Merge branch 'openssl_1.1'

Author: valtri

src/canl_mod_gridsite.c

@@ -2336,16 +2336,22 @@ int GRST_get_session_id(SSL *ssl, char *session_id, size_t len)
 {
    int          i;
    SSL_SESSION *session;
+   unsigned int sess_len;
+   const unsigned char *sess_id;
 
-   if (((session = SSL_get_session(ssl)) == NULL) ||
-       (session->session_id_length == 0)) 
+   session = SSL_get_session(ssl);
+   if (session == NULL)
       return GRST_RET_FAILED;
-   
-   if (2 * session->session_id_length + 1 > len) 
+
+   sess_id = SSL_SESSION_get_id(session, &sess_len);
+   if (sess_len == 0)
+      return GRST_RET_FAILED;
+
+   if (2 * sess_len + 1 > len) 
       return GRST_RET_FAILED;
 
-   for (i=0; i < (int) session->session_id_length; ++i)
-    sprintf(&(session_id[i*2]), "%02X", (unsigned char) session->session_id[i]);
+   for (i=0; i < sess_len; ++i)
+    sprintf(&(session_id[i*2]), "%02X", sess_id[i]);
 
    session_id[i*2] = '\0';
 
@@ -2742,7 +2748,6 @@ static int mod_gridsite_perm_handler(request_rec *r)
     if ((user == NULL) &&
         (sslconn != NULL) && 
         (sslconn->ssl != NULL) &&
-        (sslconn->ssl->session != NULL) &&
         (r->connection->notes != NULL) &&
         (apr_table_get(r->connection->notes, "GRST_save_ssl_creds") == NULL))
       {
@@ -3973,7 +3978,7 @@ static int mod_gridsite_server_post_config(apr_pool_t *pPool,
 #endif
 
             /* Use default caNl callbacks to verify certificates*/
-            canl_ssl_ctx_set_clb(c_ctx, ctx, ctx->verify_mode,
+            canl_ssl_ctx_set_clb(c_ctx, ctx, SSL_CTX_get_verify_mode(ctx),
                     GRST_callback_SSLVerify_wrapper);
 
             if (GRST_AP_LOGLEVEL(main_server) >= APLOG_DEBUG)

src/grst_asn1.c

@@ -302,9 +302,8 @@ static int GRSTasn1Parse2(BIO *bp, unsigned char **pp, long length, int offset,
 				{
 				int ii;
 
-				opp=op;
-				ii=d2i_ASN1_BOOLEAN(NULL,&opp,len+hl);
-				if (ii < 0)
+				ii = (int)*p;
+				if (ii < 0 || (int)len != 1)
 				{
 				  if ((bp != NULL) &&
 				      (BIO_write(bp,"Bad boolean\n",12)))
@@ -338,7 +337,7 @@ static int GRSTasn1Parse2(BIO *bp, unsigned char **pp, long length, int offset,
 							goto end;
 					  }
 
-					M_ASN1_OCTET_STRING_free(os);
+					ASN1_OCTET_STRING_free(os);
 					os=NULL;
 					}
 				}
@@ -377,7 +376,7 @@ static int GRSTasn1Parse2(BIO *bp, unsigned char **pp, long length, int offset,
 					    (BIO_write(bp,"BAD INTEGER",11) <= 0))
 						goto end;
 					}
-				M_ASN1_INTEGER_free(bs);
+				ASN1_INTEGER_free(bs);
 				}
 			else if (tag == V_ASN1_ENUMERATED)
 				{
@@ -414,7 +413,7 @@ static int GRSTasn1Parse2(BIO *bp, unsigned char **pp, long length, int offset,
 					    (BIO_write(bp,"BAD ENUMERATED",11) <= 0))
 						goto end;
 					}
-				M_ASN1_ENUMERATED_free(bs);
+				ASN1_ENUMERATED_free(bs);
 				}
 			else if (len > 0 && dump)
 				{
@@ -450,7 +449,7 @@ static int GRSTasn1Parse2(BIO *bp, unsigned char **pp, long length, int offset,
 	ret=1;
 end:
 	if (o != NULL) ASN1_OBJECT_free(o);
-	if (os != NULL) M_ASN1_OCTET_STRING_free(os);
+	if (os != NULL) ASN1_OCTET_STRING_free(os);
 	*pp=p;
 	return(ret);
 	}

src/grst_canl_x509.c

@@ -206,11 +206,17 @@ GRSTasn1FindField(const char *oid, char *coords,
         struct GRSTasn1TagList taglist[], int lasttag,
         int *result);
 
+static void
+ssl_init_crypto(void)
+{
+    OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_DIGESTS, NULL);
+}
+
 /* Safely initialize OpenSSL digests */
 static void GRSTx509SafeOpenSSLInitialization(void)
 {
     static pthread_once_t digests_once = PTHREAD_ONCE_INIT;
-    (void) pthread_once(&digests_once, OpenSSL_add_all_digests);
+    (void) pthread_once(&digests_once, ssl_init_crypto);
 }
 
 /// Compare X509 Distinguished Name strings
@@ -341,26 +347,30 @@ static int GRSTx509VerifySig(time_t *time1_time, time_t *time2_time,
 {   
    int            ret;
    EVP_PKEY      *prvkey;
-   EVP_MD_CTX     ctx;
+   EVP_MD_CTX     *ctx = NULL;
    time_t         voms_service_time1, voms_service_time2;
 
    prvkey = X509_extract_key(cert);
    if (prvkey == NULL) return GRST_RET_FAILED;
+
+   ctx = EVP_MD_CTX_new();
+   if (ctx == NULL)
+       return GRST_RET_FAILED;
 
    GRSTx509SafeOpenSSLInitialization();
 #if OPENSSL_VERSION_NUMBER >= 0x0090701fL
-   EVP_MD_CTX_init(&ctx);
-   EVP_VerifyInit_ex(&ctx, md_type, NULL);
+   EVP_MD_CTX_init(ctx);
+   EVP_VerifyInit_ex(ctx, md_type, NULL);
 #else
-   EVP_VerifyInit(&ctx, md_type);
+   EVP_VerifyInit(ctx, md_type);
 #endif
 
-   EVP_VerifyUpdate(&ctx, txt, txt_len);
+   EVP_VerifyUpdate(ctx, txt, txt_len);
 
-   ret = EVP_VerifyFinal(&ctx, sig, sig_len, prvkey);
+   ret = EVP_VerifyFinal(ctx, sig, sig_len, prvkey);
 
 #if OPENSSL_VERSION_NUMBER >= 0x0090701fL
-   EVP_MD_CTX_cleanup(&ctx);      
+   EVP_MD_CTX_free(ctx);
 #endif
    EVP_PKEY_free(prvkey);
 
@@ -375,7 +385,7 @@ static int GRSTx509VerifySig(time_t *time1_time, time_t *time2_time,
            GRSTasn1TimeToTimeT(ASN1_STRING_data(X509_get_notAfter(cert)),0);
           if (voms_service_time2 < *time2_time) 
                              *time2_time = voms_service_time2; 
-            
+
    return GRST_RET_OK ; /* verified */
 }
 
@@ -2639,24 +2649,28 @@ char *GRSTx509MakeDelegationID(void)
   int  i, delegation_id_len;
   char cred_name[14], *cred_value, *delegation_id;
   const EVP_MD *m;
-  EVP_MD_CTX ctx;
+  EVP_MD_CTX *ctx = NULL;
 
   GRSTx509SafeOpenSSLInitialization();
 
+  ctx = EVP_MD_CTX_new();
+  if (ctx == NULL)
+    return NULL;
+
   m = EVP_sha1();
   if (m == NULL) return NULL;
 
-  EVP_DigestInit(&ctx, m);
+  EVP_DigestInit(ctx, m);
 
   for (i=0; i <= 999; ++i)
      {
        snprintf(cred_name, sizeof(cred_name), "GRST_CRED_%d", i);       
        if ((cred_value = getenv(cred_name)) == NULL) break;
 
-       EVP_DigestUpdate(&ctx, cred_value, strlen(cred_value));
+       EVP_DigestUpdate(ctx, cred_value, strlen(cred_value));
      }
 
-  EVP_DigestFinal(&ctx, hash_delegation_id, &delegation_id_len);
+  EVP_DigestFinal(ctx, hash_delegation_id, &delegation_id_len);
 
   delegation_id = malloc(17);
 
@@ -2665,6 +2679,8 @@ char *GRSTx509MakeDelegationID(void)
 
   delegation_id[16] = '\0';
 
+  EVP_MD_CTX_free(ctx);
+
   return delegation_id;
 }