[PATCH] tools: mkimage: don't use deprecated openssl funcs

Michal Vasilek michal.vasilek at nic.cz
Thu Jul 21 19:11:47 CEST 2022


RSA_get0_* functions are not available in LibreSSL and deprecated in
OpenSSL. This fixes build with LibreSSL and removes deprecation warnings
with OpenSSL 3

Signed-off-by: Michal Vasilek <michal.vasilek at nic.cz>
---
 tools/sunxi_toc0.c | 28 ++++++++++++++--------------
 1 file changed, 14 insertions(+), 14 deletions(-)

diff --git a/tools/sunxi_toc0.c b/tools/sunxi_toc0.c
index bab5d17b7d..a6c4b59010 100644
--- a/tools/sunxi_toc0.c
+++ b/tools/sunxi_toc0.c
@@ -207,8 +207,8 @@ static int toc0_create_key_item(uint8_t *buf, uint32_t *len,
 	int n_len, e_len;
 
 	/* Store key 0. */
-	n_len = BN_bn2bin(RSA_get0_n(root_key), key_item->key0);
-	e_len = BN_bn2bin(RSA_get0_e(root_key), key_item->key0 + n_len);
+	n_len = BN_bn2bin(root_key->n, key_item->key0);
+	e_len = BN_bn2bin(root_key->e, key_item->key0 + n_len);
 	if (n_len + e_len > sizeof(key_item->key0)) {
 		pr_err("Root key is too big for key item\n");
 		goto err;
@@ -217,8 +217,8 @@ static int toc0_create_key_item(uint8_t *buf, uint32_t *len,
 	key_item->key0_e_len = cpu_to_le32(e_len);
 
 	/* Store key 1. */
-	n_len = BN_bn2bin(RSA_get0_n(fw_key), key_item->key1);
-	e_len = BN_bn2bin(RSA_get0_e(fw_key), key_item->key1 + n_len);
+	n_len = BN_bn2bin(fw_key->n, key_item->key1);
+	e_len = BN_bn2bin(fw_key->e, key_item->key1 + n_len);
 	if (n_len + e_len > sizeof(key_item->key1)) {
 		pr_err("Firmware key is too big for key item\n");
 		goto err;
@@ -281,8 +281,8 @@ static int toc0_verify_key_item(const uint8_t *buf, uint32_t len,
 		goto err;
 
 	/* If a root key was provided, compare it to key 0. */
-	if (root_key && (BN_cmp(n, RSA_get0_n(root_key)) ||
-			 BN_cmp(e, RSA_get0_e(root_key)))) {
+	if (root_key && (BN_cmp(n, root_key->n) ||
+			 BN_cmp(e, root_key->e))) {
 		pr_err("Wrong root key in key item\n");
 		goto err;
 	}
@@ -313,8 +313,8 @@ static int toc0_verify_key_item(const uint8_t *buf, uint32_t len,
 
 		if (*fw_key) {
 			/* If a FW key was provided, compare it to key 1. */
-			if (BN_cmp(n, RSA_get0_n(*fw_key)) ||
-			    BN_cmp(e, RSA_get0_e(*fw_key))) {
+			if (BN_cmp(n, (*fw_key)->n) ||
+			    BN_cmp(e, (*fw_key)->e)) {
 				pr_err("Wrong firmware key in key item\n");
 				goto err;
 			}
@@ -361,8 +361,8 @@ static int toc0_create_cert_item(uint8_t *buf, uint32_t *len, RSA *fw_key,
 	 */
 	totalSequence = &cert_item->totalSequence;
 	publicKey = &totalSequence->mainSequence.subjectPublicKeyInfo.publicKey;
-	if (BN_bn2binpad(RSA_get0_n(fw_key), publicKey->n, sizeof(publicKey->n)) < 0 ||
-	    BN_bn2binpad(RSA_get0_e(fw_key), publicKey->e, sizeof(publicKey->e)) < 0) {
+	if (BN_bn2binpad(fw_key->n, publicKey->n, sizeof(publicKey->n)) < 0 ||
+	    BN_bn2binpad(fw_key->e, publicKey->e, sizeof(publicKey->e)) < 0) {
 		pr_err("Firmware key is too big for certificate\n");
 		goto err;
 	}
@@ -430,8 +430,8 @@ static int toc0_verify_cert_item(const uint8_t *buf, uint32_t len, RSA *fw_key,
 		goto err;
 
 	/* If a key was provided, compare it to the embedded key. */
-	if (fw_key && (BN_cmp(RSA_get0_n(key), RSA_get0_n(fw_key)) ||
-		       BN_cmp(RSA_get0_e(key), RSA_get0_e(fw_key)))) {
+	if (fw_key && (BN_cmp(key->n, fw_key->n) ||
+		       BN_cmp(key->e, fw_key->e))) {
 		pr_err("Wrong firmware key in certificate\n");
 		goto err;
 	}
@@ -830,7 +830,7 @@ static void toc0_set_header(void *buf, struct stat *sbuf, int ifd,
 	}
 
 	/* When using an existing key item, the root key is optional. */
-	if (!key_item && (!root_key || !RSA_get0_d(root_key))) {
+	if (!key_item && (!root_key || !root_key->d)) {
 		pr_err("Failed to read private key from '%s'\n",
 		       root_key_file);
 		pr_info("Try 'openssl genrsa -out root_key.pem'\n");
@@ -846,7 +846,7 @@ static void toc0_set_header(void *buf, struct stat *sbuf, int ifd,
 	}
 	if (!fw_key) {
 		/* If the root key is a private key, it can be used instead. */
-		if (root_key && RSA_get0_d(root_key)) {
+		if (root_key && root_key->d) {
 			pr_info("Using root key as firmware key\n");
 			fw_key = root_key;
 		} else {
-- 
2.37.1



More information about the U-Boot mailing list