Details | Last modification | View Log | RSS feed
| Rev | Author | Line No. | Line |
|---|---|---|---|
| 57 | magnus | 1 | Description: Support new OpenSSL 1.1 API |
| 2 | Use pointers instead of full struct members, and accessor function |
||
| 3 | EVP_PKEY_base_id() to get base type instead of comparing several |
||
| 4 | possible method IDs. We also need a copy constructor for SignatureInfo. |
||
| 5 | TODO: OOM error handling? Complex in C++ constructors. |
||
| 6 | Bug: https://bugs.debian.org/828392 |
||
| 7 | |||
| 8 | --- a/src/dkimsign.cpp |
||
| 9 | +++ b/src/dkimsign.cpp |
||
| 10 | @@ -41,20 +41,25 @@ CDKIMSign::CDKIMSign() |
||
| 11 | m_EmptyLineCount = 0; |
||
| 12 | m_pfnHdrCallback = NULL; |
||
| 13 | |||
| 14 | - EVP_SignInit( &m_allman_sha1ctx, EVP_sha1() ); |
||
| 15 | - EVP_SignInit( &m_Hdr_ietf_sha1ctx, EVP_sha1() ); |
||
| 16 | - EVP_SignInit( &m_Hdr_ietf_sha256ctx, EVP_sha256() ); |
||
| 17 | - EVP_DigestInit( &m_Bdy_ietf_sha1ctx, EVP_sha1() ); |
||
| 18 | - EVP_DigestInit( &m_Bdy_ietf_sha256ctx, EVP_sha256() ); |
||
| 19 | + m_allman_sha1ctx = EVP_MD_CTX_create(); |
||
| 20 | + EVP_SignInit( m_allman_sha1ctx, EVP_sha1() ); |
||
| 21 | + m_Hdr_ietf_sha1ctx = EVP_MD_CTX_create(); |
||
| 22 | + EVP_SignInit( m_Hdr_ietf_sha1ctx, EVP_sha1() ); |
||
| 23 | + m_Hdr_ietf_sha256ctx = EVP_MD_CTX_create(); |
||
| 24 | + EVP_SignInit( m_Hdr_ietf_sha256ctx, EVP_sha256() ); |
||
| 25 | + m_Bdy_ietf_sha1ctx = EVP_MD_CTX_create(); |
||
| 26 | + EVP_DigestInit( m_Bdy_ietf_sha1ctx, EVP_sha1() ); |
||
| 27 | + m_Bdy_ietf_sha256ctx = EVP_MD_CTX_create(); |
||
| 28 | + EVP_DigestInit( m_Bdy_ietf_sha256ctx, EVP_sha256() ); |
||
| 29 | } |
||
| 30 | |||
| 31 | CDKIMSign::~CDKIMSign() |
||
| 32 | { |
||
| 33 | - EVP_MD_CTX_cleanup( &m_allman_sha1ctx ); |
||
| 34 | - EVP_MD_CTX_cleanup( &m_Hdr_ietf_sha1ctx ); |
||
| 35 | - EVP_MD_CTX_cleanup( &m_Hdr_ietf_sha256ctx ); |
||
| 36 | - EVP_MD_CTX_cleanup( &m_Bdy_ietf_sha1ctx ); |
||
| 37 | - EVP_MD_CTX_cleanup( &m_Bdy_ietf_sha256ctx ); |
||
| 38 | + EVP_MD_CTX_destroy( m_allman_sha1ctx ); |
||
| 39 | + EVP_MD_CTX_destroy( m_Hdr_ietf_sha1ctx ); |
||
| 40 | + EVP_MD_CTX_destroy( m_Hdr_ietf_sha256ctx ); |
||
| 41 | + EVP_MD_CTX_destroy( m_Bdy_ietf_sha1ctx ); |
||
| 42 | + EVP_MD_CTX_destroy( m_Bdy_ietf_sha256ctx ); |
||
| 43 | } |
||
| 44 | |||
| 45 | //////////////////////////////////////////////////////////////////////////////// |
||
| 46 | @@ -150,34 +155,34 @@ void CDKIMSign::Hash( const char* szBuff |
||
| 47 | { |
||
| 48 | if( m_nIncludeBodyHash & DKIM_BODYHASH_ALLMAN_1 ) |
||
| 49 | { |
||
| 50 | - EVP_SignUpdate( &m_allman_sha1ctx, szBuffer, nBufLength ); |
||
| 51 | + EVP_SignUpdate( m_allman_sha1ctx, szBuffer, nBufLength ); |
||
| 52 | } |
||
| 53 | } |
||
| 54 | else |
||
| 55 | { |
||
| 56 | if( m_nIncludeBodyHash < DKIM_BODYHASH_IETF_1 ) |
||
| 57 | { |
||
| 58 | - EVP_SignUpdate( &m_allman_sha1ctx, szBuffer, nBufLength ); |
||
| 59 | + EVP_SignUpdate( m_allman_sha1ctx, szBuffer, nBufLength ); |
||
| 60 | } |
||
| 61 | else if( m_nIncludeBodyHash & DKIM_BODYHASH_IETF_1 ) |
||
| 62 | { |
||
| 63 | if( m_nIncludeBodyHash & DKIM_BODYHASH_ALLMAN_1 ) |
||
| 64 | { |
||
| 65 | - EVP_SignUpdate( &m_allman_sha1ctx, szBuffer, nBufLength ); |
||
| 66 | + EVP_SignUpdate( m_allman_sha1ctx, szBuffer, nBufLength ); |
||
| 67 | } |
||
| 68 | if( m_nHash & DKIM_HASH_SHA256 ) |
||
| 69 | { |
||
| 70 | if( bHdr ) |
||
| 71 | - EVP_SignUpdate( &m_Hdr_ietf_sha256ctx, szBuffer, nBufLength ); |
||
| 72 | + EVP_SignUpdate( m_Hdr_ietf_sha256ctx, szBuffer, nBufLength ); |
||
| 73 | else |
||
| 74 | - EVP_DigestUpdate( &m_Bdy_ietf_sha256ctx, szBuffer, nBufLength ); |
||
| 75 | + EVP_DigestUpdate( m_Bdy_ietf_sha256ctx, szBuffer, nBufLength ); |
||
| 76 | } |
||
| 77 | if( m_nHash != DKIM_HASH_SHA256 ) |
||
| 78 | { |
||
| 79 | if( bHdr ) |
||
| 80 | - EVP_SignUpdate( &m_Hdr_ietf_sha1ctx, szBuffer, nBufLength ); |
||
| 81 | + EVP_SignUpdate( m_Hdr_ietf_sha1ctx, szBuffer, nBufLength ); |
||
| 82 | else |
||
| 83 | - EVP_DigestUpdate( &m_Bdy_ietf_sha1ctx, szBuffer, nBufLength ); |
||
| 84 | + EVP_DigestUpdate( m_Bdy_ietf_sha1ctx, szBuffer, nBufLength ); |
||
| 85 | } |
||
| 86 | } |
||
| 87 | } |
||
| 88 | @@ -864,7 +869,7 @@ int CDKIMSign::ConstructSignature( char* |
||
| 89 | unsigned char Hash[EVP_MAX_MD_SIZE]; |
||
| 90 | unsigned int nHashLen = 0; |
||
| 91 | |||
| 92 | - EVP_DigestFinal( bUseSha256 ? &m_Bdy_ietf_sha256ctx : &m_Bdy_ietf_sha1ctx, Hash, &nHashLen ); |
||
| 93 | + EVP_DigestFinal( bUseSha256 ? m_Bdy_ietf_sha256ctx : m_Bdy_ietf_sha1ctx, Hash, &nHashLen ); |
||
| 94 | |||
| 95 | bio = BIO_new(BIO_s_mem()); |
||
| 96 | if (!bio) { |
||
| 97 | @@ -935,11 +940,11 @@ int CDKIMSign::ConstructSignature( char* |
||
| 98 | |||
| 99 | if( bUseIetfBodyHash ) |
||
| 100 | { |
||
| 101 | - EVP_SignUpdate( bUseSha256 ? &m_Hdr_ietf_sha256ctx : &m_Hdr_ietf_sha1ctx, sTemp.c_str(), sTemp.size() ); |
||
| 102 | + EVP_SignUpdate( bUseSha256 ? m_Hdr_ietf_sha256ctx : m_Hdr_ietf_sha1ctx, sTemp.c_str(), sTemp.size() ); |
||
| 103 | } |
||
| 104 | else |
||
| 105 | { |
||
| 106 | - EVP_SignUpdate( &m_allman_sha1ctx, sTemp.c_str(), sTemp.size() ); |
||
| 107 | + EVP_SignUpdate( m_allman_sha1ctx, sTemp.c_str(), sTemp.size() ); |
||
| 108 | } |
||
| 109 | |||
| 110 | bio = BIO_new_mem_buf(szPrivKey, -1); |
||
| 111 | @@ -966,11 +971,11 @@ int CDKIMSign::ConstructSignature( char* |
||
| 112 | |||
| 113 | if( bUseIetfBodyHash ) |
||
| 114 | { |
||
| 115 | - nSignRet = EVP_SignFinal( bUseSha256 ? &m_Hdr_ietf_sha256ctx : &m_Hdr_ietf_sha1ctx, sig, &siglen, pkey); |
||
| 116 | + nSignRet = EVP_SignFinal( bUseSha256 ? m_Hdr_ietf_sha256ctx : m_Hdr_ietf_sha1ctx, sig, &siglen, pkey); |
||
| 117 | } |
||
| 118 | else |
||
| 119 | { |
||
| 120 | - nSignRet = EVP_SignFinal( &m_allman_sha1ctx, sig, &siglen, pkey); |
||
| 121 | + nSignRet = EVP_SignFinal( m_allman_sha1ctx, sig, &siglen, pkey); |
||
| 122 | } |
||
| 123 | |||
| 124 | EVP_PKEY_free(pkey); |
||
| 125 | --- a/src/dkimsign.h |
||
| 126 | +++ b/src/dkimsign.h |
||
| 127 | @@ -60,13 +60,13 @@ protected: |
||
| 128 | |||
| 129 | int AssembleReturnedSig( char* szPrivKey ); |
||
| 130 | |||
| 131 | - EVP_MD_CTX m_Hdr_ietf_sha1ctx; /* the header hash for ietf sha1 */ |
||
| 132 | - EVP_MD_CTX m_Hdr_ietf_sha256ctx; /* the header hash for ietf sha256 */ |
||
| 133 | + EVP_MD_CTX *m_Hdr_ietf_sha1ctx; /* the header hash for ietf sha1 */ |
||
| 134 | + EVP_MD_CTX *m_Hdr_ietf_sha256ctx; /* the header hash for ietf sha256 */ |
||
| 135 | |||
| 136 | - EVP_MD_CTX m_Bdy_ietf_sha1ctx; /* the body hash for ietf sha1 */ |
||
| 137 | - EVP_MD_CTX m_Bdy_ietf_sha256ctx; /* the body hash for ietf sha256 */ |
||
| 138 | + EVP_MD_CTX *m_Bdy_ietf_sha1ctx; /* the body hash for ietf sha1 */ |
||
| 139 | + EVP_MD_CTX *m_Bdy_ietf_sha256ctx; /* the body hash for ietf sha256 */ |
||
| 140 | |||
| 141 | - EVP_MD_CTX m_allman_sha1ctx; /* the hash for allman sha1 */ |
||
| 142 | + EVP_MD_CTX *m_allman_sha1ctx; /* the hash for allman sha1 */ |
||
| 143 | |||
| 144 | int m_Canon; // canonization method |
||
| 145 | |||
| 146 | --- a/src/dkimverify.cpp |
||
| 147 | +++ b/src/dkimverify.cpp |
||
| 148 | @@ -43,8 +43,8 @@ SignatureInfo::SignatureInfo(bool s) |
||
| 149 | { |
||
| 150 | VerifiedBodyCount = 0; |
||
| 151 | UnverifiedBodyCount = 0; |
||
| 152 | - EVP_MD_CTX_init( &m_Hdr_ctx ); |
||
| 153 | - EVP_MD_CTX_init( &m_Bdy_ctx ); |
||
| 154 | + m_Hdr_ctx = EVP_MD_CTX_create(); |
||
| 155 | + m_Bdy_ctx = EVP_MD_CTX_create(); |
||
| 156 | m_pSelector = NULL; |
||
| 157 | Status = DKIM_SUCCESS; |
||
| 158 | m_nHash = 0; |
||
| 159 | @@ -52,10 +52,25 @@ SignatureInfo::SignatureInfo(bool s) |
||
| 160 | m_SaveCanonicalizedData = s; |
||
| 161 | } |
||
| 162 | |||
| 163 | +SignatureInfo::SignatureInfo(const SignatureInfo& orig) |
||
| 164 | + : VerifiedBodyCount(orig.VerifiedBodyCount), |
||
| 165 | + UnverifiedBodyCount(orig.UnverifiedBodyCount), |
||
| 166 | + m_pSelector(orig.m_pSelector), |
||
| 167 | + Status(orig.Status), |
||
| 168 | + m_nHash(orig.m_nHash), |
||
| 169 | + EmptyLineCount(orig.EmptyLineCount), |
||
| 170 | + m_SaveCanonicalizedData(orig.m_SaveCanonicalizedData) |
||
| 171 | +{ |
||
| 172 | + m_Hdr_ctx = EVP_MD_CTX_create(); |
||
| 173 | + EVP_MD_CTX_copy_ex(m_Hdr_ctx, orig.m_Hdr_ctx); |
||
| 174 | + m_Bdy_ctx = EVP_MD_CTX_create(); |
||
| 175 | + EVP_MD_CTX_copy_ex(m_Bdy_ctx, orig.m_Bdy_ctx); |
||
| 176 | +} |
||
| 177 | + |
||
| 178 | SignatureInfo::~SignatureInfo() |
||
| 179 | { |
||
| 180 | - EVP_MD_CTX_cleanup( &m_Hdr_ctx ); |
||
| 181 | - EVP_MD_CTX_cleanup( &m_Bdy_ctx ); |
||
| 182 | + EVP_MD_CTX_destroy( m_Hdr_ctx ); |
||
| 183 | + EVP_MD_CTX_destroy( m_Bdy_ctx ); |
||
| 184 | } |
||
| 185 | |||
| 186 | |||
| 187 | @@ -459,7 +474,7 @@ int CDKIMVerify::GetResults(void) |
||
| 188 | unsigned char md[EVP_MAX_MD_SIZE]; |
||
| 189 | unsigned len = 0; |
||
| 190 | |||
| 191 | - int res = EVP_DigestFinal( &i->m_Bdy_ctx, md, &len); |
||
| 192 | + int res = EVP_DigestFinal( i->m_Bdy_ctx, md, &len); |
||
| 193 | |||
| 194 | if (!res || len != i->BodyHashData.length() || memcmp(i->BodyHashData.data(), md, len) != 0) |
||
| 195 | { |
||
| 196 | @@ -515,7 +530,7 @@ int CDKIMVerify::GetResults(void) |
||
| 197 | |||
| 198 | assert( i->m_pSelector != NULL ); |
||
| 199 | |||
| 200 | - int res = EVP_VerifyFinal( &i->m_Hdr_ctx, (unsigned char *) i->SignatureData.data(), i->SignatureData.length(), i->m_pSelector->PublicKey); |
||
| 201 | + int res = EVP_VerifyFinal( i->m_Hdr_ctx, (unsigned char *) i->SignatureData.data(), i->SignatureData.length(), i->m_pSelector->PublicKey); |
||
| 202 | |||
| 203 | if (res == 1) |
||
| 204 | { |
||
| 205 | @@ -658,11 +673,11 @@ void SignatureInfo::Hash( const char* sz |
||
| 206 | |||
| 207 | if (IsBody && !BodyHashData.empty()) |
||
| 208 | { |
||
| 209 | - EVP_DigestUpdate( &m_Bdy_ctx, szBuffer, nBufLength ); |
||
| 210 | + EVP_DigestUpdate( m_Bdy_ctx, szBuffer, nBufLength ); |
||
| 211 | } |
||
| 212 | else |
||
| 213 | { |
||
| 214 | - EVP_VerifyUpdate( &m_Hdr_ctx, szBuffer, nBufLength ); |
||
| 215 | + EVP_VerifyUpdate( m_Hdr_ctx, szBuffer, nBufLength ); |
||
| 216 | } |
||
| 217 | |||
| 218 | if (m_SaveCanonicalizedData) |
||
| 219 | @@ -741,13 +756,13 @@ int CDKIMVerify::ProcessHeaders(void) |
||
| 220 | // initialize the hashes |
||
| 221 | if (sig.m_nHash == DKIM_HASH_SHA256) |
||
| 222 | { |
||
| 223 | - EVP_VerifyInit( &sig.m_Hdr_ctx, EVP_sha256() ); |
||
| 224 | - EVP_DigestInit( &sig.m_Bdy_ctx, EVP_sha256() ); |
||
| 225 | + EVP_VerifyInit( sig.m_Hdr_ctx, EVP_sha256() ); |
||
| 226 | + EVP_DigestInit( sig.m_Bdy_ctx, EVP_sha256() ); |
||
| 227 | } |
||
| 228 | else |
||
| 229 | { |
||
| 230 | - EVP_VerifyInit( &sig.m_Hdr_ctx, EVP_sha1() ); |
||
| 231 | - EVP_DigestInit( &sig.m_Bdy_ctx, EVP_sha1() ); |
||
| 232 | + EVP_VerifyInit( sig.m_Hdr_ctx, EVP_sha1() ); |
||
| 233 | + EVP_DigestInit( sig.m_Bdy_ctx, EVP_sha1() ); |
||
| 234 | } |
||
| 235 | |||
| 236 | // compute the hash of the header |
||
| 237 | @@ -1343,7 +1358,7 @@ int SelectorInfo::Parse( char* Buffer ) |
||
| 238 | return DKIM_SELECTOR_PUBLIC_KEY_INVALID; |
||
| 239 | |||
| 240 | // make sure public key is the correct type (we only support rsa) |
||
| 241 | - if (pkey->type == EVP_PKEY_RSA || pkey->type == EVP_PKEY_RSA2) |
||
| 242 | + if (EVP_PKEY_base_id(pkey) == EVP_PKEY_RSA) |
||
| 243 | { |
||
| 244 | PublicKey = pkey; |
||
| 245 | } |
||
| 246 | --- a/src/dkimverify.h |
||
| 247 | +++ b/src/dkimverify.h |
||
| 248 | @@ -61,6 +61,7 @@ class SignatureInfo |
||
| 249 | { |
||
| 250 | public: |
||
| 251 | SignatureInfo(bool SaveCanonicalizedData); |
||
| 252 | + SignatureInfo(const SignatureInfo& orig); |
||
| 253 | ~SignatureInfo(); |
||
| 254 | |||
| 255 | void Hash( const char* szBuffer, unsigned nBufLength, bool IsBody=false ); |
||
| 256 | @@ -83,8 +84,8 @@ public: |
||
| 257 | unsigned VerifiedBodyCount; |
||
| 258 | unsigned UnverifiedBodyCount; |
||
| 259 | |||
| 260 | - EVP_MD_CTX m_Hdr_ctx; |
||
| 261 | - EVP_MD_CTX m_Bdy_ctx; |
||
| 262 | + EVP_MD_CTX *m_Hdr_ctx; |
||
| 263 | + EVP_MD_CTX *m_Bdy_ctx; |
||
| 264 | SelectorInfo *m_pSelector; |
||
| 265 | |||
| 266 | int Status; |