open-vm-tools/openssl-vgauth.patch

--- vgauth/common/certverify.c.orig	2017-02-16 19:08:36.509896717 -0800
+++ vgauth/common/certverify.c	2017-02-16 19:15:02.716084270 -0800
@@ -827,11 +827,15 @@
                           const unsigned char *signature)
 {
    VGAuthError err = VGAUTH_E_FAIL;
-   EVP_MD_CTX mdCtx;
+   EVP_MD_CTX *mdCtx = NULL;
    const EVP_MD *hashAlg;
    int ret;
 
-   EVP_MD_CTX_init(&mdCtx);
+   mdCtx = EVP_MD_CTX_new();
+   if (mdCtx == NULL) {
+      g_warning("%s: unable to allocate a message digest.\n", __FUNCTION__);
+      return(VGAUTH_E_OUT_OF_MEMORY);
+   }
 
    switch (hash) {
    case VGAUTH_HASH_ALG_SHA256:
@@ -843,7 +847,7 @@
       goto done;
    }
 
-   ret = EVP_VerifyInit(&mdCtx, hashAlg);
+   ret = EVP_VerifyInit(mdCtx, hashAlg);
    if (ret <= 0) {
       VerifyDumpSSLErrors();
       g_warning("%s: unable to initialize verificatation context (ret = %d)\n",
@@ -856,7 +860,7 @@
     * one shot. We probably should put some upper bound on the size of the
     * data.
     */
-   ret = EVP_VerifyUpdate(&mdCtx, data, dataLen);
+   ret = EVP_VerifyUpdate(mdCtx, data, dataLen);
    if (ret <= 0) {
       VerifyDumpSSLErrors();
       g_warning("%s: unable to update verificatation context (ret = %d)\n",
@@ -864,7 +868,7 @@
       goto done;
    }
 
-   ret = EVP_VerifyFinal(&mdCtx, signature, (unsigned int) signatureLen, publicKey);
+   ret = EVP_VerifyFinal(mdCtx, signature, (unsigned int) signatureLen, publicKey);
    if (0 == ret) {
       g_debug("%s: verification failed!\n", __FUNCTION__);
       err = VGAUTH_E_AUTHENTICATION_DENIED;
@@ -879,7 +883,7 @@
    err = VGAUTH_E_OK;
 
 done:
-   EVP_MD_CTX_cleanup(&mdCtx);
+   EVP_MD_CTX_free(mdCtx);
 
    return err;
 }
--- vgauth/common/certverify.h.orig	2017-02-16 19:08:43.843033377 -0800
+++ vgauth/common/certverify.h	2017-02-16 19:22:38.248130476 -0800
@@ -28,6 +28,18 @@
 #include <glib.h>
 #include "VGAuthAuthentication.h"
 
+/* new API from OpenSSL 1.1.0
+ *      https://www.openssl.org/docs/manmaster/crypto/EVP_DigestInit.html
+ *
+ * EVP_MD_CTX_create() and EVP_MD_CTX_destroy() were renamed to
+ * EVP_MD_CTX_new() and EVP_MD_CTX_free() in OpenSSL 1.1.
+ */
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#define EVP_MD_CTX_new()        EVP_MD_CTX_create()
+#define EVP_MD_CTX_free(x)      EVP_MD_CTX_destroy((x))
+#endif /* OpenSSL version < 1.1.0 */
+
+
 /*
  * XXX Do we still need this?  What other algorithms do SAML tokens use?
  */
vgauth patch for openssl-1.1.0 2017-02-17 03:31:32 +00:00			`--- vgauth/common/certverify.c.orig 2017-02-16 19:08:36.509896717 -0800`
			`+++ vgauth/common/certverify.c 2017-02-16 19:15:02.716084270 -0800`
			`@@ -827,11 +827,15 @@`
			`const unsigned char *signature)`
			`{`
			`VGAuthError err = VGAUTH_E_FAIL;`
			`- EVP_MD_CTX mdCtx;`
			`+ EVP_MD_CTX *mdCtx = NULL;`
			`const EVP_MD *hashAlg;`
			`int ret;`

			`- EVP_MD_CTX_init(&mdCtx);`
			`+ mdCtx = EVP_MD_CTX_new();`
			`+ if (mdCtx == NULL) {`
			`+ g_warning("%s: unable to allocate a message digest.\n", __FUNCTION__);`
			`+ return(VGAUTH_E_OUT_OF_MEMORY);`
			`+ }`

			`switch (hash) {`
			`case VGAUTH_HASH_ALG_SHA256:`
			`@@ -843,7 +847,7 @@`
			`goto done;`
			`}`

			`- ret = EVP_VerifyInit(&mdCtx, hashAlg);`
			`+ ret = EVP_VerifyInit(mdCtx, hashAlg);`
			`if (ret <= 0) {`
			`VerifyDumpSSLErrors();`
			`g_warning("%s: unable to initialize verificatation context (ret = %d)\n",`
			`@@ -856,7 +860,7 @@`
			`* one shot. We probably should put some upper bound on the size of the`
			`* data.`
			`*/`
			`- ret = EVP_VerifyUpdate(&mdCtx, data, dataLen);`
			`+ ret = EVP_VerifyUpdate(mdCtx, data, dataLen);`
			`if (ret <= 0) {`
			`VerifyDumpSSLErrors();`
			`g_warning("%s: unable to update verificatation context (ret = %d)\n",`
			`@@ -864,7 +868,7 @@`
			`goto done;`
			`}`

			`- ret = EVP_VerifyFinal(&mdCtx, signature, (unsigned int) signatureLen, publicKey);`
			`+ ret = EVP_VerifyFinal(mdCtx, signature, (unsigned int) signatureLen, publicKey);`
			`if (0 == ret) {`
			`g_debug("%s: verification failed!\n", __FUNCTION__);`
			`err = VGAUTH_E_AUTHENTICATION_DENIED;`
			`@@ -879,7 +883,7 @@`
			`err = VGAUTH_E_OK;`

			`done:`
			`- EVP_MD_CTX_cleanup(&mdCtx);`
			`+ EVP_MD_CTX_free(mdCtx);`

			`return err;`
			`}`
			`--- vgauth/common/certverify.h.orig 2017-02-16 19:08:43.843033377 -0800`
			`+++ vgauth/common/certverify.h 2017-02-16 19:22:38.248130476 -0800`
			`@@ -28,6 +28,18 @@`
			`#include <glib.h>`
			`#include "VGAuthAuthentication.h"`

			`+/* new API from OpenSSL 1.1.0`
			`+ * https://www.openssl.org/docs/manmaster/crypto/EVP_DigestInit.html`
			`+ *`
			`+ * EVP_MD_CTX_create() and EVP_MD_CTX_destroy() were renamed to`
			`+ * EVP_MD_CTX_new() and EVP_MD_CTX_free() in OpenSSL 1.1.`
			`+ */`
			`+#if OPENSSL_VERSION_NUMBER < 0x10100000L`
			`+#define EVP_MD_CTX_new() EVP_MD_CTX_create()`
			`+#define EVP_MD_CTX_free(x) EVP_MD_CTX_destroy((x))`
			`+#endif /* OpenSSL version < 1.1.0 */`
			`+`
			`+`
			`/*`
			`* XXX Do we still need this? What other algorithms do SAML tokens use?`
			`*/`