openssl: Bump openssl requirement to 0.9.8
This commit is contained in:
parent
9fa730bb95
commit
1f06a76b1a
|
@ -21,7 +21,7 @@ define([VS_FF_PRODUCT_URL], [https://github.com/OpenSC/OpenSC])
|
|||
|
||||
m4_sinclude(version.m4.ci)
|
||||
|
||||
m4_define([openssl_minimum_version], [0.9.7])
|
||||
m4_define([openssl_minimum_version], [0.9.8])
|
||||
|
||||
AC_INIT([PRODUCT_NAME],[PACKAGE_VERSION_MAJOR.PACKAGE_VERSION_MINOR.PACKAGE_VERSION_FIX[]PACKAGE_SUFFIX],[PRODUCT_BUGREPORT],[PRODUCT_TARNAME],[PRODUCT_URL])
|
||||
AC_CONFIG_AUX_DIR([.])
|
||||
|
|
|
@ -3152,7 +3152,6 @@ iasecc_qsign_data_sha1(struct sc_context *ctx, const unsigned char *in, size_t i
|
|||
}
|
||||
|
||||
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x00908000L
|
||||
static int
|
||||
iasecc_qsign_data_sha256(struct sc_context *ctx, const unsigned char *in, size_t in_len,
|
||||
struct iasecc_qsign_data *out)
|
||||
|
@ -3203,7 +3202,6 @@ iasecc_qsign_data_sha256(struct sc_context *ctx, const unsigned char *in, size_t
|
|||
|
||||
LOG_FUNC_RETURN(ctx, SC_SUCCESS);
|
||||
}
|
||||
#endif
|
||||
|
||||
|
||||
static int
|
||||
|
@ -3234,11 +3232,7 @@ iasecc_compute_signature_dst(struct sc_card *card,
|
|||
rv = iasecc_qsign_data_sha1(card->ctx, in, in_len, &qsign_data);
|
||||
}
|
||||
else if (env->algorithm_flags & SC_ALGORITHM_RSA_HASH_SHA256) {
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x00908000L
|
||||
rv = iasecc_qsign_data_sha256(card->ctx, in, in_len, &qsign_data);
|
||||
#else
|
||||
LOG_TEST_RET(ctx, SC_ERROR_NOT_SUPPORTED, "SHA256 is not supported by OpenSSL previous to v0.9.8");
|
||||
#endif
|
||||
}
|
||||
else
|
||||
LOG_TEST_RET(ctx, SC_ERROR_INVALID_ARGUMENTS, "Need RSA_HASH_SHA1 or RSA_HASH_SHA256 algorithm");
|
||||
|
|
|
@ -47,14 +47,6 @@
|
|||
#define OBERTHUR_PIN_REFERENCE_SO 0x04
|
||||
#define OBERTHUR_PIN_REFERENCE_PUK 0x84
|
||||
|
||||
/* keep OpenSSL 0.9.6 users happy ;-) */
|
||||
#if OPENSSL_VERSION_NUMBER < 0x00907000L
|
||||
#define DES_cblock des_cblock
|
||||
#define DES_key_schedule des_key_schedule
|
||||
#define DES_set_key_unchecked(a,b) des_set_key_unchecked(a,*b)
|
||||
#define DES_ecb_encrypt(a,b,c,d) des_ecb_encrypt(a,b,*c,d)
|
||||
#endif
|
||||
|
||||
static const struct sc_atr_table oberthur_atrs[] = {
|
||||
{ "3B:7D:18:00:00:00:31:80:71:8E:64:77:E3:01:00:82:90:00", NULL,
|
||||
"Oberthur 64k v4/2.1.1", SC_CARD_TYPE_OBERTHUR_64K, 0, NULL },
|
||||
|
|
|
@ -41,41 +41,6 @@ extern "C" {
|
|||
*
|
||||
*/
|
||||
|
||||
/*
|
||||
* EVP_CIPHER_CTX functions:
|
||||
* EVP_CIPHER_CTX_new not in 0.9.7
|
||||
* EVP_CIPHER_CTX_free not in 0.9.7
|
||||
* EVP_CIPHER_CTX_init in 0.9.7 to 1.0.2. defined in 1.1 as EVP_CIPHER_CTX_reset
|
||||
* EVP_CIPHER_CTX_cleanup in 0.9.7 to 1.0.2, defined in 1.1 as EVP_CIPHER_CTX_reset
|
||||
* EVP_CIPHER_CTX_reset only in 1.1
|
||||
*
|
||||
* EVP_CIPHER_CTX_new does a EVP_CIPHER_CTX_init
|
||||
* EVP_CIPHER_CTX_free does a EVP_CIPHER_CTX_cleanup
|
||||
* EVP_CIPHER_CTX_cleanup does equivalent of a EVP_CIPHER_CTX_init
|
||||
* Use EVP_CIPHER_CTX_new, EVP_CIPHER_CTX_free, and EVP_CIPHER_CTX_cleanup between operations
|
||||
*/
|
||||
|
||||
#if OPENSSL_VERSION_NUMBER <= 0x009070dfL
|
||||
|
||||
/* in 0.9.7 EVP_CIPHER_CTX was always allocated inline or in other structures */
|
||||
|
||||
#define EVP_CIPHER_CTX_new() ({ \
|
||||
EVP_CIPHER_CTX * tmp = NULL; \
|
||||
tmp = OPENSSL_malloc(sizeof(struct evp_cipher_ctx_st)); \
|
||||
if (tmp) { \
|
||||
EVP_CIPHER_CTX_init(tmp); \
|
||||
} \
|
||||
tmp; \
|
||||
})
|
||||
|
||||
#define EVP_CIPHER_CTX_free(x) ({ \
|
||||
if (x) { \
|
||||
EVP_CIPHER_CTX_cleanup(x); \
|
||||
OPENSSL_free(x); \
|
||||
} \
|
||||
})
|
||||
#endif /* OPENSSL_VERSION_NUMBER =< 0x00907000L */
|
||||
|
||||
/*
|
||||
* 1.1 renames RSA_PKCS1_SSLeay to RSA_PKCS1_OpenSSL
|
||||
* use RSA_PKCS1_OpenSSL
|
||||
|
|
|
@ -5017,10 +5017,6 @@ register_mechanisms(struct sc_pkcs11_card *p11card)
|
|||
*/
|
||||
if (!(rsa_flags & SC_ALGORITHM_RSA_HASHES)) {
|
||||
rsa_flags |= SC_ALGORITHM_RSA_HASHES;
|
||||
#if OPENSSL_VERSION_NUMBER < 0x00908000L
|
||||
/* turn off hashes not in openssl 0.9.8 */
|
||||
rsa_flags &= ~(SC_ALGORITHM_RSA_HASH_SHA256 | SC_ALGORITHM_RSA_HASH_SHA384 | SC_ALGORITHM_RSA_HASH_SHA512 | SC_ALGORITHM_RSA_HASH_SHA224);
|
||||
#endif
|
||||
}
|
||||
#endif
|
||||
|
||||
|
|
|
@ -68,7 +68,6 @@ static sc_pkcs11_mechanism_type_t openssl_sha1_mech = {
|
|||
NULL, /* free_mech_data */
|
||||
};
|
||||
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x00908000L
|
||||
static sc_pkcs11_mechanism_type_t openssl_sha256_mech = {
|
||||
CKM_SHA256,
|
||||
{ 0, 0, CKF_DIGEST },
|
||||
|
@ -119,7 +118,6 @@ static sc_pkcs11_mechanism_type_t openssl_sha512_mech = {
|
|||
NULL, /* mech_data */
|
||||
NULL, /* free_mech_data */
|
||||
};
|
||||
#endif
|
||||
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x10000000L
|
||||
static sc_pkcs11_mechanism_type_t openssl_gostr3411_mech = {
|
||||
|
@ -233,14 +231,12 @@ sc_pkcs11_register_openssl_mechanisms(struct sc_pkcs11_card *p11card)
|
|||
|
||||
openssl_sha1_mech.mech_data = EVP_sha1();
|
||||
sc_pkcs11_register_mechanism(p11card, dup_mem(&openssl_sha1_mech, sizeof openssl_sha1_mech));
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x00908000L
|
||||
openssl_sha256_mech.mech_data = EVP_sha256();
|
||||
sc_pkcs11_register_mechanism(p11card, dup_mem(&openssl_sha256_mech, sizeof openssl_sha256_mech));
|
||||
openssl_sha384_mech.mech_data = EVP_sha384();
|
||||
sc_pkcs11_register_mechanism(p11card, dup_mem(&openssl_sha384_mech, sizeof openssl_sha384_mech));
|
||||
openssl_sha512_mech.mech_data = EVP_sha512();
|
||||
sc_pkcs11_register_mechanism(p11card, dup_mem(&openssl_sha512_mech, sizeof openssl_sha512_mech));
|
||||
#endif
|
||||
openssl_md5_mech.mech_data = EVP_md5();
|
||||
sc_pkcs11_register_mechanism(p11card, dup_mem(&openssl_md5_mech, sizeof openssl_md5_mech));
|
||||
openssl_ripemd160_mech.mech_data = EVP_ripemd160();
|
||||
|
|
|
@ -227,7 +227,6 @@ static int westcos_pkcs15init_generate_key(sc_profile_t *profile,
|
|||
return SC_ERROR_NOT_SUPPORTED;
|
||||
}
|
||||
|
||||
#if OPENSSL_VERSION_NUMBER>=0x00908000L
|
||||
rsa = RSA_new();
|
||||
bn = BN_new();
|
||||
mem = BIO_new(BIO_s_mem());
|
||||
|
@ -240,18 +239,6 @@ static int westcos_pkcs15init_generate_key(sc_profile_t *profile,
|
|||
|
||||
if(!BN_set_word(bn, RSA_F4) ||
|
||||
!RSA_generate_key_ex(rsa, key_info->modulus_length, bn, NULL))
|
||||
#else
|
||||
mem = BIO_new(BIO_s_mem());
|
||||
|
||||
if(mem == NULL)
|
||||
{
|
||||
r = SC_ERROR_OUT_OF_MEMORY;
|
||||
goto out;
|
||||
}
|
||||
|
||||
rsa = RSA_generate_key(key_info->modulus_length, RSA_F4, NULL, NULL);
|
||||
if (!rsa)
|
||||
#endif
|
||||
{
|
||||
r = SC_ERROR_UNKNOWN;
|
||||
goto out;
|
||||
|
|
|
@ -206,7 +206,6 @@ sm_cwa_init_session_keys(struct sc_context *ctx, struct sm_cwa_session *session_
|
|||
memcpy(&session_data->session_mac[0], buff, sizeof(session_data->session_mac));
|
||||
}
|
||||
else if (mechanism == IASECC_ALGORITHM_SYMMETRIC_SHA256) {
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x00908000L
|
||||
xored[35] = 0x01;
|
||||
SHA256(xored, 36, buff);
|
||||
memcpy(&session_data->session_enc[0], buff, sizeof(session_data->session_enc));
|
||||
|
@ -214,10 +213,6 @@ sm_cwa_init_session_keys(struct sc_context *ctx, struct sm_cwa_session *session_
|
|||
xored[35] = 0x02;
|
||||
SHA256(xored, 36, buff);
|
||||
memcpy(&session_data->session_mac[0], buff, sizeof(session_data->session_mac));
|
||||
#else
|
||||
sc_log(ctx, "No FIPS, SHA256 is not supported");
|
||||
return SC_ERROR_INVALID_ARGUMENTS;
|
||||
#endif
|
||||
}
|
||||
else {
|
||||
return SC_ERROR_INVALID_ARGUMENTS;
|
||||
|
|
|
@ -39,9 +39,7 @@
|
|||
#include <openssl/opensslconf.h>
|
||||
#include <openssl/crypto.h>
|
||||
#endif
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x00907000L
|
||||
#include <openssl/conf.h>
|
||||
#endif
|
||||
|
||||
#include <openssl/evp.h>
|
||||
#include <openssl/err.h>
|
||||
|
@ -530,7 +528,7 @@ int main(int argc, char * argv[])
|
|||
|
||||
|
||||
/* OpenSSL magic */
|
||||
#if (OPENSSL_VERSION_NUMBER >= 0x00907000L && OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER)
|
||||
#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
|
||||
OPENSSL_config(NULL);
|
||||
#endif
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
|
||||
|
|
|
@ -38,12 +38,10 @@
|
|||
#include <openssl/opensslconf.h>
|
||||
#include <openssl/crypto.h>
|
||||
#endif
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x00907000L
|
||||
#include <openssl/conf.h>
|
||||
#endif
|
||||
|
||||
#include <openssl/rsa.h>
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x00908000L && !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_ECDSA)
|
||||
#if !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_ECDSA)
|
||||
#include <openssl/ec.h>
|
||||
#include <openssl/ecdsa.h>
|
||||
#endif
|
||||
|
@ -292,7 +290,7 @@ static int gen_key(const char * key_info)
|
|||
keydata = {0, 0, 0, 0, NULL, 0, NULL, 0, NULL, 0};
|
||||
unsigned long expl;
|
||||
u8 expc[4];
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x00908000L && !defined(OPENSSL_NO_EC)
|
||||
#if !defined(OPENSSL_NO_EC)
|
||||
int nid = -1;
|
||||
#endif
|
||||
sc_hex_to_bin(key_info, buf, &buflen);
|
||||
|
@ -316,7 +314,7 @@ static int gen_key(const char * key_info)
|
|||
case 0x05: keydata.key_bits = 3072; break;
|
||||
case 0x06: keydata.key_bits = 1024; break;
|
||||
case 0x07: keydata.key_bits = 2048; break;
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x00908000L && !defined(OPENSSL_NO_EC)
|
||||
#if !defined(OPENSSL_NO_EC)
|
||||
case 0x11: keydata.key_bits = 0;
|
||||
nid = NID_X9_62_prime256v1; /* We only support one curve per algid */
|
||||
break;
|
||||
|
@ -368,7 +366,7 @@ static int gen_key(const char * key_info)
|
|||
EVP_PKEY_assign_RSA(evpkey, newkey);
|
||||
|
||||
} else { /* EC key */
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x00908000L && !defined(OPENSSL_NO_EC)
|
||||
#if !defined(OPENSSL_NO_EC)
|
||||
int i;
|
||||
BIGNUM *x;
|
||||
BIGNUM *y;
|
||||
|
@ -558,7 +556,7 @@ int main(int argc, char *argv[])
|
|||
util_print_usage_and_die(app_name, options, option_help, NULL);
|
||||
|
||||
|
||||
//#if (OPENSSL_VERSION_NUMBER >= 0x00907000L && OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER)
|
||||
//#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
|
||||
// OPENSSL_config(NULL);
|
||||
//#endif
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
|
||||
|
|
|
@ -41,16 +41,14 @@
|
|||
#include <openssl/opensslconf.h>
|
||||
#include <openssl/crypto.h>
|
||||
#endif
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x00907000L
|
||||
#include <openssl/conf.h>
|
||||
#endif
|
||||
#include <openssl/evp.h>
|
||||
#include <openssl/x509.h>
|
||||
#include <openssl/x509v3.h>
|
||||
#include <openssl/asn1t.h>
|
||||
#include <openssl/rsa.h>
|
||||
#include <openssl/pem.h>
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x00908000L && !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_ECDSA)
|
||||
#if !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_ECDSA)
|
||||
#include <openssl/ec.h>
|
||||
#include <openssl/ecdsa.h>
|
||||
#endif
|
||||
|
@ -570,7 +568,7 @@ int main(int argc, char * argv[])
|
|||
#endif
|
||||
|
||||
#ifdef ENABLE_OPENSSL
|
||||
#if (OPENSSL_VERSION_NUMBER >= 0x00907000L && OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER)
|
||||
#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
|
||||
OPENSSL_config(NULL);
|
||||
#endif
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
|
||||
|
@ -3310,7 +3308,7 @@ static void show_object(CK_SESSION_HANDLE sess, CK_OBJECT_HANDLE obj)
|
|||
static CK_OBJECT_HANDLE
|
||||
derive_ec_key(CK_SESSION_HANDLE session, CK_OBJECT_HANDLE key, CK_MECHANISM_TYPE mech_mech)
|
||||
{
|
||||
#if defined(ENABLE_OPENSSL) && OPENSSL_VERSION_NUMBER >= 0x00908000L && !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_ECDSA)
|
||||
#if defined(ENABLE_OPENSSL) && !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_ECDSA)
|
||||
CK_MECHANISM mech;
|
||||
CK_OBJECT_CLASS newkey_class= CKO_SECRET_KEY;
|
||||
CK_KEY_TYPE newkey_type = CKK_GENERIC_SECRET;
|
||||
|
@ -4412,9 +4410,7 @@ static int sign_verify_openssl(CK_SESSION_HANDLE session,
|
|||
EVP_sha1(),
|
||||
EVP_md5(),
|
||||
EVP_ripemd160(),
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x00908000L
|
||||
EVP_sha256(),
|
||||
#endif
|
||||
};
|
||||
#endif
|
||||
|
||||
|
@ -4497,9 +4493,7 @@ static int test_signature(CK_SESSION_HANDLE sess)
|
|||
CKM_SHA1_RSA_PKCS,
|
||||
CKM_MD5_RSA_PKCS,
|
||||
CKM_RIPEMD160_RSA_PKCS,
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x00908000L
|
||||
CKM_SHA256_RSA_PKCS,
|
||||
#endif
|
||||
0xffffff
|
||||
};
|
||||
size_t mechTypes_num = sizeof(mechTypes)/sizeof(CK_MECHANISM_TYPE);
|
||||
|
@ -5110,11 +5104,7 @@ static int encrypt_decrypt(CK_SESSION_HANDLE session,
|
|||
EVP_PKEY_free(pkey);
|
||||
return 0;
|
||||
}
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x00909000L
|
||||
encrypted_len = EVP_PKEY_encrypt_old(encrypted, orig_data, sizeof(orig_data), pkey);
|
||||
#else
|
||||
encrypted_len = EVP_PKEY_encrypt(encrypted, orig_data, sizeof(orig_data), pkey);
|
||||
#endif
|
||||
EVP_PKEY_free(pkey);
|
||||
if (((int) encrypted_len) <= 0) {
|
||||
printf("Encryption failed, returning\n");
|
||||
|
|
|
@ -40,9 +40,7 @@
|
|||
#endif
|
||||
#include <openssl/opensslv.h>
|
||||
#include "libopensc/sc-ossl-compat.h"
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x00907000L
|
||||
#include <openssl/conf.h>
|
||||
#endif
|
||||
#include <openssl/evp.h>
|
||||
#include <openssl/pem.h>
|
||||
#include <openssl/err.h>
|
||||
|
@ -453,7 +451,7 @@ main(int argc, char **argv)
|
|||
unsigned int n;
|
||||
int r = 0;
|
||||
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x00907000L && OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
OPENSSL_config(NULL);
|
||||
#endif
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !(defined LIBRESSL_VERSION_NUMBER)
|
||||
|
|
|
@ -161,12 +161,7 @@ static int generatePrime(BIGNUM *prime, const BIGNUM *s, const int bits, unsigne
|
|||
|
||||
do {
|
||||
// Generate random prime
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x00908000L /* last parm is BN_GENCB which is null in our case */
|
||||
BN_generate_prime_ex(prime, bits, 1, NULL, NULL, NULL);
|
||||
#else
|
||||
BN_generate_prime(prime, bits, 1, NULL, NULL, NULL, NULL );
|
||||
#endif
|
||||
|
||||
} while ((BN_ucmp(prime, s) == -1) && (max_rounds-- > 0)); // If prime < s or not reached 1000 tries
|
||||
|
||||
if (max_rounds > 0)
|
||||
|
|
|
@ -589,7 +589,6 @@ int main(int argc, char *argv[])
|
|||
|
||||
printf("Generate key of length %d.\n", keylen);
|
||||
|
||||
#if OPENSSL_VERSION_NUMBER>=0x00908000L
|
||||
rsa = RSA_new();
|
||||
bn = BN_new();
|
||||
mem = BIO_new(BIO_s_mem());
|
||||
|
@ -602,18 +601,6 @@ int main(int argc, char *argv[])
|
|||
|
||||
if(!BN_set_word(bn, RSA_F4) ||
|
||||
!RSA_generate_key_ex(rsa, keylen, bn, NULL))
|
||||
#else
|
||||
rsa = RSA_generate_key(keylen, RSA_F4, NULL, NULL);
|
||||
mem = BIO_new(BIO_s_mem());
|
||||
|
||||
if(mem == NULL)
|
||||
{
|
||||
printf("Not enough memory.\n");
|
||||
goto out;
|
||||
}
|
||||
|
||||
if (!rsa)
|
||||
#endif
|
||||
{
|
||||
printf("RSA_generate_key_ex return %ld\n", ERR_get_error());
|
||||
goto out;
|
||||
|
|
Loading…
Reference in New Issue