On Wed, Oct 13, 2021 at 01:46:04PM +0200, Theo Buehler wrote:
> I don't think anyone will want to compile this against OpenSSL 0.9.7 or
> earlier. Calling OpenSSL_add_all_algorithms() has not been necessary
> for a few years, so let's remove libcrypto.c.
OK bluhm@
> Index: Makefile
> ===================================================================
> RCS file: /cvs/src/sbin/isakmpd/Makefile,v
> retrieving revision 1.89
> diff -u -p -r1.89 Makefile
> --- Makefile 11 Feb 2021 19:41:05 -0000 1.89
> +++ Makefile 13 Oct 2021 10:36:08 -0000
> @@ -38,7 +38,7 @@ SRCS= app.c attribute.c cert.c connecti
> field.c hash.c if.c ike_auth.c ike_main_mode.c \
> ike_phase_1.c ike_quick_mode.c init.c ipsec.c ipsec_fld.c \
> ipsec_num.c isakmpd.c isakmp_doi.c isakmp_fld.c isakmp_num.c \
> - key.c libcrypto.c log.c message.c \
> + key.c log.c message.c \
> prf.c sa.c sysdep.c timer.c transport.c virtual.c udp.c \
> ui.c util.c x509.c \
> pf_key_v2.c policy.c ike_aggressive.c isakmp_cfg.c \
> Index: init.c
> ===================================================================
> RCS file: /cvs/src/sbin/isakmpd/init.c,v
> retrieving revision 1.43
> diff -u -p -r1.43 init.c
> --- init.c 15 Jan 2018 09:54:48 -0000 1.43
> +++ init.c 13 Oct 2021 10:33:53 -0000
> @@ -71,7 +71,6 @@ init(void)
> group_init();
> ipsec_init();
> isakmp_doi_init();
> - libcrypto_init();
>
> timer_init();
>
> Index: key.c
> ===================================================================
> RCS file: /cvs/src/sbin/isakmpd/key.c,v
> retrieving revision 1.26
> diff -u -p -r1.26 key.c
> --- key.c 3 Feb 2017 08:23:46 -0000 1.26
> +++ key.c 13 Oct 2021 10:35:35 -0000
> @@ -119,19 +119,12 @@ key_internalize(int type, int private, u
> return strdup((char *)data);
> case ISAKMP_KEY_RSA:
> switch (private) {
> -#if OPENSSL_VERSION_NUMBER >= 0x00907000L
> case ISAKMP_KEYTYPE_PUBLIC:
> return d2i_RSAPublicKey(NULL,
> (const u_int8_t **)&data, datalen);
> case ISAKMP_KEYTYPE_PRIVATE:
> return d2i_RSAPrivateKey(NULL,
> (const u_int8_t **)&data, datalen);
> -#else
> - case ISAKMP_KEYTYPE_PUBLIC:
> - return d2i_RSAPublicKey(NULL, &data, datalen);
> - case ISAKMP_KEYTYPE_PRIVATE:
> - return d2i_RSAPrivateKey(NULL, &data, datalen);
> -#endif
> default:
> log_error("key_internalize: not public or private "
> "RSA key passed");
> Index: libcrypto.c
> ===================================================================
> RCS file: libcrypto.c
> diff -N libcrypto.c
> --- libcrypto.c 8 Apr 2005 22:32:10 -0000 1.19
> +++ /dev/null 1 Jan 1970 00:00:00 -0000
> @@ -1,44 +0,0 @@
> -/* $OpenBSD: libcrypto.c,v 1.19 2005/04/08 22:32:10 cloder Exp $ */
> -/* $EOM: libcrypto.c,v 1.14 2000/09/28 12:53:27 niklas Exp $ */
> -
> -/*
> - * Copyright (c) 1999, 2000, 2001 Niklas Hallqvist. All rights reserved.
> - * Copyright (c) 1999, 2000 Angelos D. Keromytis. All rights reserved.
> - *
> - * Redistribution and use in source and binary forms, with or without
> - * modification, are permitted provided that the following conditions
> - * are met:
> - * 1. Redistributions of source code must retain the above copyright
> - * notice, this list of conditions and the following disclaimer.
> - * 2. Redistributions in binary form must reproduce the above copyright
> - * notice, this list of conditions and the following disclaimer in the
> - * documentation and/or other materials provided with the distribution.
> - *
> - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
> - * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
> - * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
> - * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
> - * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
> - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
> - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
> - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
> - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
> - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
> - */
> -
> -/*
> - * This code was written under funding by Ericsson Radio Systems.
> - */
> -
> -#include "libcrypto.h"
> -
> -void
> -libcrypto_init(void)
> -{
> - /* Add all algorithms known by SSL */
> -#if OPENSSL_VERSION_NUMBER >= 0x00905100L
> - OpenSSL_add_all_algorithms();
> -#else
> - SSLeay_add_all_algorithms();
> -#endif
> -}
> Index: libcrypto.h
> ===================================================================
> RCS file: /cvs/src/sbin/isakmpd/libcrypto.h,v
> retrieving revision 1.18
> diff -u -p -r1.18 libcrypto.h
> --- libcrypto.h 11 Jul 2014 10:01:00 -0000 1.18
> +++ libcrypto.h 13 Oct 2021 10:35:14 -0000
> @@ -35,7 +35,6 @@
>
> #include <stdio.h>
>
> -/* XXX I want #include <ssl/cryptall.h> but we appear to not install meth.h
> */
> #include <openssl/ssl.h>
> #include <openssl/bio.h>
> #include <openssl/md5.h>
> @@ -43,7 +42,5 @@
> #include <openssl/rsa.h>
> #include <openssl/x509_vfy.h>
> #include <openssl/x509.h>
> -
> -extern void libcrypto_init(void);
>
> #endif /* _LIBCRYPTO_H_ */
> Index: x509.c
> ===================================================================
> RCS file: /cvs/src/sbin/isakmpd/x509.c,v
> retrieving revision 1.119
> diff -u -p -r1.119 x509.c
> --- x509.c 2 Jul 2021 11:15:12 -0000 1.119
> +++ x509.c 13 Oct 2021 10:33:18 -0000
> @@ -658,7 +658,6 @@ x509_read_from_dir(X509_STORE *ctx, char
> int
> x509_read_crls_from_dir(X509_STORE *ctx, char *name)
> {
> -#if OPENSSL_VERSION_NUMBER >= 0x00907000L
> FILE *crlfp;
> X509_CRL *crl;
> struct stat sb;
> @@ -729,8 +728,6 @@ x509_read_crls_from_dir(X509_STORE *ctx,
> X509_STORE_set_flags(ctx, X509_V_FLAG_CRL_CHECK);
> }
>
> -#endif /* OPENSSL_VERSION_NUMBER >=
> 0x00907000L */
> -
> return 1;
> }
>
> @@ -791,7 +788,6 @@ x509_crl_init(void)
> * is valid for OpenSSL versions prior to 0.9.7. For now, simply do not
> * support it.
> */
> -#if OPENSSL_VERSION_NUMBER >= 0x00907000L
> char *dirname;
> dirname = conf_get_str("X509-certificates", "CRL-directory");
> if (!dirname) {
> @@ -803,10 +799,6 @@ x509_crl_init(void)
> "x509_crl_init: x509_read_crls_from_dir failed"));
> return 0;
> }
> -#else
> - LOG_DBG((LOG_CRYPTO, 10, "x509_crl_init: CRL support only "
> - "with OpenSSL v0.9.7 or later"));
> -#endif
>
> return 1;
> }
> @@ -831,19 +823,11 @@ x509_cert_validate(void *scert)
> * we trust.
> */
> X509_STORE_CTX_init(&csc, x509_cas, cert, NULL);
> -#if OPENSSL_VERSION_NUMBER >= 0x00908000L
> /* XXX See comment in x509_read_crls_from_dir. */
> if (x509_cas->param->flags & X509_V_FLAG_CRL_CHECK) {
> X509_STORE_CTX_set_flags(&csc, X509_V_FLAG_CRL_CHECK);
> X509_STORE_CTX_set_flags(&csc, X509_V_FLAG_CRL_CHECK_ALL);
> }
> -#elif OPENSSL_VERSION_NUMBER >= 0x00907000L
> - /* XXX See comment in x509_read_crls_from_dir. */
> - if (x509_cas->flags & X509_V_FLAG_CRL_CHECK) {
> - X509_STORE_CTX_set_flags(&csc, X509_V_FLAG_CRL_CHECK);
> - X509_STORE_CTX_set_flags(&csc, X509_V_FLAG_CRL_CHECK_ALL);
> - }
> -#endif
> res = X509_verify_cert(&csc);
> err = csc.error;
> X509_STORE_CTX_cleanup(&csc);
