Project

General

Profile

Bug #1665 » ssl-fixes.diff

Andrew Stormont, 2011-10-18 09:12 PM

View differences:

usr/src/cmd/sendmail/src/tls.c Sun Oct 16 23:46:31 2011 +0100 → usr/src/cmd/sendmail/src/tls.c Mon Oct 17 00:09:53 2011 +0100
1168 1168
	MACROS_T *mac;
1169 1169
	bool certreq;
1170 1170
{
1171
	SSL_CIPHER *c;
1171
	const SSL_CIPHER *c;
1172 1172
	int b, r;
1173 1173
	long verifyok;
1174 1174
	char *s, *who;
usr/src/common/net/wanboot/boot_http.c Mon Oct 17 06:35:38 2011 +0100 → usr/src/common/net/wanboot/boot_http.c Mon Oct 17 08:12:28 2011 +0100
2236 2236
static void
2237 2237
print_ciphers(SSL *ssl)
2238 2238
{
2239
	SSL_CIPHER	*c;
2239
	const SSL_CIPHER *c;
2240 2240
	STACK_OF(SSL_CIPHER)	*sk;
2241 2241
	int	i;
2242 2242
	const char	*name;
usr/src/lib/libkmsagent/Makefile.com Mon Oct 17 06:35:38 2011 +0100 → usr/src/lib/libkmsagent/Makefile.com Mon Oct 17 08:12:28 2011 +0100
95 95
		-DWITH_OPENSSL -DHAVE_OPENSSL_SSL_H \
96 96
		-DWITH_IPV6 -D_POSIX_THREADS -DXML_STATIC \
97 97
		-DHAVE_EXPAT_CONFIG_H -DK_SOLARIS_PLATFORM  \
98
		-DOPENSSL_NO_DEPRECATED \
99 98
		-DKMS_AGENT_VERSION_STRING=\"KMSAgentLibraryVersion:Build1016\"
100 99

  
101 100
CFLAGS +=	$(CCVERBOSE)
usr/src/lib/libkmf/plugins/kmf_openssl/common/openssl_spi.c Mon Oct 17 08:23:15 2011 +0100 → usr/src/lib/libkmf/plugins/kmf_openssl/common/openssl_spi.c Mon Oct 17 14:21:34 2011 +0100
89 89
#include <openssl/ocsp.h>
90 90
#include <openssl/des.h>
91 91
#include <openssl/rand.h>
92
#include <openssl/evp.h>
93
#include <openssl/pkcs12.h>
92 94

  
93 95
#define	PRINT_ANY_EXTENSION (\
94 96
	KMF_X509_EXT_KEY_USAGE |\
......
2028 2029
	int j;
2029 2030
	int ext_index, nid, len;
2030 2031
	BIO *mem = NULL;
2031
	STACK *emlst = NULL;
2032
	STACK_OF(OPENSSL_STRING) *emlst = NULL;
2032 2033
	X509_EXTENSION *ex;
2033 2034
	X509_CINF *ci;
2034 2035

  
......
2141 2142

  
2142 2143
	case KMF_CERT_EMAIL:
2143 2144
		emlst = X509_get1_email(xcert);
2144
		for (j = 0; j < sk_num(emlst); j++)
2145
			(void) BIO_printf(mem, "%s\n", sk_value(emlst, j));
2145
		for (j = 0; j < sk_OPENSSL_STRING_num(emlst); j++)
2146
			(void) BIO_printf(mem, "%s\n", sk_OPENSSL_STRING_value(emlst, j));
2146 2147

  
2147 2148
		len = BIO_gets(mem, resultStr, KMF_CERT_PRINTABLE_LEN);
2148 2149
		X509_email_free(emlst);
......
4266 4267
			ty = sk_ASN1_TYPE_value(attr->value.set, 0);
4267 4268
		}
4268 4269
		if (ty != NULL) {
4269
			key->label = uni2asc(ty->value.bmpstring->data,
4270
			key->label = OPENSSL_uni2asc(ty->value.bmpstring->data,
4270 4271
			    ty->value.bmpstring->length);
4271 4272
		}
4272 4273
	} else {
usr/src/lib/krb5/plugins/preauth/pkinit/pkinit_crypto_openssl.c Mon Oct 17 08:23:15 2011 +0100 → usr/src/lib/krb5/plugins/preauth/pkinit/pkinit_crypto_openssl.c Mon Oct 17 15:24:42 2011 +0100
1278 1278
	revoked = sk_X509_CRL_new_null();
1279 1279
	for (i = 0; i < size; i++)
1280 1280
	    sk_X509_CRL_push(revoked, sk_X509_CRL_value(idctx->revoked, i));
1281
	size = sk_X509_num(p7->d.sign->crl);
1281
	size = sk_X509_CRL_num(p7->d.sign->crl);
1282 1282
	for (i = 0; i < size; i++)
1283 1283
	    sk_X509_CRL_push(revoked, sk_X509_CRL_value(p7->d.sign->crl, i));
1284 1284
    }
......
1419 1419
	    pkiDebug("PKCS7 Verification successful\n");
1420 1420
	else {
1421 1421
	    pkiDebug("wrong oid in eContentType\n");
1422
	    print_buffer(p7->d.sign->contents->type->data, 
1422
	    print_buffer((unsigned char *)p7->d.sign->contents->type->data, 
1423 1423
		(unsigned int)p7->d.sign->contents->type->length);
1424 1424
	    retval = KRB5KDC_ERR_PREAUTH_FAILED;
1425 1425
	    krb5_set_error_message(context, retval, "wrong oid\n");
......
4773 4773
    if (buf == NULL)
4774 4774
	return ENOMEM;
4775 4775

  
4776
    len = EVP_PKEY_decrypt(buf, data, (int)data_len, pkey);
4776
    len = EVP_PKEY_decrypt_old(buf, data, (int)data_len, pkey);
4777 4777
    if (len <= 0) {
4778 4778
	pkiDebug("unable to decrypt received data (len=%d)\n", data_len);
4779 4779
	/* Solaris Kerberos */
......
5908 5908
		    continue;
5909 5909
	    }
5910 5910
	    if (flag != 0) {
5911
		sk_X509_push(ca_crls, X509_CRL_dup(xi->crl));
5911
		sk_X509_CRL_push(ca_crls, X509_CRL_dup(xi->crl));
5912 5912
	    }
5913 5913
	}
5914 5914
    }
......
5938 5938
	}
5939 5939
	break;
5940 5940
    case CATYPE_CRLS:
5941
	if (sk_X509_num(ca_crls) == 0) {
5941
	if (sk_X509_CRL_num(ca_crls) == 0) {
5942 5942
	    pkiDebug("no crls in file, %s\n", filename);
5943 5943
	    if (id_cryptoctx->revoked == NULL)
5944 5944
		sk_X509_CRL_free(ca_crls);
usr/src/lib/libpkg/common/p12lib.c Mon Oct 17 08:23:15 2011 +0100 → usr/src/lib/libpkg/common/p12lib.c Mon Oct 17 16:19:45 2011 +0100
1137 1137
	}
1138 1138

  
1139 1139
	str = ty->value.bmpstring;
1140
	*fname = uni2asc(str->data, str->length);
1140
	*fname = OPENSSL_uni2asc(str->data, str->length);
1141 1141
	if (*fname == NULL) {
1142 1142
		SUNWerr(SUNW_F_GET_PKEY_FNAME, SUNW_R_MEMORY_FAILURE);
1143 1143
		return (-1);
......
2295 2295
	int unilen;
2296 2296

  
2297 2297
	/* Convert the character to the bmp format. */
2298
	if (asc2uni(str, len, &uni, &unilen) == 0) {
2298
	if (OPENSSL_asc2uni(str, len, &uni, &unilen) == 0) {
2299 2299
		SUNWerr(SUNW_F_ASC2BMPSTRING, SUNW_R_MEMORY_FAILURE);
2300 2300
		return (NULL);
2301 2301
	}
usr/src/common/net/wanboot/auxutil.c Mon Oct 17 08:23:15 2011 +0100 → usr/src/common/net/wanboot/auxutil.c Mon Oct 17 16:43:18 2011 +0100
97 97
	int unilen;
98 98

  
99 99
	/* Convert the character to the bmp format. */
100
	if (asc2uni(str, len, &uni, &unilen) == 0) {
100
	if (OPENSSL_asc2uni(str, len, &uni, &unilen) == 0) {
101 101
		SUNWerr(SUNW_F_ASC2BMPSTRING, SUNW_R_MEMORY_FAILURE);
102 102
		return (NULL);
103 103
	}
usr/src/common/net/wanboot/boot_http.c Mon Oct 17 08:23:15 2011 +0100 → usr/src/common/net/wanboot/boot_http.c Mon Oct 17 16:45:33 2011 +0100
1767 1767
static SSL_CTX *
1768 1768
initialize_ctx(http_conn_t *c_id)
1769 1769
{
1770
	SSL_METHOD	*meth;
1770
	const SSL_METHOD *meth;
1771 1771
	SSL_CTX		*ctx;
1772 1772

  
1773 1773
	ERR_clear_error();
usr/src/common/net/wanboot/p12misc.c Mon Oct 17 08:23:15 2011 +0100 → usr/src/common/net/wanboot/p12misc.c Mon Oct 17 16:46:32 2011 +0100
440 440
	}
441 441

  
442 442
	str = ty->value.bmpstring;
443
	*fname = uni2asc(str->data, str->length);
443
	*fname = OPENSSL_uni2asc(str->data, str->length);
444 444
	if (*fname == NULL) {
445 445
		SUNWerr(SUNW_F_GET_PKEY_FNAME, SUNW_R_MEMORY_FAILURE);
446 446
		return (-1);
(1-1/3)