Add support for OpenSSL 3

2022-06-05 15:29:20 +02:00 · 2022-06-05 15:29:20 +02:00 · 4f288f4e24
parent 3d4e6e3918
commit 4f288f4e24
4 changed files with 54 additions and 1 deletions
--- a/include/libgourou_common.h
+++ b/include/libgourou_common.h
@ -114,7 +114,8 @@ namespace gourou
 	CLIENT_GENERIC_EXCEPTION,
 	CLIENT_NETWORK_ERROR,
 	CLIENT_INVALID_PKCS8,
-	CLIENT_FILE_ERROR
+	CLIENT_FILE_ERROR,
+	CLIENT_OSSL_ERROR,
    };

    enum DRM_REMOVAL_ERROR {
--- a/utils/Makefile
+++ b/utils/Makefile
@ -3,6 +3,9 @@ TARGETS=acsmdownloader adept_activate adept_remove adept_loan_mgt

 CXXFLAGS=-Wall -fPIC -I$(ROOT)/include -I$(ROOT)/lib/pugixml/src/

+# OpenSSL 1.1.0 compat
+CXXFLAGS += -DOPENSSL_API_COMPAT=0x10100000L
+
 STATIC_DEP=
 LDFLAGS=-L$(ROOT) -lcrypto -lzip -lz -lcurl

--- a/utils/drmprocessorclientimpl.cpp
+++ b/utils/drmprocessorclientimpl.cpp
@ -35,6 +35,8 @@
 #include <openssl/pkcs12.h>
 #include <openssl/evp.h>
 #include <openssl/err.h>
+#include <openssl/rsa.h>
+#include <openssl/bn.h>

 #include <curl/curl.h>

@ -45,6 +47,31 @@
 #include <libgourou_log.h>
 #include "drmprocessorclientimpl.h"

+DRMProcessorClientImpl::DRMProcessorClientImpl():
+    legacy(0), deflt(0)
+{
+#if OPENSSL_VERSION_MAJOR >= 3
+    legacy = OSSL_PROVIDER_load(NULL, "legacy");
+    if (!legacy)
+	EXCEPTION(gourou::CLIENT_OSSL_ERROR, "Error, OpenSSL legacy provider not available");
+
+    deflt = OSSL_PROVIDER_load(NULL, "default");
+    if (!deflt)
+	EXCEPTION(gourou::CLIENT_OSSL_ERROR, "Error, OpenSSL default provider not available");
+#endif
+}
+
+DRMProcessorClientImpl::~DRMProcessorClientImpl()
+{
+#if OPENSSL_VERSION_MAJOR >= 3
+    if (legacy)
+	OSSL_PROVIDER_unload(legacy);
+
+    if (deflt)
+	OSSL_PROVIDER_unload(deflt);
+#endif
+}
+
 /* Digest interface */
 void* DRMProcessorClientImpl::createDigest(const std::string& digestName)
 {
@ -289,7 +316,12 @@ void DRMProcessorClientImpl::RSAPrivateEncrypt(const unsigned char* RSAKey, unsi
    pkcs12 = d2i_PKCS12(NULL, &RSAKey, RSAKeyLength);
    if (!pkcs12)
 	EXCEPTION(gourou::CLIENT_INVALID_PKCS12, ERR_error_string(ERR_get_error(), NULL));
+
    PKCS12_parse(pkcs12, password.c_str(), &pkey, &cert, &ca);
+
+    if (!pkey)
+	EXCEPTION(gourou::CLIENT_INVALID_PKCS12, ERR_error_string(ERR_get_error(), NULL));
+
    rsa = EVP_PKEY_get1_RSA(pkey);

    int ret = RSA_private_encrypt(dataLength, data, res, rsa, RSA_PKCS1_PADDING);
@ -413,6 +445,9 @@ void DRMProcessorClientImpl::extractCertificate(const unsigned char* RSAKey, uns
 	EXCEPTION(gourou::CLIENT_INVALID_PKCS12, ERR_error_string(ERR_get_error(), NULL));
    PKCS12_parse(pkcs12, password.c_str(), &pkey, &cert, &ca);

+    if (!cert)
+	EXCEPTION(gourou::CLIENT_INVALID_PKCS12, ERR_error_string(ERR_get_error(), NULL));
+
    *certOutLength = i2d_X509(cert, certOut);

    EVP_PKEY_free(pkey);
--- a/utils/drmprocessorclientimpl.h
+++ b/utils/drmprocessorclientimpl.h
@ -31,11 +31,18 @@

 #include <string>

+#if OPENSSL_VERSION_MAJOR >= 3
+#include <openssl/provider.h>
+#endif
+
 #include <drmprocessorclient.h>

 class DRMProcessorClientImpl : public gourou::DRMProcessorClient
 {
 public:
+    DRMProcessorClientImpl();
+    ~DRMProcessorClientImpl();
+    
    /* Digest interface */
    virtual void* createDigest(const std::string& digestName);
    virtual int digestUpdate(void* handler, unsigned char* data, unsigned int length);
@ -118,6 +125,13 @@ public:
 	
    virtual void deflate(gourou::ByteArray& data, gourou::ByteArray& result,
 			 int wbits=-15, int compressionLevel=8);
+
+private:
+#if OPENSSL_VERSION_MAJOR >= 3
+    OSSL_PROVIDER *legacy, *deflt;
+#else
+    void *legacy, *deflt;
+#endif
 };

 #endif