cert_tool: update for compatibility with OpenSSL v1.1
This patch fixes incompatibility issues that prevent building the cert_tool with OpenSSL >= v1.1.0. The changes introduced are still backwards compatible with OpenSSL v1.0.2. Fixes arm-software/trusted-fw#521 Signed-off-by: Michalis Pappas <mpappas@fastmail.fm>
This commit is contained in:
Michalis Pappas
Michalis Pappas
parent
d9066b4248
commit
742c4e1433
|
|
@ -90,7 +90,7 @@ int cert_new(int key_alg, cert_t *cert, int days, int ca, STACK_OF(X509_EXTENSIO
|
|||
X509_NAME *name;
|
||||
ASN1_INTEGER *sno;
|
||||
int i, num, rc = 0;
|
||||
EVP_MD_CTX mdCtx;
|
||||
EVP_MD_CTX *mdCtx;
|
||||
EVP_PKEY_CTX *pKeyCtx = NULL;
|
||||
|
||||
/* Create the certificate structure */
|
||||
|
|
@ -111,10 +111,14 @@ int cert_new(int key_alg, cert_t *cert, int days, int ca, STACK_OF(X509_EXTENSIO
|
|||
issuer = x;
|
||||
}
|
||||
|
||||
EVP_MD_CTX_init(&mdCtx);
|
||||
mdCtx = EVP_MD_CTX_create();
|
||||
if (mdCtx == NULL) {
|
||||
ERR_print_errors_fp(stdout);
|
||||
goto END;
|
||||
}
|
||||
|
||||
/* Sign the certificate with the issuer key */
|
||||
if (!EVP_DigestSignInit(&mdCtx, &pKeyCtx, EVP_sha256(), NULL, ikey)) {
|
||||
if (!EVP_DigestSignInit(mdCtx, &pKeyCtx, EVP_sha256(), NULL, ikey)) {
|
||||
ERR_print_errors_fp(stdout);
|
||||
goto END;
|
||||
}
|
||||
|
|
@ -184,7 +188,7 @@ int cert_new(int key_alg, cert_t *cert, int days, int ca, STACK_OF(X509_EXTENSIO
|
|||
}
|
||||
}
|
||||
|
||||
if (!X509_sign_ctx(x, &mdCtx)) {
|
||||
if (!X509_sign_ctx(x, mdCtx)) {
|
||||
ERR_print_errors_fp(stdout);
|
||||
goto END;
|
||||
}
|
||||
|
|
@ -194,7 +198,7 @@ int cert_new(int key_alg, cert_t *cert, int days, int ca, STACK_OF(X509_EXTENSIO
|
|||
cert->x = x;
|
||||
|
||||
END:
|
||||
EVP_MD_CTX_cleanup(&mdCtx);
|
||||
EVP_MD_CTX_destroy(mdCtx);
|
||||
return rc;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -166,7 +166,7 @@ X509_EXTENSION *ext_new_hash(int nid, int crit, const EVP_MD *md,
|
|||
int sz;
|
||||
|
||||
/* OBJECT_IDENTIFIER with hash algorithm */
|
||||
algorithm = OBJ_nid2obj(md->type);
|
||||
algorithm = OBJ_nid2obj(EVP_MD_type(md));
|
||||
if (algorithm == NULL) {
|
||||
return NULL;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -43,13 +43,31 @@ int key_new(key_t *key)
|
|||
|
||||
static int key_create_rsa(key_t *key)
|
||||
{
|
||||
RSA *rsa;
|
||||
BIGNUM *e;
|
||||
RSA *rsa = NULL;
|
||||
|
||||
rsa = RSA_generate_key(RSA_KEY_BITS, RSA_F4, NULL, NULL);
|
||||
e = BN_new();
|
||||
if (e == NULL) {
|
||||
printf("Cannot create RSA exponent\n");
|
||||
goto err;
|
||||
}
|
||||
|
||||
if (!BN_set_word(e, RSA_F4)) {
|
||||
printf("Cannot assign RSA exponent\n");
|
||||
goto err;
|
||||
}
|
||||
|
||||
rsa = RSA_new();
|
||||
if (rsa == NULL) {
|
||||
printf("Cannot create RSA key\n");
|
||||
goto err;
|
||||
}
|
||||
|
||||
if (!RSA_generate_key_ex(rsa, RSA_KEY_BITS, e, NULL)) {
|
||||
printf("Cannot generate RSA key\n");
|
||||
goto err;
|
||||
}
|
||||
|
||||
if (!EVP_PKEY_assign_RSA(key->key, rsa)) {
|
||||
printf("Cannot assign RSA key\n");
|
||||
goto err;
|
||||
|
|
@ -58,6 +76,7 @@ static int key_create_rsa(key_t *key)
|
|||
return 1;
|
||||
err:
|
||||
RSA_free(rsa);
|
||||
BN_free(e);
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -244,7 +244,7 @@ PKCS#1 v2.1, 'rsa_1_5' - RSA PKCS#1 v1.5, 'ecdsa'"
|
|||
int main(int argc, char *argv[])
|
||||
{
|
||||
STACK_OF(X509_EXTENSION) * sk;
|
||||
X509_EXTENSION *cert_ext;
|
||||
X509_EXTENSION *cert_ext = NULL;
|
||||
ext_t *ext;
|
||||
key_t *key;
|
||||
cert_t *cert;
|
||||
|
|
|
|||
Loading…
Reference in New Issue