summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJason Wessel <jason.wessel@windriver.com>2019-10-02 04:00:05 -0700
committerJia Zhang <zhang.jia@linux.alibaba.com>2019-11-08 13:27:23 +0800
commit1473c05286859f4b2ed7c7e97422f1fa226c9dfb (patch)
tree07bb633a6d97cb4e256060d9c36bea52b64d1f98
parent393b80fa358557bd24dde6a0b7052fcb87eb32d7 (diff)
downloadmeta-secure-core-1473c05286859f4b2ed7c7e97422f1fa226c9dfb.tar.gz
efitools: Uprev to fix LockDown.efi for UEFI built after 2018
Versions of the UEFI core from 2018 on will not work properly with LockDown.efi's key install. It will report that the PK key cannot be installed due to the handling of the signature header with the PKCS7 data. There are several other minor bug fixes, with the short log shown below. ==== James Bottomley (13): cert-to-efi-hash-list: fix for openssl 1.1 Version: 1.8.0 Fix Fedora build Version: 1.8.1 factor out variable signing code support engine based keys use SignedData instead of PKCS7 for variable updates Version: 1.9.0 Makefile: Reverse the order of lib.a and -lcrypto Version: 1.9.1 sign-efi-sig-list: add man page entry for engine option sha256: do not align raw section sizes Version: 1.9.2 pai-yi.huang (1): efi-updatevar: remove all authenticated attributes from signature Make.rules | 6 ++--- Makefile | 12 +++++----- cert-to-efi-hash-list.c | 6 ++++- efi-updatevar.c | 28 +++++++++++------------ include/openssl_sign.h | 10 ++++++++ include/version.h | 2 +- lib/Makefile | 2 +- lib/openssl_sign.c | 156 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ lib/sha256.c | 8 ++++--- sign-efi-sig-list.c | 59 +++++++++++------------------------------------ 10 files changed, 213 insertions(+), 76 deletions(-) create mode 100644 include/openssl_sign.h create mode 100644 lib/openssl_sign.c [ Issue: LINUXEXEC-2450 ] Signed-off-by: Jason Wessel <jason.wessel@windriver.com>
Diffstat
-rw-r--r--meta-efi-secure-boot/recipes-bsp/efitools/efitools.inc5
-rw-r--r--meta-efi-secure-boot/recipes-bsp/efitools/efitools/Fix-for-the-cross-compilation.patch48
-rw-r--r--meta-efi-secure-boot/recipes-bsp/efitools/efitools/Kill-all-the-build-warning-caused-by-implicit-declar.patch25
-rw-r--r--meta-efi-secure-boot/recipes-bsp/efitools/efitools/cert-to-efi-hash-list-support-to-build-with-openssl-.patch32
4 files changed, 30 insertions, 80 deletions
diff --git a/meta-efi-secure-boot/recipes-bsp/efitools/efitools.inc b/meta-efi-secure-boot/recipes-bsp/efitools/efitools.inc
index 0217818..a1a1d1d 100644
--- a/meta-efi-secure-boot/recipes-bsp/efitools/efitools.inc
+++ b/meta-efi-secure-boot/recipes-bsp/efitools/efitools.inc
@@ -15,7 +15,7 @@ DEPENDS_append += "\
15 libfile-slurp-perl-native \ 15 libfile-slurp-perl-native \
16" 16"
17 17
18PV = "1.7.0+git${SRCPV}" 18PV = "1.9.2+git${SRCPV}"
19 19
20SRC_URI = "\ 20SRC_URI = "\
21 git://git.kernel.org/pub/scm/linux/kernel/git/jejb/efitools.git \ 21 git://git.kernel.org/pub/scm/linux/kernel/git/jejb/efitools.git \
@@ -29,9 +29,8 @@ SRC_URI = "\
29 file://Reuse-xxdi.pl.patch \ 29 file://Reuse-xxdi.pl.patch \
30 file://Add-static-keyword-for-IsValidVariableHeader.patch \ 30 file://Add-static-keyword-for-IsValidVariableHeader.patch \
31 file://Dynamically-load-openssl.cnf-for-openssl-1.0.x-and-1.patch \ 31 file://Dynamically-load-openssl.cnf-for-openssl-1.0.x-and-1.patch \
32 file://cert-to-efi-hash-list-support-to-build-with-openssl-.patch \
33" 32"
34SRCREV = "0649468475d20d8ca5634433c4912467cef3ce93" 33SRCREV = "392836a46ce3c92b55dc88a1aebbcfdfc5dcddce"
35 34
36PARALLEL_MAKE = "" 35PARALLEL_MAKE = ""
37 36
diff --git a/meta-efi-secure-boot/recipes-bsp/efitools/efitools/Fix-for-the-cross-compilation.patch b/meta-efi-secure-boot/recipes-bsp/efitools/efitools/Fix-for-the-cross-compilation.patch
index a5be1ef..d846fb1 100644
--- a/meta-efi-secure-boot/recipes-bsp/efitools/efitools/Fix-for-the-cross-compilation.patch
+++ b/meta-efi-secure-boot/recipes-bsp/efitools/efitools/Fix-for-the-cross-compilation.patch
@@ -8,11 +8,9 @@ Upstream-Status: Pending
8Signed-off-by: Lans Zhang <jia.zhang@windriver.com> 8Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
9--- 9---
10 Make.rules | 51 ++++++++++++++++++++++++++++----------------------- 10 Make.rules | 51 ++++++++++++++++++++++++++++-----------------------
11 Makefile | 12 ++++++------ 11 Makefile | 20 ++++++++++----------
12 2 files changed, 34 insertions(+), 29 deletions(-) 12 2 files changed, 38 insertions(+), 33 deletions(-)
13 13
14diff --git a/Make.rules b/Make.rules
15index 88d5481bef6a..c794a621095b 100644
16--- a/Make.rules 14--- a/Make.rules
17+++ b/Make.rules 15+++ b/Make.rules
18@@ -13,21 +13,26 @@ ARCH3264 = 16@@ -13,21 +13,26 @@ ARCH3264 =
@@ -21,21 +19,21 @@ index 88d5481bef6a..c794a621095b 100644
21 endif 19 endif
22-INCDIR = -I$(TOPDIR)include/ -I/usr/include/efi -I/usr/include/efi/$(ARCH) -I/usr/include/efi/protocol 20-INCDIR = -I$(TOPDIR)include/ -I/usr/include/efi -I/usr/include/efi/$(ARCH) -I/usr/include/efi/protocol
23-CPPFLAGS = -DCONFIG_$(ARCH) 21-CPPFLAGS = -DCONFIG_$(ARCH)
24-CFLAGS = -O2 $(ARCH3264) -fpic -Wall -fshort-wchar -fno-strict-aliasing -fno-merge-constants -fno-stack-protector -ffreestanding -fno-stack-check 22-CFLAGS = -O2 -g $(ARCH3264) -fpic -Wall -fshort-wchar -fno-strict-aliasing -fno-merge-constants -fno-stack-protector -ffreestanding -fno-stack-check
25-LDFLAGS = -nostdlib 23-LDFLAGS = -nostdlib
26+INCDIR = -I$(TOPDIR)include/ -I$(INCDIR_PREFIX)/usr/include/efi -I$(INCDIR_PREFIX)/usr/include/efi/$(ARCH) -I$(INCDIR_PREFIX)/usr/include/efi/protocol 24+INCDIR = -I$(TOPDIR)include/ -I$(INCDIR_PREFIX)/usr/include -I$(INCDIR_PREFIX)/usr/include/efi -I$(INCDIR_PREFIX)/usr/include/efi/$(ARCH) -I$(INCDIR_PREFIX)/usr/include/efi/protocol
27+cppflags = -DCONFIG_$(ARCH) 25+cppflags = -DCONFIG_$(ARCH)
28+cflags = -O2 $(ARCH3264) -fpic -Wall -fshort-wchar -fno-strict-aliasing -fno-merge-constants -fno-stack-protector -ffreestanding -fno-stack-check $(CFLAGS) 26+cflags = -O2 -g $(ARCH3264) -fpic -Wall -fshort-wchar -fno-strict-aliasing -fno-merge-constants -fno-stack-protector -ffreestanding -fno-stack-check
29+ldflags = -nostdlib 27+ldflags = -nostdlib
30 CRTOBJ = crt0-efi-$(ARCH).o 28 CRTOBJ = crt0-efi-$(ARCH).o
31 CRTPATHS = /lib /lib64 /lib/efi /lib64/efi /usr/lib /usr/lib64 /usr/lib/efi /usr/lib64/efi 29 CRTPATHS = /lib /lib64 /lib/efi /lib64/efi /usr/lib /usr/lib64 /usr/lib/efi /usr/lib64/efi /usr/lib/gnuefi /usr/lib64/gnuefi
32-CRTPATH = $(shell for f in $(CRTPATHS); do if [ -e $$f/$(CRTOBJ) ]; then echo $$f; break; fi; done) 30-CRTPATH = $(shell for f in $(CRTPATHS); do if [ -e $$f/$(CRTOBJ) ]; then echo $$f; break; fi; done)
33+CRTPATH = $(shell for f in $(CRTPATHS); do if [ -e $(CRTPATH_PREFIX)/$$f/$(CRTOBJ) ]; then echo $(CRTPATH_PREFIX)/$$f; break; fi; done) 31+CRTPATH = $(shell for f in $(CRTPATHS); do if [ -e $(CRTPATH_PREFIX)/$$f/$(CRTOBJ) ]; then echo $(CRTPATH_PREFIX)/$$f; break; fi; done)
34 CRTOBJS = $(CRTPATH)/$(CRTOBJ) 32 CRTOBJS = $(CRTPATH)/$(CRTOBJ)
35 # there's a bug in the gnu tools ... the .reloc section has to be 33 # there's a bug in the gnu tools ... the .reloc section has to be
36 # aligned otherwise the file alignment gets screwed up 34 # aligned otherwise the file alignment gets screwed up
37 LDSCRIPT = elf_$(ARCH)_efi.lds 35 LDSCRIPT = elf_$(ARCH)_efi.lds
38-LDFLAGS += -shared -Bsymbolic $(CRTOBJS) -L $(CRTPATH) -T $(LDSCRIPT) 36-LDFLAGS += -shared -Bsymbolic $(CRTOBJS) -L $(CRTPATH) -L /usr/lib -L /usr/lib64 -T $(LDSCRIPT)
39+ldflags += -shared -Bsymbolic $(CRTOBJS) -L $(CRTPATH) -T $(LDSCRIPT) 37+ldflags += -shared -Bsymbolic $(CRTOBJS) -L $(CRTPATH) -T $(LDSCRIPT)
40 LOADLIBES = -lefi -lgnuefi $(shell $(CC) $(ARCH3264) -print-libgcc-file-name) 38 LOADLIBES = -lefi -lgnuefi $(shell $(CC) $(ARCH3264) -print-libgcc-file-name)
41 FORMAT = --target=efi-app-$(ARCH) 39 FORMAT = --target=efi-app-$(ARCH)
@@ -48,7 +46,7 @@ index 88d5481bef6a..c794a621095b 100644
48 MYGUID = 11111111-2222-3333-4444-123456789abc 46 MYGUID = 11111111-2222-3333-4444-123456789abc
49 INSTALL = install 47 INSTALL = install
50 BINDIR = $(DESTDIR)/usr/bin 48 BINDIR = $(DESTDIR)/usr/bin
51@@ -36,23 +41,23 @@ EFIDIR = $(DESTDIR)/usr/share/efitools/efi 49@@ -36,23 +41,23 @@ EFIDIR = $(DESTDIR)/usr/share/efitools/
52 DOCDIR = $(DESTDIR)/usr/share/efitools 50 DOCDIR = $(DESTDIR)/usr/share/efitools
53 51
54 # globally use EFI calling conventions (requires gcc >= 4.7) 52 # globally use EFI calling conventions (requires gcc >= 4.7)
@@ -93,7 +91,7 @@ index 88d5481bef6a..c794a621095b 100644
93 91
94 %.hash: %.efi hash-to-efi-sig-list 92 %.hash: %.efi hash-to-efi-sig-list
95 ./hash-to-efi-sig-list $< $@ 93 ./hash-to-efi-sig-list $< $@
96@@ -99,28 +104,28 @@ getvar = $(shell if [ "$(1)" = "PK" -o "$(1)" = "KEK" ]; then echo $(1); else ec 94@@ -99,28 +104,28 @@ getvar = $(shell if [ "$(1)" = "PK" -o "
97 ./sign-efi-sig-list -a -c PK.crt -k PK.key dbx $< $@ 95 ./sign-efi-sig-list -a -c PK.crt -k PK.key dbx $< $@
98 96
99 %.o: %.c 97 %.o: %.c
@@ -130,7 +128,7 @@ index 88d5481bef6a..c794a621095b 100644
130 128
131 ## 129 ##
132 # No need for KEK signing 130 # No need for KEK signing
133@@ -129,7 +134,7 @@ getvar = $(shell if [ "$(1)" = "PK" -o "$(1)" = "KEK" ]; then echo $(1); else ec 131@@ -129,7 +134,7 @@ getvar = $(shell if [ "$(1)" = "PK" -o "
134 # sbsign --key KEK.key --cert KEK.crt --output $@ $< 132 # sbsign --key KEK.key --cert KEK.crt --output $@ $<
135 133
136 %.a: 134 %.a:
@@ -139,8 +137,6 @@ index 88d5481bef6a..c794a621095b 100644
139 137
140 doc/%.1: doc/%.1.in % 138 doc/%.1: doc/%.1.in %
141 $(HELP2MAN) --no-info -i $< -o $@ ./$* 139 $(HELP2MAN) --no-info -i $< -o $@ ./$*
142diff --git a/Makefile b/Makefile
143index 774ee0aed7e9..4c3f91b5850f 100644
144--- a/Makefile 140--- a/Makefile
145+++ b/Makefile 141+++ b/Makefile
146@@ -73,7 +73,7 @@ ms-%.esl: ms-%.crt cert-to-efi-sig-list 142@@ -73,7 +73,7 @@ ms-%.esl: ms-%.crt cert-to-efi-sig-list
@@ -156,36 +152,36 @@ index 774ee0aed7e9..4c3f91b5850f 100644
156 ShimReplace.so: lib/lib-efi.a 152 ShimReplace.so: lib/lib-efi.a
157 153
158 cert-to-efi-sig-list: cert-to-efi-sig-list.o lib/lib.a 154 cert-to-efi-sig-list: cert-to-efi-sig-list.o lib/lib.a
159- $(CC) $(ARCH3264) -o $@ $< -lcrypto lib/lib.a 155- $(CC) $(ARCH3264) -o $@ $< lib/lib.a -lcrypto
160+ $(CC) $(ARCH3264) -o $@ $< $(EXTRA_LDFLAGS) -lcrypto lib/lib.a 156+ $(CC) $(ARCH3264) -o $@ $< $(EXTRA_LDFLAGS) lib/lib.a -lcrypto
161 157
162 sig-list-to-certs: sig-list-to-certs.o lib/lib.a 158 sig-list-to-certs: sig-list-to-certs.o lib/lib.a
163- $(CC) $(ARCH3264) -o $@ $< -lcrypto lib/lib.a 159- $(CC) $(ARCH3264) -o $@ $< lib/lib.a -lcrypto
164+ $(CC) $(ARCH3264) -o $@ $< $(EXTRA_LDFLAGS) -lcrypto lib/lib.a 160+ $(CC) $(ARCH3264) -o $@ $< $(EXTRA_LDFLAGS) lib/lib.a -lcrypto
165 161
166 sign-efi-sig-list: sign-efi-sig-list.o lib/lib.a 162 sign-efi-sig-list: sign-efi-sig-list.o lib/lib.a
167- $(CC) $(ARCH3264) -o $@ $< -lcrypto lib/lib.a 163- $(CC) $(ARCH3264) -o $@ $< lib/lib.a -lcrypto
168+ $(CC) $(ARCH3264) -o $@ $< $(EXTRA_LDFLAGS) -lcrypto lib/lib.a 164+ $(CC) $(ARCH3264) -o $@ $< $(EXTRA_LDFLAGS) lib/lib.a -lcrypto
169 165
170 hash-to-efi-sig-list: hash-to-efi-sig-list.o lib/lib.a 166 hash-to-efi-sig-list: hash-to-efi-sig-list.o lib/lib.a
171- $(CC) $(ARCH3264) -o $@ $< lib/lib.a 167- $(CC) $(ARCH3264) -o $@ $< lib/lib.a
172+ $(CC) $(ARCH3264) -o $@ $< $(EXTRA_LDFLAGS) lib/lib.a 168+ $(CC) $(ARCH3264) -o $@ $< $(EXTRA_LDFLAGS) lib/lib.a
173 169
174 cert-to-efi-hash-list: cert-to-efi-hash-list.o lib/lib.a 170 cert-to-efi-hash-list: cert-to-efi-hash-list.o lib/lib.a
175- $(CC) $(ARCH3264) -o $@ $< -lcrypto lib/lib.a 171- $(CC) $(ARCH3264) -o $@ $< lib/lib.a -lcrypto
176+ $(CC) $(ARCH3264) -o $@ $< $(EXTRA_LDFLAGS) -lcrypto lib/lib.a 172+ $(CC) $(ARCH3264) -o $@ $< $(EXTRA_LDFLAGS) lib/lib.a -lcrypto
177 173
178 efi-keytool: efi-keytool.o lib/lib.a 174 efi-keytool: efi-keytool.o lib/lib.a
179- $(CC) $(ARCH3264) -o $@ $< lib/lib.a 175- $(CC) $(ARCH3264) -o $@ $< lib/lib.a
180+ $(CC) $(ARCH3264) -o $@ $< $(EXTRA_LDFLAGS) lib/lib.a 176+ $(CC) $(ARCH3264) -o $@ $< $(EXTRA_LDFLAGS) lib/lib.a
181 177
182 efi-readvar: efi-readvar.o lib/lib.a 178 efi-readvar: efi-readvar.o lib/lib.a
183- $(CC) $(ARCH3264) -o $@ $< -lcrypto lib/lib.a 179- $(CC) $(ARCH3264) -o $@ $< lib/lib.a -lcrypto
184+ $(CC) $(ARCH3264) -o $@ $< $(EXTRA_LDFLAGS) -lcrypto lib/lib.a 180+ $(CC) $(ARCH3264) -o $@ $< $(EXTRA_LDFLAGS) lib/lib.a -lcrypto
185 181
186 efi-updatevar: efi-updatevar.o lib/lib.a 182 efi-updatevar: efi-updatevar.o lib/lib.a
187- $(CC) $(ARCH3264) -o $@ $< -lcrypto lib/lib.a 183- $(CC) $(ARCH3264) -o $@ $< lib/lib.a -lcrypto
188+ $(CC) $(ARCH3264) -o $@ $< $(EXTRA_LDFLAGS) -lcrypto lib/lib.a 184+ $(CC) $(ARCH3264) -o $@ $< $(EXTRA_LDFLAGS) lib/lib.a -lcrypto
189 185
190 flash-var: flash-var.o lib/lib.a 186 flash-var: flash-var.o lib/lib.a
191- $(CC) $(ARCH3264) -o $@ $< lib/lib.a 187- $(CC) $(ARCH3264) -o $@ $< lib/lib.a
diff --git a/meta-efi-secure-boot/recipes-bsp/efitools/efitools/Kill-all-the-build-warning-caused-by-implicit-declar.patch b/meta-efi-secure-boot/recipes-bsp/efitools/efitools/Kill-all-the-build-warning-caused-by-implicit-declar.patch
index f7f32c3..b072e89 100644
--- a/meta-efi-secure-boot/recipes-bsp/efitools/efitools/Kill-all-the-build-warning-caused-by-implicit-declar.patch
+++ b/meta-efi-secure-boot/recipes-bsp/efitools/efitools/Kill-all-the-build-warning-caused-by-implicit-declar.patch
@@ -8,15 +8,13 @@ Upstream-Status: Pending
8 8
9Signed-off-by: Lans Zhang <jia.zhang@windriver.com> 9Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
10--- 10---
11 Loader.c | 1 + 11 Loader.c | 1 +
12 cert-to-efi-hash-list.c | 2 +- 12 cert-to-efi-hash-list.c | 2 +-
13 flash-var.c | 2 ++ 13 flash-var.c | 2 ++
14 lib/pecoff.c | 1 + 14 lib/pecoff.c | 1 +
15 sign-efi-sig-list.c | 2 ++ 15 sign-efi-sig-list.c | 2 ++
16 5 files changed, 7 insertions(+), 1 deletion(-) 16 5 files changed, 7 insertions(+), 1 deletion(-)
17 17
18diff --git a/Loader.c b/Loader.c
19index 1f9201a..044469a 100644
20--- a/Loader.c 18--- a/Loader.c
21+++ b/Loader.c 19+++ b/Loader.c
22@@ -9,6 +9,7 @@ 20@@ -9,6 +9,7 @@
@@ -27,8 +25,6 @@ index 1f9201a..044469a 100644
27 #include <simple_file.h> 25 #include <simple_file.h>
28 #include <pecoff.h> 26 #include <pecoff.h>
29 #include <sha256.h> 27 #include <sha256.h>
30diff --git a/cert-to-efi-hash-list.c b/cert-to-efi-hash-list.c
31index d4484f9..3792553 100644
32--- a/cert-to-efi-hash-list.c 28--- a/cert-to-efi-hash-list.c
33+++ b/cert-to-efi-hash-list.c 29+++ b/cert-to-efi-hash-list.c
34@@ -3,7 +3,7 @@ 30@@ -3,7 +3,7 @@
@@ -39,9 +35,7 @@ index d4484f9..3792553 100644
39+#define _GNU_SOURCE 35+#define _GNU_SOURCE
40 36
41 #include <stdint.h> 37 #include <stdint.h>
42 #define __STDC_VERSION__ 199901L 38 #define _XOPEN_SOURCE
43diff --git a/flash-var.c b/flash-var.c
44index aa10ae6..10429bc 100644
45--- a/flash-var.c 39--- a/flash-var.c
46+++ b/flash-var.c 40+++ b/flash-var.c
47@@ -1,3 +1,5 @@ 41@@ -1,3 +1,5 @@
@@ -50,8 +44,6 @@ index aa10ae6..10429bc 100644
50 #include <stdlib.h> 44 #include <stdlib.h>
51 #include <stdint.h> 45 #include <stdint.h>
52 #include <sys/types.h> 46 #include <sys/types.h>
53diff --git a/lib/pecoff.c b/lib/pecoff.c
54index 26d9dcf..10b898a 100644
55--- a/lib/pecoff.c 47--- a/lib/pecoff.c
56+++ b/lib/pecoff.c 48+++ b/lib/pecoff.c
57@@ -59,6 +59,7 @@ 49@@ -59,6 +59,7 @@
@@ -62,8 +54,6 @@ index 26d9dcf..10b898a 100644
62 #include <pecoff.h> 54 #include <pecoff.h>
63 #include <guid.h> 55 #include <guid.h>
64 #include <simple_file.h> 56 #include <simple_file.h>
65diff --git a/sign-efi-sig-list.c b/sign-efi-sig-list.c
66index e19ef97..5abcf27 100644
67--- a/sign-efi-sig-list.c 57--- a/sign-efi-sig-list.c
68+++ b/sign-efi-sig-list.c 58+++ b/sign-efi-sig-list.c
69@@ -3,6 +3,8 @@ 59@@ -3,6 +3,8 @@
@@ -75,6 +65,3 @@ index e19ef97..5abcf27 100644
75 #include <stdint.h> 65 #include <stdint.h>
76 #define __STDC_VERSION__ 199901L 66 #define __STDC_VERSION__ 199901L
77 #include <efi.h> 67 #include <efi.h>
78--
791.9.1
80
diff --git a/meta-efi-secure-boot/recipes-bsp/efitools/efitools/cert-to-efi-hash-list-support-to-build-with-openssl-.patch b/meta-efi-secure-boot/recipes-bsp/efitools/efitools/cert-to-efi-hash-list-support-to-build-with-openssl-.patch
deleted file mode 100644
index b4f9ff6..0000000
--- a/meta-efi-secure-boot/recipes-bsp/efitools/efitools/cert-to-efi-hash-list-support-to-build-with-openssl-.patch
+++ /dev/null
@@ -1,32 +0,0 @@
1From 1b87c0e53efdccec4c05d2b92699f49cd3d6ec79 Mon Sep 17 00:00:00 2001
2From: Lans Zhang <jia.zhang@windriver.com>
3Date: Wed, 16 Aug 2017 19:52:37 +0800
4Subject: [PATCH] cert-to-efi-hash-list: support to build with openssl-1.1.x
5
6X509 becomes opaque since openssl-1.1.x and thus uses the equivalent
7function i2d_re_X509_tbs() instead to encode tbs portion of the certificate.
8
9Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
10---
11 cert-to-efi-hash-list.c | 4 ++++
12 1 file changed, 4 insertions(+)
13
14diff --git a/cert-to-efi-hash-list.c b/cert-to-efi-hash-list.c
15index 3792553..2f2584c 100644
16--- a/cert-to-efi-hash-list.c
17+++ b/cert-to-efi-hash-list.c
18@@ -135,7 +135,11 @@ main(int argc, char *argv[])
19 X509 *cert = PEM_read_bio_X509(cert_bio, NULL, NULL, NULL);
20 unsigned char *cert_buf = NULL;
21
22+#if OPENSSL_VERSION_NUMBER < 0x10100000L
23 int cert_len = i2d_X509_CINF(cert->cert_info, &cert_buf);
24+#else
25+ int cert_len = i2d_re_X509_tbs(cert, &cert_buf);
26+#endif
27 ERR_print_errors_fp(stdout);
28
29 int len, digest_len, time_offset;
30--
312.7.5
32
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2025-06-01 02:40:01 +0000