rpms/tpm2-tss
7
0
Fork 0
Code Issues Pull Requests Releases Activity
3f7d05d4ff
tpm2-tss/0011-Drop-support-for-OpenSSL-1.1.0.patch
Štěpán Horáček 15c4079733 tpm2-tss: Fix failures while using OpenSSL 3 
Resolves: rhbz#1984634

Signed-off-by: Štěpán Horáček <shoracek@redhat.com>
2021-08-24 12:48:01 +02:00

314 lines
15 KiB
Diff
Raw Blame History

From df8495b73df96f55425970e76c613b8a0950bf0c Mon Sep 17 00:00:00 2001
From: Petr Gotthard <petr.gotthard@centrum.cz>
Date: Sun, 18 Jul 2021 20:21:01 +0200
Subject: Drop support for OpenSSL < 1.1.0
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Delete code written to support OpenSSL < 1.1.0
Delete functions that have no effect in OpenSSL >= 1.1.0
- ENGINE_load_builtin_engines()
- OpenSSL_add_all_algorithms()
- ERR_load_crypto_strings()
- EC_KEY_set_asn1_flag(ecKey, OPENSSL_EC_NAMED_CURVE)
Switch AppVeyor to use pre-built OpenSSL 1.1.0
Signed-off-by: Petr Gotthard <petr.gotthard@centrum.cz>
---
src/tss2-esys/esys_crypto_ossl.c | 19 ----------------
src/tss2-esys/tss2-esys.vcxproj | 16 +++++++-------
src/tss2-fapi/fapi_crypto.c | 37 --------------------------------
test/helper/tpm_getek.c | 11 ----------
test/helper/tpm_getek_ecc.c | 9 --------
5 files changed, 8 insertions(+), 84 deletions(-)
diff --git a/src/tss2-esys/esys_crypto_ossl.c b/src/tss2-esys/esys_crypto_ossl.c
index 2eb0dfcb..a6259346 100644
--- a/src/tss2-esys/esys_crypto_ossl.c
+++ b/src/tss2-esys/esys_crypto_ossl.c
@@ -525,11 +525,7 @@ iesys_cryptossl_random2b(TPM2B_NONCE * nonce, size_t num_bytes)
nonce->size = num_bytes;
}
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
RAND_set_rand_method(RAND_OpenSSL());
-#else
- RAND_set_rand_method(RAND_SSLeay());
-#endif
if (1 != RAND_bytes(&nonce->buffer[0], nonce->size)) {
RAND_set_rand_method(rand_save);
return_error(TSS2_ESYS_RC_GENERAL_FAILURE,
@@ -563,11 +559,7 @@ iesys_cryptossl_pk_encrypt(TPM2B_PUBLIC * pub_tpm_key,
size_t * out_size, const char *label)
{
const RAND_METHOD *rand_save = RAND_get_rand_method();
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
RAND_set_rand_method(RAND_OpenSSL());
-#else
- RAND_set_rand_method(RAND_SSLeay());
-#endif
TSS2_RC r = TSS2_RC_SUCCESS;
const EVP_MD * hashAlg = NULL;
@@ -630,14 +622,6 @@ iesys_cryptossl_pk_encrypt(TPM2B_PUBLIC * pub_tpm_key,
goto_error(r, TSS2_ESYS_RC_GENERAL_FAILURE,
"Could not create evp key.", cleanup);
}
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
- if (!BN_bin2bn(pub_tpm_key->publicArea.unique.rsa.buffer,
- pub_tpm_key->publicArea.unique.rsa.size,
- rsa_key->n)) {
- goto_error(r, TSS2_ESYS_RC_GENERAL_FAILURE,
- "Could not create rsa n.", cleanup);
- }
-#else
BIGNUM *n = NULL;
if (!(n = BN_bin2bn(pub_tpm_key->publicArea.unique.rsa.buffer,
pub_tpm_key->publicArea.unique.rsa.size,
@@ -650,7 +634,6 @@ iesys_cryptossl_pk_encrypt(TPM2B_PUBLIC * pub_tpm_key,
goto_error(r, TSS2_ESYS_RC_GENERAL_FAILURE,
"Could not set rsa n.", cleanup);
}
-#endif
if (1 != EVP_PKEY_set1_RSA(evp_rsa_key, rsa_key)) {
goto_error(r, TSS2_ESYS_RC_GENERAL_FAILURE,
@@ -1129,7 +1112,5 @@ iesys_cryptossl_sym_aes_decrypt(uint8_t * key,
*/
TSS2_RC
iesys_cryptossl_init() {
- ENGINE_load_builtin_engines();
- OpenSSL_add_all_algorithms();
return TSS2_RC_SUCCESS;
}
diff --git a/src/tss2-esys/tss2-esys.vcxproj b/src/tss2-esys/tss2-esys.vcxproj
index b75424aa..b2aa67ce 100644
--- a/src/tss2-esys/tss2-esys.vcxproj
+++ b/src/tss2-esys/tss2-esys.vcxproj
@@ -69,13 +69,13 @@
<RuntimeLibrary>MultiThreadedDebugDLL</RuntimeLibrary>
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
- <AdditionalIncludeDirectories>$(SolutionDir);$(SolutionDir)\src;$(SolutionDir)\include\tss2;$(SolutionDir)\src\tss2-mu;$(SolutionDir)\src\tss2-sys;$(SolutionDir)\src\tss2-esys;C:\OpenSSL-Win32\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>$(SolutionDir);$(SolutionDir)\src;$(SolutionDir)\include\tss2;$(SolutionDir)\src\tss2-mu;$(SolutionDir)\src\tss2-sys;$(SolutionDir)\src\tss2-esys;C:\OpenSSL-v11-Win32\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<TargetMachine>MachineX86</TargetMachine>
<GenerateDebugInformation>true</GenerateDebugInformation>
<SubSystem>Windows</SubSystem>
- <AdditionalDependencies>$(OutDir)\tss2-mu.lib;$(OutDir)\tss2-sys.lib;$(OutDir)\tss2-tctildr.lib;C:\OpenSSL-Win32\lib\libeay32.lib;C:\OpenSSL-Win32\lib\libeay32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+ <AdditionalDependencies>$(OutDir)\tss2-mu.lib;$(OutDir)\tss2-sys.lib;$(OutDir)\tss2-tctildr.lib;C:\OpenSSL-v11-Win32\lib\libcrypto.lib;C:\OpenSSL-v11-Win32\lib\libcrypto.lib;%(AdditionalDependencies)</AdditionalDependencies>
<ModuleDefinitionFile>$(SolutionDir)\lib\tss2-esys.def</ModuleDefinitionFile>
</Link>
</ItemDefinitionGroup>
@@ -84,7 +84,7 @@
<PreprocessorDefinitions>WIN32;NDEBUG;_WINDOWS;_USRDLL;TSS2ESYS_EXPORTS;MAXLOGLEVEL=6;strtok_r=strtok_s;OSSL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<RuntimeLibrary>MultiThreadedDLL</RuntimeLibrary>
<WarningLevel>Level3</WarningLevel>
- <AdditionalIncludeDirectories>$(SolutionDir);$(SolutionDir)\src;$(SolutionDir)\include\tss2;$(SolutionDir)\src\tss2-mu;$(SolutionDir)\src\tss2-sys;$(SolutionDir)\src\tss2-esys;C:\OpenSSL-Win32\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>$(SolutionDir);$(SolutionDir)\src;$(SolutionDir)\include\tss2;$(SolutionDir)\src\tss2-mu;$(SolutionDir)\src\tss2-sys;$(SolutionDir)\src\tss2-esys;C:\OpenSSL-v11-Win32\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
</ClCompile>
<Link>
<TargetMachine>MachineX86</TargetMachine>
@@ -92,27 +92,27 @@
<SubSystem>Windows</SubSystem>
<EnableCOMDATFolding>true</EnableCOMDATFolding>
<OptimizeReferences>true</OptimizeReferences>
- <AdditionalDependencies>$(OutDir)\tss2-mu.lib;$(OutDir)\tss2-sys.lib;$(OutDir)\tss2-tctildr.lib;C:\OpenSSL-Win32\lib\libeay32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+ <AdditionalDependencies>$(OutDir)\tss2-mu.lib;$(OutDir)\tss2-sys.lib;$(OutDir)\tss2-tctildr.lib;C:\OpenSSL-v11-Win32\lib\libcrypto.lib;%(AdditionalDependencies)</AdditionalDependencies>
<ModuleDefinitionFile>$(SolutionDir)\lib\tss2-esys.def</ModuleDefinitionFile>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
<ClCompile>
- <AdditionalIncludeDirectories>$(SolutionDir);$(SolutionDir)\src;$(SolutionDir)\include\tss2;$(SolutionDir)\src\tss2-mu;$(SolutionDir)\src\tss2-sys;$(SolutionDir)\src\tss2-esys;C:\OpenSSL-Win64\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>$(SolutionDir);$(SolutionDir)\src;$(SolutionDir)\include\tss2;$(SolutionDir)\src\tss2-mu;$(SolutionDir)\src\tss2-sys;$(SolutionDir)\src\tss2-esys;C:\OpenSSL-v11-Win64\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
<PreprocessorDefinitions>_DEBUG;_WINDOWS;_USRDLL;TSS2ESYS_EXPORTS;MAXLOGLEVEL=6;strtok_r=strtok_s;OSSL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
</ClCompile>
<Link>
- <AdditionalDependencies>$(OutDir)\tss2-mu.lib;$(OutDir)\tss2-sys.lib;$(OutDir)\tss2-tctildr.lib;C:\OpenSSL-Win64\lib\libeay32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+ <AdditionalDependencies>$(OutDir)\tss2-mu.lib;$(OutDir)\tss2-sys.lib;$(OutDir)\tss2-tctildr.lib;C:\OpenSSL-v11-Win64\lib\libcrypto.lib;%(AdditionalDependencies)</AdditionalDependencies>
<ModuleDefinitionFile>$(SolutionDir)\lib\tss2-esys.def</ModuleDefinitionFile>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
<ClCompile>
- <AdditionalIncludeDirectories>$(SolutionDir);$(SolutionDir)\src;$(SolutionDir)\include\tss2;$(SolutionDir)\src\tss2-mu;$(SolutionDir)\src\tss2-sys;$(SolutionDir)\src\tss2-esys;C:\OpenSSL-Win64\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
+ <AdditionalIncludeDirectories>$(SolutionDir);$(SolutionDir)\src;$(SolutionDir)\include\tss2;$(SolutionDir)\src\tss2-mu;$(SolutionDir)\src\tss2-sys;$(SolutionDir)\src\tss2-esys;C:\OpenSSL-v11-Win64\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
<PreprocessorDefinitions>NDEBUG;_WINDOWS;_USRDLL;TSS2ESYS_EXPORTS;MAXLOGLEVEL=6;strtok_r=strtok_s;OSSL;%(PreprocessorDefinitions)</PreprocessorDefinitions>
</ClCompile>
<Link>
- <AdditionalDependencies>$(OutDir)\tss2-mu.lib;$(OutDir)\tss2-sys.lib;$(OutDir)\tss2-tctildr.lib;C:\OpenSSL-Win64\lib\libeay32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+ <AdditionalDependencies>$(OutDir)\tss2-mu.lib;$(OutDir)\tss2-sys.lib;$(OutDir)\tss2-tctildr.lib;C:\OpenSSL-v11-Win64\lib\libcrypto.lib;%(AdditionalDependencies)</AdditionalDependencies>
<ModuleDefinitionFile>$(SolutionDir)\lib\tss2-esys.def</ModuleDefinitionFile>
</Link>
</ItemDefinitionGroup>
diff --git a/src/tss2-fapi/fapi_crypto.c b/src/tss2-fapi/fapi_crypto.c
index f5b3d272..c97b0a1d 100644
--- a/src/tss2-fapi/fapi_crypto.c
+++ b/src/tss2-fapi/fapi_crypto.c
@@ -333,12 +333,7 @@ ifapi_tpm_ecc_sig_to_der(
tpmSignature->signature.ecdsa.signatureR.size, NULL);
goto_if_null(bnr, "Out of memory", TSS2_FAPI_RC_MEMORY, cleanup);
-#if OPENSSL_VERSION_NUMBER < 0x10100000
- ecdsaSignature->s = bns;
- ecdsaSignature->r = bnr;
-#else /* OPENSSL_VERSION_NUMBER < 0x10100000 */
ECDSA_SIG_set0(ecdsaSignature, bnr, bns);
-#endif /* OPENSSL_VERSION_NUMBER < 0x10100000 */
osslRC = i2d_ECDSA_SIG(ecdsaSignature, NULL);
if (osslRC == -1) {
@@ -424,20 +419,9 @@ ossl_rsa_pub_from_tpm(const TPM2B_PUBLIC *tpmPublicKey, EVP_PKEY *evpPublicKey)
"Could not set exponent.", error_cleanup);
}
-#if OPENSSL_VERSION_NUMBER < 0x10100000
- rsa->e = e;
- rsa->n = n;
- rsa->d = d;
- rsa->p = p;
- rsa->q = q;
- rsa->dmp1 = dmp1;
- rsa->dmq1 = dmq1;
- rsa->iqmp = iqmp;
-#else /* OPENSSL_VERSION_NUMBER < 0x10100000 */
RSA_set0_key(rsa, n, e, d);
RSA_set0_factors(rsa, p, q);
RSA_set0_crt_params(rsa, dmp1, dmq1, iqmp);
-#endif /* OPENSSL_VERSION_NUMBER < 0x10100000 */
/* Assign the parameters to the key */
if (!EVP_PKEY_assign_RSA(evpPublicKey, rsa)) {
@@ -541,8 +525,6 @@ ossl_ecc_pub_from_tpm(const TPM2B_PUBLIC *tpmPublicKey, EVP_PKEY *evpPublicKey)
goto_error(r, TSS2_FAPI_RC_GENERAL_FAILURE, "Assign ecc key",
error_cleanup);
}
- /* Needed for older OSSL versions. */
- EC_KEY_set_asn1_flag(ecKey, OPENSSL_EC_NAMED_CURVE);
OSSL_FREE(y, BN);
OSSL_FREE(x, BN);
return TSS2_RC_SUCCESS;
@@ -654,24 +636,14 @@ ifapi_ecc_der_sig_to_tpm(
/* Initialize the ECDSA signature components */
ECDSA_SIG *ecdsaSignature = NULL;
-#if OPENSSL_VERSION_NUMBER < 0x10100000
- BIGNUM *bnr;
- BIGNUM *bns;
-#else /* OPENSSL_VERSION_NUMBER < 0x10100000 */
const BIGNUM *bnr;
const BIGNUM *bns;
-#endif /* OPENSSL_VERSION_NUMBER < 0x10100000 */
d2i_ECDSA_SIG(&ecdsaSignature, &signature, signatureSize);
return_if_null(ecdsaSignature, "Invalid DER signature",
TSS2_FAPI_RC_GENERAL_FAILURE);
-#if OPENSSL_VERSION_NUMBER < 0x10100000
- bns = ecdsaSignature->s;
- bnr = ecdsaSignature->r;
-#else /* OPENSSL_VERSION_NUMBER < 0x10100000 */
ECDSA_SIG_get0(ecdsaSignature, &bnr, &bns);
-#endif /* OPENSSL_VERSION_NUMBER < 0x10100000 */
/* Writing them to the TPM format signature */
tpmSignature->signature.ecdsa.hash = hashAlgorithm;
@@ -933,12 +905,7 @@ get_rsa_tpm2b_public_from_evp(
const BIGNUM *e = NULL, *n = NULL;
int rsaKeySize = RSA_size(rsaKey);
-#if OPENSSL_VERSION_NUMBER < 0x10100000
- e = rsaKey->e;
- n = rsaKey->n;
-#else /* OPENSSL_VERSION_NUMBER < 0x10100000 */
RSA_get0_key(rsaKey, &n, &e, NULL);
-#endif /* OPENSSL_VERSION_NUMBER < 0x10100000 */
tpmPublic->publicArea.unique.rsa.size = rsaKeySize;
if (1 != ifapi_bn2binpad(n, &tpmPublic->publicArea.unique.rsa.buffer[0],
rsaKeySize)) {
@@ -1650,8 +1617,6 @@ get_crl_from_cert(X509 *cert, X509_CRL **crl)
goto_error(r, TSS2_FAPI_RC_NO_CERT, "Get crl.", cleanup);
}
- OpenSSL_add_all_algorithms();
-
unsigned const char* tmp_ptr1 = crl_buffer;
unsigned const char** tmp_ptr2 = &tmp_ptr1;
@@ -1935,7 +1900,6 @@ ifapi_verify_ek_cert(
r, TSS2_FAPI_RC_BAD_VALUE, cleanup);
} else {
/* Get uri for ek intermediate certificate. */
- OpenSSL_add_all_algorithms();
info = X509_get_ext_d2i(ek_cert, NID_info_access, NULL, NULL);
for (i = 0; i < sk_ACCESS_DESCRIPTION_num(info); i++) {
@@ -1955,7 +1919,6 @@ ifapi_verify_ek_cert(
goto_if_null2(cert_buffer, "No certificate downloaded", r,
TSS2_FAPI_RC_NO_CERT, cleanup);
- OpenSSL_add_all_algorithms();
intermed_cert = get_cert_from_buffer(cert_buffer, cert_buffer_size);
SAFE_FREE(cert_buffer);
diff --git a/test/helper/tpm_getek.c b/test/helper/tpm_getek.c
index 21be0f46..c6a8e906 100644
--- a/test/helper/tpm_getek.c
+++ b/test/helper/tpm_getek.c
@@ -147,20 +147,9 @@ main (int argc, char *argv[])
exp = out_public.publicArea.parameters.rsaDetail.exponent;
BN_set_word(e, exp);
-#if OPENSSL_VERSION_NUMBER < 0x10100000
- rsa->e = e;
- rsa->n = n;
- rsa->d = d;
- rsa->p = p;
- rsa->q = q;
- rsa->dmp1 = dmp1;
- rsa->dmq1 = dmq1;
- rsa->iqmp = iqmp;
-#else /* OPENSSL_VERSION_NUMBER < 0x10100000 */
RSA_set0_key(rsa, n, e, d);
RSA_set0_factors(rsa, p, q);
RSA_set0_crt_params(rsa, dmp1, dmq1, iqmp);
-#endif /* OPENSSL_VERSION_NUMBER < 0x10100000 */
EVP_PKEY_assign_RSA(evp, rsa);
diff --git a/test/helper/tpm_getek_ecc.c b/test/helper/tpm_getek_ecc.c
index 0419f47a..75165fdd 100644
--- a/test/helper/tpm_getek_ecc.c
+++ b/test/helper/tpm_getek_ecc.c
@@ -128,14 +128,6 @@ main (int argc, char *argv[])
/* Convert the key from out_public to PEM */
EVP_PKEY *evp = EVP_PKEY_new();
-
- OpenSSL_add_all_algorithms();
-
- OpenSSL_add_all_algorithms();
-
- ERR_load_crypto_strings();
-
-
EC_KEY *ecc_key = EC_KEY_new();
BIGNUM *x = NULL, *y = NULL;
BIO *bio;
@@ -159,7 +151,6 @@ main (int argc, char *argv[])
if (!EC_KEY_set_group(ecc_key, ecgroup))
exit(1);
- EC_KEY_set_asn1_flag(ecc_key, OPENSSL_EC_NAMED_CURVE);
EC_GROUP_free(ecgroup);
/* Set the ECC parameters in the OpenSSL key */
--
2.26.3
Reference in New Issue View Git Blame Copy Permalink