Hello community, here is the log from the commit of package liboauth for openSUSE:Factory checked in at 2017-08-24 18:19:41 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/liboauth (Old) and /work/SRC/openSUSE:Factory/.liboauth.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "liboauth" Thu Aug 24 18:19:41 2017 rev:13 rq:518404 version:1.0.3 Changes: -------- --- /work/SRC/openSUSE:Factory/liboauth/liboauth.changes 2015-02-16 17:35:01.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.liboauth.new/liboauth.changes 2017-08-24 18:19:44.889353286 +0200 @@ -1,0 +2,7 @@ +Wed Aug 23 13:28:24 UTC 2017 - [email protected] + +- Add openssl 1.1 compatibility (bsc#1055285) + * add liboauth-openssl_1.1_compatibility.patch from + https://github.com/x42/liboauth/issues/9 + +------------------------------------------------------------------- New: ---- liboauth-openssl_1.1_compatibility.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ liboauth.spec ++++++ --- /var/tmp/diff_new_pack.q9QpAk/_old 2017-08-24 18:19:45.873214756 +0200 +++ /var/tmp/diff_new_pack.q9QpAk/_new 2017-08-24 18:19:45.877214193 +0200 @@ -30,6 +30,7 @@ BuildRoot: %{_tmppath}/%{name}-%{version}-build Source0: http://sourceforge.net/projects/liboauth/files/liboauth-%{version}.tar.gz Source1: baselibs.conf +Patch0: liboauth-openssl_1.1_compatibility.patch %description liboauth is a collection of c functions implementing the http://oauth.net API. @@ -71,6 +72,7 @@ %prep %setup -q +%patch0 -p1 %build sed -i -e '/^Libs.private/d' -e '/^Requires.private/d' oauth.pc.in ++++++ liboauth-openssl_1.1_compatibility.patch ++++++ Index: liboauth-1.0.3/src/hash.c =================================================================== --- liboauth-1.0.3.orig/src/hash.c 2017-08-23 15:20:33.509317761 +0200 +++ liboauth-1.0.3/src/hash.c 2017-08-23 15:25:30.626156109 +0200 @@ -362,6 +362,11 @@ looser: #include "oauth.h" // base64 encode fn's. #include <openssl/hmac.h> +#if OPENSSL_VERSION_NUMBER < 0x10100000 +#define EVP_MD_CTX_new EVP_MD_CTX_create +#define EVP_MD_CTX_free EVP_MD_CTX_destroy +#endif + char *oauth_sign_hmac_sha1 (const char *m, const char *k) { return(oauth_sign_hmac_sha1_raw (m, strlen(m), k, strlen(k))); } @@ -386,7 +391,7 @@ char *oauth_sign_rsa_sha1 (const char *m unsigned char *sig = NULL; unsigned char *passphrase = NULL; unsigned int len=0; - EVP_MD_CTX md_ctx; + EVP_MD_CTX *md_ctx; EVP_PKEY *pkey; BIO *in; @@ -399,24 +404,31 @@ char *oauth_sign_rsa_sha1 (const char *m return xstrdup("liboauth/OpenSSL: can not read private key"); } + md_ctx = EVP_MD_CTX_new(); + if (md_ctx == NULL) { + return xstrdup("liboauth/OpenSSL: failed to allocate EVP_MD_CTX"); + } + len = EVP_PKEY_size(pkey); sig = (unsigned char*)xmalloc((len+1)*sizeof(char)); - EVP_SignInit(&md_ctx, EVP_sha1()); - EVP_SignUpdate(&md_ctx, m, strlen(m)); - if (EVP_SignFinal (&md_ctx, sig, &len, pkey)) { + EVP_SignInit(md_ctx, EVP_sha1()); + EVP_SignUpdate(md_ctx, m, strlen(m)); + if (EVP_SignFinal (md_ctx, sig, &len, pkey)) { char *tmp; sig[len] = '\0'; tmp = oauth_encode_base64(len,sig); OPENSSL_free(sig); EVP_PKEY_free(pkey); + EVP_MD_CTX_free(md_ctx); return tmp; } + EVP_MD_CTX_free(md_ctx); return xstrdup("liboauth/OpenSSL: rsa-sha1 signing failed"); } int oauth_verify_rsa_sha1 (const char *m, const char *c, const char *s) { - EVP_MD_CTX md_ctx; + EVP_MD_CTX *md_ctx; EVP_PKEY *pkey; BIO *in; X509 *cert = NULL; @@ -437,13 +449,18 @@ int oauth_verify_rsa_sha1 (const char *m return -2; } + md_ctx = EVP_MD_CTX_new(); + if (md_ctx == NULL) { + return -2; + } + b64d= (unsigned char*) xmalloc(sizeof(char)*strlen(s)); slen = oauth_decode_base64(b64d, s); - EVP_VerifyInit(&md_ctx, EVP_sha1()); - EVP_VerifyUpdate(&md_ctx, m, strlen(m)); - err = EVP_VerifyFinal(&md_ctx, b64d, slen, pkey); - EVP_MD_CTX_cleanup(&md_ctx); + EVP_VerifyInit(md_ctx, EVP_sha1()); + EVP_VerifyUpdate(md_ctx, m, strlen(m)); + err = EVP_VerifyFinal(md_ctx, b64d, slen, pkey); + EVP_MD_CTX_free(md_ctx); EVP_PKEY_free(pkey); xfree(b64d); return (err); @@ -455,35 +472,41 @@ int oauth_verify_rsa_sha1 (const char *m */ char *oauth_body_hash_file(char *filename) { unsigned char fb[BUFSIZ]; - EVP_MD_CTX ctx; + EVP_MD_CTX *ctx; size_t len=0; unsigned char *md; FILE *F= fopen(filename, "r"); if (!F) return NULL; - EVP_MD_CTX_init(&ctx); - EVP_DigestInit(&ctx,EVP_sha1()); + ctx = EVP_MD_CTX_new(); + if (ctx == NULL) { + return xstrdup("liboauth/OpenSSL: failed to allocate EVP_MD_CTX"); + } + EVP_DigestInit(ctx,EVP_sha1()); while (!feof(F) && (len=fread(fb,sizeof(char),BUFSIZ, F))>0) { - EVP_DigestUpdate(&ctx, fb, len); + EVP_DigestUpdate(ctx, fb, len); } fclose(F); len=0; md=(unsigned char*) xcalloc(EVP_MD_size(EVP_sha1()),sizeof(unsigned char)); - EVP_DigestFinal(&ctx, md,(unsigned int*) &len); - EVP_MD_CTX_cleanup(&ctx); + EVP_DigestFinal(ctx, md,(unsigned int*) &len); + EVP_MD_CTX_free(ctx); return oauth_body_hash_encode(len, md); } char *oauth_body_hash_data(size_t length, const char *data) { - EVP_MD_CTX ctx; + EVP_MD_CTX *ctx; size_t len=0; unsigned char *md; md=(unsigned char*) xcalloc(EVP_MD_size(EVP_sha1()),sizeof(unsigned char)); - EVP_MD_CTX_init(&ctx); - EVP_DigestInit(&ctx,EVP_sha1()); - EVP_DigestUpdate(&ctx, data, length); - EVP_DigestFinal(&ctx, md,(unsigned int*) &len); - EVP_MD_CTX_cleanup(&ctx); + ctx = EVP_MD_CTX_new(); + if (ctx == NULL) { + return xstrdup("liboauth/OpenSSL: failed to allocate EVP_MD_CTX"); + } + EVP_DigestInit(ctx,EVP_sha1()); + EVP_DigestUpdate(ctx, data, length); + EVP_DigestFinal(ctx, md,(unsigned int*) &len); + EVP_MD_CTX_free(ctx); return oauth_body_hash_encode(len, md); }
