From 8354d5c8e07a61b9b73c65221a4b6c5add55c1f5 Mon Sep 17 00:00:00 2001
From: Gert Wollny <gw.fossdev@gmail.com>
Date: Sun, 26 Jun 2016 17:08:13 +0000
Subject: [PATCH] Add patch for openssl-1.1, Closes: #828281

---
 .../patches/dcmtk-361-20160216-ssl-1.1.patch  | 194 ++++++++++++++++++
 debian/patches/series                         |   1 +
 2 files changed, 195 insertions(+)
 create mode 100644 debian/patches/dcmtk-361-20160216-ssl-1.1.patch

diff --git a/debian/patches/dcmtk-361-20160216-ssl-1.1.patch b/debian/patches/dcmtk-361-20160216-ssl-1.1.patch
new file mode 100644
index 00000000..d05adaa7
--- /dev/null
+++ b/debian/patches/dcmtk-361-20160216-ssl-1.1.patch
@@ -0,0 +1,194 @@
+--- a/dcmtls/libsrc/tlslayer.cc
++++ b/dcmtls/libsrc/tlslayer.cc
+@@ -48,6 +48,11 @@
+ #define DCMTK_SSL_CTX_get0_param(A) A->param;
+ #endif
+ 
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#define SSL_CTX_get_cert_store(ctx) ctx->cert_store
++#define EVP_PKEY_id(key) key->type;
++#endif
++
+ extern "C" int DcmTLSTransportLayer_certificateValidationCallback(int ok, X509_STORE_CTX *storeContext);
+ 
+ OFLogger DCM_dcmtlsLogger = OFLog::getLogger("dcmtk.dcmtls");
+@@ -114,18 +119,21 @@
+     {"TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA",   SSL3_TXT_ADH_DES_40_CBC_SHA},
+     {"TLS_DH_anon_WITH_DES_CBC_SHA",            SSL3_TXT_ADH_DES_64_CBC_SHA},
+     {"TLS_DH_anon_WITH_3DES_EDE_CBC_SHA",       SSL3_TXT_ADH_DES_192_CBC_SHA},
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+     {"TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA",     TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA},
+     {"TLS_RSA_EXPORT1024_WITH_RC4_56_SHA",      TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA},
+     {"TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA", TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA},
+     {"TLS_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA",  TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA},
++#endif
+     {"TLS_DHE_DSS_WITH_RC4_128_SHA",            TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA}
+ 
+ #if OPENSSL_VERSION_NUMBER >= 0x0090700fL
+-    // cipersuites added in OpenSSL 0.9.7
+     ,
++    // cipersuites added in OpenSSL 0.9.7
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+     {"TLS_RSA_EXPORT_WITH_RC4_56_MD5",          TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5},
+     {"TLS_RSA_EXPORT_WITH_RC2_CBC_56_MD5",      TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5},
+-
++#endif
+     /* AES ciphersuites from RFC3268 */
+     {"TLS_RSA_WITH_AES_128_CBC_SHA",            TLS1_TXT_RSA_WITH_AES_128_SHA},
+     {"TLS_DH_DSS_WITH_AES_128_CBC_SHA",         TLS1_TXT_DH_DSS_WITH_AES_128_SHA},
+@@ -184,7 +192,9 @@
+      // but the API has been available at least since 0.9.5.
+      SSL_library_init();
+      SSL_load_error_strings();
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+      SSLeay_add_all_algorithms();
++#endif
+      seedPRNG(randFile);
+    }
+ 
+@@ -330,7 +340,7 @@
+   /* fileType should be SSL_FILETYPE_ASN1 or SSL_FILETYPE_PEM */
+   if (transportLayerContext)
+   {
+-    X509_LOOKUP *x509_lookup = X509_STORE_add_lookup(transportLayerContext->cert_store, X509_LOOKUP_file());
++    X509_LOOKUP *x509_lookup = X509_STORE_add_lookup(SSL_CTX_get_cert_store(transportLayerContext), X509_LOOKUP_file());
+     if (x509_lookup == NULL) return TCS_tlsError;
+     if (! X509_LOOKUP_load_file(x509_lookup, fileName, fileType)) return TCS_tlsError;
+   } else return TCS_illegalCall;
+@@ -342,7 +352,7 @@
+   /* fileType should be SSL_FILETYPE_ASN1 or SSL_FILETYPE_PEM */
+   if (transportLayerContext)
+   {
+-    X509_LOOKUP *x509_lookup = X509_STORE_add_lookup(transportLayerContext->cert_store, X509_LOOKUP_hash_dir());
++    X509_LOOKUP *x509_lookup = X509_STORE_add_lookup(SSL_CTX_get_cert_store(transportLayerContext), X509_LOOKUP_hash_dir());
+     if (x509_lookup == NULL) return TCS_tlsError;
+     if (! X509_LOOKUP_add_dir(x509_lookup, pathName, fileType)) return TCS_tlsError;
+   } else return TCS_illegalCall;
+@@ -464,7 +474,7 @@
+     EVP_PKEY *pubkey = X509_get_pubkey(peerCertificate); // creates copy of public key
+     if (pubkey)
+     {
+-      switch (EVP_PKEY_type(pubkey->type))
++      switch (EVP_PKEY_id(pubkey))
+       {
+         case EVP_PKEY_RSA:
+           certPubKeyType = "RSA";
+--- a/dcmsign/libsrc/sicert.cc
++++ b/dcmsign/libsrc/sicert.cc
+@@ -39,6 +39,10 @@
+ #include <openssl/pem.h>
+ END_EXTERN_C
+ 
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#define EVP_PKEY_id(key) key->type;
++#endif
++
+ SiCertificate::SiCertificate()
+ : x509(NULL)
+ {
+@@ -57,7 +61,7 @@
+     EVP_PKEY *pkey = X509_extract_key(x509);
+     if (pkey)
+     {
+-      switch(pkey->type)
++      switch(EVP_PKEY_id(pkey))
+       {
+         case EVP_PKEY_RSA:
+           result = EKT_RSA;
+@@ -85,7 +89,7 @@
+     EVP_PKEY *pkey = X509_extract_key(x509);
+     if (pkey)
+     {
+-      switch(pkey->type)
++      switch(EVP_PKEY_id(pkey))
+       {
+         case EVP_PKEY_RSA:
+           return new SiRSA(EVP_PKEY_get1_RSA(pkey));
+@@ -111,7 +115,7 @@
+   x509 = NULL;
+   if (filename)
+   {
+-    BIO *in = BIO_new(BIO_s_file_internal());
++    BIO *in = BIO_new(BIO_s_file());
+     if (in)
+     {
+       if (BIO_read_filename(in, filename) > 0)
+--- a/dcmsign/libsrc/sicertvf.cc
++++ b/dcmsign/libsrc/sicertvf.cc
+@@ -72,7 +72,7 @@
+   X509_CRL *x509crl = NULL;
+   if (fileName)
+   {
+-    BIO *in = BIO_new(BIO_s_file_internal());
++    BIO *in = BIO_new(BIO_s_file());
+     if (in)
+     {
+       if (BIO_read_filename(in, fileName) > 0)
+@@ -107,11 +107,12 @@
+   X509 *rawcert = certificate.getRawCertificate();
+   if (rawcert == NULL) return SI_EC_VerificationFailed_NoCertificate;
+ 
+-  X509_STORE_CTX ctx;
+-  X509_STORE_CTX_init(&ctx, x509store, rawcert, NULL);
+-  int ok = X509_verify_cert(&ctx); /* returns nonzero if successful */
+-  errorCode = X509_STORE_CTX_get_error(&ctx);
+-  X509_STORE_CTX_cleanup(&ctx);
++  X509_STORE_CTX *ctx = NULL;
++  ctx = X509_STORE_CTX_new();
++  int ok = X509_STORE_CTX_init(ctx, x509store, rawcert, NULL);
++  errorCode = X509_STORE_CTX_get_error(ctx);
++  X509_STORE_CTX_cleanup(ctx);
++  X509_STORE_CTX_free(ctx);
+   if (ok) return EC_Normal; else return SI_EC_VerificationFailed_NoTrust;
+ }
+ 
+--- a/dcmsign/libsrc/siprivat.cc
++++ b/dcmsign/libsrc/siprivat.cc
+@@ -38,6 +38,9 @@
+ #include <openssl/pem.h>
+ END_EXTERN_C
+ 
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#define EVP_PKEY_id(key) key->type;
++#endif
+ 
+ /* buf     : buffer to write password into
+  * size    : length of buffer in bytes
+@@ -96,7 +99,7 @@
+   pkey = NULL;
+   if (filename)
+   {
+-    BIO *in = BIO_new(BIO_s_file_internal());
++    BIO *in = BIO_new(BIO_s_file());
+     if (in)
+     {
+       if (BIO_read_filename(in, filename) > 0)
+@@ -125,7 +128,7 @@
+   E_KeyType result = EKT_none;
+   if (pkey)
+   {
+-    switch(pkey->type)
++    switch(EVP_PKEY_id(pkey))
+     {
+       case EVP_PKEY_RSA:
+         result = EKT_RSA;
+@@ -149,7 +152,7 @@
+ {
+   if (pkey)
+   {
+-    switch(pkey->type)
++    switch(EVP_PKEY_id(pkey))
+     {
+       case EVP_PKEY_RSA:
+         return new SiRSA(EVP_PKEY_get1_RSA(pkey));
+--- a/dcmpstat/libsrc/dviface.cc
++++ b/dcmpstat/libsrc/dviface.cc
+@@ -4080,7 +4080,7 @@
+ 
+     /* attempt to load the private key with the given password*/
+     EVP_PKEY *pkey = NULL;
+-    BIO *in = BIO_new(BIO_s_file_internal());
++    BIO *in = BIO_new(BIO_s_file());
+     if (in)
+     {
+       if (BIO_read_filename(in, filename.c_str()) > 0)
diff --git a/debian/patches/series b/debian/patches/series
index c7ae9103..63a3a859 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -6,3 +6,4 @@
 06_soversion_abi.patch
 07_dont_export_all_executables.patch
 08_remove_system_processor.patch
+dcmtk-361-20160216-ssl-1.1.patch
-- 
2.30.2