security: Add support for OpenSSL 1.1.0 API

Change-Id: I8deb4c5c5cbc1755b492ccd12707d83764a91ad7
Refs: #3757
diff --git a/src/security/detail/openssl-helper.cpp b/src/security/detail/openssl-helper.cpp
index 3a7140d..8f8422a 100644
--- a/src/security/detail/openssl-helper.cpp
+++ b/src/security/detail/openssl-helper.cpp
@@ -63,7 +63,11 @@
   EVP_PKEY_CTX_free(m_ctx);
 }
 
+#if OPENSSL_VERSION_NUMBER < 0x1010000fL
 Bio::Bio(BIO_METHOD* method)
+#else
+Bio::Bio(const BIO_METHOD* method)
+#endif // OPENSSL_VERSION_NUMBER < 0x1010000fL
   : m_bio(BIO_new(method))
 {
   BOOST_ASSERT(m_bio != nullptr);
diff --git a/src/security/detail/openssl-helper.hpp b/src/security/detail/openssl-helper.hpp
index d74bcf6..50f21bc 100644
--- a/src/security/detail/openssl-helper.hpp
+++ b/src/security/detail/openssl-helper.hpp
@@ -80,7 +80,11 @@
 {
 public:
   explicit
+#if OPENSSL_VERSION_NUMBER < 0x1010000fL
   Bio(BIO_METHOD* method);
+#else
+  Bio(const BIO_METHOD* method);
+#endif // OPENSSL_VERSION_NUMBER < 0x1010000fL
 
   ~Bio();
 
diff --git a/src/security/transform/hmac-filter.cpp b/src/security/transform/hmac-filter.cpp
index 10dc0a7..d45cd85 100644
--- a/src/security/transform/hmac-filter.cpp
+++ b/src/security/transform/hmac-filter.cpp
@@ -29,6 +29,7 @@
 class HmacFilter::Impl
 {
 public:
+#if OPENSSL_VERSION_NUMBER < 0x1010000fL
   Impl()
   {
     HMAC_CTX_init(&m_context);
@@ -39,8 +40,32 @@
     HMAC_CTX_cleanup(&m_context);
   }
 
-public:
+  operator HMAC_CTX*()
+  {
+    return &m_context;
+  }
+
+private:
   HMAC_CTX m_context;
+#else
+  Impl()
+    : m_context(HMAC_CTX_new())
+  {
+  }
+
+  ~Impl()
+  {
+    HMAC_CTX_free(m_context);
+  }
+
+  operator HMAC_CTX*()
+  {
+    return m_context;
+  }
+
+private:
+  HMAC_CTX* m_context;
+#endif // OPENSSL_VERSION_NUMBER < 0x1010000fL
 };
 
 HmacFilter::HmacFilter(DigestAlgorithm algo, const uint8_t* key, size_t keyLen)
@@ -53,14 +78,14 @@
   if (algorithm == nullptr)
     BOOST_THROW_EXCEPTION(Error(getIndex(), "Unsupported digest algorithm"));
 
-  if (HMAC_Init_ex(&m_impl->m_context, key, keyLen, algorithm, nullptr) == 0)
+  if (HMAC_Init_ex(*m_impl, key, keyLen, algorithm, nullptr) == 0)
     BOOST_THROW_EXCEPTION(Error(getIndex(), "Cannot initialize HMAC"));
 }
 
 size_t
 HmacFilter::convert(const uint8_t* buf, size_t size)
 {
-  if (HMAC_Update(&m_impl->m_context, buf, size) == 0)
+  if (HMAC_Update(*m_impl, buf, size) == 0)
     BOOST_THROW_EXCEPTION(Error(getIndex(), "Failed to update HMAC"));
 
   return size;
@@ -72,7 +97,7 @@
   auto buffer = make_unique<OBuffer>(EVP_MAX_MD_SIZE);
   unsigned int mdLen = 0;
 
-  if (HMAC_Final(&m_impl->m_context, &(*buffer)[0], &mdLen) == 0)
+  if (HMAC_Final(*m_impl, &(*buffer)[0], &mdLen) == 0)
     BOOST_THROW_EXCEPTION(Error(getIndex(), "Failed to finalize HMAC"));
 
   buffer->erase(buffer->begin() + mdLen, buffer->end());
diff --git a/src/security/transform/private-key.cpp b/src/security/transform/private-key.cpp
index 0c61817..8dfef00 100644
--- a/src/security/transform/private-key.cpp
+++ b/src/security/transform/private-key.cpp
@@ -241,7 +241,11 @@
 {
   ENSURE_PRIVATE_KEY_LOADED(m_impl->key);
 
+#if OPENSSL_VERSION_NUMBER < 0x1010000fL
   switch (EVP_PKEY_type(m_impl->key->type)) {
+#else
+  switch (EVP_PKEY_base_id(m_impl->key)) {
+#endif // OPENSSL_VERSION_NUMBER < 0x1010000fL
   case EVP_PKEY_RSA:
     return rsaDecrypt(cipherText, cipherLen);
   default:
diff --git a/src/security/transform/public-key.cpp b/src/security/transform/public-key.cpp
index a0116e9..3232e5e 100644
--- a/src/security/transform/public-key.cpp
+++ b/src/security/transform/public-key.cpp
@@ -67,7 +67,11 @@
 {
   ENSURE_PUBLIC_KEY_LOADED(m_impl->key);
 
+#if OPENSSL_VERSION_NUMBER < 0x1010000fL
   switch (EVP_PKEY_type(m_impl->key->type)) {
+#else
+  switch (EVP_PKEY_base_id(m_impl->key)) {
+#endif // OPENSSL_VERSION_NUMBER < 0x1010000fL
   case EVP_PKEY_RSA:
     return KeyType::RSA;
   case EVP_PKEY_EC:
@@ -137,7 +141,11 @@
 {
   ENSURE_PUBLIC_KEY_LOADED(m_impl->key);
 
+#if OPENSSL_VERSION_NUMBER < 0x1010000fL
   switch (EVP_PKEY_type(m_impl->key->type)) {
+#else
+  switch (EVP_PKEY_base_id(m_impl->key)) {
+#endif // OPENSSL_VERSION_NUMBER < 0x1010000fL
   case EVP_PKEY_RSA:
     return rsaEncrypt(plainText, plainLen);
   default:
diff --git a/tests/unit-tests/util/random.t.cpp b/tests/unit-tests/util/random.t.cpp
index 18af4ff..62949b6 100644
--- a/tests/unit-tests/util/random.t.cpp
+++ b/tests/unit-tests/util/random.t.cpp
@@ -158,10 +158,18 @@
   }
 
 private: // RAND_METHOD callbacks
+#if OPENSSL_VERSION_NUMBER < 0x1010000fL
   static void
   seed(const void* buf, int num)
   {
   }
+#else
+  static int
+  seed(const void* buf, int num)
+  {
+    return 0;
+  }
+#endif // OPENSSL_VERSION_NUMBER < 0x1010000fL
 
   static int
   bytes(unsigned char *buf, int num)
@@ -174,10 +182,18 @@
   {
   }
 
+#if OPENSSL_VERSION_NUMBER < 0x1010000fL
   static void
   add(const void *buf, int num, double entropy)
   {
   }
+#else
+  static int
+  add(const void *buf, int num, double entropy)
+  {
+    return 0;
+  }
+#endif // OPENSSL_VERSION_NUMBER < 0x1010000fL
 
   static int
   pseudorand(unsigned char *buf, int num)