Page MenuHomeFreeBSD
Files F145927815

D19347.id54494.diff
No OneTemporary
Actions

D19347.id54494.diff
View Options

Index: head/devel/qca/Makefile
===================================================================
--- head/devel/qca/Makefile
+++ head/devel/qca/Makefile
@@ -3,7 +3,7 @@
PORTNAME= qca
PORTVERSION= 2.1.3
-PORTREVISION= 5
+PORTREVISION= 6
CATEGORIES= devel
MASTER_SITES= KDE/stable/qca/${PORTVERSION}/src
PKGNAMESUFFIX= -${FLAVOR}
Index: head/devel/qca/files/patch-openssl110_01
===================================================================
--- head/devel/qca/files/patch-openssl110_01
+++ head/devel/qca/files/patch-openssl110_01
@@ -0,0 +1,44 @@
+Revert a change to the 2.1 branch that conflicts with a more extensive one from
+the master branch (159e144abf, "Disable missed openssl cipher suites"). That
+one is more extensive and is necessary for a clean backport of the upstream
+change adding support for OpenSSL 1.1.0.
+---
+From ecec3886ac73a5cfc8eb1f5929171afb89b204c3 Mon Sep 17 00:00:00 2001
+From: Raphael Kubo da Costa <rakuco@FreeBSD.org>
+Date: Mon, 25 Feb 2019 13:31:51 +0100
+Subject: [PATCH 1/2] Revert "tlsunittest: disable some ciphers"
+
+This reverts commit 89800d4341a3346cee53bc28e18d9a3972e33378.
+---
+ unittest/tls/tlsunittest.cpp | 8 ++------
+ 1 file changed, 2 insertions(+), 6 deletions(-)
+
+diff --git a/unittest/tls/tlsunittest.cpp b/unittest/tls/tlsunittest.cpp
+index fb8fa10..74c0b18 100644
+--- unittest/tls/tlsunittest.cpp
++++ unittest/tls/tlsunittest.cpp
+@@ -69,9 +69,7 @@ void TLSUnitTest::testCipherList()
+ QVERIFY( cipherList.contains("TLS_DHE_DSS_WITH_AES_128_CBC_SHA") );
+ QVERIFY( cipherList.contains("TLS_RSA_WITH_AES_128_CBC_SHA") );
+ QVERIFY( cipherList.contains("TLS_RSA_WITH_RC4_128_SHA") );
+-
+- // Fedora 22 has no TLS_RSA_WITH_RC4_128_MD5
+- // QVERIFY( cipherList.contains("TLS_RSA_WITH_RC4_128_MD5") );
++ QVERIFY( cipherList.contains("TLS_RSA_WITH_RC4_128_MD5") );
+
+ // Fedora 20 openssl has no this cipher suites.
+ // I just believe that F20 has the most strict patent rules
+@@ -98,9 +96,7 @@ void TLSUnitTest::testCipherList()
+ QVERIFY( cipherList.contains("SSL_DHE_DSS_WITH_AES_128_CBC_SHA") );
+ QVERIFY( cipherList.contains("SSL_RSA_WITH_AES_128_CBC_SHA") );
+ QVERIFY( cipherList.contains("SSL_RSA_WITH_RC4_128_SHA") );
+-
+- // Fedora 22 has no SSL_RSA_WITH_RC4_128_MD5
+- // QVERIFY( cipherList.contains("SSL_RSA_WITH_RC4_128_MD5") );
++ QVERIFY( cipherList.contains("SSL_RSA_WITH_RC4_128_MD5") );
+
+ // QVERIFY( cipherList.contains("SSL_DHE_RSA_WITH_DES_CBC_SHA") );
+ // QVERIFY( cipherList.contains("SSL_DHE_DSS_WITH_DES_CBC_SHA") );
+--
+2.20.1
+
Index: head/devel/qca/files/patch-openssl110_02
===================================================================
--- head/devel/qca/files/patch-openssl110_02
+++ head/devel/qca/files/patch-openssl110_02
@@ -0,0 +1,47 @@
+This change is part of the master branch but was never integrated into the 2.1
+branch, which only has a similar but less extensive commit mentioning Fedora 22.
+
+This backport is necessary for a clean cherry-pick of the change adding support
+for OpenSSL 1.1.0 upstream.
+---
+From 802180b9611e816b12b58c279824106514941d53 Mon Sep 17 00:00:00 2001
+From: Ivan Romanov <drizt@land.ru>
+Date: Sat, 30 Sep 2017 15:45:59 +0500
+Subject: [PATCH 2/2] Disable missed openssl cipher suites
+
+Fedora 26 has no them.
+---
+ unittest/tls/tlsunittest.cpp | 10 ++++++----
+ 1 file changed, 6 insertions(+), 4 deletions(-)
+
+diff --git a/unittest/tls/tlsunittest.cpp b/unittest/tls/tlsunittest.cpp
+index 74c0b18..38caf2d 100644
+--- unittest/tls/tlsunittest.cpp
++++ unittest/tls/tlsunittest.cpp
+@@ -68,8 +68,12 @@ void TLSUnitTest::testCipherList()
+ QVERIFY( cipherList.contains("TLS_DHE_RSA_WITH_AES_128_CBC_SHA") );
+ QVERIFY( cipherList.contains("TLS_DHE_DSS_WITH_AES_128_CBC_SHA") );
+ QVERIFY( cipherList.contains("TLS_RSA_WITH_AES_128_CBC_SHA") );
+- QVERIFY( cipherList.contains("TLS_RSA_WITH_RC4_128_SHA") );
+- QVERIFY( cipherList.contains("TLS_RSA_WITH_RC4_128_MD5") );
++
++ // Fedora 26 openssl has no this cipher suites.
++ // QVERIFY( cipherList.contains("TLS_RSA_WITH_RC4_128_SHA") );
++ // QVERIFY( cipherList.contains("TLS_RSA_WITH_RC4_128_MD5") );
++ // QVERIFY( cipherList.contains("SSL_RSA_WITH_RC4_128_SHA") );
++ // QVERIFY( cipherList.contains("SSL_RSA_WITH_RC4_128_MD5") );
+
+ // Fedora 20 openssl has no this cipher suites.
+ // I just believe that F20 has the most strict patent rules
+@@ -95,8 +99,6 @@ void TLSUnitTest::testCipherList()
+ QVERIFY( cipherList.contains("SSL_DHE_RSA_WITH_AES_128_CBC_SHA") );
+ QVERIFY( cipherList.contains("SSL_DHE_DSS_WITH_AES_128_CBC_SHA") );
+ QVERIFY( cipherList.contains("SSL_RSA_WITH_AES_128_CBC_SHA") );
+- QVERIFY( cipherList.contains("SSL_RSA_WITH_RC4_128_SHA") );
+- QVERIFY( cipherList.contains("SSL_RSA_WITH_RC4_128_MD5") );
+
+ // QVERIFY( cipherList.contains("SSL_DHE_RSA_WITH_DES_CBC_SHA") );
+ // QVERIFY( cipherList.contains("SSL_DHE_DSS_WITH_DES_CBC_SHA") );
+--
+2.20.1
+
Index: head/devel/qca/files/patch-openssl110_03
===================================================================
--- head/devel/qca/files/patch-openssl110_03
+++ head/devel/qca/files/patch-openssl110_03
@@ -0,0 +1,1802 @@
+The upstream commit is d58e20ee65, "Add support for OpenSSL 1.1.0" by
+the same author below. This is a backport for a commit that only
+landed in QCA's master branch.
+
+Instead of backporting the vanilla commit from upstream, grab the
+OpenSUSE version created by the same author of the upstream change: it
+resolves some conflicts due to the fact that the upstream commit was
+applied on top of commit 57878ff44 ("Add support for AES GCM and AES
+CCM modes"), which is not present in the 2.1 branch that version 2.1.3
+is based on.
+---
+From 32bab34def80e08ca0b0d3a75f521369a8ee9ff0 Mon Sep 17 00:00:00 2001
+From: Fabian Vogt <fabian@ritter-vogt.de>
+Date: Sat, 16 Dec 2017 22:29:40 +0100
+Subject: [PATCH 3/3] Add support for OpenSSL 1.1.0
+
+Test Plan:
+Ran the testsuite with OpenSSL 1.1.0g and 1.0.2j, all passed.
+Using this code with kdeconnect and okteta successfully on my system now.
+
+Reviewers: iromanov
+
+Differential Revision: https://phabricator.kde.org/D9416
+---
+ plugins/qca-ossl/ossl110-compat.h | 283 ++++++++++++++++++
+ plugins/qca-ossl/qca-ossl.cpp | 587 +++++++++++++++++++++++++-------------
+ unittest/tls/tlsunittest.cpp | 35 +--
+ 3 files changed, 687 insertions(+), 218 deletions(-)
+ create mode 100644 plugins/qca-ossl/ossl110-compat.h
+
+diff --git a/plugins/qca-ossl/ossl110-compat.h b/plugins/qca-ossl/ossl110-compat.h
+new file mode 100644
+index 0000000..ec15475
+--- /dev/null
++++ plugins/qca-ossl/ossl110-compat.h
+@@ -0,0 +1,283 @@
++/*
++ * Copyright (C) 2017 Gabriel Souza Franco <gabrielfrancosouza@gmail.com>
++ *
++ * This library is free software; you can redistribute it and/or
++ * modify it under the terms of the GNU Lesser General Public
++ * License as published by the Free Software Foundation; either
++ * version 2.1 of the License, or (at your option) any later version.
++ *
++ * This library is distributed in the hope that it will be useful,
++ * but WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
++ * Lesser General Public License for more details.
++ *
++ * You should have received a copy of the GNU Lesser General Public
++ * License along with this library; if not, write to the Free Software
++ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
++ *
++ */
++
++#ifndef OSSL110COMPAT_H
++#define OSSL110COMPAT_H
++
++#include <openssl/evp.h>
++#include <openssl/hmac.h>
++#include <openssl/rsa.h>
++#include <openssl/dsa.h>
++
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#define RSA_F_RSA_METH_DUP 161
++
++static void DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps)
++{
++ if (pr)
++ *pr = sig->r;
++ if (ps)
++ *ps = sig->s;
++}
++
++static int DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s)
++{
++ if (!sig) return 0;
++ sig->r = r;
++ sig->s = s;
++ return 1;
++}
++
++static void DSA_get0_pqg(const DSA *dsa, const BIGNUM **p, const BIGNUM **q, const BIGNUM **g)
++{
++ if (p)
++ *p = dsa->p;
++ if (q)
++ *q = dsa->q;
++ if (g)
++ *g = dsa->g;
++}
++
++static int DSA_set0_pqg(DSA *dsa, BIGNUM *p, BIGNUM *q, BIGNUM *g)
++{
++ if (!dsa) return 0;
++ dsa->p = p;
++ dsa->q = q;
++ dsa->g = g;
++ return 1;
++}
++
++static void RSA_get0_key(const RSA *rsa, const BIGNUM **n, const BIGNUM **e, const BIGNUM **d)
++{
++ if (n)
++ *n = rsa->n;
++ if (e)
++ *e = rsa->e;
++ if (d)
++ *d = rsa->d;
++}
++
++static int RSA_set0_key(RSA *rsa, BIGNUM *n, BIGNUM *e, BIGNUM *d)
++{
++ if (!rsa) return 0;
++ rsa->n = n;
++ rsa->e = e;
++ rsa->d = d;
++ return 1;
++}
++
++static void RSA_get0_factors(const RSA *rsa, const BIGNUM **p, const BIGNUM **q)
++{
++ if (p)
++ *p = rsa->p;
++ if (q)
++ *q = rsa->q;
++}
++
++static int RSA_set0_factors(RSA *rsa, BIGNUM *p, BIGNUM *q)
++{
++ if (!rsa) return 0;
++ rsa->p = p;
++ rsa->q = q;
++ return 1;
++}
++
++static void DH_get0_pqg(const DH *dh, const BIGNUM **p, const BIGNUM **q, const BIGNUM **g)
++{
++ if (p)
++ *p = dh->p;
++ if (q)
++ *q = dh->q;
++ if (g)
++ *g = dh->g;
++}
++
++static int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g)
++{
++ if (!dh) return 0;
++ dh->p = p;
++ dh->q = q;
++ dh->g = g;
++ return 1;
++}
++
++static void DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key)
++{
++ if (pub_key)
++ *pub_key = dh->pub_key;
++ if (priv_key)
++ *priv_key = dh->priv_key;
++}
++
++static int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key)
++{
++ if (!dh) return 0;
++ dh->pub_key = pub_key;
++ dh->priv_key = priv_key;
++ return 1;
++}
++
++static void DSA_get0_key(const DSA *dsa, const BIGNUM **pub_key, const BIGNUM **priv_key)
++{
++ if (pub_key)
++ *pub_key = dsa->pub_key;
++ if (priv_key)
++ *priv_key = dsa->priv_key;
++}
++
++static int DSA_set0_key(DSA *dsa, BIGNUM *pub_key, BIGNUM *priv_key)
++{
++ if (!dsa) return 0;
++ dsa->pub_key = pub_key;
++ dsa->priv_key = priv_key;
++ return 1;
++}
++
++static void X509_SIG_getm(const X509_SIG *sig, X509_ALGOR **palg, ASN1_OCTET_STRING **pdigest)
++{
++ if (palg)
++ *palg = sig->algor;
++ if (pdigest)
++ *pdigest = sig->digest;
++}
++
++static void X509_REQ_get0_signature(const X509_REQ *req, const ASN1_BIT_STRING **psig, const X509_ALGOR **palg)
++{
++ if (psig)
++ *psig = req->signature;
++ if (palg)
++ *palg = req->sig_alg;
++}
++
++static void X509_CRL_get0_signature(const X509_CRL *crl, const ASN1_BIT_STRING **psig, const X509_ALGOR **palg)
++{
++ if (psig)
++ *psig = crl->signature;
++ if (palg)
++ *palg = crl->sig_alg;
++}
++
++static RSA_METHOD *RSA_meth_dup(const RSA_METHOD *meth)
++{
++ if (!meth)
++ return NULL;
++
++ RSA_METHOD *_meth = (RSA_METHOD *) OPENSSL_malloc(sizeof(*_meth));
++
++ if (!_meth)
++ {
++ RSAerr(RSA_F_RSA_METH_DUP, ERR_R_MALLOC_FAILURE);
++ return NULL;
++ }
++
++ memcpy(_meth, meth, sizeof(*_meth));
++ _meth->name = strdup(meth->name);
++ if (!_meth->name) {
++ OPENSSL_free(_meth);
++ RSAerr(RSA_F_RSA_METH_DUP, ERR_R_MALLOC_FAILURE);
++ return NULL;
++ }
++
++ return _meth;
++}
++
++static int RSA_meth_set_priv_enc(RSA_METHOD *rsa, int (*priv_enc) (int flen, const unsigned char *from,
++ unsigned char *to, RSA *rsa, int padding))
++{
++ if (!rsa) return 0;
++ rsa->rsa_priv_enc = priv_enc;
++ return 1;
++}
++
++static int RSA_meth_set_priv_dec(RSA_METHOD *rsa, int (*priv_dec) (int flen, const unsigned char *from,
++ unsigned char *to, RSA *rsa, int padding))
++{
++ if (!rsa) return 0;
++ rsa->rsa_priv_dec = priv_dec;
++ return 1;
++}
++
++static int RSA_meth_set_sign(RSA_METHOD *meth, int (*sign) (int type, const unsigned char *m,
++ unsigned int m_length, unsigned char *sigret, unsigned int *siglen, const RSA *rsa))
++{
++ if (!meth) return 0;
++ meth->rsa_sign = sign;
++ return 1;
++}
++
++static int RSA_meth_set_verify(RSA_METHOD *meth, int (*verify) (int dtype, const unsigned char *m,
++ unsigned int m_length, const unsigned char *sigbuf, unsigned int siglen, const RSA *rsa))
++{
++ if (!meth) return 0;
++ meth->rsa_verify = verify;
++ return 1;
++}
++
++static int RSA_meth_set_finish(RSA_METHOD *meth, int (*finish) (RSA *rsa))
++{
++ if (!meth) return 0;
++ meth->finish = finish;
++ return 1;
++}
++
++static HMAC_CTX *HMAC_CTX_new()
++{
++ HMAC_CTX *ctx = (HMAC_CTX *) OPENSSL_malloc(sizeof(HMAC_CTX));
++ if (ctx)
++ HMAC_CTX_init(ctx);
++ return ctx;
++}
++
++static void HMAC_CTX_free(HMAC_CTX *ctx)
++{
++ if (!ctx)
++ return;
++ HMAC_CTX_cleanup(ctx);
++ EVP_MD_CTX_cleanup(&ctx->i_ctx);
++ EVP_MD_CTX_cleanup(&ctx->o_ctx);
++ EVP_MD_CTX_cleanup(&ctx->md_ctx);
++ OPENSSL_free(ctx);
++}
++
++#define ASN1_STRING_get0_data(...) (const unsigned char*)ASN1_STRING_data(__VA_ARGS__)
++
++#define EVP_MD_CTX_new(...) EVP_MD_CTX_create(__VA_ARGS__)
++#define EVP_MD_CTX_free(...) EVP_MD_CTX_destroy(__VA_ARGS__)
++
++#define EVP_PKEY_up_ref(pkey) CRYPTO_add(&(pkey)->references, 1, CRYPTO_LOCK_EVP_PKEY)
++#define X509_up_ref(cert) CRYPTO_add(&(cert)->references, 1, CRYPTO_LOCK_X509)
++#define X509_CRL_up_ref(crl) CRYPTO_add(&(crl)->references, 1, CRYPTO_LOCK_X509_CRL)
++
++#define EVP_PKEY_id(pky) (pky)->type
++#define EVP_PKEY_get0_DSA(pky) (pky)->pkey.dsa
++#define EVP_PKEY_get0_RSA(pky) (pky)->pkey.rsa
++#define EVP_PKEY_get0_DH(pky) (pky)->pkey.dh
++
++#define X509_CRL_get0_lastUpdate X509_CRL_get_lastUpdate
++#define X509_CRL_get0_nextUpdate X509_CRL_get_nextUpdate
++
++#define X509_REQ_get_signature_nid(req) OBJ_obj2nid((req)->sig_alg->algorithm)
++#define X509_CRL_get_signature_nid(crl) OBJ_obj2nid((crl)->sig_alg->algorithm)
++
++#define X509_REVOKED_get0_serialNumber(rev) (rev)->serialNumber
++#define X509_REVOKED_get0_revocationDate(rev) (rev)->revocationDate
++
++#endif // OPENSSL_VERSION_NUMBER < 0x10100000L
++
++#endif // OSSL110COMPAT_H
+diff --git a/plugins/qca-ossl/qca-ossl.cpp b/plugins/qca-ossl/qca-ossl.cpp
+index f0b9431..3bbbfdc 100644
+--- plugins/qca-ossl/qca-ossl.cpp
++++ plugins/qca-ossl/qca-ossl.cpp
+@@ -1,6 +1,7 @@
+ /*
+ * Copyright (C) 2004-2007 Justin Karneges <justin@affinix.com>
+ * Copyright (C) 2004-2006 Brad Hards <bradh@frogmouth.net>
++ * Copyright (C) 2017 Fabian Vogt <fabian@ritter-vogt.de>
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+@@ -38,6 +39,8 @@
+ #include <openssl/pkcs12.h>
+ #include <openssl/ssl.h>
+
++#include "ossl110-compat.h"
++
+ #ifndef OSSL_097
+ // comment this out if you'd rather use openssl 0.9.6
+ #define OSSL_097
+@@ -52,6 +55,16 @@
+ ((_STACK*) (1 ? p : (type*)0))
+ #endif
+
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++ #define OSSL_110
++#endif
++
++// OpenSSL 1.1.0 compatibility macros
++#ifdef OSSL_110
++#define M_ASN1_IA5STRING_new() ASN1_IA5STRING_new()
++#define RSA_F_RSA_EAY_PRIVATE_DECRYPT RSA_F_RSA_OSSL_PRIVATE_DECRYPT
++#endif
++
+ using namespace QCA;
+
+ namespace opensslQCAPlugin {
+@@ -93,7 +106,7 @@ static QByteArray bio2ba(BIO *b)
+ return buf;
+ }
+
+-static BigInteger bn2bi(BIGNUM *n)
++static BigInteger bn2bi(const BIGNUM *n)
+ {
+ SecureArray buf(BN_num_bytes(n) + 1);
+ buf[0] = 0; // positive
+@@ -109,7 +122,7 @@ static BIGNUM *bi2bn(const BigInteger &n)
+
+ // take lowest bytes of BIGNUM to fit
+ // pad with high byte zeroes to fit
+-static SecureArray bn2fixedbuf(BIGNUM *n, int size)
++static SecureArray bn2fixedbuf(const BIGNUM *n, int size)
+ {
+ SecureArray buf(BN_num_bytes(n));
+ BN_bn2bin(n, (unsigned char *)buf.data());
+@@ -127,8 +140,11 @@ static SecureArray dsasig_der_to_raw(const SecureArray &in)
+ const unsigned char *inp = (const unsigned char *)in.data();
+ d2i_DSA_SIG(&sig, &inp, in.size());
+
+- SecureArray part_r = bn2fixedbuf(sig->r, 20);
+- SecureArray part_s = bn2fixedbuf(sig->s, 20);
++ const BIGNUM *bnr, *bns;
++ DSA_SIG_get0(sig, &bnr, &bns);
++
++ SecureArray part_r = bn2fixedbuf(bnr, 20);
++ SecureArray part_s = bn2fixedbuf(bns, 20);
+ SecureArray result;
+ result.append(part_r);
+ result.append(part_s);
+@@ -143,12 +159,16 @@ static SecureArray dsasig_raw_to_der(const SecureArray &in)
+ return SecureArray();
+
+ DSA_SIG *sig = DSA_SIG_new();
+- SecureArray part_r(20);
+- SecureArray part_s(20);
++ SecureArray part_r(20); BIGNUM *bnr;
++ SecureArray part_s(20); BIGNUM *bns;
+ memcpy(part_r.data(), in.data(), 20);
+ memcpy(part_s.data(), in.data() + 20, 20);
+- sig->r = BN_bin2bn((const unsigned char *)part_r.data(), part_r.size(), NULL);
+- sig->s = BN_bin2bn((const unsigned char *)part_s.data(), part_s.size(), NULL);
++ bnr = BN_bin2bn((const unsigned char *)part_r.data(), part_r.size(), NULL);
++ bns = BN_bin2bn((const unsigned char *)part_s.data(), part_s.size(), NULL);
++
++ if(DSA_SIG_set0(sig, bnr, bns) == 0)
++ return SecureArray();
++ // Not documented what happens in the failure case, free bnr and bns?
+
+ int len = i2d_DSA_SIG(sig, NULL);
+ SecureArray result(len);
+@@ -1004,29 +1024,39 @@ public:
+ opensslHashContext(const EVP_MD *algorithm, Provider *p, const QString &type) : HashContext(p, type)
+ {
+ m_algorithm = algorithm;
+- EVP_DigestInit( &m_context, m_algorithm );
++ m_context = EVP_MD_CTX_new();
++ EVP_DigestInit( m_context, m_algorithm );
++ }
++
++ opensslHashContext(const opensslHashContext &other)
++ : HashContext(other)
++ {
++ m_algorithm = other.m_algorithm;
++ m_context = EVP_MD_CTX_new();
++ EVP_MD_CTX_copy_ex(m_context, other.m_context);
+ }
+
+ ~opensslHashContext()
+ {
+- EVP_MD_CTX_cleanup(&m_context);
++ EVP_MD_CTX_free(m_context);
+ }
+
+ void clear()
+ {
+- EVP_MD_CTX_cleanup(&m_context);
+- EVP_DigestInit( &m_context, m_algorithm );
++ EVP_MD_CTX_free(m_context);
++ m_context = EVP_MD_CTX_new();
++ EVP_DigestInit( m_context, m_algorithm );
+ }
+
+ void update(const MemoryRegion &a)
+ {
+- EVP_DigestUpdate( &m_context, (unsigned char*)a.data(), a.size() );
++ EVP_DigestUpdate( m_context, (unsigned char*)a.data(), a.size() );
+ }
+
+ MemoryRegion final()
+ {
+ SecureArray a( EVP_MD_size( m_algorithm ) );
+- EVP_DigestFinal( &m_context, (unsigned char*)a.data(), 0 );
++ EVP_DigestFinal( m_context, (unsigned char*)a.data(), 0 );
+ return a;
+ }
+
+@@ -1037,7 +1067,7 @@ public:
+
+ protected:
+ const EVP_MD *m_algorithm;
+- EVP_MD_CTX m_context;
++ EVP_MD_CTX *m_context;
+ };
+
+
+@@ -1047,7 +1077,21 @@ public:
+ opensslPbkdf1Context(const EVP_MD *algorithm, Provider *p, const QString &type) : KDFContext(p, type)
+ {
+ m_algorithm = algorithm;
+- EVP_DigestInit( &m_context, m_algorithm );
++ m_context = EVP_MD_CTX_new();
++ EVP_DigestInit( m_context, m_algorithm );
++ }
++
++ opensslPbkdf1Context(const opensslPbkdf1Context &other)
++ : KDFContext(other)
++ {
++ m_algorithm = other.m_algorithm;
++ m_context = EVP_MD_CTX_new();
++ EVP_MD_CTX_copy(m_context, other.m_context);
++ }
++
++ ~opensslPbkdf1Context()
++ {
++ EVP_MD_CTX_free(m_context);
+ }
+
+ Provider::Context *clone() const
+@@ -1081,16 +1125,16 @@ public:
+ DK = Tc<0..dkLen-1>
+ */
+ // calculate T_1
+- EVP_DigestUpdate( &m_context, (unsigned char*)secret.data(), secret.size() );
+- EVP_DigestUpdate( &m_context, (unsigned char*)salt.data(), salt.size() );
++ EVP_DigestUpdate( m_context, (unsigned char*)secret.data(), secret.size() );
++ EVP_DigestUpdate( m_context, (unsigned char*)salt.data(), salt.size() );
+ SecureArray a( EVP_MD_size( m_algorithm ) );
+- EVP_DigestFinal( &m_context, (unsigned char*)a.data(), 0 );
++ EVP_DigestFinal( m_context, (unsigned char*)a.data(), 0 );
+
+ // calculate T_2 up to T_c
+ for ( unsigned int i = 2; i <= iterationCount; ++i ) {
+- EVP_DigestInit( &m_context, m_algorithm );
+- EVP_DigestUpdate( &m_context, (unsigned char*)a.data(), a.size() );
+- EVP_DigestFinal( &m_context, (unsigned char*)a.data(), 0 );
++ EVP_DigestInit( m_context, m_algorithm );
++ EVP_DigestUpdate( m_context, (unsigned char*)a.data(), a.size() );
++ EVP_DigestFinal( m_context, (unsigned char*)a.data(), 0 );
+ }
+
+ // shrink a to become DK, of the required length
+@@ -1136,19 +1180,19 @@ public:
+ DK = Tc<0..dkLen-1>
+ */
+ // calculate T_1
+- EVP_DigestUpdate( &m_context, (unsigned char*)secret.data(), secret.size() );
+- EVP_DigestUpdate( &m_context, (unsigned char*)salt.data(), salt.size() );
++ EVP_DigestUpdate( m_context, (unsigned char*)secret.data(), secret.size() );
++ EVP_DigestUpdate( m_context, (unsigned char*)salt.data(), salt.size() );
+ SecureArray a( EVP_MD_size( m_algorithm ) );
+- EVP_DigestFinal( &m_context, (unsigned char*)a.data(), 0 );
++ EVP_DigestFinal( m_context, (unsigned char*)a.data(), 0 );
+
+ // calculate T_2 up to T_c
+ *iterationCount = 2 - 1; // <- Have to remove 1, unless it computes one
+ timer.start(); // ^ time more than the base function
+ // ^ with the same iterationCount
+ while (timer.elapsed() < msecInterval) {
+- EVP_DigestInit( &m_context, m_algorithm );
+- EVP_DigestUpdate( &m_context, (unsigned char*)a.data(), a.size() );
+- EVP_DigestFinal( &m_context, (unsigned char*)a.data(), 0 );
++ EVP_DigestInit( m_context, m_algorithm );
++ EVP_DigestUpdate( m_context, (unsigned char*)a.data(), a.size() );
++ EVP_DigestFinal( m_context, (unsigned char*)a.data(), 0 );
+ ++(*iterationCount);
+ }
+
+@@ -1163,7 +1207,7 @@ public:
+
+ protected:
+ const EVP_MD *m_algorithm;
+- EVP_MD_CTX m_context;
++ EVP_MD_CTX *m_context;
+ };
+
+ class opensslPbkdf2Context : public KDFContext
+@@ -1231,12 +1275,28 @@ public:
+ opensslHMACContext(const EVP_MD *algorithm, Provider *p, const QString &type) : MACContext(p, type)
+ {
+ m_algorithm = algorithm;
+- HMAC_CTX_init( &m_context );
++ m_context = HMAC_CTX_new();
++#ifndef OSSL_110
++ HMAC_CTX_init( m_context );
++#endif
++ }
++
++ opensslHMACContext(const opensslHMACContext &other)
++ : MACContext(other)
++ {
++ m_algorithm = other.m_algorithm;
++ m_context = HMAC_CTX_new();
++ HMAC_CTX_copy(m_context, other.m_context);
++ }
++
++ ~opensslHMACContext()
++ {
++ HMAC_CTX_free(m_context);
+ }
+
+ void setup(const SymmetricKey &key)
+ {
+- HMAC_Init_ex( &m_context, key.data(), key.size(), m_algorithm, 0 );
++ HMAC_Init_ex( m_context, key.data(), key.size(), m_algorithm, 0 );
+ }
+
+ KeyLength keyLength() const
+@@ -1246,14 +1306,18 @@ public:
+
+ void update(const MemoryRegion &a)
+ {
+- HMAC_Update( &m_context, (unsigned char *)a.data(), a.size() );
++ HMAC_Update( m_context, (unsigned char *)a.data(), a.size() );
+ }
+
+ void final(MemoryRegion *out)
+ {
+ SecureArray sa( EVP_MD_size( m_algorithm ), 0 );
+- HMAC_Final(&m_context, (unsigned char *)sa.data(), 0 );
+- HMAC_CTX_cleanup(&m_context);
++ HMAC_Final(m_context, (unsigned char *)sa.data(), 0 );
++#ifdef OSSL_110
++ HMAC_CTX_reset(m_context);
++#else
++ HMAC_CTX_cleanup(m_context);
++#endif
+ *out = sa;
+ }
+
+@@ -1263,7 +1327,7 @@ public:
+ }
+
+ protected:
+- HMAC_CTX m_context;
++ HMAC_CTX *m_context;
+ const EVP_MD *m_algorithm;
+ };
+
+@@ -1277,7 +1341,7 @@ class EVPKey
+ public:
+ enum State { Idle, SignActive, SignError, VerifyActive, VerifyError };
+ EVP_PKEY *pkey;
+- EVP_MD_CTX mdctx;
++ EVP_MD_CTX *mdctx;
+ State state;
+ bool raw_type;
+ SecureArray raw;
+@@ -1287,19 +1351,23 @@ public:
+ pkey = 0;
+ raw_type = false;
+ state = Idle;
++ mdctx = EVP_MD_CTX_new();
+ }
+
+ EVPKey(const EVPKey &from)
+ {
+ pkey = from.pkey;
+- CRYPTO_add(&pkey->references, 1, CRYPTO_LOCK_EVP_PKEY);
++ EVP_PKEY_up_ref(pkey);
+ raw_type = false;
+ state = Idle;
++ mdctx = EVP_MD_CTX_new();
++ EVP_MD_CTX_copy(mdctx, from.mdctx);
+ }
+
+ ~EVPKey()
+ {
+ reset();
++ EVP_MD_CTX_free(mdctx);
+ }
+
+ void reset()
+@@ -1322,8 +1390,8 @@ public:
+ else
+ {
+ raw_type = false;
+- EVP_MD_CTX_init(&mdctx);
+- if(!EVP_SignInit_ex(&mdctx, type, NULL))
++ EVP_MD_CTX_init(mdctx);
++ if(!EVP_SignInit_ex(mdctx, type, NULL))
+ state = SignError;
+ }
+ }
+@@ -1339,8 +1407,8 @@ public:
+ else
+ {
+ raw_type = false;
+- EVP_MD_CTX_init(&mdctx);
+- if(!EVP_VerifyInit_ex(&mdctx, type, NULL))
++ EVP_MD_CTX_init(mdctx);
++ if(!EVP_VerifyInit_ex(mdctx, type, NULL))
+ state = VerifyError;
+ }
+ }
+@@ -1352,7 +1420,7 @@ public:
+ if (raw_type)
+ raw += in;
+ else
+- if(!EVP_SignUpdate(&mdctx, in.data(), (unsigned int)in.size()))
++ if(!EVP_SignUpdate(mdctx, in.data(), (unsigned int)in.size()))
+ state = SignError;
+ }
+ else if(state == VerifyActive)
+@@ -1360,7 +1428,7 @@ public:
+ if (raw_type)
+ raw += in;
+ else
+- if(!EVP_VerifyUpdate(&mdctx, in.data(), (unsigned int)in.size()))
++ if(!EVP_VerifyUpdate(mdctx, in.data(), (unsigned int)in.size()))
+ state = VerifyError;
+ }
+ }
+@@ -1373,17 +1441,20 @@ public:
+ unsigned int len = out.size();
+ if (raw_type)
+ {
+- if (pkey->type == EVP_PKEY_RSA)
++ int type = EVP_PKEY_id(pkey);
++
++ if (type == EVP_PKEY_RSA)
+ {
++ RSA *rsa = EVP_PKEY_get0_RSA(pkey);
+ if(RSA_private_encrypt (raw.size(), (unsigned char *)raw.data(),
+- (unsigned char *)out.data(), pkey->pkey.rsa,
++ (unsigned char *)out.data(), rsa,
+ RSA_PKCS1_PADDING) == -1) {
+
+ state = SignError;
+ return SecureArray ();
+ }
+ }
+- else if (pkey->type == EVP_PKEY_DSA)
++ else if (type == EVP_PKEY_DSA)
+ {
+ state = SignError;
+ return SecureArray ();
+@@ -1395,7 +1466,7 @@ public:
+ }
+ }
+ else {
+- if(!EVP_SignFinal(&mdctx, (unsigned char *)out.data(), &len, pkey))
++ if(!EVP_SignFinal(mdctx, (unsigned char *)out.data(), &len, pkey))
+ {
+ state = SignError;
+ return SecureArray();
+@@ -1418,16 +1489,19 @@ public:
+ SecureArray out(EVP_PKEY_size(pkey));
+ int len = 0;
+
+- if (pkey->type == EVP_PKEY_RSA) {
++ int type = EVP_PKEY_id(pkey);
++
++ if (type == EVP_PKEY_RSA) {
++ RSA *rsa = EVP_PKEY_get0_RSA(pkey);
+ if((len = RSA_public_decrypt (sig.size(), (unsigned char *)sig.data(),
+- (unsigned char *)out.data (), pkey->pkey.rsa,
++ (unsigned char *)out.data (), rsa,
+ RSA_PKCS1_PADDING)) == -1) {
+
+ state = VerifyError;
+ return false;
+ }
+ }
+- else if (pkey->type == EVP_PKEY_DSA)
++ else if (type == EVP_PKEY_DSA)
+ {
+ state = VerifyError;
+ return false;
+@@ -1447,7 +1521,7 @@ public:
+ }
+ else
+ {
+- if(EVP_VerifyFinal(&mdctx, (unsigned char *)sig.data(), (unsigned int)sig.size(), pkey) != 1)
++ if(EVP_VerifyFinal(mdctx, (unsigned char *)sig.data(), (unsigned int)sig.size(), pkey) != 1)
+ {
+ state = VerifyError;
+ return false;
+@@ -1561,9 +1635,11 @@ static bool make_dlgroup(const QByteArray &seed, int bits, int counter, DLParams
+ return false;
+ if(ret_counter != counter)
+ return false;
+- params->p = bn2bi(dsa->p);
+- params->q = bn2bi(dsa->q);
+- params->g = bn2bi(dsa->g);
++ const BIGNUM *bnp, *bnq, *bng;
++ DSA_get0_pqg(dsa, &bnp, &bnq, &bng);
++ params->p = bn2bi(bnp);
++ params->q = bn2bi(bnq);
++ params->g = bn2bi(bng);
+ DSA_free(dsa);
+ return true;
+ }
+@@ -1826,10 +1902,11 @@ public:
+ return;
+
+ // extract the public key into DER format
+- int len = i2d_RSAPublicKey(evp.pkey->pkey.rsa, NULL);
++ RSA *rsa_pkey = EVP_PKEY_get0_RSA(evp.pkey);
++ int len = i2d_RSAPublicKey(rsa_pkey, NULL);
+ SecureArray result(len);
+ unsigned char *p = (unsigned char *)result.data();
+- i2d_RSAPublicKey(evp.pkey->pkey.rsa, &p);
++ i2d_RSAPublicKey(rsa_pkey, &p);
+ p = (unsigned char *)result.data();
+
+ // put the DER public key back into openssl
+@@ -1852,7 +1929,7 @@ public:
+
+ virtual int maximumEncryptSize(EncryptionAlgorithm alg) const
+ {
+- RSA *rsa = evp.pkey->pkey.rsa;
++ RSA *rsa = EVP_PKEY_get0_RSA(evp.pkey);
+ int size = 0;
+ switch(alg)
+ {
+@@ -1867,7 +1944,7 @@ public:
+
+ virtual SecureArray encrypt(const SecureArray &in, EncryptionAlgorithm alg)
+ {
+- RSA *rsa = evp.pkey->pkey.rsa;
++ RSA *rsa = EVP_PKEY_get0_RSA(evp.pkey);
+ SecureArray buf = in;
+ int max = maximumEncryptSize(alg);
+
+@@ -1900,7 +1977,7 @@ public:
+
+ virtual bool decrypt(const SecureArray &in, SecureArray *out, EncryptionAlgorithm alg)
+ {
+- RSA *rsa = evp.pkey->pkey.rsa;
++ RSA *rsa = EVP_PKEY_get0_RSA(evp.pkey);
+ SecureArray result(RSA_size(rsa));
+ int pad;
+
+@@ -2021,14 +2098,10 @@ public:
+ evp.reset();
+
+ RSA *rsa = RSA_new();
+- rsa->n = bi2bn(n);
+- rsa->e = bi2bn(e);
+- rsa->p = bi2bn(p);
+- rsa->q = bi2bn(q);
+- rsa->d = bi2bn(d);
+-
+- if(!rsa->n || !rsa->e || !rsa->p || !rsa->q || !rsa->d)
++ if(RSA_set0_key(rsa, bi2bn(n), bi2bn(e), bi2bn(d)) == 0
++ || RSA_set0_factors(rsa, bi2bn(p), bi2bn(q)) == 0)
+ {
++ // Free BIGNUMS?
+ RSA_free(rsa);
+ return;
+ }
+@@ -2036,7 +2109,7 @@ public:
+ // When private key has no Public Exponent (e) or Private Exponent (d)
+ // need to disable blinding. Otherwise decryption will be broken.
+ // http://www.mail-archive.com/openssl-users@openssl.org/msg63530.html
+- if(BN_is_zero(rsa->e) || BN_is_zero(rsa->d))
++ if(e == BigInteger(0) || d == BigInteger(0))
+ RSA_blinding_off(rsa);
+
+ evp.pkey = EVP_PKEY_new();
+@@ -2049,10 +2122,7 @@ public:
+ evp.reset();
+
+ RSA *rsa = RSA_new();
+- rsa->n = bi2bn(n);
+- rsa->e = bi2bn(e);
+-
+- if(!rsa->n || !rsa->e)
++ if(RSA_set0_key(rsa, bi2bn(n), bi2bn(e), NULL) == 0)
+ {
+ RSA_free(rsa);
+ return;
+@@ -2065,27 +2135,42 @@ public:
+
+ virtual BigInteger n() const
+ {
+- return bn2bi(evp.pkey->pkey.rsa->n);
++ RSA *rsa = EVP_PKEY_get0_RSA(evp.pkey);
++ const BIGNUM *bnn;
++ RSA_get0_key(rsa, &bnn, NULL, NULL);
++ return bn2bi(bnn);
+ }
+
+ virtual BigInteger e() const
+ {
+- return bn2bi(evp.pkey->pkey.rsa->e);
++ RSA *rsa = EVP_PKEY_get0_RSA(evp.pkey);
++ const BIGNUM *bne;
++ RSA_get0_key(rsa, NULL, &bne, NULL);
++ return bn2bi(bne);
+ }
+
+ virtual BigInteger p() const
+ {
+- return bn2bi(evp.pkey->pkey.rsa->p);
++ RSA *rsa = EVP_PKEY_get0_RSA(evp.pkey);
++ const BIGNUM *bnp;
++ RSA_get0_factors(rsa, &bnp, NULL);
++ return bn2bi(bnp);
+ }
+
+ virtual BigInteger q() const
+ {
+- return bn2bi(evp.pkey->pkey.rsa->q);
++ RSA *rsa = EVP_PKEY_get0_RSA(evp.pkey);
++ const BIGNUM *bnq;
++ RSA_get0_factors(rsa, NULL, &bnq);
++ return bn2bi(bnq);
+ }
+
+ virtual BigInteger d() const
+ {
+- return bn2bi(evp.pkey->pkey.rsa->d);
++ RSA *rsa = EVP_PKEY_get0_RSA(evp.pkey);
++ const BIGNUM *bnd;
++ RSA_get0_key(rsa, NULL, NULL, &bnd);
++ return bn2bi(bnd);
+ }
+
+ private slots:
+@@ -2134,10 +2219,12 @@ public:
+ virtual void run()
+ {
+ DSA *dsa = DSA_new();
+- dsa->p = bi2bn(domain.p());
+- dsa->q = bi2bn(domain.q());
+- dsa->g = bi2bn(domain.g());
+- if(!DSA_generate_key(dsa))
++ BIGNUM *pne = bi2bn(domain.p()),
++ *qne = bi2bn(domain.q()),
++ *gne = bi2bn(domain.g());
++
++ if(!DSA_set0_pqg(dsa, pne, qne, gne)
++ || !DSA_generate_key(dsa))
+ {
+ DSA_free(dsa);
+ return;
+@@ -2212,10 +2299,11 @@ public:
+ return;
+
+ // extract the public key into DER format
+- int len = i2d_DSAPublicKey(evp.pkey->pkey.dsa, NULL);
++ DSA *dsa_pkey = EVP_PKEY_get0_DSA(evp.pkey);
++ int len = i2d_DSAPublicKey(dsa_pkey, NULL);
+ SecureArray result(len);
+ unsigned char *p = (unsigned char *)result.data();
+- i2d_DSAPublicKey(evp.pkey->pkey.dsa, &p);
++ i2d_DSAPublicKey(dsa_pkey, &p);
+ p = (unsigned char *)result.data();
+
+ // put the DER public key back into openssl
+@@ -2244,7 +2332,7 @@ public:
+ else
+ transformsig = false;
+
+- evp.startSign(EVP_dss1());
++ evp.startSign(EVP_sha1());
+ }
+
+ virtual void startVerify(SignatureAlgorithm, SignatureFormat format)
+@@ -2255,7 +2343,7 @@ public:
+ else
+ transformsig = false;
+
+- evp.startVerify(EVP_dss1());
++ evp.startVerify(EVP_sha1());
+ }
+
+ virtual void update(const MemoryRegion &in)
+@@ -2305,13 +2393,14 @@ public:
+ evp.reset();
+
+ DSA *dsa = DSA_new();
+- dsa->p = bi2bn(domain.p());
+- dsa->q = bi2bn(domain.q());
+- dsa->g = bi2bn(domain.g());
+- dsa->pub_key = bi2bn(y);
+- dsa->priv_key = bi2bn(x);
++ BIGNUM *bnp = bi2bn(domain.p());
++ BIGNUM *bnq = bi2bn(domain.q());
++ BIGNUM *bng = bi2bn(domain.g());
++ BIGNUM *bnpub_key = bi2bn(y);
++ BIGNUM *bnpriv_key = bi2bn(x);
+
+- if(!dsa->p || !dsa->q || !dsa->g || !dsa->pub_key || !dsa->priv_key)
++ if(!DSA_set0_pqg(dsa, bnp, bnq, bng)
++ || !DSA_set0_key(dsa, bnpub_key, bnpriv_key))
+ {
+ DSA_free(dsa);
+ return;
+@@ -2327,12 +2416,13 @@ public:
+ evp.reset();
+
+ DSA *dsa = DSA_new();
+- dsa->p = bi2bn(domain.p());
+- dsa->q = bi2bn(domain.q());
+- dsa->g = bi2bn(domain.g());
+- dsa->pub_key = bi2bn(y);
++ BIGNUM *bnp = bi2bn(domain.p());
++ BIGNUM *bnq = bi2bn(domain.q());
++ BIGNUM *bng = bi2bn(domain.g());
++ BIGNUM *bnpub_key = bi2bn(y);
+
+- if(!dsa->p || !dsa->q || !dsa->g || !dsa->pub_key)
++ if(!DSA_set0_pqg(dsa, bnp, bnq, bng)
++ || !DSA_set0_key(dsa, bnpub_key, NULL))
+ {
+ DSA_free(dsa);
+ return;
+@@ -2345,17 +2435,26 @@ public:
+
+ virtual DLGroup domain() const
+ {
+- return DLGroup(bn2bi(evp.pkey->pkey.dsa->p), bn2bi(evp.pkey->pkey.dsa->q), bn2bi(evp.pkey->pkey.dsa->g));
++ DSA *dsa = EVP_PKEY_get0_DSA(evp.pkey);
++ const BIGNUM *bnp, *bnq, *bng;
++ DSA_get0_pqg(dsa, &bnp, &bnq, &bng);
++ return DLGroup(bn2bi(bnp), bn2bi(bnq), bn2bi(bng));
+ }
+
+ virtual BigInteger y() const
+ {
+- return bn2bi(evp.pkey->pkey.dsa->pub_key);
++ DSA *dsa = EVP_PKEY_get0_DSA(evp.pkey);
++ const BIGNUM *bnpub_key;
++ DSA_get0_key(dsa, &bnpub_key, NULL);
++ return bn2bi(bnpub_key);
+ }
+
+ virtual BigInteger x() const
+ {
+- return bn2bi(evp.pkey->pkey.dsa->priv_key);
++ DSA *dsa = EVP_PKEY_get0_DSA(evp.pkey);
++ const BIGNUM *bnpriv_key;
++ DSA_get0_key(dsa, NULL, &bnpriv_key);
++ return bn2bi(bnpriv_key);
+ }
+
+ private slots:
+@@ -2404,9 +2503,10 @@ public:
+ virtual void run()
+ {
+ DH *dh = DH_new();
+- dh->p = bi2bn(domain.p());
+- dh->g = bi2bn(domain.g());
+- if(!DH_generate_key(dh))
++ BIGNUM *bnp = bi2bn(domain.p());
++ BIGNUM *bng = bi2bn(domain.g());
++ if(!DH_set0_pqg(dh, bnp, NULL, bng)
++ || !DH_generate_key(dh))
+ {
+ DH_free(dh);
+ return;
+@@ -2478,11 +2578,14 @@ public:
+ if(!sec)
+ return;
+
+- DH *orig = evp.pkey->pkey.dh;
++ DH *orig = EVP_PKEY_get0_DH(evp.pkey);
+ DH *dh = DH_new();
+- dh->p = BN_dup(orig->p);
+- dh->g = BN_dup(orig->g);
+- dh->pub_key = BN_dup(orig->pub_key);
++ const BIGNUM *bnp, *bng, *bnpub_key;
++ DH_get0_pqg(orig, &bnp, NULL, &bng);
++ DH_get0_key(orig, &bnpub_key, NULL);
++
++ DH_set0_key(dh, BN_dup(bnpub_key), NULL);
++ DH_set0_pqg(dh, BN_dup(bnp), NULL, BN_dup(bng));
+
+ evp.reset();
+
+@@ -2498,10 +2601,13 @@ public:
+
+ virtual SymmetricKey deriveKey(const PKeyBase &theirs)
+ {
+- DH *dh = evp.pkey->pkey.dh;
+- DH *them = static_cast<const DHKey *>(&theirs)->evp.pkey->pkey.dh;
++ DH *dh = EVP_PKEY_get0_DH(evp.pkey);
++ DH *them = EVP_PKEY_get0_DH(static_cast<const DHKey *>(&theirs)->evp.pkey);
++ const BIGNUM *bnpub_key;
++ DH_get0_key(them, &bnpub_key, NULL);
++
+ SecureArray result(DH_size(dh));
+- int ret = DH_compute_key((unsigned char *)result.data(), them->pub_key, dh);
++ int ret = DH_compute_key((unsigned char *)result.data(), bnpub_key, dh);
+ if(ret <= 0)
+ return SymmetricKey();
+ result.resize(ret);
+@@ -2531,12 +2637,13 @@ public:
+ evp.reset();
+
+ DH *dh = DH_new();
+- dh->p = bi2bn(domain.p());
+- dh->g = bi2bn(domain.g());
+- dh->pub_key = bi2bn(y);
+- dh->priv_key = bi2bn(x);
++ BIGNUM *bnp = bi2bn(domain.p());
++ BIGNUM *bng = bi2bn(domain.g());
++ BIGNUM *bnpub_key = bi2bn(y);
++ BIGNUM *bnpriv_key = bi2bn(x);
+
+- if(!dh->p || !dh->g || !dh->pub_key || !dh->priv_key)
++ if(!DH_set0_key(dh, bnpub_key, bnpriv_key)
++ || !DH_set0_pqg(dh, bnp, NULL, bng))
+ {
+ DH_free(dh);
+ return;
+@@ -2552,11 +2659,12 @@ public:
+ evp.reset();
+
+ DH *dh = DH_new();
+- dh->p = bi2bn(domain.p());
+- dh->g = bi2bn(domain.g());
+- dh->pub_key = bi2bn(y);
++ BIGNUM *bnp = bi2bn(domain.p());
++ BIGNUM *bng = bi2bn(domain.g());
++ BIGNUM *bnpub_key = bi2bn(y);
+
+- if(!dh->p || !dh->g || !dh->pub_key)
++ if(!DH_set0_key(dh, bnpub_key, NULL)
++ || !DH_set0_pqg(dh, bnp, NULL, bng))
+ {
+ DH_free(dh);
+ return;
+@@ -2569,17 +2677,26 @@ public:
+
+ virtual DLGroup domain() const
+ {
+- return DLGroup(bn2bi(evp.pkey->pkey.dh->p), bn2bi(evp.pkey->pkey.dh->g));
++ DH *dh = EVP_PKEY_get0_DH(evp.pkey);
++ const BIGNUM *bnp, *bng;
++ DH_get0_pqg(dh, &bnp, NULL, &bng);
++ return DLGroup(bn2bi(bnp), bn2bi(bng));
+ }
+
+ virtual BigInteger y() const
+ {
+- return bn2bi(evp.pkey->pkey.dh->pub_key);
++ DH *dh = EVP_PKEY_get0_DH(evp.pkey);
++ const BIGNUM *bnpub_key;
++ DH_get0_key(dh, &bnpub_key, NULL);
++ return bn2bi(bnpub_key);
+ }
+
+ virtual BigInteger x() const
+ {
+- return bn2bi(evp.pkey->pkey.dh->priv_key);
++ DH *dh = EVP_PKEY_get0_DH(evp.pkey);
++ const BIGNUM *bnpriv_key;
++ DH_get0_key(dh, NULL, &bnpriv_key);
++ return bn2bi(bnpriv_key);
+ }
+
+ private slots:
+@@ -2618,10 +2735,14 @@ public:
+ {
+ key = _key;
+ RSA_set_method(rsa, rsa_method());
++#ifndef OSSL_110
+ rsa->flags |= RSA_FLAG_SIGN_VER;
++#endif
+ RSA_set_app_data(rsa, this);
+- rsa->n = bi2bn(_key.n());
+- rsa->e = bi2bn(_key.e());
++ BIGNUM *bnn = bi2bn(_key.n());
++ BIGNUM *bne = bi2bn(_key.e());
++
++ RSA_set0_key(rsa, bnn, bne, NULL);
+ }
+
+ RSA_METHOD *rsa_method()
+@@ -2630,12 +2751,16 @@ public:
+
+ if(!ops)
+ {
+- ops = new RSA_METHOD(*RSA_get_default_method());
+- ops->rsa_priv_enc = 0;//pkcs11_rsa_encrypt;
+- ops->rsa_priv_dec = rsa_priv_dec;
+- ops->rsa_sign = rsa_sign;
+- ops->rsa_verify = 0;//pkcs11_rsa_verify;
+- ops->finish = rsa_finish;
++ ops = RSA_meth_dup(RSA_get_default_method());
++ RSA_meth_set_priv_enc(ops, NULL); //pkcs11_rsa_encrypt
++ RSA_meth_set_priv_dec(ops, rsa_priv_dec); //pkcs11_rsa_encrypt
++#ifdef OSSL_110
++ RSA_meth_set_sign(ops, NULL);
++#else
++ RSA_meth_set_sign(ops, rsa_sign);
++#endif
++ RSA_meth_set_verify(ops, NULL); //pkcs11_rsa_verify
++ RSA_meth_set_finish(ops, rsa_finish);
+ }
+ return ops;
+ }
+@@ -2675,6 +2800,7 @@ public:
+ return -1;
+ }
+
++#ifndef OSSL_110
+ static int rsa_sign(int type, const unsigned char *m, unsigned int m_len, unsigned char *sigret, unsigned int *siglen, const RSA *rsa)
+ {
+ QCA_RSA_METHOD *self = (QCA_RSA_METHOD *)RSA_get_app_data(rsa);
+@@ -2691,7 +2817,6 @@ public:
+ }
+ else
+ {
+-
+ // make X509 packet
+ X509_SIG sig;
+ ASN1_TYPE parameter;
+@@ -2765,6 +2890,7 @@ public:
+
+ return 1;
+ }
++#endif
+
+ static int rsa_finish(RSA *rsa)
+ {
+@@ -2866,21 +2992,22 @@ public:
+ PKeyBase *pkeyToBase(EVP_PKEY *pkey, bool sec) const
+ {
+ PKeyBase *nk = 0;
+- if(pkey->type == EVP_PKEY_RSA)
++ int pkey_type = EVP_PKEY_type(EVP_PKEY_id(pkey));
++ if(pkey_type == EVP_PKEY_RSA)
+ {
+ RSAKey *c = new RSAKey(provider());
+ c->evp.pkey = pkey;
+ c->sec = sec;
+ nk = c;
+ }
+- else if(pkey->type == EVP_PKEY_DSA)
++ else if(pkey_type == EVP_PKEY_DSA)
+ {
+ DSAKey *c = new DSAKey(provider());
+ c->evp.pkey = pkey;
+ c->sec = sec;
+ nk = c;
+ }
+- else if(pkey->type == EVP_PKEY_DH)
++ else if(pkey_type == EVP_PKEY_DH)
+ {
+ DHKey *c = new DHKey(provider());
+ c->evp.pkey = pkey;
+@@ -2898,8 +3025,10 @@ public:
+ {
+ EVP_PKEY *pkey = get_pkey();
+
++ int pkey_type = EVP_PKEY_type(EVP_PKEY_id(pkey));
++
+ // OpenSSL does not have DH import/export support
+- if(pkey->type == EVP_PKEY_DH)
++ if(pkey_type == EVP_PKEY_DH)
+ return QByteArray();
+
+ BIO *bo = BIO_new(BIO_s_mem());
+@@ -2912,8 +3041,10 @@ public:
+ {
+ EVP_PKEY *pkey = get_pkey();
+
++ int pkey_type = EVP_PKEY_type(EVP_PKEY_id(pkey));
++
+ // OpenSSL does not have DH import/export support
+- if(pkey->type == EVP_PKEY_DH)
++ if(pkey_type == EVP_PKEY_DH)
+ return QString();
+
+ BIO *bo = BIO_new(BIO_s_mem());
+@@ -2978,9 +3109,10 @@ public:
+ return SecureArray();
+
+ EVP_PKEY *pkey = get_pkey();
++ int pkey_type = EVP_PKEY_type(EVP_PKEY_id(pkey));
+
+ // OpenSSL does not have DH import/export support
+- if(pkey->type == EVP_PKEY_DH)
++ if(pkey_type == EVP_PKEY_DH)
+ return SecureArray();
+
+ BIO *bo = BIO_new(BIO_s_mem());
+@@ -3007,9 +3139,10 @@ public:
+ return QString();
+
+ EVP_PKEY *pkey = get_pkey();
++ int pkey_type = EVP_PKEY_type(EVP_PKEY_id(pkey));
+
+ // OpenSSL does not have DH import/export support
+- if(pkey->type == EVP_PKEY_DH)
++ if(pkey_type == EVP_PKEY_DH)
+ return QString();
+
+ BIO *bo = BIO_new(BIO_s_mem());
+@@ -3110,11 +3243,18 @@ public:
+ crl = from.crl;
+
+ if(cert)
+- CRYPTO_add(&cert->references, 1, CRYPTO_LOCK_X509);
++ X509_up_ref(cert);
+ if(req)
++ {
++#ifdef OSSL_110
++ // Not exposed, so copy
++ req = X509_REQ_dup(req);
++#else
+ CRYPTO_add(&req->references, 1, CRYPTO_LOCK_X509_REQ);
++#endif
++ }
+ if(crl)
+- CRYPTO_add(&crl->references, 1, CRYPTO_LOCK_X509_CRL);
++ X509_CRL_up_ref(crl);
+ }
+
+ return *this;
+@@ -3220,7 +3360,7 @@ public:
+ //
+ // This code is mostly taken from OpenSSL v0.9.5a
+ // by Eric Young
+-QDateTime ASN1_UTCTIME_QDateTime(ASN1_UTCTIME *tm, int *isGmt)
++QDateTime ASN1_UTCTIME_QDateTime(const ASN1_UTCTIME *tm, int *isGmt)
+ {
+ QDateTime qdt;
+ char *v;
+@@ -3318,7 +3458,7 @@ public:
+
+ void fromX509(X509 *x)
+ {
+- CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
++ X509_up_ref(x);
+ item.cert = x;
+ make_props();
+ }
+@@ -3349,7 +3489,7 @@ public:
+ if(priv.key()->type() == PKey::RSA)
+ md = EVP_sha1();
+ else if(priv.key()->type() == PKey::DSA)
+- md = EVP_dss1();
++ md = EVP_sha1();
+ else
+ return false;
+
+@@ -3480,7 +3620,7 @@ public:
+
+ const MyCertContext *our_cc = this;
+ X509 *x = our_cc->item.cert;
+- CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
++ X509_up_ref(x);
+ sk_X509_push(untrusted_list, x);
+
+ const MyCertContext *other_cc = static_cast<const MyCertContext *>(other);
+@@ -3595,14 +3735,30 @@ public:
+ p.policies = get_cert_policies(ex);
+ }
+
+- if (x->signature)
++#ifdef OSSL_110
++ const
++#endif
++ ASN1_BIT_STRING *signature;
++
++#if OPENSSL_VERSION_NUMBER < 0x10002000L
++ signature = x->signature;
++#else
++ X509_get0_signature(&signature, NULL, x);
++#endif
++
++ if(signature)
+ {
+- p.sig = QByteArray(x->signature->length, 0);
+- for (int i=0; i< x->signature->length; i++)
+- p.sig[i] = x->signature->data[i];
++ p.sig = QByteArray(signature->length, 0);
++ for (int i=0; i< signature->length; i++)
++ p.sig[i] = signature->data[i];
+ }
+
+- switch( OBJ_obj2nid(x->cert_info->signature->algorithm) )
++
++#if OPENSSL_VERSION_NUMBER < 0x10002000L
++ switch ( OBJ_obj2nid(x->sig_alg->algorithm) )
++#else
++ switch( X509_get_signature_nid(x) )
++#endif
+ {
+ case NID_sha1WithRSAEncryption:
+ p.sigalgo = QCA::EMSA3_SHA1;
+@@ -3634,7 +3790,11 @@ public:
+ p.sigalgo = QCA::EMSA3_SHA512;
+ break;
+ default:
+- qDebug() << "Unknown signature value: " << OBJ_obj2nid(x->cert_info->signature->algorithm);
++#if OPENSSL_VERSION_NUMBER < 0x10002000L
++ qDebug() << "Unknown signature value: " << OBJ_obj2nid(x->sig_alg->algorithm);
++#else
++ qDebug() << "Unknown signature value: " << X509_get_signature_nid(x);
++#endif
+ p.sigalgo = QCA::SignatureUnknown;
+ }
+
+@@ -3751,7 +3911,7 @@ public:
+ if(privateKey -> key()->type() == PKey::RSA)
+ md = EVP_sha1();
+ else if(privateKey -> key()->type() == PKey::DSA)
+- md = EVP_dss1();
++ md = EVP_sha1();
+ else
+ return 0;
+
+@@ -3934,7 +4094,7 @@ public:
+ if(priv.key()->type() == PKey::RSA)
+ md = EVP_sha1();
+ else if(priv.key()->type() == PKey::DSA)
+- md = EVP_dss1();
++ md = EVP_sha1();
+ else
+ return false;
+
+@@ -4095,14 +4255,17 @@ public:
+
+ sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);
+
+- if (x->signature)
++ const ASN1_BIT_STRING *signature;
++
++ X509_REQ_get0_signature(x, &signature, NULL);
++ if(signature)
+ {
+- p.sig = QByteArray(x->signature->length, 0);
+- for (int i=0; i< x->signature->length; i++)
+- p.sig[i] = x->signature->data[i];
++ p.sig = QByteArray(signature->length, 0);
++ for (int i=0; i< signature->length; i++)
++ p.sig[i] = signature->data[i];
+ }
+
+- switch( OBJ_obj2nid(x->sig_alg->algorithm) )
++ switch( X509_REQ_get_signature_nid(x) )
+ {
+ case NID_sha1WithRSAEncryption:
+ p.sigalgo = QCA::EMSA3_SHA1;
+@@ -4122,7 +4285,7 @@ public:
+ p.sigalgo = QCA::EMSA1_SHA1;
+ break;
+ default:
+- qDebug() << "Unknown signature value: " << OBJ_obj2nid(x->sig_alg->algorithm);
++ qDebug() << "Unknown signature value: " << X509_REQ_get_signature_nid(x);
+ p.sigalgo = QCA::SignatureUnknown;
+ }
+
+@@ -4186,7 +4349,7 @@ public:
+
+ void fromX509(X509_CRL *x)
+ {
+- CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509_CRL);
++ X509_CRL_up_ref(x);
+ item.crl = x;
+ make_props();
+ }
+@@ -4231,15 +4394,15 @@ public:
+
+ issuer = get_cert_name(X509_CRL_get_issuer(x));
+
+- p.thisUpdate = ASN1_UTCTIME_QDateTime(X509_CRL_get_lastUpdate(x), NULL);
+- p.nextUpdate = ASN1_UTCTIME_QDateTime(X509_CRL_get_nextUpdate(x), NULL);
++ p.thisUpdate = ASN1_UTCTIME_QDateTime(X509_CRL_get0_lastUpdate(x), NULL);
++ p.nextUpdate = ASN1_UTCTIME_QDateTime(X509_CRL_get0_nextUpdate(x), NULL);
+
+ STACK_OF(X509_REVOKED)* revokeStack = X509_CRL_get_REVOKED(x);
+
+ for (int i = 0; i < sk_X509_REVOKED_num(revokeStack); ++i) {
+ X509_REVOKED *rev = sk_X509_REVOKED_value(revokeStack, i);
+- BigInteger serial = bn2bi(ASN1_INTEGER_to_BN(rev->serialNumber, NULL));
+- QDateTime time = ASN1_UTCTIME_QDateTime( rev->revocationDate, NULL);
++ BigInteger serial = bn2bi(ASN1_INTEGER_to_BN(X509_REVOKED_get0_serialNumber(rev), NULL));
++ QDateTime time = ASN1_UTCTIME_QDateTime( X509_REVOKED_get0_revocationDate(rev), NULL);
+ QCA::CRLEntry::Reason reason = QCA::CRLEntry::Unspecified;
+ int pos = X509_REVOKED_get_ext_by_NID(rev, NID_crl_reason, -1);
+ if (pos != -1) {
+@@ -4288,13 +4451,18 @@ public:
+ p.revoked.append(thisEntry);
+ }
+
+- if (x->signature)
++ const ASN1_BIT_STRING *signature;
++
++ X509_CRL_get0_signature(x, &signature, NULL);
++ if(signature)
+ {
+- p.sig = QByteArray(x->signature->length, 0);
+- for (int i=0; i< x->signature->length; i++)
+- p.sig[i] = x->signature->data[i];
++ p.sig = QByteArray(signature->length, 0);
++ for (int i=0; i< signature->length; i++)
++ p.sig[i] = signature->data[i];
+ }
+- switch( OBJ_obj2nid(x->sig_alg->algorithm) )
++
++
++ switch( X509_CRL_get_signature_nid(x) )
+ {
+ case NID_sha1WithRSAEncryption:
+ p.sigalgo = QCA::EMSA3_SHA1;
+@@ -4326,7 +4494,7 @@ public:
+ p.sigalgo = QCA::EMSA3_SHA512;
+ break;
+ default:
+- qWarning() << "Unknown signature value: " << OBJ_obj2nid(x->sig_alg->algorithm);
++ qWarning() << "Unknown signature value: " << X509_CRL_get_signature_nid(x);
+ p.sigalgo = QCA::SignatureUnknown;
+ }
+
+@@ -4487,21 +4655,21 @@ Validity MyCertContext::validate(const QList<CertContext*> &trusted, const QList
+ {
+ const MyCertContext *cc = static_cast<const MyCertContext *>(trusted[n]);
+ X509 *x = cc->item.cert;
+- CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
++ X509_up_ref(x);
+ sk_X509_push(trusted_list, x);
+ }
+ for(n = 0; n < untrusted.count(); ++n)
+ {
+ const MyCertContext *cc = static_cast<const MyCertContext *>(untrusted[n]);
+ X509 *x = cc->item.cert;
+- CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
++ X509_up_ref(x);
+ sk_X509_push(untrusted_list, x);
+ }
+ for(n = 0; n < crls.count(); ++n)
+ {
+ const MyCRLContext *cc = static_cast<const MyCRLContext *>(crls[n]);
+ X509_CRL *x = cc->item.crl;
+- CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509_CRL);
++ X509_CRL_up_ref(x);
+ crl_list.append(x);
+ }
+
+@@ -4526,7 +4694,7 @@ Validity MyCertContext::validate(const QList<CertContext*> &trusted, const QList
+ int ret = X509_verify_cert(ctx);
+ int err = -1;
+ if(!ret)
+- err = ctx->error;
++ err = X509_STORE_CTX_get_error(ctx);
+
+ // cleanup
+ X509_STORE_CTX_free(ctx);
+@@ -4560,21 +4728,21 @@ Validity MyCertContext::validate_chain(const QList<CertContext*> &chain, const Q
+ {
+ const MyCertContext *cc = static_cast<const MyCertContext *>(trusted[n]);
+ X509 *x = cc->item.cert;
+- CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
++ X509_up_ref(x);
+ sk_X509_push(trusted_list, x);
+ }
+ for(n = 1; n < chain.count(); ++n)
+ {
+ const MyCertContext *cc = static_cast<const MyCertContext *>(chain[n]);
+ X509 *x = cc->item.cert;
+- CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
++ X509_up_ref(x);
+ sk_X509_push(untrusted_list, x);
+ }
+ for(n = 0; n < crls.count(); ++n)
+ {
+ const MyCRLContext *cc = static_cast<const MyCRLContext *>(crls[n]);
+ X509_CRL *x = cc->item.crl;
+- CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509_CRL);
++ X509_CRL_up_ref(x);
+ crl_list.append(x);
+ }
+
+@@ -4599,7 +4767,7 @@ Validity MyCertContext::validate_chain(const QList<CertContext*> &chain, const Q
+ int ret = X509_verify_cert(ctx);
+ int err = -1;
+ if(!ret)
+- err = ctx->error;
++ err = X509_STORE_CTX_get_error(ctx);
+
+ // grab the chain, which may not be fully populated
+ STACK_OF(X509) *xchain = X509_STORE_CTX_get_chain(ctx);
+@@ -4663,7 +4831,7 @@ public:
+ for(int n = 1; n < chain.count(); ++n)
+ {
+ X509 *x = static_cast<const MyCertContext *>(chain[n])->item.cert;
+- CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
++ X509_up_ref(x);
+ sk_X509_push(ca, x);
+ }
+ }
+@@ -5398,7 +5566,7 @@ public:
+ OpenSSL_add_ssl_algorithms();
+ SSL_CTX *ctx = 0;
+ switch (version) {
+-#ifndef OPENSSL_NO_SSL2
++#if !defined(OPENSSL_NO_SSL2) && !defined(OSSL_110)
+ case TLS::SSL_v2:
+ ctx = SSL_CTX_new(SSLv2_client_method());
+ break;
+@@ -5429,8 +5597,8 @@ public:
+ STACK_OF(SSL_CIPHER) *sk = SSL_get_ciphers(ssl);
+ QStringList cipherList;
+ for(int i = 0; i < sk_SSL_CIPHER_num(sk); ++i) {
+- SSL_CIPHER *thisCipher = sk_SSL_CIPHER_value(sk, i);
+- cipherList += cipherIDtoString(version, thisCipher->id);
++ const SSL_CIPHER *thisCipher = sk_SSL_CIPHER_value(sk, i);
++ cipherList += cipherIDtoString(version, SSL_CIPHER_get_id(thisCipher));
+ }
+
+ SSL_free(ssl);
+@@ -5807,13 +5975,15 @@ public:
+ {
+ SessionInfo sessInfo;
+
+- sessInfo.isCompressed = (0 != SSL_SESSION_get_compress_id(ssl->session));
++ SSL_SESSION *session = SSL_get0_session(ssl);
++ sessInfo.isCompressed = (0 != SSL_SESSION_get_compress_id(session));
++ int ssl_version = SSL_version(ssl);
+
+- if (ssl->version == TLS1_VERSION)
++ if (ssl_version == TLS1_VERSION)
+ sessInfo.version = TLS::TLS_v1;
+- else if (ssl->version == SSL3_VERSION)
++ else if (ssl_version == SSL3_VERSION)
+ sessInfo.version = TLS::SSL_v3;
+- else if (ssl->version == SSL2_VERSION)
++ else if (ssl_version == SSL2_VERSION)
+ sessInfo.version = TLS::SSL_v2;
+ else {
+ qDebug("unexpected version response");
+@@ -5821,7 +5991,7 @@ public:
+ }
+
+ sessInfo.cipherSuite = cipherIDtoString( sessInfo.version,
+- SSL_get_current_cipher(ssl)->id);
++ SSL_CIPHER_get_id(SSL_get_current_cipher(ssl)));
+
+ sessInfo.cipherMaxBits = SSL_get_cipher_bits(ssl, &(sessInfo.cipherBits));
+
+@@ -6393,7 +6563,7 @@ public:
+ for(int n = 0; n < nonroots.count(); ++n)
+ {
+ X509 *x = static_cast<MyCertContext *>(nonroots[n].context())->item.cert;
+- CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
++ X509_up_ref(x);
+ sk_X509_push(other_certs, x);
+ }
+
+@@ -6435,7 +6605,7 @@ public:
+
+ other_certs = sk_X509_new_null();
+ X509 *x = static_cast<MyCertContext *>(target.context())->item.cert;
+- CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
++ X509_up_ref(x);
+ sk_X509_push(other_certs, x);
+
+ bi = BIO_new(BIO_s_mem());
+@@ -6498,7 +6668,7 @@ public:
+ for(int n = 0; n < untrusted_list.count(); ++n)
+ {
+ X509 *x = static_cast<MyCertContext *>(untrusted_list[n].context())->item.cert;
+- CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
++ X509_up_ref(x);
+ sk_X509_push(other_certs, x);
+ }
+
+@@ -6749,14 +6919,27 @@ public:
+ opensslCipherContext(const EVP_CIPHER *algorithm, const int pad, Provider *p, const QString &type) : CipherContext(p, type)
+ {
+ m_cryptoAlgorithm = algorithm;
+- EVP_CIPHER_CTX_init(&m_context);
++ m_context = EVP_CIPHER_CTX_new();
++ EVP_CIPHER_CTX_init(m_context);
+ m_pad = pad;
+ m_type = type;
+ }
+
++ opensslCipherContext(const opensslCipherContext &other)
++ : CipherContext(other)
++ {
++ m_cryptoAlgorithm = other.m_cryptoAlgorithm;
++ m_context = EVP_CIPHER_CTX_new();
++ EVP_CIPHER_CTX_copy(m_context, other.m_context);
++ m_direction = other.m_direction;
++ m_pad = other.m_pad;
++ m_type = other.m_type;
++ }
++
+ ~opensslCipherContext()
+ {
+- EVP_CIPHER_CTX_cleanup(&m_context);
++ EVP_CIPHER_CTX_cleanup(m_context);
++ EVP_CIPHER_CTX_free(m_context);
+ }
+
+ void setup(Direction dir,
+@@ -6769,20 +6952,20 @@ public:
+ m_cryptoAlgorithm = EVP_des_ede();
+ }
+ if (Encode == m_direction) {
+- EVP_EncryptInit_ex(&m_context, m_cryptoAlgorithm, 0, 0, 0);
+- EVP_CIPHER_CTX_set_key_length(&m_context, key.size());
+- EVP_EncryptInit_ex(&m_context, 0, 0,
++ EVP_EncryptInit_ex(m_context, m_cryptoAlgorithm, 0, 0, 0);
++ EVP_CIPHER_CTX_set_key_length(m_context, key.size());
++ EVP_EncryptInit_ex(m_context, 0, 0,
+ (const unsigned char*)(key.data()),
+ (const unsigned char*)(iv.data()));
+ } else {
+- EVP_DecryptInit_ex(&m_context, m_cryptoAlgorithm, 0, 0, 0);
+- EVP_CIPHER_CTX_set_key_length(&m_context, key.size());
+- EVP_DecryptInit_ex(&m_context, 0, 0,
++ EVP_DecryptInit_ex(m_context, m_cryptoAlgorithm, 0, 0, 0);
++ EVP_CIPHER_CTX_set_key_length(m_context, key.size());
++ EVP_DecryptInit_ex(m_context, 0, 0,
+ (const unsigned char*)(key.data()),
+ (const unsigned char*)(iv.data()));
+ }
+
+- EVP_CIPHER_CTX_set_padding(&m_context, m_pad);
++ EVP_CIPHER_CTX_set_padding(m_context, m_pad);
+ }
+
+ Provider::Context *clone() const
+@@ -6792,7 +6975,7 @@ public:
+
+ int blockSize() const
+ {
+- return EVP_CIPHER_CTX_block_size(&m_context);
++ return EVP_CIPHER_CTX_block_size(m_context);
+ }
+
+ bool update(const SecureArray &in, SecureArray *out)
+@@ -6805,7 +6988,7 @@ public:
+ out->resize(in.size()+blockSize());
+ int resultLength;
+ if (Encode == m_direction) {
+- if (0 == EVP_EncryptUpdate(&m_context,
++ if (0 == EVP_EncryptUpdate(m_context,
+ (unsigned char*)out->data(),
+ &resultLength,
+ (unsigned char*)in.data(),
+@@ -6813,7 +6996,7 @@ public:
+ return false;
+ }
+ } else {
+- if (0 == EVP_DecryptUpdate(&m_context,
++ if (0 == EVP_DecryptUpdate(m_context,
+ (unsigned char*)out->data(),
+ &resultLength,
+ (unsigned char*)in.data(),
+@@ -6830,13 +7013,13 @@ public:
+ out->resize(blockSize());
+ int resultLength;
+ if (Encode == m_direction) {
+- if (0 == EVP_EncryptFinal_ex(&m_context,
++ if (0 == EVP_EncryptFinal_ex(m_context,
+ (unsigned char*)out->data(),
+ &resultLength)) {
+ return false;
+ }
+ } else {
+- if (0 == EVP_DecryptFinal_ex(&m_context,
++ if (0 == EVP_DecryptFinal_ex(m_context,
+ (unsigned char*)out->data(),
+ &resultLength)) {
+ return false;
+@@ -6871,7 +7054,7 @@ public:
+
+
+ protected:
+- EVP_CIPHER_CTX m_context;
++ EVP_CIPHER_CTX *m_context;
+ const EVP_CIPHER *m_cryptoAlgorithm;
+ Direction m_direction;
+ int m_pad;
+diff --git a/unittest/tls/tlsunittest.cpp b/unittest/tls/tlsunittest.cpp
+index 38caf2d..ba8ed94 100644
+--- unittest/tls/tlsunittest.cpp
++++ unittest/tls/tlsunittest.cpp
+@@ -60,14 +60,16 @@ void TLSUnitTest::testCipherList()
+ QCA::TLS *tls = new QCA::TLS(QCA::TLS::Stream, 0, "qca-ossl");
+ QStringList cipherList = tls->supportedCipherSuites(QCA::TLS::TLS_v1);
+ QVERIFY( cipherList.contains("TLS_DHE_RSA_WITH_AES_256_CBC_SHA") );
+- QVERIFY( cipherList.contains("TLS_DHE_DSS_WITH_AES_256_CBC_SHA") );
+ QVERIFY( cipherList.contains("TLS_RSA_WITH_AES_256_CBC_SHA") );
+- QVERIFY( cipherList.contains("TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA") );
+- QVERIFY( cipherList.contains("TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA") );
+- QVERIFY( cipherList.contains("TLS_RSA_WITH_3DES_EDE_CBC_SHA") );
+ QVERIFY( cipherList.contains("TLS_DHE_RSA_WITH_AES_128_CBC_SHA") );
+- QVERIFY( cipherList.contains("TLS_DHE_DSS_WITH_AES_128_CBC_SHA") );
+- QVERIFY( cipherList.contains("TLS_RSA_WITH_AES_128_CBC_SHA") );
++
++ // openSUSE TW OpenSSL 1.1 does not have this
++ // QVERIFY( cipherList.contains("TLS_DHE_DSS_WITH_AES_256_CBC_SHA") );
++ // QVERIFY( cipherList.contains("TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA") );
++ // QVERIFY( cipherList.contains("TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA") );
++ // QVERIFY( cipherList.contains("TLS_RSA_WITH_3DES_EDE_CBC_SHA") );
++ // QVERIFY( cipherList.contains("TLS_RSA_WITH_AES_128_CBC_SHA") );
++ // QVERIFY( cipherList.contains("TLS_DHE_DSS_WITH_AES_128_CBC_SHA") );
+
+ // Fedora 26 openssl has no this cipher suites.
+ // QVERIFY( cipherList.contains("TLS_RSA_WITH_RC4_128_SHA") );
+@@ -89,16 +91,17 @@ void TLSUnitTest::testCipherList()
+ // QVERIFY( cipherList.contains("TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5") );
+ // QVERIFY( cipherList.contains("TLS_RSA_EXPORT_WITH_RC4_40_MD5") );
+
+- cipherList = tls->supportedCipherSuites(QCA::TLS::SSL_v3);
+- QVERIFY( cipherList.contains("SSL_DHE_RSA_WITH_AES_256_CBC_SHA") );
+- QVERIFY( cipherList.contains("SSL_DHE_DSS_WITH_AES_256_CBC_SHA") );
+- QVERIFY( cipherList.contains("SSL_RSA_WITH_AES_256_CBC_SHA") );
+- QVERIFY( cipherList.contains("SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA") );
+- QVERIFY( cipherList.contains("SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA") );
+- QVERIFY( cipherList.contains("SSL_RSA_WITH_3DES_EDE_CBC_SHA") );
+- QVERIFY( cipherList.contains("SSL_DHE_RSA_WITH_AES_128_CBC_SHA") );
+- QVERIFY( cipherList.contains("SSL_DHE_DSS_WITH_AES_128_CBC_SHA") );
+- QVERIFY( cipherList.contains("SSL_RSA_WITH_AES_128_CBC_SHA") );
++ // OpenSSL 1.1 in openSUSE TW has it disabled by default
++ // cipherList = tls->supportedCipherSuites(QCA::TLS::SSL_v3);
++ // QVERIFY( cipherList.contains("SSL_DHE_RSA_WITH_AES_256_CBC_SHA") );
++ // QVERIFY( cipherList.contains("SSL_DHE_DSS_WITH_AES_256_CBC_SHA") );
++ // QVERIFY( cipherList.contains("SSL_RSA_WITH_AES_256_CBC_SHA") );
++ // QVERIFY( cipherList.contains("SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA") );
++ // QVERIFY( cipherList.contains("SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA") );
++ // QVERIFY( cipherList.contains("SSL_RSA_WITH_3DES_EDE_CBC_SHA") );
++ // QVERIFY( cipherList.contains("SSL_DHE_RSA_WITH_AES_128_CBC_SHA") );
++ // QVERIFY( cipherList.contains("SSL_DHE_DSS_WITH_AES_128_CBC_SHA") );
++ // QVERIFY( cipherList.contains("SSL_RSA_WITH_AES_128_CBC_SHA") );
+
+ // QVERIFY( cipherList.contains("SSL_DHE_RSA_WITH_DES_CBC_SHA") );
+ // QVERIFY( cipherList.contains("SSL_DHE_DSS_WITH_DES_CBC_SHA") );
+--
+2.15.0
+
Index: head/devel/qca/files/patch-plugins_qca-ossl_libcrypto-compat.h
===================================================================
--- head/devel/qca/files/patch-plugins_qca-ossl_libcrypto-compat.h
+++ head/devel/qca/files/patch-plugins_qca-ossl_libcrypto-compat.h
@@ -1,61 +0,0 @@
---- plugins/qca-ossl/libcrypto-compat.h.orig 2018-10-07 18:34:21 UTC
-+++ plugins/qca-ossl/libcrypto-compat.h
-@@ -0,0 +1,58 @@
-+#ifndef LIBCRYPTO_COMPAT_H
-+#define LIBCRYPTO_COMPAT_H
-+
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+
-+#include <openssl/rsa.h>
-+#include <openssl/dsa.h>
-+#include <openssl/ecdsa.h>
-+#include <openssl/dh.h>
-+#include <openssl/evp.h>
-+
-+int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d);
-+int RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q);
-+int RSA_set0_crt_params(RSA *r, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp);
-+void RSA_get0_key(const RSA *r, const BIGNUM **n, const BIGNUM **e, const BIGNUM **d);
-+void RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q);
-+void RSA_get0_crt_params(const RSA *r, const BIGNUM **dmp1, const BIGNUM **dmq1, const BIGNUM **iqmp);
-+
-+void DSA_get0_pqg(const DSA *d, const BIGNUM **p, const BIGNUM **q, const BIGNUM **g);
-+int DSA_set0_pqg(DSA *d, BIGNUM *p, BIGNUM *q, BIGNUM *g);
-+void DSA_get0_key(const DSA *d, const BIGNUM **pub_key, const BIGNUM **priv_key);
-+int DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key);
-+
-+void DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps);
-+int DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s);
-+
-+void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps);
-+int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s);
-+
-+void DH_get0_pqg(const DH *dh, const BIGNUM **p, const BIGNUM **q, const BIGNUM **g);
-+int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g);
-+void DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key);
-+int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key);
-+int DH_set_length(DH *dh, long length);
-+
-+const unsigned char *EVP_CIPHER_CTX_iv(const EVP_CIPHER_CTX *ctx);
-+unsigned char *EVP_CIPHER_CTX_iv_noconst(EVP_CIPHER_CTX *ctx);
-+EVP_MD_CTX *EVP_MD_CTX_new(void);
-+void EVP_MD_CTX_free(EVP_MD_CTX *ctx);
-+#define EVP_CIPHER_impl_ctx_size(e) e->ctx_size
-+#define EVP_CIPHER_CTX_get_cipher_data(ctx) ctx->cipher_data
-+
-+RSA_METHOD *RSA_meth_dup(const RSA_METHOD *meth);
-+int RSA_meth_set1_name(RSA_METHOD *meth, const char *name);
-+#define RSA_meth_get_finish(meth) meth->finish
-+int RSA_meth_set_priv_enc(RSA_METHOD *meth, int (*priv_enc) (int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding));
-+int RSA_meth_set_priv_dec(RSA_METHOD *meth, int (*priv_dec) (int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding));
-+int RSA_meth_set_finish(RSA_METHOD *meth, int (*finish) (RSA *rsa));
-+void RSA_meth_free(RSA_METHOD *meth);
-+
-+int RSA_bits(const RSA *r);
-+
-+RSA *EVP_PKEY_get0_RSA(EVP_PKEY *pkey);
-+
-+#endif /* OPENSSL_VERSION_NUMBER */
-+
-+#endif /* LIBCRYPTO_COMPAT_H */
-+
Index: head/devel/qca/files/patch-plugins_qca-ossl_libcrypto-compat.c
===================================================================
--- head/devel/qca/files/patch-plugins_qca-ossl_libcrypto-compat.c
+++ head/devel/qca/files/patch-plugins_qca-ossl_libcrypto-compat.c
@@ -1,414 +0,0 @@
---- plugins/qca-ossl/libcrypto-compat.c.orig 2018-10-07 18:32:46 UTC
-+++ plugins/qca-ossl/libcrypto-compat.c
-@@ -0,0 +1,411 @@
-+/*
-+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License"). You may not use
-+ * this file except in compliance with the License. You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
-+ */
-+
-+#include <openssl/evp.h>
-+
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+
-+#include <string.h>
-+#include <openssl/engine.h>
-+
-+static void *OPENSSL_zalloc(size_t num)
-+{
-+ void *ret = OPENSSL_malloc(num);
-+
-+ if (ret != NULL)
-+ memset(ret, 0, num);
-+ return ret;
-+}
-+
-+int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d)
-+{
-+ /* If the fields n and e in r are NULL, the corresponding input
-+ * parameters MUST be non-NULL for n and e. d may be
-+ * left NULL (in case only the public key is used).
-+ */
-+ if ((r->n == NULL && n == NULL)
-+ || (r->e == NULL && e == NULL))
-+ return 0;
-+
-+ if (n != NULL) {
-+ BN_free(r->n);
-+ r->n = n;
-+ }
-+ if (e != NULL) {
-+ BN_free(r->e);
-+ r->e = e;
-+ }
-+ if (d != NULL) {
-+ BN_free(r->d);
-+ r->d = d;
-+ }
-+
-+ return 1;
-+}
-+
-+int RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q)
-+{
-+ /* If the fields p and q in r are NULL, the corresponding input
-+ * parameters MUST be non-NULL.
-+ */
-+ if ((r->p == NULL && p == NULL)
-+ || (r->q == NULL && q == NULL))
-+ return 0;
-+
-+ if (p != NULL) {
-+ BN_free(r->p);
-+ r->p = p;
-+ }
-+ if (q != NULL) {
-+ BN_free(r->q);
-+ r->q = q;
-+ }
-+
-+ return 1;
-+}
-+
-+int RSA_set0_crt_params(RSA *r, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp)
-+{
-+ /* If the fields dmp1, dmq1 and iqmp in r are NULL, the corresponding input
-+ * parameters MUST be non-NULL.
-+ */
-+ if ((r->dmp1 == NULL && dmp1 == NULL)
-+ || (r->dmq1 == NULL && dmq1 == NULL)
-+ || (r->iqmp == NULL && iqmp == NULL))
-+ return 0;
-+
-+ if (dmp1 != NULL) {
-+ BN_free(r->dmp1);
-+ r->dmp1 = dmp1;
-+ }
-+ if (dmq1 != NULL) {
-+ BN_free(r->dmq1);
-+ r->dmq1 = dmq1;
-+ }
-+ if (iqmp != NULL) {
-+ BN_free(r->iqmp);
-+ r->iqmp = iqmp;
-+ }
-+
-+ return 1;
-+}
-+
-+void RSA_get0_key(const RSA *r,
-+ const BIGNUM **n, const BIGNUM **e, const BIGNUM **d)
-+{
-+ if (n != NULL)
-+ *n = r->n;
-+ if (e != NULL)
-+ *e = r->e;
-+ if (d != NULL)
-+ *d = r->d;
-+}
-+
-+void RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q)
-+{
-+ if (p != NULL)
-+ *p = r->p;
-+ if (q != NULL)
-+ *q = r->q;
-+}
-+
-+void RSA_get0_crt_params(const RSA *r,
-+ const BIGNUM **dmp1, const BIGNUM **dmq1,
-+ const BIGNUM **iqmp)
-+{
-+ if (dmp1 != NULL)
-+ *dmp1 = r->dmp1;
-+ if (dmq1 != NULL)
-+ *dmq1 = r->dmq1;
-+ if (iqmp != NULL)
-+ *iqmp = r->iqmp;
-+}
-+
-+void DSA_get0_pqg(const DSA *d,
-+ const BIGNUM **p, const BIGNUM **q, const BIGNUM **g)
-+{
-+ if (p != NULL)
-+ *p = d->p;
-+ if (q != NULL)
-+ *q = d->q;
-+ if (g != NULL)
-+ *g = d->g;
-+}
-+
-+int DSA_set0_pqg(DSA *d, BIGNUM *p, BIGNUM *q, BIGNUM *g)
-+{
-+ /* If the fields p, q and g in d are NULL, the corresponding input
-+ * parameters MUST be non-NULL.
-+ */
-+ if ((d->p == NULL && p == NULL)
-+ || (d->q == NULL && q == NULL)
-+ || (d->g == NULL && g == NULL))
-+ return 0;
-+
-+ if (p != NULL) {
-+ BN_free(d->p);
-+ d->p = p;
-+ }
-+ if (q != NULL) {
-+ BN_free(d->q);
-+ d->q = q;
-+ }
-+ if (g != NULL) {
-+ BN_free(d->g);
-+ d->g = g;
-+ }
-+
-+ return 1;
-+}
-+
-+void DSA_get0_key(const DSA *d,
-+ const BIGNUM **pub_key, const BIGNUM **priv_key)
-+{
-+ if (pub_key != NULL)
-+ *pub_key = d->pub_key;
-+ if (priv_key != NULL)
-+ *priv_key = d->priv_key;
-+}
-+
-+int DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key)
-+{
-+ /* If the field pub_key in d is NULL, the corresponding input
-+ * parameters MUST be non-NULL. The priv_key field may
-+ * be left NULL.
-+ */
-+ if (d->pub_key == NULL && pub_key == NULL)
-+ return 0;
-+
-+ if (pub_key != NULL) {
-+ BN_free(d->pub_key);
-+ d->pub_key = pub_key;
-+ }
-+ if (priv_key != NULL) {
-+ BN_free(d->priv_key);
-+ d->priv_key = priv_key;
-+ }
-+
-+ return 1;
-+}
-+
-+void DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps)
-+{
-+ if (pr != NULL)
-+ *pr = sig->r;
-+ if (ps != NULL)
-+ *ps = sig->s;
-+}
-+
-+int DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s)
-+{
-+ if (r == NULL || s == NULL)
-+ return 0;
-+ BN_clear_free(sig->r);
-+ BN_clear_free(sig->s);
-+ sig->r = r;
-+ sig->s = s;
-+ return 1;
-+}
-+
-+void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps)
-+{
-+ if (pr != NULL)
-+ *pr = sig->r;
-+ if (ps != NULL)
-+ *ps = sig->s;
-+}
-+
-+int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s)
-+{
-+ if (r == NULL || s == NULL)
-+ return 0;
-+ BN_clear_free(sig->r);
-+ BN_clear_free(sig->s);
-+ sig->r = r;
-+ sig->s = s;
-+ return 1;
-+}
-+
-+void DH_get0_pqg(const DH *dh,
-+ const BIGNUM **p, const BIGNUM **q, const BIGNUM **g)
-+{
-+ if (p != NULL)
-+ *p = dh->p;
-+ if (q != NULL)
-+ *q = dh->q;
-+ if (g != NULL)
-+ *g = dh->g;
-+}
-+
-+int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g)
-+{
-+ /* If the fields p and g in d are NULL, the corresponding input
-+ * parameters MUST be non-NULL. q may remain NULL.
-+ */
-+ if ((dh->p == NULL && p == NULL)
-+ || (dh->g == NULL && g == NULL))
-+ return 0;
-+
-+ if (p != NULL) {
-+ BN_free(dh->p);
-+ dh->p = p;
-+ }
-+ if (q != NULL) {
-+ BN_free(dh->q);
-+ dh->q = q;
-+ }
-+ if (g != NULL) {
-+ BN_free(dh->g);
-+ dh->g = g;
-+ }
-+
-+ if (q != NULL) {
-+ dh->length = BN_num_bits(q);
-+ }
-+
-+ return 1;
-+}
-+
-+void DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key)
-+{
-+ if (pub_key != NULL)
-+ *pub_key = dh->pub_key;
-+ if (priv_key != NULL)
-+ *priv_key = dh->priv_key;
-+}
-+
-+int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key)
-+{
-+ /* If the field pub_key in dh is NULL, the corresponding input
-+ * parameters MUST be non-NULL. The priv_key field may
-+ * be left NULL.
-+ */
-+ if (dh->pub_key == NULL && pub_key == NULL)
-+ return 0;
-+
-+ if (pub_key != NULL) {
-+ BN_free(dh->pub_key);
-+ dh->pub_key = pub_key;
-+ }
-+ if (priv_key != NULL) {
-+ BN_free(dh->priv_key);
-+ dh->priv_key = priv_key;
-+ }
-+
-+ return 1;
-+}
-+
-+int DH_set_length(DH *dh, long length)
-+{
-+ dh->length = length;
-+ return 1;
-+}
-+
-+const unsigned char *EVP_CIPHER_CTX_iv(const EVP_CIPHER_CTX *ctx)
-+{
-+ return ctx->iv;
-+}
-+
-+unsigned char *EVP_CIPHER_CTX_iv_noconst(EVP_CIPHER_CTX *ctx)
-+{
-+ return ctx->iv;
-+}
-+
-+EVP_MD_CTX *EVP_MD_CTX_new(void)
-+{
-+ return OPENSSL_zalloc(sizeof(EVP_MD_CTX));
-+}
-+
-+void EVP_MD_CTX_free(EVP_MD_CTX *ctx)
-+{
-+ EVP_MD_CTX_cleanup(ctx);
-+ OPENSSL_free(ctx);
-+}
-+
-+RSA_METHOD *RSA_meth_dup(const RSA_METHOD *meth)
-+{
-+ RSA_METHOD *ret;
-+
-+ ret = OPENSSL_malloc(sizeof(RSA_METHOD));
-+
-+ if (ret != NULL) {
-+ memcpy(ret, meth, sizeof(*meth));
-+ ret->name = OPENSSL_strdup(meth->name);
-+ if (ret->name == NULL) {
-+ OPENSSL_free(ret);
-+ return NULL;
-+ }
-+ }
-+
-+ return ret;
-+}
-+
-+int RSA_meth_set1_name(RSA_METHOD *meth, const char *name)
-+{
-+ char *tmpname;
-+
-+ tmpname = OPENSSL_strdup(name);
-+ if (tmpname == NULL) {
-+ return 0;
-+ }
-+
-+ OPENSSL_free((char *)meth->name);
-+ meth->name = tmpname;
-+
-+ return 1;
-+}
-+
-+int RSA_meth_set_priv_enc(RSA_METHOD *meth,
-+ int (*priv_enc) (int flen, const unsigned char *from,
-+ unsigned char *to, RSA *rsa,
-+ int padding))
-+{
-+ meth->rsa_priv_enc = priv_enc;
-+ return 1;
-+}
-+
-+int RSA_meth_set_priv_dec(RSA_METHOD *meth,
-+ int (*priv_dec) (int flen, const unsigned char *from,
-+ unsigned char *to, RSA *rsa,
-+ int padding))
-+{
-+ meth->rsa_priv_dec = priv_dec;
-+ return 1;
-+}
-+
-+int RSA_meth_set_finish(RSA_METHOD *meth, int (*finish) (RSA *rsa))
-+{
-+ meth->finish = finish;
-+ return 1;
-+}
-+
-+void RSA_meth_free(RSA_METHOD *meth)
-+{
-+ if (meth != NULL) {
-+ OPENSSL_free((char *)meth->name);
-+ OPENSSL_free(meth);
-+ }
-+}
-+
-+int RSA_bits(const RSA *r)
-+{
-+ return (BN_num_bits(r->n));
-+}
-+
-+RSA *EVP_PKEY_get0_RSA(EVP_PKEY *pkey)
-+{
-+ if (pkey->type != EVP_PKEY_RSA) {
-+ return NULL;
-+ }
-+ return pkey->pkey.rsa;
-+}
-+
-+
-+#endif /* OPENSSL_VERSION_NUMBER */
-+
Index: head/devel/qca/files/patch-plugins_qca-ossl_qca-ossl.cpp
===================================================================
--- head/devel/qca/files/patch-plugins_qca-ossl_qca-ossl.cpp
+++ head/devel/qca/files/patch-plugins_qca-ossl_qca-ossl.cpp
@@ -1,1506 +0,0 @@
-This is an extract of upstream commit
- https://cgit.kde.org/qca.git/commit/?id=d58e20ee652038dc4ec4fe4765dc3639ed735526
-
---- plugins/qca-ossl/qca-ossl.cpp.orig 2017-02-06 12:29:44 UTC
-+++ plugins/qca-ossl/qca-ossl.cpp
-@@ -1,6 +1,7 @@
- /*
- * Copyright (C) 2004-2007 Justin Karneges <justin@affinix.com>
- * Copyright (C) 2004-2006 Brad Hards <bradh@frogmouth.net>
-+ * Copyright (C) 2017 Fabian Vogt <fabian@ritter-vogt.de>
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU Lesser General Public
-@@ -38,6 +39,10 @@
- #include <openssl/pkcs12.h>
- #include <openssl/ssl.h>
-
-+extern "C" {
-+#include "libcrypto-compat.h"
-+}
-+
- #ifndef OSSL_097
- // comment this out if you'd rather use openssl 0.9.6
- #define OSSL_097
-@@ -52,6 +57,73 @@
- ((_STACK*) (1 ? p : (type*)0))
- #endif
-
-+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
-+ #define OSSL_110
-+#endif
-+
-+// OpenSSL 1.1.0 compatibility macros
-+#ifdef OSSL_110
-+#define M_ASN1_IA5STRING_new() ASN1_IA5STRING_new()
-+#else
-+static HMAC_CTX *HMAC_CTX_new() { return new HMAC_CTX(); }
-+static void HMAC_CTX_free(HMAC_CTX *x) { free(x); }
-+static void EVP_PKEY_up_ref(EVP_PKEY *x) { CRYPTO_add(&x->references, 1, CRYPTO_LOCK_EVP_PKEY); }
-+static void X509_up_ref(X509 *x) { CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509); }
-+static void X509_CRL_up_ref(X509_CRL *x) { CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509_CRL); }
-+static DSA *EVP_PKEY_get0_DSA(EVP_PKEY *x) { return x->pkey.dsa; }
-+static DH *EVP_PKEY_get0_DH(EVP_PKEY *x) { return x->pkey.dh; }
-+static int RSA_meth_set_sign(RSA_METHOD *meth,
-+ int (*sign) (int type, const unsigned char *m,
-+ unsigned int m_length,
-+ unsigned char *sigret, unsigned int *siglen,
-+ const RSA *rsa))
-+{
-+ meth->rsa_sign = sign;
-+ return 1;
-+}
-+int RSA_meth_set_verify(RSA_METHOD *meth,
-+ int (*verify) (int dtype, const unsigned char *m,
-+ unsigned int m_length,
-+ const unsigned char *sigbuf,
-+ unsigned int siglen, const RSA *rsa))
-+{
-+ meth->rsa_verify = verify;
-+ return 1;
-+}
-+void X509_REQ_get0_signature(const X509_REQ *req, const ASN1_BIT_STRING **psig,
-+ const X509_ALGOR **palg)
-+{
-+ if (psig != NULL)
-+ *psig = req->signature;
-+ if (palg != NULL)
-+ *palg = req->sig_alg;
-+}
-+int X509_REQ_get_signature_nid(const X509_REQ *req)
-+{
-+ return OBJ_obj2nid(req->sig_alg->algorithm);
-+}
-+void X509_CRL_get0_signature(const X509_CRL *crl, const ASN1_BIT_STRING **psig,
-+ const X509_ALGOR **palg)
-+{
-+ if (psig != NULL)
-+ *psig = crl->signature;
-+ if (palg != NULL)
-+ *palg = crl->sig_alg;
-+}
-+int X509_CRL_get_signature_nid(const X509_CRL *crl)
-+{
-+ return OBJ_obj2nid(crl->sig_alg->algorithm);
-+}
-+const ASN1_INTEGER *X509_REVOKED_get0_serialNumber(const X509_REVOKED *x)
-+{
-+ return x->serialNumber;
-+}
-+const ASN1_TIME *X509_REVOKED_get0_revocationDate(const X509_REVOKED *x)
-+{
-+ return x->revocationDate;
-+}
-+#endif
-+
- using namespace QCA;
-
- namespace opensslQCAPlugin {
-@@ -93,7 +165,7 @@ static QByteArray bio2ba(BIO *b)
- return buf;
- }
-
--static BigInteger bn2bi(BIGNUM *n)
-+static BigInteger bn2bi(const BIGNUM *n)
- {
- SecureArray buf(BN_num_bytes(n) + 1);
- buf[0] = 0; // positive
-@@ -109,7 +181,7 @@ static BIGNUM *bi2bn(const BigInteger &n)
-
- // take lowest bytes of BIGNUM to fit
- // pad with high byte zeroes to fit
--static SecureArray bn2fixedbuf(BIGNUM *n, int size)
-+static SecureArray bn2fixedbuf(const BIGNUM *n, int size)
- {
- SecureArray buf(BN_num_bytes(n));
- BN_bn2bin(n, (unsigned char *)buf.data());
-@@ -127,8 +199,16 @@ static SecureArray dsasig_der_to_raw(const SecureArray
- const unsigned char *inp = (const unsigned char *)in.data();
- d2i_DSA_SIG(&sig, &inp, in.size());
-
-- SecureArray part_r = bn2fixedbuf(sig->r, 20);
-- SecureArray part_s = bn2fixedbuf(sig->s, 20);
-+ const BIGNUM *bnr, *bns;
-+
-+#ifdef OSSL_110
-+ DSA_SIG_get0(sig, &bnr, &bns);
-+#else
-+ bnr = sig->r; bns = sig->s;
-+#endif
-+
-+ SecureArray part_r = bn2fixedbuf(bnr, 20);
-+ SecureArray part_s = bn2fixedbuf(bns, 20);
- SecureArray result;
- result.append(part_r);
- result.append(part_s);
-@@ -143,13 +223,21 @@ static SecureArray dsasig_raw_to_der(const SecureArray
- return SecureArray();
-
- DSA_SIG *sig = DSA_SIG_new();
-- SecureArray part_r(20);
-- SecureArray part_s(20);
-+ SecureArray part_r(20); BIGNUM *bnr;
-+ SecureArray part_s(20); BIGNUM *bns;
- memcpy(part_r.data(), in.data(), 20);
- memcpy(part_s.data(), in.data() + 20, 20);
-- sig->r = BN_bin2bn((const unsigned char *)part_r.data(), part_r.size(), NULL);
-- sig->s = BN_bin2bn((const unsigned char *)part_s.data(), part_s.size(), NULL);
-+ bnr = BN_bin2bn((const unsigned char *)part_r.data(), part_r.size(), NULL);
-+ bns = BN_bin2bn((const unsigned char *)part_s.data(), part_s.size(), NULL);
-
-+#ifdef OSSL_110
-+ if(DSA_SIG_set0(sig, bnr, bns) == 0)
-+ return SecureArray();
-+ // Not documented what happens in the failure case, free bnr and bns?
-+#else
-+ sig->r = bnr; sig->s = bns;
-+#endif
-+
- int len = i2d_DSA_SIG(sig, NULL);
- SecureArray result(len);
- unsigned char *p = (unsigned char *)result.data();
-@@ -1004,29 +1092,39 @@ class opensslHashContext : public HashContext (public)
- opensslHashContext(const EVP_MD *algorithm, Provider *p, const QString &type) : HashContext(p, type)
- {
- m_algorithm = algorithm;
-- EVP_DigestInit( &m_context, m_algorithm );
-+ m_context = EVP_MD_CTX_new();
-+ EVP_DigestInit( m_context, m_algorithm );
- }
-
-+ opensslHashContext(const opensslHashContext &other)
-+ : HashContext(other)
-+ {
-+ m_algorithm = other.m_algorithm;
-+ m_context = EVP_MD_CTX_new();
-+ EVP_MD_CTX_copy_ex(m_context, other.m_context);
-+ }
-+
- ~opensslHashContext()
- {
-- EVP_MD_CTX_cleanup(&m_context);
-+ EVP_MD_CTX_free(m_context);
- }
-
- void clear()
- {
-- EVP_MD_CTX_cleanup(&m_context);
-- EVP_DigestInit( &m_context, m_algorithm );
-+ EVP_MD_CTX_free(m_context);
-+ m_context = EVP_MD_CTX_new();
-+ EVP_DigestInit( m_context, m_algorithm );
- }
-
- void update(const MemoryRegion &a)
- {
-- EVP_DigestUpdate( &m_context, (unsigned char*)a.data(), a.size() );
-+ EVP_DigestUpdate( m_context, (unsigned char*)a.data(), a.size() );
- }
-
- MemoryRegion final()
- {
- SecureArray a( EVP_MD_size( m_algorithm ) );
-- EVP_DigestFinal( &m_context, (unsigned char*)a.data(), 0 );
-+ EVP_DigestFinal( m_context, (unsigned char*)a.data(), 0 );
- return a;
- }
-
-@@ -1037,7 +1135,7 @@ class opensslHashContext : public HashContext (public)
-
- protected:
- const EVP_MD *m_algorithm;
-- EVP_MD_CTX m_context;
-+ EVP_MD_CTX *m_context;
- };
-
-
-@@ -1047,9 +1145,23 @@ class opensslPbkdf1Context : public KDFContext (public
- opensslPbkdf1Context(const EVP_MD *algorithm, Provider *p, const QString &type) : KDFContext(p, type)
- {
- m_algorithm = algorithm;
-- EVP_DigestInit( &m_context, m_algorithm );
-+ m_context = EVP_MD_CTX_new();
-+ EVP_DigestInit( m_context, m_algorithm );
- }
-
-+ opensslPbkdf1Context(const opensslPbkdf1Context &other)
-+ : KDFContext(other)
-+ {
-+ m_algorithm = other.m_algorithm;
-+ m_context = EVP_MD_CTX_new();
-+ EVP_MD_CTX_copy(m_context, other.m_context);
-+ }
-+
-+ ~opensslPbkdf1Context()
-+ {
-+ EVP_MD_CTX_free(m_context);
-+ }
-+
- Provider::Context *clone() const
- {
- return new opensslPbkdf1Context( *this );
-@@ -1081,16 +1193,16 @@ class opensslPbkdf1Context : public KDFContext (public
- DK = Tc<0..dkLen-1>
- */
- // calculate T_1
-- EVP_DigestUpdate( &m_context, (unsigned char*)secret.data(), secret.size() );
-- EVP_DigestUpdate( &m_context, (unsigned char*)salt.data(), salt.size() );
-+ EVP_DigestUpdate( m_context, (unsigned char*)secret.data(), secret.size() );
-+ EVP_DigestUpdate( m_context, (unsigned char*)salt.data(), salt.size() );
- SecureArray a( EVP_MD_size( m_algorithm ) );
-- EVP_DigestFinal( &m_context, (unsigned char*)a.data(), 0 );
-+ EVP_DigestFinal( m_context, (unsigned char*)a.data(), 0 );
-
- // calculate T_2 up to T_c
- for ( unsigned int i = 2; i <= iterationCount; ++i ) {
-- EVP_DigestInit( &m_context, m_algorithm );
-- EVP_DigestUpdate( &m_context, (unsigned char*)a.data(), a.size() );
-- EVP_DigestFinal( &m_context, (unsigned char*)a.data(), 0 );
-+ EVP_DigestInit( m_context, m_algorithm );
-+ EVP_DigestUpdate( m_context, (unsigned char*)a.data(), a.size() );
-+ EVP_DigestFinal( m_context, (unsigned char*)a.data(), 0 );
- }
-
- // shrink a to become DK, of the required length
-@@ -1136,19 +1248,19 @@ class opensslPbkdf1Context : public KDFContext (public
- DK = Tc<0..dkLen-1>
- */
- // calculate T_1
-- EVP_DigestUpdate( &m_context, (unsigned char*)secret.data(), secret.size() );
-- EVP_DigestUpdate( &m_context, (unsigned char*)salt.data(), salt.size() );
-+ EVP_DigestUpdate( m_context, (unsigned char*)secret.data(), secret.size() );
-+ EVP_DigestUpdate( m_context, (unsigned char*)salt.data(), salt.size() );
- SecureArray a( EVP_MD_size( m_algorithm ) );
-- EVP_DigestFinal( &m_context, (unsigned char*)a.data(), 0 );
-+ EVP_DigestFinal( m_context, (unsigned char*)a.data(), 0 );
-
- // calculate T_2 up to T_c
- *iterationCount = 2 - 1; // <- Have to remove 1, unless it computes one
- timer.start(); // ^ time more than the base function
- // ^ with the same iterationCount
- while (timer.elapsed() < msecInterval) {
-- EVP_DigestInit( &m_context, m_algorithm );
-- EVP_DigestUpdate( &m_context, (unsigned char*)a.data(), a.size() );
-- EVP_DigestFinal( &m_context, (unsigned char*)a.data(), 0 );
-+ EVP_DigestInit( m_context, m_algorithm );
-+ EVP_DigestUpdate( m_context, (unsigned char*)a.data(), a.size() );
-+ EVP_DigestFinal( m_context, (unsigned char*)a.data(), 0 );
- ++(*iterationCount);
- }
-
-@@ -1163,7 +1275,7 @@ class opensslPbkdf1Context : public KDFContext (public
-
- protected:
- const EVP_MD *m_algorithm;
-- EVP_MD_CTX m_context;
-+ EVP_MD_CTX *m_context;
- };
-
- class opensslPbkdf2Context : public KDFContext
-@@ -1231,12 +1343,28 @@ class opensslHMACContext : public MACContext (public)
- opensslHMACContext(const EVP_MD *algorithm, Provider *p, const QString &type) : MACContext(p, type)
- {
- m_algorithm = algorithm;
-- HMAC_CTX_init( &m_context );
-+ m_context = HMAC_CTX_new();
-+#ifndef OSSL_110
-+ HMAC_CTX_init( m_context );
-+#endif
- }
-
-+ opensslHMACContext(const opensslHMACContext &other)
-+ : MACContext(other)
-+ {
-+ m_algorithm = other.m_algorithm;
-+ m_context = HMAC_CTX_new();
-+ HMAC_CTX_copy(m_context, other.m_context);
-+ }
-+
-+ ~opensslHMACContext()
-+ {
-+ HMAC_CTX_free(m_context);
-+ }
-+
- void setup(const SymmetricKey &key)
- {
-- HMAC_Init_ex( &m_context, key.data(), key.size(), m_algorithm, 0 );
-+ HMAC_Init_ex( m_context, key.data(), key.size(), m_algorithm, 0 );
- }
-
- KeyLength keyLength() const
-@@ -1246,14 +1374,18 @@ class opensslHMACContext : public MACContext (public)
-
- void update(const MemoryRegion &a)
- {
-- HMAC_Update( &m_context, (unsigned char *)a.data(), a.size() );
-+ HMAC_Update( m_context, (unsigned char *)a.data(), a.size() );
- }
-
- void final(MemoryRegion *out)
- {
- SecureArray sa( EVP_MD_size( m_algorithm ), 0 );
-- HMAC_Final(&m_context, (unsigned char *)sa.data(), 0 );
-- HMAC_CTX_cleanup(&m_context);
-+ HMAC_Final(m_context, (unsigned char *)sa.data(), 0 );
-+#ifdef OSSL_110
-+ HMAC_CTX_reset(m_context);
-+#else
-+ HMAC_CTX_cleanup(m_context);
-+#endif
- *out = sa;
- }
-
-@@ -1263,7 +1395,7 @@ class opensslHMACContext : public MACContext (public)
- }
-
- protected:
-- HMAC_CTX m_context;
-+ HMAC_CTX *m_context;
- const EVP_MD *m_algorithm;
- };
-
-@@ -1277,7 +1409,7 @@ class EVPKey
- public:
- enum State { Idle, SignActive, SignError, VerifyActive, VerifyError };
- EVP_PKEY *pkey;
-- EVP_MD_CTX mdctx;
-+ EVP_MD_CTX *mdctx;
- State state;
- bool raw_type;
- SecureArray raw;
-@@ -1287,19 +1419,23 @@ class EVPKey
- pkey = 0;
- raw_type = false;
- state = Idle;
-+ mdctx = EVP_MD_CTX_new();
- }
-
- EVPKey(const EVPKey &from)
- {
- pkey = from.pkey;
-- CRYPTO_add(&pkey->references, 1, CRYPTO_LOCK_EVP_PKEY);
-+ EVP_PKEY_up_ref(pkey);
- raw_type = false;
- state = Idle;
-+ mdctx = EVP_MD_CTX_new();
-+ EVP_MD_CTX_copy(mdctx, from.mdctx);
- }
-
- ~EVPKey()
- {
- reset();
-+ EVP_MD_CTX_free(mdctx);
- }
-
- void reset()
-@@ -1322,8 +1458,8 @@ class EVPKey
- else
- {
- raw_type = false;
-- EVP_MD_CTX_init(&mdctx);
-- if(!EVP_SignInit_ex(&mdctx, type, NULL))
-+ EVP_MD_CTX_init(mdctx);
-+ if(!EVP_SignInit_ex(mdctx, type, NULL))
- state = SignError;
- }
- }
-@@ -1339,8 +1475,8 @@ class EVPKey
- else
- {
- raw_type = false;
-- EVP_MD_CTX_init(&mdctx);
-- if(!EVP_VerifyInit_ex(&mdctx, type, NULL))
-+ EVP_MD_CTX_init(mdctx);
-+ if(!EVP_VerifyInit_ex(mdctx, type, NULL))
- state = VerifyError;
- }
- }
-@@ -1352,7 +1488,7 @@ class EVPKey
- if (raw_type)
- raw += in;
- else
-- if(!EVP_SignUpdate(&mdctx, in.data(), (unsigned int)in.size()))
-+ if(!EVP_SignUpdate(mdctx, in.data(), (unsigned int)in.size()))
- state = SignError;
- }
- else if(state == VerifyActive)
-@@ -1360,7 +1496,7 @@ class EVPKey
- if (raw_type)
- raw += in;
- else
-- if(!EVP_VerifyUpdate(&mdctx, in.data(), (unsigned int)in.size()))
-+ if(!EVP_VerifyUpdate(mdctx, in.data(), (unsigned int)in.size()))
- state = VerifyError;
- }
- }
-@@ -1373,17 +1509,24 @@ class EVPKey
- unsigned int len = out.size();
- if (raw_type)
- {
-- if (pkey->type == EVP_PKEY_RSA)
-+ int type;
-+#ifdef OSSL_110
-+ type = EVP_PKEY_id(pkey);
-+#else
-+ type = pkey->type;
-+#endif
-+ if (type == EVP_PKEY_RSA)
- {
-+ RSA *rsa = EVP_PKEY_get0_RSA(pkey);
- if(RSA_private_encrypt (raw.size(), (unsigned char *)raw.data(),
-- (unsigned char *)out.data(), pkey->pkey.rsa,
-+ (unsigned char *)out.data(), rsa,
- RSA_PKCS1_PADDING) == -1) {
-
- state = SignError;
- return SecureArray ();
- }
- }
-- else if (pkey->type == EVP_PKEY_DSA)
-+ else if (type == EVP_PKEY_DSA)
- {
- state = SignError;
- return SecureArray ();
-@@ -1395,7 +1538,7 @@ class EVPKey
- }
- }
- else {
-- if(!EVP_SignFinal(&mdctx, (unsigned char *)out.data(), &len, pkey))
-+ if(!EVP_SignFinal(mdctx, (unsigned char *)out.data(), &len, pkey))
- {
- state = SignError;
- return SecureArray();
-@@ -1418,16 +1561,24 @@ class EVPKey
- SecureArray out(EVP_PKEY_size(pkey));
- int len = 0;
-
-- if (pkey->type == EVP_PKEY_RSA) {
-+ int type;
-+#ifdef OSSL_110
-+ type = EVP_PKEY_type(EVP_PKEY_id(pkey));
-+#else
-+ type = pkey->type;
-+#endif
-+
-+ if (type == EVP_PKEY_RSA) {
-+ RSA *rsa = EVP_PKEY_get0_RSA(pkey);
- if((len = RSA_public_decrypt (sig.size(), (unsigned char *)sig.data(),
-- (unsigned char *)out.data (), pkey->pkey.rsa,
-+ (unsigned char *)out.data (), rsa,
- RSA_PKCS1_PADDING)) == -1) {
-
- state = VerifyError;
- return false;
- }
- }
-- else if (pkey->type == EVP_PKEY_DSA)
-+ else if (type == EVP_PKEY_DSA)
- {
- state = VerifyError;
- return false;
-@@ -1447,7 +1598,7 @@ class EVPKey
- }
- else
- {
-- if(EVP_VerifyFinal(&mdctx, (unsigned char *)sig.data(), (unsigned int)sig.size(), pkey) != 1)
-+ if(EVP_VerifyFinal(mdctx, (unsigned char *)sig.data(), (unsigned int)sig.size(), pkey) != 1)
- {
- state = VerifyError;
- return false;
-@@ -1561,9 +1712,11 @@ static bool make_dlgroup(const QByteArray &seed, int b
- return false;
- if(ret_counter != counter)
- return false;
-- params->p = bn2bi(dsa->p);
-- params->q = bn2bi(dsa->q);
-- params->g = bn2bi(dsa->g);
-+ const BIGNUM *bnp, *bnq, *bng;
-+ DSA_get0_pqg(dsa, &bnp, &bnq, &bng);
-+ params->p = bn2bi(bnp);
-+ params->q = bn2bi(bnq);
-+ params->g = bn2bi(bng);
- DSA_free(dsa);
- return true;
- }
-@@ -1826,10 +1979,11 @@ class RSAKey : public RSAContext (public)
- return;
-
- // extract the public key into DER format
-- int len = i2d_RSAPublicKey(evp.pkey->pkey.rsa, NULL);
-+ RSA *rsa_pkey = EVP_PKEY_get0_RSA(evp.pkey);
-+ int len = i2d_RSAPublicKey(rsa_pkey, NULL);
- SecureArray result(len);
- unsigned char *p = (unsigned char *)result.data();
-- i2d_RSAPublicKey(evp.pkey->pkey.rsa, &p);
-+ i2d_RSAPublicKey(rsa_pkey, &p);
- p = (unsigned char *)result.data();
-
- // put the DER public key back into openssl
-@@ -1852,7 +2006,7 @@ class RSAKey : public RSAContext (public)
-
- virtual int maximumEncryptSize(EncryptionAlgorithm alg) const
- {
-- RSA *rsa = evp.pkey->pkey.rsa;
-+ RSA *rsa = EVP_PKEY_get0_RSA(evp.pkey);
- int size = 0;
- switch(alg)
- {
-@@ -1867,7 +2021,7 @@ class RSAKey : public RSAContext (public)
-
- virtual SecureArray encrypt(const SecureArray &in, EncryptionAlgorithm alg)
- {
-- RSA *rsa = evp.pkey->pkey.rsa;
-+ RSA *rsa = EVP_PKEY_get0_RSA(evp.pkey);
- SecureArray buf = in;
- int max = maximumEncryptSize(alg);
-
-@@ -1900,7 +2054,7 @@ class RSAKey : public RSAContext (public)
-
- virtual bool decrypt(const SecureArray &in, SecureArray *out, EncryptionAlgorithm alg)
- {
-- RSA *rsa = evp.pkey->pkey.rsa;
-+ RSA *rsa = EVP_PKEY_get0_RSA(evp.pkey);
- SecureArray result(RSA_size(rsa));
- int pad;
-
-@@ -2021,14 +2175,10 @@ class RSAKey : public RSAContext (public)
- evp.reset();
-
- RSA *rsa = RSA_new();
-- rsa->n = bi2bn(n);
-- rsa->e = bi2bn(e);
-- rsa->p = bi2bn(p);
-- rsa->q = bi2bn(q);
-- rsa->d = bi2bn(d);
--
-- if(!rsa->n || !rsa->e || !rsa->p || !rsa->q || !rsa->d)
-+ if(RSA_set0_key(rsa, bi2bn(n), bi2bn(e), bi2bn(d)) == 0
-+ || RSA_set0_factors(rsa, bi2bn(p), bi2bn(q)) == 0)
- {
-+ // Free BIGNUMS?
- RSA_free(rsa);
- return;
- }
-@@ -2036,7 +2186,7 @@ class RSAKey : public RSAContext (public)
- // When private key has no Public Exponent (e) or Private Exponent (d)
- // need to disable blinding. Otherwise decryption will be broken.
- // http://www.mail-archive.com/openssl-users@openssl.org/msg63530.html
-- if(BN_is_zero(rsa->e) || BN_is_zero(rsa->d))
-+ if(e == BigInteger(0) || d == BigInteger(0))
- RSA_blinding_off(rsa);
-
- evp.pkey = EVP_PKEY_new();
-@@ -2049,10 +2199,7 @@ class RSAKey : public RSAContext (public)
- evp.reset();
-
- RSA *rsa = RSA_new();
-- rsa->n = bi2bn(n);
-- rsa->e = bi2bn(e);
--
-- if(!rsa->n || !rsa->e)
-+ if(RSA_set0_key(rsa, bi2bn(n), bi2bn(e), NULL) == 0)
- {
- RSA_free(rsa);
- return;
-@@ -2065,27 +2212,42 @@ class RSAKey : public RSAContext (public)
-
- virtual BigInteger n() const
- {
-- return bn2bi(evp.pkey->pkey.rsa->n);
-+ RSA *rsa = EVP_PKEY_get0_RSA(evp.pkey);
-+ const BIGNUM *bnn;
-+ RSA_get0_key(rsa, &bnn, NULL, NULL);
-+ return bn2bi(bnn);
- }
-
- virtual BigInteger e() const
- {
-- return bn2bi(evp.pkey->pkey.rsa->e);
-+ RSA *rsa = EVP_PKEY_get0_RSA(evp.pkey);
-+ const BIGNUM *bne;
-+ RSA_get0_key(rsa, NULL, &bne, NULL);
-+ return bn2bi(bne);
- }
-
- virtual BigInteger p() const
- {
-- return bn2bi(evp.pkey->pkey.rsa->p);
-+ RSA *rsa = EVP_PKEY_get0_RSA(evp.pkey);
-+ const BIGNUM *bnp;
-+ RSA_get0_factors(rsa, &bnp, NULL);
-+ return bn2bi(bnp);
- }
-
- virtual BigInteger q() const
- {
-- return bn2bi(evp.pkey->pkey.rsa->q);
-+ RSA *rsa = EVP_PKEY_get0_RSA(evp.pkey);
-+ const BIGNUM *bnq;
-+ RSA_get0_factors(rsa, NULL, &bnq);
-+ return bn2bi(bnq);
- }
-
- virtual BigInteger d() const
- {
-- return bn2bi(evp.pkey->pkey.rsa->d);
-+ RSA *rsa = EVP_PKEY_get0_RSA(evp.pkey);
-+ const BIGNUM *bnd;
-+ RSA_get0_key(rsa, NULL, NULL, &bnd);
-+ return bn2bi(bnd);
- }
-
- private slots:
-@@ -2134,10 +2296,12 @@ class DSAKeyMaker : public QThread (public)
- virtual void run()
- {
- DSA *dsa = DSA_new();
-- dsa->p = bi2bn(domain.p());
-- dsa->q = bi2bn(domain.q());
-- dsa->g = bi2bn(domain.g());
-- if(!DSA_generate_key(dsa))
-+ BIGNUM *pne = bi2bn(domain.p()),
-+ *qne = bi2bn(domain.q()),
-+ *gne = bi2bn(domain.g());
-+
-+ if(!DSA_set0_pqg(dsa, pne, qne, gne)
-+ || !DSA_generate_key(dsa))
- {
- DSA_free(dsa);
- return;
-@@ -2212,10 +2376,11 @@ class DSAKey : public DSAContext (public)
- return;
-
- // extract the public key into DER format
-- int len = i2d_DSAPublicKey(evp.pkey->pkey.dsa, NULL);
-+ DSA *dsa_pkey = EVP_PKEY_get0_DSA(evp.pkey);
-+ int len = i2d_DSAPublicKey(dsa_pkey, NULL);
- SecureArray result(len);
- unsigned char *p = (unsigned char *)result.data();
-- i2d_DSAPublicKey(evp.pkey->pkey.dsa, &p);
-+ i2d_DSAPublicKey(dsa_pkey, &p);
- p = (unsigned char *)result.data();
-
- // put the DER public key back into openssl
-@@ -2244,7 +2409,7 @@ class DSAKey : public DSAContext (public)
- else
- transformsig = false;
-
-- evp.startSign(EVP_dss1());
-+ evp.startSign(EVP_sha1());
- }
-
- virtual void startVerify(SignatureAlgorithm, SignatureFormat format)
-@@ -2255,7 +2420,7 @@ class DSAKey : public DSAContext (public)
- else
- transformsig = false;
-
-- evp.startVerify(EVP_dss1());
-+ evp.startVerify(EVP_sha1());
- }
-
- virtual void update(const MemoryRegion &in)
-@@ -2305,13 +2470,14 @@ class DSAKey : public DSAContext (public)
- evp.reset();
-
- DSA *dsa = DSA_new();
-- dsa->p = bi2bn(domain.p());
-- dsa->q = bi2bn(domain.q());
-- dsa->g = bi2bn(domain.g());
-- dsa->pub_key = bi2bn(y);
-- dsa->priv_key = bi2bn(x);
-+ BIGNUM *bnp = bi2bn(domain.p());
-+ BIGNUM *bnq = bi2bn(domain.q());
-+ BIGNUM *bng = bi2bn(domain.g());
-+ BIGNUM *bnpub_key = bi2bn(y);
-+ BIGNUM *bnpriv_key = bi2bn(x);
-
-- if(!dsa->p || !dsa->q || !dsa->g || !dsa->pub_key || !dsa->priv_key)
-+ if(!DSA_set0_pqg(dsa, bnp, bnq, bng)
-+ || !DSA_set0_key(dsa, bnpub_key, bnpriv_key))
- {
- DSA_free(dsa);
- return;
-@@ -2327,12 +2493,13 @@ class DSAKey : public DSAContext (public)
- evp.reset();
-
- DSA *dsa = DSA_new();
-- dsa->p = bi2bn(domain.p());
-- dsa->q = bi2bn(domain.q());
-- dsa->g = bi2bn(domain.g());
-- dsa->pub_key = bi2bn(y);
-+ BIGNUM *bnp = bi2bn(domain.p());
-+ BIGNUM *bnq = bi2bn(domain.q());
-+ BIGNUM *bng = bi2bn(domain.g());
-+ BIGNUM *bnpub_key = bi2bn(y);
-
-- if(!dsa->p || !dsa->q || !dsa->g || !dsa->pub_key)
-+ if(!DSA_set0_pqg(dsa, bnp, bnq, bng)
-+ || !DSA_set0_key(dsa, bnpub_key, NULL))
- {
- DSA_free(dsa);
- return;
-@@ -2345,17 +2512,26 @@ class DSAKey : public DSAContext (public)
-
- virtual DLGroup domain() const
- {
-- return DLGroup(bn2bi(evp.pkey->pkey.dsa->p), bn2bi(evp.pkey->pkey.dsa->q), bn2bi(evp.pkey->pkey.dsa->g));
-+ DSA *dsa = EVP_PKEY_get0_DSA(evp.pkey);
-+ const BIGNUM *bnp, *bnq, *bng;
-+ DSA_get0_pqg(dsa, &bnp, &bnq, &bng);
-+ return DLGroup(bn2bi(bnp), bn2bi(bnq), bn2bi(bng));
- }
-
- virtual BigInteger y() const
- {
-- return bn2bi(evp.pkey->pkey.dsa->pub_key);
-+ DSA *dsa = EVP_PKEY_get0_DSA(evp.pkey);
-+ const BIGNUM *bnpub_key;
-+ DSA_get0_key(dsa, &bnpub_key, NULL);
-+ return bn2bi(bnpub_key);
- }
-
- virtual BigInteger x() const
- {
-- return bn2bi(evp.pkey->pkey.dsa->priv_key);
-+ DSA *dsa = EVP_PKEY_get0_DSA(evp.pkey);
-+ const BIGNUM *bnpriv_key;
-+ DSA_get0_key(dsa, NULL, &bnpriv_key);
-+ return bn2bi(bnpriv_key);
- }
-
- private slots:
-@@ -2404,9 +2580,10 @@ class DHKeyMaker : public QThread (public)
- virtual void run()
- {
- DH *dh = DH_new();
-- dh->p = bi2bn(domain.p());
-- dh->g = bi2bn(domain.g());
-- if(!DH_generate_key(dh))
-+ BIGNUM *bnp = bi2bn(domain.p());
-+ BIGNUM *bng = bi2bn(domain.g());
-+ if(!DH_set0_pqg(dh, bnp, NULL, bng)
-+ || !DH_generate_key(dh))
- {
- DH_free(dh);
- return;
-@@ -2478,12 +2655,15 @@ class DHKey : public DHContext (public)
- if(!sec)
- return;
-
-- DH *orig = evp.pkey->pkey.dh;
-+ DH *orig = EVP_PKEY_get0_DH(evp.pkey);
- DH *dh = DH_new();
-- dh->p = BN_dup(orig->p);
-- dh->g = BN_dup(orig->g);
-- dh->pub_key = BN_dup(orig->pub_key);
-+ const BIGNUM *bnp, *bng, *bnpub_key;
-+ DH_get0_pqg(orig, &bnp, NULL, &bng);
-+ DH_get0_key(orig, &bnpub_key, NULL);
-
-+ DH_set0_key(dh, BN_dup(bnpub_key), NULL);
-+ DH_set0_pqg(dh, BN_dup(bnp), NULL, BN_dup(bng));
-+
- evp.reset();
-
- evp.pkey = EVP_PKEY_new();
-@@ -2498,10 +2678,13 @@ class DHKey : public DHContext (public)
-
- virtual SymmetricKey deriveKey(const PKeyBase &theirs)
- {
-- DH *dh = evp.pkey->pkey.dh;
-- DH *them = static_cast<const DHKey *>(&theirs)->evp.pkey->pkey.dh;
-+ DH *dh = EVP_PKEY_get0_DH(evp.pkey);
-+ DH *them = EVP_PKEY_get0_DH(static_cast<const DHKey *>(&theirs)->evp.pkey);
-+ const BIGNUM *bnpub_key;
-+ DH_get0_key(them, &bnpub_key, NULL);
-+
- SecureArray result(DH_size(dh));
-- int ret = DH_compute_key((unsigned char *)result.data(), them->pub_key, dh);
-+ int ret = DH_compute_key((unsigned char *)result.data(), bnpub_key, dh);
- if(ret <= 0)
- return SymmetricKey();
- result.resize(ret);
-@@ -2531,12 +2714,13 @@ class DHKey : public DHContext (public)
- evp.reset();
-
- DH *dh = DH_new();
-- dh->p = bi2bn(domain.p());
-- dh->g = bi2bn(domain.g());
-- dh->pub_key = bi2bn(y);
-- dh->priv_key = bi2bn(x);
-+ BIGNUM *bnp = bi2bn(domain.p());
-+ BIGNUM *bng = bi2bn(domain.g());
-+ BIGNUM *bnpub_key = bi2bn(y);
-+ BIGNUM *bnpriv_key = bi2bn(x);
-
-- if(!dh->p || !dh->g || !dh->pub_key || !dh->priv_key)
-+ if(!DH_set0_key(dh, bnpub_key, bnpriv_key)
-+ || !DH_set0_pqg(dh, bnp, NULL, bng))
- {
- DH_free(dh);
- return;
-@@ -2552,11 +2736,12 @@ class DHKey : public DHContext (public)
- evp.reset();
-
- DH *dh = DH_new();
-- dh->p = bi2bn(domain.p());
-- dh->g = bi2bn(domain.g());
-- dh->pub_key = bi2bn(y);
-+ BIGNUM *bnp = bi2bn(domain.p());
-+ BIGNUM *bng = bi2bn(domain.g());
-+ BIGNUM *bnpub_key = bi2bn(y);
-
-- if(!dh->p || !dh->g || !dh->pub_key)
-+ if(!DH_set0_key(dh, bnpub_key, NULL)
-+ || !DH_set0_pqg(dh, bnp, NULL, bng))
- {
- DH_free(dh);
- return;
-@@ -2569,17 +2754,26 @@ class DHKey : public DHContext (public)
-
- virtual DLGroup domain() const
- {
-- return DLGroup(bn2bi(evp.pkey->pkey.dh->p), bn2bi(evp.pkey->pkey.dh->g));
-+ DH *dh = EVP_PKEY_get0_DH(evp.pkey);
-+ const BIGNUM *bnp, *bng;
-+ DH_get0_pqg(dh, &bnp, NULL, &bng);
-+ return DLGroup(bn2bi(bnp), bn2bi(bng));
- }
-
- virtual BigInteger y() const
- {
-- return bn2bi(evp.pkey->pkey.dh->pub_key);
-+ DH *dh = EVP_PKEY_get0_DH(evp.pkey);
-+ const BIGNUM *bnpub_key;
-+ DH_get0_key(dh, &bnpub_key, NULL);
-+ return bn2bi(bnpub_key);
- }
-
- virtual BigInteger x() const
- {
-- return bn2bi(evp.pkey->pkey.dh->priv_key);
-+ DH *dh = EVP_PKEY_get0_DH(evp.pkey);
-+ const BIGNUM *bnpriv_key;
-+ DH_get0_key(dh, NULL, &bnpriv_key);
-+ return bn2bi(bnpriv_key);
- }
-
- private slots:
-@@ -2618,10 +2812,14 @@ class QCA_RSA_METHOD (public)
- {
- key = _key;
- RSA_set_method(rsa, rsa_method());
-+#ifndef OSSL_110
- rsa->flags |= RSA_FLAG_SIGN_VER;
-+#endif
- RSA_set_app_data(rsa, this);
-- rsa->n = bi2bn(_key.n());
-- rsa->e = bi2bn(_key.e());
-+ BIGNUM *bnn = bi2bn(_key.n());
-+ BIGNUM *bne = bi2bn(_key.e());
-+
-+ RSA_set0_key(rsa, bnn, bne, NULL);
- }
-
- RSA_METHOD *rsa_method()
-@@ -2630,12 +2828,16 @@ class QCA_RSA_METHOD (public)
-
- if(!ops)
- {
-- ops = new RSA_METHOD(*RSA_get_default_method());
-- ops->rsa_priv_enc = 0;//pkcs11_rsa_encrypt;
-- ops->rsa_priv_dec = rsa_priv_dec;
-- ops->rsa_sign = rsa_sign;
-- ops->rsa_verify = 0;//pkcs11_rsa_verify;
-- ops->finish = rsa_finish;
-+ ops = RSA_meth_dup(RSA_get_default_method());
-+ RSA_meth_set_priv_enc(ops, NULL); //pkcs11_rsa_encrypt
-+ RSA_meth_set_priv_dec(ops, rsa_priv_dec); //pkcs11_rsa_encrypt
-+#ifdef OSSL_110
-+ RSA_meth_set_sign(ops, NULL);
-+#else
-+ RSA_meth_set_sign(ops, rsa_sign);
-+#endif
-+ RSA_meth_set_verify(ops, NULL); //pkcs11_rsa_verify
-+ RSA_meth_set_finish(ops, rsa_finish);
- }
- return ops;
- }
-@@ -2654,7 +2856,11 @@ class QCA_RSA_METHOD (public)
- }
- else
- {
-+#if OPENSSL_VERSION_NUMBER > 0x10100000L
-+ RSAerr(RSA_F_RSA_OSSL_PRIVATE_DECRYPT, RSA_R_UNKNOWN_PADDING_TYPE);
-+#else
- RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT, RSA_R_UNKNOWN_PADDING_TYPE);
-+#endif
- return -1;
- }
-
-@@ -2675,6 +2881,7 @@ class QCA_RSA_METHOD (public)
- return -1;
- }
-
-+#ifndef OSSL_110
- static int rsa_sign(int type, const unsigned char *m, unsigned int m_len, unsigned char *sigret, unsigned int *siglen, const RSA *rsa)
- {
- QCA_RSA_METHOD *self = (QCA_RSA_METHOD *)RSA_get_app_data(rsa);
-@@ -2691,7 +2898,6 @@ class QCA_RSA_METHOD (public)
- }
- else
- {
--
- // make X509 packet
- X509_SIG sig;
- ASN1_TYPE parameter;
-@@ -2765,6 +2971,7 @@ class QCA_RSA_METHOD (public)
-
- return 1;
- }
-+#endif
-
- static int rsa_finish(RSA *rsa)
- {
-@@ -2866,21 +3073,22 @@ class MyPKeyContext : public PKeyContext (public)
- PKeyBase *pkeyToBase(EVP_PKEY *pkey, bool sec) const
- {
- PKeyBase *nk = 0;
-- if(pkey->type == EVP_PKEY_RSA)
-+ int pkey_type = EVP_PKEY_type(EVP_PKEY_id(pkey));
-+ if(pkey_type == EVP_PKEY_RSA)
- {
- RSAKey *c = new RSAKey(provider());
- c->evp.pkey = pkey;
- c->sec = sec;
- nk = c;
- }
-- else if(pkey->type == EVP_PKEY_DSA)
-+ else if(pkey_type == EVP_PKEY_DSA)
- {
- DSAKey *c = new DSAKey(provider());
- c->evp.pkey = pkey;
- c->sec = sec;
- nk = c;
- }
-- else if(pkey->type == EVP_PKEY_DH)
-+ else if(pkey_type == EVP_PKEY_DH)
- {
- DHKey *c = new DHKey(provider());
- c->evp.pkey = pkey;
-@@ -2898,8 +3106,10 @@ class MyPKeyContext : public PKeyContext (public)
- {
- EVP_PKEY *pkey = get_pkey();
-
-+ int pkey_type = EVP_PKEY_type(EVP_PKEY_id(pkey));
-+
- // OpenSSL does not have DH import/export support
-- if(pkey->type == EVP_PKEY_DH)
-+ if(pkey_type == EVP_PKEY_DH)
- return QByteArray();
-
- BIO *bo = BIO_new(BIO_s_mem());
-@@ -2912,8 +3122,10 @@ class MyPKeyContext : public PKeyContext (public)
- {
- EVP_PKEY *pkey = get_pkey();
-
-+ int pkey_type = EVP_PKEY_type(EVP_PKEY_id(pkey));
-+
- // OpenSSL does not have DH import/export support
-- if(pkey->type == EVP_PKEY_DH)
-+ if(pkey_type == EVP_PKEY_DH)
- return QString();
-
- BIO *bo = BIO_new(BIO_s_mem());
-@@ -2978,9 +3190,10 @@ class MyPKeyContext : public PKeyContext (public)
- return SecureArray();
-
- EVP_PKEY *pkey = get_pkey();
-+ int pkey_type = EVP_PKEY_type(EVP_PKEY_id(pkey));
-
- // OpenSSL does not have DH import/export support
-- if(pkey->type == EVP_PKEY_DH)
-+ if(pkey_type == EVP_PKEY_DH)
- return SecureArray();
-
- BIO *bo = BIO_new(BIO_s_mem());
-@@ -3007,9 +3220,10 @@ class MyPKeyContext : public PKeyContext (public)
- return QString();
-
- EVP_PKEY *pkey = get_pkey();
-+ int pkey_type = EVP_PKEY_type(EVP_PKEY_id(pkey));
-
- // OpenSSL does not have DH import/export support
-- if(pkey->type == EVP_PKEY_DH)
-+ if(pkey_type == EVP_PKEY_DH)
- return QString();
-
- BIO *bo = BIO_new(BIO_s_mem());
-@@ -3110,11 +3324,18 @@ class X509Item (public)
- crl = from.crl;
-
- if(cert)
-- CRYPTO_add(&cert->references, 1, CRYPTO_LOCK_X509);
-+ X509_up_ref(cert);
- if(req)
-+ {
-+#ifdef OSSL_110
-+ // Not exposed, so copy
-+ req = X509_REQ_dup(req);
-+#else
- CRYPTO_add(&req->references, 1, CRYPTO_LOCK_X509_REQ);
-+#endif
-+ }
- if(crl)
-- CRYPTO_add(&crl->references, 1, CRYPTO_LOCK_X509_CRL);
-+ X509_CRL_up_ref(crl);
- }
-
- return *this;
-@@ -3220,7 +3441,7 @@ class X509Item (public)
- //
- // This code is mostly taken from OpenSSL v0.9.5a
- // by Eric Young
--QDateTime ASN1_UTCTIME_QDateTime(ASN1_UTCTIME *tm, int *isGmt)
-+QDateTime ASN1_UTCTIME_QDateTime(const ASN1_UTCTIME *tm, int *isGmt)
- {
- QDateTime qdt;
- char *v;
-@@ -3318,7 +3539,7 @@ class MyCertContext : public CertContext (public)
-
- void fromX509(X509 *x)
- {
-- CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
-+ X509_up_ref(x);
- item.cert = x;
- make_props();
- }
-@@ -3349,7 +3570,7 @@ class MyCertContext : public CertContext (public)
- if(priv.key()->type() == PKey::RSA)
- md = EVP_sha1();
- else if(priv.key()->type() == PKey::DSA)
-- md = EVP_dss1();
-+ md = EVP_sha1();
- else
- return false;
-
-@@ -3480,7 +3701,7 @@ class MyCertContext : public CertContext (public)
-
- const MyCertContext *our_cc = this;
- X509 *x = our_cc->item.cert;
-- CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
-+ X509_up_ref(x);
- sk_X509_push(untrusted_list, x);
-
- const MyCertContext *other_cc = static_cast<const MyCertContext *>(other);
-@@ -3595,14 +3816,31 @@ class MyCertContext : public CertContext (public)
- p.policies = get_cert_policies(ex);
- }
-
-- if (x->signature)
-+#if OPENSSL_VERSION_NUMBER >= 0x10002000L
-+#ifdef OSSL_110
-+ const
-+#endif
-+ ASN1_BIT_STRING *signature;
-+
-+ X509_get0_signature(&signature, NULL, x);
-+ if(signature)
- {
-+ p.sig = QByteArray(signature->length, 0);
-+ for (int i=0; i< signature->length; i++)
-+ p.sig[i] = signature->data[i];
-+ }
-+
-+ switch( X509_get_signature_nid(x) )
-+#else
-+ if(x->signature)
-+ {
- p.sig = QByteArray(x->signature->length, 0);
- for (int i=0; i< x->signature->length; i++)
- p.sig[i] = x->signature->data[i];
- }
-
- switch( OBJ_obj2nid(x->cert_info->signature->algorithm) )
-+#endif
- {
- case NID_sha1WithRSAEncryption:
- p.sigalgo = QCA::EMSA3_SHA1;
-@@ -3634,7 +3872,11 @@ class MyCertContext : public CertContext (public)
- p.sigalgo = QCA::EMSA3_SHA512;
- break;
- default:
-+#if OPENSSL_VERSION_NUMBER >= 0x10002000L
-+ qDebug() << "Unknown signature value: " << X509_get_signature_nid(x);
-+#else
- qDebug() << "Unknown signature value: " << OBJ_obj2nid(x->cert_info->signature->algorithm);
-+#endif
- p.sigalgo = QCA::SignatureUnknown;
- }
-
-@@ -3751,7 +3993,7 @@ class MyCAContext : public CAContext (public)
- if(privateKey -> key()->type() == PKey::RSA)
- md = EVP_sha1();
- else if(privateKey -> key()->type() == PKey::DSA)
-- md = EVP_dss1();
-+ md = EVP_sha1();
- else
- return 0;
-
-@@ -3934,7 +4176,7 @@ class MyCSRContext : public CSRContext (public)
- if(priv.key()->type() == PKey::RSA)
- md = EVP_sha1();
- else if(priv.key()->type() == PKey::DSA)
-- md = EVP_dss1();
-+ md = EVP_sha1();
- else
- return false;
-
-@@ -4095,14 +4337,17 @@ class MyCSRContext : public CSRContext (public)
-
- sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);
-
-- if (x->signature)
-+ const ASN1_BIT_STRING *signature;
-+
-+ X509_REQ_get0_signature(x, &signature, NULL);
-+ if(signature)
- {
-- p.sig = QByteArray(x->signature->length, 0);
-- for (int i=0; i< x->signature->length; i++)
-- p.sig[i] = x->signature->data[i];
-+ p.sig = QByteArray(signature->length, 0);
-+ for (int i=0; i< signature->length; i++)
-+ p.sig[i] = signature->data[i];
- }
-
-- switch( OBJ_obj2nid(x->sig_alg->algorithm) )
-+ switch( X509_REQ_get_signature_nid(x) )
- {
- case NID_sha1WithRSAEncryption:
- p.sigalgo = QCA::EMSA3_SHA1;
-@@ -4122,7 +4367,7 @@ class MyCSRContext : public CSRContext (public)
- p.sigalgo = QCA::EMSA1_SHA1;
- break;
- default:
-- qDebug() << "Unknown signature value: " << OBJ_obj2nid(x->sig_alg->algorithm);
-+ qDebug() << "Unknown signature value: " << X509_REQ_get_signature_nid(x);
- p.sigalgo = QCA::SignatureUnknown;
- }
-
-@@ -4186,7 +4431,7 @@ class MyCRLContext : public CRLContext (public)
-
- void fromX509(X509_CRL *x)
- {
-- CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509_CRL);
-+ X509_CRL_up_ref(x);
- item.crl = x;
- make_props();
- }
-@@ -4238,8 +4483,8 @@ class MyCRLContext : public CRLContext (public)
-
- for (int i = 0; i < sk_X509_REVOKED_num(revokeStack); ++i) {
- X509_REVOKED *rev = sk_X509_REVOKED_value(revokeStack, i);
-- BigInteger serial = bn2bi(ASN1_INTEGER_to_BN(rev->serialNumber, NULL));
-- QDateTime time = ASN1_UTCTIME_QDateTime( rev->revocationDate, NULL);
-+ BigInteger serial = bn2bi(ASN1_INTEGER_to_BN(X509_REVOKED_get0_serialNumber(rev), NULL));
-+ QDateTime time = ASN1_UTCTIME_QDateTime( X509_REVOKED_get0_revocationDate(rev), NULL);
- QCA::CRLEntry::Reason reason = QCA::CRLEntry::Unspecified;
- int pos = X509_REVOKED_get_ext_by_NID(rev, NID_crl_reason, -1);
- if (pos != -1) {
-@@ -4288,13 +4533,18 @@ class MyCRLContext : public CRLContext (public)
- p.revoked.append(thisEntry);
- }
-
-- if (x->signature)
-+ const ASN1_BIT_STRING *signature;
-+
-+ X509_CRL_get0_signature(x, &signature, NULL);
-+ if(signature)
- {
-- p.sig = QByteArray(x->signature->length, 0);
-- for (int i=0; i< x->signature->length; i++)
-- p.sig[i] = x->signature->data[i];
-+ p.sig = QByteArray(signature->length, 0);
-+ for (int i=0; i< signature->length; i++)
-+ p.sig[i] = signature->data[i];
- }
-- switch( OBJ_obj2nid(x->sig_alg->algorithm) )
-+
-+
-+ switch( X509_CRL_get_signature_nid(x) )
- {
- case NID_sha1WithRSAEncryption:
- p.sigalgo = QCA::EMSA3_SHA1;
-@@ -4326,7 +4576,7 @@ class MyCRLContext : public CRLContext (public)
- p.sigalgo = QCA::EMSA3_SHA512;
- break;
- default:
-- qWarning() << "Unknown signature value: " << OBJ_obj2nid(x->sig_alg->algorithm);
-+ qWarning() << "Unknown signature value: " << X509_CRL_get_signature_nid(x);
- p.sigalgo = QCA::SignatureUnknown;
- }
-
-@@ -4487,21 +4737,21 @@ Validity MyCertContext::validate(const QList<CertConte
- {
- const MyCertContext *cc = static_cast<const MyCertContext *>(trusted[n]);
- X509 *x = cc->item.cert;
-- CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
-+ X509_up_ref(x);
- sk_X509_push(trusted_list, x);
- }
- for(n = 0; n < untrusted.count(); ++n)
- {
- const MyCertContext *cc = static_cast<const MyCertContext *>(untrusted[n]);
- X509 *x = cc->item.cert;
-- CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
-+ X509_up_ref(x);
- sk_X509_push(untrusted_list, x);
- }
- for(n = 0; n < crls.count(); ++n)
- {
- const MyCRLContext *cc = static_cast<const MyCRLContext *>(crls[n]);
- X509_CRL *x = cc->item.crl;
-- CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509_CRL);
-+ X509_CRL_up_ref(x);
- crl_list.append(x);
- }
-
-@@ -4526,7 +4776,7 @@ Validity MyCertContext::validate(const QList<CertConte
- int ret = X509_verify_cert(ctx);
- int err = -1;
- if(!ret)
-- err = ctx->error;
-+ err = X509_STORE_CTX_get_error(ctx);
-
- // cleanup
- X509_STORE_CTX_free(ctx);
-@@ -4560,21 +4810,21 @@ Validity MyCertContext::validate_chain(const QList<Cer
- {
- const MyCertContext *cc = static_cast<const MyCertContext *>(trusted[n]);
- X509 *x = cc->item.cert;
-- CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
-+ X509_up_ref(x);
- sk_X509_push(trusted_list, x);
- }
- for(n = 1; n < chain.count(); ++n)
- {
- const MyCertContext *cc = static_cast<const MyCertContext *>(chain[n]);
- X509 *x = cc->item.cert;
-- CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
-+ X509_up_ref(x);
- sk_X509_push(untrusted_list, x);
- }
- for(n = 0; n < crls.count(); ++n)
- {
- const MyCRLContext *cc = static_cast<const MyCRLContext *>(crls[n]);
- X509_CRL *x = cc->item.crl;
-- CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509_CRL);
-+ X509_CRL_up_ref(x);
- crl_list.append(x);
- }
-
-@@ -4599,7 +4849,7 @@ Validity MyCertContext::validate_chain(const QList<Cer
- int ret = X509_verify_cert(ctx);
- int err = -1;
- if(!ret)
-- err = ctx->error;
-+ err = X509_STORE_CTX_get_error(ctx);
-
- // grab the chain, which may not be fully populated
- STACK_OF(X509) *xchain = X509_STORE_CTX_get_chain(ctx);
-@@ -4663,7 +4913,7 @@ class MyPKCS12Context : public PKCS12Context (public)
- for(int n = 1; n < chain.count(); ++n)
- {
- X509 *x = static_cast<const MyCertContext *>(chain[n])->item.cert;
-- CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
-+ X509_up_ref(x);
- sk_X509_push(ca, x);
- }
- }
-@@ -5398,7 +5648,7 @@ class MyTLSContext : public TLSContext (public)
- OpenSSL_add_ssl_algorithms();
- SSL_CTX *ctx = 0;
- switch (version) {
--#ifndef OPENSSL_NO_SSL2
-+#if !defined(OPENSSL_NO_SSL2) && !defined(OSSL_110)
- case TLS::SSL_v2:
- ctx = SSL_CTX_new(SSLv2_client_method());
- break;
-@@ -5429,8 +5679,8 @@ class MyTLSContext : public TLSContext (public)
- STACK_OF(SSL_CIPHER) *sk = SSL_get_ciphers(ssl);
- QStringList cipherList;
- for(int i = 0; i < sk_SSL_CIPHER_num(sk); ++i) {
-- SSL_CIPHER *thisCipher = sk_SSL_CIPHER_value(sk, i);
-- cipherList += cipherIDtoString(version, thisCipher->id);
-+ const SSL_CIPHER *thisCipher = sk_SSL_CIPHER_value(sk, i);
-+ cipherList += cipherIDtoString(version, SSL_CIPHER_get_id(thisCipher));
- }
-
- SSL_free(ssl);
-@@ -5807,13 +6057,15 @@ class MyTLSContext : public TLSContext (public)
- {
- SessionInfo sessInfo;
-
-- sessInfo.isCompressed = (0 != SSL_SESSION_get_compress_id(ssl->session));
-+ SSL_SESSION *session = SSL_get0_session(ssl);
-+ sessInfo.isCompressed = (0 != SSL_SESSION_get_compress_id(session));
-+ int ssl_version = SSL_version(ssl);
-
-- if (ssl->version == TLS1_VERSION)
-+ if (ssl_version == TLS1_VERSION)
- sessInfo.version = TLS::TLS_v1;
-- else if (ssl->version == SSL3_VERSION)
-+ else if (ssl_version == SSL3_VERSION)
- sessInfo.version = TLS::SSL_v3;
-- else if (ssl->version == SSL2_VERSION)
-+ else if (ssl_version == SSL2_VERSION)
- sessInfo.version = TLS::SSL_v2;
- else {
- qDebug("unexpected version response");
-@@ -5821,7 +6073,7 @@ class MyTLSContext : public TLSContext (public)
- }
-
- sessInfo.cipherSuite = cipherIDtoString( sessInfo.version,
-- SSL_get_current_cipher(ssl)->id);
-+ SSL_CIPHER_get_id(SSL_get_current_cipher(ssl)));
-
- sessInfo.cipherMaxBits = SSL_get_cipher_bits(ssl, &(sessInfo.cipherBits));
-
-@@ -6393,7 +6645,7 @@ class MyMessageContext : public MessageContext (public
- for(int n = 0; n < nonroots.count(); ++n)
- {
- X509 *x = static_cast<MyCertContext *>(nonroots[n].context())->item.cert;
-- CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
-+ X509_up_ref(x);
- sk_X509_push(other_certs, x);
- }
-
-@@ -6435,7 +6687,7 @@ class MyMessageContext : public MessageContext (public
-
- other_certs = sk_X509_new_null();
- X509 *x = static_cast<MyCertContext *>(target.context())->item.cert;
-- CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
-+ X509_up_ref(x);
- sk_X509_push(other_certs, x);
-
- bi = BIO_new(BIO_s_mem());
-@@ -6498,7 +6750,7 @@ class MyMessageContext : public MessageContext (public
- for(int n = 0; n < untrusted_list.count(); ++n)
- {
- X509 *x = static_cast<MyCertContext *>(untrusted_list[n].context())->item.cert;
-- CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
-+ X509_up_ref(x);
- sk_X509_push(other_certs, x);
- }
-
-@@ -6749,14 +7001,27 @@ class opensslCipherContext : public CipherContext (pub
- opensslCipherContext(const EVP_CIPHER *algorithm, const int pad, Provider *p, const QString &type) : CipherContext(p, type)
- {
- m_cryptoAlgorithm = algorithm;
-- EVP_CIPHER_CTX_init(&m_context);
-+ m_context = EVP_CIPHER_CTX_new();
-+ EVP_CIPHER_CTX_init(m_context);
- m_pad = pad;
- m_type = type;
- }
-
-+ opensslCipherContext(const opensslCipherContext &other)
-+ : CipherContext(other)
-+ {
-+ m_cryptoAlgorithm = other.m_cryptoAlgorithm;
-+ m_context = EVP_CIPHER_CTX_new();
-+ EVP_CIPHER_CTX_copy(m_context, other.m_context);
-+ m_direction = other.m_direction;
-+ m_pad = other.m_pad;
-+ m_type = other.m_type;
-+ }
-+
- ~opensslCipherContext()
- {
-- EVP_CIPHER_CTX_cleanup(&m_context);
-+ EVP_CIPHER_CTX_cleanup(m_context);
-+ EVP_CIPHER_CTX_free(m_context);
- }
-
- void setup(Direction dir,
-@@ -6769,20 +7034,20 @@ class opensslCipherContext : public CipherContext (pub
- m_cryptoAlgorithm = EVP_des_ede();
- }
- if (Encode == m_direction) {
-- EVP_EncryptInit_ex(&m_context, m_cryptoAlgorithm, 0, 0, 0);
-- EVP_CIPHER_CTX_set_key_length(&m_context, key.size());
-- EVP_EncryptInit_ex(&m_context, 0, 0,
-+ EVP_EncryptInit_ex(m_context, m_cryptoAlgorithm, 0, 0, 0);
-+ EVP_CIPHER_CTX_set_key_length(m_context, key.size());
-+ EVP_EncryptInit_ex(m_context, 0, 0,
- (const unsigned char*)(key.data()),
- (const unsigned char*)(iv.data()));
- } else {
-- EVP_DecryptInit_ex(&m_context, m_cryptoAlgorithm, 0, 0, 0);
-- EVP_CIPHER_CTX_set_key_length(&m_context, key.size());
-- EVP_DecryptInit_ex(&m_context, 0, 0,
-+ EVP_DecryptInit_ex(m_context, m_cryptoAlgorithm, 0, 0, 0);
-+ EVP_CIPHER_CTX_set_key_length(m_context, key.size());
-+ EVP_DecryptInit_ex(m_context, 0, 0,
- (const unsigned char*)(key.data()),
- (const unsigned char*)(iv.data()));
- }
-
-- EVP_CIPHER_CTX_set_padding(&m_context, m_pad);
-+ EVP_CIPHER_CTX_set_padding(m_context, m_pad);
- }
-
- Provider::Context *clone() const
-@@ -6792,7 +7057,7 @@ class opensslCipherContext : public CipherContext (pub
-
- int blockSize() const
- {
-- return EVP_CIPHER_CTX_block_size(&m_context);
-+ return EVP_CIPHER_CTX_block_size(m_context);
- }
-
- bool update(const SecureArray &in, SecureArray *out)
-@@ -6805,7 +7070,7 @@ class opensslCipherContext : public CipherContext (pub
- out->resize(in.size()+blockSize());
- int resultLength;
- if (Encode == m_direction) {
-- if (0 == EVP_EncryptUpdate(&m_context,
-+ if (0 == EVP_EncryptUpdate(m_context,
- (unsigned char*)out->data(),
- &resultLength,
- (unsigned char*)in.data(),
-@@ -6813,7 +7078,7 @@ class opensslCipherContext : public CipherContext (pub
- return false;
- }
- } else {
-- if (0 == EVP_DecryptUpdate(&m_context,
-+ if (0 == EVP_DecryptUpdate(m_context,
- (unsigned char*)out->data(),
- &resultLength,
- (unsigned char*)in.data(),
-@@ -6830,13 +7095,13 @@ class opensslCipherContext : public CipherContext (pub
- out->resize(blockSize());
- int resultLength;
- if (Encode == m_direction) {
-- if (0 == EVP_EncryptFinal_ex(&m_context,
-+ if (0 == EVP_EncryptFinal_ex(m_context,
- (unsigned char*)out->data(),
- &resultLength)) {
- return false;
- }
- } else {
-- if (0 == EVP_DecryptFinal_ex(&m_context,
-+ if (0 == EVP_DecryptFinal_ex(m_context,
- (unsigned char*)out->data(),
- &resultLength)) {
- return false;
-@@ -6871,7 +7136,7 @@ class opensslCipherContext : public CipherContext (pub
-
-
- protected:
-- EVP_CIPHER_CTX m_context;
-+ EVP_CIPHER_CTX *m_context;
- const EVP_CIPHER *m_cryptoAlgorithm;
- Direction m_direction;
- int m_pad;

File Metadata

Mime Type
text/plain
Expires
Fri, Feb 27, 6:18 AM (13 h, 45 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
29018275
Default Alt Text
D19347.id54494.diff (118 KB)

Event Timeline