Hi,
This message by Stephen Henson looks like it might be the way to deal
with the STACK_OF(ASN1_OCTET_STRING) and
STACK_OF(SpcAttributeTypeAndOptionalValue) types.
https://mta.openssl.org/pipermail/openssl-users/2016-September/004442.html
Meanwhile, here's a patch for the easy bits:
- Dealing with renamed types
- Allocating opaque structures on the heap.
Cheers,
-Hilko
>From 1fe4ce60fadf202299d4c7e86f380c3bf9051cef Mon Sep 17 00:00:00 2001
From: Hilko Bengen <ben...@debian.org>
Date: Sun, 19 Nov 2017 15:35:04 +0100
Subject: [PATCH] Easy fixes toward OpenSSL 1.1 compatibility
- Rename M_ASN1_* -> ASN1_*
- Allocate EVP_MD_CTX has become opaque, so it needs to be allocated
on the heap.
---
osslsigncode.c | 90 +++++++++++++++++++++++++++++++++-------------------------
1 file changed, 52 insertions(+), 38 deletions(-)
diff --git a/osslsigncode.c b/osslsigncode.c
index 32e37c8..aea2109 100644
--- a/osslsigncode.c
+++ b/osslsigncode.c
@@ -450,7 +450,7 @@ static SpcSpOpusInfo* createOpus(const char *desc, const char *url)
if (desc) {
info->programName = SpcString_new();
info->programName->type = 1;
- info->programName->value.ascii = M_ASN1_IA5STRING_new();
+ info->programName->value.ascii = ASN1_IA5STRING_new();
ASN1_STRING_set((ASN1_STRING *)info->programName->value.ascii,
(const unsigned char*)desc, strlen(desc));
}
@@ -458,7 +458,7 @@ static SpcSpOpusInfo* createOpus(const char *desc, const char *url)
if (url) {
info->moreInfo = SpcLink_new();
info->moreInfo->type = 0;
- info->moreInfo->value.url = M_ASN1_IA5STRING_new();
+ info->moreInfo->value.url = ASN1_IA5STRING_new();
ASN1_STRING_set((ASN1_STRING *)info->moreInfo->value.url,
(const unsigned char*)url, strlen(url));
}
@@ -609,19 +609,20 @@ static int add_timestamp(PKCS7 *sig, char *url, char *proxy, int rfc3161, const
if (rfc3161) {
unsigned char mdbuf[EVP_MAX_MD_SIZE];
- EVP_MD_CTX mdctx;
+ EVP_MD_CTX* mdctx = EVP_MD_CTX_create();
- EVP_MD_CTX_init(&mdctx);
- EVP_DigestInit(&mdctx, md);
- EVP_DigestUpdate(&mdctx, si->enc_digest->data, si->enc_digest->length);
- EVP_DigestFinal(&mdctx, mdbuf, NULL);
+ EVP_DigestInit(mdctx, md);
+ EVP_DigestUpdate(mdctx, si->enc_digest->data, si->enc_digest->length);
+ EVP_DigestFinal(mdctx, mdbuf, NULL);
+
+ EVP_MD_CTX_destroy(mdctx);
TimeStampReq *req = TimeStampReq_new();
ASN1_INTEGER_set(req->version, 1);
req->messageImprint->digestAlgorithm->algorithm = OBJ_nid2obj(EVP_MD_nid(md));
req->messageImprint->digestAlgorithm->parameters = ASN1_TYPE_new();
req->messageImprint->digestAlgorithm->parameters->type = V_ASN1_NULL;
- M_ASN1_OCTET_STRING_set(req->messageImprint->digest, mdbuf, EVP_MD_size(md));
+ ASN1_OCTET_STRING_set(req->messageImprint->digest, mdbuf, EVP_MD_size(md));
req->certReq = (void*)0x1;
len = i2d_TimeStampReq(req, NULL);
@@ -924,6 +925,7 @@ static const unsigned char classid_page_hash[] = {
static unsigned char *calc_page_hash(char *indata, unsigned int peheader, int pe32plus,
unsigned int sigpos, int phtype, unsigned int *phlen);
+#if OPENSSL_VERSION_NUMBER < 0x10100000
DECLARE_STACK_OF(ASN1_OCTET_STRING)
#ifndef sk_ASN1_OCTET_STRING_new_null
#define sk_ASN1_OCTET_STRING_new_null() SKM_sk_new_null(ASN1_OCTET_STRING)
@@ -931,15 +933,26 @@ DECLARE_STACK_OF(ASN1_OCTET_STRING)
#define sk_ASN1_OCTET_STRING_push(st, val) SKM_sk_push(ASN1_OCTET_STRING, (st), (val))
#define i2d_ASN1_SET_OF_ASN1_OCTET_STRING(st, pp, i2d_func, ex_tag, ex_class, is_set) \
SKM_ASN1_SET_OF_i2d(ASN1_OCTET_STRING, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
+#else
+DEFINE_STACK_OF(ASN1_OCTET_STRING)
+#define i2d_sk_ASN1_SET_OF_ASN1_OCTET_STRING(st, pp, i2d_func, ex_tag, ex_class, is_set) \
+ ASN1_SET_OF_i2d(ASN1_OCTET_STRING, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
+#endif
#endif
+#if OPENSSL_VERSION_NUMBER < 0x10100000
DECLARE_STACK_OF(SpcAttributeTypeAndOptionalValue)
#ifndef sk_SpcAttributeTypeAndOptionalValue_new_null
#define sk_SpcAttributeTypeAndOptionalValue_new_null() SKM_sk_new_null(SpcAttributeTypeAndOptionalValue)
#define sk_SpcAttributeTypeAndOptionalValue_free(st) SKM_sk_free(SpcAttributeTypeAndOptionalValue, (st))
#define sk_SpcAttributeTypeAndOptionalValue_push(st, val) SKM_sk_push(SpcAttributeTypeAndOptionalValue, (st), (val))
-#define i2d_SpcAttributeTypeAndOptionalValue(st, pp, i2d_func, ex_tag, ex_class, is_set) \
+#define i2d_sk_SpcAttributeTypeAndOptionalValue(st, pp, i2d_func, ex_tag, ex_class, is_set) \
SKM_ASN1_SET_OF_i2d(SpcAttributeTypeAndOptionalValue, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
+#else
+DEFINE_STACK_OF(SpcAttributeTypeAndOptionalValue)
+#define i2d_sk_SpcAttributeTypeAndOptionalValue(st, pp, i2d_func, ex_tag, ex_class, is_set) \
+ ASN1_SET_OF_i2d(SpcAttributeTypeAndOptionalValue, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
+#endif
#endif
static SpcLink *get_page_hash_link(int phtype, char *indata, unsigned int peheader, int pe32plus, unsigned int sigpos)
@@ -951,8 +964,8 @@ static SpcLink *get_page_hash_link(int phtype, char *indata, unsigned int pehead
exit(-1);
}
- ASN1_OCTET_STRING *ostr = M_ASN1_OCTET_STRING_new();
- M_ASN1_OCTET_STRING_set(ostr, ph, phlen);
+ ASN1_OCTET_STRING *ostr = ASN1_OCTET_STRING_new();
+ ASN1_OCTET_STRING_set(ostr, ph, phlen);
free(ph);
STACK_OF(ASN1_OCTET_STRING) *oset = sk_ASN1_OCTET_STRING_new_null();
@@ -977,17 +990,17 @@ static SpcLink *get_page_hash_link(int phtype, char *indata, unsigned int pehead
STACK_OF(SpcAttributeTypeAndOptionalValue) *aset = sk_SpcAttributeTypeAndOptionalValue_new_null();
sk_SpcAttributeTypeAndOptionalValue_push(aset, aval);
- l = i2d_SpcAttributeTypeAndOptionalValue(aset, NULL, i2d_SpcAttributeTypeAndOptionalValue,
+ l = i2d_sk_SpcAttributeTypeAndOptionalValue(aset, NULL, i2d_sk_SpcAttributeTypeAndOptionalValue,
V_ASN1_SET, V_ASN1_UNIVERSAL, IS_SET);
tmp = p = OPENSSL_malloc(l);
- l = i2d_SpcAttributeTypeAndOptionalValue(aset, &tmp, i2d_SpcAttributeTypeAndOptionalValue,
+ l = i2d_sk_SpcAttributeTypeAndOptionalValue(aset, &tmp, i2d_sk_SpcAttributeTypeAndOptionalValue,
V_ASN1_SET, V_ASN1_UNIVERSAL, IS_SET);
sk_SpcAttributeTypeAndOptionalValue_free(aset);
SpcAttributeTypeAndOptionalValue_free(aval);
SpcSerializedObject *so = SpcSerializedObject_new();
- M_ASN1_OCTET_STRING_set(so->classId, classid_page_hash, sizeof(classid_page_hash));
- M_ASN1_OCTET_STRING_set(so->serializedData, p, l);
+ ASN1_OCTET_STRING_set(so->classId, classid_page_hash, sizeof(classid_page_hash));
+ ASN1_OCTET_STRING_set(so->serializedData, p, l);
OPENSSL_free(p);
SpcLink *link = SpcLink_new();
@@ -1046,7 +1059,7 @@ static void get_indirect_data_blob(u_char **blob, int *len, const EVP_MD *md, fi
ASN1_INTEGER_set(si->d, 0);
ASN1_INTEGER_set(si->e, 0);
ASN1_INTEGER_set(si->f, 0);
- M_ASN1_OCTET_STRING_set(si->string, msistr, sizeof(msistr));
+ ASN1_OCTET_STRING_set(si->string, msistr, sizeof(msistr));
l = i2d_SpcSipInfo(si, NULL);
p = OPENSSL_malloc(l);
i2d_SpcSipInfo(si, &p);
@@ -1068,7 +1081,7 @@ static void get_indirect_data_blob(u_char **blob, int *len, const EVP_MD *md, fi
hashlen = EVP_MD_size(md);
hash = OPENSSL_malloc(hashlen);
memset(hash, 0, hashlen);
- M_ASN1_OCTET_STRING_set(idc->messageDigest->digest, hash, hashlen);
+ ASN1_OCTET_STRING_set(idc->messageDigest->digest, hash, hashlen);
OPENSSL_free(hash);
*len = i2d_SpcIndirectDataContent(idc, NULL);
@@ -1923,19 +1936,18 @@ static void calc_pe_digest(BIO *bio, const EVP_MD *md, unsigned char *mdbuf,
unsigned int peheader, int pe32plus, unsigned int fileend)
{
static unsigned char bfb[16*1024*1024];
- EVP_MD_CTX mdctx;
+ EVP_MD_CTX *mdctx = EVP_MD_CTX_create();
- EVP_MD_CTX_init(&mdctx);
- EVP_DigestInit(&mdctx, md);
+ EVP_DigestInit(mdctx, md);
memset(mdbuf, 0, EVP_MAX_MD_SIZE);
(void)BIO_seek(bio, 0);
BIO_read(bio, bfb, peheader + 88);
- EVP_DigestUpdate(&mdctx, bfb, peheader + 88);
+ EVP_DigestUpdate(mdctx, bfb, peheader + 88);
BIO_read(bio, bfb, 4);
BIO_read(bio, bfb, 60+pe32plus*16);
- EVP_DigestUpdate(&mdctx, bfb, 60+pe32plus*16);
+ EVP_DigestUpdate(mdctx, bfb, 60+pe32plus*16);
BIO_read(bio, bfb, 8);
unsigned int n = peheader + 88 + 4 + 60+pe32plus*16 + 8;
@@ -1946,11 +1958,12 @@ static void calc_pe_digest(BIO *bio, const EVP_MD *md, unsigned char *mdbuf,
int l = BIO_read(bio, bfb, want);
if (l <= 0)
break;
- EVP_DigestUpdate(&mdctx, bfb, l);
+ EVP_DigestUpdate(mdctx, bfb, l);
n += l;
}
- EVP_DigestFinal(&mdctx, mdbuf, NULL);
+ EVP_DigestFinal(mdctx, mdbuf, NULL);
+ EVP_MD_CTX_destroy(mdctx);
}
@@ -2019,16 +2032,15 @@ static unsigned char *calc_page_hash(char *indata, unsigned int peheader, int pe
int phlen = pphlen * (3 + nsections + sigpos / pagesize);
unsigned char *res = malloc(phlen);
unsigned char *zeroes = calloc(pagesize, 1);
- EVP_MD_CTX mdctx;
-
- EVP_MD_CTX_init(&mdctx);
- EVP_DigestInit(&mdctx, md);
- EVP_DigestUpdate(&mdctx, indata, peheader + 88);
- EVP_DigestUpdate(&mdctx, indata + peheader + 92, 60 + pe32plus*16);
- EVP_DigestUpdate(&mdctx, indata + peheader + 160 + pe32plus*16, hdrsize - (peheader + 160 + pe32plus*16));
- EVP_DigestUpdate(&mdctx, zeroes, pagesize - hdrsize);
+ EVP_MD_CTX *mdctx = EVP_MD_CTX_create();
+
+ EVP_DigestInit(mdctx, md);
+ EVP_DigestUpdate(mdctx, indata, peheader + 88);
+ EVP_DigestUpdate(mdctx, indata + peheader + 92, 60 + pe32plus*16);
+ EVP_DigestUpdate(mdctx, indata + peheader + 160 + pe32plus*16, hdrsize - (peheader + 160 + pe32plus*16));
+ EVP_DigestUpdate(mdctx, zeroes, pagesize - hdrsize);
memset(res, 0, 4);
- EVP_DigestFinal(&mdctx, res + 4, NULL);
+ EVP_DigestFinal(mdctx, res + 4, NULL);
unsigned short sizeofopthdr = GET_UINT16_LE(indata + peheader + 20);
char *sections = indata + peheader + 24 + sizeofopthdr;
@@ -2040,18 +2052,20 @@ static unsigned char *calc_page_hash(char *indata, unsigned int peheader, int pe
unsigned int l;
for (l=0; l < rs; l+=pagesize, pi++) {
PUT_UINT32_LE(ro + l, res + pi*pphlen);
- EVP_DigestInit(&mdctx, md);
+ EVP_DigestInit(mdctx, md);
if (rs - l < pagesize) {
- EVP_DigestUpdate(&mdctx, indata + ro + l, rs - l);
- EVP_DigestUpdate(&mdctx, zeroes, pagesize - (rs - l));
+ EVP_DigestUpdate(mdctx, indata + ro + l, rs - l);
+ EVP_DigestUpdate(mdctx, zeroes, pagesize - (rs - l));
} else {
- EVP_DigestUpdate(&mdctx, indata + ro + l, pagesize);
+ EVP_DigestUpdate(mdctx, indata + ro + l, pagesize);
}
- EVP_DigestFinal(&mdctx, res + pi*pphlen + 4, NULL);
+ EVP_DigestFinal(mdctx, res + pi*pphlen + 4, NULL);
}
lastpos = ro + rs;
sections += 40;
}
+ EVP_MD_CTX_destroy(mdctx);
+
PUT_UINT32_LE(lastpos, res + pi*pphlen);
memset(res + pi*pphlen + 4, 0, EVP_MD_size(md));
pi++;
--
2.15.0
