summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--auth-pam.c4
-rw-r--r--cipher.c38
-rw-r--r--configure.ac112
-rw-r--r--dh.c2
-rw-r--r--kexdh.c2
-rw-r--r--kexdhc.c2
-rw-r--r--kexdhs.c2
-rw-r--r--kexgex.c2
-rw-r--r--kexgexc.c2
-rw-r--r--kexgexs.c2
-rw-r--r--monitor.c4
-rw-r--r--openbsd-compat/Makefile.in1
-rw-r--r--openbsd-compat/libressl-api-compat.c636
-rw-r--r--openbsd-compat/openssl-compat.h136
-rw-r--r--ssh-dss.c2
-rw-r--r--ssh-ecdsa.c2
-rw-r--r--ssh-pkcs11-client.c2
-rw-r--r--ssh-pkcs11.c1
-rw-r--r--ssh-rsa.c2
-rw-r--r--sshkey.c3
20 files changed, 916 insertions, 41 deletions
diff --git a/auth-pam.c b/auth-pam.c
index 8c0138362..1dec53e92 100644
--- a/auth-pam.c
+++ b/auth-pam.c
@@ -128,6 +128,10 @@ extern u_int utmp_len;
128typedef pthread_t sp_pthread_t; 128typedef pthread_t sp_pthread_t;
129#else 129#else
130typedef pid_t sp_pthread_t; 130typedef pid_t sp_pthread_t;
131#define pthread_exit fake_pthread_exit
132#define pthread_create fake_pthread_create
133#define pthread_cancel fake_pthread_cancel
134#define pthread_join fake_pthread_join
131#endif 135#endif
132 136
133struct pam_ctxt { 137struct pam_ctxt {
diff --git a/cipher.c b/cipher.c
index df43826e0..12c598881 100644
--- a/cipher.c
+++ b/cipher.c
@@ -525,41 +525,3 @@ cipher_set_keyiv(struct sshcipher_ctx *cc, const u_char *iv, size_t len)
525#endif 525#endif
526 return 0; 526 return 0;
527} 527}
528
529#ifdef WITH_OPENSSL
530#define EVP_X_STATE(evp) (evp)->cipher_data
531#define EVP_X_STATE_LEN(evp) (evp)->cipher->ctx_size
532#endif
533
534int
535cipher_get_keycontext(const struct sshcipher_ctx *cc, u_char *dat)
536{
537#if defined(WITH_OPENSSL) && !defined(OPENSSL_NO_RC4)
538 const struct sshcipher *c = cc->cipher;
539 int plen = 0;
540
541 if (c->evptype == EVP_rc4) {
542 plen = EVP_X_STATE_LEN(cc->evp);
543 if (dat == NULL)
544 return (plen);
545 memcpy(dat, EVP_X_STATE(cc->evp), plen);
546 }
547 return (plen);
548#else
549 return 0;
550#endif
551}
552
553void
554cipher_set_keycontext(struct sshcipher_ctx *cc, const u_char *dat)
555{
556#if defined(WITH_OPENSSL) && !defined(OPENSSL_NO_RC4)
557 const struct sshcipher *c = cc->cipher;
558 int plen;
559
560 if (c->evptype == EVP_rc4) {
561 plen = EVP_X_STATE_LEN(cc->evp);
562 memcpy(EVP_X_STATE(cc->evp), dat, plen);
563 }
564#endif
565}
diff --git a/configure.ac b/configure.ac
index 83e530750..c0e120fe9 100644
--- a/configure.ac
+++ b/configure.ac
@@ -2602,9 +2602,10 @@ if test "x$openssl" = "xyes" ; then
2602 AC_MSG_ERROR([OpenSSL >= 1.0.1 required (have "$ssl_library_ver")]) 2602 AC_MSG_ERROR([OpenSSL >= 1.0.1 required (have "$ssl_library_ver")])
2603 ;; 2603 ;;
2604 100*) ;; # 1.0.x 2604 100*) ;; # 1.0.x
2605 101*) ;; # 1.1.x
2605 200*) ;; # LibreSSL 2606 200*) ;; # LibreSSL
2606 *) 2607 *)
2607 AC_MSG_ERROR([OpenSSL >= 1.1.0 is not yet supported (have "$ssl_library_ver")]) 2608 AC_MSG_ERROR([OpenSSL > 1.1.x is not yet supported (have "$ssl_library_ver")])
2608 ;; 2609 ;;
2609 esac 2610 esac
2610 AC_MSG_RESULT([$ssl_library_ver]) 2611 AC_MSG_RESULT([$ssl_library_ver])
@@ -2777,6 +2778,115 @@ if test "x$openssl" = "xyes" ; then
2777 [AC_DEFINE([HAVE_EVP_CIPHER_CTX_CTRL], [1], 2778 [AC_DEFINE([HAVE_EVP_CIPHER_CTX_CTRL], [1],
2778 [Define if libcrypto has EVP_CIPHER_CTX_ctrl])]) 2779 [Define if libcrypto has EVP_CIPHER_CTX_ctrl])])
2779 2780
2781 # LibreSSL/OpenSSL 1.1x API
2782 AC_SEARCH_LIBS([DH_get0_key], [crypto],
2783 [AC_DEFINE([HAVE_DH_GET0_KEY], [1],
2784 [Define if libcrypto has DH_get0_key])])
2785 AC_SEARCH_LIBS([DH_get0_pqg], [crypto],
2786 [AC_DEFINE([HAVE_DH_GET0_PQG], [1],
2787 [Define if libcrypto has DH_get0_pqg])])
2788 AC_SEARCH_LIBS([DH_set0_key], [crypto],
2789 [AC_DEFINE([HAVE_DH_SET0_KEY], [1],
2790 [Define if libcrypto has DH_set0_key])])
2791 AC_SEARCH_LIBS([DH_set_length], [crypto],
2792 [AC_DEFINE([HAVE_DH_SET_LENGTH], [1],
2793 [Define if libcrypto has DH_set_length])])
2794 AC_SEARCH_LIBS([DH_set0_pqg], [crypto],
2795 [AC_DEFINE([HAVE_DH_SET0_PQG], [1],
2796 [Define if libcrypto has DH_set0_pqg])])
2797
2798 AC_SEARCH_LIBS([DSA_get0_key], [crypto],
2799 [AC_DEFINE([HAVE_DSA_GET0_KEY], [1],
2800 [Define if libcrypto has DSA_get0_key])])
2801 AC_SEARCH_LIBS([DSA_get0_pqg], [crypto],
2802 [AC_DEFINE([HAVE_DSA_GET0_PQG], [1],
2803 [Define if libcrypto has DSA_get0_pqg])])
2804 AC_SEARCH_LIBS([DSA_set0_key], [crypto],
2805 [AC_DEFINE([HAVE_DSA_SET0_KEY], [1],
2806 [Define if libcrypto has DSA_set0_key])])
2807 AC_SEARCH_LIBS([DSA_set0_pqg], [crypto],
2808 [AC_DEFINE([HAVE_DSA_SET0_PQG], [1],
2809 [Define if libcrypto has DSA_set0_pqg])])
2810
2811 AC_SEARCH_LIBS([DSA_SIG_get0], [crypto],
2812 [AC_DEFINE([HAVE_DSA_SIG_GET0], [1],
2813 [Define if libcrypto has DSA_SIG_get0])])
2814 AC_SEARCH_LIBS([DSA_SIG_set0], [crypto],
2815 [AC_DEFINE([HAVE_DSA_SIG_SET0], [1],
2816 [Define if libcrypto has DSA_SIG_set0])])
2817
2818 AC_SEARCH_LIBS([ECDSA_SIG_get0], [crypto],
2819 [AC_DEFINE([HAVE_ECDSA_SIG_GET0], [1],
2820 [Define if libcrypto has ECDSA_SIG_get0])])
2821 AC_SEARCH_LIBS([ECDSA_SIG_set0], [crypto],
2822 [AC_DEFINE([HAVE_ECDSA_SIG_SET0], [1],
2823 [Define if libcrypto has ECDSA_SIG_set0])])
2824
2825 AC_SEARCH_LIBS([EVP_CIPHER_CTX_iv], [crypto],
2826 [AC_DEFINE([HAVE_EVP_CIPHER_CTX_IV], [1],
2827 [Define if libcrypto has EVP_CIPHER_CTX_iv])])
2828 AC_SEARCH_LIBS([EVP_CIPHER_CTX_iv_noconst], [crypto],
2829 [AC_DEFINE([HAVE_EVP_CIPHER_CTX_IV_NOCONST], [1],
2830 [Define if libcrypto has EVP_CIPHER_CTX_iv_noconst])])
2831 AC_SEARCH_LIBS([EVP_CIPHER_CTX_get_iv], [crypto],
2832 [AC_DEFINE([HAVE_EVP_CIPHER_CTX_GET_IV], [1],
2833 [Define if libcrypto has EVP_CIPHER_CTX_get_iv])])
2834 AC_SEARCH_LIBS([EVP_CIPHER_CTX_set_iv], [crypto],
2835 [AC_DEFINE([HAVE_EVP_CIPHER_CTX_GET_IV], [1],
2836 [Define if libcrypto has EVP_CIPHER_CTX_set_iv])])
2837
2838 AC_SEARCH_LIBS([RSA_get0_crt_params], [crypto],
2839 [AC_DEFINE([HAVE_RSA_GET0_CRT_PARAMS], [1],
2840 [Define if libcrypto has RSA_get0_crt_params])])
2841 AC_SEARCH_LIBS([RSA_get0_factors], [crypto],
2842 [AC_DEFINE([HAVE_RSA_GET0_FACTORS], [1],
2843 [Define if libcrypto has RSA_get0_factors])])
2844 AC_SEARCH_LIBS([RSA_get0_key], [crypto],
2845 [AC_DEFINE([HAVE_RSA_GET0_KEY], [1],
2846 [Define if libcrypto has RSA_get0_key])])
2847 AC_SEARCH_LIBS([RSA_set0_crt_params], [crypto],
2848 [AC_DEFINE([HAVE_RSA_SET0_CRT_PARAMS], [1],
2849 [Define if libcrypto has RSA_get0_srt_params])])
2850 AC_SEARCH_LIBS([RSA_set0_factors], [crypto],
2851 [AC_DEFINE([HAVE_RSA_SET0_FACTORS], [1],
2852 [Define if libcrypto has RSA_set0_factors])])
2853 AC_SEARCH_LIBS([RSA_set0_key], [crypto],
2854 [AC_DEFINE([HAVE_RSA_SET0_KEY], [1],
2855 [Define if libcrypto has RSA_set0_key])])
2856
2857 AC_SEARCH_LIBS([RSA_meth_free], [crypto],
2858 [AC_DEFINE([HAVE_RSA_METH_FREE], [1],
2859 [Define if libcrypto has RSA_meth_free])])
2860 AC_SEARCH_LIBS([RSA_meth_dup], [crypto],
2861 [AC_DEFINE([HAVE_RSA_METH_DUP], [1],
2862 [Define if libcrypto has RSA_meth_dup])])
2863 AC_SEARCH_LIBS([RSA_meth_set1_name], [crypto],
2864 [AC_DEFINE([HAVE_RSA_METH_SET1_NAME], [1],
2865 [Define if libcrypto has RSA_meth_set1_name])])
2866 AC_SEARCH_LIBS([RSA_meth_get_finish], [crypto],
2867 [AC_DEFINE([HAVE_RSA_METH_GET_FINISH], [1],
2868 [Define if libcrypto has RSA_meth_get_finish])])
2869 AC_SEARCH_LIBS([RSA_meth_set_priv_enc], [crypto],
2870 [AC_DEFINE([HAVE_RSA_METH_SET_PRIV_ENC], [1],
2871 [Define if libcrypto has RSA_meth_set_priv_enc])])
2872 AC_SEARCH_LIBS([RSA_meth_set_priv_dec], [crypto],
2873 [AC_DEFINE([HAVE_RSA_METH_SET_PRIV_DEC], [1],
2874 [Define if libcrypto has RSA_meth_set_priv_dec])])
2875 AC_SEARCH_LIBS([RSA_meth_set_finish], [crypto],
2876 [AC_DEFINE([HAVE_RSA_METH_SET_FINISH], [1],
2877 [Define if libcrypto has RSA_meth_set_finish])])
2878
2879 AC_SEARCH_LIBS([EVP_PKEY_get0_RSA], [crypto],
2880 [AC_DEFINE([HAVE_EVP_PKEY_GET0_RSA], [1],
2881 [Define if libcrypto has EVP_PKEY_get0_RSA])])
2882
2883 AC_SEARCH_LIBS([EVP_MD_CTX_new], [crypto],
2884 [AC_DEFINE([HAVE_EVP_MD_CTX_NEW], [1],
2885 [Define if libcrypto has EVP_MD_CTX_new])])
2886 AC_SEARCH_LIBS([EVP_MD_CTX_free], [crypto],
2887 [AC_DEFINE([HAVE_EVP_MD_CTX_FREE], [1],
2888 [Define if libcrypto has EVP_MD_CTX_free])])
2889
2780 AC_MSG_CHECKING([if EVP_DigestUpdate returns an int]) 2890 AC_MSG_CHECKING([if EVP_DigestUpdate returns an int])
2781 AC_LINK_IFELSE( 2891 AC_LINK_IFELSE(
2782 [AC_LANG_PROGRAM([[ 2892 [AC_LANG_PROGRAM([[
diff --git a/dh.c b/dh.c
index d0d4527b1..f3ed38829 100644
--- a/dh.c
+++ b/dh.c
@@ -43,6 +43,8 @@
43#include "misc.h" 43#include "misc.h"
44#include "ssherr.h" 44#include "ssherr.h"
45 45
46#include "openbsd-compat/openssl-compat.h"
47
46static int 48static int
47parse_prime(int linenum, char *line, struct dhgroup *dhg) 49parse_prime(int linenum, char *line, struct dhgroup *dhg)
48{ 50{
diff --git a/kexdh.c b/kexdh.c
index 0bf0dc138..e6925b186 100644
--- a/kexdh.c
+++ b/kexdh.c
@@ -33,6 +33,8 @@
33 33
34#include <openssl/evp.h> 34#include <openssl/evp.h>
35 35
36#include "openbsd-compat/openssl-compat.h"
37
36#include "ssh2.h" 38#include "ssh2.h"
37#include "sshkey.h" 39#include "sshkey.h"
38#include "cipher.h" 40#include "cipher.h"
diff --git a/kexdhc.c b/kexdhc.c
index a8b74247f..8b56377ad 100644
--- a/kexdhc.c
+++ b/kexdhc.c
@@ -36,6 +36,8 @@
36#include <string.h> 36#include <string.h>
37#include <signal.h> 37#include <signal.h>
38 38
39#include "openbsd-compat/openssl-compat.h"
40
39#include "sshkey.h" 41#include "sshkey.h"
40#include "cipher.h" 42#include "cipher.h"
41#include "digest.h" 43#include "digest.h"
diff --git a/kexdhs.c b/kexdhs.c
index 8367c6c30..337aab5be 100644
--- a/kexdhs.c
+++ b/kexdhs.c
@@ -35,6 +35,8 @@
35 35
36#include <openssl/dh.h> 36#include <openssl/dh.h>
37 37
38#include "openbsd-compat/openssl-compat.h"
39
38#include "sshkey.h" 40#include "sshkey.h"
39#include "cipher.h" 41#include "cipher.h"
40#include "digest.h" 42#include "digest.h"
diff --git a/kexgex.c b/kexgex.c
index 8b0d83332..3ca4bd370 100644
--- a/kexgex.c
+++ b/kexgex.c
@@ -33,6 +33,8 @@
33#include <openssl/evp.h> 33#include <openssl/evp.h>
34#include <signal.h> 34#include <signal.h>
35 35
36#include "openbsd-compat/openssl-compat.h"
37
36#include "sshkey.h" 38#include "sshkey.h"
37#include "cipher.h" 39#include "cipher.h"
38#include "kex.h" 40#include "kex.h"
diff --git a/kexgexc.c b/kexgexc.c
index 955bc837c..0d07f73c7 100644
--- a/kexgexc.c
+++ b/kexgexc.c
@@ -37,6 +37,8 @@
37#include <string.h> 37#include <string.h>
38#include <signal.h> 38#include <signal.h>
39 39
40#include "openbsd-compat/openssl-compat.h"
41
40#include "sshkey.h" 42#include "sshkey.h"
41#include "cipher.h" 43#include "cipher.h"
42#include "digest.h" 44#include "digest.h"
diff --git a/kexgexs.c b/kexgexs.c
index 2a4aa7e81..ce934f88e 100644
--- a/kexgexs.c
+++ b/kexgexs.c
@@ -36,6 +36,8 @@
36 36
37#include <openssl/dh.h> 37#include <openssl/dh.h>
38 38
39#include "openbsd-compat/openssl-compat.h"
40
39#include "sshkey.h" 41#include "sshkey.h"
40#include "cipher.h" 42#include "cipher.h"
41#include "digest.h" 43#include "digest.h"
diff --git a/monitor.c b/monitor.c
index b30813b4d..531b2993a 100644
--- a/monitor.c
+++ b/monitor.c
@@ -29,7 +29,6 @@
29 29
30#include <sys/types.h> 30#include <sys/types.h>
31#include <sys/socket.h> 31#include <sys/socket.h>
32#include "openbsd-compat/sys-tree.h"
33#include <sys/wait.h> 32#include <sys/wait.h>
34 33
35#include <errno.h> 34#include <errno.h>
@@ -60,7 +59,10 @@
60#include <openssl/dh.h> 59#include <openssl/dh.h>
61#endif 60#endif
62 61
62#include "openbsd-compat/sys-tree.h"
63#include "openbsd-compat/sys-queue.h" 63#include "openbsd-compat/sys-queue.h"
64#include "openbsd-compat/openssl-compat.h"
65
64#include "atomicio.h" 66#include "atomicio.h"
65#include "xmalloc.h" 67#include "xmalloc.h"
66#include "ssh.h" 68#include "ssh.h"
diff --git a/openbsd-compat/Makefile.in b/openbsd-compat/Makefile.in
index 2fd9b952b..c1e14cbd0 100644
--- a/openbsd-compat/Makefile.in
+++ b/openbsd-compat/Makefile.in
@@ -85,6 +85,7 @@ COMPAT= arc4random.o \
85 getrrsetbyname-ldns.o \ 85 getrrsetbyname-ldns.o \
86 kludge-fd_set.o \ 86 kludge-fd_set.o \
87 openssl-compat.o \ 87 openssl-compat.o \
88 libressl-api-compat.o \
88 xcrypt.o 89 xcrypt.o
89 90
90PORTS= port-aix.o \ 91PORTS= port-aix.o \
diff --git a/openbsd-compat/libressl-api-compat.c b/openbsd-compat/libressl-api-compat.c
new file mode 100644
index 000000000..de3e64a63
--- /dev/null
+++ b/openbsd-compat/libressl-api-compat.c
@@ -0,0 +1,636 @@
1/* $OpenBSD: dsa_lib.c,v 1.29 2018/04/14 07:09:21 tb Exp $ */
2/* $OpenBSD: rsa_lib.c,v 1.37 2018/04/14 07:09:21 tb Exp $ */
3/* $OpenBSD: evp_lib.c,v 1.17 2018/09/12 06:35:38 djm Exp $ */
4/* $OpenBSD: dh_lib.c,v 1.32 2018/05/02 15:48:38 tb Exp $ */
5/* $OpenBSD: p_lib.c,v 1.24 2018/05/30 15:40:50 tb Exp $ */
6/* $OpenBSD: digest.c,v 1.30 2018/04/14 07:09:21 tb Exp $ */
7/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
8 * All rights reserved.
9 *
10 * This package is an SSL implementation written
11 * by Eric Young (eay@cryptsoft.com).
12 * The implementation was written so as to conform with Netscapes SSL.
13 *
14 * This library is free for commercial and non-commercial use as long as
15 * the following conditions are aheared to. The following conditions
16 * apply to all code found in this distribution, be it the RC4, RSA,
17 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
18 * included with this distribution is covered by the same copyright terms
19 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
20 *
21 * Copyright remains Eric Young's, and as such any Copyright notices in
22 * the code are not to be removed.
23 * If this package is used in a product, Eric Young should be given attribution
24 * as the author of the parts of the library used.
25 * This can be in the form of a textual message at program startup or
26 * in documentation (online or textual) provided with the package.
27 *
28 * Redistribution and use in source and binary forms, with or without
29 * modification, are permitted provided that the following conditions
30 * are met:
31 * 1. Redistributions of source code must retain the copyright
32 * notice, this list of conditions and the following disclaimer.
33 * 2. Redistributions in binary form must reproduce the above copyright
34 * notice, this list of conditions and the following disclaimer in the
35 * documentation and/or other materials provided with the distribution.
36 * 3. All advertising materials mentioning features or use of this software
37 * must display the following acknowledgement:
38 * "This product includes cryptographic software written by
39 * Eric Young (eay@cryptsoft.com)"
40 * The word 'cryptographic' can be left out if the rouines from the library
41 * being used are not cryptographic related :-).
42 * 4. If you include any Windows specific code (or a derivative thereof) from
43 * the apps directory (application code) you must include an acknowledgement:
44 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
45 *
46 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
47 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
48 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
49 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
50 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
51 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
52 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
53 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
54 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
55 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
56 * SUCH DAMAGE.
57 *
58 * The licence and distribution terms for any publically available version or
59 * derivative of this code cannot be changed. i.e. this code cannot simply be
60 * copied and put under another distribution licence
61 * [including the GNU Public Licence.]
62 */
63
64/* $OpenBSD: dsa_asn1.c,v 1.22 2018/06/14 17:03:19 jsing Exp $ */
65/* $OpenBSD: ecs_asn1.c,v 1.9 2018/03/17 15:24:44 tb Exp $ */
66/* $OpenBSD: digest.c,v 1.30 2018/04/14 07:09:21 tb Exp $ */
67/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
68 * project 2000.
69 */
70/* ====================================================================
71 * Copyright (c) 2000-2005 The OpenSSL Project. All rights reserved.
72 *
73 * Redistribution and use in source and binary forms, with or without
74 * modification, are permitted provided that the following conditions
75 * are met:
76 *
77 * 1. Redistributions of source code must retain the above copyright
78 * notice, this list of conditions and the following disclaimer.
79 *
80 * 2. Redistributions in binary form must reproduce the above copyright
81 * notice, this list of conditions and the following disclaimer in
82 * the documentation and/or other materials provided with the
83 * distribution.
84 *
85 * 3. All advertising materials mentioning features or use of this
86 * software must display the following acknowledgment:
87 * "This product includes software developed by the OpenSSL Project
88 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
89 *
90 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
91 * endorse or promote products derived from this software without
92 * prior written permission. For written permission, please contact
93 * licensing@OpenSSL.org.
94 *
95 * 5. Products derived from this software may not be called "OpenSSL"
96 * nor may "OpenSSL" appear in their names without prior written
97 * permission of the OpenSSL Project.
98 *
99 * 6. Redistributions of any form whatsoever must retain the following
100 * acknowledgment:
101 * "This product includes software developed by the OpenSSL Project
102 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
103 *
104 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
105 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
106 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
107 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
108 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
109 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
110 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
111 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
112 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
113 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
114 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
115 * OF THE POSSIBILITY OF SUCH DAMAGE.
116 * ====================================================================
117 *
118 * This product includes cryptographic software written by Eric Young
119 * (eay@cryptsoft.com). This product includes software written by Tim
120 * Hudson (tjh@cryptsoft.com).
121 *
122 */
123
124/* $OpenBSD: rsa_meth.c,v 1.2 2018/09/12 06:35:38 djm Exp $ */
125/*
126 * Copyright (c) 2018 Theo Buehler <tb@openbsd.org>
127 *
128 * Permission to use, copy, modify, and distribute this software for any
129 * purpose with or without fee is hereby granted, provided that the above
130 * copyright notice and this permission notice appear in all copies.
131 *
132 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
133 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
134 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
135 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
136 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
137 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
138 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
139 */
140
141#include "includes.h"
142
143#ifdef WITH_OPENSSL
144
145#include <sys/types.h>
146
147#include <stdlib.h>
148#include <string.h>
149
150#include <openssl/err.h>
151#include <openssl/bn.h>
152#include <openssl/dsa.h>
153#include <openssl/rsa.h>
154#include <openssl/evp.h>
155#include <openssl/ecdsa.h>
156#include <openssl/dh.h>
157
158#ifndef HAVE_DSA_GET0_PQG
159void
160DSA_get0_pqg(const DSA *d, const BIGNUM **p, const BIGNUM **q, const BIGNUM **g)
161{
162 if (p != NULL)
163 *p = d->p;
164 if (q != NULL)
165 *q = d->q;
166 if (g != NULL)
167 *g = d->g;
168}
169#endif /* HAVE_DSA_GET0_PQG */
170
171#ifndef HAVE_DSA_SET0_PQG
172int
173DSA_set0_pqg(DSA *d, BIGNUM *p, BIGNUM *q, BIGNUM *g)
174{
175 if ((d->p == NULL && p == NULL) || (d->q == NULL && q == NULL) ||
176 (d->g == NULL && g == NULL))
177 return 0;
178
179 if (p != NULL) {
180 BN_free(d->p);
181 d->p = p;
182 }
183 if (q != NULL) {
184 BN_free(d->q);
185 d->q = q;
186 }
187 if (g != NULL) {
188 BN_free(d->g);
189 d->g = g;
190 }
191
192 return 1;
193}
194#endif /* HAVE_DSA_SET0_PQG */
195
196#ifndef HAVE_DSA_GET0_KEY
197void
198DSA_get0_key(const DSA *d, const BIGNUM **pub_key, const BIGNUM **priv_key)
199{
200 if (pub_key != NULL)
201 *pub_key = d->pub_key;
202 if (priv_key != NULL)
203 *priv_key = d->priv_key;
204}
205#endif /* HAVE_DSA_GET0_KEY */
206
207#ifndef HAVE_DSA_SET0_KEY
208int
209DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key)
210{
211 if (d->pub_key == NULL && pub_key == NULL)
212 return 0;
213
214 if (pub_key != NULL) {
215 BN_free(d->pub_key);
216 d->pub_key = pub_key;
217 }
218 if (priv_key != NULL) {
219 BN_free(d->priv_key);
220 d->priv_key = priv_key;
221 }
222
223 return 1;
224}
225#endif /* HAVE_DSA_SET0_KEY */
226
227#ifndef HAVE_RSA_GET0_KEY
228void
229RSA_get0_key(const RSA *r, const BIGNUM **n, const BIGNUM **e, const BIGNUM **d)
230{
231 if (n != NULL)
232 *n = r->n;
233 if (e != NULL)
234 *e = r->e;
235 if (d != NULL)
236 *d = r->d;
237}
238#endif /* HAVE_RSA_GET0_KEY */
239
240#ifndef HAVE_RSA_SET0_KEY
241int
242RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d)
243{
244 if ((r->n == NULL && n == NULL) || (r->e == NULL && e == NULL))
245 return 0;
246
247 if (n != NULL) {
248 BN_free(r->n);
249 r->n = n;
250 }
251 if (e != NULL) {
252 BN_free(r->e);
253 r->e = e;
254 }
255 if (d != NULL) {
256 BN_free(r->d);
257 r->d = d;
258 }
259
260 return 1;
261}
262#endif /* HAVE_RSA_SET0_KEY */
263
264#ifndef HAVE_RSA_GET0_CRT_PARAMS
265void
266RSA_get0_crt_params(const RSA *r, const BIGNUM **dmp1, const BIGNUM **dmq1,
267 const BIGNUM **iqmp)
268{
269 if (dmp1 != NULL)
270 *dmp1 = r->dmp1;
271 if (dmq1 != NULL)
272 *dmq1 = r->dmq1;
273 if (iqmp != NULL)
274 *iqmp = r->iqmp;
275}
276#endif /* HAVE_RSA_GET0_CRT_PARAMS */
277
278#ifndef HAVE_RSA_SET0_CRT_PARAMS
279int
280RSA_set0_crt_params(RSA *r, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp)
281{
282 if ((r->dmp1 == NULL && dmp1 == NULL) ||
283 (r->dmq1 == NULL && dmq1 == NULL) ||
284 (r->iqmp == NULL && iqmp == NULL))
285 return 0;
286
287 if (dmp1 != NULL) {
288 BN_free(r->dmp1);
289 r->dmp1 = dmp1;
290 }
291 if (dmq1 != NULL) {
292 BN_free(r->dmq1);
293 r->dmq1 = dmq1;
294 }
295 if (iqmp != NULL) {
296 BN_free(r->iqmp);
297 r->iqmp = iqmp;
298 }
299
300 return 1;
301}
302#endif /* HAVE_RSA_SET0_CRT_PARAMS */
303
304#ifndef HAVE_RSA_GET0_FACTORS
305void
306RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q)
307{
308 if (p != NULL)
309 *p = r->p;
310 if (q != NULL)
311 *q = r->q;
312}
313#endif /* HAVE_RSA_GET0_FACTORS */
314
315#ifndef HAVE_RSA_SET0_FACTORS
316int
317RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q)
318{
319 if ((r->p == NULL && p == NULL) || (r->q == NULL && q == NULL))
320 return 0;
321
322 if (p != NULL) {
323 BN_free(r->p);
324 r->p = p;
325 }
326 if (q != NULL) {
327 BN_free(r->q);
328 r->q = q;
329 }
330
331 return 1;
332}
333#endif /* HAVE_RSA_SET0_FACTORS */
334
335#ifndef HAVE_EVP_CIPHER_CTX_GET_IV
336int
337EVP_CIPHER_CTX_get_iv(const EVP_CIPHER_CTX *ctx, unsigned char *iv, size_t len)
338{
339 if (ctx == NULL)
340 return 0;
341 if (EVP_CIPHER_CTX_iv_length(ctx) < 0)
342 return 0;
343 if (len != (size_t)EVP_CIPHER_CTX_iv_length(ctx))
344 return 0;
345 if (len > EVP_MAX_IV_LENGTH)
346 return 0; /* sanity check; shouldn't happen */
347 /*
348 * Skip the memcpy entirely when the requested IV length is zero,
349 * since the iv pointer may be NULL or invalid.
350 */
351 if (len != 0) {
352 if (iv == NULL)
353 return 0;
354# ifdef HAVE_EVP_CIPHER_CTX_IV
355 memcpy(iv, EVP_CIPHER_CTX_iv(ctx), len);
356# else
357 memcpy(iv, ctx->iv, len);
358# endif /* HAVE_EVP_CIPHER_CTX_IV */
359 }
360 return 1;
361}
362#endif /* HAVE_EVP_CIPHER_CTX_GET_IV */
363
364#ifndef HAVE_EVP_CIPHER_CTX_SET_IV
365int
366EVP_CIPHER_CTX_set_iv(EVP_CIPHER_CTX *ctx, const unsigned char *iv, size_t len)
367{
368 if (ctx == NULL)
369 return 0;
370 if (EVP_CIPHER_CTX_iv_length(ctx) < 0)
371 return 0;
372 if (len != (size_t)EVP_CIPHER_CTX_iv_length(ctx))
373 return 0;
374 if (len > EVP_MAX_IV_LENGTH)
375 return 0; /* sanity check; shouldn't happen */
376 /*
377 * Skip the memcpy entirely when the requested IV length is zero,
378 * since the iv pointer may be NULL or invalid.
379 */
380 if (len != 0) {
381 if (iv == NULL)
382 return 0;
383# ifdef HAVE_EVP_CIPHER_CTX_IV_NOCONST
384 memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), iv, len);
385# else
386 memcpy(ctx->iv, iv, len);
387# endif /* HAVE_EVP_CIPHER_CTX_IV_NOCONST */
388 }
389 return 1;
390}
391#endif /* HAVE_EVP_CIPHER_CTX_SET_IV */
392
393#ifndef HAVE_DSA_SIG_GET0
394void
395DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps)
396{
397 if (pr != NULL)
398 *pr = sig->r;
399 if (ps != NULL)
400 *ps = sig->s;
401}
402#endif /* HAVE_DSA_SIG_GET0 */
403
404#ifndef HAVE_DSA_SIG_SET0
405int
406DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s)
407{
408 if (r == NULL || s == NULL)
409 return 0;
410
411 BN_clear_free(sig->r);
412 sig->r = r;
413 BN_clear_free(sig->s);
414 sig->s = s;
415
416 return 1;
417}
418#endif /* HAVE_DSA_SIG_SET0 */
419
420#ifndef HAVE_ECDSA_SIG_GET0
421void
422ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps)
423{
424 if (pr != NULL)
425 *pr = sig->r;
426 if (ps != NULL)
427 *ps = sig->s;
428}
429#endif /* HAVE_ECDSA_SIG_GET0 */
430
431#ifndef HAVE_ECDSA_SIG_SET0
432int
433ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s)
434{
435 if (r == NULL || s == NULL)
436 return 0;
437
438 BN_clear_free(sig->r);
439 BN_clear_free(sig->s);
440 sig->r = r;
441 sig->s = s;
442 return 1;
443}
444#endif /* HAVE_ECDSA_SIG_SET0 */
445
446#ifndef HAVE_DH_GET0_PQG
447void
448DH_get0_pqg(const DH *dh, const BIGNUM **p, const BIGNUM **q, const BIGNUM **g)
449{
450 if (p != NULL)
451 *p = dh->p;
452 if (q != NULL)
453 *q = dh->q;
454 if (g != NULL)
455 *g = dh->g;
456}
457#endif /* HAVE_DH_GET0_PQG */
458
459#ifndef HAVE_DH_SET0_PQG
460int
461DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g)
462{
463 if ((dh->p == NULL && p == NULL) || (dh->g == NULL && g == NULL))
464 return 0;
465
466 if (p != NULL) {
467 BN_free(dh->p);
468 dh->p = p;
469 }
470 if (q != NULL) {
471 BN_free(dh->q);
472 dh->q = q;
473 }
474 if (g != NULL) {
475 BN_free(dh->g);
476 dh->g = g;
477 }
478
479 return 1;
480}
481#endif /* HAVE_DH_SET0_PQG */
482
483#ifndef HAVE_DH_GET0_KEY
484void
485DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key)
486{
487 if (pub_key != NULL)
488 *pub_key = dh->pub_key;
489 if (priv_key != NULL)
490 *priv_key = dh->priv_key;
491}
492#endif /* HAVE_DH_GET0_KEY */
493
494#ifndef HAVE_DH_SET0_KEY
495int
496DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key)
497{
498 if (pub_key != NULL) {
499 BN_free(dh->pub_key);
500 dh->pub_key = pub_key;
501 }
502 if (priv_key != NULL) {
503 BN_free(dh->priv_key);
504 dh->priv_key = priv_key;
505 }
506
507 return 1;
508}
509#endif /* HAVE_DH_SET0_KEY */
510
511#ifndef HAVE_DH_SET_LENGTH
512int
513DH_set_length(DH *dh, long length)
514{
515 if (length < 0 || length > INT_MAX)
516 return 0;
517
518 dh->length = length;
519 return 1;
520}
521#endif /* HAVE_DH_SET_LENGTH */
522
523#ifndef HAVE_RSA_METH_FREE
524void
525RSA_meth_free(RSA_METHOD *meth)
526{
527 if (meth != NULL) {
528 free((char *)meth->name);
529 free(meth);
530 }
531}
532#endif /* HAVE_RSA_METH_FREE */
533
534#ifndef HAVE_RSA_METH_DUP
535RSA_METHOD *
536RSA_meth_dup(const RSA_METHOD *meth)
537{
538 RSA_METHOD *copy;
539
540 if ((copy = calloc(1, sizeof(*copy))) == NULL)
541 return NULL;
542 memcpy(copy, meth, sizeof(*copy));
543 if ((copy->name = strdup(meth->name)) == NULL) {
544 free(copy);
545 return NULL;
546 }
547
548 return copy;
549}
550#endif /* HAVE_RSA_METH_DUP */
551
552#ifndef HAVE_RSA_METH_SET1_NAME
553int
554RSA_meth_set1_name(RSA_METHOD *meth, const char *name)
555{
556 char *copy;
557
558 if ((copy = strdup(name)) == NULL)
559 return 0;
560 free((char *)meth->name);
561 meth->name = copy;
562 return 1;
563}
564#endif /* HAVE_RSA_METH_SET1_NAME */
565
566#ifndef HAVE_RSA_METH_GET_FINISH
567int
568(*RSA_meth_get_finish(const RSA_METHOD *meth))(RSA *rsa)
569{
570 return meth->finish;
571}
572#endif /* HAVE_RSA_METH_GET_FINISH */
573
574#ifndef HAVE_RSA_METH_SET_PRIV_ENC
575int
576RSA_meth_set_priv_enc(RSA_METHOD *meth, int (*priv_enc)(int flen,
577 const unsigned char *from, unsigned char *to, RSA *rsa, int padding))
578{
579 meth->rsa_priv_enc = priv_enc;
580 return 1;
581}
582#endif /* HAVE_RSA_METH_SET_PRIV_ENC */
583
584#ifndef HAVE_RSA_METH_SET_PRIV_DEC
585int
586RSA_meth_set_priv_dec(RSA_METHOD *meth, int (*priv_dec)(int flen,
587 const unsigned char *from, unsigned char *to, RSA *rsa, int padding))
588{
589 meth->rsa_priv_dec = priv_dec;
590 return 1;
591}
592#endif /* HAVE_RSA_METH_SET_PRIV_DEC */
593
594#ifndef HAVE_RSA_METH_SET_FINISH
595int
596RSA_meth_set_finish(RSA_METHOD *meth, int (*finish)(RSA *rsa))
597{
598 meth->finish = finish;
599 return 1;
600}
601#endif /* HAVE_RSA_METH_SET_FINISH */
602
603#ifndef HAVE_EVP_PKEY_GET0_RSA
604RSA *
605EVP_PKEY_get0_RSA(EVP_PKEY *pkey)
606{
607 if (pkey->type != EVP_PKEY_RSA) {
608 /* EVPerror(EVP_R_EXPECTING_AN_RSA_KEY); */
609 return NULL;
610 }
611 return pkey->pkey.rsa;
612}
613#endif /* HAVE_EVP_PKEY_GET0_RSA */
614
615#ifndef HAVE_EVP_MD_CTX_NEW
616EVP_MD_CTX *
617EVP_MD_CTX_new(void)
618{
619 return calloc(1, sizeof(EVP_MD_CTX));
620}
621#endif /* HAVE_EVP_MD_CTX_NEW */
622
623#ifndef HAVE_EVP_MD_CTX_FREE
624void
625EVP_MD_CTX_free(EVP_MD_CTX *ctx)
626{
627 if (ctx == NULL)
628 return;
629
630 EVP_MD_CTX_cleanup(ctx);
631
632 free(ctx);
633}
634#endif /* HAVE_EVP_MD_CTX_FREE */
635
636#endif /* WITH_OPENSSL */
diff --git a/openbsd-compat/openssl-compat.h b/openbsd-compat/openssl-compat.h
index 2ae42bacf..9e0264c04 100644
--- a/openbsd-compat/openssl-compat.h
+++ b/openbsd-compat/openssl-compat.h
@@ -24,6 +24,8 @@
24#include <openssl/evp.h> 24#include <openssl/evp.h>
25#include <openssl/rsa.h> 25#include <openssl/rsa.h>
26#include <openssl/dsa.h> 26#include <openssl/dsa.h>
27#include <openssl/ecdsa.h>
28#include <openssl/dh.h>
27 29
28int ssh_compatible_openssl(long, long); 30int ssh_compatible_openssl(long, long);
29 31
@@ -96,5 +98,139 @@ void ssh_OpenSSL_add_all_algorithms(void);
96 98
97#endif /* SSH_DONT_OVERLOAD_OPENSSL_FUNCS */ 99#endif /* SSH_DONT_OVERLOAD_OPENSSL_FUNCS */
98 100
101/* LibreSSL/OpenSSL 1.1x API compat */
102#ifndef HAVE_DSA_GET0_PQG
103void DSA_get0_pqg(const DSA *d, const BIGNUM **p, const BIGNUM **q,
104 const BIGNUM **g);
105#endif /* HAVE_DSA_GET0_PQG */
106
107#ifndef HAVE_DSA_SET0_PQG
108int DSA_set0_pqg(DSA *d, BIGNUM *p, BIGNUM *q, BIGNUM *g);
109#endif /* HAVE_DSA_SET0_PQG */
110
111#ifndef HAVE_DSA_GET0_KEY
112void DSA_get0_key(const DSA *d, const BIGNUM **pub_key,
113 const BIGNUM **priv_key);
114#endif /* HAVE_DSA_GET0_KEY */
115
116#ifndef HAVE_DSA_SET0_KEY
117int DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key);
118#endif /* HAVE_DSA_SET0_KEY */
119
120#ifndef HAVE_EVP_CIPHER_CTX_GET_IV
121int EVP_CIPHER_CTX_get_iv(const EVP_CIPHER_CTX *ctx,
122 unsigned char *iv, size_t len);
123#endif /* HAVE_EVP_CIPHER_CTX_GET_IV */
124
125#ifndef HAVE_EVP_CIPHER_CTX_SET_IV
126int EVP_CIPHER_CTX_set_iv(EVP_CIPHER_CTX *ctx,
127 const unsigned char *iv, size_t len);
128#endif /* HAVE_EVP_CIPHER_CTX_SET_IV */
129
130#ifndef HAVE_RSA_GET0_KEY
131void RSA_get0_key(const RSA *r, const BIGNUM **n, const BIGNUM **e,
132 const BIGNUM **d);
133#endif /* HAVE_RSA_GET0_KEY */
134
135#ifndef HAVE_RSA_SET0_KEY
136int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d);
137#endif /* HAVE_RSA_SET0_KEY */
138
139#ifndef HAVE_RSA_GET0_CRT_PARAMS
140void RSA_get0_crt_params(const RSA *r, const BIGNUM **dmp1, const BIGNUM **dmq1,
141 const BIGNUM **iqmp);
142#endif /* HAVE_RSA_GET0_CRT_PARAMS */
143
144#ifndef HAVE_RSA_SET0_CRT_PARAMS
145int RSA_set0_crt_params(RSA *r, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp);
146#endif /* HAVE_RSA_SET0_CRT_PARAMS */
147
148#ifndef HAVE_RSA_GET0_FACTORS
149void RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q);
150#endif /* HAVE_RSA_GET0_FACTORS */
151
152#ifndef HAVE_RSA_SET0_FACTORS
153int RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q);
154#endif /* HAVE_RSA_SET0_FACTORS */
155
156#ifndef DSA_SIG_GET0
157void DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps);
158#endif /* DSA_SIG_GET0 */
159
160#ifndef DSA_SIG_SET0
161int DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s);
162#endif /* DSA_SIG_SET0 */
163
164#ifndef HAVE_ECDSA_SIG_GET0
165void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps);
166#endif /* HAVE_ECDSA_SIG_GET0 */
167
168#ifndef HAVE_ECDSA_SIG_SET0
169int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s);
170#endif /* HAVE_ECDSA_SIG_SET0 */
171
172#ifndef HAVE_DH_GET0_PQG
173void DH_get0_pqg(const DH *dh, const BIGNUM **p, const BIGNUM **q,
174 const BIGNUM **g);
175#endif /* HAVE_DH_GET0_PQG */
176
177#ifndef HAVE_DH_SET0_PQG
178int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g);
179#endif /* HAVE_DH_SET0_PQG */
180
181#ifndef HAVE_DH_GET0_KEY
182void DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key);
183#endif /* HAVE_DH_GET0_KEY */
184
185#ifndef HAVE_DH_SET0_KEY
186int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key);
187#endif /* HAVE_DH_SET0_KEY */
188
189#ifndef HAVE_DH_SET_LENGTH
190int DH_set_length(DH *dh, long length);
191#endif /* HAVE_DH_SET_LENGTH */
192
193#ifndef HAVE_RSA_METH_FREE
194void RSA_meth_free(RSA_METHOD *meth);
195#endif /* HAVE_RSA_METH_FREE */
196
197#ifndef HAVE_RSA_METH_DUP
198RSA_METHOD *RSA_meth_dup(const RSA_METHOD *meth);
199#endif /* HAVE_RSA_METH_DUP */
200
201#ifndef HAVE_RSA_METH_SET1_NAME
202int RSA_meth_set1_name(RSA_METHOD *meth, const char *name);
203#endif /* HAVE_RSA_METH_SET1_NAME */
204
205#ifndef HAVE_RSA_METH_GET_FINISH
206int (*RSA_meth_get_finish(const RSA_METHOD *meth))(RSA *rsa);
207#endif /* HAVE_RSA_METH_GET_FINISH */
208
209#ifndef HAVE_RSA_METH_SET_PRIV_ENC
210int RSA_meth_set_priv_enc(RSA_METHOD *meth, int (*priv_enc)(int flen,
211 const unsigned char *from, unsigned char *to, RSA *rsa, int padding));
212#endif /* HAVE_RSA_METH_SET_PRIV_ENC */
213
214#ifndef HAVE_RSA_METH_SET_PRIV_DEC
215int RSA_meth_set_priv_dec(RSA_METHOD *meth, int (*priv_dec)(int flen,
216 const unsigned char *from, unsigned char *to, RSA *rsa, int padding));
217#endif /* HAVE_RSA_METH_SET_PRIV_DEC */
218
219#ifndef HAVE_RSA_METH_SET_FINISH
220int RSA_meth_set_finish(RSA_METHOD *meth, int (*finish)(RSA *rsa));
221#endif /* HAVE_RSA_METH_SET_FINISH */
222
223#ifndef HAVE_EVP_PKEY_GET0_RSA
224RSA *EVP_PKEY_get0_RSA(EVP_PKEY *pkey);
225#endif /* HAVE_EVP_PKEY_GET0_RSA */
226
227#ifndef HAVE_EVP_MD_CTX_new
228EVP_MD_CTX *EVP_MD_CTX_new(void);
229#endif /* HAVE_EVP_MD_CTX_new */
230
231#ifndef HAVE_EVP_MD_CTX_free
232void EVP_MD_CTX_free(EVP_MD_CTX *ctx);
233#endif /* HAVE_EVP_MD_CTX_free */
234
99#endif /* WITH_OPENSSL */ 235#endif /* WITH_OPENSSL */
100#endif /* _OPENSSL_COMPAT_H */ 236#endif /* _OPENSSL_COMPAT_H */
diff --git a/ssh-dss.c b/ssh-dss.c
index 631b15712..a23c383dc 100644
--- a/ssh-dss.c
+++ b/ssh-dss.c
@@ -43,6 +43,8 @@
43#define SSHKEY_INTERNAL 43#define SSHKEY_INTERNAL
44#include "sshkey.h" 44#include "sshkey.h"
45 45
46#include "openbsd-compat/openssl-compat.h"
47
46#define INTBLOB_LEN 20 48#define INTBLOB_LEN 20
47#define SIGBLOB_LEN (2*INTBLOB_LEN) 49#define SIGBLOB_LEN (2*INTBLOB_LEN)
48 50
diff --git a/ssh-ecdsa.c b/ssh-ecdsa.c
index 9e92af044..2f5531752 100644
--- a/ssh-ecdsa.c
+++ b/ssh-ecdsa.c
@@ -43,6 +43,8 @@
43#define SSHKEY_INTERNAL 43#define SSHKEY_INTERNAL
44#include "sshkey.h" 44#include "sshkey.h"
45 45
46#include "openbsd-compat/openssl-compat.h"
47
46/* ARGSUSED */ 48/* ARGSUSED */
47int 49int
48ssh_ecdsa_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, 50ssh_ecdsa_sign(const struct sshkey *key, u_char **sigp, size_t *lenp,
diff --git a/ssh-pkcs11-client.c b/ssh-pkcs11-client.c
index bcc18c6bc..d1241ce67 100644
--- a/ssh-pkcs11-client.c
+++ b/ssh-pkcs11-client.c
@@ -32,6 +32,8 @@
32 32
33#include <openssl/rsa.h> 33#include <openssl/rsa.h>
34 34
35#include "openbsd-compat/openssl-compat.h"
36
35#include "pathnames.h" 37#include "pathnames.h"
36#include "xmalloc.h" 38#include "xmalloc.h"
37#include "sshbuf.h" 39#include "sshbuf.h"
diff --git a/ssh-pkcs11.c b/ssh-pkcs11.c
index c35f9415f..775de9642 100644
--- a/ssh-pkcs11.c
+++ b/ssh-pkcs11.c
@@ -30,6 +30,7 @@
30#include <dlfcn.h> 30#include <dlfcn.h>
31 31
32#include "openbsd-compat/sys-queue.h" 32#include "openbsd-compat/sys-queue.h"
33#include "openbsd-compat/openssl-compat.h"
33 34
34#include <openssl/x509.h> 35#include <openssl/x509.h>
35 36
diff --git a/ssh-rsa.c b/ssh-rsa.c
index 2788f3340..9b14f9a9a 100644
--- a/ssh-rsa.c
+++ b/ssh-rsa.c
@@ -35,6 +35,8 @@
35#include "digest.h" 35#include "digest.h"
36#include "log.h" 36#include "log.h"
37 37
38#include "openbsd-compat/openssl-compat.h"
39
38static int openssh_RSA_verify(int, u_char *, size_t, u_char *, size_t, RSA *); 40static int openssh_RSA_verify(int, u_char *, size_t, u_char *, size_t, RSA *);
39 41
40static const char * 42static const char *
diff --git a/sshkey.c b/sshkey.c
index 085f17079..6f2c9d44b 100644
--- a/sshkey.c
+++ b/sshkey.c
@@ -60,6 +60,8 @@
60 60
61#include "xmss_fast.h" 61#include "xmss_fast.h"
62 62
63#include "openbsd-compat/openssl-compat.h"
64
63/* openssh private key file format */ 65/* openssh private key file format */
64#define MARK_BEGIN "-----BEGIN OPENSSH PRIVATE KEY-----\n" 66#define MARK_BEGIN "-----BEGIN OPENSSH PRIVATE KEY-----\n"
65#define MARK_END "-----END OPENSSH PRIVATE KEY-----\n" 67#define MARK_END "-----END OPENSSH PRIVATE KEY-----\n"
@@ -1744,7 +1746,6 @@ int
1744sshkey_from_private(const struct sshkey *k, struct sshkey **pkp) 1746sshkey_from_private(const struct sshkey *k, struct sshkey **pkp)
1745{ 1747{
1746 struct sshkey *n = NULL; 1748 struct sshkey *n = NULL;
1747 int ret = SSH_ERR_INTERNAL_ERROR;
1748 int r = SSH_ERR_INTERNAL_ERROR; 1749 int r = SSH_ERR_INTERNAL_ERROR;
1749#ifdef WITH_OPENSSL 1750#ifdef WITH_OPENSSL
1750 const BIGNUM *rsa_n, *rsa_e; 1751 const BIGNUM *rsa_n, *rsa_e;
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-22 10:40:18 +0000