mirror of
https://github.com/Fishwaldo/u-boot.git
synced 2025-03-17 12:41:32 +00:00
lib/rsa: Remove support for OpenSSL < 1.1.0 and libressl < 2.7.0
Older OpenSSL and libressl versions have a slightly different API. This require #ifdefs to support. However, we still can't support it because the ECDSA path does not compile with these older versions. These #ifdefs are truly a vestigial appendage. Alternatively, the ECDSA path could be updated for older libraries, but this requires significant extra code, and #ifdefs. Those libraries are over three years old, and there concerns whether it makes sense to build modern software for real world use against such old libraries. Thusly, remove #ifdefs and code for old OpenSSL and LibreSSL support. Signed-off-by: Alexandru Gagniuc <mr.nuke.me@gmail.com>
This commit is contained in:
Alexandru Gagniuc
Tom Rini
parent
e2e5eec6ce
commit
fe68a67a5f
1 changed files with 4 additions and 72 deletions
|
|
@ -19,24 +19,6 @@
|
|||
#include <openssl/evp.h>
|
||||
#include <openssl/engine.h>
|
||||
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x10000000L
|
||||
#define HAVE_ERR_REMOVE_THREAD_STATE
|
||||
#endif
|
||||
|
||||
#if OPENSSL_VERSION_NUMBER < 0x10100000L || \
|
||||
(defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x02070000fL)
|
||||
static void RSA_get0_key(const RSA *r,
|
||||
const BIGNUM **n, const BIGNUM **e, const BIGNUM **d)
|
||||
{
|
||||
if (n != NULL)
|
||||
*n = r->n;
|
||||
if (e != NULL)
|
||||
*e = r->e;
|
||||
if (d != NULL)
|
||||
*d = r->d;
|
||||
}
|
||||
#endif
|
||||
|
||||
static int rsa_err(const char *msg)
|
||||
{
|
||||
unsigned long sslErr = ERR_get_error();
|
||||
|
|
@ -314,24 +296,11 @@ static int rsa_init(void)
|
|||
{
|
||||
int ret;
|
||||
|
||||
#if OPENSSL_VERSION_NUMBER < 0x10100000L || \
|
||||
(defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x02070000fL)
|
||||
ret = SSL_library_init();
|
||||
#else
|
||||
ret = OPENSSL_init_ssl(0, NULL);
|
||||
#endif
|
||||
if (!ret) {
|
||||
fprintf(stderr, "Failure to init SSL library\n");
|
||||
return -1;
|
||||
}
|
||||
#if OPENSSL_VERSION_NUMBER < 0x10100000L || \
|
||||
(defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x02070000fL)
|
||||
SSL_load_error_strings();
|
||||
|
||||
OpenSSL_add_all_algorithms();
|
||||
OpenSSL_add_all_digests();
|
||||
OpenSSL_add_all_ciphers();
|
||||
#endif
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
|
@ -347,8 +316,7 @@ static int rsa_engine_init(const char *engine_id, ENGINE **pe)
|
|||
e = ENGINE_by_id(engine_id);
|
||||
if (!e) {
|
||||
fprintf(stderr, "Engine isn't available\n");
|
||||
ret = -1;
|
||||
goto err_engine_by_id;
|
||||
return -1;
|
||||
}
|
||||
|
||||
if (!ENGINE_init(e)) {
|
||||
|
|
@ -381,29 +349,9 @@ err_set_rsa:
|
|||
ENGINE_finish(e);
|
||||
err_engine_init:
|
||||
ENGINE_free(e);
|
||||
err_engine_by_id:
|
||||
#if OPENSSL_VERSION_NUMBER < 0x10100000L || \
|
||||
(defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x02070000fL)
|
||||
ENGINE_cleanup();
|
||||
#endif
|
||||
return ret;
|
||||
}
|
||||
|
||||
static void rsa_remove(void)
|
||||
{
|
||||
#if OPENSSL_VERSION_NUMBER < 0x10100000L || \
|
||||
(defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x02070000fL)
|
||||
CRYPTO_cleanup_all_ex_data();
|
||||
ERR_free_strings();
|
||||
#ifdef HAVE_ERR_REMOVE_THREAD_STATE
|
||||
ERR_remove_thread_state(NULL);
|
||||
#else
|
||||
ERR_remove_state(0);
|
||||
#endif
|
||||
EVP_cleanup();
|
||||
#endif
|
||||
}
|
||||
|
||||
static void rsa_engine_remove(ENGINE *e)
|
||||
{
|
||||
if (e) {
|
||||
|
|
@ -476,12 +424,7 @@ static int rsa_sign_with_key(EVP_PKEY *pkey, struct padding_algo *padding_algo,
|
|||
goto err_sign;
|
||||
}
|
||||
|
||||
#if OPENSSL_VERSION_NUMBER < 0x10100000L || \
|
||||
(defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x02070000fL)
|
||||
EVP_MD_CTX_cleanup(context);
|
||||
#else
|
||||
EVP_MD_CTX_reset(context);
|
||||
#endif
|
||||
EVP_MD_CTX_reset(context);
|
||||
EVP_MD_CTX_destroy(context);
|
||||
|
||||
debug("Got signature: %zu bytes, expected %d\n", size, EVP_PKEY_size(pkey));
|
||||
|
|
@ -513,7 +456,7 @@ int rsa_sign(struct image_sign_info *info,
|
|||
if (info->engine_id) {
|
||||
ret = rsa_engine_init(info->engine_id, &e);
|
||||
if (ret)
|
||||
goto err_engine;
|
||||
return ret;
|
||||
}
|
||||
|
||||
ret = rsa_get_priv_key(info->keydir, info->keyname, info->keyfile,
|
||||
|
|
@ -528,7 +471,6 @@ int rsa_sign(struct image_sign_info *info,
|
|||
EVP_PKEY_free(pkey);
|
||||
if (info->engine_id)
|
||||
rsa_engine_remove(e);
|
||||
rsa_remove();
|
||||
|
||||
return ret;
|
||||
|
||||
|
|
@ -537,8 +479,6 @@ err_sign:
|
|||
err_priv:
|
||||
if (info->engine_id)
|
||||
rsa_engine_remove(e);
|
||||
err_engine:
|
||||
rsa_remove();
|
||||
return ret;
|
||||
}
|
||||
|
||||
|
|
@ -686,12 +626,8 @@ int rsa_add_verify_data(struct image_sign_info *info, void *keydest)
|
|||
ret = rsa_get_pub_key(info->keydir, info->keyname, e, &pkey);
|
||||
if (ret)
|
||||
goto err_get_pub_key;
|
||||
#if OPENSSL_VERSION_NUMBER < 0x10100000L || \
|
||||
(defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x02070000fL)
|
||||
rsa = EVP_PKEY_get1_RSA(pkey);
|
||||
#else
|
||||
|
||||
rsa = EVP_PKEY_get0_RSA(pkey);
|
||||
#endif
|
||||
ret = rsa_get_params(rsa, &exponent, &n0_inv, &modulus, &r_squared);
|
||||
if (ret)
|
||||
goto err_get_params;
|
||||
|
|
@ -761,10 +697,6 @@ done:
|
|||
if (ret)
|
||||
ret = ret == -FDT_ERR_NOSPACE ? -ENOSPC : -EIO;
|
||||
err_get_params:
|
||||
#if OPENSSL_VERSION_NUMBER < 0x10100000L || \
|
||||
(defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x02070000fL)
|
||||
RSA_free(rsa);
|
||||
#endif
|
||||
EVP_PKEY_free(pkey);
|
||||
err_get_pub_key:
|
||||
if (info->engine_id)
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue