From 7c7bb855e133b6c998385171b2ec86247b86933e Mon Sep 17 00:00:00 2001 From: Francisco Trivino Date: Fri, 2 Aug 2024 11:53:44 +0200 Subject: [PATCH] use pkcs11 provider for OPENSSL MAJOR >= 3 --- src/lib/crypto/OSSLCryptoFactory.h | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/src/lib/crypto/OSSLCryptoFactory.h b/src/lib/crypto/OSSLCryptoFactory.h index d718b69..18028c4 100644 --- a/src/lib/crypto/OSSLCryptoFactory.h +++ b/src/lib/crypto/OSSLCryptoFactory.h @@ -42,7 +42,16 @@ #include "RNG.h" #include #include -#include +#if OPENSSL_VERSION_MAJOR >= 3 +# define USE_PKCS11_PROVIDER +# include +# include +#else +# if !defined(OPENSSL_NO_ENGINE) && !defined(OPENSSL_NO_DEPRECATED_3_0) +# define USE_PKCS11_ENGINE +# include +# endif +#endif class OSSLCryptoFactory : public CryptoFactory { -- 2.45.2 From 583740612a9e3be7566661e1028ad9095639c4f5 Mon Sep 17 00:00:00 2001 From: Francisco Trivino Date: Fri, 2 Aug 2024 14:39:44 +0200 Subject: [PATCH] All ENGINE functions usage should be placed under OPENSSL_NO_ENGINE --- patch-ENGINE.path | 73 ++++++++++++++++++++++++++++ patch-out-engine.path | 34 +++++++++++++ src/lib/crypto/OSSLCryptoFactory.cpp | 7 ++- 3 files changed, 112 insertions(+), 2 deletions(-) create mode 100644 patch-ENGINE.path create mode 100644 patch-out-engine.path diff --git a/patch-ENGINE.path b/patch-ENGINE.path new file mode 100644 index 0000000..ba3eaa2 --- /dev/null +++ b/patch-ENGINE.path @@ -0,0 +1,73 @@ +From 5d788099528b9189b499b9910302425be4bce9ae Mon Sep 17 00:00:00 2001 +From: Francisco Trivino +Date: Fri, 2 Aug 2024 14:39:44 +0200 +Subject: [PATCH] All ENGINE functions usage should be placed under + OPENSSL_NO_ENGINE + +--- + cmake/modules/tests/test_openssl_gost.c | 2 ++ + src/lib/crypto/OSSLCryptoFactory.cpp | 7 +++++-- + 2 files changed, 7 insertions(+), 2 deletions(-) + +diff --git a/cmake/modules/tests/test_openssl_gost.c b/cmake/modules/tests/test_openssl_gost.c +index 33487e1..b2df4df 100644 +--- a/cmake/modules/tests/test_openssl_gost.c ++++ b/cmake/modules/tests/test_openssl_gost.c +@@ -1,3 +1,4 @@ ++#ifndef OPENSSL_NO_ENGINE + #include + #include + #include +@@ -39,3 +40,4 @@ int main() + + return 0; + } ++#endif +diff --git a/src/lib/crypto/OSSLCryptoFactory.cpp b/src/lib/crypto/OSSLCryptoFactory.cpp +index 32f8dc8..a719778 100644 +--- a/src/lib/crypto/OSSLCryptoFactory.cpp ++++ b/src/lib/crypto/OSSLCryptoFactory.cpp +@@ -141,6 +141,8 @@ OSSLCryptoFactory::OSSLCryptoFactory() + // Initialise OpenSSL + OpenSSL_add_all_algorithms(); + ++#ifndef OPENSSL_NO_ENGINE ++ + #if !( OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) ) + // Make sure RDRAND is loaded first + ENGINE_load_rdrand(); +@@ -221,13 +223,13 @@ err: + eg = NULL; + return; + #endif ++#endif // OPENSSL_NO_ENGINE + } + + // Destructor + OSSLCryptoFactory::~OSSLCryptoFactory() + { + bool ossl_shutdown = false; +- + #if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) + // OpenSSL 1.1.0+ will register an atexit() handler to run + // OPENSSL_cleanup(). If that has already happened we must +@@ -243,6 +245,7 @@ OSSLCryptoFactory::~OSSLCryptoFactory() + #endif + if (!ossl_shutdown) + { ++#ifndef OPENSSL_NO_ENGINE + #ifdef WITH_GOST + // Finish the GOST engine + if (eg != NULL) +@@ -257,7 +260,7 @@ OSSLCryptoFactory::~OSSLCryptoFactory() + ENGINE_finish(rdrand_engine); + ENGINE_free(rdrand_engine); + rdrand_engine = NULL; +- ++#endif //OPENSSL_NO_ENGINE + // Recycle locks + #if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + if (setLockingCallback) +-- +2.45.2 + diff --git a/patch-out-engine.path b/patch-out-engine.path new file mode 100644 index 0000000..00b2bf3 --- /dev/null +++ b/patch-out-engine.path @@ -0,0 +1,34 @@ +From 7c7bb855e133b6c998385171b2ec86247b86933e Mon Sep 17 00:00:00 2001 +From: Francisco Trivino +Date: Fri, 2 Aug 2024 11:53:44 +0200 +Subject: [PATCH] use pkcs11 provider for OPENSSL MAJOR >= 3 + +--- + src/lib/crypto/OSSLCryptoFactory.h | 11 ++++++++++- + 1 file changed, 10 insertions(+), 1 deletion(-) + +diff --git a/src/lib/crypto/OSSLCryptoFactory.h b/src/lib/crypto/OSSLCryptoFactory.h +index d718b69..18028c4 100644 +--- a/src/lib/crypto/OSSLCryptoFactory.h ++++ b/src/lib/crypto/OSSLCryptoFactory.h +@@ -42,7 +42,16 @@ + #include "RNG.h" + #include + #include +-#include ++#if OPENSSL_VERSION_MAJOR >= 3 ++# define USE_PKCS11_PROVIDER ++# include ++# include ++#else ++# if !defined(OPENSSL_NO_ENGINE) && !defined(OPENSSL_NO_DEPRECATED_3_0) ++# define USE_PKCS11_ENGINE ++# include ++# endif ++#endif + + class OSSLCryptoFactory : public CryptoFactory + { +-- +2.45.2 + diff --git a/src/lib/crypto/OSSLCryptoFactory.cpp b/src/lib/crypto/OSSLCryptoFactory.cpp index 32f8dc8..a719778 100644 --- a/src/lib/crypto/OSSLCryptoFactory.cpp +++ b/src/lib/crypto/OSSLCryptoFactory.cpp @@ -141,6 +141,8 @@ OSSLCryptoFactory::OSSLCryptoFactory() // Initialise OpenSSL OpenSSL_add_all_algorithms(); +#ifndef OPENSSL_NO_ENGINE + #if !( OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) ) // Make sure RDRAND is loaded first ENGINE_load_rdrand(); @@ -221,13 +223,13 @@ err: eg = NULL; return; #endif +#endif // OPENSSL_NO_ENGINE } // Destructor OSSLCryptoFactory::~OSSLCryptoFactory() { bool ossl_shutdown = false; - #if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) // OpenSSL 1.1.0+ will register an atexit() handler to run // OPENSSL_cleanup(). If that has already happened we must @@ -243,6 +245,7 @@ OSSLCryptoFactory::~OSSLCryptoFactory() #endif if (!ossl_shutdown) { +#ifndef OPENSSL_NO_ENGINE #ifdef WITH_GOST // Finish the GOST engine if (eg != NULL) @@ -257,7 +260,7 @@ OSSLCryptoFactory::~OSSLCryptoFactory() ENGINE_finish(rdrand_engine); ENGINE_free(rdrand_engine); rdrand_engine = NULL; - +#endif //OPENSSL_NO_ENGINE // Recycle locks #if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) if (setLockingCallback) -- 2.45.2