Re: [PR PATCH] [Updated] update openssl to 3 series

[dkwo <dkwo@users.noreply.github.com>]

[-- Attachment #1: Type: text/plain, Size: 1122 bytes --]

There is an updated pull request by dkwo against master on the void-packages repository

https://github.com/dkwo/void-packages openssl3
https://github.com/void-linux/void-packages/pull/37681

update openssl to 3 series
- Build failures on `x86_64-musl`:
- [ ] nodejs-lts, kore, xrootd, netpgp, opensc, vpn-ws, eid-mw, boinc, php, php8.0, umurmur, nzbget, nrpe, pkcs11-helper, mumble, squid, xca: deprecated something
- [ ] mairix, rust-sccache, fractal, telegram-desktop, rabbitmq-c, git-brws, rooster, cargo-aoc, spotify-tui, git-series, tarpaulin, taisei, rust-cargo-audit, signal-backup-decode, cargo-outdated, rustup: cargo errors
- [ ] lua54-luasec, yubiko-piv-tool, gcsf, ipmiutil, rng-tools: errors
- xbps: added temporary fixture suggested by @Duncaen, still broken
- racket: depend on libssl3.0
- Note to self: use `xrevbump "bump for openssl-3.0" $(xbps-query -Rs libssl.so -p shlib-requires | cut -d ':' -f 1 | xargs -n1 xbps-uhelper getpkgname)` and same for `libcrypto`, or use `sort -u file1 file2`.
[ci skip]

A patch file from https://github.com/void-linux/void-packages/pull/37681.patch is attached

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-openssl3-37681.patch --]
[-- Type: text/x-diff, Size: 57899 bytes --]

From d2e1e82b1b306fe11350030b177ff6bc19d2ce1e Mon Sep 17 00:00:00 2001
From: dkwo <nicolopiazzalunga@gmail.com>
Date: Sat, 25 Jun 2022 18:22:28 +0200
Subject: [PATCH 1/7] openssl: update to 3.0.7

---
 common/shlibs                           |  4 +-
 srcpkgs/{libcrypto1.1 => libcrypto3.0}  |  0
 srcpkgs/{libssl1.1 => libssl3.0}        |  0
 srcpkgs/openssl/patches/ppc-auxv.patch  | 25 -------
 srcpkgs/openssl/patches/ppc64.patch     | 96 -------------------------
 srcpkgs/openssl/patches/xxx-ppcle.patch | 53 --------------
 srcpkgs/openssl/template                | 20 +++---
 7 files changed, 14 insertions(+), 184 deletions(-)
 rename srcpkgs/{libcrypto1.1 => libcrypto3.0} (100%)
 rename srcpkgs/{libssl1.1 => libssl3.0} (100%)
 delete mode 100644 srcpkgs/openssl/patches/ppc-auxv.patch
 delete mode 100644 srcpkgs/openssl/patches/ppc64.patch
 delete mode 100644 srcpkgs/openssl/patches/xxx-ppcle.patch

diff --git a/common/shlibs b/common/shlibs
index edb8a2c5dd73..59e928664850 100644
--- a/common/shlibs
+++ b/common/shlibs
@@ -1768,8 +1768,8 @@ libid3.so id3lib-3.8.3_7
 libid3-3.8.so.3 id3lib-3.8.3_7
 libgirara-gtk3.so.3 girara-0.2.8_1
 libjq.so.1 jq-1.6_2
-libcrypto.so.1.1 libcrypto1.1-1.1.1f_1
-libssl.so.1.1 libssl1.1-1.1.1f_1
+libcrypto.so.3 libcrypto3.0-3.0.7_1
+libssl.so.3 libssl3.0-3.0.7_1
 libvamp-hostsdk.so.3 libvamp-plugin-sdk-2.2_6
 libportmidi.so portmidi-217_1
 libWildMidi.so.2 libwildmidi-0.4.3_1
diff --git a/srcpkgs/libcrypto1.1 b/srcpkgs/libcrypto3.0
similarity index 100%
rename from srcpkgs/libcrypto1.1
rename to srcpkgs/libcrypto3.0
diff --git a/srcpkgs/libssl1.1 b/srcpkgs/libssl3.0
similarity index 100%
rename from srcpkgs/libssl1.1
rename to srcpkgs/libssl3.0
diff --git a/srcpkgs/openssl/patches/ppc-auxv.patch b/srcpkgs/openssl/patches/ppc-auxv.patch
deleted file mode 100644
index 274ac2d55998..000000000000
--- a/srcpkgs/openssl/patches/ppc-auxv.patch
+++ /dev/null
@@ -1,25 +0,0 @@
-diff --git a/crypto/ppccap.c b/crypto/ppccap.c
-index eeaa47c..e6eeb14 100644
---- a/crypto/ppccap.c
-+++ b/crypto/ppccap.c
-@@ -207,17 +207,9 @@ size_t OPENSSL_instrument_bus2(unsigned int *out, size_t cnt, size_t max)
-         return 0;
- }
- 
--#if defined(__GLIBC__) && defined(__GLIBC_PREREQ)
--# if __GLIBC_PREREQ(2, 16)
--#  include <sys/auxv.h>
--#  define OSSL_IMPLEMENT_GETAUXVAL
--# elif defined(__ANDROID_API__)
--/* see https://developer.android.google.cn/ndk/guides/cpu-features */
--#  if __ANDROID_API__ >= 18
--#   include <sys/auxv.h>
--#   define OSSL_IMPLEMENT_GETAUXVAL
--#  endif
--# endif
-+#if defined(__linux__)
-+# include <sys/auxv.h>
-+# define OSSL_IMPLEMENT_GETAUXVAL
- #endif
- 
- #if defined(__FreeBSD__)
diff --git a/srcpkgs/openssl/patches/ppc64.patch b/srcpkgs/openssl/patches/ppc64.patch
deleted file mode 100644
index c75ceedba2c0..000000000000
--- a/srcpkgs/openssl/patches/ppc64.patch
+++ /dev/null
@@ -1,96 +0,0 @@
-From 34ab13b7d8e3e723adb60be8142e38b7c9cd382a Mon Sep 17 00:00:00 2001
-From: Andy Polyakov <appro@openssl.org>
-Date: Sun, 5 May 2019 18:25:50 +0200
-Subject: [PATCH] crypto/perlasm/ppc-xlate.pl: add linux64v2 flavour
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-This is a big endian ELFv2 configuration. ELFv2 was already being
-used for little endian, and big endian was traditionally ELFv1
-but there are practical configurations that use ELFv2 with big
-endian nowadays (Adélie Linux, Void Linux, possibly Gentoo, etc.)
-
-Reviewed-by: Paul Dale <paul.dale@oracle.com>
-Reviewed-by: Richard Levitte <levitte@openssl.org>
-(Merged from https://github.com/openssl/openssl/pull/8883)
----
- crypto/perlasm/ppc-xlate.pl | 8 ++++----
- 1 file changed, 4 insertions(+), 4 deletions(-)
-
-diff --git a/crypto/perlasm/ppc-xlate.pl b/crypto/perlasm/ppc-xlate.pl
-index e52f2f6ea62..5fcd0526dff 100755
---- a/crypto/perlasm/ppc-xlate.pl
-+++ b/crypto/perlasm/ppc-xlate.pl
-@@ -49,7 +49,7 @@
- 	/osx/		&& do { $name = "_$name";
- 				last;
- 			      };
--	/linux.*(32|64le)/
-+	/linux.*(32|64(le|v2))/
- 			&& do {	$ret .= ".globl	$name";
- 				if (!$$type) {
- 				    $ret .= "\n.type	$name,\@function";
-@@ -80,7 +80,7 @@
- };
- my $text = sub {
-     my $ret = ($flavour =~ /aix/) ? ".csect\t.text[PR],7" : ".text";
--    $ret = ".abiversion	2\n".$ret	if ($flavour =~ /linux.*64le/);
-+    $ret = ".abiversion	2\n".$ret	if ($flavour =~ /linux.*64(le|v2)/);
-     $ret;
- };
- my $machine = sub {
-@@ -186,7 +186,7 @@
- 
- # Some ABIs specify vrsave, special-purpose register #256, as reserved
- # for system use.
--my $no_vrsave = ($flavour =~ /aix|linux64le/);
-+my $no_vrsave = ($flavour =~ /aix|linux64(le|v2)/);
- my $mtspr = sub {
-     my ($f,$idx,$ra) = @_;
-     if ($idx == 256 && $no_vrsave) {
-@@ -318,7 +318,7 @@ sub vfour {
- 	if ($label) {
- 	    my $xlated = ($GLOBALS{$label} or $label);
- 	    print "$xlated:";
--	    if ($flavour =~ /linux.*64le/) {
-+	    if ($flavour =~ /linux.*64(le|v2)/) {
- 		if ($TYPES{$label} =~ /function/) {
- 		    printf "\n.localentry	%s,0\n",$xlated;
- 		}
-
-From 098404128383ded87ba390dd74ecd9e2ffa6f530 Mon Sep 17 00:00:00 2001
-From: Andy Polyakov <appro@openssl.org>
-Date: Sun, 5 May 2019 18:30:55 +0200
-Subject: [PATCH] Configure: use ELFv2 ABI on some ppc64 big endian systems
-
-If _CALL_ELF is defined to be 2, it's an ELFv2 system.
-Conditionally switch to the v2 perlasm scheme.
-
-Reviewed-by: Paul Dale <paul.dale@oracle.com>
-Reviewed-by: Richard Levitte <levitte@openssl.org>
-(Merged from https://github.com/openssl/openssl/pull/8883)
----
- Configure | 10 +++++++---
- 1 file changed, 7 insertions(+), 3 deletions(-)
-
-diff --git a/Configure b/Configure
-index 22082deb4c7..e303d98deb3 100755
---- a/Configure
-+++ b/Configure
-@@ -1402,8 +1402,15 @@
- my %predefined_C = compiler_predefined($config{CROSS_COMPILE}.$config{CC});
- my %predefined_CXX = $config{CXX}
-     ? compiler_predefined($config{CROSS_COMPILE}.$config{CXX})
-     : ();
- 
-+unless ($disabled{asm}) {
-+    # big endian systems can use ELFv2 ABI
-+    if ($target eq "linux-ppc64") {
-+        $target{perlasm_scheme} = "linux64v2" if ($predefined_C{_CALL_ELF} == 2);
-+    }
-+}
-+
- # Check for makedepend capabilities.
- if (!$disabled{makedepend}) {
-     if ($config{target} =~ /^(VC|vms)-/) {
diff --git a/srcpkgs/openssl/patches/xxx-ppcle.patch b/srcpkgs/openssl/patches/xxx-ppcle.patch
deleted file mode 100644
index 2498af968899..000000000000
--- a/srcpkgs/openssl/patches/xxx-ppcle.patch
+++ /dev/null
@@ -1,53 +0,0 @@
-commit 56e07856a7a9f7ce3582b8cf3843f252691475a6
-Author: q66 <daniel@octaforge.org>
-Date:   Fri Mar 5 18:36:01 2021 +0100
-
-    add ppcle support
-
-diff --git Configurations/10-main.conf Configurations/10-main.conf
-index 8dc3e85..18f10c9 100644
---- a/Configurations/10-main.conf
-+++ b/Configurations/10-main.conf
-@@ -665,6 +665,11 @@ my %targets = (
-         perlasm_scheme   => "linux32",
-         lib_cppflags     => add("-DB_ENDIAN"),
-     },
-+    "linux-ppcle" => {
-+        inherit_from     => [ "linux-generic32", asm("ppc32_asm") ],
-+        perlasm_scheme   => "linux32le",
-+        lib_cppflags     => add("-DL_ENDIAN"),
-+    },
-     "linux-ppc64" => {
-         inherit_from     => [ "linux-generic64", asm("ppc64_asm") ],
-         cflags           => add("-m64"),
-diff --git config config
-index 26225ca..6a1e830 100755
---- a/config
-+++ b/config
-@@ -543,6 +543,7 @@ case "$GUESSOS" in
- 	fi
- 	;;
-   ppc64le-*-linux2) OUT="linux-ppc64le" ;;
-+  ppcle-*-linux2) OUT="linux-ppcle" ;;
-   ppc-*-linux2) OUT="linux-ppc" ;;
-   mips64*-*-linux2)
- 	echo "WARNING! If you wish to build 64-bit library, then you have to"
-diff --git crypto/poly1305/asm/poly1305-ppc.pl crypto/poly1305/asm/poly1305-ppc.pl
-index e5d6933..3283f6b 100755
---- a/crypto/poly1305/asm/poly1305-ppc.pl
-+++ b/crypto/poly1305/asm/poly1305-ppc.pl
-@@ -314,10 +314,10 @@ $code.=<<___;
- 	beq-	Lno_key
- ___
- $code.=<<___	if ($LITTLE_ENDIAN);
--	lw	$h0,0($inp)		# load key material
--	lw	$h1,4($inp)
--	lw	$h2,8($inp)
--	lw	$h3,12($inp)
-+	lwz	$h0,0($inp)		# load key material
-+	lwz	$h1,4($inp)
-+	lwz	$h2,8($inp)
-+	lwz	$h3,12($inp)
- ___
- $code.=<<___	if (!$LITTLE_ENDIAN);
- 	li	$h1,4
diff --git a/srcpkgs/openssl/template b/srcpkgs/openssl/template
index 1461ffd2f7a2..2a9e94c5f826 100644
--- a/srcpkgs/openssl/template
+++ b/srcpkgs/openssl/template
@@ -1,6 +1,6 @@
 # Template file for 'openssl'
 pkgname=openssl
-version=1.1.1s
+version=3.0.7
 revision=1
 bootstrap=yes
 build_style=configure
@@ -14,10 +14,10 @@ make_check_target=test
 make_install_args="MANSUFFIX=ssl"
 short_desc="Toolkit for Secure Sockets Layer and Transport Layer Security"
 maintainer="John <me@johnnynator.dev>"
-license="OpenSSL"
+license="Apache-2.0"
 homepage="https://www.openssl.org"
 distfiles="https://www.openssl.org/source/openssl-${version}.tar.gz"
-checksum=c5ac01e760ee6ff0dab61d6b2bbd30146724d063eb322180c6f18a6f74e4b6aa
+checksum=83049d042a260e696f62406ac5c08bf706fd84383f945cf21bd61e9ed95c396e
 conf_files="/etc/ssl/openssl.cnf"
 replaces="libressl>=0"
 
@@ -28,7 +28,11 @@ if [ "$CHROOT_READY" ]; then
 	build_options_default="asm"
 else
 	# openssl-c_rehash depends on perl, ignore on bootstrap
-	subpackages="libcrypto1.1 libssl1.1 openssl-devel"
+	subpackages="libcrypto3.0 libssl3.0 openssl-devel"
+fi
+
+if [ "$XBPS_TARGET_NO_ATOMIC8" ]; then
+	makedepends+=" libatomic-devel"
 fi
 
 case $XBPS_TARGET_MACHINE in
@@ -63,15 +67,15 @@ post_install() {
 	fi
 }
 
-libcrypto1.1_package() {
+libcrypto3.0_package() {
 	short_desc+=" - crypto library"
 	pkg_install() {
 		vmove "usr/lib/libcrypto.so.*"
-		vmove usr/lib/engines-1.1
+		vmove usr/lib/engines-3
 	}
 }
 
-libssl1.1_package() {
+libssl3.0_package() {
 	short_desc+=" - SSL/TLS library"
 	pkg_install() {
 		vmove "usr/lib/libssl.so.*"
@@ -87,7 +91,7 @@ openssl-c_rehash_package() {
 }
 
 openssl-devel_package() {
-	depends="${sourcepkg}>=${version}_${revision} libssl1.1>=${version}_${revision} libcrypto1.1>=${version}_${revision}"
+	depends="${sourcepkg}>=${version}_${revision} libssl3.0>=${version}_${revision} libcrypto3.0>=${version}_${revision}"
 	replaces="libressl-devel>=0"
 	short_desc+=" - development files"
 	pkg_install() {

From eec1fcac533e5465730ad2e31c461b7296d60d3a Mon Sep 17 00:00:00 2001
From: dkwo <nicolopiazzalunga@gmail.com>
Date: Sat, 25 Jun 2022 18:31:09 +0200
Subject: [PATCH 2/7] racket: depend on libssl3.0

---
 srcpkgs/racket/template | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/srcpkgs/racket/template b/srcpkgs/racket/template
index 0f22d6c04649..a8bd5cb17761 100644
--- a/srcpkgs/racket/template
+++ b/srcpkgs/racket/template
@@ -1,7 +1,7 @@
 # Template file for 'racket'
 pkgname=racket
 version=8.7
-revision=1
+revision=2
 archs="aarch64* armv6* armv7* i686* x86_64*"
 build_wrksrc=src
 build_style=gnu-configure
@@ -9,7 +9,7 @@ configure_args="--enable-useprefix --enable-curses"
 make_build_args="CC_FOR_BUILD=cc"
 hostmakedepends="liberation-fonts-ttf"
 makedepends="gtk+3-devel liblz4-devel ncurses-devel sqlite-devel zlib-devel"
-depends="gtk+3 libssl1.1"
+depends="gtk+3 libssl3.0"
 short_desc="Multi-paradigm programming language in the Lisp-Scheme family"
 maintainer="Andrea Brancaleoni <abc@pompel.me>"
 license="LGPL-3.0-only, MIT"

From f9884b0c8cc80df2351c33064dcff78a13a6e981 Mon Sep 17 00:00:00 2001
From: dkwo <nicolopiazzalunga@gmail.com>
Date: Sat, 25 Jun 2022 18:33:57 +0200
Subject: [PATCH 3/7] xbps: add patch for openssl, CFLAG

---
 srcpkgs/xbps/patches/openssl.patch | 23 +++++++++++++++++++++++
 srcpkgs/xbps/template              |  2 ++
 2 files changed, 25 insertions(+)
 create mode 100644 srcpkgs/xbps/patches/openssl.patch

diff --git a/srcpkgs/xbps/patches/openssl.patch b/srcpkgs/xbps/patches/openssl.patch
new file mode 100644
index 000000000000..ca7274542422
--- /dev/null
+++ b/srcpkgs/xbps/patches/openssl.patch
@@ -0,0 +1,23 @@
+From db1766986c4389eb7e17c0e0076971b711617ef9 Mon Sep 17 00:00:00 2001
+From: Juan RP <xtraeme@gmail.com>
+Date: Thu, 16 Apr 2020 14:57:18 +0200
+Subject: [PATCH] configure: accept any openssl version.
+
+---
+ configure | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/configure b/configure
+index da8ae75f..383bc927 100755
+--- a/configure
++++ b/configure
+@@ -704,7 +704,7 @@ fi
+ # libssl with pkg-config support is required.
+ #
+ printf "Checking for libssl via pkg-config ... "
+-if pkg-config --exists 'libssl < 1.2' && ! pkg-config --exists libtls ; then
++if pkg-config --exists 'libssl' && ! pkg-config --exists libtls ; then
+ 	echo "found OpenSSL version $(pkg-config --modversion libssl)."
+ elif pkg-config --exists libssl libtls; then
+ 	echo "found LibreSSL version $(pkg-config --modversion libssl)."
+
diff --git a/srcpkgs/xbps/template b/srcpkgs/xbps/template
index 1c9373c498dc..cf5f775f1375 100644
--- a/srcpkgs/xbps/template
+++ b/srcpkgs/xbps/template
@@ -20,6 +20,8 @@ depends="ca-certificates xbps-triggers"
 make_dirs="/etc/xbps.d 0755 root root"
 
 LDFLAGS="-ldl -pthread"
+# openssl3
+CFLAGS+=" -Wno-error"
 
 if [ "$CHROOT_READY" ]; then
 	makedepends+=" atf-devel"

From 248a559d4a0a96da6e2ca49d961b07bd3a56f4cd Mon Sep 17 00:00:00 2001
From: dkwo <nicolopiazzalunga@gmail.com>
Date: Thu, 26 Jan 2023 13:41:27 -0500
Subject: [PATCH 4/7] vanitygen: remove

---
 srcpkgs/removed-packages/template             |    3 +-
 ...4a646873c8439d3b5ee3a2278e727575521f.patch | 1171 -----------------
 ...3e6fff7da52c4aecbd898d9df2e60a56f134.patch |   98 --
 srcpkgs/vanitygen/template                    |   21 -
 4 files changed, 2 insertions(+), 1291 deletions(-)
 delete mode 100644 srcpkgs/vanitygen/patches/4b814a646873c8439d3b5ee3a2278e727575521f.patch
 delete mode 100644 srcpkgs/vanitygen/patches/5f163e6fff7da52c4aecbd898d9df2e60a56f134.patch
 delete mode 100644 srcpkgs/vanitygen/template

diff --git a/srcpkgs/removed-packages/template b/srcpkgs/removed-packages/template
index 8528ac460a0b..ef781a412eb8 100644
--- a/srcpkgs/removed-packages/template
+++ b/srcpkgs/removed-packages/template
@@ -1,6 +1,6 @@
 # Template file for 'removed-packages'
 pkgname=removed-packages
-version=0.1.20230129
+version=0.1.20230130
 revision=1
 build_style=meta
 short_desc="Uninstalls packages removed from repository"
@@ -511,6 +511,7 @@ replaces="
  urlmatch-git<=20141116_2
  uwsgi-python<=2.0.18_3
  v8<=3.24.35.33_4
+ vanitygen<=1.53_2
  vapoursynth-mvtools<=23_2
  vkd3d<=1.3_1
  volnoti<=0.1_1
diff --git a/srcpkgs/vanitygen/patches/4b814a646873c8439d3b5ee3a2278e727575521f.patch b/srcpkgs/vanitygen/patches/4b814a646873c8439d3b5ee3a2278e727575521f.patch
deleted file mode 100644
index 74bd54dbf0fb..000000000000
--- a/srcpkgs/vanitygen/patches/4b814a646873c8439d3b5ee3a2278e727575521f.patch
+++ /dev/null
@@ -1,1171 +0,0 @@
-From 4b814a646873c8439d3b5ee3a2278e727575521f Mon Sep 17 00:00:00 2001
-From: Antonio Spadaro <ilovelinux@users.noreply.github.com>
-Date: Sat, 2 Jun 2018 22:27:51 +0000
-Subject: [PATCH] Fix OpenSSL 1.1.0 incompatibilities (#56)
-
-* Fix openssl 1.1.0 incompatibilities
-
-* Replace BN_MASK2 with 0xffffffffL
-
-* Fix other openssl 1.1.0 incompatibilities
-
-* Fix retrocompatibility issue
-
-* Remove BN_bn2lebinpad due to incompatibility
-
-* Fix other incompatibility errors
-
-* Fixed retrocompatibility (maybe). Thanks to  @DesWurstes
-
-* Fix OpenSSL 1.1 and backwards compatibility
----
- keyconv.c   |  18 ++--
- oclengine.c | 130 ++++++++++++++++++---------
- pattern.c   | 252 ++++++++++++++++++++++++++--------------------------
- pattern.h   |   8 +-
- util.c      |  90 +++++++++----------
- vanitygen.c |  14 +--
- 6 files changed, 277 insertions(+), 235 deletions(-)
-
-diff --git a/keyconv.c b/keyconv.c
-index f7475e5..394c3a0 100644
---- a/keyconv.c
-+++ b/keyconv.c
-@@ -1160,7 +1160,7 @@ main(int argc, char **argv)
- 
- 	if (key2_in) {
- 		BN_CTX *bnctx;
--		BIGNUM bntmp, bntmp2;
-+		BIGNUM *bntmp, *bntmp2;
- 		EC_KEY *pkey2;
- 
- 		pkey2 = EC_KEY_new_by_curve_name(NID_secp256k1);
-@@ -1182,19 +1182,19 @@ main(int argc, char **argv)
- 			compressed = 1;
- 		}
- 
--		BN_init(&bntmp);
--		BN_init(&bntmp2);
-+		bntmp = BN_new();
-+		bntmp2 = BN_new();
- 		bnctx = BN_CTX_new();
--		EC_GROUP_get_order(EC_KEY_get0_group(pkey), &bntmp2, NULL);
--		BN_mod_add(&bntmp,
-+		EC_GROUP_get_order(EC_KEY_get0_group(pkey), bntmp2, NULL);
-+		BN_mod_add(bntmp,
- 			   EC_KEY_get0_private_key(pkey),
- 			   EC_KEY_get0_private_key(pkey2),
--			   &bntmp2,
-+			   bntmp2,
- 			   bnctx);
--		vg_set_privkey(&bntmp, pkey);
-+		vg_set_privkey(bntmp, pkey);
- 		EC_KEY_free(pkey2);
--		BN_clear_free(&bntmp);
--		BN_clear_free(&bntmp2);
-+		BN_clear_free(bntmp);
-+		BN_clear_free(bntmp2);
- 		BN_CTX_free(bnctx);
- 	}
- 
-diff --git a/oclengine.c b/oclengine.c
-index 4085edd..6f65846 100644
---- a/oclengine.c
-+++ b/oclengine.c
-@@ -43,6 +43,34 @@
- #include "pattern.h"
- #include "util.h"
- 
-+// Unfortunately we need this!
-+#if OPENSSL_VERSION_NUMBER >= 0x0010100000
-+#define PPNT_ARROW_X ppnt->X
-+#define PPNT_ARROW_Y ppnt->Y
-+#define PPNT_ARROW_Z ppnt->Z
-+#define PPS_ARROW_X pps->X
-+#define PPS_ARROW_Y pps->Y
-+#define PPS_ARROW_Z pps->Z
-+#define PPT_ARROW_X ppt->X
-+#define PPT_ARROW_Y ppt->Y
-+#define PPR_ARROW_X ppr->X
-+#define PPR_ARROW_Y ppr->Y
-+#define PPC_ARROW_X ppc->X
-+#define PPC_ARROW_Y ppc->Y
-+#else
-+#define PPNT_ARROW_X &ppnt->X
-+#define PPNT_ARROW_Y &ppnt->Y
-+#define PPNT_ARROW_Z &ppnt->Z
-+#define PPS_ARROW_X &pps->X
-+#define PPS_ARROW_Y &pps->Y
-+#define PPS_ARROW_Z &pps->Z
-+#define PPT_ARROW_X &ppt->X
-+#define PPT_ARROW_Y &ppt->Y
-+#define PPR_ARROW_X &ppr->X
-+#define PPR_ARROW_Y &ppr->Y
-+#define PPC_ARROW_X &ppc->X
-+#define PPC_ARROW_Y &ppc->Y
-+#endif
- 
- #define MAX_SLOT 2
- #define MAX_ARG 6
-@@ -1307,14 +1335,21 @@ vg_ocl_kernel_wait(vg_ocl_context_t *vocp, int slot)
- static INLINE void
- vg_ocl_get_bignum_raw(BIGNUM *bn, const unsigned char *buf)
- {
-+#if OPENSSL_VERSION_NUMBER >= 0x0010100000
-+	BN_lebin2bn(buf, 32, bn);
-+#else
- 	bn_expand(bn, 256);
- 	memcpy(bn->d, buf, 32);
- 	bn->top = (32 / sizeof(BN_ULONG));
-+#endif
- }
- 
- static INLINE void
- vg_ocl_put_bignum_raw(unsigned char *buf, const BIGNUM *bn)
- {
-+#if OPENSSL_VERSION_NUMBER >= 0x0010100000
-+	BN_bn2lebinpad(bn, buf, 32);
-+#else
- 	int bnlen = (bn->top * sizeof(BN_ULONG));
- 	if (bnlen >= 32) {
- 		memcpy(buf, bn->d, 32);
-@@ -1322,6 +1357,7 @@ vg_ocl_put_bignum_raw(unsigned char *buf, const BIGNUM *bn)
- 		memcpy(buf, bn->d, bnlen);
- 		memset(buf + bnlen, 0, 32 - bnlen);
- 	}
-+#endif
- }
- 
- #define ACCESS_BUNDLE 1024
-@@ -1351,9 +1387,15 @@ vg_ocl_get_bignum_tpa(BIGNUM *bn, const unsigned char *buf, int cell)
- 
- struct ec_point_st {
- 	const EC_METHOD *meth;
-+#if OPENSSL_VERSION_NUMBER >= 0x0010100000
-+	BIGNUM *X;
-+	BIGNUM *Y;
-+	BIGNUM *Z;
-+#else
- 	BIGNUM X;
- 	BIGNUM Y;
- 	BIGNUM Z;
-+#endif
- 	int Z_is_one;
- };
- 
-@@ -1361,11 +1403,11 @@ static INLINE void
- vg_ocl_get_point(EC_POINT *ppnt, const unsigned char *buf)
- {
- 	static const unsigned char mont_one[] = { 0x01,0x00,0x00,0x03,0xd1 };
--	vg_ocl_get_bignum_raw(&ppnt->X, buf);
--	vg_ocl_get_bignum_raw(&ppnt->Y, buf + 32);
-+	vg_ocl_get_bignum_raw(PPNT_ARROW_X, buf);
-+	vg_ocl_get_bignum_raw(PPNT_ARROW_Y, buf + 32);
- 	if (!ppnt->Z_is_one) {
- 		ppnt->Z_is_one = 1;
--		BN_bin2bn(mont_one, sizeof(mont_one), &ppnt->Z);
-+		BN_bin2bn(mont_one, sizeof(mont_one), PPNT_ARROW_Z);
- 	}
- }
- 
-@@ -1373,8 +1415,8 @@ static INLINE void
- vg_ocl_put_point(unsigned char *buf, const EC_POINT *ppnt)
- {
- 	assert(ppnt->Z_is_one);
--	vg_ocl_put_bignum_raw(buf, &ppnt->X);
--	vg_ocl_put_bignum_raw(buf + 32, &ppnt->Y);
-+	vg_ocl_put_bignum_raw(buf, PPNT_ARROW_X);
-+	vg_ocl_put_bignum_raw(buf + 32, PPNT_ARROW_Y);
- }
- 
- static void
-@@ -1662,7 +1704,7 @@ vg_ocl_verify_temporary(vg_ocl_context_t *vocp, int slot, int z_inverted)
- 	unsigned char *ocl_points_in = NULL, *ocl_strides_in = NULL;
- 	const EC_GROUP *pgroup;
- 	EC_POINT *ppr = NULL, *ppc = NULL, *pps = NULL, *ppt = NULL;
--	BIGNUM bnz, bnez, bnm, *bnzc;
-+	BIGNUM *bnz, *bnez, *bnm, *bnzc;
- 	BN_CTX *bnctx = NULL;
- 	BN_MONT_CTX *bnmont;
- 	int ret = 0;
-@@ -1675,9 +1717,9 @@ vg_ocl_verify_temporary(vg_ocl_context_t *vocp, int slot, int z_inverted)
- 		0xFF,0xFF,0xFF,0xFE,0xFF,0xFF,0xFC,0x2F
- 	};
- 
--	BN_init(&bnz);
--	BN_init(&bnez);
--	BN_init(&bnm);
-+	bnz = BN_new();
-+	bnez = BN_new();
-+	bnm = BN_new();
- 
- 	bnctx = BN_CTX_new();
- 	bnmont = BN_MONT_CTX_new();
-@@ -1692,13 +1734,13 @@ vg_ocl_verify_temporary(vg_ocl_context_t *vocp, int slot, int z_inverted)
- 		goto out;
- 	}
- 
--	BN_bin2bn(raw_modulus, sizeof(raw_modulus), &bnm);
--	BN_MONT_CTX_set(bnmont, &bnm, bnctx);
-+	BN_bin2bn(raw_modulus, sizeof(raw_modulus), bnm);
-+	BN_MONT_CTX_set(bnmont, bnm, bnctx);
- 
- 	if (z_inverted) {
--		bnzc = &bnez;
-+		bnzc = bnez;
- 	} else {
--		bnzc = &pps->Z;
-+		bnzc = PPS_ARROW_Z;
- 	}
- 
- 	z_heap = (unsigned char *)
-@@ -1726,15 +1768,15 @@ vg_ocl_verify_temporary(vg_ocl_context_t *vocp, int slot, int z_inverted)
- 			EC_POINT_add(pgroup, pps, ppc, ppr, bnctx);
- 			assert(!pps->Z_is_one);
- 			vg_ocl_get_point_tpa(ppt, point_tmp, bx + x);
--			vg_ocl_get_bignum_tpa(&bnz, z_heap, bx + x);
-+			vg_ocl_get_bignum_tpa(bnz, z_heap, bx + x);
- 			if (z_inverted) {
--				BN_mod_inverse(&bnez, &pps->Z, &bnm, bnctx);
--				BN_to_montgomery(&bnez, &bnez, bnmont, bnctx);
--				BN_to_montgomery(&bnez, &bnez, bnmont, bnctx);
-+				BN_mod_inverse(bnez, PPS_ARROW_Z, bnm, bnctx);
-+				BN_to_montgomery(bnez, bnez, bnmont, bnctx);
-+				BN_to_montgomery(bnez, bnez, bnmont, bnctx);
- 			}
--			if (BN_cmp(&ppt->X, &pps->X) ||
--			    BN_cmp(&ppt->Y, &pps->Y) ||
--			    BN_cmp(&bnz, bnzc)) {
-+			if (BN_cmp(PPT_ARROW_X, PPS_ARROW_X) ||
-+			    BN_cmp(PPT_ARROW_Y, PPS_ARROW_Y) ||
-+			    BN_cmp(bnz, bnzc)) {
- 				if (!mismatches) {
- 					fprintf(stderr, "Base privkey: ");
- 					fdumpbn(stderr, EC_KEY_get0_private_key(
-@@ -1747,33 +1789,33 @@ vg_ocl_verify_temporary(vg_ocl_context_t *vocp, int slot, int z_inverted)
- 				if (!mm_r) {
- 					mm_r = 1;
- 					fprintf(stderr, "Row X   : ");
--					fdumpbn(stderr, &ppr->X);
-+					fdumpbn(stderr, PPR_ARROW_X);
- 					fprintf(stderr, "Row Y   : ");
--					fdumpbn(stderr, &ppr->Y);
-+					fdumpbn(stderr, PPS_ARROW_Y);
- 				}
- 
- 				fprintf(stderr, "Column X: ");
--				fdumpbn(stderr, &ppc->X);
-+				fdumpbn(stderr, PPC_ARROW_X);
- 				fprintf(stderr, "Column Y: ");
--				fdumpbn(stderr, &ppc->Y);
-+				fdumpbn(stderr, PPC_ARROW_Y);
- 
--				if (BN_cmp(&ppt->X, &pps->X)) {
-+				if (BN_cmp(PPT_ARROW_X, PPS_ARROW_X)) {
- 					fprintf(stderr, "Expect X: ");
--					fdumpbn(stderr, &pps->X);
-+					fdumpbn(stderr, PPS_ARROW_X);
- 					fprintf(stderr, "Device X: ");
--					fdumpbn(stderr, &ppt->X);
-+					fdumpbn(stderr, PPT_ARROW_X);
- 				}
--				if (BN_cmp(&ppt->Y, &pps->Y)) {
-+				if (BN_cmp(PPT_ARROW_Y, PPS_ARROW_Y)) {
- 					fprintf(stderr, "Expect Y: ");
--					fdumpbn(stderr, &pps->Y);
-+					fdumpbn(stderr, PPS_ARROW_Y);
- 					fprintf(stderr, "Device Y: ");
--					fdumpbn(stderr, &ppt->Y);
-+					fdumpbn(stderr, PPT_ARROW_Y);
- 				}
--				if (BN_cmp(&bnz, bnzc)) {
-+				if (BN_cmp(bnz, bnzc)) {
- 					fprintf(stderr, "Expect Z: ");
- 					fdumpbn(stderr, bnzc);
- 					fprintf(stderr, "Device Z: ");
--					fdumpbn(stderr, &bnz);
-+					fdumpbn(stderr, bnz);
- 				}
- 			}
- 		}
-@@ -1798,9 +1840,9 @@ vg_ocl_verify_temporary(vg_ocl_context_t *vocp, int slot, int z_inverted)
- 		EC_POINT_free(pps);
- 	if (ppt)
- 		EC_POINT_free(ppt);
--	BN_clear_free(&bnz);
--	BN_clear_free(&bnez);
--	BN_clear_free(&bnm);
-+	BN_clear_free(bnz);
-+	BN_clear_free(bnez);
-+	BN_clear_free(bnm);
- 	if (bnmont)
- 		BN_MONT_CTX_free(bnmont);
- 	if (bnctx)
-@@ -1971,13 +2013,13 @@ vg_opencl_loop(vg_exec_context_t *arg)
- 	if (!pbatchinc || !poffset || !pseek)
- 		goto enomem;
- 
--	BN_set_word(&vxcp->vxc_bntmp, ncols);
--	EC_POINT_mul(pgroup, pbatchinc, &vxcp->vxc_bntmp, NULL, NULL,
-+	BN_set_word(vxcp->vxc_bntmp, ncols);
-+	EC_POINT_mul(pgroup, pbatchinc, vxcp->vxc_bntmp, NULL, NULL,
- 		     vxcp->vxc_bnctx);
- 	EC_POINT_make_affine(pgroup, pbatchinc, vxcp->vxc_bnctx);
- 
--	BN_set_word(&vxcp->vxc_bntmp, round);
--	EC_POINT_mul(pgroup, poffset, &vxcp->vxc_bntmp, NULL, NULL,
-+	BN_set_word(vxcp->vxc_bntmp, round);
-+	EC_POINT_mul(pgroup, poffset, vxcp->vxc_bntmp, NULL, NULL,
- 		     vxcp->vxc_bnctx);
- 	EC_POINT_make_affine(pgroup, poffset, vxcp->vxc_bnctx);
- 
-@@ -2046,12 +2088,12 @@ vg_opencl_loop(vg_exec_context_t *arg)
- 	}
- 
- 	/* Determine rekey interval */
--	EC_GROUP_get_order(pgroup, &vxcp->vxc_bntmp, vxcp->vxc_bnctx);
--	BN_sub(&vxcp->vxc_bntmp2,
--	       &vxcp->vxc_bntmp,
-+	EC_GROUP_get_order(pgroup, vxcp->vxc_bntmp, vxcp->vxc_bnctx);
-+	BN_sub(vxcp->vxc_bntmp2,
-+	       vxcp->vxc_bntmp,
- 	       EC_KEY_get0_private_key(pkey));
--	rekey_at = BN_get_word(&vxcp->vxc_bntmp2);
--	if ((rekey_at == BN_MASK2) || (rekey_at > rekey_max))
-+	rekey_at = BN_get_word(vxcp->vxc_bntmp2);
-+	if ((rekey_at == 0xffffffffL) || (rekey_at > rekey_max))
- 		rekey_at = rekey_max;
- 	assert(rekey_at > 0);
- 
-diff --git a/pattern.c b/pattern.c
-index b84334e..5673a7e 100644
---- a/pattern.c
-+++ b/pattern.c
-@@ -151,12 +151,12 @@ vg_exec_context_init(vg_context_t *vcp, vg_exec_context_t *vxcp)
- 
- 	vxcp->vxc_vc = vcp;
- 
--	BN_init(&vxcp->vxc_bntarg);
--	BN_init(&vxcp->vxc_bnbase);
--	BN_init(&vxcp->vxc_bntmp);
--	BN_init(&vxcp->vxc_bntmp2);
-+	vxcp->vxc_bntarg = BN_new();
-+	vxcp->vxc_bnbase = BN_new();
-+	vxcp->vxc_bntmp = BN_new();
-+	vxcp->vxc_bntmp2 = BN_new();
- 
--	BN_set_word(&vxcp->vxc_bnbase, 58);
-+	BN_set_word(vxcp->vxc_bnbase, 58);
- 
- 	vxcp->vxc_bnctx = BN_CTX_new();
- 	assert(vxcp->vxc_bnctx);
-@@ -196,10 +196,10 @@ vg_exec_context_del(vg_exec_context_t *vxcp)
- 	if (tp->vxc_stop)
- 		pthread_cond_signal(&vg_thread_upcond);
- 
--	BN_clear_free(&vxcp->vxc_bntarg);
--	BN_clear_free(&vxcp->vxc_bnbase);
--	BN_clear_free(&vxcp->vxc_bntmp);
--	BN_clear_free(&vxcp->vxc_bntmp2);
-+	BN_clear_free(vxcp->vxc_bntarg);
-+	BN_clear_free(vxcp->vxc_bnbase);
-+	BN_clear_free(vxcp->vxc_bntmp);
-+	BN_clear_free(vxcp->vxc_bntmp2);
- 	BN_CTX_free(vxcp->vxc_bnctx);
- 	vxcp->vxc_bnctx = NULL;
- 	pthread_mutex_unlock(&vg_thread_lock);
-@@ -225,12 +225,12 @@ void
- vg_exec_context_consolidate_key(vg_exec_context_t *vxcp)
- {
- 	if (vxcp->vxc_delta) {
--		BN_clear(&vxcp->vxc_bntmp);
--		BN_set_word(&vxcp->vxc_bntmp, vxcp->vxc_delta);
--		BN_add(&vxcp->vxc_bntmp2,
-+		BN_clear(vxcp->vxc_bntmp);
-+		BN_set_word(vxcp->vxc_bntmp, vxcp->vxc_delta);
-+		BN_add(vxcp->vxc_bntmp2,
- 		       EC_KEY_get0_private_key(vxcp->vxc_key),
--		       &vxcp->vxc_bntmp);
--		vg_set_privkey(&vxcp->vxc_bntmp2, vxcp->vxc_key);
-+		       vxcp->vxc_bntmp);
-+		vg_set_privkey(vxcp->vxc_bntmp2, vxcp->vxc_key);
- 		vxcp->vxc_delta = 0;
- 	}
- }
-@@ -751,20 +751,20 @@ get_prefix_ranges(int addrtype, const char *pfx, BIGNUM **result,
- 	int b58pow, b58ceil, b58top = 0;
- 	int ret = -1;
- 
--	BIGNUM bntarg, bnceil, bnfloor;
--	BIGNUM bnbase;
-+	BIGNUM *bntarg, *bnceil, *bnfloor;
-+	BIGNUM *bnbase;
- 	BIGNUM *bnap, *bnbp, *bntp;
- 	BIGNUM *bnhigh = NULL, *bnlow = NULL, *bnhigh2 = NULL, *bnlow2 = NULL;
--	BIGNUM bntmp, bntmp2;
-+	BIGNUM *bntmp, *bntmp2;
- 
--	BN_init(&bntarg);
--	BN_init(&bnceil);
--	BN_init(&bnfloor);
--	BN_init(&bnbase);
--	BN_init(&bntmp);
--	BN_init(&bntmp2);
-+	bntarg = BN_new();
-+	bnceil = BN_new();
-+	bnfloor = BN_new();
-+	bnbase = BN_new();
-+	bntmp = BN_new();
-+	bntmp2 = BN_new();
- 
--	BN_set_word(&bnbase, 58);
-+	BN_set_word(bnbase, 58);
- 
- 	p = strlen(pfx);
- 
-@@ -791,20 +791,20 @@ get_prefix_ranges(int addrtype, const char *pfx, BIGNUM **result,
- 
- 			/* First non-zero character */
- 			b58top = c;
--			BN_set_word(&bntarg, c);
-+			BN_set_word(bntarg, c);
- 
- 		} else {
--			BN_set_word(&bntmp2, c);
--			BN_mul(&bntmp, &bntarg, &bnbase, bnctx);
--			BN_add(&bntarg, &bntmp, &bntmp2);
-+			BN_set_word(bntmp2, c);
-+			BN_mul(bntmp, bntarg, bnbase, bnctx);
-+			BN_add(bntarg, bntmp, bntmp2);
- 		}
- 	}
- 
- 	/* Power-of-two ceiling and floor values based on leading 1s */
--	BN_clear(&bntmp);
--	BN_set_bit(&bntmp, 200 - (zero_prefix * 8));
--	BN_sub(&bnceil, &bntmp, BN_value_one());
--	BN_set_bit(&bnfloor, 192 - (zero_prefix * 8));
-+	BN_clear(bntmp);
-+	BN_set_bit(bntmp, 200 - (zero_prefix * 8));
-+	BN_sub(bnceil, bntmp, BN_value_one());
-+	BN_set_bit(bnfloor, 192 - (zero_prefix * 8));
- 
- 	bnlow = BN_new();
- 	bnhigh = BN_new();
-@@ -815,13 +815,13 @@ get_prefix_ranges(int addrtype, const char *pfx, BIGNUM **result,
- 		 * numeric boundaries of the prefix.
- 		 */
- 
--		BN_copy(&bntmp, &bnceil);
--		bnap = &bntmp;
--		bnbp = &bntmp2;
-+		BN_copy(bntmp, bnceil);
-+		bnap = bntmp;
-+		bnbp = bntmp2;
- 		b58pow = 0;
--		while (BN_cmp(bnap, &bnbase) > 0) {
-+		while (BN_cmp(bnap, bnbase) > 0) {
- 			b58pow++;
--			BN_div(bnbp, NULL, bnap, &bnbase, bnctx);
-+			BN_div(bnbp, NULL, bnap, bnbase, bnctx);
- 			bntp = bnap;
- 			bnap = bnbp;
- 			bnbp = bntp;
-@@ -837,11 +837,11 @@ get_prefix_ranges(int addrtype, const char *pfx, BIGNUM **result,
- 			/* goto out; */
- 		}
- 
--		BN_set_word(&bntmp2, b58pow - (p - zero_prefix));
--		BN_exp(&bntmp, &bnbase, &bntmp2, bnctx);
--		BN_mul(bnlow, &bntmp, &bntarg, bnctx);
--		BN_sub(&bntmp2, &bntmp, BN_value_one());
--		BN_add(bnhigh, bnlow, &bntmp2);
-+		BN_set_word(bntmp2, b58pow - (p - zero_prefix));
-+		BN_exp(bntmp, bnbase, bntmp2, bnctx);
-+		BN_mul(bnlow, bntmp, bntarg, bnctx);
-+		BN_sub(bntmp2, bntmp, BN_value_one());
-+		BN_add(bnhigh, bnlow, bntmp2);
- 
- 		if (b58top <= b58ceil) {
- 			/* Fill out the upper range too */
-@@ -849,16 +849,16 @@ get_prefix_ranges(int addrtype, const char *pfx, BIGNUM **result,
- 			bnlow2 = BN_new();
- 			bnhigh2 = BN_new();
- 
--			BN_mul(bnlow2, bnlow, &bnbase, bnctx);
--			BN_mul(&bntmp2, bnhigh, &bnbase, bnctx);
--			BN_set_word(&bntmp, 57);
--			BN_add(bnhigh2, &bntmp2, &bntmp);
-+			BN_mul(bnlow2, bnlow, bnbase, bnctx);
-+			BN_mul(bntmp2, bnhigh, bnbase, bnctx);
-+			BN_set_word(bntmp, 57);
-+			BN_add(bnhigh2, bntmp2, bntmp);
- 
- 			/*
- 			 * Addresses above the ceiling will have one
- 			 * fewer "1" prefix in front than we require.
- 			 */
--			if (BN_cmp(&bnceil, bnlow2) < 0) {
-+			if (BN_cmp(bnceil, bnlow2) < 0) {
- 				/* High prefix is above the ceiling */
- 				check_upper = 0;
- 				BN_free(bnhigh2);
-@@ -866,15 +866,15 @@ get_prefix_ranges(int addrtype, const char *pfx, BIGNUM **result,
- 				BN_free(bnlow2);
- 				bnlow2 = NULL;
- 			}
--			else if (BN_cmp(&bnceil, bnhigh2) < 0)
-+			else if (BN_cmp(bnceil, bnhigh2) < 0)
- 				/* High prefix is partly above the ceiling */
--				BN_copy(bnhigh2, &bnceil);
-+				BN_copy(bnhigh2, bnceil);
- 
- 			/*
- 			 * Addresses below the floor will have another
- 			 * "1" prefix in front instead of our target.
- 			 */
--			if (BN_cmp(&bnfloor, bnhigh) >= 0) {
-+			if (BN_cmp(bnfloor, bnhigh) >= 0) {
- 				/* Low prefix is completely below the floor */
- 				assert(check_upper);
- 				check_upper = 0;
-@@ -885,35 +885,35 @@ get_prefix_ranges(int addrtype, const char *pfx, BIGNUM **result,
- 				bnlow = bnlow2;
- 				bnlow2 = NULL;
- 			}			
--			else if (BN_cmp(&bnfloor, bnlow) > 0) {
-+			else if (BN_cmp(bnfloor, bnlow) > 0) {
- 				/* Low prefix is partly below the floor */
--				BN_copy(bnlow, &bnfloor);
-+				BN_copy(bnlow, bnfloor);
- 			}
- 		}
- 
- 	} else {
--		BN_copy(bnhigh, &bnceil);
-+		BN_copy(bnhigh, bnceil);
- 		BN_clear(bnlow);
- 	}
- 
- 	/* Limit the prefix to the address type */
--	BN_clear(&bntmp);
--	BN_set_word(&bntmp, addrtype);
--	BN_lshift(&bntmp2, &bntmp, 192);
-+	BN_clear(bntmp);
-+	BN_set_word(bntmp, addrtype);
-+	BN_lshift(bntmp2, bntmp, 192);
- 
- 	if (check_upper) {
--		if (BN_cmp(&bntmp2, bnhigh2) > 0) {
-+		if (BN_cmp(bntmp2, bnhigh2) > 0) {
- 			check_upper = 0;
- 			BN_free(bnhigh2);
- 			bnhigh2 = NULL;
- 			BN_free(bnlow2);
- 			bnlow2 = NULL;
- 		}
--		else if (BN_cmp(&bntmp2, bnlow2) > 0)
--			BN_copy(bnlow2, &bntmp2);
-+		else if (BN_cmp(bntmp2, bnlow2) > 0)
-+			BN_copy(bnlow2, bntmp2);
- 	}
- 
--	if (BN_cmp(&bntmp2, bnhigh) > 0) {
-+	if (BN_cmp(bntmp2, bnhigh) > 0) {
- 		if (!check_upper)
- 			goto not_possible;
- 		check_upper = 0;
-@@ -924,26 +924,26 @@ get_prefix_ranges(int addrtype, const char *pfx, BIGNUM **result,
- 		bnlow = bnlow2;
- 		bnlow2 = NULL;
- 	}
--	else if (BN_cmp(&bntmp2, bnlow) > 0) {
--		BN_copy(bnlow, &bntmp2);
-+	else if (BN_cmp(bntmp2, bnlow) > 0) {
-+		BN_copy(bnlow, bntmp2);
- 	}
- 
--	BN_set_word(&bntmp, addrtype + 1);
--	BN_lshift(&bntmp2, &bntmp, 192);
-+	BN_set_word(bntmp, addrtype + 1);
-+	BN_lshift(bntmp2, bntmp, 192);
- 
- 	if (check_upper) {
--		if (BN_cmp(&bntmp2, bnlow2) < 0) {
-+		if (BN_cmp(bntmp2, bnlow2) < 0) {
- 			check_upper = 0;
- 			BN_free(bnhigh2);
- 			bnhigh2 = NULL;
- 			BN_free(bnlow2);
- 			bnlow2 = NULL;
- 		}
--		else if (BN_cmp(&bntmp2, bnhigh2) < 0)
--			BN_copy(bnlow2, &bntmp2);
-+		else if (BN_cmp(bntmp2, bnhigh2) < 0)
-+			BN_copy(bnlow2, bntmp2);
- 	}
- 
--	if (BN_cmp(&bntmp2, bnlow) < 0) {
-+	if (BN_cmp(bntmp2, bnlow) < 0) {
- 		if (!check_upper)
- 			goto not_possible;
- 		check_upper = 0;
-@@ -954,8 +954,8 @@ get_prefix_ranges(int addrtype, const char *pfx, BIGNUM **result,
- 		bnlow = bnlow2;
- 		bnlow2 = NULL;
- 	}
--	else if (BN_cmp(&bntmp2, bnhigh) < 0) {
--		BN_copy(bnhigh, &bntmp2);
-+	else if (BN_cmp(bntmp2, bnhigh) < 0) {
-+		BN_copy(bnhigh, bntmp2);
- 	}
- 
- 	/* Address ranges are complete */
-@@ -976,12 +976,12 @@ get_prefix_ranges(int addrtype, const char *pfx, BIGNUM **result,
- 	}
- 
- out:
--	BN_clear_free(&bntarg);
--	BN_clear_free(&bnceil);
--	BN_clear_free(&bnfloor);
--	BN_clear_free(&bnbase);
--	BN_clear_free(&bntmp);
--	BN_clear_free(&bntmp2);
-+	BN_clear_free(bntarg);
-+	BN_clear_free(bnceil);
-+	BN_clear_free(bnfloor);
-+	BN_clear_free(bnbase);
-+	BN_clear_free(bntmp);
-+	BN_clear_free(bntmp2);
- 	if (bnhigh)
- 		BN_free(bnhigh);
- 	if (bnlow)
-@@ -1266,7 +1266,7 @@ prefix_case_iter_next(prefix_case_iter_t *cip)
- typedef struct _vg_prefix_context_s {
- 	vg_context_t		base;
- 	avl_root_t		vcp_avlroot;
--	BIGNUM			vcp_difficulty;
-+	BIGNUM			*vcp_difficulty;
- 	int			vcp_caseinsensitive;
- } vg_prefix_context_t;
- 
-@@ -1294,7 +1294,7 @@ vg_prefix_context_clear_all_patterns(vg_context_t *vcp)
- 	vcpp->base.vc_npatterns = 0;
- 	vcpp->base.vc_npatterns_start = 0;
- 	vcpp->base.vc_found = 0;
--	BN_clear(&vcpp->vcp_difficulty);
-+	BN_clear(vcpp->vcp_difficulty);
- }
- 
- static void
-@@ -1302,7 +1302,7 @@ vg_prefix_context_free(vg_context_t *vcp)
- {
- 	vg_prefix_context_t *vcpp = (vg_prefix_context_t *) vcp;
- 	vg_prefix_context_clear_all_patterns(vcp);
--	BN_clear_free(&vcpp->vcp_difficulty);
-+	BN_clear_free(vcpp->vcp_difficulty);
- 	free(vcpp);
- }
- 
-@@ -1314,7 +1314,7 @@ vg_prefix_context_next_difficulty(vg_prefix_context_t *vcpp,
- 
- 	BN_clear(bntmp);
- 	BN_set_bit(bntmp, 192);
--	BN_div(bntmp2, NULL, bntmp, &vcpp->vcp_difficulty, bnctx);
-+	BN_div(bntmp2, NULL, bntmp, vcpp->vcp_difficulty, bnctx);
- 
- 	dbuf = BN_bn2dec(bntmp2);
- 	if (vcpp->base.vc_verbose > 0) {
-@@ -1337,7 +1337,7 @@ vg_prefix_context_add_patterns(vg_context_t *vcp,
- 	prefix_case_iter_t caseiter;
- 	vg_prefix_t *vp, *vp2;
- 	BN_CTX *bnctx;
--	BIGNUM bntmp, bntmp2, bntmp3;
-+	BIGNUM *bntmp, *bntmp2, *bntmp3;
- 	BIGNUM *ranges[4];
- 	int ret = 0;
- 	int i, impossible = 0;
-@@ -1346,9 +1346,9 @@ vg_prefix_context_add_patterns(vg_context_t *vcp,
- 	char *dbuf;
- 
- 	bnctx = BN_CTX_new();
--	BN_init(&bntmp);
--	BN_init(&bntmp2);
--	BN_init(&bntmp3);
-+	bntmp = BN_new();
-+	bntmp2 = BN_new();
-+	bntmp3 = BN_new();
- 
- 	npfx = 0;
- 	for (i = 0; i < npatterns; i++) {
-@@ -1426,16 +1426,16 @@ vg_prefix_context_add_patterns(vg_context_t *vcp,
- 		npfx++;
- 
- 		/* Determine the probability of finding a match */
--		vg_prefix_range_sum(vp, &bntmp, &bntmp2);
--		BN_add(&bntmp2, &vcpp->vcp_difficulty, &bntmp);
--		BN_copy(&vcpp->vcp_difficulty, &bntmp2);
-+		vg_prefix_range_sum(vp, bntmp, bntmp2);
-+		BN_add(bntmp2, vcpp->vcp_difficulty, bntmp);
-+		BN_copy(vcpp->vcp_difficulty, bntmp2);
- 
- 		if (vcp->vc_verbose > 1) {
--			BN_clear(&bntmp2);
--			BN_set_bit(&bntmp2, 192);
--			BN_div(&bntmp3, NULL, &bntmp2, &bntmp, bnctx);
-+			BN_clear(bntmp2);
-+			BN_set_bit(bntmp2, 192);
-+			BN_div(bntmp3, NULL, bntmp2, bntmp, bnctx);
- 
--			dbuf = BN_bn2dec(&bntmp3);
-+			dbuf = BN_bn2dec(bntmp3);
- 			fprintf(stderr,
- 				"Prefix difficulty: %20s %s\n",
- 				dbuf, patterns[i]);
-@@ -1469,13 +1469,13 @@ vg_prefix_context_add_patterns(vg_context_t *vcp,
- 	}
- 
- 	if (npfx)
--		vg_prefix_context_next_difficulty(vcpp, &bntmp, &bntmp2, bnctx);
-+		vg_prefix_context_next_difficulty(vcpp, bntmp, bntmp2, bnctx);
- 
- 	ret = (npfx != 0);
- 
--	BN_clear_free(&bntmp);
--	BN_clear_free(&bntmp2);
--	BN_clear_free(&bntmp3);
-+	BN_clear_free(bntmp);
-+	BN_clear_free(bntmp2);
-+	BN_clear_free(bntmp3);
- 	BN_CTX_free(bnctx);
- 	return ret;
- }
-@@ -1484,39 +1484,39 @@ double
- vg_prefix_get_difficulty(int addrtype, const char *pattern)
- {
- 	BN_CTX *bnctx;
--	BIGNUM result, bntmp;
-+	BIGNUM *result, *bntmp;
- 	BIGNUM *ranges[4];
- 	char *dbuf;
- 	int ret;
- 	double diffret = 0.0;
- 
- 	bnctx = BN_CTX_new();
--	BN_init(&result);
--	BN_init(&bntmp);
-+	result = BN_new();
-+	bntmp = BN_new();
- 
- 	ret = get_prefix_ranges(addrtype,
- 				pattern, ranges, bnctx);
- 
- 	if (ret == 0) {
--		BN_sub(&bntmp, ranges[1], ranges[0]);
--		BN_add(&result, &result, &bntmp);
-+		BN_sub(bntmp, ranges[1], ranges[0]);
-+		BN_add(result, result, bntmp);
- 		if (ranges[2]) {
--			BN_sub(&bntmp, ranges[3], ranges[2]);
--			BN_add(&result, &result, &bntmp);
-+			BN_sub(bntmp, ranges[3], ranges[2]);
-+			BN_add(result, result, bntmp);
- 		}
- 		free_ranges(ranges);
- 
--		BN_clear(&bntmp);
--		BN_set_bit(&bntmp, 192);
--		BN_div(&result, NULL, &bntmp, &result, bnctx);
-+		BN_clear(bntmp);
-+		BN_set_bit(bntmp, 192);
-+		BN_div(result, NULL, bntmp, result, bnctx);
- 
--		dbuf = BN_bn2dec(&result);
-+		dbuf = BN_bn2dec(result);
- 		diffret = strtod(dbuf, NULL);
- 		OPENSSL_free(dbuf);
- 	}
- 
--	BN_clear_free(&result);
--	BN_clear_free(&bntmp);
-+	BN_clear_free(result);
-+	BN_clear_free(bntmp);
- 	BN_CTX_free(bnctx);
- 	return diffret;
- }
-@@ -1535,10 +1535,10 @@ vg_prefix_test(vg_exec_context_t *vxcp)
- 	 * check code.
- 	 */
- 
--	BN_bin2bn(vxcp->vxc_binres, 25, &vxcp->vxc_bntarg);
-+	BN_bin2bn(vxcp->vxc_binres, 25, vxcp->vxc_bntarg);
- 
- research:
--	vp = vg_prefix_avl_search(&vcpp->vcp_avlroot, &vxcp->vxc_bntarg);
-+	vp = vg_prefix_avl_search(&vcpp->vcp_avlroot, vxcp->vxc_bntarg);
- 	if (vp) {
- 		if (vg_exec_context_upgrade_lock(vxcp))
- 			goto research;
-@@ -1558,20 +1558,20 @@ vg_prefix_test(vg_exec_context_t *vxcp)
- 		if (vcpp->base.vc_remove_on_match) {
- 			/* Subtract the range from the difficulty */
- 			vg_prefix_range_sum(vp,
--					    &vxcp->vxc_bntarg,
--					    &vxcp->vxc_bntmp);
--			BN_sub(&vxcp->vxc_bntmp,
--			       &vcpp->vcp_difficulty,
--			       &vxcp->vxc_bntarg);
--			BN_copy(&vcpp->vcp_difficulty, &vxcp->vxc_bntmp);
-+					    vxcp->vxc_bntarg,
-+					    vxcp->vxc_bntmp);
-+			BN_sub(vxcp->vxc_bntmp,
-+			       vcpp->vcp_difficulty,
-+			       vxcp->vxc_bntarg);
-+			BN_copy(vcpp->vcp_difficulty, vxcp->vxc_bntmp);
- 
- 			vg_prefix_delete(&vcpp->vcp_avlroot,vp);
- 			vcpp->base.vc_npatterns--;
- 
- 			if (!avl_root_empty(&vcpp->vcp_avlroot))
- 				vg_prefix_context_next_difficulty(
--					vcpp, &vxcp->vxc_bntmp,
--					&vxcp->vxc_bntmp2,
-+					vcpp, vxcp->vxc_bntmp,
-+					vxcp->vxc_bntmp2,
- 					vxcp->vxc_bnctx);
- 			vcpp->base.vc_pattern_generation++;
- 		}
-@@ -1652,7 +1652,7 @@ vg_prefix_context_new(int addrtype, int privtype, int caseinsensitive)
- 		vcpp->base.vc_test = vg_prefix_test;
- 		vcpp->base.vc_hash160_sort = vg_prefix_hash160_sort;
- 		avl_root_init(&vcpp->vcp_avlroot);
--		BN_init(&vcpp->vcp_difficulty);
-+		vcpp->vcp_difficulty = BN_new();
- 		vcpp->vcp_caseinsensitive = caseinsensitive;
- 	}
- 	return &vcpp->base;
-@@ -1778,21 +1778,21 @@ vg_regex_test(vg_exec_context_t *vxcp)
- 	unsigned char hash1[32], hash2[32];
- 	int i, zpfx, p, d, nres, re_vec[9];
- 	char b58[40];
--	BIGNUM bnrem;
-+	BIGNUM *bnrem;
- 	BIGNUM *bn, *bndiv, *bnptmp;
- 	int res = 0;
- 
- 	pcre *re;
- 
--	BN_init(&bnrem);
-+	bnrem = BN_new();
- 
- 	/* Hash the hash and write the four byte check code */
- 	SHA256(vxcp->vxc_binres, 21, hash1);
- 	SHA256(hash1, sizeof(hash1), hash2);
- 	memcpy(&vxcp->vxc_binres[21], hash2, 4);
- 
--	bn = &vxcp->vxc_bntmp;
--	bndiv = &vxcp->vxc_bntmp2;
-+	bn = vxcp->vxc_bntmp;
-+	bndiv = vxcp->vxc_bntmp2;
- 
- 	BN_bin2bn(vxcp->vxc_binres, 25, bn);
- 
-@@ -1801,11 +1801,11 @@ vg_regex_test(vg_exec_context_t *vxcp)
- 	p = sizeof(b58) - 1;
- 	b58[p] = '\0';
- 	while (!BN_is_zero(bn)) {
--		BN_div(bndiv, &bnrem, bn, &vxcp->vxc_bnbase, vxcp->vxc_bnctx);
-+		BN_div(bndiv, bnrem, bn, vxcp->vxc_bnbase, vxcp->vxc_bnctx);
- 		bnptmp = bn;
- 		bn = bndiv;
- 		bndiv = bnptmp;
--		d = BN_get_word(&bnrem);
-+		d = BN_get_word(bnrem);
- 		b58[--p] = vg_b58_alphabet[d];
- 	}
- 	while (zpfx--) {
-@@ -1878,7 +1878,7 @@ vg_regex_test(vg_exec_context_t *vxcp)
- 		res = 1;
- 	}
- out:
--	BN_clear_free(&bnrem);
-+	BN_clear_free(bnrem);
- 	return res;
- }
- 
-diff --git a/pattern.h b/pattern.h
-index 3ce2d1f..0b604ea 100644
---- a/pattern.h
-+++ b/pattern.h
-@@ -51,10 +51,10 @@ struct _vg_exec_context_s {
- 	EC_KEY				*vxc_key;
- 	int				vxc_delta;
- 	unsigned char			vxc_binres[28];
--	BIGNUM				vxc_bntarg;
--	BIGNUM				vxc_bnbase;
--	BIGNUM				vxc_bntmp;
--	BIGNUM				vxc_bntmp2;
-+	BIGNUM				*vxc_bntarg;
-+	BIGNUM				*vxc_bnbase;
-+	BIGNUM				*vxc_bntmp;
-+	BIGNUM				*vxc_bntmp2;
- 
- 	vg_exec_context_threadfunc_t	vxc_threadfunc;
- 	pthread_t			vxc_pthread;
-diff --git a/util.c b/util.c
-index 4f3cbb8..35cd592 100644
---- a/util.c
-+++ b/util.c
-@@ -110,19 +110,19 @@ vg_b58_encode_check(void *buf, size_t len, char *result)
- 
- 	BN_CTX *bnctx;
- 	BIGNUM *bn, *bndiv, *bntmp;
--	BIGNUM bna, bnb, bnbase, bnrem;
-+	BIGNUM *bna, *bnb, *bnbase, *bnrem;
- 	unsigned char *binres;
- 	int brlen, zpfx;
- 
- 	bnctx = BN_CTX_new();
--	BN_init(&bna);
--	BN_init(&bnb);
--	BN_init(&bnbase);
--	BN_init(&bnrem);
--	BN_set_word(&bnbase, 58);
-+	bna = BN_new();
-+	bnb = BN_new();
-+	bnbase = BN_new();
-+	bnrem = BN_new();
-+	BN_set_word(bnbase, 58);
- 
--	bn = &bna;
--	bndiv = &bnb;
-+	bn = bna;
-+	bndiv = bnb;
- 
- 	brlen = (2 * len) + 4;
- 	binres = (unsigned char*) malloc(brlen);
-@@ -154,11 +154,11 @@ vg_b58_encode_check(void *buf, size_t len, char *result)
- 
- 	p = brlen;
- 	while (!BN_is_zero(bn)) {
--		BN_div(bndiv, &bnrem, bn, &bnbase, bnctx);
-+		BN_div(bndiv, bnrem, bn, bnbase, bnctx);
- 		bntmp = bn;
- 		bn = bndiv;
- 		bndiv = bntmp;
--		d = BN_get_word(&bnrem);
-+		d = BN_get_word(bnrem);
- 		binres[--p] = vg_b58_alphabet[d];
- 	}
- 
-@@ -170,10 +170,10 @@ vg_b58_encode_check(void *buf, size_t len, char *result)
- 	result[brlen - p] = '\0';
- 
- 	free(binres);
--	BN_clear_free(&bna);
--	BN_clear_free(&bnb);
--	BN_clear_free(&bnbase);
--	BN_clear_free(&bnrem);
-+	BN_clear_free(bna);
-+	BN_clear_free(bnb);
-+	BN_clear_free(bnbase);
-+	BN_clear_free(bnrem);
- 	BN_CTX_free(bnctx);
- }
- 
-@@ -185,7 +185,7 @@ vg_b58_decode_check(const char *input, void *buf, size_t len)
- {
- 	int i, l, c;
- 	unsigned char *xbuf = NULL;
--	BIGNUM bn, bnw, bnbase;
-+	BIGNUM *bn, *bnw, *bnbase;
- 	BN_CTX *bnctx;
- 	unsigned char hash1[32], hash2[32];
- 	unsigned char groestlhash1[64];
-@@ -193,10 +193,10 @@ vg_b58_decode_check(const char *input, void *buf, size_t len)
- 	int zpfx;
- 	int res = 0;
- 
--	BN_init(&bn);
--	BN_init(&bnw);
--	BN_init(&bnbase);
--	BN_set_word(&bnbase, 58);
-+	bn = BN_new();
-+	bnw = BN_new();
-+	bnbase = BN_new();
-+	BN_set_word(bnbase, 58);
- 	bnctx = BN_CTX_new();
- 
- 	/* Build a bignum from the encoded value */
-@@ -207,10 +207,10 @@ vg_b58_decode_check(const char *input, void *buf, size_t len)
- 		c = vg_b58_reverse_map[(int)input[i]];
- 		if (c < 0)
- 			goto out;
--		BN_clear(&bnw);
--		BN_set_word(&bnw, c);
--		BN_mul(&bn, &bn, &bnbase, bnctx);
--		BN_add(&bn, &bn, &bnw);
-+		BN_clear(bnw);
-+		BN_set_word(bnw, c);
-+		BN_mul(bn, bn, bnbase, bnctx);
-+		BN_add(bn, bn, bnw);
- 	}
- 
- 	/* Copy the bignum to a byte buffer */
-@@ -221,7 +221,7 @@ vg_b58_decode_check(const char *input, void *buf, size_t len)
- 			break;
- 		zpfx++;
- 	}
--	c = BN_num_bytes(&bn);
-+	c = BN_num_bytes(bn);
- 	l = zpfx + c;
- 	if (l < 5)
- 		goto out;
-@@ -231,7 +231,7 @@ vg_b58_decode_check(const char *input, void *buf, size_t len)
- 	if (zpfx)
- 		memset(xbuf, 0, zpfx);
- 	if (c)
--		BN_bn2bin(&bn, xbuf + zpfx);
-+		BN_bn2bin(bn, xbuf + zpfx);
- 
- 	/* Check the hash code */
- 	l -= 4;
-@@ -270,9 +270,9 @@ vg_b58_decode_check(const char *input, void *buf, size_t len)
- out:
- 	if (xbuf)
- 		free(xbuf);
--	BN_clear_free(&bn);
--	BN_clear_free(&bnw);
--	BN_clear_free(&bnbase);
-+	BN_clear_free(bn);
-+	BN_clear_free(bnw);
-+	BN_clear_free(bnbase);
- 	BN_CTX_free(bnctx);
- 	return res;
- }
-@@ -420,7 +420,7 @@ vg_set_privkey(const BIGNUM *bnpriv, EC_KEY *pkey)
- int
- vg_decode_privkey(const char *b58encoded, EC_KEY *pkey, int *addrtype)
- {
--	BIGNUM bnpriv;
-+	BIGNUM *bnpriv;
- 	unsigned char ecpriv[48];
- 	int res, ret;
- 
-@@ -430,10 +430,10 @@ vg_decode_privkey(const char *b58encoded, EC_KEY *pkey, int *addrtype)
- 
- 	ret = res - 32;
- 
--	BN_init(&bnpriv);
--	BN_bin2bn(ecpriv + 1, 32, &bnpriv);
--	res = vg_set_privkey(&bnpriv, pkey);
--	BN_clear_free(&bnpriv);
-+	bnpriv = BN_new();
-+	BN_bin2bn(ecpriv + 1, 32, bnpriv);
-+	res = vg_set_privkey(bnpriv, pkey);
-+	BN_clear_free(bnpriv);
- 	*addrtype = ecpriv[0];
- 	return ret;
- }
-@@ -632,15 +632,15 @@ vg_protect_crypt(int parameter_group,
- 		salt_len = 4;
- 		hmac_len = 8;
- 		hmac_keylen = 16;
--		ciphertext_len = ((plaintext_len + cipher->block_size - 1) /
--				  cipher->block_size) * cipher->block_size;
-+		ciphertext_len = ((plaintext_len + EVP_CIPHER_block_size(cipher) - 1) /
-+				  EVP_CIPHER_block_size(cipher)) * EVP_CIPHER_block_size(cipher);
- 		pkcs7_padding = 0;
- 		hmac_digest = EVP_sha256();
- 	} else {
- 		/* PKCS-compliant encoding */
- 		salt_len = 8;
--		ciphertext_len = ((plaintext_len + cipher->block_size) /
--				  cipher->block_size) * cipher->block_size;
-+		ciphertext_len = ((plaintext_len + EVP_CIPHER_block_size(cipher)) /
-+				  EVP_CIPHER_block_size(cipher)) * EVP_CIPHER_block_size(cipher);
- 		hmac_digest = NULL;
- 	}
- 
-@@ -666,12 +666,12 @@ vg_protect_crypt(int parameter_group,
- 			  salt, salt_len,
- 			  params->iterations,
- 			  pbkdf_digest,
--			  cipher->key_len + cipher->iv_len + hmac_keylen,
-+			  EVP_CIPHER_key_length(cipher) + EVP_CIPHER_iv_length(cipher) + hmac_keylen,
- 			  keymaterial);
- 
- 	if (!EVP_CipherInit(ctx, cipher,
- 			    keymaterial,
--			    keymaterial + cipher->key_len,
-+			    keymaterial + EVP_CIPHER_key_length(cipher),
- 			    enc)) {
- 		fprintf(stderr, "ERROR: could not configure cipher\n");
- 		goto out;
-@@ -707,7 +707,7 @@ vg_protect_crypt(int parameter_group,
- 	if (hmac_len) {
- 		hlen = sizeof(hmac);
- 		HMAC(hmac_digest,
--		     keymaterial + cipher->key_len + cipher->iv_len,
-+		     keymaterial + EVP_CIPHER_key_length(cipher) + EVP_CIPHER_iv_length(cipher),
- 		     hmac_keylen,
- 		     enc ? data_in : data_out, plaintext_len,
- 		     hmac, &hlen);
-@@ -786,7 +786,7 @@ vg_protect_decode_privkey(EC_KEY *pkey, int *keytype,
- {
- 	unsigned char ecpriv[64];
- 	unsigned char ecenc[128];
--	BIGNUM bn;
-+	BIGNUM *bn;
- 	int restype;
- 	int res;
- 
-@@ -810,10 +810,10 @@ vg_protect_decode_privkey(EC_KEY *pkey, int *keytype,
- 
- 	res = 1;
- 	if (pkey) {
--		BN_init(&bn);
--		BN_bin2bn(ecpriv, 32, &bn);
--		res = vg_set_privkey(&bn, pkey);
--		BN_clear_free(&bn);
-+		bn = BN_new();
-+		BN_bin2bn(ecpriv, 32, bn);
-+		res = vg_set_privkey(bn, pkey);
-+		BN_clear_free(bn);
- 		OPENSSL_cleanse(ecpriv, sizeof(ecpriv));
- 	}
- 
-diff --git a/vanitygen.c b/vanitygen.c
-index fb7925a..992e5d7 100644
---- a/vanitygen.c
-+++ b/vanitygen.c
-@@ -94,8 +94,8 @@ vg_thread_loop(void *arg)
- 		exit(1);
- 	}
- 
--	BN_set_word(&vxcp->vxc_bntmp, ptarraysize);
--	EC_POINT_mul(pgroup, pbatchinc, &vxcp->vxc_bntmp, NULL, NULL,
-+	BN_set_word(vxcp->vxc_bntmp, ptarraysize);
-+	EC_POINT_mul(pgroup, pbatchinc, vxcp->vxc_bntmp, NULL, NULL,
- 		     vxcp->vxc_bnctx);
- 	EC_POINT_make_affine(pgroup, pbatchinc, vxcp->vxc_bnctx);
- 
-@@ -139,13 +139,13 @@ vg_thread_loop(void *arg)
- 			npoints = 0;
- 
- 			/* Determine rekey interval */
--			EC_GROUP_get_order(pgroup, &vxcp->vxc_bntmp,
-+			EC_GROUP_get_order(pgroup, vxcp->vxc_bntmp,
- 					   vxcp->vxc_bnctx);
--			BN_sub(&vxcp->vxc_bntmp2,
--			       &vxcp->vxc_bntmp,
-+			BN_sub(vxcp->vxc_bntmp2,
-+			       vxcp->vxc_bntmp,
- 			       EC_KEY_get0_private_key(pkey));
--			rekey_at = BN_get_word(&vxcp->vxc_bntmp2);
--			if ((rekey_at == BN_MASK2) || (rekey_at > rekey_max))
-+			rekey_at = BN_get_word(vxcp->vxc_bntmp2);
-+			if ((rekey_at == 0xffffffffL) || (rekey_at > rekey_max))
- 				rekey_at = rekey_max;
- 			assert(rekey_at > 0);
- 
diff --git a/srcpkgs/vanitygen/patches/5f163e6fff7da52c4aecbd898d9df2e60a56f134.patch b/srcpkgs/vanitygen/patches/5f163e6fff7da52c4aecbd898d9df2e60a56f134.patch
deleted file mode 100644
index 5ee30ae08cdf..000000000000
--- a/srcpkgs/vanitygen/patches/5f163e6fff7da52c4aecbd898d9df2e60a56f134.patch
+++ /dev/null
@@ -1,98 +0,0 @@
-From 5f163e6fff7da52c4aecbd898d9df2e60a56f134 Mon Sep 17 00:00:00 2001
-From: DesWurstes <DesWurstes@users.noreply.github.com>
-Date: Sun, 3 Jun 2018 17:46:16 +0300
-Subject: [PATCH] Privkey prefix OpenSSL 1.1 compatibility (#116)
-
-Fixes #114
----
- oclengine.c | 18 +++++++++++++-----
- vanitygen.c | 12 ++++++++++--
- 2 files changed, 23 insertions(+), 7 deletions(-)
-
-diff --git a/oclengine.c b/oclengine.c
-index 6585fc6..c69bd4b 100644
---- a/oclengine.c
-+++ b/oclengine.c
-@@ -5,7 +5,7 @@
-  * Vanitygen is free software: you can redistribute it and/or modify
-  * it under the terms of the GNU Affero General Public License as published by
-  * the Free Software Foundation, either version 3 of the License, or
-- * any later version. 
-+ * any later version.
-  *
-  * Vanitygen is distributed in the hope that it will be useful,
-  * but WITHOUT ANY WARRANTY; without even the implied warranty of
-@@ -1058,7 +1058,7 @@ vg_ocl_kernel_arg_alloc(vg_ocl_context_t *vocp, int slot,
- 					     karg,
- 					     sizeof(clbuf),
- 					     &clbuf);
--			
-+
- 			if (ret) {
- 				fprintf(stderr,
- 					"clSetKernelArg(%d,%d): ", knum, karg);
-@@ -1090,7 +1090,7 @@ vg_ocl_copyout_arg(vg_ocl_context_t *vocp, int wslot, int arg,
- 				   buffer,
- 				   0, NULL,
- 				   NULL);
--			
-+
- 	if (ret) {
- 		fprintf(stderr, "clEnqueueWriteBuffer(%d): ", arg);
- 		vg_ocl_error(vocp, ret, NULL);
-@@ -2079,7 +2079,15 @@ vg_opencl_loop(vg_exec_context_t *arg)
- 	npoints = 0;
- 	if (vcp->vc_privkey_prefix_length > 0) {
- 		BIGNUM *pkbn = BN_dup(EC_KEY_get0_private_key(pkey));
--		memcpy((char *)pkbn->d + 32 - vcp->vc_privkey_prefix_length, vcp->vc_privkey_prefix, vcp->vc_privkey_prefix_length);
-+		unsigned char pkey_arr[32];
-+		assert(BN_bn2bin(pkbn, pkey_arr) < 33);
-+		memcpy((char *) pkey_arr, vcp->vc_privkey_prefix, vcp->vc_privkey_prefix_length);
-+		for (int i = 0; i < vcp->vc_privkey_prefix_length / 2; i++) {
-+			int k = pkey_arr[i];
-+			pkey_arr[i] = pkey_arr[vcp->vc_privkey_prefix_length - 1 - i];
-+			pkey_arr[vcp->vc_privkey_prefix_length - 1 - i] = k;
-+		}
-+		BN_bin2bn(pkey_arr, 32, pkbn);
- 		EC_KEY_set_private_key(pkey, pkbn);
- 
- 		EC_POINT *origin = EC_POINT_new(pgroup);
-@@ -2240,7 +2248,7 @@ vg_opencl_loop(vg_exec_context_t *arg)
- 			slot_busy = 1;
- 			slot = (slot + 1) % nslots;
- 
--		} else { 
-+		} else {
- 			if (slot_busy) {
- 				pthread_mutex_lock(&vocp->voc_lock);
- 				while (vocp->voc_ocl_slot != -1) {
-diff --git a/vanitygen.c b/vanitygen.c
-index 992e5d7..5e49df7 100644
---- a/vanitygen.c
-+++ b/vanitygen.c
-@@ -129,7 +129,15 @@ vg_thread_loop(void *arg)
- 			EC_KEY_generate_key(pkey);
- 			if (vcp->vc_privkey_prefix_length > 0) {
- 				BIGNUM *pkbn = BN_dup(EC_KEY_get0_private_key(pkey));
--				memcpy((char *)pkbn->d + 32 - vcp->vc_privkey_prefix_length, vcp->vc_privkey_prefix, vcp->vc_privkey_prefix_length);
-+        unsigned char pkey_arr[32];
-+        assert(BN_bn2bin(pkbn, pkey_arr) < 33);
-+        memcpy((char *) pkey_arr, vcp->vc_privkey_prefix, vcp->vc_privkey_prefix_length);
-+				for (int i = 0; i < vcp->vc_privkey_prefix_length / 2; i++) {
-+					int k = pkey_arr[i];
-+					pkey_arr[i] = pkey_arr[vcp->vc_privkey_prefix_length - 1 - i];
-+					pkey_arr[vcp->vc_privkey_prefix_length - 1 - i] = k;
-+				}
-+        BN_bin2bn(pkey_arr, 32, pkbn);
- 				EC_KEY_set_private_key(pkey, pkbn);
- 
- 				EC_POINT *origin = EC_POINT_new(pgroup);
-@@ -1395,7 +1403,7 @@ main(int argc, char **argv)
- 					addrtype = 60;
- 					privtype = 128;
- 					break;
--			}			
-+			}
- 			break;
- 
- /*END ALTCOIN GENERATOR*/
diff --git a/srcpkgs/vanitygen/template b/srcpkgs/vanitygen/template
deleted file mode 100644
index 624ac859d5d2..000000000000
--- a/srcpkgs/vanitygen/template
+++ /dev/null
@@ -1,21 +0,0 @@
-# Template file for 'vanitygen'
-pkgname=vanitygen
-version=1.53
-revision=2
-makedepends="pcre-devel openssl-devel"
-short_desc="Bitcoin vanity address generator"
-maintainer="Orphaned <orphan@voidlinux.org>"
-license="AGPL-3.0-or-later"
-homepage="https://github.com/exploitagency/vanitygen-plus"
-changelog="https://raw.githubusercontent.com/exploitagency/vanitygen-plus/master/CHANGELOG"
-distfiles="https://github.com/exploitagency/vanitygen-plus/archive/PLUS${version}.tar.gz"
-checksum=976a9afe2a4470551a8b6b0da97101a3a2e6c54c5a26dc870ae755bb2d8c7041
-
-do_build() {
-	make CC=$CC CFLAGS="$CFLAGS $LDFLAGS" ${makejobs}
-}
-do_install() {
-	vbin vanitygen
-	vbin keyconv
-	vlicense LICENSE
-}

From 25b689ee2a27a57bd15b0135c4cd62a11247445a Mon Sep 17 00:00:00 2001
From: dkwo <nicolopiazzalunga@gmail.com>
Date: Thu, 26 Jan 2023 13:51:22 -0500
Subject: [PATCH 5/7] pjproject: update to 2.13

---
 srcpkgs/pjproject/template | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/srcpkgs/pjproject/template b/srcpkgs/pjproject/template
index c94ead90e9de..89474e57e782 100644
--- a/srcpkgs/pjproject/template
+++ b/srcpkgs/pjproject/template
@@ -2,9 +2,8 @@
 # no-third-party.patch comes from Alpine,
 # and this template is heavily based on Alpine's APKBUILD.
 pkgname=pjproject
-version=2.8
-revision=5
-disable_parallel_build=yes
+version=2.13
+revision=1
 build_style=gnu-configure
 configure_args="--enable-shared \
 	--enable-libsamplerate \
@@ -17,13 +16,14 @@ configure_args="--enable-shared \
 # webrtc-audio-processing, but it doesn't have what I need.  Using the
 # bundled versions would also pollute build with libyuv and libwebrtc (yuck).
 makedepends="openssl-devel alsa-lib-devel libgsm-devel speex-devel speexdsp-devel
-	libsrtp-devel libsamplerate-devel"
+ libsrtp-devel libsamplerate-devel"
 short_desc="Open source SIP and media stack"
 maintainer="Christopher Brannon <chris@the-brannons.com>"
 license="GPL-2.0-or-later"
-homepage="http://www.pjsip.org/pjsua.htm"
-distfiles="http://www.pjsip.org/release/${version}/${pkgname}-${version}.tar.bz2"
-checksum=503d0bd7f9f13dc1492ac9b71b761b1089851fbb608b9a13996edc3c42006f79
+homepage="https://www.pjsip.org/"
+distfiles="https://github.com/pjsip/pjproject/archive/refs/tags/${version}.tar.gz"
+checksum=4178bb9f586299111463fc16ea04e461adca4a73e646f8ddef61ea53dafa92d9
+disable_parallel_build=yes
 
 pre_configure() {
 	export LD="${CC}"

From c27ef23514964684ec5b615f604f094796594331 Mon Sep 17 00:00:00 2001
From: dkwo <nicolopiazzalunga@gmail.com>
Date: Thu, 26 Jan 2023 13:54:35 -0500
Subject: [PATCH 6/7] stunnel: update to 5.67

---
 srcpkgs/stunnel/template | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/srcpkgs/stunnel/template b/srcpkgs/stunnel/template
index 9ad351e9e190..63fd3676298e 100644
--- a/srcpkgs/stunnel/template
+++ b/srcpkgs/stunnel/template
@@ -1,6 +1,6 @@
 # Template file for 'stunnel'
 pkgname=stunnel
-version=5.66
+version=5.67
 revision=1
 build_style=gnu-configure
 configure_args="--enable-ipv6 --with-ssl=${XBPS_CROSS_BASE}/usr"
@@ -13,7 +13,7 @@ license="GPL-2.0-or-later"
 homepage="https://www.stunnel.org/"
 changelog="https://www.stunnel.org/NEWS.html"
 distfiles="https://www.stunnel.org/downloads/stunnel-${version}.tar.gz"
-checksum=558178704d1aa5f6883aac6cc5d6bbf2a5714c8a0d2e91da0392468cee9f579c
+checksum=3086939ee6407516c59b0ba3fbf555338f9d52f459bcab6337c0f00e91ea8456
 
 pre_check() {
 	# GitHub's CI doesn't support IPv6

From 8584355969565f929f18a077b5262e61c665ab9d Mon Sep 17 00:00:00 2001
From: dkwo <nicolopiazzalunga@gmail.com>
Date: Thu, 26 Jan 2023 14:03:20 -0500
Subject: [PATCH 7/7] thrift: update distfiles, bump for openssl

---
 srcpkgs/thrift/template | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/srcpkgs/thrift/template b/srcpkgs/thrift/template
index 9ac4bb481c30..8b1a0c3247fd 100644
--- a/srcpkgs/thrift/template
+++ b/srcpkgs/thrift/template
@@ -1,7 +1,7 @@
 # Template file for 'thrift'
 pkgname=thrift
 version=0.13.0
-revision=6
+revision=7
 build_style=gnu-configure
 configure_args="--without-python"
 makedepends="boost-devel openssl-devel"
@@ -10,7 +10,7 @@ short_desc="Apache Thrift compiler"
 maintainer="Orphaned <orphan@voidlinux.org>"
 license="Apache-2.0"
 homepage="https://thrift.apache.org/"
-distfiles="http://www-us.apache.org/dist/thrift/${version}/thrift-${version}.tar.gz"
+distfiles="https://archive.apache.org/dist/thrift/${version}/thrift-${version}.tar.gz"
 checksum=7ad348b88033af46ce49148097afe354d513c1fca7c607b59c33ebb6064b5179
 
 if [ "$XBPS_TARGET_NO_ATOMIC8" ]; then