Attachment #567520 for bug #598410

Lines 43-49 Link Here

(-)a/src/p11_misc.c (-1 / +1 lines)
43	* CRYPTO dynlock wrappers: 0 is an invalid dynamic lock ID	43	* CRYPTO dynlock wrappers: 0 is an invalid dynamic lock ID
44	*/	44	*/
45		45
46	#if OPENSSL_VERSION_NUMBER < 0x10100004L	46	#if defined(LIBRESSL_VERSION_NUMBER) \|\| OPENSSL_VERSION_NUMBER < 0x10100004L
47		47
48	int CRYPTO_THREAD_lock_new()	48	int CRYPTO_THREAD_lock_new()
49	{	49	{





static int rsa_ex_index = 0;

#if OPENSSL_VERSION_NUMBER < 0x10100003L && !defined(LIBRESSL_VERSION_NUMBER)
#define EVP_PKEY_get0_RSA(key) ((key)->pkey.rsa)
#endif


	return RSA_size(rsa);
}

#if OPENSSL_VERSION_NUMBER < 0x10100005L || defined(LIBRESSL_VERSION_NUMBER)

int (*RSA_meth_get_priv_enc(const RSA_METHOD *meth))
		(int flen, const unsigned char *from,

static void free_rsa_ex_index()
{
	/* CRYPTO_free_ex_index requires OpenSSL version >= 1.1.0-pre1 */
#if OPENSSL_VERSION_NUMBER >= 0x10100001L && !defined(LIBRESSL_VERSION_NUMBER)
	if (rsa_ex_index > 0) {
		CRYPTO_free_ex_index(CRYPTO_EX_INDEX_RSA, rsa_ex_index);
		rsa_ex_index = 0;

#endif
}

#if defined(LIBRESSL_VERSION_NUMBER)

static int RSA_meth_set_flags(RSA_METHOD *meth, int flags)
{
	meth->flags = flags;
	return 1;
}

#endif

#if OPENSSL_VERSION_NUMBER < 0x10100005L && !defined(LIBRESSL_VERSION_NUMBER)

static RSA_METHOD *RSA_meth_dup(const RSA_METHOD *meth)
{




extern void *C_LoadModule(const char *name, CK_FUNCTION_LIST_PTR_PTR);
extern CK_RV C_UnloadModule(void *module);

#if (defined(LIBRESSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER < 0x10100004L)
typedef int PKCS11_RWLOCK;
typedef PKCS11_RWLOCK CRYPTO_RWLOCK;
#else
typedef CRYPTO_RWLOCK *PKCS11_RWLOCK;
#endif

#define PKCS11_DUP(s) \
	pkcs11_strdup((char *) s, sizeof(s))

#if (defined(LIBRESSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER < 0x10100004L)
/* Emulate the OpenSSL 1.1 locking API for older OpenSSL versions */
int CRYPTO_THREAD_lock_new();
void CRYPTO_THREAD_lock_free(int);




	char *init_args;

	/* Engine initialization mutex */
#if OPENSSL_VERSION_NUMBER >= 0x10100004L && !defined(LIBRESSL_VERSION_NUMBER)
	CRYPTO_RWLOCK *rwlock;
#else
	int rwlock;

#endif
	}

#if OPENSSL_VERSION_NUMBER >= 0x10100004L && !defined(LIBRESSL_VERSION_NUMBER)
	ctx->rwlock = CRYPTO_THREAD_lock_new();
#else
	ctx->rwlock = CRYPTO_get_dynlock_create_callback() ?

		ctx_destroy_pin(ctx);
		OPENSSL_free(ctx->module);
		OPENSSL_free(ctx->init_args);
#if OPENSSL_VERSION_NUMBER >= 0x10100004L && !defined(LIBRESSL_VERSION_NUMBER)
		CRYPTO_THREAD_lock_free(ctx->rwlock);
#else
		if (ctx->rwlock)


static int ctx_init_libp11(ENGINE_CTX *ctx)
{
#if OPENSSL_VERSION_NUMBER >= 0x10100004L && !defined(LIBRESSL_VERSION_NUMBER)
	CRYPTO_THREAD_write_lock(ctx->rwlock);
#else
	if (ctx->rwlock)

#endif
	if (ctx->pkcs11_ctx == NULL || ctx->slot_list == NULL)
		ctx_init_libp11_unlocked(ctx);
#if OPENSSL_VERSION_NUMBER >= 0x10100004L && !defined(LIBRESSL_VERSION_NUMBER)
	CRYPTO_THREAD_unlock(ctx->rwlock);
#else
	if (ctx->rwlock)

	/* Only attempt initialization when dynamic locks are unavailable.
	 * This likely also indicates a single-threaded application,
	 * so temporarily unlocking CRYPTO_LOCK_ENGINE should be safe. */
#if (defined(LIBRESSL_VERSION_NUMBER) || OPENSSL_VERSION_NUMBER < 0x10100004L)
	if (CRYPTO_get_dynlock_create_callback() == NULL ||
			CRYPTO_get_dynlock_lock_callback() == NULL ||
			CRYPTO_get_dynlock_destroy_callback() == NULL) {

Lines 370-376 Link Here

(-)a/src/libp11.h (-1 / +1 lines)
370	*/	370	*/
371	RSA_METHOD *PKCS11_get_rsa_method(void);	371	RSA_METHOD *PKCS11_get_rsa_method(void);
372	/* Also define unsupported methods to retain backward compatibility */	372	/* Also define unsupported methods to retain backward compatibility */
373	#if OPENSSL_VERSION_NUMBER >= 0x10100002L	373	#if OPENSSL_VERSION_NUMBER >= 0x10100002L && !defined(LIBRESSL_VERSION_NUMBER)
374	EC_KEY_METHOD *PKCS11_get_ec_key_method(void);	374	EC_KEY_METHOD *PKCS11_get_ec_key_method(void);
375	void *PKCS11_get_ecdsa_method(void);	375	void *PKCS11_get_ecdsa_method(void);
376	void *PKCS11_get_ecdh_method(void);	376	void *PKCS11_get_ecdh_method(void);




typedef ECDSA_SIG *(*sign_sig_fn)(const unsigned char *, int,
	const BIGNUM *, const BIGNUM *, EC_KEY *);

#if OPENSSL_VERSION_NUMBER < 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)

/* ecdsa_method maintains unchanged layout between 0.9.8 and 1.0.2 */



#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */

#if OPENSSL_VERSION_NUMBER < 0x10002000L || defined(LIBRESSL_VERSION_NUMBER)

/* Define missing functions */



/********** Missing ECDH_METHOD functions for OpenSSL < 1.1.0 */

#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)

/* ecdh_method maintains unchanged layout between 0.9.8 and 1.0.2 */


{
	if (ec_ex_index == 0) {
		while (ec_ex_index == 0) /* Workaround for OpenSSL RT3710 */
#if OPENSSL_VERSION_NUMBER >= 0x10100002L && !defined(LIBRESSL_VERSION_NUMBER)
			ec_ex_index = EC_KEY_get_ex_new_index(0, "libp11 ec_key",
				NULL, NULL, NULL);
#else

	EVP_PKEY_set1_EC_KEY(pk, ec); /* Also increments the ec ref count */

	if (key->isPrivate) {
#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
		EC_KEY_set_method(ec, PKCS11_get_ec_key_method());
#else
		ECDSA_set_method(ec, PKCS11_get_ecdsa_method());

	/* TODO: Retrieve the ECDSA private key object attributes instead,
	 * unless the key has the "sensitive" attribute set */

#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
	EC_KEY_set_ex_data(ec, ec_ex_index, key);
#else
	ECDSA_set_ex_data(ec, ec_ex_index, key);

	(void)kinv; /* Precomputed values are not used for PKCS#11 */
	(void)rp; /* Precomputed values are not used for PKCS#11 */

#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
	key = (PKCS11_KEY *)EC_KEY_get_ex_data(ec, ec_ex_index);
#else
	key = (PKCS11_KEY *)ECDSA_get_ex_data(ec, ec_ex_index);
#endif
	if (key == NULL) {
		sign_sig_fn orig_sign_sig;
#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
		const EC_KEY_METHOD *meth = EC_KEY_OpenSSL();
		EC_KEY_METHOD_get_sign((EC_KEY_METHOD *)meth,
			NULL, NULL, &orig_sign_sig);

	return 0;
}

#if OPENSSL_VERSION_NUMBER >= 0x10100004L && !defined(LIBRESSL_VERSION_NUMBER)

/**
 * ECDH key derivation method (replaces ossl_ecdh_compute_key)

	size_t buflen;
	int rv;

#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
	key = (PKCS11_KEY *)EC_KEY_get_ex_data(ecdh, ec_ex_index);
#else
	key = (PKCS11_KEY *)ECDSA_get_ex_data((EC_KEY *)ecdh, ec_ex_index);
#endif
#if !defined(LIBRESSL_VERSION_NUMBER)
	if (key == NULL) /* The private key is not handled by PKCS#11 */
		return ossl_ecdh_compute_key(out, outlen, peer_point, ecdh, KDF);
#else
	if (key ==NULL)
		return ECDH_compute_key(out, outlen, peer_point, ecdh, KDF);
#endif
	/* TODO: Add an atfork check */

	/* both peer and ecdh use same group parameters */

/* New way to allocate an ECDSA_METOD object */
/* OpenSSL 1.1 has single method  EC_KEY_METHOD for ECDSA and ECDH */

#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined (LIBRESSL_VERSION_NUMBER)

EC_KEY_METHOD *PKCS11_get_ec_key_method(void)
{

Return to bug 598410

Lines 29-35 Link Here

(-)a/src/p11_rsa.c (-4 / +14 lines)
29		29
30	static int rsa_ex_index = 0;	30	static int rsa_ex_index = 0;
31		31
32	#if OPENSSL_VERSION_NUMBER < 0x10100003L	32	#if OPENSSL_VERSION_NUMBER < 0x10100003L && !defined(LIBRESSL_VERSION_NUMBER)
33	#define EVP_PKEY_get0_RSA(key) ((key)->pkey.rsa)	33	#define EVP_PKEY_get0_RSA(key) ((key)->pkey.rsa)
34	#endif	34	#endif
35		35
Lines 310-316 Link Here
310	return RSA_size(rsa);	310	return RSA_size(rsa);
311	}	311	}
312		312
313	#if OPENSSL_VERSION_NUMBER < 0x10100005L	313	#if OPENSSL_VERSION_NUMBER < 0x10100005L \|\| defined(LIBRESSL_VERSION_NUMBER)
314		314
315	int (RSA_meth_get_priv_enc(const RSA_METHOD meth))	315	int (RSA_meth_get_priv_enc(const RSA_METHOD meth))
316	(int flen, const unsigned char *from,	316	(int flen, const unsigned char *from,
Lines 374-380 Link Here
374	static void free_rsa_ex_index()	374	static void free_rsa_ex_index()
375	{	375	{
376	/* CRYPTO_free_ex_index requires OpenSSL version >= 1.1.0-pre1 */	376	/* CRYPTO_free_ex_index requires OpenSSL version >= 1.1.0-pre1 */
377	#if OPENSSL_VERSION_NUMBER >= 0x10100001L	377	#if OPENSSL_VERSION_NUMBER >= 0x10100001L && !defined(LIBRESSL_VERSION_NUMBER)
378	if (rsa_ex_index > 0) {	378	if (rsa_ex_index > 0) {
379	CRYPTO_free_ex_index(CRYPTO_EX_INDEX_RSA, rsa_ex_index);	379	CRYPTO_free_ex_index(CRYPTO_EX_INDEX_RSA, rsa_ex_index);
380	rsa_ex_index = 0;	380	rsa_ex_index = 0;
Lines 382-388 Link Here
382	#endif	382	#endif
383	}	383	}
384		384
385	#if OPENSSL_VERSION_NUMBER < 0x10100005L	385	#if defined(LIBRESSL_VERSION_NUMBER)
		386
		387	static int RSA_meth_set_flags(RSA_METHOD *meth, int flags)
		388	{
		389	meth->flags = flags;
		390	return 1;
		391	}
		392
		393	#endif
		394
		395	#if OPENSSL_VERSION_NUMBER < 0x10100005L && !defined(LIBRESSL_VERSION_NUMBER)
386		396
387	static RSA_METHOD RSA_meth_dup(const RSA_METHOD meth)	397	static RSA_METHOD RSA_meth_dup(const RSA_METHOD meth)
388	{	398	{

Lines 32-39 Link Here

(-)a/src/libp11-int.h (-2 / +3 lines)
32	extern void C_LoadModule(const char name, CK_FUNCTION_LIST_PTR_PTR);	32	extern void C_LoadModule(const char name, CK_FUNCTION_LIST_PTR_PTR);
33	extern CK_RV C_UnloadModule(void *module);	33	extern CK_RV C_UnloadModule(void *module);
34		34
35	#if OPENSSL_VERSION_NUMBER < 0x10100004L	35	#if (defined(LIBRESSL_VERSION_NUMBER) \|\| OPENSSL_VERSION_NUMBER < 0x10100004L)
36	typedef int PKCS11_RWLOCK;	36	typedef int PKCS11_RWLOCK;
		37	typedef PKCS11_RWLOCK CRYPTO_RWLOCK;
37	#else	38	#else
38	typedef CRYPTO_RWLOCK *PKCS11_RWLOCK;	39	typedef CRYPTO_RWLOCK *PKCS11_RWLOCK;
39	#endif	40	#endif
Lines 144-150 Link Here
144	#define PKCS11_DUP(s) \	145	#define PKCS11_DUP(s) \
145	pkcs11_strdup((char *) s, sizeof(s))	146	pkcs11_strdup((char *) s, sizeof(s))
146		147
147	#if OPENSSL_VERSION_NUMBER < 0x10100004L	148	#if (defined(LIBRESSL_VERSION_NUMBER) \|\| OPENSSL_VERSION_NUMBER < 0x10100004L)
148	/* Emulate the OpenSSL 1.1 locking API for older OpenSSL versions */	149	/* Emulate the OpenSSL 1.1 locking API for older OpenSSL versions */
149	int CRYPTO_THREAD_lock_new();	150	int CRYPTO_THREAD_lock_new();
150	void CRYPTO_THREAD_lock_free(int);	151	void CRYPTO_THREAD_lock_free(int);

Lines 49-55 Link Here

(-)a/src/eng_back.c (-6 / +6 lines)
49	char *init_args;	49	char *init_args;
50		50
51	/* Engine initialization mutex */	51	/* Engine initialization mutex */
52	#if OPENSSL_VERSION_NUMBER >= 0x10100004L	52	#if OPENSSL_VERSION_NUMBER >= 0x10100004L && !defined(LIBRESSL_VERSION_NUMBER)
53	CRYPTO_RWLOCK *rwlock;	53	CRYPTO_RWLOCK *rwlock;
54	#else	54	#else
55	int rwlock;	55	int rwlock;
Lines 206-212 Link Here
206	#endif	206	#endif
207	}	207	}
208		208
209	#if OPENSSL_VERSION_NUMBER >= 0x10100004L	209	#if OPENSSL_VERSION_NUMBER >= 0x10100004L && !defined(LIBRESSL_VERSION_NUMBER)
210	ctx->rwlock = CRYPTO_THREAD_lock_new();	210	ctx->rwlock = CRYPTO_THREAD_lock_new();
211	#else	211	#else
212	ctx->rwlock = CRYPTO_get_dynlock_create_callback() ?	212	ctx->rwlock = CRYPTO_get_dynlock_create_callback() ?
Lines 224-230 Link Here
224	ctx_destroy_pin(ctx);	224	ctx_destroy_pin(ctx);
225	OPENSSL_free(ctx->module);	225	OPENSSL_free(ctx->module);
226	OPENSSL_free(ctx->init_args);	226	OPENSSL_free(ctx->init_args);
227	#if OPENSSL_VERSION_NUMBER >= 0x10100004L	227	#if OPENSSL_VERSION_NUMBER >= 0x10100004L && !defined(LIBRESSL_VERSION_NUMBER)
228	CRYPTO_THREAD_lock_free(ctx->rwlock);	228	CRYPTO_THREAD_lock_free(ctx->rwlock);
229	#else	229	#else
230	if (ctx->rwlock)	230	if (ctx->rwlock)
Lines 274-280 Link Here
274		274
275	static int ctx_init_libp11(ENGINE_CTX *ctx)	275	static int ctx_init_libp11(ENGINE_CTX *ctx)
276	{	276	{
277	#if OPENSSL_VERSION_NUMBER >= 0x10100004L	277	#if OPENSSL_VERSION_NUMBER >= 0x10100004L && !defined(LIBRESSL_VERSION_NUMBER)
278	CRYPTO_THREAD_write_lock(ctx->rwlock);	278	CRYPTO_THREAD_write_lock(ctx->rwlock);
279	#else	279	#else
280	if (ctx->rwlock)	280	if (ctx->rwlock)
Lines 282-288 Link Here
282	#endif	282	#endif
283	if (ctx->pkcs11_ctx == NULL \|\| ctx->slot_list == NULL)	283	if (ctx->pkcs11_ctx == NULL \|\| ctx->slot_list == NULL)
284	ctx_init_libp11_unlocked(ctx);	284	ctx_init_libp11_unlocked(ctx);
285	#if OPENSSL_VERSION_NUMBER >= 0x10100004L	285	#if OPENSSL_VERSION_NUMBER >= 0x10100004L && !defined(LIBRESSL_VERSION_NUMBER)
286	CRYPTO_THREAD_unlock(ctx->rwlock);	286	CRYPTO_THREAD_unlock(ctx->rwlock);
287	#else	287	#else
288	if (ctx->rwlock)	288	if (ctx->rwlock)
Lines 302-308 Link Here
302	/* Only attempt initialization when dynamic locks are unavailable.	302	/* Only attempt initialization when dynamic locks are unavailable.
303	* This likely also indicates a single-threaded application,	303	* This likely also indicates a single-threaded application,
304	* so temporarily unlocking CRYPTO_LOCK_ENGINE should be safe. */	304	* so temporarily unlocking CRYPTO_LOCK_ENGINE should be safe. */
305	#if OPENSSL_VERSION_NUMBER < 0x10100004L	305	#if (defined(LIBRESSL_VERSION_NUMBER) \|\| OPENSSL_VERSION_NUMBER < 0x10100004L)
306	if (CRYPTO_get_dynlock_create_callback() == NULL \|\|	306	if (CRYPTO_get_dynlock_create_callback() == NULL \|\|
307	CRYPTO_get_dynlock_lock_callback() == NULL \|\|	307	CRYPTO_get_dynlock_lock_callback() == NULL \|\|
308	CRYPTO_get_dynlock_destroy_callback() == NULL) {	308	CRYPTO_get_dynlock_destroy_callback() == NULL) {

Lines 56-62 Link Here

(-)a/src/p11_ec.c (-11 / +16 lines)
56	typedef ECDSA_SIG (sign_sig_fn)(const unsigned char *, int,	56	typedef ECDSA_SIG (sign_sig_fn)(const unsigned char *, int,
57	const BIGNUM , const BIGNUM , EC_KEY *);	57	const BIGNUM , const BIGNUM , EC_KEY *);
58		58
59	#if OPENSSL_VERSION_NUMBER < 0x10100000L	59	#if OPENSSL_VERSION_NUMBER < 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
60		60
61	/* ecdsa_method maintains unchanged layout between 0.9.8 and 1.0.2 */	61	/* ecdsa_method maintains unchanged layout between 0.9.8 and 1.0.2 */
62		62
Lines 73-79 Link Here
73		73
74	#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */	74	#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
75		75
76	#if OPENSSL_VERSION_NUMBER < 0x10002000L	76	#if OPENSSL_VERSION_NUMBER < 0x10002000L \|\| defined(LIBRESSL_VERSION_NUMBER)
77		77
78	/* Define missing functions */	78	/* Define missing functions */
79		79
Lines 104-110 Link Here
104		104
105	/********** Missing ECDH_METHOD functions for OpenSSL < 1.1.0 */	105	/********** Missing ECDH_METHOD functions for OpenSSL < 1.1.0 */
106		106
107	#if OPENSSL_VERSION_NUMBER < 0x10100000L	107	#if OPENSSL_VERSION_NUMBER < 0x10100000L \|\| defined(LIBRESSL_VERSION_NUMBER)
108		108
109	/* ecdh_method maintains unchanged layout between 0.9.8 and 1.0.2 */	109	/* ecdh_method maintains unchanged layout between 0.9.8 and 1.0.2 */
110		110
Lines 156-162 Link Here
156	{	156	{
157	if (ec_ex_index == 0) {	157	if (ec_ex_index == 0) {
158	while (ec_ex_index == 0) /* Workaround for OpenSSL RT3710 */	158	while (ec_ex_index == 0) /* Workaround for OpenSSL RT3710 */
159	#if OPENSSL_VERSION_NUMBER >= 0x10100002L	159	#if OPENSSL_VERSION_NUMBER >= 0x10100002L && !defined(LIBRESSL_VERSION_NUMBER)
160	ec_ex_index = EC_KEY_get_ex_new_index(0, "libp11 ec_key",	160	ec_ex_index = EC_KEY_get_ex_new_index(0, "libp11 ec_key",
161	NULL, NULL, NULL);	161	NULL, NULL, NULL);
162	#else	162	#else
Lines 265-271 Link Here
265	EVP_PKEY_set1_EC_KEY(pk, ec); /* Also increments the ec ref count */	265	EVP_PKEY_set1_EC_KEY(pk, ec); /* Also increments the ec ref count */
266		266
267	if (key->isPrivate) {	267	if (key->isPrivate) {
268	#if OPENSSL_VERSION_NUMBER >= 0x10100000L	268	#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
269	EC_KEY_set_method(ec, PKCS11_get_ec_key_method());	269	EC_KEY_set_method(ec, PKCS11_get_ec_key_method());
270	#else	270	#else
271	ECDSA_set_method(ec, PKCS11_get_ecdsa_method());	271	ECDSA_set_method(ec, PKCS11_get_ecdsa_method());
Lines 275-281 Link Here
275	/* TODO: Retrieve the ECDSA private key object attributes instead,	275	/* TODO: Retrieve the ECDSA private key object attributes instead,
276	* unless the key has the "sensitive" attribute set */	276	* unless the key has the "sensitive" attribute set */
277		277
278	#if OPENSSL_VERSION_NUMBER >= 0x10100000L	278	#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
279	EC_KEY_set_ex_data(ec, ec_ex_index, key);	279	EC_KEY_set_ex_data(ec, ec_ex_index, key);
280	#else	280	#else
281	ECDSA_set_ex_data(ec, ec_ex_index, key);	281	ECDSA_set_ex_data(ec, ec_ex_index, key);
Lines 345-358 Link Here
345	(void)kinv; /* Precomputed values are not used for PKCS#11 */	345	(void)kinv; /* Precomputed values are not used for PKCS#11 */
346	(void)rp; /* Precomputed values are not used for PKCS#11 */	346	(void)rp; /* Precomputed values are not used for PKCS#11 */
347		347
348	#if OPENSSL_VERSION_NUMBER >= 0x10100000L	348	#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
349	key = (PKCS11_KEY *)EC_KEY_get_ex_data(ec, ec_ex_index);	349	key = (PKCS11_KEY *)EC_KEY_get_ex_data(ec, ec_ex_index);
350	#else	350	#else
351	key = (PKCS11_KEY *)ECDSA_get_ex_data(ec, ec_ex_index);	351	key = (PKCS11_KEY *)ECDSA_get_ex_data(ec, ec_ex_index);
352	#endif	352	#endif
353	if (key == NULL) {	353	if (key == NULL) {
354	sign_sig_fn orig_sign_sig;	354	sign_sig_fn orig_sign_sig;
355	#if OPENSSL_VERSION_NUMBER >= 0x10100000L	355	#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
356	const EC_KEY_METHOD *meth = EC_KEY_OpenSSL();	356	const EC_KEY_METHOD *meth = EC_KEY_OpenSSL();
357	EC_KEY_METHOD_get_sign((EC_KEY_METHOD *)meth,	357	EC_KEY_METHOD_get_sign((EC_KEY_METHOD *)meth,
358	NULL, NULL, &orig_sign_sig);	358	NULL, NULL, &orig_sign_sig);
Lines 515-521 Link Here
515	return 0;	515	return 0;
516	}	516	}
517		517
518	#if OPENSSL_VERSION_NUMBER >= 0x10100004L	518	#if OPENSSL_VERSION_NUMBER >= 0x10100004L && !defined(LIBRESSL_VERSION_NUMBER)
519		519
520	/**	520	/**
521	* ECDH key derivation method (replaces ossl_ecdh_compute_key)	521	* ECDH key derivation method (replaces ossl_ecdh_compute_key)
Lines 578-590 Link Here
578	size_t buflen;	578	size_t buflen;
579	int rv;	579	int rv;
580		580
581	#if OPENSSL_VERSION_NUMBER >= 0x10100000L	581	#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
582	key = (PKCS11_KEY *)EC_KEY_get_ex_data(ecdh, ec_ex_index);	582	key = (PKCS11_KEY *)EC_KEY_get_ex_data(ecdh, ec_ex_index);
583	#else	583	#else
584	key = (PKCS11_KEY )ECDSA_get_ex_data((EC_KEY )ecdh, ec_ex_index);	584	key = (PKCS11_KEY )ECDSA_get_ex_data((EC_KEY )ecdh, ec_ex_index);
585	#endif	585	#endif
		586	#if !defined(LIBRESSL_VERSION_NUMBER)
586	if (key == NULL) /* The private key is not handled by PKCS#11 */	587	if (key == NULL) /* The private key is not handled by PKCS#11 */
587	return ossl_ecdh_compute_key(out, outlen, peer_point, ecdh, KDF);	588	return ossl_ecdh_compute_key(out, outlen, peer_point, ecdh, KDF);
		589	#else
		590	if (key ==NULL)
		591	return ECDH_compute_key(out, outlen, peer_point, ecdh, KDF);
		592	#endif
588	/* TODO: Add an atfork check */	593	/* TODO: Add an atfork check */
589		594
590	/* both peer and ecdh use same group parameters */	595	/* both peer and ecdh use same group parameters */
Lines 623-629 Link Here
623	/* New way to allocate an ECDSA_METOD object */	628	/* New way to allocate an ECDSA_METOD object */
624	/* OpenSSL 1.1 has single method EC_KEY_METHOD for ECDSA and ECDH */	629	/* OpenSSL 1.1 has single method EC_KEY_METHOD for ECDSA and ECDH */
625		630
626	#if OPENSSL_VERSION_NUMBER >= 0x10100000L	631	#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined (LIBRESSL_VERSION_NUMBER)
627		632
628	EC_KEY_METHOD *PKCS11_get_ec_key_method(void)	633	EC_KEY_METHOD *PKCS11_get_ec_key_method(void)
629	{	634	{