Update for openssl 1.1

OpenSSL 1.1 has made significant non-backwards compatible changes to its API as outlined in: https://wiki.openssl.org/index.php/OpenSSL_1.1.0_Changes BRANCH=none BUG=chromium:738114 TEST=cros_workon --host start vboot_reference TEST=w/ openssl-1.0.2k: sudo emerge vboot_reference TEST=w/ openssl-1.1.0e: sudo emerge vboot_reference => both build ok $ futility version => command runs without error TEST=cros_workon --board=soraka start vboot_reference coreboot TEST=w/ openssl-1.0.2k: emerge-soraka vboot_reference coreboot TEST=w/ openssl-1.1.0e: emerge-soraka vboot_reference coreboot => All build ok Change-Id: I37cfc8cbb04a092eab7b0b3224f475b82609447c Reviewed-on: https://chromium-review.googlesource.com/557739 Commit-Ready: Daniel Kurtz <djkurtz@chromium.org> Tested-by: Daniel Kurtz <djkurtz@chromium.org> Reviewed-by: Randall Spangler <rspangler@chromium.org> Reviewed-by: Mike Frysinger <vapier@chromium.org>
2025-11-27 11:44:02 +00:00 · 2017-06-30 11:45:08 +08:00
parent 06beb42e11
commit bce7904376
6 changed files with 61 additions and 12 deletions
--- a/futility/cmd_create.c
+++ b/futility/cmd_create.c
@@ -14,6 +14,7 @@
 #include "2id.h"
 #include "2rsa.h"
 #include "2sha.h"
+#include "openssl_compat.h"
 #include "util_misc.h"
 #include "vb2_common.h"
 #include "vb21_common.h"
@@ -170,6 +171,7 @@ static int vb2_make_keypair()
 	enum vb2_signature_algorithm sig_alg;
 	uint8_t *pubkey_buf = 0;
 	int has_priv = 0;
+	const BIGNUM *rsa_d;

 	FILE *fp;
 	int ret = 1;
@@ -196,7 +198,8 @@ static int vb2_make_keypair()
 		goto done;
 	}
 	/* Public keys doesn't have the private exponent */
-	has_priv = !!rsa_key->d;
+	RSA_get0_key(rsa_key, NULL, NULL, &rsa_d);
+	has_priv = !!rsa_d;
 	if (!has_priv)
 		fprintf(stderr, "%s has a public key only.\n", infile);

--- a/futility/vb2_helper.c
+++ b/futility/vb2_helper.c
@@ -11,6 +11,7 @@
 #include "2id.h"
 #include "2rsa.h"
 #include "2sha.h"
+#include "openssl_compat.h"
 #include "util_misc.h"
 #include "vb21_common.h"

@@ -207,6 +208,7 @@ int ft_show_pem(const char *name, uint8_t *buf, uint32_t len, void *data)
 	uint8_t digest[VB2_SHA1_DIGEST_SIZE];
 	uint32_t keyb_len;
 	int i, bits;
+	const BIGNUM *rsa_key_n, *rsa_key_d;

 	/* We're called only after ft_recognize_pem, so this should work. */
 	rsa_key = rsa_from_buffer(buf, len);
@@ -214,10 +216,11 @@ int ft_show_pem(const char *name, uint8_t *buf, uint32_t len, void *data)
 		DIE;

 	/* Use to presence of the private exponent to decide if it's public */
-	printf("%s Key file:      %s\n", rsa_key->d ? "Private" : "Public",
+	RSA_get0_key(rsa_key, &rsa_key_n, NULL, &rsa_key_d);
+	printf("%s Key file:      %s\n", rsa_key_d ? "Private" : "Public",
 					 name);

-	bits = BN_num_bits(rsa_key->n);
+	bits = BN_num_bits(rsa_key_n);
 	printf("  Key length:          %d\n", bits);

 	if (vb_keyb_from_rsa(rsa_key, &keyb, &keyb_len)) {
--- a/host/include/openssl_compat.h
+++ b/host/include/openssl_compat.h
@@ -0,0 +1,26 @@
+/* Copyright 2017 The Chromium OS Authors. All rights reserved.
+ * Use of this source code is governed by a BSD-style license that can be
+ * found in the LICENSE file.
+ */
+
+#ifndef VBOOT_REFERENCE_OPENSSL_COMPAT_H_
+#define VBOOT_REFERENCE_OPENSSL_COMPAT_H_
+
+#include <openssl/rsa.h>
+
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+
+static inline void RSA_get0_key(const RSA *rsa, const BIGNUM **n,
+				const BIGNUM **e, const BIGNUM **d)
+{
+	if (n != NULL)
+		*n = rsa->n;
+	if (e != NULL)
+		*e = rsa->e;
+	if (d != NULL)
+		*d = rsa->d;
+}
+
+#endif  /* OPENSSL_VERSION_NUMBER < 0x10100000L */
+
+#endif  /* VBOOT_REFERENCE_OPENSSL_COMPAT_H_ */
--- a/host/lib/util_misc.c
+++ b/host/lib/util_misc.c
@@ -18,6 +18,7 @@
 #include "2common.h"
 #include "2sha.h"
 #include "host_common.h"
+#include "openssl_compat.h"
 #include "util_misc.h"
 #include "vb2_common.h"
 #include "host_key2.h"
@@ -73,6 +74,7 @@ int vb_keyb_from_rsa(struct rsa_st *rsa_private_key,
 	BIGNUM *N0inv = NULL, *R = NULL, *RR = NULL;
 	BIGNUM *RRTemp = NULL, *NnumBits = NULL;
 	BIGNUM *n = NULL, *rr = NULL;
+	const BIGNUM *rsa_private_key_n;
 	BN_CTX *bn_ctx = BN_CTX_new();
 	uint32_t n0invout;
 	uint32_t bufsize;
@@ -80,7 +82,7 @@ int vb_keyb_from_rsa(struct rsa_st *rsa_private_key,
 	int retval = 1;

 	/* Size of RSA key in 32-bit words */
-	nwords = BN_num_bits(rsa_private_key->n) / 32;
+	nwords = RSA_size(rsa_private_key) / 4;

 	bufsize = (2 + nwords + nwords) * sizeof(uint32_t);
 	outbuf = malloc(bufsize);
@@ -109,7 +111,8 @@ int vb_keyb_from_rsa(struct rsa_st *rsa_private_key,
 	NEW_BIGNUM(B);
 #undef NEW_BIGNUM

-	BN_copy(N, rsa_private_key->n);
+	RSA_get0_key(rsa_private_key, &rsa_private_key_n, NULL, NULL);
+	BN_copy(N, rsa_private_key_n);
 	BN_set_word(Big1, 1L);
 	BN_set_word(Big2, 2L);
 	BN_set_word(Big32, 32L);
--- a/host/lib21/host_key.c
+++ b/host/lib21/host_key.c
@@ -17,6 +17,7 @@
 #include "host_common.h"
 #include "host_key2.h"
 #include "host_misc.h"
+#include "openssl_compat.h"

 const struct vb2_text_vs_enum vb2_text_vs_sig[] = {
 	{"RSA1024", VB2_SIG_RSA1024},
@@ -565,8 +566,12 @@ int vb2_public_key_hash(struct vb2_public_key *key,

 enum vb2_signature_algorithm vb2_rsa_sig_alg(struct rsa_st *rsa)
 {
-	int exp = BN_get_word(rsa->e);
-	int bits = BN_num_bits(rsa->n);
+	const BIGNUM *e, *n;
+	int exp, bits;
+
+	RSA_get0_key(rsa, &n, &e, NULL);
+	exp = BN_get_word(e);
+	bits = BN_num_bits(n);

 	switch (exp) {
 	case RSA_3:
--- a/utility/dumpRSAPublicKey.c
+++ b/utility/dumpRSAPublicKey.c
@@ -14,14 +14,20 @@
 #include <string.h>
 #include <unistd.h>

+#include "openssl_compat.h"
+
 /* Command line tool to extract RSA public keys from X.509 certificates
 * and output a pre-processed version of keys for use by RSA verification
 * routines.
 */

 int check(RSA* key) {
-  int public_exponent = BN_get_word(key->e);
-  int modulus = BN_num_bits(key->n);
+  const BIGNUM *n, *e;
+  int public_exponent, modulus;
+
+  RSA_get0_key(key, &n, &e, NULL);
+  public_exponent = BN_get_word(e);
+  modulus = BN_num_bits(n);

  if (public_exponent != 3 && public_exponent != 65537) {
    fprintf(stderr,
@@ -41,7 +47,8 @@ int check(RSA* key) {
 */
 void output(RSA* key) {
  int i, nwords;
-  BIGNUM *N = key->n;
+  const BIGNUM *key_n;
+  BIGNUM *N = NULL;
  BIGNUM *Big1 = NULL, *Big2 = NULL, *Big32 = NULL, *BigMinus1 = NULL;
  BIGNUM *B = NULL;
  BIGNUM *N0inv= NULL, *R = NULL, *RR = NULL, *RRTemp = NULL, *NnumBits = NULL;
@@ -49,14 +56,15 @@ void output(RSA* key) {
  BN_CTX *bn_ctx = BN_CTX_new();
  uint32_t n0invout;

-  N = key->n;
  /* Output size of RSA key in 32-bit words */
-  nwords = BN_num_bits(N) / 32;
+  nwords = RSA_size(key) / 4;
  if (-1 == write(1, &nwords, sizeof(nwords)))
    goto failure;


  /* Initialize BIGNUMs */
+  RSA_get0_key(key, &key_n, NULL, NULL);
+  N = BN_dup(key_n);
  Big1 = BN_new();
  Big2 = BN_new();
  Big32 = BN_new();
@@ -121,6 +129,7 @@ void output(RSA* key) {

 failure:
  /* Free BIGNUMs. */
+  BN_free(N);
  BN_free(Big1);
  BN_free(Big2);
  BN_free(Big32);