[U-Boot] [PATCH v2 3/3] tools: kwbimage fix build with OpenSSL 1.1.x

Mario Six mario.six at gdsys.cc
Wed Apr 5 09:34:11 UTC 2017


Hi Jelle,

On Tue, Apr 4, 2017 at 11:59 PM, Jelle van der Waa <jelle at vdwaa.nl> wrote:
> @@ -22,6 +22,25 @@
>  #include <openssl/pem.h>
>  #include <openssl/err.h>
>  #include <openssl/evp.h>
> +

You also need

#include <openssl/bn.h>

here (in rsa-sign.c as well).

> +#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
> +void RSA_get0_key(const RSA *r,
> +                 const BIGNUM **n, const BIGNUM **e, const BIGNUM **d)
> +{
> +   if (n != NULL)
> +       *n = r->n;
> +   if (e != NULL)
> +       *e = r->e;
> +   if (d != NULL)
> +       *d = r->d;
> +}

This function, as well as the copy in rsa-sign.c, should both be static,
otherwise you get multiple definition errors during the compilation of
kwbimage.c.

> @@ -470,12 +489,16 @@ static int kwb_export_pubkey(RSA *key, struct pubkey_der_v1 *dst, FILE *hashf,
>                              char *keyname)
>  {
>         int size_exp, size_mod, size_seq;
> +       const BIGNUM *key_e, *key_n;
>         uint8_t *cur;
>         char *errmsg = "Failed to encode %s\n";
>
> -       if (!key || !key->e || !key->n || !dst) {
> +       RSA_get0_key(key, NULL, &key_e, NULL);
> +       RSA_get0_key(key, NULL, &key_n, NULL);
> +
> +       if (!key || !key_e || !key_n || !dst) {
>                 fprintf(stderr, "export pk failed: (%p, %p, %p, %p)",
> -                       key, key->e, key->n, dst);
> +                       key, key_e, key_n, dst);
>                 fprintf(stderr, errmsg, keyname);
>                 return -EINVAL;
>         }

This should be

RSA_get0_key(key, &key_n, &key_e, NULL);

Otherwise, you load both key_e and key_n with the value of e (and the export
consequently contains corrupted data!).

Also, more functions were deprecated than just these; you'll need to #ifdef
those out as well (I'll comment on the other patch shortly).

Best regards,

Mario


More information about the U-Boot mailing list