WebSVN - Blame - Rev 46 - /ssvnc/trunk/debian/patches/openssl1.1.patch

Rev	Author	Line No.	Line
40	magnus	1	--- a/vncstorepw/ultravnc_dsm_helper.c
		2	+++ b/vncstorepw/ultravnc_dsm_helper.c
		3	@@ -414,7 +414,9 @@ void enc_do(char ciph, char keyfile, c
		4	if (strstr(p, "md5+") == p) {
		5	Digest = EVP_md5(); p += strlen("md5+");
		6	} else if (strstr(p, "sha+") == p) {
		7	- Digest = EVP_sha(); p += strlen("sha+");
		8	+ fprintf(stderr, "%s: obsolete hash algorithm: SHA-0\n",
		9	+ prog, s);
		10	+ exit(1);
		11	} else if (strstr(p, "sha1+") == p) {
		12	Digest = EVP_sha1(); p += strlen("sha1+");
		13	} else if (strstr(p, "ripe+") == p) {
		14	@@ -655,8 +657,10 @@ static void enc_xfer(int sock_fr, int so
		15	*/
		16	unsigned char E_keystr[EVP_MAX_KEY_LENGTH];
		17	unsigned char D_keystr[EVP_MAX_KEY_LENGTH];
		18	- EVP_CIPHER_CTX E_ctx, D_ctx;
		19	- EVP_CIPHER_CTX *ctx = NULL;
		20	+ //openssl1.1.patch - Do NOT create two context and only use one
		21	+ // - that's silly.
		22	+ //EVP_CIPHER_CTX E_ctx, D_ctx;
		23	+ EVP_CIPHER_CTX *ctx;
		24
		25	unsigned char buf[BSIZE], out[BSIZE];
		26	unsigned char psrc = NULL, keystr;
		27	@@ -698,11 +702,14 @@ static void enc_xfer(int sock_fr, int so
		28	encsym = encrypt ? "+" : "-";
		29
		30	/* use the encryption/decryption context variables below */
		31	+ ctx = EVP_CIPHER_CTX_new();
		32	+ if (!ctx) {
		33	+ fprintf(stderr, "Failed to create encryption/decryption context.\n");
		34	+ goto finished;
		35	+ }
		36	if (encrypt) {
		37	- ctx = &E_ctx;
		38	keystr = E_keystr;
		39	} else {
		40	- ctx = &D_ctx;
		41	keystr = D_keystr;
		42	}
		43
		44	@@ -797,7 +804,6 @@ static void enc_xfer(int sock_fr, int so
		45	if (whoops) {
		46	fprintf(stderr, "%s: %s - WARNING: MSRC4 mode and IGNORING random salt\n", prog, encstr);
		47	fprintf(stderr, "%s: %s - WARNING: and initialization vector!!\n", prog, encstr);
		48	- EVP_CIPHER_CTX_init(ctx);
		49	if (pw_in) {
		50	/* for pw=xxxx a md5 hash is used */
		51	EVP_BytesToKey(Cipher, Digest, NULL, (unsigned char *) keydata,
		52	@@ -816,7 +822,6 @@ static void enc_xfer(int sock_fr, int so
		53
		54	EVP_BytesToKey(Cipher, Digest, NULL, (unsigned char *) keydata,
		55	keydata_len, 1, keystr, ivec);
		56	- EVP_CIPHER_CTX_init(ctx);
		57	EVP_CipherInit_ex(ctx, Cipher, NULL, keystr, ivec,
		58	encrypt);
		59	}
		60	@@ -836,9 +841,9 @@ static void enc_xfer(int sock_fr, int so
		61	in_salt = salt;
		62	}
		63
		64	- if (ivec_size < Cipher->iv_len && !securevnc) {
46	magnus	65	+ if (ivec_size < EVP_CIPHER_iv_length(Cipher) && !securevnc) {
40	magnus	66	fprintf(stderr, "%s: %s - WARNING: short IV %d < %d\n",
		67	- prog, encstr, ivec_size, Cipher->iv_len);
46	magnus	68	+ prog, encstr, ivec_size, EVP_CIPHER_iv_length(Cipher));
40	magnus	69	}
		70
		71	/* make the hashed value and place in keystr */
		72	@@ -877,9 +882,6 @@ static void enc_xfer(int sock_fr, int so
		73	}
		74
		75
		76	- /* initialize the context */
		77	- EVP_CIPHER_CTX_init(ctx);
		78	-
		79
		80	/* set the cipher & initialize */
		81
		82	@@ -986,6 +988,7 @@ static void enc_xfer(int sock_fr, int so
		83	/* transfer done (viewer exited or some error) */
		84	finished:
		85
		86	+ if (ctx) EVP_CIPHER_CTX_free(ctx);
		87	fprintf(stderr, "\n%s: %s - close sock_to\n", prog, encstr);
		88	close(sock_to);
		89
		90	@@ -1060,14 +1063,14 @@ static int securevnc_server_rsa_save_dia
		91	}
		92
		93	static char rsa_md5_sum(unsigned char rsabuf) {
		94	- EVP_MD_CTX md;
41	magnus	95	+ EVP_MD_CTX *md = EVP_MD_CTX_create();
40	magnus	96	char digest[EVP_MAX_MD_SIZE], tmp[16];
		97	char md5str[EVP_MAX_MD_SIZE * 8];
		98	unsigned int i, size = 0;
		99
		100	- EVP_DigestInit(&md, EVP_md5());
		101	- EVP_DigestUpdate(&md, rsabuf, SECUREVNC_RSA_PUBKEY_SIZE);
		102	- EVP_DigestFinal(&md, (unsigned char *)digest, &size);
		103	+ EVP_DigestInit(md, EVP_md5());
		104	+ EVP_DigestUpdate(md, rsabuf, SECUREVNC_RSA_PUBKEY_SIZE);
		105	+ EVP_DigestFinal(md, (unsigned char *)digest, &size);
		106
		107	memset(md5str, 0, sizeof(md5str));
		108	for (i=0; i < size; i++) {
		109	@@ -1075,6 +1078,7 @@ static char rsa_md5_sum(unsigned char
		110	sprintf(tmp, "%02x", (int) uc);
		111	strcat(md5str, tmp);
		112	}
41	magnus	113	+ EVP_MD_CTX_destroy(md);
40	magnus	114	return strdup(md5str);
		115	}
		116
		117	@@ -1184,7 +1188,7 @@ static void sslexit(char *msg) {
		118
		119	static void securevnc_setup(int conn1, int conn2) {
		120	RSA *rsa = NULL;
		121	- EVP_CIPHER_CTX init_ctx;
		122	+ EVP_CIPHER_CTX *init_ctx = EVP_CIPHER_CTX_new();
		123	unsigned char keystr[EVP_MAX_KEY_LENGTH];
		124	unsigned char rsabuf, rsasav;
		125	unsigned char *encrypted_keybuf;
		126	@@ -1203,6 +1207,8 @@ static void securevnc_setup(int conn1, i
		127
		128	ERR_load_crypto_strings();
		129
		130	+ if (!init_ctx) sslexit("securevnc_setup: EVP_CIPHER_CTX_new() failed");
		131	+
		132	/* alloc and read from server the 270 comprising the rsa public key: */
		133	rsabuf = (unsigned char *) calloc(SECUREVNC_RSA_PUBKEY_SIZE, 1);
		134	rsasav = (unsigned char *) calloc(SECUREVNC_RSA_PUBKEY_SIZE, 1);
		135	@@ -1323,8 +1329,7 @@ static void securevnc_setup(int conn1, i
		136	/*
		137	* Back to the work involving the tmp obscuring key:
		138	*/
		139	- EVP_CIPHER_CTX_init(&init_ctx);
		140	- rc = EVP_CipherInit_ex(&init_ctx, EVP_rc4(), NULL, initkey, NULL, 1);
		141	+ rc = EVP_CipherInit_ex(init_ctx, EVP_rc4(), NULL, initkey, NULL, 1);
		142	if (rc == 0) {
		143	sslexit("securevnc_setup: EVP_CipherInit_ex(init_ctx) failed");
		144	}
		145	@@ -1340,13 +1345,13 @@ static void securevnc_setup(int conn1, i
		146	/* decode with the tmp key */
		147	if (n > 0) {
		148	memset(to_viewer, 0, sizeof(to_viewer));
		149	- if (EVP_CipherUpdate(&init_ctx, to_viewer, &len, buf, n) == 0) {
		150	+ if (EVP_CipherUpdate(init_ctx, to_viewer, &len, buf, n) == 0) {
		151	sslexit("securevnc_setup: EVP_CipherUpdate(init_ctx) failed");
		152	exit(1);
		153	}
		154	to_viewer_len = len;
		155	}
		156	- EVP_CIPHER_CTX_cleanup(&init_ctx);
		157	+ EVP_CIPHER_CTX_free(init_ctx);
		158	free(initkey);
		159
		160	/* print what we would send to the viewer (sent below): */
		161	@@ -1407,7 +1412,7 @@ static void securevnc_setup(int conn1, i
		162
		163	if (client_auth_req && client_auth) {
		164	RSA *client_rsa = load_client_auth(client_auth);
		165	- EVP_MD_CTX dctx;
41	magnus	166	+ EVP_MD_CTX *dctx = EVP_MD_CTX_create();
40	magnus	167	unsigned char digest[EVP_MAX_MD_SIZE], *signature;
		168	unsigned int ndig = 0, nsig = 0;
		169
		170	@@ -1421,8 +1426,8 @@ static void securevnc_setup(int conn1, i
		171	exit(1);
		172	}
		173
		174	- EVP_DigestInit(&dctx, EVP_sha1());
		175	- EVP_DigestUpdate(&dctx, keystr, SECUREVNC_KEY_SIZE);
		176	+ EVP_DigestInit(dctx, EVP_sha1());
		177	+ EVP_DigestUpdate(dctx, keystr, SECUREVNC_KEY_SIZE);
		178	/*
		179	* Without something like the following MITM is still possible.
		180	* This is because the MITM knows keystr and can use it with
		181	@@ -1433,7 +1438,7 @@ static void securevnc_setup(int conn1, i
		182	* he doesn't have Viewer_ClientAuth.pkey.
		183	*/
		184	if (0) {
		185	- EVP_DigestUpdate(&dctx, rsasav, SECUREVNC_RSA_PUBKEY_SIZE);
		186	+ EVP_DigestUpdate(dctx, rsasav, SECUREVNC_RSA_PUBKEY_SIZE);
		187	if (!keystore_verified) {
		188	fprintf(stderr, "securevnc_setup:\n");
		189	fprintf(stderr, "securevnc_setup: Warning: even WITH Client Authentication in SecureVNC,\n");
		190	@@ -1456,7 +1461,8 @@ static void securevnc_setup(int conn1, i
		191	fprintf(stderr, "securevnc_setup:\n");
		192	}
		193	}
		194	- EVP_DigestFinal(&dctx, (unsigned char *)digest, &ndig);
		195	+ EVP_DigestFinal(dctx, (unsigned char *)digest, &ndig);
41	magnus	196	+ EVP_MD_CTX_destroy(dctx);
40	magnus	197
		198	signature = (unsigned char *) calloc(RSA_size(client_rsa), 1);
		199	RSA_sign(NID_sha1, digest, ndig, signature, &nsig, client_rsa);

Subversion Repositories

(root)/ssvnc/trunk/debian/patches/openssl1.1.patch @ 59 - Rev 46