Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bugfix/75 deprecate openssl 1 #76

Merged
merged 5 commits into from
May 27, 2024
Merged

Bugfix/75 deprecate openssl 1 #76

Show file tree
Hide file tree
Changes from 2 commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
9ded560
Modified OpenSSL required version
AssemblyJohn May 23, 2024
a7e7bc2
Removed old OpenSSL code
AssemblyJohn May 23, 2024
a315ae7
Updated readme
AssemblyJohn May 24, 2024
c5f049c
Updated test cases, removed unused provider header file, removed unus…
AssemblyJohn May 24, 2024
11fbf64
Added back missing CSR test
AssemblyJohn May 27, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion CMakeLists.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -43,7 +43,7 @@ option(LIBEVSE_SECURITY_USE_BOOST_FILESYSTEM "Usage of boost/filesystem.hpp inst
option(LIBEVSE_CRYPTO_SUPPLIER_OPENSSL "Default OpenSSL cryptography supplier" ON)

# dependencies
find_package(OpenSSL REQUIRED)
find_package(OpenSSL 3 REQUIRED)

add_subdirectory(lib)

Expand Down
23 changes: 0 additions & 23 deletions include/evse_security/detail/openssl/openssl_types.hpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,8 +5,6 @@
#include <memory>
#include <openssl/x509v3.h>

#define EVSE_OPENSSL_VER_3 (OPENSSL_VERSION_NUMBER >= 0x30000000L)

template <> class std::default_delete<X509> {
public:
void operator()(X509* ptr) const {
Expand Down Expand Up @@ -77,22 +75,6 @@ template <> class std::default_delete<EVP_ENCODE_CTX> {
}
};

#if !EVSE_OPENSSL_VER_3
template <> class std::default_delete<EC_KEY> {
public:
void operator()(EC_KEY* ptr) const {
::EC_KEY_free(ptr);
}
};

template <> class std::default_delete<RSA> {
public:
void operator()(RSA* ptr) const {
::RSA_free(ptr);
}
};
#endif

namespace evse_security {

using X509_ptr = std::unique_ptr<X509>;
Expand All @@ -108,9 +90,4 @@ using BIO_ptr = std::unique_ptr<BIO>;
using EVP_MD_CTX_ptr = std::unique_ptr<EVP_MD_CTX>;
using EVP_ENCODE_CTX_ptr = std::unique_ptr<EVP_ENCODE_CTX>;

#if !EVSE_OPENSSL_VER_3
using EC_KEY_ptr = std::unique_ptr<EC_KEY>;
using RSA_ptr = std::unique_ptr<RSA>;
#endif

} // namespace evse_security
55 changes: 0 additions & 55 deletions lib/evse_security/crypto/openssl/openssl_supplier.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -140,7 +140,6 @@ constexpr const char* kt_rsa = "RSA";
constexpr const char* kt_ec = "EC";

static bool s_generate_key(const KeyGenerationInfo& key_info, KeyHandle_ptr& out_key, EVP_PKEY_CTX_ptr& ctx) {

unsigned int bits = 0;
char group_256[] = "P-256";
char group_384[] = "P-384";
Expand Down Expand Up @@ -180,7 +179,6 @@ static bool s_generate_key(const KeyGenerationInfo& key_info, KeyHandle_ptr& out
break;
}

#if EVSE_OPENSSL_VER_3
OSSL_PARAM params[2];
std::memset(&params[0], 0, sizeof(params));

Expand Down Expand Up @@ -227,54 +225,6 @@ static bool s_generate_key(const KeyGenerationInfo& key_info, KeyHandle_ptr& out

auto evp_key = EVP_PKEY_ptr(pkey);

#else
constexpr unsigned long RSA_PRIME = 65537;
EVP_PKEY_ptr evp_key = EVP_PKEY_ptr(EVP_PKEY_new());

if (bEC) {
// Ignore deprecation warnings on the EC gen functions since we need OpenSSL 1.1 support
EC_KEY_ptr ec_key(EC_KEY_new_by_curve_name(nid));

if (ec_key.get() == nullptr) {
EVLOG_error << "Failed create EC key by curve!";
bResult = false;
}

if (bResult) {
// generate ec key pair
if (EC_KEY_generate_key(ec_key.get()) != 1) {
EVLOG_error << "Failed to generate EC key!";
bResult = false;
}
}

if (bResult) {
// Not auto-released since on assign the ec_key will be released with the owner evp_pkey
EC_KEY* key = ec_key.release();

// Assigns the key, we must not release it here, since it is 'owned' by the evp_key
EVP_PKEY_assign_EC_KEY(evp_key.get(), key);
}
} else {
RSA_ptr rsa_key(RSA_generate_key(bits, RSA_PRIME, nullptr, nullptr));

if (rsa_key.get() == nullptr) {
EVLOG_error << "Failed create RSA key!";
ERR_print_errors_fp(stderr);
bResult = false;
}

if (bResult) {
// Not auto-released since on assign the ec_key will be released with the owner evp_pkey
RSA* key = rsa_key.release();

// Assigns the key, we must not release it here, since it is 'owned' by the evp_key
EVP_PKEY_assign_RSA(evp_key.get(), key);
}
}

#endif

if (bResult) {
EVLOG_info << "Key export";
// Export keys too
Expand Down Expand Up @@ -545,12 +495,7 @@ bool OpenSSLSupplier::x509_is_selfsigned(X509Handle* handle) {
if (x509 == nullptr)
return false;

// X509_self_signed() was added in OpenSSL 3.0, use a workaround for earlier versions
#if EVSE_OPENSSL_VER_3
return (X509_self_signed(x509, 0) == 1);
#else
return (X509_verify(x509, X509_get_pubkey(x509)));
#endif
}

bool OpenSSLSupplier::x509_is_equal(X509Handle* a, X509Handle* b) {
Expand Down
Loading