summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJannis Voelker <jannis.voelker@basyskom.com>2022-11-16 14:37:19 +0100
committerJannis Voelker <jannis.voelker@basyskom.com>2022-11-16 14:52:37 +0100
commitab301ea5f94a8459d8becb389716e22864287f69 (patch)
treeea32c41eb7404e8a39cdd27e2627f4f9e5a233b3
parent7615a64d006a10f15e1b44848e28a72a5680b1af (diff)
Update open62541 to v1.3.4
Change-Id: If0e6058a78d5236f4de81811edab43365aa82a8e Reviewed-by: Frank Meerkoetter <frank.meerkoetter@basyskom.com>
Diffstat
-rw-r--r--src/3rdparty/open62541/open62541.c108
-rw-r--r--src/3rdparty/open62541/open62541.h8
-rw-r--r--src/3rdparty/open62541/patches/0001-feat-plugin-Add-OpenSSL-3.0-support-5349.patch282
-rw-r--r--src/opcua/doc/src/qtopcua.qdoc6
4 files changed, 56 insertions, 348 deletions
diff --git a/src/3rdparty/open62541/open62541.c b/src/3rdparty/open62541/open62541.c
index c3692d3..11f9ef9 100644
--- a/src/3rdparty/open62541/open62541.c
+++ b/src/3rdparty/open62541/open62541.c
@@ -1,6 +1,6 @@
/* THIS IS A SINGLE-FILE DISTRIBUTION CONCATENATED FROM THE OPEN62541 SOURCES
* visit http://open62541.org/ for information about this software
- * Git-Revision: v1.3.3
+ * Git-Revision: v1.3.4
*/
/*
@@ -56356,19 +56356,19 @@ UA_NODEID_NUMERIC(ns[0], 0LU),
UA_QUALIFIEDNAME(ns[0], "Optional"),
UA_NODEID_NUMERIC(ns[0], 77LU),
(const UA_NodeAttributes*)&attr, &UA_TYPES[UA_TYPES_OBJECTATTRIBUTES],NULL, NULL);
-retVal |= UA_Server_addReference(server, UA_NODEID_NUMERIC(ns[0], 80LU), UA_NODEID_NUMERIC(ns[0], 37LU), UA_EXPANDEDNODEID_NUMERIC(ns[0], 11570LU), false);
-retVal |= UA_Server_addReference(server, UA_NODEID_NUMERIC(ns[0], 80LU), UA_NODEID_NUMERIC(ns[0], 37LU), UA_EXPANDEDNODEID_NUMERIC(ns[0], 11574LU), false);
-retVal |= UA_Server_addReference(server, UA_NODEID_NUMERIC(ns[0], 80LU), UA_NODEID_NUMERIC(ns[0], 37LU), UA_EXPANDEDNODEID_NUMERIC(ns[0], 11573LU), false);
-retVal |= UA_Server_addReference(server, UA_NODEID_NUMERIC(ns[0], 80LU), UA_NODEID_NUMERIC(ns[0], 37LU), UA_EXPANDEDNODEID_NUMERIC(ns[0], 11551LU), false);
-retVal |= UA_Server_addReference(server, UA_NODEID_NUMERIC(ns[0], 80LU), UA_NODEID_NUMERIC(ns[0], 37LU), UA_EXPANDEDNODEID_NUMERIC(ns[0], 11572LU), false);
retVal |= UA_Server_addReference(server, UA_NODEID_NUMERIC(ns[0], 80LU), UA_NODEID_NUMERIC(ns[0], 37LU), UA_EXPANDEDNODEID_NUMERIC(ns[0], 11569LU), false);
-retVal |= UA_Server_addReference(server, UA_NODEID_NUMERIC(ns[0], 80LU), UA_NODEID_NUMERIC(ns[0], 37LU), UA_EXPANDEDNODEID_NUMERIC(ns[0], 2366LU), false);
-retVal |= UA_Server_addReference(server, UA_NODEID_NUMERIC(ns[0], 80LU), UA_NODEID_NUMERIC(ns[0], 37LU), UA_EXPANDEDNODEID_NUMERIC(ns[0], 2371LU), false);
-retVal |= UA_Server_addReference(server, UA_NODEID_NUMERIC(ns[0], 80LU), UA_NODEID_NUMERIC(ns[0], 37LU), UA_EXPANDEDNODEID_NUMERIC(ns[0], 11571LU), false);
retVal |= UA_Server_addReference(server, UA_NODEID_NUMERIC(ns[0], 80LU), UA_NODEID_NUMERIC(ns[0], 37LU), UA_EXPANDEDNODEID_NUMERIC(ns[0], 11567LU), false);
+retVal |= UA_Server_addReference(server, UA_NODEID_NUMERIC(ns[0], 80LU), UA_NODEID_NUMERIC(ns[0], 37LU), UA_EXPANDEDNODEID_NUMERIC(ns[0], 11574LU), false);
+retVal |= UA_Server_addReference(server, UA_NODEID_NUMERIC(ns[0], 80LU), UA_NODEID_NUMERIC(ns[0], 37LU), UA_EXPANDEDNODEID_NUMERIC(ns[0], 11573LU), false);
+retVal |= UA_Server_addReference(server, UA_NODEID_NUMERIC(ns[0], 80LU), UA_NODEID_NUMERIC(ns[0], 37LU), UA_EXPANDEDNODEID_NUMERIC(ns[0], 11570LU), false);
+retVal |= UA_Server_addReference(server, UA_NODEID_NUMERIC(ns[0], 80LU), UA_NODEID_NUMERIC(ns[0], 37LU), UA_EXPANDEDNODEID_NUMERIC(ns[0], 3190LU), false);
retVal |= UA_Server_addReference(server, UA_NODEID_NUMERIC(ns[0], 80LU), UA_NODEID_NUMERIC(ns[0], 37LU), UA_EXPANDEDNODEID_NUMERIC(ns[0], 11565LU), false);
retVal |= UA_Server_addReference(server, UA_NODEID_NUMERIC(ns[0], 80LU), UA_NODEID_NUMERIC(ns[0], 37LU), UA_EXPANDEDNODEID_NUMERIC(ns[0], 2367LU), false);
-retVal |= UA_Server_addReference(server, UA_NODEID_NUMERIC(ns[0], 80LU), UA_NODEID_NUMERIC(ns[0], 37LU), UA_EXPANDEDNODEID_NUMERIC(ns[0], 3190LU), false);
+retVal |= UA_Server_addReference(server, UA_NODEID_NUMERIC(ns[0], 80LU), UA_NODEID_NUMERIC(ns[0], 37LU), UA_EXPANDEDNODEID_NUMERIC(ns[0], 11571LU), false);
+retVal |= UA_Server_addReference(server, UA_NODEID_NUMERIC(ns[0], 80LU), UA_NODEID_NUMERIC(ns[0], 37LU), UA_EXPANDEDNODEID_NUMERIC(ns[0], 2371LU), false);
+retVal |= UA_Server_addReference(server, UA_NODEID_NUMERIC(ns[0], 80LU), UA_NODEID_NUMERIC(ns[0], 37LU), UA_EXPANDEDNODEID_NUMERIC(ns[0], 11572LU), false);
+retVal |= UA_Server_addReference(server, UA_NODEID_NUMERIC(ns[0], 80LU), UA_NODEID_NUMERIC(ns[0], 37LU), UA_EXPANDEDNODEID_NUMERIC(ns[0], 11551LU), false);
+retVal |= UA_Server_addReference(server, UA_NODEID_NUMERIC(ns[0], 80LU), UA_NODEID_NUMERIC(ns[0], 37LU), UA_EXPANDEDNODEID_NUMERIC(ns[0], 2366LU), false);
retVal |= UA_Server_addReference(server, UA_NODEID_NUMERIC(ns[0], 80LU), UA_NODEID_NUMERIC(ns[0], 37LU), UA_EXPANDEDNODEID_NUMERIC(ns[0], 2370LU), false);
return retVal;
}
@@ -56426,25 +56426,25 @@ UA_NODEID_NUMERIC(ns[0], 0LU),
UA_QUALIFIEDNAME(ns[0], "Mandatory"),
UA_NODEID_NUMERIC(ns[0], 77LU),
(const UA_NodeAttributes*)&attr, &UA_TYPES[UA_TYPES_OBJECTATTRIBUTES],NULL, NULL);
-retVal |= UA_Server_addReference(server, UA_NODEID_NUMERIC(ns[0], 78LU), UA_NODEID_NUMERIC(ns[0], 37LU), UA_EXPANDEDNODEID_NUMERIC(ns[0], 2374LU), false);
-retVal |= UA_Server_addReference(server, UA_NODEID_NUMERIC(ns[0], 78LU), UA_NODEID_NUMERIC(ns[0], 37LU), UA_EXPANDEDNODEID_NUMERIC(ns[0], 2369LU), false);
-retVal |= UA_Server_addReference(server, UA_NODEID_NUMERIC(ns[0], 78LU), UA_NODEID_NUMERIC(ns[0], 37LU), UA_EXPANDEDNODEID_NUMERIC(ns[0], 2050LU), false);
-retVal |= UA_Server_addReference(server, UA_NODEID_NUMERIC(ns[0], 78LU), UA_NODEID_NUMERIC(ns[0], 37LU), UA_EXPANDEDNODEID_NUMERIC(ns[0], 12169LU), false);
-retVal |= UA_Server_addReference(server, UA_NODEID_NUMERIC(ns[0], 78LU), UA_NODEID_NUMERIC(ns[0], 37LU), UA_EXPANDEDNODEID_NUMERIC(ns[0], 7611LU), false);
-retVal |= UA_Server_addReference(server, UA_NODEID_NUMERIC(ns[0], 78LU), UA_NODEID_NUMERIC(ns[0], 37LU), UA_EXPANDEDNODEID_NUMERIC(ns[0], 2042LU), false);
retVal |= UA_Server_addReference(server, UA_NODEID_NUMERIC(ns[0], 78LU), UA_NODEID_NUMERIC(ns[0], 37LU), UA_EXPANDEDNODEID_NUMERIC(ns[0], 2046LU), false);
-retVal |= UA_Server_addReference(server, UA_NODEID_NUMERIC(ns[0], 78LU), UA_NODEID_NUMERIC(ns[0], 37LU), UA_EXPANDEDNODEID_NUMERIC(ns[0], 2375LU), false);
+retVal |= UA_Server_addReference(server, UA_NODEID_NUMERIC(ns[0], 78LU), UA_NODEID_NUMERIC(ns[0], 37LU), UA_EXPANDEDNODEID_NUMERIC(ns[0], 2044LU), false);
retVal |= UA_Server_addReference(server, UA_NODEID_NUMERIC(ns[0], 78LU), UA_NODEID_NUMERIC(ns[0], 37LU), UA_EXPANDEDNODEID_NUMERIC(ns[0], 12078LU), false);
retVal |= UA_Server_addReference(server, UA_NODEID_NUMERIC(ns[0], 78LU), UA_NODEID_NUMERIC(ns[0], 37LU), UA_EXPANDEDNODEID_NUMERIC(ns[0], 2035LU), false);
-retVal |= UA_Server_addReference(server, UA_NODEID_NUMERIC(ns[0], 78LU), UA_NODEID_NUMERIC(ns[0], 37LU), UA_EXPANDEDNODEID_NUMERIC(ns[0], 2051LU), false);
+retVal |= UA_Server_addReference(server, UA_NODEID_NUMERIC(ns[0], 78LU), UA_NODEID_NUMERIC(ns[0], 37LU), UA_EXPANDEDNODEID_NUMERIC(ns[0], 2050LU), false);
+retVal |= UA_Server_addReference(server, UA_NODEID_NUMERIC(ns[0], 78LU), UA_NODEID_NUMERIC(ns[0], 37LU), UA_EXPANDEDNODEID_NUMERIC(ns[0], 2043LU), false);
+retVal |= UA_Server_addReference(server, UA_NODEID_NUMERIC(ns[0], 78LU), UA_NODEID_NUMERIC(ns[0], 37LU), UA_EXPANDEDNODEID_NUMERIC(ns[0], 2375LU), false);
+retVal |= UA_Server_addReference(server, UA_NODEID_NUMERIC(ns[0], 78LU), UA_NODEID_NUMERIC(ns[0], 37LU), UA_EXPANDEDNODEID_NUMERIC(ns[0], 7611LU), false);
+retVal |= UA_Server_addReference(server, UA_NODEID_NUMERIC(ns[0], 78LU), UA_NODEID_NUMERIC(ns[0], 37LU), UA_EXPANDEDNODEID_NUMERIC(ns[0], 2374LU), false);
retVal |= UA_Server_addReference(server, UA_NODEID_NUMERIC(ns[0], 78LU), UA_NODEID_NUMERIC(ns[0], 37LU), UA_EXPANDEDNODEID_NUMERIC(ns[0], 2045LU), false);
+retVal |= UA_Server_addReference(server, UA_NODEID_NUMERIC(ns[0], 78LU), UA_NODEID_NUMERIC(ns[0], 37LU), UA_EXPANDEDNODEID_NUMERIC(ns[0], 11461LU), false);
+retVal |= UA_Server_addReference(server, UA_NODEID_NUMERIC(ns[0], 78LU), UA_NODEID_NUMERIC(ns[0], 37LU), UA_EXPANDEDNODEID_NUMERIC(ns[0], 2369LU), false);
+retVal |= UA_Server_addReference(server, UA_NODEID_NUMERIC(ns[0], 78LU), UA_NODEID_NUMERIC(ns[0], 37LU), UA_EXPANDEDNODEID_NUMERIC(ns[0], 2042LU), false);
+retVal |= UA_Server_addReference(server, UA_NODEID_NUMERIC(ns[0], 78LU), UA_NODEID_NUMERIC(ns[0], 37LU), UA_EXPANDEDNODEID_NUMERIC(ns[0], 2047LU), false);
+retVal |= UA_Server_addReference(server, UA_NODEID_NUMERIC(ns[0], 78LU), UA_NODEID_NUMERIC(ns[0], 37LU), UA_EXPANDEDNODEID_NUMERIC(ns[0], 2377LU), false);
retVal |= UA_Server_addReference(server, UA_NODEID_NUMERIC(ns[0], 78LU), UA_NODEID_NUMERIC(ns[0], 37LU), UA_EXPANDEDNODEID_NUMERIC(ns[0], 11241LU), false);
+retVal |= UA_Server_addReference(server, UA_NODEID_NUMERIC(ns[0], 78LU), UA_NODEID_NUMERIC(ns[0], 37LU), UA_EXPANDEDNODEID_NUMERIC(ns[0], 12169LU), false);
+retVal |= UA_Server_addReference(server, UA_NODEID_NUMERIC(ns[0], 78LU), UA_NODEID_NUMERIC(ns[0], 37LU), UA_EXPANDEDNODEID_NUMERIC(ns[0], 2051LU), false);
retVal |= UA_Server_addReference(server, UA_NODEID_NUMERIC(ns[0], 78LU), UA_NODEID_NUMERIC(ns[0], 37LU), UA_EXPANDEDNODEID_NUMERIC(ns[0], 2011LU), false);
-retVal |= UA_Server_addReference(server, UA_NODEID_NUMERIC(ns[0], 78LU), UA_NODEID_NUMERIC(ns[0], 37LU), UA_EXPANDEDNODEID_NUMERIC(ns[0], 2377LU), false);
-retVal |= UA_Server_addReference(server, UA_NODEID_NUMERIC(ns[0], 78LU), UA_NODEID_NUMERIC(ns[0], 37LU), UA_EXPANDEDNODEID_NUMERIC(ns[0], 2047LU), false);
-retVal |= UA_Server_addReference(server, UA_NODEID_NUMERIC(ns[0], 78LU), UA_NODEID_NUMERIC(ns[0], 37LU), UA_EXPANDEDNODEID_NUMERIC(ns[0], 11461LU), false);
-retVal |= UA_Server_addReference(server, UA_NODEID_NUMERIC(ns[0], 78LU), UA_NODEID_NUMERIC(ns[0], 37LU), UA_EXPANDEDNODEID_NUMERIC(ns[0], 2044LU), false);
-retVal |= UA_Server_addReference(server, UA_NODEID_NUMERIC(ns[0], 78LU), UA_NODEID_NUMERIC(ns[0], 37LU), UA_EXPANDEDNODEID_NUMERIC(ns[0], 2043LU), false);
return retVal;
}
@@ -62850,16 +62850,28 @@ UA_OpenSSL_Encrypt (const UA_ByteString * iv,
ret = UA_STATUSCODE_BADINTERNALERROR;
goto errout;
}
+
+ /* Disable padding. Padding is done in the stack before calling encryption.
+ * Ensure that we have a multiple of the block size */
+ if(data->length % (size_t)EVP_CIPHER_CTX_block_size(ctx)) {
+ ret = UA_STATUSCODE_BADINTERNALERROR;
+ goto errout;
+ }
+ opensslRet = EVP_CIPHER_CTX_set_padding(ctx, 0);
+ if (opensslRet != 1) {
+ ret = UA_STATUSCODE_BADINTERNALERROR;
+ goto errout;
+ }
+
+ /* Encrypt the data */
opensslRet = EVP_EncryptUpdate (ctx, data->data, &outLen,
plainTxt.data, (int) plainTxt.length);
if (opensslRet != 1) {
ret = UA_STATUSCODE_BADINTERNALERROR;
goto errout;
}
- /*
- * Buffer passed to EVP_EncryptFinal() must be after data just
- * encrypted to avoid overwriting it.
- */
+
+ /* Encrypt-final does nothing as padding is disabled */
opensslRet = EVP_EncryptFinal_ex(ctx, data->data + outLen, &tmpLen);
if (opensslRet != 1) {
ret = UA_STATUSCODE_BADINTERNALERROR;
@@ -63083,6 +63095,8 @@ EVP_PKEY *
UA_OpenSSL_LoadPrivateKey(const UA_ByteString *privateKey) {
const unsigned char * pkData = privateKey->data;
long len = (long) privateKey->length;
+ if(len == 0)
+ return NULL;
EVP_PKEY *result = NULL;
@@ -66455,9 +66469,11 @@ UA_CertificateVerification_Verify (void * verificationContext,
ret = UA_STATUSCODE_BADINTERNALERROR;
goto cleanup;
}
-
- (void) X509_STORE_CTX_set0_trusted_stack (storeCtx, ctx->skTrusted);
-
+#if defined(OPENSSL_API_COMPAT) && OPENSSL_API_COMPAT < 0x10100000L
+ (void) X509_STORE_CTX_trusted_stack (storeCtx, ctx->skTrusted);
+#else
+ (void) X509_STORE_CTX_set0_trusted_stack (storeCtx, ctx->skTrusted);
+#endif
/* Set crls to ctx */
if (sk_X509_CRL_num (ctx->skCrls) > 0) {
@@ -66564,14 +66580,6 @@ cleanup:
}
static UA_StatusCode
-UA_VerifyCertificateAllowAll (void * verificationContext,
- const UA_ByteString * certificate) {
- (void) verificationContext;
- (void) certificate;
- return UA_STATUSCODE_GOOD;
-}
-
-static UA_StatusCode
UA_CertificateVerification_VerifyApplicationURI (void * verificationContext,
const UA_ByteString * certificate,
const UA_String * applicationURI) {
@@ -66656,10 +66664,7 @@ UA_CertificateVerification_Trustlist(UA_CertificateVerification * cv,
cv->verifyApplicationURI = UA_CertificateVerification_VerifyApplicationURI;
cv->clear = UA_CertificateVerification_clear;
cv->context = context;
- if (certificateTrustListSize > 0)
- cv->verifyCertificate = UA_CertificateVerification_Verify;
- else
- cv->verifyCertificate = UA_VerifyCertificateAllowAll;
+ cv->verifyCertificate = UA_CertificateVerification_Verify;
if (certificateTrustListSize > 0) {
if (UA_skTrusted_Cert2X509 (certificateTrustList, certificateTrustListSize,
@@ -66715,13 +66720,7 @@ UA_CertificateVerification_CertFolders(UA_CertificateVerification * cv,
cv->verifyApplicationURI = UA_CertificateVerification_VerifyApplicationURI;
cv->clear = UA_CertificateVerification_clear;
cv->context = context;
- if(trustListFolder == NULL &&
- issuerListFolder == NULL &&
- revocationListFolder == NULL) {
- cv->verifyCertificate = UA_VerifyCertificateAllowAll;
- } else {
- cv->verifyCertificate = UA_CertificateVerification_Verify;
- }
+ cv->verifyCertificate = UA_CertificateVerification_Verify;
/* Only set the folder paths. They will be reloaded during runtime. */
@@ -70389,12 +70388,6 @@ reloadCertificates(CertInfo *ci) {
#endif
static UA_StatusCode
-certificateVerification_allow(void *verificationContext,
- const UA_ByteString *certificate) {
- return UA_STATUSCODE_GOOD;
-}
-
-static UA_StatusCode
certificateVerification_verify(void *verificationContext,
const UA_ByteString *certificate) {
CertInfo *ci = (CertInfo*)verificationContext;
@@ -70691,10 +70684,7 @@ UA_CertificateVerification_Trustlist(UA_CertificateVerification *cv,
mbedtls_x509_crt_init(&ci->certificateIssuerList);
cv->context = (void*)ci;
- if(certificateTrustListSize > 0)
- cv->verifyCertificate = certificateVerification_verify;
- else
- cv->verifyCertificate = certificateVerification_allow;
+ cv->verifyCertificate = certificateVerification_verify;
cv->clear = certificateVerification_clear;
cv->verifyApplicationURI = certificateVerification_verifyApplicationURI;
diff --git a/src/3rdparty/open62541/open62541.h b/src/3rdparty/open62541/open62541.h
index 185fa6d..bb22e32 100644
--- a/src/3rdparty/open62541/open62541.h
+++ b/src/3rdparty/open62541/open62541.h
@@ -1,6 +1,6 @@
/* THIS IS A SINGLE-FILE DISTRIBUTION CONCATENATED FROM THE OPEN62541 SOURCES
* visit http://open62541.org/ for information about this software
- * Git-Revision: v1.3.3
+ * Git-Revision: v1.3.4
*/
/*
@@ -30,10 +30,10 @@
* ----------------- */
#define UA_OPEN62541_VER_MAJOR 1
#define UA_OPEN62541_VER_MINOR 3
-#define UA_OPEN62541_VER_PATCH 3
+#define UA_OPEN62541_VER_PATCH 4
#define UA_OPEN62541_VER_LABEL "" /* Release candidate label, etc. */
-#define UA_OPEN62541_VER_COMMIT "v1.3.3"
-#define UA_OPEN62541_VERSION "v1.3.3"
+#define UA_OPEN62541_VER_COMMIT "v1.3.4"
+#define UA_OPEN62541_VERSION "v1.3.4"
/**
* Feature Options
diff --git a/src/3rdparty/open62541/patches/0001-feat-plugin-Add-OpenSSL-3.0-support-5349.patch b/src/3rdparty/open62541/patches/0001-feat-plugin-Add-OpenSSL-3.0-support-5349.patch
deleted file mode 100644
index a20d56b..0000000
--- a/src/3rdparty/open62541/patches/0001-feat-plugin-Add-OpenSSL-3.0-support-5349.patch
+++ /dev/null
@@ -1,282 +0,0 @@
-From 7dbde94a813acac866e7964ecc868d2f70076510 Mon Sep 17 00:00:00 2001
-From: Bin Lan <Bin.Lan@windriver.com>
-Date: Tue, 27 Sep 2022 21:45:38 +0800
-Subject: [PATCH] feat(plugin): Add OpenSSL 3.0 support (#5349)
-
-* Add OpenSSL3.0 support
-
-This change set adds a new function UA_OpenSSL_RSA_Key_Size() to get
-the RSA key size, re-writes the function
-UA_Openssl_RSA_Private_Decrypt() by using the high level APIs of
-OpenSSL3.0, add a new function UA_RSA_Generate_Key() to generate
-a RSA key.
-
-No build warning with OpenSSL3.0 and OpenSSL1.1.1f.
-
-* Build & Test with OpenSSL3.0 in Ubuntu22.04
----
- .github/workflows/build_ubuntu2204.yml | 29 ++++++++
- .../openssl/securitypolicy_openssl_common.c | 68 ++++++++++++++-----
- .../openssl/ua_openssl_create_certificate.c | 28 +++++++-
- 3 files changed, 104 insertions(+), 21 deletions(-)
- create mode 100644 .github/workflows/build_ubuntu2204.yml
-
-diff --git a/.github/workflows/build_ubuntu2204.yml b/.github/workflows/build_ubuntu2204.yml
-new file mode 100644
-index 00000000..216c0665
---- /dev/null
-+++ b/.github/workflows/build_ubuntu2204.yml
-@@ -0,0 +1,29 @@
-+name: Linux Build & Test with OpenSSL3.0
-+
-+on: [push, pull_request]
-+
-+jobs:
-+ build:
-+ strategy:
-+ fail-fast: false
-+ matrix:
-+ include:
-+ - build_name: "Encryption (OpenSSL3.0) Build & Unit Tests (gcc)"
-+ cmd_deps: sudo apt-get install -y -qq openssl
-+ cmd_action: unit_tests_encryption OPENSSL
-+ name: ${{matrix.build_name}}
-+ runs-on: ubuntu-22.04
-+ steps:
-+ - uses: actions/checkout@v2
-+ with:
-+ submodules: true
-+ - name: Install Dependencies
-+ run: |
-+ sudo apt-get update
-+ sudo apt-get install -y -qq python3-sphinx graphviz check
-+ ${{ matrix.cmd_deps }}
-+ - name: ${{matrix.build_name}}
-+ run: source tools/ci.sh && ${{matrix.cmd_action}}
-+ env:
-+ ETHERNET_INTERFACE: eth0
-+
-diff --git a/plugins/crypto/openssl/securitypolicy_openssl_common.c b/plugins/crypto/openssl/securitypolicy_openssl_common.c
-index 3b8d5711..78118ed2 100644
---- a/plugins/crypto/openssl/securitypolicy_openssl_common.c
-+++ b/plugins/crypto/openssl/securitypolicy_openssl_common.c
-@@ -4,6 +4,7 @@
- *
- * Copyright 2020 (c) Wind River Systems, Inc.
- * Copyright 2020 (c) basysKom GmbH
-+ * Copyright 2022 (c) Wind River Systems, Inc.
- */
-
- /*
-@@ -30,6 +31,8 @@ modification history
- #include "ua_openssl_version_abstraction.h"
-
- #define SHA1_DIGEST_LENGTH 20 /* 160 bits */
-+#define RSA_DECRYPT_BUFFER_LENGTH 2048 /* bytes */
-+
-
- /** P_SHA256 Context */
- typedef struct UA_Openssl_P_SHA256_Ctx_ {
-@@ -73,6 +76,14 @@ UA_Openssl_Init (void) {
- #endif
- }
-
-+static int UA_OpenSSL_RSA_Key_Size (EVP_PKEY * key){
-+#if (OPENSSL_VERSION_NUMBER >= 0x30000000L)
-+ return EVP_PKEY_get_size (key);
-+#else
-+ return RSA_size (get_pkey_rsa(key));
-+#endif
-+}
-+
- /* UA_copyCertificate - allocalte the buffer, copy the certificate and
- * add a NULL to the end
- */
-@@ -192,8 +203,8 @@ UA_Openssl_X509_GetCertificateThumbprint (const UA_ByteString * certficate,
- }
-
- static UA_StatusCode
--UA_Openssl_RSA_Private_Decrypt (UA_ByteString * data,
-- EVP_PKEY * privateKey,
-+UA_Openssl_RSA_Private_Decrypt (UA_ByteString * data,
-+ EVP_PKEY * privateKey,
- UA_Int16 padding) {
- if (data == NULL || privateKey == NULL) {
- return UA_STATUSCODE_BADINVALIDARGUMENT;
-@@ -203,27 +214,49 @@ UA_Openssl_RSA_Private_Decrypt (UA_ByteString * data,
- return UA_STATUSCODE_BADINVALIDARGUMENT;
- }
-
-- UA_Int32 keySize = RSA_size(get_pkey_rsa(privateKey));
-+ size_t keySize = (size_t) UA_OpenSSL_RSA_Key_Size (privateKey);
- size_t cipherOffset = 0;
- size_t outOffset = 0;
-- unsigned char buf[2048];
-- UA_Int32 decryptedBytes;
-+ unsigned char buf[RSA_DECRYPT_BUFFER_LENGTH];
-+ size_t decryptedBytes;
-+ EVP_PKEY_CTX * ctx;
-+ int opensslRet;
-+
-+ ctx = EVP_PKEY_CTX_new (privateKey, NULL);
-+ if (ctx == NULL) {
-+ return UA_STATUSCODE_BADOUTOFMEMORY;
-+ }
-+ opensslRet = EVP_PKEY_decrypt_init (ctx);
-+ if (opensslRet != 1)
-+ {
-+ EVP_PKEY_CTX_free (ctx);
-+ return UA_STATUSCODE_BADINTERNALERROR;
-+ }
-+ opensslRet = EVP_PKEY_CTX_set_rsa_padding (ctx, padding);
-+ if (opensslRet != 1) {
-+ EVP_PKEY_CTX_free (ctx);
-+ return UA_STATUSCODE_BADINTERNALERROR;
-+ }
-
- while (cipherOffset < data->length) {
-- decryptedBytes = RSA_private_decrypt (keySize,
-- data->data + cipherOffset, /* what to decrypt */
-+ decryptedBytes = RSA_DECRYPT_BUFFER_LENGTH;
-+ opensslRet = EVP_PKEY_decrypt (ctx,
- buf, /* where to decrypt */
-- get_pkey_rsa(privateKey), /* private key */
-- padding
-+ &decryptedBytes,
-+ data->data + cipherOffset, /* what to decrypt */
-+ keySize
- );
-- if (decryptedBytes < 0) {
-+ if (opensslRet != 1) {
-+ EVP_PKEY_CTX_free (ctx);
- return UA_STATUSCODE_BADSECURITYCHECKSFAILED;
- }
-- memcpy(data->data + outOffset, buf, (size_t) decryptedBytes);
-+ (void) memcpy(data->data + outOffset, buf, decryptedBytes);
- cipherOffset += (size_t) keySize;
-- outOffset += (size_t) decryptedBytes;
-+ outOffset += decryptedBytes;
- }
- data->length = outOffset;
-+ EVP_PKEY_CTX_free (ctx);
-+
- return UA_STATUSCODE_GOOD;
- }
-
-@@ -249,7 +282,6 @@ UA_Openssl_RSA_Public_Encrypt (const UA_ByteString * message,
- size_t encryptedPos = 0;
- size_t bytesToEncrypt = 0;
- size_t encryptedBlockSize = 0;
-- RSA * rsa = NULL;
- size_t keySize = 0;
-
- evpPublicKey = X509_get_pubkey (publicX509);
-@@ -274,8 +306,8 @@ UA_Openssl_RSA_Public_Encrypt (const UA_ByteString * message,
- }
-
- /* get the encrypted block size */
-- rsa = get_pkey_rsa (evpPublicKey);
-- keySize = (size_t) RSA_size (rsa);
-+
-+ keySize = (size_t) UA_OpenSSL_RSA_Key_Size (evpPublicKey);
- if (keySize == 0) {
- ret = UA_STATUSCODE_BADINTERNALERROR;
- goto errout;
-@@ -435,8 +467,8 @@ UA_Openssl_RSA_Public_GetKeyLength (X509 * publicKeyX509,
- if (evpKey == NULL) {
- return UA_STATUSCODE_BADINTERNALERROR;
- }
-- RSA * rsa = get_pkey_rsa (evpKey);
-- *keyLen = RSA_size(rsa);
-+ *keyLen = UA_OpenSSL_RSA_Key_Size (evpKey);
-+
- EVP_PKEY_free (evpKey);
-
- return UA_STATUSCODE_GOOD;
-@@ -448,7 +480,7 @@ UA_Openssl_RSA_Private_GetKeyLength (EVP_PKEY * privateKey,
- if (privateKey == NULL) {
- return UA_STATUSCODE_BADINVALIDARGUMENT;
- }
-- *keyLen = RSA_size(get_pkey_rsa(privateKey));
-+ *keyLen = UA_OpenSSL_RSA_Key_Size (privateKey);
-
- return UA_STATUSCODE_GOOD;
- }
-diff --git a/plugins/crypto/openssl/ua_openssl_create_certificate.c b/plugins/crypto/openssl/ua_openssl_create_certificate.c
-index 4b07e886..0ea63f95 100644
---- a/plugins/crypto/openssl/ua_openssl_create_certificate.c
-+++ b/plugins/crypto/openssl/ua_openssl_create_certificate.c
-@@ -3,6 +3,7 @@
- * file, You can obtain one at http://mozilla.org/MPL/2.0/.
- *
- * Copyright 2021 (c) Christian von Arnim, ISW University of Stuttgart (for VDW and umati)
-+ * Copyright 2022 (c) Wind River Systems, Inc.
- *
- */
-
-@@ -81,6 +82,16 @@ add_x509V3ext(X509 *x509, int nid, const char *value) {
- return UA_STATUSCODE_GOOD;
- }
-
-+#if (OPENSSL_VERSION_NUMBER >= 0x30000000L)
-+
-+/* generate the RSA key */
-+
-+static EVP_PKEY * UA_RSA_Generate_Key (size_t keySizeBits){
-+ return EVP_RSA_gen(keySizeBits);
-+}
-+
-+#endif
-+
- UA_StatusCode
- UA_CreateCertificate(const UA_Logger *logger,
- const UA_String *subject, size_t subjectSize,
-@@ -109,11 +120,18 @@ UA_CreateCertificate(const UA_Logger *logger,
-
- UA_StatusCode errRet = UA_STATUSCODE_GOOD;
-
-+ X509 *x509 = X509_new();
-+
-+#if (OPENSSL_VERSION_NUMBER >= 0x30000000L)
-+ EVP_PKEY *pkey = UA_RSA_Generate_Key(keySizeBits);
-+ if((pkey == NULL) || (x509 == NULL)) {
-+ errRet = UA_STATUSCODE_BADOUTOFMEMORY;
-+ goto cleanup;
-+ }
-+#else
- BIGNUM *exponent = BN_new();
- EVP_PKEY *pkey = EVP_PKEY_new();
-- X509 *x509 = X509_new();
- RSA *rsa = RSA_new();
--
- if(!pkey || !x509 || !exponent || !rsa) {
- errRet = UA_STATUSCODE_BADOUTOFMEMORY;
- goto cleanup;
-@@ -145,6 +163,8 @@ UA_CreateCertificate(const UA_Logger *logger,
- /* rsa will be freed by pkey */
- rsa = NULL;
-
-+#endif /* end of OPENSSL_VERSION_NUMBER >= 0x30000000L */
-+
- /* x509v3 has version 2
- * (https://www.openssl.org/docs/man1.1.0/man3/X509_set_version.html) */
- if(X509_set_version(x509, 2) != 1) {
-@@ -351,12 +371,14 @@ UA_CreateCertificate(const UA_Logger *logger,
-
- cleanup:
- UA_String_clear(&fullAltSubj);
-+#if (OPENSSL_VERSION_NUMBER < 0x30000000L)
- RSA_free(rsa);
-+ BN_free(exponent);
-+#endif
- X509_free(x509);
- EVP_PKEY_free(pkey);
- BIO_free(memCert);
- BIO_free(memPKey);
-- BN_free(exponent);
- return errRet;
- }
-
---
-2.34.1
-
diff --git a/src/opcua/doc/src/qtopcua.qdoc b/src/opcua/doc/src/qtopcua.qdoc
index 211a191..2e48ab7 100644
--- a/src/opcua/doc/src/qtopcua.qdoc
+++ b/src/opcua/doc/src/qtopcua.qdoc
@@ -434,8 +434,8 @@
The Open62541 plugin is built by default from the included 3rd party sources and has no external dependencies.
The open62541 library uses OpenSSL for security. If the OpenSSL library is detected during configuration,
security is enabled for the tests and the open62541 backend.
- The Open62541 source and header files bundled with Qt OPC UA have been generated from the open62541 1.3
- commit 3fc6870a using the following commands:
+ The Open62541 source and header files bundled with Qt OPC UA have been generated from the open62541 v1.3.4
+ tag using the following commands:
\code
cmake -DUA_ENABLE_AMALGAMATION=ON -DUA_AMALGAMATION_ARCHITECTURES="win32;posix" -DUA_ENABLE_SUBSCRIPTIONS_EVENTS=ON -DUA_ENABLE_HISTORIZING=ON -DUA_ENABLE_EXPERIMENTAL_HISTORIZING=ON
@@ -448,7 +448,7 @@
cmake </path/to/qtopcua> -DINPUT_open62541=no
\encode
- In case you want to build a custom version of the Open62541 plugin, Open62541 1.3 (3fc6870a) built with the same options as above is required.
+ In case you want to build a custom version of the Open62541 plugin, Open62541 v1.3.4 built with the same options as above is required.
The following options must be passed to cmake when building with open62541 installed to a custom location:
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-10 22:31:47 +0000