On Mon, Sep 05, 2016 at 10:02:43PM +0200, Sebastian Andrzej Siewior wrote: > On 2016-06-26 12:24:41 [+0200], Kurt Roeckx wrote: > > If you have problems making things work, feel free to contact us. > > The patch attached fixes most of it. > There are a few des ??? DES conversations like des_cblock ??? DES_cblock or > des_key_schedule ??? DES_key_schedule or des_ede3_cbc_encrypt ??? > DESede3_cbc_encrypt which I hope are okay.
des_old.h has been removed. Replacing des_ by DES_ will probably work in most case. It used to contain: * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING * * The function names in here are deprecated and are only present to * provide an interface compatible with openssl 0.9.6 and older as * well as libdes. OpenSSL now provides functions where "des_" has * been replaced with "DES_" in the names, to make it possible to * make incompatible changes that are needed for C type security and * other stuff. * * This include files has two compatibility modes: * * - If OPENSSL_DES_LIBDES_COMPATIBILITY is defined, you get an API * that is compatible with libdes and SSLeay. * - If OPENSSL_DES_LIBDES_COMPATIBILITY isn't defined, you get an * API that is compatible with OpenSSL 0.9.5x to 0.9.6x. * * Note that these modes break earlier snapshots of OpenSSL, where * libdes compatibility was the only available mode or (later on) the * prefered compatibility mode. However, after much consideration * (and more or less violent discussions with external parties), it * was concluded that OpenSSL should be compatible with earlier versions * of itself before anything else. Also, in all honesty, libdes is * an old beast that shouldn't really be used any more. * * Please consider starting to use the DES_ functions rather than the * des_ ones. The des_ functions will disappear completely before * OpenSSL 1.0! * * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING [...] # define des_ede3_cbc_encrypt(i,o,l,k1,k2,k3,iv,e)\ DES_ede3_cbc_encrypt((i),(o),(l),&(k1),&(k2),&(k3),(iv),(e)) You already had to include that file to get it working, and that seems to be a message form 2001. So you really can't say they haven't been warned. > There are M_ASN1_INTEGER_free ??? ASN1_STRING_free which I also hope that > those are okay. # define M_ASN1_INTEGER_free(a) ASN1_STRING_free((ASN1_STRING *)a) So that looks fine. > That part where I replaced d2i_ASN1_BOOLEAN() looks like > they copied it from old openssl code. I'm not sure that that code you replaced it with is correct or not. > @@ -854,16 +857,18 @@ bif_smime_sign (caddr_t * qst, caddr_t * err_ret, > state_slot_t ** args) > } > > certs = sk_X509_new_null (); > +#if HALP > if (store && store->objs) > { > for (inx = 0; inx < sk_X509_OBJECT_num (store->objs); inx++) > { > X509_OBJECT *obj = sk_X509_OBJECT_value (store->objs, inx); > - if (obj->type == X509_LU_X509) > + if (X509_OBJECT_get_type(obj) == X509_LU_X509) > sk_X509_push (certs, X509_dup (obj->data.x509)); > } > > } > +#endif Are you looking for X509_STORE_get0_objects(store) instead of store->objs? > @@ -1488,6 +1496,7 @@ bif_get_certificate_info (caddr_t * qst, caddr_t * > err_ret, state_slot_t ** args > int n, i, len; > char *s, *data_ptr; > BIO *mem = BIO_new (BIO_s_mem ()); > +#if HALP > for (i = 0; NULL != subj && i < sk_X509_NAME_ENTRY_num(subj->entries); > i++) > { > ne = sk_X509_NAME_ENTRY_value(subj->entries,i); I think you're looking for: for (i = 0; NULL != subj && i < X509_NAME_entry_count(subj); i++) { X509_NAME_ENTRY *ne = X509_NAME_get_entry(subj, i); Kurt