Allow building with OpenSSL versions 1.0.x

Signed-off-by: Eric Biggers <ebiggers@google.com>

2 files changed, 36 insertions, 12 deletions

diff --git a/hash_algs.c b/hash_algs.c
index 3080213..566a75c 100644
--- a/hash_algs.c
+++ b/hash_algs.c
@@ -7,8 +7,9 @@
  * Written by Eric Biggers, 2018.
  */
 
-#include <string.h>
 #include <openssl/evp.h>
+#include <stdlib.h>
+#include <string.h>
 #include <zlib.h>	/* for crc32() */
 
 #include "fsverity_sys_decls.h"
@@ -59,7 +60,12 @@ static void openssl_digest_ctx_free(struct hash_ctx *_ctx)
 {
 	struct openssl_hash_ctx *ctx = (void *)_ctx;
 
-	EVP_MD_CTX_free(ctx->md_ctx);
+	/*
+	 * OpenSSL 1.1.0 renamed EVP_MD_CTX_destroy() to EVP_MD_CTX_free() but
+	 * kept the old name as a macro.  Use the old name for compatibility
+	 * with older OpenSSL versions.
+	 */
+	EVP_MD_CTX_destroy(ctx->md_ctx);
 	free(ctx);
 }
 
@@ -74,8 +80,12 @@ openssl_digest_ctx_create(const struct fsverity_hash_alg *alg, const EVP_MD *md)
 	ctx->base.update = openssl_digest_update;
 	ctx->base.final = openssl_digest_final;
 	ctx->base.free = openssl_digest_ctx_free;
-
-	ctx->md_ctx = EVP_MD_CTX_new();
+	/*
+	 * OpenSSL 1.1.0 renamed EVP_MD_CTX_create() to EVP_MD_CTX_new() but
+	 * kept the old name as a macro.  Use the old name for compatibility
+	 * with older OpenSSL versions.
+	 */
+	ctx->md_ctx = EVP_MD_CTX_create();
 	if (!ctx->md_ctx)
 		fatal_error("out of memory");
 
diff --git a/sign.c b/sign.c
index 6f495cd..bda6911 100644
--- a/sign.c
+++ b/sign.c
@@ -8,10 +8,12 @@
  */
 
 #include <fcntl.h>
+#include <limits.h>
 #include <openssl/bio.h>
 #include <openssl/err.h>
 #include <openssl/pem.h>
 #include <openssl/pkcs7.h>
+#include <stdlib.h>
 #include <string.h>
 
 #include "fsverity_sys_decls.h"
@@ -35,6 +37,22 @@ static void display_openssl_errors(void)
 	}
 }
 
+static BIO *new_mem_buf(const void *buf, size_t size)
+{
+	BIO *bio;
+
+	ASSERT(size <= INT_MAX);
+	/*
+	 * Prior to OpenSSL 1.1.0, BIO_new_mem_buf() took a non-const pointer,
+	 * despite still marking the resulting bio as read-only.  So cast away
+	 * the const to avoid a compiler warning with older OpenSSL versions.
+	 */
+	bio = BIO_new_mem_buf((void *)buf, size);
+	if (!bio)
+		error_msg("out of memory");
+	return bio;
+}
+
 /* Read a PEM PKCS#8 formatted private key */
 static EVP_PKEY *read_private_key(const char *keyfile)
 {
@@ -169,11 +187,9 @@ static bool sign_data(const void *data_to_sign, size_t data_size,
 		md = EVP_sha256();
 	}
 
-	bio = BIO_new_mem_buf(data_to_sign, data_size);
-	if (!bio) {
-		error_msg("out of memory");
+	bio = new_mem_buf(data_to_sign, data_size);
+	if (!bio)
 		goto out;
-	}
 
 	p7 = PKCS7_sign(NULL, NULL, NULL, bio, pkcs7_flags);
 	if (!p7) {
@@ -253,11 +269,9 @@ static bool read_signature(const char *signature_file,
 	if (!full_read(&file, sig, filesize))
 		goto out;
 
-	bio = BIO_new_mem_buf(sig, filesize);
-	if (!bio) {
-		error_msg("out of memory");
+	bio = new_mem_buf(sig, filesize);
+	if (!bio)
 		goto out;
-	}
 
 	p7 = d2i_PKCS7_bio(bio, NULL);
 	if (!p7) {