commit 742c4e1433162efd625bbecada2106a10ed7f46b
author Michalis Pappas <mpappas@aminocom.com> Fri Oct 06 16:11:44 2017 +0800
committer Michalis Pappas <mpappas@fastmail.fm> Sun Oct 08 14:32:32 2017 +0800
tree 5a58043e8757e1b82309d1cba7312c6db32138f4
parent d9066b4248dbe88198ba5b6f6ed800d9fd8492f5

cert_tool: update for compatibility with OpenSSL v1.1

This patch fixes incompatibility issues that prevent building the cert_tool
with OpenSSL >= v1.1.0. The changes introduced are still backwards
compatible with OpenSSL v1.0.2.

Fixes arm-software/trusted-fw#521

Signed-off-by: Michalis Pappas <mpappas@fastmail.fm>

tools/cert_create/src/key.c

diff --git a/tools/cert_create/src/key.c b/tools/cert_create/src/key.c
index c1bde5d..b7f21a2 100644
--- a/tools/cert_create/src/key.c
+++ b/tools/cert_create/src/key.c
@@ -43,13 +43,31 @@
 
 static int key_create_rsa(key_t *key)
 {
-	RSA *rsa;
+	BIGNUM *e;
+	RSA *rsa = NULL;
 
-	rsa = RSA_generate_key(RSA_KEY_BITS, RSA_F4, NULL, NULL);
+	e = BN_new();
+	if (e == NULL) {
+		printf("Cannot create RSA exponent\n");
+		goto err;
+	}
+
+	if (!BN_set_word(e, RSA_F4)) {
+		printf("Cannot assign RSA exponent\n");
+		goto err;
+	}
+
+	rsa = RSA_new();
 	if (rsa == NULL) {
 		printf("Cannot create RSA key\n");
 		goto err;
 	}
+
+	if (!RSA_generate_key_ex(rsa, RSA_KEY_BITS, e, NULL)) {
+		printf("Cannot generate RSA key\n");
+		goto err;
+	}
+
 	if (!EVP_PKEY_assign_RSA(key->key, rsa)) {
 		printf("Cannot assign RSA key\n");
 		goto err;
@@ -58,6 +76,7 @@
 	return 1;
 err:
 	RSA_free(rsa);
+	BN_free(e);
 	return 0;
 }