HPCC-30214 Use openssl aes encrypt/decrypt functions

[richardkchapman]

Type of change:

• This change is a bug fix (non-breaking change which fixes an issue).
• This change is a new feature (non-breaking change which adds functionality).
• This change improves the code (refactor or other change that does not change the functionality)
• This change fixes warnings (the fix does not alter the functionality or the generated code)
• This change is a breaking change (fix or feature that will cause existing behavior to change).
• This change alters the query API (existing queries will have to be recompiled)

Checklist:

• My code follows the code style of this project.
  • My code does not create any new warnings from compiler, build system, or lint.
• The commit message is properly formatted and free of typos.
  • The commit message title makes sense in a changelog, by itself.
  • The commit is signed.
• My change requires a change to the documentation.
  • I have updated the documentation accordingly, or...
  • I have created a JIRA ticket to update the documentation.
  • Any new interfaces or exported functions are appropriately commented.
• I have read the CONTRIBUTORS document.
• The change has been fully tested:
  • I have added tests to cover my changes.
  • All new and existing tests passed.
  • I have checked that this change does not introduce memory leaks.
  • I have used Valgrind or similar tools to check for potential issues.
• I have given due consideration to all of the following potential concerns:
  • Scalability
  • Performance
  • Security
  • Thread-safety
  • Cloud-compatibility
  • Premature optimization
  • Existing deployed queries will not be broken
  • This change fixes the problem, not just the symptom
  • The target branch of this pull request is appropriate for such a change.
• There are no similar instances of the same problem that should be addressed
  • I have addressed them here
  • I have raised JIRA issues to address them separately
• This is a user interface / front-end modification
  • I have tested my changes in multiple modern browsers
  • The component(s) render as expected

Smoketest:

• Send notifications about my Pull Request position in Smoketest queue.
• Test my draft Pull Request.

Testing:

[github-actions]

https://track.hpccsystems.com/browse/HPCC-30214
Jira updated

[ghalliday]

A couple of comments

[ghalliday]

minor: Shouldn't really use 0 for the error code.

[ghalliday]

I think this is too strict. For instance I changed the unit test to the following, and it fails:

       unsigned char key[] = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37,
                                0x38, 0x39, 0x30, 0x31, 0x32, 0x33, 0x34, 0x35,
                                0x36, 0x37, 0x38, 0x39, 0x30, 0x31, 0x32, 0x33,
                                0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x30, 0x31
                              };

        /* Message to be encrypted */
        constexpr const char * text = "The quick brown fox jumps over the lazy dog";
        constexpr unsigned lenText = strlen(text);
        const unsigned char *plaintext = (const unsigned char *)text;

        MemoryBuffer ciphertext1, ciphertext2, decrypted;

        openssl::aesEncrypt(key, 32, plaintext, strlen ((char *)plaintext), ciphertext1);
        jlib::aesEncrypt(key, 32, plaintext, strlen ((char *)plaintext), ciphertext2);

        CPPUNIT_ASSERT(ciphertext1.length()==ciphertext2.length());
        CPPUNIT_ASSERT(memcmp(ciphertext1.bytes(), ciphertext2.bytes(), ciphertext1.length()) == 0);
        
        /* Decrypt the ciphertext */
        openssl::aesDecrypt(key, 32, ciphertext1.bytes(), ciphertext1.length(), decrypted);

        char decryptedBuffer[lenText+1];
        openssl::aesDecrypt(key, 32, ciphertext1.bytes(), ciphertext1.length(), decryptedBuffer, lenText);
        decryptedBuffer[lenText] = 0;

        /* Add a NULL terminator. We are expecting printable text */
        decrypted.append('\0');

        /* Show the decrypted text */
        DBGLOG("Decrypted text is: %s/%s", (const char *) decrypted.bytes(), decryptedBuffer);

[ghalliday]

If we need to retain this test, then we need to check that everywhere that calls this function has allocated the correct amount of memory - with any last block padding necessary.

[ghalliday]

@richardkchapman looks good, especially the test cases. Please squash.

[richardkchapman]

@ghalliday Squashed