image_verify: Add support for OpenSSL 1.1.0
With OpenSSL 1.1.0, some of the functions were renamed, for
example EVP_MD_CTX_create() and EVP_MD_CTX_destroy() were
renamed to EVP_MD_CTX_new() and EVP_MD_CTX_free().
Reference: https://wiki.openssl.org/index.php/OpenSSL_1.1.0_Changes
Abstract them to support old and new APIs.
Resolves openbmc/openbmc#3136
Tested: Verified the signature verification was successful.
Change-Id: I2297243fdd652055fe9ea88f26eb2dcf473d24e6
Signed-off-by: Adriana Kobylak <anoo@us.ibm.com>
diff --git a/Makefile.am b/Makefile.am
index 1953709..3373fcb 100755
--- a/Makefile.am
+++ b/Makefile.am
@@ -49,8 +49,12 @@
endif
if WANT_SIGNATURE_VERIFY_BUILD
-noinst_HEADERS += image_verify.hpp
-phosphor_image_updater_SOURCES += image_verify.cpp
+noinst_HEADERS += \
+ image_verify.hpp \
+ utils.hpp
+phosphor_image_updater_SOURCES += \
+ image_verify.cpp \
+ utils.cpp
endif
if WANT_SYNC
diff --git a/image_verify.cpp b/image_verify.cpp
index 7ca2629..fa60173 100644
--- a/image_verify.cpp
+++ b/image_verify.cpp
@@ -217,7 +217,7 @@
EVP_PKEY_assign_RSA(pKeyPtr.get(), publicRSA);
// Initializes a digest context.
- EVP_MD_CTX_Ptr rsaVerifyCtx(EVP_MD_CTX_create(), ::EVP_MD_CTX_destroy);
+ EVP_MD_CTX_Ptr rsaVerifyCtx(EVP_MD_CTX_new(), ::EVP_MD_CTX_free);
// Adds all digest algorithms to the internal table
OpenSSL_add_all_digests();
diff --git a/image_verify.hpp b/image_verify.hpp
index 98fda6f..99b3567 100644
--- a/image_verify.hpp
+++ b/image_verify.hpp
@@ -1,4 +1,5 @@
#pragma once
+#include "utils.hpp"
#include <openssl/rsa.h>
#include <openssl/evp.h>
#include <openssl/pem.h>
@@ -26,7 +27,7 @@
using BIO_MEM_Ptr = std::unique_ptr<BIO, decltype(&::BIO_free)>;
using EVP_PKEY_Ptr = std::unique_ptr<EVP_PKEY, decltype(&::EVP_PKEY_free)>;
using EVP_MD_CTX_Ptr =
- std::unique_ptr<EVP_MD_CTX, decltype(&::EVP_MD_CTX_destroy)>;
+ std::unique_ptr<EVP_MD_CTX, decltype(&::EVP_MD_CTX_free)>;
/** @struct CustomFd
*
diff --git a/utils.cpp b/utils.cpp
new file mode 100644
index 0000000..95fc2e0
--- /dev/null
+++ b/utils.cpp
@@ -0,0 +1,29 @@
+#include "utils.hpp"
+
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+
+#include <string.h>
+
+static void* OPENSSL_zalloc(size_t num)
+{
+ void* ret = OPENSSL_malloc(num);
+
+ if (ret != NULL)
+ {
+ memset(ret, 0, num);
+ }
+ return ret;
+}
+
+EVP_MD_CTX* EVP_MD_CTX_new(void)
+{
+ return (EVP_MD_CTX*)OPENSSL_zalloc(sizeof(EVP_MD_CTX));
+}
+
+void EVP_MD_CTX_free(EVP_MD_CTX* ctx)
+{
+ EVP_MD_CTX_cleanup(ctx);
+ OPENSSL_free(ctx);
+}
+
+#endif // OPENSSL_VERSION_NUMBER < 0x10100000L
diff --git a/utils.hpp b/utils.hpp
new file mode 100644
index 0000000..90569bf
--- /dev/null
+++ b/utils.hpp
@@ -0,0 +1,15 @@
+#pragma once
+
+// With OpenSSL 1.1.0, some functions were deprecated. Need to abstract them
+// to make the code backward compatible with older OpenSSL veresions.
+// Reference: https://wiki.openssl.org/index.php/OpenSSL_1.1.0_Changes
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+
+#include <openssl/evp.h>
+
+extern "C" {
+EVP_MD_CTX* EVP_MD_CTX_new(void);
+void EVP_MD_CTX_free(EVP_MD_CTX* ctx);
+}
+
+#endif // OPENSSL_VERSION_NUMBER < 0x10100000L