1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
|
diff --git a/src/fileio.c b/src/fileio.c
index 032eb1e..09bc3aa 100644
--- a/src/fileio.c
+++ b/src/fileio.c
@@ -40,6 +40,7 @@
#include <openssl/pem.h>
#include <openssl/err.h>
#include <openssl/engine.h>
+#include <openssl/ui.h>
#include <ccan/talloc/talloc.h>
#include <ccan/read_write_all/read_write_all.h>
diff --git a/src/idc.c b/src/idc.c
index 236cefd..18c670a 100644
--- a/src/idc.c
+++ b/src/idc.c
@@ -238,7 +238,11 @@ struct idc *IDC_get(PKCS7 *p7, BIO *bio)
/* extract the idc from the signed PKCS7 'other' data */
str = p7->d.sign->contents->d.other->value.asn1_string;
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
idcbuf = buf = ASN1_STRING_data(str);
+#else
+ idcbuf = buf = ASN1_STRING_get0_data(str);
+#endif
idc = d2i_IDC(NULL, &buf, ASN1_STRING_length(str));
/* If we were passed a BIO, write the idc data, minus type and length,
@@ -289,7 +293,11 @@ int IDC_check_hash(struct idc *idc, struct image *image)
}
/* check hash against the one we calculated from the image */
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
buf = ASN1_STRING_data(str);
+#else
+ buf = ASN1_STRING_get0_data(str);
+#endif
if (memcmp(buf, sha, sizeof(sha))) {
fprintf(stderr, "Hash doesn't match image\n");
fprintf(stderr, " got: %s\n", sha256_str(buf));
diff --git a/src/sbattach.c b/src/sbattach.c
index a0c01b8..fe5a18e 100644
--- a/src/sbattach.c
+++ b/src/sbattach.c
@@ -231,6 +231,7 @@ int main(int argc, char **argv)
return EXIT_FAILURE;
}
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
ERR_load_crypto_strings();
OpenSSL_add_all_digests();
OPENSSL_config(NULL);
@@ -239,6 +240,7 @@ int main(int argc, char **argv)
* module isn't present). In either case ignore the errors
* (malloc will cause other failures out lower down */
ERR_clear_error();
+#endif
image = image_load(image_filename);
if (!image) {
diff --git a/src/sbkeysync.c b/src/sbkeysync.c
index 7b17f40..753ca52 100644
--- a/src/sbkeysync.c
+++ b/src/sbkeysync.c
@@ -208,7 +208,11 @@ static int x509_key_parse(struct key *key, uint8_t *data, size_t len)
goto out;
key->id_len = ASN1_STRING_length(serial);
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
key->id = talloc_memdup(key, ASN1_STRING_data(serial), key->id_len);
+#else
+ key->id = talloc_memdup(key, ASN1_STRING_get0_data(serial), key->id_len);
+#endif
key->description = talloc_array(key, char, description_len);
X509_NAME_oneline(X509_get_subject_name(x509),
@@ -927,6 +931,7 @@ int main(int argc, char **argv)
return EXIT_FAILURE;
}
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
ERR_load_crypto_strings();
OpenSSL_add_all_digests();
OpenSSL_add_all_ciphers();
@@ -936,6 +941,7 @@ int main(int argc, char **argv)
* module isn't present). In either case ignore the errors
* (malloc will cause other failures out lower down */
ERR_clear_error();
+#endif
ctx->filesystem_keys = init_keyset(ctx);
ctx->firmware_keys = init_keyset(ctx);
diff --git a/src/sbsign.c b/src/sbsign.c
index ff1fdfd..5754113 100644
--- a/src/sbsign.c
+++ b/src/sbsign.c
@@ -188,6 +188,7 @@ int main(int argc, char **argv)
talloc_steal(ctx, ctx->image);
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
ERR_load_crypto_strings();
OpenSSL_add_all_digests();
OpenSSL_add_all_ciphers();
@@ -197,6 +198,7 @@ int main(int argc, char **argv)
* module isn't present). In either case ignore the errors
* (malloc will cause other failures out lower down */
ERR_clear_error();
+#endif
if (engine)
pkey = fileio_read_engine_key(engine, keyfilename);
else
diff --git a/src/sbvarsign.c b/src/sbvarsign.c
index 7dcbe51..f39b640 100644
--- a/src/sbvarsign.c
+++ b/src/sbvarsign.c
@@ -509,6 +509,7 @@ int main(int argc, char **argv)
return EXIT_FAILURE;
}
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
/* initialise openssl */
OpenSSL_add_all_digests();
OpenSSL_add_all_ciphers();
@@ -519,6 +520,7 @@ int main(int argc, char **argv)
* module isn't present). In either case ignore the errors
* (malloc will cause other failures out lower down */
ERR_clear_error();
+#endif
/* set up the variable signing context */
varname = argv[optind];
diff --git a/src/sbverify.c b/src/sbverify.c
index 3920d91..5b0bacb 100644
--- a/src/sbverify.c
+++ b/src/sbverify.c
@@ -56,13 +56,13 @@
#include <openssl/pem.h>
#include <openssl/x509v3.h>
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
#define X509_OBJECT_get0_X509(obj) ((obj)->data.x509)
#define X509_OBJECT_get_type(obj) ((obj)->type)
#define X509_STORE_CTX_get0_cert(ctx) ((ctx)->cert)
#define X509_STORE_get0_objects(certs) ((certs)->objs)
#define X509_get_extended_key_usage(cert) ((cert)->ex_xkusage)
-#if OPENSSL_VERSION_NUMBER < 0x10020000L
+#if OPENSSL_VERSION_NUMBER < 0x10020000L || defined(LIBRESSL_VERSION_NUMBER)
#define X509_STORE_CTX_get0_store(ctx) ((ctx)->ctx)
#endif
#endif
@@ -250,6 +250,7 @@ int main(int argc, char **argv)
verbose = false;
detached_sig_filename = NULL;
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
OpenSSL_add_all_digests();
ERR_load_crypto_strings();
OPENSSL_config(NULL);
@@ -258,6 +259,7 @@ int main(int argc, char **argv)
* module isn't present). In either case ignore the errors
* (malloc will cause other failures out lower down */
ERR_clear_error();
+#endif
for (;;) {
int idx;
|
GitWeb