From a2244b087e15d480d662d68b4b7bc3bea69e131f Mon Sep 17 00:00:00 2001
From: eroen <eroen@occam.eroen.eu>
Date: Fri, 20 Jan 2017 14:43:53 +0100
Subject: [PATCH] Don't use deprecated API with openssl 1.1

If openssl 1.1.0 is built with `--api=1.1 disable-deprecated`, using
deprecated APIs causes build errors.

X-Gentoo-Bug: 606600
X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=606600
---
 mysys_ssl/my_aes_openssl.cc | 48 +++++++++++++++++++++++++++++++--------------
 vio/vio.c                   |  8 +++++++-
 vio/viosslfactories.c       | 25 +++++++++++++++++++++++
 3 files changed, 65 insertions(+), 16 deletions(-)

diff --git a/mysys_ssl/my_aes_openssl.cc b/mysys_ssl/my_aes_openssl.cc
index fa3c016..1690a8b 100644
--- a/mysys_ssl/my_aes_openssl.cc
+++ b/mysys_ssl/my_aes_openssl.cc
@@ -108,7 +108,7 @@ int my_aes_encrypt(const unsigned char *source, uint32 source_length,
                    const unsigned char *key, uint32 key_length,
                    enum my_aes_opmode mode, const unsigned char *iv)
 {
-  EVP_CIPHER_CTX ctx;
+  EVP_CIPHER_CTX *ctx;
   const EVP_CIPHER *cipher= aes_evp_type(mode);
   int u_len, f_len;
   /* The real key to be used for encryption */
@@ -118,23 +118,31 @@ int my_aes_encrypt(const unsigned char *source, uint32 source_length,
   if (!cipher || (EVP_CIPHER_iv_length(cipher) > 0 && !iv))
     return MY_AES_BAD_DATA;
 
-  if (!EVP_EncryptInit(&ctx, cipher, rkey, iv))
+  if (!EVP_EncryptInit(ctx, cipher, rkey, iv))
     goto aes_error;                             /* Error */
-  if (!EVP_CIPHER_CTX_set_padding(&ctx, 1))
+  if (!EVP_CIPHER_CTX_set_padding(ctx, 1))
     goto aes_error;                             /* Error */
-  if (!EVP_EncryptUpdate(&ctx, dest, &u_len, source, source_length))
+  if (!EVP_EncryptUpdate(ctx, dest, &u_len, source, source_length))
     goto aes_error;                             /* Error */
 
-  if (!EVP_EncryptFinal(&ctx, dest + u_len, &f_len))
+  if (!EVP_EncryptFinal(ctx, dest + u_len, &f_len))
     goto aes_error;                             /* Error */
 
-  EVP_CIPHER_CTX_cleanup(&ctx);
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+  EVP_CIPHER_CTX_cleanup(ctx);
+#else
+  EVP_CIPHER_CTX_free(ctx);
+#endif
   return u_len + f_len;
 
 aes_error:
   /* need to explicitly clean up the error if we want to ignore it */
   ERR_clear_error();
-  EVP_CIPHER_CTX_cleanup(&ctx);
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+  EVP_CIPHER_CTX_cleanup(ctx);
+#else
+  EVP_CIPHER_CTX_free(ctx);
+#endif
   return MY_AES_BAD_DATA;
 }
 
@@ -145,7 +153,7 @@ int my_aes_decrypt(const unsigned char *source, uint32 source_length,
                    enum my_aes_opmode mode, const unsigned char *iv)
 {
 
-  EVP_CIPHER_CTX ctx;
+  EVP_CIPHER_CTX *ctx;
   const EVP_CIPHER *cipher= aes_evp_type(mode);
   int u_len, f_len;
 
@@ -156,24 +164,34 @@ int my_aes_decrypt(const unsigned char *source, uint32 source_length,
   if (!cipher || (EVP_CIPHER_iv_length(cipher) > 0 && !iv))
     return MY_AES_BAD_DATA;
 
-  EVP_CIPHER_CTX_init(&ctx);
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+  EVP_CIPHER_CTX_init(ctx);
+#endif
 
-  if (!EVP_DecryptInit(&ctx, aes_evp_type(mode), rkey, iv))
+  if (!EVP_DecryptInit(ctx, aes_evp_type(mode), rkey, iv))
     goto aes_error;                             /* Error */
-  if (!EVP_CIPHER_CTX_set_padding(&ctx, 1))
+  if (!EVP_CIPHER_CTX_set_padding(ctx, 1))
     goto aes_error;                             /* Error */
-  if (!EVP_DecryptUpdate(&ctx, dest, &u_len, source, source_length))
+  if (!EVP_DecryptUpdate(ctx, dest, &u_len, source, source_length))
     goto aes_error;                             /* Error */
-  if (!EVP_DecryptFinal_ex(&ctx, dest + u_len, &f_len))
+  if (!EVP_DecryptFinal_ex(ctx, dest + u_len, &f_len))
     goto aes_error;                             /* Error */
 
-  EVP_CIPHER_CTX_cleanup(&ctx);
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+  EVP_CIPHER_CTX_cleanup(ctx);
+#else
+  EVP_CIPHER_CTX_free(ctx);
+#endif
   return u_len + f_len;
 
 aes_error:
   /* need to explicitly clean up the error if we want to ignore it */
   ERR_clear_error();
-  EVP_CIPHER_CTX_cleanup(&ctx);
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+  EVP_CIPHER_CTX_cleanup(ctx);
+#else
+  EVP_CIPHER_CTX_free(ctx);
+#endif
   return MY_AES_BAD_DATA;
 }
 
diff --git a/vio/vio.c b/vio/vio.c
index b427a9a..6aeeb40 100644
--- a/vio/vio.c
+++ b/vio/vio.c
@@ -24,6 +24,12 @@
 
 #ifdef HAVE_OPENSSL
 PSI_memory_key key_memory_vio_ssl_fd;
+
+#if (defined LIBRESSL_VERSION_NUMBER && OPENSSL_VERSION_NUMBER == 0x20000000L)
+#undef OPENSSL_VERSION_NUMBER
+#define OPENSSL_VERSION_NUMBER 0x1000107fL
+#endif
+
 #endif
 
 PSI_memory_key key_memory_vio;
@@ -411,7 +417,7 @@ void vio_end(void)
 {
 #if defined(HAVE_YASSL)
   yaSSL_CleanUp();
-#elif defined(HAVE_OPENSSL)
+#elif defined(HAVE_OPENSSL) && OPENSSL_VERSION_NUMBER < 0x10100000L
   // This one is needed on the client side
   ERR_remove_state(0);
   ERR_free_strings();
diff --git a/vio/viosslfactories.c b/vio/viosslfactories.c
index e1d94f9..9f98a15 100644
--- a/vio/viosslfactories.c
+++ b/vio/viosslfactories.c
@@ -16,9 +16,18 @@
 #include "vio_priv.h"
 
 #ifdef HAVE_OPENSSL
+#include <openssl/bn.h>
+#include <openssl/dh.h>
 
+#if (defined LIBRESSL_VERSION_NUMBER && OPENSSL_VERSION_NUMBER == 0x20000000L)
+#undef OPENSSL_VERSION_NUMBER
+#define OPENSSL_VERSION_NUMBER 0x1000107fL
+#endif
+
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
 static my_bool     ssl_algorithms_added    = FALSE;
 static my_bool     ssl_error_strings_loaded= FALSE;
+#endif
 
 /*
   Diffie-Hellman key.
@@ -68,10 +77,18 @@ static DH *get_dh2048(void)
   DH *dh;
   if ((dh=DH_new()))
   {
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
     dh->p=BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL);
     dh->g=BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL);
     if (! dh->p || ! dh->g)
     {
+#else
+    if (! DH_set0_pqg(dh,
+              BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL),
+              BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL),
+              NULL))
+    {
+#endif
       DH_free(dh);
       dh=0;
     }
@@ -177,6 +194,7 @@ vio_set_cert_stuff(SSL_CTX *ctx, const char *cert_file, const char *key_file,
 
 void ssl_start()
 {
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
   if (!ssl_algorithms_added)
   {
     ssl_algorithms_added= TRUE;
@@ -190,6 +208,7 @@ void ssl_start()
     ssl_error_strings_loaded= TRUE;
     SSL_load_error_strings();
   }
+#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
 }
 
 /************************ VioSSLFd **********************************/
@@ -221,9 +240,15 @@ new_VioSSLFd(const char *key_file, const char *cert_file,
                            sizeof(struct st_VioSSLFd),MYF(0)))))
     DBUG_RETURN(0);
 
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
   if (!(ssl_fd->ssl_context= SSL_CTX_new(is_client ?
                                          TLSv1_client_method() :
                                          TLSv1_server_method())))
+#else
+  if (!(ssl_fd->ssl_context= SSL_CTX_new(is_client ?
+                                         TLS_client_method() :
+                                         TLS_server_method())))
+#endif
   {
     *error= SSL_INITERR_MEMFAIL;
     DBUG_PRINT("error", ("%s", sslGetErrString(*error)));
-- 
2.11.0