Updated OpenSSL-specific code to use OpenSSL 3.0+ API

common/userpref.c

@@ -435,6 +435,10 @@ userpref_error_t pair_record_generate_keys_and_certs(plist_t pair_record, key_da
 	debug_info("Generating keys and certificates...");
 
 #if defined(HAVE_OPENSSL)
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+	EVP_PKEY* root_pkey = EVP_RSA_gen(2048);
+	EVP_PKEY* host_pkey = EVP_RSA_gen(2048);
+#else
 	BIGNUM *e = BN_new();
 	RSA* root_keypair = RSA_new();
 	RSA* host_keypair = RSA_new();
@@ -451,6 +455,7 @@ userpref_error_t pair_record_generate_keys_and_certs(plist_t pair_record, key_da
 
 	EVP_PKEY* host_pkey = EVP_PKEY_new();
 	EVP_PKEY_assign_RSA(host_pkey, host_keypair);
+#endif
 
 	/* generate root certificate */
 	X509* root_cert = X509_new();
@@ -561,12 +566,22 @@ userpref_error_t pair_record_generate_keys_and_certs(plist_t pair_record, key_da
 		}
 	}
 
-	RSA *pubkey = NULL;
+	EVP_PKEY *pubkey = NULL;
 	{
 		BIO *membp = BIO_new_mem_buf(public_key.data, public_key.size);
-		if (!PEM_read_bio_RSAPublicKey(membp, &pubkey, NULL, NULL)) {
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+		if (!PEM_read_bio_PUBKEY(membp, &pubkey, NULL, NULL)) {
 			debug_info("WARNING: Could not read public key");
 		}
+#else
+		RSA *rsa_pubkey = NULL;
+		if (!PEM_read_bio_RSAPublicKey(membp, &rsa_pubkey, NULL, NULL)) {
+			debug_info("WARNING: Could not read public key");
+		} else {
+			pubkey = EVP_PKEY_new();
+			EVP_PKEY_assign_RSA(pubkey, rsa_pubkey);
+		}
+#endif
 		BIO_free(membp);
 	}
 
@@ -588,10 +603,7 @@ userpref_error_t pair_record_generate_keys_and_certs(plist_t pair_record, key_da
 		X509_set1_notAfter(dev_cert, asn1time);
 		ASN1_TIME_free(asn1time);
 
-		EVP_PKEY* pkey = EVP_PKEY_new();
-		EVP_PKEY_assign_RSA(pkey, pubkey);
-		X509_set_pubkey(dev_cert, pkey);
-		EVP_PKEY_free(pkey);
+		X509_set_pubkey(dev_cert, pubkey);
 
 		X509_add_ext_helper(dev_cert, NID_subject_key_identifier, (char*)"hash");
 		X509_add_ext_helper(dev_cert, NID_key_usage, (char*)"critical,digitalSignature,keyEncipherment");
@@ -618,6 +630,7 @@ userpref_error_t pair_record_generate_keys_and_certs(plist_t pair_record, key_da
 	X509V3_EXT_cleanup();
 	X509_free(dev_cert);
 
+	EVP_PKEY_free(pubkey);
 	EVP_PKEY_free(root_pkey);
 	EVP_PKEY_free(host_pkey);
 

src/idevice.c

@@ -1057,18 +1057,33 @@ static void internal_ssl_cleanup(ssl_data_t ssl_data)
 }
 
 #ifdef HAVE_OPENSSL
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+static long ssl_idevice_bio_callback(BIO *b, int oper, const char *argp, size_t len, int argi, long argl, int retvalue, size_t *processed)
+#else
 static long ssl_idevice_bio_callback(BIO *b, int oper, const char *argp, int argi, long argl, long retvalue)
+#endif
 {
+	ssize_t bytes = 0;
 	idevice_connection_t conn = (idevice_connection_t)BIO_get_callback_arg(b);
+#if OPENSSL_VERSION_NUMBER < 0x30000000L
 	size_t len = (size_t)argi;
+	size_t *processed = (size_t*)&bytes;
+#endif
 	switch (oper) {
 	case (BIO_CB_READ|BIO_CB_RETURN):
-		return argp ? (long)internal_ssl_read(conn, (char *)argp, len) : 0;
+		if (argp) {
+			bytes = internal_ssl_read(conn, (char *)argp, len);
+			*processed = bytes;
+			return (long)bytes;
+		}
+		return 0;
 	case (BIO_CB_PUTS|BIO_CB_RETURN):
 		len = strlen(argp);
 		// fallthrough
 	case (BIO_CB_WRITE|BIO_CB_RETURN):
-		return (long)internal_ssl_write(conn, argp, len);
+		bytes = internal_ssl_write(conn, argp, len);
+		*processed = bytes;
+		return (long)bytes;
 	default:
 		return retvalue;
 	}
@@ -1079,7 +1094,11 @@ static BIO *ssl_idevice_bio_new(idevice_connection_t conn)
 	BIO *b = BIO_new(BIO_s_null());
 	if (!b) return NULL;
 	BIO_set_callback_arg(b, (char *)conn);
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+	BIO_set_callback_ex(b, ssl_idevice_bio_callback);
+#else
 	BIO_set_callback(b, ssl_idevice_bio_callback);
+#endif
 	return b;
 }
 
@@ -1257,6 +1276,16 @@ LIBIMOBILEDEVICE_API idevice_error_t idevice_connection_enable_ssl(idevice_conne
 	X509_free(rootCert);
 	free(root_cert.data);
 
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+	EVP_PKEY* rootPrivKey = NULL;
+	membp = BIO_new_mem_buf(root_privkey.data, root_privkey.size);
+	PEM_read_bio_PrivateKey(membp, &rootPrivKey, NULL, NULL);
+	BIO_free(membp);
+	if (SSL_CTX_use_PrivateKey(ssl_ctx, rootPrivKey) != 1) {
+		debug_info("WARNING: Could not load RootPrivateKey");
+	}
+	EVP_PKEY_free(rootPrivKey);
+#else
 	RSA* rootPrivKey = NULL;
 	membp = BIO_new_mem_buf(root_privkey.data, root_privkey.size);
 	PEM_read_bio_RSAPrivateKey(membp, &rootPrivKey, NULL, NULL);
@@ -1265,6 +1294,7 @@ LIBIMOBILEDEVICE_API idevice_error_t idevice_connection_enable_ssl(idevice_conne
 		debug_info("WARNING: Could not load RootPrivateKey");
 	}
 	RSA_free(rootPrivKey);
+#endif
 	free(root_privkey.data);
 
 	SSL *ssl = SSL_new(ssl_ctx);

tools/idevicebackup.c

@@ -34,6 +34,9 @@
 #include <getopt.h>
 #if defined(HAVE_OPENSSL)
 #include <openssl/sha.h>
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+#include <openssl/evp.h>
+#endif
 #elif defined(HAVE_GNUTLS)
 #include <gcrypt.h>
 #elif defined(HAVE_MBEDTLS)
@@ -113,7 +116,11 @@ static int compare_hash(const unsigned char *hash1, const unsigned char *hash2,
 static void _sha1_update(void* context, const char* data, size_t len)
 {
 #if defined(HAVE_OPENSSL)
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+	EVP_DigestUpdate(context, data, len);
+#else
 	SHA1_Update(context, data, len);
+#endif
 #elif defined(HAVE_GNUTLS)
 	gcry_md_write(context, data, len);
 #elif defined(HAVE_MBEDTLS)
@@ -124,9 +131,15 @@ static void _sha1_update(void* context, const char* data, size_t len)
 static void compute_datahash(const char *path, const char *destpath, uint8_t greylist, const char *domain, const char *appid, const char *version, unsigned char *hash_out)
 {
 #if defined(HAVE_OPENSSL)
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+	EVP_MD_CTX* sha1 = EVP_MD_CTX_new();
+	EVP_DigestInit(sha1, EVP_sha1());
+	void* psha1 = sha1;
+#else
 	SHA_CTX sha1;
 	SHA1_Init(&sha1);
 	void* psha1 = &sha1;
+#endif
 #elif defined(HAVE_GNUTLS)
 	gcry_md_hd_t hd = NULL;
 	gcry_md_open(&hd, GCRY_MD_SHA1, 0);
@@ -180,7 +193,12 @@ static void compute_datahash(const char *path, const char *destpath, uint8_t gre
 			_sha1_update(psha1, "(null)", 6);
 		}
 #if defined(HAVE_OPENSSL)
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+		EVP_DigestFinal(sha1, hash_out, NULL);
+		EVP_MD_CTX_destroy(sha1);
+#else
 		SHA1_Final(hash_out, &sha1);
+#endif
 #elif defined(HAVE_GNUTLS)
 		unsigned char *newhash = gcry_md_read(hd, GCRY_MD_SHA1);
 		memcpy(hash_out, newhash, 20);