OpenSSL 1.0.2 compatibility
This addresses a number of issues with building Cyclone DDS including DDS Security while using OpenSSL 1.0.2. Compatibility with 1.0.2 is a courtesy towards those who are unable to move to 1.1.x or later because of other libraries. * On Windows, one must include Winsock2.h prior to including the OpenSSL header files, or it'll pull in incompatible definitions from Winsock.h and that breaks some of the files. * OpenSSL 1.0.2 requires initializing the library (or more particular, loading all the required algorithms) but this is no longer needed in OpenSSL 1.1.x. It ends up being needed in a few places and having tons of essentially dead initialization code lying around is unpleasant. Hence this has been consolidated in a single function and protected with ddsrt_once(). * One ought to undo the above initialization on 1.0.2g and older, but it is impossible to know whether that can safely be done from a library. This is also the reason OpenSSL deprecated all the initialization and cleanup interfaces. So if one insists on trying it with such an old version, let there be some leaks. * Thread state cleanup is sort-of required prior 1.1.0, but that suffers from the same problems; we'd have to do per-thread cleanup code for OpenSSL for any thread that could call into it (which is pretty much any thread). So once again, people should just use 1.1.0 or newer. * There are some interfaces added in 1.1.0 that we use, but a few small workarounds those can be made to work on 1.0.2 as well. These also were replicated in a number of places and consolidated by this commit. Signed-off-by: Erik Boasson <eb@ilities.com>
This commit is contained in:
Erik Boasson
eboasson
parent
cc8308819d
commit
6a9ebf88eb
62 changed files with 380 additions and 504 deletions
|
|
@ -17,6 +17,7 @@
|
|||
#include <stdarg.h>
|
||||
#include <stdint.h>
|
||||
#include <stdbool.h>
|
||||
|
||||
#include "dds/export.h"
|
||||
#include "dds/ddsrt/strtol.h"
|
||||
#include "dds/ddsrt/time.h"
|
||||
|
|
@ -280,17 +281,6 @@ DDS_Security_Exception_set(
|
|||
const char *fmt,
|
||||
...);
|
||||
|
||||
|
||||
#ifdef DDSI_INCLUDE_SSL
|
||||
DDS_EXPORT void
|
||||
DDS_Security_Exception_set_with_openssl_error(
|
||||
DDS_Security_SecurityException *ex,
|
||||
const char *context,
|
||||
int code,
|
||||
int minor_code,
|
||||
const char *fmt);
|
||||
#endif
|
||||
|
||||
DDS_EXPORT void
|
||||
DDS_Security_Exception_reset(
|
||||
DDS_Security_SecurityException *ex);
|
||||
|
|
|
|||
|
|
@ -13,19 +13,14 @@
|
|||
#include <assert.h>
|
||||
#include <string.h>
|
||||
#include <stdarg.h>
|
||||
#include <stdlib.h>
|
||||
#include <stdio.h>
|
||||
|
||||
#include "dds/ddsrt/string.h"
|
||||
#include "dds/ddsrt/misc.h"
|
||||
#include "dds/security/dds_security_api.h"
|
||||
#include "dds/security/core/dds_security_utils.h"
|
||||
#include "dds/ddsrt/heap.h"
|
||||
#include "stdlib.h"
|
||||
#include "stdarg.h"
|
||||
#include "dds/ddsrt/string.h"
|
||||
#include "dds/ddsrt/misc.h"
|
||||
|
||||
#ifdef DDSI_INCLUDE_SSL
|
||||
#include <openssl/bio.h>
|
||||
#include <openssl/err.h>
|
||||
#endif
|
||||
|
||||
DDS_Security_BinaryProperty_t *
|
||||
DDS_Security_BinaryProperty_alloc (void)
|
||||
|
|
@ -805,40 +800,6 @@ void DDS_Security_Exception_set (DDS_Security_SecurityException *ex, const char
|
|||
va_end(args1);
|
||||
}
|
||||
|
||||
#ifdef DDSI_INCLUDE_SSL
|
||||
DDS_EXPORT void
|
||||
DDS_Security_Exception_set_with_openssl_error(
|
||||
DDS_Security_SecurityException *ex,
|
||||
const char *context,
|
||||
int code,
|
||||
int minor_code,
|
||||
const char *error_area)
|
||||
{
|
||||
BIO *bio;
|
||||
assert(context);
|
||||
assert(error_area);
|
||||
assert(ex);
|
||||
DDSRT_UNUSED_ARG(context);
|
||||
|
||||
if ((bio = BIO_new(BIO_s_mem()))) {
|
||||
ERR_print_errors(bio);
|
||||
char *buf = NULL;
|
||||
size_t len = (size_t)BIO_get_mem_data(bio, &buf);
|
||||
size_t exception_msg_len = len + strlen(error_area) + 1;
|
||||
char *str = ddsrt_malloc(exception_msg_len);
|
||||
ddsrt_strlcpy(str, error_area, exception_msg_len);
|
||||
memcpy(str + strlen(error_area), buf, len);
|
||||
str[exception_msg_len - 1] = '\0';
|
||||
ex->message = str;
|
||||
ex->code = code;
|
||||
ex->minor_code = minor_code;
|
||||
BIO_free(bio);
|
||||
} else {
|
||||
DDS_Security_Exception_set(ex, context, code, minor_code, "BIO_new failed");
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
||||
void
|
||||
DDS_Security_Exception_reset(
|
||||
DDS_Security_SecurityException *ex)
|
||||
|
|
|
|||
|
|
@ -102,6 +102,12 @@ target_include_directories(
|
|||
"$<BUILD_INTERFACE:${CMAKE_CURRENT_SOURCE_DIR}/../../../core/ddsi/include>"
|
||||
"$<BUILD_INTERFACE:${CMAKE_CURRENT_SOURCE_DIR}/../../../core/ddsc/src>"
|
||||
)
|
||||
if(ENABLE_SSL)
|
||||
target_include_directories(
|
||||
cunit_security_core PRIVATE
|
||||
"$<BUILD_INTERFACE:$<TARGET_PROPERTY:security_openssl,INTERFACE_INCLUDE_DIRECTORIES>>"
|
||||
)
|
||||
endif()
|
||||
|
||||
set(common_etc_dir "${CMAKE_CURRENT_SOURCE_DIR}/common/etc")
|
||||
set(plugin_wrapper_lib_dir "${CMAKE_CURRENT_BINARY_DIR}")
|
||||
|
|
@ -111,5 +117,6 @@ target_link_libraries(cunit_security_core PRIVATE ddsc security_api SecurityCore
|
|||
if(ENABLE_SSL)
|
||||
target_link_libraries(cunit_security_core PRIVATE dds_security_auth dds_security_ac dds_security_crypto dds_security_access_control_wrapper dds_security_authentication_wrapper dds_security_cryptography_wrapper)
|
||||
target_link_libraries(cunit_security_core PRIVATE OpenSSL::SSL)
|
||||
target_link_libraries(cunit_security_core PRIVATE security_openssl)
|
||||
endif()
|
||||
target_include_directories(cunit_security_core PRIVATE "${CMAKE_CURRENT_BINARY_DIR}")
|
||||
|
|
|
|||
|
|
@ -12,15 +12,10 @@
|
|||
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include <openssl/asn1.h>
|
||||
#include <openssl/bio.h>
|
||||
#include <openssl/conf.h>
|
||||
#include <openssl/err.h>
|
||||
#include <openssl/pem.h>
|
||||
#include <openssl/x509.h>
|
||||
|
||||
#include "dds/ddsrt/heap.h"
|
||||
#include "dds/ddsrt/string.h"
|
||||
#include "dds/security/openssl_support.h"
|
||||
#include "CUnit/Test.h"
|
||||
#include "cert_utils.h"
|
||||
|
||||
|
|
|
|||
|
|
@ -12,12 +12,6 @@
|
|||
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
#include <openssl/asn1.h>
|
||||
#include <openssl/bio.h>
|
||||
#include <openssl/conf.h>
|
||||
#include <openssl/err.h>
|
||||
#include <openssl/pem.h>
|
||||
#include <openssl/x509.h>
|
||||
|
||||
#include "CUnit/Test.h"
|
||||
#include "dds/dds.h"
|
||||
|
|
@ -26,6 +20,7 @@
|
|||
#include "dds/ddsrt/heap.h"
|
||||
#include "dds/ddsrt/string.h"
|
||||
#include "dds/ddsrt/io.h"
|
||||
#include "dds/security/openssl_support.h"
|
||||
#include "common/config_env.h"
|
||||
#include "common/test_utils.h"
|
||||
#include "security_config_test_utils.h"
|
||||
|
|
@ -160,6 +155,8 @@ static char * get_xml_datetime(dds_time_t t, char * buf, size_t len)
|
|||
|
||||
static char * smime_sign(char * ca_cert_path, char * ca_priv_key_path, const char * data)
|
||||
{
|
||||
dds_openssl_init ();
|
||||
|
||||
// Read CA certificate
|
||||
BIO *ca_cert_bio = BIO_new (BIO_s_file ());
|
||||
if (BIO_read_filename (ca_cert_bio, ca_cert_path) <= 0)
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue