On Fri, Jun 08, 2018 at 01:07:47PM +0200, Lucas Stach wrote: > OpenSSL 1.1.x made some of the types opaque, so peeking inside directly > doesn't work anymore. Use the correct accessors instead. > > I've dropped the algorithm check, as EVP_PKEY_get0_RSA() already verifies > that the pubkey is RSA and returns NULL if it isn't. > > Signed-off-by: Lucas Stach <l.stach@xxxxxxxxxxxxxx> > --- > This is compile tested only, so I would appreciate some testing and/or > a close look at this change. > --- > scripts/imx/imx-image.c | 40 ++++++++++++++++++++-------------------- > 1 file changed, 20 insertions(+), 20 deletions(-) Applied, thanks Sascha > > diff --git a/scripts/imx/imx-image.c b/scripts/imx/imx-image.c > index b241e8c4b68e..d50c755456c3 100644 > --- a/scripts/imx/imx-image.c > +++ b/scripts/imx/imx-image.c > @@ -94,12 +94,23 @@ struct hab_rsa_public_key { > #include <openssl/pem.h> > #include <openssl/bio.h> > > +#if OPENSSL_VERSION_NUMBER < 0x10100000L > +void RSA_get0_key(const RSA *r, const BIGNUM **n, > + const BIGNUM **e, const BIGNUM **d) > +{ > + if (n != NULL) > + *n = r->n; > + if (e != NULL) > + *e = r->e; > + if (d != NULL) > + *d = r->d; > +} > +#endif > + > static int extract_key(const char *certfile, uint8_t **modulus, int *modulus_len, > uint8_t **exponent, int *exponent_len) > { > - char buf[PUBKEY_ALGO_LEN]; > - int pubkey_algonid; > - const char *sslbuf; > + const BIGNUM *n, *e; > EVP_PKEY *pkey; > FILE *fp; > X509 *cert; > @@ -120,37 +131,26 @@ static int extract_key(const char *certfile, uint8_t **modulus, int *modulus_len > > fclose(fp); > > - pubkey_algonid = OBJ_obj2nid(cert->cert_info->key->algor->algorithm); > - if (pubkey_algonid == NID_undef) { > - fprintf(stderr, "unable to find specified public key algorithm name.\n"); > - return -EINVAL; > - } > - > - if (pubkey_algonid != NID_rsaEncryption) > - return -EINVAL; > - > - sslbuf = OBJ_nid2ln(pubkey_algonid); > - strncpy(buf, sslbuf, PUBKEY_ALGO_LEN); > - > pkey = X509_get_pubkey(cert); > if (!pkey) { > fprintf(stderr, "unable to extract public key from certificate"); > return -EINVAL; > } > > - rsa_key = pkey->pkey.rsa; > + rsa_key = EVP_PKEY_get0_RSA(pkey); > if (!rsa_key) { > fprintf(stderr, "unable to extract RSA public key"); > return -EINVAL; > } > > - *modulus_len = BN_num_bytes(rsa_key->n); > + RSA_get0_key(rsa_key, &n, &e, NULL); > + *modulus_len = BN_num_bytes(n); > *modulus = malloc(*modulus_len); > - BN_bn2bin(rsa_key->n, *modulus); > + BN_bn2bin(n, *modulus); > > - *exponent_len = BN_num_bytes(rsa_key->e); > + *exponent_len = BN_num_bytes(e); > *exponent = malloc(*exponent_len); > - BN_bn2bin(rsa_key->e, *exponent); > + BN_bn2bin(e, *exponent); > > EVP_PKEY_free(pkey); > X509_free(cert); > -- > 2.17.1 > > > _______________________________________________ > barebox mailing list > barebox@xxxxxxxxxxxxxxxxxxx > http://lists.infradead.org/mailman/listinfo/barebox > -- Pengutronix e.K. | | Industrial Linux Solutions | http://www.pengutronix.de/ | Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 | _______________________________________________ barebox mailing list barebox@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/barebox