You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
313 lines
15 KiB
313 lines
15 KiB
From df8495b73df96f55425970e76c613b8a0950bf0c Mon Sep 17 00:00:00 2001 |
|
From: Petr Gotthard <petr.gotthard@centrum.cz> |
|
Date: Sun, 18 Jul 2021 20:21:01 +0200 |
|
Subject: Drop support for OpenSSL < 1.1.0 |
|
MIME-Version: 1.0 |
|
Content-Type: text/plain; charset=UTF-8 |
|
Content-Transfer-Encoding: 8bit |
|
|
|
Delete code written to support OpenSSL < 1.1.0 |
|
|
|
Delete functions that have no effect in OpenSSL >= 1.1.0 |
|
- ENGINE_load_builtin_engines() |
|
- OpenSSL_add_all_algorithms() |
|
- ERR_load_crypto_strings() |
|
- EC_KEY_set_asn1_flag(ecKey, OPENSSL_EC_NAMED_CURVE) |
|
|
|
Switch AppVeyor to use pre-built OpenSSL 1.1.0 |
|
|
|
Signed-off-by: Petr Gotthard <petr.gotthard@centrum.cz> |
|
--- |
|
src/tss2-esys/esys_crypto_ossl.c | 19 ---------------- |
|
src/tss2-esys/tss2-esys.vcxproj | 16 +++++++------- |
|
src/tss2-fapi/fapi_crypto.c | 37 -------------------------------- |
|
test/helper/tpm_getek.c | 11 ---------- |
|
test/helper/tpm_getek_ecc.c | 9 -------- |
|
5 files changed, 8 insertions(+), 84 deletions(-) |
|
|
|
diff --git a/src/tss2-esys/esys_crypto_ossl.c b/src/tss2-esys/esys_crypto_ossl.c |
|
index 2eb0dfcb..a6259346 100644 |
|
--- a/src/tss2-esys/esys_crypto_ossl.c |
|
+++ b/src/tss2-esys/esys_crypto_ossl.c |
|
@@ -525,11 +525,7 @@ iesys_cryptossl_random2b(TPM2B_NONCE * nonce, size_t num_bytes) |
|
nonce->size = num_bytes; |
|
} |
|
|
|
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L |
|
RAND_set_rand_method(RAND_OpenSSL()); |
|
-#else |
|
- RAND_set_rand_method(RAND_SSLeay()); |
|
-#endif |
|
if (1 != RAND_bytes(&nonce->buffer[0], nonce->size)) { |
|
RAND_set_rand_method(rand_save); |
|
return_error(TSS2_ESYS_RC_GENERAL_FAILURE, |
|
@@ -563,11 +559,7 @@ iesys_cryptossl_pk_encrypt(TPM2B_PUBLIC * pub_tpm_key, |
|
size_t * out_size, const char *label) |
|
{ |
|
const RAND_METHOD *rand_save = RAND_get_rand_method(); |
|
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L |
|
RAND_set_rand_method(RAND_OpenSSL()); |
|
-#else |
|
- RAND_set_rand_method(RAND_SSLeay()); |
|
-#endif |
|
|
|
TSS2_RC r = TSS2_RC_SUCCESS; |
|
const EVP_MD * hashAlg = NULL; |
|
@@ -630,14 +622,6 @@ iesys_cryptossl_pk_encrypt(TPM2B_PUBLIC * pub_tpm_key, |
|
goto_error(r, TSS2_ESYS_RC_GENERAL_FAILURE, |
|
"Could not create evp key.", cleanup); |
|
} |
|
-#if OPENSSL_VERSION_NUMBER < 0x10100000L |
|
- if (!BN_bin2bn(pub_tpm_key->publicArea.unique.rsa.buffer, |
|
- pub_tpm_key->publicArea.unique.rsa.size, |
|
- rsa_key->n)) { |
|
- goto_error(r, TSS2_ESYS_RC_GENERAL_FAILURE, |
|
- "Could not create rsa n.", cleanup); |
|
- } |
|
-#else |
|
BIGNUM *n = NULL; |
|
if (!(n = BN_bin2bn(pub_tpm_key->publicArea.unique.rsa.buffer, |
|
pub_tpm_key->publicArea.unique.rsa.size, |
|
@@ -650,7 +634,6 @@ iesys_cryptossl_pk_encrypt(TPM2B_PUBLIC * pub_tpm_key, |
|
goto_error(r, TSS2_ESYS_RC_GENERAL_FAILURE, |
|
"Could not set rsa n.", cleanup); |
|
} |
|
-#endif |
|
|
|
if (1 != EVP_PKEY_set1_RSA(evp_rsa_key, rsa_key)) { |
|
goto_error(r, TSS2_ESYS_RC_GENERAL_FAILURE, |
|
@@ -1129,7 +1112,5 @@ iesys_cryptossl_sym_aes_decrypt(uint8_t * key, |
|
*/ |
|
TSS2_RC |
|
iesys_cryptossl_init() { |
|
- ENGINE_load_builtin_engines(); |
|
- OpenSSL_add_all_algorithms(); |
|
return TSS2_RC_SUCCESS; |
|
} |
|
diff --git a/src/tss2-esys/tss2-esys.vcxproj b/src/tss2-esys/tss2-esys.vcxproj |
|
index b75424aa..b2aa67ce 100644 |
|
--- a/src/tss2-esys/tss2-esys.vcxproj |
|
+++ b/src/tss2-esys/tss2-esys.vcxproj |
|
@@ -69,13 +69,13 @@ |
|
<RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary> |
|
<WarningLevel>Level3</WarningLevel> |
|
<Optimization>Disabled</Optimization> |
|
- <AdditionalIncludeDirectories>$(SolutionDir);$(SolutionDir)\src;$(SolutionDir)\include\tss2;$(SolutionDir)\src\tss2-mu;$(SolutionDir)\src\tss2-sys;$(SolutionDir)\src\tss2-esys;C:\OpenSSL-Win32\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories> |
|
+ <AdditionalIncludeDirectories>$(SolutionDir);$(SolutionDir)\src;$(SolutionDir)\include\tss2;$(SolutionDir)\src\tss2-mu;$(SolutionDir)\src\tss2-sys;$(SolutionDir)\src\tss2-esys;C:\OpenSSL-v11-Win32\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories> |
|
</ClCompile> |
|
<Link> |
|
<TargetMachine>MachineX86</TargetMachine> |
|
<GenerateDebugInformation>true</GenerateDebugInformation> |
|
<SubSystem>Windows</SubSystem> |
|
- <AdditionalDependencies>$(OutDir)\tss2-mu.lib;$(OutDir)\tss2-sys.lib;$(OutDir)\tss2-tctildr.lib;C:\OpenSSL-Win32\lib\libeay32.lib;C:\OpenSSL-Win32\lib\libeay32.lib;%(AdditionalDependencies)</AdditionalDependencies> |
|
+ <AdditionalDependencies>$(OutDir)\tss2-mu.lib;$(OutDir)\tss2-sys.lib;$(OutDir)\tss2-tctildr.lib;C:\OpenSSL-v11-Win32\lib\libcrypto.lib;C:\OpenSSL-v11-Win32\lib\libcrypto.lib;%(AdditionalDependencies)</AdditionalDependencies> |
|
<ModuleDefinitionFile>$(SolutionDir)\lib\tss2-esys.def</ModuleDefinitionFile> |
|
</Link> |
|
</ItemDefinitionGroup> |
|
@@ -84,7 +84,7 @@ |
|
<PreprocessorDefinitions>WIN32;NDEBUG;_WINDOWS;_USRDLL;TSS2ESYS_EXPORTS;MAXLOGLEVEL=6;strtok_r=strtok_s;OSSL;%(PreprocessorDefinitions)</PreprocessorDefinitions> |
|
<RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary> |
|
<WarningLevel>Level3</WarningLevel> |
|
- <AdditionalIncludeDirectories>$(SolutionDir);$(SolutionDir)\src;$(SolutionDir)\include\tss2;$(SolutionDir)\src\tss2-mu;$(SolutionDir)\src\tss2-sys;$(SolutionDir)\src\tss2-esys;C:\OpenSSL-Win32\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories> |
|
+ <AdditionalIncludeDirectories>$(SolutionDir);$(SolutionDir)\src;$(SolutionDir)\include\tss2;$(SolutionDir)\src\tss2-mu;$(SolutionDir)\src\tss2-sys;$(SolutionDir)\src\tss2-esys;C:\OpenSSL-v11-Win32\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories> |
|
</ClCompile> |
|
<Link> |
|
<TargetMachine>MachineX86</TargetMachine> |
|
@@ -92,27 +92,27 @@ |
|
<SubSystem>Windows</SubSystem> |
|
<EnableCOMDATFolding>true</EnableCOMDATFolding> |
|
<OptimizeReferences>true</OptimizeReferences> |
|
- <AdditionalDependencies>$(OutDir)\tss2-mu.lib;$(OutDir)\tss2-sys.lib;$(OutDir)\tss2-tctildr.lib;C:\OpenSSL-Win32\lib\libeay32.lib;%(AdditionalDependencies)</AdditionalDependencies> |
|
+ <AdditionalDependencies>$(OutDir)\tss2-mu.lib;$(OutDir)\tss2-sys.lib;$(OutDir)\tss2-tctildr.lib;C:\OpenSSL-v11-Win32\lib\libcrypto.lib;%(AdditionalDependencies)</AdditionalDependencies> |
|
<ModuleDefinitionFile>$(SolutionDir)\lib\tss2-esys.def</ModuleDefinitionFile> |
|
</Link> |
|
</ItemDefinitionGroup> |
|
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'"> |
|
<ClCompile> |
|
- <AdditionalIncludeDirectories>$(SolutionDir);$(SolutionDir)\src;$(SolutionDir)\include\tss2;$(SolutionDir)\src\tss2-mu;$(SolutionDir)\src\tss2-sys;$(SolutionDir)\src\tss2-esys;C:\OpenSSL-Win64\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories> |
|
+ <AdditionalIncludeDirectories>$(SolutionDir);$(SolutionDir)\src;$(SolutionDir)\include\tss2;$(SolutionDir)\src\tss2-mu;$(SolutionDir)\src\tss2-sys;$(SolutionDir)\src\tss2-esys;C:\OpenSSL-v11-Win64\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories> |
|
<PreprocessorDefinitions>_DEBUG;_WINDOWS;_USRDLL;TSS2ESYS_EXPORTS;MAXLOGLEVEL=6;strtok_r=strtok_s;OSSL;%(PreprocessorDefinitions)</PreprocessorDefinitions> |
|
</ClCompile> |
|
<Link> |
|
- <AdditionalDependencies>$(OutDir)\tss2-mu.lib;$(OutDir)\tss2-sys.lib;$(OutDir)\tss2-tctildr.lib;C:\OpenSSL-Win64\lib\libeay32.lib;%(AdditionalDependencies)</AdditionalDependencies> |
|
+ <AdditionalDependencies>$(OutDir)\tss2-mu.lib;$(OutDir)\tss2-sys.lib;$(OutDir)\tss2-tctildr.lib;C:\OpenSSL-v11-Win64\lib\libcrypto.lib;%(AdditionalDependencies)</AdditionalDependencies> |
|
<ModuleDefinitionFile>$(SolutionDir)\lib\tss2-esys.def</ModuleDefinitionFile> |
|
</Link> |
|
</ItemDefinitionGroup> |
|
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'"> |
|
<ClCompile> |
|
- <AdditionalIncludeDirectories>$(SolutionDir);$(SolutionDir)\src;$(SolutionDir)\include\tss2;$(SolutionDir)\src\tss2-mu;$(SolutionDir)\src\tss2-sys;$(SolutionDir)\src\tss2-esys;C:\OpenSSL-Win64\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories> |
|
+ <AdditionalIncludeDirectories>$(SolutionDir);$(SolutionDir)\src;$(SolutionDir)\include\tss2;$(SolutionDir)\src\tss2-mu;$(SolutionDir)\src\tss2-sys;$(SolutionDir)\src\tss2-esys;C:\OpenSSL-v11-Win64\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories> |
|
<PreprocessorDefinitions>NDEBUG;_WINDOWS;_USRDLL;TSS2ESYS_EXPORTS;MAXLOGLEVEL=6;strtok_r=strtok_s;OSSL;%(PreprocessorDefinitions)</PreprocessorDefinitions> |
|
</ClCompile> |
|
<Link> |
|
- <AdditionalDependencies>$(OutDir)\tss2-mu.lib;$(OutDir)\tss2-sys.lib;$(OutDir)\tss2-tctildr.lib;C:\OpenSSL-Win64\lib\libeay32.lib;%(AdditionalDependencies)</AdditionalDependencies> |
|
+ <AdditionalDependencies>$(OutDir)\tss2-mu.lib;$(OutDir)\tss2-sys.lib;$(OutDir)\tss2-tctildr.lib;C:\OpenSSL-v11-Win64\lib\libcrypto.lib;%(AdditionalDependencies)</AdditionalDependencies> |
|
<ModuleDefinitionFile>$(SolutionDir)\lib\tss2-esys.def</ModuleDefinitionFile> |
|
</Link> |
|
</ItemDefinitionGroup> |
|
diff --git a/src/tss2-fapi/fapi_crypto.c b/src/tss2-fapi/fapi_crypto.c |
|
index f5b3d272..c97b0a1d 100644 |
|
--- a/src/tss2-fapi/fapi_crypto.c |
|
+++ b/src/tss2-fapi/fapi_crypto.c |
|
@@ -333,12 +333,7 @@ ifapi_tpm_ecc_sig_to_der( |
|
tpmSignature->signature.ecdsa.signatureR.size, NULL); |
|
goto_if_null(bnr, "Out of memory", TSS2_FAPI_RC_MEMORY, cleanup); |
|
|
|
-#if OPENSSL_VERSION_NUMBER < 0x10100000 |
|
- ecdsaSignature->s = bns; |
|
- ecdsaSignature->r = bnr; |
|
-#else /* OPENSSL_VERSION_NUMBER < 0x10100000 */ |
|
ECDSA_SIG_set0(ecdsaSignature, bnr, bns); |
|
-#endif /* OPENSSL_VERSION_NUMBER < 0x10100000 */ |
|
|
|
osslRC = i2d_ECDSA_SIG(ecdsaSignature, NULL); |
|
if (osslRC == -1) { |
|
@@ -424,20 +419,9 @@ ossl_rsa_pub_from_tpm(const TPM2B_PUBLIC *tpmPublicKey, EVP_PKEY *evpPublicKey) |
|
"Could not set exponent.", error_cleanup); |
|
} |
|
|
|
-#if OPENSSL_VERSION_NUMBER < 0x10100000 |
|
- rsa->e = e; |
|
- rsa->n = n; |
|
- rsa->d = d; |
|
- rsa->p = p; |
|
- rsa->q = q; |
|
- rsa->dmp1 = dmp1; |
|
- rsa->dmq1 = dmq1; |
|
- rsa->iqmp = iqmp; |
|
-#else /* OPENSSL_VERSION_NUMBER < 0x10100000 */ |
|
RSA_set0_key(rsa, n, e, d); |
|
RSA_set0_factors(rsa, p, q); |
|
RSA_set0_crt_params(rsa, dmp1, dmq1, iqmp); |
|
-#endif /* OPENSSL_VERSION_NUMBER < 0x10100000 */ |
|
|
|
/* Assign the parameters to the key */ |
|
if (!EVP_PKEY_assign_RSA(evpPublicKey, rsa)) { |
|
@@ -541,8 +525,6 @@ ossl_ecc_pub_from_tpm(const TPM2B_PUBLIC *tpmPublicKey, EVP_PKEY *evpPublicKey) |
|
goto_error(r, TSS2_FAPI_RC_GENERAL_FAILURE, "Assign ecc key", |
|
error_cleanup); |
|
} |
|
- /* Needed for older OSSL versions. */ |
|
- EC_KEY_set_asn1_flag(ecKey, OPENSSL_EC_NAMED_CURVE); |
|
OSSL_FREE(y, BN); |
|
OSSL_FREE(x, BN); |
|
return TSS2_RC_SUCCESS; |
|
@@ -654,24 +636,14 @@ ifapi_ecc_der_sig_to_tpm( |
|
|
|
/* Initialize the ECDSA signature components */ |
|
ECDSA_SIG *ecdsaSignature = NULL; |
|
-#if OPENSSL_VERSION_NUMBER < 0x10100000 |
|
- BIGNUM *bnr; |
|
- BIGNUM *bns; |
|
-#else /* OPENSSL_VERSION_NUMBER < 0x10100000 */ |
|
const BIGNUM *bnr; |
|
const BIGNUM *bns; |
|
-#endif /* OPENSSL_VERSION_NUMBER < 0x10100000 */ |
|
|
|
d2i_ECDSA_SIG(&ecdsaSignature, &signature, signatureSize); |
|
return_if_null(ecdsaSignature, "Invalid DER signature", |
|
TSS2_FAPI_RC_GENERAL_FAILURE); |
|
|
|
-#if OPENSSL_VERSION_NUMBER < 0x10100000 |
|
- bns = ecdsaSignature->s; |
|
- bnr = ecdsaSignature->r; |
|
-#else /* OPENSSL_VERSION_NUMBER < 0x10100000 */ |
|
ECDSA_SIG_get0(ecdsaSignature, &bnr, &bns); |
|
-#endif /* OPENSSL_VERSION_NUMBER < 0x10100000 */ |
|
|
|
/* Writing them to the TPM format signature */ |
|
tpmSignature->signature.ecdsa.hash = hashAlgorithm; |
|
@@ -933,12 +905,7 @@ get_rsa_tpm2b_public_from_evp( |
|
const BIGNUM *e = NULL, *n = NULL; |
|
int rsaKeySize = RSA_size(rsaKey); |
|
|
|
-#if OPENSSL_VERSION_NUMBER < 0x10100000 |
|
- e = rsaKey->e; |
|
- n = rsaKey->n; |
|
-#else /* OPENSSL_VERSION_NUMBER < 0x10100000 */ |
|
RSA_get0_key(rsaKey, &n, &e, NULL); |
|
-#endif /* OPENSSL_VERSION_NUMBER < 0x10100000 */ |
|
tpmPublic->publicArea.unique.rsa.size = rsaKeySize; |
|
if (1 != ifapi_bn2binpad(n, &tpmPublic->publicArea.unique.rsa.buffer[0], |
|
rsaKeySize)) { |
|
@@ -1650,8 +1617,6 @@ get_crl_from_cert(X509 *cert, X509_CRL **crl) |
|
goto_error(r, TSS2_FAPI_RC_NO_CERT, "Get crl.", cleanup); |
|
} |
|
|
|
- OpenSSL_add_all_algorithms(); |
|
- |
|
unsigned const char* tmp_ptr1 = crl_buffer; |
|
unsigned const char** tmp_ptr2 = &tmp_ptr1; |
|
|
|
@@ -1935,7 +1900,6 @@ ifapi_verify_ek_cert( |
|
r, TSS2_FAPI_RC_BAD_VALUE, cleanup); |
|
} else { |
|
/* Get uri for ek intermediate certificate. */ |
|
- OpenSSL_add_all_algorithms(); |
|
info = X509_get_ext_d2i(ek_cert, NID_info_access, NULL, NULL); |
|
|
|
for (i = 0; i < sk_ACCESS_DESCRIPTION_num(info); i++) { |
|
@@ -1955,7 +1919,6 @@ ifapi_verify_ek_cert( |
|
goto_if_null2(cert_buffer, "No certificate downloaded", r, |
|
TSS2_FAPI_RC_NO_CERT, cleanup); |
|
|
|
- OpenSSL_add_all_algorithms(); |
|
intermed_cert = get_cert_from_buffer(cert_buffer, cert_buffer_size); |
|
|
|
SAFE_FREE(cert_buffer); |
|
diff --git a/test/helper/tpm_getek.c b/test/helper/tpm_getek.c |
|
index 21be0f46..c6a8e906 100644 |
|
--- a/test/helper/tpm_getek.c |
|
+++ b/test/helper/tpm_getek.c |
|
@@ -147,20 +147,9 @@ main (int argc, char *argv[]) |
|
exp = out_public.publicArea.parameters.rsaDetail.exponent; |
|
BN_set_word(e, exp); |
|
|
|
-#if OPENSSL_VERSION_NUMBER < 0x10100000 |
|
- rsa->e = e; |
|
- rsa->n = n; |
|
- rsa->d = d; |
|
- rsa->p = p; |
|
- rsa->q = q; |
|
- rsa->dmp1 = dmp1; |
|
- rsa->dmq1 = dmq1; |
|
- rsa->iqmp = iqmp; |
|
-#else /* OPENSSL_VERSION_NUMBER < 0x10100000 */ |
|
RSA_set0_key(rsa, n, e, d); |
|
RSA_set0_factors(rsa, p, q); |
|
RSA_set0_crt_params(rsa, dmp1, dmq1, iqmp); |
|
-#endif /* OPENSSL_VERSION_NUMBER < 0x10100000 */ |
|
|
|
EVP_PKEY_assign_RSA(evp, rsa); |
|
|
|
diff --git a/test/helper/tpm_getek_ecc.c b/test/helper/tpm_getek_ecc.c |
|
index 0419f47a..75165fdd 100644 |
|
--- a/test/helper/tpm_getek_ecc.c |
|
+++ b/test/helper/tpm_getek_ecc.c |
|
@@ -128,14 +128,6 @@ main (int argc, char *argv[]) |
|
/* Convert the key from out_public to PEM */ |
|
|
|
EVP_PKEY *evp = EVP_PKEY_new(); |
|
- |
|
- OpenSSL_add_all_algorithms(); |
|
- |
|
- OpenSSL_add_all_algorithms(); |
|
- |
|
- ERR_load_crypto_strings(); |
|
- |
|
- |
|
EC_KEY *ecc_key = EC_KEY_new(); |
|
BIGNUM *x = NULL, *y = NULL; |
|
BIO *bio; |
|
@@ -159,7 +151,6 @@ main (int argc, char *argv[]) |
|
if (!EC_KEY_set_group(ecc_key, ecgroup)) |
|
exit(1); |
|
|
|
- EC_KEY_set_asn1_flag(ecc_key, OPENSSL_EC_NAMED_CURVE); |
|
EC_GROUP_free(ecgroup); |
|
|
|
/* Set the ECC parameters in the OpenSSL key */ |
|
-- |
|
2.26.3 |
|
|
|
|