File 0001-use-legacy-openssl-api.patch of Package AusweisApp
From cae1fb6e4f5ccbdb9cc6b8401c39d2affe548eb0 Mon Sep 17 00:00:00 2001
From: John Paul Adrian Glaubitz <glaubitz@suse.com>
Date: Thu, 6 Mar 2025 11:43:01 +0100
Subject: [PATCH] Use legacy SSL API to workaround blocked non-approved EC
curves
---
src/card/base/asn1/ASN1TemplateUtil.h | 4 -
src/card/base/asn1/ASN1Util.cpp | 4 -
src/card/base/asn1/ASN1Util.h | 4 -
src/card/base/asn1/EFCardSecurity.cpp | 3 -
src/card/base/asn1/EcdsaPublicKey.cpp | 43 ------
src/card/base/asn1/EcdsaPublicKey.h | 6 +-
src/card/base/pace/CipherMac.cpp | 87 -----------
src/card/base/pace/CipherMac.h | 6 -
src/card/base/pace/SymmetricCipher.cpp | 4 -
src/card/base/pace/ec/EcUtil.cpp | 144 -------------------
src/card/base/pace/ec/EcUtil.h | 12 --
src/card/base/pace/ec/EcdhGenericMapping.cpp | 5 -
src/card/base/pace/ec/EcdhGenericMapping.h | 4 -
src/card/simulator/SimulatorCard.cpp | 38 -----
src/card/simulator/SimulatorCard.h | 4 -
src/card/simulator/SimulatorFileSystem.cpp | 9 --
src/card/simulator/SimulatorFileSystem.h | 4 -
test/qt/card/asn1/test_EcdsaPublicKey.cpp | 15 --
test/qt/card/asn1/test_SignatureChecker.cpp | 4 -
test/qt/card/pace/test_EcUtil.cpp | 4 -
20 files changed, 1 insertion(+), 403 deletions(-)
diff --git a/src/card/base/asn1/ASN1TemplateUtil.h b/src/card/base/asn1/ASN1TemplateUtil.h
index a33ad2fc..b1d20038 100644
--- a/src/card/base/asn1/ASN1TemplateUtil.h
+++ b/src/card/base/asn1/ASN1TemplateUtil.h
@@ -140,11 +140,7 @@ static const int CB_SUCCESS = 1;
static const int CB_ERROR = 0;
-#if OPENSSL_VERSION_NUMBER < 0x30000000L
#define i2d_const_cast(name, object) const_cast<name*>(object)
-#else
- #define i2d_const_cast(name, object) object
-#endif
#define IMPLEMENT_ASN1_OBJECT(name)\
diff --git a/src/card/base/asn1/ASN1Util.cpp b/src/card/base/asn1/ASN1Util.cpp
index 355cf5b5..13fd5f9d 100644
--- a/src/card/base/asn1/ASN1Util.cpp
+++ b/src/card/base/asn1/ASN1Util.cpp
@@ -61,11 +61,7 @@ QString Asn1StringUtil::getValue(const ASN1_STRING* pString)
}
-#if OPENSSL_VERSION_NUMBER < 0x30000000L
QByteArray Asn1TypeUtil::encode(ASN1_TYPE* pAny)
-#else
-QByteArray Asn1TypeUtil::encode(const ASN1_TYPE* pAny)
-#endif
{
if (pAny == nullptr)
{
diff --git a/src/card/base/asn1/ASN1Util.h b/src/card/base/asn1/ASN1Util.h
index 7d04ead5..d9806d83 100644
--- a/src/card/base/asn1/ASN1Util.h
+++ b/src/card/base/asn1/ASN1Util.h
@@ -71,11 +71,7 @@ class Asn1TypeUtil
~Asn1TypeUtil() = delete;
public:
-#if OPENSSL_VERSION_NUMBER < 0x30000000L
static QByteArray encode(ASN1_TYPE* pAny);
-#else
- static QByteArray encode(const ASN1_TYPE* pAny);
-#endif
};
diff --git a/src/card/base/asn1/EFCardSecurity.cpp b/src/card/base/asn1/EFCardSecurity.cpp
index 7596721e..89258f09 100644
--- a/src/card/base/asn1/EFCardSecurity.cpp
+++ b/src/card/base/asn1/EFCardSecurity.cpp
@@ -73,9 +73,6 @@ QSharedPointer<EFCardSecurity> EFCardSecurity::decode(const QByteArray& pBytes)
const QSharedPointer<const STACK_OF(X509)> certs(CMS_get1_certs(contentInfo.data()), [](STACK_OF(X509)* pInfo){sk_X509_pop_free(pInfo, X509_free);});
for (int i = 0; certs && i < sk_X509_num(certs.data()); ++i)
{
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
- const
-#endif
auto* const name = X509_get_subject_name(sk_X509_value(certs.data(), i));
const int index = X509_NAME_get_index_by_NID(name, NID_serialNumber, -1);
const auto* const serial = X509_NAME_ENTRY_get_data(X509_NAME_get_entry(name, index));
diff --git a/src/card/base/asn1/EcdsaPublicKey.cpp b/src/card/base/asn1/EcdsaPublicKey.cpp
index 7f54045e..076b3e2d 100644
--- a/src/card/base/asn1/EcdsaPublicKey.cpp
+++ b/src/card/base/asn1/EcdsaPublicKey.cpp
@@ -12,10 +12,6 @@
#include <functional>
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
- #include <openssl/param_build.h>
-#endif
-
using namespace governikus;
@@ -182,7 +178,6 @@ QByteArray EcdsaPublicKey::getUncompressedPublicPoint() const
}
-#if OPENSSL_VERSION_NUMBER < 0x30000000L
QSharedPointer<EC_GROUP> EcdsaPublicKey::createGroup(const CurveData& pData) const
{
QSharedPointer<EC_GROUP> group = EcUtil::create(EC_GROUP_new_curve_GFp(pData.p.data(), pData.a.data(), pData.b.data(), nullptr));
@@ -209,8 +204,6 @@ QSharedPointer<EC_GROUP> EcdsaPublicKey::createGroup(const CurveData& pData) con
}
-#endif
-
QSharedPointer<EVP_PKEY> EcdsaPublicKey::createKey(const QByteArray& pPublicPoint) const
{
return createKey(reinterpret_cast<const uchar*>(pPublicPoint.constData()), static_cast<int>(pPublicPoint.size()));
@@ -239,7 +232,6 @@ QSharedPointer<EVP_PKEY> EcdsaPublicKey::createKey(const uchar* pPublicPoint, in
return nullptr;
}
-#if OPENSSL_VERSION_NUMBER < 0x30000000L
const auto& group = createGroup(curveData);
if (group.isNull())
{
@@ -275,39 +267,4 @@ QSharedPointer<EVP_PKEY> EcdsaPublicKey::createKey(const uchar* pPublicPoint, in
return key;
-#else
- const auto& params = EcUtil::create([&curveData, pPublicPoint, pPublicPointLength, this](OSSL_PARAM_BLD* pBuilder){
- return OSSL_PARAM_BLD_push_BN(pBuilder, "p", curveData.p.data())
- && OSSL_PARAM_BLD_push_BN(pBuilder, "a", curveData.a.data())
- && OSSL_PARAM_BLD_push_BN(pBuilder, "b", curveData.b.data())
- && OSSL_PARAM_BLD_push_BN(pBuilder, "order", curveData.order.data())
- && OSSL_PARAM_BLD_push_BN(pBuilder, "cofactor", curveData.cofactor.data())
- && OSSL_PARAM_BLD_push_octet_string(pBuilder, "pub", pPublicPoint, static_cast<size_t>(pPublicPointLength))
- && OSSL_PARAM_BLD_push_octet_string(pBuilder, "generator", mBasePoint->data, static_cast<size_t>(mBasePoint->length))
- && OSSL_PARAM_BLD_push_utf8_string(pBuilder, "field-type", "prime-field", 12);
- });
-
- if (params == nullptr)
- {
- qCCritical(card) << "Cannot set parameter";
- return nullptr;
- }
-
- auto ctx = EcUtil::create(EVP_PKEY_CTX_new_from_name(nullptr, "EC", nullptr));
- if (!EVP_PKEY_fromdata_init(ctx.data()))
- {
- qCCritical(card) << "Cannot init pkey";
- return nullptr;
- }
-
- EVP_PKEY* key = nullptr;
- if (!EVP_PKEY_fromdata(ctx.data(), &key, EVP_PKEY_PUBLIC_KEY, params.data()))
- {
- qCCritical(card) << "Cannot fetch data for pkey";
- return nullptr;
- }
-
- return EcUtil::create(key);
-
-#endif
}
diff --git a/src/card/base/asn1/EcdsaPublicKey.h b/src/card/base/asn1/EcdsaPublicKey.h
index 860bc749..c85e48bd 100644
--- a/src/card/base/asn1/EcdsaPublicKey.h
+++ b/src/card/base/asn1/EcdsaPublicKey.h
@@ -13,9 +13,7 @@
#include <openssl/asn1t.h>
#include <openssl/evp.h>
-#if OPENSSL_VERSION_NUMBER < 0x30000000L
- #include <openssl/ec.h>
-#endif
+#include <openssl/ec.h>
namespace governikus
@@ -105,9 +103,7 @@ using EcdsaPublicKey = struct ecdsapublickey_st
[[nodiscard]] CurveData createCurveData() const;
[[nodiscard]] QSharedPointer<EVP_PKEY> createKey(const uchar* pPublicPoint, int pPublicPointLength) const;
-#if OPENSSL_VERSION_NUMBER < 0x30000000L
[[nodiscard]] QSharedPointer<EC_GROUP> createGroup(const CurveData& pData) const;
-#endif
public:
static int decodeCallback(int pOperation, ASN1_VALUE** pVal, const ASN1_ITEM* pIt, void* pExarg);
diff --git a/src/card/base/pace/CipherMac.cpp b/src/card/base/pace/CipherMac.cpp
index 8968ab9f..b56fa861 100644
--- a/src/card/base/pace/CipherMac.cpp
+++ b/src/card/base/pace/CipherMac.cpp
@@ -14,24 +14,14 @@ Q_DECLARE_LOGGING_CATEGORY(card)
CipherMac::CipherMac(const SecurityProtocol& pSecurityProtocol, const QByteArray& pKeyBytes)
-#if OPENSSL_VERSION_NUMBER < 0x30000000L
: mKey(nullptr)
-#else
- : mMac(nullptr)
- , mCtx(nullptr)
-#endif
{
-#if OPENSSL_VERSION_NUMBER < 0x30000000L
const auto* cipher = pSecurityProtocol.getCipher();
-#else
- const auto* cipher = pSecurityProtocol.getCipherString();
-#endif
if (cipher == nullptr)
{
return;
}
-#if OPENSSL_VERSION_NUMBER < 0x30000000L
if (pKeyBytes.size() != EVP_CIPHER_key_length(cipher))
{
qCCritical(card) << "Key has wrong size (expected/got):" << EVP_CIPHER_key_length(cipher) << '/' << pKeyBytes.size();
@@ -40,66 +30,18 @@ CipherMac::CipherMac(const SecurityProtocol& pSecurityProtocol, const QByteArray
mKey = EVP_PKEY_new_CMAC_key(nullptr, reinterpret_cast<const uchar*>(pKeyBytes.constData()), static_cast<size_t>(pKeyBytes.size()), cipher);
-#else
-
- auto guard = qScopeGuard([this] {
- EVP_MAC_CTX_free(mCtx);
- mCtx = nullptr;
-
- EVP_MAC_free(mMac);
- mMac = nullptr;
- });
-
- mMac = EVP_MAC_fetch(nullptr, "cmac", nullptr);
- if (!mMac)
- {
- qCCritical(card) << "Cannot fetch cmac";
- return;
- }
-
- mCtx = EVP_MAC_CTX_new(mMac);
- if (!mCtx)
- {
- qCCritical(card) << "Cannot create new mac ctx";
- return;
- }
-
- const OSSL_PARAM params[] = {
- OSSL_PARAM_utf8_string("cipher", const_cast<char*>(cipher), 0),
- OSSL_PARAM_octet_string("key", const_cast<char*>(pKeyBytes.data()), static_cast<size_t>(pKeyBytes.size())),
- OSSL_PARAM_END
- };
- if (!EVP_MAC_CTX_set_params(mCtx, params))
- {
- qCCritical(card) << "Cannot set parameter";
- return;
- }
-
- guard.dismiss();
-#endif
}
CipherMac::~CipherMac()
{
-#if OPENSSL_VERSION_NUMBER < 0x30000000L
EVP_PKEY_free(mKey);
-#else
- EVP_MAC_CTX_free(mCtx);
- EVP_MAC_free(mMac);
-#endif
}
bool CipherMac::isInitialized() const
{
-#if OPENSSL_VERSION_NUMBER < 0x30000000L
return mKey != nullptr;
-
-#else
- return mMac != nullptr && mCtx != nullptr;
-
-#endif
}
@@ -111,7 +53,6 @@ QByteArray CipherMac::generate(const QByteArray& pMessage) const
return QByteArray();
}
-#if OPENSSL_VERSION_NUMBER < 0x30000000L
QSharedPointer<EVP_MD_CTX> ctx(EVP_MD_CTX_create(), [](EVP_MD_CTX* pCtx)
{
EVP_MD_CTX_destroy(pCtx);
@@ -137,34 +78,6 @@ QByteArray CipherMac::generate(const QByteArray& pMessage) const
return QByteArray();
}
-#else
- auto* ctx = EVP_MAC_CTX_dup(mCtx);
- const auto guard = qScopeGuard([ctx] {
- EVP_MAC_CTX_free(ctx);
- });
-
- if (!EVP_MAC_init(ctx, nullptr, 0, nullptr))
- {
- qCCritical(card) << "Cannot init ctx";
- return QByteArray();
- }
-
- if (!EVP_MAC_update(ctx, reinterpret_cast<const uchar*>(pMessage.constData()), static_cast<size_t>(pMessage.size())))
- {
- qCCritical(card) << "Cannot update cmac";
- return QByteArray();
- }
-
- QByteArray value(static_cast<int>(EVP_MAC_CTX_get_mac_size(ctx)), '\0');
- size_t writtenBytes;
- if (!EVP_MAC_final(ctx, reinterpret_cast<uchar*>(value.data()), &writtenBytes, static_cast<size_t>(value.size())))
- {
- qCCritical(card) << "Cannot finalize cmac";
- return QByteArray();
- }
-
-#endif
-
// Use only 8 bytes, according to TR 03110 Part 3, A.2.4.2, E.2.2.2
value.resize(8);
return value;
diff --git a/src/card/base/pace/CipherMac.h b/src/card/base/pace/CipherMac.h
index 776e1746..a1a6606f 100644
--- a/src/card/base/pace/CipherMac.h
+++ b/src/card/base/pace/CipherMac.h
@@ -18,14 +18,8 @@ class CipherMac final
Q_DISABLE_COPY(CipherMac)
private:
-#if OPENSSL_VERSION_NUMBER < 0x30000000L
EVP_PKEY * mKey;
-#else
- EVP_MAC* mMac;
- EVP_MAC_CTX* mCtx;
-#endif
-
public:
/*!
* \brief Creates a new instance with cipher algorithm determined by parameter and specified MAC key.
diff --git a/src/card/base/pace/SymmetricCipher.cpp b/src/card/base/pace/SymmetricCipher.cpp
index 18514893..1a98efbd 100644
--- a/src/card/base/pace/SymmetricCipher.cpp
+++ b/src/card/base/pace/SymmetricCipher.cpp
@@ -67,9 +67,7 @@ QByteArray SymmetricCipher::encrypt(const QByteArray& pPlainData)
}
EVP_CIPHER_CTX_set_padding(mCtx, 0);
-#if OPENSSL_VERSION_NUMBER < 0x30000000L
#define EVP_CIPHER_CTX_get0_cipher(x) EVP_CIPHER_CTX_cipher(x)
-#endif
if (pPlainData.size() % EVP_CIPHER_block_size(EVP_CIPHER_CTX_get0_cipher(mCtx)) != 0)
{
qCCritical(card) << "Plain data length is not a multiple of the block size";
@@ -132,9 +130,7 @@ QByteArray SymmetricCipher::decrypt(const QByteArray& pEncryptedData)
}
EVP_CIPHER_CTX_set_padding(mCtx, 0);
-#if OPENSSL_VERSION_NUMBER < 0x30000000L
#define EVP_CIPHER_CTX_get0_cipher(x) EVP_CIPHER_CTX_cipher(x)
-#endif
if (pEncryptedData.size() % EVP_CIPHER_block_size(EVP_CIPHER_CTX_get0_cipher(mCtx)) != 0)
{
qCCritical(card) << "Encrypted data length is not a multiple of the block size";
diff --git a/src/card/base/pace/ec/EcUtil.cpp b/src/card/base/pace/ec/EcUtil.cpp
index 67e970ef..660f0d2a 100644
--- a/src/card/base/pace/ec/EcUtil.cpp
+++ b/src/card/base/pace/ec/EcUtil.cpp
@@ -7,10 +7,6 @@
#include <QLoggingCategory>
#include <QScopeGuard>
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
- #include <openssl/param_build.h>
-#endif
-
Q_DECLARE_LOGGING_CATEGORY(card)
using namespace governikus;
@@ -103,143 +99,6 @@ QSharedPointer<EC_POINT> EcUtil::oct2point(const QSharedPointer<const EC_GROUP>&
}
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
-QByteArray EcUtil::getEncodedPublicKey(const QSharedPointer<EVP_PKEY>& pKey, bool pCompressed)
-{
- if (pKey.isNull())
- {
- qCCritical(card) << "Cannot use undefined key";
- return nullptr;
- }
-
- uchar* key = nullptr;
- const size_t length = EVP_PKEY_get1_encoded_public_key(pKey.data(), &key);
- const auto guard = qScopeGuard([key] {
- OPENSSL_free(key);
- });
-
- if (length == 0)
- {
- return QByteArray();
- }
-
- const QByteArray uncompressed(reinterpret_cast<char*>(key), static_cast<int>(length));
- return pCompressed ? EcUtil::compressPoint(uncompressed) : uncompressed;
-}
-
-
-QSharedPointer<BIGNUM> EcUtil::getPrivateKey(const QSharedPointer<const EVP_PKEY>& pKey)
-{
- BIGNUM* privKey = nullptr;
- EVP_PKEY_get_bn_param(pKey.data(), "priv", &privKey);
- return EcUtil::create(privKey);
-}
-
-
-QSharedPointer<OSSL_PARAM> EcUtil::create(const std::function<bool(OSSL_PARAM_BLD* pBuilder)>& pFunc)
-{
- OSSL_PARAM_BLD* bld = OSSL_PARAM_BLD_new();
- const auto guard = qScopeGuard([bld] {
- OSSL_PARAM_BLD_free(bld);
- });
-
- if (bld == nullptr)
- {
- qCCritical(card) << "Cannot create parameter builder";
- return nullptr;
- }
-
- if (OSSL_PARAM* params = nullptr;
- pFunc(bld) && (params = OSSL_PARAM_BLD_to_param(bld)) != nullptr)
- {
- static auto deleter = [](OSSL_PARAM* pParam)
- {
- OSSL_PARAM_free(pParam);
- };
-
- return QSharedPointer<OSSL_PARAM>(params, deleter);
- }
-
- qCCritical(card) << "Cannot create parameter";
- return nullptr;
-}
-
-
-QSharedPointer<EVP_PKEY> EcUtil::generateKey(const QSharedPointer<const EC_GROUP>& pCurve)
-{
- if (pCurve.isNull())
- {
- qCCritical(card) << "Curve is undefined";
- return nullptr;
- }
-
- auto generator = EcUtil::point2oct(pCurve, EC_GROUP_get0_generator(pCurve.data()));
-
- auto order = EcUtil::create(BN_new());
- if (!EC_GROUP_get_order(pCurve.data(), order.data(), nullptr))
- {
- qCCritical(card) << "Cannot fetch order";
- return nullptr;
- }
-
- auto cofactor = EcUtil::create(BN_new());
- if (!EC_GROUP_get_cofactor(pCurve.data(), cofactor.data(), nullptr))
- {
- qCCritical(card) << "Cannot fetch cofactor";
- return nullptr;
- }
-
- auto p = EcUtil::create(BN_new());
- auto a = EcUtil::create(BN_new());
- auto b = EcUtil::create(BN_new());
- if (!EC_GROUP_get_curve(pCurve.data(), p.data(), a.data(), b.data(), nullptr))
- {
- qCCritical(card) << "Cannot fetch a, b or p";
- return nullptr;
- }
-
- const auto& params = EcUtil::create([&p, &a, &b, &order, &cofactor, &generator](OSSL_PARAM_BLD* pBuilder){
- return OSSL_PARAM_BLD_push_BN(pBuilder, "p", p.data())
- && OSSL_PARAM_BLD_push_BN(pBuilder, "a", a.data())
- && OSSL_PARAM_BLD_push_BN(pBuilder, "b", b.data())
- && OSSL_PARAM_BLD_push_BN(pBuilder, "order", order.data())
- && OSSL_PARAM_BLD_push_BN(pBuilder, "cofactor", cofactor.data())
- && OSSL_PARAM_BLD_push_octet_string(pBuilder, "generator", generator.data(), static_cast<size_t>(generator.size()))
- && OSSL_PARAM_BLD_push_utf8_string(pBuilder, "field-type", "prime-field", 12);
- });
-
- if (params == nullptr)
- {
- qCCritical(card) << "Cannot set parameter";
- return nullptr;
- }
-
- auto ctx = EcUtil::create(EVP_PKEY_CTX_new_from_name(nullptr, "EC", nullptr));
- if (!ctx)
- {
- qCCritical(card) << "Cannot create EVP_PKEY_CTX";
- return nullptr;
- }
- EVP_PKEY_keygen_init(ctx.data());
-
- if (!EVP_PKEY_CTX_set_params(ctx.data(), params.data()))
- {
- qCCritical(card) << "Cannot set params to EVP_PKEY_CTX";
- return nullptr;
- }
-
- EVP_PKEY* key = nullptr;
- if (!EVP_PKEY_generate(ctx.data(), &key))
- {
- qCCritical(card) << "Cannot create EVP_PKEY";
- return nullptr;
- }
-
- return EcUtil::create(key);
-}
-
-
-#else
QByteArray EcUtil::getEncodedPublicKey(const QSharedPointer<EC_KEY>& pKey, bool pCompressed)
{
if (pKey.isNull())
@@ -288,6 +147,3 @@ QSharedPointer<EC_KEY> EcUtil::generateKey(const QSharedPointer<const EC_GROUP>&
return key;
}
-
-
-#endif
diff --git a/src/card/base/pace/ec/EcUtil.h b/src/card/base/pace/ec/EcUtil.h
index 63eb16c6..914c2683 100644
--- a/src/card/base/pace/ec/EcUtil.h
+++ b/src/card/base/pace/ec/EcUtil.h
@@ -26,24 +26,15 @@ class EcUtil
static QSharedPointer<EC_POINT> oct2point(const QSharedPointer<const EC_GROUP>& pCurve, const QByteArray& pCompressedData);
static QSharedPointer<EC_GROUP> create(EC_GROUP* pEcGroup);
-#if OPENSSL_VERSION_NUMBER < 0x30000000L
static QSharedPointer<EC_KEY> create(EC_KEY* pEcKey);
-#endif
static QSharedPointer<EC_POINT> create(EC_POINT* pEcPoint);
static QSharedPointer<BIGNUM> create(BIGNUM* pBigNum);
static QSharedPointer<EVP_PKEY> create(EVP_PKEY* pEcGroup);
static QSharedPointer<EVP_PKEY_CTX> create(EVP_PKEY_CTX* pEcGroup);
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
- static QByteArray getEncodedPublicKey(const QSharedPointer<EVP_PKEY>& pKey, bool pCompressed = false);
- static QSharedPointer<BIGNUM> getPrivateKey(const QSharedPointer<const EVP_PKEY>& pKey);
- static QSharedPointer<OSSL_PARAM> create(const std::function<bool(OSSL_PARAM_BLD* pBuilder)>& pFunc);
- static QSharedPointer<EVP_PKEY> generateKey(const QSharedPointer<const EC_GROUP>& pCurve);
-#else
static QByteArray getEncodedPublicKey(const QSharedPointer<EC_KEY>& pKey, bool pCompressed = false);
static QSharedPointer<BIGNUM> getPrivateKey(const QSharedPointer<const EC_KEY>& pKey);
static QSharedPointer<EC_KEY> generateKey(const QSharedPointer<const EC_GROUP>& pCurve);
-#endif
static QSharedPointer<EC_GROUP> createCurve(int pNid);
};
@@ -60,7 +51,6 @@ inline QSharedPointer<EC_GROUP> EcUtil::create(EC_GROUP* pEcGroup)
}
-#if OPENSSL_VERSION_NUMBER < 0x30000000L
inline QSharedPointer<EC_KEY> EcUtil::create(EC_KEY* pEcKey)
{
static auto deleter = [](EC_KEY* ecKey)
@@ -72,8 +62,6 @@ inline QSharedPointer<EC_KEY> EcUtil::create(EC_KEY* pEcKey)
}
-#endif
-
inline QSharedPointer<EC_POINT> EcUtil::create(EC_POINT* pEcPoint)
{
static auto deleter = [](EC_POINT* ecPoint)
diff --git a/src/card/base/pace/ec/EcdhGenericMapping.cpp b/src/card/base/pace/ec/EcdhGenericMapping.cpp
index 04cee51d..571c7a0a 100644
--- a/src/card/base/pace/ec/EcdhGenericMapping.cpp
+++ b/src/card/base/pace/ec/EcdhGenericMapping.cpp
@@ -49,12 +49,7 @@ bool EcdhGenericMapping::generateEphemeralDomainParameters(const QByteArray& pRe
return false;
}
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
- const QSharedPointer<const EC_POINT> localPubKeyPtr = EcUtil::oct2point(mCurve, EcUtil::getEncodedPublicKey(mLocalKey));
- const EC_POINT* localPubKey = localPubKeyPtr.data();
-#else
const EC_POINT* localPubKey = EC_KEY_get0_public_key(mLocalKey.data());
-#endif
if (!EC_POINT_cmp(mCurve.data(), localPubKey, remotePubKey.data(), nullptr))
{
qCCritical(card) << "The exchanged public keys are equal.";
diff --git a/src/card/base/pace/ec/EcdhGenericMapping.h b/src/card/base/pace/ec/EcdhGenericMapping.h
index e9c97682..188befb6 100644
--- a/src/card/base/pace/ec/EcdhGenericMapping.h
+++ b/src/card/base/pace/ec/EcdhGenericMapping.h
@@ -22,11 +22,7 @@ class EcdhGenericMapping
private:
const QSharedPointer<EC_GROUP> mCurve;
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
- QSharedPointer<EVP_PKEY> mLocalKey;
-#else
QSharedPointer<EC_KEY> mLocalKey;
-#endif
QSharedPointer<EC_POINT> createNewGenerator(const QSharedPointer<const EC_POINT>& pRemotePubKey, const QSharedPointer<const BIGNUM>& pS);
diff --git a/src/card/simulator/SimulatorCard.cpp b/src/card/simulator/SimulatorCard.cpp
index 3c4e2188..6588bb93 100644
--- a/src/card/simulator/SimulatorCard.cpp
+++ b/src/card/simulator/SimulatorCard.cpp
@@ -661,42 +661,6 @@ QByteArray SimulatorCard::ecMultiplication(const QByteArray& pPoint) const
return QByteArray();
}
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
- const auto& terminalKey = EcUtil::create(EVP_PKEY_new());
- if (terminalKey.isNull() || EVP_PKEY_copy_parameters(terminalKey.data(), mCardKey.data()) == 0)
- {
- qCCritical(card_simulator) << "Initialization of the terminal key failed";
- return QByteArray();
- }
- if (!EVP_PKEY_set1_encoded_public_key(
- terminalKey.data(),
- reinterpret_cast<const unsigned char*>(pPoint.data()),
- static_cast<size_t>(pPoint.length())))
- {
- qCCritical(card_simulator) << "Interpreting the terminal key failed";
- return QByteArray();
- }
-
- const auto& ctx = EcUtil::create(EVP_PKEY_CTX_new_from_pkey(nullptr, mCardKey.data(), nullptr));
- size_t resultLen = 0;
- if (EVP_PKEY_derive_init(ctx.data()) <= 0
- || EVP_PKEY_derive_set_peer(ctx.data(), terminalKey.data()) <= 0
- || EVP_PKEY_derive(ctx.data(), nullptr, &resultLen) <= 0)
- {
- qCCritical(card_simulator) << "Initialization or calculation of the result failed";
- return QByteArray();
- }
-
- QByteArray result(static_cast<qsizetype>(resultLen), '\0');
- if (EVP_PKEY_derive(ctx.data(), reinterpret_cast<uchar*>(result.data()), &resultLen) <= 0)
- {
- qCCritical(card_simulator) << "Calculation of the result failed";
- return QByteArray();
- }
-
- return result;
-
-#else
const auto& curve = EcUtil::create(EC_GROUP_dup(EC_KEY_get0_group(mCardKey.data())));
auto point = EcUtil::oct2point(curve, pPoint);
if (!point)
@@ -714,8 +678,6 @@ QByteArray SimulatorCard::ecMultiplication(const QByteArray& pPoint) const
}
return EcUtil::point2oct(curve, result.data(), true);
-
-#endif
}
diff --git a/src/card/simulator/SimulatorCard.h b/src/card/simulator/SimulatorCard.h
index fc9db007..7a881cb6 100644
--- a/src/card/simulator/SimulatorCard.h
+++ b/src/card/simulator/SimulatorCard.h
@@ -39,11 +39,7 @@ class SimulatorCard
int mPaceKeyId;
QByteArray mPaceNonce;
QByteArray mPaceTerminalKey;
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
- QSharedPointer<EVP_PKEY> mCardKey;
-#else
QSharedPointer<EC_KEY> mCardKey;
-#endif
QSharedPointer<const CVCertificate> mTaCertificate;
QByteArray mTaSigningData;
QByteArray mTaAuxData;
diff --git a/src/card/simulator/SimulatorFileSystem.cpp b/src/card/simulator/SimulatorFileSystem.cpp
index 3c0fb355..3f00ae88 100644
--- a/src/card/simulator/SimulatorFileSystem.cpp
+++ b/src/card/simulator/SimulatorFileSystem.cpp
@@ -357,11 +357,7 @@ QByteArray SimulatorFileSystem::getPassword(PacePasswordId pPasswordId) const
}
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
-QSharedPointer<EVP_PKEY> SimulatorFileSystem::getKey(int pKeyId) const
-#else
QSharedPointer<EC_KEY> SimulatorFileSystem::getKey(int pKeyId) const
-#endif
{
if (!mKeys.contains(pKeyId))
{
@@ -377,13 +373,8 @@ QSharedPointer<EC_KEY> SimulatorFileSystem::getKey(int pKeyId) const
return nullptr;
}
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
- return privateKey;
-
-#else
return EcUtil::create(EVP_PKEY_get1_EC_KEY(privateKey.data()));
-#endif
}
diff --git a/src/card/simulator/SimulatorFileSystem.h b/src/card/simulator/SimulatorFileSystem.h
index 7d8458f5..57065db3 100644
--- a/src/card/simulator/SimulatorFileSystem.h
+++ b/src/card/simulator/SimulatorFileSystem.h
@@ -43,11 +43,7 @@ class SimulatorFileSystem
[[nodiscard]] QByteArray getEfCardAccess() const;
[[nodiscard]] QByteArray getPassword(PacePasswordId pPasswordId) const;
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
- [[nodiscard]] QSharedPointer<EVP_PKEY> getKey(int pKeyId) const;
-#else
[[nodiscard]] QSharedPointer<EC_KEY> getKey(int pKeyId) const;
-#endif
[[nodiscard]] QSharedPointer<const CVCertificate> getTrustPoint() const;
void setTrustPoint(const QSharedPointer<const CVCertificate>& pTrustPoint);
diff --git a/test/qt/card/asn1/test_EcdsaPublicKey.cpp b/test/qt/card/asn1/test_EcdsaPublicKey.cpp
index 8406529e..647a9282 100644
--- a/test/qt/card/asn1/test_EcdsaPublicKey.cpp
+++ b/test/qt/card/asn1/test_EcdsaPublicKey.cpp
@@ -26,20 +26,6 @@ class test_EcdsaPublicKey
private:
QByteArray fetchEcParams(const QSharedPointer<EVP_PKEY>& pKey, BIGNUM** pA, BIGNUM** pB, BIGNUM** pP, BIGNUM** pCofactor, BIGNUM** pOrder)
{
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
- EVP_PKEY_get_bn_param(pKey.data(), "a", pA);
- EVP_PKEY_get_bn_param(pKey.data(), "b", pB);
- EVP_PKEY_get_bn_param(pKey.data(), "p", pP);
- EVP_PKEY_get_bn_param(pKey.data(), "cofactor", pCofactor);
- EVP_PKEY_get_bn_param(pKey.data(), "order", pOrder);
-
- QByteArray generator(1024, 0);
- size_t usedSize = 0;
- EVP_PKEY_get_octet_string_param(pKey.data(), "generator", reinterpret_cast<uchar*>(generator.data()), static_cast<size_t>(generator.size()), &usedSize);
- generator.resize(static_cast<int>(usedSize));
- return generator;
-
-#else
const EC_GROUP* ecGroup = EC_KEY_get0_group(EVP_PKEY_get0_EC_KEY(pKey.data()));
EC_GROUP_get_cofactor(ecGroup, *pCofactor, nullptr);
EC_GROUP_get_order(ecGroup, *pOrder, nullptr);
@@ -53,7 +39,6 @@ class test_EcdsaPublicKey
EC_POINT_point2oct(ecGroup, generator, point_conversion_form_t::POINT_CONVERSION_UNCOMPRESSED, reinterpret_cast<uchar*>(buf.data()), static_cast<size_t>(buf.size()), nullptr);
return QByteArray(buf.data(), buf.size());
-#endif
}
private Q_SLOTS:
diff --git a/test/qt/card/asn1/test_SignatureChecker.cpp b/test/qt/card/asn1/test_SignatureChecker.cpp
index 23db7d23..4d2617cc 100644
--- a/test/qt/card/asn1/test_SignatureChecker.cpp
+++ b/test/qt/card/asn1/test_SignatureChecker.cpp
@@ -117,11 +117,7 @@ class test_SignatureChecker
QTest::ignoreMessage(QtCriticalMsg, "Cannot init verify ctx");
QSharedPointer<EVP_PKEY> key(EVP_PKEY_new(), [](EVP_PKEY* pKey){EVP_PKEY_free(pKey);});
SignatureChecker::checkSignature(key, QByteArray(), QByteArray(), QCryptographicHash::Algorithm::Sha256);
-#if OPENSSL_VERSION_NUMBER < 0x30000000L
QCOMPARE(getOpenSslError(), QByteArray("error:0609D09C:digital envelope routines:int_ctx_new:unsupported algorithm | error:0608F096:digital envelope routines:EVP_PKEY_verify_init:operation not supported for this keytype"));
-#else
- QVERIFY(getOpenSslError().startsWith(QByteArray("error:0308010C:digital envelope routines::unsupported | error:03")));
-#endif
}
diff --git a/test/qt/card/pace/test_EcUtil.cpp b/test/qt/card/pace/test_EcUtil.cpp
index ad0b8455..0620566e 100644
--- a/test/qt/card/pace/test_EcUtil.cpp
+++ b/test/qt/card/pace/test_EcUtil.cpp
@@ -72,17 +72,13 @@ class test_EcUtil
void createAndFreeEmptyKey()
{
-#if OPENSSL_VERSION_NUMBER < 0x30000000L
EcUtil::create(static_cast<EC_KEY*>(nullptr));
-#endif
}
void createAndFreeKey()
{
-#if OPENSSL_VERSION_NUMBER < 0x30000000L
EcUtil::create(EC_KEY_new());
-#endif
}
--
2.48.1
