Update API for OpenSSL 3.0

Fixes: #1040
avast · Nov 15, 2021 · d35d7c1 · d35d7c1
1 parent fe7ce20
commit d35d7c1
Show file tree

Hide file tree

Showing 3 changed files with 20 additions and 0 deletions.
diff --git a/deps/authenticode-parser/src/authenticode.c b/deps/authenticode-parser/src/authenticode.c
@@ -581,7 +581,11 @@ AuthenticodeArray* parse_authenticode(const uint8_t* pe_data, long pe_len)
             continue;
         }
 
+#if OPENSSL_VERSION_NUMBER >= 0x3000000fL
+        int mdlen = EVP_MD_get_size(md);
+#else
         int mdlen = EVP_MD_size(md);
+#endif
         sig->file_digest.len = mdlen;
         sig->file_digest.data = (uint8_t*)malloc(mdlen);
         if (!sig->file_digest.data)

diff --git a/deps/authenticode-parser/src/certificate.c b/deps/authenticode-parser/src/certificate.c
@@ -287,7 +287,11 @@ Certificate* certificate_new(X509* x509)
     EVP_PKEY* pkey = X509_get0_pubkey(x509);
     if (pkey) {
         result->key = pubkey_to_pem(pkey);
+#if OPENSSL_VERSION_NUMBER >= 0x3000000fL
+        result->key_alg = strdup(OBJ_nid2sn(EVP_PKEY_get_base_id(pkey)));
+#else
         result->key_alg = strdup(OBJ_nid2sn(EVP_PKEY_base_id(pkey)));
+#endif
     }
 
     return result;

diff --git a/deps/authenticode-parser/src/countersignature.c b/deps/authenticode-parser/src/countersignature.c
@@ -137,7 +137,11 @@ Countersignature* pkcs9_countersig_new(
      * but other times it is just purely and I didn't find another way to  distinguish it but only
      * based on the length of data we get. Found mention of this in openssl mailing list:
      * https://mta.openssl.org/pipermail/openssl-users/2015-September/002054.html */
+#if OPENSSL_VERSION_NUMBER >= 0x3000000fL
+    size_t mdLen = EVP_MD_get_size(md);
+#else
     size_t mdLen = EVP_MD_size(md);
+#endif
     if (mdLen == decLen) {
         isValid = !memcmp(calc_digest, decData, mdLen);
     } else {
@@ -238,7 +242,11 @@ Countersignature* ms_countersig_new(const uint8_t* data, long size, ASN1_STRING*
 
     uint8_t calc_digest[EVP_MAX_MD_SIZE];
     calculate_digest(md, enc_digest->data, enc_digest->length, calc_digest);
+#if OPENSSL_VERSION_NUMBER >= 0x3000000fL
+    int mdLen = EVP_MD_get_size(md);
+#else
     int mdLen = EVP_MD_size(md);
+#endif
 
     if (digestLen != mdLen || memcmp(calc_digest, digestData, mdLen) != 0) {
         result->verify_flags = COUNTERSIGNATURE_VFY_DOESNT_MATCH_SIGNATURE;
@@ -251,7 +259,11 @@ Countersignature* ms_countersig_new(const uint8_t* data, long size, ASN1_STRING*
 
     TS_VERIFY_CTX_set_flags(ctx, TS_VFY_VERSION | TS_VFY_IMPRINT);
     TS_VERIFY_CTX_set_store(ctx, store);
+#if OPENSSL_VERSION_NUMBER >= 0x3000000fL
+    TS_VERIFY_CTX_set_store(ctx, p7->d.sign->cert);
+#else
     TS_VERIFY_CTS_set_certs(ctx, p7->d.sign->cert);
+#endif
     TS_VERIFY_CTX_set_imprint(ctx, calc_digest, mdLen);
 
     bool isValid = TS_RESP_verify_token(ctx, p7) == 1;