Menu
▾
▴
[Opensc-commits] [OpenSC/OpenSC] b8b700: sc-ossl-compat.h cleanup
|
From: Doug E. <no...@gi...> - 2022-08-15 12:46:48
|
Branch: refs/heads/master Home: https://github.com/OpenSC/OpenSC Commit: b8b700ade90d93bbf9c68f09375ad270b1dd63ab https://github.com/OpenSC/OpenSC/commit/b8b700ade90d93bbf9c68f09375ad270b1dd63ab Author: Doug Engert <dee...@gm...> Date: 2022-08-15 (Mon, 15 Aug 2022) Changed paths: M src/libopensc/sc-ossl-compat.h M src/pkcs11/framework-pkcs15.c M src/pkcs11/openssl.c M src/pkcs15init/pkcs15-westcos.c M src/tools/piv-tool.c M src/tools/pkcs15-init.c Log Message: ----------- sc-ossl-compat.h cleanup Remove unused code and misplaced defines from sc-ossl-compat.h to support OpenSSL 1.1.1 and 3.0.0+ and LibreSSL 3.4.2+ The "inline" routines are no longer needed and have been removed. Several other source files were modified to include additional header files or use newer names for functions or macros which are defined in OpenSSL and LibreSSL. Date: Tue Feb 1 20:58:08 2022 -0600 On branch sc-ossl-compat-cleanup Changes to be committed: modified: sc-ossl-compat.h modified: ../pkcs11/framework-pkcs15.c modified: ../pkcs11/openssl.c modified: ../pkcs15init/pkcs15-westcos.c modified: ../tools/piv-tool.c modified: ../tools/pkcs15-init.c interactive rebase in progress; onto 238eff7d Last command done (1 command done): pick 7dea6a55 sc-ossl-compat.h cleanup Next commands to do (12 remaining commands): pick 0d051d11 Handle CRYPTO_secure_* pick b926a52f Fix reset of bn pointer and return false You are currently rebasing. Changes to be committed: modified: src/libopensc/sc-ossl-compat.h modified: src/pkcs11/framework-pkcs15.c modified: src/pkcs11/openssl.c modified: src/pkcs15init/pkcs15-westcos.c modified: src/tools/piv-tool.c modified: src/tools/pkcs15-init.c Commit: d06608675c2c02bb8c8f0bc4fc67f7536314585b https://github.com/OpenSC/OpenSC/commit/d06608675c2c02bb8c8f0bc4fc67f7536314585b Author: Doug Engert <dee...@gm...> Date: 2022-08-15 (Mon, 15 Aug 2022) Changed paths: M src/libopensc/ctx.c M src/minidriver/minidriver.c M src/pkcs11/pkcs11-global.c Log Message: ----------- Handle CRYPTO_secure_* Make sure <openssl/crypto.h> is included and test for !defined(LIBRESSL_VERSION_NUMBER) when using CRYPTO_secure_malloc_init, CRYPTO_secure_malloc_initialized and CRYPTO_secure_malloc_done On branch sc-ossl-compat-cleanup Changes to be committed: modified: ctx.c modified: ../minidriver/minidriver.c modified: ../pkcs11/pkcs11-global.c Commit: a7bcc49e371ce6beaa4073accd61c5b75d027133 https://github.com/OpenSC/OpenSC/commit/a7bcc49e371ce6beaa4073accd61c5b75d027133 Author: Doug Engert <dee...@gm...> Date: 2022-08-15 (Mon, 15 Aug 2022) Changed paths: M src/pkcs15init/pkcs15-westcos.c Log Message: ----------- Fix reset of bn pointer and return false On branch sc-ossl-compat-cleanup Changes to be committed: modified: pkcs15-westcos.c Commit: 80556eaa6f1740153c768cbe6bfe22b7f911fa35 https://github.com/OpenSC/OpenSC/commit/80556eaa6f1740153c768cbe6bfe22b7f911fa35 Author: Doug Engert <dee...@gm...> Date: 2022-08-15 (Mon, 15 Aug 2022) Changed paths: M src/libopensc/pkcs15-pubkey.c Log Message: ----------- update pkcs15-pubkey.c On branch sc-ossl-compat-cleanup Changes to be committed: modified: pkcs15-pubkey.c Commit: 9178a4260b4948300539f6bb06ea04497163a0fc https://github.com/OpenSC/OpenSC/commit/9178a4260b4948300539f6bb06ea04497163a0fc Author: Doug Engert <dee...@gm...> Date: 2022-08-15 (Mon, 15 Aug 2022) Changed paths: M src/tools/pkcs15-init.c Log Message: ----------- pkcs15-init.c use EVP_PKEY_eq on 3.0.0+ or EVP_PKEY_cmp on others On branch sc-ossl-compat-cleanup Changes to be committed: modified: pkcs15-init.c Commit: 05160ab91c50ba6be8321a57aa4fb1501a8099fe https://github.com/OpenSC/OpenSC/commit/05160ab91c50ba6be8321a57aa4fb1501a8099fe Author: Doug Engert <dee...@gm...> Date: 2022-08-15 (Mon, 15 Aug 2022) Changed paths: M src/tests/p11test/p11test_case_common.c M src/tests/p11test/p11test_case_common.h M src/tests/p11test/p11test_case_ec_derive.c M src/tests/p11test/p11test_case_multipart.c M src/tests/p11test/p11test_case_pss_oaep.c M src/tests/p11test/p11test_case_readonly.c Log Message: ----------- p11tests replace deprecated EVP_PK_* with EVP_PKEY_* On branch sc-ossl-compat-cleanup Changes to be committed: modified: p11test_case_common.c modified: p11test_case_common.h modified: p11test_case_ec_derive.c modified: p11test_case_multipart.c modified: p11test_case_pss_oaep.c modified: p11test_case_readonly.c Commit: f9253644c91f4fd1f143423961d3586bfd1178e4 https://github.com/OpenSC/OpenSC/commit/f9253644c91f4fd1f143423961d3586bfd1178e4 Author: Doug Engert <dee...@gm...> Date: 2022-08-15 (Mon, 15 Aug 2022) Changed paths: M src/libopensc/card-westcos.c M src/libopensc/pkcs15-prkey.c M src/pkcs15init/pkcs15-oberthur-awp.c M src/sm/sslutil.h M src/tools/gids-tool.c M src/tools/piv-tool.c M src/tools/pkcs11-tool.c M src/tools/pkcs15-init.c M src/tools/sc-hsm-tool.c M src/tools/westcos-tool.c Log Message: ----------- Remove calls to deprecated ERR_load_CRYPTO_strings, ERR_free_strings, OPENSSL_config and CRYPTO_malloc_init LibreSSL and OpenSSL 1.1.1 and 3.0.0+ Have deprecated or removed the need by OpenSC to call ERR_load_CRYPTO_strings, ERR_free_strings, OPENSSL_config and CRYPTO_malloc_init calls to these have been removed On branch sc-ossl-compat-cleanup Changes to be committed: modified: src/libopensc/card-westcos.c modified: src/libopensc/pkcs15-prkey.c modified: src/pkcs15init/pkcs15-oberthur-awp.c modified: src/sm/sslutil.h modified: src/tools/gids-tool.c modified: src/tools/piv-tool.c modified: src/tools/pkcs11-tool.c modified: src/tools/pkcs15-init.c modified: src/tools/sc-hsm-tool.c modified: src/tools/westcos-tool.c interactive rebase in progress; onto 238eff7d Last commands done (7 commands done): pick 86fd6394 p11tests replace deprecated EVP_PK_* with EVP_PKEY_* pick eeadd82d Remove calls to deprecated ERR_load_CRYPTO_strings, ERR_free_strings, OPENSSL_config and CRYPTO_malloc_init Next commands to do (6 remaining commands): pick 450f344a More EVP_CIPHER_CTX_reset changes pick d8319dc4 Fix use of EVP_PKEY_CTX_set_rsa_keygen_pubexp vs EVP_PKEY_CTX_set1_rsa_keygen_pubexp You are currently rebasing. Changes to be committed: modified: src/libopensc/card-westcos.c modified: src/libopensc/pkcs15-prkey.c modified: src/pkcs15init/pkcs15-oberthur-awp.c modified: src/sm/sslutil.h modified: src/tools/gids-tool.c modified: src/tools/piv-tool.c modified: src/tools/pkcs11-tool.c modified: src/tools/pkcs15-init.c modified: src/tools/sc-hsm-tool.c modified: src/tools/westcos-tool.c Commit: bb62074b86e55b3e0b5d430bd6ba130881ab2d59 https://github.com/OpenSC/OpenSC/commit/bb62074b86e55b3e0b5d430bd6ba130881ab2d59 Author: Doug Engert <dee...@gm...> Date: 2022-08-15 (Mon, 15 Aug 2022) Changed paths: M src/libopensc/card-gpk.c M src/libopensc/card-piv.c Log Message: ----------- More EVP_CIPHER_CTX_reset changes Changes to be committed: modified: src/libopensc/card-gpk.c modified: src/libopensc/card-piv.c Commit: 0790d79a414e60f90a20e26898f77e935d050781 https://github.com/OpenSC/OpenSC/commit/0790d79a414e60f90a20e26898f77e935d050781 Author: Doug Engert <dee...@gm...> Date: 2022-08-15 (Mon, 15 Aug 2022) Changed paths: M src/pkcs15init/pkcs15-westcos.c Log Message: ----------- Fix use of EVP_PKEY_CTX_set_rsa_keygen_pubexp vs EVP_PKEY_CTX_set1_rsa_keygen_pubexp EVP_PKEY_CTX_set1_rsa_keygen_pubexp is used in 3.0 EVP_PKEY_CTX_set_rsa_keygen_pubexp is used in 1.1.1 and LibreSSL previous commit in this PR tried to use just one for all cases. On branch sc-ossl-compat-cleanup Changes to be committed: modified: src/pkcs15init/pkcs15-westcos.c Commit: 49f48f57211508997131dd52c689ee8cdea42468 https://github.com/OpenSC/OpenSC/commit/49f48f57211508997131dd52c689ee8cdea42468 Author: Doug Engert <dee...@gm...> Date: 2022-08-15 (Mon, 15 Aug 2022) Changed paths: M src/libopensc/card-iasecc.c Log Message: ----------- card-iasecc.c support for partial hash to use with final hash on card Update to use EVP_Digest* for SHA1 or SHA256 in iasecc_qsign_data_sha1 and iasecc_qsign_data_sha256. These routines extract partial hash data before EVP_DigestFinal. The data is then sent to the card to do the final round of the hash. LibreSSL, OpenSSL 1.1.m and 3.0.1 all define in sha.h identical SHA_CTX and SHA256_CTX structures. But if 3.0.1 is built with no-depracated the definition of the structures (and other defines) are undefined. In this these are defind in card-iasecc.c All three versions have a way to access the data in these structures: LibreSSL: md_data = (SHA_CTX *)mdctx->md_data; 1.1.1m: md_data = EVP_MD_CTX_md_data(mdctx); 3.0.1: md_data = EVP_MD_CTX_get0_md_data(mdctx); I believe that the depraction of the structures in 3.0.1 is an oversight as EVP_MD_CTX_get0_md_data (added in 3.0.0) will return the address of the structure but not the definition of the structure. On branch sc-ossl-compat-cleanup Changes to be committed: modified: card-iasecc.c Commit: 7f883f8b2d315ba9981dd056b957613ae4728f74 https://github.com/OpenSC/OpenSC/commit/7f883f8b2d315ba9981dd056b957613ae4728f74 Author: Doug Engert <dee...@gm...> Date: 2022-08-15 (Mon, 15 Aug 2022) Changed paths: M src/libopensc/card-iasecc.c Log Message: ----------- card-iasecc.c OpenSSL-3.0.1 but without signatures OpenSSL 3.0.0 EVP_MD_CTX_get0_md_data returns NULL. See discussion https://github.com/openssl/openssl/issues/17688 on what it would take to support this. This commit will allow card-iasecc.c to authenticate but signatures will fail with using `OpenSSL-3.0.0 even when compiling with with different API for example: -DOPENSSL_API_COMPAT=0x10100000L Commit: cc5564ffbe24c81d1caaf60bc0dc80dce5236ce6 https://github.com/OpenSC/OpenSC/commit/cc5564ffbe24c81d1caaf60bc0dc80dce5236ce6 Author: Doug Engert <dee...@gm...> Date: 2022-08-15 (Mon, 15 Aug 2022) Changed paths: M src/pkcs15init/pkcs15-oberthur-awp.c Log Message: ----------- whitespace On branch sc-ossl-compat-cleanup Changes to be committed: modified: pkcs15-oberthur-awp.c Commit: ca1bf057fa8649031f1b65f7f3de0641b3fee312 https://github.com/OpenSC/OpenSC/commit/ca1bf057fa8649031f1b65f7f3de0641b3fee312 Author: Doug Engert <dee...@gm...> Date: 2022-08-15 (Mon, 15 Aug 2022) Changed paths: M src/libopensc/card-iasecc.c Log Message: ----------- card-iasecc.c - return SC_ERROR_NOT_SUPPORTED when used with OpenSSL-3.0+ card-iasecc.c is the only place in OpenSC that needs acces to internal hash routines in order to pass intermediate hash data to the card so card can do last round of a hash on the card. LibreSSL and OpenSC-1.1.1 provide access to the SHA_CTX and SHA256_CTX structures. But OpenSSL 3.0 no longer provides access to internal hash data. This commit modifies the iasecc_qsign_data_sha1 and iasecc_qsign_data_sha256 routines to return SC_ERROR_NOT_SUPPORTED when compiled using OpenSSL 3.0.0 or greater. It is not clear at this time if this driver is even used. If the "dsign" routines are needed, a future commit could add a non-OpenSSL SHA1 and SHA256 routine to allow accss to internal data. On branch sc-ossl-compat-cleanup Changes to be committed: modified: card-iasecc.c Commit: 56df8f520bd91c2fc1c9d5367e7a2160003a9af9 https://github.com/OpenSC/OpenSC/commit/56df8f520bd91c2fc1c9d5367e7a2160003a9af9 Author: Doug Engert <dee...@gm...> Date: 2022-08-15 (Mon, 15 Aug 2022) Changed paths: M src/pkcs11/openssl.c Log Message: ----------- Do not load GOST engine when using OpenSSL-3 OpenSSL is dropping support for engines. If and when GOST developers convert GOST to an OpenSSL provider, we can look at loading the provider if needed. On branch sc-ossl-compat-cleanup Changes to be committed: modified: openssl.c Commit: f7b7ebc05df94c307ff180316e80d2076f8a3852 https://github.com/OpenSC/OpenSC/commit/f7b7ebc05df94c307ff180316e80d2076f8a3852 Author: Doug Engert <dee...@gm...> Date: 2022-08-15 (Mon, 15 Aug 2022) Changed paths: M src/pkcs11/openssl.c Log Message: ----------- Suggested changes to comments On branch sc-ossl-compat-cleanup Changes to be committed: modified: openssl.c Commit: 786d0ac7c26456b8e73e06a2ba1d3414e78d57b9 https://github.com/OpenSC/OpenSC/commit/786d0ac7c26456b8e73e06a2ba1d3414e78d57b9 Author: Doug Engert <dee...@gm...> Date: 2022-08-15 (Mon, 15 Aug 2022) Changed paths: M .github/build.sh Log Message: ----------- github build.sh treat ossl3 like other builds Commit: e3f5156c40bc912354446de4603781420d375ca4 https://github.com/OpenSC/OpenSC/commit/e3f5156c40bc912354446de4603781420d375ca4 Author: Doug Engert <dee...@gm...> Date: 2022-08-15 (Mon, 15 Aug 2022) Changed paths: M .github/build.sh Log Message: ----------- github build.sh treat ossl3 like other builds On branch sc-ossl-compat-cleanup Changes to be committed: modified: build.sh Compare: https://github.com/OpenSC/OpenSC/compare/58d8099cb65d...e3f5156c40bc |
