diff options
author | ryoon <ryoon@pkgsrc.org> | 2018-04-30 05:25:24 +0000 |
---|---|---|
committer | ryoon <ryoon@pkgsrc.org> | 2018-04-30 05:25:24 +0000 |
commit | e8e09a1bc807dbfd72a7e2ddafd70f984ee7584c (patch) | |
tree | d057a4d3a1a88d8460e0d38563034016fd798741 /security | |
parent | 80851b50e53be915d0fc47bff463234521bf97a9 (diff) | |
download | pkgsrc-e8e09a1bc807dbfd72a7e2ddafd70f984ee7584c.tar.gz |
Fix build with OpenSSL 1.1
* From Fedora's xml-security-c-1.7.3_openssl1.1.patch
* Use OpenSSL 1.1 with BUILDLINK_API_DEPENDS
Diffstat (limited to 'security')
20 files changed, 1738 insertions, 7 deletions
diff --git a/security/xml-security-c/Makefile b/security/xml-security-c/Makefile index ae3bbbba55f..9b6fbb1232b 100644 --- a/security/xml-security-c/Makefile +++ b/security/xml-security-c/Makefile @@ -1,4 +1,4 @@ -# $NetBSD: Makefile,v 1.17 2017/09/17 09:33:59 abs Exp $ +# $NetBSD: Makefile,v 1.18 2018/04/30 05:25:24 ryoon Exp $ DISTNAME= xml-security-c-1.7.3 CATEGORIES= security devel @@ -15,7 +15,7 @@ USE_TOOLS+= gmake pkg-config GNU_CONFIGURE= yes CONFIGURE_ENV+= XERCESCROOT="${BUILDLINK_PREFIX.xerces-c}" -BUILDLINK_API_DEPENDS.openssl+= openssl>=0.9.7 +BUILDLINK_API_DEPENDS.openssl+= openssl>=1.1 .include "../../security/openssl/buildlink3.mk" .include "../../textproc/xerces-c/buildlink3.mk" .include "../../mk/bsd.pkg.mk" diff --git a/security/xml-security-c/distinfo b/security/xml-security-c/distinfo index de2a12ba247..1b1c128eb3e 100644 --- a/security/xml-security-c/distinfo +++ b/security/xml-security-c/distinfo @@ -1,8 +1,25 @@ -$NetBSD: distinfo,v 1.8 2017/09/23 15:30:01 joerg Exp $ +$NetBSD: distinfo,v 1.9 2018/04/30 05:25:24 ryoon Exp $ SHA1 (xml-security-c-1.7.3.tar.gz) = bcbe98e0bd3695a0b961a223cce53e2f35c4681b RMD160 (xml-security-c-1.7.3.tar.gz) = f0c9c3668a3ff2e13647909b926e20fdba828ad2 SHA512 (xml-security-c-1.7.3.tar.gz) = ea46709d6706edf345e19132d9998774e50dc7b5947a7b4a55e3627998f5ac66f976fdff0a5015ef3cee73c03c04f3c4cf993efd397082491c2000c6548b89d2 Size (xml-security-c-1.7.3.tar.gz) = 909320 bytes SHA1 (patch-xsec_Makefile.in) = f610c63b888f8f744a5de5b47975eb7dc4aee55b -SHA1 (patch-xsec_tools_checksig_InteropResolver.cpp) = bdc668a7f0212113d0efbaf189e7021a44108e26 +SHA1 (patch-xsec_enc_OpenSSL_OpenSSLCryptoBase64.cpp) = b66c6be973b29e02657c2eaffe331f311a8c7214 +SHA1 (patch-xsec_enc_OpenSSL_OpenSSLCryptoBase64.hpp) = ceb72c460f7ee9341047b1517306bf02cb8c3756 +SHA1 (patch-xsec_enc_OpenSSL_OpenSSLCryptoHash.cpp) = b8614ee4f947b88988b3e9b40fc35a080145ac2f +SHA1 (patch-xsec_enc_OpenSSL_OpenSSLCryptoHash.hpp) = 19628ec1aefa7e62ffec19e99968a97295717d1b +SHA1 (patch-xsec_enc_OpenSSL_OpenSSLCryptoHashHMAC.cpp) = fc1aa0983bc7eb72b75f8d1f35637a2d3376ec54 +SHA1 (patch-xsec_enc_OpenSSL_OpenSSLCryptoHashHMAC.hpp) = 1ae06a624875c97598b1d88f6260d8e49b311566 +SHA1 (patch-xsec_enc_OpenSSL_OpenSSLCryptoKeyDSA.cpp) = 7a483f89b19cdcf3993c7940d3bc50afba2aa186 +SHA1 (patch-xsec_enc_OpenSSL_OpenSSLCryptoKeyEC.cpp) = 6e8415da5b6a9cb9f093f66cfd490a96625a7fbb +SHA1 (patch-xsec_enc_OpenSSL_OpenSSLCryptoKeyRSA.cpp) = 57f7df09f24e0245802cf039471325c640ce849b +SHA1 (patch-xsec_enc_OpenSSL_OpenSSLCryptoProvider.cpp) = a5eb8e4b636b0bfba71f4c580509d09f43adb5bc +SHA1 (patch-xsec_enc_OpenSSL_OpenSSLCryptoSymmetricKey.cpp) = dda82e60360708f286af697ac34671cb9e363c83 +SHA1 (patch-xsec_enc_OpenSSL_OpenSSLCryptoSymmetricKey.hpp) = 6d7757997addc269c3c93ef3ddecd97449af6fc4 +SHA1 (patch-xsec_enc_OpenSSL_OpenSSLCryptoX509.cpp) = 1ed63c79f7339ed4a50479766311fc0833a2b63a +SHA1 (patch-xsec_tools_checksig_InteropResolver.cpp) = f71158bbe946eedc69558789ea39513762a6d8d1 +SHA1 (patch-xsec_tools_cipher_XencInteropResolver.cpp) = b36653313698c6bdf849f948dee2d2d0dafc6d2c +SHA1 (patch-xsec_tools_cipher_cipher.cpp) = 86c91a43e799f757efd445690de6a5b07c56eefd +SHA1 (patch-xsec_tools_templatesign_templatesign.cpp) = 9068b2641eeb01dba14895b5514628d10f5f2c5f +SHA1 (patch-xsec_tools_xklient_xklient.cpp) = ca4deeded395f0094ce91873c0c904385833a103 diff --git a/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoBase64.cpp b/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoBase64.cpp new file mode 100644 index 00000000000..ac13d793c67 --- /dev/null +++ b/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoBase64.cpp @@ -0,0 +1,74 @@ +$NetBSD: patch-xsec_enc_OpenSSL_OpenSSLCryptoBase64.cpp,v 1.1 2018/04/30 05:25:24 ryoon Exp $ + +--- xsec/enc/OpenSSL/OpenSSLCryptoBase64.cpp.orig 2012-07-23 16:56:11.000000000 +0000 ++++ xsec/enc/OpenSSL/OpenSSLCryptoBase64.cpp +@@ -44,6 +44,15 @@ + + XERCES_CPP_NAMESPACE_USE + ++OpenSSLCryptoBase64::OpenSSLCryptoBase64() { ++ m_ectx = EVP_ENCODE_CTX_new(); ++ m_dctx = EVP_ENCODE_CTX_new(); ++} ++ ++OpenSSLCryptoBase64::~OpenSSLCryptoBase64() { ++ EVP_ENCODE_CTX_free(m_ectx); ++ EVP_ENCODE_CTX_free(m_dctx); ++} + + // -------------------------------------------------------------------------------- + // Decoding +@@ -51,7 +60,7 @@ XERCES_CPP_NAMESPACE_USE + + void OpenSSLCryptoBase64::decodeInit(void) { + +- EVP_DecodeInit(&m_dctx); ++ EVP_DecodeInit(m_dctx); + + } + +@@ -70,7 +79,7 @@ unsigned int OpenSSLCryptoBase64::decode + + } + +- rc = EVP_DecodeUpdate(&m_dctx, ++ rc = EVP_DecodeUpdate(m_dctx, + outData, + &outLen, + (unsigned char *) inData, +@@ -99,7 +108,7 @@ unsigned int OpenSSLCryptoBase64::decode + int outLen; + outLen = outLength; + +- EVP_DecodeFinal(&m_dctx, outData, &outLen); ++ EVP_DecodeFinal(m_dctx, outData, &outLen); + + return outLen; + +@@ -111,7 +120,7 @@ unsigned int OpenSSLCryptoBase64::decode + + void OpenSSLCryptoBase64::encodeInit(void) { + +- EVP_EncodeInit(&m_ectx); ++ EVP_EncodeInit(m_ectx); + + } + +@@ -130,7 +139,7 @@ unsigned int OpenSSLCryptoBase64::encode + + } + +- EVP_EncodeUpdate(&m_ectx, ++ EVP_EncodeUpdate(m_ectx, + outData, + &outLen, + (unsigned char *) inData, +@@ -153,7 +162,7 @@ unsigned int OpenSSLCryptoBase64::encode + int outLen; + outLen = outLength; + +- EVP_EncodeFinal(&m_ectx, outData, &outLen); ++ EVP_EncodeFinal(m_ectx, outData, &outLen); + + return outLen; + diff --git a/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoBase64.hpp b/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoBase64.hpp new file mode 100644 index 00000000000..fe7f58a9480 --- /dev/null +++ b/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoBase64.hpp @@ -0,0 +1,40 @@ +$NetBSD: patch-xsec_enc_OpenSSL_OpenSSLCryptoBase64.hpp,v 1.1 2018/04/30 05:25:24 ryoon Exp $ + +--- xsec/enc/OpenSSL/OpenSSLCryptoBase64.hpp.orig 2012-07-23 16:56:11.000000000 +0000 ++++ xsec/enc/OpenSSL/OpenSSLCryptoBase64.hpp +@@ -66,8 +66,8 @@ class DSIG_EXPORT OpenSSLCryptoBase64 : + public : + + +- OpenSSLCryptoBase64() {}; +- virtual ~OpenSSLCryptoBase64() {}; ++ OpenSSLCryptoBase64(); ++ virtual ~OpenSSLCryptoBase64(); + + /** @name Decoding Functions */ + //@{ +@@ -189,20 +189,20 @@ public : + * \brief Get OpenSSL encode context structure + */ + +- EVP_ENCODE_CTX * getOpenSSLEncodeEVP_ENCODE_CTX(void) {return &m_ectx;} ++ EVP_ENCODE_CTX * getOpenSSLEncodeEVP_ENCODE_CTX(void) {return m_ectx;} + + /** + * \brief Get OpenSSL encode context structure + */ + +- EVP_ENCODE_CTX * getOpenSSLDecodeEVP_ENCODE_CTX(void) {return &m_dctx;} ++ EVP_ENCODE_CTX * getOpenSSLDecodeEVP_ENCODE_CTX(void) {return m_dctx;} + + //@} + + private : + +- EVP_ENCODE_CTX m_ectx; // Encode context +- EVP_ENCODE_CTX m_dctx; // Decode context ++ EVP_ENCODE_CTX *m_ectx; // Encode context ++ EVP_ENCODE_CTX *m_dctx; // Decode context + + }; + diff --git a/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoHash.cpp b/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoHash.cpp new file mode 100644 index 00000000000..f1b8623b28b --- /dev/null +++ b/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoHash.cpp @@ -0,0 +1,60 @@ +$NetBSD: patch-xsec_enc_OpenSSL_OpenSSLCryptoHash.cpp,v 1.1 2018/04/30 05:25:24 ryoon Exp $ + +--- xsec/enc/OpenSSL/OpenSSLCryptoHash.cpp.orig 2012-07-23 16:56:11.000000000 +0000 ++++ xsec/enc/OpenSSL/OpenSSLCryptoHash.cpp +@@ -40,6 +40,7 @@ + + OpenSSLCryptoHash::OpenSSLCryptoHash(HashType alg) { + ++ m_mdctx = EVP_MD_CTX_create(); + switch (alg) { + + case (XSECCryptoHash::HASH_SHA1) : +@@ -104,7 +105,7 @@ OpenSSLCryptoHash::OpenSSLCryptoHash(Has + "OpenSSL:Hash - Error loading Message Digest"); + } + +- EVP_DigestInit(&m_mdctx, mp_md); ++ EVP_DigestInit(m_mdctx, mp_md); + m_hashType = alg; + + } +@@ -112,7 +113,7 @@ OpenSSLCryptoHash::OpenSSLCryptoHash(Has + + OpenSSLCryptoHash::~OpenSSLCryptoHash() { + +- EVP_MD_CTX_cleanup(&m_mdctx); ++ EVP_MD_CTX_free(m_mdctx); + + } + +@@ -121,16 +122,16 @@ OpenSSLCryptoHash::~OpenSSLCryptoHash() + // Hashing Activities + void OpenSSLCryptoHash::reset(void) { + +- EVP_MD_CTX_cleanup(&m_mdctx); +- +- EVP_DigestInit(&m_mdctx, mp_md); ++ EVP_MD_CTX_free(m_mdctx); ++ m_mdctx = EVP_MD_CTX_new(); ++ EVP_DigestInit(m_mdctx, mp_md); + + } + + void OpenSSLCryptoHash::hash(unsigned char * data, + unsigned int length) { + +- EVP_DigestUpdate(&m_mdctx, data, length); ++ EVP_DigestUpdate(m_mdctx, data, length); + + } + unsigned int OpenSSLCryptoHash::finish(unsigned char * hash, +@@ -140,7 +141,7 @@ unsigned int OpenSSLCryptoHash::finish(u + + // Finish up and copy out hash, returning the length + +- EVP_DigestFinal(&m_mdctx, m_mdValue, &m_mdLen); ++ EVP_DigestFinal(m_mdctx, m_mdValue, &m_mdLen); + + // Copy to output buffer + diff --git a/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoHash.hpp b/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoHash.hpp new file mode 100644 index 00000000000..5a47be2ebea --- /dev/null +++ b/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoHash.hpp @@ -0,0 +1,22 @@ +$NetBSD: patch-xsec_enc_OpenSSL_OpenSSLCryptoHash.hpp,v 1.1 2018/04/30 05:25:24 ryoon Exp $ + +--- xsec/enc/OpenSSL/OpenSSLCryptoHash.hpp.orig 2012-07-23 16:56:11.000000000 +0000 ++++ xsec/enc/OpenSSL/OpenSSLCryptoHash.hpp +@@ -138,7 +138,7 @@ public : + * \brief Get OpenSSL hash context structure + */ + +- EVP_MD_CTX * getOpenSSLEVP_MD_CTX(void) {return &m_mdctx;} ++ EVP_MD_CTX * getOpenSSLEVP_MD_CTX(void) {return m_mdctx;} + + //@} + +@@ -148,7 +148,7 @@ private: + // Not implemented constructors + OpenSSLCryptoHash(); + +- EVP_MD_CTX m_mdctx; // Context for digest ++ EVP_MD_CTX *m_mdctx; // Context for digest + const EVP_MD * mp_md; // Digest instance + unsigned char m_mdValue[EVP_MAX_MD_SIZE]; // Final output + unsigned int m_mdLen; // Length of digest diff --git a/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoHashHMAC.cpp b/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoHashHMAC.cpp new file mode 100644 index 00000000000..4832c147d87 --- /dev/null +++ b/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoHashHMAC.cpp @@ -0,0 +1,61 @@ +$NetBSD: patch-xsec_enc_OpenSSL_OpenSSLCryptoHashHMAC.cpp,v 1.1 2018/04/30 05:25:24 ryoon Exp $ + +--- xsec/enc/OpenSSL/OpenSSLCryptoHashHMAC.cpp.orig 2012-07-23 16:56:11.000000000 +0000 ++++ xsec/enc/OpenSSL/OpenSSLCryptoHashHMAC.cpp +@@ -43,6 +43,7 @@ + OpenSSLCryptoHashHMAC::OpenSSLCryptoHashHMAC(HashType alg) { + + // Initialise the digest ++ m_hctx = HMAC_CTX_new(); + + switch (alg) { + +@@ -127,7 +128,7 @@ void OpenSSLCryptoHashHMAC::setKey(XSECC + m_keyLen = ((XSECCryptoKeyHMAC *) key)->getKey(m_keyBuf); + + +- HMAC_Init(&m_hctx, ++ HMAC_Init(m_hctx, + m_keyBuf.rawBuffer(), + m_keyLen, + mp_md); +@@ -139,7 +140,7 @@ void OpenSSLCryptoHashHMAC::setKey(XSECC + OpenSSLCryptoHashHMAC::~OpenSSLCryptoHashHMAC() { + + if (m_initialised) +- HMAC_CTX_cleanup(&m_hctx); ++ HMAC_CTX_free(m_hctx); + + } + +@@ -151,9 +152,9 @@ void OpenSSLCryptoHashHMAC::reset(void) + + if (m_initialised) { + +- HMAC_CTX_cleanup(&m_hctx); +- +- HMAC_Init(&m_hctx, ++ HMAC_CTX_free(m_hctx); ++ m_hctx = HMAC_CTX_new(); ++ HMAC_Init(m_hctx, + m_keyBuf.rawBuffer(), + m_keyLen, + mp_md); +@@ -170,7 +171,7 @@ void OpenSSLCryptoHashHMAC::hash(unsigne + "OpenSSL:HashHMAC - hash called prior to setKey"); + + +- HMAC_Update(&m_hctx, data, (int) length); ++ HMAC_Update(m_hctx, data, (int) length); + + } + +@@ -181,7 +182,7 @@ unsigned int OpenSSLCryptoHashHMAC::fini + + // Finish up and copy out hash, returning the length + +- HMAC_Final(&m_hctx, m_mdValue, &m_mdLen); ++ HMAC_Final(m_hctx, m_mdValue, &m_mdLen); + + // Copy to output buffer + diff --git a/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoHashHMAC.hpp b/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoHashHMAC.hpp new file mode 100644 index 00000000000..4e89fa74ba6 --- /dev/null +++ b/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoHashHMAC.hpp @@ -0,0 +1,22 @@ +$NetBSD: patch-xsec_enc_OpenSSL_OpenSSLCryptoHashHMAC.hpp,v 1.1 2018/04/30 05:25:24 ryoon Exp $ + +--- xsec/enc/OpenSSL/OpenSSLCryptoHashHMAC.hpp.orig 2012-07-23 16:56:11.000000000 +0000 ++++ xsec/enc/OpenSSL/OpenSSLCryptoHashHMAC.hpp +@@ -162,7 +162,7 @@ public : + * \brief Get OpenSSL Hash Context + */ + +- HMAC_CTX * getOpenSSLHMAC_CTX(void) {return &m_hctx;} ++ HMAC_CTX * getOpenSSLHMAC_CTX(void) {return m_hctx;} + + //@} + +@@ -175,7 +175,7 @@ private: + unsigned char m_mdValue[EVP_MAX_MD_SIZE]; // Final output + unsigned int m_mdLen; // Length of digest + HashType m_hashType; // What type of hash is this? +- HMAC_CTX m_hctx; // Context for HMAC ++ HMAC_CTX *m_hctx; // Context for HMAC + safeBuffer m_keyBuf; // The loaded key + unsigned int m_keyLen; // The loaded key length + bool m_initialised; diff --git a/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoKeyDSA.cpp b/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoKeyDSA.cpp new file mode 100644 index 00000000000..b4e38221b69 --- /dev/null +++ b/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoKeyDSA.cpp @@ -0,0 +1,177 @@ +$NetBSD: patch-xsec_enc_OpenSSL_OpenSSLCryptoKeyDSA.cpp,v 1.1 2018/04/30 05:25:24 ryoon Exp $ + +--- xsec/enc/OpenSSL/OpenSSLCryptoKeyDSA.cpp.orig 2015-01-29 02:52:17.000000000 +0000 ++++ xsec/enc/OpenSSL/OpenSSLCryptoKeyDSA.cpp +@@ -64,13 +64,15 @@ XSECCryptoKey::KeyType OpenSSLCryptoKeyD + if (mp_dsaKey == NULL) + return KEY_NONE; + +- if (mp_dsaKey->priv_key != NULL && mp_dsaKey->pub_key != NULL) ++ const BIGNUM *pub_key = 0, *priv_key = 0; ++ DSA_get0_key(mp_dsaKey, &pub_key, &priv_key); ++ if (priv_key != NULL && pub_key != NULL) + return KEY_DSA_PAIR; + +- if (mp_dsaKey->priv_key != NULL) ++ if (priv_key != NULL) + return KEY_DSA_PRIVATE; + +- if (mp_dsaKey->pub_key != NULL) ++ if (pub_key != NULL) + return KEY_DSA_PUBLIC; + + return KEY_NONE; +@@ -82,7 +84,7 @@ void OpenSSLCryptoKeyDSA::loadPBase64Big + if (mp_dsaKey == NULL) + mp_dsaKey = DSA_new(); + +- mp_dsaKey->p = OpenSSLCryptoBase64::b642BN((char *) b64, len); ++ DSA_set0_pqg(mp_dsaKey, OpenSSLCryptoBase64::b642BN((char *) b64, len), 0, 0); + + } + +@@ -91,7 +93,7 @@ void OpenSSLCryptoKeyDSA::loadQBase64Big + if (mp_dsaKey == NULL) + mp_dsaKey = DSA_new(); + +- mp_dsaKey->q = OpenSSLCryptoBase64::b642BN((char *) b64, len); ++ DSA_set0_pqg(mp_dsaKey, 0, OpenSSLCryptoBase64::b642BN((char *) b64, len), 0); + + } + +@@ -100,7 +102,7 @@ void OpenSSLCryptoKeyDSA::loadGBase64Big + if (mp_dsaKey == NULL) + mp_dsaKey = DSA_new(); + +- mp_dsaKey->g = OpenSSLCryptoBase64::b642BN((char *) b64, len); ++ DSA_set0_pqg(mp_dsaKey, 0, 0, OpenSSLCryptoBase64::b642BN((char *) b64, len)); + + } + +@@ -109,7 +111,7 @@ void OpenSSLCryptoKeyDSA::loadYBase64Big + if (mp_dsaKey == NULL) + mp_dsaKey = DSA_new(); + +- mp_dsaKey->pub_key = OpenSSLCryptoBase64::b642BN((char *) b64, len); ++ DSA_set0_key(mp_dsaKey, OpenSSLCryptoBase64::b642BN((char *) b64, len), 0); + + } + +@@ -130,20 +132,15 @@ OpenSSLCryptoKeyDSA::OpenSSLCryptoKeyDSA + + mp_dsaKey = DSA_new(); + +- if (k == NULL || k->type != EVP_PKEY_DSA) ++ if (k == NULL || EVP_PKEY_base_id(k) != EVP_PKEY_DSA) + return; // Nothing to do with us + +- +- if (k->pkey.dsa->p) +- mp_dsaKey->p = BN_dup(k->pkey.dsa->p); +- if (k->pkey.dsa->q) +- mp_dsaKey->q = BN_dup(k->pkey.dsa->q); +- if (k->pkey.dsa->g) +- mp_dsaKey->g = BN_dup(k->pkey.dsa->g); +- if (k->pkey.dsa->pub_key) +- mp_dsaKey->pub_key = BN_dup(k->pkey.dsa->pub_key); +- if (k->pkey.dsa->priv_key) +- mp_dsaKey->priv_key = BN_dup(k->pkey.dsa->priv_key); ++ DSA *dsa = EVP_PKEY_get0_DSA(k); ++ const BIGNUM *p = 0, *q = 0, *g = 0, *pub_key = 0, *priv_key = 0; ++ DSA_get0_pqg(dsa, &p, &q, &g); ++ DSA_get0_key(dsa, &pub_key, &priv_key); ++ DSA_set0_pqg(mp_dsaKey, BN_dup(p), BN_dup(q), BN_dup(g)); ++ DSA_set0_key(mp_dsaKey, BN_dup(pub_key), BN_dup(priv_key)); + + } + +@@ -175,9 +172,9 @@ bool OpenSSLCryptoKeyDSA::verifyBase64Si + unsigned char* sigVal = new unsigned char[sigLen + 1]; + ArrayJanitor<unsigned char> j_sigVal(sigVal); + +- EVP_ENCODE_CTX m_dctx; +- EVP_DecodeInit(&m_dctx); +- int rc = EVP_DecodeUpdate(&m_dctx, ++ EVP_ENCODE_CTX *m_dctx = EVP_ENCODE_CTX_new(); ++ EVP_DecodeInit(m_dctx); ++ int rc = EVP_DecodeUpdate(m_dctx, + sigVal, + &sigValLen, + (unsigned char *) cleanedBase64Signature, +@@ -190,7 +187,8 @@ bool OpenSSLCryptoKeyDSA::verifyBase64Si + } + int t = 0; + +- EVP_DecodeFinal(&m_dctx, &sigVal[sigValLen], &t); ++ EVP_DecodeFinal(m_dctx, &sigVal[sigValLen], &t); ++ EVP_ENCODE_CTX_free(m_dctx); + + sigValLen += t; + +@@ -223,12 +221,7 @@ bool OpenSSLCryptoKeyDSA::verifyBase64Si + } + + DSA_SIG * dsa_sig = DSA_SIG_new(); +- +- dsa_sig->r = BN_dup(R); +- dsa_sig->s = BN_dup(S); +- +- BN_free(R); +- BN_free(S); ++ DSA_SIG_set0(dsa_sig, R, S); + + // Now we have a signature and a key - lets check + +@@ -267,6 +260,8 @@ unsigned int OpenSSLCryptoKeyDSA::signBa + DSA_SIG * dsa_sig; + + dsa_sig = DSA_do_sign(hashBuf, hashLen, mp_dsaKey); ++ const BIGNUM *r = 0, *s = 0; ++ DSA_SIG_get0(dsa_sig, &r, &s); + + if (dsa_sig == NULL) { + +@@ -277,10 +272,10 @@ unsigned int OpenSSLCryptoKeyDSA::signBa + + // Now turn the signature into a base64 string + +- unsigned char* rawSigBuf = new unsigned char[(BN_num_bits(dsa_sig->r) + BN_num_bits(dsa_sig->s) + 7) / 8]; ++ unsigned char* rawSigBuf = new unsigned char[(BN_num_bits(r) + BN_num_bits(s) + 7) / 8]; + ArrayJanitor<unsigned char> j_sigbuf(rawSigBuf); + +- unsigned int rawLen = BN_bn2bin(dsa_sig->r, rawSigBuf); ++ unsigned int rawLen = BN_bn2bin(r, rawSigBuf); + + if (rawLen <= 0) { + +@@ -289,7 +284,7 @@ unsigned int OpenSSLCryptoKeyDSA::signBa + + } + +- unsigned int rawLenS = BN_bn2bin(dsa_sig->s, (unsigned char *) &rawSigBuf[rawLen]); ++ unsigned int rawLenS = BN_bn2bin(s, (unsigned char *) &rawSigBuf[rawLen]); + + if (rawLenS <= 0) { + +@@ -339,16 +334,11 @@ XSECCryptoKey * OpenSSLCryptoKeyDSA::clo + ret->mp_dsaKey = DSA_new(); + + // Duplicate parameters +- if (mp_dsaKey->p) +- ret->mp_dsaKey->p = BN_dup(mp_dsaKey->p); +- if (mp_dsaKey->q) +- ret->mp_dsaKey->q = BN_dup(mp_dsaKey->q); +- if (mp_dsaKey->g) +- ret->mp_dsaKey->g = BN_dup(mp_dsaKey->g); +- if (mp_dsaKey->pub_key) +- ret->mp_dsaKey->pub_key = BN_dup(mp_dsaKey->pub_key); +- if (mp_dsaKey->priv_key) +- ret->mp_dsaKey->priv_key = BN_dup(mp_dsaKey->priv_key); ++ const BIGNUM *p = 0, *q = 0, *g = 0, *pub_key = 0, *priv_key = 0; ++ DSA_get0_pqg(mp_dsaKey, &p, &q, &g); ++ DSA_get0_key(mp_dsaKey, &pub_key, &priv_key); ++ DSA_set0_pqg(ret->mp_dsaKey, BN_dup(p), BN_dup(q), BN_dup(g)); ++ DSA_set0_key(ret->mp_dsaKey, BN_dup(pub_key), BN_dup(priv_key)); + + return ret; + diff --git a/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoKeyEC.cpp b/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoKeyEC.cpp new file mode 100644 index 00000000000..2f75ed0eeac --- /dev/null +++ b/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoKeyEC.cpp @@ -0,0 +1,80 @@ +$NetBSD: patch-xsec_enc_OpenSSL_OpenSSLCryptoKeyEC.cpp,v 1.1 2018/04/30 05:25:24 ryoon Exp $ + +--- xsec/enc/OpenSSL/OpenSSLCryptoKeyEC.cpp.orig 2015-02-03 00:57:48.000000000 +0000 ++++ xsec/enc/OpenSSL/OpenSSLCryptoKeyEC.cpp +@@ -128,10 +128,10 @@ OpenSSLCryptoKeyEC::OpenSSLCryptoKeyEC(E + + // Create a new key to be loaded as we go + +- if (k == NULL || k->type != EVP_PKEY_EC) ++ if (k == NULL || EVP_PKEY_base_id(k) != EVP_PKEY_EC) + return; // Nothing to do with us + +- mp_ecKey = EC_KEY_dup(k->pkey.ec); ++ mp_ecKey = EC_KEY_dup(EVP_PKEY_get0_EC_KEY(k)); + } + + // -------------------------------------------------------------------------------- +@@ -162,9 +162,9 @@ bool OpenSSLCryptoKeyEC::verifyBase64Sig + unsigned char* sigVal = new unsigned char[sigLen + 1]; + ArrayJanitor<unsigned char> j_sigVal(sigVal); + +- EVP_ENCODE_CTX m_dctx; +- EVP_DecodeInit(&m_dctx); +- int rc = EVP_DecodeUpdate(&m_dctx, ++ EVP_ENCODE_CTX *m_dctx = EVP_ENCODE_CTX_new(); ++ EVP_DecodeInit(m_dctx); ++ int rc = EVP_DecodeUpdate(m_dctx, + sigVal, + &sigValLen, + (unsigned char *) cleanedBase64Signature, +@@ -177,7 +177,8 @@ bool OpenSSLCryptoKeyEC::verifyBase64Sig + } + int t = 0; + +- EVP_DecodeFinal(&m_dctx, &sigVal[sigValLen], &t); ++ EVP_DecodeFinal(m_dctx, &sigVal[sigValLen], &t); ++ EVP_ENCODE_CTX_free(m_dctx); + + sigValLen += t; + +@@ -189,8 +190,9 @@ bool OpenSSLCryptoKeyEC::verifyBase64Sig + // Translate to BNs by splitting in half, and thence to ECDSA_SIG + + ECDSA_SIG * dsa_sig = ECDSA_SIG_new(); +- dsa_sig->r = BN_bin2bn(sigVal, sigValLen / 2, NULL); +- dsa_sig->s = BN_bin2bn(&sigVal[sigValLen / 2], sigValLen / 2, NULL); ++ ECDSA_SIG_set0(dsa_sig, ++ BN_bin2bn(sigVal, sigValLen / 2, NULL), ++ BN_bin2bn(&sigVal[sigValLen / 2], sigValLen / 2, NULL)); + + // Now we have a signature and a key - lets check + +@@ -228,6 +230,8 @@ unsigned int OpenSSLCryptoKeyEC::signBas + ECDSA_SIG * dsa_sig; + + dsa_sig = ECDSA_do_sign(hashBuf, hashLen, mp_ecKey); ++ const BIGNUM *r, *s; ++ ECDSA_SIG_get0(dsa_sig, &r, &s); + + if (dsa_sig == NULL) { + throw XSECCryptoException(XSECCryptoException::ECError, +@@ -263,14 +267,14 @@ unsigned int OpenSSLCryptoKeyEC::signBas + memset(rawSigBuf, 0, keyLen * 2); + ArrayJanitor<unsigned char> j_sigbuf(rawSigBuf); + +- unsigned int rawLen = (BN_num_bits(dsa_sig->r) + 7) / 8; +- if (BN_bn2bin(dsa_sig->r, rawSigBuf + keyLen - rawLen) <= 0) { ++ unsigned int rawLen = (BN_num_bits(r) + 7) / 8; ++ if (BN_bn2bin(r, rawSigBuf + keyLen - rawLen) <= 0) { + throw XSECCryptoException(XSECCryptoException::ECError, + "OpenSSL:EC - Error copying signature 'r' value to buffer"); + } + +- rawLen = (BN_num_bits(dsa_sig->s) + 7) / 8; +- if (BN_bn2bin(dsa_sig->s, rawSigBuf + keyLen + keyLen - rawLen) <= 0) { ++ rawLen = (BN_num_bits(s) + 7) / 8; ++ if (BN_bn2bin(s, rawSigBuf + keyLen + keyLen - rawLen) <= 0) { + throw XSECCryptoException(XSECCryptoException::ECError, + "OpenSSL:EC - Error copying signature 's' value to buffer"); + } diff --git a/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoKeyRSA.cpp b/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoKeyRSA.cpp new file mode 100644 index 00000000000..6d47b7f34e4 --- /dev/null +++ b/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoKeyRSA.cpp @@ -0,0 +1,143 @@ +$NetBSD: patch-xsec_enc_OpenSSL_OpenSSLCryptoKeyRSA.cpp,v 1.1 2018/04/30 05:25:24 ryoon Exp $ + +--- xsec/enc/OpenSSL/OpenSSLCryptoKeyRSA.cpp.orig 2012-07-23 16:56:11.000000000 +0000 ++++ xsec/enc/OpenSSL/OpenSSLCryptoKeyRSA.cpp +@@ -326,13 +326,15 @@ XSECCryptoKey::KeyType OpenSSLCryptoKeyR + if (mp_rsaKey == NULL) + return KEY_NONE; + +- if (mp_rsaKey->n != NULL && mp_rsaKey->d != NULL) ++ const BIGNUM *n = 0, *e = 0, *d = 0; ++ RSA_get0_key(mp_rsaKey, &n, &e, &d); ++ if (n != NULL && d != NULL) + return KEY_RSA_PAIR; + +- if (mp_rsaKey->d != NULL) ++ if (d != NULL) + return KEY_RSA_PRIVATE; + +- if (mp_rsaKey->n != NULL) ++ if (n != NULL) + return KEY_RSA_PUBLIC; + + return KEY_NONE; +@@ -344,7 +346,7 @@ void OpenSSLCryptoKeyRSA::loadPublicModu + if (mp_rsaKey == NULL) + mp_rsaKey = RSA_new(); + +- mp_rsaKey->n = OpenSSLCryptoBase64::b642BN((char *) b64, len); ++ RSA_set0_key(mp_rsaKey, OpenSSLCryptoBase64::b642BN((char *) b64, len), 0, 0); + + } + +@@ -353,7 +355,7 @@ void OpenSSLCryptoKeyRSA::loadPublicExpo + if (mp_rsaKey == NULL) + mp_rsaKey = RSA_new(); + +- mp_rsaKey->e = OpenSSLCryptoBase64::b642BN((char *) b64, len); ++ RSA_set0_key(mp_rsaKey, 0, OpenSSLCryptoBase64::b642BN((char *) b64, len), 0); + + } + +@@ -369,32 +371,17 @@ OpenSSLCryptoKeyRSA::OpenSSLCryptoKeyRSA + + mp_rsaKey = RSA_new(); + +- if (k == NULL || k->type != EVP_PKEY_RSA) ++ if (k == NULL || EVP_PKEY_base_id(k) != EVP_PKEY_RSA) + return; // Nothing to do with us + +- if (k->pkey.rsa->n) +- mp_rsaKey->n = BN_dup(k->pkey.rsa->n); +- +- if (k->pkey.rsa->e) +- mp_rsaKey->e = BN_dup(k->pkey.rsa->e); +- +- if (k->pkey.rsa->d) +- mp_rsaKey->d = BN_dup(k->pkey.rsa->d); +- +- if (k->pkey.rsa->p) +- mp_rsaKey->p = BN_dup(k->pkey.rsa->p); +- +- if (k->pkey.rsa->q) +- mp_rsaKey->q = BN_dup(k->pkey.rsa->q); +- +- if (k->pkey.rsa->dmp1) +- mp_rsaKey->dmp1 = BN_dup(k->pkey.rsa->dmp1); +- +- if (k->pkey.rsa->dmq1) +- mp_rsaKey->dmq1 = BN_dup(k->pkey.rsa->dmq1); +- +- if (k->pkey.rsa->iqmp) +- mp_rsaKey->iqmp = BN_dup(k->pkey.rsa->iqmp); ++ RSA *rsa = EVP_PKEY_get0_RSA(k); ++ const BIGNUM *n = 0, *e = 0, *d = 0, *p = 0, *q = 0, *dmp1 = 0, *dmq1 = 0, *iqmp = 0; ++ RSA_get0_key(rsa, &n, &e, &d); ++ RSA_get0_factors(rsa, &p, &q); ++ RSA_get0_crt_params(rsa, &dmp1, &dmq1, &iqmp); ++ RSA_set0_key(mp_rsaKey, BN_dup(n), BN_dup(e), BN_dup(d)); ++ RSA_set0_factors(mp_rsaKey, BN_dup(p), BN_dup(q)); ++ RSA_set0_crt_params(mp_rsaKey, BN_dup(dmp1), BN_dup(dmq1), BN_dup(iqmp)); + + } + +@@ -427,9 +414,9 @@ bool OpenSSLCryptoKeyRSA::verifySHA1PKCS + unsigned char* sigVal = new unsigned char[sigLen + 1]; + ArrayJanitor<unsigned char> j_sigVal(sigVal); + +- EVP_ENCODE_CTX m_dctx; +- EVP_DecodeInit(&m_dctx); +- int rc = EVP_DecodeUpdate(&m_dctx, ++ EVP_ENCODE_CTX *m_dctx = EVP_ENCODE_CTX_new(); ++ EVP_DecodeInit(m_dctx); ++ int rc = EVP_DecodeUpdate(m_dctx, + sigVal, + &sigValLen, + (unsigned char *) cleanedBase64Signature, +@@ -442,7 +429,8 @@ bool OpenSSLCryptoKeyRSA::verifySHA1PKCS + } + int t = 0; + +- EVP_DecodeFinal(&m_dctx, &sigVal[sigValLen], &t); ++ EVP_DecodeFinal(m_dctx, &sigVal[sigValLen], &t); ++ EVP_ENCODE_CTX_free(m_dctx); + + sigValLen += t; + +@@ -979,29 +967,13 @@ XSECCryptoKey * OpenSSLCryptoKeyRSA::clo + + // Duplicate parameters + +- if (mp_rsaKey->n) +- ret->mp_rsaKey->n = BN_dup(mp_rsaKey->n); +- +- if (mp_rsaKey->e) +- ret->mp_rsaKey->e = BN_dup(mp_rsaKey->e); +- +- if (mp_rsaKey->d) +- ret->mp_rsaKey->d = BN_dup(mp_rsaKey->d); +- +- if (mp_rsaKey->p) +- ret->mp_rsaKey->p = BN_dup(mp_rsaKey->p); +- +- if (mp_rsaKey->q) +- ret->mp_rsaKey->q = BN_dup(mp_rsaKey->q); +- +- if (mp_rsaKey->dmp1) +- ret->mp_rsaKey->dmp1 = BN_dup(mp_rsaKey->dmp1); +- +- if (mp_rsaKey->dmq1) +- ret->mp_rsaKey->dmq1 = BN_dup(mp_rsaKey->dmq1); +- +- if (mp_rsaKey->iqmp) +- ret->mp_rsaKey->iqmp = BN_dup(mp_rsaKey->iqmp); ++ const BIGNUM *n = 0, *e = 0, *d = 0, *p = 0, *q = 0, *dmp1 = 0, *dmq1 = 0, *iqmp = 0; ++ RSA_get0_key(mp_rsaKey, &n, &e, &d); ++ RSA_get0_factors(mp_rsaKey, &p, &q); ++ RSA_get0_crt_params(mp_rsaKey, &dmp1, &dmq1, &iqmp); ++ RSA_set0_key(ret->mp_rsaKey, BN_dup(n), BN_dup(e), BN_dup(d)); ++ RSA_set0_factors(ret->mp_rsaKey, BN_dup(p), BN_dup(q)); ++ RSA_set0_crt_params(ret->mp_rsaKey, BN_dup(dmp1), BN_dup(dmq1), BN_dup(iqmp)); + + return ret; + diff --git a/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoProvider.cpp b/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoProvider.cpp new file mode 100644 index 00000000000..378d6016bad --- /dev/null +++ b/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoProvider.cpp @@ -0,0 +1,13 @@ +$NetBSD: patch-xsec_enc_OpenSSL_OpenSSLCryptoProvider.cpp,v 1.1 2018/04/30 05:25:24 ryoon Exp $ + +--- xsec/enc/OpenSSL/OpenSSLCryptoProvider.cpp.orig 2012-07-23 16:56:11.000000000 +0000 ++++ xsec/enc/OpenSSL/OpenSSLCryptoProvider.cpp +@@ -343,7 +343,7 @@ XSECCryptoKey* OpenSSLCryptoProvider::ke + if (pkey) { + XSECCryptoKey* ret = NULL; + try { +- switch (pkey->type) { ++ switch (EVP_PKEY_base_id(pkey)) { + case EVP_PKEY_RSA: + ret = new OpenSSLCryptoKeyRSA(pkey); + break; diff --git a/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoSymmetricKey.cpp b/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoSymmetricKey.cpp new file mode 100644 index 00000000000..54935d30b82 --- /dev/null +++ b/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoSymmetricKey.cpp @@ -0,0 +1,311 @@ +$NetBSD: patch-xsec_enc_OpenSSL_OpenSSLCryptoSymmetricKey.cpp,v 1.1 2018/04/30 05:25:24 ryoon Exp $ + +--- xsec/enc/OpenSSL/OpenSSLCryptoSymmetricKey.cpp.orig 2015-01-29 02:52:17.000000000 +0000 ++++ xsec/enc/OpenSSL/OpenSSLCryptoSymmetricKey.cpp +@@ -56,7 +56,8 @@ m_tagBuf(""), + m_keyLen(0), + m_initialised(false) { + +- EVP_CIPHER_CTX_init(&m_ctx); ++ m_ctx = EVP_CIPHER_CTX_new(); ++ EVP_CIPHER_CTX_init(m_ctx); + m_keyBuf.isSensitive(); + + } +@@ -65,7 +66,7 @@ OpenSSLCryptoSymmetricKey::~OpenSSLCrypt + + // Clean up the context + +- EVP_CIPHER_CTX_cleanup(&m_ctx); ++ EVP_CIPHER_CTX_free(m_ctx); + } + + // -------------------------------------------------------------------------------- +@@ -149,17 +150,17 @@ int OpenSSLCryptoSymmetricKey::decryptCt + with 0.9.6 */ + + #if defined(XSEC_OPENSSL_CONST_BUFFERS) +- EVP_DecryptInit(&m_ctx, EVP_des_ede3_cbc(),m_keyBuf.rawBuffer(), iv); ++ EVP_DecryptInit(m_ctx, EVP_des_ede3_cbc(),m_keyBuf.rawBuffer(), iv); + #else +- EVP_DecryptInit(&m_ctx, EVP_des_ede3_cbc(),(unsigned char *) m_keyBuf.rawBuffer(), (unsigned char *) iv); ++ EVP_DecryptInit(m_ctx, EVP_des_ede3_cbc(),(unsigned char *) m_keyBuf.rawBuffer(), (unsigned char *) iv); + #endif + m_ivSize = 8; + } + else if (m_keyMode == MODE_ECB) { + #if defined(XSEC_OPENSSL_CONST_BUFFERS) +- EVP_DecryptInit(&m_ctx, EVP_des_ecb(), m_keyBuf.rawBuffer(), NULL); ++ EVP_DecryptInit(m_ctx, EVP_des_ecb(), m_keyBuf.rawBuffer(), NULL); + #else +- EVP_DecryptInit(&m_ctx, EVP_des_ecb(), (unsigned char *) m_keyBuf.rawBuffer(), NULL); ++ EVP_DecryptInit(m_ctx, EVP_des_ecb(), (unsigned char *) m_keyBuf.rawBuffer(), NULL); + #endif + m_ivSize = 0; + } +@@ -184,7 +185,7 @@ int OpenSSLCryptoSymmetricKey::decryptCt + return 0; // Cannot initialise without an IV + } + +- EVP_DecryptInit_ex(&m_ctx, EVP_aes_128_cbc(), NULL, m_keyBuf.rawBuffer(), iv); ++ EVP_DecryptInit_ex(m_ctx, EVP_aes_128_cbc(), NULL, m_keyBuf.rawBuffer(), iv); + + } + #if defined (XSEC_OPENSSL_HAVE_GCM) +@@ -207,15 +208,15 @@ int OpenSSLCryptoSymmetricKey::decryptCt + } + + // We have everything, so we can fully init. +- EVP_CipherInit(&m_ctx, EVP_aes_128_gcm(), NULL, NULL, 0); +- EVP_CIPHER_CTX_ctrl(&m_ctx, EVP_CTRL_GCM_SET_IVLEN, 12, NULL); +- EVP_CIPHER_CTX_ctrl(&m_ctx, EVP_CTRL_GCM_SET_TAG, 16, (void*)m_tagBuf.rawBuffer()); +- EVP_CipherInit(&m_ctx, NULL, m_keyBuf.rawBuffer(), iv, 0); ++ EVP_CipherInit(m_ctx, EVP_aes_128_gcm(), NULL, NULL, 0); ++ EVP_CIPHER_CTX_ctrl(m_ctx, EVP_CTRL_GCM_SET_IVLEN, 12, NULL); ++ EVP_CIPHER_CTX_ctrl(m_ctx, EVP_CTRL_GCM_SET_TAG, 16, (void*)m_tagBuf.rawBuffer()); ++ EVP_CipherInit(m_ctx, NULL, m_keyBuf.rawBuffer(), iv, 0); + } + #endif + else if (m_keyMode == MODE_ECB) { + +- EVP_DecryptInit_ex(&m_ctx, EVP_aes_128_ecb(), NULL, m_keyBuf.rawBuffer(), NULL); ++ EVP_DecryptInit_ex(m_ctx, EVP_aes_128_ecb(), NULL, m_keyBuf.rawBuffer(), NULL); + + } + else { +@@ -236,7 +237,7 @@ int OpenSSLCryptoSymmetricKey::decryptCt + return 0; // Cannot initialise without an IV + } + +- EVP_DecryptInit_ex(&m_ctx, EVP_aes_192_cbc(), NULL, m_keyBuf.rawBuffer(), iv); ++ EVP_DecryptInit_ex(m_ctx, EVP_aes_192_cbc(), NULL, m_keyBuf.rawBuffer(), iv); + + } + #if defined (XSEC_OPENSSL_HAVE_GCM) +@@ -259,16 +260,16 @@ int OpenSSLCryptoSymmetricKey::decryptCt + } + + // We have everything, so we can fully init. +- EVP_CipherInit(&m_ctx, EVP_aes_192_gcm(), NULL, NULL, 0); +- EVP_CIPHER_CTX_ctrl(&m_ctx, EVP_CTRL_GCM_SET_IVLEN, 12, NULL); +- EVP_CIPHER_CTX_ctrl(&m_ctx, EVP_CTRL_GCM_SET_TAG, 16, (void*)m_tagBuf.rawBuffer()); +- EVP_CipherInit(&m_ctx, NULL, m_keyBuf.rawBuffer(), iv, 0); ++ EVP_CipherInit(m_ctx, EVP_aes_192_gcm(), NULL, NULL, 0); ++ EVP_CIPHER_CTX_ctrl(m_ctx, EVP_CTRL_GCM_SET_IVLEN, 12, NULL); ++ EVP_CIPHER_CTX_ctrl(m_ctx, EVP_CTRL_GCM_SET_TAG, 16, (void*)m_tagBuf.rawBuffer()); ++ EVP_CipherInit(m_ctx, NULL, m_keyBuf.rawBuffer(), iv, 0); + + } + #endif + else if (m_keyMode == MODE_ECB) { + +- EVP_DecryptInit_ex(&m_ctx, EVP_aes_192_ecb(), NULL, m_keyBuf.rawBuffer(), NULL); ++ EVP_DecryptInit_ex(m_ctx, EVP_aes_192_ecb(), NULL, m_keyBuf.rawBuffer(), NULL); + + } + else { +@@ -289,7 +290,7 @@ int OpenSSLCryptoSymmetricKey::decryptCt + return 0; // Cannot initialise without an IV + } + +- EVP_DecryptInit_ex(&m_ctx, EVP_aes_256_cbc(), NULL, m_keyBuf.rawBuffer(), iv); ++ EVP_DecryptInit_ex(m_ctx, EVP_aes_256_cbc(), NULL, m_keyBuf.rawBuffer(), iv); + + } + #if defined (XSEC_OPENSSL_HAVE_GCM) +@@ -312,16 +313,16 @@ int OpenSSLCryptoSymmetricKey::decryptCt + } + + // We have everything, so we can fully init. +- EVP_CipherInit(&m_ctx, EVP_aes_256_gcm(), NULL, NULL, 0); +- EVP_CIPHER_CTX_ctrl(&m_ctx, EVP_CTRL_GCM_SET_IVLEN, 12, NULL); +- EVP_CIPHER_CTX_ctrl(&m_ctx, EVP_CTRL_GCM_SET_TAG, 16, (void*)m_tagBuf.rawBuffer()); +- EVP_CipherInit(&m_ctx, NULL, m_keyBuf.rawBuffer(), iv, 0); ++ EVP_CipherInit(m_ctx, EVP_aes_256_gcm(), NULL, NULL, 0); ++ EVP_CIPHER_CTX_ctrl(m_ctx, EVP_CTRL_GCM_SET_IVLEN, 12, NULL); ++ EVP_CIPHER_CTX_ctrl(m_ctx, EVP_CTRL_GCM_SET_TAG, 16, (void*)m_tagBuf.rawBuffer()); ++ EVP_CipherInit(m_ctx, NULL, m_keyBuf.rawBuffer(), iv, 0); + + } + #endif + else if (m_keyMode == MODE_ECB) { + +- EVP_DecryptInit_ex(&m_ctx, EVP_aes_256_ecb(), NULL, m_keyBuf.rawBuffer(), NULL); ++ EVP_DecryptInit_ex(m_ctx, EVP_aes_256_ecb(), NULL, m_keyBuf.rawBuffer(), NULL); + + } + else { +@@ -371,7 +372,7 @@ int OpenSSLCryptoSymmetricKey::decryptCt + // Disable OpenSSL padding - The interop samples have broken PKCS padding - AARGHH + + #if defined (XSEC_OPENSSL_CANSET_PADDING) +- EVP_CIPHER_CTX_set_padding(&m_ctx, 0); ++ EVP_CIPHER_CTX_set_padding(m_ctx, 0); + #endif + + // Return number of bytes chewed up by IV +@@ -439,9 +440,9 @@ unsigned int OpenSSLCryptoSymmetricKey:: + } + + #if defined (XSEC_OPENSSL_CONST_BUFFERS) +- if (EVP_DecryptUpdate(&m_ctx, &plainBuf[m_bytesInLastBlock], &outl, &inBuf[offset], inLength - offset) == 0) { ++ if (EVP_DecryptUpdate(m_ctx, &plainBuf[m_bytesInLastBlock], &outl, &inBuf[offset], inLength - offset) == 0) { + #else +- if (EVP_DecryptUpdate(&m_ctx, &plainBuf[m_bytesInLastBlock], &outl, (unsigned char *) &inBuf[offset], inLength - offset) == 0) { ++ if (EVP_DecryptUpdate(m_ctx, &plainBuf[m_bytesInLastBlock], &outl, (unsigned char *) &inBuf[offset], inLength - offset) == 0) { + #endif + throw XSECCryptoException(XSECCryptoException::SymmetricError, + "OpenSSL:SymmetricKey - Error during OpenSSL decrypt"); +@@ -476,7 +477,7 @@ unsigned int OpenSSLCryptoSymmetricKey:: + + #if defined (XSEC_OPENSSL_CANSET_PADDING) + +- if (EVP_DecryptFinal(&m_ctx, plainBuf, &outl) == 0) { ++ if (EVP_DecryptFinal(m_ctx, plainBuf, &outl) == 0) { + + throw XSECCryptoException(XSECCryptoException::SymmetricError, + "OpenSSL:SymmetricKey - Error during OpenSSL decrypt finalisation"); +@@ -544,7 +545,7 @@ unsigned int OpenSSLCryptoSymmetricKey:: + We can then clean that up ourselves + */ + +- if (EVP_DecryptUpdate(&m_ctx, &scrPlainBuf[offset], &outl, cipherBuf, m_blockSize) == 0) { ++ if (EVP_DecryptUpdate(m_ctx, &scrPlainBuf[offset], &outl, cipherBuf, m_blockSize) == 0) { + throw XSECCryptoException(XSECCryptoException::SymmetricError, + "OpenSSL:SymmetricKey - Error cecrypting final block during OpenSSL"); + } +@@ -641,16 +642,16 @@ bool OpenSSLCryptoSymmetricKey::encryptI + } + + #if defined (XSEC_OPENSSL_CONST_BUFFERS) +- EVP_EncryptInit(&m_ctx, EVP_des_ede3_cbc(), m_keyBuf.rawBuffer(), usedIV); ++ EVP_EncryptInit(m_ctx, EVP_des_ede3_cbc(), m_keyBuf.rawBuffer(), usedIV); + #else +- EVP_EncryptInit(&m_ctx, EVP_des_ede3_cbc(), (unsigned char *) m_keyBuf.rawBuffer(), (unsigned char *) usedIV); ++ EVP_EncryptInit(m_ctx, EVP_des_ede3_cbc(), (unsigned char *) m_keyBuf.rawBuffer(), (unsigned char *) usedIV); + #endif + } + else if (m_keyMode == MODE_ECB) { + #if defined (XSEC_OPENSSL_CONST_BUFFERS) +- EVP_EncryptInit(&m_ctx, EVP_des_ede3_ecb(), m_keyBuf.rawBuffer(), NULL); ++ EVP_EncryptInit(m_ctx, EVP_des_ede3_ecb(), m_keyBuf.rawBuffer(), NULL); + #else +- EVP_EncryptInit(&m_ctx, EVP_des_ede3(), (unsigned char *) m_keyBuf.rawBuffer(), NULL); ++ EVP_EncryptInit(m_ctx, EVP_des_ede3(), (unsigned char *) m_keyBuf.rawBuffer(), NULL); + #endif + } + else { +@@ -684,11 +685,11 @@ bool OpenSSLCryptoSymmetricKey::encryptI + else + usedIV = iv; + +- EVP_EncryptInit_ex(&m_ctx, EVP_aes_128_cbc(), NULL, m_keyBuf.rawBuffer(), usedIV); ++ EVP_EncryptInit_ex(m_ctx, EVP_aes_128_cbc(), NULL, m_keyBuf.rawBuffer(), usedIV); + } + else if (m_keyMode == MODE_ECB) { + +- EVP_EncryptInit_ex(&m_ctx, EVP_aes_128_ecb(), NULL, m_keyBuf.rawBuffer(), NULL); ++ EVP_EncryptInit_ex(m_ctx, EVP_aes_128_ecb(), NULL, m_keyBuf.rawBuffer(), NULL); + + } + #ifdef XSEC_OPENSSL_HAVE_GCM +@@ -708,7 +709,7 @@ bool OpenSSLCryptoSymmetricKey::encryptI + else + usedIV = iv; + +- EVP_EncryptInit_ex(&m_ctx, EVP_aes_128_gcm(), NULL, m_keyBuf.rawBuffer(), usedIV); ++ EVP_EncryptInit_ex(m_ctx, EVP_aes_128_gcm(), NULL, m_keyBuf.rawBuffer(), usedIV); + } + #endif + else { +@@ -739,7 +740,7 @@ bool OpenSSLCryptoSymmetricKey::encryptI + else + usedIV = iv; + +- EVP_EncryptInit_ex(&m_ctx, EVP_aes_192_cbc(), NULL, m_keyBuf.rawBuffer(), usedIV); ++ EVP_EncryptInit_ex(m_ctx, EVP_aes_192_cbc(), NULL, m_keyBuf.rawBuffer(), usedIV); + + } + #ifdef XSEC_OPENSSL_HAVE_GCM +@@ -759,12 +760,12 @@ bool OpenSSLCryptoSymmetricKey::encryptI + else + usedIV = iv; + +- EVP_EncryptInit_ex(&m_ctx, EVP_aes_192_gcm(), NULL, m_keyBuf.rawBuffer(), usedIV); ++ EVP_EncryptInit_ex(m_ctx, EVP_aes_192_gcm(), NULL, m_keyBuf.rawBuffer(), usedIV); + } + #endif + else if (m_keyMode == MODE_ECB) { + +- EVP_EncryptInit_ex(&m_ctx, EVP_aes_192_ecb(), NULL, m_keyBuf.rawBuffer(), NULL); ++ EVP_EncryptInit_ex(m_ctx, EVP_aes_192_ecb(), NULL, m_keyBuf.rawBuffer(), NULL); + } + else { + throw XSECCryptoException(XSECCryptoException::SymmetricError, +@@ -793,7 +794,7 @@ bool OpenSSLCryptoSymmetricKey::encryptI + else + usedIV = iv; + +- EVP_EncryptInit_ex(&m_ctx, EVP_aes_256_cbc(), NULL, m_keyBuf.rawBuffer(), usedIV); ++ EVP_EncryptInit_ex(m_ctx, EVP_aes_256_cbc(), NULL, m_keyBuf.rawBuffer(), usedIV); + + } + #ifdef XSEC_OPENSSL_HAVE_GCM +@@ -813,12 +814,12 @@ bool OpenSSLCryptoSymmetricKey::encryptI + else + usedIV = iv; + +- EVP_EncryptInit_ex(&m_ctx, EVP_aes_256_gcm(), NULL, m_keyBuf.rawBuffer(), usedIV); ++ EVP_EncryptInit_ex(m_ctx, EVP_aes_256_gcm(), NULL, m_keyBuf.rawBuffer(), usedIV); + } + #endif + else if (m_keyMode == MODE_ECB) { + +- EVP_EncryptInit_ex(&m_ctx, EVP_aes_256_ecb(), NULL, m_keyBuf.rawBuffer(), NULL); ++ EVP_EncryptInit_ex(m_ctx, EVP_aes_256_ecb(), NULL, m_keyBuf.rawBuffer(), NULL); + + } + else { +@@ -864,10 +865,10 @@ bool OpenSSLCryptoSymmetricKey::encryptI + #if defined (XSEC_OPENSSL_CANSET_PADDING) + // Setup padding + if (m_doPad) { +- EVP_CIPHER_CTX_set_padding(&m_ctx, 1); ++ EVP_CIPHER_CTX_set_padding(m_ctx, 1); + } + else { +- EVP_CIPHER_CTX_set_padding(&m_ctx, 0); ++ EVP_CIPHER_CTX_set_padding(m_ctx, 0); + } + #endif + +@@ -908,9 +909,9 @@ unsigned int OpenSSLCryptoSymmetricKey:: + + } + #if defined (XSEC_OPENSSL_CONST_BUFFERS) +- if (EVP_EncryptUpdate(&m_ctx, &cipherBuf[offset], &outl, inBuf, inLength) == 0) { ++ if (EVP_EncryptUpdate(m_ctx, &cipherBuf[offset], &outl, inBuf, inLength) == 0) { + #else +- if (EVP_EncryptUpdate(&m_ctx, &cipherBuf[offset], &outl, (unsigned char *) inBuf, inLength) == 0) { ++ if (EVP_EncryptUpdate(m_ctx, &cipherBuf[offset], &outl, (unsigned char *) inBuf, inLength) == 0) { + #endif + + throw XSECCryptoException(XSECCryptoException::SymmetricError, +@@ -929,7 +930,7 @@ unsigned int OpenSSLCryptoSymmetricKey:: + int outl = maxOutLength; + m_initialised = false; + +- if (EVP_EncryptFinal(&m_ctx, cipherBuf, &outl) == 0) { ++ if (EVP_EncryptFinal(m_ctx, cipherBuf, &outl) == 0) { + + throw XSECCryptoException(XSECCryptoException::SymmetricError, + "OpenSSLSymmetricKey::encryptFinish - Error during OpenSSL decrypt finalisation"); +@@ -962,7 +963,7 @@ unsigned int OpenSSLCryptoSymmetricKey:: + } + if (m_keyMode == MODE_GCM) { + #ifdef XSEC_OPENSSL_HAVE_GCM +- EVP_CIPHER_CTX_ctrl(&m_ctx, EVP_CTRL_GCM_GET_TAG, taglen, cipherBuf + outl); ++ EVP_CIPHER_CTX_ctrl(m_ctx, EVP_CTRL_GCM_GET_TAG, taglen, cipherBuf + outl); + outl += taglen; + #else + throw XSECCryptoException(XSECCryptoException::SymmetricError, diff --git a/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoSymmetricKey.hpp b/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoSymmetricKey.hpp new file mode 100644 index 00000000000..e66c9ac3679 --- /dev/null +++ b/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoSymmetricKey.hpp @@ -0,0 +1,29 @@ +$NetBSD: patch-xsec_enc_OpenSSL_OpenSSLCryptoSymmetricKey.hpp,v 1.1 2018/04/30 05:25:24 ryoon Exp $ + +--- xsec/enc/OpenSSL/OpenSSLCryptoSymmetricKey.hpp.orig 2012-07-23 16:56:11.000000000 +0000 ++++ xsec/enc/OpenSSL/OpenSSLCryptoSymmetricKey.hpp +@@ -283,13 +283,13 @@ public : + * \brief Get OpenSSL cipher context structure + */ + +- EVP_CIPHER_CTX * getOpenSSLEVP_CIPHER_CTX(void) {return &m_ctx;} ++ EVP_CIPHER_CTX * getOpenSSLEVP_CIPHER_CTX(void) {return m_ctx;} + + /** + * \brief Get OpenSSL cipher context structure + */ + +- const EVP_CIPHER_CTX * getOpenSSLEVP_CIPHER_CTX(void) const {return &m_ctx;} ++ const EVP_CIPHER_CTX * getOpenSSLEVP_CIPHER_CTX(void) const {return m_ctx;} + + //@} + +@@ -307,7 +307,7 @@ private: + // Private variables + SymmetricKeyType m_keyType; + SymmetricKeyMode m_keyMode; +- EVP_CIPHER_CTX m_ctx; // OpenSSL Cipher Context structure ++ EVP_CIPHER_CTX *m_ctx; // OpenSSL Cipher Context structure + safeBuffer m_keyBuf; // Holder of the key + safeBuffer m_tagBuf; // Holder of authentication tag + unsigned int m_keyLen; diff --git a/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoX509.cpp b/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoX509.cpp new file mode 100644 index 00000000000..4f2facfa9aa --- /dev/null +++ b/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoX509.cpp @@ -0,0 +1,22 @@ +$NetBSD: patch-xsec_enc_OpenSSL_OpenSSLCryptoX509.cpp,v 1.1 2018/04/30 05:25:24 ryoon Exp $ + +--- xsec/enc/OpenSSL/OpenSSLCryptoX509.cpp.orig 2012-07-23 16:56:11.000000000 +0000 ++++ xsec/enc/OpenSSL/OpenSSLCryptoX509.cpp +@@ -191,7 +191,7 @@ XSECCryptoKey::KeyType OpenSSLCryptoX509 + + XSECCryptoKey::KeyType ret; + +- switch (pkey->type) { ++ switch (EVP_PKEY_base_id(pkey)) { + + case EVP_PKEY_DSA : + +@@ -241,7 +241,7 @@ XSECCryptoKey * OpenSSLCryptoX509::clone + "OpenSSL:X509 - cannot retrieve public key from cert"); + } + +- switch (pkey->type) { ++ switch (EVP_PKEY_base_id(pkey)) { + + case EVP_PKEY_DSA : + diff --git a/security/xml-security-c/patches/patch-xsec_tools_checksig_InteropResolver.cpp b/security/xml-security-c/patches/patch-xsec_tools_checksig_InteropResolver.cpp index fb8529bb1ab..d82cb202c18 100644 --- a/security/xml-security-c/patches/patch-xsec_tools_checksig_InteropResolver.cpp +++ b/security/xml-security-c/patches/patch-xsec_tools_checksig_InteropResolver.cpp @@ -1,10 +1,56 @@ -$NetBSD: patch-xsec_tools_checksig_InteropResolver.cpp,v 1.1 2017/09/23 15:30:01 joerg Exp $ +$NetBSD: patch-xsec_tools_checksig_InteropResolver.cpp,v 1.2 2018/04/30 05:25:24 ryoon Exp $ false is a bad pointer value. ---- xsec/tools/checksig/InteropResolver.cpp.orig 2017-09-23 12:23:36.663288313 +0000 +--- xsec/tools/checksig/InteropResolver.cpp.orig 2018-04-10 03:53:05.001719015 +0000 +++ xsec/tools/checksig/InteropResolver.cpp -@@ -645,7 +645,7 @@ XSECCryptoKey * InteropResolver::resolve +@@ -318,7 +318,7 @@ bool InteropResolver::checkMatch(DSIGKey + char * cserial = XMLString::transcode(serial); + char * xserial; + +- BIGNUM * bnserial = ASN1_INTEGER_to_BN(x->cert_info->serialNumber, NULL); ++ BIGNUM * bnserial = ASN1_INTEGER_to_BN(X509_get0_serialNumber(x), NULL); + xserial = BN_bn2dec(bnserial); + BN_free(bnserial); + +@@ -360,8 +360,7 @@ bool InteropResolver::checkMatch(DSIGKey + if (xlen != 0) { + + // Have a buffer with a number in it +- STACK_OF(X509_EXTENSION) *exts; +- exts = x->cert_info->extensions; ++ const STACK_OF(X509_EXTENSION) *exts = X509_get0_extensions(x); + + if (exts != NULL) { + +@@ -379,8 +378,8 @@ bool InteropResolver::checkMatch(DSIGKey + memcpy(&octxski[2], xski, xlen); + + ext = sk_X509_EXTENSION_value(exts,extn); +- ASN1_OCTET_STRING *skid = ext->value; +- ASN1_OCTET_STRING * xskid = M_ASN1_OCTET_STRING_new(); ++ ASN1_OCTET_STRING *skid = X509_EXTENSION_get_data(ext); ++ ASN1_OCTET_STRING * xskid = ASN1_OCTET_STRING_new(); + ASN1_STRING_set(xskid, octxski, xlen+2); + + if (ASN1_OCTET_STRING_cmp(xskid, skid) == 0) { +@@ -602,12 +601,12 @@ XSECCryptoKey * InteropResolver::resolve + // Now check if the cert is in the CRL (code lifted from OpenSSL x509_vfy.c + + int idx; +- X509_REVOKED rtmp; ++ X509_REVOKED *rtmp = X509_REVOKED_new(); + + /* Look for serial number of certificate in CRL */ + +- rtmp.serialNumber = X509_get_serialNumber(x); +- idx = sk_X509_REVOKED_find(c->crl->revoked, &rtmp); ++ X509_REVOKED_set_serialNumber(rtmp, X509_get_serialNumber(x)); ++ idx = sk_X509_REVOKED_find(X509_CRL_get_REVOKED(c), rtmp); + + /* Not found: OK */ + +@@ -645,7 +644,7 @@ XSECCryptoKey * InteropResolver::resolve } diff --git a/security/xml-security-c/patches/patch-xsec_tools_cipher_XencInteropResolver.cpp b/security/xml-security-c/patches/patch-xsec_tools_cipher_XencInteropResolver.cpp new file mode 100644 index 00000000000..374f0a671b3 --- /dev/null +++ b/security/xml-security-c/patches/patch-xsec_tools_cipher_XencInteropResolver.cpp @@ -0,0 +1,13 @@ +$NetBSD: patch-xsec_tools_cipher_XencInteropResolver.cpp,v 1.1 2018/04/30 05:25:24 ryoon Exp $ + +--- xsec/tools/cipher/XencInteropResolver.cpp.orig 2012-07-23 16:56:10.000000000 +0000 ++++ xsec/tools/cipher/XencInteropResolver.cpp +@@ -521,7 +521,7 @@ XSECCryptoKey * XencInteropResolver::res + X509 * x509 = OSSLX509->getOpenSSLX509(); + + // Check the serial number +- BIGNUM * bnserial = ASN1_INTEGER_to_BN(x509->cert_info->serialNumber, NULL); ++ BIGNUM * bnserial = ASN1_INTEGER_to_BN(X509_get0_serialNumber(x509), NULL); + BN_free(bnserial); + + BIO * rsaFile = createFileBIO(mp_baseURI, "rsa.p8"); diff --git a/security/xml-security-c/patches/patch-xsec_tools_cipher_cipher.cpp b/security/xml-security-c/patches/patch-xsec_tools_cipher_cipher.cpp new file mode 100644 index 00000000000..a312632cb73 --- /dev/null +++ b/security/xml-security-c/patches/patch-xsec_tools_cipher_cipher.cpp @@ -0,0 +1,13 @@ +$NetBSD: patch-xsec_tools_cipher_cipher.cpp,v 1.1 2018/04/30 05:25:24 ryoon Exp $ + +--- xsec/tools/cipher/cipher.cpp.orig 2015-01-30 03:55:09.000000000 +0000 ++++ xsec/tools/cipher/cipher.cpp +@@ -517,7 +517,7 @@ int evaluate(int argc, char ** argv) { + + pkey = X509_get_pubkey(x); + +- if (pkey == NULL || pkey->type != EVP_PKEY_RSA) { ++ if (pkey == NULL || EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA) { + cerr << "Error extracting RSA key from certificate" << endl; + } + diff --git a/security/xml-security-c/patches/patch-xsec_tools_templatesign_templatesign.cpp b/security/xml-security-c/patches/patch-xsec_tools_templatesign_templatesign.cpp new file mode 100644 index 00000000000..a8de4ebf26d --- /dev/null +++ b/security/xml-security-c/patches/patch-xsec_tools_templatesign_templatesign.cpp @@ -0,0 +1,31 @@ +$NetBSD: patch-xsec_tools_templatesign_templatesign.cpp,v 1.1 2018/04/30 05:25:24 ryoon Exp $ + +--- xsec/tools/templatesign/templatesign.cpp.orig 2015-01-30 03:55:09.000000000 +0000 ++++ xsec/tools/templatesign/templatesign.cpp +@@ -726,7 +726,7 @@ int main(int argc, char **argv) { + + // Check type is correct + +- if (pkey->type != EVP_PKEY_DSA) { ++ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_DSA) { + cerr << "DSA Key requested, but OpenSSL loaded something else\n"; + exit (1); + } +@@ -739,7 +739,7 @@ int main(int argc, char **argv) { + + // Check type is correct + +- if (pkey->type != EVP_PKEY_EC) { ++ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_EC) { + cerr << "EC Key requested, but OpenSSL loaded something else\n"; + exit (1); + } +@@ -749,7 +749,7 @@ int main(int argc, char **argv) { + } + # endif + else { +- if (pkey->type != EVP_PKEY_RSA) { ++ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA) { + cerr << "RSA Key requested, but OpenSSL loaded something else\n"; + exit (1); + } diff --git a/security/xml-security-c/patches/patch-xsec_tools_xklient_xklient.cpp b/security/xml-security-c/patches/patch-xsec_tools_xklient_xklient.cpp new file mode 100644 index 00000000000..61602d2e60a --- /dev/null +++ b/security/xml-security-c/patches/patch-xsec_tools_xklient_xklient.cpp @@ -0,0 +1,557 @@ +$NetBSD: patch-xsec_tools_xklient_xklient.cpp,v 1.1 2018/04/30 05:25:24 ryoon Exp $ + +--- xsec/tools/xklient/xklient.cpp.orig 2012-07-23 16:56:10.000000000 +0000 ++++ xsec/tools/xklient/xklient.cpp +@@ -284,7 +284,7 @@ XSECCryptoX509 * loadX509(const char * i + + #if defined (XSEC_HAVE_OPENSSL) + +-XMLCh * BN2b64(BIGNUM * bn) { ++XMLCh * BN2b64(const BIGNUM * bn) { + + int bytes = BN_num_bytes(bn); + unsigned char * binbuf = new unsigned char[bytes + 1]; +@@ -606,7 +606,7 @@ XKMSMessageAbstractType * createLocateRe + + // Check type is correct + +- if (pkey->type != EVP_PKEY_DSA) { ++ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_DSA) { + cerr << "DSA Key requested, but OpenSSL loaded something else\n"; + return NULL; + } +@@ -615,10 +615,14 @@ XKMSMessageAbstractType * createLocateRe + // Create the XSEC OpenSSL interface + key = new OpenSSLCryptoKeyDSA(pkey); + +- XMLCh * P = BN2b64(pkey->pkey.dsa->p); +- XMLCh * Q = BN2b64(pkey->pkey.dsa->q); +- XMLCh * G = BN2b64(pkey->pkey.dsa->g); +- XMLCh * Y = BN2b64(pkey->pkey.dsa->pub_key); ++ DSA *dsa = EVP_PKEY_get0_DSA(pkey); ++ const BIGNUM *p, *q, *g, *pub_key; ++ DSA_get0_pqg(dsa, &p, &q, &g); ++ DSA_get0_key(dsa, &pub_key, 0); ++ XMLCh * P = BN2b64(p); ++ XMLCh * Q = BN2b64(q); ++ XMLCh * G = BN2b64(g); ++ XMLCh * Y = BN2b64(pub_key); + + sig->appendDSAKeyValue(P,Q,G,Y); + +@@ -628,15 +632,18 @@ XKMSMessageAbstractType * createLocateRe + XSEC_RELEASE_XMLCH(Y); + } + else { +- if (pkey->type != EVP_PKEY_RSA) { ++ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA) { + cerr << "RSA Key requested, but OpenSSL loaded something else\n"; + exit (1); + } + sig = lr->addSignature(CANON_C14N_NOC, SIGNATURE_RSA, HASH_SHA1); + key = new OpenSSLCryptoKeyRSA(pkey); + +- XMLCh * mod = BN2b64(pkey->pkey.rsa->n); +- XMLCh * exp = BN2b64(pkey->pkey.rsa->e); ++ RSA *rsa = EVP_PKEY_get0_RSA(pkey); ++ const BIGNUM *n, *e; ++ RSA_get0_key(rsa, &n, &e, 0); ++ XMLCh * mod = BN2b64(n); ++ XMLCh * exp = BN2b64(e); + sig->appendRSAKeyValue(mod, exp); + XSEC_RELEASE_XMLCH(mod); + XSEC_RELEASE_XMLCH(exp); +@@ -878,7 +885,7 @@ XKMSMessageAbstractType * createValidate + + // Check type is correct + +- if (pkey->type != EVP_PKEY_DSA) { ++ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_DSA) { + cerr << "DSA Key requested, but OpenSSL loaded something else\n"; + return NULL; + } +@@ -887,10 +894,14 @@ XKMSMessageAbstractType * createValidate + // Create the XSEC OpenSSL interface + key = new OpenSSLCryptoKeyDSA(pkey); + +- XMLCh * P = BN2b64(pkey->pkey.dsa->p); +- XMLCh * Q = BN2b64(pkey->pkey.dsa->q); +- XMLCh * G = BN2b64(pkey->pkey.dsa->g); +- XMLCh * Y = BN2b64(pkey->pkey.dsa->pub_key); ++ DSA *dsa = EVP_PKEY_get0_DSA(pkey); ++ const BIGNUM *p, *q, *g, *pub_key; ++ DSA_get0_pqg(dsa, &p, &q, &g); ++ DSA_get0_key(dsa, &pub_key, 0); ++ XMLCh * P = BN2b64(p); ++ XMLCh * Q = BN2b64(q); ++ XMLCh * G = BN2b64(g); ++ XMLCh * Y = BN2b64(pub_key); + + sig->appendDSAKeyValue(P,Q,G,Y); + +@@ -900,15 +911,18 @@ XKMSMessageAbstractType * createValidate + XSEC_RELEASE_XMLCH(Y); + } + else { +- if (pkey->type != EVP_PKEY_RSA) { ++ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA) { + cerr << "RSA Key requested, but OpenSSL loaded something else\n"; + exit (1); + } + sig = vr->addSignature(CANON_C14N_NOC, SIGNATURE_RSA, HASH_SHA1); + key = new OpenSSLCryptoKeyRSA(pkey); + +- XMLCh * mod = BN2b64(pkey->pkey.rsa->n); +- XMLCh * exp = BN2b64(pkey->pkey.rsa->e); ++ RSA *rsa = EVP_PKEY_get0_RSA(pkey); ++ const BIGNUM *n, *e; ++ RSA_get0_key(rsa, &n, &e, 0); ++ XMLCh * mod = BN2b64(n); ++ XMLCh * exp = BN2b64(e); + sig->appendRSAKeyValue(mod, exp); + XSEC_RELEASE_XMLCH(mod); + XSEC_RELEASE_XMLCH(exp); +@@ -1229,7 +1243,7 @@ XKMSMessageAbstractType * createRegister + + // Check type is correct + +- if (pkey->type != EVP_PKEY_DSA) { ++ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_DSA) { + cerr << "DSA Key requested, but OpenSSL loaded something else\n"; + return NULL; + } +@@ -1238,10 +1252,14 @@ XKMSMessageAbstractType * createRegister + // Create the XSEC OpenSSL interface + key = new OpenSSLCryptoKeyDSA(pkey); + +- XMLCh * P = BN2b64(pkey->pkey.dsa->p); +- XMLCh * Q = BN2b64(pkey->pkey.dsa->q); +- XMLCh * G = BN2b64(pkey->pkey.dsa->g); +- XMLCh * Y = BN2b64(pkey->pkey.dsa->pub_key); ++ DSA *dsa = EVP_PKEY_get0_DSA(pkey); ++ const BIGNUM *p, *q, *g, *pub_key; ++ DSA_get0_pqg(dsa, &p, &q, &g); ++ DSA_get0_key(dsa, &pub_key, 0); ++ XMLCh * P = BN2b64(p); ++ XMLCh * Q = BN2b64(q); ++ XMLCh * G = BN2b64(g); ++ XMLCh * Y = BN2b64(pub_key); + + sig->appendDSAKeyValue(P,Q,G,Y); + +@@ -1251,15 +1269,18 @@ XKMSMessageAbstractType * createRegister + XSEC_RELEASE_XMLCH(Y); + } + else { +- if (pkey->type != EVP_PKEY_RSA) { ++ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA) { + cerr << "RSA Key requested, but OpenSSL loaded something else\n"; + exit (1); + } + sig = rr->addSignature(CANON_C14N_NOC, SIGNATURE_RSA, HASH_SHA1); + key = new OpenSSLCryptoKeyRSA(pkey); + +- XMLCh * mod = BN2b64(pkey->pkey.rsa->n); +- XMLCh * exp = BN2b64(pkey->pkey.rsa->e); ++ RSA *rsa = EVP_PKEY_get0_RSA(pkey); ++ const BIGNUM *n, *e; ++ RSA_get0_key(rsa, &n, &e, 0); ++ XMLCh * mod = BN2b64(n); ++ XMLCh * exp = BN2b64(e); + sig->appendRSAKeyValue(mod, exp); + XSEC_RELEASE_XMLCH(mod); + XSEC_RELEASE_XMLCH(exp); +@@ -1326,7 +1347,7 @@ XKMSMessageAbstractType * createRegister + + // Check type is correct + +- if (pkey->type != EVP_PKEY_DSA) { ++ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_DSA) { + cerr << "DSA Key requested, but OpenSSL loaded something else\n"; + return NULL; + } +@@ -1334,10 +1355,14 @@ XKMSMessageAbstractType * createRegister + proofOfPossessionKey = new OpenSSLCryptoKeyDSA(pkey); + proofOfPossessionSm = SIGNATURE_DSA; + +- XMLCh * P = BN2b64(pkey->pkey.dsa->p); +- XMLCh * Q = BN2b64(pkey->pkey.dsa->q); +- XMLCh * G = BN2b64(pkey->pkey.dsa->g); +- XMLCh * Y = BN2b64(pkey->pkey.dsa->pub_key); ++ DSA *dsa = EVP_PKEY_get0_DSA(pkey); ++ const BIGNUM *p, *q, *g, *pub_key; ++ DSA_get0_pqg(dsa, &p, &q, &g); ++ DSA_get0_key(dsa, &pub_key, 0); ++ XMLCh * P = BN2b64(p); ++ XMLCh * Q = BN2b64(q); ++ XMLCh * G = BN2b64(g); ++ XMLCh * Y = BN2b64(pub_key); + + pkb->appendDSAKeyValue(P,Q,G,Y); + +@@ -1347,7 +1372,7 @@ XKMSMessageAbstractType * createRegister + XSEC_RELEASE_XMLCH(Y); + } + else { +- if (pkey->type != EVP_PKEY_RSA) { ++ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA) { + cerr << "RSA Key requested, but OpenSSL loaded something else\n"; + exit (1); + } +@@ -1355,8 +1380,11 @@ XKMSMessageAbstractType * createRegister + proofOfPossessionKey = new OpenSSLCryptoKeyRSA(pkey); + proofOfPossessionSm = SIGNATURE_RSA; + +- XMLCh * mod = BN2b64(pkey->pkey.rsa->n); +- XMLCh * exp = BN2b64(pkey->pkey.rsa->e); ++ RSA *rsa = EVP_PKEY_get0_RSA(pkey); ++ const BIGNUM *n, *e; ++ RSA_get0_key(rsa, &n, &e, 0); ++ XMLCh * mod = BN2b64(n); ++ XMLCh * exp = BN2b64(e); + pkb->appendRSAKeyValue(mod, exp); + XSEC_RELEASE_XMLCH(mod); + XSEC_RELEASE_XMLCH(exp); +@@ -1622,7 +1650,7 @@ XKMSMessageAbstractType * createRevokeRe + + // Check type is correct + +- if (pkey->type != EVP_PKEY_DSA) { ++ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_DSA) { + cerr << "DSA Key requested, but OpenSSL loaded something else\n"; + return NULL; + } +@@ -1631,10 +1659,14 @@ XKMSMessageAbstractType * createRevokeRe + // Create the XSEC OpenSSL interface + key = new OpenSSLCryptoKeyDSA(pkey); + +- XMLCh * P = BN2b64(pkey->pkey.dsa->p); +- XMLCh * Q = BN2b64(pkey->pkey.dsa->q); +- XMLCh * G = BN2b64(pkey->pkey.dsa->g); +- XMLCh * Y = BN2b64(pkey->pkey.dsa->pub_key); ++ DSA *dsa = EVP_PKEY_get0_DSA(pkey); ++ const BIGNUM *p, *q, *g, *pub_key; ++ DSA_get0_pqg(dsa, &p, &q, &g); ++ DSA_get0_key(dsa, &pub_key, 0); ++ XMLCh * P = BN2b64(p); ++ XMLCh * Q = BN2b64(q); ++ XMLCh * G = BN2b64(g); ++ XMLCh * Y = BN2b64(pub_key); + + sig->appendDSAKeyValue(P,Q,G,Y); + +@@ -1644,15 +1676,18 @@ XKMSMessageAbstractType * createRevokeRe + XSEC_RELEASE_XMLCH(Y); + } + else { +- if (pkey->type != EVP_PKEY_RSA) { ++ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA) { + cerr << "RSA Key requested, but OpenSSL loaded something else\n"; + exit (1); + } + sig = rr->addSignature(CANON_C14N_NOC, SIGNATURE_RSA, HASH_SHA1); + key = new OpenSSLCryptoKeyRSA(pkey); + +- XMLCh * mod = BN2b64(pkey->pkey.rsa->n); +- XMLCh * exp = BN2b64(pkey->pkey.rsa->e); ++ RSA *rsa = EVP_PKEY_get0_RSA(pkey); ++ const BIGNUM *n, *e; ++ RSA_get0_key(rsa, &n, &e, 0); ++ XMLCh * mod = BN2b64(n); ++ XMLCh * exp = BN2b64(e); + sig->appendRSAKeyValue(mod, exp); + XSEC_RELEASE_XMLCH(mod); + XSEC_RELEASE_XMLCH(exp); +@@ -1719,15 +1754,19 @@ XKMSMessageAbstractType * createRevokeRe + + // Check type is correct + +- if (pkey->type != EVP_PKEY_DSA) { ++ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_DSA) { + cerr << "DSA Key requested, but OpenSSL loaded something else\n"; + return NULL; + } + +- XMLCh * P = BN2b64(pkey->pkey.dsa->p); +- XMLCh * Q = BN2b64(pkey->pkey.dsa->q); +- XMLCh * G = BN2b64(pkey->pkey.dsa->g); +- XMLCh * Y = BN2b64(pkey->pkey.dsa->pub_key); ++ DSA *dsa = EVP_PKEY_get0_DSA(pkey); ++ const BIGNUM *p, *q, *g, *pub_key; ++ DSA_get0_pqg(dsa, &p, &q, &g); ++ DSA_get0_key(dsa, &pub_key, 0); ++ XMLCh * P = BN2b64(p); ++ XMLCh * Q = BN2b64(q); ++ XMLCh * G = BN2b64(g); ++ XMLCh * Y = BN2b64(pub_key); + + rkb->appendDSAKeyValue(P,Q,G,Y); + +@@ -1737,13 +1776,16 @@ XKMSMessageAbstractType * createRevokeRe + XSEC_RELEASE_XMLCH(Y); + } + else { +- if (pkey->type != EVP_PKEY_RSA) { ++ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA) { + cerr << "RSA Key requested, but OpenSSL loaded something else\n"; + exit (1); + } + +- XMLCh * mod = BN2b64(pkey->pkey.rsa->n); +- XMLCh * exp = BN2b64(pkey->pkey.rsa->e); ++ RSA *rsa = EVP_PKEY_get0_RSA(pkey); ++ const BIGNUM *n, *e; ++ RSA_get0_key(rsa, &n, &e, 0); ++ XMLCh * mod = BN2b64(n); ++ XMLCh * exp = BN2b64(e); + rkb->appendRSAKeyValue(mod, exp); + XSEC_RELEASE_XMLCH(mod); + XSEC_RELEASE_XMLCH(exp); +@@ -1977,7 +2019,7 @@ XKMSMessageAbstractType * createReissueR + + // Check type is correct + +- if (pkey->type != EVP_PKEY_DSA) { ++ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_DSA) { + cerr << "DSA Key requested, but OpenSSL loaded something else\n"; + return NULL; + } +@@ -1986,10 +2028,14 @@ XKMSMessageAbstractType * createReissueR + // Create the XSEC OpenSSL interface + key = new OpenSSLCryptoKeyDSA(pkey); + +- XMLCh * P = BN2b64(pkey->pkey.dsa->p); +- XMLCh * Q = BN2b64(pkey->pkey.dsa->q); +- XMLCh * G = BN2b64(pkey->pkey.dsa->g); +- XMLCh * Y = BN2b64(pkey->pkey.dsa->pub_key); ++ DSA *dsa = EVP_PKEY_get0_DSA(pkey); ++ const BIGNUM *p, *q, *g, *pub_key; ++ DSA_get0_pqg(dsa, &p, &q, &g); ++ DSA_get0_key(dsa, &pub_key, 0); ++ XMLCh * P = BN2b64(p); ++ XMLCh * Q = BN2b64(q); ++ XMLCh * G = BN2b64(g); ++ XMLCh * Y = BN2b64(pub_key); + + sig->appendDSAKeyValue(P,Q,G,Y); + +@@ -1999,15 +2045,18 @@ XKMSMessageAbstractType * createReissueR + XSEC_RELEASE_XMLCH(Y); + } + else { +- if (pkey->type != EVP_PKEY_RSA) { ++ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA) { + cerr << "RSA Key requested, but OpenSSL loaded something else\n"; + exit (1); + } + sig = rr->addSignature(CANON_C14N_NOC, SIGNATURE_RSA, HASH_SHA1); + key = new OpenSSLCryptoKeyRSA(pkey); + +- XMLCh * mod = BN2b64(pkey->pkey.rsa->n); +- XMLCh * exp = BN2b64(pkey->pkey.rsa->e); ++ RSA *rsa = EVP_PKEY_get0_RSA(pkey); ++ const BIGNUM *n, *e; ++ RSA_get0_key(rsa, &n, &e, 0); ++ XMLCh * mod = BN2b64(n); ++ XMLCh * exp = BN2b64(e); + sig->appendRSAKeyValue(mod, exp); + XSEC_RELEASE_XMLCH(mod); + XSEC_RELEASE_XMLCH(exp); +@@ -2074,7 +2123,7 @@ XKMSMessageAbstractType * createReissueR + + // Check type is correct + +- if (pkey->type != EVP_PKEY_DSA) { ++ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_DSA) { + cerr << "DSA Key requested, but OpenSSL loaded something else\n"; + return NULL; + } +@@ -2082,10 +2131,14 @@ XKMSMessageAbstractType * createReissueR + proofOfPossessionKey = new OpenSSLCryptoKeyDSA(pkey); + proofOfPossessionSm = SIGNATURE_DSA; + +- XMLCh * P = BN2b64(pkey->pkey.dsa->p); +- XMLCh * Q = BN2b64(pkey->pkey.dsa->q); +- XMLCh * G = BN2b64(pkey->pkey.dsa->g); +- XMLCh * Y = BN2b64(pkey->pkey.dsa->pub_key); ++ DSA *dsa = EVP_PKEY_get0_DSA(pkey); ++ const BIGNUM *p, *q, *g, *pub_key; ++ DSA_get0_pqg(dsa, &p, &q, &g); ++ DSA_get0_key(dsa, &pub_key, 0); ++ XMLCh * P = BN2b64(p); ++ XMLCh * Q = BN2b64(q); ++ XMLCh * G = BN2b64(g); ++ XMLCh * Y = BN2b64(pub_key); + + pkb->appendDSAKeyValue(P,Q,G,Y); + +@@ -2095,7 +2148,7 @@ XKMSMessageAbstractType * createReissueR + XSEC_RELEASE_XMLCH(Y); + } + else { +- if (pkey->type != EVP_PKEY_RSA) { ++ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA) { + cerr << "RSA Key requested, but OpenSSL loaded something else\n"; + exit (1); + } +@@ -2103,8 +2156,11 @@ XKMSMessageAbstractType * createReissueR + proofOfPossessionKey = new OpenSSLCryptoKeyRSA(pkey); + proofOfPossessionSm = SIGNATURE_RSA; + +- XMLCh * mod = BN2b64(pkey->pkey.rsa->n); +- XMLCh * exp = BN2b64(pkey->pkey.rsa->e); ++ RSA *rsa = EVP_PKEY_get0_RSA(pkey); ++ const BIGNUM *n, *e; ++ RSA_get0_key(rsa, &n, &e, 0); ++ XMLCh * mod = BN2b64(n); ++ XMLCh * exp = BN2b64(e); + pkb->appendRSAKeyValue(mod, exp); + XSEC_RELEASE_XMLCH(mod); + XSEC_RELEASE_XMLCH(exp); +@@ -2371,7 +2427,7 @@ XKMSMessageAbstractType * createRecoverR + + // Check type is correct + +- if (pkey->type != EVP_PKEY_DSA) { ++ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_DSA) { + cerr << "DSA Key requested, but OpenSSL loaded something else\n"; + return NULL; + } +@@ -2380,10 +2436,14 @@ XKMSMessageAbstractType * createRecoverR + // Create the XSEC OpenSSL interface + key = new OpenSSLCryptoKeyDSA(pkey); + +- XMLCh * P = BN2b64(pkey->pkey.dsa->p); +- XMLCh * Q = BN2b64(pkey->pkey.dsa->q); +- XMLCh * G = BN2b64(pkey->pkey.dsa->g); +- XMLCh * Y = BN2b64(pkey->pkey.dsa->pub_key); ++ DSA *dsa = EVP_PKEY_get0_DSA(pkey); ++ const BIGNUM *p, *q, *g, *pub_key; ++ DSA_get0_pqg(dsa, &p, &q, &g); ++ DSA_get0_key(dsa, &pub_key, 0); ++ XMLCh * P = BN2b64(p); ++ XMLCh * Q = BN2b64(q); ++ XMLCh * G = BN2b64(g); ++ XMLCh * Y = BN2b64(pub_key); + + sig->appendDSAKeyValue(P,Q,G,Y); + +@@ -2393,15 +2453,18 @@ XKMSMessageAbstractType * createRecoverR + XSEC_RELEASE_XMLCH(Y); + } + else { +- if (pkey->type != EVP_PKEY_RSA) { ++ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA) { + cerr << "RSA Key requested, but OpenSSL loaded something else\n"; + exit (1); + } + sig = rr->addSignature(CANON_C14N_NOC, SIGNATURE_RSA, HASH_SHA1); + key = new OpenSSLCryptoKeyRSA(pkey); + +- XMLCh * mod = BN2b64(pkey->pkey.rsa->n); +- XMLCh * exp = BN2b64(pkey->pkey.rsa->e); ++ RSA *rsa = EVP_PKEY_get0_RSA(pkey); ++ const BIGNUM *n, *e; ++ RSA_get0_key(rsa, &n, &e, 0); ++ XMLCh * mod = BN2b64(n); ++ XMLCh * exp = BN2b64(e); + sig->appendRSAKeyValue(mod, exp); + XSEC_RELEASE_XMLCH(mod); + XSEC_RELEASE_XMLCH(exp); +@@ -2468,15 +2531,19 @@ XKMSMessageAbstractType * createRecoverR + + // Check type is correct + +- if (pkey->type != EVP_PKEY_DSA) { ++ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_DSA) { + cerr << "DSA Key requested, but OpenSSL loaded something else\n"; + return NULL; + } + +- XMLCh * P = BN2b64(pkey->pkey.dsa->p); +- XMLCh * Q = BN2b64(pkey->pkey.dsa->q); +- XMLCh * G = BN2b64(pkey->pkey.dsa->g); +- XMLCh * Y = BN2b64(pkey->pkey.dsa->pub_key); ++ DSA *dsa = EVP_PKEY_get0_DSA(pkey); ++ const BIGNUM *p, *q, *g, *pub_key; ++ DSA_get0_pqg(dsa, &p, &q, &g); ++ DSA_get0_key(dsa, &pub_key, 0); ++ XMLCh * P = BN2b64(p); ++ XMLCh * Q = BN2b64(q); ++ XMLCh * G = BN2b64(g); ++ XMLCh * Y = BN2b64(pub_key); + + rkb->appendDSAKeyValue(P,Q,G,Y); + +@@ -2486,13 +2553,16 @@ XKMSMessageAbstractType * createRecoverR + XSEC_RELEASE_XMLCH(Y); + } + else { +- if (pkey->type != EVP_PKEY_RSA) { ++ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA) { + cerr << "RSA Key requested, but OpenSSL loaded something else\n"; + exit (1); + } + +- XMLCh * mod = BN2b64(pkey->pkey.rsa->n); +- XMLCh * exp = BN2b64(pkey->pkey.rsa->e); ++ RSA *rsa = EVP_PKEY_get0_RSA(pkey); ++ const BIGNUM *n, *e; ++ RSA_get0_key(rsa, &n, &e, 0); ++ XMLCh * mod = BN2b64(n); ++ XMLCh * exp = BN2b64(e); + rkb->appendRSAKeyValue(mod, exp); + XSEC_RELEASE_XMLCH(mod); + XSEC_RELEASE_XMLCH(exp); +@@ -3251,14 +3321,17 @@ int doRegisterResultDump(XKMSRegisterRes + + // Create the RSA key file + RSA * rsa = RSA_new(); +- rsa->n = OpenSSLCryptoBase64::b642BN(sModulus, (unsigned int) strlen(sModulus)); +- rsa->e = OpenSSLCryptoBase64::b642BN(sExponent, (unsigned int) strlen(sExponent)); +- rsa->d = OpenSSLCryptoBase64::b642BN(sD, (unsigned int) strlen(sD)); +- rsa->p = OpenSSLCryptoBase64::b642BN(sP, (unsigned int) strlen(sP)); +- rsa->q = OpenSSLCryptoBase64::b642BN(sQ, (unsigned int) strlen(sQ)); +- rsa->dmp1 = OpenSSLCryptoBase64::b642BN(sDP, (unsigned int) strlen(sDP)); +- rsa->dmq1 = OpenSSLCryptoBase64::b642BN(sDQ, (unsigned int) strlen(sDQ)); +- rsa->iqmp = OpenSSLCryptoBase64::b642BN(sInverseQ, (unsigned int) strlen(sInverseQ)); ++ RSA_set0_key(rsa, ++ OpenSSLCryptoBase64::b642BN(sModulus, (unsigned int) strlen(sModulus)), ++ OpenSSLCryptoBase64::b642BN(sExponent, (unsigned int) strlen(sExponent)), ++ OpenSSLCryptoBase64::b642BN(sD, (unsigned int) strlen(sD))); ++ RSA_set0_factors(rsa, ++ OpenSSLCryptoBase64::b642BN(sP, (unsigned int) strlen(sP)), ++ OpenSSLCryptoBase64::b642BN(sQ, (unsigned int) strlen(sQ))); ++ RSA_set0_crt_params(rsa, ++ OpenSSLCryptoBase64::b642BN(sDP, (unsigned int) strlen(sDP)), ++ OpenSSLCryptoBase64::b642BN(sDQ, (unsigned int) strlen(sDQ)), ++ OpenSSLCryptoBase64::b642BN(sInverseQ, (unsigned int) strlen(sInverseQ))); + + // Write it to disk + BIO *out; +@@ -3367,14 +3440,17 @@ int doRecoverResultDump(XKMSRecoverResul + + // Create the RSA key file + RSA * rsa = RSA_new(); +- rsa->n = OpenSSLCryptoBase64::b642BN(sModulus, (unsigned int) strlen(sModulus)); +- rsa->e = OpenSSLCryptoBase64::b642BN(sExponent, (unsigned int) strlen(sExponent)); +- rsa->d = OpenSSLCryptoBase64::b642BN(sD, (unsigned int) strlen(sD)); +- rsa->p = OpenSSLCryptoBase64::b642BN(sP, (unsigned int) strlen(sP)); +- rsa->q = OpenSSLCryptoBase64::b642BN(sQ, (unsigned int) strlen(sQ)); +- rsa->dmp1 = OpenSSLCryptoBase64::b642BN(sDP, (unsigned int) strlen(sDP)); +- rsa->dmq1 = OpenSSLCryptoBase64::b642BN(sDQ, (unsigned int) strlen(sDQ)); +- rsa->iqmp = OpenSSLCryptoBase64::b642BN(sInverseQ, (unsigned int) strlen(sInverseQ)); ++ RSA_set0_key(rsa, ++ OpenSSLCryptoBase64::b642BN(sModulus, (unsigned int) strlen(sModulus)), ++ OpenSSLCryptoBase64::b642BN(sExponent, (unsigned int) strlen(sExponent)), ++ OpenSSLCryptoBase64::b642BN(sD, (unsigned int) strlen(sD))); ++ RSA_set0_factors(rsa, ++ OpenSSLCryptoBase64::b642BN(sP, (unsigned int) strlen(sP)), ++ OpenSSLCryptoBase64::b642BN(sQ, (unsigned int) strlen(sQ))); ++ RSA_set0_crt_params(rsa, ++ OpenSSLCryptoBase64::b642BN(sDP, (unsigned int) strlen(sDP)), ++ OpenSSLCryptoBase64::b642BN(sDQ, (unsigned int) strlen(sDQ)), ++ OpenSSLCryptoBase64::b642BN(sInverseQ, (unsigned int) strlen(sInverseQ))); + + // Write it to disk + BIO *out; |