From 27a5467240a7a605a1e36c534fadc367d624d6c7 Mon Sep 17 00:00:00 2001
From: Dariusz Michaluk <d.michaluk@samsung.com>
Date: Wed, 12 Jul 2023 12:21:09 +0200
Subject: [PATCH] Migrate to openssl3

This commit introduce few incompatibilities with previous API:
- enforce a minimum DH modulus size of 512 bits,
- enforce a minimum DSA key size of 1024 bits,
- YACA_PADDING_PKCS1_SSLV23 is now equal to YACA_PADDING_PKCS1,
- YACA_KDF_X942 has changed CEK wrapping algorithm to AES-256-WRAP,
 in result derived key will change.

Change-Id: Ifc852ec6829d63d66925e3007e37254126be60e5
---
 CMakeLists.txt                 |   1 +
 api/yaca/yaca_key.h            |   4 +-
 api/yaca/yaca_types.h          |   3 ++
 examples/rsa_public.c          |   6 ---
 packaging/yaca.spec            |   2 +-
 src/CMakeLists.txt             |   2 +-
 src/debug.c                    | 101 ++++++++++++++++-------------------------
 src/digest.c                   |   2 +-
 src/encrypt.c                  |   6 +--
 src/key.c                      |  47 ++++++++++++++-----
 src/rsa.c                      |   9 ++--
 src/seal.c                     |   4 +-
 src/sign.c                     |  64 ++++++--------------------
 tests/mock_test_key.cpp        |   8 ++--
 tests/mock_test_sign.cpp       |   2 +-
 tests/mock_test_simple.cpp     |   2 +-
 tests/openssl_mock_functions.h |  12 ++---
 tests/openssl_mock_impl.c      |  48 ++++++++++----------
 tests/openssl_mock_impl.h      |  12 ++---
 tests/openssl_mock_redefine.h  |  14 +++---
 tests/test_debug.cpp           |  62 ++++++++++++-------------
 tests/test_key.cpp             |  21 ++++-----
 tests/test_sign.cpp            |   6 +--
 tests/test_simple.cpp          |   2 +-
 24 files changed, 199 insertions(+), 241 deletions(-)

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 365bd0a..75d0c58 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -63,6 +63,7 @@ ADD_DEFINITIONS("-Wall")   # Generate all warnings
 ADD_DEFINITIONS("-Wextra") # Generate even more extra warnings
 ADD_DEFINITIONS("-pedantic") # Be pedantic
 ADD_DEFINITIONS("-pedantic-errors") # Make pedantic warnings into errors
+ADD_DEFINITIONS("-Wno-deprecated-declarations") # Use openssl deprecated API
 ADD_DEFINITIONS(-DPROJECT_SOURCE_DIR="${PROJECT_SOURCE_DIR}")
 
 IF("${CMAKE_C_COMPILER_ID}" STREQUAL "Clang")
diff --git a/api/yaca/yaca_key.h b/api/yaca/yaca_key.h
index e0bf47a..0a1db9c 100644
--- a/api/yaca/yaca_key.h
+++ b/api/yaca/yaca_key.h
@@ -188,10 +188,10 @@ int yaca_key_export(const yaca_key_h key, yaca_key_format_e key_fmt, yaca_key_fi
  *          - SYMMETRIC/IV: >= 8bits
  *          - DES: 64, 128 or 192bits
  *          - RSA: length >= 512bits
- *          - DSA: length >= 512bits, multiple of 64
+ *          - DSA: length >= 1024bits, multiple of 64
  *          - DH: a value taken from #yaca_key_bit_length_dh_rfc_e or
  *                (YACA_KEY_LENGTH_DH_GENERATOR_* | prime_length_in_bits),
- *                where prime_length_in_bits has to be >= 256
+ *                where prime_length_in_bits has to be >= 512
  *          - EC: a value taken from #yaca_key_bit_length_ec_e
  * @remarks The @a key should be released using yaca_key_destroy().
  * @param[in] key_type Type of the key to be generated
diff --git a/api/yaca/yaca_types.h b/api/yaca/yaca_types.h
index 8973422..ea87975 100644
--- a/api/yaca/yaca_types.h
+++ b/api/yaca/yaca_types.h
@@ -664,6 +664,9 @@ typedef enum {
 	YACA_PADDING_PKCS1_OAEP,
 
 	/**
+	 * Removed in OpenSSL 3.0 and should not be used anymore.
+	 * For compatibility reason YACA_PADDING_PKCS1_SSLV23 is now equal to YACA_PADDING_PKCS1.
+	 *
 	 * PKCS #1 v1.5 padding with an SSL-specific modification that denotes that the party
 	 * is SSL3 capable. It is used for rollback attack detection in SSLv3. If during decryption it
 	 * turns out that both parties are using #YACA_PADDING_PKCS1_SSLV23 (both are communicating
diff --git a/examples/rsa_public.c b/examples/rsa_public.c
index e025c97..fded958 100644
--- a/examples/rsa_public.c
+++ b/examples/rsa_public.c
@@ -72,12 +72,6 @@ int main()
 		dump_hex(encrypted, 16, "Encrypted data (16 of %zu bytes): ", encrypted_len);
 	}
 
-	/*
-	 * YACA_PADDING_PKCS1_SSLV23 is compatible with YACA_PADDING_PKCS1. It is used to detect if
-	 * both the encrypting and decrypting side used YACA_PADDING_PKCS1_SSLV23, that is, both are
-	 * SSL3 capable but use the SSL2 (rollback attack detection).
-	 */
-
 	/* Decryption */
 	{
 		ret = yaca_rsa_private_decrypt(YACA_PADDING_PKCS1, rsa_priv, encrypted, encrypted_len,
diff --git a/packaging/yaca.spec b/packaging/yaca.spec
index 08a88c2..457d3cc 100644
--- a/packaging/yaca.spec
+++ b/packaging/yaca.spec
@@ -10,7 +10,7 @@ Summary:            Yet Another Crypto API
 BuildRequires:      cmake
 BuildRequires:      python3 >= 3.4
 BuildRequires:      pkgconfig(capi-base-common)
-BuildRequires:      pkgconfig(openssl1.1)
+BuildRequires:      pkgconfig(openssl3)
 BuildRequires:      boost-devel
 %if "%build_type" == "COVERAGE"
 BuildRequires:      lcov
diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt
index 7cf4872..1c3e22f 100644
--- a/src/CMakeLists.txt
+++ b/src/CMakeLists.txt
@@ -48,7 +48,7 @@ SET_TARGET_PROPERTIES(${PROJECT_NAME}-static PROPERTIES
                       OUTPUT_NAME ${PROJECT_NAME})
 
 ## Link libraries ##############################################################
-PKG_CHECK_MODULES(YACA_DEPS REQUIRED openssl1.1 capi-base-common)
+PKG_CHECK_MODULES(YACA_DEPS REQUIRED openssl3 capi-base-common)
 
 FIND_PACKAGE (Threads)
 
diff --git a/src/debug.c b/src/debug.c
index e7a8056..0e17e67 100644
--- a/src/debug.c
+++ b/src/debug.c
@@ -28,6 +28,7 @@
 #include <openssl/pem.h>
 #include <openssl/pkcs12.h>
 #include <openssl/dsa.h>
+#include <openssl/proverr.h>
 
 #include <yaca_error.h>
 
@@ -38,7 +39,6 @@
 // TODO any better idea than to use __thread?
 static __thread yaca_error_cb error_cb = NULL;
 static bool error_strings_loaded = false;
-static const int GENERIC_REASON_MAX = 99;
 
 API void yaca_debug_set_error_cb(yaca_error_cb fn)
 {
@@ -127,41 +127,46 @@ int error_handle(const char *file, int line, const char *function)
 
 	/* known errors */
 	switch (err) {
-	case ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_OSSL_PRIVATE_ENCRYPT, RSA_R_DATA_GREATER_THAN_MOD_LEN):
-	case ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_OSSL_PRIVATE_DECRYPT, RSA_R_DATA_GREATER_THAN_MOD_LEN):
-	case ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_OSSL_PUBLIC_ENCRYPT, RSA_R_DATA_GREATER_THAN_MOD_LEN):
-	case ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_OSSL_PUBLIC_DECRYPT, RSA_R_DATA_GREATER_THAN_MOD_LEN):
-	case ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_OSSL_PRIVATE_ENCRYPT, RSA_R_DATA_TOO_LARGE_FOR_MODULUS):
-	case ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_OSSL_PRIVATE_DECRYPT, RSA_R_DATA_TOO_LARGE_FOR_MODULUS):
-	case ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_OSSL_PUBLIC_ENCRYPT, RSA_R_DATA_TOO_LARGE_FOR_MODULUS):
-	case ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_OSSL_PUBLIC_DECRYPT, RSA_R_DATA_TOO_LARGE_FOR_MODULUS):
-	case ERR_PACK(ERR_LIB_PEM, PEM_F_GET_NAME, PEM_R_NO_START_LINE):
-	case ERR_PACK(ERR_LIB_PEM, PEM_F_GET_HEADER_AND_DATA, PEM_R_BAD_END_LINE):
-	case ERR_PACK(ERR_LIB_RSA, RSA_F_PKEY_RSA_CTRL, RSA_R_KEY_SIZE_TOO_SMALL):
-	case ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_CTX_CTRL, EVP_R_COMMAND_NOT_SUPPORTED):
-	case ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_READ_BIO, PEM_R_NO_START_LINE):
-	case ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_NOT_ENOUGH_DATA):
-	case ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_ENCRYPTFINAL_EX, EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH):
-	case ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_DECRYPTFINAL_EX, EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH):
-	case ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_DECRYPTFINAL_EX, EVP_R_WRONG_FINAL_BLOCK_LENGTH):
-	case ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_DERIVE_SET_PEER, EVP_R_DIFFERENT_PARAMETERS):
-	case ERR_PACK(ERR_LIB_EC, EC_F_PKEY_EC_CTRL, EC_R_INVALID_DIGEST_TYPE):
-	case ERR_PACK(ERR_LIB_DSA, DSA_F_PKEY_DSA_CTRL, DSA_R_INVALID_DIGEST_TYPE):
-	case ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH, EVP_R_INVALID_KEY_LENGTH):
-	case ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED):
+	case ERR_PACK(ERR_LIB_OSSL_DECODER, 0, ERR_R_UNSUPPORTED):
+	case ERR_PACK(ERR_LIB_PROV, 0, PROV_R_CIPHER_OPERATION_FAILED):
+	case ERR_PACK(ERR_LIB_PROV, 0, PROV_R_MISMATCHING_DOMAIN_PARAMETERS):
+	case ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_X931_DIGEST):
+	case ERR_PACK(ERR_LIB_PROV, 0, PROV_R_WRONG_FINAL_BLOCK_LENGTH):
+	case ERR_PACK(ERR_LIB_RSA, 0, RSA_R_DATA_GREATER_THAN_MOD_LEN):
+	case ERR_PACK(ERR_LIB_RSA, 0, RSA_R_DATA_TOO_LARGE_FOR_MODULUS):
+	case ERR_PACK(ERR_LIB_RSA, 0, RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE):
+	case ERR_PACK(ERR_LIB_RSA, 0, RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE):
+	case ERR_PACK(ERR_LIB_RSA, 0, RSA_R_PADDING_CHECK_FAILED):
+	case ERR_PACK(ERR_LIB_RSA, 0, RSA_R_PKCS_DECODING_ERROR):
+	case ERR_PACK(ERR_LIB_RSA, 0, RSA_R_OAEP_DECODING_ERROR):
+	case ERR_PACK(ERR_LIB_RSA, 0, RSA_R_INVALID_PADDING):
+	case ERR_PACK(ERR_LIB_PEM, 0, PEM_R_NO_START_LINE):
+	case ERR_PACK(ERR_LIB_PEM, 0, PEM_R_BAD_END_LINE):
+	case ERR_PACK(ERR_LIB_RSA, 0, RSA_R_KEY_SIZE_TOO_SMALL):
+	case ERR_PACK(ERR_LIB_RSA, 0, RSA_R_BLOCK_TYPE_IS_NOT_01):
+	case ERR_PACK(ERR_LIB_EVP, 0, EVP_R_COMMAND_NOT_SUPPORTED):
+	case ERR_PACK(ERR_LIB_ASN1,0, ASN1_R_NOT_ENOUGH_DATA):
+	case ERR_PACK(ERR_LIB_EVP, 0, EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH):
+	case ERR_PACK(ERR_LIB_EVP, 0, EVP_R_WRONG_FINAL_BLOCK_LENGTH):
+	case ERR_PACK(ERR_LIB_EVP, 0, EVP_R_DIFFERENT_PARAMETERS):
+	case ERR_PACK(ERR_LIB_EC,  0, EC_R_INVALID_DIGEST_TYPE):
+	case ERR_PACK(ERR_LIB_DSA, 0, DSA_R_INVALID_DIGEST_TYPE):
+	case ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INVALID_KEY_LENGTH):
+	case ERR_PACK(ERR_LIB_EVP, 0, EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED):
+	case ERR_PACK(ERR_LIB_DH, 0, DH_R_MODULUS_TOO_SMALL):
 		ret = YACA_ERROR_INVALID_PARAMETER;
 		break;
-	case ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_GET_OBJECT, ASN1_R_TOO_LONG):
-	case ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_GET_OBJECT, ASN1_R_HEADER_TOO_LONG):
-	case ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_CHECK_TLEN, ASN1_R_WRONG_TAG):
+	case ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_TOO_LONG):
+	case ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_HEADER_TOO_LONG):
+	case ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_WRONG_TAG):
 	{
 		bool found_crypto_error = false;
 
 		while ((err = ERR_get_error()) != 0)
-			if (err == ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_ITEM_DECRYPT_D2I, PKCS12_R_DECODE_ERROR) ||
-				err == ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_PBE_CRYPT, PKCS12_R_PKCS12_CIPHERFINAL_ERROR) ||
-				err == ERR_PACK(ERR_LIB_DSA, DSA_F_OLD_DSA_PRIV_DECODE, ERR_R_DSA_LIB) ||
-				err == ERR_PACK(ERR_LIB_RSA, RSA_F_OLD_RSA_PRIV_DECODE, ERR_R_RSA_LIB)) {
+			if (err == ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_DECODE_ERROR) ||
+				err == ERR_PACK(ERR_LIB_PKCS12, 0, PKCS12_R_PKCS12_CIPHERFINAL_ERROR) ||
+				err == ERR_PACK(ERR_LIB_DSA, 0, ERR_R_DSA_LIB) ||
+				err == ERR_PACK(ERR_LIB_RSA, 0, ERR_R_RSA_LIB)) {
 				found_crypto_error = true;
 				break;
 			}
@@ -173,43 +178,17 @@ int error_handle(const char *file, int line, const char *function)
 
 		break;
 	}
-	case ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_DECRYPTFINAL_EX, EVP_R_BAD_DECRYPT):
-	case ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_DO_HEADER, PEM_R_BAD_DECRYPT):
-	case ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_DO_HEADER, PEM_R_BAD_PASSWORD_READ):
-	case ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_READ_BIO_PRIVATEKEY, PEM_R_BAD_PASSWORD_READ):
-	case ERR_PACK(ERR_LIB_PEM, PEM_F_D2I_PKCS8PRIVATEKEY_BIO, PEM_R_BAD_PASSWORD_READ):
+	case ERR_PACK(ERR_LIB_EVP, 0, EVP_R_BAD_DECRYPT):
+	case ERR_PACK(ERR_LIB_PEM, 0, PEM_R_BAD_DECRYPT):
+	case ERR_PACK(ERR_LIB_PEM, 0, PEM_R_BAD_PASSWORD_READ):
+	case ERR_PACK(ERR_LIB_PROV, 0, PROV_R_BAD_DECRYPT):
 		ret = YACA_ERROR_INVALID_PASSWORD;
 		break;
 	}
 
-	/* known rsa padding errors */
-	if (ret == YACA_ERROR_NONE && ERR_GET_LIB(err) == ERR_LIB_RSA) {
-		switch (ERR_GET_FUNC(err)) {
-		case RSA_F_CHECK_PADDING_MD:
-		case RSA_F_RSA_PADDING_CHECK_NONE:
-		case RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP:
-		case RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP_MGF1:
-		case RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1:
-		case RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2:
-		case RSA_F_RSA_PADDING_CHECK_SSLV23:
-		case RSA_F_RSA_PADDING_CHECK_X931:
-		case RSA_F_RSA_PADDING_ADD_NONE:
-		case RSA_F_RSA_PADDING_ADD_PKCS1_OAEP:
-		case RSA_F_RSA_PADDING_ADD_PKCS1_OAEP_MGF1:
-		case RSA_F_RSA_PADDING_ADD_PKCS1_PSS:
-		case RSA_F_RSA_PADDING_ADD_PKCS1_PSS_MGF1:
-		case RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1:
-		case RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2:
-		case RSA_F_RSA_PADDING_ADD_SSLV23:
-		case RSA_F_RSA_PADDING_ADD_X931:
-			ret = YACA_ERROR_INVALID_PARAMETER;
-			break;
-		}
-	}
-
 	/* fatal errors */
 	int reason = ERR_GET_REASON(err);
-	if (ret == YACA_ERROR_NONE && reason <= GENERIC_REASON_MAX && (err & ERR_R_FATAL) > 0) {
+	if (ret == YACA_ERROR_NONE && (err & ERR_R_FATAL) > 0) {
 		switch (reason) {
 		case ERR_R_MALLOC_FAILURE:
 			ret = YACA_ERROR_OUT_OF_MEMORY;
diff --git a/src/digest.c b/src/digest.c
index 07f7de8..76d2e1e 100644
--- a/src/digest.c
+++ b/src/digest.c
@@ -97,7 +97,7 @@ static int get_digest_output_length(const yaca_context_h ctx,
 	if (input_len != 0)
 		return YACA_ERROR_INVALID_PARAMETER;
 
-	int md_size = EVP_MD_CTX_size(c->md_ctx);
+	int md_size = EVP_MD_CTX_get_size(c->md_ctx);
 	if (md_size <= 0) {
 		const int ret = YACA_ERROR_INTERNAL;
 		ERROR_DUMP(ret);
diff --git a/src/encrypt.c b/src/encrypt.c
index 556eb3f..2651694 100644
--- a/src/encrypt.c
+++ b/src/encrypt.c
@@ -309,7 +309,7 @@ static int get_encrypt_output_length(const yaca_context_h ctx, size_t input_len,
 	assert(c != NULL);
 	assert(c->cipher_ctx != NULL);
 
-	block_size = EVP_CIPHER_CTX_block_size(c->cipher_ctx);
+	block_size = EVP_CIPHER_CTX_get_block_size(c->cipher_ctx);
 	if (block_size <= 0) {
 		const int ret = YACA_ERROR_INTERNAL;
 		ERROR_DUMP(ret);
@@ -452,7 +452,7 @@ static int encrypt_ctx_setup_iv(struct yaca_encrypt_context_s *c,
 	assert(c != NULL);
 	assert(cipher != NULL);
 
-	ret = EVP_CIPHER_iv_length(cipher);
+	ret = EVP_CIPHER_get_iv_length(cipher);
 	if (ret < 0) {
 		ret = YACA_ERROR_INTERNAL;
 		ERROR_DUMP(ret);
@@ -1190,7 +1190,7 @@ API int yaca_encrypt_get_iv_bit_length(yaca_encrypt_algorithm_e algo,
 	if (ret != YACA_ERROR_NONE)
 		return ret;
 
-	ret = EVP_CIPHER_iv_length(cipher);
+	ret = EVP_CIPHER_get_iv_length(cipher);
 	if (ret < 0) {
 		ret = YACA_ERROR_INTERNAL;
 		ERROR_DUMP(ret);
diff --git a/src/key.c b/src/key.c
index 1eea8d9..d1dec25 100644
--- a/src/key.c
+++ b/src/key.c
@@ -33,6 +33,9 @@
 #include <openssl/pem.h>
 #include <openssl/des.h>
 #include <openssl/dh.h>
+#include <openssl/kdf.h>
+#include <openssl/params.h>
+#include <openssl/core_names.h>
 
 #include <yaca_crypto.h>
 #include <yaca_error.h>
@@ -660,7 +663,7 @@ static int import_evp(yaca_key_h *key,
 	}
 
 	if ((key_type == YACA_KEY_TYPE_RSA_PRIV || key_type == YACA_KEY_TYPE_RSA_PUB) &&
-		(EVP_PKEY_size(pkey) < YACA_KEY_LENGTH_512BIT / 8)) {
+		(EVP_PKEY_get_size(pkey) < YACA_KEY_LENGTH_512BIT / 8)) {
 		ret = YACA_ERROR_INVALID_PARAMETER;
 		goto exit;
 	}
@@ -852,13 +855,13 @@ static int export_evp_default_bio(struct yaca_key_evp_s *evp_key,
 			break;
 
 		case YACA_KEY_TYPE_DSA_PARAMS:
-			ret = i2d_DSAparams_bio(mem, EVP_PKEY_get0(evp_key->evp));
+			ret = i2d_DSAparams_bio(mem, EVP_PKEY_get0_DSA(evp_key->evp));
 			break;
 		case YACA_KEY_TYPE_DH_PARAMS:
-			ret = i2d_DHparams_bio(mem, EVP_PKEY_get0(evp_key->evp));
+			ret = i2d_DHparams_bio(mem, EVP_PKEY_get0_DH(evp_key->evp));
 			break;
 		case YACA_KEY_TYPE_EC_PARAMS: {
-			const EC_KEY *eck = EVP_PKEY_get0(evp_key->evp);
+			const EC_KEY *eck = EVP_PKEY_get0_EC_KEY(evp_key->evp);
 			const EC_GROUP *ecg = EC_KEY_get0_group(eck);
 			ret = i2d_ECPKParameters_bio(mem, ecg);
 			break;
@@ -1118,7 +1121,7 @@ static int generate_evp_pkey_params(int evp_id, size_t key_bit_len, EVP_PKEY **p
 	switch (evp_id) {
 	case EVP_PKEY_DSA:
 		if ((key_bit_len & YACA_KEYLEN_COMPONENT_TYPE_MASK) != YACA_KEYLEN_COMPONENT_TYPE_BITS ||
-			key_bit_len > INT_MAX || key_bit_len < 512 || key_bit_len % 64 != 0)
+			key_bit_len > INT_MAX || key_bit_len < 1024 || key_bit_len % 64 != 0)
 			return YACA_ERROR_INVALID_PARAMETER;
 
 		bit_len = key_bit_len;
@@ -1212,8 +1215,7 @@ static int generate_evp_pkey_params(int evp_id, size_t key_bit_len, EVP_PKEY **p
 
 	ret = EVP_PKEY_paramgen(pctx, params);
 	if (ret != 1 || params == NULL) {
-		ret = YACA_ERROR_INTERNAL;
-		ERROR_DUMP(ret);
+		ret = ERROR_HANDLE();
 		goto exit;
 	}
 
@@ -1453,7 +1455,7 @@ API int yaca_key_get_bit_length(const yaca_key_h key, size_t *key_bit_len)
 		case YACA_KEY_TYPE_DH_PRIV:
 		case YACA_KEY_TYPE_DH_PUB:
 		case YACA_KEY_TYPE_DH_PARAMS:
-			ret = EVP_PKEY_bits(evp_key->evp);
+			ret = EVP_PKEY_get_bits(evp_key->evp);
 			if (ret <= 0) {
 				ret = YACA_ERROR_INTERNAL;
 				ERROR_DUMP(ret);
@@ -1467,7 +1469,7 @@ API int yaca_key_get_bit_length(const yaca_key_h key, size_t *key_bit_len)
 		case YACA_KEY_TYPE_EC_PARAMS: {
 			assert(EVP_PKEY_type(EVP_PKEY_id(evp_key->evp)) == EVP_PKEY_EC);
 
-			const EC_KEY *eck = EVP_PKEY_get0(evp_key->evp);
+			const EC_KEY *eck = EVP_PKEY_get0_EC_KEY(evp_key->evp);
 			const EC_GROUP *ecg = EC_KEY_get0_group(eck);
 			int flags = EC_GROUP_get_asn1_flag(ecg);
 			int nid;
@@ -1870,6 +1872,9 @@ API int yaca_key_derive_kdf(yaca_kdf_e kdf,
 	int ret;
 	char *out = NULL;
 	const EVP_MD *md;
+	EVP_KDF *ekdf = NULL;
+	EVP_KDF_CTX *kctx = NULL;
+	OSSL_PARAM params[5];
 
 	if (secret == NULL || secret_len == 0 ||
 		(info == NULL && info_len > 0) || (info != NULL && info_len == 0) ||
@@ -1886,9 +1891,25 @@ API int yaca_key_derive_kdf(yaca_kdf_e kdf,
 
 	switch (kdf) {
 	case YACA_KDF_X942:
-		ret = DH_KDF_X9_42((unsigned char*)out, key_material_len,
-						   (unsigned char*)secret, secret_len,
-						   OBJ_nid2obj(NID_id_smime_alg_ESDH), (unsigned char*)info, info_len, md);
+		ekdf = EVP_KDF_fetch(NULL, OSSL_KDF_NAME_X942KDF_ASN1, NULL);
+		if (ekdf == NULL) {
+			ret = YACA_ERROR_INTERNAL;
+			goto exit;
+		}
+
+		kctx = EVP_KDF_CTX_new(ekdf);
+		if (kctx == NULL) {
+			ret = YACA_ERROR_INTERNAL;
+			goto exit;
+		}
+
+		params[0] = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, (char *)EVP_MD_get0_name(md), 0);
+		params[1] = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SECRET, (unsigned char *)secret, secret_len);
+		params[2] = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_UKM, (unsigned char *)info, info_len);
+		params[3] = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_CEK_ALG, "AES-256-WRAP", 0);
+		params[4] = OSSL_PARAM_construct_end();
+
+		ret = EVP_KDF_derive(kctx, (unsigned char*)out, key_material_len, params);
 		if (ret != 1 || out == NULL) {
 			ret = YACA_ERROR_INTERNAL;
 			ERROR_DUMP(ret);
@@ -1915,6 +1936,8 @@ API int yaca_key_derive_kdf(yaca_kdf_e kdf,
 	ret = YACA_ERROR_NONE;
 
 exit:
+	EVP_KDF_CTX_free(kctx);
+	EVP_KDF_free(ekdf);
 	yaca_free(out);
 	return ret;
 }
diff --git a/src/rsa.c b/src/rsa.c
index 054db73..3a40042 100644
--- a/src/rsa.c
+++ b/src/rsa.c
@@ -47,13 +47,12 @@ int rsa_padding2openssl(yaca_padding_e padding)
 	case YACA_PADDING_X931:
 		return RSA_X931_PADDING;
 	case YACA_PADDING_PKCS1:
+	case YACA_PADDING_PKCS1_SSLV23:
 		return RSA_PKCS1_PADDING;
 	case YACA_PADDING_PKCS1_PSS:
 		return RSA_PKCS1_PSS_PADDING;
 	case YACA_PADDING_PKCS1_OAEP:
 		return RSA_PKCS1_OAEP_PADDING;
-	case YACA_PADDING_PKCS1_SSLV23:
-		return RSA_SSLV23_PADDING;
 	default:
 		assert(false);
 		return -1;
@@ -85,7 +84,7 @@ static int encrypt_decrypt(yaca_padding_e padding,
 	lasym_key = key_get_evp(key);
 	assert(lasym_key != NULL);
 
-	ret = EVP_PKEY_size(lasym_key->evp);
+	ret = EVP_PKEY_get_size(lasym_key->evp);
 	if (ret <= 0) {
 		ret = YACA_ERROR_INTERNAL;
 		ERROR_DUMP(ret);
@@ -104,7 +103,7 @@ static int encrypt_decrypt(yaca_padding_e padding,
 	ret = fn(input_len,
 			 (const unsigned char*)input,
 			 (unsigned char*)loutput,
-			 EVP_PKEY_get0_RSA(lasym_key->evp),
+			 (RSA *)EVP_PKEY_get0_RSA(lasym_key->evp),
 			 lpadding);
 
 	if (ret < 0) {
@@ -199,6 +198,7 @@ API int yaca_rsa_private_encrypt(yaca_padding_e padding,
 	switch (padding) {
 	case YACA_PADDING_NONE:
 	case YACA_PADDING_PKCS1:
+	case YACA_PADDING_PKCS1_SSLV23:
 		break;
 	default:
 		return YACA_ERROR_INVALID_PARAMETER;
@@ -226,6 +226,7 @@ API int yaca_rsa_public_decrypt(yaca_padding_e padding,
 	switch (padding) {
 	case YACA_PADDING_NONE:
 	case YACA_PADDING_PKCS1:
+	case YACA_PADDING_PKCS1_SSLV23:
 		break;
 	default:
 		return YACA_ERROR_INVALID_PARAMETER;
diff --git a/src/seal.c b/src/seal.c
index 73e7abb..778e686 100644
--- a/src/seal.c
+++ b/src/seal.c
@@ -61,7 +61,7 @@ static int seal_generate_iv(const EVP_CIPHER *cipher, yaca_key_h *iv)
 	assert(iv != NULL);
 	assert(cipher != NULL);
 
-	ret = EVP_CIPHER_iv_length(cipher);
+	ret = EVP_CIPHER_get_iv_length(cipher);
 	if (ret < 0) {
 		ret = YACA_ERROR_INTERNAL;
 		ERROR_DUMP(ret);
@@ -98,7 +98,7 @@ static int seal_encrypt_decrypt_key(const yaca_key_h asym_key,
 	assert(lasym_key->key.type == YACA_KEY_TYPE_RSA_PRIV ||
 		   lasym_key->key.type == YACA_KEY_TYPE_RSA_PUB);
 
-	ret = EVP_PKEY_size(lasym_key->evp);
+	ret = EVP_PKEY_get_size(lasym_key->evp);
 	if (ret <= 0) {
 		ret = YACA_ERROR_INTERNAL;
 		ERROR_DUMP(ret);
diff --git a/src/sign.c b/src/sign.c
index 3b4f6f6..848c042 100644
--- a/src/sign.c
+++ b/src/sign.c
@@ -26,7 +26,6 @@
 
 #include <openssl/evp.h>
 #include <openssl/rsa.h>
-#include <openssl/cmac.h>
 
 #include <yaca_crypto.h>
 #include <yaca_sign.h>
@@ -90,7 +89,6 @@ static int get_sign_output_length(const yaca_context_h ctx,
 	assert(output_len != NULL);
 
 	int ret;
-	EVP_PKEY_CTX *pctx;
 	struct yaca_sign_context_s *c = get_sign_context(ctx);
 	assert(c != NULL);
 	assert(c->md_ctx != NULL);
@@ -98,28 +96,14 @@ static int get_sign_output_length(const yaca_context_h ctx,
 	if (input_len != 0)
 		return YACA_ERROR_INVALID_PARAMETER;
 
-	pctx = EVP_MD_CTX_pkey_ctx(c->md_ctx);
-	if (pctx == NULL) {
-		ret = YACA_ERROR_INTERNAL;
-		ERROR_DUMP(ret);
-		return ret;
-	}
-
-	EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(pctx);
-	if (pkey == NULL) {
-		ret = YACA_ERROR_INTERNAL;
-		ERROR_DUMP(ret);
-		return ret;
-	}
-
-	int len = EVP_PKEY_size(pkey);
-	if (len <= 0) {
+	ret = EVP_DigestSign(c->md_ctx, NULL, output_len, NULL, input_len);
+	if (ret != 1) {
+		*output_len = 0;
 		ret = YACA_ERROR_INTERNAL;
 		ERROR_DUMP(ret);
 		return ret;
 	}
 
-	*output_len = len;
 	return YACA_ERROR_NONE;
 }
 
@@ -149,7 +133,7 @@ int set_sign_property(yaca_context_h ctx,
 	if (value == NULL || c->state == CTX_FINALIZED)
 		return YACA_ERROR_INVALID_PARAMETER;
 
-	pctx = EVP_MD_CTX_pkey_ctx(c->md_ctx);
+	pctx = EVP_MD_CTX_get_pkey_ctx(c->md_ctx);
 	if (pctx == NULL) {
 		ret = YACA_ERROR_INTERNAL;
 		ERROR_DUMP(ret);
@@ -211,12 +195,14 @@ API int yaca_sign_initialize(yaca_context_h *ctx,
 
 	switch (prv_key->type) {
 	case YACA_KEY_TYPE_RSA_PRIV:
-		if (EVP_MD_size(md) >= EVP_PKEY_size(evp_key->evp) ||
-			(algo == YACA_DIGEST_SHA384 && (EVP_PKEY_size(evp_key->evp) <= YACA_KEY_LENGTH_512BIT / 8)))
+		if (EVP_MD_size(md) >= EVP_PKEY_get_size(evp_key->evp) ||
+			(algo == YACA_DIGEST_SHA384 && (EVP_PKEY_get_size(evp_key->evp) <= YACA_KEY_LENGTH_512BIT / 8)))
 			return YACA_ERROR_INVALID_PARAMETER;
 		break;
 	case YACA_KEY_TYPE_DSA_PRIV:
 	case YACA_KEY_TYPE_EC_PRIV:
+		if (algo == YACA_DIGEST_MD5)
+			return YACA_ERROR_INVALID_PARAMETER;
 		break;
 	default:
 		return YACA_ERROR_INVALID_PARAMETER;
@@ -327,7 +313,6 @@ API int yaca_sign_initialize_cmac(yaca_context_h *ctx,
 								  const yaca_key_h sym_key)
 {
 	struct yaca_sign_context_s *nc = NULL;
-	CMAC_CTX* cmac_ctx = NULL;
 	const EVP_CIPHER* cipher = NULL;
 	EVP_PKEY *pkey = NULL;
 	int ret;
@@ -352,36 +337,14 @@ API int yaca_sign_initialize_cmac(yaca_context_h *ctx,
 	if (ret != YACA_ERROR_NONE)
 		goto exit;
 
-	/* create and initialize low level CMAC context */
-	cmac_ctx = CMAC_CTX_new();
-	if (cmac_ctx == NULL) {
-		ret = YACA_ERROR_INTERNAL;
-		ERROR_DUMP(ret);
-		goto exit;
-	}
-
-	if (CMAC_Init(cmac_ctx, simple_key->d, simple_key->bit_len / 8, cipher, NULL) != 1) {
-		ret = YACA_ERROR_INTERNAL;
-		ERROR_DUMP(ret);
-		goto exit;
-	}
-
-	/* create key and assign CMAC context to it */
-	pkey = EVP_PKEY_new();
+	/* create CMAC key */
+	pkey = EVP_PKEY_new_CMAC_key(NULL, (unsigned char *) simple_key->d, simple_key->bit_len / 8, cipher);
 	if (pkey == NULL) {
 		ret = YACA_ERROR_INTERNAL;
 		ERROR_DUMP(ret);
 		goto exit;
 	}
 
-	if (EVP_PKEY_assign(pkey, EVP_PKEY_CMAC, cmac_ctx) != 1) {
-		ret = YACA_ERROR_INTERNAL;
-		ERROR_DUMP(ret);
-		goto exit;
-	}
-
-	cmac_ctx = NULL;
-
 	nc->md_ctx = EVP_MD_CTX_create();
 	if (nc->md_ctx == NULL) {
 		ret = YACA_ERROR_INTERNAL;
@@ -402,7 +365,6 @@ API int yaca_sign_initialize_cmac(yaca_context_h *ctx,
 
 exit:
 	EVP_PKEY_free(pkey);
-	CMAC_CTX_free(cmac_ctx);
 	yaca_context_destroy((yaca_context_h)nc);
 
 	return ret;
@@ -484,12 +446,14 @@ API int yaca_verify_initialize(yaca_context_h *ctx,
 
 	switch (pub_key->type) {
 	case YACA_KEY_TYPE_RSA_PUB:
-		if (EVP_MD_size(md) >= EVP_PKEY_size(evp_key->evp) ||
-			(algo == YACA_DIGEST_SHA384 && (EVP_PKEY_size(evp_key->evp) <= YACA_KEY_LENGTH_512BIT / 8)))
+		if (EVP_MD_size(md) >= EVP_PKEY_get_size(evp_key->evp) ||
+			(algo == YACA_DIGEST_SHA384 && (EVP_PKEY_get_size(evp_key->evp) <= YACA_KEY_LENGTH_512BIT / 8)))
 			return YACA_ERROR_INVALID_PARAMETER;
 		break;
 	case YACA_KEY_TYPE_DSA_PUB:
 	case YACA_KEY_TYPE_EC_PUB:
+		if (algo == YACA_DIGEST_MD5)
+			return YACA_ERROR_INVALID_PARAMETER;
 		break;
 	default:
 		return YACA_ERROR_INVALID_PARAMETER;
diff --git a/tests/mock_test_key.cpp b/tests/mock_test_key.cpp
index 73432ac..fd40335 100644
--- a/tests/mock_test_key.cpp
+++ b/tests/mock_test_key.cpp
@@ -128,7 +128,7 @@ BOOST_FIXTURE_TEST_CASE(T1202__mock__negative__key_asymmetric_generate_all, Init
 		{YACA_KEY_TYPE_DSA_PRIV,
 		 YACA_KEY_TYPE_DSA_PUB,
 		 YACA_KEY_TYPE_DSA_PARAMS,
-		 YACA_KEY_LENGTH_512BIT},
+		 YACA_KEY_LENGTH_1024BIT},
 		{YACA_KEY_TYPE_DH_PRIV,
 		 YACA_KEY_TYPE_DH_PUB,
 		 YACA_KEY_TYPE_DH_PARAMS,
@@ -196,7 +196,7 @@ BOOST_FIXTURE_TEST_CASE(T1204__mock__negative__key_asymmetric_import_export, Ini
 		{YACA_KEY_TYPE_DSA_PRIV,
 		 YACA_KEY_TYPE_DSA_PUB,
 		 YACA_KEY_TYPE_DSA_PARAMS,
-		 YACA_KEY_LENGTH_512BIT},
+		 YACA_KEY_LENGTH_1024BIT},
 		{YACA_KEY_TYPE_EC_PRIV,
 		 YACA_KEY_TYPE_EC_PUB,
 		 YACA_KEY_TYPE_EC_PARAMS,
@@ -278,7 +278,7 @@ BOOST_FIXTURE_TEST_CASE(T1205__mock__negative__key_encrypted_import_export, Init
 
 	const std::vector<struct default_args> dargs = {
 		{YACA_KEY_TYPE_RSA_PRIV, YACA_KEY_LENGTH_512BIT},
-		{YACA_KEY_TYPE_DSA_PRIV, YACA_KEY_LENGTH_512BIT}
+		{YACA_KEY_TYPE_DSA_PRIV, YACA_KEY_LENGTH_1024BIT}
 	};
 
 	for (const auto &da: dargs) {
@@ -312,7 +312,7 @@ BOOST_FIXTURE_TEST_CASE(T1205__mock__negative__key_encrypted_import_export, Init
 		{YACA_KEY_TYPE_RSA_PRIV,
 		 YACA_KEY_LENGTH_512BIT},
 		{YACA_KEY_TYPE_DSA_PRIV,
-		 YACA_KEY_LENGTH_512BIT},
+		 YACA_KEY_LENGTH_1024BIT},
 		{YACA_KEY_TYPE_EC_PRIV,
 		 (yaca_key_bit_length_e)YACA_KEY_LENGTH_EC_PRIME256V1},
 		{YACA_KEY_TYPE_DH_PRIV,
diff --git a/tests/mock_test_sign.cpp b/tests/mock_test_sign.cpp
index 59aad1e..edfa290 100644
--- a/tests/mock_test_sign.cpp
+++ b/tests/mock_test_sign.cpp
@@ -49,7 +49,7 @@ BOOST_FIXTURE_TEST_CASE(T1801__mock__negative__sign_verify, InitFixture)
 	const std::vector<sign_args> sargs = {
 		{YACA_KEY_TYPE_RSA_PRIV, YACA_KEY_TYPE_RSA_PUB, YACA_KEY_LENGTH_512BIT,
 		 YACA_DIGEST_SHA1, YACA_PADDING_X931},
-		{YACA_KEY_TYPE_DSA_PRIV, YACA_KEY_TYPE_DSA_PUB, YACA_KEY_LENGTH_512BIT,
+		{YACA_KEY_TYPE_DSA_PRIV, YACA_KEY_TYPE_DSA_PUB, YACA_KEY_LENGTH_1024BIT,
 		 YACA_DIGEST_SHA224, YACA_INVALID_PADDING},
 		{YACA_KEY_TYPE_EC_PRIV, YACA_KEY_TYPE_EC_PUB,
 		 (yaca_key_bit_length_e)YACA_KEY_LENGTH_EC_PRIME192V1,
diff --git a/tests/mock_test_simple.cpp b/tests/mock_test_simple.cpp
index 8dc2bc3..b2caa1a 100644
--- a/tests/mock_test_simple.cpp
+++ b/tests/mock_test_simple.cpp
@@ -128,7 +128,7 @@ BOOST_FIXTURE_TEST_CASE(T1303__mock__negative__simple_calculate_verify_signature
 
 	const std::vector<struct signature_args> sargs = {
 		{YACA_KEY_TYPE_RSA_PRIV, YACA_KEY_LENGTH_512BIT, YACA_DIGEST_MD5},
-		{YACA_KEY_TYPE_DSA_PRIV, YACA_KEY_LENGTH_512BIT, YACA_DIGEST_SHA256},
+		{YACA_KEY_TYPE_DSA_PRIV, YACA_KEY_LENGTH_1024BIT, YACA_DIGEST_SHA256},
 		{YACA_KEY_TYPE_EC_PRIV, (yaca_key_bit_length_e)YACA_KEY_LENGTH_EC_PRIME192V1,
 		 YACA_DIGEST_SHA224}
 	};
diff --git a/tests/openssl_mock_functions.h b/tests/openssl_mock_functions.h
index d11b692..2f733f2 100644
--- a/tests/openssl_mock_functions.h
+++ b/tests/openssl_mock_functions.h
@@ -58,13 +58,13 @@ int MOCK_EC_GROUP_get_asn1_flag(const EC_GROUP *group);
 int MOCK_EC_GROUP_get_curve_name(const EC_GROUP *group);
 EC_KEY *MOCK_EC_KEY_new(void);
 int MOCK_EC_KEY_set_group(EC_KEY *key, const EC_GROUP *group);
-int MOCK_EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx);
+int MOCK_EVP_CIPHER_CTX_get_block_size(const EVP_CIPHER_CTX *ctx);
 int MOCK_EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c);
 int MOCK_EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr);
 EVP_CIPHER_CTX *MOCK_EVP_CIPHER_CTX_new(void);
 int MOCK_EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *x, int keylen);
 int MOCK_EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *c, int pad);
-int MOCK_EVP_CIPHER_iv_length(const EVP_CIPHER *cipher);
+int MOCK_EVP_CIPHER_get_iv_length(const EVP_CIPHER *cipher);
 int MOCK_EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl);
 int MOCK_EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, ENGINE *impl, const unsigned char *key, const unsigned char *iv, int enc);
 int MOCK_EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, const unsigned char *in, int inl);
@@ -78,8 +78,8 @@ int MOCK_EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig, size_t
 int MOCK_EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, const EVP_MD *type, ENGINE *e, EVP_PKEY *pkey);
 int MOCK_EVP_DigestVerifyUpdate(EVP_MD_CTX *ctx, const void *d, size_t cnt);
 EVP_MD_CTX *MOCK_EVP_MD_CTX_create(void);
-EVP_PKEY_CTX *MOCK_EVP_MD_CTX_pkey_ctx(const EVP_MD_CTX *ctx);
-int MOCK_EVP_MD_CTX_size(const EVP_MD_CTX *ctx);
+EVP_PKEY_CTX *MOCK_EVP_MD_CTX_get_pkey_ctx(const EVP_MD_CTX *ctx);
+int MOCK_EVP_MD_CTX_get_size(const EVP_MD_CTX *ctx);
 int MOCK_EVP_PKEY_CTX_ctrl(EVP_PKEY_CTX *ctx, int keytype, int optype, int cmd, int p1, void *p2);
 EVP_PKEY *MOCK_EVP_PKEY_CTX_get0_pkey(EVP_PKEY_CTX *ctx);
 EVP_PKEY_CTX *MOCK_EVP_PKEY_CTX_new(EVP_PKEY *pkey, ENGINE *e);
@@ -95,7 +95,7 @@ int MOCK_EVP_PKEY_assign(EVP_PKEY *pkey, int type, void *key);
 int MOCK_EVP_PKEY_assign_DH(EVP_PKEY *pkey, DH *key);
 int MOCK_EVP_PKEY_assign_DSA(EVP_PKEY *pkey, DSA *key);
 int MOCK_EVP_PKEY_assign_EC_KEY(EVP_PKEY *pkey, EC_KEY *key);
-int MOCK_EVP_PKEY_bits(const EVP_PKEY *pkey);
+int MOCK_EVP_PKEY_get_bits(const EVP_PKEY *pkey);
 int MOCK_EVP_PKEY_decrypt_old(unsigned char *dec_key, const unsigned char *enc_key, int enc_key_len, EVP_PKEY *private_key);
 int MOCK_EVP_PKEY_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen);
 int MOCK_EVP_PKEY_derive_init(EVP_PKEY_CTX *ctx);
@@ -107,7 +107,7 @@ EVP_PKEY *MOCK_EVP_PKEY_new(void);
 EVP_PKEY *MOCK_EVP_PKEY_new_mac_key(int type, ENGINE *e, const unsigned char *key, int keylen);
 int MOCK_EVP_PKEY_paramgen(EVP_PKEY_CTX *ctx, EVP_PKEY **ppkey);
 int MOCK_EVP_PKEY_paramgen_init(EVP_PKEY_CTX *ctx);
-int MOCK_EVP_PKEY_size(EVP_PKEY *pkey);
+int MOCK_EVP_PKEY_get_size(EVP_PKEY *pkey);
 int MOCK_EVP_PKEY_up_ref(EVP_PKEY *pkey);
 const EVP_CIPHER *MOCK_EVP_aes_128_cbc(void);
 const EVP_CIPHER *MOCK_EVP_aes_128_ccm(void);
diff --git a/tests/openssl_mock_impl.c b/tests/openssl_mock_impl.c
index 3af1917..b18081e 100644
--- a/tests/openssl_mock_impl.c
+++ b/tests/openssl_mock_impl.c
@@ -187,11 +187,11 @@ int MOCK_EC_KEY_set_group(EC_KEY *key, const EC_GROUP *group)
 	return EC_KEY_set_group(key, group);
 }
 
-int GET_BOOL_NAME(EVP_CIPHER_CTX_block_size) = 0;
-int MOCK_EVP_CIPHER_CTX_block_size(const EVP_CIPHER_CTX *ctx)
+int GET_BOOL_NAME(EVP_CIPHER_CTX_get_block_size) = 0;
+int MOCK_EVP_CIPHER_CTX_get_block_size(const EVP_CIPHER_CTX *ctx)
 {
-	HANDLE_FUNCTION(EVP_CIPHER_CTX_block_size, 0, 0);
-	return EVP_CIPHER_CTX_block_size(ctx);
+	HANDLE_FUNCTION(EVP_CIPHER_CTX_get_block_size, 0, 0);
+	return EVP_CIPHER_CTX_get_block_size(ctx);
 }
 
 int GET_BOOL_NAME(EVP_CIPHER_CTX_cleanup) = 0;
@@ -229,11 +229,11 @@ int MOCK_EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *c, int pad)
 	return EVP_CIPHER_CTX_set_padding(c, pad);
 }
 
-int GET_BOOL_NAME(EVP_CIPHER_iv_length) = 0;
-int MOCK_EVP_CIPHER_iv_length(const EVP_CIPHER *cipher)
+int GET_BOOL_NAME(EVP_CIPHER_get_iv_length) = 0;
+int MOCK_EVP_CIPHER_get_iv_length(const EVP_CIPHER *cipher)
 {
-	HANDLE_FUNCTION(EVP_CIPHER_iv_length, -1, 0);
-	return EVP_CIPHER_iv_length(cipher);
+	HANDLE_FUNCTION(EVP_CIPHER_get_iv_length, -1, 0);
+	return EVP_CIPHER_get_iv_length(cipher);
 }
 
 int GET_BOOL_NAME(EVP_CipherFinal) = 0;
@@ -327,18 +327,18 @@ EVP_MD_CTX *MOCK_EVP_MD_CTX_create()
 	return EVP_MD_CTX_create();
 }
 
-int GET_BOOL_NAME(EVP_MD_CTX_pkey_ctx) = 0;
-EVP_PKEY_CTX *MOCK_EVP_MD_CTX_pkey_ctx(const EVP_MD_CTX *ctx)
+int GET_BOOL_NAME(EVP_MD_CTX_get_pkey_ctx) = 0;
+EVP_PKEY_CTX *MOCK_EVP_MD_CTX_get_pkey_ctx(const EVP_MD_CTX *ctx)
 {
-	HANDLE_FUNCTION(EVP_MD_CTX_pkey_ctx, NULL, 0);
-	return EVP_MD_CTX_pkey_ctx(ctx);
+	HANDLE_FUNCTION(EVP_MD_CTX_get_pkey_ctx, NULL, 0);
+	return EVP_MD_CTX_get_pkey_ctx(ctx);
 }
 
-int GET_BOOL_NAME(EVP_MD_CTX_size) = 0;
-int MOCK_EVP_MD_CTX_size(const EVP_MD_CTX *ctx)
+int GET_BOOL_NAME(EVP_MD_CTX_get_size) = 0;
+int MOCK_EVP_MD_CTX_get_size(const EVP_MD_CTX *ctx)
 {
-	HANDLE_FUNCTION(EVP_MD_CTX_size, 0, 0);
-	return EVP_MD_CTX_size(ctx);
+	HANDLE_FUNCTION(EVP_MD_CTX_get_size, 0, 0);
+	return EVP_MD_CTX_get_size(ctx);
 }
 
 int GET_BOOL_NAME(EVP_PKEY_CTX_ctrl) = 0;
@@ -446,11 +446,11 @@ int MOCK_EVP_PKEY_assign_EC_KEY(EVP_PKEY *pkey, EC_KEY *key)
 	return EVP_PKEY_assign_EC_KEY(pkey, key);
 }
 
-int GET_BOOL_NAME(EVP_PKEY_bits) = 0;
-int MOCK_EVP_PKEY_bits(const EVP_PKEY *pkey)
+int GET_BOOL_NAME(EVP_PKEY_get_bits) = 0;
+int MOCK_EVP_PKEY_get_bits(const EVP_PKEY *pkey)
 {
-	HANDLE_FUNCTION(EVP_PKEY_bits, 0, 0);
-	return EVP_PKEY_bits(pkey);
+	HANDLE_FUNCTION(EVP_PKEY_get_bits, 0, 0);
+	return EVP_PKEY_get_bits(pkey);
 }
 
 int GET_BOOL_NAME(EVP_PKEY_decrypt_old) = 0;
@@ -530,12 +530,12 @@ int MOCK_EVP_PKEY_paramgen_init(EVP_PKEY_CTX *ctx)
 	return EVP_PKEY_paramgen_init(ctx);
 }
 
-int GET_BOOL_NAME(EVP_PKEY_size) = 0;
-int MOCK_EVP_PKEY_size(EVP_PKEY *pkey)
+int GET_BOOL_NAME(EVP_PKEY_get_size) = 0;
+int MOCK_EVP_PKEY_get_size(EVP_PKEY *pkey)
 {
 	/* Cannot fail? */
-	HANDLE_FUNCTION(EVP_PKEY_size, 0, 0);
-	return EVP_PKEY_size(pkey);
+	HANDLE_FUNCTION(EVP_PKEY_get_size, 0, 0);
+	return EVP_PKEY_get_size(pkey);
 }
 
 int GET_BOOL_NAME(EVP_PKEY_up_ref) = 0;
diff --git a/tests/openssl_mock_impl.h b/tests/openssl_mock_impl.h
index c0c089c..526640a 100644
--- a/tests/openssl_mock_impl.h
+++ b/tests/openssl_mock_impl.h
@@ -53,13 +53,13 @@ extern int GET_BOOL_NAME(EC_GROUP_get_asn1_flag);
 extern int GET_BOOL_NAME(EC_GROUP_get_curve_name);
 extern int GET_BOOL_NAME(EC_KEY_new);
 extern int GET_BOOL_NAME(EC_KEY_set_group);
-extern int GET_BOOL_NAME(EVP_CIPHER_CTX_block_size);
+extern int GET_BOOL_NAME(EVP_CIPHER_CTX_get_block_size);
 extern int GET_BOOL_NAME(EVP_CIPHER_CTX_cleanup);
 extern int GET_BOOL_NAME(EVP_CIPHER_CTX_ctrl);
 extern int GET_BOOL_NAME(EVP_CIPHER_CTX_new);
 extern int GET_BOOL_NAME(EVP_CIPHER_CTX_set_key_length);
 extern int GET_BOOL_NAME(EVP_CIPHER_CTX_set_padding);
-extern int GET_BOOL_NAME(EVP_CIPHER_iv_length);
+extern int GET_BOOL_NAME(EVP_CIPHER_get_iv_length);
 extern int GET_BOOL_NAME(EVP_CipherFinal);
 extern int GET_BOOL_NAME(EVP_CipherUpdate);
 extern int GET_BOOL_NAME(EVP_DigestFinal_ex);
@@ -72,8 +72,8 @@ extern int GET_BOOL_NAME(EVP_DigestVerifyFinal);
 extern int GET_BOOL_NAME(EVP_DigestVerifyInit);
 extern int GET_BOOL_NAME(EVP_DigestVerifyUpdate);
 extern int GET_BOOL_NAME(EVP_MD_CTX_create);
-extern int GET_BOOL_NAME(EVP_MD_CTX_pkey_ctx);
-extern int GET_BOOL_NAME(EVP_MD_CTX_size);
+extern int GET_BOOL_NAME(EVP_MD_CTX_get_pkey_ctx);
+extern int GET_BOOL_NAME(EVP_MD_CTX_get_size);
 extern int GET_BOOL_NAME(EVP_PKEY_CTX_ctrl);
 extern int GET_BOOL_NAME(EVP_PKEY_CTX_get0_pkey);
 extern int GET_BOOL_NAME(EVP_PKEY_CTX_new);
@@ -89,7 +89,7 @@ extern int GET_BOOL_NAME(EVP_PKEY_assign);
 extern int GET_BOOL_NAME(EVP_PKEY_assign_DH);
 extern int GET_BOOL_NAME(EVP_PKEY_assign_DSA);
 extern int GET_BOOL_NAME(EVP_PKEY_assign_EC_KEY);
-extern int GET_BOOL_NAME(EVP_PKEY_bits);
+extern int GET_BOOL_NAME(EVP_PKEY_get_bits);
 extern int GET_BOOL_NAME(EVP_PKEY_decrypt_old);
 extern int GET_BOOL_NAME(EVP_PKEY_derive);
 extern int GET_BOOL_NAME(EVP_PKEY_derive_init);
@@ -101,7 +101,7 @@ extern int GET_BOOL_NAME(EVP_PKEY_new);
 extern int GET_BOOL_NAME(EVP_PKEY_new_mac_key);
 extern int GET_BOOL_NAME(EVP_PKEY_paramgen);
 extern int GET_BOOL_NAME(EVP_PKEY_paramgen_init);
-extern int GET_BOOL_NAME(EVP_PKEY_size);
+extern int GET_BOOL_NAME(EVP_PKEY_get_size);
 extern int GET_BOOL_NAME(EVP_PKEY_up_ref);
 extern int GET_BOOL_NAME(EVP_aes_128_cbc);
 extern int GET_BOOL_NAME(EVP_aes_128_ccm);
diff --git a/tests/openssl_mock_redefine.h b/tests/openssl_mock_redefine.h
index 2b7750b..8906de6 100644
--- a/tests/openssl_mock_redefine.h
+++ b/tests/openssl_mock_redefine.h
@@ -56,14 +56,14 @@
 #define EC_GROUP_get_curve_name(a) MOCK_EC_GROUP_get_curve_name(a)
 #define EC_KEY_new() MOCK_EC_KEY_new()
 #define EC_KEY_set_group(a, b) MOCK_EC_KEY_set_group(a, b)
-#define EVP_CIPHER_CTX_block_size(a) MOCK_EVP_CIPHER_CTX_block_size(a)
+#define EVP_CIPHER_CTX_get_block_size(a) MOCK_EVP_CIPHER_CTX_get_block_size(a)
 #undef EVP_CIPHER_CTX_cleanup
 #define EVP_CIPHER_CTX_cleanup(a) MOCK_EVP_CIPHER_CTX_cleanup(a)
 #define EVP_CIPHER_CTX_ctrl(a, b, c, d) MOCK_EVP_CIPHER_CTX_ctrl(a, b, c, d)
 #define EVP_CIPHER_CTX_new() MOCK_EVP_CIPHER_CTX_new()
 #define EVP_CIPHER_CTX_set_key_length(a, b) MOCK_EVP_CIPHER_CTX_set_key_length(a, b)
 #define EVP_CIPHER_CTX_set_padding(a, b) MOCK_EVP_CIPHER_CTX_set_padding(a, b)
-#define EVP_CIPHER_iv_length(a) MOCK_EVP_CIPHER_iv_length(a)
+#define EVP_CIPHER_get_iv_length(a) MOCK_EVP_CIPHER_get_iv_length(a)
 #define EVP_CipherFinal(a, b, c) MOCK_EVP_CipherFinal(a, b, c)
 #define EVP_CipherInit_ex(a, b, c, d, e, f) MOCK_EVP_CipherInit_ex(a, b, c, d, e, f)
 #define EVP_CipherUpdate(a, b, c, d, e) MOCK_EVP_CipherUpdate(a, b, c, d, e)
@@ -81,9 +81,9 @@
 #define EVP_DigestVerifyUpdate(a, b, c) MOCK_EVP_DigestVerifyUpdate(a, b, c)
 #undef EVP_MD_CTX_create
 #define EVP_MD_CTX_create() MOCK_EVP_MD_CTX_create()
-#define EVP_MD_CTX_pkey_ctx(a) MOCK_EVP_MD_CTX_pkey_ctx(a)
-#undef EVP_MD_CTX_size
-#define EVP_MD_CTX_size(a) MOCK_EVP_MD_CTX_size(a)
+#define EVP_MD_CTX_get_pkey_ctx(a) MOCK_EVP_MD_CTX_get_pkey_ctx(a)
+#undef EVP_MD_CTX_get_size
+#define EVP_MD_CTX_get_size(a) MOCK_EVP_MD_CTX_get_size(a)
 #define EVP_PKEY_CTX_ctrl(a, b, c, d, e, f) MOCK_EVP_PKEY_CTX_ctrl(a, b, c, d, e, f)
 #define EVP_PKEY_CTX_get0_pkey(a) MOCK_EVP_PKEY_CTX_get0_pkey(a)
 #define EVP_PKEY_CTX_new(a, b) MOCK_EVP_PKEY_CTX_new(a, b)
@@ -109,7 +109,7 @@
 #define EVP_PKEY_assign_DSA(a, b) MOCK_EVP_PKEY_assign_DSA(a, b)
 #undef EVP_PKEY_assign_EC_KEY
 #define EVP_PKEY_assign_EC_KEY(a, b) MOCK_EVP_PKEY_assign_EC_KEY(a, b)
-#define EVP_PKEY_bits(a) MOCK_EVP_PKEY_bits(a)
+#define EVP_PKEY_get_bits(a) MOCK_EVP_PKEY_get_bits(a)
 #define EVP_PKEY_decrypt_old(a, b, c, d) MOCK_EVP_PKEY_decrypt_old(a, b, c, d)
 #define EVP_PKEY_derive(a, b, c) MOCK_EVP_PKEY_derive(a, b, c)
 #define EVP_PKEY_derive_init(a) MOCK_EVP_PKEY_derive_init(a)
@@ -121,7 +121,7 @@
 #define EVP_PKEY_new_mac_key(a, b, c, d) MOCK_EVP_PKEY_new_mac_key(a, b, c, d)
 #define EVP_PKEY_paramgen(a, b) MOCK_EVP_PKEY_paramgen(a, b)
 #define EVP_PKEY_paramgen_init(a) MOCK_EVP_PKEY_paramgen_init(a)
-#define EVP_PKEY_size(a) MOCK_EVP_PKEY_size(a)
+#define EVP_PKEY_get_size(a) MOCK_EVP_PKEY_get_size(a)
 #define EVP_PKEY_up_ref(a) MOCK_EVP_PKEY_up_ref(a)
 /* Special cases for algorithms, used as function pointers in YACA */
 #define EVP_aes_128_cbc MOCK_EVP_aes_128_cbc
diff --git a/tests/test_debug.cpp b/tests/test_debug.cpp
index 8d366ab..1322ccf 100644
--- a/tests/test_debug.cpp
+++ b/tests/test_debug.cpp
@@ -120,24 +120,24 @@ BOOST_FIXTURE_TEST_CASE(T003__positive__error_dump, CallbackCleanup)
 
 	/* I won't check the string that's been generated. It's too
 	 * volatile. Some regexp can be implemented at most. */
-	PEMerr(PEM_F_LOAD_IV, PEM_R_READ_KEY);
+	ERR_raise(ERR_LIB_PEM, PEM_R_READ_KEY);
 	ERROR_DUMP(YACA_ERROR_INTERNAL);
 	BOOST_REQUIRE(error_cb_called == 1);
-	RSAerr(RSA_F_RSA_VERIFY, RSA_R_DATA_TOO_LARGE);
+	ERR_raise(ERR_LIB_RSA, RSA_R_DATA_TOO_LARGE);
 	ERROR_DUMP(-1 * YACA_ERROR_INTERNAL);
 	BOOST_REQUIRE(error_cb_called == 2);
 
 	/* The check that makes sense though is ellipsis. Also it'll
 	 * trigger the ellipsis code so it's at least a crash check.
 	 * No, those errors don't have to make any sense. */
-	RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_KEY_SIZE_TOO_SMALL);
-	RSAerr(RSA_F_RSA_SIGN, RSA_R_MODULUS_TOO_LARGE);
-	DSAerr(DSA_F_PKEY_DSA_KEYGEN, DSA_R_PARAMETER_ENCODING_ERROR);
-	DSAerr(DSA_F_DSA_SIGN_SETUP, DSA_R_MODULUS_TOO_LARGE);
-	PEMerr(PEM_F_PEM_ASN1_WRITE, PEM_R_BAD_PASSWORD_READ);
-	PEMerr(PEM_F_PEM_READ_DHPARAMS, PEM_R_UNSUPPORTED_CIPHER);
-	PEMerr(PEM_F_PEM_READ_BIO_EX, PEM_R_ERROR_CONVERTING_PRIVATE_KEY);
-	RSAerr(RSA_F_ENCODE_PKCS1, RSA_R_VALUE_MISSING);
+	ERR_raise(ERR_LIB_RSA, RSA_R_KEY_SIZE_TOO_SMALL);
+	ERR_raise(ERR_LIB_RSA, RSA_R_UNSUPPORTED_SIGNATURE_TYPE);
+	ERR_raise(ERR_LIB_RSA, RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
+	ERR_raise(ERR_LIB_RSA, RSA_R_UNSUPPORTED_ENCRYPTION_TYPE);
+	ERR_raise(ERR_LIB_RSA, RSA_R_MODULUS_TOO_LARGE);
+	ERR_raise(ERR_LIB_RSA, RSA_R_WRONG_SIGNATURE_LENGTH);
+	ERR_raise(ERR_LIB_RSA, RSA_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE);
+	ERR_raise(ERR_LIB_RSA, RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD);
 	ERROR_DUMP(YACA_ERROR_INTERNAL);
 	BOOST_REQUIRE(error_cb_called == 3);
 
@@ -157,39 +157,37 @@ BOOST_FIXTURE_TEST_CASE(T004__positive__error_handle, CallbackCleanup)
 
 	const std::vector<struct error_args> eargs = {
 		{-1, -1, YACA_ERROR_INTERNAL, 0},
-		{ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_OSSL_PRIVATE_DECRYPT, RSA_R_DATA_GREATER_THAN_MOD_LEN),
+		{ERR_PACK(ERR_LIB_RSA, 0, RSA_R_DATA_GREATER_THAN_MOD_LEN),
 		 -1, YACA_ERROR_INVALID_PARAMETER, 0},
-		{ERR_PACK(ERR_LIB_RSA, RSA_F_PKEY_RSA_CTRL, RSA_R_KEY_SIZE_TOO_SMALL),
+		{ERR_PACK(ERR_LIB_RSA, 0, RSA_R_KEY_SIZE_TOO_SMALL),
 		 -1, YACA_ERROR_INVALID_PARAMETER, 0},
-		{ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_GET_OBJECT, ASN1_R_TOO_LONG),
-		 ERR_PACK(ERR_LIB_RSA, RSA_F_OLD_RSA_PRIV_DECODE, ERR_R_RSA_LIB),
+		{ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_TOO_LONG),
+		 ERR_PACK(ERR_LIB_RSA, 0, ERR_R_RSA_LIB),
 		 YACA_ERROR_INVALID_PASSWORD, 0},
-		{ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_GET_OBJECT, ASN1_R_HEADER_TOO_LONG),
-		 ERR_PACK(ERR_LIB_RSA, RSA_F_OLD_RSA_PRIV_DECODE, RSA_R_DIGEST_NOT_ALLOWED),
+		{ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_HEADER_TOO_LONG),
+		 ERR_PACK(ERR_LIB_RSA, 0, RSA_R_DIGEST_NOT_ALLOWED),
 		 YACA_ERROR_INVALID_PARAMETER, 0},
-		{ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_READ_BIO_PRIVATEKEY, PEM_R_BAD_PASSWORD_READ),
+		{ERR_PACK(ERR_LIB_PEM, 0, PEM_R_BAD_PASSWORD_READ),
 		 -1, YACA_ERROR_INVALID_PASSWORD, 0},
-		{ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_DO_HEADER, PEM_R_BAD_DECRYPT),
+		{ERR_PACK(ERR_LIB_PEM, 0, PEM_R_BAD_DECRYPT),
 		 -1, YACA_ERROR_INVALID_PASSWORD, 0},
-		{ERR_PACK(ERR_LIB_RSA, RSA_F_CHECK_PADDING_MD, PEM_R_BAD_DECRYPT),
+		{ERR_PACK(ERR_LIB_RSA, 0, RSA_R_BLOCK_TYPE_IS_NOT_01),
 		 -1, YACA_ERROR_INVALID_PARAMETER, 0},
-		{ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_PADDING_ADD_PKCS1_OAEP, PEM_R_BAD_DECRYPT),
-		 -1, YACA_ERROR_INVALID_PARAMETER, 0},
-		{ERR_PACK(ERR_LIB_EC, EC_F_PKEY_EC_SIGN, ERR_R_MALLOC_FAILURE),
+		{ERR_PACK(ERR_LIB_EC, 0, ERR_R_MALLOC_FAILURE),
 		 -1, YACA_ERROR_OUT_OF_MEMORY, 0},
-		{ERR_PACK(ERR_LIB_EC, EC_F_PKEY_EC_SIGN, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED),
+		{ERR_PACK(ERR_LIB_EC, 0, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED),
 		 -1, YACA_ERROR_INVALID_PARAMETER, 0},
-		{ERR_PACK(ERR_LIB_EC, EC_F_PKEY_EC_SIGN, ERR_R_PASSED_NULL_PARAMETER),
+		{ERR_PACK(ERR_LIB_EC, 0, ERR_R_PASSED_NULL_PARAMETER),
 		 -1, YACA_ERROR_INVALID_PARAMETER, 0},
-		{ERR_PACK(ERR_LIB_EC, EC_F_PKEY_EC_SIGN, ERR_R_INTERNAL_ERROR),
+		{ERR_PACK(ERR_LIB_SSL, 0, ERR_R_INTERNAL_ERROR),
 		 -1, YACA_ERROR_INTERNAL, 0},
-		{ERR_PACK(ERR_LIB_EC, EC_F_PKEY_EC_SIGN, ERR_R_DISABLED),
+		{ERR_PACK(ERR_LIB_EC, 0, ERR_R_DISABLED),
 		 -1, YACA_ERROR_INTERNAL, 0},
-		{ERR_PACK(ERR_LIB_RSA, RSA_F_SETUP_TBUF, RSA_R_BAD_SIGNATURE),
+		{ERR_PACK(ERR_LIB_RSA, 0, RSA_R_BAD_SIGNATURE),
 		 -1, YACA_ERROR_INTERNAL, 1},
-		{ERR_PACK(ERR_LIB_DSA, DSA_F_DSA_NEW_METHOD, DSA_R_BN_ERROR),
+		{ERR_PACK(ERR_LIB_DSA, 0, DSA_R_BN_ERROR),
 		 -1, YACA_ERROR_INTERNAL, 1},
-		{ERR_PACK(ERR_LIB_EC, EC_F_BN_TO_FELEM, EC_R_SLOT_FULL),
+		{ERR_PACK(ERR_LIB_EC, 0, EC_R_SLOT_FULL),
 		 -1, YACA_ERROR_INTERNAL, 1},
 	};
 
@@ -199,12 +197,10 @@ BOOST_FIXTURE_TEST_CASE(T004__positive__error_handle, CallbackCleanup)
 		error_cb_called = 0;
 
 		if (ea.err1 != -1) {
-			ERR_PUT_error(ERR_GET_LIB(ea.err1), ERR_GET_FUNC(ea.err1),
-						  ERR_GET_REASON(ea.err1), OPENSSL_FILE, OPENSSL_LINE);
+			ERR_raise(ERR_GET_LIB(ea.err1), ERR_GET_REASON(ea.err1));
 		}
 		if (ea.err2 != -1) {
-			ERR_PUT_error(ERR_GET_LIB(ea.err2), ERR_GET_FUNC(ea.err2),
-						  ERR_GET_REASON(ea.err2), OPENSSL_FILE, OPENSSL_LINE);
+			ERR_raise(ERR_GET_LIB(ea.err2), ERR_GET_REASON(ea.err2));
 		}
 
 		int ret = ERROR_HANDLE();
diff --git a/tests/test_key.cpp b/tests/test_key.cpp
index d2ba692..4746aad 100644
--- a/tests/test_key.cpp
+++ b/tests/test_key.cpp
@@ -172,21 +172,18 @@ BOOST_FIXTURE_TEST_CASE(T201__positive__key_generate, InitDebugFixture)
 		{YACA_KEY_TYPE_DSA_PRIV,
 		 YACA_KEY_LENGTH_2048BIT,
 		 YACA_KEY_LENGTH_2048BIT},
-		{YACA_KEY_TYPE_DSA_PRIV,
-		 576,
-		 576},
-		{YACA_KEY_TYPE_DSA_PRIV,
-		 896,
-		 896},
+	        {YACA_KEY_TYPE_DSA_PRIV,
+	         YACA_KEY_LENGTH_1024BIT,
+	         YACA_KEY_LENGTH_1024BIT},
 		{YACA_KEY_TYPE_DH_PRIV,
 		 (yaca_key_bit_length_e)YACA_KEY_LENGTH_DH_RFC_2048_224,
 		 YACA_KEY_LENGTH_2048BIT},
 		{YACA_KEY_TYPE_DH_PRIV,
-		 (yaca_key_bit_length_e)(YACA_KEY_LENGTH_DH_GENERATOR_2 | 264),
-		 264},
+		 (yaca_key_bit_length_e)(YACA_KEY_LENGTH_DH_GENERATOR_2 | 512),
+		 512},
 		{YACA_KEY_TYPE_DH_PRIV,
-		 (yaca_key_bit_length_e)(YACA_KEY_LENGTH_DH_GENERATOR_5 | 376),
-		 376},
+		 (yaca_key_bit_length_e)(YACA_KEY_LENGTH_DH_GENERATOR_5 | 512),
+		 512},
 		{YACA_KEY_TYPE_EC_PRIV,
 		 (yaca_key_bit_length_e)YACA_KEY_LENGTH_EC_SECP384R1,
 		 (yaca_key_bit_length_e)YACA_KEY_LENGTH_EC_SECP384R1}
@@ -335,7 +332,7 @@ BOOST_FIXTURE_TEST_CASE(T204__negative__key_generate_from_parameters, InitDebugF
 	yaca_key_h key_sym = YACA_KEY_NULL, key_params = YACA_KEY_NULL;
 	yaca_key_h key = YACA_KEY_NULL;
 
-	generate_asymmetric_keys(YACA_KEY_TYPE_DSA_PRIV, YACA_KEY_LENGTH_512BIT,
+	generate_asymmetric_keys(YACA_KEY_TYPE_DSA_PRIV, YACA_KEY_LENGTH_1024BIT,
 							  &key_prv, &key_pub, &key_params);
 
 	ret = yaca_key_generate(YACA_KEY_TYPE_SYMMETRIC, YACA_KEY_LENGTH_UNSAFE_128BIT, &key_sym);
@@ -458,7 +455,7 @@ BOOST_FIXTURE_TEST_CASE(T206__negative__key_extract_public_parameters, InitDebug
 	yaca_key_h key_sym = YACA_KEY_NULL, key_params = YACA_KEY_NULL;
 	yaca_key_h key = YACA_KEY_NULL;
 
-	generate_asymmetric_keys(YACA_KEY_TYPE_DSA_PRIV, YACA_KEY_LENGTH_512BIT, &key_prv, &key_pub, &key_params);
+	generate_asymmetric_keys(YACA_KEY_TYPE_DSA_PRIV, YACA_KEY_LENGTH_1024BIT, &key_prv, &key_pub, &key_params);
 
 	ret = yaca_key_generate(YACA_KEY_TYPE_SYMMETRIC, YACA_KEY_LENGTH_UNSAFE_128BIT, &key_sym);
 	BOOST_REQUIRE(ret == YACA_ERROR_NONE);
diff --git a/tests/test_sign.cpp b/tests/test_sign.cpp
index 9aed73d..2b682fd 100644
--- a/tests/test_sign.cpp
+++ b/tests/test_sign.cpp
@@ -91,7 +91,7 @@ BOOST_FIXTURE_TEST_CASE(T801__positive__sign_verify, InitDebugFixture)
 		{YACA_KEY_TYPE_RSA_PRIV, YACA_KEY_LENGTH_2048BIT,
 		 YACA_DIGEST_SHA512, YACA_PADDING_PKCS1_PSS, 12},
 
-		{YACA_KEY_TYPE_DSA_PRIV, YACA_KEY_LENGTH_512BIT,
+		{YACA_KEY_TYPE_DSA_PRIV, YACA_KEY_LENGTH_1024BIT,
 		 YACA_DIGEST_SHA256, YACA_INVALID_PADDING, 5},
 		{YACA_KEY_TYPE_DSA_PRIV, YACA_KEY_LENGTH_1024BIT,
 		 YACA_DIGEST_SHA224, YACA_INVALID_PADDING, 31},
@@ -637,7 +637,7 @@ BOOST_FIXTURE_TEST_CASE(T804__negative__sign_cmac, InitDebugFixture)
 	BOOST_REQUIRE(ret == YACA_ERROR_NONE);
 
 	generate_asymmetric_keys(YACA_KEY_TYPE_RSA_PRIV, YACA_KEY_LENGTH_512BIT, &key_rsa);
-	generate_asymmetric_keys(YACA_KEY_TYPE_DSA_PRIV, YACA_KEY_LENGTH_512BIT, &key_dsa);
+	generate_asymmetric_keys(YACA_KEY_TYPE_DSA_PRIV, YACA_KEY_LENGTH_1024BIT, &key_dsa);
 
 	/* SIGN */
 	{
@@ -848,7 +848,7 @@ BOOST_FIXTURE_TEST_CASE(T806__negative__sign_hmac, InitDebugFixture)
 	BOOST_REQUIRE(ret == YACA_ERROR_NONE);
 
 	generate_asymmetric_keys(YACA_KEY_TYPE_RSA_PRIV, YACA_KEY_LENGTH_512BIT, &key_rsa);
-	generate_asymmetric_keys(YACA_KEY_TYPE_DSA_PRIV, YACA_KEY_LENGTH_512BIT, &key_dsa);
+	generate_asymmetric_keys(YACA_KEY_TYPE_DSA_PRIV, YACA_KEY_LENGTH_1024BIT, &key_dsa);
 
 	/* SIGN */
 	{
diff --git a/tests/test_simple.cpp b/tests/test_simple.cpp
index e218cbf..6c10468 100644
--- a/tests/test_simple.cpp
+++ b/tests/test_simple.cpp
@@ -414,7 +414,7 @@ BOOST_FIXTURE_TEST_CASE(T307__negative__simple_calculate_verify_signature, InitD
 	BOOST_REQUIRE(ret == YACA_ERROR_NONE);
 	ret = yaca_key_extract_public(key_priv, &key_pub);
 	BOOST_REQUIRE(ret == YACA_ERROR_NONE);
-	ret = yaca_key_generate(YACA_KEY_TYPE_DSA_PRIV, YACA_KEY_LENGTH_512BIT, &key_dsa);
+	ret = yaca_key_generate(YACA_KEY_TYPE_DSA_PRIV, YACA_KEY_LENGTH_1024BIT, &key_dsa);
 	BOOST_REQUIRE(ret == YACA_ERROR_NONE);
 	ret = yaca_key_generate(YACA_KEY_TYPE_EC_PRIV, YACA_KEY_LENGTH_EC_PRIME256V1, &key_ec);
 	BOOST_REQUIRE(ret == YACA_ERROR_NONE);
-- 
2.7.4