On Wed, Apr 5, 2017 at 10:49 AM, Mario Six <mario....@gdsys.cc> wrote:
> Hi Jelle,
>
> On Tue, Apr 4, 2017 at 11:59 PM, Jelle van der Waa <je...@vdwaa.nl> wrote:
>> @@ -20,6 +20,19 @@
>> #define HAVE_ERR_REMOVE_THREAD_STATE
>> #endif
>>
>> +#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
>> +void RSA_get0_key(const RSA *r,
>> + const BIGNUM **n, const BIGNUM **e, const BIGNUM **d)
>> +{
>> + if (n != NULL)
>> + *n = r->n;
>> + if (e != NULL)
>> + *e = r->e;
>> + if (d != NULL)
>> + *d = r->d;
>> +}
>> +#endif
>> +
>
> Like in the other patch, this function should be static (also, missing
> #include
> <openssl/bn.h> in this file as well).
>
>> @@ -548,7 +568,8 @@ int rsa_get_params(RSA *key, uint64_t *exponent,
>> uint32_t *n0_invp,
>> if (0 != rsa_get_exponent(key, exponent))
>> ret = -1;
>>
>> - if (!BN_copy(n, key->n) || !BN_set_word(big1, 1L) ||
>> + RSA_get0_key(key, NULL, &key_n, NULL);
>> + if (!BN_copy(n, key_n) || !BN_set_word(big1, 1L) ||
>> !BN_set_word(big2, 2L) || !BN_set_word(big32, 32L))
>> ret = -1;
>>
>
> Your're loading the parameter e into key_n here! It should be
>
> RSA_get0_key(key, &key_n, NULL, NULL);
>
> instead.
>
> Like I said in the previous patch, you will have to #ifdef out more functions
> in this file:
>
> * SSL_load_error_strings
> * OpenSSL_add_all_algorithms
> * OpenSSL_add_all_digests
> * OpenSSL_add_all_ciphers
> * ENGINE_cleanup
> * CRYPTO_cleanup_all_ex_data
> * ERR_free_strings();
> * EVP_cleanup
>
> And you'll also have to replace SSL_library_init() with
> OPENSSL_init_ssl(0, NULL).
>
> After making all these changes, I was able to build a working U-Boot (for our
> controlcenterdc board) against OpenSSL 1.1 that loaded a signed FIT-Image that
> a previous U-Boot also loaded.
Jelle,
are you planning a v3 to address the above issues, it would be useful
to get this resolved for 2017.05
Peter
_______________________________________________
U-Boot mailing list
U-Boot@lists.denx.de
https://lists.denx.de/listinfo/u-boot
