openssl compatibility

8.1.9+dfsg-10build1 did not compile from the source tree as cloned with git on Ubuntu 20.04.5 LTS.
(commit 59cdf7a695a3b677ce97b0a52c96c221fe7b6b15 )

The issues were that some "structures" were allocated on stack, but the size was not known to the compiler, ending up with compilation errors. It appeared the more recent usage is to allocate the buffer dynamically through dedicated functions. The diffs are shown below. This may not be a problem depending on the ssl library versions, though.

diff --git a/source/libs/comm/cl_ssl_framework.c b/source/libs/comm/cl_ssl_framework.c
index 86f88ba..2d062d9 100644
--- a/source/libs/comm/cl_ssl_framework.c
+++ b/source/libs/comm/cl_ssl_framework.c
@@ -484,7 +484,7 @@ static int cl_com_ssl_set_default_mode(SSL_CTX *ctx, SSL *ssl) {
 static int ssl_callback_SSLVerify_CRL(int ok, X509_STORE_CTX *ctx, cl_com_ssl_private_t* private) {
    X509 *cert = NULL;
    X509_LOOKUP *lookup = NULL;
- X509_STORE_CTX verify_ctx;
+ X509_STORE_CTX *verify_ctx=NULL;
    int err;
    int is_ok = true;
    SGE_STRUCT_STAT stat_buffer;
@@ -545,20 +545,21 @@ static int ssl_callback_SSLVerify_CRL(int ok, X509_STORE_CTX *ctx, cl_com_ssl_pr
    cert = X509_STORE_CTX_get_current_cert(ctx);
    if (is_ok == true && cert != NULL) {
        /* X509_STORE_CTX_init did not return an error condition in prior versions */
- if (X509_STORE_CTX_init(&verify_ctx, private->ssl_crl_data->store, cert, NULL) != 1) {
+ verify_ctx = X509_STORE_CTX_new();
+ if (X509_STORE_CTX_init(verify_ctx, private->ssl_crl_data->store, cert, NULL) != 1) {
           CL_LOG(CL_LOG_ERROR, "Error initializing verification context");
           is_ok = false;
        } else {
           /* verify the certificate */
- if (X509_verify_cert(&verify_ctx) != 1) {
+ if (X509_verify_cert(verify_ctx) != 1) {
              is_ok = false;
           }
        }
        if (is_ok == false) {
- err = X509_STORE_CTX_get_error(&verify_ctx);
+ err = X509_STORE_CTX_get_error(verify_ctx);
            X509_STORE_CTX_set_error(ctx, err);
        }
- X509_STORE_CTX_cleanup(&verify_ctx);
+ X509_STORE_CTX_free(verify_ctx);
    } else {
       if (is_ok == false) {
          CL_LOG(CL_LOG_ERROR,"X509 store is not valid");
diff --git a/source/utilbin/sge_passwd.c b/source/utilbin/sge_passwd.c
index bdbecec..b08dc2e 100644
--- a/source/utilbin/sge_passwd.c
+++ b/source/utilbin/sge_passwd.c
@@ -280,7 +280,7 @@ buffer_encrypt(const char *buffer_in, size_t buffer_in_length,
                size_t *buffer_out_length)
 {
    unsigned int ebuflen;
- EVP_CIPHER_CTX ectx;
+ EVP_CIPHER_CTX *ectx=NULL;
    unsigned char iv[EVP_MAX_IV_LENGTH];
    unsigned char *ekey[1];
    int ekeylen=0, net_ekeylen=0;
@@ -326,10 +326,11 @@ buffer_encrypt(const char *buffer_in, size_t buffer_in_length,
    }

    memset(iv, '\0', sizeof(iv));
+ ectx = EVP_CIPHER_CTX_new();
 #if 0
- ret = EVP_SealInit(&ectx, EVP_des_ede3_cbc(), ekey, &ekeylen, iv, pubKey, 1);
+ ret = EVP_SealInit(ectx, EVP_des_ede3_cbc(), ekey, &ekeylen, iv, pubKey, 1);
 #else
- ret = EVP_SealInit(&ectx, EVP_rc4(), ekey, &ekeylen, iv, pubKey, 1);
+ ret = EVP_SealInit(ectx, EVP_rc4(), ekey, &ekeylen, iv, pubKey, 1);
 #endif
    if(ret == 0) {
       printf("---> EVP_SealInit\n");
@@ -352,7 +353,7 @@ buffer_encrypt(const char *buffer_in, size_t buffer_in_length,
    buffer_append(buffer_out, buffer_out_size, buffer_out_length,
                  (char*)iv, sizeof(iv));

- EVP_SealUpdate(&ectx, (unsigned char*)ebuf,
+ EVP_SealUpdate(ectx, (unsigned char*)ebuf,
                                    (int*)&ebuflen,
                                    (const unsigned char *) buffer_in,
                                    buffer_in_length);
@@ -360,12 +361,13 @@ buffer_encrypt(const char *buffer_in, size_t buffer_in_length,
    buffer_append(buffer_out, buffer_out_size, buffer_out_length,
                  ebuf, ebuflen);

- EVP_SealFinal(&ectx, (unsigned char *)ebuf, (int*)&ebuflen);
+ EVP_SealFinal(ectx, (unsigned char *)ebuf, (int*)&ebuflen);

    buffer_append(buffer_out, buffer_out_size, buffer_out_length,
                  ebuf, ebuflen);

    EVP_PKEY_free(pubKey[0]);
+ EVP_CIPHER_CTX_free(ectx);
    sge_free(&(ekey[0]));
    DEXIT;
 }
@@ -379,7 +381,7 @@ buffer_decrypt(const char *buffer_in, size_t buffer_in_length,
    char buf[520];
    char ebuf[512];
    unsigned int buflen;
- EVP_CIPHER_CTX ectx;
+ EVP_CIPHER_CTX *ectx=NULL;
    unsigned char iv[EVP_MAX_IV_LENGTH];
    unsigned char *encryptKey;
    unsigned int ekeylen;
@@ -461,10 +463,11 @@ buffer_decrypt(const char *buffer_in, size_t buffer_in_length,
    memcpy(&iv, curr_ptr, sizeof(iv));
    curr_ptr += sizeof(iv);
    buffer_in_length -= sizeof(iv);
+ ectx = EVP_CIPHER_CTX_new();
 #if 0
- ret = EVP_OpenInit(&ectx, EVP_des_ede3_cbc(), encryptKey, ekeylen, iv, privateKey);
+ ret = EVP_OpenInit(ectx, EVP_des_ede3_cbc(), encryptKey, ekeylen, iv, privateKey);
 #else
- ret = EVP_OpenInit(&ectx, EVP_rc4(), encryptKey, ekeylen, iv, privateKey);
+ ret = EVP_OpenInit(ectx, EVP_rc4(), encryptKey, ekeylen, iv, privateKey);
 #endif
    if(ret == 0) {
       printf("----> EVP_OpenInit\n");
@@ -484,7 +487,7 @@ buffer_decrypt(const char *buffer_in, size_t buffer_in_length,
          readlen = sizeof(ebuf);
       }

- ret = EVP_OpenUpdate(&ectx, (unsigned char *)buf,
+ ret = EVP_OpenUpdate(ectx, (unsigned char *)buf,
                (int*)&buflen,
                (const unsigned char *)ebuf, readlen);
       if (ret == 0) {
@@ -502,7 +505,8 @@ buffer_decrypt(const char *buffer_in, size_t buffer_in_length,
          buf, buflen);
    }

- ret = EVP_OpenFinal(&ectx, (unsigned char *)buf, (int*)&buflen);
+ ret = EVP_OpenFinal(ectx, (unsigned char *)buf, (int*)&buflen);
+ EVP_CIPHER_CTX_free(ectx);
    if (ret == 0) {
       error_code = ERR_get_error();
       ERR_error_string(error_code, err_msg);