diff options
author | Sudip Mukherjee <sudipm.mukherjee@gmail.com> | 2023-09-02 15:24:15 +0100 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2023-09-03 10:34:20 +0100 |
commit | e4ac4b116cca421d55c845cdcf5d018ae20561de (patch) | |
tree | 1abe587784876b4519d1bd36b60233a7b197b886 /meta/recipes-connectivity/openssh | |
parent | e2d82c3691fe932360b9af21a023b6460f815132 (diff) | |
download | poky-e4ac4b116cca421d55c845cdcf5d018ae20561de.tar.gz |
openssh: upgrade to v9.4p1
Changes:
Update sha256sum
Remove backported patch
(From OE-Core rev: 51a6e56fcb28ec97ba3a4b40bbcd3d64e6d390d5)
Signed-off-by: Sudip Mukherjee <sudipm.mukherjee@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-connectivity/openssh')
-rw-r--r-- | meta/recipes-connectivity/openssh/openssh/7280401bdd77ca54be6867a154cc01e0d72612e0.patch | 994 | ||||
-rw-r--r-- | meta/recipes-connectivity/openssh/openssh_9.4p1.bb (renamed from meta/recipes-connectivity/openssh/openssh_9.3p2.bb) | 3 |
2 files changed, 1 insertions, 996 deletions
diff --git a/meta/recipes-connectivity/openssh/openssh/7280401bdd77ca54be6867a154cc01e0d72612e0.patch b/meta/recipes-connectivity/openssh/openssh/7280401bdd77ca54be6867a154cc01e0d72612e0.patch deleted file mode 100644 index 4c8aa085f3..0000000000 --- a/meta/recipes-connectivity/openssh/openssh/7280401bdd77ca54be6867a154cc01e0d72612e0.patch +++ /dev/null | |||
@@ -1,994 +0,0 @@ | |||
1 | From 7280401bdd77ca54be6867a154cc01e0d72612e0 Mon Sep 17 00:00:00 2001 | ||
2 | From: Damien Miller <djm@mindrot.org> | ||
3 | Date: Fri, 24 Mar 2023 13:56:25 +1100 | ||
4 | Subject: [PATCH] remove support for old libcrypto | ||
5 | |||
6 | OpenSSH now requires LibreSSL 3.1.0 or greater or | ||
7 | OpenSSL 1.1.1 or greater | ||
8 | |||
9 | with/ok dtucker@ | ||
10 | |||
11 | Upstream-Status: Backport [https://github.com/openssh/openssh-portable/commit/7280401bdd77ca54be6867a154cc01e0d72612e0] | ||
12 | Comment: Hunks are refreshed. | ||
13 | Signed-off-by: Riyaz Khan <Riyaz.Khan@kpit.com> | ||
14 | |||
15 | --- | ||
16 | .github/workflows/c-cpp.yml | 7 - | ||
17 | INSTALL | 8 +- | ||
18 | cipher-aes.c | 2 +- | ||
19 | configure.ac | 96 ++--- | ||
20 | openbsd-compat/libressl-api-compat.c | 556 +-------------------------- | ||
21 | openbsd-compat/openssl-compat.h | 151 +------- | ||
22 | 6 files changed, 40 insertions(+), 780 deletions(-) | ||
23 | |||
24 | diff --git a/.github/workflows/c-cpp.yml b/.github/workflows/c-cpp.yml | ||
25 | index 3d9aa22dba5..d299a32468d 100644 | ||
26 | --- a/.github/workflows/c-cpp.yml | ||
27 | +++ b/.github/workflows/c-cpp.yml | ||
28 | @@ -47,9 +47,6 @@ jobs: | ||
29 | - { target: ubuntu-20.04, config: tcmalloc } | ||
30 | - { target: ubuntu-20.04, config: musl } | ||
31 | - { target: ubuntu-latest, config: libressl-master } | ||
32 | - - { target: ubuntu-latest, config: libressl-2.2.9 } | ||
33 | - - { target: ubuntu-latest, config: libressl-2.8.3 } | ||
34 | - - { target: ubuntu-latest, config: libressl-3.0.2 } | ||
35 | - { target: ubuntu-latest, config: libressl-3.2.6 } | ||
36 | - { target: ubuntu-latest, config: libressl-3.3.6 } | ||
37 | - { target: ubuntu-latest, config: libressl-3.4.3 } | ||
38 | @@ -58,10 +55,6 @@ jobs: | ||
39 | - { target: ubuntu-latest, config: libressl-3.7.0 } | ||
40 | - { target: ubuntu-latest, config: openssl-master } | ||
41 | - { target: ubuntu-latest, config: openssl-noec } | ||
42 | - - { target: ubuntu-latest, config: openssl-1.0.1 } | ||
43 | - - { target: ubuntu-latest, config: openssl-1.0.1u } | ||
44 | - - { target: ubuntu-latest, config: openssl-1.0.2u } | ||
45 | - - { target: ubuntu-latest, config: openssl-1.1.0h } | ||
46 | - { target: ubuntu-latest, config: openssl-1.1.1 } | ||
47 | - { target: ubuntu-latest, config: openssl-1.1.1k } | ||
48 | - { target: ubuntu-latest, config: openssl-1.1.1n } | ||
49 | diff --git a/INSTALL b/INSTALL | ||
50 | index 68b15e13190..f99d1e2a809 100644 | ||
51 | --- a/INSTALL | ||
52 | +++ b/INSTALL | ||
53 | @@ -21,12 +21,8 @@ https://zlib.net/ | ||
54 | |||
55 | libcrypto from either of LibreSSL or OpenSSL. Building without libcrypto | ||
56 | is supported but severely restricts the available ciphers and algorithms. | ||
57 | - - LibreSSL (https://www.libressl.org/) | ||
58 | - - OpenSSL (https://www.openssl.org) with any of the following versions: | ||
59 | - - 1.0.x >= 1.0.1 or 1.1.0 >= 1.1.0g or any 1.1.1 | ||
60 | - | ||
61 | -Note that due to a bug in EVP_CipherInit OpenSSL 1.1 versions prior to | ||
62 | -1.1.0g can't be used. | ||
63 | + - LibreSSL (https://www.libressl.org/) 3.1.0 or greater | ||
64 | + - OpenSSL (https://www.openssl.org) 1.1.1 or greater | ||
65 | |||
66 | LibreSSL/OpenSSL should be compiled as a position-independent library | ||
67 | (i.e. -fPIC, eg by configuring OpenSSL as "./config [options] -fPIC" | ||
68 | diff --git a/cipher-aes.c b/cipher-aes.c | ||
69 | index 8b101727284..87c763353d8 100644 | ||
70 | --- a/cipher-aes.c | ||
71 | +++ b/cipher-aes.c | ||
72 | @@ -69,7 +69,7 @@ ssh_rijndael_init(EVP_CIPHER_CTX *ctx, const u_char *key, const u_char *iv, | ||
73 | |||
74 | static int | ||
75 | ssh_rijndael_cbc(EVP_CIPHER_CTX *ctx, u_char *dest, const u_char *src, | ||
76 | - LIBCRYPTO_EVP_INL_TYPE len) | ||
77 | + size_t len) | ||
78 | { | ||
79 | struct ssh_rijndael_ctx *c; | ||
80 | u_char buf[RIJNDAEL_BLOCKSIZE]; | ||
81 | diff --git a/configure.ac b/configure.ac | ||
82 | index 22fee70f604..1c0ccdf19c5 100644 | ||
83 | --- a/configure.ac | ||
84 | +++ b/configure.ac | ||
85 | @@ -2802,42 +2802,40 @@ if test "x$openssl" = "xyes" ; then | ||
86 | #include <openssl/crypto.h> | ||
87 | #define DATA "conftest.ssllibver" | ||
88 | ]], [[ | ||
89 | - FILE *fd; | ||
90 | - int rc; | ||
91 | + FILE *f; | ||
92 | |||
93 | - fd = fopen(DATA,"w"); | ||
94 | - if(fd == NULL) | ||
95 | + if ((f = fopen(DATA, "w")) == NULL) | ||
96 | exit(1); | ||
97 | -#ifndef OPENSSL_VERSION | ||
98 | -# define OPENSSL_VERSION SSLEAY_VERSION | ||
99 | -#endif | ||
100 | -#ifndef HAVE_OPENSSL_VERSION | ||
101 | -# define OpenSSL_version SSLeay_version | ||
102 | -#endif | ||
103 | -#ifndef HAVE_OPENSSL_VERSION_NUM | ||
104 | -# define OpenSSL_version_num SSLeay | ||
105 | -#endif | ||
106 | - if ((rc = fprintf(fd, "%08lx (%s)\n", | ||
107 | + if (fprintf(f, "%08lx (%s)", | ||
108 | (unsigned long)OpenSSL_version_num(), | ||
109 | - OpenSSL_version(OPENSSL_VERSION))) < 0) | ||
110 | + OpenSSL_version(OPENSSL_VERSION)) < 0) | ||
111 | + exit(1); | ||
112 | +#ifdef LIBRESSL_VERSION_NUMBER | ||
113 | + if (fprintf(f, " libressl-%08lx", LIBRESSL_VERSION_NUMBER) < 0) | ||
114 | + exit(1); | ||
115 | +#endif | ||
116 | + if (fputc('\n', f) == EOF || fclose(f) == EOF) | ||
117 | exit(1); | ||
118 | - | ||
119 | exit(0); | ||
120 | ]])], | ||
121 | [ | ||
122 | - ssl_library_ver=`cat conftest.ssllibver` | ||
123 | + sslver=`cat conftest.ssllibver` | ||
124 | + ssl_showver=`echo "$sslver" | sed 's/ libressl-.*//'` | ||
125 | # Check version is supported. | ||
126 | - case "$ssl_library_ver" in | ||
127 | - 10000*|0*) | ||
128 | - AC_MSG_ERROR([OpenSSL >= 1.0.1 required (have "$ssl_library_ver")]) | ||
129 | - ;; | ||
130 | - 100*) ;; # 1.0.x | ||
131 | - 101000[[0123456]]*) | ||
132 | - # https://github.com/openssl/openssl/pull/4613 | ||
133 | - AC_MSG_ERROR([OpenSSL 1.1.x versions prior to 1.1.0g have a bug that breaks their use with OpenSSH (have "$ssl_library_ver")]) | ||
134 | + case "$sslver" in | ||
135 | + 100*|10100*) # 1.0.x, 1.1.0x | ||
136 | + AC_MSG_ERROR([OpenSSL >= 1.1.1 required (have "$ssl_showver")]) | ||
137 | ;; | ||
138 | 101*) ;; # 1.1.x | ||
139 | - 200*) ;; # LibreSSL | ||
140 | + 200*) # LibreSSL | ||
141 | + lver=`echo "$sslver" | sed 's/.*libressl-//'` | ||
142 | + case "$lver" in | ||
143 | + 2*|300*) # 2.x, 3.0.0 | ||
144 | + AC_MSG_ERROR([LibreSSL >= 3.1.0 required (have "$ssl_showver")]) | ||
145 | + ;; | ||
146 | + *) ;; # Assume all other versions are good. | ||
147 | + esac | ||
148 | + ;; | ||
149 | 300*) | ||
150 | # OpenSSL 3; we use the 1.1x API | ||
151 | CPPFLAGS="$CPPFLAGS -DOPENSSL_API_COMPAT=0x10100000L" | ||
152 | @@ -2847,10 +2845,10 @@ if test "x$openssl" = "xyes" ; then | ||
153 | CPPFLAGS="$CPPFLAGS -DOPENSSL_API_COMPAT=0x10100000L" | ||
154 | ;; | ||
155 | *) | ||
156 | - AC_MSG_ERROR([Unknown/unsupported OpenSSL version ("$ssl_library_ver")]) | ||
157 | + AC_MSG_ERROR([Unknown/unsupported OpenSSL version ("$ssl_showver")]) | ||
158 | ;; | ||
159 | esac | ||
160 | - AC_MSG_RESULT([$ssl_library_ver]) | ||
161 | + AC_MSG_RESULT([$ssl_showver]) | ||
162 | ], | ||
163 | [ | ||
164 | AC_MSG_RESULT([not found]) | ||
165 | @@ -2863,7 +2861,7 @@ if test "x$openssl" = "xyes" ; then | ||
166 | |||
167 | case "$host" in | ||
168 | x86_64-*) | ||
169 | - case "$ssl_library_ver" in | ||
170 | + case "$sslver" in | ||
171 | 3000004*) | ||
172 | AC_MSG_ERROR([OpenSSL 3.0.4 has a potential RCE in its RSA implementation (CVE-2022-2274)]) | ||
173 | ;; | ||
174 | @@ -2879,9 +2877,6 @@ if test "x$openssl" = "xyes" ; then | ||
175 | #include <openssl/opensslv.h> | ||
176 | #include <openssl/crypto.h> | ||
177 | ]], [[ | ||
178 | -#ifndef HAVE_OPENSSL_VERSION_NUM | ||
179 | -# define OpenSSL_version_num SSLeay | ||
180 | -#endif | ||
181 | exit(OpenSSL_version_num() == OPENSSL_VERSION_NUMBER ? 0 : 1); | ||
182 | ]])], | ||
183 | [ | ||
184 | @@ -2955,44 +2950,13 @@ if test "x$openssl" = "xyes" ; then | ||
185 | ) | ||
186 | ) | ||
187 | |||
188 | - # LibreSSL/OpenSSL 1.1x API | ||
189 | + # LibreSSL/OpenSSL API differences | ||
190 | AC_CHECK_FUNCS([ \ | ||
191 | - OPENSSL_init_crypto \ | ||
192 | - DH_get0_key \ | ||
193 | - DH_get0_pqg \ | ||
194 | - DH_set0_key \ | ||
195 | - DH_set_length \ | ||
196 | - DH_set0_pqg \ | ||
197 | - DSA_get0_key \ | ||
198 | - DSA_get0_pqg \ | ||
199 | - DSA_set0_key \ | ||
200 | - DSA_set0_pqg \ | ||
201 | - DSA_SIG_get0 \ | ||
202 | - DSA_SIG_set0 \ | ||
203 | - ECDSA_SIG_get0 \ | ||
204 | - ECDSA_SIG_set0 \ | ||
205 | EVP_CIPHER_CTX_iv \ | ||
206 | EVP_CIPHER_CTX_iv_noconst \ | ||
207 | EVP_CIPHER_CTX_get_iv \ | ||
208 | EVP_CIPHER_CTX_get_updated_iv \ | ||
209 | EVP_CIPHER_CTX_set_iv \ | ||
210 | - RSA_get0_crt_params \ | ||
211 | - RSA_get0_factors \ | ||
212 | - RSA_get0_key \ | ||
213 | - RSA_set0_crt_params \ | ||
214 | - RSA_set0_factors \ | ||
215 | - RSA_set0_key \ | ||
216 | - RSA_meth_free \ | ||
217 | - RSA_meth_dup \ | ||
218 | - RSA_meth_set1_name \ | ||
219 | - RSA_meth_get_finish \ | ||
220 | - RSA_meth_set_priv_enc \ | ||
221 | - RSA_meth_set_priv_dec \ | ||
222 | - RSA_meth_set_finish \ | ||
223 | - EVP_PKEY_get0_RSA \ | ||
224 | - EVP_MD_CTX_new \ | ||
225 | - EVP_MD_CTX_free \ | ||
226 | - EVP_chacha20 \ | ||
227 | ]) | ||
228 | |||
229 | if test "x$openssl_engine" = "xyes" ; then | ||
230 | @@ -3050,8 +3014,8 @@ if test "x$openssl" = "xyes" ; then | ||
231 | ] | ||
232 | ) | ||
233 | |||
234 | - # Check for SHA256, SHA384 and SHA512 support in OpenSSL | ||
235 | - AC_CHECK_FUNCS([EVP_sha256 EVP_sha384 EVP_sha512]) | ||
236 | + # Check for various EVP support in OpenSSL | ||
237 | + AC_CHECK_FUNCS([EVP_sha256 EVP_sha384 EVP_sha512 EVP_chacha20]) | ||
238 | |||
239 | # Check complete ECC support in OpenSSL | ||
240 | AC_MSG_CHECKING([whether OpenSSL has NID_X9_62_prime256v1]) | ||
241 | diff --git a/openbsd-compat/libressl-api-compat.c b/openbsd-compat/libressl-api-compat.c | ||
242 | index 498180dc894..59be17397c5 100644 | ||
243 | --- a/openbsd-compat/libressl-api-compat.c | ||
244 | +++ b/openbsd-compat/libressl-api-compat.c | ||
245 | @@ -1,129 +1,5 @@ | ||
246 | -/* $OpenBSD: dsa_lib.c,v 1.29 2018/04/14 07:09:21 tb Exp $ */ | ||
247 | -/* $OpenBSD: rsa_lib.c,v 1.37 2018/04/14 07:09:21 tb Exp $ */ | ||
248 | -/* $OpenBSD: evp_lib.c,v 1.17 2018/09/12 06:35:38 djm Exp $ */ | ||
249 | -/* $OpenBSD: dh_lib.c,v 1.32 2018/05/02 15:48:38 tb Exp $ */ | ||
250 | -/* $OpenBSD: p_lib.c,v 1.24 2018/05/30 15:40:50 tb Exp $ */ | ||
251 | -/* $OpenBSD: digest.c,v 1.30 2018/04/14 07:09:21 tb Exp $ */ | ||
252 | -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | ||
253 | - * All rights reserved. | ||
254 | - * | ||
255 | - * This package is an SSL implementation written | ||
256 | - * by Eric Young (eay@cryptsoft.com). | ||
257 | - * The implementation was written so as to conform with Netscapes SSL. | ||
258 | - * | ||
259 | - * This library is free for commercial and non-commercial use as long as | ||
260 | - * the following conditions are aheared to. The following conditions | ||
261 | - * apply to all code found in this distribution, be it the RC4, RSA, | ||
262 | - * lhash, DES, etc., code; not just the SSL code. The SSL documentation | ||
263 | - * included with this distribution is covered by the same copyright terms | ||
264 | - * except that the holder is Tim Hudson (tjh@cryptsoft.com). | ||
265 | - * | ||
266 | - * Copyright remains Eric Young's, and as such any Copyright notices in | ||
267 | - * the code are not to be removed. | ||
268 | - * If this package is used in a product, Eric Young should be given attribution | ||
269 | - * as the author of the parts of the library used. | ||
270 | - * This can be in the form of a textual message at program startup or | ||
271 | - * in documentation (online or textual) provided with the package. | ||
272 | - * | ||
273 | - * Redistribution and use in source and binary forms, with or without | ||
274 | - * modification, are permitted provided that the following conditions | ||
275 | - * are met: | ||
276 | - * 1. Redistributions of source code must retain the copyright | ||
277 | - * notice, this list of conditions and the following disclaimer. | ||
278 | - * 2. Redistributions in binary form must reproduce the above copyright | ||
279 | - * notice, this list of conditions and the following disclaimer in the | ||
280 | - * documentation and/or other materials provided with the distribution. | ||
281 | - * 3. All advertising materials mentioning features or use of this software | ||
282 | - * must display the following acknowledgement: | ||
283 | - * "This product includes cryptographic software written by | ||
284 | - * Eric Young (eay@cryptsoft.com)" | ||
285 | - * The word 'cryptographic' can be left out if the rouines from the library | ||
286 | - * being used are not cryptographic related :-). | ||
287 | - * 4. If you include any Windows specific code (or a derivative thereof) from | ||
288 | - * the apps directory (application code) you must include an acknowledgement: | ||
289 | - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | ||
290 | - * | ||
291 | - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | ||
292 | - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
293 | - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | ||
294 | - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | ||
295 | - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | ||
296 | - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | ||
297 | - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
298 | - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | ||
299 | - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | ||
300 | - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | ||
301 | - * SUCH DAMAGE. | ||
302 | - * | ||
303 | - * The licence and distribution terms for any publically available version or | ||
304 | - * derivative of this code cannot be changed. i.e. this code cannot simply be | ||
305 | - * copied and put under another distribution licence | ||
306 | - * [including the GNU Public Licence.] | ||
307 | - */ | ||
308 | - | ||
309 | -/* $OpenBSD: dsa_asn1.c,v 1.22 2018/06/14 17:03:19 jsing Exp $ */ | ||
310 | -/* $OpenBSD: ecs_asn1.c,v 1.9 2018/03/17 15:24:44 tb Exp $ */ | ||
311 | -/* $OpenBSD: digest.c,v 1.30 2018/04/14 07:09:21 tb Exp $ */ | ||
312 | -/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | ||
313 | - * project 2000. | ||
314 | - */ | ||
315 | -/* ==================================================================== | ||
316 | - * Copyright (c) 2000-2005 The OpenSSL Project. All rights reserved. | ||
317 | - * | ||
318 | - * Redistribution and use in source and binary forms, with or without | ||
319 | - * modification, are permitted provided that the following conditions | ||
320 | - * are met: | ||
321 | - * | ||
322 | - * 1. Redistributions of source code must retain the above copyright | ||
323 | - * notice, this list of conditions and the following disclaimer. | ||
324 | - * | ||
325 | - * 2. Redistributions in binary form must reproduce the above copyright | ||
326 | - * notice, this list of conditions and the following disclaimer in | ||
327 | - * the documentation and/or other materials provided with the | ||
328 | - * distribution. | ||
329 | - * | ||
330 | - * 3. All advertising materials mentioning features or use of this | ||
331 | - * software must display the following acknowledgment: | ||
332 | - * "This product includes software developed by the OpenSSL Project | ||
333 | - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" | ||
334 | - * | ||
335 | - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
336 | - * endorse or promote products derived from this software without | ||
337 | - * prior written permission. For written permission, please contact | ||
338 | - * licensing@OpenSSL.org. | ||
339 | - * | ||
340 | - * 5. Products derived from this software may not be called "OpenSSL" | ||
341 | - * nor may "OpenSSL" appear in their names without prior written | ||
342 | - * permission of the OpenSSL Project. | ||
343 | - * | ||
344 | - * 6. Redistributions of any form whatsoever must retain the following | ||
345 | - * acknowledgment: | ||
346 | - * "This product includes software developed by the OpenSSL Project | ||
347 | - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" | ||
348 | - * | ||
349 | - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
350 | - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
351 | - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
352 | - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
353 | - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
354 | - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
355 | - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
356 | - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
357 | - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
358 | - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
359 | - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
360 | - * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
361 | - * ==================================================================== | ||
362 | - * | ||
363 | - * This product includes cryptographic software written by Eric Young | ||
364 | - * (eay@cryptsoft.com). This product includes software written by Tim | ||
365 | - * Hudson (tjh@cryptsoft.com). | ||
366 | - * | ||
367 | - */ | ||
368 | - | ||
369 | -/* $OpenBSD: rsa_meth.c,v 1.2 2018/09/12 06:35:38 djm Exp $ */ | ||
370 | /* | ||
371 | - * Copyright (c) 2018 Theo Buehler <tb@openbsd.org> | ||
372 | + * Copyright (c) 2018 Damien Miller <djm@mindrot.org> | ||
373 | * | ||
374 | * Permission to use, copy, modify, and distribute this software for any | ||
375 | * purpose with or without fee is hereby granted, provided that the above | ||
376 | @@ -147,192 +23,7 @@ | ||
377 | #include <stdlib.h> | ||
378 | #include <string.h> | ||
379 | |||
380 | -#include <openssl/err.h> | ||
381 | -#include <openssl/bn.h> | ||
382 | -#include <openssl/dsa.h> | ||
383 | -#include <openssl/rsa.h> | ||
384 | #include <openssl/evp.h> | ||
385 | -#ifdef OPENSSL_HAS_ECC | ||
386 | -#include <openssl/ecdsa.h> | ||
387 | -#endif | ||
388 | -#include <openssl/dh.h> | ||
389 | - | ||
390 | -#ifndef HAVE_DSA_GET0_PQG | ||
391 | -void | ||
392 | -DSA_get0_pqg(const DSA *d, const BIGNUM **p, const BIGNUM **q, const BIGNUM **g) | ||
393 | -{ | ||
394 | - if (p != NULL) | ||
395 | - *p = d->p; | ||
396 | - if (q != NULL) | ||
397 | - *q = d->q; | ||
398 | - if (g != NULL) | ||
399 | - *g = d->g; | ||
400 | -} | ||
401 | -#endif /* HAVE_DSA_GET0_PQG */ | ||
402 | - | ||
403 | -#ifndef HAVE_DSA_SET0_PQG | ||
404 | -int | ||
405 | -DSA_set0_pqg(DSA *d, BIGNUM *p, BIGNUM *q, BIGNUM *g) | ||
406 | -{ | ||
407 | - if ((d->p == NULL && p == NULL) || (d->q == NULL && q == NULL) || | ||
408 | - (d->g == NULL && g == NULL)) | ||
409 | - return 0; | ||
410 | - | ||
411 | - if (p != NULL) { | ||
412 | - BN_free(d->p); | ||
413 | - d->p = p; | ||
414 | - } | ||
415 | - if (q != NULL) { | ||
416 | - BN_free(d->q); | ||
417 | - d->q = q; | ||
418 | - } | ||
419 | - if (g != NULL) { | ||
420 | - BN_free(d->g); | ||
421 | - d->g = g; | ||
422 | - } | ||
423 | - | ||
424 | - return 1; | ||
425 | -} | ||
426 | -#endif /* HAVE_DSA_SET0_PQG */ | ||
427 | - | ||
428 | -#ifndef HAVE_DSA_GET0_KEY | ||
429 | -void | ||
430 | -DSA_get0_key(const DSA *d, const BIGNUM **pub_key, const BIGNUM **priv_key) | ||
431 | -{ | ||
432 | - if (pub_key != NULL) | ||
433 | - *pub_key = d->pub_key; | ||
434 | - if (priv_key != NULL) | ||
435 | - *priv_key = d->priv_key; | ||
436 | -} | ||
437 | -#endif /* HAVE_DSA_GET0_KEY */ | ||
438 | - | ||
439 | -#ifndef HAVE_DSA_SET0_KEY | ||
440 | -int | ||
441 | -DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key) | ||
442 | -{ | ||
443 | - if (d->pub_key == NULL && pub_key == NULL) | ||
444 | - return 0; | ||
445 | - | ||
446 | - if (pub_key != NULL) { | ||
447 | - BN_free(d->pub_key); | ||
448 | - d->pub_key = pub_key; | ||
449 | - } | ||
450 | - if (priv_key != NULL) { | ||
451 | - BN_free(d->priv_key); | ||
452 | - d->priv_key = priv_key; | ||
453 | - } | ||
454 | - | ||
455 | - return 1; | ||
456 | -} | ||
457 | -#endif /* HAVE_DSA_SET0_KEY */ | ||
458 | - | ||
459 | -#ifndef HAVE_RSA_GET0_KEY | ||
460 | -void | ||
461 | -RSA_get0_key(const RSA *r, const BIGNUM **n, const BIGNUM **e, const BIGNUM **d) | ||
462 | -{ | ||
463 | - if (n != NULL) | ||
464 | - *n = r->n; | ||
465 | - if (e != NULL) | ||
466 | - *e = r->e; | ||
467 | - if (d != NULL) | ||
468 | - *d = r->d; | ||
469 | -} | ||
470 | -#endif /* HAVE_RSA_GET0_KEY */ | ||
471 | - | ||
472 | -#ifndef HAVE_RSA_SET0_KEY | ||
473 | -int | ||
474 | -RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d) | ||
475 | -{ | ||
476 | - if ((r->n == NULL && n == NULL) || (r->e == NULL && e == NULL)) | ||
477 | - return 0; | ||
478 | - | ||
479 | - if (n != NULL) { | ||
480 | - BN_free(r->n); | ||
481 | - r->n = n; | ||
482 | - } | ||
483 | - if (e != NULL) { | ||
484 | - BN_free(r->e); | ||
485 | - r->e = e; | ||
486 | - } | ||
487 | - if (d != NULL) { | ||
488 | - BN_free(r->d); | ||
489 | - r->d = d; | ||
490 | - } | ||
491 | - | ||
492 | - return 1; | ||
493 | -} | ||
494 | -#endif /* HAVE_RSA_SET0_KEY */ | ||
495 | - | ||
496 | -#ifndef HAVE_RSA_GET0_CRT_PARAMS | ||
497 | -void | ||
498 | -RSA_get0_crt_params(const RSA *r, const BIGNUM **dmp1, const BIGNUM **dmq1, | ||
499 | - const BIGNUM **iqmp) | ||
500 | -{ | ||
501 | - if (dmp1 != NULL) | ||
502 | - *dmp1 = r->dmp1; | ||
503 | - if (dmq1 != NULL) | ||
504 | - *dmq1 = r->dmq1; | ||
505 | - if (iqmp != NULL) | ||
506 | - *iqmp = r->iqmp; | ||
507 | -} | ||
508 | -#endif /* HAVE_RSA_GET0_CRT_PARAMS */ | ||
509 | - | ||
510 | -#ifndef HAVE_RSA_SET0_CRT_PARAMS | ||
511 | -int | ||
512 | -RSA_set0_crt_params(RSA *r, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp) | ||
513 | -{ | ||
514 | - if ((r->dmp1 == NULL && dmp1 == NULL) || | ||
515 | - (r->dmq1 == NULL && dmq1 == NULL) || | ||
516 | - (r->iqmp == NULL && iqmp == NULL)) | ||
517 | - return 0; | ||
518 | - | ||
519 | - if (dmp1 != NULL) { | ||
520 | - BN_free(r->dmp1); | ||
521 | - r->dmp1 = dmp1; | ||
522 | - } | ||
523 | - if (dmq1 != NULL) { | ||
524 | - BN_free(r->dmq1); | ||
525 | - r->dmq1 = dmq1; | ||
526 | - } | ||
527 | - if (iqmp != NULL) { | ||
528 | - BN_free(r->iqmp); | ||
529 | - r->iqmp = iqmp; | ||
530 | - } | ||
531 | - | ||
532 | - return 1; | ||
533 | -} | ||
534 | -#endif /* HAVE_RSA_SET0_CRT_PARAMS */ | ||
535 | - | ||
536 | -#ifndef HAVE_RSA_GET0_FACTORS | ||
537 | -void | ||
538 | -RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q) | ||
539 | -{ | ||
540 | - if (p != NULL) | ||
541 | - *p = r->p; | ||
542 | - if (q != NULL) | ||
543 | - *q = r->q; | ||
544 | -} | ||
545 | -#endif /* HAVE_RSA_GET0_FACTORS */ | ||
546 | - | ||
547 | -#ifndef HAVE_RSA_SET0_FACTORS | ||
548 | -int | ||
549 | -RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q) | ||
550 | -{ | ||
551 | - if ((r->p == NULL && p == NULL) || (r->q == NULL && q == NULL)) | ||
552 | - return 0; | ||
553 | - | ||
554 | - if (p != NULL) { | ||
555 | - BN_free(r->p); | ||
556 | - r->p = p; | ||
557 | - } | ||
558 | - if (q != NULL) { | ||
559 | - BN_free(r->q); | ||
560 | - r->q = q; | ||
561 | - } | ||
562 | - | ||
563 | - return 1; | ||
564 | -} | ||
565 | -#endif /* HAVE_RSA_SET0_FACTORS */ | ||
566 | |||
567 | #ifndef HAVE_EVP_CIPHER_CTX_GET_IV | ||
568 | int | ||
569 | @@ -392,249 +83,4 @@ EVP_CIPHER_CTX_set_iv(EVP_CIPHER_CTX *ctx, const unsigned char *iv, size_t len) | ||
570 | } | ||
571 | #endif /* HAVE_EVP_CIPHER_CTX_SET_IV */ | ||
572 | |||
573 | -#ifndef HAVE_DSA_SIG_GET0 | ||
574 | -void | ||
575 | -DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps) | ||
576 | -{ | ||
577 | - if (pr != NULL) | ||
578 | - *pr = sig->r; | ||
579 | - if (ps != NULL) | ||
580 | - *ps = sig->s; | ||
581 | -} | ||
582 | -#endif /* HAVE_DSA_SIG_GET0 */ | ||
583 | - | ||
584 | -#ifndef HAVE_DSA_SIG_SET0 | ||
585 | -int | ||
586 | -DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s) | ||
587 | -{ | ||
588 | - if (r == NULL || s == NULL) | ||
589 | - return 0; | ||
590 | - | ||
591 | - BN_clear_free(sig->r); | ||
592 | - sig->r = r; | ||
593 | - BN_clear_free(sig->s); | ||
594 | - sig->s = s; | ||
595 | - | ||
596 | - return 1; | ||
597 | -} | ||
598 | -#endif /* HAVE_DSA_SIG_SET0 */ | ||
599 | - | ||
600 | -#ifdef OPENSSL_HAS_ECC | ||
601 | -#ifndef HAVE_ECDSA_SIG_GET0 | ||
602 | -void | ||
603 | -ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps) | ||
604 | -{ | ||
605 | - if (pr != NULL) | ||
606 | - *pr = sig->r; | ||
607 | - if (ps != NULL) | ||
608 | - *ps = sig->s; | ||
609 | -} | ||
610 | -#endif /* HAVE_ECDSA_SIG_GET0 */ | ||
611 | - | ||
612 | -#ifndef HAVE_ECDSA_SIG_SET0 | ||
613 | -int | ||
614 | -ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s) | ||
615 | -{ | ||
616 | - if (r == NULL || s == NULL) | ||
617 | - return 0; | ||
618 | - | ||
619 | - BN_clear_free(sig->r); | ||
620 | - BN_clear_free(sig->s); | ||
621 | - sig->r = r; | ||
622 | - sig->s = s; | ||
623 | - return 1; | ||
624 | -} | ||
625 | -#endif /* HAVE_ECDSA_SIG_SET0 */ | ||
626 | -#endif /* OPENSSL_HAS_ECC */ | ||
627 | - | ||
628 | -#ifndef HAVE_DH_GET0_PQG | ||
629 | -void | ||
630 | -DH_get0_pqg(const DH *dh, const BIGNUM **p, const BIGNUM **q, const BIGNUM **g) | ||
631 | -{ | ||
632 | - if (p != NULL) | ||
633 | - *p = dh->p; | ||
634 | - if (q != NULL) | ||
635 | - *q = dh->q; | ||
636 | - if (g != NULL) | ||
637 | - *g = dh->g; | ||
638 | -} | ||
639 | -#endif /* HAVE_DH_GET0_PQG */ | ||
640 | - | ||
641 | -#ifndef HAVE_DH_SET0_PQG | ||
642 | -int | ||
643 | -DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g) | ||
644 | -{ | ||
645 | - if ((dh->p == NULL && p == NULL) || (dh->g == NULL && g == NULL)) | ||
646 | - return 0; | ||
647 | - | ||
648 | - if (p != NULL) { | ||
649 | - BN_free(dh->p); | ||
650 | - dh->p = p; | ||
651 | - } | ||
652 | - if (q != NULL) { | ||
653 | - BN_free(dh->q); | ||
654 | - dh->q = q; | ||
655 | - } | ||
656 | - if (g != NULL) { | ||
657 | - BN_free(dh->g); | ||
658 | - dh->g = g; | ||
659 | - } | ||
660 | - | ||
661 | - return 1; | ||
662 | -} | ||
663 | -#endif /* HAVE_DH_SET0_PQG */ | ||
664 | - | ||
665 | -#ifndef HAVE_DH_GET0_KEY | ||
666 | -void | ||
667 | -DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key) | ||
668 | -{ | ||
669 | - if (pub_key != NULL) | ||
670 | - *pub_key = dh->pub_key; | ||
671 | - if (priv_key != NULL) | ||
672 | - *priv_key = dh->priv_key; | ||
673 | -} | ||
674 | -#endif /* HAVE_DH_GET0_KEY */ | ||
675 | - | ||
676 | -#ifndef HAVE_DH_SET0_KEY | ||
677 | -int | ||
678 | -DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key) | ||
679 | -{ | ||
680 | - if (pub_key != NULL) { | ||
681 | - BN_free(dh->pub_key); | ||
682 | - dh->pub_key = pub_key; | ||
683 | - } | ||
684 | - if (priv_key != NULL) { | ||
685 | - BN_free(dh->priv_key); | ||
686 | - dh->priv_key = priv_key; | ||
687 | - } | ||
688 | - | ||
689 | - return 1; | ||
690 | -} | ||
691 | -#endif /* HAVE_DH_SET0_KEY */ | ||
692 | - | ||
693 | -#ifndef HAVE_DH_SET_LENGTH | ||
694 | -int | ||
695 | -DH_set_length(DH *dh, long length) | ||
696 | -{ | ||
697 | - if (length < 0 || length > INT_MAX) | ||
698 | - return 0; | ||
699 | - | ||
700 | - dh->length = length; | ||
701 | - return 1; | ||
702 | -} | ||
703 | -#endif /* HAVE_DH_SET_LENGTH */ | ||
704 | - | ||
705 | -#ifndef HAVE_RSA_METH_FREE | ||
706 | -void | ||
707 | -RSA_meth_free(RSA_METHOD *meth) | ||
708 | -{ | ||
709 | - if (meth != NULL) { | ||
710 | - free((char *)meth->name); | ||
711 | - free(meth); | ||
712 | - } | ||
713 | -} | ||
714 | -#endif /* HAVE_RSA_METH_FREE */ | ||
715 | - | ||
716 | -#ifndef HAVE_RSA_METH_DUP | ||
717 | -RSA_METHOD * | ||
718 | -RSA_meth_dup(const RSA_METHOD *meth) | ||
719 | -{ | ||
720 | - RSA_METHOD *copy; | ||
721 | - | ||
722 | - if ((copy = calloc(1, sizeof(*copy))) == NULL) | ||
723 | - return NULL; | ||
724 | - memcpy(copy, meth, sizeof(*copy)); | ||
725 | - if ((copy->name = strdup(meth->name)) == NULL) { | ||
726 | - free(copy); | ||
727 | - return NULL; | ||
728 | - } | ||
729 | - | ||
730 | - return copy; | ||
731 | -} | ||
732 | -#endif /* HAVE_RSA_METH_DUP */ | ||
733 | - | ||
734 | -#ifndef HAVE_RSA_METH_SET1_NAME | ||
735 | -int | ||
736 | -RSA_meth_set1_name(RSA_METHOD *meth, const char *name) | ||
737 | -{ | ||
738 | - char *copy; | ||
739 | - | ||
740 | - if ((copy = strdup(name)) == NULL) | ||
741 | - return 0; | ||
742 | - free((char *)meth->name); | ||
743 | - meth->name = copy; | ||
744 | - return 1; | ||
745 | -} | ||
746 | -#endif /* HAVE_RSA_METH_SET1_NAME */ | ||
747 | - | ||
748 | -#ifndef HAVE_RSA_METH_GET_FINISH | ||
749 | -int | ||
750 | -(*RSA_meth_get_finish(const RSA_METHOD *meth))(RSA *rsa) | ||
751 | -{ | ||
752 | - return meth->finish; | ||
753 | -} | ||
754 | -#endif /* HAVE_RSA_METH_GET_FINISH */ | ||
755 | - | ||
756 | -#ifndef HAVE_RSA_METH_SET_PRIV_ENC | ||
757 | -int | ||
758 | -RSA_meth_set_priv_enc(RSA_METHOD *meth, int (*priv_enc)(int flen, | ||
759 | - const unsigned char *from, unsigned char *to, RSA *rsa, int padding)) | ||
760 | -{ | ||
761 | - meth->rsa_priv_enc = priv_enc; | ||
762 | - return 1; | ||
763 | -} | ||
764 | -#endif /* HAVE_RSA_METH_SET_PRIV_ENC */ | ||
765 | - | ||
766 | -#ifndef HAVE_RSA_METH_SET_PRIV_DEC | ||
767 | -int | ||
768 | -RSA_meth_set_priv_dec(RSA_METHOD *meth, int (*priv_dec)(int flen, | ||
769 | - const unsigned char *from, unsigned char *to, RSA *rsa, int padding)) | ||
770 | -{ | ||
771 | - meth->rsa_priv_dec = priv_dec; | ||
772 | - return 1; | ||
773 | -} | ||
774 | -#endif /* HAVE_RSA_METH_SET_PRIV_DEC */ | ||
775 | - | ||
776 | -#ifndef HAVE_RSA_METH_SET_FINISH | ||
777 | -int | ||
778 | -RSA_meth_set_finish(RSA_METHOD *meth, int (*finish)(RSA *rsa)) | ||
779 | -{ | ||
780 | - meth->finish = finish; | ||
781 | - return 1; | ||
782 | -} | ||
783 | -#endif /* HAVE_RSA_METH_SET_FINISH */ | ||
784 | - | ||
785 | -#ifndef HAVE_EVP_PKEY_GET0_RSA | ||
786 | -RSA * | ||
787 | -EVP_PKEY_get0_RSA(EVP_PKEY *pkey) | ||
788 | -{ | ||
789 | - if (pkey->type != EVP_PKEY_RSA) { | ||
790 | - /* EVPerror(EVP_R_EXPECTING_AN_RSA_KEY); */ | ||
791 | - return NULL; | ||
792 | - } | ||
793 | - return pkey->pkey.rsa; | ||
794 | -} | ||
795 | -#endif /* HAVE_EVP_PKEY_GET0_RSA */ | ||
796 | - | ||
797 | -#ifndef HAVE_EVP_MD_CTX_NEW | ||
798 | -EVP_MD_CTX * | ||
799 | -EVP_MD_CTX_new(void) | ||
800 | -{ | ||
801 | - return calloc(1, sizeof(EVP_MD_CTX)); | ||
802 | -} | ||
803 | -#endif /* HAVE_EVP_MD_CTX_NEW */ | ||
804 | - | ||
805 | -#ifndef HAVE_EVP_MD_CTX_FREE | ||
806 | -void | ||
807 | -EVP_MD_CTX_free(EVP_MD_CTX *ctx) | ||
808 | -{ | ||
809 | - if (ctx == NULL) | ||
810 | - return; | ||
811 | - | ||
812 | - EVP_MD_CTX_cleanup(ctx); | ||
813 | - | ||
814 | - free(ctx); | ||
815 | -} | ||
816 | -#endif /* HAVE_EVP_MD_CTX_FREE */ | ||
817 | - | ||
818 | #endif /* WITH_OPENSSL */ | ||
819 | diff --git a/openbsd-compat/openssl-compat.h b/openbsd-compat/openssl-compat.h | ||
820 | index 61a69dd56eb..d0dd2c3450d 100644 | ||
821 | --- a/openbsd-compat/openssl-compat.h | ||
822 | +++ b/openbsd-compat/openssl-compat.h | ||
823 | @@ -33,26 +33,13 @@ | ||
824 | int ssh_compatible_openssl(long, long); | ||
825 | void ssh_libcrypto_init(void); | ||
826 | |||
827 | -#if (OPENSSL_VERSION_NUMBER < 0x1000100fL) | ||
828 | -# error OpenSSL 1.0.1 or greater is required | ||
829 | +#if (OPENSSL_VERSION_NUMBER < 0x10100000L) | ||
830 | +# error OpenSSL 1.1.0 or greater is required | ||
831 | #endif | ||
832 | - | ||
833 | -#ifndef OPENSSL_VERSION | ||
834 | -# define OPENSSL_VERSION SSLEAY_VERSION | ||
835 | -#endif | ||
836 | - | ||
837 | -#ifndef HAVE_OPENSSL_VERSION | ||
838 | -# define OpenSSL_version(x) SSLeay_version(x) | ||
839 | -#endif | ||
840 | - | ||
841 | -#ifndef HAVE_OPENSSL_VERSION_NUM | ||
842 | -# define OpenSSL_version_num SSLeay | ||
843 | -#endif | ||
844 | - | ||
845 | -#if OPENSSL_VERSION_NUMBER < 0x10000001L | ||
846 | -# define LIBCRYPTO_EVP_INL_TYPE unsigned int | ||
847 | -#else | ||
848 | -# define LIBCRYPTO_EVP_INL_TYPE size_t | ||
849 | +#ifdef LIBRESSL_VERSION_NUMBER | ||
850 | +# if LIBRESSL_VERSION_NUMBER < 0x3010000fL | ||
851 | +# error LibreSSL 3.1.0 or greater is required | ||
852 | +# endif | ||
853 | #endif | ||
854 | |||
855 | #ifndef OPENSSL_RSA_MAX_MODULUS_BITS | ||
856 | @@ -68,25 +55,6 @@ void ssh_libcrypto_init(void); | ||
857 | # endif | ||
858 | #endif | ||
859 | |||
860 | -/* LibreSSL/OpenSSL 1.1x API compat */ | ||
861 | -#ifndef HAVE_DSA_GET0_PQG | ||
862 | -void DSA_get0_pqg(const DSA *d, const BIGNUM **p, const BIGNUM **q, | ||
863 | - const BIGNUM **g); | ||
864 | -#endif /* HAVE_DSA_GET0_PQG */ | ||
865 | - | ||
866 | -#ifndef HAVE_DSA_SET0_PQG | ||
867 | -int DSA_set0_pqg(DSA *d, BIGNUM *p, BIGNUM *q, BIGNUM *g); | ||
868 | -#endif /* HAVE_DSA_SET0_PQG */ | ||
869 | - | ||
870 | -#ifndef HAVE_DSA_GET0_KEY | ||
871 | -void DSA_get0_key(const DSA *d, const BIGNUM **pub_key, | ||
872 | - const BIGNUM **priv_key); | ||
873 | -#endif /* HAVE_DSA_GET0_KEY */ | ||
874 | - | ||
875 | -#ifndef HAVE_DSA_SET0_KEY | ||
876 | -int DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key); | ||
877 | -#endif /* HAVE_DSA_SET0_KEY */ | ||
878 | - | ||
879 | #ifndef HAVE_EVP_CIPHER_CTX_GET_IV | ||
880 | # ifdef HAVE_EVP_CIPHER_CTX_GET_UPDATED_IV | ||
881 | # define EVP_CIPHER_CTX_get_iv EVP_CIPHER_CTX_get_updated_iv | ||
882 | @@ -101,112 +69,5 @@ int EVP_CIPHER_CTX_set_iv(EVP_CIPHER_CTX *ctx, | ||
883 | const unsigned char *iv, size_t len); | ||
884 | #endif /* HAVE_EVP_CIPHER_CTX_SET_IV */ | ||
885 | |||
886 | -#ifndef HAVE_RSA_GET0_KEY | ||
887 | -void RSA_get0_key(const RSA *r, const BIGNUM **n, const BIGNUM **e, | ||
888 | - const BIGNUM **d); | ||
889 | -#endif /* HAVE_RSA_GET0_KEY */ | ||
890 | - | ||
891 | -#ifndef HAVE_RSA_SET0_KEY | ||
892 | -int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d); | ||
893 | -#endif /* HAVE_RSA_SET0_KEY */ | ||
894 | - | ||
895 | -#ifndef HAVE_RSA_GET0_CRT_PARAMS | ||
896 | -void RSA_get0_crt_params(const RSA *r, const BIGNUM **dmp1, const BIGNUM **dmq1, | ||
897 | - const BIGNUM **iqmp); | ||
898 | -#endif /* HAVE_RSA_GET0_CRT_PARAMS */ | ||
899 | - | ||
900 | -#ifndef HAVE_RSA_SET0_CRT_PARAMS | ||
901 | -int RSA_set0_crt_params(RSA *r, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp); | ||
902 | -#endif /* HAVE_RSA_SET0_CRT_PARAMS */ | ||
903 | - | ||
904 | -#ifndef HAVE_RSA_GET0_FACTORS | ||
905 | -void RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q); | ||
906 | -#endif /* HAVE_RSA_GET0_FACTORS */ | ||
907 | - | ||
908 | -#ifndef HAVE_RSA_SET0_FACTORS | ||
909 | -int RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q); | ||
910 | -#endif /* HAVE_RSA_SET0_FACTORS */ | ||
911 | - | ||
912 | -#ifndef DSA_SIG_GET0 | ||
913 | -void DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps); | ||
914 | -#endif /* DSA_SIG_GET0 */ | ||
915 | - | ||
916 | -#ifndef DSA_SIG_SET0 | ||
917 | -int DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s); | ||
918 | -#endif /* DSA_SIG_SET0 */ | ||
919 | - | ||
920 | -#ifdef OPENSSL_HAS_ECC | ||
921 | -#ifndef HAVE_ECDSA_SIG_GET0 | ||
922 | -void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps); | ||
923 | -#endif /* HAVE_ECDSA_SIG_GET0 */ | ||
924 | - | ||
925 | -#ifndef HAVE_ECDSA_SIG_SET0 | ||
926 | -int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s); | ||
927 | -#endif /* HAVE_ECDSA_SIG_SET0 */ | ||
928 | -#endif /* OPENSSL_HAS_ECC */ | ||
929 | - | ||
930 | -#ifndef HAVE_DH_GET0_PQG | ||
931 | -void DH_get0_pqg(const DH *dh, const BIGNUM **p, const BIGNUM **q, | ||
932 | - const BIGNUM **g); | ||
933 | -#endif /* HAVE_DH_GET0_PQG */ | ||
934 | - | ||
935 | -#ifndef HAVE_DH_SET0_PQG | ||
936 | -int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g); | ||
937 | -#endif /* HAVE_DH_SET0_PQG */ | ||
938 | - | ||
939 | -#ifndef HAVE_DH_GET0_KEY | ||
940 | -void DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key); | ||
941 | -#endif /* HAVE_DH_GET0_KEY */ | ||
942 | - | ||
943 | -#ifndef HAVE_DH_SET0_KEY | ||
944 | -int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key); | ||
945 | -#endif /* HAVE_DH_SET0_KEY */ | ||
946 | - | ||
947 | -#ifndef HAVE_DH_SET_LENGTH | ||
948 | -int DH_set_length(DH *dh, long length); | ||
949 | -#endif /* HAVE_DH_SET_LENGTH */ | ||
950 | - | ||
951 | -#ifndef HAVE_RSA_METH_FREE | ||
952 | -void RSA_meth_free(RSA_METHOD *meth); | ||
953 | -#endif /* HAVE_RSA_METH_FREE */ | ||
954 | - | ||
955 | -#ifndef HAVE_RSA_METH_DUP | ||
956 | -RSA_METHOD *RSA_meth_dup(const RSA_METHOD *meth); | ||
957 | -#endif /* HAVE_RSA_METH_DUP */ | ||
958 | - | ||
959 | -#ifndef HAVE_RSA_METH_SET1_NAME | ||
960 | -int RSA_meth_set1_name(RSA_METHOD *meth, const char *name); | ||
961 | -#endif /* HAVE_RSA_METH_SET1_NAME */ | ||
962 | - | ||
963 | -#ifndef HAVE_RSA_METH_GET_FINISH | ||
964 | -int (*RSA_meth_get_finish(const RSA_METHOD *meth))(RSA *rsa); | ||
965 | -#endif /* HAVE_RSA_METH_GET_FINISH */ | ||
966 | - | ||
967 | -#ifndef HAVE_RSA_METH_SET_PRIV_ENC | ||
968 | -int RSA_meth_set_priv_enc(RSA_METHOD *meth, int (*priv_enc)(int flen, | ||
969 | - const unsigned char *from, unsigned char *to, RSA *rsa, int padding)); | ||
970 | -#endif /* HAVE_RSA_METH_SET_PRIV_ENC */ | ||
971 | - | ||
972 | -#ifndef HAVE_RSA_METH_SET_PRIV_DEC | ||
973 | -int RSA_meth_set_priv_dec(RSA_METHOD *meth, int (*priv_dec)(int flen, | ||
974 | - const unsigned char *from, unsigned char *to, RSA *rsa, int padding)); | ||
975 | -#endif /* HAVE_RSA_METH_SET_PRIV_DEC */ | ||
976 | - | ||
977 | -#ifndef HAVE_RSA_METH_SET_FINISH | ||
978 | -int RSA_meth_set_finish(RSA_METHOD *meth, int (*finish)(RSA *rsa)); | ||
979 | -#endif /* HAVE_RSA_METH_SET_FINISH */ | ||
980 | - | ||
981 | -#ifndef HAVE_EVP_PKEY_GET0_RSA | ||
982 | -RSA *EVP_PKEY_get0_RSA(EVP_PKEY *pkey); | ||
983 | -#endif /* HAVE_EVP_PKEY_GET0_RSA */ | ||
984 | - | ||
985 | -#ifndef HAVE_EVP_MD_CTX_new | ||
986 | -EVP_MD_CTX *EVP_MD_CTX_new(void); | ||
987 | -#endif /* HAVE_EVP_MD_CTX_new */ | ||
988 | - | ||
989 | -#ifndef HAVE_EVP_MD_CTX_free | ||
990 | -void EVP_MD_CTX_free(EVP_MD_CTX *ctx); | ||
991 | -#endif /* HAVE_EVP_MD_CTX_free */ | ||
992 | - | ||
993 | #endif /* WITH_OPENSSL */ | ||
994 | #endif /* _OPENSSL_COMPAT_H */ | ||
diff --git a/meta/recipes-connectivity/openssh/openssh_9.3p2.bb b/meta/recipes-connectivity/openssh/openssh_9.4p1.bb index 5fb2dccdfc..3f232a839d 100644 --- a/meta/recipes-connectivity/openssh/openssh_9.3p2.bb +++ b/meta/recipes-connectivity/openssh/openssh_9.4p1.bb | |||
@@ -24,9 +24,8 @@ SRC_URI = "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar | |||
24 | file://fix-potential-signed-overflow-in-pointer-arithmatic.patch \ | 24 | file://fix-potential-signed-overflow-in-pointer-arithmatic.patch \ |
25 | file://sshd_check_keys \ | 25 | file://sshd_check_keys \ |
26 | file://add-test-support-for-busybox.patch \ | 26 | file://add-test-support-for-busybox.patch \ |
27 | file://7280401bdd77ca54be6867a154cc01e0d72612e0.patch \ | ||
28 | " | 27 | " |
29 | SRC_URI[sha256sum] = "200ebe147f6cb3f101fd0cdf9e02442af7ddca298dffd9f456878e7ccac676e8" | 28 | SRC_URI[sha256sum] = "3608fd9088db2163ceb3e600c85ab79d0de3d221e59192ea1923e23263866a85" |
30 | 29 | ||
31 | CVE_STATUS[CVE-2007-2768] = "not-applicable-config: This CVE is specific to OpenSSH with the pam opie which we don't build/use here." | 30 | CVE_STATUS[CVE-2007-2768] = "not-applicable-config: This CVE is specific to OpenSSH with the pam opie which we don't build/use here." |
32 | 31 | ||