summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJoao Santos <joaompssantos@gmail.com>2023-05-01 11:48:02 +0200
committerJoao Santos <joaompssantos@gmail.com>2023-05-01 11:49:06 +0200
commit330a0904a6a356e484838fff7ef7e4cdb249703a (patch)
treedee3ba406bf64de3995927b23b99d202cf53ce85
parentdev-libs/xml-security-c: fixed issue with ebuild (diff)
downloadcarreira-330a0904a6a356e484838fff7ef7e4cdb249703a.tar.gz
carreira-330a0904a6a356e484838fff7ef7e4cdb249703a.tar.bz2
carreira-330a0904a6a356e484838fff7ef7e4cdb249703a.zip
dev-libs/xml-security-c: remove unused patch files
Signed-off-by: Joao Santos <joaompssantos@gmail.com>
-rw-r--r--dev-libs/xml-security-c/files/xml-security-c-1.6.1-nss-compilation-fix.patch13
-rw-r--r--dev-libs/xml-security-c/files/xml-security-c-1.7.3-fix-c++14.patch36
-rw-r--r--dev-libs/xml-security-c/files/xml-security-c-1.7.3_openssl1.1.patch1701
-rw-r--r--dev-libs/xml-security-c/files/xml-security-c-2.0.2-libressl.patch52
4 files changed, 0 insertions, 1802 deletions
diff --git a/dev-libs/xml-security-c/files/xml-security-c-1.6.1-nss-compilation-fix.patch b/dev-libs/xml-security-c/files/xml-security-c-1.6.1-nss-compilation-fix.patch
deleted file mode 100644
index 1635d6b..0000000
--- a/dev-libs/xml-security-c/files/xml-security-c-1.6.1-nss-compilation-fix.patch
+++ /dev/null
@@ -1,13 +0,0 @@
-diff --git a/xsec/tools/xtest/xtest.cpp b/xsec/tools/xtest/xtest.cpp
-index ec40cb2..9cd389e 100644
---- a/xsec/tools/xtest/xtest.cpp
-+++ b/xsec/tools/xtest/xtest.cpp
-@@ -2566,7 +2566,7 @@ int main(int argc, char **argv) {
- }
- #endif
- #if defined(XSEC_HAVE_NSS)
-- else if (stricmp(argv[paramCount], "--nss") == 0 || stricmp(argv[paramCount], "-n") == 0) {
-+ else if (_stricmp(argv[paramCount], "--nss") == 0 || _stricmp(argv[paramCount], "-n") == 0) {
- g_useNSS = true;
- paramCount++;
- }
diff --git a/dev-libs/xml-security-c/files/xml-security-c-1.7.3-fix-c++14.patch b/dev-libs/xml-security-c/files/xml-security-c-1.7.3-fix-c++14.patch
deleted file mode 100644
index 40783bf..0000000
--- a/dev-libs/xml-security-c/files/xml-security-c-1.7.3-fix-c++14.patch
+++ /dev/null
@@ -1,36 +0,0 @@
-Fix building with C++14, which errors out due to bool -> T* conversions
-See also: https://bugs.gentoo.org/show_bug.cgi?id=594234
-
---- a/xsec/enc/OpenSSL/OpenSSLCryptoSymmetricKey.hpp
-+++ b/xsec/enc/OpenSSL/OpenSSLCryptoSymmetricKey.hpp
-@@ -151,7 +151,7 @@
- SymmetricKeyMode mode = MODE_CBC,
- const unsigned char * iv = NULL,
- const unsigned char* tag = NULL,
-- unsigned int taglen = NULL);
-+ unsigned int taglen = 0);
-
- /**
- * \brief Continue an decrypt operation using this key.
---- a/xsec/enc/XSECCryptoSymmetricKey.hpp
-+++ b/xsec/enc/XSECCryptoSymmetricKey.hpp
-@@ -185,7 +185,7 @@
- SymmetricKeyMode mode = MODE_CBC,
- const unsigned char* iv = NULL,
- const unsigned char* tag = NULL,
-- unsigned int taglen = NULL) = 0;
-+ unsigned int taglen = 0) = 0;
-
- /**
- * \brief Continue a decrypt operation using this key.
---- a/xsec/tools/checksig/InteropResolver.cpp
-+++ b/xsec/tools/checksig/InteropResolver.cpp
-@@ -645,7 +645,7 @@
-
- }
-
-- return false;
-+ return NULL;
-
- }
-
diff --git a/dev-libs/xml-security-c/files/xml-security-c-1.7.3_openssl1.1.patch b/dev-libs/xml-security-c/files/xml-security-c-1.7.3_openssl1.1.patch
deleted file mode 100644
index d4b1886..0000000
--- a/dev-libs/xml-security-c/files/xml-security-c-1.7.3_openssl1.1.patch
+++ /dev/null
@@ -1,1701 +0,0 @@
-diff -U3 -r xml-security-c-1.7.3.orig/xsec/enc/OpenSSL/OpenSSLCryptoBase64.cpp xml-security-c-1.7.3/xsec/enc/OpenSSL/OpenSSLCryptoBase64.cpp
---- xml-security-c-1.7.3.orig/xsec/enc/OpenSSL/OpenSSLCryptoBase64.cpp 2012-07-23 19:56:11.000000000 +0300
-+++ xml-security-c-1.7.3/xsec/enc/OpenSSL/OpenSSLCryptoBase64.cpp 2017-02-19 20:37:10.000000000 +0200
-@@ -44,6 +44,15 @@
-
- XERCES_CPP_NAMESPACE_USE
-
-+OpenSSLCryptoBase64::OpenSSLCryptoBase64() {
-+ m_ectx = EVP_ENCODE_CTX_new();
-+ m_dctx = EVP_ENCODE_CTX_new();
-+}
-+
-+OpenSSLCryptoBase64::~OpenSSLCryptoBase64() {
-+ EVP_ENCODE_CTX_free(m_ectx);
-+ EVP_ENCODE_CTX_free(m_dctx);
-+}
-
- // --------------------------------------------------------------------------------
- // Decoding
-@@ -51,7 +60,7 @@
-
- void OpenSSLCryptoBase64::decodeInit(void) {
-
-- EVP_DecodeInit(&m_dctx);
-+ EVP_DecodeInit(m_dctx);
-
- }
-
-@@ -70,7 +79,7 @@
-
- }
-
-- rc = EVP_DecodeUpdate(&m_dctx,
-+ rc = EVP_DecodeUpdate(m_dctx,
- outData,
- &outLen,
- (unsigned char *) inData,
-@@ -99,7 +108,7 @@
- int outLen;
- outLen = outLength;
-
-- EVP_DecodeFinal(&m_dctx, outData, &outLen);
-+ EVP_DecodeFinal(m_dctx, outData, &outLen);
-
- return outLen;
-
-@@ -111,7 +120,7 @@
-
- void OpenSSLCryptoBase64::encodeInit(void) {
-
-- EVP_EncodeInit(&m_ectx);
-+ EVP_EncodeInit(m_ectx);
-
- }
-
-@@ -130,7 +139,7 @@
-
- }
-
-- EVP_EncodeUpdate(&m_ectx,
-+ EVP_EncodeUpdate(m_ectx,
- outData,
- &outLen,
- (unsigned char *) inData,
-@@ -153,7 +162,7 @@
- int outLen;
- outLen = outLength;
-
-- EVP_EncodeFinal(&m_ectx, outData, &outLen);
-+ EVP_EncodeFinal(m_ectx, outData, &outLen);
-
- return outLen;
-
-diff -U3 -r xml-security-c-1.7.3.orig/xsec/enc/OpenSSL/OpenSSLCryptoBase64.hpp xml-security-c-1.7.3/xsec/enc/OpenSSL/OpenSSLCryptoBase64.hpp
---- xml-security-c-1.7.3.orig/xsec/enc/OpenSSL/OpenSSLCryptoBase64.hpp 2012-07-23 19:56:11.000000000 +0300
-+++ xml-security-c-1.7.3/xsec/enc/OpenSSL/OpenSSLCryptoBase64.hpp 2017-02-19 10:46:50.000000000 +0200
-@@ -66,8 +66,8 @@
- public :
-
-
-- OpenSSLCryptoBase64() {};
-- virtual ~OpenSSLCryptoBase64() {};
-+ OpenSSLCryptoBase64();
-+ virtual ~OpenSSLCryptoBase64();
-
- /** @name Decoding Functions */
- //@{
-@@ -189,20 +189,20 @@
- * \brief Get OpenSSL encode context structure
- */
-
-- EVP_ENCODE_CTX * getOpenSSLEncodeEVP_ENCODE_CTX(void) {return &m_ectx;}
-+ EVP_ENCODE_CTX * getOpenSSLEncodeEVP_ENCODE_CTX(void) {return m_ectx;}
-
- /**
- * \brief Get OpenSSL encode context structure
- */
-
-- EVP_ENCODE_CTX * getOpenSSLDecodeEVP_ENCODE_CTX(void) {return &m_dctx;}
-+ EVP_ENCODE_CTX * getOpenSSLDecodeEVP_ENCODE_CTX(void) {return m_dctx;}
-
- //@}
-
- private :
-
-- EVP_ENCODE_CTX m_ectx; // Encode context
-- EVP_ENCODE_CTX m_dctx; // Decode context
-+ EVP_ENCODE_CTX *m_ectx; // Encode context
-+ EVP_ENCODE_CTX *m_dctx; // Decode context
-
- };
-
-diff -U3 -r xml-security-c-1.7.3.orig/xsec/enc/OpenSSL/OpenSSLCryptoHash.cpp xml-security-c-1.7.3/xsec/enc/OpenSSL/OpenSSLCryptoHash.cpp
---- xml-security-c-1.7.3.orig/xsec/enc/OpenSSL/OpenSSLCryptoHash.cpp 2012-07-23 19:56:11.000000000 +0300
-+++ xml-security-c-1.7.3/xsec/enc/OpenSSL/OpenSSLCryptoHash.cpp 2017-02-19 20:48:48.000000000 +0200
-@@ -40,6 +40,7 @@
-
- OpenSSLCryptoHash::OpenSSLCryptoHash(HashType alg) {
-
-+ m_mdctx = EVP_MD_CTX_create();
- switch (alg) {
-
- case (XSECCryptoHash::HASH_SHA1) :
-@@ -104,7 +105,7 @@
- "OpenSSL:Hash - Error loading Message Digest");
- }
-
-- EVP_DigestInit(&m_mdctx, mp_md);
-+ EVP_DigestInit(m_mdctx, mp_md);
- m_hashType = alg;
-
- }
-@@ -112,7 +113,7 @@
-
- OpenSSLCryptoHash::~OpenSSLCryptoHash() {
-
-- EVP_MD_CTX_cleanup(&m_mdctx);
-+ EVP_MD_CTX_free(m_mdctx);
-
- }
-
-@@ -121,16 +122,16 @@
- // Hashing Activities
- void OpenSSLCryptoHash::reset(void) {
-
-- EVP_MD_CTX_cleanup(&m_mdctx);
--
-- EVP_DigestInit(&m_mdctx, mp_md);
-+ EVP_MD_CTX_free(m_mdctx);
-+ m_mdctx = EVP_MD_CTX_new();
-+ EVP_DigestInit(m_mdctx, mp_md);
-
- }
-
- void OpenSSLCryptoHash::hash(unsigned char * data,
- unsigned int length) {
-
-- EVP_DigestUpdate(&m_mdctx, data, length);
-+ EVP_DigestUpdate(m_mdctx, data, length);
-
- }
- unsigned int OpenSSLCryptoHash::finish(unsigned char * hash,
-@@ -140,7 +141,7 @@
-
- // Finish up and copy out hash, returning the length
-
-- EVP_DigestFinal(&m_mdctx, m_mdValue, &m_mdLen);
-+ EVP_DigestFinal(m_mdctx, m_mdValue, &m_mdLen);
-
- // Copy to output buffer
-
-diff -U3 -r xml-security-c-1.7.3.orig/xsec/enc/OpenSSL/OpenSSLCryptoHash.hpp xml-security-c-1.7.3/xsec/enc/OpenSSL/OpenSSLCryptoHash.hpp
---- xml-security-c-1.7.3.orig/xsec/enc/OpenSSL/OpenSSLCryptoHash.hpp 2012-07-23 19:56:11.000000000 +0300
-+++ xml-security-c-1.7.3/xsec/enc/OpenSSL/OpenSSLCryptoHash.hpp 2017-02-19 10:42:32.000000000 +0200
-@@ -138,7 +138,7 @@
- * \brief Get OpenSSL hash context structure
- */
-
-- EVP_MD_CTX * getOpenSSLEVP_MD_CTX(void) {return &m_mdctx;}
-+ EVP_MD_CTX * getOpenSSLEVP_MD_CTX(void) {return m_mdctx;}
-
- //@}
-
-@@ -148,7 +148,7 @@
- // Not implemented constructors
- OpenSSLCryptoHash();
-
-- EVP_MD_CTX m_mdctx; // Context for digest
-+ EVP_MD_CTX *m_mdctx; // Context for digest
- const EVP_MD * mp_md; // Digest instance
- unsigned char m_mdValue[EVP_MAX_MD_SIZE]; // Final output
- unsigned int m_mdLen; // Length of digest
-diff -U3 -r xml-security-c-1.7.3.orig/xsec/enc/OpenSSL/OpenSSLCryptoHashHMAC.cpp xml-security-c-1.7.3/xsec/enc/OpenSSL/OpenSSLCryptoHashHMAC.cpp
---- xml-security-c-1.7.3.orig/xsec/enc/OpenSSL/OpenSSLCryptoHashHMAC.cpp 2012-07-23 19:56:11.000000000 +0300
-+++ xml-security-c-1.7.3/xsec/enc/OpenSSL/OpenSSLCryptoHashHMAC.cpp 2017-02-19 20:50:03.000000000 +0200
-@@ -43,6 +43,7 @@
- OpenSSLCryptoHashHMAC::OpenSSLCryptoHashHMAC(HashType alg) {
-
- // Initialise the digest
-+ m_hctx = HMAC_CTX_new();
-
- switch (alg) {
-
-@@ -127,7 +128,7 @@
- m_keyLen = ((XSECCryptoKeyHMAC *) key)->getKey(m_keyBuf);
-
-
-- HMAC_Init(&m_hctx,
-+ HMAC_Init(m_hctx,
- m_keyBuf.rawBuffer(),
- m_keyLen,
- mp_md);
-@@ -139,7 +140,7 @@
- OpenSSLCryptoHashHMAC::~OpenSSLCryptoHashHMAC() {
-
- if (m_initialised)
-- HMAC_CTX_cleanup(&m_hctx);
-+ HMAC_CTX_free(m_hctx);
-
- }
-
-@@ -151,9 +152,9 @@
-
- if (m_initialised) {
-
-- HMAC_CTX_cleanup(&m_hctx);
--
-- HMAC_Init(&m_hctx,
-+ HMAC_CTX_free(m_hctx);
-+ m_hctx = HMAC_CTX_new();
-+ HMAC_Init(m_hctx,
- m_keyBuf.rawBuffer(),
- m_keyLen,
- mp_md);
-@@ -170,7 +171,7 @@
- "OpenSSL:HashHMAC - hash called prior to setKey");
-
-
-- HMAC_Update(&m_hctx, data, (int) length);
-+ HMAC_Update(m_hctx, data, (int) length);
-
- }
-
-@@ -181,7 +182,7 @@
-
- // Finish up and copy out hash, returning the length
-
-- HMAC_Final(&m_hctx, m_mdValue, &m_mdLen);
-+ HMAC_Final(m_hctx, m_mdValue, &m_mdLen);
-
- // Copy to output buffer
-
-diff -U3 -r xml-security-c-1.7.3.orig/xsec/enc/OpenSSL/OpenSSLCryptoHashHMAC.hpp xml-security-c-1.7.3/xsec/enc/OpenSSL/OpenSSLCryptoHashHMAC.hpp
---- xml-security-c-1.7.3.orig/xsec/enc/OpenSSL/OpenSSLCryptoHashHMAC.hpp 2012-07-23 19:56:11.000000000 +0300
-+++ xml-security-c-1.7.3/xsec/enc/OpenSSL/OpenSSLCryptoHashHMAC.hpp 2017-02-19 10:50:19.000000000 +0200
-@@ -162,7 +162,7 @@
- * \brief Get OpenSSL Hash Context
- */
-
-- HMAC_CTX * getOpenSSLHMAC_CTX(void) {return &m_hctx;}
-+ HMAC_CTX * getOpenSSLHMAC_CTX(void) {return m_hctx;}
-
- //@}
-
-@@ -175,7 +175,7 @@
- unsigned char m_mdValue[EVP_MAX_MD_SIZE]; // Final output
- unsigned int m_mdLen; // Length of digest
- HashType m_hashType; // What type of hash is this?
-- HMAC_CTX m_hctx; // Context for HMAC
-+ HMAC_CTX *m_hctx; // Context for HMAC
- safeBuffer m_keyBuf; // The loaded key
- unsigned int m_keyLen; // The loaded key length
- bool m_initialised;
-diff -U3 -r xml-security-c-1.7.3.orig/xsec/enc/OpenSSL/OpenSSLCryptoKeyDSA.cpp xml-security-c-1.7.3/xsec/enc/OpenSSL/OpenSSLCryptoKeyDSA.cpp
---- xml-security-c-1.7.3.orig/xsec/enc/OpenSSL/OpenSSLCryptoKeyDSA.cpp 2015-01-29 04:52:17.000000000 +0200
-+++ xml-security-c-1.7.3/xsec/enc/OpenSSL/OpenSSLCryptoKeyDSA.cpp 2017-02-19 22:39:29.000000000 +0200
-@@ -64,13 +64,15 @@
- if (mp_dsaKey == NULL)
- return KEY_NONE;
-
-- if (mp_dsaKey->priv_key != NULL && mp_dsaKey->pub_key != NULL)
-+ const BIGNUM *pub_key = 0, *priv_key = 0;
-+ DSA_get0_key(mp_dsaKey, &pub_key, &priv_key);
-+ if (priv_key != NULL && pub_key != NULL)
- return KEY_DSA_PAIR;
-
-- if (mp_dsaKey->priv_key != NULL)
-+ if (priv_key != NULL)
- return KEY_DSA_PRIVATE;
-
-- if (mp_dsaKey->pub_key != NULL)
-+ if (pub_key != NULL)
- return KEY_DSA_PUBLIC;
-
- return KEY_NONE;
-@@ -82,7 +84,7 @@
- if (mp_dsaKey == NULL)
- mp_dsaKey = DSA_new();
-
-- mp_dsaKey->p = OpenSSLCryptoBase64::b642BN((char *) b64, len);
-+ DSA_set0_pqg(mp_dsaKey, OpenSSLCryptoBase64::b642BN((char *) b64, len), 0, 0);
-
- }
-
-@@ -91,7 +93,7 @@
- if (mp_dsaKey == NULL)
- mp_dsaKey = DSA_new();
-
-- mp_dsaKey->q = OpenSSLCryptoBase64::b642BN((char *) b64, len);
-+ DSA_set0_pqg(mp_dsaKey, 0, OpenSSLCryptoBase64::b642BN((char *) b64, len), 0);
-
- }
-
-@@ -100,7 +102,7 @@
- if (mp_dsaKey == NULL)
- mp_dsaKey = DSA_new();
-
-- mp_dsaKey->g = OpenSSLCryptoBase64::b642BN((char *) b64, len);
-+ DSA_set0_pqg(mp_dsaKey, 0, 0, OpenSSLCryptoBase64::b642BN((char *) b64, len));
-
- }
-
-@@ -109,7 +111,7 @@
- if (mp_dsaKey == NULL)
- mp_dsaKey = DSA_new();
-
-- mp_dsaKey->pub_key = OpenSSLCryptoBase64::b642BN((char *) b64, len);
-+ DSA_set0_key(mp_dsaKey, OpenSSLCryptoBase64::b642BN((char *) b64, len), 0);
-
- }
-
-@@ -130,20 +132,15 @@
-
- mp_dsaKey = DSA_new();
-
-- if (k == NULL || k->type != EVP_PKEY_DSA)
-+ if (k == NULL || EVP_PKEY_base_id(k) != EVP_PKEY_DSA)
- return; // Nothing to do with us
-
--
-- if (k->pkey.dsa->p)
-- mp_dsaKey->p = BN_dup(k->pkey.dsa->p);
-- if (k->pkey.dsa->q)
-- mp_dsaKey->q = BN_dup(k->pkey.dsa->q);
-- if (k->pkey.dsa->g)
-- mp_dsaKey->g = BN_dup(k->pkey.dsa->g);
-- if (k->pkey.dsa->pub_key)
-- mp_dsaKey->pub_key = BN_dup(k->pkey.dsa->pub_key);
-- if (k->pkey.dsa->priv_key)
-- mp_dsaKey->priv_key = BN_dup(k->pkey.dsa->priv_key);
-+ DSA *dsa = EVP_PKEY_get0_DSA(k);
-+ const BIGNUM *p = 0, *q = 0, *g = 0, *pub_key = 0, *priv_key = 0;
-+ DSA_get0_pqg(dsa, &p, &q, &g);
-+ DSA_get0_key(dsa, &pub_key, &priv_key);
-+ DSA_set0_pqg(mp_dsaKey, BN_dup(p), BN_dup(q), BN_dup(g));
-+ DSA_set0_key(mp_dsaKey, BN_dup(pub_key), BN_dup(priv_key));
-
- }
-
-@@ -175,9 +172,9 @@
- unsigned char* sigVal = new unsigned char[sigLen + 1];
- ArrayJanitor<unsigned char> j_sigVal(sigVal);
-
-- EVP_ENCODE_CTX m_dctx;
-- EVP_DecodeInit(&m_dctx);
-- int rc = EVP_DecodeUpdate(&m_dctx,
-+ EVP_ENCODE_CTX *m_dctx = EVP_ENCODE_CTX_new();
-+ EVP_DecodeInit(m_dctx);
-+ int rc = EVP_DecodeUpdate(m_dctx,
- sigVal,
- &sigValLen,
- (unsigned char *) cleanedBase64Signature,
-@@ -190,7 +187,8 @@
- }
- int t = 0;
-
-- EVP_DecodeFinal(&m_dctx, &sigVal[sigValLen], &t);
-+ EVP_DecodeFinal(m_dctx, &sigVal[sigValLen], &t);
-+ EVP_ENCODE_CTX_free(m_dctx);
-
- sigValLen += t;
-
-@@ -223,12 +221,7 @@
- }
-
- DSA_SIG * dsa_sig = DSA_SIG_new();
--
-- dsa_sig->r = BN_dup(R);
-- dsa_sig->s = BN_dup(S);
--
-- BN_free(R);
-- BN_free(S);
-+ DSA_SIG_set0(dsa_sig, R, S);
-
- // Now we have a signature and a key - lets check
-
-@@ -267,6 +260,8 @@
- DSA_SIG * dsa_sig;
-
- dsa_sig = DSA_do_sign(hashBuf, hashLen, mp_dsaKey);
-+ const BIGNUM *r = 0, *s = 0;
-+ DSA_SIG_get0(dsa_sig, &r, &s);
-
- if (dsa_sig == NULL) {
-
-@@ -277,10 +272,10 @@
-
- // Now turn the signature into a base64 string
-
-- unsigned char* rawSigBuf = new unsigned char[(BN_num_bits(dsa_sig->r) + BN_num_bits(dsa_sig->s) + 7) / 8];
-+ unsigned char* rawSigBuf = new unsigned char[(BN_num_bits(r) + BN_num_bits(s) + 7) / 8];
- ArrayJanitor<unsigned char> j_sigbuf(rawSigBuf);
-
-- unsigned int rawLen = BN_bn2bin(dsa_sig->r, rawSigBuf);
-+ unsigned int rawLen = BN_bn2bin(r, rawSigBuf);
-
- if (rawLen <= 0) {
-
-@@ -289,7 +284,7 @@
-
- }
-
-- unsigned int rawLenS = BN_bn2bin(dsa_sig->s, (unsigned char *) &rawSigBuf[rawLen]);
-+ unsigned int rawLenS = BN_bn2bin(s, (unsigned char *) &rawSigBuf[rawLen]);
-
- if (rawLenS <= 0) {
-
-@@ -339,16 +334,11 @@
- ret->mp_dsaKey = DSA_new();
-
- // Duplicate parameters
-- if (mp_dsaKey->p)
-- ret->mp_dsaKey->p = BN_dup(mp_dsaKey->p);
-- if (mp_dsaKey->q)
-- ret->mp_dsaKey->q = BN_dup(mp_dsaKey->q);
-- if (mp_dsaKey->g)
-- ret->mp_dsaKey->g = BN_dup(mp_dsaKey->g);
-- if (mp_dsaKey->pub_key)
-- ret->mp_dsaKey->pub_key = BN_dup(mp_dsaKey->pub_key);
-- if (mp_dsaKey->priv_key)
-- ret->mp_dsaKey->priv_key = BN_dup(mp_dsaKey->priv_key);
-+ const BIGNUM *p = 0, *q = 0, *g = 0, *pub_key = 0, *priv_key = 0;
-+ DSA_get0_pqg(mp_dsaKey, &p, &q, &g);
-+ DSA_get0_key(mp_dsaKey, &pub_key, &priv_key);
-+ DSA_set0_pqg(ret->mp_dsaKey, BN_dup(p), BN_dup(q), BN_dup(g));
-+ DSA_set0_key(ret->mp_dsaKey, BN_dup(pub_key), BN_dup(priv_key));
-
- return ret;
-
-diff -U3 -r xml-security-c-1.7.3.orig/xsec/enc/OpenSSL/OpenSSLCryptoKeyEC.cpp xml-security-c-1.7.3/xsec/enc/OpenSSL/OpenSSLCryptoKeyEC.cpp
---- xml-security-c-1.7.3.orig/xsec/enc/OpenSSL/OpenSSLCryptoKeyEC.cpp 2015-02-03 02:57:48.000000000 +0200
-+++ xml-security-c-1.7.3/xsec/enc/OpenSSL/OpenSSLCryptoKeyEC.cpp 2017-02-19 21:57:57.000000000 +0200
-@@ -128,10 +128,10 @@
-
- // Create a new key to be loaded as we go
-
-- if (k == NULL || k->type != EVP_PKEY_EC)
-+ if (k == NULL || EVP_PKEY_base_id(k) != EVP_PKEY_EC)
- return; // Nothing to do with us
-
-- mp_ecKey = EC_KEY_dup(k->pkey.ec);
-+ mp_ecKey = EC_KEY_dup(EVP_PKEY_get0_EC_KEY(k));
- }
-
- // --------------------------------------------------------------------------------
-@@ -162,9 +162,9 @@
- unsigned char* sigVal = new unsigned char[sigLen + 1];
- ArrayJanitor<unsigned char> j_sigVal(sigVal);
-
-- EVP_ENCODE_CTX m_dctx;
-- EVP_DecodeInit(&m_dctx);
-- int rc = EVP_DecodeUpdate(&m_dctx,
-+ EVP_ENCODE_CTX *m_dctx = EVP_ENCODE_CTX_new();
-+ EVP_DecodeInit(m_dctx);
-+ int rc = EVP_DecodeUpdate(m_dctx,
- sigVal,
- &sigValLen,
- (unsigned char *) cleanedBase64Signature,
-@@ -177,7 +177,8 @@
- }
- int t = 0;
-
-- EVP_DecodeFinal(&m_dctx, &sigVal[sigValLen], &t);
-+ EVP_DecodeFinal(m_dctx, &sigVal[sigValLen], &t);
-+ EVP_ENCODE_CTX_free(m_dctx);
-
- sigValLen += t;
-
-@@ -189,8 +190,9 @@
- // Translate to BNs by splitting in half, and thence to ECDSA_SIG
-
- ECDSA_SIG * dsa_sig = ECDSA_SIG_new();
-- dsa_sig->r = BN_bin2bn(sigVal, sigValLen / 2, NULL);
-- dsa_sig->s = BN_bin2bn(&sigVal[sigValLen / 2], sigValLen / 2, NULL);
-+ ECDSA_SIG_set0(dsa_sig,
-+ BN_bin2bn(sigVal, sigValLen / 2, NULL),
-+ BN_bin2bn(&sigVal[sigValLen / 2], sigValLen / 2, NULL));
-
- // Now we have a signature and a key - lets check
-
-@@ -228,6 +230,8 @@
- ECDSA_SIG * dsa_sig;
-
- dsa_sig = ECDSA_do_sign(hashBuf, hashLen, mp_ecKey);
-+ const BIGNUM *r, *s;
-+ ECDSA_SIG_get0(dsa_sig, &r, &s);
-
- if (dsa_sig == NULL) {
- throw XSECCryptoException(XSECCryptoException::ECError,
-@@ -263,14 +267,14 @@
- memset(rawSigBuf, 0, keyLen * 2);
- ArrayJanitor<unsigned char> j_sigbuf(rawSigBuf);
-
-- unsigned int rawLen = (BN_num_bits(dsa_sig->r) + 7) / 8;
-- if (BN_bn2bin(dsa_sig->r, rawSigBuf + keyLen - rawLen) <= 0) {
-+ unsigned int rawLen = (BN_num_bits(r) + 7) / 8;
-+ if (BN_bn2bin(r, rawSigBuf + keyLen - rawLen) <= 0) {
- throw XSECCryptoException(XSECCryptoException::ECError,
- "OpenSSL:EC - Error copying signature 'r' value to buffer");
- }
-
-- rawLen = (BN_num_bits(dsa_sig->s) + 7) / 8;
-- if (BN_bn2bin(dsa_sig->s, rawSigBuf + keyLen + keyLen - rawLen) <= 0) {
-+ rawLen = (BN_num_bits(s) + 7) / 8;
-+ if (BN_bn2bin(s, rawSigBuf + keyLen + keyLen - rawLen) <= 0) {
- throw XSECCryptoException(XSECCryptoException::ECError,
- "OpenSSL:EC - Error copying signature 's' value to buffer");
- }
-diff -U3 -r xml-security-c-1.7.3.orig/xsec/enc/OpenSSL/OpenSSLCryptoKeyRSA.cpp xml-security-c-1.7.3/xsec/enc/OpenSSL/OpenSSLCryptoKeyRSA.cpp
---- xml-security-c-1.7.3.orig/xsec/enc/OpenSSL/OpenSSLCryptoKeyRSA.cpp 2012-07-23 19:56:11.000000000 +0300
-+++ xml-security-c-1.7.3/xsec/enc/OpenSSL/OpenSSLCryptoKeyRSA.cpp 2017-02-19 21:53:14.000000000 +0200
-@@ -326,13 +326,15 @@
- if (mp_rsaKey == NULL)
- return KEY_NONE;
-
-- if (mp_rsaKey->n != NULL && mp_rsaKey->d != NULL)
-+ const BIGNUM *n = 0, *e = 0, *d = 0;
-+ RSA_get0_key(mp_rsaKey, &n, &e, &d);
-+ if (n != NULL && d != NULL)
- return KEY_RSA_PAIR;
-
-- if (mp_rsaKey->d != NULL)
-+ if (d != NULL)
- return KEY_RSA_PRIVATE;
-
-- if (mp_rsaKey->n != NULL)
-+ if (n != NULL)
- return KEY_RSA_PUBLIC;
-
- return KEY_NONE;
-@@ -344,7 +346,7 @@
- if (mp_rsaKey == NULL)
- mp_rsaKey = RSA_new();
-
-- mp_rsaKey->n = OpenSSLCryptoBase64::b642BN((char *) b64, len);
-+ RSA_set0_key(mp_rsaKey, OpenSSLCryptoBase64::b642BN((char *) b64, len), 0, 0);
-
- }
-
-@@ -353,7 +355,7 @@
- if (mp_rsaKey == NULL)
- mp_rsaKey = RSA_new();
-
-- mp_rsaKey->e = OpenSSLCryptoBase64::b642BN((char *) b64, len);
-+ RSA_set0_key(mp_rsaKey, 0, OpenSSLCryptoBase64::b642BN((char *) b64, len), 0);
-
- }
-
-@@ -369,32 +371,17 @@
-
- mp_rsaKey = RSA_new();
-
-- if (k == NULL || k->type != EVP_PKEY_RSA)
-+ if (k == NULL || EVP_PKEY_base_id(k) != EVP_PKEY_RSA)
- return; // Nothing to do with us
-
-- if (k->pkey.rsa->n)
-- mp_rsaKey->n = BN_dup(k->pkey.rsa->n);
--
-- if (k->pkey.rsa->e)
-- mp_rsaKey->e = BN_dup(k->pkey.rsa->e);
--
-- if (k->pkey.rsa->d)
-- mp_rsaKey->d = BN_dup(k->pkey.rsa->d);
--
-- if (k->pkey.rsa->p)
-- mp_rsaKey->p = BN_dup(k->pkey.rsa->p);
--
-- if (k->pkey.rsa->q)
-- mp_rsaKey->q = BN_dup(k->pkey.rsa->q);
--
-- if (k->pkey.rsa->dmp1)
-- mp_rsaKey->dmp1 = BN_dup(k->pkey.rsa->dmp1);
--
-- if (k->pkey.rsa->dmq1)
-- mp_rsaKey->dmq1 = BN_dup(k->pkey.rsa->dmq1);
--
-- if (k->pkey.rsa->iqmp)
-- mp_rsaKey->iqmp = BN_dup(k->pkey.rsa->iqmp);
-+ RSA *rsa = EVP_PKEY_get0_RSA(k);
-+ const BIGNUM *n = 0, *e = 0, *d = 0, *p = 0, *q = 0, *dmp1 = 0, *dmq1 = 0, *iqmp = 0;
-+ RSA_get0_key(rsa, &n, &e, &d);
-+ RSA_get0_factors(rsa, &p, &q);
-+ RSA_get0_crt_params(rsa, &dmp1, &dmq1, &iqmp);
-+ RSA_set0_key(mp_rsaKey, BN_dup(n), BN_dup(e), BN_dup(d));
-+ RSA_set0_factors(mp_rsaKey, BN_dup(p), BN_dup(q));
-+ RSA_set0_crt_params(mp_rsaKey, BN_dup(dmp1), BN_dup(dmq1), BN_dup(iqmp));
-
- }
-
-@@ -427,9 +414,9 @@
- unsigned char* sigVal = new unsigned char[sigLen + 1];
- ArrayJanitor<unsigned char> j_sigVal(sigVal);
-
-- EVP_ENCODE_CTX m_dctx;
-- EVP_DecodeInit(&m_dctx);
-- int rc = EVP_DecodeUpdate(&m_dctx,
-+ EVP_ENCODE_CTX *m_dctx = EVP_ENCODE_CTX_new();
-+ EVP_DecodeInit(m_dctx);
-+ int rc = EVP_DecodeUpdate(m_dctx,
- sigVal,
- &sigValLen,
- (unsigned char *) cleanedBase64Signature,
-@@ -442,7 +429,8 @@
- }
- int t = 0;
-
-- EVP_DecodeFinal(&m_dctx, &sigVal[sigValLen], &t);
-+ EVP_DecodeFinal(m_dctx, &sigVal[sigValLen], &t);
-+ EVP_ENCODE_CTX_free(m_dctx);
-
- sigValLen += t;
-
-@@ -979,29 +967,13 @@
-
- // Duplicate parameters
-
-- if (mp_rsaKey->n)
-- ret->mp_rsaKey->n = BN_dup(mp_rsaKey->n);
--
-- if (mp_rsaKey->e)
-- ret->mp_rsaKey->e = BN_dup(mp_rsaKey->e);
--
-- if (mp_rsaKey->d)
-- ret->mp_rsaKey->d = BN_dup(mp_rsaKey->d);
--
-- if (mp_rsaKey->p)
-- ret->mp_rsaKey->p = BN_dup(mp_rsaKey->p);
--
-- if (mp_rsaKey->q)
-- ret->mp_rsaKey->q = BN_dup(mp_rsaKey->q);
--
-- if (mp_rsaKey->dmp1)
-- ret->mp_rsaKey->dmp1 = BN_dup(mp_rsaKey->dmp1);
--
-- if (mp_rsaKey->dmq1)
-- ret->mp_rsaKey->dmq1 = BN_dup(mp_rsaKey->dmq1);
--
-- if (mp_rsaKey->iqmp)
-- ret->mp_rsaKey->iqmp = BN_dup(mp_rsaKey->iqmp);
-+ const BIGNUM *n = 0, *e = 0, *d = 0, *p = 0, *q = 0, *dmp1 = 0, *dmq1 = 0, *iqmp = 0;
-+ RSA_get0_key(mp_rsaKey, &n, &e, &d);
-+ RSA_get0_factors(mp_rsaKey, &p, &q);
-+ RSA_get0_crt_params(mp_rsaKey, &dmp1, &dmq1, &iqmp);
-+ RSA_set0_key(ret->mp_rsaKey, BN_dup(n), BN_dup(e), BN_dup(d));
-+ RSA_set0_factors(ret->mp_rsaKey, BN_dup(p), BN_dup(q));
-+ RSA_set0_crt_params(ret->mp_rsaKey, BN_dup(dmp1), BN_dup(dmq1), BN_dup(iqmp));
-
- return ret;
-
-diff -U3 -r xml-security-c-1.7.3.orig/xsec/enc/OpenSSL/OpenSSLCryptoProvider.cpp xml-security-c-1.7.3/xsec/enc/OpenSSL/OpenSSLCryptoProvider.cpp
---- xml-security-c-1.7.3.orig/xsec/enc/OpenSSL/OpenSSLCryptoProvider.cpp 2012-07-23 19:56:11.000000000 +0300
-+++ xml-security-c-1.7.3/xsec/enc/OpenSSL/OpenSSLCryptoProvider.cpp 2017-02-19 21:28:15.000000000 +0200
-@@ -343,7 +343,7 @@
- if (pkey) {
- XSECCryptoKey* ret = NULL;
- try {
-- switch (pkey->type) {
-+ switch (EVP_PKEY_base_id(pkey)) {
- case EVP_PKEY_RSA:
- ret = new OpenSSLCryptoKeyRSA(pkey);
- break;
-diff -U3 -r xml-security-c-1.7.3.orig/xsec/enc/OpenSSL/OpenSSLCryptoSymmetricKey.cpp xml-security-c-1.7.3/xsec/enc/OpenSSL/OpenSSLCryptoSymmetricKey.cpp
---- xml-security-c-1.7.3.orig/xsec/enc/OpenSSL/OpenSSLCryptoSymmetricKey.cpp 2015-01-29 04:52:17.000000000 +0200
-+++ xml-security-c-1.7.3/xsec/enc/OpenSSL/OpenSSLCryptoSymmetricKey.cpp 2017-02-19 21:24:51.000000000 +0200
-@@ -56,7 +56,8 @@
- m_keyLen(0),
- m_initialised(false) {
-
-- EVP_CIPHER_CTX_init(&m_ctx);
-+ m_ctx = EVP_CIPHER_CTX_new();
-+ EVP_CIPHER_CTX_init(m_ctx);
- m_keyBuf.isSensitive();
-
- }
-@@ -65,7 +66,7 @@
-
- // Clean up the context
-
-- EVP_CIPHER_CTX_cleanup(&m_ctx);
-+ EVP_CIPHER_CTX_free(m_ctx);
- }
-
- // --------------------------------------------------------------------------------
-@@ -149,17 +150,17 @@
- with 0.9.6 */
-
- #if defined(XSEC_OPENSSL_CONST_BUFFERS)
-- EVP_DecryptInit(&m_ctx, EVP_des_ede3_cbc(),m_keyBuf.rawBuffer(), iv);
-+ EVP_DecryptInit(m_ctx, EVP_des_ede3_cbc(),m_keyBuf.rawBuffer(), iv);
- #else
-- EVP_DecryptInit(&m_ctx, EVP_des_ede3_cbc(),(unsigned char *) m_keyBuf.rawBuffer(), (unsigned char *) iv);
-+ EVP_DecryptInit(m_ctx, EVP_des_ede3_cbc(),(unsigned char *) m_keyBuf.rawBuffer(), (unsigned char *) iv);
- #endif
- m_ivSize = 8;
- }
- else if (m_keyMode == MODE_ECB) {
- #if defined(XSEC_OPENSSL_CONST_BUFFERS)
-- EVP_DecryptInit(&m_ctx, EVP_des_ecb(), m_keyBuf.rawBuffer(), NULL);
-+ EVP_DecryptInit(m_ctx, EVP_des_ecb(), m_keyBuf.rawBuffer(), NULL);
- #else
-- EVP_DecryptInit(&m_ctx, EVP_des_ecb(), (unsigned char *) m_keyBuf.rawBuffer(), NULL);
-+ EVP_DecryptInit(m_ctx, EVP_des_ecb(), (unsigned char *) m_keyBuf.rawBuffer(), NULL);
- #endif
- m_ivSize = 0;
- }
-@@ -184,7 +185,7 @@
- return 0; // Cannot initialise without an IV
- }
-
-- EVP_DecryptInit_ex(&m_ctx, EVP_aes_128_cbc(), NULL, m_keyBuf.rawBuffer(), iv);
-+ EVP_DecryptInit_ex(m_ctx, EVP_aes_128_cbc(), NULL, m_keyBuf.rawBuffer(), iv);
-
- }
- #if defined (XSEC_OPENSSL_HAVE_GCM)
-@@ -207,15 +208,15 @@
- }
-
- // We have everything, so we can fully init.
-- EVP_CipherInit(&m_ctx, EVP_aes_128_gcm(), NULL, NULL, 0);
-- EVP_CIPHER_CTX_ctrl(&m_ctx, EVP_CTRL_GCM_SET_IVLEN, 12, NULL);
-- EVP_CIPHER_CTX_ctrl(&m_ctx, EVP_CTRL_GCM_SET_TAG, 16, (void*)m_tagBuf.rawBuffer());
-- EVP_CipherInit(&m_ctx, NULL, m_keyBuf.rawBuffer(), iv, 0);
-+ EVP_CipherInit(m_ctx, EVP_aes_128_gcm(), NULL, NULL, 0);
-+ EVP_CIPHER_CTX_ctrl(m_ctx, EVP_CTRL_GCM_SET_IVLEN, 12, NULL);
-+ EVP_CIPHER_CTX_ctrl(m_ctx, EVP_CTRL_GCM_SET_TAG, 16, (void*)m_tagBuf.rawBuffer());
-+ EVP_CipherInit(m_ctx, NULL, m_keyBuf.rawBuffer(), iv, 0);
- }
- #endif
- else if (m_keyMode == MODE_ECB) {
-
-- EVP_DecryptInit_ex(&m_ctx, EVP_aes_128_ecb(), NULL, m_keyBuf.rawBuffer(), NULL);
-+ EVP_DecryptInit_ex(m_ctx, EVP_aes_128_ecb(), NULL, m_keyBuf.rawBuffer(), NULL);
-
- }
- else {
-@@ -236,7 +237,7 @@
- return 0; // Cannot initialise without an IV
- }
-
-- EVP_DecryptInit_ex(&m_ctx, EVP_aes_192_cbc(), NULL, m_keyBuf.rawBuffer(), iv);
-+ EVP_DecryptInit_ex(m_ctx, EVP_aes_192_cbc(), NULL, m_keyBuf.rawBuffer(), iv);
-
- }
- #if defined (XSEC_OPENSSL_HAVE_GCM)
-@@ -259,16 +260,16 @@
- }
-
- // We have everything, so we can fully init.
-- EVP_CipherInit(&m_ctx, EVP_aes_192_gcm(), NULL, NULL, 0);
-- EVP_CIPHER_CTX_ctrl(&m_ctx, EVP_CTRL_GCM_SET_IVLEN, 12, NULL);
-- EVP_CIPHER_CTX_ctrl(&m_ctx, EVP_CTRL_GCM_SET_TAG, 16, (void*)m_tagBuf.rawBuffer());
-- EVP_CipherInit(&m_ctx, NULL, m_keyBuf.rawBuffer(), iv, 0);
-+ EVP_CipherInit(m_ctx, EVP_aes_192_gcm(), NULL, NULL, 0);
-+ EVP_CIPHER_CTX_ctrl(m_ctx, EVP_CTRL_GCM_SET_IVLEN, 12, NULL);
-+ EVP_CIPHER_CTX_ctrl(m_ctx, EVP_CTRL_GCM_SET_TAG, 16, (void*)m_tagBuf.rawBuffer());
-+ EVP_CipherInit(m_ctx, NULL, m_keyBuf.rawBuffer(), iv, 0);
-
- }
- #endif
- else if (m_keyMode == MODE_ECB) {
-
-- EVP_DecryptInit_ex(&m_ctx, EVP_aes_192_ecb(), NULL, m_keyBuf.rawBuffer(), NULL);
-+ EVP_DecryptInit_ex(m_ctx, EVP_aes_192_ecb(), NULL, m_keyBuf.rawBuffer(), NULL);
-
- }
- else {
-@@ -289,7 +290,7 @@
- return 0; // Cannot initialise without an IV
- }
-
-- EVP_DecryptInit_ex(&m_ctx, EVP_aes_256_cbc(), NULL, m_keyBuf.rawBuffer(), iv);
-+ EVP_DecryptInit_ex(m_ctx, EVP_aes_256_cbc(), NULL, m_keyBuf.rawBuffer(), iv);
-
- }
- #if defined (XSEC_OPENSSL_HAVE_GCM)
-@@ -312,16 +313,16 @@
- }
-
- // We have everything, so we can fully init.
-- EVP_CipherInit(&m_ctx, EVP_aes_256_gcm(), NULL, NULL, 0);
-- EVP_CIPHER_CTX_ctrl(&m_ctx, EVP_CTRL_GCM_SET_IVLEN, 12, NULL);
-- EVP_CIPHER_CTX_ctrl(&m_ctx, EVP_CTRL_GCM_SET_TAG, 16, (void*)m_tagBuf.rawBuffer());
-- EVP_CipherInit(&m_ctx, NULL, m_keyBuf.rawBuffer(), iv, 0);
-+ EVP_CipherInit(m_ctx, EVP_aes_256_gcm(), NULL, NULL, 0);
-+ EVP_CIPHER_CTX_ctrl(m_ctx, EVP_CTRL_GCM_SET_IVLEN, 12, NULL);
-+ EVP_CIPHER_CTX_ctrl(m_ctx, EVP_CTRL_GCM_SET_TAG, 16, (void*)m_tagBuf.rawBuffer());
-+ EVP_CipherInit(m_ctx, NULL, m_keyBuf.rawBuffer(), iv, 0);
-
- }
- #endif
- else if (m_keyMode == MODE_ECB) {
-
-- EVP_DecryptInit_ex(&m_ctx, EVP_aes_256_ecb(), NULL, m_keyBuf.rawBuffer(), NULL);
-+ EVP_DecryptInit_ex(m_ctx, EVP_aes_256_ecb(), NULL, m_keyBuf.rawBuffer(), NULL);
-
- }
- else {
-@@ -371,7 +372,7 @@
- // Disable OpenSSL padding - The interop samples have broken PKCS padding - AARGHH
-
- #if defined (XSEC_OPENSSL_CANSET_PADDING)
-- EVP_CIPHER_CTX_set_padding(&m_ctx, 0);
-+ EVP_CIPHER_CTX_set_padding(m_ctx, 0);
- #endif
-
- // Return number of bytes chewed up by IV
-@@ -439,9 +440,9 @@
- }
-
- #if defined (XSEC_OPENSSL_CONST_BUFFERS)
-- if (EVP_DecryptUpdate(&m_ctx, &plainBuf[m_bytesInLastBlock], &outl, &inBuf[offset], inLength - offset) == 0) {
-+ if (EVP_DecryptUpdate(m_ctx, &plainBuf[m_bytesInLastBlock], &outl, &inBuf[offset], inLength - offset) == 0) {
- #else
-- if (EVP_DecryptUpdate(&m_ctx, &plainBuf[m_bytesInLastBlock], &outl, (unsigned char *) &inBuf[offset], inLength - offset) == 0) {
-+ if (EVP_DecryptUpdate(m_ctx, &plainBuf[m_bytesInLastBlock], &outl, (unsigned char *) &inBuf[offset], inLength - offset) == 0) {
- #endif
- throw XSECCryptoException(XSECCryptoException::SymmetricError,
- "OpenSSL:SymmetricKey - Error during OpenSSL decrypt");
-@@ -476,7 +477,7 @@
-
- #if defined (XSEC_OPENSSL_CANSET_PADDING)
-
-- if (EVP_DecryptFinal(&m_ctx, plainBuf, &outl) == 0) {
-+ if (EVP_DecryptFinal(m_ctx, plainBuf, &outl) == 0) {
-
- throw XSECCryptoException(XSECCryptoException::SymmetricError,
- "OpenSSL:SymmetricKey - Error during OpenSSL decrypt finalisation");
-@@ -544,7 +545,7 @@
- We can then clean that up ourselves
- */
-
-- if (EVP_DecryptUpdate(&m_ctx, &scrPlainBuf[offset], &outl, cipherBuf, m_blockSize) == 0) {
-+ if (EVP_DecryptUpdate(m_ctx, &scrPlainBuf[offset], &outl, cipherBuf, m_blockSize) == 0) {
- throw XSECCryptoException(XSECCryptoException::SymmetricError,
- "OpenSSL:SymmetricKey - Error cecrypting final block during OpenSSL");
- }
-@@ -641,16 +642,16 @@
- }
-
- #if defined (XSEC_OPENSSL_CONST_BUFFERS)
-- EVP_EncryptInit(&m_ctx, EVP_des_ede3_cbc(), m_keyBuf.rawBuffer(), usedIV);
-+ EVP_EncryptInit(m_ctx, EVP_des_ede3_cbc(), m_keyBuf.rawBuffer(), usedIV);
- #else
-- EVP_EncryptInit(&m_ctx, EVP_des_ede3_cbc(), (unsigned char *) m_keyBuf.rawBuffer(), (unsigned char *) usedIV);
-+ EVP_EncryptInit(m_ctx, EVP_des_ede3_cbc(), (unsigned char *) m_keyBuf.rawBuffer(), (unsigned char *) usedIV);
- #endif
- }
- else if (m_keyMode == MODE_ECB) {
- #if defined (XSEC_OPENSSL_CONST_BUFFERS)
-- EVP_EncryptInit(&m_ctx, EVP_des_ede3_ecb(), m_keyBuf.rawBuffer(), NULL);
-+ EVP_EncryptInit(m_ctx, EVP_des_ede3_ecb(), m_keyBuf.rawBuffer(), NULL);
- #else
-- EVP_EncryptInit(&m_ctx, EVP_des_ede3(), (unsigned char *) m_keyBuf.rawBuffer(), NULL);
-+ EVP_EncryptInit(m_ctx, EVP_des_ede3(), (unsigned char *) m_keyBuf.rawBuffer(), NULL);
- #endif
- }
- else {
-@@ -684,11 +685,11 @@
- else
- usedIV = iv;
-
-- EVP_EncryptInit_ex(&m_ctx, EVP_aes_128_cbc(), NULL, m_keyBuf.rawBuffer(), usedIV);
-+ EVP_EncryptInit_ex(m_ctx, EVP_aes_128_cbc(), NULL, m_keyBuf.rawBuffer(), usedIV);
- }
- else if (m_keyMode == MODE_ECB) {
-
-- EVP_EncryptInit_ex(&m_ctx, EVP_aes_128_ecb(), NULL, m_keyBuf.rawBuffer(), NULL);
-+ EVP_EncryptInit_ex(m_ctx, EVP_aes_128_ecb(), NULL, m_keyBuf.rawBuffer(), NULL);
-
- }
- #ifdef XSEC_OPENSSL_HAVE_GCM
-@@ -708,7 +709,7 @@
- else
- usedIV = iv;
-
-- EVP_EncryptInit_ex(&m_ctx, EVP_aes_128_gcm(), NULL, m_keyBuf.rawBuffer(), usedIV);
-+ EVP_EncryptInit_ex(m_ctx, EVP_aes_128_gcm(), NULL, m_keyBuf.rawBuffer(), usedIV);
- }
- #endif
- else {
-@@ -739,7 +740,7 @@
- else
- usedIV = iv;
-
-- EVP_EncryptInit_ex(&m_ctx, EVP_aes_192_cbc(), NULL, m_keyBuf.rawBuffer(), usedIV);
-+ EVP_EncryptInit_ex(m_ctx, EVP_aes_192_cbc(), NULL, m_keyBuf.rawBuffer(), usedIV);
-
- }
- #ifdef XSEC_OPENSSL_HAVE_GCM
-@@ -759,12 +760,12 @@
- else
- usedIV = iv;
-
-- EVP_EncryptInit_ex(&m_ctx, EVP_aes_192_gcm(), NULL, m_keyBuf.rawBuffer(), usedIV);
-+ EVP_EncryptInit_ex(m_ctx, EVP_aes_192_gcm(), NULL, m_keyBuf.rawBuffer(), usedIV);
- }
- #endif
- else if (m_keyMode == MODE_ECB) {
-
-- EVP_EncryptInit_ex(&m_ctx, EVP_aes_192_ecb(), NULL, m_keyBuf.rawBuffer(), NULL);
-+ EVP_EncryptInit_ex(m_ctx, EVP_aes_192_ecb(), NULL, m_keyBuf.rawBuffer(), NULL);
- }
- else {
- throw XSECCryptoException(XSECCryptoException::SymmetricError,
-@@ -793,7 +794,7 @@
- else
- usedIV = iv;
-
-- EVP_EncryptInit_ex(&m_ctx, EVP_aes_256_cbc(), NULL, m_keyBuf.rawBuffer(), usedIV);
-+ EVP_EncryptInit_ex(m_ctx, EVP_aes_256_cbc(), NULL, m_keyBuf.rawBuffer(), usedIV);
-
- }
- #ifdef XSEC_OPENSSL_HAVE_GCM
-@@ -813,12 +814,12 @@
- else
- usedIV = iv;
-
-- EVP_EncryptInit_ex(&m_ctx, EVP_aes_256_gcm(), NULL, m_keyBuf.rawBuffer(), usedIV);
-+ EVP_EncryptInit_ex(m_ctx, EVP_aes_256_gcm(), NULL, m_keyBuf.rawBuffer(), usedIV);
- }
- #endif
- else if (m_keyMode == MODE_ECB) {
-
-- EVP_EncryptInit_ex(&m_ctx, EVP_aes_256_ecb(), NULL, m_keyBuf.rawBuffer(), NULL);
-+ EVP_EncryptInit_ex(m_ctx, EVP_aes_256_ecb(), NULL, m_keyBuf.rawBuffer(), NULL);
-
- }
- else {
-@@ -864,10 +865,10 @@
- #if defined (XSEC_OPENSSL_CANSET_PADDING)
- // Setup padding
- if (m_doPad) {
-- EVP_CIPHER_CTX_set_padding(&m_ctx, 1);
-+ EVP_CIPHER_CTX_set_padding(m_ctx, 1);
- }
- else {
-- EVP_CIPHER_CTX_set_padding(&m_ctx, 0);
-+ EVP_CIPHER_CTX_set_padding(m_ctx, 0);
- }
- #endif
-
-@@ -908,9 +909,9 @@
-
- }
- #if defined (XSEC_OPENSSL_CONST_BUFFERS)
-- if (EVP_EncryptUpdate(&m_ctx, &cipherBuf[offset], &outl, inBuf, inLength) == 0) {
-+ if (EVP_EncryptUpdate(m_ctx, &cipherBuf[offset], &outl, inBuf, inLength) == 0) {
- #else
-- if (EVP_EncryptUpdate(&m_ctx, &cipherBuf[offset], &outl, (unsigned char *) inBuf, inLength) == 0) {
-+ if (EVP_EncryptUpdate(m_ctx, &cipherBuf[offset], &outl, (unsigned char *) inBuf, inLength) == 0) {
- #endif
-
- throw XSECCryptoException(XSECCryptoException::SymmetricError,
-@@ -929,7 +930,7 @@
- int outl = maxOutLength;
- m_initialised = false;
-
-- if (EVP_EncryptFinal(&m_ctx, cipherBuf, &outl) == 0) {
-+ if (EVP_EncryptFinal(m_ctx, cipherBuf, &outl) == 0) {
-
- throw XSECCryptoException(XSECCryptoException::SymmetricError,
- "OpenSSLSymmetricKey::encryptFinish - Error during OpenSSL decrypt finalisation");
-@@ -962,7 +963,7 @@
- }
- if (m_keyMode == MODE_GCM) {
- #ifdef XSEC_OPENSSL_HAVE_GCM
-- EVP_CIPHER_CTX_ctrl(&m_ctx, EVP_CTRL_GCM_GET_TAG, taglen, cipherBuf + outl);
-+ EVP_CIPHER_CTX_ctrl(m_ctx, EVP_CTRL_GCM_GET_TAG, taglen, cipherBuf + outl);
- outl += taglen;
- #else
- throw XSECCryptoException(XSECCryptoException::SymmetricError,
-diff -U3 -r xml-security-c-1.7.3.orig/xsec/enc/OpenSSL/OpenSSLCryptoSymmetricKey.hpp xml-security-c-1.7.3/xsec/enc/OpenSSL/OpenSSLCryptoSymmetricKey.hpp
---- xml-security-c-1.7.3.orig/xsec/enc/OpenSSL/OpenSSLCryptoSymmetricKey.hpp 2012-07-23 19:56:11.000000000 +0300
-+++ xml-security-c-1.7.3/xsec/enc/OpenSSL/OpenSSLCryptoSymmetricKey.hpp 2017-02-19 21:25:39.000000000 +0200
-@@ -283,13 +283,13 @@
- * \brief Get OpenSSL cipher context structure
- */
-
-- EVP_CIPHER_CTX * getOpenSSLEVP_CIPHER_CTX(void) {return &m_ctx;}
-+ EVP_CIPHER_CTX * getOpenSSLEVP_CIPHER_CTX(void) {return m_ctx;}
-
- /**
- * \brief Get OpenSSL cipher context structure
- */
-
-- const EVP_CIPHER_CTX * getOpenSSLEVP_CIPHER_CTX(void) const {return &m_ctx;}
-+ const EVP_CIPHER_CTX * getOpenSSLEVP_CIPHER_CTX(void) const {return m_ctx;}
-
- //@}
-
-@@ -307,7 +307,7 @@
- // Private variables
- SymmetricKeyType m_keyType;
- SymmetricKeyMode m_keyMode;
-- EVP_CIPHER_CTX m_ctx; // OpenSSL Cipher Context structure
-+ EVP_CIPHER_CTX *m_ctx; // OpenSSL Cipher Context structure
- safeBuffer m_keyBuf; // Holder of the key
- safeBuffer m_tagBuf; // Holder of authentication tag
- unsigned int m_keyLen;
-diff -U3 -r xml-security-c-1.7.3.orig/xsec/enc/OpenSSL/OpenSSLCryptoX509.cpp xml-security-c-1.7.3/xsec/enc/OpenSSL/OpenSSLCryptoX509.cpp
---- xml-security-c-1.7.3.orig/xsec/enc/OpenSSL/OpenSSLCryptoX509.cpp 2012-07-23 19:56:11.000000000 +0300
-+++ xml-security-c-1.7.3/xsec/enc/OpenSSL/OpenSSLCryptoX509.cpp 2017-02-19 21:09:40.000000000 +0200
-@@ -191,7 +191,7 @@
-
- XSECCryptoKey::KeyType ret;
-
-- switch (pkey->type) {
-+ switch (EVP_PKEY_base_id(pkey)) {
-
- case EVP_PKEY_DSA :
-
-@@ -241,7 +241,7 @@
- "OpenSSL:X509 - cannot retrieve public key from cert");
- }
-
-- switch (pkey->type) {
-+ switch (EVP_PKEY_base_id(pkey)) {
-
- case EVP_PKEY_DSA :
-
-diff -U3 -r xml-security-c-1.7.3.orig/xsec/tools/checksig/InteropResolver.cpp xml-security-c-1.7.3/xsec/tools/checksig/InteropResolver.cpp
---- xml-security-c-1.7.3.orig/xsec/tools/checksig/InteropResolver.cpp 2012-07-23 19:56:10.000000000 +0300
-+++ xml-security-c-1.7.3/xsec/tools/checksig/InteropResolver.cpp 2017-02-19 22:33:50.000000000 +0200
-@@ -318,7 +318,7 @@
- char * cserial = XMLString::transcode(serial);
- char * xserial;
-
-- BIGNUM * bnserial = ASN1_INTEGER_to_BN(x->cert_info->serialNumber, NULL);
-+ BIGNUM * bnserial = ASN1_INTEGER_to_BN(X509_get0_serialNumber(x), NULL);
- xserial = BN_bn2dec(bnserial);
- BN_free(bnserial);
-
-@@ -360,8 +360,7 @@
- if (xlen != 0) {
-
- // Have a buffer with a number in it
-- STACK_OF(X509_EXTENSION) *exts;
-- exts = x->cert_info->extensions;
-+ const STACK_OF(X509_EXTENSION) *exts = X509_get0_extensions(x);
-
- if (exts != NULL) {
-
-@@ -379,8 +378,8 @@
- memcpy(&octxski[2], xski, xlen);
-
- ext = sk_X509_EXTENSION_value(exts,extn);
-- ASN1_OCTET_STRING *skid = ext->value;
-- ASN1_OCTET_STRING * xskid = M_ASN1_OCTET_STRING_new();
-+ ASN1_OCTET_STRING *skid = X509_EXTENSION_get_data(ext);
-+ ASN1_OCTET_STRING * xskid = ASN1_OCTET_STRING_new();
- ASN1_STRING_set(xskid, octxski, xlen+2);
-
- if (ASN1_OCTET_STRING_cmp(xskid, skid) == 0) {
-@@ -602,12 +601,12 @@
- // Now check if the cert is in the CRL (code lifted from OpenSSL x509_vfy.c
-
- int idx;
-- X509_REVOKED rtmp;
-+ X509_REVOKED *rtmp = X509_REVOKED_new();
-
- /* Look for serial number of certificate in CRL */
-
-- rtmp.serialNumber = X509_get_serialNumber(x);
-- idx = sk_X509_REVOKED_find(c->crl->revoked, &rtmp);
-+ X509_REVOKED_set_serialNumber(rtmp, X509_get_serialNumber(x));
-+ idx = sk_X509_REVOKED_find(X509_CRL_get_REVOKED(c), rtmp);
-
- /* Not found: OK */
-
-diff -U3 -r xml-security-c-1.7.3.orig/xsec/tools/cipher/XencInteropResolver.cpp xml-security-c-1.7.3/xsec/tools/cipher/XencInteropResolver.cpp
---- xml-security-c-1.7.3.orig/xsec/tools/cipher/XencInteropResolver.cpp 2012-07-23 19:56:10.000000000 +0300
-+++ xml-security-c-1.7.3/xsec/tools/cipher/XencInteropResolver.cpp 2017-02-19 22:34:57.000000000 +0200
-@@ -521,7 +521,7 @@
- X509 * x509 = OSSLX509->getOpenSSLX509();
-
- // Check the serial number
-- BIGNUM * bnserial = ASN1_INTEGER_to_BN(x509->cert_info->serialNumber, NULL);
-+ BIGNUM * bnserial = ASN1_INTEGER_to_BN(X509_get0_serialNumber(x509), NULL);
- BN_free(bnserial);
-
- BIO * rsaFile = createFileBIO(mp_baseURI, "rsa.p8");
-diff -U3 -r xml-security-c-1.7.3.orig/xsec/tools/cipher/cipher.cpp xml-security-c-1.7.3/xsec/tools/cipher/cipher.cpp
---- xml-security-c-1.7.3.orig/xsec/tools/cipher/cipher.cpp 2015-01-30 05:55:09.000000000 +0200
-+++ xml-security-c-1.7.3/xsec/tools/cipher/cipher.cpp 2017-02-19 22:37:17.000000000 +0200
-@@ -517,7 +517,7 @@
-
- pkey = X509_get_pubkey(x);
-
-- if (pkey == NULL || pkey->type != EVP_PKEY_RSA) {
-+ if (pkey == NULL || EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA) {
- cerr << "Error extracting RSA key from certificate" << endl;
- }
-
-diff -U3 -r xml-security-c-1.7.3.orig/xsec/tools/templatesign/templatesign.cpp xml-security-c-1.7.3/xsec/tools/templatesign/templatesign.cpp
---- xml-security-c-1.7.3.orig/xsec/tools/templatesign/templatesign.cpp 2015-01-30 05:55:09.000000000 +0200
-+++ xml-security-c-1.7.3/xsec/tools/templatesign/templatesign.cpp 2017-02-19 21:31:14.000000000 +0200
-@@ -726,7 +726,7 @@
-
- // Check type is correct
-
-- if (pkey->type != EVP_PKEY_DSA) {
-+ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_DSA) {
- cerr << "DSA Key requested, but OpenSSL loaded something else\n";
- exit (1);
- }
-@@ -739,7 +739,7 @@
-
- // Check type is correct
-
-- if (pkey->type != EVP_PKEY_EC) {
-+ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_EC) {
- cerr << "EC Key requested, but OpenSSL loaded something else\n";
- exit (1);
- }
-@@ -749,7 +749,7 @@
- }
- # endif
- else {
-- if (pkey->type != EVP_PKEY_RSA) {
-+ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA) {
- cerr << "RSA Key requested, but OpenSSL loaded something else\n";
- exit (1);
- }
-diff -U3 -r xml-security-c-1.7.3.orig/xsec/tools/xklient/xklient.cpp xml-security-c-1.7.3/xsec/tools/xklient/xklient.cpp
---- xml-security-c-1.7.3.orig/xsec/tools/xklient/xklient.cpp 2012-07-23 19:56:10.000000000 +0300
-+++ xml-security-c-1.7.3/xsec/tools/xklient/xklient.cpp 2017-02-19 22:58:32.000000000 +0200
-@@ -284,7 +284,7 @@
-
- #if defined (XSEC_HAVE_OPENSSL)
-
--XMLCh * BN2b64(BIGNUM * bn) {
-+XMLCh * BN2b64(const BIGNUM * bn) {
-
- int bytes = BN_num_bytes(bn);
- unsigned char * binbuf = new unsigned char[bytes + 1];
-@@ -606,7 +606,7 @@
-
- // Check type is correct
-
-- if (pkey->type != EVP_PKEY_DSA) {
-+ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_DSA) {
- cerr << "DSA Key requested, but OpenSSL loaded something else\n";
- return NULL;
- }
-@@ -615,10 +615,14 @@
- // Create the XSEC OpenSSL interface
- key = new OpenSSLCryptoKeyDSA(pkey);
-
-- XMLCh * P = BN2b64(pkey->pkey.dsa->p);
-- XMLCh * Q = BN2b64(pkey->pkey.dsa->q);
-- XMLCh * G = BN2b64(pkey->pkey.dsa->g);
-- XMLCh * Y = BN2b64(pkey->pkey.dsa->pub_key);
-+ DSA *dsa = EVP_PKEY_get0_DSA(pkey);
-+ const BIGNUM *p, *q, *g, *pub_key;
-+ DSA_get0_pqg(dsa, &p, &q, &g);
-+ DSA_get0_key(dsa, &pub_key, 0);
-+ XMLCh * P = BN2b64(p);
-+ XMLCh * Q = BN2b64(q);
-+ XMLCh * G = BN2b64(g);
-+ XMLCh * Y = BN2b64(pub_key);
-
- sig->appendDSAKeyValue(P,Q,G,Y);
-
-@@ -628,15 +632,18 @@
- XSEC_RELEASE_XMLCH(Y);
- }
- else {
-- if (pkey->type != EVP_PKEY_RSA) {
-+ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA) {
- cerr << "RSA Key requested, but OpenSSL loaded something else\n";
- exit (1);
- }
- sig = lr->addSignature(CANON_C14N_NOC, SIGNATURE_RSA, HASH_SHA1);
- key = new OpenSSLCryptoKeyRSA(pkey);
-
-- XMLCh * mod = BN2b64(pkey->pkey.rsa->n);
-- XMLCh * exp = BN2b64(pkey->pkey.rsa->e);
-+ RSA *rsa = EVP_PKEY_get0_RSA(pkey);
-+ const BIGNUM *n, *e;
-+ RSA_get0_key(rsa, &n, &e, 0);
-+ XMLCh * mod = BN2b64(n);
-+ XMLCh * exp = BN2b64(e);
- sig->appendRSAKeyValue(mod, exp);
- XSEC_RELEASE_XMLCH(mod);
- XSEC_RELEASE_XMLCH(exp);
-@@ -878,7 +885,7 @@
-
- // Check type is correct
-
-- if (pkey->type != EVP_PKEY_DSA) {
-+ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_DSA) {
- cerr << "DSA Key requested, but OpenSSL loaded something else\n";
- return NULL;
- }
-@@ -887,10 +894,14 @@
- // Create the XSEC OpenSSL interface
- key = new OpenSSLCryptoKeyDSA(pkey);
-
-- XMLCh * P = BN2b64(pkey->pkey.dsa->p);
-- XMLCh * Q = BN2b64(pkey->pkey.dsa->q);
-- XMLCh * G = BN2b64(pkey->pkey.dsa->g);
-- XMLCh * Y = BN2b64(pkey->pkey.dsa->pub_key);
-+ DSA *dsa = EVP_PKEY_get0_DSA(pkey);
-+ const BIGNUM *p, *q, *g, *pub_key;
-+ DSA_get0_pqg(dsa, &p, &q, &g);
-+ DSA_get0_key(dsa, &pub_key, 0);
-+ XMLCh * P = BN2b64(p);
-+ XMLCh * Q = BN2b64(q);
-+ XMLCh * G = BN2b64(g);
-+ XMLCh * Y = BN2b64(pub_key);
-
- sig->appendDSAKeyValue(P,Q,G,Y);
-
-@@ -900,15 +911,18 @@
- XSEC_RELEASE_XMLCH(Y);
- }
- else {
-- if (pkey->type != EVP_PKEY_RSA) {
-+ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA) {
- cerr << "RSA Key requested, but OpenSSL loaded something else\n";
- exit (1);
- }
- sig = vr->addSignature(CANON_C14N_NOC, SIGNATURE_RSA, HASH_SHA1);
- key = new OpenSSLCryptoKeyRSA(pkey);
-
-- XMLCh * mod = BN2b64(pkey->pkey.rsa->n);
-- XMLCh * exp = BN2b64(pkey->pkey.rsa->e);
-+ RSA *rsa = EVP_PKEY_get0_RSA(pkey);
-+ const BIGNUM *n, *e;
-+ RSA_get0_key(rsa, &n, &e, 0);
-+ XMLCh * mod = BN2b64(n);
-+ XMLCh * exp = BN2b64(e);
- sig->appendRSAKeyValue(mod, exp);
- XSEC_RELEASE_XMLCH(mod);
- XSEC_RELEASE_XMLCH(exp);
-@@ -1229,7 +1243,7 @@
-
- // Check type is correct
-
-- if (pkey->type != EVP_PKEY_DSA) {
-+ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_DSA) {
- cerr << "DSA Key requested, but OpenSSL loaded something else\n";
- return NULL;
- }
-@@ -1238,10 +1252,14 @@
- // Create the XSEC OpenSSL interface
- key = new OpenSSLCryptoKeyDSA(pkey);
-
-- XMLCh * P = BN2b64(pkey->pkey.dsa->p);
-- XMLCh * Q = BN2b64(pkey->pkey.dsa->q);
-- XMLCh * G = BN2b64(pkey->pkey.dsa->g);
-- XMLCh * Y = BN2b64(pkey->pkey.dsa->pub_key);
-+ DSA *dsa = EVP_PKEY_get0_DSA(pkey);
-+ const BIGNUM *p, *q, *g, *pub_key;
-+ DSA_get0_pqg(dsa, &p, &q, &g);
-+ DSA_get0_key(dsa, &pub_key, 0);
-+ XMLCh * P = BN2b64(p);
-+ XMLCh * Q = BN2b64(q);
-+ XMLCh * G = BN2b64(g);
-+ XMLCh * Y = BN2b64(pub_key);
-
- sig->appendDSAKeyValue(P,Q,G,Y);
-
-@@ -1251,15 +1269,18 @@
- XSEC_RELEASE_XMLCH(Y);
- }
- else {
-- if (pkey->type != EVP_PKEY_RSA) {
-+ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA) {
- cerr << "RSA Key requested, but OpenSSL loaded something else\n";
- exit (1);
- }
- sig = rr->addSignature(CANON_C14N_NOC, SIGNATURE_RSA, HASH_SHA1);
- key = new OpenSSLCryptoKeyRSA(pkey);
-
-- XMLCh * mod = BN2b64(pkey->pkey.rsa->n);
-- XMLCh * exp = BN2b64(pkey->pkey.rsa->e);
-+ RSA *rsa = EVP_PKEY_get0_RSA(pkey);
-+ const BIGNUM *n, *e;
-+ RSA_get0_key(rsa, &n, &e, 0);
-+ XMLCh * mod = BN2b64(n);
-+ XMLCh * exp = BN2b64(e);
- sig->appendRSAKeyValue(mod, exp);
- XSEC_RELEASE_XMLCH(mod);
- XSEC_RELEASE_XMLCH(exp);
-@@ -1326,7 +1347,7 @@
-
- // Check type is correct
-
-- if (pkey->type != EVP_PKEY_DSA) {
-+ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_DSA) {
- cerr << "DSA Key requested, but OpenSSL loaded something else\n";
- return NULL;
- }
-@@ -1334,10 +1355,14 @@
- proofOfPossessionKey = new OpenSSLCryptoKeyDSA(pkey);
- proofOfPossessionSm = SIGNATURE_DSA;
-
-- XMLCh * P = BN2b64(pkey->pkey.dsa->p);
-- XMLCh * Q = BN2b64(pkey->pkey.dsa->q);
-- XMLCh * G = BN2b64(pkey->pkey.dsa->g);
-- XMLCh * Y = BN2b64(pkey->pkey.dsa->pub_key);
-+ DSA *dsa = EVP_PKEY_get0_DSA(pkey);
-+ const BIGNUM *p, *q, *g, *pub_key;
-+ DSA_get0_pqg(dsa, &p, &q, &g);
-+ DSA_get0_key(dsa, &pub_key, 0);
-+ XMLCh * P = BN2b64(p);
-+ XMLCh * Q = BN2b64(q);
-+ XMLCh * G = BN2b64(g);
-+ XMLCh * Y = BN2b64(pub_key);
-
- pkb->appendDSAKeyValue(P,Q,G,Y);
-
-@@ -1347,7 +1372,7 @@
- XSEC_RELEASE_XMLCH(Y);
- }
- else {
-- if (pkey->type != EVP_PKEY_RSA) {
-+ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA) {
- cerr << "RSA Key requested, but OpenSSL loaded something else\n";
- exit (1);
- }
-@@ -1355,8 +1380,11 @@
- proofOfPossessionKey = new OpenSSLCryptoKeyRSA(pkey);
- proofOfPossessionSm = SIGNATURE_RSA;
-
-- XMLCh * mod = BN2b64(pkey->pkey.rsa->n);
-- XMLCh * exp = BN2b64(pkey->pkey.rsa->e);
-+ RSA *rsa = EVP_PKEY_get0_RSA(pkey);
-+ const BIGNUM *n, *e;
-+ RSA_get0_key(rsa, &n, &e, 0);
-+ XMLCh * mod = BN2b64(n);
-+ XMLCh * exp = BN2b64(e);
- pkb->appendRSAKeyValue(mod, exp);
- XSEC_RELEASE_XMLCH(mod);
- XSEC_RELEASE_XMLCH(exp);
-@@ -1622,7 +1650,7 @@
-
- // Check type is correct
-
-- if (pkey->type != EVP_PKEY_DSA) {
-+ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_DSA) {
- cerr << "DSA Key requested, but OpenSSL loaded something else\n";
- return NULL;
- }
-@@ -1631,10 +1659,14 @@
- // Create the XSEC OpenSSL interface
- key = new OpenSSLCryptoKeyDSA(pkey);
-
-- XMLCh * P = BN2b64(pkey->pkey.dsa->p);
-- XMLCh * Q = BN2b64(pkey->pkey.dsa->q);
-- XMLCh * G = BN2b64(pkey->pkey.dsa->g);
-- XMLCh * Y = BN2b64(pkey->pkey.dsa->pub_key);
-+ DSA *dsa = EVP_PKEY_get0_DSA(pkey);
-+ const BIGNUM *p, *q, *g, *pub_key;
-+ DSA_get0_pqg(dsa, &p, &q, &g);
-+ DSA_get0_key(dsa, &pub_key, 0);
-+ XMLCh * P = BN2b64(p);
-+ XMLCh * Q = BN2b64(q);
-+ XMLCh * G = BN2b64(g);
-+ XMLCh * Y = BN2b64(pub_key);
-
- sig->appendDSAKeyValue(P,Q,G,Y);
-
-@@ -1644,15 +1676,18 @@
- XSEC_RELEASE_XMLCH(Y);
- }
- else {
-- if (pkey->type != EVP_PKEY_RSA) {
-+ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA) {
- cerr << "RSA Key requested, but OpenSSL loaded something else\n";
- exit (1);
- }
- sig = rr->addSignature(CANON_C14N_NOC, SIGNATURE_RSA, HASH_SHA1);
- key = new OpenSSLCryptoKeyRSA(pkey);
-
-- XMLCh * mod = BN2b64(pkey->pkey.rsa->n);
-- XMLCh * exp = BN2b64(pkey->pkey.rsa->e);
-+ RSA *rsa = EVP_PKEY_get0_RSA(pkey);
-+ const BIGNUM *n, *e;
-+ RSA_get0_key(rsa, &n, &e, 0);
-+ XMLCh * mod = BN2b64(n);
-+ XMLCh * exp = BN2b64(e);
- sig->appendRSAKeyValue(mod, exp);
- XSEC_RELEASE_XMLCH(mod);
- XSEC_RELEASE_XMLCH(exp);
-@@ -1719,15 +1754,19 @@
-
- // Check type is correct
-
-- if (pkey->type != EVP_PKEY_DSA) {
-+ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_DSA) {
- cerr << "DSA Key requested, but OpenSSL loaded something else\n";
- return NULL;
- }
-
-- XMLCh * P = BN2b64(pkey->pkey.dsa->p);
-- XMLCh * Q = BN2b64(pkey->pkey.dsa->q);
-- XMLCh * G = BN2b64(pkey->pkey.dsa->g);
-- XMLCh * Y = BN2b64(pkey->pkey.dsa->pub_key);
-+ DSA *dsa = EVP_PKEY_get0_DSA(pkey);
-+ const BIGNUM *p, *q, *g, *pub_key;
-+ DSA_get0_pqg(dsa, &p, &q, &g);
-+ DSA_get0_key(dsa, &pub_key, 0);
-+ XMLCh * P = BN2b64(p);
-+ XMLCh * Q = BN2b64(q);
-+ XMLCh * G = BN2b64(g);
-+ XMLCh * Y = BN2b64(pub_key);
-
- rkb->appendDSAKeyValue(P,Q,G,Y);
-
-@@ -1737,13 +1776,16 @@
- XSEC_RELEASE_XMLCH(Y);
- }
- else {
-- if (pkey->type != EVP_PKEY_RSA) {
-+ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA) {
- cerr << "RSA Key requested, but OpenSSL loaded something else\n";
- exit (1);
- }
-
-- XMLCh * mod = BN2b64(pkey->pkey.rsa->n);
-- XMLCh * exp = BN2b64(pkey->pkey.rsa->e);
-+ RSA *rsa = EVP_PKEY_get0_RSA(pkey);
-+ const BIGNUM *n, *e;
-+ RSA_get0_key(rsa, &n, &e, 0);
-+ XMLCh * mod = BN2b64(n);
-+ XMLCh * exp = BN2b64(e);
- rkb->appendRSAKeyValue(mod, exp);
- XSEC_RELEASE_XMLCH(mod);
- XSEC_RELEASE_XMLCH(exp);
-@@ -1977,7 +2019,7 @@
-
- // Check type is correct
-
-- if (pkey->type != EVP_PKEY_DSA) {
-+ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_DSA) {
- cerr << "DSA Key requested, but OpenSSL loaded something else\n";
- return NULL;
- }
-@@ -1986,10 +2028,14 @@
- // Create the XSEC OpenSSL interface
- key = new OpenSSLCryptoKeyDSA(pkey);
-
-- XMLCh * P = BN2b64(pkey->pkey.dsa->p);
-- XMLCh * Q = BN2b64(pkey->pkey.dsa->q);
-- XMLCh * G = BN2b64(pkey->pkey.dsa->g);
-- XMLCh * Y = BN2b64(pkey->pkey.dsa->pub_key);
-+ DSA *dsa = EVP_PKEY_get0_DSA(pkey);
-+ const BIGNUM *p, *q, *g, *pub_key;
-+ DSA_get0_pqg(dsa, &p, &q, &g);
-+ DSA_get0_key(dsa, &pub_key, 0);
-+ XMLCh * P = BN2b64(p);
-+ XMLCh * Q = BN2b64(q);
-+ XMLCh * G = BN2b64(g);
-+ XMLCh * Y = BN2b64(pub_key);
-
- sig->appendDSAKeyValue(P,Q,G,Y);
-
-@@ -1999,15 +2045,18 @@
- XSEC_RELEASE_XMLCH(Y);
- }
- else {
-- if (pkey->type != EVP_PKEY_RSA) {
-+ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA) {
- cerr << "RSA Key requested, but OpenSSL loaded something else\n";
- exit (1);
- }
- sig = rr->addSignature(CANON_C14N_NOC, SIGNATURE_RSA, HASH_SHA1);
- key = new OpenSSLCryptoKeyRSA(pkey);
-
-- XMLCh * mod = BN2b64(pkey->pkey.rsa->n);
-- XMLCh * exp = BN2b64(pkey->pkey.rsa->e);
-+ RSA *rsa = EVP_PKEY_get0_RSA(pkey);
-+ const BIGNUM *n, *e;
-+ RSA_get0_key(rsa, &n, &e, 0);
-+ XMLCh * mod = BN2b64(n);
-+ XMLCh * exp = BN2b64(e);
- sig->appendRSAKeyValue(mod, exp);
- XSEC_RELEASE_XMLCH(mod);
- XSEC_RELEASE_XMLCH(exp);
-@@ -2074,7 +2123,7 @@
-
- // Check type is correct
-
-- if (pkey->type != EVP_PKEY_DSA) {
-+ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_DSA) {
- cerr << "DSA Key requested, but OpenSSL loaded something else\n";
- return NULL;
- }
-@@ -2082,10 +2131,14 @@
- proofOfPossessionKey = new OpenSSLCryptoKeyDSA(pkey);
- proofOfPossessionSm = SIGNATURE_DSA;
-
-- XMLCh * P = BN2b64(pkey->pkey.dsa->p);
-- XMLCh * Q = BN2b64(pkey->pkey.dsa->q);
-- XMLCh * G = BN2b64(pkey->pkey.dsa->g);
-- XMLCh * Y = BN2b64(pkey->pkey.dsa->pub_key);
-+ DSA *dsa = EVP_PKEY_get0_DSA(pkey);
-+ const BIGNUM *p, *q, *g, *pub_key;
-+ DSA_get0_pqg(dsa, &p, &q, &g);
-+ DSA_get0_key(dsa, &pub_key, 0);
-+ XMLCh * P = BN2b64(p);
-+ XMLCh * Q = BN2b64(q);
-+ XMLCh * G = BN2b64(g);
-+ XMLCh * Y = BN2b64(pub_key);
-
- pkb->appendDSAKeyValue(P,Q,G,Y);
-
-@@ -2095,7 +2148,7 @@
- XSEC_RELEASE_XMLCH(Y);
- }
- else {
-- if (pkey->type != EVP_PKEY_RSA) {
-+ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA) {
- cerr << "RSA Key requested, but OpenSSL loaded something else\n";
- exit (1);
- }
-@@ -2103,8 +2156,11 @@
- proofOfPossessionKey = new OpenSSLCryptoKeyRSA(pkey);
- proofOfPossessionSm = SIGNATURE_RSA;
-
-- XMLCh * mod = BN2b64(pkey->pkey.rsa->n);
-- XMLCh * exp = BN2b64(pkey->pkey.rsa->e);
-+ RSA *rsa = EVP_PKEY_get0_RSA(pkey);
-+ const BIGNUM *n, *e;
-+ RSA_get0_key(rsa, &n, &e, 0);
-+ XMLCh * mod = BN2b64(n);
-+ XMLCh * exp = BN2b64(e);
- pkb->appendRSAKeyValue(mod, exp);
- XSEC_RELEASE_XMLCH(mod);
- XSEC_RELEASE_XMLCH(exp);
-@@ -2371,7 +2427,7 @@
-
- // Check type is correct
-
-- if (pkey->type != EVP_PKEY_DSA) {
-+ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_DSA) {
- cerr << "DSA Key requested, but OpenSSL loaded something else\n";
- return NULL;
- }
-@@ -2380,10 +2436,14 @@
- // Create the XSEC OpenSSL interface
- key = new OpenSSLCryptoKeyDSA(pkey);
-
-- XMLCh * P = BN2b64(pkey->pkey.dsa->p);
-- XMLCh * Q = BN2b64(pkey->pkey.dsa->q);
-- XMLCh * G = BN2b64(pkey->pkey.dsa->g);
-- XMLCh * Y = BN2b64(pkey->pkey.dsa->pub_key);
-+ DSA *dsa = EVP_PKEY_get0_DSA(pkey);
-+ const BIGNUM *p, *q, *g, *pub_key;
-+ DSA_get0_pqg(dsa, &p, &q, &g);
-+ DSA_get0_key(dsa, &pub_key, 0);
-+ XMLCh * P = BN2b64(p);
-+ XMLCh * Q = BN2b64(q);
-+ XMLCh * G = BN2b64(g);
-+ XMLCh * Y = BN2b64(pub_key);
-
- sig->appendDSAKeyValue(P,Q,G,Y);
-
-@@ -2393,15 +2453,18 @@
- XSEC_RELEASE_XMLCH(Y);
- }
- else {
-- if (pkey->type != EVP_PKEY_RSA) {
-+ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA) {
- cerr << "RSA Key requested, but OpenSSL loaded something else\n";
- exit (1);
- }
- sig = rr->addSignature(CANON_C14N_NOC, SIGNATURE_RSA, HASH_SHA1);
- key = new OpenSSLCryptoKeyRSA(pkey);
-
-- XMLCh * mod = BN2b64(pkey->pkey.rsa->n);
-- XMLCh * exp = BN2b64(pkey->pkey.rsa->e);
-+ RSA *rsa = EVP_PKEY_get0_RSA(pkey);
-+ const BIGNUM *n, *e;
-+ RSA_get0_key(rsa, &n, &e, 0);
-+ XMLCh * mod = BN2b64(n);
-+ XMLCh * exp = BN2b64(e);
- sig->appendRSAKeyValue(mod, exp);
- XSEC_RELEASE_XMLCH(mod);
- XSEC_RELEASE_XMLCH(exp);
-@@ -2468,15 +2531,19 @@
-
- // Check type is correct
-
-- if (pkey->type != EVP_PKEY_DSA) {
-+ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_DSA) {
- cerr << "DSA Key requested, but OpenSSL loaded something else\n";
- return NULL;
- }
-
-- XMLCh * P = BN2b64(pkey->pkey.dsa->p);
-- XMLCh * Q = BN2b64(pkey->pkey.dsa->q);
-- XMLCh * G = BN2b64(pkey->pkey.dsa->g);
-- XMLCh * Y = BN2b64(pkey->pkey.dsa->pub_key);
-+ DSA *dsa = EVP_PKEY_get0_DSA(pkey);
-+ const BIGNUM *p, *q, *g, *pub_key;
-+ DSA_get0_pqg(dsa, &p, &q, &g);
-+ DSA_get0_key(dsa, &pub_key, 0);
-+ XMLCh * P = BN2b64(p);
-+ XMLCh * Q = BN2b64(q);
-+ XMLCh * G = BN2b64(g);
-+ XMLCh * Y = BN2b64(pub_key);
-
- rkb->appendDSAKeyValue(P,Q,G,Y);
-
-@@ -2486,13 +2553,16 @@
- XSEC_RELEASE_XMLCH(Y);
- }
- else {
-- if (pkey->type != EVP_PKEY_RSA) {
-+ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA) {
- cerr << "RSA Key requested, but OpenSSL loaded something else\n";
- exit (1);
- }
-
-- XMLCh * mod = BN2b64(pkey->pkey.rsa->n);
-- XMLCh * exp = BN2b64(pkey->pkey.rsa->e);
-+ RSA *rsa = EVP_PKEY_get0_RSA(pkey);
-+ const BIGNUM *n, *e;
-+ RSA_get0_key(rsa, &n, &e, 0);
-+ XMLCh * mod = BN2b64(n);
-+ XMLCh * exp = BN2b64(e);
- rkb->appendRSAKeyValue(mod, exp);
- XSEC_RELEASE_XMLCH(mod);
- XSEC_RELEASE_XMLCH(exp);
-@@ -3251,14 +3321,17 @@
-
- // Create the RSA key file
- RSA * rsa = RSA_new();
-- rsa->n = OpenSSLCryptoBase64::b642BN(sModulus, (unsigned int) strlen(sModulus));
-- rsa->e = OpenSSLCryptoBase64::b642BN(sExponent, (unsigned int) strlen(sExponent));
-- rsa->d = OpenSSLCryptoBase64::b642BN(sD, (unsigned int) strlen(sD));
-- rsa->p = OpenSSLCryptoBase64::b642BN(sP, (unsigned int) strlen(sP));
-- rsa->q = OpenSSLCryptoBase64::b642BN(sQ, (unsigned int) strlen(sQ));
-- rsa->dmp1 = OpenSSLCryptoBase64::b642BN(sDP, (unsigned int) strlen(sDP));
-- rsa->dmq1 = OpenSSLCryptoBase64::b642BN(sDQ, (unsigned int) strlen(sDQ));
-- rsa->iqmp = OpenSSLCryptoBase64::b642BN(sInverseQ, (unsigned int) strlen(sInverseQ));
-+ RSA_set0_key(rsa,
-+ OpenSSLCryptoBase64::b642BN(sModulus, (unsigned int) strlen(sModulus)),
-+ OpenSSLCryptoBase64::b642BN(sExponent, (unsigned int) strlen(sExponent)),
-+ OpenSSLCryptoBase64::b642BN(sD, (unsigned int) strlen(sD)));
-+ RSA_set0_factors(rsa,
-+ OpenSSLCryptoBase64::b642BN(sP, (unsigned int) strlen(sP)),
-+ OpenSSLCryptoBase64::b642BN(sQ, (unsigned int) strlen(sQ)));
-+ RSA_set0_crt_params(rsa,
-+ OpenSSLCryptoBase64::b642BN(sDP, (unsigned int) strlen(sDP)),
-+ OpenSSLCryptoBase64::b642BN(sDQ, (unsigned int) strlen(sDQ)),
-+ OpenSSLCryptoBase64::b642BN(sInverseQ, (unsigned int) strlen(sInverseQ)));
-
- // Write it to disk
- BIO *out;
-@@ -3367,14 +3440,17 @@
-
- // Create the RSA key file
- RSA * rsa = RSA_new();
-- rsa->n = OpenSSLCryptoBase64::b642BN(sModulus, (unsigned int) strlen(sModulus));
-- rsa->e = OpenSSLCryptoBase64::b642BN(sExponent, (unsigned int) strlen(sExponent));
-- rsa->d = OpenSSLCryptoBase64::b642BN(sD, (unsigned int) strlen(sD));
-- rsa->p = OpenSSLCryptoBase64::b642BN(sP, (unsigned int) strlen(sP));
-- rsa->q = OpenSSLCryptoBase64::b642BN(sQ, (unsigned int) strlen(sQ));
-- rsa->dmp1 = OpenSSLCryptoBase64::b642BN(sDP, (unsigned int) strlen(sDP));
-- rsa->dmq1 = OpenSSLCryptoBase64::b642BN(sDQ, (unsigned int) strlen(sDQ));
-- rsa->iqmp = OpenSSLCryptoBase64::b642BN(sInverseQ, (unsigned int) strlen(sInverseQ));
-+ RSA_set0_key(rsa,
-+ OpenSSLCryptoBase64::b642BN(sModulus, (unsigned int) strlen(sModulus)),
-+ OpenSSLCryptoBase64::b642BN(sExponent, (unsigned int) strlen(sExponent)),
-+ OpenSSLCryptoBase64::b642BN(sD, (unsigned int) strlen(sD)));
-+ RSA_set0_factors(rsa,
-+ OpenSSLCryptoBase64::b642BN(sP, (unsigned int) strlen(sP)),
-+ OpenSSLCryptoBase64::b642BN(sQ, (unsigned int) strlen(sQ)));
-+ RSA_set0_crt_params(rsa,
-+ OpenSSLCryptoBase64::b642BN(sDP, (unsigned int) strlen(sDP)),
-+ OpenSSLCryptoBase64::b642BN(sDQ, (unsigned int) strlen(sDQ)),
-+ OpenSSLCryptoBase64::b642BN(sInverseQ, (unsigned int) strlen(sInverseQ)));
-
- // Write it to disk
- BIO *out;
-
diff --git a/dev-libs/xml-security-c/files/xml-security-c-2.0.2-libressl.patch b/dev-libs/xml-security-c/files/xml-security-c-2.0.2-libressl.patch
deleted file mode 100644
index 754ddc6..0000000
--- a/dev-libs/xml-security-c/files/xml-security-c-2.0.2-libressl.patch
+++ /dev/null
@@ -1,52 +0,0 @@
-diff --git a/xsec/enc/OpenSSL/OpenSSLCryptoBase64.cpp b/xsec/enc/OpenSSL/OpenSSLCryptoBase64.cpp
-index 2ad9da6e..a8ea9f1d 100644
---- a/xsec/enc/OpenSSL/OpenSSLCryptoBase64.cpp
-+++ b/xsec/enc/OpenSSL/OpenSSLCryptoBase64.cpp
-@@ -48,7 +48,7 @@ XERCES_CPP_NAMESPACE_USE
- // Construction/Destruction
- // --------------------------------------------------------------------------------
-
--#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
-+#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER)
- OpenSSLCryptoBase64::OpenSSLCryptoBase64() : mp_ectx(&m_ectx_store), mp_dctx(&m_dctx_store) { }
- OpenSSLCryptoBase64::~OpenSSLCryptoBase64() { }
- #else
-diff --git a/xsec/enc/OpenSSL/OpenSSLCryptoBase64.hpp b/xsec/enc/OpenSSL/OpenSSLCryptoBase64.hpp
-index c892eac4..82aeb0a1 100644
---- a/xsec/enc/OpenSSL/OpenSSLCryptoBase64.hpp
-+++ b/xsec/enc/OpenSSL/OpenSSLCryptoBase64.hpp
-@@ -205,7 +205,7 @@ private :
- EVP_ENCODE_CTX *mp_ectx; // Encode context
- EVP_ENCODE_CTX *mp_dctx; // Decode context
-
--#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
-+#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER)
- EVP_ENCODE_CTX m_ectx_store;
- EVP_ENCODE_CTX m_dctx_store;
- #endif
-diff --git a/xsec/enc/OpenSSL/OpenSSLSupport.cpp b/xsec/enc/OpenSSL/OpenSSLSupport.cpp
-index dfd37eb3..cf874f82 100644
---- a/xsec/enc/OpenSSL/OpenSSLSupport.cpp
-+++ b/xsec/enc/OpenSSL/OpenSSLSupport.cpp
-@@ -273,7 +273,7 @@ int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s)
-
- #endif
-
--#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
-+#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER)
- EvpEncodeCtxRAII::EvpEncodeCtxRAII() : mp_ctx(&mp_ctx_store) { };
- EvpEncodeCtxRAII::~EvpEncodeCtxRAII() { }
- #else
-diff --git a/xsec/enc/OpenSSL/OpenSSLSupport.hpp b/xsec/enc/OpenSSL/OpenSSLSupport.hpp
-index e3527fae..b5f67f26 100644
---- a/xsec/enc/OpenSSL/OpenSSLSupport.hpp
-+++ b/xsec/enc/OpenSSL/OpenSSLSupport.hpp
-@@ -88,7 +88,7 @@ public:
-
- private:
- EVP_ENCODE_CTX *mp_ctx;
--#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
-+#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER)
- EVP_ENCODE_CTX mp_ctx_store;
- #endif
- };