* [U-Boot] [PATCH 1/2] rsa: Fix build with OpenSSL 1.1.x
@ 2017-02-13 9:00 Jelle van der Waa
2017-02-13 9:00 ` [U-Boot] [PATCH 2/2] rsa: Fix deprecated warnings for " Jelle van der Waa
` (2 more replies)
0 siblings, 3 replies; 7+ messages in thread
From: Jelle van der Waa @ 2017-02-13 9:00 UTC (permalink / raw)
To: u-boot
The rsa_st struct has been made opaque in 1.1.x, add forward compatible
code to access the n, e, d members of rsa_struct.
EVP_MD_CTX_cleanup has been removed in 1.1.x and EVP_MD_CTX_reset should be
called to reinitialise an already created structure.
---
lib/rsa/rsa-sign.c | 33 +++++++++++++++++++++++++++------
1 file changed, 27 insertions(+), 6 deletions(-)
diff --git a/lib/rsa/rsa-sign.c b/lib/rsa/rsa-sign.c
index 8c6637e328..965fb00f95 100644
--- a/lib/rsa/rsa-sign.c
+++ b/lib/rsa/rsa-sign.c
@@ -20,6 +20,19 @@
#define HAVE_ERR_REMOVE_THREAD_STATE
#endif
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+void RSA_get0_key(const RSA *r,
+ const BIGNUM **n, const BIGNUM **e, const BIGNUM **d)
+{
+ if (n != NULL)
+ *n = r->n;
+ if (e != NULL)
+ *e = r->e;
+ if (d != NULL)
+ *d = r->d;
+}
+#endif
+
static int rsa_err(const char *msg)
{
unsigned long sslErr = ERR_get_error();
@@ -409,7 +422,11 @@ static int rsa_sign_with_key(RSA *rsa, struct checksum_algo *checksum_algo,
ret = rsa_err("Could not obtain signature");
goto err_sign;
}
- EVP_MD_CTX_cleanup(context);
+ #if OPENSSL_VERSION_NUMBER < 0x10100000L
+ EVP_MD_CTX_cleanup(context);
+ #else
+ EVP_MD_CTX_reset(context);
+ #endif
EVP_MD_CTX_destroy(context);
EVP_PKEY_free(key);
@@ -479,6 +496,7 @@ static int rsa_get_exponent(RSA *key, uint64_t *e)
{
int ret;
BIGNUM *bn_te;
+ const BIGNUM *key_e;
uint64_t te;
ret = -EINVAL;
@@ -487,17 +505,18 @@ static int rsa_get_exponent(RSA *key, uint64_t *e)
if (!e)
goto cleanup;
- if (BN_num_bits(key->e) > 64)
+ RSA_get0_key(key, NULL, &key_e, NULL);
+ if (BN_num_bits(key_e) > 64)
goto cleanup;
- *e = BN_get_word(key->e);
+ *e = BN_get_word(key_e);
- if (BN_num_bits(key->e) < 33) {
+ if (BN_num_bits(key_e) < 33) {
ret = 0;
goto cleanup;
}
- bn_te = BN_dup(key->e);
+ bn_te = BN_dup(key_e);
if (!bn_te)
goto cleanup;
@@ -527,6 +546,7 @@ int rsa_get_params(RSA *key, uint64_t *exponent, uint32_t *n0_invp,
{
BIGNUM *big1, *big2, *big32, *big2_32;
BIGNUM *n, *r, *r_squared, *tmp;
+ const BIGNUM *key_n;
BN_CTX *bn_ctx = BN_CTX_new();
int ret = 0;
@@ -548,7 +568,8 @@ int rsa_get_params(RSA *key, uint64_t *exponent, uint32_t *n0_invp,
if (0 != rsa_get_exponent(key, exponent))
ret = -1;
- if (!BN_copy(n, key->n) || !BN_set_word(big1, 1L) ||
+ RSA_get0_key(key, NULL, &key_n, NULL);
+ if (!BN_copy(n, key_n) || !BN_set_word(big1, 1L) ||
!BN_set_word(big2, 2L) || !BN_set_word(big32, 32L))
ret = -1;
--
2.11.1
^ permalink raw reply related [flat|nested] 7+ messages in thread* [U-Boot] [PATCH 2/2] rsa: Fix deprecated warnings for OpenSSL 1.1.x 2017-02-13 9:00 [U-Boot] [PATCH 1/2] rsa: Fix build with OpenSSL 1.1.x Jelle van der Waa @ 2017-02-13 9:00 ` Jelle van der Waa 2017-02-22 3:59 ` Simon Glass 2017-02-13 9:57 ` [U-Boot] [PATCH 1/2] rsa: Fix build with " Peter Robinson 2017-02-16 1:59 ` Jonathan Gray 2 siblings, 1 reply; 7+ messages in thread From: Jelle van der Waa @ 2017-02-13 9:00 UTC (permalink / raw) To: u-boot ERR_remove_thread_state is deprecated in OpenSSL 1.1.x and does not do anything anymore. Thread initialisation and deinitialisation is now handled by the OpenSSL library. Signed-off-by: Jelle van der Waa <jelle@vdwaa.nl> --- lib/rsa/rsa-sign.c | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/lib/rsa/rsa-sign.c b/lib/rsa/rsa-sign.c index 965fb00f95..347a6aa89e 100644 --- a/lib/rsa/rsa-sign.c +++ b/lib/rsa/rsa-sign.c @@ -16,10 +16,6 @@ #include <openssl/evp.h> #include <openssl/engine.h> -#if OPENSSL_VERSION_NUMBER >= 0x10000000L -#define HAVE_ERR_REMOVE_THREAD_STATE -#endif - #if OPENSSL_VERSION_NUMBER < 0x10100000L void RSA_get0_key(const RSA *r, const BIGNUM **n, const BIGNUM **e, const BIGNUM **d) @@ -356,9 +352,9 @@ static void rsa_remove(void) { CRYPTO_cleanup_all_ex_data(); ERR_free_strings(); -#ifdef HAVE_ERR_REMOVE_THREAD_STATE +#if OPENSSL_VERSION_NUMBER >= 0x10000000L && OPENSSL_VERSION_NUMBER < 0x10100000L ERR_remove_thread_state(NULL); -#else +#elif OPENSSL_VERSION_NUMBER < 0x10000000L ERR_remove_state(0); #endif EVP_cleanup(); -- 2.11.1 ^ permalink raw reply related [flat|nested] 7+ messages in thread
* [U-Boot] [PATCH 2/2] rsa: Fix deprecated warnings for OpenSSL 1.1.x 2017-02-13 9:00 ` [U-Boot] [PATCH 2/2] rsa: Fix deprecated warnings for " Jelle van der Waa @ 2017-02-22 3:59 ` Simon Glass 0 siblings, 0 replies; 7+ messages in thread From: Simon Glass @ 2017-02-22 3:59 UTC (permalink / raw) To: u-boot On 13 February 2017 at 02:00, Jelle van der Waa <jelle@vdwaa.nl> wrote: > ERR_remove_thread_state is deprecated in OpenSSL 1.1.x and does not do > anything anymore. Thread initialisation and deinitialisation is now > handled by the OpenSSL library. > > Signed-off-by: Jelle van der Waa <jelle@vdwaa.nl> > --- > lib/rsa/rsa-sign.c | 8 ++------ > 1 file changed, 2 insertions(+), 6 deletions(-) Reviewed-by: Simon Glass <sjg@chromium.org> ^ permalink raw reply [flat|nested] 7+ messages in thread
* [U-Boot] [PATCH 1/2] rsa: Fix build with OpenSSL 1.1.x 2017-02-13 9:00 [U-Boot] [PATCH 1/2] rsa: Fix build with OpenSSL 1.1.x Jelle van der Waa 2017-02-13 9:00 ` [U-Boot] [PATCH 2/2] rsa: Fix deprecated warnings for " Jelle van der Waa @ 2017-02-13 9:57 ` Peter Robinson 2017-02-14 12:43 ` Peter Robinson 2017-02-16 1:59 ` Jonathan Gray 2 siblings, 1 reply; 7+ messages in thread From: Peter Robinson @ 2017-02-13 9:57 UTC (permalink / raw) To: u-boot On Mon, Feb 13, 2017 at 9:00 AM, Jelle van der Waa <jelle@vdwaa.nl> wrote: > The rsa_st struct has been made opaque in 1.1.x, add forward compatible > code to access the n, e, d members of rsa_struct. > > EVP_MD_CTX_cleanup has been removed in 1.1.x and EVP_MD_CTX_reset should be > called to reinitialise an already created structure. You can add my tested by. Built on Fedora 26 with 1.1.0d. gcc 7 etc. Peter > --- > lib/rsa/rsa-sign.c | 33 +++++++++++++++++++++++++++------ > 1 file changed, 27 insertions(+), 6 deletions(-) > > diff --git a/lib/rsa/rsa-sign.c b/lib/rsa/rsa-sign.c > index 8c6637e328..965fb00f95 100644 > --- a/lib/rsa/rsa-sign.c > +++ b/lib/rsa/rsa-sign.c > @@ -20,6 +20,19 @@ > #define HAVE_ERR_REMOVE_THREAD_STATE > #endif > > +#if OPENSSL_VERSION_NUMBER < 0x10100000L > +void RSA_get0_key(const RSA *r, > + const BIGNUM **n, const BIGNUM **e, const BIGNUM **d) > +{ > + if (n != NULL) > + *n = r->n; > + if (e != NULL) > + *e = r->e; > + if (d != NULL) > + *d = r->d; > +} > +#endif > + > static int rsa_err(const char *msg) > { > unsigned long sslErr = ERR_get_error(); > @@ -409,7 +422,11 @@ static int rsa_sign_with_key(RSA *rsa, struct checksum_algo *checksum_algo, > ret = rsa_err("Could not obtain signature"); > goto err_sign; > } > - EVP_MD_CTX_cleanup(context); > + #if OPENSSL_VERSION_NUMBER < 0x10100000L > + EVP_MD_CTX_cleanup(context); > + #else > + EVP_MD_CTX_reset(context); > + #endif > EVP_MD_CTX_destroy(context); > EVP_PKEY_free(key); > > @@ -479,6 +496,7 @@ static int rsa_get_exponent(RSA *key, uint64_t *e) > { > int ret; > BIGNUM *bn_te; > + const BIGNUM *key_e; > uint64_t te; > > ret = -EINVAL; > @@ -487,17 +505,18 @@ static int rsa_get_exponent(RSA *key, uint64_t *e) > if (!e) > goto cleanup; > > - if (BN_num_bits(key->e) > 64) > + RSA_get0_key(key, NULL, &key_e, NULL); > + if (BN_num_bits(key_e) > 64) > goto cleanup; > > - *e = BN_get_word(key->e); > + *e = BN_get_word(key_e); > > - if (BN_num_bits(key->e) < 33) { > + if (BN_num_bits(key_e) < 33) { > ret = 0; > goto cleanup; > } > > - bn_te = BN_dup(key->e); > + bn_te = BN_dup(key_e); > if (!bn_te) > goto cleanup; > > @@ -527,6 +546,7 @@ int rsa_get_params(RSA *key, uint64_t *exponent, uint32_t *n0_invp, > { > BIGNUM *big1, *big2, *big32, *big2_32; > BIGNUM *n, *r, *r_squared, *tmp; > + const BIGNUM *key_n; > BN_CTX *bn_ctx = BN_CTX_new(); > int ret = 0; > > @@ -548,7 +568,8 @@ int rsa_get_params(RSA *key, uint64_t *exponent, uint32_t *n0_invp, > if (0 != rsa_get_exponent(key, exponent)) > ret = -1; > > - if (!BN_copy(n, key->n) || !BN_set_word(big1, 1L) || > + RSA_get0_key(key, NULL, &key_n, NULL); > + if (!BN_copy(n, key_n) || !BN_set_word(big1, 1L) || > !BN_set_word(big2, 2L) || !BN_set_word(big32, 32L)) > ret = -1; > > -- > 2.11.1 > > _______________________________________________ > U-Boot mailing list > U-Boot at lists.denx.de > http://lists.denx.de/mailman/listinfo/u-boot ^ permalink raw reply [flat|nested] 7+ messages in thread
* [U-Boot] [PATCH 1/2] rsa: Fix build with OpenSSL 1.1.x 2017-02-13 9:57 ` [U-Boot] [PATCH 1/2] rsa: Fix build with " Peter Robinson @ 2017-02-14 12:43 ` Peter Robinson 2017-02-14 22:14 ` Jelle van der Waa 0 siblings, 1 reply; 7+ messages in thread From: Peter Robinson @ 2017-02-14 12:43 UTC (permalink / raw) To: u-boot On Mon, Feb 13, 2017 at 9:57 AM, Peter Robinson <pbrobinson@gmail.com> wrote: > On Mon, Feb 13, 2017 at 9:00 AM, Jelle van der Waa <jelle@vdwaa.nl> wrote: >> The rsa_st struct has been made opaque in 1.1.x, add forward compatible >> code to access the n, e, d members of rsa_struct. >> >> EVP_MD_CTX_cleanup has been removed in 1.1.x and EVP_MD_CTX_reset should be >> called to reinitialise an already created structure. > > You can add my tested by. Built on Fedora 26 with 1.1.0d. gcc 7 etc. Although it needs to be updated for 2017.03rc2 for tools/kwbimage.c as it now supports secure boot and I get the following errors on build: gcc -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -march=armv7-a -mfpu=vfpv3-d16 -mfloat-abi=hard -Wp,-MD,tools/.mxsimage.o.d -Itools -Wall -Wstrict-prototypes -O2 -fomit-frame-pointer -include /builddir/build/BUILD/u-boot-2017.03-rc2/include/libfdt_env.h -idirafterinclude -idirafter/builddir/build/BUILD/u-boot-2017.03-rc2/include -idirafter/builddir/build/BUILD/u-boot-2017.03-rc2/arch/arm/include -I/builddir/build/BUILD/u-boot-2017.03-rc2/lib/libfdt -I/builddir/build/BUILD/u-boot-2017.03-rc2/tools -DCONFIG_SYS_TEXT_BASE=0x00800000 -DUSE_HOSTCC -D__KERNEL_STRICT_NAMES -D_GNU_SOURCE -c -o tools/mxsimage.o /builddir/build/BUILD/u-boot-2017.03-rc2/tools/mxsimage.c /builddir/build/BUILD/u-boot-2017.03-rc2/tools/kwbimage.c: In function 'kwb_compute_pubkey_hash': /builddir/build/BUILD/u-boot-2017.03-rc2/tools/kwbimage.c:441:2: warning: implicit declaration of function 'EVP_MD_CTX_cleanup'; did you mean 'EVP_MD_CTX_create'? [-Wimplicit-function-declaration] EVP_MD_CTX_cleanup(ctx); ^~~~~~~~~~~~~~~~~~ EVP_MD_CTX_create /builddir/build/BUILD/u-boot-2017.03-rc2/tools/kwbimage.c: In function 'kwb_export_pubkey': /builddir/build/BUILD/u-boot-2017.03-rc2/tools/kwbimage.c:476:18: error: dereferencing pointer to incomplete type 'RSA {aka struct rsa_st}' if (!key || !key->e || !key->n || !dst) { ^~ /builddir/build/BUILD/u-boot-2017.03-rc2/tools/kwbimage.c:505:59: warning: format '%lu' expects argument of type 'long unsigned int', but argument 4 has type 'unsigned int' [-Wformat=] fprintf(stderr, "export pk failed: seq too large (%d, %lu)\n", ~~^ %u make[2]: *** [scripts/Makefile.host:116: tools/kwbimage.o] Error 1 >> lib/rsa/rsa-sign.c | 33 +++++++++++++++++++++++++++------ >> 1 file changed, 27 insertions(+), 6 deletions(-) >> >> diff --git a/lib/rsa/rsa-sign.c b/lib/rsa/rsa-sign.c >> index 8c6637e328..965fb00f95 100644 >> --- a/lib/rsa/rsa-sign.c >> +++ b/lib/rsa/rsa-sign.c >> @@ -20,6 +20,19 @@ >> #define HAVE_ERR_REMOVE_THREAD_STATE >> #endif >> >> +#if OPENSSL_VERSION_NUMBER < 0x10100000L >> +void RSA_get0_key(const RSA *r, >> + const BIGNUM **n, const BIGNUM **e, const BIGNUM **d) >> +{ >> + if (n != NULL) >> + *n = r->n; >> + if (e != NULL) >> + *e = r->e; >> + if (d != NULL) >> + *d = r->d; >> +} >> +#endif >> + >> static int rsa_err(const char *msg) >> { >> unsigned long sslErr = ERR_get_error(); >> @@ -409,7 +422,11 @@ static int rsa_sign_with_key(RSA *rsa, struct checksum_algo *checksum_algo, >> ret = rsa_err("Could not obtain signature"); >> goto err_sign; >> } >> - EVP_MD_CTX_cleanup(context); >> + #if OPENSSL_VERSION_NUMBER < 0x10100000L >> + EVP_MD_CTX_cleanup(context); >> + #else >> + EVP_MD_CTX_reset(context); >> + #endif >> EVP_MD_CTX_destroy(context); >> EVP_PKEY_free(key); >> >> @@ -479,6 +496,7 @@ static int rsa_get_exponent(RSA *key, uint64_t *e) >> { >> int ret; >> BIGNUM *bn_te; >> + const BIGNUM *key_e; >> uint64_t te; >> >> ret = -EINVAL; >> @@ -487,17 +505,18 @@ static int rsa_get_exponent(RSA *key, uint64_t *e) >> if (!e) >> goto cleanup; >> >> - if (BN_num_bits(key->e) > 64) >> + RSA_get0_key(key, NULL, &key_e, NULL); >> + if (BN_num_bits(key_e) > 64) >> goto cleanup; >> >> - *e = BN_get_word(key->e); >> + *e = BN_get_word(key_e); >> >> - if (BN_num_bits(key->e) < 33) { >> + if (BN_num_bits(key_e) < 33) { >> ret = 0; >> goto cleanup; >> } >> >> - bn_te = BN_dup(key->e); >> + bn_te = BN_dup(key_e); >> if (!bn_te) >> goto cleanup; >> >> @@ -527,6 +546,7 @@ int rsa_get_params(RSA *key, uint64_t *exponent, uint32_t *n0_invp, >> { >> BIGNUM *big1, *big2, *big32, *big2_32; >> BIGNUM *n, *r, *r_squared, *tmp; >> + const BIGNUM *key_n; >> BN_CTX *bn_ctx = BN_CTX_new(); >> int ret = 0; >> >> @@ -548,7 +568,8 @@ int rsa_get_params(RSA *key, uint64_t *exponent, uint32_t *n0_invp, >> if (0 != rsa_get_exponent(key, exponent)) >> ret = -1; >> >> - if (!BN_copy(n, key->n) || !BN_set_word(big1, 1L) || >> + RSA_get0_key(key, NULL, &key_n, NULL); >> + if (!BN_copy(n, key_n) || !BN_set_word(big1, 1L) || >> !BN_set_word(big2, 2L) || !BN_set_word(big32, 32L)) >> ret = -1; >> >> -- >> 2.11.1 >> >> _______________________________________________ >> U-Boot mailing list >> U-Boot at lists.denx.de >> http://lists.denx.de/mailman/listinfo/u-boot ^ permalink raw reply [flat|nested] 7+ messages in thread
* [U-Boot] [PATCH 1/2] rsa: Fix build with OpenSSL 1.1.x 2017-02-14 12:43 ` Peter Robinson @ 2017-02-14 22:14 ` Jelle van der Waa 0 siblings, 0 replies; 7+ messages in thread From: Jelle van der Waa @ 2017-02-14 22:14 UTC (permalink / raw) To: u-boot On 02/14/17 at 12:43pm, Peter Robinson wrote: > On Mon, Feb 13, 2017 at 9:57 AM, Peter Robinson <pbrobinson@gmail.com> wrote: > > On Mon, Feb 13, 2017 at 9:00 AM, Jelle van der Waa <jelle@vdwaa.nl> wrote: > >> The rsa_st struct has been made opaque in 1.1.x, add forward compatible > >> code to access the n, e, d members of rsa_struct. > >> > >> EVP_MD_CTX_cleanup has been removed in 1.1.x and EVP_MD_CTX_reset should be > >> called to reinitialise an already created structure. > > > > You can add my tested by. Built on Fedora 26 with 1.1.0d. gcc 7 etc. > > Although it needs to be updated for 2017.03rc2 for tools/kwbimage.c as > it now supports secure boot and I get the following errors on build: I've created a patch for it here. I'll send it to the list tommorow http://vps.vdwaa.nl/~jelle/0001-tools-kwbimage-fix-build-with-OpenSSL-1.1.x.patch -- Jelle van der Waa ^ permalink raw reply [flat|nested] 7+ messages in thread
* [U-Boot] [PATCH 1/2] rsa: Fix build with OpenSSL 1.1.x 2017-02-13 9:00 [U-Boot] [PATCH 1/2] rsa: Fix build with OpenSSL 1.1.x Jelle van der Waa 2017-02-13 9:00 ` [U-Boot] [PATCH 2/2] rsa: Fix deprecated warnings for " Jelle van der Waa 2017-02-13 9:57 ` [U-Boot] [PATCH 1/2] rsa: Fix build with " Peter Robinson @ 2017-02-16 1:59 ` Jonathan Gray 2 siblings, 0 replies; 7+ messages in thread From: Jonathan Gray @ 2017-02-16 1:59 UTC (permalink / raw) To: u-boot These version tests should be #if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER) or better yet have tests based on functionality rather than version. opensslv.h on OpenBSD-current/LibreSSL portable master has /* $OpenBSD: opensslv.h,v 1.39 2017/02/14 03:50:25 bcook Exp $ */ #ifndef HEADER_OPENSSLV_H #define HEADER_OPENSSLV_H /* These will change with each release of LibreSSL-portable */ #define LIBRESSL_VERSION_NUMBER 0x2050200fL #define LIBRESSL_VERSION_TEXT "LibreSSL 2.5.2" /* These will never change */ #define OPENSSL_VERSION_NUMBER 0x20000000L #define OPENSSL_VERSION_TEXT LIBRESSL_VERSION_TEXT #define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT #define SHLIB_VERSION_HISTORY "" #define SHLIB_VERSION_NUMBER "1.0.0" #endif /* HEADER_OPENSSLV_H */ On Mon, Feb 13, 2017@10:00:36AM +0100, Jelle van der Waa wrote: > The rsa_st struct has been made opaque in 1.1.x, add forward compatible > code to access the n, e, d members of rsa_struct. > > EVP_MD_CTX_cleanup has been removed in 1.1.x and EVP_MD_CTX_reset should be > called to reinitialise an already created structure. > --- > lib/rsa/rsa-sign.c | 33 +++++++++++++++++++++++++++------ > 1 file changed, 27 insertions(+), 6 deletions(-) > > diff --git a/lib/rsa/rsa-sign.c b/lib/rsa/rsa-sign.c > index 8c6637e328..965fb00f95 100644 > --- a/lib/rsa/rsa-sign.c > +++ b/lib/rsa/rsa-sign.c > @@ -20,6 +20,19 @@ > #define HAVE_ERR_REMOVE_THREAD_STATE > #endif > > +#if OPENSSL_VERSION_NUMBER < 0x10100000L > +void RSA_get0_key(const RSA *r, > + const BIGNUM **n, const BIGNUM **e, const BIGNUM **d) > +{ > + if (n != NULL) > + *n = r->n; > + if (e != NULL) > + *e = r->e; > + if (d != NULL) > + *d = r->d; > +} > +#endif > + > static int rsa_err(const char *msg) > { > unsigned long sslErr = ERR_get_error(); > @@ -409,7 +422,11 @@ static int rsa_sign_with_key(RSA *rsa, struct checksum_algo *checksum_algo, > ret = rsa_err("Could not obtain signature"); > goto err_sign; > } > - EVP_MD_CTX_cleanup(context); > + #if OPENSSL_VERSION_NUMBER < 0x10100000L > + EVP_MD_CTX_cleanup(context); > + #else > + EVP_MD_CTX_reset(context); > + #endif > EVP_MD_CTX_destroy(context); > EVP_PKEY_free(key); > > @@ -479,6 +496,7 @@ static int rsa_get_exponent(RSA *key, uint64_t *e) > { > int ret; > BIGNUM *bn_te; > + const BIGNUM *key_e; > uint64_t te; > > ret = -EINVAL; > @@ -487,17 +505,18 @@ static int rsa_get_exponent(RSA *key, uint64_t *e) > if (!e) > goto cleanup; > > - if (BN_num_bits(key->e) > 64) > + RSA_get0_key(key, NULL, &key_e, NULL); > + if (BN_num_bits(key_e) > 64) > goto cleanup; > > - *e = BN_get_word(key->e); > + *e = BN_get_word(key_e); > > - if (BN_num_bits(key->e) < 33) { > + if (BN_num_bits(key_e) < 33) { > ret = 0; > goto cleanup; > } > > - bn_te = BN_dup(key->e); > + bn_te = BN_dup(key_e); > if (!bn_te) > goto cleanup; > > @@ -527,6 +546,7 @@ int rsa_get_params(RSA *key, uint64_t *exponent, uint32_t *n0_invp, > { > BIGNUM *big1, *big2, *big32, *big2_32; > BIGNUM *n, *r, *r_squared, *tmp; > + const BIGNUM *key_n; > BN_CTX *bn_ctx = BN_CTX_new(); > int ret = 0; > > @@ -548,7 +568,8 @@ int rsa_get_params(RSA *key, uint64_t *exponent, uint32_t *n0_invp, > if (0 != rsa_get_exponent(key, exponent)) > ret = -1; > > - if (!BN_copy(n, key->n) || !BN_set_word(big1, 1L) || > + RSA_get0_key(key, NULL, &key_n, NULL); > + if (!BN_copy(n, key_n) || !BN_set_word(big1, 1L) || > !BN_set_word(big2, 2L) || !BN_set_word(big32, 32L)) > ret = -1; > > -- > 2.11.1 > > _______________________________________________ > U-Boot mailing list > U-Boot at lists.denx.de > http://lists.denx.de/mailman/listinfo/u-boot ^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2017-02-22 3:59 UTC | newest] Thread overview: 7+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2017-02-13 9:00 [U-Boot] [PATCH 1/2] rsa: Fix build with OpenSSL 1.1.x Jelle van der Waa 2017-02-13 9:00 ` [U-Boot] [PATCH 2/2] rsa: Fix deprecated warnings for " Jelle van der Waa 2017-02-22 3:59 ` Simon Glass 2017-02-13 9:57 ` [U-Boot] [PATCH 1/2] rsa: Fix build with " Peter Robinson 2017-02-14 12:43 ` Peter Robinson 2017-02-14 22:14 ` Jelle van der Waa 2017-02-16 1:59 ` Jonathan Gray
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox