Fix openssl3 deprecated functions #376
Conversation
…56_Update, and SHA256_Final
lo-simon
changed the title
Development/nmos/jwk_utils.cpp
Outdated
|
|
||
| if (EC_KEY_set_public_key_affine_coordinates(ec_key.get(), x_coordinate.get(), y_coordinate.get())) | ||
| EVP_PKEY* pkey = NULL; |
There was a problem hiding this comment.
Would it be possible to use a EVP_PKEY_ptr here and avoid the explicit EVP_PKEY_free calls below?
There was a problem hiding this comment.
Yes I had the same thought, but couldn't think how it could be done
There was a problem hiding this comment.
Done using the boost.ASIO cleanup-struct idiom
Development/nmos/jwk_utils.cpp
Outdated
| } | ||
|
|
||
| // find the RSA private key from private key list | ||
| utility::string_t found_rsa_key(const std::vector<utility::string_t>& private_keys) | ||
| RSA_ptr rsa(EVP_PKEY_get1_RSA(private_key.get()), &RSA_free); |
There was a problem hiding this comment.
In this function is there no difference in control flow, only the difference between these two snippets?
OpenSSL <3.0
RSA_ptr rsa(EVP_PKEY_get1_RSA(private_key.get()), &RSA_free);
if (!rsa)
{
throw jwk_exception("extract public key error: failed to load RSA key from private key");
}
if (bio && PEM_write_bio_RSA_PUBKEY(bio.get(), rsa.get()))OpenSSL >=3.0
if (bio && PEM_write_bio_PUBKEY(bio.get(), private_key.get()))There was a problem hiding this comment.
yes, you are right, let's change it
| @@ -40,16 +45,19 @@ struct evp_pkey_cleanup | |||
| ~evp_pkey_cleanup() { if (p) ::EVP_PKEY_free(p); } | |||
| }; | |||
|
|
|||
| #if OPENSSL_VERSION_NUMBER < 0x30000000L | |||
| struct ec_key_cleanup | |||
There was a problem hiding this comment.
@lo-simon I can't remember, was this cleanup-struct idiom adopted from the Boost.ASIO code?
It serves the same purpose as your usage of std::unique_ptr in nmos/jwk_utils.cpp, is that right?
There was a problem hiding this comment.
yes, it is; see the following example extracted from asio\ssl\impl\contentext.ipp
struct context::bio_cleanup
{
BIO* p;
~bio_cleanup() { if (p) ::BIO_free(p); }
};
struct context::x509_cleanup
{
X509* p;
~x509_cleanup() { if (p) ::X509_free(p); }
};
struct context::evp_pkey_cleanup
{
EVP_PKEY* p;
~evp_pkey_cleanup() { if (p) ::EVP_PKEY_free(p); }
};
#if (OPENSSL_VERSION_NUMBER < 0x30000000L)
struct context::rsa_cleanup
{
RSA* p;
~rsa_cleanup() { if (p) ::RSA_free(p); }
};
struct context::dh_cleanup
{
DH* p;
~dh_cleanup() { if (p) ::DH_free(p); }
};
#endif // (OPENSSL_VERSION_NUMBER < 0x30000000L)
|
@lo-simon Is this tested in CI with both OpenSSL 3.0+ and with OpenSSL 1.1.1? |
We kept Ubuntu14.04 to use OpenSSL 1.0.1f, so CI tests <OpenSSL 3.0 too |
Co-authored-by: Gareth Sylvester-Bradley <[email protected]>
No description provided.