5 files changed, 86 insertions, 4 deletions
diff --git a/ChangeLog b/ChangeLog
index 7e416859f..7b94b59e5 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,6 +1,9 @@
 20101204
 - (djm) [openbsd-compat/bindresvport.c] Use arc4random_uniform(range)
   instead of (arc4random() % range)
+ - (dtucker) [configure.ac moduli.c openbsd-compat/openssl-compat.{c,h}]  Add
+   shims for the new, non-deprecated OpenSSL key generation functions for
+   platforms that don't have the new interfaces.
 20101201
 - OpenBSD CVS Sync
diff --git a/configure.ac b/configure.ac
index c3700d8dd..0ea76c8fd 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,4 +1,4 @@
-# $Id: configure.ac,v 1.458 2010/11/08 22:26:23 tim Exp $
+# $Id: configure.ac,v 1.459 2010/12/04 12:20:50 dtucker Exp $
 #
 # Copyright (c) 1999-2004 Damien Miller
 #
@@ -15,7 +15,7 @@
 # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org)
-AC_REVISION($Revision: 1.458 $)
+AC_REVISION($Revision: 1.459 $)
 AC_CONFIG_SRCDIR([ssh.c])
 AC_CONFIG_HEADER(config.h)
@@ -2136,6 +2136,8 @@ int main(void) { SSLeay_add_all_algorithms(); }
        ]
 )
+AC_CHECK_FUNCS(RSA_generate_key_ex DSA_generate_parameters_ex BN_is_prime_ex)
 AC_ARG_WITH(ssl-engine,
        [  --with-ssl-engine       Enable OpenSSL (hardware) ENGINE support ],
        [ if test "x$withval" != "xno" ; then
diff --git a/moduli.c b/moduli.c
index 2c2b388c7..2964a8b3d 100644
--- a/moduli.c
+++ b/moduli.c
@@ -54,6 +54,8 @@
 #include "dh.h"
 #include "log.h"
+#include "openbsd-compat/openssl-compat.h"
 /*
 * File output defines
 */
diff --git a/openbsd-compat/openssl-compat.c b/openbsd-compat/openssl-compat.c
index c9bb7cb50..e2d090cf1 100644
--- a/openbsd-compat/openssl-compat.c
+++ b/openbsd-compat/openssl-compat.c
@@ -1,4 +1,4 @@
-/* $Id: openssl-compat.c,v 1.10 2010/11/22 06:59:00 dtucker Exp $ */
+/* $Id: openssl-compat.c,v 1.11 2010/12/04 12:20:50 dtucker Exp $ */
 /*
 * Copyright (c) 2005 Darren Tucker <dtucker@zip.com.au>
@@ -18,11 +18,16 @@
 #include "includes.h"
+#include <stdarg.h>
+#include <string.h>
 #ifdef USE_OPENSSL_ENGINE
 # include <openssl/engine.h>
 # include <openssl/conf.h>
 #endif
+#include "log.h"
 #define SSH_DONT_OVERLOAD_OPENSSL_FUNCS
 #include "openssl-compat.h"
@@ -59,6 +64,63 @@ ssh_EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt)
 }
 #endif
+#ifndef HAVE_BN_IS_PRIME_EX
+int
+BN_is_prime_ex(const BIGNUM *p, int nchecks, BN_CTX *ctx, void *cb)
+{
+        if (cb != NULL)
+                fatal("%s: callback args not supported", __func__);
+        return BN_is_prime(p, nchecks, NULL, ctx, NULL);
+}
+#endif
+#ifndef HAVE_RSA_GENERATE_KEY_EX
+int
+RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *bn_e, void *cb)
+{
+        RSA *new_rsa, tmp_rsa;
+        unsigned long e;
+        sleep(1);
+        if (cb != NULL)
+                fatal("%s: callback args not supported", __func__);
+        e = BN_get_word(bn_e);
+        if (e == 0xffffffffL)
+                fatal("%s: value of e too large", __func__);
+        new_rsa = RSA_generate_key(bits, e, NULL, NULL);
+        if (new_rsa == NULL)
+                return 0;
+        /* swap rsa/new_rsa then free new_rsa */
+        tmp_rsa = *rsa;
+        *rsa = *new_rsa;
+        *new_rsa = tmp_rsa;
+        RSA_free(new_rsa);
+        return 1;
+}
+#endif
+#ifndef HAVE_DSA_GENERATE_PARAMETERS_EX
+int
+DSA_generate_parameters_ex(DSA *dsa, int bits, const unsigned char *seed,
+    int seed_len, int *counter_ret, unsigned long *h_ret, void *cb)
+{
+        DSA *new_dsa, tmp_dsa;
+        if (cb != NULL)
+                fatal("%s: callback args not supported", __func__);
+        new_dsa = DSA_generate_parameters(bits, (unsigned char *)seed, seed_len,
+            counter_ret, h_ret, NULL, NULL);
+        if (new_dsa == NULL)
+                return 0;
+        /* swap dsa/new_dsa then free new_dsa */
+        tmp_dsa = *dsa;
+        *dsa = *new_dsa;
+        *new_dsa = tmp_dsa;
+        DSA_free(new_dsa);
+        return 1;
+}
+#endif
 #ifdef  USE_OPENSSL_ENGINE
 void
 ssh_SSLeay_add_all_algorithms(void)
diff --git a/openbsd-compat/openssl-compat.h b/openbsd-compat/openssl-compat.h
index beb81f420..c0ca20aaf 100644
--- a/openbsd-compat/openssl-compat.h
+++ b/openbsd-compat/openssl-compat.h
@@ -1,4 +1,4 @@
-/* $Id: openssl-compat.h,v 1.16 2010/10/07 11:06:44 djm Exp $ */
+/* $Id: openssl-compat.h,v 1.17 2010/12/04 12:20:50 dtucker Exp $ */
 /*
 * Copyright (c) 2005 Darren Tucker <dtucker@zip.com.au>
@@ -108,6 +108,19 @@ extern const EVP_CIPHER *evp_acss(void);
 #  define SSLeay_add_all_algorithms()  ssh_SSLeay_add_all_algorithms()
 # endif
+# ifndef HAVE_BN_IS_PRIME_EX
+int BN_is_prime_ex(const BIGNUM *, int, BN_CTX *, void *);
+# endif
+# ifndef HAVE_DSA_GENERATE_PARAMETERS_EX
+int DSA_generate_parameters_ex(DSA *, int, const unsigned char *, int, int *,
+    unsigned long *, void *);
+# endif
+# ifndef HAVE_RSA_GENERATE_KEY_EX
+int RSA_generate_key_ex(RSA *, int, BIGNUM *, void *);
+# endif
 int ssh_EVP_CipherInit(EVP_CIPHER_CTX *, const EVP_CIPHER *, unsigned char *,
    unsigned char *, int);
 int ssh_EVP_Cipher(EVP_CIPHER_CTX *, char *, char *, int);

diff --git a/ChangeLog b/ChangeLog index 7e416859f..7b94b59e5 100644 --- a/ChangeLog +++ b/ChangeLog
@@ -1,6 +1,9 @@
1	20101204	1	20101204
2	- (djm) [openbsd-compat/bindresvport.c] Use arc4random_uniform(range)	2	- (djm) [openbsd-compat/bindresvport.c] Use arc4random_uniform(range)
3	instead of (arc4random() % range)	3	instead of (arc4random() % range)
		4	- (dtucker) [configure.ac moduli.c openbsd-compat/openssl-compat.{c,h}] Add
		5	shims for the new, non-deprecated OpenSSL key generation functions for
		6	platforms that don't have the new interfaces.
4		7
5	20101201	8	20101201
6	- OpenBSD CVS Sync	9	- OpenBSD CVS Sync


diff --git a/configure.ac b/configure.ac index c3700d8dd..0ea76c8fd 100644 --- a/configure.ac +++ b/configure.ac
@@ -1,4 +1,4 @@
1	# $Id: configure.ac,v 1.458 2010/11/08 22:26:23 tim Exp $	1	# $Id: configure.ac,v 1.459 2010/12/04 12:20:50 dtucker Exp $
2	#	2	#
3	# Copyright (c) 1999-2004 Damien Miller	3	# Copyright (c) 1999-2004 Damien Miller
4	#	4	#
@@ -15,7 +15,7 @@
15	# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.	15	# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16		16
17	AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org)	17	AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org)
18	AC_REVISION($Revision: 1.458 $)	18	AC_REVISION($Revision: 1.459 $)
19	AC_CONFIG_SRCDIR([ssh.c])	19	AC_CONFIG_SRCDIR([ssh.c])
20		20
21	AC_CONFIG_HEADER(config.h)	21	AC_CONFIG_HEADER(config.h)
@@ -2136,6 +2136,8 @@ int main(void) { SSLeay_add_all_algorithms(); }
2136	]	2136	]
2137	)	2137	)
2138		2138
		2139	AC_CHECK_FUNCS(RSA_generate_key_ex DSA_generate_parameters_ex BN_is_prime_ex)
		2140
2139	AC_ARG_WITH(ssl-engine,	2141	AC_ARG_WITH(ssl-engine,
2140	[ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ],	2142	[ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ],
2141	[ if test "x$withval" != "xno" ; then	2143	[ if test "x$withval" != "xno" ; then


diff --git a/moduli.c b/moduli.c index 2c2b388c7..2964a8b3d 100644 --- a/moduli.c +++ b/moduli.c
@@ -54,6 +54,8 @@
54	#include "dh.h"	54	#include "dh.h"
55	#include "log.h"	55	#include "log.h"
56		56
		57	#include "openbsd-compat/openssl-compat.h"
		58
57	/*	59	/*
58	* File output defines	60	* File output defines
59	*/	61	*/


diff --git a/openbsd-compat/openssl-compat.c b/openbsd-compat/openssl-compat.c index c9bb7cb50..e2d090cf1 100644 --- a/openbsd-compat/openssl-compat.c +++ b/openbsd-compat/openssl-compat.c
@@ -1,4 +1,4 @@
1	/* $Id: openssl-compat.c,v 1.10 2010/11/22 06:59:00 dtucker Exp $ */	1	/* $Id: openssl-compat.c,v 1.11 2010/12/04 12:20:50 dtucker Exp $ */
2		2
3	/*	3	/*
4	* Copyright (c) 2005 Darren Tucker <dtucker@zip.com.au>	4	* Copyright (c) 2005 Darren Tucker <dtucker@zip.com.au>
@@ -18,11 +18,16 @@
18		18
19	#include "includes.h"	19	#include "includes.h"
20		20
		21	#include <stdarg.h>
		22	#include <string.h>
		23
21	#ifdef USE_OPENSSL_ENGINE	24	#ifdef USE_OPENSSL_ENGINE
22	# include <openssl/engine.h>	25	# include <openssl/engine.h>
23	# include <openssl/conf.h>	26	# include <openssl/conf.h>
24	#endif	27	#endif
25		28
		29	#include "log.h"
		30
26	#define SSH_DONT_OVERLOAD_OPENSSL_FUNCS	31	#define SSH_DONT_OVERLOAD_OPENSSL_FUNCS
27	#include "openssl-compat.h"	32	#include "openssl-compat.h"
28		33
@@ -59,6 +64,63 @@ ssh_EVP_DigestUpdate(EVP_MD_CTX ctx, const void d, unsigned int cnt)
59	}	64	}
60	#endif	65	#endif
61		66
		67	#ifndef HAVE_BN_IS_PRIME_EX
		68	int
		69	BN_is_prime_ex(const BIGNUM p, int nchecks, BN_CTX ctx, void *cb)
		70	{
		71	if (cb != NULL)
		72	fatal("%s: callback args not supported", __func__);
		73	return BN_is_prime(p, nchecks, NULL, ctx, NULL);
		74	}
		75	#endif
		76
		77	#ifndef HAVE_RSA_GENERATE_KEY_EX
		78	int
		79	RSA_generate_key_ex(RSA rsa, int bits, BIGNUM bn_e, void *cb)
		80	{
		81	RSA *new_rsa, tmp_rsa;
		82	unsigned long e;
		83
		84	sleep(1);
		85	if (cb != NULL)
		86	fatal("%s: callback args not supported", __func__);
		87	e = BN_get_word(bn_e);
		88	if (e == 0xffffffffL)
		89	fatal("%s: value of e too large", __func__);
		90	new_rsa = RSA_generate_key(bits, e, NULL, NULL);
		91	if (new_rsa == NULL)
		92	return 0;
		93	/* swap rsa/new_rsa then free new_rsa */
		94	tmp_rsa = *rsa;
		95	rsa = new_rsa;
		96	*new_rsa = tmp_rsa;
		97	RSA_free(new_rsa);
		98	return 1;
		99	}
		100	#endif
		101
		102	#ifndef HAVE_DSA_GENERATE_PARAMETERS_EX
		103	int
		104	DSA_generate_parameters_ex(DSA dsa, int bits, const unsigned char seed,
		105	int seed_len, int counter_ret, unsigned long h_ret, void *cb)
		106	{
		107	DSA *new_dsa, tmp_dsa;
		108
		109	if (cb != NULL)
		110	fatal("%s: callback args not supported", __func__);
		111	new_dsa = DSA_generate_parameters(bits, (unsigned char *)seed, seed_len,
		112	counter_ret, h_ret, NULL, NULL);
		113	if (new_dsa == NULL)
		114	return 0;
		115	/* swap dsa/new_dsa then free new_dsa */
		116	tmp_dsa = *dsa;
		117	dsa = new_dsa;
		118	*new_dsa = tmp_dsa;
		119	DSA_free(new_dsa);
		120	return 1;
		121	}
		122	#endif
		123
62	#ifdef USE_OPENSSL_ENGINE	124	#ifdef USE_OPENSSL_ENGINE
63	void	125	void
64	ssh_SSLeay_add_all_algorithms(void)	126	ssh_SSLeay_add_all_algorithms(void)


diff --git a/openbsd-compat/openssl-compat.h b/openbsd-compat/openssl-compat.h index beb81f420..c0ca20aaf 100644 --- a/openbsd-compat/openssl-compat.h +++ b/openbsd-compat/openssl-compat.h
@@ -1,4 +1,4 @@
1	/* $Id: openssl-compat.h,v 1.16 2010/10/07 11:06:44 djm Exp $ */	1	/* $Id: openssl-compat.h,v 1.17 2010/12/04 12:20:50 dtucker Exp $ */
2		2
3	/*	3	/*
4	* Copyright (c) 2005 Darren Tucker <dtucker@zip.com.au>	4	* Copyright (c) 2005 Darren Tucker <dtucker@zip.com.au>
@@ -108,6 +108,19 @@ extern const EVP_CIPHER *evp_acss(void);
108	# define SSLeay_add_all_algorithms() ssh_SSLeay_add_all_algorithms()	108	# define SSLeay_add_all_algorithms() ssh_SSLeay_add_all_algorithms()
109	# endif	109	# endif
110		110
		111	# ifndef HAVE_BN_IS_PRIME_EX
		112	int BN_is_prime_ex(const BIGNUM , int, BN_CTX , void *);
		113	# endif
		114
		115	# ifndef HAVE_DSA_GENERATE_PARAMETERS_EX
		116	int DSA_generate_parameters_ex(DSA , int, const unsigned char , int, int *,
		117	unsigned long , void );
		118	# endif
		119
		120	# ifndef HAVE_RSA_GENERATE_KEY_EX
		121	int RSA_generate_key_ex(RSA , int, BIGNUM , void *);
		122	# endif
		123
111	int ssh_EVP_CipherInit(EVP_CIPHER_CTX , const EVP_CIPHER , unsigned char *,	124	int ssh_EVP_CipherInit(EVP_CIPHER_CTX , const EVP_CIPHER , unsigned char *,
112	unsigned char *, int);	125	unsigned char *, int);
113	int ssh_EVP_Cipher(EVP_CIPHER_CTX , char , char *, int);	126	int ssh_EVP_Cipher(EVP_CIPHER_CTX , char , char *, int);