diff options
Diffstat (limited to 'openssl-1.1.0.patch')
| -rw-r--r-- | openssl-1.1.0.patch | 375 |
1 files changed, 173 insertions, 202 deletions
diff --git a/openssl-1.1.0.patch b/openssl-1.1.0.patch index f5454ac98aa6..6d065d470b15 100644 --- a/openssl-1.1.0.patch +++ b/openssl-1.1.0.patch @@ -1,7 +1,7 @@ -diff -Naur old/auth-pam.c new/auth-pam.c ---- old/auth-pam.c 2017-10-03 21:49:05.363829772 -1000 -+++ new/auth-pam.c 2017-10-03 21:55:50.869718862 -1000 -@@ -128,6 +128,10 @@ +diff -aurp old/auth-pam.c new/auth-pam.c +--- old/auth-pam.c 2018-03-22 16:21:14.000000000 -1000 ++++ new/auth-pam.c 2018-03-23 10:05:03.886621278 -1000 +@@ -128,6 +128,10 @@ extern u_int utmp_len; typedef pthread_t sp_pthread_t; #else typedef pid_t sp_pthread_t; @@ -12,10 +12,10 @@ diff -Naur old/auth-pam.c new/auth-pam.c #endif struct pam_ctxt { -diff -Naur old/cipher.c new/cipher.c ---- old/cipher.c 2017-10-03 21:49:05.367162904 -1000 -+++ new/cipher.c 2017-10-03 21:55:50.869718862 -1000 -@@ -297,7 +297,10 @@ +diff -aurp old/cipher.c new/cipher.c +--- old/cipher.c 2018-03-22 16:21:14.000000000 -1000 ++++ new/cipher.c 2018-03-23 10:05:03.886621278 -1000 +@@ -297,7 +297,10 @@ cipher_init(struct sshcipher_ctx **ccp, goto out; } } @@ -27,7 +27,7 @@ diff -Naur old/cipher.c new/cipher.c ret = SSH_ERR_LIBCRYPTO_ERROR; goto out; } -@@ -486,7 +489,7 @@ +@@ -483,7 +486,7 @@ cipher_get_keyiv(struct sshcipher_ctx *c len, iv)) return SSH_ERR_LIBCRYPTO_ERROR; } else @@ -36,7 +36,7 @@ diff -Naur old/cipher.c new/cipher.c #endif return 0; } -@@ -520,14 +523,19 @@ +@@ -517,14 +520,19 @@ cipher_set_keyiv(struct sshcipher_ctx *c EVP_CTRL_GCM_SET_IV_FIXED, -1, (void *)iv)) return SSH_ERR_LIBCRYPTO_ERROR; } else @@ -59,9 +59,9 @@ diff -Naur old/cipher.c new/cipher.c #endif int -diff -Naur old/cipher.h new/cipher.h ---- old/cipher.h 2017-10-03 21:49:05.367162904 -1000 -+++ new/cipher.h 2017-10-03 21:55:50.869718862 -1000 +diff -aurp old/cipher.h new/cipher.h +--- old/cipher.h 2018-03-22 16:21:14.000000000 -1000 ++++ new/cipher.h 2018-03-23 10:05:03.886621278 -1000 @@ -46,7 +46,18 @@ #define CIPHER_DECRYPT 0 @@ -81,10 +81,10 @@ diff -Naur old/cipher.h new/cipher.h const struct sshcipher *cipher_by_name(const char *); const char *cipher_warning_message(const struct sshcipher_ctx *); -diff -Naur old/configure new/configure ---- old/configure 2017-10-03 21:49:05.410493626 -1000 -+++ new/configure 2017-10-03 22:01:49.159050540 -1000 -@@ -12688,7 +12688,6 @@ +diff -aurp old/configure new/configure +--- old/configure 2018-03-23 03:30:17.000000000 -1000 ++++ new/configure 2018-03-23 10:05:03.888621444 -1000 +@@ -13076,7 +13076,6 @@ if ac_fn_c_try_run "$LINENO"; then : 100*) ;; # 1.0.x 200*) ;; # LibreSSL *) @@ -92,10 +92,10 @@ diff -Naur old/configure new/configure ;; esac { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ssl_library_ver" >&5 -diff -Naur old/dh.c new/dh.c ---- old/dh.c 2017-10-03 21:49:05.370496037 -1000 -+++ new/dh.c 2017-10-03 21:55:50.869718862 -1000 -@@ -212,14 +212,15 @@ +diff -aurp old/dh.c new/dh.c +--- old/dh.c 2018-03-22 16:21:14.000000000 -1000 ++++ new/dh.c 2018-03-23 10:05:03.888621444 -1000 +@@ -211,14 +211,15 @@ choose_dh(int min, int wantbits, int max /* diffie-hellman-groupN-sha1 */ int @@ -113,7 +113,7 @@ diff -Naur old/dh.c new/dh.c logit("invalid public DH value: negative"); return 0; } -@@ -232,7 +233,8 @@ +@@ -231,7 +232,8 @@ dh_pub_is_valid(DH *dh, BIGNUM *dh_pub) error("%s: BN_new failed", __func__); return 0; } @@ -123,7 +123,7 @@ diff -Naur old/dh.c new/dh.c BN_cmp(dh_pub, tmp) != -1) { /* pub_exp > p-2 */ BN_clear_free(tmp); logit("invalid public DH value: >= p-1"); -@@ -243,14 +245,14 @@ +@@ -242,14 +244,14 @@ dh_pub_is_valid(DH *dh, BIGNUM *dh_pub) for (i = 0; i <= n; i++) if (BN_is_bit_set(dh_pub, i)) bits_set++; @@ -140,7 +140,7 @@ diff -Naur old/dh.c new/dh.c return 0; } return 1; -@@ -260,9 +262,13 @@ +@@ -259,9 +261,13 @@ int dh_gen_key(DH *dh, int need) { int pbits; @@ -156,7 +156,7 @@ diff -Naur old/dh.c new/dh.c need > INT_MAX / 2 || 2 * need > pbits) return SSH_ERR_INVALID_ARGUMENT; if (need < 256) -@@ -271,10 +277,13 @@ +@@ -270,10 +276,13 @@ dh_gen_key(DH *dh, int need) * Pollard Rho, Big step/Little Step attacks are O(sqrt(n)), * so double requested need here. */ @@ -174,7 +174,7 @@ diff -Naur old/dh.c new/dh.c return SSH_ERR_LIBCRYPTO_ERROR; } return 0; -@@ -283,16 +292,27 @@ +@@ -282,16 +291,27 @@ dh_gen_key(DH *dh, int need) DH * dh_new_group_asc(const char *gen, const char *modulus) { @@ -209,7 +209,7 @@ diff -Naur old/dh.c new/dh.c } /* -@@ -307,8 +327,8 @@ +@@ -306,8 +326,8 @@ dh_new_group(BIGNUM *gen, BIGNUM *modulu if ((dh = DH_new()) == NULL) return NULL; @@ -220,10 +220,10 @@ diff -Naur old/dh.c new/dh.c return (dh); } -diff -Naur old/dh.h new/dh.h ---- old/dh.h 2017-10-03 21:49:05.370496037 -1000 -+++ new/dh.h 2017-10-03 21:55:50.869718862 -1000 -@@ -42,7 +42,7 @@ +diff -aurp old/dh.h new/dh.h +--- old/dh.h 2018-03-22 16:21:14.000000000 -1000 ++++ new/dh.h 2018-03-23 10:05:03.889621527 -1000 +@@ -42,7 +42,7 @@ DH *dh_new_group18(void); DH *dh_new_group_fallback(int); int dh_gen_key(DH *, int); @@ -232,9 +232,9 @@ diff -Naur old/dh.h new/dh.h u_int dh_estimate(int); -diff -Naur old/digest-openssl.c new/digest-openssl.c ---- old/digest-openssl.c 2017-10-03 21:49:05.370496037 -1000 -+++ new/digest-openssl.c 2017-10-03 21:55:50.869718862 -1000 +diff -aurp old/digest-openssl.c new/digest-openssl.c +--- old/digest-openssl.c 2018-03-22 16:21:14.000000000 -1000 ++++ new/digest-openssl.c 2018-03-23 10:05:03.889621527 -1000 @@ -43,7 +43,7 @@ struct ssh_digest_ctx { @@ -244,7 +244,7 @@ diff -Naur old/digest-openssl.c new/digest-openssl.c }; struct ssh_digest { -@@ -106,20 +106,21 @@ +@@ -106,20 +106,21 @@ ssh_digest_bytes(int alg) size_t ssh_digest_blocksize(struct ssh_digest_ctx *ctx) { @@ -270,7 +270,7 @@ diff -Naur old/digest-openssl.c new/digest-openssl.c free(ret); return NULL; } -@@ -132,7 +133,7 @@ +@@ -132,7 +133,7 @@ ssh_digest_copy_state(struct ssh_digest_ if (from->alg != to->alg) return SSH_ERR_INVALID_ARGUMENT; /* we have bcopy-style order while openssl has memcpy-style */ @@ -279,7 +279,7 @@ diff -Naur old/digest-openssl.c new/digest-openssl.c return SSH_ERR_LIBCRYPTO_ERROR; return 0; } -@@ -140,7 +141,7 @@ +@@ -140,7 +141,7 @@ ssh_digest_copy_state(struct ssh_digest_ int ssh_digest_update(struct ssh_digest_ctx *ctx, const void *m, size_t mlen) { @@ -288,7 +288,7 @@ diff -Naur old/digest-openssl.c new/digest-openssl.c return SSH_ERR_LIBCRYPTO_ERROR; return 0; } -@@ -161,7 +162,7 @@ +@@ -161,7 +162,7 @@ ssh_digest_final(struct ssh_digest_ctx * return SSH_ERR_INVALID_ARGUMENT; if (dlen < digest->digest_len) /* No truncation allowed */ return SSH_ERR_INVALID_ARGUMENT; @@ -297,7 +297,7 @@ diff -Naur old/digest-openssl.c new/digest-openssl.c return SSH_ERR_LIBCRYPTO_ERROR; if (l != digest->digest_len) /* sanity */ return SSH_ERR_INTERNAL_ERROR; -@@ -172,7 +173,7 @@ +@@ -172,7 +173,7 @@ void ssh_digest_free(struct ssh_digest_ctx *ctx) { if (ctx != NULL) { @@ -306,10 +306,10 @@ diff -Naur old/digest-openssl.c new/digest-openssl.c explicit_bzero(ctx, sizeof(*ctx)); free(ctx); } -diff -Naur old/kexdhc.c new/kexdhc.c ---- old/kexdhc.c 2017-10-03 21:49:05.373829169 -1000 -+++ new/kexdhc.c 2017-10-03 21:55:50.869718862 -1000 -@@ -81,11 +81,16 @@ +diff -aurp old/kexdhc.c new/kexdhc.c +--- old/kexdhc.c 2018-03-22 16:21:14.000000000 -1000 ++++ new/kexdhc.c 2018-03-23 10:05:03.889621527 -1000 +@@ -81,11 +81,16 @@ kexdh_client(struct ssh *ssh) goto out; } debug("sending SSH2_MSG_KEXDH_INIT"); @@ -329,7 +329,7 @@ diff -Naur old/kexdhc.c new/kexdhc.c #ifdef DEBUG_KEXDH DHparams_print_fp(stderr, kex->dh); fprintf(stderr, "pub= "); -@@ -169,6 +174,9 @@ +@@ -169,6 +174,9 @@ input_kex_dh(int type, u_int32_t seq, st /* calc and verify H */ hashlen = sizeof(hash); @@ -339,7 +339,7 @@ diff -Naur old/kexdhc.c new/kexdhc.c if ((r = kex_dh_hash( kex->hash_alg, kex->client_version_string, -@@ -176,11 +184,13 @@ +@@ -176,11 +184,13 @@ input_kex_dh(int type, u_int32_t seq, st sshbuf_ptr(kex->my), sshbuf_len(kex->my), sshbuf_ptr(kex->peer), sshbuf_len(kex->peer), server_host_key_blob, sbloblen, @@ -354,22 +354,11 @@ diff -Naur old/kexdhc.c new/kexdhc.c + } if ((r = sshkey_verify(server_host_key, signature, slen, hash, hashlen, - ssh->compat)) != 0) -diff -Naur old/kexdhs.c new/kexdhs.c ---- old/kexdhs.c 2017-10-03 21:49:05.373829169 -1000 -+++ new/kexdhs.c 2017-10-03 21:55:50.869718862 -1000 -@@ -87,6 +87,10 @@ - ssh_dispatch_set(ssh, SSH2_MSG_KEXDH_INIT, &input_kex_dh_init); - r = 0; - out: -+ if (r != 0) { -+ if (kex->dh) DH_free(kex->dh); -+ kex->dh = NULL; -+ } - return r; - } - -@@ -163,6 +167,9 @@ + kex->hostkey_alg, ssh->compat)) != 0) +diff -aurp old/kexdhs.c new/kexdhs.c +--- old/kexdhs.c 2018-03-22 16:21:14.000000000 -1000 ++++ new/kexdhs.c 2018-03-23 10:58:58.126733207 -1000 +@@ -163,6 +163,9 @@ input_kex_dh_init(int type, u_int32_t se goto out; /* calc H */ hashlen = sizeof(hash); @@ -379,7 +368,7 @@ diff -Naur old/kexdhs.c new/kexdhs.c if ((r = kex_dh_hash( kex->hash_alg, kex->client_version_string, -@@ -171,10 +178,12 @@ +@@ -171,10 +174,12 @@ input_kex_dh_init(int type, u_int32_t se sshbuf_ptr(kex->my), sshbuf_len(kex->my), server_host_key_blob, sbloblen, dh_client_pub, @@ -394,7 +383,7 @@ diff -Naur old/kexdhs.c new/kexdhs.c /* save session id := H */ if (kex->session_id == NULL) { -@@ -195,12 +204,17 @@ +@@ -195,12 +200,17 @@ input_kex_dh_init(int type, u_int32_t se /* destroy_sensitive_data(); */ /* send server hostkey, DH pubkey 'f' and singed H */ @@ -414,10 +403,10 @@ diff -Naur old/kexdhs.c new/kexdhs.c if ((r = kex_derive_keys_bn(ssh, hash, hashlen, shared_secret)) == 0) r = kex_send_newkeys(ssh); -diff -Naur old/kexgexc.c new/kexgexc.c ---- old/kexgexc.c 2017-10-03 21:49:05.373829169 -1000 -+++ new/kexgexc.c 2017-10-03 21:55:50.869718862 -1000 -@@ -118,11 +118,17 @@ +diff -aurp old/kexgexc.c new/kexgexc.c +--- old/kexgexc.c 2018-03-22 16:21:14.000000000 -1000 ++++ new/kexgexc.c 2018-03-23 11:00:00.132866201 -1000 +@@ -118,11 +118,17 @@ input_kex_dh_gex_group(int type, u_int32 p = g = NULL; /* belong to kex->dh now */ /* generate and send 'e', client DH public key */ @@ -439,22 +428,7 @@ diff -Naur old/kexgexc.c new/kexgexc.c debug("SSH2_MSG_KEX_DH_GEX_INIT sent"); #ifdef DEBUG_KEXDH DHparams_print_fp(stderr, kex->dh); -@@ -134,10 +140,12 @@ - ssh_dispatch_set(ssh, SSH2_MSG_KEX_DH_GEX_REPLY, &input_kex_dh_gex_reply); - r = 0; - out: -- if (p) -+ if (r != 0) { - BN_clear_free(p); -- if (g) - BN_clear_free(g); -+ DH_free(kex->dh); -+ kex->dh = NULL; -+ } - return r; - } - -@@ -214,6 +222,10 @@ +@@ -212,6 +218,10 @@ input_kex_dh_gex_reply(int type, u_int32 /* calc and verify H */ hashlen = sizeof(hash); @@ -465,7 +439,7 @@ diff -Naur old/kexgexc.c new/kexgexc.c if ((r = kexgex_hash( kex->hash_alg, kex->client_version_string, -@@ -222,12 +234,14 @@ +@@ -220,12 +230,14 @@ input_kex_dh_gex_reply(int type, u_int32 sshbuf_ptr(kex->peer), sshbuf_len(kex->peer), server_host_key_blob, sbloblen, kex->min, kex->nbits, kex->max, @@ -482,11 +456,11 @@ diff -Naur old/kexgexc.c new/kexgexc.c + } if ((r = sshkey_verify(server_host_key, signature, slen, hash, - hashlen, ssh->compat)) != 0) -diff -Naur old/kexgexs.c new/kexgexs.c ---- old/kexgexs.c 2017-10-03 21:49:05.373829169 -1000 -+++ new/kexgexs.c 2017-10-03 21:55:50.869718862 -1000 -@@ -101,11 +101,16 @@ + hashlen, kex->hostkey_alg, ssh->compat)) != 0) +diff -aurp old/kexgexs.c new/kexgexs.c +--- old/kexgexs.c 2018-03-22 16:21:14.000000000 -1000 ++++ new/kexgexs.c 2018-03-23 11:03:06.045049721 -1000 +@@ -101,11 +101,16 @@ input_kex_dh_gex_request(int type, u_int goto out; } debug("SSH2_MSG_KEX_DH_GEX_GROUP sent"); @@ -506,18 +480,7 @@ diff -Naur old/kexgexs.c new/kexgexs.c /* Compute our exchange value in parallel with the client */ if ((r = dh_gen_key(kex->dh, kex->we_need * 8)) != 0) -@@ -115,6 +120,10 @@ - ssh_dispatch_set(ssh, SSH2_MSG_KEX_DH_GEX_INIT, &input_kex_dh_gex_init); - r = 0; - out: -+ if (r != 0) { -+ DH_free(kex->dh); -+ kex->dh = NULL; -+ } - return r; - } - -@@ -191,6 +200,10 @@ +@@ -191,6 +196,10 @@ input_kex_dh_gex_init(int type, u_int32_ goto out; /* calc H */ hashlen = sizeof(hash); @@ -528,7 +491,7 @@ diff -Naur old/kexgexs.c new/kexgexs.c if ((r = kexgex_hash( kex->hash_alg, kex->client_version_string, -@@ -199,12 +212,14 @@ +@@ -199,12 +208,14 @@ input_kex_dh_gex_init(int type, u_int32_ sshbuf_ptr(kex->my), sshbuf_len(kex->my), server_host_key_blob, sbloblen, kex->min, kex->nbits, kex->max, @@ -546,7 +509,7 @@ diff -Naur old/kexgexs.c new/kexgexs.c /* save session id := H */ if (kex->session_id == NULL) { -@@ -225,12 +240,17 @@ +@@ -225,12 +236,17 @@ input_kex_dh_gex_init(int type, u_int32_ /* destroy_sensitive_data(); */ /* send server hostkey, DH pubkey 'f' and singed H */ @@ -566,10 +529,10 @@ diff -Naur old/kexgexs.c new/kexgexs.c if ((r = kex_derive_keys_bn(ssh, hash, hashlen, shared_secret)) == 0) r = kex_send_newkeys(ssh); -diff -Naur old/monitor.c new/monitor.c ---- old/monitor.c 2017-10-03 21:49:05.377162302 -1000 -+++ new/monitor.c 2017-10-03 21:55:50.869718862 -1000 -@@ -586,10 +586,12 @@ +diff -aurp old/monitor.c new/monitor.c +--- old/monitor.c 2018-03-22 16:21:14.000000000 -1000 ++++ new/monitor.c 2018-03-23 10:05:03.890621610 -1000 +@@ -595,10 +595,12 @@ mm_answer_moduli(int sock, Buffer *m) buffer_put_char(m, 0); return (0); } else { @@ -584,10 +547,10 @@ diff -Naur old/monitor.c new/monitor.c DH_free(dh); } -diff -Naur old/openbsd-compat/openssl-compat.c new/openbsd-compat/openssl-compat.c ---- old/openbsd-compat/openssl-compat.c 2017-10-03 21:49:05.397161097 -1000 -+++ new/openbsd-compat/openssl-compat.c 2017-10-03 21:55:50.886387486 -1000 -@@ -75,7 +75,6 @@ +diff -aurp old/openbsd-compat/openssl-compat.c new/openbsd-compat/openssl-compat.c +--- old/openbsd-compat/openssl-compat.c 2018-03-22 16:21:14.000000000 -1000 ++++ new/openbsd-compat/openssl-compat.c 2018-03-23 10:05:03.890621610 -1000 +@@ -75,7 +75,6 @@ ssh_OpenSSL_add_all_algorithms(void) /* Enable use of crypto hardware */ ENGINE_load_builtin_engines(); ENGINE_register_all_complete(); @@ -595,10 +558,10 @@ diff -Naur old/openbsd-compat/openssl-compat.c new/openbsd-compat/openssl-compat } #endif -diff -Naur old/regress/unittests/sshkey/test_file.c new/regress/unittests/sshkey/test_file.c ---- old/regress/unittests/sshkey/test_file.c 2017-10-03 21:49:05.387161699 -1000 -+++ new/regress/unittests/sshkey/test_file.c 2017-10-03 21:55:50.883053761 -1000 -@@ -60,9 +60,14 @@ +diff -aurp old/regress/unittests/sshkey/test_file.c new/regress/unittests/sshkey/test_file.c +--- old/regress/unittests/sshkey/test_file.c 2018-03-22 16:21:14.000000000 -1000 ++++ new/regress/unittests/sshkey/test_file.c 2018-03-23 10:05:03.890621610 -1000 +@@ -60,9 +60,14 @@ sshkey_file_tests(void) a = load_bignum("rsa_1.param.n"); b = load_bignum("rsa_1.param.p"); c = load_bignum("rsa_1.param.q"); @@ -616,7 +579,7 @@ diff -Naur old/regress/unittests/sshkey/test_file.c new/regress/unittests/sshkey BN_free(a); BN_free(b); BN_free(c); -@@ -151,9 +156,14 @@ +@@ -151,9 +156,14 @@ sshkey_file_tests(void) a = load_bignum("dsa_1.param.g"); b = load_bignum("dsa_1.param.priv"); c = load_bignum("dsa_1.param.pub"); @@ -634,10 +597,10 @@ diff -Naur old/regress/unittests/sshkey/test_file.c new/regress/unittests/sshkey BN_free(a); BN_free(b); BN_free(c); -diff -Naur old/regress/unittests/sshkey/test_sshkey.c new/regress/unittests/sshkey/test_sshkey.c ---- old/regress/unittests/sshkey/test_sshkey.c 2017-10-03 21:49:05.387161699 -1000 -+++ new/regress/unittests/sshkey/test_sshkey.c 2017-10-03 21:55:50.883053761 -1000 -@@ -197,9 +197,14 @@ +diff -aurp old/regress/unittests/sshkey/test_sshkey.c new/regress/unittests/sshkey/test_sshkey.c +--- old/regress/unittests/sshkey/test_sshkey.c 2018-03-22 16:21:14.000000000 -1000 ++++ new/regress/unittests/sshkey/test_sshkey.c 2018-03-23 10:05:03.890621610 -1000 +@@ -197,9 +197,14 @@ sshkey_tests(void) k1 = sshkey_new(KEY_RSA); ASSERT_PTR_NE(k1, NULL); ASSERT_PTR_NE(k1->rsa, NULL); @@ -655,7 +618,7 @@ diff -Naur old/regress/unittests/sshkey/test_sshkey.c new/regress/unittests/sshk sshkey_free(k1); TEST_DONE(); -@@ -207,8 +212,13 @@ +@@ -207,8 +212,13 @@ sshkey_tests(void) k1 = sshkey_new(KEY_DSA); ASSERT_PTR_NE(k1, NULL); ASSERT_PTR_NE(k1->dsa, NULL); @@ -671,7 +634,7 @@ diff -Naur old/regress/unittests/sshkey/test_sshkey.c new/regress/unittests/sshk sshkey_free(k1); TEST_DONE(); -@@ -234,9 +244,14 @@ +@@ -234,9 +244,14 @@ sshkey_tests(void) k1 = sshkey_new_private(KEY_RSA); ASSERT_PTR_NE(k1, NULL); ASSERT_PTR_NE(k1->rsa, NULL); @@ -689,7 +652,7 @@ diff -Naur old/regress/unittests/sshkey/test_sshkey.c new/regress/unittests/sshk ASSERT_INT_EQ(sshkey_add_private(k1), 0); sshkey_free(k1); TEST_DONE(); -@@ -245,8 +260,13 @@ +@@ -245,8 +260,13 @@ sshkey_tests(void) k1 = sshkey_new_private(KEY_DSA); ASSERT_PTR_NE(k1, NULL); ASSERT_PTR_NE(k1->dsa, NULL); @@ -705,7 +668,7 @@ diff -Naur old/regress/unittests/sshkey/test_sshkey.c new/regress/unittests/sshk ASSERT_INT_EQ(sshkey_add_private(k1), 0); sshkey_free(k1); TEST_DONE(); -@@ -285,18 +305,28 @@ +@@ -285,18 +305,28 @@ sshkey_tests(void) ASSERT_INT_EQ(sshkey_generate(KEY_RSA, 1024, &kr), 0); ASSERT_PTR_NE(kr, NULL); ASSERT_PTR_NE(kr->rsa, NULL); @@ -740,7 +703,7 @@ diff -Naur old/regress/unittests/sshkey/test_sshkey.c new/regress/unittests/sshk TEST_DONE(); #ifdef OPENSSL_HAS_ECC -@@ -323,9 +353,14 @@ +@@ -323,9 +353,14 @@ sshkey_tests(void) ASSERT_PTR_NE(kr, k1); ASSERT_INT_EQ(k1->type, KEY_RSA); ASSERT_PTR_NE(k1->rsa, NULL); @@ -758,7 +721,7 @@ diff -Naur old/regress/unittests/sshkey/test_sshkey.c new/regress/unittests/sshk TEST_DONE(); TEST_START("equal KEY_RSA/demoted KEY_RSA"); -@@ -339,8 +374,13 @@ +@@ -339,8 +374,13 @@ sshkey_tests(void) ASSERT_PTR_NE(kd, k1); ASSERT_INT_EQ(k1->type, KEY_DSA); ASSERT_PTR_NE(k1->dsa, NULL); @@ -774,10 +737,10 @@ diff -Naur old/regress/unittests/sshkey/test_sshkey.c new/regress/unittests/sshk TEST_DONE(); TEST_START("equal KEY_DSA/demoted KEY_DSA"); -diff -Naur old/ssh-dss.c new/ssh-dss.c ---- old/ssh-dss.c 2017-10-03 21:49:05.403827361 -1000 -+++ new/ssh-dss.c 2017-10-03 21:55:50.869718862 -1000 -@@ -53,6 +53,7 @@ +diff -aurp old/ssh-dss.c new/ssh-dss.c +--- old/ssh-dss.c 2018-03-22 16:21:14.000000000 -1000 ++++ new/ssh-dss.c 2018-03-23 10:05:03.891621693 -1000 +@@ -53,6 +53,7 @@ ssh_dss_sign(const struct sshkey *key, u DSA_SIG *sig = NULL; u_char digest[SSH_DIGEST_MAX_LENGTH], sigblob[SIGBLOB_LEN]; size_t rlen, slen, len, dlen = ssh_digest_bytes(SSH_DIGEST_SHA1); @@ -785,7 +748,7 @@ diff -Naur old/ssh-dss.c new/ssh-dss.c struct sshbuf *b = NULL; int ret = SSH_ERR_INVALID_ARGUMENT; -@@ -76,15 +77,16 @@ +@@ -76,15 +77,16 @@ ssh_dss_sign(const struct sshkey *key, u goto out; } @@ -804,9 +767,9 @@ diff -Naur old/ssh-dss.c new/ssh-dss.c + BN_bn2bin(r, sigblob + SIGBLOB_LEN - INTBLOB_LEN - rlen); + BN_bn2bin(s, sigblob + SIGBLOB_LEN - slen); - if (compat & SSH_BUG_SIGBLOB) { - if (sigp != NULL) { -@@ -176,17 +178,26 @@ + if ((b = sshbuf_new()) == NULL) { + ret = SSH_ERR_ALLOC_FAIL; +@@ -154,17 +156,26 @@ ssh_dss_verify(const struct sshkey *key, } /* parse signature */ @@ -837,10 +800,10 @@ diff -Naur old/ssh-dss.c new/ssh-dss.c /* sha1 the data */ if ((ret = ssh_digest_memory(SSH_DIGEST_SHA1, data, datalen, -diff -Naur old/ssh-ecdsa.c new/ssh-ecdsa.c ---- old/ssh-ecdsa.c 2017-10-03 21:49:05.403827361 -1000 -+++ new/ssh-ecdsa.c 2017-10-03 21:55:50.869718862 -1000 -@@ -80,9 +80,14 @@ +diff -aurp old/ssh-ecdsa.c new/ssh-ecdsa.c +--- old/ssh-ecdsa.c 2018-03-22 16:21:14.000000000 -1000 ++++ new/ssh-ecdsa.c 2018-03-23 10:05:03.891621693 -1000 +@@ -80,9 +80,14 @@ ssh_ecdsa_sign(const struct sshkey *key, ret = SSH_ERR_ALLOC_FAIL; goto out; } @@ -857,7 +820,7 @@ diff -Naur old/ssh-ecdsa.c new/ssh-ecdsa.c if ((ret = sshbuf_put_cstring(b, sshkey_ssh_name_plain(key))) != 0 || (ret = sshbuf_put_stringb(b, bb)) != 0) goto out; -@@ -151,11 +156,27 @@ +@@ -150,11 +155,27 @@ ssh_ecdsa_verify(const struct sshkey *ke ret = SSH_ERR_ALLOC_FAIL; goto out; } @@ -887,10 +850,10 @@ diff -Naur old/ssh-ecdsa.c new/ssh-ecdsa.c if (sshbuf_len(sigbuf) != 0) { ret = SSH_ERR_UNEXPECTED_TRAILING_DATA; goto out; -diff -Naur old/ssh-keygen.c new/ssh-keygen.c ---- old/ssh-keygen.c 2017-10-03 21:49:05.403827361 -1000 -+++ new/ssh-keygen.c 2017-10-03 21:55:50.869718862 -1000 -@@ -496,11 +496,33 @@ +diff -aurp old/ssh-keygen.c new/ssh-keygen.c +--- old/ssh-keygen.c 2018-03-22 16:21:14.000000000 -1000 ++++ new/ssh-keygen.c 2018-03-23 10:05:03.891621693 -1000 +@@ -493,11 +493,33 @@ do_convert_private_ssh2_from_blob(u_char switch (key->type) { case KEY_DSA: @@ -929,7 +892,7 @@ diff -Naur old/ssh-keygen.c new/ssh-keygen.c break; case KEY_RSA: if ((r = sshbuf_get_u8(b, &e1)) != 0 || -@@ -517,16 +539,52 @@ +@@ -514,16 +536,52 @@ do_convert_private_ssh2_from_blob(u_char e += e3; debug("e %lx", e); } @@ -988,7 +951,7 @@ diff -Naur old/ssh-keygen.c new/ssh-keygen.c if ((r = ssh_rsa_generate_additional_parameters(key)) != 0) fatal("generate RSA parameters failed: %s", ssh_err(r)); break; -@@ -636,7 +694,7 @@ +@@ -633,7 +691,7 @@ do_convert_from_pkcs8(struct sshkey **k, identity_file); } fclose(fp); @@ -997,7 +960,7 @@ diff -Naur old/ssh-keygen.c new/ssh-keygen.c case EVP_PKEY_RSA: if ((*k = sshkey_new(KEY_UNSPEC)) == NULL) fatal("sshkey_new failed"); -@@ -660,7 +718,7 @@ +@@ -657,7 +715,7 @@ do_convert_from_pkcs8(struct sshkey **k, #endif default: fatal("%s: unsupported pubkey type %d", __func__, @@ -1006,10 +969,10 @@ diff -Naur old/ssh-keygen.c new/ssh-keygen.c } EVP_PKEY_free(pubkey); return; -diff -Naur old/ssh-pkcs11-client.c new/ssh-pkcs11-client.c ---- old/ssh-pkcs11-client.c 2017-10-03 21:49:05.403827361 -1000 -+++ new/ssh-pkcs11-client.c 2017-10-03 21:55:50.869718862 -1000 -@@ -143,12 +143,13 @@ +diff -aurp old/ssh-pkcs11-client.c new/ssh-pkcs11-client.c +--- old/ssh-pkcs11-client.c 2018-03-22 16:21:14.000000000 -1000 ++++ new/ssh-pkcs11-client.c 2018-03-23 10:05:03.892621777 -1000 +@@ -144,12 +144,13 @@ pkcs11_rsa_private_encrypt(int flen, con static int wrap_key(RSA *rsa) { @@ -1028,10 +991,10 @@ diff -Naur old/ssh-pkcs11-client.c new/ssh-pkcs11-client.c return (0); } -diff -Naur old/ssh-pkcs11.c new/ssh-pkcs11.c ---- old/ssh-pkcs11.c 2017-10-03 21:49:05.403827361 -1000 -+++ new/ssh-pkcs11.c 2017-10-03 21:55:50.869718862 -1000 -@@ -67,7 +67,7 @@ +diff -aurp old/ssh-pkcs11.c new/ssh-pkcs11.c +--- old/ssh-pkcs11.c 2018-03-22 16:21:14.000000000 -1000 ++++ new/ssh-pkcs11.c 2018-03-23 10:05:03.892621777 -1000 +@@ -67,7 +67,7 @@ struct pkcs11_key { struct pkcs11_provider *provider; CK_ULONG slotidx; int (*orig_finish)(RSA *rsa); @@ -1040,7 +1003,7 @@ diff -Naur old/ssh-pkcs11.c new/ssh-pkcs11.c char *keyid; int keyid_len; }; -@@ -326,13 +326,15 @@ +@@ -326,13 +326,15 @@ pkcs11_rsa_wrap(struct pkcs11_provider * k11->keyid = xmalloc(k11->keyid_len); memcpy(k11->keyid, keyid_attrib->pValue, k11->keyid_len); } @@ -1063,7 +1026,7 @@ diff -Naur old/ssh-pkcs11.c new/ssh-pkcs11.c RSA_set_app_data(rsa, k11); return (0); } -@@ -512,10 +514,19 @@ +@@ -512,10 +514,19 @@ pkcs11_fetch_keys_filter(struct pkcs11_p if ((rsa = RSA_new()) == NULL) { error("RSA_new failed"); } else { @@ -1087,7 +1050,7 @@ diff -Naur old/ssh-pkcs11.c new/ssh-pkcs11.c } } else { cp = attribs[2].pValue; -@@ -525,17 +536,20 @@ +@@ -525,16 +536,19 @@ pkcs11_fetch_keys_filter(struct pkcs11_p == NULL) { error("d2i_X509 failed"); } else if ((evp = X509_get_pubkey(x509)) == NULL || @@ -1101,8 +1064,7 @@ diff -Naur old/ssh-pkcs11.c new/ssh-pkcs11.c == NULL) { error("RSAPublicKey_dup"); } - if (x509) - X509_free(x509); + X509_free(x509); } - if (rsa && rsa->n && rsa->e && + { @@ -1112,7 +1074,7 @@ diff -Naur old/ssh-pkcs11.c new/ssh-pkcs11.c pkcs11_rsa_wrap(p, slotidx, &attribs[0], rsa) == 0) { if ((key = sshkey_new(KEY_UNSPEC)) == NULL) fatal("sshkey_new failed"); -@@ -555,6 +569,7 @@ +@@ -554,6 +568,7 @@ pkcs11_fetch_keys_filter(struct pkcs11_p } else if (rsa) { RSA_free(rsa); } @@ -1120,17 +1082,28 @@ diff -Naur old/ssh-pkcs11.c new/ssh-pkcs11.c for (i = 0; i < 3; i++) free(attribs[i].pValue); } -diff -Naur old/ssh-rsa.c new/ssh-rsa.c ---- old/ssh-rsa.c 2017-10-03 21:49:05.403827361 -1000 -+++ new/ssh-rsa.c 2017-10-03 22:06:32.005937158 -1000 -@@ -99,13 +99,27 @@ +diff -aurp old/ssh-rsa.c new/ssh-rsa.c +--- old/ssh-rsa.c 2018-03-22 16:21:14.000000000 -1000 ++++ new/ssh-rsa.c 2018-03-23 10:05:03.892621777 -1000 +@@ -84,7 +84,6 @@ ssh_rsa_generate_additional_parameters(s + { + BIGNUM *aux = NULL; + BN_CTX *ctx = NULL; +- BIGNUM d; + int r; + + if (key == NULL || key->rsa == NULL || +@@ -99,16 +98,27 @@ ssh_rsa_generate_additional_parameters(s } - rsa = key->rsa; + BN_set_flags(aux, BN_FLG_CONSTTIME); -- if ((BN_sub(aux, rsa->q, BN_value_one()) == 0) || -- (BN_mod(rsa->dmq1, rsa->d, aux, ctx) == 0) || -- (BN_sub(aux, rsa->p, BN_value_one()) == 0) || -- (BN_mod(rsa->dmp1, rsa->d, aux, ctx) == 0)) { +- BN_init(&d); +- BN_with_flags(&d, key->rsa->d, BN_FLG_CONSTTIME); +- +- if ((BN_sub(aux, key->rsa->q, BN_value_one()) == 0) || +- (BN_mod(key->rsa->dmq1, &d, aux, ctx) == 0) || +- (BN_sub(aux, key->rsa->p, BN_value_one()) == 0) || +- (BN_mod(key->rsa->dmp1, &d, aux, ctx) == 0)) { + { + const BIGNUM *q, *d, *p; + BIGNUM *dmq1=NULL, *dmp1=NULL; @@ -1139,13 +1112,13 @@ diff -Naur old/ssh-rsa.c new/ssh-rsa.c + r = SSH_ERR_ALLOC_FAIL; + goto out; + } -+ RSA_get0_key(rsa, NULL, NULL, &d); -+ RSA_get0_factors(rsa, &p, &q); ++ RSA_get0_key(key->rsa, NULL, NULL, &d); ++ RSA_get0_factors(key->rsa, &p, &q); + if ((BN_sub(aux, q, BN_value_one()) == 0) || + (BN_mod(dmq1, d, aux, ctx) == 0) || + (BN_sub(aux, p, BN_value_one()) == 0) || + (BN_mod(dmp1, d, aux, ctx) == 0) || -+ RSA_set0_crt_params(rsa, dmp1, dmq1, NULL) == 0) { ++ RSA_set0_crt_params(key->rsa, dmp1, dmq1, NULL) == 0) { r = SSH_ERR_LIBCRYPTO_ERROR; + BN_clear_free(dmp1); + BN_clear_free(dmq1); @@ -1155,7 +1128,7 @@ diff -Naur old/ssh-rsa.c new/ssh-rsa.c r = 0; out: BN_clear_free(aux); -@@ -136,7 +150,7 @@ +@@ -139,7 +149,7 @@ ssh_rsa_sign(const struct sshkey *key, u if (key == NULL || key->rsa == NULL || hash_alg == -1 || sshkey_type_plain(key->type) != KEY_RSA) return SSH_ERR_INVALID_ARGUMENT; @@ -1164,7 +1137,7 @@ diff -Naur old/ssh-rsa.c new/ssh-rsa.c return SSH_ERR_KEY_LENGTH; slen = RSA_size(key->rsa); if (slen <= 0 || slen > SSHBUF_MAX_BIGNUM) -@@ -210,7 +224,7 @@ +@@ -211,7 +221,7 @@ ssh_rsa_verify(const struct sshkey *key, sshkey_type_plain(key->type) != KEY_RSA || sig == NULL || siglen == 0) return SSH_ERR_INVALID_ARGUMENT; @@ -1173,10 +1146,10 @@ diff -Naur old/ssh-rsa.c new/ssh-rsa.c return SSH_ERR_KEY_LENGTH; if ((b = sshbuf_from(sig, siglen)) == NULL) -diff -Naur old/sshkey.c new/sshkey.c ---- old/sshkey.c 2017-10-03 21:49:05.407160494 -1000 -+++ new/sshkey.c 2017-10-03 22:16:31.124964276 -1000 -@@ -264,10 +264,18 @@ +diff -aurp old/sshkey.c new/sshkey.c +--- old/sshkey.c 2018-03-22 16:21:14.000000000 -1000 ++++ new/sshkey.c 2018-03-23 10:05:03.893621860 -1000 +@@ -274,10 +274,18 @@ sshkey_size(const struct sshkey *k) #ifdef WITH_OPENSSL case KEY_RSA: case KEY_RSA_CERT: @@ -1196,7 +1169,7 @@ diff -Naur old/sshkey.c new/sshkey.c case KEY_ECDSA: case KEY_ECDSA_CERT: return sshkey_curve_nid_to_bits(k->ecdsa_nid); -@@ -466,28 +474,55 @@ +@@ -482,26 +490,53 @@ sshkey_new(int type) #ifdef WITH_OPENSSL case KEY_RSA: case KEY_RSA_CERT: @@ -1209,8 +1182,7 @@ diff -Naur old/sshkey.c new/sshkey.c + (e = BN_new()) == NULL) { + BN_free(n); + BN_free(e); - if (rsa != NULL) - RSA_free(rsa); + RSA_free(rsa); free(k); return NULL; } @@ -1238,8 +1210,7 @@ diff -Naur old/sshkey.c new/sshkey.c + BN_free(q); + BN_free(g); + BN_free(pubkey); - if (dsa != NULL) - DSA_free(dsa); + DSA_free(dsa); free(k); return NULL; } @@ -1258,7 +1229,7 @@ diff -Naur old/sshkey.c new/sshkey.c k->dsa = dsa; break; case KEY_ECDSA: -@@ -523,6 +558,51 @@ +@@ -539,6 +574,51 @@ sshkey_add_private(struct sshkey *k) #ifdef WITH_OPENSSL case KEY_RSA: case KEY_RSA_CERT: @@ -1310,7 +1281,7 @@ diff -Naur old/sshkey.c new/sshkey.c #define bn_maybe_alloc_failed(p) (p == NULL && (p = BN_new()) == NULL) if (bn_maybe_alloc_failed(k->rsa->d) || bn_maybe_alloc_failed(k->rsa->iqmp) || -@@ -531,13 +611,28 @@ +@@ -547,13 +627,28 @@ sshkey_add_private(struct sshkey *k) bn_maybe_alloc_failed(k->rsa->dmq1) || bn_maybe_alloc_failed(k->rsa->dmp1)) return SSH_ERR_ALLOC_FAIL; @@ -1339,7 +1310,7 @@ diff -Naur old/sshkey.c new/sshkey.c case KEY_ECDSA: case KEY_ECDSA_CERT: /* Cannot do anything until we know the group */ -@@ -655,16 +750,34 @@ +@@ -677,16 +772,34 @@ sshkey_equal_public(const struct sshkey #ifdef WITH_OPENSSL case KEY_RSA_CERT: case KEY_RSA: @@ -1382,7 +1353,7 @@ diff -Naur old/sshkey.c new/sshkey.c # ifdef OPENSSL_HAS_ECC case KEY_ECDSA_CERT: case KEY_ECDSA: -@@ -742,12 +855,17 @@ +@@ -775,12 +888,17 @@ to_blob_buf(const struct sshkey *key, st case KEY_DSA: if (key->dsa == NULL) return SSH_ERR_INVALID_ARGUMENT; @@ -1404,7 +1375,7 @@ diff -Naur old/sshkey.c new/sshkey.c break; # ifdef OPENSSL_HAS_ECC case KEY_ECDSA: -@@ -763,10 +881,14 @@ +@@ -796,10 +914,14 @@ to_blob_buf(const struct sshkey *key, st case KEY_RSA: if (key->rsa == NULL) return SSH_ERR_INVALID_ARGUMENT; @@ -1421,7 +1392,7 @@ diff -Naur old/sshkey.c new/sshkey.c break; #endif /* WITH_OPENSSL */ case KEY_ED25519: -@@ -1643,13 +1765,32 @@ +@@ -1740,13 +1862,32 @@ sshkey_from_private(const struct sshkey case KEY_DSA_CERT: if ((n = sshkey_new(k->type)) == NULL) return SSH_ERR_ALLOC_FAIL; @@ -1458,7 +1429,7 @@ diff -Naur old/sshkey.c new/sshkey.c break; # ifdef OPENSSL_HAS_ECC case KEY_ECDSA: -@@ -1673,11 +1814,23 @@ +@@ -1770,11 +1911,23 @@ sshkey_from_private(const struct sshkey case KEY_RSA_CERT: if ((n = sshkey_new(k->type)) == NULL) return SSH_ERR_ALLOC_FAIL; @@ -1484,7 +1455,7 @@ diff -Naur old/sshkey.c new/sshkey.c break; #endif /* WITH_OPENSSL */ case KEY_ED25519: -@@ -1875,12 +2028,27 @@ +@@ -1995,12 +2148,27 @@ sshkey_from_blob_internal(struct sshbuf ret = SSH_ERR_ALLOC_FAIL; goto out; } @@ -1515,7 +1486,7 @@ diff -Naur old/sshkey.c new/sshkey.c ret = SSH_ERR_KEY_LENGTH; goto out; } -@@ -1900,13 +2068,36 @@ +@@ -2020,13 +2188,36 @@ sshkey_from_blob_internal(struct sshbuf ret = SSH_ERR_ALLOC_FAIL; goto out; } @@ -1556,7 +1527,7 @@ diff -Naur old/sshkey.c new/sshkey.c #ifdef DEBUG_PK DSA_print_fp(stderr, key->dsa, 8); #endif -@@ -2140,26 +2331,63 @@ +@@ -2327,26 +2518,63 @@ sshkey_demote(const struct sshkey *k, st goto fail; /* FALLTHROUGH */ case KEY_RSA: @@ -1628,7 +1599,7 @@ diff -Naur old/sshkey.c new/sshkey.c break; case KEY_ECDSA_CERT: if ((ret = sshkey_cert_copy(k, pk)) != 0) -@@ -2281,11 +2509,17 @@ +@@ -2496,11 +2724,17 @@ sshkey_certify_custom(struct sshkey *k, switch (k->type) { #ifdef WITH_OPENSSL case KEY_DSA_CERT: @@ -1650,7 +1621,7 @@ diff -Naur old/sshkey.c new/sshkey.c break; # ifdef OPENSSL_HAS_ECC case KEY_ECDSA_CERT: -@@ -2298,9 +2532,15 @@ +@@ -2513,9 +2747,15 @@ sshkey_certify_custom(struct sshkey *k, break; # endif /* OPENSSL_HAS_ECC */ case KEY_RSA_CERT: @@ -1668,7 +1639,7 @@ diff -Naur old/sshkey.c new/sshkey.c break; #endif /* WITH_OPENSSL */ case KEY_ED25519_CERT: -@@ -2474,42 +2714,67 @@ +@@ -2702,42 +2942,67 @@ sshkey_private_serialize_opt(const struc switch (key->type) { #ifdef WITH_OPENSSL case KEY_RSA: @@ -1752,7 +1723,7 @@ diff -Naur old/sshkey.c new/sshkey.c break; # ifdef OPENSSL_HAS_ECC case KEY_ECDSA: -@@ -2585,18 +2850,61 @@ +@@ -2851,18 +3116,61 @@ sshkey_private_deserialize(struct sshbuf r = SSH_ERR_ALLOC_FAIL; goto out; } @@ -1821,7 +1792,7 @@ diff -Naur old/sshkey.c new/sshkey.c break; # ifdef OPENSSL_HAS_ECC case KEY_ECDSA: -@@ -2655,29 +2963,104 @@ +@@ -2921,29 +3229,104 @@ sshkey_private_deserialize(struct sshbuf r = SSH_ERR_ALLOC_FAIL; goto out; } @@ -1940,7 +1911,7 @@ diff -Naur old/sshkey.c new/sshkey.c r = SSH_ERR_KEY_LENGTH; goto out; } -@@ -3395,7 +3778,6 @@ +@@ -3707,7 +4090,6 @@ translate_libcrypto_error(unsigned long switch (pem_reason) { case EVP_R_BAD_DECRYPT: return SSH_ERR_KEY_WRONG_PASSPHRASE; @@ -1948,7 +1919,7 @@ diff -Naur old/sshkey.c new/sshkey.c case EVP_R_DECODE_ERROR: #ifdef EVP_R_PRIVATE_KEY_DECODE_ERROR case EVP_R_PRIVATE_KEY_DECODE_ERROR: -@@ -3460,7 +3842,7 @@ +@@ -3772,7 +4154,7 @@ sshkey_parse_private_pem_fileblob(struct r = convert_libcrypto_error(); goto out; } @@ -1957,7 +1928,7 @@ diff -Naur old/sshkey.c new/sshkey.c (type == KEY_UNSPEC || type == KEY_RSA)) { if ((prv = sshkey_new(KEY_UNSPEC)) == NULL) { r = SSH_ERR_ALLOC_FAIL; -@@ -3475,11 +3857,11 @@ +@@ -3787,11 +4169,11 @@ sshkey_parse_private_pem_fileblob(struct r = SSH_ERR_LIBCRYPTO_ERROR; goto out; } @@ -1971,7 +1942,7 @@ diff -Naur old/sshkey.c new/sshkey.c (type == KEY_UNSPEC || type == KEY_DSA)) { if ((prv = sshkey_new(KEY_UNSPEC)) == NULL) { r = SSH_ERR_ALLOC_FAIL; -@@ -3491,7 +3873,7 @@ +@@ -3803,7 +4185,7 @@ sshkey_parse_private_pem_fileblob(struct DSA_print_fp(stderr, prv->dsa, 8); #endif #ifdef OPENSSL_HAS_ECC |