giomba
/
opensc
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

openssl: Bump openssl requirement to 0.9.8

This commit is contained in:
Priit Laes 2018-08-22 20:26:33 +03:00 committed by Frank Morgner
parent 9fa730bb95
commit 1f06a76b1a
14 changed files with 11 additions and 120 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
configure.ac
View File

@ -21,7 +21,7 @@ define([VS_FF_PRODUCT_URL], [https://github.com/OpenSC/OpenSC])
m4_sinclude(version.m4.ci)
m4_define([openssl_minimum_version], [0.9.7])
m4_define([openssl_minimum_version], [0.9.8])
AC_INIT([PRODUCT_NAME],[PACKAGE_VERSION_MAJOR.PACKAGE_VERSION_MINOR.PACKAGE_VERSION_FIX[]PACKAGE_SUFFIX],[PRODUCT_BUGREPORT],[PRODUCT_TARNAME],[PRODUCT_URL])
AC_CONFIG_AUX_DIR([.])

6
src/libopensc/card-iasecc.c
View File

@ -3152,7 +3152,6 @@ iasecc_qsign_data_sha1(struct sc_context *ctx, const unsigned char *in, size_t i
}
#if OPENSSL_VERSION_NUMBER >= 0x00908000L
static int
iasecc_qsign_data_sha256(struct sc_context *ctx, const unsigned char *in, size_t in_len,
struct iasecc_qsign_data *out)
@ -3203,7 +3202,6 @@ iasecc_qsign_data_sha256(struct sc_context *ctx, const unsigned char *in, size_t
LOG_FUNC_RETURN(ctx, SC_SUCCESS);
}
#endif
static int
@ -3234,11 +3232,7 @@ iasecc_compute_signature_dst(struct sc_card *card,
rv = iasecc_qsign_data_sha1(card->ctx, in, in_len, &qsign_data);
}
else if (env->algorithm_flags & SC_ALGORITHM_RSA_HASH_SHA256) {
#if OPENSSL_VERSION_NUMBER >= 0x00908000L
rv = iasecc_qsign_data_sha256(card->ctx, in, in_len, &qsign_data);
#else
LOG_TEST_RET(ctx, SC_ERROR_NOT_SUPPORTED, "SHA256 is not supported by OpenSSL previous to v0.9.8");
#endif
}
else
LOG_TEST_RET(ctx, SC_ERROR_INVALID_ARGUMENTS, "Need RSA_HASH_SHA1 or RSA_HASH_SHA256 algorithm");

8
src/libopensc/card-oberthur.c
View File

@ -47,14 +47,6 @@
#define OBERTHUR_PIN_REFERENCE_SO 0x04
#define OBERTHUR_PIN_REFERENCE_PUK 0x84
/* keep OpenSSL 0.9.6 users happy ;-) */
#if OPENSSL_VERSION_NUMBER < 0x00907000L
#define DES_cblock des_cblock
#define DES_key_schedule des_key_schedule
#define DES_set_key_unchecked(a,b) des_set_key_unchecked(a,*b)
#define DES_ecb_encrypt(a,b,c,d) des_ecb_encrypt(a,b,*c,d)
#endif
static const struct sc_atr_table oberthur_atrs[] = {
{ "3B:7D:18:00:00:00:31:80:71:8E:64:77:E3:01:00:82:90:00", NULL,
"Oberthur 64k v4/2.1.1", SC_CARD_TYPE_OBERTHUR_64K, 0, NULL },

35
src/libopensc/sc-ossl-compat.h
View File

@ -41,41 +41,6 @@ extern "C" {
*
*/
/*
* EVP_CIPHER_CTX functions:
* EVP_CIPHER_CTX_new not in 0.9.7
* EVP_CIPHER_CTX_free not in 0.9.7
* EVP_CIPHER_CTX_init in 0.9.7 to 1.0.2. defined in 1.1 as EVP_CIPHER_CTX_reset
* EVP_CIPHER_CTX_cleanup in 0.9.7 to 1.0.2, defined in 1.1 as EVP_CIPHER_CTX_reset
* EVP_CIPHER_CTX_reset only in 1.1
*
* EVP_CIPHER_CTX_new does a EVP_CIPHER_CTX_init
* EVP_CIPHER_CTX_free does a EVP_CIPHER_CTX_cleanup
* EVP_CIPHER_CTX_cleanup does equivalent of a EVP_CIPHER_CTX_init
* Use EVP_CIPHER_CTX_new, EVP_CIPHER_CTX_free, and EVP_CIPHER_CTX_cleanup between operations
*/
#if OPENSSL_VERSION_NUMBER <= 0x009070dfL
/* in 0.9.7 EVP_CIPHER_CTX was always allocated inline or in other structures */
#define EVP_CIPHER_CTX_new() ({ \
EVP_CIPHER_CTX * tmp = NULL; \
tmp = OPENSSL_malloc(sizeof(struct evp_cipher_ctx_st)); \
if (tmp) { \
EVP_CIPHER_CTX_init(tmp); \
} \
tmp; \
})
#define EVP_CIPHER_CTX_free(x) ({ \
if (x) { \
EVP_CIPHER_CTX_cleanup(x); \
OPENSSL_free(x); \
} \
})
#endif /* OPENSSL_VERSION_NUMBER =< 0x00907000L */
/*
* 1.1 renames RSA_PKCS1_SSLeay to RSA_PKCS1_OpenSSL
* use RSA_PKCS1_OpenSSL

4
src/pkcs11/framework-pkcs15.c
View File

@ -5017,10 +5017,6 @@ register_mechanisms(struct sc_pkcs11_card *p11card)
*/
if (!(rsa_flags & SC_ALGORITHM_RSA_HASHES)) {
rsa_flags |= SC_ALGORITHM_RSA_HASHES;
#if OPENSSL_VERSION_NUMBER < 0x00908000L
/* turn off hashes not in openssl 0.9.8 */
rsa_flags &= ~(SC_ALGORITHM_RSA_HASH_SHA256 | SC_ALGORITHM_RSA_HASH_SHA384 | SC_ALGORITHM_RSA_HASH_SHA512 | SC_ALGORITHM_RSA_HASH_SHA224);
#endif
}
#endif

4
src/pkcs11/openssl.c
View File

@ -68,7 +68,6 @@ static sc_pkcs11_mechanism_type_t openssl_sha1_mech = {
NULL, /* free_mech_data */
};
#if OPENSSL_VERSION_NUMBER >= 0x00908000L
static sc_pkcs11_mechanism_type_t openssl_sha256_mech = {
CKM_SHA256,
{ 0, 0, CKF_DIGEST },
@ -119,7 +118,6 @@ static sc_pkcs11_mechanism_type_t openssl_sha512_mech = {
NULL, /* mech_data */
NULL, /* free_mech_data */
};
#endif
#if OPENSSL_VERSION_NUMBER >= 0x10000000L
static sc_pkcs11_mechanism_type_t openssl_gostr3411_mech = {
@ -233,14 +231,12 @@ sc_pkcs11_register_openssl_mechanisms(struct sc_pkcs11_card *p11card)
openssl_sha1_mech.mech_data = EVP_sha1();
sc_pkcs11_register_mechanism(p11card, dup_mem(&openssl_sha1_mech, sizeof openssl_sha1_mech));
#if OPENSSL_VERSION_NUMBER >= 0x00908000L
openssl_sha256_mech.mech_data = EVP_sha256();
sc_pkcs11_register_mechanism(p11card, dup_mem(&openssl_sha256_mech, sizeof openssl_sha256_mech));
openssl_sha384_mech.mech_data = EVP_sha384();
sc_pkcs11_register_mechanism(p11card, dup_mem(&openssl_sha384_mech, sizeof openssl_sha384_mech));
openssl_sha512_mech.mech_data = EVP_sha512();
sc_pkcs11_register_mechanism(p11card, dup_mem(&openssl_sha512_mech, sizeof openssl_sha512_mech));
#endif
openssl_md5_mech.mech_data = EVP_md5();
sc_pkcs11_register_mechanism(p11card, dup_mem(&openssl_md5_mech, sizeof openssl_md5_mech));
openssl_ripemd160_mech.mech_data = EVP_ripemd160();

13
src/pkcs15init/pkcs15-westcos.c
View File

@ -227,7 +227,6 @@ static int westcos_pkcs15init_generate_key(sc_profile_t *profile,
return SC_ERROR_NOT_SUPPORTED;
}
#if OPENSSL_VERSION_NUMBER>=0x00908000L
rsa = RSA_new();
bn = BN_new();
mem = BIO_new(BIO_s_mem());
@ -240,18 +239,6 @@ static int westcos_pkcs15init_generate_key(sc_profile_t *profile,
if(!BN_set_word(bn, RSA_F4) ||
!RSA_generate_key_ex(rsa, key_info->modulus_length, bn, NULL))
#else
mem = BIO_new(BIO_s_mem());
if(mem == NULL)
{
r = SC_ERROR_OUT_OF_MEMORY;
goto out;
}
rsa = RSA_generate_key(key_info->modulus_length, RSA_F4, NULL, NULL);
if (!rsa)
#endif
{
r = SC_ERROR_UNKNOWN;
goto out;

5
src/smm/sm-cwa14890.c
View File

@ -206,7 +206,6 @@ sm_cwa_init_session_keys(struct sc_context *ctx, struct sm_cwa_session *session_
memcpy(&session_data->session_mac[0], buff, sizeof(session_data->session_mac));
}
else if (mechanism == IASECC_ALGORITHM_SYMMETRIC_SHA256) {
#if OPENSSL_VERSION_NUMBER >= 0x00908000L
xored[35] = 0x01;
SHA256(xored, 36, buff);
memcpy(&session_data->session_enc[0], buff, sizeof(session_data->session_enc));
@ -214,10 +213,6 @@ sm_cwa_init_session_keys(struct sc_context *ctx, struct sm_cwa_session *session_
xored[35] = 0x02;
SHA256(xored, 36, buff);
memcpy(&session_data->session_mac[0], buff, sizeof(session_data->session_mac));
#else
sc_log(ctx, "No FIPS, SHA256 is not supported");
return SC_ERROR_INVALID_ARGUMENTS;
#endif
}
else {
return SC_ERROR_INVALID_ARGUMENTS;

4
src/tools/gids-tool.c
View File

@ -39,9 +39,7 @@
#include <openssl/opensslconf.h>
#include <openssl/crypto.h>
#endif
#if OPENSSL_VERSION_NUMBER >= 0x00907000L
#include <openssl/conf.h>
#endif
#include <openssl/evp.h>
#include <openssl/err.h>
@ -530,7 +528,7 @@ int main(int argc, char * argv[])
/* OpenSSL magic */
#if (OPENSSL_VERSION_NUMBER >= 0x00907000L && OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER)
#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
OPENSSL_config(NULL);
#endif
#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)

12
src/tools/piv-tool.c
View File

@ -38,12 +38,10 @@
#include <openssl/opensslconf.h>
#include <openssl/crypto.h>
#endif
#if OPENSSL_VERSION_NUMBER >= 0x00907000L
#include <openssl/conf.h>
#endif
#include <openssl/rsa.h>
#if OPENSSL_VERSION_NUMBER >= 0x00908000L && !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_ECDSA)
#if !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_ECDSA)
#include <openssl/ec.h>
#include <openssl/ecdsa.h>
#endif
@ -292,7 +290,7 @@ static int gen_key(const char * key_info)
keydata = {0, 0, 0, 0, NULL, 0, NULL, 0, NULL, 0};
unsigned long expl;
u8 expc[4];
#if OPENSSL_VERSION_NUMBER >= 0x00908000L && !defined(OPENSSL_NO_EC)
#if !defined(OPENSSL_NO_EC)
int nid = -1;
#endif
sc_hex_to_bin(key_info, buf, &buflen);
@ -316,7 +314,7 @@ static int gen_key(const char * key_info)
case 0x05: keydata.key_bits = 3072; break;
case 0x06: keydata.key_bits = 1024; break;
case 0x07: keydata.key_bits = 2048; break;
#if OPENSSL_VERSION_NUMBER >= 0x00908000L && !defined(OPENSSL_NO_EC)
#if !defined(OPENSSL_NO_EC)
case 0x11: keydata.key_bits = 0;
nid = NID_X9_62_prime256v1; /* We only support one curve per algid */
break;
@ -368,7 +366,7 @@ static int gen_key(const char * key_info)
EVP_PKEY_assign_RSA(evpkey, newkey);
} else { /* EC key */
#if OPENSSL_VERSION_NUMBER >= 0x00908000L && !defined(OPENSSL_NO_EC)
#if !defined(OPENSSL_NO_EC)
int i;
BIGNUM *x;
BIGNUM *y;
@ -558,7 +556,7 @@ int main(int argc, char *argv[])
util_print_usage_and_die(app_name, options, option_help, NULL);
//#if (OPENSSL_VERSION_NUMBER >= 0x00907000L && OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER)
//#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
// OPENSSL_config(NULL);
//#endif
#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)

16
src/tools/pkcs11-tool.c
View File

@ -41,16 +41,14 @@
#include <openssl/opensslconf.h>
#include <openssl/crypto.h>
#endif
#if OPENSSL_VERSION_NUMBER >= 0x00907000L
#include <openssl/conf.h>
#endif
#include <openssl/evp.h>
#include <openssl/x509.h>
#include <openssl/x509v3.h>
#include <openssl/asn1t.h>
#include <openssl/rsa.h>
#include <openssl/pem.h>
#if OPENSSL_VERSION_NUMBER >= 0x00908000L && !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_ECDSA)
#if !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_ECDSA)
#include <openssl/ec.h>
#include <openssl/ecdsa.h>
#endif
@ -570,7 +568,7 @@ int main(int argc, char * argv[])
#endif
#ifdef ENABLE_OPENSSL
#if (OPENSSL_VERSION_NUMBER >= 0x00907000L && OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER)
#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
OPENSSL_config(NULL);
#endif
#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
@ -3310,7 +3308,7 @@ static void show_object(CK_SESSION_HANDLE sess, CK_OBJECT_HANDLE obj)
static CK_OBJECT_HANDLE
derive_ec_key(CK_SESSION_HANDLE session, CK_OBJECT_HANDLE key, CK_MECHANISM_TYPE mech_mech)
{
#if defined(ENABLE_OPENSSL) && OPENSSL_VERSION_NUMBER >= 0x00908000L && !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_ECDSA)
#if defined(ENABLE_OPENSSL) && !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_ECDSA)
CK_MECHANISM mech;
CK_OBJECT_CLASS newkey_class= CKO_SECRET_KEY;
CK_KEY_TYPE newkey_type = CKK_GENERIC_SECRET;
@ -4412,9 +4410,7 @@ static int sign_verify_openssl(CK_SESSION_HANDLE session,
EVP_sha1(),
EVP_md5(),
EVP_ripemd160(),
#if OPENSSL_VERSION_NUMBER >= 0x00908000L
EVP_sha256(),
#endif
};
#endif
@ -4497,9 +4493,7 @@ static int test_signature(CK_SESSION_HANDLE sess)
CKM_SHA1_RSA_PKCS,
CKM_MD5_RSA_PKCS,
CKM_RIPEMD160_RSA_PKCS,
#if OPENSSL_VERSION_NUMBER >= 0x00908000L
CKM_SHA256_RSA_PKCS,
#endif
0xffffff
};
size_t mechTypes_num = sizeof(mechTypes)/sizeof(CK_MECHANISM_TYPE);
@ -5110,11 +5104,7 @@ static int encrypt_decrypt(CK_SESSION_HANDLE session,
EVP_PKEY_free(pkey);
return 0;
}
#if OPENSSL_VERSION_NUMBER >= 0x00909000L
encrypted_len = EVP_PKEY_encrypt_old(encrypted, orig_data, sizeof(orig_data), pkey);
#else
encrypted_len = EVP_PKEY_encrypt(encrypted, orig_data, sizeof(orig_data), pkey);
#endif
EVP_PKEY_free(pkey);
if (((int) encrypted_len) <= 0) {
printf("Encryption failed, returning\n");

4
src/tools/pkcs15-init.c
View File

@ -40,9 +40,7 @@
#endif
#include <openssl/opensslv.h>
#include "libopensc/sc-ossl-compat.h"
#if OPENSSL_VERSION_NUMBER >= 0x00907000L
#include <openssl/conf.h>
#endif
#include <openssl/evp.h>
#include <openssl/pem.h>
#include <openssl/err.h>
@ -453,7 +451,7 @@ main(int argc, char **argv)
unsigned int n;
int r = 0;
#if OPENSSL_VERSION_NUMBER >= 0x00907000L && OPENSSL_VERSION_NUMBER < 0x10100000L
#if OPENSSL_VERSION_NUMBER < 0x10100000L
OPENSSL_config(NULL);
#endif
#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !(defined LIBRESSL_VERSION_NUMBER)

5
src/tools/sc-hsm-tool.c
View File

@ -161,12 +161,7 @@ static int generatePrime(BIGNUM *prime, const BIGNUM *s, const int bits, unsigne
do {
// Generate random prime
#if OPENSSL_VERSION_NUMBER >= 0x00908000L /* last parm is BN_GENCB which is null in our case */
BN_generate_prime_ex(prime, bits, 1, NULL, NULL, NULL);
#else
BN_generate_prime(prime, bits, 1, NULL, NULL, NULL, NULL );
#endif
} while ((BN_ucmp(prime, s) == -1) && (max_rounds-- > 0)); // If prime < s or not reached 1000 tries
if (max_rounds > 0)

13
src/tools/westcos-tool.c
View File

@ -589,7 +589,6 @@ int main(int argc, char *argv[])
printf("Generate key of length %d.\n", keylen);
#if OPENSSL_VERSION_NUMBER>=0x00908000L
rsa = RSA_new();
bn = BN_new();
mem = BIO_new(BIO_s_mem());
@ -602,18 +601,6 @@ int main(int argc, char *argv[])
if(!BN_set_word(bn, RSA_F4) ||
!RSA_generate_key_ex(rsa, keylen, bn, NULL))
#else
rsa = RSA_generate_key(keylen, RSA_F4, NULL, NULL);
mem = BIO_new(BIO_s_mem());
if(mem == NULL)
{
printf("Not enough memory.\n");
goto out;
}
if (!rsa)
#endif
{
printf("RSA_generate_key_ex return %ld\n", ERR_get_error());
goto out;