File 0001-use-legacy-openssl-api.patch of Package AusweisApp
From f5d48a49ea7055b7d4edf5f1398557b475419fb9 Mon Sep 17 00:00:00 2001
From: rpm-build <rpm-build>
Date: Thu, 30 Oct 2025 13:51:15 +0100
Subject: [PATCH] Use legacy OpenSSL API
---
src/card/base/asn1/EcdsaPublicKey.cpp | 39 -----
src/card/base/asn1/EcdsaPublicKey.h | 6 +-
src/card/base/pace/ec/EcUtil.cpp | 145 -------------------
src/card/base/pace/ec/EcUtil.h | 12 --
src/card/base/pace/ec/EcdhGenericMapping.cpp | 5 -
src/card/base/pace/ec/EcdhGenericMapping.h | 4 -
src/card/simulator/SimulatorCard.cpp | 37 -----
src/card/simulator/SimulatorCard.h | 4 -
src/card/simulator/SimulatorFileSystem.cpp | 9 --
src/card/simulator/SimulatorFileSystem.h | 4 -
10 files changed, 1 insertion(+), 264 deletions(-)
diff --git a/src/card/base/asn1/EcdsaPublicKey.cpp b/src/card/base/asn1/EcdsaPublicKey.cpp
index 7f54045..dc7e26b 100644
--- a/src/card/base/asn1/EcdsaPublicKey.cpp
+++ b/src/card/base/asn1/EcdsaPublicKey.cpp
@@ -182,7 +182,6 @@ QByteArray EcdsaPublicKey::getUncompressedPublicPoint() const
}
-#if OPENSSL_VERSION_NUMBER < 0x30000000L
QSharedPointer<EC_GROUP> EcdsaPublicKey::createGroup(const CurveData& pData) const
{
QSharedPointer<EC_GROUP> group = EcUtil::create(EC_GROUP_new_curve_GFp(pData.p.data(), pData.a.data(), pData.b.data(), nullptr));
@@ -209,8 +208,6 @@ QSharedPointer<EC_GROUP> EcdsaPublicKey::createGroup(const CurveData& pData) con
}
-#endif
-
QSharedPointer<EVP_PKEY> EcdsaPublicKey::createKey(const QByteArray& pPublicPoint) const
{
return createKey(reinterpret_cast<const uchar*>(pPublicPoint.constData()), static_cast<int>(pPublicPoint.size()));
@@ -239,7 +236,6 @@ QSharedPointer<EVP_PKEY> EcdsaPublicKey::createKey(const uchar* pPublicPoint, in
return nullptr;
}
-#if OPENSSL_VERSION_NUMBER < 0x30000000L
const auto& group = createGroup(curveData);
if (group.isNull())
{
@@ -275,39 +271,4 @@ QSharedPointer<EVP_PKEY> EcdsaPublicKey::createKey(const uchar* pPublicPoint, in
return key;
-#else
- const auto& params = EcUtil::create([&curveData, pPublicPoint, pPublicPointLength, this](OSSL_PARAM_BLD* pBuilder){
- return OSSL_PARAM_BLD_push_BN(pBuilder, "p", curveData.p.data())
- && OSSL_PARAM_BLD_push_BN(pBuilder, "a", curveData.a.data())
- && OSSL_PARAM_BLD_push_BN(pBuilder, "b", curveData.b.data())
- && OSSL_PARAM_BLD_push_BN(pBuilder, "order", curveData.order.data())
- && OSSL_PARAM_BLD_push_BN(pBuilder, "cofactor", curveData.cofactor.data())
- && OSSL_PARAM_BLD_push_octet_string(pBuilder, "pub", pPublicPoint, static_cast<size_t>(pPublicPointLength))
- && OSSL_PARAM_BLD_push_octet_string(pBuilder, "generator", mBasePoint->data, static_cast<size_t>(mBasePoint->length))
- && OSSL_PARAM_BLD_push_utf8_string(pBuilder, "field-type", "prime-field", 12);
- });
-
- if (params == nullptr)
- {
- qCCritical(card) << "Cannot set parameter";
- return nullptr;
- }
-
- auto ctx = EcUtil::create(EVP_PKEY_CTX_new_from_name(nullptr, "EC", nullptr));
- if (!EVP_PKEY_fromdata_init(ctx.data()))
- {
- qCCritical(card) << "Cannot init pkey";
- return nullptr;
- }
-
- EVP_PKEY* key = nullptr;
- if (!EVP_PKEY_fromdata(ctx.data(), &key, EVP_PKEY_PUBLIC_KEY, params.data()))
- {
- qCCritical(card) << "Cannot fetch data for pkey";
- return nullptr;
- }
-
- return EcUtil::create(key);
-
-#endif
}
diff --git a/src/card/base/asn1/EcdsaPublicKey.h b/src/card/base/asn1/EcdsaPublicKey.h
index 860bc74..c85e48b 100644
--- a/src/card/base/asn1/EcdsaPublicKey.h
+++ b/src/card/base/asn1/EcdsaPublicKey.h
@@ -13,9 +13,7 @@
#include <openssl/asn1t.h>
#include <openssl/evp.h>
-#if OPENSSL_VERSION_NUMBER < 0x30000000L
- #include <openssl/ec.h>
-#endif
+#include <openssl/ec.h>
namespace governikus
@@ -105,9 +103,7 @@ using EcdsaPublicKey = struct ecdsapublickey_st
[[nodiscard]] CurveData createCurveData() const;
[[nodiscard]] QSharedPointer<EVP_PKEY> createKey(const uchar* pPublicPoint, int pPublicPointLength) const;
-#if OPENSSL_VERSION_NUMBER < 0x30000000L
[[nodiscard]] QSharedPointer<EC_GROUP> createGroup(const CurveData& pData) const;
-#endif
public:
static int decodeCallback(int pOperation, ASN1_VALUE** pVal, const ASN1_ITEM* pIt, void* pExarg);
diff --git a/src/card/base/pace/ec/EcUtil.cpp b/src/card/base/pace/ec/EcUtil.cpp
index 069ad81..546438f 100644
--- a/src/card/base/pace/ec/EcUtil.cpp
+++ b/src/card/base/pace/ec/EcUtil.cpp
@@ -103,148 +103,6 @@ QSharedPointer<EC_POINT> EcUtil::oct2point(const QSharedPointer<const EC_GROUP>&
}
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
-QByteArray EcUtil::getEncodedPublicKey(const QSharedPointer<EVP_PKEY>& pKey, bool pCompressed)
-{
- if (pKey.isNull())
- {
- qCCritical(card) << "Cannot use undefined key";
- return nullptr;
- }
-
- uchar* key = nullptr;
- const size_t length = EVP_PKEY_get1_encoded_public_key(pKey.data(), &key);
- const auto guard = qScopeGuard([key] {
- OPENSSL_free(key);
- });
-
- if (length == 0)
- {
- return QByteArray();
- }
-
- const QByteArray uncompressed(reinterpret_cast<char*>(key), static_cast<int>(length));
- return pCompressed ? EcUtil::compressPoint(uncompressed) : uncompressed;
-}
-
-
-QSharedPointer<BIGNUM> EcUtil::getPrivateKey(const QSharedPointer<const EVP_PKEY>& pKey)
-{
- BIGNUM* privKey = nullptr;
- EVP_PKEY_get_bn_param(pKey.data(), "priv", &privKey);
- return EcUtil::create(privKey);
-}
-
-
-QSharedPointer<OSSL_PARAM> EcUtil::create(const std::function<bool(OSSL_PARAM_BLD* pBuilder)>& pFunc)
-{
- OSSL_PARAM_BLD* bld = OSSL_PARAM_BLD_new();
- const auto guard = qScopeGuard([bld] {
- OSSL_PARAM_BLD_free(bld);
- });
-
- if (bld == nullptr)
- {
- qCCritical(card) << "Cannot create parameter builder";
- return nullptr;
- }
-
- if (!pFunc(bld))
- {
- qCCritical(card) << "Cannot initialize parameter builder";
- return nullptr;
- }
-
- if (OSSL_PARAM* params = OSSL_PARAM_BLD_to_param(bld); params != nullptr)
- {
- static auto deleter = [](OSSL_PARAM* pParam)
- {
- OSSL_PARAM_free(pParam);
- };
-
- return QSharedPointer<OSSL_PARAM>(params, deleter);
- }
-
- qCCritical(card) << "Cannot create parameter";
- return nullptr;
-}
-
-
-QSharedPointer<EVP_PKEY> EcUtil::generateKey(const QSharedPointer<const EC_GROUP>& pCurve)
-{
- if (pCurve.isNull())
- {
- qCCritical(card) << "Curve is undefined";
- return nullptr;
- }
-
- auto generator = EcUtil::point2oct(pCurve, EC_GROUP_get0_generator(pCurve.data()));
-
- auto order = EcUtil::create(BN_new());
- if (!EC_GROUP_get_order(pCurve.data(), order.data(), nullptr))
- {
- qCCritical(card) << "Cannot fetch order";
- return nullptr;
- }
-
- auto cofactor = EcUtil::create(BN_new());
- if (!EC_GROUP_get_cofactor(pCurve.data(), cofactor.data(), nullptr))
- {
- qCCritical(card) << "Cannot fetch cofactor";
- return nullptr;
- }
-
- auto p = EcUtil::create(BN_new());
- auto a = EcUtil::create(BN_new());
- auto b = EcUtil::create(BN_new());
- if (!EC_GROUP_get_curve(pCurve.data(), p.data(), a.data(), b.data(), nullptr))
- {
- qCCritical(card) << "Cannot fetch a, b or p";
- return nullptr;
- }
-
- const auto& params = EcUtil::create([&p, &a, &b, &order, &cofactor, &generator](OSSL_PARAM_BLD* pBuilder){
- return OSSL_PARAM_BLD_push_BN(pBuilder, "p", p.data())
- && OSSL_PARAM_BLD_push_BN(pBuilder, "a", a.data())
- && OSSL_PARAM_BLD_push_BN(pBuilder, "b", b.data())
- && OSSL_PARAM_BLD_push_BN(pBuilder, "order", order.data())
- && OSSL_PARAM_BLD_push_BN(pBuilder, "cofactor", cofactor.data())
- && OSSL_PARAM_BLD_push_octet_string(pBuilder, "generator", generator.data(), static_cast<size_t>(generator.size()))
- && OSSL_PARAM_BLD_push_utf8_string(pBuilder, "field-type", "prime-field", 12);
- });
-
- if (params == nullptr)
- {
- qCCritical(card) << "Cannot set parameter";
- return nullptr;
- }
-
- auto ctx = EcUtil::create(EVP_PKEY_CTX_new_from_name(nullptr, "EC", nullptr));
- if (!ctx)
- {
- qCCritical(card) << "Cannot create EVP_PKEY_CTX";
- return nullptr;
- }
- EVP_PKEY_keygen_init(ctx.data());
-
- if (!EVP_PKEY_CTX_set_params(ctx.data(), params.data()))
- {
- qCCritical(card) << "Cannot set params to EVP_PKEY_CTX";
- return nullptr;
- }
-
- EVP_PKEY* key = nullptr;
- if (!EVP_PKEY_generate(ctx.data(), &key))
- {
- qCCritical(card) << "Cannot create EVP_PKEY";
- return nullptr;
- }
-
- return EcUtil::create(key);
-}
-
-
-#else
QByteArray EcUtil::getEncodedPublicKey(const QSharedPointer<EC_KEY>& pKey, bool pCompressed)
{
if (pKey.isNull())
@@ -293,6 +151,3 @@ QSharedPointer<EC_KEY> EcUtil::generateKey(const QSharedPointer<const EC_GROUP>&
return key;
}
-
-
-#endif
diff --git a/src/card/base/pace/ec/EcUtil.h b/src/card/base/pace/ec/EcUtil.h
index 63eb16c..914c268 100644
--- a/src/card/base/pace/ec/EcUtil.h
+++ b/src/card/base/pace/ec/EcUtil.h
@@ -26,24 +26,15 @@ class EcUtil
static QSharedPointer<EC_POINT> oct2point(const QSharedPointer<const EC_GROUP>& pCurve, const QByteArray& pCompressedData);
static QSharedPointer<EC_GROUP> create(EC_GROUP* pEcGroup);
-#if OPENSSL_VERSION_NUMBER < 0x30000000L
static QSharedPointer<EC_KEY> create(EC_KEY* pEcKey);
-#endif
static QSharedPointer<EC_POINT> create(EC_POINT* pEcPoint);
static QSharedPointer<BIGNUM> create(BIGNUM* pBigNum);
static QSharedPointer<EVP_PKEY> create(EVP_PKEY* pEcGroup);
static QSharedPointer<EVP_PKEY_CTX> create(EVP_PKEY_CTX* pEcGroup);
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
- static QByteArray getEncodedPublicKey(const QSharedPointer<EVP_PKEY>& pKey, bool pCompressed = false);
- static QSharedPointer<BIGNUM> getPrivateKey(const QSharedPointer<const EVP_PKEY>& pKey);
- static QSharedPointer<OSSL_PARAM> create(const std::function<bool(OSSL_PARAM_BLD* pBuilder)>& pFunc);
- static QSharedPointer<EVP_PKEY> generateKey(const QSharedPointer<const EC_GROUP>& pCurve);
-#else
static QByteArray getEncodedPublicKey(const QSharedPointer<EC_KEY>& pKey, bool pCompressed = false);
static QSharedPointer<BIGNUM> getPrivateKey(const QSharedPointer<const EC_KEY>& pKey);
static QSharedPointer<EC_KEY> generateKey(const QSharedPointer<const EC_GROUP>& pCurve);
-#endif
static QSharedPointer<EC_GROUP> createCurve(int pNid);
};
@@ -60,7 +51,6 @@ inline QSharedPointer<EC_GROUP> EcUtil::create(EC_GROUP* pEcGroup)
}
-#if OPENSSL_VERSION_NUMBER < 0x30000000L
inline QSharedPointer<EC_KEY> EcUtil::create(EC_KEY* pEcKey)
{
static auto deleter = [](EC_KEY* ecKey)
@@ -72,8 +62,6 @@ inline QSharedPointer<EC_KEY> EcUtil::create(EC_KEY* pEcKey)
}
-#endif
-
inline QSharedPointer<EC_POINT> EcUtil::create(EC_POINT* pEcPoint)
{
static auto deleter = [](EC_POINT* ecPoint)
diff --git a/src/card/base/pace/ec/EcdhGenericMapping.cpp b/src/card/base/pace/ec/EcdhGenericMapping.cpp
index 04cee51..571c7a0 100644
--- a/src/card/base/pace/ec/EcdhGenericMapping.cpp
+++ b/src/card/base/pace/ec/EcdhGenericMapping.cpp
@@ -49,12 +49,7 @@ bool EcdhGenericMapping::generateEphemeralDomainParameters(const QByteArray& pRe
return false;
}
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
- const QSharedPointer<const EC_POINT> localPubKeyPtr = EcUtil::oct2point(mCurve, EcUtil::getEncodedPublicKey(mLocalKey));
- const EC_POINT* localPubKey = localPubKeyPtr.data();
-#else
const EC_POINT* localPubKey = EC_KEY_get0_public_key(mLocalKey.data());
-#endif
if (!EC_POINT_cmp(mCurve.data(), localPubKey, remotePubKey.data(), nullptr))
{
qCCritical(card) << "The exchanged public keys are equal.";
diff --git a/src/card/base/pace/ec/EcdhGenericMapping.h b/src/card/base/pace/ec/EcdhGenericMapping.h
index e9c9768..188befb 100644
--- a/src/card/base/pace/ec/EcdhGenericMapping.h
+++ b/src/card/base/pace/ec/EcdhGenericMapping.h
@@ -22,11 +22,7 @@ class EcdhGenericMapping
private:
const QSharedPointer<EC_GROUP> mCurve;
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
- QSharedPointer<EVP_PKEY> mLocalKey;
-#else
QSharedPointer<EC_KEY> mLocalKey;
-#endif
QSharedPointer<EC_POINT> createNewGenerator(const QSharedPointer<const EC_POINT>& pRemotePubKey, const QSharedPointer<const BIGNUM>& pS);
diff --git a/src/card/simulator/SimulatorCard.cpp b/src/card/simulator/SimulatorCard.cpp
index 3c4e218..a39fb54 100644
--- a/src/card/simulator/SimulatorCard.cpp
+++ b/src/card/simulator/SimulatorCard.cpp
@@ -661,42 +661,6 @@ QByteArray SimulatorCard::ecMultiplication(const QByteArray& pPoint) const
return QByteArray();
}
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
- const auto& terminalKey = EcUtil::create(EVP_PKEY_new());
- if (terminalKey.isNull() || EVP_PKEY_copy_parameters(terminalKey.data(), mCardKey.data()) == 0)
- {
- qCCritical(card_simulator) << "Initialization of the terminal key failed";
- return QByteArray();
- }
- if (!EVP_PKEY_set1_encoded_public_key(
- terminalKey.data(),
- reinterpret_cast<const unsigned char*>(pPoint.data()),
- static_cast<size_t>(pPoint.length())))
- {
- qCCritical(card_simulator) << "Interpreting the terminal key failed";
- return QByteArray();
- }
-
- const auto& ctx = EcUtil::create(EVP_PKEY_CTX_new_from_pkey(nullptr, mCardKey.data(), nullptr));
- size_t resultLen = 0;
- if (EVP_PKEY_derive_init(ctx.data()) <= 0
- || EVP_PKEY_derive_set_peer(ctx.data(), terminalKey.data()) <= 0
- || EVP_PKEY_derive(ctx.data(), nullptr, &resultLen) <= 0)
- {
- qCCritical(card_simulator) << "Initialization or calculation of the result failed";
- return QByteArray();
- }
-
- QByteArray result(static_cast<qsizetype>(resultLen), '\0');
- if (EVP_PKEY_derive(ctx.data(), reinterpret_cast<uchar*>(result.data()), &resultLen) <= 0)
- {
- qCCritical(card_simulator) << "Calculation of the result failed";
- return QByteArray();
- }
-
- return result;
-
-#else
const auto& curve = EcUtil::create(EC_GROUP_dup(EC_KEY_get0_group(mCardKey.data())));
auto point = EcUtil::oct2point(curve, pPoint);
if (!point)
@@ -715,7 +679,6 @@ QByteArray SimulatorCard::ecMultiplication(const QByteArray& pPoint) const
return EcUtil::point2oct(curve, result.data(), true);
-#endif
}
diff --git a/src/card/simulator/SimulatorCard.h b/src/card/simulator/SimulatorCard.h
index fc9db00..7a881cb 100644
--- a/src/card/simulator/SimulatorCard.h
+++ b/src/card/simulator/SimulatorCard.h
@@ -39,11 +39,7 @@ class SimulatorCard
int mPaceKeyId;
QByteArray mPaceNonce;
QByteArray mPaceTerminalKey;
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
- QSharedPointer<EVP_PKEY> mCardKey;
-#else
QSharedPointer<EC_KEY> mCardKey;
-#endif
QSharedPointer<const CVCertificate> mTaCertificate;
QByteArray mTaSigningData;
QByteArray mTaAuxData;
diff --git a/src/card/simulator/SimulatorFileSystem.cpp b/src/card/simulator/SimulatorFileSystem.cpp
index 5c01caa..4cbe60c 100644
--- a/src/card/simulator/SimulatorFileSystem.cpp
+++ b/src/card/simulator/SimulatorFileSystem.cpp
@@ -347,11 +347,7 @@ QByteArray SimulatorFileSystem::getPassword(PacePasswordId pPasswordId) const
}
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
-QSharedPointer<EVP_PKEY> SimulatorFileSystem::getKey(int pKeyId) const
-#else
QSharedPointer<EC_KEY> SimulatorFileSystem::getKey(int pKeyId) const
-#endif
{
if (!mKeys.contains(pKeyId))
{
@@ -367,13 +363,8 @@ QSharedPointer<EC_KEY> SimulatorFileSystem::getKey(int pKeyId) const
return nullptr;
}
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
- return privateKey;
-
-#else
return EcUtil::create(EVP_PKEY_get1_EC_KEY(privateKey.data()));
-#endif
}
diff --git a/src/card/simulator/SimulatorFileSystem.h b/src/card/simulator/SimulatorFileSystem.h
index 7d8458f..57065db 100644
--- a/src/card/simulator/SimulatorFileSystem.h
+++ b/src/card/simulator/SimulatorFileSystem.h
@@ -43,11 +43,7 @@ class SimulatorFileSystem
[[nodiscard]] QByteArray getEfCardAccess() const;
[[nodiscard]] QByteArray getPassword(PacePasswordId pPasswordId) const;
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
- [[nodiscard]] QSharedPointer<EVP_PKEY> getKey(int pKeyId) const;
-#else
[[nodiscard]] QSharedPointer<EC_KEY> getKey(int pKeyId) const;
-#endif
[[nodiscard]] QSharedPointer<const CVCertificate> getTrustPoint() const;
void setTrustPoint(const QSharedPointer<const CVCertificate>& pTrustPoint);
--
2.51.0
