These version tests should be #if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER)
or better yet have tests based on functionality rather than version. opensslv.h on OpenBSD-current/LibreSSL portable master has /* $OpenBSD: opensslv.h,v 1.39 2017/02/14 03:50:25 bcook Exp $ */ #ifndef HEADER_OPENSSLV_H #define HEADER_OPENSSLV_H /* These will change with each release of LibreSSL-portable */ #define LIBRESSL_VERSION_NUMBER 0x2050200fL #define LIBRESSL_VERSION_TEXT "LibreSSL 2.5.2" /* These will never change */ #define OPENSSL_VERSION_NUMBER 0x20000000L #define OPENSSL_VERSION_TEXT LIBRESSL_VERSION_TEXT #define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT #define SHLIB_VERSION_HISTORY "" #define SHLIB_VERSION_NUMBER "1.0.0" #endif /* HEADER_OPENSSLV_H */ On Mon, Feb 13, 2017 at 10:00:36AM +0100, Jelle van der Waa wrote: > The rsa_st struct has been made opaque in 1.1.x, add forward compatible > code to access the n, e, d members of rsa_struct. > > EVP_MD_CTX_cleanup has been removed in 1.1.x and EVP_MD_CTX_reset should be > called to reinitialise an already created structure. > --- > lib/rsa/rsa-sign.c | 33 +++++++++++++++++++++++++++------ > 1 file changed, 27 insertions(+), 6 deletions(-) > > diff --git a/lib/rsa/rsa-sign.c b/lib/rsa/rsa-sign.c > index 8c6637e328..965fb00f95 100644 > --- a/lib/rsa/rsa-sign.c > +++ b/lib/rsa/rsa-sign.c > @@ -20,6 +20,19 @@ > #define HAVE_ERR_REMOVE_THREAD_STATE > #endif > > +#if OPENSSL_VERSION_NUMBER < 0x10100000L > +void RSA_get0_key(const RSA *r, > + const BIGNUM **n, const BIGNUM **e, const BIGNUM **d) > +{ > + if (n != NULL) > + *n = r->n; > + if (e != NULL) > + *e = r->e; > + if (d != NULL) > + *d = r->d; > +} > +#endif > + > static int rsa_err(const char *msg) > { > unsigned long sslErr = ERR_get_error(); > @@ -409,7 +422,11 @@ static int rsa_sign_with_key(RSA *rsa, struct > checksum_algo *checksum_algo, > ret = rsa_err("Could not obtain signature"); > goto err_sign; > } > - EVP_MD_CTX_cleanup(context); > + #if OPENSSL_VERSION_NUMBER < 0x10100000L > + EVP_MD_CTX_cleanup(context); > + #else > + EVP_MD_CTX_reset(context); > + #endif > EVP_MD_CTX_destroy(context); > EVP_PKEY_free(key); > > @@ -479,6 +496,7 @@ static int rsa_get_exponent(RSA *key, uint64_t *e) > { > int ret; > BIGNUM *bn_te; > + const BIGNUM *key_e; > uint64_t te; > > ret = -EINVAL; > @@ -487,17 +505,18 @@ static int rsa_get_exponent(RSA *key, uint64_t *e) > if (!e) > goto cleanup; > > - if (BN_num_bits(key->e) > 64) > + RSA_get0_key(key, NULL, &key_e, NULL); > + if (BN_num_bits(key_e) > 64) > goto cleanup; > > - *e = BN_get_word(key->e); > + *e = BN_get_word(key_e); > > - if (BN_num_bits(key->e) < 33) { > + if (BN_num_bits(key_e) < 33) { > ret = 0; > goto cleanup; > } > > - bn_te = BN_dup(key->e); > + bn_te = BN_dup(key_e); > if (!bn_te) > goto cleanup; > > @@ -527,6 +546,7 @@ int rsa_get_params(RSA *key, uint64_t *exponent, uint32_t > *n0_invp, > { > BIGNUM *big1, *big2, *big32, *big2_32; > BIGNUM *n, *r, *r_squared, *tmp; > + const BIGNUM *key_n; > BN_CTX *bn_ctx = BN_CTX_new(); > int ret = 0; > > @@ -548,7 +568,8 @@ int rsa_get_params(RSA *key, uint64_t *exponent, uint32_t > *n0_invp, > if (0 != rsa_get_exponent(key, exponent)) > ret = -1; > > - if (!BN_copy(n, key->n) || !BN_set_word(big1, 1L) || > + RSA_get0_key(key, NULL, &key_n, NULL); > + if (!BN_copy(n, key_n) || !BN_set_word(big1, 1L) || > !BN_set_word(big2, 2L) || !BN_set_word(big32, 32L)) > ret = -1; > > -- > 2.11.1 > > _______________________________________________ > U-Boot mailing list > U-Boot@lists.denx.de > http://lists.denx.de/mailman/listinfo/u-boot _______________________________________________ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot