From patchwork Wed Jan 19 20:16:12 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Eric Richter X-Patchwork-Id: 1581915 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: bilbo.ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=ibm.com header.i=@ibm.com header.a=rsa-sha256 header.s=pp1 header.b=rHksn6cZ; dkim-atps=neutral Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.ozlabs.org (client-ip=112.213.38.117; helo=lists.ozlabs.org; envelope-from=skiboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org; receiver=) Received: from lists.ozlabs.org (lists.ozlabs.org [112.213.38.117]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by bilbo.ozlabs.org (Postfix) with ESMTPS id 4JfH3Y4schz9sPC for ; Thu, 20 Jan 2022 07:16:41 +1100 (AEDT) Received: from boromir.ozlabs.org (localhost [IPv6:::1]) by lists.ozlabs.org (Postfix) with ESMTP id 4JfH3Q6DJcz30NN for ; Thu, 20 Jan 2022 07:16:34 +1100 (AEDT) Authentication-Results: lists.ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=ibm.com header.i=@ibm.com header.a=rsa-sha256 header.s=pp1 header.b=rHksn6cZ; dkim-atps=neutral X-Original-To: skiboot@lists.ozlabs.org Delivered-To: skiboot@lists.ozlabs.org Authentication-Results: lists.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=linux.ibm.com (client-ip=148.163.158.5; helo=mx0a-001b2d01.pphosted.com; envelope-from=erichte@linux.ibm.com; receiver=) Authentication-Results: lists.ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=ibm.com header.i=@ibm.com header.a=rsa-sha256 header.s=pp1 header.b=rHksn6cZ; dkim-atps=neutral Received: from mx0a-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by lists.ozlabs.org (Postfix) with ESMTPS id 4JfH3G2d1Hz30Kw for ; Thu, 20 Jan 2022 07:16:25 +1100 (AEDT) Received: from pps.filterd (m0098420.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.16.1.2/8.16.1.2) with SMTP id 20JIBC7T029832 for ; Wed, 19 Jan 2022 20:16:22 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=from : to : cc : subject : date : message-id : mime-version : content-transfer-encoding; s=pp1; bh=ek6ThBOUDQ0nTy7drVx8Luo37nnrMhW5DKA51U8KA0U=; b=rHksn6cZzo0PN4q4eRSSnkFEiWXi4whyjhL/p27Z2dovhde5nFFiIJFeAIHzn9ZY0RZW hFklb+EexjFFGk6YJ5Xd0nJbpXAunWnb6hxhHew1Y5iIcurmXVRgIyPmy6vlk1qDNW7/ uctQu0P8GFo+pCX1t/YP6qBSyHNaGdTHxQgJ/g6QQczH22FWR+x/A3RYBRfw6DSEYxNd u9Hm77yCS7YhojcYaNX5b+Pm87TGOW/pE25+rDGYIC0tdnoVfJrPpJxex9RTO3Uj0JzV f2nEAsaWn9WoxWhJ01iGnN7N1fT8wKEMAG9Aaw9F25LDcEiub/X36O0Uy9xqaJhrcISB qA== Received: from ppma06ams.nl.ibm.com (66.31.33a9.ip4.static.sl-reverse.com [169.51.49.102]) by mx0b-001b2d01.pphosted.com with ESMTP id 3dppmhc8yy-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Wed, 19 Jan 2022 20:16:22 +0000 Received: from pps.filterd (ppma06ams.nl.ibm.com [127.0.0.1]) by ppma06ams.nl.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 20JKDlqf009179 for ; Wed, 19 Jan 2022 20:16:20 GMT Received: from b06cxnps4076.portsmouth.uk.ibm.com (d06relay13.portsmouth.uk.ibm.com [9.149.109.198]) by ppma06ams.nl.ibm.com with ESMTP id 3dknhjtb91-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Wed, 19 Jan 2022 20:16:20 +0000 Received: from d06av21.portsmouth.uk.ibm.com (d06av21.portsmouth.uk.ibm.com [9.149.105.232]) by b06cxnps4076.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 20JKGFG225887200 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 19 Jan 2022 20:16:15 GMT Received: from d06av21.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 428C052052; Wed, 19 Jan 2022 20:16:15 +0000 (GMT) Received: from ceres.ibmuc.com (unknown [9.160.95.110]) by d06av21.portsmouth.uk.ibm.com (Postfix) with ESMTP id AF7BA52054; Wed, 19 Jan 2022 20:16:14 +0000 (GMT) From: Eric Richter To: skiboot@lists.ozlabs.org Date: Wed, 19 Jan 2022 14:16:12 -0600 Message-Id: <20220119201612.421953-1-erichte@linux.ibm.com> X-Mailer: git-send-email 2.33.1 MIME-Version: 1.0 X-TM-AS-GCONF: 00 X-Proofpoint-GUID: -b-rLPNza9lC6CQ2Sv6Xe0snNSkf48np X-Proofpoint-ORIG-GUID: -b-rLPNza9lC6CQ2Sv6Xe0snNSkf48np X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.816,Hydra:6.0.425,FMLib:17.11.62.513 definitions=2022-01-19_10,2022-01-19_01,2021-12-02_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 impostorscore=0 malwarescore=0 mlxscore=0 adultscore=0 spamscore=0 bulkscore=0 priorityscore=1501 mlxlogscore=999 suspectscore=0 phishscore=0 clxscore=1011 lowpriorityscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2110150000 definitions=main-2201190110 Subject: [Skiboot] [PATCH] libstb/create-container: avoid using deprecated APIs when compiling with OpenSSL 3.0 X-BeenThere: skiboot@lists.ozlabs.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Mailing list for skiboot development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: skiboot-bounces+incoming=patchwork.ozlabs.org@lists.ozlabs.org Sender: "Skiboot" OpenSSL 3.0 has deprecated functions that operate on raw key data, however the closest replacement function are not available in OpenSSL 1.x. This patch attempts to maintain compatibility with both 3.0 and 1.x versions. Avoids using the following deprecated functions when compiling with 3.0: - EC_KEY_get0_group - EC_KEY_get0_public_key - EC_POINT_point2bn - EC_KEY_free Signed-off-by: Eric Richter --- NOTE: While this patch should work, I have not yet been able to adequately test this on actual hardware. The resulting data that stored in pubKeyData[] appears to be identical when compiling with both versions of OpenSSL (minus the one byte header that is removed anyway), thus it should work as expected. libstb/create-container.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/libstb/create-container.c b/libstb/create-container.c index 0c7bf13b..4e198dab 100644 --- a/libstb/create-container.c +++ b/libstb/create-container.c @@ -11,6 +11,9 @@ #include #include #include +#if OPENSSL_VERSION_NUMBER >= 0x30000000 +#include +#endif #include #include #include @@ -45,7 +48,7 @@ void usage(int status); void getPublicKeyRaw(ecc_key_t *pubkeyraw, char *filename) { EVP_PKEY* pkey; - unsigned char pubkeyData[1 + 2 * EC_COORDBYTES]; + unsigned char pubkeyData[1 + 2 * EC_COORDBYTES] = {0}; FILE *fp = fopen(filename, "r"); if (!fp) @@ -64,6 +67,10 @@ void getPublicKeyRaw(ecc_key_t *pubkeyraw, char *filename) } if (pkey) { +#if OPENSSL_VERSION_NUMBER >= 0x30000000 + size_t sz; + EVP_PKEY_get_octet_string_param(pkey, OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY, pubkeyData, sizeof(pubkeyData), &sz); +#else EC_KEY *key; const EC_GROUP *ecgrp; const EC_POINT *ecpoint; @@ -87,6 +94,7 @@ void getPublicKeyRaw(ecc_key_t *pubkeyraw, char *filename) BN_free(pubkeyBN); EC_KEY_free(key); +#endif EVP_PKEY_free(pkey); } else {