Rev 41 | Details | Compare with Previous | Last modification | View Log | RSS feed
Rev | Author | Line No. | Line |
---|---|---|---|
40 | magnus | 1 | --- a/vncstorepw/ultravnc_dsm_helper.c |
2 | +++ b/vncstorepw/ultravnc_dsm_helper.c |
||
3 | @@ -414,7 +414,9 @@ void enc_do(char *ciph, char *keyfile, c |
||
4 | if (strstr(p, "md5+") == p) { |
||
5 | Digest = EVP_md5(); p += strlen("md5+"); |
||
6 | } else if (strstr(p, "sha+") == p) { |
||
7 | - Digest = EVP_sha(); p += strlen("sha+"); |
||
8 | + fprintf(stderr, "%s: obsolete hash algorithm: SHA-0\n", |
||
9 | + prog, s); |
||
10 | + exit(1); |
||
11 | } else if (strstr(p, "sha1+") == p) { |
||
12 | Digest = EVP_sha1(); p += strlen("sha1+"); |
||
13 | } else if (strstr(p, "ripe+") == p) { |
||
14 | @@ -655,8 +657,10 @@ static void enc_xfer(int sock_fr, int so |
||
15 | */ |
||
16 | unsigned char E_keystr[EVP_MAX_KEY_LENGTH]; |
||
17 | unsigned char D_keystr[EVP_MAX_KEY_LENGTH]; |
||
18 | - EVP_CIPHER_CTX E_ctx, D_ctx; |
||
19 | - EVP_CIPHER_CTX *ctx = NULL; |
||
20 | + //openssl1.1.patch - Do NOT create two context and only use one |
||
21 | + // - that's silly. |
||
22 | + //EVP_CIPHER_CTX *E_ctx, *D_ctx; |
||
23 | + EVP_CIPHER_CTX *ctx; |
||
24 | |||
25 | unsigned char buf[BSIZE], out[BSIZE]; |
||
26 | unsigned char *psrc = NULL, *keystr; |
||
27 | @@ -698,11 +702,14 @@ static void enc_xfer(int sock_fr, int so |
||
28 | encsym = encrypt ? "+" : "-"; |
||
29 | |||
30 | /* use the encryption/decryption context variables below */ |
||
31 | + ctx = EVP_CIPHER_CTX_new(); |
||
32 | + if (!ctx) { |
||
33 | + fprintf(stderr, "Failed to create encryption/decryption context.\n"); |
||
34 | + goto finished; |
||
35 | + } |
||
36 | if (encrypt) { |
||
37 | - ctx = &E_ctx; |
||
38 | keystr = E_keystr; |
||
39 | } else { |
||
40 | - ctx = &D_ctx; |
||
41 | keystr = D_keystr; |
||
42 | } |
||
43 | |||
44 | @@ -797,7 +804,6 @@ static void enc_xfer(int sock_fr, int so |
||
45 | if (whoops) { |
||
46 | fprintf(stderr, "%s: %s - WARNING: MSRC4 mode and IGNORING random salt\n", prog, encstr); |
||
47 | fprintf(stderr, "%s: %s - WARNING: and initialization vector!!\n", prog, encstr); |
||
48 | - EVP_CIPHER_CTX_init(ctx); |
||
49 | if (pw_in) { |
||
50 | /* for pw=xxxx a md5 hash is used */ |
||
51 | EVP_BytesToKey(Cipher, Digest, NULL, (unsigned char *) keydata, |
||
52 | @@ -816,7 +822,6 @@ static void enc_xfer(int sock_fr, int so |
||
53 | |||
54 | EVP_BytesToKey(Cipher, Digest, NULL, (unsigned char *) keydata, |
||
55 | keydata_len, 1, keystr, ivec); |
||
56 | - EVP_CIPHER_CTX_init(ctx); |
||
57 | EVP_CipherInit_ex(ctx, Cipher, NULL, keystr, ivec, |
||
58 | encrypt); |
||
59 | } |
||
60 | @@ -836,9 +841,9 @@ static void enc_xfer(int sock_fr, int so |
||
61 | in_salt = salt; |
||
62 | } |
||
63 | |||
64 | - if (ivec_size < Cipher->iv_len && !securevnc) { |
||
46 | magnus | 65 | + if (ivec_size < EVP_CIPHER_iv_length(Cipher) && !securevnc) { |
40 | magnus | 66 | fprintf(stderr, "%s: %s - WARNING: short IV %d < %d\n", |
67 | - prog, encstr, ivec_size, Cipher->iv_len); |
||
46 | magnus | 68 | + prog, encstr, ivec_size, EVP_CIPHER_iv_length(Cipher)); |
40 | magnus | 69 | } |
70 | |||
71 | /* make the hashed value and place in keystr */ |
||
72 | @@ -877,9 +882,6 @@ static void enc_xfer(int sock_fr, int so |
||
73 | } |
||
74 | |||
75 | |||
76 | - /* initialize the context */ |
||
77 | - EVP_CIPHER_CTX_init(ctx); |
||
78 | - |
||
79 | |||
80 | /* set the cipher & initialize */ |
||
81 | |||
82 | @@ -986,6 +988,7 @@ static void enc_xfer(int sock_fr, int so |
||
83 | /* transfer done (viewer exited or some error) */ |
||
84 | finished: |
||
85 | |||
86 | + if (ctx) EVP_CIPHER_CTX_free(ctx); |
||
87 | fprintf(stderr, "\n%s: %s - close sock_to\n", prog, encstr); |
||
88 | close(sock_to); |
||
89 | |||
90 | @@ -1060,14 +1063,14 @@ static int securevnc_server_rsa_save_dia |
||
91 | } |
||
92 | |||
93 | static char *rsa_md5_sum(unsigned char* rsabuf) { |
||
94 | - EVP_MD_CTX md; |
||
41 | magnus | 95 | + EVP_MD_CTX *md = EVP_MD_CTX_create(); |
40 | magnus | 96 | char digest[EVP_MAX_MD_SIZE], tmp[16]; |
97 | char md5str[EVP_MAX_MD_SIZE * 8]; |
||
98 | unsigned int i, size = 0; |
||
99 | |||
100 | - EVP_DigestInit(&md, EVP_md5()); |
||
101 | - EVP_DigestUpdate(&md, rsabuf, SECUREVNC_RSA_PUBKEY_SIZE); |
||
102 | - EVP_DigestFinal(&md, (unsigned char *)digest, &size); |
||
103 | + EVP_DigestInit(md, EVP_md5()); |
||
104 | + EVP_DigestUpdate(md, rsabuf, SECUREVNC_RSA_PUBKEY_SIZE); |
||
105 | + EVP_DigestFinal(md, (unsigned char *)digest, &size); |
||
106 | |||
107 | memset(md5str, 0, sizeof(md5str)); |
||
108 | for (i=0; i < size; i++) { |
||
109 | @@ -1075,6 +1078,7 @@ static char *rsa_md5_sum(unsigned char* |
||
110 | sprintf(tmp, "%02x", (int) uc); |
||
111 | strcat(md5str, tmp); |
||
112 | } |
||
41 | magnus | 113 | + EVP_MD_CTX_destroy(md); |
40 | magnus | 114 | return strdup(md5str); |
115 | } |
||
116 | |||
117 | @@ -1184,7 +1188,7 @@ static void sslexit(char *msg) { |
||
118 | |||
119 | static void securevnc_setup(int conn1, int conn2) { |
||
120 | RSA *rsa = NULL; |
||
121 | - EVP_CIPHER_CTX init_ctx; |
||
122 | + EVP_CIPHER_CTX *init_ctx = EVP_CIPHER_CTX_new(); |
||
123 | unsigned char keystr[EVP_MAX_KEY_LENGTH]; |
||
124 | unsigned char *rsabuf, *rsasav; |
||
125 | unsigned char *encrypted_keybuf; |
||
126 | @@ -1203,6 +1207,8 @@ static void securevnc_setup(int conn1, i |
||
127 | |||
128 | ERR_load_crypto_strings(); |
||
129 | |||
130 | + if (!init_ctx) sslexit("securevnc_setup: EVP_CIPHER_CTX_new() failed"); |
||
131 | + |
||
132 | /* alloc and read from server the 270 comprising the rsa public key: */ |
||
133 | rsabuf = (unsigned char *) calloc(SECUREVNC_RSA_PUBKEY_SIZE, 1); |
||
134 | rsasav = (unsigned char *) calloc(SECUREVNC_RSA_PUBKEY_SIZE, 1); |
||
135 | @@ -1323,8 +1329,7 @@ static void securevnc_setup(int conn1, i |
||
136 | /* |
||
137 | * Back to the work involving the tmp obscuring key: |
||
138 | */ |
||
139 | - EVP_CIPHER_CTX_init(&init_ctx); |
||
140 | - rc = EVP_CipherInit_ex(&init_ctx, EVP_rc4(), NULL, initkey, NULL, 1); |
||
141 | + rc = EVP_CipherInit_ex(init_ctx, EVP_rc4(), NULL, initkey, NULL, 1); |
||
142 | if (rc == 0) { |
||
143 | sslexit("securevnc_setup: EVP_CipherInit_ex(init_ctx) failed"); |
||
144 | } |
||
145 | @@ -1340,13 +1345,13 @@ static void securevnc_setup(int conn1, i |
||
146 | /* decode with the tmp key */ |
||
147 | if (n > 0) { |
||
148 | memset(to_viewer, 0, sizeof(to_viewer)); |
||
149 | - if (EVP_CipherUpdate(&init_ctx, to_viewer, &len, buf, n) == 0) { |
||
150 | + if (EVP_CipherUpdate(init_ctx, to_viewer, &len, buf, n) == 0) { |
||
151 | sslexit("securevnc_setup: EVP_CipherUpdate(init_ctx) failed"); |
||
152 | exit(1); |
||
153 | } |
||
154 | to_viewer_len = len; |
||
155 | } |
||
156 | - EVP_CIPHER_CTX_cleanup(&init_ctx); |
||
157 | + EVP_CIPHER_CTX_free(init_ctx); |
||
158 | free(initkey); |
||
159 | |||
160 | /* print what we would send to the viewer (sent below): */ |
||
161 | @@ -1407,7 +1412,7 @@ static void securevnc_setup(int conn1, i |
||
162 | |||
163 | if (client_auth_req && client_auth) { |
||
164 | RSA *client_rsa = load_client_auth(client_auth); |
||
165 | - EVP_MD_CTX dctx; |
||
41 | magnus | 166 | + EVP_MD_CTX *dctx = EVP_MD_CTX_create(); |
40 | magnus | 167 | unsigned char digest[EVP_MAX_MD_SIZE], *signature; |
168 | unsigned int ndig = 0, nsig = 0; |
||
169 | |||
170 | @@ -1421,8 +1426,8 @@ static void securevnc_setup(int conn1, i |
||
171 | exit(1); |
||
172 | } |
||
173 | |||
174 | - EVP_DigestInit(&dctx, EVP_sha1()); |
||
175 | - EVP_DigestUpdate(&dctx, keystr, SECUREVNC_KEY_SIZE); |
||
176 | + EVP_DigestInit(dctx, EVP_sha1()); |
||
177 | + EVP_DigestUpdate(dctx, keystr, SECUREVNC_KEY_SIZE); |
||
178 | /* |
||
179 | * Without something like the following MITM is still possible. |
||
180 | * This is because the MITM knows keystr and can use it with |
||
181 | @@ -1433,7 +1438,7 @@ static void securevnc_setup(int conn1, i |
||
182 | * he doesn't have Viewer_ClientAuth.pkey. |
||
183 | */ |
||
184 | if (0) { |
||
185 | - EVP_DigestUpdate(&dctx, rsasav, SECUREVNC_RSA_PUBKEY_SIZE); |
||
186 | + EVP_DigestUpdate(dctx, rsasav, SECUREVNC_RSA_PUBKEY_SIZE); |
||
187 | if (!keystore_verified) { |
||
188 | fprintf(stderr, "securevnc_setup:\n"); |
||
189 | fprintf(stderr, "securevnc_setup: Warning: even *WITH* Client Authentication in SecureVNC,\n"); |
||
190 | @@ -1456,7 +1461,8 @@ static void securevnc_setup(int conn1, i |
||
191 | fprintf(stderr, "securevnc_setup:\n"); |
||
192 | } |
||
193 | } |
||
194 | - EVP_DigestFinal(&dctx, (unsigned char *)digest, &ndig); |
||
195 | + EVP_DigestFinal(dctx, (unsigned char *)digest, &ndig); |
||
41 | magnus | 196 | + EVP_MD_CTX_destroy(dctx); |
40 | magnus | 197 | |
198 | signature = (unsigned char *) calloc(RSA_size(client_rsa), 1); |
||
199 | RSA_sign(NID_sha1, digest, ndig, signature, &nsig, client_rsa); |