diff options
author | Adriana Kobylak <anoo@us.ibm.com> | 2018-09-06 13:15:34 -0500 |
---|---|---|
committer | Adriana Kobylak <anoo@us.ibm.com> | 2018-09-11 10:26:46 -0500 |
commit | 5ed9b2d7b6b4bd21d2a1200537e881e485d13cc9 (patch) | |
tree | c459ed3cb51c97136010e8396db1f9612f3ab489 | |
parent | fa34e02315bd1397180daaa3377bcb38d7f30d7a (diff) | |
download | phosphor-bmc-code-mgmt-5ed9b2d7b6b4bd21d2a1200537e881e485d13cc9.tar.gz phosphor-bmc-code-mgmt-5ed9b2d7b6b4bd21d2a1200537e881e485d13cc9.zip |
image_verify: Add support for OpenSSL 1.1.0
With OpenSSL 1.1.0, some of the functions were renamed, for
example EVP_MD_CTX_create() and EVP_MD_CTX_destroy() were
renamed to EVP_MD_CTX_new() and EVP_MD_CTX_free().
Reference: https://wiki.openssl.org/index.php/OpenSSL_1.1.0_Changes
Abstract them to support old and new APIs.
Resolves openbmc/openbmc#3136
Tested: Verified the signature verification was successful.
Change-Id: I2297243fdd652055fe9ea88f26eb2dcf473d24e6
Signed-off-by: Adriana Kobylak <anoo@us.ibm.com>
-rwxr-xr-x | Makefile.am | 8 | ||||
-rw-r--r-- | image_verify.cpp | 2 | ||||
-rw-r--r-- | image_verify.hpp | 3 | ||||
-rw-r--r-- | utils.cpp | 29 | ||||
-rw-r--r-- | utils.hpp | 15 |
5 files changed, 53 insertions, 4 deletions
diff --git a/Makefile.am b/Makefile.am index 1953709..3373fcb 100755 --- a/Makefile.am +++ b/Makefile.am @@ -49,8 +49,12 @@ include static/Makefile.am.include endif if WANT_SIGNATURE_VERIFY_BUILD -noinst_HEADERS += image_verify.hpp -phosphor_image_updater_SOURCES += image_verify.cpp +noinst_HEADERS += \ + image_verify.hpp \ + utils.hpp +phosphor_image_updater_SOURCES += \ + image_verify.cpp \ + utils.cpp endif if WANT_SYNC diff --git a/image_verify.cpp b/image_verify.cpp index 7ca2629..fa60173 100644 --- a/image_verify.cpp +++ b/image_verify.cpp @@ -217,7 +217,7 @@ bool Signature::verifyFile(const fs::path& file, const fs::path& sigFile, EVP_PKEY_assign_RSA(pKeyPtr.get(), publicRSA); // Initializes a digest context. - EVP_MD_CTX_Ptr rsaVerifyCtx(EVP_MD_CTX_create(), ::EVP_MD_CTX_destroy); + EVP_MD_CTX_Ptr rsaVerifyCtx(EVP_MD_CTX_new(), ::EVP_MD_CTX_free); // Adds all digest algorithms to the internal table OpenSSL_add_all_digests(); diff --git a/image_verify.hpp b/image_verify.hpp index 98fda6f..99b3567 100644 --- a/image_verify.hpp +++ b/image_verify.hpp @@ -1,4 +1,5 @@ #pragma once +#include "utils.hpp" #include <openssl/rsa.h> #include <openssl/evp.h> #include <openssl/pem.h> @@ -26,7 +27,7 @@ using AvailableKeyTypes = std::set<Key_t>; using BIO_MEM_Ptr = std::unique_ptr<BIO, decltype(&::BIO_free)>; using EVP_PKEY_Ptr = std::unique_ptr<EVP_PKEY, decltype(&::EVP_PKEY_free)>; using EVP_MD_CTX_Ptr = - std::unique_ptr<EVP_MD_CTX, decltype(&::EVP_MD_CTX_destroy)>; + std::unique_ptr<EVP_MD_CTX, decltype(&::EVP_MD_CTX_free)>; /** @struct CustomFd * diff --git a/utils.cpp b/utils.cpp new file mode 100644 index 0000000..95fc2e0 --- /dev/null +++ b/utils.cpp @@ -0,0 +1,29 @@ +#include "utils.hpp" + +#if OPENSSL_VERSION_NUMBER < 0x10100000L + +#include <string.h> + +static void* OPENSSL_zalloc(size_t num) +{ + void* ret = OPENSSL_malloc(num); + + if (ret != NULL) + { + memset(ret, 0, num); + } + return ret; +} + +EVP_MD_CTX* EVP_MD_CTX_new(void) +{ + return (EVP_MD_CTX*)OPENSSL_zalloc(sizeof(EVP_MD_CTX)); +} + +void EVP_MD_CTX_free(EVP_MD_CTX* ctx) +{ + EVP_MD_CTX_cleanup(ctx); + OPENSSL_free(ctx); +} + +#endif // OPENSSL_VERSION_NUMBER < 0x10100000L diff --git a/utils.hpp b/utils.hpp new file mode 100644 index 0000000..90569bf --- /dev/null +++ b/utils.hpp @@ -0,0 +1,15 @@ +#pragma once + +// With OpenSSL 1.1.0, some functions were deprecated. Need to abstract them +// to make the code backward compatible with older OpenSSL veresions. +// Reference: https://wiki.openssl.org/index.php/OpenSSL_1.1.0_Changes +#if OPENSSL_VERSION_NUMBER < 0x10100000L + +#include <openssl/evp.h> + +extern "C" { +EVP_MD_CTX* EVP_MD_CTX_new(void); +void EVP_MD_CTX_free(EVP_MD_CTX* ctx); +} + +#endif // OPENSSL_VERSION_NUMBER < 0x10100000L |