From b61a5f46da1283f4544f6ace3f19e64b1cfcc800 Mon Sep 17 00:00:00 2001
From: David Disseldorp <ddiss@suse.de>
Date: Thu, 16 Aug 2018 16:53:49 +0200
Subject: [PATCH 1/1] engines/http: support openssl < 1.1.0

openssl versions prior to 1.1.0 do not use an opaque pointer for
HMAC_CTX.

Signed-off-by: David Disseldorp <ddiss@suse.de>
---
 configure      |  6 +++---
 engines/http.c | 11 +++++++++++
 2 files changed, 14 insertions(+), 3 deletions(-)

diff --git a/configure b/configure
index 97bc35e9..0637b105 100755
--- a/configure
+++ b/configure
@@ -1574,11 +1574,11 @@ if test "$http" != "yes" ; then
   http="no"
 fi
 if test "$disable_http" != "yes"  && $(pkg-config --exists libcurl openssl); then
-  # http engine currently requires opaque HMAC_CTX present in openssl >= 1.1
   if $(pkg-config --atleast-version=1.1.0 openssl); then
-    LIBS="$(pkg-config --libs libcurl openssl) $LIBS"
-    http="yes"
+    output_sym "CONFIG_HAVE_OPAQUE_HMAC_CTX"
   fi
+  LIBS="$(pkg-config --libs libcurl openssl) $LIBS"
+  http="yes"
 fi
 print_config "http engine" "$http"
 
diff --git a/engines/http.c b/engines/http.c
index d3fdba82..979573a8 100644
--- a/engines/http.c
+++ b/engines/http.c
@@ -205,14 +205,25 @@ static char *_gen_hex_sha256(const char *p, size_t len)
 }
 
 static void _hmac(unsigned char *md, void *key, int key_len, char *data) {
+#ifndef CONFIG_HAVE_OPAQUE_HMAC_CTX
+	HMAC_CTX _ctx;
+#endif
 	HMAC_CTX *ctx;
 	unsigned int hmac_len;
 
+#ifdef CONFIG_HAVE_OPAQUE_HMAC_CTX
 	ctx = HMAC_CTX_new();
+#else
+	ctx = &_ctx;
+#endif
 	HMAC_Init_ex(ctx, key, key_len, EVP_sha256(), NULL);
 	HMAC_Update(ctx, (unsigned char*)data, strlen(data));
 	HMAC_Final(ctx, md, &hmac_len);
+#ifdef CONFIG_HAVE_OPAQUE_HMAC_CTX
 	HMAC_CTX_free(ctx);
+#else
+	HMAC_CTX_cleanup(ctx);
+#endif
 }
 
 static int _curl_trace(CURL *handle, curl_infotype type,
-- 
2.25.1