1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
|
From 46a6079817c67a09e5ac493af3381c655bd91c26 Mon Sep 17 00:00:00 2001
From: Peter Popovec <popovec.peter@gmail.com>
Date: Tue, 21 Aug 2018 10:24:36 +0200
Subject: [PATCH] Replacing deprecated OpenSSL API functions (#12)
fixes https://github.com/OpenSC/pam_p11/issues/10
---
configure.ac | 5 +++++
src/pam_p11.c | 17 ++++++++++++++---
2 files changed, 19 insertions(+), 3 deletions(-)
diff --git a/configure.ac b/configure.ac
index 5bcbdd6..2854a99 100644
--- a/configure.ac
+++ b/configure.ac
@@ -85,6 +85,11 @@ PKG_CHECK_MODULES(
)]
)
+saved_LIBS="$LIBS"
+LIBS="$OPENSSL_LIBS $LIBS"
+AC_CHECK_FUNCS(EVP_MD_CTX_new EVP_MD_CTX_free EVP_MD_CTX_reset)
+LIBS="$saved_LIBS"
+
if test -z "${PAM_LIBS}"; then
AC_ARG_VAR([PAM_CFLAGS], [C compiler flags for pam])
AC_ARG_VAR([PAM_LIBS], [linker flags for pam])
diff --git a/src/pam_p11.c b/src/pam_p11.c
index 2b4bfbe..60380e5 100644
--- a/src/pam_p11.c
+++ b/src/pam_p11.c
@@ -31,6 +31,17 @@
#include <openssl/crypto.h>
#include <libp11.h>
+/* openssl deprecated API emulation */
+#ifndef HAVE_EVP_MD_CTX_NEW
+#define EVP_MD_CTX_new() EVP_MD_CTX_create()
+#endif
+#ifndef HAVE_EVP_MD_CTX_FREE
+#define EVP_MD_CTX_free(ctx) EVP_MD_CTX_destroy((ctx))
+#endif
+#ifndef HAVE_EVP_MD_CTX_RESET
+#define EVP_MD_CTX_reset(ctx) EVP_MD_CTX_cleanup((ctx))
+#endif
+
#ifdef ENABLE_NLS
#include <libintl.h>
#include <locale.h>
@@ -578,7 +589,7 @@ static int key_verify(pam_handle_t *pamh, int flags, PKCS11_KEY *authkey)
unsigned char signature[256];
unsigned int siglen = sizeof signature;
const EVP_MD *md = EVP_sha1();
- EVP_MD_CTX *md_ctx = EVP_MD_CTX_create();
+ EVP_MD_CTX *md_ctx = EVP_MD_CTX_new();
EVP_PKEY *privkey = PKCS11_get_private_key(authkey);
EVP_PKEY *pubkey = PKCS11_get_public_key(authkey);
@@ -596,7 +607,7 @@ static int key_verify(pam_handle_t *pamh, int flags, PKCS11_KEY *authkey)
|| !EVP_SignInit(md_ctx, md)
|| !EVP_SignUpdate(md_ctx, challenge, sizeof challenge)
|| !EVP_SignFinal(md_ctx, signature, &siglen, privkey)
- || !EVP_MD_CTX_cleanup(md_ctx)
+ || !EVP_MD_CTX_reset(md_ctx)
|| !EVP_VerifyInit(md_ctx, md)
|| !EVP_VerifyUpdate(md_ctx, challenge, sizeof challenge)
|| 1 != EVP_VerifyFinal(md_ctx, signature, siglen, pubkey)) {
@@ -613,7 +624,7 @@ static int key_verify(pam_handle_t *pamh, int flags, PKCS11_KEY *authkey)
if (NULL != privkey)
EVP_PKEY_free(privkey);
if (NULL != md_ctx) {
- EVP_MD_CTX_destroy(md_ctx);
+ EVP_MD_CTX_free(md_ctx);
}
return ok;
}
|