Control: tag -1 patch
I have prepared patches for ssldump to
(1) recognize OpenSSL 1.1 at configure time
(2) deal with API changes
Cheers,
-Hilko
Index: ssldump/configure.in
===================================================================
--- ssldump.orig/configure.in
+++ ssldump/configure.in
@@ -187,8 +187,13 @@ if test "$ac_use_openssl" != "false"; th
save_LDFLAGS=$LDFLAGS
LIBS="-lssl -lcrypto $LIBS"
LDFLAGS="-L$dir $LDFLAGS"
- AC_TRY_LINK_FUNC(SSL_load_error_strings,ac_linked_libssl="true",
- ac_linked_libssl="false");
+ AC_TRY_LINK([
+ #define OPENSSL_API_COMPAT 0x10000000L
+ #include <openssl/ssl.h>
+ ],
+ [SSL_load_error_strings()],
+ ac_linked_libssl="true",
+ ac_linked_libssl="false");
AC_TRY_LINK_FUNC(RC4_set_key,ac_linked_libcrypto="true",
ac_linked_libcrypto="false");
if test "$ac_linked_libssl" != "false" -a \
Index: ssldump/ssl/ssl_rec.c
===================================================================
--- ssldump.orig/ssl/ssl_rec.c
+++ ssldump/ssl/ssl_rec.c
@@ -116,7 +116,7 @@ int ssl_create_rec_decoder(dp,cs,mk,sk,i
dec->cs=cs;
if(r=r_data_create(&dec->mac_key,mk,cs->dig_len))
ABORT(r);
- if(!(dec->evp=(EVP_CIPHER_CTX *)malloc(sizeof(EVP_CIPHER_CTX))))
+ if(!(dec->evp=EVP_CIPHER_CTX_new()))
ABORT(R_NO_MEMORY);
EVP_CIPHER_CTX_init(dec->evp);
EVP_CipherInit(dec->evp,ciph,sk,iv,0);
@@ -228,35 +228,35 @@ static int tls_check_mac(d,ct,ver,data,d
UINT4 datalen;
UCHAR *mac;
{
- HMAC_CTX hm;
+ HMAC_CTX *hm = HMAC_CTX_new();
const EVP_MD *md;
UINT4 l;
UCHAR buf[20];
md=EVP_get_digestbyname(digests[d->cs->dig-0x40]);
- HMAC_Init(&hm,d->mac_key->data,d->mac_key->len,md);
+ HMAC_Init(hm,d->mac_key->data,d->mac_key->len,md);
fmt_seq(d->seq,buf);
d->seq++;
- HMAC_Update(&hm,buf,8);
+ HMAC_Update(hm,buf,8);
buf[0]=ct;
- HMAC_Update(&hm,buf,1);
+ HMAC_Update(hm,buf,1);
buf[0]=MSB(ver);
buf[1]=LSB(ver);
- HMAC_Update(&hm,buf,2);
+ HMAC_Update(hm,buf,2);
buf[0]=MSB(datalen);
buf[1]=LSB(datalen);
- HMAC_Update(&hm,buf,2);
+ HMAC_Update(hm,buf,2);
- HMAC_Update(&hm,data,datalen);
+ HMAC_Update(hm,data,datalen);
- HMAC_Final(&hm,buf,&l);
+ HMAC_Final(hm,buf,&l);
if(memcmp(mac,buf,l))
ERETURN(SSL_BAD_MAC);
- HMAC_cleanup(&hm);
+ HMAC_CTX_free(hm);
return(0);
}
@@ -268,7 +268,7 @@ int ssl3_check_mac(d,ct,ver,data,datalen
UINT4 datalen;
UCHAR *mac;
{
- EVP_MD_CTX mc;
+ EVP_MD_CTX *mc = EVP_MD_CTX_new();
const EVP_MD *md;
UINT4 l;
UCHAR buf[64],dgst[20];
@@ -277,42 +277,44 @@ int ssl3_check_mac(d,ct,ver,data,datalen
pad_ct=(d->cs->dig==DIG_SHA)?40:48;
md=EVP_get_digestbyname(digests[d->cs->dig-0x40]);
- EVP_DigestInit(&mc,md);
+ EVP_DigestInit(mc,md);
- EVP_DigestUpdate(&mc,d->mac_key->data,d->mac_key->len);
+ EVP_DigestUpdate(mc,d->mac_key->data,d->mac_key->len);
memset(buf,0x36,pad_ct);
- EVP_DigestUpdate(&mc,buf,pad_ct);
+ EVP_DigestUpdate(mc,buf,pad_ct);
fmt_seq(d->seq,buf);
d->seq++;
- EVP_DigestUpdate(&mc,buf,8);
+ EVP_DigestUpdate(mc,buf,8);
buf[0]=ct;
- EVP_DigestUpdate(&mc,buf,1);
+ EVP_DigestUpdate(mc,buf,1);
buf[0]=MSB(datalen);
buf[1]=LSB(datalen);
- EVP_DigestUpdate(&mc,buf,2);
+ EVP_DigestUpdate(mc,buf,2);
- EVP_DigestUpdate(&mc,data,datalen);
+ EVP_DigestUpdate(mc,data,datalen);
- EVP_DigestFinal(&mc,dgst,&l);
+ EVP_DigestFinal(mc,dgst,&l);
- EVP_DigestInit(&mc,md);
+ EVP_DigestInit(mc,md);
- EVP_DigestUpdate(&mc,d->mac_key->data,d->mac_key->len);
+ EVP_DigestUpdate(mc,d->mac_key->data,d->mac_key->len);
memset(buf,0x5c,pad_ct);
- EVP_DigestUpdate(&mc,buf,pad_ct);
+ EVP_DigestUpdate(mc,buf,pad_ct);
- EVP_DigestUpdate(&mc,dgst,l);
+ EVP_DigestUpdate(mc,dgst,l);
- EVP_DigestFinal(&mc,dgst,&l);
+ EVP_DigestFinal(mc,dgst,&l);
if(memcmp(mac,dgst,l))
ERETURN(SSL_BAD_MAC);
+ EVP_MD_CTX_free(mc);
+
return(0);
}
Index: ssldump/ssl/ssldecode.c
===================================================================
--- ssldump.orig/ssl/ssldecode.c
+++ ssldump/ssl/ssldecode.c
@@ -501,6 +501,7 @@ int ssl_process_client_key_exchange(ssl,
int i;
EVP_PKEY *pk;
+ const BIGNUM *n;
if(ssl->cs->kex!=KEX_RSA)
return(-1);
@@ -512,14 +513,15 @@ int ssl_process_client_key_exchange(ssl,
if(!pk)
return(-1);
- if(pk->type!=EVP_PKEY_RSA)
+ if(EVP_PKEY_id(pk)!=EVP_PKEY_RSA)
return(-1);
- if(r=r_data_alloc(&d->PMS,BN_num_bytes(pk->pkey.rsa->n)))
+ RSA_get0_key(EVP_PKEY_get0_RSA(pk), &n, NULL, NULL);
+ if(r=r_data_alloc(&d->PMS,BN_num_bytes(n)))
ABORT(r);
i=RSA_private_decrypt(len,msg,d->PMS->data,
- pk->pkey.rsa,RSA_PKCS1_PADDING);
+ EVP_PKEY_get0_RSA(pk),RSA_PKCS1_PADDING);
if(i!=48)
ABORT(SSL_BAD_PMS);
@@ -574,7 +576,7 @@ static int tls_P_hash(ssl,secret,seed,md
UCHAR *A;
UCHAR _A[20],tmp[20];
unsigned int A_l,tmp_l;
- HMAC_CTX hm;
+ HMAC_CTX *hm = HMAC_CTX_new();
CRDUMPD("P_hash secret",secret);
CRDUMPD("P_hash seed",seed);
@@ -583,15 +585,15 @@ static int tls_P_hash(ssl,secret,seed,md
A_l=seed->len;
while(left){
- HMAC_Init(&hm,secret->data,secret->len,md);
- HMAC_Update(&hm,A,A_l);
- HMAC_Final(&hm,_A,&A_l);
+ HMAC_Init(hm,secret->data,secret->len,md);
+ HMAC_Update(hm,A,A_l);
+ HMAC_Final(hm,_A,&A_l);
A=_A;
- HMAC_Init(&hm,secret->data,secret->len,md);
- HMAC_Update(&hm,A,A_l);
- HMAC_Update(&hm,seed->data,seed->len);
- HMAC_Final(&hm,tmp,&tmp_l);
+ HMAC_Init(hm,secret->data,secret->len,md);
+ HMAC_Update(hm,A,A_l);
+ HMAC_Update(hm,seed->data,seed->len);
+ HMAC_Final(hm,tmp,&tmp_l);
tocpy=MIN(left,tmp_l);
memcpy(ptr,tmp,tocpy);
@@ -599,7 +601,7 @@ static int tls_P_hash(ssl,secret,seed,md
left-=tocpy;
}
- HMAC_cleanup(&hm);
+ HMAC_CTX_free(hm);
CRDUMPD("P_hash out",out);
