SERVER-26781 Building with openssl 1.1.0

Closes #1133

Signed-off-by: Spencer Jackson <spencer.jackson@mongodb.com>
(cherry picked from commit f257e51df267110a14b489fbfbfbe07896096ad1)

2 files changed, 30 insertions, 15 deletions

diff --git a/src/mongo/crypto/crypto_openssl.cpp b/src/mongo/crypto/crypto_openssl.cpp
index 4dc1e5d02c4..89e9cbb468f 100644
--- a/src/mongo/crypto/crypto_openssl.cpp
+++ b/src/mongo/crypto/crypto_openssl.cpp
@@ -29,15 +29,37 @@
 #include "mongo/platform/basic.h"
 
 #include "mongo/config.h"
-#include "mongo/util/scopeguard.h"
+#include "mongo/crypto/crypto.h"
+#include "mongo/stdx/memory.h"
+#include "mongo/util/assert_util.h"
 
 #ifndef MONGO_CONFIG_SSL
 #error This file should only be included in SSL-enabled builds
 #endif
 
-#include <openssl/sha.h>
+#include <cstring>
 #include <openssl/evp.h>
 #include <openssl/hmac.h>
+#include <openssl/sha.h>
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+namespace {
+// Copies of OpenSSL after 1.1.0 define new EVP digest routines. We must
+// polyfill used definitions to interact with older OpenSSL versions.
+EVP_MD_CTX* EVP_MD_CTX_new() {
+    void* ret = OPENSSL_malloc(sizeof(EVP_MD_CTX));
+
+    if (ret != NULL) {
+        memset(ret, 0, sizeof(EVP_MD_CTX));
+    }
+    return static_cast<EVP_MD_CTX*>(ret);
+}
+
+void EVP_MD_CTX_free(EVP_MD_CTX* ctx) {
+    EVP_MD_CTX_cleanup(ctx);
+    OPENSSL_free(ctx);
+}
+}  // namespace
+#endif
 
 namespace mongo {
 namespace crypto {
@@ -45,19 +67,12 @@ namespace crypto {
  * Computes a SHA-1 hash of 'input'.
  */
 bool sha1(const unsigned char* input, const size_t inputLen, unsigned char* output) {
-    EVP_MD_CTX digestCtx;
-    EVP_MD_CTX_init(&digestCtx);
-    ON_BLOCK_EXIT(EVP_MD_CTX_cleanup, &digestCtx);
-
-    if (1 != EVP_DigestInit_ex(&digestCtx, EVP_sha1(), NULL)) {
-        return false;
-    }
-
-    if (1 != EVP_DigestUpdate(&digestCtx, input, inputLen)) {
-        return false;
-    }
+    std::unique_ptr<EVP_MD_CTX, decltype(&EVP_MD_CTX_free)> digestCtx(EVP_MD_CTX_new(),
+                                                                      EVP_MD_CTX_free);
 
-    return (1 == EVP_DigestFinal_ex(&digestCtx, output, NULL));
+    return (EVP_DigestInit_ex(digestCtx.get(), EVP_sha1(), NULL) == 1 &&
+            EVP_DigestUpdate(digestCtx.get(), input, inputLen) == 1 &&
+            EVP_DigestFinal_ex(digestCtx.get(), output, NULL) == 1);
 }
 
 /*
diff --git a/src/mongo/util/net/ssl_manager.cpp b/src/mongo/util/net/ssl_manager.cpp
index 7057bf3c004..a8c025df700 100644
--- a/src/mongo/util/net/ssl_manager.cpp
+++ b/src/mongo/util/net/ssl_manager.cpp
@@ -709,7 +709,7 @@ unsigned long long SSLManager::_convertASN1ToMillis(ASN1_TIME* asn1time) {
 bool SSLManager::_parseAndValidateCertificate(const std::string& keyFile,
                                               std::string* subjectName,
                                               Date_t* serverCertificateExpirationDate) {
-    BIO* inBIO = BIO_new(BIO_s_file_internal());
+    BIO* inBIO = BIO_new(BIO_s_file());
     if (inBIO == NULL) {
         error() << "failed to allocate BIO object: " << getSSLErrorMessage(ERR_get_error());
         return false;