From 26f9641216de95e80bc2c090691000bc0e890ae2 Mon Sep 17 00:00:00 2001 From: Laszlo Valko Date: Tue, 4 Jan 2022 03:30:23 +0100 Subject: [PATCH] Removed obsolete packages. --- dev-php/pecl-apcu/Manifest | 3 - dev-php/pecl-apcu/metadata.xml | 14 - dev-php/pecl-apcu/pecl-apcu-4.0.11.ebuild | 77 - mail-filter/libspf2/Manifest | 4 - .../files/libspf2-1.2.10-varargs.patch | 29 - mail-filter/libspf2/libspf2-1.2.10.ebuild | 46 - mail-filter/libspf2/metadata.xml | 9 - mail-filter/razor/Manifest | 6 - .../files/razor-2.85-cosmetic-pv-fix.patch | 22 - .../razor/files/razor-2.85-fix-makefile.patch | 14 - .../files/razor-2.85-use-sha-not-sha1.patch | 119 - mail-filter/razor/metadata.xml | 23 - mail-filter/razor/razor-2.85-r2.ebuild | 79 - media-libs/xine-lib/Manifest | 3 - media-libs/xine-lib/metadata.xml | 65 - media-libs/xine-lib/xine-lib-1.2.10.ebuild | 222 -- net-misc/openssh1/Manifest | 17 - ...penssh1-6.7_p1-openssl-ignore-status.patch | 17 - .../files/openssh1-7.3-mips-seccomp-n32.patch | 21 - .../openssh1-7.5_p1-CVE-2017-15906.patch | 31 - .../files/openssh1-7.5_p1-GSSAPI-dns.patch | 351 -- .../files/openssh1-7.5_p1-cross-cache.patch | 39 - ...1-7.5_p1-disable-conch-interop-tests.patch | 20 - .../openssh1-7.5_p1-hpn-x509-10.2-glue.patch | 67 - .../files/openssh1-7.5_p1-openssl-1.1.patch | 3520 ----------------- .../files/openssh1-7.5_p1-s390-seccomp.patch | 27 - .../openssh1/files/openssh1-7.5_p1-ssh1.patch | 152 - .../files/openssh1-7.5_p1-x32-typo.patch | 25 - net-misc/openssh1/openssh1-7.5_p1-r5.ebuild | 288 -- net-print/cndrvcups-common-lb/Manifest | 3 - .../cndrvcups-common-lb-3.50.ebuild | 114 - net-print/cndrvcups-common-lb/metadata.xml | 8 - net-print/cndrvcups-common-sfp/Manifest | 3 - .../cndrvcups-common-sfp-1.40.ebuild | 112 - net-print/cndrvcups-common-sfp/metadata.xml | 8 - net-print/cndrvcups-lb/Manifest | 3 - .../cndrvcups-lb/cndrvcups-lb-3.50.ebuild | 108 - net-print/cndrvcups-lb/metadata.xml | 8 - net-print/cndrvcups-sfp/Manifest | 4 - .../cndrvcups-sfp/cndrvcups-sfp-1.40.ebuild | 150 - .../files/remove-StatusMonitor.patch | 11 - net-print/cndrvcups-sfp/metadata.xml | 8 - 42 files changed, 5850 deletions(-) delete mode 100644 dev-php/pecl-apcu/Manifest delete mode 100644 dev-php/pecl-apcu/metadata.xml delete mode 100644 dev-php/pecl-apcu/pecl-apcu-4.0.11.ebuild delete mode 100644 mail-filter/libspf2/Manifest delete mode 100644 mail-filter/libspf2/files/libspf2-1.2.10-varargs.patch delete mode 100644 mail-filter/libspf2/libspf2-1.2.10.ebuild delete mode 100644 mail-filter/libspf2/metadata.xml delete mode 100644 mail-filter/razor/Manifest delete mode 100644 mail-filter/razor/files/razor-2.85-cosmetic-pv-fix.patch delete mode 100644 mail-filter/razor/files/razor-2.85-fix-makefile.patch delete mode 100644 mail-filter/razor/files/razor-2.85-use-sha-not-sha1.patch delete mode 100644 mail-filter/razor/metadata.xml delete mode 100644 mail-filter/razor/razor-2.85-r2.ebuild delete mode 100644 media-libs/xine-lib/Manifest delete mode 100644 media-libs/xine-lib/metadata.xml delete mode 100644 media-libs/xine-lib/xine-lib-1.2.10.ebuild delete mode 100644 net-misc/openssh1/Manifest delete mode 100644 net-misc/openssh1/files/openssh1-6.7_p1-openssl-ignore-status.patch delete mode 100644 net-misc/openssh1/files/openssh1-7.3-mips-seccomp-n32.patch delete mode 100644 net-misc/openssh1/files/openssh1-7.5_p1-CVE-2017-15906.patch delete mode 100644 net-misc/openssh1/files/openssh1-7.5_p1-GSSAPI-dns.patch delete mode 100644 net-misc/openssh1/files/openssh1-7.5_p1-cross-cache.patch delete mode 100644 net-misc/openssh1/files/openssh1-7.5_p1-disable-conch-interop-tests.patch delete mode 100644 net-misc/openssh1/files/openssh1-7.5_p1-hpn-x509-10.2-glue.patch delete mode 100644 net-misc/openssh1/files/openssh1-7.5_p1-openssl-1.1.patch delete mode 100644 net-misc/openssh1/files/openssh1-7.5_p1-s390-seccomp.patch delete mode 100644 net-misc/openssh1/files/openssh1-7.5_p1-ssh1.patch delete mode 100644 net-misc/openssh1/files/openssh1-7.5_p1-x32-typo.patch delete mode 100644 net-misc/openssh1/openssh1-7.5_p1-r5.ebuild delete mode 100644 net-print/cndrvcups-common-lb/Manifest delete mode 100644 net-print/cndrvcups-common-lb/cndrvcups-common-lb-3.50.ebuild delete mode 100644 net-print/cndrvcups-common-lb/metadata.xml delete mode 100644 net-print/cndrvcups-common-sfp/Manifest delete mode 100644 net-print/cndrvcups-common-sfp/cndrvcups-common-sfp-1.40.ebuild delete mode 100644 net-print/cndrvcups-common-sfp/metadata.xml delete mode 100644 net-print/cndrvcups-lb/Manifest delete mode 100644 net-print/cndrvcups-lb/cndrvcups-lb-3.50.ebuild delete mode 100644 net-print/cndrvcups-lb/metadata.xml delete mode 100644 net-print/cndrvcups-sfp/Manifest delete mode 100644 net-print/cndrvcups-sfp/cndrvcups-sfp-1.40.ebuild delete mode 100644 net-print/cndrvcups-sfp/files/remove-StatusMonitor.patch delete mode 100644 net-print/cndrvcups-sfp/metadata.xml diff --git a/dev-php/pecl-apcu/Manifest b/dev-php/pecl-apcu/Manifest deleted file mode 100644 index 0cebe66..0000000 --- a/dev-php/pecl-apcu/Manifest +++ /dev/null @@ -1,3 +0,0 @@ -DIST apcu-4.0.11.tgz 119535 BLAKE2B 2c1f8a0463b2802b11ae679987807127556b04fb099e4872bff9d1ea51c633140d978b66373eb987d5207403ed9389e58f1afa7ca94360680d9a9693230fb87a SHA512 e3b97066240e33850419e96f0fd9df0e66ee3b0fa238c418e07ac639d07439e9edfa1696e56a620e33f1ffc0993c57bde585b0c170b22995e7d5c0ae550b7899 -EBUILD pecl-apcu-4.0.11.ebuild 1537 BLAKE2B 36711117b55ff29299313a30dc336805330e38d263f2b1028639c7303293e424147e3bbdbb9be41c8f694ec720901d93367fb5743ee27ecd894835976b0ce8f7 SHA512 82cd877571c42a85a2e5bc31c68bc5ff3521ed77d968984942ecb95ff103e18d3796f32a222a1285e6630f020e4da732ef874a16f49e06d4da75909719e694c3 -MISC metadata.xml 540 BLAKE2B a29196911604b13d643db1b09cdae2c578c52f3b3ce92f9d6ae534c6fe9872435a46b15dca79ce8ccf5ca02070f2e694f518c69524ea9380eff8e597d8d4124d SHA512 acd09a9a8e52ddc7e4cde2f048db7f7721fcbe3e24b7b628bf1c14b17381a75b463dede6faa0acfecf8e270693001c30b83758f8ad761979fcbdccb454098e56 diff --git a/dev-php/pecl-apcu/metadata.xml b/dev-php/pecl-apcu/metadata.xml deleted file mode 100644 index 6344b62..0000000 --- a/dev-php/pecl-apcu/metadata.xml +++ /dev/null @@ -1,14 +0,0 @@ - - - - - php-bugs@gentoo.org - PHP - - - Enable semaphore locks instead of fcntl - Enable pthread mutex locking - Enable pthread read/write locking - Enable spin locks (EXPERIMENTAL) - - diff --git a/dev-php/pecl-apcu/pecl-apcu-4.0.11.ebuild b/dev-php/pecl-apcu/pecl-apcu-4.0.11.ebuild deleted file mode 100644 index c808e24..0000000 --- a/dev-php/pecl-apcu/pecl-apcu-4.0.11.ebuild +++ /dev/null @@ -1,77 +0,0 @@ -# Copyright 1999-2019 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=6 - -PHP_EXT_NAME="apcu" -PHP_EXT_INI="yes" -PHP_EXT_ZENDEXT="no" -DOCS=( NOTICE README.md TECHNOTES.txt TODO ) - -USE_PHP="php5-6 php7-1 php7-2 php7-3" - -inherit php-ext-pecl-r3 - -USE_PHP="php5-6" - -KEYWORDS="amd64 ~arm64 x86" - -DESCRIPTION="Stripped down version of APC supporting only user cache" -LICENSE="PHP-3.01" -SLOT="0" -IUSE="+mmap" - -DEPEND="" -PDEPEND=" -php_targets_php7-1? ( dev-php/pecl-apcu:7[php_targets_php7-1] ) -php_targets_php7-2? ( dev-php/pecl-apcu:7[php_targets_php7-2] ) -php_targets_php7-3? ( dev-php/pecl-apcu:7[php_targets_php7-3] ) -" - -LOCKS="pthreadmutex pthreadrw spinlock semaphore" - -LUSE="" -for l in ${LOCKS}; do - LUSE+="lock-${l} " -done - -IUSE+=" ${LUSE/lock-pthreadrw/+lock-pthreadrw}" - -REQUIRED_USE="^^ ( $LUSE )" - -src_prepare() { - if use php_targets_php5-6 ; then - php-ext-source-r3_src_prepare - else - eapply_user - fi -} - -src_configure() { - if use php_targets_php5-6 ; then - local PHP_EXT_ECONF_ARGS=( - --enable-apcu - $(use_enable mmap apcu-mmap) - $(use_enable lock-pthreadrw apcu-rwlocks) - $(use_enable lock-spinlock apcu-spinlocks) - ) - - php-ext-source-r3_src_configure - fi -} - -src_install() { - if use php_targets_php5-6 ; then - php-ext-pecl-r3_src_install - - insinto "${PHP_EXT_SHARED_DIR#$EPREFIX}" - doins apc.php - fi -} - -pkg_postinst() { - if use php_targets_php5-6 ; then - elog "The apc.php file shipped with this release of pecl-apcu was" - elog "installed into ${PHP_EXT_SHARED_DIR}." - fi -} diff --git a/mail-filter/libspf2/Manifest b/mail-filter/libspf2/Manifest deleted file mode 100644 index e1d7920..0000000 --- a/mail-filter/libspf2/Manifest +++ /dev/null @@ -1,4 +0,0 @@ -AUX libspf2-1.2.10-varargs.patch 1385 BLAKE2B 0fcf2c91cc8b01f8d20ec1d7e1896f59c01115de45b505c7cf81e68d0850456a08b87c1e2f59a5e37824298bee969650f9dd391ec25addf5186478e07a07d182 SHA512 886a347c6526c4e81bc035d7e0069f72aaa5ad2103f0e035e46dbd7e1e5f328ebbbc81842fd32397d195a5b18cf841784455a4142291276c1be8942a1c753b4d -DIST libspf2-1.2.10.tar.gz 508842 BLAKE2B d15a44f64c5e3da20aa349e61a6cc02a15f83ed3acff93fe4c23970e30533d6424b1db35d7d60ff488c9a239d343f8544426fbf8fcb66271237155e0b57df1b5 SHA512 162ce382628c6fcadac3e11f5a12442db622bb23f7ec503e16f5ba7fc88afdd777bce6b093c12a58210355985fd11b74b140f08fab347334d82d953dd183b130 -EBUILD libspf2-1.2.10.ebuild 1235 BLAKE2B adcc1f456a4342e364c39e603365906bc48d63a7759573e3f7597832746e82ca84da664fa0e74ecc678affd968de39ac772a41ea8f0fc10da7908dc0a534081f SHA512 1aafa7786af9e8b74a0d241a2b0f2a1faaf7f3bb2fdbe97904c08f12e715c427ab62fa55fc3be6a0c92f313a57ad7ef1984270ca32e3d2e14807c3f09961d035 -MISC metadata.xml 662 BLAKE2B 93065bf12cb61aa27cb99767141dfef8b60a98b7c69da698ba0080bd5f25bce4df3c9a4284bfdf1d94a3be808876c20cdcb39bbd1536a3231ced1a86a0f49afe SHA512 255a23e45243c57a00be6d18c487a0574c92b16110d31352f83529bbb7fa5386354a4e5b7f5a3575596fa7cb701ddfb4408077393576e60537b6b70c9bda89a3 diff --git a/mail-filter/libspf2/files/libspf2-1.2.10-varargs.patch b/mail-filter/libspf2/files/libspf2-1.2.10-varargs.patch deleted file mode 100644 index 0230856..0000000 --- a/mail-filter/libspf2/files/libspf2-1.2.10-varargs.patch +++ /dev/null @@ -1,29 +0,0 @@ -From 5852828582f556e73751076ad092f72acf7fc8b6 Mon Sep 17 00:00:00 2001 -From: Shevek -Date: Tue, 23 Sep 2014 01:03:00 -0700 -Subject: [PATCH] Fix #4: Use gcc trick for variadic macros. Does this break - anyone else? - ---- - src/include/spf_log.h | 8 ++++---- - 1 file changed, 4 insertions(+), 4 deletions(-) - -diff --git a/src/include/spf_log.h b/src/include/spf_log.h -index 0d2adeb..9b09714 100644 ---- a/src/include/spf_log.h -+++ b/src/include/spf_log.h -@@ -60,10 +60,10 @@ void SPF_debugv( const char *file, int line, const char *format, va_list ap ) __ - - #if defined( __STDC_VERSION__ ) && __STDC_VERSION__ >= 199901L - --#define SPF_errorf(format, ... ) SPF_errorx( __FILE__, __LINE__, format, __VA_ARGS__ ) --#define SPF_warningf(format, ... ) SPF_warningx( __FILE__, __LINE__, format, __VA_ARGS__ ) --#define SPF_infof(format, ... ) SPF_infox( __FILE__, __LINE__, format, __VA_ARGS__ ) --#define SPF_debugf(format, ... ) SPF_debugx( __FILE__, __LINE__, format, __VA_ARGS__ ) -+#define SPF_errorf(format, ... ) SPF_errorx( __FILE__, __LINE__, format, ##__VA_ARGS__ ) -+#define SPF_warningf(format, ... ) SPF_warningx( __FILE__, __LINE__, format, ##__VA_ARGS__ ) -+#define SPF_infof(format, ... ) SPF_infox( __FILE__, __LINE__, format, ##__VA_ARGS__ ) -+#define SPF_debugf(format, ... ) SPF_debugx( __FILE__, __LINE__, format, ##__VA_ARGS__ ) - - #elif defined( __GNUC__ ) - diff --git a/mail-filter/libspf2/libspf2-1.2.10.ebuild b/mail-filter/libspf2/libspf2-1.2.10.ebuild deleted file mode 100644 index d7b1626..0000000 --- a/mail-filter/libspf2/libspf2-1.2.10.ebuild +++ /dev/null @@ -1,46 +0,0 @@ -# Copyright 1999-2015 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 - -EAPI=5 -inherit eutils autotools - -DESCRIPTION="libspf2 implements the Sender Policy Framework, a part of the SPF/SRS protocol pair" -HOMEPAGE="http://www.libspf2.org" -SRC_URI="http://www.libspf2.org/spf/libspf2-${PV}.tar.gz" - -LICENSE="|| ( LGPL-2.1 BSD-2 )" -SLOT="0" -KEYWORDS="alpha amd64 ~arm hppa ia64 ppc ppc64 sparc x86 ~x86-fbsd" -IUSE="static static-libs" - -DEPEND="" -RDEPEND="!dev-perl/Mail-SPF-Query" -REQUIRED_USE="static? ( static-libs )" - -src_prepare() { - epatch "${FILESDIR}/${PN}-1.2.10-varargs.patch" - - if ! use static; then - sed -i -e '/bin_PROGRAMS/s/spfquery_static//' src/spfquery/Makefile.am \ - -e '/bin_PROGRAMS/s/spftest_static//' src/spftest/Makefile.am \ - -e '/bin_PROGRAMS/s/spfd_static//' src/spfd/Makefile.am \ - -e '/bin_PROGRAMS/s/spf_example_static//' src/spf_example/Makefile.am \ - || die - #eautoreconf - fi - - sed -i 's/AM_CONFIG_HEADER/AC_CONFIG_HEADERS/' configure.ac || die - eautoreconf -} - -src_configure() { - econf \ - $(use_enable static-libs static) -} - -src_install() { - emake DESTDIR="${D}" install - dodoc README TODO INSTALL - - use static-libs || rm -f "${D}"/usr/lib*/libspf2.la -} diff --git a/mail-filter/libspf2/metadata.xml b/mail-filter/libspf2/metadata.xml deleted file mode 100644 index 47e3c49..0000000 --- a/mail-filter/libspf2/metadata.xml +++ /dev/null @@ -1,9 +0,0 @@ - - - - - net-mail@gentoo.org - Net-Mail - -libspf2 implements the Sender Policy Framework, a part of the SPF/SRS protocol pair. libspf2 is a library which allows email systems such as Sendmail, Postfix, Exim, Zmailer and MS Exchange to check SPF records and make sure that the email is authorized by the domain name that it is coming from. This prevents email forgery, commonly used by spammers, scammers and email viruses/worms. - diff --git a/mail-filter/razor/Manifest b/mail-filter/razor/Manifest deleted file mode 100644 index a962682..0000000 --- a/mail-filter/razor/Manifest +++ /dev/null @@ -1,6 +0,0 @@ -AUX razor-2.85-cosmetic-pv-fix.patch 616 BLAKE2B 58def0277c1142b664f65ae9f6e7f312f51ae5a926379616818fda3f0c450b7d157b12fb1777603ac70731d55ca9059708c3c70100c930bdb0371ef60d5b23aa SHA512 c7e7985e779185d704d88ff4c39d106df46ba20daee92c4a4410e8a1af7d4c31bdca0646018fb5d1f7d58e106036c8442a0fa2635b39a5e1df2a259f79eced91 -AUX razor-2.85-fix-makefile.patch 442 BLAKE2B 70158f913fff2313d08ef8067758a38466f690df2756b0e59d6f615a56e3898d30966d0e3055841365d1659a23e0cc36d9b7b71eb64992cea66f349404a85559 SHA512 5e0f9f9a4e59d0e0f243dd70dda14c780abb8b3451dfc35c36dfb3c79ab8911b4657d871c25017bab8d18bbd20d204f35be3beff9b7cd3caf74dbf2cff025811 -AUX razor-2.85-use-sha-not-sha1.patch 3897 BLAKE2B 5cbdd0cbf6a80f4d2e1eba364d2db5ef972368257110daaf07c8ee6444884b07ff930184a4c92c1b0e7af89cfd5384ada7d00ddd79114c799bc8ad34e8f61a51 SHA512 891a93408f56bb6a7b43814a501cce8775c51abe7cf227c39dd18699ac5f4c1aa5484842435edda58f7141a87e5ebe1496bfe959afab09fb44c3558c66511289 -DIST razor-agents-2.85.tar.bz2 81691 BLAKE2B fdb389ca4192dc2a3b87935fe97a4750ab715ae163aa1cf8adf5c6dd54e8e2f2ca53f1fcc37505b5ea0ec4e9bdb78a14ae8b30fca770de80a2a69e3e534ec3ab SHA512 31dded1969dde963389a5939514c29638ad07f45dbb2f4c633cf20ebc4abab94e65e9a6d8885233cdde686ef365aab11fa5eba2ca38d79c5b8fab689143ff5db -EBUILD razor-2.85-r2.ebuild 2757 BLAKE2B f112237a2c381f1e1f740a2e30792fce5fa0c2dc1a316a8073f208460b33849cd5ffc858d32db357da6c506a5d12949bcefdc6524b29b34c5bbfd1d89b72083e SHA512 cc5fa4467597de39bc2c9f626eb6297284e144f06ff9cee4fde551f918bf9231f2c63e54fd1944bf0388d0c5083f52d43ba35a5ee56b1fb5c7d2d011db4c81e3 -MISC metadata.xml 705 BLAKE2B d0672ed0f1b55a34b285b706ed221673caf3bdba562c4f981f0e9a711f15a55213058568ff853e0469578bf569c8ae3a8095a27f3791ec3b015482d4ca570d03 SHA512 7634caefc54a09f7c83ae77103110e4f48641b1d6f1a091951a9e969c934303bdb4227120eec35cf46c1000f414782436c7eb8248f59b8bd4dcd4dbcce1047b7 diff --git a/mail-filter/razor/files/razor-2.85-cosmetic-pv-fix.patch b/mail-filter/razor/files/razor-2.85-cosmetic-pv-fix.patch deleted file mode 100644 index c391d48..0000000 --- a/mail-filter/razor/files/razor-2.85-cosmetic-pv-fix.patch +++ /dev/null @@ -1,22 +0,0 @@ ---- a/lib/Razor2/Client/Version.pm 2007-05-10 22:32:10.000000000 +0200 -+++ b/lib/Razor2/Client/Version.pm 2010-03-25 11:11:36.911409707 +0100 -@@ -14,7 +14,7 @@ - - $PROTOCOL = 3; - --$VERSION = '2.84'; -+$VERSION = '2.85'; - - 1; - ---- a/META.yml 2007-05-23 20:29:34.000000000 +0200 -+++ b/META.yml 2010-03-25 11:11:43.691408628 +0100 -@@ -1,7 +1,7 @@ - # http://module-build.sourceforge.net/META-spec.html - #XXXXXXX This is a prototype!!! It will change in the future!!! XXXXX# - name: razor-agents --version: 2.84 -+version: 2.85 - version_from: lib/Razor2/Client/Version.pm - installdirs: site - requires: diff --git a/mail-filter/razor/files/razor-2.85-fix-makefile.patch b/mail-filter/razor/files/razor-2.85-fix-makefile.patch deleted file mode 100644 index d6d1e42..0000000 --- a/mail-filter/razor/files/razor-2.85-fix-makefile.patch +++ /dev/null @@ -1,14 +0,0 @@ ---- Makefile.PL.orig 2007-05-09 00:47:53.000000000 +0200 -+++ Makefile.PL 2017-04-25 19:38:38.082079219 +0200 -@@ -140,9 +140,9 @@ - my $inherited = $self->SUPER::install(@_); - - my $man5 = q{ \\ -- $(INST_MAN5DIR) $(INSTALLMAN5DIR)}; -+ "$(INST_MAN5DIR)" "$(INSTALLMAN5DIR)"}; - -- $inherited =~ s/(\$\((?:DEST)?INSTALL\w*MAN1DIR\))/$1$man5/gm; -+ $inherited =~ s/("\$\((?:DEST)?INSTALL\w*MAN1DIR\)")/$1$man5/gm; - - return $inherited; - } diff --git a/mail-filter/razor/files/razor-2.85-use-sha-not-sha1.patch b/mail-filter/razor/files/razor-2.85-use-sha-not-sha1.patch deleted file mode 100644 index 8e90ce2..0000000 --- a/mail-filter/razor/files/razor-2.85-use-sha-not-sha1.patch +++ /dev/null @@ -1,119 +0,0 @@ -Patch-URL: http://cvs.fedoraproject.org/viewvc/devel/perl-Razor-Agent/razor-agents-2.85-use-sha-not-sha1.patch?view=log - -diff -urN razor-agents-2.85.orig/lib/Razor2/Client/Engine.pm razor-agents-2.85/lib/Razor2/Client/Engine.pm ---- razor-agents-2.85.orig/lib/Razor2/Client/Engine.pm 2005-06-13 19:42:25.000000000 -0400 -+++ razor-agents-2.85/lib/Razor2/Client/Engine.pm 2009-11-01 13:45:08.125369192 -0500 -@@ -1,7 +1,6 @@ - package Razor2::Client::Engine; - - use strict; --use Digest::SHA1 qw(sha1_hex); - use Data::Dumper; - use Razor2::Signature::Ephemeral; - use Razor2::Engine::VR8; -diff -urN razor-agents-2.85.orig/lib/Razor2/Signature/Ephemeral.pm razor-agents-2.85/lib/Razor2/Signature/Ephemeral.pm ---- razor-agents-2.85.orig/lib/Razor2/Signature/Ephemeral.pm 2003-03-03 18:09:50.000000000 -0500 -+++ razor-agents-2.85/lib/Razor2/Signature/Ephemeral.pm 2009-11-01 13:45:08.125369192 -0500 -@@ -2,9 +2,13 @@ - - package Razor2::Signature::Ephemeral; - use strict; --use Digest::SHA1; - use Data::Dumper; - -+BEGIN { -+ eval { require Digest::SHA; import Digest::SHA qw(sha1_hex); 1 } -+ or do { require Digest::SHA1; import Digest::SHA1 qw(sha1_hex) } -+} -+ - sub new { - - my ($class, %args) = @_; -@@ -86,16 +90,12 @@ - } - - my $digest; -- my $ctx = Digest::SHA1->new; - - if ($seclength > 128) { -- $ctx->add($section1); -- $ctx->add($section2); -- $digest = $ctx->hexdigest; -+ $digest = sha1_hex($section1, $section2); - } else { - debug("Sections too small... reverting back to orginal content."); -- $ctx->add($content); -- $digest = $ctx->hexdigest; -+ $digest = sha1_hex($content); - } - - debug("Computed e-hash is $digest"); -diff -urN razor-agents-2.85.orig/lib/Razor2/Signature/Whiplash.pm razor-agents-2.85/lib/Razor2/Signature/Whiplash.pm ---- razor-agents-2.85.orig/lib/Razor2/Signature/Whiplash.pm 2007-05-08 18:22:36.000000000 -0400 -+++ razor-agents-2.85/lib/Razor2/Signature/Whiplash.pm 2009-11-01 13:45:08.124368017 -0500 -@@ -7,7 +7,10 @@ - - package Razor2::Signature::Whiplash; - --use Digest::SHA1; -+BEGIN { -+ eval { require Digest::SHA; import Digest::SHA qw(sha1_hex); 1 } -+ or do { require Digest::SHA1; import Digest::SHA1 qw(sha1_hex) } -+} - - sub new { - -@@ -683,13 +686,8 @@ - # the value of length to the nearest multiple of ``length_error''. - # Take the first 20 hex chars from SHA1 and call it the signature. - -- my $sha1 = Digest::SHA1->new(); -- -- $sha1->add($host); -- $sig = substr $sha1->hexdigest, 0, 12; -- -- $sha1->add($corrected_length); -- $sig .= substr $sha1->hexdigest, 0, 4; -+ $sig = substr sha1_hex($host), 0, 12; -+ $sig .= substr sha1_hex($corrected_length), 0, 4; - - push @sigs, $sig; - $sig_meta{$sig} = [$host, $corrected_length]; -diff -urN razor-agents-2.85.orig/lib/Razor2/String.pm razor-agents-2.85/lib/Razor2/String.pm ---- razor-agents-2.85.orig/lib/Razor2/String.pm 2005-06-13 17:09:59.000000000 -0400 -+++ razor-agents-2.85/lib/Razor2/String.pm 2009-11-01 13:45:08.123368518 -0500 -@@ -1,11 +1,15 @@ - # $Id$ - package Razor2::String; - --use Digest::SHA1 qw(sha1_hex); - use URI::Escape; - use Razor2::Preproc::enBase64; - use Data::Dumper; - -+BEGIN { -+ eval { require Digest::SHA; import Digest::SHA qw(sha1_hex); 1 } -+ or do { require Digest::SHA1; import Digest::SHA1 qw(sha1_hex) } -+} -+ - #use MIME::Parser; - - require Exporter; -@@ -69,15 +73,8 @@ - return unless $text && $iv1 && $iv2; - die "no ref's allowed" if ref($text); - -- my $ctx = Digest::SHA1->new; -- $ctx->add($iv2); -- $ctx->add($text); -- my $digest = $ctx->hexdigest; -- -- $ctx = Digest::SHA1->new; -- $ctx->add($iv1); -- $ctx->add($digest); -- $digest = $ctx->hexdigest; -+ my $digest = sha1_hex($iv2, $text); -+ $digest = sha1_hex($iv1, $digest); - - return (hextobase64($digest), $digest); - } diff --git a/mail-filter/razor/metadata.xml b/mail-filter/razor/metadata.xml deleted file mode 100644 index db02698..0000000 --- a/mail-filter/razor/metadata.xml +++ /dev/null @@ -1,23 +0,0 @@ - - - - - proxy-maint@gentoo.org - Proxy Maintainers - - - net-mail@gentoo.org - Net-Mail - - - razor-admin@cloudmark.com - - A contact designated by upstream developers. This email address - should always be added to CC list of any Razor bug that needs - upstream care. - - - - razor - - diff --git a/mail-filter/razor/razor-2.85-r2.ebuild b/mail-filter/razor/razor-2.85-r2.ebuild deleted file mode 100644 index 3d670a3..0000000 --- a/mail-filter/razor/razor-2.85-r2.ebuild +++ /dev/null @@ -1,79 +0,0 @@ -# Copyright 1999-2014 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 - -EAPI=5 - -inherit perl-module - -MY_PN="razor-agents" -MY_P="${MY_PN}-${PV}" -DESCRIPTION="Vipul's Razor is a distributed, collaborative spam detection and filtering network" -HOMEPAGE="http://razor.sourceforge.net/" -SRC_URI="mirror://sourceforge/razor/${MY_P}.tar.bz2" - -LICENSE="Artistic" -SLOT="0" -KEYWORDS="alpha amd64 hppa ppc ppc64 sparc x86 ~amd64-linux ~x86-linux ~x86-macos" -# This package warrants IUSE doc -IUSE="" - -DEPEND="" - -RDEPEND="dev-perl/Net-DNS - virtual/perl-Net-Ping - virtual/perl-Time-HiRes - || ( virtual/perl-Digest-SHA dev-perl/Digest-SHA1 ) - dev-perl/URI - dev-perl/Digest-Nilsimsa" - -PATCHES=( - "${FILESDIR}/${PN}-2.85-use-sha-not-sha1.patch" - "${FILESDIR}/${PN}-2.85-cosmetic-pv-fix.patch" - "${FILESDIR}/${PN}-2.85-fix-makefile.patch" - ) - -S=${WORKDIR}/${MY_P} -# Install docs/ content -mydoc="docs/*" -SRC_TEST="do parallel" - -pkg_postinst() { - elog - elog "Run 'razor-admin -create' to create a default config file in your" - elog "home directory under /home/user/.razor. (Remember to change user to" - elog "your username from root before running razor-admin)" - elog - elog "Razor v2 requires reporters to be registered so their reputations can" - elog "be computed over time and they can participate in the revocation" - elog "mechanism. Registration is done with razor-admin -register. It has to be" - elog "manually invoked in either of the following ways:" - elog - elog "To register user foo with 's1kr3t' as password: " - elog - elog "razor-admin -register -user=foo -pass=s1kr3t" - elog - elog "To register with an email address and have the password assigned:" - elog - elog "razor-admin -register -user=foo@bar.com " - elog - elog "To have both (random) username and password assgined: " - elog - elog "razor-admin -register " - elog - elog "razor-admin -register negotiates a registration with the Nomination Server" - elog "and writes the identity information in" - elog "/home/user/.razor/identity-username, or /etc/razor/identity-username" - elog "when invoked as root." - elog - elog "You can edit razor-agent.conf to change the defaults. Config options" - elog "and their values are defined in the razor-agent.conf(5) manpage." - elog - elog "The next step is to integrate razor-check, razor-report and" - elog "razor-revoke in your mail system. If you are running Razor v1, the" - elog "change will be transparent, new versions of razor agents will overwrite" - elog "the old ones. You would still need to plugin razor-revoke in your MUA," - elog "since it's a new addition in Razor v2. If you are not running Razor v1," - elog "refer to manpages of razor-check(1), razor-report(1), and" - elog "razor-revoke(1) for integration instructions." - elog -} diff --git a/media-libs/xine-lib/Manifest b/media-libs/xine-lib/Manifest deleted file mode 100644 index 4a8ecb3..0000000 --- a/media-libs/xine-lib/Manifest +++ /dev/null @@ -1,3 +0,0 @@ -DIST xine-lib-1.2.10.tar.xz 5226116 BLAKE2B e1bc088814c951ff56e55b626fe1f6f34c3da744e716de369a68e6c82a5adc414b452675ad19a5f82500bade6795b54efd503de8ffe4f1e65b534317ca0a26af SHA512 1cbe033da606d67a0a59f19968b2fe1cb46eaeb32c4b4aca7b91125b7230e15bd36d1e3e39e48e6eda56e556018f9f9bf84acb0012d3dd634306e7110fdc4c5f -EBUILD xine-lib-1.2.10.ebuild 5146 BLAKE2B e69301e844e4bf610228ba272a36b81fd357ef6597d18968f3ff91aa153dc89f85e93f51591959dd6e44aac30df6c51a100cc645e948aadb200764071c829944 SHA512 0a421c1b0775e7012e7cc20cdbf7fb5c71123f81e5101445a3621d79e0ceb91d00d41601b4fb2f50cc12ce6178db207605b79f1f18b73698ecff919c98c5fad9 -MISC metadata.xml 2498 BLAKE2B 949a34fcf5204424c2a565ce2329b3f878e4ef817882839bbec09a6d721a8756be6dc37eff2a0bb7e007d333e2bc4896ac6c853f7fe5b1f9c8f4ed3a66ada640 SHA512 f975a8763a3f31a27a769e4649cd7c6ecd113cb4fcd36556f5f7830b9de989be219a0c9f90db4a4df87e9ffd584d4c2e86346da084c95d32dc17adcc30f98c28 diff --git a/media-libs/xine-lib/metadata.xml b/media-libs/xine-lib/metadata.xml deleted file mode 100644 index dddaa67..0000000 --- a/media-libs/xine-lib/metadata.xml +++ /dev/null @@ -1,65 +0,0 @@ - - - - - media-video@gentoo.org - - - - Enable playback of Blu-ray filesystems using media-libs/libbluray - - - Enable support for DXR3 mpeg acceleration cards. - - - Build the media-libs/flac based FLAC demuxer and decoder. This - flag is not needed for playing FLAC content, neither standalone nor in Ogg - container (OggFLAC), but might have better support for exotic features like - 24-bit samples or 96kHz sample rates. - - - Build the gdkpixbuf-based image decoder plugin. - - - Build the ImageMagick-based image decoder plugin. - - - Build the media-libs/libmad based mp3 decoder. This mp3 decoder - has superior support compared to the one coming from FFmpeg that is used as - a fallback. If you experience any bad behaviour with mp3 files (skipping, - distorted sound) make sure you enabled this USE flag. - - - Use mmap() function while reading file from local disks. Using mmap() will - use more virtual memory space, but leaves to the Kernel the task of caching - the file's data. mmap() access should be faster, but might misbehave if the - device where the file resides in is removed during playback. - - - Use media-libs/freetype for font rendering and - media-libs/fontconfig for font discovery. Enabling this USE flag - will allow OSD (such as subtitles) to use more advanced font and to more - easily select which font to use. The support for TrueType fonts in xine-lib - is still experimental, and might not be as good looking as the bitmap fonts - used with this USE flag disabled. - - - Build the VDR plugin - - - Enable support for vidix video output. - - - Adds support for SIMD optimizations for UltraSPARC processors. - - - Enable VP8 codec support via media-libs/libvpx. - - - Enable support for XVideo Motion Compensation (accelerated mpeg playback). - - - - xine - - diff --git a/media-libs/xine-lib/xine-lib-1.2.10.ebuild b/media-libs/xine-lib/xine-lib-1.2.10.ebuild deleted file mode 100644 index 5e74cb9..0000000 --- a/media-libs/xine-lib/xine-lib-1.2.10.ebuild +++ /dev/null @@ -1,222 +0,0 @@ -# Copyright 1999-2020 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=6 - -inherit flag-o-matic libtool - -if [[ ${PV} == *9999* ]]; then - EHG_REPO_URI="http://hg.code.sf.net/p/xine/xine-lib-1.2" - inherit autotools mercurial - unset NLS_IUSE - NLS_DEPEND="sys-devel/gettext" - NLS_RDEPEND="virtual/libintl" -else - KEYWORDS="amd64 arm64 ~hppa ppc ppc64 x86" - SRC_URI="mirror://sourceforge/xine/${P}.tar.xz" - NLS_IUSE="nls" - NLS_DEPEND="nls? ( sys-devel/gettext )" - NLS_RDEPEND="nls? ( virtual/libintl )" -fi - -DESCRIPTION="Core libraries for Xine movie player" -HOMEPAGE="http://xine.sourceforge.net/" - -LICENSE="GPL-2" -SLOT="1" -IUSE="a52 aac aalib +alsa altivec bluray +css dts dvb dxr3 fbcon flac gtk imagemagick ipv6 jack jpeg libcaca mad +mmap mng modplug musepack opengl oss pulseaudio samba sdl sftp speex theora truetype v4l vaapi vcd vdpau vdr vidix +vis vorbis vpx wavpack wayland +X xinerama +xv xvmc ${NLS_IUSE}" - -RDEPEND="${NLS_RDEPEND} - dev-libs/libxdg-basedir - media-libs/libdvdnav - media-video/ffmpeg:0= - sys-libs/zlib:= - virtual/libiconv - a52? ( media-libs/a52dec ) - aac? ( media-libs/faad2 ) - aalib? ( media-libs/aalib ) - alsa? ( media-libs/alsa-lib ) - bluray? ( >=media-libs/libbluray-0.2.1:= ) - css? ( >=media-libs/libdvdcss-1.2.10 ) - dts? ( media-libs/libdca ) - dxr3? ( media-libs/libfame ) - flac? ( media-libs/flac ) - gtk? ( x11-libs/gdk-pixbuf:2 ) - imagemagick? ( virtual/imagemagick-tools ) - jack? ( virtual/jack ) - jpeg? ( virtual/jpeg:0 ) - libcaca? ( media-libs/libcaca ) - mad? ( media-libs/libmad ) - mng? ( media-libs/libmng:= ) - modplug? ( >=media-libs/libmodplug-0.8.8.1 ) - musepack? ( >=media-sound/musepack-tools-444 ) - opengl? ( - virtual/glu - virtual/opengl - ) - pulseaudio? ( media-sound/pulseaudio ) - samba? ( net-fs/samba ) - sdl? ( media-libs/libsdl ) - sftp? ( net-libs/libssh2 ) - speex? ( - media-libs/libogg - media-libs/speex - ) - theora? ( - media-libs/libogg - media-libs/libtheora - ) - truetype? ( - media-libs/fontconfig - media-libs/freetype:2 - ) - v4l? ( media-libs/libv4l ) - vaapi? ( x11-libs/libva:0=[X,opengl] ) - vcd? ( - >=media-video/vcdimager-0.7.23 - dev-libs/libcdio:0=[-minimal] - ) - vdpau? ( x11-libs/libvdpau ) - vorbis? ( - media-libs/libogg - media-libs/libvorbis - ) - vpx? ( media-libs/libvpx:0= ) - wavpack? ( media-sound/wavpack ) - wayland? ( dev-libs/wayland ) - X? ( - x11-libs/libX11 - x11-libs/libXext - x11-libs/libxcb - ) - xinerama? ( x11-libs/libXinerama ) - xv? ( x11-libs/libXv ) - xvmc? ( x11-libs/libXvMC ) -" -DEPEND="${RDEPEND} - ${NLS_DEPEND} - app-arch/xz-utils - >=sys-devel/libtool-2.2.6b - virtual/pkgconfig - oss? ( virtual/os-headers ) - v4l? ( virtual/os-headers ) - X? ( - x11-base/xorg-proto - x11-libs/libXt - ) - xv? ( x11-base/xorg-proto ) - xvmc? ( x11-base/xorg-proto ) - xinerama? ( x11-base/xorg-proto ) -" -REQUIRED_USE=" - vidix? ( || ( X fbcon ) ) - xv? ( X ) - xinerama? ( X ) -" - -src_prepare() { - default - - sed -i -e '/define VDR_ABS_FIFO_DIR/s|".*"|"/var/vdr/xine"|' src/vdr/input_vdr.c || die - - if [[ "${PV}" = *9999* ]] ; then - eautoreconf - else - elibtoolize - fi - - local x - for x in 0 1 2 3; do - sed -i -e "/^O${x}_CFLAGS=\"-O${x}\"/d" configure || die - done -} - -src_configure() { - [[ ${CHOST} == i?86-* ]] && append-flags -fomit-frame-pointer #422519 - - local win32dir #197236 - if has_multilib_profile; then - win32dir=/usr/$(ABI="x86" get_libdir)/win32 - else - win32dir=/usr/$(get_libdir)/win32 - fi - - local myconf=( - --disable-directfb - --disable-gnomevfs - --disable-optimizations - --disable-real-codecs - --disable-v4l - --disable-w32dll - --enable-avformat - --with-external-dvdnav - --with-real-codecs-path=/usr/$(get_libdir)/codecs - --with-w32-path=${win32dir} - --with-xv-path=/usr/$(get_libdir) - --without-esound - --without-fusionsound - $(use_enable a52 a52dec) - $(use_enable aac faad) - $(use_enable aalib) - $(use_enable altivec) - $(use_enable bluray) - $(use_enable dts) - $(use_enable dvb) - $(use_enable dxr3) - $(use_enable fbcon fb) - $(use_enable gtk gdkpixbuf) - $(use_enable ipv6) - $(use_enable jpeg libjpeg) - $(use_enable mad) - $(use_enable mmap) - $(use_enable mng) - $(use_enable modplug) - $(use_enable musepack) - $(use_enable opengl) - $(use_enable opengl glu) - $(use_enable oss) - $(use_enable samba) - $(use_enable sftp) - $(use_enable v4l libv4l) - $(use_enable v4l v4l2) - $(use_enable vaapi) - $(use_enable vdpau) - $(use_enable vis) - $(use_enable vidix) - $(use_enable xinerama) - $(use_enable xvmc) - $(use_enable vcd) - $(use_enable vdr) - $(use_enable vpx) - $(use_enable wayland) - $(use_with alsa) - $(use_with flac libflac) - $(use_with imagemagick) - $(use_with jack) - $(use_with libcaca caca) - $(use_with pulseaudio) - $(use_with sdl) - $(use_with speex) - $(use_with theora) - $(use_with truetype fontconfig) - $(use_with truetype freetype) - $(use_with vorbis) - $(use_with wavpack) - $(use_with X x) - $(use_with X xcb) - ) - [[ ${PV} == *9999* ]] || myconf+=( $(use_enable nls) ) - - econf "${myconf[@]}" -} - -src_compile() { - # enable verbose building, bug #448140 - emake V=1 -} - -src_install() { - default - find "${D}" -name '*.la' -delete || die - rm -f "${ED}"usr/share/doc/${PF}/COPYING || die -} diff --git a/net-misc/openssh1/Manifest b/net-misc/openssh1/Manifest deleted file mode 100644 index 1a750af..0000000 --- a/net-misc/openssh1/Manifest +++ /dev/null @@ -1,17 +0,0 @@ -AUX openssh1-6.7_p1-openssl-ignore-status.patch 765 BLAKE2B 6ddc498cef115a38054eb8f1fddac34048b94592e54f8e31dc11717fe872f3d66a7e6877d2449102fbe18a0ee2a35732991abe946b1fe10abfa48bbec6871b26 SHA512 ab15d6dfdb8d59946684501f6f30ac0eb82676855b7b57f19f2027a7ada072f9062fcb96911111a50cfc3838492faddd282db381ec83d22462644ccddccf0ae7 -AUX openssh1-7.3-mips-seccomp-n32.patch 634 BLAKE2B 12e931e6c2364d4cdd3f0d9ef8cf72665b65fedc7e8211a75250abe1bf359460afdf9707fdd7f9be8b8f8fd8fe40fdaddcd842da741c4b63fef94c364738cd26 SHA512 eba3e843d3714501a1df3161d02134c54c8ce584db3af698b87d303fc17c16635bd06db4d7c2d9bb47f461c3b211d870b480fd927f4563207e11c9ed2c446770 -AUX openssh1-7.5_p1-CVE-2017-15906.patch 1180 BLAKE2B 37fca347fc1fa969f410d514a76b3d7133914aa14c7ef577e6eb0b2f96b936313b20635c6cc23b5e91e3643e26c899e992b82769a5df6568d058eb4f7a43fab8 SHA512 dfba25e9962e4398688d5e6f9311de44931ea5292d7d50c69d8056838ceb41ce099c44f849c204f7b421515c3aa40bde6e9b98b80b9e99aa113c222841daecd4 -AUX openssh1-7.5_p1-GSSAPI-dns.patch 11137 BLAKE2B a54ed4d6f81632ae03523b7b61f750402d178d3213ec310bc0e57c0705ed67607a89a786d429599395722eaf40b2fb591c5b8de87ffc4f1dd7f6713b543c31c2 SHA512 f84e1d3fdda7a534d9351884caaefc136be7599e735200f0393db0acad03a57abe6585f9402018b50e3454e6842c3281d630120d479ff819f591c4693252dd0e -AUX openssh1-7.5_p1-cross-cache.patch 1220 BLAKE2B 7176b86024b072ff601421143f8567e4e47de3d89b1d865bc92405da75bf7c64fa50b9f746d9c494dbf64bc09e04afc1960f673e68ea1d072a5381027afea63d SHA512 03cf3b5556fcf43c7053d1550c8aa35189759a0a2274a67427b28176ba7938b8d0019992de25fb614dc556c5f45a67649bb5d2d82889ac2c37edd986fc632550 -AUX openssh1-7.5_p1-disable-conch-interop-tests.patch 554 BLAKE2B f5f45c000ec26c1f783669c3447ea3c80c5c0f9b971b86ca1e79e99e906a90a519abb6b14db462f5766572e9759180719ea44f048ef5aa8efc37efb61d2b6ef7 SHA512 f35b15f1e8d0eb276d748ee14c71004c6599ddb124c33e2f84623bc9eb02bb4fd4680d25d0ba0289d6a723a526c95c9a56b30496bdaa565bae853bf3d1bab61f -AUX openssh1-7.5_p1-hpn-x509-10.2-glue.patch 2847 BLAKE2B 8a6151ab121871e4f2d93ace0e07dce1106c6841031cacfb197e00cc76fc1d0cf153aae52757dcf98a5fb89971125493d0572bd4964d0e59cb3f391fd1256aef SHA512 bc23fdf5995ae38ff166f12f64082f79a2135ca28f2240e89bee42b1e3ba39ce94467ece9ddea99173f1829b09b069dbf56a0bce7dfd1ae5f63c12f73b5ffba7 -AUX openssh1-7.5_p1-openssl-1.1.patch 112165 BLAKE2B d313d95d1844e0125dcc322f7efa6175a2b22043e323eec28a8fdc5e9eb109476d469e84f946918679d1e9a42c2096f1b0107c290d498b63a6f741932dea33b8 SHA512 88a148992e3c7234135e95701c9724064072e713494dbfcbc29072d2e5c6282605a21ffee5ed0c49a172f05b3a9af09affee7cc4b44924a441dba5f18b90f0fb -AUX openssh1-7.5_p1-s390-seccomp.patch 624 BLAKE2B 0bf595d72cd65993dde4e5aae0a3e091bb48021ef8affa84c988d55d9fe6a823b0329b6d9707c88e1556d45c304b6630ade7008f63fd649975594a75f570bb33 SHA512 058dc269eb032151e88e0ac79a0b0fd6fcd56d489e90e299ee431b1475a8f8080e8f4649244864af33e743820b081c9f90b32a1a93b8b60feeb491c0201a4d61 -AUX openssh1-7.5_p1-ssh1.patch 8014 BLAKE2B a1dcbdf480f5800bc56a41834961c44e8f32ca16758f36155204605ceb3e672c3d86e3042fff42f979a1eecd13de1c155c912cf81b23d29c9fe3590a73c7fcb9 SHA512 73b5a1e3a7d0c241ccf2a7b146d72fa3066e7732a9400845b97a38640ebc4469691c295009dd6a2b58895fc08fd7161ac48b28403ba594cb78bc4062425e05f0 -AUX openssh1-7.5_p1-x32-typo.patch 772 BLAKE2B 3f27d669ee76e191f2f6f7c7d86b1d9cb7297cecf17b2d88d86ef498c9ca35231adb0edc9fb811698ec86fd65527cc3fe9f2ce514836aebe5dc27bca2a3a55dc SHA512 20d19301873d4b8e908527f462f40c2f4a513d0bb89d4c7b885f9fc7eb5d483eea544eb108d87ff6aaa3d988d360c2029910c18f7125c96e8367485553f59a5e -DIST openssh-7.4_p1-sctp.patch.xz 8220 BLAKE2B 2d571cacaab342b7950b42ec826bd896edf78780e9ee73fcd441cbc9764eb59e408e295062862db986918824d10498383bf34ae7c93df0da2c056eaec4d2c031 SHA512 0c199e3b26949482125aeaa88216b2458292589e3eac8908d9134d13a1cae891094fcb0f752ed3009b3126cc72277b460205f39140c251792eb1b545271c3bd4 -DIST openssh-7.5p1+x509-10.2.diff.gz 467040 BLAKE2B 4048b0f016bf7d43276f88117fc266d1a450d298563bfc6ce705ec2829b8f9d91af5c5232941d55004b5aea2d3e0fb682a9d4acd9510c9761ba7ede2f2f0e37f SHA512 ec760d38771749d09afc8d720120ea2aa065c1c7983898b45dba74a4411f7e61e7705da226864e1e8e62e2261eecc3a4ab654b528c71512a07798824d9fb1a9a -DIST openssh-7.5p1-hpnssh14v12.tar.xz 23068 BLAKE2B 15702338877e50c2143b33b93bfc87d0aa0fa55915db1f0cab9c22e55f8aa0c6eeb5a56f438d849544d1650bdc574384b851292d621b79f673b78bc37617aa0b SHA512 45c42090a212b9ce898fbaa8284ddf0f0d17236af13c4a780e00bf265b0c7a4286027e90a7ce9ad70066309db722709dd2f0a7914f57e5364ffbaf7c4859cdf9 -DIST openssh-7.5p1.tar.gz 1510857 BLAKE2B 505764a210018136456c0f5dd40ad9f1383551c3ae037593d4296305df189e0a6f1383adc89b1970d58b8dcfff391878b7a29b848cc244a99705a164bec5d734 SHA512 58c542e8a110fb4316a68db94abb663fa1c810becd0638d45281df8aeca62c1f705090437a80e788e6c29121769b72a505feced537d3118c933fde01b5285c81 -DIST openssh-lpk-7.5p1-0.3.14.patch.xz 17040 BLAKE2B 5b2204316dd244bb8dd11db50d5bc3a194e2cc4b64964a2d3df68bbe54c53588f15fc5176dbc3811e929573fa3e41cf91f412aa2513bb9a4b6ed02c2523c1e24 SHA512 9ce5d7e5d831c972f0f866b686bf93a048a03979ab38627973f5491eeeaa45f9faab0520b3a7ed90a13a67213fdc9cd4cf11e423acad441ea91b71037c8b435b -EBUILD openssh1-7.5_p1-r5.ebuild 9583 BLAKE2B 4a791054d59bf13cdaef18a445a53e98fe28366eb51b364e9b0ad9cf3960ca3455db1d26f1a430b3aaa6bf6796071edd16b8f4c8a7a8aa112c415ac30025657a SHA512 0d3556af1a92a3a3d1bc78be3e90e7b60fca112c4e699926beb16ebc20ef179adc1dfb3452a7caa44d2155e49feeb93477b55fd6ba7cdf8c7540b7a6e74c3a4e diff --git a/net-misc/openssh1/files/openssh1-6.7_p1-openssl-ignore-status.patch b/net-misc/openssh1/files/openssh1-6.7_p1-openssl-ignore-status.patch deleted file mode 100644 index fa33af3..0000000 --- a/net-misc/openssh1/files/openssh1-6.7_p1-openssl-ignore-status.patch +++ /dev/null @@ -1,17 +0,0 @@ -the last nibble of the openssl version represents the status. that is, -whether it is a beta or release. when it comes to version checks in -openssh, this component does not matter, so ignore it. - -https://bugzilla.mindrot.org/show_bug.cgi?id=2212 - ---- a/openbsd-compat/openssl-compat.c -+++ b/openbsd-compat/openssl-compat.c -@@ -58,7 +58,7 @@ ssh_compatible_openssl(long headerver, long libver) - * For versions >= 1.0.0, major,minor,status must match and library - * fix version must be equal to or newer than the header. - */ -- mask = 0xfff0000fL; /* major,minor,status */ -+ mask = 0xfff00000L; /* major,minor,status */ - hfix = (headerver & 0x000ff000) >> 12; - lfix = (libver & 0x000ff000) >> 12; - if ( (headerver & mask) == (libver & mask) && lfix >= hfix) diff --git a/net-misc/openssh1/files/openssh1-7.3-mips-seccomp-n32.patch b/net-misc/openssh1/files/openssh1-7.3-mips-seccomp-n32.patch deleted file mode 100644 index 7eaadaf..0000000 --- a/net-misc/openssh1/files/openssh1-7.3-mips-seccomp-n32.patch +++ /dev/null @@ -1,21 +0,0 @@ -https://bugs.gentoo.org/591392 -https://bugzilla.mindrot.org/show_bug.cgi?id=2590 - -7.3 added seccomp support to MIPS, but failed to handled the N32 -case. This patch is temporary until upstream fixes. - ---- openssh-7.3p1/configure.ac -+++ openssh-7.3p1/configure.ac -@@ -816,10 +816,10 @@ main() { if (NSVersionOfRunTimeLibrary(" - seccomp_audit_arch=AUDIT_ARCH_MIPSEL - ;; - mips64-*) -- seccomp_audit_arch=AUDIT_ARCH_MIPS64 -+ seccomp_audit_arch=AUDIT_ARCH_MIPS64N32 - ;; - mips64el-*) -- seccomp_audit_arch=AUDIT_ARCH_MIPSEL64 -+ seccomp_audit_arch=AUDIT_ARCH_MIPSEL64N32 - ;; - esac - if test "x$seccomp_audit_arch" != "x" ; then diff --git a/net-misc/openssh1/files/openssh1-7.5_p1-CVE-2017-15906.patch b/net-misc/openssh1/files/openssh1-7.5_p1-CVE-2017-15906.patch deleted file mode 100644 index b97ceb4..0000000 --- a/net-misc/openssh1/files/openssh1-7.5_p1-CVE-2017-15906.patch +++ /dev/null @@ -1,31 +0,0 @@ -From a6981567e8e215acc1ef690c8dbb30f2d9b00a19 Mon Sep 17 00:00:00 2001 -From: djm -Date: Tue, 4 Apr 2017 00:24:56 +0000 -Subject: [PATCH] disallow creation (of empty files) in read-only mode; - reported by Michal Zalewski, feedback & ok deraadt@ - ---- - usr.bin/ssh/sftp-server.c | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/usr.bin/ssh/sftp-server.c b/usr.bin/ssh/sftp-server.c -index 2510d234a3a..42249ebd60d 100644 ---- a/usr.bin/ssh/sftp-server.c -+++ b/usr.bin/ssh/sftp-server.c -@@ -1,4 +1,4 @@ --/* $OpenBSD: sftp-server.c,v 1.110 2016/09/12 01:22:38 deraadt Exp $ */ -+/* $OpenBSD: sftp-server.c,v 1.111 2017/04/04 00:24:56 djm Exp $ */ - /* - * Copyright (c) 2000-2004 Markus Friedl. All rights reserved. - * -@@ -683,8 +683,8 @@ process_open(u_int32_t id) - logit("open \"%s\" flags %s mode 0%o", - name, string_from_portable(pflags), mode); - if (readonly && -- ((flags & O_ACCMODE) == O_WRONLY || -- (flags & O_ACCMODE) == O_RDWR)) { -+ ((flags & O_ACCMODE) != O_RDONLY || -+ (flags & (O_CREAT|O_TRUNC)) != 0)) { - verbose("Refusing open request in read-only mode"); - status = SSH2_FX_PERMISSION_DENIED; - } else { diff --git a/net-misc/openssh1/files/openssh1-7.5_p1-GSSAPI-dns.patch b/net-misc/openssh1/files/openssh1-7.5_p1-GSSAPI-dns.patch deleted file mode 100644 index 6b1e6dd..0000000 --- a/net-misc/openssh1/files/openssh1-7.5_p1-GSSAPI-dns.patch +++ /dev/null @@ -1,351 +0,0 @@ -http://bugs.gentoo.org/165444 -https://bugzilla.mindrot.org/show_bug.cgi?id=1008 - ---- a/readconf.c -+++ b/readconf.c -@@ -148,6 +148,7 @@ - oClearAllForwardings, oNoHostAuthenticationForLocalhost, - oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout, - oAddressFamily, oGssAuthentication, oGssDelegateCreds, -+ oGssTrustDns, - oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly, - oSendEnv, oControlPath, oControlMaster, oControlPersist, - oHashKnownHosts, -@@ -194,9 +195,11 @@ - #if defined(GSSAPI) - { "gssapiauthentication", oGssAuthentication }, - { "gssapidelegatecredentials", oGssDelegateCreds }, -+ { "gssapitrustdns", oGssTrustDns }, - # else - { "gssapiauthentication", oUnsupported }, - { "gssapidelegatecredentials", oUnsupported }, -+ { "gssapitrustdns", oUnsupported }, - #endif - #ifdef ENABLE_PKCS11 - { "smartcarddevice", oPKCS11Provider }, -@@ -930,6 +933,10 @@ - intptr = &options->gss_deleg_creds; - goto parse_flag; - -+ case oGssTrustDns: -+ intptr = &options->gss_trust_dns; -+ goto parse_flag; -+ - case oBatchMode: - intptr = &options->batch_mode; - goto parse_flag; -@@ -1649,6 +1656,7 @@ - options->challenge_response_authentication = -1; - options->gss_authentication = -1; - options->gss_deleg_creds = -1; -+ options->gss_trust_dns = -1; - options->password_authentication = -1; - options->kbd_interactive_authentication = -1; - options->kbd_interactive_devices = NULL; -@@ -1779,6 +1787,8 @@ - options->gss_authentication = 0; - if (options->gss_deleg_creds == -1) - options->gss_deleg_creds = 0; -+ if (options->gss_trust_dns == -1) -+ options->gss_trust_dns = 0; - if (options->password_authentication == -1) - options->password_authentication = 1; - if (options->kbd_interactive_authentication == -1) ---- a/readconf.h -+++ b/readconf.h -@@ -46,6 +46,7 @@ - /* Try S/Key or TIS, authentication. */ - int gss_authentication; /* Try GSS authentication */ - int gss_deleg_creds; /* Delegate GSS credentials */ -+ int gss_trust_dns; /* Trust DNS for GSS canonicalization */ - int password_authentication; /* Try password - * authentication. */ - int kbd_interactive_authentication; /* Try keyboard-interactive auth. */ ---- a/ssh_config.5 -+++ b/ssh_config.5 -@@ -830,6 +830,16 @@ - Forward (delegate) credentials to the server. - The default is - .Cm no . -+Note that this option applies to protocol version 2 connections using GSSAPI. -+.It Cm GSSAPITrustDns -+Set to -+.Dq yes to indicate that the DNS is trusted to securely canonicalize -+the name of the host being connected to. If -+.Dq no, the hostname entered on the -+command line will be passed untouched to the GSSAPI library. -+The default is -+.Dq no . -+This option only applies to protocol version 2 connections using GSSAPI. - .It Cm HashKnownHosts - Indicates that - .Xr ssh 1 ---- a/sshconnect2.c -+++ b/sshconnect2.c -@@ -656,6 +656,13 @@ - static u_int mech = 0; - OM_uint32 min; - int ok = 0; -+ const char *gss_host; -+ -+ if (options.gss_trust_dns) { -+ extern const char *auth_get_canonical_hostname(struct ssh *ssh, int use_dns); -+ gss_host = auth_get_canonical_hostname(active_state, 1); -+ } else -+ gss_host = authctxt->host; - - /* Try one GSSAPI method at a time, rather than sending them all at - * once. */ -@@ -668,7 +674,7 @@ - /* My DER encoding requires length<128 */ - if (gss_supported->elements[mech].length < 128 && - ssh_gssapi_check_mechanism(&gssctxt, -- &gss_supported->elements[mech], authctxt->host)) { -+ &gss_supported->elements[mech], gss_host)) { - ok = 1; /* Mechanism works */ - } else { - mech++; - -need to move these two funcs back to canohost so they're available to clients -and the server. auth.c is only used in the server. - ---- a/auth.c -+++ b/auth.c -@@ -784,117 +784,3 @@ fakepw(void) - - return (&fake); - } -- --/* -- * Returns the remote DNS hostname as a string. The returned string must not -- * be freed. NB. this will usually trigger a DNS query the first time it is -- * called. -- * This function does additional checks on the hostname to mitigate some -- * attacks on legacy rhosts-style authentication. -- * XXX is RhostsRSAAuthentication vulnerable to these? -- * XXX Can we remove these checks? (or if not, remove RhostsRSAAuthentication?) -- */ -- --static char * --remote_hostname(struct ssh *ssh) --{ -- struct sockaddr_storage from; -- socklen_t fromlen; -- struct addrinfo hints, *ai, *aitop; -- char name[NI_MAXHOST], ntop2[NI_MAXHOST]; -- const char *ntop = ssh_remote_ipaddr(ssh); -- -- /* Get IP address of client. */ -- fromlen = sizeof(from); -- memset(&from, 0, sizeof(from)); -- if (getpeername(ssh_packet_get_connection_in(ssh), -- (struct sockaddr *)&from, &fromlen) < 0) { -- debug("getpeername failed: %.100s", strerror(errno)); -- return strdup(ntop); -- } -- -- ipv64_normalise_mapped(&from, &fromlen); -- if (from.ss_family == AF_INET6) -- fromlen = sizeof(struct sockaddr_in6); -- -- debug3("Trying to reverse map address %.100s.", ntop); -- /* Map the IP address to a host name. */ -- if (getnameinfo((struct sockaddr *)&from, fromlen, name, sizeof(name), -- NULL, 0, NI_NAMEREQD) != 0) { -- /* Host name not found. Use ip address. */ -- return strdup(ntop); -- } -- -- /* -- * if reverse lookup result looks like a numeric hostname, -- * someone is trying to trick us by PTR record like following: -- * 1.1.1.10.in-addr.arpa. IN PTR 2.3.4.5 -- */ -- memset(&hints, 0, sizeof(hints)); -- hints.ai_socktype = SOCK_DGRAM; /*dummy*/ -- hints.ai_flags = AI_NUMERICHOST; -- if (getaddrinfo(name, NULL, &hints, &ai) == 0) { -- logit("Nasty PTR record \"%s\" is set up for %s, ignoring", -- name, ntop); -- freeaddrinfo(ai); -- return strdup(ntop); -- } -- -- /* Names are stored in lowercase. */ -- lowercase(name); -- -- /* -- * Map it back to an IP address and check that the given -- * address actually is an address of this host. This is -- * necessary because anyone with access to a name server can -- * define arbitrary names for an IP address. Mapping from -- * name to IP address can be trusted better (but can still be -- * fooled if the intruder has access to the name server of -- * the domain). -- */ -- memset(&hints, 0, sizeof(hints)); -- hints.ai_family = from.ss_family; -- hints.ai_socktype = SOCK_STREAM; -- if (getaddrinfo(name, NULL, &hints, &aitop) != 0) { -- logit("reverse mapping checking getaddrinfo for %.700s " -- "[%s] failed.", name, ntop); -- return strdup(ntop); -- } -- /* Look for the address from the list of addresses. */ -- for (ai = aitop; ai; ai = ai->ai_next) { -- if (getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop2, -- sizeof(ntop2), NULL, 0, NI_NUMERICHOST) == 0 && -- (strcmp(ntop, ntop2) == 0)) -- break; -- } -- freeaddrinfo(aitop); -- /* If we reached the end of the list, the address was not there. */ -- if (ai == NULL) { -- /* Address not found for the host name. */ -- logit("Address %.100s maps to %.600s, but this does not " -- "map back to the address.", ntop, name); -- return strdup(ntop); -- } -- return strdup(name); --} -- --/* -- * Return the canonical name of the host in the other side of the current -- * connection. The host name is cached, so it is efficient to call this -- * several times. -- */ -- --const char * --auth_get_canonical_hostname(struct ssh *ssh, int use_dns) --{ -- static char *dnsname; -- -- if (!use_dns) -- return ssh_remote_ipaddr(ssh); -- else if (dnsname != NULL) -- return dnsname; -- else { -- dnsname = remote_hostname(ssh); -- return dnsname; -- } --} ---- a/canohost.c -+++ b/canohost.c -@@ -202,3 +202,117 @@ get_local_port(int sock) - { - return get_sock_port(sock, 1); - } -+ -+/* -+ * Returns the remote DNS hostname as a string. The returned string must not -+ * be freed. NB. this will usually trigger a DNS query the first time it is -+ * called. -+ * This function does additional checks on the hostname to mitigate some -+ * attacks on legacy rhosts-style authentication. -+ * XXX is RhostsRSAAuthentication vulnerable to these? -+ * XXX Can we remove these checks? (or if not, remove RhostsRSAAuthentication?) -+ */ -+ -+static char * -+remote_hostname(struct ssh *ssh) -+{ -+ struct sockaddr_storage from; -+ socklen_t fromlen; -+ struct addrinfo hints, *ai, *aitop; -+ char name[NI_MAXHOST], ntop2[NI_MAXHOST]; -+ const char *ntop = ssh_remote_ipaddr(ssh); -+ -+ /* Get IP address of client. */ -+ fromlen = sizeof(from); -+ memset(&from, 0, sizeof(from)); -+ if (getpeername(ssh_packet_get_connection_in(ssh), -+ (struct sockaddr *)&from, &fromlen) < 0) { -+ debug("getpeername failed: %.100s", strerror(errno)); -+ return strdup(ntop); -+ } -+ -+ ipv64_normalise_mapped(&from, &fromlen); -+ if (from.ss_family == AF_INET6) -+ fromlen = sizeof(struct sockaddr_in6); -+ -+ debug3("Trying to reverse map address %.100s.", ntop); -+ /* Map the IP address to a host name. */ -+ if (getnameinfo((struct sockaddr *)&from, fromlen, name, sizeof(name), -+ NULL, 0, NI_NAMEREQD) != 0) { -+ /* Host name not found. Use ip address. */ -+ return strdup(ntop); -+ } -+ -+ /* -+ * if reverse lookup result looks like a numeric hostname, -+ * someone is trying to trick us by PTR record like following: -+ * 1.1.1.10.in-addr.arpa. IN PTR 2.3.4.5 -+ */ -+ memset(&hints, 0, sizeof(hints)); -+ hints.ai_socktype = SOCK_DGRAM; /*dummy*/ -+ hints.ai_flags = AI_NUMERICHOST; -+ if (getaddrinfo(name, NULL, &hints, &ai) == 0) { -+ logit("Nasty PTR record \"%s\" is set up for %s, ignoring", -+ name, ntop); -+ freeaddrinfo(ai); -+ return strdup(ntop); -+ } -+ -+ /* Names are stored in lowercase. */ -+ lowercase(name); -+ -+ /* -+ * Map it back to an IP address and check that the given -+ * address actually is an address of this host. This is -+ * necessary because anyone with access to a name server can -+ * define arbitrary names for an IP address. Mapping from -+ * name to IP address can be trusted better (but can still be -+ * fooled if the intruder has access to the name server of -+ * the domain). -+ */ -+ memset(&hints, 0, sizeof(hints)); -+ hints.ai_family = from.ss_family; -+ hints.ai_socktype = SOCK_STREAM; -+ if (getaddrinfo(name, NULL, &hints, &aitop) != 0) { -+ logit("reverse mapping checking getaddrinfo for %.700s " -+ "[%s] failed.", name, ntop); -+ return strdup(ntop); -+ } -+ /* Look for the address from the list of addresses. */ -+ for (ai = aitop; ai; ai = ai->ai_next) { -+ if (getnameinfo(ai->ai_addr, ai->ai_addrlen, ntop2, -+ sizeof(ntop2), NULL, 0, NI_NUMERICHOST) == 0 && -+ (strcmp(ntop, ntop2) == 0)) -+ break; -+ } -+ freeaddrinfo(aitop); -+ /* If we reached the end of the list, the address was not there. */ -+ if (ai == NULL) { -+ /* Address not found for the host name. */ -+ logit("Address %.100s maps to %.600s, but this does not " -+ "map back to the address.", ntop, name); -+ return strdup(ntop); -+ } -+ return strdup(name); -+} -+ -+/* -+ * Return the canonical name of the host in the other side of the current -+ * connection. The host name is cached, so it is efficient to call this -+ * several times. -+ */ -+ -+const char * -+auth_get_canonical_hostname(struct ssh *ssh, int use_dns) -+{ -+ static char *dnsname; -+ -+ if (!use_dns) -+ return ssh_remote_ipaddr(ssh); -+ else if (dnsname != NULL) -+ return dnsname; -+ else { -+ dnsname = remote_hostname(ssh); -+ return dnsname; -+ } -+} diff --git a/net-misc/openssh1/files/openssh1-7.5_p1-cross-cache.patch b/net-misc/openssh1/files/openssh1-7.5_p1-cross-cache.patch deleted file mode 100644 index 1c2b7b8..0000000 --- a/net-misc/openssh1/files/openssh1-7.5_p1-cross-cache.patch +++ /dev/null @@ -1,39 +0,0 @@ -From d588d6f83e9a3d48286929b4a705b43e74414241 Mon Sep 17 00:00:00 2001 -From: Mike Frysinger -Date: Wed, 24 May 2017 23:18:41 -0400 -Subject: [PATCH] configure: actually set cache vars when cross-compiling - -The cross-compiling fallback message says it's assuming the test -passed, but it didn't actually set the cache var which causes -later tests to fail. ---- - configure.ac | 6 ++++-- - 1 file changed, 4 insertions(+), 2 deletions(-) - -diff --git a/configure.ac b/configure.ac -index 5cfea38c0a6c..895c5211ea93 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -3162,7 +3162,8 @@ AC_RUN_IFELSE( - select_works_with_rlimit=yes], - [AC_MSG_RESULT([no]) - select_works_with_rlimit=no], -- [AC_MSG_WARN([cross compiling: assuming yes])] -+ [AC_MSG_WARN([cross compiling: assuming yes]) -+ select_works_with_rlimit=yes] - ) - - AC_MSG_CHECKING([if setrlimit(RLIMIT_NOFILE,{0,0}) works]) -@@ -3188,7 +3189,8 @@ AC_RUN_IFELSE( - rlimit_nofile_zero_works=yes], - [AC_MSG_RESULT([no]) - rlimit_nofile_zero_works=no], -- [AC_MSG_WARN([cross compiling: assuming yes])] -+ [AC_MSG_WARN([cross compiling: assuming yes]) -+ rlimit_nofile_zero_works=yes] - ) - - AC_MSG_CHECKING([if setrlimit RLIMIT_FSIZE works]) --- -2.12.0 - diff --git a/net-misc/openssh1/files/openssh1-7.5_p1-disable-conch-interop-tests.patch b/net-misc/openssh1/files/openssh1-7.5_p1-disable-conch-interop-tests.patch deleted file mode 100644 index a5647ce..0000000 --- a/net-misc/openssh1/files/openssh1-7.5_p1-disable-conch-interop-tests.patch +++ /dev/null @@ -1,20 +0,0 @@ -Disable conch interop tests which are failing when called -via portage for yet unknown reason and because using conch -seems to be flaky (test is failing when using Python2 but -passing when using Python3). - -Bug: https://bugs.gentoo.org/605446 - ---- a/regress/conch-ciphers.sh -+++ b/regress/conch-ciphers.sh -@@ -3,6 +3,10 @@ - - tid="conch ciphers" - -+# https://bugs.gentoo.org/605446 -+echo "conch interop tests skipped due to Gentoo bug #605446" -+exit 0 -+ - if test "x$REGRESS_INTEROP_CONCH" != "xyes" ; then - echo "conch interop tests not enabled" - exit 0 diff --git a/net-misc/openssh1/files/openssh1-7.5_p1-hpn-x509-10.2-glue.patch b/net-misc/openssh1/files/openssh1-7.5_p1-hpn-x509-10.2-glue.patch deleted file mode 100644 index 11a5b36..0000000 --- a/net-misc/openssh1/files/openssh1-7.5_p1-hpn-x509-10.2-glue.patch +++ /dev/null @@ -1,67 +0,0 @@ -diff -ur a/0003-Add-support-for-the-multi-threaded-AES-CTR-cipher.patch b/0003-Add-support-for-the-multi-threaded-AES-CTR-cipher.patch ---- a/0003-Add-support-for-the-multi-threaded-AES-CTR-cipher.patch 2017-03-27 13:31:01.816551100 -0700 -+++ b/0003-Add-support-for-the-multi-threaded-AES-CTR-cipher.patch 2017-03-27 13:51:03.894805846 -0700 -@@ -40,7 +40,7 @@ - @@ -44,7 +44,7 @@ CC=@CC@ - LD=@LD@ - CFLAGS=@CFLAGS@ -- CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@ -+ CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ @LDAP_CPPFLAGS@ $(PATHS) @DEFS@ - -LIBS=@LIBS@ - +LIBS=@LIBS@ -lpthread - K5LIBS=@K5LIBS@ -@@ -1023,6 +1023,3 @@ - do_authenticated(authctxt); - - /* The connection has been terminated. */ ---- --2.12.0 -- -diff -ur a/0004-support-dynamically-sized-receive-buffers.patch b/0004-support-dynamically-sized-receive-buffers.patch ---- a/0004-support-dynamically-sized-receive-buffers.patch 2017-03-27 13:31:01.816551100 -0700 -+++ b/0004-support-dynamically-sized-receive-buffers.patch 2017-03-27 13:49:44.513498976 -0700 -@@ -926,9 +926,9 @@ - @@ -526,10 +553,10 @@ send_client_banner(int connection_out, int minor1) - /* Send our own protocol version identification. */ - if (compat20) { -- xasprintf(&client_version_string, "SSH-%d.%d-%.100s\r\n", --- PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION); --+ PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_RELEASE); -+ xasprintf(&client_version_string, "SSH-%d.%d-%.100s PKIX[%s]\r\n", -+- PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION, PACKAGE_VERSION); -++ PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_RELEASE, PACKAGE_VERSION); - } else { - xasprintf(&client_version_string, "SSH-%d.%d-%.100s\n", - - PROTOCOL_MAJOR_1, minor1, SSH_VERSION); -@@ -943,11 +943,11 @@ - @@ -367,7 +367,7 @@ sshd_exchange_identification(struct ssh *ssh, int sock_in, int sock_out) - char remote_version[256]; /* Must be at least as big as buf. */ - -- xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s\r\n", --- PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_VERSION, --+ PROTOCOL_MAJOR_2, PROTOCOL_MINOR_2, SSH_RELEASE, -+ xasprintf(&server_version_string, "SSH-%d.%d-%s%s%s%s%s", -+- major, minor, SSH_VERSION, pkix_comment, -++ major, minor, SSH_RELEASE, pkix_comment, - *options.version_addendum == '\0' ? "" : " ", -- options.version_addendum); -+ options.version_addendum, newline); - - @@ -1020,6 +1020,8 @@ server_listen(void) - int ret, listen_sock, on = 1; -@@ -1006,12 +1008,9 @@ - --- a/version.h - +++ b/version.h --@@ -3,4 +3,5 @@ -+@@ -3,4 +3,6 @@ - #define SSH_VERSION "OpenSSH_7.5" - -- #define SSH_PORTABLE "p1" ---#define SSH_RELEASE SSH_VERSION SSH_PORTABLE -+-#define SSH_RELEASE PACKAGE_STRING ", " SSH_VERSION "p1" -++#define SSH_X509 ", PKIX-SSH " PACKAGE_VERSION - +#define SSH_HPN "-hpn14v12" - +#define SSH_RELEASE SSH_VERSION SSH_PORTABLE SSH_HPN ---- --2.12.0 -- diff --git a/net-misc/openssh1/files/openssh1-7.5_p1-openssl-1.1.patch b/net-misc/openssh1/files/openssh1-7.5_p1-openssl-1.1.patch deleted file mode 100644 index 03b33d5..0000000 --- a/net-misc/openssh1/files/openssh1-7.5_p1-openssl-1.1.patch +++ /dev/null @@ -1,3520 +0,0 @@ -From dd6f41312c12853596f11c88c23e71a55af2dcae Mon Sep 17 00:00:00 2001 -From: Jakub Jelen -Date: Mon, 27 Nov 2017 11:09:08 +0000 -Subject: OpenSSL 1.1.0 compat - -This is too risky for the main OpenSSH packages, but for openssh-ssh1 -it's unlikely to make matters significantly worse. See: - - https://lists.mindrot.org/pipermail/openssh-unix-dev/2017-November/036467.html - -Bug-Debian: https://bugs.debian.org/873574 -Origin: vendor, https://src.fedoraproject.org/rpms/openssh/blob/9e46aafab9baa6bb905efdf442cd963ea074e8cd/f/openssh-7.3p1-openssl-1.1.0.patch -Author: Kurt Roeckx -Author: Colin Watson -Forwarded: https://github.com/openssh/openssh-portable/pull/48 -Last-Update: 2017-11-27 - -Patch-Name: openssl-1.1.patch ---- - Makefile.in | 2 +- - auth-pam.c | 4 + - authfd.c | 53 ++- - cipher-3des1.c | 68 ++-- - cipher-bf1.c | 27 +- - cipher.c | 8 +- - dh.c | 53 +-- - dh.h | 2 +- - digest-openssl.c | 17 +- - includes.h | 1 + - kexdhc.c | 19 +- - kexdhs.c | 10 +- - kexgexc.c | 28 +- - kexgexs.c | 19 +- - libcrypto-compat.c | 546 ++++++++++++++++++++++++++++ - libcrypto-compat.h | 98 +++++ - monitor.c | 7 +- - openbsd-compat/openssl-compat.c | 7 + - regress/unittests/sshkey/test_file.c | 20 +- - regress/unittests/sshkey/test_sshkey.c | 25 +- - rsa.c | 41 ++- - rsa.h | 2 +- - ssh-agent.c | 75 +++- - ssh-dss.c | 27 +- - ssh-ecdsa.c | 26 +- - ssh-keygen.c | 94 +++-- - ssh-keyscan.c | 11 +- - ssh-pkcs11-client.c | 12 +- - ssh-pkcs11.c | 42 ++- - ssh-rsa.c | 4 +- - ssh.c | 1 + - sshconnect.c | 1 + - sshconnect1.c | 64 ++-- - sshconnect2.c | 1 + - sshkey.c | 643 +++++++++++++++++++++++---------- - 35 files changed, 1593 insertions(+), 465 deletions(-) - create mode 100644 libcrypto-compat.c - create mode 100644 libcrypto-compat.h - -diff --git a/Makefile.in b/Makefile.in -index 5870e9e6..2645531e 100644 ---- a/Makefile.in -+++ b/Makefile.in -@@ -92,7 +92,7 @@ LIBSSH_OBJS=${LIBOPENSSH_OBJS} \ - kex.o kexdh.o kexgex.o kexecdh.o kexc25519.o \ - kexdhc.o kexgexc.o kexecdhc.o kexc25519c.o \ - kexdhs.o kexgexs.o kexecdhs.o kexc25519s.o \ -- platform-pledge.o platform-tracing.o -+ platform-pledge.o platform-tracing.o libcrypto-compat.o - - SSHOBJS= ssh.o readconf.o clientloop.o sshtty.o \ - sshconnect.o sshconnect1.o sshconnect2.o mux.o -diff --git a/auth-pam.c b/auth-pam.c -index bc8e5e02..bd16d800 100644 ---- a/auth-pam.c -+++ b/auth-pam.c -@@ -129,6 +129,10 @@ extern u_int utmp_len; - typedef pthread_t sp_pthread_t; - #else - typedef pid_t sp_pthread_t; -+# define pthread_create(a, b, c, d) _ssh_compat_pthread_create(a, b, c, d) -+# define pthread_exit(a) _ssh_compat_pthread_exit(a) -+# define pthread_cancel(a) _ssh_compat_pthread_cancel(a) -+# define pthread_join(a, b) _ssh_compat_pthread_join(a, b) - #endif - - struct pam_ctxt { -diff --git a/authfd.c b/authfd.c -index a634bcb8..7f7c225f 100644 ---- a/authfd.c -+++ b/authfd.c -@@ -207,15 +207,26 @@ deserialise_identity1(struct sshbuf *ids, struct sshkey **keyp, char **commentp) - int r, keybits; - u_int32_t bits; - char *comment = NULL; -+ BIGNUM *e = NULL, *n = NULL; - - if ((key = sshkey_new(KEY_RSA1)) == NULL) - return SSH_ERR_ALLOC_FAIL; -+ if ((e = BN_new()) == NULL || -+ (n = BN_new()) == NULL) { -+ BN_free(e); -+ r = SSH_ERR_ALLOC_FAIL; -+ goto out; -+ } - if ((r = sshbuf_get_u32(ids, &bits)) != 0 || -- (r = sshbuf_get_bignum1(ids, key->rsa->e)) != 0 || -- (r = sshbuf_get_bignum1(ids, key->rsa->n)) != 0 || -- (r = sshbuf_get_cstring(ids, &comment, NULL)) != 0) -+ (r = sshbuf_get_bignum1(ids, e)) != 0 || -+ (r = sshbuf_get_bignum1(ids, n)) != 0 || -+ (r = sshbuf_get_cstring(ids, &comment, NULL)) != 0 || -+ (RSA_set0_key(key->rsa, n, e, NULL) == 0)) { -+ BN_free(n); -+ BN_free(e); - goto out; -- keybits = BN_num_bits(key->rsa->n); -+ } -+ keybits = BN_num_bits(n); - /* XXX previously we just warned here. I think we should be strict */ - if (keybits < 0 || bits != (u_int)keybits) { - r = SSH_ERR_KEY_BITS_MISMATCH; -@@ -393,15 +404,17 @@ ssh_decrypt_challenge(int sock, struct sshkey* key, BIGNUM *challenge, - struct sshbuf *msg; - int r; - u_char type; -+ const BIGNUM *e, *n; - - if (key->type != KEY_RSA1) - return SSH_ERR_INVALID_ARGUMENT; - if ((msg = sshbuf_new()) == NULL) - return SSH_ERR_ALLOC_FAIL; -+ RSA_get0_key(key->rsa, &n, &e, NULL); - if ((r = sshbuf_put_u8(msg, SSH_AGENTC_RSA_CHALLENGE)) != 0 || -- (r = sshbuf_put_u32(msg, BN_num_bits(key->rsa->n))) != 0 || -- (r = sshbuf_put_bignum1(msg, key->rsa->e)) != 0 || -- (r = sshbuf_put_bignum1(msg, key->rsa->n)) != 0 || -+ (r = sshbuf_put_u32(msg, BN_num_bits(n))) != 0 || -+ (r = sshbuf_put_bignum1(msg, e)) != 0 || -+ (r = sshbuf_put_bignum1(msg, n)) != 0 || - (r = sshbuf_put_bignum1(msg, challenge)) != 0 || - (r = sshbuf_put(msg, session_id, 16)) != 0 || - (r = sshbuf_put_u32(msg, 1)) != 0) /* Response type for proto 1.1 */ -@@ -499,15 +512,19 @@ static int - ssh_encode_identity_rsa1(struct sshbuf *b, RSA *key, const char *comment) - { - int r; -+ const BIGNUM *n, *e, *d, *q, *p, *iqmp; - -+ RSA_get0_key(key, &n, &e, &d); -+ RSA_get0_factors(key, &p, &q); -+ RSA_get0_crt_params(key, NULL, NULL, &iqmp); - /* To keep within the protocol: p < q for ssh. in SSL p > q */ -- if ((r = sshbuf_put_u32(b, BN_num_bits(key->n))) != 0 || -- (r = sshbuf_put_bignum1(b, key->n)) != 0 || -- (r = sshbuf_put_bignum1(b, key->e)) != 0 || -- (r = sshbuf_put_bignum1(b, key->d)) != 0 || -- (r = sshbuf_put_bignum1(b, key->iqmp)) != 0 || -- (r = sshbuf_put_bignum1(b, key->q)) != 0 || -- (r = sshbuf_put_bignum1(b, key->p)) != 0 || -+ if ((r = sshbuf_put_u32(b, BN_num_bits(n))) != 0 || -+ (r = sshbuf_put_bignum1(b, n)) != 0 || -+ (r = sshbuf_put_bignum1(b, e)) != 0 || -+ (r = sshbuf_put_bignum1(b, d)) != 0 || -+ (r = sshbuf_put_bignum1(b, iqmp)) != 0 || -+ (r = sshbuf_put_bignum1(b, q)) != 0 || -+ (r = sshbuf_put_bignum1(b, p)) != 0 || - (r = sshbuf_put_cstring(b, comment)) != 0) - return r; - return 0; -@@ -622,11 +639,13 @@ ssh_remove_identity(int sock, struct sshkey *key) - - #ifdef WITH_SSH1 - if (key->type == KEY_RSA1) { -+ const BIGNUM *e, *n; -+ RSA_get0_key(key->rsa, &n, &e, NULL); - if ((r = sshbuf_put_u8(msg, - SSH_AGENTC_REMOVE_RSA_IDENTITY)) != 0 || -- (r = sshbuf_put_u32(msg, BN_num_bits(key->rsa->n))) != 0 || -- (r = sshbuf_put_bignum1(msg, key->rsa->e)) != 0 || -- (r = sshbuf_put_bignum1(msg, key->rsa->n)) != 0) -+ (r = sshbuf_put_u32(msg, BN_num_bits(n))) != 0 || -+ (r = sshbuf_put_bignum1(msg, e)) != 0 || -+ (r = sshbuf_put_bignum1(msg, n)) != 0) - goto out; - } else - #endif -diff --git a/cipher-3des1.c b/cipher-3des1.c -index 9fcc2785..2051030c 100644 ---- a/cipher-3des1.c -+++ b/cipher-3des1.c -@@ -44,7 +44,7 @@ - */ - struct ssh1_3des_ctx - { -- EVP_CIPHER_CTX k1, k2, k3; -+ EVP_CIPHER_CTX *k1, *k2, *k3; - }; - - const EVP_CIPHER * evp_ssh1_3des(void); -@@ -65,7 +65,7 @@ ssh1_3des_init(EVP_CIPHER_CTX *ctx, const u_char *key, const u_char *iv, - if (key == NULL) - return 1; - if (enc == -1) -- enc = ctx->encrypt; -+ enc = EVP_CIPHER_CTX_encrypting(ctx); - k1 = k2 = k3 = (u_char *) key; - k2 += 8; - if (EVP_CIPHER_CTX_key_length(ctx) >= 16+8) { -@@ -74,12 +74,19 @@ ssh1_3des_init(EVP_CIPHER_CTX *ctx, const u_char *key, const u_char *iv, - else - k1 += 16; - } -- EVP_CIPHER_CTX_init(&c->k1); -- EVP_CIPHER_CTX_init(&c->k2); -- EVP_CIPHER_CTX_init(&c->k3); -- if (EVP_CipherInit(&c->k1, EVP_des_cbc(), k1, NULL, enc) == 0 || -- EVP_CipherInit(&c->k2, EVP_des_cbc(), k2, NULL, !enc) == 0 || -- EVP_CipherInit(&c->k3, EVP_des_cbc(), k3, NULL, enc) == 0) { -+ c->k1 = EVP_CIPHER_CTX_new(); -+ c->k2 = EVP_CIPHER_CTX_new(); -+ c->k3 = EVP_CIPHER_CTX_new(); -+ if (c->k1 == NULL || c->k2 == NULL || c->k3 == NULL) { -+ EVP_CIPHER_CTX_free(c->k1); -+ EVP_CIPHER_CTX_free(c->k2); -+ EVP_CIPHER_CTX_free(c->k3); -+ free(c); -+ return 0; -+ } -+ if (EVP_CipherInit(c->k1, EVP_des_cbc(), k1, NULL, enc) == 0 || -+ EVP_CipherInit(c->k2, EVP_des_cbc(), k2, NULL, !enc) == 0 || -+ EVP_CipherInit(c->k3, EVP_des_cbc(), k3, NULL, enc) == 0) { - explicit_bzero(c, sizeof(*c)); - free(c); - EVP_CIPHER_CTX_set_app_data(ctx, NULL); -@@ -95,9 +102,9 @@ ssh1_3des_cbc(EVP_CIPHER_CTX *ctx, u_char *dest, const u_char *src, size_t len) - - if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) == NULL) - return 0; -- if (EVP_Cipher(&c->k1, dest, (u_char *)src, len) == 0 || -- EVP_Cipher(&c->k2, dest, dest, len) == 0 || -- EVP_Cipher(&c->k3, dest, dest, len) == 0) -+ if (EVP_Cipher(c->k1, dest, (u_char *)src, len) == 0 || -+ EVP_Cipher(c->k2, dest, dest, len) == 0 || -+ EVP_Cipher(c->k3, dest, dest, len) == 0) - return 0; - return 1; - } -@@ -108,9 +115,9 @@ ssh1_3des_cleanup(EVP_CIPHER_CTX *ctx) - struct ssh1_3des_ctx *c; - - if ((c = EVP_CIPHER_CTX_get_app_data(ctx)) != NULL) { -- EVP_CIPHER_CTX_cleanup(&c->k1); -- EVP_CIPHER_CTX_cleanup(&c->k2); -- EVP_CIPHER_CTX_cleanup(&c->k3); -+ EVP_CIPHER_CTX_free(c->k1); -+ EVP_CIPHER_CTX_free(c->k2); -+ EVP_CIPHER_CTX_free(c->k3); - explicit_bzero(c, sizeof(*c)); - free(c); - EVP_CIPHER_CTX_set_app_data(ctx, NULL); -@@ -128,13 +135,13 @@ ssh1_3des_iv(EVP_CIPHER_CTX *evp, int doset, u_char *iv, int len) - if ((c = EVP_CIPHER_CTX_get_app_data(evp)) == NULL) - return SSH_ERR_INTERNAL_ERROR; - if (doset) { -- memcpy(c->k1.iv, iv, 8); -- memcpy(c->k2.iv, iv + 8, 8); -- memcpy(c->k3.iv, iv + 16, 8); -+ memcpy(EVP_CIPHER_CTX_iv_noconst(c->k1), iv, 8); -+ memcpy(EVP_CIPHER_CTX_iv_noconst(c->k2), iv + 8, 8); -+ memcpy(EVP_CIPHER_CTX_iv_noconst(c->k3), iv + 16, 8); - } else { -- memcpy(iv, c->k1.iv, 8); -- memcpy(iv + 8, c->k2.iv, 8); -- memcpy(iv + 16, c->k3.iv, 8); -+ memcpy(iv, EVP_CIPHER_CTX_iv(c->k1), 8); -+ memcpy(iv + 8, EVP_CIPHER_CTX_iv(c->k2), 8); -+ memcpy(iv + 16, EVP_CIPHER_CTX_iv(c->k3), 8); - } - return 0; - } -@@ -142,17 +149,14 @@ ssh1_3des_iv(EVP_CIPHER_CTX *evp, int doset, u_char *iv, int len) - const EVP_CIPHER * - evp_ssh1_3des(void) - { -- static EVP_CIPHER ssh1_3des; -- -- memset(&ssh1_3des, 0, sizeof(ssh1_3des)); -- ssh1_3des.nid = NID_undef; -- ssh1_3des.block_size = 8; -- ssh1_3des.iv_len = 0; -- ssh1_3des.key_len = 16; -- ssh1_3des.init = ssh1_3des_init; -- ssh1_3des.cleanup = ssh1_3des_cleanup; -- ssh1_3des.do_cipher = ssh1_3des_cbc; -- ssh1_3des.flags = EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH; -- return &ssh1_3des; -+ EVP_CIPHER *ssh1_3des; -+ -+ ssh1_3des = EVP_CIPHER_meth_new(NID_undef, 8, 16); -+ EVP_CIPHER_meth_set_iv_length(ssh1_3des, 0); -+ EVP_CIPHER_meth_set_init(ssh1_3des, ssh1_3des_init); -+ EVP_CIPHER_meth_set_cleanup(ssh1_3des, ssh1_3des_cleanup); -+ EVP_CIPHER_meth_set_do_cipher(ssh1_3des, ssh1_3des_cbc); -+ EVP_CIPHER_meth_set_flags(ssh1_3des, EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH); -+ return ssh1_3des; - } - #endif /* WITH_SSH1 */ -diff --git a/cipher-bf1.c b/cipher-bf1.c -index c205b077..b23bda7c 100644 ---- a/cipher-bf1.c -+++ b/cipher-bf1.c -@@ -89,17 +89,28 @@ bf_ssh1_cipher(EVP_CIPHER_CTX *ctx, u_char *out, const u_char *in, - const EVP_CIPHER * - evp_ssh1_bf(void) - { -- static EVP_CIPHER ssh1_bf; -+ EVP_CIPHER *ssh1_bf; - -- memcpy(&ssh1_bf, EVP_bf_cbc(), sizeof(EVP_CIPHER)); -- orig_bf = ssh1_bf.do_cipher; -- ssh1_bf.nid = NID_undef; -+ orig_bf = EVP_CIPHER_meth_get_do_cipher(EVP_bf_cbc()); -+ /* block_size, length, flags from openssl/crypto/engine/eng_cryptodev.c:638 */ -+ ssh1_bf = EVP_CIPHER_meth_new(NID_undef, 8, 32); -+ EVP_CIPHER_meth_set_iv_length(ssh1_bf, 8); -+ EVP_CIPHER_meth_set_flags(ssh1_bf, EVP_CIPH_CBC_MODE); - #ifdef SSH_OLD_EVP -- ssh1_bf.init = bf_ssh1_init; -+ EVP_CIPHER_meth_set_init(ssh1_bf, ssh1_bf_init); -+#else -+ EVP_CIPHER_meth_set_init(ssh1_bf, -+ EVP_CIPHER_meth_get_init(EVP_bf_cbc())); - #endif -- ssh1_bf.do_cipher = bf_ssh1_cipher; -- ssh1_bf.key_len = 32; -- return (&ssh1_bf); -+ /* copy methods and parameters from old EVP_BF_cbc() -+ * meth_dup does not allow to change type and key_len */ -+ EVP_CIPHER_meth_set_cleanup(ssh1_bf, -+ EVP_CIPHER_meth_get_cleanup(EVP_bf_cbc())); -+ EVP_CIPHER_meth_set_ctrl(ssh1_bf, -+ EVP_CIPHER_meth_get_ctrl(EVP_bf_cbc())); -+ /* ASN1 params??? */ -+ EVP_CIPHER_meth_set_do_cipher(ssh1_bf, bf_ssh1_cipher); -+ return ssh1_bf; - } - #endif /* defined(WITH_OPENSSL) && !defined(OPENSSL_NO_BF) */ - -diff --git a/cipher.c b/cipher.c -index 2def333b..ae566312 100644 ---- a/cipher.c -+++ b/cipher.c -@@ -625,7 +625,7 @@ cipher_get_keyiv(struct sshcipher_ctx *cc, u_char *iv, u_int len) - len, iv)) - return SSH_ERR_LIBCRYPTO_ERROR; - } else -- memcpy(iv, cc->evp->iv, len); -+ memcpy(iv, EVP_CIPHER_CTX_iv(cc->evp), len); - break; - #endif - #ifdef WITH_SSH1 -@@ -671,7 +671,7 @@ cipher_set_keyiv(struct sshcipher_ctx *cc, const u_char *iv) - EVP_CTRL_GCM_SET_IV_FIXED, -1, (void *)iv)) - return SSH_ERR_LIBCRYPTO_ERROR; - } else -- memcpy(cc->evp->iv, iv, evplen); -+ memcpy(EVP_CIPHER_CTX_iv_noconst(cc->evp), iv, evplen); - break; - #endif - #ifdef WITH_SSH1 -@@ -685,8 +685,8 @@ cipher_set_keyiv(struct sshcipher_ctx *cc, const u_char *iv) - } - - #ifdef WITH_OPENSSL --#define EVP_X_STATE(evp) (evp)->cipher_data --#define EVP_X_STATE_LEN(evp) (evp)->cipher->ctx_size -+#define EVP_X_STATE(evp) EVP_CIPHER_CTX_get_cipher_data(evp) -+#define EVP_X_STATE_LEN(evp) EVP_CIPHER_impl_ctx_size(EVP_CIPHER_CTX_cipher(evp)) - #endif - - int -diff --git a/dh.c b/dh.c -index 47531242..db192f63 100644 ---- a/dh.c -+++ b/dh.c -@@ -212,14 +212,15 @@ choose_dh(int min, int wantbits, int max) - /* diffie-hellman-groupN-sha1 */ - - int --dh_pub_is_valid(DH *dh, BIGNUM *dh_pub) -+dh_pub_is_valid(const DH *dh, const BIGNUM *dh_pub) - { - int i; - int n = BN_num_bits(dh_pub); - int bits_set = 0; - BIGNUM *tmp; -+ const BIGNUM *p; - -- if (dh_pub->neg) { -+ if (BN_is_negative(dh_pub)) { - logit("invalid public DH value: negative"); - return 0; - } -@@ -232,7 +233,8 @@ dh_pub_is_valid(DH *dh, BIGNUM *dh_pub) - error("%s: BN_new failed", __func__); - return 0; - } -- if (!BN_sub(tmp, dh->p, BN_value_one()) || -+ DH_get0_pqg(dh, &p, NULL, NULL); -+ if (!BN_sub(tmp, p, BN_value_one()) || - BN_cmp(dh_pub, tmp) != -1) { /* pub_exp > p-2 */ - BN_clear_free(tmp); - logit("invalid public DH value: >= p-1"); -@@ -243,14 +245,14 @@ dh_pub_is_valid(DH *dh, BIGNUM *dh_pub) - for (i = 0; i <= n; i++) - if (BN_is_bit_set(dh_pub, i)) - bits_set++; -- debug2("bits set: %d/%d", bits_set, BN_num_bits(dh->p)); -+ debug2("bits set: %d/%d", bits_set, BN_num_bits(p)); - - /* - * if g==2 and bits_set==1 then computing log_g(dh_pub) is trivial - */ - if (bits_set < 4) { - logit("invalid public DH value (%d/%d)", -- bits_set, BN_num_bits(dh->p)); -+ bits_set, BN_num_bits(p)); - return 0; - } - return 1; -@@ -260,9 +262,11 @@ int - dh_gen_key(DH *dh, int need) - { - int pbits; -+ const BIGNUM *p, *pub_key; - -- if (need < 0 || dh->p == NULL || -- (pbits = BN_num_bits(dh->p)) <= 0 || -+ DH_get0_pqg(dh, &p, NULL, NULL); -+ if (need < 0 || p == NULL || -+ (pbits = BN_num_bits(p)) <= 0 || - need > INT_MAX / 2 || 2 * need > pbits) - return SSH_ERR_INVALID_ARGUMENT; - if (need < 256) -@@ -271,10 +275,11 @@ dh_gen_key(DH *dh, int need) - * Pollard Rho, Big step/Little Step attacks are O(sqrt(n)), - * so double requested need here. - */ -- dh->length = MINIMUM(need * 2, pbits - 1); -- if (DH_generate_key(dh) == 0 || -- !dh_pub_is_valid(dh, dh->pub_key)) { -- BN_clear_free(dh->priv_key); -+ DH_set_length(dh, MINIMUM(need * 2, pbits - 1)); -+ if (DH_generate_key(dh) == 0) -+ return SSH_ERR_LIBCRYPTO_ERROR; -+ DH_get0_key(dh, &pub_key, NULL); -+ if (!dh_pub_is_valid(dh, pub_key)) { - return SSH_ERR_LIBCRYPTO_ERROR; - } - return 0; -@@ -284,15 +289,22 @@ DH * - dh_new_group_asc(const char *gen, const char *modulus) - { - DH *dh; -- -- if ((dh = DH_new()) == NULL) -- return NULL; -- if (BN_hex2bn(&dh->p, modulus) == 0 || -- BN_hex2bn(&dh->g, gen) == 0) { -- DH_free(dh); -- return NULL; -- } -+ BIGNUM *p, *g; -+ -+ if ((dh = DH_new()) == NULL || -+ (p = BN_new()) == NULL || -+ (g = BN_new()) == NULL) -+ goto err; -+ if (BN_hex2bn(&p, modulus) == 0 || -+ BN_hex2bn(&g, gen) == 0 || -+ DH_set0_pqg(dh, p, NULL, g) == 0) -+ goto err; - return (dh); -+err: -+ DH_free(dh); -+ BN_free(p); -+ BN_free(g); -+ return NULL; - } - - /* -@@ -307,8 +319,7 @@ dh_new_group(BIGNUM *gen, BIGNUM *modulus) - - if ((dh = DH_new()) == NULL) - return NULL; -- dh->p = modulus; -- dh->g = gen; -+ DH_set0_pqg(dh, modulus, NULL, gen); - - return (dh); - } -diff --git a/dh.h b/dh.h -index bcd485cf..344b29e3 100644 ---- a/dh.h -+++ b/dh.h -@@ -42,7 +42,7 @@ DH *dh_new_group18(void); - DH *dh_new_group_fallback(int); - - int dh_gen_key(DH *, int); --int dh_pub_is_valid(DH *, BIGNUM *); -+int dh_pub_is_valid(const DH *, const BIGNUM *); - - u_int dh_estimate(int); - -diff --git a/digest-openssl.c b/digest-openssl.c -index c55ceb93..b94045bd 100644 ---- a/digest-openssl.c -+++ b/digest-openssl.c -@@ -43,7 +43,7 @@ - - struct ssh_digest_ctx { - int alg; -- EVP_MD_CTX mdctx; -+ EVP_MD_CTX *mdctx; - }; - - struct ssh_digest { -@@ -107,7 +107,7 @@ ssh_digest_bytes(int alg) - size_t - ssh_digest_blocksize(struct ssh_digest_ctx *ctx) - { -- return EVP_MD_CTX_block_size(&ctx->mdctx); -+ return EVP_MD_CTX_block_size(ctx->mdctx); - } - - struct ssh_digest_ctx * -@@ -119,8 +119,9 @@ ssh_digest_start(int alg) - if (digest == NULL || ((ret = calloc(1, sizeof(*ret))) == NULL)) - return NULL; - ret->alg = alg; -- EVP_MD_CTX_init(&ret->mdctx); -- if (EVP_DigestInit_ex(&ret->mdctx, digest->mdfunc(), NULL) != 1) { -+ ret->mdctx = EVP_MD_CTX_new(); -+ if (ret->mdctx == NULL || -+ EVP_DigestInit_ex(ret->mdctx, digest->mdfunc(), NULL) != 1) { - free(ret); - return NULL; - } -@@ -133,7 +134,7 @@ ssh_digest_copy_state(struct ssh_digest_ctx *from, struct ssh_digest_ctx *to) - if (from->alg != to->alg) - return SSH_ERR_INVALID_ARGUMENT; - /* we have bcopy-style order while openssl has memcpy-style */ -- if (!EVP_MD_CTX_copy_ex(&to->mdctx, &from->mdctx)) -+ if (!EVP_MD_CTX_copy_ex(to->mdctx, from->mdctx)) - return SSH_ERR_LIBCRYPTO_ERROR; - return 0; - } -@@ -141,7 +142,7 @@ ssh_digest_copy_state(struct ssh_digest_ctx *from, struct ssh_digest_ctx *to) - int - ssh_digest_update(struct ssh_digest_ctx *ctx, const void *m, size_t mlen) - { -- if (EVP_DigestUpdate(&ctx->mdctx, m, mlen) != 1) -+ if (EVP_DigestUpdate(ctx->mdctx, m, mlen) != 1) - return SSH_ERR_LIBCRYPTO_ERROR; - return 0; - } -@@ -162,7 +163,7 @@ ssh_digest_final(struct ssh_digest_ctx *ctx, u_char *d, size_t dlen) - return SSH_ERR_INVALID_ARGUMENT; - if (dlen < digest->digest_len) /* No truncation allowed */ - return SSH_ERR_INVALID_ARGUMENT; -- if (EVP_DigestFinal_ex(&ctx->mdctx, d, &l) != 1) -+ if (EVP_DigestFinal_ex(ctx->mdctx, d, &l) != 1) - return SSH_ERR_LIBCRYPTO_ERROR; - if (l != digest->digest_len) /* sanity */ - return SSH_ERR_INTERNAL_ERROR; -@@ -173,7 +174,7 @@ void - ssh_digest_free(struct ssh_digest_ctx *ctx) - { - if (ctx != NULL) { -- EVP_MD_CTX_cleanup(&ctx->mdctx); -+ EVP_MD_CTX_free(ctx->mdctx); - explicit_bzero(ctx, sizeof(*ctx)); - free(ctx); - } -diff --git a/includes.h b/includes.h -index 497a038b..7e602f50 100644 ---- a/includes.h -+++ b/includes.h -@@ -163,6 +163,7 @@ - - #ifdef WITH_OPENSSL - #include /* For OPENSSL_VERSION_NUMBER */ -+#include "libcrypto-compat.h" - #endif - - #include "defines.h" -diff --git a/kexdhc.c b/kexdhc.c -index ad3975f0..0a55092e 100644 ---- a/kexdhc.c -+++ b/kexdhc.c -@@ -56,6 +56,7 @@ kexdh_client(struct ssh *ssh) - { - struct kex *kex = ssh->kex; - int r; -+ const BIGNUM *pub_key; - - /* generate and send 'e', client DH public key */ - switch (kex->kex_type) { -@@ -81,21 +82,27 @@ kexdh_client(struct ssh *ssh) - goto out; - } - debug("sending SSH2_MSG_KEXDH_INIT"); -- if ((r = dh_gen_key(kex->dh, kex->we_need * 8)) != 0 || -- (r = sshpkt_start(ssh, SSH2_MSG_KEXDH_INIT)) != 0 || -- (r = sshpkt_put_bignum2(ssh, kex->dh->pub_key)) != 0 || -+ if ((r = dh_gen_key(kex->dh, kex->we_need * 8)) != 0) -+ goto out; -+ DH_get0_key(kex->dh, &pub_key, NULL); -+ if ((r = sshpkt_start(ssh, SSH2_MSG_KEXDH_INIT)) != 0 || -+ (r = sshpkt_put_bignum2(ssh, pub_key)) != 0 || - (r = sshpkt_send(ssh)) != 0) - goto out; - #ifdef DEBUG_KEXDH - DHparams_print_fp(stderr, kex->dh); - fprintf(stderr, "pub= "); -- BN_print_fp(stderr, kex->dh->pub_key); -+ BN_print_fp(stderr, pub_key); - fprintf(stderr, "\n"); - #endif - debug("expecting SSH2_MSG_KEXDH_REPLY"); - ssh_dispatch_set(ssh, SSH2_MSG_KEXDH_REPLY, &input_kex_dh); - r = 0; - out: -+ if (r != 0) { -+ DH_free(kex->dh); -+ kex->dh = NULL; -+ } - return r; - } - -@@ -110,6 +117,7 @@ input_kex_dh(int type, u_int32_t seq, void *ctxt) - u_char hash[SSH_DIGEST_MAX_LENGTH]; - size_t klen = 0, slen, sbloblen, hashlen; - int kout, r; -+ const BIGNUM *pub_key; - - if (kex->verify_host_key == NULL) { - r = SSH_ERR_INVALID_ARGUMENT; -@@ -169,6 +177,7 @@ input_kex_dh(int type, u_int32_t seq, void *ctxt) - #endif - - /* calc and verify H */ -+ DH_get0_key(kex->dh, &pub_key, NULL); - hashlen = sizeof(hash); - if ((r = kex_dh_hash( - kex->hash_alg, -@@ -177,7 +186,7 @@ input_kex_dh(int type, u_int32_t seq, void *ctxt) - sshbuf_ptr(kex->my), sshbuf_len(kex->my), - sshbuf_ptr(kex->peer), sshbuf_len(kex->peer), - server_host_key_blob, sbloblen, -- kex->dh->pub_key, -+ pub_key, - dh_server_pub, - shared_secret, - hash, &hashlen)) != 0) -diff --git a/kexdhs.c b/kexdhs.c -index 108f6642..8d0906e4 100644 ---- a/kexdhs.c -+++ b/kexdhs.c -@@ -87,6 +87,10 @@ kexdh_server(struct ssh *ssh) - ssh_dispatch_set(ssh, SSH2_MSG_KEXDH_INIT, &input_kex_dh_init); - r = 0; - out: -+ if (r != 0) { -+ DH_free(kex->dh); -+ kex->dh = NULL; -+ } - return r; - } - -@@ -102,6 +106,7 @@ input_kex_dh_init(int type, u_int32_t seq, void *ctxt) - size_t sbloblen, slen; - size_t klen = 0, hashlen; - int kout, r; -+ const BIGNUM *pub_key; - - if (kex->load_host_public_key == NULL || - kex->load_host_private_key == NULL) { -@@ -164,6 +169,7 @@ input_kex_dh_init(int type, u_int32_t seq, void *ctxt) - goto out; - /* calc H */ - hashlen = sizeof(hash); -+ DH_get0_key(kex->dh, &pub_key, NULL); - if ((r = kex_dh_hash( - kex->hash_alg, - kex->client_version_string, -@@ -172,7 +178,7 @@ input_kex_dh_init(int type, u_int32_t seq, void *ctxt) - sshbuf_ptr(kex->my), sshbuf_len(kex->my), - server_host_key_blob, sbloblen, - dh_client_pub, -- kex->dh->pub_key, -+ pub_key, - shared_secret, - hash, &hashlen)) != 0) - goto out; -@@ -198,7 +204,7 @@ input_kex_dh_init(int type, u_int32_t seq, void *ctxt) - /* send server hostkey, DH pubkey 'f' and singed H */ - if ((r = sshpkt_start(ssh, SSH2_MSG_KEXDH_REPLY)) != 0 || - (r = sshpkt_put_string(ssh, server_host_key_blob, sbloblen)) != 0 || -- (r = sshpkt_put_bignum2(ssh, kex->dh->pub_key)) != 0 || /* f */ -+ (r = sshpkt_put_bignum2(ssh, pub_key)) != 0 || /* f */ - (r = sshpkt_put_string(ssh, signature, slen)) != 0 || - (r = sshpkt_send(ssh)) != 0) - goto out; -diff --git a/kexgexc.c b/kexgexc.c -index ad0d1c8c..da17c498 100644 ---- a/kexgexc.c -+++ b/kexgexc.c -@@ -95,6 +95,7 @@ input_kex_dh_gex_group(int type, u_int32_t seq, void *ctxt) - struct kex *kex = ssh->kex; - BIGNUM *p = NULL, *g = NULL; - int r, bits; -+ const BIGNUM *pub_key; - - debug("got SSH2_MSG_KEX_DH_GEX_GROUP"); - -@@ -119,26 +120,30 @@ input_kex_dh_gex_group(int type, u_int32_t seq, void *ctxt) - p = g = NULL; /* belong to kex->dh now */ - - /* generate and send 'e', client DH public key */ -- if ((r = dh_gen_key(kex->dh, kex->we_need * 8)) != 0 || -- (r = sshpkt_start(ssh, SSH2_MSG_KEX_DH_GEX_INIT)) != 0 || -- (r = sshpkt_put_bignum2(ssh, kex->dh->pub_key)) != 0 || -+ if ((r = dh_gen_key(kex->dh, kex->we_need * 8)) != 0) -+ goto out; -+ DH_get0_key(kex->dh, &pub_key, NULL); -+ if ((r = sshpkt_start(ssh, SSH2_MSG_KEX_DH_GEX_INIT)) != 0 || -+ (r = sshpkt_put_bignum2(ssh, pub_key)) != 0 || - (r = sshpkt_send(ssh)) != 0) - goto out; - debug("SSH2_MSG_KEX_DH_GEX_INIT sent"); - #ifdef DEBUG_KEXDH - DHparams_print_fp(stderr, kex->dh); - fprintf(stderr, "pub= "); -- BN_print_fp(stderr, kex->dh->pub_key); -+ BN_print_fp(stderr, pub_key); - fprintf(stderr, "\n"); - #endif - ssh_dispatch_set(ssh, SSH2_MSG_KEX_DH_GEX_GROUP, NULL); - ssh_dispatch_set(ssh, SSH2_MSG_KEX_DH_GEX_REPLY, &input_kex_dh_gex_reply); - r = 0; - out: -- if (p) -- BN_clear_free(p); -- if (g) -- BN_clear_free(g); -+ BN_clear_free(p); -+ BN_clear_free(g); -+ if (r != 0) { -+ DH_free(kex->dh); -+ kex->dh = NULL; -+ } - return r; - } - -@@ -153,6 +158,7 @@ input_kex_dh_gex_reply(int type, u_int32_t seq, void *ctxt) - u_char hash[SSH_DIGEST_MAX_LENGTH]; - size_t klen = 0, slen, sbloblen, hashlen; - int kout, r; -+ const BIGNUM *p, *g, *pub_key; - - debug("got SSH2_MSG_KEX_DH_GEX_REPLY"); - if (kex->verify_host_key == NULL) { -@@ -219,6 +225,8 @@ input_kex_dh_gex_reply(int type, u_int32_t seq, void *ctxt) - kex->min = kex->max = -1; - - /* calc and verify H */ -+ DH_get0_pqg(kex->dh, &p, NULL, &g); -+ DH_get0_key(kex->dh, &pub_key, NULL); - hashlen = sizeof(hash); - if ((r = kexgex_hash( - kex->hash_alg, -@@ -228,8 +236,8 @@ input_kex_dh_gex_reply(int type, u_int32_t seq, void *ctxt) - sshbuf_ptr(kex->peer), sshbuf_len(kex->peer), - server_host_key_blob, sbloblen, - kex->min, kex->nbits, kex->max, -- kex->dh->p, kex->dh->g, -- kex->dh->pub_key, -+ p, g, -+ pub_key, - dh_server_pub, - shared_secret, - hash, &hashlen)) != 0) -diff --git a/kexgexs.c b/kexgexs.c -index 44960359..7cd8c7e7 100644 ---- a/kexgexs.c -+++ b/kexgexs.c -@@ -73,6 +73,7 @@ input_kex_dh_gex_request(int type, u_int32_t seq, void *ctxt) - struct kex *kex = ssh->kex; - int r; - u_int min = 0, max = 0, nbits = 0; -+ const BIGNUM *p, *g; - - debug("SSH2_MSG_KEX_DH_GEX_REQUEST received"); - if ((r = sshpkt_get_u32(ssh, &min)) != 0 || -@@ -102,9 +103,10 @@ input_kex_dh_gex_request(int type, u_int32_t seq, void *ctxt) - goto out; - } - debug("SSH2_MSG_KEX_DH_GEX_GROUP sent"); -+ DH_get0_pqg(kex->dh, &p, NULL, &g); - if ((r = sshpkt_start(ssh, SSH2_MSG_KEX_DH_GEX_GROUP)) != 0 || -- (r = sshpkt_put_bignum2(ssh, kex->dh->p)) != 0 || -- (r = sshpkt_put_bignum2(ssh, kex->dh->g)) != 0 || -+ (r = sshpkt_put_bignum2(ssh, p)) != 0 || -+ (r = sshpkt_put_bignum2(ssh, g)) != 0 || - (r = sshpkt_send(ssh)) != 0) - goto out; - -@@ -116,6 +118,10 @@ input_kex_dh_gex_request(int type, u_int32_t seq, void *ctxt) - ssh_dispatch_set(ssh, SSH2_MSG_KEX_DH_GEX_INIT, &input_kex_dh_gex_init); - r = 0; - out: -+ if (r != 0) { -+ DH_free(kex->dh); -+ kex->dh = NULL; -+ } - return r; - } - -@@ -131,6 +137,7 @@ input_kex_dh_gex_init(int type, u_int32_t seq, void *ctxt) - size_t sbloblen, slen; - size_t klen = 0, hashlen; - int kout, r; -+ const BIGNUM *p, *g, *pub_key; - - if (kex->load_host_public_key == NULL || - kex->load_host_private_key == NULL) { -@@ -193,6 +200,8 @@ input_kex_dh_gex_init(int type, u_int32_t seq, void *ctxt) - goto out; - /* calc H */ - hashlen = sizeof(hash); -+ DH_get0_pqg(kex->dh, &p, NULL, &g); -+ DH_get0_key(kex->dh, &pub_key, NULL); - if ((r = kexgex_hash( - kex->hash_alg, - kex->client_version_string, -@@ -201,9 +210,9 @@ input_kex_dh_gex_init(int type, u_int32_t seq, void *ctxt) - sshbuf_ptr(kex->my), sshbuf_len(kex->my), - server_host_key_blob, sbloblen, - kex->min, kex->nbits, kex->max, -- kex->dh->p, kex->dh->g, -+ p, g, - dh_client_pub, -- kex->dh->pub_key, -+ pub_key, - shared_secret, - hash, &hashlen)) != 0) - goto out; -@@ -229,7 +238,7 @@ input_kex_dh_gex_init(int type, u_int32_t seq, void *ctxt) - /* send server hostkey, DH pubkey 'f' and singed H */ - if ((r = sshpkt_start(ssh, SSH2_MSG_KEX_DH_GEX_REPLY)) != 0 || - (r = sshpkt_put_string(ssh, server_host_key_blob, sbloblen)) != 0 || -- (r = sshpkt_put_bignum2(ssh, kex->dh->pub_key)) != 0 || /* f */ -+ (r = sshpkt_put_bignum2(ssh, pub_key)) != 0 || /* f */ - (r = sshpkt_put_string(ssh, signature, slen)) != 0 || - (r = sshpkt_send(ssh)) != 0) - goto out; -diff --git a/libcrypto-compat.c b/libcrypto-compat.c -new file mode 100644 -index 00000000..1e17fecc ---- /dev/null -+++ b/libcrypto-compat.c -@@ -0,0 +1,546 @@ -+/* -+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. -+ * -+ * Licensed under the OpenSSL license (the "License"). You may not use -+ * this file except in compliance with the License. You can obtain a copy -+ * in the file LICENSE in the source distribution or at -+ * https://www.openssl.org/source/license.html -+ */ -+ -+#include "includes.h" -+ -+#if OPENSSL_VERSION_NUMBER < 0x10100000L -+ -+#include -+#include -+ -+static void *OPENSSL_zalloc(size_t num) -+{ -+ void *ret = OPENSSL_malloc(num); -+ -+ if (ret != NULL) -+ memset(ret, 0, num); -+ return ret; -+} -+ -+int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d) -+{ -+ /* If the fields n and e in r are NULL, the corresponding input -+ * parameters MUST be non-NULL for n and e. d may be -+ * left NULL (in case only the public key is used). -+ */ -+ if ((r->n == NULL && n == NULL) -+ || (r->e == NULL && e == NULL)) -+ return 0; -+ -+ if (n != NULL) { -+ BN_free(r->n); -+ r->n = n; -+ } -+ if (e != NULL) { -+ BN_free(r->e); -+ r->e = e; -+ } -+ if (d != NULL) { -+ BN_free(r->d); -+ r->d = d; -+ } -+ -+ return 1; -+} -+ -+int RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q) -+{ -+ /* If the fields p and q in r are NULL, the corresponding input -+ * parameters MUST be non-NULL. -+ */ -+ if ((r->p == NULL && p == NULL) -+ || (r->q == NULL && q == NULL)) -+ return 0; -+ -+ if (p != NULL) { -+ BN_free(r->p); -+ r->p = p; -+ } -+ if (q != NULL) { -+ BN_free(r->q); -+ r->q = q; -+ } -+ -+ return 1; -+} -+ -+int RSA_set0_crt_params(RSA *r, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp) -+{ -+ /* If the fields dmp1, dmq1 and iqmp in r are NULL, the corresponding input -+ * parameters MUST be non-NULL. -+ */ -+ if ((r->dmp1 == NULL && dmp1 == NULL) -+ || (r->dmq1 == NULL && dmq1 == NULL) -+ || (r->iqmp == NULL && iqmp == NULL)) -+ return 0; -+ -+ if (dmp1 != NULL) { -+ BN_free(r->dmp1); -+ r->dmp1 = dmp1; -+ } -+ if (dmq1 != NULL) { -+ BN_free(r->dmq1); -+ r->dmq1 = dmq1; -+ } -+ if (iqmp != NULL) { -+ BN_free(r->iqmp); -+ r->iqmp = iqmp; -+ } -+ -+ return 1; -+} -+ -+void RSA_get0_key(const RSA *r, -+ const BIGNUM **n, const BIGNUM **e, const BIGNUM **d) -+{ -+ if (n != NULL) -+ *n = r->n; -+ if (e != NULL) -+ *e = r->e; -+ if (d != NULL) -+ *d = r->d; -+} -+ -+void RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q) -+{ -+ if (p != NULL) -+ *p = r->p; -+ if (q != NULL) -+ *q = r->q; -+} -+ -+void RSA_get0_crt_params(const RSA *r, -+ const BIGNUM **dmp1, const BIGNUM **dmq1, -+ const BIGNUM **iqmp) -+{ -+ if (dmp1 != NULL) -+ *dmp1 = r->dmp1; -+ if (dmq1 != NULL) -+ *dmq1 = r->dmq1; -+ if (iqmp != NULL) -+ *iqmp = r->iqmp; -+} -+ -+void DSA_get0_pqg(const DSA *d, -+ const BIGNUM **p, const BIGNUM **q, const BIGNUM **g) -+{ -+ if (p != NULL) -+ *p = d->p; -+ if (q != NULL) -+ *q = d->q; -+ if (g != NULL) -+ *g = d->g; -+} -+ -+int DSA_set0_pqg(DSA *d, BIGNUM *p, BIGNUM *q, BIGNUM *g) -+{ -+ /* If the fields p, q and g in d are NULL, the corresponding input -+ * parameters MUST be non-NULL. -+ */ -+ if ((d->p == NULL && p == NULL) -+ || (d->q == NULL && q == NULL) -+ || (d->g == NULL && g == NULL)) -+ return 0; -+ -+ if (p != NULL) { -+ BN_free(d->p); -+ d->p = p; -+ } -+ if (q != NULL) { -+ BN_free(d->q); -+ d->q = q; -+ } -+ if (g != NULL) { -+ BN_free(d->g); -+ d->g = g; -+ } -+ -+ return 1; -+} -+ -+void DSA_get0_key(const DSA *d, -+ const BIGNUM **pub_key, const BIGNUM **priv_key) -+{ -+ if (pub_key != NULL) -+ *pub_key = d->pub_key; -+ if (priv_key != NULL) -+ *priv_key = d->priv_key; -+} -+ -+int DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key) -+{ -+ /* If the field pub_key in d is NULL, the corresponding input -+ * parameters MUST be non-NULL. The priv_key field may -+ * be left NULL. -+ */ -+ if (d->pub_key == NULL && pub_key == NULL) -+ return 0; -+ -+ if (pub_key != NULL) { -+ BN_free(d->pub_key); -+ d->pub_key = pub_key; -+ } -+ if (priv_key != NULL) { -+ BN_free(d->priv_key); -+ d->priv_key = priv_key; -+ } -+ -+ return 1; -+} -+ -+void DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps) -+{ -+ if (pr != NULL) -+ *pr = sig->r; -+ if (ps != NULL) -+ *ps = sig->s; -+} -+ -+int DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s) -+{ -+ if (r == NULL || s == NULL) -+ return 0; -+ BN_clear_free(sig->r); -+ BN_clear_free(sig->s); -+ sig->r = r; -+ sig->s = s; -+ return 1; -+} -+ -+void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps) -+{ -+ if (pr != NULL) -+ *pr = sig->r; -+ if (ps != NULL) -+ *ps = sig->s; -+} -+ -+int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s) -+{ -+ if (r == NULL || s == NULL) -+ return 0; -+ BN_clear_free(sig->r); -+ BN_clear_free(sig->s); -+ sig->r = r; -+ sig->s = s; -+ return 1; -+} -+ -+void DH_get0_pqg(const DH *dh, -+ const BIGNUM **p, const BIGNUM **q, const BIGNUM **g) -+{ -+ if (p != NULL) -+ *p = dh->p; -+ if (q != NULL) -+ *q = dh->q; -+ if (g != NULL) -+ *g = dh->g; -+} -+ -+int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g) -+{ -+ /* If the fields p and g in d are NULL, the corresponding input -+ * parameters MUST be non-NULL. q may remain NULL. -+ */ -+ if ((dh->p == NULL && p == NULL) -+ || (dh->g == NULL && g == NULL)) -+ return 0; -+ -+ if (p != NULL) { -+ BN_free(dh->p); -+ dh->p = p; -+ } -+ if (q != NULL) { -+ BN_free(dh->q); -+ dh->q = q; -+ } -+ if (g != NULL) { -+ BN_free(dh->g); -+ dh->g = g; -+ } -+ -+ if (q != NULL) { -+ dh->length = BN_num_bits(q); -+ } -+ -+ return 1; -+} -+ -+void DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key) -+{ -+ if (pub_key != NULL) -+ *pub_key = dh->pub_key; -+ if (priv_key != NULL) -+ *priv_key = dh->priv_key; -+} -+ -+int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key) -+{ -+ /* If the field pub_key in dh is NULL, the corresponding input -+ * parameters MUST be non-NULL. The priv_key field may -+ * be left NULL. -+ */ -+ if (dh->pub_key == NULL && pub_key == NULL) -+ return 0; -+ -+ if (pub_key != NULL) { -+ BN_free(dh->pub_key); -+ dh->pub_key = pub_key; -+ } -+ if (priv_key != NULL) { -+ BN_free(dh->priv_key); -+ dh->priv_key = priv_key; -+ } -+ -+ return 1; -+} -+ -+int DH_set_length(DH *dh, long length) -+{ -+ dh->length = length; -+ return 1; -+} -+ -+const unsigned char *EVP_CIPHER_CTX_iv(const EVP_CIPHER_CTX *ctx) -+{ -+ return ctx->iv; -+} -+ -+unsigned char *EVP_CIPHER_CTX_iv_noconst(EVP_CIPHER_CTX *ctx) -+{ -+ return ctx->iv; -+} -+ -+EVP_MD_CTX *EVP_MD_CTX_new(void) -+{ -+ return OPENSSL_zalloc(sizeof(EVP_MD_CTX)); -+} -+ -+static void OPENSSL_clear_free(void *str, size_t num) -+{ -+ if (str == NULL) -+ return; -+ if (num) -+ OPENSSL_cleanse(str, num); -+ OPENSSL_free(str); -+} -+ -+/* This call frees resources associated with the context */ -+int EVP_MD_CTX_reset(EVP_MD_CTX *ctx) -+{ -+ if (ctx == NULL) -+ return 1; -+ -+ /* -+ * Don't assume ctx->md_data was cleaned in EVP_Digest_Final, because -+ * sometimes only copies of the context are ever finalised. -+ */ -+ if (ctx->digest && ctx->digest->cleanup -+ && !EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_CLEANED)) -+ ctx->digest->cleanup(ctx); -+ if (ctx->digest && ctx->digest->ctx_size && ctx->md_data -+ && !EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_REUSE)) { -+ OPENSSL_clear_free(ctx->md_data, ctx->digest->ctx_size); -+ } -+ EVP_PKEY_CTX_free(ctx->pctx); -+#ifndef OPENSSL_NO_ENGINE -+ ENGINE_finish(ctx->engine); -+#endif -+ OPENSSL_cleanse(ctx, sizeof(*ctx)); -+ -+ return 1; -+} -+ -+void EVP_MD_CTX_free(EVP_MD_CTX *ctx) -+{ -+ EVP_MD_CTX_reset(ctx); -+ OPENSSL_free(ctx); -+} -+ -+RSA_METHOD *RSA_meth_dup(const RSA_METHOD *meth) -+{ -+ RSA_METHOD *ret; -+ -+ ret = OPENSSL_malloc(sizeof(RSA_METHOD)); -+ -+ if (ret != NULL) { -+ memcpy(ret, meth, sizeof(*meth)); -+ ret->name = OPENSSL_strdup(meth->name); -+ if (ret->name == NULL) { -+ OPENSSL_free(ret); -+ return NULL; -+ } -+ } -+ -+ return ret; -+} -+ -+int RSA_meth_set1_name(RSA_METHOD *meth, const char *name) -+{ -+ char *tmpname; -+ -+ tmpname = OPENSSL_strdup(name); -+ if (tmpname == NULL) { -+ return 0; -+ } -+ -+ OPENSSL_free((char *)meth->name); -+ meth->name = tmpname; -+ -+ return 1; -+} -+ -+int RSA_meth_set_priv_enc(RSA_METHOD *meth, -+ int (*priv_enc) (int flen, const unsigned char *from, -+ unsigned char *to, RSA *rsa, -+ int padding)) -+{ -+ meth->rsa_priv_enc = priv_enc; -+ return 1; -+} -+ -+int RSA_meth_set_priv_dec(RSA_METHOD *meth, -+ int (*priv_dec) (int flen, const unsigned char *from, -+ unsigned char *to, RSA *rsa, -+ int padding)) -+{ -+ meth->rsa_priv_dec = priv_dec; -+ return 1; -+} -+ -+int RSA_meth_set_finish(RSA_METHOD *meth, int (*finish) (RSA *rsa)) -+{ -+ meth->finish = finish; -+ return 1; -+} -+ -+void RSA_meth_free(RSA_METHOD *meth) -+{ -+ if (meth != NULL) { -+ OPENSSL_free((char *)meth->name); -+ OPENSSL_free(meth); -+ } -+} -+ -+int RSA_bits(const RSA *r) -+{ -+ return (BN_num_bits(r->n)); -+} -+ -+int DSA_bits(const DSA *dsa) -+{ -+ return BN_num_bits(dsa->p); -+} -+ -+RSA *EVP_PKEY_get0_RSA(EVP_PKEY *pkey) -+{ -+ if (pkey->type != EVP_PKEY_RSA) { -+ return NULL; -+ } -+ return pkey->pkey.rsa; -+} -+ -+EVP_CIPHER *EVP_CIPHER_meth_new(int cipher_type, int block_size, int key_len) -+{ -+ EVP_CIPHER *cipher = OPENSSL_zalloc(sizeof(EVP_CIPHER)); -+ -+ if (cipher != NULL) { -+ cipher->nid = cipher_type; -+ cipher->block_size = block_size; -+ cipher->key_len = key_len; -+ } -+ return cipher; -+} -+ -+void EVP_CIPHER_meth_free(EVP_CIPHER *cipher) -+{ -+ OPENSSL_free(cipher); -+} -+ -+int EVP_CIPHER_meth_set_iv_length(EVP_CIPHER *cipher, int iv_len) -+{ -+ cipher->iv_len = iv_len; -+ return 1; -+} -+ -+int EVP_CIPHER_meth_set_flags(EVP_CIPHER *cipher, unsigned long flags) -+{ -+ cipher->flags = flags; -+ return 1; -+} -+ -+int EVP_CIPHER_meth_set_init(EVP_CIPHER *cipher, -+ int (*init) (EVP_CIPHER_CTX *ctx, -+ const unsigned char *key, -+ const unsigned char *iv, -+ int enc)) -+{ -+ cipher->init = init; -+ return 1; -+} -+ -+int EVP_CIPHER_meth_set_do_cipher(EVP_CIPHER *cipher, -+ int (*do_cipher) (EVP_CIPHER_CTX *ctx, -+ unsigned char *out, -+ const unsigned char *in, -+ size_t inl)) -+{ -+ cipher->do_cipher = do_cipher; -+ return 1; -+} -+ -+int EVP_CIPHER_meth_set_cleanup(EVP_CIPHER *cipher, -+ int (*cleanup) (EVP_CIPHER_CTX *)) -+{ -+ cipher->cleanup = cleanup; -+ return 1; -+} -+ -+int EVP_CIPHER_meth_set_ctrl(EVP_CIPHER *cipher, -+ int (*ctrl) (EVP_CIPHER_CTX *, int type, -+ int arg, void *ptr)) -+{ -+ cipher->ctrl = ctrl; -+ return 1; -+} -+ -+int (*EVP_CIPHER_meth_get_init(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *ctx, -+ const unsigned char *key, -+ const unsigned char *iv, -+ int enc) -+{ -+ return cipher->init; -+} -+ -+int (*EVP_CIPHER_meth_get_do_cipher(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *ctx, -+ unsigned char *out, -+ const unsigned char *in, -+ size_t inl) -+{ -+ return cipher->do_cipher; -+} -+ -+int (*EVP_CIPHER_meth_get_cleanup(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *) -+{ -+ return cipher->cleanup; -+} -+ -+int (*EVP_CIPHER_meth_get_ctrl(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *, -+ int type, int arg, -+ void *ptr) -+{ -+ return cipher->ctrl; -+} -+ -+int EVP_CIPHER_CTX_encrypting(const EVP_CIPHER_CTX *ctx) -+{ -+ return ctx->encrypt; -+} -+ -+#endif /* OPENSSL_VERSION_NUMBER */ -diff --git a/libcrypto-compat.h b/libcrypto-compat.h -new file mode 100644 -index 00000000..5ef87a65 ---- /dev/null -+++ b/libcrypto-compat.h -@@ -0,0 +1,98 @@ -+#ifndef LIBCRYPTO_COMPAT_H -+#define LIBCRYPTO_COMPAT_H -+ -+#if OPENSSL_VERSION_NUMBER < 0x10100000L -+ -+#include -+#include -+#include -+#include -+#include -+ -+int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d); -+int RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q); -+int RSA_set0_crt_params(RSA *r, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp); -+void RSA_get0_key(const RSA *r, const BIGNUM **n, const BIGNUM **e, const BIGNUM **d); -+void RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q); -+void RSA_get0_crt_params(const RSA *r, const BIGNUM **dmp1, const BIGNUM **dmq1, const BIGNUM **iqmp); -+ -+void DSA_get0_pqg(const DSA *d, const BIGNUM **p, const BIGNUM **q, const BIGNUM **g); -+int DSA_set0_pqg(DSA *d, BIGNUM *p, BIGNUM *q, BIGNUM *g); -+void DSA_get0_key(const DSA *d, const BIGNUM **pub_key, const BIGNUM **priv_key); -+int DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key); -+ -+void DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps); -+int DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s); -+ -+void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps); -+int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s); -+ -+void DH_get0_pqg(const DH *dh, const BIGNUM **p, const BIGNUM **q, const BIGNUM **g); -+int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g); -+void DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key); -+int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key); -+int DH_set_length(DH *dh, long length); -+ -+const unsigned char *EVP_CIPHER_CTX_iv(const EVP_CIPHER_CTX *ctx); -+unsigned char *EVP_CIPHER_CTX_iv_noconst(EVP_CIPHER_CTX *ctx); -+int EVP_MD_CTX_reset(EVP_MD_CTX *ctx); -+EVP_MD_CTX *EVP_MD_CTX_new(void); -+void EVP_MD_CTX_free(EVP_MD_CTX *ctx); -+#define EVP_CIPHER_impl_ctx_size(e) e->ctx_size -+#define EVP_CIPHER_CTX_get_cipher_data(ctx) ctx->cipher_data -+ -+RSA_METHOD *RSA_meth_dup(const RSA_METHOD *meth); -+int RSA_meth_set1_name(RSA_METHOD *meth, const char *name); -+#define RSA_meth_get_finish(meth) meth->finish -+int RSA_meth_set_priv_enc(RSA_METHOD *meth, int (*priv_enc) (int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding)); -+int RSA_meth_set_priv_dec(RSA_METHOD *meth, int (*priv_dec) (int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding)); -+int RSA_meth_set_finish(RSA_METHOD *meth, int (*finish) (RSA *rsa)); -+void RSA_meth_free(RSA_METHOD *meth); -+ -+int RSA_bits(const RSA *r); -+int DSA_bits(const DSA *d); -+ -+RSA *EVP_PKEY_get0_RSA(EVP_PKEY *pkey); -+ -+EVP_CIPHER *EVP_CIPHER_meth_new(int cipher_type, int block_size, int key_len); -+void EVP_CIPHER_meth_free(EVP_CIPHER *cipher); -+ -+int EVP_CIPHER_meth_set_iv_length(EVP_CIPHER *cipher, int iv_len); -+int EVP_CIPHER_meth_set_flags(EVP_CIPHER *cipher, unsigned long flags); -+int EVP_CIPHER_meth_set_init(EVP_CIPHER *cipher, -+ int (*init) (EVP_CIPHER_CTX *ctx, -+ const unsigned char *key, -+ const unsigned char *iv, -+ int enc)); -+int EVP_CIPHER_meth_set_do_cipher(EVP_CIPHER *cipher, -+ int (*do_cipher) (EVP_CIPHER_CTX *ctx, -+ unsigned char *out, -+ const unsigned char *in, -+ size_t inl)); -+int EVP_CIPHER_meth_set_cleanup(EVP_CIPHER *cipher, -+ int (*cleanup) (EVP_CIPHER_CTX *)); -+int EVP_CIPHER_meth_set_ctrl(EVP_CIPHER *cipher, -+ int (*ctrl) (EVP_CIPHER_CTX *, int type, -+ int arg, void *ptr)); -+ -+int (*EVP_CIPHER_meth_get_init(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *ctx, -+ const unsigned char *key, -+ const unsigned char *iv, -+ int enc); -+int (*EVP_CIPHER_meth_get_do_cipher(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *ctx, -+ unsigned char *out, -+ const unsigned char *in, -+ size_t inl); -+int (*EVP_CIPHER_meth_get_cleanup(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *); -+int (*EVP_CIPHER_meth_get_ctrl(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *, -+ int type, int arg, -+ void *ptr); -+ -+#define EVP_CIPHER_CTX_reset(c) EVP_CIPHER_CTX_init(c) -+ -+int EVP_CIPHER_CTX_encrypting(const EVP_CIPHER_CTX *ctx); -+ -+#endif /* OPENSSL_VERSION_NUMBER */ -+ -+#endif /* LIBCRYPTO_COMPAT_H */ -+ -diff --git a/monitor.c b/monitor.c -index 96d22b7e..f49bddd9 100644 ---- a/monitor.c -+++ b/monitor.c -@@ -581,9 +581,12 @@ mm_answer_moduli(int sock, Buffer *m) - return (0); - } else { - /* Send first bignum */ -+ const BIGNUM *p, *g; -+ -+ DH_get0_pqg(dh, &p, NULL, &g); - buffer_put_char(m, 1); -- buffer_put_bignum2(m, dh->p); -- buffer_put_bignum2(m, dh->g); -+ buffer_put_bignum2(m, p); -+ buffer_put_bignum2(m, g); - - DH_free(dh); - } -diff --git a/openbsd-compat/openssl-compat.c b/openbsd-compat/openssl-compat.c -index aaa953f2..0eae7fca 100644 ---- a/openbsd-compat/openssl-compat.c -+++ b/openbsd-compat/openssl-compat.c -@@ -70,12 +70,19 @@ ssh_compatible_openssl(long headerver, long libver) - void - ssh_OpenSSL_add_all_algorithms(void) - { -+#if OPENSSL_VERSION_NUMBER < 0x10100000L - OpenSSL_add_all_algorithms(); - - /* Enable use of crypto hardware */ - ENGINE_load_builtin_engines(); -+#if OPENSSL_VERSION_NUMBER < 0x10001000L - ENGINE_register_all_complete(); -+#endif - OPENSSL_config(NULL); -+#else -+ OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_DIGESTS | -+ OPENSSL_INIT_ADD_ALL_DIGESTS | OPENSSL_INIT_LOAD_CONFIG, NULL); -+#endif - } - #endif - -diff --git a/regress/unittests/sshkey/test_file.c b/regress/unittests/sshkey/test_file.c -index 906491f2..ec270de3 100644 ---- a/regress/unittests/sshkey/test_file.c -+++ b/regress/unittests/sshkey/test_file.c -@@ -46,6 +46,7 @@ sshkey_file_tests(void) - struct sshbuf *buf, *pw; - BIGNUM *a, *b, *c; - char *cp; -+ const BIGNUM *n, *p, *q, *g, *pub_key, *priv_key; - - TEST_START("load passphrase"); - pw = load_text_file("pw"); -@@ -58,7 +59,8 @@ sshkey_file_tests(void) - sshbuf_free(buf); - ASSERT_PTR_NE(k1, NULL); - a = load_bignum("rsa1_1.param.n"); -- ASSERT_BIGNUM_EQ(k1->rsa->n, a); -+ RSA_get0_key(k1->rsa, &n, NULL, NULL); -+ ASSERT_BIGNUM_EQ(n, a); - BN_free(a); - TEST_DONE(); - -@@ -109,9 +111,11 @@ sshkey_file_tests(void) - a = load_bignum("rsa_1.param.n"); - b = load_bignum("rsa_1.param.p"); - c = load_bignum("rsa_1.param.q"); -- ASSERT_BIGNUM_EQ(k1->rsa->n, a); -- ASSERT_BIGNUM_EQ(k1->rsa->p, b); -- ASSERT_BIGNUM_EQ(k1->rsa->q, c); -+ RSA_get0_key(k1->rsa, &n, NULL, NULL); -+ RSA_get0_factors(k1->rsa, &p, &q); -+ ASSERT_BIGNUM_EQ(n, a); -+ ASSERT_BIGNUM_EQ(p, b); -+ ASSERT_BIGNUM_EQ(q, c); - BN_free(a); - BN_free(b); - BN_free(c); -@@ -200,9 +204,11 @@ sshkey_file_tests(void) - a = load_bignum("dsa_1.param.g"); - b = load_bignum("dsa_1.param.priv"); - c = load_bignum("dsa_1.param.pub"); -- ASSERT_BIGNUM_EQ(k1->dsa->g, a); -- ASSERT_BIGNUM_EQ(k1->dsa->priv_key, b); -- ASSERT_BIGNUM_EQ(k1->dsa->pub_key, c); -+ DSA_get0_pqg(k1->dsa, NULL, NULL, &g); -+ DSA_get0_key(k1->dsa, &pub_key, &priv_key); -+ ASSERT_BIGNUM_EQ(g, a); -+ ASSERT_BIGNUM_EQ(priv_key, b); -+ ASSERT_BIGNUM_EQ(pub_key, c); - BN_free(a); - BN_free(b); - BN_free(c); -diff --git a/regress/unittests/sshkey/test_sshkey.c b/regress/unittests/sshkey/test_sshkey.c -index 1476dc2e..c0f94eec 100644 ---- a/regress/unittests/sshkey/test_sshkey.c -+++ b/regress/unittests/sshkey/test_sshkey.c -@@ -197,9 +197,6 @@ sshkey_tests(void) - k1 = sshkey_new(KEY_RSA1); - ASSERT_PTR_NE(k1, NULL); - ASSERT_PTR_NE(k1->rsa, NULL); -- ASSERT_PTR_NE(k1->rsa->n, NULL); -- ASSERT_PTR_NE(k1->rsa->e, NULL); -- ASSERT_PTR_EQ(k1->rsa->p, NULL); - sshkey_free(k1); - TEST_DONE(); - -@@ -207,9 +204,6 @@ sshkey_tests(void) - k1 = sshkey_new(KEY_RSA); - ASSERT_PTR_NE(k1, NULL); - ASSERT_PTR_NE(k1->rsa, NULL); -- ASSERT_PTR_NE(k1->rsa->n, NULL); -- ASSERT_PTR_NE(k1->rsa->e, NULL); -- ASSERT_PTR_EQ(k1->rsa->p, NULL); - sshkey_free(k1); - TEST_DONE(); - -@@ -217,8 +211,6 @@ sshkey_tests(void) - k1 = sshkey_new(KEY_DSA); - ASSERT_PTR_NE(k1, NULL); - ASSERT_PTR_NE(k1->dsa, NULL); -- ASSERT_PTR_NE(k1->dsa->g, NULL); -- ASSERT_PTR_EQ(k1->dsa->priv_key, NULL); - sshkey_free(k1); - TEST_DONE(); - -@@ -244,9 +236,6 @@ sshkey_tests(void) - k1 = sshkey_new_private(KEY_RSA); - ASSERT_PTR_NE(k1, NULL); - ASSERT_PTR_NE(k1->rsa, NULL); -- ASSERT_PTR_NE(k1->rsa->n, NULL); -- ASSERT_PTR_NE(k1->rsa->e, NULL); -- ASSERT_PTR_NE(k1->rsa->p, NULL); - ASSERT_INT_EQ(sshkey_add_private(k1), 0); - sshkey_free(k1); - TEST_DONE(); -@@ -255,8 +244,6 @@ sshkey_tests(void) - k1 = sshkey_new_private(KEY_DSA); - ASSERT_PTR_NE(k1, NULL); - ASSERT_PTR_NE(k1->dsa, NULL); -- ASSERT_PTR_NE(k1->dsa->g, NULL); -- ASSERT_PTR_NE(k1->dsa->priv_key, NULL); - ASSERT_INT_EQ(sshkey_add_private(k1), 0); - sshkey_free(k1); - TEST_DONE(); -@@ -295,18 +282,13 @@ sshkey_tests(void) - ASSERT_INT_EQ(sshkey_generate(KEY_RSA, 1024, &kr), 0); - ASSERT_PTR_NE(kr, NULL); - ASSERT_PTR_NE(kr->rsa, NULL); -- ASSERT_PTR_NE(kr->rsa->n, NULL); -- ASSERT_PTR_NE(kr->rsa->e, NULL); -- ASSERT_PTR_NE(kr->rsa->p, NULL); -- ASSERT_INT_EQ(BN_num_bits(kr->rsa->n), 1024); -+ ASSERT_INT_EQ(RSA_bits(kr->rsa), 1024); - TEST_DONE(); - - TEST_START("generate KEY_DSA"); - ASSERT_INT_EQ(sshkey_generate(KEY_DSA, 1024, &kd), 0); - ASSERT_PTR_NE(kd, NULL); - ASSERT_PTR_NE(kd->dsa, NULL); -- ASSERT_PTR_NE(kd->dsa->g, NULL); -- ASSERT_PTR_NE(kd->dsa->priv_key, NULL); - TEST_DONE(); - - #ifdef OPENSSL_HAS_ECC -@@ -333,9 +315,6 @@ sshkey_tests(void) - ASSERT_PTR_NE(kr, k1); - ASSERT_INT_EQ(k1->type, KEY_RSA); - ASSERT_PTR_NE(k1->rsa, NULL); -- ASSERT_PTR_NE(k1->rsa->n, NULL); -- ASSERT_PTR_NE(k1->rsa->e, NULL); -- ASSERT_PTR_EQ(k1->rsa->p, NULL); - TEST_DONE(); - - TEST_START("equal KEY_RSA/demoted KEY_RSA"); -@@ -349,8 +328,6 @@ sshkey_tests(void) - ASSERT_PTR_NE(kd, k1); - ASSERT_INT_EQ(k1->type, KEY_DSA); - ASSERT_PTR_NE(k1->dsa, NULL); -- ASSERT_PTR_NE(k1->dsa->g, NULL); -- ASSERT_PTR_EQ(k1->dsa->priv_key, NULL); - TEST_DONE(); - - TEST_START("equal KEY_DSA/demoted KEY_DSA"); -diff --git a/rsa.c b/rsa.c -index 5ecacef9..6ff9947f 100644 ---- a/rsa.c -+++ b/rsa.c -@@ -76,11 +76,14 @@ rsa_public_encrypt(BIGNUM *out, BIGNUM *in, RSA *key) - { - u_char *inbuf = NULL, *outbuf = NULL; - int len, ilen, olen, r = SSH_ERR_INTERNAL_ERROR; -+ const BIGNUM *e, *n; - -- if (BN_num_bits(key->e) < 2 || !BN_is_odd(key->e)) -+ RSA_get0_key(key, &n, &e, NULL); -+ -+ if (BN_num_bits(e) < 2 || !BN_is_odd(e)) - return SSH_ERR_INVALID_ARGUMENT; - -- olen = BN_num_bytes(key->n); -+ olen = BN_num_bytes(n); - if ((outbuf = malloc(olen)) == NULL) { - r = SSH_ERR_ALLOC_FAIL; - goto out; -@@ -122,8 +125,11 @@ rsa_private_decrypt(BIGNUM *out, BIGNUM *in, RSA *key) - { - u_char *inbuf = NULL, *outbuf = NULL; - int len, ilen, olen, r = SSH_ERR_INTERNAL_ERROR; -+ const BIGNUM *n; -+ -+ RSA_get0_key(key, &n, NULL, NULL); - -- olen = BN_num_bytes(key->n); -+ olen = BN_num_bytes(n); - if ((outbuf = malloc(olen)) == NULL) { - r = SSH_ERR_ALLOC_FAIL; - goto out; -@@ -157,31 +163,42 @@ rsa_private_decrypt(BIGNUM *out, BIGNUM *in, RSA *key) - return r; - } - --/* calculate p-1 and q-1 */ -+/* calculate d mod p-1 and d mod q-1 */ - int --rsa_generate_additional_parameters(RSA *rsa) -+rsa_generate_additional_parameters(RSA *rsa, BIGNUM *iqmp) - { - BIGNUM *aux = NULL; - BN_CTX *ctx = NULL; - int r; -+ const BIGNUM *p, *q, *d; -+ BIGNUM *dmp1 = NULL, *dmq1 = NULL; -+ -+ RSA_get0_factors(rsa, &p, &q); -+ RSA_get0_key(rsa, NULL, NULL, &d); - -- if ((ctx = BN_CTX_new()) == NULL) -- return SSH_ERR_ALLOC_FAIL; -- if ((aux = BN_new()) == NULL) { -+ if ((ctx = BN_CTX_new()) == NULL || -+ (aux = BN_new()) == NULL || -+ (dmp1 = BN_new()) == NULL || -+ (dmq1 = BN_new()) == NULL) { - r = SSH_ERR_ALLOC_FAIL; - goto out; - } - -- if ((BN_sub(aux, rsa->q, BN_value_one()) == 0) || -- (BN_mod(rsa->dmq1, rsa->d, aux, ctx) == 0) || -- (BN_sub(aux, rsa->p, BN_value_one()) == 0) || -- (BN_mod(rsa->dmp1, rsa->d, aux, ctx) == 0)) { -+ if ((BN_sub(aux, q, BN_value_one()) == 0) || -+ (BN_mod(dmq1, d, aux, ctx) == 0) || -+ (BN_sub(aux, p, BN_value_one()) == 0) || -+ (BN_mod(dmp1, d, aux, ctx) == 0) || -+ (RSA_set0_crt_params(rsa, dmp1, dmq1, iqmp) == 0)) { - r = SSH_ERR_LIBCRYPTO_ERROR; - goto out; - } -+ dmp1 = NULL; -+ dmq1 = NULL; - r = 0; - out: - BN_clear_free(aux); -+ BN_clear_free(dmp1); -+ BN_clear_free(dmq1); - BN_CTX_free(ctx); - return r; - } -diff --git a/rsa.h b/rsa.h -index c476707d..4da69363 100644 ---- a/rsa.h -+++ b/rsa.h -@@ -21,6 +21,6 @@ - - int rsa_public_encrypt(BIGNUM *, BIGNUM *, RSA *); - int rsa_private_decrypt(BIGNUM *, BIGNUM *, RSA *); --int rsa_generate_additional_parameters(RSA *); -+int rsa_generate_additional_parameters(RSA *, BIGNUM *); - - #endif /* RSA_H */ -diff --git a/ssh-agent.c b/ssh-agent.c -index b987562b..5f7c36fe 100644 ---- a/ssh-agent.c -+++ b/ssh-agent.c -@@ -258,12 +258,12 @@ process_request_identities(SocketEntry *e, int version) - TAILQ_FOREACH(id, &tab->idlist, next) { - if (id->key->type == KEY_RSA1) { - #ifdef WITH_SSH1 -+ const BIGNUM *r_n, *r_e; -+ RSA_get0_key(id->key->rsa, &r_n, &r_e, NULL); - if ((r = sshbuf_put_u32(msg, -- BN_num_bits(id->key->rsa->n))) != 0 || -- (r = sshbuf_put_bignum1(msg, -- id->key->rsa->e)) != 0 || -- (r = sshbuf_put_bignum1(msg, -- id->key->rsa->n)) != 0) -+ BN_num_bits(r_n))) != 0 || -+ (r = sshbuf_put_bignum1(msg, r_e)) != 0 || -+ (r = sshbuf_put_bignum1(msg, r_n)) != 0) - fatal("%s: buffer error: %s", - __func__, ssh_err(r)); - #endif -@@ -302,6 +302,7 @@ process_authentication_challenge1(SocketEntry *e) - struct sshbuf *msg; - struct ssh_digest_ctx *md; - struct sshkey *key; -+ BIGNUM *r_n = NULL, *r_e = NULL; - - if ((msg = sshbuf_new()) == NULL) - fatal("%s: sshbuf_new failed", __func__); -@@ -310,11 +311,16 @@ process_authentication_challenge1(SocketEntry *e) - if ((challenge = BN_new()) == NULL) - fatal("%s: BN_new failed", __func__); - -- if ((r = sshbuf_get_u32(e->request, NULL)) != 0 || /* ignored */ -- (r = sshbuf_get_bignum1(e->request, key->rsa->e)) != 0 || -- (r = sshbuf_get_bignum1(e->request, key->rsa->n)) != 0 || -- (r = sshbuf_get_bignum1(e->request, challenge))) -+ if ((r_n = BN_new()) == NULL || (r_e = BN_new()) == NULL || -+ (r = sshbuf_get_u32(e->request, NULL)) != 0 || /* ignored */ -+ (r = sshbuf_get_bignum1(e->request, r_e)) != 0 || -+ (r = sshbuf_get_bignum1(e->request, r_n)) != 0 || -+ (r = sshbuf_get_bignum1(e->request, challenge)) || -+ RSA_set0_key(key->rsa, r_n, r_e, NULL) == 0) { -+ BN_free(r_n); -+ BN_free(r_e); - fatal("%s: buffer error: %s", __func__, ssh_err(r)); -+ } - - /* Only protocol 1.1 is supported */ - if (sshbuf_len(e->request) == 0) -@@ -450,6 +456,7 @@ process_remove_identity(SocketEntry *e, int version) - u_char *blob; - #ifdef WITH_SSH1 - u_int bits; -+ BIGNUM *r_n = NULL, *r_e = NULL; - #endif /* WITH_SSH1 */ - - switch (version) { -@@ -459,10 +466,15 @@ process_remove_identity(SocketEntry *e, int version) - error("%s: sshkey_new failed", __func__); - return; - } -- if ((r = sshbuf_get_u32(e->request, &bits)) != 0 || -- (r = sshbuf_get_bignum1(e->request, key->rsa->e)) != 0 || -- (r = sshbuf_get_bignum1(e->request, key->rsa->n)) != 0) -+ if ((r_n = BN_new()) == NULL || (r_e = BN_new()) == NULL || -+ (r = sshbuf_get_u32(e->request, &bits)) != 0 || -+ (r = sshbuf_get_bignum1(e->request, r_e)) != 0 || -+ (r = sshbuf_get_bignum1(e->request, r_n)) != 0 || -+ RSA_set0_key(key->rsa, r_n, r_e, NULL) == 0) { -+ BN_free(r_n); -+ BN_free(r_e); - fatal("%s: buffer error: %s", __func__, ssh_err(r)); -+ } - - if (bits != sshkey_size(key)) - logit("Warning: identity keysize mismatch: " -@@ -565,23 +577,46 @@ agent_decode_rsa1(struct sshbuf *m, struct sshkey **kp) - { - struct sshkey *k = NULL; - int r = SSH_ERR_INTERNAL_ERROR; -+ BIGNUM *n = NULL, *e = NULL, *d = NULL, -+ *iqmp = NULL, *q = NULL, *p = NULL; - - *kp = NULL; - if ((k = sshkey_new_private(KEY_RSA1)) == NULL) - return SSH_ERR_ALLOC_FAIL; - -- if ((r = sshbuf_get_u32(m, NULL)) != 0 || /* ignored */ -- (r = sshbuf_get_bignum1(m, k->rsa->n)) != 0 || -- (r = sshbuf_get_bignum1(m, k->rsa->e)) != 0 || -- (r = sshbuf_get_bignum1(m, k->rsa->d)) != 0 || -- (r = sshbuf_get_bignum1(m, k->rsa->iqmp)) != 0 || -+ if ((n = BN_new()) == NULL || (e = BN_new()) == NULL || -+ (d = BN_new()) == NULL || (iqmp = BN_new()) == NULL || -+ (q = BN_new()) == NULL || (p = BN_new()) == NULL || -+ (r = sshbuf_get_u32(m, NULL)) != 0 || /* ignored */ -+ (r = sshbuf_get_bignum1(m, n)) != 0 || -+ (r = sshbuf_get_bignum1(m, e)) != 0 || -+ (r = sshbuf_get_bignum1(m, d)) != 0 || -+ (r = sshbuf_get_bignum1(m, iqmp)) != 0 || - /* SSH1 and SSL have p and q swapped */ -- (r = sshbuf_get_bignum1(m, k->rsa->q)) != 0 || /* p */ -- (r = sshbuf_get_bignum1(m, k->rsa->p)) != 0) /* q */ -+ (r = sshbuf_get_bignum1(m, q)) != 0 || /* p */ -+ (r = sshbuf_get_bignum1(m, p)) != 0 || /* q */ -+ RSA_set0_key(k->rsa, n, e, d) == 0) { -+ BN_free(n); -+ BN_free(e); -+ BN_free(d); -+ BN_free(p); -+ BN_free(q); -+ BN_free(iqmp); -+ goto out; -+ } -+ if (RSA_set0_factors(k->rsa, p, q) == 0) { -+ BN_free(p); -+ BN_free(q); -+ BN_free(iqmp); - goto out; -+ } -+ if (RSA_set0_crt_params(k->rsa, NULL, NULL, iqmp) == 0) { -+ BN_free(iqmp); -+ goto out; -+ } - - /* Generate additional parameters */ -- if ((r = rsa_generate_additional_parameters(k->rsa)) != 0) -+ if ((r = rsa_generate_additional_parameters(k->rsa, NULL)) != 0) - goto out; - /* enable blinding */ - if (RSA_blinding_on(k->rsa, NULL) != 1) { -diff --git a/ssh-dss.c b/ssh-dss.c -index 7af59fa6..e36751ec 100644 ---- a/ssh-dss.c -+++ b/ssh-dss.c -@@ -55,6 +55,7 @@ ssh_dss_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, - size_t rlen, slen, len, dlen = ssh_digest_bytes(SSH_DIGEST_SHA1); - struct sshbuf *b = NULL; - int ret = SSH_ERR_INVALID_ARGUMENT; -+ const BIGNUM *r, *s; - - if (lenp != NULL) - *lenp = 0; -@@ -76,15 +77,16 @@ ssh_dss_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, - goto out; - } - -- rlen = BN_num_bytes(sig->r); -- slen = BN_num_bytes(sig->s); -+ DSA_SIG_get0(sig, &r, &s); -+ rlen = BN_num_bytes(r); -+ slen = BN_num_bytes(s); - if (rlen > INTBLOB_LEN || slen > INTBLOB_LEN) { - ret = SSH_ERR_INTERNAL_ERROR; - goto out; - } - explicit_bzero(sigblob, SIGBLOB_LEN); -- BN_bn2bin(sig->r, sigblob + SIGBLOB_LEN - INTBLOB_LEN - rlen); -- BN_bn2bin(sig->s, sigblob + SIGBLOB_LEN - slen); -+ BN_bn2bin(r, sigblob + SIGBLOB_LEN - INTBLOB_LEN - rlen); -+ BN_bn2bin(s, sigblob + SIGBLOB_LEN - slen); - - if (compat & SSH_BUG_SIGBLOB) { - if (sigp != NULL) { -@@ -137,6 +139,7 @@ ssh_dss_verify(const struct sshkey *key, - int ret = SSH_ERR_INTERNAL_ERROR; - struct sshbuf *b = NULL; - char *ktype = NULL; -+ BIGNUM *r = NULL, *s = NULL; - - if (key == NULL || key->dsa == NULL || - sshkey_type_plain(key->type) != KEY_DSA || -@@ -177,16 +180,19 @@ ssh_dss_verify(const struct sshkey *key, - - /* parse signature */ - if ((sig = DSA_SIG_new()) == NULL || -- (sig->r = BN_new()) == NULL || -- (sig->s = BN_new()) == NULL) { -+ (r = BN_new()) == NULL || -+ (s = BN_new()) == NULL) { - ret = SSH_ERR_ALLOC_FAIL; - goto out; - } -- if ((BN_bin2bn(sigblob, INTBLOB_LEN, sig->r) == NULL) || -- (BN_bin2bn(sigblob+ INTBLOB_LEN, INTBLOB_LEN, sig->s) == NULL)) { -+ if ((BN_bin2bn(sigblob, INTBLOB_LEN, r) == NULL) || -+ (BN_bin2bn(sigblob+ INTBLOB_LEN, INTBLOB_LEN, s) == NULL) || -+ (DSA_SIG_set0(sig, r, s) == 0)) { - ret = SSH_ERR_LIBCRYPTO_ERROR; - goto out; - } -+ r = NULL; -+ s = NULL; - - /* sha1 the data */ - if ((ret = ssh_digest_memory(SSH_DIGEST_SHA1, data, datalen, -@@ -207,8 +213,9 @@ ssh_dss_verify(const struct sshkey *key, - - out: - explicit_bzero(digest, sizeof(digest)); -- if (sig != NULL) -- DSA_SIG_free(sig); -+ BN_free(r); -+ BN_free(s); -+ DSA_SIG_free(sig); - sshbuf_free(b); - free(ktype); - if (sigblob != NULL) { -diff --git a/ssh-ecdsa.c b/ssh-ecdsa.c -index d7bf3c69..985b7e55 100644 ---- a/ssh-ecdsa.c -+++ b/ssh-ecdsa.c -@@ -54,6 +54,7 @@ ssh_ecdsa_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, - size_t len, dlen; - struct sshbuf *b = NULL, *bb = NULL; - int ret = SSH_ERR_INTERNAL_ERROR; -+ const BIGNUM *r, *s; - - if (lenp != NULL) - *lenp = 0; -@@ -80,8 +81,9 @@ ssh_ecdsa_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, - ret = SSH_ERR_ALLOC_FAIL; - goto out; - } -- if ((ret = sshbuf_put_bignum2(bb, sig->r)) != 0 || -- (ret = sshbuf_put_bignum2(bb, sig->s)) != 0) -+ ECDSA_SIG_get0(sig, &r, &s); -+ if ((ret = sshbuf_put_bignum2(bb, r)) != 0 || -+ (ret = sshbuf_put_bignum2(bb, s)) != 0) - goto out; - if ((ret = sshbuf_put_cstring(b, sshkey_ssh_name_plain(key))) != 0 || - (ret = sshbuf_put_stringb(b, bb)) != 0) -@@ -119,6 +121,7 @@ ssh_ecdsa_verify(const struct sshkey *key, - int ret = SSH_ERR_INTERNAL_ERROR; - struct sshbuf *b = NULL, *sigbuf = NULL; - char *ktype = NULL; -+ BIGNUM *r = NULL, *s = NULL; - - if (key == NULL || key->ecdsa == NULL || - sshkey_type_plain(key->type) != KEY_ECDSA || -@@ -147,15 +150,23 @@ ssh_ecdsa_verify(const struct sshkey *key, - } - - /* parse signature */ -- if ((sig = ECDSA_SIG_new()) == NULL) { -+ if ((sig = ECDSA_SIG_new()) == NULL || -+ (r = BN_new()) == NULL || -+ (s = BN_new()) == NULL) { - ret = SSH_ERR_ALLOC_FAIL; - goto out; - } -- if (sshbuf_get_bignum2(sigbuf, sig->r) != 0 || -- sshbuf_get_bignum2(sigbuf, sig->s) != 0) { -+ if (sshbuf_get_bignum2(sigbuf, r) != 0 || -+ sshbuf_get_bignum2(sigbuf, s) != 0) { - ret = SSH_ERR_INVALID_FORMAT; - goto out; - } -+ if (ECDSA_SIG_set0(sig, r, s) == 0) { -+ ret = SSH_ERR_LIBCRYPTO_ERROR; -+ goto out; -+ } -+ r = NULL; -+ s = NULL; - if (sshbuf_len(sigbuf) != 0) { - ret = SSH_ERR_UNEXPECTED_TRAILING_DATA; - goto out; -@@ -180,8 +191,9 @@ ssh_ecdsa_verify(const struct sshkey *key, - explicit_bzero(digest, sizeof(digest)); - sshbuf_free(sigbuf); - sshbuf_free(b); -- if (sig != NULL) -- ECDSA_SIG_free(sig); -+ BN_free(r); -+ BN_free(s); -+ ECDSA_SIG_free(sig); - free(ktype); - return ret; - } -diff --git a/ssh-keygen.c b/ssh-keygen.c -index f17af036..3d7eff99 100644 ---- a/ssh-keygen.c -+++ b/ssh-keygen.c -@@ -482,40 +482,67 @@ do_convert_private_ssh2_from_blob(u_char *blob, u_int blen) - free(type); - - switch (key->type) { -- case KEY_DSA: -- buffer_get_bignum_bits(b, key->dsa->p); -- buffer_get_bignum_bits(b, key->dsa->g); -- buffer_get_bignum_bits(b, key->dsa->q); -- buffer_get_bignum_bits(b, key->dsa->pub_key); -- buffer_get_bignum_bits(b, key->dsa->priv_key); -+ case KEY_DSA: { -+ BIGNUM *p = NULL, *g = NULL, *q = NULL, *pub_key = NULL, *priv_key = NULL; -+ -+ if ((p = BN_new()) == NULL || -+ (g = BN_new()) == NULL || -+ (q = BN_new()) == NULL || -+ (pub_key = BN_new()) == NULL || -+ (priv_key = BN_new()) == NULL) -+ fatal("BN_new() failed"); -+ buffer_get_bignum_bits(b, p); -+ buffer_get_bignum_bits(b, g); -+ buffer_get_bignum_bits(b, q); -+ buffer_get_bignum_bits(b, pub_key); -+ buffer_get_bignum_bits(b, priv_key); -+ if (DSA_set0_pqg(key->dsa, p, q, g) == 0 || -+ DSA_set0_key(key->dsa, pub_key, priv_key) == 0) { -+ fatal("failed to set DSA key"); -+ } -+ } - break; -- case KEY_RSA: -- if ((r = sshbuf_get_u8(b, &e1)) != 0 || -- (e1 < 30 && (r = sshbuf_get_u8(b, &e2)) != 0) || -- (e1 < 30 && (r = sshbuf_get_u8(b, &e3)) != 0)) -- fatal("%s: buffer error: %s", __func__, ssh_err(r)); -- e = e1; -- debug("e %lx", e); -- if (e < 30) { -- e <<= 8; -- e += e2; -+ case KEY_RSA: { -+ BIGNUM *bn_e = NULL, *bn_d = NULL, *bn_n = NULL, *bn_iqmp = NULL, *bn_p = NULL, *bn_q = NULL; -+ -+ if ((bn_e = BN_new()) == NULL || -+ (bn_d = BN_new()) == NULL || -+ (bn_n = BN_new()) == NULL || -+ (bn_iqmp = BN_new()) == NULL || -+ (bn_p = BN_new()) == NULL || -+ (bn_q = BN_new()) == NULL) -+ fatal("BN_new() failed"); -+ -+ if ((r = sshbuf_get_u8(b, &e1)) != 0 || -+ (e1 < 30 && (r = sshbuf_get_u8(b, &e2)) != 0) || -+ (e1 < 30 && (r = sshbuf_get_u8(b, &e3)) != 0)) -+ fatal("%s: buffer error: %s", __func__, ssh_err(r)); -+ e = e1; - debug("e %lx", e); -- e <<= 8; -- e += e3; -- debug("e %lx", e); -- } -- if (!BN_set_word(key->rsa->e, e)) { -- sshbuf_free(b); -- sshkey_free(key); -- return NULL; -+ if (e < 30) { -+ e <<= 8; -+ e += e2; -+ debug("e %lx", e); -+ e <<= 8; -+ e += e3; -+ debug("e %lx", e); -+ } -+ if (!BN_set_word(bn_e, e)) { -+ sshbuf_free(b); -+ sshkey_free(key); -+ return NULL; -+ } -+ buffer_get_bignum_bits(b, bn_d); -+ buffer_get_bignum_bits(b, bn_n); -+ buffer_get_bignum_bits(b, bn_iqmp); -+ buffer_get_bignum_bits(b, bn_q); -+ buffer_get_bignum_bits(b, bn_p); -+ if (RSA_set0_key(key->rsa, bn_n, bn_e, bn_d) == 0 || -+ RSA_set0_factors(key->rsa, bn_p, bn_q) == 0) -+ fatal("Failed to set RSA parameters"); -+ if ((r = rsa_generate_additional_parameters(key->rsa, bn_iqmp)) != 0) -+ fatal("generate RSA parameters failed: %s", ssh_err(r)); - } -- buffer_get_bignum_bits(b, key->rsa->d); -- buffer_get_bignum_bits(b, key->rsa->n); -- buffer_get_bignum_bits(b, key->rsa->iqmp); -- buffer_get_bignum_bits(b, key->rsa->q); -- buffer_get_bignum_bits(b, key->rsa->p); -- if ((r = rsa_generate_additional_parameters(key->rsa)) != 0) -- fatal("generate RSA parameters failed: %s", ssh_err(r)); - break; - } - rlen = sshbuf_len(b); -@@ -623,7 +650,7 @@ do_convert_from_pkcs8(struct sshkey **k, int *private) - identity_file); - } - fclose(fp); -- switch (EVP_PKEY_type(pubkey->type)) { -+ switch (EVP_PKEY_base_id(pubkey)) { - case EVP_PKEY_RSA: - if ((*k = sshkey_new(KEY_UNSPEC)) == NULL) - fatal("sshkey_new failed"); -@@ -647,7 +674,7 @@ do_convert_from_pkcs8(struct sshkey **k, int *private) - #endif - default: - fatal("%s: unsupported pubkey type %d", __func__, -- EVP_PKEY_type(pubkey->type)); -+ EVP_PKEY_base_id(pubkey)); - } - EVP_PKEY_free(pubkey); - return; -@@ -1689,6 +1716,7 @@ do_ca_sign(struct passwd *pw, int argc, char **argv) - #ifdef ENABLE_PKCS11 - pkcs11_terminate(); - #endif -+ free(ca); - exit(0); - } - -diff --git a/ssh-keyscan.c b/ssh-keyscan.c -index 1f95239a..efeb191a 100644 ---- a/ssh-keyscan.c -+++ b/ssh-keyscan.c -@@ -195,6 +195,7 @@ keygrab_ssh1(con *c) - static struct sshbuf *msg; - int r; - u_char type; -+ BIGNUM *n = NULL, *e = NULL; - - if (rsa == NULL) { - if ((rsa = sshkey_new(KEY_RSA1)) == NULL) { -@@ -213,16 +214,20 @@ keygrab_ssh1(con *c) - sshbuf_reset(msg); - return NULL; - } -- if ((r = sshbuf_consume(msg, 8)) != 0 || /* cookie */ -+ if ((n = BN_new()) == NULL || (e = BN_new()) == NULL || -+ (r = sshbuf_consume(msg, 8)) != 0 || /* cookie */ - /* server key */ - (r = sshbuf_get_u32(msg, NULL)) != 0 || - (r = sshbuf_get_bignum1(msg, NULL)) != 0 || - (r = sshbuf_get_bignum1(msg, NULL)) != 0 || - /* host key */ - (r = sshbuf_get_u32(msg, NULL)) != 0 || -- (r = sshbuf_get_bignum1(msg, rsa->rsa->e)) != 0 || -- (r = sshbuf_get_bignum1(msg, rsa->rsa->n)) != 0) { -+ (r = sshbuf_get_bignum1(msg, e)) != 0 || -+ (r = sshbuf_get_bignum1(msg, n)) != 0 || -+ RSA_set0_key(rsa->rsa, n, e, NULL) == 0) { - buf_err: -+ BN_free(n); -+ BN_free(e); - error("%s: buffer error: %s", __func__, ssh_err(r)); - sshbuf_reset(msg); - return NULL; -diff --git a/ssh-pkcs11-client.c b/ssh-pkcs11-client.c -index fac0167e..b82deecd 100644 ---- a/ssh-pkcs11-client.c -+++ b/ssh-pkcs11-client.c -@@ -143,12 +143,14 @@ pkcs11_rsa_private_encrypt(int flen, const u_char *from, u_char *to, RSA *rsa, - static int - wrap_key(RSA *rsa) - { -- static RSA_METHOD helper_rsa; -+ static RSA_METHOD *helper_rsa; - -- memcpy(&helper_rsa, RSA_get_default_method(), sizeof(helper_rsa)); -- helper_rsa.name = "ssh-pkcs11-helper"; -- helper_rsa.rsa_priv_enc = pkcs11_rsa_private_encrypt; -- RSA_set_method(rsa, &helper_rsa); -+ if (helper_rsa == NULL) { -+ helper_rsa = RSA_meth_dup(RSA_get_default_method()); -+ RSA_meth_set1_name(helper_rsa, "ssh-pkcs11-helper"); -+ RSA_meth_set_priv_enc(helper_rsa, pkcs11_rsa_private_encrypt); -+ } -+ RSA_set_method(rsa, helper_rsa); - return (0); - } - -diff --git a/ssh-pkcs11.c b/ssh-pkcs11.c -index aaf712d9..6cbd22e2 100644 ---- a/ssh-pkcs11.c -+++ b/ssh-pkcs11.c -@@ -67,7 +67,7 @@ struct pkcs11_key { - struct pkcs11_provider *provider; - CK_ULONG slotidx; - int (*orig_finish)(RSA *rsa); -- RSA_METHOD rsa_method; -+ RSA_METHOD *rsa_method; - char *keyid; - int keyid_len; - }; -@@ -326,13 +326,21 @@ pkcs11_rsa_wrap(struct pkcs11_provider *provider, CK_ULONG slotidx, - k11->keyid = xmalloc(k11->keyid_len); - memcpy(k11->keyid, keyid_attrib->pValue, k11->keyid_len); - } -- k11->orig_finish = def->finish; -- memcpy(&k11->rsa_method, def, sizeof(k11->rsa_method)); -- k11->rsa_method.name = "pkcs11"; -- k11->rsa_method.rsa_priv_enc = pkcs11_rsa_private_encrypt; -- k11->rsa_method.rsa_priv_dec = pkcs11_rsa_private_decrypt; -- k11->rsa_method.finish = pkcs11_rsa_finish; -- RSA_set_method(rsa, &k11->rsa_method); -+ k11->orig_finish = RSA_meth_get_finish(def); -+ if ((k11->rsa_method = RSA_meth_dup(def)) == NULL || -+ RSA_meth_set1_name(k11->rsa_method, "pkcs11") == 0 || -+ RSA_meth_set_priv_enc(k11->rsa_method, pkcs11_rsa_private_encrypt) == 0 || -+ RSA_meth_set_priv_dec(k11->rsa_method, pkcs11_rsa_private_decrypt) == 0 || -+ RSA_meth_set_finish(k11->rsa_method, pkcs11_rsa_finish) == 0) { -+ RSA_meth_free(k11->rsa_method); -+ k11->rsa_method = NULL; -+ pkcs11_provider_unref(k11->provider); -+ free(k11->keyid); -+ free(k11); -+ return (-1); -+ } -+ -+ RSA_set_method(rsa, k11->rsa_method); - RSA_set_app_data(rsa, k11); - return (0); - } -@@ -460,6 +468,7 @@ pkcs11_fetch_keys_filter(struct pkcs11_provider *p, CK_ULONG slotidx, - CK_ULONG nfound; - CK_SESSION_HANDLE session; - CK_FUNCTION_LIST *f; -+ const BIGNUM *n, *e; - - f = p->function_list; - session = p->slotinfo[slotidx].session; -@@ -512,10 +521,14 @@ pkcs11_fetch_keys_filter(struct pkcs11_provider *p, CK_ULONG slotidx, - if ((rsa = RSA_new()) == NULL) { - error("RSA_new failed"); - } else { -- rsa->n = BN_bin2bn(attribs[1].pValue, -+ BIGNUM *rsa_n, *rsa_e; -+ -+ rsa_n = BN_bin2bn(attribs[1].pValue, - attribs[1].ulValueLen, NULL); -- rsa->e = BN_bin2bn(attribs[2].pValue, -+ rsa_e = BN_bin2bn(attribs[2].pValue, - attribs[2].ulValueLen, NULL); -+ if (RSA_set0_key(rsa, rsa_n, rsa_e, NULL) == 0) -+ error("RSA_set0_key failed"); - } - } else { - cp = attribs[2].pValue; -@@ -525,17 +538,18 @@ pkcs11_fetch_keys_filter(struct pkcs11_provider *p, CK_ULONG slotidx, - == NULL) { - error("d2i_X509 failed"); - } else if ((evp = X509_get_pubkey(x509)) == NULL || -- evp->type != EVP_PKEY_RSA || -- evp->pkey.rsa == NULL) { -+ EVP_PKEY_id(evp) != EVP_PKEY_RSA || -+ EVP_PKEY_get0_RSA(evp) == NULL) { - debug("X509_get_pubkey failed or no rsa"); -- } else if ((rsa = RSAPublicKey_dup(evp->pkey.rsa)) -+ } else if ((rsa = RSAPublicKey_dup(EVP_PKEY_get0_RSA(evp))) - == NULL) { - error("RSAPublicKey_dup"); - } - if (x509) - X509_free(x509); - } -- if (rsa && rsa->n && rsa->e && -+ RSA_get0_key(rsa, &n, &e, NULL); -+ if (rsa && n && e && - pkcs11_rsa_wrap(p, slotidx, &attribs[0], rsa) == 0) { - key = sshkey_new(KEY_UNSPEC); - key->rsa = rsa; -diff --git a/ssh-rsa.c b/ssh-rsa.c -index cde05df1..efcda37c 100644 ---- a/ssh-rsa.c -+++ b/ssh-rsa.c -@@ -100,7 +100,7 @@ ssh_rsa_sign(const struct sshkey *key, u_char **sigp, size_t *lenp, - hash_alg = rsa_hash_alg_from_ident(alg_ident); - if (key == NULL || key->rsa == NULL || hash_alg == -1 || - sshkey_type_plain(key->type) != KEY_RSA || -- BN_num_bits(key->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) -+ RSA_bits(key->rsa) < SSH_RSA_MINIMUM_MODULUS_SIZE) - return SSH_ERR_INVALID_ARGUMENT; - slen = RSA_size(key->rsa); - if (slen <= 0 || slen > SSHBUF_MAX_BIGNUM) -@@ -172,7 +172,7 @@ ssh_rsa_verify(const struct sshkey *key, - - if (key == NULL || key->rsa == NULL || - sshkey_type_plain(key->type) != KEY_RSA || -- BN_num_bits(key->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE || -+ RSA_bits(key->rsa) < SSH_RSA_MINIMUM_MODULUS_SIZE || - sig == NULL || siglen == 0) - return SSH_ERR_INVALID_ARGUMENT; - -diff --git a/ssh.c b/ssh.c -index b65f35ac..14e2cdb9 100644 ---- a/ssh.c -+++ b/ssh.c -@@ -1231,6 +1231,7 @@ main(int ac, char **av) - free(cp); - } - free(conn_hash_hex); -+ free(host_arg); - - if (config_test) { - dump_client_config(&options, host); -diff --git a/sshconnect.c b/sshconnect.c -index d9ed5910..40a41158 100644 ---- a/sshconnect.c -+++ b/sshconnect.c -@@ -1370,6 +1370,7 @@ ssh_login(Sensitive *sensitive, const char *orighost, - char *server_user, *local_user; - - local_user = xstrdup(pw->pw_name); -+ free(pw); - server_user = options.user ? options.user : local_user; - - /* Convert the user-supplied hostname into all lowercase. */ -diff --git a/sshconnect1.c b/sshconnect1.c -index dc00b4cd..cf0b4ec9 100644 ---- a/sshconnect1.c -+++ b/sshconnect1.c -@@ -70,6 +70,7 @@ try_agent_authentication(void) - u_char response[16]; - size_t i; - BIGNUM *challenge; -+ const BIGNUM *n; - struct ssh_identitylist *idlist = NULL; - - /* Get connection to the agent. */ -@@ -96,8 +97,9 @@ try_agent_authentication(void) - idlist->comments[i]); - - /* Tell the server that we are willing to authenticate using this key. */ -+ RSA_get0_key(idlist->keys[i]->rsa, &n, NULL, NULL); - packet_start(SSH_CMSG_AUTH_RSA); -- packet_put_bignum(idlist->keys[i]->rsa->n); -+ packet_put_bignum((BIGNUM *)n); - packet_send(); - packet_write_wait(); - -@@ -220,6 +222,7 @@ static int - try_rsa_authentication(int idx) - { - BIGNUM *challenge; -+ const BIGNUM *n; - Key *public, *private; - char buf[300], *passphrase = NULL, *comment, *authfile; - int i, perm_ok = 1, type, quit; -@@ -231,8 +234,9 @@ try_rsa_authentication(int idx) - debug("Trying RSA authentication with key '%.100s'", comment); - - /* Tell the server that we are willing to authenticate using this key. */ -+ RSA_get0_key(public->rsa, &n, NULL, NULL); - packet_start(SSH_CMSG_AUTH_RSA); -- packet_put_bignum(public->rsa->n); -+ packet_put_bignum((BIGNUM *)n); - packet_send(); - packet_write_wait(); - -@@ -348,15 +352,17 @@ try_rhosts_rsa_authentication(const char *local_user, Key * host_key) - { - int type; - BIGNUM *challenge; -+ const BIGNUM *n, *e; - - debug("Trying rhosts or /etc/hosts.equiv with RSA host authentication."); - - /* Tell the server that we are willing to authenticate using this key. */ -+ RSA_get0_key(host_key->rsa, &n, &e, NULL); - packet_start(SSH_CMSG_AUTH_RHOSTS_RSA); - packet_put_cstring(local_user); -- packet_put_int(BN_num_bits(host_key->rsa->n)); -- packet_put_bignum(host_key->rsa->e); -- packet_put_bignum(host_key->rsa->n); -+ packet_put_int(BN_num_bits(n)); -+ packet_put_bignum((BIGNUM *)e); -+ packet_put_bignum((BIGNUM *)n); - packet_send(); - packet_write_wait(); - -@@ -502,6 +508,8 @@ ssh_kex(char *host, struct sockaddr *hostaddr) - { - int i; - BIGNUM *key; -+ BIGNUM *server_n = NULL, *server_e = NULL, -+ *host_n = NULL, *host_e = NULL; - Key *host_key, *server_key; - int bits, rbits; - int ssh_cipher_default = SSH_CIPHER_3DES; -@@ -523,10 +531,14 @@ ssh_kex(char *host, struct sockaddr *hostaddr) - if ((server_key = key_new(KEY_RSA1)) == NULL) - fatal("%s: key_new(KEY_RSA1) failed", __func__); - bits = packet_get_int(); -- packet_get_bignum(server_key->rsa->e); -- packet_get_bignum(server_key->rsa->n); -- -- rbits = BN_num_bits(server_key->rsa->n); -+ if ((server_e = BN_new()) == NULL || -+ (server_n = BN_new()) == NULL) -+ fatal("BN_new() failed"); -+ packet_get_bignum(server_e); -+ packet_get_bignum(server_n); -+ RSA_set0_key(server_key->rsa, server_n, server_e, NULL); -+ -+ rbits = BN_num_bits(server_n); - if (bits != rbits) { - logit("Warning: Server lies about size of server public key: " - "actual size is %d bits vs. announced %d.", rbits, bits); -@@ -536,10 +548,14 @@ ssh_kex(char *host, struct sockaddr *hostaddr) - if ((host_key = key_new(KEY_RSA1)) == NULL) - fatal("%s: key_new(KEY_RSA1) failed", __func__); - bits = packet_get_int(); -- packet_get_bignum(host_key->rsa->e); -- packet_get_bignum(host_key->rsa->n); -- -- rbits = BN_num_bits(host_key->rsa->n); -+ if ((host_e = BN_new()) == NULL || -+ (host_n = BN_new()) == NULL) -+ fatal("BN_new() failed"); -+ packet_get_bignum(host_e); -+ packet_get_bignum(host_n); -+ RSA_set0_key(host_key->rsa, host_n, host_e, NULL); -+ -+ rbits = BN_num_bits(host_n); - if (bits != rbits) { - logit("Warning: Server lies about size of server host key: " - "actual size is %d bits vs. announced %d.", rbits, bits); -@@ -555,14 +571,14 @@ ssh_kex(char *host, struct sockaddr *hostaddr) - packet_check_eom(); - - debug("Received server public key (%d bits) and host key (%d bits).", -- BN_num_bits(server_key->rsa->n), BN_num_bits(host_key->rsa->n)); -+ BN_num_bits(server_n), BN_num_bits(host_n)); - - if (verify_host_key(host, hostaddr, host_key) == -1) - fatal("Host key verification failed."); - - client_flags = SSH_PROTOFLAG_SCREEN_NUMBER | SSH_PROTOFLAG_HOST_IN_FWD_OPEN; - -- derive_ssh1_session_id(host_key->rsa->n, server_key->rsa->n, cookie, session_id); -+ derive_ssh1_session_id(host_n, server_n, cookie, session_id); - - /* - * Generate an encryption key for the session. The key is a 256 bit -@@ -597,14 +613,14 @@ ssh_kex(char *host, struct sockaddr *hostaddr) - * Encrypt the integer using the public key and host key of the - * server (key with smaller modulus first). - */ -- if (BN_cmp(server_key->rsa->n, host_key->rsa->n) < 0) { -+ if (BN_cmp(server_n, host_n) < 0) { - /* Public key has smaller modulus. */ -- if (BN_num_bits(host_key->rsa->n) < -- BN_num_bits(server_key->rsa->n) + SSH_KEY_BITS_RESERVED) { -+ if (BN_num_bits(host_n) < -+ BN_num_bits(server_n) + SSH_KEY_BITS_RESERVED) { - fatal("respond_to_rsa_challenge: host_key %d < server_key %d + " - "SSH_KEY_BITS_RESERVED %d", -- BN_num_bits(host_key->rsa->n), -- BN_num_bits(server_key->rsa->n), -+ BN_num_bits(host_n), -+ BN_num_bits(server_n), - SSH_KEY_BITS_RESERVED); - } - if (rsa_public_encrypt(key, key, server_key->rsa) != 0 || -@@ -612,12 +628,12 @@ ssh_kex(char *host, struct sockaddr *hostaddr) - fatal("%s: rsa_public_encrypt failed", __func__); - } else { - /* Host key has smaller modulus (or they are equal). */ -- if (BN_num_bits(server_key->rsa->n) < -- BN_num_bits(host_key->rsa->n) + SSH_KEY_BITS_RESERVED) { -+ if (BN_num_bits(server_n) < -+ BN_num_bits(host_n) + SSH_KEY_BITS_RESERVED) { - fatal("respond_to_rsa_challenge: server_key %d < host_key %d + " - "SSH_KEY_BITS_RESERVED %d", -- BN_num_bits(server_key->rsa->n), -- BN_num_bits(host_key->rsa->n), -+ BN_num_bits(server_n), -+ BN_num_bits(host_n), - SSH_KEY_BITS_RESERVED); - } - if (rsa_public_encrypt(key, key, host_key->rsa) != 0 || -diff --git a/sshconnect2.c b/sshconnect2.c -index f8a54bee..b96ff057 100644 ---- a/sshconnect2.c -+++ b/sshconnect2.c -@@ -235,6 +235,7 @@ ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port) - packet_send(); - packet_write_wait(); - #endif -+ /* XXX free myproposal ?? */ - } - - /* -diff --git a/sshkey.c b/sshkey.c -index 53a7674b..b434daa0 100644 ---- a/sshkey.c -+++ b/sshkey.c -@@ -275,10 +275,10 @@ sshkey_size(const struct sshkey *k) - case KEY_RSA1: - case KEY_RSA: - case KEY_RSA_CERT: -- return BN_num_bits(k->rsa->n); -+ return RSA_bits(k->rsa); - case KEY_DSA: - case KEY_DSA_CERT: -- return BN_num_bits(k->dsa->p); -+ return DSA_bits(k->dsa); - case KEY_ECDSA: - case KEY_ECDSA_CERT: - return sshkey_curve_nid_to_bits(k->ecdsa_nid); -@@ -478,11 +478,7 @@ sshkey_new(int type) - case KEY_RSA1: - case KEY_RSA: - case KEY_RSA_CERT: -- if ((rsa = RSA_new()) == NULL || -- (rsa->n = BN_new()) == NULL || -- (rsa->e = BN_new()) == NULL) { -- if (rsa != NULL) -- RSA_free(rsa); -+ if ((rsa = RSA_new()) == NULL) { - free(k); - return NULL; - } -@@ -490,13 +486,7 @@ sshkey_new(int type) - break; - case KEY_DSA: - case KEY_DSA_CERT: -- if ((dsa = DSA_new()) == NULL || -- (dsa->p = BN_new()) == NULL || -- (dsa->q = BN_new()) == NULL || -- (dsa->g = BN_new()) == NULL || -- (dsa->pub_key = BN_new()) == NULL) { -- if (dsa != NULL) -- DSA_free(dsa); -+ if ((dsa = DSA_new()) == NULL) { - free(k); - return NULL; - } -@@ -536,21 +526,10 @@ sshkey_add_private(struct sshkey *k) - case KEY_RSA1: - case KEY_RSA: - case KEY_RSA_CERT: --#define bn_maybe_alloc_failed(p) (p == NULL && (p = BN_new()) == NULL) -- if (bn_maybe_alloc_failed(k->rsa->d) || -- bn_maybe_alloc_failed(k->rsa->iqmp) || -- bn_maybe_alloc_failed(k->rsa->q) || -- bn_maybe_alloc_failed(k->rsa->p) || -- bn_maybe_alloc_failed(k->rsa->dmq1) || -- bn_maybe_alloc_failed(k->rsa->dmp1)) -- return SSH_ERR_ALLOC_FAIL; - break; - case KEY_DSA: - case KEY_DSA_CERT: -- if (bn_maybe_alloc_failed(k->dsa->priv_key)) -- return SSH_ERR_ALLOC_FAIL; - break; --#undef bn_maybe_alloc_failed - case KEY_ECDSA: - case KEY_ECDSA_CERT: - /* Cannot do anything until we know the group */ -@@ -669,17 +648,31 @@ sshkey_equal_public(const struct sshkey *a, const struct sshkey *b) - #ifdef WITH_OPENSSL - case KEY_RSA1: - case KEY_RSA_CERT: -- case KEY_RSA: -- return a->rsa != NULL && b->rsa != NULL && -- BN_cmp(a->rsa->e, b->rsa->e) == 0 && -- BN_cmp(a->rsa->n, b->rsa->n) == 0; -+ case KEY_RSA: { -+ const BIGNUM *a_e, *a_n, *b_e, *b_n; -+ -+ if (a->rsa == NULL || b->rsa == NULL) -+ return 0; -+ RSA_get0_key(a->rsa, &a_n, &a_e, NULL); -+ RSA_get0_key(b->rsa, &b_n, &b_e, NULL); -+ return BN_cmp(a_e, b_e) == 0 && BN_cmp(a_n, b_n) == 0; -+ } - case KEY_DSA_CERT: -- case KEY_DSA: -- return a->dsa != NULL && b->dsa != NULL && -- BN_cmp(a->dsa->p, b->dsa->p) == 0 && -- BN_cmp(a->dsa->q, b->dsa->q) == 0 && -- BN_cmp(a->dsa->g, b->dsa->g) == 0 && -- BN_cmp(a->dsa->pub_key, b->dsa->pub_key) == 0; -+ case KEY_DSA: { -+ const BIGNUM *a_p, *a_q, *a_g, *a_pub_key; -+ const BIGNUM *b_p, *b_q, *b_g, *b_pub_key; -+ -+ if (a->dsa == NULL || b->dsa == NULL) -+ return 0; -+ DSA_get0_pqg(a->dsa, &a_p, &a_q, &a_g); -+ DSA_get0_key(a->dsa, &a_pub_key, NULL); -+ DSA_get0_pqg(b->dsa, &b_p, &b_q, &b_g); -+ DSA_get0_key(b->dsa, &b_pub_key, NULL); -+ return BN_cmp(a_p, b_p) == 0 && -+ BN_cmp(a_q, b_q) == 0 && -+ BN_cmp(a_g, b_g) == 0 && -+ BN_cmp(a_pub_key, b_pub_key) == 0; -+ } - # ifdef OPENSSL_HAS_ECC - case KEY_ECDSA_CERT: - case KEY_ECDSA: -@@ -754,15 +747,21 @@ to_blob_buf(const struct sshkey *key, struct sshbuf *b, int force_plain) - return ret; - break; - #ifdef WITH_OPENSSL -- case KEY_DSA: -- if (key->dsa == NULL) -- return SSH_ERR_INVALID_ARGUMENT; -- if ((ret = sshbuf_put_cstring(b, typename)) != 0 || -- (ret = sshbuf_put_bignum2(b, key->dsa->p)) != 0 || -- (ret = sshbuf_put_bignum2(b, key->dsa->q)) != 0 || -- (ret = sshbuf_put_bignum2(b, key->dsa->g)) != 0 || -- (ret = sshbuf_put_bignum2(b, key->dsa->pub_key)) != 0) -- return ret; -+ case KEY_DSA: { -+ const BIGNUM *p, *q, *g, *pub_key; -+ -+ if (key->dsa == NULL) -+ return SSH_ERR_INVALID_ARGUMENT; -+ -+ DSA_get0_pqg(key->dsa, &p, &q, &g); -+ DSA_get0_key(key->dsa, &pub_key, NULL); -+ if ((ret = sshbuf_put_cstring(b, typename)) != 0 || -+ (ret = sshbuf_put_bignum2(b, p)) != 0 || -+ (ret = sshbuf_put_bignum2(b, q)) != 0 || -+ (ret = sshbuf_put_bignum2(b, g)) != 0 || -+ (ret = sshbuf_put_bignum2(b, pub_key)) != 0) -+ return ret; -+ } - break; - # ifdef OPENSSL_HAS_ECC - case KEY_ECDSA: -@@ -775,13 +774,18 @@ to_blob_buf(const struct sshkey *key, struct sshbuf *b, int force_plain) - return ret; - break; - # endif -- case KEY_RSA: -- if (key->rsa == NULL) -- return SSH_ERR_INVALID_ARGUMENT; -- if ((ret = sshbuf_put_cstring(b, typename)) != 0 || -- (ret = sshbuf_put_bignum2(b, key->rsa->e)) != 0 || -- (ret = sshbuf_put_bignum2(b, key->rsa->n)) != 0) -- return ret; -+ case KEY_RSA: { -+ const BIGNUM *e, *n; -+ -+ if (key->rsa == NULL) -+ return SSH_ERR_INVALID_ARGUMENT; -+ -+ RSA_get0_key(key->rsa, &n, &e, NULL); -+ if ((ret = sshbuf_put_cstring(b, typename)) != 0 || -+ (ret = sshbuf_put_bignum2(b, e)) != 0 || -+ (ret = sshbuf_put_bignum2(b, n)) != 0) -+ return ret; -+ } - break; - #endif /* WITH_OPENSSL */ - case KEY_ED25519: -@@ -887,8 +891,13 @@ sshkey_fingerprint_raw(const struct sshkey *k, int dgst_alg, - - if (k->type == KEY_RSA1) { - #ifdef WITH_OPENSSL -- int nlen = BN_num_bytes(k->rsa->n); -- int elen = BN_num_bytes(k->rsa->e); -+ const BIGNUM *n, *e; -+ int nlen, elen; -+ -+ RSA_get0_key(k->rsa, &n, &e, NULL); -+ -+ nlen = BN_num_bytes(n); -+ elen = BN_num_bytes(e); - - if (nlen < 0 || elen < 0 || nlen >= INT_MAX - elen) { - r = SSH_ERR_INVALID_FORMAT; -@@ -899,8 +908,8 @@ sshkey_fingerprint_raw(const struct sshkey *k, int dgst_alg, - r = SSH_ERR_ALLOC_FAIL; - goto out; - } -- BN_bn2bin(k->rsa->n, blob); -- BN_bn2bin(k->rsa->e, blob + nlen); -+ BN_bn2bin(n, blob); -+ BN_bn2bin(e, blob + nlen); - #endif /* WITH_OPENSSL */ - } else if ((r = to_blob(k, &blob, &blob_len, 1)) != 0) - goto out; -@@ -1239,6 +1248,7 @@ sshkey_read(struct sshkey *ret, char **cpp) - struct sshbuf *blob; - #ifdef WITH_SSH1 - u_long bits; -+ BIGNUM *e = NULL, *n = NULL; - #endif /* WITH_SSH1 */ - - if (ret == NULL) -@@ -1255,12 +1265,21 @@ sshkey_read(struct sshkey *ret, char **cpp) - bits == 0 || bits > SSHBUF_MAX_BIGNUM * 8) - return SSH_ERR_INVALID_FORMAT; /* Bad bit count... */ - /* Get public exponent, public modulus. */ -- if ((r = read_decimal_bignum(&ep, ret->rsa->e)) < 0) -+ if ((e = BN_new()) == NULL || (n = BN_new()) == NULL) { -+ BN_free(e); -+ return SSH_ERR_ALLOC_FAIL; -+ } -+ if ((r = read_decimal_bignum(&ep, e)) < 0) - return r; -- if ((r = read_decimal_bignum(&ep, ret->rsa->n)) < 0) -+ if ((r = read_decimal_bignum(&ep, n)) < 0) - return r; -+ if (RSA_set0_key(ret->rsa, n, e, NULL) == 0) { -+ BN_free(e); -+ BN_free(n); -+ return -1; -+ } - /* validate the claimed number of bits */ -- if (BN_num_bits(ret->rsa->n) != (int)bits) -+ if (BN_num_bits(n) != (int)bits) - return SSH_ERR_KEY_BITS_MISMATCH; - *cpp = ep; - retval = 0; -@@ -1425,19 +1444,20 @@ sshkey_format_rsa1(const struct sshkey *key, struct sshbuf *b) - #ifdef WITH_SSH1 - u_int bits = 0; - char *dec_e = NULL, *dec_n = NULL; -+ const BIGNUM *e, *n; - -- if (key->rsa == NULL || key->rsa->e == NULL || -- key->rsa->n == NULL) { -+ RSA_get0_key(key->rsa, &n, &e, NULL); -+ if (key->rsa == NULL || e == NULL || n == NULL) { - r = SSH_ERR_INVALID_ARGUMENT; - goto out; - } -- if ((dec_e = BN_bn2dec(key->rsa->e)) == NULL || -- (dec_n = BN_bn2dec(key->rsa->n)) == NULL) { -+ if ((dec_e = BN_bn2dec(e)) == NULL || -+ (dec_n = BN_bn2dec(n)) == NULL) { - r = SSH_ERR_ALLOC_FAIL; - goto out; - } - /* size of modulus 'n' */ -- if ((bits = BN_num_bits(key->rsa->n)) <= 0) { -+ if ((bits = BN_num_bits(n)) <= 0) { - r = SSH_ERR_INVALID_ARGUMENT; - goto out; - } -@@ -1769,15 +1789,32 @@ sshkey_from_private(const struct sshkey *k, struct sshkey **pkp) - switch (k->type) { - #ifdef WITH_OPENSSL - case KEY_DSA: -- case KEY_DSA_CERT: -- if ((n = sshkey_new(k->type)) == NULL) -- return SSH_ERR_ALLOC_FAIL; -- if ((BN_copy(n->dsa->p, k->dsa->p) == NULL) || -- (BN_copy(n->dsa->q, k->dsa->q) == NULL) || -- (BN_copy(n->dsa->g, k->dsa->g) == NULL) || -- (BN_copy(n->dsa->pub_key, k->dsa->pub_key) == NULL)) { -- sshkey_free(n); -- return SSH_ERR_ALLOC_FAIL; -+ case KEY_DSA_CERT: { -+ const BIGNUM *k_p, *k_q, *k_g, *k_pub_key; -+ BIGNUM *n_p = NULL, *n_q = NULL, *n_g = NULL, *n_pub_key = NULL; -+ -+ if ((n = sshkey_new(k->type)) == NULL) -+ return SSH_ERR_ALLOC_FAIL; -+ -+ DSA_get0_pqg(k->dsa, &k_p, &k_q, &k_g); -+ DSA_get0_key(k->dsa, &k_pub_key, NULL); -+ -+ if (((n_p = BN_dup(k_p)) == NULL) || -+ ((n_q = BN_dup(k_q)) == NULL) || -+ ((n_g = BN_dup(k_g)) == NULL) || -+ (DSA_set0_pqg(n->dsa, n_p, n_q, n_g) == 0)) { -+ sshkey_free(n); -+ BN_free(n_p); -+ BN_free(n_q); -+ BN_free(n_g); -+ return SSH_ERR_ALLOC_FAIL; -+ } -+ if (((n_pub_key = BN_dup(k_pub_key)) == NULL) || -+ (DSA_set0_key(n->dsa, n_pub_key, NULL) == 0)) { -+ sshkey_free(n); -+ BN_free(n_pub_key); -+ return SSH_ERR_ALLOC_FAIL; -+ } - } - break; - # ifdef OPENSSL_HAS_ECC -@@ -1800,13 +1837,22 @@ sshkey_from_private(const struct sshkey *k, struct sshkey **pkp) - # endif /* OPENSSL_HAS_ECC */ - case KEY_RSA: - case KEY_RSA1: -- case KEY_RSA_CERT: -- if ((n = sshkey_new(k->type)) == NULL) -- return SSH_ERR_ALLOC_FAIL; -- if ((BN_copy(n->rsa->n, k->rsa->n) == NULL) || -- (BN_copy(n->rsa->e, k->rsa->e) == NULL)) { -- sshkey_free(n); -- return SSH_ERR_ALLOC_FAIL; -+ case KEY_RSA_CERT: { -+ const BIGNUM *k_n, *k_e; -+ BIGNUM *n_n = NULL, *n_e = NULL; -+ -+ if ((n = sshkey_new(k->type)) == NULL) -+ return SSH_ERR_ALLOC_FAIL; -+ -+ RSA_get0_key(k->rsa, &k_n, &k_e, NULL); -+ if (((n_n = BN_dup(k_n)) == NULL) || -+ ((n_e = BN_dup(k_e)) == NULL) || -+ RSA_set0_key(n->rsa, n_n, n_e, NULL) == 0) { -+ sshkey_free(n); -+ BN_free(n_n); -+ BN_free(n_e); -+ return SSH_ERR_ALLOC_FAIL; -+ } - } - break; - #endif /* WITH_OPENSSL */ -@@ -2004,10 +2050,20 @@ sshkey_from_blob_internal(struct sshbuf *b, struct sshkey **keyp, - ret = SSH_ERR_ALLOC_FAIL; - goto out; - } -- if (sshbuf_get_bignum2(b, key->rsa->e) != 0 || -- sshbuf_get_bignum2(b, key->rsa->n) != 0) { -- ret = SSH_ERR_INVALID_FORMAT; -- goto out; -+ { -+ BIGNUM *e, *n; -+ -+ e = BN_new(); -+ n = BN_new(); -+ if (e == NULL || n == NULL || -+ sshbuf_get_bignum2(b, e) != 0 || -+ sshbuf_get_bignum2(b, n) != 0 || -+ RSA_set0_key(key->rsa, n, e, NULL) == 0) { -+ BN_free(e); -+ BN_free(n); -+ ret = SSH_ERR_ALLOC_FAIL; -+ goto out; -+ } - } - #ifdef DEBUG_PK - RSA_print_fp(stderr, key->rsa, 8); -@@ -2025,12 +2081,34 @@ sshkey_from_blob_internal(struct sshbuf *b, struct sshkey **keyp, - ret = SSH_ERR_ALLOC_FAIL; - goto out; - } -- if (sshbuf_get_bignum2(b, key->dsa->p) != 0 || -- sshbuf_get_bignum2(b, key->dsa->q) != 0 || -- sshbuf_get_bignum2(b, key->dsa->g) != 0 || -- sshbuf_get_bignum2(b, key->dsa->pub_key) != 0) { -- ret = SSH_ERR_INVALID_FORMAT; -- goto out; -+ { -+ BIGNUM *p, *q, *g, *pub_key; -+ -+ p = BN_new(); -+ q = BN_new(); -+ g = BN_new(); -+ pub_key = BN_new(); -+ -+ if (p == NULL || q == NULL || g == NULL || -+ pub_key == NULL || -+ sshbuf_get_bignum2(b, p) != 0 || -+ sshbuf_get_bignum2(b, q) != 0 || -+ sshbuf_get_bignum2(b, g) != 0 || -+ sshbuf_get_bignum2(b, pub_key) != 0 || -+ DSA_set0_pqg(key->dsa, p, q, g) == 0) { -+ BN_free(p); -+ BN_free(q); -+ BN_free(g); -+ BN_free(pub_key); -+ ret = SSH_ERR_ALLOC_FAIL; -+ goto out; -+ } -+ -+ if (DSA_set0_key(key->dsa, pub_key, NULL) == 0) { -+ BN_free(pub_key); -+ ret = SSH_ERR_LIBCRYPTO_ERROR; -+ goto out; -+ } - } - #ifdef DEBUG_PK - DSA_print_fp(stderr, key->dsa, 8); -@@ -2270,26 +2348,53 @@ sshkey_demote(const struct sshkey *k, struct sshkey **dkp) - goto fail; - /* FALLTHROUGH */ - case KEY_RSA1: -- case KEY_RSA: -- if ((pk->rsa = RSA_new()) == NULL || -- (pk->rsa->e = BN_dup(k->rsa->e)) == NULL || -- (pk->rsa->n = BN_dup(k->rsa->n)) == NULL) { -- ret = SSH_ERR_ALLOC_FAIL; -- goto fail; -+ case KEY_RSA: { -+ const BIGNUM *k_e, *k_n; -+ BIGNUM *pk_e = NULL, *pk_n = NULL; -+ -+ RSA_get0_key(k->rsa, &k_n, &k_e, NULL); -+ if ((pk->rsa = RSA_new()) == NULL || -+ (pk_e = BN_dup(k_e)) == NULL || -+ (pk_n = BN_dup(k_n)) == NULL || -+ RSA_set0_key(pk->rsa, pk_n, pk_e, NULL) == 0) { -+ BN_free(pk_e); -+ BN_free(pk_n); -+ ret = SSH_ERR_ALLOC_FAIL; -+ goto fail; - } -+ } - break; - case KEY_DSA_CERT: - if ((ret = sshkey_cert_copy(k, pk)) != 0) - goto fail; - /* FALLTHROUGH */ -- case KEY_DSA: -- if ((pk->dsa = DSA_new()) == NULL || -- (pk->dsa->p = BN_dup(k->dsa->p)) == NULL || -- (pk->dsa->q = BN_dup(k->dsa->q)) == NULL || -- (pk->dsa->g = BN_dup(k->dsa->g)) == NULL || -- (pk->dsa->pub_key = BN_dup(k->dsa->pub_key)) == NULL) { -- ret = SSH_ERR_ALLOC_FAIL; -- goto fail; -+ case KEY_DSA: { -+ const BIGNUM *k_p, *k_q, *k_g, *k_pub_key; -+ BIGNUM *pk_p = NULL, *pk_q = NULL, *pk_g = NULL; -+ BIGNUM *pk_pub_key = NULL; -+ -+ DSA_get0_pqg(k->dsa, &k_p, &k_q, &k_g); -+ DSA_get0_key(k->dsa, &k_pub_key, NULL); -+ -+ if ((pk->dsa = DSA_new()) == NULL || -+ (pk_p = BN_dup(k_p)) == NULL || -+ (pk_q = BN_dup(k_q)) == NULL || -+ (pk_g = BN_dup(k_g)) == NULL || -+ (pk_pub_key = BN_dup(k_pub_key)) == NULL || -+ DSA_set0_pqg(pk->dsa, pk_p, pk_q, pk_g) == 0) { -+ BN_free(pk_p); -+ BN_free(pk_q); -+ BN_free(pk_g); -+ BN_free(pk_pub_key); -+ ret = SSH_ERR_ALLOC_FAIL; -+ goto fail; -+ } -+ -+ if (DSA_set0_key(pk->dsa, pk_pub_key, NULL) == 0) { -+ BN_free(pk_pub_key); -+ ret = SSH_ERR_LIBCRYPTO_ERROR; -+ goto fail; -+ } - } - break; - case KEY_ECDSA_CERT: -@@ -2410,12 +2515,17 @@ sshkey_certify(struct sshkey *k, struct sshkey *ca, const char *alg) - /* XXX this substantially duplicates to_blob(); refactor */ - switch (k->type) { - #ifdef WITH_OPENSSL -- case KEY_DSA_CERT: -- if ((ret = sshbuf_put_bignum2(cert, k->dsa->p)) != 0 || -- (ret = sshbuf_put_bignum2(cert, k->dsa->q)) != 0 || -- (ret = sshbuf_put_bignum2(cert, k->dsa->g)) != 0 || -- (ret = sshbuf_put_bignum2(cert, k->dsa->pub_key)) != 0) -- goto out; -+ case KEY_DSA_CERT: { -+ const BIGNUM *p, *q, *g, *pub_key; -+ -+ DSA_get0_pqg(k->dsa, &p, &q, &g); -+ DSA_get0_key(k->dsa, &pub_key, NULL); -+ if ((ret = sshbuf_put_bignum2(cert, p)) != 0 || -+ (ret = sshbuf_put_bignum2(cert, q)) != 0 || -+ (ret = sshbuf_put_bignum2(cert, g)) != 0 || -+ (ret = sshbuf_put_bignum2(cert, pub_key)) != 0) -+ goto out; -+ } - break; - # ifdef OPENSSL_HAS_ECC - case KEY_ECDSA_CERT: -@@ -2427,10 +2537,15 @@ sshkey_certify(struct sshkey *k, struct sshkey *ca, const char *alg) - goto out; - break; - # endif /* OPENSSL_HAS_ECC */ -- case KEY_RSA_CERT: -- if ((ret = sshbuf_put_bignum2(cert, k->rsa->e)) != 0 || -- (ret = sshbuf_put_bignum2(cert, k->rsa->n)) != 0) -- goto out; -+ case KEY_RSA_CERT: { -+ const BIGNUM *e, *n; -+ -+ RSA_get0_key(k->rsa, &n, &e, NULL); -+ if (e == NULL || n == NULL || -+ (ret = sshbuf_put_bignum2(cert, e)) != 0 || -+ (ret = sshbuf_put_bignum2(cert, n)) != 0) -+ goto out; -+ } - break; - #endif /* WITH_OPENSSL */ - case KEY_ED25519_CERT: -@@ -2587,43 +2702,65 @@ sshkey_private_serialize(const struct sshkey *key, struct sshbuf *b) - goto out; - switch (key->type) { - #ifdef WITH_OPENSSL -- case KEY_RSA: -- if ((r = sshbuf_put_bignum2(b, key->rsa->n)) != 0 || -- (r = sshbuf_put_bignum2(b, key->rsa->e)) != 0 || -- (r = sshbuf_put_bignum2(b, key->rsa->d)) != 0 || -- (r = sshbuf_put_bignum2(b, key->rsa->iqmp)) != 0 || -- (r = sshbuf_put_bignum2(b, key->rsa->p)) != 0 || -- (r = sshbuf_put_bignum2(b, key->rsa->q)) != 0) -- goto out; -+ case KEY_RSA: { -+ const BIGNUM *n, *e, *d, *iqmp, *p, *q; -+ RSA_get0_key(key->rsa, &n, &e, &d); -+ RSA_get0_crt_params(key->rsa, NULL, NULL, &iqmp); -+ RSA_get0_factors(key->rsa, &p, &q); -+ if ((r = sshbuf_put_bignum2(b, n)) != 0 || -+ (r = sshbuf_put_bignum2(b, e)) != 0 || -+ (r = sshbuf_put_bignum2(b, d)) != 0 || -+ (r = sshbuf_put_bignum2(b, iqmp)) != 0 || -+ (r = sshbuf_put_bignum2(b, p)) != 0 || -+ (r = sshbuf_put_bignum2(b, q)) != 0) -+ goto out; -+ } - break; - case KEY_RSA_CERT: - if (key->cert == NULL || sshbuf_len(key->cert->certblob) == 0) { - r = SSH_ERR_INVALID_ARGUMENT; - goto out; - } -- if ((r = sshbuf_put_stringb(b, key->cert->certblob)) != 0 || -- (r = sshbuf_put_bignum2(b, key->rsa->d)) != 0 || -- (r = sshbuf_put_bignum2(b, key->rsa->iqmp)) != 0 || -- (r = sshbuf_put_bignum2(b, key->rsa->p)) != 0 || -- (r = sshbuf_put_bignum2(b, key->rsa->q)) != 0) -- goto out; -+ { -+ const BIGNUM *d, *iqmp, *p, *q; -+ -+ RSA_get0_key(key->rsa, NULL, NULL, &d); -+ RSA_get0_factors(key->rsa, &p, &q); -+ RSA_get0_crt_params(key->rsa, NULL, NULL, &iqmp); -+ if ((r = sshbuf_put_stringb(b, key->cert->certblob)) != 0 || -+ (r = sshbuf_put_bignum2(b, d)) != 0 || -+ (r = sshbuf_put_bignum2(b, iqmp)) != 0 || -+ (r = sshbuf_put_bignum2(b, p)) != 0 || -+ (r = sshbuf_put_bignum2(b, q)) != 0) -+ goto out; -+ } - break; -- case KEY_DSA: -- if ((r = sshbuf_put_bignum2(b, key->dsa->p)) != 0 || -- (r = sshbuf_put_bignum2(b, key->dsa->q)) != 0 || -- (r = sshbuf_put_bignum2(b, key->dsa->g)) != 0 || -- (r = sshbuf_put_bignum2(b, key->dsa->pub_key)) != 0 || -- (r = sshbuf_put_bignum2(b, key->dsa->priv_key)) != 0) -- goto out; -+ case KEY_DSA: { -+ const BIGNUM *p, *q, *g, *pub_key, *priv_key; -+ -+ DSA_get0_pqg(key->dsa, &p, &q, &g); -+ DSA_get0_key(key->dsa, &pub_key, &priv_key); -+ if ((r = sshbuf_put_bignum2(b, p)) != 0 || -+ (r = sshbuf_put_bignum2(b, q)) != 0 || -+ (r = sshbuf_put_bignum2(b, g)) != 0 || -+ (r = sshbuf_put_bignum2(b, pub_key)) != 0 || -+ (r = sshbuf_put_bignum2(b, priv_key)) != 0) -+ goto out; -+ } - break; - case KEY_DSA_CERT: - if (key->cert == NULL || sshbuf_len(key->cert->certblob) == 0) { - r = SSH_ERR_INVALID_ARGUMENT; - goto out; - } -- if ((r = sshbuf_put_stringb(b, key->cert->certblob)) != 0 || -- (r = sshbuf_put_bignum2(b, key->dsa->priv_key)) != 0) -- goto out; -+ { -+ const BIGNUM *priv_key; -+ -+ DSA_get0_key(key->dsa, NULL, &priv_key); -+ if ((r = sshbuf_put_stringb(b, key->cert->certblob)) != 0 || -+ (r = sshbuf_put_bignum2(b, priv_key)) != 0) -+ goto out; -+ } - break; - # ifdef OPENSSL_HAS_ECC - case KEY_ECDSA: -@@ -2699,18 +2836,51 @@ sshkey_private_deserialize(struct sshbuf *buf, struct sshkey **kp) - r = SSH_ERR_ALLOC_FAIL; - goto out; - } -- if ((r = sshbuf_get_bignum2(buf, k->dsa->p)) != 0 || -- (r = sshbuf_get_bignum2(buf, k->dsa->q)) != 0 || -- (r = sshbuf_get_bignum2(buf, k->dsa->g)) != 0 || -- (r = sshbuf_get_bignum2(buf, k->dsa->pub_key)) != 0 || -- (r = sshbuf_get_bignum2(buf, k->dsa->priv_key)) != 0) -- goto out; -+ { -+ BIGNUM *p, *q, *g, *pub_key, *priv_key; -+ -+ p = BN_new(); -+ q = BN_new(); -+ g = BN_new(); -+ pub_key = BN_new(); -+ priv_key = BN_new(); -+ if (p == NULL || q == NULL || g == NULL || -+ pub_key == NULL || priv_key == NULL || -+ (r = sshbuf_get_bignum2(buf, p)) != 0 || -+ (r = sshbuf_get_bignum2(buf, q)) != 0 || -+ (r = sshbuf_get_bignum2(buf, g)) != 0 || -+ (r = sshbuf_get_bignum2(buf, pub_key)) != 0 || -+ (r = sshbuf_get_bignum2(buf, priv_key)) != 0 || -+ (r = ((DSA_set0_pqg(k->dsa, p, q, g) == 0) -+ ? SSH_ERR_LIBCRYPTO_ERROR : 0)) != 0) { -+ BN_free(p); -+ BN_free(q); -+ BN_free(g); -+ BN_free(pub_key); -+ BN_free(priv_key); -+ goto out; -+ } -+ if (DSA_set0_key(k->dsa, pub_key, priv_key) == 0) { -+ r = SSH_ERR_LIBCRYPTO_ERROR; -+ BN_free(pub_key); -+ BN_free(priv_key); -+ goto out; -+ } -+ } - break; -- case KEY_DSA_CERT: -- if ((r = sshkey_froms(buf, &k)) != 0 || -- (r = sshkey_add_private(k)) != 0 || -- (r = sshbuf_get_bignum2(buf, k->dsa->priv_key)) != 0) -- goto out; -+ case KEY_DSA_CERT: { -+ BIGNUM *priv_key = BN_new(); -+ -+ if (priv_key == NULL || -+ (r = sshkey_froms(buf, &k)) != 0 || -+ (r = sshkey_add_private(k)) != 0 || -+ (r = sshbuf_get_bignum2(buf, priv_key)) != 0 || -+ (r = ((DSA_set0_key(k->dsa, NULL, priv_key) == 0) -+ ? SSH_ERR_LIBCRYPTO_ERROR : 0)) != 0) { -+ BN_free(priv_key); -+ goto out; -+ } -+ } - break; - # ifdef OPENSSL_HAS_ECC - case KEY_ECDSA: -@@ -2769,24 +2939,84 @@ sshkey_private_deserialize(struct sshbuf *buf, struct sshkey **kp) - r = SSH_ERR_ALLOC_FAIL; - goto out; - } -- if ((r = sshbuf_get_bignum2(buf, k->rsa->n)) != 0 || -- (r = sshbuf_get_bignum2(buf, k->rsa->e)) != 0 || -- (r = sshbuf_get_bignum2(buf, k->rsa->d)) != 0 || -- (r = sshbuf_get_bignum2(buf, k->rsa->iqmp)) != 0 || -- (r = sshbuf_get_bignum2(buf, k->rsa->p)) != 0 || -- (r = sshbuf_get_bignum2(buf, k->rsa->q)) != 0 || -- (r = rsa_generate_additional_parameters(k->rsa)) != 0) -- goto out; -+ { -+ BIGNUM *n, *e, *d, *iqmp, *p, *q; -+ -+ n = BN_new(); -+ e = BN_new(); -+ d = BN_new(); -+ iqmp = BN_new(); -+ p = BN_new(); -+ q = BN_new(); -+ -+ if (n == NULL || e == NULL || d == NULL || -+ iqmp == NULL || p == NULL || q == NULL || -+ (r = sshbuf_get_bignum2(buf, n)) != 0 || -+ (r = sshbuf_get_bignum2(buf, e)) != 0 || -+ (r = sshbuf_get_bignum2(buf, d)) != 0 || -+ (r = sshbuf_get_bignum2(buf, iqmp)) != 0 || -+ (r = sshbuf_get_bignum2(buf, p)) != 0 || -+ (r = sshbuf_get_bignum2(buf, q)) != 0 || -+ (r = ((RSA_set0_key(k->rsa, n, e, d) == 0) -+ ? SSH_ERR_LIBCRYPTO_ERROR : 0)) != 0) { -+ BN_free(n); -+ BN_free(e); -+ BN_free(d); -+ BN_free(iqmp); -+ BN_free(p); -+ BN_free(q); -+ goto out; -+ } -+ if (RSA_set0_factors(k->rsa, p, q) == 0) { -+ r = SSH_ERR_LIBCRYPTO_ERROR; -+ BN_free(iqmp); -+ BN_free(p); -+ BN_free(q); -+ goto out; -+ } -+ if ((r = rsa_generate_additional_parameters(k->rsa, iqmp)) != 0) { -+ BN_free(iqmp); -+ goto out; -+ } -+ } - break; -- case KEY_RSA_CERT: -- if ((r = sshkey_froms(buf, &k)) != 0 || -- (r = sshkey_add_private(k)) != 0 || -- (r = sshbuf_get_bignum2(buf, k->rsa->d)) != 0 || -- (r = sshbuf_get_bignum2(buf, k->rsa->iqmp)) != 0 || -- (r = sshbuf_get_bignum2(buf, k->rsa->p)) != 0 || -- (r = sshbuf_get_bignum2(buf, k->rsa->q)) != 0 || -- (r = rsa_generate_additional_parameters(k->rsa)) != 0) -- goto out; -+ case KEY_RSA_CERT: { -+ BIGNUM *d, *iqmp, *p, *q; -+ -+ /* N and E are already set so make sure we will not overwrite them */ -+ d = BN_new(); -+ iqmp = BN_new(); -+ p = BN_new(); -+ q = BN_new(); -+ -+ if (d == NULL || iqmp == NULL || p == NULL || -+ q == NULL || -+ (r = sshkey_froms(buf, &k)) != 0 || -+ (r = sshkey_add_private(k)) != 0 || -+ (r = sshbuf_get_bignum2(buf, d)) != 0 || -+ (r = sshbuf_get_bignum2(buf, iqmp)) != 0 || -+ (r = sshbuf_get_bignum2(buf, p)) != 0 || -+ (r = sshbuf_get_bignum2(buf, q)) != 0 || -+ (r = ((RSA_set0_key(k->rsa, NULL, NULL, d) == 0) -+ ? SSH_ERR_LIBCRYPTO_ERROR : 0)) != 0) { -+ BN_free(d); -+ BN_free(iqmp); -+ BN_free(p); -+ BN_free(q); -+ goto out; -+ } -+ if (RSA_set0_factors(k->rsa, p, q) == 0) { -+ r = SSH_ERR_LIBCRYPTO_ERROR; -+ BN_free(p); -+ BN_free(q); -+ goto out; -+ } -+ if (rsa_generate_additional_parameters(k->rsa, iqmp) != 0) { -+ r = SSH_ERR_LIBCRYPTO_ERROR; -+ free(iqmp); -+ goto out; -+ } -+ } - break; - #endif /* WITH_OPENSSL */ - case KEY_ED25519: -@@ -3421,6 +3651,7 @@ sshkey_private_rsa1_to_blob(struct sshkey *key, struct sshbuf *blob, - struct sshcipher_ctx *ciphercontext = NULL; - const struct sshcipher *cipher; - u_char *cp; -+ const BIGNUM *n, *e, *d, *q, *p, *iqmp; - - /* - * If the passphrase is empty, use SSH_CIPHER_NONE to ease converting -@@ -3447,10 +3678,13 @@ sshkey_private_rsa1_to_blob(struct sshkey *key, struct sshbuf *blob, - * format would just give known plaintext). - * Note: q and p are stored in reverse order to SSL. - */ -- if ((r = sshbuf_put_bignum1(buffer, key->rsa->d)) != 0 || -- (r = sshbuf_put_bignum1(buffer, key->rsa->iqmp)) != 0 || -- (r = sshbuf_put_bignum1(buffer, key->rsa->q)) != 0 || -- (r = sshbuf_put_bignum1(buffer, key->rsa->p)) != 0) -+ RSA_get0_key(key->rsa, &n, &e, &d); -+ RSA_get0_factors(key->rsa, &p, &q); -+ RSA_get0_crt_params(key->rsa, NULL, NULL, &iqmp); -+ if ((r = sshbuf_put_bignum1(buffer, d)) != 0 || -+ (r = sshbuf_put_bignum1(buffer, iqmp)) != 0 || -+ (r = sshbuf_put_bignum1(buffer, q)) != 0 || -+ (r = sshbuf_put_bignum1(buffer, p)) != 0) - goto out; - - /* Pad the part to be encrypted to a size that is a multiple of 8. */ -@@ -3475,9 +3709,9 @@ sshkey_private_rsa1_to_blob(struct sshkey *key, struct sshbuf *blob, - goto out; - - /* Store public key. This will be in plain text. */ -- if ((r = sshbuf_put_u32(encrypted, BN_num_bits(key->rsa->n))) != 0 || -- (r = sshbuf_put_bignum1(encrypted, key->rsa->n)) != 0 || -- (r = sshbuf_put_bignum1(encrypted, key->rsa->e)) != 0 || -+ if ((r = sshbuf_put_u32(encrypted, BN_num_bits(n))) != 0 || -+ (r = sshbuf_put_bignum1(encrypted, n)) != 0 || -+ (r = sshbuf_put_bignum1(encrypted, e)) != 0 || - (r = sshbuf_put_cstring(encrypted, comment)) != 0) - goto out; - -@@ -3604,6 +3838,7 @@ sshkey_parse_public_rsa1_fileblob(struct sshbuf *blob, - int r; - struct sshkey *pub = NULL; - struct sshbuf *copy = NULL; -+ BIGNUM *n = NULL, *e = NULL; - - if (keyp != NULL) - *keyp = NULL; -@@ -3633,10 +3868,16 @@ sshkey_parse_public_rsa1_fileblob(struct sshbuf *blob, - goto out; - - /* Read the public key from the buffer. */ -- if ((pub = sshkey_new(KEY_RSA1)) == NULL || -- (r = sshbuf_get_bignum1(copy, pub->rsa->n)) != 0 || -- (r = sshbuf_get_bignum1(copy, pub->rsa->e)) != 0) -+ if ((n = BN_new()) == NULL || -+ (e = BN_new()) == NULL || -+ (pub = sshkey_new(KEY_RSA1)) == NULL || -+ (r = sshbuf_get_bignum1(copy, n)) != 0 || -+ (r = sshbuf_get_bignum1(copy, e)) != 0 || -+ RSA_set0_key(pub->rsa, n, e, NULL) == 0) { -+ BN_free(n); -+ BN_free(e); - goto out; -+ } - - /* Finally, the comment */ - if ((r = sshbuf_get_string(copy, (u_char**)commentp, NULL)) != 0) -@@ -3668,6 +3909,8 @@ sshkey_parse_private_rsa1(struct sshbuf *blob, const char *passphrase, - struct sshcipher_ctx *ciphercontext = NULL; - const struct sshcipher *cipher; - struct sshkey *prv = NULL; -+ BIGNUM *n = NULL, *e = NULL, *d = NULL, *q = NULL, *p = NULL, -+ *iqmp = NULL; - - if (keyp != NULL) - *keyp = NULL; -@@ -3703,11 +3946,17 @@ sshkey_parse_private_rsa1(struct sshbuf *blob, const char *passphrase, - goto out; - - /* Read the public key and comment from the buffer. */ -- if ((r = sshbuf_get_u32(copy, NULL)) != 0 || /* key bits */ -- (r = sshbuf_get_bignum1(copy, prv->rsa->n)) != 0 || -- (r = sshbuf_get_bignum1(copy, prv->rsa->e)) != 0 || -- (r = sshbuf_get_cstring(copy, &comment, NULL)) != 0) -+ if ((n = BN_new()) == NULL || -+ (e = BN_new()) == NULL || -+ (r = sshbuf_get_u32(copy, NULL)) != 0 || /* key bits */ -+ (r = sshbuf_get_bignum1(copy, n)) != 0 || -+ (r = sshbuf_get_bignum1(copy, e)) != 0 || -+ (r = sshbuf_get_cstring(copy, &comment, NULL)) != 0 || -+ RSA_set0_key(prv->rsa, n, e, NULL) == 0) { -+ BN_free(n); -+ BN_free(e); - goto out; -+ } - - /* Check that it is a supported cipher. */ - cipher = cipher_by_number(cipher_type); -@@ -3736,15 +3985,33 @@ sshkey_parse_private_rsa1(struct sshbuf *blob, const char *passphrase, - } - - /* Read the rest of the private key. */ -- if ((r = sshbuf_get_bignum1(decrypted, prv->rsa->d)) != 0 || -- (r = sshbuf_get_bignum1(decrypted, prv->rsa->iqmp)) != 0 || -- (r = sshbuf_get_bignum1(decrypted, prv->rsa->q)) != 0 || -- (r = sshbuf_get_bignum1(decrypted, prv->rsa->p)) != 0) -+ if ((d = BN_new()) == NULL || -+ (p = BN_new()) == NULL || -+ (q = BN_new()) == NULL || -+ (iqmp = BN_new()) == NULL || -+ (r = sshbuf_get_bignum1(decrypted, d)) != 0 || -+ (r = sshbuf_get_bignum1(decrypted, iqmp)) != 0 || -+ (r = sshbuf_get_bignum1(decrypted, q)) != 0 || -+ (r = sshbuf_get_bignum1(decrypted, p)) != 0 || -+ (RSA_set0_key(prv->rsa, NULL, NULL, d) == 0)) { -+ BN_free(d); -+ BN_free(p); -+ BN_free(q); -+ BN_free(iqmp); - goto out; -+ } -+ if (RSA_set0_factors(prv->rsa, p, q) == 0) { -+ BN_free(p); -+ BN_free(q); -+ BN_free(iqmp); -+ goto out; -+ } - - /* calculate p-1 and q-1 */ -- if ((r = rsa_generate_additional_parameters(prv->rsa)) != 0) -+ if ((r = rsa_generate_additional_parameters(prv->rsa, iqmp)) != 0) { -+ BN_free(iqmp); - goto out; -+ } - - /* enable blinding */ - if (RSA_blinding_on(prv->rsa, NULL) != 1) { -@@ -3817,7 +4084,9 @@ sshkey_parse_private_pem_fileblob(struct sshbuf *blob, int type, - case EVP_R_BAD_DECRYPT: - r = SSH_ERR_KEY_WRONG_PASSPHRASE; - goto out; -+#ifdef EVP_R_BN_DECODE_ERROR - case EVP_R_BN_DECODE_ERROR: -+#endif - case EVP_R_DECODE_ERROR: - #ifdef EVP_R_PRIVATE_KEY_DECODE_ERROR - case EVP_R_PRIVATE_KEY_DECODE_ERROR: -@@ -3835,7 +4104,7 @@ sshkey_parse_private_pem_fileblob(struct sshbuf *blob, int type, - r = SSH_ERR_LIBCRYPTO_ERROR; - goto out; - } -- if (pk->type == EVP_PKEY_RSA && -+ if (EVP_PKEY_id(pk) == EVP_PKEY_RSA && - (type == KEY_UNSPEC || type == KEY_RSA)) { - if ((prv = sshkey_new(KEY_UNSPEC)) == NULL) { - r = SSH_ERR_ALLOC_FAIL; -@@ -3850,7 +4119,7 @@ sshkey_parse_private_pem_fileblob(struct sshbuf *blob, int type, - r = SSH_ERR_LIBCRYPTO_ERROR; - goto out; - } -- } else if (pk->type == EVP_PKEY_DSA && -+ } else if (EVP_PKEY_id(pk) == EVP_PKEY_DSA && - (type == KEY_UNSPEC || type == KEY_DSA)) { - if ((prv = sshkey_new(KEY_UNSPEC)) == NULL) { - r = SSH_ERR_ALLOC_FAIL; -@@ -3862,7 +4131,7 @@ sshkey_parse_private_pem_fileblob(struct sshbuf *blob, int type, - DSA_print_fp(stderr, prv->dsa, 8); - #endif - #ifdef OPENSSL_HAS_ECC -- } else if (pk->type == EVP_PKEY_EC && -+ } else if (EVP_PKEY_id(pk) == EVP_PKEY_EC && - (type == KEY_UNSPEC || type == KEY_ECDSA)) { - if ((prv = sshkey_new(KEY_UNSPEC)) == NULL) { - r = SSH_ERR_ALLOC_FAIL; diff --git a/net-misc/openssh1/files/openssh1-7.5_p1-s390-seccomp.patch b/net-misc/openssh1/files/openssh1-7.5_p1-s390-seccomp.patch deleted file mode 100644 index d793200..0000000 --- a/net-misc/openssh1/files/openssh1-7.5_p1-s390-seccomp.patch +++ /dev/null @@ -1,27 +0,0 @@ -From 58b8cfa2a062b72139d7229ae8de567f55776f24 Mon Sep 17 00:00:00 2001 -From: Damien Miller -Date: Wed, 22 Mar 2017 12:43:02 +1100 -Subject: [PATCH] Missing header on Linux/s390 - -Patch from Jakub Jelen ---- - sandbox-seccomp-filter.c | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c -index a8d472a63ccb..2831e9d1083c 100644 ---- a/sandbox-seccomp-filter.c -+++ b/sandbox-seccomp-filter.c -@@ -50,6 +50,9 @@ - #include - - #include -+#ifdef __s390__ -+#include -+#endif - - #include - #include --- -2.15.1 - diff --git a/net-misc/openssh1/files/openssh1-7.5_p1-ssh1.patch b/net-misc/openssh1/files/openssh1-7.5_p1-ssh1.patch deleted file mode 100644 index 3a374a0..0000000 --- a/net-misc/openssh1/files/openssh1-7.5_p1-ssh1.patch +++ /dev/null @@ -1,152 +0,0 @@ ---- openssh-7.5p1/Makefile.in.orig 2017-03-20 03:39:27.000000000 +0100 -+++ openssh-7.5p1/Makefile.in 2019-12-10 05:50:55.590037728 +0100 -@@ -62,7 +62,7 @@ - EXEEXT=@EXEEXT@ - MANFMT=@MANFMT@ - --TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-pkcs11-helper$(EXEEXT) ssh-agent$(EXEEXT) scp$(EXEEXT) sftp-server$(EXEEXT) sftp$(EXEEXT) -+TARGETS=ssh$(EXEEXT) ssh-keygen$(EXEEXT) scp$(EXEEXT) - - LIBOPENSSH_OBJS=\ - ssh_api.o \ -@@ -112,15 +112,15 @@ - sandbox-seccomp-filter.o sandbox-capsicum.o sandbox-pledge.o \ - sandbox-solaris.o - --MANPAGES = moduli.5.out scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-keysign.8.out ssh-pkcs11-helper.8.out sshd_config.5.out ssh_config.5.out --MANPAGES_IN = moduli.5 scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-keysign.8 ssh-pkcs11-helper.8 sshd_config.5 ssh_config.5 -+MANPAGES = scp.1.out ssh-keygen.1.out ssh.1.out ssh_config.5.out -+MANPAGES_IN = scp.1 ssh-keygen.1 ssh.1 ssh_config.5 - MANTYPE = @MANTYPE@ - --CONFIGFILES=sshd_config.out ssh_config.out moduli.out --CONFIGFILES_IN=sshd_config ssh_config moduli -+CONFIGFILES=ssh_config.out -+CONFIGFILES_IN=ssh_config - - PATHSUBS = \ -- -e 's|/etc/ssh/ssh_config|$(sysconfdir)/ssh_config|g' \ -+ -e 's|/etc/ssh/ssh_config|$(sysconfdir)/ssh_config1|g' \ - -e 's|/etc/ssh/ssh_known_hosts|$(sysconfdir)/ssh_known_hosts|g' \ - -e 's|/etc/ssh/sshd_config|$(sysconfdir)/sshd_config|g' \ - -e 's|/usr/libexec|$(libexecdir)|g' \ -@@ -301,71 +301,31 @@ - $(AUTORECONF) - -rm -rf autom4te.cache - --install: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files install-sysconf host-key check-config -+install: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files install-sysconf host-key - install-nokeys: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files install-sysconf - install-nosysconf: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files - --check-config: -- -$(DESTDIR)$(sbindir)/sshd -t -f $(DESTDIR)$(sysconfdir)/sshd_config -- - install-files: - $(srcdir)/mkinstalldirs $(DESTDIR)$(bindir) -- $(srcdir)/mkinstalldirs $(DESTDIR)$(sbindir) - $(srcdir)/mkinstalldirs $(DESTDIR)$(mandir) - $(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)1 - $(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)5 -- $(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)8 -- $(srcdir)/mkinstalldirs $(DESTDIR)$(libexecdir) -- (umask 022 ; $(srcdir)/mkinstalldirs $(DESTDIR)$(PRIVSEP_PATH)) -- $(INSTALL) -m 0755 $(STRIP_OPT) ssh$(EXEEXT) $(DESTDIR)$(bindir)/ssh$(EXEEXT) -- $(INSTALL) -m 0755 $(STRIP_OPT) scp$(EXEEXT) $(DESTDIR)$(bindir)/scp$(EXEEXT) -- $(INSTALL) -m 0755 $(STRIP_OPT) ssh-add$(EXEEXT) $(DESTDIR)$(bindir)/ssh-add$(EXEEXT) -- $(INSTALL) -m 0755 $(STRIP_OPT) ssh-agent$(EXEEXT) $(DESTDIR)$(bindir)/ssh-agent$(EXEEXT) -- $(INSTALL) -m 0755 $(STRIP_OPT) ssh-keygen$(EXEEXT) $(DESTDIR)$(bindir)/ssh-keygen$(EXEEXT) -- $(INSTALL) -m 0755 $(STRIP_OPT) ssh-keyscan$(EXEEXT) $(DESTDIR)$(bindir)/ssh-keyscan$(EXEEXT) -- $(INSTALL) -m 0755 $(STRIP_OPT) sshd$(EXEEXT) $(DESTDIR)$(sbindir)/sshd$(EXEEXT) -- $(INSTALL) -m 4711 $(STRIP_OPT) ssh-keysign$(EXEEXT) $(DESTDIR)$(SSH_KEYSIGN)$(EXEEXT) -- $(INSTALL) -m 0755 $(STRIP_OPT) ssh-pkcs11-helper$(EXEEXT) $(DESTDIR)$(SSH_PKCS11_HELPER)$(EXEEXT) -- $(INSTALL) -m 0755 $(STRIP_OPT) sftp$(EXEEXT) $(DESTDIR)$(bindir)/sftp$(EXEEXT) -- $(INSTALL) -m 0755 $(STRIP_OPT) sftp-server$(EXEEXT) $(DESTDIR)$(SFTP_SERVER)$(EXEEXT) -- $(INSTALL) -m 644 ssh.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh.1 -- $(INSTALL) -m 644 scp.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/scp.1 -- $(INSTALL) -m 644 ssh-add.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-add.1 -- $(INSTALL) -m 644 ssh-agent.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-agent.1 -- $(INSTALL) -m 644 ssh-keygen.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-keygen.1 -- $(INSTALL) -m 644 ssh-keyscan.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-keyscan.1 -- $(INSTALL) -m 644 moduli.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/moduli.5 -- $(INSTALL) -m 644 sshd_config.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/sshd_config.5 -- $(INSTALL) -m 644 ssh_config.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/ssh_config.5 -- $(INSTALL) -m 644 sshd.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/sshd.8 -- $(INSTALL) -m 644 sftp.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/sftp.1 -- $(INSTALL) -m 644 sftp-server.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/sftp-server.8 -- $(INSTALL) -m 644 ssh-keysign.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-keysign.8 -- $(INSTALL) -m 644 ssh-pkcs11-helper.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-pkcs11-helper.8 -+ $(INSTALL) -m 0755 $(STRIP_OPT) ssh$(EXEEXT) $(DESTDIR)$(bindir)/ssh1$(EXEEXT) -+ $(INSTALL) -m 0755 $(STRIP_OPT) scp$(EXEEXT) $(DESTDIR)$(bindir)/scp1$(EXEEXT) -+ $(INSTALL) -m 0755 $(STRIP_OPT) ssh-keygen$(EXEEXT) $(DESTDIR)$(bindir)/ssh-keygen1$(EXEEXT) -+ $(INSTALL) -m 644 ssh.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh1.1 -+ $(INSTALL) -m 644 scp.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/scp1.1 -+ $(INSTALL) -m 644 ssh-keygen.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-keygen1.1 -+ $(INSTALL) -m 644 ssh_config.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/ssh_config1.5 - - install-sysconf: - if [ ! -d $(DESTDIR)$(sysconfdir) ]; then \ - $(srcdir)/mkinstalldirs $(DESTDIR)$(sysconfdir); \ - fi -- @if [ ! -f $(DESTDIR)$(sysconfdir)/ssh_config ]; then \ -- $(INSTALL) -m 644 ssh_config.out $(DESTDIR)$(sysconfdir)/ssh_config; \ -- else \ -- echo "$(DESTDIR)$(sysconfdir)/ssh_config already exists, install will not overwrite"; \ -- fi -- @if [ ! -f $(DESTDIR)$(sysconfdir)/sshd_config ]; then \ -- $(INSTALL) -m 644 sshd_config.out $(DESTDIR)$(sysconfdir)/sshd_config; \ -- else \ -- echo "$(DESTDIR)$(sysconfdir)/sshd_config already exists, install will not overwrite"; \ -- fi -- @if [ ! -f $(DESTDIR)$(sysconfdir)/moduli ]; then \ -- if [ -f $(DESTDIR)$(sysconfdir)/primes ]; then \ -- echo "moving $(DESTDIR)$(sysconfdir)/primes to $(DESTDIR)$(sysconfdir)/moduli"; \ -- mv "$(DESTDIR)$(sysconfdir)/primes" "$(DESTDIR)$(sysconfdir)/moduli"; \ -- else \ -- $(INSTALL) -m 644 moduli.out $(DESTDIR)$(sysconfdir)/moduli; \ -- fi ; \ -+ @if [ ! -f $(DESTDIR)$(sysconfdir)/ssh_config1 ]; then \ -+ $(INSTALL) -m 644 ssh_config.out $(DESTDIR)$(sysconfdir)/ssh_config1; \ - else \ -- echo "$(DESTDIR)$(sysconfdir)/moduli already exists, install will not overwrite"; \ -+ echo "$(DESTDIR)$(sysconfdir)/ssh_config1 already exists, install will not overwrite"; \ - fi - - host-key: ssh-keygen$(EXEEXT) -@@ -385,8 +345,7 @@ - fi - - uninstallall: uninstall -- -rm -f $(DESTDIR)$(sysconfdir)/ssh_config -- -rm -f $(DESTDIR)$(sysconfdir)/sshd_config -+ -rm -f $(DESTDIR)$(sysconfdir)/ssh_config1 - -rmdir $(DESTDIR)$(sysconfdir) - -rmdir $(DESTDIR)$(bindir) - -rmdir $(DESTDIR)$(sbindir) -@@ -398,26 +357,10 @@ - uninstall: - -rm -f $(DESTDIR)$(bindir)/ssh$(EXEEXT) - -rm -f $(DESTDIR)$(bindir)/scp$(EXEEXT) -- -rm -f $(DESTDIR)$(bindir)/ssh-add$(EXEEXT) -- -rm -f $(DESTDIR)$(bindir)/ssh-agent$(EXEEXT) - -rm -f $(DESTDIR)$(bindir)/ssh-keygen$(EXEEXT) -- -rm -f $(DESTDIR)$(bindir)/ssh-keyscan$(EXEEXT) -- -rm -f $(DESTDIR)$(bindir)/sftp$(EXEEXT) -- -rm -f $(DESTDIR)$(sbindir)/sshd$(EXEEXT) -- -rm -r $(DESTDIR)$(SFTP_SERVER)$(EXEEXT) -- -rm -f $(DESTDIR)$(SSH_KEYSIGN)$(EXEEXT) -- -rm -f $(DESTDIR)$(SSH_PKCS11_HELPER)$(EXEEXT) - -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/ssh.1 - -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/scp.1 -- -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-add.1 -- -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-agent.1 - -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-keygen.1 -- -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/sftp.1 -- -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-keyscan.1 -- -rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/sshd.8 -- -rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/sftp-server.8 -- -rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-keysign.8 -- -rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-pkcs11-helper.8 - - regress-prep: - [ -d `pwd`/regress ] || mkdir -p `pwd`/regress diff --git a/net-misc/openssh1/files/openssh1-7.5_p1-x32-typo.patch b/net-misc/openssh1/files/openssh1-7.5_p1-x32-typo.patch deleted file mode 100644 index 5dca1b0..0000000 --- a/net-misc/openssh1/files/openssh1-7.5_p1-x32-typo.patch +++ /dev/null @@ -1,25 +0,0 @@ -From 596c432181e1c4a9da354388394f640afd29f44b Mon Sep 17 00:00:00 2001 -From: Mike Frysinger -Date: Mon, 20 Mar 2017 14:57:40 -0400 -Subject: [PATCH] seccomp sandbox: fix typo w/x32 check - ---- - sandbox-seccomp-filter.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c -index 3a1aedce72c2..a8d472a63ccb 100644 ---- a/sandbox-seccomp-filter.c -+++ b/sandbox-seccomp-filter.c -@@ -235,7 +235,7 @@ static const struct sock_filter preauth_insns[] = { - * x86-64 syscall under some circumstances, e.g. - * https://bugs.debian.org/849923 - */ -- SC_ALLOW(__NR_clock_gettime & ~__X32_SYSCALL_BIT); -+ SC_ALLOW(__NR_clock_gettime & ~__X32_SYSCALL_BIT), - #endif - - /* Default deny */ --- -2.12.0 - diff --git a/net-misc/openssh1/openssh1-7.5_p1-r5.ebuild b/net-misc/openssh1/openssh1-7.5_p1-r5.ebuild deleted file mode 100644 index f0a9794..0000000 --- a/net-misc/openssh1/openssh1-7.5_p1-r5.ebuild +++ /dev/null @@ -1,288 +0,0 @@ -# Copyright 1999-2019 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI="5" - -inherit eutils user flag-o-matic multilib autotools pam systemd - -# Make it more portable between straight releases -# and _p? releases. -PARCH=openssh-7.5p1 - -HPN_PATCH="${PARCH}-hpnssh14v12.tar.xz" -SCTP_PATCH="openssh-7.4_p1-sctp.patch.xz" -LDAP_PATCH="openssh-lpk-7.5p1-0.3.14.patch.xz" -X509_VER="10.2" X509_PATCH="openssh-${PV/_}+x509-${X509_VER}.diff.gz" - -DESCRIPTION="Port of OpenBSD's free SSH release" -HOMEPAGE="http://www.openssh.org/" -SRC_URI="mirror://openbsd/OpenSSH/portable/${PARCH}.tar.gz - ${SCTP_PATCH:+mirror://gentoo/${SCTP_PATCH}} - ${HPN_PATCH:+hpn? ( mirror://gentoo/${HPN_PATCH} )} - ${LDAP_PATCH:+ldap? ( mirror://gentoo/${LDAP_PATCH} )} - ${X509_PATCH:+X509? ( http://roumenpetrov.info/openssh/x509-${X509_VER}/${X509_PATCH} )} - " - -LICENSE="BSD GPL-2" -SLOT="0" -KEYWORDS="alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~ppc-aix ~x64-cygwin ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris" -# Probably want to drop ssl defaulting to on in a future version. -IUSE="abi_mips_n32 audit bindist debug ${HPN_PATCH:++}hpn kerberos kernel_linux ldap ldns libedit libressl livecd pam +pie sctp selinux skey +ssh1 +ssl static test X X509" -REQUIRED_USE="ldns? ( ssl ) - pie? ( !static ) - ssh1? ( ssl ) - static? ( !kerberos !pam ) - X509? ( !ldap !sctp ssl ) - test? ( ssl )" - -LIB_DEPEND=" - audit? ( sys-process/audit[static-libs(+)] ) - ldns? ( - net-libs/ldns[static-libs(+)] - !bindist? ( net-libs/ldns[ecdsa,ssl(+)] ) - bindist? ( net-libs/ldns[-ecdsa,ssl(+)] ) - ) - libedit? ( dev-libs/libedit:=[static-libs(+)] ) - sctp? ( net-misc/lksctp-tools[static-libs(+)] ) - selinux? ( >=sys-libs/libselinux-1.28[static-libs(+)] ) - skey? ( >=sys-auth/skey-1.1.5-r1[static-libs(+)] ) - ssl? ( - !libressl? ( - >=dev-libs/openssl-1.0.1:0=[bindist=] - dev-libs/openssl:0=[static-libs(+)] - ) - libressl? ( dev-libs/libressl:0=[static-libs(+)] ) - ) - >=sys-libs/zlib-1.2.3:=[static-libs(+)]" -RDEPEND=" - !static? ( ${LIB_DEPEND//\[static-libs(+)]} ) - pam? ( sys-libs/pam ) - kerberos? ( virtual/krb5 ) - ldap? ( net-nds/openldap )" -DEPEND="${RDEPEND} - static? ( ${LIB_DEPEND} ) - virtual/pkgconfig - virtual/os-headers - sys-devel/autoconf" -RDEPEND="${RDEPEND} - pam? ( >=sys-auth/pambase-20081028 ) - userland_GNU? ( sys-apps/shadow ) - X? ( x11-apps/xauth )" - -S=${WORKDIR}/${PARCH} - -pkg_pretend() { - # this sucks, but i'd rather have people unable to `emerge -u openssh` - # than not be able to log in to their server any more - maybe_fail() { [[ -z ${!2} ]] && echo "$1" ; } - local fail=" - $(use X509 && maybe_fail X509 X509_PATCH) - $(use ldap && maybe_fail ldap LDAP_PATCH) - $(use hpn && maybe_fail hpn HPN_PATCH) - " - fail=$(echo ${fail}) - if [[ -n ${fail} ]] ; then - eerror "Sorry, but this version does not yet support features" - eerror "that you requested: ${fail}" - eerror "Please mask ${PF} for now and check back later:" - eerror " # echo '=${CATEGORY}/${PF}' >> /etc/portage/package.mask" - die "booooo" - fi -} - -save_version() { - # version.h patch conflict avoidence - mv version.h version.h.$1 - cp -f version.h.pristine version.h -} - -src_prepare() { - sed -i \ - -e "/_PATH_XAUTH/s:/usr/X11R6/bin/xauth:${EPREFIX}/usr/bin/xauth:" \ - pathnames.h || die - # keep this as we need it to avoid the conflict between LPK and HPN changing - # this file. - cp version.h version.h.pristine - - if use X509 ; then - if use hpn ; then - pushd "${WORKDIR}"/${HPN_PATCH%.*.*} >/dev/null - epatch "${FILESDIR}"/${P}-hpn-x509-${X509_VER}-glue.patch - popd >/dev/null - fi - save_version X509 - epatch "${WORKDIR}"/${X509_PATCH%.*} - fi - - if use ldap ; then - epatch "${WORKDIR}"/${LDAP_PATCH%.*} - save_version LPK - fi - - epatch "${FILESDIR}"/${PN}-7.5_p1-ssh1.patch - epatch "${FILESDIR}"/${PN}-7.5_p1-GSSAPI-dns.patch #165444 integrated into gsskex - epatch "${FILESDIR}"/${PN}-6.7_p1-openssl-ignore-status.patch - epatch "${FILESDIR}"/${PN}-7.5_p1-disable-conch-interop-tests.patch - epatch "${FILESDIR}"/${PN}-7.5_p1-cross-cache.patch - epatch "${FILESDIR}"/${PN}-7.5_p1-CVE-2017-15906.patch - use X509 || epatch "${FILESDIR}"/${PN}-7.5_p1-s390-seccomp.patch # already included in X509 patch set, #644252 - use X509 || epatch "${WORKDIR}"/${SCTP_PATCH%.*} - use X509 || epatch "${FILESDIR}"/${PN}-7.5_p1-x32-typo.patch - use abi_mips_n32 && epatch "${FILESDIR}"/${PN}-7.3-mips-seccomp-n32.patch - epatch "${FILESDIR}"/${PN}-7.5_p1-openssl-1.1.patch - - if use hpn ; then - EPATCH_FORCE="yes" EPATCH_SUFFIX="patch" \ - EPATCH_MULTI_MSG="Applying HPN patchset ..." \ - epatch "${WORKDIR}"/${HPN_PATCH%.*.*} - save_version HPN - fi - - tc-export PKG_CONFIG - local sed_args=( - -e "s:-lcrypto:$(${PKG_CONFIG} --libs openssl):" - # Disable PATH reset, trust what portage gives us #254615 - -e 's:^PATH=/:#PATH=/:' - # Disable fortify flags ... our gcc does this for us - -e 's:-D_FORTIFY_SOURCE=2::' - ) - # The -ftrapv flag ICEs on hppa #505182 - use hppa && sed_args+=( - -e '/CFLAGS/s:-ftrapv:-fdisable-this-test:' - -e '/OSSH_CHECK_CFLAG_LINK.*-ftrapv/d' - ) - # _XOPEN_SOURCE causes header conflicts on Solaris - [[ ${CHOST} == *-solaris* ]] && sed_args+=( - -e 's/-D_XOPEN_SOURCE//' - ) - sed -i "${sed_args[@]}" configure{.ac,} || die - - epatch_user #473004 - - # Now we can build a sane merged version.h - ( - sed '/^#define SSH_RELEASE/d' version.h.* | sort -u - macros=() - for p in HPN LPK X509; do [[ -e version.h.${p} ]] && macros+=( SSH_${p} ) ; done - printf '#define SSH_RELEASE SSH_VERSION SSH_PORTABLE %s\n' "${macros[*]}" - ) > version.h - - eautoreconf -} - -src_configure() { - addwrite /dev/ptmx - - use debug && append-cppflags -DSANDBOX_SECCOMP_FILTER_DEBUG - use static && append-ldflags -static - - local myconf=( - --with-ldflags="${LDFLAGS}" - --disable-strip - --with-pid-dir="${EPREFIX}"$(usex kernel_linux '' '/var')/run - --sysconfdir="${EPREFIX}"/etc/ssh - --libexecdir="${EPREFIX}"/usr/$(get_libdir)/misc - --datadir="${EPREFIX}"/usr/share/openssh - --with-sandbox=no - $(use_with audit audit linux) - $(use_with kerberos kerberos5 "${EPREFIX}"/usr) - # We apply the ldap patch conditionally, so can't pass --without-ldap - # unconditionally else we get unknown flag warnings. - $(use ldap && use_with ldap) - $(use_with ldns) - $(use_with libedit) - $(use_with pam) - $(use_with pie) - $(use X509 || use_with sctp) - $(use_with selinux) - $(use_with skey) - $(use_with ssh1) - $(use_with ssl openssl) - $(use_with ssl md5-passwords) - $(use_with ssl ssl-engine) - ) - - econf "${myconf[@]}" -} - -src_install() { - emake install-nokeys DESTDIR="${D}" - - cat <<-EOF >> "${ED}"/etc/ssh/ssh_config1 - - # Send locale environment variables #367017 - SendEnv LANG LC_* - EOF - - if ! use X509 && [[ -n ${LDAP_PATCH} ]] && use ldap ; then - insinto /etc/openldap/schema/ - newins openssh-lpk_openldap.schema openssh-lpk.schema - fi - - dodoc CREDITS OVERVIEW README* TODO - use X509 || dodoc ChangeLog - - diropts -m 0700 - dodir /etc/skel/.ssh -} - -src_test() { - local t skipped=() failed=() passed=() - local tests=( interop-tests compat-tests ) - - local shell=$(egetshell "${UID}") - if [[ ${shell} == */nologin ]] || [[ ${shell} == */false ]] ; then - elog "Running the full OpenSSH testsuite requires a usable shell for the 'portage'" - elog "user, so we will run a subset only." - skipped+=( tests ) - else - tests+=( tests ) - fi - - # It will also attempt to write to the homedir .ssh. - local sshhome=${T}/homedir - mkdir -p "${sshhome}"/.ssh - for t in "${tests[@]}" ; do - # Some tests read from stdin ... - HOMEDIR="${sshhome}" HOME="${sshhome}" \ - emake -k -j1 ${t} - - - - pacho@gentoo.org - Pacho Ramos - - diff --git a/net-print/cndrvcups-common-sfp/Manifest b/net-print/cndrvcups-common-sfp/Manifest deleted file mode 100644 index cbed5b7..0000000 --- a/net-print/cndrvcups-common-sfp/Manifest +++ /dev/null @@ -1,3 +0,0 @@ -DIST linux-UFRIILT-drv-v140_uken.tar.gz 106958045 BLAKE2B 605663beea4737a3d7503340d66106a959167fc60ee8f0bfea514ee320c73ce5488290b2a105d72d0f8257d131656c5cd92f7f025297cb2526a2cf28e1066d3f SHA512 3d25db05dd17a85c299bb1fdab776225be5370e6f1f634496a8b4f7dfd59b7a545bccfeb436656387343238e96d624556448047659968fe8094148937ba04e84 -EBUILD cndrvcups-common-sfp-1.40.ebuild 2906 BLAKE2B 1432ede749b38bfad70ee62abdbad20e0dbacb6c9f02e50e7abf49e3c5574f89936ad543942a1cdd7f74f9f01595defb639ab79c369fd2c4d4191da2d02967b4 SHA512 e9958ba535eda035d6285816bd0f1c6e4bcf7f2a13269b3c71988eb4a863a87f846ce55056b127581c0b012c91af42c676ff976a26bb8a4ec78a36b296992c02 -MISC metadata.xml 239 BLAKE2B 33a4b7a2007252ef09e319431769f16c7010fc511e2e2ff02853ce5bf064f90b3e3ff088d97510fa0cfdd2dffaf82872f836aff8385efcee22a62d611cc41a21 SHA512 e2741d7308653b7fb13bf9b4af86c5525cea22e23e31925db40ef76a3f228ac5fe520bbf6a0c5b83565e2257e588acaa9a33cc55480138932446642cbbf15623 diff --git a/net-print/cndrvcups-common-sfp/cndrvcups-common-sfp-1.40.ebuild b/net-print/cndrvcups-common-sfp/cndrvcups-common-sfp-1.40.ebuild deleted file mode 100644 index 8787f40..0000000 --- a/net-print/cndrvcups-common-sfp/cndrvcups-common-sfp-1.40.ebuild +++ /dev/null @@ -1,112 +0,0 @@ -# Copyright 1999-2018 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 - -EAPI=6 -inherit autotools versionator - -MY_PV="$(delete_all_version_separators)" -SOURCES_NAME="linux-UFRIILT-drv-v${MY_PV}-uken" - -DESCRIPTION="Common files for Canon drivers" -HOMEPAGE="https://www.canon.co.uk/support/consumer_products/products/printers/laser/i-sensys_lbp7110cw.aspx?type=drivers&language=&os=Linux%20(64-bit)" -SRC_URI="http://gdlp01.c-wss.com/gds/0/0100005950/08/${SOURCES_NAME/-uken/_uken}.tar.gz" -LICENSE="Canon-UFR-II GPL-2 MIT" -SLOT="0" -KEYWORDS="-* amd64 x86" -IUSE="" - -RDEPEND=" - >=dev-libs/libxml2-2.6:2 - >=gnome-base/libglade-2.4:2.0 - >=net-print/cups-1.1.17 - >=x11-libs/gtk+-2.4:2 -" -DEPEND="${DEPEND}" - -S="${WORKDIR}/${SOURCES_NAME}/Sources/${P/-sfp-${PV}/-3.80}" - -pkg_setup() { - # Don't raise a fuss over pre-built binaries - QA_PREBUILT=" - /usr/libexec/cups/filter/c3pldrv - /usr/$(get_abi_LIBDIR x86)/libColorGear.so.0.0.0 - /usr/$(get_abi_LIBDIR x86)/libColorGearC.so.1.0.0 - /usr/$(get_abi_LIBDIR x86)/libc3pl.so.0.0.1 - /usr/$(get_abi_LIBDIR x86)/libcaepcm.so.1.0 - /usr/$(get_abi_LIBDIR x86)/libcaiousb.so.1.0.0 - /usr/$(get_abi_LIBDIR x86)/libcaiowrap.so.1.0.0 - /usr/$(get_abi_LIBDIR x86)/libcanon_slim.so.1.0.0 - /usr/$(get_libdir)/libcanonc3pl.so.1.0.0 - " - QA_SONAME=" - /usr/$(get_abi_LIBDIR x86)/libcaiousb.so.1.0.0 - " -} - -src_unpack() { - unpack ${A} - cd "${WORKDIR}/${SOURCES_NAME}/Sources/" || die - unpack ./${P/-sfp-${PV}/-3.80}-1.tar.gz -} - -change_dir() { - for i in cngplp buftool backend; do - cd "${i}" || die - "${@}" - cd "${S}" || die - done -} - -src_prepare() { - default - sed -i -e \ - "s:backenddir = \$(libdir)/cups/backend:backenddir = `cups-config --serverbin`/backend:" \ - backend/Makefile.am || die - - export "LIBS=-lgtk-x11-2.0 -lgobject-2.0 -lglib-2.0 -lgmodule-2.0" - change_dir eautoreconf -} - -src_configure() { - change_dir econf -} - -src_compile() { - change_dir emake - - # Cannot be moved to 'change_dir' as it doesn't need eautoreconf - ( cd "${S}/c3plmod_ipc" && emake ) || die -} - -src_install() { - MAKEOPTS+=" -j1" default - - einstalldocs - - cd "${S}/c3plmod_ipc" || die - dolib.so libcanonc3pl.so.1.0.0 - dosym libcanonc3pl.so.1.0.0 "/usr/$(get_libdir)/libcanonc3pl.so.1" - dosym libcanonc3pl.so.1.0.0 "/usr/$(get_libdir)/libcanonc3pl.so" - - cd "${S}/data" || die - insinto /usr/share/caepcm - doins * - - ABI=x86 - cd "${S}/libs" || die - exeinto $(cups-config --serverbin)/filter - doexe c3pldrv - dolib.so libcaepcm.so.1.0 - dosym libcaepcm.so.1.0 "/usr/$(get_libdir)/libcaepcm.so.1" - dosym libcaepcm.so.1.0 "/usr/$(get_libdir)/libcaepcm.so" - for lib in *.so.?.?.?; do - dolib.so "${lib}" - dosym "${lib}" "/usr/$(get_libdir)/${lib%.?.?}" - dosym "${lib}" "/usr/$(get_libdir)/${lib%.?.?.?}" - done - - # c3pldrv dlopens the absolute path /usr/lib/libc3pl.so :( - if [[ "$(get_libdir)" != lib ]]; then - dosym "../$(get_libdir)/libc3pl.so" /usr/lib/libc3pl.so - fi -} diff --git a/net-print/cndrvcups-common-sfp/metadata.xml b/net-print/cndrvcups-common-sfp/metadata.xml deleted file mode 100644 index f618816..0000000 --- a/net-print/cndrvcups-common-sfp/metadata.xml +++ /dev/null @@ -1,8 +0,0 @@ - - - - - pacho@gentoo.org - Pacho Ramos - - diff --git a/net-print/cndrvcups-lb/Manifest b/net-print/cndrvcups-lb/Manifest deleted file mode 100644 index 6bee83d..0000000 --- a/net-print/cndrvcups-lb/Manifest +++ /dev/null @@ -1,3 +0,0 @@ -DIST linux-UFRII-drv-v350-uken.tar.gz 116120579 BLAKE2B fa5f521f4eec375fa0d9efb7b47ff6dd88f47c36fa5750818f7e367058b8ccafce99b9f8f9d9195e1e5e0e2f1b77a7c0cc1524786f111b065204d0472601202b SHA512 2eeb1448cb76ac156e1e5f6df46141ee5605b0bed1c25f31b0f039fb9f579fe3d5732b132cae391e78276c550febc19366f958d1fb53c93f955303f1f5c37ab3 -EBUILD cndrvcups-lb-3.50.ebuild 2614 BLAKE2B f347fd292c7b582c5e768932b1c7e444fef9d0fb5d415b4325a7f154bac83eae950db7a96e7994cbb1d017973001f1e673cd0af22e0aadb1ce42aa90817f2070 SHA512 0d61406771d9c36418ba1e08ccd188083fa6323fb54aba6fceb74e7e4c231341580bfef7727a11b63e7dd564056e882e97747a648be1eba19f087b1d32d57e5d -MISC metadata.xml 239 BLAKE2B 33a4b7a2007252ef09e319431769f16c7010fc511e2e2ff02853ce5bf064f90b3e3ff088d97510fa0cfdd2dffaf82872f836aff8385efcee22a62d611cc41a21 SHA512 e2741d7308653b7fb13bf9b4af86c5525cea22e23e31925db40ef76a3f228ac5fe520bbf6a0c5b83565e2257e588acaa9a33cc55480138932446642cbbf15623 diff --git a/net-print/cndrvcups-lb/cndrvcups-lb-3.50.ebuild b/net-print/cndrvcups-lb/cndrvcups-lb-3.50.ebuild deleted file mode 100644 index 489c7b5..0000000 --- a/net-print/cndrvcups-lb/cndrvcups-lb-3.50.ebuild +++ /dev/null @@ -1,108 +0,0 @@ -# Copyright 1999-2018 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 - -EAPI=6 -inherit autotools versionator - -MY_PV="$(delete_all_version_separators)" -SOURCES_NAME="linux-UFRII-drv-v${MY_PV}-uken" - -DESCRIPTION="Canon UFR II / LIPSLX Printer Driver for Linux" -HOMEPAGE="https://www.canon-europe.com/support/products/imagerunner/imagerunner-1133.aspx?type=drivers&language=EN&os=LINUX" -SRC_URI="http://gdlp01.c-wss.com/gds/0/0100009240/01/${SOURCES_NAME}.tar.gz" - -LICENSE="Canon-UFR-II" -SLOT="0" -KEYWORDS="-* ~amd64 ~x86" -IUSE="" - -RDEPEND=" - >=dev-libs/libxml2-2.9.1-r4[abi_x86_32(-)] - >=gnome-base/libglade-2.4:2.0 - >=net-print/cups-1.1.17 - ~net-print/cndrvcups-common-lb-${PV} - >=x11-libs/gtk+-2.4:2 - virtual/jpeg:62[abi_x86_32(-)] -" -DEPEND="${DEPEND}" - -S="${WORKDIR}/${SOURCES_NAME}/Sources/${P}" - -MAKEOPTS+=" -j1" - -pkg_setup() { - # Don't raise a fuss over pre-built binaries - QA_PREBUILT=" - /usr/bin/cnpkbidi - /usr/bin/cnpkmoduleufr2 - /usr/$(get_abi_LIBDIR x86)/libEnoJPEG.so.1.0.0 - /usr/$(get_abi_LIBDIR x86)/libEnoJBIG.so.1.0.0 - /usr/$(get_abi_LIBDIR x86)/libufr2filter.so.1.0.0 - /usr/$(get_abi_LIBDIR x86)/libcnlbcm.so.1.0 - /usr/$(get_abi_LIBDIR x86)/libcaiocnpkbidi.so.1.0.0 - /usr/$(get_abi_LIBDIR x86)/libcanonufr2.so.1.0.0 - " - QA_SONAME="/usr/$(get_abi_LIBDIR x86)/libcaiocnpkbidi.so.1.0.0" -} - -src_unpack() { - unpack ${A} - cd "${WORKDIR}/${SOURCES_NAME}/Sources/" || die - unpack ./${P}-1.tar.gz -} - -change_dir() { - for i in ppd pstoufr2cpca cngplp cngplp/files cpca ; do - cd "${i}" || die - "${@}" - cd "${S}" || die - done -} - -src_prepare() { - default - sed -i -e \ - "s:filterdir = \$(libdir)/cups/filter:filterdir = `cups-config --serverbin`/filter:" \ - pstoufr2cpca/filter/Makefile.am || die - - export "LIBS=-lgmodule-2.0" - change_dir eautoreconf -} - -src_configure() { - change_dir econf -} - -src_install() { - default - einstalldocs - - find "${D}" -name '*.la' -delete || die - - cd "${S}/data" || die - insinto /usr/share/caepcm - doins * - - cd "${S}/libs" || die - insinto /usr/share/cnpkbidi - doins cnpkbidi_info* - - insinto /usr/share/ufr2filter - doins ThLB* - - ABI=x86 - dobin cnpkbidi cnpkmoduleufr2 - dolib.so libcnlbcm.so.1.0 - dosym libcnlbcm.so.1.0 "/usr/$(get_libdir)/libcnlbcm.so.1" - dosym libcnlbcm.so.1.0 "/usr/$(get_libdir)/libcnlbcm.so" - for lib in *.so.?.?.?; do - dolib.so "${lib}" - dosym "${lib}" "/usr/$(get_libdir)/${lib%.?.?}" - dosym "${lib}" "/usr/$(get_libdir)/${lib%.?.?.?}" - done - - # c3pldrv dlopens the absolute path /usr/lib/libcnlbcm.so :( - if [[ "$(get_libdir)" != lib ]]; then - dosym "../$(get_libdir)/libcnlbcm.so" /usr/lib/libcnlbcm.so - fi -} diff --git a/net-print/cndrvcups-lb/metadata.xml b/net-print/cndrvcups-lb/metadata.xml deleted file mode 100644 index f618816..0000000 --- a/net-print/cndrvcups-lb/metadata.xml +++ /dev/null @@ -1,8 +0,0 @@ - - - - - pacho@gentoo.org - Pacho Ramos - - diff --git a/net-print/cndrvcups-sfp/Manifest b/net-print/cndrvcups-sfp/Manifest deleted file mode 100644 index 18e6d49..0000000 --- a/net-print/cndrvcups-sfp/Manifest +++ /dev/null @@ -1,4 +0,0 @@ -AUX remove-StatusMonitor.patch 249 BLAKE2B b36889d01f1232987add0e495c147cbd8b9c3515f38935cfc3ce5047a9773cd2673c5348a58169d32592add4b36f7f10f577037482e78c35683a77b66d4ea8ba SHA512 ed6cc24512173635ec7737ff12bbd6f2e5715e38ba72312d31ea22e1419dc7ef9270f7f6f26c28f0587fd9217de126e02a4a31377010d70a00d60b2e0e94b80d -DIST linux-UFRIILT-drv-v140_uken.tar.gz 106958045 BLAKE2B 605663beea4737a3d7503340d66106a959167fc60ee8f0bfea514ee320c73ce5488290b2a105d72d0f8257d131656c5cd92f7f025297cb2526a2cf28e1066d3f SHA512 3d25db05dd17a85c299bb1fdab776225be5370e6f1f634496a8b4f7dfd59b7a545bccfeb436656387343238e96d624556448047659968fe8094148937ba04e84 -EBUILD cndrvcups-sfp-1.40.ebuild 4357 BLAKE2B da0d8ab22d62b2a4adef03a24388cbd3a36af832432fcaa94af6f204a699314e6d4d129a91f02ee9d55d9814684964d589a25385d0755e47d6d0328d8a55d33b SHA512 dad46dd1a89c3bc20665af5cd1d05df2bbe3856e174a9280d5b02fa47122634a600f723784f1a99749327597f75fcfc6fadd3c73f4c72975605f2abdc2a7c82a -MISC metadata.xml 239 BLAKE2B 33a4b7a2007252ef09e319431769f16c7010fc511e2e2ff02853ce5bf064f90b3e3ff088d97510fa0cfdd2dffaf82872f836aff8385efcee22a62d611cc41a21 SHA512 e2741d7308653b7fb13bf9b4af86c5525cea22e23e31925db40ef76a3f228ac5fe520bbf6a0c5b83565e2257e588acaa9a33cc55480138932446642cbbf15623 diff --git a/net-print/cndrvcups-sfp/cndrvcups-sfp-1.40.ebuild b/net-print/cndrvcups-sfp/cndrvcups-sfp-1.40.ebuild deleted file mode 100644 index 7ed5ed8..0000000 --- a/net-print/cndrvcups-sfp/cndrvcups-sfp-1.40.ebuild +++ /dev/null @@ -1,150 +0,0 @@ -# Copyright 1999-2018 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 - -EAPI=6 -inherit autotools versionator - -MY_PV="$(delete_all_version_separators)" -SOURCES_NAME="linux-UFRIILT-drv-v${MY_PV}-uken" - -DESCRIPTION="Canon UFR II LT Printer Driver for Linux" -HOMEPAGE="https://www.canon.co.uk/support/consumer_products/products/printers/laser/i-sensys_lbp7110cw.aspx?type=drivers&language=&os=Linux%20(64-bit)" -SRC_URI="http://gdlp01.c-wss.com/gds/0/0100005950/08/${SOURCES_NAME/-uken/_uken}.tar.gz" -LICENSE="Canon-UFR-II" -SLOT="0" -KEYWORDS="-* amd64 x86" -IUSE="" - -RDEPEND=" - >=dev-libs/libxml2-2.9.1-r4[abi_x86_32(-)] - >=gnome-base/libglade-2.4:2.0 - >=net-print/cups-1.1.17 - ~net-print/cndrvcups-common-sfp-${PV} - >=x11-libs/gtk+-2.4:2 - virtual/jpeg:62[abi_x86_32(-)] -" -DEPEND="${DEPEND}" - -S="${WORKDIR}/${SOURCES_NAME}/Sources/${P}" - -MAKEOPTS+=" -j1" - -PATCHES=( - "${FILESDIR}"/remove-StatusMonitor.patch -) - -pkg_setup() { - # Don't raise a fuss over pre-built binaries - QA_PREBUILT=" - /usr/bin/pksmncap - /usr/bin/commandfilefilter - /usr/bin/cnpkmodulencap - /usr/$(get_abi_LIBDIR x86)/libEnoJPEG.so.1.0.0 - /usr/$(get_abi_LIBDIR x86)/libEnoJBIG.so.1.0.0 - /usr/$(get_abi_LIBDIR x86)/libncapfilter.so.1.0.0 - /usr/$(get_abi_LIBDIR x86)/libcnncapcm.so.1.0 - /usr/$(get_abi_LIBDIR x86)/libcaio_usb_cdc.so.1.0.0 - /usr/$(get_abi_LIBDIR x86)/libccpd_util.so.1.0.0 - /usr/$(get_abi_LIBDIR x86)/libcanon_common.so.1.0.0 - /usr/$(get_abi_LIBDIR x86)/libcanonncap.so.1.0.0 - /usr/$(get_abi_LIBDIR x86)/libCUPS_Communicator.so.1.0.0 - /usr/$(get_abi_LIBDIR x86)/libCommIsolation.so.1.0.0 - /usr/$(get_abi_LIBDIR x86)/libcomm_ncapcaio.so.1.0.0 - /usr/$(get_abi_LIBDIR x86)/libcomm_stdout.so.1.0.0 - /usr/$(get_abi_LIBDIR x86)/libcomm_usbmlport.so.1.0.0 - /usr/$(get_abi_LIBDIR x86)/libcomm_usbsock.so.1.0.0 - /usr/$(get_abi_LIBDIR x86)/libcomm_websrv.so.1.0.0 - /usr/$(get_abi_LIBDIR x86)/libinfo.so.1.0.0 - /usr/$(get_abi_LIBDIR x86)/libinfo_analyze.so.1.0.0 - " - QA_SONAME="/usr/$(get_abi_LIBDIR x86)/libcaio_usb_cdc.so.1.0.0" -} - -src_unpack() { - unpack ${A} - cd "${WORKDIR}/${SOURCES_NAME}/Sources/" || die - unpack ./${P}-1.tar.gz -} - -change_dir() { - for i in ppd pstoncapcpca cngplp cngplp/files cpca ; do - cd "${i}" || die - "${@}" - cd "${S}" || die - done -} - -src_prepare() { - default - sed -i -e \ - "s:filterdir = \$(libdir)/cups/filter:filterdir = `cups-config --serverbin`/filter:" \ - pstoncapcpca/filter/Makefile.am || die - - export "LIBS=-lgmodule-2.0" - change_dir eautoreconf -} - -src_configure() { - change_dir econf -} - -src_install() { - default - einstalldocs - - find "${D}" -name '*.la' -delete || die - - newdir /var/cache/Canon/CUPS_SFP - - cd "${S}/rules" || die - insinto /usr/share/cups/usb - doins canon-sfp-printer.usb-quirks - insinto /etc/udev/rules.d - doins 80-usb-ncapstatusui.rules - - cd "${S}/data" || die - insinto /usr/share/caepcm - doins * - - cd "${S}/libs" || die - insinto /usr/share/ncapfilter - doins ThLB* - - use x86 && libsource=libs - use amd64 && libsource=libs64 - cd "${S}/${libsource}" || die - exeinto /usr/lib/Canon/CUPS_SFP/Bins - doexe commandfilefilter - exeinto /usr/lib/Canon/CUPS_SFP/Utilities - doexe pksmncap - exeinto /usr/lib/Canon/CUPS_SFP/Bidi - for lib in libcomm_*.so.?.?.? libccpd_util.so.?.?.? libcaio_usb_cdc.so.?.?.?; do - doexe "${lib}" - dosym "${lib}" "/usr/lib/Canon/CUPS_SFP/Bidi/${lib%.?.?}" - dosym "${lib}" "/usr/lib/Canon/CUPS_SFP/Bidi/${lib%.?.?.?}" - done - exeinto /usr/lib/Canon/CUPS_SFP/Libs - for lib in libCUPS_Communicator.so.?.?.? libCommIsolation.so.?.?.? libcanon_common.so.?.?.? libinfo*.so.?.?.?; do - doexe "${lib}" - dosym "${lib}" "/usr/lib/Canon/CUPS_SFP/Libs/${lib%.?.?}" - dosym "${lib}" "/usr/lib/Canon/CUPS_SFP/Libs/${lib%.?.?.?}" - done - cd "${S}/libs" || die - exeinto /usr/lib/Canon/CUPS_SFP/Libs - for lib in libEno*.so.?.?.?; do - doexe "${lib}" - dosym "${lib}" "/usr/lib/Canon/CUPS_SFP/Libs/${lib%.?.?}" - dosym "${lib}" "/usr/lib/Canon/CUPS_SFP/Libs/${lib%.?.?.?}" - done - - ABI=x86 - dobin cnpkmodulencap - dolib.so libcnncapcm.so.1.0 - dosym libcnncapcm.so.1.0 "/usr/$(get_libdir)/libcnncapcm.so.1" - dosym libcnncapcm.so.1.0 "/usr/$(get_libdir)/libcnncapcm.so" - for lib in libcnncapcm*.so.?.? libncapfilter.so.?.?.? libcanonncap.so.?.?.?; do - dolib.so "${lib}" - dosym "${lib}" "/usr/$(get_libdir)/${lib%.?.?}" - dosym "${lib}" "/usr/$(get_libdir)/${lib%.?.?.?}" - done -} diff --git a/net-print/cndrvcups-sfp/files/remove-StatusMonitor.patch b/net-print/cndrvcups-sfp/files/remove-StatusMonitor.patch deleted file mode 100644 index 67770b0..0000000 --- a/net-print/cndrvcups-sfp/files/remove-StatusMonitor.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- a/Makefile 2014-12-08 05:09:22.000000000 +0100 -+++ b/Makefile 2018-05-30 14:24:12.013657597 +0200 -@@ -8,7 +8,7 @@ - PPDDIR = ppd - CPCADIR = cpca - CNGPLPDIR = cngplp --SMDIR = StatusMonitor -+SMDIR = - SRCDIRS =\ - $(FILTERDIR)\ - $(PPDDIR)\ diff --git a/net-print/cndrvcups-sfp/metadata.xml b/net-print/cndrvcups-sfp/metadata.xml deleted file mode 100644 index f618816..0000000 --- a/net-print/cndrvcups-sfp/metadata.xml +++ /dev/null @@ -1,8 +0,0 @@ - - - - - pacho@gentoo.org - Pacho Ramos - -