From: Mario Six <mario.six@gdsys.cc>
To: u-boot@lists.denx.de
Subject: [U-Boot] [PATCH v2 1/3] rsa: Fix build with OpenSSL 1.1.x
Date: Wed, 5 Apr 2017 11:49:32 +0200 [thread overview]
Message-ID: <CAN1kZoriv=MTGkbSRp3F9tZb2fUswVggQCSwdiQKoz3QMr5Kjw@mail.gmail.com> (raw)
In-Reply-To: <20170404215950.6588-1-jelle@vdwaa.nl>
Hi Jelle,
On Tue, Apr 4, 2017 at 11:59 PM, Jelle van der Waa <jelle@vdwaa.nl> wrote:
> @@ -20,6 +20,19 @@
> #define HAVE_ERR_REMOVE_THREAD_STATE
> #endif
>
> +#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
> +void RSA_get0_key(const RSA *r,
> + const BIGNUM **n, const BIGNUM **e, const BIGNUM **d)
> +{
> + if (n != NULL)
> + *n = r->n;
> + if (e != NULL)
> + *e = r->e;
> + if (d != NULL)
> + *d = r->d;
> +}
> +#endif
> +
Like in the other patch, this function should be static (also, missing #include
<openssl/bn.h> in this file as well).
> @@ -548,7 +568,8 @@ int rsa_get_params(RSA *key, uint64_t *exponent, uint32_t *n0_invp,
> if (0 != rsa_get_exponent(key, exponent))
> ret = -1;
>
> - if (!BN_copy(n, key->n) || !BN_set_word(big1, 1L) ||
> + RSA_get0_key(key, NULL, &key_n, NULL);
> + if (!BN_copy(n, key_n) || !BN_set_word(big1, 1L) ||
> !BN_set_word(big2, 2L) || !BN_set_word(big32, 32L))
> ret = -1;
>
Your're loading the parameter e into key_n here! It should be
RSA_get0_key(key, &key_n, NULL, NULL);
instead.
Like I said in the previous patch, you will have to #ifdef out more functions
in this file:
* SSL_load_error_strings
* OpenSSL_add_all_algorithms
* OpenSSL_add_all_digests
* OpenSSL_add_all_ciphers
* ENGINE_cleanup
* CRYPTO_cleanup_all_ex_data
* ERR_free_strings();
* EVP_cleanup
And you'll also have to replace SSL_library_init() with
OPENSSL_init_ssl(0, NULL).
After making all these changes, I was able to build a working U-Boot (for our
controlcenterdc board) against OpenSSL 1.1 that loaded a signed FIT-Image that
a previous U-Boot also loaded.
Best regards,
Mario
next prev parent reply other threads:[~2017-04-05 9:49 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-04-04 21:59 [U-Boot] [PATCH v2 1/3] rsa: Fix build with OpenSSL 1.1.x Jelle van der Waa
2017-04-04 21:59 ` [U-Boot] [PATCH v2 2/3] rsa: Fix deprecated warnings for " Jelle van der Waa
2017-04-04 21:59 ` [U-Boot] [PATCH v2 3/3] tools: kwbimage fix build with " Jelle van der Waa
2017-04-05 9:34 ` Mario Six
2017-04-05 9:49 ` Mario Six [this message]
2017-04-18 16:58 ` [U-Boot] [PATCH v2 1/3] rsa: Fix " Peter Robinson
2017-04-19 14:27 ` Tom Rini
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAN1kZoriv=MTGkbSRp3F9tZb2fUswVggQCSwdiQKoz3QMr5Kjw@mail.gmail.com' \
--to=mario.six@gdsys.cc \
--cc=u-boot@lists.denx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.