From 46a6079817c67a09e5ac493af3381c655bd91c26 Mon Sep 17 00:00:00 2001
From: Peter Popovec <popovec.peter@gmail.com>
Date: Tue, 21 Aug 2018 10:24:36 +0200
Subject: [PATCH] Replacing deprecated OpenSSL API functions (#12)

fixes https://github.com/OpenSC/pam_p11/issues/10
---
 configure.ac  |  5 +++++
 src/pam_p11.c | 17 ++++++++++++++---
 2 files changed, 19 insertions(+), 3 deletions(-)

diff --git a/configure.ac b/configure.ac
index 5bcbdd6..2854a99 100644
--- a/configure.ac
+++ b/configure.ac
@@ -85,6 +85,11 @@ PKG_CHECK_MODULES(
 	)]
 )
 
+saved_LIBS="$LIBS"
+LIBS="$OPENSSL_LIBS $LIBS"
+AC_CHECK_FUNCS(EVP_MD_CTX_new EVP_MD_CTX_free EVP_MD_CTX_reset)
+LIBS="$saved_LIBS"
+
 if test -z "${PAM_LIBS}"; then
 	AC_ARG_VAR([PAM_CFLAGS], [C compiler flags for pam])
 	AC_ARG_VAR([PAM_LIBS], [linker flags for pam])
diff --git a/src/pam_p11.c b/src/pam_p11.c
index 2b4bfbe..60380e5 100644
--- a/src/pam_p11.c
+++ b/src/pam_p11.c
@@ -31,6 +31,17 @@
 #include <openssl/crypto.h>
 #include <libp11.h>
 
+/* openssl deprecated API emulation */
+#ifndef HAVE_EVP_MD_CTX_NEW
+#define EVP_MD_CTX_new()	EVP_MD_CTX_create()
+#endif
+#ifndef HAVE_EVP_MD_CTX_FREE
+#define EVP_MD_CTX_free(ctx)	EVP_MD_CTX_destroy((ctx))
+#endif
+#ifndef HAVE_EVP_MD_CTX_RESET
+#define EVP_MD_CTX_reset(ctx)	EVP_MD_CTX_cleanup((ctx))
+#endif
+
 #ifdef ENABLE_NLS
 #include <libintl.h>
 #include <locale.h>
@@ -578,7 +589,7 @@ static int key_verify(pam_handle_t *pamh, int flags, PKCS11_KEY *authkey)
 	unsigned char signature[256];
 	unsigned int siglen = sizeof signature;
 	const EVP_MD *md = EVP_sha1();
-	EVP_MD_CTX *md_ctx = EVP_MD_CTX_create();
+	EVP_MD_CTX *md_ctx = EVP_MD_CTX_new();
 	EVP_PKEY *privkey = PKCS11_get_private_key(authkey);
 	EVP_PKEY *pubkey = PKCS11_get_public_key(authkey);
 
@@ -596,7 +607,7 @@ static int key_verify(pam_handle_t *pamh, int flags, PKCS11_KEY *authkey)
 			|| !EVP_SignInit(md_ctx, md)
 			|| !EVP_SignUpdate(md_ctx, challenge, sizeof challenge)
 			|| !EVP_SignFinal(md_ctx, signature, &siglen, privkey)
-			|| !EVP_MD_CTX_cleanup(md_ctx)
+			|| !EVP_MD_CTX_reset(md_ctx)
 			|| !EVP_VerifyInit(md_ctx, md)
 			|| !EVP_VerifyUpdate(md_ctx, challenge, sizeof challenge)
 			|| 1 != EVP_VerifyFinal(md_ctx, signature, siglen, pubkey)) {
@@ -613,7 +624,7 @@ static int key_verify(pam_handle_t *pamh, int flags, PKCS11_KEY *authkey)
 	if (NULL != privkey)
 		EVP_PKEY_free(privkey);
 	if (NULL != md_ctx) {
-		EVP_MD_CTX_destroy(md_ctx);
+		EVP_MD_CTX_free(md_ctx);
 	}
 	return ok;
 }