From 6a9ebf88eba8b73091a38d200129f45c6836f78e Mon Sep 17 00:00:00 2001 From: Erik Boasson Date: Mon, 25 May 2020 09:10:10 +0200 Subject: [PATCH] OpenSSL 1.0.2 compatibility This addresses a number of issues with building Cyclone DDS including DDS Security while using OpenSSL 1.0.2. Compatibility with 1.0.2 is a courtesy towards those who are unable to move to 1.1.x or later because of other libraries. * On Windows, one must include Winsock2.h prior to including the OpenSSL header files, or it'll pull in incompatible definitions from Winsock.h and that breaks some of the files. * OpenSSL 1.0.2 requires initializing the library (or more particular, loading all the required algorithms) but this is no longer needed in OpenSSL 1.1.x. It ends up being needed in a few places and having tons of essentially dead initialization code lying around is unpleasant. Hence this has been consolidated in a single function and protected with ddsrt_once(). * One ought to undo the above initialization on 1.0.2g and older, but it is impossible to know whether that can safely be done from a library. This is also the reason OpenSSL deprecated all the initialization and cleanup interfaces. So if one insists on trying it with such an old version, let there be some leaks. * Thread state cleanup is sort-of required prior 1.1.0, but that suffers from the same problems; we'd have to do per-thread cleanup code for OpenSSL for any thread that could call into it (which is pretty much any thread). So once again, people should just use 1.1.0 or newer. * There are some interfaces added in 1.1.0 that we use, but a few small workarounds those can be made to work on 1.0.2 as well. These also were replicated in a number of places and consolidated by this commit. Signed-off-by: Erik Boasson --- src/ddsrt/include/dds/ddsrt/xmlparser.h | 1 + src/security/CMakeLists.txt | 1 + .../access_control/CMakeLists.txt | 2 + .../access_control/src/access_control.c | 23 +--- .../src/access_control_objects.h | 2 +- .../src/access_control_parser.c | 6 +- .../access_control/src/access_control_utils.c | 7 +- .../access_control/src/access_control_utils.h | 4 +- .../authentication/CMakeLists.txt | 2 + .../authentication/src/auth_utils.c | 41 ++---- .../authentication/src/auth_utils.h | 7 + .../authentication/src/authentication.c | 47 +------ .../cryptographic/CMakeLists.txt | 2 + .../cryptographic/src/crypto_cipher.c | 4 +- .../cryptographic/src/crypto_key_factory.c | 7 +- .../cryptographic/src/crypto_transform.c | 25 +--- .../cryptographic/src/crypto_utils.c | 6 +- .../builtin_plugins/tests/CMakeLists.txt | 15 +-- .../tests/common/src/crypto_helper.c | 5 +- .../tests/common/src/handshake_helper.c | 30 ++--- .../tests/common/src/handshake_helper.h | 10 +- ...te_local_datareader_crypto_tokens_utests.c | 6 +- ...te_local_datawriter_crypto_tokens_utests.c | 6 +- ...e_local_participant_crypto_tokens_utests.c | 6 +- .../src/decode_datareader_submessage_utests.c | 7 +- .../src/decode_datawriter_submessage_utests.c | 5 +- .../src/decode_rtps_message_utests.c | 5 +- .../src/decode_serialized_payload_utests.c | 6 +- .../src/encode_datareader_submessage_utests.c | 5 +- .../src/encode_datawriter_submessage_utests.c | 5 +- .../src/encode_rtps_message_utests.c | 5 +- .../src/encode_serialized_payload_utests.c | 5 +- ...thenticated_peer_credential_token_utests.c | 28 ++-- .../get_permissions_credential_token_utests.c | 5 +- .../src/get_permissions_token_utests.c | 5 +- .../src/get_xxx_sec_attributes_utests.c | 5 +- .../src/listeners_access_control_utests.c | 23 +--- .../src/listeners_authentication_utests.c | 50 ++----- .../src/preprocess_secure_submsg_utests.c | 6 +- .../src/process_handshake_utests.c | 37 ++--- .../src/register_local_datareader_utests.c | 6 +- .../src/register_local_datawriter_utests.c | 6 +- .../src/register_local_participant_utests.c | 6 +- ...egister_matched_remote_datareader_utests.c | 6 +- ...egister_matched_remote_datawriter_utests.c | 6 +- ...gister_matched_remote_participant_utests.c | 6 +- ...t_remote_datareader_crypto_tokens_utests.c | 6 +- ...t_remote_datawriter_crypto_tokens_utests.c | 6 +- ..._remote_participant_crypto_tokens_utests.c | 6 +- .../validate_begin_handshake_reply_utests.c | 36 ++--- .../validate_begin_handshake_request_utests.c | 4 + .../src/validate_local_identity_utests.c | 3 +- .../src/validate_local_permissions_utests.c | 5 +- .../src/validate_remote_permissions_utests.c | 5 +- .../dds/security/core/dds_security_utils.h | 12 +- src/security/core/src/dds_security_utils.c | 47 +------ src/security/core/tests/CMakeLists.txt | 7 + src/security/core/tests/common/cert_utils.c | 7 +- .../tests/common/security_config_test_utils.c | 9 +- src/security/openssl/CMakeLists.txt | 21 +++ .../include/dds/security/openssl_support.h | 80 +++++++++++ src/security/openssl/src/openssl_support.c | 127 ++++++++++++++++++ 62 files changed, 380 insertions(+), 504 deletions(-) create mode 100644 src/security/openssl/CMakeLists.txt create mode 100644 src/security/openssl/include/dds/security/openssl_support.h create mode 100644 src/security/openssl/src/openssl_support.c diff --git a/src/ddsrt/include/dds/ddsrt/xmlparser.h b/src/ddsrt/include/dds/ddsrt/xmlparser.h index 93bd92d..732bb2a 100644 --- a/src/ddsrt/include/dds/ddsrt/xmlparser.h +++ b/src/ddsrt/include/dds/ddsrt/xmlparser.h @@ -12,6 +12,7 @@ #ifndef DDSRT_XMLPARSER_H #define DDSRT_XMLPARSER_H +#include #include #include "dds/export.h" diff --git a/src/security/CMakeLists.txt b/src/security/CMakeLists.txt index fd9af5d..1c8ec01 100644 --- a/src/security/CMakeLists.txt +++ b/src/security/CMakeLists.txt @@ -16,6 +16,7 @@ if(ENABLE_SECURITY) add_subdirectory(core) if(ENABLE_SSL) + add_subdirectory(openssl) add_subdirectory(builtin_plugins) endif() endif() diff --git a/src/security/builtin_plugins/access_control/CMakeLists.txt b/src/security/builtin_plugins/access_control/CMakeLists.txt index e7bf471..d21815c 100644 --- a/src/security/builtin_plugins/access_control/CMakeLists.txt +++ b/src/security/builtin_plugins/access_control/CMakeLists.txt @@ -26,6 +26,7 @@ generate_export_header( EXPORT_FILE_NAME "${CMAKE_CURRENT_BINARY_DIR}/include/dds/security/export.h" ) +target_link_libraries(dds_security_ac PRIVATE security_openssl) target_link_libraries(dds_security_ac PUBLIC ddsc) target_link_libraries(dds_security_ac PUBLIC OpenSSL::SSL) if(CMAKE_GENERATOR MATCHES "Visual Studio") @@ -36,6 +37,7 @@ target_include_directories(dds_security_ac PUBLIC "$>" "$>" + "$>" "$>" "$" ) diff --git a/src/security/builtin_plugins/access_control/src/access_control.c b/src/security/builtin_plugins/access_control/src/access_control.c index e9d91e0..1a45c4e 100644 --- a/src/security/builtin_plugins/access_control/src/access_control.c +++ b/src/security/builtin_plugins/access_control/src/access_control.c @@ -13,8 +13,7 @@ #include #include -#include -#include + #include "dds/ddsrt/heap.h" #include "dds/ddsrt/misc.h" #include "dds/ddsrt/string.h" @@ -24,19 +23,12 @@ #include "dds/security/dds_security_api.h" #include "dds/security/core/dds_security_utils.h" #include "dds/security/core/dds_security_timed_cb.h" +#include "dds/security/openssl_support.h" #include "access_control.h" #include "access_control_utils.h" #include "access_control_objects.h" #include "access_control_parser.h" -#if OPENSSL_VERSION_NUMBER >= 0x10000000L && OPENSSL_VERSION_NUMBER < 0x10100000L -#define REMOVE_THREAD_STATE() ERR_remove_thread_state(NULL); -#elif OPENSSL_VERSION_NUMBER < 0x10000000L -#define REMOVE_THREAD_STATE() ERR_remove_state(0); -#else -#define REMOVE_THREAD_STATE() -#endif - static const char *ACCESS_CONTROL_PROTOCOL_CLASS = "DDS:Access"; static const unsigned ACCESS_CONTROL_PROTOCOL_VERSION_MAJOR = 1; static const unsigned ACCESS_CONTROL_PROTOCOL_VERSION_MINOR = 0; @@ -1522,12 +1514,7 @@ int init_access_control(const char *argument, void **context, struct ddsi_domain #endif access_control->remote_permissions = access_control_table_new(); - OpenSSL_add_all_algorithms(); - OpenSSL_add_all_ciphers(); - OpenSSL_add_all_digests(); - ERR_load_BIO_strings(); - ERR_load_crypto_strings(); - + dds_openssl_init (); *context = access_control; return 0; } @@ -2473,9 +2460,5 @@ int finalize_access_control(void *context) ddsrt_mutex_destroy(&access_control->lock); ddsrt_free(access_control); } - EVP_cleanup(); - CRYPTO_cleanup_all_ex_data(); - REMOVE_THREAD_STATE(); - ERR_free_strings(); return 0; } diff --git a/src/security/builtin_plugins/access_control/src/access_control_objects.h b/src/security/builtin_plugins/access_control/src/access_control_objects.h index b1f033b..867bab9 100644 --- a/src/security/builtin_plugins/access_control/src/access_control_objects.h +++ b/src/security/builtin_plugins/access_control/src/access_control_objects.h @@ -12,10 +12,10 @@ #ifndef ACCESS_CONTROL_OBJECTS_H #define ACCESS_CONTROL_OBJECTS_H -#include #include "dds/ddsrt/atomics.h" #include "dds/ddsrt/types.h" #include "dds/security/dds_security_api.h" +#include "dds/security/openssl_support.h" #define ACCESS_CONTROL_OBJECT(o) ((AccessControlObject *)(o)) #define ACCESS_CONTROL_OBJECT_HANDLE(o) ((o) ? ACCESS_CONTROL_OBJECT(o)->handle : DDS_SECURITY_HANDLE_NIL) diff --git a/src/security/builtin_plugins/access_control/src/access_control_parser.c b/src/security/builtin_plugins/access_control/src/access_control_parser.c index efd72ef..2d7d3af 100644 --- a/src/security/builtin_plugins/access_control/src/access_control_parser.c +++ b/src/security/builtin_plugins/access_control/src/access_control_parser.c @@ -11,11 +11,7 @@ */ #include #include -#include -#include -#include -#include -#include + #include "dds/ddsrt/heap.h" #include "dds/ddsrt/misc.h" #include "dds/ddsrt/string.h" diff --git a/src/security/builtin_plugins/access_control/src/access_control_utils.c b/src/security/builtin_plugins/access_control/src/access_control_utils.c index ca80d77..c30dbf2 100644 --- a/src/security/builtin_plugins/access_control/src/access_control_utils.c +++ b/src/security/builtin_plugins/access_control/src/access_control_utils.c @@ -14,11 +14,7 @@ #include #include #include -#include -#include -#include -#include -#include + #include "dds/ddsrt/heap.h" #include "dds/ddsrt/misc.h" #include "dds/ddsrt/string.h" @@ -26,6 +22,7 @@ #include "dds/ddsrt/types.h" #include "dds/security/dds_security_api.h" #include "dds/security/core/dds_security_utils.h" +#include "dds/security/openssl_support.h" #include "access_control_utils.h" #define SEQ_ERR -1 diff --git a/src/security/builtin_plugins/access_control/src/access_control_utils.h b/src/security/builtin_plugins/access_control/src/access_control_utils.h index 008ab21..d786416 100644 --- a/src/security/builtin_plugins/access_control/src/access_control_utils.h +++ b/src/security/builtin_plugins/access_control/src/access_control_utils.h @@ -12,10 +12,10 @@ #ifndef ACCESS_CONTROL_UTILS_H #define ACCESS_CONTROL_UTILS_H -#include #include "dds/ddsrt/types.h" -#include "dds/security/dds_security_api.h" #include "dds/security/export.h" +#include "dds/security/dds_security_api.h" +#include "dds/security/openssl_support.h" #define DDS_ACCESS_CONTROL_PLUGIN_CONTEXT "Access Control" diff --git a/src/security/builtin_plugins/authentication/CMakeLists.txt b/src/security/builtin_plugins/authentication/CMakeLists.txt index c6716e7..880b832 100644 --- a/src/security/builtin_plugins/authentication/CMakeLists.txt +++ b/src/security/builtin_plugins/authentication/CMakeLists.txt @@ -31,6 +31,7 @@ generate_export_header( EXPORT_FILE_NAME "${CMAKE_CURRENT_BINARY_DIR}/include/dds/security/export.h" ) +target_link_libraries(dds_security_auth PRIVATE security_openssl) target_link_libraries(dds_security_auth PUBLIC ddsc) target_link_libraries(dds_security_auth PUBLIC OpenSSL::SSL) if(CMAKE_GENERATOR MATCHES "Visual Studio") @@ -41,6 +42,7 @@ target_include_directories(dds_security_auth PUBLIC "$>" "$>" + "$>" "$>" "$" "$" diff --git a/src/security/builtin_plugins/authentication/src/auth_utils.c b/src/security/builtin_plugins/authentication/src/auth_utils.c index e79a951..1eea973 100644 --- a/src/security/builtin_plugins/authentication/src/auth_utils.c +++ b/src/security/builtin_plugins/authentication/src/auth_utils.c @@ -12,24 +12,7 @@ #include #include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#if OPENSSL_VERSION_NUMBER >= 0x1000200fL -#define AUTH_INCLUDE_EC -#include -#if OPENSSL_VERSION_NUMBER >= 0x10100000L -#define AUTH_INCLUDE_DH_ACCESSORS -#endif -#else -#error "OpenSSL version is not supported" -#endif + #include "dds/ddsrt/time.h" #include "dds/ddsrt/heap.h" #include "dds/ddsrt/filesystem.h" @@ -40,17 +23,9 @@ #include "dds/ddsrt/io.h" #include "dds/security/dds_security_api_defs.h" #include "dds/security/core/dds_security_utils.h" +#include "dds/security/openssl_support.h" #include "auth_utils.h" -/* There is a problem when compiling on windows w.r.t. X509_NAME. - * The windows api already defines the type X509_NAME which - * conficts with some openssl versions. The workaround is to - * undef the openssl X509_NAME - */ -#ifdef _WIN32 -#undef X509_NAME -#endif - #define MAX_TRUSTED_CA 100 char *get_openssl_error_message(void) @@ -151,8 +126,10 @@ static DDS_Security_ValidationResult_t check_key_type_and_size(EVP_PKEY *key, in } if (isPrivate) { - RSA *rsaKey = EVP_PKEY_get0_RSA(key); - if (rsaKey && RSA_check_key(rsaKey) != 1) + RSA *rsaKey = EVP_PKEY_get1_RSA(key); + const bool fail = (rsaKey && RSA_check_key(rsaKey) != 1); + RSA_free(rsaKey); + if (fail) { DDS_Security_Exception_set_with_openssl_error(ex, DDS_AUTH_PLUGIN_CONTEXT, DDS_SECURITY_ERR_UNDEFINED_CODE, DDS_SECURITY_VALIDATION_FAILED, "RSA key not correct : "); return DDS_SECURITY_VALIDATION_FAILED; @@ -166,8 +143,10 @@ static DDS_Security_ValidationResult_t check_key_type_and_size(EVP_PKEY *key, in DDS_Security_Exception_set(ex, DDS_AUTH_PLUGIN_CONTEXT, DDS_SECURITY_ERR_UNDEFINED_CODE, DDS_SECURITY_VALIDATION_FAILED, "EC %s has unsupported key size (%d)", sub, EVP_PKEY_bits(key)); return DDS_SECURITY_VALIDATION_FAILED; } - EC_KEY *ecKey = EVP_PKEY_get0_EC_KEY(key); - if (ecKey && EC_KEY_check_key(ecKey) != 1) + EC_KEY *ecKey = EVP_PKEY_get1_EC_KEY(key); + const bool fail = (ecKey && EC_KEY_check_key(ecKey) != 1); + EC_KEY_free(ecKey); + if (fail) { DDS_Security_Exception_set(ex, DDS_AUTH_PLUGIN_CONTEXT, DDS_SECURITY_ERR_UNDEFINED_CODE, DDS_SECURITY_VALIDATION_FAILED, "EC key not correct : "); return DDS_SECURITY_VALIDATION_FAILED; diff --git a/src/security/builtin_plugins/authentication/src/auth_utils.h b/src/security/builtin_plugins/authentication/src/auth_utils.h index 52ca1f7..31eb5d9 100644 --- a/src/security/builtin_plugins/authentication/src/auth_utils.h +++ b/src/security/builtin_plugins/authentication/src/auth_utils.h @@ -13,6 +13,13 @@ #ifndef AUTH_UTILS_H #define AUTH_UTILS_H +#ifdef _WIN32 +/* supposedly WinSock2 must be included before openssl 1.0.2 headers otherwise winsock will be used */ +#include +#endif +#include +#include + #include "dds/security/dds_security_api.h" #include "dds/ddsrt/time.h" diff --git a/src/security/builtin_plugins/authentication/src/authentication.c b/src/security/builtin_plugins/authentication/src/authentication.c index f17ae41..20f2c2c 100644 --- a/src/security/builtin_plugins/authentication/src/authentication.c +++ b/src/security/builtin_plugins/authentication/src/authentication.c @@ -13,28 +13,6 @@ #include #include #include -#include -#include -#include -#include -#include -#include -#include -#include -#if OPENSLL_VERSION_NUMBER >= 0x10002000L -#define AUTH_INCLUDE_EC -#include -#endif -#include - -/* There is a problem when compiling on windows w.r.t. X509_NAME. - * The windows api already defines the type X509_NAME which - * conficts with some openssl versions. The workaround is to - * undef the openssl X509_NAME - */ -#ifdef _WIN32 -#undef X509_NAME -#endif #include "dds/ddsrt/heap.h" #include "dds/ddsrt/atomics.h" @@ -43,13 +21,13 @@ #include "dds/ddsrt/hopscotch.h" #include "dds/ddsi/ddsi_domaingv.h" #include "dds/security/dds_security_api.h" +#include "dds/security/dds_security_api_types.h" #include "dds/security/core/dds_security_timed_cb.h" #include "dds/security/core/dds_security_utils.h" -#include "dds/security/dds_security_api.h" -#include "dds/security/dds_security_api_types.h" #include "dds/security/core/shared_secret.h" #include "dds/security/core/dds_security_utils.h" #include "dds/security/core/dds_security_serialize.h" +#include "dds/security/openssl_support.h" #include "auth_utils.h" #include "authentication.h" @@ -57,14 +35,6 @@ #define EVP_PKEY_id(k) ((k)->type) #endif -#if OPENSSL_VERSION_NUMBER >= 0x10000000L && OPENSSL_VERSION_NUMBER < 0x10100000L -#define REMOVE_THREAD_STATE() ERR_remove_thread_state(NULL); -#elif OPENSSL_VERSION_NUMBER < 0x10000000L -#define REMOVE_THREAD_STATE() ERR_remove_state(0); -#else -#define REMOVE_THREAD_STATE() -#endif - #define HANDSHAKE_SIGNATURE_CONTENT_SIZE 6 #define ADJUSTED_GUID_PREFIX_FLAG 0x80 @@ -2276,12 +2246,7 @@ int32_t init_authentication(const char *argument, void **context, struct ddsi_do else authentication->include_optional = true; - OpenSSL_add_all_algorithms(); - OpenSSL_add_all_ciphers(); - OpenSSL_add_all_digests(); - ERR_load_BIO_strings(); - ERR_load_crypto_strings(); - + dds_openssl_init (); *context = authentication; return 0; } @@ -2308,11 +2273,5 @@ int32_t finalize_authentication(void *instance) ddsrt_mutex_destroy(&authentication->lock); ddsrt_free((dds_security_authentication_impl *)instance); } - - RAND_cleanup(); - EVP_cleanup(); - CRYPTO_cleanup_all_ex_data(); - REMOVE_THREAD_STATE(); - ERR_free_strings(); return 0; } diff --git a/src/security/builtin_plugins/cryptographic/CMakeLists.txt b/src/security/builtin_plugins/cryptographic/CMakeLists.txt index 180e7f3..7fac1df 100644 --- a/src/security/builtin_plugins/cryptographic/CMakeLists.txt +++ b/src/security/builtin_plugins/cryptographic/CMakeLists.txt @@ -29,6 +29,7 @@ generate_export_header( EXPORT_FILE_NAME "${CMAKE_CURRENT_BINARY_DIR}/include/dds/security/export.h" ) +target_link_libraries(dds_security_crypto PRIVATE security_openssl) target_link_libraries(dds_security_crypto PUBLIC ddsc) target_link_libraries(dds_security_crypto PUBLIC OpenSSL::SSL) if(CMAKE_GENERATOR MATCHES "Visual Studio") @@ -40,6 +41,7 @@ target_include_directories(dds_security_crypto PUBLIC "$>" "$>" + "$>" "$>" "$" "$" diff --git a/src/security/builtin_plugins/cryptographic/src/crypto_cipher.c b/src/security/builtin_plugins/cryptographic/src/crypto_cipher.c index 80d79f3..a870699 100644 --- a/src/security/builtin_plugins/cryptographic/src/crypto_cipher.c +++ b/src/security/builtin_plugins/cryptographic/src/crypto_cipher.c @@ -10,10 +10,10 @@ * SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause */ #include -#include -#include + #include "dds/ddsrt/heap.h" #include "dds/ddsrt/types.h" +#include "dds/security/openssl_support.h" #include "crypto_defs.h" #include "crypto_utils.h" #include "crypto_cipher.h" diff --git a/src/security/builtin_plugins/cryptographic/src/crypto_key_factory.c b/src/security/builtin_plugins/cryptographic/src/crypto_key_factory.c index 1ce7e49..7a04865 100644 --- a/src/security/builtin_plugins/cryptographic/src/crypto_key_factory.c +++ b/src/security/builtin_plugins/cryptographic/src/crypto_key_factory.c @@ -11,11 +11,7 @@ */ #include #include -#include -#include -#include -#include -#include + #include "dds/ddsrt/atomics.h" #include "dds/ddsrt/heap.h" #include "dds/ddsrt/sync.h" @@ -25,6 +21,7 @@ #include "dds/security/core/dds_security_utils.h" #include "dds/security/core/dds_security_serialize.h" #include "dds/security/core/shared_secret.h" +#include "dds/security/openssl_support.h" #include "crypto_defs.h" #include "crypto_utils.h" #include "crypto_cipher.h" diff --git a/src/security/builtin_plugins/cryptographic/src/crypto_transform.c b/src/security/builtin_plugins/cryptographic/src/crypto_transform.c index 1fd32b9..58b1da3 100644 --- a/src/security/builtin_plugins/cryptographic/src/crypto_transform.c +++ b/src/security/builtin_plugins/cryptographic/src/crypto_transform.c @@ -12,14 +12,14 @@ #include #include #include -#include -#include + #include "dds/ddsrt/bswap.h" #include "dds/ddsrt/endian.h" #include "dds/ddsrt/heap.h" #include "dds/ddsrt/types.h" #include "dds/security/dds_security_api.h" #include "dds/security/core/dds_security_utils.h" +#include "dds/security/openssl_support.h" #include "cryptography.h" #include "crypto_cipher.h" #include "crypto_defs.h" @@ -34,14 +34,6 @@ #define INFO_SRC_HDR_SIZE 8 #define RTPS_HEADER_SIZE 20 -#if OPENSSL_VERSION_NUMBER >= 0x10000000L && OPENSSL_VERSION_NUMBER < 0x10100000L -#define REMOVE_THREAD_STATE() ERR_remove_thread_state(NULL); -#elif OPENSSL_VERSION_NUMBER < 0x10000000L -#define REMOVE_THREAD_STATE() ERR_remove_state(0); -#else -#define REMOVE_THREAD_STATE() -#endif - struct submsg_header { unsigned char id; @@ -2444,23 +2436,12 @@ dds_security_crypto_transform__alloc( instance->base.decode_datareader_submessage = &decode_datareader_submessage; instance->base.decode_serialized_payload = &decode_serialized_payload; - OpenSSL_add_all_algorithms(); - OpenSSL_add_all_ciphers(); - OpenSSL_add_all_digests(); - ERR_load_BIO_strings(); - ERR_load_crypto_strings(); - + dds_openssl_init (); return (dds_security_crypto_transform *)instance; } void dds_security_crypto_transform__dealloc( dds_security_crypto_transform *instance) { - RAND_cleanup(); - EVP_cleanup(); - CRYPTO_cleanup_all_ex_data(); - REMOVE_THREAD_STATE(); - ERR_free_strings(); - ddsrt_free((dds_security_crypto_transform_impl *)instance); } diff --git a/src/security/builtin_plugins/cryptographic/src/crypto_utils.c b/src/security/builtin_plugins/cryptographic/src/crypto_utils.c index 12ca32e..075a8ef 100644 --- a/src/security/builtin_plugins/cryptographic/src/crypto_utils.c +++ b/src/security/builtin_plugins/cryptographic/src/crypto_utils.c @@ -11,16 +11,14 @@ */ #include #include -#include -#include -#include -#include + #include "dds/ddsrt/bswap.h" #include "dds/ddsrt/heap.h" #include "dds/ddsrt/string.h" #include "dds/ddsrt/types.h" #include "dds/security/dds_security_api.h" #include "dds/security/core/dds_security_utils.h" +#include "dds/security/openssl_support.h" #include "crypto_defs.h" #include "crypto_utils.h" diff --git a/src/security/builtin_plugins/tests/CMakeLists.txt b/src/security/builtin_plugins/tests/CMakeLists.txt index 60a9704..6f26a68 100644 --- a/src/security/builtin_plugins/tests/CMakeLists.txt +++ b/src/security/builtin_plugins/tests/CMakeLists.txt @@ -63,30 +63,23 @@ add_cunit_executable(cunit_security_plugins ${security_auth_test_sources} ${secu target_include_directories( cunit_security_plugins PRIVATE + "$" + "$" "$" "$>" "$>" + "$>" "$>" "$" "$" ) target_link_libraries(cunit_security_plugins PRIVATE ddsc security_api dds_security_ac dds_security_crypto) +target_link_libraries(cunit_security_plugins PRIVATE security_openssl) target_link_libraries(cunit_security_plugins PRIVATE OpenSSL::SSL) if(CMAKE_GENERATOR MATCHES "Visual Studio") set_target_properties(cunit_security_plugins PROPERTIES LINK_FLAGS "/ignore:4099") endif() -target_include_directories( - cunit_security_plugins PRIVATE - "$" - "$" - "$>" - "$>" - "$>" - "$" - "$" -) - set(CUnit_builtin_plugins_tests_dir "${CMAKE_CURRENT_LIST_DIR}") set(CUnit_build_dir "${CMAKE_CURRENT_BINARY_DIR}") configure_file("config_env.h.in" "config_env.h") diff --git a/src/security/builtin_plugins/tests/common/src/crypto_helper.c b/src/security/builtin_plugins/tests/common/src/crypto_helper.c index 8497f80..824918b 100644 --- a/src/security/builtin_plugins/tests/common/src/crypto_helper.c +++ b/src/security/builtin_plugins/tests/common/src/crypto_helper.c @@ -10,10 +10,6 @@ * SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause */ #include -#include -#include -#include -#include #include "dds/ddsrt/bswap.h" #include "dds/ddsrt/endian.h" @@ -25,6 +21,7 @@ #include "dds/security/core/dds_security_serialize.h" #include "dds/security/core/dds_security_utils.h" #include "dds/security/core/shared_secret.h" +#include "dds/security/openssl_support.h" #include "CUnit/CUnit.h" #include "CUnit/Test.h" #include "crypto_helper.h" diff --git a/src/security/builtin_plugins/tests/common/src/handshake_helper.c b/src/security/builtin_plugins/tests/common/src/handshake_helper.c index 2ff63bd..ae755f8 100644 --- a/src/security/builtin_plugins/tests/common/src/handshake_helper.c +++ b/src/security/builtin_plugins/tests/common/src/handshake_helper.c @@ -9,31 +9,21 @@ * * SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause */ -#include "handshake_helper.h" -#include "dds/security/core/dds_security_serialize.h" -#include "dds/ddsrt/string.h" -#include "dds/ddsrt/heap.h" #include #include +#include + +#include "dds/ddsrt/string.h" +#include "dds/ddsrt/heap.h" #include "dds/ddsrt/environ.h" -#include "CUnit/CUnit.h" -#include "CUnit/Test.h" -#include "assert.h" #include "dds/ddsrt/misc.h" #include "dds/security/core/shared_secret.h" - -#if OPENSSL_VERSION_NUMBER >= 0x1000200fL -#define AUTH_INCLUDE_EC -#include -#include - -#if OPENSSL_VERSION_NUMBER >= 0x10100000L -#define AUTH_INCLUDE_DH_ACCESSORS -#endif -#else -#error "version not found" -#endif - +#include "dds/security/openssl_support.h" +#include "dds/security/core/dds_security_serialize.h" +#include "dds/security/core/dds_security_utils.h" +#include "CUnit/CUnit.h" +#include "CUnit/Test.h" +#include "handshake_helper.h" const BIGNUM * dh_get_public_key( diff --git a/src/security/builtin_plugins/tests/common/src/handshake_helper.h b/src/security/builtin_plugins/tests/common/src/handshake_helper.h index ac3ec24..b0e3df2 100644 --- a/src/security/builtin_plugins/tests/common/src/handshake_helper.h +++ b/src/security/builtin_plugins/tests/common/src/handshake_helper.h @@ -15,15 +15,7 @@ #include "dds/security/dds_security_api.h" #include "dds/security/core/dds_security_serialize.h" - -#include -#include -#include -#include -#include -#include -#include -#include +#include "dds/security/openssl_support.h" const BIGNUM * dh_get_public_key( diff --git a/src/security/builtin_plugins/tests/create_local_datareader_crypto_tokens/src/create_local_datareader_crypto_tokens_utests.c b/src/security/builtin_plugins/tests/create_local_datareader_crypto_tokens/src/create_local_datareader_crypto_tokens_utests.c index be6a188..014b3e2 100644 --- a/src/security/builtin_plugins/tests/create_local_datareader_crypto_tokens/src/create_local_datareader_crypto_tokens_utests.c +++ b/src/security/builtin_plugins/tests/create_local_datareader_crypto_tokens/src/create_local_datareader_crypto_tokens_utests.c @@ -9,11 +9,6 @@ * * SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause */ -#include -#include -#include -#include - #include "dds/ddsrt/heap.h" #include "dds/ddsrt/string.h" #include "dds/ddsrt/types.h" @@ -22,6 +17,7 @@ #include "dds/security/core/dds_security_serialize.h" #include "dds/security/core/dds_security_utils.h" #include "dds/security/core/shared_secret.h" +#include "dds/security/openssl_support.h" #include "CUnit/CUnit.h" #include "CUnit/Test.h" #include "common/src/loader.h" diff --git a/src/security/builtin_plugins/tests/create_local_datawriter_crypto_tokens/src/create_local_datawriter_crypto_tokens_utests.c b/src/security/builtin_plugins/tests/create_local_datawriter_crypto_tokens/src/create_local_datawriter_crypto_tokens_utests.c index 0913528..e29ab77 100644 --- a/src/security/builtin_plugins/tests/create_local_datawriter_crypto_tokens/src/create_local_datawriter_crypto_tokens_utests.c +++ b/src/security/builtin_plugins/tests/create_local_datawriter_crypto_tokens/src/create_local_datawriter_crypto_tokens_utests.c @@ -9,11 +9,6 @@ * * SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause */ -#include -#include -#include -#include - #include "dds/ddsrt/heap.h" #include "dds/ddsrt/string.h" #include "dds/ddsrt/types.h" @@ -22,6 +17,7 @@ #include "dds/security/core/dds_security_serialize.h" #include "dds/security/core/dds_security_utils.h" #include "dds/security/core/shared_secret.h" +#include "dds/security/openssl_support.h" #include "CUnit/CUnit.h" #include "CUnit/Test.h" #include "common/src/loader.h" diff --git a/src/security/builtin_plugins/tests/create_local_participant_crypto_tokens/src/create_local_participant_crypto_tokens_utests.c b/src/security/builtin_plugins/tests/create_local_participant_crypto_tokens/src/create_local_participant_crypto_tokens_utests.c index d568d58..f06138f 100644 --- a/src/security/builtin_plugins/tests/create_local_participant_crypto_tokens/src/create_local_participant_crypto_tokens_utests.c +++ b/src/security/builtin_plugins/tests/create_local_participant_crypto_tokens/src/create_local_participant_crypto_tokens_utests.c @@ -9,11 +9,6 @@ * * SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause */ -#include -#include -#include -#include - #include "dds/ddsrt/heap.h" #include "dds/ddsrt/string.h" #include "dds/ddsrt/types.h" @@ -22,6 +17,7 @@ #include "dds/security/core/dds_security_serialize.h" #include "dds/security/core/dds_security_utils.h" #include "dds/security/core/shared_secret.h" +#include "dds/security/openssl_support.h" #include "CUnit/CUnit.h" #include "CUnit/Test.h" #include "common/src/loader.h" diff --git a/src/security/builtin_plugins/tests/decode_datareader_submessage/src/decode_datareader_submessage_utests.c b/src/security/builtin_plugins/tests/decode_datareader_submessage/src/decode_datareader_submessage_utests.c index 6af6f07..d3e1972 100644 --- a/src/security/builtin_plugins/tests/decode_datareader_submessage/src/decode_datareader_submessage_utests.c +++ b/src/security/builtin_plugins/tests/decode_datareader_submessage/src/decode_datareader_submessage_utests.c @@ -9,12 +9,6 @@ * * SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause */ -#include -#include -#include -#include -#include - #include "dds/ddsrt/bswap.h" #include "dds/ddsrt/heap.h" #include "dds/ddsrt/string.h" @@ -24,6 +18,7 @@ #include "dds/security/core/dds_security_serialize.h" #include "dds/security/core/dds_security_utils.h" #include "dds/security/core/shared_secret.h" +#include "dds/security/openssl_support.h" #include "CUnit/CUnit.h" #include "CUnit/Test.h" #include "common/src/loader.h" diff --git a/src/security/builtin_plugins/tests/decode_datawriter_submessage/src/decode_datawriter_submessage_utests.c b/src/security/builtin_plugins/tests/decode_datawriter_submessage/src/decode_datawriter_submessage_utests.c index 4c297fc..15e1139 100644 --- a/src/security/builtin_plugins/tests/decode_datawriter_submessage/src/decode_datawriter_submessage_utests.c +++ b/src/security/builtin_plugins/tests/decode_datawriter_submessage/src/decode_datawriter_submessage_utests.c @@ -10,10 +10,6 @@ * SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause */ #include -#include -#include -#include -#include #include "dds/ddsrt/bswap.h" #include "dds/ddsrt/heap.h" @@ -25,6 +21,7 @@ #include "dds/security/core/dds_security_serialize.h" #include "dds/security/core/dds_security_utils.h" #include "dds/security/core/shared_secret.h" +#include "dds/security/openssl_support.h" #include "CUnit/CUnit.h" #include "CUnit/Test.h" #include "common/src/loader.h" diff --git a/src/security/builtin_plugins/tests/decode_rtps_message/src/decode_rtps_message_utests.c b/src/security/builtin_plugins/tests/decode_rtps_message/src/decode_rtps_message_utests.c index 0923af3..778701b 100644 --- a/src/security/builtin_plugins/tests/decode_rtps_message/src/decode_rtps_message_utests.c +++ b/src/security/builtin_plugins/tests/decode_rtps_message/src/decode_rtps_message_utests.c @@ -10,10 +10,6 @@ * SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause */ #include -#include -#include -#include -#include #include "dds/ddsrt/bswap.h" #include "dds/ddsrt/endian.h" @@ -25,6 +21,7 @@ #include "dds/security/core/dds_security_serialize.h" #include "dds/security/core/dds_security_utils.h" #include "dds/security/core/shared_secret.h" +#include "dds/security/openssl_support.h" #include "CUnit/CUnit.h" #include "CUnit/Test.h" #include "common/src/loader.h" diff --git a/src/security/builtin_plugins/tests/decode_serialized_payload/src/decode_serialized_payload_utests.c b/src/security/builtin_plugins/tests/decode_serialized_payload/src/decode_serialized_payload_utests.c index 05fcf46..85a3c2d 100644 --- a/src/security/builtin_plugins/tests/decode_serialized_payload/src/decode_serialized_payload_utests.c +++ b/src/security/builtin_plugins/tests/decode_serialized_payload/src/decode_serialized_payload_utests.c @@ -11,11 +11,6 @@ */ #include -#include -#include -#include -#include - #include "dds/ddsrt/bswap.h" #include "dds/ddsrt/heap.h" #include "dds/ddsrt/string.h" @@ -25,6 +20,7 @@ #include "dds/security/core/dds_security_serialize.h" #include "dds/security/core/dds_security_utils.h" #include "dds/security/core/shared_secret.h" +#include "dds/security/openssl_support.h" #include "CUnit/CUnit.h" #include "CUnit/Test.h" #include "common/src/loader.h" diff --git a/src/security/builtin_plugins/tests/encode_datareader_submessage/src/encode_datareader_submessage_utests.c b/src/security/builtin_plugins/tests/encode_datareader_submessage/src/encode_datareader_submessage_utests.c index 2962aca..2924299 100644 --- a/src/security/builtin_plugins/tests/encode_datareader_submessage/src/encode_datareader_submessage_utests.c +++ b/src/security/builtin_plugins/tests/encode_datareader_submessage/src/encode_datareader_submessage_utests.c @@ -10,10 +10,6 @@ * SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause */ #include -#include -#include -#include -#include #include "dds/ddsrt/bswap.h" #include "dds/ddsrt/endian.h" @@ -25,6 +21,7 @@ #include "dds/security/core/dds_security_serialize.h" #include "dds/security/core/dds_security_utils.h" #include "dds/security/core/shared_secret.h" +#include "dds/security/openssl_support.h" #include "CUnit/CUnit.h" #include "CUnit/Test.h" #include "common/src/loader.h" diff --git a/src/security/builtin_plugins/tests/encode_datawriter_submessage/src/encode_datawriter_submessage_utests.c b/src/security/builtin_plugins/tests/encode_datawriter_submessage/src/encode_datawriter_submessage_utests.c index 30a4ce4..389c27c 100644 --- a/src/security/builtin_plugins/tests/encode_datawriter_submessage/src/encode_datawriter_submessage_utests.c +++ b/src/security/builtin_plugins/tests/encode_datawriter_submessage/src/encode_datawriter_submessage_utests.c @@ -10,10 +10,6 @@ * SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause */ #include -#include -#include -#include -#include #include "dds/ddsrt/bswap.h" #include "dds/ddsrt/endian.h" @@ -25,6 +21,7 @@ #include "dds/security/core/dds_security_serialize.h" #include "dds/security/core/dds_security_utils.h" #include "dds/security/core/shared_secret.h" +#include "dds/security/openssl_support.h" #include "CUnit/CUnit.h" #include "CUnit/Test.h" #include "common/src/loader.h" diff --git a/src/security/builtin_plugins/tests/encode_rtps_message/src/encode_rtps_message_utests.c b/src/security/builtin_plugins/tests/encode_rtps_message/src/encode_rtps_message_utests.c index ea77f41..c6d6244 100644 --- a/src/security/builtin_plugins/tests/encode_rtps_message/src/encode_rtps_message_utests.c +++ b/src/security/builtin_plugins/tests/encode_rtps_message/src/encode_rtps_message_utests.c @@ -10,10 +10,6 @@ * SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause */ #include -#include -#include -#include -#include #include "dds/ddsrt/bswap.h" #include "dds/ddsrt/heap.h" @@ -24,6 +20,7 @@ #include "dds/security/core/dds_security_serialize.h" #include "dds/security/core/dds_security_utils.h" #include "dds/security/core/shared_secret.h" +#include "dds/security/openssl_support.h" #include "CUnit/CUnit.h" #include "CUnit/Test.h" #include "common/src/loader.h" diff --git a/src/security/builtin_plugins/tests/encode_serialized_payload/src/encode_serialized_payload_utests.c b/src/security/builtin_plugins/tests/encode_serialized_payload/src/encode_serialized_payload_utests.c index e4cd8ea..302972b 100644 --- a/src/security/builtin_plugins/tests/encode_serialized_payload/src/encode_serialized_payload_utests.c +++ b/src/security/builtin_plugins/tests/encode_serialized_payload/src/encode_serialized_payload_utests.c @@ -10,10 +10,6 @@ * SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause */ #include -#include -#include -#include -#include #include "dds/ddsrt/bswap.h" #include "dds/ddsrt/heap.h" @@ -24,6 +20,7 @@ #include "dds/security/core/dds_security_serialize.h" #include "dds/security/core/dds_security_utils.h" #include "dds/security/core/shared_secret.h" +#include "dds/security/openssl_support.h" #include "CUnit/CUnit.h" #include "CUnit/Test.h" #include "common/src/loader.h" diff --git a/src/security/builtin_plugins/tests/get_authenticated_peer_credential_token/src/get_authenticated_peer_credential_token_utests.c b/src/security/builtin_plugins/tests/get_authenticated_peer_credential_token/src/get_authenticated_peer_credential_token_utests.c index 6ae66d7..28f88e2 100644 --- a/src/security/builtin_plugins/tests/get_authenticated_peer_credential_token/src/get_authenticated_peer_credential_token_utests.c +++ b/src/security/builtin_plugins/tests/get_authenticated_peer_credential_token/src/get_authenticated_peer_credential_token_utests.c @@ -10,32 +10,23 @@ * SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause */ -/* CUnit includes. */ - -#include "CUnit/CUnit.h" -#include "CUnit/Test.h" -#include "assert.h" -/* Test helper includes. */ -#include "common/src/loader.h" -#include "common/src/handshake_helper.h" - -#include "dds/security/dds_security_api.h" -#include -#include -#include -#include +#include +#include +#include #include "dds/ddsrt/string.h" #include "dds/ddsrt/heap.h" -#include -#include #include "dds/ddsrt/environ.h" - #include "dds/ddsrt/bswap.h" #include "dds/ddsrt/misc.h" -#include "dds/security/core/dds_security_serialize.h" #include "dds/security/dds_security_api.h" +#include "dds/security/core/dds_security_serialize.h" #include "dds/security/core/dds_security_utils.h" +#include "dds/security/openssl_support.h" +#include "CUnit/CUnit.h" +#include "CUnit/Test.h" +#include "common/src/loader.h" +#include "common/src/handshake_helper.h" #define HANDSHAKE_SIGNATURE_SIZE 6 @@ -884,6 +875,7 @@ release_remote_identities(void) CU_Init(ddssec_builtin_get_authenticated_peer_credential) { int result = 0; + dds_openssl_init (); /* Only need the authentication plugin. */ g_plugins = load_plugins(NULL /* Access Control */, diff --git a/src/security/builtin_plugins/tests/get_permissions_credential_token/src/get_permissions_credential_token_utests.c b/src/security/builtin_plugins/tests/get_permissions_credential_token/src/get_permissions_credential_token_utests.c index bed337f..0a7c2b8 100644 --- a/src/security/builtin_plugins/tests/get_permissions_credential_token/src/get_permissions_credential_token_utests.c +++ b/src/security/builtin_plugins/tests/get_permissions_credential_token/src/get_permissions_credential_token_utests.c @@ -11,10 +11,6 @@ */ #include #include -#include -#include -#include -#include #include "dds/ddsrt/environ.h" #include "dds/ddsrt/heap.h" @@ -23,6 +19,7 @@ #include "dds/ddsrt/types.h" #include "dds/security/dds_security_api.h" #include "dds/security/core/dds_security_utils.h" +#include "dds/security/openssl_support.h" #include "CUnit/CUnit.h" #include "CUnit/Test.h" #include "common/src/loader.h" diff --git a/src/security/builtin_plugins/tests/get_permissions_token/src/get_permissions_token_utests.c b/src/security/builtin_plugins/tests/get_permissions_token/src/get_permissions_token_utests.c index ca4f708..5d39735 100644 --- a/src/security/builtin_plugins/tests/get_permissions_token/src/get_permissions_token_utests.c +++ b/src/security/builtin_plugins/tests/get_permissions_token/src/get_permissions_token_utests.c @@ -10,10 +10,6 @@ * SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause */ #include -#include -#include -#include -#include #include "dds/ddsrt/environ.h" #include "dds/ddsrt/heap.h" @@ -22,6 +18,7 @@ #include "dds/ddsrt/types.h" #include "dds/security/dds_security_api.h" #include "dds/security/core/dds_security_utils.h" +#include "dds/security/openssl_support.h" #include "CUnit/CUnit.h" #include "CUnit/Test.h" #include "common/src/loader.h" diff --git a/src/security/builtin_plugins/tests/get_xxx_sec_attributes/src/get_xxx_sec_attributes_utests.c b/src/security/builtin_plugins/tests/get_xxx_sec_attributes/src/get_xxx_sec_attributes_utests.c index 04df354..2b0c47e 100644 --- a/src/security/builtin_plugins/tests/get_xxx_sec_attributes/src/get_xxx_sec_attributes_utests.c +++ b/src/security/builtin_plugins/tests/get_xxx_sec_attributes/src/get_xxx_sec_attributes_utests.c @@ -10,10 +10,6 @@ * SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause */ #include -#include -#include -#include -#include #include "dds/ddsrt/environ.h" #include "dds/ddsrt/heap.h" @@ -22,6 +18,7 @@ #include "dds/ddsrt/types.h" #include "dds/security/dds_security_api.h" #include "dds/security/core/dds_security_utils.h" +#include "dds/security/openssl_support.h" #include "CUnit/CUnit.h" #include "CUnit/Test.h" #include "common/src/loader.h" diff --git a/src/security/builtin_plugins/tests/listeners_access_control/src/listeners_access_control_utests.c b/src/security/builtin_plugins/tests/listeners_access_control/src/listeners_access_control_utests.c index bd7eab6..5cc898a 100644 --- a/src/security/builtin_plugins/tests/listeners_access_control/src/listeners_access_control_utests.c +++ b/src/security/builtin_plugins/tests/listeners_access_control/src/listeners_access_control_utests.c @@ -10,12 +10,6 @@ * SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause */ #include -#include -#include -#include -#include -#include -#include #include "dds/ddsrt/environ.h" #include "dds/ddsrt/heap.h" @@ -25,19 +19,12 @@ #include "dds/ddsrt/types.h" #include "dds/security/dds_security_api.h" #include "dds/security/core/dds_security_utils.h" +#include "dds/security/openssl_support.h" #include "CUnit/CUnit.h" #include "CUnit/Test.h" #include "common/src/loader.h" #include "config_env.h" -#if OPENSSL_VERSION_NUMBER >= 0x10000000L && OPENSSL_VERSION_NUMBER < 0x10100000L -#define REMOVE_THREAD_STATE() ERR_remove_thread_state(NULL); -#elif OPENSSL_VERSION_NUMBER < 0x10000000L -#define REMOVE_THREAD_STATE() ERR_remove_state(0); -#else -#define REMOVE_THREAD_STATE() -#endif - static const char *ACCESS_PERMISSIONS_TOKEN_ID = "DDS:Access:Permissions:1.0"; static const char *AUTH_PROTOCOL_CLASS_ID = "DDS:Auth:PKI-DH:1.0"; @@ -549,8 +536,7 @@ CU_Init(ddssec_builtin_listeners_access_control) } else { set_path_to_etc_dir(); set_path_build_dir(); - OpenSSL_add_all_algorithms(); - ERR_load_crypto_strings(); + dds_openssl_init (); } return res; @@ -560,11 +546,6 @@ CU_Clean(ddssec_builtin_listeners_access_control) { unload_plugins(plugins); ddsrt_free(g_path_to_etc_dir); - EVP_cleanup(); - CRYPTO_cleanup_all_ex_data(); - REMOVE_THREAD_STATE(); - ERR_free_strings(); - return 0; } diff --git a/src/security/builtin_plugins/tests/listeners_authentication/src/listeners_authentication_utests.c b/src/security/builtin_plugins/tests/listeners_authentication/src/listeners_authentication_utests.c index 7575837..fb27369 100644 --- a/src/security/builtin_plugins/tests/listeners_authentication/src/listeners_authentication_utests.c +++ b/src/security/builtin_plugins/tests/listeners_authentication/src/listeners_authentication_utests.c @@ -2,49 +2,23 @@ * @brief Unit tests for qos APIs * */ -/* CUnit includes. */ -#include "CUnit/CUnit.h" -#include "CUnit/Test.h" - #include -/* Test helper includes. */ -#include "common/src/loader.h" - -#include "config_env.h" - #include "dds/ddsrt/time.h" -#include "dds/security/dds_security_api.h" -#include "dds/security/dds_security_api_authentication.h" #include "dds/ddsrt/heap.h" #include "dds/ddsrt/string.h" #include "dds/ddsrt/misc.h" #include "dds/ddsrt/endian.h" #include "dds/ddsrt/io.h" +#include "dds/security/dds_security_api.h" +#include "dds/security/dds_security_api_authentication.h" #include "dds/security/core/dds_security_serialize.h" #include "dds/security/core/dds_security_utils.h" - -#include -#include -#include -#include -#include -#include -#include -#include -#include - - -#if OPENSSL_VERSION_NUMBER >= 0x1000200fL -#define AUTH_INCLUDE_EC -#include -#if OPENSSL_VERSION_NUMBER >= 0x10100000L -#define AUTH_INCLUDE_DH_ACCESSORS -#endif -#else -#error "version not found" -#endif - +#include "dds/security/openssl_support.h" +#include "CUnit/CUnit.h" +#include "CUnit/Test.h" +#include "common/src/loader.h" +#include "config_env.h" static const char * ACCESS_PERMISSIONS_TOKEN_ID = "DDS:Access:Permissions:1.0"; static const char * AUTH_PROTOCOL_CLASS_ID = "DDS:Auth:PKI-DH:1.0"; @@ -1119,6 +1093,7 @@ get_dh_public_key_ecdh( CU_Init(ddssec_builtin_listeners_auth) { int res = 0; + dds_openssl_init (); plugins = load_plugins(&access_control /* Access Control */, &auth /* Authentication */, @@ -1146,11 +1121,7 @@ CU_Init(ddssec_builtin_listeners_auth) res = -1; } - /* Openssl init */ - OpenSSL_add_all_algorithms(); - ERR_load_BIO_strings(); - ERR_load_crypto_strings(); - + dds_openssl_init (); return res; } @@ -1168,9 +1139,6 @@ CU_Clean(ddssec_builtin_listeners_auth) unload_plugins(plugins); ddsrt_free(path_to_etc_dir); - EVP_cleanup(); - CRYPTO_cleanup_all_ex_data(); - ERR_free_strings(); return 0; } diff --git a/src/security/builtin_plugins/tests/preprocess_secure_submsg/src/preprocess_secure_submsg_utests.c b/src/security/builtin_plugins/tests/preprocess_secure_submsg/src/preprocess_secure_submsg_utests.c index 62a6973..d8c5201 100644 --- a/src/security/builtin_plugins/tests/preprocess_secure_submsg/src/preprocess_secure_submsg_utests.c +++ b/src/security/builtin_plugins/tests/preprocess_secure_submsg/src/preprocess_secure_submsg_utests.c @@ -9,11 +9,6 @@ * * SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause */ -#include -#include -#include -#include - #include "dds/ddsrt/bswap.h" #include "dds/ddsrt/heap.h" #include "dds/ddsrt/string.h" @@ -23,6 +18,7 @@ #include "dds/security/core/dds_security_serialize.h" #include "dds/security/core/dds_security_utils.h" #include "dds/security/core/shared_secret.h" +#include "dds/security/openssl_support.h" #include "CUnit/CUnit.h" #include "CUnit/Test.h" #include "common/src/loader.h" diff --git a/src/security/builtin_plugins/tests/process_handshake/src/process_handshake_utests.c b/src/security/builtin_plugins/tests/process_handshake/src/process_handshake_utests.c index dabd5a8..d342cfb 100644 --- a/src/security/builtin_plugins/tests/process_handshake/src/process_handshake_utests.c +++ b/src/security/builtin_plugins/tests/process_handshake/src/process_handshake_utests.c @@ -1,36 +1,20 @@ +#include +#include +#include - -/* CUnit includes. */ -#include "common/src/handshake_helper.h" - -/* Test helper includes. */ -#include "common/src/loader.h" - -/* Private header include */ -#include "dds/security/dds_security_api.h" -#include "dds/security/core/dds_security_serialize.h" -#include "dds/security/core/dds_security_utils.h" -#include "dds/security/dds_security_api.h" #include "dds/ddsrt/bswap.h" #include "dds/ddsrt/heap.h" #include "dds/ddsrt/string.h" -#include -#include #include "dds/ddsrt/environ.h" +#include "dds/security/dds_security_api.h" +#include "dds/security/core/dds_security_serialize.h" +#include "dds/security/core/dds_security_utils.h" +#include "dds/security/openssl_support.h" +#include "common/src/handshake_helper.h" +#include "common/src/loader.h" #include "CUnit/CUnit.h" #include "CUnit/Test.h" -#include "assert.h" - -#include -#include -#include -#include -#include - - -#include "dds/security/core/dds_security_serialize.h" -#include "dds/security/dds_security_api.h" -#include "dds/security/core/dds_security_utils.h" +#include "config_env.h" #define HANDSHAKE_SIGNATURE_SIZE 6 @@ -1003,6 +987,7 @@ release_remote_identities(void) CU_Init(ddssec_builtin_process_handshake) { int result = 0; + dds_openssl_init (); /* Only need the authentication plugin. */ plugins = load_plugins(NULL /* Access Control */, diff --git a/src/security/builtin_plugins/tests/register_local_datareader/src/register_local_datareader_utests.c b/src/security/builtin_plugins/tests/register_local_datareader/src/register_local_datareader_utests.c index 503ef14..9001047 100644 --- a/src/security/builtin_plugins/tests/register_local_datareader/src/register_local_datareader_utests.c +++ b/src/security/builtin_plugins/tests/register_local_datareader/src/register_local_datareader_utests.c @@ -11,11 +11,6 @@ */ #include -#include -#include -#include -#include - #include "dds/ddsrt/heap.h" #include "dds/ddsrt/string.h" #include "dds/ddsrt/types.h" @@ -24,6 +19,7 @@ #include "dds/security/core/dds_security_serialize.h" #include "dds/security/core/dds_security_utils.h" #include "dds/security/core/shared_secret.h" +#include "dds/security/openssl_support.h" #include "CUnit/CUnit.h" #include "CUnit/Test.h" #include "common/src/loader.h" diff --git a/src/security/builtin_plugins/tests/register_local_datawriter/src/register_local_datawriter_utests.c b/src/security/builtin_plugins/tests/register_local_datawriter/src/register_local_datawriter_utests.c index 4830f68..80486e5 100644 --- a/src/security/builtin_plugins/tests/register_local_datawriter/src/register_local_datawriter_utests.c +++ b/src/security/builtin_plugins/tests/register_local_datawriter/src/register_local_datawriter_utests.c @@ -11,11 +11,6 @@ */ #include -#include -#include -#include -#include - #include "dds/ddsrt/heap.h" #include "dds/ddsrt/string.h" #include "dds/ddsrt/types.h" @@ -24,6 +19,7 @@ #include "dds/security/core/dds_security_serialize.h" #include "dds/security/core/dds_security_utils.h" #include "dds/security/core/shared_secret.h" +#include "dds/security/openssl_support.h" #include "CUnit/CUnit.h" #include "CUnit/Test.h" #include "common/src/loader.h" diff --git a/src/security/builtin_plugins/tests/register_local_participant/src/register_local_participant_utests.c b/src/security/builtin_plugins/tests/register_local_participant/src/register_local_participant_utests.c index 1602d9a..c3f39fc 100644 --- a/src/security/builtin_plugins/tests/register_local_participant/src/register_local_participant_utests.c +++ b/src/security/builtin_plugins/tests/register_local_participant/src/register_local_participant_utests.c @@ -11,11 +11,6 @@ */ #include -#include -#include -#include -#include - #include "dds/ddsrt/heap.h" #include "dds/ddsrt/string.h" #include "dds/ddsrt/types.h" @@ -24,6 +19,7 @@ #include "dds/security/core/dds_security_serialize.h" #include "dds/security/core/dds_security_utils.h" #include "dds/security/core/shared_secret.h" +#include "dds/security/openssl_support.h" #include "CUnit/CUnit.h" #include "CUnit/Test.h" #include "common/src/loader.h" diff --git a/src/security/builtin_plugins/tests/register_matched_remote_datareader/src/register_matched_remote_datareader_utests.c b/src/security/builtin_plugins/tests/register_matched_remote_datareader/src/register_matched_remote_datareader_utests.c index 2f0eadb..1ed3591 100644 --- a/src/security/builtin_plugins/tests/register_matched_remote_datareader/src/register_matched_remote_datareader_utests.c +++ b/src/security/builtin_plugins/tests/register_matched_remote_datareader/src/register_matched_remote_datareader_utests.c @@ -11,11 +11,6 @@ */ #include -#include -#include -#include -#include - #include "dds/ddsrt/heap.h" #include "dds/ddsrt/string.h" #include "dds/ddsrt/types.h" @@ -24,6 +19,7 @@ #include "dds/security/core/dds_security_serialize.h" #include "dds/security/core/dds_security_utils.h" #include "dds/security/core/shared_secret.h" +#include "dds/security/openssl_support.h" #include "CUnit/CUnit.h" #include "CUnit/Test.h" #include "common/src/loader.h" diff --git a/src/security/builtin_plugins/tests/register_matched_remote_datawriter/src/register_matched_remote_datawriter_utests.c b/src/security/builtin_plugins/tests/register_matched_remote_datawriter/src/register_matched_remote_datawriter_utests.c index c9dc669..6e4ac1a 100644 --- a/src/security/builtin_plugins/tests/register_matched_remote_datawriter/src/register_matched_remote_datawriter_utests.c +++ b/src/security/builtin_plugins/tests/register_matched_remote_datawriter/src/register_matched_remote_datawriter_utests.c @@ -11,11 +11,6 @@ */ #include -#include -#include -#include -#include - #include "dds/ddsrt/heap.h" #include "dds/ddsrt/string.h" #include "dds/ddsrt/types.h" @@ -24,6 +19,7 @@ #include "dds/security/core/dds_security_serialize.h" #include "dds/security/core/dds_security_utils.h" #include "dds/security/core/shared_secret.h" +#include "dds/security/openssl_support.h" #include "CUnit/CUnit.h" #include "CUnit/Test.h" #include "common/src/loader.h" diff --git a/src/security/builtin_plugins/tests/register_matched_remote_participant/src/register_matched_remote_participant_utests.c b/src/security/builtin_plugins/tests/register_matched_remote_participant/src/register_matched_remote_participant_utests.c index 2402697..43b4c53 100644 --- a/src/security/builtin_plugins/tests/register_matched_remote_participant/src/register_matched_remote_participant_utests.c +++ b/src/security/builtin_plugins/tests/register_matched_remote_participant/src/register_matched_remote_participant_utests.c @@ -9,11 +9,6 @@ * * SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause */ -#include -#include -#include -#include - #include "dds/ddsrt/heap.h" #include "dds/ddsrt/string.h" #include "dds/ddsrt/types.h" @@ -22,6 +17,7 @@ #include "dds/security/core/dds_security_serialize.h" #include "dds/security/core/dds_security_utils.h" #include "dds/security/core/shared_secret.h" +#include "dds/security/openssl_support.h" #include "CUnit/CUnit.h" #include "CUnit/Test.h" #include "common/src/loader.h" diff --git a/src/security/builtin_plugins/tests/set_remote_datareader_crypto_tokens/src/set_remote_datareader_crypto_tokens_utests.c b/src/security/builtin_plugins/tests/set_remote_datareader_crypto_tokens/src/set_remote_datareader_crypto_tokens_utests.c index 68e3448..5cdb615 100644 --- a/src/security/builtin_plugins/tests/set_remote_datareader_crypto_tokens/src/set_remote_datareader_crypto_tokens_utests.c +++ b/src/security/builtin_plugins/tests/set_remote_datareader_crypto_tokens/src/set_remote_datareader_crypto_tokens_utests.c @@ -9,11 +9,6 @@ * * SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause */ -#include -#include -#include -#include - #include "dds/ddsrt/heap.h" #include "dds/ddsrt/string.h" #include "dds/ddsrt/types.h" @@ -22,6 +17,7 @@ #include "dds/security/core/dds_security_serialize.h" #include "dds/security/core/dds_security_utils.h" #include "dds/security/core/shared_secret.h" +#include "dds/security/openssl_support.h" #include "CUnit/CUnit.h" #include "CUnit/Test.h" #include "common/src/loader.h" diff --git a/src/security/builtin_plugins/tests/set_remote_datawriter_crypto_tokens/src/set_remote_datawriter_crypto_tokens_utests.c b/src/security/builtin_plugins/tests/set_remote_datawriter_crypto_tokens/src/set_remote_datawriter_crypto_tokens_utests.c index a223604..5816149 100644 --- a/src/security/builtin_plugins/tests/set_remote_datawriter_crypto_tokens/src/set_remote_datawriter_crypto_tokens_utests.c +++ b/src/security/builtin_plugins/tests/set_remote_datawriter_crypto_tokens/src/set_remote_datawriter_crypto_tokens_utests.c @@ -9,11 +9,6 @@ * * SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause */ -#include -#include -#include -#include - #include "dds/ddsrt/heap.h" #include "dds/ddsrt/string.h" #include "dds/ddsrt/types.h" @@ -22,6 +17,7 @@ #include "dds/security/core/dds_security_serialize.h" #include "dds/security/core/dds_security_utils.h" #include "dds/security/core/shared_secret.h" +#include "dds/security/openssl_support.h" #include "CUnit/CUnit.h" #include "CUnit/Test.h" #include "common/src/loader.h" diff --git a/src/security/builtin_plugins/tests/set_remote_participant_crypto_tokens/src/set_remote_participant_crypto_tokens_utests.c b/src/security/builtin_plugins/tests/set_remote_participant_crypto_tokens/src/set_remote_participant_crypto_tokens_utests.c index 433b8fc..ddaf325 100644 --- a/src/security/builtin_plugins/tests/set_remote_participant_crypto_tokens/src/set_remote_participant_crypto_tokens_utests.c +++ b/src/security/builtin_plugins/tests/set_remote_participant_crypto_tokens/src/set_remote_participant_crypto_tokens_utests.c @@ -9,11 +9,6 @@ * * SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause */ -#include -#include -#include -#include - #include "dds/ddsrt/heap.h" #include "dds/ddsrt/string.h" #include "dds/ddsrt/types.h" @@ -22,6 +17,7 @@ #include "dds/security/core/dds_security_serialize.h" #include "dds/security/core/dds_security_utils.h" #include "dds/security/core/shared_secret.h" +#include "dds/security/openssl_support.h" #include "CUnit/CUnit.h" #include "CUnit/Test.h" #include "common/src/loader.h" diff --git a/src/security/builtin_plugins/tests/validate_begin_handshake_reply/src/validate_begin_handshake_reply_utests.c b/src/security/builtin_plugins/tests/validate_begin_handshake_reply/src/validate_begin_handshake_reply_utests.c index e8f5259..bd2021b 100644 --- a/src/security/builtin_plugins/tests/validate_begin_handshake_reply/src/validate_begin_handshake_reply_utests.c +++ b/src/security/builtin_plugins/tests/validate_begin_handshake_reply/src/validate_begin_handshake_reply_utests.c @@ -1,35 +1,19 @@ +#include +#include +#include - - - -/* CUnit includes. */ - - -/* Test helper includes. */ -#include "common/src/loader.h" -#include "config_env.h" - -/* Private header include */ -#include -#include -#include -#include -#include -#include - -#include "dds/security/dds_security_api.h" +#include "dds/ddsrt/heap.h" +#include "dds/ddsrt/string.h" +#include "dds/ddsrt/bswap.h" +#include "dds/ddsrt/environ.h" #include "dds/security/core/dds_security_serialize.h" #include "dds/security/core/dds_security_utils.h" #include "dds/security/dds_security_api.h" -#include "dds/ddsrt/heap.h" -#include "dds/ddsrt/string.h" -#include -#include -#include "dds/ddsrt/bswap.h" -#include "dds/ddsrt/environ.h" +#include "dds/security/openssl_support.h" #include "CUnit/CUnit.h" #include "CUnit/Test.h" -#include "assert.h" +#include "common/src/loader.h" +#include "config_env.h" static const char * AUTH_PROTOCOL_CLASS_ID = "DDS:Auth:PKI-DH:1.0"; static const char * PERM_ACCESS_CLASS_ID = "DDS:Access:Permissions:1.0"; diff --git a/src/security/builtin_plugins/tests/validate_begin_handshake_request/src/validate_begin_handshake_request_utests.c b/src/security/builtin_plugins/tests/validate_begin_handshake_request/src/validate_begin_handshake_request_utests.c index 5137565..0c1b198 100644 --- a/src/security/builtin_plugins/tests/validate_begin_handshake_request/src/validate_begin_handshake_request_utests.c +++ b/src/security/builtin_plugins/tests/validate_begin_handshake_request/src/validate_begin_handshake_request_utests.c @@ -22,6 +22,10 @@ /* Private header include */ +#ifdef _WIN32 +/* supposedly WinSock2 must be included before openssl 1.0.2 headers otherwise winsock will be used */ +#include +#endif #include static const char * AUTH_PROTOCOL_CLASS_ID = "DDS:Auth:PKI-DH:1.0"; diff --git a/src/security/builtin_plugins/tests/validate_local_identity/src/validate_local_identity_utests.c b/src/security/builtin_plugins/tests/validate_local_identity/src/validate_local_identity_utests.c index 721e854..2d27668 100644 --- a/src/security/builtin_plugins/tests/validate_local_identity/src/validate_local_identity_utests.c +++ b/src/security/builtin_plugins/tests/validate_local_identity/src/validate_local_identity_utests.c @@ -16,7 +16,8 @@ #include "dds/security/dds_security_api.h" -#include +#include "dds/security/openssl_support.h" + #include #include #include diff --git a/src/security/builtin_plugins/tests/validate_local_permissions/src/validate_local_permissions_utests.c b/src/security/builtin_plugins/tests/validate_local_permissions/src/validate_local_permissions_utests.c index f0a4cb5..2db3d15 100644 --- a/src/security/builtin_plugins/tests/validate_local_permissions/src/validate_local_permissions_utests.c +++ b/src/security/builtin_plugins/tests/validate_local_permissions/src/validate_local_permissions_utests.c @@ -10,10 +10,6 @@ * SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause */ #include -#include -#include -#include -#include #include "dds/ddsrt/environ.h" #include "dds/ddsrt/heap.h" @@ -22,6 +18,7 @@ #include "dds/ddsrt/types.h" #include "dds/security/dds_security_api.h" #include "dds/security/core/dds_security_utils.h" +#include "dds/security/openssl_support.h" #include "CUnit/CUnit.h" #include "CUnit/Test.h" #include "common/src/loader.h" diff --git a/src/security/builtin_plugins/tests/validate_remote_permissions/src/validate_remote_permissions_utests.c b/src/security/builtin_plugins/tests/validate_remote_permissions/src/validate_remote_permissions_utests.c index 84c413f..700a38a 100644 --- a/src/security/builtin_plugins/tests/validate_remote_permissions/src/validate_remote_permissions_utests.c +++ b/src/security/builtin_plugins/tests/validate_remote_permissions/src/validate_remote_permissions_utests.c @@ -10,10 +10,6 @@ * SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause */ #include -#include -#include -#include -#include #include "dds/ddsrt/environ.h" #include "dds/ddsrt/heap.h" @@ -22,6 +18,7 @@ #include "dds/ddsrt/types.h" #include "dds/security/dds_security_api.h" #include "dds/security/core/dds_security_utils.h" +#include "dds/security/openssl_support.h" #include "CUnit/CUnit.h" #include "CUnit/Test.h" #include "common/src/loader.h" diff --git a/src/security/core/include/dds/security/core/dds_security_utils.h b/src/security/core/include/dds/security/core/dds_security_utils.h index 21ac8fc..e56a5f9 100644 --- a/src/security/core/include/dds/security/core/dds_security_utils.h +++ b/src/security/core/include/dds/security/core/dds_security_utils.h @@ -17,6 +17,7 @@ #include #include #include + #include "dds/export.h" #include "dds/ddsrt/strtol.h" #include "dds/ddsrt/time.h" @@ -280,17 +281,6 @@ DDS_Security_Exception_set( const char *fmt, ...); - -#ifdef DDSI_INCLUDE_SSL -DDS_EXPORT void -DDS_Security_Exception_set_with_openssl_error( - DDS_Security_SecurityException *ex, - const char *context, - int code, - int minor_code, - const char *fmt); -#endif - DDS_EXPORT void DDS_Security_Exception_reset( DDS_Security_SecurityException *ex); diff --git a/src/security/core/src/dds_security_utils.c b/src/security/core/src/dds_security_utils.c index 0d3742a..5bf7843 100644 --- a/src/security/core/src/dds_security_utils.c +++ b/src/security/core/src/dds_security_utils.c @@ -13,19 +13,14 @@ #include #include #include +#include #include + +#include "dds/ddsrt/string.h" +#include "dds/ddsrt/misc.h" #include "dds/security/dds_security_api.h" #include "dds/security/core/dds_security_utils.h" #include "dds/ddsrt/heap.h" -#include "stdlib.h" -#include "stdarg.h" -#include "dds/ddsrt/string.h" -#include "dds/ddsrt/misc.h" - -#ifdef DDSI_INCLUDE_SSL -#include -#include -#endif DDS_Security_BinaryProperty_t * DDS_Security_BinaryProperty_alloc (void) @@ -805,40 +800,6 @@ void DDS_Security_Exception_set (DDS_Security_SecurityException *ex, const char va_end(args1); } -#ifdef DDSI_INCLUDE_SSL -DDS_EXPORT void -DDS_Security_Exception_set_with_openssl_error( - DDS_Security_SecurityException *ex, - const char *context, - int code, - int minor_code, - const char *error_area) -{ - BIO *bio; - assert(context); - assert(error_area); - assert(ex); - DDSRT_UNUSED_ARG(context); - - if ((bio = BIO_new(BIO_s_mem()))) { - ERR_print_errors(bio); - char *buf = NULL; - size_t len = (size_t)BIO_get_mem_data(bio, &buf); - size_t exception_msg_len = len + strlen(error_area) + 1; - char *str = ddsrt_malloc(exception_msg_len); - ddsrt_strlcpy(str, error_area, exception_msg_len); - memcpy(str + strlen(error_area), buf, len); - str[exception_msg_len - 1] = '\0'; - ex->message = str; - ex->code = code; - ex->minor_code = minor_code; - BIO_free(bio); - } else { - DDS_Security_Exception_set(ex, context, code, minor_code, "BIO_new failed"); - } -} -#endif - void DDS_Security_Exception_reset( DDS_Security_SecurityException *ex) diff --git a/src/security/core/tests/CMakeLists.txt b/src/security/core/tests/CMakeLists.txt index 19fc14a..a1aaa93 100644 --- a/src/security/core/tests/CMakeLists.txt +++ b/src/security/core/tests/CMakeLists.txt @@ -102,6 +102,12 @@ target_include_directories( "$" "$" ) +if(ENABLE_SSL) + target_include_directories( + cunit_security_core PRIVATE + "$>" + ) +endif() set(common_etc_dir "${CMAKE_CURRENT_SOURCE_DIR}/common/etc") set(plugin_wrapper_lib_dir "${CMAKE_CURRENT_BINARY_DIR}") @@ -111,5 +117,6 @@ target_link_libraries(cunit_security_core PRIVATE ddsc security_api SecurityCore if(ENABLE_SSL) target_link_libraries(cunit_security_core PRIVATE dds_security_auth dds_security_ac dds_security_crypto dds_security_access_control_wrapper dds_security_authentication_wrapper dds_security_cryptography_wrapper) target_link_libraries(cunit_security_core PRIVATE OpenSSL::SSL) + target_link_libraries(cunit_security_core PRIVATE security_openssl) endif() target_include_directories(cunit_security_core PRIVATE "${CMAKE_CURRENT_BINARY_DIR}") diff --git a/src/security/core/tests/common/cert_utils.c b/src/security/core/tests/common/cert_utils.c index f2e7386..fbaf7a9 100644 --- a/src/security/core/tests/common/cert_utils.c +++ b/src/security/core/tests/common/cert_utils.c @@ -12,15 +12,10 @@ #include #include -#include -#include -#include -#include -#include -#include #include "dds/ddsrt/heap.h" #include "dds/ddsrt/string.h" +#include "dds/security/openssl_support.h" #include "CUnit/Test.h" #include "cert_utils.h" diff --git a/src/security/core/tests/common/security_config_test_utils.c b/src/security/core/tests/common/security_config_test_utils.c index ea8158b..bde2eee 100644 --- a/src/security/core/tests/common/security_config_test_utils.c +++ b/src/security/core/tests/common/security_config_test_utils.c @@ -12,12 +12,6 @@ #include #include -#include -#include -#include -#include -#include -#include #include "CUnit/Test.h" #include "dds/dds.h" @@ -26,6 +20,7 @@ #include "dds/ddsrt/heap.h" #include "dds/ddsrt/string.h" #include "dds/ddsrt/io.h" +#include "dds/security/openssl_support.h" #include "common/config_env.h" #include "common/test_utils.h" #include "security_config_test_utils.h" @@ -160,6 +155,8 @@ static char * get_xml_datetime(dds_time_t t, char * buf, size_t len) static char * smime_sign(char * ca_cert_path, char * ca_priv_key_path, const char * data) { + dds_openssl_init (); + // Read CA certificate BIO *ca_cert_bio = BIO_new (BIO_s_file ()); if (BIO_read_filename (ca_cert_bio, ca_cert_path) <= 0) diff --git a/src/security/openssl/CMakeLists.txt b/src/security/openssl/CMakeLists.txt new file mode 100644 index 0000000..ebcbfc9 --- /dev/null +++ b/src/security/openssl/CMakeLists.txt @@ -0,0 +1,21 @@ +# +# Copyright(c) 2020 ADLINK Technology Limited and others +# +# This program and the accompanying materials are made available under the +# terms of the Eclipse Public License v. 2.0 which is available at +# http://www.eclipse.org/legal/epl-2.0, or the Eclipse Distribution License +# v. 1.0 which is available at +# http://www.eclipse.org/org/documents/edl-v10.php. +# +# SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause +# + +add_library(security_openssl INTERFACE) + +target_sources(security_openssl INTERFACE + "${CMAKE_CURRENT_SOURCE_DIR}/src/openssl_support.c") + +target_include_directories( + security_openssl INTERFACE + "$" +) diff --git a/src/security/openssl/include/dds/security/openssl_support.h b/src/security/openssl/include/dds/security/openssl_support.h new file mode 100644 index 0000000..a6cf7d8 --- /dev/null +++ b/src/security/openssl/include/dds/security/openssl_support.h @@ -0,0 +1,80 @@ +/* + * Copyright(c) 2020 ADLINK Technology Limited and others + * + * This program and the accompanying materials are made available under the + * terms of the Eclipse Public License v. 2.0 which is available at + * http://www.eclipse.org/legal/epl-2.0, or the Eclipse Distribution License + * v. 1.0 which is available at + * http://www.eclipse.org/org/documents/edl-v10.php. + * + * SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause + */ + +#ifndef DDS_OPENSSL_SUPPORT_H +#define DDS_OPENSSL_SUPPORT_H + +#include "dds/security/dds_security_api_types.h" + +/* There's OpenSSL 1.1.x and there's OpenSSL 1.0.2 and the difference is like + night and day: 1.1.0 deprecated all the initialization and cleanup routines + and so any library can link with OpenSSL and use it safely without breaking + the application code or some other library in the same process. + + OpenSSL 1.0.2h deprecated the cleanup functions such as EVP_cleanup because + calling the initialisation functions multiple times was survivable, but an + premature invocation of the cleanup functions deadly. It still has the per- + thread error state that one ought to clean up, but that firstly requires + keeping track of which threads make OpenSSL calls, and secondly we do + perform OpenSSL calls on the applications main-thread and so cleaning up + might interfere with the application code. + + Compatibility with 1.0.2 exists merely as a courtesy to those who insist on + using it with that problematic piece of code. We only initialise it, and we + don't clean up thread state. If Cyclone DDS is the only part of the process + that uses OpenSSL, it should be ok (just some some minor leaks at the end), + if the application code or another library also uses it, it'll probably be + fine too. */ + +#ifdef _WIN32 +/* WinSock2 must be included before openssl 1.0.2 headers otherwise winsock will be used */ +#include +#endif + +#include +#include +#include +#include +#include + +#if OPENSSL_VERSION_NUMBER >= 0x1000200fL +#define AUTH_INCLUDE_EC +#include +#if OPENSSL_VERSION_NUMBER >= 0x10100000L +#define AUTH_INCLUDE_DH_ACCESSORS +#endif +#else +#error "OpenSSL version is not supported" +#endif + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +void dds_openssl_init (void); + +#if OPENSSL_VERSION_NUMBER < 0x10100000L +/* 1.1.0 has it as a supported API. 1.0.2 has it in practice and since that has been + obsolete for ages, chances are that we can safely use it */ +struct tm *OPENSSL_gmtime(const time_t *timer, struct tm *result); +#endif + +void DDS_Security_Exception_set_with_openssl_error (DDS_Security_SecurityException *ex, const char *context, int code, int minor_code, const char *error_area); + +#endif diff --git a/src/security/openssl/src/openssl_support.c b/src/security/openssl/src/openssl_support.c new file mode 100644 index 0000000..a212439 --- /dev/null +++ b/src/security/openssl/src/openssl_support.c @@ -0,0 +1,127 @@ +/* + * Copyright(c) 2020 ADLINK Technology Limited and others + * + * This program and the accompanying materials are made available under the + * terms of the Eclipse Public License v. 2.0 which is available at + * http://www.eclipse.org/legal/epl-2.0, or the Eclipse Distribution License + * v. 1.0 which is available at + * http://www.eclipse.org/org/documents/edl-v10.php. + * + * SPDX-License-Identifier: EPL-2.0 OR BSD-3-Clause + */ +#include +#include "dds/ddsrt/heap.h" +#include "dds/ddsrt/sync.h" +#include "dds/ddsrt/misc.h" +#include "dds/ddsrt/string.h" +#include "dds/ddsrt/threads.h" +#include "dds/ddsrt/atomics.h" +#include "dds/security/core/dds_security_utils.h" +#include "dds/security/openssl_support.h" + +#if OPENSSL_VERSION_NUMBER < 0x10100000L +static unsigned long ssl_id (void) +{ + return (unsigned long) ddsrt_gettid (); +} + +typedef struct CRYPTO_dynlock_value { + ddsrt_mutex_t m_mutex; +} CRYPTO_dynlock_value; + +CRYPTO_dynlock_value *dds_openssl102_ssl_locks = NULL; + +static void ssl_dynlock_lock (int mode, CRYPTO_dynlock_value *lock, const char *file, int line) +{ + (void) file; + (void) line; + if (mode & CRYPTO_LOCK) + ddsrt_mutex_lock (&lock->m_mutex); + else + ddsrt_mutex_unlock (&lock->m_mutex); +} + +static void ssl_lock (int mode, int n, const char *file, int line) +{ + ssl_dynlock_lock (mode, &dds_openssl102_ssl_locks[n], file, line); +} + +static CRYPTO_dynlock_value *ssl_dynlock_create (const char *file, int line) +{ + (void) file; + (void) line; + CRYPTO_dynlock_value *val = ddsrt_malloc (sizeof (*val)); + ddsrt_mutex_init (&val->m_mutex); + return val; +} + +static void ssl_dynlock_destroy (CRYPTO_dynlock_value *lock, const char *file, int line) +{ + (void) file; + (void) line; + ddsrt_mutex_destroy (&lock->m_mutex); + ddsrt_free (lock); +} + +void dds_openssl_init (void) +{ + // This is terribly fragile and broken-by-design, but with OpenSSL sometimes + // linked dynamically and sometimes linked statically, with Windows and Unix + // in the mix, this appears to be the compromise that makes it work reliably + // enough ... + if (CRYPTO_get_id_callback () == 0) + { + CRYPTO_set_id_callback (ssl_id); + CRYPTO_set_locking_callback (ssl_lock); + CRYPTO_set_dynlock_create_callback (ssl_dynlock_create); + CRYPTO_set_dynlock_lock_callback (ssl_dynlock_lock); + CRYPTO_set_dynlock_destroy_callback (ssl_dynlock_destroy); + + if (dds_openssl102_ssl_locks == NULL) + { + const int locks = CRYPTO_num_locks (); + assert (locks >= 0); + dds_openssl102_ssl_locks = ddsrt_malloc (sizeof (CRYPTO_dynlock_value) * (size_t) locks); + for (int i = 0; i < locks; i++) + ddsrt_mutex_init (&dds_openssl102_ssl_locks[i].m_mutex); + } + + OpenSSL_add_all_algorithms (); + OpenSSL_add_all_ciphers (); + OpenSSL_add_all_digests (); + ERR_load_BIO_strings (); + ERR_load_crypto_strings (); + } +} +#else +void dds_openssl_init (void) +{ + // nothing needed for OpenSSL 1.1.0 and later +} +#endif + +void DDS_Security_Exception_set_with_openssl_error (DDS_Security_SecurityException *ex, const char *context, int code, int minor_code, const char *error_area) +{ + BIO *bio; + assert (context); + assert (error_area); + assert (ex); + DDSRT_UNUSED_ARG (context); + + if ((bio = BIO_new (BIO_s_mem ()))) { + ERR_print_errors (bio); + char *buf = NULL; + size_t len = (size_t) BIO_get_mem_data (bio, &buf); + size_t exception_msg_len = len + strlen (error_area) + 1; + char *str = ddsrt_malloc (exception_msg_len); + ddsrt_strlcpy (str, error_area, exception_msg_len); + memcpy (str + strlen (error_area), buf, len); + str[exception_msg_len - 1] = '\0'; + ex->message = str; + ex->code = code; + ex->minor_code = minor_code; + BIO_free (bio); + } else { + DDS_Security_Exception_set (ex, context, code, minor_code, "BIO_new failed"); + } +}