diff options
Diffstat (limited to 'meta-openbmc-mods/meta-common/recipes-phosphor/flash/phosphor-software-manager/0001-image_verify-Add-support-for-OpenSSL-1.1.0.patch')
| -rw-r--r-- | meta-openbmc-mods/meta-common/recipes-phosphor/flash/phosphor-software-manager/0001-image_verify-Add-support-for-OpenSSL-1.1.0.patch | 130 |
1 files changed, 130 insertions, 0 deletions
diff --git a/meta-openbmc-mods/meta-common/recipes-phosphor/flash/phosphor-software-manager/0001-image_verify-Add-support-for-OpenSSL-1.1.0.patch b/meta-openbmc-mods/meta-common/recipes-phosphor/flash/phosphor-software-manager/0001-image_verify-Add-support-for-OpenSSL-1.1.0.patch new file mode 100644 index 000000000..c5850473c --- /dev/null +++ b/meta-openbmc-mods/meta-common/recipes-phosphor/flash/phosphor-software-manager/0001-image_verify-Add-support-for-OpenSSL-1.1.0.patch @@ -0,0 +1,130 @@ +From fa124c7944088624d40d6b265bac0651bd8235bb Mon Sep 17 00:00:00 2001 +From: Adriana Kobylak <anoo@us.ibm.com> +Date: Thu, 6 Sep 2018 13:15:34 -0500 +Subject: [PATCH] image_verify: Add support for OpenSSL 1.1.0 + +With OpenSSL 1.1.0, some of the functions were renamed, for +example EVP_MD_CTX_create() and EVP_MD_CTX_destroy() were +renamed to EVP_MD_CTX_new() and EVP_MD_CTX_free(). +Reference: https://wiki.openssl.org/index.php/OpenSSL_1.1.0_Changes +Abstract them to support old and new APIs. + +Resolves openbmc/openbmc#3136 + +Tested: Verified the signature verification was successful. + +Change-Id: I2297243fdd652055fe9ea88f26eb2dcf473d24e6 +Signed-off-by: Adriana Kobylak <anoo@us.ibm.com> + +%% original patch: 0001-image_verify-Add-support-for-OpenSSL-1.1.0.patch +--- + Makefile.am | 8 ++++++-- + image_verify.cpp | 2 +- + image_verify.hpp | 1 + + utils.cpp | 29 +++++++++++++++++++++++++++++ + utils.hpp | 15 +++++++++++++++ + 5 files changed, 52 insertions(+), 3 deletions(-) + create mode 100644 utils.cpp + create mode 100644 utils.hpp + +diff --git a/Makefile.am b/Makefile.am +index adba0e4..21b556f 100755 +--- a/Makefile.am ++++ b/Makefile.am +@@ -42,8 +42,12 @@ phosphor_image_updater_SOURCES = \ + include ubi/Makefile.am.include + + if WANT_SIGNATURE_VERIFY_BUILD +-noinst_HEADERS += image_verify.hpp +-phosphor_image_updater_SOURCES += image_verify.cpp ++noinst_HEADERS += \ ++ image_verify.hpp \ ++ utils.hpp ++phosphor_image_updater_SOURCES += \ ++ image_verify.cpp \ ++ utils.cpp + endif + + if WANT_SYNC +diff --git a/image_verify.cpp b/image_verify.cpp +index 7d59910..ba6b24d 100644 +--- a/image_verify.cpp ++++ b/image_verify.cpp +@@ -216,7 +216,7 @@ bool Signature::verifyFile(const fs::path& file, const fs::path& sigFile, + EVP_PKEY_assign_RSA(pKeyPtr.get(), publicRSA); + + // Initializes a digest context. +- EVP_MD_CTX_Ptr rsaVerifyCtx(EVP_MD_CTX_create(), ::EVP_MD_CTX_destroy); ++ EVP_MD_CTX_Ptr rsaVerifyCtx(EVP_MD_CTX_new(), ::EVP_MD_CTX_free); + + // Adds all digest algorithms to the internal table + OpenSSL_add_all_digests(); +diff --git a/image_verify.hpp b/image_verify.hpp +index cbd0e39..22ee5f9 100644 +--- a/image_verify.hpp ++++ b/image_verify.hpp +@@ -1,4 +1,5 @@ + #pragma once ++#include "utils.hpp" + #include <openssl/rsa.h> + #include <openssl/evp.h> + #include <openssl/pem.h> +diff --git a/utils.cpp b/utils.cpp +new file mode 100644 +index 0000000..95fc2e0 +--- /dev/null ++++ b/utils.cpp +@@ -0,0 +1,29 @@ ++#include "utils.hpp" ++ ++#if OPENSSL_VERSION_NUMBER < 0x10100000L ++ ++#include <string.h> ++ ++static void* OPENSSL_zalloc(size_t num) ++{ ++ void* ret = OPENSSL_malloc(num); ++ ++ if (ret != NULL) ++ { ++ memset(ret, 0, num); ++ } ++ return ret; ++} ++ ++EVP_MD_CTX* EVP_MD_CTX_new(void) ++{ ++ return (EVP_MD_CTX*)OPENSSL_zalloc(sizeof(EVP_MD_CTX)); ++} ++ ++void EVP_MD_CTX_free(EVP_MD_CTX* ctx) ++{ ++ EVP_MD_CTX_cleanup(ctx); ++ OPENSSL_free(ctx); ++} ++ ++#endif // OPENSSL_VERSION_NUMBER < 0x10100000L +diff --git a/utils.hpp b/utils.hpp +new file mode 100644 +index 0000000..90569bf +--- /dev/null ++++ b/utils.hpp +@@ -0,0 +1,15 @@ ++#pragma once ++ ++// With OpenSSL 1.1.0, some functions were deprecated. Need to abstract them ++// to make the code backward compatible with older OpenSSL veresions. ++// Reference: https://wiki.openssl.org/index.php/OpenSSL_1.1.0_Changes ++#if OPENSSL_VERSION_NUMBER < 0x10100000L ++ ++#include <openssl/evp.h> ++ ++extern "C" { ++EVP_MD_CTX* EVP_MD_CTX_new(void); ++void EVP_MD_CTX_free(EVP_MD_CTX* ctx); ++} ++ ++#endif // OPENSSL_VERSION_NUMBER < 0x10100000L +-- +2.7.4 + |