On Wed, Apr 5, 2017 at 10:49 AM, Mario Six <mario....@gdsys.cc> wrote: > Hi Jelle, > > On Tue, Apr 4, 2017 at 11:59 PM, Jelle van der Waa <je...@vdwaa.nl> wrote: >> @@ -20,6 +20,19 @@ >> #define HAVE_ERR_REMOVE_THREAD_STATE >> #endif >> >> +#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) >> +void RSA_get0_key(const RSA *r, >> + const BIGNUM **n, const BIGNUM **e, const BIGNUM **d) >> +{ >> + if (n != NULL) >> + *n = r->n; >> + if (e != NULL) >> + *e = r->e; >> + if (d != NULL) >> + *d = r->d; >> +} >> +#endif >> + > > Like in the other patch, this function should be static (also, missing > #include > <openssl/bn.h> in this file as well). > >> @@ -548,7 +568,8 @@ int rsa_get_params(RSA *key, uint64_t *exponent, >> uint32_t *n0_invp, >> if (0 != rsa_get_exponent(key, exponent)) >> ret = -1; >> >> - if (!BN_copy(n, key->n) || !BN_set_word(big1, 1L) || >> + RSA_get0_key(key, NULL, &key_n, NULL); >> + if (!BN_copy(n, key_n) || !BN_set_word(big1, 1L) || >> !BN_set_word(big2, 2L) || !BN_set_word(big32, 32L)) >> ret = -1; >> > > Your're loading the parameter e into key_n here! It should be > > RSA_get0_key(key, &key_n, NULL, NULL); > > instead. > > Like I said in the previous patch, you will have to #ifdef out more functions > in this file: > > * SSL_load_error_strings > * OpenSSL_add_all_algorithms > * OpenSSL_add_all_digests > * OpenSSL_add_all_ciphers > * ENGINE_cleanup > * CRYPTO_cleanup_all_ex_data > * ERR_free_strings(); > * EVP_cleanup > > And you'll also have to replace SSL_library_init() with > OPENSSL_init_ssl(0, NULL). > > After making all these changes, I was able to build a working U-Boot (for our > controlcenterdc board) against OpenSSL 1.1 that loaded a signed FIT-Image that > a previous U-Boot also loaded.
Jelle, are you planning a v3 to address the above issues, it would be useful to get this resolved for 2017.05 Peter _______________________________________________ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot