- Update to 1.10.7 release [1]

- While here, add unofficial OpenSSL 1.1.x API support [2, based on]

PR:		222971 [1], 229030 [2]
Submitted by:	Ralf van der Enden [1], Nathan Dowens [2]
Reported by:	brnrd [2]
Approved by:	maintainer
MFH:		2018Q4

1 files changed, 257 insertions, 0 deletions

diff --git a/security/botan110/files/extra-patch-openssl11 b/security/botan110/files/extra-patch-openssl11
new file mode 100644
index 000000000000..af4985244283
--- /dev/null
+++ b/security/botan110/files/extra-patch-openssl11
@@ -0,0 +1,257 @@
+--- src/engine/openssl/ossl_bc.cpp.orig	2018-10-15 00:16:53 UTC
++++ src/engine/openssl/ossl_bc.cpp
+@@ -8,10 +8,6 @@
+ #include <botan/internal/openssl_engine.h>
+ #include <openssl/evp.h>
+ 
+-#if OPENSSL_VERSION_NUMBER >= 0x10100000
+-  #error "OpenSSL 1.1 API not supported in Botan 1.10, upgrade to 2.x"
+-#endif
+-
+ namespace Botan {
+ 
+ namespace {
+@@ -44,7 +40,7 @@
+       size_t block_sz;
+       Key_Length_Specification cipher_key_spec;
+       std::string cipher_name;
+-      mutable EVP_CIPHER_CTX encrypt, decrypt;
++      mutable EVP_CIPHER_CTX *encrypt, *decrypt;
+    };
+ 
+ /*
+@@ -59,14 +55,14 @@
+    if(EVP_CIPHER_mode(algo) != EVP_CIPH_ECB_MODE)
+       throw Invalid_Argument("EVP_BlockCipher: Non-ECB EVP was passed in");
+ 
+-   EVP_CIPHER_CTX_init(&encrypt);
+-   EVP_CIPHER_CTX_init(&decrypt);
++   EVP_CIPHER_CTX_init(encrypt);
++   EVP_CIPHER_CTX_init(decrypt);
+ 
+-   EVP_EncryptInit_ex(&encrypt, algo, 0, 0, 0);
+-   EVP_DecryptInit_ex(&decrypt, algo, 0, 0, 0);
++   EVP_EncryptInit_ex(encrypt, algo, 0, 0, 0);
++   EVP_DecryptInit_ex(decrypt, algo, 0, 0, 0);
+ 
+-   EVP_CIPHER_CTX_set_padding(&encrypt, 0);
+-   EVP_CIPHER_CTX_set_padding(&decrypt, 0);
++   EVP_CIPHER_CTX_set_padding(encrypt, 0);
++   EVP_CIPHER_CTX_set_padding(decrypt, 0);
+    }
+ 
+ /*
+@@ -83,14 +79,14 @@
+    if(EVP_CIPHER_mode(algo) != EVP_CIPH_ECB_MODE)
+       throw Invalid_Argument("EVP_BlockCipher: Non-ECB EVP was passed in");
+ 
+-   EVP_CIPHER_CTX_init(&encrypt);
+-   EVP_CIPHER_CTX_init(&decrypt);
++   EVP_CIPHER_CTX_init(encrypt);
++   EVP_CIPHER_CTX_init(decrypt);
+ 
+-   EVP_EncryptInit_ex(&encrypt, algo, 0, 0, 0);
+-   EVP_DecryptInit_ex(&decrypt, algo, 0, 0, 0);
++   EVP_EncryptInit_ex(encrypt, algo, 0, 0, 0);
++   EVP_DecryptInit_ex(decrypt, algo, 0, 0, 0);
+ 
+-   EVP_CIPHER_CTX_set_padding(&encrypt, 0);
+-   EVP_CIPHER_CTX_set_padding(&decrypt, 0);
++   EVP_CIPHER_CTX_set_padding(encrypt, 0);
++   EVP_CIPHER_CTX_set_padding(decrypt, 0);
+    }
+ 
+ /*
+@@ -98,8 +94,8 @@
+ */
+ EVP_BlockCipher::~EVP_BlockCipher()
+    {
+-   EVP_CIPHER_CTX_cleanup(&encrypt);
+-   EVP_CIPHER_CTX_cleanup(&decrypt);
++   EVP_CIPHER_CTX_cleanup(encrypt);
++   EVP_CIPHER_CTX_cleanup(decrypt);
+    }
+ 
+ /*
+@@ -109,7 +105,7 @@
+                                 size_t blocks) const
+    {
+    int out_len = 0;
+-   EVP_EncryptUpdate(&encrypt, out, &out_len, in, blocks * block_sz);
++   EVP_EncryptUpdate(encrypt, out, &out_len, in, blocks * block_sz);
+    }
+ 
+ /*
+@@ -119,7 +115,7 @@
+                                 size_t blocks) const
+    {
+    int out_len = 0;
+-   EVP_DecryptUpdate(&decrypt, out, &out_len, in, blocks * block_sz);
++   EVP_DecryptUpdate(decrypt, out, &out_len, in, blocks * block_sz);
+    }
+ 
+ /*
+@@ -134,19 +130,19 @@
+       full_key += std::make_pair(key, 8);
+       }
+    else
+-      if(EVP_CIPHER_CTX_set_key_length(&encrypt, length) == 0 ||
+-         EVP_CIPHER_CTX_set_key_length(&decrypt, length) == 0)
++      if(EVP_CIPHER_CTX_set_key_length(encrypt, length) == 0 ||
++         EVP_CIPHER_CTX_set_key_length(decrypt, length) == 0)
+          throw Invalid_Argument("EVP_BlockCipher: Bad key length for " +
+                                 cipher_name);
+ 
+    if(cipher_name == "RC2")
+       {
+-      EVP_CIPHER_CTX_ctrl(&encrypt, EVP_CTRL_SET_RC2_KEY_BITS, length*8, 0);
+-      EVP_CIPHER_CTX_ctrl(&decrypt, EVP_CTRL_SET_RC2_KEY_BITS, length*8, 0);
++      EVP_CIPHER_CTX_ctrl(encrypt, EVP_CTRL_SET_RC2_KEY_BITS, length*8, 0);
++      EVP_CIPHER_CTX_ctrl(decrypt, EVP_CTRL_SET_RC2_KEY_BITS, length*8, 0);
+       }
+ 
+-   EVP_EncryptInit_ex(&encrypt, 0, 0, full_key.begin(), 0);
+-   EVP_DecryptInit_ex(&decrypt, 0, 0, full_key.begin(), 0);
++   EVP_EncryptInit_ex(encrypt, 0, 0, full_key.begin(), 0);
++   EVP_DecryptInit_ex(decrypt, 0, 0, full_key.begin(), 0);
+    }
+ 
+ /*
+@@ -154,7 +150,7 @@
+ */
+ BlockCipher* EVP_BlockCipher::clone() const
+    {
+-   return new EVP_BlockCipher(EVP_CIPHER_CTX_cipher(&encrypt),
++   return new EVP_BlockCipher(EVP_CIPHER_CTX_cipher(encrypt),
+                               cipher_name,
+                               cipher_key_spec.minimum_keylength(),
+                               cipher_key_spec.maximum_keylength(),
+@@ -166,16 +162,16 @@
+ */
+ void EVP_BlockCipher::clear()
+    {
+-   const EVP_CIPHER* algo = EVP_CIPHER_CTX_cipher(&encrypt);
++   const EVP_CIPHER* algo = EVP_CIPHER_CTX_cipher(encrypt);
+ 
+-   EVP_CIPHER_CTX_cleanup(&encrypt);
+-   EVP_CIPHER_CTX_cleanup(&decrypt);
+-   EVP_CIPHER_CTX_init(&encrypt);
+-   EVP_CIPHER_CTX_init(&decrypt);
+-   EVP_EncryptInit_ex(&encrypt, algo, 0, 0, 0);
+-   EVP_DecryptInit_ex(&decrypt, algo, 0, 0, 0);
+-   EVP_CIPHER_CTX_set_padding(&encrypt, 0);
+-   EVP_CIPHER_CTX_set_padding(&decrypt, 0);
++   EVP_CIPHER_CTX_cleanup(encrypt);
++   EVP_CIPHER_CTX_cleanup(decrypt);
++   EVP_CIPHER_CTX_init(encrypt);
++   EVP_CIPHER_CTX_init(decrypt);
++   EVP_EncryptInit_ex(encrypt, algo, 0, 0, 0);
++   EVP_DecryptInit_ex(decrypt, algo, 0, 0, 0);
++   EVP_CIPHER_CTX_set_padding(encrypt, 0);
++   EVP_CIPHER_CTX_set_padding(decrypt, 0);
+    }
+ 
+ }
+--- src/engine/openssl/ossl_md.cpp.orig	2018-10-15 00:26:19 UTC
++++ src/engine/openssl/ossl_md.cpp
+@@ -8,10 +8,6 @@
+ #include <botan/internal/openssl_engine.h>
+ #include <openssl/evp.h>
+ 
+-#if OPENSSL_VERSION_NUMBER >= 0x10100000
+-  #error "OpenSSL 1.1 API not supported in Botan 1.10, upgrade to 2.x"
+-#endif
+-
+ namespace Botan {
+ 
+ namespace {
+@@ -28,12 +24,12 @@
+ 
+       size_t output_length() const
+          {
+-         return EVP_MD_size(EVP_MD_CTX_md(&md));
++         return EVP_MD_size(EVP_MD_CTX_md(md));
+          }
+ 
+       size_t hash_block_size() const
+          {
+-         return EVP_MD_block_size(EVP_MD_CTX_md(&md));
++         return EVP_MD_block_size(EVP_MD_CTX_md(md));
+          }
+ 
+       EVP_HashFunction(const EVP_MD*, const std::string&);
+@@ -44,7 +40,7 @@
+ 
+       size_t block_size;
+       std::string algo_name;
+-      EVP_MD_CTX md;
++      EVP_MD_CTX *md;
+    };
+ 
+ /*
+@@ -52,7 +48,7 @@
+ */
+ void EVP_HashFunction::add_data(const byte input[], size_t length)
+    {
+-   EVP_DigestUpdate(&md, input, length);
++   EVP_DigestUpdate(md, input, length);
+    }
+ 
+ /*
+@@ -60,9 +56,9 @@
+ */
+ void EVP_HashFunction::final_result(byte output[])
+    {
+-   EVP_DigestFinal_ex(&md, output, 0);
+-   const EVP_MD* algo = EVP_MD_CTX_md(&md);
+-   EVP_DigestInit_ex(&md, algo, 0);
++   EVP_DigestFinal_ex(md, output, 0);
++   const EVP_MD* algo = EVP_MD_CTX_md(md);
++   EVP_DigestInit_ex(md, algo, 0);
+    }
+ 
+ /*
+@@ -70,8 +66,8 @@
+ */
+ void EVP_HashFunction::clear()
+    {
+-   const EVP_MD* algo = EVP_MD_CTX_md(&md);
+-   EVP_DigestInit_ex(&md, algo, 0);
++   const EVP_MD* algo = EVP_MD_CTX_md(md);
++   EVP_DigestInit_ex(md, algo, 0);
+    }
+ 
+ /*
+@@ -79,7 +75,7 @@
+ */
+ HashFunction* EVP_HashFunction::clone() const
+    {
+-   const EVP_MD* algo = EVP_MD_CTX_md(&md);
++   const EVP_MD* algo = EVP_MD_CTX_md(md);
+    return new EVP_HashFunction(algo, name());
+    }
+ 
+@@ -90,8 +86,8 @@
+                                    const std::string& name) :
+    algo_name(name)
+    {
+-   EVP_MD_CTX_init(&md);
+-   EVP_DigestInit_ex(&md, algo, 0);
++   EVP_MD_CTX_init(md);
++   EVP_DigestInit_ex(md, algo, 0);
+    }
+ 
+ /*
+@@ -99,7 +95,11 @@
+ */
+ EVP_HashFunction::~EVP_HashFunction()
+    {
+-   EVP_MD_CTX_cleanup(&md);
++#if OPENSSL_VERSION_NUMBER >= 0x10100000
++   EVP_MD_CTX_free(md);
++#else
++   EVP_MD_CTX_cleanup(md);
++#endif
+    }
+ 
+ }