Blob Blame History Raw
diff -Nur globus_gssapi_gsi-7.0.orig/library/display_name.c globus_gssapi_gsi-7.0/library/display_name.c
--- globus_gssapi_gsi-7.0.orig/library/display_name.c	2008-09-24 19:46:30.000000000 +0200
+++ globus_gssapi_gsi-7.0/library/display_name.c	2010-02-08 10:18:53.408153303 +0100
@@ -122,7 +122,7 @@
         {
             int                         name_length;
             GENERAL_NAME *              name;
-            char *                      dns;
+            unsigned char *             dns;
             int                         i;
 
             name_length = sk_GENERAL_NAME_num(input_name->subjectAltNames);
@@ -133,7 +133,7 @@
                 if (name->type == GEN_DNS)
                 {
                     dns = ASN1_STRING_data(name->d.dNSName);
-                    output_name->value = globus_common_create_string("/CN=%s", dns);
+                    output_name->value = globus_common_create_string("/CN=%s", (char *) dns);
                     output_name->length = strlen(output_name->value);
                     break;
                 }
diff -Nur globus_gssapi_gsi-7.0.orig/library/export_sec_context.c globus_gssapi_gsi-7.0/library/export_sec_context.c
--- globus_gssapi_gsi-7.0.orig/library/export_sec_context.c	2006-01-19 06:56:09.000000000 +0100
+++ globus_gssapi_gsi-7.0/library/export_sec_context.c	2010-02-08 10:18:53.408153303 +0100
@@ -179,7 +179,7 @@
         goto unlock_mutex;
     }
 
-    L2N(peer_cert_count, (char *)int_buffer);
+    L2N(peer_cert_count, int_buffer);
     BIO_write(bp, (char *)int_buffer, 4);
     
     local_result = globus_gsi_callback_get_cert_chain(
diff -Nur globus_gssapi_gsi-7.0.orig/library/get_mic.c globus_gssapi_gsi-7.0/library/get_mic.c
--- globus_gssapi_gsi-7.0.orig/library/get_mic.c	2006-01-19 06:56:09.000000000 +0100
+++ globus_gssapi_gsi-7.0/library/get_mic.c	2010-02-08 10:18:53.408153303 +0100
@@ -146,7 +146,11 @@
     
     mac_sec = context->gss_ssl->s3->write_mac_secret;
     seq = context->gss_ssl->s3->write_sequence;
+    #if OPENSSL_VERSION_NUMBER < 0x10000000L
     hash = context->gss_ssl->write_hash;
+    #else
+    hash = context->gss_ssl->write_hash->digest;
+    #endif
 
     md_size = EVP_MD_size(hash);
     message_token->value = (char *) malloc(GSS_SSL_MESSAGE_DIGEST_PADDING 
diff -Nur globus_gssapi_gsi-7.0.orig/library/globus_i_gsi_gss_utils.c globus_gssapi_gsi-7.0/library/globus_i_gsi_gss_utils.c
--- globus_gssapi_gsi-7.0.orig/library/globus_i_gsi_gss_utils.c	2009-09-24 21:09:45.000000000 +0200
+++ globus_gssapi_gsi-7.0/library/globus_i_gsi_gss_utils.c	2010-02-08 10:18:53.409154337 +0100
@@ -37,7 +37,7 @@
 #include <string.h>
 #include <stdlib.h>
 
-#include "ssl_locl.h"
+#include "globus_ssl_locl.h"
 
 #ifdef WIN32
 #define strcasecmp stricmp
@@ -270,7 +270,7 @@
             goto exit;
         }
         
-        memset(context, (int)NULL, sizeof(gss_ctx_id_desc));
+        memset(context, 0, sizeof(gss_ctx_id_desc));
         *context_handle_P = context;
         context->ctx_flags = 0;
     }
@@ -295,7 +295,7 @@
         goto free_context;
     }
 
-    memset(context->peer_cred_handle, (int) NULL, sizeof(gss_cred_id_desc));
+    memset(context->peer_cred_handle, 0, sizeof(gss_cred_id_desc));
     
     local_result = globus_gsi_cred_handle_init(
         &context->peer_cred_handle->cred_handle, NULL);
@@ -564,14 +564,14 @@
     {
         char buff[256];
         int i;
-        STACK *sk;
+        STACK_OF(SSL_CIPHER) *sk;
         
         GLOBUS_I_GSI_GSSAPI_DEBUG_PRINT(
             2, "Ciphers available:\n");
-        sk=(STACK *)SSL_get_ciphers(context->gss_ssl);
-        for (i=0; i<sk_num(sk); i++)
+        sk=SSL_get_ciphers(context->gss_ssl);
+        for (i=0; i<sk_SSL_CIPHER_num(sk); i++)
         {
-            SSL_CIPHER_description((SSL_CIPHER *)sk_value(sk,i),
+            SSL_CIPHER_description(sk_SSL_CIPHER_value(sk,i),
                                    buff,256);
             GLOBUS_I_GSI_GSSAPI_DEBUG_FPRINTF(
                 3, (globus_i_gsi_gssapi_debug_fstream, buff));
@@ -995,7 +995,7 @@
     if (!GSS_ERROR(major_status)) {
         if (rc > 0)
         {
-            SSL_CIPHER *                current_cipher;
+            const SSL_CIPHER *              current_cipher;
             major_status = GSS_S_COMPLETE; 
 
             /*
@@ -1424,110 +1424,6 @@
 /* @} */
 
 /**
- * @name Credential Set
- * @ingroup globus_i_gsi_gss_utils
- */
-/* @{ */
-/**
- * Credential Set
- *
- * @param minor_status
- * @param cred_usage
- * @param cred_handle
- * @param ucert
- * @param upkey,
- * @param cert_chain
- *
- * @return
- */
-OM_uint32
-globus_i_gsi_gss_cred_set(
-    OM_uint32 *                         minor_status,
-    const gss_cred_usage_t              cred_usage,
-    gss_cred_id_t *                     cred_handle,
-    X509 *                              ucert,
-    EVP_PKEY *                          upkey,
-    STACK_OF(X509) *                    cert_chain)
-{
-    OM_uint32                           major_status = GSS_S_COMPLETE;
-    OM_uint32                           local_minor_status;
-    globus_result_t                     local_result;
-    globus_gsi_cred_handle_t            local_cred_handle;
-    static char *                       _function_name_ =
-        "globus_i_gsi_gss_cred_set";
-
-    GLOBUS_I_GSI_GSSAPI_DEBUG_ENTER;
-
-    *minor_status = GLOBUS_SUCCESS;
-
-    local_result = globus_gsi_cred_handle_init(&local_cred_handle, NULL);
-    if(local_result != GLOBUS_SUCCESS)
-    {
-        local_cred_handle = NULL;
-        GLOBUS_GSI_GSSAPI_ERROR_CHAIN_RESULT(
-            minor_status, local_result,
-            GLOBUS_GSI_GSSAPI_ERROR_WITH_GSI_CREDENTIAL);
-        major_status = GSS_S_FAILURE;
-        goto exit;
-    }
-
-    local_result = globus_gsi_cred_set_cert(local_cred_handle, ucert);
-    if(local_result != GLOBUS_SUCCESS)
-    {
-        GLOBUS_GSI_GSSAPI_ERROR_CHAIN_RESULT(
-            minor_status, local_result,
-            GLOBUS_GSI_GSSAPI_ERROR_WITH_GSI_CREDENTIAL);
-        major_status = GSS_S_FAILURE;
-        goto exit;
-    }
-    
-    local_result = globus_gsi_cred_set_key(local_cred_handle, upkey);
-    if(local_result != GLOBUS_SUCCESS)
-    {
-        GLOBUS_GSI_GSSAPI_ERROR_CHAIN_RESULT(
-            minor_status, local_result,
-            GLOBUS_GSI_GSSAPI_ERROR_WITH_GSI_CREDENTIAL);
-        major_status = GSS_S_FAILURE;
-        goto exit;
-    }
-
-    local_result = globus_gsi_cred_set_cert_chain(local_cred_handle, 
-                                                  cert_chain);
-    if(local_result != GLOBUS_SUCCESS)
-    {
-        GLOBUS_GSI_GSSAPI_ERROR_CHAIN_RESULT(
-            minor_status, local_result,
-            GLOBUS_GSI_GSSAPI_ERROR_WITH_GSI_CREDENTIAL);
-        major_status = GSS_S_FAILURE;
-        goto exit;
-    }
-
-    major_status = globus_i_gsi_gss_create_cred(&local_minor_status,
-                                                cred_usage,
-                                                cred_handle, 
-                                                &local_cred_handle);
-    if(GSS_ERROR(major_status))
-    {
-        GLOBUS_GSI_GSSAPI_ERROR_CHAIN_RESULT(
-            minor_status, local_minor_status,
-            GLOBUS_GSI_GSSAPI_ERROR_WITH_GSS_CREDENTIAL);
-        major_status = GSS_S_FAILURE;
-        goto exit;
-    }
-    
- exit:
-
-    if(local_cred_handle != NULL)
-    {
-        globus_gsi_cred_handle_destroy(local_cred_handle);
-    }
-    
-    GLOBUS_I_GSI_GSSAPI_DEBUG_EXIT;
-    return major_status;
-}
-/* @} */
-
-/**
  * @name Create Cred
  * @ingroup globus_i_gsi_gss_utils
  */
@@ -1961,6 +1857,9 @@
         ssl_handle->session,
         &ssl_handle->s3->tmp.new_sym_enc,
         &ssl_handle->s3->tmp.new_hash,
+#if (OPENSSL_VERSION_NUMBER >= 0x10000000L)
+        NULL, NULL,
+#endif
         (SSL_COMP **) &ssl_handle->s3->tmp.new_compression);
     if (!ssl_result)
     {
@@ -1989,6 +1888,9 @@
         ssl_handle->session,
         &ssl_handle->s3->tmp.new_sym_enc,
         &ssl_handle->s3->tmp.new_hash,
+#if (OPENSSL_VERSION_NUMBER >= 0x10000000L)
+        NULL, NULL,
+#endif
         (SSL_COMP **) &ssl_handle->s3->tmp.new_compression);
     if (!ssl_result)
     {
@@ -2325,6 +2227,11 @@
             for(index = 0; index < sk_X509_num(client_cert_chain); ++index)
             {
                 tmp_cert = X509_dup(sk_X509_value(client_cert_chain, index));
+                #if OPENSSL_VERSION_NUMBER >= 0x10000000L
+                SSL_CTX_add_extra_chain_cert(
+                        cred_handle->ssl_context,
+                        tmp_cert);
+                #else
                 if(!X509_STORE_add_cert(
                        SSL_CTX_get_cert_store(cred_handle->ssl_context),
                        tmp_cert))
@@ -2350,6 +2257,7 @@
                 }
                 /* need to free to reduce ref count */
                 X509_free(tmp_cert);
+                #endif
             }
         }
     }
@@ -2545,7 +2453,7 @@
 
                     goto out;
                 }
-                strncpy(name->service_name, data, p-data);
+                strncpy(name->service_name, (char *) data, p-data);
                 name->service_name[p-data] = 0;
 
                 name->host_name = malloc(length - (p-data));
@@ -2556,7 +2464,7 @@
 
                     goto free_service_name_out;
                 }
-                strncpy(name->host_name, p+1, length - (p+1-data));
+                strncpy(name->host_name, (char *) p+1, length - (p+1-data));
                 name->host_name[length - (p+1-data)] = 0;
             }
             else
@@ -2583,7 +2491,7 @@
                     goto free_service_name_out;
                 }
 
-                strncpy(name->host_name, data, length);
+                strncpy(name->host_name, (char *) data, length);
                 name->host_name[length] = 0;
             }
             break;
diff -Nur globus_gssapi_gsi-7.0.orig/library/globus_i_gsi_gss_utils.h globus_gssapi_gsi-7.0/library/globus_i_gsi_gss_utils.h
--- globus_gssapi_gsi-7.0.orig/library/globus_i_gsi_gss_utils.h	2008-11-21 16:04:49.000000000 +0100
+++ globus_gssapi_gsi-7.0/library/globus_i_gsi_gss_utils.h	2010-02-08 10:18:53.410152925 +0100
@@ -254,15 +254,6 @@
     const X509_NAME *                   desired_subject);
 
 OM_uint32
-globus_i_gsi_gss_cred_set(
-    OM_uint32 *                         minor_status,
-    const gss_cred_usage_t              cred_usage,
-    gss_cred_id_t *                     cred_handle,
-    X509 *                              ucert,
-    EVP_PKEY *                          upkey,
-    STACK_OF(X509) *                    cert_chain);
-
-OM_uint32
 globus_i_gsi_gss_create_cred(
     OM_uint32 *                         minor_status,
     const gss_cred_usage_t              cred_usage,
diff -Nur globus_gssapi_gsi-7.0.orig/library/globus_ssl_locl.h globus_gssapi_gsi-7.0/library/globus_ssl_locl.h
--- globus_gssapi_gsi-7.0.orig/library/globus_ssl_locl.h	1970-01-01 01:00:00.000000000 +0100
+++ globus_gssapi_gsi-7.0/library/globus_ssl_locl.h	2010-02-08 10:21:44.762160547 +0100
@@ -0,0 +1,54 @@
+#ifndef GLOBUS_SSL_LOCL_H
+#define GLOBUS_SSL_LOCL_H
+
+#if (OPENSSL_VERSION_NUMBER >= 0x10000000L)
+#define SSL_STRONG_MASK 0x000001fcL
+#else
+#define SSL_STRONG_MASK 0x000000fcL
+#endif
+
+#define SSL_LOW 0x00000020L
+
+typedef struct ssl3_enc_method
+	{
+	int (*enc)(SSL *, int);
+	int (*mac)(SSL *, unsigned char *, int);
+	int (*setup_key_block)(SSL *);
+	int (*generate_master_secret)(SSL *, unsigned char *, unsigned char *, int);
+	int (*change_cipher_state)(SSL *, int);
+#if (OPENSSL_VERSION_NUMBER >= 0x10000000L)
+	int (*final_finish_mac)(SSL *, EVP_MD_CTX *, EVP_MD_CTX *, const char *, int, unsigned char *);
+#else
+	int (*final_finish_mac)(SSL *, const char *, int, unsigned char *);
+#endif
+	int finish_mac_length;
+#if (OPENSSL_VERSION_NUMBER >= 0x10000000L)
+	int (*cert_verify_mac)(SSL *, EVP_MD_CTX *, unsigned char *);
+#else
+	int (*cert_verify_mac)(SSL *, int, unsigned char *);
+#endif
+	const char *client_finished_label;
+	int client_finished_label_len;
+	const char *server_finished_label;
+	int server_finished_label_len;
+	int (*alert_value)(int);
+	} SSL3_ENC_METHOD;
+
+int ssl3_setup_buffers(SSL *s);
+
+int ssl_init_wbio_buffer(SSL *s, int push);
+void ssl_free_wbio_buffer(SSL *s);
+
+int ssl3_setup_key_block(SSL *s);
+void ssl3_cleanup_key_block(SSL *s);
+
+#if (OPENSSL_VERSION_NUMBER >= 0x10000000L)
+int ssl_cipher_get_evp(const SSL_SESSION *s, const EVP_CIPHER **enc,
+		       const EVP_MD **md, int *mac_pkey_type,
+		       int *mac_secret_size, SSL_COMP **comp);
+#else
+int ssl_cipher_get_evp(SSL_SESSION *s, const EVP_CIPHER **enc,
+		       const EVP_MD **md, SSL_COMP **comp);
+#endif
+
+#endif
diff -Nur globus_gssapi_gsi-7.0.orig/library/gssapi_openssl.h globus_gssapi_gsi-7.0/library/gssapi_openssl.h
--- globus_gssapi_gsi-7.0.orig/library/gssapi_openssl.h	2008-09-09 18:46:21.000000000 +0200
+++ globus_gssapi_gsi-7.0/library/gssapi_openssl.h	2010-02-08 10:18:53.410152925 +0100
@@ -86,7 +86,7 @@
 
 #define L2N(LONG_VAL, CHAR_ARRAY) \
    {  \
-       char *                           _char_array_ = CHAR_ARRAY; \
+       unsigned char *                  _char_array_ = CHAR_ARRAY; \
        *(_char_array_++) = (unsigned char) (((LONG_VAL) >> 24) & 0xff); \
        *(_char_array_++) = (unsigned char) (((LONG_VAL) >> 16) & 0xff); \
        *(_char_array_++) = (unsigned char) (((LONG_VAL) >> 8)  & 0xff); \
@@ -95,7 +95,7 @@
 
 #define N2L(CHAR_ARRAY, LONG_VAL) \
    { \
-       char *                           _char_array_ = CHAR_ARRAY; \
+       unsigned char *                  _char_array_ = CHAR_ARRAY; \
        (LONG_VAL)  = ((*(_char_array_++)) << 24) & 0xff000000; \
        (LONG_VAL) |= ((*(_char_array_++)) << 16) & 0xff0000; \
        (LONG_VAL) |= ((*(_char_array_++)) << 8) & 0xff00; \
diff -Nur globus_gssapi_gsi-7.0.orig/library/import_sec_context.c globus_gssapi_gsi-7.0/library/import_sec_context.c
--- globus_gssapi_gsi-7.0.orig/library/import_sec_context.c	2009-09-24 21:09:45.000000000 +0200
+++ globus_gssapi_gsi-7.0/library/import_sec_context.c	2010-02-08 10:18:53.413154559 +0100
@@ -33,16 +33,10 @@
 #include "openssl/crypto.h"
 #include "openssl/rand.h"
 #include "openssl/ssl2.h"
-#include "ssl_locl.h"
+#include "openssl/ssl3.h"
+#include "globus_ssl_locl.h"
 #include <string.h>
 
-/*
- * inorder to define a number of low level ssl routines
- * we need to include non installed header
- * #include <ssl_locl.h>
- * We will define the four routines here. 
- */
-
 /**
  * @name Import Security Context
  * @ingroup globus_gsi_gssapi
diff -Nur globus_gssapi_gsi-7.0.orig/library/Makefile.am globus_gssapi_gsi-7.0/library/Makefile.am
--- globus_gssapi_gsi-7.0.orig/library/Makefile.am	2008-10-20 18:04:33.000000000 +0200
+++ globus_gssapi_gsi-7.0/library/Makefile.am	2010-02-08 10:19:49.643153482 +0100
@@ -46,7 +46,7 @@
 	set_sec_context_option.c
 
 Sources_OPENSSL_INTERNALS = \
-	ssl_locl.h
+	globus_ssl_locl.h
 
 flavorinclude_HEADERS = \
 	gssapi.h
diff -Nur globus_gssapi_gsi-7.0.orig/library/unwrap.c globus_gssapi_gsi-7.0/library/unwrap.c
--- globus_gssapi_gsi-7.0.orig/library/unwrap.c	2008-01-14 16:58:52.000000000 +0100
+++ globus_gssapi_gsi-7.0/library/unwrap.c	2010-02-08 10:18:53.415153902 +0100
@@ -160,7 +160,7 @@
         input_value += GSS_SSL3_WRITE_SEQUENCE_SIZE; 
 
         /* get data length */
-        N2L((char *) input_value, data_buf->length);  
+        N2L(input_value, data_buf->length);  
         input_value += 4;
 
         GLOBUS_I_GSI_GSSAPI_DEBUG_FPRINTF(
diff -Nur globus_gssapi_gsi-7.0.orig/library/verify_mic.c globus_gssapi_gsi-7.0/library/verify_mic.c
--- globus_gssapi_gsi-7.0.orig/library/verify_mic.c	2006-01-19 06:56:09.000000000 +0100
+++ globus_gssapi_gsi-7.0/library/verify_mic.c	2010-02-08 10:18:53.415153902 +0100
@@ -183,7 +183,11 @@
 
     mac_sec = context->gss_ssl->s3->read_mac_secret;
     seq = context->gss_ssl->s3->read_sequence;
+    #if OPENSSL_VERSION_NUMBER < 0x10000000L
     hash = context->gss_ssl->read_hash;
+    #else
+    hash = context->gss_ssl->read_hash->digest;
+    #endif
 
     md_size = EVP_MD_size(hash);
     if (token_buffer->length != (GSS_SSL_MESSAGE_DIGEST_PADDING + md_size))
diff -Nur globus_gssapi_gsi-7.0.orig/library/wrap.c globus_gssapi_gsi-7.0/library/wrap.c
--- globus_gssapi_gsi-7.0.orig/library/wrap.c	2008-10-16 17:58:08.000000000 +0200
+++ globus_gssapi_gsi-7.0/library/wrap.c	2010-02-08 10:18:53.417152686 +0100
@@ -92,7 +92,11 @@
     if (conf_req_flag == 0 
         && qop_req == GSS_C_QOP_GLOBUS_GSSAPI_OPENSSL_BIG)
     {
+        #if OPENSSL_VERSION_NUMBER < 0x10000000L
         overhead = 17 + EVP_MD_size(context->gss_ssl->write_hash); 
+        #else
+        overhead = 17 + EVP_MD_size(context->gss_ssl->write_hash->digest); 
+        #endif
         max = req_output_size - overhead;
         *max_input_size = max;