diff -Nru openssl-ibmca-2.2.2/ChangeLog openssl-ibmca-2.2.3/ChangeLog --- openssl-ibmca-2.2.2/ChangeLog 2022-01-27 17:23:55.000000000 +0100 +++ openssl-ibmca-2.2.3/ChangeLog 2022-03-10 18:58:58.000000000 +0100 @@ -1,3 +1,6 @@ +* openssl-ibmca 2.2.3 +- Fix PKEY segfault with OpenSSL 3.0 + * openssl-ibmca 2.2.2 - Fix tests with OpenSSL 3.0 - Build against libica 4.0 diff -Nru openssl-ibmca-2.2.2/configure.ac openssl-ibmca-2.2.3/configure.ac --- openssl-ibmca-2.2.2/configure.ac 2022-01-27 17:23:55.000000000 +0100 +++ openssl-ibmca-2.2.3/configure.ac 2022-03-10 18:58:58.000000000 +0100 @@ -2,7 +2,7 @@ # Process this file with autoconf to produce a configure script. # See autoconf and autoscan online documentation for details. -AC_INIT([openssl-ibmca], [2.2.2], [opencryptoki-users@lists.sf.net]) +AC_INIT([openssl-ibmca], [2.2.3], [opencryptoki-users@lists.sf.net]) AC_CONFIG_SRCDIR([src/e_ibmca.c]) # sanity check AC_CONFIG_MACRO_DIR([m4]) AC_CONFIG_AUX_DIR([build-aux]) @@ -58,8 +58,10 @@ if test "x$usecexonly" = xyes; then defaultlib="libica-cex.so.$libicaversion" + ica="ica-cex" else defaultlib="libica.so.$libicaversion" + ica="ica" fi # In cex-only mode, testing the ciphers does not make any sense since # they will fall back to OpenSSL without the engine. So remove these @@ -67,6 +69,7 @@ AM_CONDITIONAL([FULL_LIBICA], [test "x$usecexonly" != xyes]) AC_DEFINE_UNQUOTED([LIBICA_SHARED_LIB],["$defaultlib"]) +AC_SUBST([ICA],["$ica"]) AC_CHECK_PROG([openssl_var],[openssl],[yes],[no]) if test "x$openssl_var" != xyes; then @@ -76,6 +79,7 @@ AC_CONFIG_FILES([ Makefile src/Makefile + src/test/Makefile.linux test/Makefile src/doc/Makefile]) diff -Nru openssl-ibmca-2.2.2/debian/changelog openssl-ibmca-2.2.3/debian/changelog --- openssl-ibmca-2.2.2/debian/changelog 2022-02-04 09:54:15.000000000 +0100 +++ openssl-ibmca-2.2.3/debian/changelog 2022-03-30 20:19:00.000000000 +0200 @@ -1,3 +1,20 @@ +openssl-ibmca (2.2.3-0ubuntu1) jammy; urgency=medium + + * New upstream release. LP: #1967141 + * The difference between 2.2.2 and 2.2.3 includes just these two fixes: + - "PKEY: Fix usage of ECX keys" + - "use correct libica for ibmca_mechaList_test" + Rather than adding these as quilt patches, raising the package to the + bugfix-only version that incl. them is preferable. + * For "PKEY: Fix usage of ECX keys" a backport of + "Fix compilation for OpenSSL 3.0" was needed: + d/p/e59cce5-Fix-compilation-for-OpenSSL-3.0.patch + * For convenience reasons a generated sample config is now included in + the package, as well as the optional configuration generator Perl script + 'ibmca-engine-opensslconfig', in case one wants/needs to re-generate. + + -- Frank Heimes Wed, 30 Mar 2022 19:19:00 +0100 + openssl-ibmca (2.2.2-0ubuntu1) jammy; urgency=medium * New upstream release. LP: #1960004 diff -Nru openssl-ibmca-2.2.2/debian/control openssl-ibmca-2.2.3/debian/control --- openssl-ibmca-2.2.2/debian/control 2022-02-04 09:54:15.000000000 +0100 +++ openssl-ibmca-2.2.3/debian/control 2022-03-30 20:19:00.000000000 +0200 @@ -1,7 +1,7 @@ Source: openssl-ibmca Priority: optional Maintainer: Dimitri John Ledkov -Build-Depends: debhelper (>=10), libica-dev, libssl-dev +Build-Depends: debhelper (>=10), libica-dev, libssl-dev, dh-autoreconf Standards-Version: 4.1.4 Section: libs Homepage: http://sourceforge.net/projects/opencryptoki/files/libica%20OpenSSL%20Engine diff -Nru openssl-ibmca-2.2.2/debian/openssl-ibmca.install openssl-ibmca-2.2.3/debian/openssl-ibmca.install --- openssl-ibmca-2.2.2/debian/openssl-ibmca.install 1970-01-01 01:00:00.000000000 +0100 +++ openssl-ibmca-2.2.3/debian/openssl-ibmca.install 2022-03-30 20:19:00.000000000 +0200 @@ -0,0 +1,2 @@ +# add the configuration generator script 'ibmca-engine-opensslconfig' to the package +src/ibmca-engine-opensslconfig /usr/bin/ diff -Nru openssl-ibmca-2.2.2/debian/patches/e59cce5-Fix-compilation-for-OpenSSL-3.0.patch openssl-ibmca-2.2.3/debian/patches/e59cce5-Fix-compilation-for-OpenSSL-3.0.patch --- openssl-ibmca-2.2.2/debian/patches/e59cce5-Fix-compilation-for-OpenSSL-3.0.patch 1970-01-01 01:00:00.000000000 +0100 +++ openssl-ibmca-2.2.3/debian/patches/e59cce5-Fix-compilation-for-OpenSSL-3.0.patch 2022-03-30 20:19:00.000000000 +0200 @@ -0,0 +1,84 @@ +From e59cce5af547cc4cbda2a1bce1eb2b89e959ae99 Mon Sep 17 00:00:00 2001 +From: Juergen Christ +Date: Mon, 21 Mar 2022 15:27:40 +0100 +Subject: [PATCH] Fix compilation for OpenSSL 3.0 + +ECX_KEY structure as used by engine is not public API in OpenSSL 3.0 and +should not be included via a private header. This forced the engine to only +compile if the OpenSSL 3.0 source tree is present. While this might be the +cleaner solution, we now copy out the defines to be used. This makes the +engine compile even without OpenSSL 3.0 source tree. + +Signed-off-by: Juergen Christ +(backported from commit e59cce5af547cc4cbda2a1bce1eb2b89e959ae99) +[Frank Heimes: Had to change the path src/engine/openssl-compat.h + back to src/openssl-compat.h.] +Signed-off-by: Frank Heimes + +Origin: upstream, https://github.com/opencryptoki/openssl-ibmca.gite59cce5 +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1967141 +Last-Update: 2022-03-31 + +--- + src/openssl-compat.h | 36 ++++++++++++++++++++++++++++-------- + 1 file changed, 28 insertions(+), 8 deletions(-) + +diff --git a/src/openssl-compat.h b/src/openssl-compat.h +index 0013365..aae40da 100644 +--- a/src/openssl-compat.h ++++ b/src/openssl-compat.h +@@ -19,9 +19,36 @@ + + #include + ++typedef enum { ++ ECX_KEY_TYPE_X25519, ++ ECX_KEY_TYPE_X448, ++ ECX_KEY_TYPE_ED25519, ++ ECX_KEY_TYPE_ED448 ++} ECX_KEY_TYPE; ++ + #ifdef OPENSSL_VERSION_PREREQ + /* This is 3.x */ +-#include ++ ++# define X25519_KEYLEN 32 ++# define X448_KEYLEN 56 ++# define ED25519_KEYLEN 32 ++# define ED448_KEYLEN 57 ++ ++# define MAX_KEYLEN ED448_KEYLEN ++ ++typedef int CRYPTO_REF_COUNT; ++ ++typedef struct ecx_key_st { ++ OSSL_LIB_CTX *libctx; ++ char *propq; ++ unsigned int haspubkey:1; ++ unsigned char pubkey[MAX_KEYLEN]; ++ unsigned char *privkey; ++ size_t keylen; ++ ECX_KEY_TYPE type; ++ CRYPTO_REF_COUNT references; ++ CRYPTO_RWLOCK *lock; ++} ECX_KEY; + + static inline ECX_KEY *ossl_ecx_key_new_simple(ECX_KEY_TYPE type) + { +@@ -94,13 +121,6 @@ typedef struct { + unsigned char *priv; + } ECX_KEY; + +-typedef enum { +- ECX_KEY_TYPE_X25519, +- ECX_KEY_TYPE_X448, +- ECX_KEY_TYPE_ED25519, +- ECX_KEY_TYPE_ED448 +-} ECX_KEY_TYPE; +- + static inline ECX_KEY *ossl_ecx_key_new_simple(ECX_KEY_TYPE type) + { + return calloc(1, sizeof(ECX_KEY)); +-- +2.25.1 + diff -Nru openssl-ibmca-2.2.2/debian/patches/series openssl-ibmca-2.2.3/debian/patches/series --- openssl-ibmca-2.2.2/debian/patches/series 2022-02-04 09:54:15.000000000 +0100 +++ openssl-ibmca-2.2.3/debian/patches/series 2022-03-30 20:19:00.000000000 +0200 @@ -1,2 +1,3 @@ openssl-config.patch testconf-openssl3.patch +e59cce5-Fix-compilation-for-OpenSSL-3.0.patch diff -Nru openssl-ibmca-2.2.2/debian/rules openssl-ibmca-2.2.3/debian/rules --- openssl-ibmca-2.2.2/debian/rules 2022-02-04 09:42:59.000000000 +0100 +++ openssl-ibmca-2.2.3/debian/rules 2022-03-30 20:19:00.000000000 +0200 @@ -7,6 +7,10 @@ override_dh_auto_configure: dh_auto_configure -- --libdir=/usr/lib/$(DEB_HOST_MULTIARCH)/engines-1.1 +override_dh_auto_build: + dh_auto_build + src/ibmca-engine-opensslconfig + override_dh_auto_install: dh_auto_install find debian -name '*.la' -delete diff -Nru openssl-ibmca-2.2.2/.gitignore openssl-ibmca-2.2.3/.gitignore --- openssl-ibmca-2.2.2/.gitignore 2022-01-27 17:23:55.000000000 +0100 +++ openssl-ibmca-2.2.3/.gitignore 2022-03-10 18:58:58.000000000 +0100 @@ -7,8 +7,11 @@ *.la *.o *.tar.gz +ibmca-engine-opensslconfig +ibmca_mechaList_test Makefile Makefile.in +Makefile.linux config.status config.log configure diff -Nru openssl-ibmca-2.2.2/openssl-ibmca.spec openssl-ibmca-2.2.3/openssl-ibmca.spec --- openssl-ibmca-2.2.2/openssl-ibmca.spec 2022-01-27 17:23:55.000000000 +0100 +++ openssl-ibmca-2.2.3/openssl-ibmca.spec 2022-03-10 18:58:58.000000000 +0100 @@ -1,7 +1,7 @@ %global enginesdir %(pkg-config --variable=enginesdir libcrypto) Name: openssl-ibmca -Version: 2.2.2 +Version: 2.2.3 Release: 1%{?dist} Summary: An IBMCA OpenSSL dynamic engine @@ -44,6 +44,9 @@ %{_mandir}/man5/ibmca.5* %changelog +* Thu Mar 10 2022 Juergen Christ 2.2.3 +- Update Version + * Thu Jan 27 2022 Juergen Christ 2.2.2 - Update Version diff -Nru openssl-ibmca-2.2.2/src/ibmca_pkey.c openssl-ibmca-2.2.3/src/ibmca_pkey.c --- openssl-ibmca-2.2.2/src/ibmca_pkey.c 2022-01-27 17:23:55.000000000 +0100 +++ openssl-ibmca-2.2.3/src/ibmca_pkey.c 2022-03-10 18:58:58.000000000 +0100 @@ -22,65 +22,7 @@ #include "ibmca.h" #include "e_ibmca_err.h" -/* - * copied from evp_int.h: - * missing set/get methods for opaque types. - */ - -typedef struct { - unsigned char pub[57]; - unsigned char *priv; -} ECX_KEY; - -typedef struct evp_pkey_method_st { - int pkey_id; - int flags; - int (*init) (EVP_PKEY_CTX *ctx); - int (*copy) (EVP_PKEY_CTX *dst, const EVP_PKEY_CTX *src); - void (*cleanup) (EVP_PKEY_CTX *ctx); - int (*paramgen_init) (EVP_PKEY_CTX *ctx); - int (*paramgen) (EVP_PKEY_CTX *ctx, EVP_PKEY *pkey); - int (*keygen_init) (EVP_PKEY_CTX *ctx); - int (*keygen) (EVP_PKEY_CTX *ctx, EVP_PKEY *pkey); - int (*sign_init) (EVP_PKEY_CTX *ctx); - int (*sign) (EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, - const unsigned char *tbs, size_t tbslen); - int (*verify_init) (EVP_PKEY_CTX *ctx); - int (*verify) (EVP_PKEY_CTX *ctx, - const unsigned char *sig, size_t siglen, - const unsigned char *tbs, size_t tbslen); - int (*verify_recover_init) (EVP_PKEY_CTX *ctx); - int (*verify_recover) (EVP_PKEY_CTX *ctx, - unsigned char *rout, size_t *routlen, - const unsigned char *sig, size_t siglen); - int (*signctx_init) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx); - int (*signctx) (EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, - EVP_MD_CTX *mctx); - int (*verifyctx_init) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx); - int (*verifyctx) (EVP_PKEY_CTX *ctx, const unsigned char *sig, int siglen, - EVP_MD_CTX *mctx); - int (*encrypt_init) (EVP_PKEY_CTX *ctx); - int (*encrypt) (EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen, - const unsigned char *in, size_t inlen); - int (*decrypt_init) (EVP_PKEY_CTX *ctx); - int (*decrypt) (EVP_PKEY_CTX *ctx, unsigned char *out, size_t *outlen, - const unsigned char *in, size_t inlen); - int (*derive_init) (EVP_PKEY_CTX *ctx); - int (*derive) (EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen); - int (*ctrl) (EVP_PKEY_CTX *ctx, int type, int p1, void *p2); - int (*ctrl_str) (EVP_PKEY_CTX *ctx, const char *type, const char *value); - int (*digestsign) (EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen, - const unsigned char *tbs, size_t tbslen); - int (*digestverify) (EVP_MD_CTX *ctx, const unsigned char *sig, - size_t siglen, const unsigned char *tbs, - size_t tbslen); - int (*check) (EVP_PKEY *pkey); - int (*public_check) (EVP_PKEY *pkey); - int (*param_check) (EVP_PKEY *pkey); - - int (*digest_custom) (EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx); -} EVP_PKEY_METHOD; - +#include "openssl-compat.h" ica_x25519_ctx_new_t p_ica_x25519_ctx_new; ica_x448_ctx_new_t p_ica_x448_ctx_new; @@ -136,16 +78,16 @@ goto ret; } - key = calloc(1, sizeof(ECX_KEY)); + key = ossl_ecx_key_new_simple(ECX_KEY_TYPE_X25519); private = calloc(1, sizeof(priv)); - if (key == NULL) { + if (key == NULL || private == NULL) { IBMCAerr(IBMCA_F_IBMCA_X25519_KEYGEN, IBMCA_R_PKEY_KEYGEN_FAILED); goto ret; } memcpy(private, priv, sizeof(priv)); - memcpy(key, pub, sizeof(pub)); - key->priv = private; + ossl_ecx_copypubkey(key, pub, sizeof(pub)); + ossl_ecx_set0_privkey(key, private); EVP_PKEY_assign(pkey, NID_X25519, key); rc = 1; @@ -199,12 +141,12 @@ goto ret; } - if (p_ica_x25519_key_set(ctx, key_ecx->priv, NULL) != 0) { + if (p_ica_x25519_key_set(ctx, ossl_ecx_get0_privkey(key_ecx), NULL) != 0) { IBMCAerr(IBMCA_F_IBMCA_X25519_DERIVE, IBMCA_R_PKEY_KEYS_NOT_SET); - goto ret;; + goto ret; } - if (p_ica_x25519_derive(ctx, key, peerkey_ecx->pub) != 0) + if (p_ica_x25519_derive(ctx, key, ossl_ecx_get0_pubkey(peerkey_ecx)) != 0) goto ret; rc = 1; @@ -236,16 +178,16 @@ goto ret; } - key = calloc(1, sizeof(ECX_KEY)); + key = ossl_ecx_key_new_simple(ECX_KEY_TYPE_X448); private = calloc(1, sizeof(priv)); - if (key == NULL) { + if (key == NULL || private == NULL) { IBMCAerr(IBMCA_F_IBMCA_X448_KEYGEN, IBMCA_R_PKEY_KEYGEN_FAILED); goto ret; } memcpy(private, priv, sizeof(priv)); - memcpy(key, pub, sizeof(pub)); - key->priv = private; + ossl_ecx_copypubkey(key, pub, sizeof(pub)); + ossl_ecx_set0_privkey(key, private); EVP_PKEY_assign(pkey, NID_X448, key); rc = 1; @@ -299,12 +241,12 @@ goto ret; } - if (p_ica_x448_key_set(ctx, key_ecx->priv, NULL) != 0) { + if (p_ica_x448_key_set(ctx, ossl_ecx_get0_privkey(key_ecx), NULL) != 0) { IBMCAerr(IBMCA_F_IBMCA_X448_DERIVE, IBMCA_R_PKEY_KEYS_NOT_SET); - goto ret;; + goto ret; } - if (p_ica_x448_derive(ctx, key, peerkey_ecx->pub) != 0) + if (p_ica_x448_derive(ctx, key, ossl_ecx_get0_pubkey(peerkey_ecx)) != 0) goto ret; rc = 1; @@ -341,16 +283,16 @@ goto ret; } - key = calloc(1, sizeof(ECX_KEY)); + key = ossl_ecx_key_new_simple(ECX_KEY_TYPE_ED25519); private = calloc(1, sizeof(priv)); - if (key == NULL) { + if (key == NULL || private == NULL) { IBMCAerr(IBMCA_F_IBMCA_ED25519_KEYGEN, IBMCA_R_PKEY_KEYGEN_FAILED); goto ret; } memcpy(private, priv, sizeof(priv)); - memcpy(key, pub, sizeof(pub)); - key->priv = private; + ossl_ecx_copypubkey(key, pub, sizeof(pub)); + ossl_ecx_set0_privkey(key, private); EVP_PKEY_assign(pkey, NID_ED25519, key); rc = 1; @@ -398,9 +340,9 @@ goto ret; } - if (p_ica_ed25519_key_set(ctx, key_ecx->priv, NULL) != 0) { + if (p_ica_ed25519_key_set(ctx, ossl_ecx_get0_privkey(key_ecx), NULL) != 0) { IBMCAerr(IBMCA_F_IBMCA_ED25519_SIGN, IBMCA_R_PKEY_KEYS_NOT_SET); - goto ret;; + goto ret; } if (p_ica_ed25519_sign(ctx, sig, tbs, tbslen) != 0) @@ -443,7 +385,7 @@ goto ret; } - if (p_ica_ed25519_key_set(ctx, NULL, key_ecx->pub) != 0) { + if (p_ica_ed25519_key_set(ctx, NULL, ossl_ecx_get0_pubkey(key_ecx)) != 0) { IBMCAerr(IBMCA_F_IBMCA_ED25519_VERIFY, IBMCA_R_PKEY_KEYS_NOT_SET); goto ret; } @@ -485,16 +427,16 @@ goto ret; } - key = calloc(1, sizeof(ECX_KEY)); + key = ossl_ecx_key_new_simple(ECX_KEY_TYPE_ED448); private = calloc(1, sizeof(priv)); - if (key == NULL) { + if (key == NULL || private == NULL) { IBMCAerr(IBMCA_F_IBMCA_ED448_KEYGEN, IBMCA_R_PKEY_KEYGEN_FAILED); goto ret; } memcpy(private, priv, sizeof(priv)); - memcpy(key, pub, sizeof(pub)); - key->priv = private; + ossl_ecx_copypubkey(key, pub, sizeof(pub)); + ossl_ecx_set0_privkey(key, private); EVP_PKEY_assign(pkey, NID_ED448, key); rc = 1; @@ -542,9 +484,9 @@ goto ret; } - if (p_ica_ed448_key_set(ctx, key_ecx->priv, NULL) != 0) { + if (p_ica_ed448_key_set(ctx, ossl_ecx_get0_privkey(key_ecx), NULL) != 0) { IBMCAerr(IBMCA_F_IBMCA_ED448_SIGN, IBMCA_R_PKEY_KEYS_NOT_SET); - goto ret;; + goto ret; } if (p_ica_ed448_sign(ctx, sig, tbs, tbslen) != 0) @@ -587,7 +529,7 @@ goto ret; } - if (p_ica_ed448_key_set(ctx, NULL, key_ecx->pub) != 0) { + if (p_ica_ed448_key_set(ctx, NULL, ossl_ecx_get0_pubkey(key_ecx)) != 0) { IBMCAerr(IBMCA_F_IBMCA_ED448_VERIFY, IBMCA_R_PKEY_KEYS_NOT_SET); goto ret; } @@ -665,8 +607,8 @@ EVP_PKEY_meth_set_ctrl(ibmca_ed25519_pmeth, ibmca_ed_ctrl, NULL); EVP_PKEY_meth_set_copy(ibmca_ed25519_pmeth, ibmca_ed25519_copy); EVP_PKEY_meth_set_keygen(ibmca_ed25519_pmeth, NULL, ibmca_ed25519_keygen); - ibmca_ed25519_pmeth->digestsign = ibmca_ed25519_sign; - ibmca_ed25519_pmeth->digestverify = ibmca_ed25519_verify; + EVP_PKEY_meth_set_digestsign(ibmca_ed25519_pmeth, ibmca_ed25519_sign); + EVP_PKEY_meth_set_digestverify(ibmca_ed25519_pmeth, ibmca_ed25519_verify); ret: return ibmca_ed25519_pmeth; @@ -684,8 +626,8 @@ EVP_PKEY_meth_set_ctrl(ibmca_ed448_pmeth, ibmca_ed_ctrl, NULL); EVP_PKEY_meth_set_copy(ibmca_ed448_pmeth, ibmca_ed448_copy); EVP_PKEY_meth_set_keygen(ibmca_ed448_pmeth, NULL, ibmca_ed448_keygen); - ibmca_ed448_pmeth->digestsign = ibmca_ed448_sign; - ibmca_ed448_pmeth->digestverify = ibmca_ed448_verify; + EVP_PKEY_meth_set_digestsign(ibmca_ed448_pmeth, ibmca_ed448_sign); + EVP_PKEY_meth_set_digestverify(ibmca_ed448_pmeth, ibmca_ed448_verify); ret: return ibmca_ed448_pmeth; diff -Nru openssl-ibmca-2.2.2/src/Makefile.am openssl-ibmca-2.2.3/src/Makefile.am --- openssl-ibmca-2.2.2/src/Makefile.am 2022-01-27 17:23:55.000000000 +0100 +++ openssl-ibmca-2.2.3/src/Makefile.am 2022-03-10 18:58:58.000000000 +0100 @@ -1,4 +1,4 @@ -VERSION = 2:2:2 +VERSION = 2:2:3 lib_LTLIBRARIES=ibmca.la diff -Nru openssl-ibmca-2.2.2/src/openssl-compat.h openssl-ibmca-2.2.3/src/openssl-compat.h --- openssl-ibmca-2.2.2/src/openssl-compat.h 1970-01-01 01:00:00.000000000 +0100 +++ openssl-ibmca-2.2.3/src/openssl-compat.h 2022-03-10 18:58:58.000000000 +0100 @@ -0,0 +1,131 @@ +/* + * Copyright 2022 International Business Machines Corp. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef IBMCA_OPENSSL_COMPAT_H +#define IBMCA_OPENSSL_COMPAT_H + +#include + +#ifdef OPENSSL_VERSION_PREREQ +/* This is 3.x */ +#include + +static inline ECX_KEY *ossl_ecx_key_new_simple(ECX_KEY_TYPE type) +{ + ECX_KEY *ret = OPENSSL_zalloc(sizeof(*ret)); + + if (ret == NULL) + return NULL; + + ret->libctx = NULL; + ret->haspubkey = 0; + switch (type) { + case ECX_KEY_TYPE_X25519: + ret->keylen = X25519_KEYLEN; + break; + case ECX_KEY_TYPE_X448: + ret->keylen = X448_KEYLEN; + break; + case ECX_KEY_TYPE_ED25519: + ret->keylen = ED25519_KEYLEN; + break; + case ECX_KEY_TYPE_ED448: + ret->keylen = ED448_KEYLEN; + break; + } + ret->type = type; + ret->references = 1; + + ret->lock = CRYPTO_THREAD_lock_new(); + if (ret->lock == NULL) + goto err; + return ret; +err: + OPENSSL_free(ret); + return NULL; +} + +static inline void ossl_ecx_set0_privkey(ECX_KEY *key, unsigned char *privkey) +{ + key->privkey = privkey; +} + +static inline unsigned char *ossl_ecx_get0_privkey(ECX_KEY *key) +{ + return key->privkey; +} + +static inline unsigned char *ossl_ecx_get0_pubkey(ECX_KEY *key) +{ + return key->pubkey; +} + +static inline void ossl_ecx_copypubkey(ECX_KEY *key, unsigned char *pubkey, size_t len) +{ + memcpy(key->pubkey, pubkey, len); + key->haspubkey = 1; +} + +#else +/* This is 1.1.x */ + +#include + +/* + * copied from evp_int.h: + * missing set/get methods for opaque types. + */ + +typedef struct { + unsigned char pub[57]; + unsigned char *priv; +} ECX_KEY; + +typedef enum { + ECX_KEY_TYPE_X25519, + ECX_KEY_TYPE_X448, + ECX_KEY_TYPE_ED25519, + ECX_KEY_TYPE_ED448 +} ECX_KEY_TYPE; + +static inline ECX_KEY *ossl_ecx_key_new_simple(ECX_KEY_TYPE type) +{ + return calloc(1, sizeof(ECX_KEY)); +} + +static inline void ossl_ecx_set0_privkey(ECX_KEY *key, unsigned char *privkey) +{ + key->priv = privkey; +} + +static inline unsigned char *ossl_ecx_get0_privkey(ECX_KEY *key) +{ + return key->priv; +} + +static inline unsigned char *ossl_ecx_get0_pubkey(ECX_KEY *key) +{ + return key->pub; +} + +static inline void ossl_ecx_copypubkey(ECX_KEY *key, unsigned char *pubkey, size_t len) +{ + memcpy(key->pub, pubkey, len); +} + +#endif + +#endif diff -Nru openssl-ibmca-2.2.2/src/test/Makefile.linux openssl-ibmca-2.2.3/src/test/Makefile.linux --- openssl-ibmca-2.2.2/src/test/Makefile.linux 2022-01-27 17:23:55.000000000 +0100 +++ openssl-ibmca-2.2.3/src/test/Makefile.linux 1970-01-01 01:00:00.000000000 +0100 @@ -1,14 +0,0 @@ -PTS = -O0 -g -Wall -fprofile-arcs -ftest-coverage -fPIC -#OPTS = -O0 -g -Wall -m31 -D_LINUX_S390_ -OPTS = -O0 -g -Wall -D_LINUX_S390_ -std=gnu99 - -TARGETS = ibmca_mechaList_test - -all: $(TARGETS) - -# Every target is created from a single .c file. -%: %.c - gcc $(OPTS) -o $@ $^ -lica -lcrypto - -clean: - rm -f $(TARGETS) diff -Nru openssl-ibmca-2.2.2/src/test/Makefile.linux.in openssl-ibmca-2.2.3/src/test/Makefile.linux.in --- openssl-ibmca-2.2.2/src/test/Makefile.linux.in 1970-01-01 01:00:00.000000000 +0100 +++ openssl-ibmca-2.2.3/src/test/Makefile.linux.in 2022-03-10 18:58:58.000000000 +0100 @@ -0,0 +1,14 @@ +PTS = -O0 -g -Wall -fprofile-arcs -ftest-coverage -fPIC +#OPTS = -O0 -g -Wall -m31 -D_LINUX_S390_ +OPTS = -O0 -g -Wall -D_LINUX_S390_ -std=gnu99 + +TARGETS = ibmca_mechaList_test + +all: $(TARGETS) + +# Every target is created from a single .c file. +%: %.c + gcc $(OPTS) -o $@ $^ -l@ICA@ -lcrypto + +clean: + rm -f $(TARGETS)