]> git.pld-linux.org Git - packages/openssh.git/blame - openssl.patch
projects / packages / openssh.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
- updated to 7.9p1
[packages/openssh.git] / openssl.patch
CommitLineData
d2583ea7
AM		 1commit a70fd4ad7bd9f2ed223ff635a3d41e483057f23b
2Author: djm@openbsd.org <djm@openbsd.org>
3Date: Wed Sep 12 01:31:30 2018 +0000
4
5 upstream: add cert->signature_type field and keep it in sync with
6
7 certificate signature wrt loading and certification operations; ok markus@
8
9 OpenBSD-Commit-ID: e8b8b9f76b66707a0cd926109c4383db8f664df3
10
11diff --git a/sshkey.c b/sshkey.c
12index 72c08c7e..b467571f 100644
13--- a/sshkey.c
14+++ b/sshkey.c
15@@ -1,4 +1,4 @@
16-/* $OpenBSD: sshkey.c,v 1.66 2018/07/03 13:20:25 djm Exp $ */
17+/* $OpenBSD: sshkey.c,v 1.67 2018/09/12 01:31:30 djm Exp $ */
18 /*
19 * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
20 * Copyright (c) 2008 Alexander von Gernler. All rights reserved.
21@@ -78,6 +78,7 @@ int sshkey_private_serialize_opt(const struct sshkey *key,
22 struct sshbuf *buf, enum sshkey_serialize_rep);
23 static int sshkey_from_blob_internal(struct sshbuf *buf,
24 struct sshkey **keyp, int allow_cert);
25+static int get_sigtype(const u_char *sig, size_t siglen, char **sigtypep);
26
27 /* Supported key types */
28 struct keytype {
29@@ -453,6 +454,7 @@ cert_free(struct sshkey_cert *cert)
30 free(cert->principals[i]);
31 free(cert->principals);
32 sshkey_free(cert->signature_key);
33+ free(cert->signature_type);
34 freezero(cert, sizeof(*cert));
35 }
36
37@@ -472,6 +474,7 @@ cert_new(void)
38 cert->key_id = NULL;
39 cert->principals = NULL;
40 cert->signature_key = NULL;
41+ cert->signature_type = NULL;
42 return cert;
43 }
44
45@@ -1695,54 +1698,68 @@ sshkey_cert_copy(const struct sshkey *from_key, struct sshkey *to_key)
46 u_int i;
47 const struct sshkey_cert *from;
48 struct sshkey_cert *to;
49- int ret = SSH_ERR_INTERNAL_ERROR;
50-
51- if (to_key->cert != NULL) {
52- cert_free(to_key->cert);
53- to_key->cert = NULL;
54- }
55+ int r = SSH_ERR_INTERNAL_ERROR;
56
57- if ((from = from_key->cert) == NULL)
58+ if (to_key == NULL || (from = from_key->cert) == NULL)
59 return SSH_ERR_INVALID_ARGUMENT;
60
61- if ((to = to_key->cert = cert_new()) == NULL)
62+ if ((to = cert_new()) == NULL)
63 return SSH_ERR_ALLOC_FAIL;
64
65- if ((ret = sshbuf_putb(to->certblob, from->certblob)) != 0 ||
66- (ret = sshbuf_putb(to->critical, from->critical)) != 0 ||
67- (ret = sshbuf_putb(to->extensions, from->extensions)) != 0)
68- return ret;
69+ if ((r = sshbuf_putb(to->certblob, from->certblob)) != 0 ||
70+ (r = sshbuf_putb(to->critical, from->critical)) != 0 ||
71+ (r = sshbuf_putb(to->extensions, from->extensions)) != 0)
72+ goto out;
73
74 to->serial = from->serial;
75 to->type = from->type;
76 if (from->key_id == NULL)
77 to->key_id = NULL;
78- else if ((to->key_id = strdup(from->key_id)) == NULL)
79- return SSH_ERR_ALLOC_FAIL;
80+ else if ((to->key_id = strdup(from->key_id)) == NULL) {
81+ r = SSH_ERR_ALLOC_FAIL;
82+ goto out;
83+ }
84 to->valid_after = from->valid_after;
85 to->valid_before = from->valid_before;
86 if (from->signature_key == NULL)
87 to->signature_key = NULL;
88- else if ((ret = sshkey_from_private(from->signature_key,
89+ else if ((r = sshkey_from_private(from->signature_key,
90 &to->signature_key)) != 0)
91- return ret;
92-
93- if (from->nprincipals > SSHKEY_CERT_MAX_PRINCIPALS)
94- return SSH_ERR_INVALID_ARGUMENT;
95+ goto out;
96+ if (from->signature_type != NULL &&
97+ (to->signature_type = strdup(from->signature_type)) == NULL) {
98+ r = SSH_ERR_ALLOC_FAIL;
99+ goto out;
100+ }
101+ if (from->nprincipals > SSHKEY_CERT_MAX_PRINCIPALS) {
102+ r = SSH_ERR_INVALID_ARGUMENT;
103+ goto out;
104+ }
105 if (from->nprincipals > 0) {
106 if ((to->principals = calloc(from->nprincipals,
107- sizeof(*to->principals))) == NULL)
108- return SSH_ERR_ALLOC_FAIL;
109+ sizeof(*to->principals))) == NULL) {
110+ r = SSH_ERR_ALLOC_FAIL;
111+ goto out;
112+ }
113 for (i = 0; i < from->nprincipals; i++) {
114 to->principals[i] = strdup(from->principals[i]);
115 if (to->principals[i] == NULL) {
116 to->nprincipals = i;
117- return SSH_ERR_ALLOC_FAIL;
118+ r = SSH_ERR_ALLOC_FAIL;
119+ goto out;
120 }
121 }
122 }
123 to->nprincipals = from->nprincipals;
124- return 0;
125+
126+ /* success */
127+ cert_free(to_key->cert);
128+ to_key->cert = to;
129+ to = NULL;
130+ r = 0;
131+ out:
132+ cert_free(to);
133+ return r;
134 }
135
136 int
137@@ -1954,6 +1971,8 @@ cert_parse(struct sshbuf *b, struct sshkey *key, struct sshbuf *certbuf)
138 if ((ret = sshkey_verify(key->cert->signature_key, sig, slen,
139 sshbuf_ptr(key->cert->certblob), signed_len, NULL, 0)) != 0)
140 goto out;
141+ if ((ret = get_sigtype(sig, slen, &key->cert->signature_type)) != 0)
142+ goto out;
143
144 /* Success */
145 ret = 0;
146@@ -2531,7 +2550,8 @@ sshkey_certify_custom(struct sshkey *k, struct sshkey *ca, const char *alg,
147 u_char *ca_blob = NULL, *sig_blob = NULL, nonce[32];
148 size_t i, ca_len, sig_len;
149 int ret = SSH_ERR_INTERNAL_ERROR;
150- struct sshbuf *cert;
151+ struct sshbuf *cert = NULL;
152+ char *sigtype = NULL;
153
154 if (k == NULL || k->cert == NULL ||
155 k->cert->certblob == NULL || ca == NULL)
156@@ -2541,6 +2561,16 @@ sshkey_certify_custom(struct sshkey *k, struct sshkey *ca, const char *alg,
157 if (!sshkey_type_is_valid_ca(ca->type))
158 return SSH_ERR_KEY_CERT_INVALID_SIGN_KEY;
159
160+ /*
161+ * If no alg specified as argument but a signature_type was set,
162+ * then prefer that. If both were specified, then they must match.
163+ */
164+ if (alg == NULL)
165+ alg = k->cert->signature_type;
166+ else if (k->cert->signature_type != NULL &&
167+ strcmp(alg, k->cert->signature_type) != 0)
168+ return SSH_ERR_INVALID_ARGUMENT;
169+
170 if ((ret = sshkey_to_blob(ca, &ca_blob, &ca_len)) != 0)
171 return SSH_ERR_KEY_CERT_INVALID_SIGN_KEY;
172
173@@ -2629,7 +2659,17 @@ sshkey_certify_custom(struct sshkey *k, struct sshkey *ca, const char *alg,
174 if ((ret = signer(ca, &sig_blob, &sig_len, sshbuf_ptr(cert),
175 sshbuf_len(cert), alg, 0, signer_ctx)) != 0)
176 goto out;
177-
178+ /* Check and update signature_type against what was actually used */
179+ if ((ret = get_sigtype(sig_blob, sig_len, &sigtype)) != 0)
180+ goto out;
181+ if (alg != NULL && strcmp(alg, sigtype) != 0) {
182+ ret = SSH_ERR_SIGN_ALG_UNSUPPORTED;
183+ goto out;
184+ }
185+ if (k->cert->signature_type == NULL) {
186+ k->cert->signature_type = sigtype;
187+ sigtype = NULL;
188+ }
189 /* Append signature and we are done */
190 if ((ret = sshbuf_put_string(cert, sig_blob, sig_len)) != 0)
191 goto out;
192@@ -2639,6 +2679,7 @@ sshkey_certify_custom(struct sshkey *k, struct sshkey *ca, const char *alg,
193 sshbuf_reset(cert);
194 free(sig_blob);
195 free(ca_blob);
196+ free(sigtype);
197 sshbuf_free(principals);
198 return ret;
199 }
200diff --git a/sshkey.h b/sshkey.h
201index 9060b2ec..b8f279a6 100644
202--- a/sshkey.h
203+++ b/sshkey.h
204@@ -1,4 +1,4 @@
205-/* $OpenBSD: sshkey.h,v 1.26 2018/07/03 13:20:25 djm Exp $ */
206+/* $OpenBSD: sshkey.h,v 1.27 2018/09/12 01:31:30 djm Exp $ */
207
208 /*
209 * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
210@@ -102,6 +102,7 @@ struct sshkey_cert {
211 struct sshbuf *critical;
212 struct sshbuf *extensions;
213 struct sshkey *signature_key;
214+ char *signature_type;
215 };
216
217 /* XXX opaquify? */
218commit ba9e788315b1f6a350f910cb2a9e95b2ce584e89
219Author: djm@openbsd.org <djm@openbsd.org>
220Date: Wed Sep 12 01:32:54 2018 +0000
221
222 upstream: add sshkey_check_cert_sigtype() that checks a
223
224 cert->signature_type against a supplied whitelist; ok markus
225
226 OpenBSD-Commit-ID: caadb8073292ed7a9535e5adc067d11d356d9302
227
228diff --git a/sshkey.c b/sshkey.c
229index b467571f..50ebdc25 100644
230--- a/sshkey.c
231+++ b/sshkey.c
232@@ -1,4 +1,4 @@
233-/* $OpenBSD: sshkey.c,v 1.67 2018/09/12 01:31:30 djm Exp $ */
234+/* $OpenBSD: sshkey.c,v 1.68 2018/09/12 01:32:54 djm Exp $ */
235 /*
236 * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
237 * Copyright (c) 2008 Alexander von Gernler. All rights reserved.
238@@ -2260,6 +2260,27 @@ get_sigtype(const u_char *sig, size_t siglen, char **sigtypep)
239 return r;
240 }
241
242+/*
243+ *
244+ * Checks whether a certificate's signature type is allowed.
245+ * Returns 0 (success) if the certificate signature type appears in the
246+ * "allowed" pattern-list, or the key is not a certificate to begin with.
247+ * Otherwise returns a ssherr.h code.
248+ */
249+int
250+sshkey_check_cert_sigtype(const struct sshkey *key, const char *allowed)
251+{
252+ if (key == NULL || allowed == NULL)
253+ return SSH_ERR_INVALID_ARGUMENT;
254+ if (!sshkey_type_is_cert(key->type))
255+ return 0;
256+ if (key->cert == NULL || key->cert->signature_type == NULL)
257+ return SSH_ERR_INVALID_ARGUMENT;
258+ if (match_pattern_list(key->cert->signature_type, allowed, 0) != 1)
259+ return SSH_ERR_SIGN_ALG_UNSUPPORTED;
260+ return 0;
261+}
262+
263 /*
264 * Returns the expected signature algorithm for a given public key algorithm.
265 */
266diff --git a/sshkey.h b/sshkey.h
267index b8f279a6..5a22a66f 100644
268--- a/sshkey.h
269+++ b/sshkey.h
270@@ -1,4 +1,4 @@
271-/* $OpenBSD: sshkey.h,v 1.27 2018/09/12 01:31:30 djm Exp $ */
272+/* $OpenBSD: sshkey.h,v 1.28 2018/09/12 01:32:54 djm Exp $ */
273
274 /*
275 * Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
276@@ -158,6 +158,7 @@ int sshkey_cert_check_authority(const struct sshkey *, int, int,
277 const char *, const char **);
278 size_t sshkey_format_cert_validity(const struct sshkey_cert *,
279 char *, size_t) __attribute__((__bounded__(__string__, 2, 3)));
280+int sshkey_check_cert_sigtype(const struct sshkey *, const char *);
281
282 int sshkey_certify(struct sshkey *, struct sshkey *, const char *);
283 /* Variant allowing use of a custom signature function (e.g. for ssh-agent) */
284commit 2de78bc7da70e1338b32feeefcc6045cf49efcd4
285Author: djm@openbsd.org <djm@openbsd.org>
286Date: Wed Sep 12 01:22:43 2018 +0000
287
288 upstream: s/sshkey_demote/sshkey_from_private/g
289
290 OpenBSD-Regress-ID: 782bde7407d94a87aa8d1db7c23750e09d4443c4
291
292diff --git a/regress/unittests/sshkey/test_sshkey.c b/regress/unittests/sshkey/test_sshkey.c
293index 72367bde..7e03b7e5 100644
294--- a/regress/unittests/sshkey/test_sshkey.c
295+++ b/regress/unittests/sshkey/test_sshkey.c
296@@ -1,4 +1,4 @@
297-/* $OpenBSD: test_sshkey.c,v 1.14 2018/07/13 02:13:19 djm Exp $ */
298+/* $OpenBSD: test_sshkey.c,v 1.15 2018/09/12 01:22:43 djm Exp $ */
299 /*
300 * Regress test for sshkey.h key management API
301 *
302@@ -318,7 +318,7 @@ sshkey_tests(void)
303 TEST_DONE();
304
305 TEST_START("demote KEY_RSA");
306- ASSERT_INT_EQ(sshkey_demote(kr, &k1), 0);
307+ ASSERT_INT_EQ(sshkey_from_private(kr, &k1), 0);
308 ASSERT_PTR_NE(k1, NULL);
309 ASSERT_PTR_NE(kr, k1);
310 ASSERT_INT_EQ(k1->type, KEY_RSA);
311@@ -334,7 +334,7 @@ sshkey_tests(void)
312 TEST_DONE();
313
314 TEST_START("demote KEY_DSA");
315- ASSERT_INT_EQ(sshkey_demote(kd, &k1), 0);
316+ ASSERT_INT_EQ(sshkey_from_private(kd, &k1), 0);
317 ASSERT_PTR_NE(k1, NULL);
318 ASSERT_PTR_NE(kd, k1);
319 ASSERT_INT_EQ(k1->type, KEY_DSA);
320@@ -350,7 +350,7 @@ sshkey_tests(void)
321
322 #ifdef OPENSSL_HAS_ECC
323 TEST_START("demote KEY_ECDSA");
324- ASSERT_INT_EQ(sshkey_demote(ke, &k1), 0);
325+ ASSERT_INT_EQ(sshkey_from_private(ke, &k1), 0);
326 ASSERT_PTR_NE(k1, NULL);
327 ASSERT_PTR_NE(ke, k1);
328 ASSERT_INT_EQ(k1->type, KEY_ECDSA);
329@@ -367,7 +367,7 @@ sshkey_tests(void)
330 #endif
331
332 TEST_START("demote KEY_ED25519");
333- ASSERT_INT_EQ(sshkey_demote(kf, &k1), 0);
334+ ASSERT_INT_EQ(sshkey_from_private(kf, &k1), 0);
335 ASSERT_PTR_NE(k1, NULL);
336 ASSERT_PTR_NE(kf, k1);
337 ASSERT_INT_EQ(k1->type, KEY_ED25519);
338
339commit d70d061828730a56636ab6f1f24fe4a8ccefcfc1
340Author: djm@openbsd.org <djm@openbsd.org>
341Date: Wed Sep 12 01:36:45 2018 +0000
342
343 upstream: Include certs with multiple RSA signature variants in
344
345 test data Ensure that cert->signature_key is populated correctly
346
347 OpenBSD-Regress-ID: 56e68f70fe46cb3a193ca207385bdb301fd6603a
348
349diff --git a/regress/unittests/sshkey/testdata/rsa_1_sha1 b/regress/unittests/sshkey/testdata/rsa_1_sha1
350new file mode 100644
351index 00000000..5de3f842
352--- /dev/null
353+++ b/regress/unittests/sshkey/testdata/rsa_1_sha1
354@@ -0,0 +1,15 @@
355+-----BEGIN RSA PRIVATE KEY-----
356+MIICXAIBAAKBgQDLV5lUTt7FrADseB/CGhEZzpoojjEW5y8+ePvLppmK3MmMI18u
357+d6vxzpK3bwZLYkVSyfJYI0HmIuGhdu7yMrW6wb84gbq8C31Xoe9EORcIUuGSvDKd
358+NSM1SjlhDquRblDFB8kToqXyx1lqrXecXylxIUOL0jE+u0rU1967pDJx+wIDAQAB
359+AoGAXyj5mpjmbD+YlxGIWz/zrM4hGsWgd4VteKEJxT6MMI4uzCRpkMd0ck8oHiwZ
360+GAI/SwUzIsgtONQuH3AXVsUgghW4Ynn+8ksEv0IZ918WDMDwqvqkyrVzsOsZzqYj
361+Pf8DUDKCpwFjnlknJ04yvWBZvVhWtY4OiZ8GV0Ttsu3k+GECQQD1YHfvBb5FdJBv
362+Uhde2Il+jaFia8mwVVNNaiD2ECxXx6CzGz54ZLEB9NPVfDUZK8lJ4UJDqelWNh3i
363+PF3RefWDAkEA1CVBzAFL4mNwpleVPzrfy69xP3gWOa26MxM/GE6zx9jC7HgQ3KPa
364+WKdG/FuHs085aTRDaDLmGcZ8IvMuu7NgKQJAcIOKmxR0Gd8IN7NZugjqixggb0Pj
365+mLKXXwESGiJyYtHL0zTj4Uqyi6Ya2GJ66o7UXscmnmYz828fJtTtZBdbRwJBALfi
366+C2QvA32Zv/0PEXibKXy996WSC4G3ShwXZKtHHKHvCxY5BDSbehk59VesZrVPyG2e
367+NYdOBxD0cIlCzJE56/ECQAndVkxvO8hwyEFGGwF3faHIAe/OxVb+MjaU25//Pe1/
368+h/e6tlCk4w9CODpyV685gV394eYwMcGDcIkipTNUDZs=
369+-----END RSA PRIVATE KEY-----
370diff --git a/regress/unittests/sshkey/testdata/rsa_1_sha1-cert.pub b/regress/unittests/sshkey/testdata/rsa_1_sha1-cert.pub
371new file mode 100644
372index 00000000..ff49d759
373--- /dev/null
374+++ b/regress/unittests/sshkey/testdata/rsa_1_sha1-cert.pub
375@@ -0,0 +1 @@
376+ssh-rsa-cert-v01@openssh.com AAAAHHNzaC1yc2EtY2VydC12MDFAb3BlbnNzaC5jb20AAAAgy5PGFfSaEuSuXsjvKlMZGXYD0xlnqdZftuW9tMkUYz4AAAADAQABAAAAgQDLV5lUTt7FrADseB/CGhEZzpoojjEW5y8+ePvLppmK3MmMI18ud6vxzpK3bwZLYkVSyfJYI0HmIuGhdu7yMrW6wb84gbq8C31Xoe9EORcIUuGSvDKdNSM1SjlhDquRblDFB8kToqXyx1lqrXecXylxIUOL0jE+u0rU1967pDJx+wAAAAAAAAABAAAAAQAAAARodWdvAAAAEgAAAAV1c2VyMQAAAAV1c2VyMgAAAAA2i4NgAAAAAE0d4eAAAABEAAAADWZvcmNlLWNvbW1hbmQAAAALAAAABy9iaW4vbHMAAAAOc291cmNlLWFkZHJlc3MAAAAOAAAACjEwLjAuMC4wLzgAAABkAAAAFXBlcm1pdC1YMTEtZm9yd2FyZGluZwAAAAAAAAAXcGVybWl0LWFnZW50LWZvcndhcmRpbmcAAAAAAAAACnBlcm1pdC1wdHkAAAAAAAAADnBlcm1pdC11c2VyLXJjAAAAAAAAAAAAAAEXAAAAB3NzaC1yc2EAAAADAQABAAABAQD00RRenvxICSYvj54CPiYHM86OT5xwI9XORNH6Zkl3JPCQkAEdQ3hyfhraROaHsSv43wJcKyKrEg5XUZ8fZ/BoKIGU4Rd5AmL9wyPGv2RVY7gWELqXVSpu89R2tQJRmMVMD38CH0wqCTuoZirlKMTen6yfgYuFEpuqar0uOIeAyaQG6/9rVKWK36tcfM7YXx8fmGSN4eK/JhWDDjlo28YJ7ZFF9umh5baZG2Ai/vL3BJ7C3pqaEQNdKj8XqaSoDvFWKfOujk1620Rcuj3W0D0dvp/rH8xz8YkM1dMqGlYIZ4nrF5acB58Nk5FYBjtj1hu4DGEQlWL1Avk1agU4DQLrAAABDwAAAAdzc2gtcnNhAAABAF5BtPY8FbmIekK/zNq6/Lp5agKT5zEVxqAyZKhp75bLRP+kOMZBVB9ZWrekZk6IAVAOCZGQzTsD4mxIQsxBLl8k5hvEWb90/+w9/BzW9ScOGQe+y0COa0QWWR7L3k1S8WX2oAGvtDWOj7Md85nij4ZSU9/QQQFVDF8VilWPSMxUf/3I1fqyDq7AWcZkGk/bFUN6K6RsCSxIPlGmKt0IauyvSMI2IT0XeRT242RngeeUW8vFrn9TXy9YxJRW+cSeLKCuu8agBYyQMXWQ+q39eZZqVYSoo7nFEEhtaLs8d6jzgGkcE9wGJ9KLgfY/mG2vX3gI4IzncKkVJRoeiDzXFIk= RSA test key #1
377diff --git a/regress/unittests/sshkey/testdata/rsa_1_sha1.pub b/regress/unittests/sshkey/testdata/rsa_1_sha1.pub
378new file mode 100644
379index 00000000..23ef872e
380--- /dev/null
381+++ b/regress/unittests/sshkey/testdata/rsa_1_sha1.pub
382@@ -0,0 +1 @@
383+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQDLV5lUTt7FrADseB/CGhEZzpoojjEW5y8+ePvLppmK3MmMI18ud6vxzpK3bwZLYkVSyfJYI0HmIuGhdu7yMrW6wb84gbq8C31Xoe9EORcIUuGSvDKdNSM1SjlhDquRblDFB8kToqXyx1lqrXecXylxIUOL0jE+u0rU1967pDJx+w== RSA test key #1
384diff --git a/regress/unittests/sshkey/testdata/rsa_1_sha512 b/regress/unittests/sshkey/testdata/rsa_1_sha512
385new file mode 100644
386index 00000000..5de3f842
387--- /dev/null
388+++ b/regress/unittests/sshkey/testdata/rsa_1_sha512
389@@ -0,0 +1,15 @@
390+-----BEGIN RSA PRIVATE KEY-----
391+MIICXAIBAAKBgQDLV5lUTt7FrADseB/CGhEZzpoojjEW5y8+ePvLppmK3MmMI18u
392+d6vxzpK3bwZLYkVSyfJYI0HmIuGhdu7yMrW6wb84gbq8C31Xoe9EORcIUuGSvDKd
393+NSM1SjlhDquRblDFB8kToqXyx1lqrXecXylxIUOL0jE+u0rU1967pDJx+wIDAQAB
394+AoGAXyj5mpjmbD+YlxGIWz/zrM4hGsWgd4VteKEJxT6MMI4uzCRpkMd0ck8oHiwZ
395+GAI/SwUzIsgtONQuH3AXVsUgghW4Ynn+8ksEv0IZ918WDMDwqvqkyrVzsOsZzqYj
396+Pf8DUDKCpwFjnlknJ04yvWBZvVhWtY4OiZ8GV0Ttsu3k+GECQQD1YHfvBb5FdJBv
397+Uhde2Il+jaFia8mwVVNNaiD2ECxXx6CzGz54ZLEB9NPVfDUZK8lJ4UJDqelWNh3i
398+PF3RefWDAkEA1CVBzAFL4mNwpleVPzrfy69xP3gWOa26MxM/GE6zx9jC7HgQ3KPa
399+WKdG/FuHs085aTRDaDLmGcZ8IvMuu7NgKQJAcIOKmxR0Gd8IN7NZugjqixggb0Pj
400+mLKXXwESGiJyYtHL0zTj4Uqyi6Ya2GJ66o7UXscmnmYz828fJtTtZBdbRwJBALfi
401+C2QvA32Zv/0PEXibKXy996WSC4G3ShwXZKtHHKHvCxY5BDSbehk59VesZrVPyG2e
402+NYdOBxD0cIlCzJE56/ECQAndVkxvO8hwyEFGGwF3faHIAe/OxVb+MjaU25//Pe1/
403+h/e6tlCk4w9CODpyV685gV394eYwMcGDcIkipTNUDZs=
404+-----END RSA PRIVATE KEY-----
405diff --git a/regress/unittests/sshkey/testdata/rsa_1_sha512-cert.pub b/regress/unittests/sshkey/testdata/rsa_1_sha512-cert.pub
406new file mode 100644
407index 00000000..47451968
408--- /dev/null
409+++ b/regress/unittests/sshkey/testdata/rsa_1_sha512-cert.pub
410@@ -0,0 +1 @@
411+ssh-rsa-cert-v01@openssh.com AAAAHHNzaC1yc2EtY2VydC12MDFAb3BlbnNzaC5jb20AAAAg/bUEmnMYHxlv1N7iXvnYPYdzDjlTRKoaIGEPkaQQQDwAAAADAQABAAAAgQDLV5lUTt7FrADseB/CGhEZzpoojjEW5y8+ePvLppmK3MmMI18ud6vxzpK3bwZLYkVSyfJYI0HmIuGhdu7yMrW6wb84gbq8C31Xoe9EORcIUuGSvDKdNSM1SjlhDquRblDFB8kToqXyx1lqrXecXylxIUOL0jE+u0rU1967pDJx+wAAAAAAAAABAAAAAQAAAARodWdvAAAAEgAAAAV1c2VyMQAAAAV1c2VyMgAAAAA2i4NgAAAAAE0d4eAAAABEAAAADWZvcmNlLWNvbW1hbmQAAAALAAAABy9iaW4vbHMAAAAOc291cmNlLWFkZHJlc3MAAAAOAAAACjEwLjAuMC4wLzgAAABkAAAAFXBlcm1pdC1YMTEtZm9yd2FyZGluZwAAAAAAAAAXcGVybWl0LWFnZW50LWZvcndhcmRpbmcAAAAAAAAACnBlcm1pdC1wdHkAAAAAAAAADnBlcm1pdC11c2VyLXJjAAAAAAAAAAAAAAEXAAAAB3NzaC1yc2EAAAADAQABAAABAQD00RRenvxICSYvj54CPiYHM86OT5xwI9XORNH6Zkl3JPCQkAEdQ3hyfhraROaHsSv43wJcKyKrEg5XUZ8fZ/BoKIGU4Rd5AmL9wyPGv2RVY7gWELqXVSpu89R2tQJRmMVMD38CH0wqCTuoZirlKMTen6yfgYuFEpuqar0uOIeAyaQG6/9rVKWK36tcfM7YXx8fmGSN4eK/JhWDDjlo28YJ7ZFF9umh5baZG2Ai/vL3BJ7C3pqaEQNdKj8XqaSoDvFWKfOujk1620Rcuj3W0D0dvp/rH8xz8YkM1dMqGlYIZ4nrF5acB58Nk5FYBjtj1hu4DGEQlWL1Avk1agU4DQLrAAABFAAAAAxyc2Etc2hhMi01MTIAAAEA7/GoZsJqrq4xYotsRbpM8arZDjCzT6kohXeD/GVy26s5E/YWXRYCrOMIzSZxjuN5rAaNRW8ffxq14JyI94566Kg2OeoxQ6rK/dTqkk7I1RyypSXunT3I4++RPs1Q+hu9eS/WBzur0/D3dMejhuc3IBg6iB0481I4pGBGcD8/KjQFfhlCuGVXwB1ALk2zfXFT1HYYrs6bYZuQqjgvArnjYJ0do3fTSDC20/ydV4BHnI3fVAY2THVjX45V2ppPadl/rpczaJqW1ZtpnpJkV8Un316stQSD0xLHUDjp89O6d9Yq5S0kDdfwTRJIPm9f2cGNakJwN5qzmmmdDroRKODYcg== RSA test key #1
412diff --git a/regress/unittests/sshkey/testdata/rsa_1_sha512.pub b/regress/unittests/sshkey/testdata/rsa_1_sha512.pub
413new file mode 100644
414index 00000000..23ef872e
415--- /dev/null
416+++ b/regress/unittests/sshkey/testdata/rsa_1_sha512.pub
417@@ -0,0 +1 @@
418+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQDLV5lUTt7FrADseB/CGhEZzpoojjEW5y8+ePvLppmK3MmMI18ud6vxzpK3bwZLYkVSyfJYI0HmIuGhdu7yMrW6wb84gbq8C31Xoe9EORcIUuGSvDKdNSM1SjlhDquRblDFB8kToqXyx1lqrXecXylxIUOL0jE+u0rU1967pDJx+w== RSA test key #1
419commit 482d23bcacdd3664f21cc82a5135f66fc598275f
420Author: djm@openbsd.org <djm@openbsd.org>
421Date: Thu Sep 13 02:08:33 2018 +0000
422
423 upstream: hold our collective noses and use the openssl-1.1.x API in
424
425 OpenSSH; feedback and ok tb@ jsing@ markus@
426
427 OpenBSD-Commit-ID: cacbcac87ce5da0d3ca7ef1b38a6f7fb349e4417
428
429diff --git a/auth2.c b/auth2.c
430index ab879589..4d19957a 100644
431--- a/auth2.c
432+++ b/auth2.c
433@@ -706,7 +706,7 @@ auth2_record_key(Authctxt *authctxt, int authenticated,
434 struct sshkey **tmp, *dup;
435 int r;
436
437- if ((r = sshkey_demote(key, &dup)) != 0)
438+ if ((r = sshkey_from_private(key, &dup)) != 0)
439 fatal("%s: copy key: %s", __func__, ssh_err(r));
440 sshkey_free(authctxt->auth_method_key);
441 authctxt->auth_method_key = dup;
442@@ -715,7 +715,7 @@ auth2_record_key(Authctxt *authctxt, int authenticated,
443 return;
444
445 /* If authenticated, make sure we don't accept this key again */
446- if ((r = sshkey_demote(key, &dup)) != 0)
447+ if ((r = sshkey_from_private(key, &dup)) != 0)
448 fatal("%s: copy key: %s", __func__, ssh_err(r));
449 if (authctxt->nprev_keys >= INT_MAX ||
450 (tmp = recallocarray(authctxt->prev_keys, authctxt->nprev_keys,
451diff --git a/cipher.c b/cipher.c
452index a72682a8..df43826e 100644
453--- a/cipher.c
454+++ b/cipher.c
455@@ -446,7 +446,7 @@ cipher_get_keyiv_len(const struct sshcipher_ctx *cc)
456 }
457
458 int
459-cipher_get_keyiv(struct sshcipher_ctx *cc, u_char *iv, u_int len)
460+cipher_get_keyiv(struct sshcipher_ctx *cc, u_char *iv, size_t len)
461 {
462 #ifdef WITH_OPENSSL
463 const struct sshcipher *c = cc->cipher;
464@@ -473,7 +473,7 @@ cipher_get_keyiv(struct sshcipher_ctx *cc, u_char *iv, u_int len)
465 return 0;
466 else if (evplen < 0)
467 return SSH_ERR_LIBCRYPTO_ERROR;
468- if ((u_int)evplen != len)
469+ if ((size_t)evplen != len)
470 return SSH_ERR_INVALID_ARGUMENT;
471 #ifndef OPENSSL_HAVE_EVPCTR
472 if (c->evptype == evp_aes_128_ctr)
473@@ -484,14 +484,14 @@ cipher_get_keyiv(struct sshcipher_ctx *cc, u_char *iv, u_int len)
474 if (!EVP_CIPHER_CTX_ctrl(cc->evp, EVP_CTRL_GCM_IV_GEN,
475 len, iv))
476 return SSH_ERR_LIBCRYPTO_ERROR;
477- } else
478- memcpy(iv, cc->evp->iv, len);
479+ } else if (!EVP_CIPHER_CTX_get_iv(cc->evp, iv, len))
480+ return SSH_ERR_LIBCRYPTO_ERROR;
481 #endif
482 return 0;
483 }
484
485 int
486-cipher_set_keyiv(struct sshcipher_ctx *cc, const u_char *iv)
487+cipher_set_keyiv(struct sshcipher_ctx *cc, const u_char *iv, size_t len)
488 {
489 #ifdef WITH_OPENSSL
490 const struct sshcipher *c = cc->cipher;
491@@ -507,6 +507,8 @@ cipher_set_keyiv(struct sshcipher_ctx *cc, const u_char *iv)
492 evplen = EVP_CIPHER_CTX_iv_length(cc->evp);
493 if (evplen <= 0)
494 return SSH_ERR_LIBCRYPTO_ERROR;
495+ if ((size_t)evplen != len)
496+ return SSH_ERR_INVALID_ARGUMENT;
497 #ifndef OPENSSL_HAVE_EVPCTR
498 /* XXX iv arg is const, but ssh_aes_ctr_iv isn't */
499 if (c->evptype == evp_aes_128_ctr)
500@@ -518,8 +520,8 @@ cipher_set_keyiv(struct sshcipher_ctx *cc, const u_char *iv)
501 if (!EVP_CIPHER_CTX_ctrl(cc->evp,
502 EVP_CTRL_GCM_SET_IV_FIXED, -1, (void *)iv))
503 return SSH_ERR_LIBCRYPTO_ERROR;
504- } else
505- memcpy(cc->evp->iv, iv, evplen);
506+ } else if (!EVP_CIPHER_CTX_set_iv(cc->evp, iv, evplen))
507+ return SSH_ERR_LIBCRYPTO_ERROR;
508 #endif
509 return 0;
510 }
511diff --git a/cipher.h b/cipher.h
512index dc7ecf11..dc1571d2 100644
513--- a/cipher.h
514+++ b/cipher.h
515@@ -68,8 +68,8 @@ u_int cipher_is_cbc(const struct sshcipher *);
516
517 u_int cipher_ctx_is_plaintext(struct sshcipher_ctx *);
518
519-int cipher_get_keyiv(struct sshcipher_ctx *, u_char *, u_int);
520-int cipher_set_keyiv(struct sshcipher_ctx *, const u_char *);
521+int cipher_get_keyiv(struct sshcipher_ctx *, u_char *, size_t);
522+int cipher_set_keyiv(struct sshcipher_ctx *, const u_char *, size_t);
523 int cipher_get_keyiv_len(const struct sshcipher_ctx *);
524
525 #endif /* CIPHER_H */
526diff --git a/dh.c b/dh.c
527index ac8d5a0a..d0d4527b 100644
528--- a/dh.c
529+++ b/dh.c
530@@ -216,14 +216,17 @@ choose_dh(int min, int wantbits, int max)
531 /* diffie-hellman-groupN-sha1 */
532
533 int
534-dh_pub_is_valid(DH *dh, BIGNUM *dh_pub)
535+dh_pub_is_valid(const DH *dh, const BIGNUM *dh_pub)
536 {
537 int i;
538 int n = BN_num_bits(dh_pub);
539 int bits_set = 0;
540 BIGNUM *tmp;
541+ const BIGNUM *dh_p;
542
543- if (dh_pub->neg) {
544+ DH_get0_pqg(dh, &dh_p, NULL, NULL);
545+
546+ if (BN_is_negative(dh_pub)) {
547 logit("invalid public DH value: negative");
548 return 0;
549 }
550@@ -236,7 +239,7 @@ dh_pub_is_valid(DH *dh, BIGNUM *dh_pub)
551 error("%s: BN_new failed", __func__);
552 return 0;
553 }
554- if (!BN_sub(tmp, dh->p, BN_value_one()) ||
555+ if (!BN_sub(tmp, dh_p, BN_value_one()) ||
556 BN_cmp(dh_pub, tmp) != -1) { /* pub_exp > p-2 */
557 BN_clear_free(tmp);
558 logit("invalid public DH value: >= p-1");
559@@ -247,14 +250,14 @@ dh_pub_is_valid(DH *dh, BIGNUM *dh_pub)
560 for (i = 0; i <= n; i++)
561 if (BN_is_bit_set(dh_pub, i))
562 bits_set++;
563- debug2("bits set: %d/%d", bits_set, BN_num_bits(dh->p));
564+ debug2("bits set: %d/%d", bits_set, BN_num_bits(dh_p));
565
566 /*
567 * if g==2 and bits_set==1 then computing log_g(dh_pub) is trivial
568 */
569 if (bits_set < 4) {
570 logit("invalid public DH value (%d/%d)",
571- bits_set, BN_num_bits(dh->p));
572+ bits_set, BN_num_bits(dh_p));
573 return 0;
574 }
575 return 1;
576@@ -264,9 +267,12 @@ int
577 dh_gen_key(DH *dh, int need)
578 {
579 int pbits;
580+ const BIGNUM *dh_p, *pub_key;
581+
582+ DH_get0_pqg(dh, &dh_p, NULL, NULL);
583
584- if (need < 0 || dh->p == NULL ||
585- (pbits = BN_num_bits(dh->p)) <= 0 ||
586+ if (need < 0 || dh_p == NULL ||
587+ (pbits = BN_num_bits(dh_p)) <= 0 ||
588 need > INT_MAX / 2 || 2 * need > pbits)
589 return SSH_ERR_INVALID_ARGUMENT;
590 if (need < 256)
591@@ -275,13 +281,14 @@ dh_gen_key(DH *dh, int need)
592 * Pollard Rho, Big step/Little Step attacks are O(sqrt(n)),
593 * so double requested need here.
594 */
595- dh->length = MINIMUM(need * 2, pbits - 1);
596- if (DH_generate_key(dh) == 0 ||
597- !dh_pub_is_valid(dh, dh->pub_key)) {
598- BN_clear_free(dh->priv_key);
599- dh->priv_key = NULL;
600+ if (!DH_set_length(dh, MINIMUM(need * 2, pbits - 1)))
601 return SSH_ERR_LIBCRYPTO_ERROR;
602- }
603+
604+ if (DH_generate_key(dh) == 0)
605+ return SSH_ERR_LIBCRYPTO_ERROR;
606+ DH_get0_key(dh, &pub_key, NULL);
607+ if (!dh_pub_is_valid(dh, pub_key))
608+ return SSH_ERR_INVALID_FORMAT;
609 return 0;
610 }
611
612@@ -289,22 +296,27 @@ DH *
613 dh_new_group_asc(const char *gen, const char *modulus)
614 {
615 DH *dh;
616+ BIGNUM *dh_p = NULL, *dh_g = NULL;
617
618 if ((dh = DH_new()) == NULL)
619 return NULL;
620- if (BN_hex2bn(&dh->p, modulus) == 0 ||
621- BN_hex2bn(&dh->g, gen) == 0) {
622- DH_free(dh);
623- return NULL;
624- }
625- return (dh);
626+ if (BN_hex2bn(&dh_p, modulus) == 0 ||
627+ BN_hex2bn(&dh_g, gen) == 0)
628+ goto fail;
629+ if (!DH_set0_pqg(dh, dh_p, NULL, dh_g))
630+ goto fail;
631+ return dh;
632+ fail:
633+ DH_free(dh);
634+ BN_clear_free(dh_p);
635+ BN_clear_free(dh_g);
636+ return NULL;
637 }
638
639 /*
640 * This just returns the group, we still need to generate the exchange
641 * value.
642 */
643-
644 DH *
645 dh_new_group(BIGNUM *gen, BIGNUM *modulus)
646 {
647@@ -312,10 +324,12 @@ dh_new_group(BIGNUM *gen, BIGNUM *modulus)
648
649 if ((dh = DH_new()) == NULL)
650 return NULL;
651- dh->p = modulus;
652- dh->g = gen;
653+ if (!DH_set0_pqg(dh, modulus, NULL, gen)) {
654+ DH_free(dh);
655+ return NULL;
656+ }
657
658- return (dh);
659+ return dh;
660 }
661
662 /* rfc2409 "Second Oakley Group" (1024 bits) */
663diff --git a/dh.h b/dh.h
664index bcd485cf..344b29e3 100644
665--- a/dh.h
666+++ b/dh.h
667@@ -42,7 +42,7 @@ DH *dh_new_group18(void);
668 DH *dh_new_group_fallback(int);
669
670 int dh_gen_key(DH *, int);
671-int dh_pub_is_valid(DH *, BIGNUM *);
672+int dh_pub_is_valid(const DH *, const BIGNUM *);
673
674 u_int dh_estimate(int);
675
676diff --git a/digest-openssl.c b/digest-openssl.c
677index 27709992..da7ed72b 100644
678--- a/digest-openssl.c
679+++ b/digest-openssl.c
680@@ -43,7 +43,7 @@
681
682 struct ssh_digest_ctx {
683 int alg;
684- EVP_MD_CTX mdctx;
685+ EVP_MD_CTX *mdctx;
686 };
687
688 struct ssh_digest {
689@@ -106,7 +106,7 @@ ssh_digest_bytes(int alg)
690 size_t
691 ssh_digest_blocksize(struct ssh_digest_ctx *ctx)
692 {
693- return EVP_MD_CTX_block_size(&ctx->mdctx);
694+ return EVP_MD_CTX_block_size(ctx->mdctx);
695 }
696
697 struct ssh_digest_ctx *
698@@ -118,11 +118,14 @@ ssh_digest_start(int alg)
699 if (digest == NULL || ((ret = calloc(1, sizeof(*ret))) == NULL))
700 return NULL;
701 ret->alg = alg;
702- EVP_MD_CTX_init(&ret->mdctx);
703- if (EVP_DigestInit_ex(&ret->mdctx, digest->mdfunc(), NULL) != 1) {
704+ if ((ret->mdctx = EVP_MD_CTX_new()) == NULL) {
705 free(ret);
706 return NULL;
707 }
708+ if (EVP_DigestInit_ex(ret->mdctx, digest->mdfunc(), NULL) != 1) {
709+ ssh_digest_free(ret);
710+ return NULL;
711+ }
712 return ret;
713 }
714
715@@ -132,7 +135,7 @@ ssh_digest_copy_state(struct ssh_digest_ctx *from, struct ssh_digest_ctx *to)
716 if (from->alg != to->alg)
717 return SSH_ERR_INVALID_ARGUMENT;
718 /* we have bcopy-style order while openssl has memcpy-style */
719- if (!EVP_MD_CTX_copy_ex(&to->mdctx, &from->mdctx))
720+ if (!EVP_MD_CTX_copy_ex(to->mdctx, from->mdctx))
721 return SSH_ERR_LIBCRYPTO_ERROR;
722 return 0;
723 }
724@@ -140,7 +143,7 @@ ssh_digest_copy_state(struct ssh_digest_ctx *from, struct ssh_digest_ctx *to)
725 int
726 ssh_digest_update(struct ssh_digest_ctx *ctx, const void *m, size_t mlen)
727 {
728- if (EVP_DigestUpdate(&ctx->mdctx, m, mlen) != 1)
729+ if (EVP_DigestUpdate(ctx->mdctx, m, mlen) != 1)
730 return SSH_ERR_LIBCRYPTO_ERROR;
731 return 0;
732 }
733@@ -161,7 +164,7 @@ ssh_digest_final(struct ssh_digest_ctx *ctx, u_char *d, size_t dlen)
734 return SSH_ERR_INVALID_ARGUMENT;
735 if (dlen < digest->digest_len) /* No truncation allowed */
736 return SSH_ERR_INVALID_ARGUMENT;
737- if (EVP_DigestFinal_ex(&ctx->mdctx, d, &l) != 1)
738+ if (EVP_DigestFinal_ex(ctx->mdctx, d, &l) != 1)
739 return SSH_ERR_LIBCRYPTO_ERROR;
740 if (l != digest->digest_len) /* sanity */
741 return SSH_ERR_INTERNAL_ERROR;
742@@ -171,11 +174,10 @@ ssh_digest_final(struct ssh_digest_ctx *ctx, u_char *d, size_t dlen)
743 void
744 ssh_digest_free(struct ssh_digest_ctx *ctx)
745 {
746- if (ctx != NULL) {
747- EVP_MD_CTX_cleanup(&ctx->mdctx);
748- explicit_bzero(ctx, sizeof(*ctx));
749- free(ctx);
750- }
751+ if (ctx == NULL)
752+ return;
753+ EVP_MD_CTX_free(ctx->mdctx);
754+ freezero(ctx, sizeof(*ctx));
755 }
756
757 int
758diff --git a/kexdhc.c b/kexdhc.c
759index 9a9f1ea7..a8b74247 100644
760--- a/kexdhc.c
761+++ b/kexdhc.c
762@@ -56,6 +56,7 @@ kexdh_client(struct ssh *ssh)
763 {
764 struct kex *kex = ssh->kex;
765 int r;
766+ const BIGNUM *pub_key;
767
768 /* generate and send 'e', client DH public key */
769 switch (kex->kex_type) {
770@@ -81,15 +82,17 @@ kexdh_client(struct ssh *ssh)
771 goto out;
772 }
773 debug("sending SSH2_MSG_KEXDH_INIT");
774- if ((r = dh_gen_key(kex->dh, kex->we_need * 8)) != 0 ||
775- (r = sshpkt_start(ssh, SSH2_MSG_KEXDH_INIT)) != 0 ||
776- (r = sshpkt_put_bignum2(ssh, kex->dh->pub_key)) != 0 ||
777+ if ((r = dh_gen_key(kex->dh, kex->we_need * 8)) != 0)
778+ goto out;
779+ DH_get0_key(kex->dh, &pub_key, NULL);
780+ if ((r = sshpkt_start(ssh, SSH2_MSG_KEXDH_INIT)) != 0 ||
781+ (r = sshpkt_put_bignum2(ssh, pub_key)) != 0 ||
782 (r = sshpkt_send(ssh)) != 0)
783 goto out;
784 #ifdef DEBUG_KEXDH
785 DHparams_print_fp(stderr, kex->dh);
786 fprintf(stderr, "pub= ");
787- BN_print_fp(stderr, kex->dh->pub_key);
788+ BN_print_fp(stderr, pub_key);
789 fprintf(stderr, "\n");
790 #endif
791 debug("expecting SSH2_MSG_KEXDH_REPLY");
792@@ -104,6 +107,7 @@ input_kex_dh(int type, u_int32_t seq, struct ssh *ssh)
793 {
794 struct kex *kex = ssh->kex;
795 BIGNUM *dh_server_pub = NULL, *shared_secret = NULL;
796+ const BIGNUM *pub_key;
797 struct sshkey *server_host_key = NULL;
798 u_char *kbuf = NULL, *server_host_key_blob = NULL, *signature = NULL;
799 u_char hash[SSH_DIGEST_MAX_LENGTH];
800@@ -168,6 +172,7 @@ input_kex_dh(int type, u_int32_t seq, struct ssh *ssh)
801 #endif
802
803 /* calc and verify H */
804+ DH_get0_key(kex->dh, &pub_key, NULL);
805 hashlen = sizeof(hash);
806 if ((r = kex_dh_hash(
807 kex->hash_alg,
808@@ -176,7 +181,7 @@ input_kex_dh(int type, u_int32_t seq, struct ssh *ssh)
809 sshbuf_ptr(kex->my), sshbuf_len(kex->my),
810 sshbuf_ptr(kex->peer), sshbuf_len(kex->peer),
811 server_host_key_blob, sbloblen,
812- kex->dh->pub_key,
813+ pub_key,
814 dh_server_pub,
815 shared_secret,
816 hash, &hashlen)) != 0)
817diff --git a/kexdhs.c b/kexdhs.c
818index 5dfca0a2..8367c6c3 100644
819--- a/kexdhs.c
820+++ b/kexdhs.c
821@@ -95,6 +95,7 @@ input_kex_dh_init(int type, u_int32_t seq, struct ssh *ssh)
822 {
823 struct kex *kex = ssh->kex;
824 BIGNUM *shared_secret = NULL, *dh_client_pub = NULL;
825+ const BIGNUM *pub_key;
826 struct sshkey *server_host_public, *server_host_private;
827 u_char *kbuf = NULL, *signature = NULL, *server_host_key_blob = NULL;
828 u_char hash[SSH_DIGEST_MAX_LENGTH];
829@@ -121,6 +122,7 @@ input_kex_dh_init(int type, u_int32_t seq, struct ssh *ssh)
830 r = SSH_ERR_ALLOC_FAIL;
831 goto out;
832 }
833+ DH_get0_key(kex->dh, &pub_key, NULL);
834 if ((r = sshpkt_get_bignum2(ssh, dh_client_pub)) != 0 ||
835 (r = sshpkt_get_end(ssh)) != 0)
836 goto out;
837@@ -130,12 +132,9 @@ input_kex_dh_init(int type, u_int32_t seq, struct ssh *ssh)
838 BN_print_fp(stderr, dh_client_pub);
839 fprintf(stderr, "\n");
840 debug("bits %d", BN_num_bits(dh_client_pub));
841-#endif
842-
843-#ifdef DEBUG_KEXDH
844 DHparams_print_fp(stderr, kex->dh);
845 fprintf(stderr, "pub= ");
846- BN_print_fp(stderr, kex->dh->pub_key);
847+ BN_print_fp(stderr, pub_key);
848 fprintf(stderr, "\n");
849 #endif
850 if (!dh_pub_is_valid(kex->dh, dh_client_pub)) {
851@@ -171,7 +170,7 @@ input_kex_dh_init(int type, u_int32_t seq, struct ssh *ssh)
852 sshbuf_ptr(kex->my), sshbuf_len(kex->my),
853 server_host_key_blob, sbloblen,
854 dh_client_pub,
855- kex->dh->pub_key,
856+ pub_key,
857 shared_secret,
858 hash, &hashlen)) != 0)
859 goto out;
860@@ -197,7 +196,7 @@ input_kex_dh_init(int type, u_int32_t seq, struct ssh *ssh)
861 /* send server hostkey, DH pubkey 'f' and signed H */
862 if ((r = sshpkt_start(ssh, SSH2_MSG_KEXDH_REPLY)) != 0 ||
863 (r = sshpkt_put_string(ssh, server_host_key_blob, sbloblen)) != 0 ||
864- (r = sshpkt_put_bignum2(ssh, kex->dh->pub_key)) != 0 || /* f */
865+ (r = sshpkt_put_bignum2(ssh, pub_key)) != 0 || /* f */
866 (r = sshpkt_put_string(ssh, signature, slen)) != 0 ||
867 (r = sshpkt_send(ssh)) != 0)
868 goto out;
869diff --git a/kexgexc.c b/kexgexc.c
870index 762a9a32..955bc837 100644
871--- a/kexgexc.c
872+++ b/kexgexc.c
873@@ -93,6 +93,7 @@ input_kex_dh_gex_group(int type, u_int32_t seq, struct ssh *ssh)
874 {
875 struct kex *kex = ssh->kex;
876 BIGNUM *p = NULL, *g = NULL;
877+ const BIGNUM *pub_key;
878 int r, bits;
879
880 debug("got SSH2_MSG_KEX_DH_GEX_GROUP");
881@@ -118,16 +119,18 @@ input_kex_dh_gex_group(int type, u_int32_t seq, struct ssh *ssh)
882 p = g = NULL; /* belong to kex->dh now */
883
884 /* generate and send 'e', client DH public key */
885- if ((r = dh_gen_key(kex->dh, kex->we_need * 8)) != 0 ||
886- (r = sshpkt_start(ssh, SSH2_MSG_KEX_DH_GEX_INIT)) != 0 ||
887- (r = sshpkt_put_bignum2(ssh, kex->dh->pub_key)) != 0 ||
888+ if ((r = dh_gen_key(kex->dh, kex->we_need * 8)) != 0)
889+ goto out;
890+ DH_get0_key(kex->dh, &pub_key, NULL);
891+ if ((r = sshpkt_start(ssh, SSH2_MSG_KEX_DH_GEX_INIT)) != 0 ||
892+ (r = sshpkt_put_bignum2(ssh, pub_key)) != 0 ||
893 (r = sshpkt_send(ssh)) != 0)
894 goto out;
895 debug("SSH2_MSG_KEX_DH_GEX_INIT sent");
896 #ifdef DEBUG_KEXDH
897 DHparams_print_fp(stderr, kex->dh);
898 fprintf(stderr, "pub= ");
899- BN_print_fp(stderr, kex->dh->pub_key);
900+ BN_print_fp(stderr, pub_key);
901 fprintf(stderr, "\n");
902 #endif
903 ssh_dispatch_set(ssh, SSH2_MSG_KEX_DH_GEX_GROUP, NULL);
904@@ -144,6 +147,7 @@ input_kex_dh_gex_reply(int type, u_int32_t seq, struct ssh *ssh)
905 {
906 struct kex *kex = ssh->kex;
907 BIGNUM *dh_server_pub = NULL, *shared_secret = NULL;
908+ const BIGNUM *pub_key, *dh_p, *dh_g;
909 struct sshkey *server_host_key = NULL;
910 u_char *kbuf = NULL, *signature = NULL, *server_host_key_blob = NULL;
911 u_char hash[SSH_DIGEST_MAX_LENGTH];
912@@ -211,6 +215,8 @@ input_kex_dh_gex_reply(int type, u_int32_t seq, struct ssh *ssh)
913 kex->min = kex->max = -1;
914
915 /* calc and verify H */
916+ DH_get0_key(kex->dh, &pub_key, NULL);
917+ DH_get0_pqg(kex->dh, &dh_p, NULL, &dh_g);
918 hashlen = sizeof(hash);
919 if ((r = kexgex_hash(
920 kex->hash_alg,
921@@ -220,8 +226,8 @@ input_kex_dh_gex_reply(int type, u_int32_t seq, struct ssh *ssh)
922 sshbuf_ptr(kex->peer), sshbuf_len(kex->peer),
923 server_host_key_blob, sbloblen,
924 kex->min, kex->nbits, kex->max,
925- kex->dh->p, kex->dh->g,
926- kex->dh->pub_key,
927+ dh_p, dh_g,
928+ pub_key,
929 dh_server_pub,
930 shared_secret,
931 hash, &hashlen)) != 0)
932diff --git a/kexgexs.c b/kexgexs.c
933index f6983fd6..2a4aa7e8 100644
934--- a/kexgexs.c
935+++ b/kexgexs.c
936@@ -72,6 +72,7 @@ input_kex_dh_gex_request(int type, u_int32_t seq, struct ssh *ssh)
937 struct kex *kex = ssh->kex;
938 int r;
939 u_int min = 0, max = 0, nbits = 0;
940+ const BIGNUM *dh_p, *dh_g;
941
942 debug("SSH2_MSG_KEX_DH_GEX_REQUEST received");
943 if ((r = sshpkt_get_u32(ssh, &min)) != 0 ||
944@@ -101,9 +102,10 @@ input_kex_dh_gex_request(int type, u_int32_t seq, struct ssh *ssh)
945 goto out;
946 }
947 debug("SSH2_MSG_KEX_DH_GEX_GROUP sent");
948+ DH_get0_pqg(kex->dh, &dh_p, NULL, &dh_g);
949 if ((r = sshpkt_start(ssh, SSH2_MSG_KEX_DH_GEX_GROUP)) != 0 ||
950- (r = sshpkt_put_bignum2(ssh, kex->dh->p)) != 0 ||
951- (r = sshpkt_put_bignum2(ssh, kex->dh->g)) != 0 ||
952+ (r = sshpkt_put_bignum2(ssh, dh_p)) != 0 ||
953+ (r = sshpkt_put_bignum2(ssh, dh_g)) != 0 ||
954 (r = sshpkt_send(ssh)) != 0)
955 goto out;
956
957@@ -123,6 +125,7 @@ input_kex_dh_gex_init(int type, u_int32_t seq, struct ssh *ssh)
958 {
959 struct kex *kex = ssh->kex;
960 BIGNUM *shared_secret = NULL, *dh_client_pub = NULL;
961+ const BIGNUM *pub_key, *dh_p, *dh_g;
962 struct sshkey *server_host_public, *server_host_private;
963 u_char *kbuf = NULL, *signature = NULL, *server_host_key_blob = NULL;
964 u_char hash[SSH_DIGEST_MAX_LENGTH];
965@@ -153,17 +156,17 @@ input_kex_dh_gex_init(int type, u_int32_t seq, struct ssh *ssh)
966 (r = sshpkt_get_end(ssh)) != 0)
967 goto out;
968
969+ DH_get0_key(kex->dh, &pub_key, NULL);
970+ DH_get0_pqg(kex->dh, &dh_p, NULL, &dh_g);
971+
972 #ifdef DEBUG_KEXDH
973 fprintf(stderr, "dh_client_pub= ");
974 BN_print_fp(stderr, dh_client_pub);
975 fprintf(stderr, "\n");
976 debug("bits %d", BN_num_bits(dh_client_pub));
977-#endif
978-
979-#ifdef DEBUG_KEXDH
980 DHparams_print_fp(stderr, kex->dh);
981 fprintf(stderr, "pub= ");
982- BN_print_fp(stderr, kex->dh->pub_key);
983+ BN_print_fp(stderr, pub_key);
984 fprintf(stderr, "\n");
985 #endif
986 if (!dh_pub_is_valid(kex->dh, dh_client_pub)) {
987@@ -199,9 +202,9 @@ input_kex_dh_gex_init(int type, u_int32_t seq, struct ssh *ssh)
988 sshbuf_ptr(kex->my), sshbuf_len(kex->my),
989 server_host_key_blob, sbloblen,
990 kex->min, kex->nbits, kex->max,
991- kex->dh->p, kex->dh->g,
992+ dh_p, dh_g,
993 dh_client_pub,
994- kex->dh->pub_key,
995+ pub_key,
996 shared_secret,
997 hash, &hashlen)) != 0)
998 goto out;
999@@ -227,7 +230,7 @@ input_kex_dh_gex_init(int type, u_int32_t seq, struct ssh *ssh)
1000 /* send server hostkey, DH pubkey 'f' and signed H */
1001 if ((r = sshpkt_start(ssh, SSH2_MSG_KEX_DH_GEX_REPLY)) != 0 ||
1002 (r = sshpkt_put_string(ssh, server_host_key_blob, sbloblen)) != 0 ||
1003- (r = sshpkt_put_bignum2(ssh, kex->dh->pub_key)) != 0 || /* f */
1004+ (r = sshpkt_put_bignum2(ssh, pub_key)) != 0 || /* f */
1005 (r = sshpkt_put_string(ssh, signature, slen)) != 0 ||
1006 (r = sshpkt_send(ssh)) != 0)
1007 goto out;
1008diff --git a/monitor.c b/monitor.c
1009index d4b4b047..b30813b4 100644
1010--- a/monitor.c
1011+++ b/monitor.c
1012@@ -566,6 +566,7 @@ int
1013 mm_answer_moduli(int sock, struct sshbuf *m)
1014 {
1015 DH *dh;
1016+ const BIGNUM *dh_p, *dh_g;
1017 int r;
1018 u_int min, want, max;
1019
1020@@ -590,9 +591,10 @@ mm_answer_moduli(int sock, struct sshbuf *m)
1021 return (0);
1022 } else {
1023 /* Send first bignum */
1024+ DH_get0_pqg(dh, &dh_p, NULL, &dh_g);
1025 if ((r = sshbuf_put_u8(m, 1)) != 0 ||
1026- (r = sshbuf_put_bignum2(m, dh->p)) != 0 ||
1027- (r = sshbuf_put_bignum2(m, dh->g)) != 0)
1028+ (r = sshbuf_put_bignum2(m, dh_p)) != 0 ||
1029+ (r = sshbuf_put_bignum2(m, dh_g)) != 0)
1030 fatal("%s: buffer error: %s", __func__, ssh_err(r));
1031
1032 DH_free(dh);
1033diff --git a/ssh-dss.c b/ssh-dss.c
1034index 9f832ee2..631b1571 100644
1035--- a/ssh-dss.c
1036+++ b/ssh-dss.c
1037@@ -51,6 +51,7 @@ ssh_dss_sign(const struct sshkey *key, u_char **sigp, size_t *lenp,
1038 const u_char *data, size_t datalen, u_int compat)
1039 {
1040 DSA_SIG *sig = NULL;
1041+ const BIGNUM *sig_r, *sig_s;
1042 u_char digest[SSH_DIGEST_MAX_LENGTH], sigblob[SIGBLOB_LEN];
1043 size_t rlen, slen, len, dlen = ssh_digest_bytes(SSH_DIGEST_SHA1);
1044 struct sshbuf *b = NULL;
1045@@ -76,15 +77,16 @@ ssh_dss_sign(const struct sshkey *key, u_char **sigp, size_t *lenp,
1046 goto out;
1047 }
1048
1049- rlen = BN_num_bytes(sig->r);
1050- slen = BN_num_bytes(sig->s);
1051+ DSA_SIG_get0(sig, &sig_r, &sig_s);
1052+ rlen = BN_num_bytes(sig_r);
1053+ slen = BN_num_bytes(sig_s);
1054 if (rlen > INTBLOB_LEN || slen > INTBLOB_LEN) {
1055 ret = SSH_ERR_INTERNAL_ERROR;
1056 goto out;
1057 }
1058 explicit_bzero(sigblob, SIGBLOB_LEN);
1059- BN_bn2bin(sig->r, sigblob + SIGBLOB_LEN - INTBLOB_LEN - rlen);
1060- BN_bn2bin(sig->s, sigblob + SIGBLOB_LEN - slen);
1061+ BN_bn2bin(sig_r, sigblob + SIGBLOB_LEN - INTBLOB_LEN - rlen);
1062+ BN_bn2bin(sig_s, sigblob + SIGBLOB_LEN - slen);
1063
1064 if ((b = sshbuf_new()) == NULL) {
1065 ret = SSH_ERR_ALLOC_FAIL;
1066@@ -118,6 +120,7 @@ ssh_dss_verify(const struct sshkey *key,
1067 const u_char *data, size_t datalen, u_int compat)
1068 {
1069 DSA_SIG *sig = NULL;
1070+ BIGNUM *sig_r = NULL, *sig_s = NULL;
1071 u_char digest[SSH_DIGEST_MAX_LENGTH], *sigblob = NULL;
1072 size_t len, dlen = ssh_digest_bytes(SSH_DIGEST_SHA1);
1073 int ret = SSH_ERR_INTERNAL_ERROR;
1074@@ -155,16 +158,21 @@ ssh_dss_verify(const struct sshkey *key,
1075
1076 /* parse signature */
1077 if ((sig = DSA_SIG_new()) == NULL ||
1078- (sig->r = BN_new()) == NULL ||
1079- (sig->s = BN_new()) == NULL) {
1080+ (sig_r = BN_new()) == NULL ||
1081+ (sig_s = BN_new()) == NULL) {
1082 ret = SSH_ERR_ALLOC_FAIL;
1083 goto out;
1084 }
1085- if ((BN_bin2bn(sigblob, INTBLOB_LEN, sig->r) == NULL) ||
1086- (BN_bin2bn(sigblob+ INTBLOB_LEN, INTBLOB_LEN, sig->s) == NULL)) {
1087+ if ((BN_bin2bn(sigblob, INTBLOB_LEN, sig_r) == NULL) ||
1088+ (BN_bin2bn(sigblob + INTBLOB_LEN, INTBLOB_LEN, sig_s) == NULL)) {
1089 ret = SSH_ERR_LIBCRYPTO_ERROR;
1090 goto out;
1091 }
1092+ if (!DSA_SIG_set0(sig, sig_r, sig_s)) {
1093+ ret = SSH_ERR_LIBCRYPTO_ERROR;
1094+ goto out;
1095+ }
1096+ sig_r = sig_s = NULL; /* transferred */
1097
1098 /* sha1 the data */
1099 if ((ret = ssh_digest_memory(SSH_DIGEST_SHA1, data, datalen,
1100@@ -186,6 +194,8 @@ ssh_dss_verify(const struct sshkey *key,
1101 out:
1102 explicit_bzero(digest, sizeof(digest));
1103 DSA_SIG_free(sig);
1104+ BN_clear_free(sig_r);
1105+ BN_clear_free(sig_s);
1106 sshbuf_free(b);
1107 free(ktype);
1108 if (sigblob != NULL) {
1109diff --git a/ssh-ecdsa.c b/ssh-ecdsa.c
1110index 3d3b78d7..9e92af04 100644
1111--- a/ssh-ecdsa.c
1112+++ b/ssh-ecdsa.c
1113@@ -49,6 +49,7 @@ ssh_ecdsa_sign(const struct sshkey *key, u_char **sigp, size_t *lenp,
1114 const u_char *data, size_t datalen, u_int compat)
1115 {
1116 ECDSA_SIG *sig = NULL;
1117+ const BIGNUM *sig_r, *sig_s;
1118 int hash_alg;
1119 u_char digest[SSH_DIGEST_MAX_LENGTH];
1120 size_t len, dlen;
1121@@ -80,8 +81,9 @@ ssh_ecdsa_sign(const struct sshkey *key, u_char **sigp, size_t *lenp,
1122 ret = SSH_ERR_ALLOC_FAIL;
1123 goto out;
1124 }
1125- if ((ret = sshbuf_put_bignum2(bb, sig->r)) != 0 ||
1126- (ret = sshbuf_put_bignum2(bb, sig->s)) != 0)
1127+ ECDSA_SIG_get0(sig, &sig_r, &sig_s);
1128+ if ((ret = sshbuf_put_bignum2(bb, sig_r)) != 0 ||
1129+ (ret = sshbuf_put_bignum2(bb, sig_s)) != 0)
1130 goto out;
1131 if ((ret = sshbuf_put_cstring(b, sshkey_ssh_name_plain(key))) != 0 ||
1132 (ret = sshbuf_put_stringb(b, bb)) != 0)
1133@@ -112,6 +114,7 @@ ssh_ecdsa_verify(const struct sshkey *key,
1134 const u_char *data, size_t datalen, u_int compat)
1135 {
1136 ECDSA_SIG *sig = NULL;
1137+ BIGNUM *sig_r = NULL, *sig_s = NULL;
1138 int hash_alg;
1139 u_char digest[SSH_DIGEST_MAX_LENGTH];
1140 size_t dlen;
1141@@ -146,15 +149,23 @@ ssh_ecdsa_verify(const struct sshkey *key,
1142 }
1143
1144 /* parse signature */
1145- if ((sig = ECDSA_SIG_new()) == NULL) {
1146+ if ((sig = ECDSA_SIG_new()) == NULL ||
1147+ (sig_r = BN_new()) == NULL ||
1148+ (sig_s = BN_new()) == NULL) {
1149 ret = SSH_ERR_ALLOC_FAIL;
1150 goto out;
1151 }
1152- if (sshbuf_get_bignum2(sigbuf, sig->r) != 0 ||
1153- sshbuf_get_bignum2(sigbuf, sig->s) != 0) {
1154+ if (sshbuf_get_bignum2(sigbuf, sig_r) != 0 ||
1155+ sshbuf_get_bignum2(sigbuf, sig_s) != 0) {
1156 ret = SSH_ERR_INVALID_FORMAT;
1157 goto out;
1158 }
1159+ if (!ECDSA_SIG_set0(sig, sig_r, sig_s)) {
1160+ ret = SSH_ERR_LIBCRYPTO_ERROR;
1161+ goto out;
1162+ }
1163+ sig_r = sig_s = NULL; /* transferred */
1164+
1165 if (sshbuf_len(sigbuf) != 0) {
1166 ret = SSH_ERR_UNEXPECTED_TRAILING_DATA;
1167 goto out;
1168@@ -180,6 +191,8 @@ ssh_ecdsa_verify(const struct sshkey *key,
1169 sshbuf_free(sigbuf);
1170 sshbuf_free(b);
1171 ECDSA_SIG_free(sig);
1172+ BN_clear_free(sig_r);
1173+ BN_clear_free(sig_s);
1174 free(ktype);
1175 return ret;
1176 }
1177diff --git a/ssh-keygen.c b/ssh-keygen.c
1178index 748ce37d..a70fd1f8 100644
1179--- a/ssh-keygen.c
1180+++ b/ssh-keygen.c
1181@@ -450,7 +450,10 @@ do_convert_private_ssh2_from_blob(u_char *blob, u_int blen)
1182 u_int magic, i1, i2, i3, i4;
1183 size_t slen;
1184 u_long e;
1185-
1186+ BIGNUM *dsa_p = NULL, *dsa_q = NULL, *dsa_g = NULL;
1187+ BIGNUM *dsa_pub_key = NULL, *dsa_priv_key = NULL;
1188+ BIGNUM *rsa_n = NULL, *rsa_e = NULL, *rsa_d = NULL;
1189+ BIGNUM *rsa_p = NULL, *rsa_q = NULL, *rsa_iqmp = NULL;
1190 if ((b = sshbuf_from(blob, blen)) == NULL)
1191 fatal("%s: sshbuf_from failed", __func__);
1192 if ((r = sshbuf_get_u32(b, &magic)) != 0)
1193@@ -494,11 +497,23 @@ do_convert_private_ssh2_from_blob(u_char *blob, u_int blen)
1194
1195 switch (key->type) {
1196 case KEY_DSA:
1197- buffer_get_bignum_bits(b, key->dsa->p);
1198- buffer_get_bignum_bits(b, key->dsa->g);
1199- buffer_get_bignum_bits(b, key->dsa->q);
1200- buffer_get_bignum_bits(b, key->dsa->pub_key);
1201- buffer_get_bignum_bits(b, key->dsa->priv_key);
1202+ if ((dsa_p = BN_new()) == NULL ||
1203+ (dsa_q = BN_new()) == NULL ||
1204+ (dsa_g = BN_new()) == NULL ||
1205+ (dsa_pub_key = BN_new()) == NULL ||
1206+ (dsa_priv_key = BN_new()) == NULL)
1207+ fatal("%s: BN_new", __func__);
1208+ buffer_get_bignum_bits(b, dsa_p);
1209+ buffer_get_bignum_bits(b, dsa_g);
1210+ buffer_get_bignum_bits(b, dsa_q);
1211+ buffer_get_bignum_bits(b, dsa_pub_key);
1212+ buffer_get_bignum_bits(b, dsa_priv_key);
1213+ if (!DSA_set0_pqg(key->dsa, dsa_p, dsa_q, dsa_g))
1214+ fatal("%s: DSA_set0_pqg failed", __func__);
1215+ dsa_p = dsa_q = dsa_g = NULL; /* transferred */
1216+ if (!DSA_set0_key(key->dsa, dsa_pub_key, dsa_priv_key))
1217+ fatal("%s: DSA_set0_key failed", __func__);
1218+ dsa_pub_key = dsa_priv_key = NULL; /* transferred */
1219 break;
1220 case KEY_RSA:
1221 if ((r = sshbuf_get_u8(b, &e1)) != 0 ||
1222@@ -515,18 +530,34 @@ do_convert_private_ssh2_from_blob(u_char *blob, u_int blen)
1223 e += e3;
1224 debug("e %lx", e);
1225 }
1226- if (!BN_set_word(key->rsa->e, e)) {
1227+ if ((rsa_e = BN_new()) == NULL)
1228+ fatal("%s: BN_new", __func__);
1229+ if (!BN_set_word(rsa_e, e)) {
1230+ BN_clear_free(rsa_e);
1231 sshbuf_free(b);
1232 sshkey_free(key);
1233 return NULL;
1234 }
1235- buffer_get_bignum_bits(b, key->rsa->d);
1236- buffer_get_bignum_bits(b, key->rsa->n);
1237- buffer_get_bignum_bits(b, key->rsa->iqmp);
1238- buffer_get_bignum_bits(b, key->rsa->q);
1239- buffer_get_bignum_bits(b, key->rsa->p);
1240- if ((r = ssh_rsa_generate_additional_parameters(key)) != 0)
1241+ if ((rsa_n = BN_new()) == NULL ||
1242+ (rsa_d = BN_new()) == NULL ||
1243+ (rsa_p = BN_new()) == NULL ||
1244+ (rsa_q = BN_new()) == NULL ||
1245+ (rsa_iqmp = BN_new()) == NULL)
1246+ fatal("%s: BN_new", __func__);
1247+ buffer_get_bignum_bits(b, rsa_d);
1248+ buffer_get_bignum_bits(b, rsa_n);
1249+ buffer_get_bignum_bits(b, rsa_iqmp);
1250+ buffer_get_bignum_bits(b, rsa_q);
1251+ buffer_get_bignum_bits(b, rsa_p);
1252+ if (!RSA_set0_key(key->rsa, rsa_n, rsa_e, rsa_d))
1253+ fatal("%s: RSA_set0_key failed", __func__);
1254+ rsa_n = rsa_e = rsa_d = NULL; /* transferred */
1255+ if (!RSA_set0_factors(key->rsa, rsa_p, rsa_q))
1256+ fatal("%s: RSA_set0_factors failed", __func__);
1257+ rsa_p = rsa_q = NULL; /* transferred */
1258+ if ((r = ssh_rsa_complete_crt_parameters(key, rsa_iqmp)) != 0)
1259 fatal("generate RSA parameters failed: %s", ssh_err(r));
1260+ BN_clear_free(rsa_iqmp);
1261 break;
1262 }
1263 rlen = sshbuf_len(b);
1264@@ -634,7 +665,7 @@ do_convert_from_pkcs8(struct sshkey **k, int *private)
1265 identity_file);
1266 }
1267 fclose(fp);
1268- switch (EVP_PKEY_type(pubkey->type)) {
1269+ switch (EVP_PKEY_base_id(pubkey)) {
1270 case EVP_PKEY_RSA:
1271 if ((*k = sshkey_new(KEY_UNSPEC)) == NULL)
1272 fatal("sshkey_new failed");
1273@@ -658,7 +689,7 @@ do_convert_from_pkcs8(struct sshkey **k, int *private)
1274 #endif
1275 default:
1276 fatal("%s: unsupported pubkey type %d", __func__,
1277- EVP_PKEY_type(pubkey->type));
1278+ EVP_PKEY_base_id(pubkey));
1279 }
1280 EVP_PKEY_free(pubkey);
1281 return;
1282diff --git a/ssh-pkcs11-client.c b/ssh-pkcs11-client.c
1283index 028b272c..bcc18c6b 100644
1284--- a/ssh-pkcs11-client.c
1285+++ b/ssh-pkcs11-client.c
1286@@ -156,12 +156,14 @@ pkcs11_rsa_private_encrypt(int flen, const u_char *from, u_char *to, RSA *rsa,
1287 static int
1288 wrap_key(RSA *rsa)
1289 {
1290- static RSA_METHOD helper_rsa;
1291+ static RSA_METHOD *helper_rsa;
1292
1293- memcpy(&helper_rsa, RSA_get_default_method(), sizeof(helper_rsa));
1294- helper_rsa.name = "ssh-pkcs11-helper";
1295- helper_rsa.rsa_priv_enc = pkcs11_rsa_private_encrypt;
1296- RSA_set_method(rsa, &helper_rsa);
1297+ if ((helper_rsa = RSA_meth_dup(RSA_get_default_method())) == NULL)
1298+ fatal("%s: RSA_meth_dup failed", __func__);
1299+ if (!RSA_meth_set1_name(helper_rsa, "ssh-pkcs11-helper") ||
1300+ !RSA_meth_set_priv_enc(helper_rsa, pkcs11_rsa_private_encrypt))
1301+ fatal("%s: failed to prepare method", __func__);
1302+ RSA_set_method(rsa, helper_rsa);
1303 return (0);
1304 }
1305
1306diff --git a/ssh-pkcs11.c b/ssh-pkcs11.c
1307index 65a7b589..c35f9415 100644
1308--- a/ssh-pkcs11.c
1309+++ b/ssh-pkcs11.c
1310@@ -67,7 +67,7 @@ struct pkcs11_key {
1311 struct pkcs11_provider *provider;
1312 CK_ULONG slotidx;
1313 int (*orig_finish)(RSA *rsa);
1314- RSA_METHOD rsa_method;
1315+ RSA_METHOD *rsa_method;
1316 char *keyid;
1317 int keyid_len;
1318 };
1319@@ -182,6 +182,7 @@ pkcs11_rsa_finish(RSA *rsa)
1320 rv = k11->orig_finish(rsa);
1321 if (k11->provider)
1322 pkcs11_provider_unref(k11->provider);
1323+ RSA_meth_free(k11->rsa_method);
1324 free(k11->keyid);
1325 free(k11);
1326 }
1327@@ -326,13 +327,18 @@ pkcs11_rsa_wrap(struct pkcs11_provider *provider, CK_ULONG slotidx,
1328 k11->keyid = xmalloc(k11->keyid_len);
1329 memcpy(k11->keyid, keyid_attrib->pValue, k11->keyid_len);
1330 }
1331- k11->orig_finish = def->finish;
1332- memcpy(&k11->rsa_method, def, sizeof(k11->rsa_method));
1333- k11->rsa_method.name = "pkcs11";
1334- k11->rsa_method.rsa_priv_enc = pkcs11_rsa_private_encrypt;
1335- k11->rsa_method.rsa_priv_dec = pkcs11_rsa_private_decrypt;
1336- k11->rsa_method.finish = pkcs11_rsa_finish;
1337- RSA_set_method(rsa, &k11->rsa_method);
1338+ k11->rsa_method = RSA_meth_dup(def);
1339+ if (k11->rsa_method == NULL)
1340+ fatal("%s: RSA_meth_dup failed", __func__);
1341+ k11->orig_finish = RSA_meth_get_finish(def);
1342+ if (!RSA_meth_set1_name(k11->rsa_method, "pkcs11") ||
1343+ !RSA_meth_set_priv_enc(k11->rsa_method,
1344+ pkcs11_rsa_private_encrypt) ||
1345+ !RSA_meth_set_priv_dec(k11->rsa_method,
1346+ pkcs11_rsa_private_decrypt) ||
1347+ !RSA_meth_set_finish(k11->rsa_method, pkcs11_rsa_finish))
1348+ fatal("%s: setup pkcs11 method failed", __func__);
1349+ RSA_set_method(rsa, k11->rsa_method);
1350 RSA_set_app_data(rsa, k11);
1351 return (0);
1352 }
1353@@ -444,6 +450,15 @@ pkcs11_key_included(struct sshkey ***keysp, int *nkeys, struct sshkey *key)
1354 return (0);
1355 }
1356
1357+static int
1358+have_rsa_key(const RSA *rsa)
1359+{
1360+ const BIGNUM *rsa_n, *rsa_e;
1361+
1362+ RSA_get0_key(rsa, &rsa_n, &rsa_e, NULL);
1363+ return rsa_n != NULL && rsa_e != NULL;
1364+}
1365+
1366 static int
1367 pkcs11_fetch_keys_filter(struct pkcs11_provider *p, CK_ULONG slotidx,
1368 CK_ATTRIBUTE filter[], CK_ATTRIBUTE attribs[3],
1369@@ -512,10 +527,20 @@ pkcs11_fetch_keys_filter(struct pkcs11_provider *p, CK_ULONG slotidx,
1370 if ((rsa = RSA_new()) == NULL) {
1371 error("RSA_new failed");
1372 } else {
1373- rsa->n = BN_bin2bn(attribs[1].pValue,
1374+ BIGNUM *rsa_n, *rsa_e;
1375+
1376+ rsa_n = BN_bin2bn(attribs[1].pValue,
1377 attribs[1].ulValueLen, NULL);
1378- rsa->e = BN_bin2bn(attribs[2].pValue,
1379+ rsa_e = BN_bin2bn(attribs[2].pValue,
1380 attribs[2].ulValueLen, NULL);
1381+ if (rsa_n != NULL && rsa_e != NULL) {
1382+ if (!RSA_set0_key(rsa,
1383+ rsa_n, rsa_e, NULL))
1384+ fatal("%s: set key", __func__);
1385+ rsa_n = rsa_e = NULL; /* transferred */
1386+ }
1387+ BN_free(rsa_n);
1388+ BN_free(rsa_e);
1389 }
1390 } else {
1391 cp = attribs[2].pValue;
1392@@ -525,16 +550,16 @@ pkcs11_fetch_keys_filter(struct pkcs11_provider *p, CK_ULONG slotidx,
1393 == NULL) {
1394 error("d2i_X509 failed");
1395 } else if ((evp = X509_get_pubkey(x509)) == NULL ||
1396- evp->type != EVP_PKEY_RSA ||
1397- evp->pkey.rsa == NULL) {
1398+ EVP_PKEY_base_id(evp) != EVP_PKEY_RSA ||
1399+ EVP_PKEY_get0_RSA(evp) == NULL) {
1400 debug("X509_get_pubkey failed or no rsa");
1401- } else if ((rsa = RSAPublicKey_dup(evp->pkey.rsa))
1402- == NULL) {
1403+ } else if ((rsa = RSAPublicKey_dup(
1404+ EVP_PKEY_get0_RSA(evp))) == NULL) {
1405 error("RSAPublicKey_dup");
1406 }
1407 X509_free(x509);
1408 }
1409- if (rsa && rsa->n && rsa->e &&
1410+ if (rsa && have_rsa_key(rsa) &&
1411 pkcs11_rsa_wrap(p, slotidx, &attribs[0], rsa) == 0) {
1412 if ((key = sshkey_new(KEY_UNSPEC)) == NULL)
1413 fatal("sshkey_new failed");
1414diff --git a/ssh-rsa.c b/ssh-rsa.c
1415index 1756315b..2788f334 100644
1416--- a/ssh-rsa.c
1417+++ b/ssh-rsa.c
1418@@ -104,38 +104,55 @@ rsa_hash_alg_nid(int type)
1419 }
1420
1421 int
1422-ssh_rsa_generate_additional_parameters(struct sshkey *key)
1423+ssh_rsa_complete_crt_parameters(struct sshkey *key, const BIGNUM *iqmp)
1424 {
1425- BIGNUM *aux = NULL;
1426+ const BIGNUM *rsa_p, *rsa_q, *rsa_d;
1427+ BIGNUM *aux = NULL, *d_consttime = NULL;
1428+ BIGNUM *rsa_dmq1 = NULL, *rsa_dmp1 = NULL, *rsa_iqmp = NULL;
1429 BN_CTX *ctx = NULL;
1430- BIGNUM d;
1431 int r;
1432
1433 if (key == NULL || key->rsa == NULL ||
1434 sshkey_type_plain(key->type) != KEY_RSA)
1435 return SSH_ERR_INVALID_ARGUMENT;
1436
1437+ RSA_get0_key(key->rsa, NULL, NULL, &rsa_d);
1438+ RSA_get0_factors(key->rsa, &rsa_p, &rsa_q);
1439+
1440 if ((ctx = BN_CTX_new()) == NULL)
1441 return SSH_ERR_ALLOC_FAIL;
1442- if ((aux = BN_new()) == NULL) {
1443+ if ((aux = BN_new()) == NULL ||
1444+ (rsa_dmq1 = BN_new()) == NULL ||
1445+ (rsa_dmp1 = BN_new()) == NULL)
1446+ return SSH_ERR_ALLOC_FAIL;
1447+ if ((d_consttime = BN_dup(rsa_d)) == NULL ||
1448+ (rsa_iqmp = BN_dup(iqmp)) == NULL) {
1449 r = SSH_ERR_ALLOC_FAIL;
1450 goto out;
1451 }
1452 BN_set_flags(aux, BN_FLG_CONSTTIME);
1453+ BN_set_flags(d_consttime, BN_FLG_CONSTTIME);
1454
1455- BN_init(&d);
1456- BN_with_flags(&d, key->rsa->d, BN_FLG_CONSTTIME);
1457-
1458- if ((BN_sub(aux, key->rsa->q, BN_value_one()) == 0) ||
1459- (BN_mod(key->rsa->dmq1, &d, aux, ctx) == 0) ||
1460- (BN_sub(aux, key->rsa->p, BN_value_one()) == 0) ||
1461- (BN_mod(key->rsa->dmp1, &d, aux, ctx) == 0)) {
1462+ if ((BN_sub(aux, rsa_q, BN_value_one()) == 0) ||
1463+ (BN_mod(rsa_dmq1, d_consttime, aux, ctx) == 0) ||
1464+ (BN_sub(aux, rsa_p, BN_value_one()) == 0) ||
1465+ (BN_mod(rsa_dmp1, d_consttime, aux, ctx) == 0)) {
1466+ r = SSH_ERR_LIBCRYPTO_ERROR;
1467+ goto out;
1468+ }
1469+ if (!RSA_set0_crt_params(key->rsa, rsa_dmp1, rsa_dmq1, rsa_iqmp)) {
1470 r = SSH_ERR_LIBCRYPTO_ERROR;
1471 goto out;
1472 }
1473+ rsa_dmp1 = rsa_dmq1 = rsa_iqmp = NULL; /* transferred */
1474+ /* success */
1475 r = 0;
1476 out:
1477 BN_clear_free(aux);
1478+ BN_clear_free(d_consttime);
1479+ BN_clear_free(rsa_dmp1);
1480+ BN_clear_free(rsa_dmq1);
1481+ BN_clear_free(rsa_iqmp);
1482 BN_CTX_free(ctx);
1483 return r;
1484 }
1485@@ -145,6 +162,7 @@ int
1486 ssh_rsa_sign(const struct sshkey *key, u_char **sigp, size_t *lenp,
1487 const u_char *data, size_t datalen, const char *alg_ident)
1488 {
1489+ const BIGNUM *rsa_n;
1490 u_char digest[SSH_DIGEST_MAX_LENGTH], *sig = NULL;
1491 size_t slen = 0;
1492 u_int dlen, len;
1493@@ -163,7 +181,8 @@ ssh_rsa_sign(const struct sshkey *key, u_char **sigp, size_t *lenp,
1494 if (key == NULL || key->rsa == NULL || hash_alg == -1 ||
1495 sshkey_type_plain(key->type) != KEY_RSA)
1496 return SSH_ERR_INVALID_ARGUMENT;
1497- if (BN_num_bits(key->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE)
1498+ RSA_get0_key(key->rsa, &rsa_n, NULL, NULL);
1499+ if (BN_num_bits(rsa_n) < SSH_RSA_MINIMUM_MODULUS_SIZE)
1500 return SSH_ERR_KEY_LENGTH;
1501 slen = RSA_size(key->rsa);
1502 if (slen <= 0 || slen > SSHBUF_MAX_BIGNUM)
1503@@ -225,6 +244,7 @@ ssh_rsa_verify(const struct sshkey *key,
1504 const u_char *sig, size_t siglen, const u_char *data, size_t datalen,
1505 const char *alg)
1506 {
1507+ const BIGNUM *rsa_n;
1508 char *sigtype = NULL;
1509 int hash_alg, want_alg, ret = SSH_ERR_INTERNAL_ERROR;
1510 size_t len = 0, diff, modlen, dlen;
1511@@ -235,7 +255,8 @@ ssh_rsa_verify(const struct sshkey *key,
1512 sshkey_type_plain(key->type) != KEY_RSA ||
1513 sig == NULL || siglen == 0)
1514 return SSH_ERR_INVALID_ARGUMENT;
1515- if (BN_num_bits(key->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE)
1516+ RSA_get0_key(key->rsa, &rsa_n, NULL, NULL);
1517+ if (BN_num_bits(rsa_n) < SSH_RSA_MINIMUM_MODULUS_SIZE)
1518 return SSH_ERR_KEY_LENGTH;
1519
1520 if ((b = sshbuf_from(sig, siglen)) == NULL)
1521diff --git a/sshd.c b/sshd.c
1522index a738c3ab..98beb1ed 100644
1523--- a/sshd.c
1524+++ b/sshd.c
1525@@ -493,8 +493,8 @@ demote_sensitive_data(void)
1526
1527 for (i = 0; i < options.num_host_key_files; i++) {
1528 if (sensitive_data.host_keys[i]) {
1529- if ((r = sshkey_demote(sensitive_data.host_keys[i],
1530- &tmp)) != 0)
1531+ if ((r = sshkey_from_private(
1532+ sensitive_data.host_keys[i], &tmp)) != 0)
1533 fatal("could not demote host %s key: %s",
1534 sshkey_type(sensitive_data.host_keys[i]),
1535 ssh_err(r));
1536@@ -1772,7 +1772,7 @@ main(int ac, char **av)
1537 error("Error loading host key \"%s\": %s",
1538 options.host_key_files[i], ssh_err(r));
1539 if (pubkey == NULL && key != NULL)
1540- if ((r = sshkey_demote(key, &pubkey)) != 0)
1541+ if ((r = sshkey_from_private(key, &pubkey)) != 0)
1542 fatal("Could not demote key: \"%s\": %s",
1543 options.host_key_files[i], ssh_err(r));
1544 sensitive_data.host_keys[i] = key;
1545diff --git a/sshkey.c b/sshkey.c
1546index 50ebdc25..085f1707 100644
1547--- a/sshkey.c
1548+++ b/sshkey.c
1549@@ -289,14 +289,24 @@ sshkey_names_valid2(const char *names, int allow_wildcard)
1550 u_int
1551 sshkey_size(const struct sshkey *k)
1552 {
1553+#ifdef WITH_OPENSSL
1554+ const BIGNUM *rsa_n, *dsa_p;
1555+#endif /* WITH_OPENSSL */
1556+
1557 switch (k->type) {
1558 #ifdef WITH_OPENSSL
1559 case KEY_RSA:
1560 case KEY_RSA_CERT:
1561- return BN_num_bits(k->rsa->n);
1562+ if (k->rsa == NULL)
1563+ return 0;
1564+ RSA_get0_key(k->rsa, &rsa_n, NULL, NULL);
1565+ return BN_num_bits(rsa_n);
1566 case KEY_DSA:
1567 case KEY_DSA_CERT:
1568- return BN_num_bits(k->dsa->p);
1569+ if (k->dsa == NULL)
1570+ return 0;
1571+ DSA_get0_pqg(k->dsa, &dsa_p, NULL, NULL);
1572+ return BN_num_bits(dsa_p);
1573 case KEY_ECDSA:
1574 case KEY_ECDSA_CERT:
1575 return sshkey_curve_nid_to_bits(k->ecdsa_nid);
1576@@ -503,10 +513,7 @@ sshkey_new(int type)
1577 #ifdef WITH_OPENSSL
1578 case KEY_RSA:
1579 case KEY_RSA_CERT:
1580- if ((rsa = RSA_new()) == NULL ||
1581- (rsa->n = BN_new()) == NULL ||
1582- (rsa->e = BN_new()) == NULL) {
1583- RSA_free(rsa);
1584+ if ((rsa = RSA_new()) == NULL) {
1585 free(k);
1586 return NULL;
1587 }
1588@@ -514,12 +521,7 @@ sshkey_new(int type)
1589 break;
1590 case KEY_DSA:
1591 case KEY_DSA_CERT:
1592- if ((dsa = DSA_new()) == NULL ||
1593- (dsa->p = BN_new()) == NULL ||
1594- (dsa->q = BN_new()) == NULL ||
1595- (dsa->g = BN_new()) == NULL ||
1596- (dsa->pub_key = BN_new()) == NULL) {
1597- DSA_free(dsa);
1598+ if ((dsa = DSA_new()) == NULL) {
1599 free(k);
1600 return NULL;
1601 }
1602@@ -553,47 +555,7 @@ sshkey_new(int type)
1603 return k;
1604 }
1605
1606-int
1607-sshkey_add_private(struct sshkey *k)
1608-{
1609- switch (k->type) {
1610-#ifdef WITH_OPENSSL
1611- case KEY_RSA:
1612- case KEY_RSA_CERT:
1613-#define bn_maybe_alloc_failed(p) (p == NULL && (p = BN_new()) == NULL)
1614- if (bn_maybe_alloc_failed(k->rsa->d) ||
1615- bn_maybe_alloc_failed(k->rsa->iqmp) ||
1616- bn_maybe_alloc_failed(k->rsa->q) ||
1617- bn_maybe_alloc_failed(k->rsa->p) ||
1618- bn_maybe_alloc_failed(k->rsa->dmq1) ||
1619- bn_maybe_alloc_failed(k->rsa->dmp1))
1620- return SSH_ERR_ALLOC_FAIL;
1621- break;
1622- case KEY_DSA:
1623- case KEY_DSA_CERT:
1624- if (bn_maybe_alloc_failed(k->dsa->priv_key))
1625- return SSH_ERR_ALLOC_FAIL;
1626- break;
1627-#undef bn_maybe_alloc_failed
1628- case KEY_ECDSA:
1629- case KEY_ECDSA_CERT:
1630- /* Cannot do anything until we know the group */
1631- break;
1632-#endif /* WITH_OPENSSL */
1633- case KEY_ED25519:
1634- case KEY_ED25519_CERT:
1635- case KEY_XMSS:
1636- case KEY_XMSS_CERT:
1637- /* no need to prealloc */
1638- break;
1639- case KEY_UNSPEC:
1640- break;
1641- default:
1642- return SSH_ERR_INVALID_ARGUMENT;
1643- }
1644- return 0;
1645-}
1646-
1647+/* XXX garbage-collect this API */
1648 struct sshkey *
1649 sshkey_new_private(int type)
1650 {
1651@@ -601,10 +563,6 @@ sshkey_new_private(int type)
1652
1653 if (k == NULL)
1654 return NULL;
1655- if (sshkey_add_private(k) != 0) {
1656- sshkey_free(k);
1657- return NULL;
1658- }
1659 return k;
1660 }
1661
1662@@ -686,9 +644,15 @@ cert_compare(struct sshkey_cert *a, struct sshkey_cert *b)
1663 int
1664 sshkey_equal_public(const struct sshkey *a, const struct sshkey *b)
1665 {
1666-#if defined(WITH_OPENSSL) && defined(OPENSSL_HAS_ECC)
1667+#if defined(WITH_OPENSSL)
1668+ const BIGNUM *rsa_e_a, *rsa_n_a;
1669+ const BIGNUM *rsa_e_b, *rsa_n_b;
1670+ const BIGNUM *dsa_p_a, *dsa_q_a, *dsa_g_a, *dsa_pub_key_a;
1671+ const BIGNUM *dsa_p_b, *dsa_q_b, *dsa_g_b, *dsa_pub_key_b;
1672+# if defined(OPENSSL_HAS_ECC)
1673 BN_CTX *bnctx;
1674-#endif /* WITH_OPENSSL && OPENSSL_HAS_ECC */
1675+# endif /* OPENSSL_HAS_ECC */
1676+#endif /* WITH_OPENSSL */
1677
1678 if (a == NULL || b == NULL ||
1679 sshkey_type_plain(a->type) != sshkey_type_plain(b->type))
1680@@ -698,16 +662,24 @@ sshkey_equal_public(const struct sshkey *a, const struct sshkey *b)
1681 #ifdef WITH_OPENSSL
1682 case KEY_RSA_CERT:
1683 case KEY_RSA:
1684- return a->rsa != NULL && b->rsa != NULL &&
1685- BN_cmp(a->rsa->e, b->rsa->e) == 0 &&
1686- BN_cmp(a->rsa->n, b->rsa->n) == 0;
1687+ if (a->rsa == NULL || b->rsa == NULL)
1688+ return 0;
1689+ RSA_get0_key(a->rsa, &rsa_n_a, &rsa_e_a, NULL);
1690+ RSA_get0_key(b->rsa, &rsa_n_b, &rsa_e_b, NULL);
1691+ return BN_cmp(rsa_e_a, rsa_e_b) == 0 &&
1692+ BN_cmp(rsa_n_a, rsa_n_b) == 0;
1693 case KEY_DSA_CERT:
1694 case KEY_DSA:
1695- return a->dsa != NULL && b->dsa != NULL &&
1696- BN_cmp(a->dsa->p, b->dsa->p) == 0 &&
1697- BN_cmp(a->dsa->q, b->dsa->q) == 0 &&
1698- BN_cmp(a->dsa->g, b->dsa->g) == 0 &&
1699- BN_cmp(a->dsa->pub_key, b->dsa->pub_key) == 0;
1700+ if (a->dsa == NULL || b->dsa == NULL)
1701+ return 0;
1702+ DSA_get0_pqg(a->dsa, &dsa_p_a, &dsa_q_a, &dsa_g_a);
1703+ DSA_get0_pqg(b->dsa, &dsa_p_b, &dsa_q_b, &dsa_g_b);
1704+ DSA_get0_key(a->dsa, &dsa_pub_key_a, NULL);
1705+ DSA_get0_key(b->dsa, &dsa_pub_key_b, NULL);
1706+ return BN_cmp(dsa_p_a, dsa_p_b) == 0 &&
1707+ BN_cmp(dsa_q_a, dsa_q_b) == 0 &&
1708+ BN_cmp(dsa_g_a, dsa_g_b) == 0 &&
1709+ BN_cmp(dsa_pub_key_a, dsa_pub_key_b) == 0;
1710 # ifdef OPENSSL_HAS_ECC
1711 case KEY_ECDSA_CERT:
1712 case KEY_ECDSA:
1713@@ -764,6 +736,9 @@ to_blob_buf(const struct sshkey *key, struct sshbuf *b, int force_plain,
1714 {
1715 int type, ret = SSH_ERR_INTERNAL_ERROR;
1716 const char *typename;
1717+#ifdef WITH_OPENSSL
1718+ const BIGNUM *rsa_n, *rsa_e, *dsa_p, *dsa_q, *dsa_g, *dsa_pub_key;
1719+#endif /* WITH_OPENSSL */
1720
1721 if (key == NULL)
1722 return SSH_ERR_INVALID_ARGUMENT;
1723@@ -796,11 +771,13 @@ to_blob_buf(const struct sshkey *key, struct sshbuf *b, int force_plain,
1724 case KEY_DSA:
1725 if (key->dsa == NULL)
1726 return SSH_ERR_INVALID_ARGUMENT;
1727+ DSA_get0_pqg(key->dsa, &dsa_p, &dsa_q, &dsa_g);
1728+ DSA_get0_key(key->dsa, &dsa_pub_key, NULL);
1729 if ((ret = sshbuf_put_cstring(b, typename)) != 0 ||
1730- (ret = sshbuf_put_bignum2(b, key->dsa->p)) != 0 ||
1731- (ret = sshbuf_put_bignum2(b, key->dsa->q)) != 0 ||
1732- (ret = sshbuf_put_bignum2(b, key->dsa->g)) != 0 ||
1733- (ret = sshbuf_put_bignum2(b, key->dsa->pub_key)) != 0)
1734+ (ret = sshbuf_put_bignum2(b, dsa_p)) != 0 ||
1735+ (ret = sshbuf_put_bignum2(b, dsa_q)) != 0 ||
1736+ (ret = sshbuf_put_bignum2(b, dsa_g)) != 0 ||
1737+ (ret = sshbuf_put_bignum2(b, dsa_pub_key)) != 0)
1738 return ret;
1739 break;
1740 # ifdef OPENSSL_HAS_ECC
1741@@ -817,9 +794,10 @@ to_blob_buf(const struct sshkey *key, struct sshbuf *b, int force_plain,
1742 case KEY_RSA:
1743 if (key->rsa == NULL)
1744 return SSH_ERR_INVALID_ARGUMENT;
1745+ RSA_get0_key(key->rsa, &rsa_n, &rsa_e, NULL);
1746 if ((ret = sshbuf_put_cstring(b, typename)) != 0 ||
1747- (ret = sshbuf_put_bignum2(b, key->rsa->e)) != 0 ||
1748- (ret = sshbuf_put_bignum2(b, key->rsa->n)) != 0)
1749+ (ret = sshbuf_put_bignum2(b, rsa_e)) != 0 ||
1750+ (ret = sshbuf_put_bignum2(b, rsa_n)) != 0)
1751 return ret;
1752 break;
1753 #endif /* WITH_OPENSSL */
1754@@ -1767,59 +1745,95 @@ sshkey_from_private(const struct sshkey *k, struct sshkey **pkp)
1755 {
1756 struct sshkey *n = NULL;
1757 int ret = SSH_ERR_INTERNAL_ERROR;
1758+ int r = SSH_ERR_INTERNAL_ERROR;
1759+#ifdef WITH_OPENSSL
1760+ const BIGNUM *rsa_n, *rsa_e;
1761+ BIGNUM *rsa_n_dup = NULL, *rsa_e_dup = NULL;
1762+ const BIGNUM *dsa_p, *dsa_q, *dsa_g, *dsa_pub_key;
1763+ BIGNUM *dsa_p_dup = NULL, *dsa_q_dup = NULL, *dsa_g_dup = NULL;
1764+ BIGNUM *dsa_pub_key_dup = NULL;
1765+#endif /* WITH_OPENSSL */
1766
1767 *pkp = NULL;
1768 switch (k->type) {
1769 #ifdef WITH_OPENSSL
1770 case KEY_DSA:
1771 case KEY_DSA_CERT:
1772- if ((n = sshkey_new(k->type)) == NULL)
1773- return SSH_ERR_ALLOC_FAIL;
1774- if ((BN_copy(n->dsa->p, k->dsa->p) == NULL) ||
1775- (BN_copy(n->dsa->q, k->dsa->q) == NULL) ||
1776- (BN_copy(n->dsa->g, k->dsa->g) == NULL) ||
1777- (BN_copy(n->dsa->pub_key, k->dsa->pub_key) == NULL)) {
1778- sshkey_free(n);
1779- return SSH_ERR_ALLOC_FAIL;
1780+ if ((n = sshkey_new(k->type)) == NULL) {
1781+ r = SSH_ERR_ALLOC_FAIL;
1782+ goto out;
1783+ }
1784+
1785+ DSA_get0_pqg(k->dsa, &dsa_p, &dsa_q, &dsa_g);
1786+ DSA_get0_key(k->dsa, &dsa_pub_key, NULL);
1787+ if ((dsa_p_dup = BN_dup(dsa_p)) == NULL ||
1788+ (dsa_q_dup = BN_dup(dsa_q)) == NULL ||
1789+ (dsa_g_dup = BN_dup(dsa_g)) == NULL ||
1790+ (dsa_pub_key_dup = BN_dup(dsa_pub_key)) == NULL) {
1791+ r = SSH_ERR_ALLOC_FAIL;
1792+ goto out;
1793 }
1794+ if (!DSA_set0_pqg(n->dsa, dsa_p_dup, dsa_q_dup, dsa_g_dup)) {
1795+ r = SSH_ERR_LIBCRYPTO_ERROR;
1796+ goto out;
1797+ }
1798+ dsa_p_dup = dsa_q_dup = dsa_g_dup = NULL; /* transferred */
1799+ if (!DSA_set0_key(n->dsa, dsa_pub_key_dup, NULL)) {
1800+ r = SSH_ERR_LIBCRYPTO_ERROR;
1801+ goto out;
1802+ }
1803+ dsa_pub_key_dup = NULL; /* transferred */
1804+
1805 break;
1806 # ifdef OPENSSL_HAS_ECC
1807 case KEY_ECDSA:
1808 case KEY_ECDSA_CERT:
1809- if ((n = sshkey_new(k->type)) == NULL)
1810- return SSH_ERR_ALLOC_FAIL;
1811+ if ((n = sshkey_new(k->type)) == NULL) {
1812+ r = SSH_ERR_ALLOC_FAIL;
1813+ goto out;
1814+ }
1815 n->ecdsa_nid = k->ecdsa_nid;
1816 n->ecdsa = EC_KEY_new_by_curve_name(k->ecdsa_nid);
1817 if (n->ecdsa == NULL) {
1818- sshkey_free(n);
1819- return SSH_ERR_ALLOC_FAIL;
1820+ r = SSH_ERR_ALLOC_FAIL;
1821+ goto out;
1822 }
1823 if (EC_KEY_set_public_key(n->ecdsa,
1824 EC_KEY_get0_public_key(k->ecdsa)) != 1) {
1825- sshkey_free(n);
1826- return SSH_ERR_LIBCRYPTO_ERROR;
1827+ r = SSH_ERR_LIBCRYPTO_ERROR;
1828+ goto out;
1829 }
1830 break;
1831 # endif /* OPENSSL_HAS_ECC */
1832 case KEY_RSA:
1833 case KEY_RSA_CERT:
1834- if ((n = sshkey_new(k->type)) == NULL)
1835- return SSH_ERR_ALLOC_FAIL;
1836- if ((BN_copy(n->rsa->n, k->rsa->n) == NULL) ||
1837- (BN_copy(n->rsa->e, k->rsa->e) == NULL)) {
1838- sshkey_free(n);
1839- return SSH_ERR_ALLOC_FAIL;
1840+ if ((n = sshkey_new(k->type)) == NULL) {
1841+ r = SSH_ERR_ALLOC_FAIL;
1842+ goto out;
1843 }
1844+ RSA_get0_key(k->rsa, &rsa_n, &rsa_e, NULL);
1845+ if ((rsa_n_dup = BN_dup(rsa_n)) == NULL ||
1846+ (rsa_e_dup = BN_dup(rsa_e)) == NULL) {
1847+ r = SSH_ERR_ALLOC_FAIL;
1848+ goto out;
1849+ }
1850+ if (!RSA_set0_key(n->rsa, rsa_n_dup, rsa_e_dup, NULL)) {
1851+ r = SSH_ERR_LIBCRYPTO_ERROR;
1852+ goto out;
1853+ }
1854+ rsa_n_dup = rsa_e_dup = NULL; /* transferred */
1855 break;
1856 #endif /* WITH_OPENSSL */
1857 case KEY_ED25519:
1858 case KEY_ED25519_CERT:
1859- if ((n = sshkey_new(k->type)) == NULL)
1860- return SSH_ERR_ALLOC_FAIL;
1861+ if ((n = sshkey_new(k->type)) == NULL) {
1862+ r = SSH_ERR_ALLOC_FAIL;
1863+ goto out;
1864+ }
1865 if (k->ed25519_pk != NULL) {
1866 if ((n->ed25519_pk = malloc(ED25519_PK_SZ)) == NULL) {
1867- sshkey_free(n);
1868- return SSH_ERR_ALLOC_FAIL;
1869+ r = SSH_ERR_ALLOC_FAIL;
1870+ goto out;
1871 }
1872 memcpy(n->ed25519_pk, k->ed25519_pk, ED25519_PK_SZ);
1873 }
1874@@ -1827,37 +1841,46 @@ sshkey_from_private(const struct sshkey *k, struct sshkey **pkp)
1875 #ifdef WITH_XMSS
1876 case KEY_XMSS:
1877 case KEY_XMSS_CERT:
1878- if ((n = sshkey_new(k->type)) == NULL)
1879- return SSH_ERR_ALLOC_FAIL;
1880- if ((ret = sshkey_xmss_init(n, k->xmss_name)) != 0) {
1881- sshkey_free(n);
1882- return ret;
1883+ if ((n = sshkey_new(k->type)) == NULL) {
1884+ r = SSH_ERR_ALLOC_FAIL;
1885+ goto out;
1886 }
1887+ if ((r = sshkey_xmss_init(n, k->xmss_name)) != 0)
1888+ goto out;
1889 if (k->xmss_pk != NULL) {
1890 size_t pklen = sshkey_xmss_pklen(k);
1891 if (pklen == 0 || sshkey_xmss_pklen(n) != pklen) {
1892- sshkey_free(n);
1893- return SSH_ERR_INTERNAL_ERROR;
1894+ r = SSH_ERR_INTERNAL_ERROR;
1895+ goto out;
1896 }
1897 if ((n->xmss_pk = malloc(pklen)) == NULL) {
1898- sshkey_free(n);
1899- return SSH_ERR_ALLOC_FAIL;
1900+ r = SSH_ERR_ALLOC_FAIL;
1901+ goto out;
1902 }
1903 memcpy(n->xmss_pk, k->xmss_pk, pklen);
1904 }
1905 break;
1906 #endif /* WITH_XMSS */
1907 default:
1908- return SSH_ERR_KEY_TYPE_UNKNOWN;
1909- }
1910- if (sshkey_is_cert(k)) {
1911- if ((ret = sshkey_cert_copy(k, n)) != 0) {
1912- sshkey_free(n);
1913- return ret;
1914- }
1915+ r = SSH_ERR_KEY_TYPE_UNKNOWN;
1916+ goto out;
1917 }
1918+ if (sshkey_is_cert(k) && (r = sshkey_cert_copy(k, n)) != 0)
1919+ goto out;
1920+ /* success */
1921 *pkp = n;
1922- return 0;
1923+ n = NULL;
1924+ r = 0;
1925+ out:
1926+ sshkey_free(n);
1927+ BN_clear_free(rsa_n_dup);
1928+ BN_clear_free(rsa_e_dup);
1929+ BN_clear_free(dsa_p_dup);
1930+ BN_clear_free(dsa_q_dup);
1931+ BN_clear_free(dsa_g_dup);
1932+ BN_clear_free(dsa_pub_key_dup);
1933+
1934+ return r;
1935 }
1936
1937 static int
1938@@ -1985,6 +2008,17 @@ cert_parse(struct sshbuf *b, struct sshkey *key, struct sshbuf *certbuf)
1939 return ret;
1940 }
1941
1942+static int
1943+check_rsa_length(const RSA *rsa)
1944+{
1945+ const BIGNUM *rsa_n;
1946+
1947+ RSA_get0_key(rsa, &rsa_n, NULL, NULL);
1948+ if (BN_num_bits(rsa_n) < SSH_RSA_MINIMUM_MODULUS_SIZE)
1949+ return SSH_ERR_KEY_LENGTH;
1950+ return 0;
1951+}
1952+
1953 static int
1954 sshkey_from_blob_internal(struct sshbuf *b, struct sshkey **keyp,
1955 int allow_cert)
1956@@ -1995,9 +2029,13 @@ sshkey_from_blob_internal(struct sshbuf *b, struct sshkey **keyp,
1957 size_t len;
1958 u_char *pk = NULL;
1959 struct sshbuf *copy;
1960-#if defined(WITH_OPENSSL) && defined(OPENSSL_HAS_ECC)
1961+#if defined(WITH_OPENSSL)
1962+ BIGNUM *rsa_n = NULL, *rsa_e = NULL;
1963+ BIGNUM *dsa_p = NULL, *dsa_q = NULL, *dsa_g = NULL, *dsa_pub_key = NULL;
1964+# if defined(OPENSSL_HAS_ECC)
1965 EC_POINT *q = NULL;
1966-#endif /* WITH_OPENSSL && OPENSSL_HAS_ECC */
1967+# endif /* OPENSSL_HAS_ECC */
1968+#endif /* WITH_OPENSSL */
1969
1970 #ifdef DEBUG_PK /* XXX */
1971 sshbuf_dump(b, stderr);
1972@@ -2032,15 +2070,23 @@ sshkey_from_blob_internal(struct sshbuf *b, struct sshkey **keyp,
1973 ret = SSH_ERR_ALLOC_FAIL;
1974 goto out;
1975 }
1976- if (sshbuf_get_bignum2(b, key->rsa->e) != 0 ||
1977- sshbuf_get_bignum2(b, key->rsa->n) != 0) {
1978+ if ((rsa_e = BN_new()) == NULL ||
1979+ (rsa_n = BN_new()) == NULL) {
1980+ ret = SSH_ERR_ALLOC_FAIL;
1981+ goto out;
1982+ }
1983+ if (sshbuf_get_bignum2(b, rsa_e) != 0 ||
1984+ sshbuf_get_bignum2(b, rsa_n) != 0) {
1985 ret = SSH_ERR_INVALID_FORMAT;
1986 goto out;
1987 }
1988- if (BN_num_bits(key->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) {
1989- ret = SSH_ERR_KEY_LENGTH;
1990+ if (!RSA_set0_key(key->rsa, rsa_n, rsa_e, NULL)) {
1991+ ret = SSH_ERR_LIBCRYPTO_ERROR;
1992 goto out;
1993 }
1994+ rsa_n = rsa_e = NULL; /* transferred */
1995+ if ((ret = check_rsa_length(key->rsa)) != 0)
1996+ goto out;
1997 #ifdef DEBUG_PK
1998 RSA_print_fp(stderr, key->rsa, 8);
1999 #endif
2000@@ -2057,13 +2103,30 @@ sshkey_from_blob_internal(struct sshbuf *b, struct sshkey **keyp,
2001 ret = SSH_ERR_ALLOC_FAIL;
2002 goto out;
2003 }
2004- if (sshbuf_get_bignum2(b, key->dsa->p) != 0 ||
2005- sshbuf_get_bignum2(b, key->dsa->q) != 0 ||
2006- sshbuf_get_bignum2(b, key->dsa->g) != 0 ||
2007- sshbuf_get_bignum2(b, key->dsa->pub_key) != 0) {
2008+ if ((dsa_p = BN_new()) == NULL ||
2009+ (dsa_q = BN_new()) == NULL ||
2010+ (dsa_g = BN_new()) == NULL ||
2011+ (dsa_pub_key = BN_new()) == NULL) {
2012+ ret = SSH_ERR_ALLOC_FAIL;
2013+ goto out;
2014+ }
2015+ if (sshbuf_get_bignum2(b, dsa_p) != 0 ||
2016+ sshbuf_get_bignum2(b, dsa_q) != 0 ||
2017+ sshbuf_get_bignum2(b, dsa_g) != 0 ||
2018+ sshbuf_get_bignum2(b, dsa_pub_key) != 0) {
2019 ret = SSH_ERR_INVALID_FORMAT;
2020 goto out;
2021 }
2022+ if (!DSA_set0_pqg(key->dsa, dsa_p, dsa_q, dsa_g)) {
2023+ ret = SSH_ERR_LIBCRYPTO_ERROR;
2024+ goto out;
2025+ }
2026+ dsa_p = dsa_q = dsa_g = NULL; /* transferred */
2027+ if (!DSA_set0_key(key->dsa, dsa_pub_key, NULL)) {
2028+ ret = SSH_ERR_LIBCRYPTO_ERROR;
2029+ goto out;
2030+ }
2031+ dsa_pub_key = NULL; /* transferred */
2032 #ifdef DEBUG_PK
2033 DSA_print_fp(stderr, key->dsa, 8);
2034 #endif
2035@@ -2197,9 +2260,17 @@ sshkey_from_blob_internal(struct sshbuf *b, struct sshkey **keyp,
2036 free(ktype);
2037 free(curve);
2038 free(pk);
2039-#if defined(WITH_OPENSSL) && defined(OPENSSL_HAS_ECC)
2040+#if defined(WITH_OPENSSL)
2041+ BN_clear_free(rsa_n);
2042+ BN_clear_free(rsa_e);
2043+ BN_clear_free(dsa_p);
2044+ BN_clear_free(dsa_q);
2045+ BN_clear_free(dsa_g);
2046+ BN_clear_free(dsa_pub_key);
2047+# if defined(OPENSSL_HAS_ECC)
2048 EC_POINT_free(q);
2049-#endif /* WITH_OPENSSL && OPENSSL_HAS_ECC */
2050+# endif /* OPENSSL_HAS_ECC */
2051+#endif /* WITH_OPENSSL */
2052 return ret;
2053 }
2054
2055@@ -2401,120 +2472,6 @@ sshkey_verify(const struct sshkey *key,
2056 }
2057 }
2058
2059-/* Converts a private to a public key */
2060-int
2061-sshkey_demote(const struct sshkey *k, struct sshkey **dkp)
2062-{
2063- struct sshkey *pk;
2064- int ret = SSH_ERR_INTERNAL_ERROR;
2065-
2066- *dkp = NULL;
2067- if ((pk = calloc(1, sizeof(*pk))) == NULL)
2068- return SSH_ERR_ALLOC_FAIL;
2069- pk->type = k->type;
2070- pk->flags = k->flags;
2071- pk->ecdsa_nid = k->ecdsa_nid;
2072- pk->dsa = NULL;
2073- pk->ecdsa = NULL;
2074- pk->rsa = NULL;
2075- pk->ed25519_pk = NULL;
2076- pk->ed25519_sk = NULL;
2077- pk->xmss_pk = NULL;
2078- pk->xmss_sk = NULL;
2079-
2080- switch (k->type) {
2081-#ifdef WITH_OPENSSL
2082- case KEY_RSA_CERT:
2083- if ((ret = sshkey_cert_copy(k, pk)) != 0)
2084- goto fail;
2085- /* FALLTHROUGH */
2086- case KEY_RSA:
2087- if ((pk->rsa = RSA_new()) == NULL ||
2088- (pk->rsa->e = BN_dup(k->rsa->e)) == NULL ||
2089- (pk->rsa->n = BN_dup(k->rsa->n)) == NULL) {
2090- ret = SSH_ERR_ALLOC_FAIL;
2091- goto fail;
2092- }
2093- break;
2094- case KEY_DSA_CERT:
2095- if ((ret = sshkey_cert_copy(k, pk)) != 0)
2096- goto fail;
2097- /* FALLTHROUGH */
2098- case KEY_DSA:
2099- if ((pk->dsa = DSA_new()) == NULL ||
2100- (pk->dsa->p = BN_dup(k->dsa->p)) == NULL ||
2101- (pk->dsa->q = BN_dup(k->dsa->q)) == NULL ||
2102- (pk->dsa->g = BN_dup(k->dsa->g)) == NULL ||
2103- (pk->dsa->pub_key = BN_dup(k->dsa->pub_key)) == NULL) {
2104- ret = SSH_ERR_ALLOC_FAIL;
2105- goto fail;
2106- }
2107- break;
2108- case KEY_ECDSA_CERT:
2109- if ((ret = sshkey_cert_copy(k, pk)) != 0)
2110- goto fail;
2111- /* FALLTHROUGH */
2112-# ifdef OPENSSL_HAS_ECC
2113- case KEY_ECDSA:
2114- pk->ecdsa = EC_KEY_new_by_curve_name(pk->ecdsa_nid);
2115- if (pk->ecdsa == NULL) {
2116- ret = SSH_ERR_ALLOC_FAIL;
2117- goto fail;
2118- }
2119- if (EC_KEY_set_public_key(pk->ecdsa,
2120- EC_KEY_get0_public_key(k->ecdsa)) != 1) {
2121- ret = SSH_ERR_LIBCRYPTO_ERROR;
2122- goto fail;
2123- }
2124- break;
2125-# endif /* OPENSSL_HAS_ECC */
2126-#endif /* WITH_OPENSSL */
2127- case KEY_ED25519_CERT:
2128- if ((ret = sshkey_cert_copy(k, pk)) != 0)
2129- goto fail;
2130- /* FALLTHROUGH */
2131- case KEY_ED25519:
2132- if (k->ed25519_pk != NULL) {
2133- if ((pk->ed25519_pk = malloc(ED25519_PK_SZ)) == NULL) {
2134- ret = SSH_ERR_ALLOC_FAIL;
2135- goto fail;
2136- }
2137- memcpy(pk->ed25519_pk, k->ed25519_pk, ED25519_PK_SZ);
2138- }
2139- break;
2140-#ifdef WITH_XMSS
2141- case KEY_XMSS_CERT:
2142- if ((ret = sshkey_cert_copy(k, pk)) != 0)
2143- goto fail;
2144- /* FALLTHROUGH */
2145- case KEY_XMSS:
2146- if ((ret = sshkey_xmss_init(pk, k->xmss_name)) != 0)
2147- goto fail;
2148- if (k->xmss_pk != NULL) {
2149- size_t pklen = sshkey_xmss_pklen(k);
2150-
2151- if (pklen == 0 || sshkey_xmss_pklen(pk) != pklen) {
2152- ret = SSH_ERR_INTERNAL_ERROR;
2153- goto fail;
2154- }
2155- if ((pk->xmss_pk = malloc(pklen)) == NULL) {
2156- ret = SSH_ERR_ALLOC_FAIL;
2157- goto fail;
2158- }
2159- memcpy(pk->xmss_pk, k->xmss_pk, pklen);
2160- }
2161- break;
2162-#endif /* WITH_XMSS */
2163- default:
2164- ret = SSH_ERR_KEY_TYPE_UNKNOWN;
2165- fail:
2166- sshkey_free(pk);
2167- return ret;
2168- }
2169- *dkp = pk;
2170- return 0;
2171-}
2172-
2173 /* Convert a plain key to their _CERT equivalent */
2174 int
2175 sshkey_to_certified(struct sshkey *k)
2176@@ -2573,6 +2530,9 @@ sshkey_certify_custom(struct sshkey *k, struct sshkey *ca, const char *alg,
2177 int ret = SSH_ERR_INTERNAL_ERROR;
2178 struct sshbuf *cert = NULL;
2179 char *sigtype = NULL;
2180+#ifdef WITH_OPENSSL
2181+ const BIGNUM *rsa_n, *rsa_e, *dsa_p, *dsa_q, *dsa_g, *dsa_pub_key;
2182+#endif /* WITH_OPENSSL */
2183
2184 if (k == NULL || k->cert == NULL ||
2185 k->cert->certblob == NULL || ca == NULL)
2186@@ -2609,10 +2569,12 @@ sshkey_certify_custom(struct sshkey *k, struct sshkey *ca, const char *alg,
2187 switch (k->type) {
2188 #ifdef WITH_OPENSSL
2189 case KEY_DSA_CERT:
2190- if ((ret = sshbuf_put_bignum2(cert, k->dsa->p)) != 0 ||
2191- (ret = sshbuf_put_bignum2(cert, k->dsa->q)) != 0 ||
2192- (ret = sshbuf_put_bignum2(cert, k->dsa->g)) != 0 ||
2193- (ret = sshbuf_put_bignum2(cert, k->dsa->pub_key)) != 0)
2194+ DSA_get0_pqg(k->dsa, &dsa_p, &dsa_q, &dsa_g);
2195+ DSA_get0_key(k->dsa, &dsa_pub_key, NULL);
2196+ if ((ret = sshbuf_put_bignum2(cert, dsa_p)) != 0 ||
2197+ (ret = sshbuf_put_bignum2(cert, dsa_q)) != 0 ||
2198+ (ret = sshbuf_put_bignum2(cert, dsa_g)) != 0 ||
2199+ (ret = sshbuf_put_bignum2(cert, dsa_pub_key)) != 0)
2200 goto out;
2201 break;
2202 # ifdef OPENSSL_HAS_ECC
2203@@ -2626,8 +2588,9 @@ sshkey_certify_custom(struct sshkey *k, struct sshkey *ca, const char *alg,
2204 break;
2205 # endif /* OPENSSL_HAS_ECC */
2206 case KEY_RSA_CERT:
2207- if ((ret = sshbuf_put_bignum2(cert, k->rsa->e)) != 0 ||
2208- (ret = sshbuf_put_bignum2(cert, k->rsa->n)) != 0)
2209+ RSA_get0_key(k->rsa, &rsa_n, &rsa_e, NULL);
2210+ if ((ret = sshbuf_put_bignum2(cert, rsa_e)) != 0 ||
2211+ (ret = sshbuf_put_bignum2(cert, rsa_n)) != 0)
2212 goto out;
2213 break;
2214 #endif /* WITH_OPENSSL */
2215@@ -2820,18 +2783,25 @@ sshkey_private_serialize_opt(const struct sshkey *key, struct sshbuf *b,
2216 enum sshkey_serialize_rep opts)
2217 {
2218 int r = SSH_ERR_INTERNAL_ERROR;
2219+#ifdef WITH_OPENSSL
2220+ const BIGNUM *rsa_n, *rsa_e, *rsa_d, *rsa_iqmp, *rsa_p, *rsa_q;
2221+ const BIGNUM *dsa_p, *dsa_q, *dsa_g, *dsa_pub_key, *dsa_priv_key;
2222+#endif /* WITH_OPENSSL */
2223
2224 if ((r = sshbuf_put_cstring(b, sshkey_ssh_name(key))) != 0)
2225 goto out;
2226 switch (key->type) {
2227 #ifdef WITH_OPENSSL
2228 case KEY_RSA:
2229- if ((r = sshbuf_put_bignum2(b, key->rsa->n)) != 0 ||
2230- (r = sshbuf_put_bignum2(b, key->rsa->e)) != 0 ||
2231- (r = sshbuf_put_bignum2(b, key->rsa->d)) != 0 ||
2232- (r = sshbuf_put_bignum2(b, key->rsa->iqmp)) != 0 ||
2233- (r = sshbuf_put_bignum2(b, key->rsa->p)) != 0 ||
2234- (r = sshbuf_put_bignum2(b, key->rsa->q)) != 0)
2235+ RSA_get0_key(key->rsa, &rsa_n, &rsa_e, &rsa_d);
2236+ RSA_get0_factors(key->rsa, &rsa_p, &rsa_q);
2237+ RSA_get0_crt_params(key->rsa, NULL, NULL, &rsa_iqmp);
2238+ if ((r = sshbuf_put_bignum2(b, rsa_n)) != 0 ||
2239+ (r = sshbuf_put_bignum2(b, rsa_e)) != 0 ||
2240+ (r = sshbuf_put_bignum2(b, rsa_d)) != 0 ||
2241+ (r = sshbuf_put_bignum2(b, rsa_iqmp)) != 0 ||
2242+ (r = sshbuf_put_bignum2(b, rsa_p)) != 0 ||
2243+ (r = sshbuf_put_bignum2(b, rsa_q)) != 0)
2244 goto out;
2245 break;
2246 case KEY_RSA_CERT:
2247@@ -2839,19 +2809,24 @@ sshkey_private_serialize_opt(const struct sshkey *key, struct sshbuf *b,
2248 r = SSH_ERR_INVALID_ARGUMENT;
2249 goto out;
2250 }
2251+ RSA_get0_key(key->rsa, NULL, NULL, &rsa_d);
2252+ RSA_get0_factors(key->rsa, &rsa_p, &rsa_q);
2253+ RSA_get0_crt_params(key->rsa, NULL, NULL, &rsa_iqmp);
2254 if ((r = sshbuf_put_stringb(b, key->cert->certblob)) != 0 ||
2255- (r = sshbuf_put_bignum2(b, key->rsa->d)) != 0 ||
2256- (r = sshbuf_put_bignum2(b, key->rsa->iqmp)) != 0 ||
2257- (r = sshbuf_put_bignum2(b, key->rsa->p)) != 0 ||
2258- (r = sshbuf_put_bignum2(b, key->rsa->q)) != 0)
2259+ (r = sshbuf_put_bignum2(b, rsa_d)) != 0 ||
2260+ (r = sshbuf_put_bignum2(b, rsa_iqmp)) != 0 ||
2261+ (r = sshbuf_put_bignum2(b, rsa_p)) != 0 ||
2262+ (r = sshbuf_put_bignum2(b, rsa_q)) != 0)
2263 goto out;
2264 break;
2265 case KEY_DSA:
2266- if ((r = sshbuf_put_bignum2(b, key->dsa->p)) != 0 ||
2267- (r = sshbuf_put_bignum2(b, key->dsa->q)) != 0 ||
2268- (r = sshbuf_put_bignum2(b, key->dsa->g)) != 0 ||
2269- (r = sshbuf_put_bignum2(b, key->dsa->pub_key)) != 0 ||
2270- (r = sshbuf_put_bignum2(b, key->dsa->priv_key)) != 0)
2271+ DSA_get0_pqg(key->dsa, &dsa_p, &dsa_q, &dsa_g);
2272+ DSA_get0_key(key->dsa, &dsa_pub_key, &dsa_priv_key);
2273+ if ((r = sshbuf_put_bignum2(b, dsa_p)) != 0 ||
2274+ (r = sshbuf_put_bignum2(b, dsa_q)) != 0 ||
2275+ (r = sshbuf_put_bignum2(b, dsa_g)) != 0 ||
2276+ (r = sshbuf_put_bignum2(b, dsa_pub_key)) != 0 ||
2277+ (r = sshbuf_put_bignum2(b, dsa_priv_key)) != 0)
2278 goto out;
2279 break;
2280 case KEY_DSA_CERT:
2281@@ -2859,8 +2834,9 @@ sshkey_private_serialize_opt(const struct sshkey *key, struct sshbuf *b,
2282 r = SSH_ERR_INVALID_ARGUMENT;
2283 goto out;
2284 }
2285+ DSA_get0_key(key->dsa, NULL, &dsa_priv_key);
2286 if ((r = sshbuf_put_stringb(b, key->cert->certblob)) != 0 ||
2287- (r = sshbuf_put_bignum2(b, key->dsa->priv_key)) != 0)
2288+ (r = sshbuf_put_bignum2(b, dsa_priv_key)) != 0)
2289 goto out;
2290 break;
2291 # ifdef OPENSSL_HAS_ECC
2292@@ -2961,6 +2937,10 @@ sshkey_private_deserialize(struct sshbuf *buf, struct sshkey **kp)
2293 u_char *xmss_pk = NULL, *xmss_sk = NULL;
2294 #ifdef WITH_OPENSSL
2295 BIGNUM *exponent = NULL;
2296+ BIGNUM *rsa_n = NULL, *rsa_e = NULL, *rsa_d = NULL;
2297+ BIGNUM *rsa_iqmp = NULL, *rsa_p = NULL, *rsa_q = NULL;
2298+ BIGNUM *dsa_p = NULL, *dsa_q = NULL, *dsa_g = NULL;
2299+ BIGNUM *dsa_pub_key = NULL, *dsa_priv_key = NULL;
2300 #endif /* WITH_OPENSSL */
2301
2302 if (kp != NULL)
2303@@ -2975,18 +2955,44 @@ sshkey_private_deserialize(struct sshbuf *buf, struct sshkey **kp)
2304 r = SSH_ERR_ALLOC_FAIL;
2305 goto out;
2306 }
2307- if ((r = sshbuf_get_bignum2(buf, k->dsa->p)) != 0 ||
2308- (r = sshbuf_get_bignum2(buf, k->dsa->q)) != 0 ||
2309- (r = sshbuf_get_bignum2(buf, k->dsa->g)) != 0 ||
2310- (r = sshbuf_get_bignum2(buf, k->dsa->pub_key)) != 0 ||
2311- (r = sshbuf_get_bignum2(buf, k->dsa->priv_key)) != 0)
2312+ if ((dsa_p = BN_new()) == NULL ||
2313+ (dsa_q = BN_new()) == NULL ||
2314+ (dsa_g = BN_new()) == NULL ||
2315+ (dsa_pub_key = BN_new()) == NULL ||
2316+ (dsa_priv_key = BN_new()) == NULL) {
2317+ r = SSH_ERR_ALLOC_FAIL;
2318+ goto out;
2319+ }
2320+ if ((r = sshbuf_get_bignum2(buf, dsa_p)) != 0 ||
2321+ (r = sshbuf_get_bignum2(buf, dsa_q)) != 0 ||
2322+ (r = sshbuf_get_bignum2(buf, dsa_g)) != 0 ||
2323+ (r = sshbuf_get_bignum2(buf, dsa_pub_key)) != 0 ||
2324+ (r = sshbuf_get_bignum2(buf, dsa_priv_key)) != 0)
2325 goto out;
2326+ if (!DSA_set0_pqg(k->dsa, dsa_p, dsa_q, dsa_g)) {
2327+ r = SSH_ERR_LIBCRYPTO_ERROR;
2328+ goto out;
2329+ }
2330+ dsa_p = dsa_q = dsa_g = NULL; /* transferred */
2331+ if (!DSA_set0_key(k->dsa, dsa_pub_key, dsa_priv_key)) {
2332+ r = SSH_ERR_LIBCRYPTO_ERROR;
2333+ goto out;
2334+ }
2335+ dsa_pub_key = dsa_priv_key = NULL; /* transferred */
2336 break;
2337 case KEY_DSA_CERT:
2338+ if ((dsa_priv_key = BN_new()) == NULL) {
2339+ r = SSH_ERR_ALLOC_FAIL;
2340+ goto out;
2341+ }
2342 if ((r = sshkey_froms(buf, &k)) != 0 ||
2343- (r = sshkey_add_private(k)) != 0 ||
2344- (r = sshbuf_get_bignum2(buf, k->dsa->priv_key)) != 0)
2345+ (r = sshbuf_get_bignum2(buf, dsa_priv_key)) != 0)
2346+ goto out;
2347+ if (!DSA_set0_key(k->dsa, NULL, dsa_priv_key)) {
2348+ r = SSH_ERR_LIBCRYPTO_ERROR;
2349 goto out;
2350+ }
2351+ dsa_priv_key = NULL; /* transferred */
2352 break;
2353 # ifdef OPENSSL_HAS_ECC
2354 case KEY_ECDSA:
2355@@ -3027,7 +3033,6 @@ sshkey_private_deserialize(struct sshbuf *buf, struct sshkey **kp)
2356 goto out;
2357 }
2358 if ((r = sshkey_froms(buf, &k)) != 0 ||
2359- (r = sshkey_add_private(k)) != 0 ||
2360 (r = sshbuf_get_bignum2(buf, exponent)) != 0)
2361 goto out;
2362 if (EC_KEY_set_private_key(k->ecdsa, exponent) != 1) {
2363@@ -3045,32 +3050,65 @@ sshkey_private_deserialize(struct sshbuf *buf, struct sshkey **kp)
2364 r = SSH_ERR_ALLOC_FAIL;
2365 goto out;
2366 }
2367- if ((r = sshbuf_get_bignum2(buf, k->rsa->n)) != 0 ||
2368- (r = sshbuf_get_bignum2(buf, k->rsa->e)) != 0 ||
2369- (r = sshbuf_get_bignum2(buf, k->rsa->d)) != 0 ||
2370- (r = sshbuf_get_bignum2(buf, k->rsa->iqmp)) != 0 ||
2371- (r = sshbuf_get_bignum2(buf, k->rsa->p)) != 0 ||
2372- (r = sshbuf_get_bignum2(buf, k->rsa->q)) != 0 ||
2373- (r = ssh_rsa_generate_additional_parameters(k)) != 0)
2374+ if ((rsa_n = BN_new()) == NULL ||
2375+ (rsa_e = BN_new()) == NULL ||
2376+ (rsa_d = BN_new()) == NULL ||
2377+ (rsa_iqmp = BN_new()) == NULL ||
2378+ (rsa_p = BN_new()) == NULL ||
2379+ (rsa_q = BN_new()) == NULL) {
2380+ r = SSH_ERR_ALLOC_FAIL;
2381+ goto out;
2382+ }
2383+ if ((r = sshbuf_get_bignum2(buf, rsa_n)) != 0 ||
2384+ (r = sshbuf_get_bignum2(buf, rsa_e)) != 0 ||
2385+ (r = sshbuf_get_bignum2(buf, rsa_d)) != 0 ||
2386+ (r = sshbuf_get_bignum2(buf, rsa_iqmp)) != 0 ||
2387+ (r = sshbuf_get_bignum2(buf, rsa_p)) != 0 ||
2388+ (r = sshbuf_get_bignum2(buf, rsa_q)) != 0)
2389 goto out;
2390- if (BN_num_bits(k->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) {
2391- r = SSH_ERR_KEY_LENGTH;
2392+ if (!RSA_set0_key(k->rsa, rsa_n, rsa_e, rsa_d)) {
2393+ r = SSH_ERR_LIBCRYPTO_ERROR;
2394+ goto out;
2395+ }
2396+ rsa_n = rsa_e = rsa_d = NULL; /* transferred */
2397+ if (!RSA_set0_factors(k->rsa, rsa_p, rsa_q)) {
2398+ r = SSH_ERR_LIBCRYPTO_ERROR;
2399 goto out;
2400 }
2401+ rsa_p = rsa_q = NULL; /* transferred */
2402+ if ((r = check_rsa_length(k->rsa)) != 0)
2403+ goto out;
2404+ if ((r = ssh_rsa_complete_crt_parameters(k, rsa_iqmp)) != 0)
2405+ goto out;
2406 break;
2407 case KEY_RSA_CERT:
2408+ if ((rsa_d = BN_new()) == NULL ||
2409+ (rsa_iqmp = BN_new()) == NULL ||
2410+ (rsa_p = BN_new()) == NULL ||
2411+ (rsa_q = BN_new()) == NULL) {
2412+ r = SSH_ERR_ALLOC_FAIL;
2413+ goto out;
2414+ }
2415 if ((r = sshkey_froms(buf, &k)) != 0 ||
2416- (r = sshkey_add_private(k)) != 0 ||
2417- (r = sshbuf_get_bignum2(buf, k->rsa->d)) != 0 ||
2418- (r = sshbuf_get_bignum2(buf, k->rsa->iqmp)) != 0 ||
2419- (r = sshbuf_get_bignum2(buf, k->rsa->p)) != 0 ||
2420- (r = sshbuf_get_bignum2(buf, k->rsa->q)) != 0 ||
2421- (r = ssh_rsa_generate_additional_parameters(k)) != 0)
2422+ (r = sshbuf_get_bignum2(buf, rsa_d)) != 0 ||
2423+ (r = sshbuf_get_bignum2(buf, rsa_iqmp)) != 0 ||
2424+ (r = sshbuf_get_bignum2(buf, rsa_p)) != 0 ||
2425+ (r = sshbuf_get_bignum2(buf, rsa_q)) != 0)
2426+ goto out;
2427+ if (!RSA_set0_key(k->rsa, NULL, NULL, rsa_d)) {
2428+ r = SSH_ERR_LIBCRYPTO_ERROR;
2429 goto out;
2430- if (BN_num_bits(k->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) {
2431- r = SSH_ERR_KEY_LENGTH;
2432+ }
2433+ rsa_d = NULL; /* transferred */
2434+ if (!RSA_set0_factors(k->rsa, rsa_p, rsa_q)) {
2435+ r = SSH_ERR_LIBCRYPTO_ERROR;
2436 goto out;
2437 }
2438+ rsa_p = rsa_q = NULL; /* transferred */
2439+ if ((r = check_rsa_length(k->rsa)) != 0)
2440+ goto out;
2441+ if ((r = ssh_rsa_complete_crt_parameters(k, rsa_iqmp)) != 0)
2442+ goto out;
2443 break;
2444 #endif /* WITH_OPENSSL */
2445 case KEY_ED25519:
2446@@ -3091,7 +3129,6 @@ sshkey_private_deserialize(struct sshbuf *buf, struct sshkey **kp)
2447 break;
2448 case KEY_ED25519_CERT:
2449 if ((r = sshkey_froms(buf, &k)) != 0 ||
2450- (r = sshkey_add_private(k)) != 0 ||
2451 (r = sshbuf_get_string(buf, &ed25519_pk, &pklen)) != 0 ||
2452 (r = sshbuf_get_string(buf, &ed25519_sk, &sklen)) != 0)
2453 goto out;
2454@@ -3128,7 +3165,6 @@ sshkey_private_deserialize(struct sshbuf *buf, struct sshkey **kp)
2455 break;
2456 case KEY_XMSS_CERT:
2457 if ((r = sshkey_froms(buf, &k)) != 0 ||
2458- (r = sshkey_add_private(k)) != 0 ||
2459 (r = sshbuf_get_cstring(buf, &xmss_name, NULL)) != 0 ||
2460 (r = sshbuf_get_string(buf, &xmss_pk, &pklen)) != 0 ||
2461 (r = sshbuf_get_string(buf, &xmss_sk, &sklen)) != 0)
2462@@ -3177,6 +3213,17 @@ sshkey_private_deserialize(struct sshbuf *buf, struct sshkey **kp)
2463 free(curve);
2464 #ifdef WITH_OPENSSL
2465 BN_clear_free(exponent);
2466+ BN_clear_free(dsa_p);
2467+ BN_clear_free(dsa_q);
2468+ BN_clear_free(dsa_g);
2469+ BN_clear_free(dsa_pub_key);
2470+ BN_clear_free(dsa_priv_key);
2471+ BN_clear_free(rsa_n);
2472+ BN_clear_free(rsa_e);
2473+ BN_clear_free(rsa_d);
2474+ BN_clear_free(rsa_p);
2475+ BN_clear_free(rsa_q);
2476+ BN_clear_free(rsa_iqmp);
2477 #endif /* WITH_OPENSSL */
2478 sshkey_free(k);
2479 freezero(ed25519_pk, pklen);
2480@@ -3831,7 +3878,9 @@ translate_libcrypto_error(unsigned long pem_err)
2481 switch (pem_reason) {
2482 case EVP_R_BAD_DECRYPT:
2483 return SSH_ERR_KEY_WRONG_PASSPHRASE;
2484+#ifdef EVP_R_BN_DECODE_ERROR
2485 case EVP_R_BN_DECODE_ERROR:
2486+#endif
2487 case EVP_R_DECODE_ERROR:
2488 #ifdef EVP_R_PRIVATE_KEY_DECODE_ERROR
2489 case EVP_R_PRIVATE_KEY_DECODE_ERROR:
2490@@ -3896,7 +3945,7 @@ sshkey_parse_private_pem_fileblob(struct sshbuf *blob, int type,
2491 r = convert_libcrypto_error();
2492 goto out;
2493 }
2494- if (pk->type == EVP_PKEY_RSA &&
2495+ if (EVP_PKEY_base_id(pk) == EVP_PKEY_RSA &&
2496 (type == KEY_UNSPEC || type == KEY_RSA)) {
2497 if ((prv = sshkey_new(KEY_UNSPEC)) == NULL) {
2498 r = SSH_ERR_ALLOC_FAIL;
2499@@ -3911,11 +3960,9 @@ sshkey_parse_private_pem_fileblob(struct sshbuf *blob, int type,
2500 r = SSH_ERR_LIBCRYPTO_ERROR;
2501 goto out;
2502 }
2503- if (BN_num_bits(prv->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) {
2504- r = SSH_ERR_KEY_LENGTH;
2505+ if ((r = check_rsa_length(prv->rsa)) != 0)
2506 goto out;
2507- }
2508- } else if (pk->type == EVP_PKEY_DSA &&
2509+ } else if (EVP_PKEY_base_id(pk) == EVP_PKEY_DSA &&
2510 (type == KEY_UNSPEC || type == KEY_DSA)) {
2511 if ((prv = sshkey_new(KEY_UNSPEC)) == NULL) {
2512 r = SSH_ERR_ALLOC_FAIL;
2513@@ -3927,7 +3974,7 @@ sshkey_parse_private_pem_fileblob(struct sshbuf *blob, int type,
2514 DSA_print_fp(stderr, prv->dsa, 8);
2515 #endif
2516 #ifdef OPENSSL_HAS_ECC
2517- } else if (pk->type == EVP_PKEY_EC &&
2518+ } else if (EVP_PKEY_base_id(pk) == EVP_PKEY_EC &&
2519 (type == KEY_UNSPEC || type == KEY_ECDSA)) {
2520 if ((prv = sshkey_new(KEY_UNSPEC)) == NULL) {
2521 r = SSH_ERR_ALLOC_FAIL;
2522diff --git a/sshkey.h b/sshkey.h
2523index 5a22a66f..4147ad92 100644
2524--- a/sshkey.h
2525+++ b/sshkey.h
2526@@ -39,6 +39,7 @@
2527 # define EC_POINT void
2528 # endif /* OPENSSL_HAS_ECC */
2529 #else /* WITH_OPENSSL */
2530+# define BIGNUM void
2531 # define RSA void
2532 # define DSA void
2533 # define EC_KEY void
2534@@ -127,10 +128,8 @@ struct sshkey {
2535 #define ED25519_PK_SZ crypto_sign_ed25519_PUBLICKEYBYTES
2536
2537 struct sshkey *sshkey_new(int);
2538-int sshkey_add_private(struct sshkey *);
2539-struct sshkey *sshkey_new_private(int);
2540+struct sshkey *sshkey_new_private(int); /* XXX garbage collect */
2541 void sshkey_free(struct sshkey *);
2542-int sshkey_demote(const struct sshkey *, struct sshkey **);
2543 int sshkey_equal_public(const struct sshkey *,
2544 const struct sshkey *);
2545 int sshkey_equal(const struct sshkey *, const struct sshkey *);
2546@@ -220,7 +219,7 @@ int sshkey_parse_private_fileblob_type(struct sshbuf *blob, int type,
2547 const char *passphrase, struct sshkey **keyp, char **commentp);
2548
2549 /* XXX should be internal, but used by ssh-keygen */
2550-int ssh_rsa_generate_additional_parameters(struct sshkey *);
2551+int ssh_rsa_complete_crt_parameters(struct sshkey *, const BIGNUM *);
2552
2553 /* stateful keys (e.g. XMSS) */
2554 #ifdef NO_ATTRIBUTE_ON_PROTOTYPE_ARGS
2555
2556commit 86112951d63d48839f035b5795be62635a463f99
2557Author: Damien Miller <djm@mindrot.org>
2558Date: Thu Sep 13 12:12:42 2018 +1000
2559
2560 forgot to stage these test files in commit d70d061
2561
2562diff --git a/regress/unittests/sshkey/mktestdata.sh b/regress/unittests/sshkey/mktestdata.sh
2563index 8047bc62..93da34c6 100755
2564--- a/regress/unittests/sshkey/mktestdata.sh
2565+++ b/regress/unittests/sshkey/mktestdata.sh
2566@@ -1,5 +1,5 @@
2567 #!/bin/sh
2568-# $OpenBSD: mktestdata.sh,v 1.6 2017/04/30 23:33:48 djm Exp $
2569+# $OpenBSD: mktestdata.sh,v 1.7 2018/09/12 01:36:45 djm Exp $
2570
2571 PW=mekmitasdigoat
2572
2573@@ -128,6 +128,18 @@ ssh-keygen -s rsa_2 -I hugo -n user1,user2 \
2574 -Oforce-command=/bin/ls -Ono-port-forwarding -Osource-address=10.0.0.0/8 \
2575 -V 19990101:20110101 -z 4 ed25519_1.pub
2576
2577+# Make a few RSA variant signature too.
2578+cp rsa_1 rsa_1_sha1
2579+cp rsa_1 rsa_1_sha512
2580+cp rsa_1.pub rsa_1_sha1.pub
2581+cp rsa_1.pub rsa_1_sha512.pub
2582+ssh-keygen -s rsa_2 -I hugo -n user1,user2 -t ssh-rsa \
2583+ -Oforce-command=/bin/ls -Ono-port-forwarding -Osource-address=10.0.0.0/8 \
2584+ -V 19990101:20110101 -z 1 rsa_1_sha1.pub
2585+ssh-keygen -s rsa_2 -I hugo -n user1,user2 -t rsa-sha2-512 \
2586+ -Oforce-command=/bin/ls -Ono-port-forwarding -Osource-address=10.0.0.0/8 \
2587+ -V 19990101:20110101 -z 1 rsa_1_sha512.pub
2588+
2589 ssh-keygen -s ed25519_1 -I julius -n host1,host2 -h \
2590 -V 19990101:20110101 -z 5 rsa_1.pub
2591 ssh-keygen -s ed25519_1 -I julius -n host1,host2 -h \
2592diff --git a/regress/unittests/sshkey/test_file.c b/regress/unittests/sshkey/test_file.c
2593index 99b7e21c..0636e84b 100644
2594--- a/regress/unittests/sshkey/test_file.c
2595+++ b/regress/unittests/sshkey/test_file.c
2596@@ -1,4 +1,4 @@
2597-/* $OpenBSD: test_file.c,v 1.6 2017/04/30 23:33:48 djm Exp $ */
2598+/* $OpenBSD: test_file.c,v 1.7 2018/09/12 01:36:45 djm Exp $ */
2599 /*
2600 * Regress test for sshkey.h key management API
2601 *
2602@@ -105,6 +105,24 @@ sshkey_file_tests(void)
2603 sshkey_free(k2);
2604 TEST_DONE();
2605
2606+ TEST_START("load RSA cert with SHA1 signature");
2607+ ASSERT_INT_EQ(sshkey_load_cert(test_data_file("rsa_1_sha1"), &k2), 0);
2608+ ASSERT_PTR_NE(k2, NULL);
2609+ ASSERT_INT_EQ(k2->type, KEY_RSA_CERT);
2610+ ASSERT_INT_EQ(sshkey_equal_public(k1, k2), 1);
2611+ ASSERT_STRING_EQ(k2->cert->signature_type, "ssh-rsa");
2612+ sshkey_free(k2);
2613+ TEST_DONE();
2614+
2615+ TEST_START("load RSA cert with SHA512 signature");
2616+ ASSERT_INT_EQ(sshkey_load_cert(test_data_file("rsa_1_sha512"), &k2), 0);
2617+ ASSERT_PTR_NE(k2, NULL);
2618+ ASSERT_INT_EQ(k2->type, KEY_RSA_CERT);
2619+ ASSERT_INT_EQ(sshkey_equal_public(k1, k2), 1);
2620+ ASSERT_STRING_EQ(k2->cert->signature_type, "rsa-sha2-512");
2621+ sshkey_free(k2);
2622+ TEST_DONE();
2623+
2624 TEST_START("load RSA cert");
2625 ASSERT_INT_EQ(sshkey_load_cert(test_data_file("rsa_1"), &k2), 0);
2626 ASSERT_PTR_NE(k2, NULL);
2627
2628commit 48f54b9d12c1c79fba333bc86d455d8f4cda8cfc
2629Author: Damien Miller <djm@mindrot.org>
2630Date: Thu Sep 13 12:13:50 2018 +1000
2631
2632 adapt -portable to OpenSSL 1.1x API
2633
2634 Polyfill missing API with replacement functions extracted from LibreSSL
2635
2636diff --git a/auth-pam.c b/auth-pam.c
2637index 8c013836..1dec53e9 100644
2638--- a/auth-pam.c
2639+++ b/auth-pam.c
2640@@ -128,6 +128,10 @@ extern u_int utmp_len;
2641 typedef pthread_t sp_pthread_t;
2642 #else
2643 typedef pid_t sp_pthread_t;
2644+#define pthread_exit fake_pthread_exit
2645+#define pthread_create fake_pthread_create
2646+#define pthread_cancel fake_pthread_cancel
2647+#define pthread_join fake_pthread_join
2648 #endif
2649
2650 struct pam_ctxt {
2651diff --git a/cipher.c b/cipher.c
2652index df43826e..12c59888 100644
2653--- a/cipher.c
2654+++ b/cipher.c
2655@@ -525,41 +525,3 @@ cipher_set_keyiv(struct sshcipher_ctx *cc, const u_char *iv, size_t len)
2656 #endif
2657 return 0;
2658 }
2659-
2660-#ifdef WITH_OPENSSL
2661-#define EVP_X_STATE(evp) (evp)->cipher_data
2662-#define EVP_X_STATE_LEN(evp) (evp)->cipher->ctx_size
2663-#endif
2664-
2665-int
2666-cipher_get_keycontext(const struct sshcipher_ctx *cc, u_char *dat)
2667-{
2668-#if defined(WITH_OPENSSL) && !defined(OPENSSL_NO_RC4)
2669- const struct sshcipher *c = cc->cipher;
2670- int plen = 0;
2671-
2672- if (c->evptype == EVP_rc4) {
2673- plen = EVP_X_STATE_LEN(cc->evp);
2674- if (dat == NULL)
2675- return (plen);
2676- memcpy(dat, EVP_X_STATE(cc->evp), plen);
2677- }
2678- return (plen);
2679-#else
2680- return 0;
2681-#endif
2682-}
2683-
2684-void
2685-cipher_set_keycontext(struct sshcipher_ctx *cc, const u_char *dat)
2686-{
2687-#if defined(WITH_OPENSSL) && !defined(OPENSSL_NO_RC4)
2688- const struct sshcipher *c = cc->cipher;
2689- int plen;
2690-
2691- if (c->evptype == EVP_rc4) {
2692- plen = EVP_X_STATE_LEN(cc->evp);
2693- memcpy(EVP_X_STATE(cc->evp), dat, plen);
2694- }
2695-#endif
2696-}
2697diff --git a/configure.ac b/configure.ac
2698index 83e53075..c0e120fe 100644
2699--- a/configure.ac
2700+++ b/configure.ac
2701@@ -2602,9 +2602,10 @@ if test "x$openssl" = "xyes" ; then
2702 AC_MSG_ERROR([OpenSSL >= 1.0.1 required (have "$ssl_library_ver")])
2703 ;;
2704 100*) ;; # 1.0.x
2705+ 101*) ;; # 1.1.x
2706 200*) ;; # LibreSSL
2707 *)
2708- AC_MSG_ERROR([OpenSSL >= 1.1.0 is not yet supported (have "$ssl_library_ver")])
2709+ AC_MSG_ERROR([OpenSSL > 1.1.x is not yet supported (have "$ssl_library_ver")])
2710 ;;
2711 esac
2712 AC_MSG_RESULT([$ssl_library_ver])
2713@@ -2777,6 +2778,115 @@ if test "x$openssl" = "xyes" ; then
2714 [AC_DEFINE([HAVE_EVP_CIPHER_CTX_CTRL], [1],
2715 [Define if libcrypto has EVP_CIPHER_CTX_ctrl])])
2716
2717+ # LibreSSL/OpenSSL 1.1x API
2718+ AC_SEARCH_LIBS([DH_get0_key], [crypto],
2719+ [AC_DEFINE([HAVE_DH_GET0_KEY], [1],
2720+ [Define if libcrypto has DH_get0_key])])
2721+ AC_SEARCH_LIBS([DH_get0_pqg], [crypto],
2722+ [AC_DEFINE([HAVE_DH_GET0_PQG], [1],
2723+ [Define if libcrypto has DH_get0_pqg])])
2724+ AC_SEARCH_LIBS([DH_set0_key], [crypto],
2725+ [AC_DEFINE([HAVE_DH_SET0_KEY], [1],
2726+ [Define if libcrypto has DH_set0_key])])
2727+ AC_SEARCH_LIBS([DH_set_length], [crypto],
2728+ [AC_DEFINE([HAVE_DH_SET_LENGTH], [1],
2729+ [Define if libcrypto has DH_set_length])])
2730+ AC_SEARCH_LIBS([DH_set0_pqg], [crypto],
2731+ [AC_DEFINE([HAVE_DH_SET0_PQG], [1],
2732+ [Define if libcrypto has DH_set0_pqg])])
2733+
2734+ AC_SEARCH_LIBS([DSA_get0_key], [crypto],
2735+ [AC_DEFINE([HAVE_DSA_GET0_KEY], [1],
2736+ [Define if libcrypto has DSA_get0_key])])
2737+ AC_SEARCH_LIBS([DSA_get0_pqg], [crypto],
2738+ [AC_DEFINE([HAVE_DSA_GET0_PQG], [1],
2739+ [Define if libcrypto has DSA_get0_pqg])])
2740+ AC_SEARCH_LIBS([DSA_set0_key], [crypto],
2741+ [AC_DEFINE([HAVE_DSA_SET0_KEY], [1],
2742+ [Define if libcrypto has DSA_set0_key])])
2743+ AC_SEARCH_LIBS([DSA_set0_pqg], [crypto],
2744+ [AC_DEFINE([HAVE_DSA_SET0_PQG], [1],
2745+ [Define if libcrypto has DSA_set0_pqg])])
2746+
2747+ AC_SEARCH_LIBS([DSA_SIG_get0], [crypto],
2748+ [AC_DEFINE([HAVE_DSA_SIG_GET0], [1],
2749+ [Define if libcrypto has DSA_SIG_get0])])
2750+ AC_SEARCH_LIBS([DSA_SIG_set0], [crypto],
2751+ [AC_DEFINE([HAVE_DSA_SIG_SET0], [1],
2752+ [Define if libcrypto has DSA_SIG_set0])])
2753+
2754+ AC_SEARCH_LIBS([ECDSA_SIG_get0], [crypto],
2755+ [AC_DEFINE([HAVE_ECDSA_SIG_GET0], [1],
2756+ [Define if libcrypto has ECDSA_SIG_get0])])
2757+ AC_SEARCH_LIBS([ECDSA_SIG_set0], [crypto],
2758+ [AC_DEFINE([HAVE_ECDSA_SIG_SET0], [1],
2759+ [Define if libcrypto has ECDSA_SIG_set0])])
2760+
2761+ AC_SEARCH_LIBS([EVP_CIPHER_CTX_iv], [crypto],
2762+ [AC_DEFINE([HAVE_EVP_CIPHER_CTX_IV], [1],
2763+ [Define if libcrypto has EVP_CIPHER_CTX_iv])])
2764+ AC_SEARCH_LIBS([EVP_CIPHER_CTX_iv_noconst], [crypto],
2765+ [AC_DEFINE([HAVE_EVP_CIPHER_CTX_IV_NOCONST], [1],
2766+ [Define if libcrypto has EVP_CIPHER_CTX_iv_noconst])])
2767+ AC_SEARCH_LIBS([EVP_CIPHER_CTX_get_iv], [crypto],
2768+ [AC_DEFINE([HAVE_EVP_CIPHER_CTX_GET_IV], [1],
2769+ [Define if libcrypto has EVP_CIPHER_CTX_get_iv])])
2770+ AC_SEARCH_LIBS([EVP_CIPHER_CTX_set_iv], [crypto],
2771+ [AC_DEFINE([HAVE_EVP_CIPHER_CTX_GET_IV], [1],
2772+ [Define if libcrypto has EVP_CIPHER_CTX_set_iv])])
2773+
2774+ AC_SEARCH_LIBS([RSA_get0_crt_params], [crypto],
2775+ [AC_DEFINE([HAVE_RSA_GET0_CRT_PARAMS], [1],
2776+ [Define if libcrypto has RSA_get0_crt_params])])
2777+ AC_SEARCH_LIBS([RSA_get0_factors], [crypto],
2778+ [AC_DEFINE([HAVE_RSA_GET0_FACTORS], [1],
2779+ [Define if libcrypto has RSA_get0_factors])])
2780+ AC_SEARCH_LIBS([RSA_get0_key], [crypto],
2781+ [AC_DEFINE([HAVE_RSA_GET0_KEY], [1],
2782+ [Define if libcrypto has RSA_get0_key])])
2783+ AC_SEARCH_LIBS([RSA_set0_crt_params], [crypto],
2784+ [AC_DEFINE([HAVE_RSA_SET0_CRT_PARAMS], [1],
2785+ [Define if libcrypto has RSA_get0_srt_params])])
2786+ AC_SEARCH_LIBS([RSA_set0_factors], [crypto],
2787+ [AC_DEFINE([HAVE_RSA_SET0_FACTORS], [1],
2788+ [Define if libcrypto has RSA_set0_factors])])
2789+ AC_SEARCH_LIBS([RSA_set0_key], [crypto],
2790+ [AC_DEFINE([HAVE_RSA_SET0_KEY], [1],
2791+ [Define if libcrypto has RSA_set0_key])])
2792+
2793+ AC_SEARCH_LIBS([RSA_meth_free], [crypto],
2794+ [AC_DEFINE([HAVE_RSA_METH_FREE], [1],
2795+ [Define if libcrypto has RSA_meth_free])])
2796+ AC_SEARCH_LIBS([RSA_meth_dup], [crypto],
2797+ [AC_DEFINE([HAVE_RSA_METH_DUP], [1],
2798+ [Define if libcrypto has RSA_meth_dup])])
2799+ AC_SEARCH_LIBS([RSA_meth_set1_name], [crypto],
2800+ [AC_DEFINE([HAVE_RSA_METH_SET1_NAME], [1],
2801+ [Define if libcrypto has RSA_meth_set1_name])])
2802+ AC_SEARCH_LIBS([RSA_meth_get_finish], [crypto],
2803+ [AC_DEFINE([HAVE_RSA_METH_GET_FINISH], [1],
2804+ [Define if libcrypto has RSA_meth_get_finish])])
2805+ AC_SEARCH_LIBS([RSA_meth_set_priv_enc], [crypto],
2806+ [AC_DEFINE([HAVE_RSA_METH_SET_PRIV_ENC], [1],
2807+ [Define if libcrypto has RSA_meth_set_priv_enc])])
2808+ AC_SEARCH_LIBS([RSA_meth_set_priv_dec], [crypto],
2809+ [AC_DEFINE([HAVE_RSA_METH_SET_PRIV_DEC], [1],
2810+ [Define if libcrypto has RSA_meth_set_priv_dec])])
2811+ AC_SEARCH_LIBS([RSA_meth_set_finish], [crypto],
2812+ [AC_DEFINE([HAVE_RSA_METH_SET_FINISH], [1],
2813+ [Define if libcrypto has RSA_meth_set_finish])])
2814+
2815+ AC_SEARCH_LIBS([EVP_PKEY_get0_RSA], [crypto],
2816+ [AC_DEFINE([HAVE_EVP_PKEY_GET0_RSA], [1],
2817+ [Define if libcrypto has EVP_PKEY_get0_RSA])])
2818+
2819+ AC_SEARCH_LIBS([EVP_MD_CTX_new], [crypto],
2820+ [AC_DEFINE([HAVE_EVP_MD_CTX_NEW], [1],
2821+ [Define if libcrypto has EVP_MD_CTX_new])])
2822+ AC_SEARCH_LIBS([EVP_MD_CTX_free], [crypto],
2823+ [AC_DEFINE([HAVE_EVP_MD_CTX_FREE], [1],
2824+ [Define if libcrypto has EVP_MD_CTX_free])])
2825+
2826 AC_MSG_CHECKING([if EVP_DigestUpdate returns an int])
2827 AC_LINK_IFELSE(
2828 [AC_LANG_PROGRAM([[
2829diff --git a/dh.c b/dh.c
2830index d0d4527b..f3ed3882 100644
2831--- a/dh.c
2832+++ b/dh.c
2833@@ -43,6 +43,8 @@
2834 #include "misc.h"
2835 #include "ssherr.h"
2836
2837+#include "openbsd-compat/openssl-compat.h"
2838+
2839 static int
2840 parse_prime(int linenum, char *line, struct dhgroup *dhg)
2841 {
2842diff --git a/kexdh.c b/kexdh.c
2843index 0bf0dc13..e6925b18 100644
2844--- a/kexdh.c
2845+++ b/kexdh.c
2846@@ -33,6 +33,8 @@
2847
2848 #include <openssl/evp.h>
2849
2850+#include "openbsd-compat/openssl-compat.h"
2851+
2852 #include "ssh2.h"
2853 #include "sshkey.h"
2854 #include "cipher.h"
2855diff --git a/kexdhc.c b/kexdhc.c
2856index a8b74247..8b56377a 100644
2857--- a/kexdhc.c
2858+++ b/kexdhc.c
2859@@ -36,6 +36,8 @@
2860 #include <string.h>
2861 #include <signal.h>
2862
2863+#include "openbsd-compat/openssl-compat.h"
2864+
2865 #include "sshkey.h"
2866 #include "cipher.h"
2867 #include "digest.h"
2868diff --git a/kexdhs.c b/kexdhs.c
2869index 8367c6c3..337aab5b 100644
2870--- a/kexdhs.c
2871+++ b/kexdhs.c
2872@@ -35,6 +35,8 @@
2873
2874 #include <openssl/dh.h>
2875
2876+#include "openbsd-compat/openssl-compat.h"
2877+
2878 #include "sshkey.h"
2879 #include "cipher.h"
2880 #include "digest.h"
2881diff --git a/kexgex.c b/kexgex.c
2882index 8b0d8333..3ca4bd37 100644
2883--- a/kexgex.c
2884+++ b/kexgex.c
2885@@ -33,6 +33,8 @@
2886 #include <openssl/evp.h>
2887 #include <signal.h>
2888
2889+#include "openbsd-compat/openssl-compat.h"
2890+
2891 #include "sshkey.h"
2892 #include "cipher.h"
2893 #include "kex.h"
2894diff --git a/kexgexc.c b/kexgexc.c
2895index 955bc837..0d07f73c 100644
2896--- a/kexgexc.c
2897+++ b/kexgexc.c
2898@@ -37,6 +37,8 @@
2899 #include <string.h>
2900 #include <signal.h>
2901
2902+#include "openbsd-compat/openssl-compat.h"
2903+
2904 #include "sshkey.h"
2905 #include "cipher.h"
2906 #include "digest.h"
2907diff --git a/kexgexs.c b/kexgexs.c
2908index 2a4aa7e8..ce934f88 100644
2909--- a/kexgexs.c
2910+++ b/kexgexs.c
2911@@ -36,6 +36,8 @@
2912
2913 #include <openssl/dh.h>
2914
2915+#include "openbsd-compat/openssl-compat.h"
2916+
2917 #include "sshkey.h"
2918 #include "cipher.h"
2919 #include "digest.h"
2920diff --git a/monitor.c b/monitor.c
2921index b30813b4..531b2993 100644
2922--- a/monitor.c
2923+++ b/monitor.c
2924@@ -29,7 +29,6 @@
2925
2926 #include <sys/types.h>
2927 #include <sys/socket.h>
2928-#include "openbsd-compat/sys-tree.h"
2929 #include <sys/wait.h>
2930
2931 #include <errno.h>
2932@@ -60,7 +59,10 @@
2933 #include <openssl/dh.h>
2934 #endif
2935
2936+#include "openbsd-compat/sys-tree.h"
2937 #include "openbsd-compat/sys-queue.h"
2938+#include "openbsd-compat/openssl-compat.h"
2939+
2940 #include "atomicio.h"
2941 #include "xmalloc.h"
2942 #include "ssh.h"
2943diff --git a/openbsd-compat/Makefile.in b/openbsd-compat/Makefile.in
2944index 2fd9b952..c1e14cbd 100644
2945--- a/openbsd-compat/Makefile.in
2946+++ b/openbsd-compat/Makefile.in
2947@@ -85,6 +85,7 @@ COMPAT= arc4random.o \
2948 getrrsetbyname-ldns.o \
2949 kludge-fd_set.o \
2950 openssl-compat.o \
2951+ libressl-api-compat.o \
2952 xcrypt.o
2953
2954 PORTS= port-aix.o \
2955diff --git a/openbsd-compat/libressl-api-compat.c b/openbsd-compat/libressl-api-compat.c
2956new file mode 100644
2957index 00000000..de3e64a6
2958--- /dev/null
2959+++ b/openbsd-compat/libressl-api-compat.c
2960@@ -0,0 +1,636 @@
2961+/* $OpenBSD: dsa_lib.c,v 1.29 2018/04/14 07:09:21 tb Exp $ */
2962+/* $OpenBSD: rsa_lib.c,v 1.37 2018/04/14 07:09:21 tb Exp $ */
2963+/* $OpenBSD: evp_lib.c,v 1.17 2018/09/12 06:35:38 djm Exp $ */
2964+/* $OpenBSD: dh_lib.c,v 1.32 2018/05/02 15:48:38 tb Exp $ */
2965+/* $OpenBSD: p_lib.c,v 1.24 2018/05/30 15:40:50 tb Exp $ */
2966+/* $OpenBSD: digest.c,v 1.30 2018/04/14 07:09:21 tb Exp $ */
2967+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
2968+ * All rights reserved.
2969+ *
2970+ * This package is an SSL implementation written
2971+ * by Eric Young (eay@cryptsoft.com).
2972+ * The implementation was written so as to conform with Netscapes SSL.
2973+ *
2974+ * This library is free for commercial and non-commercial use as long as
2975+ * the following conditions are aheared to. The following conditions
2976+ * apply to all code found in this distribution, be it the RC4, RSA,
2977+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
2978+ * included with this distribution is covered by the same copyright terms
2979+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
2980+ *
2981+ * Copyright remains Eric Young's, and as such any Copyright notices in
2982+ * the code are not to be removed.
2983+ * If this package is used in a product, Eric Young should be given attribution
2984+ * as the author of the parts of the library used.
2985+ * This can be in the form of a textual message at program startup or
2986+ * in documentation (online or textual) provided with the package.
2987+ *
2988+ * Redistribution and use in source and binary forms, with or without
2989+ * modification, are permitted provided that the following conditions
2990+ * are met:
2991+ * 1. Redistributions of source code must retain the copyright
2992+ * notice, this list of conditions and the following disclaimer.
2993+ * 2. Redistributions in binary form must reproduce the above copyright
2994+ * notice, this list of conditions and the following disclaimer in the
2995+ * documentation and/or other materials provided with the distribution.
2996+ * 3. All advertising materials mentioning features or use of this software
2997+ * must display the following acknowledgement:
2998+ * "This product includes cryptographic software written by
2999+ * Eric Young (eay@cryptsoft.com)"
3000+ * The word 'cryptographic' can be left out if the rouines from the library
3001+ * being used are not cryptographic related :-).
3002+ * 4. If you include any Windows specific code (or a derivative thereof) from
3003+ * the apps directory (application code) you must include an acknowledgement:
3004+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
3005+ *
3006+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
3007+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
3008+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
3009+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
3010+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
3011+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
3012+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
3013+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
3014+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
3015+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
3016+ * SUCH DAMAGE.
3017+ *
3018+ * The licence and distribution terms for any publically available version or
3019+ * derivative of this code cannot be changed. i.e. this code cannot simply be
3020+ * copied and put under another distribution licence
3021+ * [including the GNU Public Licence.]
3022+ */
3023+
3024+/* $OpenBSD: dsa_asn1.c,v 1.22 2018/06/14 17:03:19 jsing Exp $ */
3025+/* $OpenBSD: ecs_asn1.c,v 1.9 2018/03/17 15:24:44 tb Exp $ */
3026+/* $OpenBSD: digest.c,v 1.30 2018/04/14 07:09:21 tb Exp $ */
3027+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3028+ * project 2000.
3029+ */
3030+/* ====================================================================
3031+ * Copyright (c) 2000-2005 The OpenSSL Project. All rights reserved.
3032+ *
3033+ * Redistribution and use in source and binary forms, with or without
3034+ * modification, are permitted provided that the following conditions
3035+ * are met:
3036+ *
3037+ * 1. Redistributions of source code must retain the above copyright
3038+ * notice, this list of conditions and the following disclaimer.
3039+ *
3040+ * 2. Redistributions in binary form must reproduce the above copyright
3041+ * notice, this list of conditions and the following disclaimer in
3042+ * the documentation and/or other materials provided with the
3043+ * distribution.
3044+ *
3045+ * 3. All advertising materials mentioning features or use of this
3046+ * software must display the following acknowledgment:
3047+ * "This product includes software developed by the OpenSSL Project
3048+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
3049+ *
3050+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
3051+ * endorse or promote products derived from this software without
3052+ * prior written permission. For written permission, please contact
3053+ * licensing@OpenSSL.org.
3054+ *
3055+ * 5. Products derived from this software may not be called "OpenSSL"
3056+ * nor may "OpenSSL" appear in their names without prior written
3057+ * permission of the OpenSSL Project.
3058+ *
3059+ * 6. Redistributions of any form whatsoever must retain the following
3060+ * acknowledgment:
3061+ * "This product includes software developed by the OpenSSL Project
3062+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
3063+ *
3064+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
3065+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
3066+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
3067+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
3068+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
3069+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
3070+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
3071+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
3072+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
3073+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
3074+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
3075+ * OF THE POSSIBILITY OF SUCH DAMAGE.
3076+ * ====================================================================
3077+ *
3078+ * This product includes cryptographic software written by Eric Young
3079+ * (eay@cryptsoft.com). This product includes software written by Tim
3080+ * Hudson (tjh@cryptsoft.com).
3081+ *
3082+ */
3083+
3084+/* $OpenBSD: rsa_meth.c,v 1.2 2018/09/12 06:35:38 djm Exp $ */
3085+/*
3086+ * Copyright (c) 2018 Theo Buehler <tb@openbsd.org>
3087+ *
3088+ * Permission to use, copy, modify, and distribute this software for any
3089+ * purpose with or without fee is hereby granted, provided that the above
3090+ * copyright notice and this permission notice appear in all copies.
3091+ *
3092+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
3093+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
3094+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
3095+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
3096+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
3097+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
3098+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
3099+ */
3100+
3101+#include "includes.h"
3102+
3103+#ifdef WITH_OPENSSL
3104+
3105+#include <sys/types.h>
3106+
3107+#include <stdlib.h>
3108+#include <string.h>
3109+
3110+#include <openssl/err.h>
3111+#include <openssl/bn.h>
3112+#include <openssl/dsa.h>
3113+#include <openssl/rsa.h>
3114+#include <openssl/evp.h>
3115+#include <openssl/ecdsa.h>
3116+#include <openssl/dh.h>
3117+
3118+#ifndef HAVE_DSA_GET0_PQG
3119+void
3120+DSA_get0_pqg(const DSA *d, const BIGNUM **p, const BIGNUM **q, const BIGNUM **g)
3121+{
3122+ if (p != NULL)
3123+ *p = d->p;
3124+ if (q != NULL)
3125+ *q = d->q;
3126+ if (g != NULL)
3127+ *g = d->g;
3128+}
3129+#endif /* HAVE_DSA_GET0_PQG */
3130+
3131+#ifndef HAVE_DSA_SET0_PQG
3132+int
3133+DSA_set0_pqg(DSA *d, BIGNUM *p, BIGNUM *q, BIGNUM *g)
3134+{
3135+ if ((d->p == NULL && p == NULL) || (d->q == NULL && q == NULL) ||
3136+ (d->g == NULL && g == NULL))
3137+ return 0;
3138+
3139+ if (p != NULL) {
3140+ BN_free(d->p);
3141+ d->p = p;
3142+ }
3143+ if (q != NULL) {
3144+ BN_free(d->q);
3145+ d->q = q;
3146+ }
3147+ if (g != NULL) {
3148+ BN_free(d->g);
3149+ d->g = g;
3150+ }
3151+
3152+ return 1;
3153+}
3154+#endif /* HAVE_DSA_SET0_PQG */
3155+
3156+#ifndef HAVE_DSA_GET0_KEY
3157+void
3158+DSA_get0_key(const DSA *d, const BIGNUM **pub_key, const BIGNUM **priv_key)
3159+{
3160+ if (pub_key != NULL)
3161+ *pub_key = d->pub_key;
3162+ if (priv_key != NULL)
3163+ *priv_key = d->priv_key;
3164+}
3165+#endif /* HAVE_DSA_GET0_KEY */
3166+
3167+#ifndef HAVE_DSA_SET0_KEY
3168+int
3169+DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key)
3170+{
3171+ if (d->pub_key == NULL && pub_key == NULL)
3172+ return 0;
3173+
3174+ if (pub_key != NULL) {
3175+ BN_free(d->pub_key);
3176+ d->pub_key = pub_key;
3177+ }
3178+ if (priv_key != NULL) {
3179+ BN_free(d->priv_key);
3180+ d->priv_key = priv_key;
3181+ }
3182+
3183+ return 1;
3184+}
3185+#endif /* HAVE_DSA_SET0_KEY */
3186+
3187+#ifndef HAVE_RSA_GET0_KEY
3188+void
3189+RSA_get0_key(const RSA *r, const BIGNUM **n, const BIGNUM **e, const BIGNUM **d)
3190+{
3191+ if (n != NULL)
3192+ *n = r->n;
3193+ if (e != NULL)
3194+ *e = r->e;
3195+ if (d != NULL)
3196+ *d = r->d;
3197+}
3198+#endif /* HAVE_RSA_GET0_KEY */
3199+
3200+#ifndef HAVE_RSA_SET0_KEY
3201+int
3202+RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d)
3203+{
3204+ if ((r->n == NULL && n == NULL) || (r->e == NULL && e == NULL))
3205+ return 0;
3206+
3207+ if (n != NULL) {
3208+ BN_free(r->n);
3209+ r->n = n;
3210+ }
3211+ if (e != NULL) {
3212+ BN_free(r->e);
3213+ r->e = e;
3214+ }
3215+ if (d != NULL) {
3216+ BN_free(r->d);
3217+ r->d = d;
3218+ }
3219+
3220+ return 1;
3221+}
3222+#endif /* HAVE_RSA_SET0_KEY */
3223+
3224+#ifndef HAVE_RSA_GET0_CRT_PARAMS
3225+void
3226+RSA_get0_crt_params(const RSA *r, const BIGNUM **dmp1, const BIGNUM **dmq1,
3227+ const BIGNUM **iqmp)
3228+{
3229+ if (dmp1 != NULL)
3230+ *dmp1 = r->dmp1;
3231+ if (dmq1 != NULL)
3232+ *dmq1 = r->dmq1;
3233+ if (iqmp != NULL)
3234+ *iqmp = r->iqmp;
3235+}
3236+#endif /* HAVE_RSA_GET0_CRT_PARAMS */
3237+
3238+#ifndef HAVE_RSA_SET0_CRT_PARAMS
3239+int
3240+RSA_set0_crt_params(RSA *r, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp)
3241+{
3242+ if ((r->dmp1 == NULL && dmp1 == NULL) ||
3243+ (r->dmq1 == NULL && dmq1 == NULL) ||
3244+ (r->iqmp == NULL && iqmp == NULL))
3245+ return 0;
3246+
3247+ if (dmp1 != NULL) {
3248+ BN_free(r->dmp1);
3249+ r->dmp1 = dmp1;
3250+ }
3251+ if (dmq1 != NULL) {
3252+ BN_free(r->dmq1);
3253+ r->dmq1 = dmq1;
3254+ }
3255+ if (iqmp != NULL) {
3256+ BN_free(r->iqmp);
3257+ r->iqmp = iqmp;
3258+ }
3259+
3260+ return 1;
3261+}
3262+#endif /* HAVE_RSA_SET0_CRT_PARAMS */
3263+
3264+#ifndef HAVE_RSA_GET0_FACTORS
3265+void
3266+RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q)
3267+{
3268+ if (p != NULL)
3269+ *p = r->p;
3270+ if (q != NULL)
3271+ *q = r->q;
3272+}
3273+#endif /* HAVE_RSA_GET0_FACTORS */
3274+
3275+#ifndef HAVE_RSA_SET0_FACTORS
3276+int
3277+RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q)
3278+{
3279+ if ((r->p == NULL && p == NULL) || (r->q == NULL && q == NULL))
3280+ return 0;
3281+
3282+ if (p != NULL) {
3283+ BN_free(r->p);
3284+ r->p = p;
3285+ }
3286+ if (q != NULL) {
3287+ BN_free(r->q);
3288+ r->q = q;
3289+ }
3290+
3291+ return 1;
3292+}
3293+#endif /* HAVE_RSA_SET0_FACTORS */
3294+
3295+#ifndef HAVE_EVP_CIPHER_CTX_GET_IV
3296+int
3297+EVP_CIPHER_CTX_get_iv(const EVP_CIPHER_CTX *ctx, unsigned char *iv, size_t len)
3298+{
3299+ if (ctx == NULL)
3300+ return 0;
3301+ if (EVP_CIPHER_CTX_iv_length(ctx) < 0)
3302+ return 0;
3303+ if (len != (size_t)EVP_CIPHER_CTX_iv_length(ctx))
3304+ return 0;
3305+ if (len > EVP_MAX_IV_LENGTH)
3306+ return 0; /* sanity check; shouldn't happen */
3307+ /*
3308+ * Skip the memcpy entirely when the requested IV length is zero,
3309+ * since the iv pointer may be NULL or invalid.
3310+ */
3311+ if (len != 0) {
3312+ if (iv == NULL)
3313+ return 0;
3314+# ifdef HAVE_EVP_CIPHER_CTX_IV
3315+ memcpy(iv, EVP_CIPHER_CTX_iv(ctx), len);
3316+# else
3317+ memcpy(iv, ctx->iv, len);
3318+# endif /* HAVE_EVP_CIPHER_CTX_IV */
3319+ }
3320+ return 1;
3321+}
3322+#endif /* HAVE_EVP_CIPHER_CTX_GET_IV */
3323+
3324+#ifndef HAVE_EVP_CIPHER_CTX_SET_IV
3325+int
3326+EVP_CIPHER_CTX_set_iv(EVP_CIPHER_CTX *ctx, const unsigned char *iv, size_t len)
3327+{
3328+ if (ctx == NULL)
3329+ return 0;
3330+ if (EVP_CIPHER_CTX_iv_length(ctx) < 0)
3331+ return 0;
3332+ if (len != (size_t)EVP_CIPHER_CTX_iv_length(ctx))
3333+ return 0;
3334+ if (len > EVP_MAX_IV_LENGTH)
3335+ return 0; /* sanity check; shouldn't happen */
3336+ /*
3337+ * Skip the memcpy entirely when the requested IV length is zero,
3338+ * since the iv pointer may be NULL or invalid.
3339+ */
3340+ if (len != 0) {
3341+ if (iv == NULL)
3342+ return 0;
3343+# ifdef HAVE_EVP_CIPHER_CTX_IV_NOCONST
3344+ memcpy(EVP_CIPHER_CTX_iv_noconst(ctx), iv, len);
3345+# else
3346+ memcpy(ctx->iv, iv, len);
3347+# endif /* HAVE_EVP_CIPHER_CTX_IV_NOCONST */
3348+ }
3349+ return 1;
3350+}
3351+#endif /* HAVE_EVP_CIPHER_CTX_SET_IV */
3352+
3353+#ifndef HAVE_DSA_SIG_GET0
3354+void
3355+DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps)
3356+{
3357+ if (pr != NULL)
3358+ *pr = sig->r;
3359+ if (ps != NULL)
3360+ *ps = sig->s;
3361+}
3362+#endif /* HAVE_DSA_SIG_GET0 */
3363+
3364+#ifndef HAVE_DSA_SIG_SET0
3365+int
3366+DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s)
3367+{
3368+ if (r == NULL || s == NULL)
3369+ return 0;
3370+
3371+ BN_clear_free(sig->r);
3372+ sig->r = r;
3373+ BN_clear_free(sig->s);
3374+ sig->s = s;
3375+
3376+ return 1;
3377+}
3378+#endif /* HAVE_DSA_SIG_SET0 */
3379+
3380+#ifndef HAVE_ECDSA_SIG_GET0
3381+void
3382+ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps)
3383+{
3384+ if (pr != NULL)
3385+ *pr = sig->r;
3386+ if (ps != NULL)
3387+ *ps = sig->s;
3388+}
3389+#endif /* HAVE_ECDSA_SIG_GET0 */
3390+
3391+#ifndef HAVE_ECDSA_SIG_SET0
3392+int
3393+ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s)
3394+{
3395+ if (r == NULL || s == NULL)
3396+ return 0;
3397+
3398+ BN_clear_free(sig->r);
3399+ BN_clear_free(sig->s);
3400+ sig->r = r;
3401+ sig->s = s;
3402+ return 1;
3403+}
3404+#endif /* HAVE_ECDSA_SIG_SET0 */
3405+
3406+#ifndef HAVE_DH_GET0_PQG
3407+void
3408+DH_get0_pqg(const DH *dh, const BIGNUM **p, const BIGNUM **q, const BIGNUM **g)
3409+{
3410+ if (p != NULL)
3411+ *p = dh->p;
3412+ if (q != NULL)
3413+ *q = dh->q;
3414+ if (g != NULL)
3415+ *g = dh->g;
3416+}
3417+#endif /* HAVE_DH_GET0_PQG */
3418+
3419+#ifndef HAVE_DH_SET0_PQG
3420+int
3421+DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g)
3422+{
3423+ if ((dh->p == NULL && p == NULL) || (dh->g == NULL && g == NULL))
3424+ return 0;
3425+
3426+ if (p != NULL) {
3427+ BN_free(dh->p);
3428+ dh->p = p;
3429+ }
3430+ if (q != NULL) {
3431+ BN_free(dh->q);
3432+ dh->q = q;
3433+ }
3434+ if (g != NULL) {
3435+ BN_free(dh->g);
3436+ dh->g = g;
3437+ }
3438+
3439+ return 1;
3440+}
3441+#endif /* HAVE_DH_SET0_PQG */
3442+
3443+#ifndef HAVE_DH_GET0_KEY
3444+void
3445+DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key)
3446+{
3447+ if (pub_key != NULL)
3448+ *pub_key = dh->pub_key;
3449+ if (priv_key != NULL)
3450+ *priv_key = dh->priv_key;
3451+}
3452+#endif /* HAVE_DH_GET0_KEY */
3453+
3454+#ifndef HAVE_DH_SET0_KEY
3455+int
3456+DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key)
3457+{
3458+ if (pub_key != NULL) {
3459+ BN_free(dh->pub_key);
3460+ dh->pub_key = pub_key;
3461+ }
3462+ if (priv_key != NULL) {
3463+ BN_free(dh->priv_key);
3464+ dh->priv_key = priv_key;
3465+ }
3466+
3467+ return 1;
3468+}
3469+#endif /* HAVE_DH_SET0_KEY */
3470+
3471+#ifndef HAVE_DH_SET_LENGTH
3472+int
3473+DH_set_length(DH *dh, long length)
3474+{
3475+ if (length < 0 || length > INT_MAX)
3476+ return 0;
3477+
3478+ dh->length = length;
3479+ return 1;
3480+}
3481+#endif /* HAVE_DH_SET_LENGTH */
3482+
3483+#ifndef HAVE_RSA_METH_FREE
3484+void
3485+RSA_meth_free(RSA_METHOD *meth)
3486+{
3487+ if (meth != NULL) {
3488+ free((char *)meth->name);
3489+ free(meth);
3490+ }
3491+}
3492+#endif /* HAVE_RSA_METH_FREE */
3493+
3494+#ifndef HAVE_RSA_METH_DUP
3495+RSA_METHOD *
3496+RSA_meth_dup(const RSA_METHOD *meth)
3497+{
3498+ RSA_METHOD *copy;
3499+
3500+ if ((copy = calloc(1, sizeof(*copy))) == NULL)
3501+ return NULL;
3502+ memcpy(copy, meth, sizeof(*copy));
3503+ if ((copy->name = strdup(meth->name)) == NULL) {
3504+ free(copy);
3505+ return NULL;
3506+ }
3507+
3508+ return copy;
3509+}
3510+#endif /* HAVE_RSA_METH_DUP */
3511+
3512+#ifndef HAVE_RSA_METH_SET1_NAME
3513+int
3514+RSA_meth_set1_name(RSA_METHOD *meth, const char *name)
3515+{
3516+ char *copy;
3517+
3518+ if ((copy = strdup(name)) == NULL)
3519+ return 0;
3520+ free((char *)meth->name);
3521+ meth->name = copy;
3522+ return 1;
3523+}
3524+#endif /* HAVE_RSA_METH_SET1_NAME */
3525+
3526+#ifndef HAVE_RSA_METH_GET_FINISH
3527+int
3528+(*RSA_meth_get_finish(const RSA_METHOD *meth))(RSA *rsa)
3529+{
3530+ return meth->finish;
3531+}
3532+#endif /* HAVE_RSA_METH_GET_FINISH */
3533+
3534+#ifndef HAVE_RSA_METH_SET_PRIV_ENC
3535+int
3536+RSA_meth_set_priv_enc(RSA_METHOD *meth, int (*priv_enc)(int flen,
3537+ const unsigned char *from, unsigned char *to, RSA *rsa, int padding))
3538+{
3539+ meth->rsa_priv_enc = priv_enc;
3540+ return 1;
3541+}
3542+#endif /* HAVE_RSA_METH_SET_PRIV_ENC */
3543+
3544+#ifndef HAVE_RSA_METH_SET_PRIV_DEC
3545+int
3546+RSA_meth_set_priv_dec(RSA_METHOD *meth, int (*priv_dec)(int flen,
3547+ const unsigned char *from, unsigned char *to, RSA *rsa, int padding))
3548+{
3549+ meth->rsa_priv_dec = priv_dec;
3550+ return 1;
3551+}
3552+#endif /* HAVE_RSA_METH_SET_PRIV_DEC */
3553+
3554+#ifndef HAVE_RSA_METH_SET_FINISH
3555+int
3556+RSA_meth_set_finish(RSA_METHOD *meth, int (*finish)(RSA *rsa))
3557+{
3558+ meth->finish = finish;
3559+ return 1;
3560+}
3561+#endif /* HAVE_RSA_METH_SET_FINISH */
3562+
3563+#ifndef HAVE_EVP_PKEY_GET0_RSA
3564+RSA *
3565+EVP_PKEY_get0_RSA(EVP_PKEY *pkey)
3566+{
3567+ if (pkey->type != EVP_PKEY_RSA) {
3568+ /* EVPerror(EVP_R_EXPECTING_AN_RSA_KEY); */
3569+ return NULL;
3570+ }
3571+ return pkey->pkey.rsa;
3572+}
3573+#endif /* HAVE_EVP_PKEY_GET0_RSA */
3574+
3575+#ifndef HAVE_EVP_MD_CTX_NEW
3576+EVP_MD_CTX *
3577+EVP_MD_CTX_new(void)
3578+{
3579+ return calloc(1, sizeof(EVP_MD_CTX));
3580+}
3581+#endif /* HAVE_EVP_MD_CTX_NEW */
3582+
3583+#ifndef HAVE_EVP_MD_CTX_FREE
3584+void
3585+EVP_MD_CTX_free(EVP_MD_CTX *ctx)
3586+{
3587+ if (ctx == NULL)
3588+ return;
3589+
3590+ EVP_MD_CTX_cleanup(ctx);
3591+
3592+ free(ctx);
3593+}
3594+#endif /* HAVE_EVP_MD_CTX_FREE */
3595+
3596+#endif /* WITH_OPENSSL */
3597diff --git a/openbsd-compat/openssl-compat.h b/openbsd-compat/openssl-compat.h
3598index 2ae42bac..9e0264c0 100644
3599--- a/openbsd-compat/openssl-compat.h
3600+++ b/openbsd-compat/openssl-compat.h
3601@@ -24,6 +24,8 @@
3602 #include <openssl/evp.h>
3603 #include <openssl/rsa.h>
3604 #include <openssl/dsa.h>
3605+#include <openssl/ecdsa.h>
3606+#include <openssl/dh.h>
3607
3608 int ssh_compatible_openssl(long, long);
3609
3610@@ -96,5 +98,139 @@ void ssh_OpenSSL_add_all_algorithms(void);
3611
3612 #endif /* SSH_DONT_OVERLOAD_OPENSSL_FUNCS */
3613
3614+/* LibreSSL/OpenSSL 1.1x API compat */
3615+#ifndef HAVE_DSA_GET0_PQG
3616+void DSA_get0_pqg(const DSA *d, const BIGNUM **p, const BIGNUM **q,
3617+ const BIGNUM **g);
3618+#endif /* HAVE_DSA_GET0_PQG */
3619+
3620+#ifndef HAVE_DSA_SET0_PQG
3621+int DSA_set0_pqg(DSA *d, BIGNUM *p, BIGNUM *q, BIGNUM *g);
3622+#endif /* HAVE_DSA_SET0_PQG */
3623+
3624+#ifndef HAVE_DSA_GET0_KEY
3625+void DSA_get0_key(const DSA *d, const BIGNUM **pub_key,
3626+ const BIGNUM **priv_key);
3627+#endif /* HAVE_DSA_GET0_KEY */
3628+
3629+#ifndef HAVE_DSA_SET0_KEY
3630+int DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key);
3631+#endif /* HAVE_DSA_SET0_KEY */
3632+
3633+#ifndef HAVE_EVP_CIPHER_CTX_GET_IV
3634+int EVP_CIPHER_CTX_get_iv(const EVP_CIPHER_CTX *ctx,
3635+ unsigned char *iv, size_t len);
3636+#endif /* HAVE_EVP_CIPHER_CTX_GET_IV */
3637+
3638+#ifndef HAVE_EVP_CIPHER_CTX_SET_IV
3639+int EVP_CIPHER_CTX_set_iv(EVP_CIPHER_CTX *ctx,
3640+ const unsigned char *iv, size_t len);
3641+#endif /* HAVE_EVP_CIPHER_CTX_SET_IV */
3642+
3643+#ifndef HAVE_RSA_GET0_KEY
3644+void RSA_get0_key(const RSA *r, const BIGNUM **n, const BIGNUM **e,
3645+ const BIGNUM **d);
3646+#endif /* HAVE_RSA_GET0_KEY */
3647+
3648+#ifndef HAVE_RSA_SET0_KEY
3649+int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d);
3650+#endif /* HAVE_RSA_SET0_KEY */
3651+
3652+#ifndef HAVE_RSA_GET0_CRT_PARAMS
3653+void RSA_get0_crt_params(const RSA *r, const BIGNUM **dmp1, const BIGNUM **dmq1,
3654+ const BIGNUM **iqmp);
3655+#endif /* HAVE_RSA_GET0_CRT_PARAMS */
3656+
3657+#ifndef HAVE_RSA_SET0_CRT_PARAMS
3658+int RSA_set0_crt_params(RSA *r, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp);
3659+#endif /* HAVE_RSA_SET0_CRT_PARAMS */
3660+
3661+#ifndef HAVE_RSA_GET0_FACTORS
3662+void RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q);
3663+#endif /* HAVE_RSA_GET0_FACTORS */
3664+
3665+#ifndef HAVE_RSA_SET0_FACTORS
3666+int RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q);
3667+#endif /* HAVE_RSA_SET0_FACTORS */
3668+
3669+#ifndef DSA_SIG_GET0
3670+void DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps);
3671+#endif /* DSA_SIG_GET0 */
3672+
3673+#ifndef DSA_SIG_SET0
3674+int DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s);
3675+#endif /* DSA_SIG_SET0 */
3676+
3677+#ifndef HAVE_ECDSA_SIG_GET0
3678+void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps);
3679+#endif /* HAVE_ECDSA_SIG_GET0 */
3680+
3681+#ifndef HAVE_ECDSA_SIG_SET0
3682+int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s);
3683+#endif /* HAVE_ECDSA_SIG_SET0 */
3684+
3685+#ifndef HAVE_DH_GET0_PQG
3686+void DH_get0_pqg(const DH *dh, const BIGNUM **p, const BIGNUM **q,
3687+ const BIGNUM **g);
3688+#endif /* HAVE_DH_GET0_PQG */
3689+
3690+#ifndef HAVE_DH_SET0_PQG
3691+int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g);
3692+#endif /* HAVE_DH_SET0_PQG */
3693+
3694+#ifndef HAVE_DH_GET0_KEY
3695+void DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key);
3696+#endif /* HAVE_DH_GET0_KEY */
3697+
3698+#ifndef HAVE_DH_SET0_KEY
3699+int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key);
3700+#endif /* HAVE_DH_SET0_KEY */
3701+
3702+#ifndef HAVE_DH_SET_LENGTH
3703+int DH_set_length(DH *dh, long length);
3704+#endif /* HAVE_DH_SET_LENGTH */
3705+
3706+#ifndef HAVE_RSA_METH_FREE
3707+void RSA_meth_free(RSA_METHOD *meth);
3708+#endif /* HAVE_RSA_METH_FREE */
3709+
3710+#ifndef HAVE_RSA_METH_DUP
3711+RSA_METHOD *RSA_meth_dup(const RSA_METHOD *meth);
3712+#endif /* HAVE_RSA_METH_DUP */
3713+
3714+#ifndef HAVE_RSA_METH_SET1_NAME
3715+int RSA_meth_set1_name(RSA_METHOD *meth, const char *name);
3716+#endif /* HAVE_RSA_METH_SET1_NAME */
3717+
3718+#ifndef HAVE_RSA_METH_GET_FINISH
3719+int (*RSA_meth_get_finish(const RSA_METHOD *meth))(RSA *rsa);
3720+#endif /* HAVE_RSA_METH_GET_FINISH */
3721+
3722+#ifndef HAVE_RSA_METH_SET_PRIV_ENC
3723+int RSA_meth_set_priv_enc(RSA_METHOD *meth, int (*priv_enc)(int flen,
3724+ const unsigned char *from, unsigned char *to, RSA *rsa, int padding));
3725+#endif /* HAVE_RSA_METH_SET_PRIV_ENC */
3726+
3727+#ifndef HAVE_RSA_METH_SET_PRIV_DEC
3728+int RSA_meth_set_priv_dec(RSA_METHOD *meth, int (*priv_dec)(int flen,
3729+ const unsigned char *from, unsigned char *to, RSA *rsa, int padding));
3730+#endif /* HAVE_RSA_METH_SET_PRIV_DEC */
3731+
3732+#ifndef HAVE_RSA_METH_SET_FINISH
3733+int RSA_meth_set_finish(RSA_METHOD *meth, int (*finish)(RSA *rsa));
3734+#endif /* HAVE_RSA_METH_SET_FINISH */
3735+
3736+#ifndef HAVE_EVP_PKEY_GET0_RSA
3737+RSA *EVP_PKEY_get0_RSA(EVP_PKEY *pkey);
3738+#endif /* HAVE_EVP_PKEY_GET0_RSA */
3739+
3740+#ifndef HAVE_EVP_MD_CTX_new
3741+EVP_MD_CTX *EVP_MD_CTX_new(void);
3742+#endif /* HAVE_EVP_MD_CTX_new */
3743+
3744+#ifndef HAVE_EVP_MD_CTX_free
3745+void EVP_MD_CTX_free(EVP_MD_CTX *ctx);
3746+#endif /* HAVE_EVP_MD_CTX_free */
3747+
3748 #endif /* WITH_OPENSSL */
3749 #endif /* _OPENSSL_COMPAT_H */
3750diff --git a/ssh-dss.c b/ssh-dss.c
3751index 631b1571..a23c383d 100644
3752--- a/ssh-dss.c
3753+++ b/ssh-dss.c
3754@@ -43,6 +43,8 @@
3755 #define SSHKEY_INTERNAL
3756 #include "sshkey.h"
3757
3758+#include "openbsd-compat/openssl-compat.h"
3759+
3760 #define INTBLOB_LEN 20
3761 #define SIGBLOB_LEN (2*INTBLOB_LEN)
3762
3763diff --git a/ssh-ecdsa.c b/ssh-ecdsa.c
3764index 9e92af04..2f553175 100644
3765--- a/ssh-ecdsa.c
3766+++ b/ssh-ecdsa.c
3767@@ -43,6 +43,8 @@
3768 #define SSHKEY_INTERNAL
3769 #include "sshkey.h"
3770
3771+#include "openbsd-compat/openssl-compat.h"
3772+
3773 /* ARGSUSED */
3774 int
3775 ssh_ecdsa_sign(const struct sshkey *key, u_char **sigp, size_t *lenp,
3776diff --git a/ssh-pkcs11-client.c b/ssh-pkcs11-client.c
3777index bcc18c6b..d1241ce6 100644
3778--- a/ssh-pkcs11-client.c
3779+++ b/ssh-pkcs11-client.c
3780@@ -32,6 +32,8 @@
3781
3782 #include <openssl/rsa.h>
3783
3784+#include "openbsd-compat/openssl-compat.h"
3785+
3786 #include "pathnames.h"
3787 #include "xmalloc.h"
3788 #include "sshbuf.h"
3789diff --git a/ssh-pkcs11.c b/ssh-pkcs11.c
3790index c35f9415..775de964 100644
3791--- a/ssh-pkcs11.c
3792+++ b/ssh-pkcs11.c
3793@@ -30,6 +30,7 @@
3794 #include <dlfcn.h>
3795
3796 #include "openbsd-compat/sys-queue.h"
3797+#include "openbsd-compat/openssl-compat.h"
3798
3799 #include <openssl/x509.h>
3800
3801diff --git a/ssh-rsa.c b/ssh-rsa.c
3802index 2788f334..9b14f9a9 100644
3803--- a/ssh-rsa.c
3804+++ b/ssh-rsa.c
3805@@ -35,6 +35,8 @@
3806 #include "digest.h"
3807 #include "log.h"
3808
3809+#include "openbsd-compat/openssl-compat.h"
3810+
3811 static int openssh_RSA_verify(int, u_char *, size_t, u_char *, size_t, RSA *);
3812
3813 static const char *
3814diff --git a/sshkey.c b/sshkey.c
3815index 085f1707..6f2c9d44 100644
3816--- a/sshkey.c
3817+++ b/sshkey.c
3818@@ -60,6 +60,8 @@
3819
3820 #include "xmss_fast.h"
3821
3822+#include "openbsd-compat/openssl-compat.h"
3823+
3824 /* openssh private key file format */
3825 #define MARK_BEGIN "-----BEGIN OPENSSH PRIVATE KEY-----\n"
3826 #define MARK_END "-----END OPENSSH PRIVATE KEY-----\n"
3827@@ -1744,7 +1746,6 @@ int
3828 sshkey_from_private(const struct sshkey *k, struct sshkey **pkp)
3829 {
3830 struct sshkey *n = NULL;
3831- int ret = SSH_ERR_INTERNAL_ERROR;
3832 int r = SSH_ERR_INTERNAL_ERROR;
3833 #ifdef WITH_OPENSSL
3834 const BIGNUM *rsa_n, *rsa_e;
3835
3836commit 86e0a9f3d249d5580390daf58e015e68b01cef10
3837Author: djm@openbsd.org <djm@openbsd.org>
3838Date: Thu Sep 13 05:06:51 2018 +0000
3839
3840 upstream: use only openssl-1.1.x API here too
3841
3842 OpenBSD-Regress-ID: ae877064597c349954b1b443769723563cecbc8f
3843
3844diff --git a/regress/unittests/sshkey/test_sshkey.c b/regress/unittests/sshkey/test_sshkey.c
3845index 7e03b7e5..8e35f441 100644
3846--- a/regress/unittests/sshkey/test_sshkey.c
3847+++ b/regress/unittests/sshkey/test_sshkey.c
3848@@ -1,4 +1,4 @@
3849-/* $OpenBSD: test_sshkey.c,v 1.15 2018/09/12 01:22:43 djm Exp $ */
3850+/* $OpenBSD: test_sshkey.c,v 1.16 2018/09/13 05:06:51 djm Exp $ */
3851 /*
3852 * Regress test for sshkey.h key management API
3853 *
3854@@ -173,6 +173,61 @@ get_private(const char *n)
3855 return ret;
3856 }
3857
3858+static const BIGNUM *
3859+rsa_n(struct sshkey *k)
3860+{
3861+ const BIGNUM *n = NULL;
3862+
3863+ ASSERT_PTR_NE(k, NULL);
3864+ ASSERT_PTR_NE(k->rsa, NULL);
3865+ RSA_get0_key(k->rsa, &n, NULL, NULL);
3866+ return n;
3867+}
3868+
3869+static const BIGNUM *
3870+rsa_e(struct sshkey *k)
3871+{
3872+ const BIGNUM *e = NULL;
3873+
3874+ ASSERT_PTR_NE(k, NULL);
3875+ ASSERT_PTR_NE(k->rsa, NULL);
3876+ RSA_get0_key(k->rsa, NULL, &e, NULL);
3877+ return e;
3878+}
3879+
3880+static const BIGNUM *
3881+rsa_p(struct sshkey *k)
3882+{
3883+ const BIGNUM *p = NULL;
3884+
3885+ ASSERT_PTR_NE(k, NULL);
3886+ ASSERT_PTR_NE(k->rsa, NULL);
3887+ RSA_get0_factors(k->rsa, &p, NULL);
3888+ return p;
3889+}
3890+
3891+static const BIGNUM *
3892+dsa_g(struct sshkey *k)
3893+{
3894+ const BIGNUM *g = NULL;
3895+
3896+ ASSERT_PTR_NE(k, NULL);
3897+ ASSERT_PTR_NE(k->dsa, NULL);
3898+ DSA_get0_pqg(k->dsa, NULL, NULL, &g);
3899+ return g;
3900+}
3901+
3902+static const BIGNUM *
3903+dsa_priv_key(struct sshkey *k)
3904+{
3905+ const BIGNUM *priv_key = NULL;
3906+
3907+ ASSERT_PTR_NE(k, NULL);
3908+ ASSERT_PTR_NE(k->dsa, NULL);
3909+ DSA_get0_key(k->dsa, NULL, &priv_key);
3910+ return priv_key;
3911+}
3912+
3913 void
3914 sshkey_tests(void)
3915 {
3916@@ -197,9 +252,6 @@ sshkey_tests(void)
3917 k1 = sshkey_new(KEY_RSA);
3918 ASSERT_PTR_NE(k1, NULL);
3919 ASSERT_PTR_NE(k1->rsa, NULL);
3920- ASSERT_PTR_NE(k1->rsa->n, NULL);
3921- ASSERT_PTR_NE(k1->rsa->e, NULL);
3922- ASSERT_PTR_EQ(k1->rsa->p, NULL);
3923 sshkey_free(k1);
3924 TEST_DONE();
3925
3926@@ -207,8 +259,6 @@ sshkey_tests(void)
3927 k1 = sshkey_new(KEY_DSA);
3928 ASSERT_PTR_NE(k1, NULL);
3929 ASSERT_PTR_NE(k1->dsa, NULL);
3930- ASSERT_PTR_NE(k1->dsa->g, NULL);
3931- ASSERT_PTR_EQ(k1->dsa->priv_key, NULL);
3932 sshkey_free(k1);
3933 TEST_DONE();
3934
3935@@ -230,27 +280,6 @@ sshkey_tests(void)
3936 sshkey_free(k1);
3937 TEST_DONE();
3938
3939- TEST_START("new_private KEY_RSA");
3940- k1 = sshkey_new_private(KEY_RSA);
3941- ASSERT_PTR_NE(k1, NULL);
3942- ASSERT_PTR_NE(k1->rsa, NULL);
3943- ASSERT_PTR_NE(k1->rsa->n, NULL);
3944- ASSERT_PTR_NE(k1->rsa->e, NULL);
3945- ASSERT_PTR_NE(k1->rsa->p, NULL);
3946- ASSERT_INT_EQ(sshkey_add_private(k1), 0);
3947- sshkey_free(k1);
3948- TEST_DONE();
3949-
3950- TEST_START("new_private KEY_DSA");
3951- k1 = sshkey_new_private(KEY_DSA);
3952- ASSERT_PTR_NE(k1, NULL);
3953- ASSERT_PTR_NE(k1->dsa, NULL);
3954- ASSERT_PTR_NE(k1->dsa->g, NULL);
3955- ASSERT_PTR_NE(k1->dsa->priv_key, NULL);
3956- ASSERT_INT_EQ(sshkey_add_private(k1), 0);
3957- sshkey_free(k1);
3958- TEST_DONE();
3959-
3960 TEST_START("generate KEY_RSA too small modulus");
3961 ASSERT_INT_EQ(sshkey_generate(KEY_RSA, 128, &k1),
3962 SSH_ERR_KEY_LENGTH);
3963@@ -285,18 +314,18 @@ sshkey_tests(void)
3964 ASSERT_INT_EQ(sshkey_generate(KEY_RSA, 1024, &kr), 0);
3965 ASSERT_PTR_NE(kr, NULL);
3966 ASSERT_PTR_NE(kr->rsa, NULL);
3967- ASSERT_PTR_NE(kr->rsa->n, NULL);
3968- ASSERT_PTR_NE(kr->rsa->e, NULL);
3969- ASSERT_PTR_NE(kr->rsa->p, NULL);
3970- ASSERT_INT_EQ(BN_num_bits(kr->rsa->n), 1024);
3971+ ASSERT_PTR_NE(rsa_n(kr), NULL);
3972+ ASSERT_PTR_NE(rsa_e(kr), NULL);
3973+ ASSERT_PTR_NE(rsa_p(kr), NULL);
3974+ ASSERT_INT_EQ(BN_num_bits(rsa_n(kr)), 1024);
3975 TEST_DONE();
3976
3977 TEST_START("generate KEY_DSA");
3978 ASSERT_INT_EQ(sshkey_generate(KEY_DSA, 1024, &kd), 0);
3979 ASSERT_PTR_NE(kd, NULL);
3980 ASSERT_PTR_NE(kd->dsa, NULL);
3981- ASSERT_PTR_NE(kd->dsa->g, NULL);
3982- ASSERT_PTR_NE(kd->dsa->priv_key, NULL);
3983+ ASSERT_PTR_NE(dsa_g(kd), NULL);
3984+ ASSERT_PTR_NE(dsa_priv_key(kd), NULL);
3985 TEST_DONE();
3986
3987 #ifdef OPENSSL_HAS_ECC
3988@@ -323,9 +352,9 @@ sshkey_tests(void)
3989 ASSERT_PTR_NE(kr, k1);
3990 ASSERT_INT_EQ(k1->type, KEY_RSA);
3991 ASSERT_PTR_NE(k1->rsa, NULL);
3992- ASSERT_PTR_NE(k1->rsa->n, NULL);
3993- ASSERT_PTR_NE(k1->rsa->e, NULL);
3994- ASSERT_PTR_EQ(k1->rsa->p, NULL);
3995+ ASSERT_PTR_NE(rsa_n(k1), NULL);
3996+ ASSERT_PTR_NE(rsa_e(k1), NULL);
3997+ ASSERT_PTR_EQ(rsa_p(k1), NULL);
3998 TEST_DONE();
3999
4000 TEST_START("equal KEY_RSA/demoted KEY_RSA");
4001@@ -339,8 +368,8 @@ sshkey_tests(void)
4002 ASSERT_PTR_NE(kd, k1);
4003 ASSERT_INT_EQ(k1->type, KEY_DSA);
4004 ASSERT_PTR_NE(k1->dsa, NULL);
4005- ASSERT_PTR_NE(k1->dsa->g, NULL);
4006- ASSERT_PTR_EQ(k1->dsa->priv_key, NULL);
4007+ ASSERT_PTR_NE(dsa_g(k1), NULL);
4008+ ASSERT_PTR_EQ(dsa_priv_key(k1), NULL);
4009 TEST_DONE();
4010
4011 TEST_START("equal KEY_DSA/demoted KEY_DSA");
4012
4013commit a3fd8074e2e2f06602e25618721f9556c731312c
4014Author: djm@openbsd.org <djm@openbsd.org>
4015Date: Thu Sep 13 09:03:20 2018 +0000
4016
4017 upstream: missed a bit of openssl-1.0.x API in this unittest
4018
4019 OpenBSD-Regress-ID: a73a54d7f7381856a3f3a2d25947bee7a9a5dbc9
4020
4021diff --git a/regress/unittests/sshkey/common.c b/regress/unittests/sshkey/common.c
4022index b598f05c..548da684 100644
4023--- a/regress/unittests/sshkey/common.c
4024+++ b/regress/unittests/sshkey/common.c
4025@@ -1,4 +1,4 @@
4026-/* $OpenBSD: common.c,v 1.2 2015/01/08 13:10:58 djm Exp $ */
4027+/* $OpenBSD: common.c,v 1.3 2018/09/13 09:03:20 djm Exp $ */
4028 /*
4029 * Helpers for key API tests
4030 *
4031@@ -82,3 +82,80 @@ load_bignum(const char *name)
4032 return ret;
4033 }
4034
4035+const BIGNUM *
4036+rsa_n(struct sshkey *k)
4037+{
4038+ const BIGNUM *n = NULL;
4039+
4040+ ASSERT_PTR_NE(k, NULL);
4041+ ASSERT_PTR_NE(k->rsa, NULL);
4042+ RSA_get0_key(k->rsa, &n, NULL, NULL);
4043+ return n;
4044+}
4045+
4046+const BIGNUM *
4047+rsa_e(struct sshkey *k)
4048+{
4049+ const BIGNUM *e = NULL;
4050+
4051+ ASSERT_PTR_NE(k, NULL);
4052+ ASSERT_PTR_NE(k->rsa, NULL);
4053+ RSA_get0_key(k->rsa, NULL, &e, NULL);
4054+ return e;
4055+}
4056+
4057+const BIGNUM *
4058+rsa_p(struct sshkey *k)
4059+{
4060+ const BIGNUM *p = NULL;
4061+
4062+ ASSERT_PTR_NE(k, NULL);
4063+ ASSERT_PTR_NE(k->rsa, NULL);
4064+ RSA_get0_factors(k->rsa, &p, NULL);
4065+ return p;
4066+}
4067+
4068+const BIGNUM *
4069+rsa_q(struct sshkey *k)
4070+{
4071+ const BIGNUM *q = NULL;
4072+
4073+ ASSERT_PTR_NE(k, NULL);
4074+ ASSERT_PTR_NE(k->rsa, NULL);
4075+ RSA_get0_factors(k->rsa, NULL, &q);
4076+ return q;
4077+}
4078+
4079+const BIGNUM *
4080+dsa_g(struct sshkey *k)
4081+{
4082+ const BIGNUM *g = NULL;
4083+
4084+ ASSERT_PTR_NE(k, NULL);
4085+ ASSERT_PTR_NE(k->dsa, NULL);
4086+ DSA_get0_pqg(k->dsa, NULL, NULL, &g);
4087+ return g;
4088+}
4089+
4090+const BIGNUM *
4091+dsa_pub_key(struct sshkey *k)
4092+{
4093+ const BIGNUM *pub_key = NULL;
4094+
4095+ ASSERT_PTR_NE(k, NULL);
4096+ ASSERT_PTR_NE(k->dsa, NULL);
4097+ DSA_get0_key(k->dsa, &pub_key, NULL);
4098+ return pub_key;
4099+}
4100+
4101+const BIGNUM *
4102+dsa_priv_key(struct sshkey *k)
4103+{
4104+ const BIGNUM *priv_key = NULL;
4105+
4106+ ASSERT_PTR_NE(k, NULL);
4107+ ASSERT_PTR_NE(k->dsa, NULL);
4108+ DSA_get0_key(k->dsa, NULL, &priv_key);
4109+ return priv_key;
4110+}
4111+
4112diff --git a/regress/unittests/sshkey/common.h b/regress/unittests/sshkey/common.h
4113index bf7d19dc..7a514fdc 100644
4114--- a/regress/unittests/sshkey/common.h
4115+++ b/regress/unittests/sshkey/common.h
4116@@ -1,4 +1,4 @@
4117-/* $OpenBSD: common.h,v 1.1 2014/06/24 01:14:18 djm Exp $ */
4118+/* $OpenBSD: common.h,v 1.2 2018/09/13 09:03:20 djm Exp $ */
4119 /*
4120 * Helpers for key API tests
4121 *
4122@@ -14,3 +14,12 @@ struct sshbuf *load_text_file(const char *name);
4123 /* Load a bignum from a file */
4124 BIGNUM *load_bignum(const char *name);
4125
4126+/* Accessors for key components */
4127+const BIGNUM *rsa_n(struct sshkey *k);
4128+const BIGNUM *rsa_e(struct sshkey *k);
4129+const BIGNUM *rsa_p(struct sshkey *k);
4130+const BIGNUM *rsa_q(struct sshkey *k);
4131+const BIGNUM *dsa_g(struct sshkey *k);
4132+const BIGNUM *dsa_pub_key(struct sshkey *k);
4133+const BIGNUM *dsa_priv_key(struct sshkey *k);
4134+
4135diff --git a/regress/unittests/sshkey/test_file.c b/regress/unittests/sshkey/test_file.c
4136index 0636e84b..65610dac 100644
4137--- a/regress/unittests/sshkey/test_file.c
4138+++ b/regress/unittests/sshkey/test_file.c
4139@@ -1,4 +1,4 @@
4140-/* $OpenBSD: test_file.c,v 1.7 2018/09/12 01:36:45 djm Exp $ */
4141+/* $OpenBSD: test_file.c,v 1.8 2018/09/13 09:03:20 djm Exp $ */
4142 /*
4143 * Regress test for sshkey.h key management API
4144 *
4145@@ -60,9 +60,9 @@ sshkey_file_tests(void)
4146 a = load_bignum("rsa_1.param.n");
4147 b = load_bignum("rsa_1.param.p");
4148 c = load_bignum("rsa_1.param.q");
4149- ASSERT_BIGNUM_EQ(k1->rsa->n, a);
4150- ASSERT_BIGNUM_EQ(k1->rsa->p, b);
4151- ASSERT_BIGNUM_EQ(k1->rsa->q, c);
4152+ ASSERT_BIGNUM_EQ(rsa_n(k1), a);
4153+ ASSERT_BIGNUM_EQ(rsa_p(k1), b);
4154+ ASSERT_BIGNUM_EQ(rsa_q(k1), c);
4155 BN_free(a);
4156 BN_free(b);
4157 BN_free(c);
4158@@ -169,9 +169,9 @@ sshkey_file_tests(void)
4159 a = load_bignum("dsa_1.param.g");
4160 b = load_bignum("dsa_1.param.priv");
4161 c = load_bignum("dsa_1.param.pub");
4162- ASSERT_BIGNUM_EQ(k1->dsa->g, a);
4163- ASSERT_BIGNUM_EQ(k1->dsa->priv_key, b);
4164- ASSERT_BIGNUM_EQ(k1->dsa->pub_key, c);
4165+ ASSERT_BIGNUM_EQ(dsa_g(k1), a);
4166+ ASSERT_BIGNUM_EQ(dsa_priv_key(k1), b);
4167+ ASSERT_BIGNUM_EQ(dsa_pub_key(k1), c);
4168 BN_free(a);
4169 BN_free(b);
4170 BN_free(c);
4171diff --git a/regress/unittests/sshkey/test_sshkey.c b/regress/unittests/sshkey/test_sshkey.c
4172index 8e35f441..47a03fad 100644
4173--- a/regress/unittests/sshkey/test_sshkey.c
4174+++ b/regress/unittests/sshkey/test_sshkey.c
4175@@ -1,4 +1,4 @@
4176-/* $OpenBSD: test_sshkey.c,v 1.16 2018/09/13 05:06:51 djm Exp $ */
4177+/* $OpenBSD: test_sshkey.c,v 1.17 2018/09/13 09:03:20 djm Exp $ */
4178 /*
4179 * Regress test for sshkey.h key management API
4180 *
4181@@ -173,61 +173,6 @@ get_private(const char *n)
4182 return ret;
4183 }
4184
4185-static const BIGNUM *
4186-rsa_n(struct sshkey *k)
4187-{
4188- const BIGNUM *n = NULL;
4189-
4190- ASSERT_PTR_NE(k, NULL);
4191- ASSERT_PTR_NE(k->rsa, NULL);
4192- RSA_get0_key(k->rsa, &n, NULL, NULL);
4193- return n;
4194-}
4195-
4196-static const BIGNUM *
4197-rsa_e(struct sshkey *k)
4198-{
4199- const BIGNUM *e = NULL;
4200-
4201- ASSERT_PTR_NE(k, NULL);
4202- ASSERT_PTR_NE(k->rsa, NULL);
4203- RSA_get0_key(k->rsa, NULL, &e, NULL);
4204- return e;
4205-}
4206-
4207-static const BIGNUM *
4208-rsa_p(struct sshkey *k)
4209-{
4210- const BIGNUM *p = NULL;
4211-
4212- ASSERT_PTR_NE(k, NULL);
4213- ASSERT_PTR_NE(k->rsa, NULL);
4214- RSA_get0_factors(k->rsa, &p, NULL);
4215- return p;
4216-}
4217-
4218-static const BIGNUM *
4219-dsa_g(struct sshkey *k)
4220-{
4221- const BIGNUM *g = NULL;
4222-
4223- ASSERT_PTR_NE(k, NULL);
4224- ASSERT_PTR_NE(k->dsa, NULL);
4225- DSA_get0_pqg(k->dsa, NULL, NULL, &g);
4226- return g;
4227-}
4228-
4229-static const BIGNUM *
4230-dsa_priv_key(struct sshkey *k)
4231-{
4232- const BIGNUM *priv_key = NULL;
4233-
4234- ASSERT_PTR_NE(k, NULL);
4235- ASSERT_PTR_NE(k->dsa, NULL);
4236- DSA_get0_key(k->dsa, NULL, &priv_key);
4237- return priv_key;
4238-}
4239-
4240 void
4241 sshkey_tests(void)
4242 {
4243
4244commit d64e78526596f098096113fcf148216798c327ff
4245Author: Damien Miller <djm@mindrot.org>
4246Date: Thu Sep 13 19:05:48 2018 +1000
4247
4248 add compat header
4249
4250diff --git a/regress/unittests/sshkey/common.c b/regress/unittests/sshkey/common.c
4251index 548da684..e63465c4 100644
4252--- a/regress/unittests/sshkey/common.c
4253+++ b/regress/unittests/sshkey/common.c
4254@@ -27,6 +27,8 @@
4255 # include <openssl/ec.h>
4256 #endif
4257
4258+#include "openbsd-compat/openssl-compat.h"
4259+
4260 #include "../test_helper/test_helper.h"
4261
4262 #include "ssherr.h"
OpenSSH free Secure Shell (SSH) implementation
This page took 0.637142 seconds and 4 git commands to generate.