From: Jihoon Jung <jh8801.jung@samsung.com>
Date: Thu, 13 Jun 2019 04:21:46 +0000 (+0900)
Subject: Tizen 5.x migration from openssl 1.0.2 to openssl 1.1.1
X-Git-Tag: accepted/tizen/unified/20190614.051505^0
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=refs%2Fchanges%2F16%2F207816%2F3;p=platform%2Fcore%2Fconnectivity%2Fnfc-manager.git

Tizen 5.x migration from openssl 1.0.2 to openssl 1.1.1

Change-Id: Ia57682cea020e0d7c1df9befb553a1a09769274f
Signed-off-by: Jihoon Jung <jh8801.jung@samsung.com>
---

diff --git a/packaging/nfc-manager.spec b/packaging/nfc-manager.spec
index 28f4496..3210ef2 100644
--- a/packaging/nfc-manager.spec
+++ b/packaging/nfc-manager.spec
@@ -20,7 +20,7 @@ BuildRequires: pkgconfig(mm-sound)
 BuildRequires: pkgconfig(appsvc)
 BuildRequires: pkgconfig(feedback)
 BuildRequires: pkgconfig(capi-media-wav-player)
-BuildRequires: pkgconfig(openssl)
+BuildRequires: pkgconfig(openssl1.1)
 BuildRequires: pkgconfig(deviced)
 BuildRequires: pkgconfig(mm-keysound)
 BuildRequires: pkgconfig(syspopup-caller)
diff --git a/src/commonlib/CMakeLists.txt b/src/commonlib/CMakeLists.txt
index 3209b30..4ae0d9b 100644
--- a/src/commonlib/CMakeLists.txt
+++ b/src/commonlib/CMakeLists.txt
@@ -26,7 +26,7 @@ ENDIF("${CMAKE_BUILD_TYPE}" STREQUAL "")
 
 INCLUDE(FindPkgConfig)
 pkg_check_modules(commonlib_pkges REQUIRED
-		glib-2.0 gio-2.0 gio-unix-2.0 dlog openssl aul pkgmgr-info libsystemd-daemon)
+		glib-2.0 gio-2.0 gio-unix-2.0 dlog openssl1.1 aul pkgmgr-info libsystemd-daemon)
 
 FOREACH(flag ${commonlib_pkges_CFLAGS})
 	SET(EXTRA_CFLAGS "${EXTRA_CFLAGS} ${flag}")
diff --git a/src/commonlib/include/net_nfc_typedef.h b/src/commonlib/include/net_nfc_typedef.h
index 0ad8874..3484378 100644
--- a/src/commonlib/include/net_nfc_typedef.h
+++ b/src/commonlib/include/net_nfc_typedef.h
@@ -626,7 +626,9 @@ extern "C" {
 		NET_NFC_SIGN_TYPE_PKCS_1,
 		NET_NFC_SIGN_TYPE_PKCS_1_V_1_5,
 		NET_NFC_SIGN_TYPE_DSA,
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
 		NET_NFC_SIGN_TYPE_ECDSA,
+#endif
 		NET_NFC_MAX_SIGN_TYPE,
 	} net_nfc_sign_type_t;
 
diff --git a/src/commonlib/net_nfc_util_openssl.c b/src/commonlib/net_nfc_util_openssl.c
index 04a92a6..3c89ab7 100644
--- a/src/commonlib/net_nfc_util_openssl.c
+++ b/src/commonlib/net_nfc_util_openssl.c
@@ -388,7 +388,12 @@ int net_nfc_util_openssl_sign_buffer(uint32_t type, uint8_t * buffer, uint32_t l
 	OpenSSL_add_all_algorithms();
 
 	/* md context */
+#if OPENSSL_VERSION_NUMBER < 0x10100000L // OpenSSL 1.0.2
 	EVP_MD_CTX ctx = { 0, };
+#else // OpenSSL 1.1.1
+	EVP_MD_CTX *ctx;
+	ctx = EVP_MD_CTX_new();
+#endif
 	EVP_PKEY_CTX *pctx = NULL;
 
 	switch (type) {
@@ -415,6 +420,7 @@ int net_nfc_util_openssl_sign_buffer(uint32_t type, uint8_t * buffer, uint32_t l
 		break;
 
 		/* ECDSA */
+#if OPENSSL_VERSION_NUMBER < 0x10100000L // OpenSSL 1.0.2
 	case 4:
 		/* md */
 		md = EVP_get_digestbyname("sha1");
@@ -422,15 +428,19 @@ int net_nfc_util_openssl_sign_buffer(uint32_t type, uint8_t * buffer, uint32_t l
 		/* engine */
 		engine = ENGINE_get_default_ECDSA();
 		break;
-
+#endif
 	default:
 		result = -1;
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L // OpenSSL 1.1.1
+		EVP_MD_CTX_free(ctx);
+#endif
 		return result;
 	}
 
 	/* pkey */
 	pkey = _load_key(key_file, OPENSSL_FORMAT_PKCS12, password, NULL);
 
+#if OPENSSL_VERSION_NUMBER < 0x10100000L // OpenSSL 1.0.2
 	if (!EVP_DigestSignInit(&ctx, &pctx, md, engine, pkey)) {
 		result = -1;
 		return result;
@@ -445,7 +455,27 @@ int net_nfc_util_openssl_sign_buffer(uint32_t type, uint8_t * buffer, uint32_t l
 		result = -1;
 		return result;
 	}
+#else // OpenSSL 1.1.1
+	if (!EVP_DigestSignInit(ctx, &pctx, md, engine, pkey)) {
+		result = -1;
+		EVP_MD_CTX_free(ctx);
+		return result;
+	}
+
+	if (!EVP_DigestSignUpdate(ctx, buffer, length)) {
+		result = -1;
+		EVP_MD_CTX_free(ctx);
+		return result;
+	}
+
+	if (!EVP_DigestSignFinal(ctx, sign, (size_t *)sign_len)) {
+		result = -1;
+		EVP_MD_CTX_free(ctx);
+		return result;
+	}
 
+	EVP_MD_CTX_free(ctx);
+#endif
 	return result;
 }
 
@@ -459,7 +489,12 @@ int net_nfc_util_openssl_verify_signature(uint32_t type, uint8_t * buffer, uint3
 	OpenSSL_add_all_algorithms();
 
 	/* md context */
+#if OPENSSL_VERSION_NUMBER < 0x10100000L // OpenSSL 1.0.2
 	EVP_MD_CTX ctx = { 0, };
+#else // OpenSSL 1.1.1
+	EVP_MD_CTX *ctx;
+	ctx = EVP_MD_CTX_new();
+#endif
 	EVP_PKEY_CTX *pctx = NULL;
 
 	switch (type) {
@@ -486,6 +521,7 @@ int net_nfc_util_openssl_verify_signature(uint32_t type, uint8_t * buffer, uint3
 		break;
 
 		/* ECDSA */
+#if OPENSSL_VERSION_NUMBER < 0x10100000L // OpenSSL 1.0.2
 	case 4:
 		/* md */
 		md = EVP_get_digestbyname("sha1");
@@ -493,26 +529,38 @@ int net_nfc_util_openssl_verify_signature(uint32_t type, uint8_t * buffer, uint3
 		/* engine */
 		engine = ENGINE_get_default_ECDSA();
 		break;
-
+#endif
 	default:
 		result = -1;
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L // OpenSSL 1.1.1
+		EVP_MD_CTX_free(ctx);
+#endif
 		return result;
 	}
 
 	/* pkey */
 	X509 *x509 = _load_certificate_from_mem(0, cert, cert_len, NULL);
-	if (x509 == NULL)
+	if (x509 == NULL) {
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L // OpenSSL 1.1.1
+		EVP_MD_CTX_free(ctx);
+#endif
 		return 0;
+	}
 
 	pkey = X509_PUBKEY_get(X509_get_X509_PUBKEY(x509));
 	X509_free(x509);
 
+#if OPENSSL_VERSION_NUMBER < 0x10100000L // OpenSSL 1.0.2
 	EVP_DigestVerifyInit(&ctx, &pctx, md, engine, pkey);
 	EVP_DigestVerifyUpdate(&ctx, buffer, length);
 	result = EVP_DigestVerifyFinal(&ctx, sign, sign_len);
-
+#else // OpenSSL 1.1.1
+	EVP_DigestVerifyInit(ctx, &pctx, md, engine, pkey);
+	EVP_DigestVerifyUpdate(ctx, buffer, length);
+	result = EVP_DigestVerifyFinal(ctx, sign, sign_len);
+	EVP_MD_CTX_free(ctx);
+#endif
 	DEBUG_MSG("EVP_DigestVerifyFinal returns %d", result);
-
 	return result;
 }
 
@@ -754,16 +802,28 @@ bool net_nfc_util_openssl_digest(const char *algorithm, const uint8_t * buffer,
 	if ((md = EVP_get_digestbyname(algorithm)) != NULL) {
 		_net_nfc_util_alloc_mem(temp, EVP_MAX_MD_SIZE);
 		if (temp != NULL) {
+#if OPENSSL_VERSION_NUMBER < 0x10100000L // OpenSSL 1.0.2
 			EVP_MD_CTX mdCtx;
+#else // OpenSSL 1.1.1
+			EVP_MD_CTX *mdCtx;
+			mdCtx = EVP_MD_CTX_new();
+#endif
 			unsigned int resultLen = 0;
 
 			memset(temp, 0, EVP_MAX_MD_SIZE);
 
+#if OPENSSL_VERSION_NUMBER < 0x10100000L // OpenSSL 1.0.2
 			EVP_DigestInit(&mdCtx, md);
 			if (EVP_DigestUpdate(&mdCtx, buffer, buf_len) != 0)
 				DEBUG_ERR_MSG("EVP_DigestUpdate failed");
 			EVP_DigestFinal(&mdCtx, temp, &resultLen);
-
+#else // OpenSSL 1.1.1
+			EVP_DigestInit(mdCtx, md);
+			if (EVP_DigestUpdate(mdCtx, buffer, buf_len) != 0)
+				DEBUG_ERR_MSG("EVP_DigestUpdate failed");
+			EVP_DigestFinal(mdCtx, temp, &resultLen);
+			EVP_MD_CTX_free(mdCtx);
+#endif
 			if (*out_len >= resultLen) {
 				*out_len = resultLen;
 				memcpy(result, temp, *out_len);
diff --git a/src/manager/CMakeLists.txt b/src/manager/CMakeLists.txt
index 00596db..68f1007 100644
--- a/src/manager/CMakeLists.txt
+++ b/src/manager/CMakeLists.txt
@@ -17,7 +17,7 @@ IF("${CMAKE_BUILD_TYPE}" STREQUAL "")
 ENDIF("${CMAKE_BUILD_TYPE}" STREQUAL "")
 
 # for package file
-SET(dependents "aul glib-2.0 gio-unix-2.0 vconf dlog tapi appsvc libcurl bluetooth-api capi-network-bluetooth openssl deviced feedback capi-media-wav-player mm-keysound syspopup-caller notification capi-network-wifi-manager capi-system-info sqlite3 capi-network-wifi-direct capi-system-device cynara-client cynara-creds-gdbus cynara-session")
+SET(dependents "aul glib-2.0 gio-unix-2.0 vconf dlog tapi appsvc libcurl bluetooth-api capi-network-bluetooth openssl1.1 deviced feedback capi-media-wav-player mm-keysound syspopup-caller notification capi-network-wifi-manager capi-system-info sqlite3 capi-network-wifi-direct capi-system-device cynara-client cynara-creds-gdbus cynara-session")
 
 IF (TIZEN_TELEPHONY_ENABLED)
 	MESSAGE("-DENABLE_TELEPHONY")