[U-Boot] [PATCH v2 3/3] tools: kwbimage fix build with OpenSSL 1.1.x
Mario Six
mario.six at gdsys.cc
Wed Apr 5 09:34:11 UTC 2017
Hi Jelle,
On Tue, Apr 4, 2017 at 11:59 PM, Jelle van der Waa <jelle at vdwaa.nl> wrote:
> @@ -22,6 +22,25 @@
> #include <openssl/pem.h>
> #include <openssl/err.h>
> #include <openssl/evp.h>
> +
You also need
#include <openssl/bn.h>
here (in rsa-sign.c as well).
> +#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
> +void RSA_get0_key(const RSA *r,
> + const BIGNUM **n, const BIGNUM **e, const BIGNUM **d)
> +{
> + if (n != NULL)
> + *n = r->n;
> + if (e != NULL)
> + *e = r->e;
> + if (d != NULL)
> + *d = r->d;
> +}
This function, as well as the copy in rsa-sign.c, should both be static,
otherwise you get multiple definition errors during the compilation of
kwbimage.c.
> @@ -470,12 +489,16 @@ static int kwb_export_pubkey(RSA *key, struct pubkey_der_v1 *dst, FILE *hashf,
> char *keyname)
> {
> int size_exp, size_mod, size_seq;
> + const BIGNUM *key_e, *key_n;
> uint8_t *cur;
> char *errmsg = "Failed to encode %s\n";
>
> - if (!key || !key->e || !key->n || !dst) {
> + RSA_get0_key(key, NULL, &key_e, NULL);
> + RSA_get0_key(key, NULL, &key_n, NULL);
> +
> + if (!key || !key_e || !key_n || !dst) {
> fprintf(stderr, "export pk failed: (%p, %p, %p, %p)",
> - key, key->e, key->n, dst);
> + key, key_e, key_n, dst);
> fprintf(stderr, errmsg, keyname);
> return -EINVAL;
> }
This should be
RSA_get0_key(key, &key_n, &key_e, NULL);
Otherwise, you load both key_e and key_n with the value of e (and the export
consequently contains corrupted data!).
Also, more functions were deprecated than just these; you'll need to #ifdef
those out as well (I'll comment on the other patch shortly).
Best regards,
Mario
More information about the U-Boot
mailing list