From: ben-skyportsystems <b...@skyportsystems.com>
The OpenSSL API has changed such that raw access to ECDSA_SIG structs
is not permitted. A compile-time check is added to determine whether
to access data members directly or via the new API.
Signed-off-by: Ben Warren <b...@skyportsystems.com>
---
lcptools-v2/crtpollist.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/lcptools-v2/crtpollist.c b/lcptools-v2/crtpollist.c
index a70ff5f..3fad3f3 100644
--- a/lcptools-v2/crtpollist.c
+++ b/lcptools-v2/crtpollist.c
@@ -387,8 +387,14 @@ static bool ecdsa_sign_tpm20_list_data(lcp_policy_list_t2
*pollist, EC_KEY *ecke
BIGNUM *r = BN_new();
BIGNUM *s = BN_new();
+
+/* OpenSSL Version 1.1.0 and later don't allow direct access to ECDSA_SIG
stuct */
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+ ECDSA_SIG_get0(ecdsasig, (const BIGNUM **)&r, (const BIGNUM **)&s);
+#else
r = ecdsasig->r;
s = ecdsasig->s;
+#endif
unsigned int BN_r_size = BN_num_bytes(r);
unsigned int BN_s_size = BN_num_bytes(s);
unsigned char key_r[BN_r_size];
@@ -407,6 +413,8 @@ static bool ecdsa_sign_tpm20_list_data(lcp_policy_list_t2
*pollist, EC_KEY *ecke
display_tpm20_signature(" ", sig, pollist->sig_alg, false);
}
+ BN_free(r);
+ BN_free(s);
return true;
}
return false;
--
2.6.4
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
tboot-devel mailing list
tboot-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tboot-devel
