Gitiles
Code Review Sign In
gerrit.openbmc.org / stefanberger / openbmc / d3765e957cc3ca575e5f93c794f394c759d72c0a / . / meta-security / meta-tpm / recipes-tpm2 / tpm2-pkcs11 / files / 0001-ssl-compile-against-OSSL-3.0.patch
blob: ac2f92c90ed6a27793e87ba734f30a99be89b2c0 [file] [log] [blame]
Patrick Williams53961c22022-01-20 11:06:23 -0600[diff] [blame]1From f7a2e90e80fd8b4c43042f8099e821b4118234d1 Mon Sep 17 00:00:00 2001
2From: William Roberts <william.c.roberts@intel.com>
3Date: Fri, 3 Sep 2021 11:24:40 -0500
4Subject: [PATCH 1/2] ssl: compile against OSSL 3.0
5
6Compile against OpenSSL. This moves functions non-deprecated things if
7possible and ignores deprecation warnings when not. Padding manipulation
8routines seem to have been marked deprecated in OSSL 3.0, so we need to
9figure out a porting strategy here.
10
11Fixes: #686
12
13Signed-off-by: William Roberts <william.c.roberts@intel.com>
14
15Upstream-Status: Backport
16Signed-off-by: Armin Kuster <akuster808@gmail.com>
17
18---
19 src/lib/backend_esysdb.c | 5 +-
20 src/lib/backend_fapi.c | 5 +-
21 src/lib/encrypt.c | 2 +-
22 src/lib/mech.c | 72 +---
23 src/lib/object.c | 3 +-
24 src/lib/sign.c | 2 +-
25 src/lib/ssl_util.c | 531 ++++++++++++++++--------
26 src/lib/ssl_util.h | 31 +-
27 src/lib/tpm.c | 6 +-
28 src/lib/utils.c | 35 +-
29 src/lib/utils.h | 13 -
30 test/integration/pkcs-sign-verify.int.c | 94 ++---
31 12 files changed, 441 insertions(+), 358 deletions(-)
32
33Index: git/src/lib/backend_esysdb.c
34===================================================================
35--- git.orig/src/lib/backend_esysdb.c
36+++ git/src/lib/backend_esysdb.c
37@@ -3,6 +3,7 @@
38 #include "config.h"
39 #include "backend_esysdb.h"
40 #include "db.h"
41+#include "ssl_util.h"
42 #include "tpm.h"
43
44 CK_RV backend_esysdb_init(void) {
45@@ -308,7 +309,7 @@ CK_RV backend_esysdb_token_unseal_wrappi
46 }
47
48 twist sealsalt = user ? sealobj->userauthsalt : sealobj->soauthsalt;
49- twist sealobjauth = utils_hash_pass(tpin, sealsalt);
50+ twist sealobjauth = ssl_util_hash_pass(tpin, sealsalt);
51 if (!sealobjauth) {
52 rv = CKR_HOST_MEMORY;
53 goto error;
54@@ -372,7 +373,7 @@ CK_RV backend_esysdb_token_changeauth(to
55 */
56 twist oldsalt = !user ? tok->esysdb.sealobject.soauthsalt : tok->esysdb.sealobject.userauthsalt;
57
58- twist oldauth = utils_hash_pass(toldpin, oldsalt);
59+ twist oldauth = ssl_util_hash_pass(toldpin, oldsalt);
60 if (!oldauth) {
61 goto out;
62 }
63Index: git/src/lib/backend_fapi.c
64===================================================================
65--- git.orig/src/lib/backend_fapi.c
66+++ git/src/lib/backend_fapi.c
67@@ -11,6 +11,7 @@
68 #include "backend_fapi.h"
69 #include "emitter.h"
70 #include "parser.h"
71+#include "ssl_util.h"
72 #include "utils.h"
73
74 #ifdef HAVE_FAPI
75@@ -793,7 +794,7 @@ CK_RV backend_fapi_token_unseal_wrapping
76 }
77
78 twist sealsalt = user ? tok->fapi.userauthsalt : tok->fapi.soauthsalt;
79- twist sealobjauth = utils_hash_pass(tpin, sealsalt);
80+ twist sealobjauth = ssl_util_hash_pass(tpin, sealsalt);
81 if (!sealobjauth) {
82 rv = CKR_HOST_MEMORY;
83 goto error;
84@@ -889,7 +890,7 @@ CK_RV backend_fapi_token_changeauth(toke
85 }
86 rv = CKR_GENERAL_ERROR;
87
88- oldauth = utils_hash_pass(toldpin, user ? tok->fapi.userauthsalt : tok->fapi.soauthsalt);
89+ oldauth = ssl_util_hash_pass(toldpin, user ? tok->fapi.userauthsalt : tok->fapi.soauthsalt);
90 if (!oldauth) {
91 goto out;
92 }
93Index: git/src/lib/encrypt.c
94===================================================================
95--- git.orig/src/lib/encrypt.c
96+++ git/src/lib/encrypt.c
97@@ -59,7 +59,7 @@ void encrypt_op_data_free(encrypt_op_dat
98 CK_RV sw_encrypt_data_init(mdetail *mdtl, CK_MECHANISM *mechanism, tobject *tobj, sw_encrypt_data **enc_data) {
99
100 EVP_PKEY *pkey = NULL;
101- CK_RV rv = ssl_util_tobject_to_evp(&pkey, tobj);
102+ CK_RV rv = ssl_util_attrs_to_evp(tobj->attrs, &pkey);
103 if (rv != CKR_OK) {
104 return rv;
105 }
106Index: git/src/lib/mech.c
107===================================================================
108--- git.orig/src/lib/mech.c
109+++ git/src/lib/mech.c
110@@ -693,7 +693,7 @@ CK_RV ecc_keygen_validator(mdetail *m, C
111 }
112
113 int nid = 0;
114- CK_RV rv = ec_params_to_nid(a, &nid);
115+ CK_RV rv = ssl_util_params_to_nid(a, &nid);
116 if (rv != CKR_OK) {
117 return rv;
118 }
119@@ -857,11 +857,11 @@ CK_RV rsa_pkcs_synthesizer(mdetail *mdtl
120 }
121
122 /* Apply the PKCS1.5 padding */
123- int rc = RSA_padding_add_PKCS1_type_1(outbuf, padded_len,
124- inbuf, inlen);
125- if (!rc) {
126+ CK_RV rv = ssl_util_add_PKCS1_TYPE_1(inbuf, inlen,
127+ outbuf, padded_len);
128+ if (rv != CKR_OK) {
129 LOGE("Applying RSA padding failed");
130- return CKR_GENERAL_ERROR;
131+ return rv;
132 }
133
134 *outlen = padded_len;
135@@ -893,22 +893,21 @@ CK_RV rsa_pkcs_unsynthesizer(mdetail *md
136 size_t key_bytes = *keybits / 8;
137
138 unsigned char buf[4096];
139- int rc = RSA_padding_check_PKCS1_type_2(buf, sizeof(buf),
140- inbuf, inlen,
141- key_bytes);
142- if (rc < 0) {
143+ CK_ULONG buflen = sizeof(buf);
144+ CK_RV rv = ssl_util_check_PKCS1_TYPE_2(inbuf, inlen, key_bytes,
145+ buf, &buflen);
146+ if (rv != CKR_OK) {
147 LOGE("Could not recover CKM_RSA_PKCS Padding");
148- return CKR_GENERAL_ERROR;
149+ return rv;
150 }
151
152- /* cannot be < 0 because of check above */
153- if (!outbuf || (unsigned)rc > *outlen) {
154- *outlen = rc;
155+ if (!outbuf || buflen > *outlen) {
156+ *outlen = buflen;
157 return outbuf ? CKR_BUFFER_TOO_SMALL : CKR_OK;
158 }
159
160- *outlen = rc;
161- memcpy(outbuf, buf, rc);
162+ *outlen = buflen;
163+ memcpy(outbuf, buf, buflen);
164
165 return CKR_OK;
166 }
167@@ -944,50 +943,21 @@ CK_RV rsa_pss_synthesizer(mdetail *mdtl,
168 return CKR_GENERAL_ERROR;
169 }
170
171- CK_ATTRIBUTE_PTR exp_attr = attr_get_attribute_by_type(attrs, CKA_PUBLIC_EXPONENT);
172- if (!exp_attr) {
173- LOGE("Signing key has no CKA_PUBLIC_EXPONENT");
174- return CKR_GENERAL_ERROR;
175- }
176-
177 if (modulus_attr->ulValueLen > *outlen) {
178 LOGE("Output buffer is too small, got: %lu, required at least %lu",
179 *outlen, modulus_attr->ulValueLen);
180 return CKR_GENERAL_ERROR;
181 }
182
183- BIGNUM *e = BN_bin2bn(exp_attr->pValue, exp_attr->ulValueLen, NULL);
184- if (!e) {
185- LOGE("Could not convert exponent to bignum");
186- return CKR_GENERAL_ERROR;
187- }
188-
189- BIGNUM *n = BN_bin2bn(modulus_attr->pValue, modulus_attr->ulValueLen, NULL);
190- if (!n) {
191- LOGE("Could not convert modulus to bignum");
192- BN_free(e);
193- return CKR_GENERAL_ERROR;
194- }
195-
196- RSA *rsa = RSA_new();
197- if (!rsa) {
198- LOGE("oom");
199- return CKR_HOST_MEMORY;
200- }
201-
202- int rc = RSA_set0_key(rsa, n, e, NULL);
203- if (!rc) {
204- LOGE("Could not set modulus and exponent to OSSL RSA key");
205- BN_free(n);
206- BN_free(e);
207- RSA_free(rsa);
208- return CKR_GENERAL_ERROR;
209+ EVP_PKEY *pkey = NULL;
210+ rv = ssl_util_attrs_to_evp(attrs, &pkey);
211+ if (rv != CKR_OK) {
212+ return rv;
213 }
214
215- rc = RSA_padding_add_PKCS1_PSS(rsa, outbuf,
216- inbuf, md, -1);
217- RSA_free(rsa);
218- if (!rc) {
219+ rv = ssl_util_add_PKCS1_PSS(pkey, inbuf, md, outbuf);
220+ EVP_PKEY_free(pkey);
221+ if (rv != CKR_OK) {
222 LOGE("Applying RSA padding failed");
223 return CKR_GENERAL_ERROR;
224 }
225Index: git/src/lib/object.c
226===================================================================
227--- git.orig/src/lib/object.c
228+++ git/src/lib/object.c
229@@ -15,6 +15,7 @@
230 #include "object.h"
231 #include "pkcs11.h"
232 #include "session_ctx.h"
233+#include "ssl_util.h"
234 #include "token.h"
235 #include "utils.h"
236
237@@ -121,7 +122,7 @@ CK_RV tobject_get_min_buf_size(tobject *
238 }
239
240 int nid = 0;
241- CK_RV rv = ec_params_to_nid(a, &nid);
242+ CK_RV rv = ssl_util_params_to_nid(a, &nid);
243 if (rv != CKR_OK) {
244 return rv;
245 }
246Index: git/src/lib/sign.c
247===================================================================
248--- git.orig/src/lib/sign.c
249+++ git/src/lib/sign.c
250@@ -74,7 +74,7 @@ static sign_opdata *sign_opdata_new(mdet
251 }
252
253 EVP_PKEY *pkey = NULL;
254- rv = ssl_util_tobject_to_evp(&pkey, tobj);
255+ rv = ssl_util_attrs_to_evp(tobj->attrs, &pkey);
256 if (rv != CKR_OK) {
257 return NULL;
258 }
259Index: git/src/lib/ssl_util.c
260===================================================================
261--- git.orig/src/lib/ssl_util.c
262+++ git/src/lib/ssl_util.c
263@@ -10,6 +10,7 @@
264 #include <openssl/rsa.h>
265 #include <openssl/sha.h>
266
267+#include "attrs.h"
268 #include "log.h"
269 #include "pkcs11.h"
270 #include "ssl_util.h"
271@@ -19,194 +20,228 @@
272 #include <openssl/evperr.h>
273 #endif
274
275-#if defined(LIB_TPM2_OPENSSL_OPENSSL_PRE11)
276+#if defined(LIB_TPM2_OPENSSL_OPENSSL_POST300)
277+#include <openssl/core_names.h>
278+#endif
279
280 /*
281- * Pre openssl 1.1 doesn't have EC_POINT_point2buf, so use EC_POINT_point2oct to
282- * create an API compatible version of it.
283+ * TODO Port these routines
284+ * Deprecated function block to port
285+ *
286+ * There are no padding routine replacements in OSSL 3.0.
287+ * - per Matt Caswell (maintainer) on mailing list.
288+ * Signature verification can likely be done with EVP Verify interface.
289 */
290-size_t EC_POINT_point2buf(const EC_GROUP *group, const EC_POINT *point,
291- point_conversion_form_t form,
292- unsigned char **pbuf, BN_CTX *ctx) {
293-
294- /* Get the required buffer length */
295- size_t len = EC_POINT_point2oct(group, point, form, NULL, 0, NULL);
296- if (!len) {
297- return 0;
298- }
299+#if defined(LIB_TPM2_OPENSSL_OPENSSL_POST300)
300+#pragma GCC diagnostic push
301+#pragma GCC diagnostic ignored "-Wdeprecated-declarations"
302+#endif
303
304- /* allocate it */
305- unsigned char *buf = OPENSSL_malloc(len);
306- if (!buf) {
307- return 0;
308- }
309+CK_RV ssl_util_add_PKCS1_PSS(EVP_PKEY *pkey,
310+ const CK_BYTE_PTR inbuf, const EVP_MD *md,
311+ CK_BYTE_PTR outbuf) {
312
313- /* convert it */
314- len = EC_POINT_point2oct(group, point, form, buf, len, ctx);
315- if (!len) {
316- OPENSSL_free(buf);
317- return 0;
318+ RSA *rsa = (RSA *)EVP_PKEY_get0_RSA(pkey);
319+ if (!rsa) {
320+ return CKR_GENERAL_ERROR;
321 }
322
323- *pbuf = buf;
324- return len;
325-}
326+ int rc = RSA_padding_add_PKCS1_PSS(rsa, outbuf,
327+ inbuf, md, -1);
328
329-size_t OBJ_length(const ASN1_OBJECT *obj) {
330+ return rc == 1 ? CKR_OK : CKR_GENERAL_ERROR;
331+}
332
333- if (!obj) {
334- return 0;
335- }
336+CK_RV ssl_util_add_PKCS1_TYPE_1(const CK_BYTE_PTR inbuf, CK_ULONG inlen,
337+ CK_BYTE_PTR outbuf, CK_ULONG outbuflen) {
338
339- return obj->length;
340+ return RSA_padding_add_PKCS1_type_1(outbuf, outbuflen,
341+ inbuf, inlen) == 1 ? CKR_OK : CKR_GENERAL_ERROR;
342 }
343
344-const unsigned char *OBJ_get0_data(const ASN1_OBJECT *obj) {
345+CK_RV ssl_util_check_PKCS1_TYPE_2(const CK_BYTE_PTR inbuf, CK_ULONG inlen, CK_ULONG rsa_len,
346+ CK_BYTE_PTR outbuf, CK_ULONG_PTR outbuflen) {
347
348- if (!obj) {
349- return NULL;
350+ int rc = RSA_padding_check_PKCS1_type_2(outbuf, *outbuflen,
351+ inbuf, inlen, rsa_len);
352+ if (rc < 0) {
353+ return CKR_GENERAL_ERROR;
354 }
355
356- return obj->data;
357+ /* cannot be negative due to check above */
358+ *outbuflen = rc;
359+ return CKR_OK;
360 }
361
362-const unsigned char *ASN1_STRING_get0_data(const ASN1_STRING *x) {
363- return ASN1_STRING_data((ASN1_STRING *)x);
364-}
365+#if defined(LIB_TPM2_OPENSSL_OPENSSL_POST300)
366+#pragma GCC diagnostic pop
367+#endif
368
369-int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d) {
370+#if defined(LIB_TPM2_OPENSSL_OPENSSL_POST300)
371
372- if ((r->n == NULL && n == NULL) || (r->e == NULL && e == NULL)) {
373- return 0;
374- }
375+static CK_RV get_RSA_evp_pubkey(CK_ATTRIBUTE_PTR e_attr, CK_ATTRIBUTE_PTR n_attr, EVP_PKEY **out_pkey) {
376+
377+ OSSL_PARAM params[] = {
378+ OSSL_PARAM_BN("n", n_attr->pValue, n_attr->ulValueLen),
379+ OSSL_PARAM_BN("e", e_attr->pValue, e_attr->ulValueLen),
380+ OSSL_PARAM_END
381+ };
382
383- if (n != NULL) {
384- BN_free(r->n);
385- r->n = n;
386+ /* convert params to EVP key */
387+ EVP_PKEY_CTX *evp_ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL);
388+ if (!evp_ctx) {
389+ SSL_UTIL_LOGE("EVP_PKEY_CTX_new_id");
390+ return CKR_GENERAL_ERROR;
391 }
392
393- if (e != NULL) {
394- BN_free(r->e);
395- r->e = e;
396+ int rc = EVP_PKEY_fromdata_init(evp_ctx);
397+ if (rc != 1) {
398+ SSL_UTIL_LOGE("EVP_PKEY_fromdata_init");
399+ EVP_PKEY_CTX_free(evp_ctx);
400+ return CKR_GENERAL_ERROR;
401 }
402
403- if (d != NULL) {
404- BN_free(r->d);
405- r->d = d;
406+ rc = EVP_PKEY_fromdata(evp_ctx, out_pkey, EVP_PKEY_PUBLIC_KEY, params);
407+ if (rc != 1) {
408+ SSL_UTIL_LOGE("EVP_PKEY_fromdata");
409+ EVP_PKEY_CTX_free(evp_ctx);
410+ return CKR_GENERAL_ERROR;
411 }
412
413- return 1;
414+ EVP_PKEY_CTX_free(evp_ctx);
415+
416+ return CKR_OK;
417 }
418
419-int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s) {
420+static CK_RV get_EC_evp_pubkey(CK_ATTRIBUTE_PTR ecparams, CK_ATTRIBUTE_PTR ecpoint, EVP_PKEY **out_pkey) {
421+
422+ /*
423+ * The simplest way I have found to deal with this is to convert the ASN1 object in
424+ * the ecparams attribute (was done previously with d2i_ECParameters) is to a nid and
425+ * then take the int nid and convert it to a friendly name like prime256v1.
426+ * EVP_PKEY_fromdata can handle group by name.
427+ *
428+ * Per the spec this is "DER-encoding of an ANSI X9.62 Parameters value".
429+ */
430+ int curve_id = 0;
431+ CK_RV rv = ssl_util_params_to_nid(ecparams, &curve_id);
432+ if (rv != CKR_OK) {
433+ LOGE("Could not get nid from params");
434+ return rv;
435+ }
436
437- if (!r || !s) {
438- return 0;
439+ /* Per the spec CKA_EC_POINT attribute is the "DER-encoding of ANSI X9.62 ECPoint value Q */
440+ const unsigned char *x = ecpoint->pValue;
441+ ASN1_OCTET_STRING *os = d2i_ASN1_OCTET_STRING(NULL, &x, ecpoint->ulValueLen);
442+ if (!os) {
443+ SSL_UTIL_LOGE("d2i_ASN1_OCTET_STRING: %s");
444+ return CKR_GENERAL_ERROR;
445 }
446
447- BN_free(sig->r);
448- BN_free(sig->s);
449+ OSSL_PARAM params[] = {
450+ OSSL_PARAM_utf8_string(OSSL_PKEY_PARAM_GROUP_NAME, (char *)OBJ_nid2sn(curve_id), 0),
451+ OSSL_PARAM_octet_string(OSSL_PKEY_PARAM_PUB_KEY, os->data, os->length),
452+ OSSL_PARAM_END
453+ };
454
455- sig->r = r;
456- sig->s = s;
457+ /* convert params to EVP key */
458+ EVP_PKEY_CTX *evp_ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
459+ if (!evp_ctx) {
460+ SSL_UTIL_LOGE("EVP_PKEY_CTX_new_id");
461+ OPENSSL_free(os);
462+ return CKR_GENERAL_ERROR;
463+ }
464
465- return 1;
466-}
467+ int rc = EVP_PKEY_fromdata_init(evp_ctx);
468+ if (rc != 1) {
469+ SSL_UTIL_LOGE("EVP_PKEY_fromdata_init: %s");
470+ EVP_PKEY_CTX_free(evp_ctx);
471+ OPENSSL_free(os);
472+ return CKR_GENERAL_ERROR;
473+ }
474
475-EC_KEY *EVP_PKEY_get0_EC_KEY(EVP_PKEY *pkey) {
476- if (pkey->type != EVP_PKEY_EC) {
477- return NULL;
478+ rc = EVP_PKEY_fromdata(evp_ctx, out_pkey, EVP_PKEY_PUBLIC_KEY, params);
479+ if (rc != 1) {
480+ SSL_UTIL_LOGE("EVP_PKEY_fromdata");
481+ EVP_PKEY_CTX_free(evp_ctx);
482+ OPENSSL_free(os);
483+ return CKR_GENERAL_ERROR;
484 }
485
486- return pkey->pkey.ec;
487+ EVP_PKEY_CTX_free(evp_ctx);
488+ OPENSSL_free(os);
489+
490+ return CKR_OK;
491 }
492-#endif
493
494-static CK_RV convert_pubkey_RSA(RSA **outkey, attr_list *attrs) {
495+#else
496
497- RSA *rsa = NULL;
498- BIGNUM *e = NULL, *n = NULL;
499+static CK_RV get_RSA_evp_pubkey(CK_ATTRIBUTE_PTR e_attr, CK_ATTRIBUTE_PTR n_attr, EVP_PKEY **out_pkey) {
500
501- CK_ATTRIBUTE_PTR exp = attr_get_attribute_by_type(attrs, CKA_PUBLIC_EXPONENT);
502- if (!exp) {
503- LOGE("RSA Object must have attribute CKA_PUBLIC_EXPONENT");
504+ BIGNUM *e = BN_bin2bn(e_attr->pValue, e_attr->ulValueLen, NULL);
505+ if (!e) {
506+ LOGE("Could not convert exponent to bignum");
507 return CKR_GENERAL_ERROR;
508 }
509
510- CK_ATTRIBUTE_PTR mod = attr_get_attribute_by_type(attrs, CKA_MODULUS);
511- if (!mod) {
512- LOGE("RSA Object must have attribute CKA_MODULUS");
513+ BIGNUM *n = BN_bin2bn(n_attr->pValue, n_attr->ulValueLen, NULL);
514+ if (!n) {
515+ LOGE("Could not convert modulus to bignum");
516+ BN_free(e);
517 return CKR_GENERAL_ERROR;
518 }
519
520- rsa = RSA_new();
521+ RSA *rsa = RSA_new();
522 if (!rsa) {
523- SSL_UTIL_LOGE("Failed to allocate OpenSSL RSA structure");
524- goto error;
525+ LOGE("oom");
526+ return CKR_HOST_MEMORY;
527 }
528
529- e = BN_bin2bn(exp->pValue, exp->ulValueLen, NULL);
530- if (!e) {
531- SSL_UTIL_LOGE("Failed to convert exponent to SSL internal format");
532- goto error;
533+ int rc = RSA_set0_key(rsa, n, e, NULL);
534+ if (!rc) {
535+ LOGE("Could not set modulus and exponent to OSSL RSA key");
536+ BN_free(n);
537+ BN_free(e);
538+ RSA_free(rsa);
539+ return CKR_GENERAL_ERROR;
540 }
541
542- n = BN_bin2bn(mod->pValue, mod->ulValueLen, NULL);
543- if (!n) {
544- SSL_UTIL_LOGE("Failed to convert modulus to SSL internal format");
545- goto error;
546+ /* assigned to RSA key */
547+ n = e = NULL;
548+
549+ EVP_PKEY *pkey = EVP_PKEY_new();
550+ if (!pkey) {
551+ SSL_UTIL_LOGE("EVP_PKEY_new");
552+ RSA_free(rsa);
553+ return CKR_GENERAL_ERROR;
554 }
555
556- if (!RSA_set0_key(rsa, n, e, NULL)) {
557- SSL_UTIL_LOGE("Failed to set RSA modulus and exponent components");
558+ rc = EVP_PKEY_assign_RSA(pkey, rsa);
559+ if (rc != 1) {
560 RSA_free(rsa);
561- BN_free(e);
562- BN_free(n);
563- goto error;
564+ EVP_PKEY_free(pkey);
565+ return CKR_GENERAL_ERROR;
566 }
567
568- *outkey = rsa;
569+ *out_pkey = pkey;
570
571 return CKR_OK;
572-
573-error:
574- RSA_free(rsa);
575- if (e) {
576- BN_free(e);
577- }
578- if (n) {
579- BN_free(n);
580- }
581-
582- return CKR_GENERAL_ERROR;
583 }
584
585-static CK_RV convert_pubkey_ECC(EC_KEY **outkey, attr_list *attrs) {
586+static CK_RV get_EC_evp_pubkey(CK_ATTRIBUTE_PTR ecparams, CK_ATTRIBUTE_PTR ecpoint, EVP_PKEY **out_pkey) {
587
588- EC_KEY *key = EC_KEY_new();
589- if (!key) {
590+ EC_KEY *ecc = EC_KEY_new();
591+ if (!ecc) {
592 LOGE("oom");
593 return CKR_HOST_MEMORY;
594 }
595
596- CK_ATTRIBUTE_PTR ecparams = attr_get_attribute_by_type(attrs, CKA_EC_PARAMS);
597- if (!ecparams) {
598- LOGE("ECC Key must have attribute CKA_EC_PARAMS");
599- return CKR_GENERAL_ERROR;
600- }
601-
602- CK_ATTRIBUTE_PTR ecpoint = attr_get_attribute_by_type(attrs, CKA_EC_POINT);
603- if (!ecpoint) {
604- LOGE("ECC Key must have attribute CKA_EC_POINT");
605- return CKR_GENERAL_ERROR;
606- }
607-
608 /* set params */
609 const unsigned char *x = ecparams->pValue;
610- EC_KEY *k = d2i_ECParameters(&key, &x, ecparams->ulValueLen);
611+ EC_KEY *k = d2i_ECParameters(&ecc, &x, ecparams->ulValueLen);
612 if (!k) {
613 SSL_UTIL_LOGE("Could not update key with EC Parameters");
614- EC_KEY_free(key);
615+ EC_KEY_free(ecc);
616 return CKR_GENERAL_ERROR;
617 }
618
619@@ -215,22 +250,38 @@ static CK_RV convert_pubkey_ECC(EC_KEY *
620 ASN1_OCTET_STRING *os = d2i_ASN1_OCTET_STRING(NULL, &x, ecpoint->ulValueLen);
621 if (os) {
622 x = os->data;
623- k = o2i_ECPublicKey(&key, &x, os->length);
624+ k = o2i_ECPublicKey(&ecc, &x, os->length);
625 ASN1_STRING_free(os);
626 if (!k) {
627 SSL_UTIL_LOGE("Could not update key with EC Points");
628- EC_KEY_free(key);
629+ EC_KEY_free(ecc);
630 return CKR_GENERAL_ERROR;
631 }
632 }
633
634- *outkey = key;
635+ EVP_PKEY *pkey = EVP_PKEY_new();
636+ if (!pkey) {
637+ SSL_UTIL_LOGE("EVP_PKEY_new");
638+ EC_KEY_free(ecc);
639+ return CKR_GENERAL_ERROR;
640+ }
641+
642+ int rc = EVP_PKEY_assign_EC_KEY(pkey, ecc);
643+ if (!rc) {
644+ SSL_UTIL_LOGE("Could not set pkey with ec key");
645+ EC_KEY_free(ecc);
646+ EVP_PKEY_free(pkey);
647+ return CKR_GENERAL_ERROR;
648+ }
649+
650+ *out_pkey = pkey;
651 return CKR_OK;
652 }
653+#endif
654
655-CK_RV ssl_util_tobject_to_evp(EVP_PKEY **outpkey, tobject *obj) {
656+CK_RV ssl_util_attrs_to_evp(attr_list *attrs, EVP_PKEY **outpkey) {
657
658- CK_ATTRIBUTE_PTR a = attr_get_attribute_by_type(obj->attrs, CKA_KEY_TYPE);
659+ CK_ATTRIBUTE_PTR a = attr_get_attribute_by_type(attrs, CKA_KEY_TYPE);
660 if (!a) {
661 LOGE("Expected object to have attribute CKA_KEY_TYPE");
662 return CKR_KEY_TYPE_INCONSISTENT;
663@@ -253,44 +304,52 @@ CK_RV ssl_util_tobject_to_evp(EVP_PKEY *
664 return CKR_OK;
665 }
666
667- EVP_PKEY *pkey = EVP_PKEY_new();
668- if (!pkey) {
669- LOGE("oom");
670- return CKR_HOST_MEMORY;
671- }
672+ EVP_PKEY *pkey = NULL;
673
674 if (key_type == CKK_EC) {
675- EC_KEY *e = NULL;
676- rv = convert_pubkey_ECC(&e, obj->attrs);
677- if (rv != CKR_OK) {
678- return rv;
679+
680+ CK_ATTRIBUTE_PTR ecparams = attr_get_attribute_by_type(attrs, CKA_EC_PARAMS);
681+ if (!ecparams) {
682+ LOGE("ECC Key must have attribute CKA_EC_PARAMS");
683+ return CKR_GENERAL_ERROR;
684 }
685- int rc = EVP_PKEY_assign_EC_KEY(pkey, e);
686- if (!rc) {
687- SSL_UTIL_LOGE("Could not set pkey with ec key");
688- EC_KEY_free(e);
689- EVP_PKEY_free(pkey);
690+
691+ CK_ATTRIBUTE_PTR ecpoint = attr_get_attribute_by_type(attrs, CKA_EC_POINT);
692+ if (!ecpoint) {
693+ LOGE("ECC Key must have attribute CKA_EC_POINT");
694 return CKR_GENERAL_ERROR;
695 }
696- } else if (key_type == CKK_RSA) {
697- RSA *r = NULL;
698- rv = convert_pubkey_RSA(&r, obj->attrs);
699+
700+ rv = get_EC_evp_pubkey(ecparams, ecpoint, &pkey);
701 if (rv != CKR_OK) {
702 return rv;
703 }
704- int rc = EVP_PKEY_assign_RSA(pkey, r);
705- if (!rc) {
706- SSL_UTIL_LOGE("Could not set pkey with rsa key");
707- RSA_free(r);
708- EVP_PKEY_free(pkey);
709+
710+ } else if (key_type == CKK_RSA) {
711+
712+ CK_ATTRIBUTE_PTR exp = attr_get_attribute_by_type(attrs, CKA_PUBLIC_EXPONENT);
713+ if (!exp) {
714+ LOGE("RSA Object must have attribute CKA_PUBLIC_EXPONENT");
715 return CKR_GENERAL_ERROR;
716 }
717+
718+ CK_ATTRIBUTE_PTR mod = attr_get_attribute_by_type(attrs, CKA_MODULUS);
719+ if (!mod) {
720+ LOGE("RSA Object must have attribute CKA_MODULUS");
721+ return CKR_GENERAL_ERROR;
722+ }
723+
724+ rv = get_RSA_evp_pubkey(exp, mod, &pkey);
725+ if (rv != CKR_OK) {
726+ return rv;
727+ }
728+
729 } else {
730 LOGE("Invalid CKA_KEY_TYPE, got: %lu", key_type);
731- EVP_PKEY_free(pkey);
732 return CKR_KEY_TYPE_INCONSISTENT;
733 }
734
735+ assert(pkey);
736 *outpkey = pkey;
737
738 return CKR_OK;
739@@ -406,10 +465,12 @@ CK_RV ssl_util_setup_evp_pkey_ctx(EVP_PK
740 }
741 }
742
743- rc = EVP_PKEY_CTX_set_signature_md(pkey_ctx, md);
744- if (!rc) {
745- SSL_UTIL_LOGE("EVP_PKEY_CTX_set_signature_md failed");
746- goto error;
747+ if (md) {
748+ rc = EVP_PKEY_CTX_set_signature_md(pkey_ctx, md);
749+ if (!rc) {
750+ SSL_UTIL_LOGE("EVP_PKEY_CTX_set_signature_md failed");
751+ goto error;
752+ }
753 }
754
755 *outpkey_ctx = pkey_ctx;
756@@ -421,21 +482,12 @@ error:
757 return CKR_GENERAL_ERROR;
758 }
759
760-static CK_RV do_sig_verify_rsa(EVP_PKEY *pkey,
761- int padding, const EVP_MD *md,
762- CK_BYTE_PTR digest, CK_ULONG digest_len,
763- CK_BYTE_PTR signature, CK_ULONG signature_len) {
764+static CK_RV sig_verify(EVP_PKEY_CTX *ctx,
765+ const unsigned char *sig, size_t siglen,
766+ const unsigned char *tbs, size_t tbslen) {
767
768 CK_RV rv = CKR_GENERAL_ERROR;
769-
770- EVP_PKEY_CTX *pkey_ctx = NULL;
771- rv = ssl_util_setup_evp_pkey_ctx(pkey, padding, md,
772- EVP_PKEY_verify_init, &pkey_ctx);
773- if (rv != CKR_OK) {
774- return rv;
775- }
776-
777- int rc = EVP_PKEY_verify(pkey_ctx, signature, signature_len, digest, digest_len);
778+ int rc = EVP_PKEY_verify(ctx, sig, siglen, tbs, tbslen);
779 if (rc < 0) {
780 SSL_UTIL_LOGE("EVP_PKEY_verify failed");
781 } else if (rc == 1) {
782@@ -444,11 +496,11 @@ static CK_RV do_sig_verify_rsa(EVP_PKEY
783 rv = CKR_SIGNATURE_INVALID;
784 }
785
786- EVP_PKEY_CTX_free(pkey_ctx);
787 return rv;
788 }
789
790-static CK_RV create_ecdsa_sig(CK_BYTE_PTR sig, CK_ULONG siglen, ECDSA_SIG **outsig) {
791+static CK_RV create_ecdsa_sig(CK_BYTE_PTR sig, CK_ULONG siglen,
792+ unsigned char **outbuf, size_t *outlen) {
793
794 if (siglen & 1) {
795 LOGE("Expected ECDSA signature length to be even, got : %lu",
796@@ -487,21 +539,48 @@ static CK_RV create_ecdsa_sig(CK_BYTE_PT
797 return CKR_GENERAL_ERROR;
798 }
799
800- *outsig = ossl_sig;
801+ int sig_len =i2d_ECDSA_SIG(ossl_sig, NULL);
802+ if (sig_len <= 0) {
803+ if (rc < 0) {
804+ SSL_UTIL_LOGE("ECDSA_do_verify failed");
805+ } else {
806+ LOGE("Expected length to be greater than 0");
807+ }
808+ ECDSA_SIG_free(ossl_sig);
809+ return CKR_GENERAL_ERROR;
810+ }
811+
812+ unsigned char *buf = calloc(1, sig_len);
813+ if (!buf) {
814+ LOGE("oom");
815+ ECDSA_SIG_free(ossl_sig);
816+ return CKR_HOST_MEMORY;
817+ }
818+
819+ unsigned char *p = buf;
820+ int sig_len2 = i2d_ECDSA_SIG(ossl_sig, &p);
821+ if (sig_len2 < 0) {
822+ SSL_UTIL_LOGE("ECDSA_do_verify failed");
823+ ECDSA_SIG_free(ossl_sig);
824+ free(buf);
825+ return CKR_GENERAL_ERROR;
826+ }
827+
828+ assert(sig_len == sig_len2);
829+
830+ ECDSA_SIG_free(ossl_sig);
831+
832+ *outbuf = buf;
833+ *outlen = sig_len;
834
835 return CKR_OK;
836 }
837
838 static CK_RV do_sig_verify_ec(EVP_PKEY *pkey,
839+ const EVP_MD *md,
840 CK_BYTE_PTR digest, CK_ULONG digest_len,
841 CK_BYTE_PTR signature, CK_ULONG signature_len) {
842
843- EC_KEY *eckey = EVP_PKEY_get0_EC_KEY(pkey);
844- if (!eckey) {
845- LOGE("Expected EC Key");
846- return CKR_GENERAL_ERROR;
847- }
848-
849 /*
850 * OpenSSL expects ASN1 framed signatures, PKCS11 does flat
851 * R + S signatures, so convert it to ASN1 framing.
852@@ -509,21 +588,47 @@ static CK_RV do_sig_verify_ec(EVP_PKEY *
853 * https://github.com/tpm2-software/tpm2-pkcs11/issues/277
854 * For details.
855 */
856- ECDSA_SIG *ossl_sig = NULL;
857- CK_RV rv = create_ecdsa_sig(signature, signature_len, &ossl_sig);
858+ unsigned char *buf = NULL;
859+ size_t buflen = 0;
860+ CK_RV rv = create_ecdsa_sig(signature, signature_len, &buf, &buflen);
861 if (rv != CKR_OK) {
862 return rv;
863 }
864
865- int rc = ECDSA_do_verify(digest, digest_len, ossl_sig, eckey);
866- if (rc < 0) {
867- ECDSA_SIG_free(ossl_sig);
868- SSL_UTIL_LOGE("ECDSA_do_verify failed");
869- return CKR_GENERAL_ERROR;
870+ EVP_PKEY_CTX *pkey_ctx = NULL;
871+ rv = ssl_util_setup_evp_pkey_ctx(pkey, 0, md,
872+ EVP_PKEY_verify_init, &pkey_ctx);
873+ if (rv != CKR_OK) {
874+ free(buf);
875+ return rv;
876 }
877- ECDSA_SIG_free(ossl_sig);
878
879- return rc == 1 ? CKR_OK : CKR_SIGNATURE_INVALID;
880+ rv = sig_verify(pkey_ctx, buf, buflen, digest, digest_len);
881+
882+ EVP_PKEY_CTX_free(pkey_ctx);
883+ free(buf);
884+
885+ return rv;
886+}
887+
888+static CK_RV do_sig_verify_rsa(EVP_PKEY *pkey,
889+ int padding, const EVP_MD *md,
890+ CK_BYTE_PTR digest, CK_ULONG digest_len,
891+ CK_BYTE_PTR signature, CK_ULONG signature_len) {
892+
893+ CK_RV rv = CKR_GENERAL_ERROR;
894+
895+ EVP_PKEY_CTX *pkey_ctx = NULL;
896+ rv = ssl_util_setup_evp_pkey_ctx(pkey, padding, md,
897+ EVP_PKEY_verify_init, &pkey_ctx);
898+ if (rv != CKR_OK) {
899+ return rv;
900+ }
901+
902+ rv = sig_verify(pkey_ctx, signature, signature_len, digest, digest_len);
903+
904+ EVP_PKEY_CTX_free(pkey_ctx);
905+ return rv;
906 }
907
908 CK_RV ssl_util_sig_verify(EVP_PKEY *pkey,
909@@ -538,7 +643,7 @@ CK_RV ssl_util_sig_verify(EVP_PKEY *pkey
910 digest, digest_len,
911 signature, signature_len);
912 case EVP_PKEY_EC:
913- return do_sig_verify_ec(pkey, digest, digest_len,
914+ return do_sig_verify_ec(pkey, md, digest, digest_len,
915 signature, signature_len);
916 default:
917 LOGE("Unknown PKEY type, got: %d", type);
918@@ -577,3 +682,65 @@ CK_RV ssl_util_verify_recover(EVP_PKEY *
919 EVP_PKEY_CTX_free(pkey_ctx);
920 return rv;
921 }
922+
923+twist ssl_util_hash_pass(const twist pin, const twist salt) {
924+
925+
926+ twist out = NULL;
927+ unsigned char md[SHA256_DIGEST_LENGTH];
928+
929+ EVP_MD_CTX *ctx = EVP_MD_CTX_new();
930+ if (!ctx) {
931+ SSL_UTIL_LOGE("EVP_MD_CTX_new");
932+ return NULL;
933+ }
934+
935+ int rc = EVP_DigestInit(ctx, EVP_sha256());
936+ if (rc != 1) {
937+ SSL_UTIL_LOGE("EVP_DigestInit");
938+ goto error;
939+ }
940+
941+ rc = EVP_DigestUpdate(ctx, pin, twist_len(pin));
942+ if (rc != 1) {
943+ SSL_UTIL_LOGE("EVP_DigestUpdate");
944+ goto error;
945+ }
946+
947+ rc = EVP_DigestUpdate(ctx, salt, twist_len(salt));
948+ if (rc != 1) {
949+ SSL_UTIL_LOGE("EVP_DigestUpdate");
950+ goto error;
951+ }
952+
953+ unsigned int len = sizeof(md);
954+ rc = EVP_DigestFinal(ctx, md, &len);
955+ if (rc != 1) {
956+ SSL_UTIL_LOGE("EVP_DigestFinal");
957+ goto error;
958+ }
959+
960+ /* truncate the password to 32 characters */
961+ out = twist_hex_new((char *)md, sizeof(md)/2);
962+
963+error:
964+ EVP_MD_CTX_free(ctx);
965+
966+ return out;
967+}
968+
969+CK_RV ssl_util_params_to_nid(CK_ATTRIBUTE_PTR ecparams, int *nid) {
970+
971+ const unsigned char *p = ecparams->pValue;
972+
973+ ASN1_OBJECT *a = d2i_ASN1_OBJECT(NULL, &p, ecparams->ulValueLen);
974+ if (!a) {
975+ LOGE("Unknown CKA_EC_PARAMS value");
976+ return CKR_ATTRIBUTE_VALUE_INVALID;
977+ }
978+
979+ *nid = OBJ_obj2nid(a);
980+ ASN1_OBJECT_free(a);
981+
982+ return CKR_OK;
983+}
984Index: git/src/lib/ssl_util.h
985===================================================================
986--- git.orig/src/lib/ssl_util.h
987+++ git/src/lib/ssl_util.h
988@@ -11,8 +11,8 @@
989
990 #include "pkcs11.h"
991
992+#include "attrs.h"
993 #include "log.h"
994-#include "object.h"
995 #include "twist.h"
996
997 #if (OPENSSL_VERSION_NUMBER < 0x1010000fL && !defined(LIBRESSL_VERSION_NUMBER)) || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x20700000L) /* OpenSSL 1.1.0 */
998@@ -22,6 +22,10 @@
999 #define LIB_TPM2_OPENSSL_OPENSSL_POST111 0x1010100f
1000 #endif
1001
1002+#if (OPENSSL_VERSION_NUMBER >= 0x30000000) /* OpenSSL 3.0.0 */
1003+#define LIB_TPM2_OPENSSL_OPENSSL_POST300 0x1010100f
1004+#endif
1005+
1006 /* OpenSSL Backwards Compat APIs */
1007 #if defined(LIB_TPM2_OPENSSL_OPENSSL_PRE11)
1008 #include <string.h>
1009@@ -58,7 +62,7 @@ static inline void *OPENSSL_memdup(const
1010
1011 #define SSL_UTIL_LOGE(m) LOGE("%s: %s", m, ERR_error_string(ERR_get_error(), NULL));
1012
1013-CK_RV ssl_util_tobject_to_evp(EVP_PKEY **outpkey, tobject *obj);
1014+CK_RV ssl_util_attrs_to_evp(attr_list *attrs, EVP_PKEY **outpkey);
1015
1016 CK_RV ssl_util_encrypt(EVP_PKEY *pkey,
1017 int padding, twist label, const EVP_MD *md,
1018@@ -82,4 +86,27 @@ CK_RV ssl_util_setup_evp_pkey_ctx(EVP_PK
1019 fn_EVP_PKEY_init init_fn,
1020 EVP_PKEY_CTX **outpkey_ctx);
1021
1022+CK_RV ssl_util_add_PKCS1_PSS(EVP_PKEY *pkey,
1023+ const CK_BYTE_PTR inbuf, const EVP_MD *md,
1024+ CK_BYTE_PTR outbuf);
1025+
1026+CK_RV ssl_util_add_PKCS1_TYPE_1(const CK_BYTE_PTR inbuf, CK_ULONG inlen,
1027+ CK_BYTE_PTR outbuf, CK_ULONG outbuflen);
1028+
1029+CK_RV ssl_util_check_PKCS1_TYPE_2(const CK_BYTE_PTR inbuf, CK_ULONG inlen, CK_ULONG rsa_len,
1030+ CK_BYTE_PTR outbuf, CK_ULONG_PTR outbuflen);
1031+
1032+twist ssl_util_hash_pass(const twist pin, const twist salt);
1033+
1034+/**
1035+ * Given an attribute of CKA_EC_PARAMS returns the nid value.
1036+ * @param ecparams
1037+ * The DER X9.62 parameters value
1038+ * @param nid
1039+ * The nid to set
1040+ * @return
1041+ * CKR_OK on success.
1042+ */
1043+CK_RV ssl_util_params_to_nid(CK_ATTRIBUTE_PTR ecparams, int *nid);
1044+
1045 #endif /* SRC_LIB_SSL_UTIL_H_ */
1046Index: git/src/lib/tpm.c
1047===================================================================
1048--- git.orig/src/lib/tpm.c
1049+++ git/src/lib/tpm.c
1050@@ -3099,7 +3099,7 @@ static CK_RV handle_ecparams(CK_ATTRIBUT
1051 tpm_key_data *keydat = (tpm_key_data *)udata;
1052
1053 int nid = 0;
1054- CK_RV rv = ec_params_to_nid(attr, &nid);
1055+ CK_RV rv = ssl_util_params_to_nid(attr, &nid);
1056 if (rv != CKR_OK) {
1057 return rv;
1058 }
1059@@ -3451,7 +3451,7 @@ static EC_POINT *tpm_pub_to_ossl_pub(EC_
1060 goto out;
1061 }
1062
1063- int rc = EC_POINT_set_affine_coordinates_GFp(group,
1064+ int rc = EC_POINT_set_affine_coordinates(group,
1065 pub_key_point_tmp,
1066 bn_x,
1067 bn_y,
1068@@ -4579,7 +4579,7 @@ CK_RV tpm_get_pss_sig_state(tpm_ctx *tct
1069 goto out;
1070 }
1071
1072- rv = ssl_util_tobject_to_evp(&pkey, tobj);
1073+ rv = ssl_util_attrs_to_evp(tobj->attrs, &pkey);
1074 if (rv != CKR_OK) {
1075 goto out;
1076 }
1077Index: git/src/lib/utils.c
1078===================================================================
1079--- git.orig/src/lib/utils.c
1080+++ git/src/lib/utils.c
1081@@ -7,6 +7,7 @@
1082 #include <openssl/sha.h>
1083
1084 #include "log.h"
1085+#include "ssl_util.h"
1086 #include "token.h"
1087 #include "utils.h"
1088
1089@@ -45,7 +46,7 @@ CK_RV utils_setup_new_object_auth(twist
1090 pin_to_use = newpin;
1091 }
1092
1093- *newauthhex = utils_hash_pass(pin_to_use, salt_to_use);
1094+ *newauthhex = ssl_util_hash_pass(pin_to_use, salt_to_use);
1095 if (!*newauthhex) {
1096 goto out;
1097 }
1098@@ -330,22 +331,6 @@ out:
1099
1100 }
1101
1102-twist utils_hash_pass(const twist pin, const twist salt) {
1103-
1104-
1105- unsigned char md[SHA256_DIGEST_LENGTH];
1106-
1107- SHA256_CTX sha256;
1108- SHA256_Init(&sha256);
1109-
1110- SHA256_Update(&sha256, pin, twist_len(pin));
1111- SHA256_Update(&sha256, salt, twist_len(salt));
1112- SHA256_Final(md, &sha256);
1113-
1114- /* truncate the password to 32 characters */
1115- return twist_hex_new((char *)md, sizeof(md)/2);
1116-}
1117-
1118 size_t utils_get_halg_size(CK_MECHANISM_TYPE mttype) {
1119
1120 switch(mttype) {
1121@@ -448,22 +433,6 @@ CK_RV utils_ctx_wrap_objauth(twist wrapp
1122
1123 return CKR_OK;
1124 }
1125-
1126-CK_RV ec_params_to_nid(CK_ATTRIBUTE_PTR ecparams, int *nid) {
1127-
1128- const unsigned char *p = ecparams->pValue;
1129-
1130- ASN1_OBJECT *a = d2i_ASN1_OBJECT(NULL, &p, ecparams->ulValueLen);
1131- if (!a) {
1132- LOGE("Unknown CKA_EC_PARAMS value");
1133- return CKR_ATTRIBUTE_VALUE_INVALID;
1134- }
1135-
1136- *nid = OBJ_obj2nid(a);
1137- ASN1_OBJECT_free(a);
1138-
1139- return CKR_OK;
1140-}
1141
1142 CK_RV apply_pkcs7_pad(const CK_BYTE_PTR in, CK_ULONG inlen,
1143 CK_BYTE_PTR out, CK_ULONG_PTR outlen) {
1144Index: git/src/lib/utils.h
1145===================================================================
1146--- git.orig/src/lib/utils.h
1147+++ git/src/lib/utils.h
1148@@ -45,8 +45,6 @@ static inline void _str_padded_copy(CK_U
1149 memcpy(dst, src, src_len);
1150 }
1151
1152-twist utils_hash_pass(const twist pin, const twist salt);
1153-
1154 twist aes256_gcm_decrypt(const twist key, const twist objauth);
1155
1156 twist aes256_gcm_encrypt(twist keybin, twist plaintextbin);
1157@@ -77,17 +75,6 @@ CK_RV utils_ctx_unwrap_objauth(twist wra
1158 CK_RV utils_ctx_wrap_objauth(twist wrappingkey, twist objauth, twist *wrapped_auth);
1159
1160 /**
1161- * Given an attribute of CKA_EC_PARAMS returns the nid value.
1162- * @param ecparams
1163- * The DER X9.62 parameters value
1164- * @param nid
1165- * The nid to set
1166- * @return
1167- * CKR_OK on success.
1168- */
1169-CK_RV ec_params_to_nid(CK_ATTRIBUTE_PTR ecparams, int *nid);
1170-
1171-/**
1172 * Removes a PKCS7 padding on a 16 byte block.
1173 * @param in
1174 * The PKCS5 padded input.
1175Index: git/test/integration/pkcs-sign-verify.int.c
1176===================================================================
1177--- git.orig/test/integration/pkcs-sign-verify.int.c
1178+++ git/test/integration/pkcs-sign-verify.int.c
1179@@ -1061,70 +1061,13 @@ static void test_double_sign_final_call_
1180 assert_int_equal(rv, CKR_OK);
1181 }
1182
1183-static CK_ATTRIBUTE_PTR get_attr(CK_ATTRIBUTE_TYPE type, CK_ATTRIBUTE_PTR attrs, CK_ULONG attr_len) {
1184-
1185- CK_ULONG i;
1186- for (i=0; i < attr_len; i++) {
1187- CK_ATTRIBUTE_PTR a = &attrs[i];
1188- if (a->type == type) {
1189- return a;
1190- }
1191- }
1192-
1193- return NULL;
1194-}
1195-
1196-#if (OPENSSL_VERSION_NUMBER < 0x1010000fL && !defined(LIBRESSL_VERSION_NUMBER)) || (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x20700000L) /* OpenSSL 1.1.0 */
1197-#define LIB_TPM2_OPENSSL_OPENSSL_PRE11
1198-#endif
1199-
1200-RSA *template_to_rsa_pub_key(CK_ATTRIBUTE_PTR attrs, CK_ULONG attr_len) {
1201-
1202- RSA *ssl_rsa_key = NULL;
1203- BIGNUM *e = NULL, *n = NULL;
1204-
1205- /* get the exponent */
1206- CK_ATTRIBUTE_PTR a = get_attr(CKA_PUBLIC_EXPONENT, attrs, attr_len);
1207- assert_non_null(a);
1208-
1209- e = BN_bin2bn((void*)a->pValue, a->ulValueLen, NULL);
1210- assert_non_null(e);
1211-
1212- /* get the modulus */
1213- a = get_attr(CKA_MODULUS, attrs, attr_len);
1214- assert_non_null(a);
1215-
1216- n = BN_bin2bn(a->pValue, a->ulValueLen,
1217- NULL);
1218- assert_non_null(n);
1219-
1220- ssl_rsa_key = RSA_new();
1221- assert_non_null(ssl_rsa_key);
1222-
1223-#if defined(LIB_TPM2_OPENSSL_OPENSSL_PRE11)
1224- ssl_rsa_key->e = e;
1225- ssl_rsa_key->n = n;
1226-#else
1227- int rc = RSA_set0_key(ssl_rsa_key, n, e, NULL);
1228- assert_int_equal(rc, 1);
1229-#endif
1230-
1231- return ssl_rsa_key;
1232-}
1233-
1234-static void verify(RSA *pub, CK_BYTE_PTR msg, CK_ULONG msg_len, CK_BYTE_PTR sig, CK_ULONG sig_len) {
1235-
1236- EVP_PKEY *pkey = EVP_PKEY_new();
1237- assert_non_null(pkey);
1238-
1239- int rc = EVP_PKEY_set1_RSA(pkey, pub);
1240- assert_int_equal(rc, 1);
1241+static void verify(EVP_PKEY *pkey, CK_BYTE_PTR msg, CK_ULONG msg_len, CK_BYTE_PTR sig, CK_ULONG sig_len) {
1242
1243 EVP_MD_CTX *ctx = EVP_MD_CTX_create();
1244 const EVP_MD* md = EVP_get_digestbyname("SHA256");
1245 assert_non_null(md);
1246
1247- rc = EVP_DigestInit_ex(ctx, md, NULL);
1248+ int rc = EVP_DigestInit_ex(ctx, md, NULL);
1249 assert_int_equal(rc, 1);
1250
1251 rc = EVP_DigestVerifyInit(ctx, NULL, md, NULL, pkey);
1252@@ -1136,7 +1079,6 @@ static void verify(RSA *pub, CK_BYTE_PTR
1253 rc = EVP_DigestVerifyFinal(ctx, sig, sig_len);
1254 assert_int_equal(rc, 1);
1255
1256- EVP_PKEY_free(pkey);
1257 EVP_MD_CTX_destroy(ctx);
1258 }
1259
1260@@ -1170,20 +1112,38 @@ static void test_sign_verify_public(void
1261 assert_int_equal(siglen, 256);
1262
1263 /* build an OSSL RSA key from parts */
1264- CK_BYTE _tmp_bufs[2][1024];
1265+ CK_BYTE _tmp_bufs[3][1024];
1266 CK_ATTRIBUTE attrs[] = {
1267- { .type = CKA_PUBLIC_EXPONENT, .ulValueLen = sizeof(_tmp_bufs[0]), .pValue = &_tmp_bufs[0] },
1268- { .type = CKA_MODULUS, .ulValueLen = sizeof(_tmp_bufs[1]), .pValue = &_tmp_bufs[1] },
1269+ { .type = CKA_KEY_TYPE, .ulValueLen = sizeof(_tmp_bufs[0]), .pValue = &_tmp_bufs[0] },
1270+ { .type = CKA_PUBLIC_EXPONENT, .ulValueLen = sizeof(_tmp_bufs[0]), .pValue = &_tmp_bufs[1] },
1271+ { .type = CKA_MODULUS, .ulValueLen = sizeof(_tmp_bufs[1]), .pValue = &_tmp_bufs[2] },
1272 };
1273
1274 rv = C_GetAttributeValue(session, pub_handle, attrs, ARRAY_LEN(attrs));
1275 assert_int_equal(rv, CKR_OK);
1276
1277- RSA *r = template_to_rsa_pub_key(attrs, ARRAY_LEN(attrs));
1278- assert_non_null(r);
1279+ CK_KEY_TYPE key_type = CKA_KEY_TYPE_BAD;
1280+ rv = attr_CK_KEY_TYPE(&attrs[0], &key_type);
1281+ assert_int_equal(rv, CKR_OK);
1282+
1283+ EVP_PKEY *pkey = NULL;
1284+ attr_list *l = attr_list_new();
1285+
1286+ bool res = attr_list_add_int(l, CKA_KEY_TYPE, key_type);
1287+ assert_true(res);
1288
1289- verify(r, msg, sizeof(msg) - 1, sig, siglen);
1290- RSA_free(r);
1291+ res = attr_list_add_buf(l, attrs[1].type, attrs[1].pValue, attrs[1].ulValueLen);
1292+ assert_true(res);
1293+
1294+ res = attr_list_add_buf(l, attrs[2].type, attrs[2].pValue, attrs[2].ulValueLen);
1295+ assert_true(res);
1296+
1297+ rv = ssl_util_attrs_to_evp(l, &pkey);
1298+ assert_int_equal(rv, CKR_OK);
1299+ attr_list_free(l);
1300+
1301+ verify(pkey, msg, sizeof(msg) - 1, sig, siglen);
1302+ EVP_PKEY_free(pkey);
1303 }
1304
1305 static void test_sign_verify_context_specific_good(void **state) {