UPSTREAM: rsa: use new openssl API to create signature
Previous implementation of the rsa signature was using the openssl API EVP_Sign*, but the new openssl API EVP_DigestSign* is more flexible. So we move to this new API. Signed-off-by: Philippe Reynes <philippe.reynes@softathome.com> Reviewed-by: Simon Glass <sjg@chromium.org> (cherry picked from commit 3b5d6979fcb80ffae3b140be6edc04cbde1a0b72) Conflicts: lib/rsa/rsa-sign.c Change-Id: I6016a13904024a63d6fb8110cef37e57a164eed9 Signed-off-by: Joseph Chen <chenjh@rock-chips.com>
This commit is contained in:
Philippe Reynes
Jianhong Chen
parent
07d90e7755
commit
624f7c0791
|
|
@ -415,7 +415,8 @@ static int rsa_sign_with_key(RSA *rsa, struct checksum_algo *checksum_algo,
|
|||
{
|
||||
EVP_PKEY *key;
|
||||
EVP_MD_CTX *context;
|
||||
int size, ret = 0;
|
||||
int ret = 0;
|
||||
size_t size;
|
||||
uint8_t *sig;
|
||||
int i;
|
||||
|
||||
|
|
@ -431,7 +432,7 @@ static int rsa_sign_with_key(RSA *rsa, struct checksum_algo *checksum_algo,
|
|||
size = EVP_PKEY_size(key);
|
||||
sig = malloc(size);
|
||||
if (!sig) {
|
||||
fprintf(stderr, "Out of memory for signature (%d bytes)\n",
|
||||
fprintf(stderr, "Out of memory for signature (%zu bytes)\n",
|
||||
size);
|
||||
ret = -ENOMEM;
|
||||
goto err_alloc;
|
||||
|
|
@ -443,23 +444,28 @@ static int rsa_sign_with_key(RSA *rsa, struct checksum_algo *checksum_algo,
|
|||
goto err_create;
|
||||
}
|
||||
EVP_MD_CTX_init(context);
|
||||
if (!EVP_SignInit(context, checksum_algo->calculate_sign())) {
|
||||
if (EVP_DigestSignInit(context, NULL,
|
||||
checksum_algo->calculate_sign(),
|
||||
NULL, key) <= 0) {
|
||||
ret = rsa_err("Signer setup failed");
|
||||
goto err_sign;
|
||||
}
|
||||
|
||||
for (i = 0; i < region_count; i++) {
|
||||
if (!EVP_SignUpdate(context, region[i].data, region[i].size)) {
|
||||
if (!EVP_DigestSignUpdate(context, region[i].data,
|
||||
region[i].size)) {
|
||||
ret = rsa_err("Signing data failed");
|
||||
goto err_sign;
|
||||
}
|
||||
}
|
||||
|
||||
if (!EVP_SignFinal(context, sig, sig_size, key)) {
|
||||
if (!EVP_DigestSignFinal(context, sig, &size)) {
|
||||
ret = rsa_err("Could not obtain signature");
|
||||
goto err_sign;
|
||||
}
|
||||
#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
|
||||
#if OPENSSL_VERSION_NUMBER < 0x10100000L || \
|
||||
(defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x02070000fL)
|
||||
EVP_MD_CTX_cleanup(context);
|
||||
#else
|
||||
EVP_MD_CTX_reset(context);
|
||||
|
|
@ -467,7 +473,7 @@ static int rsa_sign_with_key(RSA *rsa, struct checksum_algo *checksum_algo,
|
|||
EVP_MD_CTX_destroy(context);
|
||||
EVP_PKEY_free(key);
|
||||
|
||||
debug("Got signature: %d bytes, expected %d\n", *sig_size, size);
|
||||
debug("Got signature: %d bytes, expected %zu\n", *sig_size, size);
|
||||
*sigp = sig;
|
||||
*sig_size = size;
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue