Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

remove deprecate warnings when using openssl v3 #1826

Merged
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
341 changes: 292 additions & 49 deletions src/security/builtin_plugins/authentication/src/auth_utils.c

Large diffs are not rendered by default.

762 changes: 642 additions & 120 deletions src/security/builtin_plugins/tests/common/src/handshake_helper.c

Large diffs are not rendered by default.

39 changes: 33 additions & 6 deletions src/security/builtin_plugins/tests/common/src/handshake_helper.h
Original file line number Diff line number Diff line change
Expand Up @@ -15,14 +15,41 @@
#include "dds/security/core/dds_security_serialize.h"
#include "dds/security/openssl_support.h"

const BIGNUM *
dh_get_public_key(
DH *dhkey);
struct octet_seq {
unsigned char *data;
uint32_t length;
};

void
octet_seq_init(
struct octet_seq *seq,
unsigned char *data,
uint32_t size);

void
octet_seq_deinit(
struct octet_seq *seq);

ASN1_INTEGER *
get_pubkey_asn1int(EVP_PKEY *pkey);

int
get_dh_public_key_modp_2048(
EVP_PKEY *pkey,
struct octet_seq *pubkey);

int
get_dh_public_key_ecdh(
EVP_PKEY *pkey,
struct octet_seq *pubkey);

int
create_dh_key_modp_2048(
EVP_PKEY **pkey);

int
dh_set_public_key(
DH *dhkey,
BIGNUM *pubkey);
create_dh_key_ecdh(
EVP_PKEY **pkey);

DDS_Security_ValidationResult_t
create_signature_for_test(
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -48,11 +48,6 @@ typedef enum {
} HandshakeStep_t;


struct octet_seq {
unsigned char *data;
uint32_t length;
};

static const char * AUTH_DSIGN_ALGO_RSA_NAME = "RSASSA-PSS-SHA256";
static const char * AUTH_KAGREE_ALGO_RSA_NAME = "DH+MODP-2048-256";
static const char * AUTH_KAGREE_ALGO_ECDH_NAME = "ECDH+prime256v1-CEUM";
Expand Down Expand Up @@ -219,25 +214,6 @@ static EVP_PKEY *g_dh_ecdh_key = NULL;
static struct octet_seq g_dh_modp_pub_key = {NULL, 0};
static struct octet_seq g_dh_ecdh_pub_key = {NULL, 0};


static void
octet_seq_init(
struct octet_seq *seq,
unsigned char *data,
uint32_t size)
{
seq->data = ddsrt_malloc(size);
memcpy(seq->data, data, size);
seq->length = size;
}

static void
octet_seq_deinit(
struct octet_seq *seq)
{
ddsrt_free(seq->data);
}

static void
serializer_participant_data(
DDS_Security_ParticipantBuiltinTopicData *pdata,
Expand Down Expand Up @@ -541,199 +517,9 @@ get_adjusted_participant_guid(
return result;
}

static int
create_dh_key_modp_2048(
EVP_PKEY **pkey)
{
int r = 0;
EVP_PKEY *params = NULL;
EVP_PKEY_CTX *kctx = NULL;
DH *dh = NULL;

*pkey = NULL;

if ((params = EVP_PKEY_new()) == NULL) {
char *msg = get_openssl_error_message_for_test();
printf("Failed to allocate EVP_PKEY: %s", msg);
ddsrt_free(msg);
r = -1;
} else if ((dh = DH_get_2048_256()) == NULL) {
char *msg = get_openssl_error_message_for_test();
printf("Failed to allocate DH parameter: %s", msg);
ddsrt_free(msg);
r = -1;
} else if (EVP_PKEY_set1_DH(params, dh) <= 0) {
char *msg = get_openssl_error_message_for_test();
printf("Failed to set DH parameter to MODP_2048_256: %s", msg);
ddsrt_free(msg);
r = -1;
} else if ((kctx = EVP_PKEY_CTX_new(params, NULL)) == NULL) {
char *msg = get_openssl_error_message_for_test();
printf("Failed to allocate KEY context %s", msg);
ddsrt_free(msg);
r = -1;
} else if (EVP_PKEY_keygen_init(kctx) <= 0) {
char *msg = get_openssl_error_message_for_test();
printf("Failed to initialize KEY context: %s", msg);
ddsrt_free(msg);
r = -1;
} else if (EVP_PKEY_keygen(kctx, pkey) <= 0) {
char *msg = get_openssl_error_message_for_test();
printf("Failed to generate :MODP_2048_256 keys %s", msg);
ddsrt_free(msg);
r = -1;
}

if (params) EVP_PKEY_free(params);
if (kctx) EVP_PKEY_CTX_free(kctx);
if (dh) DH_free(dh);

return r;
}

static int
get_dh_public_key_modp_2048(
EVP_PKEY *pkey,
struct octet_seq *pubkey)
{
int r = 0;
DH *dhkey;
unsigned char *buffer = NULL;
uint32_t size;
ASN1_INTEGER *asn1int;

dhkey = EVP_PKEY_get1_DH(pkey);
if (!dhkey) {
char *msg = get_openssl_error_message_for_test();
printf("Failed to get DH key from PKEY: %s", msg);
ddsrt_free(msg);
r = -1;
goto fail_get_dhkey;
}

asn1int = BN_to_ASN1_INTEGER( dh_get_public_key(dhkey) , NULL);
if (!asn1int) {
char *msg = get_openssl_error_message_for_test();
printf("Failed to convert DH key to ASN1 integer: %s", msg);
ddsrt_free(msg);
r = -1;
goto fail_get_pubkey;
}

size = (uint32_t)i2d_ASN1_INTEGER(asn1int, &buffer);
octet_seq_init(pubkey, buffer, size);

ASN1_INTEGER_free(asn1int);
OPENSSL_free(buffer);

fail_get_pubkey:
DH_free(dhkey);
fail_get_dhkey:
return r;
}

static int
create_dh_key_ecdh(
EVP_PKEY **pkey)
{
int r = 0;
EVP_PKEY *params = NULL;
EVP_PKEY_CTX *pctx = NULL;
EVP_PKEY_CTX *kctx = NULL;

*pkey = NULL;

if ((pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL)) == NULL) {
char *msg = get_openssl_error_message_for_test();
printf("Failed to allocate DH parameter context: %s", msg);
ddsrt_free(msg);
r = -1;
} else if (EVP_PKEY_paramgen_init(pctx) <= 0) {
char *msg = get_openssl_error_message_for_test();
printf("Failed to initialize DH generation context: %s", msg);
ddsrt_free(msg);
r = -1;
} else if (EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, NID_X9_62_prime256v1) <= 0) {
char *msg = get_openssl_error_message_for_test();
printf("Failed to set DH generation parameter generation method: %s", msg);
ddsrt_free(msg);
r = -1;
} else if (EVP_PKEY_paramgen(pctx, &params) <= 0) {
char *msg = get_openssl_error_message_for_test();
printf("Failed to generate DH parameters: %s", msg);
ddsrt_free(msg);
r = -1;
} else if ((kctx = EVP_PKEY_CTX_new(params, NULL)) == NULL) {
char *msg = get_openssl_error_message_for_test();
printf("Failed to allocate KEY context %s", msg);
ddsrt_free(msg);
r = -1;
} else if (EVP_PKEY_keygen_init(kctx) <= 0) {
char *msg = get_openssl_error_message_for_test();
printf("Failed to initialize KEY context: %s", msg);
ddsrt_free(msg);
r = -1;
} else if (EVP_PKEY_keygen(kctx, pkey) <= 0) {
char *msg = get_openssl_error_message_for_test();
printf("Failed to generate :MODP_2048_256 keys %s", msg);
ddsrt_free(msg);
r = -1;
}

if (kctx) EVP_PKEY_CTX_free(kctx);
if (params) EVP_PKEY_free(params);
if (pctx) EVP_PKEY_CTX_free(pctx);

return r;
}

static int
get_dh_public_key_ecdh(
EVP_PKEY *pkey,
struct octet_seq *pubkey)
{
int r = 0;
EC_KEY *eckey = NULL;
const EC_GROUP *group = NULL;
const EC_POINT *point = NULL;
size_t sz;

if (!(eckey = EVP_PKEY_get1_EC_KEY(pkey))) {
char *msg = get_openssl_error_message_for_test();
printf("Failed to get EC key from PKEY: %s", msg);
ddsrt_free(msg);
r = -1;
} else if (!(point = EC_KEY_get0_public_key(eckey))) {
char *msg = get_openssl_error_message_for_test();
printf("Failed to get public key from ECKEY: %s", msg);
ddsrt_free(msg);
r = -1;
} else if (!(group = EC_KEY_get0_group(eckey))) {
char *msg = get_openssl_error_message_for_test();
printf("Failed to get group from ECKEY: %s", msg);
ddsrt_free(msg);
r = -1;
} else if ((sz = EC_POINT_point2oct(group, point, POINT_CONVERSION_COMPRESSED, NULL, 0, NULL)) != 0) {
pubkey->data = ddsrt_malloc(sz);
pubkey->length = (uint32_t) EC_POINT_point2oct(group, point, POINT_CONVERSION_COMPRESSED, pubkey->data, sz, NULL);
if (pubkey->length == 0) {
char *msg = get_openssl_error_message_for_test();
printf("Failed to serialize public EC key: %s", msg);
ddsrt_free(msg);
octet_seq_deinit(pubkey);
r = -1;
}
} else {
char *msg = get_openssl_error_message_for_test();
printf("Failed to serialize public EC key: %s", msg);
ddsrt_free(msg);
r = -1;
}

if (eckey) EC_KEY_free(eckey);

return r;
}

static int
validate_remote_identities (const char *remote_id_certificate)
Expand Down
Loading
Loading