1 From beab8545ebb2898a2beb157a4d9424ebddf3e26f Mon Sep 17 00:00:00 2001
2 From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi>
3 Date: Fri, 26 Oct 2018 08:21:52 +0300
4 Subject: [PATCH] add support for openssl 1.1
9 src/apk_openssl.h | 21 +++++++++++++++++++++
10 src/apk_package.h | 2 +-
11 src/archive.c | 17 ++++++++++-------
12 src/database.c | 19 ++++++++++++-------
13 src/io.c | 45 ++++++++++++++++++++++++++-------------------
14 src/package.c | 37 +++++++++++++++++++------------------
15 8 files changed, 90 insertions(+), 54 deletions(-)
16 create mode 100644 src/apk_openssl.h
18 diff --git a/src/apk_blob.h b/src/apk_blob.h
19 index 2d2e30e..4fdd3be 100644
26 -#include <openssl/evp.h>
28 #include "apk_defines.h"
29 +#include "apk_openssl.h"
31 typedef const unsigned char *apk_spn_match;
32 typedef unsigned char apk_spn_match_def[256 / 8];
33 diff --git a/src/apk_io.h b/src/apk_io.h
34 index 94aa989..26c3f28 100644
40 #include <sys/types.h>
41 -#include <openssl/evp.h>
45 diff --git a/src/apk_openssl.h b/src/apk_openssl.h
47 index 0000000..c45beb9
49 +++ b/src/apk_openssl.h
51 +#ifndef APK_SSL_COMPAT_H
52 +#define APK_SSL_COMPAT_H
54 +#include <openssl/opensslv.h>
55 +#include <openssl/evp.h>
57 +#if OPENSSL_VERSION_NUMBER < 0x1010000fL || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x2070000fL)
59 +static inline EVP_MD_CTX *EVP_MD_CTX_new(void)
61 + return EVP_MD_CTX_create();
64 +static inline void EVP_MD_CTX_free(EVP_MD_CTX *mdctx)
66 + return EVP_MD_CTX_destroy(mdctx);
72 diff --git a/src/apk_package.h b/src/apk_package.h
73 index 87635a9..6c4ff29 100644
74 --- a/src/apk_package.h
75 +++ b/src/apk_package.h
76 @@ -58,7 +58,7 @@ struct apk_sign_ctx {
77 int data_verified : 1;
78 char data_checksum[EVP_MAX_MD_SIZE];
79 struct apk_checksum identity;
85 diff --git a/src/archive.c b/src/archive.c
86 index 9a184fd..f3a66c2 100644
90 #include "apk_defines.h"
91 #include "apk_print.h"
92 #include "apk_archive.h"
93 +#include "apk_openssl.h"
96 /* ustar header, Posix 1003.1 */
97 @@ -82,7 +83,7 @@ struct apk_tar_entry_istream {
98 struct apk_istream is;
99 struct apk_istream *tar_is;
103 struct apk_checksum *csum;
106 @@ -121,10 +122,10 @@ static ssize_t tar_entry_read(void *stream, void *ptr, size_t size)
107 if (teis->csum == NULL)
110 - EVP_DigestUpdate(&teis->mdctx, ptr, r);
111 + EVP_DigestUpdate(teis->mdctx, ptr, r);
112 if (teis->bytes_left == 0) {
113 - teis->csum->type = EVP_MD_CTX_size(&teis->mdctx);
114 - EVP_DigestFinal_ex(&teis->mdctx, teis->csum->data, NULL);
115 + teis->csum->type = EVP_MD_CTX_size(teis->mdctx);
116 + EVP_DigestFinal_ex(teis->mdctx, teis->csum->data, NULL);
120 @@ -210,7 +211,9 @@ int apk_tar_parse(struct apk_istream *is, apk_archive_entry_parser parser,
121 char filename[sizeof buf.name + sizeof buf.prefix + 2];
123 odi = (struct apk_tar_digest_info *) &buf.linkname[3];
124 - EVP_MD_CTX_init(&teis.mdctx);
125 + teis.mdctx = EVP_MD_CTX_new();
126 + if (!teis.mdctx) return -ENOMEM;
128 memset(&entry, 0, sizeof(entry));
129 entry.name = buf.name;
130 while ((r = apk_istream_read(is, &buf, 512)) == 512) {
131 @@ -327,7 +330,7 @@ int apk_tar_parse(struct apk_istream *is, apk_archive_entry_parser parser,
132 if (entry.mode & S_IFMT) {
133 /* callback parser function */
134 if (teis.csum != NULL)
135 - EVP_DigestInit_ex(&teis.mdctx,
136 + EVP_DigestInit_ex(teis.mdctx,
137 apk_checksum_default(), NULL);
139 r = parser(ctx, &entry, &teis.is);
140 @@ -360,7 +363,7 @@ err:
141 /* Check that there was no partial (or non-zero) record */
142 if (r >= 0) r = -EBADMSG;
144 - EVP_MD_CTX_cleanup(&teis.mdctx);
145 + EVP_MD_CTX_free(teis.mdctx);
148 apk_fileinfo_free(&entry);
149 diff --git a/src/database.c b/src/database.c
150 index 8cf63b2..91fcedd 100644
154 #include "apk_applet.h"
155 #include "apk_archive.h"
156 #include "apk_print.h"
157 +#include "apk_openssl.h"
159 static const apk_spn_match_def apk_spn_repo_separators = {
161 @@ -2363,18 +2364,22 @@ static struct apk_db_dir_instance *apk_db_install_directory_entry(struct install
163 static const char *format_tmpname(struct apk_package *pkg, struct apk_db_file *f, char tmpname[static TMPNAME_MAX])
167 unsigned char md[EVP_MAX_MD_SIZE];
168 apk_blob_t b = APK_BLOB_PTR_LEN(tmpname, TMPNAME_MAX);
172 - EVP_DigestInit(&mdctx, EVP_sha256());
173 - EVP_DigestUpdate(&mdctx, pkg->name->name, strlen(pkg->name->name) + 1);
174 - EVP_DigestUpdate(&mdctx, f->diri->dir->name, f->diri->dir->namelen);
175 - EVP_DigestUpdate(&mdctx, "/", 1);
176 - EVP_DigestUpdate(&mdctx, f->name, f->namelen);
177 - EVP_DigestFinal(&mdctx, md, NULL);
178 + mdctx = EVP_MD_CTX_new();
179 + if (!mdctx) return NULL;
181 + EVP_DigestInit_ex(mdctx, EVP_sha256(), NULL);
182 + EVP_DigestUpdate(mdctx, pkg->name->name, strlen(pkg->name->name) + 1);
183 + EVP_DigestUpdate(mdctx, f->diri->dir->name, f->diri->dir->namelen);
184 + EVP_DigestUpdate(mdctx, "/", 1);
185 + EVP_DigestUpdate(mdctx, f->name, f->namelen);
186 + EVP_DigestFinal_ex(mdctx, md, NULL);
187 + EVP_MD_CTX_free(mdctx);
189 apk_blob_push_blob(&b, APK_BLOB_PTR_LEN(f->diri->dir->name, f->diri->dir->namelen));
190 apk_blob_push_blob(&b, APK_BLOB_STR("/.apk."));
191 diff --git a/src/io.c b/src/io.c
192 index ff254fd..0295807 100644
196 #include "apk_defines.h"
198 #include "apk_hash.h"
199 +#include "apk_openssl.h"
201 #if defined(__GLIBC__) || defined(__UCLIBC__)
202 #define HAVE_FGETPWENT_R
203 @@ -623,22 +624,25 @@ static void hash_len_data(EVP_MD_CTX *ctx, uint32_t len, const void *ptr)
204 void apk_fileinfo_hash_xattr_array(struct apk_xattr_array *xattrs, const EVP_MD *md, struct apk_checksum *csum)
206 struct apk_xattr *xattr;
210 - if (!xattrs || xattrs->num == 0) {
211 - csum->type = APK_CHECKSUM_NONE;
214 + if (!xattrs || xattrs->num == 0) goto err;
215 + mdctx = EVP_MD_CTX_new();
216 + if (!mdctx) goto err;
218 qsort(xattrs->item, xattrs->num, sizeof(xattrs->item[0]), cmp_xattr);
220 - EVP_DigestInit(&mdctx, md);
221 + EVP_DigestInit_ex(mdctx, EVP_sha256(), NULL);
222 foreach_array_item(xattr, xattrs) {
223 - hash_len_data(&mdctx, strlen(xattr->name), xattr->name);
224 - hash_len_data(&mdctx, xattr->value.len, xattr->value.ptr);
225 + hash_len_data(mdctx, strlen(xattr->name), xattr->name);
226 + hash_len_data(mdctx, xattr->value.len, xattr->value.ptr);
228 - csum->type = EVP_MD_CTX_size(&mdctx);
229 - EVP_DigestFinal(&mdctx, csum->data, NULL);
230 + csum->type = EVP_MD_CTX_size(mdctx);
231 + EVP_DigestFinal_ex(mdctx, csum->data, NULL);
232 + EVP_MD_CTX_free(mdctx);
235 + csum->type = APK_CHECKSUM_NONE;
238 void apk_fileinfo_hash_xattr(struct apk_file_info *fi)
239 @@ -723,17 +727,20 @@ int apk_fileinfo_get(int atfd, const char *filename, unsigned int flags,
241 bs = apk_bstream_from_file(atfd, filename);
242 if (!IS_ERR_OR_NULL(bs)) {
247 - EVP_DigestInit(&mdctx, apk_checksum_evp(checksum));
248 - if (bs->flags & APK_BSTREAM_SINGLE_READ)
249 - EVP_MD_CTX_set_flags(&mdctx, EVP_MD_CTX_FLAG_ONESHOT);
250 - while (!APK_BLOB_IS_NULL(blob = apk_bstream_read(bs, APK_BLOB_NULL)))
251 - EVP_DigestUpdate(&mdctx, (void*) blob.ptr, blob.len);
252 - fi->csum.type = EVP_MD_CTX_size(&mdctx);
253 - EVP_DigestFinal(&mdctx, fi->csum.data, NULL);
255 + mdctx = EVP_MD_CTX_new();
257 + EVP_DigestInit_ex(mdctx, apk_checksum_evp(checksum), NULL);
258 + if (bs->flags & APK_BSTREAM_SINGLE_READ)
259 + EVP_MD_CTX_set_flags(mdctx, EVP_MD_CTX_FLAG_ONESHOT);
260 + while (!APK_BLOB_IS_NULL(blob = apk_bstream_read(bs, APK_BLOB_NULL)))
261 + EVP_DigestUpdate(mdctx, (void*) blob.ptr, blob.len);
262 + fi->csum.type = EVP_MD_CTX_size(mdctx);
263 + EVP_DigestFinal_ex(mdctx, fi->csum.data, NULL);
264 + EVP_MD_CTX_free(mdctx);
266 apk_bstream_close(bs, NULL);
269 diff --git a/src/package.c b/src/package.c
270 index e19250a..baa8a90 100644
274 #include <sys/wait.h>
275 #include <sys/stat.h>
277 +#include "apk_openssl.h"
278 #include <openssl/pem.h>
280 #include "apk_defines.h"
281 @@ -490,9 +491,9 @@ void apk_sign_ctx_init(struct apk_sign_ctx *ctx, int action,
282 ctx->data_started = 1;
285 - EVP_MD_CTX_init(&ctx->mdctx);
286 - EVP_DigestInit_ex(&ctx->mdctx, ctx->md, NULL);
287 - EVP_MD_CTX_set_flags(&ctx->mdctx, EVP_MD_CTX_FLAG_ONESHOT);
288 + ctx->mdctx = EVP_MD_CTX_new();
289 + EVP_DigestInit_ex(ctx->mdctx, ctx->md, NULL);
290 + EVP_MD_CTX_set_flags(ctx->mdctx, EVP_MD_CTX_FLAG_ONESHOT);
293 void apk_sign_ctx_free(struct apk_sign_ctx *ctx)
294 @@ -501,7 +502,7 @@ void apk_sign_ctx_free(struct apk_sign_ctx *ctx)
295 free(ctx->signature.data.ptr);
296 if (ctx->signature.pkey != NULL)
297 EVP_PKEY_free(ctx->signature.pkey);
298 - EVP_MD_CTX_cleanup(&ctx->mdctx);
299 + EVP_MD_CTX_free(ctx->mdctx);
302 static int check_signing_key_trust(struct apk_sign_ctx *sctx)
303 @@ -674,16 +675,16 @@ int apk_sign_ctx_mpart_cb(void *ctx, int part, apk_blob_t data)
305 /* Drool in the remaining of the digest block now, we will finish
307 - EVP_DigestUpdate(&sctx->mdctx, data.ptr, data.len);
308 + EVP_DigestUpdate(sctx->mdctx, data.ptr, data.len);
310 /* End of control-block and checking control hash/signature or
311 * end of data-block and checking its hash/signature */
312 if (sctx->has_data_checksum && !end_of_control) {
313 /* End of control-block and check it's hash */
314 - EVP_DigestFinal_ex(&sctx->mdctx, calculated, NULL);
315 - if (EVP_MD_CTX_size(&sctx->mdctx) == 0 ||
316 + EVP_DigestFinal_ex(sctx->mdctx, calculated, NULL);
317 + if (EVP_MD_CTX_size(sctx->mdctx) == 0 ||
318 memcmp(calculated, sctx->data_checksum,
319 - EVP_MD_CTX_size(&sctx->mdctx)) != 0)
320 + EVP_MD_CTX_size(sctx->mdctx)) != 0)
321 return -EKEYREJECTED;
322 sctx->data_verified = 1;
323 if (!(apk_flags & APK_ALLOW_UNTRUSTED) &&
324 @@ -700,7 +701,7 @@ int apk_sign_ctx_mpart_cb(void *ctx, int part, apk_blob_t data)
325 case APK_SIGN_VERIFY:
326 case APK_SIGN_VERIFY_AND_GENERATE:
327 if (sctx->signature.pkey != NULL) {
328 - r = EVP_VerifyFinal(&sctx->mdctx,
329 + r = EVP_VerifyFinal(sctx->mdctx,
330 (unsigned char *) sctx->signature.data.ptr,
331 sctx->signature.data.len,
332 sctx->signature.pkey);
333 @@ -717,13 +718,13 @@ int apk_sign_ctx_mpart_cb(void *ctx, int part, apk_blob_t data)
334 sctx->data_verified = 1;
336 if (sctx->action == APK_SIGN_VERIFY_AND_GENERATE) {
337 - sctx->identity.type = EVP_MD_CTX_size(&sctx->mdctx);
338 - EVP_DigestFinal_ex(&sctx->mdctx, sctx->identity.data, NULL);
339 + sctx->identity.type = EVP_MD_CTX_size(sctx->mdctx);
340 + EVP_DigestFinal_ex(sctx->mdctx, sctx->identity.data, NULL);
343 case APK_SIGN_VERIFY_IDENTITY:
344 /* Reset digest for hashing data */
345 - EVP_DigestFinal_ex(&sctx->mdctx, calculated, NULL);
346 + EVP_DigestFinal_ex(sctx->mdctx, calculated, NULL);
347 if (memcmp(calculated, sctx->identity.data,
348 sctx->identity.type) != 0)
349 return -EKEYREJECTED;
350 @@ -733,21 +734,21 @@ int apk_sign_ctx_mpart_cb(void *ctx, int part, apk_blob_t data)
352 case APK_SIGN_GENERATE:
353 /* Package identity is the checksum */
354 - sctx->identity.type = EVP_MD_CTX_size(&sctx->mdctx);
355 - EVP_DigestFinal_ex(&sctx->mdctx, sctx->identity.data, NULL);
356 + sctx->identity.type = EVP_MD_CTX_size(sctx->mdctx);
357 + EVP_DigestFinal_ex(sctx->mdctx, sctx->identity.data, NULL);
358 if (sctx->action == APK_SIGN_GENERATE &&
359 sctx->has_data_checksum)
364 - EVP_DigestInit_ex(&sctx->mdctx, sctx->md, NULL);
365 - EVP_MD_CTX_set_flags(&sctx->mdctx, EVP_MD_CTX_FLAG_ONESHOT);
366 + EVP_DigestInit_ex(sctx->mdctx, sctx->md, NULL);
367 + EVP_MD_CTX_set_flags(sctx->mdctx, EVP_MD_CTX_FLAG_ONESHOT);
371 - EVP_MD_CTX_clear_flags(&sctx->mdctx, EVP_MD_CTX_FLAG_ONESHOT);
372 - EVP_DigestUpdate(&sctx->mdctx, data.ptr, data.len);
373 + EVP_MD_CTX_clear_flags(sctx->mdctx, EVP_MD_CTX_FLAG_ONESHOT);
374 + EVP_DigestUpdate(sctx->mdctx, data.ptr, data.len);