[openssh-commits] [openssh] branch master updated: Add compat functions for EVP_Digest{Sign, Verify}.
git+noreply at mindrot.org
git+noreply at mindrot.org
Sat Aug 17 11:25:44 AEST 2024
This is an automated email from the git hooks/post-receive script.
dtucker pushed a commit to branch master
in repository openssh.
The following commit(s) were added to refs/heads/master by this push:
new 2a50a8f1 Add compat functions for EVP_Digest{Sign,Verify}.
2a50a8f1 is described below
commit 2a50a8f1fa57857a5e124a2280bcf61cc63c77f7
Author: Darren Tucker <dtucker at dtucker.net>
AuthorDate: Sat Aug 17 11:10:19 2024 +1000
Add compat functions for EVP_Digest{Sign,Verify}.
This should make LibreSSL 3.1.x through 3.3.x work again. Code from
tb@, ok djm at . Restore the test configs covering those.
---
.github/workflows/c-cpp.yml | 2 ++
configure.ac | 2 ++
openbsd-compat/openssl-compat.c | 26 ++++++++++++++++++++++++++
openbsd-compat/openssl-compat.h | 10 ++++++++++
4 files changed, 40 insertions(+)
diff --git a/.github/workflows/c-cpp.yml b/.github/workflows/c-cpp.yml
index a5cac7c8..60902870 100644
--- a/.github/workflows/c-cpp.yml
+++ b/.github/workflows/c-cpp.yml
@@ -57,6 +57,8 @@ jobs:
- { target: ubuntu-20.04, config: musl }
- { target: ubuntu-latest, config: boringssl }
- { target: ubuntu-latest, config: libressl-master }
+ - { target: ubuntu-latest, config: libressl-3.2.6 }
+ - { target: ubuntu-latest, config: libressl-3.3.6 }
- { target: ubuntu-latest, config: libressl-3.4.3 }
- { target: ubuntu-latest, config: libressl-3.5.3 }
- { target: ubuntu-latest, config: libressl-3.6.1 }
diff --git a/configure.ac b/configure.ac
index d21b5798..591d5a38 100644
--- a/configure.ac
+++ b/configure.ac
@@ -2983,6 +2983,8 @@ if test "x$openssl" = "xyes" ; then
BN_is_prime_ex \
DES_crypt \
DSA_generate_parameters_ex \
+ EVP_DigestSign \
+ EVP_DigestVerify \
EVP_DigestFinal_ex \
EVP_DigestInit_ex \
EVP_MD_CTX_cleanup \
diff --git a/openbsd-compat/openssl-compat.c b/openbsd-compat/openssl-compat.c
index 6c65003f..14865077 100644
--- a/openbsd-compat/openssl-compat.c
+++ b/openbsd-compat/openssl-compat.c
@@ -95,4 +95,30 @@ ssh_libcrypto_init(void)
#endif /* USE_OPENSSL_ENGINE */
}
+#ifndef HAVE_EVP_DIGESTSIGN
+int
+EVP_DigestSign(EVP_MD_CTX *ctx, unsigned char *sigret, size_t *siglen,
+ const unsigned char *tbs, size_t tbslen)
+{
+ if (sigret != NULL) {
+ if (EVP_DigestSignUpdate(ctx, tbs, tbslen) <= 0)
+ return 0;
+ }
+
+ return EVP_DigestSignFinal(ctx, sigret, siglen);
+}
+#endif
+
+#ifndef HAVE_EVP_DIGESTVERIFY
+int
+EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret, size_t siglen,
+ const unsigned char *tbs, size_t tbslen)
+{
+ if (EVP_DigestVerifyUpdate(ctx, tbs, tbslen) <= 0)
+ return -1;
+
+ return EVP_DigestVerifyFinal(ctx, sigret, siglen);
+}
+#endif
+
#endif /* WITH_OPENSSL */
diff --git a/openbsd-compat/openssl-compat.h b/openbsd-compat/openssl-compat.h
index f6796b3b..2b9780f5 100644
--- a/openbsd-compat/openssl-compat.h
+++ b/openbsd-compat/openssl-compat.h
@@ -78,5 +78,15 @@ int EVP_CIPHER_CTX_set_iv(EVP_CIPHER_CTX *ctx,
const unsigned char *iv, size_t len);
#endif /* HAVE_EVP_CIPHER_CTX_SET_IV */
+#ifndef HAVE_EVP_DIGESTSIGN
+int EVP_DigestSign(EVP_MD_CTX *, unsigned char *, size_t *,
+ const unsigned char *, size_t);
+#endif
+
+#ifndef HAVE_EVP_DIGESTVERIFY
+int EVP_DigestVerify(EVP_MD_CTX *, const unsigned char *, size_t,
+ const unsigned char *, size_t);
+#endif
+
#endif /* WITH_OPENSSL */
#endif /* _OPENSSL_COMPAT_H */
--
To stop receiving notification emails like this one, please contact
djm at mindrot.org.
More information about the openssh-commits
mailing list