rsa: Fix build with OpenSSL 1.1.x

The rsa_st struct has been made opaque in 1.1.x, add forward compatible code to access the n, e, d members of rsa_struct. EVP_MD_CTX_cleanup has been removed in 1.1.x and EVP_MD_CTX_reset should be called to reinitialise an already created structure.

rsa: Fix build with OpenSSL 1.1.x
The rsa_st struct has been made opaque in 1.1.x, add forward compatible code to access the n, e, d members of rsa_struct. EVP_MD_CTX_cleanup has been removed in 1.1.x and EVP_MD_CTX_reset should be called to reinitialise an already created structure.
Jelle van der Waa · Tom Rini
1 parent 8cfb77387e
Showing 1 changed file with 38 additions and 6 deletions Side-by-side Diff
lib/rsa/rsa-sign.c
@@ -9,6 +9,7 @@
 #include <string.h>
 #include <image.h>
 #include <time.h>
+#include <openssl/bn.h>
 #include <openssl/rsa.h>
 #include <openssl/pem.h>
 #include <openssl/err.h>
@@ -20,6 +21,19 @@
 #define HAVE_ERR_REMOVE_THREAD_STATE
 #endif
  
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+static void RSA_get0_key(const RSA *r,
+                 const BIGNUM **n, const BIGNUM **e, const BIGNUM **d)
+{
+   if (n != NULL)
+       *n = r->n;
+   if (e != NULL)
+       *e = r->e;
+   if (d != NULL)
+       *d = r->d;
+}
+#endif
+
 static int rsa_err(const char *msg)
 {
 	unsigned long sslErr = ERR_get_error();
  
  
  
@@ -286,16 +300,22 @@
 {
 	int ret;
  
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
 	ret = SSL_library_init();
+#else
+	ret = OPENSSL_init_ssl(0, NULL);
+#endif
 	if (!ret) {
 		fprintf(stderr, "Failure to init SSL library\n");
 		return -1;
 	}
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
 	SSL_load_error_strings();
  
 	OpenSSL_add_all_algorithms();
 	OpenSSL_add_all_digests();
 	OpenSSL_add_all_ciphers();
+#endif
  
 	return 0;
 }
  
  
@@ -335,12 +355,15 @@
 err_engine_init:
 	ENGINE_free(e);
 err_engine_by_id:
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
 	ENGINE_cleanup();
+#endif
 	return ret;
 }
  
 static void rsa_remove(void)
 {
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
 	CRYPTO_cleanup_all_ex_data();
 	ERR_free_strings();
 #ifdef HAVE_ERR_REMOVE_THREAD_STATE
@@ -349,6 +372,7 @@
 	ERR_remove_state(0);
 #endif
 	EVP_cleanup();
+#endif
 }
  
 static void rsa_engine_remove(ENGINE *e)
@@ -409,7 +433,11 @@
 		ret = rsa_err("Could not obtain signature");
 		goto err_sign;
 	}
-	EVP_MD_CTX_cleanup(context);
+	#if OPENSSL_VERSION_NUMBER < 0x10100000L
+		EVP_MD_CTX_cleanup(context);
+	#else
+		EVP_MD_CTX_reset(context);
+	#endif
 	EVP_MD_CTX_destroy(context);
 	EVP_PKEY_free(key);
  
@@ -479,6 +507,7 @@
 {
 	int ret;
 	BIGNUM *bn_te;
+	const BIGNUM *key_e;
 	uint64_t te;
  
 	ret = -EINVAL;
  
  
  
@@ -487,17 +516,18 @@
 	if (!e)
 		goto cleanup;
  
-	if (BN_num_bits(key->e) > 64)
+	RSA_get0_key(key, NULL, &key_e, NULL);
+	if (BN_num_bits(key_e) > 64)
 		goto cleanup;
  
-	*e = BN_get_word(key->e);
+	*e = BN_get_word(key_e);
  
-	if (BN_num_bits(key->e) < 33) {
+	if (BN_num_bits(key_e) < 33) {
 		ret = 0;
 		goto cleanup;
 	}
  
-	bn_te = BN_dup(key->e);
+	bn_te = BN_dup(key_e);
 	if (!bn_te)
 		goto cleanup;
  
@@ -527,6 +557,7 @@
 {
 	BIGNUM *big1, *big2, *big32, *big2_32;
 	BIGNUM *n, *r, *r_squared, *tmp;
+	const BIGNUM *key_n;
 	BN_CTX *bn_ctx = BN_CTX_new();
 	int ret = 0;
  
@@ -548,7 +579,8 @@
 	if (0 != rsa_get_exponent(key, exponent))
 		ret = -1;
  
-	if (!BN_copy(n, key->n) || !BN_set_word(big1, 1L) ||
+	RSA_get0_key(key, &key_n, NULL, NULL);
+	if (!BN_copy(n, key_n) || !BN_set_word(big1, 1L) ||
 	    !BN_set_word(big2, 2L) || !BN_set_word(big32, 32L))
 		ret = -1;
...	...	@@ -9,6 +9,7 @@
9	9	#include <string.h>
10	10	#include <image.h>
11	11	#include <time.h>
	12	+#include <openssl/bn.h>
12	13	#include <openssl/rsa.h>
13	14	#include <openssl/pem.h>
14	15	#include <openssl/err.h>
...	...	@@ -20,6 +21,19 @@
20	21	#define HAVE_ERR_REMOVE_THREAD_STATE
21	22	#endif
22	23
	24	+#if OPENSSL_VERSION_NUMBER < 0x10100000L
	25	+static void RSA_get0_key(const RSA *r,
	26	+ const BIGNUM n, const BIGNUM e, const BIGNUM **d)
	27	+{
	28	+ if (n != NULL)
	29	+ *n = r->n;
	30	+ if (e != NULL)
	31	+ *e = r->e;
	32	+ if (d != NULL)
	33	+ *d = r->d;
	34	+}
	35	+#endif
	36	+
23	37	static int rsa_err(const char *msg)
24	38	{
25	39	unsigned long sslErr = ERR_get_error();
26	40
27	41
28	42
...	...	@@ -286,16 +300,22 @@
286	300	{
287	301	int ret;
288	302
	303	+#if OPENSSL_VERSION_NUMBER < 0x10100000L
289	304	ret = SSL_library_init();
	305	+#else
	306	+ ret = OPENSSL_init_ssl(0, NULL);
	307	+#endif
290	308	if (!ret) {
291	309	fprintf(stderr, "Failure to init SSL library\n");
292	310	return -1;
293	311	}
	312	+#if OPENSSL_VERSION_NUMBER < 0x10100000L
294	313	SSL_load_error_strings();
295	314
296	315	OpenSSL_add_all_algorithms();
297	316	OpenSSL_add_all_digests();
298	317	OpenSSL_add_all_ciphers();
	318	+#endif
299	319
300	320	return 0;
301	321	}
302	322
303	323
...	...	@@ -335,12 +355,15 @@
335	355	err_engine_init:
336	356	ENGINE_free(e);
337	357	err_engine_by_id:
	358	+#if OPENSSL_VERSION_NUMBER < 0x10100000L
338	359	ENGINE_cleanup();
	360	+#endif
339	361	return ret;
340	362	}
341	363
342	364	static void rsa_remove(void)
343	365	{
	366	+#if OPENSSL_VERSION_NUMBER < 0x10100000L
344	367	CRYPTO_cleanup_all_ex_data();
345	368	ERR_free_strings();
346	369	#ifdef HAVE_ERR_REMOVE_THREAD_STATE
...	...	@@ -349,6 +372,7 @@
349	372	ERR_remove_state(0);
350	373	#endif
351	374	EVP_cleanup();
	375	+#endif
352	376	}
353	377
354	378	static void rsa_engine_remove(ENGINE *e)
...	...	@@ -409,7 +433,11 @@
409	433	ret = rsa_err("Could not obtain signature");
410	434	goto err_sign;
411	435	}
412		- EVP_MD_CTX_cleanup(context);
	436	+ #if OPENSSL_VERSION_NUMBER < 0x10100000L
	437	+ EVP_MD_CTX_cleanup(context);
	438	+ #else
	439	+ EVP_MD_CTX_reset(context);
	440	+ #endif
413	441	EVP_MD_CTX_destroy(context);
414	442	EVP_PKEY_free(key);
415	443
...	...	@@ -479,6 +507,7 @@
479	507	{
480	508	int ret;
481	509	BIGNUM *bn_te;
	510	+ const BIGNUM *key_e;
482	511	uint64_t te;
483	512
484	513	ret = -EINVAL;
485	514
486	515
487	516
...	...	@@ -487,17 +516,18 @@
487	516	if (!e)
488	517	goto cleanup;
489	518
490		- if (BN_num_bits(key->e) > 64)
	519	+ RSA_get0_key(key, NULL, &key_e, NULL);
	520	+ if (BN_num_bits(key_e) > 64)
491	521	goto cleanup;
492	522
493		- *e = BN_get_word(key->e);
	523	+ *e = BN_get_word(key_e);
494	524
495		- if (BN_num_bits(key->e) < 33) {
	525	+ if (BN_num_bits(key_e) < 33) {
496	526	ret = 0;
497	527	goto cleanup;
498	528	}
499	529
500		- bn_te = BN_dup(key->e);
	530	+ bn_te = BN_dup(key_e);
501	531	if (!bn_te)
502	532	goto cleanup;
503	533
...	...	@@ -527,6 +557,7 @@
527	557	{
528	558	BIGNUM big1, big2, big32, big2_32;
529	559	BIGNUM n, r, r_squared, tmp;
	560	+ const BIGNUM *key_n;
530	561	BN_CTX *bn_ctx = BN_CTX_new();
531	562	int ret = 0;
532	563
...	...	@@ -548,7 +579,8 @@
548	579	if (0 != rsa_get_exponent(key, exponent))
549	580	ret = -1;
550	581
551		- if (!BN_copy(n, key->n) \|\| !BN_set_word(big1, 1L) \|\|
	582	+ RSA_get0_key(key, &key_n, NULL, NULL);
	583	+ if (!BN_copy(n, key_n) \|\| !BN_set_word(big1, 1L) \|\|
552	584	!BN_set_word(big2, 2L) \|\| !BN_set_word(big32, 32L))
553	585	ret = -1;
554	586