diff -ur src.old/dkimbase.h src/dkimbase.h
--- src.old/dkimbase.h	2019-04-10 11:01:23.544374386 +1000
+++ src/dkimbase.h	2019-04-10 11:01:38.040374386 +1000
@@ -25,6 +25,11 @@
 #include <openssl/pem.h>
 #include <openssl/err.h>
 
+#if OPENSSL_VERSION_NUMBER < 0x10100000
+#define EVP_MD_CTX_new EVP_MD_CTX_create
+#define EVP_MD_CTX_free EVP_MD_CTX_destroy
+#endif
+
 #define BUFFER_ALLOC_INCREMENT	256
 
 #include <string>
diff -ur src.old/dkimsign.cpp src/dkimsign.cpp
--- src.old/dkimsign.cpp	2019-04-10 11:01:23.544374386 +1000
+++ src/dkimsign.cpp	2019-04-10 11:01:38.044374386 +1000
@@ -31,6 +31,7 @@
 
 #include <string.h>
 #include <map>
+#include <stdexcept>
 
 #include "dkim.h"
 #include "dkimsign.h"
@@ -41,20 +42,35 @@
 	m_EmptyLineCount = 0;
 	m_pfnHdrCallback = NULL;
 
-	EVP_SignInit( &m_allman_sha1ctx, EVP_sha1() );
-	EVP_SignInit( &m_Hdr_ietf_sha1ctx, EVP_sha1() );
-	EVP_SignInit( &m_Hdr_ietf_sha256ctx, EVP_sha256() );
-	EVP_DigestInit( &m_Bdy_ietf_sha1ctx, EVP_sha1() );
-	EVP_DigestInit( &m_Bdy_ietf_sha256ctx, EVP_sha256() );
+	m_allman_sha1ctx = EVP_MD_CTX_new();
+	if ( m_allman_sha1ctx == NULL )
+		throw std::runtime_error("out of memory");
+	EVP_SignInit( m_allman_sha1ctx, EVP_sha1() );
+	m_Hdr_ietf_sha1ctx = EVP_MD_CTX_new();
+	if ( m_Hdr_ietf_sha1ctx == NULL )
+		throw std::runtime_error("out of memory");
+	EVP_SignInit( m_Hdr_ietf_sha1ctx, EVP_sha1() );
+	m_Hdr_ietf_sha256ctx = EVP_MD_CTX_new();
+	if ( m_Hdr_ietf_sha256ctx == NULL )
+		throw std::runtime_error("out of memory");
+	EVP_SignInit( m_Hdr_ietf_sha256ctx, EVP_sha256() );
+	m_Bdy_ietf_sha1ctx = EVP_MD_CTX_new();
+	if ( m_Bdy_ietf_sha1ctx == NULL )
+		throw std::runtime_error("out of memory");
+	EVP_DigestInit( m_Bdy_ietf_sha1ctx, EVP_sha1() );
+	m_Bdy_ietf_sha256ctx = EVP_MD_CTX_new();
+	if ( m_Bdy_ietf_sha256ctx == NULL )
+		throw std::runtime_error("out of memory");
+	EVP_DigestInit( m_Bdy_ietf_sha256ctx, EVP_sha256() );
 }
 
 CDKIMSign::~CDKIMSign()
 {
-	EVP_MD_CTX_cleanup( &m_allman_sha1ctx );
-	EVP_MD_CTX_cleanup( &m_Hdr_ietf_sha1ctx );
-	EVP_MD_CTX_cleanup( &m_Hdr_ietf_sha256ctx );
-	EVP_MD_CTX_cleanup( &m_Bdy_ietf_sha1ctx );
-	EVP_MD_CTX_cleanup( &m_Bdy_ietf_sha256ctx );
+	EVP_MD_CTX_free( m_allman_sha1ctx );
+	EVP_MD_CTX_free( m_Hdr_ietf_sha1ctx );
+	EVP_MD_CTX_free( m_Hdr_ietf_sha256ctx );
+	EVP_MD_CTX_free( m_Bdy_ietf_sha1ctx );
+	EVP_MD_CTX_free( m_Bdy_ietf_sha256ctx );
 }
 
 ////////////////////////////////////////////////////////////////////////////////
@@ -150,34 +166,34 @@
 	{
 		if( m_nIncludeBodyHash & DKIM_BODYHASH_ALLMAN_1 )
 		{
-			EVP_SignUpdate( &m_allman_sha1ctx, szBuffer, nBufLength );
+			EVP_SignUpdate( m_allman_sha1ctx, szBuffer, nBufLength );
 		}
 	}
 	else
 	{
 		if( m_nIncludeBodyHash < DKIM_BODYHASH_IETF_1 )
 		{
-			EVP_SignUpdate( &m_allman_sha1ctx, szBuffer, nBufLength );
+			EVP_SignUpdate( m_allman_sha1ctx, szBuffer, nBufLength );
 		}
 		else if( m_nIncludeBodyHash & DKIM_BODYHASH_IETF_1 )
 		{
 			if( m_nIncludeBodyHash & DKIM_BODYHASH_ALLMAN_1 )
 			{
-				EVP_SignUpdate( &m_allman_sha1ctx, szBuffer, nBufLength );
+				EVP_SignUpdate( m_allman_sha1ctx, szBuffer, nBufLength );
 			}
 			if( m_nHash & DKIM_HASH_SHA256 )
 			{
 				if( bHdr )
-					EVP_SignUpdate( &m_Hdr_ietf_sha256ctx, szBuffer, nBufLength );
+					EVP_SignUpdate( m_Hdr_ietf_sha256ctx, szBuffer, nBufLength );
 				else
-					EVP_DigestUpdate( &m_Bdy_ietf_sha256ctx, szBuffer, nBufLength );
+					EVP_DigestUpdate( m_Bdy_ietf_sha256ctx, szBuffer, nBufLength );
 			}
 			if( m_nHash != DKIM_HASH_SHA256 )
 			{
 				if( bHdr )
-					EVP_SignUpdate( &m_Hdr_ietf_sha1ctx, szBuffer, nBufLength );
+					EVP_SignUpdate( m_Hdr_ietf_sha1ctx, szBuffer, nBufLength );
 				else
-					EVP_DigestUpdate( &m_Bdy_ietf_sha1ctx, szBuffer, nBufLength );
+					EVP_DigestUpdate( m_Bdy_ietf_sha1ctx, szBuffer, nBufLength );
 			}
 		}
 	}
@@ -864,7 +880,7 @@
 		unsigned char Hash[EVP_MAX_MD_SIZE];
 		unsigned int nHashLen = 0;
 
-		EVP_DigestFinal( bUseSha256 ? &m_Bdy_ietf_sha256ctx : &m_Bdy_ietf_sha1ctx, Hash, &nHashLen );
+		EVP_DigestFinal( bUseSha256 ? m_Bdy_ietf_sha256ctx : m_Bdy_ietf_sha1ctx, Hash, &nHashLen );
 
 		bio = BIO_new(BIO_s_mem());
 		if (!bio) {
@@ -935,11 +951,11 @@
 
 	if( bUseIetfBodyHash )
 	{
-		EVP_SignUpdate( bUseSha256 ? &m_Hdr_ietf_sha256ctx : &m_Hdr_ietf_sha1ctx, sTemp.c_str(), sTemp.size() );
+		EVP_SignUpdate( bUseSha256 ? m_Hdr_ietf_sha256ctx : m_Hdr_ietf_sha1ctx, sTemp.c_str(), sTemp.size() );
 	}
 	else
 	{
-		EVP_SignUpdate( &m_allman_sha1ctx, sTemp.c_str(), sTemp.size() );
+		EVP_SignUpdate( m_allman_sha1ctx, sTemp.c_str(), sTemp.size() );
 	}
  
 	bio = BIO_new_mem_buf(szPrivKey, -1);
@@ -966,11 +982,11 @@
 	
 	if( bUseIetfBodyHash )
 	{
-		nSignRet = EVP_SignFinal( bUseSha256 ? &m_Hdr_ietf_sha256ctx : &m_Hdr_ietf_sha1ctx, sig, &siglen, pkey);
+		nSignRet = EVP_SignFinal( bUseSha256 ? m_Hdr_ietf_sha256ctx : m_Hdr_ietf_sha1ctx, sig, &siglen, pkey);
 	}
 	else
 	{
-		nSignRet = EVP_SignFinal( &m_allman_sha1ctx, sig, &siglen, pkey);
+		nSignRet = EVP_SignFinal( m_allman_sha1ctx, sig, &siglen, pkey);
 	}
 
	 EVP_PKEY_free(pkey);
diff -ur src.old/dkimsign.h src/dkimsign.h
--- src.old/dkimsign.h	2019-04-10 11:01:23.544374386 +1000
+++ src/dkimsign.h	2019-04-10 11:01:38.040374386 +1000
@@ -60,13 +60,13 @@
 
 	int AssembleReturnedSig( char* szPrivKey );
 
-	EVP_MD_CTX m_Hdr_ietf_sha1ctx;		/* the header hash for ietf sha1  */
-	EVP_MD_CTX m_Hdr_ietf_sha256ctx;	/* the header hash for ietf sha256 */
+	EVP_MD_CTX *m_Hdr_ietf_sha1ctx;		/* the header hash for ietf sha1  */
+	EVP_MD_CTX *m_Hdr_ietf_sha256ctx;	/* the header hash for ietf sha256 */
 
-	EVP_MD_CTX m_Bdy_ietf_sha1ctx;		/* the body hash for ietf sha1  */
-	EVP_MD_CTX m_Bdy_ietf_sha256ctx;	/* the body hash for ietf sha256 */
+	EVP_MD_CTX *m_Bdy_ietf_sha1ctx;		/* the body hash for ietf sha1  */
+	EVP_MD_CTX *m_Bdy_ietf_sha256ctx;	/* the body hash for ietf sha256 */
 
-	EVP_MD_CTX m_allman_sha1ctx;		/* the hash for allman sha1  */
+	EVP_MD_CTX *m_allman_sha1ctx;		/* the hash for allman sha1  */
 
 	int m_Canon;				// canonization method
 
diff -ur src.old/dkimverify.cpp src/dkimverify.cpp
--- src.old/dkimverify.cpp	2019-04-10 11:01:23.564374386 +1000
+++ src/dkimverify.cpp	2019-04-10 11:01:38.044374386 +1000
@@ -35,6 +35,7 @@
 #include <assert.h>
 #include <vector>
 #include <algorithm>
+#include <stdexcept>
 
 #define MAX_SIGNATURES	10			// maximum number of DKIM signatures to process in a message
 
@@ -43,8 +44,12 @@
 {
 	VerifiedBodyCount = 0;
 	UnverifiedBodyCount = 0;
-	EVP_MD_CTX_init( &m_Hdr_ctx );
-	EVP_MD_CTX_init( &m_Bdy_ctx );
+	m_Hdr_ctx = EVP_MD_CTX_new();
+	if ( m_Hdr_ctx == NULL )
+		throw std::runtime_error("out of memory");
+	m_Bdy_ctx = EVP_MD_CTX_new();
+	if ( m_Bdy_ctx == NULL )
+		throw std::runtime_error("out of memory");
 	m_pSelector = NULL;
 	Status = DKIM_SUCCESS;
 	m_nHash = 0;
@@ -54,8 +59,8 @@
 
 SignatureInfo::~SignatureInfo()
 {
-	EVP_MD_CTX_cleanup( &m_Hdr_ctx );
-	EVP_MD_CTX_cleanup( &m_Bdy_ctx );
+	EVP_MD_CTX_free(m_Hdr_ctx);
+	EVP_MD_CTX_free(m_Bdy_ctx);
 }
 
 
@@ -459,7 +464,7 @@
 				unsigned char md[EVP_MAX_MD_SIZE];
 				unsigned len = 0;
 
-				int res = EVP_DigestFinal( &i->m_Bdy_ctx, md, &len);
+				int res = EVP_DigestFinal( i->m_Bdy_ctx, md, &len);
 
 				if (!res || len != i->BodyHashData.length() || memcmp(i->BodyHashData.data(), md, len) != 0)
 				{
@@ -515,7 +520,7 @@
 
 			assert( i->m_pSelector != NULL );
 
-			int res = EVP_VerifyFinal( &i->m_Hdr_ctx, (unsigned char *) i->SignatureData.data(), i->SignatureData.length(), i->m_pSelector->PublicKey);
+			int res = EVP_VerifyFinal( i->m_Hdr_ctx, (unsigned char *) i->SignatureData.data(), i->SignatureData.length(), i->m_pSelector->PublicKey);
 
 			if (res == 1)
 			{
@@ -658,11 +663,11 @@
 
 	if (IsBody && !BodyHashData.empty())
 	{
-		EVP_DigestUpdate( &m_Bdy_ctx, szBuffer, nBufLength );
+		EVP_DigestUpdate( m_Bdy_ctx, szBuffer, nBufLength );
 	}
 	else
 	{
-		EVP_VerifyUpdate( &m_Hdr_ctx, szBuffer, nBufLength );
+		EVP_VerifyUpdate( m_Hdr_ctx, szBuffer, nBufLength );
 	}
 
 	if (m_SaveCanonicalizedData)
@@ -741,13 +746,13 @@
 		// initialize the hashes
 		if (sig.m_nHash == DKIM_HASH_SHA256)
 		{
-			EVP_VerifyInit( &sig.m_Hdr_ctx, EVP_sha256() );
-			EVP_DigestInit( &sig.m_Bdy_ctx, EVP_sha256() );
+			EVP_VerifyInit( sig.m_Hdr_ctx, EVP_sha256() );
+			EVP_DigestInit( sig.m_Bdy_ctx, EVP_sha256() );
 		}
 		else
 		{
-			EVP_VerifyInit( &sig.m_Hdr_ctx, EVP_sha1() );
-			EVP_DigestInit( &sig.m_Bdy_ctx, EVP_sha1() );
+			EVP_VerifyInit( sig.m_Hdr_ctx, EVP_sha1() );
+			EVP_DigestInit( sig.m_Bdy_ctx, EVP_sha1() );
 		}
 
 		// compute the hash of the header
@@ -1343,7 +1348,8 @@
 			return DKIM_SELECTOR_PUBLIC_KEY_INVALID;
 
 		// make sure public key is the correct type (we only support rsa)
-		if (pkey->type == EVP_PKEY_RSA || pkey->type == EVP_PKEY_RSA2)
+		if (EVP_PKEY_base_id(pkey) == EVP_PKEY_RSA ||
+			EVP_PKEY_base_id(pkey) == EVP_PKEY_RSA2)
 		{
 			PublicKey = pkey;
 		}
diff -ur src.old/dkimverify.h src/dkimverify.h
--- src.old/dkimverify.h	2008-09-15 08:22:00.000000000 +1000
+++ src/dkimverify.h	2019-04-10 11:01:38.040374386 +1000
@@ -83,8 +83,8 @@
 	unsigned VerifiedBodyCount;
 	unsigned UnverifiedBodyCount;
 
-	EVP_MD_CTX m_Hdr_ctx;
-	EVP_MD_CTX m_Bdy_ctx;
+	EVP_MD_CTX *m_Hdr_ctx;
+	EVP_MD_CTX *m_Bdy_ctx;
 	SelectorInfo *m_pSelector;
 
 	int Status;