136 lines
5.2 KiB
Diff
136 lines
5.2 KiB
Diff
diff --git a/src/libopensc/cwa14890.c b/src/libopensc/cwa14890.c
|
|
index da471abf..d854799e 100644
|
|
--- a/src/libopensc/cwa14890.c
|
|
+++ b/src/libopensc/cwa14890.c
|
|
@@ -519,8 +519,8 @@ static int cwa_internal_auth(sc_card_t * card, u8 * sig, size_t sig_len, u8 * da
|
|
* @return SC_SUCCESS if ok; else errorcode
|
|
*/
|
|
static int cwa_prepare_external_auth(sc_card_t * card,
|
|
- RSA * icc_pubkey,
|
|
- RSA * ifd_privkey,
|
|
+ COMPAT_RSA * icc_pubkey,
|
|
+ COMPAT_RSA * ifd_privkey,
|
|
u8 * sig,
|
|
size_t sig_len)
|
|
{
|
|
@@ -594,7 +594,7 @@ static int cwa_prepare_external_auth(sc_card_t * card,
|
|
buf3[127] = 0xBC; /* iso padding */
|
|
|
|
/* encrypt with ifd private key */
|
|
- len2 = RSA_private_decrypt(128, buf3, buf2, ifd_privkey, RSA_NO_PADDING);
|
|
+ len2 = RSA_private_decrypt(128, buf3, buf2, (RSA *)ifd_privkey, RSA_NO_PADDING);
|
|
if (len2 < 0) {
|
|
msg = "Prepare external auth: ifd_privk encrypt failed";
|
|
res = SC_ERROR_SM_ENCRYPT_FAILED;
|
|
@@ -630,7 +630,7 @@ static int cwa_prepare_external_auth(sc_card_t * card,
|
|
}
|
|
|
|
/* re-encrypt result with icc public key */
|
|
- len1 = RSA_public_encrypt(len3, buf3, buf1, icc_pubkey, RSA_NO_PADDING);
|
|
+ len1 = RSA_public_encrypt(len3, buf3, buf1, (RSA *)icc_pubkey, RSA_NO_PADDING);
|
|
if (len1 <= 0 || (size_t) len1 != sig_len) {
|
|
msg = "Prepare external auth: icc_pubk encrypt failed";
|
|
res = SC_ERROR_SM_ENCRYPT_FAILED;
|
|
@@ -842,8 +842,8 @@ static int cwa_compare_signature(u8 * data, size_t dlen, u8 * ifd_data)
|
|
* @return SC_SUCCESS if ok; else error code
|
|
*/
|
|
static int cwa_verify_internal_auth(sc_card_t * card,
|
|
- RSA * icc_pubkey,
|
|
- RSA * ifd_privkey,
|
|
+ COMPAT_RSA * icc_pubkey,
|
|
+ COMPAT_RSA * ifd_privkey,
|
|
u8 * ifdbuf,
|
|
size_t ifdlen,
|
|
u8 * sig,
|
|
@@ -901,7 +901,7 @@ static int cwa_verify_internal_auth(sc_card_t * card,
|
|
*/
|
|
|
|
/* decrypt data with our ifd priv key */
|
|
- len1 = RSA_private_decrypt(sig_len, sig, buf1, ifd_privkey, RSA_NO_PADDING);
|
|
+ len1 = RSA_private_decrypt(sig_len, sig, buf1, (RSA *)ifd_privkey, RSA_NO_PADDING);
|
|
if (len1 <= 0) {
|
|
msg = "Verify Signature: decrypt with ifd privk failed";
|
|
res = SC_ERROR_SM_ENCRYPT_FAILED;
|
|
@@ -911,7 +911,7 @@ static int cwa_verify_internal_auth(sc_card_t * card,
|
|
/* OK: now we have SIGMIN in buf1 */
|
|
/* check if SIGMIN data matches SIG or N.ICC-SIG */
|
|
/* evaluate DS[SK.ICC.AUTH](SIG) trying to decrypt with icc pubk */
|
|
- len3 = RSA_public_encrypt(len1, buf1, buf3, icc_pubkey, RSA_NO_PADDING);
|
|
+ len3 = RSA_public_encrypt(len1, buf1, buf3, (RSA *) icc_pubkey, RSA_NO_PADDING);
|
|
if (len3 <= 0)
|
|
goto verify_nicc_sig; /* evaluate N.ICC-SIG and retry */
|
|
res = cwa_compare_signature(buf3, len3, ifdbuf);
|
|
@@ -945,7 +945,7 @@ static int cwa_verify_internal_auth(sc_card_t * card,
|
|
}
|
|
/* ok: check again with new data */
|
|
/* evaluate DS[SK.ICC.AUTH](I.ICC-SIG) trying to decrypt with icc pubk */
|
|
- len3 = RSA_public_encrypt(len2, buf2, buf3, icc_pubkey, RSA_NO_PADDING);
|
|
+ len3 = RSA_public_encrypt(len2, buf2, buf3, (RSA *)icc_pubkey, RSA_NO_PADDING);
|
|
if (len3 <= 0) {
|
|
msg = "Verify Signature: cannot get valid SIG data";
|
|
res = SC_ERROR_INVALID_DATA;
|
|
diff --git a/src/libopensc/p15card-helper.c b/src/libopensc/p15card-helper.c
|
|
index e641858d..1cee573f 100644
|
|
--- a/src/libopensc/p15card-helper.c
|
|
+++ b/src/libopensc/p15card-helper.c
|
|
@@ -143,7 +143,7 @@ CERT_HANDLE_FUNCTION(default_cert_handle) {
|
|
int r;
|
|
X509 *cert_data = NULL;
|
|
EVP_PKEY *pkey = NULL;
|
|
- RSA * rsa = NULL;
|
|
+ COMPAT_RSA * rsa = NULL;
|
|
int certtype = 0;
|
|
int modulus_len = 0;
|
|
const prdata* key = get_prkey_by_cert(items, cert);
|
|
diff --git a/src/libopensc/sc-ossl-compat.h b/src/libopensc/sc-ossl-compat.h
|
|
index 339ad96c..5ac50174 100644
|
|
--- a/src/libopensc/sc-ossl-compat.h
|
|
+++ b/src/libopensc/sc-ossl-compat.h
|
|
@@ -273,6 +273,16 @@ static sc_ossl_inline void CRYPTO_secure_malloc_done()
|
|
|
|
#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
|
|
|
|
+/* OpenSSL 3.0 changes return value of EVP_PKEY_get0_*() to const */
|
|
+#if OPENSSL_VERSION_NUMBER < 0x30000000L
|
|
+# define COMPAT_RSA RSA
|
|
+# define COMPAT_EC_KEY EC_KEY
|
|
+#else
|
|
+# define COMPAT_RSA const RSA
|
|
+# define COMPAT_EC_KEY const EC_KEY
|
|
+#endif
|
|
+
|
|
+
|
|
#ifdef __cplusplus
|
|
}
|
|
#endif /* __cplusplus */
|
|
diff --git a/src/tests/p11test/p11test_case_common.c b/src/tests/p11test/p11test_case_common.c
|
|
index 695ae2ea..73f147e0 100644
|
|
--- a/src/tests/p11test/p11test_case_common.c
|
|
+++ b/src/tests/p11test/p11test_case_common.c
|
|
@@ -20,6 +20,7 @@
|
|
*/
|
|
|
|
#include "p11test_case_common.h"
|
|
+#include "../../libopensc/sc-ossl-compat.h"
|
|
|
|
char name_buffer[11];
|
|
char flag_buffer[11];
|
|
@@ -208,7 +209,7 @@ int callback_certificates(test_certs_t *objects,
|
|
|
|
if (EVP_PKEY_base_id(evp) == EVP_PKEY_RSA) {
|
|
/* Extract public RSA key */
|
|
- RSA *rsa = EVP_PKEY_get0_RSA(evp);
|
|
+ COMPAT_RSA *rsa = EVP_PKEY_get0_RSA(evp);
|
|
if ((o->key.rsa = RSAPublicKey_dup(rsa)) == NULL) {
|
|
fail_msg("RSAPublicKey_dup failed");
|
|
return -1;
|
|
@@ -218,7 +219,7 @@ int callback_certificates(test_certs_t *objects,
|
|
|
|
} else if (EVP_PKEY_base_id(evp) == EVP_PKEY_EC) {
|
|
/* Extract public EC key */
|
|
- EC_KEY *ec = EVP_PKEY_get0_EC_KEY(evp);
|
|
+ COMPAT_EC_KEY *ec = EVP_PKEY_get0_EC_KEY(evp);
|
|
if ((o->key.ec = EC_KEY_dup(ec)) == NULL) {
|
|
fail_msg("EC_KEY_dup failed");
|
|
return -1;
|