diff options
author | thiagoftsm <thiagoftsm@gmail.com> | 2022-06-30 07:11:23 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-06-30 07:11:23 +0000 |
commit | 12340cf1ef5065c5ab539967e610a263cc602741 (patch) | |
tree | 7978d0977c64de2896f07c054d682c3c4587743a /aclk | |
parent | 8368cc0fca0fc4ef91f75998b7d4536a49850afe (diff) |
Remove warnings when openssl 3 is used. (#13170)
* remove_warnings_openssl_v3: Add new macro to define latest OpenSSL version
* remove_warnings_openssl_v3: Add headers necessary for new API
* remove_warnings_openssl_v3: Add compatible variables and adjst code inside load_private_key
* remove_warnings_openssl_v3: Adjust function aclk_get_mqtt_otp according to openssl version
* remove_warnings_openssl_v3: Adjust function private_decrypt
* remove_warnings_openssl_v3: Fix function private_decrypt
* remove_warnings_openssl_v3: Update error message
* remove_warnings_openssl_v3: Update missing error message
Diffstat (limited to 'aclk')
-rw-r--r-- | aclk/aclk.c | 34 | ||||
-rw-r--r-- | aclk/aclk_otp.c | 34 | ||||
-rw-r--r-- | aclk/aclk_otp.h | 4 |
3 files changed, 69 insertions, 3 deletions
diff --git a/aclk/aclk.c b/aclk/aclk.c index 612f4a5710..efbcc5fec9 100644 --- a/aclk/aclk.c +++ b/aclk/aclk.c @@ -49,11 +49,25 @@ struct aclk_shared_state aclk_shared_state = { .mqtt_shutdown_msg_rcvd = 0 }; +#if OPENSSL_VERSION_NUMBER >= OPENSSL_VERSION_300 +OSSL_DECODER_CTX *aclk_dctx = NULL; +EVP_PKEY *aclk_private_key = NULL; +#else static RSA *aclk_private_key = NULL; +#endif static int load_private_key() { - if (aclk_private_key != NULL) + if (aclk_private_key != NULL) { +#if OPENSSL_VERSION_NUMBER >= OPENSSL_VERSION_300 + EVP_PKEY_free(aclk_private_key); + if (aclk_dctx) + OSSL_DECODER_CTX_free(aclk_dctx); + + aclk_dctx = NULL; +#else RSA_free(aclk_private_key); +#endif + } aclk_private_key = NULL; char filename[FILENAME_MAX + 1]; snprintfz(filename, FILENAME_MAX, "%s/cloud.d/private.pem", netdata_configured_varlib_dir); @@ -72,7 +86,25 @@ static int load_private_key() goto biofailed; } +#if OPENSSL_VERSION_NUMBER >= OPENSSL_VERSION_300 + aclk_dctx = OSSL_DECODER_CTX_new_for_pkey(&aclk_private_key, "PEM", NULL, + "RSA", + OSSL_KEYMGMT_SELECT_PRIVATE_KEY, + NULL, NULL); + + if (!aclk_dctx) { + error("Loading private key (from claiming) failed - no OpenSSL Decoders found"); + goto biofailed; + } + + // this is necesseary to avoid RSA key with wrong size + if (!OSSL_DECODER_from_bio(aclk_dctx, key_bio)) { + error("Decoding private key (from claiming) failed - invalid format."); + goto biofailed; + } +#else aclk_private_key = PEM_read_bio_RSAPrivateKey(key_bio, NULL, NULL, NULL); +#endif BIO_free(key_bio); if (aclk_private_key!=NULL) { diff --git a/aclk/aclk_otp.c b/aclk/aclk_otp.c index 47fdf1b598..6ce217a3ac 100644 --- a/aclk/aclk_otp.c +++ b/aclk/aclk_otp.c @@ -446,11 +446,37 @@ cleanup_buffers: return rc; } +#if OPENSSL_VERSION_NUMBER >= OPENSSL_VERSION_300 +static int private_decrypt(EVP_PKEY *p_key, unsigned char * enc_data, int data_len, unsigned char **decrypted) +#else static int private_decrypt(RSA *p_key, unsigned char * enc_data, int data_len, unsigned char **decrypted) +#endif { + int result; +#if OPENSSL_VERSION_NUMBER >= OPENSSL_VERSION_300 + size_t outlen = EVP_PKEY_size(p_key); + EVP_PKEY_CTX *ctx = EVP_PKEY_CTX_new(p_key, NULL); + if (!ctx) + return 1; + + if (EVP_PKEY_decrypt_init(ctx) <= 0) + return 1; + + if (EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_OAEP_PADDING) <= 0) + return 1; + + *decrypted = mallocz(outlen); + + if (EVP_PKEY_decrypt(ctx, *decrypted, &outlen, enc_data, data_len) == 1) + result = (int) outlen; + else + result = -1; +#else *decrypted = mallocz(RSA_size(p_key)); - int result = RSA_private_decrypt(data_len, enc_data, *decrypted, p_key, RSA_PKCS1_OAEP_PADDING); - if (result == -1) { + result = RSA_private_decrypt(data_len, enc_data, *decrypted, p_key, RSA_PKCS1_OAEP_PADDING); +#endif + if (result == -1) + { char err[512]; ERR_error_string_n(ERR_get_error(), err, sizeof(err)); error("Decryption of the challenge failed: %s", err); @@ -458,7 +484,11 @@ static int private_decrypt(RSA *p_key, unsigned char * enc_data, int data_len, u return result; } +#if OPENSSL_VERSION_NUMBER >= OPENSSL_VERSION_300 +int aclk_get_mqtt_otp(EVP_PKEY *p_key, char **mqtt_id, char **mqtt_usr, char **mqtt_pass, url_t *target) +#else int aclk_get_mqtt_otp(RSA *p_key, char **mqtt_id, char **mqtt_usr, char **mqtt_pass, url_t *target) +#endif { unsigned char *challenge; int challenge_bytes; diff --git a/aclk/aclk_otp.h b/aclk/aclk_otp.h index 1ca9245c26..2d660e5a4d 100644 --- a/aclk/aclk_otp.h +++ b/aclk/aclk_otp.h @@ -8,7 +8,11 @@ #include "https_client.h" #include "aclk_util.h" +#if OPENSSL_VERSION_NUMBER >= OPENSSL_VERSION_300 +int aclk_get_mqtt_otp(EVP_PKEY *p_key, char **mqtt_id, char **mqtt_usr, char **mqtt_pass, url_t *target); +#else int aclk_get_mqtt_otp(RSA *p_key, char **mqtt_id, char **mqtt_usr, char **mqtt_pass, url_t *target); +#endif int aclk_get_env(aclk_env_t *env, const char *aclk_hostname, int aclk_port); #endif /* ACLK_OTP_H */ |