|
|
2c1758 |
commit 11a53055b22d590bd3c197908b0ff63f6fd3c520
|
|
|
2c1758 |
Author: Ingo Franzki <ifranzki@linux.ibm.com>
|
|
|
2c1758 |
Date: Tue Jun 29 17:35:18 2021 +0200
|
|
|
2c1758 |
|
|
|
2c1758 |
COMMON: mech_ec: Remove deprecated OpenSSL functions
|
|
|
2c1758 |
|
|
|
2c1758 |
All low level EC_KEY functions are deprecated in OpenSSL 3.0.
|
|
|
2c1758 |
Update the code to not use any of those.
|
|
|
2c1758 |
|
|
|
2c1758 |
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
|
|
|
2c1758 |
|
|
|
2c1758 |
diff --git a/usr/lib/common/ec_defs.h b/usr/lib/common/ec_defs.h
|
|
|
2c1758 |
index 1f48794b..897cf891 100644
|
|
|
2c1758 |
--- a/usr/lib/common/ec_defs.h
|
|
|
2c1758 |
+++ b/usr/lib/common/ec_defs.h
|
|
|
2c1758 |
@@ -14,13 +14,6 @@
|
|
|
2c1758 |
#include <openssl/opensslv.h>
|
|
|
2c1758 |
#include "ec_curves.h"
|
|
|
2c1758 |
|
|
|
2c1758 |
-/* OpenSSL compat */
|
|
|
2c1758 |
-#if OPENSSL_VERSION_NUMBER < 0x10101000L
|
|
|
2c1758 |
-# define EC_POINT_get_affine_coordinates EC_POINT_get_affine_coordinates_GFp
|
|
|
2c1758 |
-# define EC_POINT_set_compressed_coordinates \
|
|
|
2c1758 |
- EC_POINT_set_compressed_coordinates_GFp
|
|
|
2c1758 |
-#endif
|
|
|
2c1758 |
-
|
|
|
2c1758 |
// Elliptic Curve type
|
|
|
2c1758 |
//
|
|
|
2c1758 |
#define PRIME_CURVE 0x00
|
|
|
2c1758 |
diff --git a/usr/lib/common/mech_ec.c b/usr/lib/common/mech_ec.c
|
|
|
2c1758 |
index b54e2db9..a0a06302 100644
|
|
|
2c1758 |
--- a/usr/lib/common/mech_ec.c
|
|
|
2c1758 |
+++ b/usr/lib/common/mech_ec.c
|
|
|
2c1758 |
@@ -32,34 +32,6 @@
|
|
|
2c1758 |
#include "openssl/obj_mac.h"
|
|
|
2c1758 |
#include <openssl/ec.h>
|
|
|
2c1758 |
|
|
|
2c1758 |
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
|
|
2c1758 |
-/*
|
|
|
2c1758 |
- * Older OpenSLL versions do not have BN_bn2binpad, so implement it here
|
|
|
2c1758 |
- */
|
|
|
2c1758 |
-static int BN_bn2binpad(const BIGNUM *a, unsigned char *to, int tolen)
|
|
|
2c1758 |
-{
|
|
|
2c1758 |
- int len, pad;
|
|
|
2c1758 |
- unsigned char *buf;
|
|
|
2c1758 |
-
|
|
|
2c1758 |
- len = BN_num_bytes(a);
|
|
|
2c1758 |
- buf = (unsigned char *)malloc(len);
|
|
|
2c1758 |
- if (buf == NULL)
|
|
|
2c1758 |
- return -1;
|
|
|
2c1758 |
- BN_bn2bin(a, buf);
|
|
|
2c1758 |
-
|
|
|
2c1758 |
- if (len >= tolen) {
|
|
|
2c1758 |
- memcpy(to, buf, tolen);
|
|
|
2c1758 |
- } else {
|
|
|
2c1758 |
- pad = tolen - len;
|
|
|
2c1758 |
- memset(to, 0, pad);
|
|
|
2c1758 |
- memcpy(to + pad, buf, len);
|
|
|
2c1758 |
- }
|
|
|
2c1758 |
-
|
|
|
2c1758 |
- free(buf);
|
|
|
2c1758 |
- return tolen;
|
|
|
2c1758 |
-}
|
|
|
2c1758 |
-#endif
|
|
|
2c1758 |
-
|
|
|
2c1758 |
#ifndef NID_brainpoolP160r1
|
|
|
2c1758 |
/*
|
|
|
2c1758 |
* Older OpenSLL versions may not have the brainpool NIDs defined, define them
|
|
|
2c1758 |
@@ -1522,9 +1494,8 @@ CK_RV ec_point_from_priv_key(CK_BYTE *parms, CK_ULONG parms_len,
|
|
|
2c1758 |
CK_BYTE *d, CK_ULONG d_len,
|
|
|
2c1758 |
CK_BYTE **point, CK_ULONG *point_len)
|
|
|
2c1758 |
{
|
|
|
2c1758 |
- EC_KEY *eckey = NULL;
|
|
|
2c1758 |
EC_POINT *pub_key = NULL;
|
|
|
2c1758 |
- const EC_GROUP *group = NULL;
|
|
|
2c1758 |
+ EC_GROUP *group = NULL;
|
|
|
2c1758 |
int nid, p_len;
|
|
|
2c1758 |
BIGNUM *bn_d = NULL, *bn_x = NULL, *bn_y = NULL;
|
|
|
2c1758 |
CK_RV rc = CKR_OK;
|
|
|
2c1758 |
@@ -1541,17 +1512,7 @@ CK_RV ec_point_from_priv_key(CK_BYTE *parms, CK_ULONG parms_len,
|
|
|
2c1758 |
goto done;
|
|
|
2c1758 |
}
|
|
|
2c1758 |
|
|
|
2c1758 |
- eckey = EC_KEY_new_by_curve_name(nid);
|
|
|
2c1758 |
- if (eckey == NULL) {
|
|
|
2c1758 |
- rc = CKR_FUNCTION_FAILED;
|
|
|
2c1758 |
- goto done;
|
|
|
2c1758 |
- }
|
|
|
2c1758 |
- if (EC_KEY_set_private_key(eckey, bn_d) != 1) {
|
|
|
2c1758 |
- rc = CKR_FUNCTION_FAILED;
|
|
|
2c1758 |
- goto done;
|
|
|
2c1758 |
- }
|
|
|
2c1758 |
-
|
|
|
2c1758 |
- group = EC_KEY_get0_group(eckey);
|
|
|
2c1758 |
+ group = EC_GROUP_new_by_curve_name(nid);
|
|
|
2c1758 |
if (group == NULL) {
|
|
|
2c1758 |
rc = CKR_FUNCTION_FAILED;
|
|
|
2c1758 |
goto done;
|
|
|
2c1758 |
@@ -1576,7 +1537,7 @@ CK_RV ec_point_from_priv_key(CK_BYTE *parms, CK_ULONG parms_len,
|
|
|
2c1758 |
rc = CKR_HOST_MEMORY;
|
|
|
2c1758 |
goto done;
|
|
|
2c1758 |
}
|
|
|
2c1758 |
- if (!EC_POINT_get_affine_coordinates_GFp(group, pub_key, bn_x, bn_y, NULL)) {
|
|
|
2c1758 |
+ if (!EC_POINT_get_affine_coordinates(group, pub_key, bn_x, bn_y, NULL)) {
|
|
|
2c1758 |
rc = CKR_FUNCTION_FAILED;
|
|
|
2c1758 |
goto done;
|
|
|
2c1758 |
}
|
|
|
2c1758 |
@@ -1599,13 +1560,13 @@ CK_RV ec_point_from_priv_key(CK_BYTE *parms, CK_ULONG parms_len,
|
|
|
2c1758 |
done:
|
|
|
2c1758 |
if (pub_key)
|
|
|
2c1758 |
EC_POINT_free(pub_key);
|
|
|
2c1758 |
- if (eckey)
|
|
|
2c1758 |
- EC_KEY_free(eckey);
|
|
|
2c1758 |
BN_clear_free(bn_x);
|
|
|
2c1758 |
BN_clear_free(bn_y);
|
|
|
2c1758 |
BN_clear_free(bn_d);
|
|
|
2c1758 |
if (ec_point != NULL)
|
|
|
2c1758 |
free(ec_point);
|
|
|
2c1758 |
+ if (group != NULL)
|
|
|
2c1758 |
+ EC_GROUP_free(group);
|
|
|
2c1758 |
|
|
|
2c1758 |
return rc;
|
|
|
2c1758 |
}
|