Control: reopen -1
Control: severity -1 important
Control: unblock 827061 by -1
Hello!
Reopening and adjusting severity similar to how others who've opted
to take the libssl1.0-dev build-dep route has handled their bugreports.
(The idea seems to go that this bug is not really closed until the
package in question actually builds against 1.1.0, explicitly b-d
on libssl1.0-dev only makes it non-release-critical..... for now.)
You'll find a patch attached to this mail which makes vboot-utils
build against openssl 1.1.0. It has only been compile-tested
(against openssl 1.1.0 but I don't see any particular reason
why it would fail against eg. 1.0). Please review and test it.
Feel free to poke me if you find any issues that you'd like me
to look into. Please forward the patch upstream for me if
you find it useful.
(Rather than reusing the existing BIGNUM *n in one of the files
you might want to declare a new temporary pointer which you could
make const while at it to kill off a compiler warning.)
Regards,
Andreas Henriksson
diff -urip vboot-utils-0~R52-8350.B/futility/cmd_create.c vboot-utils-0~R52-8350.B.openssl110/futility/cmd_create.c
--- vboot-utils-0~R52-8350.B/futility/cmd_create.c 2016-05-23 10:39:35.000000000 +0200
+++ vboot-utils-0~R52-8350.B.openssl110/futility/cmd_create.c 2016-11-07 18:58:46.289506547 +0100
@@ -170,6 +170,7 @@ static int vb2_make_keypair()
enum vb2_signature_algorithm sig_alg;
uint8_t *pubkey_buf = 0;
int has_priv = 0;
+ const BIGNUM *d;
FILE *fp;
int ret = 1;
@@ -193,7 +194,8 @@ static int vb2_make_keypair()
goto done;
}
/* Public keys doesn't have the private exponent */
- has_priv = !!rsa_key->d;
+ RSA_get0_key(rsa_key, NULL, NULL, &d);
+ has_priv = !!d;
if (!has_priv)
fprintf(stderr, "%s has a public key only.\n", infile);
diff -urip vboot-utils-0~R52-8350.B/futility/vb2_helper.c vboot-utils-0~R52-8350.B.openssl110/futility/vb2_helper.c
--- vboot-utils-0~R52-8350.B/futility/vb2_helper.c 2016-05-23 10:39:35.000000000 +0200
+++ vboot-utils-0~R52-8350.B.openssl110/futility/vb2_helper.c 2016-11-07 18:59:59.107601774 +0100
@@ -216,6 +216,7 @@ int ft_show_pem(const char *name, uint8_
uint8_t *keyb, *digest;
uint32_t keyb_len;
int i, bits;
+ const BIGNUM *n, *d;
/* We're called only after ft_recognize_pem, so this should work. */
rsa_key = rsa_from_buffer(buf, len);
@@ -223,10 +224,11 @@ int ft_show_pem(const char *name, uint8_
DIE;
/* Use to presence of the private exponent to decide if it's public */
- printf("%s Key file: %s\n", rsa_key->d ? "Private" : "Public",
+ RSA_get0_key(rsa_key, &n, NULL, &d);
+ printf("%s Key file: %s\n", d ? "Private" : "Public",
name);
- bits = BN_num_bits(rsa_key->n);
+ bits = BN_num_bits(n);
printf(" Key length: %d\n", bits);
if (vb_keyb_from_rsa(rsa_key, &keyb, &keyb_len)) {
diff -urip vboot-utils-0~R52-8350.B/host/lib/util_misc.c vboot-utils-0~R52-8350.B.openssl110/host/lib/util_misc.c
--- vboot-utils-0~R52-8350.B/host/lib/util_misc.c 2016-05-23 10:39:35.000000000 +0200
+++ vboot-utils-0~R52-8350.B.openssl110/host/lib/util_misc.c 2016-11-07 18:52:47.119194802 +0100
@@ -65,7 +65,8 @@ int vb_keyb_from_rsa(struct rsa_st *rsa_
int retval = 1;
/* Size of RSA key in 32-bit words */
- nwords = BN_num_bits(rsa_private_key->n) / 32;
+ RSA_get0_key(rsa_private_key, &n, NULL, NULL);
+ nwords = BN_num_bits(n) / 32;
bufsize = (2 + nwords + nwords) * sizeof(uint32_t);
outbuf = malloc(bufsize);
@@ -94,7 +95,7 @@ int vb_keyb_from_rsa(struct rsa_st *rsa_
NEW_BIGNUM(B);
#undef NEW_BIGNUM
- BN_copy(N, rsa_private_key->n);
+ BN_copy(N, n);
BN_set_word(Big1, 1L);
BN_set_word(Big2, 2L);
BN_set_word(Big32, 32L);
diff -urip vboot-utils-0~R52-8350.B/host/lib21/host_key.c vboot-utils-0~R52-8350.B.openssl110/host/lib21/host_key.c
--- vboot-utils-0~R52-8350.B/host/lib21/host_key.c 2016-05-23 10:39:35.000000000 +0200
+++ vboot-utils-0~R52-8350.B.openssl110/host/lib21/host_key.c 2016-11-07 19:00:43.492879443 +0100
@@ -544,7 +544,11 @@ int vb2_public_key_hash(struct vb2_publi
enum vb2_signature_algorithm vb2_rsa_sig_alg(struct rsa_st *rsa)
{
- int bits = BN_num_bits(rsa->n);
+ int bits;
+ const BIGNUM *n;
+
+ RSA_get0_key(rsa, &n, NULL, NULL);
+ bits = BN_num_bits(n);
switch (bits) {
case 1024:
diff -urip vboot-utils-0~R52-8350.B/utility/dumpRSAPublicKey.c vboot-utils-0~R52-8350.B.openssl110/utility/dumpRSAPublicKey.c
--- vboot-utils-0~R52-8350.B/utility/dumpRSAPublicKey.c 2016-05-23 10:39:54.000000000 +0200
+++ vboot-utils-0~R52-8350.B.openssl110/utility/dumpRSAPublicKey.c 2016-11-07 18:57:06.438635603 +0100
@@ -20,8 +20,13 @@
*/
int check(RSA* key) {
- int public_exponent = BN_get_word(key->e);
- int modulus = BN_num_bits(key->n);
+ int public_exponent;
+ int modulus;
+ const BIGNUM *n, *e;
+
+ RSA_get0_key(key, &n, &e, NULL);
+ public_exponent = BN_get_word(e);
+ modulus = BN_num_bits(n);
if (public_exponent != 65537) {
fprintf(stderr, "WARNING: Public exponent should be 65537 (but is %d).\n",
@@ -40,7 +45,7 @@ int check(RSA* key) {
*/
void output(RSA* key) {
int i, nwords;
- BIGNUM *N = key->n;
+ BIGNUM *N;
BIGNUM *Big1 = NULL, *Big2 = NULL, *Big32 = NULL, *BigMinus1 = NULL;
BIGNUM *B = NULL;
BIGNUM *N0inv= NULL, *R = NULL, *RR = NULL, *RRTemp = NULL, *NnumBits = NULL;
@@ -48,7 +53,7 @@ void output(RSA* key) {
BN_CTX *bn_ctx = BN_CTX_new();
uint32_t n0invout;
- N = key->n;
+ RSA_get0_key(key, &N, NULL, NULL);
/* Output size of RSA key in 32-bit words */
nwords = BN_num_bits(N) / 32;
if (-1 == write(1, &nwords, sizeof(nwords)))
