RSA_get0_* functions are not available in LibreSSL and deprecated in OpenSSL. This fixes build with LibreSSL and removes deprecation warnings with OpenSSL 3

Signed-off-by: Michal Vasilek michal.vasilek@nic.cz --- tools/sunxi_toc0.c | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-)

diff --git a/tools/sunxi_toc0.c b/tools/sunxi_toc0.c index bab5d17b7d..a6c4b59010 100644 --- a/tools/sunxi_toc0.c +++ b/tools/sunxi_toc0.c @@ -207,8 +207,8 @@ static int toc0_create_key_item(uint8_t *buf, uint32_t *len, int n_len, e_len;

/* Store key 0. */ - n_len = BN_bn2bin(RSA_get0_n(root_key), key_item->key0); - e_len = BN_bn2bin(RSA_get0_e(root_key), key_item->key0 + n_len); + n_len = BN_bn2bin(root_key->n, key_item->key0); + e_len = BN_bn2bin(root_key->e, key_item->key0 + n_len); if (n_len + e_len > sizeof(key_item->key0)) { pr_err("Root key is too big for key item\n"); goto err; @@ -217,8 +217,8 @@ static int toc0_create_key_item(uint8_t *buf, uint32_t *len, key_item->key0_e_len = cpu_to_le32(e_len);

/* Store key 1. */ - n_len = BN_bn2bin(RSA_get0_n(fw_key), key_item->key1); - e_len = BN_bn2bin(RSA_get0_e(fw_key), key_item->key1 + n_len); + n_len = BN_bn2bin(fw_key->n, key_item->key1); + e_len = BN_bn2bin(fw_key->e, key_item->key1 + n_len); if (n_len + e_len > sizeof(key_item->key1)) { pr_err("Firmware key is too big for key item\n"); goto err; @@ -281,8 +281,8 @@ static int toc0_verify_key_item(const uint8_t *buf, uint32_t len, goto err;

/* If a root key was provided, compare it to key 0. */ - if (root_key && (BN_cmp(n, RSA_get0_n(root_key)) || - BN_cmp(e, RSA_get0_e(root_key)))) { + if (root_key && (BN_cmp(n, root_key->n) || + BN_cmp(e, root_key->e))) { pr_err("Wrong root key in key item\n"); goto err; } @@ -313,8 +313,8 @@ static int toc0_verify_key_item(const uint8_t *buf, uint32_t len,

if (*fw_key) { /* If a FW key was provided, compare it to key 1. */ - if (BN_cmp(n, RSA_get0_n(*fw_key)) || - BN_cmp(e, RSA_get0_e(*fw_key))) { + if (BN_cmp(n, (*fw_key)->n) || + BN_cmp(e, (*fw_key)->e)) { pr_err("Wrong firmware key in key item\n"); goto err; } @@ -361,8 +361,8 @@ static int toc0_create_cert_item(uint8_t *buf, uint32_t *len, RSA *fw_key, */ totalSequence = &cert_item->totalSequence; publicKey = &totalSequence->mainSequence.subjectPublicKeyInfo.publicKey; - if (BN_bn2binpad(RSA_get0_n(fw_key), publicKey->n, sizeof(publicKey->n)) < 0 || - BN_bn2binpad(RSA_get0_e(fw_key), publicKey->e, sizeof(publicKey->e)) < 0) { + if (BN_bn2binpad(fw_key->n, publicKey->n, sizeof(publicKey->n)) < 0 || + BN_bn2binpad(fw_key->e, publicKey->e, sizeof(publicKey->e)) < 0) { pr_err("Firmware key is too big for certificate\n"); goto err; } @@ -430,8 +430,8 @@ static int toc0_verify_cert_item(const uint8_t *buf, uint32_t len, RSA *fw_key, goto err;

/* If a key was provided, compare it to the embedded key. */ - if (fw_key && (BN_cmp(RSA_get0_n(key), RSA_get0_n(fw_key)) || - BN_cmp(RSA_get0_e(key), RSA_get0_e(fw_key)))) { + if (fw_key && (BN_cmp(key->n, fw_key->n) || + BN_cmp(key->e, fw_key->e))) { pr_err("Wrong firmware key in certificate\n"); goto err; } @@ -830,7 +830,7 @@ static void toc0_set_header(void *buf, struct stat *sbuf, int ifd, }

/* When using an existing key item, the root key is optional. */ - if (!key_item && (!root_key || !RSA_get0_d(root_key))) { + if (!key_item && (!root_key || !root_key->d)) { pr_err("Failed to read private key from '%s'\n", root_key_file); pr_info("Try 'openssl genrsa -out root_key.pem'\n"); @@ -846,7 +846,7 @@ static void toc0_set_header(void *buf, struct stat *sbuf, int ifd, } if (!fw_key) { /* If the root key is a private key, it can be used instead. */ - if (root_key && RSA_get0_d(root_key)) { + if (root_key && root_key->d) { pr_info("Using root key as firmware key\n"); fw_key = root_key; } else {