mirror of
https://gitlab.kit.edu/kit/scc/sys/mail/exim-encrypt-dlfunc.git
synced 2025-12-06 09:43:55 +01:00
Handle exim local_scan API version changes
This commit is contained in:
Heiko Reese
@ -9,6 +9,16 @@
|
||||
/* Exim4 dlfunc API header */
|
||||
#include <local_scan.h>
|
||||
|
||||
#if LOCAL_SCAN_ABI_VERSION_MAJOR < 3
|
||||
#define LOCAL_SCAN
|
||||
#define store_get_untainted(size) store_get(size)
|
||||
#define store_get_tainted(size) store_get(size)
|
||||
#else
|
||||
#define DLFUNC_IMPL
|
||||
#define store_get_untainted(size) store_get(size, FALSE)
|
||||
#define store_get_tainted(size) store_get(size, TRUE)
|
||||
#endif
|
||||
|
||||
/*
|
||||
* Encrypt message using crypto_secretbox_easy().
|
||||
*
|
||||
@ -48,7 +58,7 @@ int sodium_crypto_secretbox_encrypt_password(uschar **yield, int argc, uschar *a
|
||||
|
||||
// prepare buffer for ciphertext
|
||||
unsigned int cipherlen = messagelen + crypto_secretbox_MACBYTES;
|
||||
unsigned char *ciphertext = (unsigned char *) store_get(cipherlen);
|
||||
unsigned char *ciphertext = (unsigned char *) store_get_untainted(cipherlen);
|
||||
sodium_memzero(ciphertext, cipherlen);
|
||||
|
||||
// encrypt message
|
||||
@ -61,14 +71,14 @@ int sodium_crypto_secretbox_encrypt_password(uschar **yield, int argc, uschar *a
|
||||
|
||||
// combine nonce and ciphertext
|
||||
size_t combined_message_len = crypto_secretbox_NONCEBYTES + cipherlen;
|
||||
unsigned char *combined_message = store_get(combined_message_len);
|
||||
unsigned char *combined_message = store_get_untainted(combined_message_len);
|
||||
memcpy(combined_message, nonce, crypto_secretbox_NONCEBYTES);
|
||||
memcpy(&combined_message[crypto_secretbox_NONCEBYTES], ciphertext, cipherlen);
|
||||
|
||||
// base64-encode the ciphertext
|
||||
unsigned int outputsize = sodium_base64_ENCODED_LEN(combined_message_len,
|
||||
sodium_base64_VARIANT_ORIGINAL);
|
||||
unsigned char *outstring = (unsigned char *) store_get(outputsize);
|
||||
unsigned char *outstring = (unsigned char *) store_get_untainted(outputsize);
|
||||
//sodium_memzero(outstring, outputsize);
|
||||
sodium_bin2base64((char *const) outstring, outputsize,
|
||||
combined_message, combined_message_len,
|
||||
@ -115,7 +125,7 @@ int sodium_crypto_secretbox_decrypt_password(uschar **yield, int argc, uschar *a
|
||||
// base64-decode the ciphertext
|
||||
size_t combined_message_buf_len = ciphertextb64_len / 4 * 3;
|
||||
size_t combined_message_len;
|
||||
unsigned char *combined_message = (unsigned char *) store_get(combined_message_buf_len);
|
||||
unsigned char *combined_message = (unsigned char *) store_get_untainted(combined_message_buf_len);
|
||||
sodium_memzero(combined_message, combined_message_buf_len);
|
||||
int b64err = sodium_base642bin(combined_message, combined_message_buf_len,
|
||||
(const char *) ciphertextb64, ciphertextb64_len,
|
||||
@ -132,7 +142,7 @@ int sodium_crypto_secretbox_decrypt_password(uschar **yield, int argc, uschar *a
|
||||
|
||||
// prepare buffer for cleartext
|
||||
unsigned int cleartextlen = combined_message_len - crypto_secretbox_NONCEBYTES - crypto_secretbox_MACBYTES;
|
||||
unsigned char *cleartext = (unsigned char *) store_get(cleartextlen + 1);
|
||||
unsigned char *cleartext = (unsigned char *) store_get_untainted(cleartextlen + 1);
|
||||
sodium_memzero(cleartext, cleartextlen + 1);
|
||||
|
||||
// decrypt message
|
||||
@ -173,7 +183,7 @@ int sodium_crypto_box_seal(uschar **yield, int argc, uschar *argv[]) {
|
||||
size_t pkb64_len = strlen((const char *) pkb64);
|
||||
// reserve space for conversion
|
||||
unsigned int pk_buffer_len = crypto_box_PUBLICKEYBYTES; // pkb64_len / 4 * 3 + 1;
|
||||
unsigned char *pk = (unsigned char *) store_get(pk_buffer_len);
|
||||
unsigned char *pk = (unsigned char *) store_get_untainted(pk_buffer_len);
|
||||
sodium_memzero(pk, pk_buffer_len);
|
||||
// convert encoded key to raw form
|
||||
int b64err = sodium_base642bin(pk, pk_buffer_len,
|
||||
@ -190,7 +200,7 @@ int sodium_crypto_box_seal(uschar **yield, int argc, uschar *argv[]) {
|
||||
|
||||
// prepare buffer for ciphertext
|
||||
unsigned int cipherlen = messagelen + crypto_box_SEALBYTES;
|
||||
unsigned char *ciphertext = store_get(cipherlen);
|
||||
unsigned char *ciphertext = store_get_untainted(cipherlen);
|
||||
sodium_memzero(ciphertext, cipherlen);
|
||||
|
||||
// encrypt message
|
||||
@ -202,7 +212,7 @@ int sodium_crypto_box_seal(uschar **yield, int argc, uschar *argv[]) {
|
||||
// base64-encode the ciphertext
|
||||
unsigned int outputsize = sodium_base64_ENCODED_LEN(cipherlen,
|
||||
sodium_base64_VARIANT_ORIGINAL);
|
||||
unsigned char *outstring = store_get(outputsize);
|
||||
unsigned char *outstring = store_get_untainted(outputsize);
|
||||
sodium_bin2base64((char *const) outstring, outputsize,
|
||||
ciphertext, cipherlen,
|
||||
sodium_base64_VARIANT_ORIGINAL);
|
||||
@ -236,7 +246,7 @@ int sodium_crypto_box_seal_open(uschar **yield, int argc, uschar *argv[]) {
|
||||
size_t skb64_len = strlen((const char *) skb64);
|
||||
// reserve space for conversion
|
||||
unsigned int sk_buffer_len = crypto_box_SECRETKEYBYTES;// skb64_len / 4 * 3;
|
||||
unsigned char *sk = (unsigned char *) store_get(sk_buffer_len);
|
||||
unsigned char *sk = (unsigned char *) store_get_untainted(sk_buffer_len);
|
||||
sodium_memzero(sk, sk_buffer_len);
|
||||
// convert encoded key to raw form
|
||||
int b64err = sodium_base642bin(sk, sk_buffer_len,
|
||||
@ -252,7 +262,7 @@ int sodium_crypto_box_seal_open(uschar **yield, int argc, uschar *argv[]) {
|
||||
size_t pkb64_len = strlen((const char *) pkb64);
|
||||
// reserve space for conversion
|
||||
unsigned int pk_buffer_len = crypto_box_PUBLICKEYBYTES; // pkb64_len / 4 * 3;
|
||||
unsigned char *pk = (unsigned char *) store_get(pk_buffer_len);
|
||||
unsigned char *pk = (unsigned char *) store_get_untainted(pk_buffer_len);
|
||||
sodium_memzero(pk, pk_buffer_len);
|
||||
// convert encoded key to raw form
|
||||
b64err = sodium_base642bin(pk, pk_buffer_len,
|
||||
@ -269,7 +279,7 @@ int sodium_crypto_box_seal_open(uschar **yield, int argc, uschar *argv[]) {
|
||||
|
||||
// base64-decode the ciphertext
|
||||
unsigned int ciphertextbuflen = ciphertextb64_len / 4 * 3;
|
||||
unsigned char *ciphertext = (unsigned char *) store_get(ciphertextbuflen);
|
||||
unsigned char *ciphertext = (unsigned char *) store_get_untainted(ciphertextbuflen);
|
||||
size_t ciphertextlen;
|
||||
sodium_memzero(ciphertext, ciphertextbuflen);
|
||||
b64err = sodium_base642bin(ciphertext, ciphertextbuflen,
|
||||
@ -283,7 +293,7 @@ int sodium_crypto_box_seal_open(uschar **yield, int argc, uschar *argv[]) {
|
||||
|
||||
// prepare buffer for cleartext
|
||||
unsigned int cleartextlen = ciphertextlen - crypto_box_SEALBYTES;
|
||||
unsigned char *cleartext = (unsigned char *) store_get(cleartextlen + 1);
|
||||
unsigned char *cleartext = (unsigned char *) store_get_untainted(cleartextlen + 1);
|
||||
sodium_memzero(cleartext, cleartextlen + 1);
|
||||
|
||||
// decrypt message
|
||||
|
||||
Reference in New Issue
Block a user