openssl3 updates

Explicitly include bn.h and use get1 functions for EC_KEY operations
because get0 requires a const return.

Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>

2 files changed, 5 insertions, 2 deletions

diff --git a/crypto-ec.c b/crypto-ec.c
index c4fdc43..285200c 100644
--- a/crypto-ec.c
+++ b/crypto-ec.c
@@ -49,7 +49,7 @@ static int EC_GROUP_order_bits(const EC_GROUP *group)
 void
 crypto_ec_populate(int sec_num, EVP_PKEY *pkey)
 {
-	EC_KEY *eck = EVP_PKEY_get0_EC_KEY(pkey);
+	EC_KEY *eck = EVP_PKEY_get1_EC_KEY(pkey);
 	ASN1_OCTET_STRING *asn1pub = ASN1_OCTET_STRING_new();
 	EVP_MD_CTX *ctx;
 	unsigned char *pubpoint = NULL, *params = NULL;
@@ -62,6 +62,7 @@ crypto_ec_populate(int sec_num, EVP_PKEY *pkey)
 	pubpoint = NULL;
 	pubpoint_len = i2d_ASN1_OCTET_STRING(asn1pub, &pubpoint);
 	params_len = i2d_ECParameters(eck, &params);
+	EC_KEY_free(eck);
 
 	ctx = EVP_MD_CTX_create();
 	EVP_DigestInit(ctx, EVP_sha256());
@@ -115,7 +116,7 @@ int crypto_ec_check_mechanism(int sec_num, CK_MECHANISM_TYPE mech,
 int crypto_ec_sign(EVP_PKEY_CTX *ctx, void *data, unsigned long data_len,
 		   void *sig, unsigned long *sig_len)
 {
-	EC_KEY *eck = EVP_PKEY_get0_EC_KEY(EVP_PKEY_CTX_get0_pkey(ctx));
+	EC_KEY *eck = EVP_PKEY_get1_EC_KEY(EVP_PKEY_CTX_get0_pkey(ctx));
 	const EC_GROUP *g = EC_KEY_get0_group(eck);
 	int size = (EC_GROUP_order_bits(g) + 7)/8;
 	ECDSA_SIG *ecdsa_sig;
@@ -138,6 +139,7 @@ int crypto_ec_sign(EVP_PKEY_CTX *ctx, void *data, unsigned long data_len,
 	BN_bn2bin(s, sig + size);
 	ret = 0;
  out:
+	EC_KEY_free(eck);
 	EVP_PKEY_CTX_free(ctx);
 
 	return ret;
diff --git a/crypto.c b/crypto.c
index 87b0945..9fd643a 100644
--- a/crypto.c
+++ b/crypto.c
@@ -11,6 +11,7 @@
 #include <string.h>
 #include <wordexp.h>
 
+#include <openssl/bn.h>
 #include <openssl/engine.h>
 #include <openssl/evp.h>
 #include <openssl/pem.h>