From 841c5f539e8459a1d2a2ce9b4dccfd7d43441a19 Mon Sep 17 00:00:00 2001 From: Aveen Ismail Date: Tue, 20 Aug 2024 23:16:42 +0200 Subject: [PATCH] Only run ED25519 and X25519 related code if the OpenSSL version is compatible --- common/util.c | 2 ++ ykcs11/mechanisms.c | 3 ++- ykcs11/openssl_utils.c | 8 ++++++++ 3 files changed, 12 insertions(+), 1 deletion(-) diff --git a/common/util.c b/common/util.c index bdbe6073..8701ae24 100644 --- a/common/util.c +++ b/common/util.c @@ -327,10 +327,12 @@ int get_curve_name(int key_algorithm) { return NID_X9_62_prime256v1; } else if(key_algorithm == YKPIV_ALGO_ECCP384) { return NID_secp384r1; +#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) } else if(key_algorithm == YKPIV_ALGO_ED25519) { return NID_ED25519; } else if(key_algorithm == YKPIV_ALGO_X25519) { return NID_X25519; +#endif } return 0; } diff --git a/ykcs11/mechanisms.c b/ykcs11/mechanisms.c index e0abfc67..1999d40e 100644 --- a/ykcs11/mechanisms.c +++ b/ykcs11/mechanisms.c @@ -489,7 +489,7 @@ CK_RV verify_mechanism_init(ykcs11_session_t *session, ykcs11_pkey_t *key, CK_ME CK_RV verify_mechanism_final(ykcs11_session_t *session, CK_BYTE_PTR sig, CK_ULONG sig_len) { int rc; - +#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) if (session->op_info.mechanism == CKM_EDDSA) { rc = EVP_DigestVerify(session->op_info.md_ctx, sig, sig_len, session->op_info.buf, session->op_info.buf_len); if(rc <= 0) { @@ -498,6 +498,7 @@ CK_RV verify_mechanism_final(ykcs11_session_t *session, CK_BYTE_PTR sig, CK_ULON } return CKR_OK; } +#endif CK_BYTE der[1024] = {0}; if(!session->op_info.op.verify.padding) { diff --git a/ykcs11/openssl_utils.c b/ykcs11/openssl_utils.c index e6208a74..8d97bf51 100644 --- a/ykcs11/openssl_utils.c +++ b/ykcs11/openssl_utils.c @@ -307,6 +307,7 @@ CK_RV do_create_public_key(CK_BYTE_PTR in, CK_ULONG in_len, CK_ULONG algorithm, if (YKPIV_IS_EC(algorithm)) { int curve_name = get_curve_name(algorithm); return do_create_ec_key(in, len, curve_name, pkey); +#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) } else if (YKPIV_IS_25519(algorithm)) { if (algorithm == YKPIV_ALGO_ED25519) { *pkey = EVP_PKEY_new_raw_public_key(EVP_PKEY_ED25519, NULL, in, len); @@ -317,6 +318,7 @@ CK_RV do_create_public_key(CK_BYTE_PTR in, CK_ULONG in_len, CK_ULONG algorithm, return CKR_HOST_MEMORY; } return CKR_OK; +#endif } } DBG("Unsupported key algorithm"); @@ -531,10 +533,12 @@ CK_KEY_TYPE do_get_key_type(ykcs11_pkey_t *key) { return CKK_RSA; case EVP_PKEY_EC: return CKK_EC; +#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) case EVP_PKEY_ED25519: return CKK_EC_EDWARDS; case EVP_PKEY_X25519: return CKK_EC_MONTGOMERY; +#endif } } return CKK_VENDOR_DEFINED; // Actually an error @@ -555,7 +559,9 @@ CK_ULONG do_get_signature_size(ykcs11_pkey_t *key) { case EVP_PKEY_RSA: return EVP_PKEY_size(key); case EVP_PKEY_EC: +#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) case EVP_PKEY_ED25519: +#endif switch(EVP_PKEY_bits(key)) { case 256: return 64; @@ -589,10 +595,12 @@ CK_BYTE do_get_key_algorithm(ykcs11_pkey_t *key) { case 384: return YKPIV_ALGO_ECCP384; } +#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) case EVP_PKEY_ED25519: return YKPIV_ALGO_ED25519; case EVP_PKEY_X25519: return YKPIV_ALGO_X25519; +#endif } } return 0;