# Fix for CAN-2004-0155 by Michal Ludvig
--- 0.3rc4/src/racoon/crypto_openssl.c	2004-03-25 15:52:57.000000000 +0100
+++ head/src/racoon/crypto_openssl.c	2004-04-05 16:17:26.168379313 +0200
@@ -669,7 +669,7 @@ eay_check_x509sign(source, sig, cert)
 {
 	X509 *x509;
 	u_char *bp;
-	vchar_t pubkey;
+	EVP_PKEY *evp;
 
 	bp = cert->v;
 
@@ -681,10 +681,13 @@ eay_check_x509sign(source, sig, cert)
 		return -1;
 	}
 
-	pubkey.v = x509->cert_info->key->public_key->data;
-	pubkey.l = x509->cert_info->key->public_key->length;
-	
-	return eay_rsa_verify(source, sig, &pubkey);
+	evp = X509_get_pubkey(x509);
+	if (! evp) {
+	  plog(LLV_ERROR, LOCATION, NULL, "X509_get_pubkey: %s\n", eay_strerror());
+	  return -1;
+	}
+
+	return eay_rsa_verify(source, sig, evp);
 }
 
 /*
@@ -885,24 +888,16 @@ eay_rsa_sign(src, privkey)
 }
 
 int
-eay_rsa_verify(src, sig, pubkey)
-	vchar_t *src, *sig, *pubkey;
-{
+eay_rsa_verify(src, sig, evp)
+	vchar_t *src, *sig;
 	EVP_PKEY *evp;
-	u_char *bp = pubkey->v;
+{
 	vchar_t *xbuf = NULL;
 	int pad = RSA_PKCS1_PADDING;
 	int len = 0;
 	int error;
 
-	evp = d2i_PUBKEY(NULL, &bp, pubkey->l);
-	if (evp == NULL)
-#ifndef EAYDEBUG
-		return 0;
-#endif
-
 	len = RSA_size(evp->pkey.rsa);
-
 	xbuf = vmalloc(len);
 	if (xbuf == NULL) {
 #ifndef EAYDEBUG
--- 0.3rc4/src/racoon/crypto_openssl.h	2004-01-08 19:35:24.000000000 +0100
+++ head/src/racoon/crypto_openssl.h	2004-04-05 16:10:32.097535403 +0200
@@ -57,7 +57,7 @@ extern int eay_check_pkcs7sign __P((vcha
 
 /* RSA */
 extern vchar_t *eay_rsa_sign __P((vchar_t *, vchar_t *));
-extern int eay_rsa_verify __P((vchar_t *, vchar_t *, vchar_t *));
+extern int eay_rsa_verify __P((vchar_t *, vchar_t *, EVP_PKEY *));
 
 /* ASN.1 */
 extern vchar_t *eay_get_pkcs1privkey __P((char *));