From 7122f09ce78127173c6a0136a7bf9389ea91072f Mon Sep 17 00:00:00 2001 From: igrkir Date: Fri, 4 Jun 2021 13:23:51 +0300 Subject: [PATCH 1/1] fix OpenSSL v.1.1.1 API consistency revert commit 4108e77e0eb091fdd9b9c4174374a6ac0cc0abd0: remove "const" in pub_decode_gost_ec(). First commited on master branch on May 26, 2020 (see https://github.com/openssl/openssl/commit/7674e92324648b59786d86d8e9014bbaed4e6d07). partially revert commit dbc8f4780fa78d66a68174f78f9ae9aa9cdad53c: OpenSSL v.1.1.1 API has no function EC_GROUP_get0_field(). First commited on master branch on Feb 15, 2019 (see https://github.com/openssl/openssl/commit/fa1f03061037cbdac5369849a885c1191a2550d9). checks OpenSSL v.3.0 API function calls: OSSL_STORE_attach(), PEM_write_bio_X509_PUBKEY()/i2d_X509_PUBKEY_bio(). First commited on master branch on May 13, 2020 (see https://github.com/openssl/openssl/commit/6ab6ecfd6d2d659326f427dceb1b65ae1b4b012b). First commited on master branch on Nov 29, 2019 (see https://github.com/openssl/openssl/commit/cb58d81e68c72ab0128e0a5fc6faa007f8632acd). --- gost_ameth.c | 4 ++-- gost_ec_keyx.c | 6 ++++-- test_params.c | 5 +++++ test_sign.c | 5 +++++ 4 files changed, 16 insertions(+), 4 deletions(-) diff --git a/gost_ameth.c b/gost_ameth.c index f4f50fa..c60ce0a 100644 --- a/gost_ameth.c +++ b/gost_ameth.c @@ -229,7 +229,7 @@ BIGNUM *gost_get0_priv_key(const EVP_PKEY *pkey) * GOST CMS processing functions */ /* FIXME reaarange declarations */ -static int pub_decode_gost_ec(EVP_PKEY *pk, const X509_PUBKEY *pub); +static int pub_decode_gost_ec(EVP_PKEY *pk, X509_PUBKEY *pub); static int gost_cms_set_kari_shared_info(EVP_PKEY_CTX *pctx, CMS_RecipientInfo *ri) { @@ -902,7 +902,7 @@ static int param_cmp_gost_ec(const EVP_PKEY *a, const EVP_PKEY *b) } /* ---------- Public key functions * --------------------------------------*/ -static int pub_decode_gost_ec(EVP_PKEY *pk, const X509_PUBKEY *pub) +static int pub_decode_gost_ec(EVP_PKEY *pk, X509_PUBKEY *pub) { X509_ALGOR *palg = NULL; const unsigned char *pubkey_buf = NULL; diff --git a/gost_ec_keyx.c b/gost_ec_keyx.c index eeb0122..860315d 100644 --- a/gost_ec_keyx.c +++ b/gost_ec_keyx.c @@ -30,7 +30,7 @@ int VKO_compute_key(unsigned char *shared_key, const int vko_dgst_nid) { unsigned char *databuf = NULL; - BIGNUM *scalar = NULL, *X = NULL, *Y = NULL; + BIGNUM *scalar = NULL, *X = NULL, *Y = NULL, *order = NULL; const EC_GROUP *grp = NULL; EC_POINT *pnt = NULL; BN_CTX *ctx = NULL; @@ -51,9 +51,11 @@ int VKO_compute_key(unsigned char *shared_key, goto err; } + order = BN_CTX_get(ctx); grp = EC_KEY_get0_group(priv_key); scalar = BN_CTX_get(ctx); X = BN_CTX_get(ctx); + EC_GROUP_get_order(grp, order, ctx); if ((Y = BN_CTX_get(ctx)) == NULL || (pnt = EC_POINT_new(grp)) == NULL @@ -80,7 +82,7 @@ int VKO_compute_key(unsigned char *shared_key, goto err; } - half_len = BN_num_bytes(EC_GROUP_get0_field(grp)); + half_len = BN_num_bytes(order); buf_len = 2 * half_len; if ((databuf = OPENSSL_malloc(buf_len)) == NULL) { GOSTerr(GOST_F_VKO_COMPUTE_KEY, ERR_R_MALLOC_FAILURE); diff --git a/test_params.c b/test_params.c index 8ce946d..1c8118f 100644 --- a/test_params.c +++ b/test_params.c @@ -958,6 +958,7 @@ static int test_cert(struct test_cert *tc) ret |= err; X509_free(y); +#if OPENSSL_VERSION_MAJOR >= 3 /* Convert public key to PEM and back. */ T(BIO_reset(bp)); T(PEM_write_bio_X509_PUBKEY(bp, xk)); @@ -980,6 +981,10 @@ static int test_cert(struct test_cert *tc) print_test_result(!err); ret |= err; BIO_free(bp); +#else + T(BIO_reset(bp)); + BIO_free(bp); +#endif /* * Verify diff --git a/test_sign.c b/test_sign.c index c76855c..57cf666 100644 --- a/test_sign.c +++ b/test_sign.c @@ -170,6 +170,7 @@ static int test_sign(struct test_sign *t) EVP_PKEY_free(pkey); #endif +#if OPENSSL_VERSION_MAJOR >= 3 /* Convert to DER and back, using OSSL_STORE API. */ T(BIO_reset(bp)); T(i2d_PrivateKey_bio(bp, priv_key)); @@ -199,6 +200,10 @@ static int test_sign(struct test_sign *t) } else printf(cCYAN "skipped\n" cNORM); BIO_free(bp); +#else + T(BIO_reset(bp)); + BIO_free(bp); +#endif /* Convert to DER and back, using memory API. */ unsigned char *kptr = NULL; -- 2.39.5