Details | Last modification | View Log | RSS feed
Rev | Author | Line No. | Line |
---|---|---|---|
57 | magnus | 1 | Description: Support new OpenSSL 1.1 API |
2 | Use pointers instead of full struct members, and accessor function |
||
3 | EVP_PKEY_base_id() to get base type instead of comparing several |
||
4 | possible method IDs. We also need a copy constructor for SignatureInfo. |
||
5 | TODO: OOM error handling? Complex in C++ constructors. |
||
6 | Bug: https://bugs.debian.org/828392 |
||
7 | |||
8 | --- a/src/dkimsign.cpp |
||
9 | +++ b/src/dkimsign.cpp |
||
10 | @@ -41,20 +41,25 @@ CDKIMSign::CDKIMSign() |
||
11 | m_EmptyLineCount = 0; |
||
12 | m_pfnHdrCallback = NULL; |
||
13 | |||
14 | - EVP_SignInit( &m_allman_sha1ctx, EVP_sha1() ); |
||
15 | - EVP_SignInit( &m_Hdr_ietf_sha1ctx, EVP_sha1() ); |
||
16 | - EVP_SignInit( &m_Hdr_ietf_sha256ctx, EVP_sha256() ); |
||
17 | - EVP_DigestInit( &m_Bdy_ietf_sha1ctx, EVP_sha1() ); |
||
18 | - EVP_DigestInit( &m_Bdy_ietf_sha256ctx, EVP_sha256() ); |
||
19 | + m_allman_sha1ctx = EVP_MD_CTX_create(); |
||
20 | + EVP_SignInit( m_allman_sha1ctx, EVP_sha1() ); |
||
21 | + m_Hdr_ietf_sha1ctx = EVP_MD_CTX_create(); |
||
22 | + EVP_SignInit( m_Hdr_ietf_sha1ctx, EVP_sha1() ); |
||
23 | + m_Hdr_ietf_sha256ctx = EVP_MD_CTX_create(); |
||
24 | + EVP_SignInit( m_Hdr_ietf_sha256ctx, EVP_sha256() ); |
||
25 | + m_Bdy_ietf_sha1ctx = EVP_MD_CTX_create(); |
||
26 | + EVP_DigestInit( m_Bdy_ietf_sha1ctx, EVP_sha1() ); |
||
27 | + m_Bdy_ietf_sha256ctx = EVP_MD_CTX_create(); |
||
28 | + EVP_DigestInit( m_Bdy_ietf_sha256ctx, EVP_sha256() ); |
||
29 | } |
||
30 | |||
31 | CDKIMSign::~CDKIMSign() |
||
32 | { |
||
33 | - EVP_MD_CTX_cleanup( &m_allman_sha1ctx ); |
||
34 | - EVP_MD_CTX_cleanup( &m_Hdr_ietf_sha1ctx ); |
||
35 | - EVP_MD_CTX_cleanup( &m_Hdr_ietf_sha256ctx ); |
||
36 | - EVP_MD_CTX_cleanup( &m_Bdy_ietf_sha1ctx ); |
||
37 | - EVP_MD_CTX_cleanup( &m_Bdy_ietf_sha256ctx ); |
||
38 | + EVP_MD_CTX_destroy( m_allman_sha1ctx ); |
||
39 | + EVP_MD_CTX_destroy( m_Hdr_ietf_sha1ctx ); |
||
40 | + EVP_MD_CTX_destroy( m_Hdr_ietf_sha256ctx ); |
||
41 | + EVP_MD_CTX_destroy( m_Bdy_ietf_sha1ctx ); |
||
42 | + EVP_MD_CTX_destroy( m_Bdy_ietf_sha256ctx ); |
||
43 | } |
||
44 | |||
45 | //////////////////////////////////////////////////////////////////////////////// |
||
46 | @@ -150,34 +155,34 @@ void CDKIMSign::Hash( const char* szBuff |
||
47 | { |
||
48 | if( m_nIncludeBodyHash & DKIM_BODYHASH_ALLMAN_1 ) |
||
49 | { |
||
50 | - EVP_SignUpdate( &m_allman_sha1ctx, szBuffer, nBufLength ); |
||
51 | + EVP_SignUpdate( m_allman_sha1ctx, szBuffer, nBufLength ); |
||
52 | } |
||
53 | } |
||
54 | else |
||
55 | { |
||
56 | if( m_nIncludeBodyHash < DKIM_BODYHASH_IETF_1 ) |
||
57 | { |
||
58 | - EVP_SignUpdate( &m_allman_sha1ctx, szBuffer, nBufLength ); |
||
59 | + EVP_SignUpdate( m_allman_sha1ctx, szBuffer, nBufLength ); |
||
60 | } |
||
61 | else if( m_nIncludeBodyHash & DKIM_BODYHASH_IETF_1 ) |
||
62 | { |
||
63 | if( m_nIncludeBodyHash & DKIM_BODYHASH_ALLMAN_1 ) |
||
64 | { |
||
65 | - EVP_SignUpdate( &m_allman_sha1ctx, szBuffer, nBufLength ); |
||
66 | + EVP_SignUpdate( m_allman_sha1ctx, szBuffer, nBufLength ); |
||
67 | } |
||
68 | if( m_nHash & DKIM_HASH_SHA256 ) |
||
69 | { |
||
70 | if( bHdr ) |
||
71 | - EVP_SignUpdate( &m_Hdr_ietf_sha256ctx, szBuffer, nBufLength ); |
||
72 | + EVP_SignUpdate( m_Hdr_ietf_sha256ctx, szBuffer, nBufLength ); |
||
73 | else |
||
74 | - EVP_DigestUpdate( &m_Bdy_ietf_sha256ctx, szBuffer, nBufLength ); |
||
75 | + EVP_DigestUpdate( m_Bdy_ietf_sha256ctx, szBuffer, nBufLength ); |
||
76 | } |
||
77 | if( m_nHash != DKIM_HASH_SHA256 ) |
||
78 | { |
||
79 | if( bHdr ) |
||
80 | - EVP_SignUpdate( &m_Hdr_ietf_sha1ctx, szBuffer, nBufLength ); |
||
81 | + EVP_SignUpdate( m_Hdr_ietf_sha1ctx, szBuffer, nBufLength ); |
||
82 | else |
||
83 | - EVP_DigestUpdate( &m_Bdy_ietf_sha1ctx, szBuffer, nBufLength ); |
||
84 | + EVP_DigestUpdate( m_Bdy_ietf_sha1ctx, szBuffer, nBufLength ); |
||
85 | } |
||
86 | } |
||
87 | } |
||
88 | @@ -864,7 +869,7 @@ int CDKIMSign::ConstructSignature( char* |
||
89 | unsigned char Hash[EVP_MAX_MD_SIZE]; |
||
90 | unsigned int nHashLen = 0; |
||
91 | |||
92 | - EVP_DigestFinal( bUseSha256 ? &m_Bdy_ietf_sha256ctx : &m_Bdy_ietf_sha1ctx, Hash, &nHashLen ); |
||
93 | + EVP_DigestFinal( bUseSha256 ? m_Bdy_ietf_sha256ctx : m_Bdy_ietf_sha1ctx, Hash, &nHashLen ); |
||
94 | |||
95 | bio = BIO_new(BIO_s_mem()); |
||
96 | if (!bio) { |
||
97 | @@ -935,11 +940,11 @@ int CDKIMSign::ConstructSignature( char* |
||
98 | |||
99 | if( bUseIetfBodyHash ) |
||
100 | { |
||
101 | - EVP_SignUpdate( bUseSha256 ? &m_Hdr_ietf_sha256ctx : &m_Hdr_ietf_sha1ctx, sTemp.c_str(), sTemp.size() ); |
||
102 | + EVP_SignUpdate( bUseSha256 ? m_Hdr_ietf_sha256ctx : m_Hdr_ietf_sha1ctx, sTemp.c_str(), sTemp.size() ); |
||
103 | } |
||
104 | else |
||
105 | { |
||
106 | - EVP_SignUpdate( &m_allman_sha1ctx, sTemp.c_str(), sTemp.size() ); |
||
107 | + EVP_SignUpdate( m_allman_sha1ctx, sTemp.c_str(), sTemp.size() ); |
||
108 | } |
||
109 | |||
110 | bio = BIO_new_mem_buf(szPrivKey, -1); |
||
111 | @@ -966,11 +971,11 @@ int CDKIMSign::ConstructSignature( char* |
||
112 | |||
113 | if( bUseIetfBodyHash ) |
||
114 | { |
||
115 | - nSignRet = EVP_SignFinal( bUseSha256 ? &m_Hdr_ietf_sha256ctx : &m_Hdr_ietf_sha1ctx, sig, &siglen, pkey); |
||
116 | + nSignRet = EVP_SignFinal( bUseSha256 ? m_Hdr_ietf_sha256ctx : m_Hdr_ietf_sha1ctx, sig, &siglen, pkey); |
||
117 | } |
||
118 | else |
||
119 | { |
||
120 | - nSignRet = EVP_SignFinal( &m_allman_sha1ctx, sig, &siglen, pkey); |
||
121 | + nSignRet = EVP_SignFinal( m_allman_sha1ctx, sig, &siglen, pkey); |
||
122 | } |
||
123 | |||
124 | EVP_PKEY_free(pkey); |
||
125 | --- a/src/dkimsign.h |
||
126 | +++ b/src/dkimsign.h |
||
127 | @@ -60,13 +60,13 @@ protected: |
||
128 | |||
129 | int AssembleReturnedSig( char* szPrivKey ); |
||
130 | |||
131 | - EVP_MD_CTX m_Hdr_ietf_sha1ctx; /* the header hash for ietf sha1 */ |
||
132 | - EVP_MD_CTX m_Hdr_ietf_sha256ctx; /* the header hash for ietf sha256 */ |
||
133 | + EVP_MD_CTX *m_Hdr_ietf_sha1ctx; /* the header hash for ietf sha1 */ |
||
134 | + EVP_MD_CTX *m_Hdr_ietf_sha256ctx; /* the header hash for ietf sha256 */ |
||
135 | |||
136 | - EVP_MD_CTX m_Bdy_ietf_sha1ctx; /* the body hash for ietf sha1 */ |
||
137 | - EVP_MD_CTX m_Bdy_ietf_sha256ctx; /* the body hash for ietf sha256 */ |
||
138 | + EVP_MD_CTX *m_Bdy_ietf_sha1ctx; /* the body hash for ietf sha1 */ |
||
139 | + EVP_MD_CTX *m_Bdy_ietf_sha256ctx; /* the body hash for ietf sha256 */ |
||
140 | |||
141 | - EVP_MD_CTX m_allman_sha1ctx; /* the hash for allman sha1 */ |
||
142 | + EVP_MD_CTX *m_allman_sha1ctx; /* the hash for allman sha1 */ |
||
143 | |||
144 | int m_Canon; // canonization method |
||
145 | |||
146 | --- a/src/dkimverify.cpp |
||
147 | +++ b/src/dkimverify.cpp |
||
148 | @@ -43,8 +43,8 @@ SignatureInfo::SignatureInfo(bool s) |
||
149 | { |
||
150 | VerifiedBodyCount = 0; |
||
151 | UnverifiedBodyCount = 0; |
||
152 | - EVP_MD_CTX_init( &m_Hdr_ctx ); |
||
153 | - EVP_MD_CTX_init( &m_Bdy_ctx ); |
||
154 | + m_Hdr_ctx = EVP_MD_CTX_create(); |
||
155 | + m_Bdy_ctx = EVP_MD_CTX_create(); |
||
156 | m_pSelector = NULL; |
||
157 | Status = DKIM_SUCCESS; |
||
158 | m_nHash = 0; |
||
159 | @@ -52,10 +52,25 @@ SignatureInfo::SignatureInfo(bool s) |
||
160 | m_SaveCanonicalizedData = s; |
||
161 | } |
||
162 | |||
163 | +SignatureInfo::SignatureInfo(const SignatureInfo& orig) |
||
164 | + : VerifiedBodyCount(orig.VerifiedBodyCount), |
||
165 | + UnverifiedBodyCount(orig.UnverifiedBodyCount), |
||
166 | + m_pSelector(orig.m_pSelector), |
||
167 | + Status(orig.Status), |
||
168 | + m_nHash(orig.m_nHash), |
||
169 | + EmptyLineCount(orig.EmptyLineCount), |
||
170 | + m_SaveCanonicalizedData(orig.m_SaveCanonicalizedData) |
||
171 | +{ |
||
172 | + m_Hdr_ctx = EVP_MD_CTX_create(); |
||
173 | + EVP_MD_CTX_copy_ex(m_Hdr_ctx, orig.m_Hdr_ctx); |
||
174 | + m_Bdy_ctx = EVP_MD_CTX_create(); |
||
175 | + EVP_MD_CTX_copy_ex(m_Bdy_ctx, orig.m_Bdy_ctx); |
||
176 | +} |
||
177 | + |
||
178 | SignatureInfo::~SignatureInfo() |
||
179 | { |
||
180 | - EVP_MD_CTX_cleanup( &m_Hdr_ctx ); |
||
181 | - EVP_MD_CTX_cleanup( &m_Bdy_ctx ); |
||
182 | + EVP_MD_CTX_destroy( m_Hdr_ctx ); |
||
183 | + EVP_MD_CTX_destroy( m_Bdy_ctx ); |
||
184 | } |
||
185 | |||
186 | |||
187 | @@ -459,7 +474,7 @@ int CDKIMVerify::GetResults(void) |
||
188 | unsigned char md[EVP_MAX_MD_SIZE]; |
||
189 | unsigned len = 0; |
||
190 | |||
191 | - int res = EVP_DigestFinal( &i->m_Bdy_ctx, md, &len); |
||
192 | + int res = EVP_DigestFinal( i->m_Bdy_ctx, md, &len); |
||
193 | |||
194 | if (!res || len != i->BodyHashData.length() || memcmp(i->BodyHashData.data(), md, len) != 0) |
||
195 | { |
||
196 | @@ -515,7 +530,7 @@ int CDKIMVerify::GetResults(void) |
||
197 | |||
198 | assert( i->m_pSelector != NULL ); |
||
199 | |||
200 | - int res = EVP_VerifyFinal( &i->m_Hdr_ctx, (unsigned char *) i->SignatureData.data(), i->SignatureData.length(), i->m_pSelector->PublicKey); |
||
201 | + int res = EVP_VerifyFinal( i->m_Hdr_ctx, (unsigned char *) i->SignatureData.data(), i->SignatureData.length(), i->m_pSelector->PublicKey); |
||
202 | |||
203 | if (res == 1) |
||
204 | { |
||
205 | @@ -658,11 +673,11 @@ void SignatureInfo::Hash( const char* sz |
||
206 | |||
207 | if (IsBody && !BodyHashData.empty()) |
||
208 | { |
||
209 | - EVP_DigestUpdate( &m_Bdy_ctx, szBuffer, nBufLength ); |
||
210 | + EVP_DigestUpdate( m_Bdy_ctx, szBuffer, nBufLength ); |
||
211 | } |
||
212 | else |
||
213 | { |
||
214 | - EVP_VerifyUpdate( &m_Hdr_ctx, szBuffer, nBufLength ); |
||
215 | + EVP_VerifyUpdate( m_Hdr_ctx, szBuffer, nBufLength ); |
||
216 | } |
||
217 | |||
218 | if (m_SaveCanonicalizedData) |
||
219 | @@ -741,13 +756,13 @@ int CDKIMVerify::ProcessHeaders(void) |
||
220 | // initialize the hashes |
||
221 | if (sig.m_nHash == DKIM_HASH_SHA256) |
||
222 | { |
||
223 | - EVP_VerifyInit( &sig.m_Hdr_ctx, EVP_sha256() ); |
||
224 | - EVP_DigestInit( &sig.m_Bdy_ctx, EVP_sha256() ); |
||
225 | + EVP_VerifyInit( sig.m_Hdr_ctx, EVP_sha256() ); |
||
226 | + EVP_DigestInit( sig.m_Bdy_ctx, EVP_sha256() ); |
||
227 | } |
||
228 | else |
||
229 | { |
||
230 | - EVP_VerifyInit( &sig.m_Hdr_ctx, EVP_sha1() ); |
||
231 | - EVP_DigestInit( &sig.m_Bdy_ctx, EVP_sha1() ); |
||
232 | + EVP_VerifyInit( sig.m_Hdr_ctx, EVP_sha1() ); |
||
233 | + EVP_DigestInit( sig.m_Bdy_ctx, EVP_sha1() ); |
||
234 | } |
||
235 | |||
236 | // compute the hash of the header |
||
237 | @@ -1343,7 +1358,7 @@ int SelectorInfo::Parse( char* Buffer ) |
||
238 | return DKIM_SELECTOR_PUBLIC_KEY_INVALID; |
||
239 | |||
240 | // make sure public key is the correct type (we only support rsa) |
||
241 | - if (pkey->type == EVP_PKEY_RSA || pkey->type == EVP_PKEY_RSA2) |
||
242 | + if (EVP_PKEY_base_id(pkey) == EVP_PKEY_RSA) |
||
243 | { |
||
244 | PublicKey = pkey; |
||
245 | } |
||
246 | --- a/src/dkimverify.h |
||
247 | +++ b/src/dkimverify.h |
||
248 | @@ -61,6 +61,7 @@ class SignatureInfo |
||
249 | { |
||
250 | public: |
||
251 | SignatureInfo(bool SaveCanonicalizedData); |
||
252 | + SignatureInfo(const SignatureInfo& orig); |
||
253 | ~SignatureInfo(); |
||
254 | |||
255 | void Hash( const char* szBuffer, unsigned nBufLength, bool IsBody=false ); |
||
256 | @@ -83,8 +84,8 @@ public: |
||
257 | unsigned VerifiedBodyCount; |
||
258 | unsigned UnverifiedBodyCount; |
||
259 | |||
260 | - EVP_MD_CTX m_Hdr_ctx; |
||
261 | - EVP_MD_CTX m_Bdy_ctx; |
||
262 | + EVP_MD_CTX *m_Hdr_ctx; |
||
263 | + EVP_MD_CTX *m_Bdy_ctx; |
||
264 | SelectorInfo *m_pSelector; |
||
265 | |||
266 | int Status; |