diff options
8 files changed, 1902 insertions, 0 deletions
diff --git a/dev-libs/xml-security-c/Manifest b/dev-libs/xml-security-c/Manifest new file mode 100644 index 0000000..b9afed8 --- /dev/null +++ b/dev-libs/xml-security-c/Manifest @@ -0,0 +1,2 @@ +DIST xml-security-c-1.7.3.tar.gz 909320 SHA256 e5226e7319d44f6fd9147a13fb853f5c711b9e75bf60ec273a0ef8a190592583 SHA512 ea46709d6706edf345e19132d9998774e50dc7b5947a7b4a55e3627998f5ac66f976fdff0a5015ef3cee73c03c04f3c4cf993efd397082491c2000c6548b89d2 WHIRLPOOL 5aba039916ffabdb6394c5a97ce10027a546cbba9b7978bfde06db22ee48e6820a42db9d1e1095fc2ef7235cb2e6f948bbe3fd6dcaf5e99f16316111a28a717b +DIST xml-security-c-2.0.2.tar.gz 904933 SHA256 c303a2b08cb9ca0f5594adcbb83829b1e793175d7114a82f7d78def8bb2e30df SHA512 bebadee2daf27181f5bcc955a909397976e8fd2e67f5e546f5adbede0ca790647cbec9181b0b609da59d525ff3baa9f899af2a3d815bc7a2f3a57bd8b30c011b WHIRLPOOL 4de367df8faf30c626c024424cc0044db5e29ccdb542c0b6ea94bfb48fe1c157a6bfa73300281a1ab50e96f085289b46cf8da410fdabad212ec22c3ad5cb95b2 diff --git a/dev-libs/xml-security-c/files/xml-security-c-1.6.1-nss-compilation-fix.patch b/dev-libs/xml-security-c/files/xml-security-c-1.6.1-nss-compilation-fix.patch new file mode 100644 index 0000000..1635d6b --- /dev/null +++ b/dev-libs/xml-security-c/files/xml-security-c-1.6.1-nss-compilation-fix.patch @@ -0,0 +1,13 @@ +diff --git a/xsec/tools/xtest/xtest.cpp b/xsec/tools/xtest/xtest.cpp +index ec40cb2..9cd389e 100644 +--- a/xsec/tools/xtest/xtest.cpp ++++ b/xsec/tools/xtest/xtest.cpp +@@ -2566,7 +2566,7 @@ int main(int argc, char **argv) { + } + #endif + #if defined(XSEC_HAVE_NSS) +- else if (stricmp(argv[paramCount], "--nss") == 0 || stricmp(argv[paramCount], "-n") == 0) { ++ else if (_stricmp(argv[paramCount], "--nss") == 0 || _stricmp(argv[paramCount], "-n") == 0) { + g_useNSS = true; + paramCount++; + } diff --git a/dev-libs/xml-security-c/files/xml-security-c-1.7.3-fix-c++14.patch b/dev-libs/xml-security-c/files/xml-security-c-1.7.3-fix-c++14.patch new file mode 100644 index 0000000..40783bf --- /dev/null +++ b/dev-libs/xml-security-c/files/xml-security-c-1.7.3-fix-c++14.patch @@ -0,0 +1,36 @@ +Fix building with C++14, which errors out due to bool -> T* conversions +See also: https://bugs.gentoo.org/show_bug.cgi?id=594234 + +--- a/xsec/enc/OpenSSL/OpenSSLCryptoSymmetricKey.hpp ++++ b/xsec/enc/OpenSSL/OpenSSLCryptoSymmetricKey.hpp +@@ -151,7 +151,7 @@ + SymmetricKeyMode mode = MODE_CBC, + const unsigned char * iv = NULL, + const unsigned char* tag = NULL, +- unsigned int taglen = NULL); ++ unsigned int taglen = 0); + + /** + * \brief Continue an decrypt operation using this key. +--- a/xsec/enc/XSECCryptoSymmetricKey.hpp ++++ b/xsec/enc/XSECCryptoSymmetricKey.hpp +@@ -185,7 +185,7 @@ + SymmetricKeyMode mode = MODE_CBC, + const unsigned char* iv = NULL, + const unsigned char* tag = NULL, +- unsigned int taglen = NULL) = 0; ++ unsigned int taglen = 0) = 0; + + /** + * \brief Continue a decrypt operation using this key. +--- a/xsec/tools/checksig/InteropResolver.cpp ++++ b/xsec/tools/checksig/InteropResolver.cpp +@@ -645,7 +645,7 @@ + + } + +- return false; ++ return NULL; + + } + diff --git a/dev-libs/xml-security-c/files/xml-security-c-1.7.3_openssl1.1.patch b/dev-libs/xml-security-c/files/xml-security-c-1.7.3_openssl1.1.patch new file mode 100644 index 0000000..d4b1886 --- /dev/null +++ b/dev-libs/xml-security-c/files/xml-security-c-1.7.3_openssl1.1.patch @@ -0,0 +1,1701 @@ +diff -U3 -r xml-security-c-1.7.3.orig/xsec/enc/OpenSSL/OpenSSLCryptoBase64.cpp xml-security-c-1.7.3/xsec/enc/OpenSSL/OpenSSLCryptoBase64.cpp +--- xml-security-c-1.7.3.orig/xsec/enc/OpenSSL/OpenSSLCryptoBase64.cpp 2012-07-23 19:56:11.000000000 +0300 ++++ xml-security-c-1.7.3/xsec/enc/OpenSSL/OpenSSLCryptoBase64.cpp 2017-02-19 20:37:10.000000000 +0200 +@@ -44,6 +44,15 @@ + + XERCES_CPP_NAMESPACE_USE + ++OpenSSLCryptoBase64::OpenSSLCryptoBase64() { ++ m_ectx = EVP_ENCODE_CTX_new(); ++ m_dctx = EVP_ENCODE_CTX_new(); ++} ++ ++OpenSSLCryptoBase64::~OpenSSLCryptoBase64() { ++ EVP_ENCODE_CTX_free(m_ectx); ++ EVP_ENCODE_CTX_free(m_dctx); ++} + + // -------------------------------------------------------------------------------- + // Decoding +@@ -51,7 +60,7 @@ + + void OpenSSLCryptoBase64::decodeInit(void) { + +- EVP_DecodeInit(&m_dctx); ++ EVP_DecodeInit(m_dctx); + + } + +@@ -70,7 +79,7 @@ + + } + +- rc = EVP_DecodeUpdate(&m_dctx, ++ rc = EVP_DecodeUpdate(m_dctx, + outData, + &outLen, + (unsigned char *) inData, +@@ -99,7 +108,7 @@ + int outLen; + outLen = outLength; + +- EVP_DecodeFinal(&m_dctx, outData, &outLen); ++ EVP_DecodeFinal(m_dctx, outData, &outLen); + + return outLen; + +@@ -111,7 +120,7 @@ + + void OpenSSLCryptoBase64::encodeInit(void) { + +- EVP_EncodeInit(&m_ectx); ++ EVP_EncodeInit(m_ectx); + + } + +@@ -130,7 +139,7 @@ + + } + +- EVP_EncodeUpdate(&m_ectx, ++ EVP_EncodeUpdate(m_ectx, + outData, + &outLen, + (unsigned char *) inData, +@@ -153,7 +162,7 @@ + int outLen; + outLen = outLength; + +- EVP_EncodeFinal(&m_ectx, outData, &outLen); ++ EVP_EncodeFinal(m_ectx, outData, &outLen); + + return outLen; + +diff -U3 -r xml-security-c-1.7.3.orig/xsec/enc/OpenSSL/OpenSSLCryptoBase64.hpp xml-security-c-1.7.3/xsec/enc/OpenSSL/OpenSSLCryptoBase64.hpp +--- xml-security-c-1.7.3.orig/xsec/enc/OpenSSL/OpenSSLCryptoBase64.hpp 2012-07-23 19:56:11.000000000 +0300 ++++ xml-security-c-1.7.3/xsec/enc/OpenSSL/OpenSSLCryptoBase64.hpp 2017-02-19 10:46:50.000000000 +0200 +@@ -66,8 +66,8 @@ + public : + + +- OpenSSLCryptoBase64() {}; +- virtual ~OpenSSLCryptoBase64() {}; ++ OpenSSLCryptoBase64(); ++ virtual ~OpenSSLCryptoBase64(); + + /** @name Decoding Functions */ + //@{ +@@ -189,20 +189,20 @@ + * \brief Get OpenSSL encode context structure + */ + +- EVP_ENCODE_CTX * getOpenSSLEncodeEVP_ENCODE_CTX(void) {return &m_ectx;} ++ EVP_ENCODE_CTX * getOpenSSLEncodeEVP_ENCODE_CTX(void) {return m_ectx;} + + /** + * \brief Get OpenSSL encode context structure + */ + +- EVP_ENCODE_CTX * getOpenSSLDecodeEVP_ENCODE_CTX(void) {return &m_dctx;} ++ EVP_ENCODE_CTX * getOpenSSLDecodeEVP_ENCODE_CTX(void) {return m_dctx;} + + //@} + + private : + +- EVP_ENCODE_CTX m_ectx; // Encode context +- EVP_ENCODE_CTX m_dctx; // Decode context ++ EVP_ENCODE_CTX *m_ectx; // Encode context ++ EVP_ENCODE_CTX *m_dctx; // Decode context + + }; + +diff -U3 -r xml-security-c-1.7.3.orig/xsec/enc/OpenSSL/OpenSSLCryptoHash.cpp xml-security-c-1.7.3/xsec/enc/OpenSSL/OpenSSLCryptoHash.cpp +--- xml-security-c-1.7.3.orig/xsec/enc/OpenSSL/OpenSSLCryptoHash.cpp 2012-07-23 19:56:11.000000000 +0300 ++++ xml-security-c-1.7.3/xsec/enc/OpenSSL/OpenSSLCryptoHash.cpp 2017-02-19 20:48:48.000000000 +0200 +@@ -40,6 +40,7 @@ + + OpenSSLCryptoHash::OpenSSLCryptoHash(HashType alg) { + ++ m_mdctx = EVP_MD_CTX_create(); + switch (alg) { + + case (XSECCryptoHash::HASH_SHA1) : +@@ -104,7 +105,7 @@ + "OpenSSL:Hash - Error loading Message Digest"); + } + +- EVP_DigestInit(&m_mdctx, mp_md); ++ EVP_DigestInit(m_mdctx, mp_md); + m_hashType = alg; + + } +@@ -112,7 +113,7 @@ + + OpenSSLCryptoHash::~OpenSSLCryptoHash() { + +- EVP_MD_CTX_cleanup(&m_mdctx); ++ EVP_MD_CTX_free(m_mdctx); + + } + +@@ -121,16 +122,16 @@ + // Hashing Activities + void OpenSSLCryptoHash::reset(void) { + +- EVP_MD_CTX_cleanup(&m_mdctx); +- +- EVP_DigestInit(&m_mdctx, mp_md); ++ EVP_MD_CTX_free(m_mdctx); ++ m_mdctx = EVP_MD_CTX_new(); ++ EVP_DigestInit(m_mdctx, mp_md); + + } + + void OpenSSLCryptoHash::hash(unsigned char * data, + unsigned int length) { + +- EVP_DigestUpdate(&m_mdctx, data, length); ++ EVP_DigestUpdate(m_mdctx, data, length); + + } + unsigned int OpenSSLCryptoHash::finish(unsigned char * hash, +@@ -140,7 +141,7 @@ + + // Finish up and copy out hash, returning the length + +- EVP_DigestFinal(&m_mdctx, m_mdValue, &m_mdLen); ++ EVP_DigestFinal(m_mdctx, m_mdValue, &m_mdLen); + + // Copy to output buffer + +diff -U3 -r xml-security-c-1.7.3.orig/xsec/enc/OpenSSL/OpenSSLCryptoHash.hpp xml-security-c-1.7.3/xsec/enc/OpenSSL/OpenSSLCryptoHash.hpp +--- xml-security-c-1.7.3.orig/xsec/enc/OpenSSL/OpenSSLCryptoHash.hpp 2012-07-23 19:56:11.000000000 +0300 ++++ xml-security-c-1.7.3/xsec/enc/OpenSSL/OpenSSLCryptoHash.hpp 2017-02-19 10:42:32.000000000 +0200 +@@ -138,7 +138,7 @@ + * \brief Get OpenSSL hash context structure + */ + +- EVP_MD_CTX * getOpenSSLEVP_MD_CTX(void) {return &m_mdctx;} ++ EVP_MD_CTX * getOpenSSLEVP_MD_CTX(void) {return m_mdctx;} + + //@} + +@@ -148,7 +148,7 @@ + // Not implemented constructors + OpenSSLCryptoHash(); + +- EVP_MD_CTX m_mdctx; // Context for digest ++ EVP_MD_CTX *m_mdctx; // Context for digest + const EVP_MD * mp_md; // Digest instance + unsigned char m_mdValue[EVP_MAX_MD_SIZE]; // Final output + unsigned int m_mdLen; // Length of digest +diff -U3 -r xml-security-c-1.7.3.orig/xsec/enc/OpenSSL/OpenSSLCryptoHashHMAC.cpp xml-security-c-1.7.3/xsec/enc/OpenSSL/OpenSSLCryptoHashHMAC.cpp +--- xml-security-c-1.7.3.orig/xsec/enc/OpenSSL/OpenSSLCryptoHashHMAC.cpp 2012-07-23 19:56:11.000000000 +0300 ++++ xml-security-c-1.7.3/xsec/enc/OpenSSL/OpenSSLCryptoHashHMAC.cpp 2017-02-19 20:50:03.000000000 +0200 +@@ -43,6 +43,7 @@ + OpenSSLCryptoHashHMAC::OpenSSLCryptoHashHMAC(HashType alg) { + + // Initialise the digest ++ m_hctx = HMAC_CTX_new(); + + switch (alg) { + +@@ -127,7 +128,7 @@ + m_keyLen = ((XSECCryptoKeyHMAC *) key)->getKey(m_keyBuf); + + +- HMAC_Init(&m_hctx, ++ HMAC_Init(m_hctx, + m_keyBuf.rawBuffer(), + m_keyLen, + mp_md); +@@ -139,7 +140,7 @@ + OpenSSLCryptoHashHMAC::~OpenSSLCryptoHashHMAC() { + + if (m_initialised) +- HMAC_CTX_cleanup(&m_hctx); ++ HMAC_CTX_free(m_hctx); + + } + +@@ -151,9 +152,9 @@ + + if (m_initialised) { + +- HMAC_CTX_cleanup(&m_hctx); +- +- HMAC_Init(&m_hctx, ++ HMAC_CTX_free(m_hctx); ++ m_hctx = HMAC_CTX_new(); ++ HMAC_Init(m_hctx, + m_keyBuf.rawBuffer(), + m_keyLen, + mp_md); +@@ -170,7 +171,7 @@ + "OpenSSL:HashHMAC - hash called prior to setKey"); + + +- HMAC_Update(&m_hctx, data, (int) length); ++ HMAC_Update(m_hctx, data, (int) length); + + } + +@@ -181,7 +182,7 @@ + + // Finish up and copy out hash, returning the length + +- HMAC_Final(&m_hctx, m_mdValue, &m_mdLen); ++ HMAC_Final(m_hctx, m_mdValue, &m_mdLen); + + // Copy to output buffer + +diff -U3 -r xml-security-c-1.7.3.orig/xsec/enc/OpenSSL/OpenSSLCryptoHashHMAC.hpp xml-security-c-1.7.3/xsec/enc/OpenSSL/OpenSSLCryptoHashHMAC.hpp +--- xml-security-c-1.7.3.orig/xsec/enc/OpenSSL/OpenSSLCryptoHashHMAC.hpp 2012-07-23 19:56:11.000000000 +0300 ++++ xml-security-c-1.7.3/xsec/enc/OpenSSL/OpenSSLCryptoHashHMAC.hpp 2017-02-19 10:50:19.000000000 +0200 +@@ -162,7 +162,7 @@ + * \brief Get OpenSSL Hash Context + */ + +- HMAC_CTX * getOpenSSLHMAC_CTX(void) {return &m_hctx;} ++ HMAC_CTX * getOpenSSLHMAC_CTX(void) {return m_hctx;} + + //@} + +@@ -175,7 +175,7 @@ + unsigned char m_mdValue[EVP_MAX_MD_SIZE]; // Final output + unsigned int m_mdLen; // Length of digest + HashType m_hashType; // What type of hash is this? +- HMAC_CTX m_hctx; // Context for HMAC ++ HMAC_CTX *m_hctx; // Context for HMAC + safeBuffer m_keyBuf; // The loaded key + unsigned int m_keyLen; // The loaded key length + bool m_initialised; +diff -U3 -r xml-security-c-1.7.3.orig/xsec/enc/OpenSSL/OpenSSLCryptoKeyDSA.cpp xml-security-c-1.7.3/xsec/enc/OpenSSL/OpenSSLCryptoKeyDSA.cpp +--- xml-security-c-1.7.3.orig/xsec/enc/OpenSSL/OpenSSLCryptoKeyDSA.cpp 2015-01-29 04:52:17.000000000 +0200 ++++ xml-security-c-1.7.3/xsec/enc/OpenSSL/OpenSSLCryptoKeyDSA.cpp 2017-02-19 22:39:29.000000000 +0200 +@@ -64,13 +64,15 @@ + if (mp_dsaKey == NULL) + return KEY_NONE; + +- if (mp_dsaKey->priv_key != NULL && mp_dsaKey->pub_key != NULL) ++ const BIGNUM *pub_key = 0, *priv_key = 0; ++ DSA_get0_key(mp_dsaKey, &pub_key, &priv_key); ++ if (priv_key != NULL && pub_key != NULL) + return KEY_DSA_PAIR; + +- if (mp_dsaKey->priv_key != NULL) ++ if (priv_key != NULL) + return KEY_DSA_PRIVATE; + +- if (mp_dsaKey->pub_key != NULL) ++ if (pub_key != NULL) + return KEY_DSA_PUBLIC; + + return KEY_NONE; +@@ -82,7 +84,7 @@ + if (mp_dsaKey == NULL) + mp_dsaKey = DSA_new(); + +- mp_dsaKey->p = OpenSSLCryptoBase64::b642BN((char *) b64, len); ++ DSA_set0_pqg(mp_dsaKey, OpenSSLCryptoBase64::b642BN((char *) b64, len), 0, 0); + + } + +@@ -91,7 +93,7 @@ + if (mp_dsaKey == NULL) + mp_dsaKey = DSA_new(); + +- mp_dsaKey->q = OpenSSLCryptoBase64::b642BN((char *) b64, len); ++ DSA_set0_pqg(mp_dsaKey, 0, OpenSSLCryptoBase64::b642BN((char *) b64, len), 0); + + } + +@@ -100,7 +102,7 @@ + if (mp_dsaKey == NULL) + mp_dsaKey = DSA_new(); + +- mp_dsaKey->g = OpenSSLCryptoBase64::b642BN((char *) b64, len); ++ DSA_set0_pqg(mp_dsaKey, 0, 0, OpenSSLCryptoBase64::b642BN((char *) b64, len)); + + } + +@@ -109,7 +111,7 @@ + if (mp_dsaKey == NULL) + mp_dsaKey = DSA_new(); + +- mp_dsaKey->pub_key = OpenSSLCryptoBase64::b642BN((char *) b64, len); ++ DSA_set0_key(mp_dsaKey, OpenSSLCryptoBase64::b642BN((char *) b64, len), 0); + + } + +@@ -130,20 +132,15 @@ + + mp_dsaKey = DSA_new(); + +- if (k == NULL || k->type != EVP_PKEY_DSA) ++ if (k == NULL || EVP_PKEY_base_id(k) != EVP_PKEY_DSA) + return; // Nothing to do with us + +- +- if (k->pkey.dsa->p) +- mp_dsaKey->p = BN_dup(k->pkey.dsa->p); +- if (k->pkey.dsa->q) +- mp_dsaKey->q = BN_dup(k->pkey.dsa->q); +- if (k->pkey.dsa->g) +- mp_dsaKey->g = BN_dup(k->pkey.dsa->g); +- if (k->pkey.dsa->pub_key) +- mp_dsaKey->pub_key = BN_dup(k->pkey.dsa->pub_key); +- if (k->pkey.dsa->priv_key) +- mp_dsaKey->priv_key = BN_dup(k->pkey.dsa->priv_key); ++ DSA *dsa = EVP_PKEY_get0_DSA(k); ++ const BIGNUM *p = 0, *q = 0, *g = 0, *pub_key = 0, *priv_key = 0; ++ DSA_get0_pqg(dsa, &p, &q, &g); ++ DSA_get0_key(dsa, &pub_key, &priv_key); ++ DSA_set0_pqg(mp_dsaKey, BN_dup(p), BN_dup(q), BN_dup(g)); ++ DSA_set0_key(mp_dsaKey, BN_dup(pub_key), BN_dup(priv_key)); + + } + +@@ -175,9 +172,9 @@ + unsigned char* sigVal = new unsigned char[sigLen + 1]; + ArrayJanitor<unsigned char> j_sigVal(sigVal); + +- EVP_ENCODE_CTX m_dctx; +- EVP_DecodeInit(&m_dctx); +- int rc = EVP_DecodeUpdate(&m_dctx, ++ EVP_ENCODE_CTX *m_dctx = EVP_ENCODE_CTX_new(); ++ EVP_DecodeInit(m_dctx); ++ int rc = EVP_DecodeUpdate(m_dctx, + sigVal, + &sigValLen, + (unsigned char *) cleanedBase64Signature, +@@ -190,7 +187,8 @@ + } + int t = 0; + +- EVP_DecodeFinal(&m_dctx, &sigVal[sigValLen], &t); ++ EVP_DecodeFinal(m_dctx, &sigVal[sigValLen], &t); ++ EVP_ENCODE_CTX_free(m_dctx); + + sigValLen += t; + +@@ -223,12 +221,7 @@ + } + + DSA_SIG * dsa_sig = DSA_SIG_new(); +- +- dsa_sig->r = BN_dup(R); +- dsa_sig->s = BN_dup(S); +- +- BN_free(R); +- BN_free(S); ++ DSA_SIG_set0(dsa_sig, R, S); + + // Now we have a signature and a key - lets check + +@@ -267,6 +260,8 @@ + DSA_SIG * dsa_sig; + + dsa_sig = DSA_do_sign(hashBuf, hashLen, mp_dsaKey); ++ const BIGNUM *r = 0, *s = 0; ++ DSA_SIG_get0(dsa_sig, &r, &s); + + if (dsa_sig == NULL) { + +@@ -277,10 +272,10 @@ + + // Now turn the signature into a base64 string + +- unsigned char* rawSigBuf = new unsigned char[(BN_num_bits(dsa_sig->r) + BN_num_bits(dsa_sig->s) + 7) / 8]; ++ unsigned char* rawSigBuf = new unsigned char[(BN_num_bits(r) + BN_num_bits(s) + 7) / 8]; + ArrayJanitor<unsigned char> j_sigbuf(rawSigBuf); + +- unsigned int rawLen = BN_bn2bin(dsa_sig->r, rawSigBuf); ++ unsigned int rawLen = BN_bn2bin(r, rawSigBuf); + + if (rawLen <= 0) { + +@@ -289,7 +284,7 @@ + + } + +- unsigned int rawLenS = BN_bn2bin(dsa_sig->s, (unsigned char *) &rawSigBuf[rawLen]); ++ unsigned int rawLenS = BN_bn2bin(s, (unsigned char *) &rawSigBuf[rawLen]); + + if (rawLenS <= 0) { + +@@ -339,16 +334,11 @@ + ret->mp_dsaKey = DSA_new(); + + // Duplicate parameters +- if (mp_dsaKey->p) +- ret->mp_dsaKey->p = BN_dup(mp_dsaKey->p); +- if (mp_dsaKey->q) +- ret->mp_dsaKey->q = BN_dup(mp_dsaKey->q); +- if (mp_dsaKey->g) +- ret->mp_dsaKey->g = BN_dup(mp_dsaKey->g); +- if (mp_dsaKey->pub_key) +- ret->mp_dsaKey->pub_key = BN_dup(mp_dsaKey->pub_key); +- if (mp_dsaKey->priv_key) +- ret->mp_dsaKey->priv_key = BN_dup(mp_dsaKey->priv_key); ++ const BIGNUM *p = 0, *q = 0, *g = 0, *pub_key = 0, *priv_key = 0; ++ DSA_get0_pqg(mp_dsaKey, &p, &q, &g); ++ DSA_get0_key(mp_dsaKey, &pub_key, &priv_key); ++ DSA_set0_pqg(ret->mp_dsaKey, BN_dup(p), BN_dup(q), BN_dup(g)); ++ DSA_set0_key(ret->mp_dsaKey, BN_dup(pub_key), BN_dup(priv_key)); + + return ret; + +diff -U3 -r xml-security-c-1.7.3.orig/xsec/enc/OpenSSL/OpenSSLCryptoKeyEC.cpp xml-security-c-1.7.3/xsec/enc/OpenSSL/OpenSSLCryptoKeyEC.cpp +--- xml-security-c-1.7.3.orig/xsec/enc/OpenSSL/OpenSSLCryptoKeyEC.cpp 2015-02-03 02:57:48.000000000 +0200 ++++ xml-security-c-1.7.3/xsec/enc/OpenSSL/OpenSSLCryptoKeyEC.cpp 2017-02-19 21:57:57.000000000 +0200 +@@ -128,10 +128,10 @@ + + // Create a new key to be loaded as we go + +- if (k == NULL || k->type != EVP_PKEY_EC) ++ if (k == NULL || EVP_PKEY_base_id(k) != EVP_PKEY_EC) + return; // Nothing to do with us + +- mp_ecKey = EC_KEY_dup(k->pkey.ec); ++ mp_ecKey = EC_KEY_dup(EVP_PKEY_get0_EC_KEY(k)); + } + + // -------------------------------------------------------------------------------- +@@ -162,9 +162,9 @@ + unsigned char* sigVal = new unsigned char[sigLen + 1]; + ArrayJanitor<unsigned char> j_sigVal(sigVal); + +- EVP_ENCODE_CTX m_dctx; +- EVP_DecodeInit(&m_dctx); +- int rc = EVP_DecodeUpdate(&m_dctx, ++ EVP_ENCODE_CTX *m_dctx = EVP_ENCODE_CTX_new(); ++ EVP_DecodeInit(m_dctx); ++ int rc = EVP_DecodeUpdate(m_dctx, + sigVal, + &sigValLen, + (unsigned char *) cleanedBase64Signature, +@@ -177,7 +177,8 @@ + } + int t = 0; + +- EVP_DecodeFinal(&m_dctx, &sigVal[sigValLen], &t); ++ EVP_DecodeFinal(m_dctx, &sigVal[sigValLen], &t); ++ EVP_ENCODE_CTX_free(m_dctx); + + sigValLen += t; + +@@ -189,8 +190,9 @@ + // Translate to BNs by splitting in half, and thence to ECDSA_SIG + + ECDSA_SIG * dsa_sig = ECDSA_SIG_new(); +- dsa_sig->r = BN_bin2bn(sigVal, sigValLen / 2, NULL); +- dsa_sig->s = BN_bin2bn(&sigVal[sigValLen / 2], sigValLen / 2, NULL); ++ ECDSA_SIG_set0(dsa_sig, ++ BN_bin2bn(sigVal, sigValLen / 2, NULL), ++ BN_bin2bn(&sigVal[sigValLen / 2], sigValLen / 2, NULL)); + + // Now we have a signature and a key - lets check + +@@ -228,6 +230,8 @@ + ECDSA_SIG * dsa_sig; + + dsa_sig = ECDSA_do_sign(hashBuf, hashLen, mp_ecKey); ++ const BIGNUM *r, *s; ++ ECDSA_SIG_get0(dsa_sig, &r, &s); + + if (dsa_sig == NULL) { + throw XSECCryptoException(XSECCryptoException::ECError, +@@ -263,14 +267,14 @@ + memset(rawSigBuf, 0, keyLen * 2); + ArrayJanitor<unsigned char> j_sigbuf(rawSigBuf); + +- unsigned int rawLen = (BN_num_bits(dsa_sig->r) + 7) / 8; +- if (BN_bn2bin(dsa_sig->r, rawSigBuf + keyLen - rawLen) <= 0) { ++ unsigned int rawLen = (BN_num_bits(r) + 7) / 8; ++ if (BN_bn2bin(r, rawSigBuf + keyLen - rawLen) <= 0) { + throw XSECCryptoException(XSECCryptoException::ECError, + "OpenSSL:EC - Error copying signature 'r' value to buffer"); + } + +- rawLen = (BN_num_bits(dsa_sig->s) + 7) / 8; +- if (BN_bn2bin(dsa_sig->s, rawSigBuf + keyLen + keyLen - rawLen) <= 0) { ++ rawLen = (BN_num_bits(s) + 7) / 8; ++ if (BN_bn2bin(s, rawSigBuf + keyLen + keyLen - rawLen) <= 0) { + throw XSECCryptoException(XSECCryptoException::ECError, + "OpenSSL:EC - Error copying signature 's' value to buffer"); + } +diff -U3 -r xml-security-c-1.7.3.orig/xsec/enc/OpenSSL/OpenSSLCryptoKeyRSA.cpp xml-security-c-1.7.3/xsec/enc/OpenSSL/OpenSSLCryptoKeyRSA.cpp +--- xml-security-c-1.7.3.orig/xsec/enc/OpenSSL/OpenSSLCryptoKeyRSA.cpp 2012-07-23 19:56:11.000000000 +0300 ++++ xml-security-c-1.7.3/xsec/enc/OpenSSL/OpenSSLCryptoKeyRSA.cpp 2017-02-19 21:53:14.000000000 +0200 +@@ -326,13 +326,15 @@ + if (mp_rsaKey == NULL) + return KEY_NONE; + +- if (mp_rsaKey->n != NULL && mp_rsaKey->d != NULL) ++ const BIGNUM *n = 0, *e = 0, *d = 0; ++ RSA_get0_key(mp_rsaKey, &n, &e, &d); ++ if (n != NULL && d != NULL) + return KEY_RSA_PAIR; + +- if (mp_rsaKey->d != NULL) ++ if (d != NULL) + return KEY_RSA_PRIVATE; + +- if (mp_rsaKey->n != NULL) ++ if (n != NULL) + return KEY_RSA_PUBLIC; + + return KEY_NONE; +@@ -344,7 +346,7 @@ + if (mp_rsaKey == NULL) + mp_rsaKey = RSA_new(); + +- mp_rsaKey->n = OpenSSLCryptoBase64::b642BN((char *) b64, len); ++ RSA_set0_key(mp_rsaKey, OpenSSLCryptoBase64::b642BN((char *) b64, len), 0, 0); + + } + +@@ -353,7 +355,7 @@ + if (mp_rsaKey == NULL) + mp_rsaKey = RSA_new(); + +- mp_rsaKey->e = OpenSSLCryptoBase64::b642BN((char *) b64, len); ++ RSA_set0_key(mp_rsaKey, 0, OpenSSLCryptoBase64::b642BN((char *) b64, len), 0); + + } + +@@ -369,32 +371,17 @@ + + mp_rsaKey = RSA_new(); + +- if (k == NULL || k->type != EVP_PKEY_RSA) ++ if (k == NULL || EVP_PKEY_base_id(k) != EVP_PKEY_RSA) + return; // Nothing to do with us + +- if (k->pkey.rsa->n) +- mp_rsaKey->n = BN_dup(k->pkey.rsa->n); +- +- if (k->pkey.rsa->e) +- mp_rsaKey->e = BN_dup(k->pkey.rsa->e); +- +- if (k->pkey.rsa->d) +- mp_rsaKey->d = BN_dup(k->pkey.rsa->d); +- +- if (k->pkey.rsa->p) +- mp_rsaKey->p = BN_dup(k->pkey.rsa->p); +- +- if (k->pkey.rsa->q) +- mp_rsaKey->q = BN_dup(k->pkey.rsa->q); +- +- if (k->pkey.rsa->dmp1) +- mp_rsaKey->dmp1 = BN_dup(k->pkey.rsa->dmp1); +- +- if (k->pkey.rsa->dmq1) +- mp_rsaKey->dmq1 = BN_dup(k->pkey.rsa->dmq1); +- +- if (k->pkey.rsa->iqmp) +- mp_rsaKey->iqmp = BN_dup(k->pkey.rsa->iqmp); ++ RSA *rsa = EVP_PKEY_get0_RSA(k); ++ const BIGNUM *n = 0, *e = 0, *d = 0, *p = 0, *q = 0, *dmp1 = 0, *dmq1 = 0, *iqmp = 0; ++ RSA_get0_key(rsa, &n, &e, &d); ++ RSA_get0_factors(rsa, &p, &q); ++ RSA_get0_crt_params(rsa, &dmp1, &dmq1, &iqmp); ++ RSA_set0_key(mp_rsaKey, BN_dup(n), BN_dup(e), BN_dup(d)); ++ RSA_set0_factors(mp_rsaKey, BN_dup(p), BN_dup(q)); ++ RSA_set0_crt_params(mp_rsaKey, BN_dup(dmp1), BN_dup(dmq1), BN_dup(iqmp)); + + } + +@@ -427,9 +414,9 @@ + unsigned char* sigVal = new unsigned char[sigLen + 1]; + ArrayJanitor<unsigned char> j_sigVal(sigVal); + +- EVP_ENCODE_CTX m_dctx; +- EVP_DecodeInit(&m_dctx); +- int rc = EVP_DecodeUpdate(&m_dctx, ++ EVP_ENCODE_CTX *m_dctx = EVP_ENCODE_CTX_new(); ++ EVP_DecodeInit(m_dctx); ++ int rc = EVP_DecodeUpdate(m_dctx, + sigVal, + &sigValLen, + (unsigned char *) cleanedBase64Signature, +@@ -442,7 +429,8 @@ + } + int t = 0; + +- EVP_DecodeFinal(&m_dctx, &sigVal[sigValLen], &t); ++ EVP_DecodeFinal(m_dctx, &sigVal[sigValLen], &t); ++ EVP_ENCODE_CTX_free(m_dctx); + + sigValLen += t; + +@@ -979,29 +967,13 @@ + + // Duplicate parameters + +- if (mp_rsaKey->n) +- ret->mp_rsaKey->n = BN_dup(mp_rsaKey->n); +- +- if (mp_rsaKey->e) +- ret->mp_rsaKey->e = BN_dup(mp_rsaKey->e); +- +- if (mp_rsaKey->d) +- ret->mp_rsaKey->d = BN_dup(mp_rsaKey->d); +- +- if (mp_rsaKey->p) +- ret->mp_rsaKey->p = BN_dup(mp_rsaKey->p); +- +- if (mp_rsaKey->q) +- ret->mp_rsaKey->q = BN_dup(mp_rsaKey->q); +- +- if (mp_rsaKey->dmp1) +- ret->mp_rsaKey->dmp1 = BN_dup(mp_rsaKey->dmp1); +- +- if (mp_rsaKey->dmq1) +- ret->mp_rsaKey->dmq1 = BN_dup(mp_rsaKey->dmq1); +- +- if (mp_rsaKey->iqmp) +- ret->mp_rsaKey->iqmp = BN_dup(mp_rsaKey->iqmp); ++ const BIGNUM *n = 0, *e = 0, *d = 0, *p = 0, *q = 0, *dmp1 = 0, *dmq1 = 0, *iqmp = 0; ++ RSA_get0_key(mp_rsaKey, &n, &e, &d); ++ RSA_get0_factors(mp_rsaKey, &p, &q); ++ RSA_get0_crt_params(mp_rsaKey, &dmp1, &dmq1, &iqmp); ++ RSA_set0_key(ret->mp_rsaKey, BN_dup(n), BN_dup(e), BN_dup(d)); ++ RSA_set0_factors(ret->mp_rsaKey, BN_dup(p), BN_dup(q)); ++ RSA_set0_crt_params(ret->mp_rsaKey, BN_dup(dmp1), BN_dup(dmq1), BN_dup(iqmp)); + + return ret; + +diff -U3 -r xml-security-c-1.7.3.orig/xsec/enc/OpenSSL/OpenSSLCryptoProvider.cpp xml-security-c-1.7.3/xsec/enc/OpenSSL/OpenSSLCryptoProvider.cpp +--- xml-security-c-1.7.3.orig/xsec/enc/OpenSSL/OpenSSLCryptoProvider.cpp 2012-07-23 19:56:11.000000000 +0300 ++++ xml-security-c-1.7.3/xsec/enc/OpenSSL/OpenSSLCryptoProvider.cpp 2017-02-19 21:28:15.000000000 +0200 +@@ -343,7 +343,7 @@ + if (pkey) { + XSECCryptoKey* ret = NULL; + try { +- switch (pkey->type) { ++ switch (EVP_PKEY_base_id(pkey)) { + case EVP_PKEY_RSA: + ret = new OpenSSLCryptoKeyRSA(pkey); + break; +diff -U3 -r xml-security-c-1.7.3.orig/xsec/enc/OpenSSL/OpenSSLCryptoSymmetricKey.cpp xml-security-c-1.7.3/xsec/enc/OpenSSL/OpenSSLCryptoSymmetricKey.cpp +--- xml-security-c-1.7.3.orig/xsec/enc/OpenSSL/OpenSSLCryptoSymmetricKey.cpp 2015-01-29 04:52:17.000000000 +0200 ++++ xml-security-c-1.7.3/xsec/enc/OpenSSL/OpenSSLCryptoSymmetricKey.cpp 2017-02-19 21:24:51.000000000 +0200 +@@ -56,7 +56,8 @@ + m_keyLen(0), + m_initialised(false) { + +- EVP_CIPHER_CTX_init(&m_ctx); ++ m_ctx = EVP_CIPHER_CTX_new(); ++ EVP_CIPHER_CTX_init(m_ctx); + m_keyBuf.isSensitive(); + + } +@@ -65,7 +66,7 @@ + + // Clean up the context + +- EVP_CIPHER_CTX_cleanup(&m_ctx); ++ EVP_CIPHER_CTX_free(m_ctx); + } + + // -------------------------------------------------------------------------------- +@@ -149,17 +150,17 @@ + with 0.9.6 */ + + #if defined(XSEC_OPENSSL_CONST_BUFFERS) +- EVP_DecryptInit(&m_ctx, EVP_des_ede3_cbc(),m_keyBuf.rawBuffer(), iv); ++ EVP_DecryptInit(m_ctx, EVP_des_ede3_cbc(),m_keyBuf.rawBuffer(), iv); + #else +- EVP_DecryptInit(&m_ctx, EVP_des_ede3_cbc(),(unsigned char *) m_keyBuf.rawBuffer(), (unsigned char *) iv); ++ EVP_DecryptInit(m_ctx, EVP_des_ede3_cbc(),(unsigned char *) m_keyBuf.rawBuffer(), (unsigned char *) iv); + #endif + m_ivSize = 8; + } + else if (m_keyMode == MODE_ECB) { + #if defined(XSEC_OPENSSL_CONST_BUFFERS) +- EVP_DecryptInit(&m_ctx, EVP_des_ecb(), m_keyBuf.rawBuffer(), NULL); ++ EVP_DecryptInit(m_ctx, EVP_des_ecb(), m_keyBuf.rawBuffer(), NULL); + #else +- EVP_DecryptInit(&m_ctx, EVP_des_ecb(), (unsigned char *) m_keyBuf.rawBuffer(), NULL); ++ EVP_DecryptInit(m_ctx, EVP_des_ecb(), (unsigned char *) m_keyBuf.rawBuffer(), NULL); + #endif + m_ivSize = 0; + } +@@ -184,7 +185,7 @@ + return 0; // Cannot initialise without an IV + } + +- EVP_DecryptInit_ex(&m_ctx, EVP_aes_128_cbc(), NULL, m_keyBuf.rawBuffer(), iv); ++ EVP_DecryptInit_ex(m_ctx, EVP_aes_128_cbc(), NULL, m_keyBuf.rawBuffer(), iv); + + } + #if defined (XSEC_OPENSSL_HAVE_GCM) +@@ -207,15 +208,15 @@ + } + + // We have everything, so we can fully init. +- EVP_CipherInit(&m_ctx, EVP_aes_128_gcm(), NULL, NULL, 0); +- EVP_CIPHER_CTX_ctrl(&m_ctx, EVP_CTRL_GCM_SET_IVLEN, 12, NULL); +- EVP_CIPHER_CTX_ctrl(&m_ctx, EVP_CTRL_GCM_SET_TAG, 16, (void*)m_tagBuf.rawBuffer()); +- EVP_CipherInit(&m_ctx, NULL, m_keyBuf.rawBuffer(), iv, 0); ++ EVP_CipherInit(m_ctx, EVP_aes_128_gcm(), NULL, NULL, 0); ++ EVP_CIPHER_CTX_ctrl(m_ctx, EVP_CTRL_GCM_SET_IVLEN, 12, NULL); ++ EVP_CIPHER_CTX_ctrl(m_ctx, EVP_CTRL_GCM_SET_TAG, 16, (void*)m_tagBuf.rawBuffer()); ++ EVP_CipherInit(m_ctx, NULL, m_keyBuf.rawBuffer(), iv, 0); + } + #endif + else if (m_keyMode == MODE_ECB) { + +- EVP_DecryptInit_ex(&m_ctx, EVP_aes_128_ecb(), NULL, m_keyBuf.rawBuffer(), NULL); ++ EVP_DecryptInit_ex(m_ctx, EVP_aes_128_ecb(), NULL, m_keyBuf.rawBuffer(), NULL); + + } + else { +@@ -236,7 +237,7 @@ + return 0; // Cannot initialise without an IV + } + +- EVP_DecryptInit_ex(&m_ctx, EVP_aes_192_cbc(), NULL, m_keyBuf.rawBuffer(), iv); ++ EVP_DecryptInit_ex(m_ctx, EVP_aes_192_cbc(), NULL, m_keyBuf.rawBuffer(), iv); + + } + #if defined (XSEC_OPENSSL_HAVE_GCM) +@@ -259,16 +260,16 @@ + } + + // We have everything, so we can fully init. +- EVP_CipherInit(&m_ctx, EVP_aes_192_gcm(), NULL, NULL, 0); +- EVP_CIPHER_CTX_ctrl(&m_ctx, EVP_CTRL_GCM_SET_IVLEN, 12, NULL); +- EVP_CIPHER_CTX_ctrl(&m_ctx, EVP_CTRL_GCM_SET_TAG, 16, (void*)m_tagBuf.rawBuffer()); +- EVP_CipherInit(&m_ctx, NULL, m_keyBuf.rawBuffer(), iv, 0); ++ EVP_CipherInit(m_ctx, EVP_aes_192_gcm(), NULL, NULL, 0); ++ EVP_CIPHER_CTX_ctrl(m_ctx, EVP_CTRL_GCM_SET_IVLEN, 12, NULL); ++ EVP_CIPHER_CTX_ctrl(m_ctx, EVP_CTRL_GCM_SET_TAG, 16, (void*)m_tagBuf.rawBuffer()); ++ EVP_CipherInit(m_ctx, NULL, m_keyBuf.rawBuffer(), iv, 0); + + } + #endif + else if (m_keyMode == MODE_ECB) { + +- EVP_DecryptInit_ex(&m_ctx, EVP_aes_192_ecb(), NULL, m_keyBuf.rawBuffer(), NULL); ++ EVP_DecryptInit_ex(m_ctx, EVP_aes_192_ecb(), NULL, m_keyBuf.rawBuffer(), NULL); + + } + else { +@@ -289,7 +290,7 @@ + return 0; // Cannot initialise without an IV + } + +- EVP_DecryptInit_ex(&m_ctx, EVP_aes_256_cbc(), NULL, m_keyBuf.rawBuffer(), iv); ++ EVP_DecryptInit_ex(m_ctx, EVP_aes_256_cbc(), NULL, m_keyBuf.rawBuffer(), iv); + + } + #if defined (XSEC_OPENSSL_HAVE_GCM) +@@ -312,16 +313,16 @@ + } + + // We have everything, so we can fully init. +- EVP_CipherInit(&m_ctx, EVP_aes_256_gcm(), NULL, NULL, 0); +- EVP_CIPHER_CTX_ctrl(&m_ctx, EVP_CTRL_GCM_SET_IVLEN, 12, NULL); +- EVP_CIPHER_CTX_ctrl(&m_ctx, EVP_CTRL_GCM_SET_TAG, 16, (void*)m_tagBuf.rawBuffer()); +- EVP_CipherInit(&m_ctx, NULL, m_keyBuf.rawBuffer(), iv, 0); ++ EVP_CipherInit(m_ctx, EVP_aes_256_gcm(), NULL, NULL, 0); ++ EVP_CIPHER_CTX_ctrl(m_ctx, EVP_CTRL_GCM_SET_IVLEN, 12, NULL); ++ EVP_CIPHER_CTX_ctrl(m_ctx, EVP_CTRL_GCM_SET_TAG, 16, (void*)m_tagBuf.rawBuffer()); ++ EVP_CipherInit(m_ctx, NULL, m_keyBuf.rawBuffer(), iv, 0); + + } + #endif + else if (m_keyMode == MODE_ECB) { + +- EVP_DecryptInit_ex(&m_ctx, EVP_aes_256_ecb(), NULL, m_keyBuf.rawBuffer(), NULL); ++ EVP_DecryptInit_ex(m_ctx, EVP_aes_256_ecb(), NULL, m_keyBuf.rawBuffer(), NULL); + + } + else { +@@ -371,7 +372,7 @@ + // Disable OpenSSL padding - The interop samples have broken PKCS padding - AARGHH + + #if defined (XSEC_OPENSSL_CANSET_PADDING) +- EVP_CIPHER_CTX_set_padding(&m_ctx, 0); ++ EVP_CIPHER_CTX_set_padding(m_ctx, 0); + #endif + + // Return number of bytes chewed up by IV +@@ -439,9 +440,9 @@ + } + + #if defined (XSEC_OPENSSL_CONST_BUFFERS) +- if (EVP_DecryptUpdate(&m_ctx, &plainBuf[m_bytesInLastBlock], &outl, &inBuf[offset], inLength - offset) == 0) { ++ if (EVP_DecryptUpdate(m_ctx, &plainBuf[m_bytesInLastBlock], &outl, &inBuf[offset], inLength - offset) == 0) { + #else +- if (EVP_DecryptUpdate(&m_ctx, &plainBuf[m_bytesInLastBlock], &outl, (unsigned char *) &inBuf[offset], inLength - offset) == 0) { ++ if (EVP_DecryptUpdate(m_ctx, &plainBuf[m_bytesInLastBlock], &outl, (unsigned char *) &inBuf[offset], inLength - offset) == 0) { + #endif + throw XSECCryptoException(XSECCryptoException::SymmetricError, + "OpenSSL:SymmetricKey - Error during OpenSSL decrypt"); +@@ -476,7 +477,7 @@ + + #if defined (XSEC_OPENSSL_CANSET_PADDING) + +- if (EVP_DecryptFinal(&m_ctx, plainBuf, &outl) == 0) { ++ if (EVP_DecryptFinal(m_ctx, plainBuf, &outl) == 0) { + + throw XSECCryptoException(XSECCryptoException::SymmetricError, + "OpenSSL:SymmetricKey - Error during OpenSSL decrypt finalisation"); +@@ -544,7 +545,7 @@ + We can then clean that up ourselves + */ + +- if (EVP_DecryptUpdate(&m_ctx, &scrPlainBuf[offset], &outl, cipherBuf, m_blockSize) == 0) { ++ if (EVP_DecryptUpdate(m_ctx, &scrPlainBuf[offset], &outl, cipherBuf, m_blockSize) == 0) { + throw XSECCryptoException(XSECCryptoException::SymmetricError, + "OpenSSL:SymmetricKey - Error cecrypting final block during OpenSSL"); + } +@@ -641,16 +642,16 @@ + } + + #if defined (XSEC_OPENSSL_CONST_BUFFERS) +- EVP_EncryptInit(&m_ctx, EVP_des_ede3_cbc(), m_keyBuf.rawBuffer(), usedIV); ++ EVP_EncryptInit(m_ctx, EVP_des_ede3_cbc(), m_keyBuf.rawBuffer(), usedIV); + #else +- EVP_EncryptInit(&m_ctx, EVP_des_ede3_cbc(), (unsigned char *) m_keyBuf.rawBuffer(), (unsigned char *) usedIV); ++ EVP_EncryptInit(m_ctx, EVP_des_ede3_cbc(), (unsigned char *) m_keyBuf.rawBuffer(), (unsigned char *) usedIV); + #endif + } + else if (m_keyMode == MODE_ECB) { + #if defined (XSEC_OPENSSL_CONST_BUFFERS) +- EVP_EncryptInit(&m_ctx, EVP_des_ede3_ecb(), m_keyBuf.rawBuffer(), NULL); ++ EVP_EncryptInit(m_ctx, EVP_des_ede3_ecb(), m_keyBuf.rawBuffer(), NULL); + #else +- EVP_EncryptInit(&m_ctx, EVP_des_ede3(), (unsigned char *) m_keyBuf.rawBuffer(), NULL); ++ EVP_EncryptInit(m_ctx, EVP_des_ede3(), (unsigned char *) m_keyBuf.rawBuffer(), NULL); + #endif + } + else { +@@ -684,11 +685,11 @@ + else + usedIV = iv; + +- EVP_EncryptInit_ex(&m_ctx, EVP_aes_128_cbc(), NULL, m_keyBuf.rawBuffer(), usedIV); ++ EVP_EncryptInit_ex(m_ctx, EVP_aes_128_cbc(), NULL, m_keyBuf.rawBuffer(), usedIV); + } + else if (m_keyMode == MODE_ECB) { + +- EVP_EncryptInit_ex(&m_ctx, EVP_aes_128_ecb(), NULL, m_keyBuf.rawBuffer(), NULL); ++ EVP_EncryptInit_ex(m_ctx, EVP_aes_128_ecb(), NULL, m_keyBuf.rawBuffer(), NULL); + + } + #ifdef XSEC_OPENSSL_HAVE_GCM +@@ -708,7 +709,7 @@ + else + usedIV = iv; + +- EVP_EncryptInit_ex(&m_ctx, EVP_aes_128_gcm(), NULL, m_keyBuf.rawBuffer(), usedIV); ++ EVP_EncryptInit_ex(m_ctx, EVP_aes_128_gcm(), NULL, m_keyBuf.rawBuffer(), usedIV); + } + #endif + else { +@@ -739,7 +740,7 @@ + else + usedIV = iv; + +- EVP_EncryptInit_ex(&m_ctx, EVP_aes_192_cbc(), NULL, m_keyBuf.rawBuffer(), usedIV); ++ EVP_EncryptInit_ex(m_ctx, EVP_aes_192_cbc(), NULL, m_keyBuf.rawBuffer(), usedIV); + + } + #ifdef XSEC_OPENSSL_HAVE_GCM +@@ -759,12 +760,12 @@ + else + usedIV = iv; + +- EVP_EncryptInit_ex(&m_ctx, EVP_aes_192_gcm(), NULL, m_keyBuf.rawBuffer(), usedIV); ++ EVP_EncryptInit_ex(m_ctx, EVP_aes_192_gcm(), NULL, m_keyBuf.rawBuffer(), usedIV); + } + #endif + else if (m_keyMode == MODE_ECB) { + +- EVP_EncryptInit_ex(&m_ctx, EVP_aes_192_ecb(), NULL, m_keyBuf.rawBuffer(), NULL); ++ EVP_EncryptInit_ex(m_ctx, EVP_aes_192_ecb(), NULL, m_keyBuf.rawBuffer(), NULL); + } + else { + throw XSECCryptoException(XSECCryptoException::SymmetricError, +@@ -793,7 +794,7 @@ + else + usedIV = iv; + +- EVP_EncryptInit_ex(&m_ctx, EVP_aes_256_cbc(), NULL, m_keyBuf.rawBuffer(), usedIV); ++ EVP_EncryptInit_ex(m_ctx, EVP_aes_256_cbc(), NULL, m_keyBuf.rawBuffer(), usedIV); + + } + #ifdef XSEC_OPENSSL_HAVE_GCM +@@ -813,12 +814,12 @@ + else + usedIV = iv; + +- EVP_EncryptInit_ex(&m_ctx, EVP_aes_256_gcm(), NULL, m_keyBuf.rawBuffer(), usedIV); ++ EVP_EncryptInit_ex(m_ctx, EVP_aes_256_gcm(), NULL, m_keyBuf.rawBuffer(), usedIV); + } + #endif + else if (m_keyMode == MODE_ECB) { + +- EVP_EncryptInit_ex(&m_ctx, EVP_aes_256_ecb(), NULL, m_keyBuf.rawBuffer(), NULL); ++ EVP_EncryptInit_ex(m_ctx, EVP_aes_256_ecb(), NULL, m_keyBuf.rawBuffer(), NULL); + + } + else { +@@ -864,10 +865,10 @@ + #if defined (XSEC_OPENSSL_CANSET_PADDING) + // Setup padding + if (m_doPad) { +- EVP_CIPHER_CTX_set_padding(&m_ctx, 1); ++ EVP_CIPHER_CTX_set_padding(m_ctx, 1); + } + else { +- EVP_CIPHER_CTX_set_padding(&m_ctx, 0); ++ EVP_CIPHER_CTX_set_padding(m_ctx, 0); + } + #endif + +@@ -908,9 +909,9 @@ + + } + #if defined (XSEC_OPENSSL_CONST_BUFFERS) +- if (EVP_EncryptUpdate(&m_ctx, &cipherBuf[offset], &outl, inBuf, inLength) == 0) { ++ if (EVP_EncryptUpdate(m_ctx, &cipherBuf[offset], &outl, inBuf, inLength) == 0) { + #else +- if (EVP_EncryptUpdate(&m_ctx, &cipherBuf[offset], &outl, (unsigned char *) inBuf, inLength) == 0) { ++ if (EVP_EncryptUpdate(m_ctx, &cipherBuf[offset], &outl, (unsigned char *) inBuf, inLength) == 0) { + #endif + + throw XSECCryptoException(XSECCryptoException::SymmetricError, +@@ -929,7 +930,7 @@ + int outl = maxOutLength; + m_initialised = false; + +- if (EVP_EncryptFinal(&m_ctx, cipherBuf, &outl) == 0) { ++ if (EVP_EncryptFinal(m_ctx, cipherBuf, &outl) == 0) { + + throw XSECCryptoException(XSECCryptoException::SymmetricError, + "OpenSSLSymmetricKey::encryptFinish - Error during OpenSSL decrypt finalisation"); +@@ -962,7 +963,7 @@ + } + if (m_keyMode == MODE_GCM) { + #ifdef XSEC_OPENSSL_HAVE_GCM +- EVP_CIPHER_CTX_ctrl(&m_ctx, EVP_CTRL_GCM_GET_TAG, taglen, cipherBuf + outl); ++ EVP_CIPHER_CTX_ctrl(m_ctx, EVP_CTRL_GCM_GET_TAG, taglen, cipherBuf + outl); + outl += taglen; + #else + throw XSECCryptoException(XSECCryptoException::SymmetricError, +diff -U3 -r xml-security-c-1.7.3.orig/xsec/enc/OpenSSL/OpenSSLCryptoSymmetricKey.hpp xml-security-c-1.7.3/xsec/enc/OpenSSL/OpenSSLCryptoSymmetricKey.hpp +--- xml-security-c-1.7.3.orig/xsec/enc/OpenSSL/OpenSSLCryptoSymmetricKey.hpp 2012-07-23 19:56:11.000000000 +0300 ++++ xml-security-c-1.7.3/xsec/enc/OpenSSL/OpenSSLCryptoSymmetricKey.hpp 2017-02-19 21:25:39.000000000 +0200 +@@ -283,13 +283,13 @@ + * \brief Get OpenSSL cipher context structure + */ + +- EVP_CIPHER_CTX * getOpenSSLEVP_CIPHER_CTX(void) {return &m_ctx;} ++ EVP_CIPHER_CTX * getOpenSSLEVP_CIPHER_CTX(void) {return m_ctx;} + + /** + * \brief Get OpenSSL cipher context structure + */ + +- const EVP_CIPHER_CTX * getOpenSSLEVP_CIPHER_CTX(void) const {return &m_ctx;} ++ const EVP_CIPHER_CTX * getOpenSSLEVP_CIPHER_CTX(void) const {return m_ctx;} + + //@} + +@@ -307,7 +307,7 @@ + // Private variables + SymmetricKeyType m_keyType; + SymmetricKeyMode m_keyMode; +- EVP_CIPHER_CTX m_ctx; // OpenSSL Cipher Context structure ++ EVP_CIPHER_CTX *m_ctx; // OpenSSL Cipher Context structure + safeBuffer m_keyBuf; // Holder of the key + safeBuffer m_tagBuf; // Holder of authentication tag + unsigned int m_keyLen; +diff -U3 -r xml-security-c-1.7.3.orig/xsec/enc/OpenSSL/OpenSSLCryptoX509.cpp xml-security-c-1.7.3/xsec/enc/OpenSSL/OpenSSLCryptoX509.cpp +--- xml-security-c-1.7.3.orig/xsec/enc/OpenSSL/OpenSSLCryptoX509.cpp 2012-07-23 19:56:11.000000000 +0300 ++++ xml-security-c-1.7.3/xsec/enc/OpenSSL/OpenSSLCryptoX509.cpp 2017-02-19 21:09:40.000000000 +0200 +@@ -191,7 +191,7 @@ + + XSECCryptoKey::KeyType ret; + +- switch (pkey->type) { ++ switch (EVP_PKEY_base_id(pkey)) { + + case EVP_PKEY_DSA : + +@@ -241,7 +241,7 @@ + "OpenSSL:X509 - cannot retrieve public key from cert"); + } + +- switch (pkey->type) { ++ switch (EVP_PKEY_base_id(pkey)) { + + case EVP_PKEY_DSA : + +diff -U3 -r xml-security-c-1.7.3.orig/xsec/tools/checksig/InteropResolver.cpp xml-security-c-1.7.3/xsec/tools/checksig/InteropResolver.cpp +--- xml-security-c-1.7.3.orig/xsec/tools/checksig/InteropResolver.cpp 2012-07-23 19:56:10.000000000 +0300 ++++ xml-security-c-1.7.3/xsec/tools/checksig/InteropResolver.cpp 2017-02-19 22:33:50.000000000 +0200 +@@ -318,7 +318,7 @@ + char * cserial = XMLString::transcode(serial); + char * xserial; + +- BIGNUM * bnserial = ASN1_INTEGER_to_BN(x->cert_info->serialNumber, NULL); ++ BIGNUM * bnserial = ASN1_INTEGER_to_BN(X509_get0_serialNumber(x), NULL); + xserial = BN_bn2dec(bnserial); + BN_free(bnserial); + +@@ -360,8 +360,7 @@ + if (xlen != 0) { + + // Have a buffer with a number in it +- STACK_OF(X509_EXTENSION) *exts; +- exts = x->cert_info->extensions; ++ const STACK_OF(X509_EXTENSION) *exts = X509_get0_extensions(x); + + if (exts != NULL) { + +@@ -379,8 +378,8 @@ + memcpy(&octxski[2], xski, xlen); + + ext = sk_X509_EXTENSION_value(exts,extn); +- ASN1_OCTET_STRING *skid = ext->value; +- ASN1_OCTET_STRING * xskid = M_ASN1_OCTET_STRING_new(); ++ ASN1_OCTET_STRING *skid = X509_EXTENSION_get_data(ext); ++ ASN1_OCTET_STRING * xskid = ASN1_OCTET_STRING_new(); + ASN1_STRING_set(xskid, octxski, xlen+2); + + if (ASN1_OCTET_STRING_cmp(xskid, skid) == 0) { +@@ -602,12 +601,12 @@ + // Now check if the cert is in the CRL (code lifted from OpenSSL x509_vfy.c + + int idx; +- X509_REVOKED rtmp; ++ X509_REVOKED *rtmp = X509_REVOKED_new(); + + /* Look for serial number of certificate in CRL */ + +- rtmp.serialNumber = X509_get_serialNumber(x); +- idx = sk_X509_REVOKED_find(c->crl->revoked, &rtmp); ++ X509_REVOKED_set_serialNumber(rtmp, X509_get_serialNumber(x)); ++ idx = sk_X509_REVOKED_find(X509_CRL_get_REVOKED(c), rtmp); + + /* Not found: OK */ + +diff -U3 -r xml-security-c-1.7.3.orig/xsec/tools/cipher/XencInteropResolver.cpp xml-security-c-1.7.3/xsec/tools/cipher/XencInteropResolver.cpp +--- xml-security-c-1.7.3.orig/xsec/tools/cipher/XencInteropResolver.cpp 2012-07-23 19:56:10.000000000 +0300 ++++ xml-security-c-1.7.3/xsec/tools/cipher/XencInteropResolver.cpp 2017-02-19 22:34:57.000000000 +0200 +@@ -521,7 +521,7 @@ + X509 * x509 = OSSLX509->getOpenSSLX509(); + + // Check the serial number +- BIGNUM * bnserial = ASN1_INTEGER_to_BN(x509->cert_info->serialNumber, NULL); ++ BIGNUM * bnserial = ASN1_INTEGER_to_BN(X509_get0_serialNumber(x509), NULL); + BN_free(bnserial); + + BIO * rsaFile = createFileBIO(mp_baseURI, "rsa.p8"); +diff -U3 -r xml-security-c-1.7.3.orig/xsec/tools/cipher/cipher.cpp xml-security-c-1.7.3/xsec/tools/cipher/cipher.cpp +--- xml-security-c-1.7.3.orig/xsec/tools/cipher/cipher.cpp 2015-01-30 05:55:09.000000000 +0200 ++++ xml-security-c-1.7.3/xsec/tools/cipher/cipher.cpp 2017-02-19 22:37:17.000000000 +0200 +@@ -517,7 +517,7 @@ + + pkey = X509_get_pubkey(x); + +- if (pkey == NULL || pkey->type != EVP_PKEY_RSA) { ++ if (pkey == NULL || EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA) { + cerr << "Error extracting RSA key from certificate" << endl; + } + +diff -U3 -r xml-security-c-1.7.3.orig/xsec/tools/templatesign/templatesign.cpp xml-security-c-1.7.3/xsec/tools/templatesign/templatesign.cpp +--- xml-security-c-1.7.3.orig/xsec/tools/templatesign/templatesign.cpp 2015-01-30 05:55:09.000000000 +0200 ++++ xml-security-c-1.7.3/xsec/tools/templatesign/templatesign.cpp 2017-02-19 21:31:14.000000000 +0200 +@@ -726,7 +726,7 @@ + + // Check type is correct + +- if (pkey->type != EVP_PKEY_DSA) { ++ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_DSA) { + cerr << "DSA Key requested, but OpenSSL loaded something else\n"; + exit (1); + } +@@ -739,7 +739,7 @@ + + // Check type is correct + +- if (pkey->type != EVP_PKEY_EC) { ++ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_EC) { + cerr << "EC Key requested, but OpenSSL loaded something else\n"; + exit (1); + } +@@ -749,7 +749,7 @@ + } + # endif + else { +- if (pkey->type != EVP_PKEY_RSA) { ++ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA) { + cerr << "RSA Key requested, but OpenSSL loaded something else\n"; + exit (1); + } +diff -U3 -r xml-security-c-1.7.3.orig/xsec/tools/xklient/xklient.cpp xml-security-c-1.7.3/xsec/tools/xklient/xklient.cpp +--- xml-security-c-1.7.3.orig/xsec/tools/xklient/xklient.cpp 2012-07-23 19:56:10.000000000 +0300 ++++ xml-security-c-1.7.3/xsec/tools/xklient/xklient.cpp 2017-02-19 22:58:32.000000000 +0200 +@@ -284,7 +284,7 @@ + + #if defined (XSEC_HAVE_OPENSSL) + +-XMLCh * BN2b64(BIGNUM * bn) { ++XMLCh * BN2b64(const BIGNUM * bn) { + + int bytes = BN_num_bytes(bn); + unsigned char * binbuf = new unsigned char[bytes + 1]; +@@ -606,7 +606,7 @@ + + // Check type is correct + +- if (pkey->type != EVP_PKEY_DSA) { ++ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_DSA) { + cerr << "DSA Key requested, but OpenSSL loaded something else\n"; + return NULL; + } +@@ -615,10 +615,14 @@ + // Create the XSEC OpenSSL interface + key = new OpenSSLCryptoKeyDSA(pkey); + +- XMLCh * P = BN2b64(pkey->pkey.dsa->p); +- XMLCh * Q = BN2b64(pkey->pkey.dsa->q); +- XMLCh * G = BN2b64(pkey->pkey.dsa->g); +- XMLCh * Y = BN2b64(pkey->pkey.dsa->pub_key); ++ DSA *dsa = EVP_PKEY_get0_DSA(pkey); ++ const BIGNUM *p, *q, *g, *pub_key; ++ DSA_get0_pqg(dsa, &p, &q, &g); ++ DSA_get0_key(dsa, &pub_key, 0); ++ XMLCh * P = BN2b64(p); ++ XMLCh * Q = BN2b64(q); ++ XMLCh * G = BN2b64(g); ++ XMLCh * Y = BN2b64(pub_key); + + sig->appendDSAKeyValue(P,Q,G,Y); + +@@ -628,15 +632,18 @@ + XSEC_RELEASE_XMLCH(Y); + } + else { +- if (pkey->type != EVP_PKEY_RSA) { ++ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA) { + cerr << "RSA Key requested, but OpenSSL loaded something else\n"; + exit (1); + } + sig = lr->addSignature(CANON_C14N_NOC, SIGNATURE_RSA, HASH_SHA1); + key = new OpenSSLCryptoKeyRSA(pkey); + +- XMLCh * mod = BN2b64(pkey->pkey.rsa->n); +- XMLCh * exp = BN2b64(pkey->pkey.rsa->e); ++ RSA *rsa = EVP_PKEY_get0_RSA(pkey); ++ const BIGNUM *n, *e; ++ RSA_get0_key(rsa, &n, &e, 0); ++ XMLCh * mod = BN2b64(n); ++ XMLCh * exp = BN2b64(e); + sig->appendRSAKeyValue(mod, exp); + XSEC_RELEASE_XMLCH(mod); + XSEC_RELEASE_XMLCH(exp); +@@ -878,7 +885,7 @@ + + // Check type is correct + +- if (pkey->type != EVP_PKEY_DSA) { ++ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_DSA) { + cerr << "DSA Key requested, but OpenSSL loaded something else\n"; + return NULL; + } +@@ -887,10 +894,14 @@ + // Create the XSEC OpenSSL interface + key = new OpenSSLCryptoKeyDSA(pkey); + +- XMLCh * P = BN2b64(pkey->pkey.dsa->p); +- XMLCh * Q = BN2b64(pkey->pkey.dsa->q); +- XMLCh * G = BN2b64(pkey->pkey.dsa->g); +- XMLCh * Y = BN2b64(pkey->pkey.dsa->pub_key); ++ DSA *dsa = EVP_PKEY_get0_DSA(pkey); ++ const BIGNUM *p, *q, *g, *pub_key; ++ DSA_get0_pqg(dsa, &p, &q, &g); ++ DSA_get0_key(dsa, &pub_key, 0); ++ XMLCh * P = BN2b64(p); ++ XMLCh * Q = BN2b64(q); ++ XMLCh * G = BN2b64(g); ++ XMLCh * Y = BN2b64(pub_key); + + sig->appendDSAKeyValue(P,Q,G,Y); + +@@ -900,15 +911,18 @@ + XSEC_RELEASE_XMLCH(Y); + } + else { +- if (pkey->type != EVP_PKEY_RSA) { ++ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA) { + cerr << "RSA Key requested, but OpenSSL loaded something else\n"; + exit (1); + } + sig = vr->addSignature(CANON_C14N_NOC, SIGNATURE_RSA, HASH_SHA1); + key = new OpenSSLCryptoKeyRSA(pkey); + +- XMLCh * mod = BN2b64(pkey->pkey.rsa->n); +- XMLCh * exp = BN2b64(pkey->pkey.rsa->e); ++ RSA *rsa = EVP_PKEY_get0_RSA(pkey); ++ const BIGNUM *n, *e; ++ RSA_get0_key(rsa, &n, &e, 0); ++ XMLCh * mod = BN2b64(n); ++ XMLCh * exp = BN2b64(e); + sig->appendRSAKeyValue(mod, exp); + XSEC_RELEASE_XMLCH(mod); + XSEC_RELEASE_XMLCH(exp); +@@ -1229,7 +1243,7 @@ + + // Check type is correct + +- if (pkey->type != EVP_PKEY_DSA) { ++ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_DSA) { + cerr << "DSA Key requested, but OpenSSL loaded something else\n"; + return NULL; + } +@@ -1238,10 +1252,14 @@ + // Create the XSEC OpenSSL interface + key = new OpenSSLCryptoKeyDSA(pkey); + +- XMLCh * P = BN2b64(pkey->pkey.dsa->p); +- XMLCh * Q = BN2b64(pkey->pkey.dsa->q); +- XMLCh * G = BN2b64(pkey->pkey.dsa->g); +- XMLCh * Y = BN2b64(pkey->pkey.dsa->pub_key); ++ DSA *dsa = EVP_PKEY_get0_DSA(pkey); ++ const BIGNUM *p, *q, *g, *pub_key; ++ DSA_get0_pqg(dsa, &p, &q, &g); ++ DSA_get0_key(dsa, &pub_key, 0); ++ XMLCh * P = BN2b64(p); ++ XMLCh * Q = BN2b64(q); ++ XMLCh * G = BN2b64(g); ++ XMLCh * Y = BN2b64(pub_key); + + sig->appendDSAKeyValue(P,Q,G,Y); + +@@ -1251,15 +1269,18 @@ + XSEC_RELEASE_XMLCH(Y); + } + else { +- if (pkey->type != EVP_PKEY_RSA) { ++ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA) { + cerr << "RSA Key requested, but OpenSSL loaded something else\n"; + exit (1); + } + sig = rr->addSignature(CANON_C14N_NOC, SIGNATURE_RSA, HASH_SHA1); + key = new OpenSSLCryptoKeyRSA(pkey); + +- XMLCh * mod = BN2b64(pkey->pkey.rsa->n); +- XMLCh * exp = BN2b64(pkey->pkey.rsa->e); ++ RSA *rsa = EVP_PKEY_get0_RSA(pkey); ++ const BIGNUM *n, *e; ++ RSA_get0_key(rsa, &n, &e, 0); ++ XMLCh * mod = BN2b64(n); ++ XMLCh * exp = BN2b64(e); + sig->appendRSAKeyValue(mod, exp); + XSEC_RELEASE_XMLCH(mod); + XSEC_RELEASE_XMLCH(exp); +@@ -1326,7 +1347,7 @@ + + // Check type is correct + +- if (pkey->type != EVP_PKEY_DSA) { ++ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_DSA) { + cerr << "DSA Key requested, but OpenSSL loaded something else\n"; + return NULL; + } +@@ -1334,10 +1355,14 @@ + proofOfPossessionKey = new OpenSSLCryptoKeyDSA(pkey); + proofOfPossessionSm = SIGNATURE_DSA; + +- XMLCh * P = BN2b64(pkey->pkey.dsa->p); +- XMLCh * Q = BN2b64(pkey->pkey.dsa->q); +- XMLCh * G = BN2b64(pkey->pkey.dsa->g); +- XMLCh * Y = BN2b64(pkey->pkey.dsa->pub_key); ++ DSA *dsa = EVP_PKEY_get0_DSA(pkey); ++ const BIGNUM *p, *q, *g, *pub_key; ++ DSA_get0_pqg(dsa, &p, &q, &g); ++ DSA_get0_key(dsa, &pub_key, 0); ++ XMLCh * P = BN2b64(p); ++ XMLCh * Q = BN2b64(q); ++ XMLCh * G = BN2b64(g); ++ XMLCh * Y = BN2b64(pub_key); + + pkb->appendDSAKeyValue(P,Q,G,Y); + +@@ -1347,7 +1372,7 @@ + XSEC_RELEASE_XMLCH(Y); + } + else { +- if (pkey->type != EVP_PKEY_RSA) { ++ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA) { + cerr << "RSA Key requested, but OpenSSL loaded something else\n"; + exit (1); + } +@@ -1355,8 +1380,11 @@ + proofOfPossessionKey = new OpenSSLCryptoKeyRSA(pkey); + proofOfPossessionSm = SIGNATURE_RSA; + +- XMLCh * mod = BN2b64(pkey->pkey.rsa->n); +- XMLCh * exp = BN2b64(pkey->pkey.rsa->e); ++ RSA *rsa = EVP_PKEY_get0_RSA(pkey); ++ const BIGNUM *n, *e; ++ RSA_get0_key(rsa, &n, &e, 0); ++ XMLCh * mod = BN2b64(n); ++ XMLCh * exp = BN2b64(e); + pkb->appendRSAKeyValue(mod, exp); + XSEC_RELEASE_XMLCH(mod); + XSEC_RELEASE_XMLCH(exp); +@@ -1622,7 +1650,7 @@ + + // Check type is correct + +- if (pkey->type != EVP_PKEY_DSA) { ++ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_DSA) { + cerr << "DSA Key requested, but OpenSSL loaded something else\n"; + return NULL; + } +@@ -1631,10 +1659,14 @@ + // Create the XSEC OpenSSL interface + key = new OpenSSLCryptoKeyDSA(pkey); + +- XMLCh * P = BN2b64(pkey->pkey.dsa->p); +- XMLCh * Q = BN2b64(pkey->pkey.dsa->q); +- XMLCh * G = BN2b64(pkey->pkey.dsa->g); +- XMLCh * Y = BN2b64(pkey->pkey.dsa->pub_key); ++ DSA *dsa = EVP_PKEY_get0_DSA(pkey); ++ const BIGNUM *p, *q, *g, *pub_key; ++ DSA_get0_pqg(dsa, &p, &q, &g); ++ DSA_get0_key(dsa, &pub_key, 0); ++ XMLCh * P = BN2b64(p); ++ XMLCh * Q = BN2b64(q); ++ XMLCh * G = BN2b64(g); ++ XMLCh * Y = BN2b64(pub_key); + + sig->appendDSAKeyValue(P,Q,G,Y); + +@@ -1644,15 +1676,18 @@ + XSEC_RELEASE_XMLCH(Y); + } + else { +- if (pkey->type != EVP_PKEY_RSA) { ++ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA) { + cerr << "RSA Key requested, but OpenSSL loaded something else\n"; + exit (1); + } + sig = rr->addSignature(CANON_C14N_NOC, SIGNATURE_RSA, HASH_SHA1); + key = new OpenSSLCryptoKeyRSA(pkey); + +- XMLCh * mod = BN2b64(pkey->pkey.rsa->n); +- XMLCh * exp = BN2b64(pkey->pkey.rsa->e); ++ RSA *rsa = EVP_PKEY_get0_RSA(pkey); ++ const BIGNUM *n, *e; ++ RSA_get0_key(rsa, &n, &e, 0); ++ XMLCh * mod = BN2b64(n); ++ XMLCh * exp = BN2b64(e); + sig->appendRSAKeyValue(mod, exp); + XSEC_RELEASE_XMLCH(mod); + XSEC_RELEASE_XMLCH(exp); +@@ -1719,15 +1754,19 @@ + + // Check type is correct + +- if (pkey->type != EVP_PKEY_DSA) { ++ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_DSA) { + cerr << "DSA Key requested, but OpenSSL loaded something else\n"; + return NULL; + } + +- XMLCh * P = BN2b64(pkey->pkey.dsa->p); +- XMLCh * Q = BN2b64(pkey->pkey.dsa->q); +- XMLCh * G = BN2b64(pkey->pkey.dsa->g); +- XMLCh * Y = BN2b64(pkey->pkey.dsa->pub_key); ++ DSA *dsa = EVP_PKEY_get0_DSA(pkey); ++ const BIGNUM *p, *q, *g, *pub_key; ++ DSA_get0_pqg(dsa, &p, &q, &g); ++ DSA_get0_key(dsa, &pub_key, 0); ++ XMLCh * P = BN2b64(p); ++ XMLCh * Q = BN2b64(q); ++ XMLCh * G = BN2b64(g); ++ XMLCh * Y = BN2b64(pub_key); + + rkb->appendDSAKeyValue(P,Q,G,Y); + +@@ -1737,13 +1776,16 @@ + XSEC_RELEASE_XMLCH(Y); + } + else { +- if (pkey->type != EVP_PKEY_RSA) { ++ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA) { + cerr << "RSA Key requested, but OpenSSL loaded something else\n"; + exit (1); + } + +- XMLCh * mod = BN2b64(pkey->pkey.rsa->n); +- XMLCh * exp = BN2b64(pkey->pkey.rsa->e); ++ RSA *rsa = EVP_PKEY_get0_RSA(pkey); ++ const BIGNUM *n, *e; ++ RSA_get0_key(rsa, &n, &e, 0); ++ XMLCh * mod = BN2b64(n); ++ XMLCh * exp = BN2b64(e); + rkb->appendRSAKeyValue(mod, exp); + XSEC_RELEASE_XMLCH(mod); + XSEC_RELEASE_XMLCH(exp); +@@ -1977,7 +2019,7 @@ + + // Check type is correct + +- if (pkey->type != EVP_PKEY_DSA) { ++ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_DSA) { + cerr << "DSA Key requested, but OpenSSL loaded something else\n"; + return NULL; + } +@@ -1986,10 +2028,14 @@ + // Create the XSEC OpenSSL interface + key = new OpenSSLCryptoKeyDSA(pkey); + +- XMLCh * P = BN2b64(pkey->pkey.dsa->p); +- XMLCh * Q = BN2b64(pkey->pkey.dsa->q); +- XMLCh * G = BN2b64(pkey->pkey.dsa->g); +- XMLCh * Y = BN2b64(pkey->pkey.dsa->pub_key); ++ DSA *dsa = EVP_PKEY_get0_DSA(pkey); ++ const BIGNUM *p, *q, *g, *pub_key; ++ DSA_get0_pqg(dsa, &p, &q, &g); ++ DSA_get0_key(dsa, &pub_key, 0); ++ XMLCh * P = BN2b64(p); ++ XMLCh * Q = BN2b64(q); ++ XMLCh * G = BN2b64(g); ++ XMLCh * Y = BN2b64(pub_key); + + sig->appendDSAKeyValue(P,Q,G,Y); + +@@ -1999,15 +2045,18 @@ + XSEC_RELEASE_XMLCH(Y); + } + else { +- if (pkey->type != EVP_PKEY_RSA) { ++ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA) { + cerr << "RSA Key requested, but OpenSSL loaded something else\n"; + exit (1); + } + sig = rr->addSignature(CANON_C14N_NOC, SIGNATURE_RSA, HASH_SHA1); + key = new OpenSSLCryptoKeyRSA(pkey); + +- XMLCh * mod = BN2b64(pkey->pkey.rsa->n); +- XMLCh * exp = BN2b64(pkey->pkey.rsa->e); ++ RSA *rsa = EVP_PKEY_get0_RSA(pkey); ++ const BIGNUM *n, *e; ++ RSA_get0_key(rsa, &n, &e, 0); ++ XMLCh * mod = BN2b64(n); ++ XMLCh * exp = BN2b64(e); + sig->appendRSAKeyValue(mod, exp); + XSEC_RELEASE_XMLCH(mod); + XSEC_RELEASE_XMLCH(exp); +@@ -2074,7 +2123,7 @@ + + // Check type is correct + +- if (pkey->type != EVP_PKEY_DSA) { ++ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_DSA) { + cerr << "DSA Key requested, but OpenSSL loaded something else\n"; + return NULL; + } +@@ -2082,10 +2131,14 @@ + proofOfPossessionKey = new OpenSSLCryptoKeyDSA(pkey); + proofOfPossessionSm = SIGNATURE_DSA; + +- XMLCh * P = BN2b64(pkey->pkey.dsa->p); +- XMLCh * Q = BN2b64(pkey->pkey.dsa->q); +- XMLCh * G = BN2b64(pkey->pkey.dsa->g); +- XMLCh * Y = BN2b64(pkey->pkey.dsa->pub_key); ++ DSA *dsa = EVP_PKEY_get0_DSA(pkey); ++ const BIGNUM *p, *q, *g, *pub_key; ++ DSA_get0_pqg(dsa, &p, &q, &g); ++ DSA_get0_key(dsa, &pub_key, 0); ++ XMLCh * P = BN2b64(p); ++ XMLCh * Q = BN2b64(q); ++ XMLCh * G = BN2b64(g); ++ XMLCh * Y = BN2b64(pub_key); + + pkb->appendDSAKeyValue(P,Q,G,Y); + +@@ -2095,7 +2148,7 @@ + XSEC_RELEASE_XMLCH(Y); + } + else { +- if (pkey->type != EVP_PKEY_RSA) { ++ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA) { + cerr << "RSA Key requested, but OpenSSL loaded something else\n"; + exit (1); + } +@@ -2103,8 +2156,11 @@ + proofOfPossessionKey = new OpenSSLCryptoKeyRSA(pkey); + proofOfPossessionSm = SIGNATURE_RSA; + +- XMLCh * mod = BN2b64(pkey->pkey.rsa->n); +- XMLCh * exp = BN2b64(pkey->pkey.rsa->e); ++ RSA *rsa = EVP_PKEY_get0_RSA(pkey); ++ const BIGNUM *n, *e; ++ RSA_get0_key(rsa, &n, &e, 0); ++ XMLCh * mod = BN2b64(n); ++ XMLCh * exp = BN2b64(e); + pkb->appendRSAKeyValue(mod, exp); + XSEC_RELEASE_XMLCH(mod); + XSEC_RELEASE_XMLCH(exp); +@@ -2371,7 +2427,7 @@ + + // Check type is correct + +- if (pkey->type != EVP_PKEY_DSA) { ++ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_DSA) { + cerr << "DSA Key requested, but OpenSSL loaded something else\n"; + return NULL; + } +@@ -2380,10 +2436,14 @@ + // Create the XSEC OpenSSL interface + key = new OpenSSLCryptoKeyDSA(pkey); + +- XMLCh * P = BN2b64(pkey->pkey.dsa->p); +- XMLCh * Q = BN2b64(pkey->pkey.dsa->q); +- XMLCh * G = BN2b64(pkey->pkey.dsa->g); +- XMLCh * Y = BN2b64(pkey->pkey.dsa->pub_key); ++ DSA *dsa = EVP_PKEY_get0_DSA(pkey); ++ const BIGNUM *p, *q, *g, *pub_key; ++ DSA_get0_pqg(dsa, &p, &q, &g); ++ DSA_get0_key(dsa, &pub_key, 0); ++ XMLCh * P = BN2b64(p); ++ XMLCh * Q = BN2b64(q); ++ XMLCh * G = BN2b64(g); ++ XMLCh * Y = BN2b64(pub_key); + + sig->appendDSAKeyValue(P,Q,G,Y); + +@@ -2393,15 +2453,18 @@ + XSEC_RELEASE_XMLCH(Y); + } + else { +- if (pkey->type != EVP_PKEY_RSA) { ++ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA) { + cerr << "RSA Key requested, but OpenSSL loaded something else\n"; + exit (1); + } + sig = rr->addSignature(CANON_C14N_NOC, SIGNATURE_RSA, HASH_SHA1); + key = new OpenSSLCryptoKeyRSA(pkey); + +- XMLCh * mod = BN2b64(pkey->pkey.rsa->n); +- XMLCh * exp = BN2b64(pkey->pkey.rsa->e); ++ RSA *rsa = EVP_PKEY_get0_RSA(pkey); ++ const BIGNUM *n, *e; ++ RSA_get0_key(rsa, &n, &e, 0); ++ XMLCh * mod = BN2b64(n); ++ XMLCh * exp = BN2b64(e); + sig->appendRSAKeyValue(mod, exp); + XSEC_RELEASE_XMLCH(mod); + XSEC_RELEASE_XMLCH(exp); +@@ -2468,15 +2531,19 @@ + + // Check type is correct + +- if (pkey->type != EVP_PKEY_DSA) { ++ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_DSA) { + cerr << "DSA Key requested, but OpenSSL loaded something else\n"; + return NULL; + } + +- XMLCh * P = BN2b64(pkey->pkey.dsa->p); +- XMLCh * Q = BN2b64(pkey->pkey.dsa->q); +- XMLCh * G = BN2b64(pkey->pkey.dsa->g); +- XMLCh * Y = BN2b64(pkey->pkey.dsa->pub_key); ++ DSA *dsa = EVP_PKEY_get0_DSA(pkey); ++ const BIGNUM *p, *q, *g, *pub_key; ++ DSA_get0_pqg(dsa, &p, &q, &g); ++ DSA_get0_key(dsa, &pub_key, 0); ++ XMLCh * P = BN2b64(p); ++ XMLCh * Q = BN2b64(q); ++ XMLCh * G = BN2b64(g); ++ XMLCh * Y = BN2b64(pub_key); + + rkb->appendDSAKeyValue(P,Q,G,Y); + +@@ -2486,13 +2553,16 @@ + XSEC_RELEASE_XMLCH(Y); + } + else { +- if (pkey->type != EVP_PKEY_RSA) { ++ if (EVP_PKEY_base_id(pkey) != EVP_PKEY_RSA) { + cerr << "RSA Key requested, but OpenSSL loaded something else\n"; + exit (1); + } + +- XMLCh * mod = BN2b64(pkey->pkey.rsa->n); +- XMLCh * exp = BN2b64(pkey->pkey.rsa->e); ++ RSA *rsa = EVP_PKEY_get0_RSA(pkey); ++ const BIGNUM *n, *e; ++ RSA_get0_key(rsa, &n, &e, 0); ++ XMLCh * mod = BN2b64(n); ++ XMLCh * exp = BN2b64(e); + rkb->appendRSAKeyValue(mod, exp); + XSEC_RELEASE_XMLCH(mod); + XSEC_RELEASE_XMLCH(exp); +@@ -3251,14 +3321,17 @@ + + // Create the RSA key file + RSA * rsa = RSA_new(); +- rsa->n = OpenSSLCryptoBase64::b642BN(sModulus, (unsigned int) strlen(sModulus)); +- rsa->e = OpenSSLCryptoBase64::b642BN(sExponent, (unsigned int) strlen(sExponent)); +- rsa->d = OpenSSLCryptoBase64::b642BN(sD, (unsigned int) strlen(sD)); +- rsa->p = OpenSSLCryptoBase64::b642BN(sP, (unsigned int) strlen(sP)); +- rsa->q = OpenSSLCryptoBase64::b642BN(sQ, (unsigned int) strlen(sQ)); +- rsa->dmp1 = OpenSSLCryptoBase64::b642BN(sDP, (unsigned int) strlen(sDP)); +- rsa->dmq1 = OpenSSLCryptoBase64::b642BN(sDQ, (unsigned int) strlen(sDQ)); +- rsa->iqmp = OpenSSLCryptoBase64::b642BN(sInverseQ, (unsigned int) strlen(sInverseQ)); ++ RSA_set0_key(rsa, ++ OpenSSLCryptoBase64::b642BN(sModulus, (unsigned int) strlen(sModulus)), ++ OpenSSLCryptoBase64::b642BN(sExponent, (unsigned int) strlen(sExponent)), ++ OpenSSLCryptoBase64::b642BN(sD, (unsigned int) strlen(sD))); ++ RSA_set0_factors(rsa, ++ OpenSSLCryptoBase64::b642BN(sP, (unsigned int) strlen(sP)), ++ OpenSSLCryptoBase64::b642BN(sQ, (unsigned int) strlen(sQ))); ++ RSA_set0_crt_params(rsa, ++ OpenSSLCryptoBase64::b642BN(sDP, (unsigned int) strlen(sDP)), ++ OpenSSLCryptoBase64::b642BN(sDQ, (unsigned int) strlen(sDQ)), ++ OpenSSLCryptoBase64::b642BN(sInverseQ, (unsigned int) strlen(sInverseQ))); + + // Write it to disk + BIO *out; +@@ -3367,14 +3440,17 @@ + + // Create the RSA key file + RSA * rsa = RSA_new(); +- rsa->n = OpenSSLCryptoBase64::b642BN(sModulus, (unsigned int) strlen(sModulus)); +- rsa->e = OpenSSLCryptoBase64::b642BN(sExponent, (unsigned int) strlen(sExponent)); +- rsa->d = OpenSSLCryptoBase64::b642BN(sD, (unsigned int) strlen(sD)); +- rsa->p = OpenSSLCryptoBase64::b642BN(sP, (unsigned int) strlen(sP)); +- rsa->q = OpenSSLCryptoBase64::b642BN(sQ, (unsigned int) strlen(sQ)); +- rsa->dmp1 = OpenSSLCryptoBase64::b642BN(sDP, (unsigned int) strlen(sDP)); +- rsa->dmq1 = OpenSSLCryptoBase64::b642BN(sDQ, (unsigned int) strlen(sDQ)); +- rsa->iqmp = OpenSSLCryptoBase64::b642BN(sInverseQ, (unsigned int) strlen(sInverseQ)); ++ RSA_set0_key(rsa, ++ OpenSSLCryptoBase64::b642BN(sModulus, (unsigned int) strlen(sModulus)), ++ OpenSSLCryptoBase64::b642BN(sExponent, (unsigned int) strlen(sExponent)), ++ OpenSSLCryptoBase64::b642BN(sD, (unsigned int) strlen(sD))); ++ RSA_set0_factors(rsa, ++ OpenSSLCryptoBase64::b642BN(sP, (unsigned int) strlen(sP)), ++ OpenSSLCryptoBase64::b642BN(sQ, (unsigned int) strlen(sQ))); ++ RSA_set0_crt_params(rsa, ++ OpenSSLCryptoBase64::b642BN(sDP, (unsigned int) strlen(sDP)), ++ OpenSSLCryptoBase64::b642BN(sDQ, (unsigned int) strlen(sDQ)), ++ OpenSSLCryptoBase64::b642BN(sInverseQ, (unsigned int) strlen(sInverseQ))); + + // Write it to disk + BIO *out; + diff --git a/dev-libs/xml-security-c/files/xml-security-c-2.0.2-libressl.patch b/dev-libs/xml-security-c/files/xml-security-c-2.0.2-libressl.patch new file mode 100644 index 0000000..754ddc6 --- /dev/null +++ b/dev-libs/xml-security-c/files/xml-security-c-2.0.2-libressl.patch @@ -0,0 +1,52 @@ +diff --git a/xsec/enc/OpenSSL/OpenSSLCryptoBase64.cpp b/xsec/enc/OpenSSL/OpenSSLCryptoBase64.cpp +index 2ad9da6e..a8ea9f1d 100644 +--- a/xsec/enc/OpenSSL/OpenSSLCryptoBase64.cpp ++++ b/xsec/enc/OpenSSL/OpenSSLCryptoBase64.cpp +@@ -48,7 +48,7 @@ XERCES_CPP_NAMESPACE_USE + // Construction/Destruction + // -------------------------------------------------------------------------------- + +-#if (OPENSSL_VERSION_NUMBER < 0x10100000L) ++#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER) + OpenSSLCryptoBase64::OpenSSLCryptoBase64() : mp_ectx(&m_ectx_store), mp_dctx(&m_dctx_store) { } + OpenSSLCryptoBase64::~OpenSSLCryptoBase64() { } + #else +diff --git a/xsec/enc/OpenSSL/OpenSSLCryptoBase64.hpp b/xsec/enc/OpenSSL/OpenSSLCryptoBase64.hpp +index c892eac4..82aeb0a1 100644 +--- a/xsec/enc/OpenSSL/OpenSSLCryptoBase64.hpp ++++ b/xsec/enc/OpenSSL/OpenSSLCryptoBase64.hpp +@@ -205,7 +205,7 @@ private : + EVP_ENCODE_CTX *mp_ectx; // Encode context + EVP_ENCODE_CTX *mp_dctx; // Decode context + +-#if (OPENSSL_VERSION_NUMBER < 0x10100000L) ++#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER) + EVP_ENCODE_CTX m_ectx_store; + EVP_ENCODE_CTX m_dctx_store; + #endif +diff --git a/xsec/enc/OpenSSL/OpenSSLSupport.cpp b/xsec/enc/OpenSSL/OpenSSLSupport.cpp +index dfd37eb3..cf874f82 100644 +--- a/xsec/enc/OpenSSL/OpenSSLSupport.cpp ++++ b/xsec/enc/OpenSSL/OpenSSLSupport.cpp +@@ -273,7 +273,7 @@ int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s) + + #endif + +-#if (OPENSSL_VERSION_NUMBER < 0x10100000L) ++#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER) + EvpEncodeCtxRAII::EvpEncodeCtxRAII() : mp_ctx(&mp_ctx_store) { }; + EvpEncodeCtxRAII::~EvpEncodeCtxRAII() { } + #else +diff --git a/xsec/enc/OpenSSL/OpenSSLSupport.hpp b/xsec/enc/OpenSSL/OpenSSLSupport.hpp +index e3527fae..b5f67f26 100644 +--- a/xsec/enc/OpenSSL/OpenSSLSupport.hpp ++++ b/xsec/enc/OpenSSL/OpenSSLSupport.hpp +@@ -88,7 +88,7 @@ public: + + private: + EVP_ENCODE_CTX *mp_ctx; +-#if (OPENSSL_VERSION_NUMBER < 0x10100000L) ++#if (OPENSSL_VERSION_NUMBER < 0x10100000L) || defined(LIBRESSL_VERSION_NUMBER) + EVP_ENCODE_CTX mp_ctx_store; + #endif + }; diff --git a/dev-libs/xml-security-c/metadata.xml b/dev-libs/xml-security-c/metadata.xml new file mode 100644 index 0000000..95860c0 --- /dev/null +++ b/dev-libs/xml-security-c/metadata.xml @@ -0,0 +1,10 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <use> + <flag name="xalan">Enable support for XSLT and XPath parsing + by <pkg>dev-libs/xalan-c</pkg></flag> + <flag name="nss">Use <pkg>dev-libs/nss</pkg> for certain crypto + operations (configureable at runtime)</flag> + </use> +</pkgmetadata> diff --git a/dev-libs/xml-security-c/xml-security-c-1.7.3.ebuild b/dev-libs/xml-security-c/xml-security-c-1.7.3.ebuild new file mode 100644 index 0000000..40ceb34 --- /dev/null +++ b/dev-libs/xml-security-c/xml-security-c-1.7.3.ebuild @@ -0,0 +1,45 @@ +# Copyright 1999-2021 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +DESCRIPTION="Apache C++ XML security libraries" +HOMEPAGE="https://santuario.apache.org/" +SRC_URI="mirror://apache/santuario/c-library/${P}.tar.gz" + +LICENSE="Apache-2.0" +SLOT="0" +KEYWORDS="~amd64 ~x86" +IUSE="debug examples libressl nss static-libs xalan" + +RDEPEND=">=dev-libs/xerces-c-3.1 + !libressl? ( dev-libs/openssl:0= ) + libressl? ( dev-libs/libressl:0= ) + nss? ( dev-libs/nss ) + xalan? ( dev-libs/xalan-c )" +DEPEND="${RDEPEND}" +BDEPEND="virtual/pkgconfig" +PATCHES=( + "${FILESDIR}/${PN}-1.6.1-nss-compilation-fix.patch" + "${FILESDIR}/${PN}-1.7.3-fix-c++14.patch" + "${FILESDIR}/${PN}-1.7.3_openssl1.1.patch" +) + +DOCS=( CHANGELOG.txt NOTICE.txt ) + +src_configure() { + econf \ + --with-openssl \ + $(use_enable static-libs static) \ + $(use_enable debug) \ + $(use_with xalan) \ + $(use_with nss) +} + +src_install() { + default + if use examples ; then + docinto examples + dodoc xsec/samples/*.cpp + fi +} diff --git a/dev-libs/xml-security-c/xml-security-c-2.0.2.ebuild b/dev-libs/xml-security-c/xml-security-c-2.0.2.ebuild new file mode 100644 index 0000000..4661437 --- /dev/null +++ b/dev-libs/xml-security-c/xml-security-c-2.0.2.ebuild @@ -0,0 +1,43 @@ +# Copyright 1999-2021 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +DESCRIPTION="Apache C++ XML security libraries" +HOMEPAGE="https://santuario.apache.org/" +SRC_URI="mirror://apache/santuario/c-library/${P}.tar.gz" + +LICENSE="Apache-2.0" +SLOT="0" +KEYWORDS="~amd64 ~x86" +IUSE="debug examples libressl nss static-libs xalan" + +RDEPEND=">=dev-libs/xerces-c-3.2 + !libressl? ( dev-libs/openssl:0= ) + libressl? ( dev-libs/libressl:0= ) + nss? ( dev-libs/nss ) + xalan? ( dev-libs/xalan-c )" +DEPEND="${RDEPEND}" +BDEPEND="virtual/pkgconfig" +PATCHES=( + "${FILESDIR}/${P}-libressl.patch" +) + +DOCS=( CHANGELOG.txt NOTICE.txt ) + +src_configure() { + econf \ + --with-openssl \ + $(use_enable static-libs static) \ + $(use_enable debug) \ + $(use_with xalan) \ + $(use_with nss) +} + +src_install() { + default + if use examples ; then + docinto examples + dodoc xsec/samples/*.cpp + fi +} |