From: Lukasz Pawelczyk Date: Mon, 11 May 2020 16:26:16 +0000 (+0200) Subject: Remove support for OpenSSL 1.0.x, it's EOL X-Git-Tag: accepted/tizen/6.0/unified/20201030.115321~14 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=3097b1e32a57a5101259281ddb8eeed61939b26e;p=platform%2Fcore%2Fsecurity%2Fyaca.git Remove support for OpenSSL 1.0.x, it's EOL Change-Id: If860fb8c5f3ea3fc128d52860e923e0cff582cd2 --- diff --git a/src/crypto.c b/src/crypto.c index 98e941a..585114a 100644 --- a/src/crypto.c +++ b/src/crypto.c @@ -44,10 +44,6 @@ #include "internal.h" -#if OPENSSL_VERSION_NUMBER < 0x10100000L -static pthread_mutex_t *mutexes = NULL; -#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */ - static __thread bool current_thread_initialized = false; static size_t threads_cnt = 0; static pthread_mutex_t init_mutex = PTHREAD_MUTEX_INITIALIZER; @@ -82,8 +78,6 @@ static int getrandom_wrapper(unsigned char *buf, int num) return 1; } -#if OPENSSL_VERSION_NUMBER >= 0x10100000L - static int RAND_METHOD_seed(UNUSED const void *buf, UNUSED int num) { return 1; @@ -94,18 +88,6 @@ static int RAND_METHOD_add(UNUSED const void *buf, UNUSED int num, UNUSED double return 1; } -#else /* OPENSSL_VERSION_NUMBER >= 0x10100000L */ - -static void RAND_METHOD_seed(UNUSED const void *buf, UNUSED int num) -{ -} - -static void RAND_METHOD_add(UNUSED const void *buf, UNUSED int num, UNUSED double entropy) -{ -} - -#endif /* OPENSSL_VERSION_NUMBER >= 0x10100000L */ - static int RAND_METHOD_bytes(unsigned char *buf, int num) { return getrandom_wrapper(buf, num); @@ -141,41 +123,6 @@ static const RAND_METHOD new_rand_method = { RAND_METHOD_status, }; -#if OPENSSL_VERSION_NUMBER < 0x10100000L - -static void locking_callback(int mode, int type, UNUSED const char *file, UNUSED int line) -{ - /* Ignore NULL mutexes and lock/unlock error codes as we can't do anything - * about them. */ - - if (mutexes == NULL) - return; - - if (mode & CRYPTO_LOCK) - pthread_mutex_lock(&mutexes[type]); - else if (mode & CRYPTO_UNLOCK) - pthread_mutex_unlock(&mutexes[type]); -} - -static unsigned long thread_id_callback() -{ - return pthread_self(); -} - -static void destroy_mutexes(int count) -{ - if (mutexes != NULL) { - for (int i = 0; i < count; i++) { - /* Ignore returned value as we can't do anything about it */ - pthread_mutex_destroy(&mutexes[i]); - } - yaca_free(mutexes); - mutexes = NULL; - } -} - -#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */ - API int yaca_initialize(void) { int ret = YACA_ERROR_NONE; @@ -225,42 +172,6 @@ API int yaca_initialize(void) OpenSSL_add_all_digests(); OpenSSL_add_all_ciphers(); -#if OPENSSL_VERSION_NUMBER < 0x10100000L - /* enable threads support */ - assert(mutexes == NULL); - - if (CRYPTO_num_locks() > 0) { - ret = yaca_malloc(CRYPTO_num_locks() * sizeof(pthread_mutex_t), - (void**)&mutexes); - - if (ret != YACA_ERROR_NONE) - goto exit; - - for (int i = 0; i < CRYPTO_num_locks(); i++) { - if (pthread_mutex_init(&mutexes[i], NULL) != 0) { - ret = YACA_ERROR_NONE; - switch (errno) { - case ENOMEM: - ret = YACA_ERROR_OUT_OF_MEMORY; - break; - case EAGAIN: - case EPERM: - case EBUSY: - case EINVAL: - default: - ret = YACA_ERROR_INTERNAL; - } - destroy_mutexes(i); - - goto exit; - } - } - - CRYPTO_set_id_callback(thread_id_callback); - CRYPTO_set_locking_callback(locking_callback); - } -#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */ - /* * TODO: * - We should also decide on OpenSSL config. @@ -272,9 +183,9 @@ API int yaca_initialize(void) current_thread_initialized = true; } -#if OPENSSL_VERSION_NUMBER < 0x10100000L || !defined SYS_getrandom +#if !defined SYS_getrandom exit: -#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L || !defined SYS_getrandom */ +#endif /* !defined SYS_getrandom */ pthread_mutex_unlock(&init_mutex); @@ -288,9 +199,6 @@ API void yaca_cleanup(void) return; /* per thread cleanup */ -#if OPENSSL_VERSION_NUMBER < 0x10100000L - ERR_remove_thread_state(NULL); -#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */ CRYPTO_cleanup_all_ex_data(); pthread_mutex_lock(&init_mutex); @@ -307,13 +215,6 @@ API void yaca_cleanup(void) urandom_fd = -2; #endif /* SYS_getrandom */ -#if OPENSSL_VERSION_NUMBER < 0x10100000L - /* threads support cleanup */ - CRYPTO_set_id_callback(NULL); - CRYPTO_set_locking_callback(NULL); - - destroy_mutexes(CRYPTO_num_locks()); -#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */ } assert(threads_cnt > 0); diff --git a/src/debug.c b/src/debug.c index fbb4dc2..486180e 100644 --- a/src/debug.c +++ b/src/debug.c @@ -127,18 +127,12 @@ int error_handle(const char *file, int line, const char *function) /* known errors */ switch (err) { -#if OPENSSL_VERSION_NUMBER > 0x10100000L case ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_OSSL_PRIVATE_DECRYPT, RSA_R_DATA_GREATER_THAN_MOD_LEN): case ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_OSSL_PUBLIC_DECRYPT, RSA_R_DATA_GREATER_THAN_MOD_LEN): case ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_OSSL_PRIVATE_DECRYPT, RSA_R_DATA_TOO_LARGE_FOR_MODULUS): case ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_OSSL_PUBLIC_DECRYPT, RSA_R_DATA_TOO_LARGE_FOR_MODULUS): case ERR_PACK(ERR_LIB_PEM, PEM_F_GET_NAME, PEM_R_NO_START_LINE): case ERR_PACK(ERR_LIB_PEM, PEM_F_GET_HEADER_AND_DATA, PEM_R_BAD_END_LINE): -#else /* OPENSSL_VERSION_NUMBER > 0x10100000L */ - case ERR_PACK(ERR_LIB_RSA, RSA_F_PKEY_RSA_CTRL, RSA_R_INVALID_KEYBITS): - case ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_EAY_PRIVATE_DECRYPT, RSA_R_DATA_GREATER_THAN_MOD_LEN): - case ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_DATA_GREATER_THAN_MOD_LEN): -#endif /* OPENSSL_VERSION_NUMBER > 0x10100000L */ case ERR_PACK(ERR_LIB_RSA, RSA_F_PKEY_RSA_CTRL, RSA_R_KEY_SIZE_TOO_SMALL): case ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_CTX_CTRL, EVP_R_COMMAND_NOT_SUPPORTED): case ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_READ_BIO, PEM_R_NO_START_LINE): diff --git a/src/encrypt.c b/src/encrypt.c index 51ca1a9..82f5d77 100644 --- a/src/encrypt.c +++ b/src/encrypt.c @@ -526,13 +526,6 @@ static int encrypt_ctx_setup(struct yaca_encrypt_context_s *c, if (ret != YACA_ERROR_NONE) return ret; -#if OPENSSL_VERSION_NUMBER < 0x10100000L - /* Fix for OpenSSL error in 3DES CFB1 */ - int nid = EVP_CIPHER_CTX_nid(c->cipher_ctx); - if (nid == NID_des_ede3_cfb1) - EVP_CIPHER_CTX_set_flags(c->cipher_ctx, EVP_CIPH_FLAG_LENGTH_BITS); -#endif - if (liv != NULL) iv_data = (unsigned char*)liv->d; @@ -1109,13 +1102,6 @@ int encrypt_update(yaca_context_h ctx, } } - /* Fix for OpenSSL error in 3DES CFB1 */ - if (EVP_CIPHER_CTX_test_flags(c->cipher_ctx, EVP_CIPH_FLAG_LENGTH_BITS) != 0) { - if (input_len > INT_MAX / 8) - return YACA_ERROR_INVALID_PARAMETER; - input_len *= 8; - } - ret = EVP_CipherUpdate(c->cipher_ctx, output, &loutput_len, input, input_len); if (ret != 1 || loutput_len < 0) { if (mode == EVP_CIPH_CCM_MODE && (op_type == OP_DECRYPT || op_type == OP_OPEN)) { @@ -1135,11 +1121,6 @@ int encrypt_update(yaca_context_h ctx, *output_len = loutput_len; c->state = target_state; - - /* Fix for OpenSSL error in 3DES CFB1 */ - if (EVP_CIPHER_CTX_test_flags(c->cipher_ctx, EVP_CIPH_FLAG_LENGTH_BITS) != 0) - *output_len /= 8; - return YACA_ERROR_NONE; } @@ -1175,10 +1156,6 @@ int encrypt_finalize(yaca_context_h ctx, *output_len = loutput_len; - /* Fix for OpenSSL error in 3DES CFB1 */ - if (EVP_CIPHER_CTX_test_flags(c->cipher_ctx, EVP_CIPH_FLAG_LENGTH_BITS) != 0) - *output_len /= 8; - c->state = ENC_CTX_FINALIZED; return YACA_ERROR_NONE; } diff --git a/src/internal.h b/src/internal.h index 7cc5641..b395b66 100644 --- a/src/internal.h +++ b/src/internal.h @@ -41,31 +41,6 @@ #define API __attribute__ ((visibility("default"))) #define UNUSED __attribute__((unused)) -/* Functions that handle the hidden nature of internal - * OpenSSL structures that don't exist in OpenSSL < 1.1.0 - */ -#if OPENSSL_VERSION_NUMBER < 0x10100000L - -static inline EVP_PKEY_CTX *EVP_MD_CTX_pkey_ctx(const EVP_MD_CTX *ctx) -{ - return ctx->pctx; -} - -static inline int EVP_PKEY_up_ref(EVP_PKEY *pkey) -{ - if (CRYPTO_add(&pkey->references, 1, CRYPTO_LOCK_EVP_PKEY) <= 0) - return 0; - return 1; -} - -static inline RSA *EVP_PKEY_get0_RSA(EVP_PKEY *pkey) -{ - if (pkey->type != EVP_PKEY_RSA) - return NULL; - return pkey->pkey.rsa; -} - -#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */ enum yaca_context_type_e { YACA_CONTEXT_INVALID = 0,