sbsigntool: fix openssl-3.0 issue involving ASN1_ITEM TYPE_it

Use ASN1_ITEM_rptr() instead of taking the address of IDC_PEID_it. Openssl-3.0 changed the type of TYPE_it from `const ASN1_ITEM TYPE_it` to `const ASN1_ITEM *TYPE_it(void)`. This was previously hidden behind OPENSSL_EXPORT_VAR_AS_FUNCTION but in 3.0 only the function version is available. This change should have been transparent to the application, but only if the `ASN1_ITEM_rptr()` macro is used. Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
author: Yi Zhao <yi.zhao@windriver.com> 2021-10-21 12:45:41 +0800
committer: Jia Zhang <10241344+jiazhang0@users.noreply.github.com> 2021-10-21 15:57:54 +0800
commit: b308dc89ac2626d8150d59d76cdaf5c710fb510f (patch)
tree: b2f14cb7fcebfd0a04fe083daf942798625691aa
parent: 4dc1be23d9ef6f693c3b8b2b82fae02727532f8a (diff)
download: meta-secure-core-b308dc89ac2626d8150d59d76cdaf5c710fb510f.tar.gz
2 files changed, 42 insertions, 0 deletions
diff --git a/meta-signing-key/recipes-devtools/sbsigntool/sbsigntool/0001-Fix-openssl-3.0-issue-involving-ASN1-xxx_it.patch b/meta-signing-key/recipes-devtools/sbsigntool/sbsigntool/0001-Fix-openssl-3.0-issue-involving-ASN1-xxx_it.patch
new file mode 100644
index 0000000..37fd8f4
--- /dev/null
+++ b/meta-signing-key/recipes-devtools/sbsigntool/sbsigntool/0001-Fix-openssl-3.0-issue-involving-ASN1-xxx_it.patch
@@ -0,0 +1,41 @@
+From d1213b12bafce346f72adeeb01adf9c8fc7a1bd5 Mon Sep 17 00:00:00 2001
+From: Jeremi Piotrowski <jpiotrowski@microsoft.com>
+Date: Thu, 21 Oct 2021 11:57:00 +0800
+Subject: [PATCH] Fix openssl-3.0 issue involving ASN1 xxx_it
+Use ASN1_ITEM_rptr() instead of taking the address of IDC_PEID_it.
+openssl-3.0 changed the type of TYPE_it from `const ASN1_ITEM TYPE_it`
+to `const ASN1_ITEM *TYPE_it(void)`. This was previously hidden behind
+OPENSSL_EXPORT_VAR_AS_FUNCTION but in 3.0 only the function version is
+available. This change should have been transparent to the application,
+but only if the `ASN1_ITEM_rptr()` macro is used.
+This change passes `make check` with both openssl 1.1 and 3.0.
+Signed-off-by: Jeremi Piotrowski <jpiotrowski@microsoft.com>
+Upstream-Status: Backport
+[https://groups.io/g/sbsigntools/message/54]
+Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
+---
+ src/idc.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+diff --git a/src/idc.c b/src/idc.c
+index 6d87bd4..0a82218 100644
+--- a/src/idc.c
+++ b/src/idc.c
+@@ -189,7 +189,7 @@ int IDC_set(PKCS7 *p7, PKCS7_SIGNER_INFO *si, struct image *image)
+ 
+        idc->data->type = OBJ_nid2obj(peid_nid);
+        idc->data->value = ASN1_TYPE_new();
+-       type_set_sequence(image, idc->data->value, peid, &IDC_PEID_it);
+       type_set_sequence(image, idc->data->value, peid, ASN1_ITEM_rptr(IDC_PEID));
+ 
+         idc->digest->alg->parameter = ASN1_TYPE_new();
+         idc->digest->alg->algorithm = OBJ_nid2obj(NID_sha256);
+-- 
+2.25.1
diff --git a/meta-signing-key/recipes-devtools/sbsigntool/sbsigntool_git.bb b/meta-signing-key/recipes-devtools/sbsigntool/sbsigntool_git.bb
index 7fa841c..6e12eae 100644
--- a/meta-signing-key/recipes-devtools/sbsigntool/sbsigntool_git.bb
+++ b/meta-signing-key/recipes-devtools/sbsigntool/sbsigntool_git.bb
@@ -19,6 +19,7 @@ SRC_URI = " \
    file://0001-src-Makefile.am-Add-read_write_all.c-to-common_SOURC.patch \
    file://0001-fileio.c-initialize-local-variables-before-use-in-fu.patch \
    file://0001-Makefile.am-do-not-use-Werror.patch \
+    file://0001-Fix-openssl-3.0-issue-involving-ASN1-xxx_it.patch \
 "
 SRCREV_sbsigntools  ?= "f12484869c9590682ac3253d583bf59b890bb826"
 SRCREV_ccan         ?= "b1f28e17227f2320d07fe052a8a48942fe17caa5"
author	Yi Zhao <yi.zhao@windriver.com>	2021-10-21 12:45:41 +0800
committer	Jia Zhang <10241344+jiazhang0@users.noreply.github.com>	2021-10-21 15:57:54 +0800
commit	b308dc89ac2626d8150d59d76cdaf5c710fb510f (patch)
tree	b2f14cb7fcebfd0a04fe083daf942798625691aa
parent	4dc1be23d9ef6f693c3b8b2b82fae02727532f8a (diff)
download	meta-secure-core-b308dc89ac2626d8150d59d76cdaf5c710fb510f.tar.gz

diff --git a/meta-signing-key/recipes-devtools/sbsigntool/sbsigntool/0001-Fix-openssl-3.0-issue-involving-ASN1-xxx_it.patch b/meta-signing-key/recipes-devtools/sbsigntool/sbsigntool/0001-Fix-openssl-3.0-issue-involving-ASN1-xxx_it.patch new file mode 100644 index 0000000..37fd8f4 --- /dev/null +++ b/meta-signing-key/recipes-devtools/sbsigntool/sbsigntool/0001-Fix-openssl-3.0-issue-involving-ASN1-xxx_it.patch
@@ -0,0 +1,41 @@
		1	From d1213b12bafce346f72adeeb01adf9c8fc7a1bd5 Mon Sep 17 00:00:00 2001
		2	From: Jeremi Piotrowski <jpiotrowski@microsoft.com>
		3	Date: Thu, 21 Oct 2021 11:57:00 +0800
		4	Subject: [PATCH] Fix openssl-3.0 issue involving ASN1 xxx_it
		5
		6	Use ASN1_ITEM_rptr() instead of taking the address of IDC_PEID_it.
		7
		8	openssl-3.0 changed the type of TYPE_it from `const ASN1_ITEM TYPE_it`
		9	to `const ASN1_ITEM *TYPE_it(void)`. This was previously hidden behind
		10	OPENSSL_EXPORT_VAR_AS_FUNCTION but in 3.0 only the function version is
		11	available. This change should have been transparent to the application,
		12	but only if the `ASN1_ITEM_rptr()` macro is used.
		13
		14	This change passes `make check` with both openssl 1.1 and 3.0.
		15
		16	Signed-off-by: Jeremi Piotrowski <jpiotrowski@microsoft.com>
		17
		18	Upstream-Status: Backport
		19	[https://groups.io/g/sbsigntools/message/54]
		20
		21	Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
		22	---
		23	src/idc.c \| 2 +-
		24	1 file changed, 1 insertion(+), 1 deletion(-)
		25
		26	diff --git a/src/idc.c b/src/idc.c
		27	index 6d87bd4..0a82218 100644
		28	--- a/src/idc.c
		29	+++ b/src/idc.c
		30	@@ -189,7 +189,7 @@ int IDC_set(PKCS7 p7, PKCS7_SIGNER_INFO si, struct image *image)
		31
		32	idc->data->type = OBJ_nid2obj(peid_nid);
		33	idc->data->value = ASN1_TYPE_new();
		34	- type_set_sequence(image, idc->data->value, peid, &IDC_PEID_it);
		35	+ type_set_sequence(image, idc->data->value, peid, ASN1_ITEM_rptr(IDC_PEID));
		36
		37	idc->digest->alg->parameter = ASN1_TYPE_new();
		38	idc->digest->alg->algorithm = OBJ_nid2obj(NID_sha256);
		39	--
		40	2.25.1
		41


diff --git a/meta-signing-key/recipes-devtools/sbsigntool/sbsigntool_git.bb b/meta-signing-key/recipes-devtools/sbsigntool/sbsigntool_git.bb index 7fa841c..6e12eae 100644 --- a/meta-signing-key/recipes-devtools/sbsigntool/sbsigntool_git.bb +++ b/meta-signing-key/recipes-devtools/sbsigntool/sbsigntool_git.bb
@@ -19,6 +19,7 @@ SRC_URI = " \
19	file://0001-src-Makefile.am-Add-read_write_all.c-to-common_SOURC.patch \	19	file://0001-src-Makefile.am-Add-read_write_all.c-to-common_SOURC.patch \
20	file://0001-fileio.c-initialize-local-variables-before-use-in-fu.patch \	20	file://0001-fileio.c-initialize-local-variables-before-use-in-fu.patch \
21	file://0001-Makefile.am-do-not-use-Werror.patch \	21	file://0001-Makefile.am-do-not-use-Werror.patch \
		22	file://0001-Fix-openssl-3.0-issue-involving-ASN1-xxx_it.patch \
22	"	23	"
23	SRCREV_sbsigntools ?= "f12484869c9590682ac3253d583bf59b890bb826"	24	SRCREV_sbsigntools ?= "f12484869c9590682ac3253d583bf59b890bb826"
24	SRCREV_ccan ?= "b1f28e17227f2320d07fe052a8a48942fe17caa5"	25	SRCREV_ccan ?= "b1f28e17227f2320d07fe052a8a48942fe17caa5"