1 files changed, 252 insertions, 0 deletions
diff --git a/meta-tpm2/recipes-tpm/tpm2-tss/tpm2-tss/0001-Drop-support-for-OpenSSL-1.1.0.patch b/meta-tpm2/recipes-tpm/tpm2-tss/tpm2-tss/0001-Drop-support-for-OpenSSL-1.1.0.patch
new file mode 100644
index 0000000..e1ce4c5
--- /dev/null
+++ b/meta-tpm2/recipes-tpm/tpm2-tss/tpm2-tss/0001-Drop-support-for-OpenSSL-1.1.0.patch
@@ -0,0 +1,252 @@
+From a53f01711b840ba6ab2f127ea4f0512e60a56728 Mon Sep 17 00:00:00 2001
+From: Petr Gotthard <petr.gotthard@centrum.cz>
+Date: Sun, 18 Jul 2021 20:21:01 +0200
+Subject: [PATCH] Drop support for OpenSSL < 1.1.0
+Delete code written to support OpenSSL < 1.1.0
+Delete functions that have no effect in OpenSSL >= 1.1.0
+ - ENGINE_load_builtin_engines()
+ - OpenSSL_add_all_algorithms()
+ - ERR_load_crypto_strings()
+ - EC_KEY_set_asn1_flag(ecKey, OPENSSL_EC_NAMED_CURVE)
+Switch AppVeyor to use pre-built OpenSSL 1.1.0
+Signed-off-by: Petr Gotthard <petr.gotthard@centrum.cz>
+Upstream-Status: Backport
+[https://github.com/tpm2-software/tpm2-tss/commit/73d25d6834ad362f9a9a907cb78452deaa336ec0]
+Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
+---
+ src/tss2-esys/esys_crypto_ossl.c | 19 ----------------
+ src/tss2-fapi/fapi_crypto.c      | 37 --------------------------------
+ test/helper/tpm_getek.c          | 11 ----------
+ test/helper/tpm_getek_ecc.c      |  9 --------
+ 4 files changed, 76 deletions(-)
+diff --git a/src/tss2-esys/esys_crypto_ossl.c b/src/tss2-esys/esys_crypto_ossl.c
+index 2746856..12dc6d9 100644
+--- a/src/tss2-esys/esys_crypto_ossl.c
+++ b/src/tss2-esys/esys_crypto_ossl.c
+@@ -525,11 +525,7 @@ iesys_cryptossl_random2b(TPM2B_NONCE * nonce, size_t num_bytes)
+         nonce->size = num_bytes;
+     }
+ 
+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+     RAND_set_rand_method(RAND_OpenSSL());
+-#else
+-    RAND_set_rand_method(RAND_SSLeay());
+-#endif
+     if (1 != RAND_bytes(&nonce->buffer[0], nonce->size)) {
+         RAND_set_rand_method(rand_save);
+         return_error(TSS2_ESYS_RC_GENERAL_FAILURE,
+@@ -563,11 +559,7 @@ iesys_cryptossl_pk_encrypt(TPM2B_PUBLIC * pub_tpm_key,
+                            size_t * out_size, const char *label)
+ {
+     const RAND_METHOD *rand_save = RAND_get_rand_method();
+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+     RAND_set_rand_method(RAND_OpenSSL());
+-#else
+-    RAND_set_rand_method(RAND_SSLeay());
+-#endif
+ 
+     TSS2_RC r = TSS2_RC_SUCCESS;
+     const EVP_MD * hashAlg = NULL;
+@@ -630,14 +622,6 @@ iesys_cryptossl_pk_encrypt(TPM2B_PUBLIC * pub_tpm_key,
+         goto_error(r, TSS2_ESYS_RC_GENERAL_FAILURE,
+                    "Could not create evp key.", cleanup);
+     }
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+-    if (!BN_bin2bn(pub_tpm_key->publicArea.unique.rsa.buffer,
+-                           pub_tpm_key->publicArea.unique.rsa.size,
+-                           rsa_key->n)) {
+-        goto_error(r, TSS2_ESYS_RC_GENERAL_FAILURE,
+-                   "Could not create rsa n.", cleanup);
+-    }
+-#else
+     BIGNUM *n = NULL;
+     if (!(n = BN_bin2bn(pub_tpm_key->publicArea.unique.rsa.buffer,
+                         pub_tpm_key->publicArea.unique.rsa.size,
+@@ -650,7 +634,6 @@ iesys_cryptossl_pk_encrypt(TPM2B_PUBLIC * pub_tpm_key,
+         goto_error(r, TSS2_ESYS_RC_GENERAL_FAILURE,
+                    "Could not set rsa n.", cleanup);
+     }
+-#endif
+ 
+     if (1 != EVP_PKEY_set1_RSA(evp_rsa_key, rsa_key)) {
+         goto_error(r, TSS2_ESYS_RC_GENERAL_FAILURE,
+@@ -1129,7 +1112,5 @@ iesys_cryptossl_sym_aes_decrypt(uint8_t * key,
+  */
+ TSS2_RC
+ iesys_cryptossl_init() {
+-    ENGINE_load_builtin_engines();
+-    OpenSSL_add_all_algorithms();
+     return TSS2_RC_SUCCESS;
+ }
+diff --git a/src/tss2-fapi/fapi_crypto.c b/src/tss2-fapi/fapi_crypto.c
+index ea68197..5e8fbc8 100644
+--- a/src/tss2-fapi/fapi_crypto.c
+++ b/src/tss2-fapi/fapi_crypto.c
+@@ -333,12 +333,7 @@ ifapi_tpm_ecc_sig_to_der(
+                     tpmSignature->signature.ecdsa.signatureR.size, NULL);
+     goto_if_null(bnr, "Out of memory", TSS2_FAPI_RC_MEMORY, cleanup);
+ 
+-#if OPENSSL_VERSION_NUMBER < 0x10100000
+-    ecdsaSignature->s = bns;
+-    ecdsaSignature->r = bnr;
+-#else /* OPENSSL_VERSION_NUMBER < 0x10100000 */
+     ECDSA_SIG_set0(ecdsaSignature, bnr, bns);
+-#endif /* OPENSSL_VERSION_NUMBER < 0x10100000 */
+ 
+     osslRC = i2d_ECDSA_SIG(ecdsaSignature, NULL);
+     if (osslRC == -1) {
+@@ -424,20 +419,9 @@ ossl_rsa_pub_from_tpm(const TPM2B_PUBLIC *tpmPublicKey, EVP_PKEY *evpPublicKey)
+                    "Could not set exponent.", error_cleanup);
+     }
+ 
+-#if OPENSSL_VERSION_NUMBER < 0x10100000
+-    rsa->e = e;
+-    rsa->n = n;
+-    rsa->d = d;
+-    rsa->p = p;
+-    rsa->q = q;
+-    rsa->dmp1 = dmp1;
+-    rsa->dmq1 = dmq1;
+-    rsa->iqmp = iqmp;
+-#else /* OPENSSL_VERSION_NUMBER < 0x10100000 */
+     RSA_set0_key(rsa, n, e, d);
+     RSA_set0_factors(rsa, p, q);
+     RSA_set0_crt_params(rsa, dmp1, dmq1, iqmp);
+-#endif /* OPENSSL_VERSION_NUMBER < 0x10100000 */
+ 
+     /* Assign the parameters to the key */
+     if (!EVP_PKEY_assign_RSA(evpPublicKey, rsa)) {
+@@ -541,8 +525,6 @@ ossl_ecc_pub_from_tpm(const TPM2B_PUBLIC *tpmPublicKey, EVP_PKEY *evpPublicKey)
+         goto_error(r, TSS2_FAPI_RC_GENERAL_FAILURE, "Assign ecc key",
+                    error_cleanup);
+     }
+-    /* Needed for older OSSL versions. */
+-    EC_KEY_set_asn1_flag(ecKey, OPENSSL_EC_NAMED_CURVE);
+     OSSL_FREE(y, BN);
+     OSSL_FREE(x, BN);
+     return TSS2_RC_SUCCESS;
+@@ -654,24 +636,14 @@ ifapi_ecc_der_sig_to_tpm(
+ 
+     /* Initialize the ECDSA signature components */
+     ECDSA_SIG *ecdsaSignature = NULL;
+-#if OPENSSL_VERSION_NUMBER < 0x10100000
+-    BIGNUM *bnr;
+-    BIGNUM *bns;
+-#else /* OPENSSL_VERSION_NUMBER < 0x10100000 */
+     const BIGNUM *bnr;
+     const BIGNUM *bns;
+-#endif /* OPENSSL_VERSION_NUMBER < 0x10100000 */
+ 
+     d2i_ECDSA_SIG(&ecdsaSignature, &signature, signatureSize);
+     return_if_null(ecdsaSignature, "Invalid DER signature",
+                    TSS2_FAPI_RC_GENERAL_FAILURE);
+ 
+-#if OPENSSL_VERSION_NUMBER < 0x10100000
+-    bns = ecdsaSignature->s;
+-    bnr = ecdsaSignature->r;
+-#else /* OPENSSL_VERSION_NUMBER < 0x10100000 */
+     ECDSA_SIG_get0(ecdsaSignature, &bnr, &bns);
+-#endif /* OPENSSL_VERSION_NUMBER < 0x10100000 */
+ 
+     /* Writing them to the TPM format signature */
+     tpmSignature->signature.ecdsa.hash = hashAlgorithm;
+@@ -933,12 +905,7 @@ get_rsa_tpm2b_public_from_evp(
+     const BIGNUM *e = NULL, *n = NULL;
+     int rsaKeySize = RSA_size(rsaKey);
+ 
+-#if OPENSSL_VERSION_NUMBER < 0x10100000
+-    e = rsaKey->e;
+-    n = rsaKey->n;
+-#else /* OPENSSL_VERSION_NUMBER < 0x10100000 */
+     RSA_get0_key(rsaKey, &n, &e, NULL);
+-#endif /* OPENSSL_VERSION_NUMBER < 0x10100000 */
+     tpmPublic->publicArea.unique.rsa.size = rsaKeySize;
+     if (1 != ifapi_bn2binpad(n, &tpmPublic->publicArea.unique.rsa.buffer[0],
+                              rsaKeySize)) {
+@@ -1650,8 +1617,6 @@ get_crl_from_cert(X509 *cert, X509_CRL **crl)
+         goto_error(r, TSS2_FAPI_RC_NO_CERT, "Get crl.", cleanup);
+     }
+ 
+-    OpenSSL_add_all_algorithms();
+-
+     unsigned const char* tmp_ptr1 = crl_buffer;
+     unsigned const char** tmp_ptr2 = &tmp_ptr1;
+ 
+@@ -1935,7 +1900,6 @@ ifapi_verify_ek_cert(
+                       r, TSS2_FAPI_RC_BAD_VALUE, cleanup);
+     } else {
+         /* Get uri for ek intermediate certificate. */
+-        OpenSSL_add_all_algorithms();
+         info = X509_get_ext_d2i(ek_cert, NID_info_access, NULL, NULL);
+ 
+         for (i = 0; i < sk_ACCESS_DESCRIPTION_num(info); i++) {
+@@ -1955,7 +1919,6 @@ ifapi_verify_ek_cert(
+         goto_if_null2(cert_buffer, "No certificate downloaded", r,
+                       TSS2_FAPI_RC_NO_CERT, cleanup);
+ 
+-        OpenSSL_add_all_algorithms();
+         intermed_cert = get_cert_from_buffer(cert_buffer, cert_buffer_size);
+ 
+         SAFE_FREE(cert_buffer);
+diff --git a/test/helper/tpm_getek.c b/test/helper/tpm_getek.c
+index 02d88b0..3cd7b9f 100644
+--- a/test/helper/tpm_getek.c
+++ b/test/helper/tpm_getek.c
+@@ -134,20 +134,9 @@ main (int argc, char *argv[])
+         exp = out_public.publicArea.parameters.rsaDetail.exponent;
+     BN_set_word(e, exp);
+ 
+-#if OPENSSL_VERSION_NUMBER < 0x10100000
+-    rsa->e = e;
+-    rsa->n = n;
+-    rsa->d = d;
+-    rsa->p = p;
+-    rsa->q = q;
+-    rsa->dmp1 = dmp1;
+-    rsa->dmq1 = dmq1;
+-    rsa->iqmp = iqmp;
+-#else /* OPENSSL_VERSION_NUMBER < 0x10100000 */
+     RSA_set0_key(rsa, n, e, d);
+     RSA_set0_factors(rsa, p, q);
+     RSA_set0_crt_params(rsa, dmp1, dmq1, iqmp);
+-#endif /* OPENSSL_VERSION_NUMBER < 0x10100000 */
+ 
+     EVP_PKEY_assign_RSA(evp, rsa);
+ 
+diff --git a/test/helper/tpm_getek_ecc.c b/test/helper/tpm_getek_ecc.c
+index e7f3dec..e389f18 100644
+--- a/test/helper/tpm_getek_ecc.c
+++ b/test/helper/tpm_getek_ecc.c
+@@ -128,14 +128,6 @@ main (int argc, char *argv[])
+     /* Convert the key from out_public to PEM */
+ 
+     EVP_PKEY *evp = EVP_PKEY_new();
+-
+-    OpenSSL_add_all_algorithms();
+-
+-    OpenSSL_add_all_algorithms();
+-
+-    ERR_load_crypto_strings();
+-
+-
+     EC_KEY *ecc_key = EC_KEY_new();
+     BIGNUM *x = NULL, *y = NULL;
+     BIO *bio = BIO_new_fp(stdout, BIO_NOCLOSE);
+@@ -147,7 +139,6 @@ main (int argc, char *argv[])
+     if (!EC_KEY_set_group(ecc_key, ecgroup))
+         exit(1);
+ 
+-    EC_KEY_set_asn1_flag(ecc_key, OPENSSL_EC_NAMED_CURVE);
+     EC_GROUP_free(ecgroup);
+ 
+     /* Set the ECC parameters in the OpenSSL key */
+-- 
+2.17.1

diff --git a/meta-tpm2/recipes-tpm/tpm2-tss/tpm2-tss/0001-Drop-support-for-OpenSSL-1.1.0.patch b/meta-tpm2/recipes-tpm/tpm2-tss/tpm2-tss/0001-Drop-support-for-OpenSSL-1.1.0.patch new file mode 100644 index 0000000..e1ce4c5 --- /dev/null +++ b/meta-tpm2/recipes-tpm/tpm2-tss/tpm2-tss/0001-Drop-support-for-OpenSSL-1.1.0.patch
@@ -0,0 +1,252 @@
	1	From a53f01711b840ba6ab2f127ea4f0512e60a56728 Mon Sep 17 00:00:00 2001
	2	From: Petr Gotthard <petr.gotthard@centrum.cz>
	3	Date: Sun, 18 Jul 2021 20:21:01 +0200
	4	Subject: [PATCH] Drop support for OpenSSL < 1.1.0
	5
	6	Delete code written to support OpenSSL < 1.1.0
	7
	8	Delete functions that have no effect in OpenSSL >= 1.1.0
	9	- ENGINE_load_builtin_engines()
	10	- OpenSSL_add_all_algorithms()
	11	- ERR_load_crypto_strings()
	12	- EC_KEY_set_asn1_flag(ecKey, OPENSSL_EC_NAMED_CURVE)
	13
	14	Switch AppVeyor to use pre-built OpenSSL 1.1.0
	15
	16	Signed-off-by: Petr Gotthard <petr.gotthard@centrum.cz>
	17
	18	Upstream-Status: Backport
	19	[https://github.com/tpm2-software/tpm2-tss/commit/73d25d6834ad362f9a9a907cb78452deaa336ec0]
	20
	21	Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
	22	---
	23	src/tss2-esys/esys_crypto_ossl.c \| 19 ----------------
	24	src/tss2-fapi/fapi_crypto.c \| 37 --------------------------------
	25	test/helper/tpm_getek.c \| 11 ----------
	26	test/helper/tpm_getek_ecc.c \| 9 --------
	27	4 files changed, 76 deletions(-)
	28
	29	diff --git a/src/tss2-esys/esys_crypto_ossl.c b/src/tss2-esys/esys_crypto_ossl.c
	30	index 2746856..12dc6d9 100644
	31	--- a/src/tss2-esys/esys_crypto_ossl.c
	32	+++ b/src/tss2-esys/esys_crypto_ossl.c
	33	@@ -525,11 +525,7 @@ iesys_cryptossl_random2b(TPM2B_NONCE * nonce, size_t num_bytes)
	34	nonce->size = num_bytes;
	35	}
	36
	37	-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
	38	RAND_set_rand_method(RAND_OpenSSL());
	39	-#else
	40	- RAND_set_rand_method(RAND_SSLeay());
	41	-#endif
	42	if (1 != RAND_bytes(&nonce->buffer[0], nonce->size)) {
	43	RAND_set_rand_method(rand_save);
	44	return_error(TSS2_ESYS_RC_GENERAL_FAILURE,
	45	@@ -563,11 +559,7 @@ iesys_cryptossl_pk_encrypt(TPM2B_PUBLIC * pub_tpm_key,
	46	size_t * out_size, const char *label)
	47	{
	48	const RAND_METHOD *rand_save = RAND_get_rand_method();
	49	-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
	50	RAND_set_rand_method(RAND_OpenSSL());
	51	-#else
	52	- RAND_set_rand_method(RAND_SSLeay());
	53	-#endif
	54
	55	TSS2_RC r = TSS2_RC_SUCCESS;
	56	const EVP_MD * hashAlg = NULL;
	57	@@ -630,14 +622,6 @@ iesys_cryptossl_pk_encrypt(TPM2B_PUBLIC * pub_tpm_key,
	58	goto_error(r, TSS2_ESYS_RC_GENERAL_FAILURE,
	59	"Could not create evp key.", cleanup);
	60	}
	61	-#if OPENSSL_VERSION_NUMBER < 0x10100000L
	62	- if (!BN_bin2bn(pub_tpm_key->publicArea.unique.rsa.buffer,
	63	- pub_tpm_key->publicArea.unique.rsa.size,
	64	- rsa_key->n)) {
	65	- goto_error(r, TSS2_ESYS_RC_GENERAL_FAILURE,
	66	- "Could not create rsa n.", cleanup);
	67	- }
	68	-#else
	69	BIGNUM *n = NULL;
	70	if (!(n = BN_bin2bn(pub_tpm_key->publicArea.unique.rsa.buffer,
	71	pub_tpm_key->publicArea.unique.rsa.size,
	72	@@ -650,7 +634,6 @@ iesys_cryptossl_pk_encrypt(TPM2B_PUBLIC * pub_tpm_key,
	73	goto_error(r, TSS2_ESYS_RC_GENERAL_FAILURE,
	74	"Could not set rsa n.", cleanup);
	75	}
	76	-#endif
	77
	78	if (1 != EVP_PKEY_set1_RSA(evp_rsa_key, rsa_key)) {
	79	goto_error(r, TSS2_ESYS_RC_GENERAL_FAILURE,
	80	@@ -1129,7 +1112,5 @@ iesys_cryptossl_sym_aes_decrypt(uint8_t * key,
	81	*/
	82	TSS2_RC
	83	iesys_cryptossl_init() {
	84	- ENGINE_load_builtin_engines();
	85	- OpenSSL_add_all_algorithms();
	86	return TSS2_RC_SUCCESS;
	87	}
	88	diff --git a/src/tss2-fapi/fapi_crypto.c b/src/tss2-fapi/fapi_crypto.c
	89	index ea68197..5e8fbc8 100644
	90	--- a/src/tss2-fapi/fapi_crypto.c
	91	+++ b/src/tss2-fapi/fapi_crypto.c
	92	@@ -333,12 +333,7 @@ ifapi_tpm_ecc_sig_to_der(
	93	tpmSignature->signature.ecdsa.signatureR.size, NULL);
	94	goto_if_null(bnr, "Out of memory", TSS2_FAPI_RC_MEMORY, cleanup);
	95
	96	-#if OPENSSL_VERSION_NUMBER < 0x10100000
	97	- ecdsaSignature->s = bns;
	98	- ecdsaSignature->r = bnr;
	99	-#else /* OPENSSL_VERSION_NUMBER < 0x10100000 */
	100	ECDSA_SIG_set0(ecdsaSignature, bnr, bns);
	101	-#endif /* OPENSSL_VERSION_NUMBER < 0x10100000 */
	102
	103	osslRC = i2d_ECDSA_SIG(ecdsaSignature, NULL);
	104	if (osslRC == -1) {
	105	@@ -424,20 +419,9 @@ ossl_rsa_pub_from_tpm(const TPM2B_PUBLIC tpmPublicKey, EVP_PKEY evpPublicKey)
	106	"Could not set exponent.", error_cleanup);
	107	}
	108
	109	-#if OPENSSL_VERSION_NUMBER < 0x10100000
	110	- rsa->e = e;
	111	- rsa->n = n;
	112	- rsa->d = d;
	113	- rsa->p = p;
	114	- rsa->q = q;
	115	- rsa->dmp1 = dmp1;
	116	- rsa->dmq1 = dmq1;
	117	- rsa->iqmp = iqmp;
	118	-#else /* OPENSSL_VERSION_NUMBER < 0x10100000 */
	119	RSA_set0_key(rsa, n, e, d);
	120	RSA_set0_factors(rsa, p, q);
	121	RSA_set0_crt_params(rsa, dmp1, dmq1, iqmp);
	122	-#endif /* OPENSSL_VERSION_NUMBER < 0x10100000 */
	123
	124	/* Assign the parameters to the key */
	125	if (!EVP_PKEY_assign_RSA(evpPublicKey, rsa)) {
	126	@@ -541,8 +525,6 @@ ossl_ecc_pub_from_tpm(const TPM2B_PUBLIC tpmPublicKey, EVP_PKEY evpPublicKey)
	127	goto_error(r, TSS2_FAPI_RC_GENERAL_FAILURE, "Assign ecc key",
	128	error_cleanup);
	129	}
	130	- /* Needed for older OSSL versions. */
	131	- EC_KEY_set_asn1_flag(ecKey, OPENSSL_EC_NAMED_CURVE);
	132	OSSL_FREE(y, BN);
	133	OSSL_FREE(x, BN);
	134	return TSS2_RC_SUCCESS;
	135	@@ -654,24 +636,14 @@ ifapi_ecc_der_sig_to_tpm(
	136
	137	/* Initialize the ECDSA signature components */
	138	ECDSA_SIG *ecdsaSignature = NULL;
	139	-#if OPENSSL_VERSION_NUMBER < 0x10100000
	140	- BIGNUM *bnr;
	141	- BIGNUM *bns;
	142	-#else /* OPENSSL_VERSION_NUMBER < 0x10100000 */
	143	const BIGNUM *bnr;
	144	const BIGNUM *bns;
	145	-#endif /* OPENSSL_VERSION_NUMBER < 0x10100000 */
	146
	147	d2i_ECDSA_SIG(&ecdsaSignature, &signature, signatureSize);
	148	return_if_null(ecdsaSignature, "Invalid DER signature",
	149	TSS2_FAPI_RC_GENERAL_FAILURE);
	150
	151	-#if OPENSSL_VERSION_NUMBER < 0x10100000
	152	- bns = ecdsaSignature->s;
	153	- bnr = ecdsaSignature->r;
	154	-#else /* OPENSSL_VERSION_NUMBER < 0x10100000 */
	155	ECDSA_SIG_get0(ecdsaSignature, &bnr, &bns);
	156	-#endif /* OPENSSL_VERSION_NUMBER < 0x10100000 */
	157
	158	/* Writing them to the TPM format signature */
	159	tpmSignature->signature.ecdsa.hash = hashAlgorithm;
	160	@@ -933,12 +905,7 @@ get_rsa_tpm2b_public_from_evp(
	161	const BIGNUM e = NULL, n = NULL;
	162	int rsaKeySize = RSA_size(rsaKey);
	163
	164	-#if OPENSSL_VERSION_NUMBER < 0x10100000
	165	- e = rsaKey->e;
	166	- n = rsaKey->n;
	167	-#else /* OPENSSL_VERSION_NUMBER < 0x10100000 */
	168	RSA_get0_key(rsaKey, &n, &e, NULL);
	169	-#endif /* OPENSSL_VERSION_NUMBER < 0x10100000 */
	170	tpmPublic->publicArea.unique.rsa.size = rsaKeySize;
	171	if (1 != ifapi_bn2binpad(n, &tpmPublic->publicArea.unique.rsa.buffer[0],
	172	rsaKeySize)) {
	173	@@ -1650,8 +1617,6 @@ get_crl_from_cert(X509 cert, X509_CRL *crl)
	174	goto_error(r, TSS2_FAPI_RC_NO_CERT, "Get crl.", cleanup);
	175	}
	176
	177	- OpenSSL_add_all_algorithms();
	178	-
	179	unsigned const char* tmp_ptr1 = crl_buffer;
	180	unsigned const char** tmp_ptr2 = &tmp_ptr1;
	181
	182	@@ -1935,7 +1900,6 @@ ifapi_verify_ek_cert(
	183	r, TSS2_FAPI_RC_BAD_VALUE, cleanup);
	184	} else {
	185	/* Get uri for ek intermediate certificate. */
	186	- OpenSSL_add_all_algorithms();
	187	info = X509_get_ext_d2i(ek_cert, NID_info_access, NULL, NULL);
	188
	189	for (i = 0; i < sk_ACCESS_DESCRIPTION_num(info); i++) {
	190	@@ -1955,7 +1919,6 @@ ifapi_verify_ek_cert(
	191	goto_if_null2(cert_buffer, "No certificate downloaded", r,
	192	TSS2_FAPI_RC_NO_CERT, cleanup);
	193
	194	- OpenSSL_add_all_algorithms();
	195	intermed_cert = get_cert_from_buffer(cert_buffer, cert_buffer_size);
	196
	197	SAFE_FREE(cert_buffer);
	198	diff --git a/test/helper/tpm_getek.c b/test/helper/tpm_getek.c
	199	index 02d88b0..3cd7b9f 100644
	200	--- a/test/helper/tpm_getek.c
	201	+++ b/test/helper/tpm_getek.c
	202	@@ -134,20 +134,9 @@ main (int argc, char *argv[])
	203	exp = out_public.publicArea.parameters.rsaDetail.exponent;
	204	BN_set_word(e, exp);
	205
	206	-#if OPENSSL_VERSION_NUMBER < 0x10100000
	207	- rsa->e = e;
	208	- rsa->n = n;
	209	- rsa->d = d;
	210	- rsa->p = p;
	211	- rsa->q = q;
	212	- rsa->dmp1 = dmp1;
	213	- rsa->dmq1 = dmq1;
	214	- rsa->iqmp = iqmp;
	215	-#else /* OPENSSL_VERSION_NUMBER < 0x10100000 */
	216	RSA_set0_key(rsa, n, e, d);
	217	RSA_set0_factors(rsa, p, q);
	218	RSA_set0_crt_params(rsa, dmp1, dmq1, iqmp);
	219	-#endif /* OPENSSL_VERSION_NUMBER < 0x10100000 */
	220
	221	EVP_PKEY_assign_RSA(evp, rsa);
	222
	223	diff --git a/test/helper/tpm_getek_ecc.c b/test/helper/tpm_getek_ecc.c
	224	index e7f3dec..e389f18 100644
	225	--- a/test/helper/tpm_getek_ecc.c
	226	+++ b/test/helper/tpm_getek_ecc.c
	227	@@ -128,14 +128,6 @@ main (int argc, char *argv[])
	228	/* Convert the key from out_public to PEM */
	229
	230	EVP_PKEY *evp = EVP_PKEY_new();
	231	-
	232	- OpenSSL_add_all_algorithms();
	233	-
	234	- OpenSSL_add_all_algorithms();
	235	-
	236	- ERR_load_crypto_strings();
	237	-
	238	-
	239	EC_KEY *ecc_key = EC_KEY_new();
	240	BIGNUM x = NULL, y = NULL;
	241	BIO *bio = BIO_new_fp(stdout, BIO_NOCLOSE);
	242	@@ -147,7 +139,6 @@ main (int argc, char *argv[])
	243	if (!EC_KEY_set_group(ecc_key, ecgroup))
	244	exit(1);
	245
	246	- EC_KEY_set_asn1_flag(ecc_key, OPENSSL_EC_NAMED_CURVE);
	247	EC_GROUP_free(ecgroup);
	248
	249	/* Set the ECC parameters in the OpenSSL key */
	250	--
	251	2.17.1
	252