Attachment #553078 for bug #663994

Lines 885-891 Link Here

(-)a/lib/ext/wocky/wocky/wocky-openssl.c.orig (-6 / +34 lines)
885	int i;	885	int i;
886	gboolean rval = FALSE;	886	gboolean rval = FALSE;
887	X509_NAME *subject = X509_get_subject_name (cert);	887	X509_NAME *subject = X509_get_subject_name (cert);
888	X509_CINF *ci = cert->cert_info;	888	#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
		889	const STACK_OF(X509_EXTENSION)* extensions = X509_get0_extensions(cert);
		890	#else
		891	const STACK_OF(X509_EXTENSION)* extensions = cert->cert_info->extensions;
		892	#endif
889	static const long nid[] = { NID_commonName, NID_subject_alt_name, NID_undef };	893	static const long nid[] = { NID_commonName, NID_subject_alt_name, NID_undef };
890	/* first, see if the x509 name contains the info we want: */	894	/* first, see if the x509 name contains the info we want: */
Lines 906-921 Link Here
906	* and extract the subject_alt_name from the x509 v3 extensions: if that *	910	* and extract the subject_alt_name from the x509 v3 extensions: if that *
907	* extension is present, and a string, use that. If it is present, and *	911	* extension is present, and a string, use that. If it is present, and *
908	* a multi-value stack, trawl it for the "DNS" entry and use that */	912	* a multi-value stack, trawl it for the "DNS" entry and use that */
909	if (!rval && (ci->extensions != NULL))	913	if (!rval && (extensions != NULL))
910	for (i = 0; i < sk_X509_EXTENSION_num(ci->extensions) && !rval; i++)	914	for (i = 0; i < sk_X509_EXTENSION_num(extensions) && !rval; i++)
911	{	915	{
912	X509_EXTENSION *ext = sk_X509_EXTENSION_value (ci->extensions, i);	916	X509_EXTENSION *ext = sk_X509_EXTENSION_value (extensions, i);
913	ASN1_OBJECT *obj = X509_EXTENSION_get_object (ext);	917	ASN1_OBJECT *obj = X509_EXTENSION_get_object (ext);
914	X509V3_EXT_METHOD *convert = NULL;	918	X509V3_EXT_METHOD *convert = NULL;
915	long ni = OBJ_obj2nid (obj);	919	long ni = OBJ_obj2nid (obj);
916	const guchar *p;	920	const guchar *p;
917	char *value = NULL;	921	char *value = NULL;
		922	#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
		923	const ASN1_OCTET_STRING* ext_value = X509_EXTENSION_get_data(ext);
		924	int len = ASN1_STRING_length(ext_value);
		925	#else
918	int len = ext->value->length;	926	int len = ext->value->length;
		927	#endif
919	void *ext_str = NULL;	928	void *ext_str = NULL;
920	if (ni != NID_subject_alt_name)	929	if (ni != NID_subject_alt_name)
Lines 927-933 Link Here
927	if ((convert = (X509V3_EXT_METHOD *) X509V3_EXT_get (ext)) == NULL)	936	if ((convert = (X509V3_EXT_METHOD *) X509V3_EXT_get (ext)) == NULL)
928	continue;	937	continue;
		938	#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
		939	p = ASN1_STRING_get0_data(ext_value);
		940	#else
929	p = ext->value->data;	941	p = ext->value->data;
		942	#endif
930	ext_str = ((convert->it != NULL) ?	943	ext_str = ((convert->it != NULL) ?
931	ASN1_item_d2i (NULL, &p, len, ASN1_ITEM_ptr(convert->it)) :	944	ASN1_item_d2i (NULL, &p, len, ASN1_ITEM_ptr(convert->it)) :
932	convert->d2i (NULL, &p, len) );	945	convert->d2i (NULL, &p, len) );
Lines 1119-1131 Link Here
1119	X509_STORE *store = SSL_CTX_get_cert_store(session->ctx);	1132	X509_STORE *store = SSL_CTX_get_cert_store(session->ctx);
1120	X509 *cert = SSL_get_peer_certificate (session->ssl);	1133	X509 *cert = SSL_get_peer_certificate (session->ssl);
1121	STACK_OF(X509) *chain = SSL_get_peer_cert_chain (session->ssl);	1134	STACK_OF(X509) *chain = SSL_get_peer_cert_chain (session->ssl);
		1135	#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
		1136	X509_VERIFY_PARAM* param = X509_STORE_get0_param(store);
		1137	long old_flags = X509_VERIFY_PARAM_get_flags(param);
		1138	#else
1122	long old_flags = store->param->flags;	1139	long old_flags = store->param->flags;
		1140	#endif
1123	long new_flags = old_flags;	1141	long new_flags = old_flags;
1124	DEBUG("No CRL available, but not in strict mode - re-verifying");	1142	DEBUG("No CRL available, but not in strict mode - re-verifying");
1125	new_flags &= ~(X509_V_FLAG_CRL_CHECK\|X509_V_FLAG_CRL_CHECK_ALL);	1143	new_flags &= ~(X509_V_FLAG_CRL_CHECK\|X509_V_FLAG_CRL_CHECK_ALL);
		1144	#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
		1145	X509_VERIFY_PARAM_set_flags(param, new_flags);
		1146	#else
1126	store->param->flags = new_flags;	1147	store->param->flags = new_flags;
		1148	#endif
1127	X509_STORE_CTX_init (xctx, store, cert, chain);	1149	X509_STORE_CTX_init (xctx, store, cert, chain);
1128	X509_STORE_CTX_set_flags (xctx, new_flags);	1150	X509_STORE_CTX_set_flags (xctx, new_flags);
Lines 1135-1141 Link Here
1135	status = _cert_status (session, new_code, level, ssl_code);	1157	status = _cert_status (session, new_code, level, ssl_code);
1136	}	1158	}
		1159	#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
		1160	X509_VERIFY_PARAM_set_flags(param, old_flags);
		1161	#else
1137	store->param->flags = old_flags;	1162	store->param->flags = old_flags;
		1163	#endif
1138	X509_STORE_CTX_free (xctx);	1164	X509_STORE_CTX_free (xctx);
1139	X509_free (cert);	1165	X509_free (cert);
Lines 1674-1685 Link Here
1674	if G_UNLIKELY (g_once_init_enter (&initialised))	1700	if G_UNLIKELY (g_once_init_enter (&initialised))
1675	{	1701	{
		1702	#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
		1703	DEBUG ("initialising SSL library and error strings");
		1704	#else
1676	gint malloc_init_succeeded;	1705	gint malloc_init_succeeded;
1677
1678	DEBUG ("initialising SSL library and error strings");	1706	DEBUG ("initialising SSL library and error strings");
1679
1680	malloc_init_succeeded = CRYPTO_malloc_init ();	1707	malloc_init_succeeded = CRYPTO_malloc_init ();
1681	g_warn_if_fail (malloc_init_succeeded);	1708	g_warn_if_fail (malloc_init_succeeded);
		1709	#endif
1682	SSL_library_init ();	1710	SSL_library_init ();
1683	SSL_load_error_strings ();	1711	SSL_load_error_strings ();

Lines 36-46 Link Here

(-)a/lib/ext/wocky/wocky/wocky-openssl-dh2048.c.orig (+10 lines)
36	0x02,	36	0x02,
37	};	37	};
38	DH *dh;	38	DH *dh;
		39	#if OPENSSL_VERSION_NUMBER >= 0x10100000L
		40	int r = 0;
		41	#endif
39	if ((dh=DH_new()) == NULL) return(NULL);	42	if ((dh=DH_new()) == NULL) return(NULL);
		43	#if OPENSSL_VERSION_NUMBER >= 0x10100000L
		44	r = DH_set0_pqg(dh, BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL),
		45	NULL, BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL));
		46	if (!r)
		47	{ DH_free(dh); return(NULL); }
		48	#else
40	dh->p=BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL);	49	dh->p=BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL);
41	dh->g=BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL);	50	dh->g=BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL);
42	if ((dh->p == NULL) \|\| (dh->g == NULL))	51	if ((dh->p == NULL) \|\| (dh->g == NULL))
43	{ DH_free(dh); return(NULL); }	52	{ DH_free(dh); return(NULL); }
		53	#endif
44	return(dh);	54	return(dh);
45	}	55	}

Lines 57-67 Link Here

(-)a/lib/ext/wocky/wocky/wocky-openssl-dh4096.c.orig (+10 lines)
57	0x02,	57	0x02,
58	};	58	};
59	DH *dh;	59	DH *dh;
		60	#if OPENSSL_VERSION_NUMBER >= 0x10100000L
		61	int r = 0;
		62	#endif
60	if ((dh=DH_new()) == NULL) return(NULL);	63	if ((dh=DH_new()) == NULL) return(NULL);
		64	#if OPENSSL_VERSION_NUMBER >= 0x10100000L
		65	r = DH_set0_pqg(dh, BN_bin2bn(dh4096_p,sizeof(dh4096_p),NULL),
		66	NULL, BN_bin2bn(dh4096_g,sizeof(dh4096_g),NULL));
		67	if (!r)
		68	{ DH_free(dh); return(NULL); }
		69	#else
61	dh->p=BN_bin2bn(dh4096_p,sizeof(dh4096_p),NULL);	70	dh->p=BN_bin2bn(dh4096_p,sizeof(dh4096_p),NULL);
62	dh->g=BN_bin2bn(dh4096_g,sizeof(dh4096_g),NULL);	71	dh->g=BN_bin2bn(dh4096_g,sizeof(dh4096_g),NULL);
63	if ((dh->p == NULL) \|\| (dh->g == NULL))	72	if ((dh->p == NULL) \|\| (dh->g == NULL))
64	{ DH_free(dh); return(NULL); }	73	{ DH_free(dh); return(NULL); }
		74	#endif
65	return(dh);	75	return(dh);
66	}	76	}

Lines 25-35 Link Here

(-)a/lib/ext/wocky/wocky/wocky-openssl-dh1024.c.orig (+10 lines)
25	0x02,	25	0x02,
26	};	26	};
27	DH *dh;	27	DH *dh;
		28	#if OPENSSL_VERSION_NUMBER >= 0x10100000L
		29	int r = 0;
		30	#endif
28	if ((dh=DH_new()) == NULL) return(NULL);	31	if ((dh=DH_new()) == NULL) return(NULL);
		32	#if OPENSSL_VERSION_NUMBER >= 0x10100000L
		33	r = DH_set0_pqg(dh, BN_bin2bn(dh1024_p,sizeof(dh1024_p),NULL),
		34	NULL, BN_bin2bn(dh1024_g,sizeof(dh1024_g),NULL));
		35	if (!r)
		36	{ DH_free(dh); return(NULL); }
		37	#else
29	dh->p=BN_bin2bn(dh1024_p,sizeof(dh1024_p),NULL);	38	dh->p=BN_bin2bn(dh1024_p,sizeof(dh1024_p),NULL);
30	dh->g=BN_bin2bn(dh1024_g,sizeof(dh1024_g),NULL);	39	dh->g=BN_bin2bn(dh1024_g,sizeof(dh1024_g),NULL);
31	if ((dh->p == NULL) \|\| (dh->g == NULL))	40	if ((dh->p == NULL) \|\| (dh->g == NULL))
32	{ DH_free(dh); return(NULL); }	41	{ DH_free(dh); return(NULL); }
		42	#endif
33	return(dh);	43	return(dh);
34	}	44	}

Lines 20-30 Link Here

(-)a/lib/ext/wocky/wocky/wocky-openssl-dh512.c.orig (+10 lines)
20	0x02,	20	0x02,
21	};	21	};
22	DH *dh;	22	DH *dh;
		23	#if OPENSSL_VERSION_NUMBER >= 0x10100000L
		24	int r = 0;
		25	#endif
23	if ((dh=DH_new()) == NULL) return(NULL);	26	if ((dh=DH_new()) == NULL) return(NULL);
		27	#if OPENSSL_VERSION_NUMBER >= 0x10100000L
		28	r = DH_set0_pqg(dh, BN_bin2bn(dh512_p,sizeof(dh512_p),NULL),
		29	NULL, BN_bin2bn(dh512_g,sizeof(dh512_g),NULL));
		30	if (!r)
		31	{ DH_free(dh); return(NULL); }
		32	#else
24	dh->p=BN_bin2bn(dh512_p,sizeof(dh512_p),NULL);	33	dh->p=BN_bin2bn(dh512_p,sizeof(dh512_p),NULL);
25	dh->g=BN_bin2bn(dh512_g,sizeof(dh512_g),NULL);	34	dh->g=BN_bin2bn(dh512_g,sizeof(dh512_g),NULL);
26	if ((dh->p == NULL) \|\| (dh->g == NULL))	35	if ((dh->p == NULL) \|\| (dh->g == NULL))
27	{ DH_free(dh); return(NULL); }	36	{ DH_free(dh); return(NULL); }
		37	#endif
28	return(dh);	38	return(dh);
29	}	39	}

Return to bug 663994