/* accumulate data (gnutls-only). String to be appended must be nul-terminated. */
-blob *
-exim_dkim_data_append(blob * b, int * alloc, uschar * s)
+gstring *
+exim_dkim_data_append(gstring * g, uschar * s)
{
-int len = b->len;
-b->data = string_append(b->data, alloc, &len, 1, s);
-b->len = len;
-return b;
+return string_cat(g, s);
}
/* Accumulate data (gnutls-only).
String to be appended must be nul-terminated. */
-blob *
-exim_dkim_data_append(blob * b, int * alloc, uschar * s)
+gstring *
+exim_dkim_data_append(gstring * g, uschar * s)
{
-return b; /*dummy*/
+return g; /*dummy*/
}
)
return s1;
+#ifdef extreme_debug
DEBUG(D_acl) debug_printf_indent("rsa_signing_init:\n");
{
uschar * s;
gcry_mpi_aprint (GCRYMPI_FMT_HEX, &s, NULL, sign_ctx->qp);
debug_printf_indent(" QP: %s\n", s);
}
+#endif
return NULL;
asn_err: return US asn1_strerror(rc);
const uschar *
exim_dkim_sign(es_ctx * sign_ctx, hashmethod hash, blob * data, blob * sig)
{
-BOOL is_sha1;
+char * sexp_hash;
gcry_sexp_t s_hash = NULL, s_key = NULL, s_sig = NULL;
gcry_mpi_t m_sig;
uschar * errstr;
switch (hash)
{
- case HASH_SHA1: is_sha1 = TRUE; break;
- case HASH_SHA2_256: is_sha1 = FALSE; break;
+ case HASH_SHA1: sexp_hash = "(data(flags pkcs1)(hash sha1 %b))"; break;
+ case HASH_SHA2_256: sexp_hash = "(data(flags pkcs1)(hash sha256 %b))"; break;
default: return US"nonhandled hash type";
}
sign_ctx->n, sign_ctx->e,
sign_ctx->d, sign_ctx->p,
sign_ctx->q, sign_ctx->qp))
- || (gerr = gcry_sexp_build (&s_hash, NULL,
- is_sha1
- ? "(data(flags pkcs1)(hash sha1 %b))"
- : "(data(flags pkcs1)(hash sha256 %b))",
+ || (gerr = gcry_sexp_build (&s_hash, NULL, sexp_hash,
(int) data->len, CS data->data))
|| (gerr = gcry_pk_sign (&s_sig, s_hash, s_key))
)
m_sig = gcry_sexp_nth_mpi(s_sig, 1, GCRYMPI_FMT_USG);
+#ifdef extreme_debug
DEBUG(D_acl)
{
uschar * s;
gcry_mpi_aprint (GCRYMPI_FMT_HEX, &s, NULL, m_sig);
debug_printf_indent(" SG: %s\n", s);
}
+#endif
gerr = gcry_mpi_print(GCRYMPI_FMT_USG, sig->data, SIGSPACE, &sig->len, m_sig);
if (gerr)
)
return errstr;
+#ifdef extreme_debug
DEBUG(D_acl) debug_printf_indent("rsa_verify_init:\n");
{
uschar * s;
debug_printf_indent(" E : %s\n", s);
}
+#endif
return NULL;
asn_err:
/*
cf. libgnutls 2.8.5 _wrap_gcry_pk_verify()
*/
+char * sexp_hash;
gcry_mpi_t m_sig;
gcry_sexp_t s_sig = NULL, s_hash = NULL, s_pkey = NULL;
gcry_error_t gerr;
uschar * stage;
+/*XXX needs extension for SHA512 */
switch (hash)
{
- case HASH_SHA1: is_sha1 = TRUE; break;
- case HASH_SHA2_256: is_sha1 = FALSE; break;
- default: return US"nonhandled hash type";
+ case HASH_SHA1: sexp_hash = "(data(flags pkcs1)(hash sha1 %b))"; break;
+ case HASH_SHA2_256: sexp_hash = "(data(flags pkcs1)(hash sha256 %b))"; break;
+ default: return US"nonhandled hash type";
}
if ( (stage = US"pkey sexp build",
gerr = gcry_sexp_build (&s_pkey, NULL, "(public-key(rsa(n%m)(e%m)))",
verify_ctx->n, verify_ctx->e))
|| (stage = US"data sexp build",
- gerr = gcry_sexp_build (&s_hash, NULL,
-/*XXX needs extension for SHA512 */
- is_sha1
- ? "(data(flags pkcs1)(hash sha1 %b))"
- : "(data(flags pkcs1)(hash sha256 %b))",
+ gerr = gcry_sexp_build (&s_hash, NULL, sexp_hash,
(int) data_hash->len, CS data_hash->data))
|| (stage = US"sig mpi scan",
gerr = gcry_mpi_scan(&m_sig, GCRYMPI_FMT_USG, sig->data, sig->len, NULL))
void
exim_dkim_init(void)
{
+ERR_load_crypto_strings();
}
/* accumulate data (gnutls-only) */
-blob *
-exim_dkim_data_append(blob * b, int * alloc, uschar * s)
+gstring *
+exim_dkim_data_append(gstring * g, uschar * s)
{
-return b; /*dummy*/
+return g; /*dummy*/
}
BIO * bp = BIO_new_mem_buf(privkey_pem, -1);
if (!(sign_ctx->key = PEM_read_bio_PrivateKey(bp, NULL, NULL, NULL)))
- return ERR_error_string(ERR_get_error(), NULL);
+ return US ERR_error_string(ERR_get_error(), NULL);
return NULL;
}
OR
sign hash.
-Return: NULL for success, or an error string */
+Return: NULL for success with the signaature in the sig blob, or an error string */
const uschar *
exim_dkim_sign(es_ctx * sign_ctx, hashmethod hash, blob * data, blob * sig)
{
/* Allocate mem for signature */
sig->data = store_get(siglen);
- sig->len = siglen;
if (EVP_PKEY_sign(ctx, sig->data, &siglen, data->data, data->len) > 0)
- { EVP_PKEY_CTX_free(ctx); return NULL; }
+ {
+ EVP_PKEY_CTX_free(ctx);
+ sig->len = siglen;
+ return NULL;
+ }
}
if (ctx) EVP_PKEY_CTX_free(ctx);
-return ERR_error_string(ERR_get_error(), NULL);
+return US ERR_error_string(ERR_get_error(), NULL);
}
if ((verify_ctx->key = d2i_PUBKEY(NULL, &s, pubkey_der->len)))
return NULL;
-return ERR_error_string(ERR_get_error(), NULL);
+return US ERR_error_string(ERR_get_error(), NULL);
}
{ EVP_PKEY_CTX_free(ctx); return NULL; }
if (ctx) EVP_PKEY_CTX_free(ctx);
-return ERR_error_string(ERR_get_error(), NULL);
+return US ERR_error_string(ERR_get_error(), NULL);
}
git://git.exim.org / exim.git / blobdiff