diff options
author | Eric Biggers <ebiggers@google.com> | 2018-06-27 22:01:25 -0700 |
---|---|---|
committer | Eric Biggers <ebiggers@google.com> | 2018-06-27 22:01:25 -0700 |
commit | d0ae4526edc9b1377a69e5e5397bff8357d1236d (patch) | |
tree | 420ed4720d7a5e7f330813ceb22c110dcc372535 | |
parent | be980faf6de9e451310c9124444bcddbc03404cc (diff) | |
download | fsverity-utils-d0ae4526edc9b1377a69e5e5397bff8357d1236d.tar.gz |
Allow building with OpenSSL versions 1.0.x
Signed-off-by: Eric Biggers <ebiggers@google.com>
-rw-r--r-- | hash_algs.c | 18 | ||||
-rw-r--r-- | sign.c | 30 |
2 files changed, 36 insertions, 12 deletions
diff --git a/hash_algs.c b/hash_algs.c index 3080213..566a75c 100644 --- a/hash_algs.c +++ b/hash_algs.c @@ -7,8 +7,9 @@ * Written by Eric Biggers, 2018. */ -#include <string.h> #include <openssl/evp.h> +#include <stdlib.h> +#include <string.h> #include <zlib.h> /* for crc32() */ #include "fsverity_sys_decls.h" @@ -59,7 +60,12 @@ static void openssl_digest_ctx_free(struct hash_ctx *_ctx) { struct openssl_hash_ctx *ctx = (void *)_ctx; - EVP_MD_CTX_free(ctx->md_ctx); + /* + * OpenSSL 1.1.0 renamed EVP_MD_CTX_destroy() to EVP_MD_CTX_free() but + * kept the old name as a macro. Use the old name for compatibility + * with older OpenSSL versions. + */ + EVP_MD_CTX_destroy(ctx->md_ctx); free(ctx); } @@ -74,8 +80,12 @@ openssl_digest_ctx_create(const struct fsverity_hash_alg *alg, const EVP_MD *md) ctx->base.update = openssl_digest_update; ctx->base.final = openssl_digest_final; ctx->base.free = openssl_digest_ctx_free; - - ctx->md_ctx = EVP_MD_CTX_new(); + /* + * OpenSSL 1.1.0 renamed EVP_MD_CTX_create() to EVP_MD_CTX_new() but + * kept the old name as a macro. Use the old name for compatibility + * with older OpenSSL versions. + */ + ctx->md_ctx = EVP_MD_CTX_create(); if (!ctx->md_ctx) fatal_error("out of memory"); @@ -8,10 +8,12 @@ */ #include <fcntl.h> +#include <limits.h> #include <openssl/bio.h> #include <openssl/err.h> #include <openssl/pem.h> #include <openssl/pkcs7.h> +#include <stdlib.h> #include <string.h> #include "fsverity_sys_decls.h" @@ -35,6 +37,22 @@ static void display_openssl_errors(void) } } +static BIO *new_mem_buf(const void *buf, size_t size) +{ + BIO *bio; + + ASSERT(size <= INT_MAX); + /* + * Prior to OpenSSL 1.1.0, BIO_new_mem_buf() took a non-const pointer, + * despite still marking the resulting bio as read-only. So cast away + * the const to avoid a compiler warning with older OpenSSL versions. + */ + bio = BIO_new_mem_buf((void *)buf, size); + if (!bio) + error_msg("out of memory"); + return bio; +} + /* Read a PEM PKCS#8 formatted private key */ static EVP_PKEY *read_private_key(const char *keyfile) { @@ -169,11 +187,9 @@ static bool sign_data(const void *data_to_sign, size_t data_size, md = EVP_sha256(); } - bio = BIO_new_mem_buf(data_to_sign, data_size); - if (!bio) { - error_msg("out of memory"); + bio = new_mem_buf(data_to_sign, data_size); + if (!bio) goto out; - } p7 = PKCS7_sign(NULL, NULL, NULL, bio, pkcs7_flags); if (!p7) { @@ -253,11 +269,9 @@ static bool read_signature(const char *signature_file, if (!full_read(&file, sig, filesize)) goto out; - bio = BIO_new_mem_buf(sig, filesize); - if (!bio) { - error_msg("out of memory"); + bio = new_mem_buf(sig, filesize); + if (!bio) goto out; - } p7 = d2i_PKCS7_bio(bio, NULL); if (!p7) { |