f42b7a6e10
The mokutil tool is using functions that were deprecated since OpenSSL 3.0 and needs to be ported to the newer functions that should be used instead. Resolves: rhbz#1958040 Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
99 lines
2.7 KiB
Diff
99 lines
2.7 KiB
Diff
From f552d2bb570568673d293fcb2263a2ee8c3333de Mon Sep 17 00:00:00 2001
|
|
From: Javier Martinez Canillas <javierm@redhat.com>
|
|
Date: Tue, 25 May 2021 15:22:29 +0200
|
|
Subject: [PATCH] mokutil: use EVP_Digest()* functions instead of the
|
|
deprecated SHA1_*()
|
|
|
|
The SHA1_*() functions have been deprecated since OpenSSL 3.0, this leads
|
|
to compile errors when building with -Werror=deprecated-declarations, i.e:
|
|
|
|
mokutil.c: In function 'print_x509':
|
|
mokutil.c:424:9: error: 'SHA1_Init' is deprecated: Since OpenSSL 3.0 [-Werror=deprecated-declarations]
|
|
424 | SHA1_Init (&ctx);
|
|
| ^~~~~~~~~
|
|
...
|
|
|
|
instead, the EVP_Digest*() functions could be used. Port to them and avoid
|
|
these build failures with the latest OpenSSL 3.0 version.
|
|
|
|
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
|
|
---
|
|
src/mokutil.c | 44 ++++++++++++++++++++++++++++++++++++--------
|
|
1 file changed, 36 insertions(+), 8 deletions(-)
|
|
|
|
diff --git a/src/mokutil.c b/src/mokutil.c
|
|
index 563e585979b..3fdc791af7f 100644
|
|
--- a/src/mokutil.c
|
|
+++ b/src/mokutil.c
|
|
@@ -405,8 +405,10 @@ print_x509 (char *cert, int cert_size)
|
|
{
|
|
X509 *X509cert;
|
|
BIO *cert_bio;
|
|
- SHA_CTX ctx;
|
|
- uint8_t fingerprint[SHA_DIGEST_LENGTH];
|
|
+ EVP_MD_CTX *ctx;
|
|
+ const EVP_MD *md;
|
|
+ unsigned int md_len;
|
|
+ unsigned char fingerprint[EVP_MAX_MD_SIZE];
|
|
|
|
cert_bio = BIO_new (BIO_s_mem ());
|
|
BIO_write (cert_bio, cert, cert_size);
|
|
@@ -418,22 +420,48 @@ print_x509 (char *cert, int cert_size)
|
|
X509cert = d2i_X509_bio (cert_bio, NULL);
|
|
if (X509cert == NULL) {
|
|
fprintf (stderr, "Invalid X509 certificate\n");
|
|
- return -1;
|
|
+ goto cleanup_bio;
|
|
+ }
|
|
+
|
|
+ md = EVP_get_digestbyname ("SHA1");
|
|
+ if(md == NULL) {
|
|
+ fprintf (stderr, "Failed to get SHA1 digest\n");
|
|
+ goto cleanup_bio;
|
|
+ }
|
|
+
|
|
+ ctx = EVP_MD_CTX_create ();
|
|
+ if (ctx == NULL) {
|
|
+ fprintf (stderr, "Failed to create digest context\n");
|
|
+ goto cleanup_bio;
|
|
}
|
|
|
|
- SHA1_Init (&ctx);
|
|
- SHA1_Update (&ctx, cert, cert_size);
|
|
- SHA1_Final (fingerprint, &ctx);
|
|
+ if (!EVP_DigestInit_ex (ctx, md, NULL)) {
|
|
+ fprintf (stderr, "Failed to initialize digest context\n");
|
|
+ goto cleanup_ctx;
|
|
+ }
|
|
+
|
|
+ if (!EVP_DigestUpdate (ctx, cert, cert_size)) {
|
|
+ fprintf (stderr, "Failed to hash into the digest context\n");
|
|
+ goto cleanup_ctx;
|
|
+ }
|
|
+
|
|
+ if (!EVP_DigestFinal_ex (ctx, fingerprint, &md_len)) {
|
|
+ fprintf (stderr, "Failed to get digest value\n");
|
|
+ goto cleanup_ctx;
|
|
+ }
|
|
|
|
printf ("SHA1 Fingerprint: ");
|
|
- for (unsigned int i = 0; i < SHA_DIGEST_LENGTH; i++) {
|
|
+ for (unsigned int i = 0; i < md_len; i++) {
|
|
printf ("%02x", fingerprint[i]);
|
|
- if (i < SHA_DIGEST_LENGTH - 1)
|
|
+ if (i < md_len - 1)
|
|
printf (":");
|
|
}
|
|
printf ("\n");
|
|
X509_print_fp (stdout, X509cert);
|
|
|
|
+cleanup_ctx:
|
|
+ EVP_MD_CTX_destroy (ctx);
|
|
+cleanup_bio:
|
|
BIO_free (cert_bio);
|
|
|
|
return 0;
|
|
--
|
|
2.31.1
|
|
|