deleted file mode 100644
@@ -1,994 +0,0 @@
-From 7280401bdd77ca54be6867a154cc01e0d72612e0 Mon Sep 17 00:00:00 2001
-From: Damien Miller <djm@mindrot.org>
-Date: Fri, 24 Mar 2023 13:56:25 +1100
-Subject: [PATCH] remove support for old libcrypto
-
-OpenSSH now requires LibreSSL 3.1.0 or greater or
-OpenSSL 1.1.1 or greater
-
-with/ok dtucker@
-
-Upstream-Status: Backport [https://github.com/openssh/openssh-portable/commit/7280401bdd77ca54be6867a154cc01e0d72612e0]
-Comment: Hunks are refreshed.
-Signed-off-by: Riyaz Khan <Riyaz.Khan@kpit.com>
-
----
- .github/workflows/c-cpp.yml | 7 -
- INSTALL | 8 +-
- cipher-aes.c | 2 +-
- configure.ac | 96 ++---
- openbsd-compat/libressl-api-compat.c | 556 +--------------------------
- openbsd-compat/openssl-compat.h | 151 +-------
- 6 files changed, 40 insertions(+), 780 deletions(-)
-
-diff --git a/.github/workflows/c-cpp.yml b/.github/workflows/c-cpp.yml
-index 3d9aa22dba5..d299a32468d 100644
---- a/.github/workflows/c-cpp.yml
-+++ b/.github/workflows/c-cpp.yml
-@@ -47,9 +47,6 @@ jobs:
- - { target: ubuntu-20.04, config: tcmalloc }
- - { target: ubuntu-20.04, config: musl }
- - { target: ubuntu-latest, config: libressl-master }
-- - { target: ubuntu-latest, config: libressl-2.2.9 }
-- - { target: ubuntu-latest, config: libressl-2.8.3 }
-- - { target: ubuntu-latest, config: libressl-3.0.2 }
- - { target: ubuntu-latest, config: libressl-3.2.6 }
- - { target: ubuntu-latest, config: libressl-3.3.6 }
- - { target: ubuntu-latest, config: libressl-3.4.3 }
-@@ -58,10 +55,6 @@ jobs:
- - { target: ubuntu-latest, config: libressl-3.7.0 }
- - { target: ubuntu-latest, config: openssl-master }
- - { target: ubuntu-latest, config: openssl-noec }
-- - { target: ubuntu-latest, config: openssl-1.0.1 }
-- - { target: ubuntu-latest, config: openssl-1.0.1u }
-- - { target: ubuntu-latest, config: openssl-1.0.2u }
-- - { target: ubuntu-latest, config: openssl-1.1.0h }
- - { target: ubuntu-latest, config: openssl-1.1.1 }
- - { target: ubuntu-latest, config: openssl-1.1.1k }
- - { target: ubuntu-latest, config: openssl-1.1.1n }
-diff --git a/INSTALL b/INSTALL
-index 68b15e13190..f99d1e2a809 100644
---- a/INSTALL
-+++ b/INSTALL
-@@ -21,12 +21,8 @@ https://zlib.net/
-
- libcrypto from either of LibreSSL or OpenSSL. Building without libcrypto
- is supported but severely restricts the available ciphers and algorithms.
-- - LibreSSL (https://www.libressl.org/)
-- - OpenSSL (https://www.openssl.org) with any of the following versions:
-- - 1.0.x >= 1.0.1 or 1.1.0 >= 1.1.0g or any 1.1.1
--
--Note that due to a bug in EVP_CipherInit OpenSSL 1.1 versions prior to
--1.1.0g can't be used.
-+ - LibreSSL (https://www.libressl.org/) 3.1.0 or greater
-+ - OpenSSL (https://www.openssl.org) 1.1.1 or greater
-
- LibreSSL/OpenSSL should be compiled as a position-independent library
- (i.e. -fPIC, eg by configuring OpenSSL as "./config [options] -fPIC"
-diff --git a/cipher-aes.c b/cipher-aes.c
-index 8b101727284..87c763353d8 100644
---- a/cipher-aes.c
-+++ b/cipher-aes.c
-@@ -69,7 +69,7 @@ ssh_rijndael_init(EVP_CIPHER_CTX *ctx, const u_char *key, const u_char *iv,
-
- static int
- ssh_rijndael_cbc(EVP_CIPHER_CTX *ctx, u_char *dest, const u_char *src,
-- LIBCRYPTO_EVP_INL_TYPE len)
-+ size_t len)
- {
- struct ssh_rijndael_ctx *c;
- u_char buf[RIJNDAEL_BLOCKSIZE];
-diff --git a/configure.ac b/configure.ac
-index 22fee70f604..1c0ccdf19c5 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -2802,42 +2802,40 @@ if test "x$openssl" = "xyes" ; then
- #include <openssl/crypto.h>
- #define DATA "conftest.ssllibver"
- ]], [[
-- FILE *fd;
-- int rc;
-+ FILE *f;
-
-- fd = fopen(DATA,"w");
-- if(fd == NULL)
-+ if ((f = fopen(DATA, "w")) == NULL)
- exit(1);
--#ifndef OPENSSL_VERSION
--# define OPENSSL_VERSION SSLEAY_VERSION
--#endif
--#ifndef HAVE_OPENSSL_VERSION
--# define OpenSSL_version SSLeay_version
--#endif
--#ifndef HAVE_OPENSSL_VERSION_NUM
--# define OpenSSL_version_num SSLeay
--#endif
-- if ((rc = fprintf(fd, "%08lx (%s)\n",
-+ if (fprintf(f, "%08lx (%s)",
- (unsigned long)OpenSSL_version_num(),
-- OpenSSL_version(OPENSSL_VERSION))) < 0)
-+ OpenSSL_version(OPENSSL_VERSION)) < 0)
-+ exit(1);
-+#ifdef LIBRESSL_VERSION_NUMBER
-+ if (fprintf(f, " libressl-%08lx", LIBRESSL_VERSION_NUMBER) < 0)
-+ exit(1);
-+#endif
-+ if (fputc('\n', f) == EOF || fclose(f) == EOF)
- exit(1);
--
- exit(0);
- ]])],
- [
-- ssl_library_ver=`cat conftest.ssllibver`
-+ sslver=`cat conftest.ssllibver`
-+ ssl_showver=`echo "$sslver" | sed 's/ libressl-.*//'`
- # Check version is supported.
-- case "$ssl_library_ver" in
-- 10000*|0*)
-- AC_MSG_ERROR([OpenSSL >= 1.0.1 required (have "$ssl_library_ver")])
-- ;;
-- 100*) ;; # 1.0.x
-- 101000[[0123456]]*)
-- # https://github.com/openssl/openssl/pull/4613
-- AC_MSG_ERROR([OpenSSL 1.1.x versions prior to 1.1.0g have a bug that breaks their use with OpenSSH (have "$ssl_library_ver")])
-+ case "$sslver" in
-+ 100*|10100*) # 1.0.x, 1.1.0x
-+ AC_MSG_ERROR([OpenSSL >= 1.1.1 required (have "$ssl_showver")])
- ;;
- 101*) ;; # 1.1.x
-- 200*) ;; # LibreSSL
-+ 200*) # LibreSSL
-+ lver=`echo "$sslver" | sed 's/.*libressl-//'`
-+ case "$lver" in
-+ 2*|300*) # 2.x, 3.0.0
-+ AC_MSG_ERROR([LibreSSL >= 3.1.0 required (have "$ssl_showver")])
-+ ;;
-+ *) ;; # Assume all other versions are good.
-+ esac
-+ ;;
- 300*)
- # OpenSSL 3; we use the 1.1x API
- CPPFLAGS="$CPPFLAGS -DOPENSSL_API_COMPAT=0x10100000L"
-@@ -2847,10 +2845,10 @@ if test "x$openssl" = "xyes" ; then
- CPPFLAGS="$CPPFLAGS -DOPENSSL_API_COMPAT=0x10100000L"
- ;;
- *)
-- AC_MSG_ERROR([Unknown/unsupported OpenSSL version ("$ssl_library_ver")])
-+ AC_MSG_ERROR([Unknown/unsupported OpenSSL version ("$ssl_showver")])
- ;;
- esac
-- AC_MSG_RESULT([$ssl_library_ver])
-+ AC_MSG_RESULT([$ssl_showver])
- ],
- [
- AC_MSG_RESULT([not found])
-@@ -2863,7 +2861,7 @@ if test "x$openssl" = "xyes" ; then
-
- case "$host" in
- x86_64-*)
-- case "$ssl_library_ver" in
-+ case "$sslver" in
- 3000004*)
- AC_MSG_ERROR([OpenSSL 3.0.4 has a potential RCE in its RSA implementation (CVE-2022-2274)])
- ;;
-@@ -2879,9 +2877,6 @@ if test "x$openssl" = "xyes" ; then
- #include <openssl/opensslv.h>
- #include <openssl/crypto.h>
- ]], [[
--#ifndef HAVE_OPENSSL_VERSION_NUM
--# define OpenSSL_version_num SSLeay
--#endif
- exit(OpenSSL_version_num() == OPENSSL_VERSION_NUMBER ? 0 : 1);
- ]])],
- [
-@@ -2955,44 +2950,13 @@ if test "x$openssl" = "xyes" ; then
- )
- )
-
-- # LibreSSL/OpenSSL 1.1x API
-+ # LibreSSL/OpenSSL API differences
- AC_CHECK_FUNCS([ \
-- OPENSSL_init_crypto \
-- DH_get0_key \
-- DH_get0_pqg \
-- DH_set0_key \
-- DH_set_length \
-- DH_set0_pqg \
-- DSA_get0_key \
-- DSA_get0_pqg \
-- DSA_set0_key \
-- DSA_set0_pqg \
-- DSA_SIG_get0 \
-- DSA_SIG_set0 \
-- ECDSA_SIG_get0 \
-- ECDSA_SIG_set0 \
- EVP_CIPHER_CTX_iv \
- EVP_CIPHER_CTX_iv_noconst \
- EVP_CIPHER_CTX_get_iv \
- EVP_CIPHER_CTX_get_updated_iv \
- EVP_CIPHER_CTX_set_iv \
-- RSA_get0_crt_params \
-- RSA_get0_factors \
-- RSA_get0_key \
-- RSA_set0_crt_params \
-- RSA_set0_factors \
-- RSA_set0_key \
-- RSA_meth_free \
-- RSA_meth_dup \
-- RSA_meth_set1_name \
-- RSA_meth_get_finish \
-- RSA_meth_set_priv_enc \
-- RSA_meth_set_priv_dec \
-- RSA_meth_set_finish \
-- EVP_PKEY_get0_RSA \
-- EVP_MD_CTX_new \
-- EVP_MD_CTX_free \
-- EVP_chacha20 \
- ])
-
- if test "x$openssl_engine" = "xyes" ; then
-@@ -3050,8 +3014,8 @@ if test "x$openssl" = "xyes" ; then
- ]
- )
-
-- # Check for SHA256, SHA384 and SHA512 support in OpenSSL
-- AC_CHECK_FUNCS([EVP_sha256 EVP_sha384 EVP_sha512])
-+ # Check for various EVP support in OpenSSL
-+ AC_CHECK_FUNCS([EVP_sha256 EVP_sha384 EVP_sha512 EVP_chacha20])
-
- # Check complete ECC support in OpenSSL
- AC_MSG_CHECKING([whether OpenSSL has NID_X9_62_prime256v1])
-diff --git a/openbsd-compat/libressl-api-compat.c b/openbsd-compat/libressl-api-compat.c
-index 498180dc894..59be17397c5 100644
---- a/openbsd-compat/libressl-api-compat.c
-+++ b/openbsd-compat/libressl-api-compat.c
-@@ -1,129 +1,5 @@
--/* $OpenBSD: dsa_lib.c,v 1.29 2018/04/14 07:09:21 tb Exp $ */
--/* $OpenBSD: rsa_lib.c,v 1.37 2018/04/14 07:09:21 tb Exp $ */
--/* $OpenBSD: evp_lib.c,v 1.17 2018/09/12 06:35:38 djm Exp $ */
--/* $OpenBSD: dh_lib.c,v 1.32 2018/05/02 15:48:38 tb Exp $ */
--/* $OpenBSD: p_lib.c,v 1.24 2018/05/30 15:40:50 tb Exp $ */
--/* $OpenBSD: digest.c,v 1.30 2018/04/14 07:09:21 tb Exp $ */
--/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
-- * All rights reserved.
-- *
-- * This package is an SSL implementation written
-- * by Eric Young (eay@cryptsoft.com).
-- * The implementation was written so as to conform with Netscapes SSL.
-- *
-- * This library is free for commercial and non-commercial use as long as
-- * the following conditions are aheared to. The following conditions
-- * apply to all code found in this distribution, be it the RC4, RSA,
-- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
-- * included with this distribution is covered by the same copyright terms
-- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
-- *
-- * Copyright remains Eric Young's, and as such any Copyright notices in
-- * the code are not to be removed.
-- * If this package is used in a product, Eric Young should be given attribution
-- * as the author of the parts of the library used.
-- * This can be in the form of a textual message at program startup or
-- * in documentation (online or textual) provided with the package.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- * 1. Redistributions of source code must retain the copyright
-- * notice, this list of conditions and the following disclaimer.
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in the
-- * documentation and/or other materials provided with the distribution.
-- * 3. All advertising materials mentioning features or use of this software
-- * must display the following acknowledgement:
-- * "This product includes cryptographic software written by
-- * Eric Young (eay@cryptsoft.com)"
-- * The word 'cryptographic' can be left out if the rouines from the library
-- * being used are not cryptographic related :-).
-- * 4. If you include any Windows specific code (or a derivative thereof) from
-- * the apps directory (application code) you must include an acknowledgement:
-- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
-- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-- * SUCH DAMAGE.
-- *
-- * The licence and distribution terms for any publically available version or
-- * derivative of this code cannot be changed. i.e. this code cannot simply be
-- * copied and put under another distribution licence
-- * [including the GNU Public Licence.]
-- */
--
--/* $OpenBSD: dsa_asn1.c,v 1.22 2018/06/14 17:03:19 jsing Exp $ */
--/* $OpenBSD: ecs_asn1.c,v 1.9 2018/03/17 15:24:44 tb Exp $ */
--/* $OpenBSD: digest.c,v 1.30 2018/04/14 07:09:21 tb Exp $ */
--/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
-- * project 2000.
-- */
--/* ====================================================================
-- * Copyright (c) 2000-2005 The OpenSSL Project. All rights reserved.
-- *
-- * Redistribution and use in source and binary forms, with or without
-- * modification, are permitted provided that the following conditions
-- * are met:
-- *
-- * 1. Redistributions of source code must retain the above copyright
-- * notice, this list of conditions and the following disclaimer.
-- *
-- * 2. Redistributions in binary form must reproduce the above copyright
-- * notice, this list of conditions and the following disclaimer in
-- * the documentation and/or other materials provided with the
-- * distribution.
-- *
-- * 3. All advertising materials mentioning features or use of this
-- * software must display the following acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-- *
-- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-- * endorse or promote products derived from this software without
-- * prior written permission. For written permission, please contact
-- * licensing@OpenSSL.org.
-- *
-- * 5. Products derived from this software may not be called "OpenSSL"
-- * nor may "OpenSSL" appear in their names without prior written
-- * permission of the OpenSSL Project.
-- *
-- * 6. Redistributions of any form whatsoever must retain the following
-- * acknowledgment:
-- * "This product includes software developed by the OpenSSL Project
-- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-- *
-- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
-- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-- * OF THE POSSIBILITY OF SUCH DAMAGE.
-- * ====================================================================
-- *
-- * This product includes cryptographic software written by Eric Young
-- * (eay@cryptsoft.com). This product includes software written by Tim
-- * Hudson (tjh@cryptsoft.com).
-- *
-- */
--
--/* $OpenBSD: rsa_meth.c,v 1.2 2018/09/12 06:35:38 djm Exp $ */
- /*
-- * Copyright (c) 2018 Theo Buehler <tb@openbsd.org>
-+ * Copyright (c) 2018 Damien Miller <djm@mindrot.org>
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
-@@ -147,192 +23,7 @@
- #include <stdlib.h>
- #include <string.h>
-
--#include <openssl/err.h>
--#include <openssl/bn.h>
--#include <openssl/dsa.h>
--#include <openssl/rsa.h>
- #include <openssl/evp.h>
--#ifdef OPENSSL_HAS_ECC
--#include <openssl/ecdsa.h>
--#endif
--#include <openssl/dh.h>
--
--#ifndef HAVE_DSA_GET0_PQG
--void
--DSA_get0_pqg(const DSA *d, const BIGNUM **p, const BIGNUM **q, const BIGNUM **g)
--{
-- if (p != NULL)
-- *p = d->p;
-- if (q != NULL)
-- *q = d->q;
-- if (g != NULL)
-- *g = d->g;
--}
--#endif /* HAVE_DSA_GET0_PQG */
--
--#ifndef HAVE_DSA_SET0_PQG
--int
--DSA_set0_pqg(DSA *d, BIGNUM *p, BIGNUM *q, BIGNUM *g)
--{
-- if ((d->p == NULL && p == NULL) || (d->q == NULL && q == NULL) ||
-- (d->g == NULL && g == NULL))
-- return 0;
--
-- if (p != NULL) {
-- BN_free(d->p);
-- d->p = p;
-- }
-- if (q != NULL) {
-- BN_free(d->q);
-- d->q = q;
-- }
-- if (g != NULL) {
-- BN_free(d->g);
-- d->g = g;
-- }
--
-- return 1;
--}
--#endif /* HAVE_DSA_SET0_PQG */
--
--#ifndef HAVE_DSA_GET0_KEY
--void
--DSA_get0_key(const DSA *d, const BIGNUM **pub_key, const BIGNUM **priv_key)
--{
-- if (pub_key != NULL)
-- *pub_key = d->pub_key;
-- if (priv_key != NULL)
-- *priv_key = d->priv_key;
--}
--#endif /* HAVE_DSA_GET0_KEY */
--
--#ifndef HAVE_DSA_SET0_KEY
--int
--DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key)
--{
-- if (d->pub_key == NULL && pub_key == NULL)
-- return 0;
--
-- if (pub_key != NULL) {
-- BN_free(d->pub_key);
-- d->pub_key = pub_key;
-- }
-- if (priv_key != NULL) {
-- BN_free(d->priv_key);
-- d->priv_key = priv_key;
-- }
--
-- return 1;
--}
--#endif /* HAVE_DSA_SET0_KEY */
--
--#ifndef HAVE_RSA_GET0_KEY
--void
--RSA_get0_key(const RSA *r, const BIGNUM **n, const BIGNUM **e, const BIGNUM **d)
--{
-- if (n != NULL)
-- *n = r->n;
-- if (e != NULL)
-- *e = r->e;
-- if (d != NULL)
-- *d = r->d;
--}
--#endif /* HAVE_RSA_GET0_KEY */
--
--#ifndef HAVE_RSA_SET0_KEY
--int
--RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d)
--{
-- if ((r->n == NULL && n == NULL) || (r->e == NULL && e == NULL))
-- return 0;
--
-- if (n != NULL) {
-- BN_free(r->n);
-- r->n = n;
-- }
-- if (e != NULL) {
-- BN_free(r->e);
-- r->e = e;
-- }
-- if (d != NULL) {
-- BN_free(r->d);
-- r->d = d;
-- }
--
-- return 1;
--}
--#endif /* HAVE_RSA_SET0_KEY */
--
--#ifndef HAVE_RSA_GET0_CRT_PARAMS
--void
--RSA_get0_crt_params(const RSA *r, const BIGNUM **dmp1, const BIGNUM **dmq1,
-- const BIGNUM **iqmp)
--{
-- if (dmp1 != NULL)
-- *dmp1 = r->dmp1;
-- if (dmq1 != NULL)
-- *dmq1 = r->dmq1;
-- if (iqmp != NULL)
-- *iqmp = r->iqmp;
--}
--#endif /* HAVE_RSA_GET0_CRT_PARAMS */
--
--#ifndef HAVE_RSA_SET0_CRT_PARAMS
--int
--RSA_set0_crt_params(RSA *r, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp)
--{
-- if ((r->dmp1 == NULL && dmp1 == NULL) ||
-- (r->dmq1 == NULL && dmq1 == NULL) ||
-- (r->iqmp == NULL && iqmp == NULL))
-- return 0;
--
-- if (dmp1 != NULL) {
-- BN_free(r->dmp1);
-- r->dmp1 = dmp1;
-- }
-- if (dmq1 != NULL) {
-- BN_free(r->dmq1);
-- r->dmq1 = dmq1;
-- }
-- if (iqmp != NULL) {
-- BN_free(r->iqmp);
-- r->iqmp = iqmp;
-- }
--
-- return 1;
--}
--#endif /* HAVE_RSA_SET0_CRT_PARAMS */
--
--#ifndef HAVE_RSA_GET0_FACTORS
--void
--RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q)
--{
-- if (p != NULL)
-- *p = r->p;
-- if (q != NULL)
-- *q = r->q;
--}
--#endif /* HAVE_RSA_GET0_FACTORS */
--
--#ifndef HAVE_RSA_SET0_FACTORS
--int
--RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q)
--{
-- if ((r->p == NULL && p == NULL) || (r->q == NULL && q == NULL))
-- return 0;
--
-- if (p != NULL) {
-- BN_free(r->p);
-- r->p = p;
-- }
-- if (q != NULL) {
-- BN_free(r->q);
-- r->q = q;
-- }
--
-- return 1;
--}
--#endif /* HAVE_RSA_SET0_FACTORS */
-
- #ifndef HAVE_EVP_CIPHER_CTX_GET_IV
- int
-@@ -392,249 +83,4 @@ EVP_CIPHER_CTX_set_iv(EVP_CIPHER_CTX *ctx, const unsigned char *iv, size_t len)
- }
- #endif /* HAVE_EVP_CIPHER_CTX_SET_IV */
-
--#ifndef HAVE_DSA_SIG_GET0
--void
--DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps)
--{
-- if (pr != NULL)
-- *pr = sig->r;
-- if (ps != NULL)
-- *ps = sig->s;
--}
--#endif /* HAVE_DSA_SIG_GET0 */
--
--#ifndef HAVE_DSA_SIG_SET0
--int
--DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s)
--{
-- if (r == NULL || s == NULL)
-- return 0;
--
-- BN_clear_free(sig->r);
-- sig->r = r;
-- BN_clear_free(sig->s);
-- sig->s = s;
--
-- return 1;
--}
--#endif /* HAVE_DSA_SIG_SET0 */
--
--#ifdef OPENSSL_HAS_ECC
--#ifndef HAVE_ECDSA_SIG_GET0
--void
--ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps)
--{
-- if (pr != NULL)
-- *pr = sig->r;
-- if (ps != NULL)
-- *ps = sig->s;
--}
--#endif /* HAVE_ECDSA_SIG_GET0 */
--
--#ifndef HAVE_ECDSA_SIG_SET0
--int
--ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s)
--{
-- if (r == NULL || s == NULL)
-- return 0;
--
-- BN_clear_free(sig->r);
-- BN_clear_free(sig->s);
-- sig->r = r;
-- sig->s = s;
-- return 1;
--}
--#endif /* HAVE_ECDSA_SIG_SET0 */
--#endif /* OPENSSL_HAS_ECC */
--
--#ifndef HAVE_DH_GET0_PQG
--void
--DH_get0_pqg(const DH *dh, const BIGNUM **p, const BIGNUM **q, const BIGNUM **g)
--{
-- if (p != NULL)
-- *p = dh->p;
-- if (q != NULL)
-- *q = dh->q;
-- if (g != NULL)
-- *g = dh->g;
--}
--#endif /* HAVE_DH_GET0_PQG */
--
--#ifndef HAVE_DH_SET0_PQG
--int
--DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g)
--{
-- if ((dh->p == NULL && p == NULL) || (dh->g == NULL && g == NULL))
-- return 0;
--
-- if (p != NULL) {
-- BN_free(dh->p);
-- dh->p = p;
-- }
-- if (q != NULL) {
-- BN_free(dh->q);
-- dh->q = q;
-- }
-- if (g != NULL) {
-- BN_free(dh->g);
-- dh->g = g;
-- }
--
-- return 1;
--}
--#endif /* HAVE_DH_SET0_PQG */
--
--#ifndef HAVE_DH_GET0_KEY
--void
--DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key)
--{
-- if (pub_key != NULL)
-- *pub_key = dh->pub_key;
-- if (priv_key != NULL)
-- *priv_key = dh->priv_key;
--}
--#endif /* HAVE_DH_GET0_KEY */
--
--#ifndef HAVE_DH_SET0_KEY
--int
--DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key)
--{
-- if (pub_key != NULL) {
-- BN_free(dh->pub_key);
-- dh->pub_key = pub_key;
-- }
-- if (priv_key != NULL) {
-- BN_free(dh->priv_key);
-- dh->priv_key = priv_key;
-- }
--
-- return 1;
--}
--#endif /* HAVE_DH_SET0_KEY */
--
--#ifndef HAVE_DH_SET_LENGTH
--int
--DH_set_length(DH *dh, long length)
--{
-- if (length < 0 || length > INT_MAX)
-- return 0;
--
-- dh->length = length;
-- return 1;
--}
--#endif /* HAVE_DH_SET_LENGTH */
--
--#ifndef HAVE_RSA_METH_FREE
--void
--RSA_meth_free(RSA_METHOD *meth)
--{
-- if (meth != NULL) {
-- free((char *)meth->name);
-- free(meth);
-- }
--}
--#endif /* HAVE_RSA_METH_FREE */
--
--#ifndef HAVE_RSA_METH_DUP
--RSA_METHOD *
--RSA_meth_dup(const RSA_METHOD *meth)
--{
-- RSA_METHOD *copy;
--
-- if ((copy = calloc(1, sizeof(*copy))) == NULL)
-- return NULL;
-- memcpy(copy, meth, sizeof(*copy));
-- if ((copy->name = strdup(meth->name)) == NULL) {
-- free(copy);
-- return NULL;
-- }
--
-- return copy;
--}
--#endif /* HAVE_RSA_METH_DUP */
--
--#ifndef HAVE_RSA_METH_SET1_NAME
--int
--RSA_meth_set1_name(RSA_METHOD *meth, const char *name)
--{
-- char *copy;
--
-- if ((copy = strdup(name)) == NULL)
-- return 0;
-- free((char *)meth->name);
-- meth->name = copy;
-- return 1;
--}
--#endif /* HAVE_RSA_METH_SET1_NAME */
--
--#ifndef HAVE_RSA_METH_GET_FINISH
--int
--(*RSA_meth_get_finish(const RSA_METHOD *meth))(RSA *rsa)
--{
-- return meth->finish;
--}
--#endif /* HAVE_RSA_METH_GET_FINISH */
--
--#ifndef HAVE_RSA_METH_SET_PRIV_ENC
--int
--RSA_meth_set_priv_enc(RSA_METHOD *meth, int (*priv_enc)(int flen,
-- const unsigned char *from, unsigned char *to, RSA *rsa, int padding))
--{
-- meth->rsa_priv_enc = priv_enc;
-- return 1;
--}
--#endif /* HAVE_RSA_METH_SET_PRIV_ENC */
--
--#ifndef HAVE_RSA_METH_SET_PRIV_DEC
--int
--RSA_meth_set_priv_dec(RSA_METHOD *meth, int (*priv_dec)(int flen,
-- const unsigned char *from, unsigned char *to, RSA *rsa, int padding))
--{
-- meth->rsa_priv_dec = priv_dec;
-- return 1;
--}
--#endif /* HAVE_RSA_METH_SET_PRIV_DEC */
--
--#ifndef HAVE_RSA_METH_SET_FINISH
--int
--RSA_meth_set_finish(RSA_METHOD *meth, int (*finish)(RSA *rsa))
--{
-- meth->finish = finish;
-- return 1;
--}
--#endif /* HAVE_RSA_METH_SET_FINISH */
--
--#ifndef HAVE_EVP_PKEY_GET0_RSA
--RSA *
--EVP_PKEY_get0_RSA(EVP_PKEY *pkey)
--{
-- if (pkey->type != EVP_PKEY_RSA) {
-- /* EVPerror(EVP_R_EXPECTING_AN_RSA_KEY); */
-- return NULL;
-- }
-- return pkey->pkey.rsa;
--}
--#endif /* HAVE_EVP_PKEY_GET0_RSA */
--
--#ifndef HAVE_EVP_MD_CTX_NEW
--EVP_MD_CTX *
--EVP_MD_CTX_new(void)
--{
-- return calloc(1, sizeof(EVP_MD_CTX));
--}
--#endif /* HAVE_EVP_MD_CTX_NEW */
--
--#ifndef HAVE_EVP_MD_CTX_FREE
--void
--EVP_MD_CTX_free(EVP_MD_CTX *ctx)
--{
-- if (ctx == NULL)
-- return;
--
-- EVP_MD_CTX_cleanup(ctx);
--
-- free(ctx);
--}
--#endif /* HAVE_EVP_MD_CTX_FREE */
--
- #endif /* WITH_OPENSSL */
-diff --git a/openbsd-compat/openssl-compat.h b/openbsd-compat/openssl-compat.h
-index 61a69dd56eb..d0dd2c3450d 100644
---- a/openbsd-compat/openssl-compat.h
-+++ b/openbsd-compat/openssl-compat.h
-@@ -33,26 +33,13 @@
- int ssh_compatible_openssl(long, long);
- void ssh_libcrypto_init(void);
-
--#if (OPENSSL_VERSION_NUMBER < 0x1000100fL)
--# error OpenSSL 1.0.1 or greater is required
-+#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
-+# error OpenSSL 1.1.0 or greater is required
- #endif
--
--#ifndef OPENSSL_VERSION
--# define OPENSSL_VERSION SSLEAY_VERSION
--#endif
--
--#ifndef HAVE_OPENSSL_VERSION
--# define OpenSSL_version(x) SSLeay_version(x)
--#endif
--
--#ifndef HAVE_OPENSSL_VERSION_NUM
--# define OpenSSL_version_num SSLeay
--#endif
--
--#if OPENSSL_VERSION_NUMBER < 0x10000001L
--# define LIBCRYPTO_EVP_INL_TYPE unsigned int
--#else
--# define LIBCRYPTO_EVP_INL_TYPE size_t
-+#ifdef LIBRESSL_VERSION_NUMBER
-+# if LIBRESSL_VERSION_NUMBER < 0x3010000fL
-+# error LibreSSL 3.1.0 or greater is required
-+# endif
- #endif
-
- #ifndef OPENSSL_RSA_MAX_MODULUS_BITS
-@@ -68,25 +55,6 @@ void ssh_libcrypto_init(void);
- # endif
- #endif
-
--/* LibreSSL/OpenSSL 1.1x API compat */
--#ifndef HAVE_DSA_GET0_PQG
--void DSA_get0_pqg(const DSA *d, const BIGNUM **p, const BIGNUM **q,
-- const BIGNUM **g);
--#endif /* HAVE_DSA_GET0_PQG */
--
--#ifndef HAVE_DSA_SET0_PQG
--int DSA_set0_pqg(DSA *d, BIGNUM *p, BIGNUM *q, BIGNUM *g);
--#endif /* HAVE_DSA_SET0_PQG */
--
--#ifndef HAVE_DSA_GET0_KEY
--void DSA_get0_key(const DSA *d, const BIGNUM **pub_key,
-- const BIGNUM **priv_key);
--#endif /* HAVE_DSA_GET0_KEY */
--
--#ifndef HAVE_DSA_SET0_KEY
--int DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key);
--#endif /* HAVE_DSA_SET0_KEY */
--
- #ifndef HAVE_EVP_CIPHER_CTX_GET_IV
- # ifdef HAVE_EVP_CIPHER_CTX_GET_UPDATED_IV
- # define EVP_CIPHER_CTX_get_iv EVP_CIPHER_CTX_get_updated_iv
-@@ -101,112 +69,5 @@ int EVP_CIPHER_CTX_set_iv(EVP_CIPHER_CTX *ctx,
- const unsigned char *iv, size_t len);
- #endif /* HAVE_EVP_CIPHER_CTX_SET_IV */
-
--#ifndef HAVE_RSA_GET0_KEY
--void RSA_get0_key(const RSA *r, const BIGNUM **n, const BIGNUM **e,
-- const BIGNUM **d);
--#endif /* HAVE_RSA_GET0_KEY */
--
--#ifndef HAVE_RSA_SET0_KEY
--int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d);
--#endif /* HAVE_RSA_SET0_KEY */
--
--#ifndef HAVE_RSA_GET0_CRT_PARAMS
--void RSA_get0_crt_params(const RSA *r, const BIGNUM **dmp1, const BIGNUM **dmq1,
-- const BIGNUM **iqmp);
--#endif /* HAVE_RSA_GET0_CRT_PARAMS */
--
--#ifndef HAVE_RSA_SET0_CRT_PARAMS
--int RSA_set0_crt_params(RSA *r, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp);
--#endif /* HAVE_RSA_SET0_CRT_PARAMS */
--
--#ifndef HAVE_RSA_GET0_FACTORS
--void RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q);
--#endif /* HAVE_RSA_GET0_FACTORS */
--
--#ifndef HAVE_RSA_SET0_FACTORS
--int RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q);
--#endif /* HAVE_RSA_SET0_FACTORS */
--
--#ifndef DSA_SIG_GET0
--void DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps);
--#endif /* DSA_SIG_GET0 */
--
--#ifndef DSA_SIG_SET0
--int DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s);
--#endif /* DSA_SIG_SET0 */
--
--#ifdef OPENSSL_HAS_ECC
--#ifndef HAVE_ECDSA_SIG_GET0
--void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps);
--#endif /* HAVE_ECDSA_SIG_GET0 */
--
--#ifndef HAVE_ECDSA_SIG_SET0
--int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s);
--#endif /* HAVE_ECDSA_SIG_SET0 */
--#endif /* OPENSSL_HAS_ECC */
--
--#ifndef HAVE_DH_GET0_PQG
--void DH_get0_pqg(const DH *dh, const BIGNUM **p, const BIGNUM **q,
-- const BIGNUM **g);
--#endif /* HAVE_DH_GET0_PQG */
--
--#ifndef HAVE_DH_SET0_PQG
--int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g);
--#endif /* HAVE_DH_SET0_PQG */
--
--#ifndef HAVE_DH_GET0_KEY
--void DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key);
--#endif /* HAVE_DH_GET0_KEY */
--
--#ifndef HAVE_DH_SET0_KEY
--int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key);
--#endif /* HAVE_DH_SET0_KEY */
--
--#ifndef HAVE_DH_SET_LENGTH
--int DH_set_length(DH *dh, long length);
--#endif /* HAVE_DH_SET_LENGTH */
--
--#ifndef HAVE_RSA_METH_FREE
--void RSA_meth_free(RSA_METHOD *meth);
--#endif /* HAVE_RSA_METH_FREE */
--
--#ifndef HAVE_RSA_METH_DUP
--RSA_METHOD *RSA_meth_dup(const RSA_METHOD *meth);
--#endif /* HAVE_RSA_METH_DUP */
--
--#ifndef HAVE_RSA_METH_SET1_NAME
--int RSA_meth_set1_name(RSA_METHOD *meth, const char *name);
--#endif /* HAVE_RSA_METH_SET1_NAME */
--
--#ifndef HAVE_RSA_METH_GET_FINISH
--int (*RSA_meth_get_finish(const RSA_METHOD *meth))(RSA *rsa);
--#endif /* HAVE_RSA_METH_GET_FINISH */
--
--#ifndef HAVE_RSA_METH_SET_PRIV_ENC
--int RSA_meth_set_priv_enc(RSA_METHOD *meth, int (*priv_enc)(int flen,
-- const unsigned char *from, unsigned char *to, RSA *rsa, int padding));
--#endif /* HAVE_RSA_METH_SET_PRIV_ENC */
--
--#ifndef HAVE_RSA_METH_SET_PRIV_DEC
--int RSA_meth_set_priv_dec(RSA_METHOD *meth, int (*priv_dec)(int flen,
-- const unsigned char *from, unsigned char *to, RSA *rsa, int padding));
--#endif /* HAVE_RSA_METH_SET_PRIV_DEC */
--
--#ifndef HAVE_RSA_METH_SET_FINISH
--int RSA_meth_set_finish(RSA_METHOD *meth, int (*finish)(RSA *rsa));
--#endif /* HAVE_RSA_METH_SET_FINISH */
--
--#ifndef HAVE_EVP_PKEY_GET0_RSA
--RSA *EVP_PKEY_get0_RSA(EVP_PKEY *pkey);
--#endif /* HAVE_EVP_PKEY_GET0_RSA */
--
--#ifndef HAVE_EVP_MD_CTX_new
--EVP_MD_CTX *EVP_MD_CTX_new(void);
--#endif /* HAVE_EVP_MD_CTX_new */
--
--#ifndef HAVE_EVP_MD_CTX_free
--void EVP_MD_CTX_free(EVP_MD_CTX *ctx);
--#endif /* HAVE_EVP_MD_CTX_free */
--
- #endif /* WITH_OPENSSL */
- #endif /* _OPENSSL_COMPAT_H */
similarity index 98%
rename from meta/recipes-connectivity/openssh/openssh_9.3p2.bb
rename to meta/recipes-connectivity/openssh/openssh_9.4p1.bb
@@ -24,9 +24,8 @@ SRC_URI = "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar
file://fix-potential-signed-overflow-in-pointer-arithmatic.patch \
file://sshd_check_keys \
file://add-test-support-for-busybox.patch \
- file://7280401bdd77ca54be6867a154cc01e0d72612e0.patch \
"
-SRC_URI[sha256sum] = "200ebe147f6cb3f101fd0cdf9e02442af7ddca298dffd9f456878e7ccac676e8"
+SRC_URI[sha256sum] = "3608fd9088db2163ceb3e600c85ab79d0de3d221e59192ea1923e23263866a85"
CVE_STATUS[CVE-2007-2768] = "not-applicable-config: This CVE is specific to OpenSSH with the pam opie which we don't build/use here."
Changes: Update sha256sum Remove backported patch Signed-off-by: Sudip Mukherjee <sudipm.mukherjee@gmail.com> --- ...401bdd77ca54be6867a154cc01e0d72612e0.patch | 994 ------------------ .../{openssh_9.3p2.bb => openssh_9.4p1.bb} | 3 +- 2 files changed, 1 insertion(+), 996 deletions(-) delete mode 100644 meta/recipes-connectivity/openssh/openssh/7280401bdd77ca54be6867a154cc01e0d72612e0.patch rename meta/recipes-connectivity/openssh/{openssh_9.3p2.bb => openssh_9.4p1.bb} (98%)