ima-evm-utils: support to build with openssl-1.1.x

Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
author: Lans Zhang <jia.zhang@windriver.com> 2017-08-16 14:56:23 +0800
committer: Lans Zhang <jia.zhang@windriver.com> 2017-08-16 14:56:23 +0800
commit: 8ff4d25a90d5d0c5ae011cd46a10fc1c4e238c32 (patch)
tree: 258024ebfd1628ab50a5ead71a8a51e86464117a
parent: ead58497c844923821b6b33078c303674cc00d82 (diff)
download: meta-secure-core-8ff4d25a90d5d0c5ae011cd46a10fc1c4e238c32.tar.gz
2 files changed, 300 insertions, 0 deletions
diff --git a/meta-integrity/recipes-support/ima-evm-utils/ima-evm-utils/Fix-the-build-failure-with-openssl-1.1.x.patch b/meta-integrity/recipes-support/ima-evm-utils/ima-evm-utils/Fix-the-build-failure-with-openssl-1.1.x.patch
new file mode 100644
index 0000000..5551678
--- /dev/null
+++ b/meta-integrity/recipes-support/ima-evm-utils/ima-evm-utils/Fix-the-build-failure-with-openssl-1.1.x.patch
@@ -0,0 +1,299 @@
+From 61595d2d4eb9d6855680ea2f6d74492a4b7a553f Mon Sep 17 00:00:00 2001
+From: Lans Zhang <jia.zhang@windriver.com>
+Date: Wed, 16 Aug 2017 14:32:03 +0800
+Subject: [PATCH] Fix the build failure with openssl-1.1.x
+- Clean up the opaqu EVP_MD_CTX and RSA.
+- Similarly, HMAC_CTX is also opaqu. Note that there is no dynamic
+  allocation function like HMAC_CTX_create|new() available in 1.0.x.
+- HMAC_CTX_cleanup() is replaced by HMAC_CTX_reset().
+Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
+---
+ src/evmctl.c    | 79 +++++++++++++++++++++++++++++++++++++++++----------------
+ src/libimaevm.c | 54 +++++++++++++++++++++++++--------------
+ 2 files changed, 92 insertions(+), 41 deletions(-)
+diff --git a/src/evmctl.c b/src/evmctl.c
+index c54efbb..9156bcb 100644
+--- a/src/evmctl.c
+++ b/src/evmctl.c
+@@ -314,7 +314,7 @@ static int calc_evm_hash(const char *file, unsigned char *hash)
+        struct stat st;
+        int err;
+        uint32_t generation = 0;
+-       EVP_MD_CTX ctx;
+       EVP_MD_CTX *ctx;
+        unsigned int mdlen;
+        char **xattrname;
+        char xattr_value[1024];
+@@ -366,10 +366,17 @@ static int calc_evm_hash(const char *file, unsigned char *hash)
+                return -1;
+        }
+ 
+-       err = EVP_DigestInit(&ctx, EVP_sha1());
+       ctx = EVP_MD_CTX_create();
+       if (!ctx) {
+               log_err("EVP_MD_CTX_create() failed\n");
+               return -1;
+       }
+
+       err = EVP_DigestInit(ctx, EVP_sha1());
+        if (!err) {
+                log_err("EVP_DigestInit() failed\n");
+-               return 1;
+               err = 1;
+               goto out;
+        }
+ 
+        for (xattrname = evm_config_xattrnames; *xattrname != NULL; xattrname++) {
+@@ -398,10 +405,11 @@ static int calc_evm_hash(const char *file, unsigned char *hash)
+                /*log_debug("name: %s, value: %s, size: %d\n", *xattrname, xattr_value, err);*/
+                log_info("name: %s, size: %d\n", *xattrname, err);
+                log_debug_dump(xattr_value, err);
+-               err = EVP_DigestUpdate(&ctx, xattr_value, err);
+               err = EVP_DigestUpdate(ctx, xattr_value, err);
+                if (!err) {
+                        log_err("EVP_DigestUpdate() failed\n");
+-                       return 1;
+                       err = 1;
+                       goto out;
+                }
+        }
+ 
+@@ -446,31 +454,38 @@ static int calc_evm_hash(const char *file, unsigned char *hash)
+        log_debug("hmac_misc (%d): ", hmac_size);
+        log_debug_dump(&hmac_misc, hmac_size);
+ 
+-       err = EVP_DigestUpdate(&ctx, &hmac_misc, hmac_size);
+       err = EVP_DigestUpdate(ctx, &hmac_misc, hmac_size);
+        if (!err) {
+                log_err("EVP_DigestUpdate() failed\n");
+-               return 1;
+               err = 1;
+               goto out;
+        }
+ 
+        if (!evm_immutable && !(hmac_flags & HMAC_FLAG_NO_UUID)) {
+                err = get_uuid(&st, uuid);
+-               if (err)
+-                       return -1;
+               if (err) {
+                       err = -1;
+                       goto out;
+               }
+ 
+-               err = EVP_DigestUpdate(&ctx, (const unsigned char *)uuid, sizeof(uuid));
+               err = EVP_DigestUpdate(ctx, (const unsigned char *)uuid, sizeof(uuid));
+                if (!err) {
+                        log_err("EVP_DigestUpdate() failed\n");
+-                       return 1;
+                       err = 1;
+                       goto out;
+                }
+        }
+ 
+-       err = EVP_DigestFinal(&ctx, hash, &mdlen);
+-       if (!err) {
+       if (!EVP_DigestFinal(ctx, hash, &mdlen)) {
+                log_err("EVP_DigestFinal() failed\n");
+-               return 1;
+-       }
+               err = 1;
+       } else
+               err = 0;
+
+out:
+       EVP_MD_CTX_destroy(ctx);
+ 
+-       return mdlen;
+       return err ?: mdlen;
+ }
+ 
+ static int sign_evm(const char *file, const char *key)
+@@ -908,7 +923,7 @@ static int calc_evm_hmac(const char *file, const char *keyfile, unsigned char *h
+        struct stat st;
+        int err = -1;
+        uint32_t generation = 0;
+-       HMAC_CTX ctx;
+       HMAC_CTX *ctx = NULL;
+        unsigned int mdlen;
+        char **xattrname;
+        unsigned char xattr_value[1024];
+@@ -965,7 +980,17 @@ static int calc_evm_hmac(const char *file, const char *keyfile, unsigned char *h
+                goto out;
+        }
+ 
+-       err = !HMAC_Init(&ctx, evmkey, sizeof(evmkey), EVP_sha1());
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+       ctx = malloc(sizeof(*ctx));
+#else
+       ctx = HMAC_CTX_new();
+#endif
+       if (!ctx) {
+               log_err("HMAC_CTX_new() failed\n");
+               goto out;
+       }
+
+       err = !HMAC_Init(ctx, evmkey, sizeof(evmkey), EVP_sha1());
+        if (err) {
+                log_err("HMAC_Init() failed\n");
+                goto out;
+@@ -984,7 +1009,7 @@ static int calc_evm_hmac(const char *file, const char *keyfile, unsigned char *h
+                /*log_debug("name: %s, value: %s, size: %d\n", *xattrname, xattr_value, err);*/
+                log_info("name: %s, size: %d\n", *xattrname, err);
+                log_debug_dump(xattr_value, err);
+-               err = !HMAC_Update(&ctx, xattr_value, err);
+               err = !HMAC_Update(ctx, xattr_value, err);
+                if (err) {
+                        log_err("HMAC_Update() failed\n");
+                        goto out_ctx_cleanup;
+@@ -1025,17 +1050,27 @@ static int calc_evm_hmac(const char *file, const char *keyfile, unsigned char *h
+        log_debug("hmac_misc (%d): ", hmac_size);
+        log_debug_dump(&hmac_misc, hmac_size);
+ 
+-       err = !HMAC_Update(&ctx, (const unsigned char *)&hmac_misc, hmac_size);
+       err = !HMAC_Update(ctx, (const unsigned char *)&hmac_misc, hmac_size);
+        if (err) {
+                log_err("HMAC_Update() failed\n");
+                goto out_ctx_cleanup;
+        }
+-       err = !HMAC_Final(&ctx, hash, &mdlen);
+       err = !HMAC_Final(ctx, hash, &mdlen);
+        if (err)
+                log_err("HMAC_Final() failed\n");
+ out_ctx_cleanup:
+-       HMAC_CTX_cleanup(&ctx);
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+       HMAC_CTX_cleanup(ctx);
+#else
+       HMAC_CTX_reset(ctx);
+#endif
+ out:
+       if (ctx)
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+               free(ctx);
+#else
+               HMAC_CTX_free(ctx);
+#endif
+        free(key);
+        return err ?: mdlen;
+ }
+diff --git a/src/libimaevm.c b/src/libimaevm.c
+index eedffb4..3f23cac 100644
+--- a/src/libimaevm.c
+++ b/src/libimaevm.c
+@@ -271,7 +271,7 @@ int ima_calc_hash(const char *file, uint8_t *hash)
+ {
+        const EVP_MD *md;
+        struct stat st;
+-       EVP_MD_CTX ctx;
+       EVP_MD_CTX *ctx;
+        unsigned int mdlen;
+        int err;
+ 
+@@ -288,41 +288,50 @@ int ima_calc_hash(const char *file, uint8_t *hash)
+                return 1;
+        }
+ 
+-       err = EVP_DigestInit(&ctx, md);
+       ctx = EVP_MD_CTX_create();
+       if (!ctx) {
+               log_err("EVP_MD_CTX_create() failed\n");
+               return 1;
+       }
+
+       err = EVP_DigestInit(ctx, md);
+        if (!err) {
+                log_err("EVP_DigestInit() failed\n");
+-               return 1;
+               err = 1;
+               goto out;
+        }
+ 
+        switch (st.st_mode & S_IFMT) {
+        case S_IFREG:
+-               err = add_file_hash(file, &ctx);
+               err = add_file_hash(file, ctx);
+                break;
+        case S_IFDIR:
+-               err = add_dir_hash(file, &ctx);
+               err = add_dir_hash(file, ctx);
+                break;
+        case S_IFLNK:
+-               err = add_link_hash(file, &ctx);
+               err = add_link_hash(file, ctx);
+                break;
+        case S_IFIFO: case S_IFSOCK:
+        case S_IFCHR: case S_IFBLK:
+-               err = add_dev_hash(&st, &ctx);
+               err = add_dev_hash(&st, ctx);
+                break;
+        default:
+                log_errno("Unsupported file type");
+-               return -1;
+               err = -1;
+        }
+ 
+        if (err)
+-               return err;
+               goto out;
+ 
+-       err = EVP_DigestFinal(&ctx, hash, &mdlen);
+-       if (!err) {
+       if (!EVP_DigestFinal(ctx, hash, &mdlen)) {
+                log_err("EVP_DigestFinal() failed\n");
+-               return 1;
+               err = 1;
+        }
+ 
+-       return mdlen;
+out:
+       EVP_MD_CTX_destroy(ctx);
+
+       return err ?: mdlen;
+ }
+ 
+ RSA *read_pub_key(const char *keyfile, int x509)
+@@ -549,6 +558,7 @@ int key2bin(RSA *key, unsigned char *pub)
+ {
+        int len, b, offset = 0;
+        struct pubkey_hdr *pkh = (struct pubkey_hdr *)pub;
+       BIGNUM *n, *e;
+ 
+        /* add key header */
+        pkh->version = 1;
+@@ -558,18 +568,24 @@ int key2bin(RSA *key, unsigned char *pub)
+ 
+        offset += sizeof(*pkh);
+ 
+-       len = BN_num_bytes(key->n);
+-       b = BN_num_bits(key->n);
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+       n = key->n;
+       e = key->e;
+#else
+       RSA_get0_key(key, (const BIGNUM **)&n, (const BIGNUM **)&e, NULL);
+#endif
+       len = BN_num_bytes(n);
+       b = BN_num_bits(n);
+        pub[offset++] = b >> 8;
+        pub[offset++] = b & 0xff;
+-       BN_bn2bin(key->n, &pub[offset]);
+       BN_bn2bin(n, &pub[offset]);
+        offset += len;
+ 
+-       len = BN_num_bytes(key->e);
+-       b = BN_num_bits(key->e);
+       len = BN_num_bytes(e);
+       b = BN_num_bits(e);
+        pub[offset++] = b >> 8;
+        pub[offset++] = b & 0xff;
+-       BN_bn2bin(key->e, &pub[offset]);
+       BN_bn2bin(e, &pub[offset]);
+        offset += len;
+ 
+        return offset;
+-- 
+2.7.5
diff --git a/meta-integrity/recipes-support/ima-evm-utils/ima-evm-utils_git.bb b/meta-integrity/recipes-support/ima-evm-utils/ima-evm-utils_git.bb
index 8ef322d..dbfd7c9 100644
--- a/meta-integrity/recipes-support/ima-evm-utils/ima-evm-utils_git.bb
+++ b/meta-integrity/recipes-support/ima-evm-utils/ima-evm-utils_git.bb
@@ -9,6 +9,7 @@ SRC_URI = "\
    git://git.code.sf.net/p/linux-ima/ima-evm-utils \
    file://0001-Don-t-build-man-pages.patch \
    file://0001-Install-evmctl-to-sbindir-rather-than-bindir.patch \
+    file://Fix-the-build-failure-with-openssl-1.1.x.patch \
 "
 SRCREV = "3e2a67bdb0673581a97506262e62db098efef6d7"
author	Lans Zhang <jia.zhang@windriver.com>	2017-08-16 14:56:23 +0800
committer	Lans Zhang <jia.zhang@windriver.com>	2017-08-16 14:56:23 +0800
commit	8ff4d25a90d5d0c5ae011cd46a10fc1c4e238c32 (patch)
tree	258024ebfd1628ab50a5ead71a8a51e86464117a
parent	ead58497c844923821b6b33078c303674cc00d82 (diff)
download	meta-secure-core-8ff4d25a90d5d0c5ae011cd46a10fc1c4e238c32.tar.gz

diff --git a/meta-integrity/recipes-support/ima-evm-utils/ima-evm-utils/Fix-the-build-failure-with-openssl-1.1.x.patch b/meta-integrity/recipes-support/ima-evm-utils/ima-evm-utils/Fix-the-build-failure-with-openssl-1.1.x.patch new file mode 100644 index 0000000..5551678 --- /dev/null +++ b/meta-integrity/recipes-support/ima-evm-utils/ima-evm-utils/Fix-the-build-failure-with-openssl-1.1.x.patch
@@ -0,0 +1,299 @@
		1	From 61595d2d4eb9d6855680ea2f6d74492a4b7a553f Mon Sep 17 00:00:00 2001
		2	From: Lans Zhang <jia.zhang@windriver.com>
		3	Date: Wed, 16 Aug 2017 14:32:03 +0800
		4	Subject: [PATCH] Fix the build failure with openssl-1.1.x
		5
		6	- Clean up the opaqu EVP_MD_CTX and RSA.
		7	- Similarly, HMAC_CTX is also opaqu. Note that there is no dynamic
		8	allocation function like HMAC_CTX_create\|new() available in 1.0.x.
		9	- HMAC_CTX_cleanup() is replaced by HMAC_CTX_reset().
		10
		11	Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
		12	---
		13	src/evmctl.c \| 79 +++++++++++++++++++++++++++++++++++++++++----------------
		14	src/libimaevm.c \| 54 +++++++++++++++++++++++++--------------
		15	2 files changed, 92 insertions(+), 41 deletions(-)
		16
		17	diff --git a/src/evmctl.c b/src/evmctl.c
		18	index c54efbb..9156bcb 100644
		19	--- a/src/evmctl.c
		20	+++ b/src/evmctl.c
		21	@@ -314,7 +314,7 @@ static int calc_evm_hash(const char file, unsigned char hash)
		22	struct stat st;
		23	int err;
		24	uint32_t generation = 0;
		25	- EVP_MD_CTX ctx;
		26	+ EVP_MD_CTX *ctx;
		27	unsigned int mdlen;
		28	char **xattrname;
		29	char xattr_value[1024];
		30	@@ -366,10 +366,17 @@ static int calc_evm_hash(const char file, unsigned char hash)
		31	return -1;
		32	}
		33
		34	- err = EVP_DigestInit(&ctx, EVP_sha1());
		35	+ ctx = EVP_MD_CTX_create();
		36	+ if (!ctx) {
		37	+ log_err("EVP_MD_CTX_create() failed\n");
		38	+ return -1;
		39	+ }
		40	+
		41	+ err = EVP_DigestInit(ctx, EVP_sha1());
		42	if (!err) {
		43	log_err("EVP_DigestInit() failed\n");
		44	- return 1;
		45	+ err = 1;
		46	+ goto out;
		47	}
		48
		49	for (xattrname = evm_config_xattrnames; *xattrname != NULL; xattrname++) {
		50	@@ -398,10 +405,11 @@ static int calc_evm_hash(const char file, unsigned char hash)
		51	/log_debug("name: %s, value: %s, size: %d\n", xattrname, xattr_value, err);*/
		52	log_info("name: %s, size: %d\n", *xattrname, err);
		53	log_debug_dump(xattr_value, err);
		54	- err = EVP_DigestUpdate(&ctx, xattr_value, err);
		55	+ err = EVP_DigestUpdate(ctx, xattr_value, err);
		56	if (!err) {
		57	log_err("EVP_DigestUpdate() failed\n");
		58	- return 1;
		59	+ err = 1;
		60	+ goto out;
		61	}
		62	}
		63
		64	@@ -446,31 +454,38 @@ static int calc_evm_hash(const char file, unsigned char hash)
		65	log_debug("hmac_misc (%d): ", hmac_size);
		66	log_debug_dump(&hmac_misc, hmac_size);
		67
		68	- err = EVP_DigestUpdate(&ctx, &hmac_misc, hmac_size);
		69	+ err = EVP_DigestUpdate(ctx, &hmac_misc, hmac_size);
		70	if (!err) {
		71	log_err("EVP_DigestUpdate() failed\n");
		72	- return 1;
		73	+ err = 1;
		74	+ goto out;
		75	}
		76
		77	if (!evm_immutable && !(hmac_flags & HMAC_FLAG_NO_UUID)) {
		78	err = get_uuid(&st, uuid);
		79	- if (err)
		80	- return -1;
		81	+ if (err) {
		82	+ err = -1;
		83	+ goto out;
		84	+ }
		85
		86	- err = EVP_DigestUpdate(&ctx, (const unsigned char *)uuid, sizeof(uuid));
		87	+ err = EVP_DigestUpdate(ctx, (const unsigned char *)uuid, sizeof(uuid));
		88	if (!err) {
		89	log_err("EVP_DigestUpdate() failed\n");
		90	- return 1;
		91	+ err = 1;
		92	+ goto out;
		93	}
		94	}
		95
		96	- err = EVP_DigestFinal(&ctx, hash, &mdlen);
		97	- if (!err) {
		98	+ if (!EVP_DigestFinal(ctx, hash, &mdlen)) {
		99	log_err("EVP_DigestFinal() failed\n");
		100	- return 1;
		101	- }
		102	+ err = 1;
		103	+ } else
		104	+ err = 0;
		105	+
		106	+out:
		107	+ EVP_MD_CTX_destroy(ctx);
		108
		109	- return mdlen;
		110	+ return err ?: mdlen;
		111	}
		112
		113	static int sign_evm(const char file, const char key)
		114	@@ -908,7 +923,7 @@ static int calc_evm_hmac(const char file, const char keyfile, unsigned char *h
		115	struct stat st;
		116	int err = -1;
		117	uint32_t generation = 0;
		118	- HMAC_CTX ctx;
		119	+ HMAC_CTX *ctx = NULL;
		120	unsigned int mdlen;
		121	char **xattrname;
		122	unsigned char xattr_value[1024];
		123	@@ -965,7 +980,17 @@ static int calc_evm_hmac(const char file, const char keyfile, unsigned char *h
		124	goto out;
		125	}
		126
		127	- err = !HMAC_Init(&ctx, evmkey, sizeof(evmkey), EVP_sha1());
		128	+#if OPENSSL_VERSION_NUMBER < 0x10100000L
		129	+ ctx = malloc(sizeof(*ctx));
		130	+#else
		131	+ ctx = HMAC_CTX_new();
		132	+#endif
		133	+ if (!ctx) {
		134	+ log_err("HMAC_CTX_new() failed\n");
		135	+ goto out;
		136	+ }
		137	+
		138	+ err = !HMAC_Init(ctx, evmkey, sizeof(evmkey), EVP_sha1());
		139	if (err) {
		140	log_err("HMAC_Init() failed\n");
		141	goto out;
		142	@@ -984,7 +1009,7 @@ static int calc_evm_hmac(const char file, const char keyfile, unsigned char *h
		143	/log_debug("name: %s, value: %s, size: %d\n", xattrname, xattr_value, err);*/
		144	log_info("name: %s, size: %d\n", *xattrname, err);
		145	log_debug_dump(xattr_value, err);
		146	- err = !HMAC_Update(&ctx, xattr_value, err);
		147	+ err = !HMAC_Update(ctx, xattr_value, err);
		148	if (err) {
		149	log_err("HMAC_Update() failed\n");
		150	goto out_ctx_cleanup;
		151	@@ -1025,17 +1050,27 @@ static int calc_evm_hmac(const char file, const char keyfile, unsigned char *h
		152	log_debug("hmac_misc (%d): ", hmac_size);
		153	log_debug_dump(&hmac_misc, hmac_size);
		154
		155	- err = !HMAC_Update(&ctx, (const unsigned char *)&hmac_misc, hmac_size);
		156	+ err = !HMAC_Update(ctx, (const unsigned char *)&hmac_misc, hmac_size);
		157	if (err) {
		158	log_err("HMAC_Update() failed\n");
		159	goto out_ctx_cleanup;
		160	}
		161	- err = !HMAC_Final(&ctx, hash, &mdlen);
		162	+ err = !HMAC_Final(ctx, hash, &mdlen);
		163	if (err)
		164	log_err("HMAC_Final() failed\n");
		165	out_ctx_cleanup:
		166	- HMAC_CTX_cleanup(&ctx);
		167	+#if OPENSSL_VERSION_NUMBER < 0x10100000L
		168	+ HMAC_CTX_cleanup(ctx);
		169	+#else
		170	+ HMAC_CTX_reset(ctx);
		171	+#endif
		172	out:
		173	+ if (ctx)
		174	+#if OPENSSL_VERSION_NUMBER < 0x10100000L
		175	+ free(ctx);
		176	+#else
		177	+ HMAC_CTX_free(ctx);
		178	+#endif
		179	free(key);
		180	return err ?: mdlen;
		181	}
		182	diff --git a/src/libimaevm.c b/src/libimaevm.c
		183	index eedffb4..3f23cac 100644
		184	--- a/src/libimaevm.c
		185	+++ b/src/libimaevm.c
		186	@@ -271,7 +271,7 @@ int ima_calc_hash(const char file, uint8_t hash)
		187	{
		188	const EVP_MD *md;
		189	struct stat st;
		190	- EVP_MD_CTX ctx;
		191	+ EVP_MD_CTX *ctx;
		192	unsigned int mdlen;
		193	int err;
		194
		195	@@ -288,41 +288,50 @@ int ima_calc_hash(const char file, uint8_t hash)
		196	return 1;
		197	}
		198
		199	- err = EVP_DigestInit(&ctx, md);
		200	+ ctx = EVP_MD_CTX_create();
		201	+ if (!ctx) {
		202	+ log_err("EVP_MD_CTX_create() failed\n");
		203	+ return 1;
		204	+ }
		205	+
		206	+ err = EVP_DigestInit(ctx, md);
		207	if (!err) {
		208	log_err("EVP_DigestInit() failed\n");
		209	- return 1;
		210	+ err = 1;
		211	+ goto out;
		212	}
		213
		214	switch (st.st_mode & S_IFMT) {
		215	case S_IFREG:
		216	- err = add_file_hash(file, &ctx);
		217	+ err = add_file_hash(file, ctx);
		218	break;
		219	case S_IFDIR:
		220	- err = add_dir_hash(file, &ctx);
		221	+ err = add_dir_hash(file, ctx);
		222	break;
		223	case S_IFLNK:
		224	- err = add_link_hash(file, &ctx);
		225	+ err = add_link_hash(file, ctx);
		226	break;
		227	case S_IFIFO: case S_IFSOCK:
		228	case S_IFCHR: case S_IFBLK:
		229	- err = add_dev_hash(&st, &ctx);
		230	+ err = add_dev_hash(&st, ctx);
		231	break;
		232	default:
		233	log_errno("Unsupported file type");
		234	- return -1;
		235	+ err = -1;
		236	}
		237
		238	if (err)
		239	- return err;
		240	+ goto out;
		241
		242	- err = EVP_DigestFinal(&ctx, hash, &mdlen);
		243	- if (!err) {
		244	+ if (!EVP_DigestFinal(ctx, hash, &mdlen)) {
		245	log_err("EVP_DigestFinal() failed\n");
		246	- return 1;
		247	+ err = 1;
		248	}
		249
		250	- return mdlen;
		251	+out:
		252	+ EVP_MD_CTX_destroy(ctx);
		253	+
		254	+ return err ?: mdlen;
		255	}
		256
		257	RSA read_pub_key(const char keyfile, int x509)
		258	@@ -549,6 +558,7 @@ int key2bin(RSA key, unsigned char pub)
		259	{
		260	int len, b, offset = 0;
		261	struct pubkey_hdr pkh = (struct pubkey_hdr )pub;
		262	+ BIGNUM n, e;
		263
		264	/* add key header */
		265	pkh->version = 1;
		266	@@ -558,18 +568,24 @@ int key2bin(RSA key, unsigned char pub)
		267
		268	offset += sizeof(*pkh);
		269
		270	- len = BN_num_bytes(key->n);
		271	- b = BN_num_bits(key->n);
		272	+#if OPENSSL_VERSION_NUMBER < 0x10100000L
		273	+ n = key->n;
		274	+ e = key->e;
		275	+#else
		276	+ RSA_get0_key(key, (const BIGNUM )&n, (const BIGNUM )&e, NULL);
		277	+#endif
		278	+ len = BN_num_bytes(n);
		279	+ b = BN_num_bits(n);
		280	pub[offset++] = b >> 8;
		281	pub[offset++] = b & 0xff;
		282	- BN_bn2bin(key->n, &pub[offset]);
		283	+ BN_bn2bin(n, &pub[offset]);
		284	offset += len;
		285
		286	- len = BN_num_bytes(key->e);
		287	- b = BN_num_bits(key->e);
		288	+ len = BN_num_bytes(e);
		289	+ b = BN_num_bits(e);
		290	pub[offset++] = b >> 8;
		291	pub[offset++] = b & 0xff;
		292	- BN_bn2bin(key->e, &pub[offset]);
		293	+ BN_bn2bin(e, &pub[offset]);
		294	offset += len;
		295
		296	return offset;
		297	--
		298	2.7.5
		299


diff --git a/meta-integrity/recipes-support/ima-evm-utils/ima-evm-utils_git.bb b/meta-integrity/recipes-support/ima-evm-utils/ima-evm-utils_git.bb index 8ef322d..dbfd7c9 100644 --- a/meta-integrity/recipes-support/ima-evm-utils/ima-evm-utils_git.bb +++ b/meta-integrity/recipes-support/ima-evm-utils/ima-evm-utils_git.bb
@@ -9,6 +9,7 @@ SRC_URI = "\
9	git://git.code.sf.net/p/linux-ima/ima-evm-utils \	9	git://git.code.sf.net/p/linux-ima/ima-evm-utils \
10	file://0001-Don-t-build-man-pages.patch \	10	file://0001-Don-t-build-man-pages.patch \
11	file://0001-Install-evmctl-to-sbindir-rather-than-bindir.patch \	11	file://0001-Install-evmctl-to-sbindir-rather-than-bindir.patch \
		12	file://Fix-the-build-failure-with-openssl-1.1.x.patch \
12	"	13	"
13	SRCREV = "3e2a67bdb0673581a97506262e62db098efef6d7"	14	SRCREV = "3e2a67bdb0673581a97506262e62db098efef6d7"
14		15