From f9f75097a286e69e38929a4a02172645e7f77a8f Mon Sep 17 00:00:00 2001 From: Vsevolod Stakhov Date: Mon, 23 Sep 2024 19:15:44 +0100 Subject: [Fix] Get rid of EVP_PKEY_CTX_set1_rsa_keygen_pubexp OpenSSL uses 65537 by default, no need in explicit set. --- src/lua/lua_cryptobox.c | 14 -------------- src/lua/lua_rsa.c | 7 ------- 2 files changed, 21 deletions(-) diff --git a/src/lua/lua_cryptobox.c b/src/lua/lua_cryptobox.c index 3fa7d7d4f..96a8db074 100644 --- a/src/lua/lua_cryptobox.c +++ b/src/lua/lua_cryptobox.c @@ -2531,31 +2531,20 @@ lua_cryptobox_gen_dkim_keypair(lua_State *L) } if (strcmp(alg_str, "rsa") == 0) { - BIGNUM *e; EVP_PKEY *pk; - e = BN_new(); pk = EVP_PKEY_new(); - if (BN_set_word(e, RSA_F4) != 1) { - BN_free(e); - EVP_PKEY_free(pk); - - return luaL_error(L, "BN_set_word failed"); - } EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL); if (EVP_PKEY_keygen_init(pctx) != 1) { - BN_free(e); EVP_PKEY_free(pk); EVP_PKEY_CTX_free(pctx); return luaL_error(L, "EVP_PKEY_keygen_init failed"); } EVP_PKEY_CTX_set_rsa_keygen_bits(pctx, nbits); - EVP_PKEY_CTX_set1_rsa_keygen_pubexp(pctx, e); if (EVP_PKEY_keygen(pctx, &pk) != 1) { - BN_free(e); EVP_PKEY_free(pk); EVP_PKEY_CTX_free(pctx); @@ -2575,7 +2564,6 @@ lua_cryptobox_gen_dkim_keypair(lua_State *L) if (rc == 0) { BIO_free(mbio); - BN_free(e); EVP_PKEY_free(pk); return luaL_error(L, "i2d_RSAPrivateKey_bio failed"); @@ -2597,7 +2585,6 @@ lua_cryptobox_gen_dkim_keypair(lua_State *L) if (rc == 0) { BIO_free(mbio); - BN_free(e); EVP_PKEY_free(pk); return luaL_error(L, "i2d_RSA_PUBKEY_bio failed"); @@ -2613,7 +2600,6 @@ lua_cryptobox_gen_dkim_keypair(lua_State *L) pub_out->len = b64_len; pub_out->flags = RSPAMD_TEXT_FLAG_OWN; - BN_free(e); EVP_PKEY_free(pk); BIO_free(mbio); } diff --git a/src/lua/lua_rsa.c b/src/lua/lua_rsa.c index b7be612b0..78534c682 100644 --- a/src/lua/lua_rsa.c +++ b/src/lua/lua_rsa.c @@ -791,7 +791,6 @@ lua_rsa_sign_memory(lua_State *L) static int lua_rsa_keypair(lua_State *L) { - BIGNUM *e; EVP_PKEY *pkey = NULL, *pub_pkey, *priv_pkey, **ppkey; int bits = lua_gettop(L) > 0 ? lua_tointeger(L, 1) : 1024; @@ -799,16 +798,11 @@ lua_rsa_keypair(lua_State *L) return luaL_error(L, "invalid bits count"); } - e = BN_new(); - - g_assert(BN_set_word(e, RSA_F4) == 1); EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL); g_assert(pctx != NULL); g_assert(EVP_PKEY_keygen_init(pctx) == 1); g_assert(EVP_PKEY_CTX_set_rsa_keygen_bits(pctx, bits) == 1); - g_assert(EVP_PKEY_CTX_set1_rsa_keygen_pubexp(pctx, e) == 1); - g_assert(EVP_PKEY_keygen(pctx, &pkey) == 1); g_assert(pkey != NULL); @@ -824,7 +818,6 @@ lua_rsa_keypair(lua_State *L) EVP_PKEY_free(pkey); EVP_PKEY_CTX_free(pctx); - BN_free(e); return 2; } -- cgit v1.2.3 From ce5734e30235c3bac45a700ca7a245e4439a2efd Mon Sep 17 00:00:00 2001 From: Vsevolod Stakhov Date: Tue, 24 Sep 2024 09:23:37 +0100 Subject: [Minor] Another compatibility fix --- src/lua/lua_rsa.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/src/lua/lua_rsa.c b/src/lua/lua_rsa.c index 78534c682..d797e3c19 100644 --- a/src/lua/lua_rsa.c +++ b/src/lua/lua_rsa.c @@ -261,6 +261,7 @@ lua_rsa_pubkey_gc(lua_State *L) EVP_PKEY *pkey = lua_check_rsa_pubkey(L, 1); if (pkey != NULL) { + /* It's actually EVP_PKEY_unref, thanks for that API */ EVP_PKEY_free(pkey); } @@ -522,6 +523,7 @@ lua_rsa_privkey_gc(lua_State *L) EVP_PKEY *pkey = lua_check_rsa_privkey(L, 1); if (pkey != NULL) { + /* It's actually EVP_PKEY_unref, thanks for that API */ EVP_PKEY_free(pkey); } @@ -806,12 +808,17 @@ lua_rsa_keypair(lua_State *L) g_assert(EVP_PKEY_keygen(pctx, &pkey) == 1); g_assert(pkey != NULL); - priv_pkey = EVP_PKEY_dup(pkey); + /* Increase refcount and share */ + g_assert(EVP_PKEY_up_ref(pkey) == 1); + priv_pkey = pkey; + ppkey = lua_newuserdata(L, sizeof(EVP_PKEY *)); rspamd_lua_setclass(L, rspamd_rsa_privkey_classname, -1); *ppkey = priv_pkey; - pub_pkey = EVP_PKEY_dup(pkey); + /* Increase refcount and share */ + g_assert(EVP_PKEY_up_ref(pkey) == 1); + pub_pkey = pkey; ppkey = lua_newuserdata(L, sizeof(EVP_PKEY *)); rspamd_lua_setclass(L, rspamd_rsa_pubkey_classname, -1); *ppkey = pub_pkey; -- cgit v1.2.3 From 635f02770eec0a11440f77650834fead025dd684 Mon Sep 17 00:00:00 2001 From: Vsevolod Stakhov Date: Tue, 24 Sep 2024 09:25:16 +0100 Subject: [Minor] Use portable macro for old OpenSSL --- src/lua/lua_rsa.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/lua/lua_rsa.c b/src/lua/lua_rsa.c index d797e3c19..4b9aa0354 100644 --- a/src/lua/lua_rsa.c +++ b/src/lua/lua_rsa.c @@ -760,7 +760,7 @@ lua_rsa_sign_memory(lua_State *L) data = luaL_checklstring(L, 2, &sz); if (pkey != NULL && data != NULL) { - signature = rspamd_fstring_sized_new(EVP_PKEY_get_size(pkey)); + signature = rspamd_fstring_sized_new(EVP_PKEY_size(pkey)); EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new(pkey, NULL); g_assert(pctx != NULL); -- cgit v1.2.3 From 004c3475ac14bd84580ea114824dfedafea20a5e Mon Sep 17 00:00:00 2001 From: Vsevolod Stakhov Date: Tue, 24 Sep 2024 09:30:22 +0100 Subject: [Minor] Another compatibility fix --- src/lua/lua_cryptobox.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/lua/lua_cryptobox.c b/src/lua/lua_cryptobox.c index 96a8db074..9600a4732 100644 --- a/src/lua/lua_cryptobox.c +++ b/src/lua/lua_cryptobox.c @@ -1438,7 +1438,11 @@ lua_cryptobox_hash_reset(lua_State *L) rspamd_cryptobox_hash_init(h->content.h, NULL, 0); break; case LUA_CRYPTOBOX_HASH_SSL: +#if OPENSSL_VERSION_MAJOR >= 3 EVP_DigestInit(h->content.c, EVP_MD_CTX_get0_md(h->content.c)); +#else + EVP_DigestInit(h->content.c, EVP_MD_CTX_md(h->content.c)); +#endif break; case LUA_CRYPTOBOX_HASH_HMAC: #if OPENSSL_VERSION_NUMBER < 0x10100000L || \ -- cgit v1.2.3 From 41935e3568c2ab73ea71b6bb7abfaa15775b4016 Mon Sep 17 00:00:00 2001 From: Vsevolod Stakhov Date: Tue, 24 Sep 2024 09:38:59 +0100 Subject: [CI] Maybe enable devtoolset if possible --- .github/workflows/ci_rspamd_build.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/ci_rspamd_build.yml b/.github/workflows/ci_rspamd_build.yml index aa12c9c6e..04180a65d 100644 --- a/.github/workflows/ci_rspamd_build.yml +++ b/.github/workflows/ci_rspamd_build.yml @@ -34,10 +34,12 @@ jobs: run: | mkdir ${GITHUB_WORKSPACE}/build cd ${GITHUB_WORKSPACE}/build + source /opt/rh/gcc-toolset-10/enable || true cmake -DCMAKE_INSTALL_PREFIX=${GITHUB_WORKSPACE}/install -DCMAKE_RULE_MESSAGES=OFF -DCMAKE_VERBOSE_MAKEFILE=ON -DENABLE_COVERAGE=ON -DENABLE_LIBUNWIND=ON -DENABLE_LUAJIT=ON -DLUA_ROOT=/luajit-build -DENABLE_HYPERSCAN=ON ${{ env.HYPERSCAN_ALTROOT }} ${GITHUB_WORKSPACE}/src - name: Build rspamd run: | + source /opt/rh/gcc-toolset-10/enable || true cd ${GITHUB_WORKSPACE}/build ncpu=$(getconf _NPROCESSORS_ONLN) make -j $ncpu install -- cgit v1.2.3 From eec5f264e6d98a76e6197abdb28c09e3134405c1 Mon Sep 17 00:00:00 2001 From: Vsevolod Stakhov Date: Tue, 24 Sep 2024 09:44:32 +0100 Subject: [CI] Learning what ci can --- .github/workflows/ci_rspamd_build.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci_rspamd_build.yml b/.github/workflows/ci_rspamd_build.yml index 04180a65d..9503f1974 100644 --- a/.github/workflows/ci_rspamd_build.yml +++ b/.github/workflows/ci_rspamd_build.yml @@ -34,12 +34,12 @@ jobs: run: | mkdir ${GITHUB_WORKSPACE}/build cd ${GITHUB_WORKSPACE}/build - source /opt/rh/gcc-toolset-10/enable || true + if [[ -f /opt/rh/gcc-toolset-10/enable ]] ; then source /opt/rh/gcc-toolset-10/enable ; fi cmake -DCMAKE_INSTALL_PREFIX=${GITHUB_WORKSPACE}/install -DCMAKE_RULE_MESSAGES=OFF -DCMAKE_VERBOSE_MAKEFILE=ON -DENABLE_COVERAGE=ON -DENABLE_LIBUNWIND=ON -DENABLE_LUAJIT=ON -DLUA_ROOT=/luajit-build -DENABLE_HYPERSCAN=ON ${{ env.HYPERSCAN_ALTROOT }} ${GITHUB_WORKSPACE}/src - name: Build rspamd run: | - source /opt/rh/gcc-toolset-10/enable || true + if [[ -f /opt/rh/gcc-toolset-10/enable ]] ; then source /opt/rh/gcc-toolset-10/enable ; fi cd ${GITHUB_WORKSPACE}/build ncpu=$(getconf _NPROCESSORS_ONLN) make -j $ncpu install -- cgit v1.2.3