Commit 3b5d6979fcb80ffae3b140be6edc04cbde1a0b72
Committed by
Tom Rini
1 parent
c8c0242f1c
Exists in
smarc_8mq_lf_v2020.04
and in
11 other branches
rsa: use new openssl API to create signature
Previous implementation of the rsa signature was using the openssl API EVP_Sign*, but the new openssl API EVP_DigestSign* is more flexible. So we move to this new API. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org>
Showing 1 changed file with 11 additions and 6 deletions Side-by-side Diff
lib/rsa/rsa-sign.c
... | ... | @@ -393,7 +393,8 @@ |
393 | 393 | { |
394 | 394 | EVP_PKEY *key; |
395 | 395 | EVP_MD_CTX *context; |
396 | - int size, ret = 0; | |
396 | + int ret = 0; | |
397 | + size_t size; | |
397 | 398 | uint8_t *sig; |
398 | 399 | int i; |
399 | 400 | |
... | ... | @@ -409,7 +410,7 @@ |
409 | 410 | size = EVP_PKEY_size(key); |
410 | 411 | sig = malloc(size); |
411 | 412 | if (!sig) { |
412 | - fprintf(stderr, "Out of memory for signature (%d bytes)\n", | |
413 | + fprintf(stderr, "Out of memory for signature (%zu bytes)\n", | |
413 | 414 | size); |
414 | 415 | ret = -ENOMEM; |
415 | 416 | goto err_alloc; |
416 | 417 | |
417 | 418 | |
418 | 419 | |
... | ... | @@ -421,22 +422,26 @@ |
421 | 422 | goto err_create; |
422 | 423 | } |
423 | 424 | EVP_MD_CTX_init(context); |
424 | - if (!EVP_SignInit(context, checksum_algo->calculate_sign())) { | |
425 | + if (EVP_DigestSignInit(context, NULL, | |
426 | + checksum_algo->calculate_sign(), | |
427 | + NULL, key) <= 0) { | |
425 | 428 | ret = rsa_err("Signer setup failed"); |
426 | 429 | goto err_sign; |
427 | 430 | } |
428 | 431 | |
429 | 432 | for (i = 0; i < region_count; i++) { |
430 | - if (!EVP_SignUpdate(context, region[i].data, region[i].size)) { | |
433 | + if (!EVP_DigestSignUpdate(context, region[i].data, | |
434 | + region[i].size)) { | |
431 | 435 | ret = rsa_err("Signing data failed"); |
432 | 436 | goto err_sign; |
433 | 437 | } |
434 | 438 | } |
435 | 439 | |
436 | - if (!EVP_SignFinal(context, sig, sig_size, key)) { | |
440 | + if (!EVP_DigestSignFinal(context, sig, &size)) { | |
437 | 441 | ret = rsa_err("Could not obtain signature"); |
438 | 442 | goto err_sign; |
439 | 443 | } |
444 | + | |
440 | 445 | #if OPENSSL_VERSION_NUMBER < 0x10100000L || \ |
441 | 446 | (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x02070000fL) |
442 | 447 | EVP_MD_CTX_cleanup(context); |
... | ... | @@ -446,7 +451,7 @@ |
446 | 451 | EVP_MD_CTX_destroy(context); |
447 | 452 | EVP_PKEY_free(key); |
448 | 453 | |
449 | - debug("Got signature: %d bytes, expected %d\n", *sig_size, size); | |
454 | + debug("Got signature: %d bytes, expected %zu\n", *sig_size, size); | |
450 | 455 | *sigp = sig; |
451 | 456 | *sig_size = size; |
452 | 457 |