giomba
/
opensc
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Use const types for RSA and EC_KEY 

These are anyway not supposed to be modified even in older versions of
openssl.

Visible when building with -Wno-deprecated-declarations
This commit is contained in:
Jakub Jelen 2021-05-24 11:24:51 +02:00
parent 33426df3ff
commit fc2fecc80e
5 changed files with 16 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
src/libopensc/cwa14890.c
View File

@ -519,8 +519,8 @@ static int cwa_internal_auth(sc_card_t * card, u8 * sig, size_t sig_len, u8 * da
* @return SC_SUCCESS if ok; else errorcode * @return SC_SUCCESS if ok; else errorcode
*/ */
static int cwa_prepare_external_auth(sc_card_t * card, static int cwa_prepare_external_auth(sc_card_t * card,
RSA * icc_pubkey, const RSA * icc_pubkey,
RSA * ifd_privkey, const RSA * ifd_privkey,
u8 * sig, u8 * sig,
size_t sig_len) size_t sig_len)
{ {
@ -594,7 +594,7 @@ static int cwa_prepare_external_auth(sc_card_t * card,
buf3[127] = 0xBC; /* iso padding */ buf3[127] = 0xBC; /* iso padding */
/* encrypt with ifd private key */ /* encrypt with ifd private key */
len2 = RSA_private_decrypt(128, buf3, buf2, ifd_privkey, RSA_NO_PADDING); len2 = RSA_private_decrypt(128, buf3, buf2, (RSA *)ifd_privkey, RSA_NO_PADDING);
if (len2 < 0) { if (len2 < 0) {
msg = "Prepare external auth: ifd_privk encrypt failed"; msg = "Prepare external auth: ifd_privk encrypt failed";
res = SC_ERROR_SM_ENCRYPT_FAILED; res = SC_ERROR_SM_ENCRYPT_FAILED;
@ -630,7 +630,7 @@ static int cwa_prepare_external_auth(sc_card_t * card,
} }
/* re-encrypt result with icc public key */ /* re-encrypt result with icc public key */
len1 = RSA_public_encrypt(len3, buf3, buf1, icc_pubkey, RSA_NO_PADDING); len1 = RSA_public_encrypt(len3, buf3, buf1, (RSA *)icc_pubkey, RSA_NO_PADDING);
if (len1 <= 0 || (size_t) len1 != sig_len) { if (len1 <= 0 || (size_t) len1 != sig_len) {
msg = "Prepare external auth: icc_pubk encrypt failed"; msg = "Prepare external auth: icc_pubk encrypt failed";
res = SC_ERROR_SM_ENCRYPT_FAILED; res = SC_ERROR_SM_ENCRYPT_FAILED;
@ -842,8 +842,8 @@ static int cwa_compare_signature(u8 * data, size_t dlen, u8 * ifd_data)
* @return SC_SUCCESS if ok; else error code * @return SC_SUCCESS if ok; else error code
*/ */
static int cwa_verify_internal_auth(sc_card_t * card, static int cwa_verify_internal_auth(sc_card_t * card,
RSA * icc_pubkey, const RSA * icc_pubkey,
RSA * ifd_privkey, const RSA * ifd_privkey,
u8 * ifdbuf, u8 * ifdbuf,
size_t ifdlen, size_t ifdlen,
u8 * sig, u8 * sig,
@ -901,7 +901,7 @@ static int cwa_verify_internal_auth(sc_card_t * card,
*/ */
/* decrypt data with our ifd priv key */ /* decrypt data with our ifd priv key */
len1 = RSA_private_decrypt(sig_len, sig, buf1, ifd_privkey, RSA_NO_PADDING); len1 = RSA_private_decrypt(sig_len, sig, buf1, (RSA *)ifd_privkey, RSA_NO_PADDING);
if (len1 <= 0) { if (len1 <= 0) {
msg = "Verify Signature: decrypt with ifd privk failed"; msg = "Verify Signature: decrypt with ifd privk failed";
res = SC_ERROR_SM_ENCRYPT_FAILED; res = SC_ERROR_SM_ENCRYPT_FAILED;
@ -911,7 +911,7 @@ static int cwa_verify_internal_auth(sc_card_t * card,
/* OK: now we have SIGMIN in buf1 */ /* OK: now we have SIGMIN in buf1 */
/* check if SIGMIN data matches SIG or N.ICC-SIG */ /* check if SIGMIN data matches SIG or N.ICC-SIG */
/* evaluate DS[SK.ICC.AUTH](SIG) trying to decrypt with icc pubk */ /* evaluate DS[SK.ICC.AUTH](SIG) trying to decrypt with icc pubk */
len3 = RSA_public_encrypt(len1, buf1, buf3, icc_pubkey, RSA_NO_PADDING); len3 = RSA_public_encrypt(len1, buf1, buf3, (RSA *) icc_pubkey, RSA_NO_PADDING);
if (len3 <= 0) if (len3 <= 0)
goto verify_nicc_sig; /* evaluate N.ICC-SIG and retry */ goto verify_nicc_sig; /* evaluate N.ICC-SIG and retry */
res = cwa_compare_signature(buf3, len3, ifdbuf); res = cwa_compare_signature(buf3, len3, ifdbuf);
@ -945,7 +945,7 @@ static int cwa_verify_internal_auth(sc_card_t * card,
} }
/* ok: check again with new data */ /* ok: check again with new data */
/* evaluate DS[SK.ICC.AUTH](I.ICC-SIG) trying to decrypt with icc pubk */ /* evaluate DS[SK.ICC.AUTH](I.ICC-SIG) trying to decrypt with icc pubk */
len3 = RSA_public_encrypt(len2, buf2, buf3, icc_pubkey, RSA_NO_PADDING); len3 = RSA_public_encrypt(len2, buf2, buf3, (RSA *)icc_pubkey, RSA_NO_PADDING);
if (len3 <= 0) { if (len3 <= 0) {
msg = "Verify Signature: cannot get valid SIG data"; msg = "Verify Signature: cannot get valid SIG data";
res = SC_ERROR_INVALID_DATA; res = SC_ERROR_INVALID_DATA;

2
src/libopensc/p15card-helper.c
View File

@ -143,7 +143,7 @@ CERT_HANDLE_FUNCTION(default_cert_handle) {
int r; int r;
X509 *cert_data = NULL; X509 *cert_data = NULL;
EVP_PKEY *pkey = NULL; EVP_PKEY *pkey = NULL;
RSA * rsa = NULL; const RSA * rsa = NULL;
int certtype = 0; int certtype = 0;
int modulus_len = 0; int modulus_len = 0;
const prdata* key = get_prkey_by_cert(items, cert); const prdata* key = get_prkey_by_cert(items, cert);

1
src/libopensc/sc-ossl-compat.h
View File

@ -273,6 +273,7 @@ static sc_ossl_inline void CRYPTO_secure_malloc_done()
#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */ #endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
#ifdef __cplusplus #ifdef __cplusplus
} }
#endif /* __cplusplus */ #endif /* __cplusplus */

2
src/pkcs11/openssl.c
View File

@ -522,7 +522,7 @@ CK_RV sc_pkcs11_verify_data(const unsigned char *pubkey, unsigned int pubkey_len
size_t signat_len_tmp; size_t signat_len_tmp;
unsigned char *signat_tmp = NULL; unsigned char *signat_tmp = NULL;
EVP_PKEY_CTX *ctx; EVP_PKEY_CTX *ctx;
EC_KEY *eckey; const EC_KEY *eckey;
int r; int r;
sc_log(context, "Trying to verify using EVP"); sc_log(context, "Trying to verify using EVP");

7
src/tests/p11test/p11test_case_common.c
View File

@ -20,6 +20,7 @@
*/ */
#include "p11test_case_common.h" #include "p11test_case_common.h"
#include "../../libopensc/sc-ossl-compat.h"
char name_buffer[11]; char name_buffer[11];
char flag_buffer[11]; char flag_buffer[11];
@ -208,8 +209,8 @@ int callback_certificates(test_certs_t *objects,
if (EVP_PKEY_base_id(evp) == EVP_PKEY_RSA) { if (EVP_PKEY_base_id(evp) == EVP_PKEY_RSA) {
/* Extract public RSA key */ /* Extract public RSA key */
RSA *rsa = EVP_PKEY_get0_RSA(evp); const RSA *rsa = EVP_PKEY_get0_RSA(evp);
if ((o->key.rsa = RSAPublicKey_dup(rsa)) == NULL) { if ((o->key.rsa = RSAPublicKey_dup((RSA *)rsa)) == NULL) {
fail_msg("RSAPublicKey_dup failed"); fail_msg("RSAPublicKey_dup failed");
return -1; return -1;
} }
@ -218,7 +219,7 @@ int callback_certificates(test_certs_t *objects,
} else if (EVP_PKEY_base_id(evp) == EVP_PKEY_EC) { } else if (EVP_PKEY_base_id(evp) == EVP_PKEY_EC) {
/* Extract public EC key */ /* Extract public EC key */
EC_KEY *ec = EVP_PKEY_get0_EC_KEY(evp); const EC_KEY *ec = EVP_PKEY_get0_EC_KEY(evp);
if ((o->key.ec = EC_KEY_dup(ec)) == NULL) { if ((o->key.ec = EC_KEY_dup(ec)) == NULL) {
fail_msg("EC_KEY_dup failed"); fail_msg("EC_KEY_dup failed");
return -1; return -1;