From: Amul Shah <Amul.Shah@fisglobal.com>
Forwarded: not-needed
Summary: Update encryption plugin for OpenSSL 1.1.0
Description: #828300 resulted in a FTBFS for fis-gtm with openssl 1.1.0. These
  changes adapt the upstream fixes for OpenSSL 1.1.0 to V63000A
Applied-Upstream: V6.3-001
Last-Update: 2016-12-06

--- a/sr_unix/gtm_tls_impl.c
+++ b/sr_unix/gtm_tls_impl.c
@@ -1675,7 +1675,13 @@
 			if (NULL != peer)
 			{
 				pubkey = X509_get_pubkey(peer);
-				SNPRINTF(conn_info->cert_algo, SIZEOF(conn_info->cert_algo), "%s", OBJ_nid2ln(pubkey->type));
+#				if OPENSSL_VERSION_NUMBER >= 0x10000001L
+				SNPRINTF(conn_info->cert_algo, SIZEOF(conn_info->cert_algo), "%s",
+						OBJ_nid2ln(EVP_PKEY_base_id(pubkey)));
+#				else
+				SNPRINTF(conn_info->cert_algo, SIZEOF(conn_info->cert_algo), "%s",
+						OBJ_nid2ln(pubkey->type));
+#				endif
 			} else
 				conn_info->cert_algo[0] = '\0';
 			/* Is Secure Renegotiation Supported? */
--- a/sr_unix/gtmcrypt_dbk_ref.c
+++ b/sr_unix/gtmcrypt_dbk_ref.c
@@ -770,7 +770,7 @@
 int keystore_new_cipher_ctx(gtm_keystore_t *entry, char *iv, int length, int action)
 {
 	int			rv;
-	crypt_key_t		handle;
+	crypt_key_t		handle = NULL;
 	gtm_cipher_ctx_t	*ctx;
 	unsigned char		iv_array[GTMCRYPT_IV_LEN];
 
@@ -809,8 +809,7 @@
 
 	assert(NULL != ctx);
 	status = 0;
-	if (-1 == gc_sym_destroy_cipher_handle(ctx->handle))
-		status = -1;
+	gc_sym_destroy_cipher_handle(ctx->handle);
 	next = ctx->next;
 	prev = ctx->prev;
 	if (NULL != prev)
@@ -888,8 +887,7 @@
 	while (NULL != curr)
 	{
 		temp = curr->next;
-		if (-1 == gc_sym_destroy_cipher_handle(curr->handle))
-			status = -1;
+		gc_sym_destroy_cipher_handle(curr->handle);
 		FREE(curr);
 		curr = temp;
 	}
--- a/sr_unix/gtmcrypt_dbk_ref.h
+++ b/sr_unix/gtmcrypt_dbk_ref.h
@@ -151,7 +151,7 @@
 	struct gtm_keystore_unres_key_link_struct	*next;				/* Pointer to next element. */
 } gtm_keystore_unres_key_link_t;
 
-STATICFNDEF int			keystore_refresh();
+STATICFNDEF int			keystore_refresh(void);
 STATICFNDEF int 		read_files_section(config_t *cfgp);
 STATICFNDEF int 		read_database_section(config_t *cfgp);
 STATICFNDEF int			gtm_keystore_cleanup_node(gtm_keystore_t *);
--- a/sr_unix/gtmcrypt_ref.h
+++ b/sr_unix/gtmcrypt_ref.h
@@ -16,7 +16,7 @@
 # include <openssl/sha.h>
 # include <openssl/evp.h>
 # include <openssl/err.h>
-typedef EVP_CIPHER_CTX		crypt_key_t;
+typedef EVP_CIPHER_CTX		*crypt_key_t;
 #else
 # include <gcrypt.h>
 typedef gcry_cipher_hd_t	crypt_key_t;
--- a/sr_unix/gtmcrypt_sym_ref.c
+++ b/sr_unix/gtmcrypt_sym_ref.c
@@ -67,22 +67,18 @@
  *
  * Arguments:	handle	Encryption / decryption state object to destroy.
  *
- * Returns:	1 if the cipher handle was successfully destroyed; -1 otherwise.
+ * Returns:	N/A neither OpenSSL nor GCrypt destructors return a status.
  */
-int gc_sym_destroy_cipher_handle(crypt_key_t handle)
+void gc_sym_destroy_cipher_handle(crypt_key_t handle)
 {
-#	ifdef USE_OPENSSL
-	if (!EVP_CIPHER_CTX_cleanup(&handle))
-	{
-		GC_APPEND_OPENSSL_ERROR("Failed to destroy encryption key handle.");
-		return -1;
-	}
-#	endif
-#	ifdef USE_GCRYPT
-	if (handle)
+	if (NULL != handle)
+#ifdef USE_OPENSSL
+		EVP_CIPHER_CTX_free(handle);
+#elif defined(USE_GCRYPT)
 		gcry_cipher_close(handle);
-#	endif
-	return 0;
+#else
+	error Encryption library not defined, please use either -DUSE_OPENSSL or -DUSE_GCRYPT
+#endif
 }
 
 /*
@@ -103,11 +99,13 @@
 	int rv, plain_text_length;
 
 #	ifdef USE_OPENSSL
-	if (!reuse)
+	if (NULL == *handle)
+		*handle = EVP_CIPHER_CTX_new();
+	else if (!reuse)
 	{
-		EVP_CIPHER_CTX_init(handle);
+		EVP_CIPHER_CTX_init(*handle);
 	}
-	if (!EVP_CipherInit_ex(handle, ALGO, NULL, raw_key, iv, direction))
+	if (!EVP_CipherInit_ex(*handle, ALGO, NULL, raw_key, iv, direction))
 	{
 		GC_APPEND_OPENSSL_ERROR("Failed to initialize encryption key handle.");
 		return -1;
@@ -168,12 +166,12 @@
 	}
 #	endif
 #	ifdef USE_OPENSSL
-	if (!EVP_CipherUpdate(key, out_block, &out_block_len, in_block, in_block_len))
+	if (!EVP_CipherUpdate(*key, out_block, &out_block_len, in_block, in_block_len))
 	{
 		GC_APPEND_OPENSSL_ERROR("OpenSSL function 'EVP_CipherUpdate' failed.")
 		return -1;
 	}
-	if (!EVP_CipherFinal_ex(key, out_block + out_block_len, &tmp_len))
+	if (!EVP_CipherFinal_ex(*key, out_block + out_block_len, &tmp_len))
 	{
 		GC_APPEND_OPENSSL_ERROR("OpenSSL function 'EVP_CipherFinal_ex' failed.")
 		return -1;
--- a/sr_unix/gtmcrypt_sym_ref.h
+++ b/sr_unix/gtmcrypt_sym_ref.h
@@ -45,6 +45,6 @@
 #endif
 int gc_sym_destroy_key_handles(gtm_keystore_t *entry);
 int gc_sym_create_cipher_handle(unsigned char *raw_key, unsigned char *iv, crypt_key_t *handle, int direction, int reuse);
-int gc_sym_destroy_cipher_handle(crypt_key_t handle);
+void gc_sym_destroy_cipher_handle(crypt_key_t handle);
 int gc_sym_encrypt_decrypt(crypt_key_t *key, unsigned char *in_block, int in_block_len, unsigned char *out_block, int flag);
 #endif /* GTMCRYPT_SYM_REF_H */
