File:  [cvs.NetBSD.org] / pkgsrc / devel / eet / patches / patch-src_lib_eet__cipher.c
Revision 1.1: download - view: text, annotated - select for diffs
Mon Apr 20 13:19:38 2020 UTC (4 years, 7 months ago) by joerg
Branches: MAIN
CVS tags: pkgsrc-2024Q3-base, pkgsrc-2024Q3, pkgsrc-2024Q2-base, pkgsrc-2024Q2, pkgsrc-2024Q1-base, pkgsrc-2024Q1, pkgsrc-2023Q4-base, pkgsrc-2023Q4, pkgsrc-2023Q3-base, pkgsrc-2023Q3, pkgsrc-2023Q2-base, pkgsrc-2023Q2, pkgsrc-2023Q1-base, pkgsrc-2023Q1, pkgsrc-2022Q4-base, pkgsrc-2022Q4, pkgsrc-2022Q3-base, pkgsrc-2022Q3, pkgsrc-2022Q2-base, pkgsrc-2022Q2, pkgsrc-2022Q1-base, pkgsrc-2022Q1, pkgsrc-2021Q4-base, pkgsrc-2021Q4, pkgsrc-2021Q3-base, pkgsrc-2021Q3, pkgsrc-2021Q2-base, pkgsrc-2021Q2, pkgsrc-2021Q1-base, pkgsrc-2021Q1, pkgsrc-2020Q4-base, pkgsrc-2020Q4, pkgsrc-2020Q3-base, pkgsrc-2020Q3, pkgsrc-2020Q2-base, pkgsrc-2020Q2, HEAD
Update to eet-1.7.10 with an additional patch for OpenSSL 1.1:
    * Fix memory leak in eet_image.
    * With segfault with edje_cc in some cases
    * Fix eet_cache_concurrency test

$NetBSD: patch-src_lib_eet__cipher.c,v 1.1 2020/04/20 13:19:38 joerg Exp $

--- src/lib/eet_cipher.c.orig	2013-07-29 14:22:39.000000000 +0000
+++ src/lib/eet_cipher.c
@@ -410,8 +410,18 @@ on_error:
    dh = EVP_PKEY_get1_DH(key->private_key);
    if (dh)
      {
+        BIO *b;
         fprintf(out, "Private key (DH):\n");
-        DHparams_print_fp(out, dh);
+        if ((b=BIO_new(BIO_s_file())) == NULL)
+          {
+            DHerr(DH_F_DHPARAMS_PRINT_FP,ERR_R_BUF_LIB);
+          }
+        else
+          {
+            BIO_set_fp(b, out, BIO_NOCLOSE);
+            DHparams_print(b, dh);
+            BIO_free(b);
+          }
      }
 
    fprintf(out, "Public certificate:\n");
@@ -505,7 +515,7 @@ eet_identity_sign(FILE    *fp,
    gnutls_privkey_t privkey;
 #endif
 # else /* ifdef HAVE_GNUTLS */
-   EVP_MD_CTX md_ctx;
+   EVP_MD_CTX *md_ctx;
    unsigned int sign_len = 0;
    int cert_len = 0;
 # endif /* ifdef HAVE_GNUTLS */
@@ -614,9 +624,16 @@ eet_identity_sign(FILE    *fp,
      }
 
    /* Do the signature. */
-   EVP_SignInit(&md_ctx, EVP_sha1());
-   EVP_SignUpdate(&md_ctx, data, st_buf.st_size);
-   err = EVP_SignFinal(&md_ctx,
+   md_ctx = EVP_MD_CTX_create();
+   if (md_ctx == NULL)
+     {
+        ERR_print_errors_fp(stdout);
+        err = EET_ERROR_SIGNATURE_FAILED;
+        goto on_error;
+     }
+   EVP_SignInit(md_ctx, EVP_sha1());
+   EVP_SignUpdate(md_ctx, data, st_buf.st_size);
+   err = EVP_SignFinal(md_ctx,
                        sign,
                        (unsigned int *)&sign_len,
                        key->private_key);
@@ -626,6 +643,7 @@ eet_identity_sign(FILE    *fp,
         err = EET_ERROR_SIGNATURE_FAILED;
         goto on_error;
      }
+   EVP_MD_CTX_free(md_ctx);
 
    /* Give me the der (binary form for X509). */
    cert_len = i2d_X509(key->certificate, &cert);
@@ -814,7 +832,7 @@ eet_identity_check(const void   *data_ba
    const unsigned char *tmp;
    EVP_PKEY *pkey;
    X509 *x509;
-   EVP_MD_CTX md_ctx;
+   EVP_MD_CTX *md_ctx;
    int err;
 
    /* Strange but d2i_X509 seems to put 0 all over the place. */
@@ -833,9 +851,16 @@ eet_identity_check(const void   *data_ba
      }
 
    /* Verify the signature */
-   EVP_VerifyInit(&md_ctx, EVP_sha1());
-   EVP_VerifyUpdate(&md_ctx, data_base, data_length);
-   err = EVP_VerifyFinal(&md_ctx, sign, sign_len, pkey);
+   md_ctx = EVP_MD_CTX_create();
+   if (!md_ctx)
+     {
+        X509_free(x509);
+        return NULL;
+     }
+   EVP_VerifyInit(md_ctx, EVP_sha1());
+   EVP_VerifyUpdate(md_ctx, data_base, data_length);
+   err = EVP_VerifyFinal(md_ctx, sign, sign_len, pkey);
+   EVP_MD_CTX_free(md_ctx);
 
    X509_free(x509);
    EVP_PKEY_free(pkey);
@@ -971,7 +996,7 @@ eet_cipher(const void   *data,
    gcry_cipher_hd_t cipher;
 # else /* ifdef HAVE_GNUTLS */
    /* Openssl declarations*/
-   EVP_CIPHER_CTX ctx;
+   EVP_CIPHER_CTX *ctx;
    unsigned int *buffer = NULL;
    int tmp_len;
 # endif /* ifdef HAVE_GNUTLS */
@@ -1055,27 +1080,28 @@ eet_cipher(const void   *data,
 
    /* Openssl create the corresponding cipher
       AES with a 256 bit key, Cipher Block Chaining mode */
-   EVP_CIPHER_CTX_init(&ctx);
-   if (!EVP_EncryptInit_ex(&ctx, EVP_aes_256_cbc(), NULL, ik, iv))
+   ctx = EVP_CIPHER_CTX_new();
+   if (!ctx)
      goto on_error;
-
    opened = 1;
+   if (!EVP_EncryptInit_ex(ctx, EVP_aes_256_cbc(), NULL, ik, iv))
+     goto on_error;
 
    memset(iv, 0, sizeof (iv));
    memset(ik, 0, sizeof (ik));
 
    /* Openssl encrypt */
-   if (!EVP_EncryptUpdate(&ctx, (unsigned char *)(ret + 1), &tmp_len,
+   if (!EVP_EncryptUpdate(ctx, (unsigned char *)(ret + 1), &tmp_len,
                           (unsigned char *)buffer,
                           size + sizeof(unsigned int)))
      goto on_error;
 
    /* Openssl close the cipher */
-   if (!EVP_EncryptFinal_ex(&ctx, ((unsigned char *)(ret + 1)) + tmp_len,
+   if (!EVP_EncryptFinal_ex(ctx, ((unsigned char *)(ret + 1)) + tmp_len,
                             &tmp_len))
      goto on_error;
 
-   EVP_CIPHER_CTX_cleanup(&ctx);
+   EVP_CIPHER_CTX_cleanup(ctx);
    free(buffer);
 # endif /* ifdef HAVE_GNUTLS */
 
@@ -1102,7 +1128,7 @@ on_error:
 # else /* ifdef HAVE_GNUTLS */
    /* Openssl error */
    if (opened)
-     EVP_CIPHER_CTX_cleanup(&ctx);
+     EVP_CIPHER_CTX_free(ctx);
 
    free(buffer);
    
@@ -1203,26 +1229,28 @@ eet_decipher(const void   *data,
    gcry_cipher_close(cipher);
 
 # else /* ifdef HAVE_GNUTLS */
-   EVP_CIPHER_CTX ctx;
+   EVP_CIPHER_CTX *ctx;
    int opened = 0;
 
    /* Openssl create the corresponding cipher */
-   EVP_CIPHER_CTX_init(&ctx);
+   ctx = EVP_CIPHER_CTX_new();
+   if (!ctx)
+     goto on_error;
    opened = 1;
 
-   if (!EVP_DecryptInit_ex(&ctx, EVP_aes_256_cbc(), NULL, ik, iv))
+   if (!EVP_DecryptInit_ex(ctx, EVP_aes_256_cbc(), NULL, ik, iv))
      goto on_error;
 
    memset(iv, 0, sizeof (iv));
    memset(ik, 0, sizeof (ik));
 
    /* Openssl decrypt */
-   if (!EVP_DecryptUpdate(&ctx, (unsigned char *)ret, &tmp,
+   if (!EVP_DecryptUpdate(ctx, (unsigned char *)ret, &tmp,
                           (unsigned char *)(over + 1), tmp_len))
      goto on_error;
 
    /* Openssl close the cipher*/
-   EVP_CIPHER_CTX_cleanup(&ctx);
+   EVP_CIPHER_CTX_free(ctx);
 # endif /* ifdef HAVE_GNUTLS */
    /* Get the decrypted data size */
    tmp = *ret;
@@ -1255,7 +1283,7 @@ on_error:
 # ifdef HAVE_GNUTLS
 # else
    if (opened)
-     EVP_CIPHER_CTX_cleanup(&ctx);
+     EVP_CIPHER_CTX_free(ctx);
 
 # endif /* ifdef HAVE_GNUTLS */
    if (result)
@@ -1342,13 +1370,19 @@ eet_pbkdf2_sha1(const char          *key
    int j, k;
 # ifdef HAVE_GNUTLS
 # else
-   HMAC_CTX hctx;
+   HMAC_CTX *hctx;
 # endif /* ifdef HAVE_GNUTLS */
 
    buf = alloca(salt_len + 4);
    if (!buf)
      return 1;
 
+# ifdef HAVE_GNUTLS
+# else
+   hctx = HMAC_CTX_new();
+   if (!hctx)
+     return 1;
+# endif /* ifdef HAVE_GNUTLS */
    for (i = 1; len; len -= tmp_len, p += tmp_len, i++)
      {
         if (len > digest_len)
@@ -1366,10 +1400,10 @@ eet_pbkdf2_sha1(const char          *key
         memcpy(buf + salt_len, tab, 4);
         eet_hmac_sha1(key, key_len, buf, salt_len + 4, digest);
 # else /* ifdef HAVE_GNUTLS */
-        HMAC_Init(&hctx, key, key_len, EVP_sha1());
-        HMAC_Update(&hctx, salt, salt_len);
-        HMAC_Update(&hctx, tab, 4);
-        HMAC_Final(&hctx, digest, NULL);
+        HMAC_Init_ex(hctx, key, key_len, EVP_sha1(), NULL);
+        HMAC_Update(hctx, salt, salt_len);
+        HMAC_Update(hctx, tab, 4);
+        HMAC_Final(hctx, digest, NULL);
 # endif /* ifdef HAVE_GNUTLS */
         memcpy(p, digest, tmp_len);
 
@@ -1384,11 +1418,12 @@ eet_pbkdf2_sha1(const char          *key
                p[k] ^= digest[k];
           }
 
+     }
+	HMAC_CTX_reset(hctx);
 # ifdef HAVE_GNUTLS
 # else
-	HMAC_cleanup(&hctx);
+   HMAC_CTX_free(hctx);
 # endif /* ifdef HAVE_GNUTLS */
-     }
 
    return 0;
 }

CVSweb <webmaster@jp.NetBSD.org>