entrouvert
/
lasso
16
0
Fork 0
Code Issues Pull Requests Releases Activity

Compatibility with EVP API of openssl 1.x (#74996) 

Thanks to Maxime Besson from Worteks.
This commit is contained in:
Benjamin Dauvergne 2023-03-04 14:06:40 +01:00
parent 614cf17d99
commit 7ac76525be
1 changed files with 18 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
lasso/xml/tools.c
View File

@ -619,13 +619,17 @@ lasso_query_sign(char *query, LassoSignatureContext context)
message(G_LOG_LEVEL_CRITICAL, "EVP_DigestSignInit failed");
goto done;
}
if (EVP_DigestSign(evp_md_ctx, NULL, &siglen, (unsigned char*)new_query, strlen(new_query)) <= 0) {
message(G_LOG_LEVEL_CRITICAL, "EVP_DigestSign failed");
if (EVP_DigestSignUpdate( evp_md_ctx, new_query, strlen(new_query)) <= 0) {
message(G_LOG_LEVEL_CRITICAL, "EVP_DigestSignUpdate failed");
goto done;
}
if (EVP_DigestSignFinal(evp_md_ctx, NULL, &siglen) <= 0) {
message(G_LOG_LEVEL_CRITICAL, "EVP_DigestSignFinal failed");
goto done;
}
sigret = g_malloc(siglen);
if (EVP_DigestSign(evp_md_ctx, sigret, &siglen, (unsigned char*)new_query, strlen(new_query)) <= 0) {
message(G_LOG_LEVEL_CRITICAL, "EVP_DigestSign failed");
if (EVP_DigestSignFinal(evp_md_ctx, sigret, &siglen) <= 0) {
message(G_LOG_LEVEL_CRITICAL, "EVP_DigestSignFinal failed");
goto done;
}
status = 1;
@ -671,7 +675,7 @@ done:
lasso_release_xml_string(b64_sigret);
lasso_release_xml_string(e_b64_sigret);
if (evp_md_ctx) {
EVP_MD_CTX_free(evp_md_ctx);
EVP_MD_CTX_destroy(evp_md_ctx);
evp_md_ctx = NULL;
}
if (hmac_pkey) {
@ -845,16 +849,20 @@ lasso_query_verify_helper(const char *signed_content, const char *b64_signature,
message(G_LOG_LEVEL_CRITICAL, "EVP_DigestSignInit failed");
goto_cleanup_with_rc(LASSO_DS_ERROR_INVALID_SIGNATURE);
}
if (EVP_DigestSign(evp_md_ctx, NULL, &new_signature_len, (unsigned char*)signed_content, strlen(signed_content)) != 1) {
message(G_LOG_LEVEL_CRITICAL, "EVP_DigestSign failed");
if (EVP_DigestSignUpdate(evp_md_ctx, signed_content, strlen(signed_content)) != 1) {
message(G_LOG_LEVEL_CRITICAL, "EVP_DigestSignUpdate failed");
goto_cleanup_with_rc(LASSO_DS_ERROR_INVALID_SIGNATURE);
}
if (EVP_DigestSignFinal(evp_md_ctx, NULL, &new_signature_len) != 1) {
message(G_LOG_LEVEL_CRITICAL, "EVP_DigestSignFinal failed");
goto_cleanup_with_rc(LASSO_DS_ERROR_INVALID_SIGNATURE);
}
if (new_signature_len != signature_len) {
goto_cleanup_with_rc(LASSO_DS_ERROR_INVALID_SIGNATURE);
}
new_signature = g_malloc(new_signature_len);
if (EVP_DigestSign(evp_md_ctx, new_signature, &new_signature_len, (unsigned char*)signed_content, strlen(signed_content)) != 1) {
message(G_LOG_LEVEL_CRITICAL, "EVP_DigestSign failed");
if (EVP_DigestSignFinal(evp_md_ctx, new_signature, &new_signature_len) != 1) {
message(G_LOG_LEVEL_CRITICAL, "EVP_DigestSignFinal failed");
goto_cleanup_with_rc(LASSO_DS_ERROR_INVALID_SIGNATURE);
}
if (CRYPTO_memcmp(signature, new_signature, signature_len) != 0) {
@ -870,7 +878,7 @@ cleanup:
lasso_release_string(digest);
lasso_release_string(new_signature);
if (evp_md_ctx) {
EVP_MD_CTX_free(evp_md_ctx);
EVP_MD_CTX_destroy(evp_md_ctx);
evp_md_ctx = NULL;
}
if (hmac_pkey) {