Updated some crypto headers and return values and removed openssl war…

…nings when compiling Signed-off-by: AssemblyJohn <[email protected]>
EVerest · May 1, 2024 · 602c14b · 602c14b
1 parent d0ada7f
commit 602c14b
Show file tree

Hide file tree

Showing 5 changed files with 33 additions and 25 deletions.
diff --git a/include/evse_security/crypto/interface/crypto_supplier.hpp b/include/evse_security/crypto/interface/crypto_supplier.hpp
@@ -43,7 +43,7 @@ class AbstractCryptoSupplier {
     /// (not yet valid)
     /// @param out_valid_to Valid amount of seconds. A negative value is in the past (expired), a positive one is in the
     /// future
-    static void x509_get_validity(X509Handle* handle, std::int64_t& out_valid_in, std::int64_t& out_valid_to);
+    static bool x509_get_validity(X509Handle* handle, std::int64_t& out_valid_in, std::int64_t& out_valid_to);
 
     static bool x509_is_selfsigned(X509Handle* handle);
     static bool x509_is_child(X509Handle* child, X509Handle* parent);

diff --git a/include/evse_security/crypto/openssl/openssl_supplier.hpp b/include/evse_security/crypto/openssl/openssl_supplier.hpp
@@ -26,7 +26,7 @@ class OpenSSLSupplier : public AbstractCryptoSupplier {
     static std::string x509_get_serial_number(X509Handle* handle);
     static std::string x509_get_issuer_name_hash(X509Handle* handle);
     static std::string x509_get_common_name(X509Handle* handle);
-    static void x509_get_validity(X509Handle* handle, std::int64_t& out_valid_in, std::int64_t& out_valid_to);
+    static bool x509_get_validity(X509Handle* handle, std::int64_t& out_valid_in, std::int64_t& out_valid_to);
     static bool x509_is_selfsigned(X509Handle* handle);
     static bool x509_is_child(X509Handle* child, X509Handle* parent);
     static bool x509_is_equal(X509Handle* a, X509Handle* b);

diff --git a/include/evse_security/detail/openssl/openssl_types.hpp b/include/evse_security/detail/openssl/openssl_types.hpp
@@ -5,6 +5,8 @@
 #include <memory>
 #include <openssl/x509v3.h>
 
+#define EVSE_OPENSSL_VER_3 (OPENSSL_VERSION_NUMBER >= 0x30000000L)
+
 template <> class std::default_delete<X509> {
 public:
     void operator()(X509* ptr) const {
@@ -47,20 +49,6 @@ template <> class std::default_delete<EVP_PKEY_CTX> {
     }
 };
 
-template <> class std::default_delete<EC_KEY> {
-public:
-    void operator()(EC_KEY* ptr) const {
-        ::EC_KEY_free(ptr);
-    }
-};
-
-template <> class std::default_delete<RSA> {
-public:
-    void operator()(RSA* ptr) const {
-        ::RSA_free(ptr);
-    }
-};
-
 template <> class std::default_delete<BIO> {
 public:
     void operator()(BIO* ptr) const {
@@ -82,6 +70,22 @@ template <> class std::default_delete<EVP_ENCODE_CTX> {
     }
 };
 
+#if !EVSE_OPENSSL_VER_3
+template <> class std::default_delete<EC_KEY> {
+public:
+    void operator()(EC_KEY* ptr) const {
+        ::EC_KEY_free(ptr);
+    }
+};
+
+template <> class std::default_delete<RSA> {
+public:
+    void operator()(RSA* ptr) const {
+        ::RSA_free(ptr);
+    }
+};
+#endif
+
 namespace evse_security {
 
 using X509_ptr = std::unique_ptr<X509>;
@@ -90,10 +94,13 @@ using X509_STORE_CTX_ptr = std::unique_ptr<X509_STORE_CTX>;
 using X509_REQ_ptr = std::unique_ptr<X509_REQ>;
 using EVP_PKEY_ptr = std::unique_ptr<EVP_PKEY>;
 using EVP_PKEY_CTX_ptr = std::unique_ptr<EVP_PKEY_CTX>;
-using EC_KEY_ptr = std::unique_ptr<EC_KEY>;
-using RSA_ptr = std::unique_ptr<RSA>;
 using BIO_ptr = std::unique_ptr<BIO>;
 using EVP_MD_CTX_ptr = std::unique_ptr<EVP_MD_CTX>;
 using EVP_ENCODE_CTX_ptr = std::unique_ptr<EVP_ENCODE_CTX>;
 
+#if !EVSE_OPENSSL_VER_3
+using EC_KEY_ptr = std::unique_ptr<EC_KEY>;
+using RSA_ptr = std::unique_ptr<RSA>;
+#endif
+
 } // namespace evse_security
diff --git a/lib/evse_security/crypto/interface/crypto_supplier.cpp b/lib/evse_security/crypto/interface/crypto_supplier.cpp
@@ -54,9 +54,9 @@ std::string AbstractCryptoSupplier::x509_get_common_name(X509Handle* handle) {
     default_crypto_supplier_usage_error() return {};
 }
 
-void AbstractCryptoSupplier::x509_get_validity(X509Handle* handle, std::int64_t& out_valid_in,
+bool AbstractCryptoSupplier::x509_get_validity(X509Handle* handle, std::int64_t& out_valid_in,
                                                std::int64_t& out_valid_to) {
-    default_crypto_supplier_usage_error()
+    default_crypto_supplier_usage_error() return false;
 }
 
 bool AbstractCryptoSupplier::x509_is_selfsigned(X509Handle* handle) {

diff --git a/lib/evse_security/crypto/openssl/openssl_supplier.cpp b/lib/evse_security/crypto/openssl/openssl_supplier.cpp
@@ -22,8 +22,6 @@
 #include <openssl/sha.h>
 #include <openssl/x509v3.h>
 
-#define EVSE_OPENSSL_VER_3 (OPENSSL_VERSION_NUMBER >= 0x30000000L)
-
 #include <evse_security/crypto/openssl/openssl_tpm.hpp>
 
 namespace evse_security {
@@ -483,11 +481,12 @@ std::string OpenSSLSupplier::x509_get_responder_url(X509Handle* handle) {
     return responder_url;
 }
 
-void OpenSSLSupplier::x509_get_validity(X509Handle* handle, std::int64_t& out_valid_in, std::int64_t& out_valid_to) {
+bool OpenSSLSupplier::x509_get_validity(X509Handle* handle, std::int64_t& out_valid_in, std::int64_t& out_valid_to) {
     X509* x509 = get(handle);
 
-    if (x509 == nullptr)
-        return;
+    if (x509 == nullptr) {
+        return false;
+    }
 
     // For valid_in and valid_to
     ASN1_TIME* notBefore = X509_get_notBefore(x509);
@@ -500,6 +499,8 @@ void OpenSSLSupplier::x509_get_validity(X509Handle* handle, std::int64_t& out_va
     ASN1_TIME_diff(&day, &sec, nullptr, notAfter);
     out_valid_to =
         std::chrono::duration_cast<std::chrono::seconds>(days_to_seconds(day)).count() + sec; // Convert days to seconds
+
+    return true;
 }
 
 bool OpenSSLSupplier::x509_is_child(X509Handle* child, X509Handle* parent) {