package/boot/uboot-mvebu/patches/0011-rsa-Fix-build-with-OpenSSL-1.1.x.patch

   1 From 59be82ef7e7ec4be6e1597d8aef65dd3d8c3a0d9 Mon Sep 17 00:00:00 2001
   2 From: Jelle van der Waa <jelle@vdwaa.nl>
   3 Date: Mon, 8 May 2017 21:31:19 +0200
   4 Subject: [PATCH 1/2] rsa: Fix build with OpenSSL 1.1.x
   5
   6 The rsa_st struct has been made opaque in 1.1.x, add forward compatible
   7 code to access the n, e, d members of rsa_struct.
   8
   9 EVP_MD_CTX_cleanup has been removed in 1.1.x and EVP_MD_CTX_reset should be
  10 called to reinitialise an already created structure.
  11 ---
  12  lib/rsa/rsa-sign.c | 44 ++++++++++++++++++++++++++++++++++++++------
  13  1 file changed, 38 insertions(+), 6 deletions(-)
  14
  15 --- a/lib/rsa/rsa-sign.c
  16 +++ b/lib/rsa/rsa-sign.c
  17 @@ -9,6 +9,7 @@
  18  #include <string.h>
  19  #include <image.h>
  20  #include <time.h>
  21 +#include <openssl/bn.h>
  22  #include <openssl/rsa.h>
  23  #include <openssl/pem.h>
  24  #include <openssl/err.h>
  25 @@ -20,6 +21,19 @@
  26  #define HAVE_ERR_REMOVE_THREAD_STATE
  27  #endif
  28
  29 +#if OPENSSL_VERSION_NUMBER < 0x10100000L
  30 +static void RSA_get0_key(const RSA *r,
  31 +                 const BIGNUM **n, const BIGNUM **e, const BIGNUM **d)
  32 +{
  33 +   if (n != NULL)
  34 +       *n = r->n;
  35 +   if (e != NULL)
  36 +       *e = r->e;
  37 +   if (d != NULL)
  38 +       *d = r->d;
  39 +}
  40 +#endif
  41 +
  42  static int rsa_err(const char *msg)
  43  {
  44         unsigned long sslErr = ERR_get_error();
  45 @@ -286,16 +300,22 @@ static int rsa_init(void)
  46  {
  47         int ret;
  48
  49 +#if OPENSSL_VERSION_NUMBER < 0x10100000L
  50         ret = SSL_library_init();
  51 +#else
  52 +       ret = OPENSSL_init_ssl(0, NULL);
  53 +#endif
  54         if (!ret) {
  55                 fprintf(stderr, "Failure to init SSL library\n");
  56                 return -1;
  57         }
  58 +#if OPENSSL_VERSION_NUMBER < 0x10100000L
  59         SSL_load_error_strings();
  60
  61         OpenSSL_add_all_algorithms();
  62         OpenSSL_add_all_digests();
  63         OpenSSL_add_all_ciphers();
  64 +#endif
  65
  66         return 0;
  67  }
  68 @@ -335,12 +355,15 @@ err_set_rsa:
  69  err_engine_init:
  70         ENGINE_free(e);
  71  err_engine_by_id:
  72 +#if OPENSSL_VERSION_NUMBER < 0x10100000L
  73         ENGINE_cleanup();
  74 +#endif
  75         return ret;
  76  }
  77
  78  static void rsa_remove(void)
  79  {
  80 +#if OPENSSL_VERSION_NUMBER < 0x10100000L
  81         CRYPTO_cleanup_all_ex_data();
  82         ERR_free_strings();
  83  #ifdef HAVE_ERR_REMOVE_THREAD_STATE
  84 @@ -349,6 +372,7 @@ static void rsa_remove(void)
  85         ERR_remove_state(0);
  86  #endif
  87         EVP_cleanup();
  88 +#endif
  89  }
  90
  91  static void rsa_engine_remove(ENGINE *e)
  92 @@ -409,7 +433,11 @@ static int rsa_sign_with_key(RSA *rsa, s
  93                 ret = rsa_err("Could not obtain signature");
  94                 goto err_sign;
  95         }
  96 -       EVP_MD_CTX_cleanup(context);
  97 +       #if OPENSSL_VERSION_NUMBER < 0x10100000L
  98 +               EVP_MD_CTX_cleanup(context);
  99 +       #else
 100 +               EVP_MD_CTX_reset(context);
 101 +       #endif
 102         EVP_MD_CTX_destroy(context);
 103         EVP_PKEY_free(key);
 104
 105 @@ -479,6 +507,7 @@ static int rsa_get_exponent(RSA *key, ui
 106  {
 107         int ret;
 108         BIGNUM *bn_te;
 109 +       const BIGNUM *key_e;
 110         uint64_t te;
 111
 112         ret = -EINVAL;
 113 @@ -487,17 +516,18 @@ static int rsa_get_exponent(RSA *key, ui
 114         if (!e)
 115                 goto cleanup;
 116
 117 -       if (BN_num_bits(key->e) > 64)
 118 +       RSA_get0_key(key, NULL, &key_e, NULL);
 119 +       if (BN_num_bits(key_e) > 64)
 120                 goto cleanup;
 121
 122 -       *e = BN_get_word(key->e);
 123 +       *e = BN_get_word(key_e);
 124
 125 -       if (BN_num_bits(key->e) < 33) {
 126 +       if (BN_num_bits(key_e) < 33) {
 127                 ret = 0;
 128                 goto cleanup;
 129         }
 130
 131 -       bn_te = BN_dup(key->e);
 132 +       bn_te = BN_dup(key_e);
 133         if (!bn_te)
 134                 goto cleanup;
 135
 136 @@ -527,6 +557,7 @@ int rsa_get_params(RSA *key, uint64_t *e
 137  {
 138         BIGNUM *big1, *big2, *big32, *big2_32;
 139         BIGNUM *n, *r, *r_squared, *tmp;
 140 +       const BIGNUM *key_n;
 141         BN_CTX *bn_ctx = BN_CTX_new();
 142         int ret = 0;
 143
 144 @@ -548,7 +579,8 @@ int rsa_get_params(RSA *key, uint64_t *e
 145         if (0 != rsa_get_exponent(key, exponent))
 146                 ret = -1;
 147
 148 -       if (!BN_copy(n, key->n) || !BN_set_word(big1, 1L) ||
 149 +       RSA_get0_key(key, &key_n, NULL, NULL);
 150 +       if (!BN_copy(n, key_n) || !BN_set_word(big1, 1L) ||
 151             !BN_set_word(big2, 2L) || !BN_set_word(big32, 32L))
 152                 ret = -1;
 153