1
1
mirror of https://github.com/systemd/systemd-stable.git synced 2025-01-11 05:17:44 +03:00

openssl: supress warnings about functions deprecated by openssl 3.0

We get warnings for RSA_free(), EC_KEY_free(), EC_KEY_new(), etc. Those
functions are now deprecated and we're supposed to use the new "EVP API" that
is all the rage in openssl 3.0.

With some effort I converted dnssec_rsa_verify_raw() to use the new API.  The
code is significantly longer and, if anything, less readable. The EC code is
more complicated and I assume that the EVP API version will be even more
complex. It is possiblet that I'm missing some way to call the new functions in
a better way, but the documentation is abysmal, so it's really hard to figure
out the best way. Of course there are almost no examples, and the ones that are
there are not terribly useful and are also stubs that don't do interesting
things, don't implement error handling, or memory cleanup. I'll submit my
conversion draft as a separate PR. Maybe somebody who knows openssl better
will pick it up and write a proper solution.

For now, let's just use the existing code, but suppress the warnings. The
new version just came out, so it's unlikely that the deprecated functions will
be removed any time soon.

Fixes #21666.
This commit is contained in:
Zbigniew Jędrzejewski-Szmek 2021-12-09 09:54:02 +01:00
parent ab8a8a4e77
commit acfdfb8620
2 changed files with 18 additions and 14 deletions

View File

@ -13,6 +13,14 @@
#include "sort-util.h" #include "sort-util.h"
#include "string-table.h" #include "string-table.h"
#if PREFER_OPENSSL
# pragma GCC diagnostic push
# pragma GCC diagnostic ignored "-Wdeprecated-declarations"
DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(RSA*, RSA_free, NULL);
DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(EC_KEY*, EC_KEY_free, NULL);
# pragma GCC diagnostic pop
#endif
#define VERIFY_RRS_MAX 256 #define VERIFY_RRS_MAX 256
#define MAX_KEY_SIZE (32*1024) #define MAX_KEY_SIZE (32*1024)
@ -88,13 +96,15 @@ static int dnssec_rsa_verify_raw(
const void *data, size_t data_size, const void *data, size_t data_size,
const void *exponent, size_t exponent_size, const void *exponent, size_t exponent_size,
const void *modulus, size_t modulus_size) { const void *modulus, size_t modulus_size) {
int r;
#if PREFER_OPENSSL #if PREFER_OPENSSL
# pragma GCC diagnostic push
# pragma GCC diagnostic ignored "-Wdeprecated-declarations"
_cleanup_(RSA_freep) RSA *rpubkey = NULL; _cleanup_(RSA_freep) RSA *rpubkey = NULL;
_cleanup_(EVP_PKEY_freep) EVP_PKEY *epubkey = NULL; _cleanup_(EVP_PKEY_freep) EVP_PKEY *epubkey = NULL;
_cleanup_(EVP_PKEY_CTX_freep) EVP_PKEY_CTX *ctx = NULL; _cleanup_(EVP_PKEY_CTX_freep) EVP_PKEY_CTX *ctx = NULL;
_cleanup_(BN_freep) BIGNUM *e = NULL, *m = NULL; _cleanup_(BN_freep) BIGNUM *e = NULL, *m = NULL;
int r;
assert(hash_algorithm); assert(hash_algorithm);
@ -141,13 +151,11 @@ static int dnssec_rsa_verify_raw(
return log_debug_errno(SYNTHETIC_ERRNO(EIO), return log_debug_errno(SYNTHETIC_ERRNO(EIO),
"Signature verification failed: 0x%lx", ERR_get_error()); "Signature verification failed: 0x%lx", ERR_get_error());
return r; # pragma GCC diagnostic pop
#else #else
gcry_sexp_t public_key_sexp = NULL, data_sexp = NULL, signature_sexp = NULL; gcry_sexp_t public_key_sexp = NULL, data_sexp = NULL, signature_sexp = NULL;
gcry_mpi_t n = NULL, e = NULL, s = NULL; gcry_mpi_t n = NULL, e = NULL, s = NULL;
gcry_error_t ge; gcry_error_t ge;
int r;
assert(hash_algorithm); assert(hash_algorithm);
@ -223,9 +231,8 @@ finish:
gcry_sexp_release(signature_sexp); gcry_sexp_release(signature_sexp);
if (data_sexp) if (data_sexp)
gcry_sexp_release(data_sexp); gcry_sexp_release(data_sexp);
return r;
#endif #endif
return r;
} }
static int dnssec_rsa_verify( static int dnssec_rsa_verify(
@ -291,15 +298,17 @@ static int dnssec_ecdsa_verify_raw(
const void *signature_s, size_t signature_s_size, const void *signature_s, size_t signature_s_size,
const void *data, size_t data_size, const void *data, size_t data_size,
const void *key, size_t key_size) { const void *key, size_t key_size) {
int k;
#if PREFER_OPENSSL #if PREFER_OPENSSL
# pragma GCC diagnostic push
# pragma GCC diagnostic ignored "-Wdeprecated-declarations"
_cleanup_(EC_GROUP_freep) EC_GROUP *ec_group = NULL; _cleanup_(EC_GROUP_freep) EC_GROUP *ec_group = NULL;
_cleanup_(EC_POINT_freep) EC_POINT *p = NULL; _cleanup_(EC_POINT_freep) EC_POINT *p = NULL;
_cleanup_(EC_KEY_freep) EC_KEY *eckey = NULL; _cleanup_(EC_KEY_freep) EC_KEY *eckey = NULL;
_cleanup_(BN_CTX_freep) BN_CTX *bctx = NULL; _cleanup_(BN_CTX_freep) BN_CTX *bctx = NULL;
_cleanup_(BN_freep) BIGNUM *r = NULL, *s = NULL; _cleanup_(BN_freep) BIGNUM *r = NULL, *s = NULL;
_cleanup_(ECDSA_SIG_freep) ECDSA_SIG *sig = NULL; _cleanup_(ECDSA_SIG_freep) ECDSA_SIG *sig = NULL;
int k;
assert(hash_algorithm); assert(hash_algorithm);
@ -354,13 +363,11 @@ static int dnssec_ecdsa_verify_raw(
return log_debug_errno(SYNTHETIC_ERRNO(EIO), return log_debug_errno(SYNTHETIC_ERRNO(EIO),
"Signature verification failed: 0x%lx", ERR_get_error()); "Signature verification failed: 0x%lx", ERR_get_error());
return k; # pragma GCC diagnostic pop
#else #else
gcry_sexp_t public_key_sexp = NULL, data_sexp = NULL, signature_sexp = NULL; gcry_sexp_t public_key_sexp = NULL, data_sexp = NULL, signature_sexp = NULL;
gcry_mpi_t q = NULL, r = NULL, s = NULL; gcry_mpi_t q = NULL, r = NULL, s = NULL;
gcry_error_t ge; gcry_error_t ge;
int k;
assert(hash_algorithm); assert(hash_algorithm);
@ -435,9 +442,8 @@ finish:
gcry_sexp_release(signature_sexp); gcry_sexp_release(signature_sexp);
if (data_sexp) if (data_sexp)
gcry_sexp_release(data_sexp); gcry_sexp_release(data_sexp);
return k;
#endif #endif
return k;
} }
static int dnssec_ecdsa_verify( static int dnssec_ecdsa_verify(

View File

@ -17,8 +17,6 @@ DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(X509_NAME*, X509_NAME_free, NULL);
DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(EVP_PKEY_CTX*, EVP_PKEY_CTX_free, NULL); DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(EVP_PKEY_CTX*, EVP_PKEY_CTX_free, NULL);
DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(EVP_PKEY*, EVP_PKEY_free, NULL); DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(EVP_PKEY*, EVP_PKEY_free, NULL);
DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(EVP_CIPHER_CTX*, EVP_CIPHER_CTX_free, NULL); DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(EVP_CIPHER_CTX*, EVP_CIPHER_CTX_free, NULL);
DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(RSA*, RSA_free, NULL);
DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(EC_KEY*, EC_KEY_free, NULL);
DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(EC_POINT*, EC_POINT_free, NULL); DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(EC_POINT*, EC_POINT_free, NULL);
DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(EC_GROUP*, EC_GROUP_free, NULL); DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(EC_GROUP*, EC_GROUP_free, NULL);
DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(BIGNUM*, BN_free, NULL); DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(BIGNUM*, BN_free, NULL);