diff options
Diffstat (limited to 'src/3rdparty')
-rw-r--r-- | src/3rdparty/open62541/open62541.c | 108 | ||||
-rw-r--r-- | src/3rdparty/open62541/open62541.h | 8 | ||||
-rw-r--r-- | src/3rdparty/open62541/patches/0001-feat-plugin-Add-OpenSSL-3.0-support-5349.patch | 282 |
3 files changed, 53 insertions, 345 deletions
diff --git a/src/3rdparty/open62541/open62541.c b/src/3rdparty/open62541/open62541.c index c3692d3..11f9ef9 100644 --- a/src/3rdparty/open62541/open62541.c +++ b/src/3rdparty/open62541/open62541.c @@ -1,6 +1,6 @@ /* THIS IS A SINGLE-FILE DISTRIBUTION CONCATENATED FROM THE OPEN62541 SOURCES * visit http://open62541.org/ for information about this software - * Git-Revision: v1.3.3 + * Git-Revision: v1.3.4 */ /* @@ -56356,19 +56356,19 @@ UA_NODEID_NUMERIC(ns[0], 0LU), UA_QUALIFIEDNAME(ns[0], "Optional"), UA_NODEID_NUMERIC(ns[0], 77LU), (const UA_NodeAttributes*)&attr, &UA_TYPES[UA_TYPES_OBJECTATTRIBUTES],NULL, NULL); -retVal |= UA_Server_addReference(server, UA_NODEID_NUMERIC(ns[0], 80LU), UA_NODEID_NUMERIC(ns[0], 37LU), UA_EXPANDEDNODEID_NUMERIC(ns[0], 11570LU), false); -retVal |= UA_Server_addReference(server, UA_NODEID_NUMERIC(ns[0], 80LU), UA_NODEID_NUMERIC(ns[0], 37LU), UA_EXPANDEDNODEID_NUMERIC(ns[0], 11574LU), false); -retVal |= UA_Server_addReference(server, UA_NODEID_NUMERIC(ns[0], 80LU), UA_NODEID_NUMERIC(ns[0], 37LU), UA_EXPANDEDNODEID_NUMERIC(ns[0], 11573LU), false); -retVal |= UA_Server_addReference(server, UA_NODEID_NUMERIC(ns[0], 80LU), UA_NODEID_NUMERIC(ns[0], 37LU), UA_EXPANDEDNODEID_NUMERIC(ns[0], 11551LU), false); -retVal |= UA_Server_addReference(server, UA_NODEID_NUMERIC(ns[0], 80LU), UA_NODEID_NUMERIC(ns[0], 37LU), UA_EXPANDEDNODEID_NUMERIC(ns[0], 11572LU), false); retVal |= UA_Server_addReference(server, UA_NODEID_NUMERIC(ns[0], 80LU), UA_NODEID_NUMERIC(ns[0], 37LU), UA_EXPANDEDNODEID_NUMERIC(ns[0], 11569LU), false); -retVal |= UA_Server_addReference(server, UA_NODEID_NUMERIC(ns[0], 80LU), UA_NODEID_NUMERIC(ns[0], 37LU), UA_EXPANDEDNODEID_NUMERIC(ns[0], 2366LU), false); -retVal |= UA_Server_addReference(server, UA_NODEID_NUMERIC(ns[0], 80LU), UA_NODEID_NUMERIC(ns[0], 37LU), UA_EXPANDEDNODEID_NUMERIC(ns[0], 2371LU), false); -retVal |= UA_Server_addReference(server, UA_NODEID_NUMERIC(ns[0], 80LU), UA_NODEID_NUMERIC(ns[0], 37LU), UA_EXPANDEDNODEID_NUMERIC(ns[0], 11571LU), false); retVal |= UA_Server_addReference(server, UA_NODEID_NUMERIC(ns[0], 80LU), UA_NODEID_NUMERIC(ns[0], 37LU), UA_EXPANDEDNODEID_NUMERIC(ns[0], 11567LU), false); +retVal |= UA_Server_addReference(server, UA_NODEID_NUMERIC(ns[0], 80LU), UA_NODEID_NUMERIC(ns[0], 37LU), UA_EXPANDEDNODEID_NUMERIC(ns[0], 11574LU), false); +retVal |= UA_Server_addReference(server, UA_NODEID_NUMERIC(ns[0], 80LU), UA_NODEID_NUMERIC(ns[0], 37LU), UA_EXPANDEDNODEID_NUMERIC(ns[0], 11573LU), false); +retVal |= UA_Server_addReference(server, UA_NODEID_NUMERIC(ns[0], 80LU), UA_NODEID_NUMERIC(ns[0], 37LU), UA_EXPANDEDNODEID_NUMERIC(ns[0], 11570LU), false); +retVal |= UA_Server_addReference(server, UA_NODEID_NUMERIC(ns[0], 80LU), UA_NODEID_NUMERIC(ns[0], 37LU), UA_EXPANDEDNODEID_NUMERIC(ns[0], 3190LU), false); retVal |= UA_Server_addReference(server, UA_NODEID_NUMERIC(ns[0], 80LU), UA_NODEID_NUMERIC(ns[0], 37LU), UA_EXPANDEDNODEID_NUMERIC(ns[0], 11565LU), false); retVal |= UA_Server_addReference(server, UA_NODEID_NUMERIC(ns[0], 80LU), UA_NODEID_NUMERIC(ns[0], 37LU), UA_EXPANDEDNODEID_NUMERIC(ns[0], 2367LU), false); -retVal |= UA_Server_addReference(server, UA_NODEID_NUMERIC(ns[0], 80LU), UA_NODEID_NUMERIC(ns[0], 37LU), UA_EXPANDEDNODEID_NUMERIC(ns[0], 3190LU), false); +retVal |= UA_Server_addReference(server, UA_NODEID_NUMERIC(ns[0], 80LU), UA_NODEID_NUMERIC(ns[0], 37LU), UA_EXPANDEDNODEID_NUMERIC(ns[0], 11571LU), false); +retVal |= UA_Server_addReference(server, UA_NODEID_NUMERIC(ns[0], 80LU), UA_NODEID_NUMERIC(ns[0], 37LU), UA_EXPANDEDNODEID_NUMERIC(ns[0], 2371LU), false); +retVal |= UA_Server_addReference(server, UA_NODEID_NUMERIC(ns[0], 80LU), UA_NODEID_NUMERIC(ns[0], 37LU), UA_EXPANDEDNODEID_NUMERIC(ns[0], 11572LU), false); +retVal |= UA_Server_addReference(server, UA_NODEID_NUMERIC(ns[0], 80LU), UA_NODEID_NUMERIC(ns[0], 37LU), UA_EXPANDEDNODEID_NUMERIC(ns[0], 11551LU), false); +retVal |= UA_Server_addReference(server, UA_NODEID_NUMERIC(ns[0], 80LU), UA_NODEID_NUMERIC(ns[0], 37LU), UA_EXPANDEDNODEID_NUMERIC(ns[0], 2366LU), false); retVal |= UA_Server_addReference(server, UA_NODEID_NUMERIC(ns[0], 80LU), UA_NODEID_NUMERIC(ns[0], 37LU), UA_EXPANDEDNODEID_NUMERIC(ns[0], 2370LU), false); return retVal; } @@ -56426,25 +56426,25 @@ UA_NODEID_NUMERIC(ns[0], 0LU), UA_QUALIFIEDNAME(ns[0], "Mandatory"), UA_NODEID_NUMERIC(ns[0], 77LU), (const UA_NodeAttributes*)&attr, &UA_TYPES[UA_TYPES_OBJECTATTRIBUTES],NULL, NULL); -retVal |= UA_Server_addReference(server, UA_NODEID_NUMERIC(ns[0], 78LU), UA_NODEID_NUMERIC(ns[0], 37LU), UA_EXPANDEDNODEID_NUMERIC(ns[0], 2374LU), false); -retVal |= UA_Server_addReference(server, UA_NODEID_NUMERIC(ns[0], 78LU), UA_NODEID_NUMERIC(ns[0], 37LU), UA_EXPANDEDNODEID_NUMERIC(ns[0], 2369LU), false); -retVal |= UA_Server_addReference(server, UA_NODEID_NUMERIC(ns[0], 78LU), UA_NODEID_NUMERIC(ns[0], 37LU), UA_EXPANDEDNODEID_NUMERIC(ns[0], 2050LU), false); -retVal |= UA_Server_addReference(server, UA_NODEID_NUMERIC(ns[0], 78LU), UA_NODEID_NUMERIC(ns[0], 37LU), UA_EXPANDEDNODEID_NUMERIC(ns[0], 12169LU), false); -retVal |= UA_Server_addReference(server, UA_NODEID_NUMERIC(ns[0], 78LU), UA_NODEID_NUMERIC(ns[0], 37LU), UA_EXPANDEDNODEID_NUMERIC(ns[0], 7611LU), false); -retVal |= UA_Server_addReference(server, UA_NODEID_NUMERIC(ns[0], 78LU), UA_NODEID_NUMERIC(ns[0], 37LU), UA_EXPANDEDNODEID_NUMERIC(ns[0], 2042LU), false); retVal |= UA_Server_addReference(server, UA_NODEID_NUMERIC(ns[0], 78LU), UA_NODEID_NUMERIC(ns[0], 37LU), UA_EXPANDEDNODEID_NUMERIC(ns[0], 2046LU), false); -retVal |= UA_Server_addReference(server, UA_NODEID_NUMERIC(ns[0], 78LU), UA_NODEID_NUMERIC(ns[0], 37LU), UA_EXPANDEDNODEID_NUMERIC(ns[0], 2375LU), false); +retVal |= UA_Server_addReference(server, UA_NODEID_NUMERIC(ns[0], 78LU), UA_NODEID_NUMERIC(ns[0], 37LU), UA_EXPANDEDNODEID_NUMERIC(ns[0], 2044LU), false); retVal |= UA_Server_addReference(server, UA_NODEID_NUMERIC(ns[0], 78LU), UA_NODEID_NUMERIC(ns[0], 37LU), UA_EXPANDEDNODEID_NUMERIC(ns[0], 12078LU), false); retVal |= UA_Server_addReference(server, UA_NODEID_NUMERIC(ns[0], 78LU), UA_NODEID_NUMERIC(ns[0], 37LU), UA_EXPANDEDNODEID_NUMERIC(ns[0], 2035LU), false); -retVal |= UA_Server_addReference(server, UA_NODEID_NUMERIC(ns[0], 78LU), UA_NODEID_NUMERIC(ns[0], 37LU), UA_EXPANDEDNODEID_NUMERIC(ns[0], 2051LU), false); +retVal |= UA_Server_addReference(server, UA_NODEID_NUMERIC(ns[0], 78LU), UA_NODEID_NUMERIC(ns[0], 37LU), UA_EXPANDEDNODEID_NUMERIC(ns[0], 2050LU), false); +retVal |= UA_Server_addReference(server, UA_NODEID_NUMERIC(ns[0], 78LU), UA_NODEID_NUMERIC(ns[0], 37LU), UA_EXPANDEDNODEID_NUMERIC(ns[0], 2043LU), false); +retVal |= UA_Server_addReference(server, UA_NODEID_NUMERIC(ns[0], 78LU), UA_NODEID_NUMERIC(ns[0], 37LU), UA_EXPANDEDNODEID_NUMERIC(ns[0], 2375LU), false); +retVal |= UA_Server_addReference(server, UA_NODEID_NUMERIC(ns[0], 78LU), UA_NODEID_NUMERIC(ns[0], 37LU), UA_EXPANDEDNODEID_NUMERIC(ns[0], 7611LU), false); +retVal |= UA_Server_addReference(server, UA_NODEID_NUMERIC(ns[0], 78LU), UA_NODEID_NUMERIC(ns[0], 37LU), UA_EXPANDEDNODEID_NUMERIC(ns[0], 2374LU), false); retVal |= UA_Server_addReference(server, UA_NODEID_NUMERIC(ns[0], 78LU), UA_NODEID_NUMERIC(ns[0], 37LU), UA_EXPANDEDNODEID_NUMERIC(ns[0], 2045LU), false); +retVal |= UA_Server_addReference(server, UA_NODEID_NUMERIC(ns[0], 78LU), UA_NODEID_NUMERIC(ns[0], 37LU), UA_EXPANDEDNODEID_NUMERIC(ns[0], 11461LU), false); +retVal |= UA_Server_addReference(server, UA_NODEID_NUMERIC(ns[0], 78LU), UA_NODEID_NUMERIC(ns[0], 37LU), UA_EXPANDEDNODEID_NUMERIC(ns[0], 2369LU), false); +retVal |= UA_Server_addReference(server, UA_NODEID_NUMERIC(ns[0], 78LU), UA_NODEID_NUMERIC(ns[0], 37LU), UA_EXPANDEDNODEID_NUMERIC(ns[0], 2042LU), false); +retVal |= UA_Server_addReference(server, UA_NODEID_NUMERIC(ns[0], 78LU), UA_NODEID_NUMERIC(ns[0], 37LU), UA_EXPANDEDNODEID_NUMERIC(ns[0], 2047LU), false); +retVal |= UA_Server_addReference(server, UA_NODEID_NUMERIC(ns[0], 78LU), UA_NODEID_NUMERIC(ns[0], 37LU), UA_EXPANDEDNODEID_NUMERIC(ns[0], 2377LU), false); retVal |= UA_Server_addReference(server, UA_NODEID_NUMERIC(ns[0], 78LU), UA_NODEID_NUMERIC(ns[0], 37LU), UA_EXPANDEDNODEID_NUMERIC(ns[0], 11241LU), false); +retVal |= UA_Server_addReference(server, UA_NODEID_NUMERIC(ns[0], 78LU), UA_NODEID_NUMERIC(ns[0], 37LU), UA_EXPANDEDNODEID_NUMERIC(ns[0], 12169LU), false); +retVal |= UA_Server_addReference(server, UA_NODEID_NUMERIC(ns[0], 78LU), UA_NODEID_NUMERIC(ns[0], 37LU), UA_EXPANDEDNODEID_NUMERIC(ns[0], 2051LU), false); retVal |= UA_Server_addReference(server, UA_NODEID_NUMERIC(ns[0], 78LU), UA_NODEID_NUMERIC(ns[0], 37LU), UA_EXPANDEDNODEID_NUMERIC(ns[0], 2011LU), false); -retVal |= UA_Server_addReference(server, UA_NODEID_NUMERIC(ns[0], 78LU), UA_NODEID_NUMERIC(ns[0], 37LU), UA_EXPANDEDNODEID_NUMERIC(ns[0], 2377LU), false); -retVal |= UA_Server_addReference(server, UA_NODEID_NUMERIC(ns[0], 78LU), UA_NODEID_NUMERIC(ns[0], 37LU), UA_EXPANDEDNODEID_NUMERIC(ns[0], 2047LU), false); -retVal |= UA_Server_addReference(server, UA_NODEID_NUMERIC(ns[0], 78LU), UA_NODEID_NUMERIC(ns[0], 37LU), UA_EXPANDEDNODEID_NUMERIC(ns[0], 11461LU), false); -retVal |= UA_Server_addReference(server, UA_NODEID_NUMERIC(ns[0], 78LU), UA_NODEID_NUMERIC(ns[0], 37LU), UA_EXPANDEDNODEID_NUMERIC(ns[0], 2044LU), false); -retVal |= UA_Server_addReference(server, UA_NODEID_NUMERIC(ns[0], 78LU), UA_NODEID_NUMERIC(ns[0], 37LU), UA_EXPANDEDNODEID_NUMERIC(ns[0], 2043LU), false); return retVal; } @@ -62850,16 +62850,28 @@ UA_OpenSSL_Encrypt (const UA_ByteString * iv, ret = UA_STATUSCODE_BADINTERNALERROR; goto errout; } + + /* Disable padding. Padding is done in the stack before calling encryption. + * Ensure that we have a multiple of the block size */ + if(data->length % (size_t)EVP_CIPHER_CTX_block_size(ctx)) { + ret = UA_STATUSCODE_BADINTERNALERROR; + goto errout; + } + opensslRet = EVP_CIPHER_CTX_set_padding(ctx, 0); + if (opensslRet != 1) { + ret = UA_STATUSCODE_BADINTERNALERROR; + goto errout; + } + + /* Encrypt the data */ opensslRet = EVP_EncryptUpdate (ctx, data->data, &outLen, plainTxt.data, (int) plainTxt.length); if (opensslRet != 1) { ret = UA_STATUSCODE_BADINTERNALERROR; goto errout; } - /* - * Buffer passed to EVP_EncryptFinal() must be after data just - * encrypted to avoid overwriting it. - */ + + /* Encrypt-final does nothing as padding is disabled */ opensslRet = EVP_EncryptFinal_ex(ctx, data->data + outLen, &tmpLen); if (opensslRet != 1) { ret = UA_STATUSCODE_BADINTERNALERROR; @@ -63083,6 +63095,8 @@ EVP_PKEY * UA_OpenSSL_LoadPrivateKey(const UA_ByteString *privateKey) { const unsigned char * pkData = privateKey->data; long len = (long) privateKey->length; + if(len == 0) + return NULL; EVP_PKEY *result = NULL; @@ -66455,9 +66469,11 @@ UA_CertificateVerification_Verify (void * verificationContext, ret = UA_STATUSCODE_BADINTERNALERROR; goto cleanup; } - - (void) X509_STORE_CTX_set0_trusted_stack (storeCtx, ctx->skTrusted); - +#if defined(OPENSSL_API_COMPAT) && OPENSSL_API_COMPAT < 0x10100000L + (void) X509_STORE_CTX_trusted_stack (storeCtx, ctx->skTrusted); +#else + (void) X509_STORE_CTX_set0_trusted_stack (storeCtx, ctx->skTrusted); +#endif /* Set crls to ctx */ if (sk_X509_CRL_num (ctx->skCrls) > 0) { @@ -66564,14 +66580,6 @@ cleanup: } static UA_StatusCode -UA_VerifyCertificateAllowAll (void * verificationContext, - const UA_ByteString * certificate) { - (void) verificationContext; - (void) certificate; - return UA_STATUSCODE_GOOD; -} - -static UA_StatusCode UA_CertificateVerification_VerifyApplicationURI (void * verificationContext, const UA_ByteString * certificate, const UA_String * applicationURI) { @@ -66656,10 +66664,7 @@ UA_CertificateVerification_Trustlist(UA_CertificateVerification * cv, cv->verifyApplicationURI = UA_CertificateVerification_VerifyApplicationURI; cv->clear = UA_CertificateVerification_clear; cv->context = context; - if (certificateTrustListSize > 0) - cv->verifyCertificate = UA_CertificateVerification_Verify; - else - cv->verifyCertificate = UA_VerifyCertificateAllowAll; + cv->verifyCertificate = UA_CertificateVerification_Verify; if (certificateTrustListSize > 0) { if (UA_skTrusted_Cert2X509 (certificateTrustList, certificateTrustListSize, @@ -66715,13 +66720,7 @@ UA_CertificateVerification_CertFolders(UA_CertificateVerification * cv, cv->verifyApplicationURI = UA_CertificateVerification_VerifyApplicationURI; cv->clear = UA_CertificateVerification_clear; cv->context = context; - if(trustListFolder == NULL && - issuerListFolder == NULL && - revocationListFolder == NULL) { - cv->verifyCertificate = UA_VerifyCertificateAllowAll; - } else { - cv->verifyCertificate = UA_CertificateVerification_Verify; - } + cv->verifyCertificate = UA_CertificateVerification_Verify; /* Only set the folder paths. They will be reloaded during runtime. */ @@ -70389,12 +70388,6 @@ reloadCertificates(CertInfo *ci) { #endif static UA_StatusCode -certificateVerification_allow(void *verificationContext, - const UA_ByteString *certificate) { - return UA_STATUSCODE_GOOD; -} - -static UA_StatusCode certificateVerification_verify(void *verificationContext, const UA_ByteString *certificate) { CertInfo *ci = (CertInfo*)verificationContext; @@ -70691,10 +70684,7 @@ UA_CertificateVerification_Trustlist(UA_CertificateVerification *cv, mbedtls_x509_crt_init(&ci->certificateIssuerList); cv->context = (void*)ci; - if(certificateTrustListSize > 0) - cv->verifyCertificate = certificateVerification_verify; - else - cv->verifyCertificate = certificateVerification_allow; + cv->verifyCertificate = certificateVerification_verify; cv->clear = certificateVerification_clear; cv->verifyApplicationURI = certificateVerification_verifyApplicationURI; diff --git a/src/3rdparty/open62541/open62541.h b/src/3rdparty/open62541/open62541.h index 185fa6d..bb22e32 100644 --- a/src/3rdparty/open62541/open62541.h +++ b/src/3rdparty/open62541/open62541.h @@ -1,6 +1,6 @@ /* THIS IS A SINGLE-FILE DISTRIBUTION CONCATENATED FROM THE OPEN62541 SOURCES * visit http://open62541.org/ for information about this software - * Git-Revision: v1.3.3 + * Git-Revision: v1.3.4 */ /* @@ -30,10 +30,10 @@ * ----------------- */ #define UA_OPEN62541_VER_MAJOR 1 #define UA_OPEN62541_VER_MINOR 3 -#define UA_OPEN62541_VER_PATCH 3 +#define UA_OPEN62541_VER_PATCH 4 #define UA_OPEN62541_VER_LABEL "" /* Release candidate label, etc. */ -#define UA_OPEN62541_VER_COMMIT "v1.3.3" -#define UA_OPEN62541_VERSION "v1.3.3" +#define UA_OPEN62541_VER_COMMIT "v1.3.4" +#define UA_OPEN62541_VERSION "v1.3.4" /** * Feature Options diff --git a/src/3rdparty/open62541/patches/0001-feat-plugin-Add-OpenSSL-3.0-support-5349.patch b/src/3rdparty/open62541/patches/0001-feat-plugin-Add-OpenSSL-3.0-support-5349.patch deleted file mode 100644 index a20d56b..0000000 --- a/src/3rdparty/open62541/patches/0001-feat-plugin-Add-OpenSSL-3.0-support-5349.patch +++ /dev/null @@ -1,282 +0,0 @@ -From 7dbde94a813acac866e7964ecc868d2f70076510 Mon Sep 17 00:00:00 2001 -From: Bin Lan <Bin.Lan@windriver.com> -Date: Tue, 27 Sep 2022 21:45:38 +0800 -Subject: [PATCH] feat(plugin): Add OpenSSL 3.0 support (#5349) - -* Add OpenSSL3.0 support - -This change set adds a new function UA_OpenSSL_RSA_Key_Size() to get -the RSA key size, re-writes the function -UA_Openssl_RSA_Private_Decrypt() by using the high level APIs of -OpenSSL3.0, add a new function UA_RSA_Generate_Key() to generate -a RSA key. - -No build warning with OpenSSL3.0 and OpenSSL1.1.1f. - -* Build & Test with OpenSSL3.0 in Ubuntu22.04 ---- - .github/workflows/build_ubuntu2204.yml | 29 ++++++++ - .../openssl/securitypolicy_openssl_common.c | 68 ++++++++++++++----- - .../openssl/ua_openssl_create_certificate.c | 28 +++++++- - 3 files changed, 104 insertions(+), 21 deletions(-) - create mode 100644 .github/workflows/build_ubuntu2204.yml - -diff --git a/.github/workflows/build_ubuntu2204.yml b/.github/workflows/build_ubuntu2204.yml -new file mode 100644 -index 00000000..216c0665 ---- /dev/null -+++ b/.github/workflows/build_ubuntu2204.yml -@@ -0,0 +1,29 @@ -+name: Linux Build & Test with OpenSSL3.0 -+ -+on: [push, pull_request] -+ -+jobs: -+ build: -+ strategy: -+ fail-fast: false -+ matrix: -+ include: -+ - build_name: "Encryption (OpenSSL3.0) Build & Unit Tests (gcc)" -+ cmd_deps: sudo apt-get install -y -qq openssl -+ cmd_action: unit_tests_encryption OPENSSL -+ name: ${{matrix.build_name}} -+ runs-on: ubuntu-22.04 -+ steps: -+ - uses: actions/checkout@v2 -+ with: -+ submodules: true -+ - name: Install Dependencies -+ run: | -+ sudo apt-get update -+ sudo apt-get install -y -qq python3-sphinx graphviz check -+ ${{ matrix.cmd_deps }} -+ - name: ${{matrix.build_name}} -+ run: source tools/ci.sh && ${{matrix.cmd_action}} -+ env: -+ ETHERNET_INTERFACE: eth0 -+ -diff --git a/plugins/crypto/openssl/securitypolicy_openssl_common.c b/plugins/crypto/openssl/securitypolicy_openssl_common.c -index 3b8d5711..78118ed2 100644 ---- a/plugins/crypto/openssl/securitypolicy_openssl_common.c -+++ b/plugins/crypto/openssl/securitypolicy_openssl_common.c -@@ -4,6 +4,7 @@ - * - * Copyright 2020 (c) Wind River Systems, Inc. - * Copyright 2020 (c) basysKom GmbH -+ * Copyright 2022 (c) Wind River Systems, Inc. - */ - - /* -@@ -30,6 +31,8 @@ modification history - #include "ua_openssl_version_abstraction.h" - - #define SHA1_DIGEST_LENGTH 20 /* 160 bits */ -+#define RSA_DECRYPT_BUFFER_LENGTH 2048 /* bytes */ -+ - - /** P_SHA256 Context */ - typedef struct UA_Openssl_P_SHA256_Ctx_ { -@@ -73,6 +76,14 @@ UA_Openssl_Init (void) { - #endif - } - -+static int UA_OpenSSL_RSA_Key_Size (EVP_PKEY * key){ -+#if (OPENSSL_VERSION_NUMBER >= 0x30000000L) -+ return EVP_PKEY_get_size (key); -+#else -+ return RSA_size (get_pkey_rsa(key)); -+#endif -+} -+ - /* UA_copyCertificate - allocalte the buffer, copy the certificate and - * add a NULL to the end - */ -@@ -192,8 +203,8 @@ UA_Openssl_X509_GetCertificateThumbprint (const UA_ByteString * certficate, - } - - static UA_StatusCode --UA_Openssl_RSA_Private_Decrypt (UA_ByteString * data, -- EVP_PKEY * privateKey, -+UA_Openssl_RSA_Private_Decrypt (UA_ByteString * data, -+ EVP_PKEY * privateKey, - UA_Int16 padding) { - if (data == NULL || privateKey == NULL) { - return UA_STATUSCODE_BADINVALIDARGUMENT; -@@ -203,27 +214,49 @@ UA_Openssl_RSA_Private_Decrypt (UA_ByteString * data, - return UA_STATUSCODE_BADINVALIDARGUMENT; - } - -- UA_Int32 keySize = RSA_size(get_pkey_rsa(privateKey)); -+ size_t keySize = (size_t) UA_OpenSSL_RSA_Key_Size (privateKey); - size_t cipherOffset = 0; - size_t outOffset = 0; -- unsigned char buf[2048]; -- UA_Int32 decryptedBytes; -+ unsigned char buf[RSA_DECRYPT_BUFFER_LENGTH]; -+ size_t decryptedBytes; -+ EVP_PKEY_CTX * ctx; -+ int opensslRet; -+ -+ ctx = EVP_PKEY_CTX_new (privateKey, NULL); -+ if (ctx == NULL) { -+ return UA_STATUSCODE_BADOUTOFMEMORY; -+ } -+ opensslRet = EVP_PKEY_decrypt_init (ctx); -+ if (opensslRet != 1) -+ { -+ EVP_PKEY_CTX_free (ctx); -+ return UA_STATUSCODE_BADINTERNALERROR; -+ } -+ opensslRet = EVP_PKEY_CTX_set_rsa_padding (ctx, padding); -+ if (opensslRet != 1) { -+ EVP_PKEY_CTX_free (ctx); -+ return UA_STATUSCODE_BADINTERNALERROR; -+ } - - while (cipherOffset < data->length) { -- decryptedBytes = RSA_private_decrypt (keySize, -- data->data + cipherOffset, /* what to decrypt */ -+ decryptedBytes = RSA_DECRYPT_BUFFER_LENGTH; -+ opensslRet = EVP_PKEY_decrypt (ctx, - buf, /* where to decrypt */ -- get_pkey_rsa(privateKey), /* private key */ -- padding -+ &decryptedBytes, -+ data->data + cipherOffset, /* what to decrypt */ -+ keySize - ); -- if (decryptedBytes < 0) { -+ if (opensslRet != 1) { -+ EVP_PKEY_CTX_free (ctx); - return UA_STATUSCODE_BADSECURITYCHECKSFAILED; - } -- memcpy(data->data + outOffset, buf, (size_t) decryptedBytes); -+ (void) memcpy(data->data + outOffset, buf, decryptedBytes); - cipherOffset += (size_t) keySize; -- outOffset += (size_t) decryptedBytes; -+ outOffset += decryptedBytes; - } - data->length = outOffset; -+ EVP_PKEY_CTX_free (ctx); -+ - return UA_STATUSCODE_GOOD; - } - -@@ -249,7 +282,6 @@ UA_Openssl_RSA_Public_Encrypt (const UA_ByteString * message, - size_t encryptedPos = 0; - size_t bytesToEncrypt = 0; - size_t encryptedBlockSize = 0; -- RSA * rsa = NULL; - size_t keySize = 0; - - evpPublicKey = X509_get_pubkey (publicX509); -@@ -274,8 +306,8 @@ UA_Openssl_RSA_Public_Encrypt (const UA_ByteString * message, - } - - /* get the encrypted block size */ -- rsa = get_pkey_rsa (evpPublicKey); -- keySize = (size_t) RSA_size (rsa); -+ -+ keySize = (size_t) UA_OpenSSL_RSA_Key_Size (evpPublicKey); - if (keySize == 0) { - ret = UA_STATUSCODE_BADINTERNALERROR; - goto errout; -@@ -435,8 +467,8 @@ UA_Openssl_RSA_Public_GetKeyLength (X509 * publicKeyX509, - if (evpKey == NULL) { - return UA_STATUSCODE_BADINTERNALERROR; - } -- RSA * rsa = get_pkey_rsa (evpKey); -- *keyLen = RSA_size(rsa); -+ *keyLen = UA_OpenSSL_RSA_Key_Size (evpKey); -+ - EVP_PKEY_free (evpKey); - - return UA_STATUSCODE_GOOD; -@@ -448,7 +480,7 @@ UA_Openssl_RSA_Private_GetKeyLength (EVP_PKEY * privateKey, - if (privateKey == NULL) { - return UA_STATUSCODE_BADINVALIDARGUMENT; - } -- *keyLen = RSA_size(get_pkey_rsa(privateKey)); -+ *keyLen = UA_OpenSSL_RSA_Key_Size (privateKey); - - return UA_STATUSCODE_GOOD; - } -diff --git a/plugins/crypto/openssl/ua_openssl_create_certificate.c b/plugins/crypto/openssl/ua_openssl_create_certificate.c -index 4b07e886..0ea63f95 100644 ---- a/plugins/crypto/openssl/ua_openssl_create_certificate.c -+++ b/plugins/crypto/openssl/ua_openssl_create_certificate.c -@@ -3,6 +3,7 @@ - * file, You can obtain one at http://mozilla.org/MPL/2.0/. - * - * Copyright 2021 (c) Christian von Arnim, ISW University of Stuttgart (for VDW and umati) -+ * Copyright 2022 (c) Wind River Systems, Inc. - * - */ - -@@ -81,6 +82,16 @@ add_x509V3ext(X509 *x509, int nid, const char *value) { - return UA_STATUSCODE_GOOD; - } - -+#if (OPENSSL_VERSION_NUMBER >= 0x30000000L) -+ -+/* generate the RSA key */ -+ -+static EVP_PKEY * UA_RSA_Generate_Key (size_t keySizeBits){ -+ return EVP_RSA_gen(keySizeBits); -+} -+ -+#endif -+ - UA_StatusCode - UA_CreateCertificate(const UA_Logger *logger, - const UA_String *subject, size_t subjectSize, -@@ -109,11 +120,18 @@ UA_CreateCertificate(const UA_Logger *logger, - - UA_StatusCode errRet = UA_STATUSCODE_GOOD; - -+ X509 *x509 = X509_new(); -+ -+#if (OPENSSL_VERSION_NUMBER >= 0x30000000L) -+ EVP_PKEY *pkey = UA_RSA_Generate_Key(keySizeBits); -+ if((pkey == NULL) || (x509 == NULL)) { -+ errRet = UA_STATUSCODE_BADOUTOFMEMORY; -+ goto cleanup; -+ } -+#else - BIGNUM *exponent = BN_new(); - EVP_PKEY *pkey = EVP_PKEY_new(); -- X509 *x509 = X509_new(); - RSA *rsa = RSA_new(); -- - if(!pkey || !x509 || !exponent || !rsa) { - errRet = UA_STATUSCODE_BADOUTOFMEMORY; - goto cleanup; -@@ -145,6 +163,8 @@ UA_CreateCertificate(const UA_Logger *logger, - /* rsa will be freed by pkey */ - rsa = NULL; - -+#endif /* end of OPENSSL_VERSION_NUMBER >= 0x30000000L */ -+ - /* x509v3 has version 2 - * (https://www.openssl.org/docs/man1.1.0/man3/X509_set_version.html) */ - if(X509_set_version(x509, 2) != 1) { -@@ -351,12 +371,14 @@ UA_CreateCertificate(const UA_Logger *logger, - - cleanup: - UA_String_clear(&fullAltSubj); -+#if (OPENSSL_VERSION_NUMBER < 0x30000000L) - RSA_free(rsa); -+ BN_free(exponent); -+#endif - X509_free(x509); - EVP_PKEY_free(pkey); - BIO_free(memCert); - BIO_free(memPKey); -- BN_free(exponent); - return errRet; - } - --- -2.34.1 - |