Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix openssl3 deprecated functions #376

Merged
merged 18 commits into from
Mar 22, 2024
Merged

Fix openssl3 deprecated functions #376

Show file tree
Hide file tree
Changes from 15 commits
Commits
Show all changes
18 commits
Select commit Hold shift + click to select a range
3cd057f
bump openssl to 3.2.1 for conan build
lo-simon Feb 1, 2024
918e9dd
Merge branch 'master' into bump-openssl
lo-simon Feb 2, 2024
04b4fc9
Add support for opnessl 3.0.0 deprecated functions, SHA256_Init, SHA2…
lo-simon Feb 2, 2024
5a53a54
Merge branch 'master' into bump-openssl
lo-simon Feb 5, 2024
7b80c73
Merge branch 'master' into bump-openssl
lo-simon Feb 15, 2024
b82eefa
Merge remote-tracking branch 'origin/master' into bump-openssl
lo-simon Feb 19, 2024
4bc7d39
Merge branch 'master' into bump-openssl
lo-simon Feb 28, 2024
95a0e1c
Fix OpenSSL 3.0 deprecated functions
lo-simon Feb 28, 2024
de40ea0
Tweak to use updated jwk utils functions
lo-simon Feb 28, 2024
8307a1f
Optimum use of OpenSSL 3.0
lo-simon Mar 1, 2024
34a0e74
Fix OpenSSL 3.0 deprecated functions
lo-simon Mar 1, 2024
a2f0c64
Merge remote-tracking branch 'origin/master' into fix-openssl3-despre…
lo-simon Mar 1, 2024
69b4cee
Merge branch 'master' into fix-openssl3-desprecated-functions
lo-simon Mar 7, 2024
aa278cb
Rearrange to provide a better structure that makes it earlier to review
lo-simon Mar 7, 2024
ee29040
Move common feature to a function
lo-simon Mar 8, 2024
9811d68
Apply suggestions from code review
lo-simon Mar 15, 2024
abbbf6f
do auto cleanup to avoid the explicit EVP_PKEY_free call
lo-simon Mar 15, 2024
94ca599
Tidy up
lo-simon Mar 15, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
37 changes: 36 additions & 1 deletion Development/boost/asio/ssl/use_tmp_ecdh.hpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,11 @@
# define BOOST_ASIO_SYNC_OP_VOID_RETURN(e) return
#endif

#if OPENSSL_VERSION_NUMBER >= 0x30000000L
#include <openssl/core_names.h>
#include <openssl/evp.h>
#endif

namespace boost {
namespace asio {
namespace ssl {
Expand All @@ -40,16 +45,19 @@ struct evp_pkey_cleanup
~evp_pkey_cleanup() { if (p) ::EVP_PKEY_free(p); }
};

#if OPENSSL_VERSION_NUMBER < 0x30000000L
struct ec_key_cleanup
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@lo-simon I can't remember, was this cleanup-struct idiom adopted from the Boost.ASIO code?
It serves the same purpose as your usage of std::unique_ptr in nmos/jwk_utils.cpp, is that right?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yes, it is; see the following example extracted from asio\ssl\impl\contentext.ipp

struct context::bio_cleanup
{
  BIO* p;
  ~bio_cleanup() { if (p) ::BIO_free(p); }
};

struct context::x509_cleanup
{
  X509* p;
  ~x509_cleanup() { if (p) ::X509_free(p); }
};

struct context::evp_pkey_cleanup
{
  EVP_PKEY* p;
  ~evp_pkey_cleanup() { if (p) ::EVP_PKEY_free(p); }
};

#if (OPENSSL_VERSION_NUMBER < 0x30000000L)
struct context::rsa_cleanup
{
  RSA* p;
  ~rsa_cleanup() { if (p) ::RSA_free(p); }
};

struct context::dh_cleanup
{
  DH* p;
  ~dh_cleanup() { if (p) ::DH_free(p); }
};
#endif // (OPENSSL_VERSION_NUMBER < 0x30000000L)

{
EC_KEY *p;
~ec_key_cleanup() { if (p) ::EC_KEY_free(p); }
};
#endif

inline
BOOST_ASIO_SYNC_OP_VOID do_use_tmp_ecdh(boost::asio::ssl::context& ctx,
BIO* bio, boost::system::error_code& ec)
{
#if OPENSSL_VERSION_NUMBER < 0x30000000L
::ERR_clear_error();

int nid = NID_undef;
Expand All @@ -63,7 +71,7 @@ BOOST_ASIO_SYNC_OP_VOID do_use_tmp_ecdh(boost::asio::ssl::context& ctx,
ec_key_cleanup key = { ::EVP_PKEY_get1_EC_KEY(pkey.p) };
if (key.p)
{
const EC_GROUP *group = EC_KEY_get0_group(key.p);
const EC_GROUP* group = EC_KEY_get0_group(key.p);
nid = EC_GROUP_get_curve_name(group);
}
}
Expand All @@ -83,6 +91,33 @@ BOOST_ASIO_SYNC_OP_VOID do_use_tmp_ecdh(boost::asio::ssl::context& ctx,
static_cast<int>(::ERR_get_error()),
boost::asio::error::get_ssl_category());
BOOST_ASIO_SYNC_OP_VOID_RETURN(ec);
#else
::ERR_clear_error();

x509_cleanup x509 = { ::PEM_read_bio_X509(bio, NULL, 0, NULL) };
if (x509.p)
{
evp_pkey_cleanup pkey = { ::X509_get_pubkey(x509.p) };
if (pkey.p)
{
char curve_name[64];
size_t return_size{ 0 };
if (::EVP_PKEY_get_utf8_string_param(pkey.p, OSSL_PKEY_PARAM_GROUP_NAME, curve_name, sizeof(curve_name), &return_size))
{
if (::SSL_CTX_set1_groups_list(ctx.native_handle(), curve_name) == 1)
{
ec = boost::system::error_code();
BOOST_ASIO_SYNC_OP_VOID_RETURN(ec);
}
}
}
}

ec = boost::system::error_code(
static_cast<int>(::ERR_get_error()),
boost::asio::error::get_ssl_category());
BOOST_ASIO_SYNC_OP_VOID_RETURN(ec);
#endif
}

inline
Expand Down
19 changes: 17 additions & 2 deletions Development/nmos/authorization_operation.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -69,12 +69,23 @@ namespace nmos
// generate SHA256 with the given string
std::vector<uint8_t> sha256(const std::string& text)
{
#if OPENSSL_VERSION_NUMBER < 0x30000000L
uint8_t hash[SHA256_DIGEST_LENGTH];
SHA256_CTX ctx;
if (SHA256_Init(&ctx) && SHA256_Update(&ctx, text.c_str(), text.size()) && SHA256_Final(hash, &ctx))
{
return{ hash, hash + SHA256_DIGEST_LENGTH };
}
#else
typedef std::unique_ptr<EVP_MD_CTX, decltype(&EVP_MD_CTX_free)> EVP_MD_CTX_ptr;
uint8_t hash[EVP_MAX_MD_SIZE];
uint32_t md_len{ 0 };
EVP_MD_CTX_ptr mdctx(EVP_MD_CTX_new(), &EVP_MD_CTX_free);
if (EVP_DigestInit_ex(mdctx.get(), EVP_sha256(), NULL) && EVP_DigestUpdate(mdctx.get(), text.c_str(), text.size()) && EVP_DigestFinal_ex(mdctx.get(), hash, &md_len))
{
return{ hash, hash + md_len };
}
#endif
return{};
}

Expand Down Expand Up @@ -998,6 +1009,10 @@ namespace nmos
{
slog::log<slog::severities::error>(gate, SLOG_FLF) << "Authorization API Bearer token request OAuth 2.0 error: " << e.what();
}
catch (const nmos::experimental::jwk_exception& e)
{
slog::log<slog::severities::error>(gate, SLOG_FLF) << "Authorization API Bearer token request JWK error: " << e.what();
}
catch (const std::exception& e)
{
slog::log<slog::severities::error>(gate, SLOG_FLF) << "Authorization API Bearer token request error: " << e.what();
Expand Down Expand Up @@ -1058,7 +1073,7 @@ namespace nmos
{
try
{
const auto pem = jwk_to_public_key(jwk); // can throw jwk_exception
const auto pem = jwk_to_rsa_public_key(jwk); // can throw jwk_exception

web::json::push_back(pems, web::json::value_of({
{ U("jwk"), jwk },
Expand Down Expand Up @@ -1895,7 +1910,7 @@ namespace nmos
{
try
{
const auto& pem = jwk_to_public_key(jwk); // can throw jwk_exception
const auto& pem = jwk_to_rsa_public_key(jwk); // can throw jwk_exception

web::json::push_back(pems, web::json::value_of({
{ U("jwk"), jwk },
Expand Down
Loading
Loading