From 7e1fbace7bff8a49239d7af8aa9976430c9b15b2 Mon Sep 17 00:00:00 2001 From: Aveen Ismail Date: Fri, 19 Jan 2024 01:07:43 +0100 Subject: [PATCH] Compile ED25519 and X25519 only when building with OpenSSL 1.1 --- common/util.c | 6 ++++++ lib/util.c | 2 ++ lib/ykpiv.c | 4 ++++ tool/yubico-piv-tool.c | 6 ++++++ 4 files changed, 18 insertions(+) diff --git a/common/util.c b/common/util.c index a886fe33..0ab5cdac 100644 --- a/common/util.c +++ b/common/util.c @@ -111,10 +111,12 @@ unsigned char get_algorithm(EVP_PKEY *key) { return 0; } } +#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) case EVP_PKEY_ED25519: return YKPIV_ALGO_ED25519; case EVP_PKEY_X25519: return YKPIV_ALGO_X25519; +#endif default: fprintf(stderr, "Unknown algorithm %d.\n", type); return 0; @@ -524,10 +526,12 @@ int get_hashnid(enum enum_hash hash, unsigned char algorithm) { default: return 0; } +#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) case YKPIV_ALGO_ED25519: return NID_ED25519; case YKPIV_ALGO_X25519: return NID_X25519; +#endif default: return 0; } @@ -547,10 +551,12 @@ unsigned char get_piv_algorithm(enum enum_algorithm algorithm) { return YKPIV_ALGO_ECCP256; case algorithm_arg_ECCP384: return YKPIV_ALGO_ECCP384; +#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) case algorithm_arg_ED25519: return YKPIV_ALGO_ED25519; case algorithm_arg_X25519: return YKPIV_ALGO_X25519; +#endif case algorithm__NULL: default: return 0; diff --git a/lib/util.c b/lib/util.c index 42998d85..8a6d7baf 100644 --- a/lib/util.c +++ b/lib/util.c @@ -818,8 +818,10 @@ ykpiv_rc ykpiv_util_generate_key(ykpiv_state *state, uint8_t slot, uint8_t algor case YKPIV_ALGO_ECCP256: case YKPIV_ALGO_ECCP384: +#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) case YKPIV_ALGO_ED25519: case YKPIV_ALGO_X25519: +#endif if (!point || !point_len) { DBG("Invalid output parameter for ECC algorithm"); return YKPIV_ARGUMENT_ERROR; diff --git a/lib/ykpiv.c b/lib/ykpiv.c index 53045dd5..20534501 100644 --- a/lib/ykpiv.c +++ b/lib/ykpiv.c @@ -1223,8 +1223,10 @@ static ykpiv_rc _general_authenticate(ykpiv_state *state, } break; case YKPIV_ALGO_ECCP256: +#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) case YKPIV_ALGO_ED25519: case YKPIV_ALGO_X25519: +#endif key_len = 32; // fall through case YKPIV_ALGO_ECCP384: @@ -1969,6 +1971,7 @@ ykpiv_rc ykpiv_import_private_key(ykpiv_state *state, const unsigned char key, u param_tag = 0x06; n_params = 1; } +#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) else if (YKPIV_IS_25519(algorithm)) { elem_len = 32; if (ec_data == NULL) @@ -1983,6 +1986,7 @@ ykpiv_rc ykpiv_import_private_key(ykpiv_state *state, const unsigned char key, u } n_params = 1; } +#endif else return YKPIV_ALGORITHM_ERROR; diff --git a/tool/yubico-piv-tool.c b/tool/yubico-piv-tool.c index 12fe1c90..aa9a19a1 100644 --- a/tool/yubico-piv-tool.c +++ b/tool/yubico-piv-tool.c @@ -252,11 +252,13 @@ static EVP_PKEY* wrap_public_key(ykpiv_state *state, int algorithm, EVP_PKEY *pu fprintf(stderr, "Failed to wrap public EC key\n"); } EVP_PKEY_assign_EC_KEY(pkey, sk); +#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) } else if (algorithm == YKPIV_ALGO_ED25519) { EVP_PKEY_assign(pkey, EVP_PKEY_ED25519, public_key); } else if (algorithm == YKPIV_ALGO_X25519) { EVP_PKEY_assign(pkey, EVP_PKEY_X25519, public_key); } +#endif return pkey; } #endif @@ -372,12 +374,14 @@ static bool generate_key(ykpiv_state *state, enum enum_slot slot, } } break; +#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) case algorithm_arg_ED25519: public_key = EVP_PKEY_new_raw_public_key(EVP_PKEY_ED25519, NULL, point, point_len); break; case algorithm_arg_X25519: public_key = EVP_PKEY_new_raw_public_key(EVP_PKEY_X25519, NULL, point, point_len); break; +#endif default: fprintf(stderr, "Wrong algorithm.\n"); } @@ -1661,12 +1665,14 @@ static void print_cert_info(ykpiv_state *state, enum enum_slot slot, const EVP_M case YKPIV_ALGO_ECCP384: fprintf(output, "ECCP384\n"); break; +#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) case YKPIV_ALGO_ED25519: fprintf(output, "ED25519\n"); break; case YKPIV_ALGO_X25519: fprintf(output, "X25519\n"); break; +#endif default: fprintf(output, "Unknown\n"); }