1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
|
From: Jan Luebbe <jlu@pengutronix.de>
Date: Tue, 15 Apr 2025 16:47:40 +0200
Subject: [PATCH] src/signature: fix compatibility with OpenSSL 3.5 for
purpose registration
OpenSSL 3.5 warns that there may be gaps, so we need to search. When our
minimum version is at least 3.5, we can switch this to
X509_PURPOSE_get_unused_id().
Signed-off-by: Jan Luebbe <jlu@pengutronix.de>
Origin: https://github.com/rauc/rauc/commit/b56e39413be13cb2f8068f26a747d6885581cfbb
---
src/signature.c | 14 ++++++--------
1 file changed, 6 insertions(+), 8 deletions(-)
diff --git a/src/signature.c b/src/signature.c
index 88f6e790c7a9..e359c869ed79 100644
--- a/src/signature.c
+++ b/src/signature.c
@@ -93,14 +93,12 @@ gboolean signature_init(GError **error)
return FALSE;
}
- id = X509_PURPOSE_get_count() + 1;
- if (X509_PURPOSE_get_by_id(id) >= 0) {
- g_set_error_literal(
- error,
- R_SIGNATURE_ERROR,
- R_SIGNATURE_ERROR_CRYPTOINIT_FAILED,
- "Failed to calculate free OpenSSL X509 purpose id");
- return FALSE;
+ /* OpenSSL 3.5 warns that there may be gaps, so we need to search.
+ * When we have 3.5 as the minimum version, we can use
+ * X509_PURPOSE_get_unused_id instead. */
+ id = X509_PURPOSE_MAX + 1;
+ while (X509_PURPOSE_get_by_id(id) != -1) {
+ id++;
}
/* X509_TRUST_OBJECT_SIGN maps to the Code Signing ID (via OpenSSL's NID_code_sign) */
|
