From 4b41056970264494a9b5b45eaa4b99b99aa72845 Mon Sep 17 00:00:00 2001 From: Lans Zhang Date: Wed, 16 Aug 2017 10:12:21 +0800 Subject: sbsigntool: fix build failure with openssl-1.0.x Signed-off-by: Lans Zhang --- .../sbsigntool/sbsigntool-native_git.bb | 2 +- ...recated-ASN1_STRING_data-in-openssl-1.1.0.patch | 73 ++++++++++++++++++++++ .../Fix-the-deprecated-ASN1_STRING_data.patch | 49 --------------- 3 files changed, 74 insertions(+), 50 deletions(-) create mode 100644 meta-efi-secure-boot/recipes-devtools/sbsigntool/sbsigntool/Fix-the-deprecated-ASN1_STRING_data-in-openssl-1.1.0.patch delete mode 100644 meta-efi-secure-boot/recipes-devtools/sbsigntool/sbsigntool/Fix-the-deprecated-ASN1_STRING_data.patch diff --git a/meta-efi-secure-boot/recipes-devtools/sbsigntool/sbsigntool-native_git.bb b/meta-efi-secure-boot/recipes-devtools/sbsigntool/sbsigntool-native_git.bb index 431144a..f52b5fc 100644 --- a/meta-efi-secure-boot/recipes-devtools/sbsigntool/sbsigntool-native_git.bb +++ b/meta-efi-secure-boot/recipes-devtools/sbsigntool/sbsigntool-native_git.bb @@ -19,7 +19,7 @@ SRC_URI = "\ file://Fix-for-multi-sign.patch \ file://sbsign-add-x-option-to-avoid-overwrite-existing-sign.patch \ file://image-fix-the-segment-fault-caused-by-the-uninitiali.patch \ - file://Fix-the-deprecated-ASN1_STRING_data.patch \ + file://Fix-the-deprecated-ASN1_STRING_data-in-openssl-1.1.0.patch \ file://Update-OpenSSL-API-usage-to-support-OpenSSL-1.1.patch \ " SRCREV="951ee95a301674c046f55330cd7460e1314deff2" diff --git a/meta-efi-secure-boot/recipes-devtools/sbsigntool/sbsigntool/Fix-the-deprecated-ASN1_STRING_data-in-openssl-1.1.0.patch b/meta-efi-secure-boot/recipes-devtools/sbsigntool/sbsigntool/Fix-the-deprecated-ASN1_STRING_data-in-openssl-1.1.0.patch new file mode 100644 index 0000000..3619945 --- /dev/null +++ b/meta-efi-secure-boot/recipes-devtools/sbsigntool/sbsigntool/Fix-the-deprecated-ASN1_STRING_data-in-openssl-1.1.0.patch @@ -0,0 +1,73 @@ +From 6ef94a67490176a6d84b4968f303e6d1c51a49ce Mon Sep 17 00:00:00 2001 +From: Lans Zhang +Date: Wed, 16 Aug 2017 10:09:43 +0800 +Subject: [PATCH] Fix the deprecated ASN1_STRING_data() in openssl-1.1.0 + +Signed-off-by: Lans Zhang +--- + src/idc.c | 4 ++-- + src/idc.h | 4 ++++ + src/sbkeysync.c | 3 ++- + 3 files changed, 8 insertions(+), 3 deletions(-) + +diff --git a/src/idc.c b/src/idc.c +index 236cefd..7f99a53 100644 +--- a/src/idc.c ++++ b/src/idc.c +@@ -238,7 +238,7 @@ struct idc *IDC_get(PKCS7 *p7, BIO *bio) + + /* extract the idc from the signed PKCS7 'other' data */ + str = p7->d.sign->contents->d.other->value.asn1_string; +- idcbuf = buf = ASN1_STRING_data(str); ++ idcbuf = buf = (const unsigned char *)ASN1_STRING_get0_data(str); + idc = d2i_IDC(NULL, &buf, ASN1_STRING_length(str)); + + /* If we were passed a BIO, write the idc data, minus type and length, +@@ -289,7 +289,7 @@ int IDC_check_hash(struct idc *idc, struct image *image) + } + + /* check hash against the one we calculated from the image */ +- buf = ASN1_STRING_data(str); ++ buf = (const unsigned char *)ASN1_STRING_get0_data(str); + if (memcmp(buf, sha, sizeof(sha))) { + fprintf(stderr, "Hash doesn't match image\n"); + fprintf(stderr, " got: %s\n", sha256_str(buf)); +diff --git a/src/idc.h b/src/idc.h +index a6526de..8011237 100644 +--- a/src/idc.h ++++ b/src/idc.h +@@ -36,6 +36,10 @@ + + #include + ++#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#define ASN1_STRING_get0_data ASN1_STRING_data ++#endif ++ + struct idc; + + int IDC_set(PKCS7 *p7, PKCS7_SIGNER_INFO *si, struct image *image); +diff --git a/src/sbkeysync.c b/src/sbkeysync.c +index a63d3b8..223a047 100644 +--- a/src/sbkeysync.c ++++ b/src/sbkeysync.c +@@ -54,6 +54,7 @@ + + #include "fileio.h" + #include "efivars.h" ++#include "idc.h" + + #define EFIVARS_MOUNTPOINT "/sys/firmware/efi/efivars" + #define PSTORE_FSTYPE 0x6165676C +@@ -210,7 +211,7 @@ static int x509_key_parse(struct key *key, uint8_t *data, size_t len) + serial = x509->cert_info->serialNumber; + + key->id_len = ASN1_STRING_length(serial); +- key->id = talloc_memdup(key, ASN1_STRING_data(serial), key->id_len); ++ key->id = talloc_memdup(key, ASN1_STRING_get0_data(serial), key->id_len); + + key->description = talloc_array(key, char, description_len); + X509_NAME_oneline(x509->cert_info->subject, +-- +2.7.5 + diff --git a/meta-efi-secure-boot/recipes-devtools/sbsigntool/sbsigntool/Fix-the-deprecated-ASN1_STRING_data.patch b/meta-efi-secure-boot/recipes-devtools/sbsigntool/sbsigntool/Fix-the-deprecated-ASN1_STRING_data.patch deleted file mode 100644 index 6ffbde2..0000000 --- a/meta-efi-secure-boot/recipes-devtools/sbsigntool/sbsigntool/Fix-the-deprecated-ASN1_STRING_data.patch +++ /dev/null @@ -1,49 +0,0 @@ -From c5d321ded2020441b0d064e03b7b07358d3f71da Mon Sep 17 00:00:00 2001 -From: Lans Zhang -Date: Tue, 15 Aug 2017 10:55:40 +0800 -Subject: [PATCH] Fix the deprecated ASN1_STRING_data() - -Signed-off-by: Lans Zhang ---- - src/idc.c | 4 ++-- - src/sbkeysync.c | 2 +- - 2 files changed, 3 insertions(+), 3 deletions(-) - -diff --git a/src/idc.c b/src/idc.c -index 236cefd..8feaa11 100644 ---- a/src/idc.c -+++ b/src/idc.c -@@ -238,7 +238,7 @@ struct idc *IDC_get(PKCS7 *p7, BIO *bio) - - /* extract the idc from the signed PKCS7 'other' data */ - str = p7->d.sign->contents->d.other->value.asn1_string; -- idcbuf = buf = ASN1_STRING_data(str); -+ idcbuf = buf = (const unsigned char *)ASN1_STRING_get0_data(str); - idc = d2i_IDC(NULL, &buf, ASN1_STRING_length(str)); - - /* If we were passed a BIO, write the idc data, minus type and length, -@@ -289,7 +289,7 @@ int IDC_check_hash(struct idc *idc, struct image *image) - } - - /* check hash against the one we calculated from the image */ -- buf = ASN1_STRING_data(str); -+ buf = (const unsigned char *)ASN1_STRING_get0_data(str); - if (memcmp(buf, sha, sizeof(sha))) { - fprintf(stderr, "Hash doesn't match image\n"); - fprintf(stderr, " got: %s\n", sha256_str(buf)); -diff --git a/src/sbkeysync.c b/src/sbkeysync.c -index a63d3b8..ef028ef 100644 ---- a/src/sbkeysync.c -+++ b/src/sbkeysync.c -@@ -210,7 +210,7 @@ static int x509_key_parse(struct key *key, uint8_t *data, size_t len) - serial = x509->cert_info->serialNumber; - - key->id_len = ASN1_STRING_length(serial); -- key->id = talloc_memdup(key, ASN1_STRING_data(serial), key->id_len); -+ key->id = talloc_memdup(key, ASN1_STRING_get0_data(serial), key->id_len); - - key->description = talloc_array(key, char, description_len); - X509_NAME_oneline(x509->cert_info->subject, --- -2.7.5 - -- cgit v1.2.3-54-g00ecf