From 61989b4c0a2da337a5c8df56e68c83e73259ed75 Mon Sep 17 00:00:00 2001 From: Petr Gotthard Date: Sat, 7 Aug 2021 11:39:52 +0200 Subject: [PATCH 04/17] openssl: Remove support for OpenSSL < 1.1.0 The OpenSSL 1.0.2 is no longer maintained. Supporting an EOL crypto library is not a good idea. - Compared to the upstream commit 1e439d85 changes related to functions and features not previously backported were ommited. Signed-off-by: Petr Gotthard --- configure.ac | 2 +- doc/CHANGELOG.md | 5 +++ doc/INSTALL.md | 2 +- doc/RELEASE.md | 7 ---- lib/tpm2_openssl.c | 87 ---------------------------------------------- lib/tpm2_openssl.h | 10 ------ 6 files changed, 7 insertions(+), 106 deletions(-) diff --git a/configure.ac b/configure.ac index a3988e15..9561fa86 100644 --- a/configure.ac +++ b/configure.ac @@ -58,7 +58,7 @@ PKG_CHECK_MODULES([TSS2_TCTILDR], [tss2-tctildr]) PKG_CHECK_MODULES([TSS2_MU], [tss2-mu]) PKG_CHECK_MODULES([TSS2_RC], [tss2-rc]) PKG_CHECK_MODULES([TSS2_SYS], [tss2-sys]) -PKG_CHECK_MODULES([CRYPTO], [libcrypto >= 1.0.2g]) +PKG_CHECK_MODULES([CRYPTO], [libcrypto >= 1.1.0]) PKG_CHECK_MODULES([CURL], [libcurl]) PKG_CHECK_MODULES([UUID], [uuid]) diff --git a/doc/CHANGELOG.md b/doc/CHANGELOG.md index 87573fd7..b244dfee 100644 --- a/doc/CHANGELOG.md +++ b/doc/CHANGELOG.md @@ -1,5 +1,10 @@ ## Changelog +### next + + * openssl: + - Dropped support for OpenSSL < 1.1.0 + ### 5.0 - 2020-11-16 #### Non Backwards Compatible Changes diff --git a/doc/INSTALL.md b/doc/INSTALL.md index b23b8d61..ab160581 100644 --- a/doc/INSTALL.md +++ b/doc/INSTALL.md @@ -19,7 +19,7 @@ To build and install the tpm2-tools software the following software is required: * C compiler * C Library Development Libraries and Header Files (for pthreads headers) * ESAPI - TPM2.0 TSS ESAPI library (tss2-esys) and header files - * OpenSSL libcrypto library and header files + * OpenSSL libcrypto library and header files (version >= 1.1.0) * Curl library and header files * Universally Unique ID library (UUID) diff --git a/doc/RELEASE.md b/doc/RELEASE.md index e2c72a67..8769b57d 100644 --- a/doc/RELEASE.md +++ b/doc/RELEASE.md @@ -23,13 +23,6 @@ the next release. - [3.0.X](https://github.com/tpm2-software/tpm2-tools/tree/3.0.X): EOL after 3.2.1 release. -## OpenSSL - -tpm2-tools relies heavily on OpenSSL. OpenSSL will be EOL'ing 1.0.2 at the end -of 2019, see: https://www.openssl.org/blog/blog/2018/05/18/new-lts/. When this -occurs, we will remove OSSL 1.0.2 support from the tpm2-tools repository as -supporting an EOL crypto library is not a good idea. - # Release Information Releases shall be tagged following semantic version guidelines found at: diff --git a/lib/tpm2_openssl.c b/lib/tpm2_openssl.c index e769d6df..877d2764 100644 --- a/lib/tpm2_openssl.c +++ b/lib/tpm2_openssl.c @@ -72,58 +72,6 @@ const EVP_MD *tpm2_openssl_halg_from_tpmhalg(TPMI_ALG_HASH algorithm) { /* no return, not possible */ } -#if defined(LIB_TPM2_OPENSSL_OPENSSL_PRE11) -int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d) { - - if ((r->n == NULL && n == NULL) || (r->e == NULL && e == NULL)) { - return 0; - } - - if (n != NULL) { - BN_free(r->n); - r->n = n; - } - - if (e != NULL) { - BN_free(r->e); - r->e = e; - } - - if (d != NULL) { - BN_free(r->d); - r->d = d; - } - - return 1; -} - -void RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q) { - if(p) { - *p = r->p; - } - - if (q) { - *q = r->q; - } -} - -int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s) { - - if (!r || !s) { - return 0; - } - - BN_clear_free(sig->r); - BN_clear_free(sig->s); - - sig->r = r; - sig->s = s; - - return 1; -} - -#endif - bool tpm2_openssl_hash_compute_data(TPMI_ALG_HASH halg, BYTE *buffer, UINT16 length, TPM2B_DIGEST *digest) { @@ -422,54 +370,28 @@ out: HMAC_CTX *tpm2_openssl_hmac_new() { HMAC_CTX *ctx; -#if defined(LIB_TPM2_OPENSSL_OPENSSL_PRE11) - ctx = malloc(sizeof(*ctx)); -#else ctx = HMAC_CTX_new(); -#endif if (!ctx) return NULL; -#if defined(LIB_TPM2_OPENSSL_OPENSSL_PRE11) - HMAC_CTX_init(ctx); -#endif - return ctx; } void tpm2_openssl_hmac_free(HMAC_CTX *ctx) { -#if defined(LIB_TPM2_OPENSSL_OPENSSL_PRE11) - HMAC_CTX_cleanup(ctx); - free(ctx); -#else HMAC_CTX_free(ctx); -#endif } EVP_CIPHER_CTX *tpm2_openssl_cipher_new(void) { EVP_CIPHER_CTX *ctx; -#if defined(LIB_TPM2_OPENSSL_OPENSSL_PRE11) - ctx = malloc(sizeof(*ctx)); -#else ctx = EVP_CIPHER_CTX_new(); -#endif if (!ctx) return NULL; -#if defined(LIB_TPM2_OPENSSL_OPENSSL_PRE11) - EVP_CIPHER_CTX_init(ctx); -#endif - return ctx; } void tpm2_openssl_cipher_free(EVP_CIPHER_CTX *ctx) { -#if defined(LIB_TPM2_OPENSSL_OPENSSL_PRE11) - EVP_CIPHER_CTX_cleanup(ctx); - free(ctx); -#else EVP_CIPHER_CTX_free(ctx); -#endif } digester tpm2_openssl_halg_to_digester(TPMI_ALG_HASH halg) { @@ -680,12 +602,7 @@ static bool load_public_RSA_from_key(RSA *k, TPM2B_PUBLIC *pub) { const BIGNUM *n; /* modulus */ const BIGNUM *e; /* public key exponent */ -#if defined(LIB_TPM2_OPENSSL_OPENSSL_PRE11) - n = k->n; - e = k->e; -#else RSA_get0_key(k, &n, &e, NULL); -#endif /* * The size of the modulus is the key size in RSA, store this as the @@ -1006,11 +923,7 @@ static bool load_private_RSA_from_key(RSA *k, TPM2B_SENSITIVE *priv) { const BIGNUM *p; /* the private key exponent */ -#if defined(LIB_TPM2_OPENSSL_OPENSSL_PRE11) - p = k->p; -#else RSA_get0_factors(k, &p, NULL); -#endif TPMT_SENSITIVE *sa = &priv->sensitiveArea; diff --git a/lib/tpm2_openssl.h b/lib/tpm2_openssl.h index 46c8f9c0..8e3e0c17 100644 --- a/lib/tpm2_openssl.h +++ b/lib/tpm2_openssl.h @@ -13,10 +13,6 @@ #include "pcr.h" -#if (OPENSSL_VERSION_NUMBER < 0x1010000fL && !defined(LIBRESSL_VERSION_NUMBER)) || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x20700000L) /* OpenSSL 1.1.0 */ -#define LIB_TPM2_OPENSSL_OPENSSL_PRE11 -#endif - #if OPENSSL_VERSION_NUMBER >= 0x10101000L #define EC_POINT_set_affine_coordinates_tss(group, tpm_pub_key, bn_x, bn_y, dmy) \ EC_POINT_set_affine_coordinates(group, tpm_pub_key, bn_x, bn_y, dmy) @@ -32,12 +28,6 @@ EC_POINT_get_affine_coordinates_GFp(group, tpm_pub_key, bn_x, bn_y, dmy) #endif /* OPENSSL_VERSION_NUMBER >= 0x10101000L */ -#if defined(LIB_TPM2_OPENSSL_OPENSSL_PRE11) -int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d); -void RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q); -int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s); -#endif - /** * Function prototype for a hashing routine. * -- 2.31.1