Version 0.9.5

Andreas Schwab (1): sbsigntool: add support for RISC-V 64-bit PE/COFF images Daniel Axtens (1): sbvarsign: do not include PKCS#7 attributes James Bottomley (1): Add support for openssl-3 Jeremi Piotrowski (1): Fix openssl-3.0 issue involving ASN1 xxx_it dann frazier (1): sbkeysync: Don't ignore errors from insert_new_keys() Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
Fix openssl-3.0 issue involving ASN1 xxx_it
2023-03-19 17:07:59 -04:00 · 2022-06-13 18:12:08 -04:00 · 2022-06-13 18:12:08 -04:00
3 changed files with 12 additions and 5 deletions
--- a/configure.ac
+++ b/configure.ac
@ -1,4 +1,4 @@
-AC_INIT([sbsigntool], [0.9.4], [James.Bottomley@HansenPartnership.com])
+AC_INIT([sbsigntool], [0.9.5], [James.Bottomley@HansenPartnership.com])

 AM_INIT_AUTOMAKE()

@ -55,9 +55,12 @@ AC_DEFINE_UNQUOTED(HAVE_LITTLE_ENDIAN, $little_endian, [Little-endian system])
 AC_DEFINE_UNQUOTED(HAVE_BIG_ENDIAN, $big_endian, [Big-endian system])

 PKG_PROG_PKG_CONFIG()
-PKG_CHECK_MODULES(libcrypto, libcrypto,
+PKG_CHECK_MODULES(libcrypto, [libcrypto >= 3.0.0],
+                  [ac_have_openssl3=1],
+                  [PKG_CHECK_MODULES(libcrypto, libcrypto,
                   [],
-    AC_MSG_ERROR([libcrypto (from the OpenSSL package) is required]))
+                   AC_MSG_ERROR([libcrypto (from the OpenSSL package) is required]))])
+AM_CONDITIONAL(HAVE_OPENSSL3, test "$ac_have_openssl3" = "1")

 PKG_CHECK_MODULES(uuid, uuid,
    [],
--- a/src/Makefile.am
+++ b/src/Makefile.am
@ -4,6 +4,10 @@ bin_PROGRAMS = sbsign sbverify sbattach sbvarsign sbsiglist sbkeysync
 coff_headers = coff/external.h coff/pe.h
 AM_CFLAGS = -Wall -Wextra --std=gnu99

+if HAVE_OPENSSL3
+AM_CFLAGS += -DOPENSSL_API_COMPAT=0x10100000L
+endif
+
 common_SOURCES = idc.c idc.h image.c image.h fileio.c fileio.h \
 	efivars.h $(coff_headers)
 common_LDADD = ../lib/ccan/libccan.a $(libcrypto_LIBS)
--- a/src/idc.c
+++ b/src/idc.c
@ -189,7 +189,7 @@ int IDC_set(PKCS7 *p7, PKCS7_SIGNER_INFO *si, struct image *image)

 	idc->data->type = OBJ_nid2obj(peid_nid);
 	idc->data->value = ASN1_TYPE_new();
-	type_set_sequence(image, idc->data->value, peid, &IDC_PEID_it);
+	type_set_sequence(image, idc->data->value, peid, ASN1_ITEM_rptr(IDC_PEID));

        idc->digest->alg->parameter = ASN1_TYPE_new();
        idc->digest->alg->algorithm = OBJ_nid2obj(NID_sha256);