[ 
https://issues.apache.org/jira/browse/GEODE-3093?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16249738#comment-16249738
 ] 

ASF GitHub Bot commented on GEODE-3093:
---------------------------------------

dgkimura closed pull request #147: GEODE-3093: Update support for OpenSSL 1.1
URL: https://github.com/apache/geode-native/pull/147
 
 
   

This is a PR merged from a forked repository.
As GitHub hides the original diff on merge, it is displayed below for
the sake of provenance:

As this is a foreign pull request (from a fork), the diff is supplied
below (as it won't show otherwise due to GitHub magic):

diff --git a/cryptoimpl/DHImpl.cpp b/cryptoimpl/DHImpl.cpp
index 982e742d..1edcce84 100644
--- a/cryptoimpl/DHImpl.cpp
+++ b/cryptoimpl/DHImpl.cpp
@@ -99,27 +99,31 @@ ASN1_SEQUENCE(
 
   dhimpl->m_dh = DH_new();
 
-  LOGDH(" DHInit: P ptr is %p", dhimpl->m_dh->p);
-  LOGDH(" DHInit: G ptr is %p", dhimpl->m_dh->g);
-  LOGDH(" DHInit: length is %d", dhimpl->m_dh->length);
-
   int ret = -1;
 
-  ret = BN_dec2bn(&dhimpl->m_dh->p, dhP);
+  const BIGNUM* pbn,* gbn;
+  DH_get0_pqg(dhimpl->m_dh, &pbn, NULL, &gbn);
+  ret = BN_dec2bn((BIGNUM**)&pbn, dhP);
   LOGDH(" DHInit: BN_dec2bn dhP ret %d", ret);
 
-  ret = BN_dec2bn(&dhimpl->m_dh->g, dhG);
+  LOGDH(" DHInit: P ptr is %p", pbn);
+  LOGDH(" DHInit: G ptr is %p", gbn);
+  LOGDH(" DHInit: length is %d", DH_get_length(dhimpl->m_dh));
+
+  ret = BN_dec2bn((BIGNUM**)&gbn, dhG);
   LOGDH(" DHInit: BN_dec2bn dhG ret %d", ret);
 
-  dhimpl->m_dh->length = dhL;
+  DH_set_length(dhimpl->m_dh, dhL);
 
   ret = DH_generate_key(dhimpl->m_dh);
   LOGDH(" DHInit: DH_generate_key ret %d", ret);
 
-  ret = BN_num_bits(dhimpl->m_dh->priv_key);
+  const BIGNUM* pub_key, *priv_key;
+  DH_get0_key(dhimpl->m_dh, &pub_key, &priv_key);
+  ret = BN_num_bits(priv_key);
   LOGDH(" DHInit: BN_num_bits priv_key is %d", ret);
 
-  ret = BN_num_bits(dhimpl->m_dh->pub_key);
+  ret = BN_num_bits(pub_key);
   LOGDH(" DHInit: BN_num_bits pub_key is %d", ret);
 
   int codes = 0;
@@ -193,11 +197,14 @@ void gf_clearDhKeys(void *dhCtx) {
 unsigned char *gf_getPublicKey(void *dhCtx, int *pLen) {
   DHImpl *dhimpl = reinterpret_cast<DHImpl *>(dhCtx);
 
-  if (dhimpl->m_dh->pub_key == NULL || pLen == NULL) {
+  const BIGNUM* pub_key, *priv_key;
+  DH_get0_key(dhimpl->m_dh, &pub_key, &priv_key);
+
+  if (pub_key == NULL || pLen == NULL) {
     return NULL;
   }
 
-  int numBytes = BN_num_bytes(dhimpl->m_dh->pub_key);
+  int numBytes = BN_num_bytes(pub_key);
 
   if (numBytes <= 0) {
     return NULL;
@@ -247,7 +254,11 @@ void gf_setPublicKeyOther(void *dhCtx, const unsigned char 
*pubkey,
   EVP_PKEY *evppkey = DH_PUBKEY_get(dhpubkey);
   LOGDH(" setPubKeyOther: after dhpubkey get evp ptr is %p\n", evppkey);
   LOGDH(" setPubKeyOther: before BNdup ptr is %p\n", dhimpl->m_pubKeyOther);
-  dhimpl->m_pubKeyOther = BN_dup(evppkey->pkey.dh->pub_key);
+
+  const BIGNUM* pub_key, *priv_key;
+  DH* dh = EVP_PKEY_get1_DH(evppkey);
+  DH_get0_key(dh, &pub_key, &priv_key);
+  dhimpl->m_pubKeyOther = BN_dup(pub_key);
   LOGDH(" setPubKeyOther: after BNdup ptr is %p\n", dhimpl->m_pubKeyOther);
   EVP_PKEY_free(evppkey);
   DH_PUBKEY_free(dhpubkey);
@@ -357,8 +368,7 @@ unsigned char *gf_encryptDH(void *dhCtx, const unsigned 
char *cleartext,
   unsigned char *ciphertext =
       new unsigned char[len + 50];  // give enough room for padding
   int outlen, tmplen;
-  EVP_CIPHER_CTX ctx;
-  EVP_CIPHER_CTX_init(&ctx);
+  EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
 
   int ret = -123;
 
@@ -367,27 +377,27 @@ unsigned char *gf_encryptDH(void *dhCtx, const unsigned 
char *cleartext,
   // init openssl cipher context
   if (dhimpl->m_skAlgo == "AES") {
     int keySize = dhimpl->m_keySize > 128 ? dhimpl->m_keySize / 8 : 16;
-    ret = EVP_EncryptInit_ex(&ctx, cipherFunc, NULL,
+    ret = EVP_EncryptInit_ex(ctx, cipherFunc, NULL,
                              (unsigned char *)dhimpl->m_key,
                              (unsigned char *)dhimpl->m_key + keySize);
   } else if (dhimpl->m_skAlgo == "Blowfish") {
     int keySize = dhimpl->m_keySize > 128 ? dhimpl->m_keySize / 8 : 16;
-    ret = EVP_EncryptInit_ex(&ctx, cipherFunc, NULL, NULL,
+    ret = EVP_EncryptInit_ex(ctx, cipherFunc, NULL, NULL,
                              (unsigned char *)dhimpl->m_key + keySize);
     LOGDH("DHencrypt: init BF ret %d", ret);
-    EVP_CIPHER_CTX_set_key_length(&ctx, keySize);
+    EVP_CIPHER_CTX_set_key_length(ctx, keySize);
     LOGDH("DHencrypt: BF keysize is %d", keySize);
-    ret = EVP_EncryptInit_ex(&ctx, NULL, NULL, (unsigned char *)dhimpl->m_key,
+    ret = EVP_EncryptInit_ex(ctx, NULL, NULL, (unsigned char *)dhimpl->m_key,
                              NULL);
   } else if (dhimpl->m_skAlgo == "DESede") {
-    ret = EVP_EncryptInit_ex(&ctx, cipherFunc, NULL,
+    ret = EVP_EncryptInit_ex(ctx, cipherFunc, NULL,
                              (unsigned char *)dhimpl->m_key,
                              (unsigned char *)dhimpl->m_key + 24);
   }
 
   LOGDH(" DHencrypt: init ret %d", ret);
 
-  if (!EVP_EncryptUpdate(&ctx, ciphertext, &outlen, cleartext, len)) {
+  if (!EVP_EncryptUpdate(ctx, ciphertext, &outlen, cleartext, len)) {
     LOGDH(" DHencrypt: enc update ret NULL");
     return NULL;
   }
@@ -396,14 +406,14 @@ unsigned char *gf_encryptDH(void *dhCtx, const unsigned 
char *cleartext,
    */
   tmplen = 0;
 
-  if (!EVP_EncryptFinal_ex(&ctx, ciphertext + outlen, &tmplen)) {
+  if (!EVP_EncryptFinal_ex(ctx, ciphertext + outlen, &tmplen)) {
     LOGDH("DHencrypt: enc final ret NULL");
     return NULL;
   }
 
   outlen += tmplen;
 
-  ret = EVP_CIPHER_CTX_cleanup(&ctx);
+  EVP_CIPHER_CTX_free(ctx);
 
   LOGDH("DHencrypt: in len is %d, out len is %d", len, outlen);
 
@@ -426,8 +436,7 @@ unsigned char *gf_decryptDH(void *dhCtx, const unsigned 
char *cleartext,
   unsigned char *ciphertext =
       new unsigned char[len + 50];  // give enough room for padding
   int outlen, tmplen;
-  EVP_CIPHER_CTX ctx;
-  EVP_CIPHER_CTX_init(&ctx);
+  EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
 
   int ret = -123;
 
@@ -436,27 +445,27 @@ unsigned char *gf_decryptDH(void *dhCtx, const unsigned 
char *cleartext,
   // init openssl cipher context
   if (dhimpl->m_skAlgo == "AES") {
     int keySize = dhimpl->m_keySize > 128 ? dhimpl->m_keySize / 8 : 16;
-    ret = EVP_DecryptInit_ex(&ctx, cipherFunc, NULL,
+    ret = EVP_DecryptInit_ex(ctx, cipherFunc, NULL,
                              (unsigned char *)dhimpl->m_key,
                              (unsigned char *)dhimpl->m_key + keySize);
   } else if (dhimpl->m_skAlgo == "Blowfish") {
     int keySize = dhimpl->m_keySize > 128 ? dhimpl->m_keySize / 8 : 16;
-    ret = EVP_DecryptInit_ex(&ctx, cipherFunc, NULL, NULL,
+    ret = EVP_DecryptInit_ex(ctx, cipherFunc, NULL, NULL,
                              (unsigned char *)dhimpl->m_key + keySize);
     LOGDH("DHencrypt: init BF ret %d", ret);
-    EVP_CIPHER_CTX_set_key_length(&ctx, keySize);
+    EVP_CIPHER_CTX_set_key_length(ctx, keySize);
     LOGDH("DHencrypt: BF keysize is %d", keySize);
-    ret = EVP_DecryptInit_ex(&ctx, NULL, NULL, (unsigned char *)dhimpl->m_key,
+    ret = EVP_DecryptInit_ex(ctx, NULL, NULL, (unsigned char *)dhimpl->m_key,
                              NULL);
   } else if (dhimpl->m_skAlgo == "DESede") {
-    ret = EVP_DecryptInit_ex(&ctx, cipherFunc, NULL,
+    ret = EVP_DecryptInit_ex(ctx, cipherFunc, NULL,
                              (unsigned char *)dhimpl->m_key,
                              (unsigned char *)dhimpl->m_key + 24);
   }
 
   LOGDH(" DHencrypt: init ret %d", ret);
 
-  if (!EVP_DecryptUpdate(&ctx, ciphertext, &outlen, cleartext, len)) {
+  if (!EVP_DecryptUpdate(ctx, ciphertext, &outlen, cleartext, len)) {
     LOGDH(" DHencrypt: enc update ret NULL");
     return NULL;
   }
@@ -465,14 +474,14 @@ unsigned char *gf_decryptDH(void *dhCtx, const unsigned 
char *cleartext,
    */
   tmplen = 0;
 
-  if (!EVP_DecryptFinal_ex(&ctx, ciphertext + outlen, &tmplen)) {
+  if (!EVP_DecryptFinal_ex(ctx, ciphertext + outlen, &tmplen)) {
     LOGDH("DHencrypt: enc final ret NULL");
     return NULL;
   }
 
   outlen += tmplen;
 
-  ret = EVP_CIPHER_CTX_cleanup(&ctx);
+  EVP_CIPHER_CTX_free(ctx);
 
   LOGDH("DHencrypt: in len is %d, out len is %d", len, outlen);
 
@@ -523,25 +532,21 @@ bool gf_verifyDH(void *dhCtx, const char *subject,
     return false;
   }
 
-  int rsalen ATTR_UNUSED = RSA_size(evpkey->pkey.rsa);
+  RSA* dh = EVP_PKEY_get1_RSA(evpkey);
 
-  LOGDH("Challenge response length is %d, rsalen is %d\n", responseLen, 
rsalen);
-
-  if (cert->sig_alg->algorithm != NULL) {
-    LOGDH("algo %s -- %s \n", cert->sig_alg->algorithm->sn,
-          cert->sig_alg->algorithm->ln);
-  } else {
+  const ASN1_OBJECT *macobj;
+  const X509_ALGOR *algorithm;
+  X509_ALGOR_get0(&macobj, NULL, NULL, algorithm);
+  if (algorithm == NULL) {
     LOGDH("algo is null \n");
   }
 
-  LOGDH("after algo name in DHimp = %s\n", cert->name);
-  const EVP_MD *signatureDigest = 
EVP_get_digestbyobj(cert->sig_alg->algorithm);
+  const EVP_MD *signatureDigest = EVP_get_digestbyobj(macobj);
   LOGDH("after EVP_get_digestbyobj  :  err(%d): %s", ERR_get_error(),
         ERR_error_string(ERR_get_error(), NULL));
-  EVP_MD_CTX signatureCtx;
-  EVP_MD_CTX_init(&signatureCtx);
+  EVP_MD_CTX* signatureCtx = EVP_MD_CTX_new();
 
-  int result1 = EVP_VerifyInit_ex(&signatureCtx, signatureDigest, NULL);
+  int result1 = EVP_VerifyInit_ex(signatureCtx, signatureDigest, NULL);
   LOGDH("after EVP_VerifyInit_ex ret %d : err(%d): %s", result1,
         ERR_get_error(), ERR_error_string(ERR_get_error(), NULL));
   LOGDH(" Result of VerifyInit is %s \n", ERR_lib_error_string(result1));
@@ -550,15 +555,15 @@ bool gf_verifyDH(void *dhCtx, const char *subject,
 
   LOGDH(" Result of VerifyInit is %d", result1);
 
-  int result2 = EVP_VerifyUpdate(&signatureCtx, challenge, challengeLen);
+  int result2 = EVP_VerifyUpdate(signatureCtx, challenge, challengeLen);
   LOGDH(" Result of VerifyUpdate is %d", result2);
 
-  int result3 = EVP_VerifyFinal(&signatureCtx, response, responseLen, evpkey);
+  int result3 = EVP_VerifyFinal(signatureCtx, response, responseLen, evpkey);
   LOGDH(" Result of VerifyFinal is %d", result3);
 
   bool result = (result1 == 1 && result2 == 1 && result3 == 1);
 
-  EVP_MD_CTX_cleanup(&signatureCtx);
+  EVP_MD_CTX_free(signatureCtx);
 
   if (result == false) {
     *reason = DH_ERR_INVALID_SIGN;
@@ -574,21 +579,22 @@ int DH_PUBKEY_set(DH_PUBKEY **x, EVP_PKEY *pkey) {
   unsigned char *s, *p = NULL;
   int i;
   ASN1_INTEGER *asn1int = NULL;
+  DH *dh = EVP_PKEY_get1_DH(pkey);
 
   if (x == NULL) return (0);
 
   if ((pk = DH_PUBKEY_new()) == NULL) goto err;
   a = pk->algor;
 
-  LOGDH(" key type for OBJ NID is %d", pkey->type);
+  LOGDH(" key type for OBJ NID is %d", EVP_PKEY_base_id(pkey));
 
   /* set the algorithm id */
-  if ((o = OBJ_nid2obj(pkey->type)) == NULL) goto err;
+  if ((o = OBJ_nid2obj(EVP_PKEY_base_id(pkey))) == NULL) goto err;
   ASN1_OBJECT_free(a->algorithm);
   a->algorithm = o;
 
   /* Set the parameter list */
-  if (!pkey->save_parameters || (pkey->type == EVP_PKEY_RSA)) {
+  if (EVP_PKEY_base_id(pkey) == EVP_PKEY_RSA) {
     if ((a->parameter == NULL) || (a->parameter->type != V_ASN1_NULL)) {
       ASN1_TYPE_free(a->parameter);
       if (!(a->parameter = ASN1_TYPE_new())) {
@@ -597,11 +603,8 @@ int DH_PUBKEY_set(DH_PUBKEY **x, EVP_PKEY *pkey) {
       }
       a->parameter->type = V_ASN1_NULL;
     }
-  } else if (pkey->type == EVP_PKEY_DH) {
+  } else if (EVP_PKEY_base_id(pkey) == EVP_PKEY_DH) {
     unsigned char *pp;
-    DH *dh;
-
-    dh = pkey->pkey.dh;
     ASN1_TYPE_free(a->parameter);
     if ((i = i2d_DHparams(dh, NULL)) <= 0) goto err;
     if (!(p = reinterpret_cast<unsigned char *>(OPENSSL_malloc(i)))) {
@@ -632,7 +635,10 @@ int DH_PUBKEY_set(DH_PUBKEY **x, EVP_PKEY *pkey) {
     goto err;
   }
 
-  asn1int = BN_to_ASN1_INTEGER(pkey->pkey.dh->pub_key, NULL);
+  const BIGNUM* pub_key, *priv_key;
+  DH_get0_key(dh, &pub_key, &priv_key);
+
+  asn1int = BN_to_ASN1_INTEGER(pub_key, NULL);
   if ((i = i2d_ASN1_INTEGER(asn1int, NULL)) <= 0) goto err;
   if ((s = reinterpret_cast<unsigned char *>(OPENSSL_malloc(i + 1))) == NULL) {
     X509err(X509_F_X509_PUBKEY_SET, ERR_R_MALLOC_FAILURE);
@@ -640,7 +646,7 @@ int DH_PUBKEY_set(DH_PUBKEY **x, EVP_PKEY *pkey) {
   }
   p = s;
   i2d_ASN1_INTEGER(asn1int, &p);
-  if (!M_ASN1_BIT_STRING_set(pk->public_key, s, i)) {
+  if (!ASN1_BIT_STRING_set((ASN1_STRING*)pk->public_key, s, i)) {
     X509err(X509_F_X509_PUBKEY_SET, ERR_R_MALLOC_FAILURE);
     goto err;
   }
@@ -670,42 +676,57 @@ EVP_PKEY *DH_PUBKEY_get(DH_PUBKEY *key) {
   X509_ALGOR *a;
   ASN1_INTEGER *asn1int = NULL;
 
-  if (key == NULL) goto err;
+  if (key == NULL) {
+    if (asn1int != NULL) ASN1_INTEGER_free(asn1int);
+    if (ret != NULL) EVP_PKEY_free(ret);
+    return (NULL);
+  }
 
   if (key->pkey != NULL) {
-    CRYPTO_add(&key->pkey->references, 1, CRYPTO_LOCK_EVP_PKEY);
+    EVP_PKEY_up_ref(key->pkey);
     return (key->pkey);
   }
 
-  if (key->public_key == NULL) goto err;
+  if (key->public_key == NULL) {
+    if (asn1int != NULL) ASN1_INTEGER_free(asn1int);
+    if (ret != NULL) EVP_PKEY_free(ret);
+    return (NULL);
+  }
 
   type = OBJ_obj2nid(key->algor->algorithm);
 
   LOGDH("DHPUBKEY type is %d", type);
 
   if ((ret = EVP_PKEY_new()) == NULL) {
-    X509err(X509_F_X509_PUBKEY_GET, ERR_R_MALLOC_FAILURE);
-    goto err;
+    X509err(X509_F_X509_PUBKEY_DECODE, ERR_R_MALLOC_FAILURE);
+    if (asn1int != NULL) ASN1_INTEGER_free(asn1int);
+    if (ret != NULL) EVP_PKEY_free(ret);
+    return (NULL);
   }
-  ret->type = EVP_PKEY_type(type);
 
-  LOGDH(" DHPUBKEY evppkey type is %d", ret->type);
+  LOGDH(" DHPUBKEY evppkey type is %d", EVP_PKEY_base_id(ret));
 
   /* the parameters must be extracted before the public key */
 
   a = key->algor;
 
-  if (ret->type == EVP_PKEY_DH) {
+  if (EVP_PKEY_base_id(ret) == EVP_PKEY_DH) {
     if (a->parameter && (a->parameter->type == V_ASN1_SEQUENCE)) {
-      if ((ret->pkey.dh = DH_new()) == NULL) {
-        X509err(X509_F_X509_PUBKEY_GET, ERR_R_MALLOC_FAILURE);
-        goto err;
+      if ((EVP_PKEY_set1_DH(ret, DH_new())) == 0) {
+        X509err(X509_F_X509_PUBKEY_DECODE, ERR_R_MALLOC_FAILURE);
+        if (asn1int != NULL) ASN1_INTEGER_free(asn1int);
+        if (ret != NULL) EVP_PKEY_free(ret);
+        return (NULL);
       }
       cp = p = a->parameter->value.sequence->data;
       j = a->parameter->value.sequence->length;
-      if (!d2i_DHparams(&ret->pkey.dh, &cp, j)) goto err;
+      DH* dh = EVP_PKEY_get1_DH(ret);
+      if (!d2i_DHparams(&dh, &cp, j)) {
+        if (asn1int != NULL) ASN1_INTEGER_free(asn1int);
+        if (ret != NULL) EVP_PKEY_free(ret);
+        return (NULL);
+      }
     }
-    ret->save_parameters = 1;
   }
 
   p = key->public_key->data;
@@ -714,16 +735,13 @@ EVP_PKEY *DH_PUBKEY_get(DH_PUBKEY *key) {
   asn1int = d2i_ASN1_INTEGER(NULL, &p, j);
   LOGDH("after d2i asn1 integer ptr is %p", asn1int);
 
-  ret->pkey.dh->pub_key = ASN1_INTEGER_to_BN(asn1int, NULL);
-  LOGDH(" after asn1int to bn ptr is %p", ret->pkey.dh->pub_key);
+  DH* dh = EVP_PKEY_get1_DH(ret);
+  DH_set0_key(dh, ASN1_INTEGER_to_BN(asn1int, NULL), NULL);
+  //LOGDH(" after asn1int to bn ptr is %p", ret->pkey.dh->pub_key);
 
   key->pkey = ret;
-  CRYPTO_add(&ret->references, 1, CRYPTO_LOCK_EVP_PKEY);
+  EVP_PKEY_up_ref(ret);
 
   if (asn1int != NULL) ASN1_INTEGER_free(asn1int);
   return (ret);
-err:
-  if (asn1int != NULL) ASN1_INTEGER_free(asn1int);
-  if (ret != NULL) EVP_PKEY_free(ret);
-  return (NULL);
 }
diff --git a/dependencies/ACE/CMakeLists.txt b/dependencies/ACE/CMakeLists.txt
index 2adf2f35..e351ec10 100644
--- a/dependencies/ACE/CMakeLists.txt
+++ b/dependencies/ACE/CMakeLists.txt
@@ -15,8 +15,8 @@
 
 project( ACE )
 
-set( ${PROJECT_NAME}_VERSION 6.4.4 )
-set( ${PROJECT_NAME}_SHA265 
95d6c36b7f5f410006e54fe47c8912cf88fe82738bf4baf4a370fac8c716213b )
+set( ${PROJECT_NAME}_VERSION 6.4.5 )
+set( ${PROJECT_NAME}_SHA265 
8e10b2d6c72fd7cf1dc08d1114be1e4dedf54b67aea3f36c497ae87c9463ff5d )
 string(REPLACE "." "_" _VERSION_UNDERSCORE ${${PROJECT_NAME}_VERSION})
 set( ${PROJECT_NAME}_URL 
"https://github.com/DOCGroup/ACE_TAO/releases/download/ACE%2BTAO-${_VERSION_UNDERSCORE}/ACE.tar.gz";
 )
 set( ${PROJECT_NAME}_EXTERN ${PROJECT_NAME}-extern )
diff --git a/dependencies/openssl/CMakeLists.txt 
b/dependencies/openssl/CMakeLists.txt
index 33d80d8f..23233374 100644
--- a/dependencies/openssl/CMakeLists.txt
+++ b/dependencies/openssl/CMakeLists.txt
@@ -15,8 +15,8 @@
 
 project( openssl C )
 
-set( ${PROJECT_NAME}_VERSION 1.0.2l )
-set( ${PROJECT_NAME}_SHA265 
ce07195b659e75f4e1db43552860070061f156a98bb37b672b101ba6e3ddf30c )
+set( ${PROJECT_NAME}_VERSION 1.1.0 )
+set( ${PROJECT_NAME}_SHA265 
f5c69ff9ac1472c80b868efc1c1c0d8dcfc746d29ebe563de2365dd56dbd8c82 )
 set( ${PROJECT_NAME}_URL 
"https://www.openssl.org/source/openssl-${${PROJECT_NAME}_VERSION}.tar.gz"; )
 set( ${PROJECT_NAME}_EXTERN ${PROJECT_NAME}-extern )
 
@@ -49,11 +49,9 @@ elseif ("Darwin" STREQUAL ${CMAKE_SYSTEM_NAME})
   set( openssl_PLATFORM darwin64-x86_64-cc )
 elseif ("Windows" STREQUAL ${CMAKE_SYSTEM_NAME})
   if (64 EQUAL ${BUILD_BITS})
-    set( openssl_PLATFORM $<$<CONFIG:Debug>:debug->VC-WIN64A )
-       set( openssl_WINDOWS_CMD cmd /c ms\\do_win64a)
+    set( openssl_PLATFORM $<$<CONFIG:Debug>:debug->VC-WIN64A no-asm )
   else()
     set( openssl_PLATFORM $<$<CONFIG:Debug>:debug->VC-WIN32 no-asm)
-       set( openssl_WINDOWS_CMD cmd /c ms\\do_ms)
   endif()
 endif()
 
@@ -63,9 +61,9 @@ endif()
 
 if (${WIN32})
   # Keeps separate release/debug objects in build script
-  set ( _CONFIGURE_COMMAND ${PERL} Configure 
--prefix=<INSTALL_DIR>/${_DEBUG_OR_RELEASE} ${openssl_CONFIGURE_FLAGS} 
${openssl_PLATFORM} COMMAND ${openssl_WINDOWS_CMD})
-  set ( _BUILD_COMMAND nmake /f ms\\ntdll.mak )
-  set ( _INSTALL_COMMAND nmake /f ms\\ntdll.mak install )
+  set ( _CONFIGURE_COMMAND ${PERL} Configure ${openssl_PLATFORM} 
--prefix=<INSTALL_DIR>/${_DEBUG_OR_RELEASE} 
--openssldir=<INSTALL_DIR>/${_DEBUG_OR_RELEASE} ${openssl_CONFIGURE_FLAGS} )
+  set ( _BUILD_COMMAND nmake )
+  set ( _INSTALL_COMMAND nmake install )
 else()
    # TODO Configure trips up without MAKE
   set ( _CONFIGURE_COMMAND MAKE=$(MAKE) ./Configure threads zlib shared 
--prefix=<INSTALL_DIR>/${_DEBUG_OR_RELEASE} ${openssl_CONFIGURE_FLAGS} 
${openssl_PLATFORM} )
@@ -92,26 +90,14 @@ set( ${PROJECT_NAME}_INSTALL_DIR 
${INSTALL_DIR}/${_DEBUG_OR_RELEASE} )
 set( DEPENDENCIES_${PROJECT_NAME}_DIR ${${PROJECT_NAME}_INSTALL_DIR} 
PARENT_SCOPE)
 
 if (${WIN32})
-  set( CRYPTO_NAME libeay32 )
-  set( SSL_NAME ssleay32 )
+  set( CRYPTO_NAME libcrypto )
+  set( SSL_NAME libssl )
 else()
   set( CRYPTO_NAME crypto )
   set( SSL_NAME ssl )
   set( CMAKE_LINK_LIBRARY_SUFFIX ${CMAKE_SHARED_LIBRARY_SUFFIX})
 endif()
 
-if ("SunOS" STREQUAL ${CMAKE_SYSTEM_NAME})
-ExternalProject_Add_Step( ${${PROJECT_NAME}_EXTERN} patches
-    BYPRODUCTS ${${PROJECT_NAME}_SOURCE_DIR}/Configure
-    ALWAYS 0
-    DEPENDEES download
-    DEPENDERS patch
-    DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/patches
-    WORKING_DIRECTORY ${${PROJECT_NAME}_SOURCE_DIR}
-    COMMAND ${PATCH} -u -N -p1 < ${CMAKE_CURRENT_SOURCE_DIR}/patches
-)
-endif()
-
 add_library(ssl INTERFACE)
 target_include_directories(ssl INTERFACE
   $<BUILD_INTERFACE:${${PROJECT_NAME}_INSTALL_DIR}/include>
diff --git a/dependencies/openssl/patches b/dependencies/openssl/patches
deleted file mode 100644
index 2e1a656d..00000000
--- a/dependencies/openssl/patches
+++ /dev/null
@@ -1,13 +0,0 @@
-diff -ru a/Configure b/Configure
---- a/Configure    2015-12-03 06:48:58.000000000 -0800
-+++ b/Configure       2015-12-17 04:11:33.900916627 -0800
-@@ -255,7 +255,7 @@
-  
- #### Solaris x86 with Sun C setups
- "solaris-x86-cc","cc:-fast -xarch=generic -O -Xa::-D_REENTRANT::-lsocket 
-lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL 
BF_PTR:${no_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z 
text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
--"solaris64-x86_64-cc","cc:-fast -xarch=amd64 -xstrconst -Xa 
-DL_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK 
DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:solaris-shared:-KPIC:-xarch=amd64 -G 
-dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/64",
-+"solaris64-x86_64-cc","cc:-fast -m64 -xchip=generic -xstrconst -Xa 
-DL_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK 
DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:solaris-shared:-KPIC:-m64 -G -dy -z 
text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):::/64",
- 
- #### SPARC Solaris with GNU C setups
- "solaris-sparcv7-gcc","gcc:-O3 -fomit-frame-pointer -Wall -DB_ENDIAN 
-DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK 
DES_UNROLL 
BF_PTR:${no_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
-
diff --git a/dhimpl/DHImpl.cpp b/dhimpl/DHImpl.cpp
index c86e6189..cd49cd53 100644
--- a/dhimpl/DHImpl.cpp
+++ b/dhimpl/DHImpl.cpp
@@ -88,27 +88,32 @@ ASN1_SEQUENCE(
 
   m_dh = DH_new();
 
-  LOGDH(" DHInit: P ptr is %p", m_dh->p);
-  LOGDH(" DHInit: G ptr is %p", m_dh->g);
-  LOGDH(" DHInit: length is %d", m_dh->length);
-
   int ret = -1;
 
-  ret = BN_dec2bn(&m_dh->p, dhP);
+  const BIGNUM* pbn,* gbn;
+  DH_get0_pqg(m_dh, &pbn, NULL, &gbn);
+  ret = BN_dec2bn((BIGNUM**)&pbn, dhP);
   LOGDH(" DHInit: BN_dec2bn dhP ret %d", ret);
 
-  ret = BN_dec2bn(&m_dh->g, dhG);
+  LOGDH(" DHInit: P ptr is %p", pbn);
+  LOGDH(" DHInit: G ptr is %p", gbn);
+  LOGDH(" DHInit: length is %d", DH_get_length(m_dh));
+
+  ret = BN_dec2bn((BIGNUM**)&gbn, dhP);
   LOGDH(" DHInit: BN_dec2bn dhG ret %d", ret);
 
-  m_dh->length = dhL;
+  DH_set_length(m_dh, dhL);
 
   ret = DH_generate_key(m_dh);
   LOGDH(" DHInit: DH_generate_key ret %d", ret);
 
-  ret = BN_num_bits(m_dh->priv_key);
+  const BIGNUM* pub_key, *priv_key;
+  DH_get0_key(m_dh, &pub_key, &priv_key);
+
+  ret = BN_num_bits(priv_key);
   LOGDH(" DHInit: BN_num_bits priv_key is %d", ret);
 
-  ret = BN_num_bits(m_dh->pub_key);
+  ret = BN_num_bits(pub_key);
   LOGDH(" DHInit: BN_num_bits pub_key is %d", ret);
 
   int codes = 0;
@@ -177,11 +182,14 @@ void gf_clearDhKeys(void) {
 }
 
 unsigned char *gf_getPublicKey(int *pLen) {
-  if (m_dh->pub_key == NULL || pLen == NULL) {
+  const BIGNUM* pub_key, *priv_key;
+  DH_get0_key(m_dh, &pub_key, &priv_key);
+
+  if (pub_key == NULL || pLen == NULL) {
     return NULL;
   }
 
-  int numBytes = BN_num_bytes(m_dh->pub_key);
+  int numBytes = BN_num_bytes(pub_key);
 
   if (numBytes <= 0) {
     return NULL;
@@ -228,7 +236,11 @@ void gf_setPublicKeyOther(const unsigned char *pubkey, int 
length) {
   EVP_PKEY *evppkey = DH_PUBKEY_get(dhpubkey);
   LOGDH(" setPubKeyOther: after dhpubkey get evp ptr is %p", evppkey);
   LOGDH(" setPubKeyOther: before BNdup ptr is %p", m_pubKeyOther);
-  m_pubKeyOther = BN_dup(evppkey->pkey.dh->pub_key);
+
+  const BIGNUM* pub_key, *priv_key;
+  DH* dh = EVP_PKEY_get1_DH(evppkey);
+  DH_get0_key(dh, &pub_key, &priv_key);
+  m_pubKeyOther = BN_dup(pub_key);
   LOGDH(" setPubKeyOther: after BNdup ptr is %p", m_pubKeyOther);
   EVP_PKEY_free(evppkey);
   DH_PUBKEY_free(dhpubkey);
@@ -335,8 +347,7 @@ unsigned char *gf_encryptDH(const unsigned char *cleartext, 
int len,
   unsigned char *ciphertext =
       new unsigned char[len + 50];  // give enough room for padding
   int outlen, tmplen;
-  EVP_CIPHER_CTX ctx;
-  EVP_CIPHER_CTX_init(&ctx);
+  EVP_CIPHER_CTX* ctx = EVP_CIPHER_CTX_new();
 
   int ret = -123;
 
@@ -345,24 +356,24 @@ unsigned char *gf_encryptDH(const unsigned char 
*cleartext, int len,
   // init openssl cipher context
   if (m_skAlgo == "AES") {
     int keySize = m_keySize > 128 ? m_keySize / 8 : 16;
-    ret = EVP_EncryptInit_ex(&ctx, cipherFunc, NULL, (unsigned char *)m_key,
+    ret = EVP_EncryptInit_ex(ctx, cipherFunc, NULL, (unsigned char *)m_key,
                              (unsigned char *)m_key + keySize);
   } else if (m_skAlgo == "Blowfish") {
     int keySize = m_keySize > 128 ? m_keySize / 8 : 16;
-    ret = EVP_EncryptInit_ex(&ctx, cipherFunc, NULL, NULL,
+    ret = EVP_EncryptInit_ex(ctx, cipherFunc, NULL, NULL,
                              (unsigned char *)m_key + keySize);
     LOGDH("DHencrypt: init BF ret %d", ret);
-    EVP_CIPHER_CTX_set_key_length(&ctx, keySize);
+    EVP_CIPHER_CTX_set_key_length(ctx, keySize);
     LOGDH("DHencrypt: BF keysize is %d", keySize);
-    ret = EVP_EncryptInit_ex(&ctx, NULL, NULL, (unsigned char *)m_key, NULL);
+    ret = EVP_EncryptInit_ex(ctx, NULL, NULL, (unsigned char *)m_key, NULL);
   } else if (m_skAlgo == "DESede") {
-    ret = EVP_EncryptInit_ex(&ctx, cipherFunc, NULL, (unsigned char *)m_key,
+    ret = EVP_EncryptInit_ex(ctx, cipherFunc, NULL, (unsigned char *)m_key,
                              (unsigned char *)m_key + 24);
   }
 
   LOGDH(" DHencrypt: init ret %d", ret);
 
-  if (!EVP_EncryptUpdate(&ctx, ciphertext, &outlen, cleartext, len)) {
+  if (!EVP_EncryptUpdate(ctx, ciphertext, &outlen, cleartext, len)) {
     LOGDH(" DHencrypt: enc update ret NULL");
     return NULL;
   }
@@ -371,14 +382,14 @@ unsigned char *gf_encryptDH(const unsigned char 
*cleartext, int len,
    */
   tmplen = 0;
 
-  if (!EVP_EncryptFinal_ex(&ctx, ciphertext + outlen, &tmplen)) {
+  if (!EVP_EncryptFinal_ex(ctx, ciphertext + outlen, &tmplen)) {
     LOGDH("DHencrypt: enc final ret NULL");
     return NULL;
   }
 
   outlen += tmplen;
 
-  ret = EVP_CIPHER_CTX_cleanup(&ctx);
+  ret = EVP_CIPHER_CTX_cleanup(ctx);
 
   LOGDH("DHencrypt: in len is %d, out len is %d", len, outlen);
 
@@ -427,27 +438,25 @@ bool gf_verifyDH(const char *subject, const unsigned char 
*challenge,
     return false;
   }
 
-#ifdef _DEBUG
-  int rsalen = RSA_size(evpkey->pkey.rsa);
-  LOGDH("Challenge response length is %d, rsalen is %d", responseLen, rsalen);
-#endif
+  const ASN1_OBJECT *macobj;
+  const X509_ALGOR *algorithm;
+  X509_ALGOR_get0(&macobj, NULL, NULL, algorithm);
 
-  const EVP_MD *signatureDigest = 
EVP_get_digestbyobj(cert->sig_alg->algorithm);
-  EVP_MD_CTX signatureCtx;
-  EVP_MD_CTX_init(&signatureCtx);
+  const EVP_MD *signatureDigest = EVP_get_digestbyobj(macobj);
+  EVP_MD_CTX* signatureCtx = EVP_MD_CTX_new();
 
-  int result1 = EVP_VerifyInit_ex(&signatureCtx, signatureDigest, NULL);
+  int result1 = EVP_VerifyInit_ex(signatureCtx, signatureDigest, NULL);
   LOGDH(" Result of VerifyInit is %d", result1);
 
-  int result2 = EVP_VerifyUpdate(&signatureCtx, challenge, challengeLen);
+  int result2 = EVP_VerifyUpdate(signatureCtx, challenge, challengeLen);
   LOGDH(" Result of VerifyUpdate is %d", result2);
 
-  int result3 = EVP_VerifyFinal(&signatureCtx, response, responseLen, evpkey);
+  int result3 = EVP_VerifyFinal(signatureCtx, response, responseLen, evpkey);
   LOGDH(" Result of VerifyFinal is %d", result3);
 
   bool result = (result1 == 1 && result2 == 1 && result3 == 1);
 
-  EVP_MD_CTX_cleanup(&signatureCtx);
+  EVP_MD_CTX_free(signatureCtx);
 
   if (result == false) {
     *reason = DH_ERR_INVALID_SIGN;
@@ -463,21 +472,22 @@ int DH_PUBKEY_set(DH_PUBKEY **x, EVP_PKEY *pkey) {
   unsigned char *s, *p = NULL;
   int i;
   ASN1_INTEGER *asn1int = NULL;
+  DH* dh = EVP_PKEY_get1_DH(pkey);
 
   if (x == NULL) return (0);
 
   if ((pk = DH_PUBKEY_new()) == NULL) goto err;
   a = pk->algor;
 
-  LOGDH(" key type for OBJ NID is %d", pkey->type);
+  LOGDH(" key type for OBJ NID is %d", EVP_PKEY_base_id(pkey));
 
   /* set the algorithm id */
-  if ((o = OBJ_nid2obj(pkey->type)) == NULL) goto err;
+  if ((o = OBJ_nid2obj(EVP_PKEY_base_id(pkey))) == NULL) goto err;
   ASN1_OBJECT_free(a->algorithm);
   a->algorithm = o;
 
   /* Set the parameter list */
-  if (!pkey->save_parameters || (pkey->type == EVP_PKEY_RSA)) {
+  if (EVP_PKEY_base_id(pkey) == EVP_PKEY_RSA) {
     if ((a->parameter == NULL) || (a->parameter->type != V_ASN1_NULL)) {
       ASN1_TYPE_free(a->parameter);
       if (!(a->parameter = ASN1_TYPE_new())) {
@@ -486,11 +496,11 @@ int DH_PUBKEY_set(DH_PUBKEY **x, EVP_PKEY *pkey) {
       }
       a->parameter->type = V_ASN1_NULL;
     }
-  } else if (pkey->type == EVP_PKEY_DH) {
+  } else if (EVP_PKEY_base_id(pkey) == EVP_PKEY_DH) {
     unsigned char *pp;
-    DH *dh;
 
-    dh = pkey->pkey.dh;
+    const BIGNUM* pub_key, *priv_key;
+    DH_get0_key(dh, &pub_key, &priv_key);
     ASN1_TYPE_free(a->parameter);
     if ((i = i2d_DHparams(dh, NULL)) <= 0) goto err;
     if (!(p = reinterpret_cast<unsigned char *>(OPENSSL_malloc(i)))) {
@@ -521,7 +531,10 @@ int DH_PUBKEY_set(DH_PUBKEY **x, EVP_PKEY *pkey) {
     goto err;
   }
 
-  asn1int = BN_to_ASN1_INTEGER(pkey->pkey.dh->pub_key, NULL);
+  const BIGNUM* pub_key, *priv_key;
+  DH_get0_key(dh, &pub_key, &priv_key);
+
+  asn1int = BN_to_ASN1_INTEGER(pub_key, NULL);
   if ((i = i2d_ASN1_INTEGER(asn1int, NULL)) <= 0) goto err;
   if ((s = reinterpret_cast<unsigned char *>(OPENSSL_malloc(i + 1))) == NULL) {
     X509err(X509_F_X509_PUBKEY_SET, ERR_R_MALLOC_FAILURE);
@@ -529,7 +542,7 @@ int DH_PUBKEY_set(DH_PUBKEY **x, EVP_PKEY *pkey) {
   }
   p = s;
   i2d_ASN1_INTEGER(asn1int, &p);
-  if (!M_ASN1_BIT_STRING_set(pk->public_key, s, i)) {
+  if (!ASN1_BIT_STRING_set(pk->public_key, s, i)) {
     X509err(X509_F_X509_PUBKEY_SET, ERR_R_MALLOC_FAILURE);
     goto err;
   }
@@ -559,42 +572,56 @@ EVP_PKEY *DH_PUBKEY_get(DH_PUBKEY *key) {
   X509_ALGOR *a;
   ASN1_INTEGER *asn1int = NULL;
 
-  if (key == NULL) goto err;
+  if (key == NULL) {
+    EVP_PKEY_up_ref(key->pkey);
+    return (key->pkey);
+  }
 
   if (key->pkey != NULL) {
-    CRYPTO_add(&key->pkey->references, 1, CRYPTO_LOCK_EVP_PKEY);
+    EVP_PKEY_up_ref(key->pkey);
     return (key->pkey);
   }
 
-  if (key->public_key == NULL) goto err;
+  if (key->public_key == NULL) {
+    if (asn1int != NULL) ASN1_INTEGER_free(asn1int);
+    if (ret != NULL) EVP_PKEY_free(ret);
+    return (NULL);
+  }
 
   type = OBJ_obj2nid(key->algor->algorithm);
 
   LOGDH("DHPUBKEY type is %d", type);
 
   if ((ret = EVP_PKEY_new()) == NULL) {
-    X509err(X509_F_X509_PUBKEY_GET, ERR_R_MALLOC_FAILURE);
-    goto err;
+    X509err(X509_F_X509_PUBKEY_DECODE, ERR_R_MALLOC_FAILURE);
+    if (asn1int != NULL) ASN1_INTEGER_free(asn1int);
+    if (ret != NULL) EVP_PKEY_free(ret);
+    return (NULL);
   }
-  ret->type = EVP_PKEY_type(type);
 
-  LOGDH(" DHPUBKEY evppkey type is %d", ret->type);
+  LOGDH(" DHPUBKEY evppkey type is %d", EVP_PKEY_base_id(ret));
 
   /* the parameters must be extracted before the public key */
 
   a = key->algor;
 
-  if (ret->type == EVP_PKEY_DH) {
+  if (EVP_PKEY_base_id(ret) == EVP_PKEY_DH) {
     if (a->parameter && (a->parameter->type == V_ASN1_SEQUENCE)) {
-      if ((ret->pkey.dh = DH_new()) == NULL) {
-        X509err(X509_F_X509_PUBKEY_GET, ERR_R_MALLOC_FAILURE);
-        goto err;
+      if ((EVP_PKEY_set1_DH(ret, DH_new())) == 0) {
+        X509err(X509_F_X509_PUBKEY_DECODE, ERR_R_MALLOC_FAILURE);
+        if (asn1int != NULL) ASN1_INTEGER_free(asn1int);
+        if (ret != NULL) EVP_PKEY_free(ret);
+        return (NULL);
       }
       cp = p = a->parameter->value.sequence->data;
       j = a->parameter->value.sequence->length;
-      if (!d2i_DHparams(&ret->pkey.dh, &cp, j)) goto err;
+      DH* dh = EVP_PKEY_get1_DH(ret);
+      if (!d2i_DHparams(&dh, &cp, j)) {
+        if (asn1int != NULL) ASN1_INTEGER_free(asn1int);
+        if (ret != NULL) EVP_PKEY_free(ret);
+        return (NULL);
+      }
     }
-    ret->save_parameters = 1;
   }
 
   p = key->public_key->data;
@@ -603,11 +630,11 @@ EVP_PKEY *DH_PUBKEY_get(DH_PUBKEY *key) {
   asn1int = d2i_ASN1_INTEGER(NULL, &p, j);
   LOGDH("after d2i asn1 integer ptr is %p", asn1int);
 
-  ret->pkey.dh->pub_key = ASN1_INTEGER_to_BN(asn1int, NULL);
-  LOGDH(" after asn1int to bn ptr is %p", ret->pkey.dh->pub_key);
+  DH* dh = EVP_PKEY_get1_DH(ret);
+  DH_set0_key(dh, ASN1_INTEGER_to_BN(asn1int, NULL), NULL);
 
   key->pkey = ret;
-  CRYPTO_add(&ret->references, 1, CRYPTO_LOCK_EVP_PKEY);
+  EVP_PKEY_up_ref(key->pkey);
 
   if (asn1int != NULL) ASN1_INTEGER_free(asn1int);
   return (ret);
diff --git a/templates/security/PkcsAuthInit.cpp 
b/templates/security/PkcsAuthInit.cpp
index ebae246d..51a49330 100644
--- a/templates/security/PkcsAuthInit.cpp
+++ b/templates/security/PkcsAuthInit.cpp
@@ -38,17 +38,20 @@ uint8_t* createSignature(EVP_PKEY* key, X509* cert,
     return NULL;
   }
 
-  const EVP_MD* signatureDigest = 
EVP_get_digestbyobj(cert->sig_alg->algorithm);
-  EVP_MD_CTX signatureCtx;
-  EVP_MD_CTX_init(&signatureCtx);
+  const ASN1_OBJECT *macobj;
+  const X509_ALGOR *algorithm;
+  X509_ALGOR_get0(&macobj, NULL, NULL, algorithm);
+  const EVP_MD* signatureDigest = EVP_get_digestbyobj(macobj);
+
+  EVP_MD_CTX* signatureCtx = EVP_MD_CTX_new();
   uint8_t* signatureData = new uint8_t[EVP_PKEY_size(key)];
 
   bool result =
-      (EVP_SignInit_ex(&signatureCtx, signatureDigest, NULL) &&
-       EVP_SignUpdate(&signatureCtx, inputBuffer, inputBufferLen) &&
-       EVP_SignFinal(&signatureCtx, signatureData, signatureLen, key));
+      (EVP_SignInit_ex(signatureCtx, signatureDigest, NULL) &&
+       EVP_SignUpdate(signatureCtx, inputBuffer, inputBufferLen) &&
+       EVP_SignFinal(signatureCtx, signatureData, signatureLen, key));
 
-  EVP_MD_CTX_cleanup(&signatureCtx);
+  EVP_MD_CTX_free(signatureCtx);
   if (result) {
     return signatureData;
   }
diff --git a/tests/cpp/security/PkcsAuthInit.cpp 
b/tests/cpp/security/PkcsAuthInit.cpp
index f17b59e1..26889ba4 100644
--- a/tests/cpp/security/PkcsAuthInit.cpp
+++ b/tests/cpp/security/PkcsAuthInit.cpp
@@ -58,15 +58,17 @@ uint8_t* createSignature(EVP_PKEY* key, X509* cert,
   if (key == NULL || cert == NULL || inputBuffer == NULL) {
     return NULL;
   }
-  const EVP_MD* signatureDigest = 
EVP_get_digestbyobj(cert->sig_alg->algorithm);
-  EVP_MD_CTX signatureCtx;
-  EVP_MD_CTX_init(&signatureCtx);
+  const ASN1_OBJECT *macobj;
+  const X509_ALGOR *algorithm;
+  X509_ALGOR_get0(&macobj, NULL, NULL, algorithm);
+  const EVP_MD* signatureDigest = EVP_get_digestbyobj(macobj);
+  EVP_MD_CTX* signatureCtx = EVP_MD_CTX_new();
   uint8_t* signatureData = new uint8_t[EVP_PKEY_size(key)];
   bool result =
-      (EVP_SignInit_ex(&signatureCtx, signatureDigest, NULL) &&
-       EVP_SignUpdate(&signatureCtx, inputBuffer, inputBufferLen) &&
-       EVP_SignFinal(&signatureCtx, signatureData, signatureLen, key));
-  EVP_MD_CTX_cleanup(&signatureCtx);
+      (EVP_SignInit_ex(signatureCtx, signatureDigest, NULL) &&
+       EVP_SignUpdate(signatureCtx, inputBuffer, inputBufferLen) &&
+       EVP_SignFinal(signatureCtx, signatureData, signatureLen, key));
+  EVP_MD_CTX_free(signatureCtx);
   if (result) {
     return signatureData;
   }


 

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
[email protected]


> Update support for OpenSSL to 1.2
> ---------------------------------
>
>                 Key: GEODE-3093
>                 URL: https://issues.apache.org/jira/browse/GEODE-3093
>             Project: Geode
>          Issue Type: Improvement
>          Components: docs, native client
>            Reporter: Jacob S. Barrett
>            Assignee: Jacob S. Barrett
>            Priority: Minor
>
> OpenSSL's current stable line is 1.1 and we should update our support to that 
> line for security purposes.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Reply via email to