crypto: improve compatibility

EVP_MD_CTX_set_pkey_ctx() is fairly new openssl function, and not
existing in many alternative. Use EVP_MD_CTX_reset() which is slightly
more heavy but more portable. Add also signature buffer lengths to
work with RSA.

3 files changed, 9 insertions, 7 deletions

diff --git a/src/adb.h b/src/adb.h
index 1944522..2319f92 100644
--- a/src/adb.h
+++ b/src/adb.h
@@ -74,7 +74,7 @@ static inline apk_blob_t adb_block_blob(struct adb_block *b) {
 	return APK_BLOB_PTR_LEN(adb_block_payload(b), adb_block_length(b));
 }
 
-#define ADB_MAX_SIGNATURE_LEN 256
+#define ADB_MAX_SIGNATURE_LEN 2048
 
 struct adb_sign_hdr {
 	uint8_t sign_ver, hash_alg;
diff --git a/src/adb_walk_adb.c b/src/adb_walk_adb.c
index 155ef33..2b3b34b 100644
--- a/src/adb_walk_adb.c
+++ b/src/adb_walk_adb.c
@@ -106,7 +106,7 @@ static int dump_object(struct adb_walk_ctx *ctx, const struct adb_object_schema
 
 static int dump_adb(struct adb_walk_ctx *ctx)
 {
-	char tmp[512];
+	char tmp[16+ADB_MAX_SIGNATURE_LEN*2];
 	struct adb_block *blk;
 	struct adb_sign_hdr *s;
 	struct adb_verify_ctx vfy = {};
diff --git a/src/crypto_openssl.c b/src/crypto_openssl.c
index 5512a49..6db5e6d 100644
--- a/src/crypto_openssl.c
+++ b/src/crypto_openssl.c
@@ -115,23 +115,25 @@ int apk_pkey_load(struct apk_pkey *pkey, int dirfd, const char *fn)
 
 int apk_sign_start(struct apk_digest_ctx *dctx, struct apk_pkey *pkey)
 {
-	EVP_MD_CTX_set_pkey_ctx(dctx->mdctx, NULL);
-	if (EVP_DigestSignInit(dctx->mdctx, NULL, EVP_sha512(), NULL, pkey->key) != 1)
+	if (EVP_MD_CTX_reset(dctx->mdctx) != 1 ||
+	    EVP_DigestSignInit(dctx->mdctx, NULL, EVP_sha512(), NULL, pkey->key) != 1)
 		return -EIO;
 	return 0;
 }
 
 int apk_sign(struct apk_digest_ctx *dctx, void *sig, size_t *len)
 {
-	if (EVP_DigestSignFinal(dctx->mdctx, sig, len) != 1)
+	if (EVP_DigestSignFinal(dctx->mdctx, sig, len) != 1) {
+		ERR_print_errors_fp(stderr);
 		return -EBADMSG;
+	}
 	return 0;
 }
 
 int apk_verify_start(struct apk_digest_ctx *dctx, struct apk_pkey *pkey)
 {
-	EVP_MD_CTX_set_pkey_ctx(dctx->mdctx, NULL);
-	if (EVP_DigestVerifyInit(dctx->mdctx, NULL, EVP_sha512(), NULL, pkey->key) != 1)
+	if (EVP_MD_CTX_reset(dctx->mdctx) != 1 ||
+	    EVP_DigestVerifyInit(dctx->mdctx, NULL, EVP_sha512(), NULL, pkey->key) != 1)
 		return -EIO;
 	return 0;
 }