Ticket #1572: sge_ssl_1.1.patch

File sge_ssl_1.1.patch, 7.5 KB (added by mhy, 4 years ago)

Compile tested OpenSSL 1.1 patch

  • source/libs/comm/cl_ssl_framework.c

    old new static int cl_com_ssl_set_default_mode(S 
    484484static int ssl_callback_SSLVerify_CRL(int ok, X509_STORE_CTX *ctx, cl_com_ssl_private_t* private) {
    485485   X509 *cert = NULL;
    486486   X509_LOOKUP *lookup = NULL;
    487    X509_STORE_CTX verify_ctx;
     487   X509_STORE_CTX *verify_ctx = NULL;
    488488   int err;
    489489   int is_ok = true;
    490490   SGE_STRUCT_STAT stat_buffer;
    static int ssl_callback_SSLVerify_CRL(in 
    499499      return true;
    500500   }   
    501501
     502   verify_ctx = X509_STORE_CTX_new();
     503
    502504   /* create the cert store and set the verify callback */
    503505   if (private->ssl_crl_data->store == NULL || stat_buffer.st_mtime != private->ssl_crl_data->last_modified) {
    504506       CL_LOG(CL_LOG_WARNING, "creating new crl store context");
    static int ssl_callback_SSLVerify_CRL(in 
    545547   cert = X509_STORE_CTX_get_current_cert(ctx);
    546548   if (is_ok == true && cert != NULL) {
    547549       /* X509_STORE_CTX_init did not return an error condition in prior versions */
    548        if (X509_STORE_CTX_init(&verify_ctx, private->ssl_crl_data->store, cert, NULL) != 1) {
     550       if (X509_STORE_CTX_init(verify_ctx, private->ssl_crl_data->store, cert, NULL) != 1) {
    549551          CL_LOG(CL_LOG_ERROR, "Error initializing verification context");
    550552          is_ok = false;
    551553       } else {
    552554          /* verify the certificate */
    553           if (X509_verify_cert(&verify_ctx) != 1) {
     555          if (X509_verify_cert(verify_ctx) != 1) {
    554556             is_ok = false;
    555557          }
    556558       }
    557559       if (is_ok == false) {
    558            err = X509_STORE_CTX_get_error(&verify_ctx);
     560           err = X509_STORE_CTX_get_error(verify_ctx);
    559561           X509_STORE_CTX_set_error(ctx, err);
    560562       }
    561        X509_STORE_CTX_cleanup(&verify_ctx);
     563       X509_STORE_CTX_cleanup(verify_ctx);
    562564   } else {
    563565      if (is_ok == false) {
    564566         CL_LOG(CL_LOG_ERROR,"X509 store is not valid");
    static int ssl_callback_SSLVerify_CRL(in 
    569571      is_ok = false;
    570572   }
    571573
     574   X509_STORE_CTX_free(verify_ctx);
     575
    572576   return is_ok;
    573577}
    574578
  • source/utilbin/sge_passwd.c

    old new buffer_encrypt(const char *buffer_in, si 
    280280               size_t *buffer_out_length)
    281281{
    282282   unsigned int ebuflen;
    283    EVP_CIPHER_CTX ectx;
     283   EVP_CIPHER_CTX *ectx = NULL;
    284284   unsigned char iv[EVP_MAX_IV_LENGTH];
    285285   unsigned char *ekey[1];
    286286   int ekeylen=0, net_ekeylen=0;
    buffer_encrypt(const char *buffer_in, si 
    315315   ret = sge_ssl_rand_load_file(rand_file, sizeof(rand_file));
    316316
    317317   if(ret <= 0) {
     318      sge_free(&(ekey[0]));
     319      EVP_PKEY_free(pubKey[0]);
    318320      snprintf(err_str, MAX_STRING_SIZE, MSG_PWD_CANTLOADRANDFILE_SSS,
    319321              "sgepasswd", rand_file, MSG_PWD_NO_SSL_ERR);
    320322
    buffer_encrypt(const char *buffer_in, si 
    325327      return;
    326328   }
    327329
     330   /* Initialise cipher context */
     331   ectx = EVP_CIPHER_CTX_new();
     332   if (!ectx) {
     333      sge_free(&(ekey[0]));
     334      EVP_PKEY_free(pubKey[0]);
     335      fprintf(stderr, MSG_PWD_MALLOC_SS, SGE_PASSWD_PROG_NAME, MSG_PWD_NO_SSL_ERR);
     336      fprintf(stderr, "\n");
     337      DEXIT;
     338      exit(1);
     339   }
     340
    328341   memset(iv, '\0', sizeof(iv));
    329342#if 0
    330    ret = EVP_SealInit(&ectx, EVP_des_ede3_cbc(), ekey, &ekeylen, iv, pubKey, 1);
     343   ret = EVP_SealInit(ectx, EVP_des_ede3_cbc(), ekey, &ekeylen, iv, pubKey, 1);
    331344#else
    332    ret = EVP_SealInit(&ectx, EVP_rc4(), ekey, &ekeylen, iv, pubKey, 1);
     345   ret = EVP_SealInit(ectx, EVP_rc4(), ekey, &ekeylen, iv, pubKey, 1);
    333346#endif
    334347   if(ret == 0) {
    335348      printf("---> EVP_SealInit\n");
    buffer_encrypt(const char *buffer_in, si 
    352365   buffer_append(buffer_out, buffer_out_size, buffer_out_length,
    353366                 (char*)iv, sizeof(iv));
    354367
    355    EVP_SealUpdate(&ectx, (unsigned char*)ebuf,
     368   EVP_SealUpdate(ectx, (unsigned char*)ebuf,
    356369                                   (int*)&ebuflen,
    357370                                   (const unsigned char *) buffer_in,
    358371                                   buffer_in_length);
    buffer_encrypt(const char *buffer_in, si 
    360373   buffer_append(buffer_out, buffer_out_size, buffer_out_length,
    361374                 ebuf, ebuflen);
    362375
    363    EVP_SealFinal(&ectx, (unsigned char *)ebuf, (int*)&ebuflen);
     376   EVP_SealFinal(ectx, (unsigned char *)ebuf, (int*)&ebuflen);
    364377
    365378   buffer_append(buffer_out, buffer_out_size, buffer_out_length,
    366379                 ebuf, ebuflen);
    367380
     381   EVP_CIPHER_CTX_free(ectx);
    368382   EVP_PKEY_free(pubKey[0]);
    369383   sge_free(&(ekey[0]));
    370384   DEXIT;
    buffer_decrypt(const char *buffer_in, si 
    379393   char buf[520];
    380394   char ebuf[512];
    381395   unsigned int buflen;
    382    EVP_CIPHER_CTX ectx;
     396   EVP_CIPHER_CTX *ectx = NULL;
    383397   unsigned char iv[EVP_MAX_IV_LENGTH];
    384398   unsigned char *encryptKey;
    385399   unsigned int ekeylen;
    buffer_decrypt(const char *buffer_in, si 
    455469      return 1;
    456470   }
    457471
     472   /* Initialise cipher context */
     473   ectx = EVP_CIPHER_CTX_new();
     474   if (!ectx) {
     475      sge_free(&encryptKey);
     476      fprintf(stderr, MSG_PWD_MALLOC_SS, SGE_PASSWD_PROG_NAME, MSG_PWD_NO_SSL_ERR);
     477      fprintf(stderr, "\n");
     478      DEXIT;
     479      exit(1);
     480   }
     481
    458482   memcpy(encryptKey, curr_ptr, ekeylen);
    459483   curr_ptr += ekeylen;
    460484   buffer_in_length -= ekeylen;
    buffer_decrypt(const char *buffer_in, si 
    462486   curr_ptr += sizeof(iv);
    463487   buffer_in_length -= sizeof(iv);
    464488#if 0
    465    ret = EVP_OpenInit(&ectx, EVP_des_ede3_cbc(), encryptKey, ekeylen, iv, privateKey); 
     489   ret = EVP_OpenInit(ectx, EVP_des_ede3_cbc(), encryptKey, ekeylen, iv, privateKey);   
    466490#else
    467    ret = EVP_OpenInit(&ectx, EVP_rc4(), encryptKey, ekeylen, iv, privateKey);   
     491   ret = EVP_OpenInit(ectx, EVP_rc4(), encryptKey, ekeylen, iv, privateKey);   
    468492#endif
    469493   if(ret == 0) {
    470494      printf("----> EVP_OpenInit\n");
    buffer_decrypt(const char *buffer_in, si 
    484508         readlen = sizeof(ebuf);
    485509      }
    486510
    487       ret = EVP_OpenUpdate(&ectx, (unsigned char *)buf,
     511      ret = EVP_OpenUpdate(ectx, (unsigned char *)buf,
    488512               (int*)&buflen,
    489513               (const unsigned char *)ebuf, readlen);
    490514      if (ret == 0) {
    491515         error_code = ERR_get_error();
    492516         ERR_error_string(error_code, err_msg);
     517         EVP_CIPHER_CTX_free(ectx);
    493518         snprintf(err_str, lstr, MSG_PWD_SSL_ERR_MSG_SS, SGE_PASSWD_PROG_NAME, err_msg);
    494519#ifdef DEFINE_SGE_PASSWD_MAIN
    495520         fprintf(stderr, "%s\n", err_str);
    buffer_decrypt(const char *buffer_in, si 
    502527         buf, buflen);
    503528   }
    504529
    505    ret = EVP_OpenFinal(&ectx, (unsigned char *)buf, (int*)&buflen);
     530   ret = EVP_OpenFinal(ectx, (unsigned char *)buf, (int*)&buflen);
    506531   if (ret == 0) {
    507532      error_code = ERR_get_error();
    508533      ERR_error_string(error_code, err_msg);
     534      EVP_CIPHER_CTX_free(ectx);
    509535      snprintf(err_str, lstr, MSG_PWD_SSL_ERR_MSG_SS, SGE_PASSWD_PROG_NAME, err_msg);
    510536#ifdef DEFINE_SGE_PASSWD_MAIN
    511537      fprintf(stderr, "%s\n", err_str);
    buffer_decrypt(const char *buffer_in, si 
    516542   buffer_append(buffer_out, buffer_out_size, buffer_out_length,
    517543                 buf, buflen);
    518544
     545   EVP_CIPHER_CTX_free(ectx);
    519546   EVP_PKEY_free(privateKey);
    520547   sge_free(&encryptKey);
    521548   error_code = ERR_get_error();