diff --git a/ChangeLog.txt b/ChangeLog.txt index 5d9cdea..4b8dfe8 100644 --- a/ChangeLog.txt +++ b/ChangeLog.txt @@ -6,10 +6,17 @@ # file, you can obtain one at https://mozilla.org/MPL/2.0/. # +Version 1.2.3-rc2 - 2023-07-10 +-------------------------- + +* Update m4 macros to remove build warnings on Ubuntu Jammy +* Inspector: Update pseudoanonymisation code for OpenSSL 3.0 to remove warnings + about deprecated functions on Ubuntu Jammy + Version 1.2.3-rc1 - 2023-06-14 -------------------------- -* Extend template backend to write EDNS OPT codes +* Inspector: Extend template backend to write EDNS OPT codes Version 1.2.2 - 2022-07-11 -------------------------- diff --git a/src/pseudoanonymise.cpp b/src/pseudoanonymise.cpp index 86c5fe8..7ae5191 100644 --- a/src/pseudoanonymise.cpp +++ b/src/pseudoanonymise.cpp @@ -1,5 +1,5 @@ /* - * Copyright 2018-2019, 2021 Internet Corporation for Assigned Names and Numbers. + * Copyright 2018-2019, 2021, 2023 Internet Corporation for Assigned Names and Numbers. * * This Source Code Form is subject to the terms of the Mozilla Public * License, v. 2.0. If a copy of the MPL was not distributed with this @@ -39,8 +39,12 @@ PseudoAnonymise::PseudoAnonymise(const byte_string& key) { if ( key.size() != 16 ) throw std::logic_error("Keys must be 16 bytes long"); +#if OPENSSL_VERSION_MAJOR >= 3 + key_str = key; +#else if ( AES_set_encrypt_key(key.data(), key.size() * 8, &aes_key) != 0 ) throw std::range_error("Key setup error"); +#endif } IPAddress PseudoAnonymise::address(const IPAddress& addr) const @@ -56,7 +60,42 @@ IPAddress PseudoAnonymise::address(const IPAddress& addr) const addr_in = addr4 + addr4 + addr4 + addr4; } +#if OPENSSL_VERSION_MAJOR >= 3 + auto cipher_ctx = std::unique_ptr(EVP_CIPHER_CTX_new(), &EVP_CIPHER_CTX_free); + if (cipher_ctx == nullptr) { + throw std::runtime_error("Could not initialize EVP cipher context"); + } + + auto cipher = std::unique_ptr(EVP_CIPHER_fetch(nullptr, "AES-128-CBC", nullptr), &EVP_CIPHER_free); + if (cipher == nullptr) { + throw std::runtime_error("Could not initialize EVP cipher"); + } + + if (EVP_EncryptInit(cipher_ctx.get(), cipher.get(), reinterpret_cast(key_str.c_str()), nullptr) == 0) { + throw std::runtime_error("Could not initialize EVP encryption algorithm"); + } + + // Disable padding + const auto in_size = addr_in.size(); + assert(in_size == 16); + const auto blocksize = EVP_CIPHER_get_block_size(cipher.get()); + assert(blocksize == 16); + EVP_CIPHER_CTX_set_padding(cipher_ctx.get(), 0); + + int update_len = 0; + if (EVP_EncryptUpdate(cipher_ctx.get(), &addr_out.front(), &update_len, addr_in.data(), static_cast(in_size)) == 0) { + throw std::runtime_error("Could not encrypt address"); + } + + int final_len = 0; + if (EVP_EncryptFinal_ex(cipher_ctx.get(), &addr_out.front() + update_len, &final_len) == 0) { + throw std::runtime_error("Could not finalize address encryption"); + } + + assert(update_len + final_len == (int)in_size); +#else AES_encrypt(addr_in.data(), &addr_out.front(), &aes_key); +#endif return IPAddress(addr.is_ipv6() ? addr_out : addr_out.substr(0, 4)); } diff --git a/src/pseudoanonymise.hpp b/src/pseudoanonymise.hpp index e84dd3d..833b463 100644 --- a/src/pseudoanonymise.hpp +++ b/src/pseudoanonymise.hpp @@ -1,5 +1,5 @@ /* - * Copyright 2018-2019 Internet Corporation for Assigned Names and Numbers. + * Copyright 2018-2019, 2023 Internet Corporation for Assigned Names and Numbers. * * This Source Code Form is subject to the terms of the Mozilla Public * License, v. 2.0. If a copy of the MPL was not distributed with this @@ -93,7 +93,11 @@ class PseudoAnonymise static byte_string generate_key(const char *str, const char *salt); private: +#if OPENSSL_VERSION_MAJOR >= 3 + byte_string key_str; +#else AES_KEY aes_key; +#endif }; #else