8 files changed, 127 insertions, 78 deletions
diff --git a/appveyor.yml b/appveyor.yml
index 093113f7..d75eff77 100644
--- a/appveyor.yml
+++ b/appveyor.yml
@@ -18,7 +18,7 @@ configuration:
 environment:
   VisualStudioVersion: 11.0
   Generator_Base: Visual Studio 11 2012
-  OPENSSL_VERSION: 1.0.2f
+  OPENSSL_VERSION: 1.1.0f
   PCRE_VERSION: 8.38
   CMAKE_UNIBUILD_DIR: '%APPVEYOR_BUILD_FOLDER%\..\cmake'
   BOXBACKUP_VERSION_BASE: 0.12
diff --git a/infrastructure/cmake/CMakeLists.txt b/infrastructure/cmake/CMakeLists.txt
index 25015452..65f59eb8 100644
--- a/infrastructure/cmake/CMakeLists.txt
+++ b/infrastructure/cmake/CMakeLists.txt
@@ -407,7 +407,26 @@ else()
 endif()
 
 # Link to OpenSSL
-find_package(OpenSSL REQUIRED)
+# Workaround for incorrect library suffixes searched by FindOpenSSL:
+# https://gitlab.kitware.com/cmake/cmake/issues/17604
+if(WIN32 AND MSVC)
+	find_package(OpenSSL)
+	set(OPENSSL_SSL_LIBRARY ${SSL_EAY_RELEASE})
+	set(OPENSSL_CRYPTO_LIBRARY ${LIB_EAY_RELEASE})
+	set(OPENSSL_LIBRARIES ${OPENSSL_SSL_LIBRARY} ${OPENSSL_CRYPTO_LIBRARY} crypt32)
+	find_package_handle_standard_args(OpenSSL
+	REQUIRED_VARS
+		OPENSSL_SSL_LIBRARY
+		OPENSSL_CRYPTO_LIBRARY
+		OPENSSL_INCLUDE_DIR
+	VERSION_VAR
+		OPENSSL_VERSION
+	FAIL_MESSAGE
+		"Could NOT find OpenSSL, try to set the path to OpenSSL root folder in the system variable OPENSSL_ROOT_DIR"
+	)
+else()
+	find_package(OpenSSL REQUIRED)
+endif()
 include_directories(${OPENSSL_INCLUDE_DIR})
 target_link_libraries(lib_crypto PUBLIC ${OPENSSL_LIBRARIES})
 
diff --git a/infrastructure/cmake/windows/CMakeLists.txt b/infrastructure/cmake/windows/CMakeLists.txt
index 0fbe35e3..49a1ea4d 100644
--- a/infrastructure/cmake/windows/CMakeLists.txt
+++ b/infrastructure/cmake/windows/CMakeLists.txt
@@ -15,9 +15,9 @@ set(ZLIB_VERSION    1.2.11)
 set(ZLIB_HASH SHA256=c3e5e9fdd5004dcb542feda5ee4f0ff0744628baf8ed2dd5d66f8ca1197cb1a1)
 
 # Version of OpenSSL to download, build, and compile Box Backup against:
-set(OPENSSL_VERSION 1.0.2j)
+set(OPENSSL_VERSION 1.1.0g)
 # Hash of openssl-${OPENSSL_VERSION}.tar.gz, to be verified after download:
-set(OPENSSL_HASH SHA256=e7aff292be21c259c6af26469c7a9b3ba26e9abaaffd325e3dccc9785256c431)
+set(OPENSSL_HASH SHA256=de4d501267da39310905cb6dc8c6121f7a2cad45a7707f76df828fe1b85073af)
 
 # Version of PCRE to download, build, and compile Box Backup against:
 set(PCRE_VERSION    8.39)
@@ -49,15 +49,21 @@ if(WIN32)
 		URL "https://www.openssl.org/source/openssl-${OPENSSL_VERSION}.tar.gz"
 		URL_HASH ${OPENSSL_HASH}
 		DOWNLOAD_NO_PROGRESS 1
-		CONFIGURE_COMMAND perl Configure debug-VC-WIN32 no-asm --prefix=${install_dir}
-		COMMAND cmd /c ms\\do_ms.bat
+		CONFIGURE_COMMAND perl Configure debug-VC-WIN32 no-asm no-shared
+			--prefix=${install_dir}
+			--openssldir=etc
+		# Run tests before install, but don't make the main target depend on them, so that
+		# we don't have to run them whenever we build manually on Windows.
+		TEST_BEFORE_INSTALL 1
+		TEST_EXCLUDE_FROM_MAIN 1
 		# You would expect us to use nt.mak to compile a static library here, but mk1mf.pl uses the /MT[d]
 		# CRT in that case, which is incompatible with our dynamic runtime, /MD[d]. It seems that the libs
 		# built by ntdll.mak, which are compiled with /MD[d], are full libraries and not import libs,
 		# so we can link statically against them and still get a dynamic runtime.
 		BUILD_IN_SOURCE 1
-		BUILD_COMMAND   nmake /s /f ms\\nt.mak
-		INSTALL_COMMAND nmake /s /f ms\\nt.mak install
+		BUILD_COMMAND   nmake /s
+		TEST_COMMAND    nmake /s test
+		INSTALL_COMMAND nmake /s install
 	)
 elseif(${CMAKE_SYSTEM_NAME} MATCHES "Darwin")
 	ExternalProject_Add(openssl
diff --git a/lib/crypto/CipherContext.cpp b/lib/crypto/CipherContext.cpp
index fd149395..3f9a08b7 100644
--- a/lib/crypto/CipherContext.cpp
+++ b/lib/crypto/CipherContext.cpp
@@ -2,7 +2,7 @@
 //
 // File
 //		Name:    CipherContext.cpp
-//		Purpose: Context for symmetric encryption / descryption
+//		Purpose: Context for symmetric encryption / decryption
 //		Created: 1/12/03
 //
 // --------------------------------------------------------------------------
@@ -50,7 +50,7 @@ CipherContext::~CipherContext()
 	if(mInitialised)
 	{
 		// Clean up
-		EVP_CIPHER_CTX_cleanup(&ctx);
+		BOX_OPENSSL_CLEANUP_CTX(ctx);
 		mInitialised = false;
 	}
 #ifdef HAVE_OLD_SSL
@@ -98,7 +98,7 @@ void CipherContext::Init(CipherContext::CipherFunction Function, const CipherDes
 	// Check for bad usage
 	if(mInitialised)
 	{
-		THROW_EXCEPTION(CipherException, AlreadyInitialised)
+		THROW_EXCEPTION(CipherException, AlreadyInitialised);
 	}
 	if(Function != Decrypt && Function != Encrypt)
 	{
@@ -109,20 +109,21 @@ void CipherContext::Init(CipherContext::CipherFunction Function, const CipherDes
 	mFunction = Function;
 
 	// Initialise the cipher
-#ifndef HAVE_OLD_SSL
-	EVP_CIPHER_CTX_init(&ctx); // no error return code, even though the docs says it does
-
-	if(EVP_CipherInit_ex(&ctx, rDescription.GetCipher(), NULL, NULL, NULL,
-		(mFunction == Encrypt) ? 1 : 0) != 1)
-#else
+#ifdef HAVE_OLD_SSL
 	// Use old version of init call
 	if(EVP_CipherInit(&ctx, rDescription.GetCipher(), NULL, NULL,
 		(mFunction == Encrypt) ? 1 : 0) != 1)
+#else
+	BOX_OPENSSL_INIT_CTX(ctx);
+
+	// Don't set key or IV yet, because we will modify the parameters:
+	if(EVP_CipherInit_ex(BOX_OPENSSL_CTX(ctx), rDescription.GetCipher(), NULL, NULL, NULL,
+		(mFunction == Encrypt) ? 1 : 0) != 1)
 #endif
 	{
 		THROW_EXCEPTION_MESSAGE(CipherException, EVPInitFailure,
 			"Failed to initialise " << rDescription.GetFullName()
-			<< "cipher: " << LogError("initialising cipher"));
+			<< ": " << LogError("initialising cipher"));
 	}
 	
 	try
@@ -130,22 +131,22 @@ void CipherContext::Init(CipherContext::CipherFunction Function, const CipherDes
 		mCipherName = rDescription.GetFullName();
 #ifndef HAVE_OLD_SSL
 		// Let the description set up everything else
-		rDescription.SetupParameters(&ctx);
+		mpDescription = &rDescription;
 #else
 		// With the old version, a copy needs to be taken first.
 		mpDescription = rDescription.Clone();
 		// Mark it as not a leak, otherwise static cipher contexts
 		// cause spurious memory leaks to be reported
 		MEMLEAKFINDER_NOT_A_LEAK(mpDescription);
-		mpDescription->SetupParameters(&ctx);
 #endif
+		mpDescription->SetupParameters(BOX_OPENSSL_CTX(ctx));
 	}
 	catch(...)
 	{
 		THROW_EXCEPTION_MESSAGE(CipherException, EVPInitFailure,
-			"Failed to configure " << mCipherName << " cipher: " <<
+			"Failed to configure " << mCipherName << ": " <<
 			LogError("configuring cipher"));
-		EVP_CIPHER_CTX_cleanup(&ctx);
+		BOX_OPENSSL_CLEANUP_CTX(ctx);
 		throw;
 	}
 
@@ -166,7 +167,7 @@ void CipherContext::Reset()
 	if(mInitialised)
 	{
 		// Clean up
-		EVP_CIPHER_CTX_cleanup(&ctx);
+		EVP_CIPHER_CTX_cleanup(BOX_OPENSSL_CTX(ctx));
 		mInitialised = false;
 	}
 #ifdef HAVE_OLD_SSL
@@ -192,24 +193,21 @@ void CipherContext::Begin()
 {
 	if(!mInitialised)
 	{
-		THROW_EXCEPTION(CipherException, NotInitialised)
+		THROW_EXCEPTION(CipherException, NotInitialised);
 	}
 
-	// Warn if in a transformation (not an error, because a context might not have been finalised if an exception occured)
 	if(mWithinTransform)
 	{
-		BOX_WARNING("CipherContext::Begin called when context "
-			"flagged as within a transform");
+		THROW_EXCEPTION(CipherException, AlreadyInTransform);
 	}
 
-	// Initialise the cipher context again
-	if(EVP_CipherInit(&ctx, NULL, NULL, NULL, -1) != 1)
+	if(EVP_CipherInit_ex(BOX_OPENSSL_CTX(ctx), NULL, NULL, NULL, NULL,
+		-1) != 1)
 	{
 		THROW_EXCEPTION_MESSAGE(CipherException, EVPInitFailure,
-			"Failed to reset " << mCipherName << " cipher: " <<
-			LogError("resetting cipher"));
+			"Failed to set IV for " << mCipherName << ": " << LogError(GetFunction()));
 	}
-	
+
 	// Mark as being within a transform
 	mWithinTransform = true;
 }
@@ -251,18 +249,18 @@ int CipherContext::Transform(void *pOutBuffer, int OutLength, const void *pInBuf
 	}
 	
 	// Check output buffer size
-	if(OutLength < (InLength + EVP_CIPHER_CTX_block_size(&ctx)))
+	if(OutLength < (InLength + EVP_CIPHER_CTX_block_size(BOX_OPENSSL_CTX(ctx))))
 	{
 		THROW_EXCEPTION(CipherException, OutputBufferTooSmall);
 	}
 	
 	// Do the transform
 	int outLength = OutLength;
-	if(EVP_CipherUpdate(&ctx, (unsigned char*)pOutBuffer, &outLength, (unsigned char*)pInBuffer, InLength) != 1)
+	if(EVP_CipherUpdate(BOX_OPENSSL_CTX(ctx), (unsigned char*)pOutBuffer, &outLength,
+		(unsigned char*)pInBuffer, InLength) != 1)
 	{
 		THROW_EXCEPTION_MESSAGE(CipherException, EVPUpdateFailure,
-			"Failed to " << GetFunction() << " (update) " <<
-			mCipherName << " cipher: " << LogError(GetFunction()));
+			"Failed to update " << mCipherName << ": " << LogError(GetFunction()));
 	}
 
 	return outLength;
@@ -300,7 +298,7 @@ int CipherContext::Final(void *pOutBuffer, int OutLength)
 	}
 
 	// Check output buffer size
-	if(OutLength < (2 * EVP_CIPHER_CTX_block_size(&ctx)))
+	if(OutLength < (2 * EVP_CIPHER_CTX_block_size(BOX_OPENSSL_CTX(ctx))))
 	{
 		THROW_EXCEPTION(CipherException, OutputBufferTooSmall);
 	}
@@ -308,12 +306,11 @@ int CipherContext::Final(void *pOutBuffer, int OutLength)
 	// Do the transform
 	int outLength = OutLength;
 #ifndef HAVE_OLD_SSL
-	if(EVP_CipherFinal(&ctx, (unsigned char*)pOutBuffer, &outLength) != 1)
+	if(EVP_CipherFinal(BOX_OPENSSL_CTX(ctx), (unsigned char*)pOutBuffer, &outLength) != 1)
 	{
 		mWithinTransform = false;
 		THROW_EXCEPTION_MESSAGE(CipherException, EVPFinalFailure,
-			"Failed to " << GetFunction() << " (final) " <<
-			mCipherName << " cipher: " << LogError(GetFunction()));
+			"Failed to finalise " << mCipherName << ": " << LogError(GetFunction()));
 	}
 #else
 	OldOpenSSLFinal((unsigned char*)pOutBuffer, outLength);
@@ -340,11 +337,11 @@ void CipherContext::OldOpenSSLFinal(unsigned char *Buffer, int &rOutLengthOut)
 	// Old version needs to use a different form, and then set up the cipher again for next time around
 	int outLength = rOutLengthOut;
 	// Have to emulate padding off...
-	int blockSize = EVP_CIPHER_CTX_block_size(&ctx);
+	int blockSize = EVP_CIPHER_CTX_block_size(ctx);
 	if(mPaddingOn)
 	{
 		// Just use normal final call
-		if(EVP_CipherFinal(&ctx, Buffer, &outLength) != 1)
+		if(EVP_CipherFinal(ctx, Buffer, &outLength) != 1)
 		{
 			THROW_EXCEPTION(CipherException, EVPFinalFailure)
 		}
@@ -357,13 +354,13 @@ void CipherContext::OldOpenSSLFinal(unsigned char *Buffer, int &rOutLengthOut)
 		{
 			// NASTY -- fiddling around with internals like this is bad.
 			// But only way to get this working on old versions of OpenSSL.
-			if(!EVP_EncryptUpdate(&ctx,Buffer,&outLength,ctx.buf,0)
+			if(!EVP_EncryptUpdate(ctx,Buffer,&outLength,ctx.buf,0)
 				|| outLength != blockSize)
 			{
 				THROW_EXCEPTION(CipherException, EVPFinalFailure)
 			}
 			// Clean up
-			EVP_CIPHER_CTX_cleanup(&ctx);
+			EVP_CIPHER_CTX_free(ctx);
 		}
 		else
 		{
@@ -391,7 +388,7 @@ void CipherContext::OldOpenSSLFinal(unsigned char *Buffer, int &rOutLengthOut)
 		}
 	}
 	// Reinitialise the cipher for the next time around
-	if(EVP_CipherInit(&ctx, mpDescription->GetCipher(), NULL, NULL,
+	if(EVP_CipherInit_ex(&ctx, mpDescription->GetCipher(), NULL, NULL, NULL,
 		(mFunction == Encrypt) ? 1 : 0) != 1)
 	{
 		THROW_EXCEPTION(CipherException, EVPInitFailure)
@@ -421,7 +418,7 @@ int CipherContext::InSizeForOutBufferSize(int OutLength)
 
 	// Strictly speaking, the *2 is unnecessary. However... 
 	// Final() is paranoid, and requires two input blocks of space to work.
-	return OutLength - (EVP_CIPHER_CTX_block_size(&ctx) * 2);
+	return OutLength - (EVP_CIPHER_CTX_block_size(BOX_OPENSSL_CTX(ctx)) * 2);
 }
 
 // --------------------------------------------------------------------------
@@ -442,7 +439,7 @@ int CipherContext::MaxOutSizeForInBufferSize(int InLength)
 
 	// Final() is paranoid, and requires two input blocks of space to work, and so we need to add
 	// three blocks on to be absolutely sure.
-	return InLength + (EVP_CIPHER_CTX_block_size(&ctx) * 3);
+	return InLength + (EVP_CIPHER_CTX_block_size(BOX_OPENSSL_CTX(ctx)) * 3);
 }
 
 
@@ -460,7 +457,7 @@ int CipherContext::TransformBlock(void *pOutBuffer, int OutLength, const void *p
 	{
 		THROW_EXCEPTION(CipherException, NotInitialised)
 	}
-	
+
 	// Warn if in a transformation
 	if(mWithinTransform)
 	{
@@ -469,7 +466,7 @@ int CipherContext::TransformBlock(void *pOutBuffer, int OutLength, const void *p
 	}
 
 	// Check output buffer size
-	if(OutLength < (InLength + EVP_CIPHER_CTX_block_size(&ctx)))
+	if(OutLength < (InLength + EVP_CIPHER_CTX_block_size(BOX_OPENSSL_CTX(ctx))))
 	{
 		// Check if padding is off, in which case the buffer can be smaller
 		if(!mPaddingOn && OutLength <= InLength)
@@ -481,40 +478,40 @@ int CipherContext::TransformBlock(void *pOutBuffer, int OutLength, const void *p
 			THROW_EXCEPTION(CipherException, OutputBufferTooSmall);
 		}
 	}
-	
+
 	// Initialise the cipher context again
-	if(EVP_CipherInit(&ctx, NULL, NULL, NULL, -1) != 1)
+	if(EVP_CipherInit_ex(BOX_OPENSSL_CTX(ctx), NULL, NULL, NULL, NULL, -1) != 1)
 	{
 		THROW_EXCEPTION(CipherException, EVPInitFailure)
 	}
 	
 	// Do the entire block
-	int outLength = 0;
+	int output_space_used = OutLength;
 
 	// Update
-	outLength = OutLength;
-	if(EVP_CipherUpdate(&ctx, (unsigned char*)pOutBuffer, &outLength, (unsigned char*)pInBuffer, InLength) != 1)
+	if(EVP_CipherUpdate(BOX_OPENSSL_CTX(ctx), (unsigned char*)pOutBuffer, &output_space_used,
+		(unsigned char*)pInBuffer, InLength) != 1)
 	{
 		THROW_EXCEPTION_MESSAGE(CipherException, EVPUpdateFailure,
-			"Failed to " << GetFunction() << " (update) " <<
-			mCipherName << " cipher: " << LogError(GetFunction()));
+			"Failed to update " << mCipherName << ": " << LogError(GetFunction()));
 	}
 
 	// Finalise
-	int outLength2 = OutLength - outLength;
-#ifndef HAVE_OLD_SSL
-	if(EVP_CipherFinal(&ctx, ((unsigned char*)pOutBuffer) + outLength, &outLength2) != 1)
+	int output_space_remain = OutLength - output_space_used;
+
+#ifdef HAVE_OLD_SSL
+	OldOpenSSLFinal(((unsigned char*)pOutBuffer) + output_space_used, output_space_remain);
+#else
+	if(EVP_CipherFinal(BOX_OPENSSL_CTX(ctx), ((unsigned char*)pOutBuffer) + output_space_used,
+		&output_space_remain) != 1)
 	{
 		THROW_EXCEPTION_MESSAGE(CipherException, EVPFinalFailure,
-			"Failed to " << GetFunction() << " (final) " <<
-			mCipherName << " cipher: " << LogError(GetFunction()));
+			"Failed to finalise " << mCipherName << ": " << LogError(GetFunction()));
 	}
-#else
-	OldOpenSSLFinal(((unsigned char*)pOutBuffer) + outLength, outLength2);
 #endif
-	outLength += outLength2;
 
-	return outLength;
+	mWithinTransform = false;
+	return output_space_used + output_space_remain;
 }
 
 
@@ -533,7 +530,7 @@ int CipherContext::GetIVLength()
 		THROW_EXCEPTION(CipherException, NotInitialised)
 	}
 	
-	return EVP_CIPHER_CTX_iv_length(&ctx);
+	return EVP_CIPHER_CTX_iv_length(BOX_OPENSSL_CTX(ctx));
 }
 
 
@@ -560,11 +557,10 @@ void CipherContext::SetIV(const void *pIV)
 	}
 
 	// Set IV
-	if(EVP_CipherInit(&ctx, NULL, NULL, (unsigned char *)pIV, -1) != 1)
+	if(EVP_CipherInit_ex(BOX_OPENSSL_CTX(ctx), NULL, NULL, NULL, (unsigned char *)pIV, -1) != 1)
 	{
 		THROW_EXCEPTION_MESSAGE(CipherException, EVPInitFailure,
-			"Failed to " << GetFunction() << " (set IV) " <<
-			mCipherName << " cipher: " << LogError(GetFunction()));
+			"Failed to set IV for " << mCipherName << ": " << LogError(GetFunction()));
 	}
 
 #ifdef HAVE_OLD_SSL
@@ -601,7 +597,7 @@ const void *CipherContext::SetRandomIV(int &rLengthOut)
 	}
 
 	// Get length of IV
-	unsigned int ivLen = EVP_CIPHER_CTX_iv_length(&ctx);
+	unsigned int ivLen = EVP_CIPHER_CTX_iv_length(BOX_OPENSSL_CTX(ctx));
 	if(ivLen > sizeof(mGeneratedIV))
 	{
 		THROW_EXCEPTION(CipherException, IVSizeImplementationLimitExceeded)
@@ -628,9 +624,11 @@ const void *CipherContext::SetRandomIV(int &rLengthOut)
 void CipherContext::UsePadding(bool Padding)
 {
 #ifndef HAVE_OLD_SSL
-	if(EVP_CIPHER_CTX_set_padding(&ctx, Padding) != 1)
+	if(EVP_CIPHER_CTX_set_padding(BOX_OPENSSL_CTX(ctx), Padding) != 1)
 	{
-		THROW_EXCEPTION(CipherException, EVPSetPaddingFailure)
+		THROW_EXCEPTION_MESSAGE(CipherException, EVPSetPaddingFailure,
+			"Failed to set padding for " << mCipherName << ": " <<
+			LogError(GetFunction()));
 	}
 #endif
 	mPaddingOn = Padding;
diff --git a/lib/crypto/CipherContext.h b/lib/crypto/CipherContext.h
index 93c889d6..a0e45266 100644
--- a/lib/crypto/CipherContext.h
+++ b/lib/crypto/CipherContext.h
@@ -19,6 +19,22 @@ class CipherDescription;
 
 #define CIPHERCONTEXT_MAX_GENERATED_IV_LENGTH		32
 
+// Macros to allow compatibility with OpenSSL 1.0 and 1.1 APIs. See
+// https://github.com/charybdis-ircd/charybdis/blob/release/3.5/libratbox/src/openssl_ratbox.h
+// for the gory details.
+#if defined(LIBRESSL_VERSION_NUMBER) || (OPENSSL_VERSION_NUMBER >= 0x10100000L) // OpenSSL >= 1.1
+#	define BOX_OPENSSL_INIT_CTX(ctx) ctx = EVP_CIPHER_CTX_new();
+#	define BOX_OPENSSL_CTX(ctx) ctx
+#	define BOX_OPENSSL_CLEANUP_CTX(ctx) EVP_CIPHER_CTX_free(ctx)
+typedef EVP_CIPHER_CTX* BOX_EVP_CIPHER_CTX;
+#else // OpenSSL < 1.1
+#	define BOX_OPENSSL_INIT_CTX(ctx) EVP_CIPHER_CTX_init(&ctx); // no error return code, even though the docs says it does
+#	define BOX_OPENSSL_CTX(ctx) &ctx
+#	define BOX_OPENSSL_CLEANUP_CTX(ctx) EVP_CIPHER_CTX_cleanup(&ctx)
+typedef EVP_CIPHER_CTX BOX_EVP_CIPHER_CTX;
+#endif
+
+
 // --------------------------------------------------------------------------
 //
 // Class
@@ -74,16 +90,14 @@ public:
 #endif
 	
 private:
-	EVP_CIPHER_CTX ctx;
+	BOX_EVP_CIPHER_CTX ctx;
 	bool mInitialised;
 	bool mWithinTransform;
 	bool mPaddingOn;
 	uint8_t mGeneratedIV[CIPHERCONTEXT_MAX_GENERATED_IV_LENGTH];
 	CipherFunction mFunction;
 	std::string mCipherName;
-#ifdef HAVE_OLD_SSL
-	CipherDescription *mpDescription;
-#endif
+	const CipherDescription *mpDescription;
 };
 
 
diff --git a/lib/crypto/CipherException.txt b/lib/crypto/CipherException.txt
index abdbac87..494ed3cc 100644
--- a/lib/crypto/CipherException.txt
+++ b/lib/crypto/CipherException.txt
@@ -16,3 +16,4 @@ PseudoRandNotAvailable				12
 EVPSetPaddingFailure				13
 RandomInitFailed					14	Failed to read from random device
 LengthRequestedTooLongForRandomHex	15
+AlreadyInTransform			16	Tried to initialise crypto when already in a transform
diff --git a/lib/server/TLSContext.cpp b/lib/server/TLSContext.cpp
index 35e254fd..1a6d4a53 100644
--- a/lib/server/TLSContext.cpp
+++ b/lib/server/TLSContext.cpp
@@ -23,6 +23,17 @@
 #define MAX_VERIFICATION_DEPTH		2
 #define CIPHER_LIST					"ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH"
 
+// Macros to allow compatibility with OpenSSL 1.0 and 1.1 APIs. See
+// https://github.com/charybdis-ircd/charybdis/blob/release/3.5/libratbox/src/openssl_ratbox.h
+// for the gory details.
+#if defined(LIBRESSL_VERSION_NUMBER) || (OPENSSL_VERSION_NUMBER >= 0x10100000L) // OpenSSL >= 1.1
+#	define BOX_TLS_SERVER_METHOD TLS_server_method
+#	define BOX_TLS_CLIENT_METHOD TLS_client_method
+#else // OpenSSL < 1.1
+#	define BOX_TLS_SERVER_METHOD TLSv1_server_method
+#	define BOX_TLS_CLIENT_METHOD TLSv1_client_method
+#endif
+
 // --------------------------------------------------------------------------
 //
 // Function
@@ -67,7 +78,7 @@ void TLSContext::Initialise(bool AsServer, const char *CertificatesFile, const c
 		::SSL_CTX_free(mpContext);
 	}
 
-	mpContext = ::SSL_CTX_new(AsServer?TLSv1_server_method():TLSv1_client_method());
+	mpContext = ::SSL_CTX_new(AsServer ? BOX_TLS_SERVER_METHOD() : BOX_TLS_CLIENT_METHOD());
 	if(mpContext == NULL)
 	{
 		THROW_EXCEPTION(ServerException, TLSAllocationFailed)
diff --git a/test/crypto/testcrypto.cpp b/test/crypto/testcrypto.cpp
index 003bf992..200bdd0f 100644
--- a/test/crypto/testcrypto.cpp
+++ b/test/crypto/testcrypto.cpp
@@ -338,7 +338,7 @@ int test(int argc, const char *argv[])
 	// Check rolling checksums
 	uint8_t *checkdata_blk = (uint8_t *)malloc(CHECKSUM_DATA_SIZE);
 	uint8_t *checkdata = checkdata_blk;
-	RAND_pseudo_bytes(checkdata, CHECKSUM_DATA_SIZE);
+	RAND_bytes(checkdata, CHECKSUM_DATA_SIZE);
 	for(int size = CHECKSUM_BLOCK_SIZE_BASE; size <= CHECKSUM_BLOCK_SIZE_LAST; ++size)
 	{
 		// Test skip-roll code