Fix some openssl 1.1.0 deprecated functions

replace OPENSSL_config with OPENSSL_init_crypto and ASN1_STRING_data
with ASN1_STRING_get0_data

Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>

src/idc.c

@@ -238,7 +238,11 @@ struct idc *IDC_get(PKCS7 *p7, BIO *bio)
 
 	/* extract the idc from the signed PKCS7 'other' data */
 	str = p7->d.sign->contents->d.other->value.asn1_string;
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
 	idcbuf = buf = ASN1_STRING_data(str);
+#else
+	idcbuf = buf = ASN1_STRING_get0_data(str);
+#endif
 	idc = d2i_IDC(NULL, &buf, ASN1_STRING_length(str));
 
 	/* If we were passed a BIO, write the idc data, minus type and length,
@@ -289,7 +293,11 @@ int IDC_check_hash(struct idc *idc, struct image *image)
 	}
 
 	/* check hash against the one we calculated from the image */
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
 	buf = ASN1_STRING_data(str);
+#else
+	buf = ASN1_STRING_get0_data(str);
+#endif
 	if (memcmp(buf, sha, sizeof(sha))) {
 		fprintf(stderr, "Hash doesn't match image\n");
 		fprintf(stderr, " got:       %s\n", sha256_str(buf));

src/sbattach.c

@@ -233,7 +233,11 @@ int main(int argc, char **argv)
 
 	ERR_load_crypto_strings();
 	OpenSSL_add_all_digests();
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
 	OPENSSL_config(NULL);
+#else
+	OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL);
+#endif
 	/* here we may get highly unlikely failures or we'll get a
 	 * complaint about FIPS signatures (usually becuase the FIPS
 	 * module isn't present).  In either case ignore the errors

src/sbkeysync.c

@@ -208,7 +208,11 @@ static int x509_key_parse(struct key *key, uint8_t *data, size_t len)
 		goto out;
 
 	key->id_len = ASN1_STRING_length(serial);
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
 	key->id = talloc_memdup(key, ASN1_STRING_data(serial), key->id_len);
+#else
+	key->id = talloc_memdup(key, ASN1_STRING_get0_data(serial), key->id_len);
+#endif
 
 	key->description = talloc_array(key, char, description_len);
 	X509_NAME_oneline(X509_get_subject_name(x509),
@@ -930,7 +934,11 @@ int main(int argc, char **argv)
 	ERR_load_crypto_strings();
 	OpenSSL_add_all_digests();
 	OpenSSL_add_all_ciphers();
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
 	OPENSSL_config(NULL);
+#else
+	OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL);
+#endif
 	/* here we may get highly unlikely failures or we'll get a
 	 * complaint about FIPS signatures (usually becuase the FIPS
 	 * module isn't present).  In either case ignore the errors

src/sbsign.c

@@ -234,7 +234,11 @@ int main(int argc, char **argv)
 	ERR_load_BIO_strings();
 	OpenSSL_add_all_digests();
 	OpenSSL_add_all_ciphers();
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
 	OPENSSL_config(NULL);
+#else
+	OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL);
+#endif
 	/* here we may get highly unlikely failures or we'll get a
 	 * complaint about FIPS signatures (usually becuase the FIPS
 	 * module isn't present).  In either case ignore the errors

src/sbvarsign.c

@@ -513,7 +513,11 @@ int main(int argc, char **argv)
 	OpenSSL_add_all_digests();
 	OpenSSL_add_all_ciphers();
 	ERR_load_crypto_strings();
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
 	OPENSSL_config(NULL);
+#else
+	OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL);
+#endif
 	/* here we may get highly unlikely failures or we'll get a
 	 * complaint about FIPS signatures (usually becuase the FIPS
 	 * module isn't present).  In either case ignore the errors

src/sbverify.c

@@ -252,7 +252,11 @@ int main(int argc, char **argv)
 
 	OpenSSL_add_all_digests();
 	ERR_load_crypto_strings();
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
 	OPENSSL_config(NULL);
+#else
+	OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL);
+#endif
 	/* here we may get highly unlikely failures or we'll get a
 	 * complaint about FIPS signatures (usually becuase the FIPS
 	 * module isn't present).  In either case ignore the errors