From f5d48a49ea7055b7d4edf5f1398557b475419fb9 Mon Sep 17 00:00:00 2001 From: rpm-build Date: Thu, 30 Oct 2025 13:51:15 +0100 Subject: [PATCH] Use legacy OpenSSL API --- src/card/base/asn1/EcdsaPublicKey.cpp | 39 ----- src/card/base/asn1/EcdsaPublicKey.h | 6 +- src/card/base/pace/ec/EcUtil.cpp | 145 ------------------- src/card/base/pace/ec/EcUtil.h | 12 -- src/card/base/pace/ec/EcdhGenericMapping.cpp | 5 - src/card/base/pace/ec/EcdhGenericMapping.h | 4 - src/card/simulator/SimulatorCard.cpp | 37 ----- src/card/simulator/SimulatorCard.h | 4 - src/card/simulator/SimulatorFileSystem.cpp | 9 -- src/card/simulator/SimulatorFileSystem.h | 4 - 10 files changed, 1 insertion(+), 264 deletions(-) diff --git a/src/card/base/asn1/EcdsaPublicKey.cpp b/src/card/base/asn1/EcdsaPublicKey.cpp index 7f54045..dc7e26b 100644 --- a/src/card/base/asn1/EcdsaPublicKey.cpp +++ b/src/card/base/asn1/EcdsaPublicKey.cpp @@ -182,7 +182,6 @@ QByteArray EcdsaPublicKey::getUncompressedPublicPoint() const } -#if OPENSSL_VERSION_NUMBER < 0x30000000L QSharedPointer EcdsaPublicKey::createGroup(const CurveData& pData) const { QSharedPointer group = EcUtil::create(EC_GROUP_new_curve_GFp(pData.p.data(), pData.a.data(), pData.b.data(), nullptr)); @@ -209,8 +208,6 @@ QSharedPointer EcdsaPublicKey::createGroup(const CurveData& pData) con } -#endif - QSharedPointer EcdsaPublicKey::createKey(const QByteArray& pPublicPoint) const { return createKey(reinterpret_cast(pPublicPoint.constData()), static_cast(pPublicPoint.size())); @@ -239,7 +236,6 @@ QSharedPointer EcdsaPublicKey::createKey(const uchar* pPublicPoint, in return nullptr; } -#if OPENSSL_VERSION_NUMBER < 0x30000000L const auto& group = createGroup(curveData); if (group.isNull()) { @@ -275,39 +271,4 @@ QSharedPointer EcdsaPublicKey::createKey(const uchar* pPublicPoint, in return key; -#else - const auto& params = EcUtil::create([&curveData, pPublicPoint, pPublicPointLength, this](OSSL_PARAM_BLD* pBuilder){ - return OSSL_PARAM_BLD_push_BN(pBuilder, "p", curveData.p.data()) - && OSSL_PARAM_BLD_push_BN(pBuilder, "a", curveData.a.data()) - && OSSL_PARAM_BLD_push_BN(pBuilder, "b", curveData.b.data()) - && OSSL_PARAM_BLD_push_BN(pBuilder, "order", curveData.order.data()) - && OSSL_PARAM_BLD_push_BN(pBuilder, "cofactor", curveData.cofactor.data()) - && OSSL_PARAM_BLD_push_octet_string(pBuilder, "pub", pPublicPoint, static_cast(pPublicPointLength)) - && OSSL_PARAM_BLD_push_octet_string(pBuilder, "generator", mBasePoint->data, static_cast(mBasePoint->length)) - && OSSL_PARAM_BLD_push_utf8_string(pBuilder, "field-type", "prime-field", 12); - }); - - if (params == nullptr) - { - qCCritical(card) << "Cannot set parameter"; - return nullptr; - } - - auto ctx = EcUtil::create(EVP_PKEY_CTX_new_from_name(nullptr, "EC", nullptr)); - if (!EVP_PKEY_fromdata_init(ctx.data())) - { - qCCritical(card) << "Cannot init pkey"; - return nullptr; - } - - EVP_PKEY* key = nullptr; - if (!EVP_PKEY_fromdata(ctx.data(), &key, EVP_PKEY_PUBLIC_KEY, params.data())) - { - qCCritical(card) << "Cannot fetch data for pkey"; - return nullptr; - } - - return EcUtil::create(key); - -#endif } diff --git a/src/card/base/asn1/EcdsaPublicKey.h b/src/card/base/asn1/EcdsaPublicKey.h index 860bc74..c85e48b 100644 --- a/src/card/base/asn1/EcdsaPublicKey.h +++ b/src/card/base/asn1/EcdsaPublicKey.h @@ -13,9 +13,7 @@ #include #include -#if OPENSSL_VERSION_NUMBER < 0x30000000L - #include -#endif +#include namespace governikus @@ -105,9 +103,7 @@ using EcdsaPublicKey = struct ecdsapublickey_st [[nodiscard]] CurveData createCurveData() const; [[nodiscard]] QSharedPointer createKey(const uchar* pPublicPoint, int pPublicPointLength) const; -#if OPENSSL_VERSION_NUMBER < 0x30000000L [[nodiscard]] QSharedPointer createGroup(const CurveData& pData) const; -#endif public: static int decodeCallback(int pOperation, ASN1_VALUE** pVal, const ASN1_ITEM* pIt, void* pExarg); diff --git a/src/card/base/pace/ec/EcUtil.cpp b/src/card/base/pace/ec/EcUtil.cpp index 069ad81..546438f 100644 --- a/src/card/base/pace/ec/EcUtil.cpp +++ b/src/card/base/pace/ec/EcUtil.cpp @@ -103,148 +103,6 @@ QSharedPointer EcUtil::oct2point(const QSharedPointer& } -#if OPENSSL_VERSION_NUMBER >= 0x30000000L -QByteArray EcUtil::getEncodedPublicKey(const QSharedPointer& pKey, bool pCompressed) -{ - if (pKey.isNull()) - { - qCCritical(card) << "Cannot use undefined key"; - return nullptr; - } - - uchar* key = nullptr; - const size_t length = EVP_PKEY_get1_encoded_public_key(pKey.data(), &key); - const auto guard = qScopeGuard([key] { - OPENSSL_free(key); - }); - - if (length == 0) - { - return QByteArray(); - } - - const QByteArray uncompressed(reinterpret_cast(key), static_cast(length)); - return pCompressed ? EcUtil::compressPoint(uncompressed) : uncompressed; -} - - -QSharedPointer EcUtil::getPrivateKey(const QSharedPointer& pKey) -{ - BIGNUM* privKey = nullptr; - EVP_PKEY_get_bn_param(pKey.data(), "priv", &privKey); - return EcUtil::create(privKey); -} - - -QSharedPointer EcUtil::create(const std::function& pFunc) -{ - OSSL_PARAM_BLD* bld = OSSL_PARAM_BLD_new(); - const auto guard = qScopeGuard([bld] { - OSSL_PARAM_BLD_free(bld); - }); - - if (bld == nullptr) - { - qCCritical(card) << "Cannot create parameter builder"; - return nullptr; - } - - if (!pFunc(bld)) - { - qCCritical(card) << "Cannot initialize parameter builder"; - return nullptr; - } - - if (OSSL_PARAM* params = OSSL_PARAM_BLD_to_param(bld); params != nullptr) - { - static auto deleter = [](OSSL_PARAM* pParam) - { - OSSL_PARAM_free(pParam); - }; - - return QSharedPointer(params, deleter); - } - - qCCritical(card) << "Cannot create parameter"; - return nullptr; -} - - -QSharedPointer EcUtil::generateKey(const QSharedPointer& pCurve) -{ - if (pCurve.isNull()) - { - qCCritical(card) << "Curve is undefined"; - return nullptr; - } - - auto generator = EcUtil::point2oct(pCurve, EC_GROUP_get0_generator(pCurve.data())); - - auto order = EcUtil::create(BN_new()); - if (!EC_GROUP_get_order(pCurve.data(), order.data(), nullptr)) - { - qCCritical(card) << "Cannot fetch order"; - return nullptr; - } - - auto cofactor = EcUtil::create(BN_new()); - if (!EC_GROUP_get_cofactor(pCurve.data(), cofactor.data(), nullptr)) - { - qCCritical(card) << "Cannot fetch cofactor"; - return nullptr; - } - - auto p = EcUtil::create(BN_new()); - auto a = EcUtil::create(BN_new()); - auto b = EcUtil::create(BN_new()); - if (!EC_GROUP_get_curve(pCurve.data(), p.data(), a.data(), b.data(), nullptr)) - { - qCCritical(card) << "Cannot fetch a, b or p"; - return nullptr; - } - - const auto& params = EcUtil::create([&p, &a, &b, &order, &cofactor, &generator](OSSL_PARAM_BLD* pBuilder){ - return OSSL_PARAM_BLD_push_BN(pBuilder, "p", p.data()) - && OSSL_PARAM_BLD_push_BN(pBuilder, "a", a.data()) - && OSSL_PARAM_BLD_push_BN(pBuilder, "b", b.data()) - && OSSL_PARAM_BLD_push_BN(pBuilder, "order", order.data()) - && OSSL_PARAM_BLD_push_BN(pBuilder, "cofactor", cofactor.data()) - && OSSL_PARAM_BLD_push_octet_string(pBuilder, "generator", generator.data(), static_cast(generator.size())) - && OSSL_PARAM_BLD_push_utf8_string(pBuilder, "field-type", "prime-field", 12); - }); - - if (params == nullptr) - { - qCCritical(card) << "Cannot set parameter"; - return nullptr; - } - - auto ctx = EcUtil::create(EVP_PKEY_CTX_new_from_name(nullptr, "EC", nullptr)); - if (!ctx) - { - qCCritical(card) << "Cannot create EVP_PKEY_CTX"; - return nullptr; - } - EVP_PKEY_keygen_init(ctx.data()); - - if (!EVP_PKEY_CTX_set_params(ctx.data(), params.data())) - { - qCCritical(card) << "Cannot set params to EVP_PKEY_CTX"; - return nullptr; - } - - EVP_PKEY* key = nullptr; - if (!EVP_PKEY_generate(ctx.data(), &key)) - { - qCCritical(card) << "Cannot create EVP_PKEY"; - return nullptr; - } - - return EcUtil::create(key); -} - - -#else QByteArray EcUtil::getEncodedPublicKey(const QSharedPointer& pKey, bool pCompressed) { if (pKey.isNull()) @@ -293,6 +151,3 @@ QSharedPointer EcUtil::generateKey(const QSharedPointer& return key; } - - -#endif diff --git a/src/card/base/pace/ec/EcUtil.h b/src/card/base/pace/ec/EcUtil.h index 63eb16c..914c268 100644 --- a/src/card/base/pace/ec/EcUtil.h +++ b/src/card/base/pace/ec/EcUtil.h @@ -26,24 +26,15 @@ class EcUtil static QSharedPointer oct2point(const QSharedPointer& pCurve, const QByteArray& pCompressedData); static QSharedPointer create(EC_GROUP* pEcGroup); -#if OPENSSL_VERSION_NUMBER < 0x30000000L static QSharedPointer create(EC_KEY* pEcKey); -#endif static QSharedPointer create(EC_POINT* pEcPoint); static QSharedPointer create(BIGNUM* pBigNum); static QSharedPointer create(EVP_PKEY* pEcGroup); static QSharedPointer create(EVP_PKEY_CTX* pEcGroup); -#if OPENSSL_VERSION_NUMBER >= 0x30000000L - static QByteArray getEncodedPublicKey(const QSharedPointer& pKey, bool pCompressed = false); - static QSharedPointer getPrivateKey(const QSharedPointer& pKey); - static QSharedPointer create(const std::function& pFunc); - static QSharedPointer generateKey(const QSharedPointer& pCurve); -#else static QByteArray getEncodedPublicKey(const QSharedPointer& pKey, bool pCompressed = false); static QSharedPointer getPrivateKey(const QSharedPointer& pKey); static QSharedPointer generateKey(const QSharedPointer& pCurve); -#endif static QSharedPointer createCurve(int pNid); }; @@ -60,7 +51,6 @@ inline QSharedPointer EcUtil::create(EC_GROUP* pEcGroup) } -#if OPENSSL_VERSION_NUMBER < 0x30000000L inline QSharedPointer EcUtil::create(EC_KEY* pEcKey) { static auto deleter = [](EC_KEY* ecKey) @@ -72,8 +62,6 @@ inline QSharedPointer EcUtil::create(EC_KEY* pEcKey) } -#endif - inline QSharedPointer EcUtil::create(EC_POINT* pEcPoint) { static auto deleter = [](EC_POINT* ecPoint) diff --git a/src/card/base/pace/ec/EcdhGenericMapping.cpp b/src/card/base/pace/ec/EcdhGenericMapping.cpp index 04cee51..571c7a0 100644 --- a/src/card/base/pace/ec/EcdhGenericMapping.cpp +++ b/src/card/base/pace/ec/EcdhGenericMapping.cpp @@ -49,12 +49,7 @@ bool EcdhGenericMapping::generateEphemeralDomainParameters(const QByteArray& pRe return false; } -#if OPENSSL_VERSION_NUMBER >= 0x30000000L - const QSharedPointer localPubKeyPtr = EcUtil::oct2point(mCurve, EcUtil::getEncodedPublicKey(mLocalKey)); - const EC_POINT* localPubKey = localPubKeyPtr.data(); -#else const EC_POINT* localPubKey = EC_KEY_get0_public_key(mLocalKey.data()); -#endif if (!EC_POINT_cmp(mCurve.data(), localPubKey, remotePubKey.data(), nullptr)) { qCCritical(card) << "The exchanged public keys are equal."; diff --git a/src/card/base/pace/ec/EcdhGenericMapping.h b/src/card/base/pace/ec/EcdhGenericMapping.h index e9c9768..188befb 100644 --- a/src/card/base/pace/ec/EcdhGenericMapping.h +++ b/src/card/base/pace/ec/EcdhGenericMapping.h @@ -22,11 +22,7 @@ class EcdhGenericMapping private: const QSharedPointer mCurve; -#if OPENSSL_VERSION_NUMBER >= 0x30000000L - QSharedPointer mLocalKey; -#else QSharedPointer mLocalKey; -#endif QSharedPointer createNewGenerator(const QSharedPointer& pRemotePubKey, const QSharedPointer& pS); diff --git a/src/card/simulator/SimulatorCard.cpp b/src/card/simulator/SimulatorCard.cpp index 3c4e218..a39fb54 100644 --- a/src/card/simulator/SimulatorCard.cpp +++ b/src/card/simulator/SimulatorCard.cpp @@ -661,42 +661,6 @@ QByteArray SimulatorCard::ecMultiplication(const QByteArray& pPoint) const return QByteArray(); } -#if OPENSSL_VERSION_NUMBER >= 0x30000000L - const auto& terminalKey = EcUtil::create(EVP_PKEY_new()); - if (terminalKey.isNull() || EVP_PKEY_copy_parameters(terminalKey.data(), mCardKey.data()) == 0) - { - qCCritical(card_simulator) << "Initialization of the terminal key failed"; - return QByteArray(); - } - if (!EVP_PKEY_set1_encoded_public_key( - terminalKey.data(), - reinterpret_cast(pPoint.data()), - static_cast(pPoint.length()))) - { - qCCritical(card_simulator) << "Interpreting the terminal key failed"; - return QByteArray(); - } - - const auto& ctx = EcUtil::create(EVP_PKEY_CTX_new_from_pkey(nullptr, mCardKey.data(), nullptr)); - size_t resultLen = 0; - if (EVP_PKEY_derive_init(ctx.data()) <= 0 - || EVP_PKEY_derive_set_peer(ctx.data(), terminalKey.data()) <= 0 - || EVP_PKEY_derive(ctx.data(), nullptr, &resultLen) <= 0) - { - qCCritical(card_simulator) << "Initialization or calculation of the result failed"; - return QByteArray(); - } - - QByteArray result(static_cast(resultLen), '\0'); - if (EVP_PKEY_derive(ctx.data(), reinterpret_cast(result.data()), &resultLen) <= 0) - { - qCCritical(card_simulator) << "Calculation of the result failed"; - return QByteArray(); - } - - return result; - -#else const auto& curve = EcUtil::create(EC_GROUP_dup(EC_KEY_get0_group(mCardKey.data()))); auto point = EcUtil::oct2point(curve, pPoint); if (!point) @@ -715,7 +679,6 @@ QByteArray SimulatorCard::ecMultiplication(const QByteArray& pPoint) const return EcUtil::point2oct(curve, result.data(), true); -#endif } diff --git a/src/card/simulator/SimulatorCard.h b/src/card/simulator/SimulatorCard.h index fc9db00..7a881cb 100644 --- a/src/card/simulator/SimulatorCard.h +++ b/src/card/simulator/SimulatorCard.h @@ -39,11 +39,7 @@ class SimulatorCard int mPaceKeyId; QByteArray mPaceNonce; QByteArray mPaceTerminalKey; -#if OPENSSL_VERSION_NUMBER >= 0x30000000L - QSharedPointer mCardKey; -#else QSharedPointer mCardKey; -#endif QSharedPointer mTaCertificate; QByteArray mTaSigningData; QByteArray mTaAuxData; diff --git a/src/card/simulator/SimulatorFileSystem.cpp b/src/card/simulator/SimulatorFileSystem.cpp index 5c01caa..4cbe60c 100644 --- a/src/card/simulator/SimulatorFileSystem.cpp +++ b/src/card/simulator/SimulatorFileSystem.cpp @@ -347,11 +347,7 @@ QByteArray SimulatorFileSystem::getPassword(PacePasswordId pPasswordId) const } -#if OPENSSL_VERSION_NUMBER >= 0x30000000L -QSharedPointer SimulatorFileSystem::getKey(int pKeyId) const -#else QSharedPointer SimulatorFileSystem::getKey(int pKeyId) const -#endif { if (!mKeys.contains(pKeyId)) { @@ -367,13 +363,8 @@ QSharedPointer SimulatorFileSystem::getKey(int pKeyId) const return nullptr; } -#if OPENSSL_VERSION_NUMBER >= 0x30000000L - return privateKey; - -#else return EcUtil::create(EVP_PKEY_get1_EC_KEY(privateKey.data())); -#endif } diff --git a/src/card/simulator/SimulatorFileSystem.h b/src/card/simulator/SimulatorFileSystem.h index 7d8458f..57065db 100644 --- a/src/card/simulator/SimulatorFileSystem.h +++ b/src/card/simulator/SimulatorFileSystem.h @@ -43,11 +43,7 @@ class SimulatorFileSystem [[nodiscard]] QByteArray getEfCardAccess() const; [[nodiscard]] QByteArray getPassword(PacePasswordId pPasswordId) const; -#if OPENSSL_VERSION_NUMBER >= 0x30000000L - [[nodiscard]] QSharedPointer getKey(int pKeyId) const; -#else [[nodiscard]] QSharedPointer getKey(int pKeyId) const; -#endif [[nodiscard]] QSharedPointer getTrustPoint() const; void setTrustPoint(const QSharedPointer& pTrustPoint); -- 2.51.0