Message ID | 1510171646.4659.5.camel@intel.com (mailing list archive) |
---|---|
State | New, archived |
Headers | show |
On Wed, Nov 08, 2017 at 12:07:26PM -0800, Sean Christopherson wrote: > On Tue, 2017-10-10 at 17:32 +0300, Jarkko Sakkinen wrote: > > +static RSA *load_sign_key(const char *path) > > +{ > > + FILE *f; > > + RSA *key; > > + > > + f = fopen(path, "rb"); > > + if (!f) { > > + fprintf(stderr, "Unable to open %s\n", path); > > + return NULL; > > + } > > + key = RSA_new(); > > + if (!PEM_read_RSAPrivateKey(f, &key, pem_passwd_cb, NULL)) > > + return NULL; > > + fclose(f); > > + > > + if (BN_num_bytes(key->n) != SGX_MODULUS_SIZE) { > > Dereferencing the RSA pointer (key) breaks on OpenSSL 1.1.0 as RSA is now an > opaque object. It's relatively easy to fudge around the issue, patch below. > > https://github.com/openssl/openssl/issues/1491 > https://wiki.openssl.org/index.php/OpenSSL_1.1.0_Changes > > > + fprintf(stderr, "Invalid key size %d\n", BN_num_bytes(key- > > >n)); > > + RSA_free(key); > > + return NULL; > > + } > > + > > + return key; > > +} > > + > > diff --git drivers/platform/x86/intel_sgx/le/enclave/sgxsign.c > drivers/platform/x86/intel_sgx/le/enclave/sgxsign.c > index 27e8c61d033c..e454dc95f438 100644 > --- drivers/platform/x86/intel_sgx/le/enclave/sgxsign.c > +++ drivers/platform/x86/intel_sgx/le/enclave/sgxsign.c > @@ -110,6 +110,17 @@ static int pem_passwd_cb(char *buf, int size, int rwflag, > void *u) > return strlen(buf) >= size ? size - 1 : strlen(buf); > } > > +static inline const BIGNUM *get_modulus(RSA *key) > +{ > +#if OPENSSL_VERSION_NUMBER < 0x10100000L > + return key->n; > +#else > + const BIGNUM *n; > + RSA_get0_key(key, &n, NULL, NULL); > + return n; > +#endif > +} > + > static RSA *load_sign_key(const char *path) > { > FILE *f; > @@ -125,8 +136,9 @@ static RSA *load_sign_key(const char *path) > return NULL; > fclose(f); > > - if (BN_num_bytes(key->n) != SGX_MODULUS_SIZE) { > - fprintf(stderr, "Invalid key size %d\n", BN_num_bytes(key->n)); > + if (BN_num_bytes(get_modulus(key)) != SGX_MODULUS_SIZE) { > + fprintf(stderr, "Invalid key size %d\n", > + BN_num_bytes(get_modulus(key))); > RSA_free(key); > return NULL; > } > @@ -511,7 +523,7 @@ int main(int argc, char **argv) > if (!sign_key) > goto out; > > - BN_bn2bin(sign_key->n, ss.modulus); > + BN_bn2bin(get_modulus(sign_key), ss.modulus); > > if (!measure_encl(argv[1], ss.body.mrenclave)) > goto out; > Already sent v5 but I'll put this to v6. Thanks. /Jarkko
On Wed, Nov 08, 2017 at 12:07:26PM -0800, Sean Christopherson wrote: > Dereferencing the RSA pointer (key) breaks on OpenSSL 1.1.0 as RSA is now an > opaque object. It's relatively easy to fudge around the issue, patch below. > > https://github.com/openssl/openssl/issues/1491 > https://wiki.openssl.org/index.php/OpenSSL_1.1.0_Changes I think Evolution has broken your patch i.e. you might have forgotten to switch to "preformatted" mode [1]. Can you resend this to me in private and I will include it to v7. Thank you. [1] https://www.kernel.org/doc/html/v4.11/process/email-clients.html /Jarkko
diff --git drivers/platform/x86/intel_sgx/le/enclave/sgxsign.c drivers/platform/x86/intel_sgx/le/enclave/sgxsign.c index 27e8c61d033c..e454dc95f438 100644 --- drivers/platform/x86/intel_sgx/le/enclave/sgxsign.c +++ drivers/platform/x86/intel_sgx/le/enclave/sgxsign.c @@ -110,6 +110,17 @@ static int pem_passwd_cb(char *buf, int size, int rwflag, void *u) return strlen(buf) >= size ? size - 1 : strlen(buf); } +static inline const BIGNUM *get_modulus(RSA *key) +{ +#if OPENSSL_VERSION_NUMBER < 0x10100000L + return key->n; +#else + const BIGNUM *n; + RSA_get0_key(key, &n, NULL, NULL); + return n; +#endif +} + static RSA *load_sign_key(const char *path) {