Subversion Repositories libdkim

Compare Revisions

Ignore whitespace Rev 56 → Rev 57

/trunk/debian/changelog
1,7 → 1,9
libdkim (1:1.0.21-4) unstable; urgency=low
libdkim (1:1.0.21-4) unstable; urgency=medium
 
* fix_warnings.patch: fix narrowing conversion in DecodeBase64()
(Closes: #811734).
* openssl1.1.patch (new): Support OpenSSL 1.1 API changes (Closes:
#828392).
 
-- Magnus Holmgren <holmgren@debian.org> Sat, 02 Jul 2016 17:32:44 +0200
 
/trunk/debian/patches/openssl1.1.patch
0,0 → 1,266
Description: Support new OpenSSL 1.1 API
Use pointers instead of full struct members, and accessor function
EVP_PKEY_base_id() to get base type instead of comparing several
possible method IDs. We also need a copy constructor for SignatureInfo.
TODO: OOM error handling? Complex in C++ constructors.
Bug: https://bugs.debian.org/828392
 
--- a/src/dkimsign.cpp
+++ b/src/dkimsign.cpp
@@ -41,20 +41,25 @@ CDKIMSign::CDKIMSign()
m_EmptyLineCount = 0;
m_pfnHdrCallback = NULL;
- EVP_SignInit( &m_allman_sha1ctx, EVP_sha1() );
- EVP_SignInit( &m_Hdr_ietf_sha1ctx, EVP_sha1() );
- EVP_SignInit( &m_Hdr_ietf_sha256ctx, EVP_sha256() );
- EVP_DigestInit( &m_Bdy_ietf_sha1ctx, EVP_sha1() );
- EVP_DigestInit( &m_Bdy_ietf_sha256ctx, EVP_sha256() );
+ m_allman_sha1ctx = EVP_MD_CTX_create();
+ EVP_SignInit( m_allman_sha1ctx, EVP_sha1() );
+ m_Hdr_ietf_sha1ctx = EVP_MD_CTX_create();
+ EVP_SignInit( m_Hdr_ietf_sha1ctx, EVP_sha1() );
+ m_Hdr_ietf_sha256ctx = EVP_MD_CTX_create();
+ EVP_SignInit( m_Hdr_ietf_sha256ctx, EVP_sha256() );
+ m_Bdy_ietf_sha1ctx = EVP_MD_CTX_create();
+ EVP_DigestInit( m_Bdy_ietf_sha1ctx, EVP_sha1() );
+ m_Bdy_ietf_sha256ctx = EVP_MD_CTX_create();
+ EVP_DigestInit( m_Bdy_ietf_sha256ctx, EVP_sha256() );
}
CDKIMSign::~CDKIMSign()
{
- EVP_MD_CTX_cleanup( &m_allman_sha1ctx );
- EVP_MD_CTX_cleanup( &m_Hdr_ietf_sha1ctx );
- EVP_MD_CTX_cleanup( &m_Hdr_ietf_sha256ctx );
- EVP_MD_CTX_cleanup( &m_Bdy_ietf_sha1ctx );
- EVP_MD_CTX_cleanup( &m_Bdy_ietf_sha256ctx );
+ EVP_MD_CTX_destroy( m_allman_sha1ctx );
+ EVP_MD_CTX_destroy( m_Hdr_ietf_sha1ctx );
+ EVP_MD_CTX_destroy( m_Hdr_ietf_sha256ctx );
+ EVP_MD_CTX_destroy( m_Bdy_ietf_sha1ctx );
+ EVP_MD_CTX_destroy( m_Bdy_ietf_sha256ctx );
}
////////////////////////////////////////////////////////////////////////////////
@@ -150,34 +155,34 @@ void CDKIMSign::Hash( const char* szBuff
{
if( m_nIncludeBodyHash & DKIM_BODYHASH_ALLMAN_1 )
{
- EVP_SignUpdate( &m_allman_sha1ctx, szBuffer, nBufLength );
+ EVP_SignUpdate( m_allman_sha1ctx, szBuffer, nBufLength );
}
}
else
{
if( m_nIncludeBodyHash < DKIM_BODYHASH_IETF_1 )
{
- EVP_SignUpdate( &m_allman_sha1ctx, szBuffer, nBufLength );
+ EVP_SignUpdate( m_allman_sha1ctx, szBuffer, nBufLength );
}
else if( m_nIncludeBodyHash & DKIM_BODYHASH_IETF_1 )
{
if( m_nIncludeBodyHash & DKIM_BODYHASH_ALLMAN_1 )
{
- EVP_SignUpdate( &m_allman_sha1ctx, szBuffer, nBufLength );
+ EVP_SignUpdate( m_allman_sha1ctx, szBuffer, nBufLength );
}
if( m_nHash & DKIM_HASH_SHA256 )
{
if( bHdr )
- EVP_SignUpdate( &m_Hdr_ietf_sha256ctx, szBuffer, nBufLength );
+ EVP_SignUpdate( m_Hdr_ietf_sha256ctx, szBuffer, nBufLength );
else
- EVP_DigestUpdate( &m_Bdy_ietf_sha256ctx, szBuffer, nBufLength );
+ EVP_DigestUpdate( m_Bdy_ietf_sha256ctx, szBuffer, nBufLength );
}
if( m_nHash != DKIM_HASH_SHA256 )
{
if( bHdr )
- EVP_SignUpdate( &m_Hdr_ietf_sha1ctx, szBuffer, nBufLength );
+ EVP_SignUpdate( m_Hdr_ietf_sha1ctx, szBuffer, nBufLength );
else
- EVP_DigestUpdate( &m_Bdy_ietf_sha1ctx, szBuffer, nBufLength );
+ EVP_DigestUpdate( m_Bdy_ietf_sha1ctx, szBuffer, nBufLength );
}
}
}
@@ -864,7 +869,7 @@ int CDKIMSign::ConstructSignature( char*
unsigned char Hash[EVP_MAX_MD_SIZE];
unsigned int nHashLen = 0;
- EVP_DigestFinal( bUseSha256 ? &m_Bdy_ietf_sha256ctx : &m_Bdy_ietf_sha1ctx, Hash, &nHashLen );
+ EVP_DigestFinal( bUseSha256 ? m_Bdy_ietf_sha256ctx : m_Bdy_ietf_sha1ctx, Hash, &nHashLen );
bio = BIO_new(BIO_s_mem());
if (!bio) {
@@ -935,11 +940,11 @@ int CDKIMSign::ConstructSignature( char*
if( bUseIetfBodyHash )
{
- EVP_SignUpdate( bUseSha256 ? &m_Hdr_ietf_sha256ctx : &m_Hdr_ietf_sha1ctx, sTemp.c_str(), sTemp.size() );
+ EVP_SignUpdate( bUseSha256 ? m_Hdr_ietf_sha256ctx : m_Hdr_ietf_sha1ctx, sTemp.c_str(), sTemp.size() );
}
else
{
- EVP_SignUpdate( &m_allman_sha1ctx, sTemp.c_str(), sTemp.size() );
+ EVP_SignUpdate( m_allman_sha1ctx, sTemp.c_str(), sTemp.size() );
}
bio = BIO_new_mem_buf(szPrivKey, -1);
@@ -966,11 +971,11 @@ int CDKIMSign::ConstructSignature( char*
if( bUseIetfBodyHash )
{
- nSignRet = EVP_SignFinal( bUseSha256 ? &m_Hdr_ietf_sha256ctx : &m_Hdr_ietf_sha1ctx, sig, &siglen, pkey);
+ nSignRet = EVP_SignFinal( bUseSha256 ? m_Hdr_ietf_sha256ctx : m_Hdr_ietf_sha1ctx, sig, &siglen, pkey);
}
else
{
- nSignRet = EVP_SignFinal( &m_allman_sha1ctx, sig, &siglen, pkey);
+ nSignRet = EVP_SignFinal( m_allman_sha1ctx, sig, &siglen, pkey);
}
EVP_PKEY_free(pkey);
--- a/src/dkimsign.h
+++ b/src/dkimsign.h
@@ -60,13 +60,13 @@ protected:
int AssembleReturnedSig( char* szPrivKey );
- EVP_MD_CTX m_Hdr_ietf_sha1ctx; /* the header hash for ietf sha1 */
- EVP_MD_CTX m_Hdr_ietf_sha256ctx; /* the header hash for ietf sha256 */
+ EVP_MD_CTX *m_Hdr_ietf_sha1ctx; /* the header hash for ietf sha1 */
+ EVP_MD_CTX *m_Hdr_ietf_sha256ctx; /* the header hash for ietf sha256 */
- EVP_MD_CTX m_Bdy_ietf_sha1ctx; /* the body hash for ietf sha1 */
- EVP_MD_CTX m_Bdy_ietf_sha256ctx; /* the body hash for ietf sha256 */
+ EVP_MD_CTX *m_Bdy_ietf_sha1ctx; /* the body hash for ietf sha1 */
+ EVP_MD_CTX *m_Bdy_ietf_sha256ctx; /* the body hash for ietf sha256 */
- EVP_MD_CTX m_allman_sha1ctx; /* the hash for allman sha1 */
+ EVP_MD_CTX *m_allman_sha1ctx; /* the hash for allman sha1 */
int m_Canon; // canonization method
--- a/src/dkimverify.cpp
+++ b/src/dkimverify.cpp
@@ -43,8 +43,8 @@ SignatureInfo::SignatureInfo(bool s)
{
VerifiedBodyCount = 0;
UnverifiedBodyCount = 0;
- EVP_MD_CTX_init( &m_Hdr_ctx );
- EVP_MD_CTX_init( &m_Bdy_ctx );
+ m_Hdr_ctx = EVP_MD_CTX_create();
+ m_Bdy_ctx = EVP_MD_CTX_create();
m_pSelector = NULL;
Status = DKIM_SUCCESS;
m_nHash = 0;
@@ -52,10 +52,25 @@ SignatureInfo::SignatureInfo(bool s)
m_SaveCanonicalizedData = s;
}
+SignatureInfo::SignatureInfo(const SignatureInfo& orig)
+ : VerifiedBodyCount(orig.VerifiedBodyCount),
+ UnverifiedBodyCount(orig.UnverifiedBodyCount),
+ m_pSelector(orig.m_pSelector),
+ Status(orig.Status),
+ m_nHash(orig.m_nHash),
+ EmptyLineCount(orig.EmptyLineCount),
+ m_SaveCanonicalizedData(orig.m_SaveCanonicalizedData)
+{
+ m_Hdr_ctx = EVP_MD_CTX_create();
+ EVP_MD_CTX_copy_ex(m_Hdr_ctx, orig.m_Hdr_ctx);
+ m_Bdy_ctx = EVP_MD_CTX_create();
+ EVP_MD_CTX_copy_ex(m_Bdy_ctx, orig.m_Bdy_ctx);
+}
+
SignatureInfo::~SignatureInfo()
{
- EVP_MD_CTX_cleanup( &m_Hdr_ctx );
- EVP_MD_CTX_cleanup( &m_Bdy_ctx );
+ EVP_MD_CTX_destroy( m_Hdr_ctx );
+ EVP_MD_CTX_destroy( m_Bdy_ctx );
}
@@ -459,7 +474,7 @@ int CDKIMVerify::GetResults(void)
unsigned char md[EVP_MAX_MD_SIZE];
unsigned len = 0;
- int res = EVP_DigestFinal( &i->m_Bdy_ctx, md, &len);
+ int res = EVP_DigestFinal( i->m_Bdy_ctx, md, &len);
if (!res || len != i->BodyHashData.length() || memcmp(i->BodyHashData.data(), md, len) != 0)
{
@@ -515,7 +530,7 @@ int CDKIMVerify::GetResults(void)
assert( i->m_pSelector != NULL );
- int res = EVP_VerifyFinal( &i->m_Hdr_ctx, (unsigned char *) i->SignatureData.data(), i->SignatureData.length(), i->m_pSelector->PublicKey);
+ int res = EVP_VerifyFinal( i->m_Hdr_ctx, (unsigned char *) i->SignatureData.data(), i->SignatureData.length(), i->m_pSelector->PublicKey);
if (res == 1)
{
@@ -658,11 +673,11 @@ void SignatureInfo::Hash( const char* sz
if (IsBody && !BodyHashData.empty())
{
- EVP_DigestUpdate( &m_Bdy_ctx, szBuffer, nBufLength );
+ EVP_DigestUpdate( m_Bdy_ctx, szBuffer, nBufLength );
}
else
{
- EVP_VerifyUpdate( &m_Hdr_ctx, szBuffer, nBufLength );
+ EVP_VerifyUpdate( m_Hdr_ctx, szBuffer, nBufLength );
}
if (m_SaveCanonicalizedData)
@@ -741,13 +756,13 @@ int CDKIMVerify::ProcessHeaders(void)
// initialize the hashes
if (sig.m_nHash == DKIM_HASH_SHA256)
{
- EVP_VerifyInit( &sig.m_Hdr_ctx, EVP_sha256() );
- EVP_DigestInit( &sig.m_Bdy_ctx, EVP_sha256() );
+ EVP_VerifyInit( sig.m_Hdr_ctx, EVP_sha256() );
+ EVP_DigestInit( sig.m_Bdy_ctx, EVP_sha256() );
}
else
{
- EVP_VerifyInit( &sig.m_Hdr_ctx, EVP_sha1() );
- EVP_DigestInit( &sig.m_Bdy_ctx, EVP_sha1() );
+ EVP_VerifyInit( sig.m_Hdr_ctx, EVP_sha1() );
+ EVP_DigestInit( sig.m_Bdy_ctx, EVP_sha1() );
}
// compute the hash of the header
@@ -1343,7 +1358,7 @@ int SelectorInfo::Parse( char* Buffer )
return DKIM_SELECTOR_PUBLIC_KEY_INVALID;
// make sure public key is the correct type (we only support rsa)
- if (pkey->type == EVP_PKEY_RSA || pkey->type == EVP_PKEY_RSA2)
+ if (EVP_PKEY_base_id(pkey) == EVP_PKEY_RSA)
{
PublicKey = pkey;
}
--- a/src/dkimverify.h
+++ b/src/dkimverify.h
@@ -61,6 +61,7 @@ class SignatureInfo
{
public:
SignatureInfo(bool SaveCanonicalizedData);
+ SignatureInfo(const SignatureInfo& orig);
~SignatureInfo();
void Hash( const char* szBuffer, unsigned nBufLength, bool IsBody=false );
@@ -83,8 +84,8 @@ public:
unsigned VerifiedBodyCount;
unsigned UnverifiedBodyCount;
- EVP_MD_CTX m_Hdr_ctx;
- EVP_MD_CTX m_Bdy_ctx;
+ EVP_MD_CTX *m_Hdr_ctx;
+ EVP_MD_CTX *m_Bdy_ctx;
SelectorInfo *m_pSelector;
int Status;
/trunk/debian/patches/series
1,2 → 1,3
strtok_r.patch
fix_warnings.patch
openssl1.1.patch