From 330a0904a6a356e484838fff7ef7e4cdb249703a Mon Sep 17 00:00:00 2001 From: Joao Santos Date: Mon, 1 May 2023 11:48:02 +0200 Subject: dev-libs/xml-security-c: remove unused patch files Signed-off-by: Joao Santos --- .../xml-security-c-1.6.1-nss-compilation-fix.patch | 13 - .../files/xml-security-c-1.7.3-fix-c++14.patch | 36 - .../files/xml-security-c-1.7.3_openssl1.1.patch | 1701 -------------------- .../files/xml-security-c-2.0.2-libressl.patch | 52 - 4 files changed, 1802 deletions(-) delete mode 100644 dev-libs/xml-security-c/files/xml-security-c-1.6.1-nss-compilation-fix.patch delete mode 100644 dev-libs/xml-security-c/files/xml-security-c-1.7.3-fix-c++14.patch delete mode 100644 dev-libs/xml-security-c/files/xml-security-c-1.7.3_openssl1.1.patch delete mode 100644 dev-libs/xml-security-c/files/xml-security-c-2.0.2-libressl.patch diff --git a/dev-libs/xml-security-c/files/xml-security-c-1.6.1-nss-compilation-fix.patch b/dev-libs/xml-security-c/files/xml-security-c-1.6.1-nss-compilation-fix.patch deleted file mode 100644 index 1635d6b..0000000 --- a/dev-libs/xml-security-c/files/xml-security-c-1.6.1-nss-compilation-fix.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff --git a/xsec/tools/xtest/xtest.cpp b/xsec/tools/xtest/xtest.cpp -index ec40cb2..9cd389e 100644 ---- a/xsec/tools/xtest/xtest.cpp -+++ b/xsec/tools/xtest/xtest.cpp -@@ -2566,7 +2566,7 @@ int main(int argc, char **argv) { - } - #endif - #if defined(XSEC_HAVE_NSS) -- else if (stricmp(argv[paramCount], "--nss") == 0 || stricmp(argv[paramCount], "-n") == 0) { -+ else if (_stricmp(argv[paramCount], "--nss") == 0 || _stricmp(argv[paramCount], "-n") == 0) { - g_useNSS = true; - paramCount++; - } diff --git a/dev-libs/xml-security-c/files/xml-security-c-1.7.3-fix-c++14.patch b/dev-libs/xml-security-c/files/xml-security-c-1.7.3-fix-c++14.patch deleted file mode 100644 index 40783bf..0000000 --- a/dev-libs/xml-security-c/files/xml-security-c-1.7.3-fix-c++14.patch +++ /dev/null @@ -1,36 +0,0 @@ -Fix building with C++14, which errors out due to bool -> T* conversions -See also: https://bugs.gentoo.org/show_bug.cgi?id=594234 - ---- a/xsec/enc/OpenSSL/OpenSSLCryptoSymmetricKey.hpp -+++ b/xsec/enc/OpenSSL/OpenSSLCryptoSymmetricKey.hpp -@@ -151,7 +151,7 @@ - SymmetricKeyMode mode = MODE_CBC, - const unsigned char * iv = NULL, - const unsigned char* tag = NULL, -- unsigned int taglen = NULL); -+ unsigned int taglen = 0); - - /** - * \brief Continue an decrypt operation using this key. ---- a/xsec/enc/XSECCryptoSymmetricKey.hpp -+++ b/xsec/enc/XSECCryptoSymmetricKey.hpp -@@ -185,7 +185,7 @@ - SymmetricKeyMode mode = MODE_CBC, - const unsigned char* iv = NULL, - const unsigned char* tag = NULL, -- unsigned int taglen = NULL) = 0; -+ unsigned int taglen = 0) = 0; - - /** - * \brief Continue a decrypt operation using this key. ---- a/xsec/tools/checksig/InteropResolver.cpp -+++ b/xsec/tools/checksig/InteropResolver.cpp -@@ -645,7 +645,7 @@ - - } - -- return false; -+ return NULL; - - } - diff --git a/dev-libs/xml-security-c/files/xml-security-c-1.7.3_openssl1.1.patch b/dev-libs/xml-security-c/files/xml-security-c-1.7.3_openssl1.1.patch deleted file mode 100644 index d4b1886..0000000 --- a/dev-libs/xml-security-c/files/xml-security-c-1.7.3_openssl1.1.patch +++ /dev/null @@ -1,1701 +0,0 @@ -diff -U3 -r xml-security-c-1.7.3.orig/xsec/enc/OpenSSL/OpenSSLCryptoBase64.cpp xml-security-c-1.7.3/xsec/enc/OpenSSL/OpenSSLCryptoBase64.cpp ---- xml-security-c-1.7.3.orig/xsec/enc/OpenSSL/OpenSSLCryptoBase64.cpp 2012-07-23 19:56:11.000000000 +0300 -+++ xml-security-c-1.7.3/xsec/enc/OpenSSL/OpenSSLCryptoBase64.cpp 2017-02-19 20:37:10.000000000 +0200 -@@ -44,6 +44,15 @@ - - XERCES_CPP_NAMESPACE_USE - -+OpenSSLCryptoBase64::OpenSSLCryptoBase64() { -+ m_ectx = EVP_ENCODE_CTX_new(); -+ m_dctx = EVP_ENCODE_CTX_new(); -+} -+ -+OpenSSLCryptoBase64::~OpenSSLCryptoBase64() { -+ EVP_ENCODE_CTX_free(m_ectx); -+ EVP_ENCODE_CTX_free(m_dctx); -+} - - // -------------------------------------------------------------------------------- - // Decoding -@@ -51,7 +60,7 @@ - - void OpenSSLCryptoBase64::decodeInit(void) { - -- EVP_DecodeInit(&m_dctx); -+ EVP_DecodeInit(m_dctx); - - } - -@@ -70,7 +79,7 @@ - - } - -- rc = EVP_DecodeUpdate(&m_dctx, -+ rc = EVP_DecodeUpdate(m_dctx, - outData, - &outLen, - (unsigned char *) inData, -@@ -99,7 +108,7 @@ - int outLen; - outLen = outLength; - -- EVP_DecodeFinal(&m_dctx, outData, &outLen); -+ EVP_DecodeFinal(m_dctx, outData, &outLen); - - return outLen; - -@@ -111,7 +120,7 @@ - - void OpenSSLCryptoBase64::encodeInit(void) { - -- EVP_EncodeInit(&m_ectx); -+ EVP_EncodeInit(m_ectx); - - } - -@@ -130,7 +139,7 @@ - - } - -- EVP_EncodeUpdate(&m_ectx, -+ EVP_EncodeUpdate(m_ectx, - outData, - &outLen, - (unsigned char *) inData, -@@ -153,7 +162,7 @@ - int outLen; - outLen = outLength; - -- EVP_EncodeFinal(&m_ectx, outData, &outLen); -+ EVP_EncodeFinal(m_ectx, outData, &outLen); - - return outLen; - -diff -U3 -r xml-security-c-1.7.3.orig/xsec/enc/OpenSSL/OpenSSLCryptoBase64.hpp xml-security-c-1.7.3/xsec/enc/OpenSSL/OpenSSLCryptoBase64.hpp ---- xml-security-c-1.7.3.orig/xsec/enc/OpenSSL/OpenSSLCryptoBase64.hpp 2012-07-23 19:56:11.000000000 +0300 -+++ xml-security-c-1.7.3/xsec/enc/OpenSSL/OpenSSLCryptoBase64.hpp 2017-02-19 10:46:50.000000000 +0200 -@@ -66,8 +66,8 @@ - public : - - -- OpenSSLCryptoBase64() {}; -- virtual ~OpenSSLCryptoBase64() {}; -+ OpenSSLCryptoBase64(); -+ virtual ~OpenSSLCryptoBase64(); - - /** @name Decoding Functions */ - //@{ -@@ -189,20 +189,20 @@ - * \brief Get OpenSSL encode context structure - */ - -- EVP_ENCODE_CTX * getOpenSSLEncodeEVP_ENCODE_CTX(void) {return &m_ectx;} -+ EVP_ENCODE_CTX * getOpenSSLEncodeEVP_ENCODE_CTX(void) {return m_ectx;} - - /** - * \brief Get OpenSSL encode context structure - */ - -- EVP_ENCODE_CTX * getOpenSSLDecodeEVP_ENCODE_CTX(void) {return &m_dctx;} -+ EVP_ENCODE_CTX * getOpenSSLDecodeEVP_ENCODE_CTX(void) {return m_dctx;} - - //@} - - private : - -- EVP_ENCODE_CTX m_ectx; // Encode context -- EVP_ENCODE_CTX m_dctx; // Decode context -+ EVP_ENCODE_CTX *m_ectx; // Encode context -+ EVP_ENCODE_CTX *m_dctx; // Decode context - - }; - -diff -U3 -r xml-security-c-1.7.3.orig/xsec/enc/OpenSSL/OpenSSLCryptoHash.cpp xml-security-c-1.7.3/xsec/enc/OpenSSL/OpenSSLCryptoHash.cpp ---- xml-security-c-1.7.3.orig/xsec/enc/OpenSSL/OpenSSLCryptoHash.cpp 2012-07-23 19:56:11.000000000 +0300 -+++ xml-security-c-1.7.3/xsec/enc/OpenSSL/OpenSSLCryptoHash.cpp 2017-02-19 20:48:48.000000000 +0200 -@@ -40,6 +40,7 @@ - - OpenSSLCryptoHash::OpenSSLCryptoHash(HashType alg) { - -+ m_mdctx = EVP_MD_CTX_create(); - switch (alg) { - - case (XSECCryptoHash::HASH_SHA1) : -@@ -104,7 +105,7 @@ - "OpenSSL:Hash - Error loading Message Digest"); - } - -- EVP_DigestInit(&m_mdctx, mp_md); -+ EVP_DigestInit(m_mdctx, mp_md); - m_hashType = alg; - - } -@@ -112,7 +113,7 @@ - - OpenSSLCryptoHash::~OpenSSLCryptoHash() { - -- EVP_MD_CTX_cleanup(&m_mdctx); -+ EVP_MD_CTX_free(m_mdctx); - - } - -@@ -121,16 +122,16 @@ - // Hashing Activities - void OpenSSLCryptoHash::reset(void) { - -- EVP_MD_CTX_cleanup(&m_mdctx); -- -- EVP_DigestInit(&m_mdctx, mp_md); -+ EVP_MD_CTX_free(m_mdctx); -+ m_mdctx = EVP_MD_CTX_new(); -+ EVP_DigestInit(m_mdctx, mp_md); - - } - - void OpenSSLCryptoHash::hash(unsigned char * data, - unsigned int length) { - -- EVP_DigestUpdate(&m_mdctx, data, length); -+ EVP_DigestUpdate(m_mdctx, data, length); - - } - unsigned int OpenSSLCryptoHash::finish(unsigned char * hash, -@@ -140,7 +141,7 @@ - - // Finish up and copy out hash, returning the length - -- EVP_DigestFinal(&m_mdctx, m_mdValue, &m_mdLen); -+ EVP_DigestFinal(m_mdctx, m_mdValue, &m_mdLen); - - // Copy to output buffer - -diff -U3 -r xml-security-c-1.7.3.orig/xsec/enc/OpenSSL/OpenSSLCryptoHash.hpp xml-security-c-1.7.3/xsec/enc/OpenSSL/OpenSSLCryptoHash.hpp ---- xml-security-c-1.7.3.orig/xsec/enc/OpenSSL/OpenSSLCryptoHash.hpp 2012-07-23 19:56:11.000000000 +0300 -+++ xml-security-c-1.7.3/xsec/enc/OpenSSL/OpenSSLCryptoHash.hpp 2017-02-19 10:42:32.000000000 +0200 -@@ -138,7 +138,7 @@ - * \brief Get OpenSSL hash context structure - */ - -- EVP_MD_CTX * getOpenSSLEVP_MD_CTX(void) {return &m_mdctx;} -+ EVP_MD_CTX * getOpenSSLEVP_MD_CTX(void) {return m_mdctx;} - - //@} - -@@ -148,7 +148,7 @@ - // Not implemented constructors - OpenSSLCryptoHash(); - -- EVP_MD_CTX m_mdctx; // Context for digest -+ EVP_MD_CTX *m_mdctx; // Context for digest - const EVP_MD * mp_md; // Digest instance - unsigned char m_mdValue[EVP_MAX_MD_SIZE]; // Final output - unsigned int m_mdLen; // Length of digest -diff -U3 -r xml-security-c-1.7.3.orig/xsec/enc/OpenSSL/OpenSSLCryptoHashHMAC.cpp xml-security-c-1.7.3/xsec/enc/OpenSSL/OpenSSLCryptoHashHMAC.cpp ---- xml-security-c-1.7.3.orig/xsec/enc/OpenSSL/OpenSSLCryptoHashHMAC.cpp 2012-07-23 19:56:11.000000000 +0300 -+++ xml-security-c-1.7.3/xsec/enc/OpenSSL/OpenSSLCryptoHashHMAC.cpp 2017-02-19 20:50:03.000000000 +0200 -@@ -43,6 +43,7 @@ - OpenSSLCryptoHashHMAC::OpenSSLCryptoHashHMAC(HashType alg) { - - // Initialise the digest -+ m_hctx = HMAC_CTX_new(); - - switch (alg) { - -@@ -127,7 +128,7 @@ - m_keyLen = ((XSECCryptoKeyHMAC *) key)->getKey(m_keyBuf); - - -- HMAC_Init(&m_hctx, -+ HMAC_Init(m_hctx, - m_keyBuf.rawBuffer(), - m_keyLen, - mp_md); -@@ -139,7 +140,7 @@ - OpenSSLCryptoHashHMAC::~OpenSSLCryptoHashHMAC() { - - if (m_initialised) -- HMAC_CTX_cleanup(&m_hctx); -+ HMAC_CTX_free(m_hctx); - - } - -@@ -151,9 +152,9 @@ - - if (m_initialised) { - -- HMAC_CTX_cleanup(&m_hctx); -- -- HMAC_Init(&m_hctx, -+ HMAC_CTX_free(m_hctx); -+ m_hctx = HMAC_CTX_new(); -+ HMAC_Init(m_hctx, - m_keyBuf.rawBuffer(), - m_keyLen, - mp_md); -@@ -170,7 +171,7 @@ - "OpenSSL:HashHMAC - hash called prior to setKey"); - - -- HMAC_Update(&m_hctx, data, (int) length); -+ HMAC_Update(m_hctx, data, (int) length); - - } - -@@ -181,7 +182,7 @@ - - // Finish up and copy out hash, returning the length - -- HMAC_Final(&m_hctx, m_mdValue, &m_mdLen); -+ HMAC_Final(m_hctx, m_mdValue, &m_mdLen); - - // Copy to output buffer - -diff -U3 -r xml-security-c-1.7.3.orig/xsec/enc/OpenSSL/OpenSSLCryptoHashHMAC.hpp xml-security-c-1.7.3/xsec/enc/OpenSSL/OpenSSLCryptoHashHMAC.hpp ---- xml-security-c-1.7.3.orig/xsec/enc/OpenSSL/OpenSSLCryptoHashHMAC.hpp 2012-07-23 19:56:11.000000000 +0300 -+++ xml-security-c-1.7.3/xsec/enc/OpenSSL/OpenSSLCryptoHashHMAC.hpp 2017-02-19 10:50:19.000000000 +0200 -@@ -162,7 +162,7 @@ - * \brief Get OpenSSL Hash Context - */ - -- HMAC_CTX * getOpenSSLHMAC_CTX(void) {return &m_hctx;} -+ HMAC_CTX * getOpenSSLHMAC_CTX(void) {return m_hctx;} - - //@} - -@@ -175,7 +175,7 @@ - unsigned char m_mdValue[EVP_MAX_MD_SIZE]; // Final output - unsigned int m_mdLen; // Length of digest - HashType m_hashType; // What type of hash is this? -- HMAC_CTX m_hctx; // Context for HMAC -+ HMAC_CTX *m_hctx; // Context for HMAC - safeBuffer m_keyBuf; // The loaded key - unsigned int m_keyLen; // The loaded key length - bool m_initialised; -diff -U3 -r xml-security-c-1.7.3.orig/xsec/enc/OpenSSL/OpenSSLCryptoKeyDSA.cpp xml-security-c-1.7.3/xsec/enc/OpenSSL/OpenSSLCryptoKeyDSA.cpp ---- xml-security-c-1.7.3.orig/xsec/enc/OpenSSL/OpenSSLCryptoKeyDSA.cpp 2015-01-29 04:52:17.000000000 +0200 -+++ xml-security-c-1.7.3/xsec/enc/OpenSSL/OpenSSLCryptoKeyDSA.cpp 2017-02-19 22:39:29.000000000 +0200 -@@ -64,13 +64,15 @@ - if (mp_dsaKey == NULL) - return KEY_NONE; - -- if (mp_dsaKey->priv_key != NULL && mp_dsaKey->pub_key != NULL) -+ const BIGNUM *pub_key = 0, *priv_key = 0; -+ DSA_get0_key(mp_dsaKey, &pub_key, &priv_key); -+ if (priv_key != NULL && pub_key != NULL) - return KEY_DSA_PAIR; - -- if (mp_dsaKey->priv_key != NULL) -+ if (priv_key != NULL) - return KEY_DSA_PRIVATE; - -- if (mp_dsaKey->pub_key != NULL) -+ if (pub_key != NULL) - return KEY_DSA_PUBLIC; - - return KEY_NONE; -@@ -82,7 +84,7 @@ - if (mp_dsaKey == NULL) - mp_dsaKey = DSA_new(); - -- mp_dsaKey->p = OpenSSLCryptoBase64::b642BN((char *) b64, len); -+ DSA_set0_pqg(mp_dsaKey, OpenSSLCryptoBase64::b642BN((char *) b64, len), 0, 0); - - } - -@@ -91,7 +93,7 @@ - if (mp_dsaKey == NULL) - mp_dsaKey = DSA_new(); - -- mp_dsaKey->q = OpenSSLCryptoBase64::b642BN((char *) b64, len); -+ DSA_set0_pqg(mp_dsaKey, 0, OpenSSLCryptoBase64::b642BN((char *) b64, len), 0); - - } - -@@ -100,7 +102,7 @@ - if (mp_dsaKey == NULL) - mp_dsaKey = DSA_new(); - -- mp_dsaKey->g = OpenSSLCryptoBase64::b642BN((char *) b64, len); -+ DSA_set0_pqg(mp_dsaKey, 0, 0, OpenSSLCryptoBase64::b642BN((char *) b64, len)); - - } - -@@ -109,7 +111,7 @@ - if (mp_dsaKey == NULL) - mp_dsaKey = DSA_new(); - -- mp_dsaKey->pub_key = OpenSSLCryptoBase64::b642BN((char *) b64, len); -+ DSA_set0_key(mp_dsaKey, OpenSSLCryptoBase64::b642BN((char *) b64, len), 0); - - } - -@@ -130,20 +132,15 @@ - - mp_dsaKey = DSA_new(); - -- if (k == NULL || k->type != EVP_PKEY_DSA) -+ if (k == NULL || EVP_PKEY_base_id(k) != EVP_PKEY_DSA) - return; // Nothing to do with us - -- -- if (k->pkey.dsa->p) -- mp_dsaKey->p = BN_dup(k->pkey.dsa->p); -- if (k->pkey.dsa->q) -- mp_dsaKey->q = BN_dup(k->pkey.dsa->q); -- if (k->pkey.dsa->g) -- mp_dsaKey->g = BN_dup(k->pkey.dsa->g); -- if (k->pkey.dsa->pub_key) -- mp_dsaKey->pub_key = BN_dup(k->pkey.dsa->pub_key); -- if (k->pkey.dsa->priv_key) -- mp_dsaKey->priv_key = BN_dup(k->pkey.dsa->priv_key); -+ DSA *dsa = EVP_PKEY_get0_DSA(k); -+ const BIGNUM *p = 0, *q = 0, *g = 0, *pub_key = 0, *priv_key = 0; -+ DSA_get0_pqg(dsa, &p, &q, &g); -+ DSA_get0_key(dsa, &pub_key, &priv_key); -+ DSA_set0_pqg(mp_dsaKey, BN_dup(p), BN_dup(q), BN_dup(g)); -+ DSA_set0_key(mp_dsaKey, BN_dup(pub_key), BN_dup(priv_key)); - - } - -@@ -175,9 +172,9 @@ - unsigned char* sigVal = new unsigned char[sigLen + 1]; - ArrayJanitor j_sigVal(sigVal); - -- EVP_ENCODE_CTX m_dctx; -- EVP_DecodeInit(&m_dctx); -- int rc = EVP_DecodeUpdate(&m_dctx, -+ EVP_ENCODE_CTX *m_dctx = EVP_ENCODE_CTX_new(); -+ EVP_DecodeInit(m_dctx); -+ int rc = EVP_DecodeUpdate(m_dctx, - sigVal, - &sigValLen, - (unsigned char *) cleanedBase64Signature, -@@ -190,7 +187,8 @@ - } - int t = 0; - -- EVP_DecodeFinal(&m_dctx, &sigVal[sigValLen], &t); -+ EVP_DecodeFinal(m_dctx, &sigVal[sigValLen], &t); -+ EVP_ENCODE_CTX_free(m_dctx); - - sigValLen += t; - -@@ -223,12 +221,7 @@ - } - - DSA_SIG * dsa_sig = DSA_SIG_new(); -- -- dsa_sig->r = BN_dup(R); -- dsa_sig->s = BN_dup(S); -- -- BN_free(R); -- BN_free(S); -+ DSA_SIG_set0(dsa_sig, R, S); - - // Now we have a signature and a key - lets check - -@@ -267,6 +260,8 @@ - DSA_SIG * dsa_sig; - - dsa_sig = DSA_do_sign(hashBuf, hashLen, mp_dsaKey); -+ const BIGNUM *r = 0, *s = 0; -+ DSA_SIG_get0(dsa_sig, &r, &s); - - if (dsa_sig == NULL) { - -@@ -277,10 +272,10 @@ - - // Now turn the signature into a base64 string - -- unsigned char* rawSigBuf = new unsigned char[(BN_num_bits(dsa_sig->r) + BN_num_bits(dsa_sig->s) + 7) / 8]; -+ unsigned char* rawSigBuf = new unsigned char[(BN_num_bits(r) + BN_num_bits(s) + 7) / 8]; - ArrayJanitor j_sigbuf(rawSigBuf); - -- unsigned int rawLen = BN_bn2bin(dsa_sig->r, rawSigBuf); -+ unsigned int rawLen = BN_bn2bin(r, rawSigBuf); - - if (rawLen <= 0) { - -@@ -289,7 +284,7 @@ - - } - -- unsigned int rawLenS = BN_bn2bin(dsa_sig->s, (unsigned char *) &rawSigBuf[rawLen]); -+ unsigned int rawLenS = BN_bn2bin(s, (unsigned char *) &rawSigBuf[rawLen]); - - if (rawLenS <= 0) { - -@@ -339,16 +334,11 @@ - ret->mp_dsaKey = DSA_new(); - - // Duplicate parameters -- if (mp_dsaKey->p) -- ret->mp_dsaKey->p = BN_dup(mp_dsaKey->p); -- if (mp_dsaKey->q) -- ret->mp_dsaKey->q = BN_dup(mp_dsaKey->q); -- if (mp_dsaKey->g) -- ret->mp_dsaKey->g = BN_dup(mp_dsaKey->g); -- if (mp_dsaKey->pub_key) -- ret->mp_dsaKey->pub_key = BN_dup(mp_dsaKey->pub_key); -- if (mp_dsaKey->priv_key) -- ret->mp_dsaKey->priv_key = BN_dup(mp_dsaKey->priv_key); -+ const BIGNUM *p = 0, *q = 0, *g = 0, *pub_key = 0, *priv_key = 0; -+ DSA_get0_pqg(mp_dsaKey, &p, &q, &g); -+ DSA_get0_key(mp_dsaKey, &pub_key, &priv_key); -+ DSA_set0_pqg(ret->mp_dsaKey, BN_dup(p), BN_dup(q), BN_dup(g)); -+ DSA_set0_key(ret->mp_dsaKey, BN_dup(pub_key), BN_dup(priv_key)); - - return ret; - -diff -U3 -r xml-security-c-1.7.3.orig/xsec/enc/OpenSSL/OpenSSLCryptoKeyEC.cpp xml-security-c-1.7.3/xsec/enc/OpenSSL/OpenSSLCryptoKeyEC.cpp ---- xml-security-c-1.7.3.orig/xsec/enc/OpenSSL/OpenSSLCryptoKeyEC.cpp 2015-02-03 02:57:48.000000000 +0200 -+++ xml-security-c-1.7.3/xsec/enc/OpenSSL/OpenSSLCryptoKeyEC.cpp 2017-02-19 21:57:57.000000000 +0200 -@@ -128,10 +128,10 @@ - - // Create a new key to be loaded as we go - -- if (k == NULL || k->type != EVP_PKEY_EC) -+ if (k == NULL || EVP_PKEY_base_id(k) != EVP_PKEY_EC) - return; // Nothing to do with us - -- mp_ecKey = EC_KEY_dup(k->pkey.ec); -+ mp_ecKey = EC_KEY_dup(EVP_PKEY_get0_EC_KEY(k)); - } - - // -------------------------------------------------------------------------------- -@@ -162,9 +162,9 @@ - unsigned char* sigVal = new unsigned char[sigLen + 1]; - ArrayJanitor j_sigVal(sigVal); - -- EVP_ENCODE_CTX m_dctx; -- EVP_DecodeInit(&m_dctx); -- int rc = EVP_DecodeUpdate(&m_dctx, -+ EVP_ENCODE_CTX *m_dctx = EVP_ENCODE_CTX_new(); -+ EVP_DecodeInit(m_dctx); -+ int rc = EVP_DecodeUpdate(m_dctx, - sigVal, - &sigValLen, - (unsigned char *) cleanedBase64Signature, -@@ -177,7 +177,8 @@ - } - int t = 0; - -- EVP_DecodeFinal(&m_dctx, &sigVal[sigValLen], &t); -+ EVP_DecodeFinal(m_dctx, &sigVal[sigValLen], &t); -+ EVP_ENCODE_CTX_free(m_dctx); - - sigValLen += t; - -@@ -189,8 +190,9 @@ - // Translate to BNs by splitting in half, and thence to ECDSA_SIG - - ECDSA_SIG * dsa_sig = ECDSA_SIG_new(); -- dsa_sig->r = BN_bin2bn(sigVal, sigValLen / 2, NULL); -- dsa_sig->s = BN_bin2bn(&sigVal[sigValLen / 2], sigValLen / 2, NULL); -+ ECDSA_SIG_set0(dsa_sig, -+ BN_bin2bn(sigVal, sigValLen / 2, NULL), -+ BN_bin2bn(&sigVal[sigValLen / 2], sigValLen / 2, NULL)); - - // Now we have a signature and a key - lets check - -@@ -228,6 +230,8 @@ - ECDSA_SIG * dsa_sig; - - dsa_sig = ECDSA_do_sign(hashBuf, hashLen, mp_ecKey); -+ const BIGNUM *r, *s; -+ ECDSA_SIG_get0(dsa_sig, &r, &s); - - if (dsa_sig == NULL) { - throw XSECCryptoException(XSECCryptoException::ECError, -@@ -263,14 +267,14 @@ - memset(rawSigBuf, 0, keyLen * 2); - ArrayJanitor j_sigbuf(rawSigBuf); - -- unsigned int rawLen = (BN_num_bits(dsa_sig->r) + 7) / 8; -- if (BN_bn2bin(dsa_sig->r, rawSigBuf + keyLen - rawLen) <= 0) { -+ unsigned int rawLen = (BN_num_bits(r) + 7) / 8; -+ if (BN_bn2bin(r, rawSigBuf + keyLen - rawLen) <= 0) { - throw XSECCryptoException(XSECCryptoException::ECError, - "OpenSSL:EC - Error copying signature 'r' value to buffer"); - } - -- rawLen = (BN_num_bits(dsa_sig->s) + 7) / 8; -- if (BN_bn2bin(dsa_sig->s, rawSigBuf + keyLen + keyLen - rawLen) <= 0) { -+ rawLen = (BN_num_bits(s) + 7) / 8; -+ if (BN_bn2bin(s, rawSigBuf + keyLen + keyLen - rawLen) <= 0) { - throw XSECCryptoException(XSECCryptoException::ECError, - "OpenSSL:EC - Error copying signature 's' value to buffer"); - } -diff -U3 -r xml-security-c-1.7.3.orig/xsec/enc/OpenSSL/OpenSSLCryptoKeyRSA.cpp xml-security-c-1.7.3/xsec/enc/OpenSSL/OpenSSLCryptoKeyRSA.cpp ---- xml-security-c-1.7.3.orig/xsec/enc/OpenSSL/OpenSSLCryptoKeyRSA.cpp 2012-07-23 19:56:11.000000000 +0300 -+++ xml-security-c-1.7.3/xsec/enc/OpenSSL/OpenSSLCryptoKeyRSA.cpp 2017-02-19 21:53:14.000000000 +0200 -@@ -326,13 +326,15 @@ - if (mp_rsaKey == NULL) - return KEY_NONE; - -- if (mp_rsaKey->n != NULL && mp_rsaKey->d != NULL) -+ const BIGNUM *n = 0, *e = 0, *d = 0; -+ RSA_get0_key(mp_rsaKey, &n, &e, &d); -+ if (n != NULL && d != NULL) - return KEY_RSA_PAIR; - -- if (mp_rsaKey->d != NULL) -+ if (d != NULL) - return KEY_RSA_PRIVATE; - -- if (mp_rsaKey->n != NULL) -+ if (n != NULL) - return KEY_RSA_PUBLIC; - - return KEY_NONE; -@@ -344,7 +346,7 @@ - if (mp_rsaKey == NULL) - mp_rsaKey = RSA_new(); - -- mp_rsaKey->n = OpenSSLCryptoBase64::b642BN((char *) b64, len); -+ RSA_set0_key(mp_rsaKey, OpenSSLCryptoBase64::b642BN((char *) b64, len), 0, 0); - - } - -@@ -353,7 +355,7 @@ - if (mp_rsaKey == NULL) - mp_rsaKey = RSA_new(); - -- mp_rsaKey->e = OpenSSLCryptoBase64::b642BN((char *) b64, len); -+ RSA_set0_key(mp_rsaKey, 0, OpenSSLCryptoBase64::b642BN((char *) b64, len), 0); - - } - -@@ -369,32 +371,17 @@ - - mp_rsaKey = RSA_new(); - -- if (k == NULL || k->type != EVP_PKEY_RSA) -+ if (k == NULL || EVP_PKEY_base_id(k) != EVP_PKEY_RSA) - return; // Nothing to do with us - -- if (k->pkey.rsa->n) -- mp_rsaKey->n = BN_dup(k->pkey.rsa->n); -- -- if (k->pkey.rsa->e) -- mp_rsaKey->e = BN_dup(k->pkey.rsa->e); -- -- if (k->pkey.rsa->d) -- mp_rsaKey->d = BN_dup(k->pkey.rsa->d); -- -- if (k->pkey.rsa->p) -- mp_rsaKey->p = BN_dup(k->pkey.rsa->p); -- -- if (k->pkey.rsa->q) -- mp_rsaKey->q = BN_dup(k->pkey.rsa->q); -- -- if (k->pkey.rsa->dmp1) -- mp_rsaKey->dmp1 = BN_dup(k->pkey.rsa->dmp1); -- -- if (k->pkey.rsa->dmq1) -- mp_rsaKey->dmq1 = BN_dup(k->pkey.rsa->dmq1); -- -- if (k->pkey.rsa->iqmp) -- mp_rsaKey->iqmp = BN_dup(k->pkey.rsa->iqmp); -+ RSA *rsa = EVP_PKEY_get0_RSA(k); -+ const BIGNUM *n = 0, *e = 0, *d = 0, *p = 0, *q = 0, *dmp1 = 0, *dmq1 = 0, *iqmp = 0; -+ RSA_get0_key(rsa, &n, &e, &d); -+ RSA_get0_factors(rsa, &p, &q); -+ RSA_get0_crt_params(rsa, &dmp1, &dmq1, &iqmp); -+ RSA_set0_key(mp_rsaKey, BN_dup(n), BN_dup(e), BN_dup(d)); -+ RSA_set0_factors(mp_rsaKey, BN_dup(p), BN_dup(q)); -+ RSA_set0_crt_params(mp_rsaKey, BN_dup(dmp1), BN_dup(dmq1), BN_dup(iqmp)); - - } - -@@ -427,9 +414,9 @@ - unsigned char* sigVal = new unsigned char[sigLen + 1]; - ArrayJanitor j_sigVal(sigVal); - -- EVP_ENCODE_CTX m_dctx; -- EVP_DecodeInit(&m_dctx); -- int rc = EVP_DecodeUpdate(&m_dctx, -+ EVP_ENCODE_CTX *m_dctx = EVP_ENCODE_CTX_new(); -+ EVP_DecodeInit(m_dctx); -+ int rc = EVP_DecodeUpdate(m_dctx, - sigVal, - &sigValLen, - (unsigned char *) cleanedBase64Signature, -@@ -442,7 +429,8 @@ - } - int t = 0; - -- EVP_DecodeFinal(&m_dctx, &sigVal[sigValLen], &t); -+ EVP_DecodeFinal(m_dctx, &sigVal[sigValLen], &t); -+ EVP_ENCODE_CTX_free(m_dctx); - - sigValLen += t; - -@@ -979,29 +967,13 @@ - - // Duplicate parameters - -- if (mp_rsaKey->n) -- ret->mp_rsaKey->n = BN_dup(mp_rsaKey->n); -- -- if (mp_rsaKey->e) -- ret->mp_rsaKey->e = BN_dup(mp_rsaKey->e); -- -- if (mp_rsaKey->d) -- ret->mp_rsaKey->d = BN_dup(mp_rsaKey->d); -- -- if (mp_rsaKey->p) -- ret->mp_rsaKey->p = BN_dup(mp_rsaKey->p); -- -- if (mp_rsaKey->q) -- ret->mp_rsaKey->q = BN_dup(mp_rsaKey->q); -- -- if (mp_rsaKey->dmp1) -- ret->mp_rsaKey->dmp1 = BN_dup(mp_rsaKey->dmp1); -- -- if (mp_rsaKey->dmq1) -- ret->mp_rsaKey->dmq1 = BN_dup(mp_rsaKey->dmq1); -- -- if (mp_rsaKey->iqmp) -- ret->mp_rsaKey->iqmp = BN_dup(mp_rsaKey->iqmp); -+ const BIGNUM *n = 0, *e = 0, *d = 0, *p = 0, *q = 0, *dmp1 = 0, *dmq1 = 0, *iqmp = 0; -+ RSA_get0_key(mp_rsaKey, &n, &e, &d); -+ RSA_get0_factors(mp_rsaKey, &p, &q); -+ RSA_get0_crt_params(mp_rsaKey, &dmp1, &dmq1, &iqmp); -+ RSA_set0_key(ret->mp_rsaKey, BN_dup(n), BN_dup(e), BN_dup(d)); -+ RSA_set0_factors(ret->mp_rsaKey, BN_dup(p), BN_dup(q)); -+ RSA_set0_crt_params(ret->mp_rsaKey, BN_dup(dmp1), BN_dup(dmq1), BN_dup(iqmp)); - - return ret; - -diff -U3 -r xml-security-c-1.7.3.orig/xsec/enc/OpenSSL/OpenSSLCryptoProvider.cpp xml-security-c-1.7.3/xsec/enc/OpenSSL/OpenSSLCryptoProvider.cpp ---- xml-security-c-1.7.3.orig/xsec/enc/OpenSSL/OpenSSLCryptoProvider.cpp 2012-07-23 19:56:11.000000000 +0300 -+++ xml-security-c-1.7.3/xsec/enc/OpenSSL/OpenSSLCryptoProvider.cpp 2017-02-19 21:28:15.000000000 +0200 -@@ -343,7 +343,7 @@ - if (pkey) { - XSECCryptoKey* ret = NULL; - try { -- switch (pkey->type) { -+ switch (EVP_PKEY_base_id(pkey)) { - case EVP_PKEY_RSA: - ret = new OpenSSLCryptoKeyRSA(pkey); - break; -diff -U3 -r xml-security-c-1.7.3.orig/xsec/enc/OpenSSL/OpenSSLCryptoSymmetricKey.cpp xml-security-c-1.7.3/xsec/enc/OpenSSL/OpenSSLCryptoSymmetricKey.cpp ---- xml-security-c-1.7.3.orig/xsec/enc/OpenSSL/OpenSSLCryptoSymmetricKey.cpp 2015-01-29 04:52:17.000000000 +0200 -+++ xml-security-c-1.7.3/xsec/enc/OpenSSL/OpenSSLCryptoSymmetricKey.cpp 2017-02-19 21:24:51.000000000 +0200 -@@ -56,7 +56,8 @@ - m_keyLen(0), - m_initialised(false) { - -- EVP_CIPHER_CTX_init(&m_ctx); -+ m_ctx = EVP_CIPHER_CTX_new(); -+ EVP_CIPHER_CTX_init(m_ctx); - m_keyBuf.isSensitive(); - - } -@@ -65,7 +66,7 @@ - - // Clean up the context - -- EVP_CIPHER_CTX_cleanup(&m_ctx); -+ EVP_CIPHER_CTX_free(m_ctx); - } - - // -------------------------------------------------------------------------------- -@@ -149,17 +150,17 @@ - with 0.9.6 */ - - #if defined(XSEC_OPENSSL_CONST_BUFFERS) -- EVP_DecryptInit(&m_ctx, EVP_des_ede3_cbc(),m_keyBuf.rawBuffer(), iv); -+ EVP_DecryptInit(m_ctx, EVP_des_ede3_cbc(),m_keyBuf.rawBuffer(), iv); - #else -- EVP_DecryptInit(&m_ctx, EVP_des_ede3_cbc(),(unsigned char *) m_keyBuf.rawBuffer(), (unsigned char *) iv); -+ EVP_DecryptInit(m_ctx, EVP_des_ede3_cbc(),(unsigned char *) m_keyBuf.rawBuffer(), (unsigned char *) iv); - #endif - m_ivSize = 8; - } - else if (m_keyMode == MODE_ECB) { - #if defined(XSEC_OPENSSL_CONST_BUFFERS) -- EVP_DecryptInit(&m_ctx, EVP_des_ecb(), m_keyBuf.rawBuffer(), NULL); -+ EVP_DecryptInit(m_ctx, EVP_des_ecb(), m_keyBuf.rawBuffer(), NULL); - #else -- EVP_DecryptInit(&m_ctx, EVP_des_ecb(), (unsigned char *) m_keyBuf.rawBuffer(), NULL); -+ EVP_DecryptInit(m_ctx, EVP_des_ecb(), (unsigned char *) m_keyBuf.rawBuffer(), NULL); - #endif - m_ivSize = 0; - } -@@ -184,7 +185,7 @@ - return 0; // Cannot initialise without an IV - } - -- EVP_DecryptInit_ex(&m_ctx, EVP_aes_128_cbc(), NULL, m_keyBuf.rawBuffer(), iv); -+ EVP_DecryptInit_ex(m_ctx, EVP_aes_128_cbc(), NULL, m_keyBuf.rawBuffer(), iv); - - } - #if defined (XSEC_OPENSSL_HAVE_GCM) -@@ -207,15 +208,15 @@ - } - - // We have everything, so we can fully init. -- EVP_CipherInit(&m_ctx, EVP_aes_128_gcm(), NULL, NULL, 0); -- EVP_CIPHER_CTX_ctrl(&m_ctx, EVP_CTRL_GCM_SET_IVLEN, 12, NULL); -- EVP_CIPHER_CTX_ctrl(&m_ctx, EVP_CTRL_GCM_SET_TAG, 16, (void*)m_tagBuf.rawBuffer()); -- EVP_CipherInit(&m_ctx, NULL, m_keyBuf.rawBuffer(), iv, 0); -+ EVP_CipherInit(m_ctx, EVP_aes_128_gcm(), NULL, NULL, 0); -+ EVP_CIPHER_CTX_ctrl(m_ctx, EVP_CTRL_GCM_SET_IVLEN, 12, NULL); -+ EVP_CIPHER_CTX_ctrl(m_ctx, EVP_CTRL_GCM_SET_TAG, 16, (void*)m_tagBuf.rawBuffer()); -+ EVP_CipherInit(m_ctx, NULL, m_keyBuf.rawBuffer(), iv, 0); - } - #endif - else if (m_keyMode == MODE_ECB) { - -- EVP_DecryptInit_ex(&m_ctx, EVP_aes_128_ecb(), NULL, m_keyBuf.rawBuffer(), NULL); -+ EVP_DecryptInit_ex(m_ctx, EVP_aes_128_ecb(), NULL, m_keyBuf.rawBuffer(), NULL); - - } - else { -@@ -236,7 +237,7 @@ - return 0; // Cannot initialise without an IV - } - -- EVP_DecryptInit_ex(&m_ctx, EVP_aes_192_cbc(), NULL, m_keyBuf.rawBuffer(), iv); -+ EVP_DecryptInit_ex(m_ctx, EVP_aes_192_cbc(), NULL, m_keyBuf.rawBuffer(), iv); - - } - #if defined (XSEC_OPENSSL_HAVE_GCM) -@@ -259,16 +260,16 @@ - } - - // We have everything, so we can fully init. -- EVP_CipherInit(&m_ctx, EVP_aes_192_gcm(), NULL, NULL, 0); -- EVP_CIPHER_CTX_ctrl(&m_ctx, EVP_CTRL_GCM_SET_IVLEN, 12, NULL); -- EVP_CIPHER_CTX_ctrl(&m_ctx, EVP_CTRL_GCM_SET_TAG, 16, (void*)m_tagBuf.rawBuffer()); -- EVP_CipherInit(&m_ctx, NULL, m_keyBuf.rawBuffer(), iv, 0); -+ EVP_CipherInit(m_ctx, EVP_aes_192_gcm(), NULL, NULL, 0); -+ EVP_CIPHER_CTX_ctrl(m_ctx, EVP_CTRL_GCM_SET_IVLEN, 12, NULL); -+ EVP_CIPHER_CTX_ctrl(m_ctx, EVP_CTRL_GCM_SET_TAG, 16, (void*)m_tagBuf.rawBuffer()); -+ EVP_CipherInit(m_ctx, NULL, m_keyBuf.rawBuffer(), iv, 0); - - } - #endif - else if (m_keyMode == MODE_ECB) { - -- EVP_DecryptInit_ex(&m_ctx, EVP_aes_192_ecb(), NULL, m_keyBuf.rawBuffer(), NULL); -+ EVP_DecryptInit_ex(m_ctx, EVP_aes_192_ecb(), NULL, m_keyBuf.rawBuffer(), NULL); - - } - else { -@@ -289,7 +290,7 @@ - return 0; // Cannot initialise without an IV - } - -- EVP_DecryptInit_ex(&m_ctx, EVP_aes_256_cbc(), NULL, m_keyBuf.rawBuffer(), iv); -+ EVP_DecryptInit_ex(m_ctx, EVP_aes_256_cbc(), NULL, m_keyBuf.rawBuffer(), iv); - - } - #if defined (XSEC_OPENSSL_HAVE_GCM) -@@ -312,16 +313,16 @@ - } - - // We have everything, so we can fully init. -- EVP_CipherInit(&m_ctx, EVP_aes_256_gcm(), NULL, NULL, 0); -- EVP_CIPHER_CTX_ctrl(&m_ctx, EVP_CTRL_GCM_SET_IVLEN, 12, NULL); -- EVP_CIPHER_CTX_ctrl(&m_ctx, EVP_CTRL_GCM_SET_TAG, 16, (void*)m_tagBuf.rawBuffer()); -- EVP_CipherInit(&m_ctx, NULL, m_keyBuf.rawBuffer(), iv, 0); -+ EVP_CipherInit(m_ctx, EVP_aes_256_gcm(), NULL, NULL, 0); -+ EVP_CIPHER_CTX_ctrl(m_ctx, EVP_CTRL_GCM_SET_IVLEN, 12, NULL); -+ EVP_CIPHER_CTX_ctrl(m_ctx, EVP_CTRL_GCM_SET_TAG, 16, (void*)m_tagBuf.rawBuffer()); -+ EVP_CipherInit(m_ctx, NULL, m_keyBuf.rawBuffer(), iv, 0); - - } - #endif - else if (m_keyMode == MODE_ECB) { - -- EVP_DecryptInit_ex(&m_ctx, EVP_aes_256_ecb(), NULL, m_keyBuf.rawBuffer(), NULL); -+ EVP_DecryptInit_ex(m_ctx, EVP_aes_256_ecb(), NULL, m_keyBuf.rawBuffer(), NULL); - - } - else { -@@ -371,7 +372,7 @@ - // Disable OpenSSL padding - The interop samples have broken PKCS padding - AARGHH - - #if defined (XSEC_OPENSSL_CANSET_PADDING) -- EVP_CIPHER_CTX_set_padding(&m_ctx, 0); -+ EVP_CIPHER_CTX_set_padding(m_ctx, 0); - #endif - - // Return number of bytes chewed up by IV -@@ -439,9 +440,9 @@ - } - - #if defined (XSEC_OPENSSL_CONST_BUFFERS) -- if (EVP_DecryptUpdate(&m_ctx, &plainBuf[m_bytesInLastBlock], &outl, &inBuf[offset], inLength - offset) == 0) { -+ if (EVP_DecryptUpdate(m_ctx, &plainBuf[m_bytesInLastBlock], &outl, &inBuf[offset], inLength - offset) == 0) { - #else -- if (EVP_DecryptUpdate(&m_ctx, &plainBuf[m_bytesInLastBlock], &outl, (unsigned char *) &inBuf[offset], inLength - offset) == 0) { -+ if (EVP_DecryptUpdate(m_ctx, &plainBuf[m_bytesInLastBlock], &outl, (unsigned char *) &inBuf[offset], inLength - offset) == 0) { - #endif - throw XSECCryptoException(XSECCryptoException::SymmetricError, - "OpenSSL:SymmetricKey - Error during OpenSSL decrypt"); -@@ -476,7 +477,7 @@ - - #if defined (XSEC_OPENSSL_CANSET_PADDING) - -- if (EVP_DecryptFinal(&m_ctx, plainBuf, &outl) == 0) { -+ if (EVP_DecryptFinal(m_ctx, plainBuf, &outl) == 0) { - - throw XSECCryptoException(XSECCryptoException::SymmetricError, - "OpenSSL:SymmetricKey - Error during OpenSSL decrypt finalisation"); -@@ -544,7 +545,7 @@ - We can then clean that up ourselves - */ - -- if (EVP_DecryptUpdate(&m_ctx, &scrPlainBuf[offset], &outl, cipherBuf, m_blockSize) == 0) { -+ if (EVP_DecryptUpdate(m_ctx, &scrPlainBuf[offset], &outl, cipherBuf, m_blockSize) == 0) { - throw XSECCryptoException(XSECCryptoException::SymmetricError, - "OpenSSL:SymmetricKey - Error cecrypting final block during OpenSSL"); - } -@@ -641,16 +642,16 @@ - } - - #if defined (XSEC_OPENSSL_CONST_BUFFERS) -- EVP_EncryptInit(&m_ctx, EVP_des_ede3_cbc(), m_keyBuf.rawBuffer(), usedIV); -+ EVP_EncryptInit(m_ctx, EVP_des_ede3_cbc(), m_keyBuf.rawBuffer(), usedIV); - #else -- EVP_EncryptInit(&m_ctx, EVP_des_ede3_cbc(), (unsigned char *) m_keyBuf.rawBuffer(), (unsigned char *) usedIV); -+ EVP_EncryptInit(m_ctx, EVP_des_ede3_cbc(), (unsigned char *) m_keyBuf.rawBuffer(), (unsigned char *) usedIV); - #endif - } - else if (m_keyMode == MODE_ECB) { - #if defined (XSEC_OPENSSL_CONST_BUFFERS) -- EVP_EncryptInit(&m_ctx, EVP_des_ede3_ecb(), m_keyBuf.rawBuffer(), NULL); -+ EVP_EncryptInit(m_ctx, EVP_des_ede3_ecb(), m_keyBuf.rawBuffer(), NULL); - #else -- EVP_EncryptInit(&m_ctx, EVP_des_ede3(), (unsigned char *) m_keyBuf.rawBuffer(), NULL); -+ EVP_EncryptInit(m_ctx, EVP_des_ede3(), (unsigned char *) m_keyBuf.rawBuffer(), NULL); - #endif - } - else { -@@ -684,11 +685,11 @@ - else - usedIV = iv; - -- EVP_EncryptInit_ex(&m_ctx, EVP_aes_128_cbc(), NULL, m_keyBuf.rawBuffer(), usedIV); -+ EVP_EncryptInit_ex(m_ctx, EVP_aes_128_cbc(), NULL, m_keyBuf.rawBuffer(), usedIV); - } - else if (m_keyMode == MODE_ECB) { - -- EVP_EncryptInit_ex(&m_ctx, EVP_aes_128_ecb(), NULL, m_keyBuf.rawBuffer(), NULL); -+ EVP_EncryptInit_ex(m_ctx, EVP_aes_128_ecb(), NULL, m_keyBuf.rawBuffer(), NULL); - - } - #ifdef XSEC_OPENSSL_HAVE_GCM -@@ -708,7 +709,7 @@ - else - usedIV = iv; - -- EVP_EncryptInit_ex(&m_ctx, EVP_aes_128_gcm(), NULL, m_keyBuf.rawBuffer(), usedIV); -+ EVP_EncryptInit_ex(m_ctx, EVP_aes_128_gcm(), NULL, m_keyBuf.rawBuffer(), usedIV); - } - #endif - else { -@@ -739,7 +740,7 @@ - else - usedIV = iv; - -- EVP_EncryptInit_ex(&m_ctx, EVP_aes_192_cbc(), NULL, m_keyBuf.rawBuffer(), usedIV); -+ EVP_EncryptInit_ex(m_ctx, EVP_aes_192_cbc(), NULL, m_keyBuf.rawBuffer(), usedIV); - - } - #ifdef XSEC_OPENSSL_HAVE_GCM -@@ -759,12 +760,12 @@ - else - usedIV = iv; - -- EVP_EncryptInit_ex(&m_ctx, EVP_aes_192_gcm(), NULL, m_keyBuf.rawBuffer(), usedIV); -+ EVP_EncryptInit_ex(m_ctx, EVP_aes_192_gcm(), NULL, m_keyBuf.rawBuffer(), usedIV); - } - #endif - else if (m_keyMode == MODE_ECB) { - -- EVP_EncryptInit_ex(&m_ctx, EVP_aes_192_ecb(), NULL, m_keyBuf.rawBuffer(), NULL); -+ EVP_EncryptInit_ex(m_ctx, EVP_aes_192_ecb(), NULL, m_keyBuf.rawBuffer(), NULL); - } - else { - throw XSECCryptoException(XSECCryptoException::SymmetricError, -@@ -793,7 +794,7 @@ - else - usedIV = iv; - -- EVP_EncryptInit_ex(&m_ctx, EVP_aes_256_cbc(), NULL, m_keyBuf.rawBuffer(), usedIV); -+ EVP_EncryptInit_ex(m_ctx, EVP_aes_256_cbc(), NULL, m_keyBuf.rawBuffer(), usedIV); - - } - #ifdef XSEC_OPENSSL_HAVE_GCM -@@ -813,12 +814,12 @@ - else - usedIV = iv; - -- EVP_EncryptInit_ex(&m_ctx, EVP_aes_256_gcm(), NULL, m_keyBuf.rawBuffer(), usedIV); -+ EVP_EncryptInit_ex(m_ctx, EVP_aes_256_gcm(), NULL, m_keyBuf.rawBuffer(), usedIV); - } - #endif - else if (m_keyMode == MODE_ECB) { - -- EVP_EncryptInit_ex(&m_ctx, EVP_aes_256_ecb(), NULL, m_keyBuf.rawBuffer(), NULL); -+ EVP_EncryptInit_ex(m_ctx, EVP_aes_256_ecb(), NULL, m_keyBuf.rawBuffer(), NULL); - - } - else { -@@ -864,10 +865,10 @@ - #if defined (XSEC_OPENSSL_CANSET_PADDING) - // Setup padding - if (m_doPad) { -- EVP_CIPHER_CTX_set_padding(&m_ctx, 1); -+ EVP_CIPHER_CTX_set_padding(m_ctx, 1); - } - else { -- EVP_CIPHER_CTX_set_padding(&m_ctx, 0); -+ EVP_CIPHER_CTX_set_padding(m_ctx, 0); - } - #endif - -@@ -908,9 +909,9 @@ - - } - #if defined (XSEC_OPENSSL_CONST_BUFFERS) -- if (EVP_EncryptUpdate(&m_ctx, &cipherBuf[offset], &outl, inBuf, inLength) == 0) { -+ if (EVP_EncryptUpdate(m_ctx, &cipherBuf[offset], &outl, inBuf, inLength) == 0) { - #else -- if (EVP_EncryptUpdate(&m_ctx, &cipherBuf[offset], &outl, (unsigned char *) inBuf, inLength) == 0) { -+ if (EVP_EncryptUpdate(m_ctx, &cipherBuf[offset], &outl, (unsigned char *) inBuf, inLength) == 0) { - #endif - - throw XSECCryptoException(XSECCryptoException::SymmetricError, -@@ -929,7 +930,7 @@ - int outl = maxOutLength; - m_initialised = false; - -- if (EVP_EncryptFinal(&m_ctx, cipherBuf, &outl) == 0) { -+ if (EVP_EncryptFinal(m_ctx, cipherBuf, &outl) == 0) { - - throw XSECCryptoException(XSECCryptoException::SymmetricError, - "OpenSSLSymmetricKey::encryptFinish - Error during OpenSSL decrypt finalisation"); -@@ -962,7 +963,7 @@ - } - if (m_keyMode == MODE_GCM) { - #ifdef XSEC_OPENSSL_HAVE_GCM -- EVP_CIPHER_CTX_ctrl(&m_ctx, EVP_CTRL_GCM_GET_TAG, taglen, cipherBuf + outl); -+ EVP_CIPHER_CTX_ctrl(m_ctx, EVP_CTRL_GCM_GET_TAG, taglen, cipherBuf + outl); - outl += taglen; - #else - throw XSECCryptoException(XSECCryptoException::SymmetricError, -diff -U3 -r xml-security-c-1.7.3.orig/xsec/enc/OpenSSL/OpenSSLCryptoSymmetricKey.hpp xml-security-c-1.7.3/xsec/enc/OpenSSL/OpenSSLCryptoSymmetricKey.hpp ---- xml-security-c-1.7.3.orig/xsec/enc/OpenSSL/OpenSSLCryptoSymmetricKey.hpp 2012-07-23 19:56:11.000000000 +0300 -+++ xml-security-c-1.7.3/xsec/enc/OpenSSL/OpenSSLCryptoSymmetricKey.hpp 2017-02-19 21:25:39.000000000 +0200 -@@ -283,13 +283,13 @@ - * \brief Get OpenSSL cipher context structure - */ - -- EVP_CIPHER_CTX * getOpenSSLEVP_CIPHER_CTX(void) {return &m_ctx;} -+ EVP_CIPHER_CTX * getOpenSSLEVP_CIPHER_CTX(void) {return m_ctx;} - - /** - * \brief Get OpenSSL cipher context structure - */ - -- const EVP_CIPHER_CTX * getOpenSSLEVP_CIPHER_CTX(void) const {return &m_ctx;} -+ const EVP_CIPHER_CTX * getOpenSSLEVP_CIPHER_CTX(void) const {return m_ctx;} - - //@} - -@@ -307,7 +307,7 @@ - // Private variables - SymmetricKeyType m_keyType; - SymmetricKeyMode m_keyMode; -- EVP_CIPHER_CTX m_ctx; // OpenSSL Cipher Context structure -+ EVP_CIPHER_CTX *m_ctx; // OpenSSL Cipher Context structure - safeBuffer m_keyBuf; // Holder of the key - safeBuffer m_tagBuf; // Holder of authentication tag - unsigned int m_keyLen; -diff -U3 -r xml-security-c-1.7.3.orig/xsec/enc/OpenSSL/OpenSSLCryptoX509.cpp xml-security-c-1.7.3/xsec/enc/OpenSSL/OpenSSLCryptoX509.cpp ---- xml-security-c-1.7.3.orig/xsec/enc/OpenSSL/OpenSSLCryptoX509.cpp 2012-07-23 19:56:11.000000000 +0300 -+++ xml-security-c-1.7.3/xsec/enc/OpenSSL/OpenSSLCryptoX509.cpp 2017-02-19 21:09:40.000000000 +0200 -@@ -191,7 +191,7 @@ - - XSECCryptoKey::KeyType ret; - -- switch (pkey->type) { -+ switch (EVP_PKEY_base_id(pkey)) { - - case EVP_PKEY_DSA : - -@@ -241,7 +241,7 @@ - "OpenSSL:X509 - cannot retrieve public key from cert"); - } - -- switch (pkey->type) { -+ switch (EVP_PKEY_base_id(pkey)) { - - case EVP_PKEY_DSA : - -diff -U3 -r xml-security-c-1.7.3.orig/xsec/tools/checksig/InteropResolver.cpp xml-security-c-1.7.3/xsec/tools/checksig/InteropResolver.cpp ---- xml-security-c-1.7.3.orig/xsec/tools/checksig/InteropResolver.cpp 2012-07-23 19:56:10.000000000 +0300 -+++ xml-security-c-1.7.3/xsec/tools/checksig/InteropResolver.cpp 2017-02-19 22:33:50.000000000 +0200 -@@ -318,7 +318,7 @@ - char * cserial = XMLString::transcode(serial); - char * xserial; - -- BIGNUM * bnserial = ASN1_INTEGER_to_BN(x->cert_info->serialNumber, NULL); -+ BIGNUM * bnserial = ASN1_INTEGER_to_BN(X509_get0_serialNumber(x), NULL); - xserial = BN_bn2dec(bnserial); - BN_free(bnserial); - -@@ -360,8 +360,7 @@ - if (xlen != 0) { - - // Have a buffer with a number in it -- STACK_OF(X509_EXTENSION) *exts; -- exts = x->cert_info->extensions; -+ const STACK_OF(X509_EXTENSION) *exts = X509_get0_extensions(x); - - if (exts != NULL) { - -@@ -379,8 +378,8 @@ - memcpy(&octxski[2], xski, xlen); - - ext = sk_X509_EXTENSION_value(exts,extn); -- ASN1_OCTET_STRING *skid = ext->value; -- ASN1_OCTET_STRING * xskid = M_ASN1_OCTET_STRING_new(); -+ ASN1_OCTET_STRING *skid = X509_EXTENSION_get_data(ext); -+ ASN1_OCTET_STRING * xskid = ASN1_OCTET_STRING_new(); - ASN1_STRING_set(xskid, octxski, xlen+2); - - if (ASN1_OCTET_STRING_cmp(xskid, skid) == 0) { -@@ -602,12 +601,12 @@ - // Now check if the cert is in the CRL (code lifted from OpenSSL x509_vfy.c - - int idx; -- X509_REVOKED rtmp; -+ X509_REVOKED *rtmp = X509_REVOKED_new(); - - /* Look for serial number of certificate in CRL */ - -- rtmp.serialNumber = X509_get_serialNumber(x); -- idx = sk_X509_REVOKED_find(c->crl->revoked, &rtmp); -+ X509_REVOKED_set_serialNumber(rtmp, X509_get_serialNumber(x)); -+ idx = sk_X509_REVOKED_find(X509_CRL_get_REVOKED(c), rtmp); - - /* Not found: OK */ - -diff -U3 -r xml-security-c-1.7.3.orig/xsec/tools/cipher/XencInteropResolver.cpp xml-security-c-1.7.3/xsec/tools/cipher/XencInteropResolver.cpp ---- xml-security-c-1.7.3.orig/xsec/tools/cipher/XencInteropResolver.cpp 2012-07-23 19:56:10.000000000 +0300 -+++ xml-security-c-1.7.3/xsec/tools/cipher/XencInteropResolver.cpp 2017-02-19 22:34:57.000000000 +0200 -@@ -521,7 +521,7 @@ - X509 * x509 = OSSLX509->getOpenSSLX509(); - - // Check the serial number -- BIGNUM * bnserial = ASN1_INTEGER_to_BN(x509->cert_info->serialNumber, NULL); -+ BIGNUM * bnserial = ASN1_INTEGER_to_BN(X509_get0_serialNumber(x509), NULL); - BN_free(bnserial); - - BIO * rsaFile = createFileBIO(mp_baseURI, "rsa.p8"); -diff -U3 -r xml-security-c-1.7.3.orig/xsec/tools/cipher/cipher.cpp xml-security-c-1.7.3/xsec/tools/cipher/cipher.cpp ---- xml-security-c-1.7.3.orig/xsec/tools/cipher/cipher.cpp 2015-01-30 05:55:09.000000000 +0200 -+++ xml-security-c-1.7.3/xsec/tools/cipher/cipher.cpp 2017-02-19 22:37:17.000000000 +0200 -@@ -517,7 +517,7 @@ - - pkey = X509_get_pubkey(x); - -- if (pkey == NULL || pkey->type != EVP_PKEY_RSA) { -+ if (pkey == NULL || EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA) { - cerr << "Error extracting RSA key from certificate" << endl; - } - -diff -U3 -r xml-security-c-1.7.3.orig/xsec/tools/templatesign/templatesign.cpp xml-security-c-1.7.3/xsec/tools/templatesign/templatesign.cpp ---- xml-security-c-1.7.3.orig/xsec/tools/templatesign/templatesign.cpp 2015-01-30 05:55:09.000000000 +0200 -+++ xml-security-c-1.7.3/xsec/tools/templatesign/templatesign.cpp 2017-02-19 21:31:14.000000000 +0200 -@@ -726,7 +726,7 @@ - - // Check type is correct - -- if (pkey->type != EVP_PKEY_DSA) { -+ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_DSA) { - cerr << "DSA Key requested, but OpenSSL loaded something else\n"; - exit (1); - } -@@ -739,7 +739,7 @@ - - // Check type is correct - -- if (pkey->type != EVP_PKEY_EC) { -+ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_EC) { - cerr << "EC Key requested, but OpenSSL loaded something else\n"; - exit (1); - } -@@ -749,7 +749,7 @@ - } - # endif - else { -- if (pkey->type != EVP_PKEY_RSA) { -+ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA) { - cerr << "RSA Key requested, but OpenSSL loaded something else\n"; - exit (1); - } -diff -U3 -r xml-security-c-1.7.3.orig/xsec/tools/xklient/xklient.cpp xml-security-c-1.7.3/xsec/tools/xklient/xklient.cpp ---- xml-security-c-1.7.3.orig/xsec/tools/xklient/xklient.cpp 2012-07-23 19:56:10.000000000 +0300 -+++ xml-security-c-1.7.3/xsec/tools/xklient/xklient.cpp 2017-02-19 22:58:32.000000000 +0200 -@@ -284,7 +284,7 @@ - - #if defined (XSEC_HAVE_OPENSSL) - --XMLCh * BN2b64(BIGNUM * bn) { -+XMLCh * BN2b64(const BIGNUM * bn) { - - int bytes = BN_num_bytes(bn); - unsigned char * binbuf = new unsigned char[bytes + 1]; -@@ -606,7 +606,7 @@ - - // Check type is correct - -- if (pkey->type != EVP_PKEY_DSA) { -+ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_DSA) { - cerr << "DSA Key requested, but OpenSSL loaded something else\n"; - return NULL; - } -@@ -615,10 +615,14 @@ - // Create the XSEC OpenSSL interface - key = new OpenSSLCryptoKeyDSA(pkey); - -- XMLCh * P = BN2b64(pkey->pkey.dsa->p); -- XMLCh * Q = BN2b64(pkey->pkey.dsa->q); -- XMLCh * G = BN2b64(pkey->pkey.dsa->g); -- XMLCh * Y = BN2b64(pkey->pkey.dsa->pub_key); -+ DSA *dsa = EVP_PKEY_get0_DSA(pkey); -+ const BIGNUM *p, *q, *g, *pub_key; -+ DSA_get0_pqg(dsa, &p, &q, &g); -+ DSA_get0_key(dsa, &pub_key, 0); -+ XMLCh * P = BN2b64(p); -+ XMLCh * Q = BN2b64(q); -+ XMLCh * G = BN2b64(g); -+ XMLCh * Y = BN2b64(pub_key); - - sig->appendDSAKeyValue(P,Q,G,Y); - -@@ -628,15 +632,18 @@ - XSEC_RELEASE_XMLCH(Y); - } - else { -- if (pkey->type != EVP_PKEY_RSA) { -+ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA) { - cerr << "RSA Key requested, but OpenSSL loaded something else\n"; - exit (1); - } - sig = lr->addSignature(CANON_C14N_NOC, SIGNATURE_RSA, HASH_SHA1); - key = new OpenSSLCryptoKeyRSA(pkey); - -- XMLCh * mod = BN2b64(pkey->pkey.rsa->n); -- XMLCh * exp = BN2b64(pkey->pkey.rsa->e); -+ RSA *rsa = EVP_PKEY_get0_RSA(pkey); -+ const BIGNUM *n, *e; -+ RSA_get0_key(rsa, &n, &e, 0); -+ XMLCh * mod = BN2b64(n); -+ XMLCh * exp = BN2b64(e); - sig->appendRSAKeyValue(mod, exp); - XSEC_RELEASE_XMLCH(mod); - XSEC_RELEASE_XMLCH(exp); -@@ -878,7 +885,7 @@ - - // Check type is correct - -- if (pkey->type != EVP_PKEY_DSA) { -+ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_DSA) { - cerr << "DSA Key requested, but OpenSSL loaded something else\n"; - return NULL; - } -@@ -887,10 +894,14 @@ - // Create the XSEC OpenSSL interface - key = new OpenSSLCryptoKeyDSA(pkey); - -- XMLCh * P = BN2b64(pkey->pkey.dsa->p); -- XMLCh * Q = BN2b64(pkey->pkey.dsa->q); -- XMLCh * G = BN2b64(pkey->pkey.dsa->g); -- XMLCh * Y = BN2b64(pkey->pkey.dsa->pub_key); -+ DSA *dsa = EVP_PKEY_get0_DSA(pkey); -+ const BIGNUM *p, *q, *g, *pub_key; -+ DSA_get0_pqg(dsa, &p, &q, &g); -+ DSA_get0_key(dsa, &pub_key, 0); -+ XMLCh * P = BN2b64(p); -+ XMLCh * Q = BN2b64(q); -+ XMLCh * G = BN2b64(g); -+ XMLCh * Y = BN2b64(pub_key); - - sig->appendDSAKeyValue(P,Q,G,Y); - -@@ -900,15 +911,18 @@ - XSEC_RELEASE_XMLCH(Y); - } - else { -- if (pkey->type != EVP_PKEY_RSA) { -+ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA) { - cerr << "RSA Key requested, but OpenSSL loaded something else\n"; - exit (1); - } - sig = vr->addSignature(CANON_C14N_NOC, SIGNATURE_RSA, HASH_SHA1); - key = new OpenSSLCryptoKeyRSA(pkey); - -- XMLCh * mod = BN2b64(pkey->pkey.rsa->n); -- XMLCh * exp = BN2b64(pkey->pkey.rsa->e); -+ RSA *rsa = EVP_PKEY_get0_RSA(pkey); -+ const BIGNUM *n, *e; -+ RSA_get0_key(rsa, &n, &e, 0); -+ XMLCh * mod = BN2b64(n); -+ XMLCh * exp = BN2b64(e); - sig->appendRSAKeyValue(mod, exp); - XSEC_RELEASE_XMLCH(mod); - XSEC_RELEASE_XMLCH(exp); -@@ -1229,7 +1243,7 @@ - - // Check type is correct - -- if (pkey->type != EVP_PKEY_DSA) { -+ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_DSA) { - cerr << "DSA Key requested, but OpenSSL loaded something else\n"; - return NULL; - } -@@ -1238,10 +1252,14 @@ - // Create the XSEC OpenSSL interface - key = new OpenSSLCryptoKeyDSA(pkey); - -- XMLCh * P = BN2b64(pkey->pkey.dsa->p); -- XMLCh * Q = BN2b64(pkey->pkey.dsa->q); -- XMLCh * G = BN2b64(pkey->pkey.dsa->g); -- XMLCh * Y = BN2b64(pkey->pkey.dsa->pub_key); -+ DSA *dsa = EVP_PKEY_get0_DSA(pkey); -+ const BIGNUM *p, *q, *g, *pub_key; -+ DSA_get0_pqg(dsa, &p, &q, &g); -+ DSA_get0_key(dsa, &pub_key, 0); -+ XMLCh * P = BN2b64(p); -+ XMLCh * Q = BN2b64(q); -+ XMLCh * G = BN2b64(g); -+ XMLCh * Y = BN2b64(pub_key); - - sig->appendDSAKeyValue(P,Q,G,Y); - -@@ -1251,15 +1269,18 @@ - XSEC_RELEASE_XMLCH(Y); - } - else { -- if (pkey->type != EVP_PKEY_RSA) { -+ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA) { - cerr << "RSA Key requested, but OpenSSL loaded something else\n"; - exit (1); - } - sig = rr->addSignature(CANON_C14N_NOC, SIGNATURE_RSA, HASH_SHA1); - key = new OpenSSLCryptoKeyRSA(pkey); - -- XMLCh * mod = BN2b64(pkey->pkey.rsa->n); -- XMLCh * exp = BN2b64(pkey->pkey.rsa->e); -+ RSA *rsa = EVP_PKEY_get0_RSA(pkey); -+ const BIGNUM *n, *e; -+ RSA_get0_key(rsa, &n, &e, 0); -+ XMLCh * mod = BN2b64(n); -+ XMLCh * exp = BN2b64(e); - sig->appendRSAKeyValue(mod, exp); - XSEC_RELEASE_XMLCH(mod); - XSEC_RELEASE_XMLCH(exp); -@@ -1326,7 +1347,7 @@ - - // Check type is correct - -- if (pkey->type != EVP_PKEY_DSA) { -+ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_DSA) { - cerr << "DSA Key requested, but OpenSSL loaded something else\n"; - return NULL; - } -@@ -1334,10 +1355,14 @@ - proofOfPossessionKey = new OpenSSLCryptoKeyDSA(pkey); - proofOfPossessionSm = SIGNATURE_DSA; - -- XMLCh * P = BN2b64(pkey->pkey.dsa->p); -- XMLCh * Q = BN2b64(pkey->pkey.dsa->q); -- XMLCh * G = BN2b64(pkey->pkey.dsa->g); -- XMLCh * Y = BN2b64(pkey->pkey.dsa->pub_key); -+ DSA *dsa = EVP_PKEY_get0_DSA(pkey); -+ const BIGNUM *p, *q, *g, *pub_key; -+ DSA_get0_pqg(dsa, &p, &q, &g); -+ DSA_get0_key(dsa, &pub_key, 0); -+ XMLCh * P = BN2b64(p); -+ XMLCh * Q = BN2b64(q); -+ XMLCh * G = BN2b64(g); -+ XMLCh * Y = BN2b64(pub_key); - - pkb->appendDSAKeyValue(P,Q,G,Y); - -@@ -1347,7 +1372,7 @@ - XSEC_RELEASE_XMLCH(Y); - } - else { -- if (pkey->type != EVP_PKEY_RSA) { -+ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA) { - cerr << "RSA Key requested, but OpenSSL loaded something else\n"; - exit (1); - } -@@ -1355,8 +1380,11 @@ - proofOfPossessionKey = new OpenSSLCryptoKeyRSA(pkey); - proofOfPossessionSm = SIGNATURE_RSA; - -- XMLCh * mod = BN2b64(pkey->pkey.rsa->n); -- XMLCh * exp = BN2b64(pkey->pkey.rsa->e); -+ RSA *rsa = EVP_PKEY_get0_RSA(pkey); -+ const BIGNUM *n, *e; -+ RSA_get0_key(rsa, &n, &e, 0); -+ XMLCh * mod = BN2b64(n); -+ XMLCh * exp = BN2b64(e); - pkb->appendRSAKeyValue(mod, exp); - XSEC_RELEASE_XMLCH(mod); - XSEC_RELEASE_XMLCH(exp); -@@ -1622,7 +1650,7 @@ - - // Check type is correct - -- if (pkey->type != EVP_PKEY_DSA) { -+ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_DSA) { - cerr << "DSA Key requested, but OpenSSL loaded something else\n"; - return NULL; - } -@@ -1631,10 +1659,14 @@ - // Create the XSEC OpenSSL interface - key = new OpenSSLCryptoKeyDSA(pkey); - -- XMLCh * P = BN2b64(pkey->pkey.dsa->p); -- XMLCh * Q = BN2b64(pkey->pkey.dsa->q); -- XMLCh * G = BN2b64(pkey->pkey.dsa->g); -- XMLCh * Y = BN2b64(pkey->pkey.dsa->pub_key); -+ DSA *dsa = EVP_PKEY_get0_DSA(pkey); -+ const BIGNUM *p, *q, *g, *pub_key; -+ DSA_get0_pqg(dsa, &p, &q, &g); -+ DSA_get0_key(dsa, &pub_key, 0); -+ XMLCh * P = BN2b64(p); -+ XMLCh * Q = BN2b64(q); -+ XMLCh * G = BN2b64(g); -+ XMLCh * Y = BN2b64(pub_key); - - sig->appendDSAKeyValue(P,Q,G,Y); - -@@ -1644,15 +1676,18 @@ - XSEC_RELEASE_XMLCH(Y); - } - else { -- if (pkey->type != EVP_PKEY_RSA) { -+ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA) { - cerr << "RSA Key requested, but OpenSSL loaded something else\n"; - exit (1); - } - sig = rr->addSignature(CANON_C14N_NOC, SIGNATURE_RSA, HASH_SHA1); - key = new OpenSSLCryptoKeyRSA(pkey); - -- XMLCh * mod = BN2b64(pkey->pkey.rsa->n); -- XMLCh * exp = BN2b64(pkey->pkey.rsa->e); -+ RSA *rsa = EVP_PKEY_get0_RSA(pkey); -+ const BIGNUM *n, *e; -+ RSA_get0_key(rsa, &n, &e, 0); -+ XMLCh * mod = BN2b64(n); -+ XMLCh * exp = BN2b64(e); - sig->appendRSAKeyValue(mod, exp); - XSEC_RELEASE_XMLCH(mod); - XSEC_RELEASE_XMLCH(exp); -@@ -1719,15 +1754,19 @@ - - // Check type is correct - -- if (pkey->type != EVP_PKEY_DSA) { -+ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_DSA) { - cerr << "DSA Key requested, but OpenSSL loaded something else\n"; - return NULL; - } - -- XMLCh * P = BN2b64(pkey->pkey.dsa->p); -- XMLCh * Q = BN2b64(pkey->pkey.dsa->q); -- XMLCh * G = BN2b64(pkey->pkey.dsa->g); -- XMLCh * Y = BN2b64(pkey->pkey.dsa->pub_key); -+ DSA *dsa = EVP_PKEY_get0_DSA(pkey); -+ const BIGNUM *p, *q, *g, *pub_key; -+ DSA_get0_pqg(dsa, &p, &q, &g); -+ DSA_get0_key(dsa, &pub_key, 0); -+ XMLCh * P = BN2b64(p); -+ XMLCh * Q = BN2b64(q); -+ XMLCh * G = BN2b64(g); -+ XMLCh * Y = BN2b64(pub_key); - - rkb->appendDSAKeyValue(P,Q,G,Y); - -@@ -1737,13 +1776,16 @@ - XSEC_RELEASE_XMLCH(Y); - } - else { -- if (pkey->type != EVP_PKEY_RSA) { -+ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA) { - cerr << "RSA Key requested, but OpenSSL loaded something else\n"; - exit (1); - } - -- XMLCh * mod = BN2b64(pkey->pkey.rsa->n); -- XMLCh * exp = BN2b64(pkey->pkey.rsa->e); -+ RSA *rsa = EVP_PKEY_get0_RSA(pkey); -+ const BIGNUM *n, *e; -+ RSA_get0_key(rsa, &n, &e, 0); -+ XMLCh * mod = BN2b64(n); -+ XMLCh * exp = BN2b64(e); - rkb->appendRSAKeyValue(mod, exp); - XSEC_RELEASE_XMLCH(mod); - XSEC_RELEASE_XMLCH(exp); -@@ -1977,7 +2019,7 @@ - - // Check type is correct - -- if (pkey->type != EVP_PKEY_DSA) { -+ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_DSA) { - cerr << "DSA Key requested, but OpenSSL loaded something else\n"; - return NULL; - } -@@ -1986,10 +2028,14 @@ - // Create the XSEC OpenSSL interface - key = new OpenSSLCryptoKeyDSA(pkey); - -- XMLCh * P = BN2b64(pkey->pkey.dsa->p); -- XMLCh * Q = BN2b64(pkey->pkey.dsa->q); -- XMLCh * G = BN2b64(pkey->pkey.dsa->g); -- XMLCh * Y = BN2b64(pkey->pkey.dsa->pub_key); -+ DSA *dsa = EVP_PKEY_get0_DSA(pkey); -+ const BIGNUM *p, *q, *g, *pub_key; -+ DSA_get0_pqg(dsa, &p, &q, &g); -+ DSA_get0_key(dsa, &pub_key, 0); -+ XMLCh * P = BN2b64(p); -+ XMLCh * Q = BN2b64(q); -+ XMLCh * G = BN2b64(g); -+ XMLCh * Y = BN2b64(pub_key); - - sig->appendDSAKeyValue(P,Q,G,Y); - -@@ -1999,15 +2045,18 @@ - XSEC_RELEASE_XMLCH(Y); - } - else { -- if (pkey->type != EVP_PKEY_RSA) { -+ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA) { - cerr << "RSA Key requested, but OpenSSL loaded something else\n"; - exit (1); - } - sig = rr->addSignature(CANON_C14N_NOC, SIGNATURE_RSA, HASH_SHA1); - key = new OpenSSLCryptoKeyRSA(pkey); - -- XMLCh * mod = BN2b64(pkey->pkey.rsa->n); -- XMLCh * exp = BN2b64(pkey->pkey.rsa->e); -+ RSA *rsa = EVP_PKEY_get0_RSA(pkey); -+ const BIGNUM *n, *e; -+ RSA_get0_key(rsa, &n, &e, 0); -+ XMLCh * mod = BN2b64(n); -+ XMLCh * exp = BN2b64(e); - sig->appendRSAKeyValue(mod, exp); - XSEC_RELEASE_XMLCH(mod); - XSEC_RELEASE_XMLCH(exp); -@@ -2074,7 +2123,7 @@ - - // Check type is correct - -- if (pkey->type != EVP_PKEY_DSA) { -+ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_DSA) { - cerr << "DSA Key requested, but OpenSSL loaded something else\n"; - return NULL; - } -@@ -2082,10 +2131,14 @@ - proofOfPossessionKey = new OpenSSLCryptoKeyDSA(pkey); - proofOfPossessionSm = SIGNATURE_DSA; - -- XMLCh * P = BN2b64(pkey->pkey.dsa->p); -- XMLCh * Q = BN2b64(pkey->pkey.dsa->q); -- XMLCh * G = BN2b64(pkey->pkey.dsa->g); -- XMLCh * Y = BN2b64(pkey->pkey.dsa->pub_key); -+ DSA *dsa = EVP_PKEY_get0_DSA(pkey); -+ const BIGNUM *p, *q, *g, *pub_key; -+ DSA_get0_pqg(dsa, &p, &q, &g); -+ DSA_get0_key(dsa, &pub_key, 0); -+ XMLCh * P = BN2b64(p); -+ XMLCh * Q = BN2b64(q); -+ XMLCh * G = BN2b64(g); -+ XMLCh * Y = BN2b64(pub_key); - - pkb->appendDSAKeyValue(P,Q,G,Y); - -@@ -2095,7 +2148,7 @@ - XSEC_RELEASE_XMLCH(Y); - } - else { -- if (pkey->type != EVP_PKEY_RSA) { -+ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA) { - cerr << "RSA Key requested, but OpenSSL loaded something else\n"; - exit (1); - } -@@ -2103,8 +2156,11 @@ - proofOfPossessionKey = new OpenSSLCryptoKeyRSA(pkey); - proofOfPossessionSm = SIGNATURE_RSA; - -- XMLCh * mod = BN2b64(pkey->pkey.rsa->n); -- XMLCh * exp = BN2b64(pkey->pkey.rsa->e); -+ RSA *rsa = EVP_PKEY_get0_RSA(pkey); -+ const BIGNUM *n, *e; -+ RSA_get0_key(rsa, &n, &e, 0); -+ XMLCh * mod = BN2b64(n); -+ XMLCh * exp = BN2b64(e); - pkb->appendRSAKeyValue(mod, exp); - XSEC_RELEASE_XMLCH(mod); - XSEC_RELEASE_XMLCH(exp); -@@ -2371,7 +2427,7 @@ - - // Check type is correct - -- if (pkey->type != EVP_PKEY_DSA) { -+ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_DSA) { - cerr << "DSA Key requested, but OpenSSL loaded something else\n"; - return NULL; - } -@@ -2380,10 +2436,14 @@ - // Create the XSEC OpenSSL interface - key = new OpenSSLCryptoKeyDSA(pkey); - -- XMLCh * P = BN2b64(pkey->pkey.dsa->p); -- XMLCh * Q = BN2b64(pkey->pkey.dsa->q); -- XMLCh * G = BN2b64(pkey->pkey.dsa->g); -- XMLCh * Y = BN2b64(pkey->pkey.dsa->pub_key); -+ DSA *dsa = EVP_PKEY_get0_DSA(pkey); -+ const BIGNUM *p, *q, *g, *pub_key; -+ DSA_get0_pqg(dsa, &p, &q, &g); -+ DSA_get0_key(dsa, &pub_key, 0); -+ XMLCh * P = BN2b64(p); -+ XMLCh * Q = BN2b64(q); -+ XMLCh * G = BN2b64(g); -+ XMLCh * Y = BN2b64(pub_key); - - sig->appendDSAKeyValue(P,Q,G,Y); - -@@ -2393,15 +2453,18 @@ - XSEC_RELEASE_XMLCH(Y); - } - else { -- if (pkey->type != EVP_PKEY_RSA) { -+ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA) { - cerr << "RSA Key requested, but OpenSSL loaded something else\n"; - exit (1); - } - sig = rr->addSignature(CANON_C14N_NOC, SIGNATURE_RSA, HASH_SHA1); - key = new OpenSSLCryptoKeyRSA(pkey); - -- XMLCh * mod = BN2b64(pkey->pkey.rsa->n); -- XMLCh * exp = BN2b64(pkey->pkey.rsa->e); -+ RSA *rsa = EVP_PKEY_get0_RSA(pkey); -+ const BIGNUM *n, *e; -+ RSA_get0_key(rsa, &n, &e, 0); -+ XMLCh * mod = BN2b64(n); -+ XMLCh * exp = BN2b64(e); - sig->appendRSAKeyValue(mod, exp); - XSEC_RELEASE_XMLCH(mod); - XSEC_RELEASE_XMLCH(exp); -@@ -2468,15 +2531,19 @@ - - // Check type is correct - -- if (pkey->type != EVP_PKEY_DSA) { -+ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_DSA) { - cerr << "DSA Key requested, but OpenSSL loaded something else\n"; - return NULL; - } - -- XMLCh * P = BN2b64(pkey->pkey.dsa->p); -- XMLCh * Q = BN2b64(pkey->pkey.dsa->q); -- XMLCh * G = BN2b64(pkey->pkey.dsa->g); -- XMLCh * Y = BN2b64(pkey->pkey.dsa->pub_key); -+ DSA *dsa = EVP_PKEY_get0_DSA(pkey); -+ const BIGNUM *p, *q, *g, *pub_key; -+ DSA_get0_pqg(dsa, &p, &q, &g); -+ DSA_get0_key(dsa, &pub_key, 0); -+ XMLCh * P = BN2b64(p); -+ XMLCh * Q = BN2b64(q); -+ XMLCh * G = BN2b64(g); -+ XMLCh * Y = BN2b64(pub_key); - - rkb->appendDSAKeyValue(P,Q,G,Y); - -@@ -2486,13 +2553,16 @@ - XSEC_RELEASE_XMLCH(Y); - } - else { -- if (pkey->type != EVP_PKEY_RSA) { -+ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA) { - cerr << "RSA Key requested, but OpenSSL loaded something else\n"; - exit (1); - } - -- XMLCh * mod = BN2b64(pkey->pkey.rsa->n); -- XMLCh * exp = BN2b64(pkey->pkey.rsa->e); -+ RSA *rsa = EVP_PKEY_get0_RSA(pkey); -+ const BIGNUM *n, *e; -+ RSA_get0_key(rsa, &n, &e, 0); -+ XMLCh * mod = BN2b64(n); -+ XMLCh * exp = BN2b64(e); - rkb->appendRSAKeyValue(mod, exp); - XSEC_RELEASE_XMLCH(mod); - XSEC_RELEASE_XMLCH(exp); -@@ -3251,14 +3321,17 @@ - - // Create the RSA key file - RSA * rsa = RSA_new(); -- rsa->n = OpenSSLCryptoBase64::b642BN(sModulus, (unsigned int) strlen(sModulus)); -- rsa->e = OpenSSLCryptoBase64::b642BN(sExponent, (unsigned int) strlen(sExponent)); -- rsa->d = OpenSSLCryptoBase64::b642BN(sD, (unsigned int) strlen(sD)); -- rsa->p = OpenSSLCryptoBase64::b642BN(sP, (unsigned int) strlen(sP)); -- rsa->q = OpenSSLCryptoBase64::b642BN(sQ, (unsigned int) strlen(sQ)); -- rsa->dmp1 = OpenSSLCryptoBase64::b642BN(sDP, (unsigned int) strlen(sDP)); -- rsa->dmq1 = OpenSSLCryptoBase64::b642BN(sDQ, (unsigned int) strlen(sDQ)); -- rsa->iqmp = OpenSSLCryptoBase64::b642BN(sInverseQ, (unsigned int) strlen(sInverseQ)); -+ RSA_set0_key(rsa, -+ OpenSSLCryptoBase64::b642BN(sModulus, (unsigned int) strlen(sModulus)), -+ OpenSSLCryptoBase64::b642BN(sExponent, (unsigned int) strlen(sExponent)), -+ OpenSSLCryptoBase64::b642BN(sD, (unsigned int) strlen(sD))); -+ RSA_set0_factors(rsa, -+ OpenSSLCryptoBase64::b642BN(sP, (unsigned int) strlen(sP)), -+ OpenSSLCryptoBase64::b642BN(sQ, (unsigned int) strlen(sQ))); -+ RSA_set0_crt_params(rsa, -+ OpenSSLCryptoBase64::b642BN(sDP, (unsigned int) strlen(sDP)), -+ OpenSSLCryptoBase64::b642BN(sDQ, (unsigned int) strlen(sDQ)), -+ OpenSSLCryptoBase64::b642BN(sInverseQ, (unsigned int) strlen(sInverseQ))); - - // Write it to disk - BIO *out; -@@ -3367,14 +3440,17 @@ - - // Create the RSA key file - RSA * rsa = RSA_new(); -- rsa->n = OpenSSLCryptoBase64::b642BN(sModulus, (unsigned int) strlen(sModulus)); -- rsa->e = OpenSSLCryptoBase64::b642BN(sExponent, (unsigned int) strlen(sExponent)); -- rsa->d = OpenSSLCryptoBase64::b642BN(sD, (unsigned int) strlen(sD)); -- rsa->p = OpenSSLCryptoBase64::b642BN(sP, (unsigned int) strlen(sP)); -- rsa->q = OpenSSLCryptoBase64::b642BN(sQ, (unsigned int) strlen(sQ)); -- rsa->dmp1 = OpenSSLCryptoBase64::b642BN(sDP, (unsigned int) strlen(sDP)); -- rsa->dmq1 = OpenSSLCryptoBase64::b642BN(sDQ, (unsigned int) strlen(sDQ)); -- rsa->iqmp = OpenSSLCryptoBase64::b642BN(sInverseQ, (unsigned int) strlen(sInverseQ)); -+ RSA_set0_key(rsa, -+ OpenSSLCryptoBase64::b642BN(sModulus, (unsigned int) strlen(sModulus)), -+ OpenSSLCryptoBase64::b642BN(sExponent, (unsigned int) strlen(sExponent)), -+ OpenSSLCryptoBase64::b642BN(sD, (unsigned int) strlen(sD))); -+ RSA_set0_factors(rsa, -+ OpenSSLCryptoBase64::b642BN(sP, (unsigned int) strlen(sP)), -+ OpenSSLCryptoBase64::b642BN(sQ, (unsigned int) strlen(sQ))); -+ RSA_set0_crt_params(rsa, -+ OpenSSLCryptoBase64::b642BN(sDP, (unsigned int) strlen(sDP)), -+ OpenSSLCryptoBase64::b642BN(sDQ, (unsigned int) strlen(sDQ)), -+ OpenSSLCryptoBase64::b642BN(sInverseQ, (unsigned int) strlen(sInverseQ))); - - // Write it to disk - BIO *out; - diff --git a/dev-libs/xml-security-c/files/xml-security-c-2.0.2-libressl.patch b/dev-libs/xml-security-c/files/xml-security-c-2.0.2-libressl.patch deleted file mode 100644 index 754ddc6..0000000 --- a/dev-libs/xml-security-c/files/xml-security-c-2.0.2-libressl.patch +++ /dev/null @@ -1,52 +0,0 @@ -diff --git a/xsec/enc/OpenSSL/OpenSSLCryptoBase64.cpp b/xsec/enc/OpenSSL/OpenSSLCryptoBase64.cpp -index 2ad9da6e..a8ea9f1d 100644 ---- a/xsec/enc/OpenSSL/OpenSSLCryptoBase64.cpp -+++ b/xsec/enc/OpenSSL/OpenSSLCryptoBase64.cpp -@@ -48,7 +48,7 @@ XERCES_CPP_NAMESPACE_USE - // Construction/Destruction - // -------------------------------------------------------------------------------- - --#if (OPENSSL_VERSION_NUMBER < 0x10100000L) -+#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER) - OpenSSLCryptoBase64::OpenSSLCryptoBase64() : mp_ectx(&m_ectx_store), mp_dctx(&m_dctx_store) { } - OpenSSLCryptoBase64::~OpenSSLCryptoBase64() { } - #else -diff --git a/xsec/enc/OpenSSL/OpenSSLCryptoBase64.hpp b/xsec/enc/OpenSSL/OpenSSLCryptoBase64.hpp -index c892eac4..82aeb0a1 100644 ---- a/xsec/enc/OpenSSL/OpenSSLCryptoBase64.hpp -+++ b/xsec/enc/OpenSSL/OpenSSLCryptoBase64.hpp -@@ -205,7 +205,7 @@ private : - EVP_ENCODE_CTX *mp_ectx; // Encode context - EVP_ENCODE_CTX *mp_dctx; // Decode context - --#if (OPENSSL_VERSION_NUMBER < 0x10100000L) -+#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER) - EVP_ENCODE_CTX m_ectx_store; - EVP_ENCODE_CTX m_dctx_store; - #endif -diff --git a/xsec/enc/OpenSSL/OpenSSLSupport.cpp b/xsec/enc/OpenSSL/OpenSSLSupport.cpp -index dfd37eb3..cf874f82 100644 ---- a/xsec/enc/OpenSSL/OpenSSLSupport.cpp -+++ b/xsec/enc/OpenSSL/OpenSSLSupport.cpp -@@ -273,7 +273,7 @@ int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s) - - #endif - --#if (OPENSSL_VERSION_NUMBER < 0x10100000L) -+#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER) - EvpEncodeCtxRAII::EvpEncodeCtxRAII() : mp_ctx(&mp_ctx_store) { }; - EvpEncodeCtxRAII::~EvpEncodeCtxRAII() { } - #else -diff --git a/xsec/enc/OpenSSL/OpenSSLSupport.hpp b/xsec/enc/OpenSSL/OpenSSLSupport.hpp -index e3527fae..b5f67f26 100644 ---- a/xsec/enc/OpenSSL/OpenSSLSupport.hpp -+++ b/xsec/enc/OpenSSL/OpenSSLSupport.hpp -@@ -88,7 +88,7 @@ public: - - private: - EVP_ENCODE_CTX *mp_ctx; --#if (OPENSSL_VERSION_NUMBER < 0x10100000L) -+#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER) - EVP_ENCODE_CTX mp_ctx_store; - #endif - }; -- cgit v1.2.3-65-gdbad