- (dtucker) [cipher.c openbsd-compat/Makefile.in

   openbsd-compat/openbsd-compat.{c,h} openbsd-compat/openssl-compat.h]
   Move compatibility code for supporting older OpenSSL versions to the
   compat layer.  Suggested by and "no objection" djm@

4 files changed, 115 insertions, 3 deletions

diff --git a/openbsd-compat/Makefile.in b/openbsd-compat/Makefile.in
index 30d2410b..c6e08867 100644
--- a/openbsd-compat/Makefile.in
+++ b/openbsd-compat/Makefile.in
@@ -1,4 +1,4 @@
-# $Id: Makefile.in,v 1.33 2005/06/01 11:39:34 dtucker Exp $
+# $Id: Makefile.in,v 1.34 2005/06/09 11:45:11 dtucker Exp $
 
 sysconfdir=@sysconfdir@
 piddir=@piddir@
@@ -18,7 +18,7 @@ LDFLAGS=-L. @LDFLAGS@
 
 OPENBSD=base64.o basename.o bindresvport.o daemon.o dirname.o getcwd.o getgrouplist.o getopt.o getrrsetbyname.o glob.o inet_aton.o inet_ntoa.o inet_ntop.o mktemp.o readpassphrase.o realpath.o rresvport.o setenv.o setproctitle.o sigact.o strlcat.o strlcpy.o strmode.o strsep.o strtonum.o strtoll.o strtoul.o vis.o
 
-COMPAT=bsd-arc4random.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-snprintf.o bsd-waitpid.o fake-rfc2553.o xmmap.o xcrypt.o
+COMPAT=bsd-arc4random.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-snprintf.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xmmap.o xcrypt.o
 
 PORTS=port-irix.o port-aix.o
 
diff --git a/openbsd-compat/openbsd-compat.h b/openbsd-compat/openbsd-compat.h
index a4cfa6c4..f468d5aa 100644
--- a/openbsd-compat/openbsd-compat.h
+++ b/openbsd-compat/openbsd-compat.h
@@ -1,4 +1,4 @@
-/* $Id: openbsd-compat.h,v 1.27 2005/05/26 10:48:25 djm Exp $ */
+/* $Id: openbsd-compat.h,v 1.28 2005/06/09 11:45:11 dtucker Exp $ */
 
 /*
  * Copyright (c) 1999-2003 Damien Miller.  All rights reserved.
@@ -168,6 +168,9 @@ char *shadow_pw(struct passwd *pw);
 /* rfc2553 socket API replacements */
 #include "fake-rfc2553.h"
 
+/* compatibility with old or broken OpenSSL versions */
+#include "openssl-compat.h"
+
 /* Routines for a single OS platform */
 #include "bsd-cray.h"
 #include "bsd-cygwin_util.h"
diff --git a/openbsd-compat/openssl-compat.c b/openbsd-compat/openssl-compat.c
new file mode 100644
index 00000000..10b4d1d7
--- /dev/null
+++ b/openbsd-compat/openssl-compat.c
@@ -0,0 +1,44 @@
+/* $Id: openssl-compat.c,v 1.1 2005/06/09 11:45:11 dtucker Exp $ */
+
+/*
+ * Copyright (c) 2005 Darren Tucker <dtucker@zip.com.au>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF MIND, USE, DATA OR PROFITS, WHETHER
+ * IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
+ * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#define SSH_DONT_REDEF_EVP
+#include "includes.h"
+
+#ifdef SSH_OLD_EVP
+int
+ssh_EVP_CipherInit(EVP_CIPHER_CTX *evp, const EVP_CIPHER *type,
+    unsigned char *key, unsigned char *iv, int enc)
+{
+	EVP_CipherInit(evp, type, key, iv, enc);
+	return 1;
+}
+
+int
+ssh_EVP_Cipher(EVP_CIPHER_CTX *evp, char *dst, char *src, int len)
+{
+	EVP_Cipher(evp, dst, src, len);
+	return 1;
+}
+
+int
+ssh_EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *evp)
+{
+	EVP_CIPHER_CTX_cleanup(evp);
+	return 1;
+}
+#endif
diff --git a/openbsd-compat/openssl-compat.h b/openbsd-compat/openssl-compat.h
new file mode 100644
index 00000000..d9b2fa55
--- /dev/null
+++ b/openbsd-compat/openssl-compat.h
@@ -0,0 +1,65 @@
+/* $Id: openssl-compat.h,v 1.1 2005/06/09 11:45:11 dtucker Exp $ */
+
+/*
+ * Copyright (c) 2005 Darren Tucker <dtucker@zip.com.au>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF MIND, USE, DATA OR PROFITS, WHETHER
+ * IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
+ * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include "includes.h"
+#include <openssl/evp.h>
+
+#if OPENSSL_VERSION_NUMBER < 0x00906000L
+# define SSH_OLD_EVP
+# define EVP_CIPHER_CTX_get_app_data(e)		((e)->app_data)
+#endif
+
+#if OPENSSL_VERSION_NUMBER < 0x00907000L
+# define EVP_aes_128_cbc evp_rijndael
+# define EVP_aes_192_cbc evp_rijndael
+# define EVP_aes_256_cbc evp_rijndael
+extern const EVP_CIPHER *evp_rijndael(void);
+extern void ssh_rijndael_iv(EVP_CIPHER_CTX *, int, u_char *, u_int);
+#endif
+
+#if !defined(EVP_CTRL_SET_ACSS_MODE)
+# if (OPENSSL_VERSION_NUMBER >= 0x00907000L)
+#  define USE_CIPHER_ACSS 1
+extern const EVP_CIPHER *evp_acss(void);
+#  define EVP_acss evp_acss
+# else
+#  define EVP_acss NULL
+# endif
+#endif
+
+/*
+ * insert comment here
+ */
+#ifdef SSH_OLD_EVP
+
+# ifndef SSH_DONT_REDEF_EVP
+
+#  ifdef EVP_Cipher
+#   undef EVP_Cipher
+#  endif
+
+#  define EVP_CipherInit(a,b,c,d,e)	ssh_EVP_CipherInit((a),(b),(c),(d),(e))
+#  define EVP_Cipher(a,b,c,d)		ssh_EVP_Cipher((a),(b),(c),(d))
+#  define EVP_CIPHER_CTX_cleanup(a)	ssh_EVP_CIPHER_CTX_cleanup((a))
+# endif
+
+int ssh_EVP_CipherInit(EVP_CIPHER_CTX *, const EVP_CIPHER *, unsigned char *,
+    unsigned char *, int);
+int ssh_EVP_Cipher(EVP_CIPHER_CTX *, char *, char *, int);
+int ssh_EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *);
+#endif