rpms/AusweisApp2
3
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

merge into: rpms:rawhide
Branches Tags
rpms:rawhide
rpms:main
rpms:f41
rpms:f42
rpms:f43
rpms:f40
rpms:f39
rpms:f38
rpms:f37
rpms:f36
rpms:epel8
rpms:epel9
rpms:f35
rpms:epel8-playground
rpms:f34
rpms:f33
rpms:f31
rpms:f32
rpms:epel7
...
pull from: rpms:f39
Branches Tags
rpms:main
rpms:rawhide
rpms:f41
rpms:f42
rpms:f43
rpms:f40
rpms:f39
rpms:f38
rpms:f37
rpms:f36
rpms:epel8
rpms:epel9
rpms:f35
rpms:epel8-playground
rpms:f34
rpms:f33
rpms:f31
rpms:f32
rpms:epel7
Sign in to create a new pull request.

17 commits
rawhide ... f39

Author SHA1 Message Date
Julian Sikorski
ce309c5fe2 Update to 2.2.2 2024-10-25 23:54:25 +02:00
Julian Sikorski
4216267211 Update to 2.2.1 2024-09-11 22:43:35 +02:00
Julian Sikorski
19d0837df6 Fix QML error with Qt 6.6.3 2024-08-17 22:52:02 +02:00
Julian Sikorski
ac05dbd9a0 Update to 2.2.0 2024-07-04 22:53:22 +02:00
Miroslav Suchý
0083ee8d68 convert EUPL 1.2 license to SPDX 2024-07-04 22:53:12 +02:00
Julian Sikorski
6480292490 Update to 2.1.1 2024-04-11 20:30:51 +02:00
Julian Sikorski
02ab2b34f8 Really fix OpenSSL config generation 2024-03-02 19:51:30 +01:00
Julian Sikorski
2cfb0f540b Fix OpenSSL config generation 2024-03-02 19:35:19 +01:00
Julian Sikorski
cbc9967da9 Add background information for the legacy openssl API patch 2024-03-02 19:35:19 +01:00
Julian Sikorski
6e29c2d4d6 Update to 2.1.0 2024-03-01 09:46:28 +01:00
Jan Grulich
796488def8 Merge branch 'f40' into f39 2024-02-16 20:51:55 +01:00
Julian Sikorski
b9b459ee13 Update to 2.0.3 2024-01-20 12:46:19 +01:00
Julian Sikorski
7dbf3c5fee Update to 2.0.2 2024-01-12 20:17:32 +01:00
Julian Sikorski
9d582cc0c7 Force the use of legacy OpenSSL API to fix issues with explicit EC curves 2024-01-05 22:54:54 +01:00
Julian Sikorski
fa2d681abb Add dependencies needed to render the GUI properly 2024-01-02 13:33:09 +01:00
Julian Sikorski
5b871ceabd Convert to %autorelease and %autochangelog 
[skip changelog]
 2024-01-02 13:32:59 +01:00
Julian Sikorski
ecc43918fc Update to 2.0.1 
Fix up config.json.in section names
 2023-12-28 16:15:32 +01:00
5 changed files with 254 additions and 56 deletions
Download patch file Download diff file Expand all files Collapse all files

15
.gitignore vendored
View file

@ -8,3 +8,18 @@
/AusweisApp-2.0.3.tar.gz
/AusweisApp-2.0.3.tar.gz.asc
/AusweisApp-2.0.3.tar.gz.sha256
/AusweisApp-2.1.0.tar.gz
/AusweisApp-2.1.0.tar.gz.asc
/AusweisApp-2.1.0.tar.gz.sha256
/AusweisApp-2.1.1.tar.gz
/AusweisApp-2.1.1.tar.gz.asc
/AusweisApp-2.1.1.tar.gz.sha256
/AusweisApp-2.2.0.tar.gz
/AusweisApp-2.2.0.tar.gz.asc
/AusweisApp-2.2.0.tar.gz.sha256
/AusweisApp-2.2.1.tar.gz
/AusweisApp-2.2.1.tar.gz.asc
/AusweisApp-2.2.1.tar.gz.sha256
/AusweisApp-2.2.2.tar.gz
/AusweisApp-2.2.2.tar.gz.asc
/AusweisApp-2.2.2.tar.gz.sha256

268
AusweisApp2-2.0.1-use-legacy-openssl-api.patch
View file

@ -1,7 +1,27 @@
diff -up AusweisApp-2.0.1/src/card/base/asn1/EcdsaPublicKey.cpp.legacyapi AusweisApp-2.0.1/src/card/base/asn1/EcdsaPublicKey.cpp
--- AusweisApp-2.0.1/src/card/base/asn1/EcdsaPublicKey.cpp.legacyapi 2023-11-08 16:55:33.000000000 +0100
+++ AusweisApp-2.0.1/src/card/base/asn1/EcdsaPublicKey.cpp 2024-01-05 22:06:07.585023942 +0100
@@ -182,7 +182,6 @@ QByteArray EcdsaPublicKey::getUncompress
From 360d75e9ac2977a99b3e45e0e472a0abb02655cf Mon Sep 17 00:00:00 2001
From: rpm-build <rpm-build>
Date: Thu, 4 Jul 2024 20:10:17 +0200
Subject: [PATCH] AusweisApp2-2.0.1-use-legacy-openssl-api.patch
---
src/card/base/asn1/EcdsaPublicKey.cpp | 39 ------
src/card/base/asn1/EcdsaPublicKey.h | 6 +-
src/card/base/pace/ec/EcdhGenericMapping.cpp | 15 ---
src/card/base/pace/ec/EcdhGenericMapping.h | 4 -
src/card/base/pace/ec/EcdhKeyAgreement.cpp | 7 -
src/card/base/pace/ec/EcUtil.cpp | 134 -------------------
src/card/base/pace/ec/EcUtil.h | 12 --
src/card/simulator/SimulatorCard.cpp | 45 +------
src/card/simulator/SimulatorCard.h | 4 -
src/card/simulator/SimulatorFileSystem.cpp | 9 --
src/card/simulator/SimulatorFileSystem.h | 4 -
11 files changed, 2 insertions(+), 277 deletions(-)
diff --git a/src/card/base/asn1/EcdsaPublicKey.cpp b/src/card/base/asn1/EcdsaPublicKey.cpp
index ea07eda..0f19c11 100644
--- a/src/card/base/asn1/EcdsaPublicKey.cpp
+++ b/src/card/base/asn1/EcdsaPublicKey.cpp
@@ -182,7 +182,6 @@ QByteArray EcdsaPublicKey::getUncompressedPublicPoint() const
}
@ -9,7 +29,7 @@ diff -up AusweisApp-2.0.1/src/card/base/asn1/EcdsaPublicKey.cpp.legacyapi Auswei
QSharedPointer<EC_GROUP> EcdsaPublicKey::createGroup(const CurveData& pData) const
{
QSharedPointer<EC_GROUP> group = EcUtil::create(EC_GROUP_new_curve_GFp(pData.p.data(), pData.a.data(), pData.b.data(), nullptr));
@@ -209,8 +208,6 @@ QSharedPointer<EC_GROUP> EcdsaPublicKey:
@@ -209,8 +208,6 @@ QSharedPointer<EC_GROUP> EcdsaPublicKey::createGroup(const CurveData& pData) con
}
@ -18,7 +38,7 @@ diff -up AusweisApp-2.0.1/src/card/base/asn1/EcdsaPublicKey.cpp.legacyapi Auswei
QSharedPointer<EVP_PKEY> EcdsaPublicKey::createKey(const QByteArray& pPublicPoint) const
{
return createKey(reinterpret_cast<const uchar*>(pPublicPoint.constData()), static_cast<int>(pPublicPoint.size()));
@@ -239,7 +236,6 @@ QSharedPointer<EVP_PKEY> EcdsaPublicKey:
@@ -239,7 +236,6 @@ QSharedPointer<EVP_PKEY> EcdsaPublicKey::createKey(const uchar* pPublicPoint, in
return nullptr;
}
@ -26,7 +46,7 @@ diff -up AusweisApp-2.0.1/src/card/base/asn1/EcdsaPublicKey.cpp.legacyapi Auswei
const auto& group = createGroup(curveData);
if (group.isNull())
{
@@ -275,39 +271,4 @@ QSharedPointer<EVP_PKEY> EcdsaPublicKey:
@@ -275,39 +271,4 @@ QSharedPointer<EVP_PKEY> EcdsaPublicKey::createKey(const uchar* pPublicPoint, in
return key;
@ -66,9 +86,10 @@ diff -up AusweisApp-2.0.1/src/card/base/asn1/EcdsaPublicKey.cpp.legacyapi Auswei
-
-#endif
}
diff -up AusweisApp-2.0.1/src/card/base/asn1/EcdsaPublicKey.h.legacyapi AusweisApp-2.0.1/src/card/base/asn1/EcdsaPublicKey.h
--- AusweisApp-2.0.1/src/card/base/asn1/EcdsaPublicKey.h.legacyapi 2023-11-08 16:55:33.000000000 +0100
+++ AusweisApp-2.0.1/src/card/base/asn1/EcdsaPublicKey.h 2024-01-05 21:26:24.850152676 +0100
diff --git a/src/card/base/asn1/EcdsaPublicKey.h b/src/card/base/asn1/EcdsaPublicKey.h
index 36f768e..45f78ec 100644
--- a/src/card/base/asn1/EcdsaPublicKey.h
+++ b/src/card/base/asn1/EcdsaPublicKey.h
@@ -13,9 +13,7 @@
#include <openssl/asn1t.h>
#include <openssl/evp.h>
@ -80,7 +101,7 @@ diff -up AusweisApp-2.0.1/src/card/base/asn1/EcdsaPublicKey.h.legacyapi AusweisA
namespace governikus
@@ -105,9 +103,7 @@ using EcdsaPublicKey = struct ecdsapubli
@@ -105,9 +103,7 @@ using EcdsaPublicKey = struct ecdsapublickey_st
[[nodiscard]] CurveData createCurveData() const;
[[nodiscard]] QSharedPointer<EVP_PKEY> createKey(const uchar* pPublicPoint, int pPublicPointLength) const;
@ -90,68 +111,71 @@ diff -up AusweisApp-2.0.1/src/card/base/asn1/EcdsaPublicKey.h.legacyapi AusweisA
public:
static int decodeCallback(int pOperation, ASN1_VALUE** pVal, const ASN1_ITEM* pIt, void* pExarg);
diff -up AusweisApp-2.0.1/src/card/base/pace/ec/EcdhGenericMapping.cpp.legacyapi AusweisApp-2.0.1/src/card/base/pace/ec/EcdhGenericMapping.cpp
--- AusweisApp-2.0.1/src/card/base/pace/ec/EcdhGenericMapping.cpp.legacyapi 2023-11-08 16:55:33.000000000 +0100
+++ AusweisApp-2.0.1/src/card/base/pace/ec/EcdhGenericMapping.cpp 2024-01-05 21:51:28.494919678 +0100
@@ -37,13 +37,8 @@ QByteArray EcdhGenericMapping::generateT
diff --git a/src/card/base/pace/ec/EcdhGenericMapping.cpp b/src/card/base/pace/ec/EcdhGenericMapping.cpp
index 3e2d1d4..1a8e6a2 100644
--- a/src/card/base/pace/ec/EcdhGenericMapping.cpp
+++ b/src/card/base/pace/ec/EcdhGenericMapping.cpp
@@ -37,13 +37,8 @@ QByteArray EcdhGenericMapping::generateLocalMappingData()
mTerminalKey = EcUtil::generateKey(mCurve);
mLocalKey = EcUtil::generateKey(mCurve);
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
- return EcUtil::getEncodedPublicKey(mTerminalKey);
- return EcUtil::getEncodedPublicKey(mLocalKey);
-
-#else
return EcUtil::point2oct(mCurve, EC_KEY_get0_public_key(mTerminalKey.data()));
return EcUtil::point2oct(mCurve, EC_KEY_get0_public_key(mLocalKey.data()));
-#endif
}
@@ -56,12 +51,7 @@ bool EcdhGenericMapping::generateEphemer
@@ -56,12 +51,7 @@ bool EcdhGenericMapping::generateEphemeralDomainParameters(const QByteArray& pRe
return false;
}
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
- const QSharedPointer<const EC_POINT> terminalPubKeyPtr = EcUtil::oct2point(mCurve, EcUtil::getEncodedPublicKey(mTerminalKey));
- const EC_POINT* terminalPubKey = terminalPubKeyPtr.data();
- const QSharedPointer<const EC_POINT> localPubKeyPtr = EcUtil::oct2point(mCurve, EcUtil::getEncodedPublicKey(mLocalKey));
- const EC_POINT* localPubKey = localPubKeyPtr.data();
-#else
const EC_POINT* terminalPubKey = EC_KEY_get0_public_key(mTerminalKey.data());
const EC_POINT* localPubKey = EC_KEY_get0_public_key(mLocalKey.data());
-#endif
if (!EC_POINT_cmp(mCurve.data(), terminalPubKey, cardPubKey.data(), nullptr))
if (!EC_POINT_cmp(mCurve.data(), localPubKey, remotePubKey.data(), nullptr))
{
qCCritical(card) << "The exchanged public keys are equal.";
@@ -81,12 +71,7 @@ bool EcdhGenericMapping::generateEphemer
@@ -81,12 +71,7 @@ bool EcdhGenericMapping::generateEphemeralDomainParameters(const QByteArray& pRe
QSharedPointer<EC_POINT> EcdhGenericMapping::createNewGenerator(const QSharedPointer<const EC_POINT>& pCardPubKey, const QSharedPointer<const BIGNUM>& pS)
QSharedPointer<EC_POINT> EcdhGenericMapping::createNewGenerator(const QSharedPointer<const EC_POINT>& pRemotePubKey, const QSharedPointer<const BIGNUM>& pS)
{
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
- const auto& privKeyPtr = EcUtil::getPrivateKey(mTerminalKey);
- const auto& privKeyPtr = EcUtil::getPrivateKey(mLocalKey);
- const BIGNUM* privKey = privKeyPtr.data();
-#else
const BIGNUM* privKey = EC_KEY_get0_private_key(mTerminalKey.data());
const BIGNUM* privKey = EC_KEY_get0_private_key(mLocalKey.data());
-#endif
if (!privKey)
{
diff -up AusweisApp-2.0.1/src/card/base/pace/ec/EcdhGenericMapping.h.legacyapi AusweisApp-2.0.1/src/card/base/pace/ec/EcdhGenericMapping.h
--- AusweisApp-2.0.1/src/card/base/pace/ec/EcdhGenericMapping.h.legacyapi 2023-11-08 16:55:33.000000000 +0100
+++ AusweisApp-2.0.1/src/card/base/pace/ec/EcdhGenericMapping.h 2024-01-05 21:52:19.801808499 +0100
diff --git a/src/card/base/pace/ec/EcdhGenericMapping.h b/src/card/base/pace/ec/EcdhGenericMapping.h
index bdfa5a8..dea4bf0 100644
--- a/src/card/base/pace/ec/EcdhGenericMapping.h
+++ b/src/card/base/pace/ec/EcdhGenericMapping.h
@@ -22,11 +22,7 @@ class EcdhGenericMapping
private:
const QSharedPointer<EC_GROUP> mCurve;
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
- QSharedPointer<EVP_PKEY> mTerminalKey;
- QSharedPointer<EVP_PKEY> mLocalKey;
-#else
QSharedPointer<EC_KEY> mTerminalKey;
QSharedPointer<EC_KEY> mLocalKey;
-#endif
QSharedPointer<EC_POINT> createNewGenerator(const QSharedPointer<const EC_POINT>& pCardPubKey, const QSharedPointer<const BIGNUM>& pS);
QSharedPointer<EC_POINT> createNewGenerator(const QSharedPointer<const EC_POINT>& pRemotePubKey, const QSharedPointer<const BIGNUM>& pS);
diff -up AusweisApp-2.0.1/src/card/base/pace/ec/EcdhKeyAgreement.cpp.legacyapi AusweisApp-2.0.1/src/card/base/pace/ec/EcdhKeyAgreement.cpp
--- AusweisApp-2.0.1/src/card/base/pace/ec/EcdhKeyAgreement.cpp.legacyapi 2023-11-08 16:55:33.000000000 +0100
+++ AusweisApp-2.0.1/src/card/base/pace/ec/EcdhKeyAgreement.cpp 2024-01-05 21:37:17.920243239 +0100
@@ -105,15 +105,8 @@ KeyAgreement::CardResult EcdhKeyAgreemen
diff --git a/src/card/base/pace/ec/EcdhKeyAgreement.cpp b/src/card/base/pace/ec/EcdhKeyAgreement.cpp
index 0f0ae09..45c8a76 100644
--- a/src/card/base/pace/ec/EcdhKeyAgreement.cpp
+++ b/src/card/base/pace/ec/EcdhKeyAgreement.cpp
@@ -96,15 +96,8 @@ KeyAgreement::CardResult EcdhKeyAgreement::performKeyExchange()
return {CardReturnCode::PROTOCOL_ERROR};
}
@ -167,10 +191,11 @@ diff -up AusweisApp-2.0.1/src/card/base/pace/ec/EcdhKeyAgreement.cpp.legacyapi A
// Make a copy of the terminal public key for later mutual authentication.
mTerminalPublicKey = EcUtil::oct2point(curve, terminalEphemeralPublicKeyBytes);
diff -up AusweisApp-2.0.1/src/card/base/pace/ec/EcUtil.cpp.legacyapi AusweisApp-2.0.1/src/card/base/pace/ec/EcUtil.cpp
--- AusweisApp-2.0.1/src/card/base/pace/ec/EcUtil.cpp.legacyapi 2023-11-08 16:55:33.000000000 +0100
+++ AusweisApp-2.0.1/src/card/base/pace/ec/EcUtil.cpp 2024-01-05 20:33:28.156797843 +0100
@@ -88,137 +88,6 @@ QSharedPointer<EC_POINT> EcUtil::oct2poi
diff --git a/src/card/base/pace/ec/EcUtil.cpp b/src/card/base/pace/ec/EcUtil.cpp
index 10db88f..5c0ff53 100644
--- a/src/card/base/pace/ec/EcUtil.cpp
+++ b/src/card/base/pace/ec/EcUtil.cpp
@@ -103,137 +103,6 @@ QSharedPointer<EC_POINT> EcUtil::oct2point(const QSharedPointer<const EC_GROUP>&
}
@ -308,17 +333,18 @@ diff -up AusweisApp-2.0.1/src/card/base/pace/ec/EcUtil.cpp.legacyapi AusweisApp-
QSharedPointer<EC_KEY> EcUtil::generateKey(const QSharedPointer<const EC_GROUP>& pCurve)
{
if (pCurve.isNull())
@@ -242,6 +111,3 @@ QSharedPointer<EC_KEY> EcUtil::generateK
@@ -257,6 +126,3 @@ QSharedPointer<EC_KEY> EcUtil::generateKey(const QSharedPointer<const EC_GROUP>&
return key;
}
-
-
-#endif
diff -up AusweisApp-2.0.1/src/card/base/pace/ec/EcUtil.h.legacyapi AusweisApp-2.0.1/src/card/base/pace/ec/EcUtil.h
--- AusweisApp-2.0.1/src/card/base/pace/ec/EcUtil.h.legacyapi 2023-11-08 16:55:33.000000000 +0100
+++ AusweisApp-2.0.1/src/card/base/pace/ec/EcUtil.h 2024-01-05 22:15:17.157430740 +0100
@@ -30,9 +30,7 @@ class EcUtil
diff --git a/src/card/base/pace/ec/EcUtil.h b/src/card/base/pace/ec/EcUtil.h
index b575341..f7db521 100644
--- a/src/card/base/pace/ec/EcUtil.h
+++ b/src/card/base/pace/ec/EcUtil.h
@@ -32,9 +32,7 @@ class EcUtil
static QSharedPointer<EC_GROUP> create(EC_GROUP* pEcGroup);
@ -328,7 +354,7 @@ diff -up AusweisApp-2.0.1/src/card/base/pace/ec/EcUtil.h.legacyapi AusweisApp-2.
static QSharedPointer<EC_POINT> create(EC_POINT* pEcPoint);
@@ -42,14 +40,7 @@ class EcUtil
@@ -44,14 +42,7 @@ class EcUtil
static QSharedPointer<EVP_PKEY_CTX> create(EVP_PKEY_CTX* pEcGroup);
@ -343,7 +369,7 @@ diff -up AusweisApp-2.0.1/src/card/base/pace/ec/EcUtil.h.legacyapi AusweisApp-2.
static QSharedPointer<EC_GROUP> createCurve(int pNid);
};
@@ -66,7 +57,6 @@ inline QSharedPointer<EC_GROUP> EcUtil::
@@ -68,7 +59,6 @@ inline QSharedPointer<EC_GROUP> EcUtil::create(EC_GROUP* pEcGroup)
}
@ -351,7 +377,7 @@ diff -up AusweisApp-2.0.1/src/card/base/pace/ec/EcUtil.h.legacyapi AusweisApp-2.
inline QSharedPointer<EC_KEY> EcUtil::create(EC_KEY* pEcKey)
{
static auto deleter = [](EC_KEY* ecKey)
@@ -78,8 +68,6 @@ inline QSharedPointer<EC_KEY> EcUtil::cr
@@ -80,8 +70,6 @@ inline QSharedPointer<EC_KEY> EcUtil::create(EC_KEY* pEcKey)
}
@ -360,3 +386,147 @@ diff -up AusweisApp-2.0.1/src/card/base/pace/ec/EcUtil.h.legacyapi AusweisApp-2.
inline QSharedPointer<EC_POINT> EcUtil::create(EC_POINT* pEcPoint)
{
static auto deleter = [](EC_POINT* ecPoint)
diff --git a/src/card/simulator/SimulatorCard.cpp b/src/card/simulator/SimulatorCard.cpp
index 87491d7..2da83b1 100644
--- a/src/card/simulator/SimulatorCard.cpp
+++ b/src/card/simulator/SimulatorCard.cpp
@@ -22,9 +22,7 @@
#include <QScopeGuard>
#include <QThread>
#include <QtEndian>
-#if OPENSSL_VERSION_NUMBER < 0x30000000L
- #include <openssl/bn.h>
-#endif
+#include <openssl/bn.h>
using namespace governikus;
@@ -369,12 +367,8 @@ ResponseApduResult SimulatorCard::executeGeneralAuthenticate(const CommandApdu&
mPaceTerminalKey = cmdData.getData(V_ASN1_CONTEXT_SPECIFIC, ASN1Struct::PACE_EPHEMERAL_PUBLIC_KEY);
auto asn1KeyAgreement = newObject<GA_PERFORMKEYAGREEMENTDATA>();
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
- const auto& encodedPublicKey = EcUtil::getEncodedPublicKey(mCardKey);
-#else
const auto& curve = EcUtil::create(EC_GROUP_dup(EC_KEY_get0_group(mCardKey.data())));
const auto& encodedPublicKey = EcUtil::point2oct(curve, EC_KEY_get0_public_key(mCardKey.data()));
-#endif
Asn1OctetStringUtil::setValue(encodedPublicKey, asn1KeyAgreement->mEphemeralPublicKey);
responseData = encodeObject(asn1KeyAgreement.data());
break;
@@ -461,42 +455,6 @@ QByteArray SimulatorCard::ecMultiplication(const QByteArray& pPoint) const
return QByteArray();
}
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
- const auto& terminalKey = EcUtil::create(EVP_PKEY_new());
- if (terminalKey.isNull() || EVP_PKEY_copy_parameters(terminalKey.data(), mCardKey.data()) == 0)
- {
- qCCritical(card_simulator) << "Initialization of the terminal key failed";
- return QByteArray();
- }
- if (!EVP_PKEY_set1_encoded_public_key(
- terminalKey.data(),
- reinterpret_cast<const unsigned char*>(pPoint.data()),
- static_cast<size_t>(pPoint.length())))
- {
- qCCritical(card_simulator) << "Interpreting the terminal key failed";
- return QByteArray();
- }
-
- const auto& ctx = EcUtil::create(EVP_PKEY_CTX_new_from_pkey(nullptr, mCardKey.data(), nullptr));
- size_t resultLen = 0;
- if (EVP_PKEY_derive_init(ctx.data()) <= 0
- || EVP_PKEY_derive_set_peer(ctx.data(), terminalKey.data()) <= 0
- || EVP_PKEY_derive(ctx.data(), nullptr, &resultLen) <= 0)
- {
- qCCritical(card_simulator) << "Initialization or calculation of the result failed";
- return QByteArray();
- }
-
- QByteArray result(static_cast<qsizetype>(resultLen), '\0');
- if (EVP_PKEY_derive(ctx.data(), reinterpret_cast<uchar*>(result.data()), &resultLen) <= 0)
- {
- qCCritical(card_simulator) << "Calculation of the result failed";
- return QByteArray();
- }
-
- return result;
-
-#else
const auto& curve = EcUtil::create(EC_GROUP_dup(EC_KEY_get0_group(mCardKey.data())));
auto point = EcUtil::oct2point(curve, pPoint);
if (!point)
@@ -515,7 +473,6 @@ QByteArray SimulatorCard::ecMultiplication(const QByteArray& pPoint) const
return EcUtil::point2oct(curve, result.data(), true);
-#endif
}
diff --git a/src/card/simulator/SimulatorCard.h b/src/card/simulator/SimulatorCard.h
index b709d17..23f858b 100644
--- a/src/card/simulator/SimulatorCard.h
+++ b/src/card/simulator/SimulatorCard.h
@@ -35,11 +35,7 @@ class SimulatorCard
QSharedPointer<CHAT> mPaceChat;
QByteArray mPaceNonce;
QByteArray mPaceTerminalKey;
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
- QSharedPointer<EVP_PKEY> mCardKey;
-#else
QSharedPointer<EC_KEY> mCardKey;
-#endif
QSharedPointer<AuthenticatedAuxiliaryData> mTaAuxData;
public:
diff --git a/src/card/simulator/SimulatorFileSystem.cpp b/src/card/simulator/SimulatorFileSystem.cpp
index 122ca4f..046d540 100644
--- a/src/card/simulator/SimulatorFileSystem.cpp
+++ b/src/card/simulator/SimulatorFileSystem.cpp
@@ -327,11 +327,7 @@ QByteArray SimulatorFileSystem::getEfCardAccess() const
}
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
-QSharedPointer<EVP_PKEY> SimulatorFileSystem::getKey(int pKeyId) const
-#else
QSharedPointer<EC_KEY> SimulatorFileSystem::getKey(int pKeyId) const
-#endif
{
if (!mKeys.contains(pKeyId))
{
@@ -347,13 +343,8 @@ QSharedPointer<EC_KEY> SimulatorFileSystem::getKey(int pKeyId) const
return nullptr;
}
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
- return privateKey;
-
-#else
return EcUtil::create(EVP_PKEY_get1_EC_KEY(privateKey.data()));
-#endif
}
diff --git a/src/card/simulator/SimulatorFileSystem.h b/src/card/simulator/SimulatorFileSystem.h
index cb9704b..44d4054 100644
--- a/src/card/simulator/SimulatorFileSystem.h
+++ b/src/card/simulator/SimulatorFileSystem.h
@@ -38,11 +38,7 @@ class SimulatorFileSystem
[[nodiscard]] StatusCode write(qsizetype pOffset, const QByteArray& pData);
[[nodiscard]] QByteArray getEfCardAccess() const;
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
- [[nodiscard]] QSharedPointer<EVP_PKEY> getKey(int pKeyId) const;
-#else
[[nodiscard]] QSharedPointer<EC_KEY> getKey(int pKeyId) const;
-#endif
[[nodiscard]] StatusCode verify(const Oid& pOid, const QSharedPointer<AuthenticatedAuxiliaryData>& pAuxiliaryData) const;
--
2.45.2

7
AusweisApp2.spec
View file

@ -41,11 +41,11 @@ fi \
%global newname AusweisApp
Name: AusweisApp2
Version: 2.0.3
Version: 2.2.2
Release: %autorelease
Summary: %{pkg_sum}
License: EUPL 1.2
License: EUPL-1.2
URL: https://www.ausweisapp.bund.de/en
# Url to releases on github.
@ -64,6 +64,9 @@ Source1000: gen_openssl_cnf.py
# Downstream.
Patch01000: %{name}-1.24.1-use_Qt_TranslationsPath.patch
# Needed because Fedora's openssl does not support elliptic curves using custom parameters.
# Request to enable them was denied: https://bugzilla.redhat.com/show_bug.cgi?id=2259403
# It is currently not clear if the legacy API works by accident or by design. It does work as of January 2024.
Patch01001: %{name}-2.0.1-use-legacy-openssl-api.patch
BuildRequires: cmake

14
gen_openssl_cnf.py
View file

@ -76,10 +76,14 @@ class _Const(object):
@constant
def KEYSIZE_SECTIONS():
return [
'minStaticKeySizes',
'minEphemeralKeySizes',
'minKeySizes',
'sizesIfd',
]
@constant
def KEYSIZE_MIN_SECTION():
return 'min'
@constant
def TLS_VERSIONS():
return {
@ -101,9 +105,15 @@ def get_min_ssl_sec_level(json_data):
if option in json_data[section]:
if min_keysize > json_data[section][option]:
min_keysize = json_data[section][option]
elif option in json_data[section][CONST.KEYSIZE_MIN_SECTION]:
if min_keysize > json_data[section][CONST.KEYSIZE_MIN_SECTION][option]:
min_keysize = json_data[section][CONST.KEYSIZE_MIN_SECTION][option]
if CONST.KEYSIZE_EC_OPTION in json_data[section]:
if min_ecsize > json_data[section][CONST.KEYSIZE_EC_OPTION]:
min_ecsize = json_data[section][CONST.KEYSIZE_EC_OPTION]
elif CONST.KEYSIZE_EC_OPTION in json_data[section][CONST.KEYSIZE_MIN_SECTION]:
if min_ecsize > json_data[section][CONST.KEYSIZE_MIN_SECTION][CONST.KEYSIZE_EC_OPTION]:
min_ecsize = json_data[section][CONST.KEYSIZE_MIN_SECTION][CONST.KEYSIZE_EC_OPTION]
if min_keysize >= 1000 and min_ecsize >= 160:
sec_level = 1

6
sources
View file

@ -1,4 +1,4 @@
SHA512 (AusweisApp-2.0.3.tar.gz) = 4843c1cc0e510a350ef99e5c3810a1ed526832894d269b3791ff55341ad781186396275168d7c82d1abaf06cfb825ae626dad0a9bde2baec4db4e72103252053
SHA512 (AusweisApp-2.0.3.tar.gz.asc) = 6efb1afff620f557c8b17e698c273086ea9189fd8689ada6ea2aaa0f3c8a41f4871472e9f35a626e63668e787f056fb15964b0f860808a923413ead3ece76f4c
SHA512 (AusweisApp-2.0.3.tar.gz.sha256) = 5b349772a7bc456ff3912d2f9d885840ddb104bd4d45e77cf4b4e0d63650de3865a0fb6ade88983142f21b28165c366c2ca313e37979082c2d9b12559c20f828
SHA512 (AusweisApp-2.2.2.tar.gz) = f86dabd4d7347e3986045407e0d2f94174552a676215292954d558d0b3c7df1ab5212b623a809bd36136ad79bd57541969e30783c46ddd01c786581ad01e727f
SHA512 (AusweisApp-2.2.2.tar.gz.asc) = 416cba597bd35a4688c516b6d6812d5750be167b633fc7e367567d7af66dc02c22684c866e2c0e42cdd712052cabe0811321e2937c36793967855275d773993e
SHA512 (AusweisApp-2.2.2.tar.gz.sha256) = 8dbc58f33a90eb05971bff008e3752bba55f5291be4269d970ec1a794c2295aa304ee32aba729ac22c9521edebce2a9c7420741fe35155ce18c6b91e9ec3e08b
SHA512 (AusweisApp2-pubring.gpg) = 3aae27b673f4eb2f7d3bda6c839b3d11829a730bde546e92abb889abb1c2453e786dc906154074485406692f5b9abbb3e1fb293e6b397696b6371016723621cd