* [PATCH] tools: mkimage: don't use deprecated openssl funcs
@ 2022-07-21 17:11 Michal Vasilek
2022-07-22 8:59 ` Simon Glass
2022-08-04 18:06 ` [PATCH] tools: mkimage: don't use deprecated openssl funcs Tom Rini
0 siblings, 2 replies; 8+ messages in thread
From: Michal Vasilek @ 2022-07-21 17:11 UTC (permalink / raw)
To: u-boot; +Cc: Michal Vasilek
RSA_get0_* functions are not available in LibreSSL and deprecated in
OpenSSL. This fixes build with LibreSSL and removes deprecation warnings
with OpenSSL 3
Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
---
tools/sunxi_toc0.c | 28 ++++++++++++++--------------
1 file changed, 14 insertions(+), 14 deletions(-)
diff --git a/tools/sunxi_toc0.c b/tools/sunxi_toc0.c
index bab5d17b7d..a6c4b59010 100644
--- a/tools/sunxi_toc0.c
+++ b/tools/sunxi_toc0.c
@@ -207,8 +207,8 @@ static int toc0_create_key_item(uint8_t *buf, uint32_t *len,
int n_len, e_len;
/* Store key 0. */
- n_len = BN_bn2bin(RSA_get0_n(root_key), key_item->key0);
- e_len = BN_bn2bin(RSA_get0_e(root_key), key_item->key0 + n_len);
+ n_len = BN_bn2bin(root_key->n, key_item->key0);
+ e_len = BN_bn2bin(root_key->e, key_item->key0 + n_len);
if (n_len + e_len > sizeof(key_item->key0)) {
pr_err("Root key is too big for key item\n");
goto err;
@@ -217,8 +217,8 @@ static int toc0_create_key_item(uint8_t *buf, uint32_t *len,
key_item->key0_e_len = cpu_to_le32(e_len);
/* Store key 1. */
- n_len = BN_bn2bin(RSA_get0_n(fw_key), key_item->key1);
- e_len = BN_bn2bin(RSA_get0_e(fw_key), key_item->key1 + n_len);
+ n_len = BN_bn2bin(fw_key->n, key_item->key1);
+ e_len = BN_bn2bin(fw_key->e, key_item->key1 + n_len);
if (n_len + e_len > sizeof(key_item->key1)) {
pr_err("Firmware key is too big for key item\n");
goto err;
@@ -281,8 +281,8 @@ static int toc0_verify_key_item(const uint8_t *buf, uint32_t len,
goto err;
/* If a root key was provided, compare it to key 0. */
- if (root_key && (BN_cmp(n, RSA_get0_n(root_key)) ||
- BN_cmp(e, RSA_get0_e(root_key)))) {
+ if (root_key && (BN_cmp(n, root_key->n) ||
+ BN_cmp(e, root_key->e))) {
pr_err("Wrong root key in key item\n");
goto err;
}
@@ -313,8 +313,8 @@ static int toc0_verify_key_item(const uint8_t *buf, uint32_t len,
if (*fw_key) {
/* If a FW key was provided, compare it to key 1. */
- if (BN_cmp(n, RSA_get0_n(*fw_key)) ||
- BN_cmp(e, RSA_get0_e(*fw_key))) {
+ if (BN_cmp(n, (*fw_key)->n) ||
+ BN_cmp(e, (*fw_key)->e)) {
pr_err("Wrong firmware key in key item\n");
goto err;
}
@@ -361,8 +361,8 @@ static int toc0_create_cert_item(uint8_t *buf, uint32_t *len, RSA *fw_key,
*/
totalSequence = &cert_item->totalSequence;
publicKey = &totalSequence->mainSequence.subjectPublicKeyInfo.publicKey;
- if (BN_bn2binpad(RSA_get0_n(fw_key), publicKey->n, sizeof(publicKey->n)) < 0 ||
- BN_bn2binpad(RSA_get0_e(fw_key), publicKey->e, sizeof(publicKey->e)) < 0) {
+ if (BN_bn2binpad(fw_key->n, publicKey->n, sizeof(publicKey->n)) < 0 ||
+ BN_bn2binpad(fw_key->e, publicKey->e, sizeof(publicKey->e)) < 0) {
pr_err("Firmware key is too big for certificate\n");
goto err;
}
@@ -430,8 +430,8 @@ static int toc0_verify_cert_item(const uint8_t *buf, uint32_t len, RSA *fw_key,
goto err;
/* If a key was provided, compare it to the embedded key. */
- if (fw_key && (BN_cmp(RSA_get0_n(key), RSA_get0_n(fw_key)) ||
- BN_cmp(RSA_get0_e(key), RSA_get0_e(fw_key)))) {
+ if (fw_key && (BN_cmp(key->n, fw_key->n) ||
+ BN_cmp(key->e, fw_key->e))) {
pr_err("Wrong firmware key in certificate\n");
goto err;
}
@@ -830,7 +830,7 @@ static void toc0_set_header(void *buf, struct stat *sbuf, int ifd,
}
/* When using an existing key item, the root key is optional. */
- if (!key_item && (!root_key || !RSA_get0_d(root_key))) {
+ if (!key_item && (!root_key || !root_key->d)) {
pr_err("Failed to read private key from '%s'\n",
root_key_file);
pr_info("Try 'openssl genrsa -out root_key.pem'\n");
@@ -846,7 +846,7 @@ static void toc0_set_header(void *buf, struct stat *sbuf, int ifd,
}
if (!fw_key) {
/* If the root key is a private key, it can be used instead. */
- if (root_key && RSA_get0_d(root_key)) {
+ if (root_key && root_key->d) {
pr_info("Using root key as firmware key\n");
fw_key = root_key;
} else {
--
2.37.1
^ permalink raw reply related [flat|nested] 8+ messages in thread
* Re: [PATCH] tools: mkimage: don't use deprecated openssl funcs
2022-07-21 17:11 [PATCH] tools: mkimage: don't use deprecated openssl funcs Michal Vasilek
@ 2022-07-22 8:59 ` Simon Glass
2022-07-22 17:55 ` [PATCH v2] tools: mkimage: fix build with LibreSSL Michal Vasilek
2022-08-04 18:06 ` [PATCH] tools: mkimage: don't use deprecated openssl funcs Tom Rini
1 sibling, 1 reply; 8+ messages in thread
From: Simon Glass @ 2022-07-22 8:59 UTC (permalink / raw)
To: Michal Vasilek; +Cc: U-Boot Mailing List
Hi Michal,
On Thu, 21 Jul 2022 at 11:14, Michal Vasilek <michal.vasilek@nic.cz> wrote:
>
> RSA_get0_* functions are not available in LibreSSL and deprecated in
> OpenSSL. This fixes build with LibreSSL and removes deprecation warnings
> with OpenSSL 3
>
> Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
> ---
> tools/sunxi_toc0.c | 28 ++++++++++++++--------------
> 1 file changed, 14 insertions(+), 14 deletions(-)
Reviewed-by: Simon Glass <sjg@chromium.org>
It looks like this should be backwards compatible to older versions, also?
Regards,
Simon
^ permalink raw reply [flat|nested] 8+ messages in thread
* [PATCH v2] tools: mkimage: fix build with LibreSSL
2022-07-22 8:59 ` Simon Glass
@ 2022-07-22 17:55 ` Michal Vasilek
2022-07-22 17:55 ` [PATCH] " Michal Vasilek
0 siblings, 1 reply; 8+ messages in thread
From: Michal Vasilek @ 2022-07-22 17:55 UTC (permalink / raw)
To: Simon Glass; +Cc: U-Boot Mailing List
Actually it was using a struct that is private in OpenSSL 1.1.1, I
replaced the patch with macros defining the missing functions on
LibreSSL.
Thanks
Michal
^ permalink raw reply [flat|nested] 8+ messages in thread
* [PATCH] tools: mkimage: fix build with LibreSSL
2022-07-22 17:55 ` [PATCH v2] tools: mkimage: fix build with LibreSSL Michal Vasilek
@ 2022-07-22 17:55 ` Michal Vasilek
2022-07-23 16:42 ` Simon Glass
` (2 more replies)
0 siblings, 3 replies; 8+ messages in thread
From: Michal Vasilek @ 2022-07-22 17:55 UTC (permalink / raw)
To: Simon Glass; +Cc: U-Boot Mailing List, Michal Vasilek
RSA_get0_* functions are not available in LibreSSL
Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
---
tools/sunxi_toc0.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/tools/sunxi_toc0.c b/tools/sunxi_toc0.c
index bab5d17b7d..56200bd927 100644
--- a/tools/sunxi_toc0.c
+++ b/tools/sunxi_toc0.c
@@ -34,6 +34,12 @@
#define pr_warn(fmt, args...) fprintf(stderr, pr_fmt(fmt), "warning", ##args)
#define pr_info(fmt, args...) fprintf(stderr, pr_fmt(fmt), "info", ##args)
+#if defined(LIBRESSL_VERSION_NUMBER)
+#define RSA_get0_n(key) (key)->n
+#define RSA_get0_e(key) (key)->e
+#define RSA_get0_d(key) (key)->d
+#endif
+
struct __packed toc0_key_item {
__le32 vendor_id;
__le32 key0_n_len;
--
2.37.1
^ permalink raw reply related [flat|nested] 8+ messages in thread
* Re: [PATCH] tools: mkimage: fix build with LibreSSL
2022-07-22 17:55 ` [PATCH] " Michal Vasilek
@ 2022-07-23 16:42 ` Simon Glass
2022-07-25 14:27 ` Jonathan Gray
2022-08-04 20:53 ` Tom Rini
2 siblings, 0 replies; 8+ messages in thread
From: Simon Glass @ 2022-07-23 16:42 UTC (permalink / raw)
To: Michal Vasilek; +Cc: U-Boot Mailing List
On Fri, 22 Jul 2022 at 11:56, Michal Vasilek <michal.vasilek@nic.cz> wrote:
>
> RSA_get0_* functions are not available in LibreSSL
>
> Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
> ---
> tools/sunxi_toc0.c | 6 ++++++
> 1 file changed, 6 insertions(+)
>
Reviewed-by: Simon Glass <sjg@chromium.org>
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH] tools: mkimage: fix build with LibreSSL
2022-07-22 17:55 ` [PATCH] " Michal Vasilek
2022-07-23 16:42 ` Simon Glass
@ 2022-07-25 14:27 ` Jonathan Gray
2022-08-04 20:53 ` Tom Rini
2 siblings, 0 replies; 8+ messages in thread
From: Jonathan Gray @ 2022-07-25 14:27 UTC (permalink / raw)
To: Michal Vasilek; +Cc: Simon Glass, U-Boot Mailing List
On Fri, Jul 22, 2022 at 07:55:53PM +0200, Michal Vasilek wrote:
> RSA_get0_* functions are not available in LibreSSL
added in January
----------------------------
revision 1.41
date: 2022/01/05 20:44:12; author: tb; state: Exp; lines: +55 -1; commitid: b1ATkp4OhzL5p4XV;
Prepare to provide a number of RSA accessors
This adds RSA_get0_{n,e,d,p,q,dmp1,dmq1,iqmp,pss_params}() which will
be exposed in the upcoming bump.
ok inoguchi jsing
----------------------------
seems to be >= 3.5.0 for the portable releases
https://marc.info/?l=libressl&m=164572407401570&w=2
>
> Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
> ---
> tools/sunxi_toc0.c | 6 ++++++
> 1 file changed, 6 insertions(+)
>
> diff --git a/tools/sunxi_toc0.c b/tools/sunxi_toc0.c
> index bab5d17b7d..56200bd927 100644
> --- a/tools/sunxi_toc0.c
> +++ b/tools/sunxi_toc0.c
> @@ -34,6 +34,12 @@
> #define pr_warn(fmt, args...) fprintf(stderr, pr_fmt(fmt), "warning", ##args)
> #define pr_info(fmt, args...) fprintf(stderr, pr_fmt(fmt), "info", ##args)
>
> +#if defined(LIBRESSL_VERSION_NUMBER)
> +#define RSA_get0_n(key) (key)->n
> +#define RSA_get0_e(key) (key)->e
> +#define RSA_get0_d(key) (key)->d
> +#endif
> +
> struct __packed toc0_key_item {
> __le32 vendor_id;
> __le32 key0_n_len;
> --
> 2.37.1
>
>
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH] tools: mkimage: don't use deprecated openssl funcs
2022-07-21 17:11 [PATCH] tools: mkimage: don't use deprecated openssl funcs Michal Vasilek
2022-07-22 8:59 ` Simon Glass
@ 2022-08-04 18:06 ` Tom Rini
1 sibling, 0 replies; 8+ messages in thread
From: Tom Rini @ 2022-08-04 18:06 UTC (permalink / raw)
To: Michal Vasilek; +Cc: u-boot
[-- Attachment #1: Type: text/plain, Size: 442 bytes --]
On Thu, Jul 21, 2022 at 07:11:47PM +0200, Michal Vasilek wrote:
> RSA_get0_* functions are not available in LibreSSL and deprecated in
> OpenSSL. This fixes build with LibreSSL and removes deprecation warnings
> with OpenSSL 3
>
> Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
> Reviewed-by: Simon Glass <sjg@chromium.org>
This breaks CI for all platforms:
https://source.denx.de/u-boot/u-boot/-/jobs/478198
--
Tom
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 659 bytes --]
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH] tools: mkimage: fix build with LibreSSL
2022-07-22 17:55 ` [PATCH] " Michal Vasilek
2022-07-23 16:42 ` Simon Glass
2022-07-25 14:27 ` Jonathan Gray
@ 2022-08-04 20:53 ` Tom Rini
2 siblings, 0 replies; 8+ messages in thread
From: Tom Rini @ 2022-08-04 20:53 UTC (permalink / raw)
To: Michal Vasilek; +Cc: Simon Glass, U-Boot Mailing List
[-- Attachment #1: Type: text/plain, Size: 278 bytes --]
On Fri, Jul 22, 2022 at 07:55:53PM +0200, Michal Vasilek wrote:
> RSA_get0_* functions are not available in LibreSSL
>
> Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
> Reviewed-by: Simon Glass <sjg@chromium.org>
Applied to u-boot/master, thanks!
--
Tom
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 659 bytes --]
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2022-08-04 20:54 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-07-21 17:11 [PATCH] tools: mkimage: don't use deprecated openssl funcs Michal Vasilek
2022-07-22 8:59 ` Simon Glass
2022-07-22 17:55 ` [PATCH v2] tools: mkimage: fix build with LibreSSL Michal Vasilek
2022-07-22 17:55 ` [PATCH] " Michal Vasilek
2022-07-23 16:42 ` Simon Glass
2022-07-25 14:27 ` Jonathan Gray
2022-08-04 20:53 ` Tom Rini
2022-08-04 18:06 ` [PATCH] tools: mkimage: don't use deprecated openssl funcs Tom Rini
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.