mirror of
https://github.com/systemd/systemd-stable.git
synced 2024-12-23 17:34:00 +03:00
openssl: supress warnings about functions deprecated by openssl 3.0
We get warnings for RSA_free(), EC_KEY_free(), EC_KEY_new(), etc. Those functions are now deprecated and we're supposed to use the new "EVP API" that is all the rage in openssl 3.0. With some effort I converted dnssec_rsa_verify_raw() to use the new API. The code is significantly longer and, if anything, less readable. The EC code is more complicated and I assume that the EVP API version will be even more complex. It is possiblet that I'm missing some way to call the new functions in a better way, but the documentation is abysmal, so it's really hard to figure out the best way. Of course there are almost no examples, and the ones that are there are not terribly useful and are also stubs that don't do interesting things, don't implement error handling, or memory cleanup. I'll submit my conversion draft as a separate PR. Maybe somebody who knows openssl better will pick it up and write a proper solution. For now, let's just use the existing code, but suppress the warnings. The new version just came out, so it's unlikely that the deprecated functions will be removed any time soon. Fixes #21666.
This commit is contained in:
parent
ab8a8a4e77
commit
acfdfb8620
@ -13,6 +13,14 @@
|
|||||||
#include "sort-util.h"
|
#include "sort-util.h"
|
||||||
#include "string-table.h"
|
#include "string-table.h"
|
||||||
|
|
||||||
|
#if PREFER_OPENSSL
|
||||||
|
# pragma GCC diagnostic push
|
||||||
|
# pragma GCC diagnostic ignored "-Wdeprecated-declarations"
|
||||||
|
DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(RSA*, RSA_free, NULL);
|
||||||
|
DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(EC_KEY*, EC_KEY_free, NULL);
|
||||||
|
# pragma GCC diagnostic pop
|
||||||
|
#endif
|
||||||
|
|
||||||
#define VERIFY_RRS_MAX 256
|
#define VERIFY_RRS_MAX 256
|
||||||
#define MAX_KEY_SIZE (32*1024)
|
#define MAX_KEY_SIZE (32*1024)
|
||||||
|
|
||||||
@ -88,13 +96,15 @@ static int dnssec_rsa_verify_raw(
|
|||||||
const void *data, size_t data_size,
|
const void *data, size_t data_size,
|
||||||
const void *exponent, size_t exponent_size,
|
const void *exponent, size_t exponent_size,
|
||||||
const void *modulus, size_t modulus_size) {
|
const void *modulus, size_t modulus_size) {
|
||||||
|
int r;
|
||||||
|
|
||||||
#if PREFER_OPENSSL
|
#if PREFER_OPENSSL
|
||||||
|
# pragma GCC diagnostic push
|
||||||
|
# pragma GCC diagnostic ignored "-Wdeprecated-declarations"
|
||||||
_cleanup_(RSA_freep) RSA *rpubkey = NULL;
|
_cleanup_(RSA_freep) RSA *rpubkey = NULL;
|
||||||
_cleanup_(EVP_PKEY_freep) EVP_PKEY *epubkey = NULL;
|
_cleanup_(EVP_PKEY_freep) EVP_PKEY *epubkey = NULL;
|
||||||
_cleanup_(EVP_PKEY_CTX_freep) EVP_PKEY_CTX *ctx = NULL;
|
_cleanup_(EVP_PKEY_CTX_freep) EVP_PKEY_CTX *ctx = NULL;
|
||||||
_cleanup_(BN_freep) BIGNUM *e = NULL, *m = NULL;
|
_cleanup_(BN_freep) BIGNUM *e = NULL, *m = NULL;
|
||||||
int r;
|
|
||||||
|
|
||||||
assert(hash_algorithm);
|
assert(hash_algorithm);
|
||||||
|
|
||||||
@ -141,13 +151,11 @@ static int dnssec_rsa_verify_raw(
|
|||||||
return log_debug_errno(SYNTHETIC_ERRNO(EIO),
|
return log_debug_errno(SYNTHETIC_ERRNO(EIO),
|
||||||
"Signature verification failed: 0x%lx", ERR_get_error());
|
"Signature verification failed: 0x%lx", ERR_get_error());
|
||||||
|
|
||||||
return r;
|
# pragma GCC diagnostic pop
|
||||||
|
|
||||||
#else
|
#else
|
||||||
gcry_sexp_t public_key_sexp = NULL, data_sexp = NULL, signature_sexp = NULL;
|
gcry_sexp_t public_key_sexp = NULL, data_sexp = NULL, signature_sexp = NULL;
|
||||||
gcry_mpi_t n = NULL, e = NULL, s = NULL;
|
gcry_mpi_t n = NULL, e = NULL, s = NULL;
|
||||||
gcry_error_t ge;
|
gcry_error_t ge;
|
||||||
int r;
|
|
||||||
|
|
||||||
assert(hash_algorithm);
|
assert(hash_algorithm);
|
||||||
|
|
||||||
@ -223,9 +231,8 @@ finish:
|
|||||||
gcry_sexp_release(signature_sexp);
|
gcry_sexp_release(signature_sexp);
|
||||||
if (data_sexp)
|
if (data_sexp)
|
||||||
gcry_sexp_release(data_sexp);
|
gcry_sexp_release(data_sexp);
|
||||||
|
|
||||||
return r;
|
|
||||||
#endif
|
#endif
|
||||||
|
return r;
|
||||||
}
|
}
|
||||||
|
|
||||||
static int dnssec_rsa_verify(
|
static int dnssec_rsa_verify(
|
||||||
@ -291,15 +298,17 @@ static int dnssec_ecdsa_verify_raw(
|
|||||||
const void *signature_s, size_t signature_s_size,
|
const void *signature_s, size_t signature_s_size,
|
||||||
const void *data, size_t data_size,
|
const void *data, size_t data_size,
|
||||||
const void *key, size_t key_size) {
|
const void *key, size_t key_size) {
|
||||||
|
int k;
|
||||||
|
|
||||||
#if PREFER_OPENSSL
|
#if PREFER_OPENSSL
|
||||||
|
# pragma GCC diagnostic push
|
||||||
|
# pragma GCC diagnostic ignored "-Wdeprecated-declarations"
|
||||||
_cleanup_(EC_GROUP_freep) EC_GROUP *ec_group = NULL;
|
_cleanup_(EC_GROUP_freep) EC_GROUP *ec_group = NULL;
|
||||||
_cleanup_(EC_POINT_freep) EC_POINT *p = NULL;
|
_cleanup_(EC_POINT_freep) EC_POINT *p = NULL;
|
||||||
_cleanup_(EC_KEY_freep) EC_KEY *eckey = NULL;
|
_cleanup_(EC_KEY_freep) EC_KEY *eckey = NULL;
|
||||||
_cleanup_(BN_CTX_freep) BN_CTX *bctx = NULL;
|
_cleanup_(BN_CTX_freep) BN_CTX *bctx = NULL;
|
||||||
_cleanup_(BN_freep) BIGNUM *r = NULL, *s = NULL;
|
_cleanup_(BN_freep) BIGNUM *r = NULL, *s = NULL;
|
||||||
_cleanup_(ECDSA_SIG_freep) ECDSA_SIG *sig = NULL;
|
_cleanup_(ECDSA_SIG_freep) ECDSA_SIG *sig = NULL;
|
||||||
int k;
|
|
||||||
|
|
||||||
assert(hash_algorithm);
|
assert(hash_algorithm);
|
||||||
|
|
||||||
@ -354,13 +363,11 @@ static int dnssec_ecdsa_verify_raw(
|
|||||||
return log_debug_errno(SYNTHETIC_ERRNO(EIO),
|
return log_debug_errno(SYNTHETIC_ERRNO(EIO),
|
||||||
"Signature verification failed: 0x%lx", ERR_get_error());
|
"Signature verification failed: 0x%lx", ERR_get_error());
|
||||||
|
|
||||||
return k;
|
# pragma GCC diagnostic pop
|
||||||
|
|
||||||
#else
|
#else
|
||||||
gcry_sexp_t public_key_sexp = NULL, data_sexp = NULL, signature_sexp = NULL;
|
gcry_sexp_t public_key_sexp = NULL, data_sexp = NULL, signature_sexp = NULL;
|
||||||
gcry_mpi_t q = NULL, r = NULL, s = NULL;
|
gcry_mpi_t q = NULL, r = NULL, s = NULL;
|
||||||
gcry_error_t ge;
|
gcry_error_t ge;
|
||||||
int k;
|
|
||||||
|
|
||||||
assert(hash_algorithm);
|
assert(hash_algorithm);
|
||||||
|
|
||||||
@ -435,9 +442,8 @@ finish:
|
|||||||
gcry_sexp_release(signature_sexp);
|
gcry_sexp_release(signature_sexp);
|
||||||
if (data_sexp)
|
if (data_sexp)
|
||||||
gcry_sexp_release(data_sexp);
|
gcry_sexp_release(data_sexp);
|
||||||
|
|
||||||
return k;
|
|
||||||
#endif
|
#endif
|
||||||
|
return k;
|
||||||
}
|
}
|
||||||
|
|
||||||
static int dnssec_ecdsa_verify(
|
static int dnssec_ecdsa_verify(
|
||||||
|
@ -17,8 +17,6 @@ DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(X509_NAME*, X509_NAME_free, NULL);
|
|||||||
DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(EVP_PKEY_CTX*, EVP_PKEY_CTX_free, NULL);
|
DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(EVP_PKEY_CTX*, EVP_PKEY_CTX_free, NULL);
|
||||||
DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(EVP_PKEY*, EVP_PKEY_free, NULL);
|
DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(EVP_PKEY*, EVP_PKEY_free, NULL);
|
||||||
DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(EVP_CIPHER_CTX*, EVP_CIPHER_CTX_free, NULL);
|
DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(EVP_CIPHER_CTX*, EVP_CIPHER_CTX_free, NULL);
|
||||||
DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(RSA*, RSA_free, NULL);
|
|
||||||
DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(EC_KEY*, EC_KEY_free, NULL);
|
|
||||||
DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(EC_POINT*, EC_POINT_free, NULL);
|
DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(EC_POINT*, EC_POINT_free, NULL);
|
||||||
DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(EC_GROUP*, EC_GROUP_free, NULL);
|
DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(EC_GROUP*, EC_GROUP_free, NULL);
|
||||||
DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(BIGNUM*, BN_free, NULL);
|
DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(BIGNUM*, BN_free, NULL);
|
||||||
|
Loading…
Reference in New Issue
Block a user