Google Git
Sign in
cos / third_party / overlays / chromiumos-overlay / d3321c89095d10445f37b6e9d267953ea121e0fa / . / chromeos-base / infineon-firmware-updater / files / openssl-1.1.patch
blob: 69af50e7e24d05617d82f9b8ff3bb8d1cb5113cc [file] [log] [blame]
From d9026d9153cf668d616ddaf9d11ed0c3f7e9689a Mon Sep 17 00:00:00 2001
From: Mattias Nissler <mnissler@chromium.org>
Date: Mon, 19 Aug 2019 21:55:21 +0200
Subject: [PATCH] Add support for OpenSSL 1.1
Structs are now opaque and must be allocated on the heap. Change the
code to do so, and add the usual openssl_compat.h header to keep
things working when building against OpenSSL 1.0.2.
---
Common/Crypt/Linux/Crypt.c | 82 ++++++++++++++++++++++++++++++++------
1 file changed, 70 insertions(+), 12 deletions(-)
--- a/Common/Crypt/Linux/Crypt.c
+++ b/Common/Crypt/Linux/Crypt.c
@@ -24,6 +24,60 @@
#include <openssl/rsa.h>
#include <openssl/sha.h>
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+
+static void *OPENSSL_zalloc(size_t num)
+{
+ void *ret = OPENSSL_malloc(num);
+
+ if (ret != NULL)
+ memset(ret, 0, num);
+ return ret;
+}
+
+static int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d)
+{
+ /* If the fields n and e in r are NULL, the corresponding input
+ * parameters MUST be non-NULL for n and e. d may be
+ * left NULL (in case only the public key is used).
+ */
+ if ((r->n == NULL && n == NULL)
+ || (r->e == NULL && e == NULL))
+ return 0;
+
+ if (n != NULL) {
+ BN_free(r->n);
+ r->n = n;
+ }
+ if (e != NULL) {
+ BN_free(r->e);
+ r->e = e;
+ }
+ if (d != NULL) {
+ BN_free(r->d);
+ r->d = d;
+ }
+
+ return 1;
+}
+
+static HMAC_CTX *HMAC_CTX_new(void)
+{
+ HMAC_CTX *ctx = OPENSSL_zalloc(sizeof(HMAC_CTX));
+ if (ctx) {
+ HMAC_CTX_init(ctx);
+ }
+ return ctx;
+}
+
+static void HMAC_CTX_free(HMAC_CTX *ctx)
+{
+ HMAC_CTX_cleanup(ctx);
+ OPENSSL_free(ctx);
+}
+
+#endif /* OPENSSL_VERSION_NUMBER */
+
/// OAEP Pad
static const BYTE g_rgbOAEPPad[] = { 'T', 'C', 'P', 'A' };
@@ -53,7 +107,6 @@ Crypt_HMAC(
do
{
unsigned int unHmacLength = SHA1_DIGEST_SIZE;
- HMAC_CTX sContext = {0};
memset(PrgbHMAC, 0, SHA1_DIGEST_SIZE);
// Check parameters
@@ -64,11 +117,17 @@ Crypt_HMAC(
}
// Calculate HMAC
- HMAC_CTX_init(&sContext);
- HMAC_Init_ex(&sContext, PrgbKey, SHA1_DIGEST_SIZE, EVP_sha1(), NULL);
- HMAC_Update(&sContext, PrgbInputMessage, PusInputMessageSize);
- HMAC_Final(&sContext, PrgbHMAC, &unHmacLength);
- HMAC_CTX_cleanup(&sContext);
+ HMAC_CTX* sContext = HMAC_CTX_new();
+ if (NULL == sContext)
+ {
+ unReturnValue = RC_E_FAIL;
+ break;
+ }
+
+ HMAC_Init_ex(sContext, PrgbKey, SHA1_DIGEST_SIZE, EVP_sha1(), NULL);
+ HMAC_Update(sContext, PrgbInputMessage, PusInputMessageSize);
+ HMAC_Final(sContext, PrgbHMAC, &unHmacLength);
+ HMAC_CTX_free(sContext);
unReturnValue = RC_SUCCESS;
}
WHILE_FALSE_END;
@@ -351,16 +410,16 @@ Crypt_EncryptRSA(
unReturnValue = RC_E_FAIL;
break;
}
- pRSAPubKey->n = pbnPublicModulus;
pbnExponent = BN_bin2bn((const BYTE*)PrgbPublicExponent, PunPublicExponentSize, pbnExponent);
if (NULL == pbnExponent)
{
+ BN_free(pbnPublicModulus);
unReturnValue = RC_E_FAIL;
break;
}
- pRSAPubKey->e = pbnExponent;
- pRSAPubKey->d = NULL;
+
+ RSA_set0_key(pRSAPubKey, pbnPublicModulus, pbnExponent, NULL);
// Add padding to the decrypted data
if (CRYPT_ES_RSAESOAEP_SHA1_MGF1 == PusEncryptionScheme)
@@ -469,16 +528,15 @@ Crypt_VerifySignature(
unReturnValue = RC_E_FAIL;
break;
}
- pRSAPubKey->n = pbnModulus;
pbnExponent = BN_bin2bn(RSA_PUB_EXPONENT_KEY_ID_0, sizeof(RSA_PUB_EXPONENT_KEY_ID_0), pbnExponent);
if (NULL == pbnExponent)
{
+ BN_free(pbnModulus);
unReturnValue = RC_E_FAIL;
break;
}
- pRSAPubKey->e = pbnExponent;
- pRSAPubKey->d = NULL;
+ RSA_set0_key(pRSAPubKey, pbnModulus, pbnExponent, NULL);
{
BYTE prgbDecryptedDigest[sizeof(RSA_PUB_MODULUS_KEY_ID_0)] = {0};
--
2.20.1