From: Darren Tucker <dtucker@dtucker.net>
Date: Sat, 17 Aug 2024 01:10:19 +0000 (+1000)
Subject: Add compat functions for EVP_Digest{Sign,Verify}.
X-Git-Tag: V_9_9_P1~65
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2a50a8f1fa57857a5e124a2280bcf61cc63c77f7;p=thirdparty%2Fopenssh-portable.git

Add compat functions for EVP_Digest{Sign,Verify}.

This should make LibreSSL 3.1.x through 3.3.x work again.  Code from
tb@, ok djm@.  Restore the test configs covering those.
---

diff --git a/.github/workflows/c-cpp.yml b/.github/workflows/c-cpp.yml
index a5cac7c8e..609028703 100644
--- a/.github/workflows/c-cpp.yml
+++ b/.github/workflows/c-cpp.yml
@@ -57,6 +57,8 @@ jobs:
           - { target: ubuntu-20.04, config: musl }
           - { target: ubuntu-latest, config: boringssl }
           - { target: ubuntu-latest, config: libressl-master }
+          - { target: ubuntu-latest, config: libressl-3.2.6 }
+          - { target: ubuntu-latest, config: libressl-3.3.6 }
           - { target: ubuntu-latest, config: libressl-3.4.3 }
           - { target: ubuntu-latest, config: libressl-3.5.3 }
           - { target: ubuntu-latest, config: libressl-3.6.1 }
diff --git a/configure.ac b/configure.ac
index d21b57989..591d5a388 100644
--- a/configure.ac
+++ b/configure.ac
@@ -2983,6 +2983,8 @@ if test "x$openssl" = "xyes" ; then
 		BN_is_prime_ex \
 		DES_crypt \
 		DSA_generate_parameters_ex \
+		EVP_DigestSign \
+		EVP_DigestVerify \
 		EVP_DigestFinal_ex \
 		EVP_DigestInit_ex \
 		EVP_MD_CTX_cleanup \
diff --git a/openbsd-compat/openssl-compat.c b/openbsd-compat/openssl-compat.c
index 6c65003f2..14865077e 100644
--- a/openbsd-compat/openssl-compat.c
+++ b/openbsd-compat/openssl-compat.c
@@ -95,4 +95,30 @@ ssh_libcrypto_init(void)
 #endif /* USE_OPENSSL_ENGINE */
 }
 
+#ifndef HAVE_EVP_DIGESTSIGN
+int
+EVP_DigestSign(EVP_MD_CTX *ctx, unsigned char *sigret, size_t *siglen,
+    const unsigned char *tbs, size_t tbslen)
+{
+	if (sigret != NULL) {
+		if (EVP_DigestSignUpdate(ctx, tbs, tbslen) <= 0)
+			return 0;
+	}
+
+	return EVP_DigestSignFinal(ctx, sigret, siglen);
+}
+#endif
+
+#ifndef HAVE_EVP_DIGESTVERIFY
+int
+EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret, size_t siglen,
+    const unsigned char *tbs, size_t tbslen)
+{
+	if (EVP_DigestVerifyUpdate(ctx, tbs, tbslen) <= 0)
+		return -1;
+
+	return EVP_DigestVerifyFinal(ctx, sigret, siglen);
+}
+#endif
+
 #endif /* WITH_OPENSSL */
diff --git a/openbsd-compat/openssl-compat.h b/openbsd-compat/openssl-compat.h
index f6796b3ba..2b9780f5e 100644
--- a/openbsd-compat/openssl-compat.h
+++ b/openbsd-compat/openssl-compat.h
@@ -78,5 +78,15 @@ int EVP_CIPHER_CTX_set_iv(EVP_CIPHER_CTX *ctx,
     const unsigned char *iv, size_t len);
 #endif /* HAVE_EVP_CIPHER_CTX_SET_IV */
 
+#ifndef HAVE_EVP_DIGESTSIGN
+int EVP_DigestSign(EVP_MD_CTX *, unsigned char *, size_t *,
+    const unsigned char *, size_t);
+#endif
+
+#ifndef HAVE_EVP_DIGESTVERIFY
+int EVP_DigestVerify(EVP_MD_CTX *, const unsigned char *, size_t,
+    const unsigned char *, size_t);
+#endif
+
 #endif /* WITH_OPENSSL */
 #endif /* _OPENSSL_COMPAT_H */