diff -urN ssh-orig/Makefile.inc ssh/Makefile.inc --- Makefile.inc Mon Jan 21 21:38:54 2019 +++ Makefile.inc Thu Apr 18 09:42:53 2019 @@ -20,7 +20,7 @@ CDIAGFLAGS+= -Wold-style-definition .endif -#CDIAGFLAGS+= -Werror +CDIAGFLAGS+= -Werror #DEBUG=-g #INSTALL_STRIP= @@ -51,6 +51,7 @@ SRCS_KEX+= kexgex.c SRCS_KEXC+= kexgexc.c SRCS_KEXS+= kexgexs.c +SRCS_KEY+= libressl-api-compat.c .endif SRCS_KEX+= kexc25519.c SRCS_KEX+= smult_curve25519_ref.c diff -urN ssh-orig/cipher.c ssh/cipher.c --- cipher.c Thu Sep 13 12:08:33 2018 +++ cipher.c Thu Apr 18 09:42:53 2019 @@ -41,6 +41,8 @@ #include #include +#include "libressl-api-compat.h" + #include "cipher.h" #include "misc.h" #include "sshbuf.h" diff -urN ssh-orig/dh.c ssh/dh.c --- dh.c Fri Nov 9 13:56:22 2018 +++ dh.c Thu Apr 18 09:42:53 2019 @@ -33,6 +33,8 @@ #include #include +#include "libressl-api-compat.h" + #include "dh.h" #include "pathnames.h" #include "log.h" diff -urN ssh-orig/digest-openssl.c ssh/digest-openssl.c --- digest-openssl.c Thu Sep 13 12:08:33 2018 +++ digest-openssl.c Thu Apr 18 09:42:53 2019 @@ -22,6 +22,8 @@ #include +#include "libressl-api-compat.h" + #include "sshbuf.h" #include "digest.h" #include "ssherr.h" diff -urN ssh-orig/kexgexc.c ssh/kexgexc.c --- kexgexc.c Wed Jan 23 11:30:41 2019 +++ kexgexc.c Thu Apr 18 09:43:30 2019 @@ -32,6 +32,8 @@ #include #include +#include "libressl-api-compat.h" + #include "sshkey.h" #include "cipher.h" #include "digest.h" diff -urN ssh-orig/kexgexs.c ssh/kexgexs.c --- kexgexs.c Wed Jan 23 11:30:41 2019 +++ kexgexs.c Thu Apr 18 09:43:30 2019 @@ -31,6 +31,8 @@ #include +#include "libressl-api-compat.h" + #include "sshkey.h" #include "cipher.h" #include "digest.h" diff -urN ssh-orig/libressl-api-compat.c ssh/libressl-api-compat.c --- libressl-api-compat.c Thu Jan 1 10:00:00 1970 +++ libressl-api-compat.c Thu Apr 18 09:43:30 2019 @@ -0,0 +1,637 @@ +/* $OpenBSD: dsa_lib.c,v 1.29 2018/04/14 07:09:21 tb Exp $ */ +/* $OpenBSD: rsa_lib.c,v 1.37 2018/04/14 07:09:21 tb Exp $ */ +/* $OpenBSD: evp_lib.c,v 1.17 2018/09/12 06:35:38 djm Exp $ */ +/* $OpenBSD: dh_lib.c,v 1.32 2018/05/02 15:48:38 tb Exp $ */ +/* $OpenBSD: p_lib.c,v 1.24 2018/05/30 15:40:50 tb Exp $ */ +/* $OpenBSD: digest.c,v 1.30 2018/04/14 07:09:21 tb Exp $ */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +/* $OpenBSD: dsa_asn1.c,v 1.22 2018/06/14 17:03:19 jsing Exp $ */ +/* $OpenBSD: ecs_asn1.c,v 1.9 2018/03/17 15:24:44 tb Exp $ */ +/* $OpenBSD: digest.c,v 1.30 2018/04/14 07:09:21 tb Exp $ */ +/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL + * project 2000. + */ +/* ==================================================================== + * Copyright (c) 2000-2005 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +/* $OpenBSD: rsa_meth.c,v 1.2 2018/09/12 06:35:38 djm Exp $ */ +/* + * Copyright (c) 2018 Theo Buehler + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#ifdef WITH_OPENSSL + +#include + +#include +#include +#include + +#include +#include +#include +#include +#include +#include +#include + +#include "libressl-api-compat.h" + +#ifndef HAVE_DSA_GET0_PQG +void +DSA_get0_pqg(const DSA *d, const BIGNUM **p, const BIGNUM **q, const BIGNUM **g) +{ + if (p != NULL) + *p = d->p; + if (q != NULL) + *q = d->q; + if (g != NULL) + *g = d->g; +} +#endif /* HAVE_DSA_GET0_PQG */ + +#ifndef HAVE_DSA_SET0_PQG +int +DSA_set0_pqg(DSA *d, BIGNUM *p, BIGNUM *q, BIGNUM *g) +{ + if ((d->p == NULL && p == NULL) || (d->q == NULL && q == NULL) || + (d->g == NULL && g == NULL)) + return 0; + + if (p != NULL) { + BN_free(d->p); + d->p = p; + } + if (q != NULL) { + BN_free(d->q); + d->q = q; + } + if (g != NULL) { + BN_free(d->g); + d->g = g; + } + + return 1; +} +#endif /* HAVE_DSA_SET0_PQG */ + +#ifndef HAVE_DSA_GET0_KEY +void +DSA_get0_key(const DSA *d, const BIGNUM **pub_key, const BIGNUM **priv_key) +{ + if (pub_key != NULL) + *pub_key = d->pub_key; + if (priv_key != NULL) + *priv_key = d->priv_key; +} +#endif /* HAVE_DSA_GET0_KEY */ + +#ifndef HAVE_DSA_SET0_KEY +int +DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key) +{ + if (d->pub_key == NULL && pub_key == NULL) + return 0; + + if (pub_key != NULL) { + BN_free(d->pub_key); + d->pub_key = pub_key; + } + if (priv_key != NULL) { + BN_free(d->priv_key); + d->priv_key = priv_key; + } + + return 1; +} +#endif /* HAVE_DSA_SET0_KEY */ + +#ifndef HAVE_RSA_GET0_KEY +void +RSA_get0_key(const RSA *r, const BIGNUM **n, const BIGNUM **e, const BIGNUM **d) +{ + if (n != NULL) + *n = r->n; + if (e != NULL) + *e = r->e; + if (d != NULL) + *d = r->d; +} +#endif /* HAVE_RSA_GET0_KEY */ + +#ifndef HAVE_RSA_SET0_KEY +int +RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d) +{ + if ((r->n == NULL && n == NULL) || (r->e == NULL && e == NULL)) + return 0; + + if (n != NULL) { + BN_free(r->n); + r->n = n; + } + if (e != NULL) { + BN_free(r->e); + r->e = e; + } + if (d != NULL) { + BN_free(r->d); + r->d = d; + } + + return 1; +} +#endif /* HAVE_RSA_SET0_KEY */ + +#ifndef HAVE_RSA_GET0_CRT_PARAMS +void +RSA_get0_crt_params(const RSA *r, const BIGNUM **dmp1, const BIGNUM **dmq1, + const BIGNUM **iqmp) +{ + if (dmp1 != NULL) + *dmp1 = r->dmp1; + if (dmq1 != NULL) + *dmq1 = r->dmq1; + if (iqmp != NULL) + *iqmp = r->iqmp; +} +#endif /* HAVE_RSA_GET0_CRT_PARAMS */ + +#ifndef HAVE_RSA_SET0_CRT_PARAMS +int +RSA_set0_crt_params(RSA *r, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp) +{ + if ((r->dmp1 == NULL && dmp1 == NULL) || + (r->dmq1 == NULL && dmq1 == NULL) || + (r->iqmp == NULL && iqmp == NULL)) + return 0; + + if (dmp1 != NULL) { + BN_free(r->dmp1); + r->dmp1 = dmp1; + } + if (dmq1 != NULL) { + BN_free(r->dmq1); + r->dmq1 = dmq1; + } + if (iqmp != NULL) { + BN_free(r->iqmp); + r->iqmp = iqmp; + } + + return 1; +} +#endif /* HAVE_RSA_SET0_CRT_PARAMS */ + +#ifndef HAVE_RSA_GET0_FACTORS +void +RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q) +{ + if (p != NULL) + *p = r->p; + if (q != NULL) + *q = r->q; +} +#endif /* HAVE_RSA_GET0_FACTORS */ + +#ifndef HAVE_RSA_SET0_FACTORS +int +RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q) +{ + if ((r->p == NULL && p == NULL) || (r->q == NULL && q == NULL)) + return 0; + + if (p != NULL) { + BN_free(r->p); + r->p = p; + } + if (q != NULL) { + BN_free(r->q); + r->q = q; + } + + return 1; +} +#endif /* HAVE_RSA_SET0_FACTORS */ + +#ifndef HAVE_EVP_CIPHER_CTX_GET_IV +int +EVP_CIPHER_CTX_get_iv(const EVP_CIPHER_CTX *ctx, unsigned char *iv, size_t len) +{ + if (ctx == NULL) + return 0; + if (EVP_CIPHER_CTX_iv_length(ctx) < 0) + return 0; + if (len != (size_t)EVP_CIPHER_CTX_iv_length(ctx)) + return 0; + if (len > EVP_MAX_IV_LENGTH) + return 0; /* sanity check; shouldn't happen */ + /* + * Skip the memcpy entirely when the requested IV length is zero, + * since the iv pointer may be NULL or invalid. + */ + if (len != 0) { + if (iv == NULL) + return 0; +# ifdef HAVE_EVP_CIPHER_CTX_IV + memcpy(iv, EVP_CIPHER_CTX_iv(ctx), len); +# else + memcpy(iv, ctx->iv, len); +# endif /* HAVE_EVP_CIPHER_CTX_IV */ + } + return 1; +} +#endif /* HAVE_EVP_CIPHER_CTX_GET_IV */ + +#ifndef HAVE_EVP_CIPHER_CTX_SET_IV +int +EVP_CIPHER_CTX_set_iv(EVP_CIPHER_CTX *ctx, const unsigned char *iv, size_t len) +{ + if (ctx == NULL) + return 0; + if (EVP_CIPHER_CTX_iv_length(ctx) < 0) + return 0; + if (len != (size_t)EVP_CIPHER_CTX_iv_length(ctx)) + return 0; + if (len > EVP_MAX_IV_LENGTH) + return 0; /* sanity check; shouldn't happen */ + /* + * Skip the memcpy entirely when the requested IV length is zero, + * since the iv pointer may be NULL or invalid. + */ + if (len != 0) { + if (iv == NULL) + return 0; +# ifdef HAVE_EVP_CIPHER_CTX_IV_NOCONST + memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), iv, len); +# else + memcpy(ctx->iv, iv, len); +# endif /* HAVE_EVP_CIPHER_CTX_IV_NOCONST */ + } + return 1; +} +#endif /* HAVE_EVP_CIPHER_CTX_SET_IV */ + +#ifndef HAVE_DSA_SIG_GET0 +void +DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps) +{ + if (pr != NULL) + *pr = sig->r; + if (ps != NULL) + *ps = sig->s; +} +#endif /* HAVE_DSA_SIG_GET0 */ + +#ifndef HAVE_DSA_SIG_SET0 +int +DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s) +{ + if (r == NULL || s == NULL) + return 0; + + BN_clear_free(sig->r); + sig->r = r; + BN_clear_free(sig->s); + sig->s = s; + + return 1; +} +#endif /* HAVE_DSA_SIG_SET0 */ + +#ifndef HAVE_ECDSA_SIG_GET0 +void +ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps) +{ + if (pr != NULL) + *pr = sig->r; + if (ps != NULL) + *ps = sig->s; +} +#endif /* HAVE_ECDSA_SIG_GET0 */ + +#ifndef HAVE_ECDSA_SIG_SET0 +int +ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s) +{ + if (r == NULL || s == NULL) + return 0; + + BN_clear_free(sig->r); + BN_clear_free(sig->s); + sig->r = r; + sig->s = s; + return 1; +} +#endif /* HAVE_ECDSA_SIG_SET0 */ + +#ifndef HAVE_DH_GET0_PQG +void +DH_get0_pqg(const DH *dh, const BIGNUM **p, const BIGNUM **q, const BIGNUM **g) +{ + if (p != NULL) + *p = dh->p; + if (q != NULL) + *q = dh->q; + if (g != NULL) + *g = dh->g; +} +#endif /* HAVE_DH_GET0_PQG */ + +#ifndef HAVE_DH_SET0_PQG +int +DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g) +{ + if ((dh->p == NULL && p == NULL) || (dh->g == NULL && g == NULL)) + return 0; + + if (p != NULL) { + BN_free(dh->p); + dh->p = p; + } + if (q != NULL) { + BN_free(dh->q); + dh->q = q; + } + if (g != NULL) { + BN_free(dh->g); + dh->g = g; + } + + return 1; +} +#endif /* HAVE_DH_SET0_PQG */ + +#ifndef HAVE_DH_GET0_KEY +void +DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key) +{ + if (pub_key != NULL) + *pub_key = dh->pub_key; + if (priv_key != NULL) + *priv_key = dh->priv_key; +} +#endif /* HAVE_DH_GET0_KEY */ + +#ifndef HAVE_DH_SET0_KEY +int +DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key) +{ + if (pub_key != NULL) { + BN_free(dh->pub_key); + dh->pub_key = pub_key; + } + if (priv_key != NULL) { + BN_free(dh->priv_key); + dh->priv_key = priv_key; + } + + return 1; +} +#endif /* HAVE_DH_SET0_KEY */ + +#ifndef HAVE_DH_SET_LENGTH +int +DH_set_length(DH *dh, long length) +{ + if (length < 0 || length > INT_MAX) + return 0; + + dh->length = length; + return 1; +} +#endif /* HAVE_DH_SET_LENGTH */ + +#ifndef HAVE_RSA_METH_FREE +void +RSA_meth_free(RSA_METHOD *meth) +{ + if (meth != NULL) { + free((char *)meth->name); + free(meth); + } +} +#endif /* HAVE_RSA_METH_FREE */ + +#ifndef HAVE_RSA_METH_DUP +RSA_METHOD * +RSA_meth_dup(const RSA_METHOD *meth) +{ + RSA_METHOD *copy; + + if ((copy = calloc(1, sizeof(*copy))) == NULL) + return NULL; + memcpy(copy, meth, sizeof(*copy)); + if ((copy->name = strdup(meth->name)) == NULL) { + free(copy); + return NULL; + } + + return copy; +} +#endif /* HAVE_RSA_METH_DUP */ + +#ifndef HAVE_RSA_METH_SET1_NAME +int +RSA_meth_set1_name(RSA_METHOD *meth, const char *name) +{ + char *copy; + + if ((copy = strdup(name)) == NULL) + return 0; + free((char *)meth->name); + meth->name = copy; + return 1; +} +#endif /* HAVE_RSA_METH_SET1_NAME */ + +#ifndef HAVE_RSA_METH_GET_FINISH +int +(*RSA_meth_get_finish(const RSA_METHOD *meth))(RSA *rsa) +{ + return meth->finish; +} +#endif /* HAVE_RSA_METH_GET_FINISH */ + +#ifndef HAVE_RSA_METH_SET_PRIV_ENC +int +RSA_meth_set_priv_enc(RSA_METHOD *meth, int (*priv_enc)(int flen, + const unsigned char *from, unsigned char *to, RSA *rsa, int padding)) +{ + meth->rsa_priv_enc = priv_enc; + return 1; +} +#endif /* HAVE_RSA_METH_SET_PRIV_ENC */ + +#ifndef HAVE_RSA_METH_SET_PRIV_DEC +int +RSA_meth_set_priv_dec(RSA_METHOD *meth, int (*priv_dec)(int flen, + const unsigned char *from, unsigned char *to, RSA *rsa, int padding)) +{ + meth->rsa_priv_dec = priv_dec; + return 1; +} +#endif /* HAVE_RSA_METH_SET_PRIV_DEC */ + +#ifndef HAVE_RSA_METH_SET_FINISH +int +RSA_meth_set_finish(RSA_METHOD *meth, int (*finish)(RSA *rsa)) +{ + meth->finish = finish; + return 1; +} +#endif /* HAVE_RSA_METH_SET_FINISH */ + +#ifndef HAVE_EVP_PKEY_GET0_RSA +RSA * +EVP_PKEY_get0_RSA(EVP_PKEY *pkey) +{ + if (pkey->type != EVP_PKEY_RSA) { + /* EVPerror(EVP_R_EXPECTING_AN_RSA_KEY); */ + return NULL; + } + return pkey->pkey.rsa; +} +#endif /* HAVE_EVP_PKEY_GET0_RSA */ + +#ifndef HAVE_EVP_MD_CTX_NEW +EVP_MD_CTX * +EVP_MD_CTX_new(void) +{ + return calloc(1, sizeof(EVP_MD_CTX)); +} +#endif /* HAVE_EVP_MD_CTX_NEW */ + +#ifndef HAVE_EVP_MD_CTX_FREE +void +EVP_MD_CTX_free(EVP_MD_CTX *ctx) +{ + if (ctx == NULL) + return; + + EVP_MD_CTX_cleanup(ctx); + + free(ctx); +} +#endif /* HAVE_EVP_MD_CTX_FREE */ + +#endif /* WITH_OPENSSL */ diff -urN ssh-orig/libressl-api-compat.h ssh/libressl-api-compat.h --- libressl-api-compat.h Thu Jan 1 10:00:00 1970 +++ libressl-api-compat.h Thu Apr 18 09:43:30 2019 @@ -0,0 +1,164 @@ +/* + * Copyright (c) 2005 Darren Tucker + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF MIND, USE, DATA OR PROFITS, WHETHER + * IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING + * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#ifndef _LIBRESSL_API_COMPAT_H +#define _LIBRESSL_API_COMPAT_H + +#ifdef WITH_OPENSSL + +#include +#include +#include +#include +#include +#include + +/* LibreSSL/OpenSSL 1.1x API compat */ +#ifndef HAVE_DSA_GET0_PQG +void DSA_get0_pqg(const DSA *d, const BIGNUM **p, const BIGNUM **q, + const BIGNUM **g); +#endif /* HAVE_DSA_GET0_PQG */ + +#ifndef HAVE_DSA_SET0_PQG +int DSA_set0_pqg(DSA *d, BIGNUM *p, BIGNUM *q, BIGNUM *g); +#endif /* HAVE_DSA_SET0_PQG */ + +#ifndef HAVE_DSA_GET0_KEY +void DSA_get0_key(const DSA *d, const BIGNUM **pub_key, + const BIGNUM **priv_key); +#endif /* HAVE_DSA_GET0_KEY */ + +#ifndef HAVE_DSA_SET0_KEY +int DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key); +#endif /* HAVE_DSA_SET0_KEY */ + +#ifndef HAVE_EVP_CIPHER_CTX_GET_IV +int EVP_CIPHER_CTX_get_iv(const EVP_CIPHER_CTX *ctx, + unsigned char *iv, size_t len); +#endif /* HAVE_EVP_CIPHER_CTX_GET_IV */ + +#ifndef HAVE_EVP_CIPHER_CTX_SET_IV +int EVP_CIPHER_CTX_set_iv(EVP_CIPHER_CTX *ctx, + const unsigned char *iv, size_t len); +#endif /* HAVE_EVP_CIPHER_CTX_SET_IV */ + +#ifndef HAVE_RSA_GET0_KEY +void RSA_get0_key(const RSA *r, const BIGNUM **n, const BIGNUM **e, + const BIGNUM **d); +#endif /* HAVE_RSA_GET0_KEY */ + +#ifndef HAVE_RSA_SET0_KEY +int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d); +#endif /* HAVE_RSA_SET0_KEY */ + +#ifndef HAVE_RSA_GET0_CRT_PARAMS +void RSA_get0_crt_params(const RSA *r, const BIGNUM **dmp1, const BIGNUM **dmq1, + const BIGNUM **iqmp); +#endif /* HAVE_RSA_GET0_CRT_PARAMS */ + +#ifndef HAVE_RSA_SET0_CRT_PARAMS +int RSA_set0_crt_params(RSA *r, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp); +#endif /* HAVE_RSA_SET0_CRT_PARAMS */ + +#ifndef HAVE_RSA_GET0_FACTORS +void RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q); +#endif /* HAVE_RSA_GET0_FACTORS */ + +#ifndef HAVE_RSA_SET0_FACTORS +int RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q); +#endif /* HAVE_RSA_SET0_FACTORS */ + +#ifndef DSA_SIG_GET0 +void DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps); +#endif /* DSA_SIG_GET0 */ + +#ifndef DSA_SIG_SET0 +int DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s); +#endif /* DSA_SIG_SET0 */ + +#ifndef HAVE_ECDSA_SIG_GET0 +void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps); +#endif /* HAVE_ECDSA_SIG_GET0 */ + +#ifndef HAVE_ECDSA_SIG_SET0 +int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s); +#endif /* HAVE_ECDSA_SIG_SET0 */ + +#ifndef HAVE_DH_GET0_PQG +void DH_get0_pqg(const DH *dh, const BIGNUM **p, const BIGNUM **q, + const BIGNUM **g); +#endif /* HAVE_DH_GET0_PQG */ + +#ifndef HAVE_DH_SET0_PQG +int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g); +#endif /* HAVE_DH_SET0_PQG */ + +#ifndef HAVE_DH_GET0_KEY +void DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key); +#endif /* HAVE_DH_GET0_KEY */ + +#ifndef HAVE_DH_SET0_KEY +int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key); +#endif /* HAVE_DH_SET0_KEY */ + +#ifndef HAVE_DH_SET_LENGTH +int DH_set_length(DH *dh, long length); +#endif /* HAVE_DH_SET_LENGTH */ + +#ifndef HAVE_RSA_METH_FREE +void RSA_meth_free(RSA_METHOD *meth); +#endif /* HAVE_RSA_METH_FREE */ + +#ifndef HAVE_RSA_METH_DUP +RSA_METHOD *RSA_meth_dup(const RSA_METHOD *meth); +#endif /* HAVE_RSA_METH_DUP */ + +#ifndef HAVE_RSA_METH_SET1_NAME +int RSA_meth_set1_name(RSA_METHOD *meth, const char *name); +#endif /* HAVE_RSA_METH_SET1_NAME */ + +#ifndef HAVE_RSA_METH_GET_FINISH +int (*RSA_meth_get_finish(const RSA_METHOD *meth))(RSA *rsa); +#endif /* HAVE_RSA_METH_GET_FINISH */ + +#ifndef HAVE_RSA_METH_SET_PRIV_ENC +int RSA_meth_set_priv_enc(RSA_METHOD *meth, int (*priv_enc)(int flen, + const unsigned char *from, unsigned char *to, RSA *rsa, int padding)); +#endif /* HAVE_RSA_METH_SET_PRIV_ENC */ + +#ifndef HAVE_RSA_METH_SET_PRIV_DEC +int RSA_meth_set_priv_dec(RSA_METHOD *meth, int (*priv_dec)(int flen, + const unsigned char *from, unsigned char *to, RSA *rsa, int padding)); +#endif /* HAVE_RSA_METH_SET_PRIV_DEC */ + +#ifndef HAVE_RSA_METH_SET_FINISH +int RSA_meth_set_finish(RSA_METHOD *meth, int (*finish)(RSA *rsa)); +#endif /* HAVE_RSA_METH_SET_FINISH */ + +#ifndef HAVE_EVP_PKEY_GET0_RSA +RSA *EVP_PKEY_get0_RSA(EVP_PKEY *pkey); +#endif /* HAVE_EVP_PKEY_GET0_RSA */ + +#ifndef HAVE_EVP_MD_CTX_new +EVP_MD_CTX *EVP_MD_CTX_new(void); +#endif /* HAVE_EVP_MD_CTX_new */ + +#ifndef HAVE_EVP_MD_CTX_free +void EVP_MD_CTX_free(EVP_MD_CTX *ctx); +#endif /* HAVE_EVP_MD_CTX_free */ + +#endif /* WITH_OPENSSL */ +#endif /* _LIBRESSL_API_COMPAT_H */ diff -urN ssh-orig/monitor.c ssh/monitor.c --- monitor.c Mon Jan 21 21:38:54 2019 +++ monitor.c Thu Apr 18 09:43:30 2019 @@ -35,6 +35,8 @@ #include #endif +#include "libressl-api-compat.h" + #include #include #include diff -urN ssh-orig/ssh-dss.c ssh/ssh-dss.c --- ssh-dss.c Thu Sep 13 12:08:33 2018 +++ ssh-dss.c Thu Apr 18 09:43:30 2019 @@ -30,6 +30,8 @@ #include +#include "libressl-api-compat.h" + #include "sshbuf.h" #include "compat.h" #include "ssherr.h" diff -urN ssh-orig/ssh-ecdsa.c ssh/ssh-ecdsa.c --- ssh-ecdsa.c Mon Jan 21 20:54:11 2019 +++ ssh-ecdsa.c Thu Apr 18 09:43:30 2019 @@ -33,6 +33,8 @@ #include +#include "libressl-api-compat.h" + #include "sshbuf.h" #include "ssherr.h" #include "digest.h" diff -urN ssh-orig/ssh-keygen.c ssh/ssh-keygen.c --- ssh-keygen.c Tue Mar 26 03:19:44 2019 +++ ssh-keygen.c Thu Apr 18 09:43:30 2019 @@ -30,6 +30,8 @@ #include #include +#include "libressl-api-compat.h" + #include "xmalloc.h" #include "sshkey.h" #include "authfile.h" diff -urN ssh-orig/ssh-pkcs11-client.c ssh/ssh-pkcs11-client.c --- ssh-pkcs11-client.c Mon Jan 21 23:53:35 2019 +++ ssh-pkcs11-client.c Thu Apr 18 09:47:48 2019 @@ -28,6 +28,8 @@ #include #include +#include "libressl-api-compat.h" + #include "pathnames.h" #include "xmalloc.h" #include "sshbuf.h" @@ -155,6 +157,7 @@ return (ret); } +#if 0 static ECDSA_SIG * ecdsa_do_sign(const unsigned char *dgst, int dgst_len, const BIGNUM *inv, const BIGNUM *rp, EC_KEY *ec) @@ -211,9 +214,12 @@ sshbuf_free(msg); return (ret); } +#endif static RSA_METHOD *helper_rsa; +#if 0 static EC_KEY_METHOD *helper_ecdsa; +#endif /* redirect private key crypto operations to the ssh-pkcs11-helper */ static void @@ -221,8 +227,10 @@ { if (k->type == KEY_RSA) RSA_set_method(k->rsa, helper_rsa); +#if 0 else if (k->type == KEY_ECDSA) EC_KEY_set_method(k->ecdsa, helper_ecdsa); +#endif else fatal("%s: unknown key type", __func__); } @@ -230,9 +238,10 @@ static int pkcs11_start_helper_methods(void) { - if (helper_ecdsa != NULL) + if (helper_rsa != NULL) return (0); +#if 0 int (*orig_sign)(int, const unsigned char *, int, unsigned char *, unsigned int *, const BIGNUM *, const BIGNUM *, EC_KEY *) = NULL; if (helper_ecdsa != NULL) @@ -242,6 +251,7 @@ return (-1); EC_KEY_METHOD_get_sign(helper_ecdsa, &orig_sign, NULL, NULL); EC_KEY_METHOD_set_sign(helper_ecdsa, orig_sign, NULL, ecdsa_do_sign); +#endif if ((helper_rsa = RSA_meth_dup(RSA_get_default_method())) == NULL) fatal("%s: RSA_meth_dup failed", __func__); diff -urN ssh-orig/ssh-pkcs11.c ssh/ssh-pkcs11.c --- ssh-pkcs11.c Sat Mar 9 04:24:43 2019 +++ ssh-pkcs11.c Thu Apr 18 09:57:11 2019 @@ -32,6 +32,8 @@ #define CRYPTOKI_COMPAT #include "pkcs11.h" +#include "libressl-api-compat.h" + #include "log.h" #include "misc.h" #include "sshkey.h" @@ -68,7 +70,7 @@ int pkcs11_interactive = 0; -#ifdef HAVE_DLOPEN +#if 0 static void ossl_error(const char *msg) { @@ -183,8 +185,10 @@ #ifdef HAVE_DLOPEN static RSA_METHOD *rsa_method; static int rsa_idx = 0; +#if 0 static EC_KEY_METHOD *ec_key_method; static int ec_key_idx = 0; +#endif /* release a wrapped object */ static void @@ -474,6 +478,7 @@ return (0); } +#if 0 /* openssl callback doing the actual signing operation */ static ECDSA_SIG * ecdsa_do_sign(const unsigned char *dgst, int dgst_len, const BIGNUM *inv, @@ -585,6 +590,7 @@ return (0); } +#endif /* remove trailing spaces */ static void @@ -680,6 +686,7 @@ return (0); } +#if 0 static struct sshkey * pkcs11_fetch_ecdsa_pubkey(struct pkcs11_provider *p, CK_ULONG slotidx, CK_OBJECT_HANDLE *obj) @@ -802,6 +809,7 @@ return (key); } +#endif static struct sshkey * pkcs11_fetch_rsa_pubkey(struct pkcs11_provider *p, CK_ULONG slotidx, @@ -906,7 +914,9 @@ EC_KEY *ec = NULL; struct sshkey *key = NULL; int i; +#if 0 int nid; +#endif const u_char *cp; memset(&cert_attr, 0, sizeof(cert_attr)); @@ -988,6 +998,7 @@ key->type = KEY_RSA; key->flags |= SSHKEY_FLAG_EXT; rsa = NULL; /* now owned by key */ +#if 0 } else if (EVP_PKEY_base_id(evp) == EVP_PKEY_EC) { if (EVP_PKEY_get0_EC_KEY(evp) == NULL) { error("invalid x509; no ec key"); @@ -1018,6 +1029,7 @@ key->type = KEY_ECDSA; key->flags |= SSHKEY_FLAG_EXT; ec = NULL; /* now owned by key */ +#endif } else error("unknown certificate key type"); @@ -1202,9 +1214,11 @@ case CKK_RSA: key = pkcs11_fetch_rsa_pubkey(p, slotidx, &obj); break; +#if 0 case CKK_ECDSA: key = pkcs11_fetch_ecdsa_pubkey(p, slotidx, &obj); break; +#endif default: /* XXX print key type? */ key = NULL; diff -urN ssh-orig/ssh-rsa.c ssh/ssh-rsa.c --- ssh-rsa.c Thu Sep 13 12:08:33 2018 +++ ssh-rsa.c Thu Apr 18 09:43:30 2019 @@ -22,6 +22,8 @@ #include +#include "libressl-api-compat.h" + #include "sshbuf.h" #include "compat.h" #include "ssherr.h" diff -urN ssh-orig/sshkey.c ssh/sshkey.c --- sshkey.c Mon Jan 21 20:54:11 2019 +++ sshkey.c Thu Apr 18 09:43:30 2019 @@ -34,6 +34,8 @@ #include #endif +#include "libressl-api-compat.h" + #include "crypto_api.h" #include