* [PATCH] tools: mkimage: don't use deprecated openssl funcs
@ 2022-07-21 17:11 Michal Vasilek
2022-07-22 8:59 ` Simon Glass
2022-08-04 18:06 ` [PATCH] tools: mkimage: don't use deprecated openssl funcs Tom Rini
0 siblings, 2 replies; 8+ messages in thread
From: Michal Vasilek @ 2022-07-21 17:11 UTC (permalink / raw)
To: u-boot; +Cc: Michal Vasilek
RSA_get0_* functions are not available in LibreSSL and deprecated in
OpenSSL. This fixes build with LibreSSL and removes deprecation warnings
with OpenSSL 3
Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
---
tools/sunxi_toc0.c | 28 ++++++++++++++--------------
1 file changed, 14 insertions(+), 14 deletions(-)
diff --git a/tools/sunxi_toc0.c b/tools/sunxi_toc0.c
index bab5d17b7d..a6c4b59010 100644
--- a/tools/sunxi_toc0.c
+++ b/tools/sunxi_toc0.c
@@ -207,8 +207,8 @@ static int toc0_create_key_item(uint8_t *buf, uint32_t *len,
int n_len, e_len;
/* Store key 0. */
- n_len = BN_bn2bin(RSA_get0_n(root_key), key_item->key0);
- e_len = BN_bn2bin(RSA_get0_e(root_key), key_item->key0 + n_len);
+ n_len = BN_bn2bin(root_key->n, key_item->key0);
+ e_len = BN_bn2bin(root_key->e, key_item->key0 + n_len);
if (n_len + e_len > sizeof(key_item->key0)) {
pr_err("Root key is too big for key item\n");
goto err;
@@ -217,8 +217,8 @@ static int toc0_create_key_item(uint8_t *buf, uint32_t *len,
key_item->key0_e_len = cpu_to_le32(e_len);
/* Store key 1. */
- n_len = BN_bn2bin(RSA_get0_n(fw_key), key_item->key1);
- e_len = BN_bn2bin(RSA_get0_e(fw_key), key_item->key1 + n_len);
+ n_len = BN_bn2bin(fw_key->n, key_item->key1);
+ e_len = BN_bn2bin(fw_key->e, key_item->key1 + n_len);
if (n_len + e_len > sizeof(key_item->key1)) {
pr_err("Firmware key is too big for key item\n");
goto err;
@@ -281,8 +281,8 @@ static int toc0_verify_key_item(const uint8_t *buf, uint32_t len,
goto err;
/* If a root key was provided, compare it to key 0. */
- if (root_key && (BN_cmp(n, RSA_get0_n(root_key)) ||
- BN_cmp(e, RSA_get0_e(root_key)))) {
+ if (root_key && (BN_cmp(n, root_key->n) ||
+ BN_cmp(e, root_key->e))) {
pr_err("Wrong root key in key item\n");
goto err;
}
@@ -313,8 +313,8 @@ static int toc0_verify_key_item(const uint8_t *buf, uint32_t len,
if (*fw_key) {
/* If a FW key was provided, compare it to key 1. */
- if (BN_cmp(n, RSA_get0_n(*fw_key)) ||
- BN_cmp(e, RSA_get0_e(*fw_key))) {
+ if (BN_cmp(n, (*fw_key)->n) ||
+ BN_cmp(e, (*fw_key)->e)) {
pr_err("Wrong firmware key in key item\n");
goto err;
}
@@ -361,8 +361,8 @@ static int toc0_create_cert_item(uint8_t *buf, uint32_t *len, RSA *fw_key,
*/
totalSequence = &cert_item->totalSequence;
publicKey = &totalSequence->mainSequence.subjectPublicKeyInfo.publicKey;
- if (BN_bn2binpad(RSA_get0_n(fw_key), publicKey->n, sizeof(publicKey->n)) < 0 ||
- BN_bn2binpad(RSA_get0_e(fw_key), publicKey->e, sizeof(publicKey->e)) < 0) {
+ if (BN_bn2binpad(fw_key->n, publicKey->n, sizeof(publicKey->n)) < 0 ||
+ BN_bn2binpad(fw_key->e, publicKey->e, sizeof(publicKey->e)) < 0) {
pr_err("Firmware key is too big for certificate\n");
goto err;
}
@@ -430,8 +430,8 @@ static int toc0_verify_cert_item(const uint8_t *buf, uint32_t len, RSA *fw_key,
goto err;
/* If a key was provided, compare it to the embedded key. */
- if (fw_key && (BN_cmp(RSA_get0_n(key), RSA_get0_n(fw_key)) ||
- BN_cmp(RSA_get0_e(key), RSA_get0_e(fw_key)))) {
+ if (fw_key && (BN_cmp(key->n, fw_key->n) ||
+ BN_cmp(key->e, fw_key->e))) {
pr_err("Wrong firmware key in certificate\n");
goto err;
}
@@ -830,7 +830,7 @@ static void toc0_set_header(void *buf, struct stat *sbuf, int ifd,
}
/* When using an existing key item, the root key is optional. */
- if (!key_item && (!root_key || !RSA_get0_d(root_key))) {
+ if (!key_item && (!root_key || !root_key->d)) {
pr_err("Failed to read private key from '%s'\n",
root_key_file);
pr_info("Try 'openssl genrsa -out root_key.pem'\n");
@@ -846,7 +846,7 @@ static void toc0_set_header(void *buf, struct stat *sbuf, int ifd,
}
if (!fw_key) {
/* If the root key is a private key, it can be used instead. */
- if (root_key && RSA_get0_d(root_key)) {
+ if (root_key && root_key->d) {
pr_info("Using root key as firmware key\n");
fw_key = root_key;
} else {
--
2.37.1
^ permalink raw reply related [flat|nested] 8+ messages in thread
* Re: [PATCH] tools: mkimage: don't use deprecated openssl funcs
2022-07-21 17:11 [PATCH] tools: mkimage: don't use deprecated openssl funcs Michal Vasilek
@ 2022-07-22 8:59 ` Simon Glass
2022-07-22 17:55 ` [PATCH v2] tools: mkimage: fix build with LibreSSL Michal Vasilek
2022-08-04 18:06 ` [PATCH] tools: mkimage: don't use deprecated openssl funcs Tom Rini
1 sibling, 1 reply; 8+ messages in thread
From: Simon Glass @ 2022-07-22 8:59 UTC (permalink / raw)
To: Michal Vasilek; +Cc: U-Boot Mailing List
Hi Michal,
On Thu, 21 Jul 2022 at 11:14, Michal Vasilek <michal.vasilek@nic.cz> wrote:
>
> RSA_get0_* functions are not available in LibreSSL and deprecated in
> OpenSSL. This fixes build with LibreSSL and removes deprecation warnings
> with OpenSSL 3
>
> Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
> ---
> tools/sunxi_toc0.c | 28 ++++++++++++++--------------
> 1 file changed, 14 insertions(+), 14 deletions(-)
Reviewed-by: Simon Glass <sjg@chromium.org>
It looks like this should be backwards compatible to older versions, also?
Regards,
Simon
^ permalink raw reply [flat|nested] 8+ messages in thread
* [PATCH v2] tools: mkimage: fix build with LibreSSL
2022-07-22 8:59 ` Simon Glass
@ 2022-07-22 17:55 ` Michal Vasilek
2022-07-22 17:55 ` [PATCH] " Michal Vasilek
0 siblings, 1 reply; 8+ messages in thread
From: Michal Vasilek @ 2022-07-22 17:55 UTC (permalink / raw)
To: Simon Glass; +Cc: U-Boot Mailing List
Actually it was using a struct that is private in OpenSSL 1.1.1, I
replaced the patch with macros defining the missing functions on
LibreSSL.
Thanks
Michal
^ permalink raw reply [flat|nested] 8+ messages in thread
* [PATCH] tools: mkimage: fix build with LibreSSL
2022-07-22 17:55 ` [PATCH v2] tools: mkimage: fix build with LibreSSL Michal Vasilek
@ 2022-07-22 17:55 ` Michal Vasilek
2022-07-23 16:42 ` Simon Glass
` (2 more replies)
0 siblings, 3 replies; 8+ messages in thread
From: Michal Vasilek @ 2022-07-22 17:55 UTC (permalink / raw)
To: Simon Glass; +Cc: U-Boot Mailing List, Michal Vasilek
RSA_get0_* functions are not available in LibreSSL
Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
---
tools/sunxi_toc0.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/tools/sunxi_toc0.c b/tools/sunxi_toc0.c
index bab5d17b7d..56200bd927 100644
--- a/tools/sunxi_toc0.c
+++ b/tools/sunxi_toc0.c
@@ -34,6 +34,12 @@
#define pr_warn(fmt, args...) fprintf(stderr, pr_fmt(fmt), "warning", ##args)
#define pr_info(fmt, args...) fprintf(stderr, pr_fmt(fmt), "info", ##args)
+#if defined(LIBRESSL_VERSION_NUMBER)
+#define RSA_get0_n(key) (key)->n
+#define RSA_get0_e(key) (key)->e
+#define RSA_get0_d(key) (key)->d
+#endif
+
struct __packed toc0_key_item {
__le32 vendor_id;
__le32 key0_n_len;
--
2.37.1
^ permalink raw reply related [flat|nested] 8+ messages in thread
* Re: [PATCH] tools: mkimage: fix build with LibreSSL
2022-07-22 17:55 ` [PATCH] " Michal Vasilek
@ 2022-07-23 16:42 ` Simon Glass
2022-07-25 14:27 ` Jonathan Gray
2022-08-04 20:53 ` Tom Rini
2 siblings, 0 replies; 8+ messages in thread
From: Simon Glass @ 2022-07-23 16:42 UTC (permalink / raw)
To: Michal Vasilek; +Cc: U-Boot Mailing List
On Fri, 22 Jul 2022 at 11:56, Michal Vasilek <michal.vasilek@nic.cz> wrote:
>
> RSA_get0_* functions are not available in LibreSSL
>
> Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
> ---
> tools/sunxi_toc0.c | 6 ++++++
> 1 file changed, 6 insertions(+)
>
Reviewed-by: Simon Glass <sjg@chromium.org>
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH] tools: mkimage: fix build with LibreSSL
2022-07-22 17:55 ` [PATCH] " Michal Vasilek
2022-07-23 16:42 ` Simon Glass
@ 2022-07-25 14:27 ` Jonathan Gray
2022-08-04 20:53 ` Tom Rini
2 siblings, 0 replies; 8+ messages in thread
From: Jonathan Gray @ 2022-07-25 14:27 UTC (permalink / raw)
To: Michal Vasilek; +Cc: Simon Glass, U-Boot Mailing List
On Fri, Jul 22, 2022 at 07:55:53PM +0200, Michal Vasilek wrote:
> RSA_get0_* functions are not available in LibreSSL
added in January
----------------------------
revision 1.41
date: 2022/01/05 20:44:12; author: tb; state: Exp; lines: +55 -1; commitid: b1ATkp4OhzL5p4XV;
Prepare to provide a number of RSA accessors
This adds RSA_get0_{n,e,d,p,q,dmp1,dmq1,iqmp,pss_params}() which will
be exposed in the upcoming bump.
ok inoguchi jsing
----------------------------
seems to be >= 3.5.0 for the portable releases
https://marc.info/?l=libressl&m=164572407401570&w=2
>
> Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
> ---
> tools/sunxi_toc0.c | 6 ++++++
> 1 file changed, 6 insertions(+)
>
> diff --git a/tools/sunxi_toc0.c b/tools/sunxi_toc0.c
> index bab5d17b7d..56200bd927 100644
> --- a/tools/sunxi_toc0.c
> +++ b/tools/sunxi_toc0.c
> @@ -34,6 +34,12 @@
> #define pr_warn(fmt, args...) fprintf(stderr, pr_fmt(fmt), "warning", ##args)
> #define pr_info(fmt, args...) fprintf(stderr, pr_fmt(fmt), "info", ##args)
>
> +#if defined(LIBRESSL_VERSION_NUMBER)
> +#define RSA_get0_n(key) (key)->n
> +#define RSA_get0_e(key) (key)->e
> +#define RSA_get0_d(key) (key)->d
> +#endif
> +
> struct __packed toc0_key_item {
> __le32 vendor_id;
> __le32 key0_n_len;
> --
> 2.37.1
>
>
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH] tools: mkimage: don't use deprecated openssl funcs
2022-07-21 17:11 [PATCH] tools: mkimage: don't use deprecated openssl funcs Michal Vasilek
2022-07-22 8:59 ` Simon Glass
@ 2022-08-04 18:06 ` Tom Rini
1 sibling, 0 replies; 8+ messages in thread
From: Tom Rini @ 2022-08-04 18:06 UTC (permalink / raw)
To: Michal Vasilek; +Cc: u-boot
[-- Attachment #1: Type: text/plain, Size: 442 bytes --]
On Thu, Jul 21, 2022 at 07:11:47PM +0200, Michal Vasilek wrote:
> RSA_get0_* functions are not available in LibreSSL and deprecated in
> OpenSSL. This fixes build with LibreSSL and removes deprecation warnings
> with OpenSSL 3
>
> Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
> Reviewed-by: Simon Glass <sjg@chromium.org>
This breaks CI for all platforms:
https://source.denx.de/u-boot/u-boot/-/jobs/478198
--
Tom
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 659 bytes --]
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH] tools: mkimage: fix build with LibreSSL
2022-07-22 17:55 ` [PATCH] " Michal Vasilek
2022-07-23 16:42 ` Simon Glass
2022-07-25 14:27 ` Jonathan Gray
@ 2022-08-04 20:53 ` Tom Rini
2 siblings, 0 replies; 8+ messages in thread
From: Tom Rini @ 2022-08-04 20:53 UTC (permalink / raw)
To: Michal Vasilek; +Cc: Simon Glass, U-Boot Mailing List
[-- Attachment #1: Type: text/plain, Size: 278 bytes --]
On Fri, Jul 22, 2022 at 07:55:53PM +0200, Michal Vasilek wrote:
> RSA_get0_* functions are not available in LibreSSL
>
> Signed-off-by: Michal Vasilek <michal.vasilek@nic.cz>
> Reviewed-by: Simon Glass <sjg@chromium.org>
Applied to u-boot/master, thanks!
--
Tom
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 659 bytes --]
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2022-08-04 20:54 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2022-07-21 17:11 [PATCH] tools: mkimage: don't use deprecated openssl funcs Michal Vasilek
2022-07-22 8:59 ` Simon Glass
2022-07-22 17:55 ` [PATCH v2] tools: mkimage: fix build with LibreSSL Michal Vasilek
2022-07-22 17:55 ` [PATCH] " Michal Vasilek
2022-07-23 16:42 ` Simon Glass
2022-07-25 14:27 ` Jonathan Gray
2022-08-04 20:53 ` Tom Rini
2022-08-04 18:06 ` [PATCH] tools: mkimage: don't use deprecated openssl funcs Tom Rini
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox