scottk/OpenCellular
1
0
Fork 0
mirror of https://github.com/Telecominfraproject/OpenCellular.git synced 2025-11-27 19:53:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update for openssl 1.1

Browse Source 
OpenSSL 1.1 has made significant non-backwards compatible changes to its
API as outlined in:
https://wiki.openssl.org/index.php/OpenSSL_1.1.0_Changes

BRANCH=none
BUG=chromium:738114
TEST=cros_workon --host start vboot_reference
TEST=w/ openssl-1.0.2k: sudo emerge vboot_reference
TEST=w/ openssl-1.1.0e: sudo emerge vboot_reference
 => both build ok
 $ futility version
  => command runs without error
TEST=cros_workon --board=soraka start vboot_reference coreboot
TEST=w/ openssl-1.0.2k: emerge-soraka vboot_reference coreboot
TEST=w/ openssl-1.1.0e: emerge-soraka vboot_reference coreboot
 => All build ok

Change-Id: I37cfc8cbb04a092eab7b0b3224f475b82609447c
Reviewed-on: https://chromium-review.googlesource.com/557739
Commit-Ready: Daniel Kurtz <djkurtz@chromium.org>
Tested-by: Daniel Kurtz <djkurtz@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
This commit is contained in:
Daniel Kurtz
2017-06-30 11:45:08 +08:00
committed by chrome-bot
parent 06beb42e11
commit bce7904376
6 changed files with 61 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
futility/cmd_create.c
View File

@@ -14,6 +14,7 @@
#include "2id.h" #include "2id.h"
#include "2rsa.h" #include "2rsa.h"
#include "2sha.h" #include "2sha.h"
#include "openssl_compat.h"
#include "util_misc.h" #include "util_misc.h"
#include "vb2_common.h" #include "vb2_common.h"
#include "vb21_common.h" #include "vb21_common.h"
@@ -170,6 +171,7 @@ static int vb2_make_keypair()
enum vb2_signature_algorithm sig_alg; enum vb2_signature_algorithm sig_alg;
uint8_t *pubkey_buf = 0; uint8_t *pubkey_buf = 0;
int has_priv = 0; int has_priv = 0;
const BIGNUM *rsa_d;
FILE *fp; FILE *fp;
int ret = 1; int ret = 1;
@@ -196,7 +198,8 @@ static int vb2_make_keypair()
goto done; goto done;
} }
/* Public keys doesn't have the private exponent */ /* Public keys doesn't have the private exponent */
has_priv = !!rsa_key->d; RSA_get0_key(rsa_key, NULL, NULL, &rsa_d);
has_priv = !!rsa_d;
if (!has_priv) if (!has_priv)
fprintf(stderr, "%s has a public key only.\n", infile); fprintf(stderr, "%s has a public key only.\n", infile);

7
futility/vb2_helper.c
View File

@@ -11,6 +11,7 @@
#include "2id.h" #include "2id.h"
#include "2rsa.h" #include "2rsa.h"
#include "2sha.h" #include "2sha.h"
#include "openssl_compat.h"
#include "util_misc.h" #include "util_misc.h"
#include "vb21_common.h" #include "vb21_common.h"
@@ -207,6 +208,7 @@ int ft_show_pem(const char *name, uint8_t *buf, uint32_t len, void *data)
uint8_t digest[VB2_SHA1_DIGEST_SIZE]; uint8_t digest[VB2_SHA1_DIGEST_SIZE];
uint32_t keyb_len; uint32_t keyb_len;
int i, bits; int i, bits;
const BIGNUM *rsa_key_n, *rsa_key_d;
/* We're called only after ft_recognize_pem, so this should work. */ /* We're called only after ft_recognize_pem, so this should work. */
rsa_key = rsa_from_buffer(buf, len); rsa_key = rsa_from_buffer(buf, len);
@@ -214,10 +216,11 @@ int ft_show_pem(const char *name, uint8_t *buf, uint32_t len, void *data)
DIE; DIE;
/* Use to presence of the private exponent to decide if it's public */ /* Use to presence of the private exponent to decide if it's public */
printf("%s Key file: %s\n", rsa_key->d ? "Private" : "Public", RSA_get0_key(rsa_key, &rsa_key_n, NULL, &rsa_key_d);
printf("%s Key file: %s\n", rsa_key_d ? "Private" : "Public",
name); name);
bits = BN_num_bits(rsa_key->n); bits = BN_num_bits(rsa_key_n);
printf(" Key length: %d\n", bits); printf(" Key length: %d\n", bits);
if (vb_keyb_from_rsa(rsa_key, &keyb, &keyb_len)) { if (vb_keyb_from_rsa(rsa_key, &keyb, &keyb_len)) {

26
host/include/openssl_compat.h Normal file
View File

@@ -0,0 +1,26 @@
/* Copyright 2017 The Chromium OS Authors. All rights reserved.
* Use of this source code is governed by a BSD-style license that can be
* found in the LICENSE file.
*/
#ifndef VBOOT_REFERENCE_OPENSSL_COMPAT_H_
#define VBOOT_REFERENCE_OPENSSL_COMPAT_H_
#include <openssl/rsa.h>
#if OPENSSL_VERSION_NUMBER < 0x10100000L
static inline void RSA_get0_key(const RSA *rsa, const BIGNUM **n,
const BIGNUM **e, const BIGNUM **d)
{
if (n != NULL)
*n = rsa->n;
if (e != NULL)
*e = rsa->e;
if (d != NULL)
*d = rsa->d;
}
#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
#endif /* VBOOT_REFERENCE_OPENSSL_COMPAT_H_ */

7
host/lib/util_misc.c
View File

@@ -18,6 +18,7 @@
#include "2common.h" #include "2common.h"
#include "2sha.h" #include "2sha.h"
#include "host_common.h" #include "host_common.h"
#include "openssl_compat.h"
#include "util_misc.h" #include "util_misc.h"
#include "vb2_common.h" #include "vb2_common.h"
#include "host_key2.h" #include "host_key2.h"
@@ -73,6 +74,7 @@ int vb_keyb_from_rsa(struct rsa_st *rsa_private_key,
BIGNUM *N0inv = NULL, *R = NULL, *RR = NULL; BIGNUM *N0inv = NULL, *R = NULL, *RR = NULL;
BIGNUM *RRTemp = NULL, *NnumBits = NULL; BIGNUM *RRTemp = NULL, *NnumBits = NULL;
BIGNUM *n = NULL, *rr = NULL; BIGNUM *n = NULL, *rr = NULL;
const BIGNUM *rsa_private_key_n;
BN_CTX *bn_ctx = BN_CTX_new(); BN_CTX *bn_ctx = BN_CTX_new();
uint32_t n0invout; uint32_t n0invout;
uint32_t bufsize; uint32_t bufsize;
@@ -80,7 +82,7 @@ int vb_keyb_from_rsa(struct rsa_st *rsa_private_key,
int retval = 1; int retval = 1;
/* Size of RSA key in 32-bit words */ /* Size of RSA key in 32-bit words */
nwords = BN_num_bits(rsa_private_key->n) / 32; nwords = RSA_size(rsa_private_key) / 4;
bufsize = (2 + nwords + nwords) * sizeof(uint32_t); bufsize = (2 + nwords + nwords) * sizeof(uint32_t);
outbuf = malloc(bufsize); outbuf = malloc(bufsize);
@@ -109,7 +111,8 @@ int vb_keyb_from_rsa(struct rsa_st *rsa_private_key,
NEW_BIGNUM(B); NEW_BIGNUM(B);
#undef NEW_BIGNUM #undef NEW_BIGNUM
BN_copy(N, rsa_private_key->n); RSA_get0_key(rsa_private_key, &rsa_private_key_n, NULL, NULL);
BN_copy(N, rsa_private_key_n);
BN_set_word(Big1, 1L); BN_set_word(Big1, 1L);
BN_set_word(Big2, 2L); BN_set_word(Big2, 2L);
BN_set_word(Big32, 32L); BN_set_word(Big32, 32L);

9
host/lib21/host_key.c
View File

@@ -17,6 +17,7 @@
#include "host_common.h" #include "host_common.h"
#include "host_key2.h" #include "host_key2.h"
#include "host_misc.h" #include "host_misc.h"
#include "openssl_compat.h"
const struct vb2_text_vs_enum vb2_text_vs_sig[] = { const struct vb2_text_vs_enum vb2_text_vs_sig[] = {
{"RSA1024", VB2_SIG_RSA1024}, {"RSA1024", VB2_SIG_RSA1024},
@@ -565,8 +566,12 @@ int vb2_public_key_hash(struct vb2_public_key *key,
enum vb2_signature_algorithm vb2_rsa_sig_alg(struct rsa_st *rsa) enum vb2_signature_algorithm vb2_rsa_sig_alg(struct rsa_st *rsa)
{ {
int exp = BN_get_word(rsa->e); const BIGNUM *e, *n;
int bits = BN_num_bits(rsa->n); int exp, bits;
RSA_get0_key(rsa, &n, &e, NULL);
exp = BN_get_word(e);
bits = BN_num_bits(n);
switch (exp) { switch (exp) {
case RSA_3: case RSA_3:

19
utility/dumpRSAPublicKey.c
View File

@@ -14,14 +14,20 @@
#include <string.h> #include <string.h>
#include <unistd.h> #include <unistd.h>
#include "openssl_compat.h"
/* Command line tool to extract RSA public keys from X.509 certificates /* Command line tool to extract RSA public keys from X.509 certificates
* and output a pre-processed version of keys for use by RSA verification * and output a pre-processed version of keys for use by RSA verification
* routines. * routines.
*/ */
int check(RSA* key) { int check(RSA* key) {
int public_exponent = BN_get_word(key->e); const BIGNUM *n, *e;
int modulus = BN_num_bits(key->n); int public_exponent, modulus;
RSA_get0_key(key, &n, &e, NULL);
public_exponent = BN_get_word(e);
modulus = BN_num_bits(n);
if (public_exponent != 3 && public_exponent != 65537) { if (public_exponent != 3 && public_exponent != 65537) {
fprintf(stderr, fprintf(stderr,
@@ -41,7 +47,8 @@ int check(RSA* key) {
*/ */
void output(RSA* key) { void output(RSA* key) {
int i, nwords; int i, nwords;
BIGNUM *N = key->n; const BIGNUM *key_n;
BIGNUM *N = NULL;
BIGNUM *Big1 = NULL, *Big2 = NULL, *Big32 = NULL, *BigMinus1 = NULL; BIGNUM *Big1 = NULL, *Big2 = NULL, *Big32 = NULL, *BigMinus1 = NULL;
BIGNUM *B = NULL; BIGNUM *B = NULL;
BIGNUM *N0inv= NULL, *R = NULL, *RR = NULL, *RRTemp = NULL, *NnumBits = NULL; BIGNUM *N0inv= NULL, *R = NULL, *RR = NULL, *RRTemp = NULL, *NnumBits = NULL;
@@ -49,14 +56,15 @@ void output(RSA* key) {
BN_CTX *bn_ctx = BN_CTX_new(); BN_CTX *bn_ctx = BN_CTX_new();
uint32_t n0invout; uint32_t n0invout;
N = key->n;
/* Output size of RSA key in 32-bit words */ /* Output size of RSA key in 32-bit words */
nwords = BN_num_bits(N) / 32; nwords = RSA_size(key) / 4;
if (-1 == write(1, &nwords, sizeof(nwords))) if (-1 == write(1, &nwords, sizeof(nwords)))
goto failure; goto failure;
/* Initialize BIGNUMs */ /* Initialize BIGNUMs */
RSA_get0_key(key, &key_n, NULL, NULL);
N = BN_dup(key_n);
Big1 = BN_new(); Big1 = BN_new();
Big2 = BN_new(); Big2 = BN_new();
Big32 = BN_new(); Big32 = BN_new();
@@ -121,6 +129,7 @@ void output(RSA* key) {
failure: failure:
/* Free BIGNUMs. */ /* Free BIGNUMs. */
BN_free(N);
BN_free(Big1); BN_free(Big1);
BN_free(Big2); BN_free(Big2);
BN_free(Big32); BN_free(Big32);