Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 526534 Details for
Bug 652428
net-wireless/crda-3.18-r1 with >=dev-libs/openssl-1.1.0 - keys-ssl.c:57:19: error: field ‘e’ has incomplete type
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
crda-3.18-openssl-1.1.0-compatibility.patch
crda-3.18-openssl-1.1.0-compatibility.patch (text/plain), 8.78 KB, created by
Quentin Minster
on 2018-04-04 16:54:57 UTC
(
hide
)
Description:
crda-3.18-openssl-1.1.0-compatibility.patch
Filename:
MIME Type:
Creator:
Quentin Minster
Created:
2018-04-04 16:54:57 UTC
Size:
8.78 KB
patch
obsolete
>From 338637ac08c19708eb35523894b44bbe3c726cfa Mon Sep 17 00:00:00 2001 >From: quentin <quentin@minster.io> >Date: Mon, 2 Apr 2018 18:07:50 +0200 >Subject: [PATCH] crda: Fix for OpenSSL 1.1.0: BIGNUM now opaque > >OpenSSL 1.1.0 makes most of OpenSSL's structures opaque, and provides >functions to manipulate them. This means it's no longer possible to >construct an OpenSSL BIGNUM directly from scratch, as was done in >keys-ssl.c. > >Use BN_bin2bn() (available since OpenSSL 0.9.8) to build the bignum from >its big-endian representation as a byte array. > >This also allows factoring the code in utils/key2pub.py as it's now the >same mechanism as with libgcrypt. > >This was tested with OpenSSL 1.1.0g. > >Signed-off-by: Quentin Minster <quentin@minster.io> >--- > .gitignore | 2 +- > Makefile | 12 +++---- > reglib.c | 44 +++++++++++++++++------ > utils/key2pub.py | 107 ++++++------------------------------------------------- > 4 files changed, 50 insertions(+), 115 deletions(-) > >diff --git a/.gitignore b/.gitignore >index 7c4bb3a..29480a5 100644 >--- a/.gitignore >+++ b/.gitignore >@@ -10,5 +10,5 @@ regdbdump > *.o > *.so > *.pyc >-keys-*.c >+keys.c > key.priv.pem >diff --git a/Makefile b/Makefile >index a3ead30..a4e7373 100644 >--- a/Makefile >+++ b/Makefile >@@ -38,18 +38,16 @@ all: all_noverify verify > > all_noverify: $(LIBREG) crda intersect regdbdump db2rd optimize > >+$(LIBREG): keys.c >+ > ifeq ($(USE_OPENSSL),1) > CFLAGS += -DUSE_OPENSSL -DPUBKEY_DIR=\"$(RUNTIME_PUBKEY_DIR)\" `pkg-config --cflags openssl` > LDLIBS += `pkg-config --libs openssl` > >-$(LIBREG): keys-ssl.c >- > else > CFLAGS += -DUSE_GCRYPT > LDLIBS += -lgcrypt > >-$(LIBREG): keys-gcrypt.c >- > endif > MKDIR ?= mkdir -p > INSTALL ?= install >@@ -109,10 +107,10 @@ $(REG_BIN): > $(NQ) > $(Q) exit 1 > >-keys-%.c: utils/key2pub.py $(wildcard $(PUBKEY_DIR)/*.pem) >+keys.c: utils/key2pub.py $(wildcard $(PUBKEY_DIR)/*.pem) > $(NQ) ' GEN ' $@ > $(NQ) ' Trusted pubkeys:' $(wildcard $(PUBKEY_DIR)/*.pem) >- $(Q)./utils/key2pub.py --$* $(wildcard $(PUBKEY_DIR)/*.pem) $@ >+ $(Q)./utils/key2pub.py $(wildcard $(PUBKEY_DIR)/*.pem) $@ > > $(LIBREG): regdb.h reglib.h reglib.c > $(NQ) ' CC ' $@ >@@ -187,5 +185,5 @@ install: install-libreg install-libreg-headers crda crda.8.gz regdbdump.8.gz > > clean: > $(Q)rm -f $(LIBREG) crda regdbdump intersect db2rd optimize \ >- *.o *~ *.pyc keys-*.c *.gz \ >+ *.o *~ *.pyc keys.c *.gz \ > udev/$(UDEV_LEVEL)regulatory.rules udev/regulatory.rules.parsed >diff --git a/reglib.c b/reglib.c >index e00e9b8..00f7f56 100644 >--- a/reglib.c >+++ b/reglib.c >@@ -22,6 +22,7 @@ > #include <openssl/rsa.h> > #include <openssl/sha.h> > #include <openssl/pem.h> >+#include <openssl/bn.h> > #endif > > #ifdef USE_GCRYPT >@@ -30,12 +31,8 @@ > > #include "reglib.h" > >-#ifdef USE_OPENSSL >-#include "keys-ssl.c" >-#endif >- >-#ifdef USE_GCRYPT >-#include "keys-gcrypt.c" >+#if defined(USE_OPENSSL) || defined(USE_GCRYPT) >+#include "keys.c" > #endif > > int debug = 0; >@@ -81,7 +78,8 @@ reglib_array_len(size_t baselen, unsigned int elemcount, size_t elemlen) > #ifdef USE_OPENSSL > int reglib_verify_db_signature(uint8_t *db, size_t dblen, size_t siglen) > { >- RSA *rsa; >+ RSA *rsa = NULL; >+ BIGNUM *rsa_e = NULL, *rsa_n = NULL; > uint8_t hash[SHA_DIGEST_LENGTH]; > unsigned int i; > int ok = 0; >@@ -102,15 +100,35 @@ int reglib_verify_db_signature(uint8_t *db, size_t dblen, size_t siglen) > goto out; > } > >- rsa->e = &keys[i].e; >- rsa->n = &keys[i].n; >+ rsa_e = BN_bin2bn(keys[i].e, keys[i].len_e, NULL); >+ if (!rsa_e) { >+ fprintf(stderr, "Failed to convert value for RSA e.\n"); >+ goto out; >+ } >+ rsa_n = BN_bin2bn(keys[i].n, keys[i].len_n, NULL); >+ if (!rsa_n) { >+ fprintf(stderr, "Failed to convert value for RSA n.\n"); >+ goto out; >+ } >+ >+#if OPENSSL_VERSION_NUMBER < 0x10100000L >+ rsa->e = rsa_e; >+ rsa->n = rsa_n; >+#else >+ if (RSA_set0_key(rsa, rsa_n, rsa_e, NULL) != 1) { >+ fprintf(stderr, "Failed to set RSA key.\n"); >+ goto out; >+ } >+#endif >+ /* BIGNUMs now owned by the RSA object */ >+ rsa_e = NULL; >+ rsa_n = NULL; > > ok = RSA_verify(NID_sha1, hash, SHA_DIGEST_LENGTH, > db + dblen, siglen, rsa) == 1; > >- rsa->e = NULL; >- rsa->n = NULL; > RSA_free(rsa); >+ rsa = NULL; > } > if (!ok && (pubkey_dir = opendir(PUBKEY_DIR))) { > while (!ok && (nextfile = readdir(pubkey_dir))) { >@@ -123,6 +141,7 @@ int reglib_verify_db_signature(uint8_t *db, size_t dblen, size_t siglen) > ok = RSA_verify(NID_sha1, hash, SHA_DIGEST_LENGTH, > db + dblen, siglen, rsa) == 1; > RSA_free(rsa); >+ rsa = NULL; > fclose(keyfile); > } > } >@@ -133,6 +152,9 @@ int reglib_verify_db_signature(uint8_t *db, size_t dblen, size_t siglen) > fprintf(stderr, "Database signature verification failed.\n"); > > out: >+ RSA_free(rsa); >+ BN_free(rsa_e); >+ BN_free(rsa_n); > return ok; > } > #endif /* USE_OPENSSL */ >diff --git a/utils/key2pub.py b/utils/key2pub.py >index 9bb04cd..1919270 100755 >--- a/utils/key2pub.py >+++ b/utils/key2pub.py >@@ -9,84 +9,7 @@ except ImportError, e: > sys.stderr.write('On Debian GNU/Linux the package is called "python-m2crypto".\n') > sys.exit(1) > >-def print_ssl_64(output, name, val): >- while val[0] == '\0': >- val = val[1:] >- while len(val) % 8: >- val = '\0' + val >- vnew = [] >- while len(val): >- vnew.append((val[0], val[1], val[2], val[3], val[4], val[5], val[6], val[7])) >- val = val[8:] >- vnew.reverse() >- output.write('static BN_ULONG %s[%d] = {\n' % (name, len(vnew))) >- idx = 0 >- for v1, v2, v3, v4, v5, v6, v7, v8 in vnew: >- if not idx: >- output.write('\t') >- output.write('0x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x, ' % (ord(v1), ord(v2), ord(v3), ord(v4), ord(v5), ord(v6), ord(v7), ord(v8))) >- idx += 1 >- if idx == 2: >- idx = 0 >- output.write('\n') >- if idx: >- output.write('\n') >- output.write('};\n\n') >- >-def print_ssl_32(output, name, val): >- while val[0] == '\0': >- val = val[1:] >- while len(val) % 4: >- val = '\0' + val >- vnew = [] >- while len(val): >- vnew.append((val[0], val[1], val[2], val[3], )) >- val = val[4:] >- vnew.reverse() >- output.write('static BN_ULONG %s[%d] = {\n' % (name, len(vnew))) >- idx = 0 >- for v1, v2, v3, v4 in vnew: >- if not idx: >- output.write('\t') >- output.write('0x%.2x%.2x%.2x%.2x, ' % (ord(v1), ord(v2), ord(v3), ord(v4))) >- idx += 1 >- if idx == 4: >- idx = 0 >- output.write('\n') >- if idx: >- output.write('\n') >- output.write('};\n\n') >- >-def print_ssl(output, name, val): >- import struct >- output.write('#include <stdint.h>\n') >- if len(struct.pack('@L', 0)) == 8: >- return print_ssl_64(output, name, val) >- else: >- return print_ssl_32(output, name, val) >- >-def print_ssl_keys(output, n): >- output.write(r''' >-struct pubkey { >- struct bignum_st e, n; >-}; >- >-#define KEY(data) { \ >- .d = data, \ >- .top = sizeof(data)/sizeof(data[0]), \ >-} >- >-#define KEYS(e,n) { KEY(e), KEY(n), } >- >-static struct pubkey keys[] = { >-''') >- for n in xrange(n + 1): >- output.write(' KEYS(e_%d, n_%d),\n' % (n, n)) >- output.write('};\n') >- pass >- >-def print_gcrypt(output, name, val): >- output.write('#include <stdint.h>\n') >+def print_bignum(output, name, val): > while val[0] == '\0': > val = val[1:] > output.write('static const uint8_t %s[%d] = {\n' % (name, len(val))) >@@ -103,11 +26,11 @@ def print_gcrypt(output, name, val): > output.write('\n') > output.write('};\n\n') > >-def print_gcrypt_keys(output, n): >+def print_keys(output, n): > output.write(r''' > struct key_params { > const uint8_t *e, *n; >- uint32_t len_e, len_n; >+ const uint32_t len_e, len_n; > }; > > #define KEYS(_e, _n) { \ >@@ -120,25 +43,17 @@ static const struct key_params __attribute__ ((unused)) keys[] = { > for n in xrange(n + 1): > output.write(' KEYS(e_%d, n_%d),\n' % (n, n)) > output.write('};\n') >- > >-modes = { >- '--ssl': (print_ssl, print_ssl_keys), >- '--gcrypt': (print_gcrypt, print_gcrypt_keys), >-} > >-try: >- mode = sys.argv[1] >- files = sys.argv[2:-1] >- outfile = sys.argv[-1] >-except IndexError: >- mode = None >+files = sys.argv[1:-1] >+outfile = sys.argv[-1] > >-if not mode in modes: >- print 'Usage: %s [%s] input-file... output-file' % (sys.argv[0], '|'.join(modes.keys())) >+if len(files) == 0: >+ print 'Usage: %s input-file... output-file' % (sys.argv[0], ) > sys.exit(2) > > output = open(outfile, 'w') >+output.write('#include <stdint.h>\n\n\n') > > # load key > idx = 0 >@@ -148,8 +63,8 @@ for f in files: > except RSA.RSAError: > key = RSA.load_key(f) > >- modes[mode][0](output, 'e_%d' % idx, key.e[4:]) >- modes[mode][0](output, 'n_%d' % idx, key.n[4:]) >+ print_bignum(output, 'e_%d' % idx, key.e[4:]) >+ print_bignum(output, 'n_%d' % idx, key.n[4:]) > idx += 1 > >-modes[mode][1](output, idx - 1) >+print_keys(output, idx - 1) >-- >2.16.2 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=526534">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 652428
:
526532
| 526534
