diff -Nur globus_gssapi_gsi-7.0.orig/library/display_name.c globus_gssapi_gsi-7.0/library/display_name.c
--- globus_gssapi_gsi-7.0.orig/library/display_name.c 2008-09-24 19:46:30.000000000 +0200
+++ globus_gssapi_gsi-7.0/library/display_name.c 2010-02-08 10:18:53.408153303 +0100
@@ -122,7 +122,7 @@
{
int name_length;
GENERAL_NAME * name;
- char * dns;
+ unsigned char * dns;
int i;
name_length = sk_GENERAL_NAME_num(input_name->subjectAltNames);
@@ -133,7 +133,7 @@
if (name->type == GEN_DNS)
{
dns = ASN1_STRING_data(name->d.dNSName);
- output_name->value = globus_common_create_string("/CN=%s", dns);
+ output_name->value = globus_common_create_string("/CN=%s", (char *) dns);
output_name->length = strlen(output_name->value);
break;
}
diff -Nur globus_gssapi_gsi-7.0.orig/library/export_sec_context.c globus_gssapi_gsi-7.0/library/export_sec_context.c
--- globus_gssapi_gsi-7.0.orig/library/export_sec_context.c 2006-01-19 06:56:09.000000000 +0100
+++ globus_gssapi_gsi-7.0/library/export_sec_context.c 2010-02-08 10:18:53.408153303 +0100
@@ -179,7 +179,7 @@
goto unlock_mutex;
}
- L2N(peer_cert_count, (char *)int_buffer);
+ L2N(peer_cert_count, int_buffer);
BIO_write(bp, (char *)int_buffer, 4);
local_result = globus_gsi_callback_get_cert_chain(
diff -Nur globus_gssapi_gsi-7.0.orig/library/get_mic.c globus_gssapi_gsi-7.0/library/get_mic.c
--- globus_gssapi_gsi-7.0.orig/library/get_mic.c 2006-01-19 06:56:09.000000000 +0100
+++ globus_gssapi_gsi-7.0/library/get_mic.c 2010-02-08 10:18:53.408153303 +0100
@@ -146,7 +146,11 @@
mac_sec = context->gss_ssl->s3->write_mac_secret;
seq = context->gss_ssl->s3->write_sequence;
+ #if OPENSSL_VERSION_NUMBER < 0x10000000L
hash = context->gss_ssl->write_hash;
+ #else
+ hash = context->gss_ssl->write_hash->digest;
+ #endif
md_size = EVP_MD_size(hash);
message_token->value = (char *) malloc(GSS_SSL_MESSAGE_DIGEST_PADDING
diff -Nur globus_gssapi_gsi-7.0.orig/library/globus_i_gsi_gss_utils.c globus_gssapi_gsi-7.0/library/globus_i_gsi_gss_utils.c
--- globus_gssapi_gsi-7.0.orig/library/globus_i_gsi_gss_utils.c 2009-09-24 21:09:45.000000000 +0200
+++ globus_gssapi_gsi-7.0/library/globus_i_gsi_gss_utils.c 2010-02-08 10:18:53.409154337 +0100
@@ -37,7 +37,7 @@
#include <string.h>
#include <stdlib.h>
-#include "ssl_locl.h"
+#include "globus_ssl_locl.h"
#ifdef WIN32
#define strcasecmp stricmp
@@ -270,7 +270,7 @@
goto exit;
}
- memset(context, (int)NULL, sizeof(gss_ctx_id_desc));
+ memset(context, 0, sizeof(gss_ctx_id_desc));
*context_handle_P = context;
context->ctx_flags = 0;
}
@@ -295,7 +295,7 @@
goto free_context;
}
- memset(context->peer_cred_handle, (int) NULL, sizeof(gss_cred_id_desc));
+ memset(context->peer_cred_handle, 0, sizeof(gss_cred_id_desc));
local_result = globus_gsi_cred_handle_init(
&context->peer_cred_handle->cred_handle, NULL);
@@ -564,14 +564,14 @@
{
char buff[256];
int i;
- STACK *sk;
+ STACK_OF(SSL_CIPHER) *sk;
GLOBUS_I_GSI_GSSAPI_DEBUG_PRINT(
2, "Ciphers available:\n");
- sk=(STACK *)SSL_get_ciphers(context->gss_ssl);
- for (i=0; i<sk_num(sk); i++)
+ sk=SSL_get_ciphers(context->gss_ssl);
+ for (i=0; i<sk_SSL_CIPHER_num(sk); i++)
{
- SSL_CIPHER_description((SSL_CIPHER *)sk_value(sk,i),
+ SSL_CIPHER_description(sk_SSL_CIPHER_value(sk,i),
buff,256);
GLOBUS_I_GSI_GSSAPI_DEBUG_FPRINTF(
3, (globus_i_gsi_gssapi_debug_fstream, buff));
@@ -995,7 +995,7 @@
if (!GSS_ERROR(major_status)) {
if (rc > 0)
{
- SSL_CIPHER * current_cipher;
+ const SSL_CIPHER * current_cipher;
major_status = GSS_S_COMPLETE;
/*
@@ -1424,110 +1424,6 @@
/* @} */
/**
- * @name Credential Set
- * @ingroup globus_i_gsi_gss_utils
- */
-/* @{ */
-/**
- * Credential Set
- *
- * @param minor_status
- * @param cred_usage
- * @param cred_handle
- * @param ucert
- * @param upkey,
- * @param cert_chain
- *
- * @return
- */
-OM_uint32
-globus_i_gsi_gss_cred_set(
- OM_uint32 * minor_status,
- const gss_cred_usage_t cred_usage,
- gss_cred_id_t * cred_handle,
- X509 * ucert,
- EVP_PKEY * upkey,
- STACK_OF(X509) * cert_chain)
-{
- OM_uint32 major_status = GSS_S_COMPLETE;
- OM_uint32 local_minor_status;
- globus_result_t local_result;
- globus_gsi_cred_handle_t local_cred_handle;
- static char * _function_name_ =
- "globus_i_gsi_gss_cred_set";
-
- GLOBUS_I_GSI_GSSAPI_DEBUG_ENTER;
-
- *minor_status = GLOBUS_SUCCESS;
-
- local_result = globus_gsi_cred_handle_init(&local_cred_handle, NULL);
- if(local_result != GLOBUS_SUCCESS)
- {
- local_cred_handle = NULL;
- GLOBUS_GSI_GSSAPI_ERROR_CHAIN_RESULT(
- minor_status, local_result,
- GLOBUS_GSI_GSSAPI_ERROR_WITH_GSI_CREDENTIAL);
- major_status = GSS_S_FAILURE;
- goto exit;
- }
-
- local_result = globus_gsi_cred_set_cert(local_cred_handle, ucert);
- if(local_result != GLOBUS_SUCCESS)
- {
- GLOBUS_GSI_GSSAPI_ERROR_CHAIN_RESULT(
- minor_status, local_result,
- GLOBUS_GSI_GSSAPI_ERROR_WITH_GSI_CREDENTIAL);
- major_status = GSS_S_FAILURE;
- goto exit;
- }
-
- local_result = globus_gsi_cred_set_key(local_cred_handle, upkey);
- if(local_result != GLOBUS_SUCCESS)
- {
- GLOBUS_GSI_GSSAPI_ERROR_CHAIN_RESULT(
- minor_status, local_result,
- GLOBUS_GSI_GSSAPI_ERROR_WITH_GSI_CREDENTIAL);
- major_status = GSS_S_FAILURE;
- goto exit;
- }
-
- local_result = globus_gsi_cred_set_cert_chain(local_cred_handle,
- cert_chain);
- if(local_result != GLOBUS_SUCCESS)
- {
- GLOBUS_GSI_GSSAPI_ERROR_CHAIN_RESULT(
- minor_status, local_result,
- GLOBUS_GSI_GSSAPI_ERROR_WITH_GSI_CREDENTIAL);
- major_status = GSS_S_FAILURE;
- goto exit;
- }
-
- major_status = globus_i_gsi_gss_create_cred(&local_minor_status,
- cred_usage,
- cred_handle,
- &local_cred_handle);
- if(GSS_ERROR(major_status))
- {
- GLOBUS_GSI_GSSAPI_ERROR_CHAIN_RESULT(
- minor_status, local_minor_status,
- GLOBUS_GSI_GSSAPI_ERROR_WITH_GSS_CREDENTIAL);
- major_status = GSS_S_FAILURE;
- goto exit;
- }
-
- exit:
-
- if(local_cred_handle != NULL)
- {
- globus_gsi_cred_handle_destroy(local_cred_handle);
- }
-
- GLOBUS_I_GSI_GSSAPI_DEBUG_EXIT;
- return major_status;
-}
-/* @} */
-
-/**
* @name Create Cred
* @ingroup globus_i_gsi_gss_utils
*/
@@ -1961,6 +1857,9 @@
ssl_handle->session,
&ssl_handle->s3->tmp.new_sym_enc,
&ssl_handle->s3->tmp.new_hash,
+#if (OPENSSL_VERSION_NUMBER >= 0x10000000L)
+ NULL, NULL,
+#endif
(SSL_COMP **) &ssl_handle->s3->tmp.new_compression);
if (!ssl_result)
{
@@ -1989,6 +1888,9 @@
ssl_handle->session,
&ssl_handle->s3->tmp.new_sym_enc,
&ssl_handle->s3->tmp.new_hash,
+#if (OPENSSL_VERSION_NUMBER >= 0x10000000L)
+ NULL, NULL,
+#endif
(SSL_COMP **) &ssl_handle->s3->tmp.new_compression);
if (!ssl_result)
{
@@ -2325,6 +2227,11 @@
for(index = 0; index < sk_X509_num(client_cert_chain); ++index)
{
tmp_cert = X509_dup(sk_X509_value(client_cert_chain, index));
+ #if OPENSSL_VERSION_NUMBER >= 0x10000000L
+ SSL_CTX_add_extra_chain_cert(
+ cred_handle->ssl_context,
+ tmp_cert);
+ #else
if(!X509_STORE_add_cert(
SSL_CTX_get_cert_store(cred_handle->ssl_context),
tmp_cert))
@@ -2350,6 +2257,7 @@
}
/* need to free to reduce ref count */
X509_free(tmp_cert);
+ #endif
}
}
}
@@ -2545,7 +2453,7 @@
goto out;
}
- strncpy(name->service_name, data, p-data);
+ strncpy(name->service_name, (char *) data, p-data);
name->service_name[p-data] = 0;
name->host_name = malloc(length - (p-data));
@@ -2556,7 +2464,7 @@
goto free_service_name_out;
}
- strncpy(name->host_name, p+1, length - (p+1-data));
+ strncpy(name->host_name, (char *) p+1, length - (p+1-data));
name->host_name[length - (p+1-data)] = 0;
}
else
@@ -2583,7 +2491,7 @@
goto free_service_name_out;
}
- strncpy(name->host_name, data, length);
+ strncpy(name->host_name, (char *) data, length);
name->host_name[length] = 0;
}
break;
diff -Nur globus_gssapi_gsi-7.0.orig/library/globus_i_gsi_gss_utils.h globus_gssapi_gsi-7.0/library/globus_i_gsi_gss_utils.h
--- globus_gssapi_gsi-7.0.orig/library/globus_i_gsi_gss_utils.h 2008-11-21 16:04:49.000000000 +0100
+++ globus_gssapi_gsi-7.0/library/globus_i_gsi_gss_utils.h 2010-02-08 10:18:53.410152925 +0100
@@ -254,15 +254,6 @@
const X509_NAME * desired_subject);
OM_uint32
-globus_i_gsi_gss_cred_set(
- OM_uint32 * minor_status,
- const gss_cred_usage_t cred_usage,
- gss_cred_id_t * cred_handle,
- X509 * ucert,
- EVP_PKEY * upkey,
- STACK_OF(X509) * cert_chain);
-
-OM_uint32
globus_i_gsi_gss_create_cred(
OM_uint32 * minor_status,
const gss_cred_usage_t cred_usage,
diff -Nur globus_gssapi_gsi-7.0.orig/library/globus_ssl_locl.h globus_gssapi_gsi-7.0/library/globus_ssl_locl.h
--- globus_gssapi_gsi-7.0.orig/library/globus_ssl_locl.h 1970-01-01 01:00:00.000000000 +0100
+++ globus_gssapi_gsi-7.0/library/globus_ssl_locl.h 2010-02-08 10:21:44.762160547 +0100
@@ -0,0 +1,54 @@
+#ifndef GLOBUS_SSL_LOCL_H
+#define GLOBUS_SSL_LOCL_H
+
+#if (OPENSSL_VERSION_NUMBER >= 0x10000000L)
+#define SSL_STRONG_MASK 0x000001fcL
+#else
+#define SSL_STRONG_MASK 0x000000fcL
+#endif
+
+#define SSL_LOW 0x00000020L
+
+typedef struct ssl3_enc_method
+ {
+ int (*enc)(SSL *, int);
+ int (*mac)(SSL *, unsigned char *, int);
+ int (*setup_key_block)(SSL *);
+ int (*generate_master_secret)(SSL *, unsigned char *, unsigned char *, int);
+ int (*change_cipher_state)(SSL *, int);
+#if (OPENSSL_VERSION_NUMBER >= 0x10000000L)
+ int (*final_finish_mac)(SSL *, EVP_MD_CTX *, EVP_MD_CTX *, const char *, int, unsigned char *);
+#else
+ int (*final_finish_mac)(SSL *, const char *, int, unsigned char *);
+#endif
+ int finish_mac_length;
+#if (OPENSSL_VERSION_NUMBER >= 0x10000000L)
+ int (*cert_verify_mac)(SSL *, EVP_MD_CTX *, unsigned char *);
+#else
+ int (*cert_verify_mac)(SSL *, int, unsigned char *);
+#endif
+ const char *client_finished_label;
+ int client_finished_label_len;
+ const char *server_finished_label;
+ int server_finished_label_len;
+ int (*alert_value)(int);
+ } SSL3_ENC_METHOD;
+
+int ssl3_setup_buffers(SSL *s);
+
+int ssl_init_wbio_buffer(SSL *s, int push);
+void ssl_free_wbio_buffer(SSL *s);
+
+int ssl3_setup_key_block(SSL *s);
+void ssl3_cleanup_key_block(SSL *s);
+
+#if (OPENSSL_VERSION_NUMBER >= 0x10000000L)
+int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
+ const EVP_MD **md, int *mac_pkey_type,
+ int *mac_secret_size, SSL_COMP **comp);
+#else
+int ssl_cipher_get_evp(SSL_SESSION *s, const EVP_CIPHER **enc,
+ const EVP_MD **md, SSL_COMP **comp);
+#endif
+
+#endif
diff -Nur globus_gssapi_gsi-7.0.orig/library/gssapi_openssl.h globus_gssapi_gsi-7.0/library/gssapi_openssl.h
--- globus_gssapi_gsi-7.0.orig/library/gssapi_openssl.h 2008-09-09 18:46:21.000000000 +0200
+++ globus_gssapi_gsi-7.0/library/gssapi_openssl.h 2010-02-08 10:18:53.410152925 +0100
@@ -86,7 +86,7 @@
#define L2N(LONG_VAL, CHAR_ARRAY) \
{ \
- char * _char_array_ = CHAR_ARRAY; \
+ unsigned char * _char_array_ = CHAR_ARRAY; \
*(_char_array_++) = (unsigned char) (((LONG_VAL) >> 24) & 0xff); \
*(_char_array_++) = (unsigned char) (((LONG_VAL) >> 16) & 0xff); \
*(_char_array_++) = (unsigned char) (((LONG_VAL) >> 8) & 0xff); \
@@ -95,7 +95,7 @@
#define N2L(CHAR_ARRAY, LONG_VAL) \
{ \
- char * _char_array_ = CHAR_ARRAY; \
+ unsigned char * _char_array_ = CHAR_ARRAY; \
(LONG_VAL) = ((*(_char_array_++)) << 24) & 0xff000000; \
(LONG_VAL) |= ((*(_char_array_++)) << 16) & 0xff0000; \
(LONG_VAL) |= ((*(_char_array_++)) << 8) & 0xff00; \
diff -Nur globus_gssapi_gsi-7.0.orig/library/import_sec_context.c globus_gssapi_gsi-7.0/library/import_sec_context.c
--- globus_gssapi_gsi-7.0.orig/library/import_sec_context.c 2009-09-24 21:09:45.000000000 +0200
+++ globus_gssapi_gsi-7.0/library/import_sec_context.c 2010-02-08 10:18:53.413154559 +0100
@@ -33,16 +33,10 @@
#include "openssl/crypto.h"
#include "openssl/rand.h"
#include "openssl/ssl2.h"
-#include "ssl_locl.h"
+#include "openssl/ssl3.h"
+#include "globus_ssl_locl.h"
#include <string.h>
-/*
- * inorder to define a number of low level ssl routines
- * we need to include non installed header
- * #include <ssl_locl.h>
- * We will define the four routines here.
- */
-
/**
* @name Import Security Context
* @ingroup globus_gsi_gssapi
diff -Nur globus_gssapi_gsi-7.0.orig/library/Makefile.am globus_gssapi_gsi-7.0/library/Makefile.am
--- globus_gssapi_gsi-7.0.orig/library/Makefile.am 2008-10-20 18:04:33.000000000 +0200
+++ globus_gssapi_gsi-7.0/library/Makefile.am 2010-02-08 10:19:49.643153482 +0100
@@ -46,7 +46,7 @@
set_sec_context_option.c
Sources_OPENSSL_INTERNALS = \
- ssl_locl.h
+ globus_ssl_locl.h
flavorinclude_HEADERS = \
gssapi.h
diff -Nur globus_gssapi_gsi-7.0.orig/library/unwrap.c globus_gssapi_gsi-7.0/library/unwrap.c
--- globus_gssapi_gsi-7.0.orig/library/unwrap.c 2008-01-14 16:58:52.000000000 +0100
+++ globus_gssapi_gsi-7.0/library/unwrap.c 2010-02-08 10:18:53.415153902 +0100
@@ -160,7 +160,7 @@
input_value += GSS_SSL3_WRITE_SEQUENCE_SIZE;
/* get data length */
- N2L((char *) input_value, data_buf->length);
+ N2L(input_value, data_buf->length);
input_value += 4;
GLOBUS_I_GSI_GSSAPI_DEBUG_FPRINTF(
diff -Nur globus_gssapi_gsi-7.0.orig/library/verify_mic.c globus_gssapi_gsi-7.0/library/verify_mic.c
--- globus_gssapi_gsi-7.0.orig/library/verify_mic.c 2006-01-19 06:56:09.000000000 +0100
+++ globus_gssapi_gsi-7.0/library/verify_mic.c 2010-02-08 10:18:53.415153902 +0100
@@ -183,7 +183,11 @@
mac_sec = context->gss_ssl->s3->read_mac_secret;
seq = context->gss_ssl->s3->read_sequence;
+ #if OPENSSL_VERSION_NUMBER < 0x10000000L
hash = context->gss_ssl->read_hash;
+ #else
+ hash = context->gss_ssl->read_hash->digest;
+ #endif
md_size = EVP_MD_size(hash);
if (token_buffer->length != (GSS_SSL_MESSAGE_DIGEST_PADDING + md_size))
diff -Nur globus_gssapi_gsi-7.0.orig/library/wrap.c globus_gssapi_gsi-7.0/library/wrap.c
--- globus_gssapi_gsi-7.0.orig/library/wrap.c 2008-10-16 17:58:08.000000000 +0200
+++ globus_gssapi_gsi-7.0/library/wrap.c 2010-02-08 10:18:53.417152686 +0100
@@ -92,7 +92,11 @@
if (conf_req_flag == 0
&& qop_req == GSS_C_QOP_GLOBUS_GSSAPI_OPENSSL_BIG)
{
+ #if OPENSSL_VERSION_NUMBER < 0x10000000L
overhead = 17 + EVP_MD_size(context->gss_ssl->write_hash);
+ #else
+ overhead = 17 + EVP_MD_size(context->gss_ssl->write_hash->digest);
+ #endif
max = req_output_size - overhead;
*max_input_size = max;