Bugfix/75 deprecate openssl 1 (#76)

* Modified OpenSSL required version * Removed old OpenSSL code * Updated readme * Updated test cases, removed unused provider header file, removed unused test --------- Signed-off-by: AssemblyJohn <[email protected]>
EVerest · May 27, 2024 · 8777cc2 · 8777cc2
1 parent 4330ce2
commit 8777cc2
Show file tree

Hide file tree

Showing 9 changed files with 73 additions and 420 deletions.
diff --git a/CMakeLists.txt b/CMakeLists.txt
@@ -43,7 +43,7 @@ option(LIBEVSE_SECURITY_USE_BOOST_FILESYSTEM "Usage of boost/filesystem.hpp inst
 option(LIBEVSE_CRYPTO_SUPPLIER_OPENSSL "Default OpenSSL cryptography supplier" ON)
 
 # dependencies
-find_package(OpenSSL REQUIRED)
+find_package(OpenSSL 3 REQUIRED)
 
 add_subdirectory(lib)
 

diff --git a/README.md b/README.md
@@ -10,7 +10,7 @@ All documentation and the issue tracking can be found in our main repository her
 
 ## Prerequisites
 
-The library requires OpenSSL 1.1.1.
+The library requires OpenSSL 3.
 
 ## Build Instructions
 
@@ -61,7 +61,6 @@ When receiving back a signed CSR, the library will take care to create two files
 ## TPM
 There is a configuration option to configure OpenSSL for use with a TPM.<br>
 `cmake` ... `-DUSING_TPM2=ON`<br>
-Note OpenSSL providers are not available for OpenSSL v1, OpenSSL v3 is required.
 
 The library will use the `UseTPM` flag and the PEM private key file to
 configure whether to use the `default` provider or the `tpm2` provider.

diff --git a/include/evse_security/crypto/interface/crypto_types.hpp b/include/evse_security/crypto/interface/crypto_types.hpp
@@ -13,9 +13,10 @@ namespace evse_security {
 enum class CryptoKeyType {
     EC_prime256v1, // Default EC. P-256, ~equiv to rsa 3072
     EC_secp384r1,  // P-384, ~equiv to rsa 7680
-    RSA_TPM20,     // Default TPM RSA, only option allowed for TPM (universal support), 2048 bits
-    RSA_3072,      // Default RSA. Protection lifetime: ~2030
-    RSA_7680,      // Protection lifetime: >2031. Very long generation time 8-40s on 16 core PC
+    RSA_2048,
+    RSA_TPM20 = RSA_2048, // Default TPM RSA, only option allowed for TPM (universal support), 2048 bits
+    RSA_3072,             // Default RSA. Protection lifetime: ~2030
+    RSA_7680,             // Protection lifetime: >2031. Very long generation time 8-40s on 16 core PC
 };
 
 enum class KeyValidationResult {

diff --git a/include/evse_security/detail/openssl/openssl_providers.hpp b/include/evse_security/detail/openssl/openssl_providers.hpp
diff --git a/include/evse_security/detail/openssl/openssl_types.hpp b/include/evse_security/detail/openssl/openssl_types.hpp
@@ -5,8 +5,6 @@
 #include <memory>
 #include <openssl/x509v3.h>
 
-#define EVSE_OPENSSL_VER_3 (OPENSSL_VERSION_NUMBER >= 0x30000000L)
-
 template <> class std::default_delete<X509> {
 public:
     void operator()(X509* ptr) const {
@@ -77,22 +75,6 @@ template <> class std::default_delete<EVP_ENCODE_CTX> {
     }
 };
 
-#if !EVSE_OPENSSL_VER_3
-template <> class std::default_delete<EC_KEY> {
-public:
-    void operator()(EC_KEY* ptr) const {
-        ::EC_KEY_free(ptr);
-    }
-};
-
-template <> class std::default_delete<RSA> {
-public:
-    void operator()(RSA* ptr) const {
-        ::RSA_free(ptr);
-    }
-};
-#endif
-
 namespace evse_security {
 
 using X509_ptr = std::unique_ptr<X509>;
@@ -108,9 +90,4 @@ using BIO_ptr = std::unique_ptr<BIO>;
 using EVP_MD_CTX_ptr = std::unique_ptr<EVP_MD_CTX>;
 using EVP_ENCODE_CTX_ptr = std::unique_ptr<EVP_ENCODE_CTX>;
 
-#if !EVSE_OPENSSL_VER_3
-using EC_KEY_ptr = std::unique_ptr<EC_KEY>;
-using RSA_ptr = std::unique_ptr<RSA>;
-#endif
-
 } // namespace evse_security