From 11ecda9d73c5cd80f0b1ae3dd8a276af2c6e8dc1 Mon Sep 17 00:00:00 2001
From: Nirbheek Chauhan <nirbheek@centricular.com>
Date: Wed, 25 May 2022 16:03:22 +0530
Subject: [PATCH] dtls: Disable OpenSSL 3.0 deprecation warnings for now

Fedora 36 ships with OpenSSL 3.0, which deprecates all low-level APIs,
so this code needs to be rewritten. There is no easy fix in the
porting guide, and it recommends disabling the warnings if you can't
use the high-level API.

https://wiki.openssl.org/index.php/OpenSSL_3.0#Upgrading_to_OpenSSL_3.0_from_OpenSSL_1.1.1

Here's the replacement API:

https://www.openssl.org/docs/man3.0/man7/migration_guide.html#Deprecated-low-level-object-creation

Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/2494>
---
 .../gst-plugins-bad/ext/dtls/gstdtlscertificate.c        | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/subprojects/gst-plugins-bad/ext/dtls/gstdtlscertificate.c b/subprojects/gst-plugins-bad/ext/dtls/gstdtlscertificate.c
index d7411c8..9b31464 100644
--- a/subprojects/gst-plugins-bad/ext/dtls/gstdtlscertificate.c
+++ b/subprojects/gst-plugins-bad/ext/dtls/gstdtlscertificate.c
@@ -221,14 +221,24 @@ init_generated (GstDtlsCertificate * self)
 #if OPENSSL_VERSION_NUMBER < 0x10100001L
   rsa = RSA_generate_key (2048, RSA_F4, NULL, NULL);
 #else
+  /*
+   * OpenSSL 3.0 deprecated all low-level APIs, so we need to rewrite this code
+   * to get rid of the warnings. The porting guide explicitly recommends
+   * disabling the warnings if this is not feasible, so let's do that for now:
+   * https://wiki.openssl.org/index.php/OpenSSL_3.0#Upgrading_to_OpenSSL_3.0_from_OpenSSL_1.1.1
+   */
+  G_GNUC_BEGIN_IGNORE_DEPRECATIONS;
   rsa = RSA_new ();
+  G_GNUC_END_IGNORE_DEPRECATIONS;
   if (rsa != NULL) {
     BIGNUM *e = BN_new ();
+    G_GNUC_BEGIN_IGNORE_DEPRECATIONS;
     if (e == NULL || !BN_set_word (e, RSA_F4)
         || !RSA_generate_key_ex (rsa, 2048, e, NULL)) {
       RSA_free (rsa);
       rsa = NULL;
     }
+    G_GNUC_END_IGNORE_DEPRECATIONS;
     if (e)
       BN_free (e);
   }
@@ -236,16 +246,20 @@ init_generated (GstDtlsCertificate * self)
 
   if (!rsa) {
     GST_WARNING_OBJECT (self, "failed to generate RSA");
+    G_GNUC_BEGIN_IGNORE_DEPRECATIONS;
     EVP_PKEY_free (priv->private_key);
+    G_GNUC_END_IGNORE_DEPRECATIONS;
     priv->private_key = NULL;
     X509_free (priv->x509);
     priv->x509 = NULL;
     return;
   }
 
+  G_GNUC_BEGIN_IGNORE_DEPRECATIONS;
   if (!EVP_PKEY_assign_RSA (priv->private_key, rsa)) {
     GST_WARNING_OBJECT (self, "failed to assign RSA");
     RSA_free (rsa);
+    G_GNUC_END_IGNORE_DEPRECATIONS;
     rsa = NULL;
     EVP_PKEY_free (priv->private_key);
     priv->private_key = NULL;
@@ -259,7 +273,9 @@ init_generated (GstDtlsCertificate * self)
 
   /* Set a random 64 bit integer as serial number */
   serial_number = BN_new ();
+  G_GNUC_BEGIN_IGNORE_DEPRECATIONS;
   BN_pseudo_rand (serial_number, 64, 0, 0);
+  G_GNUC_END_IGNORE_DEPRECATIONS;
   asn1_serial_number = X509_get_serialNumber (priv->x509);
   BN_to_ASN1_INTEGER (serial_number, asn1_serial_number);
   BN_free (serial_number);
-- 
2.7.4