1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
|
From fa124c7944088624d40d6b265bac0651bd8235bb Mon Sep 17 00:00:00 2001
From: Adriana Kobylak <anoo@us.ibm.com>
Date: Thu, 6 Sep 2018 13:15:34 -0500
Subject: [PATCH] image_verify: Add support for OpenSSL 1.1.0
With OpenSSL 1.1.0, some of the functions were renamed, for
example EVP_MD_CTX_create() and EVP_MD_CTX_destroy() were
renamed to EVP_MD_CTX_new() and EVP_MD_CTX_free().
Reference: https://wiki.openssl.org/index.php/OpenSSL_1.1.0_Changes
Abstract them to support old and new APIs.
Resolves openbmc/openbmc#3136
Tested: Verified the signature verification was successful.
Change-Id: I2297243fdd652055fe9ea88f26eb2dcf473d24e6
Signed-off-by: Adriana Kobylak <anoo@us.ibm.com>
%% original patch: 0001-image_verify-Add-support-for-OpenSSL-1.1.0.patch
---
Makefile.am | 8 ++++++--
image_verify.cpp | 2 +-
image_verify.hpp | 1 +
utils.cpp | 29 +++++++++++++++++++++++++++++
utils.hpp | 15 +++++++++++++++
5 files changed, 52 insertions(+), 3 deletions(-)
create mode 100644 utils.cpp
create mode 100644 utils.hpp
diff --git a/Makefile.am b/Makefile.am
index adba0e4..21b556f 100755
--- a/Makefile.am
+++ b/Makefile.am
@@ -42,8 +42,12 @@ phosphor_image_updater_SOURCES = \
include ubi/Makefile.am.include
if WANT_SIGNATURE_VERIFY_BUILD
-noinst_HEADERS += image_verify.hpp
-phosphor_image_updater_SOURCES += image_verify.cpp
+noinst_HEADERS += \
+ image_verify.hpp \
+ utils.hpp
+phosphor_image_updater_SOURCES += \
+ image_verify.cpp \
+ utils.cpp
endif
if WANT_SYNC
diff --git a/image_verify.cpp b/image_verify.cpp
index 7d59910..ba6b24d 100644
--- a/image_verify.cpp
+++ b/image_verify.cpp
@@ -216,7 +216,7 @@ bool Signature::verifyFile(const fs::path& file, const fs::path& sigFile,
EVP_PKEY_assign_RSA(pKeyPtr.get(), publicRSA);
// Initializes a digest context.
- EVP_MD_CTX_Ptr rsaVerifyCtx(EVP_MD_CTX_create(), ::EVP_MD_CTX_destroy);
+ EVP_MD_CTX_Ptr rsaVerifyCtx(EVP_MD_CTX_new(), ::EVP_MD_CTX_free);
// Adds all digest algorithms to the internal table
OpenSSL_add_all_digests();
diff --git a/image_verify.hpp b/image_verify.hpp
index cbd0e39..22ee5f9 100644
--- a/image_verify.hpp
+++ b/image_verify.hpp
@@ -1,4 +1,5 @@
#pragma once
+#include "utils.hpp"
#include <openssl/rsa.h>
#include <openssl/evp.h>
#include <openssl/pem.h>
diff --git a/utils.cpp b/utils.cpp
new file mode 100644
index 0000000..95fc2e0
--- /dev/null
+++ b/utils.cpp
@@ -0,0 +1,29 @@
+#include "utils.hpp"
+
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+
+#include <string.h>
+
+static void* OPENSSL_zalloc(size_t num)
+{
+ void* ret = OPENSSL_malloc(num);
+
+ if (ret != NULL)
+ {
+ memset(ret, 0, num);
+ }
+ return ret;
+}
+
+EVP_MD_CTX* EVP_MD_CTX_new(void)
+{
+ return (EVP_MD_CTX*)OPENSSL_zalloc(sizeof(EVP_MD_CTX));
+}
+
+void EVP_MD_CTX_free(EVP_MD_CTX* ctx)
+{
+ EVP_MD_CTX_cleanup(ctx);
+ OPENSSL_free(ctx);
+}
+
+#endif // OPENSSL_VERSION_NUMBER < 0x10100000L
diff --git a/utils.hpp b/utils.hpp
new file mode 100644
index 0000000..90569bf
--- /dev/null
+++ b/utils.hpp
@@ -0,0 +1,15 @@
+#pragma once
+
+// With OpenSSL 1.1.0, some functions were deprecated. Need to abstract them
+// to make the code backward compatible with older OpenSSL veresions.
+// Reference: https://wiki.openssl.org/index.php/OpenSSL_1.1.0_Changes
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+
+#include <openssl/evp.h>
+
+extern "C" {
+EVP_MD_CTX* EVP_MD_CTX_new(void);
+void EVP_MD_CTX_free(EVP_MD_CTX* ctx);
+}
+
+#endif // OPENSSL_VERSION_NUMBER < 0x10100000L
--
2.7.4
|
