From fa124c7944088624d40d6b265bac0651bd8235bb Mon Sep 17 00:00:00 2001
From: Adriana Kobylak <anoo@us.ibm.com>
Date: Thu, 6 Sep 2018 13:15:34 -0500
Subject: [PATCH] image_verify: Add support for OpenSSL 1.1.0

With OpenSSL 1.1.0, some of the functions were renamed, for
example EVP_MD_CTX_create() and EVP_MD_CTX_destroy() were
renamed to EVP_MD_CTX_new() and EVP_MD_CTX_free().
Reference: https://wiki.openssl.org/index.php/OpenSSL_1.1.0_Changes
Abstract them to support old and new APIs.

Resolves openbmc/openbmc#3136

Tested: Verified the signature verification was successful.

Change-Id: I2297243fdd652055fe9ea88f26eb2dcf473d24e6
Signed-off-by: Adriana Kobylak <anoo@us.ibm.com>

%% original patch: 0001-image_verify-Add-support-for-OpenSSL-1.1.0.patch
---
 Makefile.am      |  8 ++++++--
 image_verify.cpp |  2 +-
 image_verify.hpp |  1 +
 utils.cpp        | 29 +++++++++++++++++++++++++++++
 utils.hpp        | 15 +++++++++++++++
 5 files changed, 52 insertions(+), 3 deletions(-)
 create mode 100644 utils.cpp
 create mode 100644 utils.hpp

diff --git a/Makefile.am b/Makefile.am
index adba0e4..21b556f 100755
--- a/Makefile.am
+++ b/Makefile.am
@@ -42,8 +42,12 @@ phosphor_image_updater_SOURCES = \
 include ubi/Makefile.am.include
 
 if WANT_SIGNATURE_VERIFY_BUILD
-noinst_HEADERS += image_verify.hpp
-phosphor_image_updater_SOURCES += image_verify.cpp
+noinst_HEADERS += \
+	image_verify.hpp \
+	utils.hpp
+phosphor_image_updater_SOURCES += \
+	image_verify.cpp \
+	utils.cpp
 endif
 
 if WANT_SYNC
diff --git a/image_verify.cpp b/image_verify.cpp
index 7d59910..ba6b24d 100644
--- a/image_verify.cpp
+++ b/image_verify.cpp
@@ -216,7 +216,7 @@ bool Signature::verifyFile(const fs::path& file, const fs::path& sigFile,
     EVP_PKEY_assign_RSA(pKeyPtr.get(), publicRSA);
 
     // Initializes a digest context.
-    EVP_MD_CTX_Ptr rsaVerifyCtx(EVP_MD_CTX_create(), ::EVP_MD_CTX_destroy);
+    EVP_MD_CTX_Ptr rsaVerifyCtx(EVP_MD_CTX_new(), ::EVP_MD_CTX_free);
 
     // Adds all digest algorithms to the internal table
     OpenSSL_add_all_digests();
diff --git a/image_verify.hpp b/image_verify.hpp
index cbd0e39..22ee5f9 100644
--- a/image_verify.hpp
+++ b/image_verify.hpp
@@ -1,4 +1,5 @@
 #pragma once
+#include "utils.hpp"
 #include <openssl/rsa.h>
 #include <openssl/evp.h>
 #include <openssl/pem.h>
diff --git a/utils.cpp b/utils.cpp
new file mode 100644
index 0000000..95fc2e0
--- /dev/null
+++ b/utils.cpp
@@ -0,0 +1,29 @@
+#include "utils.hpp"
+
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+
+#include <string.h>
+
+static void* OPENSSL_zalloc(size_t num)
+{
+    void* ret = OPENSSL_malloc(num);
+
+    if (ret != NULL)
+    {
+        memset(ret, 0, num);
+    }
+    return ret;
+}
+
+EVP_MD_CTX* EVP_MD_CTX_new(void)
+{
+    return (EVP_MD_CTX*)OPENSSL_zalloc(sizeof(EVP_MD_CTX));
+}
+
+void EVP_MD_CTX_free(EVP_MD_CTX* ctx)
+{
+    EVP_MD_CTX_cleanup(ctx);
+    OPENSSL_free(ctx);
+}
+
+#endif // OPENSSL_VERSION_NUMBER < 0x10100000L
diff --git a/utils.hpp b/utils.hpp
new file mode 100644
index 0000000..90569bf
--- /dev/null
+++ b/utils.hpp
@@ -0,0 +1,15 @@
+#pragma once
+
+// With OpenSSL 1.1.0, some functions were deprecated. Need to abstract them
+// to make the code backward compatible with older OpenSSL veresions.
+// Reference: https://wiki.openssl.org/index.php/OpenSSL_1.1.0_Changes
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+
+#include <openssl/evp.h>
+
+extern "C" {
+EVP_MD_CTX* EVP_MD_CTX_new(void);
+void EVP_MD_CTX_free(EVP_MD_CTX* ctx);
+}
+
+#endif // OPENSSL_VERSION_NUMBER < 0x10100000L
-- 
2.7.4