pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: pkgsrc/security/xml-security-c
Module Name: pkgsrc
Committed By: ryoon
Date: Mon Apr 30 05:25:24 UTC 2018
Modified Files:
pkgsrc/security/xml-security-c: Makefile distinfo
pkgsrc/security/xml-security-c/patches:
patch-xsec_tools_checksig_InteropResolver.cpp
Added Files:
pkgsrc/security/xml-security-c/patches:
patch-xsec_enc_OpenSSL_OpenSSLCryptoBase64.cpp
patch-xsec_enc_OpenSSL_OpenSSLCryptoBase64.hpp
patch-xsec_enc_OpenSSL_OpenSSLCryptoHash.cpp
patch-xsec_enc_OpenSSL_OpenSSLCryptoHash.hpp
patch-xsec_enc_OpenSSL_OpenSSLCryptoHashHMAC.cpp
patch-xsec_enc_OpenSSL_OpenSSLCryptoHashHMAC.hpp
patch-xsec_enc_OpenSSL_OpenSSLCryptoKeyDSA.cpp
patch-xsec_enc_OpenSSL_OpenSSLCryptoKeyEC.cpp
patch-xsec_enc_OpenSSL_OpenSSLCryptoKeyRSA.cpp
patch-xsec_enc_OpenSSL_OpenSSLCryptoProvider.cpp
patch-xsec_enc_OpenSSL_OpenSSLCryptoSymmetricKey.cpp
patch-xsec_enc_OpenSSL_OpenSSLCryptoSymmetricKey.hpp
patch-xsec_enc_OpenSSL_OpenSSLCryptoX509.cpp
patch-xsec_tools_cipher_XencInteropResolver.cpp
patch-xsec_tools_cipher_cipher.cpp
patch-xsec_tools_templatesign_templatesign.cpp
patch-xsec_tools_xklient_xklient.cpp
Log Message:
Fix build with OpenSSL 1.1
* From Fedora's xml-security-c-1.7.3_openssl1.1.patch
* Use OpenSSL 1.1 with BUILDLINK_API_DEPENDS
To generate a diff of this commit:
cvs rdiff -u -r1.17 -r1.18 pkgsrc/security/xml-security-c/Makefile
cvs rdiff -u -r1.8 -r1.9 pkgsrc/security/xml-security-c/distinfo
cvs rdiff -u -r0 -r1.1 \
pkgsrc/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoBase64.cpp \
pkgsrc/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoBase64.hpp \
pkgsrc/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoHash.cpp \
pkgsrc/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoHash.hpp \
pkgsrc/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoHashHMAC.cpp \
pkgsrc/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoHashHMAC.hpp \
pkgsrc/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoKeyDSA.cpp \
pkgsrc/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoKeyEC.cpp \
pkgsrc/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoKeyRSA.cpp \
pkgsrc/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoProvider.cpp \
pkgsrc/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoSymmetricKey.cpp \
pkgsrc/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoSymmetricKey.hpp \
pkgsrc/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoX509.cpp \
pkgsrc/security/xml-security-c/patches/patch-xsec_tools_cipher_XencInteropResolver.cpp \
pkgsrc/security/xml-security-c/patches/patch-xsec_tools_cipher_cipher.cpp \
pkgsrc/security/xml-security-c/patches/patch-xsec_tools_templatesign_templatesign.cpp \
pkgsrc/security/xml-security-c/patches/patch-xsec_tools_xklient_xklient.cpp
cvs rdiff -u -r1.1 -r1.2 \
pkgsrc/security/xml-security-c/patches/patch-xsec_tools_checksig_InteropResolver.cpp
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: pkgsrc/security/xml-security-c/Makefile
diff -u pkgsrc/security/xml-security-c/Makefile:1.17 pkgsrc/security/xml-security-c/Makefile:1.18
--- pkgsrc/security/xml-security-c/Makefile:1.17 Sun Sep 17 09:33:59 2017
+++ pkgsrc/security/xml-security-c/Makefile Mon Apr 30 05:25:24 2018
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.17 2017/09/17 09:33:59 abs Exp $
+# $NetBSD: Makefile,v 1.18 2018/04/30 05:25:24 ryoon Exp $
DISTNAME= xml-security-c-1.7.3
CATEGORIES= security devel
@@ -15,7 +15,7 @@ USE_TOOLS+= gmake pkg-config
GNU_CONFIGURE= yes
CONFIGURE_ENV+= XERCESCROOT="${BUILDLINK_PREFIX.xerces-c}"
-BUILDLINK_API_DEPENDS.openssl+= openssl>=0.9.7
+BUILDLINK_API_DEPENDS.openssl+= openssl>=1.1
.include "../../security/openssl/buildlink3.mk"
.include "../../textproc/xerces-c/buildlink3.mk"
.include "../../mk/bsd.pkg.mk"
Index: pkgsrc/security/xml-security-c/distinfo
diff -u pkgsrc/security/xml-security-c/distinfo:1.8 pkgsrc/security/xml-security-c/distinfo:1.9
--- pkgsrc/security/xml-security-c/distinfo:1.8 Sat Sep 23 15:30:01 2017
+++ pkgsrc/security/xml-security-c/distinfo Mon Apr 30 05:25:24 2018
@@ -1,8 +1,25 @@
-$NetBSD: distinfo,v 1.8 2017/09/23 15:30:01 joerg Exp $
+$NetBSD: distinfo,v 1.9 2018/04/30 05:25:24 ryoon Exp $
SHA1 (xml-security-c-1.7.3.tar.gz) = bcbe98e0bd3695a0b961a223cce53e2f35c4681b
RMD160 (xml-security-c-1.7.3.tar.gz) = f0c9c3668a3ff2e13647909b926e20fdba828ad2
SHA512 (xml-security-c-1.7.3.tar.gz) = ea46709d6706edf345e19132d9998774e50dc7b5947a7b4a55e3627998f5ac66f976fdff0a5015ef3cee73c03c04f3c4cf993efd397082491c2000c6548b89d2
Size (xml-security-c-1.7.3.tar.gz) = 909320 bytes
SHA1 (patch-xsec_Makefile.in) = f610c63b888f8f744a5de5b47975eb7dc4aee55b
-SHA1 (patch-xsec_tools_checksig_InteropResolver.cpp) = bdc668a7f0212113d0efbaf189e7021a44108e26
+SHA1 (patch-xsec_enc_OpenSSL_OpenSSLCryptoBase64.cpp) = b66c6be973b29e02657c2eaffe331f311a8c7214
+SHA1 (patch-xsec_enc_OpenSSL_OpenSSLCryptoBase64.hpp) = ceb72c460f7ee9341047b1517306bf02cb8c3756
+SHA1 (patch-xsec_enc_OpenSSL_OpenSSLCryptoHash.cpp) = b8614ee4f947b88988b3e9b40fc35a080145ac2f
+SHA1 (patch-xsec_enc_OpenSSL_OpenSSLCryptoHash.hpp) = 19628ec1aefa7e62ffec19e99968a97295717d1b
+SHA1 (patch-xsec_enc_OpenSSL_OpenSSLCryptoHashHMAC.cpp) = fc1aa0983bc7eb72b75f8d1f35637a2d3376ec54
+SHA1 (patch-xsec_enc_OpenSSL_OpenSSLCryptoHashHMAC.hpp) = 1ae06a624875c97598b1d88f6260d8e49b311566
+SHA1 (patch-xsec_enc_OpenSSL_OpenSSLCryptoKeyDSA.cpp) = 7a483f89b19cdcf3993c7940d3bc50afba2aa186
+SHA1 (patch-xsec_enc_OpenSSL_OpenSSLCryptoKeyEC.cpp) = 6e8415da5b6a9cb9f093f66cfd490a96625a7fbb
+SHA1 (patch-xsec_enc_OpenSSL_OpenSSLCryptoKeyRSA.cpp) = 57f7df09f24e0245802cf039471325c640ce849b
+SHA1 (patch-xsec_enc_OpenSSL_OpenSSLCryptoProvider.cpp) = a5eb8e4b636b0bfba71f4c580509d09f43adb5bc
+SHA1 (patch-xsec_enc_OpenSSL_OpenSSLCryptoSymmetricKey.cpp) = dda82e60360708f286af697ac34671cb9e363c83
+SHA1 (patch-xsec_enc_OpenSSL_OpenSSLCryptoSymmetricKey.hpp) = 6d7757997addc269c3c93ef3ddecd97449af6fc4
+SHA1 (patch-xsec_enc_OpenSSL_OpenSSLCryptoX509.cpp) = 1ed63c79f7339ed4a50479766311fc0833a2b63a
+SHA1 (patch-xsec_tools_checksig_InteropResolver.cpp) = f71158bbe946eedc69558789ea39513762a6d8d1
+SHA1 (patch-xsec_tools_cipher_XencInteropResolver.cpp) = b36653313698c6bdf849f948dee2d2d0dafc6d2c
+SHA1 (patch-xsec_tools_cipher_cipher.cpp) = 86c91a43e799f757efd445690de6a5b07c56eefd
+SHA1 (patch-xsec_tools_templatesign_templatesign.cpp) = 9068b2641eeb01dba14895b5514628d10f5f2c5f
+SHA1 (patch-xsec_tools_xklient_xklient.cpp) = ca4deeded395f0094ce91873c0c904385833a103
Index: pkgsrc/security/xml-security-c/patches/patch-xsec_tools_checksig_InteropResolver.cpp
diff -u pkgsrc/security/xml-security-c/patches/patch-xsec_tools_checksig_InteropResolver.cpp:1.1 pkgsrc/security/xml-security-c/patches/patch-xsec_tools_checksig_InteropResolver.cpp:1.2
--- pkgsrc/security/xml-security-c/patches/patch-xsec_tools_checksig_InteropResolver.cpp:1.1 Sat Sep 23 15:30:01 2017
+++ pkgsrc/security/xml-security-c/patches/patch-xsec_tools_checksig_InteropResolver.cpp Mon Apr 30 05:25:24 2018
@@ -1,10 +1,56 @@
-$NetBSD: patch-xsec_tools_checksig_InteropResolver.cpp,v 1.1 2017/09/23 15:30:01 joerg Exp $
+$NetBSD: patch-xsec_tools_checksig_InteropResolver.cpp,v 1.2 2018/04/30 05:25:24 ryoon Exp $
false is a bad pointer value.
---- xsec/tools/checksig/InteropResolver.cpp.orig 2017-09-23 12:23:36.663288313 +0000
+--- xsec/tools/checksig/InteropResolver.cpp.orig 2018-04-10 03:53:05.001719015 +0000
+++ xsec/tools/checksig/InteropResolver.cpp
-@@ -645,7 +645,7 @@ XSECCryptoKey * InteropResolver::resolve
+@@ -318,7 +318,7 @@ bool InteropResolver::checkMatch(DSIGKey
+ char * cserial = XMLString::transcode(serial);
+ char * xserial;
+
+- BIGNUM * bnserial = ASN1_INTEGER_to_BN(x->cert_info->serialNumber, NULL);
++ BIGNUM * bnserial = ASN1_INTEGER_to_BN(X509_get0_serialNumber(x), NULL);
+ xserial = BN_bn2dec(bnserial);
+ BN_free(bnserial);
+
+@@ -360,8 +360,7 @@ bool InteropResolver::checkMatch(DSIGKey
+ if (xlen != 0) {
+
+ // Have a buffer with a number in it
+- STACK_OF(X509_EXTENSION) *exts;
+- exts = x->cert_info->extensions;
++ const STACK_OF(X509_EXTENSION) *exts = X509_get0_extensions(x);
+
+ if (exts != NULL) {
+
+@@ -379,8 +378,8 @@ bool InteropResolver::checkMatch(DSIGKey
+ memcpy(&octxski[2], xski, xlen);
+
+ ext = sk_X509_EXTENSION_value(exts,extn);
+- ASN1_OCTET_STRING *skid = ext->value;
+- ASN1_OCTET_STRING * xskid = M_ASN1_OCTET_STRING_new();
++ ASN1_OCTET_STRING *skid = X509_EXTENSION_get_data(ext);
++ ASN1_OCTET_STRING * xskid = ASN1_OCTET_STRING_new();
+ ASN1_STRING_set(xskid, octxski, xlen+2);
+
+ if (ASN1_OCTET_STRING_cmp(xskid, skid) == 0) {
+@@ -602,12 +601,12 @@ XSECCryptoKey * InteropResolver::resolve
+ // Now check if the cert is in the CRL (code lifted from OpenSSL x509_vfy.c
+
+ int idx;
+- X509_REVOKED rtmp;
++ X509_REVOKED *rtmp = X509_REVOKED_new();
+
+ /* Look for serial number of certificate in CRL */
+
+- rtmp.serialNumber = X509_get_serialNumber(x);
+- idx = sk_X509_REVOKED_find(c->crl->revoked, &rtmp);
++ X509_REVOKED_set_serialNumber(rtmp, X509_get_serialNumber(x));
++ idx = sk_X509_REVOKED_find(X509_CRL_get_REVOKED(c), rtmp);
+
+ /* Not found: OK */
+
+@@ -645,7 +644,7 @@ XSECCryptoKey * InteropResolver::resolve
}
Added files:
Index: pkgsrc/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoBase64.cpp
diff -u /dev/null pkgsrc/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoBase64.cpp:1.1
--- /dev/null Mon Apr 30 05:25:24 2018
+++ pkgsrc/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoBase64.cpp Mon Apr 30 05:25:24 2018
@@ -0,0 +1,74 @@
+$NetBSD: patch-xsec_enc_OpenSSL_OpenSSLCryptoBase64.cpp,v 1.1 2018/04/30 05:25:24 ryoon Exp $
+
+--- xsec/enc/OpenSSL/OpenSSLCryptoBase64.cpp.orig 2012-07-23 16:56:11.000000000 +0000
++++ xsec/enc/OpenSSL/OpenSSLCryptoBase64.cpp
+@@ -44,6 +44,15 @@
+
+ XERCES_CPP_NAMESPACE_USE
+
++OpenSSLCryptoBase64::OpenSSLCryptoBase64() {
++ m_ectx = EVP_ENCODE_CTX_new();
++ m_dctx = EVP_ENCODE_CTX_new();
++}
++
++OpenSSLCryptoBase64::~OpenSSLCryptoBase64() {
++ EVP_ENCODE_CTX_free(m_ectx);
++ EVP_ENCODE_CTX_free(m_dctx);
++}
+
+ // --------------------------------------------------------------------------------
+ // Decoding
+@@ -51,7 +60,7 @@ XERCES_CPP_NAMESPACE_USE
+
+ void OpenSSLCryptoBase64::decodeInit(void) {
+
+- EVP_DecodeInit(&m_dctx);
++ EVP_DecodeInit(m_dctx);
+
+ }
+
+@@ -70,7 +79,7 @@ unsigned int OpenSSLCryptoBase64::decode
+
+ }
+
+- rc = EVP_DecodeUpdate(&m_dctx,
++ rc = EVP_DecodeUpdate(m_dctx,
+ outData,
+ &outLen,
+ (unsigned char *) inData,
+@@ -99,7 +108,7 @@ unsigned int OpenSSLCryptoBase64::decode
+ int outLen;
+ outLen = outLength;
+
+- EVP_DecodeFinal(&m_dctx, outData, &outLen);
++ EVP_DecodeFinal(m_dctx, outData, &outLen);
+
+ return outLen;
+
+@@ -111,7 +120,7 @@ unsigned int OpenSSLCryptoBase64::decode
+
+ void OpenSSLCryptoBase64::encodeInit(void) {
+
+- EVP_EncodeInit(&m_ectx);
++ EVP_EncodeInit(m_ectx);
+
+ }
+
+@@ -130,7 +139,7 @@ unsigned int OpenSSLCryptoBase64::encode
+
+ }
+
+- EVP_EncodeUpdate(&m_ectx,
++ EVP_EncodeUpdate(m_ectx,
+ outData,
+ &outLen,
+ (unsigned char *) inData,
+@@ -153,7 +162,7 @@ unsigned int OpenSSLCryptoBase64::encode
+ int outLen;
+ outLen = outLength;
+
+- EVP_EncodeFinal(&m_ectx, outData, &outLen);
++ EVP_EncodeFinal(m_ectx, outData, &outLen);
+
+ return outLen;
+
Index: pkgsrc/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoBase64.hpp
diff -u /dev/null pkgsrc/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoBase64.hpp:1.1
--- /dev/null Mon Apr 30 05:25:24 2018
+++ pkgsrc/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoBase64.hpp Mon Apr 30 05:25:24 2018
@@ -0,0 +1,40 @@
+$NetBSD: patch-xsec_enc_OpenSSL_OpenSSLCryptoBase64.hpp,v 1.1 2018/04/30 05:25:24 ryoon Exp $
+
+--- xsec/enc/OpenSSL/OpenSSLCryptoBase64.hpp.orig 2012-07-23 16:56:11.000000000 +0000
++++ xsec/enc/OpenSSL/OpenSSLCryptoBase64.hpp
+@@ -66,8 +66,8 @@ class DSIG_EXPORT OpenSSLCryptoBase64 :
+ public :
+
+
+- OpenSSLCryptoBase64() {};
+- virtual ~OpenSSLCryptoBase64() {};
++ OpenSSLCryptoBase64();
++ virtual ~OpenSSLCryptoBase64();
+
+ /** @name Decoding Functions */
+ //@{
+@@ -189,20 +189,20 @@ public :
+ * \brief Get OpenSSL encode context structure
+ */
+
+- EVP_ENCODE_CTX * getOpenSSLEncodeEVP_ENCODE_CTX(void) {return &m_ectx;}
++ EVP_ENCODE_CTX * getOpenSSLEncodeEVP_ENCODE_CTX(void) {return m_ectx;}
+
+ /**
+ * \brief Get OpenSSL encode context structure
+ */
+
+- EVP_ENCODE_CTX * getOpenSSLDecodeEVP_ENCODE_CTX(void) {return &m_dctx;}
++ EVP_ENCODE_CTX * getOpenSSLDecodeEVP_ENCODE_CTX(void) {return m_dctx;}
+
+ //@}
+
+ private :
+
+- EVP_ENCODE_CTX m_ectx; // Encode context
+- EVP_ENCODE_CTX m_dctx; // Decode context
++ EVP_ENCODE_CTX *m_ectx; // Encode context
++ EVP_ENCODE_CTX *m_dctx; // Decode context
+
+ };
+
Index: pkgsrc/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoHash.cpp
diff -u /dev/null pkgsrc/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoHash.cpp:1.1
--- /dev/null Mon Apr 30 05:25:24 2018
+++ pkgsrc/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoHash.cpp Mon Apr 30 05:25:24 2018
@@ -0,0 +1,60 @@
+$NetBSD: patch-xsec_enc_OpenSSL_OpenSSLCryptoHash.cpp,v 1.1 2018/04/30 05:25:24 ryoon Exp $
+
+--- xsec/enc/OpenSSL/OpenSSLCryptoHash.cpp.orig 2012-07-23 16:56:11.000000000 +0000
++++ xsec/enc/OpenSSL/OpenSSLCryptoHash.cpp
+@@ -40,6 +40,7 @@
+
+ OpenSSLCryptoHash::OpenSSLCryptoHash(HashType alg) {
+
++ m_mdctx = EVP_MD_CTX_create();
+ switch (alg) {
+
+ case (XSECCryptoHash::HASH_SHA1) :
+@@ -104,7 +105,7 @@ OpenSSLCryptoHash::OpenSSLCryptoHash(Has
+ "OpenSSL:Hash - Error loading Message Digest");
+ }
+
+- EVP_DigestInit(&m_mdctx, mp_md);
++ EVP_DigestInit(m_mdctx, mp_md);
+ m_hashType = alg;
+
+ }
+@@ -112,7 +113,7 @@ OpenSSLCryptoHash::OpenSSLCryptoHash(Has
+
+ OpenSSLCryptoHash::~OpenSSLCryptoHash() {
+
+- EVP_MD_CTX_cleanup(&m_mdctx);
++ EVP_MD_CTX_free(m_mdctx);
+
+ }
+
+@@ -121,16 +122,16 @@ OpenSSLCryptoHash::~OpenSSLCryptoHash()
+ // Hashing Activities
+ void OpenSSLCryptoHash::reset(void) {
+
+- EVP_MD_CTX_cleanup(&m_mdctx);
+-
+- EVP_DigestInit(&m_mdctx, mp_md);
++ EVP_MD_CTX_free(m_mdctx);
++ m_mdctx = EVP_MD_CTX_new();
++ EVP_DigestInit(m_mdctx, mp_md);
+
+ }
+
+ void OpenSSLCryptoHash::hash(unsigned char * data,
+ unsigned int length) {
+
+- EVP_DigestUpdate(&m_mdctx, data, length);
++ EVP_DigestUpdate(m_mdctx, data, length);
+
+ }
+ unsigned int OpenSSLCryptoHash::finish(unsigned char * hash,
+@@ -140,7 +141,7 @@ unsigned int OpenSSLCryptoHash::finish(u
+
+ // Finish up and copy out hash, returning the length
+
+- EVP_DigestFinal(&m_mdctx, m_mdValue, &m_mdLen);
++ EVP_DigestFinal(m_mdctx, m_mdValue, &m_mdLen);
+
+ // Copy to output buffer
+
Index: pkgsrc/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoHash.hpp
diff -u /dev/null pkgsrc/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoHash.hpp:1.1
--- /dev/null Mon Apr 30 05:25:24 2018
+++ pkgsrc/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoHash.hpp Mon Apr 30 05:25:24 2018
@@ -0,0 +1,22 @@
+$NetBSD: patch-xsec_enc_OpenSSL_OpenSSLCryptoHash.hpp,v 1.1 2018/04/30 05:25:24 ryoon Exp $
+
+--- xsec/enc/OpenSSL/OpenSSLCryptoHash.hpp.orig 2012-07-23 16:56:11.000000000 +0000
++++ xsec/enc/OpenSSL/OpenSSLCryptoHash.hpp
+@@ -138,7 +138,7 @@ public :
+ * \brief Get OpenSSL hash context structure
+ */
+
+- EVP_MD_CTX * getOpenSSLEVP_MD_CTX(void) {return &m_mdctx;}
++ EVP_MD_CTX * getOpenSSLEVP_MD_CTX(void) {return m_mdctx;}
+
+ //@}
+
+@@ -148,7 +148,7 @@ private:
+ // Not implemented constructors
+ OpenSSLCryptoHash();
+
+- EVP_MD_CTX m_mdctx; // Context for digest
++ EVP_MD_CTX *m_mdctx; // Context for digest
+ const EVP_MD * mp_md; // Digest instance
+ unsigned char m_mdValue[EVP_MAX_MD_SIZE]; // Final output
+ unsigned int m_mdLen; // Length of digest
Index: pkgsrc/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoHashHMAC.cpp
diff -u /dev/null pkgsrc/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoHashHMAC.cpp:1.1
--- /dev/null Mon Apr 30 05:25:24 2018
+++ pkgsrc/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoHashHMAC.cpp Mon Apr 30 05:25:24 2018
@@ -0,0 +1,61 @@
+$NetBSD: patch-xsec_enc_OpenSSL_OpenSSLCryptoHashHMAC.cpp,v 1.1 2018/04/30 05:25:24 ryoon Exp $
+
+--- xsec/enc/OpenSSL/OpenSSLCryptoHashHMAC.cpp.orig 2012-07-23 16:56:11.000000000 +0000
++++ xsec/enc/OpenSSL/OpenSSLCryptoHashHMAC.cpp
+@@ -43,6 +43,7 @@
+ OpenSSLCryptoHashHMAC::OpenSSLCryptoHashHMAC(HashType alg) {
+
+ // Initialise the digest
++ m_hctx = HMAC_CTX_new();
+
+ switch (alg) {
+
+@@ -127,7 +128,7 @@ void OpenSSLCryptoHashHMAC::setKey(XSECC
+ m_keyLen = ((XSECCryptoKeyHMAC *) key)->getKey(m_keyBuf);
+
+
+- HMAC_Init(&m_hctx,
++ HMAC_Init(m_hctx,
+ m_keyBuf.rawBuffer(),
+ m_keyLen,
+ mp_md);
+@@ -139,7 +140,7 @@ void OpenSSLCryptoHashHMAC::setKey(XSECC
+ OpenSSLCryptoHashHMAC::~OpenSSLCryptoHashHMAC() {
+
+ if (m_initialised)
+- HMAC_CTX_cleanup(&m_hctx);
++ HMAC_CTX_free(m_hctx);
+
+ }
+
+@@ -151,9 +152,9 @@ void OpenSSLCryptoHashHMAC::reset(void)
+
+ if (m_initialised) {
+
+- HMAC_CTX_cleanup(&m_hctx);
+-
+- HMAC_Init(&m_hctx,
++ HMAC_CTX_free(m_hctx);
++ m_hctx = HMAC_CTX_new();
++ HMAC_Init(m_hctx,
+ m_keyBuf.rawBuffer(),
+ m_keyLen,
+ mp_md);
+@@ -170,7 +171,7 @@ void OpenSSLCryptoHashHMAC::hash(unsigne
+ "OpenSSL:HashHMAC - hash called prior to setKey");
+
+
+- HMAC_Update(&m_hctx, data, (int) length);
++ HMAC_Update(m_hctx, data, (int) length);
+
+ }
+
+@@ -181,7 +182,7 @@ unsigned int OpenSSLCryptoHashHMAC::fini
+
+ // Finish up and copy out hash, returning the length
+
+- HMAC_Final(&m_hctx, m_mdValue, &m_mdLen);
++ HMAC_Final(m_hctx, m_mdValue, &m_mdLen);
+
+ // Copy to output buffer
+
Index: pkgsrc/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoHashHMAC.hpp
diff -u /dev/null pkgsrc/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoHashHMAC.hpp:1.1
--- /dev/null Mon Apr 30 05:25:24 2018
+++ pkgsrc/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoHashHMAC.hpp Mon Apr 30 05:25:24 2018
@@ -0,0 +1,22 @@
+$NetBSD: patch-xsec_enc_OpenSSL_OpenSSLCryptoHashHMAC.hpp,v 1.1 2018/04/30 05:25:24 ryoon Exp $
+
+--- xsec/enc/OpenSSL/OpenSSLCryptoHashHMAC.hpp.orig 2012-07-23 16:56:11.000000000 +0000
++++ xsec/enc/OpenSSL/OpenSSLCryptoHashHMAC.hpp
+@@ -162,7 +162,7 @@ public :
+ * \brief Get OpenSSL Hash Context
+ */
+
+- HMAC_CTX * getOpenSSLHMAC_CTX(void) {return &m_hctx;}
++ HMAC_CTX * getOpenSSLHMAC_CTX(void) {return m_hctx;}
+
+ //@}
+
+@@ -175,7 +175,7 @@ private:
+ unsigned char m_mdValue[EVP_MAX_MD_SIZE]; // Final output
+ unsigned int m_mdLen; // Length of digest
+ HashType m_hashType; // What type of hash is this?
+- HMAC_CTX m_hctx; // Context for HMAC
++ HMAC_CTX *m_hctx; // Context for HMAC
+ safeBuffer m_keyBuf; // The loaded key
+ unsigned int m_keyLen; // The loaded key length
+ bool m_initialised;
Index: pkgsrc/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoKeyDSA.cpp
diff -u /dev/null pkgsrc/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoKeyDSA.cpp:1.1
--- /dev/null Mon Apr 30 05:25:24 2018
+++ pkgsrc/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoKeyDSA.cpp Mon Apr 30 05:25:24 2018
@@ -0,0 +1,177 @@
+$NetBSD: patch-xsec_enc_OpenSSL_OpenSSLCryptoKeyDSA.cpp,v 1.1 2018/04/30 05:25:24 ryoon Exp $
+
+--- xsec/enc/OpenSSL/OpenSSLCryptoKeyDSA.cpp.orig 2015-01-29 02:52:17.000000000 +0000
++++ xsec/enc/OpenSSL/OpenSSLCryptoKeyDSA.cpp
+@@ -64,13 +64,15 @@ XSECCryptoKey::KeyType OpenSSLCryptoKeyD
+ if (mp_dsaKey == NULL)
+ return KEY_NONE;
+
+- if (mp_dsaKey->priv_key != NULL && mp_dsaKey->pub_key != NULL)
++ const BIGNUM *pub_key = 0, *priv_key = 0;
++ DSA_get0_key(mp_dsaKey, &pub_key, &priv_key);
++ if (priv_key != NULL && pub_key != NULL)
+ return KEY_DSA_PAIR;
+
+- if (mp_dsaKey->priv_key != NULL)
++ if (priv_key != NULL)
+ return KEY_DSA_PRIVATE;
+
+- if (mp_dsaKey->pub_key != NULL)
++ if (pub_key != NULL)
+ return KEY_DSA_PUBLIC;
+
+ return KEY_NONE;
+@@ -82,7 +84,7 @@ void OpenSSLCryptoKeyDSA::loadPBase64Big
+ if (mp_dsaKey == NULL)
+ mp_dsaKey = DSA_new();
+
+- mp_dsaKey->p = OpenSSLCryptoBase64::b642BN((char *) b64, len);
++ DSA_set0_pqg(mp_dsaKey, OpenSSLCryptoBase64::b642BN((char *) b64, len), 0, 0);
+
+ }
+
+@@ -91,7 +93,7 @@ void OpenSSLCryptoKeyDSA::loadQBase64Big
+ if (mp_dsaKey == NULL)
+ mp_dsaKey = DSA_new();
+
+- mp_dsaKey->q = OpenSSLCryptoBase64::b642BN((char *) b64, len);
++ DSA_set0_pqg(mp_dsaKey, 0, OpenSSLCryptoBase64::b642BN((char *) b64, len), 0);
+
+ }
+
+@@ -100,7 +102,7 @@ void OpenSSLCryptoKeyDSA::loadGBase64Big
+ if (mp_dsaKey == NULL)
+ mp_dsaKey = DSA_new();
+
+- mp_dsaKey->g = OpenSSLCryptoBase64::b642BN((char *) b64, len);
++ DSA_set0_pqg(mp_dsaKey, 0, 0, OpenSSLCryptoBase64::b642BN((char *) b64, len));
+
+ }
+
+@@ -109,7 +111,7 @@ void OpenSSLCryptoKeyDSA::loadYBase64Big
+ if (mp_dsaKey == NULL)
+ mp_dsaKey = DSA_new();
+
+- mp_dsaKey->pub_key = OpenSSLCryptoBase64::b642BN((char *) b64, len);
++ DSA_set0_key(mp_dsaKey, OpenSSLCryptoBase64::b642BN((char *) b64, len), 0);
+
+ }
+
+@@ -130,20 +132,15 @@ OpenSSLCryptoKeyDSA::OpenSSLCryptoKeyDSA
+
+ mp_dsaKey = DSA_new();
+
+- if (k == NULL || k->type != EVP_PKEY_DSA)
++ if (k == NULL || EVP_PKEY_base_id(k) != EVP_PKEY_DSA)
+ return; // Nothing to do with us
+
+-
+- if (k->pkey.dsa->p)
+- mp_dsaKey->p = BN_dup(k->pkey.dsa->p);
+- if (k->pkey.dsa->q)
+- mp_dsaKey->q = BN_dup(k->pkey.dsa->q);
+- if (k->pkey.dsa->g)
+- mp_dsaKey->g = BN_dup(k->pkey.dsa->g);
+- if (k->pkey.dsa->pub_key)
+- mp_dsaKey->pub_key = BN_dup(k->pkey.dsa->pub_key);
+- if (k->pkey.dsa->priv_key)
+- mp_dsaKey->priv_key = BN_dup(k->pkey.dsa->priv_key);
++ DSA *dsa = EVP_PKEY_get0_DSA(k);
++ const BIGNUM *p = 0, *q = 0, *g = 0, *pub_key = 0, *priv_key = 0;
++ DSA_get0_pqg(dsa, &p, &q, &g);
++ DSA_get0_key(dsa, &pub_key, &priv_key);
++ DSA_set0_pqg(mp_dsaKey, BN_dup(p), BN_dup(q), BN_dup(g));
++ DSA_set0_key(mp_dsaKey, BN_dup(pub_key), BN_dup(priv_key));
+
+ }
+
+@@ -175,9 +172,9 @@ bool OpenSSLCryptoKeyDSA::verifyBase64Si
+ unsigned char* sigVal = new unsigned char[sigLen + 1];
+ ArrayJanitor<unsigned char> j_sigVal(sigVal);
+
+- EVP_ENCODE_CTX m_dctx;
+- EVP_DecodeInit(&m_dctx);
+- int rc = EVP_DecodeUpdate(&m_dctx,
++ EVP_ENCODE_CTX *m_dctx = EVP_ENCODE_CTX_new();
++ EVP_DecodeInit(m_dctx);
++ int rc = EVP_DecodeUpdate(m_dctx,
+ sigVal,
+ &sigValLen,
+ (unsigned char *) cleanedBase64Signature,
+@@ -190,7 +187,8 @@ bool OpenSSLCryptoKeyDSA::verifyBase64Si
+ }
+ int t = 0;
+
+- EVP_DecodeFinal(&m_dctx, &sigVal[sigValLen], &t);
++ EVP_DecodeFinal(m_dctx, &sigVal[sigValLen], &t);
++ EVP_ENCODE_CTX_free(m_dctx);
+
+ sigValLen += t;
+
+@@ -223,12 +221,7 @@ bool OpenSSLCryptoKeyDSA::verifyBase64Si
+ }
+
+ DSA_SIG * dsa_sig = DSA_SIG_new();
+-
+- dsa_sig->r = BN_dup(R);
+- dsa_sig->s = BN_dup(S);
+-
+- BN_free(R);
+- BN_free(S);
++ DSA_SIG_set0(dsa_sig, R, S);
+
+ // Now we have a signature and a key - lets check
+
+@@ -267,6 +260,8 @@ unsigned int OpenSSLCryptoKeyDSA::signBa
+ DSA_SIG * dsa_sig;
+
+ dsa_sig = DSA_do_sign(hashBuf, hashLen, mp_dsaKey);
++ const BIGNUM *r = 0, *s = 0;
++ DSA_SIG_get0(dsa_sig, &r, &s);
+
+ if (dsa_sig == NULL) {
+
+@@ -277,10 +272,10 @@ unsigned int OpenSSLCryptoKeyDSA::signBa
+
+ // Now turn the signature into a base64 string
+
+- unsigned char* rawSigBuf = new unsigned char[(BN_num_bits(dsa_sig->r) + BN_num_bits(dsa_sig->s) + 7) / 8];
++ unsigned char* rawSigBuf = new unsigned char[(BN_num_bits(r) + BN_num_bits(s) + 7) / 8];
+ ArrayJanitor<unsigned char> j_sigbuf(rawSigBuf);
+
+- unsigned int rawLen = BN_bn2bin(dsa_sig->r, rawSigBuf);
++ unsigned int rawLen = BN_bn2bin(r, rawSigBuf);
+
+ if (rawLen <= 0) {
+
+@@ -289,7 +284,7 @@ unsigned int OpenSSLCryptoKeyDSA::signBa
+
+ }
+
+- unsigned int rawLenS = BN_bn2bin(dsa_sig->s, (unsigned char *) &rawSigBuf[rawLen]);
++ unsigned int rawLenS = BN_bn2bin(s, (unsigned char *) &rawSigBuf[rawLen]);
+
+ if (rawLenS <= 0) {
+
+@@ -339,16 +334,11 @@ XSECCryptoKey * OpenSSLCryptoKeyDSA::clo
+ ret->mp_dsaKey = DSA_new();
+
+ // Duplicate parameters
+- if (mp_dsaKey->p)
+- ret->mp_dsaKey->p = BN_dup(mp_dsaKey->p);
+- if (mp_dsaKey->q)
+- ret->mp_dsaKey->q = BN_dup(mp_dsaKey->q);
+- if (mp_dsaKey->g)
+- ret->mp_dsaKey->g = BN_dup(mp_dsaKey->g);
+- if (mp_dsaKey->pub_key)
+- ret->mp_dsaKey->pub_key = BN_dup(mp_dsaKey->pub_key);
+- if (mp_dsaKey->priv_key)
+- ret->mp_dsaKey->priv_key = BN_dup(mp_dsaKey->priv_key);
++ const BIGNUM *p = 0, *q = 0, *g = 0, *pub_key = 0, *priv_key = 0;
++ DSA_get0_pqg(mp_dsaKey, &p, &q, &g);
++ DSA_get0_key(mp_dsaKey, &pub_key, &priv_key);
++ DSA_set0_pqg(ret->mp_dsaKey, BN_dup(p), BN_dup(q), BN_dup(g));
++ DSA_set0_key(ret->mp_dsaKey, BN_dup(pub_key), BN_dup(priv_key));
+
+ return ret;
+
Index: pkgsrc/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoKeyEC.cpp
diff -u /dev/null pkgsrc/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoKeyEC.cpp:1.1
--- /dev/null Mon Apr 30 05:25:24 2018
+++ pkgsrc/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoKeyEC.cpp Mon Apr 30 05:25:24 2018
@@ -0,0 +1,80 @@
+$NetBSD: patch-xsec_enc_OpenSSL_OpenSSLCryptoKeyEC.cpp,v 1.1 2018/04/30 05:25:24 ryoon Exp $
+
+--- xsec/enc/OpenSSL/OpenSSLCryptoKeyEC.cpp.orig 2015-02-03 00:57:48.000000000 +0000
++++ xsec/enc/OpenSSL/OpenSSLCryptoKeyEC.cpp
+@@ -128,10 +128,10 @@ OpenSSLCryptoKeyEC::OpenSSLCryptoKeyEC(E
+
+ // Create a new key to be loaded as we go
+
+- if (k == NULL || k->type != EVP_PKEY_EC)
++ if (k == NULL || EVP_PKEY_base_id(k) != EVP_PKEY_EC)
+ return; // Nothing to do with us
+
+- mp_ecKey = EC_KEY_dup(k->pkey.ec);
++ mp_ecKey = EC_KEY_dup(EVP_PKEY_get0_EC_KEY(k));
+ }
+
+ // --------------------------------------------------------------------------------
+@@ -162,9 +162,9 @@ bool OpenSSLCryptoKeyEC::verifyBase64Sig
+ unsigned char* sigVal = new unsigned char[sigLen + 1];
+ ArrayJanitor<unsigned char> j_sigVal(sigVal);
+
+- EVP_ENCODE_CTX m_dctx;
+- EVP_DecodeInit(&m_dctx);
+- int rc = EVP_DecodeUpdate(&m_dctx,
++ EVP_ENCODE_CTX *m_dctx = EVP_ENCODE_CTX_new();
++ EVP_DecodeInit(m_dctx);
++ int rc = EVP_DecodeUpdate(m_dctx,
+ sigVal,
+ &sigValLen,
+ (unsigned char *) cleanedBase64Signature,
+@@ -177,7 +177,8 @@ bool OpenSSLCryptoKeyEC::verifyBase64Sig
+ }
+ int t = 0;
+
+- EVP_DecodeFinal(&m_dctx, &sigVal[sigValLen], &t);
++ EVP_DecodeFinal(m_dctx, &sigVal[sigValLen], &t);
++ EVP_ENCODE_CTX_free(m_dctx);
+
+ sigValLen += t;
+
+@@ -189,8 +190,9 @@ bool OpenSSLCryptoKeyEC::verifyBase64Sig
+ // Translate to BNs by splitting in half, and thence to ECDSA_SIG
+
+ ECDSA_SIG * dsa_sig = ECDSA_SIG_new();
+- dsa_sig->r = BN_bin2bn(sigVal, sigValLen / 2, NULL);
+- dsa_sig->s = BN_bin2bn(&sigVal[sigValLen / 2], sigValLen / 2, NULL);
++ ECDSA_SIG_set0(dsa_sig,
++ BN_bin2bn(sigVal, sigValLen / 2, NULL),
++ BN_bin2bn(&sigVal[sigValLen / 2], sigValLen / 2, NULL));
+
+ // Now we have a signature and a key - lets check
+
+@@ -228,6 +230,8 @@ unsigned int OpenSSLCryptoKeyEC::signBas
+ ECDSA_SIG * dsa_sig;
+
+ dsa_sig = ECDSA_do_sign(hashBuf, hashLen, mp_ecKey);
++ const BIGNUM *r, *s;
++ ECDSA_SIG_get0(dsa_sig, &r, &s);
+
+ if (dsa_sig == NULL) {
+ throw XSECCryptoException(XSECCryptoException::ECError,
+@@ -263,14 +267,14 @@ unsigned int OpenSSLCryptoKeyEC::signBas
+ memset(rawSigBuf, 0, keyLen * 2);
+ ArrayJanitor<unsigned char> j_sigbuf(rawSigBuf);
+
+- unsigned int rawLen = (BN_num_bits(dsa_sig->r) + 7) / 8;
+- if (BN_bn2bin(dsa_sig->r, rawSigBuf + keyLen - rawLen) <= 0) {
++ unsigned int rawLen = (BN_num_bits(r) + 7) / 8;
++ if (BN_bn2bin(r, rawSigBuf + keyLen - rawLen) <= 0) {
+ throw XSECCryptoException(XSECCryptoException::ECError,
+ "OpenSSL:EC - Error copying signature 'r' value to buffer");
+ }
+
+- rawLen = (BN_num_bits(dsa_sig->s) + 7) / 8;
+- if (BN_bn2bin(dsa_sig->s, rawSigBuf + keyLen + keyLen - rawLen) <= 0) {
++ rawLen = (BN_num_bits(s) + 7) / 8;
++ if (BN_bn2bin(s, rawSigBuf + keyLen + keyLen - rawLen) <= 0) {
+ throw XSECCryptoException(XSECCryptoException::ECError,
+ "OpenSSL:EC - Error copying signature 's' value to buffer");
+ }
Index: pkgsrc/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoKeyRSA.cpp
diff -u /dev/null pkgsrc/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoKeyRSA.cpp:1.1
--- /dev/null Mon Apr 30 05:25:24 2018
+++ pkgsrc/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoKeyRSA.cpp Mon Apr 30 05:25:24 2018
@@ -0,0 +1,143 @@
+$NetBSD: patch-xsec_enc_OpenSSL_OpenSSLCryptoKeyRSA.cpp,v 1.1 2018/04/30 05:25:24 ryoon Exp $
+
+--- xsec/enc/OpenSSL/OpenSSLCryptoKeyRSA.cpp.orig 2012-07-23 16:56:11.000000000 +0000
++++ xsec/enc/OpenSSL/OpenSSLCryptoKeyRSA.cpp
+@@ -326,13 +326,15 @@ XSECCryptoKey::KeyType OpenSSLCryptoKeyR
+ if (mp_rsaKey == NULL)
+ return KEY_NONE;
+
+- if (mp_rsaKey->n != NULL && mp_rsaKey->d != NULL)
++ const BIGNUM *n = 0, *e = 0, *d = 0;
++ RSA_get0_key(mp_rsaKey, &n, &e, &d);
++ if (n != NULL && d != NULL)
+ return KEY_RSA_PAIR;
+
+- if (mp_rsaKey->d != NULL)
++ if (d != NULL)
+ return KEY_RSA_PRIVATE;
+
+- if (mp_rsaKey->n != NULL)
++ if (n != NULL)
+ return KEY_RSA_PUBLIC;
+
+ return KEY_NONE;
+@@ -344,7 +346,7 @@ void OpenSSLCryptoKeyRSA::loadPublicModu
+ if (mp_rsaKey == NULL)
+ mp_rsaKey = RSA_new();
+
+- mp_rsaKey->n = OpenSSLCryptoBase64::b642BN((char *) b64, len);
++ RSA_set0_key(mp_rsaKey, OpenSSLCryptoBase64::b642BN((char *) b64, len), 0, 0);
+
+ }
+
+@@ -353,7 +355,7 @@ void OpenSSLCryptoKeyRSA::loadPublicExpo
+ if (mp_rsaKey == NULL)
+ mp_rsaKey = RSA_new();
+
+- mp_rsaKey->e = OpenSSLCryptoBase64::b642BN((char *) b64, len);
++ RSA_set0_key(mp_rsaKey, 0, OpenSSLCryptoBase64::b642BN((char *) b64, len), 0);
+
+ }
+
+@@ -369,32 +371,17 @@ OpenSSLCryptoKeyRSA::OpenSSLCryptoKeyRSA
+
+ mp_rsaKey = RSA_new();
+
+- if (k == NULL || k->type != EVP_PKEY_RSA)
++ if (k == NULL || EVP_PKEY_base_id(k) != EVP_PKEY_RSA)
+ return; // Nothing to do with us
+
+- if (k->pkey.rsa->n)
+- mp_rsaKey->n = BN_dup(k->pkey.rsa->n);
+-
+- if (k->pkey.rsa->e)
+- mp_rsaKey->e = BN_dup(k->pkey.rsa->e);
+-
+- if (k->pkey.rsa->d)
+- mp_rsaKey->d = BN_dup(k->pkey.rsa->d);
+-
+- if (k->pkey.rsa->p)
+- mp_rsaKey->p = BN_dup(k->pkey.rsa->p);
+-
+- if (k->pkey.rsa->q)
+- mp_rsaKey->q = BN_dup(k->pkey.rsa->q);
+-
+- if (k->pkey.rsa->dmp1)
+- mp_rsaKey->dmp1 = BN_dup(k->pkey.rsa->dmp1);
+-
+- if (k->pkey.rsa->dmq1)
+- mp_rsaKey->dmq1 = BN_dup(k->pkey.rsa->dmq1);
+-
+- if (k->pkey.rsa->iqmp)
+- mp_rsaKey->iqmp = BN_dup(k->pkey.rsa->iqmp);
++ RSA *rsa = EVP_PKEY_get0_RSA(k);
++ const BIGNUM *n = 0, *e = 0, *d = 0, *p = 0, *q = 0, *dmp1 = 0, *dmq1 = 0, *iqmp = 0;
++ RSA_get0_key(rsa, &n, &e, &d);
++ RSA_get0_factors(rsa, &p, &q);
++ RSA_get0_crt_params(rsa, &dmp1, &dmq1, &iqmp);
++ RSA_set0_key(mp_rsaKey, BN_dup(n), BN_dup(e), BN_dup(d));
++ RSA_set0_factors(mp_rsaKey, BN_dup(p), BN_dup(q));
++ RSA_set0_crt_params(mp_rsaKey, BN_dup(dmp1), BN_dup(dmq1), BN_dup(iqmp));
+
+ }
+
+@@ -427,9 +414,9 @@ bool OpenSSLCryptoKeyRSA::verifySHA1PKCS
+ unsigned char* sigVal = new unsigned char[sigLen + 1];
+ ArrayJanitor<unsigned char> j_sigVal(sigVal);
+
+- EVP_ENCODE_CTX m_dctx;
+- EVP_DecodeInit(&m_dctx);
+- int rc = EVP_DecodeUpdate(&m_dctx,
++ EVP_ENCODE_CTX *m_dctx = EVP_ENCODE_CTX_new();
++ EVP_DecodeInit(m_dctx);
++ int rc = EVP_DecodeUpdate(m_dctx,
+ sigVal,
+ &sigValLen,
+ (unsigned char *) cleanedBase64Signature,
+@@ -442,7 +429,8 @@ bool OpenSSLCryptoKeyRSA::verifySHA1PKCS
+ }
+ int t = 0;
+
+- EVP_DecodeFinal(&m_dctx, &sigVal[sigValLen], &t);
++ EVP_DecodeFinal(m_dctx, &sigVal[sigValLen], &t);
++ EVP_ENCODE_CTX_free(m_dctx);
+
+ sigValLen += t;
+
+@@ -979,29 +967,13 @@ XSECCryptoKey * OpenSSLCryptoKeyRSA::clo
+
+ // Duplicate parameters
+
+- if (mp_rsaKey->n)
+- ret->mp_rsaKey->n = BN_dup(mp_rsaKey->n);
+-
+- if (mp_rsaKey->e)
+- ret->mp_rsaKey->e = BN_dup(mp_rsaKey->e);
+-
+- if (mp_rsaKey->d)
+- ret->mp_rsaKey->d = BN_dup(mp_rsaKey->d);
+-
+- if (mp_rsaKey->p)
+- ret->mp_rsaKey->p = BN_dup(mp_rsaKey->p);
+-
+- if (mp_rsaKey->q)
+- ret->mp_rsaKey->q = BN_dup(mp_rsaKey->q);
+-
+- if (mp_rsaKey->dmp1)
+- ret->mp_rsaKey->dmp1 = BN_dup(mp_rsaKey->dmp1);
+-
+- if (mp_rsaKey->dmq1)
+- ret->mp_rsaKey->dmq1 = BN_dup(mp_rsaKey->dmq1);
+-
+- if (mp_rsaKey->iqmp)
+- ret->mp_rsaKey->iqmp = BN_dup(mp_rsaKey->iqmp);
++ const BIGNUM *n = 0, *e = 0, *d = 0, *p = 0, *q = 0, *dmp1 = 0, *dmq1 = 0, *iqmp = 0;
++ RSA_get0_key(mp_rsaKey, &n, &e, &d);
++ RSA_get0_factors(mp_rsaKey, &p, &q);
++ RSA_get0_crt_params(mp_rsaKey, &dmp1, &dmq1, &iqmp);
++ RSA_set0_key(ret->mp_rsaKey, BN_dup(n), BN_dup(e), BN_dup(d));
++ RSA_set0_factors(ret->mp_rsaKey, BN_dup(p), BN_dup(q));
++ RSA_set0_crt_params(ret->mp_rsaKey, BN_dup(dmp1), BN_dup(dmq1), BN_dup(iqmp));
+
+ return ret;
+
Index: pkgsrc/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoProvider.cpp
diff -u /dev/null pkgsrc/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoProvider.cpp:1.1
--- /dev/null Mon Apr 30 05:25:24 2018
+++ pkgsrc/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoProvider.cpp Mon Apr 30 05:25:24 2018
@@ -0,0 +1,13 @@
+$NetBSD: patch-xsec_enc_OpenSSL_OpenSSLCryptoProvider.cpp,v 1.1 2018/04/30 05:25:24 ryoon Exp $
+
+--- xsec/enc/OpenSSL/OpenSSLCryptoProvider.cpp.orig 2012-07-23 16:56:11.000000000 +0000
++++ xsec/enc/OpenSSL/OpenSSLCryptoProvider.cpp
+@@ -343,7 +343,7 @@ XSECCryptoKey* OpenSSLCryptoProvider::ke
+ if (pkey) {
+ XSECCryptoKey* ret = NULL;
+ try {
+- switch (pkey->type) {
++ switch (EVP_PKEY_base_id(pkey)) {
+ case EVP_PKEY_RSA:
+ ret = new OpenSSLCryptoKeyRSA(pkey);
+ break;
Index: pkgsrc/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoSymmetricKey.cpp
diff -u /dev/null pkgsrc/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoSymmetricKey.cpp:1.1
--- /dev/null Mon Apr 30 05:25:24 2018
+++ pkgsrc/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoSymmetricKey.cpp Mon Apr 30 05:25:24 2018
@@ -0,0 +1,311 @@
+$NetBSD: patch-xsec_enc_OpenSSL_OpenSSLCryptoSymmetricKey.cpp,v 1.1 2018/04/30 05:25:24 ryoon Exp $
+
+--- xsec/enc/OpenSSL/OpenSSLCryptoSymmetricKey.cpp.orig 2015-01-29 02:52:17.000000000 +0000
++++ xsec/enc/OpenSSL/OpenSSLCryptoSymmetricKey.cpp
+@@ -56,7 +56,8 @@ m_tagBuf(""),
+ m_keyLen(0),
+ m_initialised(false) {
+
+- EVP_CIPHER_CTX_init(&m_ctx);
++ m_ctx = EVP_CIPHER_CTX_new();
++ EVP_CIPHER_CTX_init(m_ctx);
+ m_keyBuf.isSensitive();
+
+ }
+@@ -65,7 +66,7 @@ OpenSSLCryptoSymmetricKey::~OpenSSLCrypt
+
+ // Clean up the context
+
+- EVP_CIPHER_CTX_cleanup(&m_ctx);
++ EVP_CIPHER_CTX_free(m_ctx);
+ }
+
+ // --------------------------------------------------------------------------------
+@@ -149,17 +150,17 @@ int OpenSSLCryptoSymmetricKey::decryptCt
+ with 0.9.6 */
+
+ #if defined(XSEC_OPENSSL_CONST_BUFFERS)
+- EVP_DecryptInit(&m_ctx, EVP_des_ede3_cbc(),m_keyBuf.rawBuffer(), iv);
++ EVP_DecryptInit(m_ctx, EVP_des_ede3_cbc(),m_keyBuf.rawBuffer(), iv);
+ #else
+- EVP_DecryptInit(&m_ctx, EVP_des_ede3_cbc(),(unsigned char *) m_keyBuf.rawBuffer(), (unsigned char *) iv);
++ EVP_DecryptInit(m_ctx, EVP_des_ede3_cbc(),(unsigned char *) m_keyBuf.rawBuffer(), (unsigned char *) iv);
+ #endif
+ m_ivSize = 8;
+ }
+ else if (m_keyMode == MODE_ECB) {
+ #if defined(XSEC_OPENSSL_CONST_BUFFERS)
+- EVP_DecryptInit(&m_ctx, EVP_des_ecb(), m_keyBuf.rawBuffer(), NULL);
++ EVP_DecryptInit(m_ctx, EVP_des_ecb(), m_keyBuf.rawBuffer(), NULL);
+ #else
+- EVP_DecryptInit(&m_ctx, EVP_des_ecb(), (unsigned char *) m_keyBuf.rawBuffer(), NULL);
++ EVP_DecryptInit(m_ctx, EVP_des_ecb(), (unsigned char *) m_keyBuf.rawBuffer(), NULL);
+ #endif
+ m_ivSize = 0;
+ }
+@@ -184,7 +185,7 @@ int OpenSSLCryptoSymmetricKey::decryptCt
+ return 0; // Cannot initialise without an IV
+ }
+
+- EVP_DecryptInit_ex(&m_ctx, EVP_aes_128_cbc(), NULL, m_keyBuf.rawBuffer(), iv);
++ EVP_DecryptInit_ex(m_ctx, EVP_aes_128_cbc(), NULL, m_keyBuf.rawBuffer(), iv);
+
+ }
+ #if defined (XSEC_OPENSSL_HAVE_GCM)
+@@ -207,15 +208,15 @@ int OpenSSLCryptoSymmetricKey::decryptCt
+ }
+
+ // We have everything, so we can fully init.
+- EVP_CipherInit(&m_ctx, EVP_aes_128_gcm(), NULL, NULL, 0);
+- EVP_CIPHER_CTX_ctrl(&m_ctx, EVP_CTRL_GCM_SET_IVLEN, 12, NULL);
+- EVP_CIPHER_CTX_ctrl(&m_ctx, EVP_CTRL_GCM_SET_TAG, 16, (void*)m_tagBuf.rawBuffer());
+- EVP_CipherInit(&m_ctx, NULL, m_keyBuf.rawBuffer(), iv, 0);
++ EVP_CipherInit(m_ctx, EVP_aes_128_gcm(), NULL, NULL, 0);
++ EVP_CIPHER_CTX_ctrl(m_ctx, EVP_CTRL_GCM_SET_IVLEN, 12, NULL);
++ EVP_CIPHER_CTX_ctrl(m_ctx, EVP_CTRL_GCM_SET_TAG, 16, (void*)m_tagBuf.rawBuffer());
++ EVP_CipherInit(m_ctx, NULL, m_keyBuf.rawBuffer(), iv, 0);
+ }
+ #endif
+ else if (m_keyMode == MODE_ECB) {
+
+- EVP_DecryptInit_ex(&m_ctx, EVP_aes_128_ecb(), NULL, m_keyBuf.rawBuffer(), NULL);
++ EVP_DecryptInit_ex(m_ctx, EVP_aes_128_ecb(), NULL, m_keyBuf.rawBuffer(), NULL);
+
+ }
+ else {
+@@ -236,7 +237,7 @@ int OpenSSLCryptoSymmetricKey::decryptCt
+ return 0; // Cannot initialise without an IV
+ }
+
+- EVP_DecryptInit_ex(&m_ctx, EVP_aes_192_cbc(), NULL, m_keyBuf.rawBuffer(), iv);
++ EVP_DecryptInit_ex(m_ctx, EVP_aes_192_cbc(), NULL, m_keyBuf.rawBuffer(), iv);
+
+ }
+ #if defined (XSEC_OPENSSL_HAVE_GCM)
+@@ -259,16 +260,16 @@ int OpenSSLCryptoSymmetricKey::decryptCt
+ }
+
+ // We have everything, so we can fully init.
+- EVP_CipherInit(&m_ctx, EVP_aes_192_gcm(), NULL, NULL, 0);
+- EVP_CIPHER_CTX_ctrl(&m_ctx, EVP_CTRL_GCM_SET_IVLEN, 12, NULL);
+- EVP_CIPHER_CTX_ctrl(&m_ctx, EVP_CTRL_GCM_SET_TAG, 16, (void*)m_tagBuf.rawBuffer());
+- EVP_CipherInit(&m_ctx, NULL, m_keyBuf.rawBuffer(), iv, 0);
++ EVP_CipherInit(m_ctx, EVP_aes_192_gcm(), NULL, NULL, 0);
++ EVP_CIPHER_CTX_ctrl(m_ctx, EVP_CTRL_GCM_SET_IVLEN, 12, NULL);
++ EVP_CIPHER_CTX_ctrl(m_ctx, EVP_CTRL_GCM_SET_TAG, 16, (void*)m_tagBuf.rawBuffer());
++ EVP_CipherInit(m_ctx, NULL, m_keyBuf.rawBuffer(), iv, 0);
+
+ }
+ #endif
+ else if (m_keyMode == MODE_ECB) {
+
+- EVP_DecryptInit_ex(&m_ctx, EVP_aes_192_ecb(), NULL, m_keyBuf.rawBuffer(), NULL);
++ EVP_DecryptInit_ex(m_ctx, EVP_aes_192_ecb(), NULL, m_keyBuf.rawBuffer(), NULL);
+
+ }
+ else {
+@@ -289,7 +290,7 @@ int OpenSSLCryptoSymmetricKey::decryptCt
+ return 0; // Cannot initialise without an IV
+ }
+
+- EVP_DecryptInit_ex(&m_ctx, EVP_aes_256_cbc(), NULL, m_keyBuf.rawBuffer(), iv);
++ EVP_DecryptInit_ex(m_ctx, EVP_aes_256_cbc(), NULL, m_keyBuf.rawBuffer(), iv);
+
+ }
+ #if defined (XSEC_OPENSSL_HAVE_GCM)
+@@ -312,16 +313,16 @@ int OpenSSLCryptoSymmetricKey::decryptCt
+ }
+
+ // We have everything, so we can fully init.
+- EVP_CipherInit(&m_ctx, EVP_aes_256_gcm(), NULL, NULL, 0);
+- EVP_CIPHER_CTX_ctrl(&m_ctx, EVP_CTRL_GCM_SET_IVLEN, 12, NULL);
+- EVP_CIPHER_CTX_ctrl(&m_ctx, EVP_CTRL_GCM_SET_TAG, 16, (void*)m_tagBuf.rawBuffer());
+- EVP_CipherInit(&m_ctx, NULL, m_keyBuf.rawBuffer(), iv, 0);
++ EVP_CipherInit(m_ctx, EVP_aes_256_gcm(), NULL, NULL, 0);
++ EVP_CIPHER_CTX_ctrl(m_ctx, EVP_CTRL_GCM_SET_IVLEN, 12, NULL);
++ EVP_CIPHER_CTX_ctrl(m_ctx, EVP_CTRL_GCM_SET_TAG, 16, (void*)m_tagBuf.rawBuffer());
++ EVP_CipherInit(m_ctx, NULL, m_keyBuf.rawBuffer(), iv, 0);
+
+ }
+ #endif
+ else if (m_keyMode == MODE_ECB) {
+
+- EVP_DecryptInit_ex(&m_ctx, EVP_aes_256_ecb(), NULL, m_keyBuf.rawBuffer(), NULL);
++ EVP_DecryptInit_ex(m_ctx, EVP_aes_256_ecb(), NULL, m_keyBuf.rawBuffer(), NULL);
+
+ }
+ else {
+@@ -371,7 +372,7 @@ int OpenSSLCryptoSymmetricKey::decryptCt
+ // Disable OpenSSL padding - The interop samples have broken PKCS padding - AARGHH
+
+ #if defined (XSEC_OPENSSL_CANSET_PADDING)
+- EVP_CIPHER_CTX_set_padding(&m_ctx, 0);
++ EVP_CIPHER_CTX_set_padding(m_ctx, 0);
+ #endif
+
+ // Return number of bytes chewed up by IV
+@@ -439,9 +440,9 @@ unsigned int OpenSSLCryptoSymmetricKey::
+ }
+
+ #if defined (XSEC_OPENSSL_CONST_BUFFERS)
+- if (EVP_DecryptUpdate(&m_ctx, &plainBuf[m_bytesInLastBlock], &outl, &inBuf[offset], inLength - offset) == 0) {
++ if (EVP_DecryptUpdate(m_ctx, &plainBuf[m_bytesInLastBlock], &outl, &inBuf[offset], inLength - offset) == 0) {
+ #else
+- if (EVP_DecryptUpdate(&m_ctx, &plainBuf[m_bytesInLastBlock], &outl, (unsigned char *) &inBuf[offset], inLength - offset) == 0) {
++ if (EVP_DecryptUpdate(m_ctx, &plainBuf[m_bytesInLastBlock], &outl, (unsigned char *) &inBuf[offset], inLength - offset) == 0) {
+ #endif
+ throw XSECCryptoException(XSECCryptoException::SymmetricError,
+ "OpenSSL:SymmetricKey - Error during OpenSSL decrypt");
+@@ -476,7 +477,7 @@ unsigned int OpenSSLCryptoSymmetricKey::
+
+ #if defined (XSEC_OPENSSL_CANSET_PADDING)
+
+- if (EVP_DecryptFinal(&m_ctx, plainBuf, &outl) == 0) {
++ if (EVP_DecryptFinal(m_ctx, plainBuf, &outl) == 0) {
+
+ throw XSECCryptoException(XSECCryptoException::SymmetricError,
+ "OpenSSL:SymmetricKey - Error during OpenSSL decrypt finalisation");
+@@ -544,7 +545,7 @@ unsigned int OpenSSLCryptoSymmetricKey::
+ We can then clean that up ourselves
+ */
+
+- if (EVP_DecryptUpdate(&m_ctx, &scrPlainBuf[offset], &outl, cipherBuf, m_blockSize) == 0) {
++ if (EVP_DecryptUpdate(m_ctx, &scrPlainBuf[offset], &outl, cipherBuf, m_blockSize) == 0) {
+ throw XSECCryptoException(XSECCryptoException::SymmetricError,
+ "OpenSSL:SymmetricKey - Error cecrypting final block during OpenSSL");
+ }
+@@ -641,16 +642,16 @@ bool OpenSSLCryptoSymmetricKey::encryptI
+ }
+
+ #if defined (XSEC_OPENSSL_CONST_BUFFERS)
+- EVP_EncryptInit(&m_ctx, EVP_des_ede3_cbc(), m_keyBuf.rawBuffer(), usedIV);
++ EVP_EncryptInit(m_ctx, EVP_des_ede3_cbc(), m_keyBuf.rawBuffer(), usedIV);
+ #else
+- EVP_EncryptInit(&m_ctx, EVP_des_ede3_cbc(), (unsigned char *) m_keyBuf.rawBuffer(), (unsigned char *) usedIV);
++ EVP_EncryptInit(m_ctx, EVP_des_ede3_cbc(), (unsigned char *) m_keyBuf.rawBuffer(), (unsigned char *) usedIV);
+ #endif
+ }
+ else if (m_keyMode == MODE_ECB) {
+ #if defined (XSEC_OPENSSL_CONST_BUFFERS)
+- EVP_EncryptInit(&m_ctx, EVP_des_ede3_ecb(), m_keyBuf.rawBuffer(), NULL);
++ EVP_EncryptInit(m_ctx, EVP_des_ede3_ecb(), m_keyBuf.rawBuffer(), NULL);
+ #else
+- EVP_EncryptInit(&m_ctx, EVP_des_ede3(), (unsigned char *) m_keyBuf.rawBuffer(), NULL);
++ EVP_EncryptInit(m_ctx, EVP_des_ede3(), (unsigned char *) m_keyBuf.rawBuffer(), NULL);
+ #endif
+ }
+ else {
+@@ -684,11 +685,11 @@ bool OpenSSLCryptoSymmetricKey::encryptI
+ else
+ usedIV = iv;
+
+- EVP_EncryptInit_ex(&m_ctx, EVP_aes_128_cbc(), NULL, m_keyBuf.rawBuffer(), usedIV);
++ EVP_EncryptInit_ex(m_ctx, EVP_aes_128_cbc(), NULL, m_keyBuf.rawBuffer(), usedIV);
+ }
+ else if (m_keyMode == MODE_ECB) {
+
+- EVP_EncryptInit_ex(&m_ctx, EVP_aes_128_ecb(), NULL, m_keyBuf.rawBuffer(), NULL);
++ EVP_EncryptInit_ex(m_ctx, EVP_aes_128_ecb(), NULL, m_keyBuf.rawBuffer(), NULL);
+
+ }
+ #ifdef XSEC_OPENSSL_HAVE_GCM
+@@ -708,7 +709,7 @@ bool OpenSSLCryptoSymmetricKey::encryptI
+ else
+ usedIV = iv;
+
+- EVP_EncryptInit_ex(&m_ctx, EVP_aes_128_gcm(), NULL, m_keyBuf.rawBuffer(), usedIV);
++ EVP_EncryptInit_ex(m_ctx, EVP_aes_128_gcm(), NULL, m_keyBuf.rawBuffer(), usedIV);
+ }
+ #endif
+ else {
+@@ -739,7 +740,7 @@ bool OpenSSLCryptoSymmetricKey::encryptI
+ else
+ usedIV = iv;
+
+- EVP_EncryptInit_ex(&m_ctx, EVP_aes_192_cbc(), NULL, m_keyBuf.rawBuffer(), usedIV);
++ EVP_EncryptInit_ex(m_ctx, EVP_aes_192_cbc(), NULL, m_keyBuf.rawBuffer(), usedIV);
+
+ }
+ #ifdef XSEC_OPENSSL_HAVE_GCM
+@@ -759,12 +760,12 @@ bool OpenSSLCryptoSymmetricKey::encryptI
+ else
+ usedIV = iv;
+
+- EVP_EncryptInit_ex(&m_ctx, EVP_aes_192_gcm(), NULL, m_keyBuf.rawBuffer(), usedIV);
++ EVP_EncryptInit_ex(m_ctx, EVP_aes_192_gcm(), NULL, m_keyBuf.rawBuffer(), usedIV);
+ }
+ #endif
+ else if (m_keyMode == MODE_ECB) {
+
+- EVP_EncryptInit_ex(&m_ctx, EVP_aes_192_ecb(), NULL, m_keyBuf.rawBuffer(), NULL);
++ EVP_EncryptInit_ex(m_ctx, EVP_aes_192_ecb(), NULL, m_keyBuf.rawBuffer(), NULL);
+ }
+ else {
+ throw XSECCryptoException(XSECCryptoException::SymmetricError,
+@@ -793,7 +794,7 @@ bool OpenSSLCryptoSymmetricKey::encryptI
+ else
+ usedIV = iv;
+
+- EVP_EncryptInit_ex(&m_ctx, EVP_aes_256_cbc(), NULL, m_keyBuf.rawBuffer(), usedIV);
++ EVP_EncryptInit_ex(m_ctx, EVP_aes_256_cbc(), NULL, m_keyBuf.rawBuffer(), usedIV);
+
+ }
+ #ifdef XSEC_OPENSSL_HAVE_GCM
+@@ -813,12 +814,12 @@ bool OpenSSLCryptoSymmetricKey::encryptI
+ else
+ usedIV = iv;
+
+- EVP_EncryptInit_ex(&m_ctx, EVP_aes_256_gcm(), NULL, m_keyBuf.rawBuffer(), usedIV);
++ EVP_EncryptInit_ex(m_ctx, EVP_aes_256_gcm(), NULL, m_keyBuf.rawBuffer(), usedIV);
+ }
+ #endif
+ else if (m_keyMode == MODE_ECB) {
+
+- EVP_EncryptInit_ex(&m_ctx, EVP_aes_256_ecb(), NULL, m_keyBuf.rawBuffer(), NULL);
++ EVP_EncryptInit_ex(m_ctx, EVP_aes_256_ecb(), NULL, m_keyBuf.rawBuffer(), NULL);
+
+ }
+ else {
+@@ -864,10 +865,10 @@ bool OpenSSLCryptoSymmetricKey::encryptI
+ #if defined (XSEC_OPENSSL_CANSET_PADDING)
+ // Setup padding
+ if (m_doPad) {
+- EVP_CIPHER_CTX_set_padding(&m_ctx, 1);
++ EVP_CIPHER_CTX_set_padding(m_ctx, 1);
+ }
+ else {
+- EVP_CIPHER_CTX_set_padding(&m_ctx, 0);
++ EVP_CIPHER_CTX_set_padding(m_ctx, 0);
+ }
+ #endif
+
+@@ -908,9 +909,9 @@ unsigned int OpenSSLCryptoSymmetricKey::
+
+ }
+ #if defined (XSEC_OPENSSL_CONST_BUFFERS)
+- if (EVP_EncryptUpdate(&m_ctx, &cipherBuf[offset], &outl, inBuf, inLength) == 0) {
++ if (EVP_EncryptUpdate(m_ctx, &cipherBuf[offset], &outl, inBuf, inLength) == 0) {
+ #else
+- if (EVP_EncryptUpdate(&m_ctx, &cipherBuf[offset], &outl, (unsigned char *) inBuf, inLength) == 0) {
++ if (EVP_EncryptUpdate(m_ctx, &cipherBuf[offset], &outl, (unsigned char *) inBuf, inLength) == 0) {
+ #endif
+
+ throw XSECCryptoException(XSECCryptoException::SymmetricError,
+@@ -929,7 +930,7 @@ unsigned int OpenSSLCryptoSymmetricKey::
+ int outl = maxOutLength;
+ m_initialised = false;
+
+- if (EVP_EncryptFinal(&m_ctx, cipherBuf, &outl) == 0) {
++ if (EVP_EncryptFinal(m_ctx, cipherBuf, &outl) == 0) {
+
+ throw XSECCryptoException(XSECCryptoException::SymmetricError,
+ "OpenSSLSymmetricKey::encryptFinish - Error during OpenSSL decrypt finalisation");
+@@ -962,7 +963,7 @@ unsigned int OpenSSLCryptoSymmetricKey::
+ }
+ if (m_keyMode == MODE_GCM) {
+ #ifdef XSEC_OPENSSL_HAVE_GCM
+- EVP_CIPHER_CTX_ctrl(&m_ctx, EVP_CTRL_GCM_GET_TAG, taglen, cipherBuf + outl);
++ EVP_CIPHER_CTX_ctrl(m_ctx, EVP_CTRL_GCM_GET_TAG, taglen, cipherBuf + outl);
+ outl += taglen;
+ #else
+ throw XSECCryptoException(XSECCryptoException::SymmetricError,
Index: pkgsrc/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoSymmetricKey.hpp
diff -u /dev/null pkgsrc/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoSymmetricKey.hpp:1.1
--- /dev/null Mon Apr 30 05:25:24 2018
+++ pkgsrc/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoSymmetricKey.hpp Mon Apr 30 05:25:24 2018
@@ -0,0 +1,29 @@
+$NetBSD: patch-xsec_enc_OpenSSL_OpenSSLCryptoSymmetricKey.hpp,v 1.1 2018/04/30 05:25:24 ryoon Exp $
+
+--- xsec/enc/OpenSSL/OpenSSLCryptoSymmetricKey.hpp.orig 2012-07-23 16:56:11.000000000 +0000
++++ xsec/enc/OpenSSL/OpenSSLCryptoSymmetricKey.hpp
+@@ -283,13 +283,13 @@ public :
+ * \brief Get OpenSSL cipher context structure
+ */
+
+- EVP_CIPHER_CTX * getOpenSSLEVP_CIPHER_CTX(void) {return &m_ctx;}
++ EVP_CIPHER_CTX * getOpenSSLEVP_CIPHER_CTX(void) {return m_ctx;}
+
+ /**
+ * \brief Get OpenSSL cipher context structure
+ */
+
+- const EVP_CIPHER_CTX * getOpenSSLEVP_CIPHER_CTX(void) const {return &m_ctx;}
++ const EVP_CIPHER_CTX * getOpenSSLEVP_CIPHER_CTX(void) const {return m_ctx;}
+
+ //@}
+
+@@ -307,7 +307,7 @@ private:
+ // Private variables
+ SymmetricKeyType m_keyType;
+ SymmetricKeyMode m_keyMode;
+- EVP_CIPHER_CTX m_ctx; // OpenSSL Cipher Context structure
++ EVP_CIPHER_CTX *m_ctx; // OpenSSL Cipher Context structure
+ safeBuffer m_keyBuf; // Holder of the key
+ safeBuffer m_tagBuf; // Holder of authentication tag
+ unsigned int m_keyLen;
Index: pkgsrc/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoX509.cpp
diff -u /dev/null pkgsrc/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoX509.cpp:1.1
--- /dev/null Mon Apr 30 05:25:24 2018
+++ pkgsrc/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoX509.cpp Mon Apr 30 05:25:24 2018
@@ -0,0 +1,22 @@
+$NetBSD: patch-xsec_enc_OpenSSL_OpenSSLCryptoX509.cpp,v 1.1 2018/04/30 05:25:24 ryoon Exp $
+
+--- xsec/enc/OpenSSL/OpenSSLCryptoX509.cpp.orig 2012-07-23 16:56:11.000000000 +0000
++++ xsec/enc/OpenSSL/OpenSSLCryptoX509.cpp
+@@ -191,7 +191,7 @@ XSECCryptoKey::KeyType OpenSSLCryptoX509
+
+ XSECCryptoKey::KeyType ret;
+
+- switch (pkey->type) {
++ switch (EVP_PKEY_base_id(pkey)) {
+
+ case EVP_PKEY_DSA :
+
+@@ -241,7 +241,7 @@ XSECCryptoKey * OpenSSLCryptoX509::clone
+ "OpenSSL:X509 - cannot retrieve public key from cert");
+ }
+
+- switch (pkey->type) {
++ switch (EVP_PKEY_base_id(pkey)) {
+
+ case EVP_PKEY_DSA :
+
Index: pkgsrc/security/xml-security-c/patches/patch-xsec_tools_cipher_XencInteropResolver.cpp
diff -u /dev/null pkgsrc/security/xml-security-c/patches/patch-xsec_tools_cipher_XencInteropResolver.cpp:1.1
--- /dev/null Mon Apr 30 05:25:24 2018
+++ pkgsrc/security/xml-security-c/patches/patch-xsec_tools_cipher_XencInteropResolver.cpp Mon Apr 30 05:25:24 2018
@@ -0,0 +1,13 @@
+$NetBSD: patch-xsec_tools_cipher_XencInteropResolver.cpp,v 1.1 2018/04/30 05:25:24 ryoon Exp $
+
+--- xsec/tools/cipher/XencInteropResolver.cpp.orig 2012-07-23 16:56:10.000000000 +0000
++++ xsec/tools/cipher/XencInteropResolver.cpp
+@@ -521,7 +521,7 @@ XSECCryptoKey * XencInteropResolver::res
+ X509 * x509 = OSSLX509->getOpenSSLX509();
+
+ // Check the serial number
+- BIGNUM * bnserial = ASN1_INTEGER_to_BN(x509->cert_info->serialNumber, NULL);
++ BIGNUM * bnserial = ASN1_INTEGER_to_BN(X509_get0_serialNumber(x509), NULL);
+ BN_free(bnserial);
+
+ BIO * rsaFile = createFileBIO(mp_baseURI, "rsa.p8");
Index: pkgsrc/security/xml-security-c/patches/patch-xsec_tools_cipher_cipher.cpp
diff -u /dev/null pkgsrc/security/xml-security-c/patches/patch-xsec_tools_cipher_cipher.cpp:1.1
--- /dev/null Mon Apr 30 05:25:24 2018
+++ pkgsrc/security/xml-security-c/patches/patch-xsec_tools_cipher_cipher.cpp Mon Apr 30 05:25:24 2018
@@ -0,0 +1,13 @@
+$NetBSD: patch-xsec_tools_cipher_cipher.cpp,v 1.1 2018/04/30 05:25:24 ryoon Exp $
+
+--- xsec/tools/cipher/cipher.cpp.orig 2015-01-30 03:55:09.000000000 +0000
++++ xsec/tools/cipher/cipher.cpp
+@@ -517,7 +517,7 @@ int evaluate(int argc, char ** argv) {
+
+ pkey = X509_get_pubkey(x);
+
+- if (pkey == NULL || pkey->type != EVP_PKEY_RSA) {
++ if (pkey == NULL || EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA) {
+ cerr << "Error extracting RSA key from certificate" << endl;
+ }
+
Index: pkgsrc/security/xml-security-c/patches/patch-xsec_tools_templatesign_templatesign.cpp
diff -u /dev/null pkgsrc/security/xml-security-c/patches/patch-xsec_tools_templatesign_templatesign.cpp:1.1
--- /dev/null Mon Apr 30 05:25:24 2018
+++ pkgsrc/security/xml-security-c/patches/patch-xsec_tools_templatesign_templatesign.cpp Mon Apr 30 05:25:24 2018
@@ -0,0 +1,31 @@
+$NetBSD: patch-xsec_tools_templatesign_templatesign.cpp,v 1.1 2018/04/30 05:25:24 ryoon Exp $
+
+--- xsec/tools/templatesign/templatesign.cpp.orig 2015-01-30 03:55:09.000000000 +0000
++++ xsec/tools/templatesign/templatesign.cpp
+@@ -726,7 +726,7 @@ int main(int argc, char **argv) {
+
+ // Check type is correct
+
+- if (pkey->type != EVP_PKEY_DSA) {
++ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_DSA) {
+ cerr << "DSA Key requested, but OpenSSL loaded something else\n";
+ exit (1);
+ }
+@@ -739,7 +739,7 @@ int main(int argc, char **argv) {
+
+ // Check type is correct
+
+- if (pkey->type != EVP_PKEY_EC) {
++ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_EC) {
+ cerr << "EC Key requested, but OpenSSL loaded something else\n";
+ exit (1);
+ }
+@@ -749,7 +749,7 @@ int main(int argc, char **argv) {
+ }
+ # endif
+ else {
+- if (pkey->type != EVP_PKEY_RSA) {
++ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA) {
+ cerr << "RSA Key requested, but OpenSSL loaded something else\n";
+ exit (1);
+ }
Index: pkgsrc/security/xml-security-c/patches/patch-xsec_tools_xklient_xklient.cpp
diff -u /dev/null pkgsrc/security/xml-security-c/patches/patch-xsec_tools_xklient_xklient.cpp:1.1
--- /dev/null Mon Apr 30 05:25:24 2018
+++ pkgsrc/security/xml-security-c/patches/patch-xsec_tools_xklient_xklient.cpp Mon Apr 30 05:25:24 2018
@@ -0,0 +1,557 @@
+$NetBSD: patch-xsec_tools_xklient_xklient.cpp,v 1.1 2018/04/30 05:25:24 ryoon Exp $
+
+--- xsec/tools/xklient/xklient.cpp.orig 2012-07-23 16:56:10.000000000 +0000
++++ xsec/tools/xklient/xklient.cpp
+@@ -284,7 +284,7 @@ XSECCryptoX509 * loadX509(const char * i
+
+ #if defined (XSEC_HAVE_OPENSSL)
+
+-XMLCh * BN2b64(BIGNUM * bn) {
++XMLCh * BN2b64(const BIGNUM * bn) {
+
+ int bytes = BN_num_bytes(bn);
+ unsigned char * binbuf = new unsigned char[bytes + 1];
+@@ -606,7 +606,7 @@ XKMSMessageAbstractType * createLocateRe
+
+ // Check type is correct
+
+- if (pkey->type != EVP_PKEY_DSA) {
++ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_DSA) {
+ cerr << "DSA Key requested, but OpenSSL loaded something else\n";
+ return NULL;
+ }
+@@ -615,10 +615,14 @@ XKMSMessageAbstractType * createLocateRe
+ // Create the XSEC OpenSSL interface
+ key = new OpenSSLCryptoKeyDSA(pkey);
+
+- XMLCh * P = BN2b64(pkey->pkey.dsa->p);
+- XMLCh * Q = BN2b64(pkey->pkey.dsa->q);
+- XMLCh * G = BN2b64(pkey->pkey.dsa->g);
+- XMLCh * Y = BN2b64(pkey->pkey.dsa->pub_key);
++ DSA *dsa = EVP_PKEY_get0_DSA(pkey);
++ const BIGNUM *p, *q, *g, *pub_key;
++ DSA_get0_pqg(dsa, &p, &q, &g);
++ DSA_get0_key(dsa, &pub_key, 0);
++ XMLCh * P = BN2b64(p);
++ XMLCh * Q = BN2b64(q);
++ XMLCh * G = BN2b64(g);
++ XMLCh * Y = BN2b64(pub_key);
+
+ sig->appendDSAKeyValue(P,Q,G,Y);
+
+@@ -628,15 +632,18 @@ XKMSMessageAbstractType * createLocateRe
+ XSEC_RELEASE_XMLCH(Y);
+ }
+ else {
+- if (pkey->type != EVP_PKEY_RSA) {
++ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA) {
+ cerr << "RSA Key requested, but OpenSSL loaded something else\n";
+ exit (1);
+ }
+ sig = lr->addSignature(CANON_C14N_NOC, SIGNATURE_RSA, HASH_SHA1);
+ key = new OpenSSLCryptoKeyRSA(pkey);
+
+- XMLCh * mod = BN2b64(pkey->pkey.rsa->n);
+- XMLCh * exp = BN2b64(pkey->pkey.rsa->e);
++ RSA *rsa = EVP_PKEY_get0_RSA(pkey);
++ const BIGNUM *n, *e;
++ RSA_get0_key(rsa, &n, &e, 0);
++ XMLCh * mod = BN2b64(n);
++ XMLCh * exp = BN2b64(e);
+ sig->appendRSAKeyValue(mod, exp);
+ XSEC_RELEASE_XMLCH(mod);
+ XSEC_RELEASE_XMLCH(exp);
+@@ -878,7 +885,7 @@ XKMSMessageAbstractType * createValidate
+
+ // Check type is correct
+
+- if (pkey->type != EVP_PKEY_DSA) {
++ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_DSA) {
+ cerr << "DSA Key requested, but OpenSSL loaded something else\n";
+ return NULL;
+ }
+@@ -887,10 +894,14 @@ XKMSMessageAbstractType * createValidate
+ // Create the XSEC OpenSSL interface
+ key = new OpenSSLCryptoKeyDSA(pkey);
+
+- XMLCh * P = BN2b64(pkey->pkey.dsa->p);
+- XMLCh * Q = BN2b64(pkey->pkey.dsa->q);
+- XMLCh * G = BN2b64(pkey->pkey.dsa->g);
+- XMLCh * Y = BN2b64(pkey->pkey.dsa->pub_key);
++ DSA *dsa = EVP_PKEY_get0_DSA(pkey);
++ const BIGNUM *p, *q, *g, *pub_key;
++ DSA_get0_pqg(dsa, &p, &q, &g);
++ DSA_get0_key(dsa, &pub_key, 0);
++ XMLCh * P = BN2b64(p);
++ XMLCh * Q = BN2b64(q);
++ XMLCh * G = BN2b64(g);
++ XMLCh * Y = BN2b64(pub_key);
+
+ sig->appendDSAKeyValue(P,Q,G,Y);
+
+@@ -900,15 +911,18 @@ XKMSMessageAbstractType * createValidate
+ XSEC_RELEASE_XMLCH(Y);
+ }
+ else {
+- if (pkey->type != EVP_PKEY_RSA) {
++ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA) {
+ cerr << "RSA Key requested, but OpenSSL loaded something else\n";
+ exit (1);
+ }
+ sig = vr->addSignature(CANON_C14N_NOC, SIGNATURE_RSA, HASH_SHA1);
+ key = new OpenSSLCryptoKeyRSA(pkey);
+
+- XMLCh * mod = BN2b64(pkey->pkey.rsa->n);
+- XMLCh * exp = BN2b64(pkey->pkey.rsa->e);
++ RSA *rsa = EVP_PKEY_get0_RSA(pkey);
++ const BIGNUM *n, *e;
++ RSA_get0_key(rsa, &n, &e, 0);
++ XMLCh * mod = BN2b64(n);
++ XMLCh * exp = BN2b64(e);
+ sig->appendRSAKeyValue(mod, exp);
+ XSEC_RELEASE_XMLCH(mod);
+ XSEC_RELEASE_XMLCH(exp);
+@@ -1229,7 +1243,7 @@ XKMSMessageAbstractType * createRegister
+
+ // Check type is correct
+
+- if (pkey->type != EVP_PKEY_DSA) {
++ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_DSA) {
+ cerr << "DSA Key requested, but OpenSSL loaded something else\n";
+ return NULL;
+ }
+@@ -1238,10 +1252,14 @@ XKMSMessageAbstractType * createRegister
+ // Create the XSEC OpenSSL interface
+ key = new OpenSSLCryptoKeyDSA(pkey);
+
+- XMLCh * P = BN2b64(pkey->pkey.dsa->p);
+- XMLCh * Q = BN2b64(pkey->pkey.dsa->q);
+- XMLCh * G = BN2b64(pkey->pkey.dsa->g);
+- XMLCh * Y = BN2b64(pkey->pkey.dsa->pub_key);
++ DSA *dsa = EVP_PKEY_get0_DSA(pkey);
++ const BIGNUM *p, *q, *g, *pub_key;
++ DSA_get0_pqg(dsa, &p, &q, &g);
++ DSA_get0_key(dsa, &pub_key, 0);
++ XMLCh * P = BN2b64(p);
++ XMLCh * Q = BN2b64(q);
++ XMLCh * G = BN2b64(g);
++ XMLCh * Y = BN2b64(pub_key);
+
+ sig->appendDSAKeyValue(P,Q,G,Y);
+
+@@ -1251,15 +1269,18 @@ XKMSMessageAbstractType * createRegister
+ XSEC_RELEASE_XMLCH(Y);
+ }
+ else {
+- if (pkey->type != EVP_PKEY_RSA) {
++ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA) {
+ cerr << "RSA Key requested, but OpenSSL loaded something else\n";
+ exit (1);
+ }
+ sig = rr->addSignature(CANON_C14N_NOC, SIGNATURE_RSA, HASH_SHA1);
+ key = new OpenSSLCryptoKeyRSA(pkey);
+
+- XMLCh * mod = BN2b64(pkey->pkey.rsa->n);
+- XMLCh * exp = BN2b64(pkey->pkey.rsa->e);
++ RSA *rsa = EVP_PKEY_get0_RSA(pkey);
++ const BIGNUM *n, *e;
++ RSA_get0_key(rsa, &n, &e, 0);
++ XMLCh * mod = BN2b64(n);
++ XMLCh * exp = BN2b64(e);
+ sig->appendRSAKeyValue(mod, exp);
+ XSEC_RELEASE_XMLCH(mod);
+ XSEC_RELEASE_XMLCH(exp);
+@@ -1326,7 +1347,7 @@ XKMSMessageAbstractType * createRegister
+
+ // Check type is correct
+
+- if (pkey->type != EVP_PKEY_DSA) {
++ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_DSA) {
+ cerr << "DSA Key requested, but OpenSSL loaded something else\n";
+ return NULL;
+ }
+@@ -1334,10 +1355,14 @@ XKMSMessageAbstractType * createRegister
+ proofOfPossessionKey = new OpenSSLCryptoKeyDSA(pkey);
+ proofOfPossessionSm = SIGNATURE_DSA;
+
+- XMLCh * P = BN2b64(pkey->pkey.dsa->p);
+- XMLCh * Q = BN2b64(pkey->pkey.dsa->q);
+- XMLCh * G = BN2b64(pkey->pkey.dsa->g);
+- XMLCh * Y = BN2b64(pkey->pkey.dsa->pub_key);
++ DSA *dsa = EVP_PKEY_get0_DSA(pkey);
++ const BIGNUM *p, *q, *g, *pub_key;
++ DSA_get0_pqg(dsa, &p, &q, &g);
++ DSA_get0_key(dsa, &pub_key, 0);
++ XMLCh * P = BN2b64(p);
++ XMLCh * Q = BN2b64(q);
++ XMLCh * G = BN2b64(g);
++ XMLCh * Y = BN2b64(pub_key);
+
+ pkb->appendDSAKeyValue(P,Q,G,Y);
+
+@@ -1347,7 +1372,7 @@ XKMSMessageAbstractType * createRegister
+ XSEC_RELEASE_XMLCH(Y);
+ }
+ else {
+- if (pkey->type != EVP_PKEY_RSA) {
++ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA) {
+ cerr << "RSA Key requested, but OpenSSL loaded something else\n";
+ exit (1);
+ }
+@@ -1355,8 +1380,11 @@ XKMSMessageAbstractType * createRegister
+ proofOfPossessionKey = new OpenSSLCryptoKeyRSA(pkey);
+ proofOfPossessionSm = SIGNATURE_RSA;
+
+- XMLCh * mod = BN2b64(pkey->pkey.rsa->n);
+- XMLCh * exp = BN2b64(pkey->pkey.rsa->e);
++ RSA *rsa = EVP_PKEY_get0_RSA(pkey);
++ const BIGNUM *n, *e;
++ RSA_get0_key(rsa, &n, &e, 0);
++ XMLCh * mod = BN2b64(n);
++ XMLCh * exp = BN2b64(e);
+ pkb->appendRSAKeyValue(mod, exp);
+ XSEC_RELEASE_XMLCH(mod);
+ XSEC_RELEASE_XMLCH(exp);
+@@ -1622,7 +1650,7 @@ XKMSMessageAbstractType * createRevokeRe
+
+ // Check type is correct
+
+- if (pkey->type != EVP_PKEY_DSA) {
++ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_DSA) {
+ cerr << "DSA Key requested, but OpenSSL loaded something else\n";
+ return NULL;
+ }
+@@ -1631,10 +1659,14 @@ XKMSMessageAbstractType * createRevokeRe
+ // Create the XSEC OpenSSL interface
+ key = new OpenSSLCryptoKeyDSA(pkey);
+
+- XMLCh * P = BN2b64(pkey->pkey.dsa->p);
+- XMLCh * Q = BN2b64(pkey->pkey.dsa->q);
+- XMLCh * G = BN2b64(pkey->pkey.dsa->g);
+- XMLCh * Y = BN2b64(pkey->pkey.dsa->pub_key);
++ DSA *dsa = EVP_PKEY_get0_DSA(pkey);
++ const BIGNUM *p, *q, *g, *pub_key;
++ DSA_get0_pqg(dsa, &p, &q, &g);
++ DSA_get0_key(dsa, &pub_key, 0);
++ XMLCh * P = BN2b64(p);
++ XMLCh * Q = BN2b64(q);
++ XMLCh * G = BN2b64(g);
++ XMLCh * Y = BN2b64(pub_key);
+
+ sig->appendDSAKeyValue(P,Q,G,Y);
+
+@@ -1644,15 +1676,18 @@ XKMSMessageAbstractType * createRevokeRe
+ XSEC_RELEASE_XMLCH(Y);
+ }
+ else {
+- if (pkey->type != EVP_PKEY_RSA) {
++ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA) {
+ cerr << "RSA Key requested, but OpenSSL loaded something else\n";
+ exit (1);
+ }
+ sig = rr->addSignature(CANON_C14N_NOC, SIGNATURE_RSA, HASH_SHA1);
+ key = new OpenSSLCryptoKeyRSA(pkey);
+
+- XMLCh * mod = BN2b64(pkey->pkey.rsa->n);
+- XMLCh * exp = BN2b64(pkey->pkey.rsa->e);
++ RSA *rsa = EVP_PKEY_get0_RSA(pkey);
++ const BIGNUM *n, *e;
++ RSA_get0_key(rsa, &n, &e, 0);
++ XMLCh * mod = BN2b64(n);
++ XMLCh * exp = BN2b64(e);
+ sig->appendRSAKeyValue(mod, exp);
+ XSEC_RELEASE_XMLCH(mod);
+ XSEC_RELEASE_XMLCH(exp);
+@@ -1719,15 +1754,19 @@ XKMSMessageAbstractType * createRevokeRe
+
+ // Check type is correct
+
+- if (pkey->type != EVP_PKEY_DSA) {
++ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_DSA) {
+ cerr << "DSA Key requested, but OpenSSL loaded something else\n";
+ return NULL;
+ }
+
+- XMLCh * P = BN2b64(pkey->pkey.dsa->p);
+- XMLCh * Q = BN2b64(pkey->pkey.dsa->q);
+- XMLCh * G = BN2b64(pkey->pkey.dsa->g);
+- XMLCh * Y = BN2b64(pkey->pkey.dsa->pub_key);
++ DSA *dsa = EVP_PKEY_get0_DSA(pkey);
++ const BIGNUM *p, *q, *g, *pub_key;
++ DSA_get0_pqg(dsa, &p, &q, &g);
++ DSA_get0_key(dsa, &pub_key, 0);
++ XMLCh * P = BN2b64(p);
++ XMLCh * Q = BN2b64(q);
++ XMLCh * G = BN2b64(g);
++ XMLCh * Y = BN2b64(pub_key);
+
+ rkb->appendDSAKeyValue(P,Q,G,Y);
+
+@@ -1737,13 +1776,16 @@ XKMSMessageAbstractType * createRevokeRe
+ XSEC_RELEASE_XMLCH(Y);
+ }
+ else {
+- if (pkey->type != EVP_PKEY_RSA) {
++ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA) {
+ cerr << "RSA Key requested, but OpenSSL loaded something else\n";
+ exit (1);
+ }
+
+- XMLCh * mod = BN2b64(pkey->pkey.rsa->n);
+- XMLCh * exp = BN2b64(pkey->pkey.rsa->e);
++ RSA *rsa = EVP_PKEY_get0_RSA(pkey);
++ const BIGNUM *n, *e;
++ RSA_get0_key(rsa, &n, &e, 0);
++ XMLCh * mod = BN2b64(n);
++ XMLCh * exp = BN2b64(e);
+ rkb->appendRSAKeyValue(mod, exp);
+ XSEC_RELEASE_XMLCH(mod);
+ XSEC_RELEASE_XMLCH(exp);
+@@ -1977,7 +2019,7 @@ XKMSMessageAbstractType * createReissueR
+
+ // Check type is correct
+
+- if (pkey->type != EVP_PKEY_DSA) {
++ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_DSA) {
+ cerr << "DSA Key requested, but OpenSSL loaded something else\n";
+ return NULL;
+ }
+@@ -1986,10 +2028,14 @@ XKMSMessageAbstractType * createReissueR
+ // Create the XSEC OpenSSL interface
+ key = new OpenSSLCryptoKeyDSA(pkey);
+
+- XMLCh * P = BN2b64(pkey->pkey.dsa->p);
+- XMLCh * Q = BN2b64(pkey->pkey.dsa->q);
+- XMLCh * G = BN2b64(pkey->pkey.dsa->g);
+- XMLCh * Y = BN2b64(pkey->pkey.dsa->pub_key);
++ DSA *dsa = EVP_PKEY_get0_DSA(pkey);
++ const BIGNUM *p, *q, *g, *pub_key;
++ DSA_get0_pqg(dsa, &p, &q, &g);
++ DSA_get0_key(dsa, &pub_key, 0);
++ XMLCh * P = BN2b64(p);
++ XMLCh * Q = BN2b64(q);
++ XMLCh * G = BN2b64(g);
++ XMLCh * Y = BN2b64(pub_key);
+
+ sig->appendDSAKeyValue(P,Q,G,Y);
+
+@@ -1999,15 +2045,18 @@ XKMSMessageAbstractType * createReissueR
+ XSEC_RELEASE_XMLCH(Y);
+ }
+ else {
+- if (pkey->type != EVP_PKEY_RSA) {
++ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA) {
+ cerr << "RSA Key requested, but OpenSSL loaded something else\n";
+ exit (1);
+ }
+ sig = rr->addSignature(CANON_C14N_NOC, SIGNATURE_RSA, HASH_SHA1);
+ key = new OpenSSLCryptoKeyRSA(pkey);
+
+- XMLCh * mod = BN2b64(pkey->pkey.rsa->n);
+- XMLCh * exp = BN2b64(pkey->pkey.rsa->e);
++ RSA *rsa = EVP_PKEY_get0_RSA(pkey);
++ const BIGNUM *n, *e;
++ RSA_get0_key(rsa, &n, &e, 0);
++ XMLCh * mod = BN2b64(n);
++ XMLCh * exp = BN2b64(e);
+ sig->appendRSAKeyValue(mod, exp);
+ XSEC_RELEASE_XMLCH(mod);
+ XSEC_RELEASE_XMLCH(exp);
+@@ -2074,7 +2123,7 @@ XKMSMessageAbstractType * createReissueR
+
+ // Check type is correct
+
+- if (pkey->type != EVP_PKEY_DSA) {
++ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_DSA) {
+ cerr << "DSA Key requested, but OpenSSL loaded something else\n";
+ return NULL;
+ }
+@@ -2082,10 +2131,14 @@ XKMSMessageAbstractType * createReissueR
+ proofOfPossessionKey = new OpenSSLCryptoKeyDSA(pkey);
+ proofOfPossessionSm = SIGNATURE_DSA;
+
+- XMLCh * P = BN2b64(pkey->pkey.dsa->p);
+- XMLCh * Q = BN2b64(pkey->pkey.dsa->q);
+- XMLCh * G = BN2b64(pkey->pkey.dsa->g);
+- XMLCh * Y = BN2b64(pkey->pkey.dsa->pub_key);
++ DSA *dsa = EVP_PKEY_get0_DSA(pkey);
++ const BIGNUM *p, *q, *g, *pub_key;
++ DSA_get0_pqg(dsa, &p, &q, &g);
++ DSA_get0_key(dsa, &pub_key, 0);
++ XMLCh * P = BN2b64(p);
++ XMLCh * Q = BN2b64(q);
++ XMLCh * G = BN2b64(g);
++ XMLCh * Y = BN2b64(pub_key);
+
+ pkb->appendDSAKeyValue(P,Q,G,Y);
+
+@@ -2095,7 +2148,7 @@ XKMSMessageAbstractType * createReissueR
+ XSEC_RELEASE_XMLCH(Y);
+ }
+ else {
+- if (pkey->type != EVP_PKEY_RSA) {
++ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA) {
+ cerr << "RSA Key requested, but OpenSSL loaded something else\n";
+ exit (1);
+ }
+@@ -2103,8 +2156,11 @@ XKMSMessageAbstractType * createReissueR
+ proofOfPossessionKey = new OpenSSLCryptoKeyRSA(pkey);
+ proofOfPossessionSm = SIGNATURE_RSA;
+
+- XMLCh * mod = BN2b64(pkey->pkey.rsa->n);
+- XMLCh * exp = BN2b64(pkey->pkey.rsa->e);
++ RSA *rsa = EVP_PKEY_get0_RSA(pkey);
++ const BIGNUM *n, *e;
++ RSA_get0_key(rsa, &n, &e, 0);
++ XMLCh * mod = BN2b64(n);
++ XMLCh * exp = BN2b64(e);
+ pkb->appendRSAKeyValue(mod, exp);
+ XSEC_RELEASE_XMLCH(mod);
+ XSEC_RELEASE_XMLCH(exp);
+@@ -2371,7 +2427,7 @@ XKMSMessageAbstractType * createRecoverR
+
+ // Check type is correct
+
+- if (pkey->type != EVP_PKEY_DSA) {
++ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_DSA) {
+ cerr << "DSA Key requested, but OpenSSL loaded something else\n";
+ return NULL;
+ }
+@@ -2380,10 +2436,14 @@ XKMSMessageAbstractType * createRecoverR
+ // Create the XSEC OpenSSL interface
+ key = new OpenSSLCryptoKeyDSA(pkey);
+
+- XMLCh * P = BN2b64(pkey->pkey.dsa->p);
+- XMLCh * Q = BN2b64(pkey->pkey.dsa->q);
+- XMLCh * G = BN2b64(pkey->pkey.dsa->g);
+- XMLCh * Y = BN2b64(pkey->pkey.dsa->pub_key);
++ DSA *dsa = EVP_PKEY_get0_DSA(pkey);
++ const BIGNUM *p, *q, *g, *pub_key;
++ DSA_get0_pqg(dsa, &p, &q, &g);
++ DSA_get0_key(dsa, &pub_key, 0);
++ XMLCh * P = BN2b64(p);
++ XMLCh * Q = BN2b64(q);
++ XMLCh * G = BN2b64(g);
++ XMLCh * Y = BN2b64(pub_key);
+
+ sig->appendDSAKeyValue(P,Q,G,Y);
+
+@@ -2393,15 +2453,18 @@ XKMSMessageAbstractType * createRecoverR
+ XSEC_RELEASE_XMLCH(Y);
+ }
+ else {
+- if (pkey->type != EVP_PKEY_RSA) {
++ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA) {
+ cerr << "RSA Key requested, but OpenSSL loaded something else\n";
+ exit (1);
+ }
+ sig = rr->addSignature(CANON_C14N_NOC, SIGNATURE_RSA, HASH_SHA1);
+ key = new OpenSSLCryptoKeyRSA(pkey);
+
+- XMLCh * mod = BN2b64(pkey->pkey.rsa->n);
+- XMLCh * exp = BN2b64(pkey->pkey.rsa->e);
++ RSA *rsa = EVP_PKEY_get0_RSA(pkey);
++ const BIGNUM *n, *e;
++ RSA_get0_key(rsa, &n, &e, 0);
++ XMLCh * mod = BN2b64(n);
++ XMLCh * exp = BN2b64(e);
+ sig->appendRSAKeyValue(mod, exp);
+ XSEC_RELEASE_XMLCH(mod);
+ XSEC_RELEASE_XMLCH(exp);
+@@ -2468,15 +2531,19 @@ XKMSMessageAbstractType * createRecoverR
+
+ // Check type is correct
+
+- if (pkey->type != EVP_PKEY_DSA) {
++ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_DSA) {
+ cerr << "DSA Key requested, but OpenSSL loaded something else\n";
+ return NULL;
+ }
+
+- XMLCh * P = BN2b64(pkey->pkey.dsa->p);
+- XMLCh * Q = BN2b64(pkey->pkey.dsa->q);
+- XMLCh * G = BN2b64(pkey->pkey.dsa->g);
+- XMLCh * Y = BN2b64(pkey->pkey.dsa->pub_key);
++ DSA *dsa = EVP_PKEY_get0_DSA(pkey);
++ const BIGNUM *p, *q, *g, *pub_key;
++ DSA_get0_pqg(dsa, &p, &q, &g);
++ DSA_get0_key(dsa, &pub_key, 0);
++ XMLCh * P = BN2b64(p);
++ XMLCh * Q = BN2b64(q);
++ XMLCh * G = BN2b64(g);
++ XMLCh * Y = BN2b64(pub_key);
+
+ rkb->appendDSAKeyValue(P,Q,G,Y);
+
+@@ -2486,13 +2553,16 @@ XKMSMessageAbstractType * createRecoverR
+ XSEC_RELEASE_XMLCH(Y);
+ }
+ else {
+- if (pkey->type != EVP_PKEY_RSA) {
++ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA) {
+ cerr << "RSA Key requested, but OpenSSL loaded something else\n";
+ exit (1);
+ }
+
+- XMLCh * mod = BN2b64(pkey->pkey.rsa->n);
+- XMLCh * exp = BN2b64(pkey->pkey.rsa->e);
++ RSA *rsa = EVP_PKEY_get0_RSA(pkey);
++ const BIGNUM *n, *e;
++ RSA_get0_key(rsa, &n, &e, 0);
++ XMLCh * mod = BN2b64(n);
++ XMLCh * exp = BN2b64(e);
+ rkb->appendRSAKeyValue(mod, exp);
+ XSEC_RELEASE_XMLCH(mod);
+ XSEC_RELEASE_XMLCH(exp);
+@@ -3251,14 +3321,17 @@ int doRegisterResultDump(XKMSRegisterRes
+
+ // Create the RSA key file
+ RSA * rsa = RSA_new();
+- rsa->n = OpenSSLCryptoBase64::b642BN(sModulus, (unsigned int) strlen(sModulus));
+- rsa->e = OpenSSLCryptoBase64::b642BN(sExponent, (unsigned int) strlen(sExponent));
+- rsa->d = OpenSSLCryptoBase64::b642BN(sD, (unsigned int) strlen(sD));
+- rsa->p = OpenSSLCryptoBase64::b642BN(sP, (unsigned int) strlen(sP));
+- rsa->q = OpenSSLCryptoBase64::b642BN(sQ, (unsigned int) strlen(sQ));
+- rsa->dmp1 = OpenSSLCryptoBase64::b642BN(sDP, (unsigned int) strlen(sDP));
+- rsa->dmq1 = OpenSSLCryptoBase64::b642BN(sDQ, (unsigned int) strlen(sDQ));
+- rsa->iqmp = OpenSSLCryptoBase64::b642BN(sInverseQ, (unsigned int) strlen(sInverseQ));
++ RSA_set0_key(rsa,
++ OpenSSLCryptoBase64::b642BN(sModulus, (unsigned int) strlen(sModulus)),
++ OpenSSLCryptoBase64::b642BN(sExponent, (unsigned int) strlen(sExponent)),
++ OpenSSLCryptoBase64::b642BN(sD, (unsigned int) strlen(sD)));
++ RSA_set0_factors(rsa,
++ OpenSSLCryptoBase64::b642BN(sP, (unsigned int) strlen(sP)),
++ OpenSSLCryptoBase64::b642BN(sQ, (unsigned int) strlen(sQ)));
++ RSA_set0_crt_params(rsa,
++ OpenSSLCryptoBase64::b642BN(sDP, (unsigned int) strlen(sDP)),
++ OpenSSLCryptoBase64::b642BN(sDQ, (unsigned int) strlen(sDQ)),
++ OpenSSLCryptoBase64::b642BN(sInverseQ, (unsigned int) strlen(sInverseQ)));
+
+ // Write it to disk
+ BIO *out;
+@@ -3367,14 +3440,17 @@ int doRecoverResultDump(XKMSRecoverResul
+
+ // Create the RSA key file
+ RSA * rsa = RSA_new();
+- rsa->n = OpenSSLCryptoBase64::b642BN(sModulus, (unsigned int) strlen(sModulus));
+- rsa->e = OpenSSLCryptoBase64::b642BN(sExponent, (unsigned int) strlen(sExponent));
+- rsa->d = OpenSSLCryptoBase64::b642BN(sD, (unsigned int) strlen(sD));
+- rsa->p = OpenSSLCryptoBase64::b642BN(sP, (unsigned int) strlen(sP));
+- rsa->q = OpenSSLCryptoBase64::b642BN(sQ, (unsigned int) strlen(sQ));
+- rsa->dmp1 = OpenSSLCryptoBase64::b642BN(sDP, (unsigned int) strlen(sDP));
+- rsa->dmq1 = OpenSSLCryptoBase64::b642BN(sDQ, (unsigned int) strlen(sDQ));
+- rsa->iqmp = OpenSSLCryptoBase64::b642BN(sInverseQ, (unsigned int) strlen(sInverseQ));
++ RSA_set0_key(rsa,
++ OpenSSLCryptoBase64::b642BN(sModulus, (unsigned int) strlen(sModulus)),
++ OpenSSLCryptoBase64::b642BN(sExponent, (unsigned int) strlen(sExponent)),
++ OpenSSLCryptoBase64::b642BN(sD, (unsigned int) strlen(sD)));
++ RSA_set0_factors(rsa,
++ OpenSSLCryptoBase64::b642BN(sP, (unsigned int) strlen(sP)),
++ OpenSSLCryptoBase64::b642BN(sQ, (unsigned int) strlen(sQ)));
++ RSA_set0_crt_params(rsa,
++ OpenSSLCryptoBase64::b642BN(sDP, (unsigned int) strlen(sDP)),
++ OpenSSLCryptoBase64::b642BN(sDQ, (unsigned int) strlen(sDQ)),
++ OpenSSLCryptoBase64::b642BN(sInverseQ, (unsigned int) strlen(sInverseQ)));
+
+ // Write it to disk
+ BIO *out;
Home |
Main Index |
Thread Index |
Old Index