diff options
author | Timo Teräs <timo.teras@iki.fi> | 2021-06-19 14:42:11 +0300 |
---|---|---|
committer | Timo Teräs <timo.teras@iki.fi> | 2021-06-19 14:43:22 +0300 |
commit | 17684141fe9d895361262b10c4c229fbcff6e702 (patch) | |
tree | 4a9d93a2c89cf176c849e7ce61e34a40770abeee /src/crypto_openssl.c | |
parent | 8d92f9f2aecaf74973c26302ce7ad8f2a32e257f (diff) | |
download | apk-tools-17684141fe9d895361262b10c4c229fbcff6e702.tar.gz apk-tools-17684141fe9d895361262b10c4c229fbcff6e702.tar.bz2 apk-tools-17684141fe9d895361262b10c4c229fbcff6e702.tar.xz apk-tools-17684141fe9d895361262b10c4c229fbcff6e702.zip |
crypto: improve compatibility
EVP_MD_CTX_set_pkey_ctx() is fairly new openssl function, and not
existing in many alternative. Use EVP_MD_CTX_reset() which is slightly
more heavy but more portable. Add also signature buffer lengths to
work with RSA.
Diffstat (limited to 'src/crypto_openssl.c')
-rw-r--r-- | src/crypto_openssl.c | 12 |
1 files changed, 7 insertions, 5 deletions
diff --git a/src/crypto_openssl.c b/src/crypto_openssl.c index 5512a49..6db5e6d 100644 --- a/src/crypto_openssl.c +++ b/src/crypto_openssl.c @@ -115,23 +115,25 @@ int apk_pkey_load(struct apk_pkey *pkey, int dirfd, const char *fn) int apk_sign_start(struct apk_digest_ctx *dctx, struct apk_pkey *pkey) { - EVP_MD_CTX_set_pkey_ctx(dctx->mdctx, NULL); - if (EVP_DigestSignInit(dctx->mdctx, NULL, EVP_sha512(), NULL, pkey->key) != 1) + if (EVP_MD_CTX_reset(dctx->mdctx) != 1 || + EVP_DigestSignInit(dctx->mdctx, NULL, EVP_sha512(), NULL, pkey->key) != 1) return -EIO; return 0; } int apk_sign(struct apk_digest_ctx *dctx, void *sig, size_t *len) { - if (EVP_DigestSignFinal(dctx->mdctx, sig, len) != 1) + if (EVP_DigestSignFinal(dctx->mdctx, sig, len) != 1) { + ERR_print_errors_fp(stderr); return -EBADMSG; + } return 0; } int apk_verify_start(struct apk_digest_ctx *dctx, struct apk_pkey *pkey) { - EVP_MD_CTX_set_pkey_ctx(dctx->mdctx, NULL); - if (EVP_DigestVerifyInit(dctx->mdctx, NULL, EVP_sha512(), NULL, pkey->key) != 1) + if (EVP_MD_CTX_reset(dctx->mdctx) != 1 || + EVP_DigestVerifyInit(dctx->mdctx, NULL, EVP_sha512(), NULL, pkey->key) != 1) return -EIO; return 0; } |