Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
security
AusweisApp
0001-use-legacy-openssl-api.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 0001-use-legacy-openssl-api.patch of Package AusweisApp
From 360d75e9ac2977a99b3e45e0e472a0abb02655cf Mon Sep 17 00:00:00 2001 From: rpm-build <rpm-build> Date: Thu, 4 Jul 2024 20:10:17 +0200 Subject: [PATCH] AusweisApp2-2.0.1-use-legacy-openssl-api.patch --- src/card/base/asn1/EcdsaPublicKey.cpp | 39 ------ src/card/base/asn1/EcdsaPublicKey.h | 6 +- src/card/base/pace/ec/EcdhGenericMapping.cpp | 15 --- src/card/base/pace/ec/EcdhGenericMapping.h | 4 - src/card/base/pace/ec/EcdhKeyAgreement.cpp | 7 - src/card/base/pace/ec/EcUtil.cpp | 134 ------------------- src/card/base/pace/ec/EcUtil.h | 12 -- src/card/simulator/SimulatorCard.cpp | 45 +------ src/card/simulator/SimulatorCard.h | 4 - src/card/simulator/SimulatorFileSystem.cpp | 9 -- src/card/simulator/SimulatorFileSystem.h | 4 - 11 files changed, 2 insertions(+), 277 deletions(-) diff --git a/src/card/base/asn1/EcdsaPublicKey.cpp b/src/card/base/asn1/EcdsaPublicKey.cpp index ea07eda..0f19c11 100644 --- a/src/card/base/asn1/EcdsaPublicKey.cpp +++ b/src/card/base/asn1/EcdsaPublicKey.cpp @@ -182,7 +182,6 @@ QByteArray EcdsaPublicKey::getUncompressedPublicPoint() const } -#if OPENSSL_VERSION_NUMBER < 0x30000000L QSharedPointer<EC_GROUP> EcdsaPublicKey::createGroup(const CurveData& pData) const { QSharedPointer<EC_GROUP> group = EcUtil::create(EC_GROUP_new_curve_GFp(pData.p.data(), pData.a.data(), pData.b.data(), nullptr)); @@ -209,8 +208,6 @@ QSharedPointer<EC_GROUP> EcdsaPublicKey::createGroup(const CurveData& pData) con } -#endif - QSharedPointer<EVP_PKEY> EcdsaPublicKey::createKey(const QByteArray& pPublicPoint) const { return createKey(reinterpret_cast<const uchar*>(pPublicPoint.constData()), static_cast<int>(pPublicPoint.size())); @@ -239,7 +236,6 @@ QSharedPointer<EVP_PKEY> EcdsaPublicKey::createKey(const uchar* pPublicPoint, in return nullptr; } -#if OPENSSL_VERSION_NUMBER < 0x30000000L const auto& group = createGroup(curveData); if (group.isNull()) { @@ -275,39 +271,4 @@ QSharedPointer<EVP_PKEY> EcdsaPublicKey::createKey(const uchar* pPublicPoint, in return key; -#else - const auto& params = EcUtil::create([&curveData, pPublicPoint, pPublicPointLength, this](OSSL_PARAM_BLD* pBuilder){ - return OSSL_PARAM_BLD_push_BN(pBuilder, "p", curveData.p.data()) - && OSSL_PARAM_BLD_push_BN(pBuilder, "a", curveData.a.data()) - && OSSL_PARAM_BLD_push_BN(pBuilder, "b", curveData.b.data()) - && OSSL_PARAM_BLD_push_BN(pBuilder, "order", curveData.order.data()) - && OSSL_PARAM_BLD_push_BN(pBuilder, "cofactor", curveData.cofactor.data()) - && OSSL_PARAM_BLD_push_octet_string(pBuilder, "pub", pPublicPoint, static_cast<size_t>(pPublicPointLength)) - && OSSL_PARAM_BLD_push_octet_string(pBuilder, "generator", mBasePoint->data, static_cast<size_t>(mBasePoint->length)) - && OSSL_PARAM_BLD_push_utf8_string(pBuilder, "field-type", "prime-field", 12); - }); - - if (params == nullptr) - { - qCCritical(card) << "Cannot set parameter"; - return nullptr; - } - - auto ctx = EcUtil::create(EVP_PKEY_CTX_new_from_name(nullptr, "EC", nullptr)); - if (!EVP_PKEY_fromdata_init(ctx.data())) - { - qCCritical(card) << "Cannot init pkey"; - return nullptr; - } - - EVP_PKEY* key = nullptr; - if (!EVP_PKEY_fromdata(ctx.data(), &key, EVP_PKEY_PUBLIC_KEY, params.data())) - { - qCCritical(card) << "Cannot fetch data for pkey"; - return nullptr; - } - - return EcUtil::create(key); - -#endif } diff --git a/src/card/base/asn1/EcdsaPublicKey.h b/src/card/base/asn1/EcdsaPublicKey.h index 36f768e..45f78ec 100644 --- a/src/card/base/asn1/EcdsaPublicKey.h +++ b/src/card/base/asn1/EcdsaPublicKey.h @@ -13,9 +13,7 @@ #include <openssl/asn1t.h> #include <openssl/evp.h> -#if OPENSSL_VERSION_NUMBER < 0x30000000L - #include <openssl/ec.h> -#endif +#include <openssl/ec.h> namespace governikus @@ -105,9 +103,7 @@ using EcdsaPublicKey = struct ecdsapublickey_st [[nodiscard]] CurveData createCurveData() const; [[nodiscard]] QSharedPointer<EVP_PKEY> createKey(const uchar* pPublicPoint, int pPublicPointLength) const; -#if OPENSSL_VERSION_NUMBER < 0x30000000L [[nodiscard]] QSharedPointer<EC_GROUP> createGroup(const CurveData& pData) const; -#endif public: static int decodeCallback(int pOperation, ASN1_VALUE** pVal, const ASN1_ITEM* pIt, void* pExarg); diff --git a/src/card/base/pace/ec/EcdhGenericMapping.cpp b/src/card/base/pace/ec/EcdhGenericMapping.cpp index 3e2d1d4..1a8e6a2 100644 --- a/src/card/base/pace/ec/EcdhGenericMapping.cpp +++ b/src/card/base/pace/ec/EcdhGenericMapping.cpp @@ -37,13 +37,8 @@ QByteArray EcdhGenericMapping::generateLocalMappingData() mLocalKey = EcUtil::generateKey(mCurve); -#if OPENSSL_VERSION_NUMBER >= 0x30000000L - return EcUtil::getEncodedPublicKey(mLocalKey); - -#else return EcUtil::point2oct(mCurve, EC_KEY_get0_public_key(mLocalKey.data())); -#endif } @@ -56,12 +51,7 @@ bool EcdhGenericMapping::generateEphemeralDomainParameters(const QByteArray& pRe return false; } -#if OPENSSL_VERSION_NUMBER >= 0x30000000L - const QSharedPointer<const EC_POINT> localPubKeyPtr = EcUtil::oct2point(mCurve, EcUtil::getEncodedPublicKey(mLocalKey)); - const EC_POINT* localPubKey = localPubKeyPtr.data(); -#else const EC_POINT* localPubKey = EC_KEY_get0_public_key(mLocalKey.data()); -#endif if (!EC_POINT_cmp(mCurve.data(), localPubKey, remotePubKey.data(), nullptr)) { qCCritical(card) << "The exchanged public keys are equal."; @@ -81,12 +71,7 @@ bool EcdhGenericMapping::generateEphemeralDomainParameters(const QByteArray& pRe QSharedPointer<EC_POINT> EcdhGenericMapping::createNewGenerator(const QSharedPointer<const EC_POINT>& pRemotePubKey, const QSharedPointer<const BIGNUM>& pS) { -#if OPENSSL_VERSION_NUMBER >= 0x30000000L - const auto& privKeyPtr = EcUtil::getPrivateKey(mLocalKey); - const BIGNUM* privKey = privKeyPtr.data(); -#else const BIGNUM* privKey = EC_KEY_get0_private_key(mLocalKey.data()); -#endif if (!privKey) { diff --git a/src/card/base/pace/ec/EcdhGenericMapping.h b/src/card/base/pace/ec/EcdhGenericMapping.h index bdfa5a8..dea4bf0 100644 --- a/src/card/base/pace/ec/EcdhGenericMapping.h +++ b/src/card/base/pace/ec/EcdhGenericMapping.h @@ -22,11 +22,7 @@ class EcdhGenericMapping private: const QSharedPointer<EC_GROUP> mCurve; -#if OPENSSL_VERSION_NUMBER >= 0x30000000L - QSharedPointer<EVP_PKEY> mLocalKey; -#else QSharedPointer<EC_KEY> mLocalKey; -#endif QSharedPointer<EC_POINT> createNewGenerator(const QSharedPointer<const EC_POINT>& pRemotePubKey, const QSharedPointer<const BIGNUM>& pS); diff --git a/src/card/base/pace/ec/EcdhKeyAgreement.cpp b/src/card/base/pace/ec/EcdhKeyAgreement.cpp index 0f0ae09..45c8a76 100644 --- a/src/card/base/pace/ec/EcdhKeyAgreement.cpp +++ b/src/card/base/pace/ec/EcdhKeyAgreement.cpp @@ -96,15 +96,8 @@ KeyAgreement::CardResult EcdhKeyAgreement::performKeyExchange() return {CardReturnCode::PROTOCOL_ERROR}; } -#if OPENSSL_VERSION_NUMBER >= 0x30000000L - const QByteArray terminalEphemeralPublicKeyBytes = EcUtil::getEncodedPublicKey(terminalEphemeralKey); - - const auto& privKeyPtr = EcUtil::getPrivateKey(terminalEphemeralKey); - const BIGNUM* terminalEphemeralPrivateKey = privKeyPtr.data(); -#else const QByteArray terminalEphemeralPublicKeyBytes = EcUtil::point2oct(curve, EC_KEY_get0_public_key(terminalEphemeralKey.data())); const BIGNUM* const terminalEphemeralPrivateKey = EC_KEY_get0_private_key(terminalEphemeralKey.data()); -#endif // Make a copy of the terminal public key for later mutual authentication. mTerminalPublicKey = EcUtil::oct2point(curve, terminalEphemeralPublicKeyBytes); diff --git a/src/card/base/pace/ec/EcUtil.cpp b/src/card/base/pace/ec/EcUtil.cpp index 10db88f..5c0ff53 100644 --- a/src/card/base/pace/ec/EcUtil.cpp +++ b/src/card/base/pace/ec/EcUtil.cpp @@ -103,137 +103,6 @@ QSharedPointer<EC_POINT> EcUtil::oct2point(const QSharedPointer<const EC_GROUP>& } -#if OPENSSL_VERSION_NUMBER >= 0x30000000L -QByteArray EcUtil::getEncodedPublicKey(const QSharedPointer<EVP_PKEY>& pKey) -{ - if (pKey.isNull()) - { - qCCritical(card) << "Cannot use undefined key"; - return nullptr; - } - - uchar* key = nullptr; - const size_t length = EVP_PKEY_get1_encoded_public_key(pKey.data(), &key); - const auto guard = qScopeGuard([key] { - OPENSSL_free(key); - }); - - return length > 0 ? QByteArray(reinterpret_cast<char*>(key), static_cast<int>(length)) : QByteArray(); -} - - -QSharedPointer<BIGNUM> EcUtil::getPrivateKey(const QSharedPointer<const EVP_PKEY>& pKey) -{ - BIGNUM* privKey = nullptr; - EVP_PKEY_get_bn_param(pKey.data(), "priv", &privKey); - return EcUtil::create(privKey); -} - - -QSharedPointer<OSSL_PARAM> EcUtil::create(const std::function<bool(OSSL_PARAM_BLD* pBuilder)>& pFunc) -{ - OSSL_PARAM_BLD* bld = OSSL_PARAM_BLD_new(); - const auto guard = qScopeGuard([bld] { - OSSL_PARAM_BLD_free(bld); - }); - - if (bld == nullptr) - { - qCCritical(card) << "Cannot create parameter builder"; - return nullptr; - } - - if (OSSL_PARAM* params = nullptr; - pFunc(bld) && (params = OSSL_PARAM_BLD_to_param(bld)) != nullptr) - { - static auto deleter = [](OSSL_PARAM* pParam) - { - OSSL_PARAM_free(pParam); - }; - - return QSharedPointer<OSSL_PARAM>(params, deleter); - } - - qCCritical(card) << "Cannot create parameter"; - return nullptr; -} - - -QSharedPointer<EVP_PKEY> EcUtil::generateKey(const QSharedPointer<const EC_GROUP>& pCurve) -{ - if (pCurve.isNull()) - { - qCCritical(card) << "Curve is undefined"; - return nullptr; - } - - auto generator = EcUtil::point2oct(pCurve, EC_GROUP_get0_generator(pCurve.data())); - - auto order = EcUtil::create(BN_new()); - if (!EC_GROUP_get_order(pCurve.data(), order.data(), nullptr)) - { - qCCritical(card) << "Cannot fetch order"; - return nullptr; - } - - auto cofactor = EcUtil::create(BN_new()); - if (!EC_GROUP_get_cofactor(pCurve.data(), cofactor.data(), nullptr)) - { - qCCritical(card) << "Cannot fetch cofactor"; - return nullptr; - } - - auto p = EcUtil::create(BN_new()); - auto a = EcUtil::create(BN_new()); - auto b = EcUtil::create(BN_new()); - if (!EC_GROUP_get_curve(pCurve.data(), p.data(), a.data(), b.data(), nullptr)) - { - qCCritical(card) << "Cannot fetch a, b or p"; - return nullptr; - } - - const auto& params = EcUtil::create([&p, &a, &b, &order, &cofactor, &generator](OSSL_PARAM_BLD* pBuilder){ - return OSSL_PARAM_BLD_push_BN(pBuilder, "p", p.data()) - && OSSL_PARAM_BLD_push_BN(pBuilder, "a", a.data()) - && OSSL_PARAM_BLD_push_BN(pBuilder, "b", b.data()) - && OSSL_PARAM_BLD_push_BN(pBuilder, "order", order.data()) - && OSSL_PARAM_BLD_push_BN(pBuilder, "cofactor", cofactor.data()) - && OSSL_PARAM_BLD_push_octet_string(pBuilder, "generator", generator.data(), static_cast<size_t>(generator.size())) - && OSSL_PARAM_BLD_push_utf8_string(pBuilder, "field-type", "prime-field", 12); - }); - - if (params == nullptr) - { - qCCritical(card) << "Cannot set parameter"; - return nullptr; - } - - auto ctx = EcUtil::create(EVP_PKEY_CTX_new_from_name(nullptr, "EC", nullptr)); - if (!ctx) - { - qCCritical(card) << "Cannot create EVP_PKEY_CTX"; - return nullptr; - } - EVP_PKEY_keygen_init(ctx.data()); - - if (!EVP_PKEY_CTX_set_params(ctx.data(), params.data())) - { - qCCritical(card) << "Cannot set params to EVP_PKEY_CTX"; - return nullptr; - } - - EVP_PKEY* key = nullptr; - if (!EVP_PKEY_generate(ctx.data(), &key)) - { - qCCritical(card) << "Cannot create EVP_PKEY"; - return nullptr; - } - - return EcUtil::create(key); -} - - -#else QSharedPointer<EC_KEY> EcUtil::generateKey(const QSharedPointer<const EC_GROUP>& pCurve) { if (pCurve.isNull()) @@ -257,6 +126,3 @@ QSharedPointer<EC_KEY> EcUtil::generateKey(const QSharedPointer<const EC_GROUP>& return key; } - - -#endif diff --git a/src/card/base/pace/ec/EcUtil.h b/src/card/base/pace/ec/EcUtil.h index b575341..f7db521 100644 --- a/src/card/base/pace/ec/EcUtil.h +++ b/src/card/base/pace/ec/EcUtil.h @@ -32,9 +32,7 @@ class EcUtil static QSharedPointer<EC_GROUP> create(EC_GROUP* pEcGroup); -#if OPENSSL_VERSION_NUMBER < 0x30000000L static QSharedPointer<EC_KEY> create(EC_KEY* pEcKey); -#endif static QSharedPointer<EC_POINT> create(EC_POINT* pEcPoint); @@ -44,14 +42,7 @@ class EcUtil static QSharedPointer<EVP_PKEY_CTX> create(EVP_PKEY_CTX* pEcGroup); -#if OPENSSL_VERSION_NUMBER >= 0x30000000L - static QByteArray getEncodedPublicKey(const QSharedPointer<EVP_PKEY>& pKey); - static QSharedPointer<BIGNUM> getPrivateKey(const QSharedPointer<const EVP_PKEY>& pKey); - static QSharedPointer<OSSL_PARAM> create(const std::function<bool(OSSL_PARAM_BLD* pBuilder)>& pFunc); - static QSharedPointer<EVP_PKEY> generateKey(const QSharedPointer<const EC_GROUP>& pCurve); -#else static QSharedPointer<EC_KEY> generateKey(const QSharedPointer<const EC_GROUP>& pCurve); -#endif static QSharedPointer<EC_GROUP> createCurve(int pNid); }; @@ -68,7 +59,6 @@ inline QSharedPointer<EC_GROUP> EcUtil::create(EC_GROUP* pEcGroup) } -#if OPENSSL_VERSION_NUMBER < 0x30000000L inline QSharedPointer<EC_KEY> EcUtil::create(EC_KEY* pEcKey) { static auto deleter = [](EC_KEY* ecKey) @@ -80,8 +70,6 @@ inline QSharedPointer<EC_KEY> EcUtil::create(EC_KEY* pEcKey) } -#endif - inline QSharedPointer<EC_POINT> EcUtil::create(EC_POINT* pEcPoint) { static auto deleter = [](EC_POINT* ecPoint) diff --git a/src/card/simulator/SimulatorCard.cpp b/src/card/simulator/SimulatorCard.cpp index 87491d7..2da83b1 100644 --- a/src/card/simulator/SimulatorCard.cpp +++ b/src/card/simulator/SimulatorCard.cpp @@ -22,9 +22,7 @@ #include <QScopeGuard> #include <QThread> #include <QtEndian> -#if OPENSSL_VERSION_NUMBER < 0x30000000L - #include <openssl/bn.h> -#endif +#include <openssl/bn.h> using namespace governikus; @@ -369,12 +367,8 @@ ResponseApduResult SimulatorCard::executeGeneralAuthenticate(const CommandApdu& mPaceTerminalKey = cmdData.getData(V_ASN1_CONTEXT_SPECIFIC, ASN1Struct::PACE_EPHEMERAL_PUBLIC_KEY); auto asn1KeyAgreement = newObject<GA_PERFORMKEYAGREEMENTDATA>(); -#if OPENSSL_VERSION_NUMBER >= 0x30000000L - const auto& encodedPublicKey = EcUtil::getEncodedPublicKey(mCardKey); -#else const auto& curve = EcUtil::create(EC_GROUP_dup(EC_KEY_get0_group(mCardKey.data()))); const auto& encodedPublicKey = EcUtil::point2oct(curve, EC_KEY_get0_public_key(mCardKey.data())); -#endif Asn1OctetStringUtil::setValue(encodedPublicKey, asn1KeyAgreement->mEphemeralPublicKey); responseData = encodeObject(asn1KeyAgreement.data()); break; @@ -461,42 +455,6 @@ QByteArray SimulatorCard::ecMultiplication(const QByteArray& pPoint) const return QByteArray(); } -#if OPENSSL_VERSION_NUMBER >= 0x30000000L - const auto& terminalKey = EcUtil::create(EVP_PKEY_new()); - if (terminalKey.isNull() || EVP_PKEY_copy_parameters(terminalKey.data(), mCardKey.data()) == 0) - { - qCCritical(card_simulator) << "Initialization of the terminal key failed"; - return QByteArray(); - } - if (!EVP_PKEY_set1_encoded_public_key( - terminalKey.data(), - reinterpret_cast<const unsigned char*>(pPoint.data()), - static_cast<size_t>(pPoint.length()))) - { - qCCritical(card_simulator) << "Interpreting the terminal key failed"; - return QByteArray(); - } - - const auto& ctx = EcUtil::create(EVP_PKEY_CTX_new_from_pkey(nullptr, mCardKey.data(), nullptr)); - size_t resultLen = 0; - if (EVP_PKEY_derive_init(ctx.data()) <= 0 - || EVP_PKEY_derive_set_peer(ctx.data(), terminalKey.data()) <= 0 - || EVP_PKEY_derive(ctx.data(), nullptr, &resultLen) <= 0) - { - qCCritical(card_simulator) << "Initialization or calculation of the result failed"; - return QByteArray(); - } - - QByteArray result(static_cast<qsizetype>(resultLen), '\0'); - if (EVP_PKEY_derive(ctx.data(), reinterpret_cast<uchar*>(result.data()), &resultLen) <= 0) - { - qCCritical(card_simulator) << "Calculation of the result failed"; - return QByteArray(); - } - - return result; - -#else const auto& curve = EcUtil::create(EC_GROUP_dup(EC_KEY_get0_group(mCardKey.data()))); auto point = EcUtil::oct2point(curve, pPoint); if (!point) @@ -515,7 +473,6 @@ QByteArray SimulatorCard::ecMultiplication(const QByteArray& pPoint) const return EcUtil::point2oct(curve, result.data(), true); -#endif } diff --git a/src/card/simulator/SimulatorCard.h b/src/card/simulator/SimulatorCard.h index b709d17..23f858b 100644 --- a/src/card/simulator/SimulatorCard.h +++ b/src/card/simulator/SimulatorCard.h @@ -35,11 +35,7 @@ class SimulatorCard QSharedPointer<CHAT> mPaceChat; QByteArray mPaceNonce; QByteArray mPaceTerminalKey; -#if OPENSSL_VERSION_NUMBER >= 0x30000000L - QSharedPointer<EVP_PKEY> mCardKey; -#else QSharedPointer<EC_KEY> mCardKey; -#endif QSharedPointer<AuthenticatedAuxiliaryData> mTaAuxData; public: diff --git a/src/card/simulator/SimulatorFileSystem.cpp b/src/card/simulator/SimulatorFileSystem.cpp index 122ca4f..046d540 100644 --- a/src/card/simulator/SimulatorFileSystem.cpp +++ b/src/card/simulator/SimulatorFileSystem.cpp @@ -327,11 +327,7 @@ QByteArray SimulatorFileSystem::getEfCardAccess() const } -#if OPENSSL_VERSION_NUMBER >= 0x30000000L -QSharedPointer<EVP_PKEY> SimulatorFileSystem::getKey(int pKeyId) const -#else QSharedPointer<EC_KEY> SimulatorFileSystem::getKey(int pKeyId) const -#endif { if (!mKeys.contains(pKeyId)) { @@ -347,13 +343,8 @@ QSharedPointer<EC_KEY> SimulatorFileSystem::getKey(int pKeyId) const return nullptr; } -#if OPENSSL_VERSION_NUMBER >= 0x30000000L - return privateKey; - -#else return EcUtil::create(EVP_PKEY_get1_EC_KEY(privateKey.data())); -#endif } diff --git a/src/card/simulator/SimulatorFileSystem.h b/src/card/simulator/SimulatorFileSystem.h index cb9704b..44d4054 100644 --- a/src/card/simulator/SimulatorFileSystem.h +++ b/src/card/simulator/SimulatorFileSystem.h @@ -38,11 +38,7 @@ class SimulatorFileSystem [[nodiscard]] StatusCode write(qsizetype pOffset, const QByteArray& pData); [[nodiscard]] QByteArray getEfCardAccess() const; -#if OPENSSL_VERSION_NUMBER >= 0x30000000L - [[nodiscard]] QSharedPointer<EVP_PKEY> getKey(int pKeyId) const; -#else [[nodiscard]] QSharedPointer<EC_KEY> getKey(int pKeyId) const; -#endif [[nodiscard]] StatusCode verify(const Oid& pOid, const QSharedPointer<AuthenticatedAuxiliaryData>& pAuxiliaryData) const; -- 2.45.2
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor