[U-Boot] [PATCH V2] tools: mxsimage: Fix build with OpenSSL 1.1.x

Marek Vasut marex at denx.de
Mon Dec 19 15:27:50 CET 2016


The EVP_MD_CTX and EVP_CIPHER_CTX are made opaque since 1.1.x , so instead
of embedding them directly into struct sb_image_ctx and initializing them
using EVP_*_CTX_init(), we use pointers and allocate the crypto contexts
using EVP_*_CTX_new().

Signed-off-by: Marek Vasut <marex at denx.de>
Cc: Tom Rini <trini at konsulko.com>
---
V2: Fix build with older versions of OpenSSL than 1.1.0
---
 tools/mxsimage.c | 104 +++++++++++++++++++++++++++++++++++++------------------
 1 file changed, 70 insertions(+), 34 deletions(-)

diff --git a/tools/mxsimage.c b/tools/mxsimage.c
index 98fc644..32a7978 100644
--- a/tools/mxsimage.c
+++ b/tools/mxsimage.c
@@ -22,6 +22,36 @@
 #include "pbl_crc32.h"
 #include <image.h>
 
+/*
+ * OpenSSL 1.1.0 and newer compatibility functions:
+ * https://wiki.openssl.org/index.php/1.1_API_Changes
+ */
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+static void *OPENSSL_zalloc(size_t num)
+{
+	void *ret = OPENSSL_malloc(num);
+
+	if (ret != NULL)
+		memset(ret, 0, num);
+	return ret;
+}
+
+EVP_MD_CTX *EVP_MD_CTX_new(void)
+{
+	return OPENSSL_zalloc(sizeof(EVP_MD_CTX));
+}
+
+void EVP_MD_CTX_free(EVP_MD_CTX *ctx)
+{
+	EVP_MD_CTX_cleanup(ctx);
+	OPENSSL_free(ctx);
+}
+
+int EVP_CIPHER_CTX_reset(EVP_CIPHER_CTX *ctx)
+{
+	return EVP_CIPHER_CTX_cleanup(ctx);
+}
+#endif
 
 /*
  * DCD block
@@ -144,8 +174,8 @@ struct sb_image_ctx {
 	struct sb_dcd_ctx		*dcd_head;
 	struct sb_dcd_ctx		*dcd_tail;
 
-	EVP_CIPHER_CTX			cipher_ctx;
-	EVP_MD_CTX			md_ctx;
+	EVP_CIPHER_CTX			*cipher_ctx;
+	EVP_MD_CTX			*md_ctx;
 	uint8_t				digest[32];
 	struct sb_key_dictionary_key	sb_dict_key;
 
@@ -173,24 +203,26 @@ struct sb_image_ctx {
  */
 static int sb_aes_init(struct sb_image_ctx *ictx, uint8_t *iv, int enc)
 {
-	EVP_CIPHER_CTX *ctx = &ictx->cipher_ctx;
+	EVP_CIPHER_CTX *ctx;
 	int ret;
 
 	/* If there is no init vector, init vector is all zeroes. */
 	if (!iv)
 		iv = ictx->image_key;
 
-	EVP_CIPHER_CTX_init(ctx);
+	ctx = EVP_CIPHER_CTX_new();
 	ret = EVP_CipherInit(ctx, EVP_aes_128_cbc(), ictx->image_key, iv, enc);
-	if (ret == 1)
+	if (ret == 1) {
 		EVP_CIPHER_CTX_set_padding(ctx, 0);
+		ictx->cipher_ctx = ctx;
+	}
 	return ret;
 }
 
 static int sb_aes_crypt(struct sb_image_ctx *ictx, uint8_t *in_data,
 			uint8_t *out_data, int in_len)
 {
-	EVP_CIPHER_CTX *ctx = &ictx->cipher_ctx;
+	EVP_CIPHER_CTX *ctx = ictx->cipher_ctx;
 	int ret, outlen;
 	uint8_t *outbuf;
 
@@ -215,13 +247,13 @@ err:
 
 static int sb_aes_deinit(EVP_CIPHER_CTX *ctx)
 {
-	return EVP_CIPHER_CTX_cleanup(ctx);
+	return EVP_CIPHER_CTX_reset(ctx);
 }
 
 static int sb_aes_reinit(struct sb_image_ctx *ictx, int enc)
 {
 	int ret;
-	EVP_CIPHER_CTX *ctx = &ictx->cipher_ctx;
+	EVP_CIPHER_CTX *ctx = ictx->cipher_ctx;
 	struct sb_boot_image_header *sb_header = &ictx->payload;
 	uint8_t *iv = sb_header->iv;
 
@@ -276,7 +308,7 @@ static int sb_get_time(time_t time, struct tm *tm)
 
 static void sb_encrypt_sb_header(struct sb_image_ctx *ictx)
 {
-	EVP_MD_CTX *md_ctx = &ictx->md_ctx;
+	EVP_MD_CTX *md_ctx = ictx->md_ctx;
 	struct sb_boot_image_header *sb_header = &ictx->payload;
 	uint8_t *sb_header_ptr = (uint8_t *)sb_header;
 
@@ -287,7 +319,7 @@ static void sb_encrypt_sb_header(struct sb_image_ctx *ictx)
 
 static void sb_encrypt_sb_sections_header(struct sb_image_ctx *ictx)
 {
-	EVP_MD_CTX *md_ctx = &ictx->md_ctx;
+	EVP_MD_CTX *md_ctx = ictx->md_ctx;
 	struct sb_section_ctx *sctx = ictx->sect_head;
 	struct sb_sections_header *shdr;
 	uint8_t *sb_sections_header_ptr;
@@ -307,7 +339,7 @@ static void sb_encrypt_sb_sections_header(struct sb_image_ctx *ictx)
 
 static void sb_encrypt_key_dictionary_key(struct sb_image_ctx *ictx)
 {
-	EVP_MD_CTX *md_ctx = &ictx->md_ctx;
+	EVP_MD_CTX *md_ctx = ictx->md_ctx;
 
 	sb_aes_crypt(ictx, ictx->image_key, ictx->sb_dict_key.key,
 		     sizeof(ictx->sb_dict_key.key));
@@ -316,7 +348,7 @@ static void sb_encrypt_key_dictionary_key(struct sb_image_ctx *ictx)
 
 static void sb_decrypt_key_dictionary_key(struct sb_image_ctx *ictx)
 {
-	EVP_MD_CTX *md_ctx = &ictx->md_ctx;
+	EVP_MD_CTX *md_ctx = ictx->md_ctx;
 
 	EVP_DigestUpdate(md_ctx, &ictx->sb_dict_key, sizeof(ictx->sb_dict_key));
 	sb_aes_crypt(ictx, ictx->sb_dict_key.key, ictx->image_key,
@@ -326,7 +358,7 @@ static void sb_decrypt_key_dictionary_key(struct sb_image_ctx *ictx)
 static void sb_encrypt_tag(struct sb_image_ctx *ictx,
 		struct sb_cmd_ctx *cctx)
 {
-	EVP_MD_CTX *md_ctx = &ictx->md_ctx;
+	EVP_MD_CTX *md_ctx = ictx->md_ctx;
 	struct sb_command *cmd = &cctx->payload;
 
 	sb_aes_crypt(ictx, (uint8_t *)cmd,
@@ -337,8 +369,8 @@ static void sb_encrypt_tag(struct sb_image_ctx *ictx,
 static int sb_encrypt_image(struct sb_image_ctx *ictx)
 {
 	/* Start image-wide crypto. */
-	EVP_MD_CTX_init(&ictx->md_ctx);
-	EVP_DigestInit(&ictx->md_ctx, EVP_sha1());
+	ictx->md_ctx = EVP_MD_CTX_new();
+	EVP_DigestInit(ictx->md_ctx, EVP_sha1());
 
 	/*
 	 * SB image header.
@@ -379,7 +411,7 @@ static int sb_encrypt_image(struct sb_image_ctx *ictx)
 			} else if (ccmd->header.tag == ROM_LOAD_CMD) {
 				sb_aes_crypt(ictx, cctx->data, cctx->data,
 					     cctx->length);
-				EVP_DigestUpdate(&ictx->md_ctx, cctx->data,
+				EVP_DigestUpdate(ictx->md_ctx, cctx->data,
 						 cctx->length);
 			}
 
@@ -394,11 +426,12 @@ static int sb_encrypt_image(struct sb_image_ctx *ictx)
 	 */
 	sb_aes_reinit(ictx, 1);
 
-	EVP_DigestFinal(&ictx->md_ctx, ictx->digest, NULL);
+	EVP_DigestFinal(ictx->md_ctx, ictx->digest, NULL);
+	EVP_MD_CTX_free(ictx->md_ctx);
 	sb_aes_crypt(ictx, ictx->digest, ictx->digest, sizeof(ictx->digest));
 
 	/* Stop the encryption session. */
-	sb_aes_deinit(&ictx->cipher_ctx);
+	sb_aes_deinit(ictx->cipher_ctx);
 
 	return 0;
 }
@@ -1322,7 +1355,7 @@ static int sb_postfill_image_header(struct sb_image_ctx *ictx)
 	struct sb_boot_image_header *hdr = &ictx->payload;
 	struct sb_section_ctx *sctx = ictx->sect_head;
 	uint32_t kd_size, sections_blocks;
-	EVP_MD_CTX md_ctx;
+	EVP_MD_CTX *md_ctx;
 
 	/* The main SB header size in blocks. */
 	hdr->image_blocks = hdr->header_blocks;
@@ -1359,13 +1392,14 @@ static int sb_postfill_image_header(struct sb_image_ctx *ictx)
 		hdr->key_dictionary_block + kd_size / SB_BLOCK_SIZE;
 
 	/* Compute header digest. */
-	EVP_MD_CTX_init(&md_ctx);
+	md_ctx = EVP_MD_CTX_new();
 
-	EVP_DigestInit(&md_ctx, EVP_sha1());
-	EVP_DigestUpdate(&md_ctx, hdr->signature1,
+	EVP_DigestInit(md_ctx, EVP_sha1());
+	EVP_DigestUpdate(md_ctx, hdr->signature1,
 			 sizeof(struct sb_boot_image_header) -
 			 sizeof(hdr->digest));
-	EVP_DigestFinal(&md_ctx, hdr->digest, NULL);
+	EVP_DigestFinal(md_ctx, hdr->digest, NULL);
+	EVP_MD_CTX_free(md_ctx);
 
 	return 0;
 }
@@ -1621,12 +1655,12 @@ static int sb_verify_image_header(struct sb_image_ctx *ictx,
 	struct tm tm;
 	int sz, ret = 0;
 	unsigned char digest[20];
-	EVP_MD_CTX md_ctx;
+	EVP_MD_CTX *md_ctx;
 	unsigned long size;
 
 	/* Start image-wide crypto. */
-	EVP_MD_CTX_init(&ictx->md_ctx);
-	EVP_DigestInit(&ictx->md_ctx, EVP_sha1());
+	ictx->md_ctx = EVP_MD_CTX_new();
+	EVP_DigestInit(ictx->md_ctx, EVP_sha1());
 
 	soprintf(ictx, "---------- Verifying SB Image Header ----------\n");
 
@@ -1637,12 +1671,13 @@ static int sb_verify_image_header(struct sb_image_ctx *ictx,
 	}
 
 	/* Compute header digest. */
-	EVP_MD_CTX_init(&md_ctx);
-	EVP_DigestInit(&md_ctx, EVP_sha1());
-	EVP_DigestUpdate(&md_ctx, hdr->signature1,
+	md_ctx = EVP_MD_CTX_new();
+	EVP_DigestInit(md_ctx, EVP_sha1());
+	EVP_DigestUpdate(md_ctx, hdr->signature1,
 			 sizeof(struct sb_boot_image_header) -
 			 sizeof(hdr->digest));
-	EVP_DigestFinal(&md_ctx, digest, NULL);
+	EVP_DigestFinal(md_ctx, digest, NULL);
+	EVP_MD_CTX_free(md_ctx);
 
 	sb_aes_init(ictx, NULL, 1);
 	sb_encrypt_sb_header(ictx);
@@ -1761,7 +1796,7 @@ static int sb_verify_image_header(struct sb_image_ctx *ictx,
 static void sb_decrypt_tag(struct sb_image_ctx *ictx,
 		struct sb_cmd_ctx *cctx)
 {
-	EVP_MD_CTX *md_ctx = &ictx->md_ctx;
+	EVP_MD_CTX *md_ctx = ictx->md_ctx;
 	struct sb_command *cmd = &cctx->payload;
 
 	sb_aes_crypt(ictx, (uint8_t *)&cctx->c_payload,
@@ -1818,7 +1853,7 @@ static int sb_verify_command(struct sb_image_ctx *ictx,
 
 		*tsize += size;
 
-		EVP_DigestUpdate(&ictx->md_ctx, cctx->data, asize);
+		EVP_DigestUpdate(ictx->md_ctx, cctx->data, asize);
 		sb_aes_crypt(ictx, cctx->data, cctx->data, asize);
 
 		if (ccmd->load.crc32 != pbl_crc32(0,
@@ -2007,7 +2042,8 @@ static int sb_verify_image_end(struct sb_image_ctx *ictx,
 	}
 
 	/* Check the image digest. */
-	EVP_DigestFinal(&ictx->md_ctx, ictx->digest, NULL);
+	EVP_DigestFinal(ictx->md_ctx, ictx->digest, NULL);
+	EVP_MD_CTX_free(ictx->md_ctx);
 
 	/* Decrypt the image digest from the input image. */
 	sb_aes_reinit(ictx, 0);
@@ -2083,7 +2119,7 @@ err_verify:
 	soprintf(ictx, "Verification %s\n", ret ? "FAILED" : "PASSED");
 
 	/* Stop the encryption session. */
-	sb_aes_deinit(&ictx->cipher_ctx);
+	sb_aes_deinit(ictx->cipher_ctx);
 
 	fclose(fp);
 	return ret;
-- 
2.10.2



More information about the U-Boot mailing list