diff options
| author | Damien Miller <djm@mindrot.org> | 2010-11-20 15:15:49 +1100 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2010-11-20 15:15:49 +1100 |
| commit | 4499f4cc20eee7e0f67b35f5a5c6078bf07dcbc0 (patch) | |
| tree | f4d827008f691988ecb163d0748648e10f2b0c25 | |
| parent | 7a221a159188eceeea366d4f58345d2bdccaeb8d (diff) | |
- djm@cvs.openbsd.org 2010/11/10 01:33:07
[kexdhc.c kexdhs.c kexgexc.c kexgexs.c key.c moduli.c]
use only libcrypto APIs that are retained with OPENSSL_NO_DEPRECATED.
these have been around for years by this time. ok markus
| -rw-r--r-- | ChangeLog | 4 | ||||
| -rw-r--r-- | kexdhc.c | 4 | ||||
| -rw-r--r-- | kexdhs.c | 4 | ||||
| -rw-r--r-- | kexgexc.c | 4 | ||||
| -rw-r--r-- | kexgexs.c | 4 | ||||
| -rw-r--r-- | key.c | 26 | ||||
| -rw-r--r-- | moduli.c | 8 |
7 files changed, 37 insertions, 17 deletions
| @@ -3,6 +3,10 @@ | |||
| 3 | - djm@cvs.openbsd.org 2010/11/05 02:46:47 | 3 | - djm@cvs.openbsd.org 2010/11/05 02:46:47 |
| 4 | [packet.c] | 4 | [packet.c] |
| 5 | whitespace KNF | 5 | whitespace KNF |
| 6 | - djm@cvs.openbsd.org 2010/11/10 01:33:07 | ||
| 7 | [kexdhc.c kexdhs.c kexgexc.c kexgexs.c key.c moduli.c] | ||
| 8 | use only libcrypto APIs that are retained with OPENSSL_NO_DEPRECATED. | ||
| 9 | these have been around for years by this time. ok markus | ||
| 6 | 10 | ||
| 7 | 20101111 | 11 | 20101111 |
| 8 | - (djm) [servconf.c ssh-add.c ssh-keygen.c] don't look for ECDSA keys on | 12 | - (djm) [servconf.c ssh-add.c ssh-keygen.c] don't look for ECDSA keys on |
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: kexdhc.c,v 1.11 2006/11/06 21:25:28 markus Exp $ */ | 1 | /* $OpenBSD: kexdhc.c,v 1.12 2010/11/10 01:33:07 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2001 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2001 Markus Friedl. All rights reserved. |
| 4 | * | 4 | * |
| @@ -27,6 +27,8 @@ | |||
| 27 | 27 | ||
| 28 | #include <sys/types.h> | 28 | #include <sys/types.h> |
| 29 | 29 | ||
| 30 | #include <openssl/dh.h> | ||
| 31 | |||
| 30 | #include <stdarg.h> | 32 | #include <stdarg.h> |
| 31 | #include <stdio.h> | 33 | #include <stdio.h> |
| 32 | #include <string.h> | 34 | #include <string.h> |
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: kexdhs.c,v 1.11 2010/02/26 20:29:54 djm Exp $ */ | 1 | /* $OpenBSD: kexdhs.c,v 1.12 2010/11/10 01:33:07 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2001 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2001 Markus Friedl. All rights reserved. |
| 4 | * | 4 | * |
| @@ -31,6 +31,8 @@ | |||
| 31 | #include <string.h> | 31 | #include <string.h> |
| 32 | #include <signal.h> | 32 | #include <signal.h> |
| 33 | 33 | ||
| 34 | #include <openssl/dh.h> | ||
| 35 | |||
| 34 | #include "xmalloc.h" | 36 | #include "xmalloc.h" |
| 35 | #include "buffer.h" | 37 | #include "buffer.h" |
| 36 | #include "key.h" | 38 | #include "key.h" |
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: kexgexc.c,v 1.11 2006/11/06 21:25:28 markus Exp $ */ | 1 | /* $OpenBSD: kexgexc.c,v 1.12 2010/11/10 01:33:07 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2000 Niels Provos. All rights reserved. | 3 | * Copyright (c) 2000 Niels Provos. All rights reserved. |
| 4 | * Copyright (c) 2001 Markus Friedl. All rights reserved. | 4 | * Copyright (c) 2001 Markus Friedl. All rights reserved. |
| @@ -28,6 +28,8 @@ | |||
| 28 | 28 | ||
| 29 | #include <sys/types.h> | 29 | #include <sys/types.h> |
| 30 | 30 | ||
| 31 | #include <openssl/dh.h> | ||
| 32 | |||
| 31 | #include <stdarg.h> | 33 | #include <stdarg.h> |
| 32 | #include <stdio.h> | 34 | #include <stdio.h> |
| 33 | #include <string.h> | 35 | #include <string.h> |
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: kexgexs.c,v 1.13 2010/02/26 20:29:54 djm Exp $ */ | 1 | /* $OpenBSD: kexgexs.c,v 1.14 2010/11/10 01:33:07 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2000 Niels Provos. All rights reserved. | 3 | * Copyright (c) 2000 Niels Provos. All rights reserved. |
| 4 | * Copyright (c) 2001 Markus Friedl. All rights reserved. | 4 | * Copyright (c) 2001 Markus Friedl. All rights reserved. |
| @@ -33,6 +33,8 @@ | |||
| 33 | #include <string.h> | 33 | #include <string.h> |
| 34 | #include <signal.h> | 34 | #include <signal.h> |
| 35 | 35 | ||
| 36 | #include <openssl/dh.h> | ||
| 37 | |||
| 36 | #include "xmalloc.h" | 38 | #include "xmalloc.h" |
| 37 | #include "buffer.h" | 39 | #include "buffer.h" |
| 38 | #include "key.h" | 40 | #include "key.h" |
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: key.c,v 1.94 2010/10/28 11:22:09 djm Exp $ */ | 1 | /* $OpenBSD: key.c,v 1.95 2010/11/10 01:33:07 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * read_bignum(): | 3 | * read_bignum(): |
| 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
| @@ -1013,25 +1013,33 @@ key_size(const Key *k) | |||
| 1013 | static RSA * | 1013 | static RSA * |
| 1014 | rsa_generate_private_key(u_int bits) | 1014 | rsa_generate_private_key(u_int bits) |
| 1015 | { | 1015 | { |
| 1016 | RSA *private; | 1016 | RSA *private = RSA_new(); |
| 1017 | BIGNUM *f4 = BN_new(); | ||
| 1017 | 1018 | ||
| 1018 | private = RSA_generate_key(bits, RSA_F4, NULL, NULL); | ||
| 1019 | if (private == NULL) | 1019 | if (private == NULL) |
| 1020 | fatal("rsa_generate_private_key: key generation failed."); | 1020 | fatal("%s: RSA_new failed", __func__); |
| 1021 | if (f4 == NULL) | ||
| 1022 | fatal("%s: BN_new failed", __func__); | ||
| 1023 | if (!BN_set_word(f4, RSA_F4)) | ||
| 1024 | fatal("%s: BN_new failed", __func__); | ||
| 1025 | if (!RSA_generate_key_ex(private, bits, f4, NULL)) | ||
| 1026 | fatal("%s: key generation failed.", __func__); | ||
| 1027 | BN_free(f4); | ||
| 1021 | return private; | 1028 | return private; |
| 1022 | } | 1029 | } |
| 1023 | 1030 | ||
| 1024 | static DSA* | 1031 | static DSA* |
| 1025 | dsa_generate_private_key(u_int bits) | 1032 | dsa_generate_private_key(u_int bits) |
| 1026 | { | 1033 | { |
| 1027 | DSA *private = DSA_generate_parameters(bits, NULL, 0, NULL, NULL, NULL, NULL); | 1034 | DSA *private = DSA_new(); |
| 1028 | 1035 | ||
| 1029 | if (private == NULL) | 1036 | if (private == NULL) |
| 1030 | fatal("dsa_generate_private_key: DSA_generate_parameters failed"); | 1037 | fatal("%s: DSA_new failed", __func__); |
| 1038 | if (!DSA_generate_parameters_ex(private, bits, NULL, 0, NULL, | ||
| 1039 | NULL, NULL)) | ||
| 1040 | fatal("%s: DSA_generate_parameters failed", __func__); | ||
| 1031 | if (!DSA_generate_key(private)) | 1041 | if (!DSA_generate_key(private)) |
| 1032 | fatal("dsa_generate_private_key: DSA_generate_key failed."); | 1042 | fatal("%s: DSA_generate_key failed.", __func__); |
| 1033 | if (private == NULL) | ||
| 1034 | fatal("dsa_generate_private_key: NULL."); | ||
| 1035 | return private; | 1043 | return private; |
| 1036 | } | 1044 | } |
| 1037 | 1045 | ||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: moduli.c,v 1.21 2008/06/26 09:19:40 djm Exp $ */ | 1 | /* $OpenBSD: moduli.c,v 1.22 2010/11/10 01:33:07 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright 1994 Phil Karn <karn@qualcomm.com> | 3 | * Copyright 1994 Phil Karn <karn@qualcomm.com> |
| 4 | * Copyright 1996-1998, 2003 William Allen Simpson <wsimpson@greendragon.com> | 4 | * Copyright 1996-1998, 2003 William Allen Simpson <wsimpson@greendragon.com> |
| @@ -600,7 +600,7 @@ prime_test(FILE *in, FILE *out, u_int32_t trials, u_int32_t generator_wanted) | |||
| 600 | * that p is also prime. A single pass will weed out the | 600 | * that p is also prime. A single pass will weed out the |
| 601 | * vast majority of composite q's. | 601 | * vast majority of composite q's. |
| 602 | */ | 602 | */ |
| 603 | if (BN_is_prime(q, 1, NULL, ctx, NULL) <= 0) { | 603 | if (BN_is_prime_ex(q, 1, ctx, NULL) <= 0) { |
| 604 | debug("%10u: q failed first possible prime test", | 604 | debug("%10u: q failed first possible prime test", |
| 605 | count_in); | 605 | count_in); |
| 606 | continue; | 606 | continue; |
| @@ -613,14 +613,14 @@ prime_test(FILE *in, FILE *out, u_int32_t trials, u_int32_t generator_wanted) | |||
| 613 | * will show up on the first Rabin-Miller iteration so it | 613 | * will show up on the first Rabin-Miller iteration so it |
| 614 | * doesn't hurt to specify a high iteration count. | 614 | * doesn't hurt to specify a high iteration count. |
| 615 | */ | 615 | */ |
| 616 | if (!BN_is_prime(p, trials, NULL, ctx, NULL)) { | 616 | if (!BN_is_prime_ex(p, trials, ctx, NULL)) { |
| 617 | debug("%10u: p is not prime", count_in); | 617 | debug("%10u: p is not prime", count_in); |
| 618 | continue; | 618 | continue; |
| 619 | } | 619 | } |
| 620 | debug("%10u: p is almost certainly prime", count_in); | 620 | debug("%10u: p is almost certainly prime", count_in); |
| 621 | 621 | ||
| 622 | /* recheck q more rigorously */ | 622 | /* recheck q more rigorously */ |
| 623 | if (!BN_is_prime(q, trials - 1, NULL, ctx, NULL)) { | 623 | if (!BN_is_prime_ex(q, trials - 1, ctx, NULL)) { |
| 624 | debug("%10u: q is not prime", count_in); | 624 | debug("%10u: q is not prime", count_in); |
| 625 | continue; | 625 | continue; |
| 626 | } | 626 | } |