Accepting request 1220027 from security

OBS-URL: https://build.opensuse.org/request/show/1220027
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/AusweisApp?expand=0&rev=12

0001-use-legacy-openssl-api.patch

@@ -0,0 +1,532 @@
+From 360d75e9ac2977a99b3e45e0e472a0abb02655cf Mon Sep 17 00:00:00 2001
+From: rpm-build <rpm-build>
+Date: Thu, 4 Jul 2024 20:10:17 +0200
+Subject: [PATCH] AusweisApp2-2.0.1-use-legacy-openssl-api.patch
+
+---
+ src/card/base/asn1/EcdsaPublicKey.cpp        |  39 ------
+ src/card/base/asn1/EcdsaPublicKey.h          |   6 +-
+ src/card/base/pace/ec/EcdhGenericMapping.cpp |  15 ---
+ src/card/base/pace/ec/EcdhGenericMapping.h   |   4 -
+ src/card/base/pace/ec/EcdhKeyAgreement.cpp   |   7 -
+ src/card/base/pace/ec/EcUtil.cpp             | 134 -------------------
+ src/card/base/pace/ec/EcUtil.h               |  12 --
+ src/card/simulator/SimulatorCard.cpp         |  45 +------
+ src/card/simulator/SimulatorCard.h           |   4 -
+ src/card/simulator/SimulatorFileSystem.cpp   |   9 --
+ src/card/simulator/SimulatorFileSystem.h     |   4 -
+ 11 files changed, 2 insertions(+), 277 deletions(-)
+
+diff --git a/src/card/base/asn1/EcdsaPublicKey.cpp b/src/card/base/asn1/EcdsaPublicKey.cpp
+index ea07eda..0f19c11 100644
+--- a/src/card/base/asn1/EcdsaPublicKey.cpp
++++ b/src/card/base/asn1/EcdsaPublicKey.cpp
+@@ -182,7 +182,6 @@ QByteArray EcdsaPublicKey::getUncompressedPublicPoint() const
+ }
+ 
+ 
+-#if OPENSSL_VERSION_NUMBER < 0x30000000L
+ QSharedPointer<EC_GROUP> EcdsaPublicKey::createGroup(const CurveData& pData) const
+ {
+ 	QSharedPointer<EC_GROUP> group = EcUtil::create(EC_GROUP_new_curve_GFp(pData.p.data(), pData.a.data(), pData.b.data(), nullptr));
+@@ -209,8 +208,6 @@ QSharedPointer<EC_GROUP> EcdsaPublicKey::createGroup(const CurveData& pData) con
+ }
+ 
+ 
+-#endif
+-
+ QSharedPointer<EVP_PKEY> EcdsaPublicKey::createKey(const QByteArray& pPublicPoint) const
+ {
+ 	return createKey(reinterpret_cast<const uchar*>(pPublicPoint.constData()), static_cast<int>(pPublicPoint.size()));
+@@ -239,7 +236,6 @@ QSharedPointer<EVP_PKEY> EcdsaPublicKey::createKey(const uchar* pPublicPoint, in
+ 		return nullptr;
+ 	}
+ 
+-#if OPENSSL_VERSION_NUMBER < 0x30000000L
+ 	const auto& group = createGroup(curveData);
+ 	if (group.isNull())
+ 	{
+@@ -275,39 +271,4 @@ QSharedPointer<EVP_PKEY> EcdsaPublicKey::createKey(const uchar* pPublicPoint, in
+ 
+ 	return key;
+ 
+-#else
+-	const auto& params = EcUtil::create([&curveData, pPublicPoint, pPublicPointLength, this](OSSL_PARAM_BLD* pBuilder){
+-			return OSSL_PARAM_BLD_push_BN(pBuilder, "p", curveData.p.data())
+-				   && OSSL_PARAM_BLD_push_BN(pBuilder, "a", curveData.a.data())
+-				   && OSSL_PARAM_BLD_push_BN(pBuilder, "b", curveData.b.data())
+-				   && OSSL_PARAM_BLD_push_BN(pBuilder, "order", curveData.order.data())
+-				   && OSSL_PARAM_BLD_push_BN(pBuilder, "cofactor", curveData.cofactor.data())
+-				   && OSSL_PARAM_BLD_push_octet_string(pBuilder, "pub", pPublicPoint, static_cast<size_t>(pPublicPointLength))
+-				   && OSSL_PARAM_BLD_push_octet_string(pBuilder, "generator", mBasePoint->data, static_cast<size_t>(mBasePoint->length))
+-				   && OSSL_PARAM_BLD_push_utf8_string(pBuilder, "field-type", "prime-field", 12);
+-		});
+-
+-	if (params == nullptr)
+-	{
+-		qCCritical(card) << "Cannot set parameter";
+-		return nullptr;
+-	}
+-
+-	auto ctx = EcUtil::create(EVP_PKEY_CTX_new_from_name(nullptr, "EC", nullptr));
+-	if (!EVP_PKEY_fromdata_init(ctx.data()))
+-	{
+-		qCCritical(card) << "Cannot init pkey";
+-		return nullptr;
+-	}
+-
+-	EVP_PKEY* key = nullptr;
+-	if (!EVP_PKEY_fromdata(ctx.data(), &key, EVP_PKEY_PUBLIC_KEY, params.data()))
+-	{
+-		qCCritical(card) << "Cannot fetch data for pkey";
+-		return nullptr;
+-	}
+-
+-	return EcUtil::create(key);
+-
+-#endif
+ }
+diff --git a/src/card/base/asn1/EcdsaPublicKey.h b/src/card/base/asn1/EcdsaPublicKey.h
+index 36f768e..45f78ec 100644
+--- a/src/card/base/asn1/EcdsaPublicKey.h
++++ b/src/card/base/asn1/EcdsaPublicKey.h
+@@ -13,9 +13,7 @@
+ #include <openssl/asn1t.h>
+ #include <openssl/evp.h>
+ 
+-#if OPENSSL_VERSION_NUMBER < 0x30000000L
+-	#include <openssl/ec.h>
+-#endif
++#include <openssl/ec.h>
+ 
+ 
+ namespace governikus
+@@ -105,9 +103,7 @@ using EcdsaPublicKey = struct ecdsapublickey_st
+ 
+ 		[[nodiscard]] CurveData createCurveData() const;
+ 		[[nodiscard]] QSharedPointer<EVP_PKEY> createKey(const uchar* pPublicPoint, int pPublicPointLength) const;
+-#if OPENSSL_VERSION_NUMBER < 0x30000000L
+ 		[[nodiscard]] QSharedPointer<EC_GROUP> createGroup(const CurveData& pData) const;
+-#endif
+ 
+ 	public:
+ 		static int decodeCallback(int pOperation, ASN1_VALUE** pVal, const ASN1_ITEM* pIt, void* pExarg);
+diff --git a/src/card/base/pace/ec/EcdhGenericMapping.cpp b/src/card/base/pace/ec/EcdhGenericMapping.cpp
+index 3e2d1d4..1a8e6a2 100644
+--- a/src/card/base/pace/ec/EcdhGenericMapping.cpp
++++ b/src/card/base/pace/ec/EcdhGenericMapping.cpp
+@@ -37,13 +37,8 @@ QByteArray EcdhGenericMapping::generateLocalMappingData()
+ 
+ 	mLocalKey = EcUtil::generateKey(mCurve);
+ 
+-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+-	return EcUtil::getEncodedPublicKey(mLocalKey);
+-
+-#else
+ 	return EcUtil::point2oct(mCurve, EC_KEY_get0_public_key(mLocalKey.data()));
+ 
+-#endif
+ }
+ 
+ 
+@@ -56,12 +51,7 @@ bool EcdhGenericMapping::generateEphemeralDomainParameters(const QByteArray& pRe
+ 		return false;
+ 	}
+ 
+-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+-	const QSharedPointer<const EC_POINT> localPubKeyPtr = EcUtil::oct2point(mCurve, EcUtil::getEncodedPublicKey(mLocalKey));
+-	const EC_POINT* localPubKey = localPubKeyPtr.data();
+-#else
+ 	const EC_POINT* localPubKey = EC_KEY_get0_public_key(mLocalKey.data());
+-#endif
+ 	if (!EC_POINT_cmp(mCurve.data(), localPubKey, remotePubKey.data(), nullptr))
+ 	{
+ 		qCCritical(card) << "The exchanged public keys are equal.";
+@@ -81,12 +71,7 @@ bool EcdhGenericMapping::generateEphemeralDomainParameters(const QByteArray& pRe
+ 
+ QSharedPointer<EC_POINT> EcdhGenericMapping::createNewGenerator(const QSharedPointer<const EC_POINT>& pRemotePubKey, const QSharedPointer<const BIGNUM>& pS)
+ {
+-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+-	const auto& privKeyPtr = EcUtil::getPrivateKey(mLocalKey);
+-	const BIGNUM* privKey = privKeyPtr.data();
+-#else
+ 	const BIGNUM* privKey = EC_KEY_get0_private_key(mLocalKey.data());
+-#endif
+ 
+ 	if (!privKey)
+ 	{
+diff --git a/src/card/base/pace/ec/EcdhGenericMapping.h b/src/card/base/pace/ec/EcdhGenericMapping.h
+index bdfa5a8..dea4bf0 100644
+--- a/src/card/base/pace/ec/EcdhGenericMapping.h
++++ b/src/card/base/pace/ec/EcdhGenericMapping.h
+@@ -22,11 +22,7 @@ class EcdhGenericMapping
+ 
+ 	private:
+ 		const QSharedPointer<EC_GROUP> mCurve;
+-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+-		QSharedPointer<EVP_PKEY> mLocalKey;
+-#else
+ 		QSharedPointer<EC_KEY> mLocalKey;
+-#endif
+ 
+ 		QSharedPointer<EC_POINT> createNewGenerator(const QSharedPointer<const EC_POINT>& pRemotePubKey, const QSharedPointer<const BIGNUM>& pS);
+ 
+diff --git a/src/card/base/pace/ec/EcdhKeyAgreement.cpp b/src/card/base/pace/ec/EcdhKeyAgreement.cpp
+index 0f0ae09..45c8a76 100644
+--- a/src/card/base/pace/ec/EcdhKeyAgreement.cpp
++++ b/src/card/base/pace/ec/EcdhKeyAgreement.cpp
+@@ -96,15 +96,8 @@ KeyAgreement::CardResult EcdhKeyAgreement::performKeyExchange()
+ 		return {CardReturnCode::PROTOCOL_ERROR};
+ 	}
+ 
+-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+-	const QByteArray terminalEphemeralPublicKeyBytes = EcUtil::getEncodedPublicKey(terminalEphemeralKey);
+-
+-	const auto& privKeyPtr = EcUtil::getPrivateKey(terminalEphemeralKey);
+-	const BIGNUM* terminalEphemeralPrivateKey = privKeyPtr.data();
+-#else
+ 	const QByteArray terminalEphemeralPublicKeyBytes = EcUtil::point2oct(curve, EC_KEY_get0_public_key(terminalEphemeralKey.data()));
+ 	const BIGNUM* const terminalEphemeralPrivateKey = EC_KEY_get0_private_key(terminalEphemeralKey.data());
+-#endif
+ 
+ 	// Make a copy of the terminal public key for later mutual authentication.
+ 	mTerminalPublicKey = EcUtil::oct2point(curve, terminalEphemeralPublicKeyBytes);
+diff --git a/src/card/base/pace/ec/EcUtil.cpp b/src/card/base/pace/ec/EcUtil.cpp
+index 10db88f..5c0ff53 100644
+--- a/src/card/base/pace/ec/EcUtil.cpp
++++ b/src/card/base/pace/ec/EcUtil.cpp
+@@ -103,137 +103,6 @@ QSharedPointer<EC_POINT> EcUtil::oct2point(const QSharedPointer<const EC_GROUP>&
+ }
+ 
+ 
+-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+-QByteArray EcUtil::getEncodedPublicKey(const QSharedPointer<EVP_PKEY>& pKey)
+-{
+-	if (pKey.isNull())
+-	{
+-		qCCritical(card) << "Cannot use undefined key";
+-		return nullptr;
+-	}
+-
+-	uchar* key = nullptr;
+-	const size_t length = EVP_PKEY_get1_encoded_public_key(pKey.data(), &key);
+-	const auto guard = qScopeGuard([key] {
+-			OPENSSL_free(key);
+-		});
+-
+-	return length > 0 ? QByteArray(reinterpret_cast<char*>(key), static_cast<int>(length)) : QByteArray();
+-}
+-
+-
+-QSharedPointer<BIGNUM> EcUtil::getPrivateKey(const QSharedPointer<const EVP_PKEY>& pKey)
+-{
+-	BIGNUM* privKey = nullptr;
+-	EVP_PKEY_get_bn_param(pKey.data(), "priv", &privKey);
+-	return EcUtil::create(privKey);
+-}
+-
+-
+-QSharedPointer<OSSL_PARAM> EcUtil::create(const std::function<bool(OSSL_PARAM_BLD* pBuilder)>& pFunc)
+-{
+-	OSSL_PARAM_BLD* bld = OSSL_PARAM_BLD_new();
+-	const auto guard = qScopeGuard([bld] {
+-			OSSL_PARAM_BLD_free(bld);
+-		});
+-
+-	if (bld == nullptr)
+-	{
+-		qCCritical(card) << "Cannot create parameter builder";
+-		return nullptr;
+-	}
+-
+-	if (OSSL_PARAM* params = nullptr;
+-			pFunc(bld) && (params = OSSL_PARAM_BLD_to_param(bld)) != nullptr)
+-	{
+-		static auto deleter = [](OSSL_PARAM* pParam)
+-				{
+-					OSSL_PARAM_free(pParam);
+-				};
+-
+-		return QSharedPointer<OSSL_PARAM>(params, deleter);
+-	}
+-
+-	qCCritical(card) << "Cannot create parameter";
+-	return nullptr;
+-}
+-
+-
+-QSharedPointer<EVP_PKEY> EcUtil::generateKey(const QSharedPointer<const EC_GROUP>& pCurve)
+-{
+-	if (pCurve.isNull())
+-	{
+-		qCCritical(card) << "Curve is undefined";
+-		return nullptr;
+-	}
+-
+-	auto generator = EcUtil::point2oct(pCurve, EC_GROUP_get0_generator(pCurve.data()));
+-
+-	auto order = EcUtil::create(BN_new());
+-	if (!EC_GROUP_get_order(pCurve.data(), order.data(), nullptr))
+-	{
+-		qCCritical(card) << "Cannot fetch order";
+-		return nullptr;
+-	}
+-
+-	auto cofactor = EcUtil::create(BN_new());
+-	if (!EC_GROUP_get_cofactor(pCurve.data(), cofactor.data(), nullptr))
+-	{
+-		qCCritical(card) << "Cannot fetch cofactor";
+-		return nullptr;
+-	}
+-
+-	auto p = EcUtil::create(BN_new());
+-	auto a = EcUtil::create(BN_new());
+-	auto b = EcUtil::create(BN_new());
+-	if (!EC_GROUP_get_curve(pCurve.data(), p.data(), a.data(), b.data(), nullptr))
+-	{
+-		qCCritical(card) << "Cannot fetch a, b or p";
+-		return nullptr;
+-	}
+-
+-	const auto& params = EcUtil::create([&p, &a, &b, &order, &cofactor, &generator](OSSL_PARAM_BLD* pBuilder){
+-			return OSSL_PARAM_BLD_push_BN(pBuilder, "p", p.data())
+-				   && OSSL_PARAM_BLD_push_BN(pBuilder, "a", a.data())
+-				   && OSSL_PARAM_BLD_push_BN(pBuilder, "b", b.data())
+-				   && OSSL_PARAM_BLD_push_BN(pBuilder, "order", order.data())
+-				   && OSSL_PARAM_BLD_push_BN(pBuilder, "cofactor", cofactor.data())
+-				   && OSSL_PARAM_BLD_push_octet_string(pBuilder, "generator", generator.data(), static_cast<size_t>(generator.size()))
+-				   && OSSL_PARAM_BLD_push_utf8_string(pBuilder, "field-type", "prime-field", 12);
+-		});
+-
+-	if (params == nullptr)
+-	{
+-		qCCritical(card) << "Cannot set parameter";
+-		return nullptr;
+-	}
+-
+-	auto ctx = EcUtil::create(EVP_PKEY_CTX_new_from_name(nullptr, "EC", nullptr));
+-	if (!ctx)
+-	{
+-		qCCritical(card) << "Cannot create EVP_PKEY_CTX";
+-		return nullptr;
+-	}
+-	EVP_PKEY_keygen_init(ctx.data());
+-
+-	if (!EVP_PKEY_CTX_set_params(ctx.data(), params.data()))
+-	{
+-		qCCritical(card) << "Cannot set params to EVP_PKEY_CTX";
+-		return nullptr;
+-	}
+-
+-	EVP_PKEY* key = nullptr;
+-	if (!EVP_PKEY_generate(ctx.data(), &key))
+-	{
+-		qCCritical(card) << "Cannot create EVP_PKEY";
+-		return nullptr;
+-	}
+-
+-	return EcUtil::create(key);
+-}
+-
+-
+-#else
+ QSharedPointer<EC_KEY> EcUtil::generateKey(const QSharedPointer<const EC_GROUP>& pCurve)
+ {
+ 	if (pCurve.isNull())
+@@ -257,6 +126,3 @@ QSharedPointer<EC_KEY> EcUtil::generateKey(const QSharedPointer<const EC_GROUP>&
+ 
+ 	return key;
+ }
+-
+-
+-#endif
+diff --git a/src/card/base/pace/ec/EcUtil.h b/src/card/base/pace/ec/EcUtil.h
+index b575341..f7db521 100644
+--- a/src/card/base/pace/ec/EcUtil.h
++++ b/src/card/base/pace/ec/EcUtil.h
+@@ -32,9 +32,7 @@ class EcUtil
+ 
+ 		static QSharedPointer<EC_GROUP> create(EC_GROUP* pEcGroup);
+ 
+-#if OPENSSL_VERSION_NUMBER < 0x30000000L
+ 		static QSharedPointer<EC_KEY> create(EC_KEY* pEcKey);
+-#endif
+ 
+ 		static QSharedPointer<EC_POINT> create(EC_POINT* pEcPoint);
+ 
+@@ -44,14 +42,7 @@ class EcUtil
+ 
+ 		static QSharedPointer<EVP_PKEY_CTX> create(EVP_PKEY_CTX* pEcGroup);
+ 
+-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+-		static QByteArray getEncodedPublicKey(const QSharedPointer<EVP_PKEY>& pKey);
+-		static QSharedPointer<BIGNUM> getPrivateKey(const QSharedPointer<const EVP_PKEY>& pKey);
+-		static QSharedPointer<OSSL_PARAM> create(const std::function<bool(OSSL_PARAM_BLD* pBuilder)>& pFunc);
+-		static QSharedPointer<EVP_PKEY> generateKey(const QSharedPointer<const EC_GROUP>& pCurve);
+-#else
+ 		static QSharedPointer<EC_KEY> generateKey(const QSharedPointer<const EC_GROUP>& pCurve);
+-#endif
+ 
+ 		static QSharedPointer<EC_GROUP> createCurve(int pNid);
+ };
+@@ -68,7 +59,6 @@ inline QSharedPointer<EC_GROUP> EcUtil::create(EC_GROUP* pEcGroup)
+ }
+ 
+ 
+-#if OPENSSL_VERSION_NUMBER < 0x30000000L
+ inline QSharedPointer<EC_KEY> EcUtil::create(EC_KEY* pEcKey)
+ {
+ 	static auto deleter = [](EC_KEY* ecKey)
+@@ -80,8 +70,6 @@ inline QSharedPointer<EC_KEY> EcUtil::create(EC_KEY* pEcKey)
+ }
+ 
+ 
+-#endif
+-
+ inline QSharedPointer<EC_POINT> EcUtil::create(EC_POINT* pEcPoint)
+ {
+ 	static auto deleter = [](EC_POINT* ecPoint)
+diff --git a/src/card/simulator/SimulatorCard.cpp b/src/card/simulator/SimulatorCard.cpp
+index 87491d7..2da83b1 100644
+--- a/src/card/simulator/SimulatorCard.cpp
++++ b/src/card/simulator/SimulatorCard.cpp
+@@ -22,9 +22,7 @@
+ #include <QScopeGuard>
+ #include <QThread>
+ #include <QtEndian>
+-#if OPENSSL_VERSION_NUMBER < 0x30000000L
+-	#include <openssl/bn.h>
+-#endif
++#include <openssl/bn.h>
+ 
+ 
+ using namespace governikus;
+@@ -369,12 +367,8 @@ ResponseApduResult SimulatorCard::executeGeneralAuthenticate(const CommandApdu&
+ 				mPaceTerminalKey = cmdData.getData(V_ASN1_CONTEXT_SPECIFIC, ASN1Struct::PACE_EPHEMERAL_PUBLIC_KEY);
+ 
+ 				auto asn1KeyAgreement = newObject<GA_PERFORMKEYAGREEMENTDATA>();
+-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+-				const auto& encodedPublicKey = EcUtil::getEncodedPublicKey(mCardKey);
+-#else
+ 				const auto& curve = EcUtil::create(EC_GROUP_dup(EC_KEY_get0_group(mCardKey.data())));
+ 				const auto& encodedPublicKey = EcUtil::point2oct(curve, EC_KEY_get0_public_key(mCardKey.data()));
+-#endif
+ 				Asn1OctetStringUtil::setValue(encodedPublicKey, asn1KeyAgreement->mEphemeralPublicKey);
+ 				responseData = encodeObject(asn1KeyAgreement.data());
+ 				break;
+@@ -461,42 +455,6 @@ QByteArray SimulatorCard::ecMultiplication(const QByteArray& pPoint) const
+ 		return QByteArray();
+ 	}
+ 
+-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+-	const auto& terminalKey = EcUtil::create(EVP_PKEY_new());
+-	if (terminalKey.isNull() || EVP_PKEY_copy_parameters(terminalKey.data(), mCardKey.data()) == 0)
+-	{
+-		qCCritical(card_simulator) << "Initialization of the terminal key failed";
+-		return QByteArray();
+-	}
+-	if (!EVP_PKEY_set1_encoded_public_key(
+-			terminalKey.data(),
+-			reinterpret_cast<const unsigned char*>(pPoint.data()),
+-			static_cast<size_t>(pPoint.length())))
+-	{
+-		qCCritical(card_simulator) << "Interpreting the terminal key failed";
+-		return QByteArray();
+-	}
+-
+-	const auto& ctx = EcUtil::create(EVP_PKEY_CTX_new_from_pkey(nullptr, mCardKey.data(), nullptr));
+-	size_t resultLen = 0;
+-	if (EVP_PKEY_derive_init(ctx.data()) <= 0
+-			|| EVP_PKEY_derive_set_peer(ctx.data(), terminalKey.data()) <= 0
+-			|| EVP_PKEY_derive(ctx.data(), nullptr, &resultLen) <= 0)
+-	{
+-		qCCritical(card_simulator) << "Initialization or calculation of the result failed";
+-		return QByteArray();
+-	}
+-
+-	QByteArray result(static_cast<qsizetype>(resultLen), '\0');
+-	if (EVP_PKEY_derive(ctx.data(), reinterpret_cast<uchar*>(result.data()), &resultLen) <= 0)
+-	{
+-		qCCritical(card_simulator) << "Calculation of the result failed";
+-		return QByteArray();
+-	}
+-
+-	return result;
+-
+-#else
+ 	const auto& curve = EcUtil::create(EC_GROUP_dup(EC_KEY_get0_group(mCardKey.data())));
+ 	auto point = EcUtil::oct2point(curve, pPoint);
+ 	if (!point)
+@@ -515,7 +473,6 @@ QByteArray SimulatorCard::ecMultiplication(const QByteArray& pPoint) const
+ 
+ 	return EcUtil::point2oct(curve, result.data(), true);
+ 
+-#endif
+ }
+ 
+ 
+diff --git a/src/card/simulator/SimulatorCard.h b/src/card/simulator/SimulatorCard.h
+index b709d17..23f858b 100644
+--- a/src/card/simulator/SimulatorCard.h
++++ b/src/card/simulator/SimulatorCard.h
+@@ -35,11 +35,7 @@ class SimulatorCard
+ 		QSharedPointer<CHAT> mPaceChat;
+ 		QByteArray mPaceNonce;
+ 		QByteArray mPaceTerminalKey;
+-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+-		QSharedPointer<EVP_PKEY> mCardKey;
+-#else
+ 		QSharedPointer<EC_KEY> mCardKey;
+-#endif
+ 		QSharedPointer<AuthenticatedAuxiliaryData> mTaAuxData;
+ 
+ 	public:
+diff --git a/src/card/simulator/SimulatorFileSystem.cpp b/src/card/simulator/SimulatorFileSystem.cpp
+index 122ca4f..046d540 100644
+--- a/src/card/simulator/SimulatorFileSystem.cpp
++++ b/src/card/simulator/SimulatorFileSystem.cpp
+@@ -327,11 +327,7 @@ QByteArray SimulatorFileSystem::getEfCardAccess() const
+ }
+ 
+ 
+-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+-QSharedPointer<EVP_PKEY> SimulatorFileSystem::getKey(int pKeyId) const
+-#else
+ QSharedPointer<EC_KEY> SimulatorFileSystem::getKey(int pKeyId) const
+-#endif
+ {
+ 	if (!mKeys.contains(pKeyId))
+ 	{
+@@ -347,13 +343,8 @@ QSharedPointer<EC_KEY> SimulatorFileSystem::getKey(int pKeyId) const
+ 		return nullptr;
+ 	}
+ 
+-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+-	return privateKey;
+-
+-#else
+ 	return EcUtil::create(EVP_PKEY_get1_EC_KEY(privateKey.data()));
+ 
+-#endif
+ }
+ 
+ 
+diff --git a/src/card/simulator/SimulatorFileSystem.h b/src/card/simulator/SimulatorFileSystem.h
+index cb9704b..44d4054 100644
+--- a/src/card/simulator/SimulatorFileSystem.h
++++ b/src/card/simulator/SimulatorFileSystem.h
+@@ -38,11 +38,7 @@ class SimulatorFileSystem
+ 		[[nodiscard]] StatusCode write(qsizetype pOffset, const QByteArray& pData);
+ 
+ 		[[nodiscard]] QByteArray getEfCardAccess() const;
+-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+-		[[nodiscard]] QSharedPointer<EVP_PKEY> getKey(int pKeyId) const;
+-#else
+ 		[[nodiscard]] QSharedPointer<EC_KEY> getKey(int pKeyId) const;
+-#endif
+ 
+ 		[[nodiscard]] StatusCode verify(const Oid& pOid, const QSharedPointer<AuthenticatedAuxiliaryData>& pAuxiliaryData) const;
+ 
+-- 
+2.45.2
+

AusweisApp.changes

@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Fri Nov  1 08:19:20 UTC 2024 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
+
+- Add patch from Fedora to enforce use of legacy OpenSSL API
+  + 0001-use-legacy-openssl-api.patch (bsc#1231686)
+
 -------------------------------------------------------------------
 Wed Oct 23 13:41:45 UTC 2024 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
 

AusweisApp.spec

@@ -24,6 +24,8 @@ License:        EUPL-1.2
 Group:          Productivity/Security
 URL:            https://www.ausweisapp.bund.de
 Source0:        https://github.com/Governikus/AusweisApp2/archive/%{version}.tar.gz
+# PATCH-FIX-OPENSUSE - Enforce use of old OpenSSL API (bsc#1231686)
+Patch0:         0001-use-legacy-openssl-api.patch
 BuildRequires:  cmake
 %if 0%{?suse_version} > 1500
 BuildRequires:  gcc-c++
@@ -64,6 +66,7 @@ reader or compatible NFC smart phone is required.
 
 %prep
 %setup -q -n %{name}-%{version}
+%patch -P0 -p1
 
 %build
 %if 0%{?suse_version} <= 1500