adjust for OpenSSL 1.1.0+

crypto/crypto_encryption_openssl.cc

@@ -25,6 +25,7 @@
 
 #include <openssl/aes.h>
 #include <openssl/evp.h>
+#include <openssl/modes.h>
 
 #include <common/factory.h>
 #include <crypto/crypto_encryption.h>
@@ -43,19 +44,19 @@ namespace {
 	class SessionEVP : public CryptoEncryption::Session {
 		LogHandle log_;
 		const EVP_CIPHER *cipher_;
-		EVP_CIPHER_CTX ctx_;
+		EVP_CIPHER_CTX *ctx_;
 	public:
 		SessionEVP(const EVP_CIPHER *xcipher)
 		: log_("/crypto/encryption/session/openssl"),
 		  cipher_(xcipher),
 		  ctx_()
 		{
-			EVP_CIPHER_CTX_init(&ctx_);
+			ctx_ = EVP_CIPHER_CTX_new();
 		}
 
 		~SessionEVP()
 		{
-			EVP_CIPHER_CTX_cleanup(&ctx_);
+			EVP_CIPHER_CTX_cleanup(ctx_);
 		}
 
 		unsigned block_size(void) const
@@ -104,7 +105,7 @@ namespace {
 			uint8_t ivdata[iv->length()];
 			iv->copyout(ivdata, sizeof ivdata);
 
-			int rv = EVP_CipherInit(&ctx_, cipher_, keydata, ivdata, enc);
+			int rv = EVP_CipherInit(ctx_, cipher_, keydata, ivdata, enc);
 			if (rv == 0)
 				return (false);
 
@@ -124,7 +125,7 @@ namespace {
 			in->copyout(indata, sizeof indata);
 
 			uint8_t outdata[sizeof indata];
-			int rv = EVP_Cipher(&ctx_, outdata, indata, sizeof indata);
+			int rv = EVP_Cipher(ctx_, outdata, indata, sizeof indata);
 			if (rv == 0)
 				return (false);
 			out->append(outdata, sizeof outdata);
@@ -146,7 +147,6 @@ namespace {
 		}
 		*/
 	};
-
 	class SessionAES128CTR : public CryptoEncryption::Session {
 		LogHandle log_;
 		AES_KEY key_;
@@ -226,7 +226,7 @@ namespace {
 			in->copyout(indata, sizeof indata);
 
 			uint8_t outdata[sizeof indata];
-			AES_ctr128_encrypt(indata, outdata, sizeof indata, &key_, iv_, counterbuf, &countern);
+			CRYPTO_ctr128_encrypt(indata, outdata, sizeof indata, &key_, iv_, counterbuf, &countern, (block128_f)AES_encrypt);
 
 			out->append(outdata, sizeof outdata);
 			return (true);
@@ -247,7 +247,6 @@ namespace {
 		}
 		*/
 	};
-
 	class MethodOpenSSL : public CryptoEncryption::Method {
 		LogHandle log_;
 		FactoryMap<CryptoEncryption::Cipher, CryptoEncryption::Session> cipher_map_;

ssh/ssh_key_exchange.cc

@@ -118,6 +118,9 @@ namespace {
 		{
 			SSH::ServerHostKey *key;
 			uint32_t max, min, n;
+			const BIGNUM *pr, *gr;
+			const BIGNUM *er, *fr;
+			BIGNUM *p, *g;
 			BIGNUM *e, *f;
 			Buffer server_public_key;
 			Buffer signature;
@@ -155,9 +158,15 @@ namespace {
 #ifdef USE_TEST_GROUP
 				group.append(test_prime_and_generator, sizeof test_prime_and_generator);
 				dh_ = DH_new();
-				SSH::MPInt::decode(&dh_->p, &group);
+
-				SSH::MPInt::decode(&dh_->g, &group);
+				SSH::MPInt::decode(&p, &group);
-				ASSERT(log_, group.empty());
+				SSH::MPInt::decode(&g, &group);
+#if OPENSSL_VERSION_NUMBER < 0x1010006fL
+				dh_->p = p;
+				dh_->g = g;
+#else
+				DH_set0_pqg(dh_, p, NULL, g);
+#endif				ASSERT(log_, group.empty());
 #else
 				DEBUG(log_) << "Doing DH_generate_parameters for " << n << " bits.";
 				ASSERT(log_, dh_ == NULL);
@@ -168,8 +177,20 @@ namespace {
 				}
 #endif
 
-				SSH::MPInt::encode(&group, dh_->p);
+#ifdef USE_TEST_GROUP
-				SSH::MPInt::encode(&group, dh_->g);
+				pr = p;
+				gr = g;
+#else
+#if OPENSSL_VERSION_NUMBER < 0x1010006fL
+				pr = dh_->p;
+				gr = dh_->p;
+#else
+				DH_get0_pqg(dh_, &pr, NULL, &gr);
+#endif
+#endif
+
+				SSH::MPInt::encode(&group, pr);
+				SSH::MPInt::encode(&group, gr);
 				key_exchange_.append(group);
 
 				packet.append(DiffieHellmanGroupExchangeGroup);
@@ -190,18 +211,29 @@ namespace {
 					return (false);
 				}
 
-				if (!SSH::MPInt::decode(&dh_->p, in))
+				if (!SSH::MPInt::decode(&p, in))
 					return (false);
-				if (!SSH::MPInt::decode(&dh_->g, in))
+				if (!SSH::MPInt::decode(&g, in)) {
+					BN_free(p);
 					return (false);
+				}
 
+#if OPENSSL_VERSION_NUMBER < 0x1010006fL
+				dh_->p = p;
+				dh_->g = g;
+#else
+				DH_set0_pqg(dh_, p, NULL, g);
+#endif
 				if (!DH_generate_key(dh_)) {
 					ERROR(log_) << "DH_generate_key failed.";
 					return (false);
 				}
-				e = dh_->pub_key;
+#if OPENSSL_VERSION_NUMBER < 0x1010006fL
-
+				er = dh_->pub_key;
-				SSH::MPInt::encode(&initialize, e);
+#else
+				DH_get0_key(dh_, &er, NULL);
+#endif
+				SSH::MPInt::encode(&initialize, er);
 				key_exchange_.append(initialize);
 
 				packet.append(DiffieHellmanGroupExchangeInitialize);
@@ -220,9 +252,12 @@ namespace {
 
 				if (!DH_generate_key(dh_))
 					return (false);
-				f = dh_->pub_key;
+#if OPENSSL_VERSION_NUMBER < 0x1010006fL
-
+				fr = dh_->pub_key;
-				SSH::MPInt::encode(&key_exchange_, f);
+#else
+				DH_get0_key(dh_, &fr, NULL);
+#endif
+				SSH::MPInt::encode(&key_exchange_, fr);
 				if (!exchange_finish(e)) {
 					ERROR(log_) << "Server key exchange finish failed.";
 					return (false);

ssh/ssh_server_host_key.cc

@@ -68,28 +68,48 @@ namespace {
 
 		bool decode_public_key(Buffer *in)
 		{
+			BIGNUM *e, *n;
 			ASSERT(log_, session_->role_ == SSH::ClientRole);
 			ASSERT(log_, rsa_ == NULL);
+
 			Buffer tag;
 			if (!SSH::String::decode(&tag, in))
 				return (false);
 			if (!tag.equal("ssh-rsa"))
 				return (false);
+
 			rsa_ = RSA_new();
 			if (rsa_ == NULL)
 				return (false);
-			if (!SSH::MPInt::decode(&rsa_->e, in))
+			if (!SSH::MPInt::decode(&e, in))
 				return (false);
-			if (!SSH::MPInt::decode(&rsa_->n, in))
+			if (!SSH::MPInt::decode(&n, in)) {
+ 				BN_free(e);
 				return (false);
+			}
+#if OPENSSL_VERSION_NUMBER < 0x1010006fL
+			rsa_->n = n;
+			rsa_->e = e;
+#else
+			RSA_set0_key(rsa_, n, e, NULL);
+#endif
 			return (true);
 		}
 
 		void encode_public_key(Buffer *out) const
 		{
+			const BIGNUM *er, *nr;
+
+#if OPENSSL_VERSION_NUMBER < 0x1010006fL
+			nr = rsa_->n;
+			er = rsa_->e;
+#else
+			RSA_get0_key(rsa_, &nr, &er, NULL);
+#endif
+
 			SSH::String::encode(out, Buffer("ssh-rsa"));
-			SSH::MPInt::encode(out, rsa_->e);
+			SSH::MPInt::encode(out, er);
-			SSH::MPInt::encode(out, rsa_->n);
+			SSH::MPInt::encode(out, nr);
 		}
 
 		bool sign(Buffer *out, const Buffer *in) const