OpenSSL 1.1 Port.

Some potential problems with Ssl_Init_Async_SendAlert.

src/Mayaqua/Encrypt.c

@@ -165,52 +165,64 @@ typedef struct CB_PARAM
 } CB_PARAM;
 
 // Copied from t1_enc.c of OpenSSL
-#define HMAC_Init_ex(ctx,sec,len,md,impl) HMAC_Init(ctx, sec, len, md) 
-#define HMAC_CTX_cleanup(ctx)             HMAC_cleanup(ctx)
 void Enc_tls1_P_hash(const EVP_MD *md, const unsigned char *sec, int sec_len,
 				 const unsigned char *seed, int seed_len, unsigned char *out, int olen)
 {
 	int chunk,n;
 	unsigned int j;
-	HMAC_CTX ctx;
-	HMAC_CTX ctx_tmp;
+	HMAC_CTX *ctx;
+	HMAC_CTX *ctx_tmp;
 	unsigned char A1[EVP_MAX_MD_SIZE];
 	unsigned int A1_len;
 
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+	ctx = HMAC_CTX_new();
+	ctx_tmp = HMAC_CTX_new();
+#else
+	HMAC_CTX ctx_;
+	HMAC_CTX ctx_tmp_;
+	ctx = &ctx_;
+	ctx_tmp = &ctx_tmp_;
+	Zero(ctx, sizeof(ctx));
+	Zero(ctx_tmp, sizeof(ctx_tmp));
+#endif
 	chunk=EVP_MD_size(md);
 
-	Zero(&ctx, sizeof(ctx));
-	Zero(&ctx_tmp, sizeof(ctx_tmp));
-	HMAC_Init_ex(&ctx,sec,sec_len,md, NULL);
-	HMAC_Init_ex(&ctx_tmp,sec,sec_len,md, NULL);
-	HMAC_Update(&ctx,seed,seed_len);
-	HMAC_Final(&ctx,A1,&A1_len);
+	HMAC_Init_ex(ctx,sec,sec_len,md, NULL);
+	HMAC_Init_ex(ctx_tmp,sec,sec_len,md, NULL);
+	HMAC_Update(ctx,seed,seed_len);
+	HMAC_Final(ctx,A1,&A1_len);
 
 	n=0;
 	for (;;)
 	{
-		HMAC_Init_ex(&ctx,NULL,0,NULL,NULL); /* re-init */
-		HMAC_Init_ex(&ctx_tmp,NULL,0,NULL,NULL); /* re-init */
-		HMAC_Update(&ctx,A1,A1_len);
-		HMAC_Update(&ctx_tmp,A1,A1_len);
-		HMAC_Update(&ctx,seed,seed_len);
+		HMAC_Init_ex(ctx,NULL,0,NULL,NULL); /* re-init */
+		HMAC_Init_ex(ctx_tmp,NULL,0,NULL,NULL); /* re-init */
+		HMAC_Update(ctx,A1,A1_len);
+		HMAC_Update(ctx_tmp,A1,A1_len);
+		HMAC_Update(ctx,seed,seed_len);
 
 		if (olen > chunk)
 		{
-			HMAC_Final(&ctx,out,&j);
+			HMAC_Final(ctx,out,&j);
 			out+=j;
 			olen-=j;
-			HMAC_Final(&ctx_tmp,A1,&A1_len); /* calc the next A1 value */
+			HMAC_Final(ctx_tmp,A1,&A1_len); /* calc the next A1 value */
 		}
 		else	/* last one */
 		{
-			HMAC_Final(&ctx,A1,&A1_len);
+			HMAC_Final(ctx,A1,&A1_len);
 			memcpy(out,A1,olen);
 			break;
 		}
 	}
-	HMAC_CTX_cleanup(&ctx);
-	HMAC_CTX_cleanup(&ctx_tmp);
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+	HMAC_CTX_free(ctx);
+	HMAC_CTX_free(ctx_tmp);
+#else
+	HMAC_CTX_cleanup(ctx);
+	HMAC_CTX_cleanup(ctx_tmp);
+#endif
 	Zero (A1, sizeof(A1));
 }
 
@@ -457,7 +469,7 @@ void MdProcess(MD *md, void *dest, void *src, UINT size)
 		return;
 	}
 
-	HMAC_Init(md->Ctx, NULL, 0, NULL);
+	HMAC_Init_ex(md->Ctx, NULL, 0, NULL, NULL);
 	HMAC_Update(md->Ctx, src, size);
 
 	r = 0;
@@ -473,7 +485,7 @@ void SetMdKey(MD *md, void *key, UINT key_size)
 		return;
 	}
 
-	HMAC_Init(md->Ctx, key, key_size, md->Md);
+	HMAC_Init_ex(md->Ctx, key, key_size, md->Md, NULL);
 }
 
 // Creating a message digest object
@@ -496,8 +508,12 @@ MD *NewMd(char *name)
 		return NULL;
 	}
 
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+	m->Ctx = HMAC_CTX_new();
+#else
 	m->Ctx = ZeroMalloc(sizeof(struct hmac_ctx_st));
 	HMAC_CTX_init(m->Ctx);
+#endif
 
 	m->Size = EVP_MD_size(m->Md);
 
@@ -515,8 +531,12 @@ void FreeMd(MD *md)
 
 	if (md->Ctx != NULL)
 	{
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+		HMAC_CTX_free(md->Ctx);
+#else
 		HMAC_CTX_cleanup(md->Ctx);
 		Free(md->Ctx);
+#endif
 	}
 
 	Free(md);
@@ -551,8 +571,12 @@ CIPHER *NewCipher(char *name)
 		return NULL;
 	}
 
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+	c->Ctx = EVP_CIPHER_CTX_new();
+#else
 	c->Ctx = ZeroMalloc(sizeof(struct evp_cipher_ctx_st));
 	EVP_CIPHER_CTX_init(c->Ctx);
+#endif
 
 	c->BlockSize = EVP_CIPHER_block_size(c->Cipher);
 	c->KeySize = EVP_CIPHER_key_length(c->Cipher);
@@ -629,8 +653,12 @@ void FreeCipher(CIPHER *c)
 
 	if (c->Ctx != NULL)
 	{
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+		EVP_CIPHER_CTX_free(c->Ctx);
+#else
 		EVP_CIPHER_CTX_cleanup(c->Ctx);
 		Free(c->Ctx);
+#endif
 	}
 
 	Free(c);
@@ -811,6 +839,9 @@ K *RsaBinToPublic(void *data, UINT size)
 	RSA *rsa;
 	K *k;
 	BIO *bio;
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+	BIGNUM *e, *n;
+#endif
 	// Validate arguments
 	if (data == NULL || size < 4)
 	{
@@ -819,6 +850,14 @@ K *RsaBinToPublic(void *data, UINT size)
 
 	rsa = RSA_new();
 
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+	e = BN_new();
+	BN_set_word(e, RSA_F4);
+
+	n = BinToBigNum(data, size);
+
+	RSA_set0_key(rsa, n, e, NULL);
+#else
 	if (rsa->e != NULL)
 	{
 		BN_free(rsa->e);
@@ -833,6 +872,7 @@ K *RsaBinToPublic(void *data, UINT size)
 	}
 
 	rsa->n = BinToBigNum(data, size);
+#endif
 
 	bio = NewBio();
 	Lock(openssl_lock);
@@ -853,14 +893,39 @@ K *RsaBinToPublic(void *data, UINT size)
 BUF *RsaPublicToBuf(K *k)
 {
 	BUF *b;
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+	RSA *rsa;
+	const BIGNUM *n;
+#endif
 	// Validate arguments
-	if (k == NULL || k->pkey == NULL || k->pkey->pkey.rsa == NULL
-		|| k->pkey->pkey.rsa->n == NULL)
+	if (k == NULL || k->pkey == NULL)
+	{
+		return NULL;
+	}
+
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+	rsa = EVP_PKEY_get0_RSA(k->pkey);
+	if (rsa == NULL)
+	{
+		return NULL;
+	}
+
+	RSA_get0_key(rsa, &n, NULL, NULL);
+	if (n == NULL)
+	{
+		return NULL;
+	}
+
+	b = BigNumToBuf(n);
+#else
+	if (k->pkey->pkey.rsa == NULL || k->pkey->pkey.rsa->n == NULL)
 	{
 		return NULL;
 	}
 
 	b = BigNumToBuf(k->pkey->pkey.rsa->n);
+#endif
+
 	if (b == NULL)
 	{
 		return NULL;
@@ -874,13 +939,12 @@ void RsaPublicToBin(K *k, void *data)
 {
 	BUF *b;
 	// Validate arguments
-	if (k == NULL || k->pkey == NULL || k->pkey->pkey.rsa == NULL
-		|| k->pkey->pkey.rsa->n == NULL || data == NULL)
+	if (data == NULL)
 	{
 		return;
 	}
 
-	b = BigNumToBuf(k->pkey->pkey.rsa->n);
+	b = RsaPublicToBuf(k);
 	if (b == NULL)
 	{
 		return;
@@ -896,14 +960,8 @@ UINT RsaPublicSize(K *k)
 {
 	BUF *b;
 	UINT ret;
-	// Validate arguments
-	if (k == NULL || k->pkey == NULL || k->pkey->pkey.rsa == NULL
-		|| k->pkey->pkey.rsa->n == NULL)
-	{
-		return 0;
-	}
 
-	b = BigNumToBuf(k->pkey->pkey.rsa->n);
+	b = RsaPublicToBuf(k);
 	if (b == NULL)
 	{
 		return 0;
@@ -1017,7 +1075,7 @@ BIGNUM *BufToBigNum(BUF *b)
 }
 
 // Convert a BIGNUM to a buffer
-BUF *BigNumToBuf(BIGNUM *bn)
+BUF *BigNumToBuf(const BIGNUM *bn)
 {
 	UINT size;
 	UCHAR *tmp;
@@ -1990,6 +2048,7 @@ X509 *NewX509(K *pub, K *priv, X *ca, NAME *name, UINT days, X_SERIAL *serial)
 	X509_EXTENSION *ex = NULL;
 	X509_EXTENSION *eku = NULL;
 	X509_EXTENSION *busage = NULL;
+	ASN1_INTEGER *s;
 	// Validate arguments
 	if (pub == NULL || name == NULL || ca == NULL)
 	{
@@ -2052,19 +2111,17 @@ X509 *NewX509(K *pub, K *priv, X *ca, NAME *name, UINT days, X_SERIAL *serial)
 	FreeX509Name(subject_name);
 
 	// Set the Serial Number
+	s = X509_get_serialNumber(x509);
+	OPENSSL_free(s->data);
 	if (serial == NULL)
 	{
 		char zero = 0;
-		ASN1_INTEGER *s = x509->cert_info->serialNumber;
-		OPENSSL_free(s->data);
 		s->data = OPENSSL_malloc(sizeof(char));
 		Copy(s->data, &zero, sizeof(char));
 		s->length = sizeof(char);
 	}
 	else
 	{
-		ASN1_INTEGER *s = x509->cert_info->serialNumber;
-		OPENSSL_free(s->data);
 		s->data = OPENSSL_malloc(serial->size);
 		Copy(s->data, serial->data, serial->size);
 		s->length = serial->size;
@@ -2117,6 +2174,7 @@ X509 *NewRootX509(K *pub, K *priv, NAME *name, UINT days, X_SERIAL *serial)
 	X509_EXTENSION *ex = NULL;
 	X509_EXTENSION *eku = NULL;
 	X509_EXTENSION *busage = NULL;
+	ASN1_INTEGER *s;
 	// Validate arguments
 	if (pub == NULL || name == NULL || priv == NULL)
 	{
@@ -2184,19 +2242,17 @@ X509 *NewRootX509(K *pub, K *priv, NAME *name, UINT days, X_SERIAL *serial)
 	FreeX509Name(issuer_name);
 
 	// Set a Serial Number
+	s = X509_get_serialNumber(x509);
+	OPENSSL_free(s->data);
 	if (serial == NULL)
 	{
 		char zero = 0;
-		ASN1_INTEGER *s = x509->cert_info->serialNumber;
-		OPENSSL_free(s->data);
 		s->data = OPENSSL_malloc(sizeof(char));
 		Copy(s->data, &zero, sizeof(char));
 		s->length = sizeof(char);
 	}
 	else
 	{
-		ASN1_INTEGER *s = x509->cert_info->serialNumber;
-		OPENSSL_free(s->data);
 		s->data = OPENSSL_malloc(serial->size);
 		Copy(s->data, serial->data, serial->size);
 		s->length = serial->size;
@@ -2394,8 +2450,8 @@ void LoadXDates(X *x)
 		return;
 	}
 
-	x->notBefore = Asn1TimeToUINT64(x->x509->cert_info->validity->notBefore);
-	x->notAfter = Asn1TimeToUINT64(x->x509->cert_info->validity->notAfter);
+	x->notBefore = Asn1TimeToUINT64(X509_get0_notBefore(x->x509));
+	x->notAfter = Asn1TimeToUINT64(X509_get0_notAfter(x->x509));
 }
 
 // Convert the 64bit system time to ASN1 time
@@ -2547,6 +2603,7 @@ bool RsaVerify(void *data, UINT data_size, void *sign, K *k)
 {
 	return RsaVerifyEx(data, data_size, sign, k, 0);
 }
+
 bool RsaVerifyEx(void *data, UINT data_size, void *sign, K *k, UINT bits)
 {
 	UCHAR hash_data[SIGN_HASH_SIZE];
@@ -2568,7 +2625,7 @@ bool RsaVerifyEx(void *data, UINT data_size, void *sign, K *k, UINT bits)
 	}
 
 	// Decode the signature
-	if (RSA_public_decrypt(bits / 8, sign, decrypt_data, k->pkey->pkey.rsa, RSA_PKCS1_PADDING) <= 0)
+	if (RSA_public_decrypt(bits / 8, sign, decrypt_data, EVP_PKEY_get0_RSA(k->pkey), RSA_PKCS1_PADDING) <= 0)
 	{
 		return false;
 	}
@@ -2591,7 +2648,7 @@ bool RsaSignEx(void *dst, void *src, UINT size, K *k, UINT bits)
 {
 	UCHAR hash[SIGN_HASH_SIZE];
 	// Validate arguments
-	if (dst == NULL || src == NULL || k == NULL || k->pkey->type != EVP_PKEY_RSA)
+	if (dst == NULL || src == NULL || k == NULL || EVP_PKEY_base_id(k->pkey) != EVP_PKEY_RSA)
 	{
 		return false;
 	}
@@ -2609,7 +2666,7 @@ bool RsaSignEx(void *dst, void *src, UINT size, K *k, UINT bits)
 	}
 
 	// Signature
-	if (RSA_private_encrypt(sizeof(hash), hash, dst, k->pkey->pkey.rsa, RSA_PKCS1_PADDING) <= 0)
+	if (RSA_private_encrypt(sizeof(hash), hash, dst, EVP_PKEY_get0_RSA(k->pkey), RSA_PKCS1_PADDING) <= 0)
 	{
 		return false;
 	}
@@ -2655,7 +2712,7 @@ bool RsaPublicDecrypt(void *dst, void *src, UINT size, K *k)
 	tmp = ZeroMalloc(size);
 	Lock(openssl_lock);
 	{
-		ret = RSA_public_decrypt(size, src, tmp, k->pkey->pkey.rsa, RSA_NO_PADDING);
+		ret = RSA_public_decrypt(size, src, tmp, EVP_PKEY_get0_RSA(k->pkey), RSA_NO_PADDING);
 	}
 	Unlock(openssl_lock);
 	if (ret <= 0)
@@ -2686,7 +2743,7 @@ bool RsaPrivateEncrypt(void *dst, void *src, UINT size, K *k)
 	tmp = ZeroMalloc(size);
 	Lock(openssl_lock);
 	{
-		ret = RSA_private_encrypt(size, src, tmp, k->pkey->pkey.rsa, RSA_NO_PADDING);
+		ret = RSA_private_encrypt(size, src, tmp, EVP_PKEY_get0_RSA(k->pkey), RSA_NO_PADDING);
 	}
 	Unlock(openssl_lock);
 	if (ret <= 0)
@@ -2717,7 +2774,7 @@ bool RsaPrivateDecrypt(void *dst, void *src, UINT size, K *k)
 	tmp = ZeroMalloc(size);
 	Lock(openssl_lock);
 	{
-		ret = RSA_private_decrypt(size, src, tmp, k->pkey->pkey.rsa, RSA_NO_PADDING);
+		ret = RSA_private_decrypt(size, src, tmp, EVP_PKEY_get0_RSA(k->pkey), RSA_NO_PADDING);
 	}
 	Unlock(openssl_lock);
 	if (ret <= 0)
@@ -2745,7 +2802,7 @@ bool RsaPublicEncrypt(void *dst, void *src, UINT size, K *k)
 	tmp = ZeroMalloc(size);
 	Lock(openssl_lock);
 	{
-		ret = RSA_public_encrypt(size, src, tmp, k->pkey->pkey.rsa, RSA_NO_PADDING);
+		ret = RSA_public_encrypt(size, src, tmp, EVP_PKEY_get0_RSA(k->pkey), RSA_NO_PADDING);
 	}
 	Unlock(openssl_lock);
 	if (ret <= 0)
@@ -3923,6 +3980,7 @@ X *X509ToX(X509 *x509)
 	BUF *b;
 	UINT size;
 	UINT type;
+	ASN1_INTEGER *s;
 	// Validate arguments
 	if (x509 == NULL)
 	{
@@ -3990,8 +4048,8 @@ X *X509ToX(X509 *x509)
 	}
 
 	// Get the Serial Number
-	x->serial = NewXSerial(x509->cert_info->serialNumber->data,
-		x509->cert_info->serialNumber->length);
+	s = X509_get_serialNumber(x509);
+	x->serial = NewXSerial(s->data, s->length);
 	if (x->serial == NULL)
 	{
 		char zero = 0;
@@ -4008,7 +4066,7 @@ X *X509ToX(X509 *x509)
 	b = KToBuf(k, false, NULL);
 
 	size = b->Size;
-	type = k->pkey->type;
+	type = EVP_PKEY_base_id(k->pkey);
 
 	FreeBuf(b);
 
@@ -4080,7 +4138,7 @@ BUF *BioToBuf(BIO *bio)
 	}
 
 	BIO_seek(bio, 0);
-	size = bio->num_write;
+	size = BIO_number_written(bio);
 	tmp = Malloc(size);
 	BIO_read(bio, tmp, size);
 
@@ -4200,7 +4258,7 @@ void InitCryptLibrary()
 	SSL_library_init();
 	//OpenSSL_add_all_algorithms();
 	OpenSSL_add_all_ciphers();
-	SSLeay_add_all_digests();
+	OpenSSL_add_all_digests();
 	ERR_load_crypto_strings();
 	SSL_load_error_strings();
 
@@ -4989,6 +5047,10 @@ DH_CTX *DhNew(char *prime, UINT g)
 {
 	DH_CTX *dh;
 	BUF *buf;
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+	BIGNUM *dhp, *dhg;
+	const BIGNUM *pub, *priv;
+#endif
 	// Validate arguments
 	if (prime == NULL || g == 0)
 	{
@@ -5000,14 +5062,27 @@ DH_CTX *DhNew(char *prime, UINT g)
 	dh = ZeroMalloc(sizeof(DH_CTX));
 
 	dh->dh = DH_new();
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+	dhp = BinToBigNum(buf->Buf, buf->Size);
+	dhg = BN_new();
+	BN_set_word(dhg, g);
+	DH_set0_pqg(dh->dh, dhp, NULL, dhg);
+#else
 	dh->dh->p = BinToBigNum(buf->Buf, buf->Size);
 	dh->dh->g = BN_new();
 	BN_set_word(dh->dh->g, g);
+#endif
 
 	DH_generate_key(dh->dh);
 
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+	DH_get0_key(dh->dh, &pub, &priv);
+	dh->MyPublicKey = BigNumToBuf(pub);
+	dh->MyPrivateKey = BigNumToBuf(priv);
+#else
 	dh->MyPublicKey = BigNumToBuf(dh->dh->pub_key);
 	dh->MyPrivateKey = BigNumToBuf(dh->dh->priv_key);
+#endif
 
 	dh->Size = buf->Size;
 

src/Mayaqua/Encrypt.h

@@ -228,7 +228,14 @@ void RAND_Free_For_SoftEther();
 // Macro
 #define	HASHED_DATA(p)			(((UCHAR *)p) + 15)
 
-
+// OpenSSL <1.1 Shims
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#	define EVP_PKEY_get0_RSA(obj) ((obj)->pkey.rsa)
+#	define EVP_PKEY_base_id(pkey) ((pkey)->type)
+#	define X509_get0_notBefore(x509) ((x509)->cert_info->validity->notBefore)
+#	define X509_get0_notAfter(x509) ((x509)->cert_info->validity->notAfter)
+#	define X509_get_serialNumber(x509) ((x509)->cert_info->serialNumber)
+#endif
 
 // Crypt context
 struct CRYPT
@@ -341,7 +348,7 @@ struct CIPHER
 struct MD
 {
 	char Name[MAX_PATH];
-	const struct env_md_st *Md;
+	const struct evp_md_st *Md;
 	struct hmac_ctx_st *Ctx;
 	UINT Size;
 };
@@ -461,7 +468,7 @@ void GetAllNameFromName(wchar_t *str, UINT size, NAME *name);
 void GetAllNameFromNameEx(wchar_t *str, UINT size, NAME *name);
 void GetAllNameFromXEx(wchar_t *str, UINT size, X *x);
 void GetAllNameFromXExA(char *str, UINT size, X *x);
-BUF *BigNumToBuf(BIGNUM *bn);
+BUF *BigNumToBuf(const BIGNUM *bn);
 BIGNUM *BinToBigNum(void *data, UINT size);
 BIGNUM *BufToBigNum(BUF *b);
 char *BigNumToStr(BIGNUM *bn);

src/Mayaqua/Network.c

@@ -9429,11 +9429,13 @@ void UnixInitAsyncSocket(SOCK *sock)
 		UnixSetSocketNonBlockingMode(sock->socket, true);
 	}
 
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
 	if (sock->ssl != NULL && sock->ssl->s3 != NULL)
 	{
 		sock->Ssl_Init_Async_SendAlert[0] = sock->ssl->s3->send_alert[0];
 		sock->Ssl_Init_Async_SendAlert[1] = sock->ssl->s3->send_alert[1];
 	}
+#endif
 }
 
 // Initializing the socket library
@@ -13015,7 +13017,7 @@ bool StartSSLEx(SOCK *sock, X *x, K *priv, bool client_tls, UINT ssl_timeout, ch
 		{
 			if (client_tls == false)
 			{
-				SSL_CTX_set_ssl_version(ssl_ctx, SSLv3_method());
+				SSL_CTX_set_ssl_version(ssl_ctx, SSLv23_method());
 			}
 			else
 			{
@@ -13381,10 +13383,14 @@ UINT SecureRecv(SOCK *sock, void *data, UINT size)
 			e = SSL_get_error(ssl, ret);
 			if (e == SSL_ERROR_WANT_READ || e == SSL_ERROR_WANT_WRITE || e == SSL_ERROR_SSL)
 			{
-				if (e == SSL_ERROR_SSL &&
+				if (e == SSL_ERROR_SSL
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+					&&
 					sock->ssl->s3->send_alert[0] == SSL3_AL_FATAL &&
 					sock->ssl->s3->send_alert[0] != sock->Ssl_Init_Async_SendAlert[0] &&
-					sock->ssl->s3->send_alert[1] != sock->Ssl_Init_Async_SendAlert[1])
+					sock->ssl->s3->send_alert[1] != sock->Ssl_Init_Async_SendAlert[1]
+#endif
+					)
 				{
 					Debug("%s %u SSL Fatal Error on ASYNC socket !!!\n", __FILE__, __LINE__);
 					Disconnect(sock);
@@ -13467,10 +13473,14 @@ UINT SecureRecv(SOCK *sock, void *data, UINT size)
 	{
 		if (e == SSL_ERROR_WANT_READ || e == SSL_ERROR_WANT_WRITE || e == SSL_ERROR_SSL)
 		{
-			if (e == SSL_ERROR_SSL &&
+			if (e == SSL_ERROR_SSL
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+				&&
 				sock->ssl->s3->send_alert[0] == SSL3_AL_FATAL &&
 				sock->ssl->s3->send_alert[0] != sock->Ssl_Init_Async_SendAlert[0] &&
-				sock->ssl->s3->send_alert[1] != sock->Ssl_Init_Async_SendAlert[1])
+				sock->ssl->s3->send_alert[1] != sock->Ssl_Init_Async_SendAlert[1]
+#endif
+				)
 			{
 				Debug("%s %u SSL Fatal Error on ASYNC socket !!!\n", __FILE__, __LINE__);
 				Disconnect(sock);

src/Mayaqua/Secure.c

@@ -488,6 +488,7 @@ bool WriteSecKey(SECURE *sec, bool private_obj, char *name, K *k)
 	RSA *rsa;
 	UCHAR modules[MAX_SIZE], pub[MAX_SIZE], pri[MAX_SIZE], prime1[MAX_SIZE], prime2[MAX_SIZE];
 	UCHAR exp1[MAX_SIZE], exp2[MAX_SIZE], coeff[MAX_SIZE];
+	const BIGNUM *n, *e, *d, *p, *q, *dmp1, *dmq1, *iqmp;
 	CK_ATTRIBUTE a[] =
 	{
 		{CKA_MODULUS,			modules,		0},		// 0
@@ -536,48 +537,64 @@ bool WriteSecKey(SECURE *sec, bool private_obj, char *name, K *k)
 	}
 
 	// Numeric data generation
-	rsa = k->pkey->pkey.rsa;
+	rsa = EVP_PKEY_get0_RSA(k->pkey);
 	if (rsa == NULL)
 	{
 		sec->Error = SEC_ERROR_BAD_PARAMETER;
 		return false;
 	}
-	b = BigNumToBuf(rsa->n);
+
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+	RSA_get0_key(rsa, &n, &e, &d);
+	RSA_get0_factors(rsa, &p, &q);
+	RSA_get0_crt_params(rsa, &dmp1, &dmq1, &iqmp);
+#else
+	rsa->n = n;
+	rsa->e = e;
+	rsa->d = d;
+	rsa->p = p;
+	rsa->q = q;
+	rsa->dmp1 = dmp1;
+	rsa->dmq1 = dmq1;
+	rsa->iqmp = iqmp;
+#endif
+
+	b = BigNumToBuf(n);
 	ReadBuf(b, modules, sizeof(modules));
 	A_SIZE(a, 0) = b->Size;
 	FreeBuf(b);
 
-	b = BigNumToBuf(rsa->e);
+	b = BigNumToBuf(e);
 	ReadBuf(b, pub, sizeof(pub));
 	A_SIZE(a, 1) = b->Size;
 	FreeBuf(b);
 
-	b = BigNumToBuf(rsa->d);
+	b = BigNumToBuf(d);
 	ReadBuf(b, pri, sizeof(pri));
 	A_SIZE(a, 2) = b->Size;
 	FreeBuf(b);
 
-	b = BigNumToBuf(rsa->p);
+	b = BigNumToBuf(p);
 	ReadBuf(b, prime1, sizeof(prime1));
 	A_SIZE(a, 3) = b->Size;
 	FreeBuf(b);
 
-	b = BigNumToBuf(rsa->q);
+	b = BigNumToBuf(q);
 	ReadBuf(b, prime2, sizeof(prime2));
 	A_SIZE(a, 4) = b->Size;
 	FreeBuf(b);
 
-	b = BigNumToBuf(rsa->dmp1);
+	b = BigNumToBuf(dmp1);
 	ReadBuf(b, exp1, sizeof(exp1));
 	A_SIZE(a, 5) = b->Size;
 	FreeBuf(b);
 
-	b = BigNumToBuf(rsa->dmq1);
+	b = BigNumToBuf(dmq1);
 	ReadBuf(b, exp2, sizeof(exp2));
 	A_SIZE(a, 6) = b->Size;
 	FreeBuf(b);
 
-	b = BigNumToBuf(rsa->iqmp);
+	b = BigNumToBuf(iqmp);
 	ReadBuf(b, coeff, sizeof(coeff));
 	A_SIZE(a, 7) = b->Size;
 	FreeBuf(b);