Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild

.gitignore

@@ -8,3 +8,30 @@
 /AusweisApp-2.0.3.tar.gz
 /AusweisApp-2.0.3.tar.gz.asc
 /AusweisApp-2.0.3.tar.gz.sha256
+/AusweisApp-2.1.0.tar.gz
+/AusweisApp-2.1.0.tar.gz.asc
+/AusweisApp-2.1.0.tar.gz.sha256
+/AusweisApp-2.1.1.tar.gz
+/AusweisApp-2.1.1.tar.gz.asc
+/AusweisApp-2.1.1.tar.gz.sha256
+/AusweisApp-2.2.0.tar.gz
+/AusweisApp-2.2.0.tar.gz.asc
+/AusweisApp-2.2.0.tar.gz.sha256
+/AusweisApp-2.2.1.tar.gz
+/AusweisApp-2.2.1.tar.gz.asc
+/AusweisApp-2.2.1.tar.gz.sha256
+/AusweisApp-2.2.2.tar.gz
+/AusweisApp-2.2.2.tar.gz.asc
+/AusweisApp-2.2.2.tar.gz.sha256
+/AusweisApp-2.3.0.tar.gz
+/AusweisApp-2.3.0.tar.gz.asc
+/AusweisApp-2.3.0.tar.gz.sha256
+/AusweisApp-2.3.1.tar.gz
+/AusweisApp-2.3.1.tar.gz.asc
+/AusweisApp-2.3.1.tar.gz.sha256
+/AusweisApp-2.3.2.tar.gz
+/AusweisApp-2.3.2.tar.gz.asc
+/AusweisApp-2.3.2.tar.gz.sha256
+/AusweisApp-2.4.0.tar.gz
+/AusweisApp-2.4.0.tar.gz.asc
+/AusweisApp-2.4.0.tar.gz.sha256

0001-Use-legacy-OpenSSL-API.patch

@@ -0,0 +1,471 @@
+From f5d48a49ea7055b7d4edf5f1398557b475419fb9 Mon Sep 17 00:00:00 2001
+From: rpm-build <rpm-build>
+Date: Thu, 30 Oct 2025 13:51:15 +0100
+Subject: [PATCH] Use legacy OpenSSL API
+
+---
+ src/card/base/asn1/EcdsaPublicKey.cpp        |  39 -----
+ src/card/base/asn1/EcdsaPublicKey.h          |   6 +-
+ src/card/base/pace/ec/EcUtil.cpp             | 145 -------------------
+ src/card/base/pace/ec/EcUtil.h               |  12 --
+ src/card/base/pace/ec/EcdhGenericMapping.cpp |   5 -
+ src/card/base/pace/ec/EcdhGenericMapping.h   |   4 -
+ src/card/simulator/SimulatorCard.cpp         |  37 -----
+ src/card/simulator/SimulatorCard.h           |   4 -
+ src/card/simulator/SimulatorFileSystem.cpp   |   9 --
+ src/card/simulator/SimulatorFileSystem.h     |   4 -
+ 10 files changed, 1 insertion(+), 264 deletions(-)
+
+diff --git a/src/card/base/asn1/EcdsaPublicKey.cpp b/src/card/base/asn1/EcdsaPublicKey.cpp
+index 7f54045..dc7e26b 100644
+--- a/src/card/base/asn1/EcdsaPublicKey.cpp
++++ b/src/card/base/asn1/EcdsaPublicKey.cpp
+@@ -182,7 +182,6 @@ QByteArray EcdsaPublicKey::getUncompressedPublicPoint() const
+ }
+ 
+ 
+-#if OPENSSL_VERSION_NUMBER < 0x30000000L
+ QSharedPointer<EC_GROUP> EcdsaPublicKey::createGroup(const CurveData& pData) const
+ {
+ 	QSharedPointer<EC_GROUP> group = EcUtil::create(EC_GROUP_new_curve_GFp(pData.p.data(), pData.a.data(), pData.b.data(), nullptr));
+@@ -209,8 +208,6 @@ QSharedPointer<EC_GROUP> EcdsaPublicKey::createGroup(const CurveData& pData) con
+ }
+ 
+ 
+-#endif
+-
+ QSharedPointer<EVP_PKEY> EcdsaPublicKey::createKey(const QByteArray& pPublicPoint) const
+ {
+ 	return createKey(reinterpret_cast<const uchar*>(pPublicPoint.constData()), static_cast<int>(pPublicPoint.size()));
+@@ -239,7 +236,6 @@ QSharedPointer<EVP_PKEY> EcdsaPublicKey::createKey(const uchar* pPublicPoint, in
+ 		return nullptr;
+ 	}
+ 
+-#if OPENSSL_VERSION_NUMBER < 0x30000000L
+ 	const auto& group = createGroup(curveData);
+ 	if (group.isNull())
+ 	{
+@@ -275,39 +271,4 @@ QSharedPointer<EVP_PKEY> EcdsaPublicKey::createKey(const uchar* pPublicPoint, in
+ 
+ 	return key;
+ 
+-#else
+-	const auto& params = EcUtil::create([&curveData, pPublicPoint, pPublicPointLength, this](OSSL_PARAM_BLD* pBuilder){
+-				return OSSL_PARAM_BLD_push_BN(pBuilder, "p", curveData.p.data())
+-					   && OSSL_PARAM_BLD_push_BN(pBuilder, "a", curveData.a.data())
+-					   && OSSL_PARAM_BLD_push_BN(pBuilder, "b", curveData.b.data())
+-					   && OSSL_PARAM_BLD_push_BN(pBuilder, "order", curveData.order.data())
+-					   && OSSL_PARAM_BLD_push_BN(pBuilder, "cofactor", curveData.cofactor.data())
+-					   && OSSL_PARAM_BLD_push_octet_string(pBuilder, "pub", pPublicPoint, static_cast<size_t>(pPublicPointLength))
+-					   && OSSL_PARAM_BLD_push_octet_string(pBuilder, "generator", mBasePoint->data, static_cast<size_t>(mBasePoint->length))
+-					   && OSSL_PARAM_BLD_push_utf8_string(pBuilder, "field-type", "prime-field", 12);
+-			});
+-
+-	if (params == nullptr)
+-	{
+-		qCCritical(card) << "Cannot set parameter";
+-		return nullptr;
+-	}
+-
+-	auto ctx = EcUtil::create(EVP_PKEY_CTX_new_from_name(nullptr, "EC", nullptr));
+-	if (!EVP_PKEY_fromdata_init(ctx.data()))
+-	{
+-		qCCritical(card) << "Cannot init pkey";
+-		return nullptr;
+-	}
+-
+-	EVP_PKEY* key = nullptr;
+-	if (!EVP_PKEY_fromdata(ctx.data(), &key, EVP_PKEY_PUBLIC_KEY, params.data()))
+-	{
+-		qCCritical(card) << "Cannot fetch data for pkey";
+-		return nullptr;
+-	}
+-
+-	return EcUtil::create(key);
+-
+-#endif
+ }
+diff --git a/src/card/base/asn1/EcdsaPublicKey.h b/src/card/base/asn1/EcdsaPublicKey.h
+index 860bc74..c85e48b 100644
+--- a/src/card/base/asn1/EcdsaPublicKey.h
++++ b/src/card/base/asn1/EcdsaPublicKey.h
+@@ -13,9 +13,7 @@
+ #include <openssl/asn1t.h>
+ #include <openssl/evp.h>
+ 
+-#if OPENSSL_VERSION_NUMBER < 0x30000000L
+-	#include <openssl/ec.h>
+-#endif
++#include <openssl/ec.h>
+ 
+ 
+ namespace governikus
+@@ -105,9 +103,7 @@ using EcdsaPublicKey = struct ecdsapublickey_st
+ 
+ 		[[nodiscard]] CurveData createCurveData() const;
+ 		[[nodiscard]] QSharedPointer<EVP_PKEY> createKey(const uchar* pPublicPoint, int pPublicPointLength) const;
+-#if OPENSSL_VERSION_NUMBER < 0x30000000L
+ 		[[nodiscard]] QSharedPointer<EC_GROUP> createGroup(const CurveData& pData) const;
+-#endif
+ 
+ 	public:
+ 		static int decodeCallback(int pOperation, ASN1_VALUE** pVal, const ASN1_ITEM* pIt, void* pExarg);
+diff --git a/src/card/base/pace/ec/EcUtil.cpp b/src/card/base/pace/ec/EcUtil.cpp
+index 069ad81..546438f 100644
+--- a/src/card/base/pace/ec/EcUtil.cpp
++++ b/src/card/base/pace/ec/EcUtil.cpp
+@@ -103,148 +103,6 @@ QSharedPointer<EC_POINT> EcUtil::oct2point(const QSharedPointer<const EC_GROUP>&
+ }
+ 
+ 
+-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+-QByteArray EcUtil::getEncodedPublicKey(const QSharedPointer<EVP_PKEY>& pKey, bool pCompressed)
+-{
+-	if (pKey.isNull())
+-	{
+-		qCCritical(card) << "Cannot use undefined key";
+-		return nullptr;
+-	}
+-
+-	uchar* key = nullptr;
+-	const size_t length = EVP_PKEY_get1_encoded_public_key(pKey.data(), &key);
+-	const auto guard = qScopeGuard([key] {
+-				OPENSSL_free(key);
+-			});
+-
+-	if (length == 0)
+-	{
+-		return QByteArray();
+-	}
+-
+-	const QByteArray uncompressed(reinterpret_cast<char*>(key), static_cast<int>(length));
+-	return pCompressed ? EcUtil::compressPoint(uncompressed) : uncompressed;
+-}
+-
+-
+-QSharedPointer<BIGNUM> EcUtil::getPrivateKey(const QSharedPointer<const EVP_PKEY>& pKey)
+-{
+-	BIGNUM* privKey = nullptr;
+-	EVP_PKEY_get_bn_param(pKey.data(), "priv", &privKey);
+-	return EcUtil::create(privKey);
+-}
+-
+-
+-QSharedPointer<OSSL_PARAM> EcUtil::create(const std::function<bool(OSSL_PARAM_BLD* pBuilder)>& pFunc)
+-{
+-	OSSL_PARAM_BLD* bld = OSSL_PARAM_BLD_new();
+-	const auto guard = qScopeGuard([bld] {
+-				OSSL_PARAM_BLD_free(bld);
+-			});
+-
+-	if (bld == nullptr)
+-	{
+-		qCCritical(card) << "Cannot create parameter builder";
+-		return nullptr;
+-	}
+-
+-	if (!pFunc(bld))
+-	{
+-		qCCritical(card) << "Cannot initialize parameter builder";
+-		return nullptr;
+-	}
+-
+-	if (OSSL_PARAM* params = OSSL_PARAM_BLD_to_param(bld); params != nullptr)
+-	{
+-		static auto deleter = [](OSSL_PARAM* pParam)
+-				{
+-					OSSL_PARAM_free(pParam);
+-				};
+-
+-		return QSharedPointer<OSSL_PARAM>(params, deleter);
+-	}
+-
+-	qCCritical(card) << "Cannot create parameter";
+-	return nullptr;
+-}
+-
+-
+-QSharedPointer<EVP_PKEY> EcUtil::generateKey(const QSharedPointer<const EC_GROUP>& pCurve)
+-{
+-	if (pCurve.isNull())
+-	{
+-		qCCritical(card) << "Curve is undefined";
+-		return nullptr;
+-	}
+-
+-	auto generator = EcUtil::point2oct(pCurve, EC_GROUP_get0_generator(pCurve.data()));
+-
+-	auto order = EcUtil::create(BN_new());
+-	if (!EC_GROUP_get_order(pCurve.data(), order.data(), nullptr))
+-	{
+-		qCCritical(card) << "Cannot fetch order";
+-		return nullptr;
+-	}
+-
+-	auto cofactor = EcUtil::create(BN_new());
+-	if (!EC_GROUP_get_cofactor(pCurve.data(), cofactor.data(), nullptr))
+-	{
+-		qCCritical(card) << "Cannot fetch cofactor";
+-		return nullptr;
+-	}
+-
+-	auto p = EcUtil::create(BN_new());
+-	auto a = EcUtil::create(BN_new());
+-	auto b = EcUtil::create(BN_new());
+-	if (!EC_GROUP_get_curve(pCurve.data(), p.data(), a.data(), b.data(), nullptr))
+-	{
+-		qCCritical(card) << "Cannot fetch a, b or p";
+-		return nullptr;
+-	}
+-
+-	const auto& params = EcUtil::create([&p, &a, &b, &order, &cofactor, &generator](OSSL_PARAM_BLD* pBuilder){
+-				return OSSL_PARAM_BLD_push_BN(pBuilder, "p", p.data())
+-					   && OSSL_PARAM_BLD_push_BN(pBuilder, "a", a.data())
+-					   && OSSL_PARAM_BLD_push_BN(pBuilder, "b", b.data())
+-					   && OSSL_PARAM_BLD_push_BN(pBuilder, "order", order.data())
+-					   && OSSL_PARAM_BLD_push_BN(pBuilder, "cofactor", cofactor.data())
+-					   && OSSL_PARAM_BLD_push_octet_string(pBuilder, "generator", generator.data(), static_cast<size_t>(generator.size()))
+-					   && OSSL_PARAM_BLD_push_utf8_string(pBuilder, "field-type", "prime-field", 12);
+-			});
+-
+-	if (params == nullptr)
+-	{
+-		qCCritical(card) << "Cannot set parameter";
+-		return nullptr;
+-	}
+-
+-	auto ctx = EcUtil::create(EVP_PKEY_CTX_new_from_name(nullptr, "EC", nullptr));
+-	if (!ctx)
+-	{
+-		qCCritical(card) << "Cannot create EVP_PKEY_CTX";
+-		return nullptr;
+-	}
+-	EVP_PKEY_keygen_init(ctx.data());
+-
+-	if (!EVP_PKEY_CTX_set_params(ctx.data(), params.data()))
+-	{
+-		qCCritical(card) << "Cannot set params to EVP_PKEY_CTX";
+-		return nullptr;
+-	}
+-
+-	EVP_PKEY* key = nullptr;
+-	if (!EVP_PKEY_generate(ctx.data(), &key))
+-	{
+-		qCCritical(card) << "Cannot create EVP_PKEY";
+-		return nullptr;
+-	}
+-
+-	return EcUtil::create(key);
+-}
+-
+-
+-#else
+ QByteArray EcUtil::getEncodedPublicKey(const QSharedPointer<EC_KEY>& pKey, bool pCompressed)
+ {
+ 	if (pKey.isNull())
+@@ -293,6 +151,3 @@ QSharedPointer<EC_KEY> EcUtil::generateKey(const QSharedPointer<const EC_GROUP>&
+ 
+ 	return key;
+ }
+-
+-
+-#endif
+diff --git a/src/card/base/pace/ec/EcUtil.h b/src/card/base/pace/ec/EcUtil.h
+index 63eb16c..914c268 100644
+--- a/src/card/base/pace/ec/EcUtil.h
++++ b/src/card/base/pace/ec/EcUtil.h
+@@ -26,24 +26,15 @@ class EcUtil
+ 		static QSharedPointer<EC_POINT> oct2point(const QSharedPointer<const EC_GROUP>& pCurve, const QByteArray& pCompressedData);
+ 
+ 		static QSharedPointer<EC_GROUP> create(EC_GROUP* pEcGroup);
+-#if OPENSSL_VERSION_NUMBER < 0x30000000L
+ 		static QSharedPointer<EC_KEY> create(EC_KEY* pEcKey);
+-#endif
+ 		static QSharedPointer<EC_POINT> create(EC_POINT* pEcPoint);
+ 		static QSharedPointer<BIGNUM> create(BIGNUM* pBigNum);
+ 		static QSharedPointer<EVP_PKEY> create(EVP_PKEY* pEcGroup);
+ 		static QSharedPointer<EVP_PKEY_CTX> create(EVP_PKEY_CTX* pEcGroup);
+ 
+-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+-		static QByteArray getEncodedPublicKey(const QSharedPointer<EVP_PKEY>& pKey, bool pCompressed = false);
+-		static QSharedPointer<BIGNUM> getPrivateKey(const QSharedPointer<const EVP_PKEY>& pKey);
+-		static QSharedPointer<OSSL_PARAM> create(const std::function<bool(OSSL_PARAM_BLD* pBuilder)>& pFunc);
+-		static QSharedPointer<EVP_PKEY> generateKey(const QSharedPointer<const EC_GROUP>& pCurve);
+-#else
+ 		static QByteArray getEncodedPublicKey(const QSharedPointer<EC_KEY>& pKey, bool pCompressed = false);
+ 		static QSharedPointer<BIGNUM> getPrivateKey(const QSharedPointer<const EC_KEY>& pKey);
+ 		static QSharedPointer<EC_KEY> generateKey(const QSharedPointer<const EC_GROUP>& pCurve);
+-#endif
+ 
+ 		static QSharedPointer<EC_GROUP> createCurve(int pNid);
+ };
+@@ -60,7 +51,6 @@ inline QSharedPointer<EC_GROUP> EcUtil::create(EC_GROUP* pEcGroup)
+ }
+ 
+ 
+-#if OPENSSL_VERSION_NUMBER < 0x30000000L
+ inline QSharedPointer<EC_KEY> EcUtil::create(EC_KEY* pEcKey)
+ {
+ 	static auto deleter = [](EC_KEY* ecKey)
+@@ -72,8 +62,6 @@ inline QSharedPointer<EC_KEY> EcUtil::create(EC_KEY* pEcKey)
+ }
+ 
+ 
+-#endif
+-
+ inline QSharedPointer<EC_POINT> EcUtil::create(EC_POINT* pEcPoint)
+ {
+ 	static auto deleter = [](EC_POINT* ecPoint)
+diff --git a/src/card/base/pace/ec/EcdhGenericMapping.cpp b/src/card/base/pace/ec/EcdhGenericMapping.cpp
+index 04cee51..571c7a0 100644
+--- a/src/card/base/pace/ec/EcdhGenericMapping.cpp
++++ b/src/card/base/pace/ec/EcdhGenericMapping.cpp
+@@ -49,12 +49,7 @@ bool EcdhGenericMapping::generateEphemeralDomainParameters(const QByteArray& pRe
+ 		return false;
+ 	}
+ 
+-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+-	const QSharedPointer<const EC_POINT> localPubKeyPtr = EcUtil::oct2point(mCurve, EcUtil::getEncodedPublicKey(mLocalKey));
+-	const EC_POINT* localPubKey = localPubKeyPtr.data();
+-#else
+ 	const EC_POINT* localPubKey = EC_KEY_get0_public_key(mLocalKey.data());
+-#endif
+ 	if (!EC_POINT_cmp(mCurve.data(), localPubKey, remotePubKey.data(), nullptr))
+ 	{
+ 		qCCritical(card) << "The exchanged public keys are equal.";
+diff --git a/src/card/base/pace/ec/EcdhGenericMapping.h b/src/card/base/pace/ec/EcdhGenericMapping.h
+index e9c9768..188befb 100644
+--- a/src/card/base/pace/ec/EcdhGenericMapping.h
++++ b/src/card/base/pace/ec/EcdhGenericMapping.h
+@@ -22,11 +22,7 @@ class EcdhGenericMapping
+ 
+ 	private:
+ 		const QSharedPointer<EC_GROUP> mCurve;
+-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+-		QSharedPointer<EVP_PKEY> mLocalKey;
+-#else
+ 		QSharedPointer<EC_KEY> mLocalKey;
+-#endif
+ 
+ 		QSharedPointer<EC_POINT> createNewGenerator(const QSharedPointer<const EC_POINT>& pRemotePubKey, const QSharedPointer<const BIGNUM>& pS);
+ 
+diff --git a/src/card/simulator/SimulatorCard.cpp b/src/card/simulator/SimulatorCard.cpp
+index 3c4e218..a39fb54 100644
+--- a/src/card/simulator/SimulatorCard.cpp
++++ b/src/card/simulator/SimulatorCard.cpp
+@@ -661,42 +661,6 @@ QByteArray SimulatorCard::ecMultiplication(const QByteArray& pPoint) const
+ 		return QByteArray();
+ 	}
+ 
+-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+-	const auto& terminalKey = EcUtil::create(EVP_PKEY_new());
+-	if (terminalKey.isNull() || EVP_PKEY_copy_parameters(terminalKey.data(), mCardKey.data()) == 0)
+-	{
+-		qCCritical(card_simulator) << "Initialization of the terminal key failed";
+-		return QByteArray();
+-	}
+-	if (!EVP_PKEY_set1_encoded_public_key(
+-			terminalKey.data(),
+-			reinterpret_cast<const unsigned char*>(pPoint.data()),
+-			static_cast<size_t>(pPoint.length())))
+-	{
+-		qCCritical(card_simulator) << "Interpreting the terminal key failed";
+-		return QByteArray();
+-	}
+-
+-	const auto& ctx = EcUtil::create(EVP_PKEY_CTX_new_from_pkey(nullptr, mCardKey.data(), nullptr));
+-	size_t resultLen = 0;
+-	if (EVP_PKEY_derive_init(ctx.data()) <= 0
+-			|| EVP_PKEY_derive_set_peer(ctx.data(), terminalKey.data()) <= 0
+-			|| EVP_PKEY_derive(ctx.data(), nullptr, &resultLen) <= 0)
+-	{
+-		qCCritical(card_simulator) << "Initialization or calculation of the result failed";
+-		return QByteArray();
+-	}
+-
+-	QByteArray result(static_cast<qsizetype>(resultLen), '\0');
+-	if (EVP_PKEY_derive(ctx.data(), reinterpret_cast<uchar*>(result.data()), &resultLen) <= 0)
+-	{
+-		qCCritical(card_simulator) << "Calculation of the result failed";
+-		return QByteArray();
+-	}
+-
+-	return result;
+-
+-#else
+ 	const auto& curve = EcUtil::create(EC_GROUP_dup(EC_KEY_get0_group(mCardKey.data())));
+ 	auto point = EcUtil::oct2point(curve, pPoint);
+ 	if (!point)
+@@ -715,7 +679,6 @@ QByteArray SimulatorCard::ecMultiplication(const QByteArray& pPoint) const
+ 
+ 	return EcUtil::point2oct(curve, result.data(), true);
+ 
+-#endif
+ }
+ 
+ 
+diff --git a/src/card/simulator/SimulatorCard.h b/src/card/simulator/SimulatorCard.h
+index fc9db00..7a881cb 100644
+--- a/src/card/simulator/SimulatorCard.h
++++ b/src/card/simulator/SimulatorCard.h
+@@ -39,11 +39,7 @@ class SimulatorCard
+ 		int mPaceKeyId;
+ 		QByteArray mPaceNonce;
+ 		QByteArray mPaceTerminalKey;
+-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+-		QSharedPointer<EVP_PKEY> mCardKey;
+-#else
+ 		QSharedPointer<EC_KEY> mCardKey;
+-#endif
+ 		QSharedPointer<const CVCertificate> mTaCertificate;
+ 		QByteArray mTaSigningData;
+ 		QByteArray mTaAuxData;
+diff --git a/src/card/simulator/SimulatorFileSystem.cpp b/src/card/simulator/SimulatorFileSystem.cpp
+index 5c01caa..4cbe60c 100644
+--- a/src/card/simulator/SimulatorFileSystem.cpp
++++ b/src/card/simulator/SimulatorFileSystem.cpp
+@@ -347,11 +347,7 @@ QByteArray SimulatorFileSystem::getPassword(PacePasswordId pPasswordId) const
+ }
+ 
+ 
+-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+-QSharedPointer<EVP_PKEY> SimulatorFileSystem::getKey(int pKeyId) const
+-#else
+ QSharedPointer<EC_KEY> SimulatorFileSystem::getKey(int pKeyId) const
+-#endif
+ {
+ 	if (!mKeys.contains(pKeyId))
+ 	{
+@@ -367,13 +363,8 @@ QSharedPointer<EC_KEY> SimulatorFileSystem::getKey(int pKeyId) const
+ 		return nullptr;
+ 	}
+ 
+-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+-	return privateKey;
+-
+-#else
+ 	return EcUtil::create(EVP_PKEY_get1_EC_KEY(privateKey.data()));
+ 
+-#endif
+ }
+ 
+ 
+diff --git a/src/card/simulator/SimulatorFileSystem.h b/src/card/simulator/SimulatorFileSystem.h
+index 7d8458f..57065db 100644
+--- a/src/card/simulator/SimulatorFileSystem.h
++++ b/src/card/simulator/SimulatorFileSystem.h
+@@ -43,11 +43,7 @@ class SimulatorFileSystem
+ 
+ 		[[nodiscard]] QByteArray getEfCardAccess() const;
+ 		[[nodiscard]] QByteArray getPassword(PacePasswordId pPasswordId) const;
+-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+-		[[nodiscard]] QSharedPointer<EVP_PKEY> getKey(int pKeyId) const;
+-#else
+ 		[[nodiscard]] QSharedPointer<EC_KEY> getKey(int pKeyId) const;
+-#endif
+ 		[[nodiscard]] QSharedPointer<const CVCertificate> getTrustPoint() const;
+ 		void setTrustPoint(const QSharedPointer<const CVCertificate>& pTrustPoint);
+ 
+-- 
+2.51.0
+

AusweisApp2-1.24.1-use_Qt_TranslationsPath.patch

@@ -1,8 +1,17 @@
-Index: AusweisApp2-1.24.1/src/global/FileDestination.h
-===================================================================
---- AusweisApp2-1.24.1.orig/src/global/FileDestination.h
-+++ AusweisApp2-1.24.1/src/global/FileDestination.h
-@@ -9,8 +9,10 @@
+From 056e560ed6432e99a297d1c1d2c89c89621bd825 Mon Sep 17 00:00:00 2001
+From: rpm-build <rpm-build>
+Date: Thu, 6 Mar 2025 01:00:00 +0100
+Subject: [PATCH] AusweisApp2-1.24.1-use_Qt_TranslationsPath.patch
+
+---
+ src/global/FileDestination.h | 9 +++++++++
+ 1 file changed, 9 insertions(+)
+
+diff --git a/src/global/FileDestination.h b/src/global/FileDestination.h
+index 2fd5826..781e9b9 100644
+--- a/src/global/FileDestination.h
++++ b/src/global/FileDestination.h
+@@ -7,8 +7,10 @@
  #include <QCoreApplication>
  #include <QDebug>
  #include <QFile>
@@ -11,9 +20,9 @@ Index: AusweisApp2-1.24.1/src/global/FileDestination.h
  #include <QStringBuilder>
 +#include <QtGlobal>
  
+ 
  namespace governikus
- {
-@@ -52,6 +54,13 @@ class FileDestination
+@@ -51,6 +53,13 @@ class FileDestination
  			QStandardPaths::StandardLocation pStandard = QStandardPaths::AppDataLocation)
  		{
  #if (defined(Q_OS_LINUX) && !defined(Q_OS_ANDROID)) || (defined(Q_OS_BSD4) && !defined(Q_OS_MACOS) && !defined(Q_OS_IOS))
@@ -27,3 +36,6 @@ Index: AusweisApp2-1.24.1/src/global/FileDestination.h
  			if (const auto& match = QStandardPaths::locate(pStandard, pFilename, pOption); !match.isNull())
  			{
  				return match;
+-- 
+2.48.1
+

AusweisApp2-2.0.1-use-legacy-openssl-api.patch

@@ -1,362 +0,0 @@
-diff -up AusweisApp-2.0.1/src/card/base/asn1/EcdsaPublicKey.cpp.legacyapi AusweisApp-2.0.1/src/card/base/asn1/EcdsaPublicKey.cpp
---- AusweisApp-2.0.1/src/card/base/asn1/EcdsaPublicKey.cpp.legacyapi	2023-11-08 16:55:33.000000000 +0100
-+++ AusweisApp-2.0.1/src/card/base/asn1/EcdsaPublicKey.cpp	2024-01-05 22:06:07.585023942 +0100
-@@ -182,7 +182,6 @@ QByteArray EcdsaPublicKey::getUncompress
- }
- 
- 
--#if OPENSSL_VERSION_NUMBER < 0x30000000L
- QSharedPointer<EC_GROUP> EcdsaPublicKey::createGroup(const CurveData& pData) const
- {
- 	QSharedPointer<EC_GROUP> group = EcUtil::create(EC_GROUP_new_curve_GFp(pData.p.data(), pData.a.data(), pData.b.data(), nullptr));
-@@ -209,8 +208,6 @@ QSharedPointer<EC_GROUP> EcdsaPublicKey:
- }
- 
- 
--#endif
--
- QSharedPointer<EVP_PKEY> EcdsaPublicKey::createKey(const QByteArray& pPublicPoint) const
- {
- 	return createKey(reinterpret_cast<const uchar*>(pPublicPoint.constData()), static_cast<int>(pPublicPoint.size()));
-@@ -239,7 +236,6 @@ QSharedPointer<EVP_PKEY> EcdsaPublicKey:
- 		return nullptr;
- 	}
- 
--#if OPENSSL_VERSION_NUMBER < 0x30000000L
- 	const auto& group = createGroup(curveData);
- 	if (group.isNull())
- 	{
-@@ -275,39 +271,4 @@ QSharedPointer<EVP_PKEY> EcdsaPublicKey:
- 
- 	return key;
- 
--#else
--	const auto& params = EcUtil::create([&curveData, pPublicPoint, pPublicPointLength, this](OSSL_PARAM_BLD* pBuilder){
--			return OSSL_PARAM_BLD_push_BN(pBuilder, "p", curveData.p.data())
--				   && OSSL_PARAM_BLD_push_BN(pBuilder, "a", curveData.a.data())
--				   && OSSL_PARAM_BLD_push_BN(pBuilder, "b", curveData.b.data())
--				   && OSSL_PARAM_BLD_push_BN(pBuilder, "order", curveData.order.data())
--				   && OSSL_PARAM_BLD_push_BN(pBuilder, "cofactor", curveData.cofactor.data())
--				   && OSSL_PARAM_BLD_push_octet_string(pBuilder, "pub", pPublicPoint, static_cast<size_t>(pPublicPointLength))
--				   && OSSL_PARAM_BLD_push_octet_string(pBuilder, "generator", mBasePoint->data, static_cast<size_t>(mBasePoint->length))
--				   && OSSL_PARAM_BLD_push_utf8_string(pBuilder, "field-type", "prime-field", 12);
--		});
--
--	if (params == nullptr)
--	{
--		qCCritical(card) << "Cannot set parameter";
--		return nullptr;
--	}
--
--	auto ctx = EcUtil::create(EVP_PKEY_CTX_new_from_name(nullptr, "EC", nullptr));
--	if (!EVP_PKEY_fromdata_init(ctx.data()))
--	{
--		qCCritical(card) << "Cannot init pkey";
--		return nullptr;
--	}
--
--	EVP_PKEY* key = nullptr;
--	if (!EVP_PKEY_fromdata(ctx.data(), &key, EVP_PKEY_PUBLIC_KEY, params.data()))
--	{
--		qCCritical(card) << "Cannot fetch data for pkey";
--		return nullptr;
--	}
--
--	return EcUtil::create(key);
--
--#endif
- }
-diff -up AusweisApp-2.0.1/src/card/base/asn1/EcdsaPublicKey.h.legacyapi AusweisApp-2.0.1/src/card/base/asn1/EcdsaPublicKey.h
---- AusweisApp-2.0.1/src/card/base/asn1/EcdsaPublicKey.h.legacyapi	2023-11-08 16:55:33.000000000 +0100
-+++ AusweisApp-2.0.1/src/card/base/asn1/EcdsaPublicKey.h	2024-01-05 21:26:24.850152676 +0100
-@@ -13,9 +13,7 @@
- #include <openssl/asn1t.h>
- #include <openssl/evp.h>
- 
--#if OPENSSL_VERSION_NUMBER < 0x30000000L
--	#include <openssl/ec.h>
--#endif
-+#include <openssl/ec.h>
- 
- 
- namespace governikus
-@@ -105,9 +103,7 @@ using EcdsaPublicKey = struct ecdsapubli
- 
- 		[[nodiscard]] CurveData createCurveData() const;
- 		[[nodiscard]] QSharedPointer<EVP_PKEY> createKey(const uchar* pPublicPoint, int pPublicPointLength) const;
--#if OPENSSL_VERSION_NUMBER < 0x30000000L
- 		[[nodiscard]] QSharedPointer<EC_GROUP> createGroup(const CurveData& pData) const;
--#endif
- 
- 	public:
- 		static int decodeCallback(int pOperation, ASN1_VALUE** pVal, const ASN1_ITEM* pIt, void* pExarg);
-diff -up AusweisApp-2.0.1/src/card/base/pace/ec/EcdhGenericMapping.cpp.legacyapi AusweisApp-2.0.1/src/card/base/pace/ec/EcdhGenericMapping.cpp
---- AusweisApp-2.0.1/src/card/base/pace/ec/EcdhGenericMapping.cpp.legacyapi	2023-11-08 16:55:33.000000000 +0100
-+++ AusweisApp-2.0.1/src/card/base/pace/ec/EcdhGenericMapping.cpp	2024-01-05 21:51:28.494919678 +0100
-@@ -37,13 +37,8 @@ QByteArray EcdhGenericMapping::generateT
- 
- 	mTerminalKey = EcUtil::generateKey(mCurve);
- 
--#if OPENSSL_VERSION_NUMBER >= 0x30000000L
--	return EcUtil::getEncodedPublicKey(mTerminalKey);
--
--#else
- 	return EcUtil::point2oct(mCurve, EC_KEY_get0_public_key(mTerminalKey.data()));
- 
--#endif
- }
- 
- 
-@@ -56,12 +51,7 @@ bool EcdhGenericMapping::generateEphemer
- 		return false;
- 	}
- 
--#if OPENSSL_VERSION_NUMBER >= 0x30000000L
--	const QSharedPointer<const EC_POINT> terminalPubKeyPtr = EcUtil::oct2point(mCurve, EcUtil::getEncodedPublicKey(mTerminalKey));
--	const EC_POINT* terminalPubKey = terminalPubKeyPtr.data();
--#else
- 	const EC_POINT* terminalPubKey = EC_KEY_get0_public_key(mTerminalKey.data());
--#endif
- 	if (!EC_POINT_cmp(mCurve.data(), terminalPubKey, cardPubKey.data(), nullptr))
- 	{
- 		qCCritical(card) << "The exchanged public keys are equal.";
-@@ -81,12 +71,7 @@ bool EcdhGenericMapping::generateEphemer
- 
- QSharedPointer<EC_POINT> EcdhGenericMapping::createNewGenerator(const QSharedPointer<const EC_POINT>& pCardPubKey, const QSharedPointer<const BIGNUM>& pS)
- {
--#if OPENSSL_VERSION_NUMBER >= 0x30000000L
--	const auto& privKeyPtr = EcUtil::getPrivateKey(mTerminalKey);
--	const BIGNUM* privKey = privKeyPtr.data();
--#else
- 	const BIGNUM* privKey = EC_KEY_get0_private_key(mTerminalKey.data());
--#endif
- 
- 	if (!privKey)
- 	{
-diff -up AusweisApp-2.0.1/src/card/base/pace/ec/EcdhGenericMapping.h.legacyapi AusweisApp-2.0.1/src/card/base/pace/ec/EcdhGenericMapping.h
---- AusweisApp-2.0.1/src/card/base/pace/ec/EcdhGenericMapping.h.legacyapi	2023-11-08 16:55:33.000000000 +0100
-+++ AusweisApp-2.0.1/src/card/base/pace/ec/EcdhGenericMapping.h	2024-01-05 21:52:19.801808499 +0100
-@@ -22,11 +22,7 @@ class EcdhGenericMapping
- 
- 	private:
- 		const QSharedPointer<EC_GROUP> mCurve;
--#if OPENSSL_VERSION_NUMBER >= 0x30000000L
--		QSharedPointer<EVP_PKEY> mTerminalKey;
--#else
- 		QSharedPointer<EC_KEY> mTerminalKey;
--#endif
- 
- 		QSharedPointer<EC_POINT> createNewGenerator(const QSharedPointer<const EC_POINT>& pCardPubKey, const QSharedPointer<const BIGNUM>& pS);
- 
-diff -up AusweisApp-2.0.1/src/card/base/pace/ec/EcdhKeyAgreement.cpp.legacyapi AusweisApp-2.0.1/src/card/base/pace/ec/EcdhKeyAgreement.cpp
---- AusweisApp-2.0.1/src/card/base/pace/ec/EcdhKeyAgreement.cpp.legacyapi	2023-11-08 16:55:33.000000000 +0100
-+++ AusweisApp-2.0.1/src/card/base/pace/ec/EcdhKeyAgreement.cpp	2024-01-05 21:37:17.920243239 +0100
-@@ -105,15 +105,8 @@ KeyAgreement::CardResult EcdhKeyAgreemen
- 		return {CardReturnCode::PROTOCOL_ERROR};
- 	}
- 
--#if OPENSSL_VERSION_NUMBER >= 0x30000000L
--	const QByteArray terminalEphemeralPublicKeyBytes = EcUtil::getEncodedPublicKey(terminalEphemeralKey);
--
--	const auto& privKeyPtr = EcUtil::getPrivateKey(terminalEphemeralKey);
--	const BIGNUM* terminalEphemeralPrivateKey = privKeyPtr.data();
--#else
- 	const QByteArray terminalEphemeralPublicKeyBytes = EcUtil::point2oct(curve, EC_KEY_get0_public_key(terminalEphemeralKey.data()));
- 	const BIGNUM* const terminalEphemeralPrivateKey = EC_KEY_get0_private_key(terminalEphemeralKey.data());
--#endif
- 
- 	// Make a copy of the terminal public key for later mutual authentication.
- 	mTerminalPublicKey = EcUtil::oct2point(curve, terminalEphemeralPublicKeyBytes);
-diff -up AusweisApp-2.0.1/src/card/base/pace/ec/EcUtil.cpp.legacyapi AusweisApp-2.0.1/src/card/base/pace/ec/EcUtil.cpp
---- AusweisApp-2.0.1/src/card/base/pace/ec/EcUtil.cpp.legacyapi	2023-11-08 16:55:33.000000000 +0100
-+++ AusweisApp-2.0.1/src/card/base/pace/ec/EcUtil.cpp	2024-01-05 20:33:28.156797843 +0100
-@@ -88,137 +88,6 @@ QSharedPointer<EC_POINT> EcUtil::oct2poi
- }
- 
- 
--#if OPENSSL_VERSION_NUMBER >= 0x30000000L
--QByteArray EcUtil::getEncodedPublicKey(const QSharedPointer<EVP_PKEY>& pKey)
--{
--	if (pKey.isNull())
--	{
--		qCCritical(card) << "Cannot use undefined key";
--		return nullptr;
--	}
--
--	uchar* key = nullptr;
--	const size_t length = EVP_PKEY_get1_encoded_public_key(pKey.data(), &key);
--	const auto guard = qScopeGuard([key] {
--			OPENSSL_free(key);
--		});
--
--	return length > 0 ? QByteArray(reinterpret_cast<char*>(key), static_cast<int>(length)) : QByteArray();
--}
--
--
--QSharedPointer<BIGNUM> EcUtil::getPrivateKey(const QSharedPointer<const EVP_PKEY>& pKey)
--{
--	BIGNUM* privKey = nullptr;
--	EVP_PKEY_get_bn_param(pKey.data(), "priv", &privKey);
--	return EcUtil::create(privKey);
--}
--
--
--QSharedPointer<OSSL_PARAM> EcUtil::create(const std::function<bool(OSSL_PARAM_BLD* pBuilder)>& pFunc)
--{
--	OSSL_PARAM_BLD* bld = OSSL_PARAM_BLD_new();
--	const auto guard = qScopeGuard([bld] {
--			OSSL_PARAM_BLD_free(bld);
--		});
--
--	if (bld == nullptr)
--	{
--		qCCritical(card) << "Cannot create parameter builder";
--		return nullptr;
--	}
--
--	if (OSSL_PARAM* params = nullptr;
--			pFunc(bld) && (params = OSSL_PARAM_BLD_to_param(bld)) != nullptr)
--	{
--		static auto deleter = [](OSSL_PARAM* pParam)
--				{
--					OSSL_PARAM_free(pParam);
--				};
--
--		return QSharedPointer<OSSL_PARAM>(params, deleter);
--	}
--
--	qCCritical(card) << "Cannot create parameter";
--	return nullptr;
--}
--
--
--QSharedPointer<EVP_PKEY> EcUtil::generateKey(const QSharedPointer<const EC_GROUP>& pCurve)
--{
--	if (pCurve.isNull())
--	{
--		qCCritical(card) << "Curve is undefined";
--		return nullptr;
--	}
--
--	auto generator = EcUtil::point2oct(pCurve, EC_GROUP_get0_generator(pCurve.data()));
--
--	auto order = EcUtil::create(BN_new());
--	if (!EC_GROUP_get_order(pCurve.data(), order.data(), nullptr))
--	{
--		qCCritical(card) << "Cannot fetch order";
--		return nullptr;
--	}
--
--	auto cofactor = EcUtil::create(BN_new());
--	if (!EC_GROUP_get_cofactor(pCurve.data(), cofactor.data(), nullptr))
--	{
--		qCCritical(card) << "Cannot fetch cofactor";
--		return nullptr;
--	}
--
--	auto p = EcUtil::create(BN_new());
--	auto a = EcUtil::create(BN_new());
--	auto b = EcUtil::create(BN_new());
--	if (!EC_GROUP_get_curve(pCurve.data(), p.data(), a.data(), b.data(), nullptr))
--	{
--		qCCritical(card) << "Cannot fetch a, b or p";
--		return nullptr;
--	}
--
--	const auto& params = EcUtil::create([&p, &a, &b, &order, &cofactor, &generator](OSSL_PARAM_BLD* pBuilder){
--			return OSSL_PARAM_BLD_push_BN(pBuilder, "p", p.data())
--				   && OSSL_PARAM_BLD_push_BN(pBuilder, "a", a.data())
--				   && OSSL_PARAM_BLD_push_BN(pBuilder, "b", b.data())
--				   && OSSL_PARAM_BLD_push_BN(pBuilder, "order", order.data())
--				   && OSSL_PARAM_BLD_push_BN(pBuilder, "cofactor", cofactor.data())
--				   && OSSL_PARAM_BLD_push_octet_string(pBuilder, "generator", generator.data(), static_cast<size_t>(generator.size()))
--				   && OSSL_PARAM_BLD_push_utf8_string(pBuilder, "field-type", "prime-field", 12);
--		});
--
--	if (params == nullptr)
--	{
--		qCCritical(card) << "Cannot set parameter";
--		return nullptr;
--	}
--
--	auto ctx = EcUtil::create(EVP_PKEY_CTX_new_from_name(nullptr, "EC", nullptr));
--	if (!ctx)
--	{
--		qCCritical(card) << "Cannot create EVP_PKEY_CTX";
--		return nullptr;
--	}
--	EVP_PKEY_keygen_init(ctx.data());
--
--	if (!EVP_PKEY_CTX_set_params(ctx.data(), params.data()))
--	{
--		qCCritical(card) << "Cannot set params to EVP_PKEY_CTX";
--		return nullptr;
--	}
--
--	EVP_PKEY* key = nullptr;
--	if (!EVP_PKEY_generate(ctx.data(), &key))
--	{
--		qCCritical(card) << "Cannot create EVP_PKEY";
--		return nullptr;
--	}
--
--	return EcUtil::create(key);
--}
--
--
--#else
- QSharedPointer<EC_KEY> EcUtil::generateKey(const QSharedPointer<const EC_GROUP>& pCurve)
- {
- 	if (pCurve.isNull())
-@@ -242,6 +111,3 @@ QSharedPointer<EC_KEY> EcUtil::generateK
- 
- 	return key;
- }
--
--
--#endif
-diff -up AusweisApp-2.0.1/src/card/base/pace/ec/EcUtil.h.legacyapi AusweisApp-2.0.1/src/card/base/pace/ec/EcUtil.h
---- AusweisApp-2.0.1/src/card/base/pace/ec/EcUtil.h.legacyapi	2023-11-08 16:55:33.000000000 +0100
-+++ AusweisApp-2.0.1/src/card/base/pace/ec/EcUtil.h	2024-01-05 22:15:17.157430740 +0100
-@@ -30,9 +30,7 @@ class EcUtil
- 
- 		static QSharedPointer<EC_GROUP> create(EC_GROUP* pEcGroup);
- 
--#if OPENSSL_VERSION_NUMBER < 0x30000000L
- 		static QSharedPointer<EC_KEY> create(EC_KEY* pEcKey);
--#endif
- 
- 		static QSharedPointer<EC_POINT> create(EC_POINT* pEcPoint);
- 
-@@ -42,14 +40,7 @@ class EcUtil
- 
- 		static QSharedPointer<EVP_PKEY_CTX> create(EVP_PKEY_CTX* pEcGroup);
- 
--#if OPENSSL_VERSION_NUMBER >= 0x30000000L
--		static QByteArray getEncodedPublicKey(const QSharedPointer<EVP_PKEY>& pKey);
--		static QSharedPointer<BIGNUM> getPrivateKey(const QSharedPointer<const EVP_PKEY>& pKey);
--		static QSharedPointer<OSSL_PARAM> create(const std::function<bool(OSSL_PARAM_BLD* pBuilder)>& pFunc);
--		static QSharedPointer<EVP_PKEY> generateKey(const QSharedPointer<const EC_GROUP>& pCurve);
--#else
- 		static QSharedPointer<EC_KEY> generateKey(const QSharedPointer<const EC_GROUP>& pCurve);
--#endif
- 
- 		static QSharedPointer<EC_GROUP> createCurve(int pNid);
- };
-@@ -66,7 +57,6 @@ inline QSharedPointer<EC_GROUP> EcUtil::
- }
- 
- 
--#if OPENSSL_VERSION_NUMBER < 0x30000000L
- inline QSharedPointer<EC_KEY> EcUtil::create(EC_KEY* pEcKey)
- {
- 	static auto deleter = [](EC_KEY* ecKey)
-@@ -78,8 +68,6 @@ inline QSharedPointer<EC_KEY> EcUtil::cr
- }
- 
- 
--#endif
--
- inline QSharedPointer<EC_POINT> EcUtil::create(EC_POINT* pEcPoint)
- {
- 	static auto deleter = [](EC_POINT* ecPoint)

AusweisApp2.spec

@@ -24,10 +24,6 @@ fi                                               \
 %global build_fflags   %(echo '%{build_fflags}' | sed -e 's!-ffat-lto-objects!-fno-fat-lto-objects!g')
 %global build_fcflags  %(echo '%{build_fflags}' | sed -e 's!-ffat-lto-objects!-fno-fat-lto-objects!g')
 
-# Build and package Doxygen documentation?
-%bcond_without    doxy
-
-# Do we build with Qt6?
 %if 0%{?fedora} || 0%{?rhel} >= 9
 %global qt6_build 1
 %else
@@ -41,11 +37,11 @@ fi                                               \
 %global newname   AusweisApp
 
 Name:             AusweisApp2
-Version:          2.0.3
+Version:          2.4.0
 Release:          %autorelease
 Summary:          %{pkg_sum}
 
-License:          EUPL 1.2
+License:          EUPL-1.2
 URL:              https://www.ausweisapp.bund.de/en
 
 # Url to releases on github.
@@ -64,7 +60,10 @@ Source1000:       gen_openssl_cnf.py
 
 # Downstream.
 Patch01000:       %{name}-1.24.1-use_Qt_TranslationsPath.patch
-Patch01001:       %{name}-2.0.1-use-legacy-openssl-api.patch
+# Needed because Fedora's openssl does not support elliptic curves using custom parameters.
+# Request to enable them was denied: https://bugzilla.redhat.com/show_bug.cgi?id=2259403
+# It is currently not clear if the legacy API works by accident or by design. It does work as of March 2025.
+Patch01001:       0001-Use-legacy-OpenSSL-API.patch
 
 BuildRequires:    cmake
 BuildRequires:    crypto-policies
@@ -159,10 +158,6 @@ used by %{name}.
 Summary:          User and API documentation for %{name}
 BuildArch:        noarch
 
-%if %{with doxy}
-BuildRequires:    doxygen
-BuildRequires:    graphviz
-%endif
 BuildRequires:    hardlink
 BuildRequires:    python3-sphinx
 BuildRequires:    python3-sphinx_rtd_theme
@@ -170,11 +165,6 @@ BuildRequires:    python3-sphinx_rtd_theme
 # Do not raise conflicts about shared license files.
 Requires:         (%{name}               = %{version}-%{release} if %{name})
 
-# The doc-api package is faded, since we can ship the
-# Doxygen documentation noarch'ed as well now.
-Obsoletes:        %{name}-doc-api        < 1.20.1-2
-Provides:         %{name}-doc-api        = %{version}-%{release}
-
 %description doc
 This package contains the user and API documentation for %{name}.
 
@@ -229,16 +219,10 @@ EOF
 
 %if (0%{?fedora} || 0%{?rhel} > 8)
 # Documentation.
-%cmake_build --target installation_integration notes sdk
-%if %{with doxy}
-%cmake_build --target doxy
-%endif
+%cmake_build --target installation_integration_de installation_integration_en notes sdk
 %else
 # Documentation.
-%ninja_build -C %{_vpath_builddir} installation_integration notes sdk
-%if %{with doxy}
-%ninja_build -C %{_vpath_builddir} doxy
-%endif
+%ninja_build -C %{_vpath_builddir} installation_integration_de installation_integration_en notes sdk
 %endif
 
 
@@ -263,13 +247,10 @@ rm -fr %{buildroot}%{_datadir}/%{newname}/translations
 %endif
 
 # Excessive docs.
-mkdir -p %{buildroot}%{_pkgdocdir}/{installation_integration,notes,sdk}
+mkdir -p %{buildroot}%{_pkgdocdir}/{installation_integration_{de,en},notes,sdk}
 install -pm 0644 README.rst %{buildroot}%{_pkgdocdir}
-%if %{with doxy}
-mkdir -p %{buildroot}%{_pkgdocdir}/doxy
-cp -a %{_vpath_builddir}/doc/html/* %{buildroot}%{_pkgdocdir}/doxy
-%endif
-cp -a %{_vpath_builddir}/docs/installation_integration/html/* %{buildroot}%{_pkgdocdir}/installation_integration
+cp -a %{_vpath_builddir}/docs/installation_integration_de/html/* %{buildroot}%{_pkgdocdir}/installation_integration_de
+cp -a %{_vpath_builddir}/docs/installation_integration_en/html/* %{buildroot}%{_pkgdocdir}/installation_integration_en
 cp -a %{_vpath_builddir}/docs/notes/html/* %{buildroot}%{_pkgdocdir}/notes
 cp -a %{_vpath_builddir}/docs/sdk/html/* %{buildroot}%{_pkgdocdir}/sdk
 find %{buildroot}%{_pkgdocdir} -type d -print0 | xargs -0 chmod -c 0755

gen_openssl_cnf.py

@@ -76,10 +76,14 @@ class _Const(object):
     @constant
     def KEYSIZE_SECTIONS():
         return [
-                   'minStaticKeySizes',
-                   'minEphemeralKeySizes',
+                   'minKeySizes',
+                   'sizesIfd',
                ]
 
+    @constant
+    def KEYSIZE_MIN_SECTION():
+        return 'min'
+
     @constant
     def TLS_VERSIONS():
         return {
@@ -101,9 +105,15 @@ def get_min_ssl_sec_level(json_data):
                 if option in json_data[section]:
                     if min_keysize > json_data[section][option]:
                         min_keysize = json_data[section][option]
+                elif option in json_data[section][CONST.KEYSIZE_MIN_SECTION]:
+                    if min_keysize > json_data[section][CONST.KEYSIZE_MIN_SECTION][option]:
+                        min_keysize = json_data[section][CONST.KEYSIZE_MIN_SECTION][option]
             if CONST.KEYSIZE_EC_OPTION in json_data[section]:
                     if min_ecsize > json_data[section][CONST.KEYSIZE_EC_OPTION]:
                         min_ecsize = json_data[section][CONST.KEYSIZE_EC_OPTION]
+            elif CONST.KEYSIZE_EC_OPTION in json_data[section][CONST.KEYSIZE_MIN_SECTION]:
+                    if min_ecsize > json_data[section][CONST.KEYSIZE_MIN_SECTION][CONST.KEYSIZE_EC_OPTION]:
+                        min_ecsize = json_data[section][CONST.KEYSIZE_MIN_SECTION][CONST.KEYSIZE_EC_OPTION]
 
     if min_keysize >=  1000 and min_ecsize >= 160:
         sec_level = 1

sources

@@ -1,4 +1,4 @@
-SHA512 (AusweisApp-2.0.3.tar.gz) = 4843c1cc0e510a350ef99e5c3810a1ed526832894d269b3791ff55341ad781186396275168d7c82d1abaf06cfb825ae626dad0a9bde2baec4db4e72103252053
-SHA512 (AusweisApp-2.0.3.tar.gz.asc) = 6efb1afff620f557c8b17e698c273086ea9189fd8689ada6ea2aaa0f3c8a41f4871472e9f35a626e63668e787f056fb15964b0f860808a923413ead3ece76f4c
-SHA512 (AusweisApp-2.0.3.tar.gz.sha256) = 5b349772a7bc456ff3912d2f9d885840ddb104bd4d45e77cf4b4e0d63650de3865a0fb6ade88983142f21b28165c366c2ca313e37979082c2d9b12559c20f828
+SHA512 (AusweisApp-2.4.0.tar.gz) = 6e0d89b30176f7722bebab01322363ee38ff43573167061d4a97d840b669f3e579ad9fb62345b97b75490690fd5e03f25994eaa1a77334171fcdd28d39ec3e4a
+SHA512 (AusweisApp-2.4.0.tar.gz.asc) = ac8ffdb68d5847978bf639a8f32462053bddcace5d9c3d6cb16e788bb2dbe98ae3b7cafe089246fa786fa4b3e048b81b608cbe77e948a843b2dcd774796d2a56
+SHA512 (AusweisApp-2.4.0.tar.gz.sha256) = 257634437251fc22b3d85386a282ee4ce68d2f0db1112a912a54db9a6741ecb79b4180c490486d9ff8519246e62165b5953ed5739e9de0e180bb46decfeff16a
 SHA512 (AusweisApp2-pubring.gpg) = 3aae27b673f4eb2f7d3bda6c839b3d11829a730bde546e92abb889abb1c2453e786dc906154074485406692f5b9abbb3e1fb293e6b397696b6371016723621cd