From 3dbe9deaf35ad423769104db70dd062dba2973cc Mon Sep 17 00:00:00 2001
From: "Kirill A. Korinsky" <kirill@korins.ky>
Date: Mon, 8 Nov 2021 11:48:09 +0100
Subject: [PATCH] Update API for OpenSSL 3.0

Fixes: https://github.com/avast/retdec/issues/1040
---
 deps/authenticode-parser/src/authenticode.c     |  4 ++++
 deps/authenticode-parser/src/certificate.c      |  4 ++++
 deps/authenticode-parser/src/countersignature.c | 12 ++++++++++++
 3 files changed, 20 insertions(+)

diff --git a/deps/authenticode-parser/src/authenticode.c b/deps/authenticode-parser/src/authenticode.c
index bd860fe32..724b64f9a 100644
--- a/deps/authenticode-parser/src/authenticode.c
+++ b/deps/authenticode-parser/src/authenticode.c
@@ -581,7 +581,11 @@ AuthenticodeArray* parse_authenticode(const uint8_t* pe_data, long pe_len)
             continue;
         }
 
+#if OPENSSL_VERSION_NUMBER >= 0x3000000fL
+        int mdlen = EVP_MD_get_size(md);
+#else
         int mdlen = EVP_MD_size(md);
+#endif
         sig->file_digest.len = mdlen;
         sig->file_digest.data = (uint8_t*)malloc(mdlen);
         if (!sig->file_digest.data)
diff --git a/deps/authenticode-parser/src/certificate.c b/deps/authenticode-parser/src/certificate.c
index 7686c5161..2f1a4f0ca 100644
--- a/deps/authenticode-parser/src/certificate.c
+++ b/deps/authenticode-parser/src/certificate.c
@@ -287,7 +287,11 @@ Certificate* certificate_new(X509* x509)
     EVP_PKEY* pkey = X509_get0_pubkey(x509);
     if (pkey) {
         result->key = pubkey_to_pem(pkey);
+#if OPENSSL_VERSION_NUMBER >= 0x3000000fL
+        result->key_alg = strdup(OBJ_nid2sn(EVP_PKEY_get_base_id(pkey)));
+#else
         result->key_alg = strdup(OBJ_nid2sn(EVP_PKEY_base_id(pkey)));
+#endif
     }
 
     return result;
diff --git a/deps/authenticode-parser/src/countersignature.c b/deps/authenticode-parser/src/countersignature.c
index 5bc2c108a..59ca8038a 100644
--- a/deps/authenticode-parser/src/countersignature.c
+++ b/deps/authenticode-parser/src/countersignature.c
@@ -137,7 +137,11 @@ Countersignature* pkcs9_countersig_new(
      * but other times it is just purely and I didn't find another way to  distinguish it but only
      * based on the length of data we get. Found mention of this in openssl mailing list:
      * https://mta.openssl.org/pipermail/openssl-users/2015-September/002054.html */
+#if OPENSSL_VERSION_NUMBER >= 0x3000000fL
+    size_t mdLen = EVP_MD_get_size(md);
+#else
     size_t mdLen = EVP_MD_size(md);
+#endif
     if (mdLen == decLen) {
         isValid = !memcmp(calc_digest, decData, mdLen);
     } else {
@@ -238,7 +242,11 @@ Countersignature* ms_countersig_new(const uint8_t* data, long size, ASN1_STRING*
 
     uint8_t calc_digest[EVP_MAX_MD_SIZE];
     calculate_digest(md, enc_digest->data, enc_digest->length, calc_digest);
+#if OPENSSL_VERSION_NUMBER >= 0x3000000fL
+    int mdLen = EVP_MD_get_size(md);
+#else
     int mdLen = EVP_MD_size(md);
+#endif
 
     if (digestLen != mdLen || memcmp(calc_digest, digestData, mdLen) != 0) {
         result->verify_flags = COUNTERSIGNATURE_VFY_DOESNT_MATCH_SIGNATURE;
@@ -251,7 +259,11 @@ Countersignature* ms_countersig_new(const uint8_t* data, long size, ASN1_STRING*
 
     TS_VERIFY_CTX_set_flags(ctx, TS_VFY_VERSION | TS_VFY_IMPRINT);
     TS_VERIFY_CTX_set_store(ctx, store);
+#if OPENSSL_VERSION_NUMBER >= 0x3000000fL
+    TS_VERIFY_CTX_set_store(ctx, p7->d.sign->cert);
+#else
     TS_VERIFY_CTS_set_certs(ctx, p7->d.sign->cert);
+#endif
     TS_VERIFY_CTX_set_imprint(ctx, calc_digest, mdLen);
 
     bool isValid = TS_RESP_verify_token(ctx, p7) == 1;