From fc2fecc80e845329fabc43044a1596c404cfe747 Mon Sep 17 00:00:00 2001 From: Jakub Jelen Date: Mon, 24 May 2021 11:24:51 +0200 Subject: [PATCH] Use const types for RSA and EC_KEY These are anyway not supposed to be modified even in older versions of openssl. Visible when building with -Wno-deprecated-declarations --- src/libopensc/cwa14890.c | 18 +++++++++--------- src/libopensc/p15card-helper.c | 2 +- src/libopensc/sc-ossl-compat.h | 1 + src/pkcs11/openssl.c | 2 +- src/tests/p11test/p11test_case_common.c | 7 ++++--- 5 files changed, 16 insertions(+), 14 deletions(-) diff --git a/src/libopensc/cwa14890.c b/src/libopensc/cwa14890.c index da471abf..88f68b85 100644 --- a/src/libopensc/cwa14890.c +++ b/src/libopensc/cwa14890.c @@ -519,8 +519,8 @@ static int cwa_internal_auth(sc_card_t * card, u8 * sig, size_t sig_len, u8 * da * @return SC_SUCCESS if ok; else errorcode */ static int cwa_prepare_external_auth(sc_card_t * card, - RSA * icc_pubkey, - RSA * ifd_privkey, + const RSA * icc_pubkey, + const RSA * ifd_privkey, u8 * sig, size_t sig_len) { @@ -594,7 +594,7 @@ static int cwa_prepare_external_auth(sc_card_t * card, buf3[127] = 0xBC; /* iso padding */ /* encrypt with ifd private key */ - len2 = RSA_private_decrypt(128, buf3, buf2, ifd_privkey, RSA_NO_PADDING); + len2 = RSA_private_decrypt(128, buf3, buf2, (RSA *)ifd_privkey, RSA_NO_PADDING); if (len2 < 0) { msg = "Prepare external auth: ifd_privk encrypt failed"; res = SC_ERROR_SM_ENCRYPT_FAILED; @@ -630,7 +630,7 @@ static int cwa_prepare_external_auth(sc_card_t * card, } /* re-encrypt result with icc public key */ - len1 = RSA_public_encrypt(len3, buf3, buf1, icc_pubkey, RSA_NO_PADDING); + len1 = RSA_public_encrypt(len3, buf3, buf1, (RSA *)icc_pubkey, RSA_NO_PADDING); if (len1 <= 0 || (size_t) len1 != sig_len) { msg = "Prepare external auth: icc_pubk encrypt failed"; res = SC_ERROR_SM_ENCRYPT_FAILED; @@ -842,8 +842,8 @@ static int cwa_compare_signature(u8 * data, size_t dlen, u8 * ifd_data) * @return SC_SUCCESS if ok; else error code */ static int cwa_verify_internal_auth(sc_card_t * card, - RSA * icc_pubkey, - RSA * ifd_privkey, + const RSA * icc_pubkey, + const RSA * ifd_privkey, u8 * ifdbuf, size_t ifdlen, u8 * sig, @@ -901,7 +901,7 @@ static int cwa_verify_internal_auth(sc_card_t * card, */ /* decrypt data with our ifd priv key */ - len1 = RSA_private_decrypt(sig_len, sig, buf1, ifd_privkey, RSA_NO_PADDING); + len1 = RSA_private_decrypt(sig_len, sig, buf1, (RSA *)ifd_privkey, RSA_NO_PADDING); if (len1 <= 0) { msg = "Verify Signature: decrypt with ifd privk failed"; res = SC_ERROR_SM_ENCRYPT_FAILED; @@ -911,7 +911,7 @@ static int cwa_verify_internal_auth(sc_card_t * card, /* OK: now we have SIGMIN in buf1 */ /* check if SIGMIN data matches SIG or N.ICC-SIG */ /* evaluate DS[SK.ICC.AUTH](SIG) trying to decrypt with icc pubk */ - len3 = RSA_public_encrypt(len1, buf1, buf3, icc_pubkey, RSA_NO_PADDING); + len3 = RSA_public_encrypt(len1, buf1, buf3, (RSA *) icc_pubkey, RSA_NO_PADDING); if (len3 <= 0) goto verify_nicc_sig; /* evaluate N.ICC-SIG and retry */ res = cwa_compare_signature(buf3, len3, ifdbuf); @@ -945,7 +945,7 @@ static int cwa_verify_internal_auth(sc_card_t * card, } /* ok: check again with new data */ /* evaluate DS[SK.ICC.AUTH](I.ICC-SIG) trying to decrypt with icc pubk */ - len3 = RSA_public_encrypt(len2, buf2, buf3, icc_pubkey, RSA_NO_PADDING); + len3 = RSA_public_encrypt(len2, buf2, buf3, (RSA *)icc_pubkey, RSA_NO_PADDING); if (len3 <= 0) { msg = "Verify Signature: cannot get valid SIG data"; res = SC_ERROR_INVALID_DATA; diff --git a/src/libopensc/p15card-helper.c b/src/libopensc/p15card-helper.c index e641858d..bf0ff901 100644 --- a/src/libopensc/p15card-helper.c +++ b/src/libopensc/p15card-helper.c @@ -143,7 +143,7 @@ CERT_HANDLE_FUNCTION(default_cert_handle) { int r; X509 *cert_data = NULL; EVP_PKEY *pkey = NULL; - RSA * rsa = NULL; + const RSA * rsa = NULL; int certtype = 0; int modulus_len = 0; const prdata* key = get_prkey_by_cert(items, cert); diff --git a/src/libopensc/sc-ossl-compat.h b/src/libopensc/sc-ossl-compat.h index 339ad96c..ba4a0c51 100644 --- a/src/libopensc/sc-ossl-compat.h +++ b/src/libopensc/sc-ossl-compat.h @@ -273,6 +273,7 @@ static sc_ossl_inline void CRYPTO_secure_malloc_done() #endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */ + #ifdef __cplusplus } #endif /* __cplusplus */ diff --git a/src/pkcs11/openssl.c b/src/pkcs11/openssl.c index 92fed189..4c521e08 100644 --- a/src/pkcs11/openssl.c +++ b/src/pkcs11/openssl.c @@ -522,7 +522,7 @@ CK_RV sc_pkcs11_verify_data(const unsigned char *pubkey, unsigned int pubkey_len size_t signat_len_tmp; unsigned char *signat_tmp = NULL; EVP_PKEY_CTX *ctx; - EC_KEY *eckey; + const EC_KEY *eckey; int r; sc_log(context, "Trying to verify using EVP"); diff --git a/src/tests/p11test/p11test_case_common.c b/src/tests/p11test/p11test_case_common.c index 695ae2ea..295a8e23 100644 --- a/src/tests/p11test/p11test_case_common.c +++ b/src/tests/p11test/p11test_case_common.c @@ -20,6 +20,7 @@ */ #include "p11test_case_common.h" +#include "../../libopensc/sc-ossl-compat.h" char name_buffer[11]; char flag_buffer[11]; @@ -208,8 +209,8 @@ int callback_certificates(test_certs_t *objects, if (EVP_PKEY_base_id(evp) == EVP_PKEY_RSA) { /* Extract public RSA key */ - RSA *rsa = EVP_PKEY_get0_RSA(evp); - if ((o->key.rsa = RSAPublicKey_dup(rsa)) == NULL) { + const RSA *rsa = EVP_PKEY_get0_RSA(evp); + if ((o->key.rsa = RSAPublicKey_dup((RSA *)rsa)) == NULL) { fail_msg("RSAPublicKey_dup failed"); return -1; } @@ -218,7 +219,7 @@ int callback_certificates(test_certs_t *objects, } else if (EVP_PKEY_base_id(evp) == EVP_PKEY_EC) { /* Extract public EC key */ - EC_KEY *ec = EVP_PKEY_get0_EC_KEY(evp); + const EC_KEY *ec = EVP_PKEY_get0_EC_KEY(evp); if ((o->key.ec = EC_KEY_dup(ec)) == NULL) { fail_msg("EC_KEY_dup failed"); return -1;