Bug#847611: Patch

Sun, 17 Dec 2017 09:39:17 -0800 

Control: tag -1 patch -fixed-upstream

I don't see where the direct struct access issues have been fixed
upstream, the source code snapshot available from
http://www.kermitproject.org/ckdaily.html still has lots of those.

I have prepared a patch that fixes building with OpenSSL 1.1 and would
appreciate a review.

Cheers,
-Hilko

Index: ckermit-302/ck_ssl.c
===================================================================
--- ckermit-302.orig/ck_ssl.c
+++ ckermit-302/ck_ssl.c
@@ -301,7 +301,7 @@ X509_STORE_CTX *ctx;
                 break;
             default:
                 printf("Error %d while verifying certificate.\r\n",
-                       ctx->error);
+                       X509_STORE_CTX_get_error(ctx));
                 break;
             }
         }
@@ -933,13 +933,15 @@ static DH *
 get_dh512()
 {
     DH *dh=NULL;
+    BIGNUM *p, *g;
 
     if ((dh=DH_new()) == NULL)
         return(NULL);
-    dh->p=BN_bin2bn(dh512_p,sizeof(dh512_p),NULL);
-    dh->g=BN_bin2bn(dh512_g,sizeof(dh512_g),NULL);
-    if ((dh->p == NULL) || (dh->g == NULL))
+    p=BN_bin2bn(dh512_p,sizeof(dh512_p),NULL);
+    g=BN_bin2bn(dh512_g,sizeof(dh512_g),NULL);
+    if ((p == NULL) || (g == NULL))
         return(NULL);
+    DH_set0_pqg(dh, p, NULL, g);
     return(dh);
 }
 
@@ -947,13 +949,15 @@ static DH *
 get_dh768()
 {
     DH *dh=NULL;
+    BIGNUM *p, *g;
 
     if ((dh=DH_new()) == NULL)
         return(NULL);
-    dh->p=BN_bin2bn(dh768_p,sizeof(dh768_p),NULL);
-    dh->g=BN_bin2bn(dh768_g,sizeof(dh768_g),NULL);
-    if ((dh->p == NULL) || (dh->g == NULL))
+    p=BN_bin2bn(dh768_p,sizeof(dh768_p),NULL);
+    g=BN_bin2bn(dh768_g,sizeof(dh768_g),NULL);
+    if ((p == NULL) || (g == NULL))
         return(NULL);
+    DH_set0_pqg(dh, p, NULL, g);
     return(dh);
 }
 
@@ -961,13 +965,15 @@ static DH *
 get_dh1024()
 {
     DH *dh=NULL;
+    BIGNUM *p, *g;
 
     if ((dh=DH_new()) == NULL)
         return(NULL);
-    dh->p=BN_bin2bn(dh1024_p,sizeof(dh1024_p),NULL);
-    dh->g=BN_bin2bn(dh1024_g,sizeof(dh1024_g),NULL);
-    if ((dh->p == NULL) || (dh->g == NULL))
+    p=BN_bin2bn(dh1024_p,sizeof(dh1024_p),NULL);
+    g=BN_bin2bn(dh1024_g,sizeof(dh1024_g),NULL);
+    if ((p == NULL) || (g == NULL))
         return(NULL);
+    DH_set0_pqg(dh, p, NULL, g);
     return(dh);
 }
 
@@ -975,13 +981,15 @@ static DH *
 get_dh1536()
 {
     DH *dh=NULL;
+    BIGNUM *p, *g;
 
     if ((dh=DH_new()) == NULL)
         return(NULL);
-    dh->p=BN_bin2bn(dh1536_p,sizeof(dh1536_p),NULL);
-    dh->g=BN_bin2bn(dh1536_g,sizeof(dh1536_g),NULL);
-    if ((dh->p == NULL) || (dh->g == NULL))
+    p=BN_bin2bn(dh1536_p,sizeof(dh1536_p),NULL);
+    g=BN_bin2bn(dh1536_g,sizeof(dh1536_g),NULL);
+    if ((p == NULL) || (g == NULL))
         return(NULL);
+    DH_set0_pqg(dh, p, NULL, g);
     return(dh);
 }
 
@@ -989,13 +997,15 @@ static DH *
 get_dh2048()
 {
     DH *dh=NULL;
+    BIGNUM *p, *g;
 
     if ((dh=DH_new()) == NULL)
         return(NULL);
-    dh->p=BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL);
-    dh->g=BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL);
-    if ((dh->p == NULL) || (dh->g == NULL))
+    p=BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL);
+    g=BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL);
+    if ((p == NULL) || (g == NULL))
         return(NULL);
+    DH_set0_pqg(dh, p, NULL, g);
     return(dh);
 }
 #endif /* NO_DH */
@@ -1054,10 +1064,11 @@ ssl_display_comp(SSL * ssl)
     if (ssl == NULL)
         return;
 
-    if (ssl->expand == NULL || ssl->expand->meth == NULL)
+    COMP_METHOD *x = SSL_get_current_expansion(ssl);
+    if (x)
         printf("Compression: None\r\n");
     else {
-        printf("Compression: %s\r\n",ssl->expand->meth->name);
+        printf("Compression: %s\r\n",SSL_COMP_get0_name(x));
     }
 }
 
@@ -1457,13 +1468,15 @@ the build.\r\n\r\n");
 
 #ifdef ZLIB
     cm = COMP_zlib();
-    if (cm != NULL && cm->type != NID_undef) {
+    if (cm != NULL && SSL_COMP_get_id(cm) != NID_undef) {
         SSL_COMP_add_compression_method(0xe0, cm); /* EAY's ZLIB ID */
     }
 #endif /* ZLIB */
+#if 0 /* COMP_rle has apparently been removed in OpenSSL 1.1 */
     cm = COMP_rle();
     if (cm != NULL && cm->type != NID_undef)
         SSL_COMP_add_compression_method(0xe1, cm); /* EAY's RLE ID */
+#endif
 
     /* Ensure the Random number generator has enough entropy */
     if ( !RAND_status() ) {
@@ -1483,12 +1496,14 @@ the build.\r\n\r\n");
         }
         debug(F110,"ssl_rnd_file",ssl_rnd_file,0);
 
+#ifndef OPENSSL_NO_EGD
         rc1 = RAND_egd(ssl_rnd_file);
         debug(F111,"ssl_once_init","RAND_egd()",rc1);
         if ( rc1 <= 0 ) {
             rc2 = RAND_load_file(ssl_rnd_file, -1);
             debug(F111,"ssl_once_init","RAND_load_file()",rc1);
         }
+#endif 
 
         if ( rc1 <= 0 && !rc2 )
         {
@@ -2583,7 +2598,7 @@ ssl_anonymous_cipher(ssl) SSL * ssl;
 int
 ssl_verify_crl(int ok, X509_STORE_CTX *ctx)
 {
-    X509_OBJECT obj;
+    X509_OBJECT *obj = X509_OBJECT_new();
     X509_NAME *subject = NULL;
     X509_NAME *issuer = NULL;
     X509 *xs = NULL;
@@ -2649,11 +2664,10 @@ ssl_verify_crl(int ok, X509_STORE_CTX *c
      * Try to retrieve a CRL corresponding to the _subject_ of
      * the current certificate in order to verify it's integrity.
      */
-    memset((char *)&obj, 0, sizeof(obj));
     X509_STORE_CTX_init(store_ctx, crl_store, NULL, NULL);
-    rc = X509_STORE_get_by_subject(store_ctx, X509_LU_CRL, subject, &obj);
+    rc = X509_STORE_get_by_subject(store_ctx, X509_LU_CRL, subject, obj);
     X509_STORE_CTX_cleanup(store_ctx);
-    crl = obj.data.crl;
+    crl = X509_OBJECT_get0_X509_CRL(obj);
     if (rc > 0 && crl != NULL) {
         /*
          * Verify the signature on this CRL
@@ -2661,7 +2675,7 @@ ssl_verify_crl(int ok, X509_STORE_CTX *c
         if (X509_CRL_verify(crl, X509_get_pubkey(xs)) <= 0) {
             fprintf(stderr, "Invalid signature on CRL!\n");
             X509_STORE_CTX_set_error(ctx, X509_V_ERR_CRL_SIGNATURE_FAILURE);
-            X509_OBJECT_free_contents(&obj);
+            X509_OBJECT_free(obj);
             X509_STORE_CTX_free(store_ctx);
             return 0;
         }
@@ -2674,7 +2688,7 @@ ssl_verify_crl(int ok, X509_STORE_CTX *c
             fprintf(stderr, "Found CRL has invalid nextUpdate field.\n");
             X509_STORE_CTX_set_error(ctx,
                                     X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD);
-            X509_OBJECT_free_contents(&obj);
+            X509_OBJECT_free(&obj);
             X509_STORE_CTX_free(store_ctx);
             return 0;
         }
@@ -2683,11 +2697,11 @@ ssl_verify_crl(int ok, X509_STORE_CTX *c
 "Found CRL is expired - revoking all certificates until you get updated CRL.\n"
                     );
             X509_STORE_CTX_set_error(ctx, X509_V_ERR_CRL_HAS_EXPIRED);
-            X509_OBJECT_free_contents(&obj);
+            X509_OBJECT_free(&obj);
             X509_STORE_CTX_free(store_ctx);
             return 0;
         }
-        X509_OBJECT_free_contents(&obj);
+        X509_OBJECT_free(&obj);
     }
 
     /*
@@ -2698,7 +2712,7 @@ ssl_verify_crl(int ok, X509_STORE_CTX *c
     X509_STORE_CTX_init(store_ctx, crl_store, NULL, NULL);
     rc = X509_STORE_get_by_subject(store_ctx, X509_LU_CRL, issuer, &obj);
     X509_STORE_CTX_free(store_ctx);		/* calls X509_STORE_CTX_cleanup() */
-    crl = obj.data.crl;
+    crl = X509_OBJECT_get0_X509_CRL(obj);
     if (rc > 0 && crl != NULL) {
         /*
          * Check if the current certificate is revoked by this CRL
@@ -2706,19 +2720,19 @@ ssl_verify_crl(int ok, X509_STORE_CTX *c
         n = sk_X509_REVOKED_num(X509_CRL_get_REVOKED(crl));
         for (i = 0; i < n; i++) {
             revoked = sk_X509_REVOKED_value(X509_CRL_get_REVOKED(crl), i);
-            if (ASN1_INTEGER_cmp(revoked->serialNumber,
+            if (ASN1_INTEGER_cmp(X509_REVOKED_get0_serialNumber(revoked),
                                  X509_get_serialNumber(xs)) == 0) {
 
-                serial = ASN1_INTEGER_get(revoked->serialNumber);
+                serial = ASN1_INTEGER_get(X509_REVOKED_get0_serialNumber(revoked));
                 cp = X509_NAME_oneline(issuer, NULL, 0);
                 free(cp);
 
                 X509_STORE_CTX_set_error(ctx, X509_V_ERR_CERT_REVOKED);
-                X509_OBJECT_free_contents(&obj);
+                X509_OBJECT_free(&obj);
                 return 0;
             }
         }
-        X509_OBJECT_free_contents(&obj);
+        X509_OBJECT_free(&obj);
     }
     return ok;
 }
@@ -4338,9 +4352,11 @@ X509_userok(X509 * peer_cert, const char
     FILE *fp;
     struct passwd *pwd;
     X509 *file_cert;
+    const ASN1_BIT_STRING *peer_sig, *file_sig;
 
     if ( peer_cert == NULL )
         return(0);
+    X509_get0_signature(&peer_sig, NULL, peer_cert);
 
     if (!(pwd = getpwnam(userid)))
        return 0;
@@ -4351,7 +4367,8 @@ X509_userok(X509 * peer_cert, const char
     if (!(fp = fopen(buf, "r")))
         return 0;
     while (!r && (file_cert = PEM_read_X509(fp, NULL, NULL, NULL))) {
-        if (!ASN1_STRING_cmp(peer_cert->signature, file_cert->signature))
+        X509_get0_signature(&file_sig, NULL, file_cert);
+        if (!ASN1_STRING_cmp(peer_sig, file_sig))
             r = 1;
         X509_free(file_cert);
     }

Reply via email to