[prev in list] [next in list] [prev in thread] [next in thread]
List: openembedded-core
Subject: Re: [OE-core][kirkstone][PATCH v3] openssh: Remove BSD-4-clause contents completely from codebase
From: "Ranjitsinh Rathod via lists.openembedded.org" <ranjitsinh.rathod=kpit.com () lists
Date: 2023-05-31 9:05:28
Message-ID: PN3PR01MB7382E5F67AFEB4133580BB218F489 () PN3PR01MB7382 ! INDPRD01 ! PROD ! OUTLOOK ! COM
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
Thanks, Alex.
@Riyaz Ahmed Khan<mailto:Riyaz.Khan@kpit.com>, please create a backport patch for the \
master branch and also let's add some more info in commit message and send v4 patch \
for the kirkstone.
Thanks,
Best Regards,
Ranjitsinh Rathod
Technical Leader | | KPIT Technologies Ltd.
Cellphone: +91-84606 92403
__________________________________________
KPIT<http://www.kpit.com/> | Follow us on LinkedIn<http://www.kpit.com/linkedin>
[cid:33bec1fb-2d95-4395-a8a2-8370c441baa8]<https://www.kpit.com/TheNewBrand>
________________________________
From: Alexander Kanavin <alex.kanavin@gmail.com>
Sent: Wednesday, May 31, 2023 2:32 PM
To: Ranjitsinh Rathod <Ranjitsinh.Rathod@kpit.com>
Cc: Riyaz Ahmed Khan <rak3033@gmail.com>; openembedded-core@lists.openembedded.org \
<openembedded-core@lists.openembedded.org>; Steve Sakoman <steve@sakoman.com>; Riyaz \
Ahmed Khan <Riyaz.Khan@kpit.com>
Subject: Re: [OE-core][kirkstone][PATCH v3] openssh: Remove BSD-4-clause contents \
completely from codebase
Caution: This email originated from outside of the KPIT. Do not click links or open \
attachments unless you recognize the sender and know the content is safe. Hello,
I see, thanks for explaining.
I would suggest you first send a backport for the master branch (I hope it's not \
difficult as the needed upstream commit is closer to the openssh release master has), \
then an equivalent backport for kirkstone. Make sure the commit messages describe why \
this is being done (to ensure openssh source really has no bsd-4 clause code so that \
reality matches what LICENSE says, and we do not have to change LICENSE in an LTS \
branch).
Alex
On Wed, 31 May 2023 at 10:47, Ranjitsinh Rathod \
<Ranjitsinh.Rathod@kpit.com<mailto:Ranjitsinh.Rathod@kpit.com>> wrote: Hi Alexander,
Some of the product restrict the BSD-4-Clause usage and our goal is to completely \
remove the BSD-4-Clause license from the openssh. As kirkstone is LTS branch, version \
upgrade would not be possible and so we send the patch by backporting and testing for \
kirkstone.
For master branch, I hope next release will solve the problem as that commit from \
openssh would be there. So please suggest in which way you want to fix the master \
branch.
But for kirkstone, I would like to take the backported patch.
Thanks,
Best Regards,
Ranjitsinh Rathod
Technical Leader | | KPIT Technologies Ltd.
Cellphone: +91-84606 92403
__________________________________________
KPIT<http://www.kpit.com/> | Follow us on LinkedIn<http://www.kpit.com/linkedin>
[cid:18870ff9cbb5d7fd5b92]<https://www.kpit.com/TheNewBrand>
________________________________
From: Alexander Kanavin <alex.kanavin@gmail.com<mailto:alex.kanavin@gmail.com>>
Sent: Wednesday, May 31, 2023 2:13 PM
To: Ranjitsinh Rathod <Ranjitsinh.Rathod@kpit.com<mailto:Ranjitsinh.Rathod@kpit.com>>
Cc: Riyaz Ahmed Khan <rak3033@gmail.com<mailto:rak3033@gmail.com>>; \
openembedded-core@lists.openembedded.org<mailto:openembedded-core@lists.openembedded.org> \
<openembedded-core@lists.openembedded.org<mailto:openembedded-core@lists.openembedded.org>>; \
Steve Sakoman <steve@sakoman.com<mailto:steve@sakoman.com>>; Riyaz Ahmed Khan \
<Riyaz.Khan@kpit.com<mailto:Riyaz.Khan@kpit.com>>
Subject: Re: [OE-core][kirkstone][PATCH v3] openssh: Remove BSD-4-clause contents \
completely from codebase
Caution: This email originated from outside of the KPIT. Do not click links or open \
attachments unless you recognize the sender and know the content is safe. Hello all,
Perhaps it would be easier to adjust the LICENSE entry in the openssh recipe for all \
affected oe-core branches, with appropriate comment next to that entry (because it \
would have to be again adjusted once new openssh is released)? Is your goal to avoid \
the license, or simply to ensure it is correctly specified?
Alex
On Wed, 31 May 2023 at 10:36, Ranjitsinh Rathod \
<Ranjitsinh.Rathod@kpit.com<mailto:Ranjitsinh.Rathod@kpit.com>> wrote: Hi Alexander,
Let me explain a bit more here.
Below upstream commit removed BSD-4-Clause from the LICENSE variable, But actually if \
we check from the source code of the openssh for this version (8.9p1), there are some \
files (openbsd-compat/libressl-api-compat.c) still affected and so this is wrong as \
per me.
Link: https://git.yoctoproject.org/poky/commit/?id=2c86f586d55d0f6b99053e3e4d14c9ee36fa8aa8
~/sources/openssh-portable$ git branch
* (HEAD detached at V_8_9_P1)
master
~/sources/openssh-portable$ grep -rl "All advertising materials mentioning features \
or use of this software" *|grep -v \.1|grep -v \.5|grep -v \.8 | sort \
openbsd-compat/libressl-api-compat.c When we checked in the master branch, it seems \
the below commit from the openssh is removing it and so to completely remove the \
BSD-4-Clause, below commit from the openssh is required. Openssh commit: \
https://github.com/openssh/openssh-portable/commit/7280401bdd77ca54be6867a154cc01e0d72612e0
We can upstream this to both kirkstone as well as master branch. Please suggest. As \
the version is different in both the branches, same change would get not apply on \
both and so we need to send two different patches each for master and kirkstone.
So currently the v3 patch for kirkstone is correct and can be applied and for the \
master branch we can send another patch.
Thanks,
Best Regards,
Ranjitsinh Rathod
Technical Leader | | KPIT Technologies Ltd.
Cellphone: +91-84606 92403
__________________________________________
KPIT<http://www.kpit.com/> | Follow us on LinkedIn<http://www.kpit.com/linkedin>
[cid:18870ff9cba4d4ea0eb1]<https://www.kpit.com/TheNewBrand>
________________________________
From: Alexander Kanavin <alex.kanavin@gmail.com<mailto:alex.kanavin@gmail.com>>
Sent: Wednesday, May 31, 2023 12:11 PM
To: Riyaz Ahmed Khan <Riyaz.Khan@kpit.com<mailto:Riyaz.Khan@kpit.com>>
Cc: Riyaz Ahmed Khan <rak3033@gmail.com<mailto:rak3033@gmail.com>>; \
openembedded-core@lists.openembedded.org<mailto:openembedded-core@lists.openembedded.org> \
<openembedded-core@lists.openembedded.org<mailto:openembedded-core@lists.openembedded.org>>; \
Ranjitsinh Rathod <Ranjitsinh.Rathod@kpit.com<mailto:Ranjitsinh.Rathod@kpit.com>>; \
Steve Sakoman <steve@sakoman.com<mailto:steve@sakoman.com>>
Subject: Re: [OE-core][kirkstone][PATCH v3] openssh: Remove BSD-4-clause contents \
completely from codebase
Caution: This email originated from outside of the KPIT. Do not click links or open \
attachments unless you recognize the sender and know the content is safe.
That is not how it works. If the issue exists in both master and
kirkstone (which it does), it must be resolved in master first. Also
'resolves BSD-5 clause license issue' does not explain what the issue
is, and you need to provide a better explanation.
Alex
On Wed, 31 May 2023 at 07:49, Riyaz Ahmed Khan \
<Riyaz.Khan@kpit.com<mailto:Riyaz.Khan@kpit.com>> wrote:
>
> Hi Alex,
>
> As openssh is pointing to LTS branch in kirkstone and openssh is still at 8.9 the \
> usage of BSD-4 can be limited. Hence, we need this patch to be integrated in \
> kirkstone to resolve BSD-5 clause license issue for that the reason this patch has \
> been created to backport and remove the BSD-4 clause license. In the master branch \
> it is closer to the latest version and can wait for the official openssh release, \
> but I hope there will not be a release to kirkstone from master for this reason we \
> created this patch.
> Hi Steve,
>
> Please take this patch for kirkstone as it will resolve BSD-5 clause license issue.
>
> Regards,
> Riyaz
>
> ________________________________
> From: Alexander Kanavin <alex.kanavin@gmail.com<mailto:alex.kanavin@gmail.com>>
> Sent: Tuesday, May 30, 2023 13:38
> To: Riyaz Ahmed Khan <rak3033@gmail.com<mailto:rak3033@gmail.com>>
> Cc: openembedded-core@lists.openembedded.org<mailto:openembedded-core@lists.openembedded.org> \
> <openembedded-core@lists.openembedded.org<mailto:openembedded-core@lists.openembedded.org>>; \
> Ranjitsinh Rathod <Ranjitsinh.Rathod@kpit.com<mailto:Ranjitsinh.Rathod@kpit.com>>; \
> Riyaz Ahmed Khan <Riyaz.Khan@kpit.com<mailto:Riyaz.Khan@kpit.com>>
> Subject: Re: [OE-core][kirkstone][PATCH v3] openssh: Remove BSD-4-clause contents \
> completely from codebase
> Caution: This email originated from outside of the KPIT. Do not click links or open \
> attachments unless you recognize the sender and know the content is safe.
> What is the rationale for adding this patch to oe-core? Why can't this
> wait until openssh releases a version with this change?
>
> Alex
>
> On Tue, 30 May 2023 at 09:08, Riyaz Ahmed Khan \
> <rak3033@gmail.com<mailto:rak3033@gmail.com>> wrote:
> >
> > As upstream removed this BSD-4-clause license, there are still some files
> > has this license. Below file affected by this BSD-4-clause contents when
> > below command is executed
> > grep -rl "All advertising materials mentioning features or use of this software"
> > *|grep -v \.1|grep -v \.5|grep -v \.8 | sort openbsd-compat/libressl-api-compat.c
> >
> > All advertising materials mentioning features or use of this software
> >
> > Openssh upstream removes the bsd-4 license compeletely from this commit
> > https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fope \
> > nssh%2Fopenssh-portable%2Fcommit%2F7280401bdd77ca54be6867a154cc01e0d72612e0&data=0 \
> > 5%7C01%7CRanjitsinh.Rathod%40kpit.com%7Cd788d3aa157742dfacb008db61a20d08%7C3539451 \
> > eb46e4a26a242ff61502855c7%7C0%7C0%7C638211120911246208%7CUnknown%7CTWFpbGZsb3d8eyJ \
> > WIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sd \
> > ata=AiOVMsuUKtG5WkExJNwIVaM9rqrHXXMg0c8WziS9yHQ%3D&reserved=0<https://github.com/openssh/openssh-portable/commit/7280401bdd77ca54be6867a154cc01e0d72612e0>
> > Hence, Remove and backport this commit completely to remove license of \
> > BSD-4-clause contents from codebase. Hunks are refreshed, removed couple of hunks \
> > from configure.ac<http://configure.ac/> and openbsd-compat/libressl-api-compat.c \
> > as hunk code is not prasent.
> >
> > Signed-off-by: Riyaz Khan <Riyaz.Khan@kpit.com<mailto:Riyaz.Khan@kpit.com>>
> > ---
> > ...401bdd77ca54be6867a154cc01e0d72612e0.patch | 984 ++++++++++++++++++
> > .../openssh/openssh_8.9p1.bb<http://openssh_8.9p1.bb/> | 1 +
> > 2 files changed, 985 insertions(+)
> > create mode 100644 \
> > meta/recipes-connectivity/openssh/openssh/7280401bdd77ca54be6867a154cc01e0d72612e0.patch
> >
> > diff --git a/meta/recipes-connectivity/openssh/openssh/7280401bdd77ca54be6867a154cc01e0d72612e0.patch \
> > b/meta/recipes-connectivity/openssh/openssh/7280401bdd77ca54be6867a154cc01e0d72612e0.patch
> > new file mode 100644
> > index 0000000000..ebdff1ffe4
> > --- /dev/null
> > +++ b/meta/recipes-connectivity/openssh/openssh/7280401bdd77ca54be6867a154cc01e0d72612e0.patch
> > @@ -0,0 +1,984 @@
> > +From 7280401bdd77ca54be6867a154cc01e0d72612e0 Mon Sep 17 00:00:00 2001
> > +From: Damien Miller <djm@mindrot.org<mailto:djm@mindrot.org>>
> > +Date: Fri, 24 Mar 2023 13:56:25 +1100
> > +Subject: [PATCH] remove support for old libcrypto
> > +
> > +OpenSSH now requires LibreSSL 3.1.0 or greater or
> > +OpenSSL 1.1.1 or greater
> > +
> > +with/ok dtucker@
> > +
> > +Upstream-Status: Backport \
> > [https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fop \
> > enssh%2Fopenssh-portable%2Fcommit%2F7280401bdd77ca54be6867a154cc01e0d72612e0&data= \
> > 05%7C01%7CRanjitsinh.Rathod%40kpit.com%7Cd788d3aa157742dfacb008db61a20d08%7C353945 \
> > 1eb46e4a26a242ff61502855c7%7C0%7C0%7C638211120911246208%7CUnknown%7CTWFpbGZsb3d8ey \
> > JWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&s \
> > data=AiOVMsuUKtG5WkExJNwIVaM9rqrHXXMg0c8WziS9yHQ%3D&reserved=0<https://github.com/openssh/openssh-portable/commit/7280401bdd77ca54be6867a154cc01e0d72612e0>]
> > +Comment: Hunk are refreshed, removed couple of hunks from \
> > configure.ac<http://configure.ac/> as hunk code is not prasent +and backported to \
> > the existing code. +Signed-off-by: Riyaz Khan \
> > <Riyaz.Khan@kpit.com<mailto:Riyaz.Khan@kpit.com>> +
> > +---
> > + .github/workflows/c-cpp.yml | 7 -
> > + INSTALL | 8 +-
> > + cipher-aes.c | 2 +-
> > + configure.ac<http://configure.ac/> | 96 ++---
> > + openbsd-compat/libressl-api-compat.c | 556 +--------------------------
> > + openbsd-compat/openssl-compat.h | 151 +-------
> > + 6 files changed, 40 insertions(+), 780 deletions(-)
> > +
> > +diff --git a/.github/workflows/c-cpp.yml b/.github/workflows/c-cpp.yml
> > +index 3d9aa22dba5..d299a32468d 100644
> > +--- a/.github/workflows/c-cpp.yml
> > ++++ b/.github/workflows/c-cpp.yml
> > +@@ -40,18 +40,11 @@
> > + - { os: ubuntu-20.04, configs: tcmalloc }
> > + - { os: ubuntu-20.04, configs: musl }
> > + - { os: ubuntu-latest, configs: libressl-master }
> > +- - { os: ubuntu-latest, configs: libressl-2.2.9 }
> > +- - { os: ubuntu-latest, configs: libressl-2.8.3 }
> > +- - { os: ubuntu-latest, configs: libressl-3.0.2 }
> > + - { os: ubuntu-latest, configs: libressl-3.2.6 }
> > + - { os: ubuntu-latest, configs: libressl-3.3.4 }
> > + - { os: ubuntu-latest, configs: libressl-3.4.1 }
> > + - { os: ubuntu-latest, configs: openssl-master }
> > + - { os: ubuntu-latest, configs: openssl-noec }
> > +- - { os: ubuntu-latest, configs: openssl-1.0.1 }
> > +- - { os: ubuntu-latest, configs: openssl-1.0.1u }
> > +- - { os: ubuntu-latest, configs: openssl-1.0.2u }
> > +- - { os: ubuntu-latest, configs: openssl-1.1.0h }
> > + - { os: ubuntu-latest, configs: openssl-1.1.1 }
> > + - { os: ubuntu-latest, configs: openssl-1.1.1k }
> > + - { os: ubuntu-latest, configs: openssl-3.0.0 }
> > +diff --git a/INSTALL b/INSTALL
> > +index 68b15e13190..f99d1e2a809 100644
> > +--- a/INSTALL
> > ++++ b/INSTALL
> > +@@ -21,12 +21,8 @@ \
> > https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fzlib.net%2F&data \
> > =05%7C01%7CRanjitsinh.Rathod%40kpit.com%7Cd788d3aa157742dfacb008db61a20d08%7C35394 \
> > 51eb46e4a26a242ff61502855c7%7C0%7C0%7C638211120911246208%7CUnknown%7CTWFpbGZsb3d8e \
> > yJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C& \
> > sdata=gazTCzbsb8yEsXaj1Vn9FGK6t4V1Fop5t8tPb%2BWqUns%3D&reserved=0<https://zlib.net/>
> > +
> > + libcrypto from either of LibreSSL or OpenSSL. Building without libcrypto
> > + is supported but severely restricts the available ciphers and algorithms.
> > +- - LibreSSL (https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fw \
> > ww.libressl.org%2F&data=05%7C01%7CRanjitsinh.Rathod%40kpit.com%7Cd788d3aa157742dfa \
> > cb008db61a20d08%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C638211120911246208%7C \
> > Unknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6 \
> > Mn0%3D%7C3000%7C%7C%7C&sdata=Cmw7m41lEsAw3CFeFKL1R8u%2Bbu%2FWslzOq%2BhS%2FEkXohg%3D&reserved=0<https://www.libressl.org/>)
> > +- - OpenSSL (https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fw \
> > ww.openssl.org%2F&data=05%7C01%7CRanjitsinh.Rathod%40kpit.com%7Cd788d3aa157742dfac \
> > b008db61a20d08%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C638211120911246208%7CU \
> > nknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6M \
> > n0%3D%7C3000%7C%7C%7C&sdata=JIzbanv8OPCrZyGkB%2B%2BqyNgDfk72Qy2BmB9LAIS%2FTKk%3D&reserved=0<https://www.openssl.org/>) \
> > with any of the following versions: +- - 1.0.x >= 1.0.1 or 1.1.0 >= 1.1.0g or \
> > any 1.1.1 +-
> > +-Note that due to a bug in EVP_CipherInit OpenSSL 1.1 versions prior to
> > +-1.1.0g can't be used.
> > ++ - LibreSSL (https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fw \
> > ww.libressl.org%2F&data=05%7C01%7CRanjitsinh.Rathod%40kpit.com%7Cd788d3aa157742dfa \
> > cb008db61a20d08%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C638211120911246208%7C \
> > Unknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6 \
> > Mn0%3D%7C3000%7C%7C%7C&sdata=Cmw7m41lEsAw3CFeFKL1R8u%2Bbu%2FWslzOq%2BhS%2FEkXohg%3D&reserved=0<https://www.libressl.org/>) \
> > 3.1.0 or greater ++ - OpenSSL \
> > (https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.openssl.org \
> > %2F&data=05%7C01%7CRanjitsinh.Rathod%40kpit.com%7Cd788d3aa157742dfacb008db61a20d08 \
> > %7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C638211120911246208%7CUnknown%7CTWFpb \
> > GZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7 \
> > C%7C%7C&sdata=JIzbanv8OPCrZyGkB%2B%2BqyNgDfk72Qy2BmB9LAIS%2FTKk%3D&reserved=0<https://www.openssl.org/>) \
> > 1.1.1 or greater +
> > + LibreSSL/OpenSSL should be compiled as a position-independent library
> > + (i.e. -fPIC, eg by configuring OpenSSL as "./config [options] -fPIC"
> > +diff --git a/cipher-aes.c b/cipher-aes.c
> > +index 8b101727284..87c763353d8 100644
> > +--- a/cipher-aes.c
> > ++++ b/cipher-aes.c
> > +@@ -69,7 +69,7 @@ ssh_rijndael_init(EVP_CIPHER_CTX *ctx, const u_char *key, \
> > const u_char *iv, +
> > + static int
> > + ssh_rijndael_cbc(EVP_CIPHER_CTX *ctx, u_char *dest, const u_char *src,
> > +- LIBCRYPTO_EVP_INL_TYPE len)
> > ++ size_t len)
> > + {
> > + struct ssh_rijndael_ctx *c;
> > + u_char buf[RIJNDAEL_BLOCKSIZE];
> > +diff --git a/configure.ac<http://configure.ac/> \
> > b/configure.ac<http://configure.ac/> +index 22fee70f604..1c0ccdf19c5 100644
> > +--- a/configure.ac<http://configure.ac/>
> > ++++ b/configure.ac<http://configure.ac/>
> > +@@ -2744,42 +2744,40 @@
> > + #include <openssl/crypto.h>
> > + #define DATA "conftest.ssllibver"
> > + ]], [[
> > +- FILE *fd;
> > +- int rc;
> > ++ FILE *f;
> > +
> > +- fd = fopen(DATA,"w");
> > +- if(fd == NULL)
> > ++ if ((f = fopen(DATA, "w")) == NULL)
> > + exit(1);
> > +-#ifndef OPENSSL_VERSION
> > +-# define OPENSSL_VERSION SSLEAY_VERSION
> > +-#endif
> > +-#ifndef HAVE_OPENSSL_VERSION
> > +-# define OpenSSL_version SSLeay_version
> > +-#endif
> > +-#ifndef HAVE_OPENSSL_VERSION_NUM
> > +-# define OpenSSL_version_num SSLeay
> > +-#endif
> > +- if ((rc = fprintf(fd, "%08lx (%s)\n",
> > ++ if (fprintf(f, "%08lx (%s)",
> > + (unsigned long)OpenSSL_version_num(),
> > +- OpenSSL_version(OPENSSL_VERSION))) < 0)
> > ++ OpenSSL_version(OPENSSL_VERSION)) < 0)
> > ++ exit(1);
> > ++#ifdef LIBRESSL_VERSION_NUMBER
> > ++ if (fprintf(f, " libressl-%08lx", LIBRESSL_VERSION_NUMBER) < 0)
> > ++ exit(1);
> > ++#endif
> > ++ if (fputc('\n', f) == EOF || fclose(f) == EOF)
> > + exit(1);
> > +-
> > + exit(0);
> > + ]])],
> > + [
> > +- ssl_library_ver=`cat conftest.ssllibver`
> > ++ sslver=`cat conftest.ssllibver`
> > ++ ssl_showver=`echo "$sslver" | sed 's/ libressl-.*//'`
> > + # Check version is supported.
> > +- case "$ssl_library_ver" in
> > +- 10000*|0*)
> > +- AC_MSG_ERROR([OpenSSL >= 1.0.1 required (have \
> > "$ssl_library_ver")]) +- ;;
> > +- 100*) ;; # 1.0.x
> > +- 101000[[0123456]]*)
> > +- # \
> > https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fope \
> > nssl%2Fopenssl%2Fpull%2F4613&data=05%7C01%7CRanjitsinh.Rathod%40kpit.com%7Cd788d3a \
> > a157742dfacb008db61a20d08%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C63821112091 \
> > 1246208%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haW \
> > wiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=dJwZf4dbh%2FT3T5kfAA4%2FAXjZEhsAx5Rzay3Nq9Z0nK0%3D&reserved=0<https://github.com/openssl/openssl/pull/4613>
> > +- AC_MSG_ERROR([OpenSSL 1.1.x versions prior to \
> > 1.1.0g have a bug that breaks their use with OpenSSH (have "$ssl_library_ver")]) \
> > ++ case "$sslver" in ++ 100*|10100*) # \
> > 1.0.x, 1.1.0x ++ AC_MSG_ERROR([OpenSSL >= 1.1.1 \
> > required (have "$ssl_showver")]) + ;;
> > + 101*) ;; # 1.1.x
> > +- 200*) ;; # LibreSSL
> > ++ 200*) # LibreSSL
> > ++ lver=`echo "$sslver" | sed 's/.*libressl-//'`
> > ++ case "$lver" in
> > ++ 2*|300*) # 2.x, 3.0.0
> > ++ AC_MSG_ERROR([LibreSSL >= 3.1.0 required \
> > (have "$ssl_showver")]) ++ ;;
> > ++ *) ;; # Assume all other versions are good.
> > ++ esac
> > ++ ;;
> > + 300*) ;; # OpenSSL 3
> > + 301*) ;; # OpenSSL development branch.
> > + *)
> > +@@ -2781,10 +2781,10 @@
> > + 300*) ;; # OpenSSL 3
> > + 301*) ;; # OpenSSL development branch.
> > + *)
> > +- AC_MSG_ERROR([Unknown/unsupported OpenSSL version \
> > ("$ssl_library_ver")]) ++ \
> > AC_MSG_ERROR([Unknown/unsupported OpenSSL version ("$ssl_showver")]) + \
> > ;; + esac
> > +- AC_MSG_RESULT([$ssl_library_ver])
> > ++ AC_MSG_RESULT([$ssl_showver])
> > + ],
> > + [
> > + AC_MSG_RESULT([not found])
> > +@@ -2804,9 +2804,6 @@
> > + #include <openssl/opensslv.h>
> > + #include <openssl/crypto.h>
> > + ]], [[
> > +-#ifndef HAVE_OPENSSL_VERSION_NUM
> > +-# define OpenSSL_version_num SSLeay
> > +-#endif
> > + exit(OpenSSL_version_num() == OPENSSL_VERSION_NUMBER ? 0 : 1);
> > + ]])],
> > + [
> > +@@ -2881,44 +2878,13 @@
> > + )
> > + )
> > +
> > +- # LibreSSL/OpenSSL 1.1x API
> > ++ # LibreSSL/OpenSSL API differences
> > + AC_CHECK_FUNCS([ \
> > +- OPENSSL_init_crypto \
> > +- DH_get0_key \
> > +- DH_get0_pqg \
> > +- DH_set0_key \
> > +- DH_set_length \
> > +- DH_set0_pqg \
> > +- DSA_get0_key \
> > +- DSA_get0_pqg \
> > +- DSA_set0_key \
> > +- DSA_set0_pqg \
> > +- DSA_SIG_get0 \
> > +- DSA_SIG_set0 \
> > +- ECDSA_SIG_get0 \
> > +- ECDSA_SIG_set0 \
> > + EVP_CIPHER_CTX_iv \
> > + EVP_CIPHER_CTX_iv_noconst \
> > + EVP_CIPHER_CTX_get_iv \
> > + EVP_CIPHER_CTX_get_updated_iv \
> > + EVP_CIPHER_CTX_set_iv \
> > +- RSA_get0_crt_params \
> > +- RSA_get0_factors \
> > +- RSA_get0_key \
> > +- RSA_set0_crt_params \
> > +- RSA_set0_factors \
> > +- RSA_set0_key \
> > +- RSA_meth_free \
> > +- RSA_meth_dup \
> > +- RSA_meth_set1_name \
> > +- RSA_meth_get_finish \
> > +- RSA_meth_set_priv_enc \
> > +- RSA_meth_set_priv_dec \
> > +- RSA_meth_set_finish \
> > +- EVP_PKEY_get0_RSA \
> > +- EVP_MD_CTX_new \
> > +- EVP_MD_CTX_free \
> > +- EVP_chacha20 \
> > + ])
> > +
> > + if test "x$openssl_engine" = "xyes" ; then
> > +@@ -3040,8 +3006,8 @@
> > + fi
> > + AC_CHECK_FUNCS([crypt DES_crypt])
> > +
> > +- # Check for SHA256, SHA384 and SHA512 support in OpenSSL
> > +- AC_CHECK_FUNCS([EVP_sha256 EVP_sha384 EVP_sha512])
> > ++ # Check for various EVP support in OpenSSL
> > ++ AC_CHECK_FUNCS([EVP_sha256 EVP_sha384 EVP_sha512 EVP_chacha20])
> > +
> > + # Check complete ECC support in OpenSSL
> > + AC_MSG_CHECKING([whether OpenSSL has NID_X9_62_prime256v1])
> > +diff --git a/openbsd-compat/libressl-api-compat.c \
> > b/openbsd-compat/libressl-api-compat.c +index 498180dc894..59be17397c5 100644
> > +--- a/openbsd-compat/libressl-api-compat.c
> > ++++ b/openbsd-compat/libressl-api-compat.c
> > +@@ -1,129 +1,5 @@
> > +-/* $OpenBSD: dsa_lib.c,v 1.29 2018/04/14 07:09:21 tb Exp $ */
> > +-/* $OpenBSD: rsa_lib.c,v 1.37 2018/04/14 07:09:21 tb Exp $ */
> > +-/* $OpenBSD: evp_lib.c,v 1.17 2018/09/12 06:35:38 djm Exp $ */
> > +-/* $OpenBSD: dh_lib.c,v 1.32 2018/05/02 15:48:38 tb Exp $ */
> > +-/* $OpenBSD: p_lib.c,v 1.24 2018/05/30 15:40:50 tb Exp $ */
> > +-/* $OpenBSD: digest.c,v 1.30 2018/04/14 07:09:21 tb Exp $ */
> > +-/* Copyright (C) 1995-1998 Eric Young \
> > (eay@cryptsoft.com<mailto:eay@cryptsoft.com>) +- * All rights reserved.
> > +- *
> > +- * This package is an SSL implementation written
> > +- * by Eric Young (eay@cryptsoft.com<mailto:eay@cryptsoft.com>).
> > +- * The implementation was written so as to conform with Netscapes SSL.
> > +- *
> > +- * This library is free for commercial and non-commercial use as long as
> > +- * the following conditions are aheared to. The following conditions
> > +- * apply to all code found in this distribution, be it the RC4, RSA,
> > +- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
> > +- * included with this distribution is covered by the same copyright terms
> > +- * except that the holder is Tim Hudson \
> > (tjh@cryptsoft.com<mailto:tjh@cryptsoft.com>). +- *
> > +- * Copyright remains Eric Young's, and as such any Copyright notices in
> > +- * the code are not to be removed.
> > +- * If this package is used in a product, Eric Young should be given attribution
> > +- * as the author of the parts of the library used.
> > +- * This can be in the form of a textual message at program startup or
> > +- * in documentation (online or textual) provided with the package.
> > +- *
> > +- * Redistribution and use in source and binary forms, with or without
> > +- * modification, are permitted provided that the following conditions
> > +- * are met:
> > +- * 1. Redistributions of source code must retain the copyright
> > +- * notice, this list of conditions and the following disclaimer.
> > +- * 2. Redistributions in binary form must reproduce the above copyright
> > +- * notice, this list of conditions and the following disclaimer in the
> > +- * documentation and/or other materials provided with the distribution.
> > +- * 3. All advertising materials mentioning features or use of this software
> > +- * must display the following acknowledgement:
> > +- * "This product includes cryptographic software written by
> > +- * Eric Young (eay@cryptsoft.com<mailto:eay@cryptsoft.com>)"
> > +- * The word 'cryptographic' can be left out if the rouines from the library
> > +- * being used are not cryptographic related :-).
> > +- * 4. If you include any Windows specific code (or a derivative thereof) from
> > +- * the apps directory (application code) you must include an \
> > acknowledgement: +- * "This product includes software written by Tim Hudson \
> > (tjh@cryptsoft.com<mailto:tjh@cryptsoft.com>)" +- *
> > +- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
> > +- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
> > +- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
> > +- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
> > +- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
> > +- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
> > +- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
> > +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
> > +- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
> > +- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
> > +- * SUCH DAMAGE.
> > +- *
> > +- * The licence and distribution terms for any publically available version or
> > +- * derivative of this code cannot be changed. i.e. this code cannot simply be
> > +- * copied and put under another distribution licence
> > +- * [including the GNU Public Licence.]
> > +- */
> > +-
> > +-/* $OpenBSD: dsa_asn1.c,v 1.22 2018/06/14 17:03:19 jsing Exp $ */
> > +-/* $OpenBSD: ecs_asn1.c,v 1.9 2018/03/17 15:24:44 tb Exp $ */
> > +-/* $OpenBSD: digest.c,v 1.30 2018/04/14 07:09:21 tb Exp $ */
> > +-/* Written by Dr Stephen N Henson (steve@openssl.org<mailto:steve@openssl.org>) \
> > for the OpenSSL +- * project 2000.
> > +- */
> > +-/* ====================================================================
> > +- * Copyright (c) 2000-2005 The OpenSSL Project. All rights reserved.
> > +- *
> > +- * Redistribution and use in source and binary forms, with or without
> > +- * modification, are permitted provided that the following conditions
> > +- * are met:
> > +- *
> > +- * 1. Redistributions of source code must retain the above copyright
> > +- * notice, this list of conditions and the following disclaimer.
> > +- *
> > +- * 2. Redistributions in binary form must reproduce the above copyright
> > +- * notice, this list of conditions and the following disclaimer in
> > +- * the documentation and/or other materials provided with the
> > +- * distribution.
> > +- *
> > +- * 3. All advertising materials mentioning features or use of this
> > +- * software must display the following acknowledgment:
> > +- * "This product includes software developed by the OpenSSL Project
> > +- * for use in the OpenSSL Toolkit. \
> > (https://apc01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.openssl.org% \
> > 2F&data=05%7C01%7CRanjitsinh.Rathod%40kpit.com%7Cd788d3aa157742dfacb008db61a20d08% \
> > 7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C638211120911246208%7CUnknown%7CTWFpbG \
> > Zsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C \
> > %7C%7C&sdata=xcpid%2F25wbVMoxg4ok8qGpgBjiL8jXkZN5bX4hSS2wc%3D&reserved=0<http://www.openssl.org/>)"
> > +- *
> > +- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
> > +- * endorse or promote products derived from this software without
> > +- * prior written permission. For written permission, please contact
> > +- * licensing@OpenSSL.org.
> > +- *
> > +- * 5. Products derived from this software may not be called "OpenSSL"
> > +- * nor may "OpenSSL" appear in their names without prior written
> > +- * permission of the OpenSSL Project.
> > +- *
> > +- * 6. Redistributions of any form whatsoever must retain the following
> > +- * acknowledgment:
> > +- * "This product includes software developed by the OpenSSL Project
> > +- * for use in the OpenSSL Toolkit \
> > (https://apc01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.openssl.org% \
> > 2F&data=05%7C01%7CRanjitsinh.Rathod%40kpit.com%7Cd788d3aa157742dfacb008db61a20d08% \
> > 7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C638211120911246208%7CUnknown%7CTWFpbG \
> > Zsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C \
> > %7C%7C&sdata=xcpid%2F25wbVMoxg4ok8qGpgBjiL8jXkZN5bX4hSS2wc%3D&reserved=0<http://www.openssl.org/>)"
> > +- *
> > +- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
> > +- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
> > +- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
> > +- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
> > +- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
> > +- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
> > +- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
> > +- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
> > +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
> > +- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
> > +- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
> > +- * OF THE POSSIBILITY OF SUCH DAMAGE.
> > +- * ====================================================================
> > +- *
> > +- * This product includes cryptographic software written by Eric Young
> > +- * (eay@cryptsoft.com<mailto:eay@cryptsoft.com>). This product includes \
> > software written by Tim +- * Hudson \
> > (tjh@cryptsoft.com<mailto:tjh@cryptsoft.com>). +- *
> > +- */
> > +-
> > +-/* $OpenBSD: rsa_meth.c,v 1.2 2018/09/12 06:35:38 djm Exp $ */
> > + /*
> > +- * Copyright (c) 2018 Theo Buehler <tb@openbsd.org<mailto:tb@openbsd.org>>
> > ++ * Copyright (c) 2018 Damien Miller <djm@mindrot.org<mailto:djm@mindrot.org>>
> > + *
> > + * Permission to use, copy, modify, and distribute this software for any
> > + * purpose with or without fee is hereby granted, provided that the above
> > +@@ -147,192 +23,7 @@
> > + #include <stdlib.h>
> > + #include <string.h>
> > +
> > +-#include <openssl/err.h>
> > +-#include <openssl/bn.h>
> > +-#include <openssl/dsa.h>
> > +-#include <openssl/rsa.h>
> > + #include <openssl/evp.h>
> > +-#ifdef OPENSSL_HAS_ECC
> > +-#include <openssl/ecdsa.h>
> > +-#endif
> > +-#include <openssl/dh.h>
> > +-
> > +-#ifndef HAVE_DSA_GET0_PQG
> > +-void
> > +-DSA_get0_pqg(const DSA *d, const BIGNUM **p, const BIGNUM **q, const BIGNUM \
> > **g) +-{
> > +- if (p != NULL)
> > +- *p = d->p;
> > +- if (q != NULL)
> > +- *q = d->q;
> > +- if (g != NULL)
> > +- *g = d->g;
> > +-}
> > +-#endif /* HAVE_DSA_GET0_PQG */
> > +-
> > +-#ifndef HAVE_DSA_SET0_PQG
> > +-int
> > +-DSA_set0_pqg(DSA *d, BIGNUM *p, BIGNUM *q, BIGNUM *g)
> > +-{
> > +- if ((d->p == NULL && p == NULL) || (d->q == NULL && q == NULL) ||
> > +- (d->g == NULL && g == NULL))
> > +- return 0;
> > +-
> > +- if (p != NULL) {
> > +- BN_free(d->p);
> > +- d->p = p;
> > +- }
> > +- if (q != NULL) {
> > +- BN_free(d->q);
> > +- d->q = q;
> > +- }
> > +- if (g != NULL) {
> > +- BN_free(d->g);
> > +- d->g = g;
> > +- }
> > +-
> > +- return 1;
> > +-}
> > +-#endif /* HAVE_DSA_SET0_PQG */
> > +-
> > +-#ifndef HAVE_DSA_GET0_KEY
> > +-void
> > +-DSA_get0_key(const DSA *d, const BIGNUM **pub_key, const BIGNUM **priv_key)
> > +-{
> > +- if (pub_key != NULL)
> > +- *pub_key = d->pub_key;
> > +- if (priv_key != NULL)
> > +- *priv_key = d->priv_key;
> > +-}
> > +-#endif /* HAVE_DSA_GET0_KEY */
> > +-
> > +-#ifndef HAVE_DSA_SET0_KEY
> > +-int
> > +-DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key)
> > +-{
> > +- if (d->pub_key == NULL && pub_key == NULL)
> > +- return 0;
> > +-
> > +- if (pub_key != NULL) {
> > +- BN_free(d->pub_key);
> > +- d->pub_key = pub_key;
> > +- }
> > +- if (priv_key != NULL) {
> > +- BN_free(d->priv_key);
> > +- d->priv_key = priv_key;
> > +- }
> > +-
> > +- return 1;
> > +-}
> > +-#endif /* HAVE_DSA_SET0_KEY */
> > +-
> > +-#ifndef HAVE_RSA_GET0_KEY
> > +-void
> > +-RSA_get0_key(const RSA *r, const BIGNUM **n, const BIGNUM **e, const BIGNUM \
> > **d) +-{
> > +- if (n != NULL)
> > +- *n = r->n;
> > +- if (e != NULL)
> > +- *e = r->e;
> > +- if (d != NULL)
> > +- *d = r->d;
> > +-}
> > +-#endif /* HAVE_RSA_GET0_KEY */
> > +-
> > +-#ifndef HAVE_RSA_SET0_KEY
> > +-int
> > +-RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d)
> > +-{
> > +- if ((r->n == NULL && n == NULL) || (r->e == NULL && e == NULL))
> > +- return 0;
> > +-
> > +- if (n != NULL) {
> > +- BN_free(r->n);
> > +- r->n = n;
> > +- }
> > +- if (e != NULL) {
> > +- BN_free(r->e);
> > +- r->e = e;
> > +- }
> > +- if (d != NULL) {
> > +- BN_free(r->d);
> > +- r->d = d;
> > +- }
> > +-
> > +- return 1;
> > +-}
> > +-#endif /* HAVE_RSA_SET0_KEY */
> > +-
> > +-#ifndef HAVE_RSA_GET0_CRT_PARAMS
> > +-void
> > +-RSA_get0_crt_params(const RSA *r, const BIGNUM **dmp1, const BIGNUM **dmq1,
> > +- const BIGNUM **iqmp)
> > +-{
> > +- if (dmp1 != NULL)
> > +- *dmp1 = r->dmp1;
> > +- if (dmq1 != NULL)
> > +- *dmq1 = r->dmq1;
> > +- if (iqmp != NULL)
> > +- *iqmp = r->iqmp;
> > +-}
> > +-#endif /* HAVE_RSA_GET0_CRT_PARAMS */
> > +-
> > +-#ifndef HAVE_RSA_SET0_CRT_PARAMS
> > +-int
> > +-RSA_set0_crt_params(RSA *r, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp)
> > +-{
> > +- if ((r->dmp1 == NULL && dmp1 == NULL) ||
> > +- (r->dmq1 == NULL && dmq1 == NULL) ||
> > +- (r->iqmp == NULL && iqmp == NULL))
> > +- return 0;
> > +-
> > +- if (dmp1 != NULL) {
> > +- BN_free(r->dmp1);
> > +- r->dmp1 = dmp1;
> > +- }
> > +- if (dmq1 != NULL) {
> > +- BN_free(r->dmq1);
> > +- r->dmq1 = dmq1;
> > +- }
> > +- if (iqmp != NULL) {
> > +- BN_free(r->iqmp);
> > +- r->iqmp = iqmp;
> > +- }
> > +-
> > +- return 1;
> > +-}
> > +-#endif /* HAVE_RSA_SET0_CRT_PARAMS */
> > +-
> > +-#ifndef HAVE_RSA_GET0_FACTORS
> > +-void
> > +-RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q)
> > +-{
> > +- if (p != NULL)
> > +- *p = r->p;
> > +- if (q != NULL)
> > +- *q = r->q;
> > +-}
> > +-#endif /* HAVE_RSA_GET0_FACTORS */
> > +-
> > +-#ifndef HAVE_RSA_SET0_FACTORS
> > +-int
> > +-RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q)
> > +-{
> > +- if ((r->p == NULL && p == NULL) || (r->q == NULL && q == NULL))
> > +- return 0;
> > +-
> > +- if (p != NULL) {
> > +- BN_free(r->p);
> > +- r->p = p;
> > +- }
> > +- if (q != NULL) {
> > +- BN_free(r->q);
> > +- r->q = q;
> > +- }
> > +-
> > +- return 1;
> > +-}
> > +-#endif /* HAVE_RSA_SET0_FACTORS */
> > +
> > + #ifndef HAVE_EVP_CIPHER_CTX_GET_IV
> > + int
> > +@@ -392,249 +83,4 @@ EVP_CIPHER_CTX_set_iv(EVP_CIPHER_CTX *ctx, const unsigned \
> > char *iv, size_t len) + }
> > + #endif /* HAVE_EVP_CIPHER_CTX_SET_IV */
> > +
> > +-#ifndef HAVE_DSA_SIG_GET0
> > +-void
> > +-DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps)
> > +-{
> > +- if (pr != NULL)
> > +- *pr = sig->r;
> > +- if (ps != NULL)
> > +- *ps = sig->s;
> > +-}
> > +-#endif /* HAVE_DSA_SIG_GET0 */
> > +-
> > +-#ifndef HAVE_DSA_SIG_SET0
> > +-int
> > +-DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s)
> > +-{
> > +- if (r == NULL || s == NULL)
> > +- return 0;
> > +-
> > +- BN_clear_free(sig->r);
> > +- sig->r = r;
> > +- BN_clear_free(sig->s);
> > +- sig->s = s;
> > +-
> > +- return 1;
> > +-}
> > +-#endif /* HAVE_DSA_SIG_SET0 */
> > +-
> > +-#ifdef OPENSSL_HAS_ECC
> > +-#ifndef HAVE_ECDSA_SIG_GET0
> > +-void
> > +-ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps)
> > +-{
> > +- if (pr != NULL)
> > +- *pr = sig->r;
> > +- if (ps != NULL)
> > +- *ps = sig->s;
> > +-}
> > +-#endif /* HAVE_ECDSA_SIG_GET0 */
> > +-
> > +-#ifndef HAVE_ECDSA_SIG_SET0
> > +-int
> > +-ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s)
> > +-{
> > +- if (r == NULL || s == NULL)
> > +- return 0;
> > +-
> > +- BN_clear_free(sig->r);
> > +- BN_clear_free(sig->s);
> > +- sig->r = r;
> > +- sig->s = s;
> > +- return 1;
> > +-}
> > +-#endif /* HAVE_ECDSA_SIG_SET0 */
> > +-#endif /* OPENSSL_HAS_ECC */
> > +-
> > +-#ifndef HAVE_DH_GET0_PQG
> > +-void
> > +-DH_get0_pqg(const DH *dh, const BIGNUM **p, const BIGNUM **q, const BIGNUM **g)
> > +-{
> > +- if (p != NULL)
> > +- *p = dh->p;
> > +- if (q != NULL)
> > +- *q = dh->q;
> > +- if (g != NULL)
> > +- *g = dh->g;
> > +-}
> > +-#endif /* HAVE_DH_GET0_PQG */
> > +-
> > +-#ifndef HAVE_DH_SET0_PQG
> > +-int
> > +-DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g)
> > +-{
> > +- if ((dh->p == NULL && p == NULL) || (dh->g == NULL && g == NULL))
> > +- return 0;
> > +-
> > +- if (p != NULL) {
> > +- BN_free(dh->p);
> > +- dh->p = p;
> > +- }
> > +- if (q != NULL) {
> > +- BN_free(dh->q);
> > +- dh->q = q;
> > +- }
> > +- if (g != NULL) {
> > +- BN_free(dh->g);
> > +- dh->g = g;
> > +- }
> > +-
> > +- return 1;
> > +-}
> > +-#endif /* HAVE_DH_SET0_PQG */
> > +-
> > +-#ifndef HAVE_DH_GET0_KEY
> > +-void
> > +-DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key)
> > +-{
> > +- if (pub_key != NULL)
> > +- *pub_key = dh->pub_key;
> > +- if (priv_key != NULL)
> > +- *priv_key = dh->priv_key;
> > +-}
> > +-#endif /* HAVE_DH_GET0_KEY */
> > +-
> > +-#ifndef HAVE_DH_SET0_KEY
> > +-int
> > +-DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key)
> > +-{
> > +- if (pub_key != NULL) {
> > +- BN_free(dh->pub_key);
> > +- dh->pub_key = pub_key;
> > +- }
> > +- if (priv_key != NULL) {
> > +- BN_free(dh->priv_key);
> > +- dh->priv_key = priv_key;
> > +- }
> > +-
> > +- return 1;
> > +-}
> > +-#endif /* HAVE_DH_SET0_KEY */
> > +-
> > +-#ifndef HAVE_DH_SET_LENGTH
> > +-int
> > +-DH_set_length(DH *dh, long length)
> > +-{
> > +- if (length < 0 || length > INT_MAX)
> > +- return 0;
> > +-
> > +- dh->length = length;
> > +- return 1;
> > +-}
> > +-#endif /* HAVE_DH_SET_LENGTH */
> > +-
> > +-#ifndef HAVE_RSA_METH_FREE
> > +-void
> > +-RSA_meth_free(RSA_METHOD *meth)
> > +-{
> > +- if (meth != NULL) {
> > +- free((char *)meth->name);
> > +- free(meth);
> > +- }
> > +-}
> > +-#endif /* HAVE_RSA_METH_FREE */
> > +-
> > +-#ifndef HAVE_RSA_METH_DUP
> > +-RSA_METHOD *
> > +-RSA_meth_dup(const RSA_METHOD *meth)
> > +-{
> > +- RSA_METHOD *copy;
> > +-
> > +- if ((copy = calloc(1, sizeof(*copy))) == NULL)
> > +- return NULL;
> > +- memcpy(copy, meth, sizeof(*copy));
> > +- if ((copy->name = strdup(meth->name)) == NULL) {
> > +- free(copy);
> > +- return NULL;
> > +- }
> > +-
> > +- return copy;
> > +-}
> > +-#endif /* HAVE_RSA_METH_DUP */
> > +-
> > +-#ifndef HAVE_RSA_METH_SET1_NAME
> > +-int
> > +-RSA_meth_set1_name(RSA_METHOD *meth, const char *name)
> > +-{
> > +- char *copy;
> > +-
> > +- if ((copy = strdup(name)) == NULL)
> > +- return 0;
> > +- free((char *)meth->name);
> > +- meth->name = copy;
> > +- return 1;
> > +-}
> > +-#endif /* HAVE_RSA_METH_SET1_NAME */
> > +-
> > +-#ifndef HAVE_RSA_METH_GET_FINISH
> > +-int
> > +-(*RSA_meth_get_finish(const RSA_METHOD *meth))(RSA *rsa)
> > +-{
> > +- return meth->finish;
> > +-}
> > +-#endif /* HAVE_RSA_METH_GET_FINISH */
> > +-
> > +-#ifndef HAVE_RSA_METH_SET_PRIV_ENC
> > +-int
> > +-RSA_meth_set_priv_enc(RSA_METHOD *meth, int (*priv_enc)(int flen,
> > +- const unsigned char *from, unsigned char *to, RSA *rsa, int padding))
> > +-{
> > +- meth->rsa_priv_enc = priv_enc;
> > +- return 1;
> > +-}
> > +-#endif /* HAVE_RSA_METH_SET_PRIV_ENC */
> > +-
> > +-#ifndef HAVE_RSA_METH_SET_PRIV_DEC
> > +-int
> > +-RSA_meth_set_priv_dec(RSA_METHOD *meth, int (*priv_dec)(int flen,
> > +- const unsigned char *from, unsigned char *to, RSA *rsa, int padding))
> > +-{
> > +- meth->rsa_priv_dec = priv_dec;
> > +- return 1;
> > +-}
> > +-#endif /* HAVE_RSA_METH_SET_PRIV_DEC */
> > +-
> > +-#ifndef HAVE_RSA_METH_SET_FINISH
> > +-int
> > +-RSA_meth_set_finish(RSA_METHOD *meth, int (*finish)(RSA *rsa))
> > +-{
> > +- meth->finish = finish;
> > +- return 1;
> > +-}
> > +-#endif /* HAVE_RSA_METH_SET_FINISH */
> > +-
> > +-#ifndef HAVE_EVP_PKEY_GET0_RSA
> > +-RSA *
> > +-EVP_PKEY_get0_RSA(EVP_PKEY *pkey)
> > +-{
> > +- if (pkey->type != EVP_PKEY_RSA) {
> > +- /* EVPerror(EVP_R_EXPECTING_AN_RSA_KEY); */
> > +- return NULL;
> > +- }
> > +- return pkey->pkey.rsa;
> > +-}
> > +-#endif /* HAVE_EVP_PKEY_GET0_RSA */
> > +-
> > +-#ifndef HAVE_EVP_MD_CTX_NEW
> > +-EVP_MD_CTX *
> > +-EVP_MD_CTX_new(void)
> > +-{
> > +- return calloc(1, sizeof(EVP_MD_CTX));
> > +-}
> > +-#endif /* HAVE_EVP_MD_CTX_NEW */
> > +-
> > +-#ifndef HAVE_EVP_MD_CTX_FREE
> > +-void
> > +-EVP_MD_CTX_free(EVP_MD_CTX *ctx)
> > +-{
> > +- if (ctx == NULL)
> > +- return;
> > +-
> > +- EVP_MD_CTX_cleanup(ctx);
> > +-
> > +- free(ctx);
> > +-}
> > +-#endif /* HAVE_EVP_MD_CTX_FREE */
> > +-
> > + #endif /* WITH_OPENSSL */
> > +diff --git a/openbsd-compat/openssl-compat.h b/openbsd-compat/openssl-compat.h
> > +index 61a69dd56eb..d0dd2c3450d 100644
> > +--- a/openbsd-compat/openssl-compat.h
> > ++++ b/openbsd-compat/openssl-compat.h
> > +@@ -33,26 +33,13 @@
> > + int ssh_compatible_openssl(long, long);
> > + void ssh_libcrypto_init(void);
> > +
> > +-#if (OPENSSL_VERSION_NUMBER < 0x1000100fL)
> > +-# error OpenSSL 1.0.1 or greater is required
> > ++#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
> > ++# error OpenSSL 1.1.0 or greater is required
> > + #endif
> > +-
> > +-#ifndef OPENSSL_VERSION
> > +-# define OPENSSL_VERSION SSLEAY_VERSION
> > +-#endif
> > +-
> > +-#ifndef HAVE_OPENSSL_VERSION
> > +-# define OpenSSL_version(x) SSLeay_version(x)
> > +-#endif
> > +-
> > +-#ifndef HAVE_OPENSSL_VERSION_NUM
> > +-# define OpenSSL_version_num SSLeay
> > +-#endif
> > +-
> > +-#if OPENSSL_VERSION_NUMBER < 0x10000001L
> > +-# define LIBCRYPTO_EVP_INL_TYPE unsigned int
> > +-#else
> > +-# define LIBCRYPTO_EVP_INL_TYPE size_t
> > ++#ifdef LIBRESSL_VERSION_NUMBER
> > ++# if LIBRESSL_VERSION_NUMBER < 0x3010000fL
> > ++# error LibreSSL 3.1.0 or greater is required
> > ++# endif
> > + #endif
> > +
> > + #ifndef OPENSSL_RSA_MAX_MODULUS_BITS
> > +@@ -68,25 +55,6 @@ void ssh_libcrypto_init(void);
> > + # endif
> > + #endif
> > +
> > +-/* LibreSSL/OpenSSL 1.1x API compat */
> > +-#ifndef HAVE_DSA_GET0_PQG
> > +-void DSA_get0_pqg(const DSA *d, const BIGNUM **p, const BIGNUM **q,
> > +- const BIGNUM **g);
> > +-#endif /* HAVE_DSA_GET0_PQG */
> > +-
> > +-#ifndef HAVE_DSA_SET0_PQG
> > +-int DSA_set0_pqg(DSA *d, BIGNUM *p, BIGNUM *q, BIGNUM *g);
> > +-#endif /* HAVE_DSA_SET0_PQG */
> > +-
> > +-#ifndef HAVE_DSA_GET0_KEY
> > +-void DSA_get0_key(const DSA *d, const BIGNUM **pub_key,
> > +- const BIGNUM **priv_key);
> > +-#endif /* HAVE_DSA_GET0_KEY */
> > +-
> > +-#ifndef HAVE_DSA_SET0_KEY
> > +-int DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key);
> > +-#endif /* HAVE_DSA_SET0_KEY */
> > +-
> > + #ifndef HAVE_EVP_CIPHER_CTX_GET_IV
> > + # ifdef HAVE_EVP_CIPHER_CTX_GET_UPDATED_IV
> > + # define EVP_CIPHER_CTX_get_iv EVP_CIPHER_CTX_get_updated_iv
> > +@@ -101,112 +69,5 @@ int EVP_CIPHER_CTX_set_iv(EVP_CIPHER_CTX *ctx,
> > + const unsigned char *iv, size_t len);
> > + #endif /* HAVE_EVP_CIPHER_CTX_SET_IV */
> > +
> > +-#ifndef HAVE_RSA_GET0_KEY
> > +-void RSA_get0_key(const RSA *r, const BIGNUM **n, const BIGNUM **e,
> > +- const BIGNUM **d);
> > +-#endif /* HAVE_RSA_GET0_KEY */
> > +-
> > +-#ifndef HAVE_RSA_SET0_KEY
> > +-int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d);
> > +-#endif /* HAVE_RSA_SET0_KEY */
> > +-
> > +-#ifndef HAVE_RSA_GET0_CRT_PARAMS
> > +-void RSA_get0_crt_params(const RSA *r, const BIGNUM **dmp1, const BIGNUM \
> > **dmq1, +- const BIGNUM **iqmp);
> > +-#endif /* HAVE_RSA_GET0_CRT_PARAMS */
> > +-
> > +-#ifndef HAVE_RSA_SET0_CRT_PARAMS
> > +-int RSA_set0_crt_params(RSA *r, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp);
> > +-#endif /* HAVE_RSA_SET0_CRT_PARAMS */
> > +-
> > +-#ifndef HAVE_RSA_GET0_FACTORS
> > +-void RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q);
> > +-#endif /* HAVE_RSA_GET0_FACTORS */
> > +-
> > +-#ifndef HAVE_RSA_SET0_FACTORS
> > +-int RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q);
> > +-#endif /* HAVE_RSA_SET0_FACTORS */
> > +-
> > +-#ifndef DSA_SIG_GET0
> > +-void DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps);
> > +-#endif /* DSA_SIG_GET0 */
> > +-
> > +-#ifndef DSA_SIG_SET0
> > +-int DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s);
> > +-#endif /* DSA_SIG_SET0 */
> > +-
> > +-#ifdef OPENSSL_HAS_ECC
> > +-#ifndef HAVE_ECDSA_SIG_GET0
> > +-void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM \
> > **ps); +-#endif /* HAVE_ECDSA_SIG_GET0 */
> > +-
> > +-#ifndef HAVE_ECDSA_SIG_SET0
> > +-int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s);
> > +-#endif /* HAVE_ECDSA_SIG_SET0 */
> > +-#endif /* OPENSSL_HAS_ECC */
> > +-
> > +-#ifndef HAVE_DH_GET0_PQG
> > +-void DH_get0_pqg(const DH *dh, const BIGNUM **p, const BIGNUM **q,
> > +- const BIGNUM **g);
> > +-#endif /* HAVE_DH_GET0_PQG */
> > +-
> > +-#ifndef HAVE_DH_SET0_PQG
> > +-int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g);
> > +-#endif /* HAVE_DH_SET0_PQG */
> > +-
> > +-#ifndef HAVE_DH_GET0_KEY
> > +-void DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM \
> > **priv_key); +-#endif /* HAVE_DH_GET0_KEY */
> > +-
> > +-#ifndef HAVE_DH_SET0_KEY
> > +-int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key);
> > +-#endif /* HAVE_DH_SET0_KEY */
> > +-
> > +-#ifndef HAVE_DH_SET_LENGTH
> > +-int DH_set_length(DH *dh, long length);
> > +-#endif /* HAVE_DH_SET_LENGTH */
> > +-
> > +-#ifndef HAVE_RSA_METH_FREE
> > +-void RSA_meth_free(RSA_METHOD *meth);
> > +-#endif /* HAVE_RSA_METH_FREE */
> > +-
> > +-#ifndef HAVE_RSA_METH_DUP
> > +-RSA_METHOD *RSA_meth_dup(const RSA_METHOD *meth);
> > +-#endif /* HAVE_RSA_METH_DUP */
> > +-
> > +-#ifndef HAVE_RSA_METH_SET1_NAME
> > +-int RSA_meth_set1_name(RSA_METHOD *meth, const char *name);
> > +-#endif /* HAVE_RSA_METH_SET1_NAME */
> > +-
> > +-#ifndef HAVE_RSA_METH_GET_FINISH
> > +-int (*RSA_meth_get_finish(const RSA_METHOD *meth))(RSA *rsa);
> > +-#endif /* HAVE_RSA_METH_GET_FINISH */
> > +-
> > +-#ifndef HAVE_RSA_METH_SET_PRIV_ENC
> > +-int RSA_meth_set_priv_enc(RSA_METHOD *meth, int (*priv_enc)(int flen,
> > +- const unsigned char *from, unsigned char *to, RSA *rsa, int padding));
> > +-#endif /* HAVE_RSA_METH_SET_PRIV_ENC */
> > +-
> > +-#ifndef HAVE_RSA_METH_SET_PRIV_DEC
> > +-int RSA_meth_set_priv_dec(RSA_METHOD *meth, int (*priv_dec)(int flen,
> > +- const unsigned char *from, unsigned char *to, RSA *rsa, int padding));
> > +-#endif /* HAVE_RSA_METH_SET_PRIV_DEC */
> > +-
> > +-#ifndef HAVE_RSA_METH_SET_FINISH
> > +-int RSA_meth_set_finish(RSA_METHOD *meth, int (*finish)(RSA *rsa));
> > +-#endif /* HAVE_RSA_METH_SET_FINISH */
> > +-
> > +-#ifndef HAVE_EVP_PKEY_GET0_RSA
> > +-RSA *EVP_PKEY_get0_RSA(EVP_PKEY *pkey);
> > +-#endif /* HAVE_EVP_PKEY_GET0_RSA */
> > +-
> > +-#ifndef HAVE_EVP_MD_CTX_new
> > +-EVP_MD_CTX *EVP_MD_CTX_new(void);
> > +-#endif /* HAVE_EVP_MD_CTX_new */
> > +-
> > +-#ifndef HAVE_EVP_MD_CTX_free
> > +-void EVP_MD_CTX_free(EVP_MD_CTX *ctx);
> > +-#endif /* HAVE_EVP_MD_CTX_free */
> > +-
> > + #endif /* WITH_OPENSSL */
> > + #endif /* _OPENSSL_COMPAT_H */
> > diff --git a/meta/recipes-connectivity/openssh/openssh_8.9p1.bb<http://openssh_8.9p1.bb/> \
> > b/meta/recipes-connectivity/openssh/openssh_8.9p1.bb<http://openssh_8.9p1.bb/> \
> > index 6057d055f4..1d53c2488b 100644
> > --- a/meta/recipes-connectivity/openssh/openssh_8.9p1.bb<http://openssh_8.9p1.bb/>
> >
> > +++ b/meta/recipes-connectivity/openssh/openssh_8.9p1.bb<http://openssh_8.9p1.bb/>
> > @@ -26,6 +26,7 @@ SRC_URI = \
> > "https://apc01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fftp.openbsd.org% \
> > 2Fpub%2FOpenBSD%2FOpenSSH%2Fportable%2Fopenssh-%24&data=05%7C01%7CRanjitsinh.Ratho \
> > d%40kpit.com%7Cd788d3aa157742dfacb008db61a20d08%7C3539451eb46e4a26a242ff61502855c7 \
> > %7C0%7C0%7C638211120911246208%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoi \
> > V2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=dDzVG6aYgMYab04aGD%2F \
> > 6l6tLxk2tzcSndFcqwlT%2FRg0%3D&reserved=0{PV}.tar<http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-$>
> > file://add-test-support-for-busybox.patch \
> > file://f107467179428a0e3ea9e4aa9738ac12ff02822d.patch \
> > file://0001-Default-to-not-using-sandbox-when-cross-compiling.patch \
> > + file://7280401bdd77ca54be6867a154cc01e0d72612e0.patch \
> > "
> > SRC_URI[sha256sum] = \
> > "fd497654b7ab1686dac672fb83dfb4ba4096e8b5ffcdaccd262380ae58bec5e7"
> > --
> > 2.17.1
> >
> >
> >
> >
> This message contains information that may be privileged or confidential and is the \
> property of the KPIT Technologies Ltd. It is intended only for the person to whom \
> it is addressed. If you are not the intended recipient, you are not authorized to \
> read, print, retain copy, disseminate, distribute, or use this message or any part \
> thereof. If you receive this message in error, please notify the sender immediately \
> and delete all copies of this message. KPIT Technologies Ltd. does not accept any \
> liability for virus infected mails.
This message contains information that may be privileged or confidential and is the \
property of the KPIT Technologies Ltd. It is intended only for the person to whom it \
is addressed. If you are not the intended recipient, you are not authorized to read, \
print, retain copy, disseminate, distribute, or use this message or any part thereof. \
If you receive this message in error, please notify the sender immediately and delete \
all copies of this message. KPIT Technologies Ltd. does not accept any liability for \
virus infected mails. This message contains information that may be privileged or \
confidential and is the property of the KPIT Technologies Ltd. It is intended only \
for the person to whom it is addressed. If you are not the intended recipient, you \
are not authorized to read, print, retain copy, disseminate, distribute, or use this \
message or any part thereof. If you receive this message in error, please notify the \
sender immediately and delete all copies of this message. KPIT Technologies Ltd. does \
not accept any liability for virus infected mails. This message contains information \
that may be privileged or confidential and is the property of the KPIT Technologies \
Ltd. It is intended only for the person to whom it is addressed. If you are not the \
intended recipient, you are not authorized to read, print, retain copy, disseminate, \
distribute, or use this message or any part thereof. If you receive this message in \
error, please notify the sender immediately and delete all copies of this message. \
KPIT Technologies Ltd. does not accept any liability for virus infected mails.
[Attachment #5 (text/html)]
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<style type="text/css" style="display:none;"> P {margin-top:0;margin-bottom:0;} \
</style> </head>
<body dir="ltr">
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; \
color: rgb(0, 0, 0);" class="elementToProof"> Thanks, Alex.</div>
<div class="elementToProof">
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; \
color: rgb(0, 0, 0);"> <br>
</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; \
color: rgb(0, 0, 0);"> <a id="OWAAM399865" class="tWKOu mention ms-bgc-nlr ms-fcl-b" \
href="mailto:Riyaz.Khan@kpit.com">@Riyaz Ahmed Khan</a>, please create a backport \
patch for the master branch and also let's add some more info in commit message and \
send v4 patch for the kirkstone.</div> <div id="Signature">
<div>
<div></div>
<div></div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; \
color: rgb(0, 0, 0);"> <p style="margin: 0in; font-size: 11pt; font-family: Calibri, \
sans-serif; text-align: start; color: rgb(32, 31, 30); background-color: rgb(255, \
255, 255);"> <span style="font-family: "Work Sans"; font-size: 10pt; color: \
rgb(89, 89, 89);"><span style="font-family: Calibri, Arial, Helvetica, sans-serif; \
font-size: 16px; display: inline !important; color: rgb(0, 0, 0); background-color: \
rgb(255, 255, 255);"><br> </span></span></p>
<p style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif; text-align: \
start; color: rgb(32, 31, 30); background-color: rgb(255, 255, 255);"> <span \
style="font-family: "Work Sans"; font-size: 10pt; color: rgb(89, 89, \
89);"><span style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: \
16px; display: inline !important; color: rgb(0, 0, 0); background-color: rgb(255, \
255, 255);">Thanks,</span><br> </span></p>
<p style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif; text-align: \
start; color: rgb(32, 31, 30); background-color: rgb(255, 255, 255);"> <span \
style="font-family: "Work Sans"; font-size: 10pt; color: rgb(89, 89, \
89);">Best Regards,</span><br> </p>
<p style="margin: 0in 0in 12pt; font-size: 11pt; font-family: Calibri, sans-serif; \
text-align: start; color: rgb(32, 31, 30); background-color: rgb(255, 255, 255);"> \
<span lang="EN-IN" style="margin: 0px; font-family: "Work Sans Medium"; \
color: rgb(89, 89, 89);"><b>Ranjitsinh Rathod</b></span><span lang="EN-IN" \
style="margin: 0px; font-size: 14pt; font-family: "Work Sans"; color: \
rgb(0, 137, 207);"><br> </span><span lang="EN-IN" style="margin: 0px; font-size: 9pt; \
font-family: "Work Sans"; color: rgb(127, 127, 127);">Technical Leader \
| | KPIT Technologies Ltd.<br>
Cellphone: +91-84606 92403<br>
</span><b><sup><span lang="EN-IN" style="margin: 0px; font-size: 14pt; font-family: \
"Work Sans"; color: rgb(176, 255, \
69);">__________________________________________<br> </span></sup></b><span \
style="margin: 0px; color: rgb(31, 73, 125);"><a href="http://www.kpit.com/" \
target="_blank" rel="noopener noreferrer" style="margin:0px"><span lang="EN-IN" \
style="margin: 0px; font-size: 12pt; font-family: "Work Sans Medium"; \
color: gray;">KPIT</span></a></span><span style="margin: 0px; font-family: "Work \
Sans"; color: gray;"><span> </span></span><span lang="EN-IN" style="margin: \
0px; font-size: 12pt; font-family: "Work Sans"; color: gray;">|</span><span \
lang="EN-IN" style="margin: 0px; font-size: 9pt; font-family: "Work Sans"; \
color: gray;"><span> </span></span><span style="margin: 0px; color: rgb(31, 73, \
125);"><a href="http://www.kpit.com/linkedin" target="_blank" rel="noopener \
noreferrer" style="margin:0px"><span lang="EN-IN" style="margin: 0px; font-size: 9pt; \
font-family: "Work Sans"; color: gray;">Follow us on \
LinkedIn</span></a></span><span style="margin: 0px; font-size: 9pt; font-family: \
"Work Sans"; color: rgb(89, 89, 89);"></span><span style="margin:0px; \
font-size:12pt; font-family:"Times New Roman",serif"></span></p> <p \
style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif; text-align: \
start; color: rgb(32, 31, 30); background-color: rgb(255, 255, 255);"> <a \
href="https://www.kpit.com/TheNewBrand" target="_blank" rel="noopener noreferrer" \
style="margin:0px"><span style="margin: 0px; color: rgb(31, 73, 125);"><img \
class="EmojiInsert" width="621" height="120" style="margin:0px; width:6.4687in; \
height:1.25in" data-outlook-trace="F:1|T:1" \
src="cid:33bec1fb-2d95-4395-a8a2-8370c441baa8"></span></a></p> </div>
</div>
</div>
</div>
<div id="appendonsend"></div>
<hr style="display:inline-block;width:98%" tabindex="-1">
<div id="divRplyFwdMsg" dir="ltr"><font face="Calibri, sans-serif" \
style="font-size:11pt" color="#000000"><b>From:</b> Alexander Kanavin \
<alex.kanavin@gmail.com><br> <b>Sent:</b> Wednesday, May 31, 2023 2:32 PM<br>
<b>To:</b> Ranjitsinh Rathod <Ranjitsinh.Rathod@kpit.com><br>
<b>Cc:</b> Riyaz Ahmed Khan <rak3033@gmail.com>; \
openembedded-core@lists.openembedded.org \
<openembedded-core@lists.openembedded.org>; Steve Sakoman \
<steve@sakoman.com>; Riyaz Ahmed Khan <Riyaz.Khan@kpit.com><br> \
<b>Subject:</b> Re: [OE-core][kirkstone][PATCH v3] openssh: Remove BSD-4-clause \
contents completely from codebase</font> <div> </div>
</div>
<div>
<div style="background-color:#F7F4A9"><span style="font-size:12pt; font-weight:bold; \
font-family:'Cambria','times new roman','garamond',serif; color:#ff0000">Caution: \
<span style="font-size:8 pt; font-weight:normal; font-family:'times new roman',serif; \
color:#ff0000"> This email originated from outside of the KPIT. Do not click links or \
open attachments unless you recognize the sender and know the content is safe. \
</span></span></div> <div>
<div dir="ltr">
<div>Hello,</div>
<div><br>
</div>
<div>I see, thanks for explaining.<br>
</div>
<div><br>
</div>
<div>I would suggest you first send a backport for the master branch (I hope it's not \
difficult as the needed upstream commit is closer to the openssh release master has), \
then an equivalent backport for kirkstone. Make sure the commit messages describe why \
this is being done (to ensure openssh source really has no bsd-4 clause code so that \
reality matches what LICENSE says, and we do not have to change LICENSE in an LTS \
branch).</div> <div><br>
</div>
<div>Alex<br>
</div>
</div>
<br>
<div class="x_gmail_quote">
<div dir="ltr" class="x_gmail_attr">On Wed, 31 May 2023 at 10:47, Ranjitsinh Rathod \
<<a href="mailto:Ranjitsinh.Rathod@kpit.com" \
target="_blank">Ranjitsinh.Rathod@kpit.com</a>> wrote:<br> </div>
<blockquote class="x_gmail_quote" style="margin:0px 0px 0px 0.8ex; border-left:1px \
solid rgb(204,204,204); padding-left:1ex"> <div>
<div dir="ltr">
<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; \
color:rgb(0,0,0)"> Hi Alexander,</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; \
color:rgb(0,0,0)"> <br>
</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; \
color:rgb(0,0,0)"> Some of the product restrict the BSD-4-Clause usage and our \
goal is to completely remove the BSD-4-Clause license from the openssh.</div> \
<div> <div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; \
color:rgb(0,0,0)"> As kirkstone is LTS branch, version upgrade would not be possible \
and so we send the patch by backporting and testing for kirkstone.</div> <div \
style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; \
color:rgb(0,0,0)"> <br>
</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; \
color:rgb(0,0,0)"> For master branch, I hope next release will solve the problem as \
that commit from openssh would be there. So please suggest in which way you want to \
fix the master branch.</div> <div \
style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; \
color:rgb(0,0,0)"> <br>
</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; \
color:rgb(0,0,0)"> But for kirkstone, I would like to take the backported \
patch.</div> <div id="x_m_-4249752166462887164m_2409048577088411132Signature">
<div>
<div></div>
<div></div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; \
color:rgb(0,0,0)"> <p style="margin:0in; font-size:11pt; \
font-family:Calibri,sans-serif; text-align:start; color:rgb(32,31,30); \
background-color:rgb(255,255,255)"> <span style="font-family:"Work Sans"; \
font-size:10pt; color:rgb(89,89,89)"><span \
style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:16px; \
display:inline; color:rgb(0,0,0); background-color:rgb(255,255,255)"><br> \
</span></span></p> <p style="margin:0in; font-size:11pt; \
font-family:Calibri,sans-serif; text-align:start; color:rgb(32,31,30); \
background-color:rgb(255,255,255)"> <span style="font-family:"Work Sans"; \
font-size:10pt; color:rgb(89,89,89)"><span \
style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:16px; \
display:inline; color:rgb(0,0,0); \
background-color:rgb(255,255,255)">Thanks,</span><br> </span></p>
<p style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif; \
text-align:start; color:rgb(32,31,30); background-color:rgb(255,255,255)"> <span \
style="font-family:"Work Sans"; font-size:10pt; color:rgb(89,89,89)">Best \
Regards,</span><br> </p>
<p style="margin:0in 0in 12pt; font-size:11pt; font-family:Calibri,sans-serif; \
text-align:start; color:rgb(32,31,30); background-color:rgb(255,255,255)"> <span \
lang="EN-IN" style="margin:0px; font-family:"Work Sans Medium"; \
color:rgb(89,89,89)"><b>Ranjitsinh Rathod</b></span><span lang="EN-IN" \
style="margin:0px; font-size:14pt; font-family:"Work Sans"; \
color:rgb(0,137,207)"><br> </span><span lang="EN-IN" style="margin:0px; \
font-size:9pt; font-family:"Work Sans"; color:rgb(127,127,127)">Technical \
Leader | | KPIT Technologies Ltd.<br>
Cellphone: +91-84606 92403<br>
</span><b><sup><span lang="EN-IN" style="margin:0px; font-size:14pt; \
font-family:"Work Sans"; \
color:rgb(176,255,69)">__________________________________________<br> \
</span></sup></b><span style="margin:0px; color:rgb(31,73,125)"><a \
href="http://www.kpit.com/" rel="noopener noreferrer" target="_blank" \
style="margin:0px"><span lang="EN-IN" style="margin:0px; font-size:12pt; \
font-family:"Work Sans Medium"; color:gray">KPIT</span></a></span><span \
style="margin:0px; font-family:"Work Sans"; \
color:gray"><span> </span></span><span lang="EN-IN" style="margin:0px; \
font-size:12pt; font-family:"Work Sans"; color:gray">|</span><span \
lang="EN-IN" style="margin:0px; font-size:9pt; font-family:"Work Sans"; \
color:gray"><span> </span></span><span style="margin:0px; \
color:rgb(31,73,125)"><a href="http://www.kpit.com/linkedin" rel="noopener \
noreferrer" target="_blank" style="margin:0px"><span lang="EN-IN" style="margin:0px; \
font-size:9pt; font-family:"Work Sans"; color:gray">Follow us on \
LinkedIn</span></a></span><span style="margin:0px; font-size:9pt; \
font-family:"Work Sans"; color:rgb(89,89,89)"></span><span \
style="margin:0px; font-size:12pt; font-family:"Times New \
Roman",serif"></span></p> <p style="margin:0in; font-size:11pt; \
font-family:Calibri,sans-serif; text-align:start; color:rgb(32,31,30); \
background-color:rgb(255,255,255)"> <a href="https://www.kpit.com/TheNewBrand" \
rel="noopener noreferrer" target="_blank" style="margin:0px"><span style="margin:0px; \
color:rgb(31,73,125)"><img width="621" height="120" style="margin:0px; \
width:6.4687in; height:1.25in" data-outlook-trace="F:1|T:1" \
src="cid:18870ff9cbb5d7fd5b92"></span></a></p> </div>
</div>
</div>
</div>
<div id="x_m_-4249752166462887164m_2409048577088411132appendonsend"></div>
<hr style="display:inline-block; width:98%">
<div id="x_m_-4249752166462887164m_2409048577088411132divRplyFwdMsg" dir="ltr"><font \
face="Calibri, sans-serif" color="#000000" style="font-size:11pt"><b>From:</b> \
Alexander Kanavin <<a href="mailto:alex.kanavin@gmail.com" \
target="_blank">alex.kanavin@gmail.com</a>><br> <b>Sent:</b> Wednesday, May 31, \
2023 2:13 PM<br> <b>To:</b> Ranjitsinh Rathod <<a \
href="mailto:Ranjitsinh.Rathod@kpit.com" \
target="_blank">Ranjitsinh.Rathod@kpit.com</a>><br> <b>Cc:</b> Riyaz Ahmed Khan \
<<a href="mailto:rak3033@gmail.com" target="_blank">rak3033@gmail.com</a>>; <a \
href="mailto:openembedded-core@lists.openembedded.org" \
target="_blank">openembedded-core@lists.openembedded.org</a> <<a \
href="mailto:openembedded-core@lists.openembedded.org" \
target="_blank">openembedded-core@lists.openembedded.org</a>>; Steve Sakoman \
<<a href="mailto:steve@sakoman.com" target="_blank">steve@sakoman.com</a>>; \
Riyaz Ahmed Khan <<a href="mailto:Riyaz.Khan@kpit.com" \
target="_blank">Riyaz.Khan@kpit.com</a>><br> <b>Subject:</b> Re: \
[OE-core][kirkstone][PATCH v3] openssh: Remove BSD-4-clause contents completely from \
codebase</font> <div> </div>
</div>
<div>
<div style="background-color:rgb(247,244,169)"><span style="font-size:12pt; \
font-weight:bold; font-family:"Cambria","times new \
roman","garamond",serif; color:rgb(255,0,0)">Caution: <span \
style="font-weight:normal; font-family:"times new roman",serif; \
color:rgb(255,0,0)"> This email originated from outside of the KPIT. Do not click \
links or open attachments unless you recognize the sender and know the content is \
safe. </span></span></div>
<div>
<div dir="ltr">
<div>Hello all,<br>
</div>
<div><br>
</div>
<div>Perhaps it would be easier to adjust the LICENSE entry in the openssh recipe for \
all affected oe-core branches, with appropriate comment next to that entry (because \
it would have to be again adjusted once new openssh is released)? Is your goal to \
avoid the license, or simply to ensure it is correctly specified?<br>
</div>
<div><br>
</div>
<div>Alex<br>
</div>
</div>
<br>
<div>
<div dir="ltr">On Wed, 31 May 2023 at 10:36, Ranjitsinh Rathod <<a \
href="mailto:Ranjitsinh.Rathod@kpit.com" \
target="_blank">Ranjitsinh.Rathod@kpit.com</a>> wrote:<br> </div>
<blockquote style="margin:0px 0px 0px 0.8ex; border-left:1px solid rgb(204,204,204); \
padding-left:1ex"> <div>
<div dir="ltr">
<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; \
color:rgb(0,0,0)"> Hi Alexander,</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; \
color:rgb(0,0,0)"> <br>
</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; \
color:rgb(0,0,0)"> Let me explain a bit more here.</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; \
color:rgb(0,0,0)"> <br>
</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; \
color:rgb(0,0,0)"> Below upstream commit removed BSD-4-Clause from the LICENSE \
variable, But actually if we check from the source code of the openssh for this \
version (8.9p1), there are some files (<b style="color:rgb(102,102,102); \
background-color:rgb(255,255,255)">openbsd-compat/libressl-api-compat.c</b>) still \
affected and so this is wrong as per me.</div> <div \
style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; \
color:rgb(0,0,0)"> Link: <a \
href="https://git.yoctoproject.org/poky/commit/?id=2c86f586d55d0f6b99053e3e4d14c9ee36fa8aa8" \
originalsrc="https://git.yoctoproject.org/poky/commit/?id=2c86f586d55d0f6b99053e3e4d14c9ee36fa8aa8" \
shash="Rl4WQpYKaG6FHOPsPT914GUvIc6gSA9K4V2be+/qkUL+UIdWDDGqHorXYDhUrWbAup8LFY0YW7RuS8q \
b+6nUmHMxX0p1c+nsyBW9pTQpwRmHO8IzGwpwx0dPu+tEmPlFBsM4QX7n93md69JTkfFEcjM6vxzdSVA/JT4DcK8riEg=" \
id="x_m_-4249752166462887164m_2409048577088411132x_m_985507573848848757LPlnk238407" \
target="_blank">https://git.yoctoproject.org/poky/commit/?id=2c86f586d55d0f6b99053e3e4d14c9ee36fa8aa8</a></div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; \
color:rgb(0,0,0)"> <br>
</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; \
color:rgb(0,0,0)"> <blockquote style="border-color:rgb(200,200,200); border-left:3px \
solid rgb(200,200,200); padding-left:1ex; margin-left:0.8ex; color:rgb(102,102,102)"> \
~/sources/openssh-portable$ git branch <div>* (HEAD detached at V_8_9_P1)</div>
<div> master</div>
<div>~/sources/openssh-portable$ grep -rl "All advertising materials mentioning \
features or use of this software" *|grep -v \.1|grep -v \.5|grep -v \.8 | \
sort</div> <div><b>openbsd-compat/libressl-api-compat.c</b></div>
</blockquote>
When we checked in the master branch, it seems the below commit from the openssh is \
removing it and so to completely remove the BSD-4-Clause, below commit from the \
openssh is required.</div> <div \
style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; \
color:rgb(0,0,0)"> Openssh commit: <a \
href="https://github.com/openssh/openssh-portable/commit/7280401bdd77ca54be6867a154cc01e0d72612e0" \
originalsrc="https://github.com/openssh/openssh-portable/commit/7280401bdd77ca54be6867a154cc01e0d72612e0" \
shash="em4PeZPv/lR2b379xWEF4JnFfQvM2mrSSM0HJoYleusFR7csokavQCOCG1GJ60wLWRsPPskcw+elzrx \
4eVX2oql47I04qJ1ROpt6VtL4vlM/EtMrxkB+2hAfao2NvtGoYbYnU30Krqg+c/2vBaJomzGsKm9zVLZGoHad0p9TAWw=" \
id="x_m_-4249752166462887164m_2409048577088411132x_m_985507573848848757LPlnk703217" \
target="_blank">https://github.com/openssh/openssh-portable/commit/7280401bdd77ca54be6867a154cc01e0d72612e0</a></div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; \
color:rgb(0,0,0)"> <br>
</div>
<div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; \
color:rgb(0,0,0)"> We can upstream this to both kirkstone as well as master branch. \
Please suggest. As the version is different in both the branches, same change would \
get not apply on both and so we need to send two different patches each for master \
and kirkstone.</div> <div style="font-family:Calibri,Arial,Helvetica,sans-serif; \
font-size:12pt; color:rgb(0,0,0)"> <br>
</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; \
color:rgb(0,0,0)"> So currently the v3 patch for kirkstone is correct and can be \
applied and for the master branch we can send another patch.</div> <div \
id="x_m_-4249752166462887164m_2409048577088411132x_m_985507573848848757Signature"> \
<div> <div></div>
<div></div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; \
color:rgb(0,0,0)"> <p style="margin:0in; font-size:11pt; \
font-family:Calibri,sans-serif; text-align:start; color:rgb(32,31,30); \
background-color:rgb(255,255,255)"> <span style="font-family:"Work Sans"; \
font-size:10pt; color:rgb(89,89,89)"><span \
style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:16px; \
display:inline; color:rgb(0,0,0); background-color:rgb(255,255,255)"><br> \
</span></span></p> <p style="margin:0in; font-size:11pt; \
font-family:Calibri,sans-serif; text-align:start; color:rgb(32,31,30); \
background-color:rgb(255,255,255)"> <span style="font-family:"Work Sans"; \
font-size:10pt; color:rgb(89,89,89)"><span \
style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:16px; \
display:inline; color:rgb(0,0,0); \
background-color:rgb(255,255,255)">Thanks,</span><br> </span></p>
<p style="margin:0in; font-size:11pt; font-family:Calibri,sans-serif; \
text-align:start; color:rgb(32,31,30); background-color:rgb(255,255,255)"> <span \
style="font-family:"Work Sans"; font-size:10pt; color:rgb(89,89,89)">Best \
Regards,</span><br> </p>
<p style="margin:0in 0in 12pt; font-size:11pt; font-family:Calibri,sans-serif; \
text-align:start; color:rgb(32,31,30); background-color:rgb(255,255,255)"> <span \
lang="EN-IN" style="margin:0px; font-family:"Work Sans Medium"; \
color:rgb(89,89,89)"><b>Ranjitsinh Rathod</b></span><span lang="EN-IN" \
style="margin:0px; font-size:14pt; font-family:"Work Sans"; \
color:rgb(0,137,207)"><br> </span><span lang="EN-IN" style="margin:0px; \
font-size:9pt; font-family:"Work Sans"; color:rgb(127,127,127)">Technical \
Leader | | KPIT Technologies Ltd.<br>
Cellphone: +91-84606 92403<br>
</span><b><sup><span lang="EN-IN" style="margin:0px; font-size:14pt; \
font-family:"Work Sans"; \
color:rgb(176,255,69)">__________________________________________<br> \
</span></sup></b><span style="margin:0px; color:rgb(31,73,125)"><a \
href="http://www.kpit.com/" rel="noopener noreferrer" target="_blank" \
style="margin:0px"><span lang="EN-IN" style="margin:0px; font-size:12pt; \
font-family:"Work Sans Medium"; color:gray">KPIT</span></a></span><span \
style="margin:0px; font-family:"Work Sans"; \
color:gray"><span> </span></span><span lang="EN-IN" style="margin:0px; \
font-size:12pt; font-family:"Work Sans"; color:gray">|</span><span \
lang="EN-IN" style="margin:0px; font-size:9pt; font-family:"Work Sans"; \
color:gray"><span> </span></span><span style="margin:0px; \
color:rgb(31,73,125)"><a href="http://www.kpit.com/linkedin" rel="noopener \
noreferrer" target="_blank" style="margin:0px"><span lang="EN-IN" style="margin:0px; \
font-size:9pt; font-family:"Work Sans"; color:gray">Follow us on \
LinkedIn</span></a></span><span style="margin:0px; font-size:9pt; \
font-family:"Work Sans"; color:rgb(89,89,89)"></span><span \
style="margin:0px; font-size:12pt; font-family:"Times New \
Roman",serif"></span></p> <p style="margin:0in; font-size:11pt; \
font-family:Calibri,sans-serif; text-align:start; color:rgb(32,31,30); \
background-color:rgb(255,255,255)"> <a href="https://www.kpit.com/TheNewBrand" \
rel="noopener noreferrer" target="_blank" style="margin:0px"><span style="margin:0px; \
color:rgb(31,73,125)"><img width="621" height="120" style="margin:0px; \
width:6.4687in; height:1.25in" data-outlook-trace="F:1|T:1" \
src="cid:18870ff9cba4d4ea0eb1"></span></a></p> </div>
</div>
</div>
</div>
<div id="x_m_-4249752166462887164m_2409048577088411132x_m_985507573848848757appendonsend">
</div>
<hr style="display:inline-block; width:98%">
<div id="x_m_-4249752166462887164m_2409048577088411132x_m_985507573848848757divRplyFwdMsg" \
dir="ltr"> <font face="Calibri, sans-serif" color="#000000" \
style="font-size:11pt"><b>From:</b> Alexander Kanavin <<a \
href="mailto:alex.kanavin@gmail.com" \
target="_blank">alex.kanavin@gmail.com</a>><br> <b>Sent:</b> Wednesday, May 31, \
2023 12:11 PM<br> <b>To:</b> Riyaz Ahmed Khan <<a \
href="mailto:Riyaz.Khan@kpit.com" target="_blank">Riyaz.Khan@kpit.com</a>><br> \
<b>Cc:</b> Riyaz Ahmed Khan <<a href="mailto:rak3033@gmail.com" \
target="_blank">rak3033@gmail.com</a>>; <a \
href="mailto:openembedded-core@lists.openembedded.org" \
target="_blank">openembedded-core@lists.openembedded.org</a> <<a \
href="mailto:openembedded-core@lists.openembedded.org" \
target="_blank">openembedded-core@lists.openembedded.org</a>>; Ranjitsinh Rathod \
<<a href="mailto:Ranjitsinh.Rathod@kpit.com" \
target="_blank">Ranjitsinh.Rathod@kpit.com</a>>; Steve Sakoman <<a \
href="mailto:steve@sakoman.com" target="_blank">steve@sakoman.com</a>><br> \
<b>Subject:</b> Re: [OE-core][kirkstone][PATCH v3] openssh: Remove BSD-4-clause \
contents completely from codebase</font> <div> </div>
</div>
<div><font size="2"><span style="font-size:11pt">
<div>Caution: This email originated from outside of the KPIT. Do not click links or \
open attachments unless you recognize the sender and know the content is safe.<br> \
<br> That is not how it works. If the issue exists in both master and<br>
kirkstone (which it does), it must be resolved in master first. Also<br>
'resolves BSD-5 clause license issue' does not explain what the issue<br>
is, and you need to provide a better explanation.<br>
<br>
Alex<br>
<br>
On Wed, 31 May 2023 at 07:49, Riyaz Ahmed Khan <<a \
href="mailto:Riyaz.Khan@kpit.com" target="_blank">Riyaz.Khan@kpit.com</a>> \
wrote:<br> ><br>
> Hi Alex,<br>
><br>
> As openssh is pointing to LTS branch in kirkstone and openssh is still at 8.9 \
the usage of BSD-4 can be limited. Hence, we need this patch to be integrated \
in kirkstone to resolve BSD-5 clause license issue for that the reason this patch has \
been created to backport and remove the BSD-4 clause license. In the master branch \
it is closer to the latest version and can wait for the official openssh release, but \
I hope there will not be a release to kirkstone from master for this reason we \
created this patch.<br> ><br>
> Hi Steve,<br>
><br>
> Please take this patch for kirkstone as it will resolve BSD-5 clause license \
issue.<br> ><br>
> Regards,<br>
> Riyaz<br>
><br>
> ________________________________<br>
> From: Alexander Kanavin <<a href="mailto:alex.kanavin@gmail.com" \
target="_blank">alex.kanavin@gmail.com</a>><br> > Sent: Tuesday, May 30, 2023 \
13:38<br> > To: Riyaz Ahmed Khan <<a href="mailto:rak3033@gmail.com" \
target="_blank">rak3033@gmail.com</a>><br> > Cc: <a \
href="mailto:openembedded-core@lists.openembedded.org" \
target="_blank">openembedded-core@lists.openembedded.org</a> <<a \
href="mailto:openembedded-core@lists.openembedded.org" \
target="_blank">openembedded-core@lists.openembedded.org</a>>; Ranjitsinh Rathod \
<<a href="mailto:Ranjitsinh.Rathod@kpit.com" \
target="_blank">Ranjitsinh.Rathod@kpit.com</a>>; Riyaz Ahmed Khan <<a \
href="mailto:Riyaz.Khan@kpit.com" target="_blank">Riyaz.Khan@kpit.com</a>><br> \
> Subject: Re: [OE-core][kirkstone][PATCH v3] openssh: Remove BSD-4-clause \
contents completely from codebase<br> ><br>
> Caution: This email originated from outside of the KPIT. Do not click links or \
open attachments unless you recognize the sender and know the content is safe.<br> \
><br> > What is the rationale for adding this patch to oe-core? Why can't \
this<br> > wait until openssh releases a version with this change?<br>
><br>
> Alex<br>
><br>
> On Tue, 30 May 2023 at 09:08, Riyaz Ahmed Khan <<a \
href="mailto:rak3033@gmail.com" target="_blank">rak3033@gmail.com</a>> wrote:<br> \
> ><br> > > As upstream removed this BSD-4-clause license, there are \
still some files<br> > > has this license. Below file affected by this \
BSD-4-clause contents when<br> > > below command is executed<br>
> > grep -rl "All advertising materials mentioning features or use of this \
software"<br> > > *|grep -v \.1|grep -v \.5|grep -v \.8 | sort \
openbsd-compat/libressl-api-compat.c<br> > ><br>
> > All advertising materials mentioning features or use of this software<br>
> ><br>
> > Openssh upstream removes the bsd-4 license compeletely from this commit<br>
> > <a href="https://github.com/openssh/openssh-portable/commit/7280401bdd77ca54be6867a154cc01e0d72612e0" \
originalsrc="https://github.com/openssh/openssh-portable/commit/7280401bdd77ca54be6867a154cc01e0d72612e0" \
shash="em4PeZPv/lR2b379xWEF4JnFfQvM2mrSSM0HJoYleusFR7csokavQCOCG1GJ60wLWRsPPskcw+elzrx \
4eVX2oql47I04qJ1ROpt6VtL4vlM/EtMrxkB+2hAfao2NvtGoYbYnU30Krqg+c/2vBaJomzGsKm9zVLZGoHad0p9TAWw=" \
target="_blank"> https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgit \
hub.com%2Fopenssh%2Fopenssh-portable%2Fcommit%2F7280401bdd77ca54be6867a154cc01e0d72612 \
e0&data=05%7C01%7CRanjitsinh.Rathod%40kpit.com%7Cd788d3aa157742dfacb008db61a20d08% \
7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C638211120911246208%7CUnknown%7CTWFpbGZsb3 \
d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=AiOVMsuUKtG5WkExJNwIVaM9rqrHXXMg0c8WziS9yHQ%3D&reserved=0</a><br>
> > Hence, Remove and backport this commit completely to remove license of \
BSD-4-clause<br> > > contents from codebase. Hunks are refreshed, removed \
couple of hunks from<br> > > <a href="http://configure.ac/" \
originalsrc="http://configure.ac/" \
shash="EAq8YRxc9Ifw4J/Ollvz7VyWtSr9ZSmqhYtIt4qFOdujncUje0MOrvRjcnAJP4xwFgoDDdnbOV7nGl4 \
JlsfpC6tW3PKv5zO2z+g9Pt2J0zLhZuRvDPkJ1tnFpInuh+IFtciroILr5ssbWytMYvv/TDVY8aPuvpYGcyF0O0+pors=" \
target="_blank"> configure.ac</a> and openbsd-compat/libressl-api-compat.c as hunk \
code<br> > > is not prasent.<br>
> ><br>
> > Signed-off-by: Riyaz Khan <<a href="mailto:Riyaz.Khan@kpit.com" \
target="_blank">Riyaz.Khan@kpit.com</a>><br> > > ---<br>
> > ...401bdd77ca54be6867a154cc01e0d72612e0.patch | 984 \
++++++++++++++++++<br> > > .../openssh/<a href="http://openssh_8.9p1.bb/" \
originalsrc="http://openssh_8.9p1.bb/" \
shash="mrTHvICXWQZCqgJpWDfJc0Vury53jXUcPdCq6NKDtxZTr6FuSnEjO99jYRkmERHCkl11f0U9d/W0Od/ \
xMia/1sK3behuU+yIYBDghXCGqS1H2y8yYIHjSYgNxUG36eHwrFzu4nUnPlXZT1BB7y3dKrqb0569HoJTuwi7DoHqFmk=" \
target="_blank">openssh_8.9p1.bb</a>
| 1 +<br>
> > 2 files changed, 985 insertions(+)<br>
> > create mode 100644 \
meta/recipes-connectivity/openssh/openssh/7280401bdd77ca54be6867a154cc01e0d72612e0.patch<br>
> ><br>
> > diff --git \
a/meta/recipes-connectivity/openssh/openssh/7280401bdd77ca54be6867a154cc01e0d72612e0.patch \
b/meta/recipes-connectivity/openssh/openssh/7280401bdd77ca54be6867a154cc01e0d72612e0.patch<br>
> > new file mode 100644<br>
> > index 0000000000..ebdff1ffe4<br>
> > --- /dev/null<br>
> > +++ b/meta/recipes-connectivity/openssh/openssh/7280401bdd77ca54be6867a154cc01e0d72612e0.patch<br>
> > @@ -0,0 +1,984 @@<br>
> > +From 7280401bdd77ca54be6867a154cc01e0d72612e0 Mon Sep 17 00:00:00 2001<br>
> > +From: Damien Miller <<a href="mailto:djm@mindrot.org" \
target="_blank">djm@mindrot.org</a>><br> > > +Date: Fri, 24 Mar 2023 \
13:56:25 +1100<br> > > +Subject: [PATCH] remove support for old libcrypto<br>
> > +<br>
> > +OpenSSH now requires LibreSSL 3.1.0 or greater or<br>
> > +OpenSSL 1.1.1 or greater<br>
> > +<br>
> > +with/ok dtucker@<br>
> > +<br>
> > +Upstream-Status: Backport [<a \
href="https://github.com/openssh/openssh-portable/commit/7280401bdd77ca54be6867a154cc01e0d72612e0" \
originalsrc="https://github.com/openssh/openssh-portable/commit/7280401bdd77ca54be6867a154cc01e0d72612e0" \
shash="em4PeZPv/lR2b379xWEF4JnFfQvM2mrSSM0HJoYleusFR7csokavQCOCG1GJ60wLWRsPPskcw+elzrx \
4eVX2oql47I04qJ1ROpt6VtL4vlM/EtMrxkB+2hAfao2NvtGoYbYnU30Krqg+c/2vBaJomzGsKm9zVLZGoHad0p9TAWw=" \
target="_blank">https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgith \
ub.com%2Fopenssh%2Fopenssh-portable%2Fcommit%2F7280401bdd77ca54be6867a154cc01e0d72612e \
0&data=05%7C01%7CRanjitsinh.Rathod%40kpit.com%7Cd788d3aa157742dfacb008db61a20d08%7 \
C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C638211120911246208%7CUnknown%7CTWFpbGZsb3d \
8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=AiOVMsuUKtG5WkExJNwIVaM9rqrHXXMg0c8WziS9yHQ%3D&reserved=0</a>]<br>
> > +Comment: Hunk are refreshed, removed couple of hunks from <a \
href="http://configure.ac/" originalsrc="http://configure.ac/" \
shash="EAq8YRxc9Ifw4J/Ollvz7VyWtSr9ZSmqhYtIt4qFOdujncUje0MOrvRjcnAJP4xwFgoDDdnbOV7nGl4 \
JlsfpC6tW3PKv5zO2z+g9Pt2J0zLhZuRvDPkJ1tnFpInuh+IFtciroILr5ssbWytMYvv/TDVY8aPuvpYGcyF0O0+pors=" \
target="_blank"> configure.ac</a> as hunk code is not prasent<br>
> > +and backported to the existing code.<br>
> > +Signed-off-by: Riyaz Khan <<a href="mailto:Riyaz.Khan@kpit.com" \
target="_blank">Riyaz.Khan@kpit.com</a>><br> > > +<br>
> > +---<br>
> > + .github/workflows/c-cpp.yml \
| 7 -<br> > > + \
INSTALL & \
nbsp; \
| 8 +-<br> > > + \
cipher-aes.c \
| 2 +-<br> > > + <a href="http://configure.ac/" \
originalsrc="http://configure.ac/" \
shash="EAq8YRxc9Ifw4J/Ollvz7VyWtSr9ZSmqhYtIt4qFOdujncUje0MOrvRjcnAJP4xwFgoDDdnbOV7nGl4 \
JlsfpC6tW3PKv5zO2z+g9Pt2J0zLhZuRvDPkJ1tnFpInuh+IFtciroILr5ssbWytMYvv/TDVY8aPuvpYGcyF0O0+pors=" \
target="_blank"> configure.ac</a>   \
; \
| 96 ++---<br> > > + openbsd-compat/libressl-api-compat.c | 556 \
+--------------------------<br> > > + \
openbsd-compat/openssl-compat.h | 151 +-------<br> > \
> + 6 files changed, 40 insertions(+), 780 deletions(-)<br> > > +<br>
> > +diff --git a/.github/workflows/c-cpp.yml b/.github/workflows/c-cpp.yml<br>
> > +index 3d9aa22dba5..d299a32468d 100644<br>
> > +--- a/.github/workflows/c-cpp.yml<br>
> > ++++ b/.github/workflows/c-cpp.yml<br>
> > +@@ -40,18 +40,11 @@<br>
> > + - { os: \
ubuntu-20.04, configs: tcmalloc }<br> > > \
+ - { os: ubuntu-20.04, \
configs: musl }<br> > > \
+ - { os: ubuntu-latest, \
configs: libressl-master }<br> > > \
+- - { os: ubuntu-latest, \
configs: libressl-2.2.9 }<br> > > \
+- - { os: ubuntu-latest, \
configs: libressl-2.8.3 }<br> > > \
+- - { os: ubuntu-latest, \
configs: libressl-3.0.2 }<br> > > \
+ - { os: ubuntu-latest, \
configs: libressl-3.2.6 }<br> > > \
+ - { os: ubuntu-latest, \
configs: libressl-3.3.4 }<br> > > \
+ - { os: ubuntu-latest, \
configs: libressl-3.4.1 }<br> > > \
+ - { os: ubuntu-latest, \
configs: openssl-master }<br> > > \
+ - { os: ubuntu-latest, \
configs: openssl-noec }<br> > > \
+- - { os: ubuntu-latest, \
configs: openssl-1.0.1 }<br> > > \
+- - { os: ubuntu-latest, \
configs: openssl-1.0.1u }<br> > > \
+- - { os: ubuntu-latest, \
configs: openssl-1.0.2u }<br> > > \
+- - { os: ubuntu-latest, \
configs: openssl-1.1.0h }<br> > > \
+ - { os: ubuntu-latest, \
configs: openssl-1.1.1 }<br> > > \
+ - { os: ubuntu-latest, \
configs: openssl-1.1.1k }<br> > > \
+ - { os: ubuntu-latest, \
configs: openssl-3.0.0 }<br> > > +diff --git a/INSTALL b/INSTALL<br>
> > +index 68b15e13190..f99d1e2a809 100644<br>
> > +--- a/INSTALL<br>
> > ++++ b/INSTALL<br>
> > +@@ -21,12 +21,8 @@ <a href="https://zlib.net/" \
originalsrc="https://zlib.net/" \
shash="a+HGQ16Ws1fdlmwtKA1da9gofj2jM9qWzS79aFPfRc3+0Y7sZ1a61T8xN/yP/3sLvgVgA5sbsPV5QVg \
RpTfHCBwvktbPwxsyezFiGeqEqx6PdBaN89yE9zHp1T04VVdlbjVCfPmJUYhh4PtxwC58dZTf5Dul/5db+RmpsggvWnE=" \
target="_blank"> https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fzli \
b.net%2F&data=05%7C01%7CRanjitsinh.Rathod%40kpit.com%7Cd788d3aa157742dfacb008db61a \
20d08%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C638211120911246208%7CUnknown%7CTWFp \
bGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7 \
C%7C&sdata=gazTCzbsb8yEsXaj1Vn9FGK6t4V1Fop5t8tPb%2BWqUns%3D&reserved=0</a><br>
> > +<br>
> > + libcrypto from either of LibreSSL or OpenSSL. Building without \
libcrypto<br> > > + is supported but severely restricts the available ciphers \
and algorithms.<br> > > +- - LibreSSL (<a href="https://www.libressl.org/" \
originalsrc="https://www.libressl.org/" \
shash="tCVI7JwQVJojVNoJUdO1AqHQfNAl34bT8Mso6DzpidCCFzUd67i2c4W7QSgpUQ5Y1E1VohcR4BF8qMq \
ay127N0YdS5+2Wi0cKldpCR1EBaja8RNyxSdWQBULn4n2ZUmrqr7L+4uBhvOIBAdLdrqLW5lWgfeSPSLaiQrSUWl+yiM=" \
target="_blank">https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww. \
libressl.org%2F&data=05%7C01%7CRanjitsinh.Rathod%40kpit.com%7Cd788d3aa157742dfacb0 \
08db61a20d08%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C638211120911246208%7CUnknown \
%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C30 \
00%7C%7C%7C&sdata=Cmw7m41lEsAw3CFeFKL1R8u%2Bbu%2FWslzOq%2BhS%2FEkXohg%3D&reserved=0</a>)<br>
> > +- - OpenSSL (<a href="https://www.openssl.org/" \
originalsrc="https://www.openssl.org/" \
shash="bmo1ghqUAWfj8/1+b3rS2N4RkKQ7ZbMGrMyXfImiIx2/y/Nxxs81f791HwSBecYG5OOqoFY//nCYi5C \
/R7w8vpd3fRK+tMYS71KCejtKth5Ke5ObjI9hS6TbKbr69SANbmmWbAyYZ3S3I1AN3KXpJ5IZ3ezTrm4NWP4C1soFSO0=" \
target="_blank">https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww. \
openssl.org%2F&data=05%7C01%7CRanjitsinh.Rathod%40kpit.com%7Cd788d3aa157742dfacb00 \
8db61a20d08%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C638211120911246208%7CUnknown% \
7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C300 \
0%7C%7C%7C&sdata=JIzbanv8OPCrZyGkB%2B%2BqyNgDfk72Qy2BmB9LAIS%2FTKk%3D&reserved=0</a>)
with any of the following versions:<br>
> > +- - 1.0.x >= 1.0.1 or 1.1.0 >= 1.1.0g or any 1.1.1<br>
> > +-<br>
> > +-Note that due to a bug in EVP_CipherInit OpenSSL 1.1 versions prior \
to<br> > > +-1.1.0g can't be used.<br>
> > ++ - LibreSSL (<a href="https://www.libressl.org/" \
originalsrc="https://www.libressl.org/" \
shash="tCVI7JwQVJojVNoJUdO1AqHQfNAl34bT8Mso6DzpidCCFzUd67i2c4W7QSgpUQ5Y1E1VohcR4BF8qMq \
ay127N0YdS5+2Wi0cKldpCR1EBaja8RNyxSdWQBULn4n2ZUmrqr7L+4uBhvOIBAdLdrqLW5lWgfeSPSLaiQrSUWl+yiM=" \
target="_blank">https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww. \
libressl.org%2F&data=05%7C01%7CRanjitsinh.Rathod%40kpit.com%7Cd788d3aa157742dfacb0 \
08db61a20d08%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C638211120911246208%7CUnknown \
%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C30 \
00%7C%7C%7C&sdata=Cmw7m41lEsAw3CFeFKL1R8u%2Bbu%2FWslzOq%2BhS%2FEkXohg%3D&reserved=0</a>)
3.1.0 or greater<br>
> > ++ - OpenSSL (<a href="https://www.openssl.org/" \
originalsrc="https://www.openssl.org/" \
shash="bmo1ghqUAWfj8/1+b3rS2N4RkKQ7ZbMGrMyXfImiIx2/y/Nxxs81f791HwSBecYG5OOqoFY//nCYi5C \
/R7w8vpd3fRK+tMYS71KCejtKth5Ke5ObjI9hS6TbKbr69SANbmmWbAyYZ3S3I1AN3KXpJ5IZ3ezTrm4NWP4C1soFSO0=" \
target="_blank">https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww. \
openssl.org%2F&data=05%7C01%7CRanjitsinh.Rathod%40kpit.com%7Cd788d3aa157742dfacb00 \
8db61a20d08%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C638211120911246208%7CUnknown% \
7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C300 \
0%7C%7C%7C&sdata=JIzbanv8OPCrZyGkB%2B%2BqyNgDfk72Qy2BmB9LAIS%2FTKk%3D&reserved=0</a>)
1.1.1 or greater<br>
> > +<br>
> > + LibreSSL/OpenSSL should be compiled as a position-independent library<br>
> > + (i.e. -fPIC, eg by configuring OpenSSL as "./config [options] \
-fPIC"<br> > > +diff --git a/cipher-aes.c b/cipher-aes.c<br>
> > +index 8b101727284..87c763353d8 100644<br>
> > +--- a/cipher-aes.c<br>
> > ++++ b/cipher-aes.c<br>
> > +@@ -69,7 +69,7 @@ ssh_rijndael_init(EVP_CIPHER_CTX *ctx, const u_char \
*key, const u_char *iv,<br> > > +<br>
> > + static int<br>
> > + ssh_rijndael_cbc(EVP_CIPHER_CTX *ctx, u_char *dest, const u_char \
*src,<br> > > +- LIBCRYPTO_EVP_INL_TYPE len)<br>
> > ++ size_t len)<br>
> > + {<br>
> > + struct ssh_rijndael_ctx *c;<br>
> > + u_char buf[RIJNDAEL_BLOCKSIZE];<br>
> > +diff --git a/<a href="http://configure.ac/" \
originalsrc="http://configure.ac/" \
shash="EAq8YRxc9Ifw4J/Ollvz7VyWtSr9ZSmqhYtIt4qFOdujncUje0MOrvRjcnAJP4xwFgoDDdnbOV7nGl4 \
JlsfpC6tW3PKv5zO2z+g9Pt2J0zLhZuRvDPkJ1tnFpInuh+IFtciroILr5ssbWytMYvv/TDVY8aPuvpYGcyF0O0+pors=" \
target="_blank">configure.ac</a> b/<a href="http://configure.ac/" \
originalsrc="http://configure.ac/" \
shash="EAq8YRxc9Ifw4J/Ollvz7VyWtSr9ZSmqhYtIt4qFOdujncUje0MOrvRjcnAJP4xwFgoDDdnbOV7nGl4 \
JlsfpC6tW3PKv5zO2z+g9Pt2J0zLhZuRvDPkJ1tnFpInuh+IFtciroILr5ssbWytMYvv/TDVY8aPuvpYGcyF0O0+pors=" \
target="_blank">configure.ac</a><br> > > +index 22fee70f604..1c0ccdf19c5 \
100644<br> > > +--- a/<a href="http://configure.ac/" \
originalsrc="http://configure.ac/" \
shash="oGVZlhxOQcOZac2bB+czwGPWNydJkxaMpXZoZ0oAS3ClVapYsluvD/etyL7UA9ib05rfbWLbv4UmFkt \
nh1y1I6lXMDJHpuq/1fwQ/uI85Tm5GkUPY8hebZNSSNbvWLDbKpQZWgm8sQUvAB3wsVecfuM3EawrKyWUquO7tlr5B4E=" \
target="_blank">configure.ac</a><br> > > ++++ b/<a href="http://configure.ac/" \
originalsrc="http://configure.ac/" \
shash="oGVZlhxOQcOZac2bB+czwGPWNydJkxaMpXZoZ0oAS3ClVapYsluvD/etyL7UA9ib05rfbWLbv4UmFkt \
nh1y1I6lXMDJHpuq/1fwQ/uI85Tm5GkUPY8hebZNSSNbvWLDbKpQZWgm8sQUvAB3wsVecfuM3EawrKyWUquO7tlr5B4E=" \
target="_blank">configure.ac</a><br> > > +@@ -2744,42 +2744,40 @@<br>
> > + #include <openssl/crypto.h><br>
> > + #define DATA \
"conftest.ssllibver"<br> > > \
+ \
]], [[<br> > > \
+- FILE \
*fd;<br> > > +- \
int rc;<br> > > \
++ FILE \
*f;<br> > > +<br>
> > +- \
fd = fopen(DATA,"w");<br> > > \
+- \
if(fd == NULL)<br> > > \
++ if \
((f = fopen(DATA, "w")) == NULL)<br> > > \
+ \
exit(1);<br> > > +-#ifndef OPENSSL_VERSION<br>
> > +-# define OPENSSL_VERSION SSLEAY_VERSION<br>
> > +-#endif<br>
> > +-#ifndef HAVE_OPENSSL_VERSION<br>
> > +-# define OpenSSL_version SSLeay_version<br>
> > +-#endif<br>
> > +-#ifndef HAVE_OPENSSL_VERSION_NUM<br>
> > +-# define OpenSSL_version_num SSLeay<br>
> > +-#endif<br>
> > +- \
if ((rc = fprintf(fd, "%08lx (%s)\n",<br> > > \
++ if \
(fprintf(f, "%08lx (%s)",<br> > > \
+ \
(unsigned long)OpenSSL_version_num(),<br> > > \
+- \
OpenSSL_version(OPENSSL_VERSION))) < 0)<br> > > \
++ \
OpenSSL_version(OPENSSL_VERSION)) < 0)<br> > > \
++ \
exit(1);<br> > > ++#ifdef LIBRESSL_VERSION_NUMBER<br>
> > ++ \
if (fprintf(f, " libressl-%08lx", LIBRESSL_VERSION_NUMBER) < 0)<br> > \
> ++ \
exit(1);<br> > > ++#endif<br>
> > ++ \
if (fputc('\n', f) == EOF || fclose(f) == EOF)<br> > > \
+ \
exit(1);<br> > > +-<br>
> > + \
exit(0);<br> > > \
+ \
]])],<br> > > + \
[<br> > > +- \
ssl_library_ver=`cat conftest.ssllibver`<br> > > \
++ \
sslver=`cat conftest.ssllibver`<br> > > \
++ \
ssl_showver=`echo "$sslver" | sed 's/ libressl-.*//'`<br> > > \
+ \
# Check version is supported.<br> > > \
+- \
case "$ssl_library_ver" in<br> > > \
+- \
10000*|0*)<br> > > \
+- \
\
AC_MSG_ERROR([OpenSSL >= 1.0.1 required (have "$ssl_library_ver")])<br> \
> > +- &n \
bsp; \
;;<br> > > +- \
100*) ;; # 1.0.x<br> > > \
+- \
101000[[0123456]]*)<br> > > \
+- \
\
# <a href="https://github.com/openssl/openssl/pull/4613" \
originalsrc="https://github.com/openssl/openssl/pull/4613" \
shash="jugC11tft97a7hBal+R4aIzgTghYI+fKFv+VE25TdNndnSQsba48eecdDvJsijtvltNgNXNiek9j7UH \
8UZwKGDjtyWakcidlZhh7kuz/HwYQlMASVbQaO4x3HyBX9Y4qcz569jbMv26FffW+0ky0nVyLLRHhK08cPynyT+lT6t0=" \
target="_blank"> https://apc01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgit \
hub.com%2Fopenssl%2Fopenssl%2Fpull%2F4613&data=05%7C01%7CRanjitsinh.Rathod%40kpit. \
com%7Cd788d3aa157742dfacb008db61a20d08%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C63 \
8211120911246208%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6I \
k1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=dJwZf4dbh%2FT3T5kfAA4%2FAXjZEhsAx5Rzay3Nq9Z0nK0%3D&reserved=0</a><br>
> > +- & \
nbsp; \
AC_MSG_ERROR([OpenSSL 1.1.x versions prior to 1.1.0g have a bug that breaks their use \
with OpenSSH (have "$ssl_library_ver")])<br> > > \
++ \
case "$sslver" in<br> > > \
++ \
100*|10100*) # 1.0.x, 1.1.0x<br> > > \
++ \
\
AC_MSG_ERROR([OpenSSL >= 1.1.1 required (have "$ssl_showver")])<br> > \
> + &n \
bsp; \
;;<br> > > + \
101*) ;; # 1.1.x<br> > > \
+- \
200*) ;; # LibreSSL<br> > > \
++ \
200*) # LibreSSL<br> > > \
++ \
\
lver=`echo "$sslver" | sed 's/.*libressl-//'`<br> > > \
++ \
\
case "$lver" in<br> > > \
++ \
\
2*|300*) # 2.x, 3.0.0<br> > > \
++ \
\
AC_MSG_ERROR([LibreSSL >= 3.1.0 required (have "$ssl_showver")])<br> \
> > ++ &n \
bsp; \
;;<br> > > ++ & \
nbsp; \
*) ;; # Assume all other versions are good.<br> > > \
++ \
\
esac<br> > > ++   \
; \
;;<br> > > + \
300*) ;; # OpenSSL 3<br> > > \
+ \
301*) ;; # OpenSSL development branch.<br> > > \
+ \
*)<br> > > +@@ -2781,10 +2781,10 @@<br>
> > + \
300*) ;; # OpenSSL 3<br> > > \
+ \
301*) ;; # OpenSSL development branch.<br> > > \
+ \
*)<br> > > +- & \
nbsp; \
AC_MSG_ERROR([Unknown/unsupported OpenSSL version \
("$ssl_library_ver")])<br> > > \
++ \
\
AC_MSG_ERROR([Unknown/unsupported OpenSSL version ("$ssl_showver")])<br> \
> > + &nb \
sp; \
;;<br> > > + \
esac<br> > > +- \
AC_MSG_RESULT([$ssl_library_ver])<br> > > \
++ \
AC_MSG_RESULT([$ssl_showver])<br> > > \
+ \
],<br> > > + \
[<br> > > + \
AC_MSG_RESULT([not found])<br> > > +@@ -2804,9 +2804,6 @@<br>
> > + #include \
<openssl/opensslv.h><br> > > + \
#include <openssl/crypto.h><br> > > \
+ \
]], [[<br> > > +-#ifndef HAVE_OPENSSL_VERSION_NUM<br>
> > +-# define OpenSSL_version_num SSLeay<br>
> > +-#endif<br>
> > + \
exit(OpenSSL_version_num() == OPENSSL_VERSION_NUMBER ? 0 : 1);<br> > > \
+ \
]])],<br> > > + \
[<br> > > +@@ -2881,44 +2878,13 @@<br>
> > + )<br>
> > + )<br>
> > +<br>
> > +- # LibreSSL/OpenSSL 1.1x API<br>
> > ++ # LibreSSL/OpenSSL API differences<br>
> > + AC_CHECK_FUNCS([ \<br>
> > +- \
OPENSSL_init_crypto \<br> > > \
+- \
DH_get0_key \<br> > > \
+- \
DH_get0_pqg \<br> > > \
+- \
DH_set0_key \<br> > > \
+- \
DH_set_length \<br> > > \
+- \
DH_set0_pqg \<br> > > \
+- \
DSA_get0_key \<br> > > \
+- \
DSA_get0_pqg \<br> > > \
+- \
DSA_set0_key \<br> > > \
+- \
DSA_set0_pqg \<br> > > \
+- \
DSA_SIG_get0 \<br> > > \
+- \
DSA_SIG_set0 \<br> > > \
+- \
ECDSA_SIG_get0 \<br> > > \
+- \
ECDSA_SIG_set0 \<br> > > \
+ \
EVP_CIPHER_CTX_iv \<br> > > \
+ \
EVP_CIPHER_CTX_iv_noconst \<br> > > \
+ \
EVP_CIPHER_CTX_get_iv \<br> > > \
+ \
EVP_CIPHER_CTX_get_updated_iv \<br> > > \
+ \
EVP_CIPHER_CTX_set_iv \<br> > > \
+- \
RSA_get0_crt_params \<br> > > \
+- \
RSA_get0_factors \<br> > > \
+- \
RSA_get0_key \<br> > > \
+- \
RSA_set0_crt_params \<br> > > \
+- \
RSA_set0_factors \<br> > > \
+- \
RSA_set0_key \<br> > > \
+- \
RSA_meth_free \<br> > > \
+- \
RSA_meth_dup \<br> > > \
+- \
RSA_meth_set1_name \<br> > > \
+- \
RSA_meth_get_finish \<br> > > \
+- \
RSA_meth_set_priv_enc \<br> > > \
+- \
RSA_meth_set_priv_dec \<br> > > \
+- \
RSA_meth_set_finish \<br> > > \
+- \
EVP_PKEY_get0_RSA \<br> > > \
+- \
EVP_MD_CTX_new \<br> > > \
+- \
EVP_MD_CTX_free \<br> > > \
+- \
EVP_chacha20 \<br> > > + ])<br>
> > +<br>
> > + if test "x$openssl_engine" \
= "xyes" ; then<br> > > +@@ -3040,8 +3006,8 @@<br>
> > + fi<br>
> > + AC_CHECK_FUNCS([crypt DES_crypt])<br>
> > +<br>
> > +- # Check for SHA256, SHA384 and SHA512 \
support in OpenSSL<br> > > +- \
AC_CHECK_FUNCS([EVP_sha256 EVP_sha384 EVP_sha512])<br> > > \
++ # Check for various EVP support in OpenSSL<br> > \
> ++ AC_CHECK_FUNCS([EVP_sha256 EVP_sha384 \
EVP_sha512 EVP_chacha20])<br> > > +<br>
> > + # Check complete ECC support in \
OpenSSL<br> > > + AC_MSG_CHECKING([whether \
OpenSSL has NID_X9_62_prime256v1])<br> > > +diff --git \
a/openbsd-compat/libressl-api-compat.c b/openbsd-compat/libressl-api-compat.c<br> \
> > +index 498180dc894..59be17397c5 100644<br> > > +--- \
a/openbsd-compat/libressl-api-compat.c<br> > > ++++ \
b/openbsd-compat/libressl-api-compat.c<br> > > +@@ -1,129 +1,5 @@<br>
> > +-/* $OpenBSD: dsa_lib.c,v 1.29 2018/04/14 07:09:21 tb Exp $ */<br>
> > +-/* $OpenBSD: rsa_lib.c,v 1.37 2018/04/14 07:09:21 tb Exp $ */<br>
> > +-/* $OpenBSD: evp_lib.c,v 1.17 2018/09/12 06:35:38 djm Exp $ */<br>
> > +-/* $OpenBSD: dh_lib.c,v 1.32 2018/05/02 15:48:38 tb Exp $ */<br>
> > +-/* $OpenBSD: p_lib.c,v 1.24 2018/05/30 15:40:50 tb Exp $ */<br>
> > +-/* $OpenBSD: digest.c,v 1.30 2018/04/14 07:09:21 tb Exp $ */<br>
> > +-/* Copyright (C) 1995-1998 Eric Young (<a href="mailto:eay@cryptsoft.com" \
target="_blank">eay@cryptsoft.com</a>)<br> > > +- * All rights reserved.<br>
> > +- *<br>
> > +- * This package is an SSL implementation written<br>
> > +- * by Eric Young (<a href="mailto:eay@cryptsoft.com" \
target="_blank">eay@cryptsoft.com</a>).<br> > > +- * The implementation was \
written so as to conform with Netscapes SSL.<br> > > +- *<br>
> > +- * This library is free for commercial and non-commercial use as long \
as<br> > > +- * the following conditions are aheared to. The following \
conditions<br> > > +- * apply to all code found in this distribution, be it the \
RC4, RSA,<br> > > +- * lhash, DES, etc., code; not just the SSL code. The \
SSL documentation<br> > > +- * included with this distribution is covered by \
the same copyright terms<br> > > +- * except that the holder is Tim Hudson (<a \
href="mailto:tjh@cryptsoft.com" target="_blank">tjh@cryptsoft.com</a>).<br> > > \
+- *<br> > > +- * Copyright remains Eric Young's, and as such any Copyright \
notices in<br> > > +- * the code are not to be removed.<br>
> > +- * If this package is used in a product, Eric Young should be given \
attribution<br> > > +- * as the author of the parts of the library used.<br>
> > +- * This can be in the form of a textual message at program startup or<br>
> > +- * in documentation (online or textual) provided with the package.<br>
> > +- *<br>
> > +- * Redistribution and use in source and binary forms, with or without<br>
> > +- * modification, are permitted provided that the following conditions<br>
> > +- * are met:<br>
> > +- * 1. Redistributions of source code must retain the copyright<br>
> > +- * notice, this list of conditions and the following \
disclaimer.<br> > > +- * 2. Redistributions in binary form must reproduce the \
above copyright<br> > > +- * notice, this list of conditions \
and the following disclaimer in the<br> > > +- * \
documentation and/or other materials provided with the distribution.<br> > > +- \
* 3. All advertising materials mentioning features or use of this software<br> > \
> +- * must display the following acknowledgement:<br> > > \
+- * "This product includes cryptographic software written \
by<br> > > +- * Eric Young (<a \
href="mailto:eay@cryptsoft.com" target="_blank">eay@cryptsoft.com</a>)"<br> > \
> +- * The word 'cryptographic' can be left out if the rouines \
from the library<br> > > +- * being used are not \
cryptographic related :-).<br> > > +- * 4. If you include any Windows specific \
code (or a derivative thereof) from<br> > > +- * the apps \
directory (application code) you must include an acknowledgement:<br> > > +- \
* "This product includes software written by Tim Hudson (<a \
href="mailto:tjh@cryptsoft.com" target="_blank">tjh@cryptsoft.com</a>)"<br> > \
> +- *<br> > > +- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' \
AND<br> > > +- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED \
TO, THE<br> > > +- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A \
PARTICULAR PURPOSE<br> > > +- * ARE DISCLAIMED. IN NO EVENT SHALL THE \
AUTHOR OR CONTRIBUTORS BE LIABLE<br> > > +- * FOR ANY DIRECT, INDIRECT, \
INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL<br> > > +- * DAMAGES \
(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS<br> > > +- * OR \
SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)<br> > > +- * \
HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT<br> > \
> +- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY \
WAY<br> > > +- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE \
POSSIBILITY OF<br> > > +- * SUCH DAMAGE.<br>
> > +- *<br>
> > +- * The licence and distribution terms for any publically available \
version or<br> > > +- * derivative of this code cannot be changed. i.e. \
this code cannot simply be<br> > > +- * copied and put under another \
distribution licence<br> > > +- * [including the GNU Public Licence.]<br>
> > +- */<br>
> > +-<br>
> > +-/* $OpenBSD: dsa_asn1.c,v 1.22 2018/06/14 17:03:19 jsing Exp $ */<br>
> > +-/* $OpenBSD: ecs_asn1.c,v 1.9 2018/03/17 15:24:44 tb Exp $ */<br>
> > +-/* $OpenBSD: digest.c,v 1.30 2018/04/14 07:09:21 tb Exp $ */<br>
> > +-/* Written by Dr Stephen N Henson (<a href="mailto:steve@openssl.org" \
target="_blank">steve@openssl.org</a>) for the OpenSSL<br> > > +- * project \
2000.<br> > > +- */<br>
> > +-/* ====================================================================<br>
> > +- * Copyright (c) 2000-2005 The OpenSSL Project. All rights \
reserved.<br> > > +- *<br>
> > +- * Redistribution and use in source and binary forms, with or without<br>
> > +- * modification, are permitted provided that the following conditions<br>
> > +- * are met:<br>
> > +- *<br>
> > +- * 1. Redistributions of source code must retain the above copyright<br>
> > +- * notice, this list of conditions and the following \
disclaimer.<br> > > +- *<br>
> > +- * 2. Redistributions in binary form must reproduce the above \
copyright<br> > > +- * notice, this list of conditions and \
the following disclaimer in<br> > > +- * the documentation \
and/or other materials provided with the<br> > > +- * \
distribution.<br> > > +- *<br>
> > +- * 3. All advertising materials mentioning features or use of this<br>
> > +- * software must display the following \
acknowledgment:<br> > > +- * "This product includes \
software developed by the OpenSSL Project<br> > > +- * for \
use in the OpenSSL Toolkit. (<a href="http://www.openssl.org/" \
originalsrc="http://www.openssl.org/" \
shash="GiUBZvPJ6VIPNz0IdA0F1mpeErUU2p+7dShtG/0VQELNgEZVHro6fxuQY5lfX9ZrzAdBpnSt6TB+WIP \
o9T6skdY0/cq4ffx8rwmhKpRiSJz/a1ikrQmrke5xGO6ZgXsDWsoFLTOte1Uo/qgkwvDtZoXHQs5lfBlQqVVqZq3LuVM=" \
target="_blank">https://apc01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.o \
penssl.org%2F&data=05%7C01%7CRanjitsinh.Rathod%40kpit.com%7Cd788d3aa157742dfacb008 \
db61a20d08%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C638211120911246208%7CUnknown%7 \
CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000 \
%7C%7C%7C&sdata=xcpid%2F25wbVMoxg4ok8qGpgBjiL8jXkZN5bX4hSS2wc%3D&reserved=0</a>)"<br>
> > +- *<br>
> > +- * 4. The names "OpenSSL Toolkit" and "OpenSSL \
Project" must not be used to<br> > > +- * endorse or \
promote products derived from this software without<br> > > +- \
* prior written permission. For written permission, please \
contact<br> > > +- * licensing@OpenSSL.org.<br>
> > +- *<br>
> > +- * 5. Products derived from this software may not be called \
"OpenSSL"<br> > > +- * nor may "OpenSSL" \
appear in their names without prior written<br> > > +- * \
permission of the OpenSSL Project.<br> > > +- *<br>
> > +- * 6. Redistributions of any form whatsoever must retain the \
following<br> > > +- * acknowledgment:<br>
> > +- * "This product includes software developed by \
the OpenSSL Project<br> > > +- * for use in the OpenSSL \
Toolkit (<a href="http://www.openssl.org/" originalsrc="http://www.openssl.org/" \
shash="GiUBZvPJ6VIPNz0IdA0F1mpeErUU2p+7dShtG/0VQELNgEZVHro6fxuQY5lfX9ZrzAdBpnSt6TB+WIP \
o9T6skdY0/cq4ffx8rwmhKpRiSJz/a1ikrQmrke5xGO6ZgXsDWsoFLTOte1Uo/qgkwvDtZoXHQs5lfBlQqVVqZq3LuVM=" \
target="_blank">https://apc01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.o \
penssl.org%2F&data=05%7C01%7CRanjitsinh.Rathod%40kpit.com%7Cd788d3aa157742dfacb008 \
db61a20d08%7C3539451eb46e4a26a242ff61502855c7%7C0%7C0%7C638211120911246208%7CUnknown%7 \
CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000 \
%7C%7C%7C&sdata=xcpid%2F25wbVMoxg4ok8qGpgBjiL8jXkZN5bX4hSS2wc%3D&reserved=0</a>)"<br>
> > +- *<br>
> > +- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY<br>
> > +- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, \
THE<br> > > +- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A \
PARTICULAR<br> > > +- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE \
OpenSSL PROJECT OR<br> > > +- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, \
INDIRECT, INCIDENTAL,<br> > > +- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES \
(INCLUDING, BUT<br> > > +- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR \
SERVICES;<br> > > +- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS \
INTERRUPTION)<br> > > +- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, \
WHETHER IN CONTRACT,<br> > > +- * STRICT LIABILITY, OR TORT (INCLUDING \
NEGLIGENCE OR OTHERWISE)<br> > > +- * ARISING IN ANY WAY OUT OF THE USE OF THIS \
SOFTWARE, EVEN IF ADVISED<br> > > +- * OF THE POSSIBILITY OF SUCH DAMAGE.<br>
> > +- * ====================================================================<br>
> > +- *<br>
> > +- * This product includes cryptographic software written by Eric Young<br>
> > +- * (<a href="mailto:eay@cryptsoft.com" \
target="_blank">eay@cryptsoft.com</a>). This product includes software written \
by Tim<br> > > +- * Hudson (<a href="mailto:tjh@cryptsoft.com" \
target="_blank">tjh@cryptsoft.com</a>).<br> > > +- *<br>
> > +- */<br>
> > +-<br>
> > +-/* $OpenBSD: rsa_meth.c,v 1.2 2018/09/12 06:35:38 djm \
Exp $ */<br> > > + /*<br>
> > +- * Copyright (c) 2018 Theo Buehler <<a href="mailto:tb@openbsd.org" \
target="_blank">tb@openbsd.org</a>><br> > > ++ * Copyright (c) 2018 Damien \
Miller <<a href="mailto:djm@mindrot.org" \
target="_blank">djm@mindrot.org</a>><br> > > + *<br>
> > + * Permission to use, copy, modify, and distribute this software for \
any<br> > > + * purpose with or without fee is hereby granted, provided \
that the above<br> > > +@@ -147,192 +23,7 @@<br>
> > + #include <stdlib.h><br>
> > + #include <string.h><br>
> > +<br>
> > +-#include <openssl/err.h><br>
> > +-#include <openssl/bn.h><br>
> > +-#include <openssl/dsa.h><br>
> > +-#include <openssl/rsa.h><br>
> > + #include <openssl/evp.h><br>
> > +-#ifdef OPENSSL_HAS_ECC<br>
> > +-#include <openssl/ecdsa.h><br>
> > +-#endif<br>
> > +-#include <openssl/dh.h><br>
> > +-<br>
> > +-#ifndef HAVE_DSA_GET0_PQG<br>
> > +-void<br>
> > +-DSA_get0_pqg(const DSA *d, const BIGNUM **p, const BIGNUM **q, const \
BIGNUM **g)<br> > > +-{<br>
> > +- if (p != NULL)<br>
> > +- \
*p = d->p;<br> > > +- if (q != NULL)<br>
> > +- \
*q = d->q;<br> > > +- if (g != NULL)<br>
> > +- \
*g = d->g;<br> > > +-}<br>
> > +-#endif /* HAVE_DSA_GET0_PQG */<br>
> > +-<br>
> > +-#ifndef HAVE_DSA_SET0_PQG<br>
> > +-int<br>
> > +-DSA_set0_pqg(DSA *d, BIGNUM *p, BIGNUM *q, BIGNUM *g)<br>
> > +-{<br>
> > +- if ((d->p == NULL && p == NULL) \
|| (d->q == NULL && q == NULL) ||<br> > > \
+- (d->g == NULL && \
g == NULL))<br> > > \
+- \
return 0;<br> > > +-<br>
> > +- if (p != NULL) {<br>
> > +- \
BN_free(d->p);<br> > > \
+- \
d->p = p;<br> > > +- }<br>
> > +- if (q != NULL) {<br>
> > +- \
BN_free(d->q);<br> > > \
+- \
d->q = q;<br> > > +- }<br>
> > +- if (g != NULL) {<br>
> > +- \
BN_free(d->g);<br> > > \
+- \
d->g = g;<br> > > +- }<br>
> > +-<br>
> > +- return 1;<br>
> > +-}<br>
> > +-#endif /* HAVE_DSA_SET0_PQG */<br>
> > +-<br>
> > +-#ifndef HAVE_DSA_GET0_KEY<br>
> > +-void<br>
> > +-DSA_get0_key(const DSA *d, const BIGNUM **pub_key, const BIGNUM \
**priv_key)<br> > > +-{<br>
> > +- if (pub_key != NULL)<br>
> > +- \
*pub_key = d->pub_key;<br> > > +- if (priv_key \
!= NULL)<br> > > \
+- \
*priv_key = d->priv_key;<br> > > +-}<br>
> > +-#endif /* HAVE_DSA_GET0_KEY */<br>
> > +-<br>
> > +-#ifndef HAVE_DSA_SET0_KEY<br>
> > +-int<br>
> > +-DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key)<br>
> > +-{<br>
> > +- if (d->pub_key == NULL && \
pub_key == NULL)<br> > > \
+- \
return 0;<br> > > +-<br>
> > +- if (pub_key != NULL) {<br>
> > +- \
BN_free(d->pub_key);<br> > > \
+- \
d->pub_key = pub_key;<br> > > +- }<br>
> > +- if (priv_key != NULL) {<br>
> > +- \
BN_free(d->priv_key);<br> > > \
+- \
d->priv_key = priv_key;<br> > > +- }<br>
> > +-<br>
> > +- return 1;<br>
> > +-}<br>
> > +-#endif /* HAVE_DSA_SET0_KEY */<br>
> > +-<br>
> > +-#ifndef HAVE_RSA_GET0_KEY<br>
> > +-void<br>
> > +-RSA_get0_key(const RSA *r, const BIGNUM **n, const BIGNUM **e, const \
BIGNUM **d)<br> > > +-{<br>
> > +- if (n != NULL)<br>
> > +- \
*n = r->n;<br> > > +- if (e != NULL)<br>
> > +- \
*e = r->e;<br> > > +- if (d != NULL)<br>
> > +- \
*d = r->d;<br> > > +-}<br>
> > +-#endif /* HAVE_RSA_GET0_KEY */<br>
> > +-<br>
> > +-#ifndef HAVE_RSA_SET0_KEY<br>
> > +-int<br>
> > +-RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d)<br>
> > +-{<br>
> > +- if ((r->n == NULL && n == NULL) \
|| (r->e == NULL && e == NULL))<br> > > \
+- \
return 0;<br> > > +-<br>
> > +- if (n != NULL) {<br>
> > +- \
BN_free(r->n);<br> > > \
+- \
r->n = n;<br> > > +- }<br>
> > +- if (e != NULL) {<br>
> > +- \
BN_free(r->e);<br> > > \
+- \
r->e = e;<br> > > +- }<br>
> > +- if (d != NULL) {<br>
> > +- \
BN_free(r->d);<br> > > \
+- \
r->d = d;<br> > > +- }<br>
> > +-<br>
> > +- return 1;<br>
> > +-}<br>
> > +-#endif /* HAVE_RSA_SET0_KEY */<br>
> > +-<br>
> > +-#ifndef HAVE_RSA_GET0_CRT_PARAMS<br>
> > +-void<br>
> > +-RSA_get0_crt_params(const RSA *r, const BIGNUM **dmp1, const BIGNUM \
**dmq1,<br> > > +- const BIGNUM **iqmp)<br>
> > +-{<br>
> > +- if (dmp1 != NULL)<br>
> > +- \
*dmp1 = r->dmp1;<br> > > +- if (dmq1 != \
NULL)<br> > > +- \
*dmq1 = r->dmq1;<br> > > +- if (iqmp != \
NULL)<br> > > +- \
*iqmp = r->iqmp;<br> > > +-}<br>
> > +-#endif /* HAVE_RSA_GET0_CRT_PARAMS */<br>
> > +-<br>
> > +-#ifndef HAVE_RSA_SET0_CRT_PARAMS<br>
> > +-int<br>
> > +-RSA_set0_crt_params(RSA *r, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp)<br>
> > +-{<br>
> > +- if ((r->dmp1 == NULL && dmp1 == \
NULL) ||<br> > > +- \
(r->dmq1 == NULL && dmq1 == NULL) ||<br> > > \
+- (r->iqmp == NULL \
&& iqmp == NULL))<br> > > \
+- \
return 0;<br> > > +-<br>
> > +- if (dmp1 != NULL) {<br>
> > +- \
BN_free(r->dmp1);<br> > > \
+- \
r->dmp1 = dmp1;<br> > > +- }<br>
> > +- if (dmq1 != NULL) {<br>
> > +- \
BN_free(r->dmq1);<br> > > \
+- \
r->dmq1 = dmq1;<br> > > +- }<br>
> > +- if (iqmp != NULL) {<br>
> > +- \
BN_free(r->iqmp);<br> > > \
+- \
r->iqmp = iqmp;<br> > > +- }<br>
> > +-<br>
> > +- return 1;<br>
> > +-}<br>
> > +-#endif /* HAVE_RSA_SET0_CRT_PARAMS */<br>
> > +-<br>
> > +-#ifndef HAVE_RSA_GET0_FACTORS<br>
> > +-void<br>
> > +-RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q)<br>
> > +-{<br>
> > +- if (p != NULL)<br>
> > +- \
*p = r->p;<br> > > +- if (q != NULL)<br>
> > +- \
*q = r->q;<br> > > +-}<br>
> > +-#endif /* HAVE_RSA_GET0_FACTORS */<br>
> > +-<br>
> > +-#ifndef HAVE_RSA_SET0_FACTORS<br>
> > +-int<br>
> > +-RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q)<br>
> > +-{<br>
> > +- if ((r->p == NULL && p == NULL) \
|| (r->q == NULL && q == NULL))<br> > > \
+- \
return 0;<br> > > +-<br>
> > +- if (p != NULL) {<br>
> > +- \
BN_free(r->p);<br> > > \
+- \
r->p = p;<br> > > +- }<br>
> > +- if (q != NULL) {<br>
> > +- \
BN_free(r->q);<br> > > \
+- \
r->q = q;<br> > > +- }<br>
> > +-<br>
> > +- return 1;<br>
> > +-}<br>
> > +-#endif /* HAVE_RSA_SET0_FACTORS */<br>
> > +<br>
> > + #ifndef HAVE_EVP_CIPHER_CTX_GET_IV<br>
> > + int<br>
> > +@@ -392,249 +83,4 @@ EVP_CIPHER_CTX_set_iv(EVP_CIPHER_CTX *ctx, const \
unsigned char *iv, size_t len)<br> > > + }<br>
> > + #endif /* HAVE_EVP_CIPHER_CTX_SET_IV */<br>
> > +<br>
> > +-#ifndef HAVE_DSA_SIG_GET0<br>
> > +-void<br>
> > +-DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **pr, const BIGNUM \
**ps)<br> > > +-{<br>
> > +- if (pr != NULL)<br>
> > +- \
*pr = sig->r;<br> > > +- if (ps != NULL)<br>
> > +- \
*ps = sig->s;<br> > > +-}<br>
> > +-#endif /* HAVE_DSA_SIG_GET0 */<br>
> > +-<br>
> > +-#ifndef HAVE_DSA_SIG_SET0<br>
> > +-int<br>
> > +-DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s)<br>
> > +-{<br>
> > +- if (r == NULL || s == NULL)<br>
> > +- \
return 0;<br> > > +-<br>
> > +- BN_clear_free(sig->r);<br>
> > +- sig->r = r;<br>
> > +- BN_clear_free(sig->s);<br>
> > +- sig->s = s;<br>
> > +-<br>
> > +- return 1;<br>
> > +-}<br>
> > +-#endif /* HAVE_DSA_SIG_SET0 */<br>
> > +-<br>
> > +-#ifdef OPENSSL_HAS_ECC<br>
> > +-#ifndef HAVE_ECDSA_SIG_GET0<br>
> > +-void<br>
> > +-ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM \
**ps)<br> > > +-{<br>
> > +- if (pr != NULL)<br>
> > +- \
*pr = sig->r;<br> > > +- if (ps != NULL)<br>
> > +- \
*ps = sig->s;<br> > > +-}<br>
> > +-#endif /* HAVE_ECDSA_SIG_GET0 */<br>
> > +-<br>
> > +-#ifndef HAVE_ECDSA_SIG_SET0<br>
> > +-int<br>
> > +-ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s)<br>
> > +-{<br>
> > +- if (r == NULL || s == NULL)<br>
> > +- \
return 0;<br> > > +-<br>
> > +- BN_clear_free(sig->r);<br>
> > +- BN_clear_free(sig->s);<br>
> > +- sig->r = r;<br>
> > +- sig->s = s;<br>
> > +- return 1;<br>
> > +-}<br>
> > +-#endif /* HAVE_ECDSA_SIG_SET0 */<br>
> > +-#endif /* OPENSSL_HAS_ECC */<br>
> > +-<br>
> > +-#ifndef HAVE_DH_GET0_PQG<br>
> > +-void<br>
> > +-DH_get0_pqg(const DH *dh, const BIGNUM **p, const BIGNUM **q, const \
BIGNUM **g)<br> > > +-{<br>
> > +- if (p != NULL)<br>
> > +- \
*p = dh->p;<br> > > +- if (q != NULL)<br>
> > +- \
*q = dh->q;<br> > > +- if (g != NULL)<br>
> > +- \
*g = dh->g;<br> > > +-}<br>
> > +-#endif /* HAVE_DH_GET0_PQG */<br>
> > +-<br>
> > +-#ifndef HAVE_DH_SET0_PQG<br>
> > +-int<br>
> > +-DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g)<br>
> > +-{<br>
> > +- if ((dh->p == NULL && p == \
NULL) || (dh->g == NULL && g == NULL))<br> > > \
+- \
return 0;<br> > > +-<br>
> > +- if (p != NULL) {<br>
> > +- \
BN_free(dh->p);<br> > > \
+- \
dh->p = p;<br> > > +- }<br>
> > +- if (q != NULL) {<br>
> > +- \
BN_free(dh->q);<br> > > \
+- \
dh->q = q;<br> > > +- }<br>
> > +- if (g != NULL) {<br>
> > +- \
BN_free(dh->g);<br> > > \
+- \
dh->g = g;<br> > > +- }<br>
> > +-<br>
> > +- return 1;<br>
> > +-}<br>
> > +-#endif /* HAVE_DH_SET0_PQG */<br>
> > +-<br>
> > +-#ifndef HAVE_DH_GET0_KEY<br>
> > +-void<br>
> > +-DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM \
**priv_key)<br> > > +-{<br>
> > +- if (pub_key != NULL)<br>
> > +- \
*pub_key = dh->pub_key;<br> > > +- if \
(priv_key != NULL)<br> > > \
+- \
*priv_key = dh->priv_key;<br> > > +-}<br>
> > +-#endif /* HAVE_DH_GET0_KEY */<br>
> > +-<br>
> > +-#ifndef HAVE_DH_SET0_KEY<br>
> > +-int<br>
> > +-DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key)<br>
> > +-{<br>
> > +- if (pub_key != NULL) {<br>
> > +- \
BN_free(dh->pub_key);<br> > > \
+- \
dh->pub_key = pub_key;<br> > > +- }<br>
> > +- if (priv_key != NULL) {<br>
> > +- \
BN_free(dh->priv_key);<br> > > \
+- \
dh->priv_key = priv_key;<br> > > +- }<br>
> > +-<br>
> > +- return 1;<br>
> > +-}<br>
> > +-#endif /* HAVE_DH_SET0_KEY */<br>
> > +-<br>
> > +-#ifndef HAVE_DH_SET_LENGTH<br>
> > +-int<br>
> > +-DH_set_length(DH *dh, long length)<br>
> > +-{<br>
> > +- if (length < 0 || length > \
INT_MAX)<br> > > \
+- \
return 0;<br> > > +-<br>
> > +- dh->length = length;<br>
> > +- return 1;<br>
> > +-}<br>
> > +-#endif /* HAVE_DH_SET_LENGTH */<br>
> > +-<br>
> > +-#ifndef HAVE_RSA_METH_FREE<br>
> > +-void<br>
> > +-RSA_meth_free(RSA_METHOD *meth)<br>
> > +-{<br>
> > +- if (meth != NULL) {<br>
> > +- \
free((char *)meth->name);<br> > > \
+- \
free(meth);<br> > > +- }<br>
> > +-}<br>
> > +-#endif /* HAVE_RSA_METH_FREE */<br>
> > +-<br>
> > +-#ifndef HAVE_RSA_METH_DUP<br>
> > +-RSA_METHOD *<br>
> > +-RSA_meth_dup(const RSA_METHOD *meth)<br>
> > +-{<br>
> > +- RSA_METHOD *copy;<br>
> > +-<br>
> > +- if ((copy = calloc(1, sizeof(*copy))) == \
NULL)<br> > > +- \
return NULL;<br> > > +- memcpy(copy, meth, \
sizeof(*copy));<br> > > +- if ((copy->name = \
strdup(meth->name)) == NULL) {<br> > > \
+- \
free(copy);<br> > > \
+- \
return NULL;<br> > > +- }<br>
> > +-<br>
> > +- return copy;<br>
> > +-}<br>
> > +-#endif /* HAVE_RSA_METH_DUP */<br>
> > +-<br>
> > +-#ifndef HAVE_RSA_METH_SET1_NAME<br>
> > +-int<br>
> > +-RSA_meth_set1_name(RSA_METHOD *meth, const char *name)<br>
> > +-{<br>
> > +- char *copy;<br>
> > +-<br>
> > +- if ((copy = strdup(name)) == NULL)<br>
> > +- \
return 0;<br> > > +- free((char \
*)meth->name);<br> > > +- meth->name = \
copy;<br> > > +- return 1;<br>
> > +-}<br>
> > +-#endif /* HAVE_RSA_METH_SET1_NAME */<br>
> > +-<br>
> > +-#ifndef HAVE_RSA_METH_GET_FINISH<br>
> > +-int<br>
> > +-(*RSA_meth_get_finish(const RSA_METHOD *meth))(RSA *rsa)<br>
> > +-{<br>
> > +- return meth->finish;<br>
> > +-}<br>
> > +-#endif /* HAVE_RSA_METH_GET_FINISH */<br>
> > +-<br>
> > +-#ifndef HAVE_RSA_METH_SET_PRIV_ENC<br>
> > +-int<br>
> > +-RSA_meth_set_priv_enc(RSA_METHOD *meth, int (*priv_enc)(int flen,<br>
> > +- const unsigned char *from, unsigned char *to, RSA \
*rsa, int padding))<br> > > +-{<br>
> > +- meth->rsa_priv_enc = priv_enc;<br>
> > +- return 1;<br>
> > +-}<br>
> > +-#endif /* HAVE_RSA_METH_SET_PRIV_ENC */<br>
> > +-<br>
> > +-#ifndef HAVE_RSA_METH_SET_PRIV_DEC<br>
> > +-int<br>
> > +-RSA_meth_set_priv_dec(RSA_METHOD *meth, int (*priv_dec)(int flen,<br>
> > +- const unsigned char *from, unsigned char *to, RSA \
*rsa, int padding))<br> > > +-{<br>
> > +- meth->rsa_priv_dec = priv_dec;<br>
> > +- return 1;<br>
> > +-}<br>
> > +-#endif /* HAVE_RSA_METH_SET_PRIV_DEC */<br>
> > +-<br>
> > +-#ifndef HAVE_RSA_METH_SET_FINISH<br>
> > +-int<br>
> > +-RSA_meth_set_finish(RSA_METHOD *meth, int (*finish)(RSA *rsa))<br>
> > +-{<br>
> > +- meth->finish = finish;<br>
> > +- return 1;<br>
> > +-}<br>
> > +-#endif /* HAVE_RSA_METH_SET_FINISH */<br>
> > +-<br>
> > +-#ifndef HAVE_EVP_PKEY_GET0_RSA<br>
> > +-RSA *<br>
> > +-EVP_PKEY_get0_RSA(EVP_PKEY *pkey)<br>
> > +-{<br>
> > +- if (pkey->type != EVP_PKEY_RSA) {<br>
> > +- \
/* EVPerror(EVP_R_EXPECTING_AN_RSA_KEY); */<br> > > \
+- \
return NULL;<br> > > +- }<br>
> > +- return pkey->pkey.rsa;<br>
> > +-}<br>
> > +-#endif /* HAVE_EVP_PKEY_GET0_RSA */<br>
> > +-<br>
> > +-#ifndef HAVE_EVP_MD_CTX_NEW<br>
> > +-EVP_MD_CTX *<br>
> > +-EVP_MD_CTX_new(void)<br>
> > +-{<br>
> > +- return calloc(1, sizeof(EVP_MD_CTX));<br>
> > +-}<br>
> > +-#endif /* HAVE_EVP_MD_CTX_NEW */<br>
> > +-<br>
> > +-#ifndef HAVE_EVP_MD_CTX_FREE<br>
> > +-void<br>
> > +-EVP_MD_CTX_free(EVP_MD_CTX *ctx)<br>
> > +-{<br>
> > +- if (ctx == NULL)<br>
> > +- \
return;<br> > > +-<br>
> > +- EVP_MD_CTX_cleanup(ctx);<br>
> > +-<br>
> > +- free(ctx);<br>
> > +-}<br>
> > +-#endif /* HAVE_EVP_MD_CTX_FREE */<br>
> > +-<br>
> > + #endif /* WITH_OPENSSL */<br>
> > +diff --git a/openbsd-compat/openssl-compat.h \
b/openbsd-compat/openssl-compat.h<br> > > +index 61a69dd56eb..d0dd2c3450d \
100644<br> > > +--- a/openbsd-compat/openssl-compat.h<br>
> > ++++ b/openbsd-compat/openssl-compat.h<br>
> > +@@ -33,26 +33,13 @@<br>
> > + int ssh_compatible_openssl(long, long);<br>
> > + void ssh_libcrypto_init(void);<br>
> > +<br>
> > +-#if (OPENSSL_VERSION_NUMBER < 0x1000100fL)<br>
> > +-# error OpenSSL 1.0.1 or greater is required<br>
> > ++#if (OPENSSL_VERSION_NUMBER < 0x10100000L)<br>
> > ++# error OpenSSL 1.1.0 or greater is required<br>
> > + #endif<br>
> > +-<br>
> > +-#ifndef OPENSSL_VERSION<br>
> > +-# define OPENSSL_VERSION SSLEAY_VERSION<br>
> > +-#endif<br>
> > +-<br>
> > +-#ifndef HAVE_OPENSSL_VERSION<br>
> > +-# define OpenSSL_version(x) SSLeay_version(x)<br>
> > +-#endif<br>
> > +-<br>
> > +-#ifndef HAVE_OPENSSL_VERSION_NUM<br>
> > +-# define OpenSSL_version_num SSLeay<br>
> > +-#endif<br>
> > +-<br>
> > +-#if OPENSSL_VERSION_NUMBER < 0x10000001L<br>
> > +-# define LIBCRYPTO_EVP_INL_TYPE unsigned int<br>
> > +-#else<br>
> > +-# define LIBCRYPTO_EVP_INL_TYPE size_t<br>
> > ++#ifdef LIBRESSL_VERSION_NUMBER<br>
> > ++# if LIBRESSL_VERSION_NUMBER < 0x3010000fL<br>
> > ++# error LibreSSL 3.1.0 or greater is required<br>
> > ++# endif<br>
> > + #endif<br>
> > +<br>
> > + #ifndef OPENSSL_RSA_MAX_MODULUS_BITS<br>
> > +@@ -68,25 +55,6 @@ void ssh_libcrypto_init(void);<br>
> > + # endif<br>
> > + #endif<br>
> > +<br>
> > +-/* LibreSSL/OpenSSL 1.1x API compat */<br>
> > +-#ifndef HAVE_DSA_GET0_PQG<br>
> > +-void DSA_get0_pqg(const DSA *d, const BIGNUM **p, const BIGNUM **q,<br>
> > +- const BIGNUM **g);<br>
> > +-#endif /* HAVE_DSA_GET0_PQG */<br>
> > +-<br>
> > +-#ifndef HAVE_DSA_SET0_PQG<br>
> > +-int DSA_set0_pqg(DSA *d, BIGNUM *p, BIGNUM *q, BIGNUM *g);<br>
> > +-#endif /* HAVE_DSA_SET0_PQG */<br>
> > +-<br>
> > +-#ifndef HAVE_DSA_GET0_KEY<br>
> > +-void DSA_get0_key(const DSA *d, const BIGNUM **pub_key,<br>
> > +- const BIGNUM **priv_key);<br>
> > +-#endif /* HAVE_DSA_GET0_KEY */<br>
> > +-<br>
> > +-#ifndef HAVE_DSA_SET0_KEY<br>
> > +-int DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key);<br>
> > +-#endif /* HAVE_DSA_SET0_KEY */<br>
> > +-<br>
> > + #ifndef HAVE_EVP_CIPHER_CTX_GET_IV<br>
> > + # ifdef HAVE_EVP_CIPHER_CTX_GET_UPDATED_IV<br>
> > + # define EVP_CIPHER_CTX_get_iv EVP_CIPHER_CTX_get_updated_iv<br>
> > +@@ -101,112 +69,5 @@ int EVP_CIPHER_CTX_set_iv(EVP_CIPHER_CTX *ctx,<br>
> > + const unsigned char *iv, size_t len);<br>
> > + #endif /* HAVE_EVP_CIPHER_CTX_SET_IV */<br>
> > +<br>
> > +-#ifndef HAVE_RSA_GET0_KEY<br>
> > +-void RSA_get0_key(const RSA *r, const BIGNUM **n, const BIGNUM **e,<br>
> > +- const BIGNUM **d);<br>
> > +-#endif /* HAVE_RSA_GET0_KEY */<br>
> > +-<br>
> > +-#ifndef HAVE_RSA_SET0_KEY<br>
> > +-int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d);<br>
> > +-#endif /* HAVE_RSA_SET0_KEY */<br>
> > +-<br>
> > +-#ifndef HAVE_RSA_GET0_CRT_PARAMS<br>
> > +-void RSA_get0_crt_params(const RSA *r, const BIGNUM **dmp1, const BIGNUM \
**dmq1,<br> > > +- const BIGNUM **iqmp);<br>
> > +-#endif /* HAVE_RSA_GET0_CRT_PARAMS */<br>
> > +-<br>
> > +-#ifndef HAVE_RSA_SET0_CRT_PARAMS<br>
> > +-int RSA_set0_crt_params(RSA *r, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM \
*iqmp);<br> > > +-#endif /* HAVE_RSA_SET0_CRT_PARAMS */<br>
> > +-<br>
> > +-#ifndef HAVE_RSA_GET0_FACTORS<br>
> > +-void RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM \
**q);<br> > > +-#endif /* HAVE_RSA_GET0_FACTORS */<br>
> > +-<br>
> > +-#ifndef HAVE_RSA_SET0_FACTORS<br>
> > +-int RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q);<br>
> > +-#endif /* HAVE_RSA_SET0_FACTORS */<br>
> > +-<br>
> > +-#ifndef DSA_SIG_GET0<br>
> > +-void DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **pr, const BIGNUM \
**ps);<br> > > +-#endif /* DSA_SIG_GET0 */<br>
> > +-<br>
> > +-#ifndef DSA_SIG_SET0<br>
> > +-int DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s);<br>
> > +-#endif /* DSA_SIG_SET0 */<br>
> > +-<br>
> > +-#ifdef OPENSSL_HAS_ECC<br>
> > +-#ifndef HAVE_ECDSA_SIG_GET0<br>
> > +-void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM \
**ps);<br> > > +-#endif /* HAVE_ECDSA_SIG_GET0 */<br>
> > +-<br>
> > +-#ifndef HAVE_ECDSA_SIG_SET0<br>
> > +-int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s);<br>
> > +-#endif /* HAVE_ECDSA_SIG_SET0 */<br>
> > +-#endif /* OPENSSL_HAS_ECC */<br>
> > +-<br>
> > +-#ifndef HAVE_DH_GET0_PQG<br>
> > +-void DH_get0_pqg(const DH *dh, const BIGNUM **p, const BIGNUM **q,<br>
> > +- const BIGNUM **g);<br>
> > +-#endif /* HAVE_DH_GET0_PQG */<br>
> > +-<br>
> > +-#ifndef HAVE_DH_SET0_PQG<br>
> > +-int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g);<br>
> > +-#endif /* HAVE_DH_SET0_PQG */<br>
> > +-<br>
> > +-#ifndef HAVE_DH_GET0_KEY<br>
> > +-void DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM \
**priv_key);<br> > > +-#endif /* HAVE_DH_GET0_KEY */<br>
> > +-<br>
> > +-#ifndef HAVE_DH_SET0_KEY<br>
> > +-int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key);<br>
> > +-#endif /* HAVE_DH_SET0_KEY */<br>
> > +-<br>
> > +-#ifndef HAVE_DH_SET_LENGTH<br>
> > +-int DH_set_length(DH *dh, long length);<br>
> > +-#endif /* HAVE_DH_SET_LENGTH */<br>
> > +-<br>
> > +-#ifndef HAVE_RSA_METH_FREE<br>
> > +-void RSA_meth_free(RSA_METHOD *meth);<br>
> > +-#endif /* HAVE_RSA_METH_FREE */<br>
> > +-<br>
> > +-#ifndef HAVE_RSA_METH_DUP<br>
> > +-RSA_METHOD *RSA_meth_dup(const RSA_METHOD *meth);<br>
> > +-#endif /* HAVE_RSA_METH_DUP */<br>
> > +-<br>
> > +-#ifndef HAVE_RSA_METH_SET1_NAME<br>
> > +-int RSA_meth_set1_name(RSA_METHOD *meth, const char *name);<br>
> > +-#endif /* HAVE_RSA_METH_SET1_NAME */<br>
> > +-<br>
> > +-#ifndef HAVE_RSA_METH_GET_FINISH<br>
> > +-int (*RSA_meth_get_finish(const RSA_METHOD *meth))(RSA *rsa);<br>
> > +-#endif /* HAVE_RSA_METH_GET_FINISH */<br>
> > +-<br>
> > +-#ifndef HAVE_RSA_METH_SET_PRIV_ENC<br>
> > +-int RSA_meth_set_priv_enc(RSA_METHOD *meth, int (*priv_enc)(int flen,<br>
> > +- const unsigned char *from, unsigned char *to, RSA \
*rsa, int padding));<br> > > +-#endif /* HAVE_RSA_METH_SET_PRIV_ENC */<br>
> > +-<br>
> > +-#ifndef HAVE_RSA_METH_SET_PRIV_DEC<br>
> > +-int RSA_meth_set_priv_dec(RSA_METHOD *meth, int (*priv_dec)(int flen,<br>
> > +- const unsigned char *from, unsigned char *to, RSA \
*rsa, int padding));<br> > > +-#endif /* HAVE_RSA_METH_SET_PRIV_DEC */<br>
> > +-<br>
> > +-#ifndef HAVE_RSA_METH_SET_FINISH<br>
> > +-int RSA_meth_set_finish(RSA_METHOD *meth, int (*finish)(RSA *rsa));<br>
> > +-#endif /* HAVE_RSA_METH_SET_FINISH */<br>
> > +-<br>
> > +-#ifndef HAVE_EVP_PKEY_GET0_RSA<br>
> > +-RSA *EVP_PKEY_get0_RSA(EVP_PKEY *pkey);<br>
> > +-#endif /* HAVE_EVP_PKEY_GET0_RSA */<br>
> > +-<br>
> > +-#ifndef HAVE_EVP_MD_CTX_new<br>
> > +-EVP_MD_CTX *EVP_MD_CTX_new(void);<br>
> > +-#endif /* HAVE_EVP_MD_CTX_new */<br>
> > +-<br>
> > +-#ifndef HAVE_EVP_MD_CTX_free<br>
> > +-void EVP_MD_CTX_free(EVP_MD_CTX *ctx);<br>
> > +-#endif /* HAVE_EVP_MD_CTX_free */<br>
> > +-<br>
> > + #endif /* WITH_OPENSSL */<br>
> > + #endif /* _OPENSSL_COMPAT_H */<br>
> > diff --git a/meta/recipes-connectivity/openssh/<a \
href="http://openssh_8.9p1.bb/" originalsrc="http://openssh_8.9p1.bb/" \
shash="SZMcGEqIcSq2CqgRHg/5PNRK1f6J0L2aDa0OU4KpkSphPo8r22L7fas6OZ5IVQzpSpPkv+tzjaYFbPT \
2aQ9e3C2lLc+HMN98fogO65iiF0mATpTTrbFp3vJys0VIRgCvOxbwXIFClzam2zOML4cz2PJDhQjFQ9sDvGxfHxwhKS8=" \
target="_blank">openssh_8.9p1.bb</a> b/meta/recipes-connectivity/openssh/<a \
href="http://openssh_8.9p1.bb/" originalsrc="http://openssh_8.9p1.bb/" \
shash="SZMcGEqIcSq2CqgRHg/5PNRK1f6J0L2aDa0OU4KpkSphPo8r22L7fas6OZ5IVQzpSpPkv+tzjaYFbPT \
2aQ9e3C2lLc+HMN98fogO65iiF0mATpTTrbFp3vJys0VIRgCvOxbwXIFClzam2zOML4cz2PJDhQjFQ9sDvGxfHxwhKS8=" \
target="_blank">openssh_8.9p1.bb</a><br> > > index 6057d055f4..1d53c2488b \
100644<br> > > --- a/meta/recipes-connectivity/openssh/<a \
href="http://openssh_8.9p1.bb/" originalsrc="http://openssh_8.9p1.bb/" \
shash="SZMcGEqIcSq2CqgRHg/5PNRK1f6J0L2aDa0OU4KpkSphPo8r22L7fas6OZ5IVQzpSpPkv+tzjaYFbPT \
2aQ9e3C2lLc+HMN98fogO65iiF0mATpTTrbFp3vJys0VIRgCvOxbwXIFClzam2zOML4cz2PJDhQjFQ9sDvGxfHxwhKS8=" \
target="_blank">openssh_8.9p1.bb</a><br> > > +++ \
b/meta/recipes-connectivity/openssh/<a href="http://openssh_8.9p1.bb/" \
originalsrc="http://openssh_8.9p1.bb/" \
shash="SZMcGEqIcSq2CqgRHg/5PNRK1f6J0L2aDa0OU4KpkSphPo8r22L7fas6OZ5IVQzpSpPkv+tzjaYFbPT \
2aQ9e3C2lLc+HMN98fogO65iiF0mATpTTrbFp3vJys0VIRgCvOxbwXIFClzam2zOML4cz2PJDhQjFQ9sDvGxfHxwhKS8=" \
target="_blank">openssh_8.9p1.bb</a><br> > > @@ -26,6 +26,7 @@ SRC_URI = \
"<a></a><a href="http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-$" \
originalsrc="http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-$" \
shash="lKxm1b6C0FxqDkxRJ2yK3mMe6aAykSY212NGa/QbjnblTaODhBSq5Tib82pV5VhmFjoP7NJgRK4BUBx \
a5pEaDCSowz22MYumSGCb+1QD9gntjzW+rFGqTgvyYvoEHllFqth8mW3O6Q9mEDlnsaV8Uo1RF4lK9l0EHpjKGoUCVeY=" \
target="_blank">https://apc01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fftp.o \
penbsd.org%2Fpub%2FOpenBSD%2FOpenSSH%2Fportable%2Fopenssh-%24&data=05%7C01%7CRanji \
tsinh.Rathod%40kpit.com%7Cd788d3aa157742dfacb008db61a20d08%7C3539451eb46e4a26a242ff615 \
02855c7%7C0%7C0%7C638211120911246208%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQI \
joiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=dDzVG6aYgMYab04aGD%2F6l6tLxk2tzcSndFcqwlT%2FRg0%3D&reserved=0{PV}.tar</a><br>
> > \
<a>file://add-test-support-for-busybox.patch</a> \<br> > \
> \
<a>file://f107467179428a0e3ea9e4aa9738ac12ff02822d.patch</a> \<br> > \
> \
<a>file://0001-Default-to-not-using-sandbox-when-cross-compiling.patch</a> \<br> > \
> + \
<a>file://7280401bdd77ca54be6867a154cc01e0d72612e0.patch</a> \<br> > \
> \
"<br> > > SRC_URI[sha256sum] = \
"fd497654b7ab1686dac672fb83dfb4ba4096e8b5ffcdaccd262380ae58bec5e7"<br> > \
><br> > > --<br>
> > 2.17.1<br>
> ><br>
> ><br>
> > <br>
> ><br>
> This message contains information that may be privileged or confidential and is \
the property of the KPIT Technologies Ltd. It is intended only for the person to whom \
it is addressed. If you are not the intended recipient, you are not authorized to \
read, print, retain copy, disseminate, distribute, or use this message or any part \
thereof. If you receive this message in error, please notify the sender immediately \
and delete all copies of this message. KPIT Technologies Ltd. does not accept any \
liability for virus infected mails.<br>
</div>
</span></font></div>
This message contains information that may be privileged or confidential and is the \
property of the KPIT Technologies Ltd. It is intended only for the person to whom it \
is addressed. If you are not the intended recipient, you are not authorized to read, \
print, retain copy, disseminate, distribute, or use this message or any part \
thereof. If you receive this message in error, please notify the sender immediately \
and delete all copies of this message. KPIT Technologies Ltd. does not accept any \
liability for virus infected mails. </div>
</div>
</blockquote>
</div>
</div>
</div>
This message contains information that may be privileged or confidential and is the \
property of the KPIT Technologies Ltd. It is intended only for the person to whom it \
is addressed. If you are not the intended recipient, you are not authorized to read, \
print, retain copy, disseminate, distribute, or use this message or any part \
thereof. If you receive this message in error, please notify the sender immediately \
and delete all copies of this message. KPIT Technologies Ltd. does not accept any \
liability for virus infected mails. </div>
</div>
</blockquote>
</div>
</div>
</div>
This message contains information that may be privileged or confidential and is the \
property of the KPIT Technologies Ltd. It is intended only for the person to whom it \
is addressed. If you are not the intended recipient, you are not authorized to read, \
print, retain copy, disseminate, distribute, or use this message or any part \
thereof. If you receive this message in error, please notify the sender immediately \
and delete all copies of this message. KPIT Technologies Ltd. does not accept any \
liability for virus infected mails.
</body>
</html>
["Outlook-zvjvofhy.png" (image/png)]
["Outlook-t2q33n03.png" (image/png)]
["Outlook-ymltzpe1.png" (image/png)]
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#182006): https://lists.openembedded.org/g/openembedded-core/message/182006
Mute This Topic: https://lists.openembedded.org/mt/99215252/4454766
Group Owner: openembedded-core+owner@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [openembedded-core@marc.info]
-=-=-=-=-=-=-=-=-=-=-=-
--m3Tuo6bXd3KxfG4kfBGz--
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic