Hello community, here is the log from the commit of package libssh for openSUSE:Factory checked in at 2017-10-02 16:50:46 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libssh (Old) and /work/SRC/openSUSE:Factory/.libssh.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libssh" Mon Oct 2 16:50:46 2017 rev:45 rq:528606 version:0.7.5 Changes: -------- --- /work/SRC/openSUSE:Factory/libssh/libssh.changes 2017-08-02 11:30:52.151266418 +0200 +++ /work/SRC/openSUSE:Factory/.libssh.new/libssh.changes 2017-10-02 16:50:56.681837014 +0200 @@ -1,0 +2,14 @@ +Fri Sep 15 08:31:32 UTC 2017 - [email protected] + +- add support for building with OpenSSL 1.1 (bsc#1055266) + * added patches: + * 0001-cmake-Use-configure-check-for-CRYPTO_ctr128_encrypt.patch + * 0001-libcrypto-Introduce-a-libcrypto-compat-file.patch + * 0001-libcrypto-Remove-AES_ctr128_encrypt.patch + * 0001-libcrypto-Use-a-pointer-for-EVP_MD_CTX.patch + * 0001-libcrypto-Use-a-pointer-for-EVP_CIPHER_CTX.patch + * 0001-libcrypto-Use-newer-API-for-HMAC.patch + * 0001-pki_crypto-Use-getters-and-setters-for-opaque-keys-a.patch + * 0001-threads-Use-new-API-call-for-OpenSSL-CRYPTO-THREADID.patch + +------------------------------------------------------------------- New: ---- 0001-cmake-Use-configure-check-for-CRYPTO_ctr128_encrypt.patch 0001-libcrypto-Introduce-a-libcrypto-compat-file.patch 0001-libcrypto-Remove-AES_ctr128_encrypt.patch 0001-libcrypto-Use-a-pointer-for-EVP_CIPHER_CTX.patch 0001-libcrypto-Use-a-pointer-for-EVP_MD_CTX.patch 0001-libcrypto-Use-newer-API-for-HMAC.patch 0001-pki_crypto-Use-getters-and-setters-for-opaque-keys-a.patch 0001-threads-Use-new-API-call-for-OpenSSL-CRYPTO-THREADID.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libssh.spec ++++++ --- /var/tmp/diff_new_pack.lmfsoJ/_old 2017-10-02 16:50:57.753686579 +0200 +++ /var/tmp/diff_new_pack.lmfsoJ/_new 2017-10-02 16:50:57.757686018 +0200 @@ -28,6 +28,16 @@ Source1: https://red.libssh.org/attachments/download/217/%{name}-%{version}.tar.asc Source2: https://cryptomilk.org/[email protected]_key.asc#/%{name}.keyring Source99: baselibs.conf +# PATCH-FIX-UPSTREAM Upstream patches for OpenSSL 1.1 compatibility (will appear in 0.8 release) +Patch0: 0001-libcrypto-Remove-AES_ctr128_encrypt.patch +Patch1: 0001-libcrypto-Introduce-a-libcrypto-compat-file.patch +Patch2: 0001-libcrypto-Use-newer-API-for-HMAC.patch +Patch3: 0001-libcrypto-Use-a-pointer-for-EVP_MD_CTX.patch +Patch4: 0001-libcrypto-Use-a-pointer-for-EVP_CIPHER_CTX.patch +Patch5: 0001-pki_crypto-Use-getters-and-setters-for-opaque-keys-a.patch +Patch6: 0001-threads-Use-new-API-call-for-OpenSSL-CRYPTO-THREADID.patch +Patch7: 0001-cmake-Use-configure-check-for-CRYPTO_ctr128_encrypt.patch +# END of OpenSSL 1.1 support patches BuildRequires: cmake BuildRequires: doxygen BuildRequires: gcc-c++ @@ -80,6 +90,14 @@ %prep %setup -q +%patch0 -p1 +%patch1 -p1 +%patch2 -p1 +%patch3 -p1 +%patch4 -p1 +%patch5 -p1 +%patch6 -p1 +%patch7 -p1 %build %cmake \ ++++++ 0001-cmake-Use-configure-check-for-CRYPTO_ctr128_encrypt.patch ++++++ >From 3daf1760a18c091159338fc9077fa71bfbd726a1 Mon Sep 17 00:00:00 2001 From: Andreas Schneider <[email protected]> Date: Sun, 6 Nov 2016 15:43:31 +0100 Subject: [PATCH] cmake: Use configure check for CRYPTO_ctr128_encrypt Signed-off-by: Andreas Schneider <[email protected]> --- ConfigureChecks.cmake | 4 ++++ config.h.cmake | 3 +++ src/libcrypto.c | 6 +++--- 3 files changed, 10 insertions(+), 3 deletions(-) Index: libssh-0.7.5/ConfigureChecks.cmake =================================================================== --- libssh-0.7.5.orig/ConfigureChecks.cmake 2017-09-15 11:35:09.493600110 +0200 +++ libssh-0.7.5/ConfigureChecks.cmake 2017-09-15 11:35:09.505600299 +0200 @@ -95,6 +95,10 @@ if (OPENSSL_FOUND) set(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR}) set(CMAKE_REQUIRED_LIBRARIES ${OPENSSL_CRYPTO_LIBRARY}) check_function_exists(CRYPTO_THREADID_set_callback HAVE_OPENSSL_CRYPTO_THREADID_SET_CALLBACK) + + set(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR}) + set(CMAKE_REQUIRED_LIBRARIES ${OPENSSL_CRYPTO_LIBRARY}) + check_function_exists(CRYPTO_ctr128_encrypt HAVE_OPENSSL_CRYPTO_CTR128_ENCRYPT) endif() if (CMAKE_HAVE_PTHREAD_H) Index: libssh-0.7.5/config.h.cmake =================================================================== --- libssh-0.7.5.orig/config.h.cmake 2017-09-15 11:35:09.493600110 +0200 +++ libssh-0.7.5/config.h.cmake 2017-09-15 11:35:09.505600299 +0200 @@ -79,6 +79,9 @@ /* Define to 1 if you have the `CRYPTO_THREADID_set_callback' function. */ #cmakedefine HAVE_OPENSSL_CRYPTO_THREADID_SET_CALLBACK 1 +/* Define to 1 if you have the `CRYPTO_ctr128_encrypt' function. */ +#cmakedefine HAVE_OPENSSL_CRYPTO_CTR128_ENCRYPT 1 + /* Define to 1 if you have the `snprintf' function. */ #cmakedefine HAVE_SNPRINTF 1 Index: libssh-0.7.5/src/libcrypto.c =================================================================== --- libssh-0.7.5.orig/src/libcrypto.c 2017-09-15 11:35:09.473599793 +0200 +++ libssh-0.7.5/src/libcrypto.c 2017-09-15 11:35:09.505600299 +0200 @@ -41,6 +41,8 @@ #include <openssl/dsa.h> #include <openssl/rsa.h> #include <openssl/hmac.h> +#include <openssl/evp.h> +#include <openssl/modes.h> #include <openssl/opensslv.h> #include <openssl/rand.h> #include "libcrypto-compat.h" @@ -458,11 +460,12 @@ static void aes_ctr128_encrypt(struct ss * Same for num, which is being used to store the current offset in blocksize in CTR * function. */ -# if OPENSSL_VERSION_NUMBER >= 0x10100000L - CRYPTO_ctr128_encrypt(in, out, len, &cipher->aes_key->key, cipher->aes_key->IV, tmp_buffer, &num, (block128_f)AES_encrypt); -# else +#ifdef HAVE_OPENSSL_CRYPTO_CTR128_ENCRYPT + CRYPTO_ctr128_encrypt(in, out, len, cipher->key, cipher->IV, tmp_buffer, &num, (block128_f)AES_encrypt); +#else + AES_ctr128_encrypt(in, out, len, cipher->key, cipher->IV, tmp_buffer, &num); -# endif /* OPENSSL_VERSION_NUMBER >= 0x10100000L */ +#endif /* HAVE_OPENSSL_CRYPTO_CTR128_ENCRYPT */ } #endif /* BROKEN_AES_CTR */ #endif /* HAS_AES */ ++++++ 0001-libcrypto-Introduce-a-libcrypto-compat-file.patch ++++++ >From b6cfde8987d201e3cee942d3368e18545d6c28fb Mon Sep 17 00:00:00 2001 From: Jakub Jelen <[email protected]> Date: Wed, 2 Nov 2016 16:38:09 +0100 Subject: [PATCH] libcrypto: Introduce a libcrypto compat file This is for OpenSSL 1.1.0 support. Signed-off-by: Jakub Jelen <[email protected]> Reviewed-by: Andreas Schneider <[email protected]> --- src/CMakeLists.txt | 1 + src/libcrypto-compat.c | 335 +++++++++++++++++++++++++++++++++++++++++++++++++ src/libcrypto-compat.h | 42 +++++++ 3 files changed, 378 insertions(+) create mode 100644 src/libcrypto-compat.c create mode 100644 src/libcrypto-compat.h diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index ab9f1843..3c22dfac 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -126,6 +126,7 @@ set(libssh_SRCS known_hosts.c legacy.c libcrypto.c + libcrypto-compat.c log.c match.c messages.c diff --git a/src/libcrypto-compat.c b/src/libcrypto-compat.c new file mode 100644 index 00000000..1f27dd5f --- /dev/null +++ b/src/libcrypto-compat.c @@ -0,0 +1,335 @@ +/* + * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include <openssl/opensslv.h> +#if OPENSSL_VERSION_NUMBER < 0x10100000L + +#include <string.h> +#include <openssl/engine.h> +#include "libcrypto-compat.h" + +static void *OPENSSL_zalloc(size_t num) +{ + void *ret = OPENSSL_malloc(num); + + if (ret != NULL) + memset(ret, 0, num); + return ret; +} + +int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d) +{ + /* If the fields n and e in r are NULL, the corresponding input + * parameters MUST be non-NULL for n and e. d may be + * left NULL (in case only the public key is used). + */ + if ((r->n == NULL && n == NULL) + || (r->e == NULL && e == NULL)) + return 0; + + if (n != NULL) { + BN_free(r->n); + r->n = n; + } + if (e != NULL) { + BN_free(r->e); + r->e = e; + } + if (d != NULL) { + BN_free(r->d); + r->d = d; + } + + return 1; +} + +int RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q) +{ + /* If the fields p and q in r are NULL, the corresponding input + * parameters MUST be non-NULL. + */ + if ((r->p == NULL && p == NULL) + || (r->q == NULL && q == NULL)) + return 0; + + if (p != NULL) { + BN_free(r->p); + r->p = p; + } + if (q != NULL) { + BN_free(r->q); + r->q = q; + } + + return 1; +} + +int RSA_set0_crt_params(RSA *r, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp) +{ + /* If the fields dmp1, dmq1 and iqmp in r are NULL, the corresponding input + * parameters MUST be non-NULL. + */ + if ((r->dmp1 == NULL && dmp1 == NULL) + || (r->dmq1 == NULL && dmq1 == NULL) + || (r->iqmp == NULL && iqmp == NULL)) + return 0; + + if (dmp1 != NULL) { + BN_free(r->dmp1); + r->dmp1 = dmp1; + } + if (dmq1 != NULL) { + BN_free(r->dmq1); + r->dmq1 = dmq1; + } + if (iqmp != NULL) { + BN_free(r->iqmp); + r->iqmp = iqmp; + } + + return 1; +} + +void RSA_get0_key(const RSA *r, + const BIGNUM **n, const BIGNUM **e, const BIGNUM **d) +{ + if (n != NULL) + *n = r->n; + if (e != NULL) + *e = r->e; + if (d != NULL) + *d = r->d; +} + +void RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q) +{ + if (p != NULL) + *p = r->p; + if (q != NULL) + *q = r->q; +} + +void RSA_get0_crt_params(const RSA *r, + const BIGNUM **dmp1, const BIGNUM **dmq1, + const BIGNUM **iqmp) +{ + if (dmp1 != NULL) + *dmp1 = r->dmp1; + if (dmq1 != NULL) + *dmq1 = r->dmq1; + if (iqmp != NULL) + *iqmp = r->iqmp; +} + +void DSA_get0_pqg(const DSA *d, + const BIGNUM **p, const BIGNUM **q, const BIGNUM **g) +{ + if (p != NULL) + *p = d->p; + if (q != NULL) + *q = d->q; + if (g != NULL) + *g = d->g; +} + +int DSA_set0_pqg(DSA *d, BIGNUM *p, BIGNUM *q, BIGNUM *g) +{ + /* If the fields p, q and g in d are NULL, the corresponding input + * parameters MUST be non-NULL. + */ + if ((d->p == NULL && p == NULL) + || (d->q == NULL && q == NULL) + || (d->g == NULL && g == NULL)) + return 0; + + if (p != NULL) { + BN_free(d->p); + d->p = p; + } + if (q != NULL) { + BN_free(d->q); + d->q = q; + } + if (g != NULL) { + BN_free(d->g); + d->g = g; + } + + return 1; +} + +void DSA_get0_key(const DSA *d, + const BIGNUM **pub_key, const BIGNUM **priv_key) +{ + if (pub_key != NULL) + *pub_key = d->pub_key; + if (priv_key != NULL) + *priv_key = d->priv_key; +} + +int DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key) +{ + /* If the field pub_key in d is NULL, the corresponding input + * parameters MUST be non-NULL. The priv_key field may + * be left NULL. + */ + if (d->pub_key == NULL && pub_key == NULL) + return 0; + + if (pub_key != NULL) { + BN_free(d->pub_key); + d->pub_key = pub_key; + } + if (priv_key != NULL) { + BN_free(d->priv_key); + d->priv_key = priv_key; + } + + return 1; +} + +void DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps) +{ + if (pr != NULL) + *pr = sig->r; + if (ps != NULL) + *ps = sig->s; +} + +int DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s) +{ + if (r == NULL || s == NULL) + return 0; + BN_clear_free(sig->r); + BN_clear_free(sig->s); + sig->r = r; + sig->s = s; + return 1; +} + +void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps) +{ + if (pr != NULL) + *pr = sig->r; + if (ps != NULL) + *ps = sig->s; +} + +int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s) +{ + if (r == NULL || s == NULL) + return 0; + BN_clear_free(sig->r); + BN_clear_free(sig->s); + sig->r = r; + sig->s = s; + return 1; +} + +EVP_MD_CTX *EVP_MD_CTX_new(void) +{ + return OPENSSL_zalloc(sizeof(EVP_MD_CTX)); +} + +static void OPENSSL_clear_free(void *str, size_t num) +{ + if (str == NULL) + return; + if (num) + OPENSSL_cleanse(str, num); + OPENSSL_free(str); +} + +/* This call frees resources associated with the context */ +int EVP_MD_CTX_reset(EVP_MD_CTX *ctx) +{ + if (ctx == NULL) + return 1; + + /* + * Don't assume ctx->md_data was cleaned in EVP_Digest_Final, because + * sometimes only copies of the context are ever finalised. + */ + if (ctx->digest && ctx->digest->cleanup + && !EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_CLEANED)) + ctx->digest->cleanup(ctx); + if (ctx->digest && ctx->digest->ctx_size && ctx->md_data + && !EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_REUSE)) { + OPENSSL_clear_free(ctx->md_data, ctx->digest->ctx_size); + } + EVP_PKEY_CTX_free(ctx->pctx); +#ifndef OPENSSL_NO_ENGINE + ENGINE_finish(ctx->engine); +#endif + OPENSSL_cleanse(ctx, sizeof(*ctx)); + + return 1; +} + +void EVP_MD_CTX_free(EVP_MD_CTX *ctx) +{ + EVP_MD_CTX_reset(ctx); + OPENSSL_free(ctx); +} + +HMAC_CTX *HMAC_CTX_new(void) +{ + HMAC_CTX *ctx = OPENSSL_zalloc(sizeof(HMAC_CTX)); + + if (ctx != NULL) { + if (!HMAC_CTX_reset(ctx)) { + HMAC_CTX_free(ctx); + return NULL; + } + } + return ctx; +} + +static void hmac_ctx_cleanup(HMAC_CTX *ctx) +{ + EVP_MD_CTX_reset(&ctx->i_ctx); + EVP_MD_CTX_reset(&ctx->o_ctx); + EVP_MD_CTX_reset(&ctx->md_ctx); + ctx->md = NULL; + ctx->key_length = 0; + OPENSSL_cleanse(ctx->key, sizeof(ctx->key)); +} + +void HMAC_CTX_free(HMAC_CTX *ctx) +{ + if (ctx != NULL) { + hmac_ctx_cleanup(ctx); + EVP_MD_CTX_free(&ctx->i_ctx); + EVP_MD_CTX_free(&ctx->o_ctx); + EVP_MD_CTX_free(&ctx->md_ctx); + OPENSSL_free(ctx); + } +} + +int HMAC_CTX_reset(HMAC_CTX *ctx) +{ + HMAC_CTX_init(ctx); + return 1; +} + +EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void) +{ + return OPENSSL_zalloc(sizeof(EVP_CIPHER_CTX)); +} + +void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx) +{ + /* EVP_CIPHER_CTX_reset(ctx); alias */ + EVP_CIPHER_CTX_init(ctx); + OPENSSL_free(ctx); +} + +#else +typedef int iso_c_forbids_an_empty_source_file; +#endif /* OPENSSL_VERSION_NUMBER */ diff --git a/src/libcrypto-compat.h b/src/libcrypto-compat.h new file mode 100644 index 00000000..21542c65 --- /dev/null +++ b/src/libcrypto-compat.h @@ -0,0 +1,42 @@ +#ifndef LIBCRYPTO_COMPAT_H +#define LIBCRYPTO_COMPAT_H + +#include <openssl/opensslv.h> +#if OPENSSL_VERSION_NUMBER < 0x10100000L + +#include <openssl/rsa.h> +#include <openssl/dsa.h> +#include <openssl/ecdsa.h> +#include <openssl/dh.h> +#include <openssl/evp.h> +#include <openssl/hmac.h> + +int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d); +int RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q); +int RSA_set0_crt_params(RSA *r, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp); +void RSA_get0_key(const RSA *r, const BIGNUM **n, const BIGNUM **e, const BIGNUM **d); +void RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q); +void RSA_get0_crt_params(const RSA *r, const BIGNUM **dmp1, const BIGNUM **dmq1, const BIGNUM **iqmp); + +void DSA_get0_pqg(const DSA *d, const BIGNUM **p, const BIGNUM **q, const BIGNUM **g); +int DSA_set0_pqg(DSA *d, BIGNUM *p, BIGNUM *q, BIGNUM *g); +void DSA_get0_key(const DSA *d, const BIGNUM **pub_key, const BIGNUM **priv_key); +int DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key); + +void DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps); +int DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s); + +void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps); +int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s); + +int EVP_MD_CTX_reset(EVP_MD_CTX *ctx); +EVP_MD_CTX *EVP_MD_CTX_new(void); +void EVP_MD_CTX_free(EVP_MD_CTX *ctx); + +HMAC_CTX *HMAC_CTX_new(void); +int HMAC_CTX_reset(HMAC_CTX *ctx); +void HMAC_CTX_free(HMAC_CTX *ctx); + +#endif /* OPENSSL_VERSION_NUMBER */ + +#endif /* LIBCRYPTO_COMPAT_H */ -- 2.13.5 ++++++ 0001-libcrypto-Remove-AES_ctr128_encrypt.patch ++++++ >From d73f665edddfaa8f5a51e4c294d205f6e60a5854 Mon Sep 17 00:00:00 2001 From: Jakub Jelen <[email protected]> Date: Wed, 2 Nov 2016 16:20:46 +0100 Subject: [PATCH] libcrypto: Remove AES_ctr128_encrypt() This is for OpenSSL 1.1.0. Signed-off-by: Jakub Jelen <[email protected]> Reviewed-by: Andreas Schneider <[email protected]> --- src/libcrypto.c | 4 ++++ 1 file changed, 4 insertions(+) Index: libssh-0.7.5/src/libcrypto.c =================================================================== --- libssh-0.7.5.orig/src/libcrypto.c 2017-08-22 09:33:23.362303166 +0200 +++ libssh-0.7.5/src/libcrypto.c 2017-08-22 09:34:19.763181332 +0200 @@ -455,7 +455,11 @@ static void aes_ctr128_encrypt(struct ss * Same for num, which is being used to store the current offset in blocksize in CTR * function. */ +# if OPENSSL_VERSION_NUMBER >= 0x10100000L + CRYPTO_ctr128_encrypt(in, out, len, &cipher->aes_key->key, cipher->aes_key->IV, tmp_buffer, &num, (block128_f)AES_encrypt); +# else AES_ctr128_encrypt(in, out, len, cipher->key, cipher->IV, tmp_buffer, &num); +# endif /* OPENSSL_VERSION_NUMBER >= 0x10100000L */ } #endif /* BROKEN_AES_CTR */ #endif /* HAS_AES */ ++++++ 0001-libcrypto-Use-a-pointer-for-EVP_CIPHER_CTX.patch ++++++ >From 5d2e9ee66efb6bae9941987cc09a98867ae9ba6d Mon Sep 17 00:00:00 2001 From: Jakub Jelen <[email protected]> Date: Sat, 5 Nov 2016 16:54:02 +0100 Subject: [PATCH] libcrypto: Use a pointer for EVP_CIPHER_CTX This has been made opaque and it needs to be a pointer. This is for OpenSSL 1.1.0 support. Signed-off-by: Jakub Jelen <[email protected]> Reviewed-by: Andreas Schneider <[email protected]> --- include/libssh/crypto.h | 2 +- src/libcrypto.c | 23 ++++++++++++++--------- src/wrapper.c | 3 +++ 3 files changed, 18 insertions(+), 10 deletions(-) Index: libssh-0.7.5/src/libcrypto.c =================================================================== --- libssh-0.7.5.orig/src/libcrypto.c 2017-09-15 11:28:54.851673060 +0200 +++ libssh-0.7.5/src/libcrypto.c 2017-09-15 11:28:56.863704697 +0200 @@ -43,6 +43,7 @@ #include <openssl/hmac.h> #include <openssl/opensslv.h> #include <openssl/rand.h> +#include "libcrypto-compat.h" #ifdef HAVE_OPENSSL_AES_H #define HAS_AES ++++++ 0001-libcrypto-Use-a-pointer-for-EVP_MD_CTX.patch ++++++ >From 607c671f67de2443e39ef571122c0c0e0d150e3a Mon Sep 17 00:00:00 2001 From: Jakub Jelen <[email protected]> Date: Sat, 5 Nov 2016 16:52:41 +0100 Subject: [PATCH] libcrypto: Use a pointer for EVP_MD_CTX This is for OpenSSL 1.1.0 support. Signed-off-by: Jakub Jelen <[email protected]> Reviewed-by: Andreas Schneider <[email protected]> --- src/libcrypto.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/src/libcrypto.c b/src/libcrypto.c index 64c92eaa..622b4470 100644 --- a/src/libcrypto.c +++ b/src/libcrypto.c @@ -135,18 +135,19 @@ static const EVP_MD *nid_to_evpmd(int nid) void evp(int nid, unsigned char *digest, int len, unsigned char *hash, unsigned int *hlen) { const EVP_MD *evp_md = nid_to_evpmd(nid); - EVP_MD_CTX md; + EVP_MD_CTX *md = EVP_MD_CTX_new(); - EVP_DigestInit(&md, evp_md); - EVP_DigestUpdate(&md, digest, len); - EVP_DigestFinal(&md, hash, hlen); + EVP_DigestInit(md, evp_md); + EVP_DigestUpdate(md, digest, len); + EVP_DigestFinal(md, hash, hlen); + EVP_MD_CTX_free(md); } EVPCTX evp_init(int nid) { const EVP_MD *evp_md = nid_to_evpmd(nid); - EVPCTX ctx = malloc(sizeof(EVP_MD_CTX)); + EVPCTX ctx = EVP_MD_CTX_new(); if (ctx == NULL) { return NULL; } -- 2.13.5 ++++++ 0001-libcrypto-Use-newer-API-for-HMAC.patch ++++++ >From cf1e808e2ffa1f26644fb5d2cb82a919f323deba Mon Sep 17 00:00:00 2001 From: Jakub Jelen <[email protected]> Date: Sat, 5 Nov 2016 16:51:05 +0100 Subject: [PATCH] libcrypto: Use newer API for HMAC This is for OpenSSL 1.1.0 support. Signed-off-by: Jakub Jelen <[email protected]> Reviewed-by: Andreas Schneider <[email protected]> --- src/libcrypto.c | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/src/libcrypto.c b/src/libcrypto.c index 19065bd6..64c92eaa 100644 --- a/src/libcrypto.c +++ b/src/libcrypto.c @@ -378,32 +378,33 @@ void ssh_mac_final(unsigned char *md, ssh_mac_ctx ctx) { HMACCTX hmac_init(const void *key, int len, enum ssh_hmac_e type) { HMACCTX ctx = NULL; - ctx = malloc(sizeof(*ctx)); + ctx = HMAC_CTX_new(); if (ctx == NULL) { return NULL; } #ifndef OLD_CRYPTO - HMAC_CTX_init(ctx); // openssl 0.9.7 requires it. + HMAC_CTX_reset(ctx); // openssl 0.9.7 requires it. #endif switch(type) { case SSH_HMAC_SHA1: - HMAC_Init(ctx, key, len, EVP_sha1()); + HMAC_Init_ex(ctx, key, len, EVP_sha1(), NULL); break; case SSH_HMAC_SHA256: - HMAC_Init(ctx, key, len, EVP_sha256()); + HMAC_Init_ex(ctx, key, len, EVP_sha256(), NULL); break; case SSH_HMAC_SHA384: - HMAC_Init(ctx, key, len, EVP_sha384()); + HMAC_Init_ex(ctx, key, len, EVP_sha384(), NULL); break; case SSH_HMAC_SHA512: - HMAC_Init(ctx, key, len, EVP_sha512()); + HMAC_Init_ex(ctx, key, len, EVP_sha512(), NULL); break; case SSH_HMAC_MD5: - HMAC_Init(ctx, key, len, EVP_md5()); + HMAC_Init_ex(ctx, key, len, EVP_md5(), NULL); break; default: + HMAC_CTX_free(ctx); SAFE_FREE(ctx); ctx = NULL; } @@ -419,7 +420,7 @@ void hmac_final(HMACCTX ctx, unsigned char *hashmacbuf, unsigned int *len) { HMAC_Final(ctx,hashmacbuf,len); #ifndef OLD_CRYPTO - HMAC_CTX_cleanup(ctx); + HMAC_CTX_reset(ctx); #else HMAC_cleanup(ctx); #endif -- 2.13.5 ++++++ 0001-pki_crypto-Use-getters-and-setters-for-opaque-keys-a.patch ++++++ ++++ 601 lines (skipped) ++++++ 0001-threads-Use-new-API-call-for-OpenSSL-CRYPTO-THREADID.patch ++++++ >From 2dff359a331c5c9aab2435c470596b0fee7a502a Mon Sep 17 00:00:00 2001 From: Andreas Schneider <[email protected]> Date: Sun, 6 Nov 2016 12:07:32 +0100 Subject: [PATCH] threads: Use new API call for OpenSSL CRYPTO THREADID BUG: https://red.libssh.org/issues/222 Signed-off-by: Andreas Schneider <[email protected]> --- ConfigureChecks.cmake | 3 +++ config.h.cmake | 3 +++ src/threads.c | 19 +++++++++++++++++-- 3 files changed, 23 insertions(+), 2 deletions(-) Index: libssh-0.7.5/ConfigureChecks.cmake =================================================================== --- libssh-0.7.5.orig/ConfigureChecks.cmake 2017-08-22 09:52:57.756607716 +0200 +++ libssh-0.7.5/ConfigureChecks.cmake 2017-08-22 09:53:16.480897731 +0200 @@ -91,6 +91,10 @@ if (OPENSSL_FOUND) set(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR}) check_include_file(openssl/ecdsa.h HAVE_OPENSSL_ECDSA_H) + + set(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR}) + set(CMAKE_REQUIRED_LIBRARIES ${OPENSSL_CRYPTO_LIBRARY}) + check_function_exists(CRYPTO_THREADID_set_callback HAVE_OPENSSL_CRYPTO_THREADID_SET_CALLBACK) endif() if (CMAKE_HAVE_PTHREAD_H) Index: libssh-0.7.5/config.h.cmake =================================================================== --- libssh-0.7.5.orig/config.h.cmake 2017-08-22 09:52:41.940362760 +0200 +++ libssh-0.7.5/config.h.cmake 2017-08-22 09:52:57.756607716 +0200 @@ -76,6 +76,9 @@ /*************************** FUNCTIONS ***************************/ +/* Define to 1 if you have the `CRYPTO_THREADID_set_callback' function. */ +#cmakedefine HAVE_OPENSSL_CRYPTO_THREADID_SET_CALLBACK 1 + /* Define to 1 if you have the `snprintf' function. */ #cmakedefine HAVE_SNPRINTF 1 Index: libssh-0.7.5/src/threads.c =================================================================== --- libssh-0.7.5.orig/src/threads.c 2017-08-22 09:52:41.944362821 +0200 +++ libssh-0.7.5/src/threads.c 2017-08-22 09:52:57.756607716 +0200 @@ -116,6 +116,15 @@ static void libcrypto_lock_callback(int } } +#ifdef HAVE_OPENSSL_CRYPTO_THREADID_SET_CALLBACK +static void libcrypto_THREADID_callback(CRYPTO_THREADID *id) +{ + unsigned long thread_id = (*user_callbacks->thread_id)(); + + CRYPTO_THREADID_set_numeric(id, thread_id); +} +#endif /* HAVE_OPENSSL_CRYPTO_THREADID_SET_CALLBACK */ + static int libcrypto_thread_init(void){ int n=CRYPTO_num_locks(); int i; @@ -127,8 +136,14 @@ static int libcrypto_thread_init(void){ for (i=0;i<n;++i){ user_callbacks->mutex_init(&libcrypto_mutexes[i]); } - CRYPTO_set_id_callback(user_callbacks->thread_id); - CRYPTO_set_locking_callback(libcrypto_lock_callback); + +#ifdef HAVE_OPENSSL_CRYPTO_THREADID_SET_CALLBACK + CRYPTO_THREADID_set_callback(libcrypto_THREADID_callback); +#else + CRYPTO_set_id_callback(user_callbacks->thread_id); +#endif + + CRYPTO_set_locking_callback(libcrypto_lock_callback); return SSH_OK; }
