From 366ffe24b2a8906918399a0fc0631b464c276513 Mon Sep 17 00:00:00 2001 From: Tommy Yu Date: Fri, 3 Jan 2020 15:32:14 +1300 Subject: [PATCH] Include patch from Debian for openssl-1.1 - https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=828594 - https://github.com/openlink/virtuoso-opensource/pull/583 --- ...ensource-build-against-openssl-1.1.0.patch | 1553 +++++++++++++++++ .../virtuoso-server-6.1.6.ebuild | 2 +- .../virtuoso-server-6.1.8.ebuild | 1 + 3 files changed, 1555 insertions(+), 1 deletion(-) create mode 100644 dev-db/virtuoso-server/files/virtuoso-opensource-build-against-openssl-1.1.0.patch diff --git a/dev-db/virtuoso-server/files/virtuoso-opensource-build-against-openssl-1.1.0.patch b/dev-db/virtuoso-server/files/virtuoso-opensource-build-against-openssl-1.1.0.patch new file mode 100644 index 0000000..b4cfeb9 --- /dev/null +++ b/dev-db/virtuoso-server/files/virtuoso-opensource-build-against-openssl-1.1.0.patch @@ -0,0 +1,1553 @@ +From 58fa4e5de620b90fca7c2366a130ec73d0aee0f0 Mon Sep 17 00:00:00 2001 +From: Sebastian Andrzej Siewior +Date: Mon, 5 Sep 2016 10:49:54 +0000 +Subject: [PATCH] virtuoso-opensource: build against openssl 1.1.0 + +Signed-off-by: Sebastian Andrzej Siewior +--- + libsrc/Dk/Dkernel.c | 6 +- + libsrc/Wi/bif_crypto.c | 80 +++++++----- + libsrc/Wi/http.c | 2 +- + libsrc/Wi/xmlenc.c | 319 +++++++++++++++++++++++++++-------------------- + libsrc/Wi/xmlenc.h | 176 ++++++++++++++++++++++++-- + libsrc/Wi/xmlenc_algos.c | 132 +++++++++++--------- + libsrc/util/sslengine.c | 6 +- + 7 files changed, 485 insertions(+), 236 deletions(-) + +diff --git a/libsrc/Dk/Dkernel.c b/libsrc/Dk/Dkernel.c +index c8dfbf7..82c77cb 100644 +--- a/libsrc/Dk/Dkernel.c ++++ b/libsrc/Dk/Dkernel.c +@@ -4930,7 +4930,11 @@ ssl_server_init () + # if (OPENSSL_VERSION_NUMBER >= 0x00908000L) + SSL_library_init (); + # endif +- SSLeay_add_all_algorithms (); ++#if OPENSSL_VERSION_NUMBER < 0x10100000 ++ SSLeay_add_all_algorithms(); ++#else ++ OpenSSL_add_all_algorithms(); ++#endif + PKCS12_PBE_add (); /* stub */ + + #ifdef NO_THREAD +diff --git a/libsrc/Wi/bif_crypto.c b/libsrc/Wi/bif_crypto.c +index c759d11..23c676b 100644 +--- a/libsrc/Wi/bif_crypto.c ++++ b/libsrc/Wi/bif_crypto.c +@@ -181,21 +181,26 @@ box_hmac (caddr_t box, caddr_t key, int alg) + unsigned char temp[EVP_MAX_MD_SIZE]; + unsigned int size = 0; + caddr_t res = NULL; +- HMAC_CTX ctx; ++ HMAC_CTX *ctx; + const EVP_MD *md = EVP_sha1 (); + + if (alg == 1) + md = EVP_ripemd160 (); + +- HMAC_Init (&ctx, key, box_length (key) - DV_STRINGP (key) ? 1 : 0, md); +- box_hmac_1 (box, &ctx); +- HMAC_Final (&ctx, temp, &size); ++ ctx = HMAC_CTX_new(); ++ if (!ctx) ++ return res; ++ ++ HMAC_Init_ex (ctx, key, box_length (key) - DV_STRINGP (key) ? 1 : 0, md, NULL); ++ box_hmac_1 (box, ctx); ++ HMAC_Final (ctx, temp, &size); + if (size) + { + res = dk_alloc_box (size + 1, DV_SHORT_STRING); + memcpy (res, temp, size); + res[size] = 0; + } ++ HMAC_CTX_free(ctx); + return res; + } + +@@ -347,14 +352,12 @@ asn1_parse_to_xml (BIO * bp, unsigned char **pp, long length, int offset, int de + { + int ii; + +- opp = op; +- ii = d2i_ASN1_BOOLEAN (NULL, &opp, len + hl); +- if (ii < 0) ++ if (len + hl < 1) + { + if (BIO_write (bp, "Bad boolean\n", 12)) + goto end; + } +- BIO_printf (bp, "%d", ii); ++ BIO_printf (bp, "%d", p[0]); + } + else if (tag == V_ASN1_BMPSTRING) + { +@@ -415,7 +418,7 @@ asn1_parse_to_xml (BIO * bp, unsigned char **pp, long length, int offset, int de + } + if (os != NULL) + { +- M_ASN1_OCTET_STRING_free (os); ++ ASN1_STRING_free (os); + os = NULL; + } + } +@@ -448,7 +451,7 @@ asn1_parse_to_xml (BIO * bp, unsigned char **pp, long length, int offset, int de + if (BIO_write (bp, "BAD INTEGER", 11) <= 0) + goto end; + } +- M_ASN1_INTEGER_free (bs); ++ ASN1_STRING_free (bs); + } + else if (tag == V_ASN1_ENUMERATED) + { +@@ -479,7 +482,7 @@ asn1_parse_to_xml (BIO * bp, unsigned char **pp, long length, int offset, int de + if (BIO_write (bp, "BAD ENUMERATED", 11) <= 0) + goto end; + } +- M_ASN1_ENUMERATED_free (bs); ++ ASN1_STRING_free (bs); + } + else if (len > 0 && dump) + { +@@ -515,7 +518,7 @@ end: + if (o != NULL) + ASN1_OBJECT_free (o); + if (os != NULL) +- M_ASN1_OCTET_STRING_free (os); ++ ASN1_STRING_free (os); + *pp = p; + return (ret); + } +@@ -854,16 +857,18 @@ bif_smime_sign (caddr_t * qst, caddr_t * err_ret, state_slot_t ** args) + } + + certs = sk_X509_new_null (); ++#if HALP + if (store && store->objs) + { + for (inx = 0; inx < sk_X509_OBJECT_num (store->objs); inx++) + { + X509_OBJECT *obj = sk_X509_OBJECT_value (store->objs, inx); +- if (obj->type == X509_LU_X509) ++ if (X509_OBJECT_get_type(obj) == X509_LU_X509) + sk_X509_push (certs, X509_dup (obj->data.x509)); + } + + } ++#endif + if (store) + X509_STORE_free (store); + in_bio = BIO_new_mem_buf (msg, box_length (msg) - 1); +@@ -935,6 +940,7 @@ bif_smime_encrypt (caddr_t * qst, caddr_t * err_ret, state_slot_t ** args) + sqlr_new_error ("42000", "CR006", "No recipient certificates"); + + certs = sk_X509_new_null (); ++#if HALP + if (store && store->objs) + { + for (inx = 0; inx < sk_X509_OBJECT_num (store->objs); inx++) +@@ -944,6 +950,7 @@ bif_smime_encrypt (caddr_t * qst, caddr_t * err_ret, state_slot_t ** args) + sk_X509_push (certs, X509_dup (obj->data.x509)); + } + } ++#endif + if (store) + X509_STORE_free (store); + in_bio = BIO_new_mem_buf (msg, box_length (msg) - 1); +@@ -1111,7 +1118,7 @@ x509_certificate_verify_cb (int ok, X509_STORE_CTX * ctx) + char *opts = (char *) X509_STORE_CTX_get_app_data (ctx); + if (!ok && opts) + { +- switch (ctx->error) ++ switch (X509_STORE_CTX_get_error(ctx)) + { + case X509_V_ERR_CERT_HAS_EXPIRED: + if (strstr (opts, "expired")) +@@ -1208,7 +1215,7 @@ bif_x509_certificate_verify (caddr_t * qst, caddr_t * err_ret, state_slot_t ** a + if (!i) + { + const char *err_str; +- err_str = X509_verify_cert_error_string (csc->error); ++ err_str = X509_verify_cert_error_string (X509_STORE_CTX_get_error(csc)); + *err_ret = srv_make_new_error ("22023", "CR015", "X509 error: %s", err_str); + } + +@@ -1229,20 +1236,16 @@ err_ret: + #define VIRT_CERT_EXT "2.16.840.1.1113.1" + + static caddr_t +-BN_box (BIGNUM * x) ++BN_box (const BIGNUM *x) + { + size_t buf_len, n; + caddr_t buf; + buf_len = (size_t) BN_num_bytes (x); +- if (buf_len <= BN_BYTES) +- buf = box_num ((unsigned long) x->d[0]); +- else +- { +- buf = dk_alloc_box (buf_len, DV_BIN); +- n = BN_bn2bin (x, (unsigned char *) buf); +- if (n != buf_len) +- GPF_T; +- } ++ /* did not figure out where buf is free()ed */ ++ buf = dk_alloc_box (buf_len, DV_BIN); ++ n = BN_bn2bin (x, (unsigned char *) buf); ++ if (n != buf_len) ++ GPF_T; + return buf; + } + +@@ -1419,7 +1422,7 @@ bif_get_certificate_info (caddr_t * qst, caddr_t * err_ret, state_slot_t ** args + int i; + char tmp[1024]; + char *ext_oid = (char *) (BOX_ELEMENTS (args) > 4 ? bif_string_arg (qst, args, 4, "get_certificate_info") : VIRT_CERT_EXT); +- STACK_OF (X509_EXTENSION) * exts = cert->cert_info->extensions; ++ const STACK_OF (X509_EXTENSION) * exts = X509_get0_extensions(cert); + for (i = 0; i < sk_X509_EXTENSION_num (exts); i++) + { + X509_EXTENSION *ex = sk_X509_EXTENSION_value (exts, i); +@@ -1431,7 +1434,7 @@ bif_get_certificate_info (caddr_t * qst, caddr_t * err_ret, state_slot_t ** args + char *data_ptr; + BIO *mem = BIO_new (BIO_s_mem ()); + if (!X509V3_EXT_print (mem, ex, 0, 0)) +- M_ASN1_OCTET_STRING_print (mem, ex->value); ++ ASN1_STRING_print (mem, X509_EXTENSION_get_data(ex)); + len = BIO_get_mem_data (mem, &data_ptr); + if (len > 0 && data_ptr) + { +@@ -1458,18 +1461,23 @@ bif_get_certificate_info (caddr_t * qst, caddr_t * err_ret, state_slot_t ** args + if (k) + { + #ifdef EVP_PKEY_RSA +- if (k->type == EVP_PKEY_RSA) ++ if (EVP_PKEY_id(k) == EVP_PKEY_RSA) + { +- RSA *x = k->pkey.rsa; +- ret = list (3, box_dv_short_string ("RSAPublicKey"), BN_box (x->e), BN_box (x->n)); ++ const BIGNUM *n, *e; ++ ++ RSA_get0_key(EVP_PKEY_get0_RSA(k), &n, &e, NULL); ++ ++ ret = list (3, box_dv_short_string ("RSAPublicKey"), BN_box (e), BN_box (n)); + } + else + #endif + #ifdef EVP_PKEY_DSA +- if (k->type == EVP_PKEY_DSA) ++ if (EVP_PKEY_id(k) == EVP_PKEY_DSA) + { +- DSA *x = k->pkey.dsa; +- ret = list (2, box_dv_short_string ("DSAPublicKey"), BN_box (x->pub_key)); ++ const BIGNUM *pub_key; ++ ++ DSA_get0_key(EVP_PKEY_get0_DSA(k), &pub_key, NULL); ++ ret = list (2, box_dv_short_string ("DSAPublicKey"), BN_box (pub_key)); + } + else + #endif +@@ -1488,6 +1496,7 @@ bif_get_certificate_info (caddr_t * qst, caddr_t * err_ret, state_slot_t ** args + int n, i, len; + char *s, *data_ptr; + BIO *mem = BIO_new (BIO_s_mem ()); ++#if HALP + for (i = 0; NULL != subj && i < sk_X509_NAME_ENTRY_num(subj->entries); i++) + { + ne = sk_X509_NAME_ENTRY_value(subj->entries,i); +@@ -1503,9 +1512,10 @@ bif_get_certificate_info (caddr_t * qst, caddr_t * err_ret, state_slot_t ** args + break; + } + } ++#endif + if (ne_ret) + { +- ASN1_STRING_print (mem, ne_ret->value); ++ ASN1_STRING_print (mem, X509_NAME_ENTRY_get_data(ne_ret)); + len = BIO_get_mem_data (mem, &data_ptr); + if (len > 0 && data_ptr) + { +@@ -1526,6 +1536,7 @@ bif_get_certificate_info (caddr_t * qst, caddr_t * err_ret, state_slot_t ** args + dk_set_t set = NULL; + caddr_t val; + BIO *mem = BIO_new (BIO_s_mem ()); ++#if HALP + for (i = 0; NULL != subj && i < sk_X509_NAME_ENTRY_num(subj->entries); i++) + { + val = NULL; +@@ -1550,6 +1561,7 @@ bif_get_certificate_info (caddr_t * qst, caddr_t * err_ret, state_slot_t ** args + } + BIO_free (mem); + ret = list_to_array (dk_set_nreverse (set)); ++#endif + break; + } + default: +diff --git a/libsrc/Wi/http.c b/libsrc/Wi/http.c +index 9963c2c..56d62e8 100644 +--- a/libsrc/Wi/http.c ++++ b/libsrc/Wi/http.c +@@ -8356,7 +8356,7 @@ ssl_server_set_certificate (SSL_CTX* ssl_ctx, char * cert_name, char * key_name, + log_error ("SSL: The stored certificate '%s' can not be used as extra chain certificate", tok); + break; + } +- CRYPTO_add(&k->xek_x509->references, 1, CRYPTO_LOCK_X509); ++ X509_up_ref(k->xek_x509); + tok = strtok_r (NULL, ",", &tok_s); + } + dk_free_box (str); +diff --git a/libsrc/Wi/xmlenc.c b/libsrc/Wi/xmlenc.c +index 53101b1..32ac89a 100644 +--- a/libsrc/Wi/xmlenc.c ++++ b/libsrc/Wi/xmlenc.c +@@ -1202,36 +1202,45 @@ void xenc_key_remove (xenc_key_t * key, int lock) + } + + +-static void +-genrsa_cb(int p, int n, void *arg) +-{ +-#ifdef LINT +- p=n; +-#endif +-} +- + int + __xenc_key_rsa_init (char *name) + { + RSA *rsa = NULL; +- int num=1024; +- unsigned long f4=RSA_F4; ++ BIGNUM *bn = NULL; + int r; ++ + xenc_key_t * pkey = xenc_get_key_by_name (name, 1); + if (NULL == pkey) + SQLR_NEW_KEY_ERROR (name); + +- rsa=RSA_generate_key(num,f4,genrsa_cb,NULL); ++ rsa = RSA_new(); ++ if (!rsa) ++ goto out; ++ bn = BN_new(); ++ if (!bn) ++ goto out; ++ if (!BN_set_word(bn, RSA_F4)) ++ goto out; ++ ++ if (!RSA_generate_key_ex(rsa, 1024, bn, NULL)) ++ goto out; ++ + r = RSA_check_key(rsa); ++ if (r != 1) ++ goto out; + pkey->ki.rsa.pad = RSA_PKCS1_PADDING; +- if (rsa == NULL) +- { +- sqlr_new_error ("42000", "XENC06", +- "RSA parameters generation error"); +- } + pkey->xek_rsa = rsa; + pkey->xek_private_rsa = rsa; ++ BN_free(bn); + return 0; ++out: ++ if (bn) ++ BN_free(bn); ++ if (rsa) ++ RSA_free(rsa); ++ sqlr_new_error ("42000", "XENC06", ++ "RSA parameters generation error"); ++ return -1; + } + + +@@ -1423,19 +1432,19 @@ xenc_key_t * xenc_key_create_from_x509_cert (char * name, char * certificate, ch + + if (pkey) + { +- switch (EVP_PKEY_type (pkey->type)) ++ switch (EVP_PKEY_type (EVP_PKEY_id(pkey))) + { + case EVP_PKEY_DSA: + sign_algoname = DSIG_DSA_SHA1_ALGO; + enc_algoname = XENC_DSA_ALGO; +- dsa = pkey->pkey.dsa; +- private_dsa = private_key ? private_key->pkey.dsa : 0; ++ dsa = EVP_PKEY_get0_DSA(pkey); ++ private_dsa = private_key ? EVP_PKEY_get0_DSA(private_key) : 0; + break; + case EVP_PKEY_RSA: + sign_algoname = DSIG_RSA_SHA1_ALGO; + enc_algoname = XENC_RSA_ALGO; +- rsa = pkey->pkey.rsa; +- private_rsa = private_key ? private_key->pkey.rsa : 0; ++ rsa = EVP_PKEY_get0_RSA(pkey); ++ private_rsa = private_key ? EVP_PKEY_get0_RSA(private_key) : 0; + break; + default: + goto finish; +@@ -1484,13 +1493,6 @@ xenc_key_t * xenc_key_create_from_x509_cert (char * name, char * certificate, ch + return k; + } + +-static void dh_cb(int p, int n, void *arg) +-{ +-#ifdef LINT +- p=n; +-#endif +-} +- + static /*xenc_key_DSA_create */ + caddr_t bif_xenc_key_dsa_create (caddr_t * qst, caddr_t * err_r, state_slot_t ** args) + { +@@ -1555,15 +1557,21 @@ caddr_t bif_xenc_key_DH_create (caddr_t * qst, caddr_t * err_r, state_slot_t ** + dh = DH_new (); + bn_p = BN_bin2bn ((unsigned char *)mod, p_len, NULL); + bn_g = BN_bin2bn (g_bin, 1, NULL); +- dh->p = bn_p; +- dh->g = bn_g; ++ if (dh) ++ DH_set0_pqg(dh, bn_p, NULL, bn_g); + + dk_free_box (mod_b64); + dk_free_box (mod); + } + else + { +- dh = DH_generate_parameters (num, g, dh_cb, NULL); ++ dh = DH_new(); ++ if (dh) { ++ if (!DH_generate_parameters_ex(dh, num, g, NULL)) { ++ DH_free(dh); ++ dh = NULL; ++ } ++ } + } + if (!dh) + { +@@ -1593,7 +1601,7 @@ caddr_t bif_xenc_DH_get_params (caddr_t * qst, caddr_t * err_r, state_slot_t ** + int n, len; + caddr_t buf = NULL, ret, b64; + DH *dh; +- BIGNUM *num; ++ const BIGNUM *num; + + mutex_enter (xenc_keys_mtx); + key = xenc_get_key_by_name (name, 0); +@@ -1608,19 +1616,19 @@ caddr_t bif_xenc_DH_get_params (caddr_t * qst, caddr_t * err_r, state_slot_t ** + switch (param) + { + case 1: +- num = dh->p; ++ DH_get0_pqg(dh, &num, NULL, NULL); + break; + case 2: +- num = dh->g; ++ DH_get0_pqg(dh, NULL, NULL, &num); + break; + case 3: +- num = dh->pub_key; ++ DH_get0_key(dh, &num, NULL); + break; + case 4: +- num = dh->priv_key; ++ DH_get0_key(dh, NULL, &num); + break; + default: +- num = dh->pub_key; ++ DH_get0_key(dh, &num, NULL); + } + + buf_len = (size_t)BN_num_bytes(num); +@@ -1762,7 +1770,7 @@ xenc_key_len_get (const char * algo) + if (!algo) + len = 0; + else if (!strcmp (algo, XENC_TRIPLEDES_ALGO)) +- len = 3 * sizeof (des_cblock); ++ len = 3 * sizeof (DES_cblock); + else if (!strcmp (algo, XENC_AES128_ALGO)) + len = 128; + else if (!strcmp (algo, XENC_AES256_ALGO)) +@@ -1778,9 +1786,17 @@ caddr_t bif_xenc_key_rsa_create (caddr_t * qst, caddr_t * err_r, state_slot_t ** + xenc_key_t * k; + caddr_t name = bif_string_arg (qst, args, 0, "xenc_key_RSA_create"); + int num = (int) bif_long_arg (qst, args, 1, "xenc_key_RSA_create"); +- RSA *rsa = NULL; ++ RSA *rsa; ++ BIGNUM *bn; + EVP_PKEY *pk = NULL; + ++ rsa = RSA_new(); ++ bn = BN_new(); ++ if (!rsa || !bn) ++ goto out; ++ if (!BN_set_word(bn, RSA_F4)) ++ goto out; ++ + mutex_enter (xenc_keys_mtx); + if (NULL == (k = xenc_key_create (name, XENC_RSA_ALGO , DSIG_RSA_SHA1_ALGO, 0))) + { +@@ -1788,12 +1804,11 @@ caddr_t bif_xenc_key_rsa_create (caddr_t * qst, caddr_t * err_r, state_slot_t ** + SQLR_NEW_KEY_EXIST_ERROR (name); + } + +- rsa = RSA_generate_key (num, RSA_F4, NULL, NULL); +- +- if (rsa == NULL) +- { +- sqlr_new_error ("42000", "XENC06", "RSA generation error"); +- } ++ if (!RSA_generate_key_ex (rsa, num, bn, NULL)) { ++ mutex_leave (xenc_keys_mtx); ++ goto out; ++ } ++ BN_free(bn); + + k->xek_rsa = RSAPublicKey_dup (rsa); + k->xek_private_rsa = rsa; +@@ -1807,6 +1822,13 @@ caddr_t bif_xenc_key_rsa_create (caddr_t * qst, caddr_t * err_r, state_slot_t ** + + mutex_leave (xenc_keys_mtx); + return NULL; ++out: ++ if (bn) ++ BN_free(bn); ++ if (rsa) ++ RSA_free(rsa); ++ sqlr_new_error ("42000", "XENC06", "RSA generation error"); ++ return NULL; + } + + xenc_key_t * +@@ -1814,7 +1836,7 @@ xenc_key_create_from_utok (u_tok_t * utok, caddr_t seed, wsse_ctx_t * ctx) + { + xenc_key_t * key; + P_SHA1_CTX * psha1; +- des_cblock _key[5]; ++ DES_cblock _key[5]; + int key_len = 0; + caddr_t * utok_opts = (caddr_t *) xenc_get_option (ctx->wc_opts, "UsernameToken", NULL); + caddr_t key_algo = xenc_get_option (utok_opts, "keyAlgorithm", XENC_TRIPLEDES_ALGO); +@@ -1843,13 +1865,13 @@ xenc_key_create_from_utok (u_tok_t * utok, caddr_t seed, wsse_ctx_t * ctx) + memset (&key->ki.triple_des.ks3, 0, sizeof (key->ki.triple_des.ks3)); + memset (&key->ki.triple_des.iv, 0, sizeof (key->ki.triple_des.iv)); + +- des_set_key_unchecked(&_key[0], key->ki.triple_des.ks1); +- des_set_key_unchecked(&_key[1], key->ki.triple_des.ks2); +- des_set_key_unchecked(&_key[2], key->ki.triple_des.ks3); ++ DES_set_key_unchecked(&_key[0], &key->ki.triple_des.ks1); ++ DES_set_key_unchecked(&_key[1], &key->ki.triple_des.ks2); ++ DES_set_key_unchecked(&_key[2], &key->ki.triple_des.ks3); + +- memcpy (key->ki.triple_des.k1, &_key[0], sizeof (des_cblock)); +- memcpy (key->ki.triple_des.k2, &_key[1], sizeof (des_cblock)); +- memcpy (key->ki.triple_des.k3, &_key[2], sizeof (des_cblock)); ++ memcpy (key->ki.triple_des.k1, &_key[0], sizeof (DES_cblock)); ++ memcpy (key->ki.triple_des.k2, &_key[1], sizeof (DES_cblock)); ++ memcpy (key->ki.triple_des.k3, &_key[2], sizeof (DES_cblock)); + break; + } + #ifdef AES_ENC_ENABLE +@@ -2002,7 +2024,13 @@ int __xenc_key_dsa_init (char *name, int lock) + SQLR_NEW_KEY_ERROR (name); + + RAND_poll (); +- dsa = DSA_generate_parameters(num, NULL, 0, NULL, NULL, dh_cb, NULL); ++ dsa = DSA_new(); ++ if (dsa) { ++ if (!DSA_generate_parameters_ex(dsa, num, NULL, 0, NULL, NULL, NULL)) { ++ DSA_free(dsa); ++ dsa = NULL; ++ } ++ } + if (dsa == NULL) + { + sqlr_new_error ("42000", "XENC11", +@@ -2026,7 +2054,13 @@ int __xenc_key_dh_init (char *name, int lock) + if (NULL == pkey) + SQLR_NEW_KEY_ERROR (name); + +- dh = DH_generate_parameters (num, g, dh_cb, NULL); ++ dh = DH_new(); ++ if (dh) { ++ if (!DH_generate_parameters_ex(dh, num, g, NULL)) { ++ DH_free(dh); ++ dh = NULL; ++ } ++ } + if (!dh) + { + sqlr_new_error ("42000", "XENC11", +@@ -2073,7 +2107,7 @@ static + int __xenc_key_3des_init (char *name, char *pwd, int lock) + { + char _key[KEYSIZB+1]; +- des_cblock key[3]; ++ DES_cblock key[3]; + + xenc_key_t * pkey = xenc_get_key_by_name (name, lock); + if (NULL == pkey) +@@ -2093,13 +2127,13 @@ int __xenc_key_3des_init (char *name, char *pwd, int lock) + (unsigned char *)_key, + strlen(_key), 1, (unsigned char*) &key[0], pkey->ki.triple_des.iv); + +- des_set_key_unchecked(&key[0], pkey->ki.triple_des.ks1); +- des_set_key_unchecked(&key[1], pkey->ki.triple_des.ks2); +- des_set_key_unchecked(&key[2], pkey->ki.triple_des.ks3); ++ DES_set_key_unchecked(&key[0], &pkey->ki.triple_des.ks1); ++ DES_set_key_unchecked(&key[1], &pkey->ki.triple_des.ks2); ++ DES_set_key_unchecked(&key[2], &pkey->ki.triple_des.ks3); + +- memcpy (pkey->ki.triple_des.k1, &key[0], sizeof (des_cblock)); +- memcpy (pkey->ki.triple_des.k2, &key[1], sizeof (des_cblock)); +- memcpy (pkey->ki.triple_des.k3, &key[2], sizeof (des_cblock)); ++ memcpy (pkey->ki.triple_des.k1, &key[0], sizeof (DES_cblock)); ++ memcpy (pkey->ki.triple_des.k2, &key[1], sizeof (DES_cblock)); ++ memcpy (pkey->ki.triple_des.k3, &key[2], sizeof (DES_cblock)); + + xenc_store_key (pkey, lock); + return 0; +@@ -2107,13 +2141,13 @@ int __xenc_key_3des_init (char *name, char *pwd, int lock) + + void xenc_key_3des_init (xenc_key_t * pkey, unsigned char * k1, unsigned char * k2, unsigned char * k3) + { +- memcpy (pkey->ki.triple_des.k1, k1, sizeof (des_cblock)); +- memcpy (pkey->ki.triple_des.k2, k2, sizeof (des_cblock)); +- memcpy (pkey->ki.triple_des.k3, k3, sizeof (des_cblock)); ++ memcpy (pkey->ki.triple_des.k1, k1, sizeof (DES_cblock)); ++ memcpy (pkey->ki.triple_des.k2, k2, sizeof (DES_cblock)); ++ memcpy (pkey->ki.triple_des.k3, k3, sizeof (DES_cblock)); + +- des_set_key_unchecked((const_des_cblock*) k1, pkey->ki.triple_des.ks1); +- des_set_key_unchecked((const_des_cblock*) k2, pkey->ki.triple_des.ks2); +- des_set_key_unchecked((const_des_cblock*) k3, pkey->ki.triple_des.ks3); ++ DES_set_key_unchecked((const_DES_cblock*) k1, &pkey->ki.triple_des.ks1); ++ DES_set_key_unchecked((const_DES_cblock*) k2, &pkey->ki.triple_des.ks2); ++ DES_set_key_unchecked((const_DES_cblock*) k3, &pkey->ki.triple_des.ks3); + } + + +@@ -2145,20 +2179,20 @@ caddr_t bif_xenc_key_3des_rand_create (caddr_t * qst, caddr_t * err_r, state_slo + { + caddr_t name = bif_key_name_arg (qst, args, 0, "xenc_key_3DES_rand_create"); + xenc_key_t * k = 0; +- des_cblock k1; +- des_cblock k2; +- des_cblock k3; +- des_key_schedule ks1; +- des_key_schedule ks2; +- des_key_schedule ks3; +- +- des_random_key (&k1); +- des_random_key (&k2); +- des_random_key (&k3); +- +- if ( (des_set_key_checked (&k1, ks1) < 0) || +- (des_set_key_checked (&k2, ks2) < 0) || +- (des_set_key_checked (&k3, ks3) < 0) ) ++ DES_cblock k1; ++ DES_cblock k2; ++ DES_cblock k3; ++ DES_key_schedule ks1; ++ DES_key_schedule ks2; ++ DES_key_schedule ks3; ++ ++ DES_random_key (&k1); ++ DES_random_key (&k2); ++ DES_random_key (&k3); ++ ++ if ( (DES_set_key_checked (&k1, &ks1) < 0) || ++ (DES_set_key_checked (&k2, &ks2) < 0) || ++ (DES_set_key_checked (&k3, &ks3) < 0) ) + GPF_T; /* parity check failed, library error - could not check result of it's own work */ + + mutex_enter (xenc_keys_mtx); +@@ -2169,13 +2203,13 @@ caddr_t bif_xenc_key_3des_rand_create (caddr_t * qst, caddr_t * err_r, state_slo + mutex_leave (xenc_keys_mtx); + SQLR_NEW_KEY_EXIST_ERROR (name); + } +- memcpy (&k->ki.triple_des.k1, &k1, sizeof (des_cblock)); +- memcpy (&k->ki.triple_des.k2, &k2, sizeof (des_cblock)); +- memcpy (&k->ki.triple_des.k3, &k3, sizeof (des_cblock)); ++ memcpy (&k->ki.triple_des.k1, &k1, sizeof (DES_cblock)); ++ memcpy (&k->ki.triple_des.k2, &k2, sizeof (DES_cblock)); ++ memcpy (&k->ki.triple_des.k3, &k3, sizeof (DES_cblock)); + +- memcpy (&k->ki.triple_des.ks1, &ks1, sizeof (des_key_schedule)); +- memcpy (&k->ki.triple_des.ks2, &ks2, sizeof (des_key_schedule)); +- memcpy (&k->ki.triple_des.ks3, &ks3, sizeof (des_key_schedule)); ++ memcpy (&k->ki.triple_des.ks1, &ks1, sizeof (DES_key_schedule)); ++ memcpy (&k->ki.triple_des.ks2, &ks2, sizeof (DES_key_schedule)); ++ memcpy (&k->ki.triple_des.ks3, &ks3, sizeof (DES_key_schedule)); + + mutex_leave (xenc_keys_mtx); + +@@ -2252,9 +2286,11 @@ bif_xenc_key_rsa_read (caddr_t * qst, caddr_t * err_r, state_slot_t ** args) + + if (!p) + { ++ const BIGNUM *n, *e; ++ ++ RSA_get0_key(r, &n, &e, NULL); + p = RSA_new (); +- p->n = BN_dup (r->n); +- p->e = BN_dup (r->e); ++ RSA_set0_key(p, BN_dup(n), BN_dup(e), NULL); + } + + mutex_enter (xenc_keys_mtx); +@@ -2286,14 +2322,13 @@ bif_xenc_key_rsa_construct (caddr_t * qst, caddr_t * err_r, state_slot_t ** args + p = RSA_new (); + n = BN_bin2bn ((unsigned char *) mod, box_length (mod) - 1, NULL); + e = BN_bin2bn ((unsigned char *) exp, box_length (exp) - 1, NULL); +- p->n = n; +- p->e = e; ++ RSA_set0_key(p, n, e, NULL); + if (pexp) + { + pk = RSA_new (); +- pk->d = BN_bin2bn ((unsigned char *) pexp, box_length (pexp) - 1, NULL); +- pk->n = BN_dup (n); +- pk->e = BN_dup (e); ++ RSA_set0_key(p, BN_dup(n), ++ BN_dup(e), ++ BN_bin2bn ((unsigned char *) pexp, box_length (pexp) - 1, NULL)); + } + mutex_enter (xenc_keys_mtx); + k = xenc_key_create (name, XENC_RSA_ALGO, DSIG_RSA_SHA1_ALGO, 0); +@@ -2565,9 +2600,9 @@ caddr_t bif_xenc_key_serialize (caddr_t * qst, caddr_t * err_r, state_slot_t ** + + if (k->xek_type == DSIG_KEY_3DES) + { +- memcpy (in_buf, k->ki.triple_des.k1, sizeof (des_cblock)); +- memcpy (in_buf + sizeof (des_cblock), k->ki.triple_des.k2, sizeof (des_cblock)); +- memcpy (in_buf + 2*sizeof (des_cblock), k->ki.triple_des.k3, sizeof (des_cblock)); ++ memcpy (in_buf, k->ki.triple_des.k1, sizeof (DES_cblock)); ++ memcpy (in_buf + sizeof (DES_cblock), k->ki.triple_des.k2, sizeof (DES_cblock)); ++ memcpy (in_buf + 2*sizeof (DES_cblock), k->ki.triple_des.k3, sizeof (DES_cblock)); + } + else if (k->xek_type == DSIG_KEY_RSA) + { +@@ -3989,7 +4024,7 @@ void xenc_tag_free (xenc_tag_t * t) + #endif + } + +-xenc_tag_t * xenc_tag_add_child_BN (xenc_tag_t * tag, BIGNUM * bn) ++static xenc_tag_t * xenc_tag_add_child_BN (xenc_tag_t * tag, const BIGNUM * bn) + { + char * buffer = dk_alloc_box (BN_num_bytes (bn), DV_BIN); + char * buffer_base64 = dk_alloc_box (box_length (buffer) * 2, DV_STRING); +@@ -4014,12 +4049,15 @@ caddr_t ** xenc_generate_ext_info (xenc_key_t * key) + caddr_t ** array; + if (key->xek_type == DSIG_KEY_RSA) + { ++ const BIGNUM *rsa_n, *rsa_e; ++ ++ RSA_get0_key(key->ki.rsa.rsa_st, &rsa_n, &rsa_e, NULL); + xenc_tag_t * rsakeyval = xenc_tag_create (DSIG_URI, ":RSAKeyValue"); + xenc_tag_t * rsamodulus = xenc_tag_create (DSIG_URI, ":Modulus"); + xenc_tag_t * rsaexponent = xenc_tag_create (DSIG_URI, ":Exponent"); + +- xenc_tag_add_child_BN (rsamodulus, key->ki.rsa.rsa_st->n); +- xenc_tag_add_child_BN (rsaexponent, key->ki.rsa.rsa_st->e); ++ xenc_tag_add_child_BN (rsamodulus, rsa_n); ++ xenc_tag_add_child_BN (rsaexponent, rsa_e); + + xenc_tag_add_child (rsakeyval, xenc_tag_finalize (rsamodulus)); + xenc_tag_add_child (rsakeyval, xenc_tag_finalize (rsaexponent)); +@@ -4038,12 +4076,15 @@ caddr_t ** xenc_generate_ext_info (xenc_key_t * key) + xenc_tag_t * g = xenc_tag_create (DSIG_URI, ":G"); + xenc_tag_t * y = xenc_tag_create (DSIG_URI, ":Y"); + DSA * dsa = key->ki.dsa.dsa_st; ++ const BIGNUM *dsa_p, *dsa_q, *dsa_g, *dsa_pub_key; + ++ DSA_get0_pqg(dsa, &dsa_p, &dsa_q, &dsa_g); ++ DSA_get0_key(dsa, &dsa_pub_key, NULL); + +- xenc_tag_add_child_BN (p, dsa->p); +- xenc_tag_add_child_BN (p, dsa->q); +- xenc_tag_add_child_BN (p, dsa->g); +- xenc_tag_add_child_BN (p, dsa->pub_key); ++ xenc_tag_add_child_BN (p, dsa_p); ++ xenc_tag_add_child_BN (p, dsa_q); ++ xenc_tag_add_child_BN (p, dsa_g); ++ xenc_tag_add_child_BN (p, dsa_pub_key); + + xenc_tag_add_child (dsakeyval, xenc_tag_finalize (p)); + xenc_tag_add_child (dsakeyval, xenc_tag_finalize (q)); +@@ -5980,7 +6021,7 @@ void xenc_kt_test () + xenc_des3_decryptor (out, strses_length (out), in, key, &t); + key_data_2 = strses_string (in); + +- if (memcmp (key_data, key_data_2, 3 * sizeof (des_cblock))) ++ if (memcmp (key_data, key_data_2, 3 * sizeof (DES_cblock))) + xenc_assert (0); + dk_free_box (key_data_2); + dk_free_box (key_data); +@@ -5988,13 +6029,13 @@ void xenc_kt_test () + new_key = xenc_build_encrypted_key ("virtdev_test_rest", in, XENC_TRIPLEDES_ALGO, &t); + + if (memcmp (new_key->ki.triple_des.k1, +- key->ki.triple_des.k1, sizeof (des_cblock))) ++ key->ki.triple_des.k1, sizeof (DES_cblock))) + xenc_assert (0); + if (memcmp (new_key->ki.triple_des.k2, +- key->ki.triple_des.k2, sizeof (des_cblock))) ++ key->ki.triple_des.k2, sizeof (DES_cblock))) + xenc_assert (0); + if (memcmp (new_key->ki.triple_des.k3, +- key->ki.triple_des.k3, sizeof (des_cblock))) ++ key->ki.triple_des.k3, sizeof (DES_cblock))) + xenc_assert (0); + + strses_flush (in); +@@ -6090,7 +6131,7 @@ caddr_t xenc_x509_get_key_identifier (X509 * cert) + + ret = dk_alloc_box (ikeyid->length, DV_BIN); + memcpy (ret, ikeyid->data, ikeyid->length); +- M_ASN1_OCTET_STRING_free(ikeyid); ++ ASN1_STRING_free(ikeyid); + return ret; + } + +@@ -6150,7 +6191,7 @@ bif_x509_get_subject (caddr_t * qst, caddr_t * err_ret, state_slot_t ** args) + + ret = dk_alloc_box (ikeyid->length, DV_BIN); + memcpy (ret, ikeyid->data, ikeyid->length); +- M_ASN1_OCTET_STRING_free(ikeyid); ++ ASN1_STRING_free(ikeyid); + return ret; + } + +@@ -6683,7 +6724,7 @@ bif_xenc_x509_csr_generate (caddr_t * qst, caddr_t * err_ret, state_slot_t ** ar + sk_X509_EXTENSION_push(st_exts, ex); + } + X509_REQ_add_extensions(x, st_exts); +- if (!X509_REQ_sign (x, pk, (pk->type == EVP_PKEY_RSA ? EVP_md5() : EVP_dss1()))) ++ if (!X509_REQ_sign (x, pk, (EVP_PKEY_id(pk) == EVP_PKEY_RSA ? EVP_md5() : EVP_sha1()))) + { + pk = NULL; /* keep one in the xenc_key */ + *err_ret = srv_make_new_error ("42000", "XECXX", "Can not sign certificate : %s", get_ssl_error_text (buf, sizeof (buf))); +@@ -6811,23 +6852,23 @@ bif_xenc_x509_from_csr (caddr_t * qst, caddr_t * err_ret, state_slot_t ** args) + sqlr_warning ("01V01", "QW001", "Unknown extension entry"); + } + +- if (!X509_sign (x, pk, (pk->type == EVP_PKEY_RSA ? EVP_md5() : EVP_dss1()) )) ++ if (!X509_sign (x, pk, (EVP_PKEY_id(pk) == EVP_PKEY_RSA ? EVP_md5() : EVP_sha1()) )) + { + pk = NULL; /* keep one in the xenc_key */ + *err_ret = srv_make_new_error ("42000", "XECXX", "Can not sign certificate"); + goto err; + } +- switch (EVP_PKEY_type (cli_pk->type)) ++ switch (EVP_PKEY_type (EVP_PKEY_id(cli_pk))) + { + case EVP_PKEY_DSA: + sign_algoname = DSIG_DSA_SHA1_ALGO; + enc_algoname = XENC_DSA_ALGO; +- dsa = cli_pk->pkey.dsa; ++ dsa = EVP_PKEY_get0_DSA(cli_pk); + break; + case EVP_PKEY_RSA: + sign_algoname = DSIG_RSA_SHA1_ALGO; + enc_algoname = XENC_RSA_ALGO; +- rsa = cli_pk->pkey.rsa; ++ rsa = EVP_PKEY_get0_RSA(cli_pk); + break; + default: + *err_ret = srv_make_new_error ("42000", "XECXX", "The type of public key is not supported mus tbe RSA or DSA"); +@@ -6975,16 +7016,16 @@ bif_xenc_pubkey_pem_export (caddr_t * qst, caddr_t * err_ret, state_slot_t ** ar + { + k = X509_get_pubkey (key->xek_x509); + #ifdef EVP_PKEY_RSA +- if (k->type == EVP_PKEY_RSA) ++ if (EVP_PKEY_id(k) == EVP_PKEY_RSA) + { +- RSA * x = k->pkey.rsa; ++ RSA *x = EVP_PKEY_get0_RSA(k); + PEM_write_bio_RSA_PUBKEY (b, x); + } + #endif + #ifdef EVP_PKEY_DSA +- if (k->type == EVP_PKEY_DSA) ++ if (EVP_PKEY_id(k) == EVP_PKEY_DSA) + { +- DSA * x = k->pkey.dsa; ++ DSA * x = EVP_PKEY_get0_DSA(k); + PEM_write_bio_DSA_PUBKEY (b, x); + } + #endif +@@ -7031,16 +7072,16 @@ bif_xenc_pubkey_der_export (caddr_t * qst, caddr_t * err_ret, state_slot_t ** ar + { + k = X509_get_pubkey (key->xek_x509); + #ifdef EVP_PKEY_RSA +- if (k->type == EVP_PKEY_RSA) ++ if (EVP_PKEY_id(k) == EVP_PKEY_RSA) + { +- RSA * x = k->pkey.rsa; ++ RSA * x = EVP_PKEY_get0_RSA(k); + i2d_RSA_PUBKEY_bio (b, x); + } + #endif + #ifdef EVP_PKEY_DSA +- if (k->type == EVP_PKEY_DSA) ++ if (EVP_PKEY_id(k) == EVP_PKEY_DSA) + { +- DSA * x = k->pkey.dsa; ++ DSA * x = EVP_PKEY_get0_DSA(k); + i2d_DSA_PUBKEY_bio (b, x); + } + #endif +@@ -7068,7 +7109,7 @@ err: + } + + static caddr_t +-BN2binbox (BIGNUM * x) ++BN2binbox (const BIGNUM * x) + { + size_t buf_len, n; + caddr_t buf; +@@ -7103,8 +7144,14 @@ static caddr_t + xenc_rsa_pub_magic (RSA * x) + { + caddr_t ret; +- caddr_t n = BN2binbox (x->n); /* modulus */ +- caddr_t e = BN2binbox (x->e); /* public exponent */ ++ caddr_t n; ++ caddr_t e; ++ const BIGNUM *rsa_n, *rsa_e; ++ ++ RSA_get0_key(x, &rsa_n, &rsa_e, NULL); ++ n = BN2binbox (rsa_n); /* modulus */ ++ e = BN2binbox (rsa_e); /* public exponent */ ++ + n = xenc_encode_base64_binbox (n, 1); + e = xenc_encode_base64_binbox (e, 1); + ret = dk_alloc_box (box_length (n) + box_length (e) + 4 /* two dots - one trailing zero + RSA prefix */, DV_STRING); +@@ -7129,9 +7176,9 @@ bif_xenc_pubkey_magic_export (caddr_t * qst, caddr_t * err_ret, state_slot_t ** + { + k = X509_get_pubkey (key->xek_x509); + #ifdef EVP_PKEY_RSA +- if (k->type == EVP_PKEY_RSA) ++ if (EVP_PKEY_id(k) == EVP_PKEY_RSA) + { +- RSA * x = k->pkey.rsa; ++ RSA * x = EVP_PKEY_get0_RSA(k); + ret = xenc_rsa_pub_magic (x); + } + #endif +@@ -7172,10 +7219,16 @@ static caddr_t + xenc_rsa_pub_ssh_export (RSA * x) + { + static char * ssh_header = "\x00\x00\x00\x07ssh-rsa"; ++ const BIGNUM *rsa_n, *rsa_e; + caddr_t ret; + int len, pos; +- caddr_t n = BN2binbox (x->n); /* modulus */ +- caddr_t e = BN2binbox (x->e); /* public exponent */ ++ caddr_t n; ++ caddr_t e; ++ ++ RSA_get0_key(x, &rsa_n, &rsa_e, NULL); ++ n = BN2binbox (rsa_n); /* modulus */ ++ e = BN2binbox (rsa_e); /* public exponent */ ++ + len = 11 + 8 + box_length (n) + box_length (e); + if (n[0] & 0x80) + len ++; +@@ -7206,9 +7259,9 @@ bif_xenc_pubkey_ssh_export (caddr_t * qst, caddr_t * err_ret, state_slot_t ** ar + { + k = X509_get_pubkey (key->xek_x509); + #ifdef EVP_PKEY_RSA +- if (k->type == EVP_PKEY_RSA) ++ if (EVP_PKEY_id(k) == EVP_PKEY_RSA) + { +- RSA * x = k->pkey.rsa; ++ RSA * x = EVP_PKEY_get0_RSA(k); + ret = xenc_rsa_pub_ssh_export (x); + } + #endif +@@ -7241,7 +7294,7 @@ bif_xenc_SPKI_read (caddr_t * qst, caddr_t * err_ret, state_slot_t ** args) + return NULL; + } + pk = NETSCAPE_SPKI_get_pubkey (spki); +- if (!pk || pk->type != EVP_PKEY_RSA) ++ if (!pk || EVP_PKEY_id(pk) != EVP_PKEY_RSA) + { + NETSCAPE_SPKI_free (spki); + *err_ret = srv_make_new_error ("42000", "XECXX", "Can not retrieve RSA key"); +diff --git a/libsrc/Wi/xmlenc.h b/libsrc/Wi/xmlenc.h +index 958ef70..51bc80a 100644 +--- a/libsrc/Wi/xmlenc.h ++++ b/libsrc/Wi/xmlenc.h +@@ -36,6 +36,7 @@ + #include + #include + #include ++#include + + #ifdef AES_ENC_ENABLE + #include +@@ -312,15 +313,15 @@ struct xenc_key_s + } dsa; + struct dsig_des3_keyinfo_s + { +- des_cblock k1; +- des_cblock k2; +- des_cblock k3; ++ DES_cblock k1; ++ DES_cblock k2; ++ DES_cblock k3; + +- des_key_schedule ks1;/* key schedule */ +- des_key_schedule ks2;/* key schedule (for ede) */ +- des_key_schedule ks3;/* key schedule (for ede3) */ ++ DES_key_schedule ks1;/* key schedule */ ++ DES_key_schedule ks2;/* key schedule (for ede) */ ++ DES_key_schedule ks3;/* key schedule (for ede3) */ + +- des_cblock iv; ++ DES_cblock iv; + #define PKCS5_SALT_LEN 8 + unsigned char salt[PKCS5_SALT_LEN]; + } triple_des; +@@ -629,5 +630,166 @@ caddr_t * xml_find_any_child (caddr_t * curr, const char * name, const char * ur + + extern dk_mutex_t * xenc_keys_mtx; + ++#if OPENSSL_VERSION_NUMBER < 0x10100000 ++ ++static inline HMAC_CTX *HMAC_CTX_new(void) ++{ ++ HMAC_CTX *p; ++ ++ p = calloc(1, sizeof(HMAC_CTX)); ++ if (!p) ++ return p; ++ HMAC_CTX_init(p); ++ return p; ++} ++ ++static inline void HMAC_CTX_free(HMAC_CTX *ctx) ++{ ++ HMAC_CTX_cleanup(ctx); ++ free(ctx); ++} ++ ++static inline void RSA_get0_key(const RSA *r, const BIGNUM **n, ++ const BIGNUM **e, const BIGNUM **d) ++{ ++ if (n != NULL) ++ *n = r->n; ++ if (e != NULL) ++ *e = r->e; ++ if (d != NULL) ++ *d = r->d; ++} ++ ++static inline void RSA_get0_factors(const RSA *r, const BIGNUM **p, ++ const BIGNUM **q) ++{ ++ if (p != NULL) ++ *p = r->p; ++ if (q != NULL) ++ *q = r->q; ++} ++ ++static inline RSA *EVP_PKEY_get0_RSA(EVP_PKEY *pkey) ++{ ++ if (pkey->type != EVP_PKEY_RSA) ++ return NULL; ++ return pkey->pkey.rsa; ++} ++ ++static inline void DH_get0_key(const DH *dh, const BIGNUM **pub_key, ++ const BIGNUM **priv_key) ++{ ++ if (pub_key != NULL) ++ *pub_key = dh->pub_key; ++ if (priv_key != NULL) ++ *priv_key = dh->priv_key; ++} ++ ++ ++static inline void DH_get0_pqg(const DH *dh, const BIGNUM **p, const BIGNUM **q, ++ const BIGNUM **g) ++{ ++ if (p != NULL) ++ *p = dh->p; ++ if (q != NULL) ++ *q = dh->q; ++ if (g != NULL) ++ *g = dh->g; ++} ++ ++static inline DSA *EVP_PKEY_get0_DSA(EVP_PKEY *pkey) ++{ ++ if (pkey->type != EVP_PKEY_DSA) ++ return NULL; ++ return pkey->pkey.dsa; ++} ++ ++static inline int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g) ++{ ++ /* If the fields p and g in d are NULL, the corresponding input ++ * parameters MUST be non-NULL. q may remain NULL. ++ */ ++ if ((dh->p == NULL && p == NULL) ++ || (dh->g == NULL && g == NULL)) ++ return 0; ++ ++ if (p != NULL) { ++ BN_free(dh->p); ++ dh->p = p; ++ } ++ if (q != NULL) { ++ BN_free(dh->q); ++ dh->q = q; ++ } ++ if (g != NULL) { ++ BN_free(dh->g); ++ dh->g = g; ++ } ++ ++ if (q != NULL) { ++ dh->length = BN_num_bits(q); ++ } ++ ++ return 1; ++} ++ ++static inline int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d) ++{ ++ /* If the fields n and e in r are NULL, the corresponding input ++ * parameters MUST be non-NULL for n and e. d may be ++ * left NULL (in case only the public key is used). ++ */ ++ if ((r->n == NULL && n == NULL) ++ || (r->e == NULL && e == NULL)) ++ return 0; ++ ++ if (n != NULL) { ++ BN_free(r->n); ++ r->n = n; ++ } ++ if (e != NULL) { ++ BN_free(r->e); ++ r->e = e; ++ } ++ if (d != NULL) { ++ BN_free(r->d); ++ r->d = d; ++ } ++ ++ return 1; ++} ++ ++static inline void DSA_get0_pqg(const DSA *d, const BIGNUM **p, ++ const BIGNUM **q, const BIGNUM **g) ++{ ++ if (p != NULL) ++ *p = d->p; ++ if (q != NULL) ++ *q = d->q; ++ if (g != NULL) ++ *g = d->g; ++} ++ ++static inline void DSA_get0_key(const DSA *d, const BIGNUM **pub_key, ++ const BIGNUM **priv_key) ++{ ++ if (pub_key != NULL) ++ *pub_key = d->pub_key; ++ if (priv_key != NULL) ++ *priv_key = d->priv_key; ++} ++ ++static inline const STACK_OF(X509_EXTENSION) *X509_get0_extensions(const X509 *x) ++{ ++ return x->cert_info->extensions; ++} ++ ++static inline int X509_up_ref(X509 *x) ++{ ++ return CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509); ++} ++ ++#endif ++ + #endif + +diff --git a/libsrc/Wi/xmlenc_algos.c b/libsrc/Wi/xmlenc_algos.c +index 841b98f..654b7de 100644 +--- a/libsrc/Wi/xmlenc_algos.c ++++ b/libsrc/Wi/xmlenc_algos.c +@@ -1149,7 +1149,7 @@ int + dsig_hmac_sha256_digest (dk_session_t * ses_in, long len, xenc_key_t * key, caddr_t * sign_out) + { + unsigned char * data; +- HMAC_CTX ctx; ++ HMAC_CTX *ctx; + unsigned char key_data[32 * 8]; + unsigned char md [SHA256_DIGEST_LENGTH + 1]; + unsigned char md64 [SHA256_DIGEST_LENGTH * 2 + 1]; +@@ -1158,14 +1158,13 @@ dsig_hmac_sha256_digest (dk_session_t * ses_in, long len, xenc_key_t * key, cadd + + if (NULL == key) + return 0; +- + switch (key->xek_type) + { + case DSIG_KEY_3DES: +- memcpy (key_data, key->ki.triple_des.k1, sizeof (des_cblock)); +- memcpy (key_data + 8, key->ki.triple_des.k2, sizeof (des_cblock)); +- memcpy (key_data + 16, key->ki.triple_des.k3, sizeof (des_cblock)); +- key_len = 3 * sizeof (des_cblock); ++ memcpy (key_data, key->ki.triple_des.k1, sizeof (DES_cblock)); ++ memcpy (key_data + 8, key->ki.triple_des.k2, sizeof (DES_cblock)); ++ memcpy (key_data + 16, key->ki.triple_des.k3, sizeof (DES_cblock)); ++ key_len = 3 * sizeof (DES_cblock); + break; + #ifdef AES_ENC_ENABLE + case DSIG_KEY_AES: +@@ -1182,7 +1181,9 @@ dsig_hmac_sha256_digest (dk_session_t * ses_in, long len, xenc_key_t * key, cadd + default: + return 0; + } +- ++ ctx = HMAC_CTX_new(); ++ if (!ctx) ++ return 0; + + data = (unsigned char *) dk_alloc_box (len, DV_C_STRING); + CATCH_READ_FAIL (ses_in) +@@ -1192,14 +1193,15 @@ dsig_hmac_sha256_digest (dk_session_t * ses_in, long len, xenc_key_t * key, cadd + FAILED + { + dk_free_box ((box_t) data); ++ HMAC_CTX_free(ctx); + return 0; + } + END_READ_FAIL (ses_in); + +- HMAC_Init(&ctx, (void*) key_data , key_len, EVP_sha256 ()); +- HMAC_Update(&ctx, data, len); +- HMAC_Final(&ctx, md, &hmac_len); +- HMAC_cleanup(&ctx); ++ HMAC_Init_ex(ctx, (void*) key_data , key_len, EVP_sha256 (), NULL); ++ HMAC_Update(ctx, data, len); ++ HMAC_Final(ctx, md, &hmac_len); ++ HMAC_CTX_free(ctx); + + if (hmac_len != SHA256_DIGEST_LENGTH) + GPF_T; +@@ -1220,7 +1222,7 @@ dsig_hmac_sha256_digest (dk_session_t * ses_in, long len, xenc_key_t * key, cadd + int + dsig_hmac_sha256_verify (dk_session_t * ses_in, long len, xenc_key_t * key, caddr_t digest) + { +- HMAC_CTX ctx; ++ HMAC_CTX *ctx; + unsigned char * data; + unsigned char key_data[3 * 8]; + unsigned char md [SHA256_DIGEST_LENGTH + 1]; +@@ -1234,10 +1236,10 @@ dsig_hmac_sha256_verify (dk_session_t * ses_in, long len, xenc_key_t * key, cadd + switch (key->xek_type) + { + case DSIG_KEY_3DES: +- memcpy (key_data, key->ki.triple_des.k1, sizeof (des_cblock)); +- memcpy (key_data + 8, key->ki.triple_des.k2, sizeof (des_cblock)); +- memcpy (key_data + 16, key->ki.triple_des.k3, sizeof (des_cblock)); +- key_len = 3 * sizeof (des_cblock); ++ memcpy (key_data, key->ki.triple_des.k1, sizeof (DES_cblock)); ++ memcpy (key_data + 8, key->ki.triple_des.k2, sizeof (DES_cblock)); ++ memcpy (key_data + 16, key->ki.triple_des.k3, sizeof (DES_cblock)); ++ key_len = 3 * sizeof (DES_cblock); + break; + #ifdef AES_ENC_ENABLE + case DSIG_KEY_AES: +@@ -1249,6 +1251,9 @@ dsig_hmac_sha256_verify (dk_session_t * ses_in, long len, xenc_key_t * key, cadd + return 0; + } + ++ ctx = HMAC_CTX_new(); ++ if (!ctx) ++ return 0; + + data = (unsigned char *) dk_alloc_box (len, DV_C_STRING); + CATCH_READ_FAIL (ses_in) +@@ -1258,14 +1263,15 @@ dsig_hmac_sha256_verify (dk_session_t * ses_in, long len, xenc_key_t * key, cadd + FAILED + { + dk_free_box ((box_t) data); ++ HMAC_CTX_free(ctx); + return 0; + } + END_READ_FAIL (ses_in); + +- HMAC_Init(&ctx, (void*) key_data , key_len, EVP_sha256 ()); +- HMAC_Update(&ctx, data, len); +- HMAC_Final(&ctx, md, &hmac_len); +- HMAC_cleanup(&ctx); ++ HMAC_Init_ex(ctx, (void*) key_data , key_len, EVP_sha256 (), NULL); ++ HMAC_Update(ctx, data, len); ++ HMAC_Final(ctx, md, &hmac_len); ++ HMAC_CTX_free(ctx); + dk_free_box ((box_t) data); + + len1 = xenc_encode_base64 ((char *)md, md64, hmac_len); +@@ -1586,7 +1592,7 @@ int + dsig_hmac_sha1_digest (dk_session_t * ses_in, long len, xenc_key_t * key, caddr_t * sign_out) + { + unsigned char * data; +- HMAC_CTX ctx; ++ HMAC_CTX *ctx; + unsigned char key_data[32 * 8]; + unsigned char md [SHA_DIGEST_LENGTH + 1]; + unsigned char md64 [SHA_DIGEST_LENGTH * 2 + 1]; +@@ -1599,10 +1605,10 @@ dsig_hmac_sha1_digest (dk_session_t * ses_in, long len, xenc_key_t * key, caddr_ + switch (key->xek_type) + { + case DSIG_KEY_3DES: +- memcpy (key_data, key->ki.triple_des.k1, sizeof (des_cblock)); +- memcpy (key_data + 8, key->ki.triple_des.k2, sizeof (des_cblock)); +- memcpy (key_data + 16, key->ki.triple_des.k3, sizeof (des_cblock)); +- key_len = 3 * sizeof (des_cblock); ++ memcpy (key_data, key->ki.triple_des.k1, sizeof (DES_cblock)); ++ memcpy (key_data + 8, key->ki.triple_des.k2, sizeof (DES_cblock)); ++ memcpy (key_data + 16, key->ki.triple_des.k3, sizeof (DES_cblock)); ++ key_len = 3 * sizeof (DES_cblock); + break; + #ifdef AES_ENC_ENABLE + case DSIG_KEY_AES: +@@ -1620,6 +1626,9 @@ dsig_hmac_sha1_digest (dk_session_t * ses_in, long len, xenc_key_t * key, caddr_ + return 0; + } + ++ ctx = HMAC_CTX_new(); ++ if (!ctx) ++ return 0; + + data = (unsigned char *) dk_alloc_box (len, DV_C_STRING); + CATCH_READ_FAIL (ses_in) +@@ -1629,14 +1638,15 @@ dsig_hmac_sha1_digest (dk_session_t * ses_in, long len, xenc_key_t * key, caddr_ + FAILED + { + dk_free_box ((box_t) data); ++ HMAC_CTX_free(ctx); + return 0; + } + END_READ_FAIL (ses_in); + +- HMAC_Init(&ctx, (void*) key_data , key_len, EVP_sha1 ()); +- HMAC_Update(&ctx, data, len); +- HMAC_Final(&ctx, md, &hmac_len); +- HMAC_cleanup(&ctx); ++ HMAC_Init_ex(ctx, (void*) key_data , key_len, EVP_sha1 (), NULL); ++ HMAC_Update(ctx, data, len); ++ HMAC_Final(ctx, md, &hmac_len); ++ HMAC_CTX_free(ctx); + + if (hmac_len != SHA_DIGEST_LENGTH) + GPF_T; +@@ -1657,7 +1667,7 @@ dsig_hmac_sha1_digest (dk_session_t * ses_in, long len, xenc_key_t * key, caddr_ + int + dsig_hmac_sha1_verify (dk_session_t * ses_in, long len, xenc_key_t * key, caddr_t digest) + { +- HMAC_CTX ctx; ++ HMAC_CTX *ctx; + unsigned char * data; + unsigned char key_data[3 * 8]; + unsigned char md [SHA_DIGEST_LENGTH + 1]; +@@ -1671,10 +1681,10 @@ dsig_hmac_sha1_verify (dk_session_t * ses_in, long len, xenc_key_t * key, caddr_ + switch (key->xek_type) + { + case DSIG_KEY_3DES: +- memcpy (key_data, key->ki.triple_des.k1, sizeof (des_cblock)); +- memcpy (key_data + 8, key->ki.triple_des.k2, sizeof (des_cblock)); +- memcpy (key_data + 16, key->ki.triple_des.k3, sizeof (des_cblock)); +- key_len = 3 * sizeof (des_cblock); ++ memcpy (key_data, key->ki.triple_des.k1, sizeof (DES_KEY_SZ)); ++ memcpy (key_data + 8, key->ki.triple_des.k2, sizeof (DES_KEY_SZ)); ++ memcpy (key_data + 16, key->ki.triple_des.k3, sizeof (DES_KEY_SZ)); ++ key_len = 3 * sizeof (DES_KEY_SZ); + break; + #ifdef AES_ENC_ENABLE + case DSIG_KEY_AES: +@@ -1686,6 +1696,9 @@ dsig_hmac_sha1_verify (dk_session_t * ses_in, long len, xenc_key_t * key, caddr_ + return 0; + } + ++ ctx = HMAC_CTX_new(); ++ if (!ctx) ++ return 0; + + data = (unsigned char *) dk_alloc_box (len, DV_C_STRING); + CATCH_READ_FAIL (ses_in) +@@ -1695,14 +1708,15 @@ dsig_hmac_sha1_verify (dk_session_t * ses_in, long len, xenc_key_t * key, caddr_ + FAILED + { + dk_free_box ((box_t) data); ++ HMAC_CTX_free(ctx); + return 0; + } + END_READ_FAIL (ses_in); + +- HMAC_Init(&ctx, (void*) key_data , key_len, EVP_sha1 ()); +- HMAC_Update(&ctx, data, len); +- HMAC_Final(&ctx, md, &hmac_len); +- HMAC_cleanup(&ctx); ++ HMAC_Init_ex(ctx, (void*) key_data , key_len, EVP_sha1 (), NULL); ++ HMAC_Update(ctx, data, len); ++ HMAC_Final(ctx, md, &hmac_len); ++ HMAC_CTX_free(ctx); + dk_free_box ((box_t) data); + + len1 = xenc_encode_base64 ((char *)md, md64, hmac_len); +@@ -1763,7 +1777,7 @@ int xenc_aes_encryptor (dk_session_t * ses_in, long seslen, dk_session_t * ses_o + caddr_t outbuf_beg; + int len; + caddr_t encoded_out; +- EVP_CIPHER_CTX ctx; ++ EVP_CIPHER_CTX *ctx; + unsigned char * ivec = &key->ki.aes.iv[0]; + + CATCH_READ_FAIL (ses_in) +@@ -1778,7 +1792,7 @@ int xenc_aes_encryptor (dk_session_t * ses_in, long seslen, dk_session_t * ses_o + END_READ_FAIL (ses_in); + + #if 1 +- EVP_CIPHER_CTX_init(&ctx); ++ ctx = EVP_CIPHER_CTX_new(); + outbuf_beg = dk_alloc_box (box_length (text) + 16, DV_BIN); + memcpy (outbuf_beg, ivec, 16); + outbuf = outbuf_beg + 16; +@@ -1786,20 +1800,19 @@ int xenc_aes_encryptor (dk_session_t * ses_in, long seslen, dk_session_t * ses_o + switch (key->ki.aes.bits) + { + case 128: +- EVP_EncryptInit_ex(&ctx, EVP_aes_128_cbc(), NULL, key->ki.aes.k, ivec); ++ EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, key->ki.aes.k, ivec); + break; + case 192: +- EVP_EncryptInit_ex(&ctx, EVP_aes_192_cbc(), NULL, key->ki.aes.k, ivec); ++ EVP_EncryptInit_ex(ctx, EVP_aes_192_cbc(), NULL, key->ki.aes.k, ivec); + break; + case 256: +- EVP_EncryptInit_ex(&ctx, EVP_aes_256_cbc(), NULL, key->ki.aes.k, ivec); ++ EVP_EncryptInit_ex(ctx, EVP_aes_256_cbc(), NULL, key->ki.aes.k, ivec); + break; + default: + GPF_T1 ("Unsupported key size"); + } +- if(!EVP_EncryptUpdate(&ctx, (unsigned char *)outbuf, &outlen, (unsigned char *)text, box_length (text))) ++ if(!EVP_EncryptUpdate(ctx, (unsigned char *)outbuf, &outlen, (unsigned char *)text, box_length (text))) + { +- EVP_CIPHER_CTX_cleanup(&ctx); + dk_free_box (text); + dk_free_box (outbuf_beg); + xenc_report_error (t, 500, XENC_ENC_ERR, "AES encryption internal error #2"); +@@ -1812,7 +1825,7 @@ int xenc_aes_encryptor (dk_session_t * ses_in, long seslen, dk_session_t * ses_o + xenc_report_error (t, 500, XENC_ENC_ERR, "AES encryption internal error #3"); + } */ + /* outlen += tmplen; */ +- EVP_CIPHER_CTX_cleanup(&ctx); ++ EVP_CIPHER_CTX_free(ctx); + + #else + outbuf_beg = dk_alloc_box (box_length (text) + 16 /* iv */, DV_BIN); +@@ -2045,6 +2058,7 @@ xenc_rsa_decryptor (dk_session_t * ses_in, long seslen, dk_session_t * ses_out, + int len = 0; + int keysize; + RSA * rsa = key->xek_private_rsa; ++ const BIGNUM *p, *q; + + if (!seslen) + { +@@ -2057,9 +2071,9 @@ xenc_rsa_decryptor (dk_session_t * ses_in, long seslen, dk_session_t * ses_out, + xenc_report_error (t, 500 + strlen (key->xek_name), XENC_ENC_ERR, "could not make RSA decryption [key %s is not RSA]", key->xek_name); + return 0; + } ++ RSA_get0_factors(rsa, &p, &q); + if (!rsa || +- !rsa->p || +- !rsa->q) ++ !p || !q) + { + if (key->xek_x509_KI) + key = xenc_get_key_by_keyidentifier (key->xek_x509_KI, 1); +@@ -2240,13 +2254,13 @@ int xenc_des3_encryptor (dk_session_t * ses_in, long seslen, dk_session_t * ses_ + } + + +- des_ede3_cbc_encrypt ((const unsigned char *)buf, ++ DES_ede3_cbc_encrypt ((const unsigned char *)buf, + (unsigned char *)out_buf, + (long)DES_BLOCK_LEN, +- key->ki.triple_des.ks1, +- key->ki.triple_des.ks2, +- key->ki.triple_des.ks3, +- (des_cblock*) _iv, ++ &key->ki.triple_des.ks1, ++ &key->ki.triple_des.ks2, ++ &key->ki.triple_des.ks3, ++ (DES_cblock*) _iv, + DES_ENCRYPT); + total_blocks++; + +@@ -2352,7 +2366,7 @@ int xenc_des3_decryptor (dk_session_t * ses_in_base64, long seslen, dk_session_t + END_READ_FAIL (ses_in); + for (;!failed;) + { +- des_ede3_cbc_encrypt ((const unsigned char *)buf, ++ DES_ede3_cbc_encrypt ((const unsigned char *)buf, + (unsigned char *)out_buf, + (long)DES_BLOCK_LEN, + key->ki.triple_des.ks1, +@@ -2404,7 +2418,7 @@ int xenc_des3_decryptor (dk_session_t * ses_in_base64, long seslen, dk_session_t + char out_buf[DES_BLOCK_LEN + 1]; + char *text, *text_beg; + long text_len; +- des_cblock iv; ++ DES_cblock iv; + int blocks; + + if (!seslen) +@@ -2440,12 +2454,12 @@ int xenc_des3_decryptor (dk_session_t * ses_in_base64, long seslen, dk_session_t + memcpy (buf, text, DES_BLOCK_LEN); + text += DES_BLOCK_LEN; + +- des_ede3_cbc_encrypt ((const unsigned char *)buf, ++ DES_ede3_cbc_encrypt ((const unsigned char *)buf, + (unsigned char *)out_buf, + (long)DES_BLOCK_LEN, +- key->ki.triple_des.ks1, +- key->ki.triple_des.ks2, +- key->ki.triple_des.ks3, ++ &key->ki.triple_des.ks1, ++ &key->ki.triple_des.ks2, ++ &key->ki.triple_des.ks3, + &iv, + DES_DECRYPT); + +diff --git a/libsrc/util/sslengine.c b/libsrc/util/sslengine.c +index a0833fa..8cabf9c 100644 +--- a/libsrc/util/sslengine.c ++++ b/libsrc/util/sslengine.c +@@ -29,7 +29,11 @@ + int + ssl_engine_startup (void) + { +- CRYPTO_malloc_init (); ++#if OPENSSL_VERSION_NUMBER < 0x10100000 ++ CRYPTO_malloc_init (); ++#else ++ OPENSSL_malloc_init(); ++#endif + ERR_load_crypto_strings(); + OpenSSL_add_all_algorithms(); + +-- +2.9.3 + diff --git a/dev-db/virtuoso-server/virtuoso-server-6.1.6.ebuild b/dev-db/virtuoso-server/virtuoso-server-6.1.6.ebuild index 13e3d1a..2c4f663 100644 --- a/dev-db/virtuoso-server/virtuoso-server-6.1.6.ebuild +++ b/dev-db/virtuoso-server/virtuoso-server-6.1.6.ebuild @@ -54,7 +54,7 @@ DOCS=( AUTHORS ChangeLog CREDITS INSTALL NEWS README ) PATCHES=( "${FILESDIR}/${PN}-6.1.4-unbundle-minizip.patch" - "${FILESDIR}/${PN}-6.1.6-am_config_header.patch" + "${FILESDIR}/virtuoso-opensource-build-against-openssl-1.1.0.patch" ) src_prepare() { diff --git a/dev-db/virtuoso-server/virtuoso-server-6.1.8.ebuild b/dev-db/virtuoso-server/virtuoso-server-6.1.8.ebuild index 4d41aaa..bbcf1f6 100644 --- a/dev-db/virtuoso-server/virtuoso-server-6.1.8.ebuild +++ b/dev-db/virtuoso-server/virtuoso-server-6.1.8.ebuild @@ -54,6 +54,7 @@ DOCS=( AUTHORS ChangeLog CREDITS INSTALL NEWS README ) PATCHES=( "${FILESDIR}/${PN}-6.1.4-unbundle-minizip.patch" + "${FILESDIR}/virtuoso-opensource-build-against-openssl-1.1.0.patch" ) src_prepare() {