Get rid of the deprecated OpenSSL API

It turns out there is a way to get the uncompressed format from the low-level API, which is not (yet?) deprecated so this removes all of the TODO's for ECDSA keys and moves the EC_KEY structure in the high-level EVP_PKEY. Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Norbert Pocs <npocs@redhat.com>
2026-02-07 02:39:48 +09:00 · 2023-01-06 17:25:44 +01:00
parent 02fda2ef80
commit 1eb3df5254
7 changed files with 444 additions and 763 deletions
--- a/include/libssh/libcrypto.h
+++ b/include/libssh/libcrypto.h
@@ -25,6 +25,7 @@

 #ifdef HAVE_LIBCRYPTO

+#include "libssh/libssh.h"
 #include <openssl/dsa.h>
 #include <openssl/rsa.h>
 #include <openssl/sha.h>
@@ -32,6 +33,7 @@
 #include <openssl/hmac.h>
 #include <openssl/evp.h>
 #include <openssl/crypto.h>
+#include <openssl/ec.h>

 typedef EVP_MD_CTX* SHACTX;
 typedef EVP_MD_CTX* SHA256CTX;
@@ -116,6 +118,8 @@ typedef BN_CTX* bignum_CTX;
 #define ssh_fips_mode() false
 #endif

+ssh_string pki_key_make_ecpoint_string(const EC_GROUP *g, const EC_POINT *p);
+int pki_key_ecgroup_name_to_nid(const char *group);
 #endif /* HAVE_LIBCRYPTO */

 #endif /* LIBCRYPTO_H_ */