From: Lucas Stach <l.stach@pengutronix.de>
To: barebox@lists.infradead.org
Subject: [PATCH] scripts: imx-image: fix build with OpenSSL 1.1.x
Date: Fri, 8 Jun 2018 13:07:47 +0200 [thread overview]
Message-ID: <20180608110747.23789-1-l.stach@pengutronix.de> (raw)
OpenSSL 1.1.x made some of the types opaque, so peeking inside directly
doesn't work anymore. Use the correct accessors instead.
I've dropped the algorithm check, as EVP_PKEY_get0_RSA() already verifies
that the pubkey is RSA and returns NULL if it isn't.
Signed-off-by: Lucas Stach <l.stach@pengutronix.de>
---
This is compile tested only, so I would appreciate some testing and/or
a close look at this change.
---
scripts/imx/imx-image.c | 40 ++++++++++++++++++++--------------------
1 file changed, 20 insertions(+), 20 deletions(-)
diff --git a/scripts/imx/imx-image.c b/scripts/imx/imx-image.c
index b241e8c4b68e..d50c755456c3 100644
--- a/scripts/imx/imx-image.c
+++ b/scripts/imx/imx-image.c
@@ -94,12 +94,23 @@ struct hab_rsa_public_key {
#include <openssl/pem.h>
#include <openssl/bio.h>
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+void RSA_get0_key(const RSA *r, const BIGNUM **n,
+ const BIGNUM **e, const BIGNUM **d)
+{
+ if (n != NULL)
+ *n = r->n;
+ if (e != NULL)
+ *e = r->e;
+ if (d != NULL)
+ *d = r->d;
+}
+#endif
+
static int extract_key(const char *certfile, uint8_t **modulus, int *modulus_len,
uint8_t **exponent, int *exponent_len)
{
- char buf[PUBKEY_ALGO_LEN];
- int pubkey_algonid;
- const char *sslbuf;
+ const BIGNUM *n, *e;
EVP_PKEY *pkey;
FILE *fp;
X509 *cert;
@@ -120,37 +131,26 @@ static int extract_key(const char *certfile, uint8_t **modulus, int *modulus_len
fclose(fp);
- pubkey_algonid = OBJ_obj2nid(cert->cert_info->key->algor->algorithm);
- if (pubkey_algonid == NID_undef) {
- fprintf(stderr, "unable to find specified public key algorithm name.\n");
- return -EINVAL;
- }
-
- if (pubkey_algonid != NID_rsaEncryption)
- return -EINVAL;
-
- sslbuf = OBJ_nid2ln(pubkey_algonid);
- strncpy(buf, sslbuf, PUBKEY_ALGO_LEN);
-
pkey = X509_get_pubkey(cert);
if (!pkey) {
fprintf(stderr, "unable to extract public key from certificate");
return -EINVAL;
}
- rsa_key = pkey->pkey.rsa;
+ rsa_key = EVP_PKEY_get0_RSA(pkey);
if (!rsa_key) {
fprintf(stderr, "unable to extract RSA public key");
return -EINVAL;
}
- *modulus_len = BN_num_bytes(rsa_key->n);
+ RSA_get0_key(rsa_key, &n, &e, NULL);
+ *modulus_len = BN_num_bytes(n);
*modulus = malloc(*modulus_len);
- BN_bn2bin(rsa_key->n, *modulus);
+ BN_bn2bin(n, *modulus);
- *exponent_len = BN_num_bytes(rsa_key->e);
+ *exponent_len = BN_num_bytes(e);
*exponent = malloc(*exponent_len);
- BN_bn2bin(rsa_key->e, *exponent);
+ BN_bn2bin(e, *exponent);
EVP_PKEY_free(pkey);
X509_free(cert);
--
2.17.1
_______________________________________________
barebox mailing list
barebox@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/barebox
next reply other threads:[~2018-06-08 11:08 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-06-08 11:07 Lucas Stach [this message]
2018-06-11 6:46 ` Sascha Hauer
2018-07-11 14:52 ` Lucas Stach
2018-07-13 6:20 ` Sascha Hauer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180608110747.23789-1-l.stach@pengutronix.de \
--to=l.stach@pengutronix.de \
--cc=barebox@lists.infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox