--- liboriutil/key.cc.orig	2018-10-13 04:39:33 UTC

+++ liboriutil/key.cc

@@ -131,13 +131,13 @@ PublicKey::verify(const string &blob,

                   const string &digest) const

 {

     int err;

-    EVP_MD_CTX ctx;

+    EVP_MD_CTX *ctx = EVP_MD_CTX_new();

     assert(x509 != NULL && key != NULL);

-    EVP_VerifyInit(&ctx, EVP_sha256());

-    EVP_VerifyUpdate(&ctx, blob.data(), blob.size());

-    err = EVP_VerifyFinal(&ctx, (const unsigned char *)digest.data(),

+    EVP_VerifyInit(ctx, EVP_sha256());

+    EVP_VerifyUpdate(ctx, blob.data(), blob.size());

+    err = EVP_VerifyFinal(ctx, (const unsigned char *)digest.data(),

                           digest.length(), key);

     if (err != 1)

     {

@@ -185,11 +185,11 @@ PrivateKey::sign(const string &blob) const

     int err;

     unsigned int sigLen = SIGBUF_LEN;

     char sigBuf[SIGBUF_LEN];

-    EVP_MD_CTX ctx;

+    EVP_MD_CTX *ctx = NULL;

-    EVP_SignInit(&ctx, EVP_sha256());

-    EVP_SignUpdate(&ctx, blob.data(), blob.size());

-    err = EVP_SignFinal(&ctx, (unsigned char *)sigBuf, &sigLen, key);

+    EVP_SignInit(ctx, EVP_sha256());

+    EVP_SignUpdate(ctx, blob.data(), blob.size());

+    err = EVP_SignFinal(ctx, (unsigned char *)sigBuf, &sigLen, key);

     if (err != 1)

     {

         ERR_print_errors_fp(stderr);

--- liboriutil/oricrypt.cc.orig	2018-10-13 04:42:24 UTC

+++ liboriutil/oricrypt.cc

@@ -155,12 +155,12 @@ OriCrypt_Encrypt(const string &plaintext, const string

     unsigned char keyData[32];

     unsigned char ivData[32];

     unsigned char *buf;

-    EVP_CIPHER_CTX ctx;

+    EVP_CIPHER_CTX *ctx = NULL;

     string ciphertext;

     // Generate random salt and prepend it

     // XXX: PKCS#5 implementation in OpenSSL uses RAND_pseudo_bytes

-    RAND_pseudo_bytes(salt, PKCS5_SALT_LEN);

+    RAND_bytes(salt, PKCS5_SALT_LEN);

     ciphertext.assign((const char *)&salt, PKCS5_SALT_LEN);

     bits = EVP_BytesToKey(EVP_aes_256_cbc(), EVP_sha256(), salt,

@@ -173,13 +173,13 @@ OriCrypt_Encrypt(const string &plaintext, const string

     clen = plaintext.size() + AES_BLOCK_SIZE;

     buf = new unsigned char[clen];

-    EVP_CIPHER_CTX_init(&ctx);

-    EVP_EncryptInit_ex(&ctx, EVP_aes_256_cbc(), NULL, keyData, ivData);

-    EVP_EncryptUpdate(&ctx, buf, &clen,

+    EVP_CIPHER_CTX_init(ctx);

+    EVP_EncryptInit_ex(ctx, EVP_aes_256_cbc(), NULL, keyData, ivData);

+    EVP_EncryptUpdate(ctx, buf, &clen,

                       (const unsigned char *)plaintext.data(),

                       plaintext.size());

-    EVP_EncryptFinal_ex(&ctx, buf+clen, &flen);

-    EVP_CIPHER_CTX_cleanup(&ctx);

+    EVP_EncryptFinal_ex(ctx, buf+clen, &flen);

+    EVP_CIPHER_CTX_free(ctx);

     ciphertext.append((const char *)buf, clen+flen);

     delete buf;

@@ -199,7 +199,7 @@ OriCrypt_Decrypt(const string &ciphertext, const strin

     unsigned char keyData[32];

     unsigned char ivData[32];

     unsigned char *buf;

-    EVP_CIPHER_CTX ctx;

+    EVP_CIPHER_CTX *ctx = NULL;

     string plaintext;

     if (ciphertext.size() <= PKCS5_SALT_LEN)

@@ -217,13 +217,13 @@ OriCrypt_Decrypt(const string &ciphertext, const strin

     plen = ciphertext.size() + AES_BLOCK_SIZE;

     buf = new unsigned char[plen];

-    EVP_CIPHER_CTX_init(&ctx);

-    EVP_DecryptInit_ex(&ctx, EVP_aes_256_cbc(), NULL, keyData, ivData);

-    EVP_DecryptUpdate(&ctx, buf, &plen,

+    EVP_CIPHER_CTX_init(ctx);

+    EVP_DecryptInit_ex(ctx, EVP_aes_256_cbc(), NULL, keyData, ivData);

+    EVP_DecryptUpdate(ctx, buf, &plen,

                       (const unsigned char *)ciphertext.data() + PKCS5_SALT_LEN,

                       ciphertext.size() - PKCS5_SALT_LEN);

-    EVP_DecryptFinal_ex(&ctx, buf+plen, &flen);

-    EVP_CIPHER_CTX_cleanup(&ctx);

+    EVP_DecryptFinal_ex(ctx, buf+plen, &flen);

+    EVP_CIPHER_CTX_free(ctx);

     plaintext.assign((const char *)buf, plen+flen);

     delete buf;