| From 7280401bdd77ca54be6867a154cc01e0d72612e0 Mon Sep 17 00:00:00 2001 |
| From: Damien Miller <djm@mindrot.org> |
| Date: Fri, 24 Mar 2023 13:56:25 +1100 |
| Subject: [PATCH] remove support for old libcrypto |
| |
| OpenSSH now requires LibreSSL 3.1.0 or greater or |
| OpenSSL 1.1.1 or greater |
| |
| with/ok dtucker@ |
| |
| Upstream-Status: Backport [https://github.com/openssh/openssh-portable/commit/7280401bdd77ca54be6867a154cc01e0d72612e0] |
| Comment: Hunk are refreshed, removed couple of hunks from configure.ac as hunk code is not prasent |
| and backported to the existing code. |
| Signed-off-by: Riyaz Khan <Riyaz.Khan@kpit.com> |
| |
| --- |
| .github/workflows/c-cpp.yml | 7 - |
| INSTALL | 8 +- |
| cipher-aes.c | 2 +- |
| configure.ac | 96 ++--- |
| openbsd-compat/libressl-api-compat.c | 556 +-------------------------- |
| openbsd-compat/openssl-compat.h | 151 +------- |
| 6 files changed, 40 insertions(+), 780 deletions(-) |
| |
| diff --git a/.github/workflows/c-cpp.yml b/.github/workflows/c-cpp.yml |
| index 3d9aa22dba5..d299a32468d 100644 |
| --- a/.github/workflows/c-cpp.yml |
| +++ b/.github/workflows/c-cpp.yml |
| @@ -40,18 +40,11 @@ |
| - { os: ubuntu-20.04, configs: tcmalloc } |
| - { os: ubuntu-20.04, configs: musl } |
| - { os: ubuntu-latest, configs: libressl-master } |
| - - { os: ubuntu-latest, configs: libressl-2.2.9 } |
| - - { os: ubuntu-latest, configs: libressl-2.8.3 } |
| - - { os: ubuntu-latest, configs: libressl-3.0.2 } |
| - { os: ubuntu-latest, configs: libressl-3.2.6 } |
| - { os: ubuntu-latest, configs: libressl-3.3.4 } |
| - { os: ubuntu-latest, configs: libressl-3.4.1 } |
| - { os: ubuntu-latest, configs: openssl-master } |
| - { os: ubuntu-latest, configs: openssl-noec } |
| - - { os: ubuntu-latest, configs: openssl-1.0.1 } |
| - - { os: ubuntu-latest, configs: openssl-1.0.1u } |
| - - { os: ubuntu-latest, configs: openssl-1.0.2u } |
| - - { os: ubuntu-latest, configs: openssl-1.1.0h } |
| - { os: ubuntu-latest, configs: openssl-1.1.1 } |
| - { os: ubuntu-latest, configs: openssl-1.1.1k } |
| - { os: ubuntu-latest, configs: openssl-3.0.0 } |
| diff --git a/INSTALL b/INSTALL |
| index 68b15e13190..f99d1e2a809 100644 |
| --- a/INSTALL |
| +++ b/INSTALL |
| @@ -21,12 +21,8 @@ https://zlib.net/ |
| |
| libcrypto from either of LibreSSL or OpenSSL. Building without libcrypto |
| is supported but severely restricts the available ciphers and algorithms. |
| - - LibreSSL (https://www.libressl.org/) |
| - - OpenSSL (https://www.openssl.org) with any of the following versions: |
| - - 1.0.x >= 1.0.1 or 1.1.0 >= 1.1.0g or any 1.1.1 |
| - |
| -Note that due to a bug in EVP_CipherInit OpenSSL 1.1 versions prior to |
| -1.1.0g can't be used. |
| + - LibreSSL (https://www.libressl.org/) 3.1.0 or greater |
| + - OpenSSL (https://www.openssl.org) 1.1.1 or greater |
| |
| LibreSSL/OpenSSL should be compiled as a position-independent library |
| (i.e. -fPIC, eg by configuring OpenSSL as "./config [options] -fPIC" |
| diff --git a/cipher-aes.c b/cipher-aes.c |
| index 8b101727284..87c763353d8 100644 |
| --- a/cipher-aes.c |
| +++ b/cipher-aes.c |
| @@ -69,7 +69,7 @@ ssh_rijndael_init(EVP_CIPHER_CTX *ctx, const u_char *key, const u_char *iv, |
| |
| static int |
| ssh_rijndael_cbc(EVP_CIPHER_CTX *ctx, u_char *dest, const u_char *src, |
| - LIBCRYPTO_EVP_INL_TYPE len) |
| + size_t len) |
| { |
| struct ssh_rijndael_ctx *c; |
| u_char buf[RIJNDAEL_BLOCKSIZE]; |
| diff --git a/configure.ac b/configure.ac |
| index 22fee70f604..1c0ccdf19c5 100644 |
| --- a/configure.ac |
| +++ b/configure.ac |
| @@ -2744,42 +2744,40 @@ |
| #include <openssl/crypto.h> |
| #define DATA "conftest.ssllibver" |
| ]], [[ |
| - FILE *fd; |
| - int rc; |
| + FILE *f; |
| |
| - fd = fopen(DATA,"w"); |
| - if(fd == NULL) |
| + if ((f = fopen(DATA, "w")) == NULL) |
| exit(1); |
| -#ifndef OPENSSL_VERSION |
| -# define OPENSSL_VERSION SSLEAY_VERSION |
| -#endif |
| -#ifndef HAVE_OPENSSL_VERSION |
| -# define OpenSSL_version SSLeay_version |
| -#endif |
| -#ifndef HAVE_OPENSSL_VERSION_NUM |
| -# define OpenSSL_version_num SSLeay |
| -#endif |
| - if ((rc = fprintf(fd, "%08lx (%s)\n", |
| + if (fprintf(f, "%08lx (%s)", |
| (unsigned long)OpenSSL_version_num(), |
| - OpenSSL_version(OPENSSL_VERSION))) < 0) |
| + OpenSSL_version(OPENSSL_VERSION)) < 0) |
| + exit(1); |
| +#ifdef LIBRESSL_VERSION_NUMBER |
| + if (fprintf(f, " libressl-%08lx", LIBRESSL_VERSION_NUMBER) < 0) |
| + exit(1); |
| +#endif |
| + if (fputc('\n', f) == EOF || fclose(f) == EOF) |
| exit(1); |
| - |
| exit(0); |
| ]])], |
| [ |
| - ssl_library_ver=`cat conftest.ssllibver` |
| + sslver=`cat conftest.ssllibver` |
| + ssl_showver=`echo "$sslver" | sed 's/ libressl-.*//'` |
| # Check version is supported. |
| - case "$ssl_library_ver" in |
| - 10000*|0*) |
| - AC_MSG_ERROR([OpenSSL >= 1.0.1 required (have "$ssl_library_ver")]) |
| - ;; |
| - 100*) ;; # 1.0.x |
| - 101000[[0123456]]*) |
| - # https://github.com/openssl/openssl/pull/4613 |
| - AC_MSG_ERROR([OpenSSL 1.1.x versions prior to 1.1.0g have a bug that breaks their use with OpenSSH (have "$ssl_library_ver")]) |
| + case "$sslver" in |
| + 100*|10100*) # 1.0.x, 1.1.0x |
| + AC_MSG_ERROR([OpenSSL >= 1.1.1 required (have "$ssl_showver")]) |
| ;; |
| 101*) ;; # 1.1.x |
| - 200*) ;; # LibreSSL |
| + 200*) # LibreSSL |
| + lver=`echo "$sslver" | sed 's/.*libressl-//'` |
| + case "$lver" in |
| + 2*|300*) # 2.x, 3.0.0 |
| + AC_MSG_ERROR([LibreSSL >= 3.1.0 required (have "$ssl_showver")]) |
| + ;; |
| + *) ;; # Assume all other versions are good. |
| + esac |
| + ;; |
| 300*) ;; # OpenSSL 3 |
| 301*) ;; # OpenSSL development branch. |
| *) |
| @@ -2781,10 +2781,10 @@ |
| 300*) ;; # OpenSSL 3 |
| 301*) ;; # OpenSSL development branch. |
| *) |
| - AC_MSG_ERROR([Unknown/unsupported OpenSSL version ("$ssl_library_ver")]) |
| + AC_MSG_ERROR([Unknown/unsupported OpenSSL version ("$ssl_showver")]) |
| ;; |
| esac |
| - AC_MSG_RESULT([$ssl_library_ver]) |
| + AC_MSG_RESULT([$ssl_showver]) |
| ], |
| [ |
| AC_MSG_RESULT([not found]) |
| @@ -2804,9 +2804,6 @@ |
| #include <openssl/opensslv.h> |
| #include <openssl/crypto.h> |
| ]], [[ |
| -#ifndef HAVE_OPENSSL_VERSION_NUM |
| -# define OpenSSL_version_num SSLeay |
| -#endif |
| exit(OpenSSL_version_num() == OPENSSL_VERSION_NUMBER ? 0 : 1); |
| ]])], |
| [ |
| @@ -2881,44 +2878,13 @@ |
| ) |
| ) |
| |
| - # LibreSSL/OpenSSL 1.1x API |
| + # LibreSSL/OpenSSL API differences |
| AC_CHECK_FUNCS([ \ |
| - OPENSSL_init_crypto \ |
| - DH_get0_key \ |
| - DH_get0_pqg \ |
| - DH_set0_key \ |
| - DH_set_length \ |
| - DH_set0_pqg \ |
| - DSA_get0_key \ |
| - DSA_get0_pqg \ |
| - DSA_set0_key \ |
| - DSA_set0_pqg \ |
| - DSA_SIG_get0 \ |
| - DSA_SIG_set0 \ |
| - ECDSA_SIG_get0 \ |
| - ECDSA_SIG_set0 \ |
| EVP_CIPHER_CTX_iv \ |
| EVP_CIPHER_CTX_iv_noconst \ |
| EVP_CIPHER_CTX_get_iv \ |
| EVP_CIPHER_CTX_get_updated_iv \ |
| EVP_CIPHER_CTX_set_iv \ |
| - RSA_get0_crt_params \ |
| - RSA_get0_factors \ |
| - RSA_get0_key \ |
| - RSA_set0_crt_params \ |
| - RSA_set0_factors \ |
| - RSA_set0_key \ |
| - RSA_meth_free \ |
| - RSA_meth_dup \ |
| - RSA_meth_set1_name \ |
| - RSA_meth_get_finish \ |
| - RSA_meth_set_priv_enc \ |
| - RSA_meth_set_priv_dec \ |
| - RSA_meth_set_finish \ |
| - EVP_PKEY_get0_RSA \ |
| - EVP_MD_CTX_new \ |
| - EVP_MD_CTX_free \ |
| - EVP_chacha20 \ |
| ]) |
| |
| if test "x$openssl_engine" = "xyes" ; then |
| @@ -3040,8 +3006,8 @@ |
| fi |
| AC_CHECK_FUNCS([crypt DES_crypt]) |
| |
| - # Check for SHA256, SHA384 and SHA512 support in OpenSSL |
| - AC_CHECK_FUNCS([EVP_sha256 EVP_sha384 EVP_sha512]) |
| + # Check for various EVP support in OpenSSL |
| + AC_CHECK_FUNCS([EVP_sha256 EVP_sha384 EVP_sha512 EVP_chacha20]) |
| |
| # Check complete ECC support in OpenSSL |
| AC_MSG_CHECKING([whether OpenSSL has NID_X9_62_prime256v1]) |
| diff --git a/openbsd-compat/libressl-api-compat.c b/openbsd-compat/libressl-api-compat.c |
| index 498180dc894..59be17397c5 100644 |
| --- a/openbsd-compat/libressl-api-compat.c |
| +++ b/openbsd-compat/libressl-api-compat.c |
| @@ -1,129 +1,5 @@ |
| -/* $OpenBSD: dsa_lib.c,v 1.29 2018/04/14 07:09:21 tb Exp $ */ |
| -/* $OpenBSD: rsa_lib.c,v 1.37 2018/04/14 07:09:21 tb Exp $ */ |
| -/* $OpenBSD: evp_lib.c,v 1.17 2018/09/12 06:35:38 djm Exp $ */ |
| -/* $OpenBSD: dh_lib.c,v 1.32 2018/05/02 15:48:38 tb Exp $ */ |
| -/* $OpenBSD: p_lib.c,v 1.24 2018/05/30 15:40:50 tb Exp $ */ |
| -/* $OpenBSD: digest.c,v 1.30 2018/04/14 07:09:21 tb Exp $ */ |
| -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| - * All rights reserved. |
| - * |
| - * This package is an SSL implementation written |
| - * by Eric Young (eay@cryptsoft.com). |
| - * The implementation was written so as to conform with Netscapes SSL. |
| - * |
| - * This library is free for commercial and non-commercial use as long as |
| - * the following conditions are aheared to. The following conditions |
| - * apply to all code found in this distribution, be it the RC4, RSA, |
| - * lhash, DES, etc., code; not just the SSL code. The SSL documentation |
| - * included with this distribution is covered by the same copyright terms |
| - * except that the holder is Tim Hudson (tjh@cryptsoft.com). |
| - * |
| - * Copyright remains Eric Young's, and as such any Copyright notices in |
| - * the code are not to be removed. |
| - * If this package is used in a product, Eric Young should be given attribution |
| - * as the author of the parts of the library used. |
| - * This can be in the form of a textual message at program startup or |
| - * in documentation (online or textual) provided with the package. |
| - * |
| - * Redistribution and use in source and binary forms, with or without |
| - * modification, are permitted provided that the following conditions |
| - * are met: |
| - * 1. Redistributions of source code must retain the copyright |
| - * notice, this list of conditions and the following disclaimer. |
| - * 2. Redistributions in binary form must reproduce the above copyright |
| - * notice, this list of conditions and the following disclaimer in the |
| - * documentation and/or other materials provided with the distribution. |
| - * 3. All advertising materials mentioning features or use of this software |
| - * must display the following acknowledgement: |
| - * "This product includes cryptographic software written by |
| - * Eric Young (eay@cryptsoft.com)" |
| - * The word 'cryptographic' can be left out if the rouines from the library |
| - * being used are not cryptographic related :-). |
| - * 4. If you include any Windows specific code (or a derivative thereof) from |
| - * the apps directory (application code) you must include an acknowledgement: |
| - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" |
| - * |
| - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND |
| - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
| - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
| - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE |
| - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
| - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS |
| - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
| - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT |
| - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY |
| - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
| - * SUCH DAMAGE. |
| - * |
| - * The licence and distribution terms for any publically available version or |
| - * derivative of this code cannot be changed. i.e. this code cannot simply be |
| - * copied and put under another distribution licence |
| - * [including the GNU Public Licence.] |
| - */ |
| - |
| -/* $OpenBSD: dsa_asn1.c,v 1.22 2018/06/14 17:03:19 jsing Exp $ */ |
| -/* $OpenBSD: ecs_asn1.c,v 1.9 2018/03/17 15:24:44 tb Exp $ */ |
| -/* $OpenBSD: digest.c,v 1.30 2018/04/14 07:09:21 tb Exp $ */ |
| -/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
| - * project 2000. |
| - */ |
| -/* ==================================================================== |
| - * Copyright (c) 2000-2005 The OpenSSL Project. All rights reserved. |
| - * |
| - * Redistribution and use in source and binary forms, with or without |
| - * modification, are permitted provided that the following conditions |
| - * are met: |
| - * |
| - * 1. Redistributions of source code must retain the above copyright |
| - * notice, this list of conditions and the following disclaimer. |
| - * |
| - * 2. Redistributions in binary form must reproduce the above copyright |
| - * notice, this list of conditions and the following disclaimer in |
| - * the documentation and/or other materials provided with the |
| - * distribution. |
| - * |
| - * 3. All advertising materials mentioning features or use of this |
| - * software must display the following acknowledgment: |
| - * "This product includes software developed by the OpenSSL Project |
| - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" |
| - * |
| - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to |
| - * endorse or promote products derived from this software without |
| - * prior written permission. For written permission, please contact |
| - * licensing@OpenSSL.org. |
| - * |
| - * 5. Products derived from this software may not be called "OpenSSL" |
| - * nor may "OpenSSL" appear in their names without prior written |
| - * permission of the OpenSSL Project. |
| - * |
| - * 6. Redistributions of any form whatsoever must retain the following |
| - * acknowledgment: |
| - * "This product includes software developed by the OpenSSL Project |
| - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" |
| - * |
| - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY |
| - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
| - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR |
| - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR |
| - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
| - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT |
| - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; |
| - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
| - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, |
| - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) |
| - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED |
| - * OF THE POSSIBILITY OF SUCH DAMAGE. |
| - * ==================================================================== |
| - * |
| - * This product includes cryptographic software written by Eric Young |
| - * (eay@cryptsoft.com). This product includes software written by Tim |
| - * Hudson (tjh@cryptsoft.com). |
| - * |
| - */ |
| - |
| -/* $OpenBSD: rsa_meth.c,v 1.2 2018/09/12 06:35:38 djm Exp $ */ |
| /* |
| - * Copyright (c) 2018 Theo Buehler <tb@openbsd.org> |
| + * Copyright (c) 2018 Damien Miller <djm@mindrot.org> |
| * |
| * Permission to use, copy, modify, and distribute this software for any |
| * purpose with or without fee is hereby granted, provided that the above |
| @@ -147,192 +23,7 @@ |
| #include <stdlib.h> |
| #include <string.h> |
| |
| -#include <openssl/err.h> |
| -#include <openssl/bn.h> |
| -#include <openssl/dsa.h> |
| -#include <openssl/rsa.h> |
| #include <openssl/evp.h> |
| -#ifdef OPENSSL_HAS_ECC |
| -#include <openssl/ecdsa.h> |
| -#endif |
| -#include <openssl/dh.h> |
| - |
| -#ifndef HAVE_DSA_GET0_PQG |
| -void |
| -DSA_get0_pqg(const DSA *d, const BIGNUM **p, const BIGNUM **q, const BIGNUM **g) |
| -{ |
| - if (p != NULL) |
| - *p = d->p; |
| - if (q != NULL) |
| - *q = d->q; |
| - if (g != NULL) |
| - *g = d->g; |
| -} |
| -#endif /* HAVE_DSA_GET0_PQG */ |
| - |
| -#ifndef HAVE_DSA_SET0_PQG |
| -int |
| -DSA_set0_pqg(DSA *d, BIGNUM *p, BIGNUM *q, BIGNUM *g) |
| -{ |
| - if ((d->p == NULL && p == NULL) || (d->q == NULL && q == NULL) || |
| - (d->g == NULL && g == NULL)) |
| - return 0; |
| - |
| - if (p != NULL) { |
| - BN_free(d->p); |
| - d->p = p; |
| - } |
| - if (q != NULL) { |
| - BN_free(d->q); |
| - d->q = q; |
| - } |
| - if (g != NULL) { |
| - BN_free(d->g); |
| - d->g = g; |
| - } |
| - |
| - return 1; |
| -} |
| -#endif /* HAVE_DSA_SET0_PQG */ |
| - |
| -#ifndef HAVE_DSA_GET0_KEY |
| -void |
| -DSA_get0_key(const DSA *d, const BIGNUM **pub_key, const BIGNUM **priv_key) |
| -{ |
| - if (pub_key != NULL) |
| - *pub_key = d->pub_key; |
| - if (priv_key != NULL) |
| - *priv_key = d->priv_key; |
| -} |
| -#endif /* HAVE_DSA_GET0_KEY */ |
| - |
| -#ifndef HAVE_DSA_SET0_KEY |
| -int |
| -DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key) |
| -{ |
| - if (d->pub_key == NULL && pub_key == NULL) |
| - return 0; |
| - |
| - if (pub_key != NULL) { |
| - BN_free(d->pub_key); |
| - d->pub_key = pub_key; |
| - } |
| - if (priv_key != NULL) { |
| - BN_free(d->priv_key); |
| - d->priv_key = priv_key; |
| - } |
| - |
| - return 1; |
| -} |
| -#endif /* HAVE_DSA_SET0_KEY */ |
| - |
| -#ifndef HAVE_RSA_GET0_KEY |
| -void |
| -RSA_get0_key(const RSA *r, const BIGNUM **n, const BIGNUM **e, const BIGNUM **d) |
| -{ |
| - if (n != NULL) |
| - *n = r->n; |
| - if (e != NULL) |
| - *e = r->e; |
| - if (d != NULL) |
| - *d = r->d; |
| -} |
| -#endif /* HAVE_RSA_GET0_KEY */ |
| - |
| -#ifndef HAVE_RSA_SET0_KEY |
| -int |
| -RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d) |
| -{ |
| - if ((r->n == NULL && n == NULL) || (r->e == NULL && e == NULL)) |
| - return 0; |
| - |
| - if (n != NULL) { |
| - BN_free(r->n); |
| - r->n = n; |
| - } |
| - if (e != NULL) { |
| - BN_free(r->e); |
| - r->e = e; |
| - } |
| - if (d != NULL) { |
| - BN_free(r->d); |
| - r->d = d; |
| - } |
| - |
| - return 1; |
| -} |
| -#endif /* HAVE_RSA_SET0_KEY */ |
| - |
| -#ifndef HAVE_RSA_GET0_CRT_PARAMS |
| -void |
| -RSA_get0_crt_params(const RSA *r, const BIGNUM **dmp1, const BIGNUM **dmq1, |
| - const BIGNUM **iqmp) |
| -{ |
| - if (dmp1 != NULL) |
| - *dmp1 = r->dmp1; |
| - if (dmq1 != NULL) |
| - *dmq1 = r->dmq1; |
| - if (iqmp != NULL) |
| - *iqmp = r->iqmp; |
| -} |
| -#endif /* HAVE_RSA_GET0_CRT_PARAMS */ |
| - |
| -#ifndef HAVE_RSA_SET0_CRT_PARAMS |
| -int |
| -RSA_set0_crt_params(RSA *r, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp) |
| -{ |
| - if ((r->dmp1 == NULL && dmp1 == NULL) || |
| - (r->dmq1 == NULL && dmq1 == NULL) || |
| - (r->iqmp == NULL && iqmp == NULL)) |
| - return 0; |
| - |
| - if (dmp1 != NULL) { |
| - BN_free(r->dmp1); |
| - r->dmp1 = dmp1; |
| - } |
| - if (dmq1 != NULL) { |
| - BN_free(r->dmq1); |
| - r->dmq1 = dmq1; |
| - } |
| - if (iqmp != NULL) { |
| - BN_free(r->iqmp); |
| - r->iqmp = iqmp; |
| - } |
| - |
| - return 1; |
| -} |
| -#endif /* HAVE_RSA_SET0_CRT_PARAMS */ |
| - |
| -#ifndef HAVE_RSA_GET0_FACTORS |
| -void |
| -RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q) |
| -{ |
| - if (p != NULL) |
| - *p = r->p; |
| - if (q != NULL) |
| - *q = r->q; |
| -} |
| -#endif /* HAVE_RSA_GET0_FACTORS */ |
| - |
| -#ifndef HAVE_RSA_SET0_FACTORS |
| -int |
| -RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q) |
| -{ |
| - if ((r->p == NULL && p == NULL) || (r->q == NULL && q == NULL)) |
| - return 0; |
| - |
| - if (p != NULL) { |
| - BN_free(r->p); |
| - r->p = p; |
| - } |
| - if (q != NULL) { |
| - BN_free(r->q); |
| - r->q = q; |
| - } |
| - |
| - return 1; |
| -} |
| -#endif /* HAVE_RSA_SET0_FACTORS */ |
| |
| #ifndef HAVE_EVP_CIPHER_CTX_GET_IV |
| int |
| @@ -392,249 +83,4 @@ EVP_CIPHER_CTX_set_iv(EVP_CIPHER_CTX *ctx, const unsigned char *iv, size_t len) |
| } |
| #endif /* HAVE_EVP_CIPHER_CTX_SET_IV */ |
| |
| -#ifndef HAVE_DSA_SIG_GET0 |
| -void |
| -DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps) |
| -{ |
| - if (pr != NULL) |
| - *pr = sig->r; |
| - if (ps != NULL) |
| - *ps = sig->s; |
| -} |
| -#endif /* HAVE_DSA_SIG_GET0 */ |
| - |
| -#ifndef HAVE_DSA_SIG_SET0 |
| -int |
| -DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s) |
| -{ |
| - if (r == NULL || s == NULL) |
| - return 0; |
| - |
| - BN_clear_free(sig->r); |
| - sig->r = r; |
| - BN_clear_free(sig->s); |
| - sig->s = s; |
| - |
| - return 1; |
| -} |
| -#endif /* HAVE_DSA_SIG_SET0 */ |
| - |
| -#ifdef OPENSSL_HAS_ECC |
| -#ifndef HAVE_ECDSA_SIG_GET0 |
| -void |
| -ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps) |
| -{ |
| - if (pr != NULL) |
| - *pr = sig->r; |
| - if (ps != NULL) |
| - *ps = sig->s; |
| -} |
| -#endif /* HAVE_ECDSA_SIG_GET0 */ |
| - |
| -#ifndef HAVE_ECDSA_SIG_SET0 |
| -int |
| -ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s) |
| -{ |
| - if (r == NULL || s == NULL) |
| - return 0; |
| - |
| - BN_clear_free(sig->r); |
| - BN_clear_free(sig->s); |
| - sig->r = r; |
| - sig->s = s; |
| - return 1; |
| -} |
| -#endif /* HAVE_ECDSA_SIG_SET0 */ |
| -#endif /* OPENSSL_HAS_ECC */ |
| - |
| -#ifndef HAVE_DH_GET0_PQG |
| -void |
| -DH_get0_pqg(const DH *dh, const BIGNUM **p, const BIGNUM **q, const BIGNUM **g) |
| -{ |
| - if (p != NULL) |
| - *p = dh->p; |
| - if (q != NULL) |
| - *q = dh->q; |
| - if (g != NULL) |
| - *g = dh->g; |
| -} |
| -#endif /* HAVE_DH_GET0_PQG */ |
| - |
| -#ifndef HAVE_DH_SET0_PQG |
| -int |
| -DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g) |
| -{ |
| - if ((dh->p == NULL && p == NULL) || (dh->g == NULL && g == NULL)) |
| - return 0; |
| - |
| - if (p != NULL) { |
| - BN_free(dh->p); |
| - dh->p = p; |
| - } |
| - if (q != NULL) { |
| - BN_free(dh->q); |
| - dh->q = q; |
| - } |
| - if (g != NULL) { |
| - BN_free(dh->g); |
| - dh->g = g; |
| - } |
| - |
| - return 1; |
| -} |
| -#endif /* HAVE_DH_SET0_PQG */ |
| - |
| -#ifndef HAVE_DH_GET0_KEY |
| -void |
| -DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key) |
| -{ |
| - if (pub_key != NULL) |
| - *pub_key = dh->pub_key; |
| - if (priv_key != NULL) |
| - *priv_key = dh->priv_key; |
| -} |
| -#endif /* HAVE_DH_GET0_KEY */ |
| - |
| -#ifndef HAVE_DH_SET0_KEY |
| -int |
| -DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key) |
| -{ |
| - if (pub_key != NULL) { |
| - BN_free(dh->pub_key); |
| - dh->pub_key = pub_key; |
| - } |
| - if (priv_key != NULL) { |
| - BN_free(dh->priv_key); |
| - dh->priv_key = priv_key; |
| - } |
| - |
| - return 1; |
| -} |
| -#endif /* HAVE_DH_SET0_KEY */ |
| - |
| -#ifndef HAVE_DH_SET_LENGTH |
| -int |
| -DH_set_length(DH *dh, long length) |
| -{ |
| - if (length < 0 || length > INT_MAX) |
| - return 0; |
| - |
| - dh->length = length; |
| - return 1; |
| -} |
| -#endif /* HAVE_DH_SET_LENGTH */ |
| - |
| -#ifndef HAVE_RSA_METH_FREE |
| -void |
| -RSA_meth_free(RSA_METHOD *meth) |
| -{ |
| - if (meth != NULL) { |
| - free((char *)meth->name); |
| - free(meth); |
| - } |
| -} |
| -#endif /* HAVE_RSA_METH_FREE */ |
| - |
| -#ifndef HAVE_RSA_METH_DUP |
| -RSA_METHOD * |
| -RSA_meth_dup(const RSA_METHOD *meth) |
| -{ |
| - RSA_METHOD *copy; |
| - |
| - if ((copy = calloc(1, sizeof(*copy))) == NULL) |
| - return NULL; |
| - memcpy(copy, meth, sizeof(*copy)); |
| - if ((copy->name = strdup(meth->name)) == NULL) { |
| - free(copy); |
| - return NULL; |
| - } |
| - |
| - return copy; |
| -} |
| -#endif /* HAVE_RSA_METH_DUP */ |
| - |
| -#ifndef HAVE_RSA_METH_SET1_NAME |
| -int |
| -RSA_meth_set1_name(RSA_METHOD *meth, const char *name) |
| -{ |
| - char *copy; |
| - |
| - if ((copy = strdup(name)) == NULL) |
| - return 0; |
| - free((char *)meth->name); |
| - meth->name = copy; |
| - return 1; |
| -} |
| -#endif /* HAVE_RSA_METH_SET1_NAME */ |
| - |
| -#ifndef HAVE_RSA_METH_GET_FINISH |
| -int |
| -(*RSA_meth_get_finish(const RSA_METHOD *meth))(RSA *rsa) |
| -{ |
| - return meth->finish; |
| -} |
| -#endif /* HAVE_RSA_METH_GET_FINISH */ |
| - |
| -#ifndef HAVE_RSA_METH_SET_PRIV_ENC |
| -int |
| -RSA_meth_set_priv_enc(RSA_METHOD *meth, int (*priv_enc)(int flen, |
| - const unsigned char *from, unsigned char *to, RSA *rsa, int padding)) |
| -{ |
| - meth->rsa_priv_enc = priv_enc; |
| - return 1; |
| -} |
| -#endif /* HAVE_RSA_METH_SET_PRIV_ENC */ |
| - |
| -#ifndef HAVE_RSA_METH_SET_PRIV_DEC |
| -int |
| -RSA_meth_set_priv_dec(RSA_METHOD *meth, int (*priv_dec)(int flen, |
| - const unsigned char *from, unsigned char *to, RSA *rsa, int padding)) |
| -{ |
| - meth->rsa_priv_dec = priv_dec; |
| - return 1; |
| -} |
| -#endif /* HAVE_RSA_METH_SET_PRIV_DEC */ |
| - |
| -#ifndef HAVE_RSA_METH_SET_FINISH |
| -int |
| -RSA_meth_set_finish(RSA_METHOD *meth, int (*finish)(RSA *rsa)) |
| -{ |
| - meth->finish = finish; |
| - return 1; |
| -} |
| -#endif /* HAVE_RSA_METH_SET_FINISH */ |
| - |
| -#ifndef HAVE_EVP_PKEY_GET0_RSA |
| -RSA * |
| -EVP_PKEY_get0_RSA(EVP_PKEY *pkey) |
| -{ |
| - if (pkey->type != EVP_PKEY_RSA) { |
| - /* EVPerror(EVP_R_EXPECTING_AN_RSA_KEY); */ |
| - return NULL; |
| - } |
| - return pkey->pkey.rsa; |
| -} |
| -#endif /* HAVE_EVP_PKEY_GET0_RSA */ |
| - |
| -#ifndef HAVE_EVP_MD_CTX_NEW |
| -EVP_MD_CTX * |
| -EVP_MD_CTX_new(void) |
| -{ |
| - return calloc(1, sizeof(EVP_MD_CTX)); |
| -} |
| -#endif /* HAVE_EVP_MD_CTX_NEW */ |
| - |
| -#ifndef HAVE_EVP_MD_CTX_FREE |
| -void |
| -EVP_MD_CTX_free(EVP_MD_CTX *ctx) |
| -{ |
| - if (ctx == NULL) |
| - return; |
| - |
| - EVP_MD_CTX_cleanup(ctx); |
| - |
| - free(ctx); |
| -} |
| -#endif /* HAVE_EVP_MD_CTX_FREE */ |
| - |
| #endif /* WITH_OPENSSL */ |
| diff --git a/openbsd-compat/openssl-compat.h b/openbsd-compat/openssl-compat.h |
| index 61a69dd56eb..d0dd2c3450d 100644 |
| --- a/openbsd-compat/openssl-compat.h |
| +++ b/openbsd-compat/openssl-compat.h |
| @@ -33,26 +33,13 @@ |
| int ssh_compatible_openssl(long, long); |
| void ssh_libcrypto_init(void); |
| |
| -#if (OPENSSL_VERSION_NUMBER < 0x1000100fL) |
| -# error OpenSSL 1.0.1 or greater is required |
| +#if (OPENSSL_VERSION_NUMBER < 0x10100000L) |
| +# error OpenSSL 1.1.0 or greater is required |
| #endif |
| - |
| -#ifndef OPENSSL_VERSION |
| -# define OPENSSL_VERSION SSLEAY_VERSION |
| -#endif |
| - |
| -#ifndef HAVE_OPENSSL_VERSION |
| -# define OpenSSL_version(x) SSLeay_version(x) |
| -#endif |
| - |
| -#ifndef HAVE_OPENSSL_VERSION_NUM |
| -# define OpenSSL_version_num SSLeay |
| -#endif |
| - |
| -#if OPENSSL_VERSION_NUMBER < 0x10000001L |
| -# define LIBCRYPTO_EVP_INL_TYPE unsigned int |
| -#else |
| -# define LIBCRYPTO_EVP_INL_TYPE size_t |
| +#ifdef LIBRESSL_VERSION_NUMBER |
| +# if LIBRESSL_VERSION_NUMBER < 0x3010000fL |
| +# error LibreSSL 3.1.0 or greater is required |
| +# endif |
| #endif |
| |
| #ifndef OPENSSL_RSA_MAX_MODULUS_BITS |
| @@ -68,25 +55,6 @@ void ssh_libcrypto_init(void); |
| # endif |
| #endif |
| |
| -/* LibreSSL/OpenSSL 1.1x API compat */ |
| -#ifndef HAVE_DSA_GET0_PQG |
| -void DSA_get0_pqg(const DSA *d, const BIGNUM **p, const BIGNUM **q, |
| - const BIGNUM **g); |
| -#endif /* HAVE_DSA_GET0_PQG */ |
| - |
| -#ifndef HAVE_DSA_SET0_PQG |
| -int DSA_set0_pqg(DSA *d, BIGNUM *p, BIGNUM *q, BIGNUM *g); |
| -#endif /* HAVE_DSA_SET0_PQG */ |
| - |
| -#ifndef HAVE_DSA_GET0_KEY |
| -void DSA_get0_key(const DSA *d, const BIGNUM **pub_key, |
| - const BIGNUM **priv_key); |
| -#endif /* HAVE_DSA_GET0_KEY */ |
| - |
| -#ifndef HAVE_DSA_SET0_KEY |
| -int DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key); |
| -#endif /* HAVE_DSA_SET0_KEY */ |
| - |
| #ifndef HAVE_EVP_CIPHER_CTX_GET_IV |
| # ifdef HAVE_EVP_CIPHER_CTX_GET_UPDATED_IV |
| # define EVP_CIPHER_CTX_get_iv EVP_CIPHER_CTX_get_updated_iv |
| @@ -101,112 +69,5 @@ int EVP_CIPHER_CTX_set_iv(EVP_CIPHER_CTX *ctx, |
| const unsigned char *iv, size_t len); |
| #endif /* HAVE_EVP_CIPHER_CTX_SET_IV */ |
| |
| -#ifndef HAVE_RSA_GET0_KEY |
| -void RSA_get0_key(const RSA *r, const BIGNUM **n, const BIGNUM **e, |
| - const BIGNUM **d); |
| -#endif /* HAVE_RSA_GET0_KEY */ |
| - |
| -#ifndef HAVE_RSA_SET0_KEY |
| -int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d); |
| -#endif /* HAVE_RSA_SET0_KEY */ |
| - |
| -#ifndef HAVE_RSA_GET0_CRT_PARAMS |
| -void RSA_get0_crt_params(const RSA *r, const BIGNUM **dmp1, const BIGNUM **dmq1, |
| - const BIGNUM **iqmp); |
| -#endif /* HAVE_RSA_GET0_CRT_PARAMS */ |
| - |
| -#ifndef HAVE_RSA_SET0_CRT_PARAMS |
| -int RSA_set0_crt_params(RSA *r, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp); |
| -#endif /* HAVE_RSA_SET0_CRT_PARAMS */ |
| - |
| -#ifndef HAVE_RSA_GET0_FACTORS |
| -void RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q); |
| -#endif /* HAVE_RSA_GET0_FACTORS */ |
| - |
| -#ifndef HAVE_RSA_SET0_FACTORS |
| -int RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q); |
| -#endif /* HAVE_RSA_SET0_FACTORS */ |
| - |
| -#ifndef DSA_SIG_GET0 |
| -void DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps); |
| -#endif /* DSA_SIG_GET0 */ |
| - |
| -#ifndef DSA_SIG_SET0 |
| -int DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s); |
| -#endif /* DSA_SIG_SET0 */ |
| - |
| -#ifdef OPENSSL_HAS_ECC |
| -#ifndef HAVE_ECDSA_SIG_GET0 |
| -void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps); |
| -#endif /* HAVE_ECDSA_SIG_GET0 */ |
| - |
| -#ifndef HAVE_ECDSA_SIG_SET0 |
| -int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s); |
| -#endif /* HAVE_ECDSA_SIG_SET0 */ |
| -#endif /* OPENSSL_HAS_ECC */ |
| - |
| -#ifndef HAVE_DH_GET0_PQG |
| -void DH_get0_pqg(const DH *dh, const BIGNUM **p, const BIGNUM **q, |
| - const BIGNUM **g); |
| -#endif /* HAVE_DH_GET0_PQG */ |
| - |
| -#ifndef HAVE_DH_SET0_PQG |
| -int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g); |
| -#endif /* HAVE_DH_SET0_PQG */ |
| - |
| -#ifndef HAVE_DH_GET0_KEY |
| -void DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key); |
| -#endif /* HAVE_DH_GET0_KEY */ |
| - |
| -#ifndef HAVE_DH_SET0_KEY |
| -int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key); |
| -#endif /* HAVE_DH_SET0_KEY */ |
| - |
| -#ifndef HAVE_DH_SET_LENGTH |
| -int DH_set_length(DH *dh, long length); |
| -#endif /* HAVE_DH_SET_LENGTH */ |
| - |
| -#ifndef HAVE_RSA_METH_FREE |
| -void RSA_meth_free(RSA_METHOD *meth); |
| -#endif /* HAVE_RSA_METH_FREE */ |
| - |
| -#ifndef HAVE_RSA_METH_DUP |
| -RSA_METHOD *RSA_meth_dup(const RSA_METHOD *meth); |
| -#endif /* HAVE_RSA_METH_DUP */ |
| - |
| -#ifndef HAVE_RSA_METH_SET1_NAME |
| -int RSA_meth_set1_name(RSA_METHOD *meth, const char *name); |
| -#endif /* HAVE_RSA_METH_SET1_NAME */ |
| - |
| -#ifndef HAVE_RSA_METH_GET_FINISH |
| -int (*RSA_meth_get_finish(const RSA_METHOD *meth))(RSA *rsa); |
| -#endif /* HAVE_RSA_METH_GET_FINISH */ |
| - |
| -#ifndef HAVE_RSA_METH_SET_PRIV_ENC |
| -int RSA_meth_set_priv_enc(RSA_METHOD *meth, int (*priv_enc)(int flen, |
| - const unsigned char *from, unsigned char *to, RSA *rsa, int padding)); |
| -#endif /* HAVE_RSA_METH_SET_PRIV_ENC */ |
| - |
| -#ifndef HAVE_RSA_METH_SET_PRIV_DEC |
| -int RSA_meth_set_priv_dec(RSA_METHOD *meth, int (*priv_dec)(int flen, |
| - const unsigned char *from, unsigned char *to, RSA *rsa, int padding)); |
| -#endif /* HAVE_RSA_METH_SET_PRIV_DEC */ |
| - |
| -#ifndef HAVE_RSA_METH_SET_FINISH |
| -int RSA_meth_set_finish(RSA_METHOD *meth, int (*finish)(RSA *rsa)); |
| -#endif /* HAVE_RSA_METH_SET_FINISH */ |
| - |
| -#ifndef HAVE_EVP_PKEY_GET0_RSA |
| -RSA *EVP_PKEY_get0_RSA(EVP_PKEY *pkey); |
| -#endif /* HAVE_EVP_PKEY_GET0_RSA */ |
| - |
| -#ifndef HAVE_EVP_MD_CTX_new |
| -EVP_MD_CTX *EVP_MD_CTX_new(void); |
| -#endif /* HAVE_EVP_MD_CTX_new */ |
| - |
| -#ifndef HAVE_EVP_MD_CTX_free |
| -void EVP_MD_CTX_free(EVP_MD_CTX *ctx); |
| -#endif /* HAVE_EVP_MD_CTX_free */ |
| - |
| #endif /* WITH_OPENSSL */ |
| #endif /* _OPENSSL_COMPAT_H */ |