Skip to content

Commit

Permalink
Update API for OpenSSL 3.0
Browse files Browse the repository at this point in the history
Fixes: avast#1040
  • Loading branch information
catap committed Nov 8, 2021
1 parent f49ecb6 commit 3dbe9de
Show file tree
Hide file tree
Showing 3 changed files with 20 additions and 0 deletions.
4 changes: 4 additions & 0 deletions deps/authenticode-parser/src/authenticode.c
Original file line number Diff line number Diff line change
Expand Up @@ -581,7 +581,11 @@ AuthenticodeArray* parse_authenticode(const uint8_t* pe_data, long pe_len)
continue;
}

#if OPENSSL_VERSION_NUMBER >= 0x3000000fL
int mdlen = EVP_MD_get_size(md);
#else
int mdlen = EVP_MD_size(md);
#endif
sig->file_digest.len = mdlen;
sig->file_digest.data = (uint8_t*)malloc(mdlen);
if (!sig->file_digest.data)
Expand Down
4 changes: 4 additions & 0 deletions deps/authenticode-parser/src/certificate.c
Original file line number Diff line number Diff line change
Expand Up @@ -287,7 +287,11 @@ Certificate* certificate_new(X509* x509)
EVP_PKEY* pkey = X509_get0_pubkey(x509);
if (pkey) {
result->key = pubkey_to_pem(pkey);
#if OPENSSL_VERSION_NUMBER >= 0x3000000fL
result->key_alg = strdup(OBJ_nid2sn(EVP_PKEY_get_base_id(pkey)));
#else
result->key_alg = strdup(OBJ_nid2sn(EVP_PKEY_base_id(pkey)));
#endif
}

return result;
Expand Down
12 changes: 12 additions & 0 deletions deps/authenticode-parser/src/countersignature.c
Original file line number Diff line number Diff line change
Expand Up @@ -137,7 +137,11 @@ Countersignature* pkcs9_countersig_new(
* but other times it is just purely and I didn't find another way to distinguish it but only
* based on the length of data we get. Found mention of this in openssl mailing list:
* https://mta.openssl.org/pipermail/openssl-users/2015-September/002054.html */
#if OPENSSL_VERSION_NUMBER >= 0x3000000fL
size_t mdLen = EVP_MD_get_size(md);
#else
size_t mdLen = EVP_MD_size(md);
#endif
if (mdLen == decLen) {
isValid = !memcmp(calc_digest, decData, mdLen);
} else {
Expand Down Expand Up @@ -238,7 +242,11 @@ Countersignature* ms_countersig_new(const uint8_t* data, long size, ASN1_STRING*

uint8_t calc_digest[EVP_MAX_MD_SIZE];
calculate_digest(md, enc_digest->data, enc_digest->length, calc_digest);
#if OPENSSL_VERSION_NUMBER >= 0x3000000fL
int mdLen = EVP_MD_get_size(md);
#else
int mdLen = EVP_MD_size(md);
#endif

if (digestLen != mdLen || memcmp(calc_digest, digestData, mdLen) != 0) {
result->verify_flags = COUNTERSIGNATURE_VFY_DOESNT_MATCH_SIGNATURE;
Expand All @@ -251,7 +259,11 @@ Countersignature* ms_countersig_new(const uint8_t* data, long size, ASN1_STRING*

TS_VERIFY_CTX_set_flags(ctx, TS_VFY_VERSION | TS_VFY_IMPRINT);
TS_VERIFY_CTX_set_store(ctx, store);
#if OPENSSL_VERSION_NUMBER >= 0x3000000fL
TS_VERIFY_CTX_set_store(ctx, p7->d.sign->cert);
#else
TS_VERIFY_CTS_set_certs(ctx, p7->d.sign->cert);
#endif
TS_VERIFY_CTX_set_imprint(ctx, calc_digest, mdLen);

bool isValid = TS_RESP_verify_token(ctx, p7) == 1;
Expand Down

0 comments on commit 3dbe9de

Please sign in to comment.