diff options
author | Damien Miller <djm@cvs.openbsd.org> | 2010-11-10 01:33:08 +0000 |
---|---|---|
committer | Damien Miller <djm@cvs.openbsd.org> | 2010-11-10 01:33:08 +0000 |
commit | dd5782fa7760089f37d1a390e054de720cfa3fa1 (patch) | |
tree | 4ab09ed41e4f5618a2e3fefc868c7a1e0a33cef6 /usr.bin/ssh | |
parent | 4d873ebe99251c3e5fb6397497a0d18a109f0659 (diff) |
use only libcrypto APIs that are retained with OPENSSL_NO_DEPRECATED.
these have been around for years by this time. ok markus
Diffstat (limited to 'usr.bin/ssh')
-rw-r--r-- | usr.bin/ssh/kexdhc.c | 4 | ||||
-rw-r--r-- | usr.bin/ssh/kexdhs.c | 4 | ||||
-rw-r--r-- | usr.bin/ssh/kexgexc.c | 4 | ||||
-rw-r--r-- | usr.bin/ssh/kexgexs.c | 4 | ||||
-rw-r--r-- | usr.bin/ssh/key.c | 26 | ||||
-rw-r--r-- | usr.bin/ssh/moduli.c | 8 |
6 files changed, 33 insertions, 17 deletions
diff --git a/usr.bin/ssh/kexdhc.c b/usr.bin/ssh/kexdhc.c index 5547b148b33..759a9e43d42 100644 --- a/usr.bin/ssh/kexdhc.c +++ b/usr.bin/ssh/kexdhc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexdhc.c,v 1.11 2006/11/06 21:25:28 markus Exp $ */ +/* $OpenBSD: kexdhc.c,v 1.12 2010/11/10 01:33:07 djm Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * @@ -25,6 +25,8 @@ #include <sys/types.h> +#include <openssl/dh.h> + #include <stdio.h> #include <string.h> #include <signal.h> diff --git a/usr.bin/ssh/kexdhs.c b/usr.bin/ssh/kexdhs.c index 9060a1663e6..7fc426dff75 100644 --- a/usr.bin/ssh/kexdhs.c +++ b/usr.bin/ssh/kexdhs.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexdhs.c,v 1.11 2010/02/26 20:29:54 djm Exp $ */ +/* $OpenBSD: kexdhs.c,v 1.12 2010/11/10 01:33:07 djm Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * @@ -28,6 +28,8 @@ #include <string.h> #include <signal.h> +#include <openssl/dh.h> + #include "xmalloc.h" #include "buffer.h" #include "key.h" diff --git a/usr.bin/ssh/kexgexc.c b/usr.bin/ssh/kexgexc.c index 230adbafb7d..a761a2cb389 100644 --- a/usr.bin/ssh/kexgexc.c +++ b/usr.bin/ssh/kexgexc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexgexc.c,v 1.11 2006/11/06 21:25:28 markus Exp $ */ +/* $OpenBSD: kexgexc.c,v 1.12 2010/11/10 01:33:07 djm Exp $ */ /* * Copyright (c) 2000 Niels Provos. All rights reserved. * Copyright (c) 2001 Markus Friedl. All rights reserved. @@ -26,6 +26,8 @@ #include <sys/types.h> +#include <openssl/dh.h> + #include <stdio.h> #include <string.h> #include <signal.h> diff --git a/usr.bin/ssh/kexgexs.c b/usr.bin/ssh/kexgexs.c index b751a7eeea3..0b90986fb19 100644 --- a/usr.bin/ssh/kexgexs.c +++ b/usr.bin/ssh/kexgexs.c @@ -1,4 +1,4 @@ -/* $OpenBSD: kexgexs.c,v 1.13 2010/02/26 20:29:54 djm Exp $ */ +/* $OpenBSD: kexgexs.c,v 1.14 2010/11/10 01:33:07 djm Exp $ */ /* * Copyright (c) 2000 Niels Provos. All rights reserved. * Copyright (c) 2001 Markus Friedl. All rights reserved. @@ -30,6 +30,8 @@ #include <string.h> #include <signal.h> +#include <openssl/dh.h> + #include "xmalloc.h" #include "buffer.h" #include "key.h" diff --git a/usr.bin/ssh/key.c b/usr.bin/ssh/key.c index f176574f630..a15578bd8ad 100644 --- a/usr.bin/ssh/key.c +++ b/usr.bin/ssh/key.c @@ -1,4 +1,4 @@ -/* $OpenBSD: key.c,v 1.94 2010/10/28 11:22:09 djm Exp $ */ +/* $OpenBSD: key.c,v 1.95 2010/11/10 01:33:07 djm Exp $ */ /* * read_bignum(): * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -982,25 +982,33 @@ key_size(const Key *k) static RSA * rsa_generate_private_key(u_int bits) { - RSA *private; + RSA *private = RSA_new(); + BIGNUM *f4 = BN_new(); - private = RSA_generate_key(bits, RSA_F4, NULL, NULL); if (private == NULL) - fatal("rsa_generate_private_key: key generation failed."); + fatal("%s: RSA_new failed", __func__); + if (f4 == NULL) + fatal("%s: BN_new failed", __func__); + if (!BN_set_word(f4, RSA_F4)) + fatal("%s: BN_new failed", __func__); + if (!RSA_generate_key_ex(private, bits, f4, NULL)) + fatal("%s: key generation failed.", __func__); + BN_free(f4); return private; } static DSA* dsa_generate_private_key(u_int bits) { - DSA *private = DSA_generate_parameters(bits, NULL, 0, NULL, NULL, NULL, NULL); + DSA *private = DSA_new(); if (private == NULL) - fatal("dsa_generate_private_key: DSA_generate_parameters failed"); + fatal("%s: DSA_new failed", __func__); + if (!DSA_generate_parameters_ex(private, bits, NULL, 0, NULL, + NULL, NULL)) + fatal("%s: DSA_generate_parameters failed", __func__); if (!DSA_generate_key(private)) - fatal("dsa_generate_private_key: DSA_generate_key failed."); - if (private == NULL) - fatal("dsa_generate_private_key: NULL."); + fatal("%s: DSA_generate_key failed.", __func__); return private; } diff --git a/usr.bin/ssh/moduli.c b/usr.bin/ssh/moduli.c index 9e8d45a1343..d10170105c4 100644 --- a/usr.bin/ssh/moduli.c +++ b/usr.bin/ssh/moduli.c @@ -1,4 +1,4 @@ -/* $OpenBSD: moduli.c,v 1.21 2008/06/26 09:19:40 djm Exp $ */ +/* $OpenBSD: moduli.c,v 1.22 2010/11/10 01:33:07 djm Exp $ */ /* * Copyright 1994 Phil Karn <karn@qualcomm.com> * Copyright 1996-1998, 2003 William Allen Simpson <wsimpson@greendragon.com> @@ -598,7 +598,7 @@ prime_test(FILE *in, FILE *out, u_int32_t trials, u_int32_t generator_wanted) * that p is also prime. A single pass will weed out the * vast majority of composite q's. */ - if (BN_is_prime(q, 1, NULL, ctx, NULL) <= 0) { + if (BN_is_prime_ex(q, 1, ctx, NULL) <= 0) { debug("%10u: q failed first possible prime test", count_in); continue; @@ -611,14 +611,14 @@ prime_test(FILE *in, FILE *out, u_int32_t trials, u_int32_t generator_wanted) * will show up on the first Rabin-Miller iteration so it * doesn't hurt to specify a high iteration count. */ - if (!BN_is_prime(p, trials, NULL, ctx, NULL)) { + if (!BN_is_prime_ex(p, trials, ctx, NULL)) { debug("%10u: p is not prime", count_in); continue; } debug("%10u: p is almost certainly prime", count_in); /* recheck q more rigorously */ - if (!BN_is_prime(q, trials - 1, NULL, ctx, NULL)) { + if (!BN_is_prime_ex(q, trials - 1, ctx, NULL)) { debug("%10u: q is not prime", count_in); continue; } |