[PATCH] tools: mkimage: don't use deprecated openssl funcs
Michal Vasilek
michal.vasilek at nic.cz
Thu Jul 21 19:11:47 CEST 2022
RSA_get0_* functions are not available in LibreSSL and deprecated in
OpenSSL. This fixes build with LibreSSL and removes deprecation warnings
with OpenSSL 3
Signed-off-by: Michal Vasilek <michal.vasilek at nic.cz>
---
tools/sunxi_toc0.c | 28 ++++++++++++++--------------
1 file changed, 14 insertions(+), 14 deletions(-)
diff --git a/tools/sunxi_toc0.c b/tools/sunxi_toc0.c
index bab5d17b7d..a6c4b59010 100644
--- a/tools/sunxi_toc0.c
+++ b/tools/sunxi_toc0.c
@@ -207,8 +207,8 @@ static int toc0_create_key_item(uint8_t *buf, uint32_t *len,
int n_len, e_len;
/* Store key 0. */
- n_len = BN_bn2bin(RSA_get0_n(root_key), key_item->key0);
- e_len = BN_bn2bin(RSA_get0_e(root_key), key_item->key0 + n_len);
+ n_len = BN_bn2bin(root_key->n, key_item->key0);
+ e_len = BN_bn2bin(root_key->e, key_item->key0 + n_len);
if (n_len + e_len > sizeof(key_item->key0)) {
pr_err("Root key is too big for key item\n");
goto err;
@@ -217,8 +217,8 @@ static int toc0_create_key_item(uint8_t *buf, uint32_t *len,
key_item->key0_e_len = cpu_to_le32(e_len);
/* Store key 1. */
- n_len = BN_bn2bin(RSA_get0_n(fw_key), key_item->key1);
- e_len = BN_bn2bin(RSA_get0_e(fw_key), key_item->key1 + n_len);
+ n_len = BN_bn2bin(fw_key->n, key_item->key1);
+ e_len = BN_bn2bin(fw_key->e, key_item->key1 + n_len);
if (n_len + e_len > sizeof(key_item->key1)) {
pr_err("Firmware key is too big for key item\n");
goto err;
@@ -281,8 +281,8 @@ static int toc0_verify_key_item(const uint8_t *buf, uint32_t len,
goto err;
/* If a root key was provided, compare it to key 0. */
- if (root_key && (BN_cmp(n, RSA_get0_n(root_key)) ||
- BN_cmp(e, RSA_get0_e(root_key)))) {
+ if (root_key && (BN_cmp(n, root_key->n) ||
+ BN_cmp(e, root_key->e))) {
pr_err("Wrong root key in key item\n");
goto err;
}
@@ -313,8 +313,8 @@ static int toc0_verify_key_item(const uint8_t *buf, uint32_t len,
if (*fw_key) {
/* If a FW key was provided, compare it to key 1. */
- if (BN_cmp(n, RSA_get0_n(*fw_key)) ||
- BN_cmp(e, RSA_get0_e(*fw_key))) {
+ if (BN_cmp(n, (*fw_key)->n) ||
+ BN_cmp(e, (*fw_key)->e)) {
pr_err("Wrong firmware key in key item\n");
goto err;
}
@@ -361,8 +361,8 @@ static int toc0_create_cert_item(uint8_t *buf, uint32_t *len, RSA *fw_key,
*/
totalSequence = &cert_item->totalSequence;
publicKey = &totalSequence->mainSequence.subjectPublicKeyInfo.publicKey;
- if (BN_bn2binpad(RSA_get0_n(fw_key), publicKey->n, sizeof(publicKey->n)) < 0 ||
- BN_bn2binpad(RSA_get0_e(fw_key), publicKey->e, sizeof(publicKey->e)) < 0) {
+ if (BN_bn2binpad(fw_key->n, publicKey->n, sizeof(publicKey->n)) < 0 ||
+ BN_bn2binpad(fw_key->e, publicKey->e, sizeof(publicKey->e)) < 0) {
pr_err("Firmware key is too big for certificate\n");
goto err;
}
@@ -430,8 +430,8 @@ static int toc0_verify_cert_item(const uint8_t *buf, uint32_t len, RSA *fw_key,
goto err;
/* If a key was provided, compare it to the embedded key. */
- if (fw_key && (BN_cmp(RSA_get0_n(key), RSA_get0_n(fw_key)) ||
- BN_cmp(RSA_get0_e(key), RSA_get0_e(fw_key)))) {
+ if (fw_key && (BN_cmp(key->n, fw_key->n) ||
+ BN_cmp(key->e, fw_key->e))) {
pr_err("Wrong firmware key in certificate\n");
goto err;
}
@@ -830,7 +830,7 @@ static void toc0_set_header(void *buf, struct stat *sbuf, int ifd,
}
/* When using an existing key item, the root key is optional. */
- if (!key_item && (!root_key || !RSA_get0_d(root_key))) {
+ if (!key_item && (!root_key || !root_key->d)) {
pr_err("Failed to read private key from '%s'\n",
root_key_file);
pr_info("Try 'openssl genrsa -out root_key.pem'\n");
@@ -846,7 +846,7 @@ static void toc0_set_header(void *buf, struct stat *sbuf, int ifd,
}
if (!fw_key) {
/* If the root key is a private key, it can be used instead. */
- if (root_key && RSA_get0_d(root_key)) {
+ if (root_key && root_key->d) {
pr_info("Using root key as firmware key\n");
fw_key = root_key;
} else {
--
2.37.1
More information about the U-Boot
mailing list