On Mon, Feb 13, 2017 at 9:00 AM, Jelle van der Waa <je...@vdwaa.nl> wrote: > The rsa_st struct has been made opaque in 1.1.x, add forward compatible > code to access the n, e, d members of rsa_struct. > > EVP_MD_CTX_cleanup has been removed in 1.1.x and EVP_MD_CTX_reset should be > called to reinitialise an already created structure.
You can add my tested by. Built on Fedora 26 with 1.1.0d. gcc 7 etc. Peter > --- > lib/rsa/rsa-sign.c | 33 +++++++++++++++++++++++++++------ > 1 file changed, 27 insertions(+), 6 deletions(-) > > diff --git a/lib/rsa/rsa-sign.c b/lib/rsa/rsa-sign.c > index 8c6637e328..965fb00f95 100644 > --- a/lib/rsa/rsa-sign.c > +++ b/lib/rsa/rsa-sign.c > @@ -20,6 +20,19 @@ > #define HAVE_ERR_REMOVE_THREAD_STATE > #endif > > +#if OPENSSL_VERSION_NUMBER < 0x10100000L > +void RSA_get0_key(const RSA *r, > + const BIGNUM **n, const BIGNUM **e, const BIGNUM **d) > +{ > + if (n != NULL) > + *n = r->n; > + if (e != NULL) > + *e = r->e; > + if (d != NULL) > + *d = r->d; > +} > +#endif > + > static int rsa_err(const char *msg) > { > unsigned long sslErr = ERR_get_error(); > @@ -409,7 +422,11 @@ static int rsa_sign_with_key(RSA *rsa, struct > checksum_algo *checksum_algo, > ret = rsa_err("Could not obtain signature"); > goto err_sign; > } > - EVP_MD_CTX_cleanup(context); > + #if OPENSSL_VERSION_NUMBER < 0x10100000L > + EVP_MD_CTX_cleanup(context); > + #else > + EVP_MD_CTX_reset(context); > + #endif > EVP_MD_CTX_destroy(context); > EVP_PKEY_free(key); > > @@ -479,6 +496,7 @@ static int rsa_get_exponent(RSA *key, uint64_t *e) > { > int ret; > BIGNUM *bn_te; > + const BIGNUM *key_e; > uint64_t te; > > ret = -EINVAL; > @@ -487,17 +505,18 @@ static int rsa_get_exponent(RSA *key, uint64_t *e) > if (!e) > goto cleanup; > > - if (BN_num_bits(key->e) > 64) > + RSA_get0_key(key, NULL, &key_e, NULL); > + if (BN_num_bits(key_e) > 64) > goto cleanup; > > - *e = BN_get_word(key->e); > + *e = BN_get_word(key_e); > > - if (BN_num_bits(key->e) < 33) { > + if (BN_num_bits(key_e) < 33) { > ret = 0; > goto cleanup; > } > > - bn_te = BN_dup(key->e); > + bn_te = BN_dup(key_e); > if (!bn_te) > goto cleanup; > > @@ -527,6 +546,7 @@ int rsa_get_params(RSA *key, uint64_t *exponent, uint32_t > *n0_invp, > { > BIGNUM *big1, *big2, *big32, *big2_32; > BIGNUM *n, *r, *r_squared, *tmp; > + const BIGNUM *key_n; > BN_CTX *bn_ctx = BN_CTX_new(); > int ret = 0; > > @@ -548,7 +568,8 @@ int rsa_get_params(RSA *key, uint64_t *exponent, uint32_t > *n0_invp, > if (0 != rsa_get_exponent(key, exponent)) > ret = -1; > > - if (!BN_copy(n, key->n) || !BN_set_word(big1, 1L) || > + RSA_get0_key(key, NULL, &key_n, NULL); > + if (!BN_copy(n, key_n) || !BN_set_word(big1, 1L) || > !BN_set_word(big2, 2L) || !BN_set_word(big32, 32L)) > ret = -1; > > -- > 2.11.1 > > _______________________________________________ > U-Boot mailing list > U-Boot@lists.denx.de > http://lists.denx.de/mailman/listinfo/u-boot _______________________________________________ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot