Attachment #572360 for bug #674892

Lines 25-30 Link Here

(-)src.old/dkimbase.h (+5 lines)
25	#include <openssl/pem.h>	25	#include <openssl/pem.h>
26	#include <openssl/err.h>	26	#include <openssl/err.h>
27		27
		28	#if OPENSSL_VERSION_NUMBER < 0x10100000
		29	#define EVP_MD_CTX_new EVP_MD_CTX_create
		30	#define EVP_MD_CTX_free EVP_MD_CTX_destroy
		31	#endif
		32
28	#define BUFFER_ALLOC_INCREMENT 256	33	#define BUFFER_ALLOC_INCREMENT 256
29		34
30	#include <string>	35	#include <string>





#include <string.h>
#include <map>
#include <stdexcept>

#include "dkim.h"
#include "dkimsign.h"

	m_EmptyLineCount = 0;
	m_pfnHdrCallback = NULL;

	m_allman_sha1ctx = EVP_MD_CTX_new();
	if ( m_allman_sha1ctx == NULL )
		throw std::runtime_error("out of memory");
	EVP_SignInit( m_allman_sha1ctx, EVP_sha1() );
	m_Hdr_ietf_sha1ctx = EVP_MD_CTX_new();
	if ( m_Hdr_ietf_sha1ctx == NULL )
		throw std::runtime_error("out of memory");
	EVP_SignInit( m_Hdr_ietf_sha1ctx, EVP_sha1() );
	m_Hdr_ietf_sha256ctx = EVP_MD_CTX_new();
	if ( m_Hdr_ietf_sha256ctx == NULL )
		throw std::runtime_error("out of memory");
	EVP_SignInit( m_Hdr_ietf_sha256ctx, EVP_sha256() );
	m_Bdy_ietf_sha1ctx = EVP_MD_CTX_new();
	if ( m_Bdy_ietf_sha1ctx == NULL )
		throw std::runtime_error("out of memory");
	EVP_DigestInit( m_Bdy_ietf_sha1ctx, EVP_sha1() );
	m_Bdy_ietf_sha256ctx = EVP_MD_CTX_new();
	if ( m_Bdy_ietf_sha256ctx == NULL )
		throw std::runtime_error("out of memory");
	EVP_DigestInit( m_Bdy_ietf_sha256ctx, EVP_sha256() );
}

CDKIMSign::~CDKIMSign()
{
	EVP_MD_CTX_free( m_allman_sha1ctx );
	EVP_MD_CTX_free( m_Hdr_ietf_sha1ctx );
	EVP_MD_CTX_free( m_Hdr_ietf_sha256ctx );
	EVP_MD_CTX_free( m_Bdy_ietf_sha1ctx );
	EVP_MD_CTX_free( m_Bdy_ietf_sha256ctx );
}

////////////////////////////////////////////////////////////////////////////////

	{
		if( m_nIncludeBodyHash & DKIM_BODYHASH_ALLMAN_1 )
		{
			EVP_SignUpdate( m_allman_sha1ctx, szBuffer, nBufLength );
		}
	}
	else
	{
		if( m_nIncludeBodyHash < DKIM_BODYHASH_IETF_1 )
		{
			EVP_SignUpdate( m_allman_sha1ctx, szBuffer, nBufLength );
		}
		else if( m_nIncludeBodyHash & DKIM_BODYHASH_IETF_1 )
		{
			if( m_nIncludeBodyHash & DKIM_BODYHASH_ALLMAN_1 )
			{
				EVP_SignUpdate( m_allman_sha1ctx, szBuffer, nBufLength );
			}
			if( m_nHash & DKIM_HASH_SHA256 )
			{
				if( bHdr )
					EVP_SignUpdate( m_Hdr_ietf_sha256ctx, szBuffer, nBufLength );
				else
					EVP_DigestUpdate( m_Bdy_ietf_sha256ctx, szBuffer, nBufLength );
			}
			if( m_nHash != DKIM_HASH_SHA256 )
			{
				if( bHdr )
					EVP_SignUpdate( m_Hdr_ietf_sha1ctx, szBuffer, nBufLength );
				else
					EVP_DigestUpdate( m_Bdy_ietf_sha1ctx, szBuffer, nBufLength );
			}
		}
	}

		unsigned char Hash[EVP_MAX_MD_SIZE];
		unsigned int nHashLen = 0;

		EVP_DigestFinal( bUseSha256 ? m_Bdy_ietf_sha256ctx : m_Bdy_ietf_sha1ctx, Hash, &nHashLen );

		bio = BIO_new(BIO_s_mem());
		if (!bio) {


	if( bUseIetfBodyHash )
	{
		EVP_SignUpdate( bUseSha256 ? m_Hdr_ietf_sha256ctx : m_Hdr_ietf_sha1ctx, sTemp.c_str(), sTemp.size() );
	}
	else
	{
		EVP_SignUpdate( m_allman_sha1ctx, sTemp.c_str(), sTemp.size() );
	}
 
	bio = BIO_new_mem_buf(szPrivKey, -1);

	
	if( bUseIetfBodyHash )
	{
		nSignRet = EVP_SignFinal( bUseSha256 ? m_Hdr_ietf_sha256ctx : m_Hdr_ietf_sha1ctx, sig, &siglen, pkey);
	}
	else
	{
		nSignRet = EVP_SignFinal( m_allman_sha1ctx, sig, &siglen, pkey);
	}






	int AssembleReturnedSig( char* szPrivKey );

	EVP_MD_CTX *m_Hdr_ietf_sha1ctx;		/* the header hash for ietf sha1  */
	EVP_MD_CTX *m_Hdr_ietf_sha256ctx;	/* the header hash for ietf sha256 */

	EVP_MD_CTX *m_Bdy_ietf_sha1ctx;		/* the body hash for ietf sha1  */
	EVP_MD_CTX *m_Bdy_ietf_sha256ctx;	/* the body hash for ietf sha256 */

	EVP_MD_CTX *m_allman_sha1ctx;		/* the hash for allman sha1  */

	int m_Canon;				// canonization method


Lines 35-40 Link Here

(-)src.old/dkimverify.cpp (-13 / +19 lines)
35	#include <assert.h>	35	#include <assert.h>
36	#include <vector>	36	#include <vector>
37	#include <algorithm>	37	#include <algorithm>
		38	#include <stdexcept>
38		39
39	#define MAX_SIGNATURES 10 // maximum number of DKIM signatures to process in a message	40	#define MAX_SIGNATURES 10 // maximum number of DKIM signatures to process in a message
40		41
Lines 43-50 Link Here
43	{	44	{
44	VerifiedBodyCount = 0;	45	VerifiedBodyCount = 0;
45	UnverifiedBodyCount = 0;	46	UnverifiedBodyCount = 0;
46	EVP_MD_CTX_init( &m_Hdr_ctx );	47	m_Hdr_ctx = EVP_MD_CTX_new();
47	EVP_MD_CTX_init( &m_Bdy_ctx );	48	if ( m_Hdr_ctx == NULL )
		49	throw std::runtime_error("out of memory");
		50	m_Bdy_ctx = EVP_MD_CTX_new();
		51	if ( m_Bdy_ctx == NULL )
		52	throw std::runtime_error("out of memory");
48	m_pSelector = NULL;	53	m_pSelector = NULL;
49	Status = DKIM_SUCCESS;	54	Status = DKIM_SUCCESS;
50	m_nHash = 0;	55	m_nHash = 0;
Lines 54-61 Link Here
54		59
55	SignatureInfo::~SignatureInfo()	60	SignatureInfo::~SignatureInfo()
56	{	61	{
57	EVP_MD_CTX_cleanup( &m_Hdr_ctx );	62	EVP_MD_CTX_free(m_Hdr_ctx);
58	EVP_MD_CTX_cleanup( &m_Bdy_ctx );	63	EVP_MD_CTX_free(m_Bdy_ctx);
59	}	64	}
60		65
61		66
Lines 459-465 Link Here
459	unsigned char md[EVP_MAX_MD_SIZE];	464	unsigned char md[EVP_MAX_MD_SIZE];
460	unsigned len = 0;	465	unsigned len = 0;
461		466
462	int res = EVP_DigestFinal( &i->m_Bdy_ctx, md, &len);	467	int res = EVP_DigestFinal( i->m_Bdy_ctx, md, &len);
463		468
464	if (!res \|\| len != i->BodyHashData.length() \|\| memcmp(i->BodyHashData.data(), md, len) != 0)	469	if (!res \|\| len != i->BodyHashData.length() \|\| memcmp(i->BodyHashData.data(), md, len) != 0)
465	{	470	{
Lines 515-521 Link Here
515		520
516	assert( i->m_pSelector != NULL );	521	assert( i->m_pSelector != NULL );
517		522
518	int res = EVP_VerifyFinal( &i->m_Hdr_ctx, (unsigned char *) i->SignatureData.data(), i->SignatureData.length(), i->m_pSelector->PublicKey);	523	int res = EVP_VerifyFinal( i->m_Hdr_ctx, (unsigned char *) i->SignatureData.data(), i->SignatureData.length(), i->m_pSelector->PublicKey);
519		524
520	if (res == 1)	525	if (res == 1)
521	{	526	{
Lines 658-668 Link Here
658		663
659	if (IsBody && !BodyHashData.empty())	664	if (IsBody && !BodyHashData.empty())
660	{	665	{
661	EVP_DigestUpdate( &m_Bdy_ctx, szBuffer, nBufLength );	666	EVP_DigestUpdate( m_Bdy_ctx, szBuffer, nBufLength );
662	}	667	}
663	else	668	else
664	{	669	{
665	EVP_VerifyUpdate( &m_Hdr_ctx, szBuffer, nBufLength );	670	EVP_VerifyUpdate( m_Hdr_ctx, szBuffer, nBufLength );
666	}	671	}
667		672
668	if (m_SaveCanonicalizedData)	673	if (m_SaveCanonicalizedData)
Lines 741-753 Link Here
741	// initialize the hashes	746	// initialize the hashes
742	if (sig.m_nHash == DKIM_HASH_SHA256)	747	if (sig.m_nHash == DKIM_HASH_SHA256)
743	{	748	{
744	EVP_VerifyInit( &sig.m_Hdr_ctx, EVP_sha256() );	749	EVP_VerifyInit( sig.m_Hdr_ctx, EVP_sha256() );
745	EVP_DigestInit( &sig.m_Bdy_ctx, EVP_sha256() );	750	EVP_DigestInit( sig.m_Bdy_ctx, EVP_sha256() );
746	}	751	}
747	else	752	else
748	{	753	{
749	EVP_VerifyInit( &sig.m_Hdr_ctx, EVP_sha1() );	754	EVP_VerifyInit( sig.m_Hdr_ctx, EVP_sha1() );
750	EVP_DigestInit( &sig.m_Bdy_ctx, EVP_sha1() );	755	EVP_DigestInit( sig.m_Bdy_ctx, EVP_sha1() );
751	}	756	}
752		757
753	// compute the hash of the header	758	// compute the hash of the header
Lines 1343-1349 Link Here
1343	return DKIM_SELECTOR_PUBLIC_KEY_INVALID;	1348	return DKIM_SELECTOR_PUBLIC_KEY_INVALID;
1344		1349
1345	// make sure public key is the correct type (we only support rsa)	1350	// make sure public key is the correct type (we only support rsa)
1346	if (pkey->type == EVP_PKEY_RSA \|\| pkey->type == EVP_PKEY_RSA2)	1351	if (EVP_PKEY_base_id(pkey) == EVP_PKEY_RSA \|\|
		1352	EVP_PKEY_base_id(pkey) == EVP_PKEY_RSA2)
1347	{	1353	{
1348	PublicKey = pkey;	1354	PublicKey = pkey;
1349	}	1355	}

Lines 83-90 Link Here

(-)src.old/dkimverify.h (-2 / +2 lines)
83	unsigned VerifiedBodyCount;	83	unsigned VerifiedBodyCount;
84	unsigned UnverifiedBodyCount;	84	unsigned UnverifiedBodyCount;
85		85
86	EVP_MD_CTX m_Hdr_ctx;	86	EVP_MD_CTX *m_Hdr_ctx;
87	EVP_MD_CTX m_Bdy_ctx;	87	EVP_MD_CTX *m_Bdy_ctx;
88	SelectorInfo *m_pSelector;	88	SelectorInfo *m_pSelector;
89		89
90	int Status;	90	int Status;

Return to bug 674892

Lines 31-36 Link Here

(-)src.old/dkimsign.cpp (-22 / +38 lines)
31		31
32	#include <string.h>	32	#include <string.h>
33	#include <map>	33	#include <map>
		34	#include <stdexcept>
34		35
35	#include "dkim.h"	36	#include "dkim.h"
36	#include "dkimsign.h"	37	#include "dkimsign.h"
Lines 41-60 Link Here
41	m_EmptyLineCount = 0;	42	m_EmptyLineCount = 0;
42	m_pfnHdrCallback = NULL;	43	m_pfnHdrCallback = NULL;
43		44
44	EVP_SignInit( &m_allman_sha1ctx, EVP_sha1() );	45	m_allman_sha1ctx = EVP_MD_CTX_new();
45	EVP_SignInit( &m_Hdr_ietf_sha1ctx, EVP_sha1() );	46	if ( m_allman_sha1ctx == NULL )
46	EVP_SignInit( &m_Hdr_ietf_sha256ctx, EVP_sha256() );	47	throw std::runtime_error("out of memory");
47	EVP_DigestInit( &m_Bdy_ietf_sha1ctx, EVP_sha1() );	48	EVP_SignInit( m_allman_sha1ctx, EVP_sha1() );
48	EVP_DigestInit( &m_Bdy_ietf_sha256ctx, EVP_sha256() );	49	m_Hdr_ietf_sha1ctx = EVP_MD_CTX_new();
		50	if ( m_Hdr_ietf_sha1ctx == NULL )
		51	throw std::runtime_error("out of memory");
		52	EVP_SignInit( m_Hdr_ietf_sha1ctx, EVP_sha1() );
		53	m_Hdr_ietf_sha256ctx = EVP_MD_CTX_new();
		54	if ( m_Hdr_ietf_sha256ctx == NULL )
		55	throw std::runtime_error("out of memory");
		56	EVP_SignInit( m_Hdr_ietf_sha256ctx, EVP_sha256() );
		57	m_Bdy_ietf_sha1ctx = EVP_MD_CTX_new();
		58	if ( m_Bdy_ietf_sha1ctx == NULL )
		59	throw std::runtime_error("out of memory");
		60	EVP_DigestInit( m_Bdy_ietf_sha1ctx, EVP_sha1() );
		61	m_Bdy_ietf_sha256ctx = EVP_MD_CTX_new();
		62	if ( m_Bdy_ietf_sha256ctx == NULL )
		63	throw std::runtime_error("out of memory");
		64	EVP_DigestInit( m_Bdy_ietf_sha256ctx, EVP_sha256() );
49	}	65	}
50		66
51	CDKIMSign::~CDKIMSign()	67	CDKIMSign::~CDKIMSign()
52	{	68	{
53	EVP_MD_CTX_cleanup( &m_allman_sha1ctx );	69	EVP_MD_CTX_free( m_allman_sha1ctx );
54	EVP_MD_CTX_cleanup( &m_Hdr_ietf_sha1ctx );	70	EVP_MD_CTX_free( m_Hdr_ietf_sha1ctx );
55	EVP_MD_CTX_cleanup( &m_Hdr_ietf_sha256ctx );	71	EVP_MD_CTX_free( m_Hdr_ietf_sha256ctx );
56	EVP_MD_CTX_cleanup( &m_Bdy_ietf_sha1ctx );	72	EVP_MD_CTX_free( m_Bdy_ietf_sha1ctx );
57	EVP_MD_CTX_cleanup( &m_Bdy_ietf_sha256ctx );	73	EVP_MD_CTX_free( m_Bdy_ietf_sha256ctx );
58	}	74	}
59		75
60	////////////////////////////////////////////////////////////////////////////////	76	////////////////////////////////////////////////////////////////////////////////
Lines 150-183 Link Here
150	{	166	{
151	if( m_nIncludeBodyHash & DKIM_BODYHASH_ALLMAN_1 )	167	if( m_nIncludeBodyHash & DKIM_BODYHASH_ALLMAN_1 )
152	{	168	{
153	EVP_SignUpdate( &m_allman_sha1ctx, szBuffer, nBufLength );	169	EVP_SignUpdate( m_allman_sha1ctx, szBuffer, nBufLength );
154	}	170	}
155	}	171	}
156	else	172	else
157	{	173	{
158	if( m_nIncludeBodyHash < DKIM_BODYHASH_IETF_1 )	174	if( m_nIncludeBodyHash < DKIM_BODYHASH_IETF_1 )
159	{	175	{
160	EVP_SignUpdate( &m_allman_sha1ctx, szBuffer, nBufLength );	176	EVP_SignUpdate( m_allman_sha1ctx, szBuffer, nBufLength );
161	}	177	}
162	else if( m_nIncludeBodyHash & DKIM_BODYHASH_IETF_1 )	178	else if( m_nIncludeBodyHash & DKIM_BODYHASH_IETF_1 )
163	{	179	{
164	if( m_nIncludeBodyHash & DKIM_BODYHASH_ALLMAN_1 )	180	if( m_nIncludeBodyHash & DKIM_BODYHASH_ALLMAN_1 )
165	{	181	{
166	EVP_SignUpdate( &m_allman_sha1ctx, szBuffer, nBufLength );	182	EVP_SignUpdate( m_allman_sha1ctx, szBuffer, nBufLength );
167	}	183	}
168	if( m_nHash & DKIM_HASH_SHA256 )	184	if( m_nHash & DKIM_HASH_SHA256 )
169	{	185	{
170	if( bHdr )	186	if( bHdr )
171	EVP_SignUpdate( &m_Hdr_ietf_sha256ctx, szBuffer, nBufLength );	187	EVP_SignUpdate( m_Hdr_ietf_sha256ctx, szBuffer, nBufLength );
172	else	188	else
173	EVP_DigestUpdate( &m_Bdy_ietf_sha256ctx, szBuffer, nBufLength );	189	EVP_DigestUpdate( m_Bdy_ietf_sha256ctx, szBuffer, nBufLength );
174	}	190	}
175	if( m_nHash != DKIM_HASH_SHA256 )	191	if( m_nHash != DKIM_HASH_SHA256 )
176	{	192	{
177	if( bHdr )	193	if( bHdr )
178	EVP_SignUpdate( &m_Hdr_ietf_sha1ctx, szBuffer, nBufLength );	194	EVP_SignUpdate( m_Hdr_ietf_sha1ctx, szBuffer, nBufLength );
179	else	195	else
180	EVP_DigestUpdate( &m_Bdy_ietf_sha1ctx, szBuffer, nBufLength );	196	EVP_DigestUpdate( m_Bdy_ietf_sha1ctx, szBuffer, nBufLength );
181	}	197	}
182	}	198	}
183	}	199	}
Lines 864-870 Link Here
864	unsigned char Hash[EVP_MAX_MD_SIZE];	880	unsigned char Hash[EVP_MAX_MD_SIZE];
865	unsigned int nHashLen = 0;	881	unsigned int nHashLen = 0;
866		882
867	EVP_DigestFinal( bUseSha256 ? &m_Bdy_ietf_sha256ctx : &m_Bdy_ietf_sha1ctx, Hash, &nHashLen );	883	EVP_DigestFinal( bUseSha256 ? m_Bdy_ietf_sha256ctx : m_Bdy_ietf_sha1ctx, Hash, &nHashLen );
868		884
869	bio = BIO_new(BIO_s_mem());	885	bio = BIO_new(BIO_s_mem());
870	if (!bio) {	886	if (!bio) {
Lines 935-945 Link Here
935		951
936	if( bUseIetfBodyHash )	952	if( bUseIetfBodyHash )
937	{	953	{
938	EVP_SignUpdate( bUseSha256 ? &m_Hdr_ietf_sha256ctx : &m_Hdr_ietf_sha1ctx, sTemp.c_str(), sTemp.size() );	954	EVP_SignUpdate( bUseSha256 ? m_Hdr_ietf_sha256ctx : m_Hdr_ietf_sha1ctx, sTemp.c_str(), sTemp.size() );
939	}	955	}
940	else	956	else
941	{	957	{
942	EVP_SignUpdate( &m_allman_sha1ctx, sTemp.c_str(), sTemp.size() );	958	EVP_SignUpdate( m_allman_sha1ctx, sTemp.c_str(), sTemp.size() );
943	}	959	}
944		960
945	bio = BIO_new_mem_buf(szPrivKey, -1);	961	bio = BIO_new_mem_buf(szPrivKey, -1);
Lines 966-976 Link Here
966		982
967	if( bUseIetfBodyHash )	983	if( bUseIetfBodyHash )
968	{	984	{
969	nSignRet = EVP_SignFinal( bUseSha256 ? &m_Hdr_ietf_sha256ctx : &m_Hdr_ietf_sha1ctx, sig, &siglen, pkey);	985	nSignRet = EVP_SignFinal( bUseSha256 ? m_Hdr_ietf_sha256ctx : m_Hdr_ietf_sha1ctx, sig, &siglen, pkey);
970	}	986	}
971	else	987	else
972	{	988	{
973	nSignRet = EVP_SignFinal( &m_allman_sha1ctx, sig, &siglen, pkey);	989	nSignRet = EVP_SignFinal( m_allman_sha1ctx, sig, &siglen, pkey);
974	}	990	}
975		991

Lines 60-72 Link Here

(-)src.old/dkimsign.h (-5 / +5 lines)
60		60
61	int AssembleReturnedSig( char* szPrivKey );	61	int AssembleReturnedSig( char* szPrivKey );
62		62
63	EVP_MD_CTX m_Hdr_ietf_sha1ctx; /* the header hash for ietf sha1 */	63	EVP_MD_CTX m_Hdr_ietf_sha1ctx; / the header hash for ietf sha1 */
64	EVP_MD_CTX m_Hdr_ietf_sha256ctx; /* the header hash for ietf sha256 */	64	EVP_MD_CTX m_Hdr_ietf_sha256ctx; / the header hash for ietf sha256 */
65		65
66	EVP_MD_CTX m_Bdy_ietf_sha1ctx; /* the body hash for ietf sha1 */	66	EVP_MD_CTX m_Bdy_ietf_sha1ctx; / the body hash for ietf sha1 */
67	EVP_MD_CTX m_Bdy_ietf_sha256ctx; /* the body hash for ietf sha256 */	67	EVP_MD_CTX m_Bdy_ietf_sha256ctx; / the body hash for ietf sha256 */
68		68
69	EVP_MD_CTX m_allman_sha1ctx; /* the hash for allman sha1 */	69	EVP_MD_CTX m_allman_sha1ctx; / the hash for allman sha1 */
70		70
71	int m_Canon; // canonization method	71	int m_Canon; // canonization method
72		72