Merge pull request #506 from Yubico/edx_openssl_version

Only run ED25519 and X25519 related code if the OpenSSL version is compatible
Yubico · Aug 20, 2024 · 06ccdfa · 06ccdfa
2 parents 3a26f80 + 841c5f5
commit 06ccdfa
Show file tree

Hide file tree

Showing 3 changed files with 12 additions and 1 deletion.
diff --git a/common/util.c b/common/util.c
@@ -327,10 +327,12 @@ int get_curve_name(int key_algorithm) {
     return NID_X9_62_prime256v1;
   } else if(key_algorithm == YKPIV_ALGO_ECCP384) {
     return NID_secp384r1;
+#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
   } else if(key_algorithm == YKPIV_ALGO_ED25519) {
     return NID_ED25519;
   } else if(key_algorithm == YKPIV_ALGO_X25519) {
     return NID_X25519;
+#endif
   }
   return 0;
 }

diff --git a/ykcs11/mechanisms.c b/ykcs11/mechanisms.c
@@ -489,7 +489,7 @@ CK_RV verify_mechanism_init(ykcs11_session_t *session, ykcs11_pkey_t *key, CK_ME
 CK_RV verify_mechanism_final(ykcs11_session_t *session, CK_BYTE_PTR sig, CK_ULONG sig_len) {
 
   int rc;
-
+#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
   if (session->op_info.mechanism == CKM_EDDSA) {
     rc = EVP_DigestVerify(session->op_info.md_ctx, sig, sig_len, session->op_info.buf, session->op_info.buf_len);
     if(rc <= 0) {
@@ -498,6 +498,7 @@ CK_RV verify_mechanism_final(ykcs11_session_t *session, CK_BYTE_PTR sig, CK_ULON
     }
     return CKR_OK;
   }
+#endif
 
   CK_BYTE der[1024] = {0};
   if(!session->op_info.op.verify.padding) {

diff --git a/ykcs11/openssl_utils.c b/ykcs11/openssl_utils.c
@@ -307,6 +307,7 @@ CK_RV do_create_public_key(CK_BYTE_PTR in, CK_ULONG in_len, CK_ULONG algorithm,
     if (YKPIV_IS_EC(algorithm)) {
       int curve_name = get_curve_name(algorithm);
       return do_create_ec_key(in, len, curve_name, pkey);
+#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
     } else if (YKPIV_IS_25519(algorithm)) {
       if (algorithm == YKPIV_ALGO_ED25519) {
         *pkey = EVP_PKEY_new_raw_public_key(EVP_PKEY_ED25519, NULL, in, len);
@@ -317,6 +318,7 @@ CK_RV do_create_public_key(CK_BYTE_PTR in, CK_ULONG in_len, CK_ULONG algorithm,
         return CKR_HOST_MEMORY;
       }
       return CKR_OK;
+#endif
     }
   }
   DBG("Unsupported key algorithm");
@@ -531,10 +533,12 @@ CK_KEY_TYPE do_get_key_type(ykcs11_pkey_t *key) {
       return CKK_RSA;
     case EVP_PKEY_EC:
       return CKK_EC;
+#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
     case EVP_PKEY_ED25519:
       return CKK_EC_EDWARDS;
     case EVP_PKEY_X25519:
       return CKK_EC_MONTGOMERY;
+#endif
     }
   }
   return CKK_VENDOR_DEFINED; // Actually an error
@@ -555,7 +559,9 @@ CK_ULONG do_get_signature_size(ykcs11_pkey_t *key) {
     case EVP_PKEY_RSA:
       return EVP_PKEY_size(key);
     case EVP_PKEY_EC:
+#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
     case EVP_PKEY_ED25519:
+#endif
       switch(EVP_PKEY_bits(key)) {
       case 256:
         return 64;
@@ -589,10 +595,12 @@ CK_BYTE do_get_key_algorithm(ykcs11_pkey_t *key) {
       case 384:
         return YKPIV_ALGO_ECCP384;
       }
+#if (OPENSSL_VERSION_NUMBER >= 0x10100000L)
     case EVP_PKEY_ED25519:
       return YKPIV_ALGO_ED25519;
     case EVP_PKEY_X25519:
       return YKPIV_ALGO_X25519;
+#endif
     }
   }
   return 0;