diff options
Diffstat (limited to 'openssl-1.1.0.patch')
-rw-r--r-- | openssl-1.1.0.patch | 683 |
1 files changed, 224 insertions, 459 deletions
diff --git a/openssl-1.1.0.patch b/openssl-1.1.0.patch index 02d1796c631b..f5454ac98aa6 100644 --- a/openssl-1.1.0.patch +++ b/openssl-1.1.0.patch @@ -1,7 +1,7 @@ diff -Naur old/auth-pam.c new/auth-pam.c ---- old/auth-pam.c 2017-03-19 16:39:27.000000000 -1000 -+++ new/auth-pam.c 2017-03-20 11:01:28.792662449 -1000 -@@ -129,6 +129,10 @@ +--- old/auth-pam.c 2017-10-03 21:49:05.363829772 -1000 ++++ new/auth-pam.c 2017-10-03 21:55:50.869718862 -1000 +@@ -128,6 +128,10 @@ typedef pthread_t sp_pthread_t; #else typedef pid_t sp_pthread_t; @@ -12,171 +12,10 @@ diff -Naur old/auth-pam.c new/auth-pam.c #endif struct pam_ctxt { -diff -Naur old/cipher-3des1.c new/cipher-3des1.c ---- old/cipher-3des1.c 2017-03-19 16:39:27.000000000 -1000 -+++ new/cipher-3des1.c 2017-03-20 11:01:25.018828127 -1000 -@@ -44,7 +44,7 @@ - */ - struct ssh1_3des_ctx - { -- EVP_CIPHER_CTX k1, k2, k3; -+ EVP_CIPHER_CTX *k1, *k2, *k3; - }; - - const EVP_CIPHER * evp_ssh1_3des(void); -@@ -65,7 +65,7 @@ - if (key == NULL) - return 1; - if (enc == -1) -- enc = ctx->encrypt; -+ enc = EVP_CIPHER_CTX_encrypting(ctx); - k1 = k2 = k3 = (u_char *) key; - k2 += 8; - if (EVP_CIPHER_CTX_key_length(ctx) >= 16+8) { -@@ -74,12 +74,17 @@ - else - k1 += 16; - } -- EVP_CIPHER_CTX_init(&c->k1); -- EVP_CIPHER_CTX_init(&c->k2); -- EVP_CIPHER_CTX_init(&c->k3); -- if (EVP_CipherInit(&c->k1, EVP_des_cbc(), k1, NULL, enc) == 0 || -- EVP_CipherInit(&c->k2, EVP_des_cbc(), k2, NULL, !enc) == 0 || -- EVP_CipherInit(&c->k3, EVP_des_cbc(), k3, NULL, enc) == 0) { -+ c->k1 = c->k2 = c->k3 = NULL; -+ c->k1 = EVP_CIPHER_CTX_new(); -+ c->k2 = EVP_CIPHER_CTX_new(); -+ c->k3 = EVP_CIPHER_CTX_new(); -+ if (c->k1 == NULL || c->k2 == NULL || c->k3 == NULL || -+ EVP_CipherInit(c->k1, EVP_des_cbc(), k1, NULL, enc) == 0 || -+ EVP_CipherInit(c->k2, EVP_des_cbc(), k2, NULL, !enc) == 0 || -+ EVP_CipherInit(c->k3, EVP_des_cbc(), k3, NULL, enc) == 0) { -+ EVP_CIPHER_CTX_free(c->k1); -+ EVP_CIPHER_CTX_free(c->k2); -+ EVP_CIPHER_CTX_free(c->k3); - explicit_bzero(c, sizeof(*c)); - free(c); - EVP_CIPHER_CTX_set_app_data(ctx, NULL); -@@ -95,9 +100,9 @@ - - if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) == NULL) - return 0; -- if (EVP_Cipher(&c->k1, dest, (u_char *)src, len) == 0 || -- EVP_Cipher(&c->k2, dest, dest, len) == 0 || -- EVP_Cipher(&c->k3, dest, dest, len) == 0) -+ if (EVP_Cipher(c->k1, dest, (u_char *)src, len) == 0 || -+ EVP_Cipher(c->k2, dest, dest, len) == 0 || -+ EVP_Cipher(c->k3, dest, dest, len) == 0) - return 0; - return 1; - } -@@ -108,9 +113,9 @@ - struct ssh1_3des_ctx *c; - - if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) != NULL) { -- EVP_CIPHER_CTX_cleanup(&c->k1); -- EVP_CIPHER_CTX_cleanup(&c->k2); -- EVP_CIPHER_CTX_cleanup(&c->k3); -+ EVP_CIPHER_CTX_free(c->k1); -+ EVP_CIPHER_CTX_free(c->k2); -+ EVP_CIPHER_CTX_free(c->k3); - explicit_bzero(c, sizeof(*c)); - free(c); - EVP_CIPHER_CTX_set_app_data(ctx, NULL); -@@ -128,13 +133,13 @@ - if ((c = EVP_CIPHER_CTX_get_app_data(evp)) == NULL) - return SSH_ERR_INTERNAL_ERROR; - if (doset) { -- memcpy(c->k1.iv, iv, 8); -- memcpy(c->k2.iv, iv + 8, 8); -- memcpy(c->k3.iv, iv + 16, 8); -+ memcpy(EVP_CIPHER_CTX_iv_noconst(c->k1), iv, 8); -+ memcpy(EVP_CIPHER_CTX_iv_noconst(c->k2), iv + 8, 8); -+ memcpy(EVP_CIPHER_CTX_iv_noconst(c->k3), iv + 16, 8); - } else { -- memcpy(iv, c->k1.iv, 8); -- memcpy(iv + 8, c->k2.iv, 8); -- memcpy(iv + 16, c->k3.iv, 8); -+ memcpy(iv, EVP_CIPHER_CTX_iv(c->k1), 8); -+ memcpy(iv + 8, EVP_CIPHER_CTX_iv(c->k2), 8); -+ memcpy(iv + 16, EVP_CIPHER_CTX_iv(c->k3), 8); - } - return 0; - } -@@ -142,6 +147,7 @@ - const EVP_CIPHER * - evp_ssh1_3des(void) - { -+#if OPENSSL_VERSION_NUMBER < 0x10100000UL /*{*/ - static EVP_CIPHER ssh1_3des; - - memset(&ssh1_3des, 0, sizeof(ssh1_3des)); -@@ -154,5 +160,15 @@ - ssh1_3des.do_cipher = ssh1_3des_cbc; - ssh1_3des.flags = EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH; - return &ssh1_3des; -+#else /*}{*/ -+ static EVP_CIPHER *ssh1_3des_p; -+ ssh1_3des_p = EVP_CIPHER_meth_new(NID_undef, /*block_size*/8, /*key_len*/16); /*XXX check return*/ -+ EVP_CIPHER_meth_set_iv_length(ssh1_3des_p, 0); -+ EVP_CIPHER_meth_set_init(ssh1_3des_p, ssh1_3des_init); -+ EVP_CIPHER_meth_set_cleanup(ssh1_3des_p, ssh1_3des_cleanup); -+ EVP_CIPHER_meth_set_do_cipher(ssh1_3des_p, ssh1_3des_cbc); -+ EVP_CIPHER_meth_set_flags(ssh1_3des_p, EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH); -+ return ssh1_3des_p; -+#endif /*}*/ - } - #endif /* WITH_SSH1 */ -diff -Naur old/cipher-bf1.c new/cipher-bf1.c ---- old/cipher-bf1.c 2017-03-19 16:39:27.000000000 -1000 -+++ new/cipher-bf1.c 2017-03-20 11:01:25.018828127 -1000 -@@ -29,6 +29,7 @@ - #include <string.h> - - #include <openssl/evp.h> -+#include <openssl/blowfish.h> /*BF_KEY*/ - - #include "openbsd-compat/openssl-compat.h" - -@@ -89,17 +90,27 @@ - const EVP_CIPHER * - evp_ssh1_bf(void) - { -- static EVP_CIPHER ssh1_bf; -+ static EVP_CIPHER *ssh1_bfp; - -- memcpy(&ssh1_bf, EVP_bf_cbc(), sizeof(EVP_CIPHER)); -- orig_bf = ssh1_bf.do_cipher; -- ssh1_bf.nid = NID_undef; -+ ssh1_bfp = EVP_CIPHER_meth_new(NID_undef, /*block_size*/8, /*key_len*/32); -+ -+ orig_bf = EVP_CIPHER_meth_get_do_cipher(EVP_bf_cbc()); - #ifdef SSH_OLD_EVP - ssh1_bf.init = bf_ssh1_init; - #endif -- ssh1_bf.do_cipher = bf_ssh1_cipher; -- ssh1_bf.key_len = 32; -- return (&ssh1_bf); -+ EVP_CIPHER_meth_set_do_cipher(ssh1_bfp, bf_ssh1_cipher); -+ -+ /* set remaining members... */ -+ EVP_CIPHER_meth_set_iv_length(ssh1_bfp, 8); -+ EVP_CIPHER_meth_set_flags(ssh1_bfp, EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CBC_MODE); -+ EVP_CIPHER_meth_set_init(ssh1_bfp, EVP_CIPHER_meth_get_init(EVP_bf_cbc())); -+ EVP_CIPHER_meth_set_cleanup(ssh1_bfp, EVP_CIPHER_meth_get_cleanup(EVP_bf_cbc())); -+ EVP_CIPHER_meth_set_impl_ctx_size(ssh1_bfp, /*sizeof(EVP_BF_KEY) == */sizeof(BF_KEY)); -+ EVP_CIPHER_meth_set_set_asn1_params(ssh1_bfp, EVP_CIPHER_set_asn1_iv); -+ EVP_CIPHER_meth_set_get_asn1_params(ssh1_bfp, EVP_CIPHER_get_asn1_iv); -+ EVP_CIPHER_meth_set_ctrl(ssh1_bfp, NULL); -+ /*app_data = NULL*/ -+ return (ssh1_bfp); - } - #endif /* defined(WITH_OPENSSL) && !defined(OPENSSL_NO_BF) */ - diff -Naur old/cipher.c new/cipher.c ---- old/cipher.c 2017-03-19 16:39:27.000000000 -1000 -+++ new/cipher.c 2017-03-20 11:01:25.018828127 -1000 -@@ -390,7 +390,10 @@ +--- old/cipher.c 2017-10-03 21:49:05.367162904 -1000 ++++ new/cipher.c 2017-10-03 21:55:50.869718862 -1000 +@@ -297,7 +297,10 @@ goto out; } } @@ -188,25 +27,23 @@ diff -Naur old/cipher.c new/cipher.c ret = SSH_ERR_LIBCRYPTO_ERROR; goto out; } -@@ -625,7 +628,7 @@ - len, iv)) - return SSH_ERR_LIBCRYPTO_ERROR; - } else -- memcpy(iv, cc->evp->iv, len); -+ memcpy(iv, EVP_CIPHER_CTX_iv(cc->evp), len); - break; +@@ -486,7 +489,7 @@ + len, iv)) + return SSH_ERR_LIBCRYPTO_ERROR; + } else +- memcpy(iv, cc->evp->iv, len); ++ memcpy(iv, EVP_CIPHER_CTX_iv(cc->evp), len); #endif - #ifdef WITH_SSH1 -@@ -671,7 +674,7 @@ - EVP_CTRL_GCM_SET_IV_FIXED, -1, (void *)iv)) - return SSH_ERR_LIBCRYPTO_ERROR; - } else -- memcpy(cc->evp->iv, iv, evplen); -+ memcpy(EVP_CIPHER_CTX_iv_noconst(cc->evp), iv, evplen); /*XXX using EVP_CIPHER_CTX_iv_noconst as LHS*/ - break; + return 0; + } +@@ -520,14 +523,19 @@ + EVP_CTRL_GCM_SET_IV_FIXED, -1, (void *)iv)) + return SSH_ERR_LIBCRYPTO_ERROR; + } else +- memcpy(cc->evp->iv, iv, evplen); ++ memcpy(EVP_CIPHER_CTX_iv(cc->evp), iv, evplen); #endif - #ifdef WITH_SSH1 -@@ -685,8 +688,13 @@ + return 0; } #ifdef WITH_OPENSSL @@ -223,9 +60,9 @@ diff -Naur old/cipher.c new/cipher.c int diff -Naur old/cipher.h new/cipher.h ---- old/cipher.h 2017-03-19 16:39:27.000000000 -1000 -+++ new/cipher.h 2017-03-20 11:01:25.018828127 -1000 -@@ -63,7 +63,18 @@ +--- old/cipher.h 2017-10-03 21:49:05.367162904 -1000 ++++ new/cipher.h 2017-10-03 21:55:50.869718862 -1000 +@@ -46,7 +46,18 @@ #define CIPHER_DECRYPT 0 struct sshcipher; @@ -242,11 +79,22 @@ diff -Naur old/cipher.h new/cipher.h struct sshcipher_ctx; +#endif - u_int cipher_mask_ssh1(int); const struct sshcipher *cipher_by_name(const char *); + const char *cipher_warning_message(const struct sshcipher_ctx *); +diff -Naur old/configure new/configure +--- old/configure 2017-10-03 21:49:05.410493626 -1000 ++++ new/configure 2017-10-03 22:01:49.159050540 -1000 +@@ -12688,7 +12688,6 @@ + 100*) ;; # 1.0.x + 200*) ;; # LibreSSL + *) +- as_fn_error $? "OpenSSL >= 1.1.0 is not yet supported (have \"$ssl_library_ver\")" "$LINENO" 5 + ;; + esac + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ssl_library_ver" >&5 diff -Naur old/dh.c new/dh.c ---- old/dh.c 2017-03-19 16:39:27.000000000 -1000 -+++ new/dh.c 2017-03-20 11:01:25.022161903 -1000 +--- old/dh.c 2017-10-03 21:49:05.370496037 -1000 ++++ new/dh.c 2017-10-03 21:55:50.869718862 -1000 @@ -212,14 +212,15 @@ /* diffie-hellman-groupN-sha1 */ @@ -373,8 +221,8 @@ diff -Naur old/dh.c new/dh.c return (dh); } diff -Naur old/dh.h new/dh.h ---- old/dh.h 2017-03-19 16:39:27.000000000 -1000 -+++ new/dh.h 2017-03-20 11:01:25.022161903 -1000 +--- old/dh.h 2017-10-03 21:49:05.370496037 -1000 ++++ new/dh.h 2017-10-03 21:55:50.869718862 -1000 @@ -42,7 +42,7 @@ DH *dh_new_group_fallback(int); @@ -385,8 +233,8 @@ diff -Naur old/dh.h new/dh.h u_int dh_estimate(int); diff -Naur old/digest-openssl.c new/digest-openssl.c ---- old/digest-openssl.c 2017-03-19 16:39:27.000000000 -1000 -+++ new/digest-openssl.c 2017-03-20 11:01:25.022161903 -1000 +--- old/digest-openssl.c 2017-10-03 21:49:05.370496037 -1000 ++++ new/digest-openssl.c 2017-10-03 21:55:50.869718862 -1000 @@ -43,7 +43,7 @@ struct ssh_digest_ctx { @@ -396,7 +244,7 @@ diff -Naur old/digest-openssl.c new/digest-openssl.c }; struct ssh_digest { -@@ -107,20 +107,21 @@ +@@ -106,20 +106,21 @@ size_t ssh_digest_blocksize(struct ssh_digest_ctx *ctx) { @@ -422,7 +270,7 @@ diff -Naur old/digest-openssl.c new/digest-openssl.c free(ret); return NULL; } -@@ -133,7 +134,7 @@ +@@ -132,7 +133,7 @@ if (from->alg != to->alg) return SSH_ERR_INVALID_ARGUMENT; /* we have bcopy-style order while openssl has memcpy-style */ @@ -431,7 +279,7 @@ diff -Naur old/digest-openssl.c new/digest-openssl.c return SSH_ERR_LIBCRYPTO_ERROR; return 0; } -@@ -141,7 +142,7 @@ +@@ -140,7 +141,7 @@ int ssh_digest_update(struct ssh_digest_ctx *ctx, const void *m, size_t mlen) { @@ -440,7 +288,7 @@ diff -Naur old/digest-openssl.c new/digest-openssl.c return SSH_ERR_LIBCRYPTO_ERROR; return 0; } -@@ -162,7 +163,7 @@ +@@ -161,7 +162,7 @@ return SSH_ERR_INVALID_ARGUMENT; if (dlen < digest->digest_len) /* No truncation allowed */ return SSH_ERR_INVALID_ARGUMENT; @@ -449,7 +297,7 @@ diff -Naur old/digest-openssl.c new/digest-openssl.c return SSH_ERR_LIBCRYPTO_ERROR; if (l != digest->digest_len) /* sanity */ return SSH_ERR_INTERNAL_ERROR; -@@ -173,7 +174,7 @@ +@@ -172,7 +173,7 @@ ssh_digest_free(struct ssh_digest_ctx *ctx) { if (ctx != NULL) { @@ -459,8 +307,8 @@ diff -Naur old/digest-openssl.c new/digest-openssl.c free(ctx); } diff -Naur old/kexdhc.c new/kexdhc.c ---- old/kexdhc.c 2017-03-19 16:39:27.000000000 -1000 -+++ new/kexdhc.c 2017-03-20 11:01:25.022161903 -1000 +--- old/kexdhc.c 2017-10-03 21:49:05.373829169 -1000 ++++ new/kexdhc.c 2017-10-03 21:55:50.869718862 -1000 @@ -81,11 +81,16 @@ goto out; } @@ -481,7 +329,7 @@ diff -Naur old/kexdhc.c new/kexdhc.c #ifdef DEBUG_KEXDH DHparams_print_fp(stderr, kex->dh); fprintf(stderr, "pub= "); -@@ -170,6 +175,9 @@ +@@ -169,6 +174,9 @@ /* calc and verify H */ hashlen = sizeof(hash); @@ -491,7 +339,7 @@ diff -Naur old/kexdhc.c new/kexdhc.c if ((r = kex_dh_hash( kex->hash_alg, kex->client_version_string, -@@ -177,11 +185,13 @@ +@@ -176,11 +184,13 @@ sshbuf_ptr(kex->my), sshbuf_len(kex->my), sshbuf_ptr(kex->peer), sshbuf_len(kex->peer), server_host_key_blob, sbloblen, @@ -508,8 +356,8 @@ diff -Naur old/kexdhc.c new/kexdhc.c if ((r = sshkey_verify(server_host_key, signature, slen, hash, hashlen, ssh->compat)) != 0) diff -Naur old/kexdhs.c new/kexdhs.c ---- old/kexdhs.c 2017-03-19 16:39:27.000000000 -1000 -+++ new/kexdhs.c 2017-03-20 11:01:25.022161903 -1000 +--- old/kexdhs.c 2017-10-03 21:49:05.373829169 -1000 ++++ new/kexdhs.c 2017-10-03 21:55:50.869718862 -1000 @@ -87,6 +87,10 @@ ssh_dispatch_set(ssh, SSH2_MSG_KEXDH_INIT, &input_kex_dh_init); r = 0; @@ -521,7 +369,7 @@ diff -Naur old/kexdhs.c new/kexdhs.c return r; } -@@ -164,6 +168,9 @@ +@@ -163,6 +167,9 @@ goto out; /* calc H */ hashlen = sizeof(hash); @@ -531,7 +379,7 @@ diff -Naur old/kexdhs.c new/kexdhs.c if ((r = kex_dh_hash( kex->hash_alg, kex->client_version_string, -@@ -172,10 +179,12 @@ +@@ -171,10 +178,12 @@ sshbuf_ptr(kex->my), sshbuf_len(kex->my), server_host_key_blob, sbloblen, dh_client_pub, @@ -546,7 +394,7 @@ diff -Naur old/kexdhs.c new/kexdhs.c /* save session id := H */ if (kex->session_id == NULL) { -@@ -196,12 +205,17 @@ +@@ -195,12 +204,17 @@ /* destroy_sensitive_data(); */ /* send server hostkey, DH pubkey 'f' and singed H */ @@ -567,9 +415,9 @@ diff -Naur old/kexdhs.c new/kexdhs.c if ((r = kex_derive_keys_bn(ssh, hash, hashlen, shared_secret)) == 0) r = kex_send_newkeys(ssh); diff -Naur old/kexgexc.c new/kexgexc.c ---- old/kexgexc.c 2017-03-19 16:39:27.000000000 -1000 -+++ new/kexgexc.c 2017-03-20 11:01:25.022161903 -1000 -@@ -119,11 +119,17 @@ +--- old/kexgexc.c 2017-10-03 21:49:05.373829169 -1000 ++++ new/kexgexc.c 2017-10-03 21:55:50.869718862 -1000 +@@ -118,11 +118,17 @@ p = g = NULL; /* belong to kex->dh now */ /* generate and send 'e', client DH public key */ @@ -591,7 +439,7 @@ diff -Naur old/kexgexc.c new/kexgexc.c debug("SSH2_MSG_KEX_DH_GEX_INIT sent"); #ifdef DEBUG_KEXDH DHparams_print_fp(stderr, kex->dh); -@@ -135,10 +141,12 @@ +@@ -134,10 +140,12 @@ ssh_dispatch_set(ssh, SSH2_MSG_KEX_DH_GEX_REPLY, &input_kex_dh_gex_reply); r = 0; out: @@ -606,7 +454,7 @@ diff -Naur old/kexgexc.c new/kexgexc.c return r; } -@@ -220,6 +228,10 @@ +@@ -214,6 +222,10 @@ /* calc and verify H */ hashlen = sizeof(hash); @@ -617,7 +465,7 @@ diff -Naur old/kexgexc.c new/kexgexc.c if ((r = kexgex_hash( kex->hash_alg, kex->client_version_string, -@@ -228,12 +240,14 @@ +@@ -222,12 +234,14 @@ sshbuf_ptr(kex->peer), sshbuf_len(kex->peer), server_host_key_blob, sbloblen, kex->min, kex->nbits, kex->max, @@ -636,9 +484,9 @@ diff -Naur old/kexgexc.c new/kexgexc.c if ((r = sshkey_verify(server_host_key, signature, slen, hash, hashlen, ssh->compat)) != 0) diff -Naur old/kexgexs.c new/kexgexs.c ---- old/kexgexs.c 2017-03-19 16:39:27.000000000 -1000 -+++ new/kexgexs.c 2017-03-20 11:01:25.025495678 -1000 -@@ -102,11 +102,16 @@ +--- old/kexgexs.c 2017-10-03 21:49:05.373829169 -1000 ++++ new/kexgexs.c 2017-10-03 21:55:50.869718862 -1000 +@@ -101,11 +101,16 @@ goto out; } debug("SSH2_MSG_KEX_DH_GEX_GROUP sent"); @@ -658,7 +506,7 @@ diff -Naur old/kexgexs.c new/kexgexs.c /* Compute our exchange value in parallel with the client */ if ((r = dh_gen_key(kex->dh, kex->we_need * 8)) != 0) -@@ -116,6 +121,10 @@ +@@ -115,6 +120,10 @@ ssh_dispatch_set(ssh, SSH2_MSG_KEX_DH_GEX_INIT, &input_kex_dh_gex_init); r = 0; out: @@ -669,7 +517,7 @@ diff -Naur old/kexgexs.c new/kexgexs.c return r; } -@@ -193,6 +202,10 @@ +@@ -191,6 +200,10 @@ goto out; /* calc H */ hashlen = sizeof(hash); @@ -680,7 +528,7 @@ diff -Naur old/kexgexs.c new/kexgexs.c if ((r = kexgex_hash( kex->hash_alg, kex->client_version_string, -@@ -201,12 +214,14 @@ +@@ -199,12 +212,14 @@ sshbuf_ptr(kex->my), sshbuf_len(kex->my), server_host_key_blob, sbloblen, kex->min, kex->nbits, kex->max, @@ -698,7 +546,7 @@ diff -Naur old/kexgexs.c new/kexgexs.c /* save session id := H */ if (kex->session_id == NULL) { -@@ -227,12 +242,17 @@ +@@ -225,12 +240,17 @@ /* destroy_sensitive_data(); */ /* send server hostkey, DH pubkey 'f' and singed H */ @@ -719,9 +567,9 @@ diff -Naur old/kexgexs.c new/kexgexs.c if ((r = kex_derive_keys_bn(ssh, hash, hashlen, shared_secret)) == 0) r = kex_send_newkeys(ssh); diff -Naur old/monitor.c new/monitor.c ---- old/monitor.c 2017-03-19 16:39:27.000000000 -1000 -+++ new/monitor.c 2017-03-20 11:01:25.025495678 -1000 -@@ -580,10 +580,12 @@ +--- old/monitor.c 2017-10-03 21:49:05.377162302 -1000 ++++ new/monitor.c 2017-10-03 21:55:50.869718862 -1000 +@@ -586,10 +586,12 @@ buffer_put_char(m, 0); return (0); } else { @@ -737,8 +585,8 @@ diff -Naur old/monitor.c new/monitor.c DH_free(dh); } diff -Naur old/openbsd-compat/openssl-compat.c new/openbsd-compat/openssl-compat.c ---- old/openbsd-compat/openssl-compat.c 2017-03-19 16:39:27.000000000 -1000 -+++ new/openbsd-compat/openssl-compat.c 2017-03-20 11:02:25.132784743 -1000 +--- old/openbsd-compat/openssl-compat.c 2017-10-03 21:49:05.397161097 -1000 ++++ new/openbsd-compat/openssl-compat.c 2017-10-03 21:55:50.886387486 -1000 @@ -75,7 +75,6 @@ /* Enable use of crypto hardware */ ENGINE_load_builtin_engines(); @@ -748,9 +596,9 @@ diff -Naur old/openbsd-compat/openssl-compat.c new/openbsd-compat/openssl-compat #endif diff -Naur old/regress/unittests/sshkey/test_file.c new/regress/unittests/sshkey/test_file.c ---- old/regress/unittests/sshkey/test_file.c 2017-03-19 16:39:27.000000000 -1000 -+++ new/regress/unittests/sshkey/test_file.c 2017-03-20 11:01:25.028829454 -1000 -@@ -109,9 +109,14 @@ +--- old/regress/unittests/sshkey/test_file.c 2017-10-03 21:49:05.387161699 -1000 ++++ new/regress/unittests/sshkey/test_file.c 2017-10-03 21:55:50.883053761 -1000 +@@ -60,9 +60,14 @@ a = load_bignum("rsa_1.param.n"); b = load_bignum("rsa_1.param.p"); c = load_bignum("rsa_1.param.q"); @@ -768,7 +616,7 @@ diff -Naur old/regress/unittests/sshkey/test_file.c new/regress/unittests/sshkey BN_free(a); BN_free(b); BN_free(c); -@@ -200,9 +205,14 @@ +@@ -151,9 +156,14 @@ a = load_bignum("dsa_1.param.g"); b = load_bignum("dsa_1.param.priv"); c = load_bignum("dsa_1.param.pub"); @@ -787,27 +635,9 @@ diff -Naur old/regress/unittests/sshkey/test_file.c new/regress/unittests/sshkey BN_free(b); BN_free(c); diff -Naur old/regress/unittests/sshkey/test_sshkey.c new/regress/unittests/sshkey/test_sshkey.c ---- old/regress/unittests/sshkey/test_sshkey.c 2017-03-19 16:39:27.000000000 -1000 -+++ new/regress/unittests/sshkey/test_sshkey.c 2017-03-20 11:01:25.028829454 -1000 +--- old/regress/unittests/sshkey/test_sshkey.c 2017-10-03 21:49:05.387161699 -1000 ++++ new/regress/unittests/sshkey/test_sshkey.c 2017-10-03 21:55:50.883053761 -1000 @@ -197,9 +197,14 @@ - k1 = sshkey_new(KEY_RSA1); - ASSERT_PTR_NE(k1, NULL); - ASSERT_PTR_NE(k1->rsa, NULL); -- ASSERT_PTR_NE(k1->rsa->n, NULL); -- ASSERT_PTR_NE(k1->rsa->e, NULL); -- ASSERT_PTR_EQ(k1->rsa->p, NULL); -+ { -+ const BIGNUM *n, *e, *p; -+ RSA_get0_key(k1->rsa, &n, &e, NULL); -+ RSA_get0_factors(k1->rsa, &p, NULL); -+ ASSERT_PTR_NE(n, NULL); -+ ASSERT_PTR_NE(e, NULL); -+ ASSERT_PTR_EQ(p, NULL); -+ } - sshkey_free(k1); - TEST_DONE(); - -@@ -207,9 +212,14 @@ k1 = sshkey_new(KEY_RSA); ASSERT_PTR_NE(k1, NULL); ASSERT_PTR_NE(k1->rsa, NULL); @@ -825,7 +655,7 @@ diff -Naur old/regress/unittests/sshkey/test_sshkey.c new/regress/unittests/sshk sshkey_free(k1); TEST_DONE(); -@@ -217,8 +227,13 @@ +@@ -207,8 +212,13 @@ k1 = sshkey_new(KEY_DSA); ASSERT_PTR_NE(k1, NULL); ASSERT_PTR_NE(k1->dsa, NULL); @@ -841,7 +671,7 @@ diff -Naur old/regress/unittests/sshkey/test_sshkey.c new/regress/unittests/sshk sshkey_free(k1); TEST_DONE(); -@@ -244,9 +259,14 @@ +@@ -234,9 +244,14 @@ k1 = sshkey_new_private(KEY_RSA); ASSERT_PTR_NE(k1, NULL); ASSERT_PTR_NE(k1->rsa, NULL); @@ -859,7 +689,7 @@ diff -Naur old/regress/unittests/sshkey/test_sshkey.c new/regress/unittests/sshk ASSERT_INT_EQ(sshkey_add_private(k1), 0); sshkey_free(k1); TEST_DONE(); -@@ -255,8 +275,13 @@ +@@ -245,8 +260,13 @@ k1 = sshkey_new_private(KEY_DSA); ASSERT_PTR_NE(k1, NULL); ASSERT_PTR_NE(k1->dsa, NULL); @@ -875,7 +705,7 @@ diff -Naur old/regress/unittests/sshkey/test_sshkey.c new/regress/unittests/sshk ASSERT_INT_EQ(sshkey_add_private(k1), 0); sshkey_free(k1); TEST_DONE(); -@@ -295,18 +320,28 @@ +@@ -285,18 +305,28 @@ ASSERT_INT_EQ(sshkey_generate(KEY_RSA, 1024, &kr), 0); ASSERT_PTR_NE(kr, NULL); ASSERT_PTR_NE(kr->rsa, NULL); @@ -910,7 +740,7 @@ diff -Naur old/regress/unittests/sshkey/test_sshkey.c new/regress/unittests/sshk TEST_DONE(); #ifdef OPENSSL_HAS_ECC -@@ -333,9 +368,14 @@ +@@ -323,9 +353,14 @@ ASSERT_PTR_NE(kr, k1); ASSERT_INT_EQ(k1->type, KEY_RSA); ASSERT_PTR_NE(k1->rsa, NULL); @@ -928,7 +758,7 @@ diff -Naur old/regress/unittests/sshkey/test_sshkey.c new/regress/unittests/sshk TEST_DONE(); TEST_START("equal KEY_RSA/demoted KEY_RSA"); -@@ -349,8 +389,13 @@ +@@ -339,8 +374,13 @@ ASSERT_PTR_NE(kd, k1); ASSERT_INT_EQ(k1->type, KEY_DSA); ASSERT_PTR_NE(k1->dsa, NULL); @@ -944,70 +774,9 @@ diff -Naur old/regress/unittests/sshkey/test_sshkey.c new/regress/unittests/sshk TEST_DONE(); TEST_START("equal KEY_DSA/demoted KEY_DSA"); -diff -Naur old/rsa.c new/rsa.c ---- old/rsa.c 2017-03-19 16:39:27.000000000 -1000 -+++ new/rsa.c 2017-03-20 11:01:25.025495678 -1000 -@@ -76,11 +76,14 @@ - { - u_char *inbuf = NULL, *outbuf = NULL; - int len, ilen, olen, r = SSH_ERR_INTERNAL_ERROR; -+ const BIGNUM *e, *n; - -- if (BN_num_bits(key->e) < 2 || !BN_is_odd(key->e)) -+ RSA_get0_key(key, &n, &e, NULL); -+ -+ if (BN_num_bits(e) < 2 || !BN_is_odd(e)) - return SSH_ERR_INVALID_ARGUMENT; - -- olen = BN_num_bytes(key->n); -+ olen = BN_num_bytes(n); - if ((outbuf = malloc(olen)) == NULL) { - r = SSH_ERR_ALLOC_FAIL; - goto out; -@@ -123,7 +126,7 @@ - u_char *inbuf = NULL, *outbuf = NULL; - int len, ilen, olen, r = SSH_ERR_INTERNAL_ERROR; - -- olen = BN_num_bytes(key->n); -+ olen = RSA_size(key); - if ((outbuf = malloc(olen)) == NULL) { - r = SSH_ERR_ALLOC_FAIL; - goto out; -@@ -172,13 +175,27 @@ - goto out; - } - -- if ((BN_sub(aux, rsa->q, BN_value_one()) == 0) || -- (BN_mod(rsa->dmq1, rsa->d, aux, ctx) == 0) || -- (BN_sub(aux, rsa->p, BN_value_one()) == 0) || -- (BN_mod(rsa->dmp1, rsa->d, aux, ctx) == 0)) { -+ { -+ const BIGNUM *q, *d, *p; -+ BIGNUM *dmq1=NULL, *dmp1=NULL; -+ if ((dmq1 = BN_new()) == NULL || -+ (dmp1 = BN_new()) == NULL ) { -+ r = SSH_ERR_ALLOC_FAIL; -+ goto out; -+ } -+ RSA_get0_key(rsa, NULL, NULL, &d); -+ RSA_get0_factors(rsa, &p, &q); -+ if ((BN_sub(aux, q, BN_value_one()) == 0) || -+ (BN_mod(dmq1, d, aux, ctx) == 0) || -+ (BN_sub(aux, p, BN_value_one()) == 0) || -+ (BN_mod(dmp1, d, aux, ctx) == 0) || -+ RSA_set0_crt_params(rsa, dmp1, dmq1, NULL) == 0) { - r = SSH_ERR_LIBCRYPTO_ERROR; -+ BN_clear_free(dmp1); -+ BN_clear_free(dmq1); - goto out; - } -+ } - r = 0; - out: - BN_clear_free(aux); diff -Naur old/ssh-dss.c new/ssh-dss.c ---- old/ssh-dss.c 2017-03-19 16:39:27.000000000 -1000 -+++ new/ssh-dss.c 2017-03-20 11:01:25.025495678 -1000 +--- old/ssh-dss.c 2017-10-03 21:49:05.403827361 -1000 ++++ new/ssh-dss.c 2017-10-03 21:55:50.869718862 -1000 @@ -53,6 +53,7 @@ DSA_SIG *sig = NULL; u_char digest[SSH_DIGEST_MAX_LENGTH], sigblob[SIGBLOB_LEN]; @@ -1069,8 +838,8 @@ diff -Naur old/ssh-dss.c new/ssh-dss.c /* sha1 the data */ if ((ret = ssh_digest_memory(SSH_DIGEST_SHA1, data, datalen, diff -Naur old/ssh-ecdsa.c new/ssh-ecdsa.c ---- old/ssh-ecdsa.c 2017-03-19 16:39:27.000000000 -1000 -+++ new/ssh-ecdsa.c 2017-03-20 11:01:25.025495678 -1000 +--- old/ssh-ecdsa.c 2017-10-03 21:49:05.403827361 -1000 ++++ new/ssh-ecdsa.c 2017-10-03 21:55:50.869718862 -1000 @@ -80,9 +80,14 @@ ret = SSH_ERR_ALLOC_FAIL; goto out; @@ -1119,9 +888,9 @@ diff -Naur old/ssh-ecdsa.c new/ssh-ecdsa.c ret = SSH_ERR_UNEXPECTED_TRAILING_DATA; goto out; diff -Naur old/ssh-keygen.c new/ssh-keygen.c ---- old/ssh-keygen.c 2017-03-19 16:39:27.000000000 -1000 -+++ new/ssh-keygen.c 2017-03-20 11:01:25.025495678 -1000 -@@ -483,11 +483,33 @@ +--- old/ssh-keygen.c 2017-10-03 21:49:05.403827361 -1000 ++++ new/ssh-keygen.c 2017-10-03 21:55:50.869718862 -1000 +@@ -496,11 +496,33 @@ switch (key->type) { case KEY_DSA: @@ -1160,7 +929,7 @@ diff -Naur old/ssh-keygen.c new/ssh-keygen.c break; case KEY_RSA: if ((r = sshbuf_get_u8(b, &e1)) != 0 || -@@ -504,16 +526,52 @@ +@@ -517,16 +539,52 @@ e += e3; debug("e %lx", e); } @@ -1207,7 +976,7 @@ diff -Naur old/ssh-keygen.c new/ssh-keygen.c + p = q = NULL; + /* dmp1, dmq1 should not be NULL for initial set0 */ + if (RSA_set0_crt_params(key->rsa, dmp1, dmq1, iqmp) == 0) { -+null: ++ null: + fatal("Failed to set RSA parameters"); + BN_free(d); BN_free(n); BN_free(iqmp); + BN_free(q); BN_free(p); @@ -1216,10 +985,10 @@ diff -Naur old/ssh-keygen.c new/ssh-keygen.c + } + dmp1 = dmq1 = iqmp = NULL; + } - if ((r = rsa_generate_additional_parameters(key->rsa)) != 0) + if ((r = ssh_rsa_generate_additional_parameters(key)) != 0) fatal("generate RSA parameters failed: %s", ssh_err(r)); break; -@@ -623,7 +681,7 @@ +@@ -636,7 +694,7 @@ identity_file); } fclose(fp); @@ -1228,7 +997,7 @@ diff -Naur old/ssh-keygen.c new/ssh-keygen.c case EVP_PKEY_RSA: if ((*k = sshkey_new(KEY_UNSPEC)) == NULL) fatal("sshkey_new failed"); -@@ -647,7 +705,7 @@ +@@ -660,7 +718,7 @@ #endif default: fatal("%s: unsupported pubkey type %d", __func__, @@ -1238,8 +1007,8 @@ diff -Naur old/ssh-keygen.c new/ssh-keygen.c EVP_PKEY_free(pubkey); return; diff -Naur old/ssh-pkcs11-client.c new/ssh-pkcs11-client.c ---- old/ssh-pkcs11-client.c 2017-03-19 16:39:27.000000000 -1000 -+++ new/ssh-pkcs11-client.c 2017-03-20 11:01:25.025495678 -1000 +--- old/ssh-pkcs11-client.c 2017-10-03 21:49:05.403827361 -1000 ++++ new/ssh-pkcs11-client.c 2017-10-03 21:55:50.869718862 -1000 @@ -143,12 +143,13 @@ static int wrap_key(RSA *rsa) @@ -1260,8 +1029,8 @@ diff -Naur old/ssh-pkcs11-client.c new/ssh-pkcs11-client.c } diff -Naur old/ssh-pkcs11.c new/ssh-pkcs11.c ---- old/ssh-pkcs11.c 2017-03-19 16:39:27.000000000 -1000 -+++ new/ssh-pkcs11.c 2017-03-20 11:01:25.025495678 -1000 +--- old/ssh-pkcs11.c 2017-10-03 21:49:05.403827361 -1000 ++++ new/ssh-pkcs11.c 2017-10-03 21:55:50.869718862 -1000 @@ -67,7 +67,7 @@ struct pkcs11_provider *provider; CK_ULONG slotidx; @@ -1341,9 +1110,9 @@ diff -Naur old/ssh-pkcs11.c new/ssh-pkcs11.c + RSA_get0_key(rsa, &n, &e, NULL); + if (rsa && n && e && pkcs11_rsa_wrap(p, slotidx, &attribs[0], rsa) == 0) { - key = sshkey_new(KEY_UNSPEC); - key->rsa = rsa; -@@ -554,6 +568,7 @@ + if ((key = sshkey_new(KEY_UNSPEC)) == NULL) + fatal("sshkey_new failed"); +@@ -555,6 +569,7 @@ } else if (rsa) { RSA_free(rsa); } @@ -1352,37 +1121,70 @@ diff -Naur old/ssh-pkcs11.c new/ssh-pkcs11.c free(attribs[i].pValue); } diff -Naur old/ssh-rsa.c new/ssh-rsa.c ---- old/ssh-rsa.c 2017-03-19 16:39:27.000000000 -1000 -+++ new/ssh-rsa.c 2017-03-20 11:01:25.028829454 -1000 -@@ -100,7 +100,7 @@ - hash_alg = rsa_hash_alg_from_ident(alg_ident); +--- old/ssh-rsa.c 2017-10-03 21:49:05.403827361 -1000 ++++ new/ssh-rsa.c 2017-10-03 22:06:32.005937158 -1000 +@@ -99,13 +99,27 @@ + } + rsa = key->rsa; + +- if ((BN_sub(aux, rsa->q, BN_value_one()) == 0) || +- (BN_mod(rsa->dmq1, rsa->d, aux, ctx) == 0) || +- (BN_sub(aux, rsa->p, BN_value_one()) == 0) || +- (BN_mod(rsa->dmp1, rsa->d, aux, ctx) == 0)) { ++ { ++ const BIGNUM *q, *d, *p; ++ BIGNUM *dmq1=NULL, *dmp1=NULL; ++ if ((dmq1 = BN_new()) == NULL || ++ (dmp1 = BN_new()) == NULL ) { ++ r = SSH_ERR_ALLOC_FAIL; ++ goto out; ++ } ++ RSA_get0_key(rsa, NULL, NULL, &d); ++ RSA_get0_factors(rsa, &p, &q); ++ if ((BN_sub(aux, q, BN_value_one()) == 0) || ++ (BN_mod(dmq1, d, aux, ctx) == 0) || ++ (BN_sub(aux, p, BN_value_one()) == 0) || ++ (BN_mod(dmp1, d, aux, ctx) == 0) || ++ RSA_set0_crt_params(rsa, dmp1, dmq1, NULL) == 0) { + r = SSH_ERR_LIBCRYPTO_ERROR; ++ BN_clear_free(dmp1); ++ BN_clear_free(dmq1); + goto out; + } ++ } + r = 0; + out: + BN_clear_free(aux); +@@ -136,7 +150,7 @@ if (key == NULL || key->rsa == NULL || hash_alg == -1 || - sshkey_type_plain(key->type) != KEY_RSA || -- BN_num_bits(key->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) -+ RSA_bits(key->rsa) < SSH_RSA_MINIMUM_MODULUS_SIZE) + sshkey_type_plain(key->type) != KEY_RSA) return SSH_ERR_INVALID_ARGUMENT; +- if (BN_num_bits(key->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) ++ if (RSA_bits(key->rsa) < SSH_RSA_MINIMUM_MODULUS_SIZE) + return SSH_ERR_KEY_LENGTH; slen = RSA_size(key->rsa); if (slen <= 0 || slen > SSHBUF_MAX_BIGNUM) -@@ -172,7 +172,7 @@ - - if (key == NULL || key->rsa == NULL || +@@ -210,7 +224,7 @@ sshkey_type_plain(key->type) != KEY_RSA || -- BN_num_bits(key->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE || -+ RSA_bits(key->rsa) < SSH_RSA_MINIMUM_MODULUS_SIZE || sig == NULL || siglen == 0) return SSH_ERR_INVALID_ARGUMENT; +- if (BN_num_bits(key->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) ++ if (RSA_bits(key->rsa) < SSH_RSA_MINIMUM_MODULUS_SIZE) + return SSH_ERR_KEY_LENGTH; + if ((b = sshbuf_from(sig, siglen)) == NULL) diff -Naur old/sshkey.c new/sshkey.c ---- old/sshkey.c 2017-03-19 16:39:27.000000000 -1000 -+++ new/sshkey.c 2017-03-20 11:04:12.616131625 -1000 -@@ -275,10 +275,18 @@ - case KEY_RSA1: +--- old/sshkey.c 2017-10-03 21:49:05.407160494 -1000 ++++ new/sshkey.c 2017-10-03 22:16:31.124964276 -1000 +@@ -264,10 +264,18 @@ + #ifdef WITH_OPENSSL case KEY_RSA: case KEY_RSA_CERT: +- return BN_num_bits(k->rsa->n); +#if OPENSSL_VERSION_NUMBER >= 0x10100000UL + return RSA_bits(k->rsa); +#else - return BN_num_bits(k->rsa->n); ++ return RSA_bits(key->rsa); +#endif case KEY_DSA: case KEY_DSA_CERT: @@ -1394,8 +1196,8 @@ diff -Naur old/sshkey.c new/sshkey.c case KEY_ECDSA: case KEY_ECDSA_CERT: return sshkey_curve_nid_to_bits(k->ecdsa_nid); -@@ -478,28 +486,55 @@ - case KEY_RSA1: +@@ -466,28 +474,55 @@ + #ifdef WITH_OPENSSL case KEY_RSA: case KEY_RSA_CERT: + { @@ -1456,8 +1258,8 @@ diff -Naur old/sshkey.c new/sshkey.c k->dsa = dsa; break; case KEY_ECDSA: -@@ -536,6 +571,51 @@ - case KEY_RSA1: +@@ -523,6 +558,51 @@ + #ifdef WITH_OPENSSL case KEY_RSA: case KEY_RSA_CERT: +#if OPENSSL_VERSION_NUMBER >= 0x10100000UL @@ -1508,7 +1310,7 @@ diff -Naur old/sshkey.c new/sshkey.c #define bn_maybe_alloc_failed(p) (p == NULL && (p = BN_new()) == NULL) if (bn_maybe_alloc_failed(k->rsa->d) || bn_maybe_alloc_failed(k->rsa->iqmp) || -@@ -544,13 +624,28 @@ +@@ -531,13 +611,28 @@ bn_maybe_alloc_failed(k->rsa->dmq1) || bn_maybe_alloc_failed(k->rsa->dmp1)) return SSH_ERR_ALLOC_FAIL; @@ -1537,8 +1339,8 @@ diff -Naur old/sshkey.c new/sshkey.c case KEY_ECDSA: case KEY_ECDSA_CERT: /* Cannot do anything until we know the group */ -@@ -670,16 +765,34 @@ - case KEY_RSA1: +@@ -655,16 +750,34 @@ + #ifdef WITH_OPENSSL case KEY_RSA_CERT: case KEY_RSA: - return a->rsa != NULL && b->rsa != NULL && @@ -1580,7 +1382,7 @@ diff -Naur old/sshkey.c new/sshkey.c # ifdef OPENSSL_HAS_ECC case KEY_ECDSA_CERT: case KEY_ECDSA: -@@ -757,12 +870,17 @@ +@@ -742,12 +855,17 @@ case KEY_DSA: if (key->dsa == NULL) return SSH_ERR_INVALID_ARGUMENT; @@ -1602,7 +1404,7 @@ diff -Naur old/sshkey.c new/sshkey.c break; # ifdef OPENSSL_HAS_ECC case KEY_ECDSA: -@@ -778,10 +896,14 @@ +@@ -763,10 +881,14 @@ case KEY_RSA: if (key->rsa == NULL) return SSH_ERR_INVALID_ARGUMENT; @@ -1619,40 +1421,7 @@ diff -Naur old/sshkey.c new/sshkey.c break; #endif /* WITH_OPENSSL */ case KEY_ED25519: -@@ -887,8 +1009,16 @@ - - if (k->type == KEY_RSA1) { - #ifdef WITH_OPENSSL -- int nlen = BN_num_bytes(k->rsa->n); -- int elen = BN_num_bytes(k->rsa->e); -+ int nlen, elen; -+#if OPENSSL_VERSION_NUMBER >= 0x10100000UL -+ const BIGNUM *n, *e; -+ RSA_get0_key(k->rsa, &n, &e, NULL); -+ nlen = BN_num_bytes(n); -+ elen = BN_num_bytes(e); -+#else -+ nlen = BN_num_bytes(k->rsa->n); -+ elen = BN_num_bytes(k->rsa->e); -+#endif - - if (nlen < 0 || elen < 0 || nlen >= INT_MAX - elen) { - r = SSH_ERR_INVALID_FORMAT; -@@ -899,8 +1029,13 @@ - r = SSH_ERR_ALLOC_FAIL; - goto out; - } -+#if OPENSSL_VERSION_NUMBER >= 0x10100000UL -+ BN_bn2bin(n, blob); -+ BN_bn2bin(e, blob + nlen); -+#else - BN_bn2bin(k->rsa->n, blob); - BN_bn2bin(k->rsa->e, blob + nlen); -+#endif - #endif /* WITH_OPENSSL */ - } else if ((r = to_blob(k, &blob, &blob_len, 1)) != 0) - goto out; -@@ -1772,13 +1907,32 @@ +@@ -1643,13 +1765,32 @@ case KEY_DSA_CERT: if ((n = sshkey_new(k->type)) == NULL) return SSH_ERR_ALLOC_FAIL; @@ -1689,7 +1458,7 @@ diff -Naur old/sshkey.c new/sshkey.c break; # ifdef OPENSSL_HAS_ECC case KEY_ECDSA: -@@ -1803,11 +1957,23 @@ +@@ -1673,11 +1814,23 @@ case KEY_RSA_CERT: if ((n = sshkey_new(k->type)) == NULL) return SSH_ERR_ALLOC_FAIL; @@ -1715,7 +1484,7 @@ diff -Naur old/sshkey.c new/sshkey.c break; #endif /* WITH_OPENSSL */ case KEY_ED25519: -@@ -2004,11 +2170,26 @@ +@@ -1875,12 +2028,27 @@ ret = SSH_ERR_ALLOC_FAIL; goto out; } @@ -1735,16 +1504,18 @@ diff -Naur old/sshkey.c new/sshkey.c + BN_free(e); BN_free(n); goto out; } +- if (BN_num_bits(key->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) { + if (RSA_set0_key(key->rsa, n, e, NULL) == 0) { + BN_free(e); BN_free(n); + return SSH_ERR_LIBCRYPTO_ERROR; + } + n = e = NULL; + } - #ifdef DEBUG_PK - RSA_print_fp(stderr, key->rsa, 8); - #endif -@@ -2025,13 +2206,36 @@ ++ if (RSA_bits(key->rsa) < SSH_RSA_MINIMUM_MODULUS_SIZE) { + ret = SSH_ERR_KEY_LENGTH; + goto out; + } +@@ -1900,13 +2068,36 @@ ret = SSH_ERR_ALLOC_FAIL; goto out; } @@ -1785,27 +1556,27 @@ diff -Naur old/sshkey.c new/sshkey.c #ifdef DEBUG_PK DSA_print_fp(stderr, key->dsa, 8); #endif -@@ -2271,26 +2475,63 @@ +@@ -2140,26 +2331,63 @@ + goto fail; /* FALLTHROUGH */ - case KEY_RSA1: case KEY_RSA: - if ((pk->rsa = RSA_new()) == NULL || - (pk->rsa->e = BN_dup(k->rsa->e)) == NULL || - (pk->rsa->n = BN_dup(k->rsa->n)) == NULL) { + if ((pk->rsa = RSA_new()) == NULL ){ -+ ret = SSH_ERR_ALLOC_FAIL; -+ goto fail; -+ } + ret = SSH_ERR_ALLOC_FAIL; + goto fail; + } + { + const BIGNUM *ke, *kn; + BIGNUM *pke=NULL, *pkn=NULL; + RSA_get0_key(k->rsa, &kn, &ke, NULL); + if ((pke = BN_dup(ke)) == NULL || + (pkn = BN_dup(kn)) == NULL) { - ret = SSH_ERR_ALLOC_FAIL; ++ ret = SSH_ERR_ALLOC_FAIL; + BN_free(pke); BN_free(pkn); - goto fail; - } ++ goto fail; ++ } + if (RSA_set0_key(pk->rsa, pkn, pke, NULL) == 0) { + ret = SSH_ERR_LIBCRYPTO_ERROR; + BN_free(pke); BN_free(pkn); @@ -1857,7 +1628,7 @@ diff -Naur old/sshkey.c new/sshkey.c break; case KEY_ECDSA_CERT: if ((ret = sshkey_cert_copy(k, pk)) != 0) -@@ -2411,11 +2652,17 @@ +@@ -2281,11 +2509,17 @@ switch (k->type) { #ifdef WITH_OPENSSL case KEY_DSA_CERT: @@ -1879,7 +1650,7 @@ diff -Naur old/sshkey.c new/sshkey.c break; # ifdef OPENSSL_HAS_ECC case KEY_ECDSA_CERT: -@@ -2428,9 +2675,15 @@ +@@ -2298,9 +2532,15 @@ break; # endif /* OPENSSL_HAS_ECC */ case KEY_RSA_CERT: @@ -1897,7 +1668,7 @@ diff -Naur old/sshkey.c new/sshkey.c break; #endif /* WITH_OPENSSL */ case KEY_ED25519_CERT: -@@ -2588,42 +2841,67 @@ +@@ -2474,42 +2714,67 @@ switch (key->type) { #ifdef WITH_OPENSSL case KEY_RSA: @@ -1981,7 +1752,7 @@ diff -Naur old/sshkey.c new/sshkey.c break; # ifdef OPENSSL_HAS_ECC case KEY_ECDSA: -@@ -2699,18 +2977,61 @@ +@@ -2585,18 +2850,61 @@ r = SSH_ERR_ALLOC_FAIL; goto out; } @@ -2038,19 +1809,19 @@ diff -Naur old/sshkey.c new/sshkey.c - (r = sshbuf_get_bignum2(buf, k->dsa->priv_key)) != 0) + (r = sshbuf_get_bignum2(buf, priv_key)) != 0) { + BN_free(priv_key); - goto out; ++ goto out; + } + if (DSA_set0_key(k->dsa, NULL, priv_key) == 0) { + r = SSH_ERR_LIBCRYPTO_ERROR; + BN_free(priv_key); -+ goto out; + goto out; + } + priv_key = NULL; + } break; # ifdef OPENSSL_HAS_ECC case KEY_ECDSA: -@@ -2769,24 +3090,99 @@ +@@ -2655,29 +2963,104 @@ r = SSH_ERR_ALLOC_FAIL; goto out; } @@ -2060,7 +1831,7 @@ diff -Naur old/sshkey.c new/sshkey.c - (r = sshbuf_get_bignum2(buf, k->rsa->iqmp)) != 0 || - (r = sshbuf_get_bignum2(buf, k->rsa->p)) != 0 || - (r = sshbuf_get_bignum2(buf, k->rsa->q)) != 0 || -- (r = rsa_generate_additional_parameters(k->rsa)) != 0) +- (r = ssh_rsa_generate_additional_parameters(k)) != 0) + { + BIGNUM *n=NULL, *e=NULL, *d=NULL, *iqmp=NULL, *p=NULL, *q=NULL; + BIGNUM *dmp1=NULL, *dmq1=NULL; /* dummy for RSA_set0_crt_params */ @@ -2097,18 +1868,23 @@ diff -Naur old/sshkey.c new/sshkey.c + dmp1 = dmq1 = iqmp = NULL; + if (RSA_set0_factors(k->rsa, p, q) == 0) { + r = SSH_ERR_LIBCRYPTO_ERROR; -+error2: ++ error2: + BN_free(n); BN_free(e); BN_free(d); + BN_free(iqmp); + BN_free(p); BN_free(q); + BN_free(dmp1); BN_free(dmq1); - goto out; ++ goto out; + } + p = q = NULL; -+ if ((r = rsa_generate_additional_parameters(k->rsa)) != 0) { -+ goto out; ++ if ((r = ssh_rsa_generate_additional_parameters(k)) != 0) { + goto out; +- if (BN_num_bits(k->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) { + } + } ++ if (RSA_bits(k->rsa) < SSH_RSA_MINIMUM_MODULUS_SIZE) { + r = SSH_ERR_KEY_LENGTH; + goto out; + } break; case KEY_RSA_CERT: + { @@ -2130,7 +1906,7 @@ diff -Naur old/sshkey.c new/sshkey.c - (r = sshbuf_get_bignum2(buf, k->rsa->iqmp)) != 0 || - (r = sshbuf_get_bignum2(buf, k->rsa->p)) != 0 || - (r = sshbuf_get_bignum2(buf, k->rsa->q)) != 0 || -- (r = rsa_generate_additional_parameters(k->rsa)) != 0) +- (r = ssh_rsa_generate_additional_parameters(k)) != 0) + (r = sshbuf_get_bignum2(buf, d)) != 0 || + (r = sshbuf_get_bignum2(buf, iqmp)) != 0 || + (r = sshbuf_get_bignum2(buf, p)) != 0 || @@ -2149,47 +1925,31 @@ diff -Naur old/sshkey.c new/sshkey.c + dmp1 = dmq1 = iqmp = NULL; + if (RSA_set0_factors(k->rsa, p, q) == 0) { + r = SSH_ERR_LIBCRYPTO_ERROR; -+error3: ++ error3: + BN_free(d); BN_free(iqmp); + BN_free(p); BN_free(q); + BN_free(dmp1); BN_free(dmq1); -+ goto out; + goto out; +- if (BN_num_bits(k->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) { + } + p = q = NULL; -+ if ((r = rsa_generate_additional_parameters(k->rsa)) != 0) - goto out; ++ if ((r = ssh_rsa_generate_additional_parameters(k)) != 0) ++ goto out; + } - break; - #endif /* WITH_OPENSSL */ - case KEY_ED25519: -@@ -3593,7 +3989,7 @@ - } - } - --#ifdef WITH_SSH1 -+#ifdef WITH_SSH1 /*{*/ - /* - * Parse the public, unencrypted portion of a RSA1 key. - */ -@@ -3768,7 +4164,7 @@ - sshbuf_free(decrypted); - return r; - } --#endif /* WITH_SSH1 */ -+#endif /* } WITH_SSH1 */ - - #ifdef WITH_OPENSSL - static int -@@ -3817,7 +4213,6 @@ - case EVP_R_BAD_DECRYPT: - r = SSH_ERR_KEY_WRONG_PASSPHRASE; - goto out; -- case EVP_R_BN_DECODE_ERROR: - case EVP_R_DECODE_ERROR: ++ if (RSA_bits(k->rsa) < SSH_RSA_MINIMUM_MODULUS_SIZE) { + r = SSH_ERR_KEY_LENGTH; + goto out; + } +@@ -3395,7 +3778,6 @@ + switch (pem_reason) { + case EVP_R_BAD_DECRYPT: + return SSH_ERR_KEY_WRONG_PASSPHRASE; +- case EVP_R_BN_DECODE_ERROR: + case EVP_R_DECODE_ERROR: #ifdef EVP_R_PRIVATE_KEY_DECODE_ERROR - case EVP_R_PRIVATE_KEY_DECODE_ERROR: -@@ -3835,7 +4230,7 @@ - r = SSH_ERR_LIBCRYPTO_ERROR; + case EVP_R_PRIVATE_KEY_DECODE_ERROR: +@@ -3460,7 +3842,7 @@ + r = convert_libcrypto_error(); goto out; } - if (pk->type == EVP_PKEY_RSA && @@ -2197,16 +1957,21 @@ diff -Naur old/sshkey.c new/sshkey.c (type == KEY_UNSPEC || type == KEY_RSA)) { if ((prv = sshkey_new(KEY_UNSPEC)) == NULL) { r = SSH_ERR_ALLOC_FAIL; -@@ -3850,7 +4245,7 @@ +@@ -3475,11 +3857,11 @@ r = SSH_ERR_LIBCRYPTO_ERROR; goto out; } +- if (BN_num_bits(prv->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) { ++ if (RSA_bits(prv->rsa) < SSH_RSA_MINIMUM_MODULUS_SIZE) { + r = SSH_ERR_KEY_LENGTH; + goto out; + } - } else if (pk->type == EVP_PKEY_DSA && + } else if (EVP_PKEY_id(pk) == EVP_PKEY_DSA && (type == KEY_UNSPEC || type == KEY_DSA)) { if ((prv = sshkey_new(KEY_UNSPEC)) == NULL) { r = SSH_ERR_ALLOC_FAIL; -@@ -3862,7 +4257,7 @@ +@@ -3491,7 +3873,7 @@ DSA_print_fp(stderr, prv->dsa, 8); #endif #ifdef OPENSSL_HAS_ECC |