From d23a91ffb289d3553a58b7a60cec39fba9f0f506 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Fri, 17 Jan 2014 17:32:30 +1100 Subject: [PATCH] - (dtucker) [configure.ac digest.c openbsd-compat/openssl-compat.c openbsd-compat/openssl-compat.h] Add compatibility layer for older openssl versions. ok djm@ --- ChangeLog | 3 +++ configure.ac | 8 ++++++-- digest.c | 2 ++ openbsd-compat/openssl-compat.c | 30 +++++++++++++++++++++++++++++- openbsd-compat/openssl-compat.h | 18 +++++++++++++++++- 5 files changed, 57 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index 1bf7e0dca..be044b947 100644 --- a/ChangeLog +++ b/ChangeLog @@ -28,6 +28,9 @@ [sandbox-systrace.c ssh-sandbox.h sshd.c] Support preauth sandboxing using the Capsicum API introduced in FreeBSD 10. Patch by Dag-Erling Smorgrav, updated by Loganaden Velvindron @ AfriNIC; ok dtucker@ + - (dtucker) [configure.ac digest.c openbsd-compat/openssl-compat.c + openbsd-compat/openssl-compat.h] Add compatibility layer for older + openssl versions. ok djm@ 20140118 - (djm) OpenBSD CVS Sync diff --git a/configure.ac b/configure.ac index f14e177fc..2ac3afa38 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.550 2014/01/17 05:47:04 djm Exp $ +# $Id: configure.ac,v 1.551 2014/01/17 06:32:30 dtucker Exp $ # # Copyright (c) 1999-2004 Damien Miller # @@ -15,7 +15,7 @@ # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. AC_INIT([OpenSSH], [Portable], [openssh-unix-dev@mindrot.org]) -AC_REVISION($Revision: 1.550 $) +AC_REVISION($Revision: 1.551 $) AC_CONFIG_SRCDIR([ssh.c]) AC_LANG([C]) @@ -2357,6 +2357,10 @@ AC_LINK_IFELSE( AC_CHECK_FUNCS([ \ BN_is_prime_ex \ DSA_generate_parameters_ex \ + EVP_DigestInit_ex \ + EVP_DigestFinal_ex \ + EVP_MD_CTX_init \ + EVP_MD_CTX_cleanup \ HMAC_CTX_init \ RSA_generate_key_ex \ RSA_get_default_method \ diff --git a/digest.c b/digest.c index 7d7f73579..d6004e7de 100644 --- a/digest.c +++ b/digest.c @@ -24,6 +24,8 @@ #include +#include "openbsd-compat/openssl-compat.h" + #include "buffer.h" #include "digest.h" diff --git a/openbsd-compat/openssl-compat.c b/openbsd-compat/openssl-compat.c index 5189cab61..52c7183f1 100644 --- a/openbsd-compat/openssl-compat.c +++ b/openbsd-compat/openssl-compat.c @@ -1,4 +1,4 @@ -/* $Id: openssl-compat.c,v 1.14 2011/05/10 01:13:38 dtucker Exp $ */ +/* $Id: openssl-compat.c,v 1.15 2014/01/17 06:32:31 dtucker Exp $ */ /* * Copyright (c) 2005 Darren Tucker @@ -59,6 +59,34 @@ ssh_EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *evp) } #endif +#ifndef HAVE_EVP_DIGESTINIT_EX +int +EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *md, void *engine) +{ + if (engine != NULL) + fatal("%s: ENGINE is not supported", __func__); +# ifdef OPENSSL_EVP_DIGESTUPDATE_VOID + EVP_DigestInit(ctx, md); + return 1; +# else + return EVP_DigestInit(ctx, md); +# endif +} +#endif + +#ifndef HAVE_EVP_DISESTFINAL_EX +int +EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *s) +{ +# ifdef OPENSSL_EVP_DIGESTUPDATE_VOID + EVP_DigestFinal(ctx, md, s); + return 1; +# else + return EVP_DigestFinal(ctx, md, s); +# endif +} +#endif + #ifdef OPENSSL_EVP_DIGESTUPDATE_VOID int ssh_EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt) diff --git a/openbsd-compat/openssl-compat.h b/openbsd-compat/openssl-compat.h index e7439b4e7..021ea98f5 100644 --- a/openbsd-compat/openssl-compat.h +++ b/openbsd-compat/openssl-compat.h @@ -1,4 +1,4 @@ -/* $Id: openssl-compat.h,v 1.24 2013/02/12 00:00:40 djm Exp $ */ +/* $Id: openssl-compat.h,v 1.25 2014/01/17 06:32:31 dtucker Exp $ */ /* * Copyright (c) 2005 Darren Tucker @@ -148,6 +148,14 @@ int DSA_generate_parameters_ex(DSA *, int, const unsigned char *, int, int *, int RSA_generate_key_ex(RSA *, int, BIGNUM *, void *); # endif +# ifndef HAVE_EVP_DIGESTINIT_EX +int EVP_DigestInit_ex(EVP_MD_CTX *, const EVP_MD *, void *); +# endif + +# ifndef HAVE_EVP_DISESTFINAL_EX +int EVP_DigestFinal_ex(EVP_MD_CTX *, unsigned char *, unsigned int *); +# endif + int ssh_EVP_CipherInit(EVP_CIPHER_CTX *, const EVP_CIPHER *, unsigned char *, unsigned char *, int); int ssh_EVP_Cipher(EVP_CIPHER_CTX *, char *, char *, int); @@ -158,5 +166,13 @@ void ssh_OpenSSL_add_all_algorithms(void); # define HMAC_CTX_init(a) # endif +# ifndef HAVE_EVP_MD_CTX_INIT +# define EVP_MD_CTX_init(a) +# endif + +# ifndef HAVE_EVP_MD_CTX_CLEANUP +# define EVP_MD_CTX_cleanup(a) +# endif + #endif /* SSH_DONT_OVERLOAD_OPENSSL_FUNCS */