diff options
| author | Natanael Copa <ncopa@alpinelinux.org> | 2018-11-05 10:54:22 +0000 |
|---|---|---|
| committer | Natanael Copa <ncopa@alpinelinux.org> | 2018-11-07 16:46:15 +0000 |
| commit | 1cd1794b132f1a3b97d2faeb3a5dbd219ceec685 (patch) | |
| tree | 25e67665656e4e3274e5a5b43a41379d6e5181ff | |
| parent | 61e3814043d1d612f7c14aeb41cb9f216a67c7d9 (diff) | |
community/qca: rebuild against openssl 1.1
| -rw-r--r-- | community/qca/APKBUILD | 22 | ||||
| -rw-r--r-- | community/qca/QCA | 421 | ||||
| -rw-r--r-- | community/qca/qca-openssl-1.1.patch | 2036 |
3 files changed, 2469 insertions, 10 deletions
diff --git a/community/qca/APKBUILD b/community/qca/APKBUILD index 51296b8eb9d..de463a40c27 100644 --- a/community/qca/APKBUILD +++ b/community/qca/APKBUILD @@ -1,35 +1,37 @@ # Contributor: William Pitcock <nenolod@dereferenced.org> -# Maintainer: +# Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=qca pkgver=2.1.3 -pkgrel=5 +pkgrel=6 pkgdesc="Qt cryptographic architecture" -url="http://delta.affinix.com/qca/" +url="https://userbase.kde.org/QCA" arch="all" license="LGPL" -depends= -depends_dev="qt-dev" +depends_dev="qt5-qtbase-dev" makedepends="$depends_dev cmake cyrus-sasl-dev" install="" subpackages="$pkgname-dev $pkgname-doc" -source="http://download.kde.org/stable/qca/$pkgver/src/qca-${pkgver}.tar.xz" +source="http://download.kde.org/stable/qca/$pkgver/src/qca-${pkgver}.tar.xz + qca-openssl-1.1.patch + " builddir="$srcdir"/qca-$pkgver build() { cd "$builddir" cmake -DCMAKE_INSTALL_PREFIX=/usr -DWITH_cyrus-sasl_PLUGIN=yes . - make || return 1 + make } package() { cd "$builddir" - make DESTDIR="$pkgdir" install || return 1 + make DESTDIR="$pkgdir" install } check() { cd "$builddir" - make test || return 1 + make test } -sha512sums="0aec277e0695da2e45298f0a9006213829fe4c449a79969e472947db54f45000ba6e22361b782465bdc03f269b7301d318c843f5a83db459a118e58a03f3116a qca-2.1.3.tar.xz" +sha512sums="0aec277e0695da2e45298f0a9006213829fe4c449a79969e472947db54f45000ba6e22361b782465bdc03f269b7301d318c843f5a83db459a118e58a03f3116a qca-2.1.3.tar.xz +13eff6727ddcb1fdfd8d57175bcbee27dcbd60823d91b7b16224067908638ee8ae4b2a141e18b6038d4c0347ddc2011e04c0956309c15032b64ea0056fd7372a qca-openssl-1.1.patch" diff --git a/community/qca/QCA b/community/qca/QCA new file mode 100644 index 00000000000..c26742d9f3f --- /dev/null +++ b/community/qca/QCA @@ -0,0 +1,421 @@ +<!DOCTYPE html> +<html lang="en" dir="ltr" class="client-nojs"> +<head> +<meta charset="UTF-8" /> +<title>QCA - KDE UserBase Wiki</title> +<script>document.documentElement.className = document.documentElement.className.replace( /(^|\s)client-nojs(\s|$)/, "$1client-js$2" );</script> +<script>window.RLQ = window.RLQ || []; window.RLQ.push( function () { +mw.config.set({"wgCanonicalNamespace":"","wgCanonicalSpecialPageName":!1,"wgNamespaceNumber":0,"wgPageName":"QCA","wgTitle":"QCA","wgCurRevisionId":377461,"wgRevisionId":377461,"wgArticleId":149429,"wgIsArticle":!0,"wgIsRedirect":!1,"wgAction":"view","wgUserName":null,"wgUserGroups":["*"],"wgCategories":[],"wgBreakFrames":!0,"wgPageContentLanguage":"en","wgPageContentModel":"wikitext","wgSeparatorTransformTable":["",""],"wgDigitTransformTable":["",""],"wgDefaultDateFormat":"dmy","wgMonthNames":["","January","February","March","April","May","June","July","August","September","October","November","December"],"wgMonthNamesShort":["","Jan","Feb","Mar","Apr","May","Jun","Jul","Aug","Sep","Oct","Nov","Dec"],"wgRelevantPageName":"QCA","wgRelevantArticleId":149429,"wgIsProbablyEditable":!1,"wgRestrictionEdit":[],"wgRestrictionMove":[],"wgULSAcceptLanguageList":[],"wgULSCurrentAutonym":"English","wgWikiEditorEnabledModules":{"toolbar":!1,"dialogs":!1,"preview":!1,"publish" +:!1}});mw.loader.implement("user.options",function($,jQuery){mw.user.options.set({"variant":"en"});});mw.loader.implement("user.tokens",function($,jQuery){mw.user.tokens.set({"editToken":"+\\","patrolToken":"+\\","watchToken":"+\\"});});mw.loader.load(["mediawiki.page.startup","mediawiki.legacy.wikibits","ext.uls.init","ext.uls.interface"]); +} );</script> +<link rel="stylesheet" href="/load.php?debug=false&lang=en&modules=ext.uls.nojs%7Cmediawiki.legacy.commonPrint%2Cshared%7Cmediawiki.sectionAnchor&only=styles&skin=neverland" /> +<link rel="stylesheet" href="https://1088045785.rsc.cdn77.org/css/bootstrap.css" media="screen" /> +<link rel="stylesheet" href="https://1088045785.rsc.cdn77.org/css/bootstrap-responsive.css" media="screen" /> +<link rel="stylesheet" href="https://1088045785.rsc.cdn77.org/css/bootstrap-mediawiki.css" media="screen" /> +<meta name="ResourceLoaderDynamicStyles" content="" /> +<link rel="stylesheet" href="/load.php?debug=false&lang=en&modules=site&only=styles&skin=neverland" /> +<style>a:lang(ar),a:lang(kk-arab),a:lang(mzn),a:lang(ps),a:lang(ur){text-decoration:none}</style> +<script async="" src="/load.php?debug=false&lang=en&modules=startup&only=scripts&skin=neverland"></script> +<meta name="generator" content="MediaWiki 1.26.2" /> +<link rel="apple-touch-icon" href="https://www.kde.org/aether/media/180x180.png" /> +<link rel="shortcut icon" href="https://www.kde.org/aether/media/192x192.png" /> +<link rel="search" type="application/opensearchdescription+xml" href="/opensearch_desc.php" title="KDE UserBase Wiki (en)" /> +<link rel="EditURI" type="application/rsd+xml" href="https://userbase.kde.org/api.php?action=rsd" /> +<link rel="copyright" href="/KDE_UserBase_Wiki:Copyrights" /> +<link rel="alternate" type="application/atom+xml" title="KDE UserBase Wiki Atom feed" href="/index.php?title=Special:RecentChanges&feed=atom" /> +</head> +<body class="mediawiki ltr sitedir-ltr ns-0 ns-subject page-QCA skin-neverland action-view"> + + <!-- header --> + <div id="top-small mw-head" class="navbar navbar-static-top Neverland noprint"> + <div class="navbar-inner"> + <div class="container"> + <div class="pull-right"> + +<!-- 0 --> + <div id="p-search"> + <form action="/index.php" id="searchform" class="form-inline"> + <input id="searchInput" name="search" type="search" placeholder="Search" + class="input-large" autocomplete="off" + value="" + /> + + <input type="hidden" name="title" value="Special:Search" /> + </form> + </div> + +<!-- /0 --> + </div> + + <a href="/Welcome_to_KDE_UserBase" class="brand"> + <img src="https://1088045785.rsc.cdn77.org/img/logo.plain.small.png" alt="" /> + KDE UserBase Wiki </a> + </div> + </div> + </div> + <!-- /header --> + + <div id="top" class="container"> + <!-- content --> + <div class="row"> + <div class="span9"> + <div> + <div id="mw-js-message" class="alert alert-info" style="display:none;" + > + </div> + + + <!-- page-actions --> + +<!-- 0 --> + <div class="btn-group pull-right page-actions"> <!-- Is closed later in the 'actions' section --> + <a href="/QCA" class="btn btn-mini + btn-primary + " + > + + <i class="icon-ca-view icon-white + "></i> + View </a> + <a href="/index.php?title=QCA&action=edit" class="btn btn-mini + " + title="This page is protected. You can view its source [e]" accesskey="e"> + + <i class="icon-ca-viewsource icon-black + "></i> + View source </a> + <a href="/index.php?title=QCA&action=history" class="btn btn-mini + " + title="Past revisions of this page [h]" accesskey="h"> + + <i class="icon-ca-history icon-black + "></i> + History </a> + +<!-- /0 --> + +<!-- 1 --> + </div> <!-- Opened in the 'views' section --> + +<!-- /1 --> + <!-- /page-actions --> + + <!-- top-navigation --> + +<!-- 0 --> + <ul class="nav nav-tabs"> + <li class="active"> + <a href="#" title="View the content page [c]" accesskey="c"> + Page </a> + </li> + <li> + <a href="/index.php?title=Talk:QCA&action=edit&redlink=1" title="Discussion about the content page [t]" accesskey="t"> + Discussion </a> + </li> + </ul> + +<!-- /0 --> + <!-- /top-navigation --> + + <!-- firstHeading --> + <h1 id="firstHeading"> + QCA </h1> + <!-- /firstHeading --> + + <!-- bodyContent --> + <div id="bodyContent"> + <!-- subtitle --> + <div id="contentSub"></div> + <!-- /subtitle --> + + + + <!-- jumpto --> + <div id="jump-to-nav" class="mw-jump"> + Jump to: <a href="#mw-head">navigation</a>, + <a href="#p-search">search</a> + </div> + <!-- /jumpto --> + + <!-- bodycontent --> + <div id="mw-content-text" lang="en" dir="ltr" class="mw-content-ltr"><div id="toc" class="toc"><div id="toctitle"><h2>Contents</h2></div> +<ul> +<li class="toclevel-1 tocsection-1"><a href="#QCA"><span class="tocnumber">1</span> <span class="toctext">QCA</span></a> +<ul> +<li class="toclevel-2 tocsection-2"><a href="#What_is_it.3F"><span class="tocnumber">1.1</span> <span class="toctext">What is it?</span></a></li> +<li class="toclevel-2 tocsection-3"><a href="#What_do_I_need_to_be_able_to_use_it.3F"><span class="tocnumber">1.2</span> <span class="toctext">What do I need to be able to use it?</span></a></li> +<li class="toclevel-2 tocsection-4"><a href="#What_features_are_supported.3F"><span class="tocnumber">1.3</span> <span class="toctext">What features are supported?</span></a></li> +<li class="toclevel-2 tocsection-5"><a href="#How_does_it_work.3F"><span class="tocnumber">1.4</span> <span class="toctext">How does it work?</span></a></li> +<li class="toclevel-2 tocsection-6"><a href="#What_is_the_development_plan.3F"><span class="tocnumber">1.5</span> <span class="toctext">What is the development plan?</span></a></li> +<li class="toclevel-2 tocsection-7"><a href="#Compatibility"><span class="tocnumber">1.6</span> <span class="toctext">Compatibility</span></a></li> +<li class="toclevel-2 tocsection-8"><a href="#Documentation"><span class="tocnumber">1.7</span> <span class="toctext">Documentation</span></a></li> +<li class="toclevel-2 tocsection-9"><a href="#Where_can_I_get_it.3F"><span class="tocnumber">1.8</span> <span class="toctext">Where can I get it?</span></a></li> +</ul> +</li> +</ul> +</div> + +<h1><span class="mw-headline" id="QCA">QCA</span></h1> +<p>Language: English | <a rel="nofollow" class="external text" href="http://science.webhostinggeeks.com/qca">Serbo-Croatian</a> | <a rel="nofollow" class="external text" href="http://weknownyourdreamz.com/qca.html">Bulgarian</a> +</p><p><a href="/File:Kde_password_icon.png" class="image"><img alt="Kde password icon.png" src="/images.userbase/b/bb/Kde_password_icon.png" width="64" height="64" /></a> +</p> +<h2><span class="mw-headline" id="What_is_it.3F">What is it?</span></h2> +<p>Taking a hint from the similarly-named <a rel="nofollow" class="external text" href="http://java.sun.com/j2se/1.3/docs/guide/security/CryptoSpec.html">Java Cryptography Architecture</a>, QCA aims to provide a straightforward and cross-platform crypto API, using Qt datatypes and conventions. QCA separates the API from the implementation, using plugins known as Providers. The advantage of this model is to allow applications to avoid linking to or explicitly depending on any particular cryptographic library. This allows one to easily change or upgrade crypto implementations without even needing to recompile the application! QCA should work everywhere Qt does, including Windows/Unix/MacOSX. +</p> +<h2><span class="mw-headline" id="What_do_I_need_to_be_able_to_use_it.3F">What do I need to be able to use it?</span></h2> +<p>QCA depends on <a rel="nofollow" class="external text" href="https://www.qt.io/">Qt 4.2+</a>. +</p> +<h2><span class="mw-headline" id="What_features_are_supported.3F">What features are supported?</span></h2> +<ul><li> SSL/TLS</li> +<li> X.509</li> +<li> OpenPGP</li> +<li> Cryptographic Message Syntax (for S/MIME)</li> +<li> SASL</li> +<li> PKCS#12</li> +<li> Smart cards and other key storage</li> +<li> Secure memory</li> +<li> Secure random</li> +<li> RSA/DSA/Diffie-Hellman</li> +<li> Hash/Cipher/MAC algorithms</li> +<li> Threading considerations</li> +<li> Access operating system root certificates</li></ul> +<h2><span class="mw-headline" id="How_does_it_work.3F">How does it work?</span></h2> +<p>The application includes <QtCrypto> and links to libqca, which provides the 'wrapper API' and plugin loader. Crypto functionality is determined during runtime, and plugins are loaded from the 'crypto' subfolder of the Qt Library Paths. +</p> +<h2><span class="mw-headline" id="What_is_the_development_plan.3F">What is the development plan?</span></h2> +<p>The base QCA library is considered mostly complete. Future development may include OCSP, shared certificate management, and improving the plugin API. However, there is no development plan for the base library at this time. Work will continue on the various plugins though, in order to get them into a release-quality state. +</p> +<h2><span class="mw-headline" id="Compatibility">Compatibility</span></h2> +<p>QCA follows a typical API/ABI compatibility scheme. Versions use the "major.minor.patch" format. Major versions of QCA may be incompatible with each other, minor versions are backwards compatible within the same major version, and patch versions are forwards and backwards compatible within the same minor version. This is the same scheme that Qt itself uses. +</p> +<h2><span class="mw-headline" id="Documentation">Documentation</span></h2> +<p>API documentation in HTML format is included in the source distribution. +</p> +<h2><span class="mw-headline" id="Where_can_I_get_it.3F">Where can I get it?</span></h2> +<p>Source: <a rel="nofollow" class="external text" href="http://download.kde.org/stable/qca/2.1.3/src/qca-2.1.3.tar.xz">qca-2.1.3.tar.gz</a> +</p><p>QCA has built-in support for the SHA1 and MD5 hash algorithms, and a weak random number source. To perform any other crypto operations (or to utilize improved versions of the built-in ones), an appropriate provider plugin is needed. There are several available so far, and you could always write your own, too. +</p><p>As of QCA 2.1, the latest plugins are included in the main tarball and don’t need to be downloaded separately. +</p> +<table border="1"> +<tr> +<th>Provider</th> +<th>Capabilities</th> +<th>Depends on</th> +</tr> +<tr> +<td>qca-ossl</td> +<td>TLS, CMS, X.509, RSA, DSA, Diffie-Hellman, PKCS#7, PKCS#12, SHA0, SHA1, SHA224, SHA256, SHA384, SHA512, MD2, MD4, MD5, RIPEMD160, Blowfish, DES, 3DES, AES128, AES192, AES256, CAST5, HMAC(SHA1, MD5, RIPEMD160), PBKDF1(MD2, SHA1), PBKDF2(SHA1)</td> +<td>OpenSSL 0.9.6+</td> +</tr> +<tr> +<td>qca-cyrus-sasl</td> +<td>SASL</td> +<td>Cyrus SASL2</td> +</tr> +<tr> +<td>qca-gnupg</td> +<td>OpenPGP</td> +<td>GnuPG 1.x or 2.x (runtime dependency only)</td> +</tr> +<tr> +<td>qca-pkcs11</td> +<td>PKCS#11 (for smart cards)</td> +<td><a rel="nofollow" class="external text" href="http://www.opensc-project.org/">pkcs11-helper</a> 1.02+</td> +</tr> +<tr> +<td>qca-wingss</td> +<td>SASL GSSAPI (for Kerberos)</td> +<td>Windows only (uses SSPI)</td> +</tr> +<tr> +<td>qca-logger</td> +<td>Internal module logging (for debug purposes)</td> +<td>None</td> +</tr> +</table> +<p>The latest source can be found in the 'qca' module of the KDE Git. The code can also be browsed <a rel="nofollow" class="external text" href="https://cgit.kde.org/qca.git/">on the web</a>. +</p><p><i>"keys" icon from KDE.</i> +</p> +<!-- +NewPP limit report +Cached time: 20181105105049 +Cache expiry: 86400 +Dynamic content: false +CPU time usage: 0.008 seconds +Real time usage: 0.010 seconds +Preprocessor visited node count: 35/1000000 +Preprocessor generated node count: 42/1000000 +Post‐expand include size: 0/2097152 bytes +Template argument size: 0/2097152 bytes +Highest expansion depth: 2/40 +Expensive parser function count: 0/100 +--> + +<!-- +Transclusion expansion time report (%,ms,calls,template) +100.00% 0.000 1 - -total +--> + +<!-- Saved in parser cache with key userbase:pcache:idhash:149429-0!*!*!!en!5!* and timestamp 20181105105049 and revision id 377461 + --> +</div> <!-- /bodycontent --> + + <!-- printfooter --> + <div class="printfooter"> + Retrieved from "<a dir="ltr" href="https://userbase.kde.org/index.php?title=QCA&oldid=377461">https://userbase.kde.org/index.php?title=QCA&oldid=377461</a>" </div> + <!-- /printfooter --> + + <!-- catlinks --> + <div id='catlinks' class='catlinks catlinks-allhidden'></div> <!-- /catlinks --> + + + <div class="visualClear"></div> + + <!-- debughtml --> + <!-- /debughtml --> + + <!-- pagestats --> + <br /> + <div class="page-info"> + This page was last modified on 17 February 2017, at 01:13. Content is available under <a class="external" rel="nofollow" href="/KDE_UserBase_Wiki:Copyrights">Creative Commons License SA 4.0</a> unless otherwise noted. </div> + <!-- /pagestats --> + </div> + <!-- /bodyContent --> + </div> + </div> + + <!-- panel --> + <div class="span3 sidebar noprint" valign="top"> + <div class="well"> + <ul class="unstyled"> + <!-- logo --> + <img src="/skins/Neverland/images/sidebar-logo.png" alt="" /> + <!-- /logo --> + + +<!-- 0 --> + +<!-- /0 --> + +<!-- Navigation --> + <li class="list-header" id='p-Navigation' > + Navigation </li> + <li id="n-ub-home"><a href="/Special:MyLanguage/Welcome_to_KDE_UserBase">Home</a></li><li id="n-ub-start-contributing"><a href="/Special:MyLanguage/Quick_Start">Quick Start</a></li><li id="n-recentchanges"><a href="/Special:RecentChanges" title="A list of recent changes in the wiki [r]" accesskey="r">Recent changes</a></li> +<!-- /Navigation --> + +<!-- ub-contributors --> + <li class="list-header" id='p-ub-contributors' > + Contributors </li> + <li id="n-ub-helpfiles"><a href="/Special:MyLanguage/Tasks_and_Tools">Start Contributing</a></li><li id="n-ub-helpfiles-modify"><a href="/Ub-helpfiles-modify-redirect">Modify Existing Pages</a></li><li id="n-ub-helpfiles-new-content"><a href="/Ub-helpfiles-new-content-redirect">Add New Pages</a></li><li id="n-ub-helpfiles-page-elements"><a href="/Special:MyLanguage/PageLayout">Page Elements Explained</a></li><li id="n-ub-helpfiles-typographical-guidelines"><a href="/Special:MyLanguage/Typographical_Guidelines">Display elements markup</a></li><li id="n-ub-helpfiles-markup"><a href="/Special:MyLanguage/Toolbox">More Markup Help</a></li> +<!-- /ub-contributors --> + +<!-- ub-translators --> + <li class="list-header" id='p-ub-translators' > + Translators </li> + <li id="n-ub-get-trans-account"><a href="/Special:MyLanguage/Translator_Account">Get a Translator Account</a></li><li id="n-ub-languages-represented"><a href="/Special:MyLanguage/Special:SupportedLanguages">Languages represented</a></li><li id="n-ub-helpfiles-languages"><a href="/Ub-helpfiles-languages-redirect">Working with Languages</a></li><li id="n-ub-trans-tool"><a href="/Special:MyLanguage/Special:LanguageStats">Start Translating</a></li><li id="n-ub-release-request"><a href="/ReadyForTranslation">Request Release</a></li> +<!-- /ub-translators --> + +<!-- SEARCH --> + +<!-- /SEARCH --> + +<!-- TOOLBOX --> + <li class="list-header" id='p-tb' > + Tools </li> + <li id="t-whatlinkshere"><a href="/Special:WhatLinksHere/QCA" title="A list of all wiki pages that link here [j]" accesskey="j">What links here</a></li><li id="t-recentchangeslinked"><a href="/Special:RecentChangesLinked/QCA" title="Recent changes in pages linked from this page [k]" accesskey="k">Related changes</a></li><li id="t-specialpages"><a href="/Special:SpecialPages" title="A list of all special pages [q]" accesskey="q">Special pages</a></li><li id="t-print"><a href="/index.php?title=QCA&printable=yes" rel="alternate" title="Printable version of this page [p]" accesskey="p">Printable version</a></li><li id="t-permalink"><a href="/index.php?title=QCA&oldid=377461" title="Permanent link to this revision of the page">Permanent link</a></li><li id="t-info"><a href="/index.php?title=QCA&action=info" title="More information about this page">Page information</a></li> +<!-- /TOOLBOX --> + +<!-- LANGUAGES --> + +<!-- /LANGUAGES --> + +<!-- 0 --> + <li class="list-header"> + Personal tools </li> + + <li id="pt-uls" class="active"><a href="#" class="uls-trigger autonym">English</a></li> <li id="pt-anon_oauth_login"><a href="/Special:PhabricatorLogin/redirect">Login with Phabricator</a></li> +<!-- /0 --> + </ul> + </div> + </div> + <!-- /panel --> + </div> + + <!-- /content --> + + <!-- footer --> + <div id="footerRow"> + <div class="navbar navbar-bottom Neverland" > + <div class="navbar-inner"> + <div class="container"> + <ul id="footer-places" class="nav"> + <li> + <i class="icon-privacy icon-white"></i> + <a href="/KDE_UserBase_Wiki:Privacy_policy" title="KDE UserBase Wiki:Privacy policy">Privacy policy</a> </li> + <li> + <i class="icon-about icon-white"></i> + <a href="/KDE_UserBase_Wiki:About" title="KDE UserBase Wiki:About">About KDE UserBase Wiki</a> </li> + <li> + <i class="icon-disclaimer icon-white"></i> + <a href="/KDE_UserBase_Wiki:General_disclaimer" title="KDE UserBase Wiki:General disclaimer">Disclaimers</a> </li> + </ul> + + <ul class="nav pull-right"> + <li id="global-nav-links" class="dropdown dropdown-hover"> + <a href="#" class="dropdown-toggle" data-toggle="dropdown" data-target="#global-nav-links"> + <i class="icon-list icon-white"></i> + KDE Links + <b class="caret-up"></b> + </a> + + <ul id="global-nav" class="dropdown-menu bottom-up"></ul> + </li> + </ul> + </div> + </div> + </div> + + <footer class="Neverland"> + </footer> + </div> + <!-- /footer --> + + <script>window.RLQ = window.RLQ || []; window.RLQ.push( function () { +mw.loader.state({"user":"ready","user.groups":"ready"});mw.loader.load(["mediawiki.toc","mediawiki.action.view.postEdit","site","mediawiki.user","mediawiki.hidpi","mediawiki.page.ready","mediawiki.searchSuggest","ext.uls.geoclient","ext.uls.pt"]); +} );</script> +<script>/*<![CDATA[*/window.RLQ = window.RLQ || []; window.RLQ.push( function () { +var i, s, a = [ + 'https://1088045785.rsc.cdn77.org/js/bootstrap.js', + 'https://1088045785.rsc.cdn77.org/js/bootstrap-neverland.js', + 'https://1088045785.rsc.cdn77.org/nav/global-nav.js' +]; +for ( i = 0; i < a.length; i++ ) { + s = document.createElement( 'script' ); + s.src = a[i]; + document.getElementsByTagName( 'head' )[0].appendChild(s); +} +} );/*]]>*/</script> +<!-- Piwik --> +<script type="text/javascript"> + var _paq = _paq || []; + _paq.push(["trackPageView"]); + _paq.push(["enableLinkTracking"]); + + (function() { + var u = (("https:" == document.location.protocol) ? "https" : "http") + "://"+"stats.kde.org/"; + _paq.push(["setTrackerUrl", u+"piwik.php"]); + _paq.push(["setSiteId", "23"]); + var d=document, g=d.createElement("script"), s=d.getElementsByTagName("script")[0]; g.type="text/javascript"; + g.defer=true; g.async=true; g.src=u+"piwik.js"; s.parentNode.insertBefore(g,s); + })(); +</script> +<!-- End Piwik Code --> + +<!-- Piwik Image Tracker --> +<noscript><img src="https://stats.kde.org/piwik.php?idsite=23&rec=1" style="border:0" alt="" /></noscript> +<!-- End Piwik --><script>window.RLQ = window.RLQ || []; window.RLQ.push( function () { +mw.config.set({"wgBackendResponseTime":48}); +} );</script> + </body> +</html> + diff --git a/community/qca/qca-openssl-1.1.patch b/community/qca/qca-openssl-1.1.patch new file mode 100644 index 00000000000..fa6e8ab2f9a --- /dev/null +++ b/community/qca/qca-openssl-1.1.patch @@ -0,0 +1,2036 @@ +diff --git a/plugins/qca-ossl/CMakeLists.txt b/plugins/qca-ossl/CMakeLists.txt +index cdeaeca..f7c5c1b 100644 +--- a/plugins/qca-ossl/CMakeLists.txt ++++ b/plugins/qca-ossl/CMakeLists.txt +@@ -32,7 +32,7 @@ if(OPENSSL_FOUND) + message(WARNING "qca-ossl will be compiled without SHA-0 digest algorithm support") + endif(HAVE_OPENSSL_SHA0) + +- set(QCA_OSSL_SOURCES qca-ossl.cpp) ++ set(QCA_OSSL_SOURCES libcrypto-compat.c qca-ossl.cpp) + + my_automoc( QCA_OSSL_SOURCES ) + +diff --git a/plugins/qca-ossl/libcrypto-compat.c b/plugins/qca-ossl/libcrypto-compat.c +index e69de29..b587845 100644 +--- a/plugins/qca-ossl/libcrypto-compat.c ++++ b/plugins/qca-ossl/libcrypto-compat.c +@@ -0,0 +1,410 @@ ++/* ++ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. ++ * ++ * Licensed under the OpenSSL license (the "License"). You may not use ++ * this file except in compliance with the License. You can obtain a copy ++ * in the file LICENSE in the source distribution or at ++ * https://www.openssl.org/source/license.html ++ */ ++ ++#include <openssl/evp.h> ++ ++#if OPENSSL_VERSION_NUMBER < 0x10100000L ++ ++#include <string.h> ++#include <openssl/engine.h> ++ ++static void *OPENSSL_zalloc(size_t num) ++{ ++ void *ret = OPENSSL_malloc(num); ++ ++ if (ret != NULL) ++ memset(ret, 0, num); ++ return ret; ++} ++ ++int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d) ++{ ++ /* If the fields n and e in r are NULL, the corresponding input ++ * parameters MUST be non-NULL for n and e. d may be ++ * left NULL (in case only the public key is used). ++ */ ++ if ((r->n == NULL && n == NULL) ++ || (r->e == NULL && e == NULL)) ++ return 0; ++ ++ if (n != NULL) { ++ BN_free(r->n); ++ r->n = n; ++ } ++ if (e != NULL) { ++ BN_free(r->e); ++ r->e = e; ++ } ++ if (d != NULL) { ++ BN_free(r->d); ++ r->d = d; ++ } ++ ++ return 1; ++} ++ ++int RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q) ++{ ++ /* If the fields p and q in r are NULL, the corresponding input ++ * parameters MUST be non-NULL. ++ */ ++ if ((r->p == NULL && p == NULL) ++ || (r->q == NULL && q == NULL)) ++ return 0; ++ ++ if (p != NULL) { ++ BN_free(r->p); ++ r->p = p; ++ } ++ if (q != NULL) { ++ BN_free(r->q); ++ r->q = q; ++ } ++ ++ return 1; ++} ++ ++int RSA_set0_crt_params(RSA *r, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp) ++{ ++ /* If the fields dmp1, dmq1 and iqmp in r are NULL, the corresponding input ++ * parameters MUST be non-NULL. ++ */ ++ if ((r->dmp1 == NULL && dmp1 == NULL) ++ || (r->dmq1 == NULL && dmq1 == NULL) ++ || (r->iqmp == NULL && iqmp == NULL)) ++ return 0; ++ ++ if (dmp1 != NULL) { ++ BN_free(r->dmp1); ++ r->dmp1 = dmp1; ++ } ++ if (dmq1 != NULL) { ++ BN_free(r->dmq1); ++ r->dmq1 = dmq1; ++ } ++ if (iqmp != NULL) { ++ BN_free(r->iqmp); ++ r->iqmp = iqmp; ++ } ++ ++ return 1; ++} ++ ++void RSA_get0_key(const RSA *r, ++ const BIGNUM **n, const BIGNUM **e, const BIGNUM **d) ++{ ++ if (n != NULL) ++ *n = r->n; ++ if (e != NULL) ++ *e = r->e; ++ if (d != NULL) ++ *d = r->d; ++} ++ ++void RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q) ++{ ++ if (p != NULL) ++ *p = r->p; ++ if (q != NULL) ++ *q = r->q; ++} ++ ++void RSA_get0_crt_params(const RSA *r, ++ const BIGNUM **dmp1, const BIGNUM **dmq1, ++ const BIGNUM **iqmp) ++{ ++ if (dmp1 != NULL) ++ *dmp1 = r->dmp1; ++ if (dmq1 != NULL) ++ *dmq1 = r->dmq1; ++ if (iqmp != NULL) ++ *iqmp = r->iqmp; ++} ++ ++void DSA_get0_pqg(const DSA *d, ++ const BIGNUM **p, const BIGNUM **q, const BIGNUM **g) ++{ ++ if (p != NULL) ++ *p = d->p; ++ if (q != NULL) ++ *q = d->q; ++ if (g != NULL) ++ *g = d->g; ++} ++ ++int DSA_set0_pqg(DSA *d, BIGNUM *p, BIGNUM *q, BIGNUM *g) ++{ ++ /* If the fields p, q and g in d are NULL, the corresponding input ++ * parameters MUST be non-NULL. ++ */ ++ if ((d->p == NULL && p == NULL) ++ || (d->q == NULL && q == NULL) ++ || (d->g == NULL && g == NULL)) ++ return 0; ++ ++ if (p != NULL) { ++ BN_free(d->p); ++ d->p = p; ++ } ++ if (q != NULL) { ++ BN_free(d->q); ++ d->q = q; ++ } ++ if (g != NULL) { ++ BN_free(d->g); ++ d->g = g; ++ } ++ ++ return 1; ++} ++ ++void DSA_get0_key(const DSA *d, ++ const BIGNUM **pub_key, const BIGNUM **priv_key) ++{ ++ if (pub_key != NULL) ++ *pub_key = d->pub_key; ++ if (priv_key != NULL) ++ *priv_key = d->priv_key; ++} ++ ++int DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key) ++{ ++ /* If the field pub_key in d is NULL, the corresponding input ++ * parameters MUST be non-NULL. The priv_key field may ++ * be left NULL. ++ */ ++ if (d->pub_key == NULL && pub_key == NULL) ++ return 0; ++ ++ if (pub_key != NULL) { ++ BN_free(d->pub_key); ++ d->pub_key = pub_key; ++ } ++ if (priv_key != NULL) { ++ BN_free(d->priv_key); ++ d->priv_key = priv_key; ++ } ++ ++ return 1; ++} ++ ++void DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps) ++{ ++ if (pr != NULL) ++ *pr = sig->r; ++ if (ps != NULL) ++ *ps = sig->s; ++} ++ ++int DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s) ++{ ++ if (r == NULL || s == NULL) ++ return 0; ++ BN_clear_free(sig->r); ++ BN_clear_free(sig->s); ++ sig->r = r; ++ sig->s = s; ++ return 1; ++} ++ ++void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps) ++{ ++ if (pr != NULL) ++ *pr = sig->r; ++ if (ps != NULL) ++ *ps = sig->s; ++} ++ ++int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s) ++{ ++ if (r == NULL || s == NULL) ++ return 0; ++ BN_clear_free(sig->r); ++ BN_clear_free(sig->s); ++ sig->r = r; ++ sig->s = s; ++ return 1; ++} ++ ++void DH_get0_pqg(const DH *dh, ++ const BIGNUM **p, const BIGNUM **q, const BIGNUM **g) ++{ ++ if (p != NULL) ++ *p = dh->p; ++ if (q != NULL) ++ *q = dh->q; ++ if (g != NULL) ++ *g = dh->g; ++} ++ ++int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g) ++{ ++ /* If the fields p and g in d are NULL, the corresponding input ++ * parameters MUST be non-NULL. q may remain NULL. ++ */ ++ if ((dh->p == NULL && p == NULL) ++ || (dh->g == NULL && g == NULL)) ++ return 0; ++ ++ if (p != NULL) { ++ BN_free(dh->p); ++ dh->p = p; ++ } ++ if (q != NULL) { ++ BN_free(dh->q); ++ dh->q = q; ++ } ++ if (g != NULL) { ++ BN_free(dh->g); ++ dh->g = g; ++ } ++ ++ if (q != NULL) { ++ dh->length = BN_num_bits(q); ++ } ++ ++ return 1; ++} ++ ++void DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key) ++{ ++ if (pub_key != NULL) ++ *pub_key = dh->pub_key; ++ if (priv_key != NULL) ++ *priv_key = dh->priv_key; ++} ++ ++int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key) ++{ ++ /* If the field pub_key in dh is NULL, the corresponding input ++ * parameters MUST be non-NULL. The priv_key field may ++ * be left NULL. ++ */ ++ if (dh->pub_key == NULL && pub_key == NULL) ++ return 0; ++ ++ if (pub_key != NULL) { ++ BN_free(dh->pub_key); ++ dh->pub_key = pub_key; ++ } ++ if (priv_key != NULL) { ++ BN_free(dh->priv_key); ++ dh->priv_key = priv_key; ++ } ++ ++ return 1; ++} ++ ++int DH_set_length(DH *dh, long length) ++{ ++ dh->length = length; ++ return 1; ++} ++ ++const unsigned char *EVP_CIPHER_CTX_iv(const EVP_CIPHER_CTX *ctx) ++{ ++ return ctx->iv; ++} ++ ++unsigned char *EVP_CIPHER_CTX_iv_noconst(EVP_CIPHER_CTX *ctx) ++{ ++ return ctx->iv; ++} ++ ++EVP_MD_CTX *EVP_MD_CTX_new(void) ++{ ++ return OPENSSL_zalloc(sizeof(EVP_MD_CTX)); ++} ++ ++void EVP_MD_CTX_free(EVP_MD_CTX *ctx) ++{ ++ EVP_MD_CTX_cleanup(ctx); ++ OPENSSL_free(ctx); ++} ++ ++RSA_METHOD *RSA_meth_dup(const RSA_METHOD *meth) ++{ ++ RSA_METHOD *ret; ++ ++ ret = OPENSSL_malloc(sizeof(RSA_METHOD)); ++ ++ if (ret != NULL) { ++ memcpy(ret, meth, sizeof(*meth)); ++ ret->name = OPENSSL_strdup(meth->name); ++ if (ret->name == NULL) { ++ OPENSSL_free(ret); ++ return NULL; ++ } ++ } ++ ++ return ret; ++} ++ ++int RSA_meth_set1_name(RSA_METHOD *meth, const char *name) ++{ ++ char *tmpname; ++ ++ tmpname = OPENSSL_strdup(name); ++ if (tmpname == NULL) { ++ return 0; ++ } ++ ++ OPENSSL_free((char *)meth->name); ++ meth->name = tmpname; ++ ++ return 1; ++} ++ ++int RSA_meth_set_priv_enc(RSA_METHOD *meth, ++ int (*priv_enc) (int flen, const unsigned char *from, ++ unsigned char *to, RSA *rsa, ++ int padding)) ++{ ++ meth->rsa_priv_enc = priv_enc; ++ return 1; ++} ++ ++int RSA_meth_set_priv_dec(RSA_METHOD *meth, ++ int (*priv_dec) (int flen, const unsigned char *from, ++ unsigned char *to, RSA *rsa, ++ int padding)) ++{ ++ meth->rsa_priv_dec = priv_dec; ++ return 1; ++} ++ ++int RSA_meth_set_finish(RSA_METHOD *meth, int (*finish) (RSA *rsa)) ++{ ++ meth->finish = finish; ++ return 1; ++} ++ ++void RSA_meth_free(RSA_METHOD *meth) ++{ ++ if (meth != NULL) { ++ OPENSSL_free((char *)meth->name); ++ OPENSSL_free(meth); ++ } ++} ++ ++int RSA_bits(const RSA *r) ++{ ++ return (BN_num_bits(r->n)); ++} ++ ++RSA *EVP_PKEY_get0_RSA(EVP_PKEY *pkey) ++{ ++ if (pkey->type != EVP_PKEY_RSA) { ++ return NULL; ++ } ++ return pkey->pkey.rsa; ++} ++ ++ ++#endif /* OPENSSL_VERSION_NUMBER */ +diff --git a/plugins/qca-ossl/libcrypto-compat.h b/plugins/qca-ossl/libcrypto-compat.h +index e69de29..057f1fe 100644 +--- a/plugins/qca-ossl/libcrypto-compat.h ++++ b/plugins/qca-ossl/libcrypto-compat.h +@@ -0,0 +1,57 @@ ++#ifndef LIBCRYPTO_COMPAT_H ++#define LIBCRYPTO_COMPAT_H ++ ++#if OPENSSL_VERSION_NUMBER < 0x10100000L ++ ++#include <openssl/rsa.h> ++#include <openssl/dsa.h> ++#include <openssl/ecdsa.h> ++#include <openssl/dh.h> ++#include <openssl/evp.h> ++ ++int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d); ++int RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q); ++int RSA_set0_crt_params(RSA *r, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp); ++void RSA_get0_key(const RSA *r, const BIGNUM **n, const BIGNUM **e, const BIGNUM **d); ++void RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q); ++void RSA_get0_crt_params(const RSA *r, const BIGNUM **dmp1, const BIGNUM **dmq1, const BIGNUM **iqmp); ++ ++void DSA_get0_pqg(const DSA *d, const BIGNUM **p, const BIGNUM **q, const BIGNUM **g); ++int DSA_set0_pqg(DSA *d, BIGNUM *p, BIGNUM *q, BIGNUM *g); ++void DSA_get0_key(const DSA *d, const BIGNUM **pub_key, const BIGNUM **priv_key); ++int DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key); ++ ++void DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps); ++int DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s); ++ ++void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps); ++int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s); ++ ++void DH_get0_pqg(const DH *dh, const BIGNUM **p, const BIGNUM **q, const BIGNUM **g); ++int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g); ++void DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key); ++int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key); ++int DH_set_length(DH *dh, long length); ++ ++const unsigned char *EVP_CIPHER_CTX_iv(const EVP_CIPHER_CTX *ctx); ++unsigned char *EVP_CIPHER_CTX_iv_noconst(EVP_CIPHER_CTX *ctx); ++EVP_MD_CTX *EVP_MD_CTX_new(void); ++void EVP_MD_CTX_free(EVP_MD_CTX *ctx); ++#define EVP_CIPHER_impl_ctx_size(e) e->ctx_size ++#define EVP_CIPHER_CTX_get_cipher_data(ctx) ctx->cipher_data ++ ++RSA_METHOD *RSA_meth_dup(const RSA_METHOD *meth); ++int RSA_meth_set1_name(RSA_METHOD *meth, const char *name); ++#define RSA_meth_get_finish(meth) meth->finish ++int RSA_meth_set_priv_enc(RSA_METHOD *meth, int (*priv_enc) (int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding)); ++int RSA_meth_set_priv_dec(RSA_METHOD *meth, int (*priv_dec) (int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding)); ++int RSA_meth_set_finish(RSA_METHOD *meth, int (*finish) (RSA *rsa)); ++void RSA_meth_free(RSA_METHOD *meth); ++ ++int RSA_bits(const RSA *r); ++ ++RSA *EVP_PKEY_get0_RSA(EVP_PKEY *pkey); ++ ++#endif /* OPENSSL_VERSION_NUMBER */ ++ ++#endif /* LIBCRYPTO_COMPAT_H */ +diff --git a/plugins/qca-ossl/qca-ossl.cpp b/plugins/qca-ossl/qca-ossl.cpp +index f0b9431..d961ad9 100644 +--- a/plugins/qca-ossl/qca-ossl.cpp ++++ b/plugins/qca-ossl/qca-ossl.cpp +@@ -1,6 +1,7 @@ + /* + * Copyright (C) 2004-2007 Justin Karneges <justin@affinix.com> + * Copyright (C) 2004-2006 Brad Hards <bradh@frogmouth.net> ++ * Copyright (C) 2017 Fabian Vogt <fabian@ritter-vogt.de> + * + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public +@@ -38,6 +39,10 @@ + #include <openssl/pkcs12.h> + #include <openssl/ssl.h> + ++extern "C" { ++#include "libcrypto-compat.h" ++} ++ + #ifndef OSSL_097 + // comment this out if you'd rather use openssl 0.9.6 + #define OSSL_097 +@@ -52,6 +57,73 @@ + ((_STACK*) (1 ? p : (type*)0)) + #endif + ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++ #define OSSL_110 ++#endif ++ ++// OpenSSL 1.1.0 compatibility macros ++#ifdef OSSL_110 ++#define M_ASN1_IA5STRING_new() ASN1_IA5STRING_new() ++#else ++static HMAC_CTX *HMAC_CTX_new() { return new HMAC_CTX(); } ++static void HMAC_CTX_free(HMAC_CTX *x) { free(x); } ++static void EVP_PKEY_up_ref(EVP_PKEY *x) { CRYPTO_add(&x->references, 1, CRYPTO_LOCK_EVP_PKEY); } ++static void X509_up_ref(X509 *x) { CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509); } ++static void X509_CRL_up_ref(X509_CRL *x) { CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509_CRL); } ++static DSA *EVP_PKEY_get0_DSA(EVP_PKEY *x) { return x->pkey.dsa; } ++static DH *EVP_PKEY_get0_DH(EVP_PKEY *x) { return x->pkey.dh; } ++static int RSA_meth_set_sign(RSA_METHOD *meth, ++ int (*sign) (int type, const unsigned char *m, ++ unsigned int m_length, ++ unsigned char *sigret, unsigned int *siglen, ++ const RSA *rsa)) ++{ ++ meth->rsa_sign = sign; ++ return 1; ++} ++int RSA_meth_set_verify(RSA_METHOD *meth, ++ int (*verify) (int dtype, const unsigned char *m, ++ unsigned int m_length, ++ const unsigned char *sigbuf, ++ unsigned int siglen, const RSA *rsa)) ++{ ++ meth->rsa_verify = verify; ++ return 1; ++} ++void X509_REQ_get0_signature(const X509_REQ *req, const ASN1_BIT_STRING **psig, ++ const X509_ALGOR **palg) ++{ ++ if (psig != NULL) ++ *psig = req->signature; ++ if (palg != NULL) ++ *palg = req->sig_alg; ++} ++int X509_REQ_get_signature_nid(const X509_REQ *req) ++{ ++ return OBJ_obj2nid(req->sig_alg->algorithm); ++} ++void X509_CRL_get0_signature(const X509_CRL *crl, const ASN1_BIT_STRING **psig, ++ const X509_ALGOR **palg) ++{ ++ if (psig != NULL) ++ *psig = crl->signature; ++ if (palg != NULL) ++ *palg = crl->sig_alg; ++} ++int X509_CRL_get_signature_nid(const X509_CRL *crl) ++{ ++ return OBJ_obj2nid(crl->sig_alg->algorithm); ++} ++const ASN1_INTEGER *X509_REVOKED_get0_serialNumber(const X509_REVOKED *x) ++{ ++ return x->serialNumber; ++} ++const ASN1_TIME *X509_REVOKED_get0_revocationDate(const X509_REVOKED *x) ++{ ++ return x->revocationDate; ++} ++#endif ++ + using namespace QCA; + + namespace opensslQCAPlugin { +@@ -93,7 +165,7 @@ static QByteArray bio2ba(BIO *b) + return buf; + } + +-static BigInteger bn2bi(BIGNUM *n) ++static BigInteger bn2bi(const BIGNUM *n) + { + SecureArray buf(BN_num_bytes(n) + 1); + buf[0] = 0; // positive +@@ -109,7 +181,7 @@ static BIGNUM *bi2bn(const BigInteger &n) + + // take lowest bytes of BIGNUM to fit + // pad with high byte zeroes to fit +-static SecureArray bn2fixedbuf(BIGNUM *n, int size) ++static SecureArray bn2fixedbuf(const BIGNUM *n, int size) + { + SecureArray buf(BN_num_bytes(n)); + BN_bn2bin(n, (unsigned char *)buf.data()); +@@ -127,8 +199,16 @@ static SecureArray dsasig_der_to_raw(const SecureArray &in) + const unsigned char *inp = (const unsigned char *)in.data(); + d2i_DSA_SIG(&sig, &inp, in.size()); + +- SecureArray part_r = bn2fixedbuf(sig->r, 20); +- SecureArray part_s = bn2fixedbuf(sig->s, 20); ++ const BIGNUM *bnr, *bns; ++ ++#ifdef OSSL_110 ++ DSA_SIG_get0(sig, &bnr, &bns); ++#else ++ bnr = sig->r; bns = sig->s; ++#endif ++ ++ SecureArray part_r = bn2fixedbuf(bnr, 20); ++ SecureArray part_s = bn2fixedbuf(bns, 20); + SecureArray result; + result.append(part_r); + result.append(part_s); +@@ -143,12 +223,20 @@ static SecureArray dsasig_raw_to_der(const SecureArray &in) + return SecureArray(); + + DSA_SIG *sig = DSA_SIG_new(); +- SecureArray part_r(20); +- SecureArray part_s(20); ++ SecureArray part_r(20); BIGNUM *bnr; ++ SecureArray part_s(20); BIGNUM *bns; + memcpy(part_r.data(), in.data(), 20); + memcpy(part_s.data(), in.data() + 20, 20); +- sig->r = BN_bin2bn((const unsigned char *)part_r.data(), part_r.size(), NULL); +- sig->s = BN_bin2bn((const unsigned char *)part_s.data(), part_s.size(), NULL); ++ bnr = BN_bin2bn((const unsigned char *)part_r.data(), part_r.size(), NULL); ++ bns = BN_bin2bn((const unsigned char *)part_s.data(), part_s.size(), NULL); ++ ++#ifdef OSSL_110 ++ if(DSA_SIG_set0(sig, bnr, bns) == 0) ++ return SecureArray(); ++ // Not documented what happens in the failure case, free bnr and bns? ++#else ++ sig->r = bnr; sig->s = bns; ++#endif + + int len = i2d_DSA_SIG(sig, NULL); + SecureArray result(len); +@@ -1004,29 +1092,39 @@ public: + opensslHashContext(const EVP_MD *algorithm, Provider *p, const QString &type) : HashContext(p, type) + { + m_algorithm = algorithm; +- EVP_DigestInit( &m_context, m_algorithm ); ++ m_context = EVP_MD_CTX_new(); ++ EVP_DigestInit( m_context, m_algorithm ); ++ } ++ ++ opensslHashContext(const opensslHashContext &other) ++ : HashContext(other) ++ { ++ m_algorithm = other.m_algorithm; ++ m_context = EVP_MD_CTX_new(); ++ EVP_MD_CTX_copy_ex(m_context, other.m_context); + } + + ~opensslHashContext() + { +- EVP_MD_CTX_cleanup(&m_context); ++ EVP_MD_CTX_free(m_context); + } + + void clear() + { +- EVP_MD_CTX_cleanup(&m_context); +- EVP_DigestInit( &m_context, m_algorithm ); ++ EVP_MD_CTX_free(m_context); ++ m_context = EVP_MD_CTX_new(); ++ EVP_DigestInit( m_context, m_algorithm ); + } + + void update(const MemoryRegion &a) + { +- EVP_DigestUpdate( &m_context, (unsigned char*)a.data(), a.size() ); ++ EVP_DigestUpdate( m_context, (unsigned char*)a.data(), a.size() ); + } + + MemoryRegion final() + { + SecureArray a( EVP_MD_size( m_algorithm ) ); +- EVP_DigestFinal( &m_context, (unsigned char*)a.data(), 0 ); ++ EVP_DigestFinal( m_context, (unsigned char*)a.data(), 0 ); + return a; + } + +@@ -1037,7 +1135,7 @@ public: + + protected: + const EVP_MD *m_algorithm; +- EVP_MD_CTX m_context; ++ EVP_MD_CTX *m_context; + }; + + +@@ -1047,7 +1145,21 @@ public: + opensslPbkdf1Context(const EVP_MD *algorithm, Provider *p, const QString &type) : KDFContext(p, type) + { + m_algorithm = algorithm; +- EVP_DigestInit( &m_context, m_algorithm ); ++ m_context = EVP_MD_CTX_new(); ++ EVP_DigestInit( m_context, m_algorithm ); ++ } ++ ++ opensslPbkdf1Context(const opensslPbkdf1Context &other) ++ : KDFContext(other) ++ { ++ m_algorithm = other.m_algorithm; ++ m_context = EVP_MD_CTX_new(); ++ EVP_MD_CTX_copy(m_context, other.m_context); ++ } ++ ++ ~opensslPbkdf1Context() ++ { ++ EVP_MD_CTX_free(m_context); + } + + Provider::Context *clone() const +@@ -1081,16 +1193,16 @@ public: + DK = Tc<0..dkLen-1> + */ + // calculate T_1 +- EVP_DigestUpdate( &m_context, (unsigned char*)secret.data(), secret.size() ); +- EVP_DigestUpdate( &m_context, (unsigned char*)salt.data(), salt.size() ); ++ EVP_DigestUpdate( m_context, (unsigned char*)secret.data(), secret.size() ); ++ EVP_DigestUpdate( m_context, (unsigned char*)salt.data(), salt.size() ); + SecureArray a( EVP_MD_size( m_algorithm ) ); +- EVP_DigestFinal( &m_context, (unsigned char*)a.data(), 0 ); ++ EVP_DigestFinal( m_context, (unsigned char*)a.data(), 0 ); + + // calculate T_2 up to T_c + for ( unsigned int i = 2; i <= iterationCount; ++i ) { +- EVP_DigestInit( &m_context, m_algorithm ); +- EVP_DigestUpdate( &m_context, (unsigned char*)a.data(), a.size() ); +- EVP_DigestFinal( &m_context, (unsigned char*)a.data(), 0 ); ++ EVP_DigestInit( m_context, m_algorithm ); ++ EVP_DigestUpdate( m_context, (unsigned char*)a.data(), a.size() ); ++ EVP_DigestFinal( m_context, (unsigned char*)a.data(), 0 ); + } + + // shrink a to become DK, of the required length +@@ -1136,19 +1248,19 @@ public: + DK = Tc<0..dkLen-1> + */ + // calculate T_1 +- EVP_DigestUpdate( &m_context, (unsigned char*)secret.data(), secret.size() ); +- EVP_DigestUpdate( &m_context, (unsigned char*)salt.data(), salt.size() ); ++ EVP_DigestUpdate( m_context, (unsigned char*)secret.data(), secret.size() ); ++ EVP_DigestUpdate( m_context, (unsigned char*)salt.data(), salt.size() ); + SecureArray a( EVP_MD_size( m_algorithm ) ); +- EVP_DigestFinal( &m_context, (unsigned char*)a.data(), 0 ); ++ EVP_DigestFinal( m_context, (unsigned char*)a.data(), 0 ); + + // calculate T_2 up to T_c + *iterationCount = 2 - 1; // <- Have to remove 1, unless it computes one + timer.start(); // ^ time more than the base function + // ^ with the same iterationCount + while (timer.elapsed() < msecInterval) { +- EVP_DigestInit( &m_context, m_algorithm ); +- EVP_DigestUpdate( &m_context, (unsigned char*)a.data(), a.size() ); +- EVP_DigestFinal( &m_context, (unsigned char*)a.data(), 0 ); ++ EVP_DigestInit( m_context, m_algorithm ); ++ EVP_DigestUpdate( m_context, (unsigned char*)a.data(), a.size() ); ++ EVP_DigestFinal( m_context, (unsigned char*)a.data(), 0 ); + ++(*iterationCount); + } + +@@ -1163,7 +1275,7 @@ public: + + protected: + const EVP_MD *m_algorithm; +- EVP_MD_CTX m_context; ++ EVP_MD_CTX *m_context; + }; + + class opensslPbkdf2Context : public KDFContext +@@ -1231,12 +1343,28 @@ public: + opensslHMACContext(const EVP_MD *algorithm, Provider *p, const QString &type) : MACContext(p, type) + { + m_algorithm = algorithm; +- HMAC_CTX_init( &m_context ); ++ m_context = HMAC_CTX_new(); ++#ifndef OSSL_110 ++ HMAC_CTX_init( m_context ); ++#endif ++ } ++ ++ opensslHMACContext(const opensslHMACContext &other) ++ : MACContext(other) ++ { ++ m_algorithm = other.m_algorithm; ++ m_context = HMAC_CTX_new(); ++ HMAC_CTX_copy(m_context, other.m_context); ++ } ++ ++ ~opensslHMACContext() ++ { ++ HMAC_CTX_free(m_context); + } + + void setup(const SymmetricKey &key) + { +- HMAC_Init_ex( &m_context, key.data(), key.size(), m_algorithm, 0 ); ++ HMAC_Init_ex( m_context, key.data(), key.size(), m_algorithm, 0 ); + } + + KeyLength keyLength() const +@@ -1246,14 +1374,18 @@ public: + + void update(const MemoryRegion &a) + { +- HMAC_Update( &m_context, (unsigned char *)a.data(), a.size() ); ++ HMAC_Update( m_context, (unsigned char *)a.data(), a.size() ); + } + + void final(MemoryRegion *out) + { + SecureArray sa( EVP_MD_size( m_algorithm ), 0 ); +- HMAC_Final(&m_context, (unsigned char *)sa.data(), 0 ); +- HMAC_CTX_cleanup(&m_context); ++ HMAC_Final(m_context, (unsigned char *)sa.data(), 0 ); ++#ifdef OSSL_110 ++ HMAC_CTX_reset(m_context); ++#else ++ HMAC_CTX_cleanup(m_context); ++#endif + *out = sa; + } + +@@ -1263,7 +1395,7 @@ public: + } + + protected: +- HMAC_CTX m_context; ++ HMAC_CTX *m_context; + const EVP_MD *m_algorithm; + }; + +@@ -1277,7 +1409,7 @@ class EVPKey + public: + enum State { Idle, SignActive, SignError, VerifyActive, VerifyError }; + EVP_PKEY *pkey; +- EVP_MD_CTX mdctx; ++ EVP_MD_CTX *mdctx; + State state; + bool raw_type; + SecureArray raw; +@@ -1287,19 +1419,23 @@ public: + pkey = 0; + raw_type = false; + state = Idle; ++ mdctx = EVP_MD_CTX_new(); + } + + EVPKey(const EVPKey &from) + { + pkey = from.pkey; +- CRYPTO_add(&pkey->references, 1, CRYPTO_LOCK_EVP_PKEY); ++ EVP_PKEY_up_ref(pkey); + raw_type = false; + state = Idle; ++ mdctx = EVP_MD_CTX_new(); ++ EVP_MD_CTX_copy(mdctx, from.mdctx); + } + + ~EVPKey() + { + reset(); ++ EVP_MD_CTX_free(mdctx); + } + + void reset() +@@ -1322,8 +1458,8 @@ public: + else + { + raw_type = false; +- EVP_MD_CTX_init(&mdctx); +- if(!EVP_SignInit_ex(&mdctx, type, NULL)) ++ EVP_MD_CTX_init(mdctx); ++ if(!EVP_SignInit_ex(mdctx, type, NULL)) + state = SignError; + } + } +@@ -1339,8 +1475,8 @@ public: + else + { + raw_type = false; +- EVP_MD_CTX_init(&mdctx); +- if(!EVP_VerifyInit_ex(&mdctx, type, NULL)) ++ EVP_MD_CTX_init(mdctx); ++ if(!EVP_VerifyInit_ex(mdctx, type, NULL)) + state = VerifyError; + } + } +@@ -1352,7 +1488,7 @@ public: + if (raw_type) + raw += in; + else +- if(!EVP_SignUpdate(&mdctx, in.data(), (unsigned int)in.size())) ++ if(!EVP_SignUpdate(mdctx, in.data(), (unsigned int)in.size())) + state = SignError; + } + else if(state == VerifyActive) +@@ -1360,7 +1496,7 @@ public: + if (raw_type) + raw += in; + else +- if(!EVP_VerifyUpdate(&mdctx, in.data(), (unsigned int)in.size())) ++ if(!EVP_VerifyUpdate(mdctx, in.data(), (unsigned int)in.size())) + state = VerifyError; + } + } +@@ -1373,17 +1509,24 @@ public: + unsigned int len = out.size(); + if (raw_type) + { +- if (pkey->type == EVP_PKEY_RSA) ++ int type; ++#ifdef OSSL_110 ++ type = EVP_PKEY_id(pkey); ++#else ++ type = pkey->type; ++#endif ++ if (type == EVP_PKEY_RSA) + { ++ RSA *rsa = EVP_PKEY_get0_RSA(pkey); + if(RSA_private_encrypt (raw.size(), (unsigned char *)raw.data(), +- (unsigned char *)out.data(), pkey->pkey.rsa, ++ (unsigned char *)out.data(), rsa, + RSA_PKCS1_PADDING) == -1) { + + state = SignError; + return SecureArray (); + } + } +- else if (pkey->type == EVP_PKEY_DSA) ++ else if (type == EVP_PKEY_DSA) + { + state = SignError; + return SecureArray (); +@@ -1395,7 +1538,7 @@ public: + } + } + else { +- if(!EVP_SignFinal(&mdctx, (unsigned char *)out.data(), &len, pkey)) ++ if(!EVP_SignFinal(mdctx, (unsigned char *)out.data(), &len, pkey)) + { + state = SignError; + return SecureArray(); +@@ -1418,16 +1561,24 @@ public: + SecureArray out(EVP_PKEY_size(pkey)); + int len = 0; + +- if (pkey->type == EVP_PKEY_RSA) { ++ int type; ++#ifdef OSSL_110 ++ type = EVP_PKEY_type(EVP_PKEY_id(pkey)); ++#else ++ type = pkey->type; ++#endif ++ ++ if (type == EVP_PKEY_RSA) { ++ RSA *rsa = EVP_PKEY_get0_RSA(pkey); + if((len = RSA_public_decrypt (sig.size(), (unsigned char *)sig.data(), +- (unsigned char *)out.data (), pkey->pkey.rsa, ++ (unsigned char *)out.data (), rsa, + RSA_PKCS1_PADDING)) == -1) { + + state = VerifyError; + return false; + } + } +- else if (pkey->type == EVP_PKEY_DSA) ++ else if (type == EVP_PKEY_DSA) + { + state = VerifyError; + return false; +@@ -1447,7 +1598,7 @@ public: + } + else + { +- if(EVP_VerifyFinal(&mdctx, (unsigned char *)sig.data(), (unsigned int)sig.size(), pkey) != 1) ++ if(EVP_VerifyFinal(mdctx, (unsigned char *)sig.data(), (unsigned int)sig.size(), pkey) != 1) + { + state = VerifyError; + return false; +@@ -1561,9 +1712,11 @@ static bool make_dlgroup(const QByteArray &seed, int bits, int counter, DLParams + return false; + if(ret_counter != counter) + return false; +- params->p = bn2bi(dsa->p); +- params->q = bn2bi(dsa->q); +- params->g = bn2bi(dsa->g); ++ const BIGNUM *bnp, *bnq, *bng; ++ DSA_get0_pqg(dsa, &bnp, &bnq, &bng); ++ params->p = bn2bi(bnp); ++ params->q = bn2bi(bnq); ++ params->g = bn2bi(bng); + DSA_free(dsa); + return true; + } +@@ -1826,10 +1979,11 @@ public: + return; + + // extract the public key into DER format +- int len = i2d_RSAPublicKey(evp.pkey->pkey.rsa, NULL); ++ RSA *rsa_pkey = EVP_PKEY_get0_RSA(evp.pkey); ++ int len = i2d_RSAPublicKey(rsa_pkey, NULL); + SecureArray result(len); + unsigned char *p = (unsigned char *)result.data(); +- i2d_RSAPublicKey(evp.pkey->pkey.rsa, &p); ++ i2d_RSAPublicKey(rsa_pkey, &p); + p = (unsigned char *)result.data(); + + // put the DER public key back into openssl +@@ -1852,7 +2006,7 @@ public: + + virtual int maximumEncryptSize(EncryptionAlgorithm alg) const + { +- RSA *rsa = evp.pkey->pkey.rsa; ++ RSA *rsa = EVP_PKEY_get0_RSA(evp.pkey); + int size = 0; + switch(alg) + { +@@ -1867,7 +2021,7 @@ public: + + virtual SecureArray encrypt(const SecureArray &in, EncryptionAlgorithm alg) + { +- RSA *rsa = evp.pkey->pkey.rsa; ++ RSA *rsa = EVP_PKEY_get0_RSA(evp.pkey); + SecureArray buf = in; + int max = maximumEncryptSize(alg); + +@@ -1900,7 +2054,7 @@ public: + + virtual bool decrypt(const SecureArray &in, SecureArray *out, EncryptionAlgorithm alg) + { +- RSA *rsa = evp.pkey->pkey.rsa; ++ RSA *rsa = EVP_PKEY_get0_RSA(evp.pkey); + SecureArray result(RSA_size(rsa)); + int pad; + +@@ -2021,14 +2175,10 @@ public: + evp.reset(); + + RSA *rsa = RSA_new(); +- rsa->n = bi2bn(n); +- rsa->e = bi2bn(e); +- rsa->p = bi2bn(p); +- rsa->q = bi2bn(q); +- rsa->d = bi2bn(d); +- +- if(!rsa->n || !rsa->e || !rsa->p || !rsa->q || !rsa->d) ++ if(RSA_set0_key(rsa, bi2bn(n), bi2bn(e), bi2bn(d)) == 0 ++ || RSA_set0_factors(rsa, bi2bn(p), bi2bn(q)) == 0) + { ++ // Free BIGNUMS? + RSA_free(rsa); + return; + } +@@ -2036,7 +2186,7 @@ public: + // When private key has no Public Exponent (e) or Private Exponent (d) + // need to disable blinding. Otherwise decryption will be broken. + // http://www.mail-archive.com/openssl-users@openssl.org/msg63530.html +- if(BN_is_zero(rsa->e) || BN_is_zero(rsa->d)) ++ if(e == BigInteger(0) || d == BigInteger(0)) + RSA_blinding_off(rsa); + + evp.pkey = EVP_PKEY_new(); +@@ -2049,10 +2199,7 @@ public: + evp.reset(); + + RSA *rsa = RSA_new(); +- rsa->n = bi2bn(n); +- rsa->e = bi2bn(e); +- +- if(!rsa->n || !rsa->e) ++ if(RSA_set0_key(rsa, bi2bn(n), bi2bn(e), NULL) == 0) + { + RSA_free(rsa); + return; +@@ -2065,27 +2212,42 @@ public: + + virtual BigInteger n() const + { +- return bn2bi(evp.pkey->pkey.rsa->n); ++ RSA *rsa = EVP_PKEY_get0_RSA(evp.pkey); ++ const BIGNUM *bnn; ++ RSA_get0_key(rsa, &bnn, NULL, NULL); ++ return bn2bi(bnn); + } + + virtual BigInteger e() const + { +- return bn2bi(evp.pkey->pkey.rsa->e); ++ RSA *rsa = EVP_PKEY_get0_RSA(evp.pkey); ++ const BIGNUM *bne; ++ RSA_get0_key(rsa, NULL, &bne, NULL); ++ return bn2bi(bne); + } + + virtual BigInteger p() const + { +- return bn2bi(evp.pkey->pkey.rsa->p); ++ RSA *rsa = EVP_PKEY_get0_RSA(evp.pkey); ++ const BIGNUM *bnp; ++ RSA_get0_factors(rsa, &bnp, NULL); ++ return bn2bi(bnp); + } + + virtual BigInteger q() const + { +- return bn2bi(evp.pkey->pkey.rsa->q); ++ RSA *rsa = EVP_PKEY_get0_RSA(evp.pkey); ++ const BIGNUM *bnq; ++ RSA_get0_factors(rsa, NULL, &bnq); ++ return bn2bi(bnq); + } + + virtual BigInteger d() const + { +- return bn2bi(evp.pkey->pkey.rsa->d); ++ RSA *rsa = EVP_PKEY_get0_RSA(evp.pkey); ++ const BIGNUM *bnd; ++ RSA_get0_key(rsa, NULL, NULL, &bnd); ++ return bn2bi(bnd); + } + + private slots: +@@ -2134,10 +2296,12 @@ public: + virtual void run() + { + DSA *dsa = DSA_new(); +- dsa->p = bi2bn(domain.p()); +- dsa->q = bi2bn(domain.q()); +- dsa->g = bi2bn(domain.g()); +- if(!DSA_generate_key(dsa)) ++ BIGNUM *pne = bi2bn(domain.p()), ++ *qne = bi2bn(domain.q()), ++ *gne = bi2bn(domain.g()); ++ ++ if(!DSA_set0_pqg(dsa, pne, qne, gne) ++ || !DSA_generate_key(dsa)) + { + DSA_free(dsa); + return; +@@ -2212,10 +2376,11 @@ public: + return; + + // extract the public key into DER format +- int len = i2d_DSAPublicKey(evp.pkey->pkey.dsa, NULL); ++ DSA *dsa_pkey = EVP_PKEY_get0_DSA(evp.pkey); ++ int len = i2d_DSAPublicKey(dsa_pkey, NULL); + SecureArray result(len); + unsigned char *p = (unsigned char *)result.data(); +- i2d_DSAPublicKey(evp.pkey->pkey.dsa, &p); ++ i2d_DSAPublicKey(dsa_pkey, &p); + p = (unsigned char *)result.data(); + + // put the DER public key back into openssl +@@ -2244,7 +2409,7 @@ public: + else + transformsig = false; + +- evp.startSign(EVP_dss1()); ++ evp.startSign(EVP_sha1()); + } + + virtual void startVerify(SignatureAlgorithm, SignatureFormat format) +@@ -2255,7 +2420,7 @@ public: + else + transformsig = false; + +- evp.startVerify(EVP_dss1()); ++ evp.startVerify(EVP_sha1()); + } + + virtual void update(const MemoryRegion &in) +@@ -2305,13 +2470,14 @@ public: + evp.reset(); + + DSA *dsa = DSA_new(); +- dsa->p = bi2bn(domain.p()); +- dsa->q = bi2bn(domain.q()); +- dsa->g = bi2bn(domain.g()); +- dsa->pub_key = bi2bn(y); +- dsa->priv_key = bi2bn(x); ++ BIGNUM *bnp = bi2bn(domain.p()); ++ BIGNUM *bnq = bi2bn(domain.q()); ++ BIGNUM *bng = bi2bn(domain.g()); ++ BIGNUM *bnpub_key = bi2bn(y); ++ BIGNUM *bnpriv_key = bi2bn(x); + +- if(!dsa->p || !dsa->q || !dsa->g || !dsa->pub_key || !dsa->priv_key) ++ if(!DSA_set0_pqg(dsa, bnp, bnq, bng) ++ || !DSA_set0_key(dsa, bnpub_key, bnpriv_key)) + { + DSA_free(dsa); + return; +@@ -2327,12 +2493,13 @@ public: + evp.reset(); + + DSA *dsa = DSA_new(); +- dsa->p = bi2bn(domain.p()); +- dsa->q = bi2bn(domain.q()); +- dsa->g = bi2bn(domain.g()); +- dsa->pub_key = bi2bn(y); ++ BIGNUM *bnp = bi2bn(domain.p()); ++ BIGNUM *bnq = bi2bn(domain.q()); ++ BIGNUM *bng = bi2bn(domain.g()); ++ BIGNUM *bnpub_key = bi2bn(y); + +- if(!dsa->p || !dsa->q || !dsa->g || !dsa->pub_key) ++ if(!DSA_set0_pqg(dsa, bnp, bnq, bng) ++ || !DSA_set0_key(dsa, bnpub_key, NULL)) + { + DSA_free(dsa); + return; +@@ -2345,17 +2512,26 @@ public: + + virtual DLGroup domain() const + { +- return DLGroup(bn2bi(evp.pkey->pkey.dsa->p), bn2bi(evp.pkey->pkey.dsa->q), bn2bi(evp.pkey->pkey.dsa->g)); ++ DSA *dsa = EVP_PKEY_get0_DSA(evp.pkey); ++ const BIGNUM *bnp, *bnq, *bng; ++ DSA_get0_pqg(dsa, &bnp, &bnq, &bng); ++ return DLGroup(bn2bi(bnp), bn2bi(bnq), bn2bi(bng)); + } + + virtual BigInteger y() const + { +- return bn2bi(evp.pkey->pkey.dsa->pub_key); ++ DSA *dsa = EVP_PKEY_get0_DSA(evp.pkey); ++ const BIGNUM *bnpub_key; ++ DSA_get0_key(dsa, &bnpub_key, NULL); ++ return bn2bi(bnpub_key); + } + + virtual BigInteger x() const + { +- return bn2bi(evp.pkey->pkey.dsa->priv_key); ++ DSA *dsa = EVP_PKEY_get0_DSA(evp.pkey); ++ const BIGNUM *bnpriv_key; ++ DSA_get0_key(dsa, NULL, &bnpriv_key); ++ return bn2bi(bnpriv_key); + } + + private slots: +@@ -2404,9 +2580,10 @@ public: + virtual void run() + { + DH *dh = DH_new(); +- dh->p = bi2bn(domain.p()); +- dh->g = bi2bn(domain.g()); +- if(!DH_generate_key(dh)) ++ BIGNUM *bnp = bi2bn(domain.p()); ++ BIGNUM *bng = bi2bn(domain.g()); ++ if(!DH_set0_pqg(dh, bnp, NULL, bng) ++ || !DH_generate_key(dh)) + { + DH_free(dh); + return; +@@ -2478,11 +2655,14 @@ public: + if(!sec) + return; + +- DH *orig = evp.pkey->pkey.dh; ++ DH *orig = EVP_PKEY_get0_DH(evp.pkey); + DH *dh = DH_new(); +- dh->p = BN_dup(orig->p); +- dh->g = BN_dup(orig->g); +- dh->pub_key = BN_dup(orig->pub_key); ++ const BIGNUM *bnp, *bng, *bnpub_key; ++ DH_get0_pqg(orig, &bnp, NULL, &bng); ++ DH_get0_key(orig, &bnpub_key, NULL); ++ ++ DH_set0_key(dh, BN_dup(bnpub_key), NULL); ++ DH_set0_pqg(dh, BN_dup(bnp), NULL, BN_dup(bng)); + + evp.reset(); + +@@ -2498,10 +2678,13 @@ public: + + virtual SymmetricKey deriveKey(const PKeyBase &theirs) + { +- DH *dh = evp.pkey->pkey.dh; +- DH *them = static_cast<const DHKey *>(&theirs)->evp.pkey->pkey.dh; ++ DH *dh = EVP_PKEY_get0_DH(evp.pkey); ++ DH *them = EVP_PKEY_get0_DH(static_cast<const DHKey *>(&theirs)->evp.pkey); ++ const BIGNUM *bnpub_key; ++ DH_get0_key(them, &bnpub_key, NULL); ++ + SecureArray result(DH_size(dh)); +- int ret = DH_compute_key((unsigned char *)result.data(), them->pub_key, dh); ++ int ret = DH_compute_key((unsigned char *)result.data(), bnpub_key, dh); + if(ret <= 0) + return SymmetricKey(); + result.resize(ret); +@@ -2531,12 +2714,13 @@ public: + evp.reset(); + + DH *dh = DH_new(); +- dh->p = bi2bn(domain.p()); +- dh->g = bi2bn(domain.g()); +- dh->pub_key = bi2bn(y); +- dh->priv_key = bi2bn(x); ++ BIGNUM *bnp = bi2bn(domain.p()); ++ BIGNUM *bng = bi2bn(domain.g()); ++ BIGNUM *bnpub_key = bi2bn(y); ++ BIGNUM *bnpriv_key = bi2bn(x); + +- if(!dh->p || !dh->g || !dh->pub_key || !dh->priv_key) ++ if(!DH_set0_key(dh, bnpub_key, bnpriv_key) ++ || !DH_set0_pqg(dh, bnp, NULL, bng)) + { + DH_free(dh); + return; +@@ -2552,11 +2736,12 @@ public: + evp.reset(); + + DH *dh = DH_new(); +- dh->p = bi2bn(domain.p()); +- dh->g = bi2bn(domain.g()); +- dh->pub_key = bi2bn(y); ++ BIGNUM *bnp = bi2bn(domain.p()); ++ BIGNUM *bng = bi2bn(domain.g()); ++ BIGNUM *bnpub_key = bi2bn(y); + +- if(!dh->p || !dh->g || !dh->pub_key) ++ if(!DH_set0_key(dh, bnpub_key, NULL) ++ || !DH_set0_pqg(dh, bnp, NULL, bng)) + { + DH_free(dh); + return; +@@ -2569,17 +2754,26 @@ public: + + virtual DLGroup domain() const + { +- return DLGroup(bn2bi(evp.pkey->pkey.dh->p), bn2bi(evp.pkey->pkey.dh->g)); ++ DH *dh = EVP_PKEY_get0_DH(evp.pkey); ++ const BIGNUM *bnp, *bng; ++ DH_get0_pqg(dh, &bnp, NULL, &bng); ++ return DLGroup(bn2bi(bnp), bn2bi(bng)); + } + + virtual BigInteger y() const + { +- return bn2bi(evp.pkey->pkey.dh->pub_key); ++ DH *dh = EVP_PKEY_get0_DH(evp.pkey); ++ const BIGNUM *bnpub_key; ++ DH_get0_key(dh, &bnpub_key, NULL); ++ return bn2bi(bnpub_key); + } + + virtual BigInteger x() const + { +- return bn2bi(evp.pkey->pkey.dh->priv_key); ++ DH *dh = EVP_PKEY_get0_DH(evp.pkey); ++ const BIGNUM *bnpriv_key; ++ DH_get0_key(dh, NULL, &bnpriv_key); ++ return bn2bi(bnpriv_key); + } + + private slots: +@@ -2618,10 +2812,14 @@ public: + { + key = _key; + RSA_set_method(rsa, rsa_method()); ++#ifndef OSSL_110 + rsa->flags |= RSA_FLAG_SIGN_VER; ++#endif + RSA_set_app_data(rsa, this); +- rsa->n = bi2bn(_key.n()); +- rsa->e = bi2bn(_key.e()); ++ BIGNUM *bnn = bi2bn(_key.n()); ++ BIGNUM *bne = bi2bn(_key.e()); ++ ++ RSA_set0_key(rsa, bnn, bne, NULL); + } + + RSA_METHOD *rsa_method() +@@ -2630,12 +2828,16 @@ public: + + if(!ops) + { +- ops = new RSA_METHOD(*RSA_get_default_method()); +- ops->rsa_priv_enc = 0;//pkcs11_rsa_encrypt; +- ops->rsa_priv_dec = rsa_priv_dec; +- ops->rsa_sign = rsa_sign; +- ops->rsa_verify = 0;//pkcs11_rsa_verify; +- ops->finish = rsa_finish; ++ ops = RSA_meth_dup(RSA_get_default_method()); ++ RSA_meth_set_priv_enc(ops, NULL); //pkcs11_rsa_encrypt ++ RSA_meth_set_priv_dec(ops, rsa_priv_dec); //pkcs11_rsa_encrypt ++#ifdef OSSL_110 ++ RSA_meth_set_sign(ops, NULL); ++#else ++ RSA_meth_set_sign(ops, rsa_sign); ++#endif ++ RSA_meth_set_verify(ops, NULL); //pkcs11_rsa_verify ++ RSA_meth_set_finish(ops, rsa_finish); + } + return ops; + } +@@ -2654,7 +2856,7 @@ public: + } + else + { +- RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT, RSA_R_UNKNOWN_PADDING_TYPE); ++ RSAerr(RSA_F_RSA_OSSL_PRIVATE_DECRYPT, RSA_R_UNKNOWN_PADDING_TYPE); + return -1; + } + +@@ -2675,6 +2877,7 @@ public: + return -1; + } + ++#ifndef OSSL_110 + static int rsa_sign(int type, const unsigned char *m, unsigned int m_len, unsigned char *sigret, unsigned int *siglen, const RSA *rsa) + { + QCA_RSA_METHOD *self = (QCA_RSA_METHOD *)RSA_get_app_data(rsa); +@@ -2691,7 +2894,6 @@ public: + } + else + { +- + // make X509 packet + X509_SIG sig; + ASN1_TYPE parameter; +@@ -2765,6 +2967,7 @@ public: + + return 1; + } ++#endif + + static int rsa_finish(RSA *rsa) + { +@@ -2866,21 +3069,22 @@ public: + PKeyBase *pkeyToBase(EVP_PKEY *pkey, bool sec) const + { + PKeyBase *nk = 0; +- if(pkey->type == EVP_PKEY_RSA) ++ int pkey_type = EVP_PKEY_type(EVP_PKEY_id(pkey)); ++ if(pkey_type == EVP_PKEY_RSA) + { + RSAKey *c = new RSAKey(provider()); + c->evp.pkey = pkey; + c->sec = sec; + nk = c; + } +- else if(pkey->type == EVP_PKEY_DSA) ++ else if(pkey_type == EVP_PKEY_DSA) + { + DSAKey *c = new DSAKey(provider()); + c->evp.pkey = pkey; + c->sec = sec; + nk = c; + } +- else if(pkey->type == EVP_PKEY_DH) ++ else if(pkey_type == EVP_PKEY_DH) + { + DHKey *c = new DHKey(provider()); + c->evp.pkey = pkey; +@@ -2898,8 +3102,10 @@ public: + { + EVP_PKEY *pkey = get_pkey(); + ++ int pkey_type = EVP_PKEY_type(EVP_PKEY_id(pkey)); ++ + // OpenSSL does not have DH import/export support +- if(pkey->type == EVP_PKEY_DH) ++ if(pkey_type == EVP_PKEY_DH) + return QByteArray(); + + BIO *bo = BIO_new(BIO_s_mem()); +@@ -2912,8 +3118,10 @@ public: + { + EVP_PKEY *pkey = get_pkey(); + ++ int pkey_type = EVP_PKEY_type(EVP_PKEY_id(pkey)); ++ + // OpenSSL does not have DH import/export support +- if(pkey->type == EVP_PKEY_DH) ++ if(pkey_type == EVP_PKEY_DH) + return QString(); + + BIO *bo = BIO_new(BIO_s_mem()); +@@ -2978,9 +3186,10 @@ public: + return SecureArray(); + + EVP_PKEY *pkey = get_pkey(); ++ int pkey_type = EVP_PKEY_type(EVP_PKEY_id(pkey)); + + // OpenSSL does not have DH import/export support +- if(pkey->type == EVP_PKEY_DH) ++ if(pkey_type == EVP_PKEY_DH) + return SecureArray(); + + BIO *bo = BIO_new(BIO_s_mem()); +@@ -3007,9 +3216,10 @@ public: + return QString(); + + EVP_PKEY *pkey = get_pkey(); ++ int pkey_type = EVP_PKEY_type(EVP_PKEY_id(pkey)); + + // OpenSSL does not have DH import/export support +- if(pkey->type == EVP_PKEY_DH) ++ if(pkey_type == EVP_PKEY_DH) + return QString(); + + BIO *bo = BIO_new(BIO_s_mem()); +@@ -3110,11 +3320,18 @@ public: + crl = from.crl; + + if(cert) +- CRYPTO_add(&cert->references, 1, CRYPTO_LOCK_X509); ++ X509_up_ref(cert); + if(req) ++ { ++#ifdef OSSL_110 ++ // Not exposed, so copy ++ req = X509_REQ_dup(req); ++#else + CRYPTO_add(&req->references, 1, CRYPTO_LOCK_X509_REQ); ++#endif ++ } + if(crl) +- CRYPTO_add(&crl->references, 1, CRYPTO_LOCK_X509_CRL); ++ X509_CRL_up_ref(crl); + } + + return *this; +@@ -3220,7 +3437,7 @@ public: + // + // This code is mostly taken from OpenSSL v0.9.5a + // by Eric Young +-QDateTime ASN1_UTCTIME_QDateTime(ASN1_UTCTIME *tm, int *isGmt) ++QDateTime ASN1_UTCTIME_QDateTime(const ASN1_UTCTIME *tm, int *isGmt) + { + QDateTime qdt; + char *v; +@@ -3318,7 +3535,7 @@ public: + + void fromX509(X509 *x) + { +- CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509); ++ X509_up_ref(x); + item.cert = x; + make_props(); + } +@@ -3349,7 +3566,7 @@ public: + if(priv.key()->type() == PKey::RSA) + md = EVP_sha1(); + else if(priv.key()->type() == PKey::DSA) +- md = EVP_dss1(); ++ md = EVP_sha1(); + else + return false; + +@@ -3480,7 +3697,7 @@ public: + + const MyCertContext *our_cc = this; + X509 *x = our_cc->item.cert; +- CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509); ++ X509_up_ref(x); + sk_X509_push(untrusted_list, x); + + const MyCertContext *other_cc = static_cast<const MyCertContext *>(other); +@@ -3595,14 +3812,21 @@ public: + p.policies = get_cert_policies(ex); + } + +- if (x->signature) ++#ifdef OSSL_110 ++ const ++#endif ++ ASN1_BIT_STRING *signature; ++ ++ X509_get0_signature(&signature, NULL, x); ++ if(signature) + { +- p.sig = QByteArray(x->signature->length, 0); +- for (int i=0; i< x->signature->length; i++) +- p.sig[i] = x->signature->data[i]; ++ p.sig = QByteArray(signature->length, 0); ++ for (int i=0; i< signature->length; i++) ++ p.sig[i] = signature->data[i]; + } + +- switch( OBJ_obj2nid(x->cert_info->signature->algorithm) ) ++ ++ switch( X509_get_signature_nid(x) ) + { + case NID_sha1WithRSAEncryption: + p.sigalgo = QCA::EMSA3_SHA1; +@@ -3634,7 +3858,7 @@ public: + p.sigalgo = QCA::EMSA3_SHA512; + break; + default: +- qDebug() << "Unknown signature value: " << OBJ_obj2nid(x->cert_info->signature->algorithm); ++ qDebug() << "Unknown signature value: " << X509_get_signature_nid(x); + p.sigalgo = QCA::SignatureUnknown; + } + +@@ -3751,7 +3975,7 @@ public: + if(privateKey -> key()->type() == PKey::RSA) + md = EVP_sha1(); + else if(privateKey -> key()->type() == PKey::DSA) +- md = EVP_dss1(); ++ md = EVP_sha1(); + else + return 0; + +@@ -3934,7 +4158,7 @@ public: + if(priv.key()->type() == PKey::RSA) + md = EVP_sha1(); + else if(priv.key()->type() == PKey::DSA) +- md = EVP_dss1(); ++ md = EVP_sha1(); + else + return false; + +@@ -4095,14 +4319,17 @@ public: + + sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free); + +- if (x->signature) ++ const ASN1_BIT_STRING *signature; ++ ++ X509_REQ_get0_signature(x, &signature, NULL); ++ if(signature) + { +- p.sig = QByteArray(x->signature->length, 0); +- for (int i=0; i< x->signature->length; i++) +- p.sig[i] = x->signature->data[i]; ++ p.sig = QByteArray(signature->length, 0); ++ for (int i=0; i< signature->length; i++) ++ p.sig[i] = signature->data[i]; + } + +- switch( OBJ_obj2nid(x->sig_alg->algorithm) ) ++ switch( X509_REQ_get_signature_nid(x) ) + { + case NID_sha1WithRSAEncryption: + p.sigalgo = QCA::EMSA3_SHA1; +@@ -4122,7 +4349,7 @@ public: + p.sigalgo = QCA::EMSA1_SHA1; + break; + default: +- qDebug() << "Unknown signature value: " << OBJ_obj2nid(x->sig_alg->algorithm); ++ qDebug() << "Unknown signature value: " << X509_REQ_get_signature_nid(x); + p.sigalgo = QCA::SignatureUnknown; + } + +@@ -4186,7 +4413,7 @@ public: + + void fromX509(X509_CRL *x) + { +- CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509_CRL); ++ X509_CRL_up_ref(x); + item.crl = x; + make_props(); + } +@@ -4238,8 +4465,8 @@ public: + + for (int i = 0; i < sk_X509_REVOKED_num(revokeStack); ++i) { + X509_REVOKED *rev = sk_X509_REVOKED_value(revokeStack, i); +- BigInteger serial = bn2bi(ASN1_INTEGER_to_BN(rev->serialNumber, NULL)); +- QDateTime time = ASN1_UTCTIME_QDateTime( rev->revocationDate, NULL); ++ BigInteger serial = bn2bi(ASN1_INTEGER_to_BN(X509_REVOKED_get0_serialNumber(rev), NULL)); ++ QDateTime time = ASN1_UTCTIME_QDateTime( X509_REVOKED_get0_revocationDate(rev), NULL); + QCA::CRLEntry::Reason reason = QCA::CRLEntry::Unspecified; + int pos = X509_REVOKED_get_ext_by_NID(rev, NID_crl_reason, -1); + if (pos != -1) { +@@ -4288,13 +4515,18 @@ public: + p.revoked.append(thisEntry); + } + +- if (x->signature) ++ const ASN1_BIT_STRING *signature; ++ ++ X509_CRL_get0_signature(x, &signature, NULL); ++ if(signature) + { +- p.sig = QByteArray(x->signature->length, 0); +- for (int i=0; i< x->signature->length; i++) +- p.sig[i] = x->signature->data[i]; ++ p.sig = QByteArray(signature->length, 0); ++ for (int i=0; i< signature->length; i++) ++ p.sig[i] = signature->data[i]; + } +- switch( OBJ_obj2nid(x->sig_alg->algorithm) ) ++ ++ ++ switch( X509_CRL_get_signature_nid(x) ) + { + case NID_sha1WithRSAEncryption: + p.sigalgo = QCA::EMSA3_SHA1; +@@ -4326,7 +4558,7 @@ public: + p.sigalgo = QCA::EMSA3_SHA512; + break; + default: +- qWarning() << "Unknown signature value: " << OBJ_obj2nid(x->sig_alg->algorithm); ++ qWarning() << "Unknown signature value: " << X509_CRL_get_signature_nid(x); + p.sigalgo = QCA::SignatureUnknown; + } + +@@ -4487,21 +4719,21 @@ Validity MyCertContext::validate(const QList<CertContext*> &trusted, const QList + { + const MyCertContext *cc = static_cast<const MyCertContext *>(trusted[n]); + X509 *x = cc->item.cert; +- CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509); ++ X509_up_ref(x); + sk_X509_push(trusted_list, x); + } + for(n = 0; n < untrusted.count(); ++n) + { + const MyCertContext *cc = static_cast<const MyCertContext *>(untrusted[n]); + X509 *x = cc->item.cert; +- CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509); ++ X509_up_ref(x); + sk_X509_push(untrusted_list, x); + } + for(n = 0; n < crls.count(); ++n) + { + const MyCRLContext *cc = static_cast<const MyCRLContext *>(crls[n]); + X509_CRL *x = cc->item.crl; +- CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509_CRL); ++ X509_CRL_up_ref(x); + crl_list.append(x); + } + +@@ -4526,7 +4758,7 @@ Validity MyCertContext::validate(const QList<CertContext*> &trusted, const QList + int ret = X509_verify_cert(ctx); + int err = -1; + if(!ret) +- err = ctx->error; ++ err = X509_STORE_CTX_get_error(ctx); + + // cleanup + X509_STORE_CTX_free(ctx); +@@ -4560,21 +4792,21 @@ Validity MyCertContext::validate_chain(const QList<CertContext*> &chain, const Q + { + const MyCertContext *cc = static_cast<const MyCertContext *>(trusted[n]); + X509 *x = cc->item.cert; +- CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509); ++ X509_up_ref(x); + sk_X509_push(trusted_list, x); + } + for(n = 1; n < chain.count(); ++n) + { + const MyCertContext *cc = static_cast<const MyCertContext *>(chain[n]); + X509 *x = cc->item.cert; +- CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509); ++ X509_up_ref(x); + sk_X509_push(untrusted_list, x); + } + for(n = 0; n < crls.count(); ++n) + { + const MyCRLContext *cc = static_cast<const MyCRLContext *>(crls[n]); + X509_CRL *x = cc->item.crl; +- CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509_CRL); ++ X509_CRL_up_ref(x); + crl_list.append(x); + } + +@@ -4599,7 +4831,7 @@ Validity MyCertContext::validate_chain(const QList<CertContext*> &chain, const Q + int ret = X509_verify_cert(ctx); + int err = -1; + if(!ret) +- err = ctx->error; ++ err = X509_STORE_CTX_get_error(ctx); + + // grab the chain, which may not be fully populated + STACK_OF(X509) *xchain = X509_STORE_CTX_get_chain(ctx); +@@ -4663,7 +4895,7 @@ public: + for(int n = 1; n < chain.count(); ++n) + { + X509 *x = static_cast<const MyCertContext *>(chain[n])->item.cert; +- CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509); ++ X509_up_ref(x); + sk_X509_push(ca, x); + } + } +@@ -5398,7 +5630,7 @@ public: + OpenSSL_add_ssl_algorithms(); + SSL_CTX *ctx = 0; + switch (version) { +-#ifndef OPENSSL_NO_SSL2 ++#if !defined(OPENSSL_NO_SSL2) && !defined(OSSL_110) + case TLS::SSL_v2: + ctx = SSL_CTX_new(SSLv2_client_method()); + break; +@@ -5429,8 +5661,8 @@ public: + STACK_OF(SSL_CIPHER) *sk = SSL_get_ciphers(ssl); + QStringList cipherList; + for(int i = 0; i < sk_SSL_CIPHER_num(sk); ++i) { +- SSL_CIPHER *thisCipher = sk_SSL_CIPHER_value(sk, i); +- cipherList += cipherIDtoString(version, thisCipher->id); ++ const SSL_CIPHER *thisCipher = sk_SSL_CIPHER_value(sk, i); ++ cipherList += cipherIDtoString(version, SSL_CIPHER_get_id(thisCipher)); + } + + SSL_free(ssl); +@@ -5807,13 +6039,15 @@ public: + { + SessionInfo sessInfo; + +- sessInfo.isCompressed = (0 != SSL_SESSION_get_compress_id(ssl->session)); ++ SSL_SESSION *session = SSL_get0_session(ssl); ++ sessInfo.isCompressed = (0 != SSL_SESSION_get_compress_id(session)); ++ int ssl_version = SSL_version(ssl); + +- if (ssl->version == TLS1_VERSION) ++ if (ssl_version == TLS1_VERSION) + sessInfo.version = TLS::TLS_v1; +- else if (ssl->version == SSL3_VERSION) ++ else if (ssl_version == SSL3_VERSION) + sessInfo.version = TLS::SSL_v3; +- else if (ssl->version == SSL2_VERSION) ++ else if (ssl_version == SSL2_VERSION) + sessInfo.version = TLS::SSL_v2; + else { + qDebug("unexpected version response"); +@@ -5821,7 +6055,7 @@ public: + } + + sessInfo.cipherSuite = cipherIDtoString( sessInfo.version, +- SSL_get_current_cipher(ssl)->id); ++ SSL_CIPHER_get_id(SSL_get_current_cipher(ssl))); + + sessInfo.cipherMaxBits = SSL_get_cipher_bits(ssl, &(sessInfo.cipherBits)); + +@@ -6393,7 +6627,7 @@ public: + for(int n = 0; n < nonroots.count(); ++n) + { + X509 *x = static_cast<MyCertContext *>(nonroots[n].context())->item.cert; +- CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509); ++ X509_up_ref(x); + sk_X509_push(other_certs, x); + } + +@@ -6435,7 +6669,7 @@ public: + + other_certs = sk_X509_new_null(); + X509 *x = static_cast<MyCertContext *>(target.context())->item.cert; +- CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509); ++ X509_up_ref(x); + sk_X509_push(other_certs, x); + + bi = BIO_new(BIO_s_mem()); +@@ -6498,7 +6732,7 @@ public: + for(int n = 0; n < untrusted_list.count(); ++n) + { + X509 *x = static_cast<MyCertContext *>(untrusted_list[n].context())->item.cert; +- CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509); ++ X509_up_ref(x); + sk_X509_push(other_certs, x); + } + +@@ -6749,14 +6983,27 @@ public: + opensslCipherContext(const EVP_CIPHER *algorithm, const int pad, Provider *p, const QString &type) : CipherContext(p, type) + { + m_cryptoAlgorithm = algorithm; +- EVP_CIPHER_CTX_init(&m_context); ++ m_context = EVP_CIPHER_CTX_new(); ++ EVP_CIPHER_CTX_init(m_context); + m_pad = pad; + m_type = type; + } + ++ opensslCipherContext(const opensslCipherContext &other) ++ : CipherContext(other) ++ { ++ m_cryptoAlgorithm = other.m_cryptoAlgorithm; ++ m_context = EVP_CIPHER_CTX_new(); ++ EVP_CIPHER_CTX_copy(m_context, other.m_context); ++ m_direction = other.m_direction; ++ m_pad = other.m_pad; ++ m_type = other.m_type; ++ } ++ + ~opensslCipherContext() + { +- EVP_CIPHER_CTX_cleanup(&m_context); ++ EVP_CIPHER_CTX_cleanup(m_context); ++ EVP_CIPHER_CTX_free(m_context); + } + + void setup(Direction dir, +@@ -6769,20 +7016,20 @@ public: + m_cryptoAlgorithm = EVP_des_ede(); + } + if (Encode == m_direction) { +- EVP_EncryptInit_ex(&m_context, m_cryptoAlgorithm, 0, 0, 0); +- EVP_CIPHER_CTX_set_key_length(&m_context, key.size()); +- EVP_EncryptInit_ex(&m_context, 0, 0, ++ EVP_EncryptInit_ex(m_context, m_cryptoAlgorithm, 0, 0, 0); ++ EVP_CIPHER_CTX_set_key_length(m_context, key.size()); ++ EVP_EncryptInit_ex(m_context, 0, 0, + (const unsigned char*)(key.data()), + (const unsigned char*)(iv.data())); + } else { +- EVP_DecryptInit_ex(&m_context, m_cryptoAlgorithm, 0, 0, 0); +- EVP_CIPHER_CTX_set_key_length(&m_context, key.size()); +- EVP_DecryptInit_ex(&m_context, 0, 0, ++ EVP_DecryptInit_ex(m_context, m_cryptoAlgorithm, 0, 0, 0); ++ EVP_CIPHER_CTX_set_key_length(m_context, key.size()); ++ EVP_DecryptInit_ex(m_context, 0, 0, + (const unsigned char*)(key.data()), + (const unsigned char*)(iv.data())); + } + +- EVP_CIPHER_CTX_set_padding(&m_context, m_pad); ++ EVP_CIPHER_CTX_set_padding(m_context, m_pad); + } + + Provider::Context *clone() const +@@ -6792,7 +7039,7 @@ public: + + int blockSize() const + { +- return EVP_CIPHER_CTX_block_size(&m_context); ++ return EVP_CIPHER_CTX_block_size(m_context); + } + + bool update(const SecureArray &in, SecureArray *out) +@@ -6805,7 +7052,7 @@ public: + out->resize(in.size()+blockSize()); + int resultLength; + if (Encode == m_direction) { +- if (0 == EVP_EncryptUpdate(&m_context, ++ if (0 == EVP_EncryptUpdate(m_context, + (unsigned char*)out->data(), + &resultLength, + (unsigned char*)in.data(), +@@ -6813,7 +7060,7 @@ public: + return false; + } + } else { +- if (0 == EVP_DecryptUpdate(&m_context, ++ if (0 == EVP_DecryptUpdate(m_context, + (unsigned char*)out->data(), + &resultLength, + (unsigned char*)in.data(), +@@ -6830,13 +7077,13 @@ public: + out->resize(blockSize()); + int resultLength; + if (Encode == m_direction) { +- if (0 == EVP_EncryptFinal_ex(&m_context, ++ if (0 == EVP_EncryptFinal_ex(m_context, + (unsigned char*)out->data(), + &resultLength)) { + return false; + } + } else { +- if (0 == EVP_DecryptFinal_ex(&m_context, ++ if (0 == EVP_DecryptFinal_ex(m_context, + (unsigned char*)out->data(), + &resultLength)) { + return false; +@@ -6871,7 +7118,7 @@ public: + + + protected: +- EVP_CIPHER_CTX m_context; ++ EVP_CIPHER_CTX *m_context; + const EVP_CIPHER *m_cryptoAlgorithm; + Direction m_direction; + int m_pad; +diff --git a/unittest/tls/tlsunittest.cpp b/unittest/tls/tlsunittest.cpp +index fb8fa10..5e88002 100644 +--- a/unittest/tls/tlsunittest.cpp ++++ b/unittest/tls/tlsunittest.cpp +@@ -60,15 +60,16 @@ void TLSUnitTest::testCipherList() + QCA::TLS *tls = new QCA::TLS(QCA::TLS::Stream, 0, "qca-ossl"); + QStringList cipherList = tls->supportedCipherSuites(QCA::TLS::TLS_v1); + QVERIFY( cipherList.contains("TLS_DHE_RSA_WITH_AES_256_CBC_SHA") ); +- QVERIFY( cipherList.contains("TLS_DHE_DSS_WITH_AES_256_CBC_SHA") ); + QVERIFY( cipherList.contains("TLS_RSA_WITH_AES_256_CBC_SHA") ); +- QVERIFY( cipherList.contains("TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA") ); +- QVERIFY( cipherList.contains("TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA") ); +- QVERIFY( cipherList.contains("TLS_RSA_WITH_3DES_EDE_CBC_SHA") ); + QVERIFY( cipherList.contains("TLS_DHE_RSA_WITH_AES_128_CBC_SHA") ); +- QVERIFY( cipherList.contains("TLS_DHE_DSS_WITH_AES_128_CBC_SHA") ); +- QVERIFY( cipherList.contains("TLS_RSA_WITH_AES_128_CBC_SHA") ); +- QVERIFY( cipherList.contains("TLS_RSA_WITH_RC4_128_SHA") ); ++ ++ // openSUSE TW OpenSSL 1.1 does not have this ++ // QVERIFY( cipherList.contains("TLS_DHE_DSS_WITH_AES_256_CBC_SHA") ); ++ // QVERIFY( cipherList.contains("TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA") ); ++ // QVERIFY( cipherList.contains("TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA") ); ++ // QVERIFY( cipherList.contains("TLS_RSA_WITH_3DES_EDE_CBC_SHA") ); ++ // QVERIFY( cipherList.contains("TLS_RSA_WITH_AES_128_CBC_SHA") ); ++ // QVERIFY( cipherList.contains("TLS_DHE_DSS_WITH_AES_128_CBC_SHA") ); + + // Fedora 22 has no TLS_RSA_WITH_RC4_128_MD5 + // QVERIFY( cipherList.contains("TLS_RSA_WITH_RC4_128_MD5") ); +@@ -87,17 +88,17 @@ void TLSUnitTest::testCipherList() + // QVERIFY( cipherList.contains("TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5") ); + // QVERIFY( cipherList.contains("TLS_RSA_EXPORT_WITH_RC4_40_MD5") ); + +- cipherList = tls->supportedCipherSuites(QCA::TLS::SSL_v3); +- QVERIFY( cipherList.contains("SSL_DHE_RSA_WITH_AES_256_CBC_SHA") ); +- QVERIFY( cipherList.contains("SSL_DHE_DSS_WITH_AES_256_CBC_SHA") ); +- QVERIFY( cipherList.contains("SSL_RSA_WITH_AES_256_CBC_SHA") ); +- QVERIFY( cipherList.contains("SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA") ); +- QVERIFY( cipherList.contains("SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA") ); +- QVERIFY( cipherList.contains("SSL_RSA_WITH_3DES_EDE_CBC_SHA") ); +- QVERIFY( cipherList.contains("SSL_DHE_RSA_WITH_AES_128_CBC_SHA") ); +- QVERIFY( cipherList.contains("SSL_DHE_DSS_WITH_AES_128_CBC_SHA") ); +- QVERIFY( cipherList.contains("SSL_RSA_WITH_AES_128_CBC_SHA") ); +- QVERIFY( cipherList.contains("SSL_RSA_WITH_RC4_128_SHA") ); ++ // OpenSSL 1.1 in openSUSE TW has it disabled by default ++ // cipherList = tls->supportedCipherSuites(QCA::TLS::SSL_v3); ++ // QVERIFY( cipherList.contains("SSL_DHE_RSA_WITH_AES_256_CBC_SHA") ); ++ // QVERIFY( cipherList.contains("SSL_DHE_DSS_WITH_AES_256_CBC_SHA") ); ++ // QVERIFY( cipherList.contains("SSL_RSA_WITH_AES_256_CBC_SHA") ); ++ // QVERIFY( cipherList.contains("SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA") ); ++ // QVERIFY( cipherList.contains("SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA") ); ++ // QVERIFY( cipherList.contains("SSL_RSA_WITH_3DES_EDE_CBC_SHA") ); ++ // QVERIFY( cipherList.contains("SSL_DHE_RSA_WITH_AES_128_CBC_SHA") ); ++ // QVERIFY( cipherList.contains("SSL_DHE_DSS_WITH_AES_128_CBC_SHA") ); ++ // QVERIFY( cipherList.contains("SSL_RSA_WITH_AES_128_CBC_SHA") ); + + // Fedora 22 has no SSL_RSA_WITH_RC4_128_MD5 + // QVERIFY( cipherList.contains("SSL_RSA_WITH_RC4_128_MD5") ); |