Fix openssl3 deprecated functions (#376)

Fix OpenSSL 3.0 deprecated functions Co-authored-by: Gareth Sylvester-Bradley <[email protected]>
sony · Mar 22, 2024 · 2b53b76 · 2b53b76
1 parent f936df5
commit 2b53b76
Show file tree

Hide file tree

Showing 6 changed files with 237 additions and 227 deletions.
diff --git a/Development/boost/asio/ssl/use_tmp_ecdh.hpp b/Development/boost/asio/ssl/use_tmp_ecdh.hpp
@@ -16,6 +16,11 @@
 # define BOOST_ASIO_SYNC_OP_VOID_RETURN(e) return
 #endif
 
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+#include <openssl/core_names.h>
+#include <openssl/evp.h>
+#endif
+
 namespace boost {
 namespace asio {
 namespace ssl {
@@ -40,16 +45,19 @@ struct evp_pkey_cleanup
     ~evp_pkey_cleanup() { if (p) ::EVP_PKEY_free(p); }
 };
 
+#if OPENSSL_VERSION_NUMBER < 0x30000000L
 struct ec_key_cleanup
 {
     EC_KEY *p;
     ~ec_key_cleanup() { if (p) ::EC_KEY_free(p); }
 };
+#endif
 
 inline
 BOOST_ASIO_SYNC_OP_VOID do_use_tmp_ecdh(boost::asio::ssl::context& ctx,
     BIO* bio, boost::system::error_code& ec)
 {
+#if OPENSSL_VERSION_NUMBER < 0x30000000L
     ::ERR_clear_error();
 
     int nid = NID_undef;
@@ -63,7 +71,7 @@ BOOST_ASIO_SYNC_OP_VOID do_use_tmp_ecdh(boost::asio::ssl::context& ctx,
             ec_key_cleanup key = { ::EVP_PKEY_get1_EC_KEY(pkey.p) };
             if (key.p)
             {
-                const EC_GROUP *group = EC_KEY_get0_group(key.p);
+                const EC_GROUP* group = EC_KEY_get0_group(key.p);
                 nid = EC_GROUP_get_curve_name(group);
             }
         }
@@ -83,6 +91,33 @@ BOOST_ASIO_SYNC_OP_VOID do_use_tmp_ecdh(boost::asio::ssl::context& ctx,
         static_cast<int>(::ERR_get_error()),
         boost::asio::error::get_ssl_category());
     BOOST_ASIO_SYNC_OP_VOID_RETURN(ec);
+#else
+    ::ERR_clear_error();
+
+    x509_cleanup x509 = { ::PEM_read_bio_X509(bio, NULL, 0, NULL) };
+    if (x509.p)
+    {
+        evp_pkey_cleanup pkey = { ::X509_get_pubkey(x509.p) };
+        if (pkey.p)
+        {
+            char curve_name[64];
+            size_t return_size{ 0 };
+            if (::EVP_PKEY_get_utf8_string_param(pkey.p, OSSL_PKEY_PARAM_GROUP_NAME, curve_name, sizeof(curve_name), &return_size))
+            {
+                if (::SSL_CTX_set1_groups_list(ctx.native_handle(), curve_name) == 1)
+                {
+                    ec = boost::system::error_code();
+                    BOOST_ASIO_SYNC_OP_VOID_RETURN(ec);
+                }
+            }
+        }
+    }
+
+    ec = boost::system::error_code(
+        static_cast<int>(::ERR_get_error()),
+        boost::asio::error::get_ssl_category());
+    BOOST_ASIO_SYNC_OP_VOID_RETURN(ec);
+#endif
 }
 
 inline

diff --git a/Development/nmos/authorization_operation.cpp b/Development/nmos/authorization_operation.cpp
@@ -69,12 +69,23 @@ namespace nmos
             // generate SHA256 with the given string
             std::vector<uint8_t> sha256(const std::string& text)
             {
+#if OPENSSL_VERSION_NUMBER < 0x30000000L
                 uint8_t hash[SHA256_DIGEST_LENGTH];
                 SHA256_CTX ctx;
                 if (SHA256_Init(&ctx) && SHA256_Update(&ctx, text.c_str(), text.size()) && SHA256_Final(hash, &ctx))
                 {
                     return{ hash, hash + SHA256_DIGEST_LENGTH };
                 }
+#else
+                typedef std::unique_ptr<EVP_MD_CTX, decltype(&EVP_MD_CTX_free)> EVP_MD_CTX_ptr;
+                uint8_t hash[EVP_MAX_MD_SIZE];
+                uint32_t md_len{ 0 };
+                EVP_MD_CTX_ptr mdctx(EVP_MD_CTX_new(), &EVP_MD_CTX_free);
+                if (EVP_DigestInit_ex(mdctx.get(), EVP_sha256(), NULL) && EVP_DigestUpdate(mdctx.get(), text.c_str(), text.size()) && EVP_DigestFinal_ex(mdctx.get(), hash, &md_len))
+                {
+                    return{ hash, hash + md_len };
+                }
+#endif
                 return{};
             }
 
@@ -998,6 +1009,10 @@ namespace nmos
                     {
                         slog::log<slog::severities::error>(gate, SLOG_FLF) << "Authorization API Bearer token request OAuth 2.0 error: " << e.what();
                     }
+                    catch (const nmos::experimental::jwk_exception& e)
+                    {
+                        slog::log<slog::severities::error>(gate, SLOG_FLF) << "Authorization API Bearer token request JWK error: " << e.what();
+                    }
                     catch (const std::exception& e)
                     {
                         slog::log<slog::severities::error>(gate, SLOG_FLF) << "Authorization API Bearer token request error: " << e.what();
@@ -1058,7 +1073,7 @@ namespace nmos
                             {
                                 try
                                 {
-                                    const auto pem = jwk_to_public_key(jwk); // can throw jwk_exception
+                                    const auto pem = jwk_to_rsa_public_key(jwk); // can throw jwk_exception
 
                                     web::json::push_back(pems, web::json::value_of({
                                         { U("jwk"), jwk },
@@ -1895,7 +1910,7 @@ namespace nmos
                         {
                             try
                             {
-                                const auto& pem = jwk_to_public_key(jwk); // can throw jwk_exception
+                                const auto& pem = jwk_to_rsa_public_key(jwk); // can throw jwk_exception
 
                                 web::json::push_back(pems, web::json::value_of({
                                     { U("jwk"), jwk },