diff options
author | Patrick Williams <patrick@stwcx.xyz> | 2021-12-08 06:05:04 +0300 |
---|---|---|
committer | Patrick Williams <patrick@stwcx.xyz> | 2021-12-15 00:21:10 +0300 |
commit | 145bb764f4132d01e96be5b19510bef63ab63312 (patch) | |
tree | 1f0b4837acf4a40fdf0a8cc66e5d4587e2ae000f /include | |
parent | aec7066c6bf1cd418418e03dc7e0edefa8595b77 (diff) | |
download | bmcweb-145bb764f4132d01e96be5b19510bef63ab63312.tar.xz |
ssl_key_handler: support OpenSSL 3.0 for key verification
Loading and checking of keys is one area where OpenSSL 1.0 and 3.0 are
not compatible. Many of the functions currently used in the
ssl_key_handler are deprecated in 3.0, but the APIs necessary for
conversion also do not exist in 1.0. Until OpenSSL 3.0 is widely used
in Linux distributions we therefore need to support both APIs.
Add a #define on the OPENSSL_VERSION_NUMBER to identify 3.x (or greater)
support and switch between the two API sets.
Tested: Added to a Yocto test build for the subtree update that
includes OpenSSL 3.x and confirmed Romulus QEMU test is successful.
Signed-off-by: Patrick Williams <patrick@stwcx.xyz>
Change-Id: I22bc77753bb32d1b92932f9918d64856a4e52af8
Diffstat (limited to 'include')
-rw-r--r-- | include/ssl_key_handler.hpp | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/include/ssl_key_handler.hpp b/include/ssl_key_handler.hpp index 4578c2b0f0..067b0dc9be 100644 --- a/include/ssl_key_handler.hpp +++ b/include/ssl_key_handler.hpp @@ -109,6 +109,7 @@ inline bool verifyOpensslKeyCert(const std::string& filepath) EVP_PKEY* pkey = PEM_read_PrivateKey(file, nullptr, nullptr, nullptr); if (pkey != nullptr) { +#if (OPENSSL_VERSION_NUMBER < 0x30000000L) RSA* rsa = EVP_PKEY_get1_RSA(pkey); if (rsa != nullptr) { @@ -142,6 +143,26 @@ inline bool verifyOpensslKeyCert(const std::string& filepath) EC_KEY_free(ec); } } +#else + EVP_PKEY_CTX* pkey_ctx = + EVP_PKEY_CTX_new_from_pkey(nullptr, pkey, nullptr); + + if (!pkey_ctx) + { + std::cerr << "Unable to allocate pkey_ctx " << ERR_get_error() + << "\n"; + } + else if (EVP_PKEY_check(pkey_ctx) == 1) + { + privateKeyValid = true; + } + else + { + + std::cerr << "Key not valid error number " << ERR_get_error() + << "\n"; + } +#endif if (privateKeyValid) { @@ -164,6 +185,9 @@ inline bool verifyOpensslKeyCert(const std::string& filepath) } } +#if (OPENSSL_VERSION_NUMBER > 0x30000000L) + EVP_PKEY_CTX_free(pkey_ctx); +#endif EVP_PKEY_free(pkey); } fclose(file); |