From df8495b73df96f55425970e76c613b8a0950bf0c Mon Sep 17 00:00:00 2001

From: Petr Gotthard <petr.gotthard@centrum.cz>

Date: Sun, 18 Jul 2021 20:21:01 +0200

Subject: Drop support for OpenSSL < 1.1.0

MIME-Version: 1.0

Content-Type: text/plain; charset=UTF-8

Content-Transfer-Encoding: 8bit

Delete code written to support OpenSSL < 1.1.0

Delete functions that have no effect in OpenSSL >= 1.1.0

 - ENGINE_load_builtin_engines()

 - OpenSSL_add_all_algorithms()

 - ERR_load_crypto_strings()

 - EC_KEY_set_asn1_flag(ecKey, OPENSSL_EC_NAMED_CURVE)

Switch AppVeyor to use pre-built OpenSSL 1.1.0

Signed-off-by: Petr Gotthard <petr.gotthard@centrum.cz>

---

 src/tss2-esys/esys_crypto_ossl.c | 19 ----------------

 src/tss2-esys/tss2-esys.vcxproj  | 16 +++++++-------

 src/tss2-fapi/fapi_crypto.c      | 37 --------------------------------

 test/helper/tpm_getek.c          | 11 ----------

 test/helper/tpm_getek_ecc.c      |  9 --------

 5 files changed, 8 insertions(+), 84 deletions(-)

diff --git a/src/tss2-esys/esys_crypto_ossl.c b/src/tss2-esys/esys_crypto_ossl.c

index 2eb0dfcb..a6259346 100644

--- a/src/tss2-esys/esys_crypto_ossl.c

+++ b/src/tss2-esys/esys_crypto_ossl.c

@@ -525,11 +525,7 @@ iesys_cryptossl_random2b(TPM2B_NONCE * nonce, size_t num_bytes)

         nonce->size = num_bytes;

     }

-#if OPENSSL_VERSION_NUMBER >= 0x10100000L

     RAND_set_rand_method(RAND_OpenSSL());

-#else

-    RAND_set_rand_method(RAND_SSLeay());

-#endif

     if (1 != RAND_bytes(&nonce->buffer[0], nonce->size)) {

         RAND_set_rand_method(rand_save);

         return_error(TSS2_ESYS_RC_GENERAL_FAILURE,

@@ -563,11 +559,7 @@ iesys_cryptossl_pk_encrypt(TPM2B_PUBLIC * pub_tpm_key,

                            size_t * out_size, const char *label)

 {

     const RAND_METHOD *rand_save = RAND_get_rand_method();

-#if OPENSSL_VERSION_NUMBER >= 0x10100000L

     RAND_set_rand_method(RAND_OpenSSL());

-#else

-    RAND_set_rand_method(RAND_SSLeay());

-#endif

     TSS2_RC r = TSS2_RC_SUCCESS;

     const EVP_MD * hashAlg = NULL;

@@ -630,14 +622,6 @@ iesys_cryptossl_pk_encrypt(TPM2B_PUBLIC * pub_tpm_key,

         goto_error(r, TSS2_ESYS_RC_GENERAL_FAILURE,

                    "Could not create evp key.", cleanup);

     }

-#if OPENSSL_VERSION_NUMBER < 0x10100000L

-    if (!BN_bin2bn(pub_tpm_key->publicArea.unique.rsa.buffer,

-                           pub_tpm_key->publicArea.unique.rsa.size,

-                           rsa_key->n)) {

-        goto_error(r, TSS2_ESYS_RC_GENERAL_FAILURE,

-                   "Could not create rsa n.", cleanup);

-    }

-#else

     BIGNUM *n = NULL;

     if (!(n = BN_bin2bn(pub_tpm_key->publicArea.unique.rsa.buffer,

                         pub_tpm_key->publicArea.unique.rsa.size,

@@ -650,7 +634,6 @@ iesys_cryptossl_pk_encrypt(TPM2B_PUBLIC * pub_tpm_key,

         goto_error(r, TSS2_ESYS_RC_GENERAL_FAILURE,

                    "Could not set rsa n.", cleanup);

     }

-#endif

     if (1 != EVP_PKEY_set1_RSA(evp_rsa_key, rsa_key)) {

         goto_error(r, TSS2_ESYS_RC_GENERAL_FAILURE,

@@ -1129,7 +1112,5 @@ iesys_cryptossl_sym_aes_decrypt(uint8_t * key,

  */

 TSS2_RC

 iesys_cryptossl_init() {

-    ENGINE_load_builtin_engines();

-    OpenSSL_add_all_algorithms();

     return TSS2_RC_SUCCESS;

 }

diff --git a/src/tss2-esys/tss2-esys.vcxproj b/src/tss2-esys/tss2-esys.vcxproj

index b75424aa..b2aa67ce 100644

--- a/src/tss2-esys/tss2-esys.vcxproj

+++ b/src/tss2-esys/tss2-esys.vcxproj

@@ -69,13 +69,13 @@

       <RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>

       <WarningLevel>Level3</WarningLevel>

       <Optimization>Disabled</Optimization>

-      <AdditionalIncludeDirectories>$(SolutionDir);$(SolutionDir)\src;$(SolutionDir)\include\tss2;$(SolutionDir)\src\tss2-mu;$(SolutionDir)\src\tss2-sys;$(SolutionDir)\src\tss2-esys;C:\OpenSSL-Win32\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>

+      <AdditionalIncludeDirectories>$(SolutionDir);$(SolutionDir)\src;$(SolutionDir)\include\tss2;$(SolutionDir)\src\tss2-mu;$(SolutionDir)\src\tss2-sys;$(SolutionDir)\src\tss2-esys;C:\OpenSSL-v11-Win32\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>

     </ClCompile>

     <Link>

       <TargetMachine>MachineX86</TargetMachine>

       <GenerateDebugInformation>true</GenerateDebugInformation>

       <SubSystem>Windows</SubSystem>

-      <AdditionalDependencies>$(OutDir)\tss2-mu.lib;$(OutDir)\tss2-sys.lib;$(OutDir)\tss2-tctildr.lib;C:\OpenSSL-Win32\lib\libeay32.lib;C:\OpenSSL-Win32\lib\libeay32.lib;%(AdditionalDependencies)</AdditionalDependencies>

+      <AdditionalDependencies>$(OutDir)\tss2-mu.lib;$(OutDir)\tss2-sys.lib;$(OutDir)\tss2-tctildr.lib;C:\OpenSSL-v11-Win32\lib\libcrypto.lib;C:\OpenSSL-v11-Win32\lib\libcrypto.lib;%(AdditionalDependencies)</AdditionalDependencies>

       <ModuleDefinitionFile>$(SolutionDir)\lib\tss2-esys.def</ModuleDefinitionFile>

     </Link>

   </ItemDefinitionGroup>

@@ -84,7 +84,7 @@

       <PreprocessorDefinitions>WIN32;NDEBUG;_WINDOWS;_USRDLL;TSS2ESYS_EXPORTS;MAXLOGLEVEL=6;strtok_r=strtok_s;OSSL;%(PreprocessorDefinitions)</PreprocessorDefinitions>

       <RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>

       <WarningLevel>Level3</WarningLevel>

-      <AdditionalIncludeDirectories>$(SolutionDir);$(SolutionDir)\src;$(SolutionDir)\include\tss2;$(SolutionDir)\src\tss2-mu;$(SolutionDir)\src\tss2-sys;$(SolutionDir)\src\tss2-esys;C:\OpenSSL-Win32\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>

+      <AdditionalIncludeDirectories>$(SolutionDir);$(SolutionDir)\src;$(SolutionDir)\include\tss2;$(SolutionDir)\src\tss2-mu;$(SolutionDir)\src\tss2-sys;$(SolutionDir)\src\tss2-esys;C:\OpenSSL-v11-Win32\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>

     </ClCompile>

     <Link>

       <TargetMachine>MachineX86</TargetMachine>

@@ -92,27 +92,27 @@

       <SubSystem>Windows</SubSystem>

       <EnableCOMDATFolding>true</EnableCOMDATFolding>

       <OptimizeReferences>true</OptimizeReferences>

-      <AdditionalDependencies>$(OutDir)\tss2-mu.lib;$(OutDir)\tss2-sys.lib;$(OutDir)\tss2-tctildr.lib;C:\OpenSSL-Win32\lib\libeay32.lib;%(AdditionalDependencies)</AdditionalDependencies>

+      <AdditionalDependencies>$(OutDir)\tss2-mu.lib;$(OutDir)\tss2-sys.lib;$(OutDir)\tss2-tctildr.lib;C:\OpenSSL-v11-Win32\lib\libcrypto.lib;%(AdditionalDependencies)</AdditionalDependencies>

       <ModuleDefinitionFile>$(SolutionDir)\lib\tss2-esys.def</ModuleDefinitionFile>

     </Link>

   </ItemDefinitionGroup>

   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">

     <ClCompile>

-      <AdditionalIncludeDirectories>$(SolutionDir);$(SolutionDir)\src;$(SolutionDir)\include\tss2;$(SolutionDir)\src\tss2-mu;$(SolutionDir)\src\tss2-sys;$(SolutionDir)\src\tss2-esys;C:\OpenSSL-Win64\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>

+      <AdditionalIncludeDirectories>$(SolutionDir);$(SolutionDir)\src;$(SolutionDir)\include\tss2;$(SolutionDir)\src\tss2-mu;$(SolutionDir)\src\tss2-sys;$(SolutionDir)\src\tss2-esys;C:\OpenSSL-v11-Win64\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>

       <PreprocessorDefinitions>_DEBUG;_WINDOWS;_USRDLL;TSS2ESYS_EXPORTS;MAXLOGLEVEL=6;strtok_r=strtok_s;OSSL;%(PreprocessorDefinitions)</PreprocessorDefinitions>

     </ClCompile>

     <Link>

-      <AdditionalDependencies>$(OutDir)\tss2-mu.lib;$(OutDir)\tss2-sys.lib;$(OutDir)\tss2-tctildr.lib;C:\OpenSSL-Win64\lib\libeay32.lib;%(AdditionalDependencies)</AdditionalDependencies>

+      <AdditionalDependencies>$(OutDir)\tss2-mu.lib;$(OutDir)\tss2-sys.lib;$(OutDir)\tss2-tctildr.lib;C:\OpenSSL-v11-Win64\lib\libcrypto.lib;%(AdditionalDependencies)</AdditionalDependencies>

       <ModuleDefinitionFile>$(SolutionDir)\lib\tss2-esys.def</ModuleDefinitionFile>

     </Link>

   </ItemDefinitionGroup>

   <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">

     <ClCompile>

-      <AdditionalIncludeDirectories>$(SolutionDir);$(SolutionDir)\src;$(SolutionDir)\include\tss2;$(SolutionDir)\src\tss2-mu;$(SolutionDir)\src\tss2-sys;$(SolutionDir)\src\tss2-esys;C:\OpenSSL-Win64\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>

+      <AdditionalIncludeDirectories>$(SolutionDir);$(SolutionDir)\src;$(SolutionDir)\include\tss2;$(SolutionDir)\src\tss2-mu;$(SolutionDir)\src\tss2-sys;$(SolutionDir)\src\tss2-esys;C:\OpenSSL-v11-Win64\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>

       <PreprocessorDefinitions>NDEBUG;_WINDOWS;_USRDLL;TSS2ESYS_EXPORTS;MAXLOGLEVEL=6;strtok_r=strtok_s;OSSL;%(PreprocessorDefinitions)</PreprocessorDefinitions>

     </ClCompile>

     <Link>

-      <AdditionalDependencies>$(OutDir)\tss2-mu.lib;$(OutDir)\tss2-sys.lib;$(OutDir)\tss2-tctildr.lib;C:\OpenSSL-Win64\lib\libeay32.lib;%(AdditionalDependencies)</AdditionalDependencies>

+      <AdditionalDependencies>$(OutDir)\tss2-mu.lib;$(OutDir)\tss2-sys.lib;$(OutDir)\tss2-tctildr.lib;C:\OpenSSL-v11-Win64\lib\libcrypto.lib;%(AdditionalDependencies)</AdditionalDependencies>

       <ModuleDefinitionFile>$(SolutionDir)\lib\tss2-esys.def</ModuleDefinitionFile>

     </Link>

   </ItemDefinitionGroup>

diff --git a/src/tss2-fapi/fapi_crypto.c b/src/tss2-fapi/fapi_crypto.c

index f5b3d272..c97b0a1d 100644

--- a/src/tss2-fapi/fapi_crypto.c

+++ b/src/tss2-fapi/fapi_crypto.c

@@ -333,12 +333,7 @@ ifapi_tpm_ecc_sig_to_der(

                     tpmSignature->signature.ecdsa.signatureR.size, NULL);

     goto_if_null(bnr, "Out of memory", TSS2_FAPI_RC_MEMORY, cleanup);

-#if OPENSSL_VERSION_NUMBER < 0x10100000

-    ecdsaSignature->s = bns;

-    ecdsaSignature->r = bnr;

-#else /* OPENSSL_VERSION_NUMBER < 0x10100000 */

     ECDSA_SIG_set0(ecdsaSignature, bnr, bns);

-#endif /* OPENSSL_VERSION_NUMBER < 0x10100000 */

     osslRC = i2d_ECDSA_SIG(ecdsaSignature, NULL);

     if (osslRC == -1) {

@@ -424,20 +419,9 @@ ossl_rsa_pub_from_tpm(const TPM2B_PUBLIC *tpmPublicKey, EVP_PKEY *evpPublicKey)

                    "Could not set exponent.", error_cleanup);

     }

-#if OPENSSL_VERSION_NUMBER < 0x10100000

-    rsa->e = e;

-    rsa->n = n;

-    rsa->d = d;

-    rsa->p = p;

-    rsa->q = q;

-    rsa->dmp1 = dmp1;

-    rsa->dmq1 = dmq1;

-    rsa->iqmp = iqmp;

-#else /* OPENSSL_VERSION_NUMBER < 0x10100000 */

     RSA_set0_key(rsa, n, e, d);

     RSA_set0_factors(rsa, p, q);

     RSA_set0_crt_params(rsa, dmp1, dmq1, iqmp);

-#endif /* OPENSSL_VERSION_NUMBER < 0x10100000 */

     /* Assign the parameters to the key */

     if (!EVP_PKEY_assign_RSA(evpPublicKey, rsa)) {

@@ -541,8 +525,6 @@ ossl_ecc_pub_from_tpm(const TPM2B_PUBLIC *tpmPublicKey, EVP_PKEY *evpPublicKey)

         goto_error(r, TSS2_FAPI_RC_GENERAL_FAILURE, "Assign ecc key",

                    error_cleanup);

     }

-    /* Needed for older OSSL versions. */

-    EC_KEY_set_asn1_flag(ecKey, OPENSSL_EC_NAMED_CURVE);

     OSSL_FREE(y, BN);

     OSSL_FREE(x, BN);

     return TSS2_RC_SUCCESS;

@@ -654,24 +636,14 @@ ifapi_ecc_der_sig_to_tpm(

     /* Initialize the ECDSA signature components */

     ECDSA_SIG *ecdsaSignature = NULL;

-#if OPENSSL_VERSION_NUMBER < 0x10100000

-    BIGNUM *bnr;

-    BIGNUM *bns;

-#else /* OPENSSL_VERSION_NUMBER < 0x10100000 */

     const BIGNUM *bnr;

     const BIGNUM *bns;

-#endif /* OPENSSL_VERSION_NUMBER < 0x10100000 */

     d2i_ECDSA_SIG(&ecdsaSignature, &signature, signatureSize);

     return_if_null(ecdsaSignature, "Invalid DER signature",

                    TSS2_FAPI_RC_GENERAL_FAILURE);

-#if OPENSSL_VERSION_NUMBER < 0x10100000

-    bns = ecdsaSignature->s;

-    bnr = ecdsaSignature->r;

-#else /* OPENSSL_VERSION_NUMBER < 0x10100000 */

     ECDSA_SIG_get0(ecdsaSignature, &bnr, &bns;;

-#endif /* OPENSSL_VERSION_NUMBER < 0x10100000 */

     /* Writing them to the TPM format signature */

     tpmSignature->signature.ecdsa.hash = hashAlgorithm;

@@ -933,12 +905,7 @@ get_rsa_tpm2b_public_from_evp(

     const BIGNUM *e = NULL, *n = NULL;

     int rsaKeySize = RSA_size(rsaKey);

-#if OPENSSL_VERSION_NUMBER < 0x10100000

-    e = rsaKey->e;

-    n = rsaKey->n;

-#else /* OPENSSL_VERSION_NUMBER < 0x10100000 */

     RSA_get0_key(rsaKey, &n, &e, NULL);

-#endif /* OPENSSL_VERSION_NUMBER < 0x10100000 */

     tpmPublic->publicArea.unique.rsa.size = rsaKeySize;

     if (1 != ifapi_bn2binpad(n, &tpmPublic->publicArea.unique.rsa.buffer[0],

                              rsaKeySize)) {

@@ -1650,8 +1617,6 @@ get_crl_from_cert(X509 *cert, X509_CRL **crl)

         goto_error(r, TSS2_FAPI_RC_NO_CERT, "Get crl.", cleanup);

     }

-    OpenSSL_add_all_algorithms();

-

     unsigned const char* tmp_ptr1 = crl_buffer;

     unsigned const char** tmp_ptr2 = &tmp_ptr1;

@@ -1935,7 +1900,6 @@ ifapi_verify_ek_cert(

                       r, TSS2_FAPI_RC_BAD_VALUE, cleanup);

     } else {

         /* Get uri for ek intermediate certificate. */

-        OpenSSL_add_all_algorithms();

         info = X509_get_ext_d2i(ek_cert, NID_info_access, NULL, NULL);

         for (i = 0; i < sk_ACCESS_DESCRIPTION_num(info); i++) {

@@ -1955,7 +1919,6 @@ ifapi_verify_ek_cert(

         goto_if_null2(cert_buffer, "No certificate downloaded", r,

                       TSS2_FAPI_RC_NO_CERT, cleanup);

-        OpenSSL_add_all_algorithms();

         intermed_cert = get_cert_from_buffer(cert_buffer, cert_buffer_size);

         SAFE_FREE(cert_buffer);

diff --git a/test/helper/tpm_getek.c b/test/helper/tpm_getek.c

index 21be0f46..c6a8e906 100644

--- a/test/helper/tpm_getek.c

+++ b/test/helper/tpm_getek.c

@@ -147,20 +147,9 @@ main (int argc, char *argv[])

         exp = out_public.publicArea.parameters.rsaDetail.exponent;

     BN_set_word(e, exp);

-#if OPENSSL_VERSION_NUMBER < 0x10100000

-    rsa->e = e;

-    rsa->n = n;

-    rsa->d = d;

-    rsa->p = p;

-    rsa->q = q;

-    rsa->dmp1 = dmp1;

-    rsa->dmq1 = dmq1;

-    rsa->iqmp = iqmp;

-#else /* OPENSSL_VERSION_NUMBER < 0x10100000 */

     RSA_set0_key(rsa, n, e, d);

     RSA_set0_factors(rsa, p, q);

     RSA_set0_crt_params(rsa, dmp1, dmq1, iqmp);

-#endif /* OPENSSL_VERSION_NUMBER < 0x10100000 */

     EVP_PKEY_assign_RSA(evp, rsa);

diff --git a/test/helper/tpm_getek_ecc.c b/test/helper/tpm_getek_ecc.c

index 0419f47a..75165fdd 100644

--- a/test/helper/tpm_getek_ecc.c

+++ b/test/helper/tpm_getek_ecc.c

@@ -128,14 +128,6 @@ main (int argc, char *argv[])

     /* Convert the key from out_public to PEM */

     EVP_PKEY *evp = EVP_PKEY_new();

-

-    OpenSSL_add_all_algorithms();

-

-    OpenSSL_add_all_algorithms();

-

-    ERR_load_crypto_strings();

-

-

     EC_KEY *ecc_key = EC_KEY_new();

     BIGNUM *x = NULL, *y = NULL;

     BIO *bio;

@@ -159,7 +151,6 @@ main (int argc, char *argv[])

     if (!EC_KEY_set_group(ecc_key, ecgroup))

         exit(1);

-    EC_KEY_set_asn1_flag(ecc_key, OPENSSL_EC_NAMED_CURVE);

     EC_GROUP_free(ecgroup);

     /* Set the ECC parameters in the OpenSSL key */

-- 

2.26.3