summaryrefslogtreecommitdiff
path: root/src/crypto_openssl.c
diff options
context:
space:
mode:
authorTimo Teräs <timo.teras@iki.fi>2021-06-19 14:42:11 +0300
committerTimo Teräs <timo.teras@iki.fi>2021-06-19 14:43:22 +0300
commit17684141fe9d895361262b10c4c229fbcff6e702 (patch)
tree4a9d93a2c89cf176c849e7ce61e34a40770abeee /src/crypto_openssl.c
parent8d92f9f2aecaf74973c26302ce7ad8f2a32e257f (diff)
downloadapk-tools-17684141fe9d895361262b10c4c229fbcff6e702.tar.gz
apk-tools-17684141fe9d895361262b10c4c229fbcff6e702.tar.bz2
apk-tools-17684141fe9d895361262b10c4c229fbcff6e702.tar.xz
apk-tools-17684141fe9d895361262b10c4c229fbcff6e702.zip
crypto: improve compatibility
EVP_MD_CTX_set_pkey_ctx() is fairly new openssl function, and not existing in many alternative. Use EVP_MD_CTX_reset() which is slightly more heavy but more portable. Add also signature buffer lengths to work with RSA.
Diffstat (limited to 'src/crypto_openssl.c')
-rw-r--r--src/crypto_openssl.c12
1 files changed, 7 insertions, 5 deletions
diff --git a/src/crypto_openssl.c b/src/crypto_openssl.c
index 5512a49..6db5e6d 100644
--- a/src/crypto_openssl.c
+++ b/src/crypto_openssl.c
@@ -115,23 +115,25 @@ int apk_pkey_load(struct apk_pkey *pkey, int dirfd, const char *fn)
int apk_sign_start(struct apk_digest_ctx *dctx, struct apk_pkey *pkey)
{
- EVP_MD_CTX_set_pkey_ctx(dctx->mdctx, NULL);
- if (EVP_DigestSignInit(dctx->mdctx, NULL, EVP_sha512(), NULL, pkey->key) != 1)
+ if (EVP_MD_CTX_reset(dctx->mdctx) != 1 ||
+ EVP_DigestSignInit(dctx->mdctx, NULL, EVP_sha512(), NULL, pkey->key) != 1)
return -EIO;
return 0;
}
int apk_sign(struct apk_digest_ctx *dctx, void *sig, size_t *len)
{
- if (EVP_DigestSignFinal(dctx->mdctx, sig, len) != 1)
+ if (EVP_DigestSignFinal(dctx->mdctx, sig, len) != 1) {
+ ERR_print_errors_fp(stderr);
return -EBADMSG;
+ }
return 0;
}
int apk_verify_start(struct apk_digest_ctx *dctx, struct apk_pkey *pkey)
{
- EVP_MD_CTX_set_pkey_ctx(dctx->mdctx, NULL);
- if (EVP_DigestVerifyInit(dctx->mdctx, NULL, EVP_sha512(), NULL, pkey->key) != 1)
+ if (EVP_MD_CTX_reset(dctx->mdctx) != 1 ||
+ EVP_DigestVerifyInit(dctx->mdctx, NULL, EVP_sha512(), NULL, pkey->key) != 1)
return -EIO;
return 0;
}