From df8495b73df96f55425970e76c613b8a0950bf0c Mon Sep 17 00:00:00 2001 From: Petr Gotthard Date: Sun, 18 Jul 2021 20:21:01 +0200 Subject: Drop support for OpenSSL < 1.1.0 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Delete code written to support OpenSSL < 1.1.0 Delete functions that have no effect in OpenSSL >= 1.1.0 - ENGINE_load_builtin_engines() - OpenSSL_add_all_algorithms() - ERR_load_crypto_strings() - EC_KEY_set_asn1_flag(ecKey, OPENSSL_EC_NAMED_CURVE) Switch AppVeyor to use pre-built OpenSSL 1.1.0 Signed-off-by: Petr Gotthard --- src/tss2-esys/esys_crypto_ossl.c | 19 ---------------- src/tss2-esys/tss2-esys.vcxproj | 16 +++++++------- src/tss2-fapi/fapi_crypto.c | 37 -------------------------------- test/helper/tpm_getek.c | 11 ---------- test/helper/tpm_getek_ecc.c | 9 -------- 5 files changed, 8 insertions(+), 84 deletions(-) diff --git a/src/tss2-esys/esys_crypto_ossl.c b/src/tss2-esys/esys_crypto_ossl.c index 2eb0dfcb..a6259346 100644 --- a/src/tss2-esys/esys_crypto_ossl.c +++ b/src/tss2-esys/esys_crypto_ossl.c @@ -525,11 +525,7 @@ iesys_cryptossl_random2b(TPM2B_NONCE * nonce, size_t num_bytes) nonce->size = num_bytes; } -#if OPENSSL_VERSION_NUMBER >= 0x10100000L RAND_set_rand_method(RAND_OpenSSL()); -#else - RAND_set_rand_method(RAND_SSLeay()); -#endif if (1 != RAND_bytes(&nonce->buffer[0], nonce->size)) { RAND_set_rand_method(rand_save); return_error(TSS2_ESYS_RC_GENERAL_FAILURE, @@ -563,11 +559,7 @@ iesys_cryptossl_pk_encrypt(TPM2B_PUBLIC * pub_tpm_key, size_t * out_size, const char *label) { const RAND_METHOD *rand_save = RAND_get_rand_method(); -#if OPENSSL_VERSION_NUMBER >= 0x10100000L RAND_set_rand_method(RAND_OpenSSL()); -#else - RAND_set_rand_method(RAND_SSLeay()); -#endif TSS2_RC r = TSS2_RC_SUCCESS; const EVP_MD * hashAlg = NULL; @@ -630,14 +622,6 @@ iesys_cryptossl_pk_encrypt(TPM2B_PUBLIC * pub_tpm_key, goto_error(r, TSS2_ESYS_RC_GENERAL_FAILURE, "Could not create evp key.", cleanup); } -#if OPENSSL_VERSION_NUMBER < 0x10100000L - if (!BN_bin2bn(pub_tpm_key->publicArea.unique.rsa.buffer, - pub_tpm_key->publicArea.unique.rsa.size, - rsa_key->n)) { - goto_error(r, TSS2_ESYS_RC_GENERAL_FAILURE, - "Could not create rsa n.", cleanup); - } -#else BIGNUM *n = NULL; if (!(n = BN_bin2bn(pub_tpm_key->publicArea.unique.rsa.buffer, pub_tpm_key->publicArea.unique.rsa.size, @@ -650,7 +634,6 @@ iesys_cryptossl_pk_encrypt(TPM2B_PUBLIC * pub_tpm_key, goto_error(r, TSS2_ESYS_RC_GENERAL_FAILURE, "Could not set rsa n.", cleanup); } -#endif if (1 != EVP_PKEY_set1_RSA(evp_rsa_key, rsa_key)) { goto_error(r, TSS2_ESYS_RC_GENERAL_FAILURE, @@ -1129,7 +1112,5 @@ iesys_cryptossl_sym_aes_decrypt(uint8_t * key, */ TSS2_RC iesys_cryptossl_init() { - ENGINE_load_builtin_engines(); - OpenSSL_add_all_algorithms(); return TSS2_RC_SUCCESS; } diff --git a/src/tss2-esys/tss2-esys.vcxproj b/src/tss2-esys/tss2-esys.vcxproj index b75424aa..b2aa67ce 100644 --- a/src/tss2-esys/tss2-esys.vcxproj +++ b/src/tss2-esys/tss2-esys.vcxproj @@ -69,13 +69,13 @@ MultiThreadedDebugDLL Level3 Disabled - $(SolutionDir);$(SolutionDir)\src;$(SolutionDir)\include\tss2;$(SolutionDir)\src\tss2-mu;$(SolutionDir)\src\tss2-sys;$(SolutionDir)\src\tss2-esys;C:\OpenSSL-Win32\include;%(AdditionalIncludeDirectories) + $(SolutionDir);$(SolutionDir)\src;$(SolutionDir)\include\tss2;$(SolutionDir)\src\tss2-mu;$(SolutionDir)\src\tss2-sys;$(SolutionDir)\src\tss2-esys;C:\OpenSSL-v11-Win32\include;%(AdditionalIncludeDirectories) MachineX86 true Windows - $(OutDir)\tss2-mu.lib;$(OutDir)\tss2-sys.lib;$(OutDir)\tss2-tctildr.lib;C:\OpenSSL-Win32\lib\libeay32.lib;C:\OpenSSL-Win32\lib\libeay32.lib;%(AdditionalDependencies) + $(OutDir)\tss2-mu.lib;$(OutDir)\tss2-sys.lib;$(OutDir)\tss2-tctildr.lib;C:\OpenSSL-v11-Win32\lib\libcrypto.lib;C:\OpenSSL-v11-Win32\lib\libcrypto.lib;%(AdditionalDependencies) $(SolutionDir)\lib\tss2-esys.def @@ -84,7 +84,7 @@ WIN32;NDEBUG;_WINDOWS;_USRDLL;TSS2ESYS_EXPORTS;MAXLOGLEVEL=6;strtok_r=strtok_s;OSSL;%(PreprocessorDefinitions) MultiThreadedDLL Level3 - $(SolutionDir);$(SolutionDir)\src;$(SolutionDir)\include\tss2;$(SolutionDir)\src\tss2-mu;$(SolutionDir)\src\tss2-sys;$(SolutionDir)\src\tss2-esys;C:\OpenSSL-Win32\include;%(AdditionalIncludeDirectories) + $(SolutionDir);$(SolutionDir)\src;$(SolutionDir)\include\tss2;$(SolutionDir)\src\tss2-mu;$(SolutionDir)\src\tss2-sys;$(SolutionDir)\src\tss2-esys;C:\OpenSSL-v11-Win32\include;%(AdditionalIncludeDirectories) MachineX86 @@ -92,27 +92,27 @@ Windows true true - $(OutDir)\tss2-mu.lib;$(OutDir)\tss2-sys.lib;$(OutDir)\tss2-tctildr.lib;C:\OpenSSL-Win32\lib\libeay32.lib;%(AdditionalDependencies) + $(OutDir)\tss2-mu.lib;$(OutDir)\tss2-sys.lib;$(OutDir)\tss2-tctildr.lib;C:\OpenSSL-v11-Win32\lib\libcrypto.lib;%(AdditionalDependencies) $(SolutionDir)\lib\tss2-esys.def - $(SolutionDir);$(SolutionDir)\src;$(SolutionDir)\include\tss2;$(SolutionDir)\src\tss2-mu;$(SolutionDir)\src\tss2-sys;$(SolutionDir)\src\tss2-esys;C:\OpenSSL-Win64\include;%(AdditionalIncludeDirectories) + $(SolutionDir);$(SolutionDir)\src;$(SolutionDir)\include\tss2;$(SolutionDir)\src\tss2-mu;$(SolutionDir)\src\tss2-sys;$(SolutionDir)\src\tss2-esys;C:\OpenSSL-v11-Win64\include;%(AdditionalIncludeDirectories) _DEBUG;_WINDOWS;_USRDLL;TSS2ESYS_EXPORTS;MAXLOGLEVEL=6;strtok_r=strtok_s;OSSL;%(PreprocessorDefinitions) - $(OutDir)\tss2-mu.lib;$(OutDir)\tss2-sys.lib;$(OutDir)\tss2-tctildr.lib;C:\OpenSSL-Win64\lib\libeay32.lib;%(AdditionalDependencies) + $(OutDir)\tss2-mu.lib;$(OutDir)\tss2-sys.lib;$(OutDir)\tss2-tctildr.lib;C:\OpenSSL-v11-Win64\lib\libcrypto.lib;%(AdditionalDependencies) $(SolutionDir)\lib\tss2-esys.def - $(SolutionDir);$(SolutionDir)\src;$(SolutionDir)\include\tss2;$(SolutionDir)\src\tss2-mu;$(SolutionDir)\src\tss2-sys;$(SolutionDir)\src\tss2-esys;C:\OpenSSL-Win64\include;%(AdditionalIncludeDirectories) + $(SolutionDir);$(SolutionDir)\src;$(SolutionDir)\include\tss2;$(SolutionDir)\src\tss2-mu;$(SolutionDir)\src\tss2-sys;$(SolutionDir)\src\tss2-esys;C:\OpenSSL-v11-Win64\include;%(AdditionalIncludeDirectories) NDEBUG;_WINDOWS;_USRDLL;TSS2ESYS_EXPORTS;MAXLOGLEVEL=6;strtok_r=strtok_s;OSSL;%(PreprocessorDefinitions) - $(OutDir)\tss2-mu.lib;$(OutDir)\tss2-sys.lib;$(OutDir)\tss2-tctildr.lib;C:\OpenSSL-Win64\lib\libeay32.lib;%(AdditionalDependencies) + $(OutDir)\tss2-mu.lib;$(OutDir)\tss2-sys.lib;$(OutDir)\tss2-tctildr.lib;C:\OpenSSL-v11-Win64\lib\libcrypto.lib;%(AdditionalDependencies) $(SolutionDir)\lib\tss2-esys.def diff --git a/src/tss2-fapi/fapi_crypto.c b/src/tss2-fapi/fapi_crypto.c index f5b3d272..c97b0a1d 100644 --- a/src/tss2-fapi/fapi_crypto.c +++ b/src/tss2-fapi/fapi_crypto.c @@ -333,12 +333,7 @@ ifapi_tpm_ecc_sig_to_der( tpmSignature->signature.ecdsa.signatureR.size, NULL); goto_if_null(bnr, "Out of memory", TSS2_FAPI_RC_MEMORY, cleanup); -#if OPENSSL_VERSION_NUMBER < 0x10100000 - ecdsaSignature->s = bns; - ecdsaSignature->r = bnr; -#else /* OPENSSL_VERSION_NUMBER < 0x10100000 */ ECDSA_SIG_set0(ecdsaSignature, bnr, bns); -#endif /* OPENSSL_VERSION_NUMBER < 0x10100000 */ osslRC = i2d_ECDSA_SIG(ecdsaSignature, NULL); if (osslRC == -1) { @@ -424,20 +419,9 @@ ossl_rsa_pub_from_tpm(const TPM2B_PUBLIC *tpmPublicKey, EVP_PKEY *evpPublicKey) "Could not set exponent.", error_cleanup); } -#if OPENSSL_VERSION_NUMBER < 0x10100000 - rsa->e = e; - rsa->n = n; - rsa->d = d; - rsa->p = p; - rsa->q = q; - rsa->dmp1 = dmp1; - rsa->dmq1 = dmq1; - rsa->iqmp = iqmp; -#else /* OPENSSL_VERSION_NUMBER < 0x10100000 */ RSA_set0_key(rsa, n, e, d); RSA_set0_factors(rsa, p, q); RSA_set0_crt_params(rsa, dmp1, dmq1, iqmp); -#endif /* OPENSSL_VERSION_NUMBER < 0x10100000 */ /* Assign the parameters to the key */ if (!EVP_PKEY_assign_RSA(evpPublicKey, rsa)) { @@ -541,8 +525,6 @@ ossl_ecc_pub_from_tpm(const TPM2B_PUBLIC *tpmPublicKey, EVP_PKEY *evpPublicKey) goto_error(r, TSS2_FAPI_RC_GENERAL_FAILURE, "Assign ecc key", error_cleanup); } - /* Needed for older OSSL versions. */ - EC_KEY_set_asn1_flag(ecKey, OPENSSL_EC_NAMED_CURVE); OSSL_FREE(y, BN); OSSL_FREE(x, BN); return TSS2_RC_SUCCESS; @@ -654,24 +636,14 @@ ifapi_ecc_der_sig_to_tpm( /* Initialize the ECDSA signature components */ ECDSA_SIG *ecdsaSignature = NULL; -#if OPENSSL_VERSION_NUMBER < 0x10100000 - BIGNUM *bnr; - BIGNUM *bns; -#else /* OPENSSL_VERSION_NUMBER < 0x10100000 */ const BIGNUM *bnr; const BIGNUM *bns; -#endif /* OPENSSL_VERSION_NUMBER < 0x10100000 */ d2i_ECDSA_SIG(&ecdsaSignature, &signature, signatureSize); return_if_null(ecdsaSignature, "Invalid DER signature", TSS2_FAPI_RC_GENERAL_FAILURE); -#if OPENSSL_VERSION_NUMBER < 0x10100000 - bns = ecdsaSignature->s; - bnr = ecdsaSignature->r; -#else /* OPENSSL_VERSION_NUMBER < 0x10100000 */ ECDSA_SIG_get0(ecdsaSignature, &bnr, &bns); -#endif /* OPENSSL_VERSION_NUMBER < 0x10100000 */ /* Writing them to the TPM format signature */ tpmSignature->signature.ecdsa.hash = hashAlgorithm; @@ -933,12 +905,7 @@ get_rsa_tpm2b_public_from_evp( const BIGNUM *e = NULL, *n = NULL; int rsaKeySize = RSA_size(rsaKey); -#if OPENSSL_VERSION_NUMBER < 0x10100000 - e = rsaKey->e; - n = rsaKey->n; -#else /* OPENSSL_VERSION_NUMBER < 0x10100000 */ RSA_get0_key(rsaKey, &n, &e, NULL); -#endif /* OPENSSL_VERSION_NUMBER < 0x10100000 */ tpmPublic->publicArea.unique.rsa.size = rsaKeySize; if (1 != ifapi_bn2binpad(n, &tpmPublic->publicArea.unique.rsa.buffer[0], rsaKeySize)) { @@ -1650,8 +1617,6 @@ get_crl_from_cert(X509 *cert, X509_CRL **crl) goto_error(r, TSS2_FAPI_RC_NO_CERT, "Get crl.", cleanup); } - OpenSSL_add_all_algorithms(); - unsigned const char* tmp_ptr1 = crl_buffer; unsigned const char** tmp_ptr2 = &tmp_ptr1; @@ -1935,7 +1900,6 @@ ifapi_verify_ek_cert( r, TSS2_FAPI_RC_BAD_VALUE, cleanup); } else { /* Get uri for ek intermediate certificate. */ - OpenSSL_add_all_algorithms(); info = X509_get_ext_d2i(ek_cert, NID_info_access, NULL, NULL); for (i = 0; i < sk_ACCESS_DESCRIPTION_num(info); i++) { @@ -1955,7 +1919,6 @@ ifapi_verify_ek_cert( goto_if_null2(cert_buffer, "No certificate downloaded", r, TSS2_FAPI_RC_NO_CERT, cleanup); - OpenSSL_add_all_algorithms(); intermed_cert = get_cert_from_buffer(cert_buffer, cert_buffer_size); SAFE_FREE(cert_buffer); diff --git a/test/helper/tpm_getek.c b/test/helper/tpm_getek.c index 21be0f46..c6a8e906 100644 --- a/test/helper/tpm_getek.c +++ b/test/helper/tpm_getek.c @@ -147,20 +147,9 @@ main (int argc, char *argv[]) exp = out_public.publicArea.parameters.rsaDetail.exponent; BN_set_word(e, exp); -#if OPENSSL_VERSION_NUMBER < 0x10100000 - rsa->e = e; - rsa->n = n; - rsa->d = d; - rsa->p = p; - rsa->q = q; - rsa->dmp1 = dmp1; - rsa->dmq1 = dmq1; - rsa->iqmp = iqmp; -#else /* OPENSSL_VERSION_NUMBER < 0x10100000 */ RSA_set0_key(rsa, n, e, d); RSA_set0_factors(rsa, p, q); RSA_set0_crt_params(rsa, dmp1, dmq1, iqmp); -#endif /* OPENSSL_VERSION_NUMBER < 0x10100000 */ EVP_PKEY_assign_RSA(evp, rsa); diff --git a/test/helper/tpm_getek_ecc.c b/test/helper/tpm_getek_ecc.c index 0419f47a..75165fdd 100644 --- a/test/helper/tpm_getek_ecc.c +++ b/test/helper/tpm_getek_ecc.c @@ -128,14 +128,6 @@ main (int argc, char *argv[]) /* Convert the key from out_public to PEM */ EVP_PKEY *evp = EVP_PKEY_new(); - - OpenSSL_add_all_algorithms(); - - OpenSSL_add_all_algorithms(); - - ERR_load_crypto_strings(); - - EC_KEY *ecc_key = EC_KEY_new(); BIGNUM *x = NULL, *y = NULL; BIO *bio; @@ -159,7 +151,6 @@ main (int argc, char *argv[]) if (!EC_KEY_set_group(ecc_key, ecgroup)) exit(1); - EC_KEY_set_asn1_flag(ecc_key, OPENSSL_EC_NAMED_CURVE); EC_GROUP_free(ecgroup); /* Set the ECC parameters in the OpenSSL key */ -- 2.26.3