1
0
mirror of https://github.com/gnss-sdr/gnss-sdr synced 2024-10-30 22:56:22 +00:00

Fix segfault with gnutls

This commit is contained in:
Carles Fernandez 2023-06-12 12:52:00 +02:00
parent 45196a5251
commit 2debff6307
No known key found for this signature in database
GPG Key ID: 4C583C52B0C3877D
2 changed files with 25 additions and 20 deletions

View File

@ -43,6 +43,10 @@
Gnss_Crypto::Gnss_Crypto(const std::string& filePath) Gnss_Crypto::Gnss_Crypto(const std::string& filePath)
{ {
#if USE_OPENSSL_FALLBACK
#else
// gnutls_global_init();
#endif
readPublicKeyFromPEM(filePath); readPublicKeyFromPEM(filePath);
} }
@ -57,20 +61,17 @@ Gnss_Crypto::~Gnss_Crypto()
EC_KEY_free(d_PublicKey); EC_KEY_free(d_PublicKey);
} }
#endif #endif
#else
if (d_PublicKey != nullptr)
{
gnutls_pubkey_deinit(*d_PublicKey);
}
gnutls_global_deinit();
#endif #endif
} }
bool Gnss_Crypto::have_public_key() const bool Gnss_Crypto::have_public_key() const
{ {
#if USE_OPENSSL_FALLBACK
return (d_PublicKey != nullptr); return (d_PublicKey != nullptr);
#else
return (d_PublicKey != gnutls_pubkey_t{});
#endif
} }
@ -299,7 +300,6 @@ void Gnss_Crypto::readPublicKeyFromPEM(const std::string& filePath)
std::cerr << "OpenSSL: error creating a BIO object with data read from file " << filePath << ". Aborting import" << std::endl; std::cerr << "OpenSSL: error creating a BIO object with data read from file " << filePath << ". Aborting import" << std::endl;
return; return;
} }
// Load the public key from the BIO
#if USE_OPENSSL_3 #if USE_OPENSSL_3
d_PublicKey = PEM_read_bio_PUBKEY(bio, nullptr, nullptr, nullptr); d_PublicKey = PEM_read_bio_PUBKEY(bio, nullptr, nullptr, nullptr);
#else #else
@ -312,22 +312,23 @@ void Gnss_Crypto::readPublicKeyFromPEM(const std::string& filePath)
return; return;
} }
#else #else
gnutls_global_init();
gnutls_pubkey_t pubKey;
gnutls_pubkey_init(&pubKey);
d_PublicKey = &pubKey;
// Import the PEM data // Import the PEM data
gnutls_datum_t pemDatum = {const_cast<unsigned char*>(reinterpret_cast<unsigned char*>(pemContent.data())), static_cast<unsigned int>(pemContent.size())}; gnutls_datum_t pemDatum = {const_cast<unsigned char*>(reinterpret_cast<unsigned char*>(pemContent.data())), static_cast<unsigned int>(pemContent.size())};
int ret = gnutls_pubkey_import(*d_PublicKey, &pemDatum, GNUTLS_X509_FMT_PEM); gnutls_pubkey_t pubkey;
if (ret < 0) gnutls_pubkey_init(&pubkey);
int ret = gnutls_pubkey_import(pubkey, &pemDatum, GNUTLS_X509_FMT_PEM);
if (ret != GNUTLS_E_SUCCESS)
{ {
gnutls_pubkey_deinit(pubkey);
std::cerr << "GnuTLS: error reading the Public Key from file " std::cerr << "GnuTLS: error reading the Public Key from file "
<< filePath << filePath
<< ". (Error: " << gnutls_strerror(ret) << "). Aborting import" << std::endl; << ". Aborting import" << std::endl;
gnutls_pubkey_deinit(*d_PublicKey);
return; return;
} }
gnutls_pubkey_deinit(pubKey); gnutls_pubkey_init(&d_PublicKey);
d_PublicKey = pubkey;
gnutls_pubkey_deinit(pubkey);
#endif #endif
std::cout << "Public key successfully read from file " << filePath << std::endl; std::cout << "Public key successfully read from file " << filePath << std::endl;
} }
@ -335,6 +336,10 @@ void Gnss_Crypto::readPublicKeyFromPEM(const std::string& filePath)
bool Gnss_Crypto::verify_signature(const std::vector<uint8_t>& message, const std::vector<uint8_t>& signature) bool Gnss_Crypto::verify_signature(const std::vector<uint8_t>& message, const std::vector<uint8_t>& signature)
{ {
if (!have_public_key())
{
return false;
}
bool success = false; bool success = false;
#if USE_OPENSSL_FALLBACK #if USE_OPENSSL_FALLBACK
#if USE_OPENSSL_3 #if USE_OPENSSL_3
@ -378,7 +383,7 @@ bool Gnss_Crypto::verify_signature(const std::vector<uint8_t>& message, const st
#else #else
// Verify the dummy hash using the public key // Verify the dummy hash using the public key
gnutls_datum_t dummyHash = {nullptr, 0}; gnutls_datum_t dummyHash = {nullptr, 0};
int ret2 = gnutls_pubkey_verify_hash2(*d_PublicKey, GNUTLS_SIGN_ECDSA_SHA256, 0, &dummyHash, &dummyHash); int ret2 = gnutls_pubkey_verify_hash2(d_PublicKey, GNUTLS_SIGN_ECDSA_SHA256, 0, &dummyHash, &dummyHash);
if (ret2 != GNUTLS_E_SUCCESS) if (ret2 != GNUTLS_E_SUCCESS)
{ {
std::cout << "GnuTLS: The Public Key is invalid" << std::endl; std::cout << "GnuTLS: The Public Key is invalid" << std::endl;
@ -389,7 +394,7 @@ bool Gnss_Crypto::verify_signature(const std::vector<uint8_t>& message, const st
gnutls_datum_t data_{}; gnutls_datum_t data_{};
data_.data = const_cast<uint8_t*>(message.data()); data_.data = const_cast<uint8_t*>(message.data());
data_.size = message.size(); data_.size = message.size();
int ret = gnutls_pubkey_verify_data2(*d_PublicKey, GNUTLS_SIGN_ECDSA_SHA256, 0, &data_, &signature_); int ret = gnutls_pubkey_verify_data2(d_PublicKey, GNUTLS_SIGN_ECDSA_SHA256, 0, &data_, &signature_);
if (ret == GNUTLS_E_SUCCESS) if (ret == GNUTLS_E_SUCCESS)
{ {
success = true; success = true;

View File

@ -56,7 +56,7 @@ private:
EC_KEY* d_PublicKey = nullptr; EC_KEY* d_PublicKey = nullptr;
#endif #endif
#else #else
gnutls_pubkey_t* d_PublicKey; gnutls_pubkey_t d_PublicKey{};
#endif #endif
}; };