diff --git a/src/idc.c b/src/idc.c index 236cefd..6d87bd4 100644 --- a/src/idc.c +++ b/src/idc.c @@ -238,7 +238,11 @@ struct idc *IDC_get(PKCS7 *p7, BIO *bio) /* extract the idc from the signed PKCS7 'other' data */ str = p7->d.sign->contents->d.other->value.asn1_string; +#if OPENSSL_VERSION_NUMBER < 0x10100000L idcbuf = buf = ASN1_STRING_data(str); +#else + idcbuf = buf = ASN1_STRING_get0_data(str); +#endif idc = d2i_IDC(NULL, &buf, ASN1_STRING_length(str)); /* If we were passed a BIO, write the idc data, minus type and length, @@ -289,7 +293,11 @@ int IDC_check_hash(struct idc *idc, struct image *image) } /* check hash against the one we calculated from the image */ +#if OPENSSL_VERSION_NUMBER < 0x10100000L buf = ASN1_STRING_data(str); +#else + buf = ASN1_STRING_get0_data(str); +#endif if (memcmp(buf, sha, sizeof(sha))) { fprintf(stderr, "Hash doesn't match image\n"); fprintf(stderr, " got: %s\n", sha256_str(buf)); diff --git a/src/sbattach.c b/src/sbattach.c index a0c01b8..809e24c 100644 --- a/src/sbattach.c +++ b/src/sbattach.c @@ -233,7 +233,11 @@ int main(int argc, char **argv) ERR_load_crypto_strings(); OpenSSL_add_all_digests(); +#if OPENSSL_VERSION_NUMBER < 0x10100000L OPENSSL_config(NULL); +#else + OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL); +#endif /* here we may get highly unlikely failures or we'll get a * complaint about FIPS signatures (usually becuase the FIPS * module isn't present). In either case ignore the errors diff --git a/src/sbkeysync.c b/src/sbkeysync.c index 7b17f40..1f37118 100644 --- a/src/sbkeysync.c +++ b/src/sbkeysync.c @@ -208,7 +208,11 @@ static int x509_key_parse(struct key *key, uint8_t *data, size_t len) goto out; key->id_len = ASN1_STRING_length(serial); +#if OPENSSL_VERSION_NUMBER < 0x10100000L key->id = talloc_memdup(key, ASN1_STRING_data(serial), key->id_len); +#else + key->id = talloc_memdup(key, ASN1_STRING_get0_data(serial), key->id_len); +#endif key->description = talloc_array(key, char, description_len); X509_NAME_oneline(X509_get_subject_name(x509), @@ -930,7 +934,11 @@ int main(int argc, char **argv) ERR_load_crypto_strings(); OpenSSL_add_all_digests(); OpenSSL_add_all_ciphers(); +#if OPENSSL_VERSION_NUMBER < 0x10100000L OPENSSL_config(NULL); +#else + OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL); +#endif /* here we may get highly unlikely failures or we'll get a * complaint about FIPS signatures (usually becuase the FIPS * module isn't present). In either case ignore the errors diff --git a/src/sbsign.c b/src/sbsign.c index 92607a7..898fe66 100644 --- a/src/sbsign.c +++ b/src/sbsign.c @@ -234,7 +234,11 @@ int main(int argc, char **argv) ERR_load_BIO_strings(); OpenSSL_add_all_digests(); OpenSSL_add_all_ciphers(); +#if OPENSSL_VERSION_NUMBER < 0x10100000L OPENSSL_config(NULL); +#else + OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL); +#endif /* here we may get highly unlikely failures or we'll get a * complaint about FIPS signatures (usually becuase the FIPS * module isn't present). In either case ignore the errors diff --git a/src/sbvarsign.c b/src/sbvarsign.c index 273fd0d..92475a2 100644 --- a/src/sbvarsign.c +++ b/src/sbvarsign.c @@ -513,7 +513,11 @@ int main(int argc, char **argv) OpenSSL_add_all_digests(); OpenSSL_add_all_ciphers(); ERR_load_crypto_strings(); +#if OPENSSL_VERSION_NUMBER < 0x10100000L OPENSSL_config(NULL); +#else + OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL); +#endif /* here we may get highly unlikely failures or we'll get a * complaint about FIPS signatures (usually becuase the FIPS * module isn't present). In either case ignore the errors diff --git a/src/sbverify.c b/src/sbverify.c index 4dddecc..ac6705e 100644 --- a/src/sbverify.c +++ b/src/sbverify.c @@ -252,7 +252,11 @@ int main(int argc, char **argv) OpenSSL_add_all_digests(); ERR_load_crypto_strings(); +#if OPENSSL_VERSION_NUMBER < 0x10100000L OPENSSL_config(NULL); +#else + OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL); +#endif /* here we may get highly unlikely failures or we'll get a * complaint about FIPS signatures (usually becuase the FIPS * module isn't present). In either case ignore the errors