Fix issue #10 (2nd try): support OpenSSL 1.1.0

lib/aftest.cpp

@@ -38,6 +38,11 @@ const char *tempdir = "/tmp/";
 #define MIN(x,y) ((x)<(y)?(x):(y))
 #endif
 
+/* Support OpenSSL before 1.1.0 */
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#define EVP_MD_CTX_new EVP_MD_CTX_create
+#define EVP_MD_CTX_free EVP_MD_CTX_destroy
+#endif
 
 const char *filename(char *buf,int buflen,const char *base)
 {
@@ -769,12 +774,12 @@ void rsatest()
       return;
     }
 
-    EVP_MD_CTX md;
+    EVP_MD_CTX *md = EVP_MD_CTX_new();
     EVP_PKEY *pkey = PEM_read_bio_PrivateKey(bp,0,0,0);
 
-    EVP_SignInit(&md,sha256);
-    EVP_SignUpdate(&md,ptext,sizeof(ptext));
-    EVP_SignFinal(&md,sig,&siglen,pkey);
+    EVP_SignInit(md,sha256);
+    EVP_SignUpdate(md,ptext,sizeof(ptext));
+    EVP_SignFinal(md,sig,&siglen,pkey);
 
     /* let's try to verify it */
     bp = BIO_new_file("signing_cert.pem","r");
@@ -789,23 +794,25 @@ void rsatest()
 
     printf("pubkey=%p\n",pubkey);
 
-    EVP_VerifyInit(&md,sha256);
-    EVP_VerifyUpdate(&md,ptext,sizeof(ptext));
-    int r = EVP_VerifyFinal(&md,sig,siglen,pubkey);
+    EVP_VerifyInit(md,sha256);
+    EVP_VerifyUpdate(md,ptext,sizeof(ptext));
+    int r = EVP_VerifyFinal(md,sig,siglen,pubkey);
     printf("r=%d\n",r);
 
     printf("do it again...\n");
-    EVP_VerifyInit(&md,sha256);
-    EVP_VerifyUpdate(&md,ptext,sizeof(ptext));
-    r = EVP_VerifyFinal(&md,sig,siglen,pubkey);
+    EVP_VerifyInit(md,sha256);
+    EVP_VerifyUpdate(md,ptext,sizeof(ptext));
+    r = EVP_VerifyFinal(md,sig,siglen,pubkey);
     printf("r=%d\n",r);
 
     printf("make a tiny change...\n");
     ptext[0]='f';
-    EVP_VerifyInit(&md,sha256);
-    EVP_VerifyUpdate(&md,ptext,sizeof(ptext));
-    r = EVP_VerifyFinal(&md,sig,siglen,pubkey);
+    EVP_VerifyInit(md,sha256);
+    EVP_VerifyUpdate(md,ptext,sizeof(ptext));
+    r = EVP_VerifyFinal(md,sig,siglen,pubkey);
     printf("r=%d\n",r);
+
+    EVP_MD_CTX_free(md);
 }
 
 void xmlseg(BIO *bp,AFFILE *af,const char *segname)

tools/aff_bom.cpp

@@ -35,6 +35,12 @@
 #include <readline/readline.h>
 #endif
 
+/* Support OpenSSL before 1.1.0 */
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#define EVP_MD_CTX_new EVP_MD_CTX_create
+#define EVP_MD_CTX_free EVP_MD_CTX_destroy
+#endif
+
 using namespace std;
 
 int parse_chain(const string &name)
@@ -188,10 +194,11 @@ void aff_bom::close()
 	unsigned char sig[1024];
 	u_int  siglen = sizeof(sig);
 
-	EVP_MD_CTX md;
-	EVP_SignInit(&md,sha256);
-	EVP_SignUpdate(&md,xbuf,xlen);
-	EVP_SignFinal(&md,sig,&siglen,privkey);
+	EVP_MD_CTX *md = EVP_MD_CTX_new();
+	EVP_SignInit(md,sha256);
+	EVP_SignUpdate(md,xbuf,xlen);
+	EVP_SignFinal(md,sig,&siglen,privkey);
+	EVP_MD_CTX_free(md);
 
 	/* Write the signature in base64 encoding... */
 	BIO *b64 = BIO_new(BIO_f_base64());
@@ -224,12 +231,13 @@ void aff_bom::make_hash(u_char seghash[SHA256_SIZE], uint32_t arg,const char *se
     if(sha256){
 	unsigned int seghash_len = SHA256_SIZE;
 	uint32_t arg_net = htonl(arg);
-	EVP_MD_CTX md;		/* EVP message digest */
-	EVP_DigestInit(&md,sha256);
-	EVP_DigestUpdate(&md,(const unsigned char *)segname,strlen(segname)+1);
-	EVP_DigestUpdate(&md,(const unsigned char *)&arg_net,sizeof(arg_net));
-	EVP_DigestUpdate(&md,segbuf,segsize);
-	EVP_DigestFinal(&md,seghash,&seghash_len);
+	EVP_MD_CTX *md = EVP_MD_CTX_new();		/* EVP message digest */
+	EVP_DigestInit(md,sha256);
+	EVP_DigestUpdate(md,(const unsigned char *)segname,strlen(segname)+1);
+	EVP_DigestUpdate(md,(const unsigned char *)&arg_net,sizeof(arg_net));
+	EVP_DigestUpdate(md,segbuf,segsize);
+	EVP_DigestFinal(md,seghash,&seghash_len);
+	EVP_MD_CTX_free(md);
     }
 }
 

tools/affverify.cpp

@@ -27,6 +27,12 @@
 #include <openssl/pem.h>
 #include <openssl/x509.h>
 
+/* Support OpenSSL before 1.1.0 */
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#define EVP_MD_CTX_new EVP_MD_CTX_create
+#define EVP_MD_CTX_free EVP_MD_CTX_destroy
+#endif
+
 using namespace std;
 using namespace aff;
 
@@ -248,10 +254,11 @@ int  verify_bom_signature(AFFILE *af,const char *buf)
     }
 
     /* Try to verify it */
-    EVP_MD_CTX md;
-    EVP_VerifyInit(&md,sha256);
-    EVP_VerifyUpdate(&md,buf,sig_start-buf);
-    int r = EVP_VerifyFinal(&md,sigbuf,sigbuf_len,X509_get_pubkey(cert));
+    EVP_MD_CTX *md = EVP_MD_CTX_new();
+    EVP_VerifyInit(md,sha256);
+    EVP_VerifyUpdate(md,buf,sig_start-buf);
+    int r = EVP_VerifyFinal(md,sigbuf,sigbuf_len,X509_get_pubkey(cert));
+    EVP_MD_CTX_free(md);
     if(r!=1){ 
 	printf("BAD SIGNATURE ON BOM\n");
 	return -1;
@@ -430,16 +437,17 @@ int hash_verify(AFFILE *af)
     size_t md5_len  =sizeof(md5_buf);
     const EVP_MD *md5_evp = 0;
     const EVP_MD *sha1_evp = 0;
-    EVP_MD_CTX md5,sha1;
+    EVP_MD_CTX *md5 = EVP_MD_CTX_new();
+    EVP_MD_CTX *sha1 = EVP_MD_CTX_new();
     if(af_get_seg(af,AF_SHA1,0,sha1_buf,&sha1_len)==0){
 	printf("SHA1 stored in file:     %s\n",af_hexbuf(hexbuf,sizeof(hexbuf),sha1_buf,sha1_len,0));
 	sha1_evp = EVP_get_digestbyname("sha1");
-	EVP_DigestInit(&sha1,sha1_evp);
+	EVP_DigestInit(sha1,sha1_evp);
     }
     if(af_get_seg(af,AF_MD5,0,md5_buf,&md5_len)==0){
 	printf("MD5 stored in file:      %s\n",af_hexbuf(hexbuf,sizeof(hexbuf),md5_buf,md5_len,0));
 	md5_evp = EVP_get_digestbyname("md5");
-	EVP_DigestInit(&md5,md5_evp);
+	EVP_DigestInit(md5,md5_evp);
     }
     /* Might as well read this puppy */
     u_char *buf = (u_char *)malloc(af_get_pagesize(af));
@@ -457,8 +465,8 @@ int hash_verify(AFFILE *af)
 	       t.eta_text(frac).c_str());
 	readsize = af_read(af,buf,af_get_pagesize(af));
 	if(readsize<1) break;
-	if(md5_evp) EVP_DigestUpdate(&md5,buf,readsize);
-	if(sha1_evp) EVP_DigestUpdate(&sha1,buf,readsize);
+	if(md5_evp) EVP_DigestUpdate(md5,buf,readsize);
+	if(sha1_evp) EVP_DigestUpdate(sha1,buf,readsize);
 	total_read += readsize;
     } while(total_read < af_get_imagesize(af));
 
@@ -468,7 +476,7 @@ int hash_verify(AFFILE *af)
 	unsigned char sha1_calc[32];
 	unsigned int sha1_calc_len = sizeof(sha1_calc);
 
-	EVP_DigestFinal(&sha1,sha1_calc,(unsigned int *)&sha1_calc_len);
+	EVP_DigestFinal(sha1,sha1_calc,(unsigned int *)&sha1_calc_len);
 	printf("Calculated SHA1: %s  ",af_hexbuf(hexbuf,sizeof(hexbuf),sha1_calc,sha1_calc_len,0));
 	if(memcmp(sha1_buf,sha1_calc,sha1_len)==0){
 	    printf("VERIFIES\n");
@@ -481,7 +489,7 @@ int hash_verify(AFFILE *af)
 	unsigned char md5_calc[32];
 	unsigned int md5_calc_len = sizeof(md5_calc);
 
-	EVP_DigestFinal(&md5,md5_calc,(unsigned int *)&md5_calc_len);
+	EVP_DigestFinal(md5,md5_calc,(unsigned int *)&md5_calc_len);
 	printf("Calculated MD5:  %s          ",af_hexbuf(hexbuf,sizeof(hexbuf),md5_calc,md5_calc_len,0));
 	if(memcmp(md5_buf,md5_calc,md5_len)==0){
 	    printf("VERIFIES\n");
@@ -490,6 +498,8 @@ int hash_verify(AFFILE *af)
 	}
     }
 
+    EVP_MD_CTX_free(md5);
+    EVP_MD_CTX_free(sha1);
     af_close(af);
     return 0;
 }

tools/hashextent.h

@@ -18,6 +18,11 @@
 #include <set>
 #include <algorithm>
 
+/* Support OpenSSL before 1.1.0 */
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#define EVP_MD_CTX_new EVP_MD_CTX_create
+#define EVP_MD_CTX_free EVP_MD_CTX_destroy
+#endif
 
 using std::string;
 using std::ostream;
@@ -95,25 +100,29 @@ class hashextent {
      */
     int compute_digest(AFFILE *af,string digestToUse){
 	const EVP_MD *md = EVP_get_digestbyname(digestToUse.c_str());
-	EVP_MD_CTX ctx;
 	if(!md) return -1;		// digest not available
-	EVP_DigestInit(&ctx,md);
 	if(af_seek(af,start,0)!=start) return -1; // can't seek
+	EVP_MD_CTX *ctx = EVP_MD_CTX_new();
+	EVP_DigestInit(ctx,md);
 
 	uint64_t bytes_read = 0;
 	while(bytes_read < this->bytes){
 	    u_char buf[65536];
 	    int to_read = (this->bytes-bytes_read) < sizeof(buf) ? (this->bytes-bytes_read) : sizeof(buf);
-	    if(af_read(af,buf,to_read)!=to_read) return -1; // error reading
+	    if(af_read(af,buf,to_read)!=to_read){
+		EVP_MD_CTX_free(ctx);
+		return -1; // error reading
+	    }
 	    /* compute the hash */
-	    EVP_DigestUpdate(&ctx,buf,to_read);
+	    EVP_DigestUpdate(ctx,buf,to_read);
 	    bytes_read += to_read;
 	}
 	/* Compute the results */
 	if(digest!=0) free(digest);
 	u_int digest_bytes = 1024;
 	digest = (u_char *)malloc(digest_bytes);		// big enough for any conceivable digest
-	EVP_DigestFinal(&ctx,digest,&digest_bytes);
+	EVP_DigestFinal(ctx,digest,&digest_bytes);
+	EVP_MD_CTX_free(ctx);
 	digest_bits_ = digest_bytes*8;
 	digest_name  = digestToUse;
 	hexdigest    = bin2hex(digest,digest_bits_/8);