From aa57c87807d3043a8348489bc2f8d3b165edf52d Mon Sep 17 00:00:00 2001
From: Eduardo Barretto <ebarretto@linux.vnet.ibm.com>
Date: Tue, 21 Mar 2017 13:54:15 -0300
Subject: [PATCH] Adapt EVP_CIPHER_CTX to new API to support openssl-1.1

Signed-off-by: Eduardo Barretto <ebarretto@linux.vnet.ibm.com>
---
 src/e_pkcs11.c | 24 +++++++++++++++++++++---
 1 file changed, 21 insertions(+), 3 deletions(-)

diff --git a/src/e_pkcs11.c b/src/e_pkcs11.c
index 971cdea..1a96a7a 100644
--- a/src/e_pkcs11.c
+++ b/src/e_pkcs11.c
@@ -237,10 +237,11 @@ struct pkcs11_digest_ctx {
 
 /********/
 
-#define CIPHER_DATA(ctx) ((struct token_session *)(ctx->cipher_data))
 #ifdef OLDER_OPENSSL
+#define CIPHER_DATA(ctx) ((struct token_session *)(ctx->cipher_data))
 #define MD_DATA(ctx) ((struct pkcs11_digest_ctx *)(ctx->md_data))
 #else
+#define CIPHER_DATA(ctx) ((struct token_session *)(EVP_CIPHER_CTX_get_cipher_data(ctx)))
 #define MD_DATA(ctx) ((struct pkcs11_digest_ctx *)(EVP_MD_CTX_md_data(ctx)))
 #endif
 
@@ -3222,14 +3223,27 @@ static int pkcs11_init_key(EVP_CIPHER_CTX * ctx, const unsigned char *key,
 	CK_OBJECT_HANDLE hkey;
 
 	DBG_fprintf("%s\n", __FUNCTION__);
-	DBG_fprintf("EVP_CIPHER_CTX_mode(ctx): %lu, EVP_CIPH_CBC_MODE: %d, iv: %p, ctx->iv: %p\n",
-		    EVP_CIPHER_CTX_mode(ctx), EVP_CIPH_CBC_MODE, iv, ctx->iv);
+#ifdef OLDER_OPENSSL
+	DBG_fprintf("EVP_CIPHER_CTX_mode(ctx): %lu,		\
+		     EVP_CIPH_CBC_MODE: %d, iv: %p, ctx->iv: %p\n",
+		    EVP_CIPHER_CTX_mode(ctx), EVP_CIPH_CBC_MODE, iv,
+		    ctx->iv);
+#else
+	DBG_fprintf("EVP_CIPHER_CTX_mode(ctx): %lu,		\
+		     EVP_CIPH_CBC_MODE: %d, iv: %p, ctx->iv: %p\n",
+		    EVP_CIPHER_CTX_mode(ctx), EVP_CIPH_CBC_MODE, iv,
+		    EVP_CIPHER_CTX_iv(ctx));
+#endif
 
 	if (mech==-1) {
 		PKCS11err(PKCS11_F_INITKEY, PKCS11_R_BADMECHANISM);
 		goto out;
 	} else if (EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_CBC_MODE) {
+#ifdef OLDER_OPENSSL
 		mechanism.pParameter = (CK_VOID_PTR)(iv ? iv : ctx->iv);
+#else
+		mechanism.pParameter = (CK_VOID_PTR)(iv ? iv : EVP_CIPHER_CTX_iv(ctx));
+#endif
 		mechanism.ulParameterLen = EVP_CIPHER_CTX_iv_length(ctx);
 
 		if (mechanism.pParameter == NULL || mechanism.ulParameterLen == 0) {
@@ -3322,7 +3336,11 @@ static inline int pkcs11_cipher(EVP_CIPHER_CTX * ctx, unsigned char *out,
 
 	session = CIPHER_DATA(ctx)->session;
 
+#ifdef OLDER_OPENSSL
 	if (ctx->encrypt) {
+#else
+	if (EVP_CIPHER_CTX_encrypting(ctx)) {
+#endif
 		rv = pFunctionList->C_EncryptUpdate(session, (void *)in, inlen, (void *)out, &outlen);
 
 		if (rv) {