summaryrefslogtreecommitdiffstats
path: root/meta/recipes-connectivity/openssh
diff options
context:
space:
mode:
authorSudip Mukherjee <sudipm.mukherjee@gmail.com>2023-09-02 15:24:15 +0100
committerRichard Purdie <richard.purdie@linuxfoundation.org>2023-09-03 10:34:20 +0100
commite4ac4b116cca421d55c845cdcf5d018ae20561de (patch)
tree1abe587784876b4519d1bd36b60233a7b197b886 /meta/recipes-connectivity/openssh
parente2d82c3691fe932360b9af21a023b6460f815132 (diff)
downloadpoky-e4ac4b116cca421d55c845cdcf5d018ae20561de.tar.gz
openssh: upgrade to v9.4p1
Changes: Update sha256sum Remove backported patch (From OE-Core rev: 51a6e56fcb28ec97ba3a4b40bbcd3d64e6d390d5) Signed-off-by: Sudip Mukherjee <sudipm.mukherjee@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-connectivity/openssh')
-rw-r--r--meta/recipes-connectivity/openssh/openssh/7280401bdd77ca54be6867a154cc01e0d72612e0.patch994
-rw-r--r--meta/recipes-connectivity/openssh/openssh_9.4p1.bb (renamed from meta/recipes-connectivity/openssh/openssh_9.3p2.bb)3
2 files changed, 1 insertions, 996 deletions
diff --git a/meta/recipes-connectivity/openssh/openssh/7280401bdd77ca54be6867a154cc01e0d72612e0.patch b/meta/recipes-connectivity/openssh/openssh/7280401bdd77ca54be6867a154cc01e0d72612e0.patch
deleted file mode 100644
index 4c8aa085f3..0000000000
--- a/meta/recipes-connectivity/openssh/openssh/7280401bdd77ca54be6867a154cc01e0d72612e0.patch
+++ /dev/null
@@ -1,994 +0,0 @@
1From 7280401bdd77ca54be6867a154cc01e0d72612e0 Mon Sep 17 00:00:00 2001
2From: Damien Miller <djm@mindrot.org>
3Date: Fri, 24 Mar 2023 13:56:25 +1100
4Subject: [PATCH] remove support for old libcrypto
5
6OpenSSH now requires LibreSSL 3.1.0 or greater or
7OpenSSL 1.1.1 or greater
8
9with/ok dtucker@
10
11Upstream-Status: Backport [https://github.com/openssh/openssh-portable/commit/7280401bdd77ca54be6867a154cc01e0d72612e0]
12Comment: Hunks are refreshed.
13Signed-off-by: Riyaz Khan <Riyaz.Khan@kpit.com>
14
15---
16 .github/workflows/c-cpp.yml | 7 -
17 INSTALL | 8 +-
18 cipher-aes.c | 2 +-
19 configure.ac | 96 ++---
20 openbsd-compat/libressl-api-compat.c | 556 +--------------------------
21 openbsd-compat/openssl-compat.h | 151 +-------
22 6 files changed, 40 insertions(+), 780 deletions(-)
23
24diff --git a/.github/workflows/c-cpp.yml b/.github/workflows/c-cpp.yml
25index 3d9aa22dba5..d299a32468d 100644
26--- a/.github/workflows/c-cpp.yml
27+++ b/.github/workflows/c-cpp.yml
28@@ -47,9 +47,6 @@ jobs:
29 - { target: ubuntu-20.04, config: tcmalloc }
30 - { target: ubuntu-20.04, config: musl }
31 - { target: ubuntu-latest, config: libressl-master }
32- - { target: ubuntu-latest, config: libressl-2.2.9 }
33- - { target: ubuntu-latest, config: libressl-2.8.3 }
34- - { target: ubuntu-latest, config: libressl-3.0.2 }
35 - { target: ubuntu-latest, config: libressl-3.2.6 }
36 - { target: ubuntu-latest, config: libressl-3.3.6 }
37 - { target: ubuntu-latest, config: libressl-3.4.3 }
38@@ -58,10 +55,6 @@ jobs:
39 - { target: ubuntu-latest, config: libressl-3.7.0 }
40 - { target: ubuntu-latest, config: openssl-master }
41 - { target: ubuntu-latest, config: openssl-noec }
42- - { target: ubuntu-latest, config: openssl-1.0.1 }
43- - { target: ubuntu-latest, config: openssl-1.0.1u }
44- - { target: ubuntu-latest, config: openssl-1.0.2u }
45- - { target: ubuntu-latest, config: openssl-1.1.0h }
46 - { target: ubuntu-latest, config: openssl-1.1.1 }
47 - { target: ubuntu-latest, config: openssl-1.1.1k }
48 - { target: ubuntu-latest, config: openssl-1.1.1n }
49diff --git a/INSTALL b/INSTALL
50index 68b15e13190..f99d1e2a809 100644
51--- a/INSTALL
52+++ b/INSTALL
53@@ -21,12 +21,8 @@ https://zlib.net/
54
55 libcrypto from either of LibreSSL or OpenSSL. Building without libcrypto
56 is supported but severely restricts the available ciphers and algorithms.
57- - LibreSSL (https://www.libressl.org/)
58- - OpenSSL (https://www.openssl.org) with any of the following versions:
59- - 1.0.x >= 1.0.1 or 1.1.0 >= 1.1.0g or any 1.1.1
60-
61-Note that due to a bug in EVP_CipherInit OpenSSL 1.1 versions prior to
62-1.1.0g can't be used.
63+ - LibreSSL (https://www.libressl.org/) 3.1.0 or greater
64+ - OpenSSL (https://www.openssl.org) 1.1.1 or greater
65
66 LibreSSL/OpenSSL should be compiled as a position-independent library
67 (i.e. -fPIC, eg by configuring OpenSSL as "./config [options] -fPIC"
68diff --git a/cipher-aes.c b/cipher-aes.c
69index 8b101727284..87c763353d8 100644
70--- a/cipher-aes.c
71+++ b/cipher-aes.c
72@@ -69,7 +69,7 @@ ssh_rijndael_init(EVP_CIPHER_CTX *ctx, const u_char *key, const u_char *iv,
73
74 static int
75 ssh_rijndael_cbc(EVP_CIPHER_CTX *ctx, u_char *dest, const u_char *src,
76- LIBCRYPTO_EVP_INL_TYPE len)
77+ size_t len)
78 {
79 struct ssh_rijndael_ctx *c;
80 u_char buf[RIJNDAEL_BLOCKSIZE];
81diff --git a/configure.ac b/configure.ac
82index 22fee70f604..1c0ccdf19c5 100644
83--- a/configure.ac
84+++ b/configure.ac
85@@ -2802,42 +2802,40 @@ if test "x$openssl" = "xyes" ; then
86 #include <openssl/crypto.h>
87 #define DATA "conftest.ssllibver"
88 ]], [[
89- FILE *fd;
90- int rc;
91+ FILE *f;
92
93- fd = fopen(DATA,"w");
94- if(fd == NULL)
95+ if ((f = fopen(DATA, "w")) == NULL)
96 exit(1);
97-#ifndef OPENSSL_VERSION
98-# define OPENSSL_VERSION SSLEAY_VERSION
99-#endif
100-#ifndef HAVE_OPENSSL_VERSION
101-# define OpenSSL_version SSLeay_version
102-#endif
103-#ifndef HAVE_OPENSSL_VERSION_NUM
104-# define OpenSSL_version_num SSLeay
105-#endif
106- if ((rc = fprintf(fd, "%08lx (%s)\n",
107+ if (fprintf(f, "%08lx (%s)",
108 (unsigned long)OpenSSL_version_num(),
109- OpenSSL_version(OPENSSL_VERSION))) < 0)
110+ OpenSSL_version(OPENSSL_VERSION)) < 0)
111+ exit(1);
112+#ifdef LIBRESSL_VERSION_NUMBER
113+ if (fprintf(f, " libressl-%08lx", LIBRESSL_VERSION_NUMBER) < 0)
114+ exit(1);
115+#endif
116+ if (fputc('\n', f) == EOF || fclose(f) == EOF)
117 exit(1);
118-
119 exit(0);
120 ]])],
121 [
122- ssl_library_ver=`cat conftest.ssllibver`
123+ sslver=`cat conftest.ssllibver`
124+ ssl_showver=`echo "$sslver" | sed 's/ libressl-.*//'`
125 # Check version is supported.
126- case "$ssl_library_ver" in
127- 10000*|0*)
128- AC_MSG_ERROR([OpenSSL >= 1.0.1 required (have "$ssl_library_ver")])
129- ;;
130- 100*) ;; # 1.0.x
131- 101000[[0123456]]*)
132- # https://github.com/openssl/openssl/pull/4613
133- AC_MSG_ERROR([OpenSSL 1.1.x versions prior to 1.1.0g have a bug that breaks their use with OpenSSH (have "$ssl_library_ver")])
134+ case "$sslver" in
135+ 100*|10100*) # 1.0.x, 1.1.0x
136+ AC_MSG_ERROR([OpenSSL >= 1.1.1 required (have "$ssl_showver")])
137 ;;
138 101*) ;; # 1.1.x
139- 200*) ;; # LibreSSL
140+ 200*) # LibreSSL
141+ lver=`echo "$sslver" | sed 's/.*libressl-//'`
142+ case "$lver" in
143+ 2*|300*) # 2.x, 3.0.0
144+ AC_MSG_ERROR([LibreSSL >= 3.1.0 required (have "$ssl_showver")])
145+ ;;
146+ *) ;; # Assume all other versions are good.
147+ esac
148+ ;;
149 300*)
150 # OpenSSL 3; we use the 1.1x API
151 CPPFLAGS="$CPPFLAGS -DOPENSSL_API_COMPAT=0x10100000L"
152@@ -2847,10 +2845,10 @@ if test "x$openssl" = "xyes" ; then
153 CPPFLAGS="$CPPFLAGS -DOPENSSL_API_COMPAT=0x10100000L"
154 ;;
155 *)
156- AC_MSG_ERROR([Unknown/unsupported OpenSSL version ("$ssl_library_ver")])
157+ AC_MSG_ERROR([Unknown/unsupported OpenSSL version ("$ssl_showver")])
158 ;;
159 esac
160- AC_MSG_RESULT([$ssl_library_ver])
161+ AC_MSG_RESULT([$ssl_showver])
162 ],
163 [
164 AC_MSG_RESULT([not found])
165@@ -2863,7 +2861,7 @@ if test "x$openssl" = "xyes" ; then
166
167 case "$host" in
168 x86_64-*)
169- case "$ssl_library_ver" in
170+ case "$sslver" in
171 3000004*)
172 AC_MSG_ERROR([OpenSSL 3.0.4 has a potential RCE in its RSA implementation (CVE-2022-2274)])
173 ;;
174@@ -2879,9 +2877,6 @@ if test "x$openssl" = "xyes" ; then
175 #include <openssl/opensslv.h>
176 #include <openssl/crypto.h>
177 ]], [[
178-#ifndef HAVE_OPENSSL_VERSION_NUM
179-# define OpenSSL_version_num SSLeay
180-#endif
181 exit(OpenSSL_version_num() == OPENSSL_VERSION_NUMBER ? 0 : 1);
182 ]])],
183 [
184@@ -2955,44 +2950,13 @@ if test "x$openssl" = "xyes" ; then
185 )
186 )
187
188- # LibreSSL/OpenSSL 1.1x API
189+ # LibreSSL/OpenSSL API differences
190 AC_CHECK_FUNCS([ \
191- OPENSSL_init_crypto \
192- DH_get0_key \
193- DH_get0_pqg \
194- DH_set0_key \
195- DH_set_length \
196- DH_set0_pqg \
197- DSA_get0_key \
198- DSA_get0_pqg \
199- DSA_set0_key \
200- DSA_set0_pqg \
201- DSA_SIG_get0 \
202- DSA_SIG_set0 \
203- ECDSA_SIG_get0 \
204- ECDSA_SIG_set0 \
205 EVP_CIPHER_CTX_iv \
206 EVP_CIPHER_CTX_iv_noconst \
207 EVP_CIPHER_CTX_get_iv \
208 EVP_CIPHER_CTX_get_updated_iv \
209 EVP_CIPHER_CTX_set_iv \
210- RSA_get0_crt_params \
211- RSA_get0_factors \
212- RSA_get0_key \
213- RSA_set0_crt_params \
214- RSA_set0_factors \
215- RSA_set0_key \
216- RSA_meth_free \
217- RSA_meth_dup \
218- RSA_meth_set1_name \
219- RSA_meth_get_finish \
220- RSA_meth_set_priv_enc \
221- RSA_meth_set_priv_dec \
222- RSA_meth_set_finish \
223- EVP_PKEY_get0_RSA \
224- EVP_MD_CTX_new \
225- EVP_MD_CTX_free \
226- EVP_chacha20 \
227 ])
228
229 if test "x$openssl_engine" = "xyes" ; then
230@@ -3050,8 +3014,8 @@ if test "x$openssl" = "xyes" ; then
231 ]
232 )
233
234- # Check for SHA256, SHA384 and SHA512 support in OpenSSL
235- AC_CHECK_FUNCS([EVP_sha256 EVP_sha384 EVP_sha512])
236+ # Check for various EVP support in OpenSSL
237+ AC_CHECK_FUNCS([EVP_sha256 EVP_sha384 EVP_sha512 EVP_chacha20])
238
239 # Check complete ECC support in OpenSSL
240 AC_MSG_CHECKING([whether OpenSSL has NID_X9_62_prime256v1])
241diff --git a/openbsd-compat/libressl-api-compat.c b/openbsd-compat/libressl-api-compat.c
242index 498180dc894..59be17397c5 100644
243--- a/openbsd-compat/libressl-api-compat.c
244+++ b/openbsd-compat/libressl-api-compat.c
245@@ -1,129 +1,5 @@
246-/* $OpenBSD: dsa_lib.c,v 1.29 2018/04/14 07:09:21 tb Exp $ */
247-/* $OpenBSD: rsa_lib.c,v 1.37 2018/04/14 07:09:21 tb Exp $ */
248-/* $OpenBSD: evp_lib.c,v 1.17 2018/09/12 06:35:38 djm Exp $ */
249-/* $OpenBSD: dh_lib.c,v 1.32 2018/05/02 15:48:38 tb Exp $ */
250-/* $OpenBSD: p_lib.c,v 1.24 2018/05/30 15:40:50 tb Exp $ */
251-/* $OpenBSD: digest.c,v 1.30 2018/04/14 07:09:21 tb Exp $ */
252-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
253- * All rights reserved.
254- *
255- * This package is an SSL implementation written
256- * by Eric Young (eay@cryptsoft.com).
257- * The implementation was written so as to conform with Netscapes SSL.
258- *
259- * This library is free for commercial and non-commercial use as long as
260- * the following conditions are aheared to. The following conditions
261- * apply to all code found in this distribution, be it the RC4, RSA,
262- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
263- * included with this distribution is covered by the same copyright terms
264- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
265- *
266- * Copyright remains Eric Young's, and as such any Copyright notices in
267- * the code are not to be removed.
268- * If this package is used in a product, Eric Young should be given attribution
269- * as the author of the parts of the library used.
270- * This can be in the form of a textual message at program startup or
271- * in documentation (online or textual) provided with the package.
272- *
273- * Redistribution and use in source and binary forms, with or without
274- * modification, are permitted provided that the following conditions
275- * are met:
276- * 1. Redistributions of source code must retain the copyright
277- * notice, this list of conditions and the following disclaimer.
278- * 2. Redistributions in binary form must reproduce the above copyright
279- * notice, this list of conditions and the following disclaimer in the
280- * documentation and/or other materials provided with the distribution.
281- * 3. All advertising materials mentioning features or use of this software
282- * must display the following acknowledgement:
283- * "This product includes cryptographic software written by
284- * Eric Young (eay@cryptsoft.com)"
285- * The word 'cryptographic' can be left out if the rouines from the library
286- * being used are not cryptographic related :-).
287- * 4. If you include any Windows specific code (or a derivative thereof) from
288- * the apps directory (application code) you must include an acknowledgement:
289- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
290- *
291- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
292- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
293- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
294- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
295- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
296- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
297- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
298- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
299- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
300- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
301- * SUCH DAMAGE.
302- *
303- * The licence and distribution terms for any publically available version or
304- * derivative of this code cannot be changed. i.e. this code cannot simply be
305- * copied and put under another distribution licence
306- * [including the GNU Public Licence.]
307- */
308-
309-/* $OpenBSD: dsa_asn1.c,v 1.22 2018/06/14 17:03:19 jsing Exp $ */
310-/* $OpenBSD: ecs_asn1.c,v 1.9 2018/03/17 15:24:44 tb Exp $ */
311-/* $OpenBSD: digest.c,v 1.30 2018/04/14 07:09:21 tb Exp $ */
312-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
313- * project 2000.
314- */
315-/* ====================================================================
316- * Copyright (c) 2000-2005 The OpenSSL Project. All rights reserved.
317- *
318- * Redistribution and use in source and binary forms, with or without
319- * modification, are permitted provided that the following conditions
320- * are met:
321- *
322- * 1. Redistributions of source code must retain the above copyright
323- * notice, this list of conditions and the following disclaimer.
324- *
325- * 2. Redistributions in binary form must reproduce the above copyright
326- * notice, this list of conditions and the following disclaimer in
327- * the documentation and/or other materials provided with the
328- * distribution.
329- *
330- * 3. All advertising materials mentioning features or use of this
331- * software must display the following acknowledgment:
332- * "This product includes software developed by the OpenSSL Project
333- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
334- *
335- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
336- * endorse or promote products derived from this software without
337- * prior written permission. For written permission, please contact
338- * licensing@OpenSSL.org.
339- *
340- * 5. Products derived from this software may not be called "OpenSSL"
341- * nor may "OpenSSL" appear in their names without prior written
342- * permission of the OpenSSL Project.
343- *
344- * 6. Redistributions of any form whatsoever must retain the following
345- * acknowledgment:
346- * "This product includes software developed by the OpenSSL Project
347- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
348- *
349- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
350- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
351- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
352- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
353- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
354- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
355- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
356- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
357- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
358- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
359- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
360- * OF THE POSSIBILITY OF SUCH DAMAGE.
361- * ====================================================================
362- *
363- * This product includes cryptographic software written by Eric Young
364- * (eay@cryptsoft.com). This product includes software written by Tim
365- * Hudson (tjh@cryptsoft.com).
366- *
367- */
368-
369-/* $OpenBSD: rsa_meth.c,v 1.2 2018/09/12 06:35:38 djm Exp $ */
370 /*
371- * Copyright (c) 2018 Theo Buehler <tb@openbsd.org>
372+ * Copyright (c) 2018 Damien Miller <djm@mindrot.org>
373 *
374 * Permission to use, copy, modify, and distribute this software for any
375 * purpose with or without fee is hereby granted, provided that the above
376@@ -147,192 +23,7 @@
377 #include <stdlib.h>
378 #include <string.h>
379
380-#include <openssl/err.h>
381-#include <openssl/bn.h>
382-#include <openssl/dsa.h>
383-#include <openssl/rsa.h>
384 #include <openssl/evp.h>
385-#ifdef OPENSSL_HAS_ECC
386-#include <openssl/ecdsa.h>
387-#endif
388-#include <openssl/dh.h>
389-
390-#ifndef HAVE_DSA_GET0_PQG
391-void
392-DSA_get0_pqg(const DSA *d, const BIGNUM **p, const BIGNUM **q, const BIGNUM **g)
393-{
394- if (p != NULL)
395- *p = d->p;
396- if (q != NULL)
397- *q = d->q;
398- if (g != NULL)
399- *g = d->g;
400-}
401-#endif /* HAVE_DSA_GET0_PQG */
402-
403-#ifndef HAVE_DSA_SET0_PQG
404-int
405-DSA_set0_pqg(DSA *d, BIGNUM *p, BIGNUM *q, BIGNUM *g)
406-{
407- if ((d->p == NULL && p == NULL) || (d->q == NULL && q == NULL) ||
408- (d->g == NULL && g == NULL))
409- return 0;
410-
411- if (p != NULL) {
412- BN_free(d->p);
413- d->p = p;
414- }
415- if (q != NULL) {
416- BN_free(d->q);
417- d->q = q;
418- }
419- if (g != NULL) {
420- BN_free(d->g);
421- d->g = g;
422- }
423-
424- return 1;
425-}
426-#endif /* HAVE_DSA_SET0_PQG */
427-
428-#ifndef HAVE_DSA_GET0_KEY
429-void
430-DSA_get0_key(const DSA *d, const BIGNUM **pub_key, const BIGNUM **priv_key)
431-{
432- if (pub_key != NULL)
433- *pub_key = d->pub_key;
434- if (priv_key != NULL)
435- *priv_key = d->priv_key;
436-}
437-#endif /* HAVE_DSA_GET0_KEY */
438-
439-#ifndef HAVE_DSA_SET0_KEY
440-int
441-DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key)
442-{
443- if (d->pub_key == NULL && pub_key == NULL)
444- return 0;
445-
446- if (pub_key != NULL) {
447- BN_free(d->pub_key);
448- d->pub_key = pub_key;
449- }
450- if (priv_key != NULL) {
451- BN_free(d->priv_key);
452- d->priv_key = priv_key;
453- }
454-
455- return 1;
456-}
457-#endif /* HAVE_DSA_SET0_KEY */
458-
459-#ifndef HAVE_RSA_GET0_KEY
460-void
461-RSA_get0_key(const RSA *r, const BIGNUM **n, const BIGNUM **e, const BIGNUM **d)
462-{
463- if (n != NULL)
464- *n = r->n;
465- if (e != NULL)
466- *e = r->e;
467- if (d != NULL)
468- *d = r->d;
469-}
470-#endif /* HAVE_RSA_GET0_KEY */
471-
472-#ifndef HAVE_RSA_SET0_KEY
473-int
474-RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d)
475-{
476- if ((r->n == NULL && n == NULL) || (r->e == NULL && e == NULL))
477- return 0;
478-
479- if (n != NULL) {
480- BN_free(r->n);
481- r->n = n;
482- }
483- if (e != NULL) {
484- BN_free(r->e);
485- r->e = e;
486- }
487- if (d != NULL) {
488- BN_free(r->d);
489- r->d = d;
490- }
491-
492- return 1;
493-}
494-#endif /* HAVE_RSA_SET0_KEY */
495-
496-#ifndef HAVE_RSA_GET0_CRT_PARAMS
497-void
498-RSA_get0_crt_params(const RSA *r, const BIGNUM **dmp1, const BIGNUM **dmq1,
499- const BIGNUM **iqmp)
500-{
501- if (dmp1 != NULL)
502- *dmp1 = r->dmp1;
503- if (dmq1 != NULL)
504- *dmq1 = r->dmq1;
505- if (iqmp != NULL)
506- *iqmp = r->iqmp;
507-}
508-#endif /* HAVE_RSA_GET0_CRT_PARAMS */
509-
510-#ifndef HAVE_RSA_SET0_CRT_PARAMS
511-int
512-RSA_set0_crt_params(RSA *r, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp)
513-{
514- if ((r->dmp1 == NULL && dmp1 == NULL) ||
515- (r->dmq1 == NULL && dmq1 == NULL) ||
516- (r->iqmp == NULL && iqmp == NULL))
517- return 0;
518-
519- if (dmp1 != NULL) {
520- BN_free(r->dmp1);
521- r->dmp1 = dmp1;
522- }
523- if (dmq1 != NULL) {
524- BN_free(r->dmq1);
525- r->dmq1 = dmq1;
526- }
527- if (iqmp != NULL) {
528- BN_free(r->iqmp);
529- r->iqmp = iqmp;
530- }
531-
532- return 1;
533-}
534-#endif /* HAVE_RSA_SET0_CRT_PARAMS */
535-
536-#ifndef HAVE_RSA_GET0_FACTORS
537-void
538-RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q)
539-{
540- if (p != NULL)
541- *p = r->p;
542- if (q != NULL)
543- *q = r->q;
544-}
545-#endif /* HAVE_RSA_GET0_FACTORS */
546-
547-#ifndef HAVE_RSA_SET0_FACTORS
548-int
549-RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q)
550-{
551- if ((r->p == NULL && p == NULL) || (r->q == NULL && q == NULL))
552- return 0;
553-
554- if (p != NULL) {
555- BN_free(r->p);
556- r->p = p;
557- }
558- if (q != NULL) {
559- BN_free(r->q);
560- r->q = q;
561- }
562-
563- return 1;
564-}
565-#endif /* HAVE_RSA_SET0_FACTORS */
566
567 #ifndef HAVE_EVP_CIPHER_CTX_GET_IV
568 int
569@@ -392,249 +83,4 @@ EVP_CIPHER_CTX_set_iv(EVP_CIPHER_CTX *ctx, const unsigned char *iv, size_t len)
570 }
571 #endif /* HAVE_EVP_CIPHER_CTX_SET_IV */
572
573-#ifndef HAVE_DSA_SIG_GET0
574-void
575-DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps)
576-{
577- if (pr != NULL)
578- *pr = sig->r;
579- if (ps != NULL)
580- *ps = sig->s;
581-}
582-#endif /* HAVE_DSA_SIG_GET0 */
583-
584-#ifndef HAVE_DSA_SIG_SET0
585-int
586-DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s)
587-{
588- if (r == NULL || s == NULL)
589- return 0;
590-
591- BN_clear_free(sig->r);
592- sig->r = r;
593- BN_clear_free(sig->s);
594- sig->s = s;
595-
596- return 1;
597-}
598-#endif /* HAVE_DSA_SIG_SET0 */
599-
600-#ifdef OPENSSL_HAS_ECC
601-#ifndef HAVE_ECDSA_SIG_GET0
602-void
603-ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps)
604-{
605- if (pr != NULL)
606- *pr = sig->r;
607- if (ps != NULL)
608- *ps = sig->s;
609-}
610-#endif /* HAVE_ECDSA_SIG_GET0 */
611-
612-#ifndef HAVE_ECDSA_SIG_SET0
613-int
614-ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s)
615-{
616- if (r == NULL || s == NULL)
617- return 0;
618-
619- BN_clear_free(sig->r);
620- BN_clear_free(sig->s);
621- sig->r = r;
622- sig->s = s;
623- return 1;
624-}
625-#endif /* HAVE_ECDSA_SIG_SET0 */
626-#endif /* OPENSSL_HAS_ECC */
627-
628-#ifndef HAVE_DH_GET0_PQG
629-void
630-DH_get0_pqg(const DH *dh, const BIGNUM **p, const BIGNUM **q, const BIGNUM **g)
631-{
632- if (p != NULL)
633- *p = dh->p;
634- if (q != NULL)
635- *q = dh->q;
636- if (g != NULL)
637- *g = dh->g;
638-}
639-#endif /* HAVE_DH_GET0_PQG */
640-
641-#ifndef HAVE_DH_SET0_PQG
642-int
643-DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g)
644-{
645- if ((dh->p == NULL && p == NULL) || (dh->g == NULL && g == NULL))
646- return 0;
647-
648- if (p != NULL) {
649- BN_free(dh->p);
650- dh->p = p;
651- }
652- if (q != NULL) {
653- BN_free(dh->q);
654- dh->q = q;
655- }
656- if (g != NULL) {
657- BN_free(dh->g);
658- dh->g = g;
659- }
660-
661- return 1;
662-}
663-#endif /* HAVE_DH_SET0_PQG */
664-
665-#ifndef HAVE_DH_GET0_KEY
666-void
667-DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key)
668-{
669- if (pub_key != NULL)
670- *pub_key = dh->pub_key;
671- if (priv_key != NULL)
672- *priv_key = dh->priv_key;
673-}
674-#endif /* HAVE_DH_GET0_KEY */
675-
676-#ifndef HAVE_DH_SET0_KEY
677-int
678-DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key)
679-{
680- if (pub_key != NULL) {
681- BN_free(dh->pub_key);
682- dh->pub_key = pub_key;
683- }
684- if (priv_key != NULL) {
685- BN_free(dh->priv_key);
686- dh->priv_key = priv_key;
687- }
688-
689- return 1;
690-}
691-#endif /* HAVE_DH_SET0_KEY */
692-
693-#ifndef HAVE_DH_SET_LENGTH
694-int
695-DH_set_length(DH *dh, long length)
696-{
697- if (length < 0 || length > INT_MAX)
698- return 0;
699-
700- dh->length = length;
701- return 1;
702-}
703-#endif /* HAVE_DH_SET_LENGTH */
704-
705-#ifndef HAVE_RSA_METH_FREE
706-void
707-RSA_meth_free(RSA_METHOD *meth)
708-{
709- if (meth != NULL) {
710- free((char *)meth->name);
711- free(meth);
712- }
713-}
714-#endif /* HAVE_RSA_METH_FREE */
715-
716-#ifndef HAVE_RSA_METH_DUP
717-RSA_METHOD *
718-RSA_meth_dup(const RSA_METHOD *meth)
719-{
720- RSA_METHOD *copy;
721-
722- if ((copy = calloc(1, sizeof(*copy))) == NULL)
723- return NULL;
724- memcpy(copy, meth, sizeof(*copy));
725- if ((copy->name = strdup(meth->name)) == NULL) {
726- free(copy);
727- return NULL;
728- }
729-
730- return copy;
731-}
732-#endif /* HAVE_RSA_METH_DUP */
733-
734-#ifndef HAVE_RSA_METH_SET1_NAME
735-int
736-RSA_meth_set1_name(RSA_METHOD *meth, const char *name)
737-{
738- char *copy;
739-
740- if ((copy = strdup(name)) == NULL)
741- return 0;
742- free((char *)meth->name);
743- meth->name = copy;
744- return 1;
745-}
746-#endif /* HAVE_RSA_METH_SET1_NAME */
747-
748-#ifndef HAVE_RSA_METH_GET_FINISH
749-int
750-(*RSA_meth_get_finish(const RSA_METHOD *meth))(RSA *rsa)
751-{
752- return meth->finish;
753-}
754-#endif /* HAVE_RSA_METH_GET_FINISH */
755-
756-#ifndef HAVE_RSA_METH_SET_PRIV_ENC
757-int
758-RSA_meth_set_priv_enc(RSA_METHOD *meth, int (*priv_enc)(int flen,
759- const unsigned char *from, unsigned char *to, RSA *rsa, int padding))
760-{
761- meth->rsa_priv_enc = priv_enc;
762- return 1;
763-}
764-#endif /* HAVE_RSA_METH_SET_PRIV_ENC */
765-
766-#ifndef HAVE_RSA_METH_SET_PRIV_DEC
767-int
768-RSA_meth_set_priv_dec(RSA_METHOD *meth, int (*priv_dec)(int flen,
769- const unsigned char *from, unsigned char *to, RSA *rsa, int padding))
770-{
771- meth->rsa_priv_dec = priv_dec;
772- return 1;
773-}
774-#endif /* HAVE_RSA_METH_SET_PRIV_DEC */
775-
776-#ifndef HAVE_RSA_METH_SET_FINISH
777-int
778-RSA_meth_set_finish(RSA_METHOD *meth, int (*finish)(RSA *rsa))
779-{
780- meth->finish = finish;
781- return 1;
782-}
783-#endif /* HAVE_RSA_METH_SET_FINISH */
784-
785-#ifndef HAVE_EVP_PKEY_GET0_RSA
786-RSA *
787-EVP_PKEY_get0_RSA(EVP_PKEY *pkey)
788-{
789- if (pkey->type != EVP_PKEY_RSA) {
790- /* EVPerror(EVP_R_EXPECTING_AN_RSA_KEY); */
791- return NULL;
792- }
793- return pkey->pkey.rsa;
794-}
795-#endif /* HAVE_EVP_PKEY_GET0_RSA */
796-
797-#ifndef HAVE_EVP_MD_CTX_NEW
798-EVP_MD_CTX *
799-EVP_MD_CTX_new(void)
800-{
801- return calloc(1, sizeof(EVP_MD_CTX));
802-}
803-#endif /* HAVE_EVP_MD_CTX_NEW */
804-
805-#ifndef HAVE_EVP_MD_CTX_FREE
806-void
807-EVP_MD_CTX_free(EVP_MD_CTX *ctx)
808-{
809- if (ctx == NULL)
810- return;
811-
812- EVP_MD_CTX_cleanup(ctx);
813-
814- free(ctx);
815-}
816-#endif /* HAVE_EVP_MD_CTX_FREE */
817-
818 #endif /* WITH_OPENSSL */
819diff --git a/openbsd-compat/openssl-compat.h b/openbsd-compat/openssl-compat.h
820index 61a69dd56eb..d0dd2c3450d 100644
821--- a/openbsd-compat/openssl-compat.h
822+++ b/openbsd-compat/openssl-compat.h
823@@ -33,26 +33,13 @@
824 int ssh_compatible_openssl(long, long);
825 void ssh_libcrypto_init(void);
826
827-#if (OPENSSL_VERSION_NUMBER < 0x1000100fL)
828-# error OpenSSL 1.0.1 or greater is required
829+#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
830+# error OpenSSL 1.1.0 or greater is required
831 #endif
832-
833-#ifndef OPENSSL_VERSION
834-# define OPENSSL_VERSION SSLEAY_VERSION
835-#endif
836-
837-#ifndef HAVE_OPENSSL_VERSION
838-# define OpenSSL_version(x) SSLeay_version(x)
839-#endif
840-
841-#ifndef HAVE_OPENSSL_VERSION_NUM
842-# define OpenSSL_version_num SSLeay
843-#endif
844-
845-#if OPENSSL_VERSION_NUMBER < 0x10000001L
846-# define LIBCRYPTO_EVP_INL_TYPE unsigned int
847-#else
848-# define LIBCRYPTO_EVP_INL_TYPE size_t
849+#ifdef LIBRESSL_VERSION_NUMBER
850+# if LIBRESSL_VERSION_NUMBER < 0x3010000fL
851+# error LibreSSL 3.1.0 or greater is required
852+# endif
853 #endif
854
855 #ifndef OPENSSL_RSA_MAX_MODULUS_BITS
856@@ -68,25 +55,6 @@ void ssh_libcrypto_init(void);
857 # endif
858 #endif
859
860-/* LibreSSL/OpenSSL 1.1x API compat */
861-#ifndef HAVE_DSA_GET0_PQG
862-void DSA_get0_pqg(const DSA *d, const BIGNUM **p, const BIGNUM **q,
863- const BIGNUM **g);
864-#endif /* HAVE_DSA_GET0_PQG */
865-
866-#ifndef HAVE_DSA_SET0_PQG
867-int DSA_set0_pqg(DSA *d, BIGNUM *p, BIGNUM *q, BIGNUM *g);
868-#endif /* HAVE_DSA_SET0_PQG */
869-
870-#ifndef HAVE_DSA_GET0_KEY
871-void DSA_get0_key(const DSA *d, const BIGNUM **pub_key,
872- const BIGNUM **priv_key);
873-#endif /* HAVE_DSA_GET0_KEY */
874-
875-#ifndef HAVE_DSA_SET0_KEY
876-int DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key);
877-#endif /* HAVE_DSA_SET0_KEY */
878-
879 #ifndef HAVE_EVP_CIPHER_CTX_GET_IV
880 # ifdef HAVE_EVP_CIPHER_CTX_GET_UPDATED_IV
881 # define EVP_CIPHER_CTX_get_iv EVP_CIPHER_CTX_get_updated_iv
882@@ -101,112 +69,5 @@ int EVP_CIPHER_CTX_set_iv(EVP_CIPHER_CTX *ctx,
883 const unsigned char *iv, size_t len);
884 #endif /* HAVE_EVP_CIPHER_CTX_SET_IV */
885
886-#ifndef HAVE_RSA_GET0_KEY
887-void RSA_get0_key(const RSA *r, const BIGNUM **n, const BIGNUM **e,
888- const BIGNUM **d);
889-#endif /* HAVE_RSA_GET0_KEY */
890-
891-#ifndef HAVE_RSA_SET0_KEY
892-int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d);
893-#endif /* HAVE_RSA_SET0_KEY */
894-
895-#ifndef HAVE_RSA_GET0_CRT_PARAMS
896-void RSA_get0_crt_params(const RSA *r, const BIGNUM **dmp1, const BIGNUM **dmq1,
897- const BIGNUM **iqmp);
898-#endif /* HAVE_RSA_GET0_CRT_PARAMS */
899-
900-#ifndef HAVE_RSA_SET0_CRT_PARAMS
901-int RSA_set0_crt_params(RSA *r, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp);
902-#endif /* HAVE_RSA_SET0_CRT_PARAMS */
903-
904-#ifndef HAVE_RSA_GET0_FACTORS
905-void RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q);
906-#endif /* HAVE_RSA_GET0_FACTORS */
907-
908-#ifndef HAVE_RSA_SET0_FACTORS
909-int RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q);
910-#endif /* HAVE_RSA_SET0_FACTORS */
911-
912-#ifndef DSA_SIG_GET0
913-void DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps);
914-#endif /* DSA_SIG_GET0 */
915-
916-#ifndef DSA_SIG_SET0
917-int DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s);
918-#endif /* DSA_SIG_SET0 */
919-
920-#ifdef OPENSSL_HAS_ECC
921-#ifndef HAVE_ECDSA_SIG_GET0
922-void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps);
923-#endif /* HAVE_ECDSA_SIG_GET0 */
924-
925-#ifndef HAVE_ECDSA_SIG_SET0
926-int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s);
927-#endif /* HAVE_ECDSA_SIG_SET0 */
928-#endif /* OPENSSL_HAS_ECC */
929-
930-#ifndef HAVE_DH_GET0_PQG
931-void DH_get0_pqg(const DH *dh, const BIGNUM **p, const BIGNUM **q,
932- const BIGNUM **g);
933-#endif /* HAVE_DH_GET0_PQG */
934-
935-#ifndef HAVE_DH_SET0_PQG
936-int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g);
937-#endif /* HAVE_DH_SET0_PQG */
938-
939-#ifndef HAVE_DH_GET0_KEY
940-void DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key);
941-#endif /* HAVE_DH_GET0_KEY */
942-
943-#ifndef HAVE_DH_SET0_KEY
944-int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key);
945-#endif /* HAVE_DH_SET0_KEY */
946-
947-#ifndef HAVE_DH_SET_LENGTH
948-int DH_set_length(DH *dh, long length);
949-#endif /* HAVE_DH_SET_LENGTH */
950-
951-#ifndef HAVE_RSA_METH_FREE
952-void RSA_meth_free(RSA_METHOD *meth);
953-#endif /* HAVE_RSA_METH_FREE */
954-
955-#ifndef HAVE_RSA_METH_DUP
956-RSA_METHOD *RSA_meth_dup(const RSA_METHOD *meth);
957-#endif /* HAVE_RSA_METH_DUP */
958-
959-#ifndef HAVE_RSA_METH_SET1_NAME
960-int RSA_meth_set1_name(RSA_METHOD *meth, const char *name);
961-#endif /* HAVE_RSA_METH_SET1_NAME */
962-
963-#ifndef HAVE_RSA_METH_GET_FINISH
964-int (*RSA_meth_get_finish(const RSA_METHOD *meth))(RSA *rsa);
965-#endif /* HAVE_RSA_METH_GET_FINISH */
966-
967-#ifndef HAVE_RSA_METH_SET_PRIV_ENC
968-int RSA_meth_set_priv_enc(RSA_METHOD *meth, int (*priv_enc)(int flen,
969- const unsigned char *from, unsigned char *to, RSA *rsa, int padding));
970-#endif /* HAVE_RSA_METH_SET_PRIV_ENC */
971-
972-#ifndef HAVE_RSA_METH_SET_PRIV_DEC
973-int RSA_meth_set_priv_dec(RSA_METHOD *meth, int (*priv_dec)(int flen,
974- const unsigned char *from, unsigned char *to, RSA *rsa, int padding));
975-#endif /* HAVE_RSA_METH_SET_PRIV_DEC */
976-
977-#ifndef HAVE_RSA_METH_SET_FINISH
978-int RSA_meth_set_finish(RSA_METHOD *meth, int (*finish)(RSA *rsa));
979-#endif /* HAVE_RSA_METH_SET_FINISH */
980-
981-#ifndef HAVE_EVP_PKEY_GET0_RSA
982-RSA *EVP_PKEY_get0_RSA(EVP_PKEY *pkey);
983-#endif /* HAVE_EVP_PKEY_GET0_RSA */
984-
985-#ifndef HAVE_EVP_MD_CTX_new
986-EVP_MD_CTX *EVP_MD_CTX_new(void);
987-#endif /* HAVE_EVP_MD_CTX_new */
988-
989-#ifndef HAVE_EVP_MD_CTX_free
990-void EVP_MD_CTX_free(EVP_MD_CTX *ctx);
991-#endif /* HAVE_EVP_MD_CTX_free */
992-
993 #endif /* WITH_OPENSSL */
994 #endif /* _OPENSSL_COMPAT_H */
diff --git a/meta/recipes-connectivity/openssh/openssh_9.3p2.bb b/meta/recipes-connectivity/openssh/openssh_9.4p1.bb
index 5fb2dccdfc..3f232a839d 100644
--- a/meta/recipes-connectivity/openssh/openssh_9.3p2.bb
+++ b/meta/recipes-connectivity/openssh/openssh_9.4p1.bb
@@ -24,9 +24,8 @@ SRC_URI = "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar
24 file://fix-potential-signed-overflow-in-pointer-arithmatic.patch \ 24 file://fix-potential-signed-overflow-in-pointer-arithmatic.patch \
25 file://sshd_check_keys \ 25 file://sshd_check_keys \
26 file://add-test-support-for-busybox.patch \ 26 file://add-test-support-for-busybox.patch \
27 file://7280401bdd77ca54be6867a154cc01e0d72612e0.patch \
28 " 27 "
29SRC_URI[sha256sum] = "200ebe147f6cb3f101fd0cdf9e02442af7ddca298dffd9f456878e7ccac676e8" 28SRC_URI[sha256sum] = "3608fd9088db2163ceb3e600c85ab79d0de3d221e59192ea1923e23263866a85"
30 29
31CVE_STATUS[CVE-2007-2768] = "not-applicable-config: This CVE is specific to OpenSSH with the pam opie which we don't build/use here." 30CVE_STATUS[CVE-2007-2768] = "not-applicable-config: This CVE is specific to OpenSSH with the pam opie which we don't build/use here."
32 31