image_verify: Add support for OpenSSL 1.1.0

With OpenSSL 1.1.0, some of the functions were renamed, for
example EVP_MD_CTX_create() and EVP_MD_CTX_destroy() were
renamed to EVP_MD_CTX_new() and EVP_MD_CTX_free().
Reference: https://wiki.openssl.org/index.php/OpenSSL_1.1.0_Changes
Abstract them to support old and new APIs.

Resolves openbmc/openbmc#3136

Tested: Verified the signature verification was successful.

Change-Id: I2297243fdd652055fe9ea88f26eb2dcf473d24e6
Signed-off-by: Adriana Kobylak <anoo@us.ibm.com>

5 files changed, 53 insertions, 4 deletions

diff --git a/Makefile.am b/Makefile.am
index 1953709..3373fcb 100755
--- a/Makefile.am
+++ b/Makefile.am
@@ -49,8 +49,12 @@ include static/Makefile.am.include
 endif
 
 if WANT_SIGNATURE_VERIFY_BUILD
-noinst_HEADERS += image_verify.hpp
-phosphor_image_updater_SOURCES += image_verify.cpp
+noinst_HEADERS += \
+	image_verify.hpp \
+	utils.hpp
+phosphor_image_updater_SOURCES += \
+	image_verify.cpp \
+	utils.cpp
 endif
 
 if WANT_SYNC
diff --git a/image_verify.cpp b/image_verify.cpp
index 7ca2629..fa60173 100644
--- a/image_verify.cpp
+++ b/image_verify.cpp
@@ -217,7 +217,7 @@ bool Signature::verifyFile(const fs::path& file, const fs::path& sigFile,
     EVP_PKEY_assign_RSA(pKeyPtr.get(), publicRSA);
 
     // Initializes a digest context.
-    EVP_MD_CTX_Ptr rsaVerifyCtx(EVP_MD_CTX_create(), ::EVP_MD_CTX_destroy);
+    EVP_MD_CTX_Ptr rsaVerifyCtx(EVP_MD_CTX_new(), ::EVP_MD_CTX_free);
 
     // Adds all digest algorithms to the internal table
     OpenSSL_add_all_digests();
diff --git a/image_verify.hpp b/image_verify.hpp
index 98fda6f..99b3567 100644
--- a/image_verify.hpp
+++ b/image_verify.hpp
@@ -1,4 +1,5 @@
 #pragma once
+#include "utils.hpp"
 #include <openssl/rsa.h>
 #include <openssl/evp.h>
 #include <openssl/pem.h>
@@ -26,7 +27,7 @@ using AvailableKeyTypes = std::set<Key_t>;
 using BIO_MEM_Ptr = std::unique_ptr<BIO, decltype(&::BIO_free)>;
 using EVP_PKEY_Ptr = std::unique_ptr<EVP_PKEY, decltype(&::EVP_PKEY_free)>;
 using EVP_MD_CTX_Ptr =
-    std::unique_ptr<EVP_MD_CTX, decltype(&::EVP_MD_CTX_destroy)>;
+    std::unique_ptr<EVP_MD_CTX, decltype(&::EVP_MD_CTX_free)>;
 
 /** @struct CustomFd
  *
diff --git a/utils.cpp b/utils.cpp
new file mode 100644
index 0000000..95fc2e0
--- /dev/null
+++ b/utils.cpp
@@ -0,0 +1,29 @@
+#include "utils.hpp"
+
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+
+#include <string.h>
+
+static void* OPENSSL_zalloc(size_t num)
+{
+    void* ret = OPENSSL_malloc(num);
+
+    if (ret != NULL)
+    {
+        memset(ret, 0, num);
+    }
+    return ret;
+}
+
+EVP_MD_CTX* EVP_MD_CTX_new(void)
+{
+    return (EVP_MD_CTX*)OPENSSL_zalloc(sizeof(EVP_MD_CTX));
+}
+
+void EVP_MD_CTX_free(EVP_MD_CTX* ctx)
+{
+    EVP_MD_CTX_cleanup(ctx);
+    OPENSSL_free(ctx);
+}
+
+#endif // OPENSSL_VERSION_NUMBER < 0x10100000L
diff --git a/utils.hpp b/utils.hpp
new file mode 100644
index 0000000..90569bf
--- /dev/null
+++ b/utils.hpp
@@ -0,0 +1,15 @@
+#pragma once
+
+// With OpenSSL 1.1.0, some functions were deprecated. Need to abstract them
+// to make the code backward compatible with older OpenSSL veresions.
+// Reference: https://wiki.openssl.org/index.php/OpenSSL_1.1.0_Changes
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+
+#include <openssl/evp.h>
+
+extern "C" {
+EVP_MD_CTX* EVP_MD_CTX_new(void);
+void EVP_MD_CTX_free(EVP_MD_CTX* ctx);
+}
+
+#endif // OPENSSL_VERSION_NUMBER < 0x10100000L