[arch-commits] Commit in qca/repos/extra-x86_64 (6 files)

Antonio Rojas arojas at archlinux.org
Sat Apr 7 01:27:05 UTC 2018


    Date: Saturday, April 7, 2018 @ 01:27:04
  Author: arojas
Revision: 321292

archrelease: copy trunk to extra-x86_64

Added:
  qca/repos/extra-x86_64/PKGBUILD
    (from rev 321291, qca/trunk/PKGBUILD)
  qca/repos/extra-x86_64/qca-botan2.patch
    (from rev 321291, qca/trunk/qca-botan2.patch)
  qca/repos/extra-x86_64/qca-openssl-1.1.patch
    (from rev 321291, qca/trunk/qca-openssl-1.1.patch)
Deleted:
  qca/repos/extra-x86_64/PKGBUILD
  qca/repos/extra-x86_64/qca-botan2.patch
  qca/repos/extra-x86_64/qca-openssl-1.1.patch

-----------------------+
 PKGBUILD              |  135 -
 qca-botan2.patch      |  501 +++--
 qca-openssl-1.1.patch | 4072 ++++++++++++++++++++++++------------------------
 3 files changed, 2360 insertions(+), 2348 deletions(-)

Deleted: PKGBUILD
===================================================================
--- PKGBUILD	2018-04-07 01:26:36 UTC (rev 321291)
+++ PKGBUILD	2018-04-07 01:27:04 UTC (rev 321292)
@@ -1,69 +0,0 @@
-# $Id$
-# Maintainer: Antonio Rojas <arojas at archlinux.org>
-# Contributor: Andrea Scarpino <andrea at archlinux.org>
-# Contributor: Pierre Schmitz <pierre at archlinux.de>
-
-pkgbase=qca
-pkgname=(qca-qt4 qca-qt5)
-pkgver=2.1.3
-pkgrel=8
-pkgdesc="Qt Cryptographic Architecture"
-arch=(x86_64)
-url="http://delta.affinix.com/qca/"
-license=(LGPL)
-makedepends=(qt4 qt5-base cmake doxygen nss pkcs11-helper botan)
-source=("http://download.kde.org/stable/$pkgbase/$pkgver/src/$pkgbase-$pkgver.tar.xz" qca-openssl-1.1.patch qca-botan2.patch)
-sha256sums=('003fd86a32421057a03b18a8168db52e2940978f9db5ebbb6a08882f8ab1e353'
-            'b1505bc313fd2f4e350cd4c94af69256c901afa419ae6700b208cb6e40e6926d'
-            '33369553e41ccfbd8b304cfb3e887ae8df56b0e1b3eec88cc32ddb07f98f6a4c')
-
-prepare() {
-  mkdir -p build{4,5}
-
-  cd $pkgbase-$pkgver
-  patch -p1 -i ../qca-openssl-1.1.patch # Fix build with OpenSSL 1.1 https://bugs.kde.org/show_bug.cgi?id=379810
-  patch -p1 -i ../qca-botan2.patch      # Fix build with botan 2
-}
-
-build() {
-  cd build4
-  cmake ../$pkgbase-$pkgver \
-    -DCMAKE_INSTALL_PREFIX=/usr \
-    -DCMAKE_BUILD_TYPE=Release \
-    -DBUILD_TESTS=OFF \
-    -DQCA_LIBRARY_INSTALL_DIR=/usr/lib \
-    -DQCA_FEATURE_INSTALL_DIR=/usr/share/qt4/mkspecs/features/ \
-    -DQT4_BUILD=ON \
-    -DWITH_botan_PLUGIN=OFF
-  make
-
-  cd ../build5
-  cmake ../$pkgbase-$pkgver \
-    -DCMAKE_INSTALL_PREFIX=/usr \
-    -DCMAKE_BUILD_TYPE=Release \
-    -DBUILD_TESTS=OFF \
-    -DQCA_INSTALL_IN_QT_PREFIX=ON \
-    -DQCA_MAN_INSTALL_DIR=/usr/share/man
-  make
-}
-
-package_qca-qt4() {
-  depends=(qt4 nss)
-  optdepends=('pkcs11-helper: PKCS-11 plugin')
-  conflicts=(qca qca-gnupg qca-ossl)
-  provides=(qca qca-gnupg qca-ossl)
-  replaces=(qca qca-gnupg qca-ossl)
-
-  cd build4
-  make DESTDIR="$pkgdir" install
-}
-
-package_qca-qt5() {
-  depends=(qt5-base nss ca-certificates)
-  optdepends=('pkcs11-helper: PKCS-11 plugin' 'botan: botan plugin')
-
-  cd build5
-  make DESTDIR="$pkgdir" install
-}
-
-

Copied: qca/repos/extra-x86_64/PKGBUILD (from rev 321291, qca/trunk/PKGBUILD)
===================================================================
--- PKGBUILD	                        (rev 0)
+++ PKGBUILD	2018-04-07 01:27:04 UTC (rev 321292)
@@ -0,0 +1,66 @@
+# $Id$
+# Maintainer: Antonio Rojas <arojas at archlinux.org>
+# Contributor: Andrea Scarpino <andrea at archlinux.org>
+# Contributor: Pierre Schmitz <pierre at archlinux.de>
+
+pkgbase=qca
+pkgname=(qca-qt4 qca-qt5)
+pkgver=2.1.3
+pkgrel=9
+pkgdesc="Qt Cryptographic Architecture"
+arch=(x86_64)
+url="http://delta.affinix.com/qca/"
+license=(LGPL)
+makedepends=(qt4 qt5-base cmake doxygen nss pkcs11-helper botan)
+source=("http://download.kde.org/stable/$pkgbase/$pkgver/src/$pkgbase-$pkgver.tar.xz" qca-openssl-1.1.patch qca-botan2.patch)
+sha256sums=('003fd86a32421057a03b18a8168db52e2940978f9db5ebbb6a08882f8ab1e353'
+            'b1505bc313fd2f4e350cd4c94af69256c901afa419ae6700b208cb6e40e6926d'
+            '4fc5c0179367837ed73bd09aeb5b0aee74385a7aa6ebd99008de916ba02ef0ed')
+
+prepare() {
+  mkdir -p build{4,5}
+
+  cd $pkgbase-$pkgver
+  patch -p1 -i ../qca-openssl-1.1.patch # Fix build with OpenSSL 1.1 https://bugs.kde.org/show_bug.cgi?id=379810
+  patch -p1 -i ../qca-botan2.patch      # Fix build with botan 2
+}
+
+build() {
+  cd build4
+  cmake ../$pkgbase-$pkgver \
+    -DCMAKE_INSTALL_PREFIX=/usr \
+    -DBUILD_TESTS=OFF \
+    -DQCA_LIBRARY_INSTALL_DIR=/usr/lib \
+    -DQCA_FEATURE_INSTALL_DIR=/usr/share/qt4/mkspecs/features/ \
+    -DQT4_BUILD=ON
+  make
+
+  cd ../build5
+  cmake ../$pkgbase-$pkgver \
+    -DCMAKE_INSTALL_PREFIX=/usr \
+    -DBUILD_TESTS=OFF \
+    -DQCA_INSTALL_IN_QT_PREFIX=ON \
+    -DQCA_MAN_INSTALL_DIR=/usr/share/man
+  make
+}
+
+package_qca-qt4() {
+  depends=(qt4 nss)
+  optdepends=('pkcs11-helper: PKCS-11 plugin' 'botan: botan plugin')
+  conflicts=(qca qca-gnupg qca-ossl)
+  provides=(qca qca-gnupg qca-ossl)
+  replaces=(qca qca-gnupg qca-ossl)
+
+  cd build4
+  make DESTDIR="$pkgdir" install
+}
+
+package_qca-qt5() {
+  depends=(qt5-base nss ca-certificates)
+  optdepends=('pkcs11-helper: PKCS-11 plugin' 'botan: botan plugin')
+
+  cd build5
+  make DESTDIR="$pkgdir" install
+}
+
+

Deleted: qca-botan2.patch
===================================================================
--- qca-botan2.patch	2018-04-07 01:26:36 UTC (rev 321291)
+++ qca-botan2.patch	2018-04-07 01:27:04 UTC (rev 321292)
@@ -1,243 +0,0 @@
-diff --git a/cmake/modules/FindBotan.cmake b/cmake/modules/FindBotan.cmake
-index 0c4e24b..ce92df5 100644
---- a/cmake/modules/FindBotan.cmake
-+++ b/cmake/modules/FindBotan.cmake
-@@ -11,30 +11,12 @@
- # Redistribution and use is allowed according to the terms of the BSD license.
- # For details see the accompanying COPYING-CMAKE-SCRIPTS file.
- 
--# libgcrypt is moving to pkg-config, but earlier version don't have it
--
--#search in typical paths for libgcrypt-config
--FIND_PROGRAM(BOTANCONFIG_EXECUTABLE NAMES botan-config botan-config-1.10)
--mark_as_advanced(BOTANCONFIG_EXECUTABLE)
--
- #reset variables
- set(BOTAN_LIBRARIES)
- set(BOTAN_CFLAGS)
- 
--# if botan-config has been found
--IF(BOTANCONFIG_EXECUTABLE)
--
--  EXEC_PROGRAM(${BOTANCONFIG_EXECUTABLE} ARGS --libs RETURN_VALUE _return_VALUE OUTPUT_VARIABLE BOTAN_LIBRARIES)
--
--  EXEC_PROGRAM(${BOTANCONFIG_EXECUTABLE} ARGS --cflags RETURN_VALUE _return_VALUE OUTPUT_VARIABLE BOTAN_CFLAGS)
--
--  IF(BOTAN_LIBRARIES)
--    SET(BOTAN_FOUND TRUE)
--  ENDIF(BOTAN_LIBRARIES)
--
--  MARK_AS_ADVANCED(BOTAN_CFLAGS BOTAN_LIBRARIES)
--
--ENDIF(BOTANCONFIG_EXECUTABLE)
-+find_package(PkgConfig)
-+pkg_search_module(BOTAN REQUIRED botan>=1.10 botan-1.10 botan-2)
- 
- if (BOTAN_FOUND)
-    if (NOT Botan_FIND_QUIETLY)
-diff --git a/plugins/qca-botan/qca-botan.cpp b/plugins/qca-botan/qca-botan.cpp
-index f387575..92820a0 100644
---- a/plugins/qca-botan/qca-botan.cpp
-+++ b/plugins/qca-botan/qca-botan.cpp
-@@ -23,13 +23,18 @@
- 
- #include <qstringlist.h>
- 
--#include <botan/botan.h>
- #include <botan/hmac.h>
--#if BOTAN_VERSION_CODE < BOTAN_VERSION_CODE_FOR(1,9,0)
--#include <botan/s2k.h>
--#endif
--#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,8,0)
-+#include <botan/version.h>
-+#if BOTAN_VERSION_CODE < BOTAN_VERSION_CODE_FOR(2,0,0)
-+#include <botan/botan.h>
- #include <botan/algo_factory.h>
-+#else
-+#include <botan/auto_rng.h>
-+#include <botan/block_cipher.h>
-+#include <botan/filters.h>
-+#include <botan/hash.h>
-+#include <botan/pbkdf.h>
-+#include <botan/stream_cipher.h>
- #endif
- 
- #include <stdlib.h>
-@@ -51,14 +56,8 @@ public:
-     QCA::SecureArray nextBytes(int size)
-     {
-         QCA::SecureArray buf(size);
--#if BOTAN_VERSION_CODE < BOTAN_VERSION_CODE_FOR(1,5,0)
--	Botan::Global_RNG::randomize( (Botan::byte*)buf.data(), buf.size(), Botan::SessionKey );
--#elif BOTAN_VERSION_CODE < BOTAN_VERSION_CODE_FOR(1,7,6)
--	Botan::Global_RNG::randomize( (Botan::byte*)buf.data(), buf.size() );
--#else
- 	Botan::AutoSeeded_RNG rng;
- 	rng.randomize(reinterpret_cast<Botan::byte*>(buf.data()), buf.size());
--#endif
- 	return buf;
-     }
- };
-@@ -70,7 +69,11 @@ class BotanHashContext : public QCA::HashContext
- public:
-     BotanHashContext( const QString &hashName, QCA::Provider *p, const QString &type) : QCA::HashContext(p, type)
-     {
-+#if BOTAN_VERSION_CODE < BOTAN_VERSION_CODE_FOR(2,0,0)
- 	m_hashObj = Botan::get_hash(hashName.toStdString());
-+#else
-+	m_hashObj = Botan::HashFunction::create(hashName.toStdString()).release();
-+#endif
-     }
- 
-     ~BotanHashContext()
-@@ -95,11 +98,7 @@ public:
- 
-     QCA::MemoryRegion final()
-     {
--#if BOTAN_VERSION_CODE < BOTAN_VERSION_CODE_FOR(1,9,0)
--        QCA::SecureArray a( m_hashObj->OUTPUT_LENGTH );
--#else
- 	QCA::SecureArray a( m_hashObj->output_length() );
--#endif
- 	m_hashObj->final( (Botan::byte *)a.data() );
- 	return a;
-     }
-@@ -115,10 +114,10 @@ class BotanHMACContext : public QCA::MACContext
- public:
-     BotanHMACContext( const QString &hashName, QCA::Provider *p, const QString &type) : QCA::MACContext(p, type)
-     {
--#if BOTAN_VERSION_CODE < BOTAN_VERSION_CODE_FOR(1,8,0)
--	m_hashObj = new Botan::HMAC(hashName.toStdString());
--#else
-+#if BOTAN_VERSION_CODE < BOTAN_VERSION_CODE_FOR(2,0,0)
- 	m_hashObj = new Botan::HMAC(Botan::global_state().algorithm_factory().make_hash_function(hashName.toStdString()));
-+#else
-+	m_hashObj = new Botan::HMAC(Botan::HashFunction::create_or_throw(hashName.toStdString()).release());
- #endif
- 	if (0 == m_hashObj) {
- 	    std::cout << "null context object" << std::endl;
-@@ -161,11 +160,7 @@ public:
- 
-     void final( QCA::MemoryRegion *out)
-     {
--#if BOTAN_VERSION_CODE < BOTAN_VERSION_CODE_FOR(1,9,0)
--	QCA::SecureArray sa( m_hashObj->OUTPUT_LENGTH, 0 );
--#else
- 	QCA::SecureArray sa( m_hashObj->output_length(), 0 );
--#endif
- 	m_hashObj->final( (Botan::byte *)sa.data() );
- 	*out = sa;
-     }
-@@ -197,15 +192,8 @@ public:
-     QCA::SymmetricKey makeKey(const QCA::SecureArray &secret, const QCA::InitializationVector &salt,
- 			      unsigned int keyLength, unsigned int iterationCount)
-     {
--#if BOTAN_VERSION_CODE < BOTAN_VERSION_CODE_FOR(1,9,0)
--	m_s2k->set_iterations(iterationCount);
--	m_s2k->change_salt((const Botan::byte*)salt.data(), salt.size());
--	std::string secretString(secret.data(), secret.size() );
--	Botan::OctetString key = m_s2k->derive_key(keyLength, secretString);
--#else
- 	std::string secretString(secret.data(), secret.size() );
- 	Botan::OctetString key = m_s2k->derive_key(keyLength, secretString, (const Botan::byte*)salt.data(), salt.size(), iterationCount);
--#endif
-         QCA::SecureArray retval(QByteArray((const char*)key.begin(), key.length()));
- 	return QCA::SymmetricKey(retval);
-     }
-@@ -222,15 +210,6 @@ public:
- 		std::string secretString(secret.data(), secret.size() );
- 
- 		*iterationCount = 0;
--#if BOTAN_VERSION_CODE < BOTAN_VERSION_CODE_FOR(1,9,0)
--		m_s2k->set_iterations(1);
--		m_s2k->change_salt((const Botan::byte*)salt.data(), salt.size());
--		timer.start();
--		while (timer.elapsed() < msecInterval) {
--			key = m_s2k->derive_key(keyLength, secretString);
--			++(*iterationCount);
--		}
--#else
- 		timer.start();
- 		while (timer.elapsed() < msecInterval) {
- 			key = m_s2k->derive_key(keyLength,
-@@ -240,7 +219,6 @@ public:
- 									1);
- 			++(*iterationCount);
- 		}
--#endif
- 		return makeKey(secret, salt, keyLength, *iterationCount);
- 	}
- 
-@@ -304,7 +282,14 @@ public:
- 
-     int blockSize() const
-     {
-+#if BOTAN_VERSION_CODE < BOTAN_VERSION_CODE_FOR(2,0,0)
- 	return Botan::block_size_of(m_algoName);
-+#else
-+	if(const std::unique_ptr<Botan::BlockCipher> bc = Botan::BlockCipher::create(m_algoName))
-+	    return bc->block_size();
-+        
-+        throw Botan::Algorithm_Not_Found(m_algoName);
-+#endif
-     }
- 
-     QCA::AuthTag tag() const
-@@ -337,23 +322,31 @@ public:
- 
-     QCA::KeyLength keyLength() const
-     {
--#if BOTAN_VERSION_CODE < BOTAN_VERSION_CODE_FOR(1,9,0)
--	return QCA::KeyLength( Botan::min_keylength_of(m_algoName),
--			       Botan::max_keylength_of(m_algoName),
--			       Botan::keylength_multiple_of(m_algoName) );
--#else
-+#if BOTAN_VERSION_CODE < BOTAN_VERSION_CODE_FOR(2,0,0)
-         Botan::Algorithm_Factory &af = Botan::global_state().algorithm_factory();
-+#endif
-         Botan::Key_Length_Specification kls(0);
-+#if BOTAN_VERSION_CODE < BOTAN_VERSION_CODE_FOR(2,0,0)
-         if(const Botan::BlockCipher *bc = af.prototype_block_cipher(m_algoName))
-+#else
-+        if(const std::unique_ptr<Botan::BlockCipher> bc = Botan::BlockCipher::create(m_algoName))
-+#endif
-             kls = bc->key_spec();
-+#if BOTAN_VERSION_CODE < BOTAN_VERSION_CODE_FOR(2,0,0)
-         else if(const Botan::StreamCipher *sc = af.prototype_stream_cipher(m_algoName))
-+#else
-+        else if(const std::unique_ptr<Botan::StreamCipher> sc = Botan::StreamCipher::create(m_algoName))
-+#endif
-             kls = sc->key_spec();
-+#if BOTAN_VERSION_CODE < BOTAN_VERSION_CODE_FOR(2,0,0)
-         else if(const Botan::MessageAuthenticationCode *mac = af.prototype_mac(m_algoName))
-+#else
-+        else if(const std::unique_ptr<Botan::MessageAuthenticationCode> mac = Botan::MessageAuthenticationCode::create(m_algoName))
-+#endif
-             kls = mac->key_spec();
-         return QCA::KeyLength( kls.minimum_keylength(),
-                                kls.maximum_keylength(),
-                                kls.keylength_multiple() );
--#endif
-     }
- 
- 
-@@ -379,7 +372,9 @@ class botanProvider : public QCA::Provider
- public:
-     void init()
-     {
-+#if BOTAN_VERSION_CODE < BOTAN_VERSION_CODE_FOR(2,0,0)
- 	m_init = new Botan::LibraryInitializer;
-+#endif
-     }
- 
-     ~botanProvider()
-@@ -538,7 +533,9 @@ public:
- 	    return 0;
-     }
- private:
-+#if BOTAN_VERSION_CODE < BOTAN_VERSION_CODE_FOR(2,0,0)
-     Botan::LibraryInitializer *m_init;
-+#endif
- 
- };
- 

Copied: qca/repos/extra-x86_64/qca-botan2.patch (from rev 321291, qca/trunk/qca-botan2.patch)
===================================================================
--- qca-botan2.patch	                        (rev 0)
+++ qca-botan2.patch	2018-04-07 01:27:04 UTC (rev 321292)
@@ -0,0 +1,258 @@
+diff --git a/CMakeLists.txt b/CMakeLists.txt
+index 7ef32ee..28b0169 100644
+--- a/CMakeLists.txt
++++ b/CMakeLists.txt
+@@ -131,8 +131,8 @@ if (CMAKE_COMPILER_IS_GNUCXX)
+        set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -Wcast-align")
+      endif()
+ 
+-     set ( CMAKE_C_FLAGS     "${CMAKE_C_FLAGS} -Wno-long-long -ansi -Wundef -Werror-implicit-function-declaration -Wchar-subscripts -Wall -W -Wpointer-arith -Wwrite-strings -Wformat-security -Wmissing-format-attribute -fno-common")
+-     set ( CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -Wnon-virtual-dtor -Wno-long-long -ansi -Wundef -Wchar-subscripts -Wall -W -Wpointer-arith -Wwrite-strings -Wformat-security -fno-check-new -fno-common")
++     set ( CMAKE_C_FLAGS     "${CMAKE_C_FLAGS} -Wno-long-long -Wundef -Werror-implicit-function-declaration -Wchar-subscripts -Wall -W -Wpointer-arith -Wwrite-strings -Wformat-security -Wmissing-format-attribute -fno-common")
++     set ( CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -Wnon-virtual-dtor -Wno-long-long -Wundef -Wchar-subscripts -Wall -W -Wpointer-arith -Wwrite-strings -Wformat-security -fno-check-new -fno-common")
+    endif (CMAKE_SYSTEM_NAME MATCHES Linux)
+ endif (CMAKE_COMPILER_IS_GNUCXX)
+ 
+diff --git a/cmake/modules/FindBotan.cmake b/cmake/modules/FindBotan.cmake
+index 0c4e24b..ce92df5 100644
+--- a/cmake/modules/FindBotan.cmake
++++ b/cmake/modules/FindBotan.cmake
+@@ -11,30 +11,12 @@
+ # Redistribution and use is allowed according to the terms of the BSD license.
+ # For details see the accompanying COPYING-CMAKE-SCRIPTS file.
+ 
+-# libgcrypt is moving to pkg-config, but earlier version don't have it
+-
+-#search in typical paths for libgcrypt-config
+-FIND_PROGRAM(BOTANCONFIG_EXECUTABLE NAMES botan-config botan-config-1.10)
+-mark_as_advanced(BOTANCONFIG_EXECUTABLE)
+-
+ #reset variables
+ set(BOTAN_LIBRARIES)
+ set(BOTAN_CFLAGS)
+ 
+-# if botan-config has been found
+-IF(BOTANCONFIG_EXECUTABLE)
+-
+-  EXEC_PROGRAM(${BOTANCONFIG_EXECUTABLE} ARGS --libs RETURN_VALUE _return_VALUE OUTPUT_VARIABLE BOTAN_LIBRARIES)
+-
+-  EXEC_PROGRAM(${BOTANCONFIG_EXECUTABLE} ARGS --cflags RETURN_VALUE _return_VALUE OUTPUT_VARIABLE BOTAN_CFLAGS)
+-
+-  IF(BOTAN_LIBRARIES)
+-    SET(BOTAN_FOUND TRUE)
+-  ENDIF(BOTAN_LIBRARIES)
+-
+-  MARK_AS_ADVANCED(BOTAN_CFLAGS BOTAN_LIBRARIES)
+-
+-ENDIF(BOTANCONFIG_EXECUTABLE)
++find_package(PkgConfig)
++pkg_search_module(BOTAN REQUIRED botan>=1.10 botan-1.10 botan-2)
+ 
+ if (BOTAN_FOUND)
+    if (NOT Botan_FIND_QUIETLY)
+diff --git a/plugins/qca-botan/qca-botan.cpp b/plugins/qca-botan/qca-botan.cpp
+index f387575..8822ab5 100644
+--- a/plugins/qca-botan/qca-botan.cpp
++++ b/plugins/qca-botan/qca-botan.cpp
+@@ -23,13 +23,18 @@
+ 
+ #include <qstringlist.h>
+ 
+-#include <botan/botan.h>
+ #include <botan/hmac.h>
+-#if BOTAN_VERSION_CODE < BOTAN_VERSION_CODE_FOR(1,9,0)
+-#include <botan/s2k.h>
+-#endif
+-#if BOTAN_VERSION_CODE >= BOTAN_VERSION_CODE_FOR(1,8,0)
++#include <botan/version.h>
++#if BOTAN_VERSION_CODE < BOTAN_VERSION_CODE_FOR(2,0,0)
++#include <botan/botan.h>
+ #include <botan/algo_factory.h>
++#else
++#include <botan/auto_rng.h>
++#include <botan/block_cipher.h>
++#include <botan/filters.h>
++#include <botan/hash.h>
++#include <botan/pbkdf.h>
++#include <botan/stream_cipher.h>
+ #endif
+ 
+ #include <stdlib.h>
+@@ -51,14 +56,8 @@ public:
+     QCA::SecureArray nextBytes(int size)
+     {
+         QCA::SecureArray buf(size);
+-#if BOTAN_VERSION_CODE < BOTAN_VERSION_CODE_FOR(1,5,0)
+-	Botan::Global_RNG::randomize( (Botan::byte*)buf.data(), buf.size(), Botan::SessionKey );
+-#elif BOTAN_VERSION_CODE < BOTAN_VERSION_CODE_FOR(1,7,6)
+-	Botan::Global_RNG::randomize( (Botan::byte*)buf.data(), buf.size() );
+-#else
+ 	Botan::AutoSeeded_RNG rng;
+ 	rng.randomize(reinterpret_cast<Botan::byte*>(buf.data()), buf.size());
+-#endif
+ 	return buf;
+     }
+ };
+@@ -70,7 +69,11 @@ class BotanHashContext : public QCA::HashContext
+ public:
+     BotanHashContext( const QString &hashName, QCA::Provider *p, const QString &type) : QCA::HashContext(p, type)
+     {
++#if BOTAN_VERSION_CODE < BOTAN_VERSION_CODE_FOR(2,0,0)
+ 	m_hashObj = Botan::get_hash(hashName.toStdString());
++#else
++	m_hashObj = Botan::HashFunction::create(hashName.toStdString()).release();
++#endif
+     }
+ 
+     ~BotanHashContext()
+@@ -95,11 +98,7 @@ public:
+ 
+     QCA::MemoryRegion final()
+     {
+-#if BOTAN_VERSION_CODE < BOTAN_VERSION_CODE_FOR(1,9,0)
+-        QCA::SecureArray a( m_hashObj->OUTPUT_LENGTH );
+-#else
+ 	QCA::SecureArray a( m_hashObj->output_length() );
+-#endif
+ 	m_hashObj->final( (Botan::byte *)a.data() );
+ 	return a;
+     }
+@@ -115,10 +114,10 @@ class BotanHMACContext : public QCA::MACContext
+ public:
+     BotanHMACContext( const QString &hashName, QCA::Provider *p, const QString &type) : QCA::MACContext(p, type)
+     {
+-#if BOTAN_VERSION_CODE < BOTAN_VERSION_CODE_FOR(1,8,0)
+-	m_hashObj = new Botan::HMAC(hashName.toStdString());
+-#else
++#if BOTAN_VERSION_CODE < BOTAN_VERSION_CODE_FOR(2,0,0)
+ 	m_hashObj = new Botan::HMAC(Botan::global_state().algorithm_factory().make_hash_function(hashName.toStdString()));
++#else
++	m_hashObj = new Botan::HMAC(Botan::HashFunction::create_or_throw(hashName.toStdString()).release());
+ #endif
+ 	if (0 == m_hashObj) {
+ 	    std::cout << "null context object" << std::endl;
+@@ -161,11 +160,7 @@ public:
+ 
+     void final( QCA::MemoryRegion *out)
+     {
+-#if BOTAN_VERSION_CODE < BOTAN_VERSION_CODE_FOR(1,9,0)
+-	QCA::SecureArray sa( m_hashObj->OUTPUT_LENGTH, 0 );
+-#else
+ 	QCA::SecureArray sa( m_hashObj->output_length(), 0 );
+-#endif
+ 	m_hashObj->final( (Botan::byte *)sa.data() );
+ 	*out = sa;
+     }
+@@ -197,15 +192,8 @@ public:
+     QCA::SymmetricKey makeKey(const QCA::SecureArray &secret, const QCA::InitializationVector &salt,
+ 			      unsigned int keyLength, unsigned int iterationCount)
+     {
+-#if BOTAN_VERSION_CODE < BOTAN_VERSION_CODE_FOR(1,9,0)
+-	m_s2k->set_iterations(iterationCount);
+-	m_s2k->change_salt((const Botan::byte*)salt.data(), salt.size());
+-	std::string secretString(secret.data(), secret.size() );
+-	Botan::OctetString key = m_s2k->derive_key(keyLength, secretString);
+-#else
+ 	std::string secretString(secret.data(), secret.size() );
+ 	Botan::OctetString key = m_s2k->derive_key(keyLength, secretString, (const Botan::byte*)salt.data(), salt.size(), iterationCount);
+-#endif
+         QCA::SecureArray retval(QByteArray((const char*)key.begin(), key.length()));
+ 	return QCA::SymmetricKey(retval);
+     }
+@@ -222,15 +210,6 @@ public:
+ 		std::string secretString(secret.data(), secret.size() );
+ 
+ 		*iterationCount = 0;
+-#if BOTAN_VERSION_CODE < BOTAN_VERSION_CODE_FOR(1,9,0)
+-		m_s2k->set_iterations(1);
+-		m_s2k->change_salt((const Botan::byte*)salt.data(), salt.size());
+-		timer.start();
+-		while (timer.elapsed() < msecInterval) {
+-			key = m_s2k->derive_key(keyLength, secretString);
+-			++(*iterationCount);
+-		}
+-#else
+ 		timer.start();
+ 		while (timer.elapsed() < msecInterval) {
+ 			key = m_s2k->derive_key(keyLength,
+@@ -240,7 +219,6 @@ public:
+ 									1);
+ 			++(*iterationCount);
+ 		}
+-#endif
+ 		return makeKey(secret, salt, keyLength, *iterationCount);
+ 	}
+ 
+@@ -304,7 +282,14 @@ public:
+ 
+     int blockSize() const
+     {
++#if BOTAN_VERSION_CODE < BOTAN_VERSION_CODE_FOR(2,0,0)
+ 	return Botan::block_size_of(m_algoName);
++#else
++	if(const std::unique_ptr<Botan::BlockCipher> bc = Botan::BlockCipher::create(m_algoName))
++	    return bc->block_size();
++        
++	throw Botan::Algorithm_Not_Found(m_algoName);
++#endif
+     }
+ 
+     QCA::AuthTag tag() const
+@@ -337,23 +322,31 @@ public:
+ 
+     QCA::KeyLength keyLength() const
+     {
+-#if BOTAN_VERSION_CODE < BOTAN_VERSION_CODE_FOR(1,9,0)
+-	return QCA::KeyLength( Botan::min_keylength_of(m_algoName),
+-			       Botan::max_keylength_of(m_algoName),
+-			       Botan::keylength_multiple_of(m_algoName) );
+-#else
++#if BOTAN_VERSION_CODE < BOTAN_VERSION_CODE_FOR(2,0,0)
+         Botan::Algorithm_Factory &af = Botan::global_state().algorithm_factory();
++#endif
+         Botan::Key_Length_Specification kls(0);
++#if BOTAN_VERSION_CODE < BOTAN_VERSION_CODE_FOR(2,0,0)
+         if(const Botan::BlockCipher *bc = af.prototype_block_cipher(m_algoName))
++#else
++        if(const std::unique_ptr<Botan::BlockCipher> bc = Botan::BlockCipher::create(m_algoName))
++#endif
+             kls = bc->key_spec();
++#if BOTAN_VERSION_CODE < BOTAN_VERSION_CODE_FOR(2,0,0)
+         else if(const Botan::StreamCipher *sc = af.prototype_stream_cipher(m_algoName))
++#else
++        else if(const std::unique_ptr<Botan::StreamCipher> sc = Botan::StreamCipher::create(m_algoName))
++#endif
+             kls = sc->key_spec();
++#if BOTAN_VERSION_CODE < BOTAN_VERSION_CODE_FOR(2,0,0)
+         else if(const Botan::MessageAuthenticationCode *mac = af.prototype_mac(m_algoName))
++#else
++        else if(const std::unique_ptr<Botan::MessageAuthenticationCode> mac = Botan::MessageAuthenticationCode::create(m_algoName))
++#endif
+             kls = mac->key_spec();
+         return QCA::KeyLength( kls.minimum_keylength(),
+                                kls.maximum_keylength(),
+                                kls.keylength_multiple() );
+-#endif
+     }
+ 
+ 
+@@ -379,7 +372,9 @@ class botanProvider : public QCA::Provider
+ public:
+     void init()
+     {
++#if BOTAN_VERSION_CODE < BOTAN_VERSION_CODE_FOR(2,0,0)
+ 	m_init = new Botan::LibraryInitializer;
++#endif
+     }
+ 
+     ~botanProvider()
+@@ -538,7 +533,9 @@ public:
+ 	    return 0;
+     }
+ private:
++#if BOTAN_VERSION_CODE < BOTAN_VERSION_CODE_FOR(2,0,0)
+     Botan::LibraryInitializer *m_init;
++#endif
+ 
+ };
+ 

Deleted: qca-openssl-1.1.patch
===================================================================
--- qca-openssl-1.1.patch	2018-04-07 01:26:36 UTC (rev 321291)
+++ qca-openssl-1.1.patch	2018-04-07 01:27:04 UTC (rev 321292)
@@ -1,2036 +0,0 @@
-diff --git a/plugins/qca-ossl/CMakeLists.txt b/plugins/qca-ossl/CMakeLists.txt
-index cdeaeca..f7c5c1b 100644
---- a/plugins/qca-ossl/CMakeLists.txt
-+++ b/plugins/qca-ossl/CMakeLists.txt
-@@ -32,7 +32,7 @@ if(OPENSSL_FOUND)
-     message(WARNING "qca-ossl will be compiled without SHA-0 digest algorithm support")
-   endif(HAVE_OPENSSL_SHA0)
- 
--  set(QCA_OSSL_SOURCES qca-ossl.cpp)
-+  set(QCA_OSSL_SOURCES libcrypto-compat.c qca-ossl.cpp)
- 
-   my_automoc( QCA_OSSL_SOURCES )
- 
-diff --git a/plugins/qca-ossl/libcrypto-compat.c b/plugins/qca-ossl/libcrypto-compat.c
-index e69de29..b587845 100644
---- a/plugins/qca-ossl/libcrypto-compat.c
-+++ b/plugins/qca-ossl/libcrypto-compat.c
-@@ -0,0 +1,410 @@
-+/*
-+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
-+ *
-+ * Licensed under the OpenSSL license (the "License").  You may not use
-+ * this file except in compliance with the License.  You can obtain a copy
-+ * in the file LICENSE in the source distribution or at
-+ * https://www.openssl.org/source/license.html
-+ */
-+
-+#include <openssl/evp.h>
-+
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+
-+#include <string.h>
-+#include <openssl/engine.h>
-+
-+static void *OPENSSL_zalloc(size_t num)
-+{
-+    void *ret = OPENSSL_malloc(num);
-+
-+    if (ret != NULL)
-+        memset(ret, 0, num);
-+    return ret;
-+}
-+
-+int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d)
-+{
-+    /* If the fields n and e in r are NULL, the corresponding input
-+     * parameters MUST be non-NULL for n and e.  d may be
-+     * left NULL (in case only the public key is used).
-+     */
-+    if ((r->n == NULL && n == NULL)
-+        || (r->e == NULL && e == NULL))
-+        return 0;
-+
-+    if (n != NULL) {
-+        BN_free(r->n);
-+        r->n = n;
-+    }
-+    if (e != NULL) {
-+        BN_free(r->e);
-+        r->e = e;
-+    }
-+    if (d != NULL) {
-+        BN_free(r->d);
-+        r->d = d;
-+    }
-+
-+    return 1;
-+}
-+
-+int RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q)
-+{
-+    /* If the fields p and q in r are NULL, the corresponding input
-+     * parameters MUST be non-NULL.
-+     */
-+    if ((r->p == NULL && p == NULL)
-+        || (r->q == NULL && q == NULL))
-+        return 0;
-+
-+    if (p != NULL) {
-+        BN_free(r->p);
-+        r->p = p;
-+    }
-+    if (q != NULL) {
-+        BN_free(r->q);
-+        r->q = q;
-+    }
-+
-+    return 1;
-+}
-+
-+int RSA_set0_crt_params(RSA *r, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp)
-+{
-+    /* If the fields dmp1, dmq1 and iqmp in r are NULL, the corresponding input
-+     * parameters MUST be non-NULL.
-+     */
-+    if ((r->dmp1 == NULL && dmp1 == NULL)
-+        || (r->dmq1 == NULL && dmq1 == NULL)
-+        || (r->iqmp == NULL && iqmp == NULL))
-+        return 0;
-+
-+    if (dmp1 != NULL) {
-+        BN_free(r->dmp1);
-+        r->dmp1 = dmp1;
-+    }
-+    if (dmq1 != NULL) {
-+        BN_free(r->dmq1);
-+        r->dmq1 = dmq1;
-+    }
-+    if (iqmp != NULL) {
-+        BN_free(r->iqmp);
-+        r->iqmp = iqmp;
-+    }
-+
-+    return 1;
-+}
-+
-+void RSA_get0_key(const RSA *r,
-+                  const BIGNUM **n, const BIGNUM **e, const BIGNUM **d)
-+{
-+    if (n != NULL)
-+        *n = r->n;
-+    if (e != NULL)
-+        *e = r->e;
-+    if (d != NULL)
-+        *d = r->d;
-+}
-+
-+void RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q)
-+{
-+    if (p != NULL)
-+        *p = r->p;
-+    if (q != NULL)
-+        *q = r->q;
-+}
-+
-+void RSA_get0_crt_params(const RSA *r,
-+                         const BIGNUM **dmp1, const BIGNUM **dmq1,
-+                         const BIGNUM **iqmp)
-+{
-+    if (dmp1 != NULL)
-+        *dmp1 = r->dmp1;
-+    if (dmq1 != NULL)
-+        *dmq1 = r->dmq1;
-+    if (iqmp != NULL)
-+        *iqmp = r->iqmp;
-+}
-+
-+void DSA_get0_pqg(const DSA *d,
-+                  const BIGNUM **p, const BIGNUM **q, const BIGNUM **g)
-+{
-+    if (p != NULL)
-+        *p = d->p;
-+    if (q != NULL)
-+        *q = d->q;
-+    if (g != NULL)
-+        *g = d->g;
-+}
-+
-+int DSA_set0_pqg(DSA *d, BIGNUM *p, BIGNUM *q, BIGNUM *g)
-+{
-+    /* If the fields p, q and g in d are NULL, the corresponding input
-+     * parameters MUST be non-NULL.
-+     */
-+    if ((d->p == NULL && p == NULL)
-+        || (d->q == NULL && q == NULL)
-+        || (d->g == NULL && g == NULL))
-+        return 0;
-+
-+    if (p != NULL) {
-+        BN_free(d->p);
-+        d->p = p;
-+    }
-+    if (q != NULL) {
-+        BN_free(d->q);
-+        d->q = q;
-+    }
-+    if (g != NULL) {
-+        BN_free(d->g);
-+        d->g = g;
-+    }
-+
-+    return 1;
-+}
-+
-+void DSA_get0_key(const DSA *d,
-+                  const BIGNUM **pub_key, const BIGNUM **priv_key)
-+{
-+    if (pub_key != NULL)
-+        *pub_key = d->pub_key;
-+    if (priv_key != NULL)
-+        *priv_key = d->priv_key;
-+}
-+
-+int DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key)
-+{
-+    /* If the field pub_key in d is NULL, the corresponding input
-+     * parameters MUST be non-NULL.  The priv_key field may
-+     * be left NULL.
-+     */
-+    if (d->pub_key == NULL && pub_key == NULL)
-+        return 0;
-+
-+    if (pub_key != NULL) {
-+        BN_free(d->pub_key);
-+        d->pub_key = pub_key;
-+    }
-+    if (priv_key != NULL) {
-+        BN_free(d->priv_key);
-+        d->priv_key = priv_key;
-+    }
-+
-+    return 1;
-+}
-+
-+void DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps)
-+{
-+    if (pr != NULL)
-+        *pr = sig->r;
-+    if (ps != NULL)
-+        *ps = sig->s;
-+}
-+
-+int DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s)
-+{
-+    if (r == NULL || s == NULL)
-+        return 0;
-+    BN_clear_free(sig->r);
-+    BN_clear_free(sig->s);
-+    sig->r = r;
-+    sig->s = s;
-+    return 1;
-+}
-+
-+void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps)
-+{
-+    if (pr != NULL)
-+        *pr = sig->r;
-+    if (ps != NULL)
-+        *ps = sig->s;
-+}
-+
-+int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s)
-+{
-+    if (r == NULL || s == NULL)
-+        return 0;
-+    BN_clear_free(sig->r);
-+    BN_clear_free(sig->s);
-+    sig->r = r;
-+    sig->s = s;
-+    return 1;
-+}
-+
-+void DH_get0_pqg(const DH *dh,
-+                 const BIGNUM **p, const BIGNUM **q, const BIGNUM **g)
-+{
-+    if (p != NULL)
-+        *p = dh->p;
-+    if (q != NULL)
-+        *q = dh->q;
-+    if (g != NULL)
-+        *g = dh->g;
-+}
-+
-+int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g)
-+{
-+    /* If the fields p and g in d are NULL, the corresponding input
-+     * parameters MUST be non-NULL.  q may remain NULL.
-+     */
-+    if ((dh->p == NULL && p == NULL)
-+        || (dh->g == NULL && g == NULL))
-+        return 0;
-+
-+    if (p != NULL) {
-+        BN_free(dh->p);
-+        dh->p = p;
-+    }
-+    if (q != NULL) {
-+        BN_free(dh->q);
-+        dh->q = q;
-+    }
-+    if (g != NULL) {
-+        BN_free(dh->g);
-+        dh->g = g;
-+    }
-+
-+    if (q != NULL) {
-+        dh->length = BN_num_bits(q);
-+    }
-+
-+    return 1;
-+}
-+
-+void DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key)
-+{
-+    if (pub_key != NULL)
-+        *pub_key = dh->pub_key;
-+    if (priv_key != NULL)
-+        *priv_key = dh->priv_key;
-+}
-+
-+int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key)
-+{
-+    /* If the field pub_key in dh is NULL, the corresponding input
-+     * parameters MUST be non-NULL.  The priv_key field may
-+     * be left NULL.
-+     */
-+    if (dh->pub_key == NULL && pub_key == NULL)
-+        return 0;
-+
-+    if (pub_key != NULL) {
-+        BN_free(dh->pub_key);
-+        dh->pub_key = pub_key;
-+    }
-+    if (priv_key != NULL) {
-+        BN_free(dh->priv_key);
-+        dh->priv_key = priv_key;
-+    }
-+
-+    return 1;
-+}
-+
-+int DH_set_length(DH *dh, long length)
-+{
-+    dh->length = length;
-+    return 1;
-+}
-+
-+const unsigned char *EVP_CIPHER_CTX_iv(const EVP_CIPHER_CTX *ctx)
-+{
-+    return ctx->iv;
-+}
-+
-+unsigned char *EVP_CIPHER_CTX_iv_noconst(EVP_CIPHER_CTX *ctx)
-+{
-+    return ctx->iv;
-+}
-+
-+EVP_MD_CTX *EVP_MD_CTX_new(void)
-+{
-+    return OPENSSL_zalloc(sizeof(EVP_MD_CTX));
-+}
-+
-+void EVP_MD_CTX_free(EVP_MD_CTX *ctx)
-+{
-+    EVP_MD_CTX_cleanup(ctx);
-+    OPENSSL_free(ctx);
-+}
-+
-+RSA_METHOD *RSA_meth_dup(const RSA_METHOD *meth)
-+{
-+    RSA_METHOD *ret;
-+
-+    ret = OPENSSL_malloc(sizeof(RSA_METHOD));
-+
-+    if (ret != NULL) {
-+        memcpy(ret, meth, sizeof(*meth));
-+        ret->name = OPENSSL_strdup(meth->name);
-+        if (ret->name == NULL) {
-+            OPENSSL_free(ret);
-+            return NULL;
-+        }
-+    }
-+
-+    return ret;
-+}
-+
-+int RSA_meth_set1_name(RSA_METHOD *meth, const char *name)
-+{
-+    char *tmpname;
-+
-+    tmpname = OPENSSL_strdup(name);
-+    if (tmpname == NULL) {
-+        return 0;
-+    }
-+
-+    OPENSSL_free((char *)meth->name);
-+    meth->name = tmpname;
-+
-+    return 1;
-+}
-+
-+int RSA_meth_set_priv_enc(RSA_METHOD *meth,
-+                          int (*priv_enc) (int flen, const unsigned char *from,
-+                                           unsigned char *to, RSA *rsa,
-+                                           int padding))
-+{
-+    meth->rsa_priv_enc = priv_enc;
-+    return 1;
-+}
-+
-+int RSA_meth_set_priv_dec(RSA_METHOD *meth,
-+                          int (*priv_dec) (int flen, const unsigned char *from,
-+                                           unsigned char *to, RSA *rsa,
-+                                           int padding))
-+{
-+    meth->rsa_priv_dec = priv_dec;
-+    return 1;
-+}
-+
-+int RSA_meth_set_finish(RSA_METHOD *meth, int (*finish) (RSA *rsa))
-+{
-+    meth->finish = finish;
-+    return 1;
-+}
-+
-+void RSA_meth_free(RSA_METHOD *meth)
-+{
-+    if (meth != NULL) {
-+        OPENSSL_free((char *)meth->name);
-+        OPENSSL_free(meth);
-+    }
-+}
-+
-+int RSA_bits(const RSA *r)
-+{
-+    return (BN_num_bits(r->n));
-+}
-+
-+RSA *EVP_PKEY_get0_RSA(EVP_PKEY *pkey)
-+{
-+    if (pkey->type != EVP_PKEY_RSA) {
-+        return NULL;
-+    }
-+    return pkey->pkey.rsa;
-+}
-+
-+
-+#endif /* OPENSSL_VERSION_NUMBER */
-diff --git a/plugins/qca-ossl/libcrypto-compat.h b/plugins/qca-ossl/libcrypto-compat.h
-index e69de29..057f1fe 100644
---- a/plugins/qca-ossl/libcrypto-compat.h
-+++ b/plugins/qca-ossl/libcrypto-compat.h
-@@ -0,0 +1,57 @@
-+#ifndef LIBCRYPTO_COMPAT_H
-+#define LIBCRYPTO_COMPAT_H
-+
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+
-+#include <openssl/rsa.h>
-+#include <openssl/dsa.h>
-+#include <openssl/ecdsa.h>
-+#include <openssl/dh.h>
-+#include <openssl/evp.h>
-+
-+int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d);
-+int RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q);
-+int RSA_set0_crt_params(RSA *r, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp);
-+void RSA_get0_key(const RSA *r, const BIGNUM **n, const BIGNUM **e, const BIGNUM **d);
-+void RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q);
-+void RSA_get0_crt_params(const RSA *r, const BIGNUM **dmp1, const BIGNUM **dmq1, const BIGNUM **iqmp);
-+
-+void DSA_get0_pqg(const DSA *d, const BIGNUM **p, const BIGNUM **q, const BIGNUM **g);
-+int DSA_set0_pqg(DSA *d, BIGNUM *p, BIGNUM *q, BIGNUM *g);
-+void DSA_get0_key(const DSA *d, const BIGNUM **pub_key, const BIGNUM **priv_key);
-+int DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key);
-+
-+void DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps);
-+int DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s);
-+
-+void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps);
-+int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s);
-+
-+void DH_get0_pqg(const DH *dh, const BIGNUM **p, const BIGNUM **q, const BIGNUM **g);
-+int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g);
-+void DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key);
-+int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key);
-+int DH_set_length(DH *dh, long length);
-+
-+const unsigned char *EVP_CIPHER_CTX_iv(const EVP_CIPHER_CTX *ctx);
-+unsigned char *EVP_CIPHER_CTX_iv_noconst(EVP_CIPHER_CTX *ctx);
-+EVP_MD_CTX *EVP_MD_CTX_new(void);
-+void EVP_MD_CTX_free(EVP_MD_CTX *ctx);
-+#define EVP_CIPHER_impl_ctx_size(e) e->ctx_size
-+#define EVP_CIPHER_CTX_get_cipher_data(ctx) ctx->cipher_data
-+
-+RSA_METHOD *RSA_meth_dup(const RSA_METHOD *meth);
-+int RSA_meth_set1_name(RSA_METHOD *meth, const char *name);
-+#define RSA_meth_get_finish(meth) meth->finish
-+int RSA_meth_set_priv_enc(RSA_METHOD *meth, int (*priv_enc) (int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding));
-+int RSA_meth_set_priv_dec(RSA_METHOD *meth, int (*priv_dec) (int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding));
-+int RSA_meth_set_finish(RSA_METHOD *meth, int (*finish) (RSA *rsa));
-+void RSA_meth_free(RSA_METHOD *meth);
-+
-+int RSA_bits(const RSA *r);
-+
-+RSA *EVP_PKEY_get0_RSA(EVP_PKEY *pkey);
-+
-+#endif /* OPENSSL_VERSION_NUMBER */
-+
-+#endif /* LIBCRYPTO_COMPAT_H */
-diff --git a/plugins/qca-ossl/qca-ossl.cpp b/plugins/qca-ossl/qca-ossl.cpp
-index f0b9431..d961ad9 100644
---- a/plugins/qca-ossl/qca-ossl.cpp
-+++ b/plugins/qca-ossl/qca-ossl.cpp
-@@ -1,6 +1,7 @@
- /*
-  * Copyright (C) 2004-2007  Justin Karneges <justin at affinix.com>
-  * Copyright (C) 2004-2006  Brad Hards <bradh at frogmouth.net>
-+ * Copyright (C) 2017       Fabian Vogt <fabian at ritter-vogt.de>
-  *
-  * This library is free software; you can redistribute it and/or
-  * modify it under the terms of the GNU Lesser General Public
-@@ -38,6 +39,10 @@
- #include <openssl/pkcs12.h>
- #include <openssl/ssl.h>
- 
-+extern "C" {
-+#include "libcrypto-compat.h"
-+}
-+
- #ifndef OSSL_097
- // comment this out if you'd rather use openssl 0.9.6
- #define OSSL_097
-@@ -52,6 +57,73 @@
- 	((_STACK*) (1 ? p : (type*)0))
- #endif
- 
-+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
-+    #define OSSL_110
-+#endif
-+
-+// OpenSSL 1.1.0 compatibility macros
-+#ifdef OSSL_110
-+#define M_ASN1_IA5STRING_new() ASN1_IA5STRING_new()
-+#else
-+static HMAC_CTX *HMAC_CTX_new() { return new HMAC_CTX(); }
-+static void HMAC_CTX_free(HMAC_CTX *x) { free(x); }
-+static void EVP_PKEY_up_ref(EVP_PKEY *x) { CRYPTO_add(&x->references, 1, CRYPTO_LOCK_EVP_PKEY); }
-+static void X509_up_ref(X509 *x) { CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509); }
-+static void X509_CRL_up_ref(X509_CRL *x) { CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509_CRL); }
-+static DSA *EVP_PKEY_get0_DSA(EVP_PKEY *x) { return x->pkey.dsa; }
-+static DH *EVP_PKEY_get0_DH(EVP_PKEY *x) { return x->pkey.dh; }
-+static int RSA_meth_set_sign(RSA_METHOD *meth,
-+                      int (*sign) (int type, const unsigned char *m,
-+                                   unsigned int m_length,
-+                                   unsigned char *sigret, unsigned int *siglen,
-+                                   const RSA *rsa))
-+{
-+    meth->rsa_sign = sign;
-+    return 1;
-+}
-+int RSA_meth_set_verify(RSA_METHOD *meth,
-+                        int (*verify) (int dtype, const unsigned char *m,
-+                                       unsigned int m_length,
-+                                       const unsigned char *sigbuf,
-+                                       unsigned int siglen, const RSA *rsa))
-+{
-+    meth->rsa_verify = verify;
-+    return 1;
-+}
-+void X509_REQ_get0_signature(const X509_REQ *req, const ASN1_BIT_STRING **psig,
-+                             const X509_ALGOR **palg)
-+{
-+    if (psig != NULL)
-+        *psig = req->signature;
-+    if (palg != NULL)
-+        *palg = req->sig_alg;
-+}
-+int X509_REQ_get_signature_nid(const X509_REQ *req)
-+{
-+    return OBJ_obj2nid(req->sig_alg->algorithm);
-+}
-+void X509_CRL_get0_signature(const X509_CRL *crl, const ASN1_BIT_STRING **psig,
-+                             const X509_ALGOR **palg)
-+{
-+    if (psig != NULL)
-+        *psig = crl->signature;
-+    if (palg != NULL)
-+        *palg = crl->sig_alg;
-+}
-+int X509_CRL_get_signature_nid(const X509_CRL *crl)
-+{
-+    return OBJ_obj2nid(crl->sig_alg->algorithm);
-+}
-+const ASN1_INTEGER *X509_REVOKED_get0_serialNumber(const X509_REVOKED *x)
-+{
-+    return x->serialNumber;
-+}
-+const ASN1_TIME *X509_REVOKED_get0_revocationDate(const X509_REVOKED *x)
-+{
-+    return x->revocationDate;
-+}
-+#endif
-+
- using namespace QCA;
- 
- namespace opensslQCAPlugin {
-@@ -93,7 +165,7 @@ static QByteArray bio2ba(BIO *b)
- 	return buf;
- }
- 
--static BigInteger bn2bi(BIGNUM *n)
-+static BigInteger bn2bi(const BIGNUM *n)
- {
- 	SecureArray buf(BN_num_bytes(n) + 1);
- 	buf[0] = 0; // positive
-@@ -109,7 +181,7 @@ static BIGNUM *bi2bn(const BigInteger &n)
- 
- // take lowest bytes of BIGNUM to fit
- // pad with high byte zeroes to fit
--static SecureArray bn2fixedbuf(BIGNUM *n, int size)
-+static SecureArray bn2fixedbuf(const BIGNUM *n, int size)
- {
- 	SecureArray buf(BN_num_bytes(n));
- 	BN_bn2bin(n, (unsigned char *)buf.data());
-@@ -127,8 +199,16 @@ static SecureArray dsasig_der_to_raw(const SecureArray &in)
- 	const unsigned char *inp = (const unsigned char *)in.data();
- 	d2i_DSA_SIG(&sig, &inp, in.size());
- 
--	SecureArray part_r = bn2fixedbuf(sig->r, 20);
--	SecureArray part_s = bn2fixedbuf(sig->s, 20);
-+	const BIGNUM *bnr, *bns;
-+
-+#ifdef OSSL_110
-+	DSA_SIG_get0(sig, &bnr, &bns);
-+#else
-+	bnr = sig->r; bns = sig->s;
-+#endif
-+
-+	SecureArray part_r = bn2fixedbuf(bnr, 20);
-+	SecureArray part_s = bn2fixedbuf(bns, 20);
- 	SecureArray result;
- 	result.append(part_r);
- 	result.append(part_s);
-@@ -143,12 +223,20 @@ static SecureArray dsasig_raw_to_der(const SecureArray &in)
- 		return SecureArray();
- 
- 	DSA_SIG *sig = DSA_SIG_new();
--	SecureArray part_r(20);
--	SecureArray part_s(20);
-+	SecureArray part_r(20); BIGNUM *bnr;
-+	SecureArray part_s(20); BIGNUM *bns;
- 	memcpy(part_r.data(), in.data(), 20);
- 	memcpy(part_s.data(), in.data() + 20, 20);
--	sig->r = BN_bin2bn((const unsigned char *)part_r.data(), part_r.size(), NULL);
--	sig->s = BN_bin2bn((const unsigned char *)part_s.data(), part_s.size(), NULL);
-+	bnr = BN_bin2bn((const unsigned char *)part_r.data(), part_r.size(), NULL);
-+	bns = BN_bin2bn((const unsigned char *)part_s.data(), part_s.size(), NULL);
-+
-+#ifdef OSSL_110
-+	if(DSA_SIG_set0(sig, bnr, bns) == 0)
-+		return SecureArray();
-+	// Not documented what happens in the failure case, free bnr and bns?
-+#else
-+	sig->r = bnr; sig->s = bns;
-+#endif
- 
- 	int len = i2d_DSA_SIG(sig, NULL);
- 	SecureArray result(len);
-@@ -1004,29 +1092,39 @@ public:
- 	opensslHashContext(const EVP_MD *algorithm, Provider *p, const QString &type) : HashContext(p, type)
- 	{
- 		m_algorithm = algorithm;
--		EVP_DigestInit( &m_context, m_algorithm );
-+		m_context = EVP_MD_CTX_new();
-+		EVP_DigestInit( m_context, m_algorithm );
-+	}
-+
-+	opensslHashContext(const opensslHashContext &other)
-+	    : HashContext(other)
-+	{
-+		m_algorithm = other.m_algorithm;
-+		m_context = EVP_MD_CTX_new();
-+		EVP_MD_CTX_copy_ex(m_context, other.m_context);
- 	}
- 
- 	~opensslHashContext()
- 	{
--		EVP_MD_CTX_cleanup(&m_context);
-+		EVP_MD_CTX_free(m_context);
- 	}
- 
- 	void clear()
- 	{
--		EVP_MD_CTX_cleanup(&m_context);
--		EVP_DigestInit( &m_context, m_algorithm );
-+		EVP_MD_CTX_free(m_context);
-+		m_context = EVP_MD_CTX_new();
-+		EVP_DigestInit( m_context, m_algorithm );
- 	}
- 
- 	void update(const MemoryRegion &a)
- 	{
--		EVP_DigestUpdate( &m_context, (unsigned char*)a.data(), a.size() );
-+		EVP_DigestUpdate( m_context, (unsigned char*)a.data(), a.size() );
- 	}
- 
- 	MemoryRegion final()
- 	{
- 		SecureArray a( EVP_MD_size( m_algorithm ) );
--		EVP_DigestFinal( &m_context, (unsigned char*)a.data(), 0 );
-+		EVP_DigestFinal( m_context, (unsigned char*)a.data(), 0 );
- 		return a;
- 	}
- 
-@@ -1037,7 +1135,7 @@ public:
- 
- protected:
- 	const EVP_MD *m_algorithm;
--	EVP_MD_CTX m_context;
-+	EVP_MD_CTX *m_context;
- };
- 
- 
-@@ -1047,7 +1145,21 @@ public:
- 	opensslPbkdf1Context(const EVP_MD *algorithm, Provider *p, const QString &type) : KDFContext(p, type)
- 	{
- 		m_algorithm = algorithm;
--		EVP_DigestInit( &m_context, m_algorithm );
-+		m_context = EVP_MD_CTX_new();
-+		EVP_DigestInit( m_context, m_algorithm );
-+	}
-+
-+	opensslPbkdf1Context(const opensslPbkdf1Context &other)
-+	    : KDFContext(other)
-+	{
-+		m_algorithm = other.m_algorithm;
-+		m_context = EVP_MD_CTX_new();
-+		EVP_MD_CTX_copy(m_context, other.m_context);
-+	}
-+
-+	~opensslPbkdf1Context()
-+	{
-+		EVP_MD_CTX_free(m_context);
- 	}
- 
- 	Provider::Context *clone() const
-@@ -1081,16 +1193,16 @@ public:
- 		  DK = Tc<0..dkLen-1>
- 		*/
- 		// calculate T_1
--		EVP_DigestUpdate( &m_context, (unsigned char*)secret.data(), secret.size() );
--		EVP_DigestUpdate( &m_context, (unsigned char*)salt.data(), salt.size() );
-+		EVP_DigestUpdate( m_context, (unsigned char*)secret.data(), secret.size() );
-+		EVP_DigestUpdate( m_context, (unsigned char*)salt.data(), salt.size() );
- 		SecureArray a( EVP_MD_size( m_algorithm ) );
--		EVP_DigestFinal( &m_context, (unsigned char*)a.data(), 0 );
-+		EVP_DigestFinal( m_context, (unsigned char*)a.data(), 0 );
- 
- 		// calculate T_2 up to T_c
- 		for ( unsigned int i = 2; i <= iterationCount; ++i ) {
--			EVP_DigestInit( &m_context, m_algorithm );
--			EVP_DigestUpdate( &m_context, (unsigned char*)a.data(), a.size() );
--			EVP_DigestFinal( &m_context, (unsigned char*)a.data(), 0 );
-+			EVP_DigestInit( m_context, m_algorithm );
-+			EVP_DigestUpdate( m_context, (unsigned char*)a.data(), a.size() );
-+			EVP_DigestFinal( m_context, (unsigned char*)a.data(), 0 );
- 		}
- 
- 		// shrink a to become DK, of the required length
-@@ -1136,19 +1248,19 @@ public:
- 		  DK = Tc<0..dkLen-1>
- 		*/
- 		// calculate T_1
--		EVP_DigestUpdate( &m_context, (unsigned char*)secret.data(), secret.size() );
--		EVP_DigestUpdate( &m_context, (unsigned char*)salt.data(), salt.size() );
-+		EVP_DigestUpdate( m_context, (unsigned char*)secret.data(), secret.size() );
-+		EVP_DigestUpdate( m_context, (unsigned char*)salt.data(), salt.size() );
- 		SecureArray a( EVP_MD_size( m_algorithm ) );
--		EVP_DigestFinal( &m_context, (unsigned char*)a.data(), 0 );
-+		EVP_DigestFinal( m_context, (unsigned char*)a.data(), 0 );
- 
- 		// calculate T_2 up to T_c
- 		*iterationCount = 2 - 1;	// <- Have to remove 1, unless it computes one
- 		timer.start();				// ^  time more than the base function
- 									// ^  with the same iterationCount
- 		while (timer.elapsed() < msecInterval) {
--			EVP_DigestInit( &m_context, m_algorithm );
--			EVP_DigestUpdate( &m_context, (unsigned char*)a.data(), a.size() );
--			EVP_DigestFinal( &m_context, (unsigned char*)a.data(), 0 );
-+			EVP_DigestInit( m_context, m_algorithm );
-+			EVP_DigestUpdate( m_context, (unsigned char*)a.data(), a.size() );
-+			EVP_DigestFinal( m_context, (unsigned char*)a.data(), 0 );
- 			++(*iterationCount);
- 		}
- 
-@@ -1163,7 +1275,7 @@ public:
- 
- protected:
- 	const EVP_MD *m_algorithm;
--	EVP_MD_CTX m_context;
-+	EVP_MD_CTX *m_context;
- };
- 
- class opensslPbkdf2Context : public KDFContext
-@@ -1231,12 +1343,28 @@ public:
- 	opensslHMACContext(const EVP_MD *algorithm, Provider *p, const QString &type) : MACContext(p, type)
- 	{
- 		m_algorithm = algorithm;
--		HMAC_CTX_init( &m_context );
-+		m_context = HMAC_CTX_new();
-+#ifndef OSSL_110
-+		HMAC_CTX_init( m_context );
-+#endif
-+	}
-+
-+	opensslHMACContext(const opensslHMACContext &other)
-+	    : MACContext(other)
-+	{
-+		m_algorithm = other.m_algorithm;
-+		m_context = HMAC_CTX_new();
-+		HMAC_CTX_copy(m_context, other.m_context);
-+	}
-+
-+	~opensslHMACContext()
-+	{
-+		HMAC_CTX_free(m_context);
- 	}
- 
- 	void setup(const SymmetricKey &key)
- 	{
--		HMAC_Init_ex( &m_context, key.data(), key.size(), m_algorithm, 0 );
-+		HMAC_Init_ex( m_context, key.data(), key.size(), m_algorithm, 0 );
- 	}
- 
- 	KeyLength keyLength() const
-@@ -1246,14 +1374,18 @@ public:
- 
- 	void update(const MemoryRegion &a)
- 	{
--		HMAC_Update( &m_context, (unsigned char *)a.data(), a.size() );
-+		HMAC_Update( m_context, (unsigned char *)a.data(), a.size() );
- 	}
- 
- 	void final(MemoryRegion *out)
- 	{
- 		SecureArray sa( EVP_MD_size( m_algorithm ), 0 );
--		HMAC_Final(&m_context, (unsigned char *)sa.data(), 0 );
--		HMAC_CTX_cleanup(&m_context);
-+		HMAC_Final(m_context, (unsigned char *)sa.data(), 0 );
-+#ifdef OSSL_110
-+		HMAC_CTX_reset(m_context);
-+#else
-+		HMAC_CTX_cleanup(m_context);
-+#endif
- 		*out = sa;
- 	}
- 
-@@ -1263,7 +1395,7 @@ public:
- 	}
- 
- protected:
--	HMAC_CTX m_context;
-+	HMAC_CTX *m_context;
- 	const EVP_MD *m_algorithm;
- };
- 
-@@ -1277,7 +1409,7 @@ class EVPKey
- public:
- 	enum State { Idle, SignActive, SignError, VerifyActive, VerifyError };
- 	EVP_PKEY *pkey;
--	EVP_MD_CTX mdctx;
-+	EVP_MD_CTX *mdctx;
- 	State state;
- 	bool raw_type;
- 	SecureArray raw;
-@@ -1287,19 +1419,23 @@ public:
- 		pkey = 0;
- 		raw_type = false;
- 		state = Idle;
-+		mdctx = EVP_MD_CTX_new();
- 	}
- 
- 	EVPKey(const EVPKey &from)
- 	{
- 		pkey = from.pkey;
--		CRYPTO_add(&pkey->references, 1, CRYPTO_LOCK_EVP_PKEY);
-+		EVP_PKEY_up_ref(pkey);
- 		raw_type = false;
- 		state = Idle;
-+		mdctx = EVP_MD_CTX_new();
-+		EVP_MD_CTX_copy(mdctx, from.mdctx);
- 	}
- 
- 	~EVPKey()
- 	{
- 		reset();
-+		EVP_MD_CTX_free(mdctx);
- 	}
- 
- 	void reset()
-@@ -1322,8 +1458,8 @@ public:
- 		else
- 		{
- 			raw_type = false;
--			EVP_MD_CTX_init(&mdctx);
--			if(!EVP_SignInit_ex(&mdctx, type, NULL))
-+			EVP_MD_CTX_init(mdctx);
-+			if(!EVP_SignInit_ex(mdctx, type, NULL))
- 				state = SignError;
- 		}
- 	}
-@@ -1339,8 +1475,8 @@ public:
- 		else
- 		{
- 			raw_type = false;
--			EVP_MD_CTX_init(&mdctx);
--			if(!EVP_VerifyInit_ex(&mdctx, type, NULL))
-+			EVP_MD_CTX_init(mdctx);
-+			if(!EVP_VerifyInit_ex(mdctx, type, NULL))
- 				state = VerifyError;
- 		}
- 	}
-@@ -1352,7 +1488,7 @@ public:
- 			if (raw_type)
- 				raw += in;
- 			else
--				if(!EVP_SignUpdate(&mdctx, in.data(), (unsigned int)in.size()))
-+				if(!EVP_SignUpdate(mdctx, in.data(), (unsigned int)in.size()))
- 					state = SignError;
- 		}
- 		else if(state == VerifyActive)
-@@ -1360,7 +1496,7 @@ public:
- 			if (raw_type)
- 				raw += in;
- 			else
--				if(!EVP_VerifyUpdate(&mdctx, in.data(), (unsigned int)in.size()))
-+				if(!EVP_VerifyUpdate(mdctx, in.data(), (unsigned int)in.size()))
- 					state = VerifyError;
- 		}
- 	}
-@@ -1373,17 +1509,24 @@ public:
- 			unsigned int len = out.size();
- 			if (raw_type)
- 			{
--				if (pkey->type == EVP_PKEY_RSA)
-+				int type;
-+#ifdef OSSL_110
-+				type = EVP_PKEY_id(pkey);
-+#else
-+				type = pkey->type;
-+#endif
-+				if (type == EVP_PKEY_RSA)
- 				{
-+					RSA *rsa = EVP_PKEY_get0_RSA(pkey);
- 					if(RSA_private_encrypt (raw.size(), (unsigned char *)raw.data(),
--											(unsigned char *)out.data(), pkey->pkey.rsa,
-+					                        (unsigned char *)out.data(), rsa,
- 											RSA_PKCS1_PADDING) == -1) {
- 
- 						state = SignError;
- 						return SecureArray ();
- 					}
- 				}
--				else if (pkey->type == EVP_PKEY_DSA)
-+				else if (type == EVP_PKEY_DSA)
- 				{
- 					state = SignError;
- 					return SecureArray ();
-@@ -1395,7 +1538,7 @@ public:
- 				}
- 			}
- 			else {
--				if(!EVP_SignFinal(&mdctx, (unsigned char *)out.data(), &len, pkey))
-+				if(!EVP_SignFinal(mdctx, (unsigned char *)out.data(), &len, pkey))
- 				{
- 					state = SignError;
- 					return SecureArray();
-@@ -1418,16 +1561,24 @@ public:
- 				SecureArray out(EVP_PKEY_size(pkey));
- 				int len = 0;
- 
--				if (pkey->type == EVP_PKEY_RSA) {
-+				int type;
-+#ifdef OSSL_110
-+				type = EVP_PKEY_type(EVP_PKEY_id(pkey));
-+#else
-+				type = pkey->type;
-+#endif
-+
-+				if (type == EVP_PKEY_RSA) {
-+					RSA *rsa = EVP_PKEY_get0_RSA(pkey);
- 					if((len = RSA_public_decrypt (sig.size(), (unsigned char *)sig.data(),
--												  (unsigned char *)out.data (), pkey->pkey.rsa,
-+					                                (unsigned char *)out.data (), rsa,
- 												  RSA_PKCS1_PADDING)) == -1) {
- 
- 						state = VerifyError;
- 						return false;
- 					}
- 				}
--				else if (pkey->type == EVP_PKEY_DSA)
-+				else if (type == EVP_PKEY_DSA)
- 				{
- 					state = VerifyError;
- 					return false;
-@@ -1447,7 +1598,7 @@ public:
- 			}
- 			else
- 			{
--				if(EVP_VerifyFinal(&mdctx, (unsigned char *)sig.data(), (unsigned int)sig.size(), pkey) != 1)
-+				if(EVP_VerifyFinal(mdctx, (unsigned char *)sig.data(), (unsigned int)sig.size(), pkey) != 1)
- 				{
- 					state = VerifyError;
- 					return false;
-@@ -1561,9 +1712,11 @@ static bool make_dlgroup(const QByteArray &seed, int bits, int counter, DLParams
- 		return false;
- 	if(ret_counter != counter)
- 		return false;
--	params->p = bn2bi(dsa->p);
--	params->q = bn2bi(dsa->q);
--	params->g = bn2bi(dsa->g);
-+	const BIGNUM *bnp, *bnq, *bng;
-+	DSA_get0_pqg(dsa, &bnp, &bnq, &bng);
-+	params->p = bn2bi(bnp);
-+	params->q = bn2bi(bnq);
-+	params->g = bn2bi(bng);
- 	DSA_free(dsa);
- 	return true;
- }
-@@ -1826,10 +1979,11 @@ public:
- 			return;
- 
- 		// extract the public key into DER format
--		int len = i2d_RSAPublicKey(evp.pkey->pkey.rsa, NULL);
-+		RSA *rsa_pkey = EVP_PKEY_get0_RSA(evp.pkey);
-+		int len = i2d_RSAPublicKey(rsa_pkey, NULL);
- 		SecureArray result(len);
- 		unsigned char *p = (unsigned char *)result.data();
--		i2d_RSAPublicKey(evp.pkey->pkey.rsa, &p);
-+		i2d_RSAPublicKey(rsa_pkey, &p);
- 		p = (unsigned char *)result.data();
- 
- 		// put the DER public key back into openssl
-@@ -1852,7 +2006,7 @@ public:
- 
- 	virtual int maximumEncryptSize(EncryptionAlgorithm alg) const
- 	{
--		RSA *rsa = evp.pkey->pkey.rsa;
-+		RSA *rsa = EVP_PKEY_get0_RSA(evp.pkey);
- 		int size = 0;
- 		switch(alg)
- 		{
-@@ -1867,7 +2021,7 @@ public:
- 
- 	virtual SecureArray encrypt(const SecureArray &in, EncryptionAlgorithm alg)
- 	{
--		RSA *rsa = evp.pkey->pkey.rsa;
-+		RSA *rsa = EVP_PKEY_get0_RSA(evp.pkey);
- 		SecureArray buf = in;
- 		int max = maximumEncryptSize(alg);
- 
-@@ -1900,7 +2054,7 @@ public:
- 
- 	virtual bool decrypt(const SecureArray &in, SecureArray *out, EncryptionAlgorithm alg)
- 	{
--		RSA *rsa = evp.pkey->pkey.rsa;
-+		RSA *rsa = EVP_PKEY_get0_RSA(evp.pkey);
- 		SecureArray result(RSA_size(rsa));
- 		int pad;
- 
-@@ -2021,14 +2175,10 @@ public:
- 		evp.reset();
- 
- 		RSA *rsa = RSA_new();
--		rsa->n = bi2bn(n);
--		rsa->e = bi2bn(e);
--		rsa->p = bi2bn(p);
--		rsa->q = bi2bn(q);
--		rsa->d = bi2bn(d);
--
--		if(!rsa->n || !rsa->e || !rsa->p || !rsa->q || !rsa->d)
-+		if(RSA_set0_key(rsa, bi2bn(n), bi2bn(e), bi2bn(d)) == 0
-+		    || RSA_set0_factors(rsa, bi2bn(p), bi2bn(q)) == 0)
- 		{
-+			// Free BIGNUMS?
- 			RSA_free(rsa);
- 			return;
- 		}
-@@ -2036,7 +2186,7 @@ public:
- 		// When private key has no Public Exponent (e) or Private Exponent (d)
- 		// need to disable blinding. Otherwise decryption will be broken.
- 		// http://www.mail-archive.com/openssl-users@openssl.org/msg63530.html
--		if(BN_is_zero(rsa->e) || BN_is_zero(rsa->d))
-+		if(e == BigInteger(0) || d == BigInteger(0))
- 			RSA_blinding_off(rsa);
- 
- 		evp.pkey = EVP_PKEY_new();
-@@ -2049,10 +2199,7 @@ public:
- 		evp.reset();
- 
- 		RSA *rsa = RSA_new();
--		rsa->n = bi2bn(n);
--		rsa->e = bi2bn(e);
--
--		if(!rsa->n || !rsa->e)
-+		if(RSA_set0_key(rsa, bi2bn(n), bi2bn(e), NULL) == 0)
- 		{
- 			RSA_free(rsa);
- 			return;
-@@ -2065,27 +2212,42 @@ public:
- 
- 	virtual BigInteger n() const
- 	{
--		return bn2bi(evp.pkey->pkey.rsa->n);
-+		RSA *rsa = EVP_PKEY_get0_RSA(evp.pkey);
-+		const BIGNUM *bnn;
-+		RSA_get0_key(rsa, &bnn, NULL, NULL);
-+		return bn2bi(bnn);
- 	}
- 
- 	virtual BigInteger e() const
- 	{
--		return bn2bi(evp.pkey->pkey.rsa->e);
-+		RSA *rsa = EVP_PKEY_get0_RSA(evp.pkey);
-+		const BIGNUM *bne;
-+		RSA_get0_key(rsa, NULL, &bne, NULL);
-+		return bn2bi(bne);
- 	}
- 
- 	virtual BigInteger p() const
- 	{
--		return bn2bi(evp.pkey->pkey.rsa->p);
-+		RSA *rsa = EVP_PKEY_get0_RSA(evp.pkey);
-+		const BIGNUM *bnp;
-+		RSA_get0_factors(rsa, &bnp, NULL);
-+		return bn2bi(bnp);
- 	}
- 
- 	virtual BigInteger q() const
- 	{
--		return bn2bi(evp.pkey->pkey.rsa->q);
-+		RSA *rsa = EVP_PKEY_get0_RSA(evp.pkey);
-+		const BIGNUM *bnq;
-+		RSA_get0_factors(rsa, NULL, &bnq);
-+		return bn2bi(bnq);
- 	}
- 
- 	virtual BigInteger d() const
- 	{
--		return bn2bi(evp.pkey->pkey.rsa->d);
-+		RSA *rsa = EVP_PKEY_get0_RSA(evp.pkey);
-+		const BIGNUM *bnd;
-+		RSA_get0_key(rsa, NULL, NULL, &bnd);
-+		return bn2bi(bnd);
- 	}
- 
- private slots:
-@@ -2134,10 +2296,12 @@ public:
- 	virtual void run()
- 	{
- 		DSA *dsa = DSA_new();
--		dsa->p = bi2bn(domain.p());
--		dsa->q = bi2bn(domain.q());
--		dsa->g = bi2bn(domain.g());
--		if(!DSA_generate_key(dsa))
-+		BIGNUM *pne = bi2bn(domain.p()),
-+		*qne = bi2bn(domain.q()),
-+		*gne = bi2bn(domain.g());
-+
-+		if(!DSA_set0_pqg(dsa, pne, qne, gne)
-+		    || !DSA_generate_key(dsa))
- 		{
- 			DSA_free(dsa);
- 			return;
-@@ -2212,10 +2376,11 @@ public:
- 			return;
- 
- 		// extract the public key into DER format
--		int len = i2d_DSAPublicKey(evp.pkey->pkey.dsa, NULL);
-+		DSA *dsa_pkey = EVP_PKEY_get0_DSA(evp.pkey);
-+		int len = i2d_DSAPublicKey(dsa_pkey, NULL);
- 		SecureArray result(len);
- 		unsigned char *p = (unsigned char *)result.data();
--		i2d_DSAPublicKey(evp.pkey->pkey.dsa, &p);
-+		i2d_DSAPublicKey(dsa_pkey, &p);
- 		p = (unsigned char *)result.data();
- 
- 		// put the DER public key back into openssl
-@@ -2244,7 +2409,7 @@ public:
- 		else
- 			transformsig = false;
- 
--		evp.startSign(EVP_dss1());
-+		evp.startSign(EVP_sha1());
- 	}
- 
- 	virtual void startVerify(SignatureAlgorithm, SignatureFormat format)
-@@ -2255,7 +2420,7 @@ public:
- 		else
- 			transformsig = false;
- 
--		evp.startVerify(EVP_dss1());
-+		evp.startVerify(EVP_sha1());
- 	}
- 
- 	virtual void update(const MemoryRegion &in)
-@@ -2305,13 +2470,14 @@ public:
- 		evp.reset();
- 
- 		DSA *dsa = DSA_new();
--		dsa->p = bi2bn(domain.p());
--		dsa->q = bi2bn(domain.q());
--		dsa->g = bi2bn(domain.g());
--		dsa->pub_key = bi2bn(y);
--		dsa->priv_key = bi2bn(x);
-+		BIGNUM *bnp = bi2bn(domain.p());
-+		BIGNUM *bnq = bi2bn(domain.q());
-+		BIGNUM *bng = bi2bn(domain.g());
-+		BIGNUM *bnpub_key = bi2bn(y);
-+		BIGNUM *bnpriv_key = bi2bn(x);
- 
--		if(!dsa->p || !dsa->q || !dsa->g || !dsa->pub_key || !dsa->priv_key)
-+		if(!DSA_set0_pqg(dsa, bnp, bnq, bng)
-+		    || !DSA_set0_key(dsa, bnpub_key, bnpriv_key))
- 		{
- 			DSA_free(dsa);
- 			return;
-@@ -2327,12 +2493,13 @@ public:
- 		evp.reset();
- 
- 		DSA *dsa = DSA_new();
--		dsa->p = bi2bn(domain.p());
--		dsa->q = bi2bn(domain.q());
--		dsa->g = bi2bn(domain.g());
--		dsa->pub_key = bi2bn(y);
-+		BIGNUM *bnp = bi2bn(domain.p());
-+		BIGNUM *bnq = bi2bn(domain.q());
-+		BIGNUM *bng = bi2bn(domain.g());
-+		BIGNUM *bnpub_key = bi2bn(y);
- 
--		if(!dsa->p || !dsa->q || !dsa->g || !dsa->pub_key)
-+		if(!DSA_set0_pqg(dsa, bnp, bnq, bng)
-+		    || !DSA_set0_key(dsa, bnpub_key, NULL))
- 		{
- 			DSA_free(dsa);
- 			return;
-@@ -2345,17 +2512,26 @@ public:
- 
- 	virtual DLGroup domain() const
- 	{
--		return DLGroup(bn2bi(evp.pkey->pkey.dsa->p), bn2bi(evp.pkey->pkey.dsa->q), bn2bi(evp.pkey->pkey.dsa->g));
-+		DSA *dsa = EVP_PKEY_get0_DSA(evp.pkey);
-+		const BIGNUM *bnp, *bnq, *bng;
-+		DSA_get0_pqg(dsa, &bnp, &bnq, &bng);
-+		return DLGroup(bn2bi(bnp), bn2bi(bnq), bn2bi(bng));
- 	}
- 
- 	virtual BigInteger y() const
- 	{
--		return bn2bi(evp.pkey->pkey.dsa->pub_key);
-+		DSA *dsa = EVP_PKEY_get0_DSA(evp.pkey);
-+		const BIGNUM *bnpub_key;
-+		DSA_get0_key(dsa, &bnpub_key, NULL);
-+		return bn2bi(bnpub_key);
- 	}
- 
- 	virtual BigInteger x() const
- 	{
--		return bn2bi(evp.pkey->pkey.dsa->priv_key);
-+		DSA *dsa = EVP_PKEY_get0_DSA(evp.pkey);
-+		const BIGNUM *bnpriv_key;
-+		DSA_get0_key(dsa, NULL, &bnpriv_key);
-+		return bn2bi(bnpriv_key);
- 	}
- 
- private slots:
-@@ -2404,9 +2580,10 @@ public:
- 	virtual void run()
- 	{
- 		DH *dh = DH_new();
--		dh->p = bi2bn(domain.p());
--		dh->g = bi2bn(domain.g());
--		if(!DH_generate_key(dh))
-+		BIGNUM *bnp = bi2bn(domain.p());
-+		BIGNUM *bng = bi2bn(domain.g());
-+		if(!DH_set0_pqg(dh, bnp, NULL, bng)
-+		        || !DH_generate_key(dh))
- 		{
- 			DH_free(dh);
- 			return;
-@@ -2478,11 +2655,14 @@ public:
- 		if(!sec)
- 			return;
- 
--		DH *orig = evp.pkey->pkey.dh;
-+		DH *orig = EVP_PKEY_get0_DH(evp.pkey);
- 		DH *dh = DH_new();
--		dh->p = BN_dup(orig->p);
--		dh->g = BN_dup(orig->g);
--		dh->pub_key = BN_dup(orig->pub_key);
-+		const BIGNUM *bnp, *bng, *bnpub_key;
-+		DH_get0_pqg(orig, &bnp, NULL, &bng);
-+		DH_get0_key(orig, &bnpub_key, NULL);
-+
-+		DH_set0_key(dh, BN_dup(bnpub_key), NULL);
-+		DH_set0_pqg(dh, BN_dup(bnp), NULL, BN_dup(bng));
- 
- 		evp.reset();
- 
-@@ -2498,10 +2678,13 @@ public:
- 
- 	virtual SymmetricKey deriveKey(const PKeyBase &theirs)
- 	{
--		DH *dh = evp.pkey->pkey.dh;
--		DH *them = static_cast<const DHKey *>(&theirs)->evp.pkey->pkey.dh;
-+		DH *dh = EVP_PKEY_get0_DH(evp.pkey);
-+		DH *them = EVP_PKEY_get0_DH(static_cast<const DHKey *>(&theirs)->evp.pkey);
-+		const BIGNUM *bnpub_key;
-+		DH_get0_key(them, &bnpub_key, NULL);
-+
- 		SecureArray result(DH_size(dh));
--		int ret = DH_compute_key((unsigned char *)result.data(), them->pub_key, dh);
-+		int ret = DH_compute_key((unsigned char *)result.data(), bnpub_key, dh);
- 		if(ret <= 0)
- 			return SymmetricKey();
- 		result.resize(ret);
-@@ -2531,12 +2714,13 @@ public:
- 		evp.reset();
- 
- 		DH *dh = DH_new();
--		dh->p = bi2bn(domain.p());
--		dh->g = bi2bn(domain.g());
--		dh->pub_key = bi2bn(y);
--		dh->priv_key = bi2bn(x);
-+		BIGNUM *bnp = bi2bn(domain.p());
-+		BIGNUM *bng = bi2bn(domain.g());
-+		BIGNUM *bnpub_key = bi2bn(y);
-+		BIGNUM *bnpriv_key = bi2bn(x);
- 
--		if(!dh->p || !dh->g || !dh->pub_key || !dh->priv_key)
-+		if(!DH_set0_key(dh, bnpub_key, bnpriv_key)
-+		    || !DH_set0_pqg(dh, bnp, NULL, bng))
- 		{
- 			DH_free(dh);
- 			return;
-@@ -2552,11 +2736,12 @@ public:
- 		evp.reset();
- 
- 		DH *dh = DH_new();
--		dh->p = bi2bn(domain.p());
--		dh->g = bi2bn(domain.g());
--		dh->pub_key = bi2bn(y);
-+		BIGNUM *bnp = bi2bn(domain.p());
-+		BIGNUM *bng = bi2bn(domain.g());
-+		BIGNUM *bnpub_key = bi2bn(y);
- 
--		if(!dh->p || !dh->g || !dh->pub_key)
-+        if(!DH_set0_key(dh, bnpub_key, NULL)
-+                || !DH_set0_pqg(dh, bnp, NULL, bng))
- 		{
- 			DH_free(dh);
- 			return;
-@@ -2569,17 +2754,26 @@ public:
- 
- 	virtual DLGroup domain() const
- 	{
--		return DLGroup(bn2bi(evp.pkey->pkey.dh->p), bn2bi(evp.pkey->pkey.dh->g));
-+		DH *dh = EVP_PKEY_get0_DH(evp.pkey);
-+		const BIGNUM *bnp, *bng;
-+		DH_get0_pqg(dh, &bnp, NULL, &bng);
-+		return DLGroup(bn2bi(bnp), bn2bi(bng));
- 	}
- 
- 	virtual BigInteger y() const
- 	{
--		return bn2bi(evp.pkey->pkey.dh->pub_key);
-+		DH *dh = EVP_PKEY_get0_DH(evp.pkey);
-+		const BIGNUM *bnpub_key;
-+		DH_get0_key(dh, &bnpub_key, NULL);
-+		return bn2bi(bnpub_key);
- 	}
- 
- 	virtual BigInteger x() const
- 	{
--		return bn2bi(evp.pkey->pkey.dh->priv_key);
-+		DH *dh = EVP_PKEY_get0_DH(evp.pkey);
-+		const BIGNUM *bnpriv_key;
-+		DH_get0_key(dh, NULL, &bnpriv_key);
-+		return bn2bi(bnpriv_key);
- 	}
- 
- private slots:
-@@ -2618,10 +2812,14 @@ public:
- 	{
- 		key = _key;
- 		RSA_set_method(rsa, rsa_method());
-+#ifndef OSSL_110
- 		rsa->flags |= RSA_FLAG_SIGN_VER;
-+#endif
- 		RSA_set_app_data(rsa, this);
--		rsa->n = bi2bn(_key.n());
--		rsa->e = bi2bn(_key.e());
-+		BIGNUM *bnn = bi2bn(_key.n());
-+		BIGNUM *bne = bi2bn(_key.e());
-+
-+		RSA_set0_key(rsa, bnn, bne, NULL);
- 	}
- 
- 	RSA_METHOD *rsa_method()
-@@ -2630,12 +2828,16 @@ public:
- 
- 		if(!ops)
- 		{
--			ops = new RSA_METHOD(*RSA_get_default_method());
--			ops->rsa_priv_enc = 0;//pkcs11_rsa_encrypt;
--			ops->rsa_priv_dec = rsa_priv_dec;
--			ops->rsa_sign = rsa_sign;
--			ops->rsa_verify = 0;//pkcs11_rsa_verify;
--			ops->finish = rsa_finish;
-+			ops = RSA_meth_dup(RSA_get_default_method());
-+			RSA_meth_set_priv_enc(ops, NULL); //pkcs11_rsa_encrypt
-+			RSA_meth_set_priv_dec(ops, rsa_priv_dec); //pkcs11_rsa_encrypt
-+#ifdef OSSL_110
-+			RSA_meth_set_sign(ops, NULL);
-+#else
-+			RSA_meth_set_sign(ops, rsa_sign);
-+#endif
-+			RSA_meth_set_verify(ops, NULL); //pkcs11_rsa_verify
-+			RSA_meth_set_finish(ops, rsa_finish);
- 		}
- 		return ops;
- 	}
-@@ -2654,7 +2856,7 @@ public:
- 		}
- 		else
- 		{
--			RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT, RSA_R_UNKNOWN_PADDING_TYPE);
-+			RSAerr(RSA_F_RSA_OSSL_PRIVATE_DECRYPT, RSA_R_UNKNOWN_PADDING_TYPE);
- 			return -1;
- 		}
- 
-@@ -2675,6 +2877,7 @@ public:
- 		return -1;
- 	}
- 
-+#ifndef OSSL_110
- 	static int rsa_sign(int type, const unsigned char *m, unsigned int m_len, unsigned char *sigret, unsigned int *siglen, const RSA *rsa)
- 	{
- 		QCA_RSA_METHOD *self = (QCA_RSA_METHOD *)RSA_get_app_data(rsa);
-@@ -2691,7 +2894,6 @@ public:
- 		}
- 		else
- 		{
--
- 			// make X509 packet
- 			X509_SIG sig;
- 			ASN1_TYPE parameter;
-@@ -2765,6 +2967,7 @@ public:
- 
- 		return 1;
- 	}
-+#endif
- 
- 	static int rsa_finish(RSA *rsa)
- 	{
-@@ -2866,21 +3069,22 @@ public:
- 	PKeyBase *pkeyToBase(EVP_PKEY *pkey, bool sec) const
- 	{
- 		PKeyBase *nk = 0;
--		if(pkey->type == EVP_PKEY_RSA)
-+		int pkey_type = EVP_PKEY_type(EVP_PKEY_id(pkey));
-+		if(pkey_type == EVP_PKEY_RSA)
- 		{
- 			RSAKey *c = new RSAKey(provider());
- 			c->evp.pkey = pkey;
- 			c->sec = sec;
- 			nk = c;
- 		}
--		else if(pkey->type == EVP_PKEY_DSA)
-+		else if(pkey_type == EVP_PKEY_DSA)
- 		{
- 			DSAKey *c = new DSAKey(provider());
- 			c->evp.pkey = pkey;
- 			c->sec = sec;
- 			nk = c;
- 		}
--		else if(pkey->type == EVP_PKEY_DH)
-+		else if(pkey_type == EVP_PKEY_DH)
- 		{
- 			DHKey *c = new DHKey(provider());
- 			c->evp.pkey = pkey;
-@@ -2898,8 +3102,10 @@ public:
- 	{
- 		EVP_PKEY *pkey = get_pkey();
- 
-+		int pkey_type = EVP_PKEY_type(EVP_PKEY_id(pkey));
-+
- 		// OpenSSL does not have DH import/export support
--		if(pkey->type == EVP_PKEY_DH)
-+		if(pkey_type == EVP_PKEY_DH)
- 			return QByteArray();
- 
- 		BIO *bo = BIO_new(BIO_s_mem());
-@@ -2912,8 +3118,10 @@ public:
- 	{
- 		EVP_PKEY *pkey = get_pkey();
- 
-+		int pkey_type = EVP_PKEY_type(EVP_PKEY_id(pkey));
-+
- 		// OpenSSL does not have DH import/export support
--		if(pkey->type == EVP_PKEY_DH)
-+		if(pkey_type == EVP_PKEY_DH)
- 			return QString();
- 
- 		BIO *bo = BIO_new(BIO_s_mem());
-@@ -2978,9 +3186,10 @@ public:
- 			return SecureArray();
- 
- 		EVP_PKEY *pkey = get_pkey();
-+		int pkey_type = EVP_PKEY_type(EVP_PKEY_id(pkey));
- 
- 		// OpenSSL does not have DH import/export support
--		if(pkey->type == EVP_PKEY_DH)
-+		if(pkey_type == EVP_PKEY_DH)
- 			return SecureArray();
- 
- 		BIO *bo = BIO_new(BIO_s_mem());
-@@ -3007,9 +3216,10 @@ public:
- 			return QString();
- 
- 		EVP_PKEY *pkey = get_pkey();
-+		int pkey_type = EVP_PKEY_type(EVP_PKEY_id(pkey));
- 
- 		// OpenSSL does not have DH import/export support
--		if(pkey->type == EVP_PKEY_DH)
-+		if(pkey_type == EVP_PKEY_DH)
- 			return QString();
- 
- 		BIO *bo = BIO_new(BIO_s_mem());
-@@ -3110,11 +3320,18 @@ public:
- 			crl = from.crl;
- 
- 			if(cert)
--				CRYPTO_add(&cert->references, 1, CRYPTO_LOCK_X509);
-+				X509_up_ref(cert);
- 			if(req)
-+			{
-+#ifdef OSSL_110
-+				// Not exposed, so copy
-+				req = X509_REQ_dup(req);
-+#else
- 				CRYPTO_add(&req->references, 1, CRYPTO_LOCK_X509_REQ);
-+#endif
-+			}
- 			if(crl)
--				CRYPTO_add(&crl->references, 1, CRYPTO_LOCK_X509_CRL);
-+				X509_CRL_up_ref(crl);
- 		}
- 
- 		return *this;
-@@ -3220,7 +3437,7 @@ public:
- //
- // This code is mostly taken from OpenSSL v0.9.5a
- // by Eric Young
--QDateTime ASN1_UTCTIME_QDateTime(ASN1_UTCTIME *tm, int *isGmt)
-+QDateTime ASN1_UTCTIME_QDateTime(const ASN1_UTCTIME *tm, int *isGmt)
- {
- 	QDateTime qdt;
- 	char *v;
-@@ -3318,7 +3535,7 @@ public:
- 
- 	void fromX509(X509 *x)
- 	{
--		CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
-+		X509_up_ref(x);
- 		item.cert = x;
- 		make_props();
- 	}
-@@ -3349,7 +3566,7 @@ public:
- 		if(priv.key()->type() == PKey::RSA)
- 			md = EVP_sha1();
- 		else if(priv.key()->type() == PKey::DSA)
--			md = EVP_dss1();
-+			md = EVP_sha1();
- 		else
- 			return false;
- 
-@@ -3480,7 +3697,7 @@ public:
- 
- 		const MyCertContext *our_cc = this;
- 		X509 *x = our_cc->item.cert;
--		CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
-+		X509_up_ref(x);
- 		sk_X509_push(untrusted_list, x);
- 
- 		const MyCertContext *other_cc = static_cast<const MyCertContext *>(other);
-@@ -3595,14 +3812,21 @@ public:
- 				p.policies = get_cert_policies(ex);
- 		}
- 
--		if (x->signature)
-+#ifdef OSSL_110
-+		const
-+#endif
-+		ASN1_BIT_STRING *signature;
-+
-+		X509_get0_signature(&signature, NULL, x);
-+		if(signature)
- 		{
--			p.sig = QByteArray(x->signature->length, 0);
--			for (int i=0; i< x->signature->length; i++)
--				p.sig[i] = x->signature->data[i];
-+			p.sig = QByteArray(signature->length, 0);
-+			for (int i=0; i< signature->length; i++)
-+				p.sig[i] = signature->data[i];
- 		}
- 
--		switch( OBJ_obj2nid(x->cert_info->signature->algorithm) )
-+
-+		switch( X509_get_signature_nid(x) )
- 		{
- 		case NID_sha1WithRSAEncryption:
- 			p.sigalgo = QCA::EMSA3_SHA1;
-@@ -3634,7 +3858,7 @@ public:
- 			p.sigalgo = QCA::EMSA3_SHA512;
- 			break;
- 		default:
--			qDebug() << "Unknown signature value: " << OBJ_obj2nid(x->cert_info->signature->algorithm);
-+			qDebug() << "Unknown signature value: " << X509_get_signature_nid(x);
- 			p.sigalgo = QCA::SignatureUnknown;
- 		}
- 
-@@ -3751,7 +3975,7 @@ public:
- 		if(privateKey -> key()->type() == PKey::RSA)
- 			md = EVP_sha1();
- 		else if(privateKey -> key()->type() == PKey::DSA)
--			md = EVP_dss1();
-+			md = EVP_sha1();
- 		else
- 			return 0;
- 
-@@ -3934,7 +4158,7 @@ public:
- 		if(priv.key()->type() == PKey::RSA)
- 			md = EVP_sha1();
- 		else if(priv.key()->type() == PKey::DSA)
--			md = EVP_dss1();
-+			md = EVP_sha1();
- 		else
- 			return false;
- 
-@@ -4095,14 +4319,17 @@ public:
- 
- 		sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);
- 
--		if (x->signature)
-+		const ASN1_BIT_STRING *signature;
-+
-+		X509_REQ_get0_signature(x, &signature, NULL);
-+		if(signature)
- 		{
--			p.sig = QByteArray(x->signature->length, 0);
--			for (int i=0; i< x->signature->length; i++)
--				p.sig[i] = x->signature->data[i];
-+			p.sig = QByteArray(signature->length, 0);
-+			for (int i=0; i< signature->length; i++)
-+				p.sig[i] = signature->data[i];
- 		}
- 
--		switch( OBJ_obj2nid(x->sig_alg->algorithm) )
-+		switch( X509_REQ_get_signature_nid(x) )
- 		{
- 		case NID_sha1WithRSAEncryption:
- 			p.sigalgo = QCA::EMSA3_SHA1;
-@@ -4122,7 +4349,7 @@ public:
- 			p.sigalgo = QCA::EMSA1_SHA1;
- 			break;
- 		default:
--			qDebug() << "Unknown signature value: " << OBJ_obj2nid(x->sig_alg->algorithm);
-+			qDebug() << "Unknown signature value: " << X509_REQ_get_signature_nid(x);
- 			p.sigalgo = QCA::SignatureUnknown;
- 		}
- 
-@@ -4186,7 +4413,7 @@ public:
- 
- 	void fromX509(X509_CRL *x)
- 	{
--		CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509_CRL);
-+		X509_CRL_up_ref(x);
- 		item.crl = x;
- 		make_props();
- 	}
-@@ -4238,8 +4465,8 @@ public:
- 
- 		for (int i = 0; i < sk_X509_REVOKED_num(revokeStack); ++i) {
- 			X509_REVOKED *rev = sk_X509_REVOKED_value(revokeStack, i);
--			BigInteger serial = bn2bi(ASN1_INTEGER_to_BN(rev->serialNumber, NULL));
--			QDateTime time = ASN1_UTCTIME_QDateTime( rev->revocationDate, NULL);
-+			BigInteger serial = bn2bi(ASN1_INTEGER_to_BN(X509_REVOKED_get0_serialNumber(rev), NULL));
-+			QDateTime time = ASN1_UTCTIME_QDateTime( X509_REVOKED_get0_revocationDate(rev), NULL);
- 			QCA::CRLEntry::Reason reason = QCA::CRLEntry::Unspecified;
- 			int pos = X509_REVOKED_get_ext_by_NID(rev, NID_crl_reason, -1);
- 			if (pos != -1) {
-@@ -4288,13 +4515,18 @@ public:
- 			p.revoked.append(thisEntry);
- 		}
- 
--		if (x->signature)
-+		const ASN1_BIT_STRING *signature;
-+
-+		X509_CRL_get0_signature(x, &signature, NULL);
-+		if(signature)
- 		{
--			p.sig = QByteArray(x->signature->length, 0);
--			for (int i=0; i< x->signature->length; i++)
--				p.sig[i] = x->signature->data[i];
-+			p.sig = QByteArray(signature->length, 0);
-+			for (int i=0; i< signature->length; i++)
-+				p.sig[i] = signature->data[i];
- 		}
--		switch( OBJ_obj2nid(x->sig_alg->algorithm) )
-+
-+
-+		switch( X509_CRL_get_signature_nid(x) )
- 		{
- 		case NID_sha1WithRSAEncryption:
- 			p.sigalgo = QCA::EMSA3_SHA1;
-@@ -4326,7 +4558,7 @@ public:
- 			p.sigalgo = QCA::EMSA3_SHA512;
- 			break;
- 		default:
--			qWarning() << "Unknown signature value: " << OBJ_obj2nid(x->sig_alg->algorithm);
-+			qWarning() << "Unknown signature value: " << X509_CRL_get_signature_nid(x);
- 			p.sigalgo = QCA::SignatureUnknown;
- 		}
- 
-@@ -4487,21 +4719,21 @@ Validity MyCertContext::validate(const QList<CertContext*> &trusted, const QList
- 	{
- 		const MyCertContext *cc = static_cast<const MyCertContext *>(trusted[n]);
- 		X509 *x = cc->item.cert;
--		CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
-+		X509_up_ref(x);
- 		sk_X509_push(trusted_list, x);
- 	}
- 	for(n = 0; n < untrusted.count(); ++n)
- 	{
- 		const MyCertContext *cc = static_cast<const MyCertContext *>(untrusted[n]);
- 		X509 *x = cc->item.cert;
--		CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
-+		X509_up_ref(x);
- 		sk_X509_push(untrusted_list, x);
- 	}
- 	for(n = 0; n < crls.count(); ++n)
- 	{
- 		const MyCRLContext *cc = static_cast<const MyCRLContext *>(crls[n]);
- 		X509_CRL *x = cc->item.crl;
--		CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509_CRL);
-+		X509_CRL_up_ref(x);
- 		crl_list.append(x);
- 	}
- 
-@@ -4526,7 +4758,7 @@ Validity MyCertContext::validate(const QList<CertContext*> &trusted, const QList
- 	int ret = X509_verify_cert(ctx);
- 	int err = -1;
- 	if(!ret)
--		err = ctx->error;
-+		err = X509_STORE_CTX_get_error(ctx);
- 
- 	// cleanup
- 	X509_STORE_CTX_free(ctx);
-@@ -4560,21 +4792,21 @@ Validity MyCertContext::validate_chain(const QList<CertContext*> &chain, const Q
- 	{
- 		const MyCertContext *cc = static_cast<const MyCertContext *>(trusted[n]);
- 		X509 *x = cc->item.cert;
--		CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
-+		X509_up_ref(x);
- 		sk_X509_push(trusted_list, x);
- 	}
- 	for(n = 1; n < chain.count(); ++n)
- 	{
- 		const MyCertContext *cc = static_cast<const MyCertContext *>(chain[n]);
- 		X509 *x = cc->item.cert;
--		CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
-+		X509_up_ref(x);
- 		sk_X509_push(untrusted_list, x);
- 	}
- 	for(n = 0; n < crls.count(); ++n)
- 	{
- 		const MyCRLContext *cc = static_cast<const MyCRLContext *>(crls[n]);
- 		X509_CRL *x = cc->item.crl;
--		CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509_CRL);
-+		X509_CRL_up_ref(x);
- 		crl_list.append(x);
- 	}
- 
-@@ -4599,7 +4831,7 @@ Validity MyCertContext::validate_chain(const QList<CertContext*> &chain, const Q
- 	int ret = X509_verify_cert(ctx);
- 	int err = -1;
- 	if(!ret)
--		err = ctx->error;
-+		err = X509_STORE_CTX_get_error(ctx);
- 
- 	// grab the chain, which may not be fully populated
- 	STACK_OF(X509) *xchain = X509_STORE_CTX_get_chain(ctx);
-@@ -4663,7 +4895,7 @@ public:
- 			for(int n = 1; n < chain.count(); ++n)
- 			{
- 				X509 *x = static_cast<const MyCertContext *>(chain[n])->item.cert;
--				CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
-+				X509_up_ref(x);
- 				sk_X509_push(ca, x);
- 			}
- 		}
-@@ -5398,7 +5630,7 @@ public:
- 		OpenSSL_add_ssl_algorithms();
- 		SSL_CTX *ctx = 0;
- 		switch (version) {
--#ifndef OPENSSL_NO_SSL2
-+#if !defined(OPENSSL_NO_SSL2) && !defined(OSSL_110)
- 		case TLS::SSL_v2:
- 			ctx = SSL_CTX_new(SSLv2_client_method());
- 			break;
-@@ -5429,8 +5661,8 @@ public:
- 		STACK_OF(SSL_CIPHER) *sk = SSL_get_ciphers(ssl);
- 		QStringList cipherList;
- 		for(int i = 0; i < sk_SSL_CIPHER_num(sk); ++i) {
--			SSL_CIPHER *thisCipher = sk_SSL_CIPHER_value(sk, i);
--			cipherList += cipherIDtoString(version, thisCipher->id);
-+			const SSL_CIPHER *thisCipher = sk_SSL_CIPHER_value(sk, i);
-+			cipherList += cipherIDtoString(version, SSL_CIPHER_get_id(thisCipher));
- 		}
- 
- 		SSL_free(ssl);
-@@ -5807,13 +6039,15 @@ public:
- 	{
- 		SessionInfo sessInfo;
- 
--		sessInfo.isCompressed = (0 != SSL_SESSION_get_compress_id(ssl->session));
-+		SSL_SESSION *session = SSL_get0_session(ssl);
-+		sessInfo.isCompressed = (0 != SSL_SESSION_get_compress_id(session));
-+		int ssl_version = SSL_version(ssl);
- 
--		if (ssl->version == TLS1_VERSION)
-+		if (ssl_version == TLS1_VERSION)
- 			sessInfo.version = TLS::TLS_v1;
--		else if (ssl->version == SSL3_VERSION)
-+		else if (ssl_version == SSL3_VERSION)
- 			sessInfo.version = TLS::SSL_v3;
--		else if (ssl->version == SSL2_VERSION)
-+		else if (ssl_version == SSL2_VERSION)
- 			sessInfo.version = TLS::SSL_v2;
- 		else {
- 			qDebug("unexpected version response");
-@@ -5821,7 +6055,7 @@ public:
- 		}
- 
- 		sessInfo.cipherSuite = cipherIDtoString( sessInfo.version,
--												 SSL_get_current_cipher(ssl)->id);
-+		                                         SSL_CIPHER_get_id(SSL_get_current_cipher(ssl)));
- 
- 		sessInfo.cipherMaxBits = SSL_get_cipher_bits(ssl, &(sessInfo.cipherBits));
- 
-@@ -6393,7 +6627,7 @@ public:
- 			for(int n = 0; n < nonroots.count(); ++n)
- 			{
- 				X509 *x = static_cast<MyCertContext *>(nonroots[n].context())->item.cert;
--				CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
-+				X509_up_ref(x);
- 				sk_X509_push(other_certs, x);
- 			}
- 
-@@ -6435,7 +6669,7 @@ public:
- 
- 			other_certs = sk_X509_new_null();
- 			X509 *x = static_cast<MyCertContext *>(target.context())->item.cert;
--			CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
-+			X509_up_ref(x);
- 			sk_X509_push(other_certs, x);
- 
- 			bi = BIO_new(BIO_s_mem());
-@@ -6498,7 +6732,7 @@ public:
- 			for(int n = 0; n < untrusted_list.count(); ++n)
- 			{
- 				X509 *x = static_cast<MyCertContext *>(untrusted_list[n].context())->item.cert;
--				CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
-+				X509_up_ref(x);
- 				sk_X509_push(other_certs, x);
- 			}
- 
-@@ -6749,14 +6983,27 @@ public:
- 	opensslCipherContext(const EVP_CIPHER *algorithm, const int pad, Provider *p, const QString &type) : CipherContext(p, type)
- 	{
- 		m_cryptoAlgorithm = algorithm;
--		EVP_CIPHER_CTX_init(&m_context);
-+		m_context = EVP_CIPHER_CTX_new();
-+		EVP_CIPHER_CTX_init(m_context);
- 		m_pad = pad;
- 		m_type = type;
- 	}
- 
-+	opensslCipherContext(const opensslCipherContext &other)
-+	    : CipherContext(other)
-+	{
-+		m_cryptoAlgorithm = other.m_cryptoAlgorithm;
-+		m_context = EVP_CIPHER_CTX_new();
-+		EVP_CIPHER_CTX_copy(m_context, other.m_context);
-+		m_direction = other.m_direction;
-+		m_pad = other.m_pad;
-+		m_type = other.m_type;
-+	}
-+
- 	~opensslCipherContext()
- 	{
--		EVP_CIPHER_CTX_cleanup(&m_context);
-+		EVP_CIPHER_CTX_cleanup(m_context);
-+		EVP_CIPHER_CTX_free(m_context);
- 	}
- 
- 	void setup(Direction dir,
-@@ -6769,20 +7016,20 @@ public:
- 			m_cryptoAlgorithm = EVP_des_ede();
- 		}
- 		if (Encode == m_direction) {
--			EVP_EncryptInit_ex(&m_context, m_cryptoAlgorithm, 0, 0, 0);
--			EVP_CIPHER_CTX_set_key_length(&m_context, key.size());
--			EVP_EncryptInit_ex(&m_context, 0, 0,
-+			EVP_EncryptInit_ex(m_context, m_cryptoAlgorithm, 0, 0, 0);
-+			EVP_CIPHER_CTX_set_key_length(m_context, key.size());
-+			EVP_EncryptInit_ex(m_context, 0, 0,
- 							   (const unsigned char*)(key.data()),
- 							   (const unsigned char*)(iv.data()));
- 		} else {
--			EVP_DecryptInit_ex(&m_context, m_cryptoAlgorithm, 0, 0, 0);
--			EVP_CIPHER_CTX_set_key_length(&m_context, key.size());
--			EVP_DecryptInit_ex(&m_context, 0, 0,
-+			EVP_DecryptInit_ex(m_context, m_cryptoAlgorithm, 0, 0, 0);
-+			EVP_CIPHER_CTX_set_key_length(m_context, key.size());
-+			EVP_DecryptInit_ex(m_context, 0, 0,
- 							   (const unsigned char*)(key.data()),
- 							   (const unsigned char*)(iv.data()));
- 		}
- 
--		EVP_CIPHER_CTX_set_padding(&m_context, m_pad);
-+		EVP_CIPHER_CTX_set_padding(m_context, m_pad);
- 	}
- 
- 	Provider::Context *clone() const
-@@ -6792,7 +7039,7 @@ public:
- 
- 	int blockSize() const
- 	{
--		return EVP_CIPHER_CTX_block_size(&m_context);
-+		return EVP_CIPHER_CTX_block_size(m_context);
- 	}
- 
- 	bool update(const SecureArray &in, SecureArray *out)
-@@ -6805,7 +7052,7 @@ public:
- 		out->resize(in.size()+blockSize());
- 		int resultLength;
- 		if (Encode == m_direction) {
--			if (0 == EVP_EncryptUpdate(&m_context,
-+			if (0 == EVP_EncryptUpdate(m_context,
- 									   (unsigned char*)out->data(),
- 									   &resultLength,
- 									   (unsigned char*)in.data(),
-@@ -6813,7 +7060,7 @@ public:
- 				return false;
- 			}
- 		} else {
--			if (0 == EVP_DecryptUpdate(&m_context,
-+			if (0 == EVP_DecryptUpdate(m_context,
- 									   (unsigned char*)out->data(),
- 									   &resultLength,
- 									   (unsigned char*)in.data(),
-@@ -6830,13 +7077,13 @@ public:
- 		out->resize(blockSize());
- 		int resultLength;
- 		if (Encode == m_direction) {
--			if (0 == EVP_EncryptFinal_ex(&m_context,
-+			if (0 == EVP_EncryptFinal_ex(m_context,
- 										 (unsigned char*)out->data(),
- 										 &resultLength)) {
- 				return false;
- 			}
- 		} else {
--			if (0 == EVP_DecryptFinal_ex(&m_context,
-+			if (0 == EVP_DecryptFinal_ex(m_context,
- 										 (unsigned char*)out->data(),
- 										 &resultLength)) {
- 				return false;
-@@ -6871,7 +7118,7 @@ public:
- 
- 
- protected:
--	EVP_CIPHER_CTX m_context;
-+	EVP_CIPHER_CTX *m_context;
- 	const EVP_CIPHER *m_cryptoAlgorithm;
- 	Direction m_direction;
- 	int m_pad;
-diff --git a/unittest/tls/tlsunittest.cpp b/unittest/tls/tlsunittest.cpp
-index fb8fa10..5e88002 100644
---- a/unittest/tls/tlsunittest.cpp
-+++ b/unittest/tls/tlsunittest.cpp
-@@ -60,15 +60,16 @@ void TLSUnitTest::testCipherList()
- 	QCA::TLS *tls = new QCA::TLS(QCA::TLS::Stream, 0, "qca-ossl");
- 	QStringList cipherList = tls->supportedCipherSuites(QCA::TLS::TLS_v1);
- 	QVERIFY( cipherList.contains("TLS_DHE_RSA_WITH_AES_256_CBC_SHA") );
--	QVERIFY( cipherList.contains("TLS_DHE_DSS_WITH_AES_256_CBC_SHA") );
- 	QVERIFY( cipherList.contains("TLS_RSA_WITH_AES_256_CBC_SHA") );
--	QVERIFY( cipherList.contains("TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA") );
--	QVERIFY( cipherList.contains("TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA") );
--	QVERIFY( cipherList.contains("TLS_RSA_WITH_3DES_EDE_CBC_SHA") );
- 	QVERIFY( cipherList.contains("TLS_DHE_RSA_WITH_AES_128_CBC_SHA") );
--	QVERIFY( cipherList.contains("TLS_DHE_DSS_WITH_AES_128_CBC_SHA") );
--	QVERIFY( cipherList.contains("TLS_RSA_WITH_AES_128_CBC_SHA") );
--	QVERIFY( cipherList.contains("TLS_RSA_WITH_RC4_128_SHA") );
-+
-+	// openSUSE TW OpenSSL 1.1 does not have this
-+	// QVERIFY( cipherList.contains("TLS_DHE_DSS_WITH_AES_256_CBC_SHA") );
-+	// QVERIFY( cipherList.contains("TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA") );
-+	// QVERIFY( cipherList.contains("TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA") );
-+	// QVERIFY( cipherList.contains("TLS_RSA_WITH_3DES_EDE_CBC_SHA") );
-+	// QVERIFY( cipherList.contains("TLS_RSA_WITH_AES_128_CBC_SHA") );
-+	// QVERIFY( cipherList.contains("TLS_DHE_DSS_WITH_AES_128_CBC_SHA") );
- 
- 	// Fedora 22 has no TLS_RSA_WITH_RC4_128_MD5
- 	// QVERIFY( cipherList.contains("TLS_RSA_WITH_RC4_128_MD5") );
-@@ -87,17 +88,17 @@ void TLSUnitTest::testCipherList()
- 	// QVERIFY( cipherList.contains("TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5") );
- 	// QVERIFY( cipherList.contains("TLS_RSA_EXPORT_WITH_RC4_40_MD5") );
- 
--	cipherList = tls->supportedCipherSuites(QCA::TLS::SSL_v3);
--	QVERIFY( cipherList.contains("SSL_DHE_RSA_WITH_AES_256_CBC_SHA") );
--	QVERIFY( cipherList.contains("SSL_DHE_DSS_WITH_AES_256_CBC_SHA") );
--	QVERIFY( cipherList.contains("SSL_RSA_WITH_AES_256_CBC_SHA") );
--	QVERIFY( cipherList.contains("SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA") );
--	QVERIFY( cipherList.contains("SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA") );
--	QVERIFY( cipherList.contains("SSL_RSA_WITH_3DES_EDE_CBC_SHA") );
--	QVERIFY( cipherList.contains("SSL_DHE_RSA_WITH_AES_128_CBC_SHA") );
--	QVERIFY( cipherList.contains("SSL_DHE_DSS_WITH_AES_128_CBC_SHA") );
--	QVERIFY( cipherList.contains("SSL_RSA_WITH_AES_128_CBC_SHA") );
--	QVERIFY( cipherList.contains("SSL_RSA_WITH_RC4_128_SHA") );
-+	// OpenSSL 1.1 in openSUSE TW has it disabled by default
-+	// cipherList = tls->supportedCipherSuites(QCA::TLS::SSL_v3);
-+	// QVERIFY( cipherList.contains("SSL_DHE_RSA_WITH_AES_256_CBC_SHA") );
-+	// QVERIFY( cipherList.contains("SSL_DHE_DSS_WITH_AES_256_CBC_SHA") );
-+	// QVERIFY( cipherList.contains("SSL_RSA_WITH_AES_256_CBC_SHA") );
-+	// QVERIFY( cipherList.contains("SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA") );
-+	// QVERIFY( cipherList.contains("SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA") );
-+	// QVERIFY( cipherList.contains("SSL_RSA_WITH_3DES_EDE_CBC_SHA") );
-+	// QVERIFY( cipherList.contains("SSL_DHE_RSA_WITH_AES_128_CBC_SHA") );
-+	// QVERIFY( cipherList.contains("SSL_DHE_DSS_WITH_AES_128_CBC_SHA") );
-+	// QVERIFY( cipherList.contains("SSL_RSA_WITH_AES_128_CBC_SHA") );
- 
- 	// Fedora 22 has no SSL_RSA_WITH_RC4_128_MD5
- 	// QVERIFY( cipherList.contains("SSL_RSA_WITH_RC4_128_MD5") );

Copied: qca/repos/extra-x86_64/qca-openssl-1.1.patch (from rev 321291, qca/trunk/qca-openssl-1.1.patch)
===================================================================
--- qca-openssl-1.1.patch	                        (rev 0)
+++ qca-openssl-1.1.patch	2018-04-07 01:27:04 UTC (rev 321292)
@@ -0,0 +1,2036 @@
+diff --git a/plugins/qca-ossl/CMakeLists.txt b/plugins/qca-ossl/CMakeLists.txt
+index cdeaeca..f7c5c1b 100644
+--- a/plugins/qca-ossl/CMakeLists.txt
++++ b/plugins/qca-ossl/CMakeLists.txt
+@@ -32,7 +32,7 @@ if(OPENSSL_FOUND)
+     message(WARNING "qca-ossl will be compiled without SHA-0 digest algorithm support")
+   endif(HAVE_OPENSSL_SHA0)
+ 
+-  set(QCA_OSSL_SOURCES qca-ossl.cpp)
++  set(QCA_OSSL_SOURCES libcrypto-compat.c qca-ossl.cpp)
+ 
+   my_automoc( QCA_OSSL_SOURCES )
+ 
+diff --git a/plugins/qca-ossl/libcrypto-compat.c b/plugins/qca-ossl/libcrypto-compat.c
+index e69de29..b587845 100644
+--- a/plugins/qca-ossl/libcrypto-compat.c
++++ b/plugins/qca-ossl/libcrypto-compat.c
+@@ -0,0 +1,410 @@
++/*
++ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
++ *
++ * Licensed under the OpenSSL license (the "License").  You may not use
++ * this file except in compliance with the License.  You can obtain a copy
++ * in the file LICENSE in the source distribution or at
++ * https://www.openssl.org/source/license.html
++ */
++
++#include <openssl/evp.h>
++
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
++
++#include <string.h>
++#include <openssl/engine.h>
++
++static void *OPENSSL_zalloc(size_t num)
++{
++    void *ret = OPENSSL_malloc(num);
++
++    if (ret != NULL)
++        memset(ret, 0, num);
++    return ret;
++}
++
++int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d)
++{
++    /* If the fields n and e in r are NULL, the corresponding input
++     * parameters MUST be non-NULL for n and e.  d may be
++     * left NULL (in case only the public key is used).
++     */
++    if ((r->n == NULL && n == NULL)
++        || (r->e == NULL && e == NULL))
++        return 0;
++
++    if (n != NULL) {
++        BN_free(r->n);
++        r->n = n;
++    }
++    if (e != NULL) {
++        BN_free(r->e);
++        r->e = e;
++    }
++    if (d != NULL) {
++        BN_free(r->d);
++        r->d = d;
++    }
++
++    return 1;
++}
++
++int RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q)
++{
++    /* If the fields p and q in r are NULL, the corresponding input
++     * parameters MUST be non-NULL.
++     */
++    if ((r->p == NULL && p == NULL)
++        || (r->q == NULL && q == NULL))
++        return 0;
++
++    if (p != NULL) {
++        BN_free(r->p);
++        r->p = p;
++    }
++    if (q != NULL) {
++        BN_free(r->q);
++        r->q = q;
++    }
++
++    return 1;
++}
++
++int RSA_set0_crt_params(RSA *r, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp)
++{
++    /* If the fields dmp1, dmq1 and iqmp in r are NULL, the corresponding input
++     * parameters MUST be non-NULL.
++     */
++    if ((r->dmp1 == NULL && dmp1 == NULL)
++        || (r->dmq1 == NULL && dmq1 == NULL)
++        || (r->iqmp == NULL && iqmp == NULL))
++        return 0;
++
++    if (dmp1 != NULL) {
++        BN_free(r->dmp1);
++        r->dmp1 = dmp1;
++    }
++    if (dmq1 != NULL) {
++        BN_free(r->dmq1);
++        r->dmq1 = dmq1;
++    }
++    if (iqmp != NULL) {
++        BN_free(r->iqmp);
++        r->iqmp = iqmp;
++    }
++
++    return 1;
++}
++
++void RSA_get0_key(const RSA *r,
++                  const BIGNUM **n, const BIGNUM **e, const BIGNUM **d)
++{
++    if (n != NULL)
++        *n = r->n;
++    if (e != NULL)
++        *e = r->e;
++    if (d != NULL)
++        *d = r->d;
++}
++
++void RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q)
++{
++    if (p != NULL)
++        *p = r->p;
++    if (q != NULL)
++        *q = r->q;
++}
++
++void RSA_get0_crt_params(const RSA *r,
++                         const BIGNUM **dmp1, const BIGNUM **dmq1,
++                         const BIGNUM **iqmp)
++{
++    if (dmp1 != NULL)
++        *dmp1 = r->dmp1;
++    if (dmq1 != NULL)
++        *dmq1 = r->dmq1;
++    if (iqmp != NULL)
++        *iqmp = r->iqmp;
++}
++
++void DSA_get0_pqg(const DSA *d,
++                  const BIGNUM **p, const BIGNUM **q, const BIGNUM **g)
++{
++    if (p != NULL)
++        *p = d->p;
++    if (q != NULL)
++        *q = d->q;
++    if (g != NULL)
++        *g = d->g;
++}
++
++int DSA_set0_pqg(DSA *d, BIGNUM *p, BIGNUM *q, BIGNUM *g)
++{
++    /* If the fields p, q and g in d are NULL, the corresponding input
++     * parameters MUST be non-NULL.
++     */
++    if ((d->p == NULL && p == NULL)
++        || (d->q == NULL && q == NULL)
++        || (d->g == NULL && g == NULL))
++        return 0;
++
++    if (p != NULL) {
++        BN_free(d->p);
++        d->p = p;
++    }
++    if (q != NULL) {
++        BN_free(d->q);
++        d->q = q;
++    }
++    if (g != NULL) {
++        BN_free(d->g);
++        d->g = g;
++    }
++
++    return 1;
++}
++
++void DSA_get0_key(const DSA *d,
++                  const BIGNUM **pub_key, const BIGNUM **priv_key)
++{
++    if (pub_key != NULL)
++        *pub_key = d->pub_key;
++    if (priv_key != NULL)
++        *priv_key = d->priv_key;
++}
++
++int DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key)
++{
++    /* If the field pub_key in d is NULL, the corresponding input
++     * parameters MUST be non-NULL.  The priv_key field may
++     * be left NULL.
++     */
++    if (d->pub_key == NULL && pub_key == NULL)
++        return 0;
++
++    if (pub_key != NULL) {
++        BN_free(d->pub_key);
++        d->pub_key = pub_key;
++    }
++    if (priv_key != NULL) {
++        BN_free(d->priv_key);
++        d->priv_key = priv_key;
++    }
++
++    return 1;
++}
++
++void DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps)
++{
++    if (pr != NULL)
++        *pr = sig->r;
++    if (ps != NULL)
++        *ps = sig->s;
++}
++
++int DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s)
++{
++    if (r == NULL || s == NULL)
++        return 0;
++    BN_clear_free(sig->r);
++    BN_clear_free(sig->s);
++    sig->r = r;
++    sig->s = s;
++    return 1;
++}
++
++void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps)
++{
++    if (pr != NULL)
++        *pr = sig->r;
++    if (ps != NULL)
++        *ps = sig->s;
++}
++
++int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s)
++{
++    if (r == NULL || s == NULL)
++        return 0;
++    BN_clear_free(sig->r);
++    BN_clear_free(sig->s);
++    sig->r = r;
++    sig->s = s;
++    return 1;
++}
++
++void DH_get0_pqg(const DH *dh,
++                 const BIGNUM **p, const BIGNUM **q, const BIGNUM **g)
++{
++    if (p != NULL)
++        *p = dh->p;
++    if (q != NULL)
++        *q = dh->q;
++    if (g != NULL)
++        *g = dh->g;
++}
++
++int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g)
++{
++    /* If the fields p and g in d are NULL, the corresponding input
++     * parameters MUST be non-NULL.  q may remain NULL.
++     */
++    if ((dh->p == NULL && p == NULL)
++        || (dh->g == NULL && g == NULL))
++        return 0;
++
++    if (p != NULL) {
++        BN_free(dh->p);
++        dh->p = p;
++    }
++    if (q != NULL) {
++        BN_free(dh->q);
++        dh->q = q;
++    }
++    if (g != NULL) {
++        BN_free(dh->g);
++        dh->g = g;
++    }
++
++    if (q != NULL) {
++        dh->length = BN_num_bits(q);
++    }
++
++    return 1;
++}
++
++void DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key)
++{
++    if (pub_key != NULL)
++        *pub_key = dh->pub_key;
++    if (priv_key != NULL)
++        *priv_key = dh->priv_key;
++}
++
++int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key)
++{
++    /* If the field pub_key in dh is NULL, the corresponding input
++     * parameters MUST be non-NULL.  The priv_key field may
++     * be left NULL.
++     */
++    if (dh->pub_key == NULL && pub_key == NULL)
++        return 0;
++
++    if (pub_key != NULL) {
++        BN_free(dh->pub_key);
++        dh->pub_key = pub_key;
++    }
++    if (priv_key != NULL) {
++        BN_free(dh->priv_key);
++        dh->priv_key = priv_key;
++    }
++
++    return 1;
++}
++
++int DH_set_length(DH *dh, long length)
++{
++    dh->length = length;
++    return 1;
++}
++
++const unsigned char *EVP_CIPHER_CTX_iv(const EVP_CIPHER_CTX *ctx)
++{
++    return ctx->iv;
++}
++
++unsigned char *EVP_CIPHER_CTX_iv_noconst(EVP_CIPHER_CTX *ctx)
++{
++    return ctx->iv;
++}
++
++EVP_MD_CTX *EVP_MD_CTX_new(void)
++{
++    return OPENSSL_zalloc(sizeof(EVP_MD_CTX));
++}
++
++void EVP_MD_CTX_free(EVP_MD_CTX *ctx)
++{
++    EVP_MD_CTX_cleanup(ctx);
++    OPENSSL_free(ctx);
++}
++
++RSA_METHOD *RSA_meth_dup(const RSA_METHOD *meth)
++{
++    RSA_METHOD *ret;
++
++    ret = OPENSSL_malloc(sizeof(RSA_METHOD));
++
++    if (ret != NULL) {
++        memcpy(ret, meth, sizeof(*meth));
++        ret->name = OPENSSL_strdup(meth->name);
++        if (ret->name == NULL) {
++            OPENSSL_free(ret);
++            return NULL;
++        }
++    }
++
++    return ret;
++}
++
++int RSA_meth_set1_name(RSA_METHOD *meth, const char *name)
++{
++    char *tmpname;
++
++    tmpname = OPENSSL_strdup(name);
++    if (tmpname == NULL) {
++        return 0;
++    }
++
++    OPENSSL_free((char *)meth->name);
++    meth->name = tmpname;
++
++    return 1;
++}
++
++int RSA_meth_set_priv_enc(RSA_METHOD *meth,
++                          int (*priv_enc) (int flen, const unsigned char *from,
++                                           unsigned char *to, RSA *rsa,
++                                           int padding))
++{
++    meth->rsa_priv_enc = priv_enc;
++    return 1;
++}
++
++int RSA_meth_set_priv_dec(RSA_METHOD *meth,
++                          int (*priv_dec) (int flen, const unsigned char *from,
++                                           unsigned char *to, RSA *rsa,
++                                           int padding))
++{
++    meth->rsa_priv_dec = priv_dec;
++    return 1;
++}
++
++int RSA_meth_set_finish(RSA_METHOD *meth, int (*finish) (RSA *rsa))
++{
++    meth->finish = finish;
++    return 1;
++}
++
++void RSA_meth_free(RSA_METHOD *meth)
++{
++    if (meth != NULL) {
++        OPENSSL_free((char *)meth->name);
++        OPENSSL_free(meth);
++    }
++}
++
++int RSA_bits(const RSA *r)
++{
++    return (BN_num_bits(r->n));
++}
++
++RSA *EVP_PKEY_get0_RSA(EVP_PKEY *pkey)
++{
++    if (pkey->type != EVP_PKEY_RSA) {
++        return NULL;
++    }
++    return pkey->pkey.rsa;
++}
++
++
++#endif /* OPENSSL_VERSION_NUMBER */
+diff --git a/plugins/qca-ossl/libcrypto-compat.h b/plugins/qca-ossl/libcrypto-compat.h
+index e69de29..057f1fe 100644
+--- a/plugins/qca-ossl/libcrypto-compat.h
++++ b/plugins/qca-ossl/libcrypto-compat.h
+@@ -0,0 +1,57 @@
++#ifndef LIBCRYPTO_COMPAT_H
++#define LIBCRYPTO_COMPAT_H
++
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
++
++#include <openssl/rsa.h>
++#include <openssl/dsa.h>
++#include <openssl/ecdsa.h>
++#include <openssl/dh.h>
++#include <openssl/evp.h>
++
++int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d);
++int RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q);
++int RSA_set0_crt_params(RSA *r, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp);
++void RSA_get0_key(const RSA *r, const BIGNUM **n, const BIGNUM **e, const BIGNUM **d);
++void RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q);
++void RSA_get0_crt_params(const RSA *r, const BIGNUM **dmp1, const BIGNUM **dmq1, const BIGNUM **iqmp);
++
++void DSA_get0_pqg(const DSA *d, const BIGNUM **p, const BIGNUM **q, const BIGNUM **g);
++int DSA_set0_pqg(DSA *d, BIGNUM *p, BIGNUM *q, BIGNUM *g);
++void DSA_get0_key(const DSA *d, const BIGNUM **pub_key, const BIGNUM **priv_key);
++int DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key);
++
++void DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps);
++int DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s);
++
++void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps);
++int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s);
++
++void DH_get0_pqg(const DH *dh, const BIGNUM **p, const BIGNUM **q, const BIGNUM **g);
++int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g);
++void DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key);
++int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key);
++int DH_set_length(DH *dh, long length);
++
++const unsigned char *EVP_CIPHER_CTX_iv(const EVP_CIPHER_CTX *ctx);
++unsigned char *EVP_CIPHER_CTX_iv_noconst(EVP_CIPHER_CTX *ctx);
++EVP_MD_CTX *EVP_MD_CTX_new(void);
++void EVP_MD_CTX_free(EVP_MD_CTX *ctx);
++#define EVP_CIPHER_impl_ctx_size(e) e->ctx_size
++#define EVP_CIPHER_CTX_get_cipher_data(ctx) ctx->cipher_data
++
++RSA_METHOD *RSA_meth_dup(const RSA_METHOD *meth);
++int RSA_meth_set1_name(RSA_METHOD *meth, const char *name);
++#define RSA_meth_get_finish(meth) meth->finish
++int RSA_meth_set_priv_enc(RSA_METHOD *meth, int (*priv_enc) (int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding));
++int RSA_meth_set_priv_dec(RSA_METHOD *meth, int (*priv_dec) (int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding));
++int RSA_meth_set_finish(RSA_METHOD *meth, int (*finish) (RSA *rsa));
++void RSA_meth_free(RSA_METHOD *meth);
++
++int RSA_bits(const RSA *r);
++
++RSA *EVP_PKEY_get0_RSA(EVP_PKEY *pkey);
++
++#endif /* OPENSSL_VERSION_NUMBER */
++
++#endif /* LIBCRYPTO_COMPAT_H */
+diff --git a/plugins/qca-ossl/qca-ossl.cpp b/plugins/qca-ossl/qca-ossl.cpp
+index f0b9431..d961ad9 100644
+--- a/plugins/qca-ossl/qca-ossl.cpp
++++ b/plugins/qca-ossl/qca-ossl.cpp
+@@ -1,6 +1,7 @@
+ /*
+  * Copyright (C) 2004-2007  Justin Karneges <justin at affinix.com>
+  * Copyright (C) 2004-2006  Brad Hards <bradh at frogmouth.net>
++ * Copyright (C) 2017       Fabian Vogt <fabian at ritter-vogt.de>
+  *
+  * This library is free software; you can redistribute it and/or
+  * modify it under the terms of the GNU Lesser General Public
+@@ -38,6 +39,10 @@
+ #include <openssl/pkcs12.h>
+ #include <openssl/ssl.h>
+ 
++extern "C" {
++#include "libcrypto-compat.h"
++}
++
+ #ifndef OSSL_097
+ // comment this out if you'd rather use openssl 0.9.6
+ #define OSSL_097
+@@ -52,6 +57,73 @@
+ 	((_STACK*) (1 ? p : (type*)0))
+ #endif
+ 
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++    #define OSSL_110
++#endif
++
++// OpenSSL 1.1.0 compatibility macros
++#ifdef OSSL_110
++#define M_ASN1_IA5STRING_new() ASN1_IA5STRING_new()
++#else
++static HMAC_CTX *HMAC_CTX_new() { return new HMAC_CTX(); }
++static void HMAC_CTX_free(HMAC_CTX *x) { free(x); }
++static void EVP_PKEY_up_ref(EVP_PKEY *x) { CRYPTO_add(&x->references, 1, CRYPTO_LOCK_EVP_PKEY); }
++static void X509_up_ref(X509 *x) { CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509); }
++static void X509_CRL_up_ref(X509_CRL *x) { CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509_CRL); }
++static DSA *EVP_PKEY_get0_DSA(EVP_PKEY *x) { return x->pkey.dsa; }
++static DH *EVP_PKEY_get0_DH(EVP_PKEY *x) { return x->pkey.dh; }
++static int RSA_meth_set_sign(RSA_METHOD *meth,
++                      int (*sign) (int type, const unsigned char *m,
++                                   unsigned int m_length,
++                                   unsigned char *sigret, unsigned int *siglen,
++                                   const RSA *rsa))
++{
++    meth->rsa_sign = sign;
++    return 1;
++}
++int RSA_meth_set_verify(RSA_METHOD *meth,
++                        int (*verify) (int dtype, const unsigned char *m,
++                                       unsigned int m_length,
++                                       const unsigned char *sigbuf,
++                                       unsigned int siglen, const RSA *rsa))
++{
++    meth->rsa_verify = verify;
++    return 1;
++}
++void X509_REQ_get0_signature(const X509_REQ *req, const ASN1_BIT_STRING **psig,
++                             const X509_ALGOR **palg)
++{
++    if (psig != NULL)
++        *psig = req->signature;
++    if (palg != NULL)
++        *palg = req->sig_alg;
++}
++int X509_REQ_get_signature_nid(const X509_REQ *req)
++{
++    return OBJ_obj2nid(req->sig_alg->algorithm);
++}
++void X509_CRL_get0_signature(const X509_CRL *crl, const ASN1_BIT_STRING **psig,
++                             const X509_ALGOR **palg)
++{
++    if (psig != NULL)
++        *psig = crl->signature;
++    if (palg != NULL)
++        *palg = crl->sig_alg;
++}
++int X509_CRL_get_signature_nid(const X509_CRL *crl)
++{
++    return OBJ_obj2nid(crl->sig_alg->algorithm);
++}
++const ASN1_INTEGER *X509_REVOKED_get0_serialNumber(const X509_REVOKED *x)
++{
++    return x->serialNumber;
++}
++const ASN1_TIME *X509_REVOKED_get0_revocationDate(const X509_REVOKED *x)
++{
++    return x->revocationDate;
++}
++#endif
++
+ using namespace QCA;
+ 
+ namespace opensslQCAPlugin {
+@@ -93,7 +165,7 @@ static QByteArray bio2ba(BIO *b)
+ 	return buf;
+ }
+ 
+-static BigInteger bn2bi(BIGNUM *n)
++static BigInteger bn2bi(const BIGNUM *n)
+ {
+ 	SecureArray buf(BN_num_bytes(n) + 1);
+ 	buf[0] = 0; // positive
+@@ -109,7 +181,7 @@ static BIGNUM *bi2bn(const BigInteger &n)
+ 
+ // take lowest bytes of BIGNUM to fit
+ // pad with high byte zeroes to fit
+-static SecureArray bn2fixedbuf(BIGNUM *n, int size)
++static SecureArray bn2fixedbuf(const BIGNUM *n, int size)
+ {
+ 	SecureArray buf(BN_num_bytes(n));
+ 	BN_bn2bin(n, (unsigned char *)buf.data());
+@@ -127,8 +199,16 @@ static SecureArray dsasig_der_to_raw(const SecureArray &in)
+ 	const unsigned char *inp = (const unsigned char *)in.data();
+ 	d2i_DSA_SIG(&sig, &inp, in.size());
+ 
+-	SecureArray part_r = bn2fixedbuf(sig->r, 20);
+-	SecureArray part_s = bn2fixedbuf(sig->s, 20);
++	const BIGNUM *bnr, *bns;
++
++#ifdef OSSL_110
++	DSA_SIG_get0(sig, &bnr, &bns);
++#else
++	bnr = sig->r; bns = sig->s;
++#endif
++
++	SecureArray part_r = bn2fixedbuf(bnr, 20);
++	SecureArray part_s = bn2fixedbuf(bns, 20);
+ 	SecureArray result;
+ 	result.append(part_r);
+ 	result.append(part_s);
+@@ -143,12 +223,20 @@ static SecureArray dsasig_raw_to_der(const SecureArray &in)
+ 		return SecureArray();
+ 
+ 	DSA_SIG *sig = DSA_SIG_new();
+-	SecureArray part_r(20);
+-	SecureArray part_s(20);
++	SecureArray part_r(20); BIGNUM *bnr;
++	SecureArray part_s(20); BIGNUM *bns;
+ 	memcpy(part_r.data(), in.data(), 20);
+ 	memcpy(part_s.data(), in.data() + 20, 20);
+-	sig->r = BN_bin2bn((const unsigned char *)part_r.data(), part_r.size(), NULL);
+-	sig->s = BN_bin2bn((const unsigned char *)part_s.data(), part_s.size(), NULL);
++	bnr = BN_bin2bn((const unsigned char *)part_r.data(), part_r.size(), NULL);
++	bns = BN_bin2bn((const unsigned char *)part_s.data(), part_s.size(), NULL);
++
++#ifdef OSSL_110
++	if(DSA_SIG_set0(sig, bnr, bns) == 0)
++		return SecureArray();
++	// Not documented what happens in the failure case, free bnr and bns?
++#else
++	sig->r = bnr; sig->s = bns;
++#endif
+ 
+ 	int len = i2d_DSA_SIG(sig, NULL);
+ 	SecureArray result(len);
+@@ -1004,29 +1092,39 @@ public:
+ 	opensslHashContext(const EVP_MD *algorithm, Provider *p, const QString &type) : HashContext(p, type)
+ 	{
+ 		m_algorithm = algorithm;
+-		EVP_DigestInit( &m_context, m_algorithm );
++		m_context = EVP_MD_CTX_new();
++		EVP_DigestInit( m_context, m_algorithm );
++	}
++
++	opensslHashContext(const opensslHashContext &other)
++	    : HashContext(other)
++	{
++		m_algorithm = other.m_algorithm;
++		m_context = EVP_MD_CTX_new();
++		EVP_MD_CTX_copy_ex(m_context, other.m_context);
+ 	}
+ 
+ 	~opensslHashContext()
+ 	{
+-		EVP_MD_CTX_cleanup(&m_context);
++		EVP_MD_CTX_free(m_context);
+ 	}
+ 
+ 	void clear()
+ 	{
+-		EVP_MD_CTX_cleanup(&m_context);
+-		EVP_DigestInit( &m_context, m_algorithm );
++		EVP_MD_CTX_free(m_context);
++		m_context = EVP_MD_CTX_new();
++		EVP_DigestInit( m_context, m_algorithm );
+ 	}
+ 
+ 	void update(const MemoryRegion &a)
+ 	{
+-		EVP_DigestUpdate( &m_context, (unsigned char*)a.data(), a.size() );
++		EVP_DigestUpdate( m_context, (unsigned char*)a.data(), a.size() );
+ 	}
+ 
+ 	MemoryRegion final()
+ 	{
+ 		SecureArray a( EVP_MD_size( m_algorithm ) );
+-		EVP_DigestFinal( &m_context, (unsigned char*)a.data(), 0 );
++		EVP_DigestFinal( m_context, (unsigned char*)a.data(), 0 );
+ 		return a;
+ 	}
+ 
+@@ -1037,7 +1135,7 @@ public:
+ 
+ protected:
+ 	const EVP_MD *m_algorithm;
+-	EVP_MD_CTX m_context;
++	EVP_MD_CTX *m_context;
+ };
+ 
+ 
+@@ -1047,7 +1145,21 @@ public:
+ 	opensslPbkdf1Context(const EVP_MD *algorithm, Provider *p, const QString &type) : KDFContext(p, type)
+ 	{
+ 		m_algorithm = algorithm;
+-		EVP_DigestInit( &m_context, m_algorithm );
++		m_context = EVP_MD_CTX_new();
++		EVP_DigestInit( m_context, m_algorithm );
++	}
++
++	opensslPbkdf1Context(const opensslPbkdf1Context &other)
++	    : KDFContext(other)
++	{
++		m_algorithm = other.m_algorithm;
++		m_context = EVP_MD_CTX_new();
++		EVP_MD_CTX_copy(m_context, other.m_context);
++	}
++
++	~opensslPbkdf1Context()
++	{
++		EVP_MD_CTX_free(m_context);
+ 	}
+ 
+ 	Provider::Context *clone() const
+@@ -1081,16 +1193,16 @@ public:
+ 		  DK = Tc<0..dkLen-1>
+ 		*/
+ 		// calculate T_1
+-		EVP_DigestUpdate( &m_context, (unsigned char*)secret.data(), secret.size() );
+-		EVP_DigestUpdate( &m_context, (unsigned char*)salt.data(), salt.size() );
++		EVP_DigestUpdate( m_context, (unsigned char*)secret.data(), secret.size() );
++		EVP_DigestUpdate( m_context, (unsigned char*)salt.data(), salt.size() );
+ 		SecureArray a( EVP_MD_size( m_algorithm ) );
+-		EVP_DigestFinal( &m_context, (unsigned char*)a.data(), 0 );
++		EVP_DigestFinal( m_context, (unsigned char*)a.data(), 0 );
+ 
+ 		// calculate T_2 up to T_c
+ 		for ( unsigned int i = 2; i <= iterationCount; ++i ) {
+-			EVP_DigestInit( &m_context, m_algorithm );
+-			EVP_DigestUpdate( &m_context, (unsigned char*)a.data(), a.size() );
+-			EVP_DigestFinal( &m_context, (unsigned char*)a.data(), 0 );
++			EVP_DigestInit( m_context, m_algorithm );
++			EVP_DigestUpdate( m_context, (unsigned char*)a.data(), a.size() );
++			EVP_DigestFinal( m_context, (unsigned char*)a.data(), 0 );
+ 		}
+ 
+ 		// shrink a to become DK, of the required length
+@@ -1136,19 +1248,19 @@ public:
+ 		  DK = Tc<0..dkLen-1>
+ 		*/
+ 		// calculate T_1
+-		EVP_DigestUpdate( &m_context, (unsigned char*)secret.data(), secret.size() );
+-		EVP_DigestUpdate( &m_context, (unsigned char*)salt.data(), salt.size() );
++		EVP_DigestUpdate( m_context, (unsigned char*)secret.data(), secret.size() );
++		EVP_DigestUpdate( m_context, (unsigned char*)salt.data(), salt.size() );
+ 		SecureArray a( EVP_MD_size( m_algorithm ) );
+-		EVP_DigestFinal( &m_context, (unsigned char*)a.data(), 0 );
++		EVP_DigestFinal( m_context, (unsigned char*)a.data(), 0 );
+ 
+ 		// calculate T_2 up to T_c
+ 		*iterationCount = 2 - 1;	// <- Have to remove 1, unless it computes one
+ 		timer.start();				// ^  time more than the base function
+ 									// ^  with the same iterationCount
+ 		while (timer.elapsed() < msecInterval) {
+-			EVP_DigestInit( &m_context, m_algorithm );
+-			EVP_DigestUpdate( &m_context, (unsigned char*)a.data(), a.size() );
+-			EVP_DigestFinal( &m_context, (unsigned char*)a.data(), 0 );
++			EVP_DigestInit( m_context, m_algorithm );
++			EVP_DigestUpdate( m_context, (unsigned char*)a.data(), a.size() );
++			EVP_DigestFinal( m_context, (unsigned char*)a.data(), 0 );
+ 			++(*iterationCount);
+ 		}
+ 
+@@ -1163,7 +1275,7 @@ public:
+ 
+ protected:
+ 	const EVP_MD *m_algorithm;
+-	EVP_MD_CTX m_context;
++	EVP_MD_CTX *m_context;
+ };
+ 
+ class opensslPbkdf2Context : public KDFContext
+@@ -1231,12 +1343,28 @@ public:
+ 	opensslHMACContext(const EVP_MD *algorithm, Provider *p, const QString &type) : MACContext(p, type)
+ 	{
+ 		m_algorithm = algorithm;
+-		HMAC_CTX_init( &m_context );
++		m_context = HMAC_CTX_new();
++#ifndef OSSL_110
++		HMAC_CTX_init( m_context );
++#endif
++	}
++
++	opensslHMACContext(const opensslHMACContext &other)
++	    : MACContext(other)
++	{
++		m_algorithm = other.m_algorithm;
++		m_context = HMAC_CTX_new();
++		HMAC_CTX_copy(m_context, other.m_context);
++	}
++
++	~opensslHMACContext()
++	{
++		HMAC_CTX_free(m_context);
+ 	}
+ 
+ 	void setup(const SymmetricKey &key)
+ 	{
+-		HMAC_Init_ex( &m_context, key.data(), key.size(), m_algorithm, 0 );
++		HMAC_Init_ex( m_context, key.data(), key.size(), m_algorithm, 0 );
+ 	}
+ 
+ 	KeyLength keyLength() const
+@@ -1246,14 +1374,18 @@ public:
+ 
+ 	void update(const MemoryRegion &a)
+ 	{
+-		HMAC_Update( &m_context, (unsigned char *)a.data(), a.size() );
++		HMAC_Update( m_context, (unsigned char *)a.data(), a.size() );
+ 	}
+ 
+ 	void final(MemoryRegion *out)
+ 	{
+ 		SecureArray sa( EVP_MD_size( m_algorithm ), 0 );
+-		HMAC_Final(&m_context, (unsigned char *)sa.data(), 0 );
+-		HMAC_CTX_cleanup(&m_context);
++		HMAC_Final(m_context, (unsigned char *)sa.data(), 0 );
++#ifdef OSSL_110
++		HMAC_CTX_reset(m_context);
++#else
++		HMAC_CTX_cleanup(m_context);
++#endif
+ 		*out = sa;
+ 	}
+ 
+@@ -1263,7 +1395,7 @@ public:
+ 	}
+ 
+ protected:
+-	HMAC_CTX m_context;
++	HMAC_CTX *m_context;
+ 	const EVP_MD *m_algorithm;
+ };
+ 
+@@ -1277,7 +1409,7 @@ class EVPKey
+ public:
+ 	enum State { Idle, SignActive, SignError, VerifyActive, VerifyError };
+ 	EVP_PKEY *pkey;
+-	EVP_MD_CTX mdctx;
++	EVP_MD_CTX *mdctx;
+ 	State state;
+ 	bool raw_type;
+ 	SecureArray raw;
+@@ -1287,19 +1419,23 @@ public:
+ 		pkey = 0;
+ 		raw_type = false;
+ 		state = Idle;
++		mdctx = EVP_MD_CTX_new();
+ 	}
+ 
+ 	EVPKey(const EVPKey &from)
+ 	{
+ 		pkey = from.pkey;
+-		CRYPTO_add(&pkey->references, 1, CRYPTO_LOCK_EVP_PKEY);
++		EVP_PKEY_up_ref(pkey);
+ 		raw_type = false;
+ 		state = Idle;
++		mdctx = EVP_MD_CTX_new();
++		EVP_MD_CTX_copy(mdctx, from.mdctx);
+ 	}
+ 
+ 	~EVPKey()
+ 	{
+ 		reset();
++		EVP_MD_CTX_free(mdctx);
+ 	}
+ 
+ 	void reset()
+@@ -1322,8 +1458,8 @@ public:
+ 		else
+ 		{
+ 			raw_type = false;
+-			EVP_MD_CTX_init(&mdctx);
+-			if(!EVP_SignInit_ex(&mdctx, type, NULL))
++			EVP_MD_CTX_init(mdctx);
++			if(!EVP_SignInit_ex(mdctx, type, NULL))
+ 				state = SignError;
+ 		}
+ 	}
+@@ -1339,8 +1475,8 @@ public:
+ 		else
+ 		{
+ 			raw_type = false;
+-			EVP_MD_CTX_init(&mdctx);
+-			if(!EVP_VerifyInit_ex(&mdctx, type, NULL))
++			EVP_MD_CTX_init(mdctx);
++			if(!EVP_VerifyInit_ex(mdctx, type, NULL))
+ 				state = VerifyError;
+ 		}
+ 	}
+@@ -1352,7 +1488,7 @@ public:
+ 			if (raw_type)
+ 				raw += in;
+ 			else
+-				if(!EVP_SignUpdate(&mdctx, in.data(), (unsigned int)in.size()))
++				if(!EVP_SignUpdate(mdctx, in.data(), (unsigned int)in.size()))
+ 					state = SignError;
+ 		}
+ 		else if(state == VerifyActive)
+@@ -1360,7 +1496,7 @@ public:
+ 			if (raw_type)
+ 				raw += in;
+ 			else
+-				if(!EVP_VerifyUpdate(&mdctx, in.data(), (unsigned int)in.size()))
++				if(!EVP_VerifyUpdate(mdctx, in.data(), (unsigned int)in.size()))
+ 					state = VerifyError;
+ 		}
+ 	}
+@@ -1373,17 +1509,24 @@ public:
+ 			unsigned int len = out.size();
+ 			if (raw_type)
+ 			{
+-				if (pkey->type == EVP_PKEY_RSA)
++				int type;
++#ifdef OSSL_110
++				type = EVP_PKEY_id(pkey);
++#else
++				type = pkey->type;
++#endif
++				if (type == EVP_PKEY_RSA)
+ 				{
++					RSA *rsa = EVP_PKEY_get0_RSA(pkey);
+ 					if(RSA_private_encrypt (raw.size(), (unsigned char *)raw.data(),
+-											(unsigned char *)out.data(), pkey->pkey.rsa,
++					                        (unsigned char *)out.data(), rsa,
+ 											RSA_PKCS1_PADDING) == -1) {
+ 
+ 						state = SignError;
+ 						return SecureArray ();
+ 					}
+ 				}
+-				else if (pkey->type == EVP_PKEY_DSA)
++				else if (type == EVP_PKEY_DSA)
+ 				{
+ 					state = SignError;
+ 					return SecureArray ();
+@@ -1395,7 +1538,7 @@ public:
+ 				}
+ 			}
+ 			else {
+-				if(!EVP_SignFinal(&mdctx, (unsigned char *)out.data(), &len, pkey))
++				if(!EVP_SignFinal(mdctx, (unsigned char *)out.data(), &len, pkey))
+ 				{
+ 					state = SignError;
+ 					return SecureArray();
+@@ -1418,16 +1561,24 @@ public:
+ 				SecureArray out(EVP_PKEY_size(pkey));
+ 				int len = 0;
+ 
+-				if (pkey->type == EVP_PKEY_RSA) {
++				int type;
++#ifdef OSSL_110
++				type = EVP_PKEY_type(EVP_PKEY_id(pkey));
++#else
++				type = pkey->type;
++#endif
++
++				if (type == EVP_PKEY_RSA) {
++					RSA *rsa = EVP_PKEY_get0_RSA(pkey);
+ 					if((len = RSA_public_decrypt (sig.size(), (unsigned char *)sig.data(),
+-												  (unsigned char *)out.data (), pkey->pkey.rsa,
++					                                (unsigned char *)out.data (), rsa,
+ 												  RSA_PKCS1_PADDING)) == -1) {
+ 
+ 						state = VerifyError;
+ 						return false;
+ 					}
+ 				}
+-				else if (pkey->type == EVP_PKEY_DSA)
++				else if (type == EVP_PKEY_DSA)
+ 				{
+ 					state = VerifyError;
+ 					return false;
+@@ -1447,7 +1598,7 @@ public:
+ 			}
+ 			else
+ 			{
+-				if(EVP_VerifyFinal(&mdctx, (unsigned char *)sig.data(), (unsigned int)sig.size(), pkey) != 1)
++				if(EVP_VerifyFinal(mdctx, (unsigned char *)sig.data(), (unsigned int)sig.size(), pkey) != 1)
+ 				{
+ 					state = VerifyError;
+ 					return false;
+@@ -1561,9 +1712,11 @@ static bool make_dlgroup(const QByteArray &seed, int bits, int counter, DLParams
+ 		return false;
+ 	if(ret_counter != counter)
+ 		return false;
+-	params->p = bn2bi(dsa->p);
+-	params->q = bn2bi(dsa->q);
+-	params->g = bn2bi(dsa->g);
++	const BIGNUM *bnp, *bnq, *bng;
++	DSA_get0_pqg(dsa, &bnp, &bnq, &bng);
++	params->p = bn2bi(bnp);
++	params->q = bn2bi(bnq);
++	params->g = bn2bi(bng);
+ 	DSA_free(dsa);
+ 	return true;
+ }
+@@ -1826,10 +1979,11 @@ public:
+ 			return;
+ 
+ 		// extract the public key into DER format
+-		int len = i2d_RSAPublicKey(evp.pkey->pkey.rsa, NULL);
++		RSA *rsa_pkey = EVP_PKEY_get0_RSA(evp.pkey);
++		int len = i2d_RSAPublicKey(rsa_pkey, NULL);
+ 		SecureArray result(len);
+ 		unsigned char *p = (unsigned char *)result.data();
+-		i2d_RSAPublicKey(evp.pkey->pkey.rsa, &p);
++		i2d_RSAPublicKey(rsa_pkey, &p);
+ 		p = (unsigned char *)result.data();
+ 
+ 		// put the DER public key back into openssl
+@@ -1852,7 +2006,7 @@ public:
+ 
+ 	virtual int maximumEncryptSize(EncryptionAlgorithm alg) const
+ 	{
+-		RSA *rsa = evp.pkey->pkey.rsa;
++		RSA *rsa = EVP_PKEY_get0_RSA(evp.pkey);
+ 		int size = 0;
+ 		switch(alg)
+ 		{
+@@ -1867,7 +2021,7 @@ public:
+ 
+ 	virtual SecureArray encrypt(const SecureArray &in, EncryptionAlgorithm alg)
+ 	{
+-		RSA *rsa = evp.pkey->pkey.rsa;
++		RSA *rsa = EVP_PKEY_get0_RSA(evp.pkey);
+ 		SecureArray buf = in;
+ 		int max = maximumEncryptSize(alg);
+ 
+@@ -1900,7 +2054,7 @@ public:
+ 
+ 	virtual bool decrypt(const SecureArray &in, SecureArray *out, EncryptionAlgorithm alg)
+ 	{
+-		RSA *rsa = evp.pkey->pkey.rsa;
++		RSA *rsa = EVP_PKEY_get0_RSA(evp.pkey);
+ 		SecureArray result(RSA_size(rsa));
+ 		int pad;
+ 
+@@ -2021,14 +2175,10 @@ public:
+ 		evp.reset();
+ 
+ 		RSA *rsa = RSA_new();
+-		rsa->n = bi2bn(n);
+-		rsa->e = bi2bn(e);
+-		rsa->p = bi2bn(p);
+-		rsa->q = bi2bn(q);
+-		rsa->d = bi2bn(d);
+-
+-		if(!rsa->n || !rsa->e || !rsa->p || !rsa->q || !rsa->d)
++		if(RSA_set0_key(rsa, bi2bn(n), bi2bn(e), bi2bn(d)) == 0
++		    || RSA_set0_factors(rsa, bi2bn(p), bi2bn(q)) == 0)
+ 		{
++			// Free BIGNUMS?
+ 			RSA_free(rsa);
+ 			return;
+ 		}
+@@ -2036,7 +2186,7 @@ public:
+ 		// When private key has no Public Exponent (e) or Private Exponent (d)
+ 		// need to disable blinding. Otherwise decryption will be broken.
+ 		// http://www.mail-archive.com/openssl-users@openssl.org/msg63530.html
+-		if(BN_is_zero(rsa->e) || BN_is_zero(rsa->d))
++		if(e == BigInteger(0) || d == BigInteger(0))
+ 			RSA_blinding_off(rsa);
+ 
+ 		evp.pkey = EVP_PKEY_new();
+@@ -2049,10 +2199,7 @@ public:
+ 		evp.reset();
+ 
+ 		RSA *rsa = RSA_new();
+-		rsa->n = bi2bn(n);
+-		rsa->e = bi2bn(e);
+-
+-		if(!rsa->n || !rsa->e)
++		if(RSA_set0_key(rsa, bi2bn(n), bi2bn(e), NULL) == 0)
+ 		{
+ 			RSA_free(rsa);
+ 			return;
+@@ -2065,27 +2212,42 @@ public:
+ 
+ 	virtual BigInteger n() const
+ 	{
+-		return bn2bi(evp.pkey->pkey.rsa->n);
++		RSA *rsa = EVP_PKEY_get0_RSA(evp.pkey);
++		const BIGNUM *bnn;
++		RSA_get0_key(rsa, &bnn, NULL, NULL);
++		return bn2bi(bnn);
+ 	}
+ 
+ 	virtual BigInteger e() const
+ 	{
+-		return bn2bi(evp.pkey->pkey.rsa->e);
++		RSA *rsa = EVP_PKEY_get0_RSA(evp.pkey);
++		const BIGNUM *bne;
++		RSA_get0_key(rsa, NULL, &bne, NULL);
++		return bn2bi(bne);
+ 	}
+ 
+ 	virtual BigInteger p() const
+ 	{
+-		return bn2bi(evp.pkey->pkey.rsa->p);
++		RSA *rsa = EVP_PKEY_get0_RSA(evp.pkey);
++		const BIGNUM *bnp;
++		RSA_get0_factors(rsa, &bnp, NULL);
++		return bn2bi(bnp);
+ 	}
+ 
+ 	virtual BigInteger q() const
+ 	{
+-		return bn2bi(evp.pkey->pkey.rsa->q);
++		RSA *rsa = EVP_PKEY_get0_RSA(evp.pkey);
++		const BIGNUM *bnq;
++		RSA_get0_factors(rsa, NULL, &bnq);
++		return bn2bi(bnq);
+ 	}
+ 
+ 	virtual BigInteger d() const
+ 	{
+-		return bn2bi(evp.pkey->pkey.rsa->d);
++		RSA *rsa = EVP_PKEY_get0_RSA(evp.pkey);
++		const BIGNUM *bnd;
++		RSA_get0_key(rsa, NULL, NULL, &bnd);
++		return bn2bi(bnd);
+ 	}
+ 
+ private slots:
+@@ -2134,10 +2296,12 @@ public:
+ 	virtual void run()
+ 	{
+ 		DSA *dsa = DSA_new();
+-		dsa->p = bi2bn(domain.p());
+-		dsa->q = bi2bn(domain.q());
+-		dsa->g = bi2bn(domain.g());
+-		if(!DSA_generate_key(dsa))
++		BIGNUM *pne = bi2bn(domain.p()),
++		*qne = bi2bn(domain.q()),
++		*gne = bi2bn(domain.g());
++
++		if(!DSA_set0_pqg(dsa, pne, qne, gne)
++		    || !DSA_generate_key(dsa))
+ 		{
+ 			DSA_free(dsa);
+ 			return;
+@@ -2212,10 +2376,11 @@ public:
+ 			return;
+ 
+ 		// extract the public key into DER format
+-		int len = i2d_DSAPublicKey(evp.pkey->pkey.dsa, NULL);
++		DSA *dsa_pkey = EVP_PKEY_get0_DSA(evp.pkey);
++		int len = i2d_DSAPublicKey(dsa_pkey, NULL);
+ 		SecureArray result(len);
+ 		unsigned char *p = (unsigned char *)result.data();
+-		i2d_DSAPublicKey(evp.pkey->pkey.dsa, &p);
++		i2d_DSAPublicKey(dsa_pkey, &p);
+ 		p = (unsigned char *)result.data();
+ 
+ 		// put the DER public key back into openssl
+@@ -2244,7 +2409,7 @@ public:
+ 		else
+ 			transformsig = false;
+ 
+-		evp.startSign(EVP_dss1());
++		evp.startSign(EVP_sha1());
+ 	}
+ 
+ 	virtual void startVerify(SignatureAlgorithm, SignatureFormat format)
+@@ -2255,7 +2420,7 @@ public:
+ 		else
+ 			transformsig = false;
+ 
+-		evp.startVerify(EVP_dss1());
++		evp.startVerify(EVP_sha1());
+ 	}
+ 
+ 	virtual void update(const MemoryRegion &in)
+@@ -2305,13 +2470,14 @@ public:
+ 		evp.reset();
+ 
+ 		DSA *dsa = DSA_new();
+-		dsa->p = bi2bn(domain.p());
+-		dsa->q = bi2bn(domain.q());
+-		dsa->g = bi2bn(domain.g());
+-		dsa->pub_key = bi2bn(y);
+-		dsa->priv_key = bi2bn(x);
++		BIGNUM *bnp = bi2bn(domain.p());
++		BIGNUM *bnq = bi2bn(domain.q());
++		BIGNUM *bng = bi2bn(domain.g());
++		BIGNUM *bnpub_key = bi2bn(y);
++		BIGNUM *bnpriv_key = bi2bn(x);
+ 
+-		if(!dsa->p || !dsa->q || !dsa->g || !dsa->pub_key || !dsa->priv_key)
++		if(!DSA_set0_pqg(dsa, bnp, bnq, bng)
++		    || !DSA_set0_key(dsa, bnpub_key, bnpriv_key))
+ 		{
+ 			DSA_free(dsa);
+ 			return;
+@@ -2327,12 +2493,13 @@ public:
+ 		evp.reset();
+ 
+ 		DSA *dsa = DSA_new();
+-		dsa->p = bi2bn(domain.p());
+-		dsa->q = bi2bn(domain.q());
+-		dsa->g = bi2bn(domain.g());
+-		dsa->pub_key = bi2bn(y);
++		BIGNUM *bnp = bi2bn(domain.p());
++		BIGNUM *bnq = bi2bn(domain.q());
++		BIGNUM *bng = bi2bn(domain.g());
++		BIGNUM *bnpub_key = bi2bn(y);
+ 
+-		if(!dsa->p || !dsa->q || !dsa->g || !dsa->pub_key)
++		if(!DSA_set0_pqg(dsa, bnp, bnq, bng)
++		    || !DSA_set0_key(dsa, bnpub_key, NULL))
+ 		{
+ 			DSA_free(dsa);
+ 			return;
+@@ -2345,17 +2512,26 @@ public:
+ 
+ 	virtual DLGroup domain() const
+ 	{
+-		return DLGroup(bn2bi(evp.pkey->pkey.dsa->p), bn2bi(evp.pkey->pkey.dsa->q), bn2bi(evp.pkey->pkey.dsa->g));
++		DSA *dsa = EVP_PKEY_get0_DSA(evp.pkey);
++		const BIGNUM *bnp, *bnq, *bng;
++		DSA_get0_pqg(dsa, &bnp, &bnq, &bng);
++		return DLGroup(bn2bi(bnp), bn2bi(bnq), bn2bi(bng));
+ 	}
+ 
+ 	virtual BigInteger y() const
+ 	{
+-		return bn2bi(evp.pkey->pkey.dsa->pub_key);
++		DSA *dsa = EVP_PKEY_get0_DSA(evp.pkey);
++		const BIGNUM *bnpub_key;
++		DSA_get0_key(dsa, &bnpub_key, NULL);
++		return bn2bi(bnpub_key);
+ 	}
+ 
+ 	virtual BigInteger x() const
+ 	{
+-		return bn2bi(evp.pkey->pkey.dsa->priv_key);
++		DSA *dsa = EVP_PKEY_get0_DSA(evp.pkey);
++		const BIGNUM *bnpriv_key;
++		DSA_get0_key(dsa, NULL, &bnpriv_key);
++		return bn2bi(bnpriv_key);
+ 	}
+ 
+ private slots:
+@@ -2404,9 +2580,10 @@ public:
+ 	virtual void run()
+ 	{
+ 		DH *dh = DH_new();
+-		dh->p = bi2bn(domain.p());
+-		dh->g = bi2bn(domain.g());
+-		if(!DH_generate_key(dh))
++		BIGNUM *bnp = bi2bn(domain.p());
++		BIGNUM *bng = bi2bn(domain.g());
++		if(!DH_set0_pqg(dh, bnp, NULL, bng)
++		        || !DH_generate_key(dh))
+ 		{
+ 			DH_free(dh);
+ 			return;
+@@ -2478,11 +2655,14 @@ public:
+ 		if(!sec)
+ 			return;
+ 
+-		DH *orig = evp.pkey->pkey.dh;
++		DH *orig = EVP_PKEY_get0_DH(evp.pkey);
+ 		DH *dh = DH_new();
+-		dh->p = BN_dup(orig->p);
+-		dh->g = BN_dup(orig->g);
+-		dh->pub_key = BN_dup(orig->pub_key);
++		const BIGNUM *bnp, *bng, *bnpub_key;
++		DH_get0_pqg(orig, &bnp, NULL, &bng);
++		DH_get0_key(orig, &bnpub_key, NULL);
++
++		DH_set0_key(dh, BN_dup(bnpub_key), NULL);
++		DH_set0_pqg(dh, BN_dup(bnp), NULL, BN_dup(bng));
+ 
+ 		evp.reset();
+ 
+@@ -2498,10 +2678,13 @@ public:
+ 
+ 	virtual SymmetricKey deriveKey(const PKeyBase &theirs)
+ 	{
+-		DH *dh = evp.pkey->pkey.dh;
+-		DH *them = static_cast<const DHKey *>(&theirs)->evp.pkey->pkey.dh;
++		DH *dh = EVP_PKEY_get0_DH(evp.pkey);
++		DH *them = EVP_PKEY_get0_DH(static_cast<const DHKey *>(&theirs)->evp.pkey);
++		const BIGNUM *bnpub_key;
++		DH_get0_key(them, &bnpub_key, NULL);
++
+ 		SecureArray result(DH_size(dh));
+-		int ret = DH_compute_key((unsigned char *)result.data(), them->pub_key, dh);
++		int ret = DH_compute_key((unsigned char *)result.data(), bnpub_key, dh);
+ 		if(ret <= 0)
+ 			return SymmetricKey();
+ 		result.resize(ret);
+@@ -2531,12 +2714,13 @@ public:
+ 		evp.reset();
+ 
+ 		DH *dh = DH_new();
+-		dh->p = bi2bn(domain.p());
+-		dh->g = bi2bn(domain.g());
+-		dh->pub_key = bi2bn(y);
+-		dh->priv_key = bi2bn(x);
++		BIGNUM *bnp = bi2bn(domain.p());
++		BIGNUM *bng = bi2bn(domain.g());
++		BIGNUM *bnpub_key = bi2bn(y);
++		BIGNUM *bnpriv_key = bi2bn(x);
+ 
+-		if(!dh->p || !dh->g || !dh->pub_key || !dh->priv_key)
++		if(!DH_set0_key(dh, bnpub_key, bnpriv_key)
++		    || !DH_set0_pqg(dh, bnp, NULL, bng))
+ 		{
+ 			DH_free(dh);
+ 			return;
+@@ -2552,11 +2736,12 @@ public:
+ 		evp.reset();
+ 
+ 		DH *dh = DH_new();
+-		dh->p = bi2bn(domain.p());
+-		dh->g = bi2bn(domain.g());
+-		dh->pub_key = bi2bn(y);
++		BIGNUM *bnp = bi2bn(domain.p());
++		BIGNUM *bng = bi2bn(domain.g());
++		BIGNUM *bnpub_key = bi2bn(y);
+ 
+-		if(!dh->p || !dh->g || !dh->pub_key)
++        if(!DH_set0_key(dh, bnpub_key, NULL)
++                || !DH_set0_pqg(dh, bnp, NULL, bng))
+ 		{
+ 			DH_free(dh);
+ 			return;
+@@ -2569,17 +2754,26 @@ public:
+ 
+ 	virtual DLGroup domain() const
+ 	{
+-		return DLGroup(bn2bi(evp.pkey->pkey.dh->p), bn2bi(evp.pkey->pkey.dh->g));
++		DH *dh = EVP_PKEY_get0_DH(evp.pkey);
++		const BIGNUM *bnp, *bng;
++		DH_get0_pqg(dh, &bnp, NULL, &bng);
++		return DLGroup(bn2bi(bnp), bn2bi(bng));
+ 	}
+ 
+ 	virtual BigInteger y() const
+ 	{
+-		return bn2bi(evp.pkey->pkey.dh->pub_key);
++		DH *dh = EVP_PKEY_get0_DH(evp.pkey);
++		const BIGNUM *bnpub_key;
++		DH_get0_key(dh, &bnpub_key, NULL);
++		return bn2bi(bnpub_key);
+ 	}
+ 
+ 	virtual BigInteger x() const
+ 	{
+-		return bn2bi(evp.pkey->pkey.dh->priv_key);
++		DH *dh = EVP_PKEY_get0_DH(evp.pkey);
++		const BIGNUM *bnpriv_key;
++		DH_get0_key(dh, NULL, &bnpriv_key);
++		return bn2bi(bnpriv_key);
+ 	}
+ 
+ private slots:
+@@ -2618,10 +2812,14 @@ public:
+ 	{
+ 		key = _key;
+ 		RSA_set_method(rsa, rsa_method());
++#ifndef OSSL_110
+ 		rsa->flags |= RSA_FLAG_SIGN_VER;
++#endif
+ 		RSA_set_app_data(rsa, this);
+-		rsa->n = bi2bn(_key.n());
+-		rsa->e = bi2bn(_key.e());
++		BIGNUM *bnn = bi2bn(_key.n());
++		BIGNUM *bne = bi2bn(_key.e());
++
++		RSA_set0_key(rsa, bnn, bne, NULL);
+ 	}
+ 
+ 	RSA_METHOD *rsa_method()
+@@ -2630,12 +2828,16 @@ public:
+ 
+ 		if(!ops)
+ 		{
+-			ops = new RSA_METHOD(*RSA_get_default_method());
+-			ops->rsa_priv_enc = 0;//pkcs11_rsa_encrypt;
+-			ops->rsa_priv_dec = rsa_priv_dec;
+-			ops->rsa_sign = rsa_sign;
+-			ops->rsa_verify = 0;//pkcs11_rsa_verify;
+-			ops->finish = rsa_finish;
++			ops = RSA_meth_dup(RSA_get_default_method());
++			RSA_meth_set_priv_enc(ops, NULL); //pkcs11_rsa_encrypt
++			RSA_meth_set_priv_dec(ops, rsa_priv_dec); //pkcs11_rsa_encrypt
++#ifdef OSSL_110
++			RSA_meth_set_sign(ops, NULL);
++#else
++			RSA_meth_set_sign(ops, rsa_sign);
++#endif
++			RSA_meth_set_verify(ops, NULL); //pkcs11_rsa_verify
++			RSA_meth_set_finish(ops, rsa_finish);
+ 		}
+ 		return ops;
+ 	}
+@@ -2654,7 +2856,7 @@ public:
+ 		}
+ 		else
+ 		{
+-			RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT, RSA_R_UNKNOWN_PADDING_TYPE);
++			RSAerr(RSA_F_RSA_OSSL_PRIVATE_DECRYPT, RSA_R_UNKNOWN_PADDING_TYPE);
+ 			return -1;
+ 		}
+ 
+@@ -2675,6 +2877,7 @@ public:
+ 		return -1;
+ 	}
+ 
++#ifndef OSSL_110
+ 	static int rsa_sign(int type, const unsigned char *m, unsigned int m_len, unsigned char *sigret, unsigned int *siglen, const RSA *rsa)
+ 	{
+ 		QCA_RSA_METHOD *self = (QCA_RSA_METHOD *)RSA_get_app_data(rsa);
+@@ -2691,7 +2894,6 @@ public:
+ 		}
+ 		else
+ 		{
+-
+ 			// make X509 packet
+ 			X509_SIG sig;
+ 			ASN1_TYPE parameter;
+@@ -2765,6 +2967,7 @@ public:
+ 
+ 		return 1;
+ 	}
++#endif
+ 
+ 	static int rsa_finish(RSA *rsa)
+ 	{
+@@ -2866,21 +3069,22 @@ public:
+ 	PKeyBase *pkeyToBase(EVP_PKEY *pkey, bool sec) const
+ 	{
+ 		PKeyBase *nk = 0;
+-		if(pkey->type == EVP_PKEY_RSA)
++		int pkey_type = EVP_PKEY_type(EVP_PKEY_id(pkey));
++		if(pkey_type == EVP_PKEY_RSA)
+ 		{
+ 			RSAKey *c = new RSAKey(provider());
+ 			c->evp.pkey = pkey;
+ 			c->sec = sec;
+ 			nk = c;
+ 		}
+-		else if(pkey->type == EVP_PKEY_DSA)
++		else if(pkey_type == EVP_PKEY_DSA)
+ 		{
+ 			DSAKey *c = new DSAKey(provider());
+ 			c->evp.pkey = pkey;
+ 			c->sec = sec;
+ 			nk = c;
+ 		}
+-		else if(pkey->type == EVP_PKEY_DH)
++		else if(pkey_type == EVP_PKEY_DH)
+ 		{
+ 			DHKey *c = new DHKey(provider());
+ 			c->evp.pkey = pkey;
+@@ -2898,8 +3102,10 @@ public:
+ 	{
+ 		EVP_PKEY *pkey = get_pkey();
+ 
++		int pkey_type = EVP_PKEY_type(EVP_PKEY_id(pkey));
++
+ 		// OpenSSL does not have DH import/export support
+-		if(pkey->type == EVP_PKEY_DH)
++		if(pkey_type == EVP_PKEY_DH)
+ 			return QByteArray();
+ 
+ 		BIO *bo = BIO_new(BIO_s_mem());
+@@ -2912,8 +3118,10 @@ public:
+ 	{
+ 		EVP_PKEY *pkey = get_pkey();
+ 
++		int pkey_type = EVP_PKEY_type(EVP_PKEY_id(pkey));
++
+ 		// OpenSSL does not have DH import/export support
+-		if(pkey->type == EVP_PKEY_DH)
++		if(pkey_type == EVP_PKEY_DH)
+ 			return QString();
+ 
+ 		BIO *bo = BIO_new(BIO_s_mem());
+@@ -2978,9 +3186,10 @@ public:
+ 			return SecureArray();
+ 
+ 		EVP_PKEY *pkey = get_pkey();
++		int pkey_type = EVP_PKEY_type(EVP_PKEY_id(pkey));
+ 
+ 		// OpenSSL does not have DH import/export support
+-		if(pkey->type == EVP_PKEY_DH)
++		if(pkey_type == EVP_PKEY_DH)
+ 			return SecureArray();
+ 
+ 		BIO *bo = BIO_new(BIO_s_mem());
+@@ -3007,9 +3216,10 @@ public:
+ 			return QString();
+ 
+ 		EVP_PKEY *pkey = get_pkey();
++		int pkey_type = EVP_PKEY_type(EVP_PKEY_id(pkey));
+ 
+ 		// OpenSSL does not have DH import/export support
+-		if(pkey->type == EVP_PKEY_DH)
++		if(pkey_type == EVP_PKEY_DH)
+ 			return QString();
+ 
+ 		BIO *bo = BIO_new(BIO_s_mem());
+@@ -3110,11 +3320,18 @@ public:
+ 			crl = from.crl;
+ 
+ 			if(cert)
+-				CRYPTO_add(&cert->references, 1, CRYPTO_LOCK_X509);
++				X509_up_ref(cert);
+ 			if(req)
++			{
++#ifdef OSSL_110
++				// Not exposed, so copy
++				req = X509_REQ_dup(req);
++#else
+ 				CRYPTO_add(&req->references, 1, CRYPTO_LOCK_X509_REQ);
++#endif
++			}
+ 			if(crl)
+-				CRYPTO_add(&crl->references, 1, CRYPTO_LOCK_X509_CRL);
++				X509_CRL_up_ref(crl);
+ 		}
+ 
+ 		return *this;
+@@ -3220,7 +3437,7 @@ public:
+ //
+ // This code is mostly taken from OpenSSL v0.9.5a
+ // by Eric Young
+-QDateTime ASN1_UTCTIME_QDateTime(ASN1_UTCTIME *tm, int *isGmt)
++QDateTime ASN1_UTCTIME_QDateTime(const ASN1_UTCTIME *tm, int *isGmt)
+ {
+ 	QDateTime qdt;
+ 	char *v;
+@@ -3318,7 +3535,7 @@ public:
+ 
+ 	void fromX509(X509 *x)
+ 	{
+-		CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
++		X509_up_ref(x);
+ 		item.cert = x;
+ 		make_props();
+ 	}
+@@ -3349,7 +3566,7 @@ public:
+ 		if(priv.key()->type() == PKey::RSA)
+ 			md = EVP_sha1();
+ 		else if(priv.key()->type() == PKey::DSA)
+-			md = EVP_dss1();
++			md = EVP_sha1();
+ 		else
+ 			return false;
+ 
+@@ -3480,7 +3697,7 @@ public:
+ 
+ 		const MyCertContext *our_cc = this;
+ 		X509 *x = our_cc->item.cert;
+-		CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
++		X509_up_ref(x);
+ 		sk_X509_push(untrusted_list, x);
+ 
+ 		const MyCertContext *other_cc = static_cast<const MyCertContext *>(other);
+@@ -3595,14 +3812,21 @@ public:
+ 				p.policies = get_cert_policies(ex);
+ 		}
+ 
+-		if (x->signature)
++#ifdef OSSL_110
++		const
++#endif
++		ASN1_BIT_STRING *signature;
++
++		X509_get0_signature(&signature, NULL, x);
++		if(signature)
+ 		{
+-			p.sig = QByteArray(x->signature->length, 0);
+-			for (int i=0; i< x->signature->length; i++)
+-				p.sig[i] = x->signature->data[i];
++			p.sig = QByteArray(signature->length, 0);
++			for (int i=0; i< signature->length; i++)
++				p.sig[i] = signature->data[i];
+ 		}
+ 
+-		switch( OBJ_obj2nid(x->cert_info->signature->algorithm) )
++
++		switch( X509_get_signature_nid(x) )
+ 		{
+ 		case NID_sha1WithRSAEncryption:
+ 			p.sigalgo = QCA::EMSA3_SHA1;
+@@ -3634,7 +3858,7 @@ public:
+ 			p.sigalgo = QCA::EMSA3_SHA512;
+ 			break;
+ 		default:
+-			qDebug() << "Unknown signature value: " << OBJ_obj2nid(x->cert_info->signature->algorithm);
++			qDebug() << "Unknown signature value: " << X509_get_signature_nid(x);
+ 			p.sigalgo = QCA::SignatureUnknown;
+ 		}
+ 
+@@ -3751,7 +3975,7 @@ public:
+ 		if(privateKey -> key()->type() == PKey::RSA)
+ 			md = EVP_sha1();
+ 		else if(privateKey -> key()->type() == PKey::DSA)
+-			md = EVP_dss1();
++			md = EVP_sha1();
+ 		else
+ 			return 0;
+ 
+@@ -3934,7 +4158,7 @@ public:
+ 		if(priv.key()->type() == PKey::RSA)
+ 			md = EVP_sha1();
+ 		else if(priv.key()->type() == PKey::DSA)
+-			md = EVP_dss1();
++			md = EVP_sha1();
+ 		else
+ 			return false;
+ 
+@@ -4095,14 +4319,17 @@ public:
+ 
+ 		sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);
+ 
+-		if (x->signature)
++		const ASN1_BIT_STRING *signature;
++
++		X509_REQ_get0_signature(x, &signature, NULL);
++		if(signature)
+ 		{
+-			p.sig = QByteArray(x->signature->length, 0);
+-			for (int i=0; i< x->signature->length; i++)
+-				p.sig[i] = x->signature->data[i];
++			p.sig = QByteArray(signature->length, 0);
++			for (int i=0; i< signature->length; i++)
++				p.sig[i] = signature->data[i];
+ 		}
+ 
+-		switch( OBJ_obj2nid(x->sig_alg->algorithm) )
++		switch( X509_REQ_get_signature_nid(x) )
+ 		{
+ 		case NID_sha1WithRSAEncryption:
+ 			p.sigalgo = QCA::EMSA3_SHA1;
+@@ -4122,7 +4349,7 @@ public:
+ 			p.sigalgo = QCA::EMSA1_SHA1;
+ 			break;
+ 		default:
+-			qDebug() << "Unknown signature value: " << OBJ_obj2nid(x->sig_alg->algorithm);
++			qDebug() << "Unknown signature value: " << X509_REQ_get_signature_nid(x);
+ 			p.sigalgo = QCA::SignatureUnknown;
+ 		}
+ 
+@@ -4186,7 +4413,7 @@ public:
+ 
+ 	void fromX509(X509_CRL *x)
+ 	{
+-		CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509_CRL);
++		X509_CRL_up_ref(x);
+ 		item.crl = x;
+ 		make_props();
+ 	}
+@@ -4238,8 +4465,8 @@ public:
+ 
+ 		for (int i = 0; i < sk_X509_REVOKED_num(revokeStack); ++i) {
+ 			X509_REVOKED *rev = sk_X509_REVOKED_value(revokeStack, i);
+-			BigInteger serial = bn2bi(ASN1_INTEGER_to_BN(rev->serialNumber, NULL));
+-			QDateTime time = ASN1_UTCTIME_QDateTime( rev->revocationDate, NULL);
++			BigInteger serial = bn2bi(ASN1_INTEGER_to_BN(X509_REVOKED_get0_serialNumber(rev), NULL));
++			QDateTime time = ASN1_UTCTIME_QDateTime( X509_REVOKED_get0_revocationDate(rev), NULL);
+ 			QCA::CRLEntry::Reason reason = QCA::CRLEntry::Unspecified;
+ 			int pos = X509_REVOKED_get_ext_by_NID(rev, NID_crl_reason, -1);
+ 			if (pos != -1) {
+@@ -4288,13 +4515,18 @@ public:
+ 			p.revoked.append(thisEntry);
+ 		}
+ 
+-		if (x->signature)
++		const ASN1_BIT_STRING *signature;
++
++		X509_CRL_get0_signature(x, &signature, NULL);
++		if(signature)
+ 		{
+-			p.sig = QByteArray(x->signature->length, 0);
+-			for (int i=0; i< x->signature->length; i++)
+-				p.sig[i] = x->signature->data[i];
++			p.sig = QByteArray(signature->length, 0);
++			for (int i=0; i< signature->length; i++)
++				p.sig[i] = signature->data[i];
+ 		}
+-		switch( OBJ_obj2nid(x->sig_alg->algorithm) )
++
++
++		switch( X509_CRL_get_signature_nid(x) )
+ 		{
+ 		case NID_sha1WithRSAEncryption:
+ 			p.sigalgo = QCA::EMSA3_SHA1;
+@@ -4326,7 +4558,7 @@ public:
+ 			p.sigalgo = QCA::EMSA3_SHA512;
+ 			break;
+ 		default:
+-			qWarning() << "Unknown signature value: " << OBJ_obj2nid(x->sig_alg->algorithm);
++			qWarning() << "Unknown signature value: " << X509_CRL_get_signature_nid(x);
+ 			p.sigalgo = QCA::SignatureUnknown;
+ 		}
+ 
+@@ -4487,21 +4719,21 @@ Validity MyCertContext::validate(const QList<CertContext*> &trusted, const QList
+ 	{
+ 		const MyCertContext *cc = static_cast<const MyCertContext *>(trusted[n]);
+ 		X509 *x = cc->item.cert;
+-		CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
++		X509_up_ref(x);
+ 		sk_X509_push(trusted_list, x);
+ 	}
+ 	for(n = 0; n < untrusted.count(); ++n)
+ 	{
+ 		const MyCertContext *cc = static_cast<const MyCertContext *>(untrusted[n]);
+ 		X509 *x = cc->item.cert;
+-		CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
++		X509_up_ref(x);
+ 		sk_X509_push(untrusted_list, x);
+ 	}
+ 	for(n = 0; n < crls.count(); ++n)
+ 	{
+ 		const MyCRLContext *cc = static_cast<const MyCRLContext *>(crls[n]);
+ 		X509_CRL *x = cc->item.crl;
+-		CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509_CRL);
++		X509_CRL_up_ref(x);
+ 		crl_list.append(x);
+ 	}
+ 
+@@ -4526,7 +4758,7 @@ Validity MyCertContext::validate(const QList<CertContext*> &trusted, const QList
+ 	int ret = X509_verify_cert(ctx);
+ 	int err = -1;
+ 	if(!ret)
+-		err = ctx->error;
++		err = X509_STORE_CTX_get_error(ctx);
+ 
+ 	// cleanup
+ 	X509_STORE_CTX_free(ctx);
+@@ -4560,21 +4792,21 @@ Validity MyCertContext::validate_chain(const QList<CertContext*> &chain, const Q
+ 	{
+ 		const MyCertContext *cc = static_cast<const MyCertContext *>(trusted[n]);
+ 		X509 *x = cc->item.cert;
+-		CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
++		X509_up_ref(x);
+ 		sk_X509_push(trusted_list, x);
+ 	}
+ 	for(n = 1; n < chain.count(); ++n)
+ 	{
+ 		const MyCertContext *cc = static_cast<const MyCertContext *>(chain[n]);
+ 		X509 *x = cc->item.cert;
+-		CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
++		X509_up_ref(x);
+ 		sk_X509_push(untrusted_list, x);
+ 	}
+ 	for(n = 0; n < crls.count(); ++n)
+ 	{
+ 		const MyCRLContext *cc = static_cast<const MyCRLContext *>(crls[n]);
+ 		X509_CRL *x = cc->item.crl;
+-		CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509_CRL);
++		X509_CRL_up_ref(x);
+ 		crl_list.append(x);
+ 	}
+ 
+@@ -4599,7 +4831,7 @@ Validity MyCertContext::validate_chain(const QList<CertContext*> &chain, const Q
+ 	int ret = X509_verify_cert(ctx);
+ 	int err = -1;
+ 	if(!ret)
+-		err = ctx->error;
++		err = X509_STORE_CTX_get_error(ctx);
+ 
+ 	// grab the chain, which may not be fully populated
+ 	STACK_OF(X509) *xchain = X509_STORE_CTX_get_chain(ctx);
+@@ -4663,7 +4895,7 @@ public:
+ 			for(int n = 1; n < chain.count(); ++n)
+ 			{
+ 				X509 *x = static_cast<const MyCertContext *>(chain[n])->item.cert;
+-				CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
++				X509_up_ref(x);
+ 				sk_X509_push(ca, x);
+ 			}
+ 		}
+@@ -5398,7 +5630,7 @@ public:
+ 		OpenSSL_add_ssl_algorithms();
+ 		SSL_CTX *ctx = 0;
+ 		switch (version) {
+-#ifndef OPENSSL_NO_SSL2
++#if !defined(OPENSSL_NO_SSL2) && !defined(OSSL_110)
+ 		case TLS::SSL_v2:
+ 			ctx = SSL_CTX_new(SSLv2_client_method());
+ 			break;
+@@ -5429,8 +5661,8 @@ public:
+ 		STACK_OF(SSL_CIPHER) *sk = SSL_get_ciphers(ssl);
+ 		QStringList cipherList;
+ 		for(int i = 0; i < sk_SSL_CIPHER_num(sk); ++i) {
+-			SSL_CIPHER *thisCipher = sk_SSL_CIPHER_value(sk, i);
+-			cipherList += cipherIDtoString(version, thisCipher->id);
++			const SSL_CIPHER *thisCipher = sk_SSL_CIPHER_value(sk, i);
++			cipherList += cipherIDtoString(version, SSL_CIPHER_get_id(thisCipher));
+ 		}
+ 
+ 		SSL_free(ssl);
+@@ -5807,13 +6039,15 @@ public:
+ 	{
+ 		SessionInfo sessInfo;
+ 
+-		sessInfo.isCompressed = (0 != SSL_SESSION_get_compress_id(ssl->session));
++		SSL_SESSION *session = SSL_get0_session(ssl);
++		sessInfo.isCompressed = (0 != SSL_SESSION_get_compress_id(session));
++		int ssl_version = SSL_version(ssl);
+ 
+-		if (ssl->version == TLS1_VERSION)
++		if (ssl_version == TLS1_VERSION)
+ 			sessInfo.version = TLS::TLS_v1;
+-		else if (ssl->version == SSL3_VERSION)
++		else if (ssl_version == SSL3_VERSION)
+ 			sessInfo.version = TLS::SSL_v3;
+-		else if (ssl->version == SSL2_VERSION)
++		else if (ssl_version == SSL2_VERSION)
+ 			sessInfo.version = TLS::SSL_v2;
+ 		else {
+ 			qDebug("unexpected version response");
+@@ -5821,7 +6055,7 @@ public:
+ 		}
+ 
+ 		sessInfo.cipherSuite = cipherIDtoString( sessInfo.version,
+-												 SSL_get_current_cipher(ssl)->id);
++		                                         SSL_CIPHER_get_id(SSL_get_current_cipher(ssl)));
+ 
+ 		sessInfo.cipherMaxBits = SSL_get_cipher_bits(ssl, &(sessInfo.cipherBits));
+ 
+@@ -6393,7 +6627,7 @@ public:
+ 			for(int n = 0; n < nonroots.count(); ++n)
+ 			{
+ 				X509 *x = static_cast<MyCertContext *>(nonroots[n].context())->item.cert;
+-				CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
++				X509_up_ref(x);
+ 				sk_X509_push(other_certs, x);
+ 			}
+ 
+@@ -6435,7 +6669,7 @@ public:
+ 
+ 			other_certs = sk_X509_new_null();
+ 			X509 *x = static_cast<MyCertContext *>(target.context())->item.cert;
+-			CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
++			X509_up_ref(x);
+ 			sk_X509_push(other_certs, x);
+ 
+ 			bi = BIO_new(BIO_s_mem());
+@@ -6498,7 +6732,7 @@ public:
+ 			for(int n = 0; n < untrusted_list.count(); ++n)
+ 			{
+ 				X509 *x = static_cast<MyCertContext *>(untrusted_list[n].context())->item.cert;
+-				CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
++				X509_up_ref(x);
+ 				sk_X509_push(other_certs, x);
+ 			}
+ 
+@@ -6749,14 +6983,27 @@ public:
+ 	opensslCipherContext(const EVP_CIPHER *algorithm, const int pad, Provider *p, const QString &type) : CipherContext(p, type)
+ 	{
+ 		m_cryptoAlgorithm = algorithm;
+-		EVP_CIPHER_CTX_init(&m_context);
++		m_context = EVP_CIPHER_CTX_new();
++		EVP_CIPHER_CTX_init(m_context);
+ 		m_pad = pad;
+ 		m_type = type;
+ 	}
+ 
++	opensslCipherContext(const opensslCipherContext &other)
++	    : CipherContext(other)
++	{
++		m_cryptoAlgorithm = other.m_cryptoAlgorithm;
++		m_context = EVP_CIPHER_CTX_new();
++		EVP_CIPHER_CTX_copy(m_context, other.m_context);
++		m_direction = other.m_direction;
++		m_pad = other.m_pad;
++		m_type = other.m_type;
++	}
++
+ 	~opensslCipherContext()
+ 	{
+-		EVP_CIPHER_CTX_cleanup(&m_context);
++		EVP_CIPHER_CTX_cleanup(m_context);
++		EVP_CIPHER_CTX_free(m_context);
+ 	}
+ 
+ 	void setup(Direction dir,
+@@ -6769,20 +7016,20 @@ public:
+ 			m_cryptoAlgorithm = EVP_des_ede();
+ 		}
+ 		if (Encode == m_direction) {
+-			EVP_EncryptInit_ex(&m_context, m_cryptoAlgorithm, 0, 0, 0);
+-			EVP_CIPHER_CTX_set_key_length(&m_context, key.size());
+-			EVP_EncryptInit_ex(&m_context, 0, 0,
++			EVP_EncryptInit_ex(m_context, m_cryptoAlgorithm, 0, 0, 0);
++			EVP_CIPHER_CTX_set_key_length(m_context, key.size());
++			EVP_EncryptInit_ex(m_context, 0, 0,
+ 							   (const unsigned char*)(key.data()),
+ 							   (const unsigned char*)(iv.data()));
+ 		} else {
+-			EVP_DecryptInit_ex(&m_context, m_cryptoAlgorithm, 0, 0, 0);
+-			EVP_CIPHER_CTX_set_key_length(&m_context, key.size());
+-			EVP_DecryptInit_ex(&m_context, 0, 0,
++			EVP_DecryptInit_ex(m_context, m_cryptoAlgorithm, 0, 0, 0);
++			EVP_CIPHER_CTX_set_key_length(m_context, key.size());
++			EVP_DecryptInit_ex(m_context, 0, 0,
+ 							   (const unsigned char*)(key.data()),
+ 							   (const unsigned char*)(iv.data()));
+ 		}
+ 
+-		EVP_CIPHER_CTX_set_padding(&m_context, m_pad);
++		EVP_CIPHER_CTX_set_padding(m_context, m_pad);
+ 	}
+ 
+ 	Provider::Context *clone() const
+@@ -6792,7 +7039,7 @@ public:
+ 
+ 	int blockSize() const
+ 	{
+-		return EVP_CIPHER_CTX_block_size(&m_context);
++		return EVP_CIPHER_CTX_block_size(m_context);
+ 	}
+ 
+ 	bool update(const SecureArray &in, SecureArray *out)
+@@ -6805,7 +7052,7 @@ public:
+ 		out->resize(in.size()+blockSize());
+ 		int resultLength;
+ 		if (Encode == m_direction) {
+-			if (0 == EVP_EncryptUpdate(&m_context,
++			if (0 == EVP_EncryptUpdate(m_context,
+ 									   (unsigned char*)out->data(),
+ 									   &resultLength,
+ 									   (unsigned char*)in.data(),
+@@ -6813,7 +7060,7 @@ public:
+ 				return false;
+ 			}
+ 		} else {
+-			if (0 == EVP_DecryptUpdate(&m_context,
++			if (0 == EVP_DecryptUpdate(m_context,
+ 									   (unsigned char*)out->data(),
+ 									   &resultLength,
+ 									   (unsigned char*)in.data(),
+@@ -6830,13 +7077,13 @@ public:
+ 		out->resize(blockSize());
+ 		int resultLength;
+ 		if (Encode == m_direction) {
+-			if (0 == EVP_EncryptFinal_ex(&m_context,
++			if (0 == EVP_EncryptFinal_ex(m_context,
+ 										 (unsigned char*)out->data(),
+ 										 &resultLength)) {
+ 				return false;
+ 			}
+ 		} else {
+-			if (0 == EVP_DecryptFinal_ex(&m_context,
++			if (0 == EVP_DecryptFinal_ex(m_context,
+ 										 (unsigned char*)out->data(),
+ 										 &resultLength)) {
+ 				return false;
+@@ -6871,7 +7118,7 @@ public:
+ 
+ 
+ protected:
+-	EVP_CIPHER_CTX m_context;
++	EVP_CIPHER_CTX *m_context;
+ 	const EVP_CIPHER *m_cryptoAlgorithm;
+ 	Direction m_direction;
+ 	int m_pad;
+diff --git a/unittest/tls/tlsunittest.cpp b/unittest/tls/tlsunittest.cpp
+index fb8fa10..5e88002 100644
+--- a/unittest/tls/tlsunittest.cpp
++++ b/unittest/tls/tlsunittest.cpp
+@@ -60,15 +60,16 @@ void TLSUnitTest::testCipherList()
+ 	QCA::TLS *tls = new QCA::TLS(QCA::TLS::Stream, 0, "qca-ossl");
+ 	QStringList cipherList = tls->supportedCipherSuites(QCA::TLS::TLS_v1);
+ 	QVERIFY( cipherList.contains("TLS_DHE_RSA_WITH_AES_256_CBC_SHA") );
+-	QVERIFY( cipherList.contains("TLS_DHE_DSS_WITH_AES_256_CBC_SHA") );
+ 	QVERIFY( cipherList.contains("TLS_RSA_WITH_AES_256_CBC_SHA") );
+-	QVERIFY( cipherList.contains("TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA") );
+-	QVERIFY( cipherList.contains("TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA") );
+-	QVERIFY( cipherList.contains("TLS_RSA_WITH_3DES_EDE_CBC_SHA") );
+ 	QVERIFY( cipherList.contains("TLS_DHE_RSA_WITH_AES_128_CBC_SHA") );
+-	QVERIFY( cipherList.contains("TLS_DHE_DSS_WITH_AES_128_CBC_SHA") );
+-	QVERIFY( cipherList.contains("TLS_RSA_WITH_AES_128_CBC_SHA") );
+-	QVERIFY( cipherList.contains("TLS_RSA_WITH_RC4_128_SHA") );
++
++	// openSUSE TW OpenSSL 1.1 does not have this
++	// QVERIFY( cipherList.contains("TLS_DHE_DSS_WITH_AES_256_CBC_SHA") );
++	// QVERIFY( cipherList.contains("TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA") );
++	// QVERIFY( cipherList.contains("TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA") );
++	// QVERIFY( cipherList.contains("TLS_RSA_WITH_3DES_EDE_CBC_SHA") );
++	// QVERIFY( cipherList.contains("TLS_RSA_WITH_AES_128_CBC_SHA") );
++	// QVERIFY( cipherList.contains("TLS_DHE_DSS_WITH_AES_128_CBC_SHA") );
+ 
+ 	// Fedora 22 has no TLS_RSA_WITH_RC4_128_MD5
+ 	// QVERIFY( cipherList.contains("TLS_RSA_WITH_RC4_128_MD5") );
+@@ -87,17 +88,17 @@ void TLSUnitTest::testCipherList()
+ 	// QVERIFY( cipherList.contains("TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5") );
+ 	// QVERIFY( cipherList.contains("TLS_RSA_EXPORT_WITH_RC4_40_MD5") );
+ 
+-	cipherList = tls->supportedCipherSuites(QCA::TLS::SSL_v3);
+-	QVERIFY( cipherList.contains("SSL_DHE_RSA_WITH_AES_256_CBC_SHA") );
+-	QVERIFY( cipherList.contains("SSL_DHE_DSS_WITH_AES_256_CBC_SHA") );
+-	QVERIFY( cipherList.contains("SSL_RSA_WITH_AES_256_CBC_SHA") );
+-	QVERIFY( cipherList.contains("SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA") );
+-	QVERIFY( cipherList.contains("SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA") );
+-	QVERIFY( cipherList.contains("SSL_RSA_WITH_3DES_EDE_CBC_SHA") );
+-	QVERIFY( cipherList.contains("SSL_DHE_RSA_WITH_AES_128_CBC_SHA") );
+-	QVERIFY( cipherList.contains("SSL_DHE_DSS_WITH_AES_128_CBC_SHA") );
+-	QVERIFY( cipherList.contains("SSL_RSA_WITH_AES_128_CBC_SHA") );
+-	QVERIFY( cipherList.contains("SSL_RSA_WITH_RC4_128_SHA") );
++	// OpenSSL 1.1 in openSUSE TW has it disabled by default
++	// cipherList = tls->supportedCipherSuites(QCA::TLS::SSL_v3);
++	// QVERIFY( cipherList.contains("SSL_DHE_RSA_WITH_AES_256_CBC_SHA") );
++	// QVERIFY( cipherList.contains("SSL_DHE_DSS_WITH_AES_256_CBC_SHA") );
++	// QVERIFY( cipherList.contains("SSL_RSA_WITH_AES_256_CBC_SHA") );
++	// QVERIFY( cipherList.contains("SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA") );
++	// QVERIFY( cipherList.contains("SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA") );
++	// QVERIFY( cipherList.contains("SSL_RSA_WITH_3DES_EDE_CBC_SHA") );
++	// QVERIFY( cipherList.contains("SSL_DHE_RSA_WITH_AES_128_CBC_SHA") );
++	// QVERIFY( cipherList.contains("SSL_DHE_DSS_WITH_AES_128_CBC_SHA") );
++	// QVERIFY( cipherList.contains("SSL_RSA_WITH_AES_128_CBC_SHA") );
+ 
+ 	// Fedora 22 has no SSL_RSA_WITH_RC4_128_MD5
+ 	// QVERIFY( cipherList.contains("SSL_RSA_WITH_RC4_128_MD5") );



More information about the arch-commits mailing list