From 8a0cc8f79faae57c3d4e6c801c554970780416db Mon Sep 17 00:00:00 2001
From: Adrian Reber <adrian@lisas.de>
Date: Fri, 2 Dec 2016 12:20:29 +0100
Subject: [PATCH 2/3] authreg_ldapfull: adapt to openssl-1.1
Adding #ifdefs to use the new openssl-1.1 API if detected.
Signed-off-by: Adrian Reber <adrian@lisas.de>
---
storage/authreg_ldapfull.c | 107 +++++++++++++++++++++++++++++++++++++++------
1 file changed, 94 insertions(+), 13 deletions(-)
diff --git a/storage/authreg_ldapfull.c b/storage/authreg_ldapfull.c
index 7b32d48..6dbf202 100644
--- a/storage/authreg_ldapfull.c
+++ b/storage/authreg_ldapfull.c
@@ -39,6 +39,7 @@
#ifdef HAVE_SSL
#include <openssl/rand.h>
+#include <openssl/evp.h>
#endif
#include <lber.h>
@@ -228,13 +229,18 @@ int _ldapfull_base64_decode( const char *src, const unsigned char **ret, int *rl
int rc, tlen = 0;
int i;
unsigned char *text;
+#if OPENSSL_VERSION_NUMBER < 0x10100005L
EVP_ENCODE_CTX EVP_ctx;
+#else
+ EVP_ENCODE_CTX *EVP_ctx;
+#endif
text = (unsigned char *)malloc(((strlen(src)+3)/4 * 3) + 1);
if (text == NULL) {
return 0;
}
+#if OPENSSL_VERSION_NUMBER < 0x10100005L
EVP_DecodeInit(&EVP_ctx);
rc = EVP_DecodeUpdate(&EVP_ctx, text, &i, (const unsigned char *)src, strlen(src));
if (rc < 0) {
@@ -243,40 +249,70 @@ int _ldapfull_base64_decode( const char *src, const unsigned char **ret, int *rl
}
tlen+=i;
EVP_DecodeFinal(&EVP_ctx, (unsigned char*)text, &i);
+#else
+ EVP_ctx = EVP_ENCODE_CTX_new();
+ EVP_DecodeInit(EVP_ctx);
+ rc = EVP_DecodeUpdate(EVP_ctx, text, &i, (const unsigned char *)src, strlen(src));
+ if (rc < 0) {
+ free(text);
+ EVP_ENCODE_CTX_free(EVP_ctx);
+ return 0;
+ }
+ tlen+=i;
+ EVP_DecodeFinal(EVP_ctx, (unsigned char*)text, &i);
+#endif
*ret = text;
if (rlen != NULL) {
*rlen = tlen;
}
+#if !(OPENSSL_VERSION_NUMBER < 0x10100005L)
+ EVP_ENCODE_CTX_free(EVP_ctx);
+#endif
return 1;
}
static int _ldapfull_base64_encode( const unsigned char *src, int srclen, char **ret, int *rlen ) {
int tlen = 0;
unsigned char *text;
+#if OPENSSL_VERSION_NUMBER < 0x10100005L
EVP_ENCODE_CTX EVP_ctx;
+#else
+ EVP_ENCODE_CTX *EVP_ctx;
+#endif
+
text = (unsigned char *)malloc((srclen*4/3) + 1 );
if (text == NULL) {
return 0;
}
+#if OPENSSL_VERSION_NUMBER < 0x10100005L
EVP_EncodeInit(&EVP_ctx);
EVP_EncodeUpdate(&EVP_ctx, text, &tlen, src, srclen);
EVP_EncodeFinal(&EVP_ctx, text, &tlen);
+#else
+ EVP_ctx = EVP_ENCODE_CTX_new();
+ EVP_EncodeInit(EVP_ctx);
+ EVP_EncodeUpdate(EVP_ctx, text, &tlen, src, srclen);
+ EVP_EncodeFinal(EVP_ctx, text, &tlen);
+#endif
*ret = (char*)text;
if (rlen != NULL) {
*rlen = tlen;
}
+#if !(OPENSSL_VERSION_NUMBER < 0x10100005L)
+ EVP_ENCODE_CTX_free(EVP_ctx);
+#endif
return 1;
}
int _ldapfull_chk_hashed(moddata_t data, const char *scheme, int salted, const char *hash, const char *passwd) {
const unsigned char *bhash; // binary hash, will get it from base64
- EVP_MD_CTX mdctx;
+ EVP_MD_CTX *mdctx;
const EVP_MD *md;
unsigned char digest[EVP_MAX_MD_SIZE];
int bhlen, rc;
@@ -289,22 +325,32 @@ int _ldapfull_chk_hashed(moddata_t data, const char *scheme, int salted, const c
return 0;
}
- EVP_DigestInit(&mdctx, md);
- EVP_DigestUpdate(&mdctx, passwd, strlen(passwd));
+#if OPENSSL_VERSION_NUMBER < 0x10100005L
+ mdctx = EVP_MD_CTX_create();
+#else
+ mdctx = EVP_MD_CTX_new();
+#endif
+ EVP_DigestInit(mdctx, md);
+ EVP_DigestUpdate(mdctx, passwd, strlen(passwd));
if (salted) {
- EVP_DigestUpdate(&mdctx, &bhash[EVP_MD_size(md)],
+ EVP_DigestUpdate(mdctx, &bhash[EVP_MD_size(md)],
bhlen - EVP_MD_size(md));
}
- EVP_DigestFinal(&mdctx, digest, NULL);
+ EVP_DigestFinal(mdctx, digest, NULL);
rc = memcmp((char *)bhash, (char *)digest, EVP_MD_size(md));
free((void*)bhash);
+#if OPENSSL_VERSION_NUMBER < 0x10100005L
+ EVP_MD_CTX_destroy(mdctx);
+#else
+ EVP_MD_CTX_free(mdctx);
+#endif
return !rc;
}
int _ldapfull_set_hashed(moddata_t data, const char *scheme, const char *prefix, int saltlen, const char *passwd, char *buf, int buflen) {
char *hash = 0; // base64 hash
- EVP_MD_CTX mdctx;
+ EVP_MD_CTX *mdctx;
const EVP_MD *md;
unsigned char *digest;
unsigned char *salt;
@@ -316,30 +362,48 @@ int _ldapfull_set_hashed(moddata_t data, const char *scheme, const char *prefix,
if (!md) {
return 0;
}
- EVP_DigestInit(&mdctx, md);
- EVP_DigestUpdate(&mdctx, passwd, strlen(passwd));
+
+#if OPENSSL_VERSION_NUMBER < 0x10100005L
+ mdctx = EVP_MD_CTX_create();
+#else
+ mdctx = EVP_MD_CTX_new();
+#endif
+ EVP_DigestInit(mdctx, md);
+ EVP_DigestUpdate(mdctx, passwd, strlen(passwd));
if (saltlen) {
salt = (unsigned char *)malloc(saltlen);
if( !salt ) {
- EVP_MD_CTX_cleanup(&mdctx);
+#if OPENSSL_VERSION_NUMBER < 0x10100005L
+ EVP_MD_CTX_destroy(mdctx);
+#else
+ EVP_MD_CTX_free(mdctx);
+#endif
return 0;
}
if( !RAND_bytes(salt,saltlen) ) {
- EVP_MD_CTX_cleanup(&mdctx);
+#if OPENSSL_VERSION_NUMBER < 0x10100005L
+ EVP_MD_CTX_destroy(mdctx);
+#else
+ EVP_MD_CTX_free(mdctx);
+#endif
free(salt);
return 0;
}
- EVP_DigestUpdate(&mdctx, salt, saltlen);
+ EVP_DigestUpdate(mdctx, salt, saltlen);
}
digest = (unsigned char *)malloc(EVP_MD_size(md) + saltlen);
if( !digest ) {
if (saltlen) {
free(salt);
}
- EVP_MD_CTX_cleanup(&mdctx);
+#if OPENSSL_VERSION_NUMBER < 0x10100005L
+ EVP_MD_CTX_destroy(mdctx);
+#else
+ EVP_MD_CTX_free(mdctx);
+#endif
return 0;
}
- EVP_DigestFinal(&mdctx, digest, &dlen);
+ EVP_DigestFinal(mdctx, digest, &dlen);
memcpy(digest+dlen,salt,saltlen);
if (saltlen) {
@@ -352,6 +416,12 @@ int _ldapfull_set_hashed(moddata_t data, const char *scheme, const char *prefix,
free(digest);
if( !rc ) {
free(hash);
+#if OPENSSL_VERSION_NUMBER < 0x10100005L
+ EVP_MD_CTX_destroy(mdctx);
+#else
+ EVP_MD_CTX_free(mdctx);
+#endif
+ return 0;
return 0;
}
@@ -359,12 +429,23 @@ int _ldapfull_set_hashed(moddata_t data, const char *scheme, const char *prefix,
if( hlen + plen >= buflen ) {
log_write(data->ar->c2s->log,LOG_ERR,"_ldapfull_set_hashed: buffer is too short (%i bytes)",buflen);
free(hash);
+#if OPENSSL_VERSION_NUMBER < 0x10100005L
+ EVP_MD_CTX_destroy(mdctx);
+#else
+ EVP_MD_CTX_free(mdctx);
+#endif
+ return 0;
return 0;
}
memcpy(buf,prefix,plen);
memcpy(buf+plen,hash,hlen);
buf[hlen+plen]='\0';
free(hash);
+#if OPENSSL_VERSION_NUMBER < 0x10100005L
+ EVP_MD_CTX_destroy(mdctx);
+#else
+ EVP_MD_CTX_free(mdctx);
+#endif
return 1;
}
--
2.9.3