Attachment 1914 Details for Bug 1260 – /home/djm/ssh-openssl-no-deprecated.diff

[patch] /home/djm/ssh-openssl-no-deprecated.diff

ssh-openssl-no-deprecated.diff (text/plain), 4.92 KB, created by Damien Miller on 2010-08-27 11:28:22 AEST

(hide)

Description:

Filename:

MIME Type:

Creator: Damien Miller

Created: 2010-08-27 11:28:22 AEST

Size: 4.92 KB

patch

obsolete

>Index: Makefile.inc
>===================================================================
>RCS file: /cvs/src/usr.bin/ssh/Makefile.inc,v
>retrieving revision 1.36
>diff -u -p -r1.36 Makefile.inc
>--- Makefile.inc	20 Feb 2010 20:28:11 -0000	1.36
>+++ Makefile.inc	27 Aug 2010 01:23:37 -0000
>@@ -3,7 +3,7 @@
> CFLAGS+=	-I${.CURDIR}/..
> 
> CDIAGFLAGS=	-Wall
>-#CDIAGFLAGS+=	-Werror
>+CDIAGFLAGS+=	-Werror
> CDIAGFLAGS+=	-Wpointer-arith
> CDIAGFLAGS+=	-Wno-uninitialized
> CDIAGFLAGS+=	-Wstrict-prototypes
>@@ -15,6 +15,7 @@ CDIAGFLAGS+=	-Wshadow
> 
> #DEBUG=-g
> 
>+CFLAGS+= -DOPENSSL_NO_DEPRECATED
> #CFLAGS+=	-DJPAKE
> 
> CFLAGS+=	-DENABLE_PKCS11
>Index: kexdhc.c
>===================================================================
>RCS file: /cvs/src/usr.bin/ssh/kexdhc.c,v
>retrieving revision 1.11
>diff -u -p -r1.11 kexdhc.c
>--- kexdhc.c	6 Nov 2006 21:25:28 -0000	1.11
>+++ kexdhc.c	27 Aug 2010 01:23:37 -0000
>@@ -25,6 +25,8 @@
> 
> #include <sys/types.h>
> 
>+#include <openssl/dh.h>
>+
> #include <stdio.h>
> #include <string.h>
> #include <signal.h>
>Index: kexdhs.c
>===================================================================
>RCS file: /cvs/src/usr.bin/ssh/kexdhs.c,v
>retrieving revision 1.11
>diff -u -p -r1.11 kexdhs.c
>--- kexdhs.c	26 Feb 2010 20:29:54 -0000	1.11
>+++ kexdhs.c	27 Aug 2010 01:23:37 -0000
>@@ -28,6 +28,8 @@
> #include <string.h>
> #include <signal.h>
> 
>+#include <openssl/dh.h>
>+
> #include "xmalloc.h"
> #include "buffer.h"
> #include "key.h"
>Index: kexgexc.c
>===================================================================
>RCS file: /cvs/src/usr.bin/ssh/kexgexc.c,v
>retrieving revision 1.11
>diff -u -p -r1.11 kexgexc.c
>--- kexgexc.c	6 Nov 2006 21:25:28 -0000	1.11
>+++ kexgexc.c	27 Aug 2010 01:23:37 -0000
>@@ -26,6 +26,8 @@
> 
> #include <sys/types.h>
> 
>+#include <openssl/dh.h>
>+
> #include <stdio.h>
> #include <string.h>
> #include <signal.h>
>Index: kexgexs.c
>===================================================================
>RCS file: /cvs/src/usr.bin/ssh/kexgexs.c,v
>retrieving revision 1.13
>diff -u -p -r1.13 kexgexs.c
>--- kexgexs.c	26 Feb 2010 20:29:54 -0000	1.13
>+++ kexgexs.c	27 Aug 2010 01:23:37 -0000
>@@ -30,6 +30,8 @@
> #include <string.h>
> #include <signal.h>
> 
>+#include <openssl/dh.h>
>+
> #include "xmalloc.h"
> #include "buffer.h"
> #include "key.h"
>Index: key.c
>===================================================================
>RCS file: /cvs/src/usr.bin/ssh/key.c,v
>retrieving revision 1.90
>diff -u -p -r1.90 key.c
>--- key.c	13 Jul 2010 23:13:16 -0000	1.90
>+++ key.c	27 Aug 2010 01:23:37 -0000
>@@ -871,25 +871,33 @@ key_size(const Key *k)
> static RSA *
> rsa_generate_private_key(u_int bits)
> {
>-	RSA *private;
>+	RSA *private = RSA_new();
>+	BIGNUM *f4 = BN_new();
> 
>-	private = RSA_generate_key(bits, RSA_F4, NULL, NULL);
> 	if (private == NULL)
>-		fatal("rsa_generate_private_key: key generation failed.");
>+		fatal("%s: RSA_new failed", __func__);
>+	if (f4 == NULL)
>+		fatal("%s: BN_new failed", __func__);
>+	if (!BN_set_word(f4, RSA_F4))
>+		fatal("%s: BN_new failed", __func__);
>+	if (!RSA_generate_key_ex(private, bits, f4, NULL))
>+		fatal("%s: key generation failed.", __func__);
>+	BN_free(f4);
> 	return private;
> }
> 
> static DSA*
> dsa_generate_private_key(u_int bits)
> {
>-	DSA *private = DSA_generate_parameters(bits, NULL, 0, NULL, NULL, NULL, NULL);
>+	DSA *private = DSA_new();
> 
> 	if (private == NULL)
>-		fatal("dsa_generate_private_key: DSA_generate_parameters failed");
>+		fatal("%s: DSA_new failed", __func__);
>+	if (!DSA_generate_parameters_ex(private, bits, NULL, 0, NULL,
>+	    NULL, NULL))
>+		fatal("%s: DSA_generate_parameters failed", __func__);
> 	if (!DSA_generate_key(private))
>-		fatal("dsa_generate_private_key: DSA_generate_key failed.");
>-	if (private == NULL)
>-		fatal("dsa_generate_private_key: NULL.");
>+		fatal("%s: DSA_generate_key failed.", __func__);
> 	return private;
> }
> 
>Index: moduli.c
>===================================================================
>RCS file: /cvs/src/usr.bin/ssh/moduli.c,v
>retrieving revision 1.21
>diff -u -p -r1.21 moduli.c
>--- moduli.c	26 Jun 2008 09:19:40 -0000	1.21
>+++ moduli.c	27 Aug 2010 01:23:37 -0000
>@@ -598,7 +598,7 @@ prime_test(FILE *in, FILE *out, u_int32_
> 		 * that p is also prime. A single pass will weed out the
> 		 * vast majority of composite q's.
> 		 */
>-		if (BN_is_prime(q, 1, NULL, ctx, NULL) <= 0) {
>+		if (BN_is_prime_ex(q, 1, ctx, NULL) <= 0) {
> 			debug("%10u: q failed first possible prime test",
> 			    count_in);
> 			continue;
>@@ -611,14 +611,14 @@ prime_test(FILE *in, FILE *out, u_int32_
> 		 * will show up on the first Rabin-Miller iteration so it
> 		 * doesn't hurt to specify a high iteration count.
> 		 */
>-		if (!BN_is_prime(p, trials, NULL, ctx, NULL)) {
>+		if (!BN_is_prime_ex(p, trials, ctx, NULL)) {
> 			debug("%10u: p is not prime", count_in);
> 			continue;
> 		}
> 		debug("%10u: p is almost certainly prime", count_in);
> 
> 		/* recheck q more rigorously */
>-		if (!BN_is_prime(q, trials - 1, NULL, ctx, NULL)) {
>+		if (!BN_is_prime_ex(q, trials - 1, ctx, NULL)) {
> 			debug("%10u: q is not prime", count_in);
> 			continue;
> 		}

Flags:

dtucker: ok+

Actions: View | Diff

Attachments on bug 1260: 1914