diff --git a/configure.ac b/configure.ac index 2f9ef56e..1d75e5a4 100644 --- a/configure.ac +++ b/configure.ac @@ -21,7 +21,7 @@ define([VS_FF_PRODUCT_URL], [https://github.com/OpenSC/OpenSC]) m4_sinclude(version.m4.ci) -m4_define([openssl_minimum_version], [0.9.7]) +m4_define([openssl_minimum_version], [0.9.8]) AC_INIT([PRODUCT_NAME],[PACKAGE_VERSION_MAJOR.PACKAGE_VERSION_MINOR.PACKAGE_VERSION_FIX[]PACKAGE_SUFFIX],[PRODUCT_BUGREPORT],[PRODUCT_TARNAME],[PRODUCT_URL]) AC_CONFIG_AUX_DIR([.]) diff --git a/src/libopensc/card-iasecc.c b/src/libopensc/card-iasecc.c index dcd4a831..254f8aa5 100644 --- a/src/libopensc/card-iasecc.c +++ b/src/libopensc/card-iasecc.c @@ -3152,7 +3152,6 @@ iasecc_qsign_data_sha1(struct sc_context *ctx, const unsigned char *in, size_t i } -#if OPENSSL_VERSION_NUMBER >= 0x00908000L static int iasecc_qsign_data_sha256(struct sc_context *ctx, const unsigned char *in, size_t in_len, struct iasecc_qsign_data *out) @@ -3203,7 +3202,6 @@ iasecc_qsign_data_sha256(struct sc_context *ctx, const unsigned char *in, size_t LOG_FUNC_RETURN(ctx, SC_SUCCESS); } -#endif static int @@ -3234,11 +3232,7 @@ iasecc_compute_signature_dst(struct sc_card *card, rv = iasecc_qsign_data_sha1(card->ctx, in, in_len, &qsign_data); } else if (env->algorithm_flags & SC_ALGORITHM_RSA_HASH_SHA256) { -#if OPENSSL_VERSION_NUMBER >= 0x00908000L rv = iasecc_qsign_data_sha256(card->ctx, in, in_len, &qsign_data); -#else - LOG_TEST_RET(ctx, SC_ERROR_NOT_SUPPORTED, "SHA256 is not supported by OpenSSL previous to v0.9.8"); -#endif } else LOG_TEST_RET(ctx, SC_ERROR_INVALID_ARGUMENTS, "Need RSA_HASH_SHA1 or RSA_HASH_SHA256 algorithm"); diff --git a/src/libopensc/card-oberthur.c b/src/libopensc/card-oberthur.c index 4d08a59c..6ca49f1a 100644 --- a/src/libopensc/card-oberthur.c +++ b/src/libopensc/card-oberthur.c @@ -47,14 +47,6 @@ #define OBERTHUR_PIN_REFERENCE_SO 0x04 #define OBERTHUR_PIN_REFERENCE_PUK 0x84 -/* keep OpenSSL 0.9.6 users happy ;-) */ -#if OPENSSL_VERSION_NUMBER < 0x00907000L -#define DES_cblock des_cblock -#define DES_key_schedule des_key_schedule -#define DES_set_key_unchecked(a,b) des_set_key_unchecked(a,*b) -#define DES_ecb_encrypt(a,b,c,d) des_ecb_encrypt(a,b,*c,d) -#endif - static const struct sc_atr_table oberthur_atrs[] = { { "3B:7D:18:00:00:00:31:80:71:8E:64:77:E3:01:00:82:90:00", NULL, "Oberthur 64k v4/2.1.1", SC_CARD_TYPE_OBERTHUR_64K, 0, NULL }, diff --git a/src/libopensc/sc-ossl-compat.h b/src/libopensc/sc-ossl-compat.h index 8ef5a946..9185dd07 100644 --- a/src/libopensc/sc-ossl-compat.h +++ b/src/libopensc/sc-ossl-compat.h @@ -41,41 +41,6 @@ extern "C" { * */ -/* - * EVP_CIPHER_CTX functions: - * EVP_CIPHER_CTX_new not in 0.9.7 - * EVP_CIPHER_CTX_free not in 0.9.7 - * EVP_CIPHER_CTX_init in 0.9.7 to 1.0.2. defined in 1.1 as EVP_CIPHER_CTX_reset - * EVP_CIPHER_CTX_cleanup in 0.9.7 to 1.0.2, defined in 1.1 as EVP_CIPHER_CTX_reset - * EVP_CIPHER_CTX_reset only in 1.1 - * - * EVP_CIPHER_CTX_new does a EVP_CIPHER_CTX_init - * EVP_CIPHER_CTX_free does a EVP_CIPHER_CTX_cleanup - * EVP_CIPHER_CTX_cleanup does equivalent of a EVP_CIPHER_CTX_init - * Use EVP_CIPHER_CTX_new, EVP_CIPHER_CTX_free, and EVP_CIPHER_CTX_cleanup between operations - */ - -#if OPENSSL_VERSION_NUMBER <= 0x009070dfL - -/* in 0.9.7 EVP_CIPHER_CTX was always allocated inline or in other structures */ - -#define EVP_CIPHER_CTX_new() ({ \ - EVP_CIPHER_CTX * tmp = NULL; \ - tmp = OPENSSL_malloc(sizeof(struct evp_cipher_ctx_st)); \ - if (tmp) { \ - EVP_CIPHER_CTX_init(tmp); \ - } \ - tmp; \ - }) - -#define EVP_CIPHER_CTX_free(x) ({ \ - if (x) { \ - EVP_CIPHER_CTX_cleanup(x); \ - OPENSSL_free(x); \ - } \ - }) -#endif /* OPENSSL_VERSION_NUMBER =< 0x00907000L */ - /* * 1.1 renames RSA_PKCS1_SSLeay to RSA_PKCS1_OpenSSL * use RSA_PKCS1_OpenSSL diff --git a/src/pkcs11/framework-pkcs15.c b/src/pkcs11/framework-pkcs15.c index 2ab4b574..3e881e66 100644 --- a/src/pkcs11/framework-pkcs15.c +++ b/src/pkcs11/framework-pkcs15.c @@ -5017,10 +5017,6 @@ register_mechanisms(struct sc_pkcs11_card *p11card) */ if (!(rsa_flags & SC_ALGORITHM_RSA_HASHES)) { rsa_flags |= SC_ALGORITHM_RSA_HASHES; -#if OPENSSL_VERSION_NUMBER < 0x00908000L - /* turn off hashes not in openssl 0.9.8 */ - rsa_flags &= ~(SC_ALGORITHM_RSA_HASH_SHA256 | SC_ALGORITHM_RSA_HASH_SHA384 | SC_ALGORITHM_RSA_HASH_SHA512 | SC_ALGORITHM_RSA_HASH_SHA224); -#endif } #endif diff --git a/src/pkcs11/openssl.c b/src/pkcs11/openssl.c index 9482e2a7..59de1210 100644 --- a/src/pkcs11/openssl.c +++ b/src/pkcs11/openssl.c @@ -68,7 +68,6 @@ static sc_pkcs11_mechanism_type_t openssl_sha1_mech = { NULL, /* free_mech_data */ }; -#if OPENSSL_VERSION_NUMBER >= 0x00908000L static sc_pkcs11_mechanism_type_t openssl_sha256_mech = { CKM_SHA256, { 0, 0, CKF_DIGEST }, @@ -119,7 +118,6 @@ static sc_pkcs11_mechanism_type_t openssl_sha512_mech = { NULL, /* mech_data */ NULL, /* free_mech_data */ }; -#endif #if OPENSSL_VERSION_NUMBER >= 0x10000000L static sc_pkcs11_mechanism_type_t openssl_gostr3411_mech = { @@ -233,14 +231,12 @@ sc_pkcs11_register_openssl_mechanisms(struct sc_pkcs11_card *p11card) openssl_sha1_mech.mech_data = EVP_sha1(); sc_pkcs11_register_mechanism(p11card, dup_mem(&openssl_sha1_mech, sizeof openssl_sha1_mech)); -#if OPENSSL_VERSION_NUMBER >= 0x00908000L openssl_sha256_mech.mech_data = EVP_sha256(); sc_pkcs11_register_mechanism(p11card, dup_mem(&openssl_sha256_mech, sizeof openssl_sha256_mech)); openssl_sha384_mech.mech_data = EVP_sha384(); sc_pkcs11_register_mechanism(p11card, dup_mem(&openssl_sha384_mech, sizeof openssl_sha384_mech)); openssl_sha512_mech.mech_data = EVP_sha512(); sc_pkcs11_register_mechanism(p11card, dup_mem(&openssl_sha512_mech, sizeof openssl_sha512_mech)); -#endif openssl_md5_mech.mech_data = EVP_md5(); sc_pkcs11_register_mechanism(p11card, dup_mem(&openssl_md5_mech, sizeof openssl_md5_mech)); openssl_ripemd160_mech.mech_data = EVP_ripemd160(); diff --git a/src/pkcs15init/pkcs15-westcos.c b/src/pkcs15init/pkcs15-westcos.c index b6d98a3c..81dad1fd 100644 --- a/src/pkcs15init/pkcs15-westcos.c +++ b/src/pkcs15init/pkcs15-westcos.c @@ -227,7 +227,6 @@ static int westcos_pkcs15init_generate_key(sc_profile_t *profile, return SC_ERROR_NOT_SUPPORTED; } -#if OPENSSL_VERSION_NUMBER>=0x00908000L rsa = RSA_new(); bn = BN_new(); mem = BIO_new(BIO_s_mem()); @@ -240,18 +239,6 @@ static int westcos_pkcs15init_generate_key(sc_profile_t *profile, if(!BN_set_word(bn, RSA_F4) || !RSA_generate_key_ex(rsa, key_info->modulus_length, bn, NULL)) -#else - mem = BIO_new(BIO_s_mem()); - - if(mem == NULL) - { - r = SC_ERROR_OUT_OF_MEMORY; - goto out; - } - - rsa = RSA_generate_key(key_info->modulus_length, RSA_F4, NULL, NULL); - if (!rsa) -#endif { r = SC_ERROR_UNKNOWN; goto out; diff --git a/src/smm/sm-cwa14890.c b/src/smm/sm-cwa14890.c index fc3ff4d6..d2752949 100644 --- a/src/smm/sm-cwa14890.c +++ b/src/smm/sm-cwa14890.c @@ -206,7 +206,6 @@ sm_cwa_init_session_keys(struct sc_context *ctx, struct sm_cwa_session *session_ memcpy(&session_data->session_mac[0], buff, sizeof(session_data->session_mac)); } else if (mechanism == IASECC_ALGORITHM_SYMMETRIC_SHA256) { -#if OPENSSL_VERSION_NUMBER >= 0x00908000L xored[35] = 0x01; SHA256(xored, 36, buff); memcpy(&session_data->session_enc[0], buff, sizeof(session_data->session_enc)); @@ -214,10 +213,6 @@ sm_cwa_init_session_keys(struct sc_context *ctx, struct sm_cwa_session *session_ xored[35] = 0x02; SHA256(xored, 36, buff); memcpy(&session_data->session_mac[0], buff, sizeof(session_data->session_mac)); -#else - sc_log(ctx, "No FIPS, SHA256 is not supported"); - return SC_ERROR_INVALID_ARGUMENTS; -#endif } else { return SC_ERROR_INVALID_ARGUMENTS; diff --git a/src/tools/gids-tool.c b/src/tools/gids-tool.c index cdee5745..3ae56e74 100644 --- a/src/tools/gids-tool.c +++ b/src/tools/gids-tool.c @@ -39,9 +39,7 @@ #include #include #endif -#if OPENSSL_VERSION_NUMBER >= 0x00907000L #include -#endif #include #include @@ -530,7 +528,7 @@ int main(int argc, char * argv[]) /* OpenSSL magic */ -#if (OPENSSL_VERSION_NUMBER >= 0x00907000L && OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER) +#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) OPENSSL_config(NULL); #endif #if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) diff --git a/src/tools/piv-tool.c b/src/tools/piv-tool.c index 9a3645b0..6dc8213d 100644 --- a/src/tools/piv-tool.c +++ b/src/tools/piv-tool.c @@ -38,12 +38,10 @@ #include #include #endif -#if OPENSSL_VERSION_NUMBER >= 0x00907000L #include -#endif #include -#if OPENSSL_VERSION_NUMBER >= 0x00908000L && !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_ECDSA) +#if !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_ECDSA) #include #include #endif @@ -292,7 +290,7 @@ static int gen_key(const char * key_info) keydata = {0, 0, 0, 0, NULL, 0, NULL, 0, NULL, 0}; unsigned long expl; u8 expc[4]; -#if OPENSSL_VERSION_NUMBER >= 0x00908000L && !defined(OPENSSL_NO_EC) +#if !defined(OPENSSL_NO_EC) int nid = -1; #endif sc_hex_to_bin(key_info, buf, &buflen); @@ -316,7 +314,7 @@ static int gen_key(const char * key_info) case 0x05: keydata.key_bits = 3072; break; case 0x06: keydata.key_bits = 1024; break; case 0x07: keydata.key_bits = 2048; break; -#if OPENSSL_VERSION_NUMBER >= 0x00908000L && !defined(OPENSSL_NO_EC) +#if !defined(OPENSSL_NO_EC) case 0x11: keydata.key_bits = 0; nid = NID_X9_62_prime256v1; /* We only support one curve per algid */ break; @@ -368,7 +366,7 @@ static int gen_key(const char * key_info) EVP_PKEY_assign_RSA(evpkey, newkey); } else { /* EC key */ -#if OPENSSL_VERSION_NUMBER >= 0x00908000L && !defined(OPENSSL_NO_EC) +#if !defined(OPENSSL_NO_EC) int i; BIGNUM *x; BIGNUM *y; @@ -558,7 +556,7 @@ int main(int argc, char *argv[]) util_print_usage_and_die(app_name, options, option_help, NULL); -//#if (OPENSSL_VERSION_NUMBER >= 0x00907000L && OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER) +//#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) // OPENSSL_config(NULL); //#endif #if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) diff --git a/src/tools/pkcs11-tool.c b/src/tools/pkcs11-tool.c index aefbabf6..64525f6a 100644 --- a/src/tools/pkcs11-tool.c +++ b/src/tools/pkcs11-tool.c @@ -41,16 +41,14 @@ #include #include #endif -#if OPENSSL_VERSION_NUMBER >= 0x00907000L #include -#endif #include #include #include #include #include #include -#if OPENSSL_VERSION_NUMBER >= 0x00908000L && !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_ECDSA) +#if !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_ECDSA) #include #include #endif @@ -570,7 +568,7 @@ int main(int argc, char * argv[]) #endif #ifdef ENABLE_OPENSSL -#if (OPENSSL_VERSION_NUMBER >= 0x00907000L && OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER) +#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) OPENSSL_config(NULL); #endif #if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) @@ -3310,7 +3308,7 @@ static void show_object(CK_SESSION_HANDLE sess, CK_OBJECT_HANDLE obj) static CK_OBJECT_HANDLE derive_ec_key(CK_SESSION_HANDLE session, CK_OBJECT_HANDLE key, CK_MECHANISM_TYPE mech_mech) { -#if defined(ENABLE_OPENSSL) && OPENSSL_VERSION_NUMBER >= 0x00908000L && !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_ECDSA) +#if defined(ENABLE_OPENSSL) && !defined(OPENSSL_NO_EC) && !defined(OPENSSL_NO_ECDSA) CK_MECHANISM mech; CK_OBJECT_CLASS newkey_class= CKO_SECRET_KEY; CK_KEY_TYPE newkey_type = CKK_GENERIC_SECRET; @@ -4412,9 +4410,7 @@ static int sign_verify_openssl(CK_SESSION_HANDLE session, EVP_sha1(), EVP_md5(), EVP_ripemd160(), -#if OPENSSL_VERSION_NUMBER >= 0x00908000L EVP_sha256(), -#endif }; #endif @@ -4497,9 +4493,7 @@ static int test_signature(CK_SESSION_HANDLE sess) CKM_SHA1_RSA_PKCS, CKM_MD5_RSA_PKCS, CKM_RIPEMD160_RSA_PKCS, -#if OPENSSL_VERSION_NUMBER >= 0x00908000L CKM_SHA256_RSA_PKCS, -#endif 0xffffff }; size_t mechTypes_num = sizeof(mechTypes)/sizeof(CK_MECHANISM_TYPE); @@ -5110,11 +5104,7 @@ static int encrypt_decrypt(CK_SESSION_HANDLE session, EVP_PKEY_free(pkey); return 0; } -#if OPENSSL_VERSION_NUMBER >= 0x00909000L encrypted_len = EVP_PKEY_encrypt_old(encrypted, orig_data, sizeof(orig_data), pkey); -#else - encrypted_len = EVP_PKEY_encrypt(encrypted, orig_data, sizeof(orig_data), pkey); -#endif EVP_PKEY_free(pkey); if (((int) encrypted_len) <= 0) { printf("Encryption failed, returning\n"); diff --git a/src/tools/pkcs15-init.c b/src/tools/pkcs15-init.c index 1ce79f45..fd975b0a 100644 --- a/src/tools/pkcs15-init.c +++ b/src/tools/pkcs15-init.c @@ -40,9 +40,7 @@ #endif #include #include "libopensc/sc-ossl-compat.h" -#if OPENSSL_VERSION_NUMBER >= 0x00907000L #include -#endif #include #include #include @@ -453,7 +451,7 @@ main(int argc, char **argv) unsigned int n; int r = 0; -#if OPENSSL_VERSION_NUMBER >= 0x00907000L && OPENSSL_VERSION_NUMBER < 0x10100000L +#if OPENSSL_VERSION_NUMBER < 0x10100000L OPENSSL_config(NULL); #endif #if OPENSSL_VERSION_NUMBER >= 0x10100000L && !(defined LIBRESSL_VERSION_NUMBER) diff --git a/src/tools/sc-hsm-tool.c b/src/tools/sc-hsm-tool.c index 9c1d7c1b..02cdfcc6 100644 --- a/src/tools/sc-hsm-tool.c +++ b/src/tools/sc-hsm-tool.c @@ -161,12 +161,7 @@ static int generatePrime(BIGNUM *prime, const BIGNUM *s, const int bits, unsigne do { // Generate random prime -#if OPENSSL_VERSION_NUMBER >= 0x00908000L /* last parm is BN_GENCB which is null in our case */ BN_generate_prime_ex(prime, bits, 1, NULL, NULL, NULL); -#else - BN_generate_prime(prime, bits, 1, NULL, NULL, NULL, NULL ); -#endif - } while ((BN_ucmp(prime, s) == -1) && (max_rounds-- > 0)); // If prime < s or not reached 1000 tries if (max_rounds > 0) diff --git a/src/tools/westcos-tool.c b/src/tools/westcos-tool.c index e90845d7..a4cd3a84 100644 --- a/src/tools/westcos-tool.c +++ b/src/tools/westcos-tool.c @@ -589,7 +589,6 @@ int main(int argc, char *argv[]) printf("Generate key of length %d.\n", keylen); -#if OPENSSL_VERSION_NUMBER>=0x00908000L rsa = RSA_new(); bn = BN_new(); mem = BIO_new(BIO_s_mem()); @@ -602,18 +601,6 @@ int main(int argc, char *argv[]) if(!BN_set_word(bn, RSA_F4) || !RSA_generate_key_ex(rsa, keylen, bn, NULL)) -#else - rsa = RSA_generate_key(keylen, RSA_F4, NULL, NULL); - mem = BIO_new(BIO_s_mem()); - - if(mem == NULL) - { - printf("Not enough memory.\n"); - goto out; - } - - if (!rsa) -#endif { printf("RSA_generate_key_ex return %ld\n", ERR_get_error()); goto out;