diff options
| author | James Bottomley <James.Bottomley@HansenPartnership.com> | 2020-06-06 14:44:54 -0700 |
|---|---|---|
| committer | James Bottomley <James.Bottomley@HansenPartnership.com> | 2020-06-06 14:44:54 -0700 |
| commit | 311d6c2b9c1129114834f4df9b12a195a66dc4bc (patch) | |
| tree | 8bc3a421b546b9427092cc7f1313a24c49b0ed02 | |
| parent | 6c2b07fa1c5a2cffffd76a0a0703d2de93cfad06 (diff) | |
| download | sbsigntools-311d6c2b9c1129114834f4df9b12a195a66dc4bc.tar.gz | |
Fix some openssl 1.1.0 deprecated functions
replace OPENSSL_config with OPENSSL_init_crypto and ASN1_STRING_data
with ASN1_STRING_get0_data
Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
| -rw-r--r-- | src/idc.c | 8 | ||||
| -rw-r--r-- | src/sbattach.c | 4 | ||||
| -rw-r--r-- | src/sbkeysync.c | 8 | ||||
| -rw-r--r-- | src/sbsign.c | 4 | ||||
| -rw-r--r-- | src/sbvarsign.c | 4 | ||||
| -rw-r--r-- | src/sbverify.c | 4 |
6 files changed, 32 insertions, 0 deletions
@@ -238,7 +238,11 @@ struct idc *IDC_get(PKCS7 *p7, BIO *bio) /* extract the idc from the signed PKCS7 'other' data */ str = p7->d.sign->contents->d.other->value.asn1_string; +#if OPENSSL_VERSION_NUMBER < 0x10100000L idcbuf = buf = ASN1_STRING_data(str); +#else + idcbuf = buf = ASN1_STRING_get0_data(str); +#endif idc = d2i_IDC(NULL, &buf, ASN1_STRING_length(str)); /* If we were passed a BIO, write the idc data, minus type and length, @@ -289,7 +293,11 @@ int IDC_check_hash(struct idc *idc, struct image *image) } /* check hash against the one we calculated from the image */ +#if OPENSSL_VERSION_NUMBER < 0x10100000L buf = ASN1_STRING_data(str); +#else + buf = ASN1_STRING_get0_data(str); +#endif if (memcmp(buf, sha, sizeof(sha))) { fprintf(stderr, "Hash doesn't match image\n"); fprintf(stderr, " got: %s\n", sha256_str(buf)); diff --git a/src/sbattach.c b/src/sbattach.c index a0c01b8..809e24c 100644 --- a/src/sbattach.c +++ b/src/sbattach.c @@ -233,7 +233,11 @@ int main(int argc, char **argv) ERR_load_crypto_strings(); OpenSSL_add_all_digests(); +#if OPENSSL_VERSION_NUMBER < 0x10100000L OPENSSL_config(NULL); +#else + OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL); +#endif /* here we may get highly unlikely failures or we'll get a * complaint about FIPS signatures (usually becuase the FIPS * module isn't present). In either case ignore the errors diff --git a/src/sbkeysync.c b/src/sbkeysync.c index 7b17f40..1f37118 100644 --- a/src/sbkeysync.c +++ b/src/sbkeysync.c @@ -208,7 +208,11 @@ static int x509_key_parse(struct key *key, uint8_t *data, size_t len) goto out; key->id_len = ASN1_STRING_length(serial); +#if OPENSSL_VERSION_NUMBER < 0x10100000L key->id = talloc_memdup(key, ASN1_STRING_data(serial), key->id_len); +#else + key->id = talloc_memdup(key, ASN1_STRING_get0_data(serial), key->id_len); +#endif key->description = talloc_array(key, char, description_len); X509_NAME_oneline(X509_get_subject_name(x509), @@ -930,7 +934,11 @@ int main(int argc, char **argv) ERR_load_crypto_strings(); OpenSSL_add_all_digests(); OpenSSL_add_all_ciphers(); +#if OPENSSL_VERSION_NUMBER < 0x10100000L OPENSSL_config(NULL); +#else + OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL); +#endif /* here we may get highly unlikely failures or we'll get a * complaint about FIPS signatures (usually becuase the FIPS * module isn't present). In either case ignore the errors diff --git a/src/sbsign.c b/src/sbsign.c index 92607a7..898fe66 100644 --- a/src/sbsign.c +++ b/src/sbsign.c @@ -234,7 +234,11 @@ int main(int argc, char **argv) ERR_load_BIO_strings(); OpenSSL_add_all_digests(); OpenSSL_add_all_ciphers(); +#if OPENSSL_VERSION_NUMBER < 0x10100000L OPENSSL_config(NULL); +#else + OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL); +#endif /* here we may get highly unlikely failures or we'll get a * complaint about FIPS signatures (usually becuase the FIPS * module isn't present). In either case ignore the errors diff --git a/src/sbvarsign.c b/src/sbvarsign.c index 273fd0d..92475a2 100644 --- a/src/sbvarsign.c +++ b/src/sbvarsign.c @@ -513,7 +513,11 @@ int main(int argc, char **argv) OpenSSL_add_all_digests(); OpenSSL_add_all_ciphers(); ERR_load_crypto_strings(); +#if OPENSSL_VERSION_NUMBER < 0x10100000L OPENSSL_config(NULL); +#else + OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL); +#endif /* here we may get highly unlikely failures or we'll get a * complaint about FIPS signatures (usually becuase the FIPS * module isn't present). In either case ignore the errors diff --git a/src/sbverify.c b/src/sbverify.c index 4dddecc..ac6705e 100644 --- a/src/sbverify.c +++ b/src/sbverify.c @@ -252,7 +252,11 @@ int main(int argc, char **argv) OpenSSL_add_all_digests(); ERR_load_crypto_strings(); +#if OPENSSL_VERSION_NUMBER < 0x10100000L OPENSSL_config(NULL); +#else + OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL); +#endif /* here we may get highly unlikely failures or we'll get a * complaint about FIPS signatures (usually becuase the FIPS * module isn't present). In either case ignore the errors |