On Fri, Jun 08, 2018 at 01:07:47PM +0200, Lucas Stach wrote:
> OpenSSL 1.1.x made some of the types opaque, so peeking inside directly
> doesn't work anymore. Use the correct accessors instead.
>
> I've dropped the algorithm check, as EVP_PKEY_get0_RSA() already verifies
> that the pubkey is RSA and returns NULL if it isn't.
>
> Signed-off-by: Lucas Stach <l.stach@xxxxxxxxxxxxxx>
> ---
> This is compile tested only, so I would appreciate some testing and/or
> a close look at this change.
> ---
> scripts/imx/imx-image.c | 40 ++++++++++++++++++++--------------------
> 1 file changed, 20 insertions(+), 20 deletions(-)
Applied, thanks
Sascha
>
> diff --git a/scripts/imx/imx-image.c b/scripts/imx/imx-image.c
> index b241e8c4b68e..d50c755456c3 100644
> --- a/scripts/imx/imx-image.c
> +++ b/scripts/imx/imx-image.c
> @@ -94,12 +94,23 @@ struct hab_rsa_public_key {
> #include <openssl/pem.h>
> #include <openssl/bio.h>
>
> +#if OPENSSL_VERSION_NUMBER < 0x10100000L
> +void RSA_get0_key(const RSA *r, const BIGNUM **n,
> + const BIGNUM **e, const BIGNUM **d)
> +{
> + if (n != NULL)
> + *n = r->n;
> + if (e != NULL)
> + *e = r->e;
> + if (d != NULL)
> + *d = r->d;
> +}
> +#endif
> +
> static int extract_key(const char *certfile, uint8_t **modulus, int *modulus_len,
> uint8_t **exponent, int *exponent_len)
> {
> - char buf[PUBKEY_ALGO_LEN];
> - int pubkey_algonid;
> - const char *sslbuf;
> + const BIGNUM *n, *e;
> EVP_PKEY *pkey;
> FILE *fp;
> X509 *cert;
> @@ -120,37 +131,26 @@ static int extract_key(const char *certfile, uint8_t **modulus, int *modulus_len
>
> fclose(fp);
>
> - pubkey_algonid = OBJ_obj2nid(cert->cert_info->key->algor->algorithm);
> - if (pubkey_algonid == NID_undef) {
> - fprintf(stderr, "unable to find specified public key algorithm name.\n");
> - return -EINVAL;
> - }
> -
> - if (pubkey_algonid != NID_rsaEncryption)
> - return -EINVAL;
> -
> - sslbuf = OBJ_nid2ln(pubkey_algonid);
> - strncpy(buf, sslbuf, PUBKEY_ALGO_LEN);
> -
> pkey = X509_get_pubkey(cert);
> if (!pkey) {
> fprintf(stderr, "unable to extract public key from certificate");
> return -EINVAL;
> }
>
> - rsa_key = pkey->pkey.rsa;
> + rsa_key = EVP_PKEY_get0_RSA(pkey);
> if (!rsa_key) {
> fprintf(stderr, "unable to extract RSA public key");
> return -EINVAL;
> }
>
> - *modulus_len = BN_num_bytes(rsa_key->n);
> + RSA_get0_key(rsa_key, &n, &e, NULL);
> + *modulus_len = BN_num_bytes(n);
> *modulus = malloc(*modulus_len);
> - BN_bn2bin(rsa_key->n, *modulus);
> + BN_bn2bin(n, *modulus);
>
> - *exponent_len = BN_num_bytes(rsa_key->e);
> + *exponent_len = BN_num_bytes(e);
> *exponent = malloc(*exponent_len);
> - BN_bn2bin(rsa_key->e, *exponent);
> + BN_bn2bin(e, *exponent);
>
> EVP_PKEY_free(pkey);
> X509_free(cert);
> --
> 2.17.1
>
>
> _______________________________________________
> barebox mailing list
> barebox@xxxxxxxxxxxxxxxxxxx
> http://lists.infradead.org/mailman/listinfo/barebox
>
--
Pengutronix e.K. | |
Industrial Linux Solutions | http://www.pengutronix.de/ |
Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
_______________________________________________
barebox mailing list
barebox@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/barebox
