Mon May 28 19:12:29 UTC 201820180528191229

a/pkgtools-15.0-noarch-13.txz:  Rebuilt.
  installpkg: default line length for --terselength is the number of columns.
  removepkg: added --terse mode.
  upgradepkg: default line length for --terselength is the number of columns.
  upgradepkg: accept -option in addition to --option.
ap/vim-8.1.0026-x86_64-1.txz:  Upgraded.
d/bison-3.0.5-x86_64-1.txz:  Upgraded.
e/emacs-26.1-x86_64-1.txz:  Upgraded.
kde/kopete-4.14.3-x86_64-8.txz:  Rebuilt.
  Recompiled against libidn-1.35.
n/conntrack-tools-1.4.5-x86_64-1.txz:  Upgraded.
n/libnetfilter_conntrack-1.0.7-x86_64-1.txz:  Upgraded.
n/libnftnl-1.1.0-x86_64-1.txz:  Upgraded.
n/links-2.16-x86_64-2.txz:  Rebuilt.
  Rebuilt to enable X driver for -g mode.
n/lynx-2.8.9dev.19-x86_64-1.txz:  Upgraded.
n/nftables-0.8.5-x86_64-1.txz:  Upgraded.
n/p11-kit-0.23.11-x86_64-1.txz:  Upgraded.
n/ulogd-2.0.7-x86_64-1.txz:  Upgraded.
n/whois-5.3.1-x86_64-1.txz:  Upgraded.
xap/network-manager-applet-1.8.12-x86_64-1.txz:  Upgraded.
xap/vim-gvim-8.1.0026-x86_64-1.txz:  Upgraded.

5 files changed, 1804 insertions, 40 deletions

diff --git a/source/l/qca/0011-use-_DEFAULT_SOURCE-instead-of-_BSD_SOURCE.patch b/source/l/qca/0011-use-_DEFAULT_SOURCE-instead-of-_BSD_SOURCE.patch
deleted file mode 100644
index f6514c745..000000000
--- a/source/l/qca/0011-use-_DEFAULT_SOURCE-instead-of-_BSD_SOURCE.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-From 1ff36f4030287f1c263eb344d84cd4a43b1546d2 Mon Sep 17 00:00:00 2001
-From: Rex Dieter <rdieter@math.unl.edu>
-Date: Thu, 19 Nov 2015 13:23:16 -0600
-Subject: [PATCH 11/11] use _DEFAULT_SOURCE instead of _BSD_SOURCE
-
-the former is used in other kde software in general, and
-the latter is generally deprecated on modern glibc's
----
- CMakeLists.txt | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/CMakeLists.txt b/CMakeLists.txt
-index dbce082..051ae6d 100644
---- a/CMakeLists.txt
-+++ b/CMakeLists.txt
-@@ -115,7 +115,7 @@ endif (WIN32)
- 
- if (CMAKE_COMPILER_IS_GNUCXX)
-    if (CMAKE_SYSTEM_NAME MATCHES Linux)
--     add_definitions (-D_BSD_SOURCE)
-+     add_definitions (-D_DEFAULT_SOURCE)
-      # on arm -Wcast-align throws many internal qt warning
-      if(NOT CMAKE_SYSTEM_PROCESSOR MATCHES "^arm")
-        set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wcast-align")
--- 
-2.5.0
-
diff --git a/source/l/qca/Add_support_for_OpenSSL_1.1.0.diff b/source/l/qca/Add_support_for_OpenSSL_1.1.0.diff
new file mode 100644
index 000000000..01d8bab5a
--- /dev/null
+++ b/source/l/qca/Add_support_for_OpenSSL_1.1.0.diff
@@ -0,0 +1,1720 @@
+From d58e20ee652038dc4ec4fe4765dc3639ed735526 Mon Sep 17 00:00:00 2001
+From: Fabian Vogt <fabian@ritter-vogt.de>
+Date: Sat, 16 Dec 2017 22:29:40 +0100
+Subject: Add support for OpenSSL 1.1.0
+
+Test Plan:
+Ran the testsuite with OpenSSL 1.1.0g and 1.0.2j, all passed.
+Using this code with kdeconnect and okteta successfully on my system now.
+
+Reviewers: iromanov
+
+Subscribers: anthonyfieroni, alonbl, heikobecker, cfeck, asturmlechner, bero, rdieter
+
+Differential Revision: https://phabricator.kde.org/D9416
+---
+ plugins/qca-ossl/ossl110-compat.h | 283 ++++++++++++++++++
+ plugins/qca-ossl/qca-ossl.cpp     | 583 ++++++++++++++++++++++++--------------
+ create mode 100644 plugins/qca-ossl/ossl110-compat.h
+
+diff --git a/plugins/qca-ossl/ossl110-compat.h b/plugins/qca-ossl/ossl110-compat.h
+new file mode 100644
+index 0000000..ec15475
+--- /dev/null
++++ b/plugins/qca-ossl/ossl110-compat.h
+@@ -0,0 +1,283 @@
++/*
++ * Copyright (C) 2017 Gabriel Souza Franco <gabrielfrancosouza@gmail.com>
++ *
++ * This library is free software; you can redistribute it and/or
++ * modify it under the terms of the GNU Lesser General Public
++ * License as published by the Free Software Foundation; either
++ * version 2.1 of the License, or (at your option) any later version.
++ *
++ * This library is distributed in the hope that it will be useful,
++ * but WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
++ * Lesser General Public License for more details.
++ *
++ * You should have received a copy of the GNU Lesser General Public
++ * License along with this library; if not, write to the Free Software
++ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA
++ *
++ */
++
++#ifndef OSSL110COMPAT_H
++#define OSSL110COMPAT_H
++
++#include <openssl/evp.h>
++#include <openssl/hmac.h>
++#include <openssl/rsa.h>
++#include <openssl/dsa.h>
++
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#define RSA_F_RSA_METH_DUP 161
++
++static void DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps)
++{
++    if (pr)
++        *pr = sig->r;
++    if (ps)
++        *ps = sig->s;
++}
++
++static int DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s)
++{
++    if (!sig) return 0;
++    sig->r = r;
++    sig->s = s;
++    return 1;
++}
++
++static void DSA_get0_pqg(const DSA *dsa, const BIGNUM **p, const BIGNUM **q, const BIGNUM **g)
++{
++    if (p)
++        *p = dsa->p;
++    if (q)
++        *q = dsa->q;
++    if (g)
++        *g = dsa->g;
++}
++
++static int DSA_set0_pqg(DSA *dsa, BIGNUM *p, BIGNUM *q, BIGNUM *g)
++{
++    if (!dsa) return 0;
++    dsa->p = p;
++    dsa->q = q;
++    dsa->g = g;
++    return 1;
++}
++
++static void RSA_get0_key(const RSA *rsa, const BIGNUM **n, const BIGNUM **e, const BIGNUM **d)
++{
++    if (n)
++        *n = rsa->n;
++    if (e)
++        *e = rsa->e;
++    if (d)
++        *d = rsa->d;
++}
++
++static int RSA_set0_key(RSA *rsa, BIGNUM *n, BIGNUM *e, BIGNUM *d)
++{
++    if (!rsa) return 0;
++    rsa->n = n;
++    rsa->e = e;
++    rsa->d = d;
++    return 1;
++}
++
++static void RSA_get0_factors(const RSA *rsa, const BIGNUM **p, const BIGNUM **q)
++{
++    if (p)
++        *p = rsa->p;
++    if (q)
++        *q = rsa->q;
++}
++
++static int RSA_set0_factors(RSA *rsa, BIGNUM *p, BIGNUM *q)
++{
++    if (!rsa) return 0;
++    rsa->p = p;
++    rsa->q = q;
++    return 1;
++}
++
++static void DH_get0_pqg(const DH *dh, const BIGNUM **p, const BIGNUM **q, const BIGNUM **g)
++{
++    if (p)
++        *p = dh->p;
++    if (q)
++        *q = dh->q;
++    if (g)
++        *g = dh->g;
++}
++
++static int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g)
++{
++    if (!dh) return 0;
++    dh->p = p;
++    dh->q = q;
++    dh->g = g;
++    return 1;
++}
++
++static void DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key)
++{
++    if (pub_key)
++        *pub_key = dh->pub_key;
++    if (priv_key)
++        *priv_key = dh->priv_key;
++}
++
++static int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key)
++{
++    if (!dh) return 0;
++    dh->pub_key = pub_key;
++    dh->priv_key = priv_key;
++    return 1;
++}
++
++static void DSA_get0_key(const DSA *dsa, const BIGNUM **pub_key, const BIGNUM **priv_key)
++{
++    if (pub_key)
++        *pub_key = dsa->pub_key;
++    if (priv_key)
++        *priv_key = dsa->priv_key;
++}
++
++static int DSA_set0_key(DSA *dsa, BIGNUM *pub_key, BIGNUM *priv_key)
++{
++    if (!dsa) return 0;
++    dsa->pub_key = pub_key;
++    dsa->priv_key = priv_key;
++    return 1;
++}
++
++static void X509_SIG_getm(const X509_SIG *sig, X509_ALGOR **palg, ASN1_OCTET_STRING **pdigest)
++{
++    if (palg)
++        *palg = sig->algor;
++    if (pdigest)
++        *pdigest = sig->digest;
++}
++
++static void X509_REQ_get0_signature(const X509_REQ *req, const ASN1_BIT_STRING **psig, const X509_ALGOR **palg)
++{
++    if (psig)
++        *psig = req->signature;
++    if (palg)
++        *palg = req->sig_alg;
++}
++
++static void X509_CRL_get0_signature(const X509_CRL *crl, const ASN1_BIT_STRING **psig, const X509_ALGOR **palg)
++{
++    if (psig)
++        *psig = crl->signature;
++    if (palg)
++        *palg = crl->sig_alg;
++}
++
++static RSA_METHOD *RSA_meth_dup(const RSA_METHOD *meth)
++{
++    if (!meth)
++        return NULL;
++
++    RSA_METHOD *_meth = (RSA_METHOD *) OPENSSL_malloc(sizeof(*_meth));
++
++    if (!_meth)
++    {
++        RSAerr(RSA_F_RSA_METH_DUP, ERR_R_MALLOC_FAILURE);
++        return NULL;
++    }
++
++    memcpy(_meth, meth, sizeof(*_meth));
++    _meth->name = strdup(meth->name);
++    if (!_meth->name) {
++        OPENSSL_free(_meth);
++        RSAerr(RSA_F_RSA_METH_DUP, ERR_R_MALLOC_FAILURE);
++        return NULL;
++    }
++
++    return _meth;
++}
++
++static int RSA_meth_set_priv_enc(RSA_METHOD *rsa, int (*priv_enc) (int flen, const unsigned char *from,
++    unsigned char *to, RSA *rsa, int padding))
++{
++    if (!rsa) return 0;
++    rsa->rsa_priv_enc = priv_enc;
++    return 1;
++}
++
++static int RSA_meth_set_priv_dec(RSA_METHOD *rsa, int (*priv_dec) (int flen, const unsigned char *from,
++    unsigned char *to, RSA *rsa, int padding))
++{
++    if (!rsa) return 0;
++    rsa->rsa_priv_dec = priv_dec;
++    return 1;
++}
++
++static int RSA_meth_set_sign(RSA_METHOD *meth, int (*sign) (int type, const unsigned char *m,
++    unsigned int m_length, unsigned char *sigret, unsigned int *siglen, const RSA *rsa))
++{
++    if (!meth) return 0;
++    meth->rsa_sign = sign;
++    return 1;
++}
++
++static int RSA_meth_set_verify(RSA_METHOD *meth, int (*verify) (int dtype, const unsigned char *m,
++    unsigned int m_length, const unsigned char *sigbuf, unsigned int siglen, const RSA *rsa))
++{
++    if (!meth) return 0;
++    meth->rsa_verify = verify;
++    return 1;
++}
++
++static int RSA_meth_set_finish(RSA_METHOD *meth, int (*finish) (RSA *rsa))
++{
++    if (!meth) return 0;
++    meth->finish = finish;
++    return 1;
++}
++
++static HMAC_CTX *HMAC_CTX_new()
++{
++    HMAC_CTX *ctx = (HMAC_CTX *) OPENSSL_malloc(sizeof(HMAC_CTX));
++    if (ctx)
++        HMAC_CTX_init(ctx);
++    return ctx;
++}
++
++static void HMAC_CTX_free(HMAC_CTX *ctx)
++{
++    if (!ctx)
++        return;
++    HMAC_CTX_cleanup(ctx);
++    EVP_MD_CTX_cleanup(&ctx->i_ctx);
++    EVP_MD_CTX_cleanup(&ctx->o_ctx);
++    EVP_MD_CTX_cleanup(&ctx->md_ctx);
++    OPENSSL_free(ctx);
++}
++
++#define ASN1_STRING_get0_data(...) (const unsigned char*)ASN1_STRING_data(__VA_ARGS__)
++
++#define EVP_MD_CTX_new(...) EVP_MD_CTX_create(__VA_ARGS__)
++#define EVP_MD_CTX_free(...) EVP_MD_CTX_destroy(__VA_ARGS__)
++
++#define EVP_PKEY_up_ref(pkey) CRYPTO_add(&(pkey)->references, 1, CRYPTO_LOCK_EVP_PKEY)
++#define X509_up_ref(cert) CRYPTO_add(&(cert)->references, 1, CRYPTO_LOCK_X509)
++#define X509_CRL_up_ref(crl) CRYPTO_add(&(crl)->references, 1, CRYPTO_LOCK_X509_CRL)
++
++#define EVP_PKEY_id(pky) (pky)->type
++#define EVP_PKEY_get0_DSA(pky) (pky)->pkey.dsa
++#define EVP_PKEY_get0_RSA(pky) (pky)->pkey.rsa
++#define EVP_PKEY_get0_DH(pky) (pky)->pkey.dh
++
++#define X509_CRL_get0_lastUpdate X509_CRL_get_lastUpdate
++#define X509_CRL_get0_nextUpdate X509_CRL_get_nextUpdate
++
++#define X509_REQ_get_signature_nid(req) OBJ_obj2nid((req)->sig_alg->algorithm)
++#define X509_CRL_get_signature_nid(crl) OBJ_obj2nid((crl)->sig_alg->algorithm)
++
++#define X509_REVOKED_get0_serialNumber(rev) (rev)->serialNumber
++#define X509_REVOKED_get0_revocationDate(rev) (rev)->revocationDate
++
++#endif // OPENSSL_VERSION_NUMBER < 0x10100000L
++
++#endif // OSSL110COMPAT_H
+diff --git a/plugins/qca-ossl/qca-ossl.cpp b/plugins/qca-ossl/qca-ossl.cpp
+index a507604..39dbc2b 100644
+--- a/plugins/qca-ossl/qca-ossl.cpp
++++ b/plugins/qca-ossl/qca-ossl.cpp
+@@ -2,6 +2,7 @@
+ /*
+  * Copyright (C) 2004-2007  Justin Karneges <justin@affinix.com>
+  * Copyright (C) 2004-2006  Brad Hards <bradh@frogmouth.net>
++ * Copyright (C) 2017       Fabian Vogt <fabian@ritter-vogt.de>
+  *
+  * This library is free software; you can redistribute it and/or
+  * modify it under the terms of the GNU Lesser General Public
+@@ -39,6 +40,8 @@
+ #include <openssl/pkcs12.h>
+ #include <openssl/ssl.h>
+ 
++#include "ossl110-compat.h"
++
+ #ifndef OSSL_097
+ // comment this out if you'd rather use openssl 0.9.6
+ #define OSSL_097
+@@ -53,6 +56,16 @@
+ 	((_STACK*) (1 ? p : (type*)0))
+ #endif
+ 
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++    #define OSSL_110
++#endif
++
++// OpenSSL 1.1.0 compatibility macros
++#ifdef OSSL_110
++#define M_ASN1_IA5STRING_new() ASN1_IA5STRING_new()
++#define RSA_F_RSA_EAY_PRIVATE_DECRYPT RSA_F_RSA_OSSL_PRIVATE_DECRYPT
++#endif
++
+ using namespace QCA;
+ 
+ namespace opensslQCAPlugin {
+@@ -94,7 +107,7 @@ static QByteArray bio2ba(BIO *b)
+ 	return buf;
+ }
+ 
+-static BigInteger bn2bi(BIGNUM *n)
++static BigInteger bn2bi(const BIGNUM *n)
+ {
+ 	SecureArray buf(BN_num_bytes(n) + 1);
+ 	buf[0] = 0; // positive
+@@ -110,7 +123,7 @@ static BIGNUM *bi2bn(const BigInteger &n)
+ 
+ // take lowest bytes of BIGNUM to fit
+ // pad with high byte zeroes to fit
+-static SecureArray bn2fixedbuf(BIGNUM *n, int size)
++static SecureArray bn2fixedbuf(const BIGNUM *n, int size)
+ {
+ 	SecureArray buf(BN_num_bytes(n));
+ 	BN_bn2bin(n, (unsigned char *)buf.data());
+@@ -128,8 +141,11 @@ static SecureArray dsasig_der_to_raw(const SecureArray &in)
+ 	const unsigned char *inp = (const unsigned char *)in.data();
+ 	d2i_DSA_SIG(&sig, &inp, in.size());
+ 
+-	SecureArray part_r = bn2fixedbuf(sig->r, 20);
+-	SecureArray part_s = bn2fixedbuf(sig->s, 20);
++	const BIGNUM *bnr, *bns;
++	DSA_SIG_get0(sig, &bnr, &bns);
++
++	SecureArray part_r = bn2fixedbuf(bnr, 20);
++	SecureArray part_s = bn2fixedbuf(bns, 20);
+ 	SecureArray result;
+ 	result.append(part_r);
+ 	result.append(part_s);
+@@ -144,12 +160,16 @@ static SecureArray dsasig_raw_to_der(const SecureArray &in)
+ 		return SecureArray();
+ 
+ 	DSA_SIG *sig = DSA_SIG_new();
+-	SecureArray part_r(20);
+-	SecureArray part_s(20);
++	SecureArray part_r(20); BIGNUM *bnr;
++	SecureArray part_s(20); BIGNUM *bns;
+ 	memcpy(part_r.data(), in.data(), 20);
+ 	memcpy(part_s.data(), in.data() + 20, 20);
+-	sig->r = BN_bin2bn((const unsigned char *)part_r.data(), part_r.size(), NULL);
+-	sig->s = BN_bin2bn((const unsigned char *)part_s.data(), part_s.size(), NULL);
++	bnr = BN_bin2bn((const unsigned char *)part_r.data(), part_r.size(), NULL);
++	bns = BN_bin2bn((const unsigned char *)part_s.data(), part_s.size(), NULL);
++
++	if(DSA_SIG_set0(sig, bnr, bns) == 0)
++		return SecureArray();
++	// Not documented what happens in the failure case, free bnr and bns?
+ 
+ 	int len = i2d_DSA_SIG(sig, NULL);
+ 	SecureArray result(len);
+@@ -1005,29 +1025,39 @@ public:
+ 	opensslHashContext(const EVP_MD *algorithm, Provider *p, const QString &type) : HashContext(p, type)
+ 	{
+ 		m_algorithm = algorithm;
+-		EVP_DigestInit( &m_context, m_algorithm );
++		m_context = EVP_MD_CTX_new();
++		EVP_DigestInit( m_context, m_algorithm );
++	}
++
++	opensslHashContext(const opensslHashContext &other)
++	    : HashContext(other)
++	{
++		m_algorithm = other.m_algorithm;
++		m_context = EVP_MD_CTX_new();
++		EVP_MD_CTX_copy_ex(m_context, other.m_context);
+ 	}
+ 
+ 	~opensslHashContext()
+ 	{
+-		EVP_MD_CTX_cleanup(&m_context);
++		EVP_MD_CTX_free(m_context);
+ 	}
+ 
+ 	void clear()
+ 	{
+-		EVP_MD_CTX_cleanup(&m_context);
+-		EVP_DigestInit( &m_context, m_algorithm );
++		EVP_MD_CTX_free(m_context);
++		m_context = EVP_MD_CTX_new();
++		EVP_DigestInit( m_context, m_algorithm );
+ 	}
+ 
+ 	void update(const MemoryRegion &a)
+ 	{
+-		EVP_DigestUpdate( &m_context, (unsigned char*)a.data(), a.size() );
++		EVP_DigestUpdate( m_context, (unsigned char*)a.data(), a.size() );
+ 	}
+ 
+ 	MemoryRegion final()
+ 	{
+ 		SecureArray a( EVP_MD_size( m_algorithm ) );
+-		EVP_DigestFinal( &m_context, (unsigned char*)a.data(), 0 );
++		EVP_DigestFinal( m_context, (unsigned char*)a.data(), 0 );
+ 		return a;
+ 	}
+ 
+@@ -1038,7 +1068,7 @@ public:
+ 
+ protected:
+ 	const EVP_MD *m_algorithm;
+-	EVP_MD_CTX m_context;
++	EVP_MD_CTX *m_context;
+ };
+ 
+ 
+@@ -1048,7 +1078,21 @@ public:
+ 	opensslPbkdf1Context(const EVP_MD *algorithm, Provider *p, const QString &type) : KDFContext(p, type)
+ 	{
+ 		m_algorithm = algorithm;
+-		EVP_DigestInit( &m_context, m_algorithm );
++		m_context = EVP_MD_CTX_new();
++		EVP_DigestInit( m_context, m_algorithm );
++	}
++
++	opensslPbkdf1Context(const opensslPbkdf1Context &other)
++	    : KDFContext(other)
++	{
++		m_algorithm = other.m_algorithm;
++		m_context = EVP_MD_CTX_new();
++		EVP_MD_CTX_copy(m_context, other.m_context);
++	}
++
++	~opensslPbkdf1Context()
++	{
++		EVP_MD_CTX_free(m_context);
+ 	}
+ 
+ 	Provider::Context *clone() const
+@@ -1082,16 +1126,16 @@ public:
+ 		  DK = Tc<0..dkLen-1>
+ 		*/
+ 		// calculate T_1
+-		EVP_DigestUpdate( &m_context, (unsigned char*)secret.data(), secret.size() );
+-		EVP_DigestUpdate( &m_context, (unsigned char*)salt.data(), salt.size() );
++		EVP_DigestUpdate( m_context, (unsigned char*)secret.data(), secret.size() );
++		EVP_DigestUpdate( m_context, (unsigned char*)salt.data(), salt.size() );
+ 		SecureArray a( EVP_MD_size( m_algorithm ) );
+-		EVP_DigestFinal( &m_context, (unsigned char*)a.data(), 0 );
++		EVP_DigestFinal( m_context, (unsigned char*)a.data(), 0 );
+ 
+ 		// calculate T_2 up to T_c
+ 		for ( unsigned int i = 2; i <= iterationCount; ++i ) {
+-			EVP_DigestInit( &m_context, m_algorithm );
+-			EVP_DigestUpdate( &m_context, (unsigned char*)a.data(), a.size() );
+-			EVP_DigestFinal( &m_context, (unsigned char*)a.data(), 0 );
++			EVP_DigestInit( m_context, m_algorithm );
++			EVP_DigestUpdate( m_context, (unsigned char*)a.data(), a.size() );
++			EVP_DigestFinal( m_context, (unsigned char*)a.data(), 0 );
+ 		}
+ 
+ 		// shrink a to become DK, of the required length
+@@ -1137,19 +1181,19 @@ public:
+ 		  DK = Tc<0..dkLen-1>
+ 		*/
+ 		// calculate T_1
+-		EVP_DigestUpdate( &m_context, (unsigned char*)secret.data(), secret.size() );
+-		EVP_DigestUpdate( &m_context, (unsigned char*)salt.data(), salt.size() );
++		EVP_DigestUpdate( m_context, (unsigned char*)secret.data(), secret.size() );
++		EVP_DigestUpdate( m_context, (unsigned char*)salt.data(), salt.size() );
+ 		SecureArray a( EVP_MD_size( m_algorithm ) );
+-		EVP_DigestFinal( &m_context, (unsigned char*)a.data(), 0 );
++		EVP_DigestFinal( m_context, (unsigned char*)a.data(), 0 );
+ 
+ 		// calculate T_2 up to T_c
+ 		*iterationCount = 2 - 1;	// <- Have to remove 1, unless it computes one
+ 		timer.start();				// ^  time more than the base function
+ 									// ^  with the same iterationCount
+ 		while (timer.elapsed() < msecInterval) {
+-			EVP_DigestInit( &m_context, m_algorithm );
+-			EVP_DigestUpdate( &m_context, (unsigned char*)a.data(), a.size() );
+-			EVP_DigestFinal( &m_context, (unsigned char*)a.data(), 0 );
++			EVP_DigestInit( m_context, m_algorithm );
++			EVP_DigestUpdate( m_context, (unsigned char*)a.data(), a.size() );
++			EVP_DigestFinal( m_context, (unsigned char*)a.data(), 0 );
+ 			++(*iterationCount);
+ 		}
+ 
+@@ -1164,7 +1208,7 @@ public:
+ 
+ protected:
+ 	const EVP_MD *m_algorithm;
+-	EVP_MD_CTX m_context;
++	EVP_MD_CTX *m_context;
+ };
+ 
+ class opensslPbkdf2Context : public KDFContext
+@@ -1232,12 +1276,28 @@ public:
+ 	opensslHMACContext(const EVP_MD *algorithm, Provider *p, const QString &type) : MACContext(p, type)
+ 	{
+ 		m_algorithm = algorithm;
+-		HMAC_CTX_init( &m_context );
++		m_context = HMAC_CTX_new();
++#ifndef OSSL_110
++		HMAC_CTX_init( m_context );
++#endif
++	}
++
++	opensslHMACContext(const opensslHMACContext &other)
++	    : MACContext(other)
++	{
++		m_algorithm = other.m_algorithm;
++		m_context = HMAC_CTX_new();
++		HMAC_CTX_copy(m_context, other.m_context);
++	}
++
++	~opensslHMACContext()
++	{
++		HMAC_CTX_free(m_context);
+ 	}
+ 
+ 	void setup(const SymmetricKey &key)
+ 	{
+-		HMAC_Init_ex( &m_context, key.data(), key.size(), m_algorithm, 0 );
++		HMAC_Init_ex( m_context, key.data(), key.size(), m_algorithm, 0 );
+ 	}
+ 
+ 	KeyLength keyLength() const
+@@ -1247,14 +1307,18 @@ public:
+ 
+ 	void update(const MemoryRegion &a)
+ 	{
+-		HMAC_Update( &m_context, (unsigned char *)a.data(), a.size() );
++		HMAC_Update( m_context, (unsigned char *)a.data(), a.size() );
+ 	}
+ 
+ 	void final(MemoryRegion *out)
+ 	{
+ 		SecureArray sa( EVP_MD_size( m_algorithm ), 0 );
+-		HMAC_Final(&m_context, (unsigned char *)sa.data(), 0 );
+-		HMAC_CTX_cleanup(&m_context);
++		HMAC_Final(m_context, (unsigned char *)sa.data(), 0 );
++#ifdef OSSL_110
++		HMAC_CTX_reset(m_context);
++#else
++		HMAC_CTX_cleanup(m_context);
++#endif
+ 		*out = sa;
+ 	}
+ 
+@@ -1264,7 +1328,7 @@ public:
+ 	}
+ 
+ protected:
+-	HMAC_CTX m_context;
++	HMAC_CTX *m_context;
+ 	const EVP_MD *m_algorithm;
+ };
+ 
+@@ -1278,7 +1342,7 @@ class EVPKey
+ public:
+ 	enum State { Idle, SignActive, SignError, VerifyActive, VerifyError };
+ 	EVP_PKEY *pkey;
+-	EVP_MD_CTX mdctx;
++	EVP_MD_CTX *mdctx;
+ 	State state;
+ 	bool raw_type;
+ 	SecureArray raw;
+@@ -1288,19 +1352,23 @@ public:
+ 		pkey = 0;
+ 		raw_type = false;
+ 		state = Idle;
++		mdctx = EVP_MD_CTX_new();
+ 	}
+ 
+ 	EVPKey(const EVPKey &from)
+ 	{
+ 		pkey = from.pkey;
+-		CRYPTO_add(&pkey->references, 1, CRYPTO_LOCK_EVP_PKEY);
++		EVP_PKEY_up_ref(pkey);
+ 		raw_type = false;
+ 		state = Idle;
++		mdctx = EVP_MD_CTX_new();
++		EVP_MD_CTX_copy(mdctx, from.mdctx);
+ 	}
+ 
+ 	~EVPKey()
+ 	{
+ 		reset();
++		EVP_MD_CTX_free(mdctx);
+ 	}
+ 
+ 	void reset()
+@@ -1323,8 +1391,8 @@ public:
+ 		else
+ 		{
+ 			raw_type = false;
+-			EVP_MD_CTX_init(&mdctx);
+-			if(!EVP_SignInit_ex(&mdctx, type, NULL))
++			EVP_MD_CTX_init(mdctx);
++			if(!EVP_SignInit_ex(mdctx, type, NULL))
+ 				state = SignError;
+ 		}
+ 	}
+@@ -1340,8 +1408,8 @@ public:
+ 		else
+ 		{
+ 			raw_type = false;
+-			EVP_MD_CTX_init(&mdctx);
+-			if(!EVP_VerifyInit_ex(&mdctx, type, NULL))
++			EVP_MD_CTX_init(mdctx);
++			if(!EVP_VerifyInit_ex(mdctx, type, NULL))
+ 				state = VerifyError;
+ 		}
+ 	}
+@@ -1353,7 +1421,7 @@ public:
+ 			if (raw_type)
+ 				raw += in;
+ 			else
+-				if(!EVP_SignUpdate(&mdctx, in.data(), (unsigned int)in.size()))
++				if(!EVP_SignUpdate(mdctx, in.data(), (unsigned int)in.size()))
+ 					state = SignError;
+ 		}
+ 		else if(state == VerifyActive)
+@@ -1361,7 +1429,7 @@ public:
+ 			if (raw_type)
+ 				raw += in;
+ 			else
+-				if(!EVP_VerifyUpdate(&mdctx, in.data(), (unsigned int)in.size()))
++				if(!EVP_VerifyUpdate(mdctx, in.data(), (unsigned int)in.size()))
+ 					state = VerifyError;
+ 		}
+ 	}
+@@ -1374,17 +1442,20 @@ public:
+ 			unsigned int len = out.size();
+ 			if (raw_type)
+ 			{
+-				if (pkey->type == EVP_PKEY_RSA)
++				int type = EVP_PKEY_id(pkey);
++
++				if (type == EVP_PKEY_RSA)
+ 				{
++					RSA *rsa = EVP_PKEY_get0_RSA(pkey);
+ 					if(RSA_private_encrypt (raw.size(), (unsigned char *)raw.data(),
+-											(unsigned char *)out.data(), pkey->pkey.rsa,
++					                        (unsigned char *)out.data(), rsa,
+ 											RSA_PKCS1_PADDING) == -1) {
+ 
+ 						state = SignError;
+ 						return SecureArray ();
+ 					}
+ 				}
+-				else if (pkey->type == EVP_PKEY_DSA)
++				else if (type == EVP_PKEY_DSA)
+ 				{
+ 					state = SignError;
+ 					return SecureArray ();
+@@ -1396,7 +1467,7 @@ public:
+ 				}
+ 			}
+ 			else {
+-				if(!EVP_SignFinal(&mdctx, (unsigned char *)out.data(), &len, pkey))
++				if(!EVP_SignFinal(mdctx, (unsigned char *)out.data(), &len, pkey))
+ 				{
+ 					state = SignError;
+ 					return SecureArray();
+@@ -1419,16 +1490,19 @@ public:
+ 				SecureArray out(EVP_PKEY_size(pkey));
+ 				int len = 0;
+ 
+-				if (pkey->type == EVP_PKEY_RSA) {
++				int type = EVP_PKEY_id(pkey);
++
++				if (type == EVP_PKEY_RSA) {
++					RSA *rsa = EVP_PKEY_get0_RSA(pkey);
+ 					if((len = RSA_public_decrypt (sig.size(), (unsigned char *)sig.data(),
+-												  (unsigned char *)out.data (), pkey->pkey.rsa,
++					                                (unsigned char *)out.data (), rsa,
+ 												  RSA_PKCS1_PADDING)) == -1) {
+ 
+ 						state = VerifyError;
+ 						return false;
+ 					}
+ 				}
+-				else if (pkey->type == EVP_PKEY_DSA)
++				else if (type == EVP_PKEY_DSA)
+ 				{
+ 					state = VerifyError;
+ 					return false;
+@@ -1448,7 +1522,7 @@ public:
+ 			}
+ 			else
+ 			{
+-				if(EVP_VerifyFinal(&mdctx, (unsigned char *)sig.data(), (unsigned int)sig.size(), pkey) != 1)
++				if(EVP_VerifyFinal(mdctx, (unsigned char *)sig.data(), (unsigned int)sig.size(), pkey) != 1)
+ 				{
+ 					state = VerifyError;
+ 					return false;
+@@ -1562,9 +1636,11 @@ static bool make_dlgroup(const QByteArray &seed, int bits, int counter, DLParams
+ 		return false;
+ 	if(ret_counter != counter)
+ 		return false;
+-	params->p = bn2bi(dsa->p);
+-	params->q = bn2bi(dsa->q);
+-	params->g = bn2bi(dsa->g);
++	const BIGNUM *bnp, *bnq, *bng;
++	DSA_get0_pqg(dsa, &bnp, &bnq, &bng);
++	params->p = bn2bi(bnp);
++	params->q = bn2bi(bnq);
++	params->g = bn2bi(bng);
+ 	DSA_free(dsa);
+ 	return true;
+ }
+@@ -1827,10 +1903,11 @@ public:
+ 			return;
+ 
+ 		// extract the public key into DER format
+-		int len = i2d_RSAPublicKey(evp.pkey->pkey.rsa, NULL);
++		RSA *rsa_pkey = EVP_PKEY_get0_RSA(evp.pkey);
++		int len = i2d_RSAPublicKey(rsa_pkey, NULL);
+ 		SecureArray result(len);
+ 		unsigned char *p = (unsigned char *)result.data();
+-		i2d_RSAPublicKey(evp.pkey->pkey.rsa, &p);
++		i2d_RSAPublicKey(rsa_pkey, &p);
+ 		p = (unsigned char *)result.data();
+ 
+ 		// put the DER public key back into openssl
+@@ -1853,7 +1930,7 @@ public:
+ 
+ 	virtual int maximumEncryptSize(EncryptionAlgorithm alg) const
+ 	{
+-		RSA *rsa = evp.pkey->pkey.rsa;
++		RSA *rsa = EVP_PKEY_get0_RSA(evp.pkey);
+ 		int size = 0;
+ 		switch(alg)
+ 		{
+@@ -1868,7 +1945,7 @@ public:
+ 
+ 	virtual SecureArray encrypt(const SecureArray &in, EncryptionAlgorithm alg)
+ 	{
+-		RSA *rsa = evp.pkey->pkey.rsa;
++		RSA *rsa = EVP_PKEY_get0_RSA(evp.pkey);
+ 		SecureArray buf = in;
+ 		int max = maximumEncryptSize(alg);
+ 
+@@ -1901,7 +1978,7 @@ public:
+ 
+ 	virtual bool decrypt(const SecureArray &in, SecureArray *out, EncryptionAlgorithm alg)
+ 	{
+-		RSA *rsa = evp.pkey->pkey.rsa;
++		RSA *rsa = EVP_PKEY_get0_RSA(evp.pkey);
+ 		SecureArray result(RSA_size(rsa));
+ 		int pad;
+ 
+@@ -2022,14 +2099,10 @@ public:
+ 		evp.reset();
+ 
+ 		RSA *rsa = RSA_new();
+-		rsa->n = bi2bn(n);
+-		rsa->e = bi2bn(e);
+-		rsa->p = bi2bn(p);
+-		rsa->q = bi2bn(q);
+-		rsa->d = bi2bn(d);
+-
+-		if(!rsa->n || !rsa->e || !rsa->p || !rsa->q || !rsa->d)
++		if(RSA_set0_key(rsa, bi2bn(n), bi2bn(e), bi2bn(d)) == 0
++		    || RSA_set0_factors(rsa, bi2bn(p), bi2bn(q)) == 0)
+ 		{
++			// Free BIGNUMS?
+ 			RSA_free(rsa);
+ 			return;
+ 		}
+@@ -2037,7 +2110,7 @@ public:
+ 		// When private key has no Public Exponent (e) or Private Exponent (d)
+ 		// need to disable blinding. Otherwise decryption will be broken.
+ 		// http://www.mail-archive.com/openssl-users@openssl.org/msg63530.html
+-		if(BN_is_zero(rsa->e) || BN_is_zero(rsa->d))
++		if(e == BigInteger(0) || d == BigInteger(0))
+ 			RSA_blinding_off(rsa);
+ 
+ 		evp.pkey = EVP_PKEY_new();
+@@ -2050,10 +2123,7 @@ public:
+ 		evp.reset();
+ 
+ 		RSA *rsa = RSA_new();
+-		rsa->n = bi2bn(n);
+-		rsa->e = bi2bn(e);
+-
+-		if(!rsa->n || !rsa->e)
++		if(RSA_set0_key(rsa, bi2bn(n), bi2bn(e), NULL) == 0)
+ 		{
+ 			RSA_free(rsa);
+ 			return;
+@@ -2066,27 +2136,42 @@ public:
+ 
+ 	virtual BigInteger n() const
+ 	{
+-		return bn2bi(evp.pkey->pkey.rsa->n);
++		RSA *rsa = EVP_PKEY_get0_RSA(evp.pkey);
++		const BIGNUM *bnn;
++		RSA_get0_key(rsa, &bnn, NULL, NULL);
++		return bn2bi(bnn);
+ 	}
+ 
+ 	virtual BigInteger e() const
+ 	{
+-		return bn2bi(evp.pkey->pkey.rsa->e);
++		RSA *rsa = EVP_PKEY_get0_RSA(evp.pkey);
++		const BIGNUM *bne;
++		RSA_get0_key(rsa, NULL, &bne, NULL);
++		return bn2bi(bne);
+ 	}
+ 
+ 	virtual BigInteger p() const
+ 	{
+-		return bn2bi(evp.pkey->pkey.rsa->p);
++		RSA *rsa = EVP_PKEY_get0_RSA(evp.pkey);
++		const BIGNUM *bnp;
++		RSA_get0_factors(rsa, &bnp, NULL);
++		return bn2bi(bnp);
+ 	}
+ 
+ 	virtual BigInteger q() const
+ 	{
+-		return bn2bi(evp.pkey->pkey.rsa->q);
++		RSA *rsa = EVP_PKEY_get0_RSA(evp.pkey);
++		const BIGNUM *bnq;
++		RSA_get0_factors(rsa, NULL, &bnq);
++		return bn2bi(bnq);
+ 	}
+ 
+ 	virtual BigInteger d() const
+ 	{
+-		return bn2bi(evp.pkey->pkey.rsa->d);
++		RSA *rsa = EVP_PKEY_get0_RSA(evp.pkey);
++		const BIGNUM *bnd;
++		RSA_get0_key(rsa, NULL, NULL, &bnd);
++		return bn2bi(bnd);
+ 	}
+ 
+ private slots:
+@@ -2135,10 +2220,12 @@ public:
+ 	virtual void run()
+ 	{
+ 		DSA *dsa = DSA_new();
+-		dsa->p = bi2bn(domain.p());
+-		dsa->q = bi2bn(domain.q());
+-		dsa->g = bi2bn(domain.g());
+-		if(!DSA_generate_key(dsa))
++		BIGNUM *pne = bi2bn(domain.p()),
++		*qne = bi2bn(domain.q()),
++		*gne = bi2bn(domain.g());
++
++		if(!DSA_set0_pqg(dsa, pne, qne, gne)
++		    || !DSA_generate_key(dsa))
+ 		{
+ 			DSA_free(dsa);
+ 			return;
+@@ -2213,10 +2300,11 @@ public:
+ 			return;
+ 
+ 		// extract the public key into DER format
+-		int len = i2d_DSAPublicKey(evp.pkey->pkey.dsa, NULL);
++		DSA *dsa_pkey = EVP_PKEY_get0_DSA(evp.pkey);
++		int len = i2d_DSAPublicKey(dsa_pkey, NULL);
+ 		SecureArray result(len);
+ 		unsigned char *p = (unsigned char *)result.data();
+-		i2d_DSAPublicKey(evp.pkey->pkey.dsa, &p);
++		i2d_DSAPublicKey(dsa_pkey, &p);
+ 		p = (unsigned char *)result.data();
+ 
+ 		// put the DER public key back into openssl
+@@ -2245,7 +2333,7 @@ public:
+ 		else
+ 			transformsig = false;
+ 
+-		evp.startSign(EVP_dss1());
++		evp.startSign(EVP_sha1());
+ 	}
+ 
+ 	virtual void startVerify(SignatureAlgorithm, SignatureFormat format)
+@@ -2256,7 +2344,7 @@ public:
+ 		else
+ 			transformsig = false;
+ 
+-		evp.startVerify(EVP_dss1());
++		evp.startVerify(EVP_sha1());
+ 	}
+ 
+ 	virtual void update(const MemoryRegion &in)
+@@ -2306,13 +2394,14 @@ public:
+ 		evp.reset();
+ 
+ 		DSA *dsa = DSA_new();
+-		dsa->p = bi2bn(domain.p());
+-		dsa->q = bi2bn(domain.q());
+-		dsa->g = bi2bn(domain.g());
+-		dsa->pub_key = bi2bn(y);
+-		dsa->priv_key = bi2bn(x);
++		BIGNUM *bnp = bi2bn(domain.p());
++		BIGNUM *bnq = bi2bn(domain.q());
++		BIGNUM *bng = bi2bn(domain.g());
++		BIGNUM *bnpub_key = bi2bn(y);
++		BIGNUM *bnpriv_key = bi2bn(x);
+ 
+-		if(!dsa->p || !dsa->q || !dsa->g || !dsa->pub_key || !dsa->priv_key)
++		if(!DSA_set0_pqg(dsa, bnp, bnq, bng)
++		    || !DSA_set0_key(dsa, bnpub_key, bnpriv_key))
+ 		{
+ 			DSA_free(dsa);
+ 			return;
+@@ -2328,12 +2417,13 @@ public:
+ 		evp.reset();
+ 
+ 		DSA *dsa = DSA_new();
+-		dsa->p = bi2bn(domain.p());
+-		dsa->q = bi2bn(domain.q());
+-		dsa->g = bi2bn(domain.g());
+-		dsa->pub_key = bi2bn(y);
++		BIGNUM *bnp = bi2bn(domain.p());
++		BIGNUM *bnq = bi2bn(domain.q());
++		BIGNUM *bng = bi2bn(domain.g());
++		BIGNUM *bnpub_key = bi2bn(y);
+ 
+-		if(!dsa->p || !dsa->q || !dsa->g || !dsa->pub_key)
++		if(!DSA_set0_pqg(dsa, bnp, bnq, bng)
++		    || !DSA_set0_key(dsa, bnpub_key, NULL))
+ 		{
+ 			DSA_free(dsa);
+ 			return;
+@@ -2346,17 +2436,26 @@ public:
+ 
+ 	virtual DLGroup domain() const
+ 	{
+-		return DLGroup(bn2bi(evp.pkey->pkey.dsa->p), bn2bi(evp.pkey->pkey.dsa->q), bn2bi(evp.pkey->pkey.dsa->g));
++		DSA *dsa = EVP_PKEY_get0_DSA(evp.pkey);
++		const BIGNUM *bnp, *bnq, *bng;
++		DSA_get0_pqg(dsa, &bnp, &bnq, &bng);
++		return DLGroup(bn2bi(bnp), bn2bi(bnq), bn2bi(bng));
+ 	}
+ 
+ 	virtual BigInteger y() const
+ 	{
+-		return bn2bi(evp.pkey->pkey.dsa->pub_key);
++		DSA *dsa = EVP_PKEY_get0_DSA(evp.pkey);
++		const BIGNUM *bnpub_key;
++		DSA_get0_key(dsa, &bnpub_key, NULL);
++		return bn2bi(bnpub_key);
+ 	}
+ 
+ 	virtual BigInteger x() const
+ 	{
+-		return bn2bi(evp.pkey->pkey.dsa->priv_key);
++		DSA *dsa = EVP_PKEY_get0_DSA(evp.pkey);
++		const BIGNUM *bnpriv_key;
++		DSA_get0_key(dsa, NULL, &bnpriv_key);
++		return bn2bi(bnpriv_key);
+ 	}
+ 
+ private slots:
+@@ -2405,9 +2504,10 @@ public:
+ 	virtual void run()
+ 	{
+ 		DH *dh = DH_new();
+-		dh->p = bi2bn(domain.p());
+-		dh->g = bi2bn(domain.g());
+-		if(!DH_generate_key(dh))
++		BIGNUM *bnp = bi2bn(domain.p());
++		BIGNUM *bng = bi2bn(domain.g());
++		if(!DH_set0_pqg(dh, bnp, NULL, bng)
++		        || !DH_generate_key(dh))
+ 		{
+ 			DH_free(dh);
+ 			return;
+@@ -2479,11 +2579,14 @@ public:
+ 		if(!sec)
+ 			return;
+ 
+-		DH *orig = evp.pkey->pkey.dh;
++		DH *orig = EVP_PKEY_get0_DH(evp.pkey);
+ 		DH *dh = DH_new();
+-		dh->p = BN_dup(orig->p);
+-		dh->g = BN_dup(orig->g);
+-		dh->pub_key = BN_dup(orig->pub_key);
++		const BIGNUM *bnp, *bng, *bnpub_key;
++		DH_get0_pqg(orig, &bnp, NULL, &bng);
++		DH_get0_key(orig, &bnpub_key, NULL);
++
++		DH_set0_key(dh, BN_dup(bnpub_key), NULL);
++		DH_set0_pqg(dh, BN_dup(bnp), NULL, BN_dup(bng));
+ 
+ 		evp.reset();
+ 
+@@ -2499,10 +2602,13 @@ public:
+ 
+ 	virtual SymmetricKey deriveKey(const PKeyBase &theirs)
+ 	{
+-		DH *dh = evp.pkey->pkey.dh;
+-		DH *them = static_cast<const DHKey *>(&theirs)->evp.pkey->pkey.dh;
++		DH *dh = EVP_PKEY_get0_DH(evp.pkey);
++		DH *them = EVP_PKEY_get0_DH(static_cast<const DHKey *>(&theirs)->evp.pkey);
++		const BIGNUM *bnpub_key;
++		DH_get0_key(them, &bnpub_key, NULL);
++
+ 		SecureArray result(DH_size(dh));
+-		int ret = DH_compute_key((unsigned char *)result.data(), them->pub_key, dh);
++		int ret = DH_compute_key((unsigned char *)result.data(), bnpub_key, dh);
+ 		if(ret <= 0)
+ 			return SymmetricKey();
+ 		result.resize(ret);
+@@ -2532,12 +2638,13 @@ public:
+ 		evp.reset();
+ 
+ 		DH *dh = DH_new();
+-		dh->p = bi2bn(domain.p());
+-		dh->g = bi2bn(domain.g());
+-		dh->pub_key = bi2bn(y);
+-		dh->priv_key = bi2bn(x);
++		BIGNUM *bnp = bi2bn(domain.p());
++		BIGNUM *bng = bi2bn(domain.g());
++		BIGNUM *bnpub_key = bi2bn(y);
++		BIGNUM *bnpriv_key = bi2bn(x);
+ 
+-		if(!dh->p || !dh->g || !dh->pub_key || !dh->priv_key)
++		if(!DH_set0_key(dh, bnpub_key, bnpriv_key)
++		    || !DH_set0_pqg(dh, bnp, NULL, bng))
+ 		{
+ 			DH_free(dh);
+ 			return;
+@@ -2553,11 +2660,12 @@ public:
+ 		evp.reset();
+ 
+ 		DH *dh = DH_new();
+-		dh->p = bi2bn(domain.p());
+-		dh->g = bi2bn(domain.g());
+-		dh->pub_key = bi2bn(y);
++		BIGNUM *bnp = bi2bn(domain.p());
++		BIGNUM *bng = bi2bn(domain.g());
++		BIGNUM *bnpub_key = bi2bn(y);
+ 
+-		if(!dh->p || !dh->g || !dh->pub_key)
++        if(!DH_set0_key(dh, bnpub_key, NULL)
++                || !DH_set0_pqg(dh, bnp, NULL, bng))
+ 		{
+ 			DH_free(dh);
+ 			return;
+@@ -2570,17 +2678,26 @@ public:
+ 
+ 	virtual DLGroup domain() const
+ 	{
+-		return DLGroup(bn2bi(evp.pkey->pkey.dh->p), bn2bi(evp.pkey->pkey.dh->g));
++		DH *dh = EVP_PKEY_get0_DH(evp.pkey);
++		const BIGNUM *bnp, *bng;
++		DH_get0_pqg(dh, &bnp, NULL, &bng);
++		return DLGroup(bn2bi(bnp), bn2bi(bng));
+ 	}
+ 
+ 	virtual BigInteger y() const
+ 	{
+-		return bn2bi(evp.pkey->pkey.dh->pub_key);
++		DH *dh = EVP_PKEY_get0_DH(evp.pkey);
++		const BIGNUM *bnpub_key;
++		DH_get0_key(dh, &bnpub_key, NULL);
++		return bn2bi(bnpub_key);
+ 	}
+ 
+ 	virtual BigInteger x() const
+ 	{
+-		return bn2bi(evp.pkey->pkey.dh->priv_key);
++		DH *dh = EVP_PKEY_get0_DH(evp.pkey);
++		const BIGNUM *bnpriv_key;
++		DH_get0_key(dh, NULL, &bnpriv_key);
++		return bn2bi(bnpriv_key);
+ 	}
+ 
+ private slots:
+@@ -2619,10 +2736,14 @@ public:
+ 	{
+ 		key = _key;
+ 		RSA_set_method(rsa, rsa_method());
++#ifndef OSSL_110
+ 		rsa->flags |= RSA_FLAG_SIGN_VER;
++#endif
+ 		RSA_set_app_data(rsa, this);
+-		rsa->n = bi2bn(_key.n());
+-		rsa->e = bi2bn(_key.e());
++		BIGNUM *bnn = bi2bn(_key.n());
++		BIGNUM *bne = bi2bn(_key.e());
++
++		RSA_set0_key(rsa, bnn, bne, NULL);
+ 	}
+ 
+ 	RSA_METHOD *rsa_method()
+@@ -2631,12 +2752,16 @@ public:
+ 
+ 		if(!ops)
+ 		{
+-			ops = new RSA_METHOD(*RSA_get_default_method());
+-			ops->rsa_priv_enc = 0;//pkcs11_rsa_encrypt;
+-			ops->rsa_priv_dec = rsa_priv_dec;
+-			ops->rsa_sign = rsa_sign;
+-			ops->rsa_verify = 0;//pkcs11_rsa_verify;
+-			ops->finish = rsa_finish;
++			ops = RSA_meth_dup(RSA_get_default_method());
++			RSA_meth_set_priv_enc(ops, NULL); //pkcs11_rsa_encrypt
++			RSA_meth_set_priv_dec(ops, rsa_priv_dec); //pkcs11_rsa_encrypt
++#ifdef OSSL_110
++			RSA_meth_set_sign(ops, NULL);
++#else
++			RSA_meth_set_sign(ops, rsa_sign);
++#endif
++			RSA_meth_set_verify(ops, NULL); //pkcs11_rsa_verify
++			RSA_meth_set_finish(ops, rsa_finish);
+ 		}
+ 		return ops;
+ 	}
+@@ -2676,6 +2801,7 @@ public:
+ 		return -1;
+ 	}
+ 
++#ifndef OSSL_110
+ 	static int rsa_sign(int type, const unsigned char *m, unsigned int m_len, unsigned char *sigret, unsigned int *siglen, const RSA *rsa)
+ 	{
+ 		QCA_RSA_METHOD *self = (QCA_RSA_METHOD *)RSA_get_app_data(rsa);
+@@ -2692,7 +2818,6 @@ public:
+ 		}
+ 		else
+ 		{
+-
+ 			// make X509 packet
+ 			X509_SIG sig;
+ 			ASN1_TYPE parameter;
+@@ -2766,6 +2891,7 @@ public:
+ 
+ 		return 1;
+ 	}
++#endif
+ 
+ 	static int rsa_finish(RSA *rsa)
+ 	{
+@@ -2867,21 +2993,22 @@ public:
+ 	PKeyBase *pkeyToBase(EVP_PKEY *pkey, bool sec) const
+ 	{
+ 		PKeyBase *nk = 0;
+-		if(pkey->type == EVP_PKEY_RSA)
++		int pkey_type = EVP_PKEY_type(EVP_PKEY_id(pkey));
++		if(pkey_type == EVP_PKEY_RSA)
+ 		{
+ 			RSAKey *c = new RSAKey(provider());
+ 			c->evp.pkey = pkey;
+ 			c->sec = sec;
+ 			nk = c;
+ 		}
+-		else if(pkey->type == EVP_PKEY_DSA)
++		else if(pkey_type == EVP_PKEY_DSA)
+ 		{
+ 			DSAKey *c = new DSAKey(provider());
+ 			c->evp.pkey = pkey;
+ 			c->sec = sec;
+ 			nk = c;
+ 		}
+-		else if(pkey->type == EVP_PKEY_DH)
++		else if(pkey_type == EVP_PKEY_DH)
+ 		{
+ 			DHKey *c = new DHKey(provider());
+ 			c->evp.pkey = pkey;
+@@ -2899,8 +3026,10 @@ public:
+ 	{
+ 		EVP_PKEY *pkey = get_pkey();
+ 
++		int pkey_type = EVP_PKEY_type(EVP_PKEY_id(pkey));
++
+ 		// OpenSSL does not have DH import/export support
+-		if(pkey->type == EVP_PKEY_DH)
++		if(pkey_type == EVP_PKEY_DH)
+ 			return QByteArray();
+ 
+ 		BIO *bo = BIO_new(BIO_s_mem());
+@@ -2913,8 +3042,10 @@ public:
+ 	{
+ 		EVP_PKEY *pkey = get_pkey();
+ 
++		int pkey_type = EVP_PKEY_type(EVP_PKEY_id(pkey));
++
+ 		// OpenSSL does not have DH import/export support
+-		if(pkey->type == EVP_PKEY_DH)
++		if(pkey_type == EVP_PKEY_DH)
+ 			return QString();
+ 
+ 		BIO *bo = BIO_new(BIO_s_mem());
+@@ -2979,9 +3110,10 @@ public:
+ 			return SecureArray();
+ 
+ 		EVP_PKEY *pkey = get_pkey();
++		int pkey_type = EVP_PKEY_type(EVP_PKEY_id(pkey));
+ 
+ 		// OpenSSL does not have DH import/export support
+-		if(pkey->type == EVP_PKEY_DH)
++		if(pkey_type == EVP_PKEY_DH)
+ 			return SecureArray();
+ 
+ 		BIO *bo = BIO_new(BIO_s_mem());
+@@ -3008,9 +3140,10 @@ public:
+ 			return QString();
+ 
+ 		EVP_PKEY *pkey = get_pkey();
++		int pkey_type = EVP_PKEY_type(EVP_PKEY_id(pkey));
+ 
+ 		// OpenSSL does not have DH import/export support
+-		if(pkey->type == EVP_PKEY_DH)
++		if(pkey_type == EVP_PKEY_DH)
+ 			return QString();
+ 
+ 		BIO *bo = BIO_new(BIO_s_mem());
+@@ -3111,11 +3244,18 @@ public:
+ 			crl = from.crl;
+ 
+ 			if(cert)
+-				CRYPTO_add(&cert->references, 1, CRYPTO_LOCK_X509);
++				X509_up_ref(cert);
+ 			if(req)
++			{
++#ifdef OSSL_110
++				// Not exposed, so copy
++				req = X509_REQ_dup(req);
++#else
+ 				CRYPTO_add(&req->references, 1, CRYPTO_LOCK_X509_REQ);
++#endif
++			}
+ 			if(crl)
+-				CRYPTO_add(&crl->references, 1, CRYPTO_LOCK_X509_CRL);
++				X509_CRL_up_ref(crl);
+ 		}
+ 
+ 		return *this;
+@@ -3221,7 +3361,7 @@ public:
+ //
+ // This code is mostly taken from OpenSSL v0.9.5a
+ // by Eric Young
+-QDateTime ASN1_UTCTIME_QDateTime(ASN1_UTCTIME *tm, int *isGmt)
++QDateTime ASN1_UTCTIME_QDateTime(const ASN1_UTCTIME *tm, int *isGmt)
+ {
+ 	QDateTime qdt;
+ 	char *v;
+@@ -3319,7 +3459,7 @@ public:
+ 
+ 	void fromX509(X509 *x)
+ 	{
+-		CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
++		X509_up_ref(x);
+ 		item.cert = x;
+ 		make_props();
+ 	}
+@@ -3350,7 +3490,7 @@ public:
+ 		if(priv.key()->type() == PKey::RSA)
+ 			md = EVP_sha1();
+ 		else if(priv.key()->type() == PKey::DSA)
+-			md = EVP_dss1();
++			md = EVP_sha1();
+ 		else
+ 			return false;
+ 
+@@ -3481,7 +3621,7 @@ public:
+ 
+ 		const MyCertContext *our_cc = this;
+ 		X509 *x = our_cc->item.cert;
+-		CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
++		X509_up_ref(x);
+ 		sk_X509_push(untrusted_list, x);
+ 
+ 		const MyCertContext *other_cc = static_cast<const MyCertContext *>(other);
+@@ -3596,14 +3736,21 @@ public:
+ 				p.policies = get_cert_policies(ex);
+ 		}
+ 
+-		if (x->signature)
++#ifdef OSSL_110
++		const
++#endif
++		ASN1_BIT_STRING *signature;
++
++		X509_get0_signature(&signature, NULL, x);
++		if(signature)
+ 		{
+-			p.sig = QByteArray(x->signature->length, 0);
+-			for (int i=0; i< x->signature->length; i++)
+-				p.sig[i] = x->signature->data[i];
++			p.sig = QByteArray(signature->length, 0);
++			for (int i=0; i< signature->length; i++)
++				p.sig[i] = signature->data[i];
+ 		}
+ 
+-		switch( OBJ_obj2nid(x->cert_info->signature->algorithm) )
++
++		switch( X509_get_signature_nid(x) )
+ 		{
+ 		case NID_sha1WithRSAEncryption:
+ 			p.sigalgo = QCA::EMSA3_SHA1;
+@@ -3635,7 +3782,7 @@ public:
+ 			p.sigalgo = QCA::EMSA3_SHA512;
+ 			break;
+ 		default:
+-			qDebug() << "Unknown signature value: " << OBJ_obj2nid(x->cert_info->signature->algorithm);
++			qDebug() << "Unknown signature value: " << X509_get_signature_nid(x);
+ 			p.sigalgo = QCA::SignatureUnknown;
+ 		}
+ 
+@@ -3752,7 +3899,7 @@ public:
+ 		if(privateKey -> key()->type() == PKey::RSA)
+ 			md = EVP_sha1();
+ 		else if(privateKey -> key()->type() == PKey::DSA)
+-			md = EVP_dss1();
++			md = EVP_sha1();
+ 		else
+ 			return 0;
+ 
+@@ -3935,7 +4082,7 @@ public:
+ 		if(priv.key()->type() == PKey::RSA)
+ 			md = EVP_sha1();
+ 		else if(priv.key()->type() == PKey::DSA)
+-			md = EVP_dss1();
++			md = EVP_sha1();
+ 		else
+ 			return false;
+ 
+@@ -4096,14 +4243,17 @@ public:
+ 
+ 		sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);
+ 
+-		if (x->signature)
++		const ASN1_BIT_STRING *signature;
++
++		X509_REQ_get0_signature(x, &signature, NULL);
++		if(signature)
+ 		{
+-			p.sig = QByteArray(x->signature->length, 0);
+-			for (int i=0; i< x->signature->length; i++)
+-				p.sig[i] = x->signature->data[i];
++			p.sig = QByteArray(signature->length, 0);
++			for (int i=0; i< signature->length; i++)
++				p.sig[i] = signature->data[i];
+ 		}
+ 
+-		switch( OBJ_obj2nid(x->sig_alg->algorithm) )
++		switch( X509_REQ_get_signature_nid(x) )
+ 		{
+ 		case NID_sha1WithRSAEncryption:
+ 			p.sigalgo = QCA::EMSA3_SHA1;
+@@ -4123,7 +4273,7 @@ public:
+ 			p.sigalgo = QCA::EMSA1_SHA1;
+ 			break;
+ 		default:
+-			qDebug() << "Unknown signature value: " << OBJ_obj2nid(x->sig_alg->algorithm);
++			qDebug() << "Unknown signature value: " << X509_REQ_get_signature_nid(x);
+ 			p.sigalgo = QCA::SignatureUnknown;
+ 		}
+ 
+@@ -4187,7 +4337,7 @@ public:
+ 
+ 	void fromX509(X509_CRL *x)
+ 	{
+-		CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509_CRL);
++		X509_CRL_up_ref(x);
+ 		item.crl = x;
+ 		make_props();
+ 	}
+@@ -4232,15 +4382,15 @@ public:
+ 
+ 		issuer = get_cert_name(X509_CRL_get_issuer(x));
+ 
+-		p.thisUpdate = ASN1_UTCTIME_QDateTime(X509_CRL_get_lastUpdate(x), NULL);
+-		p.nextUpdate = ASN1_UTCTIME_QDateTime(X509_CRL_get_nextUpdate(x), NULL);
++		p.thisUpdate = ASN1_UTCTIME_QDateTime(X509_CRL_get0_lastUpdate(x), NULL);
++		p.nextUpdate = ASN1_UTCTIME_QDateTime(X509_CRL_get0_nextUpdate(x), NULL);
+ 
+ 		STACK_OF(X509_REVOKED)* revokeStack  = X509_CRL_get_REVOKED(x);
+ 
+ 		for (int i = 0; i < sk_X509_REVOKED_num(revokeStack); ++i) {
+ 			X509_REVOKED *rev = sk_X509_REVOKED_value(revokeStack, i);
+-			BigInteger serial = bn2bi(ASN1_INTEGER_to_BN(rev->serialNumber, NULL));
+-			QDateTime time = ASN1_UTCTIME_QDateTime( rev->revocationDate, NULL);
++			BigInteger serial = bn2bi(ASN1_INTEGER_to_BN(X509_REVOKED_get0_serialNumber(rev), NULL));
++			QDateTime time = ASN1_UTCTIME_QDateTime( X509_REVOKED_get0_revocationDate(rev), NULL);
+ 			QCA::CRLEntry::Reason reason = QCA::CRLEntry::Unspecified;
+ 			int pos = X509_REVOKED_get_ext_by_NID(rev, NID_crl_reason, -1);
+ 			if (pos != -1) {
+@@ -4289,13 +4439,18 @@ public:
+ 			p.revoked.append(thisEntry);
+ 		}
+ 
+-		if (x->signature)
++		const ASN1_BIT_STRING *signature;
++
++		X509_CRL_get0_signature(x, &signature, NULL);
++		if(signature)
+ 		{
+-			p.sig = QByteArray(x->signature->length, 0);
+-			for (int i=0; i< x->signature->length; i++)
+-				p.sig[i] = x->signature->data[i];
++			p.sig = QByteArray(signature->length, 0);
++			for (int i=0; i< signature->length; i++)
++				p.sig[i] = signature->data[i];
+ 		}
+-		switch( OBJ_obj2nid(x->sig_alg->algorithm) )
++
++
++		switch( X509_CRL_get_signature_nid(x) )
+ 		{
+ 		case NID_sha1WithRSAEncryption:
+ 			p.sigalgo = QCA::EMSA3_SHA1;
+@@ -4327,7 +4482,7 @@ public:
+ 			p.sigalgo = QCA::EMSA3_SHA512;
+ 			break;
+ 		default:
+-			qWarning() << "Unknown signature value: " << OBJ_obj2nid(x->sig_alg->algorithm);
++			qWarning() << "Unknown signature value: " << X509_CRL_get_signature_nid(x);
+ 			p.sigalgo = QCA::SignatureUnknown;
+ 		}
+ 
+@@ -4488,21 +4643,21 @@ Validity MyCertContext::validate(const QList<CertContext*> &trusted, const QList
+ 	{
+ 		const MyCertContext *cc = static_cast<const MyCertContext *>(trusted[n]);
+ 		X509 *x = cc->item.cert;
+-		CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
++		X509_up_ref(x);
+ 		sk_X509_push(trusted_list, x);
+ 	}
+ 	for(n = 0; n < untrusted.count(); ++n)
+ 	{
+ 		const MyCertContext *cc = static_cast<const MyCertContext *>(untrusted[n]);
+ 		X509 *x = cc->item.cert;
+-		CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
++		X509_up_ref(x);
+ 		sk_X509_push(untrusted_list, x);
+ 	}
+ 	for(n = 0; n < crls.count(); ++n)
+ 	{
+ 		const MyCRLContext *cc = static_cast<const MyCRLContext *>(crls[n]);
+ 		X509_CRL *x = cc->item.crl;
+-		CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509_CRL);
++		X509_CRL_up_ref(x);
+ 		crl_list.append(x);
+ 	}
+ 
+@@ -4527,7 +4682,7 @@ Validity MyCertContext::validate(const QList<CertContext*> &trusted, const QList
+ 	int ret = X509_verify_cert(ctx);
+ 	int err = -1;
+ 	if(!ret)
+-		err = ctx->error;
++		err = X509_STORE_CTX_get_error(ctx);
+ 
+ 	// cleanup
+ 	X509_STORE_CTX_free(ctx);
+@@ -4561,21 +4716,21 @@ Validity MyCertContext::validate_chain(const QList<CertContext*> &chain, const Q
+ 	{
+ 		const MyCertContext *cc = static_cast<const MyCertContext *>(trusted[n]);
+ 		X509 *x = cc->item.cert;
+-		CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
++		X509_up_ref(x);
+ 		sk_X509_push(trusted_list, x);
+ 	}
+ 	for(n = 1; n < chain.count(); ++n)
+ 	{
+ 		const MyCertContext *cc = static_cast<const MyCertContext *>(chain[n]);
+ 		X509 *x = cc->item.cert;
+-		CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
++		X509_up_ref(x);
+ 		sk_X509_push(untrusted_list, x);
+ 	}
+ 	for(n = 0; n < crls.count(); ++n)
+ 	{
+ 		const MyCRLContext *cc = static_cast<const MyCRLContext *>(crls[n]);
+ 		X509_CRL *x = cc->item.crl;
+-		CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509_CRL);
++		X509_CRL_up_ref(x);
+ 		crl_list.append(x);
+ 	}
+ 
+@@ -4600,7 +4755,7 @@ Validity MyCertContext::validate_chain(const QList<CertContext*> &chain, const Q
+ 	int ret = X509_verify_cert(ctx);
+ 	int err = -1;
+ 	if(!ret)
+-		err = ctx->error;
++		err = X509_STORE_CTX_get_error(ctx);
+ 
+ 	// grab the chain, which may not be fully populated
+ 	STACK_OF(X509) *xchain = X509_STORE_CTX_get_chain(ctx);
+@@ -4664,7 +4819,7 @@ public:
+ 			for(int n = 1; n < chain.count(); ++n)
+ 			{
+ 				X509 *x = static_cast<const MyCertContext *>(chain[n])->item.cert;
+-				CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
++				X509_up_ref(x);
+ 				sk_X509_push(ca, x);
+ 			}
+ 		}
+@@ -5399,7 +5554,7 @@ public:
+ 		OpenSSL_add_ssl_algorithms();
+ 		SSL_CTX *ctx = 0;
+ 		switch (version) {
+-#ifndef OPENSSL_NO_SSL2
++#if !defined(OPENSSL_NO_SSL2) && !defined(OSSL_110)
+ 		case TLS::SSL_v2:
+ 			ctx = SSL_CTX_new(SSLv2_client_method());
+ 			break;
+@@ -5430,8 +5585,8 @@ public:
+ 		STACK_OF(SSL_CIPHER) *sk = SSL_get_ciphers(ssl);
+ 		QStringList cipherList;
+ 		for(int i = 0; i < sk_SSL_CIPHER_num(sk); ++i) {
+-			SSL_CIPHER *thisCipher = sk_SSL_CIPHER_value(sk, i);
+-			cipherList += cipherIDtoString(version, thisCipher->id);
++			const SSL_CIPHER *thisCipher = sk_SSL_CIPHER_value(sk, i);
++			cipherList += cipherIDtoString(version, SSL_CIPHER_get_id(thisCipher));
+ 		}
+ 
+ 		SSL_free(ssl);
+@@ -5808,13 +5963,15 @@ public:
+ 	{
+ 		SessionInfo sessInfo;
+ 
+-		sessInfo.isCompressed = (0 != SSL_SESSION_get_compress_id(ssl->session));
++		SSL_SESSION *session = SSL_get0_session(ssl);
++		sessInfo.isCompressed = (0 != SSL_SESSION_get_compress_id(session));
++		int ssl_version = SSL_version(ssl);
+ 
+-		if (ssl->version == TLS1_VERSION)
++		if (ssl_version == TLS1_VERSION)
+ 			sessInfo.version = TLS::TLS_v1;
+-		else if (ssl->version == SSL3_VERSION)
++		else if (ssl_version == SSL3_VERSION)
+ 			sessInfo.version = TLS::SSL_v3;
+-		else if (ssl->version == SSL2_VERSION)
++		else if (ssl_version == SSL2_VERSION)
+ 			sessInfo.version = TLS::SSL_v2;
+ 		else {
+ 			qDebug("unexpected version response");
+@@ -5822,7 +5979,7 @@ public:
+ 		}
+ 
+ 		sessInfo.cipherSuite = cipherIDtoString( sessInfo.version,
+-												 SSL_get_current_cipher(ssl)->id);
++		                                         SSL_CIPHER_get_id(SSL_get_current_cipher(ssl)));
+ 
+ 		sessInfo.cipherMaxBits = SSL_get_cipher_bits(ssl, &(sessInfo.cipherBits));
+ 
+@@ -6394,7 +6551,7 @@ public:
+ 			for(int n = 0; n < nonroots.count(); ++n)
+ 			{
+ 				X509 *x = static_cast<MyCertContext *>(nonroots[n].context())->item.cert;
+-				CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
++				X509_up_ref(x);
+ 				sk_X509_push(other_certs, x);
+ 			}
+ 
+@@ -6436,7 +6593,7 @@ public:
+ 
+ 			other_certs = sk_X509_new_null();
+ 			X509 *x = static_cast<MyCertContext *>(target.context())->item.cert;
+-			CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
++			X509_up_ref(x);
+ 			sk_X509_push(other_certs, x);
+ 
+ 			bi = BIO_new(BIO_s_mem());
+@@ -6499,7 +6656,7 @@ public:
+ 			for(int n = 0; n < untrusted_list.count(); ++n)
+ 			{
+ 				X509 *x = static_cast<MyCertContext *>(untrusted_list[n].context())->item.cert;
+-				CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
++				X509_up_ref(x);
+ 				sk_X509_push(other_certs, x);
+ 			}
+ 
+@@ -6750,14 +6907,27 @@ public:
+ 	opensslCipherContext(const EVP_CIPHER *algorithm, const int pad, Provider *p, const QString &type) : CipherContext(p, type)
+ 	{
+ 		m_cryptoAlgorithm = algorithm;
+-		EVP_CIPHER_CTX_init(&m_context);
++		m_context = EVP_CIPHER_CTX_new();
++		EVP_CIPHER_CTX_init(m_context);
+ 		m_pad = pad;
+ 		m_type = type;
+ 	}
+ 
++	opensslCipherContext(const opensslCipherContext &other)
++	    : CipherContext(other)
++	{
++		m_cryptoAlgorithm = other.m_cryptoAlgorithm;
++		m_context = EVP_CIPHER_CTX_new();
++		EVP_CIPHER_CTX_copy(m_context, other.m_context);
++		m_direction = other.m_direction;
++		m_pad = other.m_pad;
++		m_type = other.m_type;
++	}
++
+ 	~opensslCipherContext()
+ 	{
+-		EVP_CIPHER_CTX_cleanup(&m_context);
++		EVP_CIPHER_CTX_cleanup(m_context);
++		EVP_CIPHER_CTX_free(m_context);
+ 	}
+ 
+ 	void setup(Direction dir,
+@@ -6772,20 +6943,20 @@ public:
+ 			m_cryptoAlgorithm = EVP_des_ede();
+ 		}
+ 		if (Encode == m_direction) {
+-			EVP_EncryptInit_ex(&m_context, m_cryptoAlgorithm, 0, 0, 0);
+-			EVP_CIPHER_CTX_set_key_length(&m_context, key.size());
++			EVP_EncryptInit_ex(m_context, m_cryptoAlgorithm, 0, 0, 0);
++			EVP_CIPHER_CTX_set_key_length(m_context, key.size());
+-			EVP_EncryptInit_ex(&m_context, 0, 0,
++			EVP_EncryptInit_ex(m_context, 0, 0,
+ 							   (const unsigned char*)(key.data()),
+ 							   (const unsigned char*)(iv.data()));
+ 		} else {
+-			EVP_DecryptInit_ex(&m_context, m_cryptoAlgorithm, 0, 0, 0);
+-			EVP_CIPHER_CTX_set_key_length(&m_context, key.size());
++			EVP_DecryptInit_ex(m_context, m_cryptoAlgorithm, 0, 0, 0);
++			EVP_CIPHER_CTX_set_key_length(m_context, key.size());
+-			EVP_DecryptInit_ex(&m_context, 0, 0,
++			EVP_DecryptInit_ex(m_context, 0, 0,
+ 							   (const unsigned char*)(key.data()),
+ 							   (const unsigned char*)(iv.data()));
+ 		}
+ 
+-		EVP_CIPHER_CTX_set_padding(&m_context, m_pad);
++		EVP_CIPHER_CTX_set_padding(m_context, m_pad);
+ 	}
+ 
+ 	Provider::Context *clone() const
+@@ -6803,7 +6974,7 @@ public:
+ 
+ 	int blockSize() const
+ 	{
+-		return EVP_CIPHER_CTX_block_size(&m_context);
++		return EVP_CIPHER_CTX_block_size(m_context);
+ 	}
+ 
+ 	bool update(const SecureArray &in, SecureArray *out)
+@@ -6821,7 +6992,7 @@ public:
+ 		out->resize(in.size()+blockSize());
+ 		int resultLength;
+ 		if (Encode == m_direction) {
+-			if (0 == EVP_EncryptUpdate(&m_context,
++			if (0 == EVP_EncryptUpdate(m_context,
+ 									   (unsigned char*)out->data(),
+ 									   &resultLength,
+ 									   (unsigned char*)in.data(),
+@@ -6829,7 +7000,7 @@ public:
+ 				return false;
+ 			}
+ 		} else {
+-			if (0 == EVP_DecryptUpdate(&m_context,
++			if (0 == EVP_DecryptUpdate(m_context,
+ 									   (unsigned char*)out->data(),
+ 									   &resultLength,
+ 									   (unsigned char*)in.data(),
+@@ -6846,13 +7017,13 @@ public:
+ 		out->resize(blockSize());
+ 		int resultLength;
+ 		if (Encode == m_direction) {
+-			if (0 == EVP_EncryptFinal_ex(&m_context,
++			if (0 == EVP_EncryptFinal_ex(m_context,
+ 										 (unsigned char*)out->data(),
+ 										 &resultLength)) {
+ 				return false;
+ 			}
+ 		} else {
+-			if (0 == EVP_DecryptFinal_ex(&m_context,
++			if (0 == EVP_DecryptFinal_ex(m_context,
+ 										 (unsigned char*)out->data(),
+ 										 &resultLength)) {
+ 				return false;
+@@ -6899,7 +7070,7 @@ public:
+ 
+ 
+ protected:
+-	EVP_CIPHER_CTX m_context;
++	EVP_CIPHER_CTX *m_context;
+ 	const EVP_CIPHER *m_cryptoAlgorithm;
+ 	Direction m_direction;
+ 	int m_pad;
diff --git a/source/l/qca/qca.SlackBuild b/source/l/qca/qca.SlackBuild
index 2adbe7e92..d40821b66 100755
--- a/source/l/qca/qca.SlackBuild
+++ b/source/l/qca/qca.SlackBuild
@@ -1,6 +1,6 @@
-#!/bin/sh
+#!/bin/bash
 
-# Copyright 2006, 2008, 2009, 2016  Patrick J. Volkerding, Sebeka, MN, USA
+# Copyright 2006, 2008, 2009, 2016, 2018  Patrick J. Volkerding, Sebeka, MN, USA
 # All rights reserved.
 #
 # Redistribution and use of this script, with or without modification, is
@@ -23,9 +23,11 @@
 # Modified by Robby Workman <rworkman@slackware.com> for qca-2.0.0
 # No additional license terms and no copyright claim
 
+cd $(dirname $0) ; CWD=$(pwd)
+
 PKGNAM=qca
-VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z* | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
-BUILD=${BUILD:-2}
+VERSION=${VERSION:-$(echo $PKGNAM-*.tar.?z | rev | cut -f 3- -d . | cut -f 1 -d - | rev)}
+BUILD=${BUILD:-3}
 NUMJOBS=${NUMJOBS:--j6}
 
 # Automatically determine architecture for build & packaging:
@@ -37,7 +39,14 @@ if [ -z "$ARCH" ]; then
   esac
 fi
 
-CWD=$(pwd)
+# If the variable PRINT_PACKAGE_NAME is set, then this script will report what
+# the name of the created package would be, and then exit. This information
+# could be useful to other scripts.
+if [ ! -z "${PRINT_PACKAGE_NAME}" ]; then
+  echo "$PKGNAM-$VERSION-$ARCH-$BUILD.txz"
+  exit 0
+fi
+
 TMP=${TMP:-/tmp}
 PKG=$TMP/package-${PKGNAM}
 
@@ -56,7 +65,7 @@ rm -rf $PKG
 mkdir -p $TMP $PKG
 cd $TMP
 rm -rf $PKGNAM-$VERSION
-tar xvf $CWD/$PKGNAM-$VERSION.tar.xz || exit 1
+tar xvf $CWD/$PKGNAM-$VERSION.tar.?z || exit 1
 cd $PKGNAM-$VERSION || exit 1
 chown -R root:root .
 find . \
@@ -65,7 +74,11 @@ find . \
  \( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \
  -exec chmod 644 {} \;
 
-zcat $CWD/0011-use-_DEFAULT_SOURCE-instead-of-_BSD_SOURCE.patch.gz | patch -p1 --verbose || exit 1
+# Support OpenSSL-1.1.x:
+zcat $CWD/Add_support_for_OpenSSL_1.1.0.diff.gz | patch -p1 --verbose || exit 1
+
+# This unit test patch won't apply, so whatever. Don't need it.
+#qca.tlsunittest.cpp.diff.gz | patch -p1 --verbose || exit 1
 
 mkdir build
 cd build
diff --git a/source/l/qca/qca.tlsunittest.cpp.diff b/source/l/qca/qca.tlsunittest.cpp.diff
new file mode 100644
index 000000000..0b3d6090a
--- /dev/null
+++ b/source/l/qca/qca.tlsunittest.cpp.diff
@@ -0,0 +1,58 @@
+diff --git a/unittest/tls/tlsunittest.cpp b/unittest/tls/tlsunittest.cpp
+index 38caf2d..ba8ed94 100644
+--- a/unittest/tls/tlsunittest.cpp
++++ b/unittest/tls/tlsunittest.cpp
+@@ -60,14 +60,16 @@ void TLSUnitTest::testCipherList()
+ 	QCA::TLS *tls = new QCA::TLS(QCA::TLS::Stream, 0, "qca-ossl");
+ 	QStringList cipherList = tls->supportedCipherSuites(QCA::TLS::TLS_v1);
+ 	QVERIFY( cipherList.contains("TLS_DHE_RSA_WITH_AES_256_CBC_SHA") );
+-	QVERIFY( cipherList.contains("TLS_DHE_DSS_WITH_AES_256_CBC_SHA") );
+ 	QVERIFY( cipherList.contains("TLS_RSA_WITH_AES_256_CBC_SHA") );
+-	QVERIFY( cipherList.contains("TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA") );
+-	QVERIFY( cipherList.contains("TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA") );
+-	QVERIFY( cipherList.contains("TLS_RSA_WITH_3DES_EDE_CBC_SHA") );
+ 	QVERIFY( cipherList.contains("TLS_DHE_RSA_WITH_AES_128_CBC_SHA") );
+-	QVERIFY( cipherList.contains("TLS_DHE_DSS_WITH_AES_128_CBC_SHA") );
+-	QVERIFY( cipherList.contains("TLS_RSA_WITH_AES_128_CBC_SHA") );
++
++	// openSUSE TW OpenSSL 1.1 does not have this
++	// QVERIFY( cipherList.contains("TLS_DHE_DSS_WITH_AES_256_CBC_SHA") );
++	// QVERIFY( cipherList.contains("TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA") );
++	// QVERIFY( cipherList.contains("TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA") );
++	// QVERIFY( cipherList.contains("TLS_RSA_WITH_3DES_EDE_CBC_SHA") );
++	// QVERIFY( cipherList.contains("TLS_RSA_WITH_AES_128_CBC_SHA") );
++	// QVERIFY( cipherList.contains("TLS_DHE_DSS_WITH_AES_128_CBC_SHA") );
+ 
+ 	// Fedora 26 openssl has no this cipher suites.
+ 	// QVERIFY( cipherList.contains("TLS_RSA_WITH_RC4_128_SHA") );
+@@ -89,16 +91,17 @@ void TLSUnitTest::testCipherList()
+ 	// QVERIFY( cipherList.contains("TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5") );
+ 	// QVERIFY( cipherList.contains("TLS_RSA_EXPORT_WITH_RC4_40_MD5") );
+ 
+-	cipherList = tls->supportedCipherSuites(QCA::TLS::SSL_v3);
+-	QVERIFY( cipherList.contains("SSL_DHE_RSA_WITH_AES_256_CBC_SHA") );
+-	QVERIFY( cipherList.contains("SSL_DHE_DSS_WITH_AES_256_CBC_SHA") );
+-	QVERIFY( cipherList.contains("SSL_RSA_WITH_AES_256_CBC_SHA") );
+-	QVERIFY( cipherList.contains("SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA") );
+-	QVERIFY( cipherList.contains("SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA") );
+-	QVERIFY( cipherList.contains("SSL_RSA_WITH_3DES_EDE_CBC_SHA") );
+-	QVERIFY( cipherList.contains("SSL_DHE_RSA_WITH_AES_128_CBC_SHA") );
+-	QVERIFY( cipherList.contains("SSL_DHE_DSS_WITH_AES_128_CBC_SHA") );
+-	QVERIFY( cipherList.contains("SSL_RSA_WITH_AES_128_CBC_SHA") );
++	// OpenSSL 1.1 in openSUSE TW has it disabled by default
++	// cipherList = tls->supportedCipherSuites(QCA::TLS::SSL_v3);
++	// QVERIFY( cipherList.contains("SSL_DHE_RSA_WITH_AES_256_CBC_SHA") );
++	// QVERIFY( cipherList.contains("SSL_DHE_DSS_WITH_AES_256_CBC_SHA") );
++	// QVERIFY( cipherList.contains("SSL_RSA_WITH_AES_256_CBC_SHA") );
++	// QVERIFY( cipherList.contains("SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA") );
++	// QVERIFY( cipherList.contains("SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA") );
++	// QVERIFY( cipherList.contains("SSL_RSA_WITH_3DES_EDE_CBC_SHA") );
++	// QVERIFY( cipherList.contains("SSL_DHE_RSA_WITH_AES_128_CBC_SHA") );
++	// QVERIFY( cipherList.contains("SSL_DHE_DSS_WITH_AES_128_CBC_SHA") );
++	// QVERIFY( cipherList.contains("SSL_RSA_WITH_AES_128_CBC_SHA") );
+ 
+ 	// Fedora 22 has no SSL_RSA_WITH_RC4_128_MD5
+ 	// QVERIFY( cipherList.contains("SSL_RSA_WITH_RC4_128_MD5") );
+-- 
+cgit v0.11.2
+
diff --git a/source/l/qca/slack-desc b/source/l/qca/slack-desc
index 91a68dd9f..fe30b1a34 100644
--- a/source/l/qca/slack-desc
+++ b/source/l/qca/slack-desc
@@ -1,18 +1,18 @@
 # HOW TO EDIT THIS FILE:
-# The "handy ruler" below makes it easier to edit a package description.  Line
+# The "handy ruler" below makes it easier to edit a package description. Line
 # up the first '|' above the ':' following the base package name, and the '|'
-# on the right side marks the last column you can put a character in.  You must
-# make exactly 11 lines for the formatting to be correct.  It's also
+# on the right side marks the last column you can put a character in. You must
+# make exactly 11 lines for the formatting to be correct. It's also
 # customary to leave one space after the ':'.
 
    |-----handy-ruler------------------------------------------------------|
 qca: qca (Qt Cryptographic Architecture)
 qca:
 qca: QCA aims to provide a straightforward and cross-platform crypto API,
-qca: using Qt datatypes and conventions.  QCA separates the API from the
-qca: implementation, using plugins known as Providers.  The advantage of
+qca: using Qt datatypes and conventions. QCA separates the API from the
+qca: implementation, using plugins known as Providers. The advantage of
 qca: this model is to allow applications to avoid linking to or explicitly
-qca: depending on any particular cryptographic library.  This allows one
+qca: depending on any particular cryptographic library. This allows one
 qca: to easily change or upgrade crypto implementations without needing
 qca: to recompile the application.
 qca: