From patchwork Fri Jan 18 11:37:10 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Vadym Kochan X-Patchwork-Id: 1027231 Return-Path: X-Original-To: incoming-buildroot@patchwork.ozlabs.org Delivered-To: patchwork-incoming-buildroot@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=busybox.net (client-ip=140.211.166.138; helo=whitealder.osuosl.org; envelope-from=buildroot-bounces@busybox.net; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="hFZS/7nw"; dkim-atps=neutral Received: from whitealder.osuosl.org (smtp1.osuosl.org [140.211.166.138]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 43gzGk588Jz9sDn for ; Fri, 18 Jan 2019 22:28:46 +1100 (AEDT) Received: from localhost (localhost [127.0.0.1]) by whitealder.osuosl.org (Postfix) with ESMTP id 2BAC886234; Fri, 18 Jan 2019 11:28:45 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from whitealder.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fABmHspKIPcN; Fri, 18 Jan 2019 11:28:43 +0000 (UTC) Received: from ash.osuosl.org (ash.osuosl.org [140.211.166.34]) by whitealder.osuosl.org (Postfix) with ESMTP id 3FF1186096; Fri, 18 Jan 2019 11:28:43 +0000 (UTC) X-Original-To: buildroot@lists.busybox.net Delivered-To: buildroot@osuosl.org Received: from silver.osuosl.org (smtp3.osuosl.org [140.211.166.136]) by ash.osuosl.org (Postfix) with ESMTP id 4AEEA1BF5E0 for ; Fri, 18 Jan 2019 11:28:31 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by silver.osuosl.org (Postfix) with ESMTP id 476A920BF8 for ; Fri, 18 Jan 2019 11:28:31 +0000 (UTC) X-Virus-Scanned: amavisd-new at osuosl.org Received: from silver.osuosl.org ([127.0.0.1]) by localhost (.osuosl.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SFOQKcZDOGWW for ; Fri, 18 Jan 2019 11:28:30 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from mail-wm1-f67.google.com (mail-wm1-f67.google.com [209.85.128.67]) by silver.osuosl.org (Postfix) with ESMTPS id DE1BC1FEAE for ; Fri, 18 Jan 2019 11:28:29 +0000 (UTC) Received: by mail-wm1-f67.google.com with SMTP id b11so4181475wmj.1 for ; Fri, 18 Jan 2019 03:28:29 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id; bh=GHzDZmxLfOuu1YMucme72/ma/XOYioruA9fCsfw20CA=; b=hFZS/7nw1tTmhKBUUJxN2st2NHmXcv9C3CTUqUHJ8LKw6ruq7E22RTeLxAAsWWYnfZ +9htEASSX51cgK75rM1WwXYk91iMI253iRvcMqhUkkJaWDti1VS4HfNmoxgndR2g0XLZ J45PIWdyqnuZqmWF7Z+S6N3dc5cy79jE+GB8v/jn2H6OZASp8WEAVjS/nPzFFHNxTB+F eKidATFhETPlmEILiCC3f1Mh+cPBYDk+FoJ5y37WwXF1X0BhM9GAAbBsQM2B400E9G43 yddIKkb5IToAqBbthfGk9QZRX2Ja3HXG5tQNXEIPWkUEd/kkQJw9weBybNyYjs414laI HdWA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=GHzDZmxLfOuu1YMucme72/ma/XOYioruA9fCsfw20CA=; b=a9iAKHBnS05mMs7zun2584Et8pMTOl3wO7/IHSEFlYSLezJ9LEgXswHVaAuX7tV3FT tNTTJbwYZdIt/QKjO4/9+T5zXOH427yltkH1yOqPxbihYsOh9kMPjLePRfKPlEWRG667 JDGKQay36QRFeYwcLW5W+zBjykP5GuPtRiN9AuyWuxn4o8QzlpfQZ4t6xGAC4l02xtd2 VpodzzaDO6xzwjsU2LHY7S/hbSz9+L8gqHaU7XcT98yYb1/76xCKo/lvqRN0CSV8cs0S 8/hEa+WPodqdLNADjPYkaiNiafdMn14l/D1bbRDmdXWUNs+lpoLBp95H5PA+cEOLIAKQ nOQQ== X-Gm-Message-State: AJcUukdBFq00Rv/WWQoW54tdFB9STPQdbBZzbZDzlyy4Jqy6nxPYBGiD RnfeZyKPrQCWp4KPovG6X3EbWgMq X-Google-Smtp-Source: ALg8bN6Z19Wi1A8uDrCrEqCVcUV0eFOInSeuZ6yIhP7JENpdQrnhSysSWeOXqGtwkkJ9zLGijHtiYw== X-Received: by 2002:a1c:6489:: with SMTP id y131mr15116498wmb.34.1547810907971; Fri, 18 Jan 2019 03:28:27 -0800 (PST) Received: from vkochan-ThinkPad-T470p.zeo.lcl ([91.196.156.126]) by smtp.gmail.com with ESMTPSA id 133sm48924793wme.9.2019.01.18.03.28.27 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 18 Jan 2019 03:28:27 -0800 (PST) From: Vadim Kochan To: buildroot@buildroot.org Date: Fri, 18 Jan 2019 13:37:10 +0200 Message-Id: <20190118113710.32309-1-vadim4j@gmail.com> X-Mailer: git-send-email 2.14.1 Subject: [Buildroot] [PATCH 1/1] package/vboot-utils: Add support for openssl 1.1.x X-BeenThere: buildroot@busybox.net X-Mailman-Version: 2.1.29 Precedence: list List-Id: Discussion and development of buildroot List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Bernd Kuhls , Peter Seiderer , Vadim Kochan , Ryan Coe MIME-Version: 1.0 Errors-To: buildroot-bounces@busybox.net Sender: "buildroot" Backported changes from commit bce7904376beee2912932433a4634c1c25afe2f5, there was some conflicts in few places which includes openssl_compat.h and 1 place in vb2_rsa_sig_alg function. Signed-off-by: Vadim Kochan --- .../vboot-utils/0006-Update-for-openssl-1.1.patch | 268 +++++++++++++++++++++ 1 file changed, 268 insertions(+) create mode 100644 package/vboot-utils/0006-Update-for-openssl-1.1.patch diff --git a/package/vboot-utils/0006-Update-for-openssl-1.1.patch b/package/vboot-utils/0006-Update-for-openssl-1.1.patch new file mode 100644 index 0000000000..8ddf5cee1c --- /dev/null +++ b/package/vboot-utils/0006-Update-for-openssl-1.1.patch @@ -0,0 +1,268 @@ +From 2e730b2259c701f16d473dbfb7e58e86a6e71b01 Mon Sep 17 00:00:00 2001 +From: Daniel Kurtz +Date: Fri, 18 Jan 2019 13:04:59 +0200 +Subject: [PATCH] Update for openssl 1.1 + +OpenSSL 1.1 has made significant non-backwards compatible changes to its +API as outlined in: +https://wiki.openssl.org/index.php/OpenSSL_1.1.0_Changes + +BRANCH=none +BUG=chromium:738114 +TEST=cros_workon --host start vboot_reference +TEST=w/ openssl-1.0.2k: sudo emerge vboot_reference +TEST=w/ openssl-1.1.0e: sudo emerge vboot_reference + => both build ok + $ futility version + => command runs without error +TEST=cros_workon --board=soraka start vboot_reference coreboot +TEST=w/ openssl-1.0.2k: emerge-soraka vboot_reference coreboot +TEST=w/ openssl-1.1.0e: emerge-soraka vboot_reference coreboot + => All build ok + +Change-Id: I37cfc8cbb04a092eab7b0b3224f475b82609447c +Reviewed-on: https://chromium-review.googlesource.com/557739 +Commit-Ready: Daniel Kurtz +Tested-by: Daniel Kurtz +Reviewed-by: Randall Spangler +Reviewed-by: Mike Frysinger + +[ Vadim: backport to version based on bbdd62f9b030db7ad8eef789aaf58a7ff9a25656 ] +Signed-off-by: Vadim Kochan +--- + futility/cmd_create.c | 5 ++++- + futility/vb2_helper.c | 7 +++++-- + host/include/openssl_compat.h | 26 ++++++++++++++++++++++++++ + host/lib/util_misc.c | 7 +++++-- + host/lib21/host_key.c | 8 +++++++- + utility/dumpRSAPublicKey.c | 19 ++++++++++++++----- + 6 files changed, 61 insertions(+), 11 deletions(-) + create mode 100644 host/include/openssl_compat.h + +diff --git a/futility/cmd_create.c b/futility/cmd_create.c +index 143ea9ae..80d3fd90 100644 +--- a/futility/cmd_create.c ++++ b/futility/cmd_create.c +@@ -13,6 +13,7 @@ + #include "2common.h" + #include "2id.h" + #include "2rsa.h" ++#include "openssl_compat.h" + #include "util_misc.h" + #include "vb2_common.h" + #include "vb2_struct.h" +@@ -170,6 +171,7 @@ static int vb2_make_keypair() + enum vb2_signature_algorithm sig_alg; + uint8_t *pubkey_buf = 0; + int has_priv = 0; ++ const BIGNUM *rsa_d; + + FILE *fp; + int ret = 1; +@@ -193,7 +195,8 @@ static int vb2_make_keypair() + goto done; + } + /* Public keys doesn't have the private exponent */ +- has_priv = !!rsa_key->d; ++ RSA_get0_key(rsa_key, NULL, NULL, &rsa_d); ++ has_priv = !!rsa_d; + if (!has_priv) + fprintf(stderr, "%s has a public key only.\n", infile); + +diff --git a/futility/vb2_helper.c b/futility/vb2_helper.c +index 51a78375..c6cc0fdd 100644 +--- a/futility/vb2_helper.c ++++ b/futility/vb2_helper.c +@@ -11,6 +11,7 @@ + #include "2common.h" + #include "2id.h" + #include "2rsa.h" ++#include "openssl_compat.h" + #include "util_misc.h" + #include "vb2_common.h" + #include "vb2_struct.h" +@@ -216,6 +217,7 @@ int ft_show_pem(const char *name, uint8_t *buf, uint32_t len, void *data) + uint8_t *keyb, *digest; + uint32_t keyb_len; + int i, bits; ++ const BIGNUM *rsa_key_n, *rsa_key_d; + + /* We're called only after ft_recognize_pem, so this should work. */ + rsa_key = rsa_from_buffer(buf, len); +@@ -223,10 +225,11 @@ int ft_show_pem(const char *name, uint8_t *buf, uint32_t len, void *data) + DIE; + + /* Use to presence of the private exponent to decide if it's public */ +- printf("%s Key file: %s\n", rsa_key->d ? "Private" : "Public", ++ RSA_get0_key(rsa_key, &rsa_key_n, NULL, &rsa_key_d); ++ printf("%s Key file: %s\n", rsa_key_d ? "Private" : "Public", + name); + +- bits = BN_num_bits(rsa_key->n); ++ bits = BN_num_bits(rsa_key_n); + printf(" Key length: %d\n", bits); + + if (vb_keyb_from_rsa(rsa_key, &keyb, &keyb_len)) { +diff --git a/host/include/openssl_compat.h b/host/include/openssl_compat.h +new file mode 100644 +index 00000000..7771f32a +--- /dev/null ++++ b/host/include/openssl_compat.h +@@ -0,0 +1,26 @@ ++/* Copyright 2017 The Chromium OS Authors. All rights reserved. ++ * Use of this source code is governed by a BSD-style license that can be ++ * found in the LICENSE file. ++ */ ++ ++#ifndef VBOOT_REFERENCE_OPENSSL_COMPAT_H_ ++#define VBOOT_REFERENCE_OPENSSL_COMPAT_H_ ++ ++#include ++ ++#if OPENSSL_VERSION_NUMBER < 0x10100000L ++ ++static inline void RSA_get0_key(const RSA *rsa, const BIGNUM **n, ++ const BIGNUM **e, const BIGNUM **d) ++{ ++ if (n != NULL) ++ *n = rsa->n; ++ if (e != NULL) ++ *e = rsa->e; ++ if (d != NULL) ++ *d = rsa->d; ++} ++ ++#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */ ++ ++#endif /* VBOOT_REFERENCE_OPENSSL_COMPAT_H_ */ +diff --git a/host/lib/util_misc.c b/host/lib/util_misc.c +index 03ec683f..f0a1f7ad 100644 +--- a/host/lib/util_misc.c ++++ b/host/lib/util_misc.c +@@ -15,6 +15,7 @@ + + #include "cryptolib.h" + #include "host_common.h" ++#include "openssl_compat.h" + #include "util_misc.h" + #include "vboot_common.h" + +@@ -58,6 +59,7 @@ int vb_keyb_from_rsa(struct rsa_st *rsa_private_key, + BIGNUM *N0inv = NULL, *R = NULL, *RR = NULL; + BIGNUM *RRTemp = NULL, *NnumBits = NULL; + BIGNUM *n = NULL, *rr = NULL; ++ const BIGNUM *rsa_private_key_n; + BN_CTX *bn_ctx = BN_CTX_new(); + uint32_t n0invout; + uint32_t bufsize; +@@ -65,7 +67,7 @@ int vb_keyb_from_rsa(struct rsa_st *rsa_private_key, + int retval = 1; + + /* Size of RSA key in 32-bit words */ +- nwords = BN_num_bits(rsa_private_key->n) / 32; ++ nwords = RSA_size(rsa_private_key) / 4; + + bufsize = (2 + nwords + nwords) * sizeof(uint32_t); + outbuf = malloc(bufsize); +@@ -94,7 +96,8 @@ int vb_keyb_from_rsa(struct rsa_st *rsa_private_key, + NEW_BIGNUM(B); + #undef NEW_BIGNUM + +- BN_copy(N, rsa_private_key->n); ++ RSA_get0_key(rsa_private_key, &rsa_private_key_n, NULL, NULL); ++ BN_copy(N, rsa_private_key_n); + BN_set_word(Big1, 1L); + BN_set_word(Big2, 2L); + BN_set_word(Big32, 32L); +diff --git a/host/lib21/host_key.c b/host/lib21/host_key.c +index f7ea1622..f9419ad3 100644 +--- a/host/lib21/host_key.c ++++ b/host/lib21/host_key.c +@@ -17,6 +17,7 @@ + #include "host_common.h" + #include "host_key2.h" + #include "host_misc.h" ++#include "openssl_compat.h" + + struct vb2_text_vs_enum vb2_text_vs_algorithm[] = { + {"RSA1024 SHA1", VB2_ALG_RSA1024_SHA1}, +@@ -544,7 +545,12 @@ int vb2_public_key_hash(struct vb2_public_key *key, + + enum vb2_signature_algorithm vb2_rsa_sig_alg(struct rsa_st *rsa) + { +- int bits = BN_num_bits(rsa->n); ++ const BIGNUM *e, *n; ++ int exp, bits; ++ ++ RSA_get0_key(rsa, &n, &e, NULL); ++ exp = BN_get_word(e); ++ bits = BN_num_bits(n); + + switch (bits) { + case 1024: +diff --git a/utility/dumpRSAPublicKey.c b/utility/dumpRSAPublicKey.c +index b3b7b96b..a17b159e 100644 +--- a/utility/dumpRSAPublicKey.c ++++ b/utility/dumpRSAPublicKey.c +@@ -14,14 +14,20 @@ + #include + #include + ++#include "openssl_compat.h" ++ + /* Command line tool to extract RSA public keys from X.509 certificates + * and output a pre-processed version of keys for use by RSA verification + * routines. + */ + + int check(RSA* key) { +- int public_exponent = BN_get_word(key->e); +- int modulus = BN_num_bits(key->n); ++ const BIGNUM *n, *e; ++ int public_exponent, modulus; ++ ++ RSA_get0_key(key, &n, &e, NULL); ++ public_exponent = BN_get_word(e); ++ modulus = BN_num_bits(n); + + if (public_exponent != 65537) { + fprintf(stderr, "WARNING: Public exponent should be 65537 (but is %d).\n", +@@ -40,7 +46,8 @@ int check(RSA* key) { + */ + void output(RSA* key) { + int i, nwords; +- BIGNUM *N = key->n; ++ const BIGNUM *key_n; ++ BIGNUM *N = NULL; + BIGNUM *Big1 = NULL, *Big2 = NULL, *Big32 = NULL, *BigMinus1 = NULL; + BIGNUM *B = NULL; + BIGNUM *N0inv= NULL, *R = NULL, *RR = NULL, *RRTemp = NULL, *NnumBits = NULL; +@@ -48,14 +55,15 @@ void output(RSA* key) { + BN_CTX *bn_ctx = BN_CTX_new(); + uint32_t n0invout; + +- N = key->n; + /* Output size of RSA key in 32-bit words */ +- nwords = BN_num_bits(N) / 32; ++ nwords = RSA_size(key) / 4; + if (-1 == write(1, &nwords, sizeof(nwords))) + goto failure; + + + /* Initialize BIGNUMs */ ++ RSA_get0_key(key, &key_n, NULL, NULL); ++ N = BN_dup(key_n); + Big1 = BN_new(); + Big2 = BN_new(); + Big32 = BN_new(); +@@ -120,6 +128,7 @@ void output(RSA* key) { + + failure: + /* Free BIGNUMs. */ ++ BN_free(N); + BN_free(Big1); + BN_free(Big2); + BN_free(Big32); +-- +2.14.1 +