aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMichalis Pappas <mpappas@aminocom.com>2017-10-06 16:11:44 +0800
committerMichalis Pappas <mpappas@fastmail.fm>2017-10-08 14:32:32 +0800
commit742c4e1433162efd625bbecada2106a10ed7f46b (patch)
tree5a58043e8757e1b82309d1cba7312c6db32138f4
parentd9066b4248dbe88198ba5b6f6ed800d9fd8492f5 (diff)
downloadtrusted-firmware-a-742c4e1433162efd625bbecada2106a10ed7f46b.tar.gz
cert_tool: update for compatibility with OpenSSL v1.1
This patch fixes incompatibility issues that prevent building the cert_tool with OpenSSL >= v1.1.0. The changes introduced are still backwards compatible with OpenSSL v1.0.2. Fixes arm-software/trusted-fw#521 Signed-off-by: Michalis Pappas <mpappas@fastmail.fm>
-rw-r--r--tools/cert_create/src/cert.c14
-rw-r--r--tools/cert_create/src/ext.c2
-rw-r--r--tools/cert_create/src/key.c23
-rw-r--r--tools/cert_create/src/main.c2
4 files changed, 32 insertions, 9 deletions
diff --git a/tools/cert_create/src/cert.c b/tools/cert_create/src/cert.c
index 1b84e36d3..3f0b4d363 100644
--- a/tools/cert_create/src/cert.c
+++ b/tools/cert_create/src/cert.c
@@ -90,7 +90,7 @@ int cert_new(int key_alg, cert_t *cert, int days, int ca, STACK_OF(X509_EXTENSIO
X509_NAME *name;
ASN1_INTEGER *sno;
int i, num, rc = 0;
- EVP_MD_CTX mdCtx;
+ EVP_MD_CTX *mdCtx;
EVP_PKEY_CTX *pKeyCtx = NULL;
/* Create the certificate structure */
@@ -111,10 +111,14 @@ int cert_new(int key_alg, cert_t *cert, int days, int ca, STACK_OF(X509_EXTENSIO
issuer = x;
}
- EVP_MD_CTX_init(&mdCtx);
+ mdCtx = EVP_MD_CTX_create();
+ if (mdCtx == NULL) {
+ ERR_print_errors_fp(stdout);
+ goto END;
+ }
/* Sign the certificate with the issuer key */
- if (!EVP_DigestSignInit(&mdCtx, &pKeyCtx, EVP_sha256(), NULL, ikey)) {
+ if (!EVP_DigestSignInit(mdCtx, &pKeyCtx, EVP_sha256(), NULL, ikey)) {
ERR_print_errors_fp(stdout);
goto END;
}
@@ -184,7 +188,7 @@ int cert_new(int key_alg, cert_t *cert, int days, int ca, STACK_OF(X509_EXTENSIO
}
}
- if (!X509_sign_ctx(x, &mdCtx)) {
+ if (!X509_sign_ctx(x, mdCtx)) {
ERR_print_errors_fp(stdout);
goto END;
}
@@ -194,7 +198,7 @@ int cert_new(int key_alg, cert_t *cert, int days, int ca, STACK_OF(X509_EXTENSIO
cert->x = x;
END:
- EVP_MD_CTX_cleanup(&mdCtx);
+ EVP_MD_CTX_destroy(mdCtx);
return rc;
}
diff --git a/tools/cert_create/src/ext.c b/tools/cert_create/src/ext.c
index 8ae6640d3..055ddbfd0 100644
--- a/tools/cert_create/src/ext.c
+++ b/tools/cert_create/src/ext.c
@@ -166,7 +166,7 @@ X509_EXTENSION *ext_new_hash(int nid, int crit, const EVP_MD *md,
int sz;
/* OBJECT_IDENTIFIER with hash algorithm */
- algorithm = OBJ_nid2obj(md->type);
+ algorithm = OBJ_nid2obj(EVP_MD_type(md));
if (algorithm == NULL) {
return NULL;
}
diff --git a/tools/cert_create/src/key.c b/tools/cert_create/src/key.c
index c1bde5dea..b7f21a261 100644
--- a/tools/cert_create/src/key.c
+++ b/tools/cert_create/src/key.c
@@ -43,13 +43,31 @@ int key_new(key_t *key)
static int key_create_rsa(key_t *key)
{
- RSA *rsa;
+ BIGNUM *e;
+ RSA *rsa = NULL;
- rsa = RSA_generate_key(RSA_KEY_BITS, RSA_F4, NULL, NULL);
+ e = BN_new();
+ if (e == NULL) {
+ printf("Cannot create RSA exponent\n");
+ goto err;
+ }
+
+ if (!BN_set_word(e, RSA_F4)) {
+ printf("Cannot assign RSA exponent\n");
+ goto err;
+ }
+
+ rsa = RSA_new();
if (rsa == NULL) {
printf("Cannot create RSA key\n");
goto err;
}
+
+ if (!RSA_generate_key_ex(rsa, RSA_KEY_BITS, e, NULL)) {
+ printf("Cannot generate RSA key\n");
+ goto err;
+ }
+
if (!EVP_PKEY_assign_RSA(key->key, rsa)) {
printf("Cannot assign RSA key\n");
goto err;
@@ -58,6 +76,7 @@ static int key_create_rsa(key_t *key)
return 1;
err:
RSA_free(rsa);
+ BN_free(e);
return 0;
}
diff --git a/tools/cert_create/src/main.c b/tools/cert_create/src/main.c
index df59961b0..741242f59 100644
--- a/tools/cert_create/src/main.c
+++ b/tools/cert_create/src/main.c
@@ -244,7 +244,7 @@ PKCS#1 v2.1, 'rsa_1_5' - RSA PKCS#1 v1.5, 'ecdsa'"
int main(int argc, char *argv[])
{
STACK_OF(X509_EXTENSION) * sk;
- X509_EXTENSION *cert_ext;
+ X509_EXTENSION *cert_ext = NULL;
ext_t *ext;
key_t *key;
cert_t *cert;