Commit 48f54b9d authored by Damien Miller's avatar Damien Miller

adapt -portable to OpenSSL 1.1x API

Polyfill missing API with replacement functions extracted from LibreSSL
parent 86112951
......@@ -128,6 +128,10 @@ extern u_int utmp_len;
typedef pthread_t sp_pthread_t;
#else
typedef pid_t sp_pthread_t;
#define pthread_exit fake_pthread_exit
#define pthread_create fake_pthread_create
#define pthread_cancel fake_pthread_cancel
#define pthread_join fake_pthread_join
#endif
struct pam_ctxt {
......
......@@ -525,41 +525,3 @@ cipher_set_keyiv(struct sshcipher_ctx *cc, const u_char *iv, size_t len)
#endif
return 0;
}
#ifdef WITH_OPENSSL
#define EVP_X_STATE(evp) (evp)->cipher_data
#define EVP_X_STATE_LEN(evp) (evp)->cipher->ctx_size
#endif
int
cipher_get_keycontext(const struct sshcipher_ctx *cc, u_char *dat)
{
#if defined(WITH_OPENSSL) && !defined(OPENSSL_NO_RC4)
const struct sshcipher *c = cc->cipher;
int plen = 0;
if (c->evptype == EVP_rc4) {
plen = EVP_X_STATE_LEN(cc->evp);
if (dat == NULL)
return (plen);
memcpy(dat, EVP_X_STATE(cc->evp), plen);
}
return (plen);
#else
return 0;
#endif
}
void
cipher_set_keycontext(struct sshcipher_ctx *cc, const u_char *dat)
{
#if defined(WITH_OPENSSL) && !defined(OPENSSL_NO_RC4)
const struct sshcipher *c = cc->cipher;
int plen;
if (c->evptype == EVP_rc4) {
plen = EVP_X_STATE_LEN(cc->evp);
memcpy(EVP_X_STATE(cc->evp), dat, plen);
}
#endif
}
......@@ -2602,9 +2602,10 @@ if test "x$openssl" = "xyes" ; then
AC_MSG_ERROR([OpenSSL >= 1.0.1 required (have "$ssl_library_ver")])
;;
100*) ;; # 1.0.x
101*) ;; # 1.1.x
200*) ;; # LibreSSL
*)
AC_MSG_ERROR([OpenSSL >= 1.1.0 is not yet supported (have "$ssl_library_ver")])
AC_MSG_ERROR([OpenSSL > 1.1.x is not yet supported (have "$ssl_library_ver")])
;;
esac
AC_MSG_RESULT([$ssl_library_ver])
......@@ -2777,6 +2778,115 @@ if test "x$openssl" = "xyes" ; then
[AC_DEFINE([HAVE_EVP_CIPHER_CTX_CTRL], [1],
[Define if libcrypto has EVP_CIPHER_CTX_ctrl])])
# LibreSSL/OpenSSL 1.1x API
AC_SEARCH_LIBS([DH_get0_key], [crypto],
[AC_DEFINE([HAVE_DH_GET0_KEY], [1],
[Define if libcrypto has DH_get0_key])])
AC_SEARCH_LIBS([DH_get0_pqg], [crypto],
[AC_DEFINE([HAVE_DH_GET0_PQG], [1],
[Define if libcrypto has DH_get0_pqg])])
AC_SEARCH_LIBS([DH_set0_key], [crypto],
[AC_DEFINE([HAVE_DH_SET0_KEY], [1],
[Define if libcrypto has DH_set0_key])])
AC_SEARCH_LIBS([DH_set_length], [crypto],
[AC_DEFINE([HAVE_DH_SET_LENGTH], [1],
[Define if libcrypto has DH_set_length])])
AC_SEARCH_LIBS([DH_set0_pqg], [crypto],
[AC_DEFINE([HAVE_DH_SET0_PQG], [1],
[Define if libcrypto has DH_set0_pqg])])
AC_SEARCH_LIBS([DSA_get0_key], [crypto],
[AC_DEFINE([HAVE_DSA_GET0_KEY], [1],
[Define if libcrypto has DSA_get0_key])])
AC_SEARCH_LIBS([DSA_get0_pqg], [crypto],
[AC_DEFINE([HAVE_DSA_GET0_PQG], [1],
[Define if libcrypto has DSA_get0_pqg])])
AC_SEARCH_LIBS([DSA_set0_key], [crypto],
[AC_DEFINE([HAVE_DSA_SET0_KEY], [1],
[Define if libcrypto has DSA_set0_key])])
AC_SEARCH_LIBS([DSA_set0_pqg], [crypto],
[AC_DEFINE([HAVE_DSA_SET0_PQG], [1],
[Define if libcrypto has DSA_set0_pqg])])
AC_SEARCH_LIBS([DSA_SIG_get0], [crypto],
[AC_DEFINE([HAVE_DSA_SIG_GET0], [1],
[Define if libcrypto has DSA_SIG_get0])])
AC_SEARCH_LIBS([DSA_SIG_set0], [crypto],
[AC_DEFINE([HAVE_DSA_SIG_SET0], [1],
[Define if libcrypto has DSA_SIG_set0])])
AC_SEARCH_LIBS([ECDSA_SIG_get0], [crypto],
[AC_DEFINE([HAVE_ECDSA_SIG_GET0], [1],
[Define if libcrypto has ECDSA_SIG_get0])])
AC_SEARCH_LIBS([ECDSA_SIG_set0], [crypto],
[AC_DEFINE([HAVE_ECDSA_SIG_SET0], [1],
[Define if libcrypto has ECDSA_SIG_set0])])
AC_SEARCH_LIBS([EVP_CIPHER_CTX_iv], [crypto],
[AC_DEFINE([HAVE_EVP_CIPHER_CTX_IV], [1],
[Define if libcrypto has EVP_CIPHER_CTX_iv])])
AC_SEARCH_LIBS([EVP_CIPHER_CTX_iv_noconst], [crypto],
[AC_DEFINE([HAVE_EVP_CIPHER_CTX_IV_NOCONST], [1],
[Define if libcrypto has EVP_CIPHER_CTX_iv_noconst])])
AC_SEARCH_LIBS([EVP_CIPHER_CTX_get_iv], [crypto],
[AC_DEFINE([HAVE_EVP_CIPHER_CTX_GET_IV], [1],
[Define if libcrypto has EVP_CIPHER_CTX_get_iv])])
AC_SEARCH_LIBS([EVP_CIPHER_CTX_set_iv], [crypto],
[AC_DEFINE([HAVE_EVP_CIPHER_CTX_GET_IV], [1],
[Define if libcrypto has EVP_CIPHER_CTX_set_iv])])
AC_SEARCH_LIBS([RSA_get0_crt_params], [crypto],
[AC_DEFINE([HAVE_RSA_GET0_CRT_PARAMS], [1],
[Define if libcrypto has RSA_get0_crt_params])])
AC_SEARCH_LIBS([RSA_get0_factors], [crypto],
[AC_DEFINE([HAVE_RSA_GET0_FACTORS], [1],
[Define if libcrypto has RSA_get0_factors])])
AC_SEARCH_LIBS([RSA_get0_key], [crypto],
[AC_DEFINE([HAVE_RSA_GET0_KEY], [1],
[Define if libcrypto has RSA_get0_key])])
AC_SEARCH_LIBS([RSA_set0_crt_params], [crypto],
[AC_DEFINE([HAVE_RSA_SET0_CRT_PARAMS], [1],
[Define if libcrypto has RSA_get0_srt_params])])
AC_SEARCH_LIBS([RSA_set0_factors], [crypto],
[AC_DEFINE([HAVE_RSA_SET0_FACTORS], [1],
[Define if libcrypto has RSA_set0_factors])])
AC_SEARCH_LIBS([RSA_set0_key], [crypto],
[AC_DEFINE([HAVE_RSA_SET0_KEY], [1],
[Define if libcrypto has RSA_set0_key])])
AC_SEARCH_LIBS([RSA_meth_free], [crypto],
[AC_DEFINE([HAVE_RSA_METH_FREE], [1],
[Define if libcrypto has RSA_meth_free])])
AC_SEARCH_LIBS([RSA_meth_dup], [crypto],
[AC_DEFINE([HAVE_RSA_METH_DUP], [1],
[Define if libcrypto has RSA_meth_dup])])
AC_SEARCH_LIBS([RSA_meth_set1_name], [crypto],
[AC_DEFINE([HAVE_RSA_METH_SET1_NAME], [1],
[Define if libcrypto has RSA_meth_set1_name])])
AC_SEARCH_LIBS([RSA_meth_get_finish], [crypto],
[AC_DEFINE([HAVE_RSA_METH_GET_FINISH], [1],
[Define if libcrypto has RSA_meth_get_finish])])
AC_SEARCH_LIBS([RSA_meth_set_priv_enc], [crypto],
[AC_DEFINE([HAVE_RSA_METH_SET_PRIV_ENC], [1],
[Define if libcrypto has RSA_meth_set_priv_enc])])
AC_SEARCH_LIBS([RSA_meth_set_priv_dec], [crypto],
[AC_DEFINE([HAVE_RSA_METH_SET_PRIV_DEC], [1],
[Define if libcrypto has RSA_meth_set_priv_dec])])
AC_SEARCH_LIBS([RSA_meth_set_finish], [crypto],
[AC_DEFINE([HAVE_RSA_METH_SET_FINISH], [1],
[Define if libcrypto has RSA_meth_set_finish])])
AC_SEARCH_LIBS([EVP_PKEY_get0_RSA], [crypto],
[AC_DEFINE([HAVE_EVP_PKEY_GET0_RSA], [1],
[Define if libcrypto has EVP_PKEY_get0_RSA])])
AC_SEARCH_LIBS([EVP_MD_CTX_new], [crypto],
[AC_DEFINE([HAVE_EVP_MD_CTX_NEW], [1],
[Define if libcrypto has EVP_MD_CTX_new])])
AC_SEARCH_LIBS([EVP_MD_CTX_free], [crypto],
[AC_DEFINE([HAVE_EVP_MD_CTX_FREE], [1],
[Define if libcrypto has EVP_MD_CTX_free])])
AC_MSG_CHECKING([if EVP_DigestUpdate returns an int])
AC_LINK_IFELSE(
[AC_LANG_PROGRAM([[
......
......@@ -43,6 +43,8 @@
#include "misc.h"
#include "ssherr.h"
#include "openbsd-compat/openssl-compat.h"
static int
parse_prime(int linenum, char *line, struct dhgroup *dhg)
{
......
......@@ -33,6 +33,8 @@
#include <openssl/evp.h>
#include "openbsd-compat/openssl-compat.h"
#include "ssh2.h"
#include "sshkey.h"
#include "cipher.h"
......
......@@ -36,6 +36,8 @@
#include <string.h>
#include <signal.h>
#include "openbsd-compat/openssl-compat.h"
#include "sshkey.h"
#include "cipher.h"
#include "digest.h"
......
......@@ -35,6 +35,8 @@
#include <openssl/dh.h>
#include "openbsd-compat/openssl-compat.h"
#include "sshkey.h"
#include "cipher.h"
#include "digest.h"
......
......@@ -33,6 +33,8 @@
#include <openssl/evp.h>
#include <signal.h>
#include "openbsd-compat/openssl-compat.h"
#include "sshkey.h"
#include "cipher.h"
#include "kex.h"
......
......@@ -37,6 +37,8 @@
#include <string.h>
#include <signal.h>
#include "openbsd-compat/openssl-compat.h"
#include "sshkey.h"
#include "cipher.h"
#include "digest.h"
......
......@@ -36,6 +36,8 @@
#include <openssl/dh.h>
#include "openbsd-compat/openssl-compat.h"
#include "sshkey.h"
#include "cipher.h"
#include "digest.h"
......
......@@ -29,7 +29,6 @@
#include <sys/types.h>
#include <sys/socket.h>
#include "openbsd-compat/sys-tree.h"
#include <sys/wait.h>
#include <errno.h>
......@@ -60,7 +59,10 @@
#include <openssl/dh.h>
#endif
#include "openbsd-compat/sys-tree.h"
#include "openbsd-compat/sys-queue.h"
#include "openbsd-compat/openssl-compat.h"
#include "atomicio.h"
#include "xmalloc.h"
#include "ssh.h"
......
......@@ -85,6 +85,7 @@ COMPAT= arc4random.o \
getrrsetbyname-ldns.o \
kludge-fd_set.o \
openssl-compat.o \
libressl-api-compat.o \
xcrypt.o
PORTS= port-aix.o \
......
This diff is collapsed.
......@@ -24,6 +24,8 @@
#include <openssl/evp.h>
#include <openssl/rsa.h>
#include <openssl/dsa.h>
#include <openssl/ecdsa.h>
#include <openssl/dh.h>
int ssh_compatible_openssl(long, long);
......@@ -96,5 +98,139 @@ void ssh_OpenSSL_add_all_algorithms(void);
#endif /* SSH_DONT_OVERLOAD_OPENSSL_FUNCS */
/* LibreSSL/OpenSSL 1.1x API compat */
#ifndef HAVE_DSA_GET0_PQG
void DSA_get0_pqg(const DSA *d, const BIGNUM **p, const BIGNUM **q,
const BIGNUM **g);
#endif /* HAVE_DSA_GET0_PQG */
#ifndef HAVE_DSA_SET0_PQG
int DSA_set0_pqg(DSA *d, BIGNUM *p, BIGNUM *q, BIGNUM *g);
#endif /* HAVE_DSA_SET0_PQG */
#ifndef HAVE_DSA_GET0_KEY
void DSA_get0_key(const DSA *d, const BIGNUM **pub_key,
const BIGNUM **priv_key);
#endif /* HAVE_DSA_GET0_KEY */
#ifndef HAVE_DSA_SET0_KEY
int DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key);
#endif /* HAVE_DSA_SET0_KEY */
#ifndef HAVE_EVP_CIPHER_CTX_GET_IV
int EVP_CIPHER_CTX_get_iv(const EVP_CIPHER_CTX *ctx,
unsigned char *iv, size_t len);
#endif /* HAVE_EVP_CIPHER_CTX_GET_IV */
#ifndef HAVE_EVP_CIPHER_CTX_SET_IV
int EVP_CIPHER_CTX_set_iv(EVP_CIPHER_CTX *ctx,
const unsigned char *iv, size_t len);
#endif /* HAVE_EVP_CIPHER_CTX_SET_IV */
#ifndef HAVE_RSA_GET0_KEY
void RSA_get0_key(const RSA *r, const BIGNUM **n, const BIGNUM **e,
const BIGNUM **d);
#endif /* HAVE_RSA_GET0_KEY */
#ifndef HAVE_RSA_SET0_KEY
int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d);
#endif /* HAVE_RSA_SET0_KEY */
#ifndef HAVE_RSA_GET0_CRT_PARAMS
void RSA_get0_crt_params(const RSA *r, const BIGNUM **dmp1, const BIGNUM **dmq1,
const BIGNUM **iqmp);
#endif /* HAVE_RSA_GET0_CRT_PARAMS */
#ifndef HAVE_RSA_SET0_CRT_PARAMS
int RSA_set0_crt_params(RSA *r, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp);
#endif /* HAVE_RSA_SET0_CRT_PARAMS */
#ifndef HAVE_RSA_GET0_FACTORS
void RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q);
#endif /* HAVE_RSA_GET0_FACTORS */
#ifndef HAVE_RSA_SET0_FACTORS
int RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q);
#endif /* HAVE_RSA_SET0_FACTORS */
#ifndef DSA_SIG_GET0
void DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps);
#endif /* DSA_SIG_GET0 */
#ifndef DSA_SIG_SET0
int DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s);
#endif /* DSA_SIG_SET0 */
#ifndef HAVE_ECDSA_SIG_GET0
void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps);
#endif /* HAVE_ECDSA_SIG_GET0 */
#ifndef HAVE_ECDSA_SIG_SET0
int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s);
#endif /* HAVE_ECDSA_SIG_SET0 */
#ifndef HAVE_DH_GET0_PQG
void DH_get0_pqg(const DH *dh, const BIGNUM **p, const BIGNUM **q,
const BIGNUM **g);
#endif /* HAVE_DH_GET0_PQG */
#ifndef HAVE_DH_SET0_PQG
int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g);
#endif /* HAVE_DH_SET0_PQG */
#ifndef HAVE_DH_GET0_KEY
void DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key);
#endif /* HAVE_DH_GET0_KEY */
#ifndef HAVE_DH_SET0_KEY
int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key);
#endif /* HAVE_DH_SET0_KEY */
#ifndef HAVE_DH_SET_LENGTH
int DH_set_length(DH *dh, long length);
#endif /* HAVE_DH_SET_LENGTH */
#ifndef HAVE_RSA_METH_FREE
void RSA_meth_free(RSA_METHOD *meth);
#endif /* HAVE_RSA_METH_FREE */
#ifndef HAVE_RSA_METH_DUP
RSA_METHOD *RSA_meth_dup(const RSA_METHOD *meth);
#endif /* HAVE_RSA_METH_DUP */
#ifndef HAVE_RSA_METH_SET1_NAME
int RSA_meth_set1_name(RSA_METHOD *meth, const char *name);
#endif /* HAVE_RSA_METH_SET1_NAME */
#ifndef HAVE_RSA_METH_GET_FINISH
int (*RSA_meth_get_finish(const RSA_METHOD *meth))(RSA *rsa);
#endif /* HAVE_RSA_METH_GET_FINISH */
#ifndef HAVE_RSA_METH_SET_PRIV_ENC
int RSA_meth_set_priv_enc(RSA_METHOD *meth, int (*priv_enc)(int flen,
const unsigned char *from, unsigned char *to, RSA *rsa, int padding));
#endif /* HAVE_RSA_METH_SET_PRIV_ENC */
#ifndef HAVE_RSA_METH_SET_PRIV_DEC
int RSA_meth_set_priv_dec(RSA_METHOD *meth, int (*priv_dec)(int flen,
const unsigned char *from, unsigned char *to, RSA *rsa, int padding));
#endif /* HAVE_RSA_METH_SET_PRIV_DEC */
#ifndef HAVE_RSA_METH_SET_FINISH
int RSA_meth_set_finish(RSA_METHOD *meth, int (*finish)(RSA *rsa));
#endif /* HAVE_RSA_METH_SET_FINISH */
#ifndef HAVE_EVP_PKEY_GET0_RSA
RSA *EVP_PKEY_get0_RSA(EVP_PKEY *pkey);
#endif /* HAVE_EVP_PKEY_GET0_RSA */
#ifndef HAVE_EVP_MD_CTX_new
EVP_MD_CTX *EVP_MD_CTX_new(void);
#endif /* HAVE_EVP_MD_CTX_new */
#ifndef HAVE_EVP_MD_CTX_free
void EVP_MD_CTX_free(EVP_MD_CTX *ctx);
#endif /* HAVE_EVP_MD_CTX_free */
#endif /* WITH_OPENSSL */
#endif /* _OPENSSL_COMPAT_H */
......@@ -43,6 +43,8 @@
#define SSHKEY_INTERNAL
#include "sshkey.h"
#include "openbsd-compat/openssl-compat.h"
#define INTBLOB_LEN 20
#define SIGBLOB_LEN (2*INTBLOB_LEN)
......
......@@ -43,6 +43,8 @@
#define SSHKEY_INTERNAL
#include "sshkey.h"
#include "openbsd-compat/openssl-compat.h"
/* ARGSUSED */
int
ssh_ecdsa_sign(const struct sshkey *key, u_char **sigp, size_t *lenp,
......
......@@ -32,6 +32,8 @@
#include <openssl/rsa.h>
#include "openbsd-compat/openssl-compat.h"
#include "pathnames.h"
#include "xmalloc.h"
#include "sshbuf.h"
......
......@@ -30,6 +30,7 @@
#include <dlfcn.h>
#include "openbsd-compat/sys-queue.h"
#include "openbsd-compat/openssl-compat.h"
#include <openssl/x509.h>
......
......@@ -35,6 +35,8 @@
#include "digest.h"
#include "log.h"
#include "openbsd-compat/openssl-compat.h"
static int openssh_RSA_verify(int, u_char *, size_t, u_char *, size_t, RSA *);
static const char *
......
......@@ -60,6 +60,8 @@
#include "xmss_fast.h"
#include "openbsd-compat/openssl-compat.h"
/* openssh private key file format */
#define MARK_BEGIN "-----BEGIN OPENSSH PRIVATE KEY-----\n"
#define MARK_END "-----END OPENSSH PRIVATE KEY-----\n"
......@@ -1744,7 +1746,6 @@ int
sshkey_from_private(const struct sshkey *k, struct sshkey **pkp)
{
struct sshkey *n = NULL;
int ret = SSH_ERR_INTERNAL_ERROR;
int r = SSH_ERR_INTERNAL_ERROR;
#ifdef WITH_OPENSSL
const BIGNUM *rsa_n, *rsa_e;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment