p = BN_dup(mp_dsaKey->p); -- if (mp_dsaKey->q) -- ret->mp_dsaKey->q = BN_dup(mp_dsaKey->q); -- if (mp_dsaKey->g) -- ret->mp_dsaKey->g = BN_dup(mp_dsaKey->g); -- if (mp_dsaKey->pub_key) -- ret->mp_dsaKey->pub_key = BN_dup(mp_dsaKey->pub_key); -- if (mp_dsaKey->priv_key) -- ret->mp_dsaKey->priv_key = BN_dup(mp_dsaKey->priv_key); -+ const BIGNUM *p = 0, *q = 0, *g = 0, *pub_key = 0, *priv_key = 0; -+ DSA_get0_pqg(mp_dsaKey, &p, &q, &g); -+ DSA_get0_key(mp_dsaKey, &pub_key, &priv_key); -+ DSA_set0_pqg(ret->mp_dsaKey, BN_dup(p), BN_dup(q), BN_dup(g)); -+ DSA_set0_key(ret->mp_dsaKey, BN_dup(pub_key), BN_dup(priv_key)); - - return ret; - diff --git a/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoKeyEC.cpp b/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoKeyEC.cpp deleted file mode 100644 index 2f75ed0eeac..00000000000 --- a/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoKeyEC.cpp +++ /dev/null @@ -1,80 +0,0 @@ -$NetBSD: patch-xsec_enc_OpenSSL_OpenSSLCryptoKeyEC.cpp,v 1.1 2018/04/30 05:25:24 ryoon Exp $ - ---- xsec/enc/OpenSSL/OpenSSLCryptoKeyEC.cpp.orig 2015-02-03 00:57:48.000000000 +0000 -+++ xsec/enc/OpenSSL/OpenSSLCryptoKeyEC.cpp -@@ -128,10 +128,10 @@ OpenSSLCryptoKeyEC::OpenSSLCryptoKeyEC(E - - // Create a new key to be loaded as we go - -- if (k == NULL || k->type != EVP_PKEY_EC) -+ if (k == NULL || EVP_PKEY_base_id(k) != EVP_PKEY_EC) - return; // Nothing to do with us - -- mp_ecKey = EC_KEY_dup(k->pkey.ec); -+ mp_ecKey = EC_KEY_dup(EVP_PKEY_get0_EC_KEY(k)); - } - - // -------------------------------------------------------------------------------- -@@ -162,9 +162,9 @@ bool OpenSSLCryptoKeyEC::verifyBase64Sig - unsigned char* sigVal = new unsigned char[sigLen + 1]; - ArrayJanitor<unsigned char> j_sigVal(sigVal); - -- EVP_ENCODE_CTX m_dctx; -- EVP_DecodeInit(&m_dctx); -- int rc = EVP_DecodeUpdate(&m_dctx, -+ EVP_ENCODE_CTX *m_dctx = EVP_ENCODE_CTX_new(); -+ EVP_DecodeInit(m_dctx); -+ int rc = EVP_DecodeUpdate(m_dctx, - sigVal, - &sigValLen, - (unsigned char *) cleanedBase64Signature, -@@ -177,7 +177,8 @@ bool OpenSSLCryptoKeyEC::verifyBase64Sig - } - int t = 0; - -- EVP_DecodeFinal(&m_dctx, &sigVal[sigValLen], &t); -+ EVP_DecodeFinal(m_dctx, &sigVal[sigValLen], &t); -+ EVP_ENCODE_CTX_free(m_dctx); - - sigValLen += t; - -@@ -189,8 +190,9 @@ bool OpenSSLCryptoKeyEC::verifyBase64Sig - // Translate to BNs by splitting in half, and thence to ECDSA_SIG - - ECDSA_SIG * dsa_sig = ECDSA_SIG_new(); -- dsa_sig->r = BN_bin2bn(sigVal, sigValLen / 2, NULL); -- dsa_sig->s = BN_bin2bn(&sigVal[sigValLen / 2], sigValLen / 2, NULL); -+ ECDSA_SIG_set0(dsa_sig, -+ BN_bin2bn(sigVal, sigValLen / 2, NULL), -+ BN_bin2bn(&sigVal[sigValLen / 2], sigValLen / 2, NULL)); - - // Now we have a signature and a key - lets check - -@@ -228,6 +230,8 @@ unsigned int OpenSSLCryptoKeyEC::signBas - ECDSA_SIG * dsa_sig; - - dsa_sig = ECDSA_do_sign(hashBuf, hashLen, mp_ecKey); -+ const BIGNUM *r, *s; -+ ECDSA_SIG_get0(dsa_sig, &r, &s); - - if (dsa_sig == NULL) { - throw XSECCryptoException(XSECCryptoException::ECError, -@@ -263,14 +267,14 @@ unsigned int OpenSSLCryptoKeyEC::signBas - memset(rawSigBuf, 0, keyLen * 2); - ArrayJanitor<unsigned char> j_sigbuf(rawSigBuf); - -- unsigned int rawLen = (BN_num_bits(dsa_sig->r) + 7) / 8; -- if (BN_bn2bin(dsa_sig->r, rawSigBuf + keyLen - rawLen) <= 0) { -+ unsigned int rawLen = (BN_num_bits(r) + 7) / 8; -+ if (BN_bn2bin(r, rawSigBuf + keyLen - rawLen) <= 0) { - throw XSECCryptoException(XSECCryptoException::ECError, - "OpenSSL:EC - Error copying signature 'r' value to buffer"); - } - -- rawLen = (BN_num_bits(dsa_sig->s) + 7) / 8; -- if (BN_bn2bin(dsa_sig->s, rawSigBuf + keyLen + keyLen - rawLen) <= 0) { -+ rawLen = (BN_num_bits(s) + 7) / 8; -+ if (BN_bn2bin(s, rawSigBuf + keyLen + keyLen - rawLen) <= 0) { - throw XSECCryptoException(XSECCryptoException::ECError, - "OpenSSL:EC - Error copying signature 's' value to buffer"); - } diff --git a/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoKeyRSA.cpp b/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoKeyRSA.cpp deleted file mode 100644 index 6d47b7f34e4..00000000000 --- a/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoKeyRSA.cpp +++ /dev/null @@ -1,143 +0,0 @@ -$NetBSD: patch-xsec_enc_OpenSSL_OpenSSLCryptoKeyRSA.cpp,v 1.1 2018/04/30 05:25:24 ryoon Exp $ - ---- xsec/enc/OpenSSL/OpenSSLCryptoKeyRSA.cpp.orig 2012-07-23 16:56:11.000000000 +0000 -+++ xsec/enc/OpenSSL/OpenSSLCryptoKeyRSA.cpp -@@ -326,13 +326,15 @@ XSECCryptoKey::KeyType OpenSSLCryptoKeyR - if (mp_rsaKey == NULL) - return KEY_NONE; - -- if (mp_rsaKey->n != NULL && mp_rsaKey->d != NULL) -+ const BIGNUM *n = 0, *e = 0, *d = 0; -+ RSA_get0_key(mp_rsaKey, &n, &e, &d); -+ if (n != NULL && d != NULL) - return KEY_RSA_PAIR; - -- if (mp_rsaKey->d != NULL) -+ if (d != NULL) - return KEY_RSA_PRIVATE; - -- if (mp_rsaKey->n != NULL) -+ if (n != NULL) - return KEY_RSA_PUBLIC; - - return KEY_NONE; -@@ -344,7 +346,7 @@ void OpenSSLCryptoKeyRSA::loadPublicModu - if (mp_rsaKey == NULL) - mp_rsaKey = RSA_new(); - -- mp_rsaKey->n = OpenSSLCryptoBase64::b642BN((char *) b64, len); -+ RSA_set0_key(mp_rsaKey, OpenSSLCryptoBase64::b642BN((char *) b64, len), 0, 0); - - } - -@@ -353,7 +355,7 @@ void OpenSSLCryptoKeyRSA::loadPublicExpo - if (mp_rsaKey == NULL) - mp_rsaKey = RSA_new(); - -- mp_rsaKey->e = OpenSSLCryptoBase64::b642BN((char *) b64, len); -+ RSA_set0_key(mp_rsaKey, 0, OpenSSLCryptoBase64::b642BN((char *) b64, len), 0); - - } - -@@ -369,32 +371,17 @@ OpenSSLCryptoKeyRSA::OpenSSLCryptoKeyRSA - - mp_rsaKey = RSA_new(); - -- if (k == NULL || k->type != EVP_PKEY_RSA) -+ if (k == NULL || EVP_PKEY_base_id(k) != EVP_PKEY_RSA) - return; // Nothing to do with us - -- if (k->pkey.rsa->n) -- mp_rsaKey->n = BN_dup(k->pkey.rsa->n); -- -- if (k->pkey.rsa->e) -- mp_rsaKey->e = BN_dup(k->pkey.rsa->e); -- -- if (k->pkey.rsa->d) -- mp_rsaKey->d = BN_dup(k->pkey.rsa->d); -- -- if (k->pkey.rsa->p) -- mp_rsaKey->p = BN_dup(k->pkey.rsa->p); -- -- if (k->pkey.rsa->q) -- mp_rsaKey->q = BN_dup(k->pkey.rsa->q); -- -- if (k->pkey.rsa->dmp1) -- mp_rsaKey->dmp1 = BN_dup(k->pkey.rsa->dmp1); -- -- if (k->pkey.rsa->dmq1) -- mp_rsaKey->dmq1 = BN_dup(k->pkey.rsa->dmq1); -- -- if (k->pkey.rsa->iqmp) -- mp_rsaKey->iqmp = BN_dup(k->pkey.rsa->iqmp); -+ RSA *rsa = EVP_PKEY_get0_RSA(k); -+ const BIGNUM *n = 0, *e = 0, *d = 0, *p = 0, *q = 0, *dmp1 = 0, *dmq1 = 0, *iqmp = 0; -+ RSA_get0_key(rsa, &n, &e, &d); -+ RSA_get0_factors(rsa, &p, &q); -+ RSA_get0_crt_params(rsa, &dmp1, &dmq1, &iqmp); -+ RSA_set0_key(mp_rsaKey, BN_dup(n), BN_dup(e), BN_dup(d)); -+ RSA_set0_factors(mp_rsaKey, BN_dup(p), BN_dup(q)); -+ RSA_set0_crt_params(mp_rsaKey, BN_dup(dmp1), BN_dup(dmq1), BN_dup(iqmp)); - - } - -@@ -427,9 +414,9 @@ bool OpenSSLCryptoKeyRSA::verifySHA1PKCS - unsigned char* sigVal = new unsigned char[sigLen + 1]; - ArrayJanitor<unsigned char> j_sigVal(sigVal); - -- EVP_ENCODE_CTX m_dctx; -- EVP_DecodeInit(&m_dctx); -- int rc = EVP_DecodeUpdate(&m_dctx, -+ EVP_ENCODE_CTX *m_dctx = EVP_ENCODE_CTX_new(); -+ EVP_DecodeInit(m_dctx); -+ int rc = EVP_DecodeUpdate(m_dctx, - sigVal, - &sigValLen, - (unsigned char *) cleanedBase64Signature, -@@ -442,7 +429,8 @@ bool OpenSSLCryptoKeyRSA::verifySHA1PKCS - } - int t = 0; - -- EVP_DecodeFinal(&m_dctx, &sigVal[sigValLen], &t); -+ EVP_DecodeFinal(m_dctx, &sigVal[sigValLen], &t); -+ EVP_ENCODE_CTX_free(m_dctx); - - sigValLen += t; - -@@ -979,29 +967,13 @@ XSECCryptoKey * OpenSSLCryptoKeyRSA::clo - - // Duplicate parameters - -- if (mp_rsaKey->n) -- ret->mp_rsaKey->n = BN_dup(mp_rsaKey->n); -- -- if (mp_rsaKey->e) -- ret->mp_rsaKey->e = BN_dup(mp_rsaKey->e); -- -- if (mp_rsaKey->d) -- ret->mp_rsaKey->d = BN_dup(mp_rsaKey->d); -- -- if (mp_rsaKey->p) -- ret->mp_rsaKey->p = BN_dup(mp_rsaKey->p); -- -- if (mp_rsaKey->q) -- ret->mp_rsaKey->q = BN_dup(mp_rsaKey->q); -- -- if (mp_rsaKey->dmp1) -- ret->mp_rsaKey->dmp1 = BN_dup(mp_rsaKey->dmp1); -- -- if (mp_rsaKey->dmq1) -- ret->mp_rsaKey->dmq1 = BN_dup(mp_rsaKey->dmq1); -- -- if (mp_rsaKey->iqmp) -- ret->mp_rsaKey->iqmp = BN_dup(mp_rsaKey->iqmp); -+ const BIGNUM *n = 0, *e = 0, *d = 0, *p = 0, *q = 0, *dmp1 = 0, *dmq1 = 0, *iqmp = 0; -+ RSA_get0_key(mp_rsaKey, &n, &e, &d); -+ RSA_get0_factors(mp_rsaKey, &p, &q); -+ RSA_get0_crt_params(mp_rsaKey, &dmp1, &dmq1, &iqmp); -+ RSA_set0_key(ret->mp_rsaKey, BN_dup(n), BN_dup(e), BN_dup(d)); -+ RSA_set0_factors(ret->mp_rsaKey, BN_dup(p), BN_dup(q)); -+ RSA_set0_crt_params(ret->mp_rsaKey, BN_dup(dmp1), BN_dup(dmq1), BN_dup(iqmp)); - - return ret; - diff --git a/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoProvider.cpp b/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoProvider.cpp deleted file mode 100644 index 378d6016bad..00000000000 --- a/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoProvider.cpp +++ /dev/null @@ -1,13 +0,0 @@ -$NetBSD: patch-xsec_enc_OpenSSL_OpenSSLCryptoProvider.cpp,v 1.1 2018/04/30 05:25:24 ryoon Exp $ - ---- xsec/enc/OpenSSL/OpenSSLCryptoProvider.cpp.orig 2012-07-23 16:56:11.000000000 +0000 -+++ xsec/enc/OpenSSL/OpenSSLCryptoProvider.cpp -@@ -343,7 +343,7 @@ XSECCryptoKey* OpenSSLCryptoProvider::ke - if (pkey) { - XSECCryptoKey* ret = NULL; - try { -- switch (pkey->type) { -+ switch (EVP_PKEY_base_id(pkey)) { - case EVP_PKEY_RSA: - ret = new OpenSSLCryptoKeyRSA(pkey); - break; diff --git a/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoSymmetricKey.cpp b/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoSymmetricKey.cpp deleted file mode 100644 index 54935d30b82..00000000000 --- a/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoSymmetricKey.cpp +++ /dev/null @@ -1,311 +0,0 @@ -$NetBSD: patch-xsec_enc_OpenSSL_OpenSSLCryptoSymmetricKey.cpp,v 1.1 2018/04/30 05:25:24 ryoon Exp $ - ---- xsec/enc/OpenSSL/OpenSSLCryptoSymmetricKey.cpp.orig 2015-01-29 02:52:17.000000000 +0000 -+++ xsec/enc/OpenSSL/OpenSSLCryptoSymmetricKey.cpp -@@ -56,7 +56,8 @@ m_tagBuf(""), - m_keyLen(0), - m_initialised(false) { - -- EVP_CIPHER_CTX_init(&m_ctx); -+ m_ctx = EVP_CIPHER_CTX_new(); -+ EVP_CIPHER_CTX_init(m_ctx); - m_keyBuf.isSensitive(); - - } -@@ -65,7 +66,7 @@ OpenSSLCryptoSymmetricKey::~OpenSSLCrypt - - // Clean up the context - -- EVP_CIPHER_CTX_cleanup(&m_ctx); -+ EVP_CIPHER_CTX_free(m_ctx); - } - - // -------------------------------------------------------------------------------- -@@ -149,17 +150,17 @@ int OpenSSLCryptoSymmetricKey::decryptCt - with 0.9.6 */ - - #if defined(XSEC_OPENSSL_CONST_BUFFERS) -- EVP_DecryptInit(&m_ctx, EVP_des_ede3_cbc(),m_keyBuf.rawBuffer(), iv); -+ EVP_DecryptInit(m_ctx, EVP_des_ede3_cbc(),m_keyBuf.rawBuffer(), iv); - #else -- EVP_DecryptInit(&m_ctx, EVP_des_ede3_cbc(),(unsigned char *) m_keyBuf.rawBuffer(), (unsigned char *) iv); -+ EVP_DecryptInit(m_ctx, EVP_des_ede3_cbc(),(unsigned char *) m_keyBuf.rawBuffer(), (unsigned char *) iv); - #endif - m_ivSize = 8; - } - else if (m_keyMode == MODE_ECB) { - #if defined(XSEC_OPENSSL_CONST_BUFFERS) -- EVP_DecryptInit(&m_ctx, EVP_des_ecb(), m_keyBuf.rawBuffer(), NULL); -+ EVP_DecryptInit(m_ctx, EVP_des_ecb(), m_keyBuf.rawBuffer(), NULL); - #else -- EVP_DecryptInit(&m_ctx, EVP_des_ecb(), (unsigned char *) m_keyBuf.rawBuffer(), NULL); -+ EVP_DecryptInit(m_ctx, EVP_des_ecb(), (unsigned char *) m_keyBuf.rawBuffer(), NULL); - #endif - m_ivSize = 0; - } -@@ -184,7 +185,7 @@ int OpenSSLCryptoSymmetricKey::decryptCt - return 0; // Cannot initialise without an IV - } - -- EVP_DecryptInit_ex(&m_ctx, EVP_aes_128_cbc(), NULL, m_keyBuf.rawBuffer(), iv); -+ EVP_DecryptInit_ex(m_ctx, EVP_aes_128_cbc(), NULL, m_keyBuf.rawBuffer(), iv); - - } - #if defined (XSEC_OPENSSL_HAVE_GCM) -@@ -207,15 +208,15 @@ int OpenSSLCryptoSymmetricKey::decryptCt - } - - // We have everything, so we can fully init. -- EVP_CipherInit(&m_ctx, EVP_aes_128_gcm(), NULL, NULL, 0); -- EVP_CIPHER_CTX_ctrl(&m_ctx, EVP_CTRL_GCM_SET_IVLEN, 12, NULL); -- EVP_CIPHER_CTX_ctrl(&m_ctx, EVP_CTRL_GCM_SET_TAG, 16, (void*)m_tagBuf.rawBuffer()); -- EVP_CipherInit(&m_ctx, NULL, m_keyBuf.rawBuffer(), iv, 0); -+ EVP_CipherInit(m_ctx, EVP_aes_128_gcm(), NULL, NULL, 0); -+ EVP_CIPHER_CTX_ctrl(m_ctx, EVP_CTRL_GCM_SET_IVLEN, 12, NULL); -+ EVP_CIPHER_CTX_ctrl(m_ctx, EVP_CTRL_GCM_SET_TAG, 16, (void*)m_tagBuf.rawBuffer()); -+ EVP_CipherInit(m_ctx, NULL, m_keyBuf.rawBuffer(), iv, 0); - } - #endif - else if (m_keyMode == MODE_ECB) { - -- EVP_DecryptInit_ex(&m_ctx, EVP_aes_128_ecb(), NULL, m_keyBuf.rawBuffer(), NULL); -+ EVP_DecryptInit_ex(m_ctx, EVP_aes_128_ecb(), NULL, m_keyBuf.rawBuffer(), NULL); - - } - else { -@@ -236,7 +237,7 @@ int OpenSSLCryptoSymmetricKey::decryptCt - return 0; // Cannot initialise without an IV - } - -- EVP_DecryptInit_ex(&m_ctx, EVP_aes_192_cbc(), NULL, m_keyBuf.rawBuffer(), iv); -+ EVP_DecryptInit_ex(m_ctx, EVP_aes_192_cbc(), NULL, m_keyBuf.rawBuffer(), iv); - - } - #if defined (XSEC_OPENSSL_HAVE_GCM) -@@ -259,16 +260,16 @@ int OpenSSLCryptoSymmetricKey::decryptCt - } - - // We have everything, so we can fully init. -- EVP_CipherInit(&m_ctx, EVP_aes_192_gcm(), NULL, NULL, 0); -- EVP_CIPHER_CTX_ctrl(&m_ctx, EVP_CTRL_GCM_SET_IVLEN, 12, NULL); -- EVP_CIPHER_CTX_ctrl(&m_ctx, EVP_CTRL_GCM_SET_TAG, 16, (void*)m_tagBuf.rawBuffer()); -- EVP_CipherInit(&m_ctx, NULL, m_keyBuf.rawBuffer(), iv, 0); -+ EVP_CipherInit(m_ctx, EVP_aes_192_gcm(), NULL, NULL, 0); -+ EVP_CIPHER_CTX_ctrl(m_ctx, EVP_CTRL_GCM_SET_IVLEN, 12, NULL); -+ EVP_CIPHER_CTX_ctrl(m_ctx, EVP_CTRL_GCM_SET_TAG, 16, (void*)m_tagBuf.rawBuffer()); -+ EVP_CipherInit(m_ctx, NULL, m_keyBuf.rawBuffer(), iv, 0); - - } - #endif - else if (m_keyMode == MODE_ECB) { - -- EVP_DecryptInit_ex(&m_ctx, EVP_aes_192_ecb(), NULL, m_keyBuf.rawBuffer(), NULL); -+ EVP_DecryptInit_ex(m_ctx, EVP_aes_192_ecb(), NULL, m_keyBuf.rawBuffer(), NULL); - - } - else { -@@ -289,7 +290,7 @@ int OpenSSLCryptoSymmetricKey::decryptCt - return 0; // Cannot initialise without an IV - } - -- EVP_DecryptInit_ex(&m_ctx, EVP_aes_256_cbc(), NULL, m_keyBuf.rawBuffer(), iv); -+ EVP_DecryptInit_ex(m_ctx, EVP_aes_256_cbc(), NULL, m_keyBuf.rawBuffer(), iv); - - } - #if defined (XSEC_OPENSSL_HAVE_GCM) -@@ -312,16 +313,16 @@ int OpenSSLCryptoSymmetricKey::decryptCt - } - - // We have everything, so we can fully init. -- EVP_CipherInit(&m_ctx, EVP_aes_256_gcm(), NULL, NULL, 0); -- EVP_CIPHER_CTX_ctrl(&m_ctx, EVP_CTRL_GCM_SET_IVLEN, 12, NULL); -- EVP_CIPHER_CTX_ctrl(&m_ctx, EVP_CTRL_GCM_SET_TAG, 16, (void*)m_tagBuf.rawBuffer()); -- EVP_CipherInit(&m_ctx, NULL, m_keyBuf.rawBuffer(), iv, 0); -+ EVP_CipherInit(m_ctx, EVP_aes_256_gcm(), NULL, NULL, 0); -+ EVP_CIPHER_CTX_ctrl(m_ctx, EVP_CTRL_GCM_SET_IVLEN, 12, NULL); -+ EVP_CIPHER_CTX_ctrl(m_ctx, EVP_CTRL_GCM_SET_TAG, 16, (void*)m_tagBuf.rawBuffer()); -+ EVP_CipherInit(m_ctx, NULL, m_keyBuf.rawBuffer(), iv, 0); - - } - #endif - else if (m_keyMode == MODE_ECB) { - -- EVP_DecryptInit_ex(&m_ctx, EVP_aes_256_ecb(), NULL, m_keyBuf.rawBuffer(), NULL); -+ EVP_DecryptInit_ex(m_ctx, EVP_aes_256_ecb(), NULL, m_keyBuf.rawBuffer(), NULL); - - } - else { -@@ -371,7 +372,7 @@ int OpenSSLCryptoSymmetricKey::decryptCt - // Disable OpenSSL padding - The interop samples have broken PKCS padding - AARGHH - - #if defined (XSEC_OPENSSL_CANSET_PADDING) -- EVP_CIPHER_CTX_set_padding(&m_ctx, 0); -+ EVP_CIPHER_CTX_set_padding(m_ctx, 0); - #endif - - // Return number of bytes chewed up by IV -@@ -439,9 +440,9 @@ unsigned int OpenSSLCryptoSymmetricKey:: - } - - #if defined (XSEC_OPENSSL_CONST_BUFFERS) -- if (EVP_DecryptUpdate(&m_ctx, &plainBuf[m_bytesInLastBlock], &outl, &inBuf[offset], inLength - offset) == 0) { -+ if (EVP_DecryptUpdate(m_ctx, &plainBuf[m_bytesInLastBlock], &outl, &inBuf[offset], inLength - offset) == 0) { - #else -- if (EVP_DecryptUpdate(&m_ctx, &plainBuf[m_bytesInLastBlock], &outl, (unsigned char *) &inBuf[offset], inLength - offset) == 0) { -+ if (EVP_DecryptUpdate(m_ctx, &plainBuf[m_bytesInLastBlock], &outl, (unsigned char *) &inBuf[offset], inLength - offset) == 0) { - #endif - throw XSECCryptoException(XSECCryptoException::SymmetricError, - "OpenSSL:SymmetricKey - Error during OpenSSL decrypt"); -@@ -476,7 +477,7 @@ unsigned int OpenSSLCryptoSymmetricKey:: - - #if defined (XSEC_OPENSSL_CANSET_PADDING) - -- if (EVP_DecryptFinal(&m_ctx, plainBuf, &outl) == 0) { -+ if (EVP_DecryptFinal(m_ctx, plainBuf, &outl) == 0) { - - throw XSECCryptoException(XSECCryptoException::SymmetricError, - "OpenSSL:SymmetricKey - Error during OpenSSL decrypt finalisation"); -@@ -544,7 +545,7 @@ unsigned int OpenSSLCryptoSymmetricKey:: - We can then clean that up ourselves - */ - -- if (EVP_DecryptUpdate(&m_ctx, &scrPlainBuf[offset], &outl, cipherBuf, m_blockSize) == 0) { -+ if (EVP_DecryptUpdate(m_ctx, &scrPlainBuf[offset], &outl, cipherBuf, m_blockSize) == 0) { - throw XSECCryptoException(XSECCryptoException::SymmetricError, - "OpenSSL:SymmetricKey - Error cecrypting final block during OpenSSL"); - } -@@ -641,16 +642,16 @@ bool OpenSSLCryptoSymmetricKey::encryptI - } - - #if defined (XSEC_OPENSSL_CONST_BUFFERS) -- EVP_EncryptInit(&m_ctx, EVP_des_ede3_cbc(), m_keyBuf.rawBuffer(), usedIV); -+ EVP_EncryptInit(m_ctx, EVP_des_ede3_cbc(), m_keyBuf.rawBuffer(), usedIV); - #else -- EVP_EncryptInit(&m_ctx, EVP_des_ede3_cbc(), (unsigned char *) m_keyBuf.rawBuffer(), (unsigned char *) usedIV); -+ EVP_EncryptInit(m_ctx, EVP_des_ede3_cbc(), (unsigned char *) m_keyBuf.rawBuffer(), (unsigned char *) usedIV); - #endif - } - else if (m_keyMode == MODE_ECB) { - #if defined (XSEC_OPENSSL_CONST_BUFFERS) -- EVP_EncryptInit(&m_ctx, EVP_des_ede3_ecb(), m_keyBuf.rawBuffer(), NULL); -+ EVP_EncryptInit(m_ctx, EVP_des_ede3_ecb(), m_keyBuf.rawBuffer(), NULL); - #else -- EVP_EncryptInit(&m_ctx, EVP_des_ede3(), (unsigned char *) m_keyBuf.rawBuffer(), NULL); -+ EVP_EncryptInit(m_ctx, EVP_des_ede3(), (unsigned char *) m_keyBuf.rawBuffer(), NULL); - #endif - } - else { -@@ -684,11 +685,11 @@ bool OpenSSLCryptoSymmetricKey::encryptI - else - usedIV = iv; - -- EVP_EncryptInit_ex(&m_ctx, EVP_aes_128_cbc(), NULL, m_keyBuf.rawBuffer(), usedIV); -+ EVP_EncryptInit_ex(m_ctx, EVP_aes_128_cbc(), NULL, m_keyBuf.rawBuffer(), usedIV); - } - else if (m_keyMode == MODE_ECB) { - -- EVP_EncryptInit_ex(&m_ctx, EVP_aes_128_ecb(), NULL, m_keyBuf.rawBuffer(), NULL); -+ EVP_EncryptInit_ex(m_ctx, EVP_aes_128_ecb(), NULL, m_keyBuf.rawBuffer(), NULL); - - } - #ifdef XSEC_OPENSSL_HAVE_GCM -@@ -708,7 +709,7 @@ bool OpenSSLCryptoSymmetricKey::encryptI - else - usedIV = iv; - -- EVP_EncryptInit_ex(&m_ctx, EVP_aes_128_gcm(), NULL, m_keyBuf.rawBuffer(), usedIV); -+ EVP_EncryptInit_ex(m_ctx, EVP_aes_128_gcm(), NULL, m_keyBuf.rawBuffer(), usedIV); - } - #endif - else { -@@ -739,7 +740,7 @@ bool OpenSSLCryptoSymmetricKey::encryptI - else - usedIV = iv; - -- EVP_EncryptInit_ex(&m_ctx, EVP_aes_192_cbc(), NULL, m_keyBuf.rawBuffer(), usedIV); -+ EVP_EncryptInit_ex(m_ctx, EVP_aes_192_cbc(), NULL, m_keyBuf.rawBuffer(), usedIV); - - } - #ifdef XSEC_OPENSSL_HAVE_GCM -@@ -759,12 +760,12 @@ bool OpenSSLCryptoSymmetricKey::encryptI - else - usedIV = iv; - -- EVP_EncryptInit_ex(&m_ctx, EVP_aes_192_gcm(), NULL, m_keyBuf.rawBuffer(), usedIV); -+ EVP_EncryptInit_ex(m_ctx, EVP_aes_192_gcm(), NULL, m_keyBuf.rawBuffer(), usedIV); - } - #endif - else if (m_keyMode == MODE_ECB) { - -- EVP_EncryptInit_ex(&m_ctx, EVP_aes_192_ecb(), NULL, m_keyBuf.rawBuffer(), NULL); -+ EVP_EncryptInit_ex(m_ctx, EVP_aes_192_ecb(), NULL, m_keyBuf.rawBuffer(), NULL); - } - else { - throw XSECCryptoException(XSECCryptoException::SymmetricError, -@@ -793,7 +794,7 @@ bool OpenSSLCryptoSymmetricKey::encryptI - else - usedIV = iv; - -- EVP_EncryptInit_ex(&m_ctx, EVP_aes_256_cbc(), NULL, m_keyBuf.rawBuffer(), usedIV); -+ EVP_EncryptInit_ex(m_ctx, EVP_aes_256_cbc(), NULL, m_keyBuf.rawBuffer(), usedIV); - - } - #ifdef XSEC_OPENSSL_HAVE_GCM -@@ -813,12 +814,12 @@ bool OpenSSLCryptoSymmetricKey::encryptI - else - usedIV = iv; - -- EVP_EncryptInit_ex(&m_ctx, EVP_aes_256_gcm(), NULL, m_keyBuf.rawBuffer(), usedIV); -+ EVP_EncryptInit_ex(m_ctx, EVP_aes_256_gcm(), NULL, m_keyBuf.rawBuffer(), usedIV); - } - #endif - else if (m_keyMode == MODE_ECB) { - -- EVP_EncryptInit_ex(&m_ctx, EVP_aes_256_ecb(), NULL, m_keyBuf.rawBuffer(), NULL); -+ EVP_EncryptInit_ex(m_ctx, EVP_aes_256_ecb(), NULL, m_keyBuf.rawBuffer(), NULL); - - } - else { -@@ -864,10 +865,10 @@ bool OpenSSLCryptoSymmetricKey::encryptI - #if defined (XSEC_OPENSSL_CANSET_PADDING) - // Setup padding - if (m_doPad) { -- EVP_CIPHER_CTX_set_padding(&m_ctx, 1); -+ EVP_CIPHER_CTX_set_padding(m_ctx, 1); - } - else { -- EVP_CIPHER_CTX_set_padding(&m_ctx, 0); -+ EVP_CIPHER_CTX_set_padding(m_ctx, 0); - } - #endif - -@@ -908,9 +909,9 @@ unsigned int OpenSSLCryptoSymmetricKey:: - - } - #if defined (XSEC_OPENSSL_CONST_BUFFERS) -- if (EVP_EncryptUpdate(&m_ctx, &cipherBuf[offset], &outl, inBuf, inLength) == 0) { -+ if (EVP_EncryptUpdate(m_ctx, &cipherBuf[offset], &outl, inBuf, inLength) == 0) { - #else -- if (EVP_EncryptUpdate(&m_ctx, &cipherBuf[offset], &outl, (unsigned char *) inBuf, inLength) == 0) { -+ if (EVP_EncryptUpdate(m_ctx, &cipherBuf[offset], &outl, (unsigned char *) inBuf, inLength) == 0) { - #endif - - throw XSECCryptoException(XSECCryptoException::SymmetricError, -@@ -929,7 +930,7 @@ unsigned int OpenSSLCryptoSymmetricKey:: - int outl = maxOutLength; - m_initialised = false; - -- if (EVP_EncryptFinal(&m_ctx, cipherBuf, &outl) == 0) { -+ if (EVP_EncryptFinal(m_ctx, cipherBuf, &outl) == 0) { - - throw XSECCryptoException(XSECCryptoException::SymmetricError, - "OpenSSLSymmetricKey::encryptFinish - Error during OpenSSL decrypt finalisation"); -@@ -962,7 +963,7 @@ unsigned int OpenSSLCryptoSymmetricKey:: - } - if (m_keyMode == MODE_GCM) { - #ifdef XSEC_OPENSSL_HAVE_GCM -- EVP_CIPHER_CTX_ctrl(&m_ctx, EVP_CTRL_GCM_GET_TAG, taglen, cipherBuf + outl); -+ EVP_CIPHER_CTX_ctrl(m_ctx, EVP_CTRL_GCM_GET_TAG, taglen, cipherBuf + outl); - outl += taglen; - #else - throw XSECCryptoException(XSECCryptoException::SymmetricError, diff --git a/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoSymmetricKey.hpp b/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoSymmetricKey.hpp deleted file mode 100644 index e66c9ac3679..00000000000 --- a/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoSymmetricKey.hpp +++ /dev/null @@ -1,29 +0,0 @@ -$NetBSD: patch-xsec_enc_OpenSSL_OpenSSLCryptoSymmetricKey.hpp,v 1.1 2018/04/30 05:25:24 ryoon Exp $ - ---- xsec/enc/OpenSSL/OpenSSLCryptoSymmetricKey.hpp.orig 2012-07-23 16:56:11.000000000 +0000 -+++ xsec/enc/OpenSSL/OpenSSLCryptoSymmetricKey.hpp -@@ -283,13 +283,13 @@ public : - * \brief Get OpenSSL cipher context structure - */ - -- EVP_CIPHER_CTX * getOpenSSLEVP_CIPHER_CTX(void) {return &m_ctx;} -+ EVP_CIPHER_CTX * getOpenSSLEVP_CIPHER_CTX(void) {return m_ctx;} - - /** - * \brief Get OpenSSL cipher context structure - */ - -- const EVP_CIPHER_CTX * getOpenSSLEVP_CIPHER_CTX(void) const {return &m_ctx;} -+ const EVP_CIPHER_CTX * getOpenSSLEVP_CIPHER_CTX(void) const {return m_ctx;} - - //@} - -@@ -307,7 +307,7 @@ private: - // Private variables - SymmetricKeyType m_keyType; - SymmetricKeyMode m_keyMode; -- EVP_CIPHER_CTX m_ctx; // OpenSSL Cipher Context structure -+ EVP_CIPHER_CTX *m_ctx; // OpenSSL Cipher Context structure - safeBuffer m_keyBuf; // Holder of the key - safeBuffer m_tagBuf; // Holder of authentication tag - unsigned int m_keyLen; diff --git a/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoX509.cpp b/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoX509.cpp deleted file mode 100644 index 4f2facfa9aa..00000000000 --- a/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoX509.cpp +++ /dev/null @@ -1,22 +0,0 @@ -$NetBSD: patch-xsec_enc_OpenSSL_OpenSSLCryptoX509.cpp,v 1.1 2018/04/30 05:25:24 ryoon Exp $ - ---- xsec/enc/OpenSSL/OpenSSLCryptoX509.cpp.orig 2012-07-23 16:56:11.000000000 +0000 -+++ xsec/enc/OpenSSL/OpenSSLCryptoX509.cpp -@@ -191,7 +191,7 @@ XSECCryptoKey::KeyType OpenSSLCryptoX509 - - XSECCryptoKey::KeyType ret; - -- switch (pkey->type) { -+ switch (EVP_PKEY_base_id(pkey)) { - - case EVP_PKEY_DSA : - -@@ -241,7 +241,7 @@ XSECCryptoKey * OpenSSLCryptoX509::clone - "OpenSSL:X509 - cannot retrieve public key from cert"); - } - -- switch (pkey->type) { -+ switch (EVP_PKEY_base_id(pkey)) { - - case EVP_PKEY_DSA : - diff --git a/security/xml-security-c/patches/patch-xsec_tools_checksig_InteropResolver.cpp b/security/xml-security-c/patches/patch-xsec_tools_checksig_InteropResolver.cpp index d82cb202c18..8d27714e144 100644 --- a/security/xml-security-c/patches/patch-xsec_tools_checksig_InteropResolver.cpp +++ b/security/xml-security-c/patches/patch-xsec_tools_checksig_InteropResolver.cpp @@ -1,56 +1,10 @@ -$NetBSD: patch-xsec_tools_checksig_InteropResolver.cpp,v 1.2 2018/04/30 05:25:24 ryoon Exp $ +$NetBSD: patch-xsec_tools_checksig_InteropResolver.cpp,v 1.3 2018/04/30 06:50:58 ryoon Exp $ false is a bad pointer value. ---- xsec/tools/checksig/InteropResolver.cpp.orig 2018-04-10 03:53:05.001719015 +0000 +--- xsec/tools/checksig/InteropResolver.cpp.orig 2017-09-23 12:23:36.663288313 +0000 +++ xsec/tools/checksig/InteropResolver.cpp -@@ -318,7 +318,7 @@ bool InteropResolver::checkMatch(DSIGKey - char * cserial = XMLString::transcode(serial); - char * xserial; - -- BIGNUM * bnserial = ASN1_INTEGER_to_BN(x->cert_info->serialNumber, NULL); -+ BIGNUM * bnserial = ASN1_INTEGER_to_BN(X509_get0_serialNumber(x), NULL); - xserial = BN_bn2dec(bnserial); - BN_free(bnserial); - -@@ -360,8 +360,7 @@ bool InteropResolver::checkMatch(DSIGKey - if (xlen != 0) { - - // Have a buffer with a number in it -- STACK_OF(X509_EXTENSION) *exts; -- exts = x->cert_info->extensions; -+ const STACK_OF(X509_EXTENSION) *exts = X509_get0_extensions(x); - - if (exts != NULL) { - -@@ -379,8 +378,8 @@ bool InteropResolver::checkMatch(DSIGKey - memcpy(&octxski[2], xski, xlen); - - ext = sk_X509_EXTENSION_value(exts,extn); -- ASN1_OCTET_STRING *skid = ext->value; -- ASN1_OCTET_STRING * xskid = M_ASN1_OCTET_STRING_new(); -+ ASN1_OCTET_STRING *skid = X509_EXTENSION_get_data(ext); -+ ASN1_OCTET_STRING * xskid = ASN1_OCTET_STRING_new(); - ASN1_STRING_set(xskid, octxski, xlen+2); - - if (ASN1_OCTET_STRING_cmp(xskid, skid) == 0) { -@@ -602,12 +601,12 @@ XSECCryptoKey * InteropResolver::resolve - // Now check if the cert is in the CRL (code lifted from OpenSSL x509_vfy.c - - int idx; -- X509_REVOKED rtmp; -+ X509_REVOKED *rtmp = X509_REVOKED_new(); - - /* Look for serial number of certificate in CRL */ - -- rtmp.serialNumber = X509_get_serialNumber(x); -- idx = sk_X509_REVOKED_find(c->crl->revoked, &rtmp); -+ X509_REVOKED_set_serialNumber(rtmp, X509_get_serialNumber(x)); -+ idx = sk_X509_REVOKED_find(X509_CRL_get_REVOKED(c), rtmp); - - /* Not found: OK */ - -@@ -645,7 +644,7 @@ XSECCryptoKey * InteropResolver::resolve +@@ -645,7 +645,7 @@ XSECCryptoKey * InteropResolver::resolve } diff --git a/security/xml-security-c/patches/patch-xsec_tools_cipher_XencInteropResolver.cpp b/security/xml-security-c/patches/patch-xsec_tools_cipher_XencInteropResolver.cpp deleted file mode 100644 index 374f0a671b3..00000000000 --- a/security/xml-security-c/patches/patch-xsec_tools_cipher_XencInteropResolver.cpp +++ /dev/null @@ -1,13 +0,0 @@ -$NetBSD: patch-xsec_tools_cipher_XencInteropResolver.cpp,v 1.1 2018/04/30 05:25:24 ryoon Exp $ - ---- xsec/tools/cipher/XencInteropResolver.cpp.orig 2012-07-23 16:56:10.000000000 +0000 -+++ xsec/tools/cipher/XencInteropResolver.cpp -@@ -521,7 +521,7 @@ XSECCryptoKey * XencInteropResolver::res - X509 * x509 = OSSLX509->getOpenSSLX509(); - - // Check the serial number -- BIGNUM * bnserial = ASN1_INTEGER_to_BN(x509->cert_info->serialNumber, NULL); -+ BIGNUM * bnserial = ASN1_INTEGER_to_BN(X509_get0_serialNumber(x509), NULL); - BN_free(bnserial); - - BIO * rsaFile = createFileBIO(mp_baseURI, "rsa.p8"); diff --git a/security/xml-security-c/patches/patch-xsec_tools_cipher_cipher.cpp b/security/xml-security-c/patches/patch-xsec_tools_cipher_cipher.cpp deleted file mode 100644 index a312632cb73..00000000000 --- a/security/xml-security-c/patches/patch-xsec_tools_cipher_cipher.cpp +++ /dev/null @@ -1,13 +0,0 @@ -$NetBSD: patch-xsec_tools_cipher_cipher.cpp,v 1.1 2018/04/30 05:25:24 ryoon Exp $ - ---- xsec/tools/cipher/cipher.cpp.orig 2015-01-30 03:55:09.000000000 +0000 -+++ xsec/tools/cipher/cipher.cpp -@@ -517,7 +517,7 @@ int evaluate(int argc, char ** argv) { - - pkey = X509_get_pubkey(x); - -- if (pkey == NULL || pkey->type != EVP_PKEY_RSA) { -+ if (pkey == NULL || EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA) { - cerr << "Error extracting RSA key from certificate" << endl; - } - diff --git a/security/xml-security-c/patches/patch-xsec_tools_templatesign_templatesign.cpp b/security/xml-security-c/patches/patch-xsec_tools_templatesign_templatesign.cpp deleted file mode 100644 index a8de4ebf26d..00000000000 --- a/security/xml-security-c/patches/patch-xsec_tools_templatesign_templatesign.cpp +++ /dev/null @@ -1,31 +0,0 @@ -$NetBSD: patch-xsec_tools_templatesign_templatesign.cpp,v 1.1 2018/04/30 05:25:24 ryoon Exp $ - ---- xsec/tools/templatesign/templatesign.cpp.orig 2015-01-30 03:55:09.000000000 +0000 -+++ xsec/tools/templatesign/templatesign.cpp -@@ -726,7 +726,7 @@ int main(int argc, char **argv) { - - // Check type is correct - -- if (pkey->type != EVP_PKEY_DSA) { -+ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_DSA) { - cerr << "DSA Key requested, but OpenSSL loaded something else\n"; - exit (1); - } -@@ -739,7 +739,7 @@ int main(int argc, char **argv) { - - // Check type is correct - -- if (pkey->type != EVP_PKEY_EC) { -+ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_EC) { - cerr << "EC Key requested, but OpenSSL loaded something else\n"; - exit (1); - } -@@ -749,7 +749,7 @@ int main(int argc, char **argv) { - } - # endif - else { -- if (pkey->type != EVP_PKEY_RSA) { -+ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA) { - cerr << "RSA Key requested, but OpenSSL loaded something else\n"; - exit (1); - } diff --git a/security/xml-security-c/patches/patch-xsec_tools_xklient_xklient.cpp b/security/xml-security-c/patches/patch-xsec_tools_xklient_xklient.cpp deleted file mode 100644 index 61602d2e60a..00000000000 --- a/security/xml-security-c/patches/patch-xsec_tools_xklient_xklient.cpp +++ /dev/null @@ -1,557 +0,0 @@ -$NetBSD: patch-xsec_tools_xklient_xklient.cpp,v 1.1 2018/04/30 05:25:24 ryoon Exp $ - ---- xsec/tools/xklient/xklient.cpp.orig 2012-07-23 16:56:10.000000000 +0000 -+++ xsec/tools/xklient/xklient.cpp -@@ -284,7 +284,7 @@ XSECCryptoX509 * loadX509(const char * i - - #if defined (XSEC_HAVE_OPENSSL) - --XMLCh * BN2b64(BIGNUM * bn) { -+XMLCh * BN2b64(const BIGNUM * bn) { - - int bytes = BN_num_bytes(bn); - unsigned char * binbuf = new unsigned char[bytes + 1]; -@@ -606,7 +606,7 @@ XKMSMessageAbstractType * createLocateRe - - // Check type is correct - -- if (pkey->type != EVP_PKEY_DSA) { -+ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_DSA) { - cerr << "DSA Key requested, but OpenSSL loaded something else\n"; - return NULL; - } -@@ -615,10 +615,14 @@ XKMSMessageAbstractType * createLocateRe - // Create the XSEC OpenSSL interface - key = new OpenSSLCryptoKeyDSA(pkey); - -- XMLCh * P = BN2b64(pkey->pkey.dsa->p); -- XMLCh * Q = BN2b64(pkey->pkey.dsa->q); -- XMLCh * G = BN2b64(pkey->pkey.dsa->g); -- XMLCh * Y = BN2b64(pkey->pkey.dsa->pub_key); -+ DSA *dsa = EVP_PKEY_get0_DSA(pkey); -+ const BIGNUM *p, *q, *g, *pub_key; -+ DSA_get0_pqg(dsa, &p, &q, &g); -+ DSA_get0_key(dsa, &pub_key, 0); -+ XMLCh * P = BN2b64(p); -+ XMLCh * Q = BN2b64(q); -+ XMLCh * G = BN2b64(g); -+ XMLCh * Y = BN2b64(pub_key); - - sig->appendDSAKeyValue(P,Q,G,Y); - -@@ -628,15 +632,18 @@ XKMSMessageAbstractType * createLocateRe - XSEC_RELEASE_XMLCH(Y); - } - else { -- if (pkey->type != EVP_PKEY_RSA) { -+ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA) { - cerr << "RSA Key requested, but OpenSSL loaded something else\n"; - exit (1); - } - sig = lr->addSignature(CANON_C14N_NOC, SIGNATURE_RSA, HASH_SHA1); - key = new OpenSSLCryptoKeyRSA(pkey); - -- XMLCh * mod = BN2b64(pkey->pkey.rsa->n); -- XMLCh * exp = BN2b64(pkey->pkey.rsa->e); -+ RSA *rsa = EVP_PKEY_get0_RSA(pkey); -+ const BIGNUM *n, *e; -+ RSA_get0_key(rsa, &n, &e, 0); -+ XMLCh * mod = BN2b64(n); -+ XMLCh * exp = BN2b64(e); - sig->appendRSAKeyValue(mod, exp); - XSEC_RELEASE_XMLCH(mod); - XSEC_RELEASE_XMLCH(exp); -@@ -878,7 +885,7 @@ XKMSMessageAbstractType * createValidate - - // Check type is correct - -- if (pkey->type != EVP_PKEY_DSA) { -+ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_DSA) { - cerr << "DSA Key requested, but OpenSSL loaded something else\n"; - return NULL; - } -@@ -887,10 +894,14 @@ XKMSMessageAbstractType * createValidate - // Create the XSEC OpenSSL interface - key = new OpenSSLCryptoKeyDSA(pkey); - -- XMLCh * P = BN2b64(pkey->pkey.dsa->p); -- XMLCh * Q = BN2b64(pkey->pkey.dsa->q); -- XMLCh * G = BN2b64(pkey->pkey.dsa->g); -- XMLCh * Y = BN2b64(pkey->pkey.dsa->pub_key); -+ DSA *dsa = EVP_PKEY_get0_DSA(pkey); -+ const BIGNUM *p, *q, *g, *pub_key; -+ DSA_get0_pqg(dsa, &p, &q, &g); -+ DSA_get0_key(dsa, &pub_key, 0); -+ XMLCh * P = BN2b64(p); -+ XMLCh * Q = BN2b64(q); -+ XMLCh * G = BN2b64(g); -+ XMLCh * Y = BN2b64(pub_key); - - sig->appendDSAKeyValue(P,Q,G,Y); - -@@ -900,15 +911,18 @@ XKMSMessageAbstractType * createValidate - XSEC_RELEASE_XMLCH(Y); - } - else { -- if (pkey->type != EVP_PKEY_RSA) { -+ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA) { - cerr << "RSA Key requested, but OpenSSL loaded something else\n"; - exit (1); - } - sig = vr->addSignature(CANON_C14N_NOC, SIGNATURE_RSA, HASH_SHA1); - key = new OpenSSLCryptoKeyRSA(pkey); - -- XMLCh * mod = BN2b64(pkey->pkey.rsa->n); -- XMLCh * exp = BN2b64(pkey->pkey.rsa->e); -+ RSA *rsa = EVP_PKEY_get0_RSA(pkey); -+ const BIGNUM *n, *e; -+ RSA_get0_key(rsa, &n, &e, 0); -+ XMLCh * mod = BN2b64(n); -+ XMLCh * exp = BN2b64(e); - sig->appendRSAKeyValue(mod, exp); - XSEC_RELEASE_XMLCH(mod); - XSEC_RELEASE_XMLCH(exp); -@@ -1229,7 +1243,7 @@ XKMSMessageAbstractType * createRegister - - // Check type is correct - -- if (pkey->type != EVP_PKEY_DSA) { -+ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_DSA) { - cerr << "DSA Key requested, but OpenSSL loaded something else\n"; - return NULL; - } -@@ -1238,10 +1252,14 @@ XKMSMessageAbstractType * createRegister - // Create the XSEC OpenSSL interface - key = new OpenSSLCryptoKeyDSA(pkey); - -- XMLCh * P = BN2b64(pkey->pkey.dsa->p); -- XMLCh * Q = BN2b64(pkey->pkey.dsa->q); -- XMLCh * G = BN2b64(pkey->pkey.dsa->g); -- XMLCh * Y = BN2b64(pkey->pkey.dsa->pub_key); -+ DSA *dsa = EVP_PKEY_get0_DSA(pkey); -+ const BIGNUM *p, *q, *g, *pub_key; -+ DSA_get0_pqg(dsa, &p, &q, &g); -+ DSA_get0_key(dsa, &pub_key, 0); -+ XMLCh * P = BN2b64(p); -+ XMLCh * Q = BN2b64(q); -+ XMLCh * G = BN2b64(g); -+ XMLCh * Y = BN2b64(pub_key); - - sig->appendDSAKeyValue(P,Q,G,Y); - -@@ -1251,15 +1269,18 @@ XKMSMessageAbstractType * createRegister - XSEC_RELEASE_XMLCH(Y); - } - else { -- if (pkey->type != EVP_PKEY_RSA) { -+ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA) { - cerr << "RSA Key requested, but OpenSSL loaded something else\n"; - exit (1); - } - sig = rr->addSignature(CANON_C14N_NOC, SIGNATURE_RSA, HASH_SHA1); - key = new OpenSSLCryptoKeyRSA(pkey); - -- XMLCh * mod = BN2b64(pkey->pkey.rsa->n); -- XMLCh * exp = BN2b64(pkey->pkey.rsa->e); -+ RSA *rsa = EVP_PKEY_get0_RSA(pkey); -+ const BIGNUM *n, *e; -+ RSA_get0_key(rsa, &n, &e, 0); -+ XMLCh * mod = BN2b64(n); -+ XMLCh * exp = BN2b64(e); - sig->appendRSAKeyValue(mod, exp); - XSEC_RELEASE_XMLCH(mod); - XSEC_RELEASE_XMLCH(exp); -@@ -1326,7 +1347,7 @@ XKMSMessageAbstractType * createRegister - - // Check type is correct - -- if (pkey->type != EVP_PKEY_DSA) { -+ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_DSA) { - cerr << "DSA Key requested, but OpenSSL loaded something else\n"; - return NULL; - } -@@ -1334,10 +1355,14 @@ XKMSMessageAbstractType * createRegister - proofOfPossessionKey = new OpenSSLCryptoKeyDSA(pkey); - proofOfPossessionSm = SIGNATURE_DSA; - -- XMLCh * P = BN2b64(pkey->pkey.dsa->p); -- XMLCh * Q = BN2b64(pkey->pkey.dsa->q); -- XMLCh * G = BN2b64(pkey->pkey.dsa->g); -- XMLCh * Y = BN2b64(pkey->pkey.dsa->pub_key); -+ DSA *dsa = EVP_PKEY_get0_DSA(pkey); -+ const BIGNUM *p, *q, *g, *pub_key; -+ DSA_get0_pqg(dsa, &p, &q, &g); -+ DSA_get0_key(dsa, &pub_key, 0); -+ XMLCh * P = BN2b64(p); -+ XMLCh * Q = BN2b64(q); -+ XMLCh * G = BN2b64(g); -+ XMLCh * Y = BN2b64(pub_key); - - pkb->appendDSAKeyValue(P,Q,G,Y); - -@@ -1347,7 +1372,7 @@ XKMSMessageAbstractType * createRegister - XSEC_RELEASE_XMLCH(Y); - } - else { -- if (pkey->type != EVP_PKEY_RSA) { -+ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA) { - cerr << "RSA Key requested, but OpenSSL loaded something else\n"; - exit (1); - } -@@ -1355,8 +1380,11 @@ XKMSMessageAbstractType * createRegister - proofOfPossessionKey = new OpenSSLCryptoKeyRSA(pkey); - proofOfPossessionSm = SIGNATURE_RSA; - -- XMLCh * mod = BN2b64(pkey->pkey.rsa->n); -- XMLCh * exp = BN2b64(pkey->pkey.rsa->e); -+ RSA *rsa = EVP_PKEY_get0_RSA(pkey); -+ const BIGNUM *n, *e; -+ RSA_get0_key(rsa, &n, &e, 0); -+ XMLCh * mod = BN2b64(n); -+ XMLCh * exp = BN2b64(e); - pkb->appendRSAKeyValue(mod, exp); - XSEC_RELEASE_XMLCH(mod); - XSEC_RELEASE_XMLCH(exp); -@@ -1622,7 +1650,7 @@ XKMSMessageAbstractType * createRevokeRe - - // Check type is correct - -- if (pkey->type != EVP_PKEY_DSA) { -+ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_DSA) { - cerr << "DSA Key requested, but OpenSSL loaded something else\n"; - return NULL; - } -@@ -1631,10 +1659,14 @@ XKMSMessageAbstractType * createRevokeRe - // Create the XSEC OpenSSL interface - key = new OpenSSLCryptoKeyDSA(pkey); - -- XMLCh * P = BN2b64(pkey->pkey.dsa->p); -- XMLCh * Q = BN2b64(pkey->pkey.dsa->q); -- XMLCh * G = BN2b64(pkey->pkey.dsa->g); -- XMLCh * Y = BN2b64(pkey->pkey.dsa->pub_key); -+ DSA *dsa = EVP_PKEY_get0_DSA(pkey); -+ const BIGNUM *p, *q, *g, *pub_key; -+ DSA_get0_pqg(dsa, &p, &q, &g); -+ DSA_get0_key(dsa, &pub_key, 0); -+ XMLCh * P = BN2b64(p); -+ XMLCh * Q = BN2b64(q); -+ XMLCh * G = BN2b64(g); -+ XMLCh * Y = BN2b64(pub_key); - - sig->appendDSAKeyValue(P,Q,G,Y); - -@@ -1644,15 +1676,18 @@ XKMSMessageAbstractType * createRevokeRe - XSEC_RELEASE_XMLCH(Y); - } - else { -- if (pkey->type != EVP_PKEY_RSA) { -+ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA) { - cerr << "RSA Key requested, but OpenSSL loaded something else\n"; - exit (1); - } - sig = rr->addSignature(CANON_C14N_NOC, SIGNATURE_RSA, HASH_SHA1); - key = new OpenSSLCryptoKeyRSA(pkey); - -- XMLCh * mod = BN2b64(pkey->pkey.rsa->n); -- XMLCh * exp = BN2b64(pkey->pkey.rsa->e); -+ RSA *rsa = EVP_PKEY_get0_RSA(pkey); -+ const BIGNUM *n, *e; -+ RSA_get0_key(rsa, &n, &e, 0); -+ XMLCh * mod = BN2b64(n); -+ XMLCh * exp = BN2b64(e); - sig->appendRSAKeyValue(mod, exp); - XSEC_RELEASE_XMLCH(mod); - XSEC_RELEASE_XMLCH(exp); -@@ -1719,15 +1754,19 @@ XKMSMessageAbstractType * createRevokeRe - - // Check type is correct - -- if (pkey->type != EVP_PKEY_DSA) { -+ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_DSA) { - cerr << "DSA Key requested, but OpenSSL loaded something else\n"; - return NULL; - } - -- XMLCh * P = BN2b64(pkey->pkey.dsa->p); -- XMLCh * Q = BN2b64(pkey->pkey.dsa->q); -- XMLCh * G = BN2b64(pkey->pkey.dsa->g); -- XMLCh * Y = BN2b64(pkey->pkey.dsa->pub_key); -+ DSA *dsa = EVP_PKEY_get0_DSA(pkey); -+ const BIGNUM *p, *q, *g, *pub_key; -+ DSA_get0_pqg(dsa, &p, &q, &g); -+ DSA_get0_key(dsa, &pub_key, 0); -+ XMLCh * P = BN2b64(p); -+ XMLCh * Q = BN2b64(q); -+ XMLCh * G = BN2b64(g); -+ XMLCh * Y = BN2b64(pub_key); - - rkb->appendDSAKeyValue(P,Q,G,Y); - -@@ -1737,13 +1776,16 @@ XKMSMessageAbstractType * createRevokeRe - XSEC_RELEASE_XMLCH(Y); - } - else { -- if (pkey->type != EVP_PKEY_RSA) { -+ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA) { - cerr << "RSA Key requested, but OpenSSL loaded something else\n"; - exit (1); - } - -- XMLCh * mod = BN2b64(pkey->pkey.rsa->n); -- XMLCh * exp = BN2b64(pkey->pkey.rsa->e); -+ RSA *rsa = EVP_PKEY_get0_RSA(pkey); -+ const BIGNUM *n, *e; -+ RSA_get0_key(rsa, &n, &e, 0); -+ XMLCh * mod = BN2b64(n); -+ XMLCh * exp = BN2b64(e); - rkb->appendRSAKeyValue(mod, exp); - XSEC_RELEASE_XMLCH(mod); - XSEC_RELEASE_XMLCH(exp); -@@ -1977,7 +2019,7 @@ XKMSMessageAbstractType * createReissueR - - // Check type is correct - -- if (pkey->type != EVP_PKEY_DSA) { -+ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_DSA) { - cerr << "DSA Key requested, but OpenSSL loaded something else\n"; - return NULL; - } -@@ -1986,10 +2028,14 @@ XKMSMessageAbstractType * createReissueR - // Create the XSEC OpenSSL interface - key = new OpenSSLCryptoKeyDSA(pkey); - -- XMLCh * P = BN2b64(pkey->pkey.dsa->p); -- XMLCh * Q = BN2b64(pkey->pkey.dsa->q); -- XMLCh * G = BN2b64(pkey->pkey.dsa->g); -- XMLCh * Y = BN2b64(pkey->pkey.dsa->pub_key); -+ DSA *dsa = EVP_PKEY_get0_DSA(pkey); -+ const BIGNUM *p, *q, *g, *pub_key; -+ DSA_get0_pqg(dsa, &p, &q, &g); -+ DSA_get0_key(dsa, &pub_key, 0); -+ XMLCh * P = BN2b64(p); -+ XMLCh * Q = BN2b64(q); -+ XMLCh * G = BN2b64(g); -+ XMLCh * Y = BN2b64(pub_key); - - sig->appendDSAKeyValue(P,Q,G,Y); - -@@ -1999,15 +2045,18 @@ XKMSMessageAbstractType * createReissueR - XSEC_RELEASE_XMLCH(Y); - } - else { -- if (pkey->type != EVP_PKEY_RSA) { -+ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA) { - cerr << "RSA Key requested, but OpenSSL loaded something else\n"; - exit (1); - } - sig = rr->addSignature(CANON_C14N_NOC, SIGNATURE_RSA, HASH_SHA1); - key = new OpenSSLCryptoKeyRSA(pkey); - -- XMLCh * mod = BN2b64(pkey->pkey.rsa->n); -- XMLCh * exp = BN2b64(pkey->pkey.rsa->e); -+ RSA *rsa = EVP_PKEY_get0_RSA(pkey); -+ const BIGNUM *n, *e; -+ RSA_get0_key(rsa, &n, &e, 0); -+ XMLCh * mod = BN2b64(n); -+ XMLCh * exp = BN2b64(e); - sig->appendRSAKeyValue(mod, exp); - XSEC_RELEASE_XMLCH(mod); - XSEC_RELEASE_XMLCH(exp); -@@ -2074,7 +2123,7 @@ XKMSMessageAbstractType * createReissueR - - // Check type is correct - -- if (pkey->type != EVP_PKEY_DSA) { -+ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_DSA) { - cerr << "DSA Key requested, but OpenSSL loaded something else\n"; - return NULL; - } -@@ -2082,10 +2131,14 @@ XKMSMessageAbstractType * createReissueR - proofOfPossessionKey = new OpenSSLCryptoKeyDSA(pkey); - proofOfPossessionSm = SIGNATURE_DSA; - -- XMLCh * P = BN2b64(pkey->pkey.dsa->p); -- XMLCh * Q = BN2b64(pkey->pkey.dsa->q); -- XMLCh * G = BN2b64(pkey->pkey.dsa->g); -- XMLCh * Y = BN2b64(pkey->pkey.dsa->pub_key); -+ DSA *dsa = EVP_PKEY_get0_DSA(pkey); -+ const BIGNUM *p, *q, *g, *pub_key; -+ DSA_get0_pqg(dsa, &p, &q, &g); -+ DSA_get0_key(dsa, &pub_key, 0); -+ XMLCh * P = BN2b64(p); -+ XMLCh * Q = BN2b64(q); -+ XMLCh * G = BN2b64(g); -+ XMLCh * Y = BN2b64(pub_key); - - pkb->appendDSAKeyValue(P,Q,G,Y); - -@@ -2095,7 +2148,7 @@ XKMSMessageAbstractType * createReissueR - XSEC_RELEASE_XMLCH(Y); - } - else { -- if (pkey->type != EVP_PKEY_RSA) { -+ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA) { - cerr << "RSA Key requested, but OpenSSL loaded something else\n"; - exit (1); - } -@@ -2103,8 +2156,11 @@ XKMSMessageAbstractType * createReissueR - proofOfPossessionKey = new OpenSSLCryptoKeyRSA(pkey); - proofOfPossessionSm = SIGNATURE_RSA; - -- XMLCh * mod = BN2b64(pkey->pkey.rsa->n); -- XMLCh * exp = BN2b64(pkey->pkey.rsa->e); -+ RSA *rsa = EVP_PKEY_get0_RSA(pkey); -+ const BIGNUM *n, *e; -+ RSA_get0_key(rsa, &n, &e, 0); -+ XMLCh * mod = BN2b64(n); -+ XMLCh * exp = BN2b64(e); - pkb->appendRSAKeyValue(mod, exp); - XSEC_RELEASE_XMLCH(mod); - XSEC_RELEASE_XMLCH(exp); -@@ -2371,7 +2427,7 @@ XKMSMessageAbstractType * createRecoverR - - // Check type is correct - -- if (pkey->type != EVP_PKEY_DSA) { -+ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_DSA) { - cerr << "DSA Key requested, but OpenSSL loaded something else\n"; - return NULL; - } -@@ -2380,10 +2436,14 @@ XKMSMessageAbstractType * createRecoverR - // Create the XSEC OpenSSL interface - key = new OpenSSLCryptoKeyDSA(pkey); - -- XMLCh * P = BN2b64(pkey->pkey.dsa->p); -- XMLCh * Q = BN2b64(pkey->pkey.dsa->q); -- XMLCh * G = BN2b64(pkey->pkey.dsa->g); -- XMLCh * Y = BN2b64(pkey->pkey.dsa->pub_key); -+ DSA *dsa = EVP_PKEY_get0_DSA(pkey); -+ const BIGNUM *p, *q, *g, *pub_key; -+ DSA_get0_pqg(dsa, &p, &q, &g); -+ DSA_get0_key(dsa, &pub_key, 0); -+ XMLCh * P = BN2b64(p); -+ XMLCh * Q = BN2b64(q); -+ XMLCh * G = BN2b64(g); -+ XMLCh * Y = BN2b64(pub_key); - - sig->appendDSAKeyValue(P,Q,G,Y); - -@@ -2393,15 +2453,18 @@ XKMSMessageAbstractType * createRecoverR - XSEC_RELEASE_XMLCH(Y); - } - else { -- if (pkey->type != EVP_PKEY_RSA) { -+ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA) { - cerr << "RSA Key requested, but OpenSSL loaded something else\n"; - exit (1); - } - sig = rr->addSignature(CANON_C14N_NOC, SIGNATURE_RSA, HASH_SHA1); - key = new OpenSSLCryptoKeyRSA(pkey); - -- XMLCh * mod = BN2b64(pkey->pkey.rsa->n); -- XMLCh * exp = BN2b64(pkey->pkey.rsa->e); -+ RSA *rsa = EVP_PKEY_get0_RSA(pkey); -+ const BIGNUM *n, *e; -+ RSA_get0_key(rsa, &n, &e, 0); -+ XMLCh * mod = BN2b64(n); -+ XMLCh * exp = BN2b64(e); - sig->appendRSAKeyValue(mod, exp); - XSEC_RELEASE_XMLCH(mod); - XSEC_RELEASE_XMLCH(exp); -@@ -2468,15 +2531,19 @@ XKMSMessageAbstractType * createRecoverR - - // Check type is correct - -- if (pkey->type != EVP_PKEY_DSA) { -+ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_DSA) { - cerr << "DSA Key requested, but OpenSSL loaded something else\n"; - return NULL; - } - -- XMLCh * P = BN2b64(pkey->pkey.dsa->p); -- XMLCh * Q = BN2b64(pkey->pkey.dsa->q); -- XMLCh * G = BN2b64(pkey->pkey.dsa->g); -- XMLCh * Y = BN2b64(pkey->pkey.dsa->pub_key); -+ DSA *dsa = EVP_PKEY_get0_DSA(pkey); -+ const BIGNUM *p, *q, *g, *pub_key; -+ DSA_get0_pqg(dsa, &p, &q, &g); -+ DSA_get0_key(dsa, &pub_key, 0); -+ XMLCh * P = BN2b64(p); -+ XMLCh * Q = BN2b64(q); -+ XMLCh * G = BN2b64(g); -+ XMLCh * Y = BN2b64(pub_key); - - rkb->appendDSAKeyValue(P,Q,G,Y); - -@@ -2486,13 +2553,16 @@ XKMSMessageAbstractType * createRecoverR - XSEC_RELEASE_XMLCH(Y); - } - else { -- if (pkey->type != EVP_PKEY_RSA) { -+ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA) { - cerr << "RSA Key requested, but OpenSSL loaded something else\n"; - exit (1); - } - -- XMLCh * mod = BN2b64(pkey->pkey.rsa->n); -- XMLCh * exp = BN2b64(pkey->pkey.rsa->e); -+ RSA *rsa = EVP_PKEY_get0_RSA(pkey); -+ const BIGNUM *n, *e; -+ RSA_get0_key(rsa, &n, &e, 0); -+ XMLCh * mod = BN2b64(n); -+ XMLCh * exp = BN2b64(e); - rkb->appendRSAKeyValue(mod, exp); - XSEC_RELEASE_XMLCH(mod); - XSEC_RELEASE_XMLCH(exp); -@@ -3251,14 +3321,17 @@ int doRegisterResultDump(XKMSRegisterRes - - // Create the RSA key file - RSA * rsa = RSA_new(); -- rsa->n = OpenSSLCryptoBase64::b642BN(sModulus, (unsigned int) strlen(sModulus)); -- rsa->e = OpenSSLCryptoBase64::b642BN(sExponent, (unsigned int) strlen(sExponent)); -- rsa->d = OpenSSLCryptoBase64::b642BN(sD, (unsigned int) strlen(sD)); -- rsa->p = OpenSSLCryptoBase64::b642BN(sP, (unsigned int) strlen(sP)); -- rsa->q = OpenSSLCryptoBase64::b642BN(sQ, (unsigned int) strlen(sQ)); -- rsa->dmp1 = OpenSSLCryptoBase64::b642BN(sDP, (unsigned int) strlen(sDP)); -- rsa->dmq1 = OpenSSLCryptoBase64::b642BN(sDQ, (unsigned int) strlen(sDQ)); -- rsa->iqmp = OpenSSLCryptoBase64::b642BN(sInverseQ, (unsigned int) strlen(sInverseQ)); -+ RSA_set0_key(rsa, -+ OpenSSLCryptoBase64::b642BN(sModulus, (unsigned int) strlen(sModulus)), -+ OpenSSLCryptoBase64::b642BN(sExponent, (unsigned int) strlen(sExponent)), -+ OpenSSLCryptoBase64::b642BN(sD, (unsigned int) strlen(sD))); -+ RSA_set0_factors(rsa, -+ OpenSSLCryptoBase64::b642BN(sP, (unsigned int) strlen(sP)), -+ OpenSSLCryptoBase64::b642BN(sQ, (unsigned int) strlen(sQ))); -+ RSA_set0_crt_params(rsa, -+ OpenSSLCryptoBase64::b642BN(sDP, (unsigned int) strlen(sDP)), -+ OpenSSLCryptoBase64::b642BN(sDQ, (unsigned int) strlen(sDQ)), -+ OpenSSLCryptoBase64::b642BN(sInverseQ, (unsigned int) strlen(sInverseQ))); - - // Write it to disk - BIO *out; -@@ -3367,14 +3440,17 @@ int doRecoverResultDump(XKMSRecoverResul - - // Create the RSA key file - RSA * rsa = RSA_new(); -- rsa->n = OpenSSLCryptoBase64::b642BN(sModulus, (unsigned int) strlen(sModulus)); -- rsa->e = OpenSSLCryptoBase64::b642BN(sExponent, (unsigned int) strlen(sExponent)); -- rsa->d = OpenSSLCryptoBase64::b642BN(sD, (unsigned int) strlen(sD)); -- rsa->p = OpenSSLCryptoBase64::b642BN(sP, (unsigned int) strlen(sP)); -- rsa->q = OpenSSLCryptoBase64::b642BN(sQ, (unsigned int) strlen(sQ)); -- rsa->dmp1 = OpenSSLCryptoBase64::b642BN(sDP, (unsigned int) strlen(sDP)); -- rsa->dmq1 = OpenSSLCryptoBase64::b642BN(sDQ, (unsigned int) strlen(sDQ)); -- rsa->iqmp = OpenSSLCryptoBase64::b642BN(sInverseQ, (unsigned int) strlen(sInverseQ)); -+ RSA_set0_key(rsa, -+ OpenSSLCryptoBase64::b642BN(sModulus, (unsigned int) strlen(sModulus)), -+ OpenSSLCryptoBase64::b642BN(sExponent, (unsigned int) strlen(sExponent)), -+ OpenSSLCryptoBase64::b642BN(sD, (unsigned int) strlen(sD))); -+ RSA_set0_factors(rsa, -+ OpenSSLCryptoBase64::b642BN(sP, (unsigned int) strlen(sP)), -+ OpenSSLCryptoBase64::b642BN(sQ, (unsigned int) strlen(sQ))); -+ RSA_set0_crt_params(rsa, -+ OpenSSLCryptoBase64::b642BN(sDP, (unsigned int) strlen(sDP)), -+ OpenSSLCryptoBase64::b642BN(sDQ, (unsigned int) strlen(sDQ)), -+ OpenSSLCryptoBase64::b642BN(sInverseQ, (unsigned int) strlen(sInverseQ))); - - // Write it to disk - BIO *out; |