Commit 742c4e14 authored by Michalis Pappas's avatar Michalis Pappas Committed by Michalis Pappas
Browse files

cert_tool: update for compatibility with OpenSSL v1.1



This patch fixes incompatibility issues that prevent building the cert_tool
with OpenSSL >= v1.1.0. The changes introduced are still backwards
compatible with OpenSSL v1.0.2.

Fixes arm-software/trusted-fw#521
Signed-off-by: default avatarMichalis Pappas <mpappas@fastmail.fm>
parent d9066b42
...@@ -90,7 +90,7 @@ int cert_new(int key_alg, cert_t *cert, int days, int ca, STACK_OF(X509_EXTENSIO ...@@ -90,7 +90,7 @@ int cert_new(int key_alg, cert_t *cert, int days, int ca, STACK_OF(X509_EXTENSIO
X509_NAME *name; X509_NAME *name;
ASN1_INTEGER *sno; ASN1_INTEGER *sno;
int i, num, rc = 0; int i, num, rc = 0;
EVP_MD_CTX mdCtx; EVP_MD_CTX *mdCtx;
EVP_PKEY_CTX *pKeyCtx = NULL; EVP_PKEY_CTX *pKeyCtx = NULL;
/* Create the certificate structure */ /* Create the certificate structure */
...@@ -111,10 +111,14 @@ int cert_new(int key_alg, cert_t *cert, int days, int ca, STACK_OF(X509_EXTENSIO ...@@ -111,10 +111,14 @@ int cert_new(int key_alg, cert_t *cert, int days, int ca, STACK_OF(X509_EXTENSIO
issuer = x; issuer = x;
} }
EVP_MD_CTX_init(&mdCtx); mdCtx = EVP_MD_CTX_create();
if (mdCtx == NULL) {
ERR_print_errors_fp(stdout);
goto END;
}
/* Sign the certificate with the issuer key */ /* Sign the certificate with the issuer key */
if (!EVP_DigestSignInit(&mdCtx, &pKeyCtx, EVP_sha256(), NULL, ikey)) { if (!EVP_DigestSignInit(mdCtx, &pKeyCtx, EVP_sha256(), NULL, ikey)) {
ERR_print_errors_fp(stdout); ERR_print_errors_fp(stdout);
goto END; goto END;
} }
...@@ -184,7 +188,7 @@ int cert_new(int key_alg, cert_t *cert, int days, int ca, STACK_OF(X509_EXTENSIO ...@@ -184,7 +188,7 @@ int cert_new(int key_alg, cert_t *cert, int days, int ca, STACK_OF(X509_EXTENSIO
} }
} }
if (!X509_sign_ctx(x, &mdCtx)) { if (!X509_sign_ctx(x, mdCtx)) {
ERR_print_errors_fp(stdout); ERR_print_errors_fp(stdout);
goto END; goto END;
} }
...@@ -194,7 +198,7 @@ int cert_new(int key_alg, cert_t *cert, int days, int ca, STACK_OF(X509_EXTENSIO ...@@ -194,7 +198,7 @@ int cert_new(int key_alg, cert_t *cert, int days, int ca, STACK_OF(X509_EXTENSIO
cert->x = x; cert->x = x;
END: END:
EVP_MD_CTX_cleanup(&mdCtx); EVP_MD_CTX_destroy(mdCtx);
return rc; return rc;
} }
......
...@@ -166,7 +166,7 @@ X509_EXTENSION *ext_new_hash(int nid, int crit, const EVP_MD *md, ...@@ -166,7 +166,7 @@ X509_EXTENSION *ext_new_hash(int nid, int crit, const EVP_MD *md,
int sz; int sz;
/* OBJECT_IDENTIFIER with hash algorithm */ /* OBJECT_IDENTIFIER with hash algorithm */
algorithm = OBJ_nid2obj(md->type); algorithm = OBJ_nid2obj(EVP_MD_type(md));
if (algorithm == NULL) { if (algorithm == NULL) {
return NULL; return NULL;
} }
......
...@@ -43,13 +43,31 @@ int key_new(key_t *key) ...@@ -43,13 +43,31 @@ int key_new(key_t *key)
static int key_create_rsa(key_t *key) static int key_create_rsa(key_t *key)
{ {
RSA *rsa; BIGNUM *e;
RSA *rsa = NULL;
rsa = RSA_generate_key(RSA_KEY_BITS, RSA_F4, NULL, NULL); e = BN_new();
if (e == NULL) {
printf("Cannot create RSA exponent\n");
goto err;
}
if (!BN_set_word(e, RSA_F4)) {
printf("Cannot assign RSA exponent\n");
goto err;
}
rsa = RSA_new();
if (rsa == NULL) { if (rsa == NULL) {
printf("Cannot create RSA key\n"); printf("Cannot create RSA key\n");
goto err; goto err;
} }
if (!RSA_generate_key_ex(rsa, RSA_KEY_BITS, e, NULL)) {
printf("Cannot generate RSA key\n");
goto err;
}
if (!EVP_PKEY_assign_RSA(key->key, rsa)) { if (!EVP_PKEY_assign_RSA(key->key, rsa)) {
printf("Cannot assign RSA key\n"); printf("Cannot assign RSA key\n");
goto err; goto err;
...@@ -58,6 +76,7 @@ static int key_create_rsa(key_t *key) ...@@ -58,6 +76,7 @@ static int key_create_rsa(key_t *key)
return 1; return 1;
err: err:
RSA_free(rsa); RSA_free(rsa);
BN_free(e);
return 0; return 0;
} }
......
...@@ -244,7 +244,7 @@ PKCS#1 v2.1, 'rsa_1_5' - RSA PKCS#1 v1.5, 'ecdsa'" ...@@ -244,7 +244,7 @@ PKCS#1 v2.1, 'rsa_1_5' - RSA PKCS#1 v1.5, 'ecdsa'"
int main(int argc, char *argv[]) int main(int argc, char *argv[])
{ {
STACK_OF(X509_EXTENSION) * sk; STACK_OF(X509_EXTENSION) * sk;
X509_EXTENSION *cert_ext; X509_EXTENSION *cert_ext = NULL;
ext_t *ext; ext_t *ext;
key_t *key; key_t *key;
cert_t *cert; cert_t *cert;
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment