cert_tool: update for compatibility with OpenSSL v1.1
This patch fixes incompatibility issues that prevent building the cert_tool
with OpenSSL >= v1.1.0. The changes introduced are still backwards
compatible with OpenSSL v1.0.2.
Fixes arm-software/trusted-fw#521
Signed-off-by: Michalis Pappas <mpappas@fastmail.fm>
diff --git a/tools/cert_create/src/cert.c b/tools/cert_create/src/cert.c
index 1b84e36..3f0b4d3 100644
--- a/tools/cert_create/src/cert.c
+++ b/tools/cert_create/src/cert.c
@@ -90,7 +90,7 @@
X509_NAME *name;
ASN1_INTEGER *sno;
int i, num, rc = 0;
- EVP_MD_CTX mdCtx;
+ EVP_MD_CTX *mdCtx;
EVP_PKEY_CTX *pKeyCtx = NULL;
/* Create the certificate structure */
@@ -111,10 +111,14 @@
issuer = x;
}
- EVP_MD_CTX_init(&mdCtx);
+ mdCtx = EVP_MD_CTX_create();
+ if (mdCtx == NULL) {
+ ERR_print_errors_fp(stdout);
+ goto END;
+ }
/* Sign the certificate with the issuer key */
- if (!EVP_DigestSignInit(&mdCtx, &pKeyCtx, EVP_sha256(), NULL, ikey)) {
+ if (!EVP_DigestSignInit(mdCtx, &pKeyCtx, EVP_sha256(), NULL, ikey)) {
ERR_print_errors_fp(stdout);
goto END;
}
@@ -184,7 +188,7 @@
}
}
- if (!X509_sign_ctx(x, &mdCtx)) {
+ if (!X509_sign_ctx(x, mdCtx)) {
ERR_print_errors_fp(stdout);
goto END;
}
@@ -194,7 +198,7 @@
cert->x = x;
END:
- EVP_MD_CTX_cleanup(&mdCtx);
+ EVP_MD_CTX_destroy(mdCtx);
return rc;
}