diff --git a/include/evse_security/crypto/interface/crypto_supplier.hpp b/include/evse_security/crypto/interface/crypto_supplier.hpp index 7564fe1..dc107fc 100644 --- a/include/evse_security/crypto/interface/crypto_supplier.hpp +++ b/include/evse_security/crypto/interface/crypto_supplier.hpp @@ -43,7 +43,7 @@ class AbstractCryptoSupplier { /// (not yet valid) /// @param out_valid_to Valid amount of seconds. A negative value is in the past (expired), a positive one is in the /// future - static void x509_get_validity(X509Handle* handle, std::int64_t& out_valid_in, std::int64_t& out_valid_to); + static bool x509_get_validity(X509Handle* handle, std::int64_t& out_valid_in, std::int64_t& out_valid_to); static bool x509_is_selfsigned(X509Handle* handle); static bool x509_is_child(X509Handle* child, X509Handle* parent); diff --git a/include/evse_security/crypto/openssl/openssl_supplier.hpp b/include/evse_security/crypto/openssl/openssl_supplier.hpp index e24c3b4..0868bf4 100644 --- a/include/evse_security/crypto/openssl/openssl_supplier.hpp +++ b/include/evse_security/crypto/openssl/openssl_supplier.hpp @@ -26,7 +26,7 @@ class OpenSSLSupplier : public AbstractCryptoSupplier { static std::string x509_get_serial_number(X509Handle* handle); static std::string x509_get_issuer_name_hash(X509Handle* handle); static std::string x509_get_common_name(X509Handle* handle); - static void x509_get_validity(X509Handle* handle, std::int64_t& out_valid_in, std::int64_t& out_valid_to); + static bool x509_get_validity(X509Handle* handle, std::int64_t& out_valid_in, std::int64_t& out_valid_to); static bool x509_is_selfsigned(X509Handle* handle); static bool x509_is_child(X509Handle* child, X509Handle* parent); static bool x509_is_equal(X509Handle* a, X509Handle* b); diff --git a/include/evse_security/detail/openssl/openssl_types.hpp b/include/evse_security/detail/openssl/openssl_types.hpp index 4e652f6..b97b0f3 100644 --- a/include/evse_security/detail/openssl/openssl_types.hpp +++ b/include/evse_security/detail/openssl/openssl_types.hpp @@ -5,6 +5,8 @@ #include #include +#define EVSE_OPENSSL_VER_3 (OPENSSL_VERSION_NUMBER >= 0x30000000L) + template <> class std::default_delete { public: void operator()(X509* ptr) const { @@ -54,20 +56,6 @@ template <> class std::default_delete { } }; -template <> class std::default_delete { -public: - void operator()(EC_KEY* ptr) const { - ::EC_KEY_free(ptr); - } -}; - -template <> class std::default_delete { -public: - void operator()(RSA* ptr) const { - ::RSA_free(ptr); - } -}; - template <> class std::default_delete { public: void operator()(BIO* ptr) const { @@ -89,6 +77,22 @@ template <> class std::default_delete { } }; +#if !EVSE_OPENSSL_VER_3 +template <> class std::default_delete { +public: + void operator()(EC_KEY* ptr) const { + ::EC_KEY_free(ptr); + } +}; + +template <> class std::default_delete { +public: + void operator()(RSA* ptr) const { + ::RSA_free(ptr); + } +}; +#endif + namespace evse_security { using X509_ptr = std::unique_ptr; @@ -100,10 +104,13 @@ using X509_STACK_UNSAFE_ptr = std::unique_ptr; using X509_REQ_ptr = std::unique_ptr; using EVP_PKEY_ptr = std::unique_ptr; using EVP_PKEY_CTX_ptr = std::unique_ptr; -using EC_KEY_ptr = std::unique_ptr; -using RSA_ptr = std::unique_ptr; using BIO_ptr = std::unique_ptr; using EVP_MD_CTX_ptr = std::unique_ptr; using EVP_ENCODE_CTX_ptr = std::unique_ptr; +#if !EVSE_OPENSSL_VER_3 +using EC_KEY_ptr = std::unique_ptr; +using RSA_ptr = std::unique_ptr; +#endif + } // namespace evse_security diff --git a/lib/evse_security/crypto/interface/crypto_supplier.cpp b/lib/evse_security/crypto/interface/crypto_supplier.cpp index 5faf374..259fc38 100644 --- a/lib/evse_security/crypto/interface/crypto_supplier.cpp +++ b/lib/evse_security/crypto/interface/crypto_supplier.cpp @@ -54,9 +54,9 @@ std::string AbstractCryptoSupplier::x509_get_common_name(X509Handle* handle) { default_crypto_supplier_usage_error() return {}; } -void AbstractCryptoSupplier::x509_get_validity(X509Handle* handle, std::int64_t& out_valid_in, +bool AbstractCryptoSupplier::x509_get_validity(X509Handle* handle, std::int64_t& out_valid_in, std::int64_t& out_valid_to) { - default_crypto_supplier_usage_error() + default_crypto_supplier_usage_error() return false; } bool AbstractCryptoSupplier::x509_is_selfsigned(X509Handle* handle) { diff --git a/lib/evse_security/crypto/openssl/openssl_supplier.cpp b/lib/evse_security/crypto/openssl/openssl_supplier.cpp index ab57646..92671d8 100644 --- a/lib/evse_security/crypto/openssl/openssl_supplier.cpp +++ b/lib/evse_security/crypto/openssl/openssl_supplier.cpp @@ -22,8 +22,6 @@ #include #include -#define EVSE_OPENSSL_VER_3 (OPENSSL_VERSION_NUMBER >= 0x30000000L) - #include namespace evse_security { @@ -483,11 +481,12 @@ std::string OpenSSLSupplier::x509_get_responder_url(X509Handle* handle) { return responder_url; } -void OpenSSLSupplier::x509_get_validity(X509Handle* handle, std::int64_t& out_valid_in, std::int64_t& out_valid_to) { +bool OpenSSLSupplier::x509_get_validity(X509Handle* handle, std::int64_t& out_valid_in, std::int64_t& out_valid_to) { X509* x509 = get(handle); - if (x509 == nullptr) - return; + if (x509 == nullptr) { + return false; + } // For valid_in and valid_to ASN1_TIME* notBefore = X509_get_notBefore(x509); @@ -500,6 +499,8 @@ void OpenSSLSupplier::x509_get_validity(X509Handle* handle, std::int64_t& out_va ASN1_TIME_diff(&day, &sec, nullptr, notAfter); out_valid_to = std::chrono::duration_cast(days_to_seconds(day)).count() + sec; // Convert days to seconds + + return true; } bool OpenSSLSupplier::x509_is_child(X509Handle* child, X509Handle* parent) {