diff --git a/.github/workflows/build_and_test_clang_debug.yml b/.github/workflows/build_and_test_clang_debug.yml index ad46288759..63b5c3f2df 100644 --- a/.github/workflows/build_and_test_clang_debug.yml +++ b/.github/workflows/build_and_test_clang_debug.yml @@ -59,9 +59,9 @@ jobs: -DUSE_OPENTRACING=ON \ -DOMIT_TEST_OUTPUT=OFF\ -DKEEP_APOLLO_LOGS=TRUE\ - -DUSE_CRYPTOPP_HASH=TRUE\ + -DUSE_CRYPTOPP_SHA_256=FALSE\ -DUSE_OPENSSL_SHA_256=FALSE\ - -DUSE_OPENSSL_SHA3_256=FALSE\ + -DUSE_OPENSSL_SHA3_256=TRUE\ -DUSE_FAKE_CLOCK_IN_TIME_SERVICE=TRUE\" "\ && script -q -e -c "make test" - name: Prepare artifacts diff --git a/.github/workflows/build_and_test_clang_release.yml b/.github/workflows/build_and_test_clang_release.yml index e1ade905a1..316af32b39 100644 --- a/.github/workflows/build_and_test_clang_release.yml +++ b/.github/workflows/build_and_test_clang_release.yml @@ -60,9 +60,9 @@ jobs: -DUSE_OPENTRACING=ON \ -DOMIT_TEST_OUTPUT=OFF\ -DKEEP_APOLLO_LOGS=TRUE\ - -DUSE_CRYPTOPP_HASH=TRUE\ + -DUSE_CRYPTOPP_SHA_256=FALSE\ -DUSE_OPENSSL_SHA_256=FALSE\ - -DUSE_OPENSSL_SHA3_256=FALSE\ + -DUSE_OPENSSL_SHA3_256=TRUE\ -DUSE_FAKE_CLOCK_IN_TIME_SERVICE=TRUE\" "\ && script -q -e -c "make test" - name: Prepare artifacts diff --git a/.github/workflows/build_and_test_gcc_debug.yml b/.github/workflows/build_and_test_gcc_debug.yml index f55ea78f1d..77810580ac 100644 --- a/.github/workflows/build_and_test_gcc_debug.yml +++ b/.github/workflows/build_and_test_gcc_debug.yml @@ -59,9 +59,9 @@ jobs: -DOMIT_TEST_OUTPUT=OFF\ -DKEEP_APOLLO_LOGS=TRUE\ -DRUN_APOLLO_TESTS=FALSE\ - -DUSE_CRYPTOPP_HASH=TRUE\ + -DUSE_CRYPTOPP_SHA_256=FALSE\ -DUSE_OPENSSL_SHA_256=FALSE\ - -DUSE_OPENSSL_SHA3_256=FALSE\ + -DUSE_OPENSSL_SHA3_256=TRUE\ -DUSE_FAKE_CLOCK_IN_TIME_SERVICE=TRUE\" "\ && script -q -e -c "make test" - name: Prepare artifacts diff --git a/.github/workflows/build_and_test_gcc_release.yml b/.github/workflows/build_and_test_gcc_release.yml index 20e71606c2..5f2aa76183 100644 --- a/.github/workflows/build_and_test_gcc_release.yml +++ b/.github/workflows/build_and_test_gcc_release.yml @@ -59,9 +59,9 @@ jobs: -DOMIT_TEST_OUTPUT=OFF\ -DKEEP_APOLLO_LOGS=TRUE\ -DRUN_APOLLO_TESTS=FALSE\ - -DUSE_CRYPTOPP_HASH=TRUE\ + -DUSE_CRYPTOPP_SHA_256=FALSE\ -DUSE_OPENSSL_SHA_256=FALSE\ - -DUSE_OPENSSL_SHA3_256=FALSE\ + -DUSE_OPENSSL_SHA3_256=TRUE\ -DUSE_FAKE_CLOCK_IN_TIME_SERVICE=TRUE\" "\ && script -q -e -c "make test" - name: Prepare artifacts diff --git a/.github/workflows/clang-tidy.yml b/.github/workflows/clang-tidy.yml index bcbcd734af..9c47d9e413 100644 --- a/.github/workflows/clang-tidy.yml +++ b/.github/workflows/clang-tidy.yml @@ -37,9 +37,9 @@ jobs: -DUSE_S3_OBJECT_STORE=TRUE \ -DUSE_OPENTRACING=ON \ -DOMIT_TEST_OUTPUT=OFF\ - -DUSE_CRYPTOPP_HASH=TRUE\ + -DUSE_CRYPTOPP_SHA_256=FALSE\ -DUSE_OPENSSL_SHA_256=FALSE\ - -DUSE_OPENSSL_SHA3_256=FALSE\ + -DUSE_OPENSSL_SHA3_256=TRUE\ -DUSE_FAKE_CLOCK_IN_TIME_SERVICE=TRUE\" "\ - name: Print failure info if: failure() diff --git a/CMakeLists.txt b/CMakeLists.txt index f03a0f30a2..5689c5d5bc 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -114,19 +114,6 @@ if(CODECOVERAGE) message( "-- Building with llvm Code Coverage Tools") endif() -if(USE_CRYPTOPP_HASH) - message("-- USE_CRYPTOPP_HASH Enabled") - string(APPEND CMAKE_CXX_FLAGS " -DUSE_CRYPTOPP_HASH") -elseif(USE_OPENSSL_SHA_256) - message("-- USE_OPENSSL_SHA_256 Enabled") - string(APPEND CMAKE_CXX_FLAGS " -DUSE_OPENSSL_SHA_256") -elseif(USE_OPENSSL_SHA3_256) - message("-- USE_OPENSSL_SHA3_256 Enabled") - string(APPEND CMAKE_CXX_FLAGS " -DUSE_OPENSSL_SHA3_256") -else() - message(FATAL_ERROR "None of the cryptographic hashing libraries are enabled.") -endif() - if(USE_S3_OBJECT_STORE) add_compile_definitions(USE_S3_OBJECT_STORE=1) endif() diff --git a/Makefile b/Makefile index 64abf2eabe..f111597179 100644 --- a/Makefile +++ b/Makefile @@ -57,9 +57,9 @@ CONCORD_BFT_CMAKE_TSAN?=FALSE CONCORD_BFT_CMAKE_CODECOVERAGE?=FALSE CONCORD_BFT_CMAKE_USE_FAKE_CLOCK_IN_TIME_SERVICE?=FALSE ENABLE_RESTART_RECOVERY_TESTS?=FALSE -CONCORD_BFT_CMAKE_USE_CRYPTOPP_HASH?=TRUE +CONCORD_BFT_CMAKE_USE_CRYPTOPP_SHA_256?=FALSE CONCORD_BFT_CMAKE_USE_OPENSSL_SHA_256?=FALSE -CONCORD_BFT_CMAKE_USE_OPENSSL_SHA3_256?=FALSE +CONCORD_BFT_CMAKE_USE_OPENSSL_SHA3_256?=TRUE ifeq (${CONCORD_BFT_CMAKE_ASAN},TRUE) CONCORD_BFT_CMAKE_CXX_FLAGS_RELEASE='-O0 -g' @@ -97,7 +97,7 @@ CONCORD_BFT_CMAKE_FLAGS?= \ -DENABLE_RESTART_RECOVERY_TESTS=${ENABLE_RESTART_RECOVERY_TESTS} -DUSE_OPENSSL_SHA_256=${CONCORD_BFT_CMAKE_USE_OPENSSL_SHA_256} \ -DUSE_OPENSSL_SHA3_256=${CONCORD_BFT_CMAKE_USE_OPENSSL_SHA3_256} \ - -DUSE_CRYPTOPP_HASH=${CONCORD_BFT_CMAKE_USE_CRYPTOPP_HASH} + -DUSE_CRYPTOPP_SHA_256=${CONCORD_BFT_CMAKE_USE_CRYPTOPP_SHA_256} # The consistency parameter makes sense only at MacOS. # It is ignored at all other platforms. diff --git a/bftengine/src/bftengine/KeyExchangeManager.cpp b/bftengine/src/bftengine/KeyExchangeManager.cpp index 9a95d1f0fc..34e7093234 100644 --- a/bftengine/src/bftengine/KeyExchangeManager.cpp +++ b/bftengine/src/bftengine/KeyExchangeManager.cpp @@ -158,7 +158,7 @@ void KeyExchangeManager::exchangeTlsKeys(const std::string& type, const SeqNum& bftEngine::ReplicaConfig::instance().certificatesRootPath + "/" + std::to_string(repID_); std::string root_path = (use_unified_certs) ? base_path : base_path + "/" + type; std::string cert_path = (use_unified_certs) ? root_path + "/node.cert" : root_path + "/" + type + ".cert"; - std::string prev_key_pem = concord::util::crypto::Crypto::instance() + std::string prev_key_pem = concord::util::cryptopp_utils::Crypto::instance() .RsaHexToPem(std::make_pair(SigManager::instance()->getSelfPrivKey(), "")) .first; auto cert = diff --git a/client/reconfiguration/src/default_handlers.cpp b/client/reconfiguration/src/default_handlers.cpp index 07dc72f271..8c5f66d6e3 100644 --- a/client/reconfiguration/src/default_handlers.cpp +++ b/client/reconfiguration/src/default_handlers.cpp @@ -12,7 +12,8 @@ #include "client/reconfiguration/default_handlers.hpp" #include "bftclient/StateControl.hpp" #include "concord.cmf.hpp" -#include "crypto_utils.hpp" +#include "cryptopp_utils.hpp" +#include "openssl_utils.hpp" #include "ReplicaConfig.hpp" #include diff --git a/communication/src/AsyncTlsConnection.cpp b/communication/src/AsyncTlsConnection.cpp index 0a16dcf449..50d5b30ec7 100644 --- a/communication/src/AsyncTlsConnection.cpp +++ b/communication/src/AsyncTlsConnection.cpp @@ -430,7 +430,7 @@ std::pair AsyncTlsConnection::checkCertificate(X509* received_cer uint32_t peerId = UINT32_MAX; std::string conn_type; // (1) First, try to verify the certificate against the latest saved certificate - bool res = concord::util::crypto::CertificateUtils::verifyCertificate( + bool res = concord::util::openssl_utils::CertificateUtils::verifyCertificate( received_cert, config_.certificatesRootPath_, peerId, conn_type, config_.useUnifiedCertificates_); if (expected_peer_id.has_value() && peerId != expected_peer_id.value()) return std::make_pair(false, peerId); if (res) return std::make_pair(res, peerId);