[Skiboot] [PATCH] libstb/create-container: avoid using deprecated APIs when compiling with OpenSSL 3.0

Thu Jan 20 07:16:12 AEDT 2022

OpenSSL 3.0 has deprecated functions that operate on raw key data, however the
closest replacement function are not available in OpenSSL 1.x. This patch
attempts to maintain compatibility with both 3.0 and 1.x versions.

Avoids using the following deprecated functions when compiling with 3.0:
 - EC_KEY_get0_group
 - EC_KEY_get0_public_key
 - EC_POINT_point2bn
 - EC_KEY_free

Signed-off-by: Eric Richter <erichte at linux.ibm.com>
---

NOTE: While this patch should work, I have not yet been able to adequately
test this on actual hardware. The resulting data that stored in pubKeyData[]
appears to be identical when compiling with both versions of OpenSSL (minus
the one byte header that is removed anyway), thus it should work as expected.


 libstb/create-container.c | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/libstb/create-container.c b/libstb/create-container.c
index 0c7bf13b..4e198dab 100644
--- a/libstb/create-container.c
+++ b/libstb/create-container.c
@@ -11,6 +11,9 @@
 #include <openssl/ec.h>
 #include <openssl/ecdsa.h>
 #include <openssl/evp.h>
+#if OPENSSL_VERSION_NUMBER >= 0x30000000
+#include <openssl/core_names.h>
+#endif
 #include <openssl/opensslv.h>
 #include <openssl/ossl_typ.h>
 #include <openssl/pem.h>
@@ -45,7 +48,7 @@ void usage(int status);
 void getPublicKeyRaw(ecc_key_t *pubkeyraw, char *filename)
 {
 	EVP_PKEY* pkey;
-	unsigned char pubkeyData[1 + 2 * EC_COORDBYTES];
+	unsigned char pubkeyData[1 + 2 * EC_COORDBYTES] = {0};
 
 	FILE *fp = fopen(filename, "r");
 	if (!fp)
@@ -64,6 +67,10 @@ void getPublicKeyRaw(ecc_key_t *pubkeyraw, char *filename)
 	}
 
 	if (pkey) {
+#if OPENSSL_VERSION_NUMBER >= 0x30000000
+		size_t sz;
+		EVP_PKEY_get_octet_string_param(pkey, OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY, pubkeyData, sizeof(pubkeyData), &sz);
+#else
 		EC_KEY *key;
 		const EC_GROUP *ecgrp;
 		const EC_POINT *ecpoint;
@@ -87,6 +94,7 @@ void getPublicKeyRaw(ecc_key_t *pubkeyraw, char *filename)
 
 		BN_free(pubkeyBN);
 		EC_KEY_free(key);
+#endif
 		EVP_PKEY_free(pkey);
 	}
 	else {
-- 
2.34.1

