From 2d94a152dd36543d2a713f1abe20717fdaafae0a Mon Sep 17 00:00:00 2001
From: Frank Morgner <frankmorgner@gmail.com>
Date: Sat, 18 Dec 2021 00:15:04 +0100
Subject: [PATCH] added basic compatibility with OpenSSL 3.0

deprecated warnings are not handled for now

fixes https://github.com/frankmorgner/openpace/issues/53
---
 src/eac/cv_cert.h |  6 +++++-
 src/eac_util.c    | 14 ++++++++++++++
 2 files changed, 19 insertions(+), 1 deletion(-)

diff --git a/src/eac/cv_cert.h b/src/eac/cv_cert.h
index f8c6565..595eb9c 100644
--- a/src/eac/cv_cert.h
+++ b/src/eac/cv_cert.h
@@ -341,7 +341,11 @@ CVC_CERT *CVC_d2i_CVC_CERT(CVC_CERT **cert, const unsigned char **in, long len);
  * @return Number of bytes successfully encoded or a negative value if an
  * error occured.
  */
-int i2d_CVC_CERT(CVC_CERT *a, unsigned char **out);
+int i2d_CVC_CERT(
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+  const
+#endif
+  CVC_CERT *a, unsigned char **out);
 
 /**
  * @brief Duplicate a CV certificate
diff --git a/src/eac_util.c b/src/eac_util.c
index e87293c..6e518e0 100644
--- a/src/eac_util.c
+++ b/src/eac_util.c
@@ -321,6 +321,8 @@ randb(int numbytes)
     return NULL;
 }
 
+#include <openssl/provider.h>
+
 BUF_MEM *
 retail_mac_des(const BUF_MEM * key, const BUF_MEM * in)
 {
@@ -331,6 +333,11 @@ retail_mac_des(const BUF_MEM * key, const BUF_MEM * in)
 
     check(key, "Invalid arguments");
 
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+    OSSL_PROVIDER *legacy;
+    legacy = OSSL_PROVIDER_load(NULL, "legacy");
+#endif
+
     len = EVP_CIPHER_block_size(EVP_des_cbc());
     check(key->length >= 2*len, "Key too short");
 
@@ -369,6 +376,9 @@ retail_mac_des(const BUF_MEM * key, const BUF_MEM * in)
     BUF_MEM_free(c_tmp);
     BUF_MEM_free(d_tmp);
     EVP_CIPHER_CTX_free(ctx);
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+    OSSL_PROVIDER_unload(legacy);
+#endif
 
     return mac;
 
@@ -381,6 +391,10 @@ retail_mac_des(const BUF_MEM * key, const BUF_MEM * in)
         BUF_MEM_free(d_tmp);
     if (ctx)
         EVP_CIPHER_CTX_free(ctx);
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+    if (legacy)
+        OSSL_PROVIDER_unload(legacy);
+#endif
 
     return NULL;
 }