| Patrick Williams | 53961c2 | 2022-01-20 11:06:23 -0600 | [diff] [blame] | 1 | From d33e5ef0b11125fe4683d7bfa17023e24997f587 Mon Sep 17 00:00:00 2001 |
| 2 | From: William Roberts <william.c.roberts@intel.com> |
| 3 | Date: Fri, 3 Sep 2021 11:30:50 -0500 |
| 4 | Subject: [PATCH 2/2] ossl: require version 1.1.0 or greater |
| 5 | |
| 6 | THIS DROPS SUPPORT FOR OSSL 1.0.2. |
| 7 | |
| 8 | Signed-off-by: William Roberts <william.c.roberts@intel.com> |
| 9 | |
| 10 | Upstream-Status: Backport |
| 11 | Signed-off-by: Armin Kuster <akuster808@gmail.com> |
| 12 | --- |
| 13 | configure.ac | 2 +- |
| 14 | src/lib/ssl_util.h | 43 +++++-------------------------------------- |
| 15 | 2 files changed, 6 insertions(+), 39 deletions(-) |
| 16 | |
| 17 | diff --git a/configure.ac b/configure.ac |
| 18 | index a7aeaf5..94fb5d4 100644 |
| 19 | --- a/configure.ac |
| 20 | +++ b/configure.ac |
| 21 | @@ -55,7 +55,7 @@ PKG_CHECK_EXISTS([tss2-esys >= 3.0], |
| 22 | # require sqlite3 and libcrypto |
| 23 | PKG_CHECK_MODULES([SQLITE3], [sqlite3]) |
| 24 | PKG_CHECK_MODULES([YAML], [yaml-0.1]) |
| 25 | -PKG_CHECK_MODULES([CRYPTO], [libcrypto >= 1.0.2g]) |
| 26 | +PKG_CHECK_MODULES([CRYPTO], [libcrypto >= 1.1.0]) |
| 27 | |
| 28 | # check for pthread |
| 29 | AX_PTHREAD([],[AC_MSG_ERROR([Cannot find pthread])]) |
| 30 | diff --git a/src/lib/ssl_util.h b/src/lib/ssl_util.h |
| 31 | index 9909fd6..2591728 100644 |
| 32 | --- a/src/lib/ssl_util.h |
| 33 | +++ b/src/lib/ssl_util.h |
| 34 | @@ -15,51 +15,18 @@ |
| 35 | #include "log.h" |
| 36 | #include "twist.h" |
| 37 | |
| 38 | -#if (OPENSSL_VERSION_NUMBER < 0x1010000fL && !defined(LIBRESSL_VERSION_NUMBER)) || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x20700000L) /* OpenSSL 1.1.0 */ |
| 39 | -#define LIB_TPM2_OPENSSL_OPENSSL_PRE11 |
| 40 | -/* LibreSSL does not appear to have evperr.h, so their is no need to define this otherwise */ |
| 41 | -#elif (OPENSSL_VERSION_NUMBER >= 0x1010100fL) /* OpenSSL 1.1.1 */ |
| 42 | +#if (OPENSSL_VERSION_NUMBER >= 0x1010100fL) /* OpenSSL 1.1.1 */ |
| 43 | #define LIB_TPM2_OPENSSL_OPENSSL_POST111 0x1010100f |
| 44 | #endif |
| 45 | |
| 46 | -#if (OPENSSL_VERSION_NUMBER >= 0x30000000) /* OpenSSL 3.0.0 */ |
| 47 | -#define LIB_TPM2_OPENSSL_OPENSSL_POST300 0x1010100f |
| 48 | +#if defined(LIB_TPM2_OPENSSL_OPENSSL_POST111) |
| 49 | +#include <openssl/evperr.h> |
| 50 | #endif |
| 51 | |
| 52 | -/* OpenSSL Backwards Compat APIs */ |
| 53 | -#if defined(LIB_TPM2_OPENSSL_OPENSSL_PRE11) |
| 54 | -#include <string.h> |
| 55 | -size_t EC_POINT_point2buf(const EC_GROUP *group, const EC_POINT *point, |
| 56 | - point_conversion_form_t form, |
| 57 | - unsigned char **pbuf, BN_CTX *ctx); |
| 58 | - |
| 59 | -const unsigned char *ASN1_STRING_get0_data(const ASN1_STRING *x); |
| 60 | - |
| 61 | -int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d); |
| 62 | - |
| 63 | -int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s); |
| 64 | - |
| 65 | -EC_KEY *EVP_PKEY_get0_EC_KEY(EVP_PKEY *pkey); |
| 66 | - |
| 67 | -static inline void *OPENSSL_memdup(const void *dup, size_t l) { |
| 68 | - |
| 69 | - void *p = OPENSSL_malloc(l); |
| 70 | - if (!p) { |
| 71 | - return NULL; |
| 72 | - } |
| 73 | - |
| 74 | - memcpy(p, dup, l); |
| 75 | - return p; |
| 76 | -} |
| 77 | - |
| 78 | -#endif |
| 79 | - |
| 80 | -#ifndef RSA_PSS_SALTLEN_DIGEST |
| 81 | -#define RSA_PSS_SALTLEN_DIGEST -1 |
| 82 | +#if (OPENSSL_VERSION_NUMBER >= 0x30000000) /* OpenSSL 3.0.0 */ |
| 83 | +#define LIB_TPM2_OPENSSL_OPENSSL_POST300 0x1010100f |
| 84 | #endif |
| 85 | |
| 86 | -/* Utility APIs */ |
| 87 | - |
| 88 | #define SSL_UTIL_LOGE(m) LOGE("%s: %s", m, ERR_error_string(ERR_get_error(), NULL)); |
| 89 | |
| 90 | CK_RV ssl_util_attrs_to_evp(attr_list *attrs, EVP_PKEY **outpkey); |
| 91 | -- |
| 92 | 2.25.1 |
| 93 | |