LILiK
/
openwrt-packages-dist
5
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
11511 Commits
1 Branch
46 MiB
Tree: 2871569b46
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '2871569b46'
${ noResults }
openwrt-packages-dist/libs/libssh/patches/005-openssl-1.1.patch

1159 lines
34 KiB
Raw Normal View History

libssh: added openssl 1.1 compatibility This patch was backported from upstream master branch. Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
7 years ago
 
  1. --- a/src/libcrypto.c

  2. +++ b/src/libcrypto.c

  3. @@ -43,10 +43,12 @@

  4.  #include <openssl/hmac.h>
  5.  #include <openssl/opensslv.h>
  6.  #include <openssl/rand.h>
  7. +#include "libcrypto-compat.h"

  8.  
  9.  #ifdef HAVE_OPENSSL_AES_H
  10.  #define HAS_AES
  11.  #include <openssl/aes.h>
  12. +#include <openssl/modes.h>

  13.  #endif
  14.  #ifdef HAVE_OPENSSL_BLOWFISH_H
  15.  #define HAS_BLOWFISH
  16. @@ -133,18 +135,20 @@ static const EVP_MD *nid_to_evpmd(int ni

  17.  void evp(int nid, unsigned char *digest, int len, unsigned char *hash, unsigned int *hlen)
  18.  {
  19.      const EVP_MD *evp_md = nid_to_evpmd(nid);
  20. -    EVP_MD_CTX md;

  21. +    EVP_MD_CTX *md;

  22.  
  23. -    EVP_DigestInit(&md, evp_md);

  24. -    EVP_DigestUpdate(&md, digest, len);

  25. -    EVP_DigestFinal(&md, hash, hlen);

  26. +    md = EVP_MD_CTX_new();

  27. +    EVP_DigestInit(md, evp_md);

  28. +    EVP_DigestUpdate(md, digest, len);

  29. +    EVP_DigestFinal(md, hash, hlen);

  30. +    EVP_MD_CTX_free(md);

  31.  }
  32.  
  33.  EVPCTX evp_init(int nid)
  34.  {
  35.      const EVP_MD *evp_md = nid_to_evpmd(nid);
  36.  
  37. -    EVPCTX ctx = malloc(sizeof(EVP_MD_CTX));

  38. +    EVPCTX ctx = EVP_MD_CTX_new();

  39.      if (ctx == NULL) {
  40.          return NULL;
  41.      }
  42. @@ -322,32 +326,33 @@ void ssh_mac_final(unsigned char *md, ss

  43.  HMACCTX hmac_init(const void *key, int len, enum ssh_hmac_e type) {
  44.    HMACCTX ctx = NULL;
  45.  
  46. -  ctx = malloc(sizeof(*ctx));

  47. +  ctx = HMAC_CTX_new();

  48.    if (ctx == NULL) {
  49.      return NULL;
  50.    }
  51.  
  52.  #ifndef OLD_CRYPTO
  53. -  HMAC_CTX_init(ctx); // openssl 0.9.7 requires it.

  54. +  HMAC_CTX_reset(ctx); // openssl 0.9.7 requires it.

  55.  #endif
  56.  
  57.    switch(type) {
  58.      case SSH_HMAC_SHA1:
  59. -      HMAC_Init(ctx, key, len, EVP_sha1());

  60. +      HMAC_Init_ex(ctx, key, len, EVP_sha1(), NULL);

  61.        break;
  62.      case SSH_HMAC_SHA256:
  63. -      HMAC_Init(ctx, key, len, EVP_sha256());

  64. +      HMAC_Init_ex(ctx, key, len, EVP_sha256(), NULL);

  65.        break;
  66.      case SSH_HMAC_SHA384:
  67. -      HMAC_Init(ctx, key, len, EVP_sha384());

  68. +      HMAC_Init_ex(ctx, key, len, EVP_sha384(), NULL);

  69.        break;
  70.      case SSH_HMAC_SHA512:
  71. -      HMAC_Init(ctx, key, len, EVP_sha512());

  72. +      HMAC_Init_ex(ctx, key, len, EVP_sha512(), NULL);

  73.        break;
  74.      case SSH_HMAC_MD5:
  75. -      HMAC_Init(ctx, key, len, EVP_md5());

  76. +      HMAC_Init_ex(ctx, key, len, EVP_md5(), NULL);

  77.        break;
  78.      default:
  79. +      HMAC_CTX_free(ctx);

  80.        SAFE_FREE(ctx);
  81.        ctx = NULL;
  82.    }
  83. @@ -363,7 +368,8 @@ void hmac_final(HMACCTX ctx, unsigned ch

  84.    HMAC_Final(ctx,hashmacbuf,len);
  85.  
  86.  #ifndef OLD_CRYPTO
  87. -  HMAC_CTX_cleanup(ctx);

  88. +  HMAC_CTX_free(ctx);

  89. +  ctx = NULL;

  90.  #else
  91.    HMAC_cleanup(ctx);
  92.  #endif
  93. @@ -455,7 +461,11 @@ static void aes_ctr128_encrypt(struct ss

  94.     * Same for num, which is being used to store the current offset in blocksize in CTR
  95.     * function.
  96.     */
  97. +#if OPENSSL_VERSION_NUMBER < 0x10100000L

  98.    AES_ctr128_encrypt(in, out, len, cipher->key, cipher->IV, tmp_buffer, &num);
  99. +#else

  100. +  CRYPTO_ctr128_encrypt(in, out, len, cipher->key, cipher->IV, tmp_buffer, &num, (block128_f)AES_encrypt);

  101. +#endif

  102.  }
  103.  #endif /* BROKEN_AES_CTR */
  104.  #endif /* HAS_AES */
  105. --- a/src/pki_crypto.c

  106. +++ b/src/pki_crypto.c

  107. @@ -31,6 +31,7 @@

  108.  #include <openssl/dsa.h>
  109.  #include <openssl/err.h>
  110.  #include <openssl/rsa.h>
  111. +#include "libcrypto-compat.h"

  112.  
  113.  #ifdef HAVE_OPENSSL_EC_H
  114.  #include <openssl/ec.h>
  115. @@ -230,7 +231,10 @@ ssh_key pki_key_dup(const ssh_key key, i

  116.      }
  117.  
  118.      switch (key->type) {
  119. -    case SSH_KEYTYPE_DSS:

  120. +    case SSH_KEYTYPE_DSS: {

  121. +        const BIGNUM *p = NULL, *q = NULL, *g = NULL,

  122. +          *pub_key = NULL, *priv_key = NULL;

  123. +        BIGNUM *np, *nq, *ng, *npub_key, *npriv_key;

  124.          new->dsa = DSA_new();
  125.          if (new->dsa == NULL) {
  126.              goto fail;
  127. @@ -243,36 +247,54 @@ ssh_key pki_key_dup(const ssh_key key, i

  128.           * pub_key  = public key y = g^x
  129.           * priv_key = private key x
  130.           */
  131. -        new->dsa->p = BN_dup(key->dsa->p);

  132. -        if (new->dsa->p == NULL) {

  133. +        DSA_get0_pqg(key->dsa, &p, &q, &g);

  134. +        np = BN_dup(p);

  135. +        nq = BN_dup(q);

  136. +        ng = BN_dup(g);

  137. +        if (np == NULL || nq == NULL || ng == NULL) {

  138. +            BN_free(np);

  139. +            BN_free(nq);

  140. +            BN_free(ng);

  141.              goto fail;
  142.          }
  143.  
  144. -        new->dsa->q = BN_dup(key->dsa->q);

  145. -        if (new->dsa->q == NULL) {

  146. +        rc = DSA_set0_pqg(new->dsa, np, nq, ng);

  147. +        if (rc == 0) {

  148. +            BN_free(np);

  149. +            BN_free(nq);

  150. +            BN_free(ng);

  151.              goto fail;
  152.          }
  153.  
  154. -        new->dsa->g = BN_dup(key->dsa->g);

  155. -        if (new->dsa->g == NULL) {

  156. +        DSA_get0_key(key->dsa, &pub_key, &priv_key);

  157. +        npub_key = BN_dup(pub_key);

  158. +        if (npub_key == NULL) {

  159.              goto fail;
  160.          }
  161.  
  162. -        new->dsa->pub_key = BN_dup(key->dsa->pub_key);

  163. -        if (new->dsa->pub_key == NULL) {

  164. +        rc = DSA_set0_key(new->dsa, npub_key, NULL);

  165. +        if (rc == 0) {

  166.              goto fail;
  167.          }
  168.  
  169.          if (!demote && (key->flags & SSH_KEY_FLAG_PRIVATE)) {
  170. -            new->dsa->priv_key = BN_dup(key->dsa->priv_key);

  171. -            if (new->dsa->priv_key == NULL) {

  172. +            npriv_key = BN_dup(priv_key);

  173. +            if (npriv_key == NULL) {

  174. +                goto fail;

  175. +            }

  176. +

  177. +            rc = DSA_set0_key(new->dsa, NULL, npriv_key);

  178. +            if (rc == 0) {

  179.                  goto fail;
  180.              }
  181.          }
  182.  
  183.          break;
  184. +    }

  185.      case SSH_KEYTYPE_RSA:
  186. -    case SSH_KEYTYPE_RSA1:

  187. +    case SSH_KEYTYPE_RSA1: {

  188. +        const BIGNUM *n = NULL, *e = NULL, *d = NULL;

  189. +        BIGNUM *nn, *ne, *nd;

  190.          new->rsa = RSA_new();
  191.          if (new->rsa == NULL) {
  192.              goto fail;
  193. @@ -288,62 +310,82 @@ ssh_key pki_key_dup(const ssh_key key, i

  194.           * dmq1 = d mod (q-1)
  195.           * iqmp = q^-1 mod p
  196.           */
  197. -        new->rsa->n = BN_dup(key->rsa->n);

  198. -        if (new->rsa->n == NULL) {

  199. +        RSA_get0_key(key->rsa, &n, &e, &d);

  200. +        nn = BN_dup(n);

  201. +        ne = BN_dup(e);

  202. +        if (nn == NULL || ne == NULL) {

  203. +            BN_free(nn);

  204. +            BN_free(ne);

  205.              goto fail;
  206.          }
  207.  
  208. -        new->rsa->e = BN_dup(key->rsa->e);

  209. -        if (new->rsa->e == NULL) {

  210. +        rc = RSA_set0_key(new->rsa, nn, ne, NULL);

  211. +        if (rc == 0) {

  212. +            BN_free(nn);

  213. +            BN_free(ne);

  214.              goto fail;
  215.          }
  216.  
  217.          if (!demote && (key->flags & SSH_KEY_FLAG_PRIVATE)) {
  218. -            new->rsa->d = BN_dup(key->rsa->d);

  219. -            if (new->rsa->d == NULL) {

  220. +            const BIGNUM *p = NULL, *q = NULL, *dmp1 = NULL,

  221. +              *dmq1 = NULL, *iqmp = NULL;

  222. +            BIGNUM *np, *nq, *ndmp1, *ndmq1, *niqmp;

  223. +

  224. +            nd = BN_dup(d);

  225. +            if (nd == NULL) {

  226. +                goto fail;

  227. +            }

  228. +

  229. +            rc = RSA_set0_key(new->rsa, NULL, NULL, nd);

  230. +            if (rc == 0) {

  231.                  goto fail;
  232.              }
  233.  
  234.              /* p, q, dmp1, dmq1 and iqmp may be NULL in private keys, but the
  235.               * RSA operations are much faster when these values are available.
  236.               */
  237. -            if (key->rsa->p != NULL) {

  238. -                new->rsa->p = BN_dup(key->rsa->p);

  239. -                if (new->rsa->p == NULL) {

  240. +            RSA_get0_factors(key->rsa, &p, &q);

  241. +            if (p != NULL && q != NULL) { /* need to set both of them */

  242. +                np = BN_dup(p);

  243. +                nq = BN_dup(q);

  244. +                if (np == NULL || nq == NULL) {

  245. +                    BN_free(np);

  246. +                    BN_free(nq);

  247.                      goto fail;
  248.                  }
  249. -            }

  250.  
  251. -            if (key->rsa->q != NULL) {

  252. -                new->rsa->q = BN_dup(key->rsa->q);

  253. -                if (new->rsa->q == NULL) {

  254. +                rc = RSA_set0_factors(new->rsa, np, nq);

  255. +                if (rc == 0) {

  256. +                    BN_free(np);

  257. +                    BN_free(nq);

  258.                      goto fail;
  259.                  }
  260.              }
  261.  
  262. -            if (key->rsa->dmp1 != NULL) {

  263. -                new->rsa->dmp1 = BN_dup(key->rsa->dmp1);

  264. -                if (new->rsa->dmp1 == NULL) {

  265. +            RSA_get0_crt_params(key->rsa, &dmp1, &dmq1, &iqmp);

  266. +            if (dmp1 != NULL || dmq1 != NULL || iqmp != NULL) {

  267. +                ndmp1 = BN_dup(dmp1);

  268. +                ndmq1 = BN_dup(dmq1);

  269. +                niqmp = BN_dup(iqmp);

  270. +                if (ndmp1 == NULL || ndmq1 == NULL || niqmp == NULL) {

  271. +                    BN_free(ndmp1);

  272. +                    BN_free(ndmq1);

  273. +                    BN_free(niqmp);

  274.                      goto fail;
  275.                  }
  276. -            }

  277.  
  278. -            if (key->rsa->dmq1 != NULL) {

  279. -                new->rsa->dmq1 = BN_dup(key->rsa->dmq1);

  280. -                if (new->rsa->dmq1 == NULL) {

  281. -                    goto fail;

  282. -                }

  283. -            }

  284. -

  285. -            if (key->rsa->iqmp != NULL) {

  286. -                new->rsa->iqmp = BN_dup(key->rsa->iqmp);

  287. -                if (new->rsa->iqmp == NULL) {

  288. +                rc =  RSA_set0_crt_params(new->rsa, ndmp1, ndmq1, niqmp);

  289. +                if (rc == 0) {

  290. +                    BN_free(ndmp1);

  291. +                    BN_free(ndmq1);

  292. +                    BN_free(niqmp);

  293.                      goto fail;
  294.                  }
  295.              }
  296.          }
  297.  
  298.          break;
  299. +    }

  300.      case SSH_KEYTYPE_ECDSA:
  301.  #ifdef HAVE_OPENSSL_ECC
  302.          new->ecdsa_nid = key->ecdsa_nid;
  303. @@ -409,11 +451,30 @@ int pki_key_generate_rsa(ssh_key key, in

  304.  
  305.  int pki_key_generate_dss(ssh_key key, int parameter){
  306.      int rc;
  307. +#if OPENSSL_VERSION_NUMBER > 0x10100000L

  308. +    key->dsa = DSA_new();

  309. +    if (key->dsa == NULL) {

  310. +        return SSH_ERROR;

  311. +    }

  312. +    rc = DSA_generate_parameters_ex(key->dsa,

  313. +                                    parameter,

  314. +                                    NULL,  /* seed */

  315. +                                    0,     /* seed_len */

  316. +                                    NULL,  /* counter_ret */

  317. +                                    NULL,  /* h_ret */

  318. +                                    NULL); /* cb */

  319. +    if (rc != 1) {

  320. +        DSA_free(key->dsa);

  321. +        key->dsa = NULL;

  322. +        return SSH_ERROR;

  323. +    }

  324. +#else

  325.      key->dsa = DSA_generate_parameters(parameter, NULL, 0, NULL, NULL,
  326.              NULL, NULL);
  327.      if(key->dsa == NULL){
  328.          return SSH_ERROR;
  329.      }
  330. +#endif

  331.      rc = DSA_generate_key(key->dsa);
  332.      if (rc != 1){
  333.          DSA_free(key->dsa);
  334. @@ -466,51 +527,64 @@ int pki_key_compare(const ssh_key k1,

  335.                      enum ssh_keycmp_e what)
  336.  {
  337.      switch (k1->type) {
  338. -        case SSH_KEYTYPE_DSS:

  339. +        case SSH_KEYTYPE_DSS: {

  340. +            const BIGNUM *p1, *p2, *q1, *q2, *g1, *g2,

  341. +                *pub_key1, *pub_key2, *priv_key1, *priv_key2;

  342.              if (DSA_size(k1->dsa) != DSA_size(k2->dsa)) {
  343.                  return 1;
  344.              }
  345. -            if (bignum_cmp(k1->dsa->p, k2->dsa->p) != 0) {

  346. +            DSA_get0_pqg(k1->dsa, &p1, &q1, &g1);

  347. +            DSA_get0_pqg(k2->dsa, &p2, &q2, &g2);

  348. +            if (bignum_cmp(p1, p2) != 0) {

  349.                  return 1;
  350.              }
  351. -            if (bignum_cmp(k1->dsa->q, k2->dsa->q) != 0) {

  352. +            if (bignum_cmp(q1, q2) != 0) {

  353.                  return 1;
  354.              }
  355. -            if (bignum_cmp(k1->dsa->g, k2->dsa->g) != 0) {

  356. +            if (bignum_cmp(g1, g2) != 0) {

  357.                  return 1;
  358.              }
  359. -            if (bignum_cmp(k1->dsa->pub_key, k2->dsa->pub_key) != 0) {

  360. +            DSA_get0_key(k1->dsa, &pub_key1, &priv_key1);

  361. +            DSA_get0_key(k2->dsa, &pub_key2, &priv_key2);

  362. +            if (bignum_cmp(pub_key1, pub_key2) != 0) {

  363.                  return 1;
  364.              }
  365.  
  366.              if (what == SSH_KEY_CMP_PRIVATE) {
  367. -                if (bignum_cmp(k1->dsa->priv_key, k2->dsa->priv_key) != 0) {

  368. +                if (bignum_cmp(priv_key1, priv_key2) != 0) {

  369.                      return 1;
  370.                  }
  371.              }
  372.              break;
  373. +        }

  374.          case SSH_KEYTYPE_RSA:
  375. -        case SSH_KEYTYPE_RSA1:

  376. +        case SSH_KEYTYPE_RSA1: {

  377. +            const BIGNUM *e1, *e2, *n1, *n2, *p1, *p2, *q1, *q2;

  378.              if (RSA_size(k1->rsa) != RSA_size(k2->rsa)) {
  379.                  return 1;
  380.              }
  381. -            if (bignum_cmp(k1->rsa->e, k2->rsa->e) != 0) {

  382. +            RSA_get0_key(k1->rsa, &n1, &e1, NULL);

  383. +            RSA_get0_key(k2->rsa, &n2, &e2, NULL);

  384. +            if (bignum_cmp(e1, e2) != 0) {

  385.                  return 1;
  386.              }
  387. -            if (bignum_cmp(k1->rsa->n, k2->rsa->n) != 0) {

  388. +            if (bignum_cmp(n1, n2) != 0) {

  389.                  return 1;
  390.              }
  391.  
  392.              if (what == SSH_KEY_CMP_PRIVATE) {
  393. -                if (bignum_cmp(k1->rsa->p, k2->rsa->p) != 0) {

  394. +                RSA_get0_factors(k1->rsa, &p1, &q1);

  395. +                RSA_get0_factors(k2->rsa, &p2, &q2);

  396. +                if (bignum_cmp(p1, p2) != 0) {

  397.                      return 1;
  398.                  }
  399.  
  400. -                if (bignum_cmp(k1->rsa->q, k2->rsa->q) != 0) {

  401. +                if (bignum_cmp(q1, q2) != 0) {

  402.                      return 1;
  403.                  }
  404.              }
  405.              break;
  406. +        }

  407.          case SSH_KEYTYPE_ECDSA:
  408.  #ifdef HAVE_OPENSSL_ECC
  409.              {
  410. @@ -586,7 +660,7 @@ ssh_string pki_private_key_to_pem(const

  411.              } else {
  412.                  rc = PEM_write_bio_DSAPrivateKey(mem,
  413.                                                   key->dsa,
  414. -                                                 NULL, /* cipher */

  415. +                                                 EVP_aes_128_cbc(),

  416.                                                   NULL, /* kstr */
  417.                                                   0, /* klen */
  418.                                                   NULL, /* auth_fn */
  419. @@ -611,7 +685,7 @@ ssh_string pki_private_key_to_pem(const

  420.              } else {
  421.                  rc = PEM_write_bio_RSAPrivateKey(mem,
  422.                                                   key->rsa,
  423. -                                                 NULL, /* cipher */

  424. +                                                 EVP_aes_128_cbc(),

  425.                                                   NULL, /* kstr */
  426.                                                   0, /* klen */
  427.                                                   NULL, /* auth_fn */
  428. @@ -621,8 +695,8 @@ ssh_string pki_private_key_to_pem(const

  429.                  goto err;
  430.              }
  431.              break;
  432. -        case SSH_KEYTYPE_ECDSA:

  433.  #ifdef HAVE_ECC
  434. +        case SSH_KEYTYPE_ECDSA:

  435.              if (passphrase == NULL) {
  436.                  struct pem_get_password_struct pgp = { auth_fn, auth_data };
  437.  
  438. @@ -636,7 +710,7 @@ ssh_string pki_private_key_to_pem(const

  439.              } else {
  440.                  rc = PEM_write_bio_ECPrivateKey(mem,
  441.                                                  key->ecdsa,
  442. -                                                NULL, /* cipher */

  443. +                                                EVP_aes_128_cbc(),

  444.                                                  NULL, /* kstr */
  445.                                                  0, /* klen */
  446.                                                  NULL, /* auth_fn */
  447. @@ -819,43 +893,65 @@ int pki_pubkey_build_dss(ssh_key key,

  448.                           ssh_string q,
  449.                           ssh_string g,
  450.                           ssh_string pubkey) {
  451. +    int rc;

  452. +    BIGNUM *bp, *bq, *bg, *bpub_key;

  453. +

  454.      key->dsa = DSA_new();
  455.      if (key->dsa == NULL) {
  456.          return SSH_ERROR;
  457.      }
  458.  
  459. -    key->dsa->p = make_string_bn(p);

  460. -    key->dsa->q = make_string_bn(q);

  461. -    key->dsa->g = make_string_bn(g);

  462. -    key->dsa->pub_key = make_string_bn(pubkey);

  463. -    if (key->dsa->p == NULL ||

  464. -        key->dsa->q == NULL ||

  465. -        key->dsa->g == NULL ||

  466. -        key->dsa->pub_key == NULL) {

  467. -        DSA_free(key->dsa);

  468. -        return SSH_ERROR;

  469. +    bp = make_string_bn(p);

  470. +    bq = make_string_bn(q);

  471. +    bg = make_string_bn(g);

  472. +    bpub_key = make_string_bn(pubkey);

  473. +    if (bp == NULL || bq == NULL ||

  474. +        bg == NULL || bpub_key == NULL) {

  475. +        goto fail;

  476. +    }

  477. +

  478. +    rc = DSA_set0_pqg(key->dsa, bp, bq, bg);

  479. +    if (rc == 0) {

  480. +        goto fail;

  481. +    }

  482. +

  483. +    rc = DSA_set0_key(key->dsa, bpub_key, NULL);

  484. +    if (rc == 0) {

  485. +        goto fail;

  486.      }
  487.  
  488.      return SSH_OK;
  489. +fail:

  490. +    DSA_free(key->dsa);

  491. +    return SSH_ERROR;

  492.  }
  493.  
  494.  int pki_pubkey_build_rsa(ssh_key key,
  495.                           ssh_string e,
  496.                           ssh_string n) {
  497. +    int rc;

  498. +    BIGNUM *be, *bn;

  499. +

  500.      key->rsa = RSA_new();
  501.      if (key->rsa == NULL) {
  502.          return SSH_ERROR;
  503.      }
  504.  
  505. -    key->rsa->e = make_string_bn(e);

  506. -    key->rsa->n = make_string_bn(n);

  507. -    if (key->rsa->e == NULL ||

  508. -        key->rsa->n == NULL) {

  509. -        RSA_free(key->rsa);

  510. -        return SSH_ERROR;

  511. +    be = make_string_bn(e);

  512. +    bn = make_string_bn(n);

  513. +    if (be == NULL || bn == NULL) {

  514. +        goto fail;

  515. +    }

  516. +

  517. +    rc = RSA_set0_key(key->rsa, bn, be, NULL);

  518. +    if (rc == 0) {

  519. +        goto fail;

  520.      }
  521.  
  522.      return SSH_OK;
  523. +fail:

  524. +    RSA_free(key->rsa);

  525. +    return SSH_ERROR;

  526.  }
  527.  
  528.  ssh_string pki_publickey_to_blob(const ssh_key key)
  529. @@ -889,23 +985,26 @@ ssh_string pki_publickey_to_blob(const s

  530.      }
  531.  
  532.      switch (key->type) {
  533. -        case SSH_KEYTYPE_DSS:

  534. -            p = make_bignum_string(key->dsa->p);

  535. +        case SSH_KEYTYPE_DSS: {

  536. +            const BIGNUM *bp, *bq, *bg, *bpub_key;

  537. +            DSA_get0_pqg(key->dsa, &bp, &bq, &bg);

  538. +            p = make_bignum_string((BIGNUM *)bp);

  539.              if (p == NULL) {
  540.                  goto fail;
  541.              }
  542.  
  543. -            q = make_bignum_string(key->dsa->q);

  544. +            q = make_bignum_string((BIGNUM *)bq);

  545.              if (q == NULL) {
  546.                  goto fail;
  547.              }
  548.  
  549. -            g = make_bignum_string(key->dsa->g);

  550. +            g = make_bignum_string((BIGNUM *)bg);

  551.              if (g == NULL) {
  552.                  goto fail;
  553.              }
  554.  
  555. -            n = make_bignum_string(key->dsa->pub_key);

  556. +            DSA_get0_key(key->dsa, &bpub_key, NULL);

  557. +            n = make_bignum_string((BIGNUM *)bpub_key);

  558.              if (n == NULL) {
  559.                  goto fail;
  560.              }
  561. @@ -937,14 +1036,17 @@ ssh_string pki_publickey_to_blob(const s

  562.              n = NULL;
  563.  
  564.              break;
  565. +        }

  566.          case SSH_KEYTYPE_RSA:
  567. -        case SSH_KEYTYPE_RSA1:

  568. -            e = make_bignum_string(key->rsa->e);

  569. +        case SSH_KEYTYPE_RSA1: {

  570. +            const BIGNUM *be, *bn;

  571. +            RSA_get0_key(key->rsa, &bn, &be, NULL);

  572. +            e = make_bignum_string((BIGNUM *)be);

  573.              if (e == NULL) {
  574.                  goto fail;
  575.              }
  576.  
  577. -            n = make_bignum_string(key->rsa->n);

  578. +            n = make_bignum_string((BIGNUM *)bn);

  579.              if (n == NULL) {
  580.                  goto fail;
  581.              }
  582. @@ -964,6 +1066,7 @@ ssh_string pki_publickey_to_blob(const s

  583.              n = NULL;
  584.  
  585.              break;
  586. +        }

  587.          case SSH_KEYTYPE_ECDSA:
  588.  #ifdef HAVE_OPENSSL_ECC
  589.              rc = ssh_buffer_reinit(buffer);
  590. @@ -1065,13 +1168,15 @@ int pki_export_pubkey_rsa1(const ssh_key

  591.      char *e;
  592.      char *n;
  593.      int rsa_size = RSA_size(key->rsa);
  594. +    const BIGNUM *be, *bn;

  595.  
  596. -    e = bignum_bn2dec(key->rsa->e);

  597. +    RSA_get0_key(key->rsa, &bn, &be, NULL);

  598. +    e = bignum_bn2dec(be);

  599.      if (e == NULL) {
  600.          return SSH_ERROR;
  601.      }
  602.  
  603. -    n = bignum_bn2dec(key->rsa->n);

  604. +    n = bignum_bn2dec(bn);

  605.      if (n == NULL) {
  606.          OPENSSL_free(e);
  607.          return SSH_ERROR;
  608. @@ -1136,6 +1241,7 @@ static ssh_string pki_dsa_signature_to_b

  609.  {
  610.      char buffer[40] = { 0 };
  611.      ssh_string sig_blob = NULL;
  612. +    const BIGNUM *pr, *ps;

  613.  
  614.      ssh_string r;
  615.      int r_len, r_offset_in, r_offset_out;
  616. @@ -1143,12 +1249,13 @@ static ssh_string pki_dsa_signature_to_b

  617.      ssh_string s;
  618.      int s_len, s_offset_in, s_offset_out;
  619.  
  620. -    r = make_bignum_string(sig->dsa_sig->r);

  621. +    DSA_SIG_get0(sig->dsa_sig, &pr, &ps);

  622. +    r = make_bignum_string((BIGNUM *)pr);

  623.      if (r == NULL) {
  624.          return NULL;
  625.      }
  626.  
  627. -    s = make_bignum_string(sig->dsa_sig->s);

  628. +    s = make_bignum_string((BIGNUM *)ps);

  629.      if (s == NULL) {
  630.          ssh_string_free(r);
  631.          return NULL;
  632. @@ -1201,13 +1308,15 @@ ssh_string pki_signature_to_blob(const s

  633.              ssh_string s;
  634.              ssh_buffer b;
  635.              int rc;
  636. +            const BIGNUM *pr, *ps;

  637.  
  638.              b = ssh_buffer_new();
  639.              if (b == NULL) {
  640.                  return NULL;
  641.              }
  642.  
  643. -            r = make_bignum_string(sig->ecdsa_sig->r);

  644. +            ECDSA_SIG_get0(sig->ecdsa_sig, &pr, &ps);

  645. +            r = make_bignum_string((BIGNUM *)pr);

  646.              if (r == NULL) {
  647.                  ssh_buffer_free(b);
  648.                  return NULL;
  649. @@ -1219,7 +1328,7 @@ ssh_string pki_signature_to_blob(const s

  650.                  return NULL;
  651.              }
  652.  
  653. -            s = make_bignum_string(sig->ecdsa_sig->s);

  654. +            s = make_bignum_string((BIGNUM *)ps);

  655.              if (s == NULL) {
  656.                  ssh_buffer_free(b);
  657.                  return NULL;
  658. @@ -1324,6 +1433,7 @@ ssh_signature pki_signature_from_blob(co

  659.      ssh_string s;
  660.      size_t len;
  661.      int rc;
  662. +    BIGNUM *pr = NULL, *ps = NULL;

  663.  
  664.      sig = ssh_signature_new();
  665.      if (sig == NULL) {
  666. @@ -1363,9 +1473,9 @@ ssh_signature pki_signature_from_blob(co

  667.              }
  668.              ssh_string_fill(r, ssh_string_data(sig_blob), 20);
  669.  
  670. -            sig->dsa_sig->r = make_string_bn(r);

  671. +            pr = make_string_bn(r);

  672.              ssh_string_free(r);
  673. -            if (sig->dsa_sig->r == NULL) {

  674. +            if (pr == NULL) {

  675.                  ssh_signature_free(sig);
  676.                  return NULL;
  677.              }
  678. @@ -1377,9 +1487,15 @@ ssh_signature pki_signature_from_blob(co

  679.              }
  680.              ssh_string_fill(s, (char *)ssh_string_data(sig_blob) + 20, 20);
  681.  
  682. -            sig->dsa_sig->s = make_string_bn(s);

  683. +            ps = make_string_bn(s);

  684.              ssh_string_free(s);
  685. -            if (sig->dsa_sig->s == NULL) {

  686. +            if (ps == NULL) {

  687. +                ssh_signature_free(sig);

  688. +                return NULL;

  689. +            }

  690. +

  691. +            rc = DSA_SIG_set0(sig->dsa_sig, pr, ps);

  692. +            if (rc == 0) {

  693.                  ssh_signature_free(sig);
  694.                  return NULL;
  695.              }
  696. @@ -1427,17 +1543,17 @@ ssh_signature pki_signature_from_blob(co

  697.                  ssh_print_hexa("r", ssh_string_data(r), ssh_string_len(r));
  698.  #endif
  699.  
  700. -                make_string_bn_inplace(r, sig->ecdsa_sig->r);

  701. +                pr = make_string_bn(r);

  702.                  ssh_string_burn(r);
  703.                  ssh_string_free(r);
  704. -                if (sig->ecdsa_sig->r == NULL) {

  705. +                if (pr == NULL) {

  706.                      ssh_buffer_free(b);
  707.                      ssh_signature_free(sig);
  708.                      return NULL;
  709.                  }
  710.  
  711.                  s = buffer_get_ssh_string(b);
  712. -                rlen = buffer_get_rest_len(b);

  713. +                rlen = buffer_get_len(b);

  714.                  ssh_buffer_free(b);
  715.                  if (s == NULL) {
  716.                      ssh_signature_free(sig);
  717. @@ -1448,10 +1564,16 @@ ssh_signature pki_signature_from_blob(co

  718.                  ssh_print_hexa("s", ssh_string_data(s), ssh_string_len(s));
  719.  #endif
  720.  
  721. -                make_string_bn_inplace(s, sig->ecdsa_sig->s);

  722. +                ps = make_string_bn(s);

  723.                  ssh_string_burn(s);
  724.                  ssh_string_free(s);
  725. -                if (sig->ecdsa_sig->s == NULL) {

  726. +                if (ps == NULL) {

  727. +                    ssh_signature_free(sig);

  728. +                    return NULL;

  729. +                }

  730. +

  731. +                rc = ECDSA_SIG_set0(sig->ecdsa_sig, pr, ps);

  732. +                if (rc == 0) {

  733.                      ssh_signature_free(sig);
  734.                      return NULL;
  735.                  }
  736. @@ -1578,8 +1700,12 @@ ssh_signature pki_do_sign(const ssh_key

  737.              }
  738.  
  739.  #ifdef DEBUG_CRYPTO
  740. -            ssh_print_bignum("r", sig->dsa_sig->r);

  741. -            ssh_print_bignum("s", sig->dsa_sig->s);

  742. +            {

  743. +                const BIGNUM *pr, *ps;

  744. +                DSA_SIG_get0(sig->dsa_sig, &pr, &ps);

  745. +                ssh_print_bignum("r", (BIGNUM *) pr);

  746. +                ssh_print_bignum("s", (BIGNUM *) ps);

  747. +            }

  748.  #endif
  749.  
  750.              break;
  751. @@ -1601,8 +1727,12 @@ ssh_signature pki_do_sign(const ssh_key

  752.              }
  753.  
  754.  # ifdef DEBUG_CRYPTO
  755. -            ssh_print_bignum("r", sig->ecdsa_sig->r);

  756. -            ssh_print_bignum("s", sig->ecdsa_sig->s);

  757. +            {

  758. +                const BIGNUM *pr, *ps;

  759. +                ECDSA_SIG_get0(sig->ecdsa_sig, &pr, &ps);

  760. +                ssh_print_bignum("r", (BIGNUM *) pr);

  761. +                ssh_print_bignum("s", (BIGNUM *) ps);

  762. +            }

  763.  # endif /* DEBUG_CRYPTO */
  764.  
  765.              break;
  766. --- a/src/CMakeLists.txt

  767. +++ b/src/CMakeLists.txt

  768. @@ -164,6 +164,9 @@ else (WITH_GCRYPT)

  769.          ${libssh_SRCS}
  770.          pki_crypto.c
  771.         )
  772. +    if(OPENSSL_VERSION VERSION_LESS "1.1.0")

  773. +        set(libssh_SRCS ${libssh_SRCS} libcrypto-compat.c)

  774. +    endif()

  775.  endif (WITH_GCRYPT)
  776.  
  777.  if (WITH_SFTP)
  778. --- /dev/null

  779. +++ b/src/libcrypto-compat.c

  780. @@ -0,0 +1,334 @@

  781. +/*

  782. + * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.

  783. + *

  784. + * Licensed under the OpenSSL license (the "License").  You may not use

  785. + * this file except in compliance with the License.  You can obtain a copy

  786. + * in the file LICENSE in the source distribution or at

  787. + * https://www.openssl.org/source/license.html

  788. + */

  789. +

  790. +#include "config.h"

  791. +

  792. +#include <string.h>

  793. +#include <openssl/engine.h>

  794. +#include "libcrypto-compat.h"

  795. +

  796. +static void *OPENSSL_zalloc(size_t num)

  797. +{

  798. +    void *ret = OPENSSL_malloc(num);

  799. +

  800. +    if (ret != NULL)

  801. +        memset(ret, 0, num);

  802. +    return ret;

  803. +}

  804. +

  805. +int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d)

  806. +{

  807. +    /* If the fields n and e in r are NULL, the corresponding input

  808. +     * parameters MUST be non-NULL for n and e.  d may be

  809. +     * left NULL (in case only the public key is used).

  810. +     */

  811. +    if ((r->n == NULL && n == NULL)

  812. +        || (r->e == NULL && e == NULL))

  813. +        return 0;

  814. +

  815. +    if (n != NULL) {

  816. +        BN_free(r->n);

  817. +        r->n = n;

  818. +    }

  819. +    if (e != NULL) {

  820. +        BN_free(r->e);

  821. +        r->e = e;

  822. +    }

  823. +    if (d != NULL) {

  824. +        BN_free(r->d);

  825. +        r->d = d;

  826. +    }

  827. +

  828. +    return 1;

  829. +}

  830. +

  831. +int RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q)

  832. +{

  833. +    /* If the fields p and q in r are NULL, the corresponding input

  834. +     * parameters MUST be non-NULL.

  835. +     */

  836. +    if ((r->p == NULL && p == NULL)

  837. +        || (r->q == NULL && q == NULL))

  838. +        return 0;

  839. +

  840. +    if (p != NULL) {

  841. +        BN_free(r->p);

  842. +        r->p = p;

  843. +    }

  844. +    if (q != NULL) {

  845. +        BN_free(r->q);

  846. +        r->q = q;

  847. +    }

  848. +

  849. +    return 1;

  850. +}

  851. +

  852. +int RSA_set0_crt_params(RSA *r, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp)

  853. +{

  854. +    /* If the fields dmp1, dmq1 and iqmp in r are NULL, the corresponding input

  855. +     * parameters MUST be non-NULL.

  856. +     */

  857. +    if ((r->dmp1 == NULL && dmp1 == NULL)

  858. +        || (r->dmq1 == NULL && dmq1 == NULL)

  859. +        || (r->iqmp == NULL && iqmp == NULL))

  860. +        return 0;

  861. +

  862. +    if (dmp1 != NULL) {

  863. +        BN_free(r->dmp1);

  864. +        r->dmp1 = dmp1;

  865. +    }

  866. +    if (dmq1 != NULL) {

  867. +        BN_free(r->dmq1);

  868. +        r->dmq1 = dmq1;

  869. +    }

  870. +    if (iqmp != NULL) {

  871. +        BN_free(r->iqmp);

  872. +        r->iqmp = iqmp;

  873. +    }

  874. +

  875. +    return 1;

  876. +}

  877. +

  878. +void RSA_get0_key(const RSA *r,

  879. +                  const BIGNUM **n, const BIGNUM **e, const BIGNUM **d)

  880. +{

  881. +    if (n != NULL)

  882. +        *n = r->n;

  883. +    if (e != NULL)

  884. +        *e = r->e;

  885. +    if (d != NULL)

  886. +        *d = r->d;

  887. +}

  888. +

  889. +void RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q)

  890. +{

  891. +    if (p != NULL)

  892. +        *p = r->p;

  893. +    if (q != NULL)

  894. +        *q = r->q;

  895. +}

  896. +

  897. +void RSA_get0_crt_params(const RSA *r,

  898. +                         const BIGNUM **dmp1, const BIGNUM **dmq1,

  899. +                         const BIGNUM **iqmp)

  900. +{

  901. +    if (dmp1 != NULL)

  902. +        *dmp1 = r->dmp1;

  903. +    if (dmq1 != NULL)

  904. +        *dmq1 = r->dmq1;

  905. +    if (iqmp != NULL)

  906. +        *iqmp = r->iqmp;

  907. +}

  908. +

  909. +void DSA_get0_pqg(const DSA *d,

  910. +                  const BIGNUM **p, const BIGNUM **q, const BIGNUM **g)

  911. +{

  912. +    if (p != NULL)

  913. +        *p = d->p;

  914. +    if (q != NULL)

  915. +        *q = d->q;

  916. +    if (g != NULL)

  917. +        *g = d->g;

  918. +}

  919. +

  920. +int DSA_set0_pqg(DSA *d, BIGNUM *p, BIGNUM *q, BIGNUM *g)

  921. +{

  922. +    /* If the fields p, q and g in d are NULL, the corresponding input

  923. +     * parameters MUST be non-NULL.

  924. +     */

  925. +    if ((d->p == NULL && p == NULL)

  926. +        || (d->q == NULL && q == NULL)

  927. +        || (d->g == NULL && g == NULL))

  928. +        return 0;

  929. +

  930. +    if (p != NULL) {

  931. +        BN_free(d->p);

  932. +        d->p = p;

  933. +    }

  934. +    if (q != NULL) {

  935. +        BN_free(d->q);

  936. +        d->q = q;

  937. +    }

  938. +    if (g != NULL) {

  939. +        BN_free(d->g);

  940. +        d->g = g;

  941. +    }

  942. +

  943. +    return 1;

  944. +}

  945. +

  946. +void DSA_get0_key(const DSA *d,

  947. +                  const BIGNUM **pub_key, const BIGNUM **priv_key)

  948. +{

  949. +    if (pub_key != NULL)

  950. +        *pub_key = d->pub_key;

  951. +    if (priv_key != NULL)

  952. +        *priv_key = d->priv_key;

  953. +}

  954. +

  955. +int DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key)

  956. +{

  957. +    /* If the field pub_key in d is NULL, the corresponding input

  958. +     * parameters MUST be non-NULL.  The priv_key field may

  959. +     * be left NULL.

  960. +     */

  961. +    if (d->pub_key == NULL && pub_key == NULL)

  962. +        return 0;

  963. +

  964. +    if (pub_key != NULL) {

  965. +        BN_free(d->pub_key);

  966. +        d->pub_key = pub_key;

  967. +    }

  968. +    if (priv_key != NULL) {

  969. +        BN_free(d->priv_key);

  970. +        d->priv_key = priv_key;

  971. +    }

  972. +

  973. +    return 1;

  974. +}

  975. +

  976. +void DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps)

  977. +{

  978. +    if (pr != NULL)

  979. +        *pr = sig->r;

  980. +    if (ps != NULL)

  981. +        *ps = sig->s;

  982. +}

  983. +

  984. +int DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s)

  985. +{

  986. +    if (r == NULL || s == NULL)

  987. +        return 0;

  988. +    BN_clear_free(sig->r);

  989. +    BN_clear_free(sig->s);

  990. +    sig->r = r;

  991. +    sig->s = s;

  992. +    return 1;

  993. +}

  994. +

  995. +void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps)

  996. +{

  997. +    if (pr != NULL)

  998. +        *pr = sig->r;

  999. +    if (ps != NULL)

  1000. +        *ps = sig->s;

  1001. +}

  1002. +

  1003. +int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s)

  1004. +{

  1005. +    if (r == NULL || s == NULL)

  1006. +        return 0;

  1007. +    BN_clear_free(sig->r);

  1008. +    BN_clear_free(sig->s);

  1009. +    sig->r = r;

  1010. +    sig->s = s;

  1011. +    return 1;

  1012. +}

  1013. +

  1014. +EVP_MD_CTX *EVP_MD_CTX_new(void)

  1015. +{

  1016. +    return OPENSSL_zalloc(sizeof(EVP_MD_CTX));

  1017. +}

  1018. +

  1019. +static void OPENSSL_clear_free(void *str, size_t num)

  1020. +{

  1021. +    if (str == NULL)

  1022. +        return;

  1023. +    if (num)

  1024. +        OPENSSL_cleanse(str, num);

  1025. +    OPENSSL_free(str);

  1026. +}

  1027. +

  1028. +/* This call frees resources associated with the context */

  1029. +int EVP_MD_CTX_reset(EVP_MD_CTX *ctx)

  1030. +{

  1031. +    if (ctx == NULL)

  1032. +        return 1;

  1033. +

  1034. +    /*

  1035. +     * Don't assume ctx->md_data was cleaned in EVP_Digest_Final, because

  1036. +     * sometimes only copies of the context are ever finalised.

  1037. +     */

  1038. +    if (ctx->digest && ctx->digest->cleanup

  1039. +        && !EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_CLEANED))

  1040. +        ctx->digest->cleanup(ctx);

  1041. +    if (ctx->digest && ctx->digest->ctx_size && ctx->md_data

  1042. +        && !EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_REUSE)) {

  1043. +        OPENSSL_clear_free(ctx->md_data, ctx->digest->ctx_size);

  1044. +    }

  1045. +    EVP_PKEY_CTX_free(ctx->pctx);

  1046. +#ifndef OPENSSL_NO_ENGINE

  1047. +    ENGINE_finish(ctx->engine);

  1048. +#endif

  1049. +    OPENSSL_cleanse(ctx, sizeof(*ctx));

  1050. +

  1051. +    return 1;

  1052. +}

  1053. +

  1054. +void EVP_MD_CTX_free(EVP_MD_CTX *ctx)

  1055. +{

  1056. +    EVP_MD_CTX_reset(ctx);

  1057. +    OPENSSL_free(ctx);

  1058. +}

  1059. +

  1060. +HMAC_CTX *HMAC_CTX_new(void)

  1061. +{

  1062. +    HMAC_CTX *ctx = OPENSSL_zalloc(sizeof(HMAC_CTX));

  1063. +

  1064. +    if (ctx != NULL) {

  1065. +        if (!HMAC_CTX_reset(ctx)) {

  1066. +            HMAC_CTX_free(ctx);

  1067. +            return NULL;

  1068. +        }

  1069. +    }

  1070. +    return ctx;

  1071. +}

  1072. +

  1073. +static void hmac_ctx_cleanup(HMAC_CTX *ctx)

  1074. +{

  1075. +    EVP_MD_CTX_reset(&ctx->i_ctx);

  1076. +    EVP_MD_CTX_reset(&ctx->o_ctx);

  1077. +    EVP_MD_CTX_reset(&ctx->md_ctx);

  1078. +    ctx->md = NULL;

  1079. +    ctx->key_length = 0;

  1080. +    OPENSSL_cleanse(ctx->key, sizeof(ctx->key));

  1081. +}

  1082. +

  1083. +void HMAC_CTX_free(HMAC_CTX *ctx)

  1084. +{

  1085. +    if (ctx != NULL) {

  1086. +        hmac_ctx_cleanup(ctx);

  1087. +#if OPENSSL_VERSION_NUMBER > 0x10100000L

  1088. +        EVP_MD_CTX_free(&ctx->i_ctx);

  1089. +        EVP_MD_CTX_free(&ctx->o_ctx);

  1090. +        EVP_MD_CTX_free(&ctx->md_ctx);

  1091. +#endif

  1092. +        OPENSSL_free(ctx);

  1093. +    }

  1094. +}

  1095. +

  1096. +int HMAC_CTX_reset(HMAC_CTX *ctx)

  1097. +{

  1098. +    HMAC_CTX_init(ctx);

  1099. +    return 1;

  1100. +}

  1101. +

  1102. +#ifndef HAVE_OPENSSL_EVP_CIPHER_CTX_NEW

  1103. +EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void)

  1104. +{

  1105. +    return OPENSSL_zalloc(sizeof(EVP_CIPHER_CTX));

  1106. +}

  1107. +

  1108. +void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx)

  1109. +{

  1110. +    /* EVP_CIPHER_CTX_reset(ctx); alias */

  1111. +    EVP_CIPHER_CTX_init(ctx);

  1112. +    OPENSSL_free(ctx);

  1113. +}

  1114. +#endif

  1115. --- /dev/null

  1116. +++ b/src/libcrypto-compat.h

  1117. @@ -0,0 +1,42 @@

  1118. +#ifndef LIBCRYPTO_COMPAT_H

  1119. +#define LIBCRYPTO_COMPAT_H

  1120. +

  1121. +#include <openssl/opensslv.h>

  1122. +#if OPENSSL_VERSION_NUMBER < 0x10100000L

  1123. +

  1124. +#include <openssl/rsa.h>

  1125. +#include <openssl/dsa.h>

  1126. +#include <openssl/ecdsa.h>

  1127. +#include <openssl/dh.h>

  1128. +#include <openssl/evp.h>

  1129. +#include <openssl/hmac.h>

  1130. +

  1131. +int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d);

  1132. +int RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q);

  1133. +int RSA_set0_crt_params(RSA *r, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp);

  1134. +void RSA_get0_key(const RSA *r, const BIGNUM **n, const BIGNUM **e, const BIGNUM **d);

  1135. +void RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q);

  1136. +void RSA_get0_crt_params(const RSA *r, const BIGNUM **dmp1, const BIGNUM **dmq1, const BIGNUM **iqmp);

  1137. +

  1138. +void DSA_get0_pqg(const DSA *d, const BIGNUM **p, const BIGNUM **q, const BIGNUM **g);

  1139. +int DSA_set0_pqg(DSA *d, BIGNUM *p, BIGNUM *q, BIGNUM *g);

  1140. +void DSA_get0_key(const DSA *d, const BIGNUM **pub_key, const BIGNUM **priv_key);

  1141. +int DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key);

  1142. +

  1143. +void DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps);

  1144. +int DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s);

  1145. +

  1146. +void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps);

  1147. +int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s);

  1148. +

  1149. +int EVP_MD_CTX_reset(EVP_MD_CTX *ctx);

  1150. +EVP_MD_CTX *EVP_MD_CTX_new(void);

  1151. +void EVP_MD_CTX_free(EVP_MD_CTX *ctx);

  1152. +

  1153. +HMAC_CTX *HMAC_CTX_new(void);

  1154. +int HMAC_CTX_reset(HMAC_CTX *ctx);

  1155. +void HMAC_CTX_free(HMAC_CTX *ctx);

  1156. +

  1157. +#endif /* OPENSSL_VERSION_NUMBER */

  1158. +

  1159. +#endif /* LIBCRYPTO_COMPAT_H */