6 files changed, 124 insertions, 44 deletions
diff --git a/ChangeLog b/ChangeLog
index efebb2820..f0424fa81 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+20050609
+ - (dtucker) [cipher.c openbsd-compat/Makefile.in
+   openbsd-compat/openbsd-compat.{c,h} openbsd-compat/openssl-compat.h]
+   Move compatibility code for supporting older OpenSSL versions to the
+   compat layer.  Suggested by and "no objection" djm@
 20050607
 - (dtucker) [configure.ac] Continue the hunt for LLONG_MIN and LLONG_MAX:
   in today's episode we attempt to coax it from limits.h where it may be
@@ -2686,4 +2692,4 @@
   - (djm) Trim deprecated options from INSTALL. Mention UsePAM
   - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
-$Id: ChangeLog,v 1.3813 2005/06/07 07:53:40 dtucker Exp $
+$Id: ChangeLog,v 1.3814 2005/06/09 11:45:10 dtucker Exp $
diff --git a/cipher.c b/cipher.c
index b56492940..df46c0175 100644
--- a/cipher.c
+++ b/cipher.c
@@ -43,26 +43,6 @@ RCSID("$OpenBSD: cipher.c,v 1.74 2005/05/23 23:32:46 djm Exp $");
 #include <openssl/md5.h>
-#if OPENSSL_VERSION_NUMBER < 0x00906000L
-#define SSH_OLD_EVP
-#define EVP_CIPHER_CTX_get_app_data(e)          ((e)->app_data)
-#endif
-#if OPENSSL_VERSION_NUMBER < 0x00907000L
-extern const EVP_CIPHER *evp_rijndael(void);
-extern void ssh_rijndael_iv(EVP_CIPHER_CTX *, int, u_char *, u_int);
-#endif
-#if !defined(EVP_CTRL_SET_ACSS_MODE)
-# if (OPENSSL_VERSION_NUMBER >= 0x00907000L)
-extern const EVP_CIPHER *evp_acss(void);
-#  define EVP_acss evp_acss
-#  define EVP_CTRL_SET_ACSS_MODE xxx    /* used below */
-# else
-#  define EVP_acss NULL /* Don't try to support ACSS on older OpenSSL */
-# endif /* (OPENSSL_VERSION_NUMBER >= 0x00906000L) */
-#endif /* !defined(EVP_CTRL_SET_ACSS_MODE) */
 extern const EVP_CIPHER *evp_ssh1_bf(void);
 extern const EVP_CIPHER *evp_ssh1_3des(void);
 extern void ssh1_3des_iv(EVP_CIPHER_CTX *, int, u_char *, int);
@@ -88,25 +68,15 @@ struct Cipher {
        { "arcfour",            SSH_CIPHER_SSH2, 8, 16, 0, EVP_rc4 },
        { "arcfour128",         SSH_CIPHER_SSH2, 8, 16, 1536, EVP_rc4 },
        { "arcfour256",         SSH_CIPHER_SSH2, 8, 32, 1536, EVP_rc4 },
-#if OPENSSL_VERSION_NUMBER < 0x00907000L
-        { "aes128-cbc",         SSH_CIPHER_SSH2, 16, 16, 0, evp_rijndael },
-        { "aes192-cbc",         SSH_CIPHER_SSH2, 16, 24, 0, evp_rijndael },
-        { "aes256-cbc",         SSH_CIPHER_SSH2, 16, 32, 0, evp_rijndael },
-        { "rijndael-cbc@lysator.liu.se",
-                                SSH_CIPHER_SSH2, 16, 32, 0, evp_rijndael },
-#else
        { "aes128-cbc",         SSH_CIPHER_SSH2, 16, 16, 0, EVP_aes_128_cbc },
        { "aes192-cbc",         SSH_CIPHER_SSH2, 16, 24, 0, EVP_aes_192_cbc },
        { "aes256-cbc",         SSH_CIPHER_SSH2, 16, 32, 0, EVP_aes_256_cbc },
        { "rijndael-cbc@lysator.liu.se",
                                SSH_CIPHER_SSH2, 16, 32, 0, EVP_aes_256_cbc },
-#endif
-#if OPENSSL_VERSION_NUMBER >= 0x00905000L
        { "aes128-ctr",         SSH_CIPHER_SSH2, 16, 16, 0, evp_aes_128_ctr },
        { "aes192-ctr",         SSH_CIPHER_SSH2, 16, 24, 0, evp_aes_128_ctr },
        { "aes256-ctr",         SSH_CIPHER_SSH2, 16, 32, 0, evp_aes_128_ctr },
-#endif
+#ifdef USE_CIPHER_ACSS
-#if defined(EVP_CTRL_SET_ACSS_MODE)
        { "acss@openssh.org",   SSH_CIPHER_SSH2, 16, 5, 0, EVP_acss },
 #endif
        { NULL,                 SSH_CIPHER_INVALID, 0, 0, 0, NULL }
@@ -225,8 +195,8 @@ cipher_init(CipherContext *cc, Cipher *cipher,
        EVP_CIPHER *type;
 #else
        const EVP_CIPHER *type;
-#endif
        int klen;
+#endif
        u_char *junk, *discard;
        if (cipher->number == SSH_CIPHER_DES) {
@@ -293,23 +263,15 @@ cipher_crypt(CipherContext *cc, u_char *dest, const u_char *src, u_int len)
 {
        if (len % cc->cipher->block_size)
                fatal("cipher_encrypt: bad plaintext length %d", len);
-#ifdef SSH_OLD_EVP
-        EVP_Cipher(&cc->evp, dest, (u_char *)src, len);
-#else
        if (EVP_Cipher(&cc->evp, dest, (u_char *)src, len) == 0)
                fatal("evp_crypt: EVP_Cipher failed");
-#endif
 }
 void
 cipher_cleanup(CipherContext *cc)
 {
-#ifdef SSH_OLD_EVP
-        EVP_CIPHER_CTX_cleanup(&cc->evp);
-#else
        if (EVP_CIPHER_CTX_cleanup(&cc->evp) == 0)
                error("cipher_cleanup: EVP_CIPHER_CTX_cleanup failed");
-#endif
 }
 /*
diff --git a/openbsd-compat/Makefile.in b/openbsd-compat/Makefile.in
index 30d2410bc..c6e08867c 100644
--- a/openbsd-compat/Makefile.in
+++ b/openbsd-compat/Makefile.in
@@ -1,4 +1,4 @@
-# $Id: Makefile.in,v 1.33 2005/06/01 11:39:34 dtucker Exp $
+# $Id: Makefile.in,v 1.34 2005/06/09 11:45:11 dtucker Exp $
 sysconfdir=@sysconfdir@
 piddir=@piddir@
@@ -18,7 +18,7 @@ LDFLAGS=-L. @LDFLAGS@
 OPENBSD=base64.o basename.o bindresvport.o daemon.o dirname.o getcwd.o getgrouplist.o getopt.o getrrsetbyname.o glob.o inet_aton.o inet_ntoa.o inet_ntop.o mktemp.o readpassphrase.o realpath.o rresvport.o setenv.o setproctitle.o sigact.o strlcat.o strlcpy.o strmode.o strsep.o strtonum.o strtoll.o strtoul.o vis.o
-COMPAT=bsd-arc4random.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-snprintf.o bsd-waitpid.o fake-rfc2553.o xmmap.o xcrypt.o
+COMPAT=bsd-arc4random.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-snprintf.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xmmap.o xcrypt.o
 PORTS=port-irix.o port-aix.o
diff --git a/openbsd-compat/openbsd-compat.h b/openbsd-compat/openbsd-compat.h
index a4cfa6c4d..f468d5aab 100644
--- a/openbsd-compat/openbsd-compat.h
+++ b/openbsd-compat/openbsd-compat.h
@@ -1,4 +1,4 @@
-/* $Id: openbsd-compat.h,v 1.27 2005/05/26 10:48:25 djm Exp $ */
+/* $Id: openbsd-compat.h,v 1.28 2005/06/09 11:45:11 dtucker Exp $ */
 /*
 * Copyright (c) 1999-2003 Damien Miller.  All rights reserved.
@@ -168,6 +168,9 @@ char *shadow_pw(struct passwd *pw);
 /* rfc2553 socket API replacements */
 #include "fake-rfc2553.h"
+/* compatibility with old or broken OpenSSL versions */
+#include "openssl-compat.h"
 /* Routines for a single OS platform */
 #include "bsd-cray.h"
 #include "bsd-cygwin_util.h"
diff --git a/openbsd-compat/openssl-compat.c b/openbsd-compat/openssl-compat.c
new file mode 100644
index 000000000..10b4d1d74
--- /dev/null
+++ b/openbsd-compat/openssl-compat.c
@@ -0,0 +1,44 @@
+/* $Id: openssl-compat.c,v 1.1 2005/06/09 11:45:11 dtucker Exp $ */
+/*
+ * Copyright (c) 2005 Darren Tucker <dtucker@zip.com.au>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF MIND, USE, DATA OR PROFITS, WHETHER
+ * IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
+ * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+#define SSH_DONT_REDEF_EVP
+#include "includes.h"
+#ifdef SSH_OLD_EVP
+int
+ssh_EVP_CipherInit(EVP_CIPHER_CTX *evp, const EVP_CIPHER *type,
+    unsigned char *key, unsigned char *iv, int enc)
+{
+        EVP_CipherInit(evp, type, key, iv, enc);
+        return 1;
+}
+int
+ssh_EVP_Cipher(EVP_CIPHER_CTX *evp, char *dst, char *src, int len)
+{
+        EVP_Cipher(evp, dst, src, len);
+        return 1;
+}
+int
+ssh_EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *evp)
+{
+        EVP_CIPHER_CTX_cleanup(evp);
+        return 1;
+}
+#endif
diff --git a/openbsd-compat/openssl-compat.h b/openbsd-compat/openssl-compat.h
new file mode 100644
index 000000000..d9b2fa55f
--- /dev/null
+++ b/openbsd-compat/openssl-compat.h
@@ -0,0 +1,65 @@
+/* $Id: openssl-compat.h,v 1.1 2005/06/09 11:45:11 dtucker Exp $ */
+/*
+ * Copyright (c) 2005 Darren Tucker <dtucker@zip.com.au>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF MIND, USE, DATA OR PROFITS, WHETHER
+ * IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
+ * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+#include "includes.h"
+#include <openssl/evp.h>
+#if OPENSSL_VERSION_NUMBER < 0x00906000L
+# define SSH_OLD_EVP
+# define EVP_CIPHER_CTX_get_app_data(e)         ((e)->app_data)
+#endif
+#if OPENSSL_VERSION_NUMBER < 0x00907000L
+# define EVP_aes_128_cbc evp_rijndael
+# define EVP_aes_192_cbc evp_rijndael
+# define EVP_aes_256_cbc evp_rijndael
+extern const EVP_CIPHER *evp_rijndael(void);
+extern void ssh_rijndael_iv(EVP_CIPHER_CTX *, int, u_char *, u_int);
+#endif
+#if !defined(EVP_CTRL_SET_ACSS_MODE)
+# if (OPENSSL_VERSION_NUMBER >= 0x00907000L)
+#  define USE_CIPHER_ACSS 1
+extern const EVP_CIPHER *evp_acss(void);
+#  define EVP_acss evp_acss
+# else
+#  define EVP_acss NULL
+# endif
+#endif
+/*
+ * insert comment here
+ */
+#ifdef SSH_OLD_EVP
+# ifndef SSH_DONT_REDEF_EVP
+#  ifdef EVP_Cipher
+#   undef EVP_Cipher
+#  endif
+#  define EVP_CipherInit(a,b,c,d,e)     ssh_EVP_CipherInit((a),(b),(c),(d),(e))
+#  define EVP_Cipher(a,b,c,d)           ssh_EVP_Cipher((a),(b),(c),(d))
+#  define EVP_CIPHER_CTX_cleanup(a)     ssh_EVP_CIPHER_CTX_cleanup((a))
+# endif
+int ssh_EVP_CipherInit(EVP_CIPHER_CTX *, const EVP_CIPHER *, unsigned char *,
+    unsigned char *, int);
+int ssh_EVP_Cipher(EVP_CIPHER_CTX *, char *, char *, int);
+int ssh_EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *);
+#endif

diff --git a/ChangeLog b/ChangeLog index efebb2820..f0424fa81 100644 --- a/ChangeLog +++ b/ChangeLog
@@ -1,3 +1,9 @@
		1	20050609
		2	- (dtucker) [cipher.c openbsd-compat/Makefile.in
		3	openbsd-compat/openbsd-compat.{c,h} openbsd-compat/openssl-compat.h]
		4	Move compatibility code for supporting older OpenSSL versions to the
		5	compat layer. Suggested by and "no objection" djm@
		6
1	20050607	7	20050607
2	- (dtucker) [configure.ac] Continue the hunt for LLONG_MIN and LLONG_MAX:	8	- (dtucker) [configure.ac] Continue the hunt for LLONG_MIN and LLONG_MAX:
3	in today's episode we attempt to coax it from limits.h where it may be	9	in today's episode we attempt to coax it from limits.h where it may be
@@ -2686,4 +2692,4 @@
2686	- (djm) Trim deprecated options from INSTALL. Mention UsePAM	2692	- (djm) Trim deprecated options from INSTALL. Mention UsePAM
2687	- (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu	2693	- (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
2688		2694
2689	$Id: ChangeLog,v 1.3813 2005/06/07 07:53:40 dtucker Exp $	2695	$Id: ChangeLog,v 1.3814 2005/06/09 11:45:10 dtucker Exp $


diff --git a/cipher.c b/cipher.c index b56492940..df46c0175 100644 --- a/cipher.c +++ b/cipher.c
@@ -43,26 +43,6 @@ RCSID("$OpenBSD: cipher.c,v 1.74 2005/05/23 23:32:46 djm Exp $");
43		43
44	#include <openssl/md5.h>	44	#include <openssl/md5.h>
45		45
46	#if OPENSSL_VERSION_NUMBER < 0x00906000L
47	#define SSH_OLD_EVP
48	#define EVP_CIPHER_CTX_get_app_data(e) ((e)->app_data)
49	#endif
50
51	#if OPENSSL_VERSION_NUMBER < 0x00907000L
52	extern const EVP_CIPHER *evp_rijndael(void);
53	extern void ssh_rijndael_iv(EVP_CIPHER_CTX , int, u_char , u_int);
54	#endif
55
56	#if !defined(EVP_CTRL_SET_ACSS_MODE)
57	# if (OPENSSL_VERSION_NUMBER >= 0x00907000L)
58	extern const EVP_CIPHER *evp_acss(void);
59	# define EVP_acss evp_acss
60	# define EVP_CTRL_SET_ACSS_MODE xxx /* used below */
61	# else
62	# define EVP_acss NULL /* Don't try to support ACSS on older OpenSSL */
63	# endif /* (OPENSSL_VERSION_NUMBER >= 0x00906000L) */
64	#endif /* !defined(EVP_CTRL_SET_ACSS_MODE) */
65
66	extern const EVP_CIPHER *evp_ssh1_bf(void);	46	extern const EVP_CIPHER *evp_ssh1_bf(void);
67	extern const EVP_CIPHER *evp_ssh1_3des(void);	47	extern const EVP_CIPHER *evp_ssh1_3des(void);
68	extern void ssh1_3des_iv(EVP_CIPHER_CTX , int, u_char , int);	48	extern void ssh1_3des_iv(EVP_CIPHER_CTX , int, u_char , int);
@@ -88,25 +68,15 @@ struct Cipher {
88	{ "arcfour", SSH_CIPHER_SSH2, 8, 16, 0, EVP_rc4 },	68	{ "arcfour", SSH_CIPHER_SSH2, 8, 16, 0, EVP_rc4 },
89	{ "arcfour128", SSH_CIPHER_SSH2, 8, 16, 1536, EVP_rc4 },	69	{ "arcfour128", SSH_CIPHER_SSH2, 8, 16, 1536, EVP_rc4 },
90	{ "arcfour256", SSH_CIPHER_SSH2, 8, 32, 1536, EVP_rc4 },	70	{ "arcfour256", SSH_CIPHER_SSH2, 8, 32, 1536, EVP_rc4 },
91	#if OPENSSL_VERSION_NUMBER < 0x00907000L
92	{ "aes128-cbc", SSH_CIPHER_SSH2, 16, 16, 0, evp_rijndael },
93	{ "aes192-cbc", SSH_CIPHER_SSH2, 16, 24, 0, evp_rijndael },
94	{ "aes256-cbc", SSH_CIPHER_SSH2, 16, 32, 0, evp_rijndael },
95	{ "rijndael-cbc@lysator.liu.se",
96	SSH_CIPHER_SSH2, 16, 32, 0, evp_rijndael },
97	#else
98	{ "aes128-cbc", SSH_CIPHER_SSH2, 16, 16, 0, EVP_aes_128_cbc },	71	{ "aes128-cbc", SSH_CIPHER_SSH2, 16, 16, 0, EVP_aes_128_cbc },
99	{ "aes192-cbc", SSH_CIPHER_SSH2, 16, 24, 0, EVP_aes_192_cbc },	72	{ "aes192-cbc", SSH_CIPHER_SSH2, 16, 24, 0, EVP_aes_192_cbc },
100	{ "aes256-cbc", SSH_CIPHER_SSH2, 16, 32, 0, EVP_aes_256_cbc },	73	{ "aes256-cbc", SSH_CIPHER_SSH2, 16, 32, 0, EVP_aes_256_cbc },
101	{ "rijndael-cbc@lysator.liu.se",	74	{ "rijndael-cbc@lysator.liu.se",
102	SSH_CIPHER_SSH2, 16, 32, 0, EVP_aes_256_cbc },	75	SSH_CIPHER_SSH2, 16, 32, 0, EVP_aes_256_cbc },
103	#endif
104	#if OPENSSL_VERSION_NUMBER >= 0x00905000L
105	{ "aes128-ctr", SSH_CIPHER_SSH2, 16, 16, 0, evp_aes_128_ctr },	76	{ "aes128-ctr", SSH_CIPHER_SSH2, 16, 16, 0, evp_aes_128_ctr },
106	{ "aes192-ctr", SSH_CIPHER_SSH2, 16, 24, 0, evp_aes_128_ctr },	77	{ "aes192-ctr", SSH_CIPHER_SSH2, 16, 24, 0, evp_aes_128_ctr },
107	{ "aes256-ctr", SSH_CIPHER_SSH2, 16, 32, 0, evp_aes_128_ctr },	78	{ "aes256-ctr", SSH_CIPHER_SSH2, 16, 32, 0, evp_aes_128_ctr },
108	#endif	79	#ifdef USE_CIPHER_ACSS
109	#if defined(EVP_CTRL_SET_ACSS_MODE)
110	{ "acss@openssh.org", SSH_CIPHER_SSH2, 16, 5, 0, EVP_acss },	80	{ "acss@openssh.org", SSH_CIPHER_SSH2, 16, 5, 0, EVP_acss },
111	#endif	81	#endif
112	{ NULL, SSH_CIPHER_INVALID, 0, 0, 0, NULL }	82	{ NULL, SSH_CIPHER_INVALID, 0, 0, 0, NULL }
@@ -225,8 +195,8 @@ cipher_init(CipherContext cc, Cipher cipher,
225	EVP_CIPHER *type;	195	EVP_CIPHER *type;
226	#else	196	#else
227	const EVP_CIPHER *type;	197	const EVP_CIPHER *type;
228	#endif
229	int klen;	198	int klen;
		199	#endif
230	u_char junk, discard;	200	u_char junk, discard;
231		201
232	if (cipher->number == SSH_CIPHER_DES) {	202	if (cipher->number == SSH_CIPHER_DES) {
@@ -293,23 +263,15 @@ cipher_crypt(CipherContext cc, u_char dest, const u_char *src, u_int len)
293	{	263	{
294	if (len % cc->cipher->block_size)	264	if (len % cc->cipher->block_size)
295	fatal("cipher_encrypt: bad plaintext length %d", len);	265	fatal("cipher_encrypt: bad plaintext length %d", len);
296	#ifdef SSH_OLD_EVP
297	EVP_Cipher(&cc->evp, dest, (u_char *)src, len);
298	#else
299	if (EVP_Cipher(&cc->evp, dest, (u_char *)src, len) == 0)	266	if (EVP_Cipher(&cc->evp, dest, (u_char *)src, len) == 0)
300	fatal("evp_crypt: EVP_Cipher failed");	267	fatal("evp_crypt: EVP_Cipher failed");
301	#endif
302	}	268	}
303		269
304	void	270	void
305	cipher_cleanup(CipherContext *cc)	271	cipher_cleanup(CipherContext *cc)
306	{	272	{
307	#ifdef SSH_OLD_EVP
308	EVP_CIPHER_CTX_cleanup(&cc->evp);
309	#else
310	if (EVP_CIPHER_CTX_cleanup(&cc->evp) == 0)	273	if (EVP_CIPHER_CTX_cleanup(&cc->evp) == 0)
311	error("cipher_cleanup: EVP_CIPHER_CTX_cleanup failed");	274	error("cipher_cleanup: EVP_CIPHER_CTX_cleanup failed");
312	#endif
313	}	275	}
314		276
315	/*	277	/*


diff --git a/openbsd-compat/Makefile.in b/openbsd-compat/Makefile.in index 30d2410bc..c6e08867c 100644 --- a/openbsd-compat/Makefile.in +++ b/openbsd-compat/Makefile.in
@@ -1,4 +1,4 @@
1	# $Id: Makefile.in,v 1.33 2005/06/01 11:39:34 dtucker Exp $	1	# $Id: Makefile.in,v 1.34 2005/06/09 11:45:11 dtucker Exp $
2		2
3	sysconfdir=@sysconfdir@	3	sysconfdir=@sysconfdir@
4	piddir=@piddir@	4	piddir=@piddir@
@@ -18,7 +18,7 @@ LDFLAGS=-L. @LDFLAGS@
18		18
19	OPENBSD=base64.o basename.o bindresvport.o daemon.o dirname.o getcwd.o getgrouplist.o getopt.o getrrsetbyname.o glob.o inet_aton.o inet_ntoa.o inet_ntop.o mktemp.o readpassphrase.o realpath.o rresvport.o setenv.o setproctitle.o sigact.o strlcat.o strlcpy.o strmode.o strsep.o strtonum.o strtoll.o strtoul.o vis.o	19	OPENBSD=base64.o basename.o bindresvport.o daemon.o dirname.o getcwd.o getgrouplist.o getopt.o getrrsetbyname.o glob.o inet_aton.o inet_ntoa.o inet_ntop.o mktemp.o readpassphrase.o realpath.o rresvport.o setenv.o setproctitle.o sigact.o strlcat.o strlcpy.o strmode.o strsep.o strtonum.o strtoll.o strtoul.o vis.o
20		20
21	COMPAT=bsd-arc4random.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-snprintf.o bsd-waitpid.o fake-rfc2553.o xmmap.o xcrypt.o	21	COMPAT=bsd-arc4random.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-snprintf.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xmmap.o xcrypt.o
22		22
23	PORTS=port-irix.o port-aix.o	23	PORTS=port-irix.o port-aix.o
24		24


diff --git a/openbsd-compat/openbsd-compat.h b/openbsd-compat/openbsd-compat.h index a4cfa6c4d..f468d5aab 100644 --- a/openbsd-compat/openbsd-compat.h +++ b/openbsd-compat/openbsd-compat.h
@@ -1,4 +1,4 @@
1	/* $Id: openbsd-compat.h,v 1.27 2005/05/26 10:48:25 djm Exp $ */	1	/* $Id: openbsd-compat.h,v 1.28 2005/06/09 11:45:11 dtucker Exp $ */
2		2
3	/*	3	/*
4	* Copyright (c) 1999-2003 Damien Miller. All rights reserved.	4	* Copyright (c) 1999-2003 Damien Miller. All rights reserved.
@@ -168,6 +168,9 @@ char shadow_pw(struct passwd pw);
168	/* rfc2553 socket API replacements */	168	/* rfc2553 socket API replacements */
169	#include "fake-rfc2553.h"	169	#include "fake-rfc2553.h"
170		170
		171	/* compatibility with old or broken OpenSSL versions */
		172	#include "openssl-compat.h"
		173
171	/* Routines for a single OS platform */	174	/* Routines for a single OS platform */
172	#include "bsd-cray.h"	175	#include "bsd-cray.h"
173	#include "bsd-cygwin_util.h"	176	#include "bsd-cygwin_util.h"


diff --git a/openbsd-compat/openssl-compat.c b/openbsd-compat/openssl-compat.c new file mode 100644 index 000000000..10b4d1d74 --- /dev/null +++ b/openbsd-compat/openssl-compat.c
@@ -0,0 +1,44 @@
		1	/* $Id: openssl-compat.c,v 1.1 2005/06/09 11:45:11 dtucker Exp $ */
		2
		3	/*
		4	* Copyright (c) 2005 Darren Tucker <dtucker@zip.com.au>
		5	*
		6	* Permission to use, copy, modify, and distribute this software for any
		7	* purpose with or without fee is hereby granted, provided that the above
		8	* copyright notice and this permission notice appear in all copies.
		9	*
		10	* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
		11	* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
		12	* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
		13	* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
		14	* WHATSOEVER RESULTING FROM LOSS OF MIND, USE, DATA OR PROFITS, WHETHER
		15	* IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
		16	* OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
		17	*/
		18
		19	#define SSH_DONT_REDEF_EVP
		20	#include "includes.h"
		21
		22	#ifdef SSH_OLD_EVP
		23	int
		24	ssh_EVP_CipherInit(EVP_CIPHER_CTX evp, const EVP_CIPHER type,
		25	unsigned char key, unsigned char iv, int enc)
		26	{
		27	EVP_CipherInit(evp, type, key, iv, enc);
		28	return 1;
		29	}
		30
		31	int
		32	ssh_EVP_Cipher(EVP_CIPHER_CTX evp, char dst, char *src, int len)
		33	{
		34	EVP_Cipher(evp, dst, src, len);
		35	return 1;
		36	}
		37
		38	int
		39	ssh_EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *evp)
		40	{
		41	EVP_CIPHER_CTX_cleanup(evp);
		42	return 1;
		43	}
		44	#endif


diff --git a/openbsd-compat/openssl-compat.h b/openbsd-compat/openssl-compat.h new file mode 100644 index 000000000..d9b2fa55f --- /dev/null +++ b/openbsd-compat/openssl-compat.h
@@ -0,0 +1,65 @@
		1	/* $Id: openssl-compat.h,v 1.1 2005/06/09 11:45:11 dtucker Exp $ */
		2
		3	/*
		4	* Copyright (c) 2005 Darren Tucker <dtucker@zip.com.au>
		5	*
		6	* Permission to use, copy, modify, and distribute this software for any
		7	* purpose with or without fee is hereby granted, provided that the above
		8	* copyright notice and this permission notice appear in all copies.
		9	*
		10	* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
		11	* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
		12	* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
		13	* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
		14	* WHATSOEVER RESULTING FROM LOSS OF MIND, USE, DATA OR PROFITS, WHETHER
		15	* IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
		16	* OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
		17	*/
		18
		19	#include "includes.h"
		20	#include <openssl/evp.h>
		21
		22	#if OPENSSL_VERSION_NUMBER < 0x00906000L
		23	# define SSH_OLD_EVP
		24	# define EVP_CIPHER_CTX_get_app_data(e) ((e)->app_data)
		25	#endif
		26
		27	#if OPENSSL_VERSION_NUMBER < 0x00907000L
		28	# define EVP_aes_128_cbc evp_rijndael
		29	# define EVP_aes_192_cbc evp_rijndael
		30	# define EVP_aes_256_cbc evp_rijndael
		31	extern const EVP_CIPHER *evp_rijndael(void);
		32	extern void ssh_rijndael_iv(EVP_CIPHER_CTX , int, u_char , u_int);
		33	#endif
		34
		35	#if !defined(EVP_CTRL_SET_ACSS_MODE)
		36	# if (OPENSSL_VERSION_NUMBER >= 0x00907000L)
		37	# define USE_CIPHER_ACSS 1
		38	extern const EVP_CIPHER *evp_acss(void);
		39	# define EVP_acss evp_acss
		40	# else
		41	# define EVP_acss NULL
		42	# endif
		43	#endif
		44
		45	/*
		46	* insert comment here
		47	*/
		48	#ifdef SSH_OLD_EVP
		49
		50	# ifndef SSH_DONT_REDEF_EVP
		51
		52	# ifdef EVP_Cipher
		53	# undef EVP_Cipher
		54	# endif
		55
		56	# define EVP_CipherInit(a,b,c,d,e) ssh_EVP_CipherInit((a),(b),(c),(d),(e))
		57	# define EVP_Cipher(a,b,c,d) ssh_EVP_Cipher((a),(b),(c),(d))
		58	# define EVP_CIPHER_CTX_cleanup(a) ssh_EVP_CIPHER_CTX_cleanup((a))
		59	# endif
		60
		61	int ssh_EVP_CipherInit(EVP_CIPHER_CTX , const EVP_CIPHER , unsigned char *,
		62	unsigned char *, int);
		63	int ssh_EVP_Cipher(EVP_CIPHER_CTX , char , char *, int);
		64	int ssh_EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *);
		65	#endif