mirror of
https://github.com/gnss-sdr/gnss-sdr
synced 2024-10-30 22:56:22 +00:00
Fix segfault with gnutls
This commit is contained in:
parent
45196a5251
commit
2debff6307
@ -43,6 +43,10 @@
|
|||||||
|
|
||||||
Gnss_Crypto::Gnss_Crypto(const std::string& filePath)
|
Gnss_Crypto::Gnss_Crypto(const std::string& filePath)
|
||||||
{
|
{
|
||||||
|
#if USE_OPENSSL_FALLBACK
|
||||||
|
#else
|
||||||
|
// gnutls_global_init();
|
||||||
|
#endif
|
||||||
readPublicKeyFromPEM(filePath);
|
readPublicKeyFromPEM(filePath);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -57,20 +61,17 @@ Gnss_Crypto::~Gnss_Crypto()
|
|||||||
EC_KEY_free(d_PublicKey);
|
EC_KEY_free(d_PublicKey);
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
#else
|
|
||||||
if (d_PublicKey != nullptr)
|
|
||||||
{
|
|
||||||
gnutls_pubkey_deinit(*d_PublicKey);
|
|
||||||
}
|
|
||||||
|
|
||||||
gnutls_global_deinit();
|
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
bool Gnss_Crypto::have_public_key() const
|
bool Gnss_Crypto::have_public_key() const
|
||||||
{
|
{
|
||||||
|
#if USE_OPENSSL_FALLBACK
|
||||||
return (d_PublicKey != nullptr);
|
return (d_PublicKey != nullptr);
|
||||||
|
#else
|
||||||
|
return (d_PublicKey != gnutls_pubkey_t{});
|
||||||
|
#endif
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@ -299,7 +300,6 @@ void Gnss_Crypto::readPublicKeyFromPEM(const std::string& filePath)
|
|||||||
std::cerr << "OpenSSL: error creating a BIO object with data read from file " << filePath << ". Aborting import" << std::endl;
|
std::cerr << "OpenSSL: error creating a BIO object with data read from file " << filePath << ". Aborting import" << std::endl;
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
// Load the public key from the BIO
|
|
||||||
#if USE_OPENSSL_3
|
#if USE_OPENSSL_3
|
||||||
d_PublicKey = PEM_read_bio_PUBKEY(bio, nullptr, nullptr, nullptr);
|
d_PublicKey = PEM_read_bio_PUBKEY(bio, nullptr, nullptr, nullptr);
|
||||||
#else
|
#else
|
||||||
@ -312,22 +312,23 @@ void Gnss_Crypto::readPublicKeyFromPEM(const std::string& filePath)
|
|||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
#else
|
#else
|
||||||
gnutls_global_init();
|
|
||||||
gnutls_pubkey_t pubKey;
|
|
||||||
gnutls_pubkey_init(&pubKey);
|
|
||||||
d_PublicKey = &pubKey;
|
|
||||||
// Import the PEM data
|
// Import the PEM data
|
||||||
gnutls_datum_t pemDatum = {const_cast<unsigned char*>(reinterpret_cast<unsigned char*>(pemContent.data())), static_cast<unsigned int>(pemContent.size())};
|
gnutls_datum_t pemDatum = {const_cast<unsigned char*>(reinterpret_cast<unsigned char*>(pemContent.data())), static_cast<unsigned int>(pemContent.size())};
|
||||||
int ret = gnutls_pubkey_import(*d_PublicKey, &pemDatum, GNUTLS_X509_FMT_PEM);
|
gnutls_pubkey_t pubkey;
|
||||||
if (ret < 0)
|
gnutls_pubkey_init(&pubkey);
|
||||||
|
|
||||||
|
int ret = gnutls_pubkey_import(pubkey, &pemDatum, GNUTLS_X509_FMT_PEM);
|
||||||
|
if (ret != GNUTLS_E_SUCCESS)
|
||||||
{
|
{
|
||||||
|
gnutls_pubkey_deinit(pubkey);
|
||||||
std::cerr << "GnuTLS: error reading the Public Key from file "
|
std::cerr << "GnuTLS: error reading the Public Key from file "
|
||||||
<< filePath
|
<< filePath
|
||||||
<< ". (Error: " << gnutls_strerror(ret) << "). Aborting import" << std::endl;
|
<< ". Aborting import" << std::endl;
|
||||||
gnutls_pubkey_deinit(*d_PublicKey);
|
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
gnutls_pubkey_deinit(pubKey);
|
gnutls_pubkey_init(&d_PublicKey);
|
||||||
|
d_PublicKey = pubkey;
|
||||||
|
gnutls_pubkey_deinit(pubkey);
|
||||||
#endif
|
#endif
|
||||||
std::cout << "Public key successfully read from file " << filePath << std::endl;
|
std::cout << "Public key successfully read from file " << filePath << std::endl;
|
||||||
}
|
}
|
||||||
@ -335,6 +336,10 @@ void Gnss_Crypto::readPublicKeyFromPEM(const std::string& filePath)
|
|||||||
|
|
||||||
bool Gnss_Crypto::verify_signature(const std::vector<uint8_t>& message, const std::vector<uint8_t>& signature)
|
bool Gnss_Crypto::verify_signature(const std::vector<uint8_t>& message, const std::vector<uint8_t>& signature)
|
||||||
{
|
{
|
||||||
|
if (!have_public_key())
|
||||||
|
{
|
||||||
|
return false;
|
||||||
|
}
|
||||||
bool success = false;
|
bool success = false;
|
||||||
#if USE_OPENSSL_FALLBACK
|
#if USE_OPENSSL_FALLBACK
|
||||||
#if USE_OPENSSL_3
|
#if USE_OPENSSL_3
|
||||||
@ -378,7 +383,7 @@ bool Gnss_Crypto::verify_signature(const std::vector<uint8_t>& message, const st
|
|||||||
#else
|
#else
|
||||||
// Verify the dummy hash using the public key
|
// Verify the dummy hash using the public key
|
||||||
gnutls_datum_t dummyHash = {nullptr, 0};
|
gnutls_datum_t dummyHash = {nullptr, 0};
|
||||||
int ret2 = gnutls_pubkey_verify_hash2(*d_PublicKey, GNUTLS_SIGN_ECDSA_SHA256, 0, &dummyHash, &dummyHash);
|
int ret2 = gnutls_pubkey_verify_hash2(d_PublicKey, GNUTLS_SIGN_ECDSA_SHA256, 0, &dummyHash, &dummyHash);
|
||||||
if (ret2 != GNUTLS_E_SUCCESS)
|
if (ret2 != GNUTLS_E_SUCCESS)
|
||||||
{
|
{
|
||||||
std::cout << "GnuTLS: The Public Key is invalid" << std::endl;
|
std::cout << "GnuTLS: The Public Key is invalid" << std::endl;
|
||||||
@ -389,7 +394,7 @@ bool Gnss_Crypto::verify_signature(const std::vector<uint8_t>& message, const st
|
|||||||
gnutls_datum_t data_{};
|
gnutls_datum_t data_{};
|
||||||
data_.data = const_cast<uint8_t*>(message.data());
|
data_.data = const_cast<uint8_t*>(message.data());
|
||||||
data_.size = message.size();
|
data_.size = message.size();
|
||||||
int ret = gnutls_pubkey_verify_data2(*d_PublicKey, GNUTLS_SIGN_ECDSA_SHA256, 0, &data_, &signature_);
|
int ret = gnutls_pubkey_verify_data2(d_PublicKey, GNUTLS_SIGN_ECDSA_SHA256, 0, &data_, &signature_);
|
||||||
if (ret == GNUTLS_E_SUCCESS)
|
if (ret == GNUTLS_E_SUCCESS)
|
||||||
{
|
{
|
||||||
success = true;
|
success = true;
|
||||||
|
@ -56,7 +56,7 @@ private:
|
|||||||
EC_KEY* d_PublicKey = nullptr;
|
EC_KEY* d_PublicKey = nullptr;
|
||||||
#endif
|
#endif
|
||||||
#else
|
#else
|
||||||
gnutls_pubkey_t* d_PublicKey;
|
gnutls_pubkey_t d_PublicKey{};
|
||||||
#endif
|
#endif
|
||||||
};
|
};
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user