- (dtucker) [configure.ac moduli.c openbsd-compat/openssl-compat.{c,h}] Add
shims for the new, non-deprecated OpenSSL key generation functions for platforms that don't have the new interfaces.
This commit is contained in:
Darren Tucker
parent
d89745b9e7
commit
ebdef76b5d
|
|
@ -1,6 +1,9 @@
|
|||
20101204
|
||||
- (djm) [openbsd-compat/bindresvport.c] Use arc4random_uniform(range)
|
||||
instead of (arc4random() % range)
|
||||
- (dtucker) [configure.ac moduli.c openbsd-compat/openssl-compat.{c,h}] Add
|
||||
shims for the new, non-deprecated OpenSSL key generation functions for
|
||||
platforms that don't have the new interfaces.
|
||||
|
||||
20101201
|
||||
- OpenBSD CVS Sync
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
# $Id: configure.ac,v 1.458 2010/11/08 22:26:23 tim Exp $
|
||||
# $Id: configure.ac,v 1.459 2010/12/04 12:20:50 dtucker Exp $
|
||||
#
|
||||
# Copyright (c) 1999-2004 Damien Miller
|
||||
#
|
||||
|
|
@ -15,7 +15,7 @@
|
|||
# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
||||
|
||||
AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org)
|
||||
AC_REVISION($Revision: 1.458 $)
|
||||
AC_REVISION($Revision: 1.459 $)
|
||||
AC_CONFIG_SRCDIR([ssh.c])
|
||||
|
||||
AC_CONFIG_HEADER(config.h)
|
||||
|
|
@ -2136,6 +2136,8 @@ int main(void) { SSLeay_add_all_algorithms(); }
|
|||
]
|
||||
)
|
||||
|
||||
AC_CHECK_FUNCS(RSA_generate_key_ex DSA_generate_parameters_ex BN_is_prime_ex)
|
||||
|
||||
AC_ARG_WITH(ssl-engine,
|
||||
[ --with-ssl-engine Enable OpenSSL (hardware) ENGINE support ],
|
||||
[ if test "x$withval" != "xno" ; then
|
||||
|
|
|
|||
2
moduli.c
2
moduli.c
|
|
@ -54,6 +54,8 @@
|
|||
#include "dh.h"
|
||||
#include "log.h"
|
||||
|
||||
#include "openbsd-compat/openssl-compat.h"
|
||||
|
||||
/*
|
||||
* File output defines
|
||||
*/
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
/* $Id: openssl-compat.c,v 1.10 2010/11/22 06:59:00 dtucker Exp $ */
|
||||
/* $Id: openssl-compat.c,v 1.11 2010/12/04 12:20:50 dtucker Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 2005 Darren Tucker <dtucker@zip.com.au>
|
||||
|
|
@ -18,11 +18,16 @@
|
|||
|
||||
#include "includes.h"
|
||||
|
||||
#include <stdarg.h>
|
||||
#include <string.h>
|
||||
|
||||
#ifdef USE_OPENSSL_ENGINE
|
||||
# include <openssl/engine.h>
|
||||
# include <openssl/conf.h>
|
||||
#endif
|
||||
|
||||
#include "log.h"
|
||||
|
||||
#define SSH_DONT_OVERLOAD_OPENSSL_FUNCS
|
||||
#include "openssl-compat.h"
|
||||
|
||||
|
|
@ -59,6 +64,63 @@ ssh_EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt)
|
|||
}
|
||||
#endif
|
||||
|
||||
#ifndef HAVE_BN_IS_PRIME_EX
|
||||
int
|
||||
BN_is_prime_ex(const BIGNUM *p, int nchecks, BN_CTX *ctx, void *cb)
|
||||
{
|
||||
if (cb != NULL)
|
||||
fatal("%s: callback args not supported", __func__);
|
||||
return BN_is_prime(p, nchecks, NULL, ctx, NULL);
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifndef HAVE_RSA_GENERATE_KEY_EX
|
||||
int
|
||||
RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *bn_e, void *cb)
|
||||
{
|
||||
RSA *new_rsa, tmp_rsa;
|
||||
unsigned long e;
|
||||
|
||||
sleep(1);
|
||||
if (cb != NULL)
|
||||
fatal("%s: callback args not supported", __func__);
|
||||
e = BN_get_word(bn_e);
|
||||
if (e == 0xffffffffL)
|
||||
fatal("%s: value of e too large", __func__);
|
||||
new_rsa = RSA_generate_key(bits, e, NULL, NULL);
|
||||
if (new_rsa == NULL)
|
||||
return 0;
|
||||
/* swap rsa/new_rsa then free new_rsa */
|
||||
tmp_rsa = *rsa;
|
||||
*rsa = *new_rsa;
|
||||
*new_rsa = tmp_rsa;
|
||||
RSA_free(new_rsa);
|
||||
return 1;
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifndef HAVE_DSA_GENERATE_PARAMETERS_EX
|
||||
int
|
||||
DSA_generate_parameters_ex(DSA *dsa, int bits, const unsigned char *seed,
|
||||
int seed_len, int *counter_ret, unsigned long *h_ret, void *cb)
|
||||
{
|
||||
DSA *new_dsa, tmp_dsa;
|
||||
|
||||
if (cb != NULL)
|
||||
fatal("%s: callback args not supported", __func__);
|
||||
new_dsa = DSA_generate_parameters(bits, (unsigned char *)seed, seed_len,
|
||||
counter_ret, h_ret, NULL, NULL);
|
||||
if (new_dsa == NULL)
|
||||
return 0;
|
||||
/* swap dsa/new_dsa then free new_dsa */
|
||||
tmp_dsa = *dsa;
|
||||
*dsa = *new_dsa;
|
||||
*new_dsa = tmp_dsa;
|
||||
DSA_free(new_dsa);
|
||||
return 1;
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifdef USE_OPENSSL_ENGINE
|
||||
void
|
||||
ssh_SSLeay_add_all_algorithms(void)
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
/* $Id: openssl-compat.h,v 1.16 2010/10/07 11:06:44 djm Exp $ */
|
||||
/* $Id: openssl-compat.h,v 1.17 2010/12/04 12:20:50 dtucker Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 2005 Darren Tucker <dtucker@zip.com.au>
|
||||
|
|
@ -108,6 +108,19 @@ extern const EVP_CIPHER *evp_acss(void);
|
|||
# define SSLeay_add_all_algorithms() ssh_SSLeay_add_all_algorithms()
|
||||
# endif
|
||||
|
||||
# ifndef HAVE_BN_IS_PRIME_EX
|
||||
int BN_is_prime_ex(const BIGNUM *, int, BN_CTX *, void *);
|
||||
# endif
|
||||
|
||||
# ifndef HAVE_DSA_GENERATE_PARAMETERS_EX
|
||||
int DSA_generate_parameters_ex(DSA *, int, const unsigned char *, int, int *,
|
||||
unsigned long *, void *);
|
||||
# endif
|
||||
|
||||
# ifndef HAVE_RSA_GENERATE_KEY_EX
|
||||
int RSA_generate_key_ex(RSA *, int, BIGNUM *, void *);
|
||||
# endif
|
||||
|
||||
int ssh_EVP_CipherInit(EVP_CIPHER_CTX *, const EVP_CIPHER *, unsigned char *,
|
||||
unsigned char *, int);
|
||||
int ssh_EVP_Cipher(EVP_CIPHER_CTX *, char *, char *, int);
|
||||
|
|
|
|||
Loading…
Reference in New Issue