I don't think anyone will want to compile this against OpenSSL 0.9.7 or
earlier. Calling OpenSSL_add_all_algorithms() has not been necessary
for a few years, so let's remove libcrypto.c.
Index: Makefile
===================================================================
RCS file: /cvs/src/sbin/isakmpd/Makefile,v
retrieving revision 1.89
diff -u -p -r1.89 Makefile
--- Makefile 11 Feb 2021 19:41:05 -0000 1.89
+++ Makefile 13 Oct 2021 10:36:08 -0000
@@ -38,7 +38,7 @@ SRCS= app.c attribute.c cert.c connecti
field.c hash.c if.c ike_auth.c ike_main_mode.c \
ike_phase_1.c ike_quick_mode.c init.c ipsec.c ipsec_fld.c \
ipsec_num.c isakmpd.c isakmp_doi.c isakmp_fld.c isakmp_num.c \
- key.c libcrypto.c log.c message.c \
+ key.c log.c message.c \
prf.c sa.c sysdep.c timer.c transport.c virtual.c udp.c \
ui.c util.c x509.c \
pf_key_v2.c policy.c ike_aggressive.c isakmp_cfg.c \
Index: init.c
===================================================================
RCS file: /cvs/src/sbin/isakmpd/init.c,v
retrieving revision 1.43
diff -u -p -r1.43 init.c
--- init.c 15 Jan 2018 09:54:48 -0000 1.43
+++ init.c 13 Oct 2021 10:33:53 -0000
@@ -71,7 +71,6 @@ init(void)
group_init();
ipsec_init();
isakmp_doi_init();
- libcrypto_init();
timer_init();
Index: key.c
===================================================================
RCS file: /cvs/src/sbin/isakmpd/key.c,v
retrieving revision 1.26
diff -u -p -r1.26 key.c
--- key.c 3 Feb 2017 08:23:46 -0000 1.26
+++ key.c 13 Oct 2021 10:35:35 -0000
@@ -119,19 +119,12 @@ key_internalize(int type, int private, u
return strdup((char *)data);
case ISAKMP_KEY_RSA:
switch (private) {
-#if OPENSSL_VERSION_NUMBER >= 0x00907000L
case ISAKMP_KEYTYPE_PUBLIC:
return d2i_RSAPublicKey(NULL,
(const u_int8_t **)&data, datalen);
case ISAKMP_KEYTYPE_PRIVATE:
return d2i_RSAPrivateKey(NULL,
(const u_int8_t **)&data, datalen);
-#else
- case ISAKMP_KEYTYPE_PUBLIC:
- return d2i_RSAPublicKey(NULL, &data, datalen);
- case ISAKMP_KEYTYPE_PRIVATE:
- return d2i_RSAPrivateKey(NULL, &data, datalen);
-#endif
default:
log_error("key_internalize: not public or private "
"RSA key passed");
Index: libcrypto.c
===================================================================
RCS file: libcrypto.c
diff -N libcrypto.c
--- libcrypto.c 8 Apr 2005 22:32:10 -0000 1.19
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,44 +0,0 @@
-/* $OpenBSD: libcrypto.c,v 1.19 2005/04/08 22:32:10 cloder Exp $ */
-/* $EOM: libcrypto.c,v 1.14 2000/09/28 12:53:27 niklas Exp $ */
-
-/*
- * Copyright (c) 1999, 2000, 2001 Niklas Hallqvist. All rights reserved.
- * Copyright (c) 1999, 2000 Angelos D. Keromytis. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
- * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
- * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-/*
- * This code was written under funding by Ericsson Radio Systems.
- */
-
-#include "libcrypto.h"
-
-void
-libcrypto_init(void)
-{
- /* Add all algorithms known by SSL */
-#if OPENSSL_VERSION_NUMBER >= 0x00905100L
- OpenSSL_add_all_algorithms();
-#else
- SSLeay_add_all_algorithms();
-#endif
-}
Index: libcrypto.h
===================================================================
RCS file: /cvs/src/sbin/isakmpd/libcrypto.h,v
retrieving revision 1.18
diff -u -p -r1.18 libcrypto.h
--- libcrypto.h 11 Jul 2014 10:01:00 -0000 1.18
+++ libcrypto.h 13 Oct 2021 10:35:14 -0000
@@ -35,7 +35,6 @@
#include <stdio.h>
-/* XXX I want #include <ssl/cryptall.h> but we appear to not install meth.h */
#include <openssl/ssl.h>
#include <openssl/bio.h>
#include <openssl/md5.h>
@@ -43,7 +42,5 @@
#include <openssl/rsa.h>
#include <openssl/x509_vfy.h>
#include <openssl/x509.h>
-
-extern void libcrypto_init(void);
#endif /* _LIBCRYPTO_H_ */
Index: x509.c
===================================================================
RCS file: /cvs/src/sbin/isakmpd/x509.c,v
retrieving revision 1.119
diff -u -p -r1.119 x509.c
--- x509.c 2 Jul 2021 11:15:12 -0000 1.119
+++ x509.c 13 Oct 2021 10:33:18 -0000
@@ -658,7 +658,6 @@ x509_read_from_dir(X509_STORE *ctx, char
int
x509_read_crls_from_dir(X509_STORE *ctx, char *name)
{
-#if OPENSSL_VERSION_NUMBER >= 0x00907000L
FILE *crlfp;
X509_CRL *crl;
struct stat sb;
@@ -729,8 +728,6 @@ x509_read_crls_from_dir(X509_STORE *ctx,
X509_STORE_set_flags(ctx, X509_V_FLAG_CRL_CHECK);
}
-#endif /* OPENSSL_VERSION_NUMBER >= 0x00907000L */
-
return 1;
}
@@ -791,7 +788,6 @@ x509_crl_init(void)
* is valid for OpenSSL versions prior to 0.9.7. For now, simply do not
* support it.
*/
-#if OPENSSL_VERSION_NUMBER >= 0x00907000L
char *dirname;
dirname = conf_get_str("X509-certificates", "CRL-directory");
if (!dirname) {
@@ -803,10 +799,6 @@ x509_crl_init(void)
"x509_crl_init: x509_read_crls_from_dir failed"));
return 0;
}
-#else
- LOG_DBG((LOG_CRYPTO, 10, "x509_crl_init: CRL support only "
- "with OpenSSL v0.9.7 or later"));
-#endif
return 1;
}
@@ -831,19 +823,11 @@ x509_cert_validate(void *scert)
* we trust.
*/
X509_STORE_CTX_init(&csc, x509_cas, cert, NULL);
-#if OPENSSL_VERSION_NUMBER >= 0x00908000L
/* XXX See comment in x509_read_crls_from_dir. */
if (x509_cas->param->flags & X509_V_FLAG_CRL_CHECK) {
X509_STORE_CTX_set_flags(&csc, X509_V_FLAG_CRL_CHECK);
X509_STORE_CTX_set_flags(&csc, X509_V_FLAG_CRL_CHECK_ALL);
}
-#elif OPENSSL_VERSION_NUMBER >= 0x00907000L
- /* XXX See comment in x509_read_crls_from_dir. */
- if (x509_cas->flags & X509_V_FLAG_CRL_CHECK) {
- X509_STORE_CTX_set_flags(&csc, X509_V_FLAG_CRL_CHECK);
- X509_STORE_CTX_set_flags(&csc, X509_V_FLAG_CRL_CHECK_ALL);
- }
-#endif
res = X509_verify_cert(&csc);
err = csc.error;
X509_STORE_CTX_cleanup(&csc);