diff options
| author | kevku | 2017-11-27 14:50:37 +0200 |
|---|---|---|
| committer | kevku | 2017-11-27 14:50:37 +0200 |
| commit | 00d976ef6e6547473a00033b99daa35277c268b9 (patch) | |
| tree | f66c0b9130ea59d2ca79bac44a6f70a5f4e242e8 | |
| parent | 9b994b39915562aef2e73c2f67f88f6c229fad69 (diff) | |
| download | aur-00d976ef6e6547473a00033b99daa35277c268b9.tar.gz | |
use openssl 1.1
| -rw-r--r-- | .SRCINFO | 20 | ||||
| -rw-r--r-- | PKGBUILD | 39 | ||||
| -rw-r--r-- | xml-security-c-1.7.3_openssl1.1.patch | 1700 | ||||
| -rw-r--r-- | xml-security-c-ac_fixes.patch | 24 | ||||
| -rw-r--r-- | xml-security-c-cxx11.patch (renamed from xmlsec-1.6.1-cxx11.patch) | 2 |
5 files changed, 1759 insertions, 26 deletions
@@ -1,20 +1,24 @@ pkgbase = xml-security-c pkgdesc = C++ Implementation of W3C security standards for XML pkgver = 1.7.3 - pkgrel = 4 + pkgrel = 5 url = http://santuario.apache.org/ arch = i686 arch = x86_64 - license = GPL + license = Apache + depends = xerces-c depends = xalan-c - depends = openssl-1.0 - source = http://www.apache.org/dist/santuario/c-library/xml-security-c-1.7.3.tar.gz - source = http://www.apache.org/dist/santuario/c-library/xml-security-c-1.7.3.tar.gz.asc - source = xmlsec-1.6.1-cxx11.patch + source = https://www.apache.org/dist/santuario/c-library/xml-security-c-1.7.3.tar.gz.asc + source = https://www.apache.org/dist/santuario/c-library/xml-security-c-1.7.3.tar.gz + source = xml-security-c-1.7.3_openssl1.1.patch + source = xml-security-c-ac_fixes.patch + source = xml-security-c-cxx11.patch validpgpkeys = DCAA15007BED9DE690CD9523378B845402277962 - sha256sums = e5226e7319d44f6fd9147a13fb853f5c711b9e75bf60ec273a0ef8a190592583 sha256sums = SKIP - sha256sums = fd9813d980dae148e4cf5f507381f682a81f08bf6c62f20ceaedd384b13961ec + sha256sums = e5226e7319d44f6fd9147a13fb853f5c711b9e75bf60ec273a0ef8a190592583 + sha256sums = 05de31738ccd09702309d00985a52036171bd56e9c59f7eef2a1bf08877ae5de + sha256sums = 6c40f007ea75fc66754c6deba59a96e55229ccb3998e1709e16059c019ad7c1a + sha256sums = dc3789452a4d011c9bbd0ce58f6dfc8bf9f3d392535492d6bfc78ca5135faf08 pkgname = xml-security-c @@ -1,36 +1,39 @@ # Maintainer: kevku <kevku@gmx.com> -# Contributor: Kaiting Chen <kaitocracy@gmail.com> - pkgname='xml-security-c' pkgver='1.7.3' -pkgrel='4' +pkgrel='5' pkgdesc='C++ Implementation of W3C security standards for XML' arch=('i686' 'x86_64') url='http://santuario.apache.org/' -license=('GPL') -depends=('xalan-c' 'openssl-1.0') -source=("http://www.apache.org/dist/santuario/c-library/$pkgname-$pkgver.tar.gz" - "http://www.apache.org/dist/santuario/c-library/$pkgname-$pkgver.tar.gz.asc" - "xmlsec-1.6.1-cxx11.patch") -sha256sums=('e5226e7319d44f6fd9147a13fb853f5c711b9e75bf60ec273a0ef8a190592583' - 'SKIP' - 'fd9813d980dae148e4cf5f507381f682a81f08bf6c62f20ceaedd384b13961ec') +license=('Apache') +depends=('xerces-c' 'xalan-c') +source=("https://www.apache.org/dist/santuario/c-library/$pkgname-$pkgver.tar.gz.asc" + "https://www.apache.org/dist/santuario/c-library/$pkgname-$pkgver.tar.gz" + "xml-security-c-1.7.3_openssl1.1.patch" + "xml-security-c-ac_fixes.patch" + "xml-security-c-cxx11.patch") +sha256sums=('SKIP' + 'e5226e7319d44f6fd9147a13fb853f5c711b9e75bf60ec273a0ef8a190592583' + '05de31738ccd09702309d00985a52036171bd56e9c59f7eef2a1bf08877ae5de' + '6c40f007ea75fc66754c6deba59a96e55229ccb3998e1709e16059c019ad7c1a' + 'dc3789452a4d011c9bbd0ce58f6dfc8bf9f3d392535492d6bfc78ca5135faf08') validpgpkeys=('DCAA15007BED9DE690CD9523378B845402277962') prepare(){ cd "${srcdir}/${pkgname}-${pkgver}" - mkdir -p xsec/yes/lib - sed -i -e 's/-O2 -DNDEBUG/-DNDEBUG/g' configure - patch -p1 -i "${srcdir}/xmlsec-1.6.1-cxx11.patch" + patch -p1 -i "${srcdir}/xml-security-c-cxx11.patch" + patch -p1 -i "${srcdir}/xml-security-c-ac_fixes.patch" + patch -p1 -i "${srcdir}/xml-security-c-1.7.3_openssl1.1.patch" } build() { cd "${srcdir}/${pkgname}-${pkgver}" - export PKG_CONFIG_PATH=/usr/lib/openssl-1.0/pkgconfig ./configure --prefix=/usr \ - --with-openssl \ - --with-xerces \ - --with-xalan \ + --without-nss \ + --with-openssl=/usr \ + --with-xerces=/usr \ + --with-xalan=/usr \ + --disable-debug \ --disable-static make } diff --git a/xml-security-c-1.7.3_openssl1.1.patch b/xml-security-c-1.7.3_openssl1.1.patch new file mode 100644 index 000000000000..03e564dd9054 --- /dev/null +++ b/xml-security-c-1.7.3_openssl1.1.patch @@ -0,0 +1,1700 @@ +diff -U3 -r xml-security-c-1.7.3.orig/xsec/enc/OpenSSL/OpenSSLCryptoBase64.cpp xml-security-c-1.7.3/xsec/enc/OpenSSL/OpenSSLCryptoBase64.cpp +--- xml-security-c-1.7.3.orig/xsec/enc/OpenSSL/OpenSSLCryptoBase64.cpp 2012-07-23 19:56:11.000000000 +0300 ++++ xml-security-c-1.7.3/xsec/enc/OpenSSL/OpenSSLCryptoBase64.cpp 2017-02-19 20:37:10.000000000 +0200 +@@ -44,6 +44,15 @@ + + XERCES_CPP_NAMESPACE_USE + ++OpenSSLCryptoBase64::OpenSSLCryptoBase64() { ++ m_ectx = EVP_ENCODE_CTX_new(); ++ m_dctx = EVP_ENCODE_CTX_new(); ++} ++ ++OpenSSLCryptoBase64::~OpenSSLCryptoBase64() { ++ EVP_ENCODE_CTX_free(m_ectx); ++ EVP_ENCODE_CTX_free(m_dctx); ++} + + // -------------------------------------------------------------------------------- + // Decoding +@@ -51,7 +60,7 @@ + + void OpenSSLCryptoBase64::decodeInit(void) { + +- EVP_DecodeInit(&m_dctx); ++ EVP_DecodeInit(m_dctx); + + } + +@@ -70,7 +79,7 @@ + + } + +- rc = EVP_DecodeUpdate(&m_dctx, ++ rc = EVP_DecodeUpdate(m_dctx, + outData, + &outLen, + (unsigned char *) inData, +@@ -99,7 +108,7 @@ + int outLen; + outLen = outLength; + +- EVP_DecodeFinal(&m_dctx, outData, &outLen); ++ EVP_DecodeFinal(m_dctx, outData, &outLen); + + return outLen; + +@@ -111,7 +120,7 @@ + + void OpenSSLCryptoBase64::encodeInit(void) { + +- EVP_EncodeInit(&m_ectx); ++ EVP_EncodeInit(m_ectx); + + } + +@@ -130,7 +139,7 @@ + + } + +- EVP_EncodeUpdate(&m_ectx, ++ EVP_EncodeUpdate(m_ectx, + outData, + &outLen, + (unsigned char *) inData, +@@ -153,7 +162,7 @@ + int outLen; + outLen = outLength; + +- EVP_EncodeFinal(&m_ectx, outData, &outLen); ++ EVP_EncodeFinal(m_ectx, outData, &outLen); + + return outLen; + +diff -U3 -r xml-security-c-1.7.3.orig/xsec/enc/OpenSSL/OpenSSLCryptoBase64.hpp xml-security-c-1.7.3/xsec/enc/OpenSSL/OpenSSLCryptoBase64.hpp +--- xml-security-c-1.7.3.orig/xsec/enc/OpenSSL/OpenSSLCryptoBase64.hpp 2012-07-23 19:56:11.000000000 +0300 ++++ xml-security-c-1.7.3/xsec/enc/OpenSSL/OpenSSLCryptoBase64.hpp 2017-02-19 10:46:50.000000000 +0200 +@@ -66,8 +66,8 @@ + public : + + +- OpenSSLCryptoBase64() {}; +- virtual ~OpenSSLCryptoBase64() {}; ++ OpenSSLCryptoBase64(); ++ virtual ~OpenSSLCryptoBase64(); + + /** @name Decoding Functions */ + //@{ +@@ -189,20 +189,20 @@ + * \brief Get OpenSSL encode context structure + */ + +- EVP_ENCODE_CTX * getOpenSSLEncodeEVP_ENCODE_CTX(void) {return &m_ectx;} ++ EVP_ENCODE_CTX * getOpenSSLEncodeEVP_ENCODE_CTX(void) {return m_ectx;} + + /** + * \brief Get OpenSSL encode context structure + */ + +- EVP_ENCODE_CTX * getOpenSSLDecodeEVP_ENCODE_CTX(void) {return &m_dctx;} ++ EVP_ENCODE_CTX * getOpenSSLDecodeEVP_ENCODE_CTX(void) {return m_dctx;} + + //@} + + private : + +- EVP_ENCODE_CTX m_ectx; // Encode context +- EVP_ENCODE_CTX m_dctx; // Decode context ++ EVP_ENCODE_CTX *m_ectx; // Encode context ++ EVP_ENCODE_CTX *m_dctx; // Decode context + + }; + +diff -U3 -r xml-security-c-1.7.3.orig/xsec/enc/OpenSSL/OpenSSLCryptoHash.cpp xml-security-c-1.7.3/xsec/enc/OpenSSL/OpenSSLCryptoHash.cpp +--- xml-security-c-1.7.3.orig/xsec/enc/OpenSSL/OpenSSLCryptoHash.cpp 2012-07-23 19:56:11.000000000 +0300 ++++ xml-security-c-1.7.3/xsec/enc/OpenSSL/OpenSSLCryptoHash.cpp 2017-02-19 20:48:48.000000000 +0200 +@@ -40,6 +40,7 @@ + + OpenSSLCryptoHash::OpenSSLCryptoHash(HashType alg) { + ++ m_mdctx = EVP_MD_CTX_create(); + switch (alg) { + + case (XSECCryptoHash::HASH_SHA1) : +@@ -104,7 +105,7 @@ + "OpenSSL:Hash - Error loading Message Digest"); + } + +- EVP_DigestInit(&m_mdctx, mp_md); ++ EVP_DigestInit(m_mdctx, mp_md); + m_hashType = alg; + + } +@@ -112,7 +113,7 @@ + + OpenSSLCryptoHash::~OpenSSLCryptoHash() { + +- EVP_MD_CTX_cleanup(&m_mdctx); ++ EVP_MD_CTX_free(m_mdctx); + + } + +@@ -121,16 +122,16 @@ + // Hashing Activities + void OpenSSLCryptoHash::reset(void) { + +- EVP_MD_CTX_cleanup(&m_mdctx); +- +- EVP_DigestInit(&m_mdctx, mp_md); ++ EVP_MD_CTX_free(m_mdctx); ++ m_mdctx = EVP_MD_CTX_new(); ++ EVP_DigestInit(m_mdctx, mp_md); + + } + + void OpenSSLCryptoHash::hash(unsigned char * data, + unsigned int length) { + +- EVP_DigestUpdate(&m_mdctx, data, length); ++ EVP_DigestUpdate(m_mdctx, data, length); + + } + unsigned int OpenSSLCryptoHash::finish(unsigned char * hash, +@@ -140,7 +141,7 @@ + + // Finish up and copy out hash, returning the length + +- EVP_DigestFinal(&m_mdctx, m_mdValue, &m_mdLen); ++ EVP_DigestFinal(m_mdctx, m_mdValue, &m_mdLen); + + // Copy to output buffer + +diff -U3 -r xml-security-c-1.7.3.orig/xsec/enc/OpenSSL/OpenSSLCryptoHash.hpp xml-security-c-1.7.3/xsec/enc/OpenSSL/OpenSSLCryptoHash.hpp +--- xml-security-c-1.7.3.orig/xsec/enc/OpenSSL/OpenSSLCryptoHash.hpp 2012-07-23 19:56:11.000000000 +0300 ++++ xml-security-c-1.7.3/xsec/enc/OpenSSL/OpenSSLCryptoHash.hpp 2017-02-19 10:42:32.000000000 +0200 +@@ -138,7 +138,7 @@ + * \brief Get OpenSSL hash context structure + */ + +- EVP_MD_CTX * getOpenSSLEVP_MD_CTX(void) {return &m_mdctx;} ++ EVP_MD_CTX * getOpenSSLEVP_MD_CTX(void) {return m_mdctx;} + + //@} + +@@ -148,7 +148,7 @@ + // Not implemented constructors + OpenSSLCryptoHash(); + +- EVP_MD_CTX m_mdctx; // Context for digest ++ EVP_MD_CTX *m_mdctx; // Context for digest + const EVP_MD * mp_md; // Digest instance + unsigned char m_mdValue[EVP_MAX_MD_SIZE]; // Final output + unsigned int m_mdLen; // Length of digest +diff -U3 -r xml-security-c-1.7.3.orig/xsec/enc/OpenSSL/OpenSSLCryptoHashHMAC.cpp xml-security-c-1.7.3/xsec/enc/OpenSSL/OpenSSLCryptoHashHMAC.cpp +--- xml-security-c-1.7.3.orig/xsec/enc/OpenSSL/OpenSSLCryptoHashHMAC.cpp 2012-07-23 19:56:11.000000000 +0300 ++++ xml-security-c-1.7.3/xsec/enc/OpenSSL/OpenSSLCryptoHashHMAC.cpp 2017-02-19 20:50:03.000000000 +0200 +@@ -43,6 +43,7 @@ + OpenSSLCryptoHashHMAC::OpenSSLCryptoHashHMAC(HashType alg) { + + // Initialise the digest ++ m_hctx = HMAC_CTX_new(); + + switch (alg) { + +@@ -127,7 +128,7 @@ + m_keyLen = ((XSECCryptoKeyHMAC *) key)->getKey(m_keyBuf); + + +- HMAC_Init(&m_hctx, ++ HMAC_Init(m_hctx, + m_keyBuf.rawBuffer(), + m_keyLen, + mp_md); +@@ -139,7 +140,7 @@ + OpenSSLCryptoHashHMAC::~OpenSSLCryptoHashHMAC() { + + if (m_initialised) +- HMAC_CTX_cleanup(&m_hctx); ++ HMAC_CTX_free(m_hctx); + + } + +@@ -151,9 +152,9 @@ + + if (m_initialised) { + +- HMAC_CTX_cleanup(&m_hctx); +- +- HMAC_Init(&m_hctx, ++ HMAC_CTX_free(m_hctx); ++ m_hctx = HMAC_CTX_new(); ++ HMAC_Init(m_hctx, + m_keyBuf.rawBuffer(), + m_keyLen, + mp_md); +@@ -170,7 +171,7 @@ + "OpenSSL:HashHMAC - hash called prior to setKey"); + + +- HMAC_Update(&m_hctx, data, (int) length); ++ HMAC_Update(m_hctx, data, (int) length); + + } + +@@ -181,7 +182,7 @@ + + // Finish up and copy out hash, returning the length + +- HMAC_Final(&m_hctx, m_mdValue, &m_mdLen); ++ HMAC_Final(m_hctx, m_mdValue, &m_mdLen); + + // Copy to output buffer + +diff -U3 -r xml-security-c-1.7.3.orig/xsec/enc/OpenSSL/OpenSSLCryptoHashHMAC.hpp xml-security-c-1.7.3/xsec/enc/OpenSSL/OpenSSLCryptoHashHMAC.hpp +--- xml-security-c-1.7.3.orig/xsec/enc/OpenSSL/OpenSSLCryptoHashHMAC.hpp 2012-07-23 19:56:11.000000000 +0300 ++++ xml-security-c-1.7.3/xsec/enc/OpenSSL/OpenSSLCryptoHashHMAC.hpp 2017-02-19 10:50:19.000000000 +0200 +@@ -162,7 +162,7 @@ + * \brief Get OpenSSL Hash Context + */ + +- HMAC_CTX * getOpenSSLHMAC_CTX(void) {return &m_hctx;} ++ HMAC_CTX * getOpenSSLHMAC_CTX(void) {return m_hctx;} + + //@} + +@@ -175,7 +175,7 @@ + unsigned char m_mdValue[EVP_MAX_MD_SIZE]; // Final output + unsigned int m_mdLen; // Length of digest + HashType m_hashType; // What type of hash is this? +- HMAC_CTX m_hctx; // Context for HMAC ++ HMAC_CTX *m_hctx; // Context for HMAC + safeBuffer m_keyBuf; // The loaded key + unsigned int m_keyLen; // The loaded key length + bool m_initialised; +diff -U3 -r xml-security-c-1.7.3.orig/xsec/enc/OpenSSL/OpenSSLCryptoKeyDSA.cpp xml-security-c-1.7.3/xsec/enc/OpenSSL/OpenSSLCryptoKeyDSA.cpp +--- xml-security-c-1.7.3.orig/xsec/enc/OpenSSL/OpenSSLCryptoKeyDSA.cpp 2015-01-29 04:52:17.000000000 +0200 ++++ xml-security-c-1.7.3/xsec/enc/OpenSSL/OpenSSLCryptoKeyDSA.cpp 2017-02-19 22:39:29.000000000 +0200 +@@ -64,13 +64,15 @@ + if (mp_dsaKey == NULL) + return KEY_NONE; + +- if (mp_dsaKey->priv_key != NULL && mp_dsaKey->pub_key != NULL) ++ const BIGNUM *pub_key = 0, *priv_key = 0; ++ DSA_get0_key(mp_dsaKey, &pub_key, &priv_key); ++ if (priv_key != NULL && pub_key != NULL) + return KEY_DSA_PAIR; + +- if (mp_dsaKey->priv_key != NULL) ++ if (priv_key != NULL) + return KEY_DSA_PRIVATE; + +- if (mp_dsaKey->pub_key != NULL) ++ if (pub_key != NULL) + return KEY_DSA_PUBLIC; + + return KEY_NONE; +@@ -82,7 +84,7 @@ + if (mp_dsaKey == NULL) + mp_dsaKey = DSA_new(); + +- mp_dsaKey->p = OpenSSLCryptoBase64::b642BN((char *) b64, len); ++ DSA_set0_pqg(mp_dsaKey, OpenSSLCryptoBase64::b642BN((char *) b64, len), 0, 0); + + } + +@@ -91,7 +93,7 @@ + if (mp_dsaKey == NULL) + mp_dsaKey = DSA_new(); + +- mp_dsaKey->q = OpenSSLCryptoBase64::b642BN((char *) b64, len); ++ DSA_set0_pqg(mp_dsaKey, 0, OpenSSLCryptoBase64::b642BN((char *) b64, len), 0); + + } + +@@ -100,7 +102,7 @@ + if (mp_dsaKey == NULL) + mp_dsaKey = DSA_new(); + +- mp_dsaKey->g = OpenSSLCryptoBase64::b642BN((char *) b64, len); ++ DSA_set0_pqg(mp_dsaKey, 0, 0, OpenSSLCryptoBase64::b642BN((char *) b64, len)); + + } + +@@ -109,7 +111,7 @@ + if (mp_dsaKey == NULL) + mp_dsaKey = DSA_new(); + +- mp_dsaKey->pub_key = OpenSSLCryptoBase64::b642BN((char *) b64, len); ++ DSA_set0_key(mp_dsaKey, OpenSSLCryptoBase64::b642BN((char *) b64, len), 0); + + } + +@@ -130,20 +132,15 @@ + + mp_dsaKey = DSA_new(); + +- if (k == NULL || k->type != EVP_PKEY_DSA) ++ if (k == NULL || EVP_PKEY_base_id(k) != EVP_PKEY_DSA) + return; // Nothing to do with us + +- +- if (k->pkey.dsa->p) +- mp_dsaKey->p = BN_dup(k->pkey.dsa->p); +- if (k->pkey.dsa->q) +- mp_dsaKey->q = BN_dup(k->pkey.dsa->q); +- if (k->pkey.dsa->g) +- mp_dsaKey->g = BN_dup(k->pkey.dsa->g); +- if (k->pkey.dsa->pub_key) +- mp_dsaKey->pub_key = BN_dup(k->pkey.dsa->pub_key); +- if (k->pkey.dsa->priv_key) +- mp_dsaKey->priv_key = BN_dup(k->pkey.dsa->priv_key); ++ DSA *dsa = EVP_PKEY_get0_DSA(k); ++ const BIGNUM *p = 0, *q = 0, *g = 0, *pub_key = 0, *priv_key = 0; ++ DSA_get0_pqg(dsa, &p, &q, &g); ++ DSA_get0_key(dsa, &pub_key, &priv_key); ++ DSA_set0_pqg(mp_dsaKey, BN_dup(p), BN_dup(q), BN_dup(g)); ++ DSA_set0_key(mp_dsaKey, BN_dup(pub_key), BN_dup(priv_key)); + + } + +@@ -175,9 +172,9 @@ + unsigned char* sigVal = new unsigned char[sigLen + 1]; + ArrayJanitor<unsigned char> j_sigVal(sigVal); + +- EVP_ENCODE_CTX m_dctx; +- EVP_DecodeInit(&m_dctx); +- int rc = EVP_DecodeUpdate(&m_dctx, ++ EVP_ENCODE_CTX *m_dctx = EVP_ENCODE_CTX_new(); ++ EVP_DecodeInit(m_dctx); ++ int rc = EVP_DecodeUpdate(m_dctx, + sigVal, + &sigValLen, + (unsigned char *) cleanedBase64Signature, +@@ -190,7 +187,8 @@ + } + int t = 0; + +- EVP_DecodeFinal(&m_dctx, &sigVal[sigValLen], &t); ++ EVP_DecodeFinal(m_dctx, &sigVal[sigValLen], &t); ++ EVP_ENCODE_CTX_free(m_dctx); + + sigValLen += t; + +@@ -223,12 +221,7 @@ + } + + DSA_SIG * dsa_sig = DSA_SIG_new(); +- +- dsa_sig->r = BN_dup(R); +- dsa_sig->s = BN_dup(S); +- +- BN_free(R); +- BN_free(S); ++ DSA_SIG_set0(dsa_sig, R, S); + + // Now we have a signature and a key - lets check + +@@ -267,6 +260,8 @@ + DSA_SIG * dsa_sig; + + dsa_sig = DSA_do_sign(hashBuf, hashLen, mp_dsaKey); ++ const BIGNUM *r = 0, *s = 0; ++ DSA_SIG_get0(dsa_sig, &r, &s); + + if (dsa_sig == NULL) { + +@@ -277,10 +272,10 @@ + + // Now turn the signature into a base64 string + +- unsigned char* rawSigBuf = new unsigned char[(BN_num_bits(dsa_sig->r) + BN_num_bits(dsa_sig->s) + 7) / 8]; ++ unsigned char* rawSigBuf = new unsigned char[(BN_num_bits(r) + BN_num_bits(s) + 7) / 8]; + ArrayJanitor<unsigned char> j_sigbuf(rawSigBuf); + +- unsigned int rawLen = BN_bn2bin(dsa_sig->r, rawSigBuf); ++ unsigned int rawLen = BN_bn2bin(r, rawSigBuf); + + if (rawLen <= 0) { + +@@ -289,7 +284,7 @@ + + } + +- unsigned int rawLenS = BN_bn2bin(dsa_sig->s, (unsigned char *) &rawSigBuf[rawLen]); ++ unsigned int rawLenS = BN_bn2bin(s, (unsigned char *) &rawSigBuf[rawLen]); + + if (rawLenS <= 0) { + +@@ -339,16 +334,11 @@ + ret->mp_dsaKey = DSA_new(); + + // Duplicate parameters +- if (mp_dsaKey->p) +- ret->mp_dsaKey->p = BN_dup(mp_dsaKey->p); +- if (mp_dsaKey->q) +- ret->mp_dsaKey->q = BN_dup(mp_dsaKey->q); +- if (mp_dsaKey->g) +- ret->mp_dsaKey->g = BN_dup(mp_dsaKey->g); +- if (mp_dsaKey->pub_key) +- ret->mp_dsaKey->pub_key = BN_dup(mp_dsaKey->pub_key); +- if (mp_dsaKey->priv_key) +- ret->mp_dsaKey->priv_key = BN_dup(mp_dsaKey->priv_key); ++ const BIGNUM *p = 0, *q = 0, *g = 0, *pub_key = 0, *priv_key = 0; ++ DSA_get0_pqg(mp_dsaKey, &p, &q, &g); ++ DSA_get0_key(mp_dsaKey, &pub_key, &priv_key); ++ DSA_set0_pqg(ret->mp_dsaKey, BN_dup(p), BN_dup(q), BN_dup(g)); ++ DSA_set0_key(ret->mp_dsaKey, BN_dup(pub_key), BN_dup(priv_key)); + + return ret; + +diff -U3 -r xml-security-c-1.7.3.orig/xsec/enc/OpenSSL/OpenSSLCryptoKeyEC.cpp xml-security-c-1.7.3/xsec/enc/OpenSSL/OpenSSLCryptoKeyEC.cpp +--- xml-security-c-1.7.3.orig/xsec/enc/OpenSSL/OpenSSLCryptoKeyEC.cpp 2015-02-03 02:57:48.000000000 +0200 ++++ xml-security-c-1.7.3/xsec/enc/OpenSSL/OpenSSLCryptoKeyEC.cpp 2017-02-19 21:57:57.000000000 +0200 +@@ -128,10 +128,10 @@ + + // Create a new key to be loaded as we go + +- if (k == NULL || k->type != EVP_PKEY_EC) ++ if (k == NULL || EVP_PKEY_base_id(k) != EVP_PKEY_EC) + return; // Nothing to do with us + +- mp_ecKey = EC_KEY_dup(k->pkey.ec); ++ mp_ecKey = EC_KEY_dup(EVP_PKEY_get0_EC_KEY(k)); + } + + // -------------------------------------------------------------------------------- +@@ -162,9 +162,9 @@ + unsigned char* sigVal = new unsigned char[sigLen + 1]; + ArrayJanitor<unsigned char> j_sigVal(sigVal); + +- EVP_ENCODE_CTX m_dctx; +- EVP_DecodeInit(&m_dctx); +- int rc = EVP_DecodeUpdate(&m_dctx, ++ EVP_ENCODE_CTX *m_dctx = EVP_ENCODE_CTX_new(); ++ EVP_DecodeInit(m_dctx); ++ int rc = EVP_DecodeUpdate(m_dctx, + sigVal, + &sigValLen, + (unsigned char *) cleanedBase64Signature, +@@ -177,7 +177,8 @@ + } + int t = 0; + +- EVP_DecodeFinal(&m_dctx, &sigVal[sigValLen], &t); ++ EVP_DecodeFinal(m_dctx, &sigVal[sigValLen], &t); ++ EVP_ENCODE_CTX_free(m_dctx); + + sigValLen += t; + +@@ -189,8 +190,9 @@ + // Translate to BNs by splitting in half, and thence to ECDSA_SIG + + ECDSA_SIG * dsa_sig = ECDSA_SIG_new(); +- dsa_sig->r = BN_bin2bn(sigVal, sigValLen / 2, NULL); +- dsa_sig->s = BN_bin2bn(&sigVal[sigValLen / 2], sigValLen / 2, NULL); ++ ECDSA_SIG_set0(dsa_sig, ++ BN_bin2bn(sigVal, sigValLen / 2, NULL), ++ BN_bin2bn(&sigVal[sigValLen / 2], sigValLen / 2, NULL)); + + // Now we have a signature and a key - lets check + +@@ -228,6 +230,8 @@ + ECDSA_SIG * dsa_sig; + + dsa_sig = ECDSA_do_sign(hashBuf, hashLen, mp_ecKey); ++ const BIGNUM *r, *s; ++ ECDSA_SIG_get0(dsa_sig, &r, &s); + + if (dsa_sig == NULL) { + throw XSECCryptoException(XSECCryptoException::ECError, +@@ -263,14 +267,14 @@ + memset(rawSigBuf, 0, keyLen * 2); + ArrayJanitor<unsigned char> j_sigbuf(rawSigBuf); + +- unsigned int rawLen = (BN_num_bits(dsa_sig->r) + 7) / 8; +- if (BN_bn2bin(dsa_sig->r, rawSigBuf + keyLen - rawLen) <= 0) { ++ unsigned int rawLen = (BN_num_bits(r) + 7) / 8; ++ if (BN_bn2bin(r, rawSigBuf + keyLen - rawLen) <= 0) { + throw XSECCryptoException(XSECCryptoException::ECError, + "OpenSSL:EC - Error copying signature 'r' value to buffer"); + } + +- rawLen = (BN_num_bits(dsa_sig->s) + 7) / 8; +- if (BN_bn2bin(dsa_sig->s, rawSigBuf + keyLen + keyLen - rawLen) <= 0) { ++ rawLen = (BN_num_bits(s) + 7) / 8; ++ if (BN_bn2bin(s, rawSigBuf + keyLen + keyLen - rawLen) <= 0) { + throw XSECCryptoException(XSECCryptoException::ECError, + "OpenSSL:EC - Error copying signature 's' value to buffer"); + } +diff -U3 -r xml-security-c-1.7.3.orig/xsec/enc/OpenSSL/OpenSSLCryptoKeyRSA.cpp xml-security-c-1.7.3/xsec/enc/OpenSSL/OpenSSLCryptoKeyRSA.cpp +--- xml-security-c-1.7.3.orig/xsec/enc/OpenSSL/OpenSSLCryptoKeyRSA.cpp 2012-07-23 19:56:11.000000000 +0300 ++++ xml-security-c-1.7.3/xsec/enc/OpenSSL/OpenSSLCryptoKeyRSA.cpp 2017-02-19 21:53:14.000000000 +0200 +@@ -326,13 +326,15 @@ + if (mp_rsaKey == NULL) + return KEY_NONE; + +- if (mp_rsaKey->n != NULL && mp_rsaKey->d != NULL) ++ const BIGNUM *n = 0, *e = 0, *d = 0; ++ RSA_get0_key(mp_rsaKey, &n, &e, &d); ++ if (n != NULL && d != NULL) + return KEY_RSA_PAIR; + +- if (mp_rsaKey->d != NULL) ++ if (d != NULL) + return KEY_RSA_PRIVATE; + +- if (mp_rsaKey->n != NULL) ++ if (n != NULL) + return KEY_RSA_PUBLIC; + + return KEY_NONE; +@@ -344,7 +346,7 @@ + if (mp_rsaKey == NULL) + mp_rsaKey = RSA_new(); + +- mp_rsaKey->n = OpenSSLCryptoBase64::b642BN((char *) b64, len); ++ RSA_set0_key(mp_rsaKey, OpenSSLCryptoBase64::b642BN((char *) b64, len), 0, 0); + + } + +@@ -353,7 +355,7 @@ + if (mp_rsaKey == NULL) + mp_rsaKey = RSA_new(); + +- mp_rsaKey->e = OpenSSLCryptoBase64::b642BN((char *) b64, len); ++ RSA_set0_key(mp_rsaKey, 0, OpenSSLCryptoBase64::b642BN((char *) b64, len), 0); + + } + +@@ -369,32 +371,17 @@ + + mp_rsaKey = RSA_new(); + +- if (k == NULL || k->type != EVP_PKEY_RSA) ++ if (k == NULL || EVP_PKEY_base_id(k) != EVP_PKEY_RSA) + return; // Nothing to do with us + +- if (k->pkey.rsa->n) +- mp_rsaKey->n = BN_dup(k->pkey.rsa->n); +- +- if (k->pkey.rsa->e) +- mp_rsaKey->e = BN_dup(k->pkey.rsa->e); +- +- if (k->pkey.rsa->d) +- mp_rsaKey->d = BN_dup(k->pkey.rsa->d); +- +- if (k->pkey.rsa->p) +- mp_rsaKey->p = BN_dup(k->pkey.rsa->p); +- +- if (k->pkey.rsa->q) +- mp_rsaKey->q = BN_dup(k->pkey.rsa->q); +- +- if (k->pkey.rsa->dmp1) +- mp_rsaKey->dmp1 = BN_dup(k->pkey.rsa->dmp1); +- +- if (k->pkey.rsa->dmq1) +- mp_rsaKey->dmq1 = BN_dup(k->pkey.rsa->dmq1); +- +- if (k->pkey.rsa->iqmp) +- mp_rsaKey->iqmp = BN_dup(k->pkey.rsa->iqmp); ++ RSA *rsa = EVP_PKEY_get0_RSA(k); ++ const BIGNUM *n = 0, *e = 0, *d = 0, *p = 0, *q = 0, *dmp1 = 0, *dmq1 = 0, *iqmp = 0; ++ RSA_get0_key(rsa, &n, &e, &d); ++ RSA_get0_factors(rsa, &p, &q); ++ RSA_get0_crt_params(rsa, &dmp1, &dmq1, &iqmp); ++ RSA_set0_key(mp_rsaKey, BN_dup(n), BN_dup(e), BN_dup(d)); ++ RSA_set0_factors(mp_rsaKey, BN_dup(p), BN_dup(q)); ++ RSA_set0_crt_params(mp_rsaKey, BN_dup(dmp1), BN_dup(dmq1), BN_dup(iqmp)); + + } + +@@ -427,9 +414,9 @@ + unsigned char* sigVal = new unsigned char[sigLen + 1]; + ArrayJanitor<unsigned char> j_sigVal(sigVal); + +- EVP_ENCODE_CTX m_dctx; +- EVP_DecodeInit(&m_dctx); +- int rc = EVP_DecodeUpdate(&m_dctx, ++ EVP_ENCODE_CTX *m_dctx = EVP_ENCODE_CTX_new(); ++ EVP_DecodeInit(m_dctx); ++ int rc = EVP_DecodeUpdate(m_dctx, + sigVal, + &sigValLen, + (unsigned char *) cleanedBase64Signature, +@@ -442,7 +429,8 @@ + } + int t = 0; + +- EVP_DecodeFinal(&m_dctx, &sigVal[sigValLen], &t); ++ EVP_DecodeFinal(m_dctx, &sigVal[sigValLen], &t); ++ EVP_ENCODE_CTX_free(m_dctx); + + sigValLen += t; + +@@ -979,29 +967,13 @@ + + // Duplicate parameters + +- if (mp_rsaKey->n) +- ret->mp_rsaKey->n = BN_dup(mp_rsaKey->n); +- +- if (mp_rsaKey->e) +- ret->mp_rsaKey->e = BN_dup(mp_rsaKey->e); +- +- if (mp_rsaKey->d) +- ret->mp_rsaKey->d = BN_dup(mp_rsaKey->d); +- +- if (mp_rsaKey->p) +- ret->mp_rsaKey->p = BN_dup(mp_rsaKey->p); +- +- if (mp_rsaKey->q) +- ret->mp_rsaKey->q = BN_dup(mp_rsaKey->q); +- +- if (mp_rsaKey->dmp1) +- ret->mp_rsaKey->dmp1 = BN_dup(mp_rsaKey->dmp1); +- +- if (mp_rsaKey->dmq1) +- ret->mp_rsaKey->dmq1 = BN_dup(mp_rsaKey->dmq1); +- +- if (mp_rsaKey->iqmp) +- ret->mp_rsaKey->iqmp = BN_dup(mp_rsaKey->iqmp); ++ const BIGNUM *n = 0, *e = 0, *d = 0, *p = 0, *q = 0, *dmp1 = 0, *dmq1 = 0, *iqmp = 0; ++ RSA_get0_key(mp_rsaKey, &n, &e, &d); ++ RSA_get0_factors(mp_rsaKey, &p, &q); ++ RSA_get0_crt_params(mp_rsaKey, &dmp1, &dmq1, &iqmp); ++ RSA_set0_key(ret->mp_rsaKey, BN_dup(n), BN_dup(e), BN_dup(d)); ++ RSA_set0_factors(ret->mp_rsaKey, BN_dup(p), BN_dup(q)); ++ RSA_set0_crt_params(ret->mp_rsaKey, BN_dup(dmp1), BN_dup(dmq1), BN_dup(iqmp)); + + return ret; + +diff -U3 -r xml-security-c-1.7.3.orig/xsec/enc/OpenSSL/OpenSSLCryptoProvider.cpp xml-security-c-1.7.3/xsec/enc/OpenSSL/OpenSSLCryptoProvider.cpp +--- xml-security-c-1.7.3.orig/xsec/enc/OpenSSL/OpenSSLCryptoProvider.cpp 2012-07-23 19:56:11.000000000 +0300 ++++ xml-security-c-1.7.3/xsec/enc/OpenSSL/OpenSSLCryptoProvider.cpp 2017-02-19 21:28:15.000000000 +0200 +@@ -343,7 +343,7 @@ + if (pkey) { + XSECCryptoKey* ret = NULL; + try { +- switch (pkey->type) { ++ switch (EVP_PKEY_base_id(pkey)) { + case EVP_PKEY_RSA: + ret = new OpenSSLCryptoKeyRSA(pkey); + break; +diff -U3 -r xml-security-c-1.7.3.orig/xsec/enc/OpenSSL/OpenSSLCryptoSymmetricKey.cpp xml-security-c-1.7.3/xsec/enc/OpenSSL/OpenSSLCryptoSymmetricKey.cpp +--- xml-security-c-1.7.3.orig/xsec/enc/OpenSSL/OpenSSLCryptoSymmetricKey.cpp 2015-01-29 04:52:17.000000000 +0200 ++++ xml-security-c-1.7.3/xsec/enc/OpenSSL/OpenSSLCryptoSymmetricKey.cpp 2017-02-19 21:24:51.000000000 +0200 +@@ -56,7 +56,8 @@ + m_keyLen(0), + m_initialised(false) { + +- EVP_CIPHER_CTX_init(&m_ctx); ++ m_ctx = EVP_CIPHER_CTX_new(); ++ EVP_CIPHER_CTX_init(m_ctx); + m_keyBuf.isSensitive(); + + } +@@ -65,7 +66,7 @@ + + // Clean up the context + +- EVP_CIPHER_CTX_cleanup(&m_ctx); ++ EVP_CIPHER_CTX_free(m_ctx); + } + + // -------------------------------------------------------------------------------- +@@ -149,17 +150,17 @@ + with 0.9.6 */ + + #if defined(XSEC_OPENSSL_CONST_BUFFERS) +- EVP_DecryptInit(&m_ctx, EVP_des_ede3_cbc(),m_keyBuf.rawBuffer(), iv); ++ EVP_DecryptInit(m_ctx, EVP_des_ede3_cbc(),m_keyBuf.rawBuffer(), iv); + #else +- EVP_DecryptInit(&m_ctx, EVP_des_ede3_cbc(),(unsigned char *) m_keyBuf.rawBuffer(), (unsigned char *) iv); ++ EVP_DecryptInit(m_ctx, EVP_des_ede3_cbc(),(unsigned char *) m_keyBuf.rawBuffer(), (unsigned char *) iv); + #endif + m_ivSize = 8; + } + else if (m_keyMode == MODE_ECB) { + #if defined(XSEC_OPENSSL_CONST_BUFFERS) +- EVP_DecryptInit(&m_ctx, EVP_des_ecb(), m_keyBuf.rawBuffer(), NULL); ++ EVP_DecryptInit(m_ctx, EVP_des_ecb(), m_keyBuf.rawBuffer(), NULL); + #else +- EVP_DecryptInit(&m_ctx, EVP_des_ecb(), (unsigned char *) m_keyBuf.rawBuffer(), NULL); ++ EVP_DecryptInit(m_ctx, EVP_des_ecb(), (unsigned char *) m_keyBuf.rawBuffer(), NULL); + #endif + m_ivSize = 0; + } +@@ -184,7 +185,7 @@ + return 0; // Cannot initialise without an IV + } + +- EVP_DecryptInit_ex(&m_ctx, EVP_aes_128_cbc(), NULL, m_keyBuf.rawBuffer(), iv); ++ EVP_DecryptInit_ex(m_ctx, EVP_aes_128_cbc(), NULL, m_keyBuf.rawBuffer(), iv); + + } + #if defined (XSEC_OPENSSL_HAVE_GCM) +@@ -207,15 +208,15 @@ + } + + // We have everything, so we can fully init. +- EVP_CipherInit(&m_ctx, EVP_aes_128_gcm(), NULL, NULL, 0); +- EVP_CIPHER_CTX_ctrl(&m_ctx, EVP_CTRL_GCM_SET_IVLEN, 12, NULL); +- EVP_CIPHER_CTX_ctrl(&m_ctx, EVP_CTRL_GCM_SET_TAG, 16, (void*)m_tagBuf.rawBuffer()); +- EVP_CipherInit(&m_ctx, NULL, m_keyBuf.rawBuffer(), iv, 0); ++ EVP_CipherInit(m_ctx, EVP_aes_128_gcm(), NULL, NULL, 0); ++ EVP_CIPHER_CTX_ctrl(m_ctx, EVP_CTRL_GCM_SET_IVLEN, 12, NULL); ++ EVP_CIPHER_CTX_ctrl(m_ctx, EVP_CTRL_GCM_SET_TAG, 16, (void*)m_tagBuf.rawBuffer()); ++ EVP_CipherInit(m_ctx, NULL, m_keyBuf.rawBuffer(), iv, 0); + } + #endif + else if (m_keyMode == MODE_ECB) { + +- EVP_DecryptInit_ex(&m_ctx, EVP_aes_128_ecb(), NULL, m_keyBuf.rawBuffer(), NULL); ++ EVP_DecryptInit_ex(m_ctx, EVP_aes_128_ecb(), NULL, m_keyBuf.rawBuffer(), NULL); + + } + else { +@@ -236,7 +237,7 @@ + return 0; // Cannot initialise without an IV + } + +- EVP_DecryptInit_ex(&m_ctx, EVP_aes_192_cbc(), NULL, m_keyBuf.rawBuffer(), iv); ++ EVP_DecryptInit_ex(m_ctx, EVP_aes_192_cbc(), NULL, m_keyBuf.rawBuffer(), iv); + + } + #if defined (XSEC_OPENSSL_HAVE_GCM) +@@ -259,16 +260,16 @@ + } + + // We have everything, so we can fully init. +- EVP_CipherInit(&m_ctx, EVP_aes_192_gcm(), NULL, NULL, 0); +- EVP_CIPHER_CTX_ctrl(&m_ctx, EVP_CTRL_GCM_SET_IVLEN, 12, NULL); +- EVP_CIPHER_CTX_ctrl(&m_ctx, EVP_CTRL_GCM_SET_TAG, 16, (void*)m_tagBuf.rawBuffer()); +- EVP_CipherInit(&m_ctx, NULL, m_keyBuf.rawBuffer(), iv, 0); ++ EVP_CipherInit(m_ctx, EVP_aes_192_gcm(), NULL, NULL, 0); ++ EVP_CIPHER_CTX_ctrl(m_ctx, EVP_CTRL_GCM_SET_IVLEN, 12, NULL); ++ EVP_CIPHER_CTX_ctrl(m_ctx, EVP_CTRL_GCM_SET_TAG, 16, (void*)m_tagBuf.rawBuffer()); ++ EVP_CipherInit(m_ctx, NULL, m_keyBuf.rawBuffer(), iv, 0); + + } + #endif + else if (m_keyMode == MODE_ECB) { + +- EVP_DecryptInit_ex(&m_ctx, EVP_aes_192_ecb(), NULL, m_keyBuf.rawBuffer(), NULL); ++ EVP_DecryptInit_ex(m_ctx, EVP_aes_192_ecb(), NULL, m_keyBuf.rawBuffer(), NULL); + + } + else { +@@ -289,7 +290,7 @@ + return 0; // Cannot initialise without an IV + } + +- EVP_DecryptInit_ex(&m_ctx, EVP_aes_256_cbc(), NULL, m_keyBuf.rawBuffer(), iv); ++ EVP_DecryptInit_ex(m_ctx, EVP_aes_256_cbc(), NULL, m_keyBuf.rawBuffer(), iv); + + } + #if defined (XSEC_OPENSSL_HAVE_GCM) +@@ -312,16 +313,16 @@ + } + + // We have everything, so we can fully init. +- EVP_CipherInit(&m_ctx, EVP_aes_256_gcm(), NULL, NULL, 0); +- EVP_CIPHER_CTX_ctrl(&m_ctx, EVP_CTRL_GCM_SET_IVLEN, 12, NULL); +- EVP_CIPHER_CTX_ctrl(&m_ctx, EVP_CTRL_GCM_SET_TAG, 16, (void*)m_tagBuf.rawBuffer()); +- EVP_CipherInit(&m_ctx, NULL, m_keyBuf.rawBuffer(), iv, 0); ++ EVP_CipherInit(m_ctx, EVP_aes_256_gcm(), NULL, NULL, 0); ++ EVP_CIPHER_CTX_ctrl(m_ctx, EVP_CTRL_GCM_SET_IVLEN, 12, NULL); ++ EVP_CIPHER_CTX_ctrl(m_ctx, EVP_CTRL_GCM_SET_TAG, 16, (void*)m_tagBuf.rawBuffer()); ++ EVP_CipherInit(m_ctx, NULL, m_keyBuf.rawBuffer(), iv, 0); + + } + #endif + else if (m_keyMode == MODE_ECB) { + +- EVP_DecryptInit_ex(&m_ctx, EVP_aes_256_ecb(), NULL, m_keyBuf.rawBuffer(), NULL); ++ EVP_DecryptInit_ex(m_ctx, EVP_aes_256_ecb(), NULL, m_keyBuf.rawBuffer(), NULL); + + } + else { +@@ -371,7 +372,7 @@ + // Disable OpenSSL padding - The interop samples have broken PKCS padding - AARGHH + + #if defined (XSEC_OPENSSL_CANSET_PADDING) +- EVP_CIPHER_CTX_set_padding(&m_ctx, 0); ++ EVP_CIPHER_CTX_set_padding(m_ctx, 0); + #endif + + // Return number of bytes chewed up by IV +@@ -439,9 +440,9 @@ + } + + #if defined (XSEC_OPENSSL_CONST_BUFFERS) +- if (EVP_DecryptUpdate(&m_ctx, &plainBuf[m_bytesInLastBlock], &outl, &inBuf[offset], inLength - offset) == 0) { ++ if (EVP_DecryptUpdate(m_ctx, &plainBuf[m_bytesInLastBlock], &outl, &inBuf[offset], inLength - offset) == 0) { + #else +- if (EVP_DecryptUpdate(&m_ctx, &plainBuf[m_bytesInLastBlock], &outl, (unsigned char *) &inBuf[offset], inLength - offset) == 0) { ++ if (EVP_DecryptUpdate(m_ctx, &plainBuf[m_bytesInLastBlock], &outl, (unsigned char *) &inBuf[offset], inLength - offset) == 0) { + #endif + throw XSECCryptoException(XSECCryptoException::SymmetricError, + "OpenSSL:SymmetricKey - Error during OpenSSL decrypt"); +@@ -476,7 +477,7 @@ + + #if defined (XSEC_OPENSSL_CANSET_PADDING) + +- if (EVP_DecryptFinal(&m_ctx, plainBuf, &outl) == 0) { ++ if (EVP_DecryptFinal(m_ctx, plainBuf, &outl) == 0) { + + throw XSECCryptoException(XSECCryptoException::SymmetricError, + "OpenSSL:SymmetricKey - Error during OpenSSL decrypt finalisation"); +@@ -544,7 +545,7 @@ + We can then clean that up ourselves + */ + +- if (EVP_DecryptUpdate(&m_ctx, &scrPlainBuf[offset], &outl, cipherBuf, m_blockSize) == 0) { ++ if (EVP_DecryptUpdate(m_ctx, &scrPlainBuf[offset], &outl, cipherBuf, m_blockSize) == 0) { + throw XSECCryptoException(XSECCryptoException::SymmetricError, + "OpenSSL:SymmetricKey - Error cecrypting final block during OpenSSL"); + } +@@ -641,16 +642,16 @@ + } + + #if defined (XSEC_OPENSSL_CONST_BUFFERS) +- EVP_EncryptInit(&m_ctx, EVP_des_ede3_cbc(), m_keyBuf.rawBuffer(), usedIV); ++ EVP_EncryptInit(m_ctx, EVP_des_ede3_cbc(), m_keyBuf.rawBuffer(), usedIV); + #else +- EVP_EncryptInit(&m_ctx, EVP_des_ede3_cbc(), (unsigned char *) m_keyBuf.rawBuffer(), (unsigned char *) usedIV); ++ EVP_EncryptInit(m_ctx, EVP_des_ede3_cbc(), (unsigned char *) m_keyBuf.rawBuffer(), (unsigned char *) usedIV); + #endif + } + else if (m_keyMode == MODE_ECB) { + #if defined (XSEC_OPENSSL_CONST_BUFFERS) +- EVP_EncryptInit(&m_ctx, EVP_des_ede3_ecb(), m_keyBuf.rawBuffer(), NULL); ++ EVP_EncryptInit(m_ctx, EVP_des_ede3_ecb(), m_keyBuf.rawBuffer(), NULL); + #else +- EVP_EncryptInit(&m_ctx, EVP_des_ede3(), (unsigned char *) m_keyBuf.rawBuffer(), NULL); ++ EVP_EncryptInit(m_ctx, EVP_des_ede3(), (unsigned char *) m_keyBuf.rawBuffer(), NULL); + #endif + } + else { +@@ -684,11 +685,11 @@ + else + usedIV = iv; + +- EVP_EncryptInit_ex(&m_ctx, EVP_aes_128_cbc(), NULL, m_keyBuf.rawBuffer(), usedIV); ++ EVP_EncryptInit_ex(m_ctx, EVP_aes_128_cbc(), NULL, m_keyBuf.rawBuffer(), usedIV); + } + else if (m_keyMode == MODE_ECB) { + +- EVP_EncryptInit_ex(&m_ctx, EVP_aes_128_ecb(), NULL, m_keyBuf.rawBuffer(), NULL); ++ EVP_EncryptInit_ex(m_ctx, EVP_aes_128_ecb(), NULL, m_keyBuf.rawBuffer(), NULL); + + } + #ifdef XSEC_OPENSSL_HAVE_GCM +@@ -708,7 +709,7 @@ + else + usedIV = iv; + +- EVP_EncryptInit_ex(&m_ctx, EVP_aes_128_gcm(), NULL, m_keyBuf.rawBuffer(), usedIV); ++ EVP_EncryptInit_ex(m_ctx, EVP_aes_128_gcm(), NULL, m_keyBuf.rawBuffer(), usedIV); + } + #endif + else { +@@ -739,7 +740,7 @@ + else + usedIV = iv; + +- EVP_EncryptInit_ex(&m_ctx, EVP_aes_192_cbc(), NULL, m_keyBuf.rawBuffer(), usedIV); ++ EVP_EncryptInit_ex(m_ctx, EVP_aes_192_cbc(), NULL, m_keyBuf.rawBuffer(), usedIV); + + } + #ifdef XSEC_OPENSSL_HAVE_GCM +@@ -759,12 +760,12 @@ + else + usedIV = iv; + +- EVP_EncryptInit_ex(&m_ctx, EVP_aes_192_gcm(), NULL, m_keyBuf.rawBuffer(), usedIV); ++ EVP_EncryptInit_ex(m_ctx, EVP_aes_192_gcm(), NULL, m_keyBuf.rawBuffer(), usedIV); + } + #endif + else if (m_keyMode == MODE_ECB) { + +- EVP_EncryptInit_ex(&m_ctx, EVP_aes_192_ecb(), NULL, m_keyBuf.rawBuffer(), NULL); ++ EVP_EncryptInit_ex(m_ctx, EVP_aes_192_ecb(), NULL, m_keyBuf.rawBuffer(), NULL); + } + else { + throw XSECCryptoException(XSECCryptoException::SymmetricError, +@@ -793,7 +794,7 @@ + else + usedIV = iv; + +- EVP_EncryptInit_ex(&m_ctx, EVP_aes_256_cbc(), NULL, m_keyBuf.rawBuffer(), usedIV); ++ EVP_EncryptInit_ex(m_ctx, EVP_aes_256_cbc(), NULL, m_keyBuf.rawBuffer(), usedIV); + + } + #ifdef XSEC_OPENSSL_HAVE_GCM +@@ -813,12 +814,12 @@ + else + usedIV = iv; + +- EVP_EncryptInit_ex(&m_ctx, EVP_aes_256_gcm(), NULL, m_keyBuf.rawBuffer(), usedIV); ++ EVP_EncryptInit_ex(m_ctx, EVP_aes_256_gcm(), NULL, m_keyBuf.rawBuffer(), usedIV); + } + #endif + else if (m_keyMode == MODE_ECB) { + +- EVP_EncryptInit_ex(&m_ctx, EVP_aes_256_ecb(), NULL, m_keyBuf.rawBuffer(), NULL); ++ EVP_EncryptInit_ex(m_ctx, EVP_aes_256_ecb(), NULL, m_keyBuf.rawBuffer(), NULL); + + } + else { +@@ -864,10 +865,10 @@ + #if defined (XSEC_OPENSSL_CANSET_PADDING) + // Setup padding + if (m_doPad) { +- EVP_CIPHER_CTX_set_padding(&m_ctx, 1); ++ EVP_CIPHER_CTX_set_padding(m_ctx, 1); + } + else { +- EVP_CIPHER_CTX_set_padding(&m_ctx, 0); ++ EVP_CIPHER_CTX_set_padding(m_ctx, 0); + } + #endif + +@@ -908,9 +909,9 @@ + + } + #if defined (XSEC_OPENSSL_CONST_BUFFERS) +- if (EVP_EncryptUpdate(&m_ctx, &cipherBuf[offset], &outl, inBuf, inLength) == 0) { ++ if (EVP_EncryptUpdate(m_ctx, &cipherBuf[offset], &outl, inBuf, inLength) == 0) { + #else +- if (EVP_EncryptUpdate(&m_ctx, &cipherBuf[offset], &outl, (unsigned char *) inBuf, inLength) == 0) { ++ if (EVP_EncryptUpdate(m_ctx, &cipherBuf[offset], &outl, (unsigned char *) inBuf, inLength) == 0) { + #endif + + throw XSECCryptoException(XSECCryptoException::SymmetricError, +@@ -929,7 +930,7 @@ + int outl = maxOutLength; + m_initialised = false; + +- if (EVP_EncryptFinal(&m_ctx, cipherBuf, &outl) == 0) { ++ if (EVP_EncryptFinal(m_ctx, cipherBuf, &outl) == 0) { + + throw XSECCryptoException(XSECCryptoException::SymmetricError, + "OpenSSLSymmetricKey::encryptFinish - Error during OpenSSL decrypt finalisation"); +@@ -962,7 +963,7 @@ + } + if (m_keyMode == MODE_GCM) { + #ifdef XSEC_OPENSSL_HAVE_GCM +- EVP_CIPHER_CTX_ctrl(&m_ctx, EVP_CTRL_GCM_GET_TAG, taglen, cipherBuf + outl); ++ EVP_CIPHER_CTX_ctrl(m_ctx, EVP_CTRL_GCM_GET_TAG, taglen, cipherBuf + outl); + outl += taglen; + #else + throw XSECCryptoException(XSECCryptoException::SymmetricError, +diff -U3 -r xml-security-c-1.7.3.orig/xsec/enc/OpenSSL/OpenSSLCryptoSymmetricKey.hpp xml-security-c-1.7.3/xsec/enc/OpenSSL/OpenSSLCryptoSymmetricKey.hpp +--- xml-security-c-1.7.3.orig/xsec/enc/OpenSSL/OpenSSLCryptoSymmetricKey.hpp 2012-07-23 19:56:11.000000000 +0300 ++++ xml-security-c-1.7.3/xsec/enc/OpenSSL/OpenSSLCryptoSymmetricKey.hpp 2017-02-19 21:25:39.000000000 +0200 +@@ -283,13 +283,13 @@ + * \brief Get OpenSSL cipher context structure + */ + +- EVP_CIPHER_CTX * getOpenSSLEVP_CIPHER_CTX(void) {return &m_ctx;} ++ EVP_CIPHER_CTX * getOpenSSLEVP_CIPHER_CTX(void) {return m_ctx;} + + /** + * \brief Get OpenSSL cipher context structure + */ + +- const EVP_CIPHER_CTX * getOpenSSLEVP_CIPHER_CTX(void) const {return &m_ctx;} ++ const EVP_CIPHER_CTX * getOpenSSLEVP_CIPHER_CTX(void) const {return m_ctx;} + + //@} + +@@ -307,7 +307,7 @@ + // Private variables + SymmetricKeyType m_keyType; + SymmetricKeyMode m_keyMode; +- EVP_CIPHER_CTX m_ctx; // OpenSSL Cipher Context structure ++ EVP_CIPHER_CTX *m_ctx; // OpenSSL Cipher Context structure + safeBuffer m_keyBuf; // Holder of the key + safeBuffer m_tagBuf; // Holder of authentication tag + unsigned int m_keyLen; +diff -U3 -r xml-security-c-1.7.3.orig/xsec/enc/OpenSSL/OpenSSLCryptoX509.cpp xml-security-c-1.7.3/xsec/enc/OpenSSL/OpenSSLCryptoX509.cpp +--- xml-security-c-1.7.3.orig/xsec/enc/OpenSSL/OpenSSLCryptoX509.cpp 2012-07-23 19:56:11.000000000 +0300 ++++ xml-security-c-1.7.3/xsec/enc/OpenSSL/OpenSSLCryptoX509.cpp 2017-02-19 21:09:40.000000000 +0200 +@@ -191,7 +191,7 @@ + + XSECCryptoKey::KeyType ret; + +- switch (pkey->type) { ++ switch (EVP_PKEY_base_id(pkey)) { + + case EVP_PKEY_DSA : + +@@ -241,7 +241,7 @@ + "OpenSSL:X509 - cannot retrieve public key from cert"); + } + +- switch (pkey->type) { ++ switch (EVP_PKEY_base_id(pkey)) { + + case EVP_PKEY_DSA : + +diff -U3 -r xml-security-c-1.7.3.orig/xsec/tools/checksig/InteropResolver.cpp xml-security-c-1.7.3/xsec/tools/checksig/InteropResolver.cpp +--- xml-security-c-1.7.3.orig/xsec/tools/checksig/InteropResolver.cpp 2012-07-23 19:56:10.000000000 +0300 ++++ xml-security-c-1.7.3/xsec/tools/checksig/InteropResolver.cpp 2017-02-19 22:33:50.000000000 +0200 +@@ -318,7 +318,7 @@ + char * cserial = XMLString::transcode(serial); + char * xserial; + +- BIGNUM * bnserial = ASN1_INTEGER_to_BN(x->cert_info->serialNumber, NULL); ++ BIGNUM * bnserial = ASN1_INTEGER_to_BN(X509_get0_serialNumber(x), NULL); + xserial = BN_bn2dec(bnserial); + BN_free(bnserial); + +@@ -360,8 +360,7 @@ + if (xlen != 0) { + + // Have a buffer with a number in it +- STACK_OF(X509_EXTENSION) *exts; +- exts = x->cert_info->extensions; ++ const STACK_OF(X509_EXTENSION) *exts = X509_get0_extensions(x); + + if (exts != NULL) { + +@@ -379,8 +378,8 @@ + memcpy(&octxski[2], xski, xlen); + + ext = sk_X509_EXTENSION_value(exts,extn); +- ASN1_OCTET_STRING *skid = ext->value; +- ASN1_OCTET_STRING * xskid = M_ASN1_OCTET_STRING_new(); ++ ASN1_OCTET_STRING *skid = X509_EXTENSION_get_data(ext); ++ ASN1_OCTET_STRING * xskid = ASN1_OCTET_STRING_new(); + ASN1_STRING_set(xskid, octxski, xlen+2); + + if (ASN1_OCTET_STRING_cmp(xskid, skid) == 0) { +@@ -602,12 +601,12 @@ + // Now check if the cert is in the CRL (code lifted from OpenSSL x509_vfy.c + + int idx; +- X509_REVOKED rtmp; ++ X509_REVOKED *rtmp = X509_REVOKED_new(); + + /* Look for serial number of certificate in CRL */ + +- rtmp.serialNumber = X509_get_serialNumber(x); +- idx = sk_X509_REVOKED_find(c->crl->revoked, &rtmp); ++ X509_REVOKED_set_serialNumber(rtmp, X509_get_serialNumber(x)); ++ idx = sk_X509_REVOKED_find(X509_CRL_get_REVOKED(c), rtmp); + + /* Not found: OK */ + +diff -U3 -r xml-security-c-1.7.3.orig/xsec/tools/cipher/XencInteropResolver.cpp xml-security-c-1.7.3/xsec/tools/cipher/XencInteropResolver.cpp +--- xml-security-c-1.7.3.orig/xsec/tools/cipher/XencInteropResolver.cpp 2012-07-23 19:56:10.000000000 +0300 ++++ xml-security-c-1.7.3/xsec/tools/cipher/XencInteropResolver.cpp 2017-02-19 22:34:57.000000000 +0200 +@@ -521,7 +521,7 @@ + X509 * x509 = OSSLX509->getOpenSSLX509(); + + // Check the serial number +- BIGNUM * bnserial = ASN1_INTEGER_to_BN(x509->cert_info->serialNumber, NULL); ++ BIGNUM * bnserial = ASN1_INTEGER_to_BN(X509_get0_serialNumber(x509), NULL); + BN_free(bnserial); + + BIO * rsaFile = createFileBIO(mp_baseURI, "rsa.p8"); +diff -U3 -r xml-security-c-1.7.3.orig/xsec/tools/cipher/cipher.cpp xml-security-c-1.7.3/xsec/tools/cipher/cipher.cpp +--- xml-security-c-1.7.3.orig/xsec/tools/cipher/cipher.cpp 2015-01-30 05:55:09.000000000 +0200 ++++ xml-security-c-1.7.3/xsec/tools/cipher/cipher.cpp 2017-02-19 22:37:17.000000000 +0200 +@@ -517,7 +517,7 @@ + + pkey = X509_get_pubkey(x); + +- if (pkey == NULL || pkey->type != EVP_PKEY_RSA) { ++ if (pkey == NULL || EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA) { + cerr << "Error extracting RSA key from certificate" << endl; + } + +diff -U3 -r xml-security-c-1.7.3.orig/xsec/tools/templatesign/templatesign.cpp xml-security-c-1.7.3/xsec/tools/templatesign/templatesign.cpp +--- xml-security-c-1.7.3.orig/xsec/tools/templatesign/templatesign.cpp 2015-01-30 05:55:09.000000000 +0200 ++++ xml-security-c-1.7.3/xsec/tools/templatesign/templatesign.cpp 2017-02-19 21:31:14.000000000 +0200 +@@ -726,7 +726,7 @@ + + // Check type is correct + +- if (pkey->type != EVP_PKEY_DSA) { ++ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_DSA) { + cerr << "DSA Key requested, but OpenSSL loaded something else\n"; + exit (1); + } +@@ -739,7 +739,7 @@ + + // Check type is correct + +- if (pkey->type != EVP_PKEY_EC) { ++ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_EC) { + cerr << "EC Key requested, but OpenSSL loaded something else\n"; + exit (1); + } +@@ -749,7 +749,7 @@ + } + # endif + else { +- if (pkey->type != EVP_PKEY_RSA) { ++ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA) { + cerr << "RSA Key requested, but OpenSSL loaded something else\n"; + exit (1); + } +diff -U3 -r xml-security-c-1.7.3.orig/xsec/tools/xklient/xklient.cpp xml-security-c-1.7.3/xsec/tools/xklient/xklient.cpp +--- xml-security-c-1.7.3.orig/xsec/tools/xklient/xklient.cpp 2012-07-23 19:56:10.000000000 +0300 ++++ xml-security-c-1.7.3/xsec/tools/xklient/xklient.cpp 2017-02-19 22:58:32.000000000 +0200 +@@ -284,7 +284,7 @@ + + #if defined (XSEC_HAVE_OPENSSL) + +-XMLCh * BN2b64(BIGNUM * bn) { ++XMLCh * BN2b64(const BIGNUM * bn) { + + int bytes = BN_num_bytes(bn); + unsigned char * binbuf = new unsigned char[bytes + 1]; +@@ -606,7 +606,7 @@ + + // Check type is correct + +- if (pkey->type != EVP_PKEY_DSA) { ++ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_DSA) { + cerr << "DSA Key requested, but OpenSSL loaded something else\n"; + return NULL; + } +@@ -615,10 +615,14 @@ + // Create the XSEC OpenSSL interface + key = new OpenSSLCryptoKeyDSA(pkey); + +- XMLCh * P = BN2b64(pkey->pkey.dsa->p); +- XMLCh * Q = BN2b64(pkey->pkey.dsa->q); +- XMLCh * G = BN2b64(pkey->pkey.dsa->g); +- XMLCh * Y = BN2b64(pkey->pkey.dsa->pub_key); ++ DSA *dsa = EVP_PKEY_get0_DSA(pkey); ++ const BIGNUM *p, *q, *g, *pub_key; ++ DSA_get0_pqg(dsa, &p, &q, &g); ++ DSA_get0_key(dsa, &pub_key, 0); ++ XMLCh * P = BN2b64(p); ++ XMLCh * Q = BN2b64(q); ++ XMLCh * G = BN2b64(g); ++ XMLCh * Y = BN2b64(pub_key); + + sig->appendDSAKeyValue(P,Q,G,Y); + +@@ -628,15 +632,18 @@ + XSEC_RELEASE_XMLCH(Y); + } + else { +- if (pkey->type != EVP_PKEY_RSA) { ++ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA) { + cerr << "RSA Key requested, but OpenSSL loaded something else\n"; + exit (1); + } + sig = lr->addSignature(CANON_C14N_NOC, SIGNATURE_RSA, HASH_SHA1); + key = new OpenSSLCryptoKeyRSA(pkey); + +- XMLCh * mod = BN2b64(pkey->pkey.rsa->n); +- XMLCh * exp = BN2b64(pkey->pkey.rsa->e); ++ RSA *rsa = EVP_PKEY_get0_RSA(pkey); ++ const BIGNUM *n, *e; ++ RSA_get0_key(rsa, &n, &e, 0); ++ XMLCh * mod = BN2b64(n); ++ XMLCh * exp = BN2b64(e); + sig->appendRSAKeyValue(mod, exp); + XSEC_RELEASE_XMLCH(mod); + XSEC_RELEASE_XMLCH(exp); +@@ -878,7 +885,7 @@ + + // Check type is correct + +- if (pkey->type != EVP_PKEY_DSA) { ++ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_DSA) { + cerr << "DSA Key requested, but OpenSSL loaded something else\n"; + return NULL; + } +@@ -887,10 +894,14 @@ + // Create the XSEC OpenSSL interface + key = new OpenSSLCryptoKeyDSA(pkey); + +- XMLCh * P = BN2b64(pkey->pkey.dsa->p); +- XMLCh * Q = BN2b64(pkey->pkey.dsa->q); +- XMLCh * G = BN2b64(pkey->pkey.dsa->g); +- XMLCh * Y = BN2b64(pkey->pkey.dsa->pub_key); ++ DSA *dsa = EVP_PKEY_get0_DSA(pkey); ++ const BIGNUM *p, *q, *g, *pub_key; ++ DSA_get0_pqg(dsa, &p, &q, &g); ++ DSA_get0_key(dsa, &pub_key, 0); ++ XMLCh * P = BN2b64(p); ++ XMLCh * Q = BN2b64(q); ++ XMLCh * G = BN2b64(g); ++ XMLCh * Y = BN2b64(pub_key); + + sig->appendDSAKeyValue(P,Q,G,Y); + +@@ -900,15 +911,18 @@ + XSEC_RELEASE_XMLCH(Y); + } + else { +- if (pkey->type != EVP_PKEY_RSA) { ++ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA) { + cerr << "RSA Key requested, but OpenSSL loaded something else\n"; + exit (1); + } + sig = vr->addSignature(CANON_C14N_NOC, SIGNATURE_RSA, HASH_SHA1); + key = new OpenSSLCryptoKeyRSA(pkey); + +- XMLCh * mod = BN2b64(pkey->pkey.rsa->n); +- XMLCh * exp = BN2b64(pkey->pkey.rsa->e); ++ RSA *rsa = EVP_PKEY_get0_RSA(pkey); ++ const BIGNUM *n, *e; ++ RSA_get0_key(rsa, &n, &e, 0); ++ XMLCh * mod = BN2b64(n); ++ XMLCh * exp = BN2b64(e); + sig->appendRSAKeyValue(mod, exp); + XSEC_RELEASE_XMLCH(mod); + XSEC_RELEASE_XMLCH(exp); +@@ -1229,7 +1243,7 @@ + + // Check type is correct + +- if (pkey->type != EVP_PKEY_DSA) { ++ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_DSA) { + cerr << "DSA Key requested, but OpenSSL loaded something else\n"; + return NULL; + } +@@ -1238,10 +1252,14 @@ + // Create the XSEC OpenSSL interface + key = new OpenSSLCryptoKeyDSA(pkey); + +- XMLCh * P = BN2b64(pkey->pkey.dsa->p); +- XMLCh * Q = BN2b64(pkey->pkey.dsa->q); +- XMLCh * G = BN2b64(pkey->pkey.dsa->g); +- XMLCh * Y = BN2b64(pkey->pkey.dsa->pub_key); ++ DSA *dsa = EVP_PKEY_get0_DSA(pkey); ++ const BIGNUM *p, *q, *g, *pub_key; ++ DSA_get0_pqg(dsa, &p, &q, &g); ++ DSA_get0_key(dsa, &pub_key, 0); ++ XMLCh * P = BN2b64(p); ++ XMLCh * Q = BN2b64(q); ++ XMLCh * G = BN2b64(g); ++ XMLCh * Y = BN2b64(pub_key); + + sig->appendDSAKeyValue(P,Q,G,Y); + +@@ -1251,15 +1269,18 @@ + XSEC_RELEASE_XMLCH(Y); + } + else { +- if (pkey->type != EVP_PKEY_RSA) { ++ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA) { + cerr << "RSA Key requested, but OpenSSL loaded something else\n"; + exit (1); + } + sig = rr->addSignature(CANON_C14N_NOC, SIGNATURE_RSA, HASH_SHA1); + key = new OpenSSLCryptoKeyRSA(pkey); + +- XMLCh * mod = BN2b64(pkey->pkey.rsa->n); +- XMLCh * exp = BN2b64(pkey->pkey.rsa->e); ++ RSA *rsa = EVP_PKEY_get0_RSA(pkey); ++ const BIGNUM *n, *e; ++ RSA_get0_key(rsa, &n, &e, 0); ++ XMLCh * mod = BN2b64(n); ++ XMLCh * exp = BN2b64(e); + sig->appendRSAKeyValue(mod, exp); + XSEC_RELEASE_XMLCH(mod); + XSEC_RELEASE_XMLCH(exp); +@@ -1326,7 +1347,7 @@ + + // Check type is correct + +- if (pkey->type != EVP_PKEY_DSA) { ++ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_DSA) { + cerr << "DSA Key requested, but OpenSSL loaded something else\n"; + return NULL; + } +@@ -1334,10 +1355,14 @@ + proofOfPossessionKey = new OpenSSLCryptoKeyDSA(pkey); + proofOfPossessionSm = SIGNATURE_DSA; + +- XMLCh * P = BN2b64(pkey->pkey.dsa->p); +- XMLCh * Q = BN2b64(pkey->pkey.dsa->q); +- XMLCh * G = BN2b64(pkey->pkey.dsa->g); +- XMLCh * Y = BN2b64(pkey->pkey.dsa->pub_key); ++ DSA *dsa = EVP_PKEY_get0_DSA(pkey); ++ const BIGNUM *p, *q, *g, *pub_key; ++ DSA_get0_pqg(dsa, &p, &q, &g); ++ DSA_get0_key(dsa, &pub_key, 0); ++ XMLCh * P = BN2b64(p); ++ XMLCh * Q = BN2b64(q); ++ XMLCh * G = BN2b64(g); ++ XMLCh * Y = BN2b64(pub_key); + + pkb->appendDSAKeyValue(P,Q,G,Y); + +@@ -1347,7 +1372,7 @@ + XSEC_RELEASE_XMLCH(Y); + } + else { +- if (pkey->type != EVP_PKEY_RSA) { ++ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA) { + cerr << "RSA Key requested, but OpenSSL loaded something else\n"; + exit (1); + } +@@ -1355,8 +1380,11 @@ + proofOfPossessionKey = new OpenSSLCryptoKeyRSA(pkey); + proofOfPossessionSm = SIGNATURE_RSA; + +- XMLCh * mod = BN2b64(pkey->pkey.rsa->n); +- XMLCh * exp = BN2b64(pkey->pkey.rsa->e); ++ RSA *rsa = EVP_PKEY_get0_RSA(pkey); ++ const BIGNUM *n, *e; ++ RSA_get0_key(rsa, &n, &e, 0); ++ XMLCh * mod = BN2b64(n); ++ XMLCh * exp = BN2b64(e); + pkb->appendRSAKeyValue(mod, exp); + XSEC_RELEASE_XMLCH(mod); + XSEC_RELEASE_XMLCH(exp); +@@ -1622,7 +1650,7 @@ + + // Check type is correct + +- if (pkey->type != EVP_PKEY_DSA) { ++ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_DSA) { + cerr << "DSA Key requested, but OpenSSL loaded something else\n"; + return NULL; + } +@@ -1631,10 +1659,14 @@ + // Create the XSEC OpenSSL interface + key = new OpenSSLCryptoKeyDSA(pkey); + +- XMLCh * P = BN2b64(pkey->pkey.dsa->p); +- XMLCh * Q = BN2b64(pkey->pkey.dsa->q); +- XMLCh * G = BN2b64(pkey->pkey.dsa->g); +- XMLCh * Y = BN2b64(pkey->pkey.dsa->pub_key); ++ DSA *dsa = EVP_PKEY_get0_DSA(pkey); ++ const BIGNUM *p, *q, *g, *pub_key; ++ DSA_get0_pqg(dsa, &p, &q, &g); ++ DSA_get0_key(dsa, &pub_key, 0); ++ XMLCh * P = BN2b64(p); ++ XMLCh * Q = BN2b64(q); ++ XMLCh * G = BN2b64(g); ++ XMLCh * Y = BN2b64(pub_key); + + sig->appendDSAKeyValue(P,Q,G,Y); + +@@ -1644,15 +1676,18 @@ + XSEC_RELEASE_XMLCH(Y); + } + else { +- if (pkey->type != EVP_PKEY_RSA) { ++ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA) { + cerr << "RSA Key requested, but OpenSSL loaded something else\n"; + exit (1); + } + sig = rr->addSignature(CANON_C14N_NOC, SIGNATURE_RSA, HASH_SHA1); + key = new OpenSSLCryptoKeyRSA(pkey); + +- XMLCh * mod = BN2b64(pkey->pkey.rsa->n); +- XMLCh * exp = BN2b64(pkey->pkey.rsa->e); ++ RSA *rsa = EVP_PKEY_get0_RSA(pkey); ++ const BIGNUM *n, *e; ++ RSA_get0_key(rsa, &n, &e, 0); ++ XMLCh * mod = BN2b64(n); ++ XMLCh * exp = BN2b64(e); + sig->appendRSAKeyValue(mod, exp); + XSEC_RELEASE_XMLCH(mod); + XSEC_RELEASE_XMLCH(exp); +@@ -1719,15 +1754,19 @@ + + // Check type is correct + +- if (pkey->type != EVP_PKEY_DSA) { ++ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_DSA) { + cerr << "DSA Key requested, but OpenSSL loaded something else\n"; + return NULL; + } + +- XMLCh * P = BN2b64(pkey->pkey.dsa->p); +- XMLCh * Q = BN2b64(pkey->pkey.dsa->q); +- XMLCh * G = BN2b64(pkey->pkey.dsa->g); +- XMLCh * Y = BN2b64(pkey->pkey.dsa->pub_key); ++ DSA *dsa = EVP_PKEY_get0_DSA(pkey); ++ const BIGNUM *p, *q, *g, *pub_key; ++ DSA_get0_pqg(dsa, &p, &q, &g); ++ DSA_get0_key(dsa, &pub_key, 0); ++ XMLCh * P = BN2b64(p); ++ XMLCh * Q = BN2b64(q); ++ XMLCh * G = BN2b64(g); ++ XMLCh * Y = BN2b64(pub_key); + + rkb->appendDSAKeyValue(P,Q,G,Y); + +@@ -1737,13 +1776,16 @@ + XSEC_RELEASE_XMLCH(Y); + } + else { +- if (pkey->type != EVP_PKEY_RSA) { ++ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA) { + cerr << "RSA Key requested, but OpenSSL loaded something else\n"; + exit (1); + } + +- XMLCh * mod = BN2b64(pkey->pkey.rsa->n); +- XMLCh * exp = BN2b64(pkey->pkey.rsa->e); ++ RSA *rsa = EVP_PKEY_get0_RSA(pkey); ++ const BIGNUM *n, *e; ++ RSA_get0_key(rsa, &n, &e, 0); ++ XMLCh * mod = BN2b64(n); ++ XMLCh * exp = BN2b64(e); + rkb->appendRSAKeyValue(mod, exp); + XSEC_RELEASE_XMLCH(mod); + XSEC_RELEASE_XMLCH(exp); +@@ -1977,7 +2019,7 @@ + + // Check type is correct + +- if (pkey->type != EVP_PKEY_DSA) { ++ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_DSA) { + cerr << "DSA Key requested, but OpenSSL loaded something else\n"; + return NULL; + } +@@ -1986,10 +2028,14 @@ + // Create the XSEC OpenSSL interface + key = new OpenSSLCryptoKeyDSA(pkey); + +- XMLCh * P = BN2b64(pkey->pkey.dsa->p); +- XMLCh * Q = BN2b64(pkey->pkey.dsa->q); +- XMLCh * G = BN2b64(pkey->pkey.dsa->g); +- XMLCh * Y = BN2b64(pkey->pkey.dsa->pub_key); ++ DSA *dsa = EVP_PKEY_get0_DSA(pkey); ++ const BIGNUM *p, *q, *g, *pub_key; ++ DSA_get0_pqg(dsa, &p, &q, &g); ++ DSA_get0_key(dsa, &pub_key, 0); ++ XMLCh * P = BN2b64(p); ++ XMLCh * Q = BN2b64(q); ++ XMLCh * G = BN2b64(g); ++ XMLCh * Y = BN2b64(pub_key); + + sig->appendDSAKeyValue(P,Q,G,Y); + +@@ -1999,15 +2045,18 @@ + XSEC_RELEASE_XMLCH(Y); + } + else { +- if (pkey->type != EVP_PKEY_RSA) { ++ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA) { + cerr << "RSA Key requested, but OpenSSL loaded something else\n"; + exit (1); + } + sig = rr->addSignature(CANON_C14N_NOC, SIGNATURE_RSA, HASH_SHA1); + key = new OpenSSLCryptoKeyRSA(pkey); + +- XMLCh * mod = BN2b64(pkey->pkey.rsa->n); +- XMLCh * exp = BN2b64(pkey->pkey.rsa->e); ++ RSA *rsa = EVP_PKEY_get0_RSA(pkey); ++ const BIGNUM *n, *e; ++ RSA_get0_key(rsa, &n, &e, 0); ++ XMLCh * mod = BN2b64(n); ++ XMLCh * exp = BN2b64(e); + sig->appendRSAKeyValue(mod, exp); + XSEC_RELEASE_XMLCH(mod); + XSEC_RELEASE_XMLCH(exp); +@@ -2074,7 +2123,7 @@ + + // Check type is correct + +- if (pkey->type != EVP_PKEY_DSA) { ++ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_DSA) { + cerr << "DSA Key requested, but OpenSSL loaded something else\n"; + return NULL; + } +@@ -2082,10 +2131,14 @@ + proofOfPossessionKey = new OpenSSLCryptoKeyDSA(pkey); + proofOfPossessionSm = SIGNATURE_DSA; + +- XMLCh * P = BN2b64(pkey->pkey.dsa->p); +- XMLCh * Q = BN2b64(pkey->pkey.dsa->q); +- XMLCh * G = BN2b64(pkey->pkey.dsa->g); +- XMLCh * Y = BN2b64(pkey->pkey.dsa->pub_key); ++ DSA *dsa = EVP_PKEY_get0_DSA(pkey); ++ const BIGNUM *p, *q, *g, *pub_key; ++ DSA_get0_pqg(dsa, &p, &q, &g); ++ DSA_get0_key(dsa, &pub_key, 0); ++ XMLCh * P = BN2b64(p); ++ XMLCh * Q = BN2b64(q); ++ XMLCh * G = BN2b64(g); ++ XMLCh * Y = BN2b64(pub_key); + + pkb->appendDSAKeyValue(P,Q,G,Y); + +@@ -2095,7 +2148,7 @@ + XSEC_RELEASE_XMLCH(Y); + } + else { +- if (pkey->type != EVP_PKEY_RSA) { ++ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA) { + cerr << "RSA Key requested, but OpenSSL loaded something else\n"; + exit (1); + } +@@ -2103,8 +2156,11 @@ + proofOfPossessionKey = new OpenSSLCryptoKeyRSA(pkey); + proofOfPossessionSm = SIGNATURE_RSA; + +- XMLCh * mod = BN2b64(pkey->pkey.rsa->n); +- XMLCh * exp = BN2b64(pkey->pkey.rsa->e); ++ RSA *rsa = EVP_PKEY_get0_RSA(pkey); ++ const BIGNUM *n, *e; ++ RSA_get0_key(rsa, &n, &e, 0); ++ XMLCh * mod = BN2b64(n); ++ XMLCh * exp = BN2b64(e); + pkb->appendRSAKeyValue(mod, exp); + XSEC_RELEASE_XMLCH(mod); + XSEC_RELEASE_XMLCH(exp); +@@ -2371,7 +2427,7 @@ + + // Check type is correct + +- if (pkey->type != EVP_PKEY_DSA) { ++ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_DSA) { + cerr << "DSA Key requested, but OpenSSL loaded something else\n"; + return NULL; + } +@@ -2380,10 +2436,14 @@ + // Create the XSEC OpenSSL interface + key = new OpenSSLCryptoKeyDSA(pkey); + +- XMLCh * P = BN2b64(pkey->pkey.dsa->p); +- XMLCh * Q = BN2b64(pkey->pkey.dsa->q); +- XMLCh * G = BN2b64(pkey->pkey.dsa->g); +- XMLCh * Y = BN2b64(pkey->pkey.dsa->pub_key); ++ DSA *dsa = EVP_PKEY_get0_DSA(pkey); ++ const BIGNUM *p, *q, *g, *pub_key; ++ DSA_get0_pqg(dsa, &p, &q, &g); ++ DSA_get0_key(dsa, &pub_key, 0); ++ XMLCh * P = BN2b64(p); ++ XMLCh * Q = BN2b64(q); ++ XMLCh * G = BN2b64(g); ++ XMLCh * Y = BN2b64(pub_key); + + sig->appendDSAKeyValue(P,Q,G,Y); + +@@ -2393,15 +2453,18 @@ + XSEC_RELEASE_XMLCH(Y); + } + else { +- if (pkey->type != EVP_PKEY_RSA) { ++ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA) { + cerr << "RSA Key requested, but OpenSSL loaded something else\n"; + exit (1); + } + sig = rr->addSignature(CANON_C14N_NOC, SIGNATURE_RSA, HASH_SHA1); + key = new OpenSSLCryptoKeyRSA(pkey); + +- XMLCh * mod = BN2b64(pkey->pkey.rsa->n); +- XMLCh * exp = BN2b64(pkey->pkey.rsa->e); ++ RSA *rsa = EVP_PKEY_get0_RSA(pkey); ++ const BIGNUM *n, *e; ++ RSA_get0_key(rsa, &n, &e, 0); ++ XMLCh * mod = BN2b64(n); ++ XMLCh * exp = BN2b64(e); + sig->appendRSAKeyValue(mod, exp); + XSEC_RELEASE_XMLCH(mod); + XSEC_RELEASE_XMLCH(exp); +@@ -2468,15 +2531,19 @@ + + // Check type is correct + +- if (pkey->type != EVP_PKEY_DSA) { ++ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_DSA) { + cerr << "DSA Key requested, but OpenSSL loaded something else\n"; + return NULL; + } + +- XMLCh * P = BN2b64(pkey->pkey.dsa->p); +- XMLCh * Q = BN2b64(pkey->pkey.dsa->q); +- XMLCh * G = BN2b64(pkey->pkey.dsa->g); +- XMLCh * Y = BN2b64(pkey->pkey.dsa->pub_key); ++ DSA *dsa = EVP_PKEY_get0_DSA(pkey); ++ const BIGNUM *p, *q, *g, *pub_key; ++ DSA_get0_pqg(dsa, &p, &q, &g); ++ DSA_get0_key(dsa, &pub_key, 0); ++ XMLCh * P = BN2b64(p); ++ XMLCh * Q = BN2b64(q); ++ XMLCh * G = BN2b64(g); ++ XMLCh * Y = BN2b64(pub_key); + + rkb->appendDSAKeyValue(P,Q,G,Y); + +@@ -2486,13 +2553,16 @@ + XSEC_RELEASE_XMLCH(Y); + } + else { +- if (pkey->type != EVP_PKEY_RSA) { ++ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA) { + cerr << "RSA Key requested, but OpenSSL loaded something else\n"; + exit (1); + } + +- XMLCh * mod = BN2b64(pkey->pkey.rsa->n); +- XMLCh * exp = BN2b64(pkey->pkey.rsa->e); ++ RSA *rsa = EVP_PKEY_get0_RSA(pkey); ++ const BIGNUM *n, *e; ++ RSA_get0_key(rsa, &n, &e, 0); ++ XMLCh * mod = BN2b64(n); ++ XMLCh * exp = BN2b64(e); + rkb->appendRSAKeyValue(mod, exp); + XSEC_RELEASE_XMLCH(mod); + XSEC_RELEASE_XMLCH(exp); +@@ -3251,14 +3321,17 @@ + + // Create the RSA key file + RSA * rsa = RSA_new(); +- rsa->n = OpenSSLCryptoBase64::b642BN(sModulus, (unsigned int) strlen(sModulus)); +- rsa->e = OpenSSLCryptoBase64::b642BN(sExponent, (unsigned int) strlen(sExponent)); +- rsa->d = OpenSSLCryptoBase64::b642BN(sD, (unsigned int) strlen(sD)); +- rsa->p = OpenSSLCryptoBase64::b642BN(sP, (unsigned int) strlen(sP)); +- rsa->q = OpenSSLCryptoBase64::b642BN(sQ, (unsigned int) strlen(sQ)); +- rsa->dmp1 = OpenSSLCryptoBase64::b642BN(sDP, (unsigned int) strlen(sDP)); +- rsa->dmq1 = OpenSSLCryptoBase64::b642BN(sDQ, (unsigned int) strlen(sDQ)); +- rsa->iqmp = OpenSSLCryptoBase64::b642BN(sInverseQ, (unsigned int) strlen(sInverseQ)); ++ RSA_set0_key(rsa, ++ OpenSSLCryptoBase64::b642BN(sModulus, (unsigned int) strlen(sModulus)), ++ OpenSSLCryptoBase64::b642BN(sExponent, (unsigned int) strlen(sExponent)), ++ OpenSSLCryptoBase64::b642BN(sD, (unsigned int) strlen(sD))); ++ RSA_set0_factors(rsa, ++ OpenSSLCryptoBase64::b642BN(sP, (unsigned int) strlen(sP)), ++ OpenSSLCryptoBase64::b642BN(sQ, (unsigned int) strlen(sQ))); ++ RSA_set0_crt_params(rsa, ++ OpenSSLCryptoBase64::b642BN(sDP, (unsigned int) strlen(sDP)), ++ OpenSSLCryptoBase64::b642BN(sDQ, (unsigned int) strlen(sDQ)), ++ OpenSSLCryptoBase64::b642BN(sInverseQ, (unsigned int) strlen(sInverseQ))); + + // Write it to disk + BIO *out; +@@ -3367,14 +3440,17 @@ + + // Create the RSA key file + RSA * rsa = RSA_new(); +- rsa->n = OpenSSLCryptoBase64::b642BN(sModulus, (unsigned int) strlen(sModulus)); +- rsa->e = OpenSSLCryptoBase64::b642BN(sExponent, (unsigned int) strlen(sExponent)); +- rsa->d = OpenSSLCryptoBase64::b642BN(sD, (unsigned int) strlen(sD)); +- rsa->p = OpenSSLCryptoBase64::b642BN(sP, (unsigned int) strlen(sP)); +- rsa->q = OpenSSLCryptoBase64::b642BN(sQ, (unsigned int) strlen(sQ)); +- rsa->dmp1 = OpenSSLCryptoBase64::b642BN(sDP, (unsigned int) strlen(sDP)); +- rsa->dmq1 = OpenSSLCryptoBase64::b642BN(sDQ, (unsigned int) strlen(sDQ)); +- rsa->iqmp = OpenSSLCryptoBase64::b642BN(sInverseQ, (unsigned int) strlen(sInverseQ)); ++ RSA_set0_key(rsa, ++ OpenSSLCryptoBase64::b642BN(sModulus, (unsigned int) strlen(sModulus)), ++ OpenSSLCryptoBase64::b642BN(sExponent, (unsigned int) strlen(sExponent)), ++ OpenSSLCryptoBase64::b642BN(sD, (unsigned int) strlen(sD))); ++ RSA_set0_factors(rsa, ++ OpenSSLCryptoBase64::b642BN(sP, (unsigned int) strlen(sP)), ++ OpenSSLCryptoBase64::b642BN(sQ, (unsigned int) strlen(sQ))); ++ RSA_set0_crt_params(rsa, ++ OpenSSLCryptoBase64::b642BN(sDP, (unsigned int) strlen(sDP)), ++ OpenSSLCryptoBase64::b642BN(sDQ, (unsigned int) strlen(sDQ)), ++ OpenSSLCryptoBase64::b642BN(sInverseQ, (unsigned int) strlen(sInverseQ))); + + // Write it to disk + BIO *out; diff --git a/xml-security-c-ac_fixes.patch b/xml-security-c-ac_fixes.patch new file mode 100644 index 000000000000..939107aab708 --- /dev/null +++ b/xml-security-c-ac_fixes.patch @@ -0,0 +1,24 @@ +--- xml-security-c-1.7.3/configure.ac~ 2015-01-30 03:55:09.000000000 +0000 ++++ xml-security-c-1.7.3/configure.ac 2017-08-30 10:10:04.161889660 +0100 +@@ -26,16 +26,13 @@ + + AC_ARG_ENABLE(debug, + AS_HELP_STRING([--enable-debug],[Have GCC compile with symbols (Default = no)]), +- enable_debug=$enableval, enable_debug=no) +- +-if test "$enable_debug" = "yes" ; then ++ [ + GCC_CFLAGS="$CFLAGS -g -D_DEBUG" + GCC_CXXFLAGS="$CXXFLAGS -g -D_DEBUG" +-else +- GCC_CFLAGS="$CFLAGS -O2 -DNDEBUG" +- GCC_CXXFLAGS="$CXXFLAGS -O2 -DNDEBUG" +-fi +- ++ ],[ ++ GCC_CFLAGS="$CFLAGS -DNDEBUG" ++ GCC_CXXFLAGS="$CXXFLAGS -DNDEBUG" ++ ]) + + # Define the files we wish to generate + diff --git a/xmlsec-1.6.1-cxx11.patch b/xml-security-c-cxx11.patch index bc87d4c1411e..e342b087d7a9 100644 --- a/xmlsec-1.6.1-cxx11.patch +++ b/xml-security-c-cxx11.patch @@ -1,3 +1,5 @@ +https://issues.apache.org/jira/browse/SANTUARIO-437 + --- xml-security-c-1.6.1/xsec/tools/checksig/InteropResolver.cpp.orig 2016-02-02 23:57:26.204655144 +0000 +++ xml-security-c-1.6.1/xsec/tools/checksig/InteropResolver.cpp 2016-02-02 23:57:35.796692305 +0000 @@ -645,7 +645,7 @@ |