crypto: Fix compilation for OpenSSL without deprecated APIs

Added missing bn.h include.

Made engine.h include conditional, otherwise it would fail.

DSA_generate_parameters was deprecated long before 1.1.0.

Signed-off-by: Rosen Penev <rosenp@gmail.com>

3 files changed, 6 insertions, 2 deletions

diff --git a/src/libcrypto-compat.c b/src/libcrypto-compat.c
index 45dffbb4..261bc518 100644
--- a/src/libcrypto-compat.c
+++ b/src/libcrypto-compat.c
@@ -10,9 +10,12 @@
 #include "config.h"
 
 #include <string.h>
-#include <openssl/engine.h>
 #include "libcrypto-compat.h"
 
+#ifndef OPENSSL_NO_ENGINE
+#include <openssl/engine.h>
+#endif
+
 static void *OPENSSL_zalloc(size_t num)
 {
     void *ret = OPENSSL_malloc(num);
diff --git a/src/libcrypto-compat.h b/src/libcrypto-compat.h
index 21542c65..00e4f2a3 100644
--- a/src/libcrypto-compat.h
+++ b/src/libcrypto-compat.h
@@ -10,6 +10,7 @@
 #include <openssl/dh.h>
 #include <openssl/evp.h>
 #include <openssl/hmac.h>
+#include <openssl/bn.h>
 
 int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d);
 int RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q);
diff --git a/src/pki_crypto.c b/src/pki_crypto.c
index 3775d123..ccd22a13 100644
--- a/src/pki_crypto.c
+++ b/src/pki_crypto.c
@@ -516,7 +516,7 @@ int pki_key_generate_rsa(ssh_key key, int parameter){
 
 int pki_key_generate_dss(ssh_key key, int parameter){
     int rc;
-#if OPENSSL_VERSION_NUMBER > 0x10100000L
+#if OPENSSL_VERSION_NUMBER > 0x00908000L
     key->dsa = DSA_new();
     if (key->dsa == NULL) {
         return SSH_ERROR;