That is not how it works. If the issue exists in both master and kirkstone (which it does), it must be resolved in master first. Also 'resolves BSD-5 clause license issue' does not explain what the issue is, and you need to provide a better explanation.
Alex On Wed, 31 May 2023 at 07:49, Riyaz Ahmed Khan <[email protected]> wrote: > > Hi Alex, > > As openssh is pointing to LTS branch in kirkstone and openssh is still at 8.9 > the usage of BSD-4 can be limited. Hence, we need this patch to be > integrated in kirkstone to resolve BSD-5 clause license issue for that the > reason this patch has been created to backport and remove the BSD-4 clause > license. In the master branch it is closer to the latest version and can wait > for the official openssh release, but I hope there will not be a release to > kirkstone from master for this reason we created this patch. > > Hi Steve, > > Please take this patch for kirkstone as it will resolve BSD-5 clause license > issue. > > Regards, > Riyaz > > ________________________________ > From: Alexander Kanavin <[email protected]> > Sent: Tuesday, May 30, 2023 13:38 > To: Riyaz Ahmed Khan <[email protected]> > Cc: [email protected] > <[email protected]>; Ranjitsinh Rathod > <[email protected]>; Riyaz Ahmed Khan <[email protected]> > Subject: Re: [OE-core][kirkstone][PATCH v3] openssh: Remove BSD-4-clause > contents completely from codebase > > Caution: This email originated from outside of the KPIT. Do not click links > or open attachments unless you recognize the sender and know the content is > safe. > > What is the rationale for adding this patch to oe-core? Why can't this > wait until openssh releases a version with this change? > > Alex > > On Tue, 30 May 2023 at 09:08, Riyaz Ahmed Khan <[email protected]> wrote: > > > > As upstream removed this BSD-4-clause license, there are still some files > > has this license. Below file affected by this BSD-4-clause contents when > > below command is executed > > grep -rl "All advertising materials mentioning features or use of this > > software" > > *|grep -v \.1|grep -v \.5|grep -v \.8 | sort > > openbsd-compat/libressl-api-compat.c > > > > All advertising materials mentioning features or use of this software > > > > Openssh upstream removes the bsd-4 license compeletely from this commit > > https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fopenssh%2Fopenssh-portable%2Fcommit%2F7280401bdd77ca54be6867a154cc01e0d72612e0&data=05%7C01%7Criyaz.khan%40kpit.com%7Cab59aa415a79465897a808db60e51625%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C638210309307324311%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=cf0JSknfbKP1C4D2aEEzgJiKCoJV5ksh%2BwYeNbvQb1g%3D&reserved=0 > > Hence, Remove and backport this commit completely to remove license of > > BSD-4-clause > > contents from codebase. Hunks are refreshed, removed couple of hunks from > > configure.ac and openbsd-compat/libressl-api-compat.c as hunk code > > is not prasent. > > > > Signed-off-by: Riyaz Khan <[email protected]> > > --- > > ...401bdd77ca54be6867a154cc01e0d72612e0.patch | 984 ++++++++++++++++++ > > .../openssh/openssh_8.9p1.bb | 1 + > > 2 files changed, 985 insertions(+) > > create mode 100644 > > meta/recipes-connectivity/openssh/openssh/7280401bdd77ca54be6867a154cc01e0d72612e0.patch > > > > diff --git > > a/meta/recipes-connectivity/openssh/openssh/7280401bdd77ca54be6867a154cc01e0d72612e0.patch > > > > b/meta/recipes-connectivity/openssh/openssh/7280401bdd77ca54be6867a154cc01e0d72612e0.patch > > new file mode 100644 > > index 0000000000..ebdff1ffe4 > > --- /dev/null > > +++ > > b/meta/recipes-connectivity/openssh/openssh/7280401bdd77ca54be6867a154cc01e0d72612e0.patch > > @@ -0,0 +1,984 @@ > > +From 7280401bdd77ca54be6867a154cc01e0d72612e0 Mon Sep 17 00:00:00 2001 > > +From: Damien Miller <[email protected]> > > +Date: Fri, 24 Mar 2023 13:56:25 +1100 > > +Subject: [PATCH] remove support for old libcrypto > > + > > +OpenSSH now requires LibreSSL 3.1.0 or greater or > > +OpenSSL 1.1.1 or greater > > + > > +with/ok dtucker@ > > + > > +Upstream-Status: Backport > > [https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fopenssh%2Fopenssh-portable%2Fcommit%2F7280401bdd77ca54be6867a154cc01e0d72612e0&data=05%7C01%7Criyaz.khan%40kpit.com%7Cab59aa415a79465897a808db60e51625%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C638210309307324311%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=cf0JSknfbKP1C4D2aEEzgJiKCoJV5ksh%2BwYeNbvQb1g%3D&reserved=0] > > +Comment: Hunk are refreshed, removed couple of hunks from configure.ac as > > hunk code is not prasent > > +and backported to the existing code. > > +Signed-off-by: Riyaz Khan <[email protected]> > > + > > +--- > > + .github/workflows/c-cpp.yml | 7 - > > + INSTALL | 8 +- > > + cipher-aes.c | 2 +- > > + configure.ac | 96 ++--- > > + openbsd-compat/libressl-api-compat.c | 556 +-------------------------- > > + openbsd-compat/openssl-compat.h | 151 +------- > > + 6 files changed, 40 insertions(+), 780 deletions(-) > > + > > +diff --git a/.github/workflows/c-cpp.yml b/.github/workflows/c-cpp.yml > > +index 3d9aa22dba5..d299a32468d 100644 > > +--- a/.github/workflows/c-cpp.yml > > ++++ b/.github/workflows/c-cpp.yml > > +@@ -40,18 +40,11 @@ > > + - { os: ubuntu-20.04, configs: tcmalloc } > > + - { os: ubuntu-20.04, configs: musl } > > + - { os: ubuntu-latest, configs: libressl-master } > > +- - { os: ubuntu-latest, configs: libressl-2.2.9 } > > +- - { os: ubuntu-latest, configs: libressl-2.8.3 } > > +- - { os: ubuntu-latest, configs: libressl-3.0.2 } > > + - { os: ubuntu-latest, configs: libressl-3.2.6 } > > + - { os: ubuntu-latest, configs: libressl-3.3.4 } > > + - { os: ubuntu-latest, configs: libressl-3.4.1 } > > + - { os: ubuntu-latest, configs: openssl-master } > > + - { os: ubuntu-latest, configs: openssl-noec } > > +- - { os: ubuntu-latest, configs: openssl-1.0.1 } > > +- - { os: ubuntu-latest, configs: openssl-1.0.1u } > > +- - { os: ubuntu-latest, configs: openssl-1.0.2u } > > +- - { os: ubuntu-latest, configs: openssl-1.1.0h } > > + - { os: ubuntu-latest, configs: openssl-1.1.1 } > > + - { os: ubuntu-latest, configs: openssl-1.1.1k } > > + - { os: ubuntu-latest, configs: openssl-3.0.0 } > > +diff --git a/INSTALL b/INSTALL > > +index 68b15e13190..f99d1e2a809 100644 > > +--- a/INSTALL > > ++++ b/INSTALL > > +@@ -21,12 +21,8 @@ > > https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fzlib.net%2F&data=05%7C01%7Criyaz.khan%40kpit.com%7Cab59aa415a79465897a808db60e51625%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C638210309307324311%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=O0v4Bt2uc28sUCDdBaMIKqWucYWRqPpV4OuSmUoZi04%3D&reserved=0 > > + > > + libcrypto from either of LibreSSL or OpenSSL. Building without libcrypto > > + is supported but severely restricts the available ciphers and algorithms. > > +- - LibreSSL > > (https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.libressl.org%2F&data=05%7C01%7Criyaz.khan%40kpit.com%7Cab59aa415a79465897a808db60e51625%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C638210309307324311%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=Fjy0K88AXoz5zUi4R%2F4SvzGbgsh8DT9gzesU5JmuDbg%3D&reserved=0) > > +- - OpenSSL > > (https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.openssl.org%2F&data=05%7C01%7Criyaz.khan%40kpit.com%7Cab59aa415a79465897a808db60e51625%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C638210309307324311%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=h%2BNnD1N9wr8%2F374hRS4bt8vdmihe0ZNlfBri%2FLtp3Ck%3D&reserved=0) > > with any of the following versions: > > +- - 1.0.x >= 1.0.1 or 1.1.0 >= 1.1.0g or any 1.1.1 > > +- > > +-Note that due to a bug in EVP_CipherInit OpenSSL 1.1 versions prior to > > +-1.1.0g can't be used. > > ++ - LibreSSL > > (https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.libressl.org%2F&data=05%7C01%7Criyaz.khan%40kpit.com%7Cab59aa415a79465897a808db60e51625%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C638210309307324311%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=Fjy0K88AXoz5zUi4R%2F4SvzGbgsh8DT9gzesU5JmuDbg%3D&reserved=0) > > 3.1.0 or greater > > ++ - OpenSSL > > (https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.openssl.org%2F&data=05%7C01%7Criyaz.khan%40kpit.com%7Cab59aa415a79465897a808db60e51625%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C638210309307324311%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=h%2BNnD1N9wr8%2F374hRS4bt8vdmihe0ZNlfBri%2FLtp3Ck%3D&reserved=0) > > 1.1.1 or greater > > + > > + LibreSSL/OpenSSL should be compiled as a position-independent library > > + (i.e. -fPIC, eg by configuring OpenSSL as "./config [options] -fPIC" > > +diff --git a/cipher-aes.c b/cipher-aes.c > > +index 8b101727284..87c763353d8 100644 > > +--- a/cipher-aes.c > > ++++ b/cipher-aes.c > > +@@ -69,7 +69,7 @@ ssh_rijndael_init(EVP_CIPHER_CTX *ctx, const u_char > > *key, const u_char *iv, > > + > > + static int > > + ssh_rijndael_cbc(EVP_CIPHER_CTX *ctx, u_char *dest, const u_char *src, > > +- LIBCRYPTO_EVP_INL_TYPE len) > > ++ size_t len) > > + { > > + struct ssh_rijndael_ctx *c; > > + u_char buf[RIJNDAEL_BLOCKSIZE]; > > +diff --git a/configure.ac b/configure.ac > > +index 22fee70f604..1c0ccdf19c5 100644 > > +--- a/configure.ac > > ++++ b/configure.ac > > +@@ -2744,42 +2744,40 @@ > > + #include <openssl/crypto.h> > > + #define DATA "conftest.ssllibver" > > + ]], [[ > > +- FILE *fd; > > +- int rc; > > ++ FILE *f; > > + > > +- fd = fopen(DATA,"w"); > > +- if(fd == NULL) > > ++ if ((f = fopen(DATA, "w")) == NULL) > > + exit(1); > > +-#ifndef OPENSSL_VERSION > > +-# define OPENSSL_VERSION SSLEAY_VERSION > > +-#endif > > +-#ifndef HAVE_OPENSSL_VERSION > > +-# define OpenSSL_version SSLeay_version > > +-#endif > > +-#ifndef HAVE_OPENSSL_VERSION_NUM > > +-# define OpenSSL_version_num SSLeay > > +-#endif > > +- if ((rc = fprintf(fd, "%08lx (%s)\n", > > ++ if (fprintf(f, "%08lx (%s)", > > + (unsigned long)OpenSSL_version_num(), > > +- OpenSSL_version(OPENSSL_VERSION))) < 0) > > ++ OpenSSL_version(OPENSSL_VERSION)) < 0) > > ++ exit(1); > > ++#ifdef LIBRESSL_VERSION_NUMBER > > ++ if (fprintf(f, " libressl-%08lx", LIBRESSL_VERSION_NUMBER) > > < 0) > > ++ exit(1); > > ++#endif > > ++ if (fputc('\n', f) == EOF || fclose(f) == EOF) > > + exit(1); > > +- > > + exit(0); > > + ]])], > > + [ > > +- ssl_library_ver=`cat conftest.ssllibver` > > ++ sslver=`cat conftest.ssllibver` > > ++ ssl_showver=`echo "$sslver" | sed 's/ > > libressl-.*//'` > > + # Check version is supported. > > +- case "$ssl_library_ver" in > > +- 10000*|0*) > > +- AC_MSG_ERROR([OpenSSL >= 1.0.1 required > > (have "$ssl_library_ver")]) > > +- ;; > > +- 100*) ;; # 1.0.x > > +- 101000[[0123456]]*) > > +- # > > https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fopenssl%2Fopenssl%2Fpull%2F4613&data=05%7C01%7Criyaz.khan%40kpit.com%7Cab59aa415a79465897a808db60e51625%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C638210309307324311%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=g1%2BLRUm08tCZlPzNf73Xzl3MYEXeY4%2BKGGJOeMYjdY8%3D&reserved=0 > > +- AC_MSG_ERROR([OpenSSL 1.1.x versions prior > > to 1.1.0g have a bug that breaks their use with OpenSSH (have > > "$ssl_library_ver")]) > > ++ case "$sslver" in > > ++ 100*|10100*) # 1.0.x, 1.1.0x > > ++ AC_MSG_ERROR([OpenSSL >= 1.1.1 required > > (have "$ssl_showver")]) > > + ;; > > + 101*) ;; # 1.1.x > > +- 200*) ;; # LibreSSL > > ++ 200*) # LibreSSL > > ++ lver=`echo "$sslver" | sed > > 's/.*libressl-//'` > > ++ case "$lver" in > > ++ 2*|300*) # 2.x, 3.0.0 > > ++ AC_MSG_ERROR([LibreSSL >= 3.1.0 > > required (have "$ssl_showver")]) > > ++ ;; > > ++ *) ;; # Assume all other versions are > > good. > > ++ esac > > ++ ;; > > + 300*) ;; # OpenSSL 3 > > + 301*) ;; # OpenSSL development branch. > > + *) > > +@@ -2781,10 +2781,10 @@ > > + 300*) ;; # OpenSSL 3 > > + 301*) ;; # OpenSSL development branch. > > + *) > > +- AC_MSG_ERROR([Unknown/unsupported OpenSSL > > version ("$ssl_library_ver")]) > > ++ AC_MSG_ERROR([Unknown/unsupported OpenSSL > > version ("$ssl_showver")]) > > + ;; > > + esac > > +- AC_MSG_RESULT([$ssl_library_ver]) > > ++ AC_MSG_RESULT([$ssl_showver]) > > + ], > > + [ > > + AC_MSG_RESULT([not found]) > > +@@ -2804,9 +2804,6 @@ > > + #include <openssl/opensslv.h> > > + #include <openssl/crypto.h> > > + ]], [[ > > +-#ifndef HAVE_OPENSSL_VERSION_NUM > > +-# define OpenSSL_version_num SSLeay > > +-#endif > > + exit(OpenSSL_version_num() == OPENSSL_VERSION_NUMBER ? 0 : > > 1); > > + ]])], > > + [ > > +@@ -2881,44 +2878,13 @@ > > + ) > > + ) > > + > > +- # LibreSSL/OpenSSL 1.1x API > > ++ # LibreSSL/OpenSSL API differences > > + AC_CHECK_FUNCS([ \ > > +- OPENSSL_init_crypto \ > > +- DH_get0_key \ > > +- DH_get0_pqg \ > > +- DH_set0_key \ > > +- DH_set_length \ > > +- DH_set0_pqg \ > > +- DSA_get0_key \ > > +- DSA_get0_pqg \ > > +- DSA_set0_key \ > > +- DSA_set0_pqg \ > > +- DSA_SIG_get0 \ > > +- DSA_SIG_set0 \ > > +- ECDSA_SIG_get0 \ > > +- ECDSA_SIG_set0 \ > > + EVP_CIPHER_CTX_iv \ > > + EVP_CIPHER_CTX_iv_noconst \ > > + EVP_CIPHER_CTX_get_iv \ > > + EVP_CIPHER_CTX_get_updated_iv \ > > + EVP_CIPHER_CTX_set_iv \ > > +- RSA_get0_crt_params \ > > +- RSA_get0_factors \ > > +- RSA_get0_key \ > > +- RSA_set0_crt_params \ > > +- RSA_set0_factors \ > > +- RSA_set0_key \ > > +- RSA_meth_free \ > > +- RSA_meth_dup \ > > +- RSA_meth_set1_name \ > > +- RSA_meth_get_finish \ > > +- RSA_meth_set_priv_enc \ > > +- RSA_meth_set_priv_dec \ > > +- RSA_meth_set_finish \ > > +- EVP_PKEY_get0_RSA \ > > +- EVP_MD_CTX_new \ > > +- EVP_MD_CTX_free \ > > +- EVP_chacha20 \ > > + ]) > > + > > + if test "x$openssl_engine" = "xyes" ; then > > +@@ -3040,8 +3006,8 @@ > > + fi > > + AC_CHECK_FUNCS([crypt DES_crypt]) > > + > > +- # Check for SHA256, SHA384 and SHA512 support in OpenSSL > > +- AC_CHECK_FUNCS([EVP_sha256 EVP_sha384 EVP_sha512]) > > ++ # Check for various EVP support in OpenSSL > > ++ AC_CHECK_FUNCS([EVP_sha256 EVP_sha384 EVP_sha512 EVP_chacha20]) > > + > > + # Check complete ECC support in OpenSSL > > + AC_MSG_CHECKING([whether OpenSSL has NID_X9_62_prime256v1]) > > +diff --git a/openbsd-compat/libressl-api-compat.c > > b/openbsd-compat/libressl-api-compat.c > > +index 498180dc894..59be17397c5 100644 > > +--- a/openbsd-compat/libressl-api-compat.c > > ++++ b/openbsd-compat/libressl-api-compat.c > > +@@ -1,129 +1,5 @@ > > +-/* $OpenBSD: dsa_lib.c,v 1.29 2018/04/14 07:09:21 tb Exp $ */ > > +-/* $OpenBSD: rsa_lib.c,v 1.37 2018/04/14 07:09:21 tb Exp $ */ > > +-/* $OpenBSD: evp_lib.c,v 1.17 2018/09/12 06:35:38 djm Exp $ */ > > +-/* $OpenBSD: dh_lib.c,v 1.32 2018/05/02 15:48:38 tb Exp $ */ > > +-/* $OpenBSD: p_lib.c,v 1.24 2018/05/30 15:40:50 tb Exp $ */ > > +-/* $OpenBSD: digest.c,v 1.30 2018/04/14 07:09:21 tb Exp $ */ > > +-/* Copyright (C) 1995-1998 Eric Young ([email protected]) > > +- * All rights reserved. > > +- * > > +- * This package is an SSL implementation written > > +- * by Eric Young ([email protected]). > > +- * The implementation was written so as to conform with Netscapes SSL. > > +- * > > +- * This library is free for commercial and non-commercial use as long as > > +- * the following conditions are aheared to. The following conditions > > +- * apply to all code found in this distribution, be it the RC4, RSA, > > +- * lhash, DES, etc., code; not just the SSL code. The SSL documentation > > +- * included with this distribution is covered by the same copyright terms > > +- * except that the holder is Tim Hudson ([email protected]). > > +- * > > +- * Copyright remains Eric Young's, and as such any Copyright notices in > > +- * the code are not to be removed. > > +- * If this package is used in a product, Eric Young should be given > > attribution > > +- * as the author of the parts of the library used. > > +- * This can be in the form of a textual message at program startup or > > +- * in documentation (online or textual) provided with the package. > > +- * > > +- * Redistribution and use in source and binary forms, with or without > > +- * modification, are permitted provided that the following conditions > > +- * are met: > > +- * 1. Redistributions of source code must retain the copyright > > +- * notice, this list of conditions and the following disclaimer. > > +- * 2. Redistributions in binary form must reproduce the above copyright > > +- * notice, this list of conditions and the following disclaimer in the > > +- * documentation and/or other materials provided with the distribution. > > +- * 3. All advertising materials mentioning features or use of this > > software > > +- * must display the following acknowledgement: > > +- * "This product includes cryptographic software written by > > +- * Eric Young ([email protected])" > > +- * The word 'cryptographic' can be left out if the rouines from the > > library > > +- * being used are not cryptographic related :-). > > +- * 4. If you include any Windows specific code (or a derivative thereof) > > from > > +- * the apps directory (application code) you must include an > > acknowledgement: > > +- * "This product includes software written by Tim Hudson > > ([email protected])" > > +- * > > +- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND > > +- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE > > +- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR > > PURPOSE > > +- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE > > +- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR > > CONSEQUENTIAL > > +- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS > > +- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) > > +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, > > STRICT > > +- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY > > WAY > > +- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF > > +- * SUCH DAMAGE. > > +- * > > +- * The licence and distribution terms for any publically available > > version or > > +- * derivative of this code cannot be changed. i.e. this code cannot > > simply be > > +- * copied and put under another distribution licence > > +- * [including the GNU Public Licence.] > > +- */ > > +- > > +-/* $OpenBSD: dsa_asn1.c,v 1.22 2018/06/14 17:03:19 jsing Exp $ */ > > +-/* $OpenBSD: ecs_asn1.c,v 1.9 2018/03/17 15:24:44 tb Exp $ */ > > +-/* $OpenBSD: digest.c,v 1.30 2018/04/14 07:09:21 tb Exp $ */ > > +-/* Written by Dr Stephen N Henson ([email protected]) for the OpenSSL > > +- * project 2000. > > +- */ > > +-/* ==================================================================== > > +- * Copyright (c) 2000-2005 The OpenSSL Project. All rights reserved. > > +- * > > +- * Redistribution and use in source and binary forms, with or without > > +- * modification, are permitted provided that the following conditions > > +- * are met: > > +- * > > +- * 1. Redistributions of source code must retain the above copyright > > +- * notice, this list of conditions and the following disclaimer. > > +- * > > +- * 2. Redistributions in binary form must reproduce the above copyright > > +- * notice, this list of conditions and the following disclaimer in > > +- * the documentation and/or other materials provided with the > > +- * distribution. > > +- * > > +- * 3. All advertising materials mentioning features or use of this > > +- * software must display the following acknowledgment: > > +- * "This product includes software developed by the OpenSSL Project > > +- * for use in the OpenSSL Toolkit. > > (https://apc01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.openssl.org%2F&data=05%7C01%7Criyaz.khan%40kpit.com%7Cab59aa415a79465897a808db60e51625%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C638210309307324311%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=AcHjOTCMMYGdmyf5wBsy6vDunViWhBFhELKDNILFp5k%3D&reserved=0)" > > +- * > > +- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used > > to > > +- * endorse or promote products derived from this software without > > +- * prior written permission. For written permission, please contact > > +- * [email protected]. > > +- * > > +- * 5. Products derived from this software may not be called "OpenSSL" > > +- * nor may "OpenSSL" appear in their names without prior written > > +- * permission of the OpenSSL Project. > > +- * > > +- * 6. Redistributions of any form whatsoever must retain the following > > +- * acknowledgment: > > +- * "This product includes software developed by the OpenSSL Project > > +- * for use in the OpenSSL Toolkit > > (https://apc01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.openssl.org%2F&data=05%7C01%7Criyaz.khan%40kpit.com%7Cab59aa415a79465897a808db60e51625%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C638210309307324311%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=AcHjOTCMMYGdmyf5wBsy6vDunViWhBFhELKDNILFp5k%3D&reserved=0)" > > +- * > > +- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY > > +- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE > > +- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR > > +- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR > > +- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, > > +- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT > > +- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; > > +- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) > > +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, > > +- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) > > +- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED > > +- * OF THE POSSIBILITY OF SUCH DAMAGE. > > +- * ==================================================================== > > +- * > > +- * This product includes cryptographic software written by Eric Young > > +- * ([email protected]). This product includes software written by Tim > > +- * Hudson ([email protected]). > > +- * > > +- */ > > +- > > +-/* $OpenBSD: rsa_meth.c,v 1.2 2018/09/12 06:35:38 djm Exp $ */ > > + /* > > +- * Copyright (c) 2018 Theo Buehler <[email protected]> > > ++ * Copyright (c) 2018 Damien Miller <[email protected]> > > + * > > + * Permission to use, copy, modify, and distribute this software for any > > + * purpose with or without fee is hereby granted, provided that the above > > +@@ -147,192 +23,7 @@ > > + #include <stdlib.h> > > + #include <string.h> > > + > > +-#include <openssl/err.h> > > +-#include <openssl/bn.h> > > +-#include <openssl/dsa.h> > > +-#include <openssl/rsa.h> > > + #include <openssl/evp.h> > > +-#ifdef OPENSSL_HAS_ECC > > +-#include <openssl/ecdsa.h> > > +-#endif > > +-#include <openssl/dh.h> > > +- > > +-#ifndef HAVE_DSA_GET0_PQG > > +-void > > +-DSA_get0_pqg(const DSA *d, const BIGNUM **p, const BIGNUM **q, const > > BIGNUM **g) > > +-{ > > +- if (p != NULL) > > +- *p = d->p; > > +- if (q != NULL) > > +- *q = d->q; > > +- if (g != NULL) > > +- *g = d->g; > > +-} > > +-#endif /* HAVE_DSA_GET0_PQG */ > > +- > > +-#ifndef HAVE_DSA_SET0_PQG > > +-int > > +-DSA_set0_pqg(DSA *d, BIGNUM *p, BIGNUM *q, BIGNUM *g) > > +-{ > > +- if ((d->p == NULL && p == NULL) || (d->q == NULL && q == NULL) || > > +- (d->g == NULL && g == NULL)) > > +- return 0; > > +- > > +- if (p != NULL) { > > +- BN_free(d->p); > > +- d->p = p; > > +- } > > +- if (q != NULL) { > > +- BN_free(d->q); > > +- d->q = q; > > +- } > > +- if (g != NULL) { > > +- BN_free(d->g); > > +- d->g = g; > > +- } > > +- > > +- return 1; > > +-} > > +-#endif /* HAVE_DSA_SET0_PQG */ > > +- > > +-#ifndef HAVE_DSA_GET0_KEY > > +-void > > +-DSA_get0_key(const DSA *d, const BIGNUM **pub_key, const BIGNUM > > **priv_key) > > +-{ > > +- if (pub_key != NULL) > > +- *pub_key = d->pub_key; > > +- if (priv_key != NULL) > > +- *priv_key = d->priv_key; > > +-} > > +-#endif /* HAVE_DSA_GET0_KEY */ > > +- > > +-#ifndef HAVE_DSA_SET0_KEY > > +-int > > +-DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key) > > +-{ > > +- if (d->pub_key == NULL && pub_key == NULL) > > +- return 0; > > +- > > +- if (pub_key != NULL) { > > +- BN_free(d->pub_key); > > +- d->pub_key = pub_key; > > +- } > > +- if (priv_key != NULL) { > > +- BN_free(d->priv_key); > > +- d->priv_key = priv_key; > > +- } > > +- > > +- return 1; > > +-} > > +-#endif /* HAVE_DSA_SET0_KEY */ > > +- > > +-#ifndef HAVE_RSA_GET0_KEY > > +-void > > +-RSA_get0_key(const RSA *r, const BIGNUM **n, const BIGNUM **e, const > > BIGNUM **d) > > +-{ > > +- if (n != NULL) > > +- *n = r->n; > > +- if (e != NULL) > > +- *e = r->e; > > +- if (d != NULL) > > +- *d = r->d; > > +-} > > +-#endif /* HAVE_RSA_GET0_KEY */ > > +- > > +-#ifndef HAVE_RSA_SET0_KEY > > +-int > > +-RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d) > > +-{ > > +- if ((r->n == NULL && n == NULL) || (r->e == NULL && e == NULL)) > > +- return 0; > > +- > > +- if (n != NULL) { > > +- BN_free(r->n); > > +- r->n = n; > > +- } > > +- if (e != NULL) { > > +- BN_free(r->e); > > +- r->e = e; > > +- } > > +- if (d != NULL) { > > +- BN_free(r->d); > > +- r->d = d; > > +- } > > +- > > +- return 1; > > +-} > > +-#endif /* HAVE_RSA_SET0_KEY */ > > +- > > +-#ifndef HAVE_RSA_GET0_CRT_PARAMS > > +-void > > +-RSA_get0_crt_params(const RSA *r, const BIGNUM **dmp1, const BIGNUM > > **dmq1, > > +- const BIGNUM **iqmp) > > +-{ > > +- if (dmp1 != NULL) > > +- *dmp1 = r->dmp1; > > +- if (dmq1 != NULL) > > +- *dmq1 = r->dmq1; > > +- if (iqmp != NULL) > > +- *iqmp = r->iqmp; > > +-} > > +-#endif /* HAVE_RSA_GET0_CRT_PARAMS */ > > +- > > +-#ifndef HAVE_RSA_SET0_CRT_PARAMS > > +-int > > +-RSA_set0_crt_params(RSA *r, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp) > > +-{ > > +- if ((r->dmp1 == NULL && dmp1 == NULL) || > > +- (r->dmq1 == NULL && dmq1 == NULL) || > > +- (r->iqmp == NULL && iqmp == NULL)) > > +- return 0; > > +- > > +- if (dmp1 != NULL) { > > +- BN_free(r->dmp1); > > +- r->dmp1 = dmp1; > > +- } > > +- if (dmq1 != NULL) { > > +- BN_free(r->dmq1); > > +- r->dmq1 = dmq1; > > +- } > > +- if (iqmp != NULL) { > > +- BN_free(r->iqmp); > > +- r->iqmp = iqmp; > > +- } > > +- > > +- return 1; > > +-} > > +-#endif /* HAVE_RSA_SET0_CRT_PARAMS */ > > +- > > +-#ifndef HAVE_RSA_GET0_FACTORS > > +-void > > +-RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q) > > +-{ > > +- if (p != NULL) > > +- *p = r->p; > > +- if (q != NULL) > > +- *q = r->q; > > +-} > > +-#endif /* HAVE_RSA_GET0_FACTORS */ > > +- > > +-#ifndef HAVE_RSA_SET0_FACTORS > > +-int > > +-RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q) > > +-{ > > +- if ((r->p == NULL && p == NULL) || (r->q == NULL && q == NULL)) > > +- return 0; > > +- > > +- if (p != NULL) { > > +- BN_free(r->p); > > +- r->p = p; > > +- } > > +- if (q != NULL) { > > +- BN_free(r->q); > > +- r->q = q; > > +- } > > +- > > +- return 1; > > +-} > > +-#endif /* HAVE_RSA_SET0_FACTORS */ > > + > > + #ifndef HAVE_EVP_CIPHER_CTX_GET_IV > > + int > > +@@ -392,249 +83,4 @@ EVP_CIPHER_CTX_set_iv(EVP_CIPHER_CTX *ctx, const > > unsigned char *iv, size_t len) > > + } > > + #endif /* HAVE_EVP_CIPHER_CTX_SET_IV */ > > + > > +-#ifndef HAVE_DSA_SIG_GET0 > > +-void > > +-DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps) > > +-{ > > +- if (pr != NULL) > > +- *pr = sig->r; > > +- if (ps != NULL) > > +- *ps = sig->s; > > +-} > > +-#endif /* HAVE_DSA_SIG_GET0 */ > > +- > > +-#ifndef HAVE_DSA_SIG_SET0 > > +-int > > +-DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s) > > +-{ > > +- if (r == NULL || s == NULL) > > +- return 0; > > +- > > +- BN_clear_free(sig->r); > > +- sig->r = r; > > +- BN_clear_free(sig->s); > > +- sig->s = s; > > +- > > +- return 1; > > +-} > > +-#endif /* HAVE_DSA_SIG_SET0 */ > > +- > > +-#ifdef OPENSSL_HAS_ECC > > +-#ifndef HAVE_ECDSA_SIG_GET0 > > +-void > > +-ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps) > > +-{ > > +- if (pr != NULL) > > +- *pr = sig->r; > > +- if (ps != NULL) > > +- *ps = sig->s; > > +-} > > +-#endif /* HAVE_ECDSA_SIG_GET0 */ > > +- > > +-#ifndef HAVE_ECDSA_SIG_SET0 > > +-int > > +-ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s) > > +-{ > > +- if (r == NULL || s == NULL) > > +- return 0; > > +- > > +- BN_clear_free(sig->r); > > +- BN_clear_free(sig->s); > > +- sig->r = r; > > +- sig->s = s; > > +- return 1; > > +-} > > +-#endif /* HAVE_ECDSA_SIG_SET0 */ > > +-#endif /* OPENSSL_HAS_ECC */ > > +- > > +-#ifndef HAVE_DH_GET0_PQG > > +-void > > +-DH_get0_pqg(const DH *dh, const BIGNUM **p, const BIGNUM **q, const > > BIGNUM **g) > > +-{ > > +- if (p != NULL) > > +- *p = dh->p; > > +- if (q != NULL) > > +- *q = dh->q; > > +- if (g != NULL) > > +- *g = dh->g; > > +-} > > +-#endif /* HAVE_DH_GET0_PQG */ > > +- > > +-#ifndef HAVE_DH_SET0_PQG > > +-int > > +-DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g) > > +-{ > > +- if ((dh->p == NULL && p == NULL) || (dh->g == NULL && g == NULL)) > > +- return 0; > > +- > > +- if (p != NULL) { > > +- BN_free(dh->p); > > +- dh->p = p; > > +- } > > +- if (q != NULL) { > > +- BN_free(dh->q); > > +- dh->q = q; > > +- } > > +- if (g != NULL) { > > +- BN_free(dh->g); > > +- dh->g = g; > > +- } > > +- > > +- return 1; > > +-} > > +-#endif /* HAVE_DH_SET0_PQG */ > > +- > > +-#ifndef HAVE_DH_GET0_KEY > > +-void > > +-DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key) > > +-{ > > +- if (pub_key != NULL) > > +- *pub_key = dh->pub_key; > > +- if (priv_key != NULL) > > +- *priv_key = dh->priv_key; > > +-} > > +-#endif /* HAVE_DH_GET0_KEY */ > > +- > > +-#ifndef HAVE_DH_SET0_KEY > > +-int > > +-DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key) > > +-{ > > +- if (pub_key != NULL) { > > +- BN_free(dh->pub_key); > > +- dh->pub_key = pub_key; > > +- } > > +- if (priv_key != NULL) { > > +- BN_free(dh->priv_key); > > +- dh->priv_key = priv_key; > > +- } > > +- > > +- return 1; > > +-} > > +-#endif /* HAVE_DH_SET0_KEY */ > > +- > > +-#ifndef HAVE_DH_SET_LENGTH > > +-int > > +-DH_set_length(DH *dh, long length) > > +-{ > > +- if (length < 0 || length > INT_MAX) > > +- return 0; > > +- > > +- dh->length = length; > > +- return 1; > > +-} > > +-#endif /* HAVE_DH_SET_LENGTH */ > > +- > > +-#ifndef HAVE_RSA_METH_FREE > > +-void > > +-RSA_meth_free(RSA_METHOD *meth) > > +-{ > > +- if (meth != NULL) { > > +- free((char *)meth->name); > > +- free(meth); > > +- } > > +-} > > +-#endif /* HAVE_RSA_METH_FREE */ > > +- > > +-#ifndef HAVE_RSA_METH_DUP > > +-RSA_METHOD * > > +-RSA_meth_dup(const RSA_METHOD *meth) > > +-{ > > +- RSA_METHOD *copy; > > +- > > +- if ((copy = calloc(1, sizeof(*copy))) == NULL) > > +- return NULL; > > +- memcpy(copy, meth, sizeof(*copy)); > > +- if ((copy->name = strdup(meth->name)) == NULL) { > > +- free(copy); > > +- return NULL; > > +- } > > +- > > +- return copy; > > +-} > > +-#endif /* HAVE_RSA_METH_DUP */ > > +- > > +-#ifndef HAVE_RSA_METH_SET1_NAME > > +-int > > +-RSA_meth_set1_name(RSA_METHOD *meth, const char *name) > > +-{ > > +- char *copy; > > +- > > +- if ((copy = strdup(name)) == NULL) > > +- return 0; > > +- free((char *)meth->name); > > +- meth->name = copy; > > +- return 1; > > +-} > > +-#endif /* HAVE_RSA_METH_SET1_NAME */ > > +- > > +-#ifndef HAVE_RSA_METH_GET_FINISH > > +-int > > +-(*RSA_meth_get_finish(const RSA_METHOD *meth))(RSA *rsa) > > +-{ > > +- return meth->finish; > > +-} > > +-#endif /* HAVE_RSA_METH_GET_FINISH */ > > +- > > +-#ifndef HAVE_RSA_METH_SET_PRIV_ENC > > +-int > > +-RSA_meth_set_priv_enc(RSA_METHOD *meth, int (*priv_enc)(int flen, > > +- const unsigned char *from, unsigned char *to, RSA *rsa, int padding)) > > +-{ > > +- meth->rsa_priv_enc = priv_enc; > > +- return 1; > > +-} > > +-#endif /* HAVE_RSA_METH_SET_PRIV_ENC */ > > +- > > +-#ifndef HAVE_RSA_METH_SET_PRIV_DEC > > +-int > > +-RSA_meth_set_priv_dec(RSA_METHOD *meth, int (*priv_dec)(int flen, > > +- const unsigned char *from, unsigned char *to, RSA *rsa, int padding)) > > +-{ > > +- meth->rsa_priv_dec = priv_dec; > > +- return 1; > > +-} > > +-#endif /* HAVE_RSA_METH_SET_PRIV_DEC */ > > +- > > +-#ifndef HAVE_RSA_METH_SET_FINISH > > +-int > > +-RSA_meth_set_finish(RSA_METHOD *meth, int (*finish)(RSA *rsa)) > > +-{ > > +- meth->finish = finish; > > +- return 1; > > +-} > > +-#endif /* HAVE_RSA_METH_SET_FINISH */ > > +- > > +-#ifndef HAVE_EVP_PKEY_GET0_RSA > > +-RSA * > > +-EVP_PKEY_get0_RSA(EVP_PKEY *pkey) > > +-{ > > +- if (pkey->type != EVP_PKEY_RSA) { > > +- /* EVPerror(EVP_R_EXPECTING_AN_RSA_KEY); */ > > +- return NULL; > > +- } > > +- return pkey->pkey.rsa; > > +-} > > +-#endif /* HAVE_EVP_PKEY_GET0_RSA */ > > +- > > +-#ifndef HAVE_EVP_MD_CTX_NEW > > +-EVP_MD_CTX * > > +-EVP_MD_CTX_new(void) > > +-{ > > +- return calloc(1, sizeof(EVP_MD_CTX)); > > +-} > > +-#endif /* HAVE_EVP_MD_CTX_NEW */ > > +- > > +-#ifndef HAVE_EVP_MD_CTX_FREE > > +-void > > +-EVP_MD_CTX_free(EVP_MD_CTX *ctx) > > +-{ > > +- if (ctx == NULL) > > +- return; > > +- > > +- EVP_MD_CTX_cleanup(ctx); > > +- > > +- free(ctx); > > +-} > > +-#endif /* HAVE_EVP_MD_CTX_FREE */ > > +- > > + #endif /* WITH_OPENSSL */ > > +diff --git a/openbsd-compat/openssl-compat.h > > b/openbsd-compat/openssl-compat.h > > +index 61a69dd56eb..d0dd2c3450d 100644 > > +--- a/openbsd-compat/openssl-compat.h > > ++++ b/openbsd-compat/openssl-compat.h > > +@@ -33,26 +33,13 @@ > > + int ssh_compatible_openssl(long, long); > > + void ssh_libcrypto_init(void); > > + > > +-#if (OPENSSL_VERSION_NUMBER < 0x1000100fL) > > +-# error OpenSSL 1.0.1 or greater is required > > ++#if (OPENSSL_VERSION_NUMBER < 0x10100000L) > > ++# error OpenSSL 1.1.0 or greater is required > > + #endif > > +- > > +-#ifndef OPENSSL_VERSION > > +-# define OPENSSL_VERSION SSLEAY_VERSION > > +-#endif > > +- > > +-#ifndef HAVE_OPENSSL_VERSION > > +-# define OpenSSL_version(x) SSLeay_version(x) > > +-#endif > > +- > > +-#ifndef HAVE_OPENSSL_VERSION_NUM > > +-# define OpenSSL_version_num SSLeay > > +-#endif > > +- > > +-#if OPENSSL_VERSION_NUMBER < 0x10000001L > > +-# define LIBCRYPTO_EVP_INL_TYPE unsigned int > > +-#else > > +-# define LIBCRYPTO_EVP_INL_TYPE size_t > > ++#ifdef LIBRESSL_VERSION_NUMBER > > ++# if LIBRESSL_VERSION_NUMBER < 0x3010000fL > > ++# error LibreSSL 3.1.0 or greater is required > > ++# endif > > + #endif > > + > > + #ifndef OPENSSL_RSA_MAX_MODULUS_BITS > > +@@ -68,25 +55,6 @@ void ssh_libcrypto_init(void); > > + # endif > > + #endif > > + > > +-/* LibreSSL/OpenSSL 1.1x API compat */ > > +-#ifndef HAVE_DSA_GET0_PQG > > +-void DSA_get0_pqg(const DSA *d, const BIGNUM **p, const BIGNUM **q, > > +- const BIGNUM **g); > > +-#endif /* HAVE_DSA_GET0_PQG */ > > +- > > +-#ifndef HAVE_DSA_SET0_PQG > > +-int DSA_set0_pqg(DSA *d, BIGNUM *p, BIGNUM *q, BIGNUM *g); > > +-#endif /* HAVE_DSA_SET0_PQG */ > > +- > > +-#ifndef HAVE_DSA_GET0_KEY > > +-void DSA_get0_key(const DSA *d, const BIGNUM **pub_key, > > +- const BIGNUM **priv_key); > > +-#endif /* HAVE_DSA_GET0_KEY */ > > +- > > +-#ifndef HAVE_DSA_SET0_KEY > > +-int DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key); > > +-#endif /* HAVE_DSA_SET0_KEY */ > > +- > > + #ifndef HAVE_EVP_CIPHER_CTX_GET_IV > > + # ifdef HAVE_EVP_CIPHER_CTX_GET_UPDATED_IV > > + # define EVP_CIPHER_CTX_get_iv EVP_CIPHER_CTX_get_updated_iv > > +@@ -101,112 +69,5 @@ int EVP_CIPHER_CTX_set_iv(EVP_CIPHER_CTX *ctx, > > + const unsigned char *iv, size_t len); > > + #endif /* HAVE_EVP_CIPHER_CTX_SET_IV */ > > + > > +-#ifndef HAVE_RSA_GET0_KEY > > +-void RSA_get0_key(const RSA *r, const BIGNUM **n, const BIGNUM **e, > > +- const BIGNUM **d); > > +-#endif /* HAVE_RSA_GET0_KEY */ > > +- > > +-#ifndef HAVE_RSA_SET0_KEY > > +-int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d); > > +-#endif /* HAVE_RSA_SET0_KEY */ > > +- > > +-#ifndef HAVE_RSA_GET0_CRT_PARAMS > > +-void RSA_get0_crt_params(const RSA *r, const BIGNUM **dmp1, const BIGNUM > > **dmq1, > > +- const BIGNUM **iqmp); > > +-#endif /* HAVE_RSA_GET0_CRT_PARAMS */ > > +- > > +-#ifndef HAVE_RSA_SET0_CRT_PARAMS > > +-int RSA_set0_crt_params(RSA *r, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp); > > +-#endif /* HAVE_RSA_SET0_CRT_PARAMS */ > > +- > > +-#ifndef HAVE_RSA_GET0_FACTORS > > +-void RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q); > > +-#endif /* HAVE_RSA_GET0_FACTORS */ > > +- > > +-#ifndef HAVE_RSA_SET0_FACTORS > > +-int RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q); > > +-#endif /* HAVE_RSA_SET0_FACTORS */ > > +- > > +-#ifndef DSA_SIG_GET0 > > +-void DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **pr, const BIGNUM > > **ps); > > +-#endif /* DSA_SIG_GET0 */ > > +- > > +-#ifndef DSA_SIG_SET0 > > +-int DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s); > > +-#endif /* DSA_SIG_SET0 */ > > +- > > +-#ifdef OPENSSL_HAS_ECC > > +-#ifndef HAVE_ECDSA_SIG_GET0 > > +-void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM > > **ps); > > +-#endif /* HAVE_ECDSA_SIG_GET0 */ > > +- > > +-#ifndef HAVE_ECDSA_SIG_SET0 > > +-int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s); > > +-#endif /* HAVE_ECDSA_SIG_SET0 */ > > +-#endif /* OPENSSL_HAS_ECC */ > > +- > > +-#ifndef HAVE_DH_GET0_PQG > > +-void DH_get0_pqg(const DH *dh, const BIGNUM **p, const BIGNUM **q, > > +- const BIGNUM **g); > > +-#endif /* HAVE_DH_GET0_PQG */ > > +- > > +-#ifndef HAVE_DH_SET0_PQG > > +-int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g); > > +-#endif /* HAVE_DH_SET0_PQG */ > > +- > > +-#ifndef HAVE_DH_GET0_KEY > > +-void DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM > > **priv_key); > > +-#endif /* HAVE_DH_GET0_KEY */ > > +- > > +-#ifndef HAVE_DH_SET0_KEY > > +-int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key); > > +-#endif /* HAVE_DH_SET0_KEY */ > > +- > > +-#ifndef HAVE_DH_SET_LENGTH > > +-int DH_set_length(DH *dh, long length); > > +-#endif /* HAVE_DH_SET_LENGTH */ > > +- > > +-#ifndef HAVE_RSA_METH_FREE > > +-void RSA_meth_free(RSA_METHOD *meth); > > +-#endif /* HAVE_RSA_METH_FREE */ > > +- > > +-#ifndef HAVE_RSA_METH_DUP > > +-RSA_METHOD *RSA_meth_dup(const RSA_METHOD *meth); > > +-#endif /* HAVE_RSA_METH_DUP */ > > +- > > +-#ifndef HAVE_RSA_METH_SET1_NAME > > +-int RSA_meth_set1_name(RSA_METHOD *meth, const char *name); > > +-#endif /* HAVE_RSA_METH_SET1_NAME */ > > +- > > +-#ifndef HAVE_RSA_METH_GET_FINISH > > +-int (*RSA_meth_get_finish(const RSA_METHOD *meth))(RSA *rsa); > > +-#endif /* HAVE_RSA_METH_GET_FINISH */ > > +- > > +-#ifndef HAVE_RSA_METH_SET_PRIV_ENC > > +-int RSA_meth_set_priv_enc(RSA_METHOD *meth, int (*priv_enc)(int flen, > > +- const unsigned char *from, unsigned char *to, RSA *rsa, int padding)); > > +-#endif /* HAVE_RSA_METH_SET_PRIV_ENC */ > > +- > > +-#ifndef HAVE_RSA_METH_SET_PRIV_DEC > > +-int RSA_meth_set_priv_dec(RSA_METHOD *meth, int (*priv_dec)(int flen, > > +- const unsigned char *from, unsigned char *to, RSA *rsa, int padding)); > > +-#endif /* HAVE_RSA_METH_SET_PRIV_DEC */ > > +- > > +-#ifndef HAVE_RSA_METH_SET_FINISH > > +-int RSA_meth_set_finish(RSA_METHOD *meth, int (*finish)(RSA *rsa)); > > +-#endif /* HAVE_RSA_METH_SET_FINISH */ > > +- > > +-#ifndef HAVE_EVP_PKEY_GET0_RSA > > +-RSA *EVP_PKEY_get0_RSA(EVP_PKEY *pkey); > > +-#endif /* HAVE_EVP_PKEY_GET0_RSA */ > > +- > > +-#ifndef HAVE_EVP_MD_CTX_new > > +-EVP_MD_CTX *EVP_MD_CTX_new(void); > > +-#endif /* HAVE_EVP_MD_CTX_new */ > > +- > > +-#ifndef HAVE_EVP_MD_CTX_free > > +-void EVP_MD_CTX_free(EVP_MD_CTX *ctx); > > +-#endif /* HAVE_EVP_MD_CTX_free */ > > +- > > + #endif /* WITH_OPENSSL */ > > + #endif /* _OPENSSL_COMPAT_H */ > > diff --git a/meta/recipes-connectivity/openssh/openssh_8.9p1.bb > > b/meta/recipes-connectivity/openssh/openssh_8.9p1.bb > > index 6057d055f4..1d53c2488b 100644 > > --- a/meta/recipes-connectivity/openssh/openssh_8.9p1.bb > > +++ b/meta/recipes-connectivity/openssh/openssh_8.9p1.bb > > @@ -26,6 +26,7 @@ SRC_URI = > > "https://apc01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fftp.openbsd.org%2Fpub%2FOpenBSD%2FOpenSSH%2Fportable%2Fopenssh-%24&data=05%7C01%7Criyaz.khan%40kpit.com%7Cab59aa415a79465897a808db60e51625%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C638210309307324311%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=V7UxzThee3Rz5Lmc2EuREclppsBQrs7FQP%2BMmm3RmVw%3D&reserved=0{PV}.tar > > file://add-test-support-for-busybox.patch \ > > file://f107467179428a0e3ea9e4aa9738ac12ff02822d.patch \ > > > > file://0001-Default-to-not-using-sandbox-when-cross-compiling.patch \ > > + file://7280401bdd77ca54be6867a154cc01e0d72612e0.patch \ > > " > > SRC_URI[sha256sum] = > > "fd497654b7ab1686dac672fb83dfb4ba4096e8b5ffcdaccd262380ae58bec5e7" > > > > -- > > 2.17.1 > > > > > > > > > This message contains information that may be privileged or confidential and > is the property of the KPIT Technologies Ltd. It is intended only for the > person to whom it is addressed. If you are not the intended recipient, you > are not authorized to read, print, retain copy, disseminate, distribute, or > use this message or any part thereof. If you receive this message in error, > please notify the sender immediately and delete all copies of this message. > KPIT Technologies Ltd. does not accept any liability for virus infected mails.
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#181993): https://lists.openembedded.org/g/openembedded-core/message/181993 Mute This Topic: https://lists.openembedded.org/mt/99215252/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
