Lines 56-62
Link Here
|
56 |
typedef ECDSA_SIG *(*sign_sig_fn)(const unsigned char *, int, |
56 |
typedef ECDSA_SIG *(*sign_sig_fn)(const unsigned char *, int, |
57 |
const BIGNUM *, const BIGNUM *, EC_KEY *); |
57 |
const BIGNUM *, const BIGNUM *, EC_KEY *); |
58 |
|
58 |
|
59 |
#if OPENSSL_VERSION_NUMBER < 0x10100000L |
59 |
#if OPENSSL_VERSION_NUMBER < 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) |
60 |
|
60 |
|
61 |
/* ecdsa_method maintains unchanged layout between 0.9.8 and 1.0.2 */ |
61 |
/* ecdsa_method maintains unchanged layout between 0.9.8 and 1.0.2 */ |
62 |
|
62 |
|
Lines 73-79
Link Here
|
73 |
|
73 |
|
74 |
#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */ |
74 |
#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */ |
75 |
|
75 |
|
76 |
#if OPENSSL_VERSION_NUMBER < 0x10002000L |
76 |
#if OPENSSL_VERSION_NUMBER < 0x10002000L || defined(LIBRESSL_VERSION_NUMBER) |
77 |
|
77 |
|
78 |
/* Define missing functions */ |
78 |
/* Define missing functions */ |
79 |
|
79 |
|
Lines 104-110
Link Here
|
104 |
|
104 |
|
105 |
/********** Missing ECDH_METHOD functions for OpenSSL < 1.1.0 */ |
105 |
/********** Missing ECDH_METHOD functions for OpenSSL < 1.1.0 */ |
106 |
|
106 |
|
107 |
#if OPENSSL_VERSION_NUMBER < 0x10100000L |
107 |
#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) |
108 |
|
108 |
|
109 |
/* ecdh_method maintains unchanged layout between 0.9.8 and 1.0.2 */ |
109 |
/* ecdh_method maintains unchanged layout between 0.9.8 and 1.0.2 */ |
110 |
|
110 |
|
Lines 156-162
Link Here
|
156 |
{ |
156 |
{ |
157 |
if (ec_ex_index == 0) { |
157 |
if (ec_ex_index == 0) { |
158 |
while (ec_ex_index == 0) /* Workaround for OpenSSL RT3710 */ |
158 |
while (ec_ex_index == 0) /* Workaround for OpenSSL RT3710 */ |
159 |
#if OPENSSL_VERSION_NUMBER >= 0x10100002L |
159 |
#if OPENSSL_VERSION_NUMBER >= 0x10100002L && !defined(LIBRESSL_VERSION_NUMBER) |
160 |
ec_ex_index = EC_KEY_get_ex_new_index(0, "libp11 ec_key", |
160 |
ec_ex_index = EC_KEY_get_ex_new_index(0, "libp11 ec_key", |
161 |
NULL, NULL, NULL); |
161 |
NULL, NULL, NULL); |
162 |
#else |
162 |
#else |
Lines 265-271
Link Here
|
265 |
EVP_PKEY_set1_EC_KEY(pk, ec); /* Also increments the ec ref count */ |
265 |
EVP_PKEY_set1_EC_KEY(pk, ec); /* Also increments the ec ref count */ |
266 |
|
266 |
|
267 |
if (key->isPrivate) { |
267 |
if (key->isPrivate) { |
268 |
#if OPENSSL_VERSION_NUMBER >= 0x10100000L |
268 |
#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) |
269 |
EC_KEY_set_method(ec, PKCS11_get_ec_key_method()); |
269 |
EC_KEY_set_method(ec, PKCS11_get_ec_key_method()); |
270 |
#else |
270 |
#else |
271 |
ECDSA_set_method(ec, PKCS11_get_ecdsa_method()); |
271 |
ECDSA_set_method(ec, PKCS11_get_ecdsa_method()); |
Lines 275-281
Link Here
|
275 |
/* TODO: Retrieve the ECDSA private key object attributes instead, |
275 |
/* TODO: Retrieve the ECDSA private key object attributes instead, |
276 |
* unless the key has the "sensitive" attribute set */ |
276 |
* unless the key has the "sensitive" attribute set */ |
277 |
|
277 |
|
278 |
#if OPENSSL_VERSION_NUMBER >= 0x10100000L |
278 |
#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) |
279 |
EC_KEY_set_ex_data(ec, ec_ex_index, key); |
279 |
EC_KEY_set_ex_data(ec, ec_ex_index, key); |
280 |
#else |
280 |
#else |
281 |
ECDSA_set_ex_data(ec, ec_ex_index, key); |
281 |
ECDSA_set_ex_data(ec, ec_ex_index, key); |
Lines 345-358
Link Here
|
345 |
(void)kinv; /* Precomputed values are not used for PKCS#11 */ |
345 |
(void)kinv; /* Precomputed values are not used for PKCS#11 */ |
346 |
(void)rp; /* Precomputed values are not used for PKCS#11 */ |
346 |
(void)rp; /* Precomputed values are not used for PKCS#11 */ |
347 |
|
347 |
|
348 |
#if OPENSSL_VERSION_NUMBER >= 0x10100000L |
348 |
#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) |
349 |
key = (PKCS11_KEY *)EC_KEY_get_ex_data(ec, ec_ex_index); |
349 |
key = (PKCS11_KEY *)EC_KEY_get_ex_data(ec, ec_ex_index); |
350 |
#else |
350 |
#else |
351 |
key = (PKCS11_KEY *)ECDSA_get_ex_data(ec, ec_ex_index); |
351 |
key = (PKCS11_KEY *)ECDSA_get_ex_data(ec, ec_ex_index); |
352 |
#endif |
352 |
#endif |
353 |
if (key == NULL) { |
353 |
if (key == NULL) { |
354 |
sign_sig_fn orig_sign_sig; |
354 |
sign_sig_fn orig_sign_sig; |
355 |
#if OPENSSL_VERSION_NUMBER >= 0x10100000L |
355 |
#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) |
356 |
const EC_KEY_METHOD *meth = EC_KEY_OpenSSL(); |
356 |
const EC_KEY_METHOD *meth = EC_KEY_OpenSSL(); |
357 |
EC_KEY_METHOD_get_sign((EC_KEY_METHOD *)meth, |
357 |
EC_KEY_METHOD_get_sign((EC_KEY_METHOD *)meth, |
358 |
NULL, NULL, &orig_sign_sig); |
358 |
NULL, NULL, &orig_sign_sig); |
Lines 515-521
Link Here
|
515 |
return 0; |
515 |
return 0; |
516 |
} |
516 |
} |
517 |
|
517 |
|
518 |
#if OPENSSL_VERSION_NUMBER >= 0x10100004L |
518 |
#if OPENSSL_VERSION_NUMBER >= 0x10100004L && !defined(LIBRESSL_VERSION_NUMBER) |
519 |
|
519 |
|
520 |
/** |
520 |
/** |
521 |
* ECDH key derivation method (replaces ossl_ecdh_compute_key) |
521 |
* ECDH key derivation method (replaces ossl_ecdh_compute_key) |
Lines 578-590
Link Here
|
578 |
size_t buflen; |
578 |
size_t buflen; |
579 |
int rv; |
579 |
int rv; |
580 |
|
580 |
|
581 |
#if OPENSSL_VERSION_NUMBER >= 0x10100000L |
581 |
#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) |
582 |
key = (PKCS11_KEY *)EC_KEY_get_ex_data(ecdh, ec_ex_index); |
582 |
key = (PKCS11_KEY *)EC_KEY_get_ex_data(ecdh, ec_ex_index); |
583 |
#else |
583 |
#else |
584 |
key = (PKCS11_KEY *)ECDSA_get_ex_data((EC_KEY *)ecdh, ec_ex_index); |
584 |
key = (PKCS11_KEY *)ECDSA_get_ex_data((EC_KEY *)ecdh, ec_ex_index); |
585 |
#endif |
585 |
#endif |
|
|
586 |
#if !defined(LIBRESSL_VERSION_NUMBER) |
586 |
if (key == NULL) /* The private key is not handled by PKCS#11 */ |
587 |
if (key == NULL) /* The private key is not handled by PKCS#11 */ |
587 |
return ossl_ecdh_compute_key(out, outlen, peer_point, ecdh, KDF); |
588 |
return ossl_ecdh_compute_key(out, outlen, peer_point, ecdh, KDF); |
|
|
589 |
#else |
590 |
if (key ==NULL) |
591 |
return ECDH_compute_key(out, outlen, peer_point, ecdh, KDF); |
592 |
#endif |
588 |
/* TODO: Add an atfork check */ |
593 |
/* TODO: Add an atfork check */ |
589 |
|
594 |
|
590 |
/* both peer and ecdh use same group parameters */ |
595 |
/* both peer and ecdh use same group parameters */ |
Lines 623-629
Link Here
|
623 |
/* New way to allocate an ECDSA_METOD object */ |
628 |
/* New way to allocate an ECDSA_METOD object */ |
624 |
/* OpenSSL 1.1 has single method EC_KEY_METHOD for ECDSA and ECDH */ |
629 |
/* OpenSSL 1.1 has single method EC_KEY_METHOD for ECDSA and ECDH */ |
625 |
|
630 |
|
626 |
#if OPENSSL_VERSION_NUMBER >= 0x10100000L |
631 |
#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined (LIBRESSL_VERSION_NUMBER) |
627 |
|
632 |
|
628 |
EC_KEY_METHOD *PKCS11_get_ec_key_method(void) |
633 |
EC_KEY_METHOD *PKCS11_get_ec_key_method(void) |
629 |
{ |
634 |
{ |