pkgsrc-Changes archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

CVS commit: pkgsrc/security/xml-security-c



Module Name:    pkgsrc
Committed By:   ryoon
Date:           Mon Apr 30 05:25:24 UTC 2018

Modified Files:
        pkgsrc/security/xml-security-c: Makefile distinfo
        pkgsrc/security/xml-security-c/patches:
            patch-xsec_tools_checksig_InteropResolver.cpp
Added Files:
        pkgsrc/security/xml-security-c/patches:
            patch-xsec_enc_OpenSSL_OpenSSLCryptoBase64.cpp
            patch-xsec_enc_OpenSSL_OpenSSLCryptoBase64.hpp
            patch-xsec_enc_OpenSSL_OpenSSLCryptoHash.cpp
            patch-xsec_enc_OpenSSL_OpenSSLCryptoHash.hpp
            patch-xsec_enc_OpenSSL_OpenSSLCryptoHashHMAC.cpp
            patch-xsec_enc_OpenSSL_OpenSSLCryptoHashHMAC.hpp
            patch-xsec_enc_OpenSSL_OpenSSLCryptoKeyDSA.cpp
            patch-xsec_enc_OpenSSL_OpenSSLCryptoKeyEC.cpp
            patch-xsec_enc_OpenSSL_OpenSSLCryptoKeyRSA.cpp
            patch-xsec_enc_OpenSSL_OpenSSLCryptoProvider.cpp
            patch-xsec_enc_OpenSSL_OpenSSLCryptoSymmetricKey.cpp
            patch-xsec_enc_OpenSSL_OpenSSLCryptoSymmetricKey.hpp
            patch-xsec_enc_OpenSSL_OpenSSLCryptoX509.cpp
            patch-xsec_tools_cipher_XencInteropResolver.cpp
            patch-xsec_tools_cipher_cipher.cpp
            patch-xsec_tools_templatesign_templatesign.cpp
            patch-xsec_tools_xklient_xklient.cpp

Log Message:
Fix build with OpenSSL 1.1

* From Fedora's xml-security-c-1.7.3_openssl1.1.patch
* Use OpenSSL 1.1 with BUILDLINK_API_DEPENDS


To generate a diff of this commit:
cvs rdiff -u -r1.17 -r1.18 pkgsrc/security/xml-security-c/Makefile
cvs rdiff -u -r1.8 -r1.9 pkgsrc/security/xml-security-c/distinfo
cvs rdiff -u -r0 -r1.1 \
    pkgsrc/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoBase64.cpp \
    pkgsrc/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoBase64.hpp \
    pkgsrc/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoHash.cpp \
    pkgsrc/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoHash.hpp \
    pkgsrc/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoHashHMAC.cpp \
    pkgsrc/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoHashHMAC.hpp \
    pkgsrc/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoKeyDSA.cpp \
    pkgsrc/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoKeyEC.cpp \
    pkgsrc/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoKeyRSA.cpp \
    pkgsrc/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoProvider.cpp \
    pkgsrc/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoSymmetricKey.cpp \
    pkgsrc/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoSymmetricKey.hpp \
    pkgsrc/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoX509.cpp \
    pkgsrc/security/xml-security-c/patches/patch-xsec_tools_cipher_XencInteropResolver.cpp \
    pkgsrc/security/xml-security-c/patches/patch-xsec_tools_cipher_cipher.cpp \
    pkgsrc/security/xml-security-c/patches/patch-xsec_tools_templatesign_templatesign.cpp \
    pkgsrc/security/xml-security-c/patches/patch-xsec_tools_xklient_xklient.cpp
cvs rdiff -u -r1.1 -r1.2 \
    pkgsrc/security/xml-security-c/patches/patch-xsec_tools_checksig_InteropResolver.cpp

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/security/xml-security-c/Makefile
diff -u pkgsrc/security/xml-security-c/Makefile:1.17 pkgsrc/security/xml-security-c/Makefile:1.18
--- pkgsrc/security/xml-security-c/Makefile:1.17        Sun Sep 17 09:33:59 2017
+++ pkgsrc/security/xml-security-c/Makefile     Mon Apr 30 05:25:24 2018
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.17 2017/09/17 09:33:59 abs Exp $
+# $NetBSD: Makefile,v 1.18 2018/04/30 05:25:24 ryoon Exp $
 
 DISTNAME=      xml-security-c-1.7.3
 CATEGORIES=    security devel
@@ -15,7 +15,7 @@ USE_TOOLS+=   gmake pkg-config
 GNU_CONFIGURE= yes
 CONFIGURE_ENV+=        XERCESCROOT="${BUILDLINK_PREFIX.xerces-c}"
 
-BUILDLINK_API_DEPENDS.openssl+= openssl>=0.9.7
+BUILDLINK_API_DEPENDS.openssl+= openssl>=1.1
 .include "../../security/openssl/buildlink3.mk"
 .include "../../textproc/xerces-c/buildlink3.mk"
 .include "../../mk/bsd.pkg.mk"

Index: pkgsrc/security/xml-security-c/distinfo
diff -u pkgsrc/security/xml-security-c/distinfo:1.8 pkgsrc/security/xml-security-c/distinfo:1.9
--- pkgsrc/security/xml-security-c/distinfo:1.8 Sat Sep 23 15:30:01 2017
+++ pkgsrc/security/xml-security-c/distinfo     Mon Apr 30 05:25:24 2018
@@ -1,8 +1,25 @@
-$NetBSD: distinfo,v 1.8 2017/09/23 15:30:01 joerg Exp $
+$NetBSD: distinfo,v 1.9 2018/04/30 05:25:24 ryoon Exp $
 
 SHA1 (xml-security-c-1.7.3.tar.gz) = bcbe98e0bd3695a0b961a223cce53e2f35c4681b
 RMD160 (xml-security-c-1.7.3.tar.gz) = f0c9c3668a3ff2e13647909b926e20fdba828ad2
 SHA512 (xml-security-c-1.7.3.tar.gz) = ea46709d6706edf345e19132d9998774e50dc7b5947a7b4a55e3627998f5ac66f976fdff0a5015ef3cee73c03c04f3c4cf993efd397082491c2000c6548b89d2
 Size (xml-security-c-1.7.3.tar.gz) = 909320 bytes
 SHA1 (patch-xsec_Makefile.in) = f610c63b888f8f744a5de5b47975eb7dc4aee55b
-SHA1 (patch-xsec_tools_checksig_InteropResolver.cpp) = bdc668a7f0212113d0efbaf189e7021a44108e26
+SHA1 (patch-xsec_enc_OpenSSL_OpenSSLCryptoBase64.cpp) = b66c6be973b29e02657c2eaffe331f311a8c7214
+SHA1 (patch-xsec_enc_OpenSSL_OpenSSLCryptoBase64.hpp) = ceb72c460f7ee9341047b1517306bf02cb8c3756
+SHA1 (patch-xsec_enc_OpenSSL_OpenSSLCryptoHash.cpp) = b8614ee4f947b88988b3e9b40fc35a080145ac2f
+SHA1 (patch-xsec_enc_OpenSSL_OpenSSLCryptoHash.hpp) = 19628ec1aefa7e62ffec19e99968a97295717d1b
+SHA1 (patch-xsec_enc_OpenSSL_OpenSSLCryptoHashHMAC.cpp) = fc1aa0983bc7eb72b75f8d1f35637a2d3376ec54
+SHA1 (patch-xsec_enc_OpenSSL_OpenSSLCryptoHashHMAC.hpp) = 1ae06a624875c97598b1d88f6260d8e49b311566
+SHA1 (patch-xsec_enc_OpenSSL_OpenSSLCryptoKeyDSA.cpp) = 7a483f89b19cdcf3993c7940d3bc50afba2aa186
+SHA1 (patch-xsec_enc_OpenSSL_OpenSSLCryptoKeyEC.cpp) = 6e8415da5b6a9cb9f093f66cfd490a96625a7fbb
+SHA1 (patch-xsec_enc_OpenSSL_OpenSSLCryptoKeyRSA.cpp) = 57f7df09f24e0245802cf039471325c640ce849b
+SHA1 (patch-xsec_enc_OpenSSL_OpenSSLCryptoProvider.cpp) = a5eb8e4b636b0bfba71f4c580509d09f43adb5bc
+SHA1 (patch-xsec_enc_OpenSSL_OpenSSLCryptoSymmetricKey.cpp) = dda82e60360708f286af697ac34671cb9e363c83
+SHA1 (patch-xsec_enc_OpenSSL_OpenSSLCryptoSymmetricKey.hpp) = 6d7757997addc269c3c93ef3ddecd97449af6fc4
+SHA1 (patch-xsec_enc_OpenSSL_OpenSSLCryptoX509.cpp) = 1ed63c79f7339ed4a50479766311fc0833a2b63a
+SHA1 (patch-xsec_tools_checksig_InteropResolver.cpp) = f71158bbe946eedc69558789ea39513762a6d8d1
+SHA1 (patch-xsec_tools_cipher_XencInteropResolver.cpp) = b36653313698c6bdf849f948dee2d2d0dafc6d2c
+SHA1 (patch-xsec_tools_cipher_cipher.cpp) = 86c91a43e799f757efd445690de6a5b07c56eefd
+SHA1 (patch-xsec_tools_templatesign_templatesign.cpp) = 9068b2641eeb01dba14895b5514628d10f5f2c5f
+SHA1 (patch-xsec_tools_xklient_xklient.cpp) = ca4deeded395f0094ce91873c0c904385833a103

Index: pkgsrc/security/xml-security-c/patches/patch-xsec_tools_checksig_InteropResolver.cpp
diff -u pkgsrc/security/xml-security-c/patches/patch-xsec_tools_checksig_InteropResolver.cpp:1.1 pkgsrc/security/xml-security-c/patches/patch-xsec_tools_checksig_InteropResolver.cpp:1.2
--- pkgsrc/security/xml-security-c/patches/patch-xsec_tools_checksig_InteropResolver.cpp:1.1    Sat Sep 23 15:30:01 2017
+++ pkgsrc/security/xml-security-c/patches/patch-xsec_tools_checksig_InteropResolver.cpp        Mon Apr 30 05:25:24 2018
@@ -1,10 +1,56 @@
-$NetBSD: patch-xsec_tools_checksig_InteropResolver.cpp,v 1.1 2017/09/23 15:30:01 joerg Exp $
+$NetBSD: patch-xsec_tools_checksig_InteropResolver.cpp,v 1.2 2018/04/30 05:25:24 ryoon Exp $
 
 false is a bad pointer value.
 
---- xsec/tools/checksig/InteropResolver.cpp.orig       2017-09-23 12:23:36.663288313 +0000
+--- xsec/tools/checksig/InteropResolver.cpp.orig       2018-04-10 03:53:05.001719015 +0000
 +++ xsec/tools/checksig/InteropResolver.cpp
-@@ -645,7 +645,7 @@ XSECCryptoKey * InteropResolver::resolve
+@@ -318,7 +318,7 @@ bool InteropResolver::checkMatch(DSIGKey
+                               char * cserial = XMLString::transcode(serial);
+                               char * xserial;
+ 
+-                              BIGNUM * bnserial = ASN1_INTEGER_to_BN(x->cert_info->serialNumber, NULL);
++                              BIGNUM * bnserial = ASN1_INTEGER_to_BN(X509_get0_serialNumber(x), NULL);
+                               xserial = BN_bn2dec(bnserial);
+                               BN_free(bnserial);
+ 
+@@ -360,8 +360,7 @@ bool InteropResolver::checkMatch(DSIGKey
+                               if (xlen != 0) {
+ 
+                                       // Have a buffer with a number in it
+-                                      STACK_OF(X509_EXTENSION) *exts;
+-                                      exts = x->cert_info->extensions;
++                                      const STACK_OF(X509_EXTENSION) *exts = X509_get0_extensions(x);
+ 
+                                       if (exts != NULL) {
+ 
+@@ -379,8 +378,8 @@ bool InteropResolver::checkMatch(DSIGKey
+                                                       memcpy(&octxski[2], xski, xlen);
+                                                       
+                                                       ext = sk_X509_EXTENSION_value(exts,extn);
+-                                                      ASN1_OCTET_STRING *skid = ext->value;
+-                                                      ASN1_OCTET_STRING * xskid = M_ASN1_OCTET_STRING_new();
++                                                      ASN1_OCTET_STRING *skid = X509_EXTENSION_get_data(ext);
++                                                      ASN1_OCTET_STRING * xskid = ASN1_OCTET_STRING_new();
+                                                       ASN1_STRING_set(xskid, octxski, xlen+2);
+                                                       
+                                                       if (ASN1_OCTET_STRING_cmp(xskid, skid) == 0) {
+@@ -602,12 +601,12 @@ XSECCryptoKey * InteropResolver::resolve
+               // Now check if the cert is in the CRL (code lifted from OpenSSL x509_vfy.c
+ 
+         int idx;
+-        X509_REVOKED rtmp;
++        X509_REVOKED *rtmp = X509_REVOKED_new();
+ 
+         /* Look for serial number of certificate in CRL */
+         
+-              rtmp.serialNumber = X509_get_serialNumber(x);
+-        idx = sk_X509_REVOKED_find(c->crl->revoked, &rtmp);
++              X509_REVOKED_set_serialNumber(rtmp, X509_get_serialNumber(x));
++        idx = sk_X509_REVOKED_find(X509_CRL_get_REVOKED(c), rtmp);
+         
+               /* Not found: OK */
+         
+@@ -645,7 +644,7 @@ XSECCryptoKey * InteropResolver::resolve
  
        }
  

Added files:

Index: pkgsrc/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoBase64.cpp
diff -u /dev/null pkgsrc/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoBase64.cpp:1.1
--- /dev/null   Mon Apr 30 05:25:24 2018
+++ pkgsrc/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoBase64.cpp       Mon Apr 30 05:25:24 2018
@@ -0,0 +1,74 @@
+$NetBSD: patch-xsec_enc_OpenSSL_OpenSSLCryptoBase64.cpp,v 1.1 2018/04/30 05:25:24 ryoon Exp $
+
+--- xsec/enc/OpenSSL/OpenSSLCryptoBase64.cpp.orig      2012-07-23 16:56:11.000000000 +0000
++++ xsec/enc/OpenSSL/OpenSSLCryptoBase64.cpp
+@@ -44,6 +44,15 @@
+ 
+ XERCES_CPP_NAMESPACE_USE
+ 
++OpenSSLCryptoBase64::OpenSSLCryptoBase64() {
++      m_ectx = EVP_ENCODE_CTX_new();
++      m_dctx = EVP_ENCODE_CTX_new();
++}
++
++OpenSSLCryptoBase64::~OpenSSLCryptoBase64() {
++      EVP_ENCODE_CTX_free(m_ectx);
++      EVP_ENCODE_CTX_free(m_dctx);
++}
+ 
+ // --------------------------------------------------------------------------------
+ //           Decoding
+@@ -51,7 +60,7 @@ XERCES_CPP_NAMESPACE_USE
+ 
+ void OpenSSLCryptoBase64::decodeInit(void) {
+ 
+-      EVP_DecodeInit(&m_dctx);
++      EVP_DecodeInit(m_dctx);
+ 
+ }
+ 
+@@ -70,7 +79,7 @@ unsigned int OpenSSLCryptoBase64::decode
+ 
+       }
+ 
+-      rc = EVP_DecodeUpdate(&m_dctx, 
++      rc = EVP_DecodeUpdate(m_dctx, 
+                                                 outData, 
+                                                 &outLen, 
+                                                 (unsigned char *) inData, 
+@@ -99,7 +108,7 @@ unsigned int OpenSSLCryptoBase64::decode
+       int outLen;
+       outLen = outLength;
+ 
+-      EVP_DecodeFinal(&m_dctx, outData, &outLen); 
++      EVP_DecodeFinal(m_dctx, outData, &outLen); 
+ 
+       return outLen;
+ 
+@@ -111,7 +120,7 @@ unsigned int OpenSSLCryptoBase64::decode
+ 
+ void OpenSSLCryptoBase64::encodeInit(void) {
+ 
+-      EVP_EncodeInit(&m_ectx);
++      EVP_EncodeInit(m_ectx);
+ 
+ }
+ 
+@@ -130,7 +139,7 @@ unsigned int OpenSSLCryptoBase64::encode
+ 
+       }
+ 
+-      EVP_EncodeUpdate(&m_ectx, 
++      EVP_EncodeUpdate(m_ectx, 
+                                         outData, 
+                                         &outLen, 
+                                         (unsigned char *) inData, 
+@@ -153,7 +162,7 @@ unsigned int OpenSSLCryptoBase64::encode
+       int outLen;
+       outLen = outLength;
+ 
+-      EVP_EncodeFinal(&m_ectx, outData, &outLen); 
++      EVP_EncodeFinal(m_ectx, outData, &outLen); 
+ 
+       return outLen;
+ 
Index: pkgsrc/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoBase64.hpp
diff -u /dev/null pkgsrc/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoBase64.hpp:1.1
--- /dev/null   Mon Apr 30 05:25:24 2018
+++ pkgsrc/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoBase64.hpp       Mon Apr 30 05:25:24 2018
@@ -0,0 +1,40 @@
+$NetBSD: patch-xsec_enc_OpenSSL_OpenSSLCryptoBase64.hpp,v 1.1 2018/04/30 05:25:24 ryoon Exp $
+
+--- xsec/enc/OpenSSL/OpenSSLCryptoBase64.hpp.orig      2012-07-23 16:56:11.000000000 +0000
++++ xsec/enc/OpenSSL/OpenSSLCryptoBase64.hpp
+@@ -66,8 +66,8 @@ class DSIG_EXPORT OpenSSLCryptoBase64 : 
+ public :
+ 
+       
+-      OpenSSLCryptoBase64() {};
+-      virtual ~OpenSSLCryptoBase64() {};
++      OpenSSLCryptoBase64();
++      virtual ~OpenSSLCryptoBase64();
+ 
+       /** @name Decoding Functions */
+       //@{
+@@ -189,20 +189,20 @@ public :
+        * \brief Get OpenSSL encode context structure
+        */
+ 
+-      EVP_ENCODE_CTX * getOpenSSLEncodeEVP_ENCODE_CTX(void) {return &m_ectx;}
++      EVP_ENCODE_CTX * getOpenSSLEncodeEVP_ENCODE_CTX(void) {return m_ectx;}
+ 
+       /**
+        * \brief Get OpenSSL encode context structure
+        */
+ 
+-      EVP_ENCODE_CTX * getOpenSSLDecodeEVP_ENCODE_CTX(void) {return &m_dctx;}
++      EVP_ENCODE_CTX * getOpenSSLDecodeEVP_ENCODE_CTX(void) {return m_dctx;}
+ 
+       //@}
+ 
+ private :
+ 
+-      EVP_ENCODE_CTX m_ectx;                          // Encode context
+-      EVP_ENCODE_CTX m_dctx;                          // Decode context
++      EVP_ENCODE_CTX *m_ectx;                         // Encode context
++      EVP_ENCODE_CTX *m_dctx;                         // Decode context
+ 
+ };
+ 
Index: pkgsrc/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoHash.cpp
diff -u /dev/null pkgsrc/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoHash.cpp:1.1
--- /dev/null   Mon Apr 30 05:25:24 2018
+++ pkgsrc/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoHash.cpp Mon Apr 30 05:25:24 2018
@@ -0,0 +1,60 @@
+$NetBSD: patch-xsec_enc_OpenSSL_OpenSSLCryptoHash.cpp,v 1.1 2018/04/30 05:25:24 ryoon Exp $
+
+--- xsec/enc/OpenSSL/OpenSSLCryptoHash.cpp.orig        2012-07-23 16:56:11.000000000 +0000
++++ xsec/enc/OpenSSL/OpenSSLCryptoHash.cpp
+@@ -40,6 +40,7 @@
+ 
+ OpenSSLCryptoHash::OpenSSLCryptoHash(HashType alg) {
+ 
++      m_mdctx = EVP_MD_CTX_create();
+       switch (alg) {
+ 
+       case (XSECCryptoHash::HASH_SHA1) :
+@@ -104,7 +105,7 @@ OpenSSLCryptoHash::OpenSSLCryptoHash(Has
+                       "OpenSSL:Hash - Error loading Message Digest"); 
+       }
+ 
+-      EVP_DigestInit(&m_mdctx, mp_md);
++      EVP_DigestInit(m_mdctx, mp_md);
+       m_hashType = alg;
+ 
+ }
+@@ -112,7 +113,7 @@ OpenSSLCryptoHash::OpenSSLCryptoHash(Has
+ 
+ OpenSSLCryptoHash::~OpenSSLCryptoHash() {
+ 
+-      EVP_MD_CTX_cleanup(&m_mdctx);
++      EVP_MD_CTX_free(m_mdctx);
+ 
+ }
+ 
+@@ -121,16 +122,16 @@ OpenSSLCryptoHash::~OpenSSLCryptoHash() 
+ // Hashing Activities
+ void OpenSSLCryptoHash::reset(void) {
+ 
+-      EVP_MD_CTX_cleanup(&m_mdctx);
+-
+-      EVP_DigestInit(&m_mdctx, mp_md);
++      EVP_MD_CTX_free(m_mdctx);
++      m_mdctx = EVP_MD_CTX_new();
++      EVP_DigestInit(m_mdctx, mp_md);
+ 
+ }
+ 
+ void OpenSSLCryptoHash::hash(unsigned char * data, 
+                                                                unsigned int length) {
+ 
+-      EVP_DigestUpdate(&m_mdctx, data, length);
++      EVP_DigestUpdate(m_mdctx, data, length);
+ 
+ }
+ unsigned int OpenSSLCryptoHash::finish(unsigned char * hash,
+@@ -140,7 +141,7 @@ unsigned int OpenSSLCryptoHash::finish(u
+ 
+       // Finish up and copy out hash, returning the length
+ 
+-      EVP_DigestFinal(&m_mdctx, m_mdValue, &m_mdLen);
++      EVP_DigestFinal(m_mdctx, m_mdValue, &m_mdLen);
+ 
+       // Copy to output buffer
+       
Index: pkgsrc/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoHash.hpp
diff -u /dev/null pkgsrc/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoHash.hpp:1.1
--- /dev/null   Mon Apr 30 05:25:24 2018
+++ pkgsrc/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoHash.hpp Mon Apr 30 05:25:24 2018
@@ -0,0 +1,22 @@
+$NetBSD: patch-xsec_enc_OpenSSL_OpenSSLCryptoHash.hpp,v 1.1 2018/04/30 05:25:24 ryoon Exp $
+
+--- xsec/enc/OpenSSL/OpenSSLCryptoHash.hpp.orig        2012-07-23 16:56:11.000000000 +0000
++++ xsec/enc/OpenSSL/OpenSSLCryptoHash.hpp
+@@ -138,7 +138,7 @@ public :
+        * \brief Get OpenSSL hash context structure
+        */
+ 
+-      EVP_MD_CTX * getOpenSSLEVP_MD_CTX(void) {return &m_mdctx;}
++      EVP_MD_CTX * getOpenSSLEVP_MD_CTX(void) {return m_mdctx;}
+ 
+       //@}
+ 
+@@ -148,7 +148,7 @@ private:
+       // Not implemented constructors
+       OpenSSLCryptoHash();
+ 
+-      EVP_MD_CTX                      m_mdctx;                                                // Context for digest
++      EVP_MD_CTX                      *m_mdctx;                                               // Context for digest
+       const EVP_MD            * mp_md;                                                // Digest instance
+       unsigned char           m_mdValue[EVP_MAX_MD_SIZE];             // Final output
+       unsigned int            m_mdLen;                                                // Length of digest
Index: pkgsrc/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoHashHMAC.cpp
diff -u /dev/null pkgsrc/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoHashHMAC.cpp:1.1
--- /dev/null   Mon Apr 30 05:25:24 2018
+++ pkgsrc/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoHashHMAC.cpp     Mon Apr 30 05:25:24 2018
@@ -0,0 +1,61 @@
+$NetBSD: patch-xsec_enc_OpenSSL_OpenSSLCryptoHashHMAC.cpp,v 1.1 2018/04/30 05:25:24 ryoon Exp $
+
+--- xsec/enc/OpenSSL/OpenSSLCryptoHashHMAC.cpp.orig    2012-07-23 16:56:11.000000000 +0000
++++ xsec/enc/OpenSSL/OpenSSLCryptoHashHMAC.cpp
+@@ -43,6 +43,7 @@
+ OpenSSLCryptoHashHMAC::OpenSSLCryptoHashHMAC(HashType alg) {
+ 
+       // Initialise the digest
++      m_hctx = HMAC_CTX_new();
+ 
+       switch (alg) {
+ 
+@@ -127,7 +128,7 @@ void OpenSSLCryptoHashHMAC::setKey(XSECC
+       m_keyLen = ((XSECCryptoKeyHMAC *) key)->getKey(m_keyBuf);
+ 
+ 
+-      HMAC_Init(&m_hctx, 
++      HMAC_Init(m_hctx, 
+               m_keyBuf.rawBuffer(),
+               m_keyLen,
+               mp_md);
+@@ -139,7 +140,7 @@ void OpenSSLCryptoHashHMAC::setKey(XSECC
+ OpenSSLCryptoHashHMAC::~OpenSSLCryptoHashHMAC() {
+ 
+       if (m_initialised)
+-              HMAC_CTX_cleanup(&m_hctx);
++              HMAC_CTX_free(m_hctx);
+ 
+ }
+ 
+@@ -151,9 +152,9 @@ void OpenSSLCryptoHashHMAC::reset(void) 
+ 
+       if (m_initialised) {
+ 
+-              HMAC_CTX_cleanup(&m_hctx);
+-
+-              HMAC_Init(&m_hctx, 
++              HMAC_CTX_free(m_hctx);
++              m_hctx = HMAC_CTX_new();
++              HMAC_Init(m_hctx, 
+                       m_keyBuf.rawBuffer(),
+                       m_keyLen,
+                       mp_md);
+@@ -170,7 +171,7 @@ void OpenSSLCryptoHashHMAC::hash(unsigne
+                       "OpenSSL:HashHMAC - hash called prior to setKey");
+ 
+ 
+-      HMAC_Update(&m_hctx, data, (int) length);
++      HMAC_Update(m_hctx, data, (int) length);
+ 
+ }
+ 
+@@ -181,7 +182,7 @@ unsigned int OpenSSLCryptoHashHMAC::fini
+ 
+       // Finish up and copy out hash, returning the length
+ 
+-      HMAC_Final(&m_hctx, m_mdValue, &m_mdLen);
++      HMAC_Final(m_hctx, m_mdValue, &m_mdLen);
+ 
+       // Copy to output buffer
+       
Index: pkgsrc/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoHashHMAC.hpp
diff -u /dev/null pkgsrc/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoHashHMAC.hpp:1.1
--- /dev/null   Mon Apr 30 05:25:24 2018
+++ pkgsrc/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoHashHMAC.hpp     Mon Apr 30 05:25:24 2018
@@ -0,0 +1,22 @@
+$NetBSD: patch-xsec_enc_OpenSSL_OpenSSLCryptoHashHMAC.hpp,v 1.1 2018/04/30 05:25:24 ryoon Exp $
+
+--- xsec/enc/OpenSSL/OpenSSLCryptoHashHMAC.hpp.orig    2012-07-23 16:56:11.000000000 +0000
++++ xsec/enc/OpenSSL/OpenSSLCryptoHashHMAC.hpp
+@@ -162,7 +162,7 @@ public :
+        * \brief Get OpenSSL Hash Context
+        */
+ 
+-      HMAC_CTX * getOpenSSLHMAC_CTX(void) {return &m_hctx;}
++      HMAC_CTX * getOpenSSLHMAC_CTX(void) {return m_hctx;}
+ 
+       //@}
+ 
+@@ -175,7 +175,7 @@ private:
+       unsigned char           m_mdValue[EVP_MAX_MD_SIZE];             // Final output
+       unsigned int            m_mdLen;                                                // Length of digest
+       HashType                        m_hashType;                                             // What type of hash is this?
+-      HMAC_CTX                        m_hctx;                                                 // Context for HMAC
++      HMAC_CTX                        *m_hctx;                                                        // Context for HMAC
+       safeBuffer                      m_keyBuf;                                               // The loaded key
+       unsigned int            m_keyLen;                                               // The loaded key length
+       bool                            m_initialised;
Index: pkgsrc/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoKeyDSA.cpp
diff -u /dev/null pkgsrc/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoKeyDSA.cpp:1.1
--- /dev/null   Mon Apr 30 05:25:24 2018
+++ pkgsrc/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoKeyDSA.cpp       Mon Apr 30 05:25:24 2018
@@ -0,0 +1,177 @@
+$NetBSD: patch-xsec_enc_OpenSSL_OpenSSLCryptoKeyDSA.cpp,v 1.1 2018/04/30 05:25:24 ryoon Exp $
+
+--- xsec/enc/OpenSSL/OpenSSLCryptoKeyDSA.cpp.orig      2015-01-29 02:52:17.000000000 +0000
++++ xsec/enc/OpenSSL/OpenSSLCryptoKeyDSA.cpp
+@@ -64,13 +64,15 @@ XSECCryptoKey::KeyType OpenSSLCryptoKeyD
+       if (mp_dsaKey == NULL)
+               return KEY_NONE;
+ 
+-      if (mp_dsaKey->priv_key != NULL && mp_dsaKey->pub_key != NULL)
++      const BIGNUM *pub_key = 0, *priv_key = 0;
++      DSA_get0_key(mp_dsaKey, &pub_key, &priv_key);
++      if (priv_key != NULL && pub_key != NULL)
+               return KEY_DSA_PAIR;
+ 
+-      if (mp_dsaKey->priv_key != NULL)
++      if (priv_key != NULL)
+               return KEY_DSA_PRIVATE;
+ 
+-      if (mp_dsaKey->pub_key != NULL)
++      if (pub_key != NULL)
+               return KEY_DSA_PUBLIC;
+ 
+       return KEY_NONE;
+@@ -82,7 +84,7 @@ void OpenSSLCryptoKeyDSA::loadPBase64Big
+       if (mp_dsaKey == NULL)
+               mp_dsaKey = DSA_new();
+ 
+-      mp_dsaKey->p = OpenSSLCryptoBase64::b642BN((char *) b64, len);
++      DSA_set0_pqg(mp_dsaKey, OpenSSLCryptoBase64::b642BN((char *) b64, len), 0, 0);
+ 
+ }
+ 
+@@ -91,7 +93,7 @@ void OpenSSLCryptoKeyDSA::loadQBase64Big
+       if (mp_dsaKey == NULL)
+               mp_dsaKey = DSA_new();
+ 
+-      mp_dsaKey->q = OpenSSLCryptoBase64::b642BN((char *) b64, len);
++      DSA_set0_pqg(mp_dsaKey, 0, OpenSSLCryptoBase64::b642BN((char *) b64, len), 0);
+ 
+ }
+ 
+@@ -100,7 +102,7 @@ void OpenSSLCryptoKeyDSA::loadGBase64Big
+       if (mp_dsaKey == NULL)
+               mp_dsaKey = DSA_new();
+ 
+-      mp_dsaKey->g = OpenSSLCryptoBase64::b642BN((char *) b64, len);
++      DSA_set0_pqg(mp_dsaKey, 0, 0, OpenSSLCryptoBase64::b642BN((char *) b64, len));
+ 
+ }
+ 
+@@ -109,7 +111,7 @@ void OpenSSLCryptoKeyDSA::loadYBase64Big
+       if (mp_dsaKey == NULL)
+               mp_dsaKey = DSA_new();
+ 
+-      mp_dsaKey->pub_key = OpenSSLCryptoBase64::b642BN((char *) b64, len);
++      DSA_set0_key(mp_dsaKey, OpenSSLCryptoBase64::b642BN((char *) b64, len), 0);
+ 
+ }
+ 
+@@ -130,20 +132,15 @@ OpenSSLCryptoKeyDSA::OpenSSLCryptoKeyDSA
+ 
+       mp_dsaKey = DSA_new();
+ 
+-      if (k == NULL || k->type != EVP_PKEY_DSA)
++      if (k == NULL || EVP_PKEY_base_id(k) != EVP_PKEY_DSA)
+               return; // Nothing to do with us
+ 
+-
+-      if (k->pkey.dsa->p)
+-              mp_dsaKey->p = BN_dup(k->pkey.dsa->p);
+-      if (k->pkey.dsa->q)
+-              mp_dsaKey->q = BN_dup(k->pkey.dsa->q);
+-      if (k->pkey.dsa->g)
+-              mp_dsaKey->g = BN_dup(k->pkey.dsa->g);
+-      if (k->pkey.dsa->pub_key)
+-              mp_dsaKey->pub_key = BN_dup(k->pkey.dsa->pub_key);
+-      if (k->pkey.dsa->priv_key)
+-              mp_dsaKey->priv_key = BN_dup(k->pkey.dsa->priv_key);
++      DSA *dsa = EVP_PKEY_get0_DSA(k);
++      const BIGNUM *p = 0, *q = 0, *g = 0, *pub_key = 0, *priv_key = 0;
++      DSA_get0_pqg(dsa, &p, &q, &g);
++      DSA_get0_key(dsa, &pub_key, &priv_key);
++      DSA_set0_pqg(mp_dsaKey, BN_dup(p), BN_dup(q), BN_dup(g));
++      DSA_set0_key(mp_dsaKey, BN_dup(pub_key), BN_dup(priv_key));
+ 
+ }
+ 
+@@ -175,9 +172,9 @@ bool OpenSSLCryptoKeyDSA::verifyBase64Si
+       unsigned char* sigVal = new unsigned char[sigLen + 1];
+     ArrayJanitor<unsigned char> j_sigVal(sigVal);
+ 
+-      EVP_ENCODE_CTX m_dctx;
+-      EVP_DecodeInit(&m_dctx);
+-      int rc = EVP_DecodeUpdate(&m_dctx,
++      EVP_ENCODE_CTX *m_dctx = EVP_ENCODE_CTX_new();
++      EVP_DecodeInit(m_dctx);
++      int rc = EVP_DecodeUpdate(m_dctx,
+                                                 sigVal,
+                                                 &sigValLen,
+                                                 (unsigned char *) cleanedBase64Signature,
+@@ -190,7 +187,8 @@ bool OpenSSLCryptoKeyDSA::verifyBase64Si
+       }
+       int t = 0;
+ 
+-      EVP_DecodeFinal(&m_dctx, &sigVal[sigValLen], &t);
++      EVP_DecodeFinal(m_dctx, &sigVal[sigValLen], &t);
++      EVP_ENCODE_CTX_free(m_dctx);
+ 
+       sigValLen += t;
+ 
+@@ -223,12 +221,7 @@ bool OpenSSLCryptoKeyDSA::verifyBase64Si
+       }
+ 
+       DSA_SIG * dsa_sig = DSA_SIG_new();
+-
+-      dsa_sig->r = BN_dup(R);
+-      dsa_sig->s = BN_dup(S);
+-
+-      BN_free(R);
+-      BN_free(S);
++      DSA_SIG_set0(dsa_sig, R, S);
+ 
+       // Now we have a signature and a key - lets check
+ 
+@@ -267,6 +260,8 @@ unsigned int OpenSSLCryptoKeyDSA::signBa
+       DSA_SIG * dsa_sig;
+ 
+       dsa_sig = DSA_do_sign(hashBuf, hashLen, mp_dsaKey);
++      const BIGNUM *r = 0, *s = 0;
++      DSA_SIG_get0(dsa_sig, &r, &s);
+ 
+       if (dsa_sig == NULL) {
+ 
+@@ -277,10 +272,10 @@ unsigned int OpenSSLCryptoKeyDSA::signBa
+ 
+       // Now turn the signature into a base64 string
+ 
+-      unsigned char* rawSigBuf = new unsigned char[(BN_num_bits(dsa_sig->r) + BN_num_bits(dsa_sig->s) + 7) / 8];
++      unsigned char* rawSigBuf = new unsigned char[(BN_num_bits(r) + BN_num_bits(s) + 7) / 8];
+     ArrayJanitor<unsigned char> j_sigbuf(rawSigBuf);
+       
+-    unsigned int rawLen = BN_bn2bin(dsa_sig->r, rawSigBuf);
++    unsigned int rawLen = BN_bn2bin(r, rawSigBuf);
+ 
+       if (rawLen <= 0) {
+ 
+@@ -289,7 +284,7 @@ unsigned int OpenSSLCryptoKeyDSA::signBa
+ 
+       }
+ 
+-      unsigned int rawLenS = BN_bn2bin(dsa_sig->s, (unsigned char *) &rawSigBuf[rawLen]);
++      unsigned int rawLenS = BN_bn2bin(s, (unsigned char *) &rawSigBuf[rawLen]);
+ 
+       if (rawLenS <= 0) {
+ 
+@@ -339,16 +334,11 @@ XSECCryptoKey * OpenSSLCryptoKeyDSA::clo
+       ret->mp_dsaKey = DSA_new();
+ 
+       // Duplicate parameters
+-      if (mp_dsaKey->p)
+-              ret->mp_dsaKey->p = BN_dup(mp_dsaKey->p);
+-      if (mp_dsaKey->q)
+-              ret->mp_dsaKey->q = BN_dup(mp_dsaKey->q);
+-      if (mp_dsaKey->g)
+-              ret->mp_dsaKey->g = BN_dup(mp_dsaKey->g);
+-      if (mp_dsaKey->pub_key)
+-              ret->mp_dsaKey->pub_key = BN_dup(mp_dsaKey->pub_key);
+-      if (mp_dsaKey->priv_key)
+-              ret->mp_dsaKey->priv_key = BN_dup(mp_dsaKey->priv_key);
++      const BIGNUM *p = 0, *q = 0, *g = 0, *pub_key = 0, *priv_key = 0;
++      DSA_get0_pqg(mp_dsaKey, &p, &q, &g);
++      DSA_get0_key(mp_dsaKey, &pub_key, &priv_key);
++      DSA_set0_pqg(ret->mp_dsaKey, BN_dup(p), BN_dup(q), BN_dup(g));
++      DSA_set0_key(ret->mp_dsaKey, BN_dup(pub_key), BN_dup(priv_key));
+ 
+       return ret;
+ 
Index: pkgsrc/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoKeyEC.cpp
diff -u /dev/null pkgsrc/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoKeyEC.cpp:1.1
--- /dev/null   Mon Apr 30 05:25:24 2018
+++ pkgsrc/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoKeyEC.cpp        Mon Apr 30 05:25:24 2018
@@ -0,0 +1,80 @@
+$NetBSD: patch-xsec_enc_OpenSSL_OpenSSLCryptoKeyEC.cpp,v 1.1 2018/04/30 05:25:24 ryoon Exp $
+
+--- xsec/enc/OpenSSL/OpenSSLCryptoKeyEC.cpp.orig       2015-02-03 00:57:48.000000000 +0000
++++ xsec/enc/OpenSSL/OpenSSLCryptoKeyEC.cpp
+@@ -128,10 +128,10 @@ OpenSSLCryptoKeyEC::OpenSSLCryptoKeyEC(E
+ 
+       // Create a new key to be loaded as we go
+ 
+-      if (k == NULL || k->type != EVP_PKEY_EC)
++      if (k == NULL || EVP_PKEY_base_id(k) != EVP_PKEY_EC)
+               return; // Nothing to do with us
+ 
+-    mp_ecKey = EC_KEY_dup(k->pkey.ec);
++    mp_ecKey = EC_KEY_dup(EVP_PKEY_get0_EC_KEY(k));
+ }
+ 
+ // --------------------------------------------------------------------------------
+@@ -162,9 +162,9 @@ bool OpenSSLCryptoKeyEC::verifyBase64Sig
+       unsigned char* sigVal = new unsigned char[sigLen + 1];
+     ArrayJanitor<unsigned char> j_sigVal(sigVal);
+ 
+-      EVP_ENCODE_CTX m_dctx;
+-      EVP_DecodeInit(&m_dctx);
+-      int rc = EVP_DecodeUpdate(&m_dctx,
++      EVP_ENCODE_CTX *m_dctx = EVP_ENCODE_CTX_new();
++      EVP_DecodeInit(m_dctx);
++      int rc = EVP_DecodeUpdate(m_dctx,
+                                                 sigVal,
+                                                 &sigValLen,
+                                                 (unsigned char *) cleanedBase64Signature,
+@@ -177,7 +177,8 @@ bool OpenSSLCryptoKeyEC::verifyBase64Sig
+       }
+       int t = 0;
+ 
+-      EVP_DecodeFinal(&m_dctx, &sigVal[sigValLen], &t);
++      EVP_DecodeFinal(m_dctx, &sigVal[sigValLen], &t);
++      EVP_ENCODE_CTX_free(m_dctx);
+ 
+       sigValLen += t;
+ 
+@@ -189,8 +190,9 @@ bool OpenSSLCryptoKeyEC::verifyBase64Sig
+       // Translate to BNs by splitting in half, and thence to ECDSA_SIG
+ 
+       ECDSA_SIG * dsa_sig = ECDSA_SIG_new();
+-      dsa_sig->r = BN_bin2bn(sigVal, sigValLen / 2, NULL);
+-      dsa_sig->s = BN_bin2bn(&sigVal[sigValLen / 2], sigValLen / 2, NULL);
++      ECDSA_SIG_set0(dsa_sig,
++              BN_bin2bn(sigVal, sigValLen / 2, NULL),
++              BN_bin2bn(&sigVal[sigValLen / 2], sigValLen / 2, NULL));
+ 
+       // Now we have a signature and a key - lets check
+ 
+@@ -228,6 +230,8 @@ unsigned int OpenSSLCryptoKeyEC::signBas
+       ECDSA_SIG * dsa_sig;
+ 
+       dsa_sig = ECDSA_do_sign(hashBuf, hashLen, mp_ecKey);
++      const BIGNUM *r, *s;
++      ECDSA_SIG_get0(dsa_sig, &r, &s);
+ 
+       if (dsa_sig == NULL) {
+               throw XSECCryptoException(XSECCryptoException::ECError,
+@@ -263,14 +267,14 @@ unsigned int OpenSSLCryptoKeyEC::signBas
+     memset(rawSigBuf, 0, keyLen * 2);
+     ArrayJanitor<unsigned char> j_sigbuf(rawSigBuf);
+ 
+-    unsigned int rawLen = (BN_num_bits(dsa_sig->r) + 7) / 8;
+-    if (BN_bn2bin(dsa_sig->r, rawSigBuf + keyLen - rawLen) <= 0) {
++    unsigned int rawLen = (BN_num_bits(r) + 7) / 8;
++    if (BN_bn2bin(r, rawSigBuf + keyLen - rawLen) <= 0) {
+               throw XSECCryptoException(XSECCryptoException::ECError,
+                       "OpenSSL:EC - Error copying signature 'r' value to buffer");
+       }
+ 
+-      rawLen = (BN_num_bits(dsa_sig->s) + 7) / 8;
+-    if (BN_bn2bin(dsa_sig->s, rawSigBuf + keyLen + keyLen - rawLen) <= 0) {
++      rawLen = (BN_num_bits(s) + 7) / 8;
++    if (BN_bn2bin(s, rawSigBuf + keyLen + keyLen - rawLen) <= 0) {
+               throw XSECCryptoException(XSECCryptoException::ECError,
+                       "OpenSSL:EC - Error copying signature 's' value to buffer");
+       }
Index: pkgsrc/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoKeyRSA.cpp
diff -u /dev/null pkgsrc/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoKeyRSA.cpp:1.1
--- /dev/null   Mon Apr 30 05:25:24 2018
+++ pkgsrc/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoKeyRSA.cpp       Mon Apr 30 05:25:24 2018
@@ -0,0 +1,143 @@
+$NetBSD: patch-xsec_enc_OpenSSL_OpenSSLCryptoKeyRSA.cpp,v 1.1 2018/04/30 05:25:24 ryoon Exp $
+
+--- xsec/enc/OpenSSL/OpenSSLCryptoKeyRSA.cpp.orig      2012-07-23 16:56:11.000000000 +0000
++++ xsec/enc/OpenSSL/OpenSSLCryptoKeyRSA.cpp
+@@ -326,13 +326,15 @@ XSECCryptoKey::KeyType OpenSSLCryptoKeyR
+       if (mp_rsaKey == NULL)
+               return KEY_NONE;
+ 
+-      if (mp_rsaKey->n != NULL && mp_rsaKey->d != NULL)
++      const BIGNUM *n = 0, *e = 0, *d = 0;
++      RSA_get0_key(mp_rsaKey, &n, &e, &d);
++      if (n != NULL && d != NULL)
+               return KEY_RSA_PAIR;
+ 
+-      if (mp_rsaKey->d != NULL)
++      if (d != NULL)
+               return KEY_RSA_PRIVATE;
+ 
+-      if (mp_rsaKey->n != NULL)
++      if (n != NULL)
+               return KEY_RSA_PUBLIC;
+ 
+       return KEY_NONE;
+@@ -344,7 +346,7 @@ void OpenSSLCryptoKeyRSA::loadPublicModu
+       if (mp_rsaKey == NULL)
+               mp_rsaKey = RSA_new();
+ 
+-      mp_rsaKey->n = OpenSSLCryptoBase64::b642BN((char *) b64, len);
++      RSA_set0_key(mp_rsaKey, OpenSSLCryptoBase64::b642BN((char *) b64, len), 0, 0);
+ 
+ }
+ 
+@@ -353,7 +355,7 @@ void OpenSSLCryptoKeyRSA::loadPublicExpo
+       if (mp_rsaKey == NULL)
+               mp_rsaKey = RSA_new();
+ 
+-      mp_rsaKey->e = OpenSSLCryptoBase64::b642BN((char *) b64, len);
++      RSA_set0_key(mp_rsaKey, 0, OpenSSLCryptoBase64::b642BN((char *) b64, len), 0);
+ 
+ }
+ 
+@@ -369,32 +371,17 @@ OpenSSLCryptoKeyRSA::OpenSSLCryptoKeyRSA
+ 
+       mp_rsaKey = RSA_new();
+ 
+-      if (k == NULL || k->type != EVP_PKEY_RSA)
++      if (k == NULL || EVP_PKEY_base_id(k) != EVP_PKEY_RSA)
+               return; // Nothing to do with us
+ 
+-      if (k->pkey.rsa->n)
+-              mp_rsaKey->n = BN_dup(k->pkey.rsa->n);
+-
+-      if (k->pkey.rsa->e)
+-              mp_rsaKey->e = BN_dup(k->pkey.rsa->e);
+-
+-      if (k->pkey.rsa->d)
+-              mp_rsaKey->d = BN_dup(k->pkey.rsa->d);
+-
+-      if (k->pkey.rsa->p)
+-              mp_rsaKey->p = BN_dup(k->pkey.rsa->p);
+-
+-      if (k->pkey.rsa->q)
+-              mp_rsaKey->q = BN_dup(k->pkey.rsa->q);
+-
+-      if (k->pkey.rsa->dmp1)
+-              mp_rsaKey->dmp1 = BN_dup(k->pkey.rsa->dmp1);
+-
+-      if (k->pkey.rsa->dmq1)
+-              mp_rsaKey->dmq1 = BN_dup(k->pkey.rsa->dmq1);
+-
+-      if (k->pkey.rsa->iqmp)
+-              mp_rsaKey->iqmp = BN_dup(k->pkey.rsa->iqmp);
++      RSA *rsa = EVP_PKEY_get0_RSA(k);
++      const BIGNUM *n = 0, *e = 0, *d = 0, *p = 0, *q = 0, *dmp1 = 0, *dmq1 = 0, *iqmp = 0;
++      RSA_get0_key(rsa, &n, &e, &d);
++      RSA_get0_factors(rsa, &p, &q);
++      RSA_get0_crt_params(rsa, &dmp1, &dmq1, &iqmp);
++      RSA_set0_key(mp_rsaKey, BN_dup(n), BN_dup(e), BN_dup(d));
++      RSA_set0_factors(mp_rsaKey, BN_dup(p), BN_dup(q));
++      RSA_set0_crt_params(mp_rsaKey, BN_dup(dmp1), BN_dup(dmq1), BN_dup(iqmp));
+ 
+ }
+ 
+@@ -427,9 +414,9 @@ bool OpenSSLCryptoKeyRSA::verifySHA1PKCS
+       unsigned char* sigVal = new unsigned char[sigLen + 1];
+     ArrayJanitor<unsigned char> j_sigVal(sigVal);
+ 
+-    EVP_ENCODE_CTX m_dctx;
+-      EVP_DecodeInit(&m_dctx);
+-      int rc = EVP_DecodeUpdate(&m_dctx,
++    EVP_ENCODE_CTX *m_dctx = EVP_ENCODE_CTX_new();
++      EVP_DecodeInit(m_dctx);
++      int rc = EVP_DecodeUpdate(m_dctx,
+                                                 sigVal,
+                                                 &sigValLen,
+                                                 (unsigned char *) cleanedBase64Signature,
+@@ -442,7 +429,8 @@ bool OpenSSLCryptoKeyRSA::verifySHA1PKCS
+       }
+       int t = 0;
+ 
+-      EVP_DecodeFinal(&m_dctx, &sigVal[sigValLen], &t);
++      EVP_DecodeFinal(m_dctx, &sigVal[sigValLen], &t);
++      EVP_ENCODE_CTX_free(m_dctx);
+ 
+       sigValLen += t;
+ 
+@@ -979,29 +967,13 @@ XSECCryptoKey * OpenSSLCryptoKeyRSA::clo
+ 
+       // Duplicate parameters
+ 
+-      if (mp_rsaKey->n)
+-              ret->mp_rsaKey->n = BN_dup(mp_rsaKey->n);
+-
+-      if (mp_rsaKey->e)
+-              ret->mp_rsaKey->e = BN_dup(mp_rsaKey->e);
+-
+-      if (mp_rsaKey->d)
+-              ret->mp_rsaKey->d = BN_dup(mp_rsaKey->d);
+-
+-      if (mp_rsaKey->p)
+-              ret->mp_rsaKey->p = BN_dup(mp_rsaKey->p);
+-
+-      if (mp_rsaKey->q)
+-              ret->mp_rsaKey->q = BN_dup(mp_rsaKey->q);
+-
+-      if (mp_rsaKey->dmp1)
+-              ret->mp_rsaKey->dmp1 = BN_dup(mp_rsaKey->dmp1);
+-
+-      if (mp_rsaKey->dmq1)
+-              ret->mp_rsaKey->dmq1 = BN_dup(mp_rsaKey->dmq1);
+-
+-      if (mp_rsaKey->iqmp)
+-              ret->mp_rsaKey->iqmp = BN_dup(mp_rsaKey->iqmp);
++      const BIGNUM *n = 0, *e = 0, *d = 0, *p = 0, *q = 0, *dmp1 = 0, *dmq1 = 0, *iqmp = 0;
++      RSA_get0_key(mp_rsaKey, &n, &e, &d);
++      RSA_get0_factors(mp_rsaKey, &p, &q);
++      RSA_get0_crt_params(mp_rsaKey, &dmp1, &dmq1, &iqmp);
++      RSA_set0_key(ret->mp_rsaKey, BN_dup(n), BN_dup(e), BN_dup(d));
++      RSA_set0_factors(ret->mp_rsaKey, BN_dup(p), BN_dup(q));
++      RSA_set0_crt_params(ret->mp_rsaKey, BN_dup(dmp1), BN_dup(dmq1), BN_dup(iqmp));
+ 
+       return ret;
+ 
Index: pkgsrc/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoProvider.cpp
diff -u /dev/null pkgsrc/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoProvider.cpp:1.1
--- /dev/null   Mon Apr 30 05:25:24 2018
+++ pkgsrc/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoProvider.cpp     Mon Apr 30 05:25:24 2018
@@ -0,0 +1,13 @@
+$NetBSD: patch-xsec_enc_OpenSSL_OpenSSLCryptoProvider.cpp,v 1.1 2018/04/30 05:25:24 ryoon Exp $
+
+--- xsec/enc/OpenSSL/OpenSSLCryptoProvider.cpp.orig    2012-07-23 16:56:11.000000000 +0000
++++ xsec/enc/OpenSSL/OpenSSLCryptoProvider.cpp
+@@ -343,7 +343,7 @@ XSECCryptoKey* OpenSSLCryptoProvider::ke
+     if (pkey) {
+         XSECCryptoKey* ret = NULL;
+         try {
+-            switch (pkey->type) {
++            switch (EVP_PKEY_base_id(pkey)) {
+                 case EVP_PKEY_RSA:
+                     ret = new OpenSSLCryptoKeyRSA(pkey);
+                     break;
Index: pkgsrc/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoSymmetricKey.cpp
diff -u /dev/null pkgsrc/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoSymmetricKey.cpp:1.1
--- /dev/null   Mon Apr 30 05:25:24 2018
+++ pkgsrc/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoSymmetricKey.cpp Mon Apr 30 05:25:24 2018
@@ -0,0 +1,311 @@
+$NetBSD: patch-xsec_enc_OpenSSL_OpenSSLCryptoSymmetricKey.cpp,v 1.1 2018/04/30 05:25:24 ryoon Exp $
+
+--- xsec/enc/OpenSSL/OpenSSLCryptoSymmetricKey.cpp.orig        2015-01-29 02:52:17.000000000 +0000
++++ xsec/enc/OpenSSL/OpenSSLCryptoSymmetricKey.cpp
+@@ -56,7 +56,8 @@ m_tagBuf(""),
+ m_keyLen(0),
+ m_initialised(false) {
+ 
+-      EVP_CIPHER_CTX_init(&m_ctx);
++      m_ctx = EVP_CIPHER_CTX_new();
++      EVP_CIPHER_CTX_init(m_ctx);
+       m_keyBuf.isSensitive();
+ 
+ }
+@@ -65,7 +66,7 @@ OpenSSLCryptoSymmetricKey::~OpenSSLCrypt
+ 
+       // Clean up the context
+ 
+-      EVP_CIPHER_CTX_cleanup(&m_ctx);
++      EVP_CIPHER_CTX_free(m_ctx);
+ }
+ 
+ // --------------------------------------------------------------------------------
+@@ -149,17 +150,17 @@ int OpenSSLCryptoSymmetricKey::decryptCt
+                          with 0.9.6 */
+ 
+ #if defined(XSEC_OPENSSL_CONST_BUFFERS)
+-                      EVP_DecryptInit(&m_ctx, EVP_des_ede3_cbc(),m_keyBuf.rawBuffer(), iv);
++                      EVP_DecryptInit(m_ctx, EVP_des_ede3_cbc(),m_keyBuf.rawBuffer(), iv);
+ #else
+-                      EVP_DecryptInit(&m_ctx, EVP_des_ede3_cbc(),(unsigned char *) m_keyBuf.rawBuffer(), (unsigned char *) iv);
++                      EVP_DecryptInit(m_ctx, EVP_des_ede3_cbc(),(unsigned char *) m_keyBuf.rawBuffer(), (unsigned char *) iv);
+ #endif
+                       m_ivSize = 8;
+               }
+               else if (m_keyMode == MODE_ECB) {
+ #if defined(XSEC_OPENSSL_CONST_BUFFERS)
+-                      EVP_DecryptInit(&m_ctx, EVP_des_ecb(), m_keyBuf.rawBuffer(), NULL);
++                      EVP_DecryptInit(m_ctx, EVP_des_ecb(), m_keyBuf.rawBuffer(), NULL);
+ #else
+-                      EVP_DecryptInit(&m_ctx, EVP_des_ecb(), (unsigned char *) m_keyBuf.rawBuffer(), NULL);
++                      EVP_DecryptInit(m_ctx, EVP_des_ecb(), (unsigned char *) m_keyBuf.rawBuffer(), NULL);
+ #endif
+                       m_ivSize = 0;
+               }
+@@ -184,7 +185,7 @@ int OpenSSLCryptoSymmetricKey::decryptCt
+                               return 0;       // Cannot initialise without an IV
+                       }
+ 
+-                      EVP_DecryptInit_ex(&m_ctx, EVP_aes_128_cbc(), NULL, m_keyBuf.rawBuffer(), iv);
++                      EVP_DecryptInit_ex(m_ctx, EVP_aes_128_cbc(), NULL, m_keyBuf.rawBuffer(), iv);
+ 
+               }
+ #if defined (XSEC_OPENSSL_HAVE_GCM)
+@@ -207,15 +208,15 @@ int OpenSSLCryptoSymmetricKey::decryptCt
+             }
+ 
+             // We have everything, so we can fully init.
+-            EVP_CipherInit(&m_ctx, EVP_aes_128_gcm(), NULL, NULL, 0);
+-            EVP_CIPHER_CTX_ctrl(&m_ctx, EVP_CTRL_GCM_SET_IVLEN, 12, NULL);
+-            EVP_CIPHER_CTX_ctrl(&m_ctx, EVP_CTRL_GCM_SET_TAG, 16, (void*)m_tagBuf.rawBuffer());
+-            EVP_CipherInit(&m_ctx, NULL, m_keyBuf.rawBuffer(), iv, 0);
++            EVP_CipherInit(m_ctx, EVP_aes_128_gcm(), NULL, NULL, 0);
++            EVP_CIPHER_CTX_ctrl(m_ctx, EVP_CTRL_GCM_SET_IVLEN, 12, NULL);
++            EVP_CIPHER_CTX_ctrl(m_ctx, EVP_CTRL_GCM_SET_TAG, 16, (void*)m_tagBuf.rawBuffer());
++            EVP_CipherInit(m_ctx, NULL, m_keyBuf.rawBuffer(), iv, 0);
+               }
+ #endif
+               else if (m_keyMode == MODE_ECB) {
+ 
+-                      EVP_DecryptInit_ex(&m_ctx, EVP_aes_128_ecb(), NULL, m_keyBuf.rawBuffer(), NULL);
++                      EVP_DecryptInit_ex(m_ctx, EVP_aes_128_ecb(), NULL, m_keyBuf.rawBuffer(), NULL);
+ 
+               }
+         else {
+@@ -236,7 +237,7 @@ int OpenSSLCryptoSymmetricKey::decryptCt
+                               return 0;       // Cannot initialise without an IV
+                       }
+ 
+-                      EVP_DecryptInit_ex(&m_ctx, EVP_aes_192_cbc(), NULL, m_keyBuf.rawBuffer(), iv);
++                      EVP_DecryptInit_ex(m_ctx, EVP_aes_192_cbc(), NULL, m_keyBuf.rawBuffer(), iv);
+ 
+               }
+ #if defined (XSEC_OPENSSL_HAVE_GCM)
+@@ -259,16 +260,16 @@ int OpenSSLCryptoSymmetricKey::decryptCt
+             }
+ 
+             // We have everything, so we can fully init.
+-            EVP_CipherInit(&m_ctx, EVP_aes_192_gcm(), NULL, NULL, 0);
+-            EVP_CIPHER_CTX_ctrl(&m_ctx, EVP_CTRL_GCM_SET_IVLEN, 12, NULL);
+-            EVP_CIPHER_CTX_ctrl(&m_ctx, EVP_CTRL_GCM_SET_TAG, 16, (void*)m_tagBuf.rawBuffer());
+-            EVP_CipherInit(&m_ctx, NULL, m_keyBuf.rawBuffer(), iv, 0);
++            EVP_CipherInit(m_ctx, EVP_aes_192_gcm(), NULL, NULL, 0);
++            EVP_CIPHER_CTX_ctrl(m_ctx, EVP_CTRL_GCM_SET_IVLEN, 12, NULL);
++            EVP_CIPHER_CTX_ctrl(m_ctx, EVP_CTRL_GCM_SET_TAG, 16, (void*)m_tagBuf.rawBuffer());
++            EVP_CipherInit(m_ctx, NULL, m_keyBuf.rawBuffer(), iv, 0);
+ 
+               }
+ #endif
+               else if (m_keyMode == MODE_ECB) {
+ 
+-                      EVP_DecryptInit_ex(&m_ctx, EVP_aes_192_ecb(), NULL, m_keyBuf.rawBuffer(), NULL);
++                      EVP_DecryptInit_ex(m_ctx, EVP_aes_192_ecb(), NULL, m_keyBuf.rawBuffer(), NULL);
+ 
+               }
+         else {
+@@ -289,7 +290,7 @@ int OpenSSLCryptoSymmetricKey::decryptCt
+                               return 0;       // Cannot initialise without an IV
+                       }
+ 
+-                      EVP_DecryptInit_ex(&m_ctx, EVP_aes_256_cbc(), NULL, m_keyBuf.rawBuffer(), iv);
++                      EVP_DecryptInit_ex(m_ctx, EVP_aes_256_cbc(), NULL, m_keyBuf.rawBuffer(), iv);
+ 
+               }
+ #if defined (XSEC_OPENSSL_HAVE_GCM)
+@@ -312,16 +313,16 @@ int OpenSSLCryptoSymmetricKey::decryptCt
+             }
+ 
+             // We have everything, so we can fully init.
+-            EVP_CipherInit(&m_ctx, EVP_aes_256_gcm(), NULL, NULL, 0);
+-            EVP_CIPHER_CTX_ctrl(&m_ctx, EVP_CTRL_GCM_SET_IVLEN, 12, NULL);
+-            EVP_CIPHER_CTX_ctrl(&m_ctx, EVP_CTRL_GCM_SET_TAG, 16, (void*)m_tagBuf.rawBuffer());
+-            EVP_CipherInit(&m_ctx, NULL, m_keyBuf.rawBuffer(), iv, 0);
++            EVP_CipherInit(m_ctx, EVP_aes_256_gcm(), NULL, NULL, 0);
++            EVP_CIPHER_CTX_ctrl(m_ctx, EVP_CTRL_GCM_SET_IVLEN, 12, NULL);
++            EVP_CIPHER_CTX_ctrl(m_ctx, EVP_CTRL_GCM_SET_TAG, 16, (void*)m_tagBuf.rawBuffer());
++            EVP_CipherInit(m_ctx, NULL, m_keyBuf.rawBuffer(), iv, 0);
+ 
+               }
+ #endif
+               else if (m_keyMode == MODE_ECB) {
+ 
+-                      EVP_DecryptInit_ex(&m_ctx, EVP_aes_256_ecb(), NULL, m_keyBuf.rawBuffer(), NULL);
++                      EVP_DecryptInit_ex(m_ctx, EVP_aes_256_ecb(), NULL, m_keyBuf.rawBuffer(), NULL);
+ 
+               }
+         else {
+@@ -371,7 +372,7 @@ int OpenSSLCryptoSymmetricKey::decryptCt
+       // Disable OpenSSL padding - The interop samples have broken PKCS padding - AARGHH
+ 
+ #if defined (XSEC_OPENSSL_CANSET_PADDING)
+-      EVP_CIPHER_CTX_set_padding(&m_ctx, 0);
++      EVP_CIPHER_CTX_set_padding(m_ctx, 0);
+ #endif
+ 
+       // Return number of bytes chewed up by IV
+@@ -439,9 +440,9 @@ unsigned int OpenSSLCryptoSymmetricKey::
+       }
+ 
+ #if defined (XSEC_OPENSSL_CONST_BUFFERS)
+-      if (EVP_DecryptUpdate(&m_ctx, &plainBuf[m_bytesInLastBlock], &outl, &inBuf[offset], inLength - offset) == 0) {
++      if (EVP_DecryptUpdate(m_ctx, &plainBuf[m_bytesInLastBlock], &outl, &inBuf[offset], inLength - offset) == 0) {
+ #else
+-      if (EVP_DecryptUpdate(&m_ctx, &plainBuf[m_bytesInLastBlock], &outl, (unsigned char *) &inBuf[offset], inLength - offset) == 0) {
++      if (EVP_DecryptUpdate(m_ctx, &plainBuf[m_bytesInLastBlock], &outl, (unsigned char *) &inBuf[offset], inLength - offset) == 0) {
+ #endif
+               throw XSECCryptoException(XSECCryptoException::SymmetricError,
+                       "OpenSSL:SymmetricKey - Error during OpenSSL decrypt"); 
+@@ -476,7 +477,7 @@ unsigned int OpenSSLCryptoSymmetricKey::
+ 
+ #if defined (XSEC_OPENSSL_CANSET_PADDING)
+ 
+-      if (EVP_DecryptFinal(&m_ctx, plainBuf, &outl) == 0) {
++      if (EVP_DecryptFinal(m_ctx, plainBuf, &outl) == 0) {
+ 
+               throw XSECCryptoException(XSECCryptoException::SymmetricError,
+                       "OpenSSL:SymmetricKey - Error during OpenSSL decrypt finalisation"); 
+@@ -544,7 +545,7 @@ unsigned int OpenSSLCryptoSymmetricKey::
+        We can then clean that up ourselves
+       */
+ 
+-      if (EVP_DecryptUpdate(&m_ctx, &scrPlainBuf[offset], &outl, cipherBuf, m_blockSize) == 0) {
++      if (EVP_DecryptUpdate(m_ctx, &scrPlainBuf[offset], &outl, cipherBuf, m_blockSize) == 0) {
+               throw XSECCryptoException(XSECCryptoException::SymmetricError,
+                       "OpenSSL:SymmetricKey - Error cecrypting final block during OpenSSL");
+       } 
+@@ -641,16 +642,16 @@ bool OpenSSLCryptoSymmetricKey::encryptI
+             }
+ 
+ #if defined (XSEC_OPENSSL_CONST_BUFFERS)
+-                      EVP_EncryptInit(&m_ctx, EVP_des_ede3_cbc(), m_keyBuf.rawBuffer(), usedIV);
++                      EVP_EncryptInit(m_ctx, EVP_des_ede3_cbc(), m_keyBuf.rawBuffer(), usedIV);
+ #else
+-                      EVP_EncryptInit(&m_ctx, EVP_des_ede3_cbc(), (unsigned char *) m_keyBuf.rawBuffer(), (unsigned char *) usedIV);
++                      EVP_EncryptInit(m_ctx, EVP_des_ede3_cbc(), (unsigned char *) m_keyBuf.rawBuffer(), (unsigned char *) usedIV);
+ #endif
+               }
+               else if (m_keyMode == MODE_ECB) {
+ #if defined (XSEC_OPENSSL_CONST_BUFFERS)
+-                      EVP_EncryptInit(&m_ctx, EVP_des_ede3_ecb(), m_keyBuf.rawBuffer(), NULL);
++                      EVP_EncryptInit(m_ctx, EVP_des_ede3_ecb(), m_keyBuf.rawBuffer(), NULL);
+ #else
+-                      EVP_EncryptInit(&m_ctx, EVP_des_ede3(), (unsigned char *) m_keyBuf.rawBuffer(), NULL);
++                      EVP_EncryptInit(m_ctx, EVP_des_ede3(), (unsigned char *) m_keyBuf.rawBuffer(), NULL);
+ #endif
+               }
+         else {
+@@ -684,11 +685,11 @@ bool OpenSSLCryptoSymmetricKey::encryptI
+                       else
+                               usedIV = iv;
+ 
+-                      EVP_EncryptInit_ex(&m_ctx, EVP_aes_128_cbc(), NULL, m_keyBuf.rawBuffer(), usedIV);
++                      EVP_EncryptInit_ex(m_ctx, EVP_aes_128_cbc(), NULL, m_keyBuf.rawBuffer(), usedIV);
+               }
+               else if (m_keyMode == MODE_ECB) {
+ 
+-                      EVP_EncryptInit_ex(&m_ctx, EVP_aes_128_ecb(), NULL, m_keyBuf.rawBuffer(), NULL);
++                      EVP_EncryptInit_ex(m_ctx, EVP_aes_128_ecb(), NULL, m_keyBuf.rawBuffer(), NULL);
+ 
+               }
+ #ifdef XSEC_OPENSSL_HAVE_GCM
+@@ -708,7 +709,7 @@ bool OpenSSLCryptoSymmetricKey::encryptI
+                       else
+                               usedIV = iv;
+ 
+-                      EVP_EncryptInit_ex(&m_ctx, EVP_aes_128_gcm(), NULL, m_keyBuf.rawBuffer(), usedIV);
++                      EVP_EncryptInit_ex(m_ctx, EVP_aes_128_gcm(), NULL, m_keyBuf.rawBuffer(), usedIV);
+               }
+ #endif
+         else {
+@@ -739,7 +740,7 @@ bool OpenSSLCryptoSymmetricKey::encryptI
+                       else
+                               usedIV = iv;
+ 
+-                      EVP_EncryptInit_ex(&m_ctx, EVP_aes_192_cbc(), NULL, m_keyBuf.rawBuffer(), usedIV);
++                      EVP_EncryptInit_ex(m_ctx, EVP_aes_192_cbc(), NULL, m_keyBuf.rawBuffer(), usedIV);
+ 
+               }
+ #ifdef XSEC_OPENSSL_HAVE_GCM
+@@ -759,12 +760,12 @@ bool OpenSSLCryptoSymmetricKey::encryptI
+                       else
+                               usedIV = iv;
+ 
+-                      EVP_EncryptInit_ex(&m_ctx, EVP_aes_192_gcm(), NULL, m_keyBuf.rawBuffer(), usedIV);
++                      EVP_EncryptInit_ex(m_ctx, EVP_aes_192_gcm(), NULL, m_keyBuf.rawBuffer(), usedIV);
+               }
+ #endif
+               else if (m_keyMode == MODE_ECB) {
+ 
+-                      EVP_EncryptInit_ex(&m_ctx, EVP_aes_192_ecb(), NULL, m_keyBuf.rawBuffer(), NULL);
++                      EVP_EncryptInit_ex(m_ctx, EVP_aes_192_ecb(), NULL, m_keyBuf.rawBuffer(), NULL);
+               }
+         else {
+                   throw XSECCryptoException(XSECCryptoException::SymmetricError,
+@@ -793,7 +794,7 @@ bool OpenSSLCryptoSymmetricKey::encryptI
+                       else
+                               usedIV = iv;
+ 
+-                      EVP_EncryptInit_ex(&m_ctx, EVP_aes_256_cbc(), NULL, m_keyBuf.rawBuffer(), usedIV);
++                      EVP_EncryptInit_ex(m_ctx, EVP_aes_256_cbc(), NULL, m_keyBuf.rawBuffer(), usedIV);
+ 
+               }
+ #ifdef XSEC_OPENSSL_HAVE_GCM
+@@ -813,12 +814,12 @@ bool OpenSSLCryptoSymmetricKey::encryptI
+                       else
+                               usedIV = iv;
+ 
+-                      EVP_EncryptInit_ex(&m_ctx, EVP_aes_256_gcm(), NULL, m_keyBuf.rawBuffer(), usedIV);
++                      EVP_EncryptInit_ex(m_ctx, EVP_aes_256_gcm(), NULL, m_keyBuf.rawBuffer(), usedIV);
+               }
+ #endif
+               else if (m_keyMode == MODE_ECB) {
+ 
+-                      EVP_EncryptInit_ex(&m_ctx, EVP_aes_256_ecb(), NULL, m_keyBuf.rawBuffer(), NULL);
++                      EVP_EncryptInit_ex(m_ctx, EVP_aes_256_ecb(), NULL, m_keyBuf.rawBuffer(), NULL);
+ 
+               }
+         else {
+@@ -864,10 +865,10 @@ bool OpenSSLCryptoSymmetricKey::encryptI
+ #if defined (XSEC_OPENSSL_CANSET_PADDING)
+       // Setup padding
+       if (m_doPad) {
+-              EVP_CIPHER_CTX_set_padding(&m_ctx, 1);
++              EVP_CIPHER_CTX_set_padding(m_ctx, 1);
+       }
+       else {
+-              EVP_CIPHER_CTX_set_padding(&m_ctx, 0);
++              EVP_CIPHER_CTX_set_padding(m_ctx, 0);
+       }
+ #endif
+ 
+@@ -908,9 +909,9 @@ unsigned int OpenSSLCryptoSymmetricKey::
+ 
+       }
+ #if defined (XSEC_OPENSSL_CONST_BUFFERS)
+-      if (EVP_EncryptUpdate(&m_ctx, &cipherBuf[offset], &outl, inBuf, inLength) == 0) {
++      if (EVP_EncryptUpdate(m_ctx, &cipherBuf[offset], &outl, inBuf, inLength) == 0) {
+ #else
+-      if (EVP_EncryptUpdate(&m_ctx, &cipherBuf[offset], &outl, (unsigned char *) inBuf, inLength) == 0) {
++      if (EVP_EncryptUpdate(m_ctx, &cipherBuf[offset], &outl, (unsigned char *) inBuf, inLength) == 0) {
+ #endif
+ 
+               throw XSECCryptoException(XSECCryptoException::SymmetricError,
+@@ -929,7 +930,7 @@ unsigned int OpenSSLCryptoSymmetricKey::
+       int outl = maxOutLength;
+       m_initialised = false;
+ 
+-      if (EVP_EncryptFinal(&m_ctx, cipherBuf, &outl) == 0) {
++      if (EVP_EncryptFinal(m_ctx, cipherBuf, &outl) == 0) {
+ 
+               throw XSECCryptoException(XSECCryptoException::SymmetricError,
+                 "OpenSSLSymmetricKey::encryptFinish - Error during OpenSSL decrypt finalisation"); 
+@@ -962,7 +963,7 @@ unsigned int OpenSSLCryptoSymmetricKey::
+         }
+         if (m_keyMode == MODE_GCM) {
+ #ifdef XSEC_OPENSSL_HAVE_GCM
+-            EVP_CIPHER_CTX_ctrl(&m_ctx, EVP_CTRL_GCM_GET_TAG, taglen, cipherBuf + outl);
++            EVP_CIPHER_CTX_ctrl(m_ctx, EVP_CTRL_GCM_GET_TAG, taglen, cipherBuf + outl);
+             outl += taglen;
+ #else
+                   throw XSECCryptoException(XSECCryptoException::SymmetricError,
Index: pkgsrc/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoSymmetricKey.hpp
diff -u /dev/null pkgsrc/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoSymmetricKey.hpp:1.1
--- /dev/null   Mon Apr 30 05:25:24 2018
+++ pkgsrc/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoSymmetricKey.hpp Mon Apr 30 05:25:24 2018
@@ -0,0 +1,29 @@
+$NetBSD: patch-xsec_enc_OpenSSL_OpenSSLCryptoSymmetricKey.hpp,v 1.1 2018/04/30 05:25:24 ryoon Exp $
+
+--- xsec/enc/OpenSSL/OpenSSLCryptoSymmetricKey.hpp.orig        2012-07-23 16:56:11.000000000 +0000
++++ xsec/enc/OpenSSL/OpenSSLCryptoSymmetricKey.hpp
+@@ -283,13 +283,13 @@ public :
+        * \brief Get OpenSSL cipher context structure
+        */
+ 
+-      EVP_CIPHER_CTX * getOpenSSLEVP_CIPHER_CTX(void) {return &m_ctx;}
++      EVP_CIPHER_CTX * getOpenSSLEVP_CIPHER_CTX(void) {return m_ctx;}
+ 
+     /**
+        * \brief Get OpenSSL cipher context structure
+        */
+ 
+-      const EVP_CIPHER_CTX * getOpenSSLEVP_CIPHER_CTX(void) const {return &m_ctx;}
++      const EVP_CIPHER_CTX * getOpenSSLEVP_CIPHER_CTX(void) const {return m_ctx;}
+ 
+       //@}
+ 
+@@ -307,7 +307,7 @@ private:
+       // Private variables
+       SymmetricKeyType                                m_keyType;
+       SymmetricKeyMode                                m_keyMode;
+-      EVP_CIPHER_CTX                                  m_ctx;                  // OpenSSL Cipher Context structure
++      EVP_CIPHER_CTX                                  *m_ctx;                 // OpenSSL Cipher Context structure
+       safeBuffer                                              m_keyBuf;               // Holder of the key
+     safeBuffer                      m_tagBuf;       // Holder of authentication tag
+       unsigned int                                    m_keyLen;
Index: pkgsrc/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoX509.cpp
diff -u /dev/null pkgsrc/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoX509.cpp:1.1
--- /dev/null   Mon Apr 30 05:25:24 2018
+++ pkgsrc/security/xml-security-c/patches/patch-xsec_enc_OpenSSL_OpenSSLCryptoX509.cpp Mon Apr 30 05:25:24 2018
@@ -0,0 +1,22 @@
+$NetBSD: patch-xsec_enc_OpenSSL_OpenSSLCryptoX509.cpp,v 1.1 2018/04/30 05:25:24 ryoon Exp $
+
+--- xsec/enc/OpenSSL/OpenSSLCryptoX509.cpp.orig        2012-07-23 16:56:11.000000000 +0000
++++ xsec/enc/OpenSSL/OpenSSLCryptoX509.cpp
+@@ -191,7 +191,7 @@ XSECCryptoKey::KeyType OpenSSLCryptoX509
+ 
+       XSECCryptoKey::KeyType ret;
+ 
+-      switch (pkey->type) {
++      switch (EVP_PKEY_base_id(pkey)) {
+ 
+       case EVP_PKEY_DSA :
+ 
+@@ -241,7 +241,7 @@ XSECCryptoKey * OpenSSLCryptoX509::clone
+                       "OpenSSL:X509 - cannot retrieve public key from cert");
+       }
+ 
+-      switch (pkey->type) {
++      switch (EVP_PKEY_base_id(pkey)) {
+ 
+       case EVP_PKEY_DSA :
+ 
Index: pkgsrc/security/xml-security-c/patches/patch-xsec_tools_cipher_XencInteropResolver.cpp
diff -u /dev/null pkgsrc/security/xml-security-c/patches/patch-xsec_tools_cipher_XencInteropResolver.cpp:1.1
--- /dev/null   Mon Apr 30 05:25:24 2018
+++ pkgsrc/security/xml-security-c/patches/patch-xsec_tools_cipher_XencInteropResolver.cpp      Mon Apr 30 05:25:24 2018
@@ -0,0 +1,13 @@
+$NetBSD: patch-xsec_tools_cipher_XencInteropResolver.cpp,v 1.1 2018/04/30 05:25:24 ryoon Exp $
+
+--- xsec/tools/cipher/XencInteropResolver.cpp.orig     2012-07-23 16:56:10.000000000 +0000
++++ xsec/tools/cipher/XencInteropResolver.cpp
+@@ -521,7 +521,7 @@ XSECCryptoKey * XencInteropResolver::res
+                                       X509 * x509 = OSSLX509->getOpenSSLX509();
+ 
+                                       // Check the serial number
+-                                      BIGNUM * bnserial = ASN1_INTEGER_to_BN(x509->cert_info->serialNumber, NULL);
++                                      BIGNUM * bnserial = ASN1_INTEGER_to_BN(X509_get0_serialNumber(x509), NULL);
+                                       BN_free(bnserial);
+ 
+                                       BIO * rsaFile = createFileBIO(mp_baseURI, "rsa.p8");
Index: pkgsrc/security/xml-security-c/patches/patch-xsec_tools_cipher_cipher.cpp
diff -u /dev/null pkgsrc/security/xml-security-c/patches/patch-xsec_tools_cipher_cipher.cpp:1.1
--- /dev/null   Mon Apr 30 05:25:24 2018
+++ pkgsrc/security/xml-security-c/patches/patch-xsec_tools_cipher_cipher.cpp   Mon Apr 30 05:25:24 2018
@@ -0,0 +1,13 @@
+$NetBSD: patch-xsec_tools_cipher_cipher.cpp,v 1.1 2018/04/30 05:25:24 ryoon Exp $
+
+--- xsec/tools/cipher/cipher.cpp.orig  2015-01-30 03:55:09.000000000 +0000
++++ xsec/tools/cipher/cipher.cpp
+@@ -517,7 +517,7 @@ int evaluate(int argc, char ** argv) {
+ 
+                               pkey = X509_get_pubkey(x);
+ 
+-                              if (pkey == NULL || pkey->type != EVP_PKEY_RSA) {
++                              if (pkey == NULL || EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA) {
+                                       cerr << "Error extracting RSA key from certificate" << endl;
+                               }
+ 
Index: pkgsrc/security/xml-security-c/patches/patch-xsec_tools_templatesign_templatesign.cpp
diff -u /dev/null pkgsrc/security/xml-security-c/patches/patch-xsec_tools_templatesign_templatesign.cpp:1.1
--- /dev/null   Mon Apr 30 05:25:24 2018
+++ pkgsrc/security/xml-security-c/patches/patch-xsec_tools_templatesign_templatesign.cpp       Mon Apr 30 05:25:24 2018
@@ -0,0 +1,31 @@
+$NetBSD: patch-xsec_tools_templatesign_templatesign.cpp,v 1.1 2018/04/30 05:25:24 ryoon Exp $
+
+--- xsec/tools/templatesign/templatesign.cpp.orig      2015-01-30 03:55:09.000000000 +0000
++++ xsec/tools/templatesign/templatesign.cpp
+@@ -726,7 +726,7 @@ int main(int argc, char **argv) {
+ 
+                               // Check type is correct
+ 
+-                              if (pkey->type != EVP_PKEY_DSA) {
++                              if (EVP_PKEY_base_id(pkey) != EVP_PKEY_DSA) {
+                                       cerr << "DSA Key requested, but OpenSSL loaded something else\n";
+                                       exit (1);
+                               }
+@@ -739,7 +739,7 @@ int main(int argc, char **argv) {
+ 
+                               // Check type is correct
+ 
+-                              if (pkey->type != EVP_PKEY_EC) {
++                              if (EVP_PKEY_base_id(pkey) != EVP_PKEY_EC) {
+                                       cerr << "EC Key requested, but OpenSSL loaded something else\n";
+                                       exit (1);
+                               }
+@@ -749,7 +749,7 @@ int main(int argc, char **argv) {
+                       }
+ #   endif
+             else {
+-                              if (pkey->type != EVP_PKEY_RSA) {
++                              if (EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA) {
+                                       cerr << "RSA Key requested, but OpenSSL loaded something else\n";
+                                       exit (1);
+                               }
Index: pkgsrc/security/xml-security-c/patches/patch-xsec_tools_xklient_xklient.cpp
diff -u /dev/null pkgsrc/security/xml-security-c/patches/patch-xsec_tools_xklient_xklient.cpp:1.1
--- /dev/null   Mon Apr 30 05:25:24 2018
+++ pkgsrc/security/xml-security-c/patches/patch-xsec_tools_xklient_xklient.cpp Mon Apr 30 05:25:24 2018
@@ -0,0 +1,557 @@
+$NetBSD: patch-xsec_tools_xklient_xklient.cpp,v 1.1 2018/04/30 05:25:24 ryoon Exp $
+
+--- xsec/tools/xklient/xklient.cpp.orig        2012-07-23 16:56:10.000000000 +0000
++++ xsec/tools/xklient/xklient.cpp
+@@ -284,7 +284,7 @@ XSECCryptoX509 * loadX509(const char * i
+ 
+ #if defined (XSEC_HAVE_OPENSSL)
+ 
+-XMLCh * BN2b64(BIGNUM * bn) {
++XMLCh * BN2b64(const BIGNUM * bn) {
+ 
+       int bytes = BN_num_bytes(bn);
+       unsigned char * binbuf = new unsigned char[bytes + 1];
+@@ -606,7 +606,7 @@ XKMSMessageAbstractType * createLocateRe
+ 
+                               // Check type is correct
+ 
+-                              if (pkey->type != EVP_PKEY_DSA) {
++                              if (EVP_PKEY_base_id(pkey) != EVP_PKEY_DSA) {
+                                       cerr << "DSA Key requested, but OpenSSL loaded something else\n";
+                                       return NULL;
+                               }
+@@ -615,10 +615,14 @@ XKMSMessageAbstractType * createLocateRe
+                               // Create the XSEC OpenSSL interface
+                               key = new OpenSSLCryptoKeyDSA(pkey);
+ 
+-                              XMLCh * P = BN2b64(pkey->pkey.dsa->p);
+-                              XMLCh * Q = BN2b64(pkey->pkey.dsa->q);
+-                              XMLCh * G = BN2b64(pkey->pkey.dsa->g);
+-                              XMLCh * Y = BN2b64(pkey->pkey.dsa->pub_key);
++                              DSA *dsa = EVP_PKEY_get0_DSA(pkey);
++                              const BIGNUM *p, *q, *g, *pub_key;
++                              DSA_get0_pqg(dsa, &p, &q, &g);
++                              DSA_get0_key(dsa, &pub_key, 0);
++                              XMLCh * P = BN2b64(p);
++                              XMLCh * Q = BN2b64(q);
++                              XMLCh * G = BN2b64(g);
++                              XMLCh * Y = BN2b64(pub_key);
+ 
+                               sig->appendDSAKeyValue(P,Q,G,Y);
+ 
+@@ -628,15 +632,18 @@ XKMSMessageAbstractType * createLocateRe
+                               XSEC_RELEASE_XMLCH(Y);
+                       }
+                       else {
+-                              if (pkey->type != EVP_PKEY_RSA) {
++                              if (EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA) {
+                                       cerr << "RSA Key requested, but OpenSSL loaded something else\n";
+                                       exit (1);
+                               }
+                               sig = lr->addSignature(CANON_C14N_NOC, SIGNATURE_RSA, HASH_SHA1);
+                               key = new OpenSSLCryptoKeyRSA(pkey);
+ 
+-                              XMLCh * mod = BN2b64(pkey->pkey.rsa->n);
+-                              XMLCh * exp = BN2b64(pkey->pkey.rsa->e);
++                              RSA *rsa = EVP_PKEY_get0_RSA(pkey);
++                              const BIGNUM *n, *e;
++                              RSA_get0_key(rsa, &n, &e, 0);
++                              XMLCh * mod = BN2b64(n);
++                              XMLCh * exp = BN2b64(e);
+                               sig->appendRSAKeyValue(mod, exp);
+                               XSEC_RELEASE_XMLCH(mod);
+                               XSEC_RELEASE_XMLCH(exp);
+@@ -878,7 +885,7 @@ XKMSMessageAbstractType * createValidate
+ 
+                               // Check type is correct
+ 
+-                              if (pkey->type != EVP_PKEY_DSA) {
++                              if (EVP_PKEY_base_id(pkey) != EVP_PKEY_DSA) {
+                                       cerr << "DSA Key requested, but OpenSSL loaded something else\n";
+                                       return NULL;
+                               }
+@@ -887,10 +894,14 @@ XKMSMessageAbstractType * createValidate
+                               // Create the XSEC OpenSSL interface
+                               key = new OpenSSLCryptoKeyDSA(pkey);
+ 
+-                              XMLCh * P = BN2b64(pkey->pkey.dsa->p);
+-                              XMLCh * Q = BN2b64(pkey->pkey.dsa->q);
+-                              XMLCh * G = BN2b64(pkey->pkey.dsa->g);
+-                              XMLCh * Y = BN2b64(pkey->pkey.dsa->pub_key);
++                              DSA *dsa = EVP_PKEY_get0_DSA(pkey);
++                              const BIGNUM *p, *q, *g, *pub_key;
++                              DSA_get0_pqg(dsa, &p, &q, &g);
++                              DSA_get0_key(dsa, &pub_key, 0);
++                              XMLCh * P = BN2b64(p);
++                              XMLCh * Q = BN2b64(q);
++                              XMLCh * G = BN2b64(g);
++                              XMLCh * Y = BN2b64(pub_key);
+ 
+                               sig->appendDSAKeyValue(P,Q,G,Y);
+ 
+@@ -900,15 +911,18 @@ XKMSMessageAbstractType * createValidate
+                               XSEC_RELEASE_XMLCH(Y);
+                       }
+                       else {
+-                              if (pkey->type != EVP_PKEY_RSA) {
++                              if (EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA) {
+                                       cerr << "RSA Key requested, but OpenSSL loaded something else\n";
+                                       exit (1);
+                               }
+                               sig = vr->addSignature(CANON_C14N_NOC, SIGNATURE_RSA, HASH_SHA1);
+                               key = new OpenSSLCryptoKeyRSA(pkey);
+ 
+-                              XMLCh * mod = BN2b64(pkey->pkey.rsa->n);
+-                              XMLCh * exp = BN2b64(pkey->pkey.rsa->e);
++                              RSA *rsa = EVP_PKEY_get0_RSA(pkey);
++                              const BIGNUM *n, *e;
++                              RSA_get0_key(rsa, &n, &e, 0);
++                              XMLCh * mod = BN2b64(n);
++                              XMLCh * exp = BN2b64(e);
+                               sig->appendRSAKeyValue(mod, exp);
+                               XSEC_RELEASE_XMLCH(mod);
+                               XSEC_RELEASE_XMLCH(exp);
+@@ -1229,7 +1243,7 @@ XKMSMessageAbstractType * createRegister
+ 
+                               // Check type is correct
+ 
+-                              if (pkey->type != EVP_PKEY_DSA) {
++                              if (EVP_PKEY_base_id(pkey) != EVP_PKEY_DSA) {
+                                       cerr << "DSA Key requested, but OpenSSL loaded something else\n";
+                                       return NULL;
+                               }
+@@ -1238,10 +1252,14 @@ XKMSMessageAbstractType * createRegister
+                               // Create the XSEC OpenSSL interface
+                               key = new OpenSSLCryptoKeyDSA(pkey);
+ 
+-                              XMLCh * P = BN2b64(pkey->pkey.dsa->p);
+-                              XMLCh * Q = BN2b64(pkey->pkey.dsa->q);
+-                              XMLCh * G = BN2b64(pkey->pkey.dsa->g);
+-                              XMLCh * Y = BN2b64(pkey->pkey.dsa->pub_key);
++                              DSA *dsa = EVP_PKEY_get0_DSA(pkey);
++                              const BIGNUM *p, *q, *g, *pub_key;
++                              DSA_get0_pqg(dsa, &p, &q, &g);
++                              DSA_get0_key(dsa, &pub_key, 0);
++                              XMLCh * P = BN2b64(p);
++                              XMLCh * Q = BN2b64(q);
++                              XMLCh * G = BN2b64(g);
++                              XMLCh * Y = BN2b64(pub_key);
+ 
+                               sig->appendDSAKeyValue(P,Q,G,Y);
+ 
+@@ -1251,15 +1269,18 @@ XKMSMessageAbstractType * createRegister
+                               XSEC_RELEASE_XMLCH(Y);
+                       }
+                       else {
+-                              if (pkey->type != EVP_PKEY_RSA) {
++                              if (EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA) {
+                                       cerr << "RSA Key requested, but OpenSSL loaded something else\n";
+                                       exit (1);
+                               }
+                               sig = rr->addSignature(CANON_C14N_NOC, SIGNATURE_RSA, HASH_SHA1);
+                               key = new OpenSSLCryptoKeyRSA(pkey);
+ 
+-                              XMLCh * mod = BN2b64(pkey->pkey.rsa->n);
+-                              XMLCh * exp = BN2b64(pkey->pkey.rsa->e);
++                              RSA *rsa = EVP_PKEY_get0_RSA(pkey);
++                              const BIGNUM *n, *e;
++                              RSA_get0_key(rsa, &n, &e, 0);
++                              XMLCh * mod = BN2b64(n);
++                              XMLCh * exp = BN2b64(e);
+                               sig->appendRSAKeyValue(mod, exp);
+                               XSEC_RELEASE_XMLCH(mod);
+                               XSEC_RELEASE_XMLCH(exp);
+@@ -1326,7 +1347,7 @@ XKMSMessageAbstractType * createRegister
+ 
+                               // Check type is correct
+ 
+-                              if (pkey->type != EVP_PKEY_DSA) {
++                              if (EVP_PKEY_base_id(pkey) != EVP_PKEY_DSA) {
+                                       cerr << "DSA Key requested, but OpenSSL loaded something else\n";
+                                       return NULL;
+                               }
+@@ -1334,10 +1355,14 @@ XKMSMessageAbstractType * createRegister
+                               proofOfPossessionKey = new OpenSSLCryptoKeyDSA(pkey);
+                               proofOfPossessionSm = SIGNATURE_DSA;
+ 
+-                              XMLCh * P = BN2b64(pkey->pkey.dsa->p);
+-                              XMLCh * Q = BN2b64(pkey->pkey.dsa->q);
+-                              XMLCh * G = BN2b64(pkey->pkey.dsa->g);
+-                              XMLCh * Y = BN2b64(pkey->pkey.dsa->pub_key);
++                              DSA *dsa = EVP_PKEY_get0_DSA(pkey);
++                              const BIGNUM *p, *q, *g, *pub_key;
++                              DSA_get0_pqg(dsa, &p, &q, &g);
++                              DSA_get0_key(dsa, &pub_key, 0);
++                              XMLCh * P = BN2b64(p);
++                              XMLCh * Q = BN2b64(q);
++                              XMLCh * G = BN2b64(g);
++                              XMLCh * Y = BN2b64(pub_key);
+ 
+                               pkb->appendDSAKeyValue(P,Q,G,Y);
+ 
+@@ -1347,7 +1372,7 @@ XKMSMessageAbstractType * createRegister
+                               XSEC_RELEASE_XMLCH(Y);
+                       }
+                       else {
+-                              if (pkey->type != EVP_PKEY_RSA) {
++                              if (EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA) {
+                                       cerr << "RSA Key requested, but OpenSSL loaded something else\n";
+                                       exit (1);
+                               }
+@@ -1355,8 +1380,11 @@ XKMSMessageAbstractType * createRegister
+                               proofOfPossessionKey = new OpenSSLCryptoKeyRSA(pkey);
+                               proofOfPossessionSm = SIGNATURE_RSA;
+ 
+-                              XMLCh * mod = BN2b64(pkey->pkey.rsa->n);
+-                              XMLCh * exp = BN2b64(pkey->pkey.rsa->e);
++                              RSA *rsa = EVP_PKEY_get0_RSA(pkey);
++                              const BIGNUM *n, *e;
++                              RSA_get0_key(rsa, &n, &e, 0);
++                              XMLCh * mod = BN2b64(n);
++                              XMLCh * exp = BN2b64(e);
+                               pkb->appendRSAKeyValue(mod, exp);
+                               XSEC_RELEASE_XMLCH(mod);
+                               XSEC_RELEASE_XMLCH(exp);
+@@ -1622,7 +1650,7 @@ XKMSMessageAbstractType * createRevokeRe
+ 
+                               // Check type is correct
+ 
+-                              if (pkey->type != EVP_PKEY_DSA) {
++                              if (EVP_PKEY_base_id(pkey) != EVP_PKEY_DSA) {
+                                       cerr << "DSA Key requested, but OpenSSL loaded something else\n";
+                                       return NULL;
+                               }
+@@ -1631,10 +1659,14 @@ XKMSMessageAbstractType * createRevokeRe
+                               // Create the XSEC OpenSSL interface
+                               key = new OpenSSLCryptoKeyDSA(pkey);
+ 
+-                              XMLCh * P = BN2b64(pkey->pkey.dsa->p);
+-                              XMLCh * Q = BN2b64(pkey->pkey.dsa->q);
+-                              XMLCh * G = BN2b64(pkey->pkey.dsa->g);
+-                              XMLCh * Y = BN2b64(pkey->pkey.dsa->pub_key);
++                              DSA *dsa = EVP_PKEY_get0_DSA(pkey);
++                              const BIGNUM *p, *q, *g, *pub_key;
++                              DSA_get0_pqg(dsa, &p, &q, &g);
++                              DSA_get0_key(dsa, &pub_key, 0);
++                              XMLCh * P = BN2b64(p);
++                              XMLCh * Q = BN2b64(q);
++                              XMLCh * G = BN2b64(g);
++                              XMLCh * Y = BN2b64(pub_key);
+ 
+                               sig->appendDSAKeyValue(P,Q,G,Y);
+ 
+@@ -1644,15 +1676,18 @@ XKMSMessageAbstractType * createRevokeRe
+                               XSEC_RELEASE_XMLCH(Y);
+                       }
+                       else {
+-                              if (pkey->type != EVP_PKEY_RSA) {
++                              if (EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA) {
+                                       cerr << "RSA Key requested, but OpenSSL loaded something else\n";
+                                       exit (1);
+                               }
+                               sig = rr->addSignature(CANON_C14N_NOC, SIGNATURE_RSA, HASH_SHA1);
+                               key = new OpenSSLCryptoKeyRSA(pkey);
+ 
+-                              XMLCh * mod = BN2b64(pkey->pkey.rsa->n);
+-                              XMLCh * exp = BN2b64(pkey->pkey.rsa->e);
++                              RSA *rsa = EVP_PKEY_get0_RSA(pkey);
++                              const BIGNUM *n, *e;
++                              RSA_get0_key(rsa, &n, &e, 0);
++                              XMLCh * mod = BN2b64(n);
++                              XMLCh * exp = BN2b64(e);
+                               sig->appendRSAKeyValue(mod, exp);
+                               XSEC_RELEASE_XMLCH(mod);
+                               XSEC_RELEASE_XMLCH(exp);
+@@ -1719,15 +1754,19 @@ XKMSMessageAbstractType * createRevokeRe
+ 
+                               // Check type is correct
+ 
+-                              if (pkey->type != EVP_PKEY_DSA) {
++                              if (EVP_PKEY_base_id(pkey) != EVP_PKEY_DSA) {
+                                       cerr << "DSA Key requested, but OpenSSL loaded something else\n";
+                                       return NULL;
+                               }
+ 
+-                              XMLCh * P = BN2b64(pkey->pkey.dsa->p);
+-                              XMLCh * Q = BN2b64(pkey->pkey.dsa->q);
+-                              XMLCh * G = BN2b64(pkey->pkey.dsa->g);
+-                              XMLCh * Y = BN2b64(pkey->pkey.dsa->pub_key);
++                              DSA *dsa = EVP_PKEY_get0_DSA(pkey);
++                              const BIGNUM *p, *q, *g, *pub_key;
++                              DSA_get0_pqg(dsa, &p, &q, &g);
++                              DSA_get0_key(dsa, &pub_key, 0);
++                              XMLCh * P = BN2b64(p);
++                              XMLCh * Q = BN2b64(q);
++                              XMLCh * G = BN2b64(g);
++                              XMLCh * Y = BN2b64(pub_key);
+ 
+                               rkb->appendDSAKeyValue(P,Q,G,Y);
+ 
+@@ -1737,13 +1776,16 @@ XKMSMessageAbstractType * createRevokeRe
+                               XSEC_RELEASE_XMLCH(Y);
+                       }
+                       else {
+-                              if (pkey->type != EVP_PKEY_RSA) {
++                              if (EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA) {
+                                       cerr << "RSA Key requested, but OpenSSL loaded something else\n";
+                                       exit (1);
+                               }
+ 
+-                              XMLCh * mod = BN2b64(pkey->pkey.rsa->n);
+-                              XMLCh * exp = BN2b64(pkey->pkey.rsa->e);
++                              RSA *rsa = EVP_PKEY_get0_RSA(pkey);
++                              const BIGNUM *n, *e;
++                              RSA_get0_key(rsa, &n, &e, 0);
++                              XMLCh * mod = BN2b64(n);
++                              XMLCh * exp = BN2b64(e);
+                               rkb->appendRSAKeyValue(mod, exp);
+                               XSEC_RELEASE_XMLCH(mod);
+                               XSEC_RELEASE_XMLCH(exp);
+@@ -1977,7 +2019,7 @@ XKMSMessageAbstractType * createReissueR
+ 
+                               // Check type is correct
+ 
+-                              if (pkey->type != EVP_PKEY_DSA) {
++                              if (EVP_PKEY_base_id(pkey) != EVP_PKEY_DSA) {
+                                       cerr << "DSA Key requested, but OpenSSL loaded something else\n";
+                                       return NULL;
+                               }
+@@ -1986,10 +2028,14 @@ XKMSMessageAbstractType * createReissueR
+                               // Create the XSEC OpenSSL interface
+                               key = new OpenSSLCryptoKeyDSA(pkey);
+ 
+-                              XMLCh * P = BN2b64(pkey->pkey.dsa->p);
+-                              XMLCh * Q = BN2b64(pkey->pkey.dsa->q);
+-                              XMLCh * G = BN2b64(pkey->pkey.dsa->g);
+-                              XMLCh * Y = BN2b64(pkey->pkey.dsa->pub_key);
++                              DSA *dsa = EVP_PKEY_get0_DSA(pkey);
++                              const BIGNUM *p, *q, *g, *pub_key;
++                              DSA_get0_pqg(dsa, &p, &q, &g);
++                              DSA_get0_key(dsa, &pub_key, 0);
++                              XMLCh * P = BN2b64(p);
++                              XMLCh * Q = BN2b64(q);
++                              XMLCh * G = BN2b64(g);
++                              XMLCh * Y = BN2b64(pub_key);
+ 
+                               sig->appendDSAKeyValue(P,Q,G,Y);
+ 
+@@ -1999,15 +2045,18 @@ XKMSMessageAbstractType * createReissueR
+                               XSEC_RELEASE_XMLCH(Y);
+                       }
+                       else {
+-                              if (pkey->type != EVP_PKEY_RSA) {
++                              if (EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA) {
+                                       cerr << "RSA Key requested, but OpenSSL loaded something else\n";
+                                       exit (1);
+                               }
+                               sig = rr->addSignature(CANON_C14N_NOC, SIGNATURE_RSA, HASH_SHA1);
+                               key = new OpenSSLCryptoKeyRSA(pkey);
+ 
+-                              XMLCh * mod = BN2b64(pkey->pkey.rsa->n);
+-                              XMLCh * exp = BN2b64(pkey->pkey.rsa->e);
++                              RSA *rsa = EVP_PKEY_get0_RSA(pkey);
++                              const BIGNUM *n, *e;
++                              RSA_get0_key(rsa, &n, &e, 0);
++                              XMLCh * mod = BN2b64(n);
++                              XMLCh * exp = BN2b64(e);
+                               sig->appendRSAKeyValue(mod, exp);
+                               XSEC_RELEASE_XMLCH(mod);
+                               XSEC_RELEASE_XMLCH(exp);
+@@ -2074,7 +2123,7 @@ XKMSMessageAbstractType * createReissueR
+ 
+                               // Check type is correct
+ 
+-                              if (pkey->type != EVP_PKEY_DSA) {
++                              if (EVP_PKEY_base_id(pkey) != EVP_PKEY_DSA) {
+                                       cerr << "DSA Key requested, but OpenSSL loaded something else\n";
+                                       return NULL;
+                               }
+@@ -2082,10 +2131,14 @@ XKMSMessageAbstractType * createReissueR
+                               proofOfPossessionKey = new OpenSSLCryptoKeyDSA(pkey);
+                               proofOfPossessionSm = SIGNATURE_DSA;
+ 
+-                              XMLCh * P = BN2b64(pkey->pkey.dsa->p);
+-                              XMLCh * Q = BN2b64(pkey->pkey.dsa->q);
+-                              XMLCh * G = BN2b64(pkey->pkey.dsa->g);
+-                              XMLCh * Y = BN2b64(pkey->pkey.dsa->pub_key);
++                              DSA *dsa = EVP_PKEY_get0_DSA(pkey);
++                              const BIGNUM *p, *q, *g, *pub_key;
++                              DSA_get0_pqg(dsa, &p, &q, &g);
++                              DSA_get0_key(dsa, &pub_key, 0);
++                              XMLCh * P = BN2b64(p);
++                              XMLCh * Q = BN2b64(q);
++                              XMLCh * G = BN2b64(g);
++                              XMLCh * Y = BN2b64(pub_key);
+ 
+                               pkb->appendDSAKeyValue(P,Q,G,Y);
+ 
+@@ -2095,7 +2148,7 @@ XKMSMessageAbstractType * createReissueR
+                               XSEC_RELEASE_XMLCH(Y);
+                       }
+                       else {
+-                              if (pkey->type != EVP_PKEY_RSA) {
++                              if (EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA) {
+                                       cerr << "RSA Key requested, but OpenSSL loaded something else\n";
+                                       exit (1);
+                               }
+@@ -2103,8 +2156,11 @@ XKMSMessageAbstractType * createReissueR
+                               proofOfPossessionKey = new OpenSSLCryptoKeyRSA(pkey);
+                               proofOfPossessionSm = SIGNATURE_RSA;
+ 
+-                              XMLCh * mod = BN2b64(pkey->pkey.rsa->n);
+-                              XMLCh * exp = BN2b64(pkey->pkey.rsa->e);
++                              RSA *rsa = EVP_PKEY_get0_RSA(pkey);
++                              const BIGNUM *n, *e;
++                              RSA_get0_key(rsa, &n, &e, 0);
++                              XMLCh * mod = BN2b64(n);
++                              XMLCh * exp = BN2b64(e);
+                               pkb->appendRSAKeyValue(mod, exp);
+                               XSEC_RELEASE_XMLCH(mod);
+                               XSEC_RELEASE_XMLCH(exp);
+@@ -2371,7 +2427,7 @@ XKMSMessageAbstractType * createRecoverR
+ 
+                               // Check type is correct
+ 
+-                              if (pkey->type != EVP_PKEY_DSA) {
++                              if (EVP_PKEY_base_id(pkey) != EVP_PKEY_DSA) {
+                                       cerr << "DSA Key requested, but OpenSSL loaded something else\n";
+                                       return NULL;
+                               }
+@@ -2380,10 +2436,14 @@ XKMSMessageAbstractType * createRecoverR
+                               // Create the XSEC OpenSSL interface
+                               key = new OpenSSLCryptoKeyDSA(pkey);
+ 
+-                              XMLCh * P = BN2b64(pkey->pkey.dsa->p);
+-                              XMLCh * Q = BN2b64(pkey->pkey.dsa->q);
+-                              XMLCh * G = BN2b64(pkey->pkey.dsa->g);
+-                              XMLCh * Y = BN2b64(pkey->pkey.dsa->pub_key);
++                              DSA *dsa = EVP_PKEY_get0_DSA(pkey);
++                              const BIGNUM *p, *q, *g, *pub_key;
++                              DSA_get0_pqg(dsa, &p, &q, &g);
++                              DSA_get0_key(dsa, &pub_key, 0);
++                              XMLCh * P = BN2b64(p);
++                              XMLCh * Q = BN2b64(q);
++                              XMLCh * G = BN2b64(g);
++                              XMLCh * Y = BN2b64(pub_key);
+ 
+                               sig->appendDSAKeyValue(P,Q,G,Y);
+ 
+@@ -2393,15 +2453,18 @@ XKMSMessageAbstractType * createRecoverR
+                               XSEC_RELEASE_XMLCH(Y);
+                       }
+                       else {
+-                              if (pkey->type != EVP_PKEY_RSA) {
++                              if (EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA) {
+                                       cerr << "RSA Key requested, but OpenSSL loaded something else\n";
+                                       exit (1);
+                               }
+                               sig = rr->addSignature(CANON_C14N_NOC, SIGNATURE_RSA, HASH_SHA1);
+                               key = new OpenSSLCryptoKeyRSA(pkey);
+ 
+-                              XMLCh * mod = BN2b64(pkey->pkey.rsa->n);
+-                              XMLCh * exp = BN2b64(pkey->pkey.rsa->e);
++                              RSA *rsa = EVP_PKEY_get0_RSA(pkey);
++                              const BIGNUM *n, *e;
++                              RSA_get0_key(rsa, &n, &e, 0);
++                              XMLCh * mod = BN2b64(n);
++                              XMLCh * exp = BN2b64(e);
+                               sig->appendRSAKeyValue(mod, exp);
+                               XSEC_RELEASE_XMLCH(mod);
+                               XSEC_RELEASE_XMLCH(exp);
+@@ -2468,15 +2531,19 @@ XKMSMessageAbstractType * createRecoverR
+ 
+                               // Check type is correct
+ 
+-                              if (pkey->type != EVP_PKEY_DSA) {
++                              if (EVP_PKEY_base_id(pkey) != EVP_PKEY_DSA) {
+                                       cerr << "DSA Key requested, but OpenSSL loaded something else\n";
+                                       return NULL;
+                               }
+ 
+-                              XMLCh * P = BN2b64(pkey->pkey.dsa->p);
+-                              XMLCh * Q = BN2b64(pkey->pkey.dsa->q);
+-                              XMLCh * G = BN2b64(pkey->pkey.dsa->g);
+-                              XMLCh * Y = BN2b64(pkey->pkey.dsa->pub_key);
++                              DSA *dsa = EVP_PKEY_get0_DSA(pkey);
++                              const BIGNUM *p, *q, *g, *pub_key;
++                              DSA_get0_pqg(dsa, &p, &q, &g);
++                              DSA_get0_key(dsa, &pub_key, 0);
++                              XMLCh * P = BN2b64(p);
++                              XMLCh * Q = BN2b64(q);
++                              XMLCh * G = BN2b64(g);
++                              XMLCh * Y = BN2b64(pub_key);
+ 
+                               rkb->appendDSAKeyValue(P,Q,G,Y);
+ 
+@@ -2486,13 +2553,16 @@ XKMSMessageAbstractType * createRecoverR
+                               XSEC_RELEASE_XMLCH(Y);
+                       }
+                       else {
+-                              if (pkey->type != EVP_PKEY_RSA) {
++                              if (EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA) {
+                                       cerr << "RSA Key requested, but OpenSSL loaded something else\n";
+                                       exit (1);
+                               }
+ 
+-                              XMLCh * mod = BN2b64(pkey->pkey.rsa->n);
+-                              XMLCh * exp = BN2b64(pkey->pkey.rsa->e);
++                              RSA *rsa = EVP_PKEY_get0_RSA(pkey);
++                              const BIGNUM *n, *e;
++                              RSA_get0_key(rsa, &n, &e, 0);
++                              XMLCh * mod = BN2b64(n);
++                              XMLCh * exp = BN2b64(e);
+                               rkb->appendRSAKeyValue(mod, exp);
+                               XSEC_RELEASE_XMLCH(mod);
+                               XSEC_RELEASE_XMLCH(exp);
+@@ -3251,14 +3321,17 @@ int doRegisterResultDump(XKMSRegisterRes
+ 
+                               // Create the RSA key file
+                               RSA * rsa = RSA_new();
+-                              rsa->n = OpenSSLCryptoBase64::b642BN(sModulus, (unsigned int) strlen(sModulus));
+-                              rsa->e = OpenSSLCryptoBase64::b642BN(sExponent, (unsigned int) strlen(sExponent));
+-                              rsa->d = OpenSSLCryptoBase64::b642BN(sD, (unsigned int) strlen(sD));
+-                              rsa->p = OpenSSLCryptoBase64::b642BN(sP, (unsigned int) strlen(sP));
+-                              rsa->q = OpenSSLCryptoBase64::b642BN(sQ, (unsigned int) strlen(sQ));
+-                              rsa->dmp1 = OpenSSLCryptoBase64::b642BN(sDP, (unsigned int) strlen(sDP));
+-                              rsa->dmq1 = OpenSSLCryptoBase64::b642BN(sDQ, (unsigned int) strlen(sDQ));
+-                              rsa->iqmp = OpenSSLCryptoBase64::b642BN(sInverseQ, (unsigned int) strlen(sInverseQ));
++                              RSA_set0_key(rsa,
++                                      OpenSSLCryptoBase64::b642BN(sModulus, (unsigned int) strlen(sModulus)),
++                                      OpenSSLCryptoBase64::b642BN(sExponent, (unsigned int) strlen(sExponent)),
++                                      OpenSSLCryptoBase64::b642BN(sD, (unsigned int) strlen(sD)));
++                              RSA_set0_factors(rsa,
++                                      OpenSSLCryptoBase64::b642BN(sP, (unsigned int) strlen(sP)),
++                                      OpenSSLCryptoBase64::b642BN(sQ, (unsigned int) strlen(sQ)));
++                              RSA_set0_crt_params(rsa,
++                                      OpenSSLCryptoBase64::b642BN(sDP, (unsigned int) strlen(sDP)),
++                                      OpenSSLCryptoBase64::b642BN(sDQ, (unsigned int) strlen(sDQ)),
++                                      OpenSSLCryptoBase64::b642BN(sInverseQ, (unsigned int) strlen(sInverseQ)));
+ 
+                               // Write it to disk
+                               BIO *out;
+@@ -3367,14 +3440,17 @@ int doRecoverResultDump(XKMSRecoverResul
+ 
+                               // Create the RSA key file
+                               RSA * rsa = RSA_new();
+-                              rsa->n = OpenSSLCryptoBase64::b642BN(sModulus, (unsigned int) strlen(sModulus));
+-                              rsa->e = OpenSSLCryptoBase64::b642BN(sExponent, (unsigned int) strlen(sExponent));
+-                              rsa->d = OpenSSLCryptoBase64::b642BN(sD, (unsigned int) strlen(sD));
+-                              rsa->p = OpenSSLCryptoBase64::b642BN(sP, (unsigned int) strlen(sP));
+-                              rsa->q = OpenSSLCryptoBase64::b642BN(sQ, (unsigned int) strlen(sQ));
+-                              rsa->dmp1 = OpenSSLCryptoBase64::b642BN(sDP, (unsigned int) strlen(sDP));
+-                              rsa->dmq1 = OpenSSLCryptoBase64::b642BN(sDQ, (unsigned int) strlen(sDQ));
+-                              rsa->iqmp = OpenSSLCryptoBase64::b642BN(sInverseQ, (unsigned int) strlen(sInverseQ));
++                              RSA_set0_key(rsa,
++                                      OpenSSLCryptoBase64::b642BN(sModulus, (unsigned int) strlen(sModulus)),
++                                      OpenSSLCryptoBase64::b642BN(sExponent, (unsigned int) strlen(sExponent)),
++                                      OpenSSLCryptoBase64::b642BN(sD, (unsigned int) strlen(sD)));
++                              RSA_set0_factors(rsa,
++                                      OpenSSLCryptoBase64::b642BN(sP, (unsigned int) strlen(sP)),
++                                      OpenSSLCryptoBase64::b642BN(sQ, (unsigned int) strlen(sQ)));
++                              RSA_set0_crt_params(rsa,
++                                      OpenSSLCryptoBase64::b642BN(sDP, (unsigned int) strlen(sDP)),
++                                      OpenSSLCryptoBase64::b642BN(sDQ, (unsigned int) strlen(sDQ)),
++                                      OpenSSLCryptoBase64::b642BN(sInverseQ, (unsigned int) strlen(sInverseQ)));
+ 
+                               // Write it to disk
+                               BIO *out;



Home | Main Index | Thread Index | Old Index