Add support for OpenSSL 3

2022-06-05 15:29:20 +02:00
parent 3d4e6e3918
commit 4f288f4e24
4 changed files with 54 additions and 1 deletions
--- a/utils/drmprocessorclientimpl.cpp
+++ b/utils/drmprocessorclientimpl.cpp
@@ -35,6 +35,8 @@
 #include <openssl/pkcs12.h>
 #include <openssl/evp.h>
 #include <openssl/err.h>
+#include <openssl/rsa.h>
+#include <openssl/bn.h>

 #include <curl/curl.h>

@@ -45,6 +47,31 @@
 #include <libgourou_log.h>
 #include "drmprocessorclientimpl.h"

+DRMProcessorClientImpl::DRMProcessorClientImpl():
+    legacy(0), deflt(0)
+{
+#if OPENSSL_VERSION_MAJOR >= 3
+    legacy = OSSL_PROVIDER_load(NULL, "legacy");
+    if (!legacy)
+	EXCEPTION(gourou::CLIENT_OSSL_ERROR, "Error, OpenSSL legacy provider not available");
+
+    deflt = OSSL_PROVIDER_load(NULL, "default");
+    if (!deflt)
+	EXCEPTION(gourou::CLIENT_OSSL_ERROR, "Error, OpenSSL default provider not available");
+#endif
+}
+
+DRMProcessorClientImpl::~DRMProcessorClientImpl()
+{
+#if OPENSSL_VERSION_MAJOR >= 3
+    if (legacy)
+	OSSL_PROVIDER_unload(legacy);
+
+    if (deflt)
+	OSSL_PROVIDER_unload(deflt);
+#endif
+}
+
 /* Digest interface */
 void* DRMProcessorClientImpl::createDigest(const std::string& digestName)
 {
@@ -289,7 +316,12 @@ void DRMProcessorClientImpl::RSAPrivateEncrypt(const unsigned char* RSAKey, unsi
    pkcs12 = d2i_PKCS12(NULL, &RSAKey, RSAKeyLength);
    if (!pkcs12)
 	EXCEPTION(gourou::CLIENT_INVALID_PKCS12, ERR_error_string(ERR_get_error(), NULL));
+
    PKCS12_parse(pkcs12, password.c_str(), &pkey, &cert, &ca);
+
+    if (!pkey)
+	EXCEPTION(gourou::CLIENT_INVALID_PKCS12, ERR_error_string(ERR_get_error(), NULL));
+
    rsa = EVP_PKEY_get1_RSA(pkey);

    int ret = RSA_private_encrypt(dataLength, data, res, rsa, RSA_PKCS1_PADDING);
@@ -413,6 +445,9 @@ void DRMProcessorClientImpl::extractCertificate(const unsigned char* RSAKey, uns
 	EXCEPTION(gourou::CLIENT_INVALID_PKCS12, ERR_error_string(ERR_get_error(), NULL));
    PKCS12_parse(pkcs12, password.c_str(), &pkey, &cert, &ca);

+    if (!cert)
+	EXCEPTION(gourou::CLIENT_INVALID_PKCS12, ERR_error_string(ERR_get_error(), NULL));
+
    *certOutLength = i2d_X509(cert, certOut);

    EVP_PKEY_free(pkey);