From: ben-skyportsystems <b...@skyportsystems.com> The OpenSSL API has changed such that raw access to ECDSA_SIG structs is not permitted. A compile-time check is added to determine whether to access data members directly or via the new API.
Signed-off-by: Ben Warren <b...@skyportsystems.com> --- lcptools-v2/crtpollist.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/lcptools-v2/crtpollist.c b/lcptools-v2/crtpollist.c index a70ff5f..3fad3f3 100644 --- a/lcptools-v2/crtpollist.c +++ b/lcptools-v2/crtpollist.c @@ -387,8 +387,14 @@ static bool ecdsa_sign_tpm20_list_data(lcp_policy_list_t2 *pollist, EC_KEY *ecke BIGNUM *r = BN_new(); BIGNUM *s = BN_new(); + +/* OpenSSL Version 1.1.0 and later don't allow direct access to ECDSA_SIG stuct */ +#if OPENSSL_VERSION_NUMBER >= 0x10100000L + ECDSA_SIG_get0(ecdsasig, (const BIGNUM **)&r, (const BIGNUM **)&s); +#else r = ecdsasig->r; s = ecdsasig->s; +#endif unsigned int BN_r_size = BN_num_bytes(r); unsigned int BN_s_size = BN_num_bytes(s); unsigned char key_r[BN_r_size]; @@ -407,6 +413,8 @@ static bool ecdsa_sign_tpm20_list_data(lcp_policy_list_t2 *pollist, EC_KEY *ecke display_tpm20_signature(" ", sig, pollist->sig_alg, false); } + BN_free(r); + BN_free(s); return true; } return false; -- 2.6.4 ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ tboot-devel mailing list tboot-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tboot-devel