Accepting request 547923 from home:garloff:branches:Base:System

- Update to 1.99.8: * Support openssl-1.1 (patch from Marcus Meissner) * cryptalgo->recycle to reuse crypto context (neeeded for openssl) * Fix memleak in test_aes * Use test_aes in check target to ensure all algorithms work * Use std probe mech in test_aes, so we don't fail with SIGILL * Fix build without openssl OBS-URL: https://build.opensuse.org/request/show/547923 OBS-URL: https://build.opensuse.org/package/show/Base:System/dd_rescue?expand=0&rev=39
2017-12-04 08:13:50 +00:00 · 2017-12-04 08:13:50 +00:00 · e05c271a76
commit e05c271a76
parent f6a3f2f774
7 changed files with 36 additions and 466 deletions
--- a/dd_rescue-1.99.7.tar.bz2
+++ b/dd_rescue-1.99.7.tar.bz2
@ -1,3 +0,0 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:24c7ef2d3195b1e2e42f705e773613a474129eea63556e805cf0b41243446134
 size 172414
--- a/dd_rescue-1.99.7.tar.bz2.asc
+++ b/dd_rescue-1.99.7.tar.bz2.asc
@ -1,17 +0,0 @@
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 iQIVAwUAWgWkI95PGzor/8W/AQjV2Q/7BzIFxNqmiCxBCuLuSZhnG6hfiWMUNIY3
 moKs3DphPDj+OU4sLtMwRz2at4LGIH4pBVyWHAS4FPh/LRI2Jl6przzgP9oQeFiS
 rWKUAhXhzc5S3wZKJNILI7HcAC7W99PDTqyjKSES5WujwPIgCxncBW2Fv9WAur/6
 M/8FvzAOwZMXf+JLbyI+QJggyRLgedBz1DhFyb5k21SryeUkHufqkpS0FEbdkSvm
 RJbXaa+UIX3K4Z70LRcNuAmvpbpo+p3L3GROQcrcrehoOcLkH7vtsadJi97H0pvk
 5qFLPiT2rs6JIxRUCpHRmV3z2+7rIiD7TH/bt+vmqWyDKWctAoZP+aLfP478yGk1
 Y1m7MBVmpUxZWjBWkrQD9vwHTtQdgHgjSg4Fxh7slBMVBJdgSJhpAzSjkVnlp8Ax
 R+/b06FAjNAdN9HWiXiRcSHaGuIFXYgfjd1SgLyT4nn6junOsepQFK5652i3Cb2b
 XOyr7BCd/RtRapqjn3gqWidkDKjAyfr/Va3RqmZyVhLvMS+2mCcMmruQ92+lVr4D
 Cwe0yGEONagveA7oyuJK86rXBChUdJs2maoU92nwe0WJeo/qFv6NGWnRg/bCGVeg
 D8uHzyp75lTTpfqJ3GPpbJCsOHa1z8mZ1tHOXrJ/1LPpiuTz0s+9T4PZ43NmW45M
 v3S49wOzPTQ=
 =I9NO
 -----END PGP SIGNATURE-----
--- a/dd_rescue-1.99.8.tar.bz2
+++ b/dd_rescue-1.99.8.tar.bz2
@ -0,0 +1,3 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:90db76716af6a6a2370d9726804ff26cc63e61109af9967078a5eb941faa7dbd
 size 174594
--- a/dd_rescue-1.99.8.tar.bz2.asc
+++ b/dd_rescue-1.99.8.tar.bz2.asc
@ -0,0 +1,17 @@
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2
 iQIVAwUAWiR0qt5PGzor/8W/AQhhLg//WUrDjN/VeduumCk+CIO5uA0V0ld1BZqs
 caCa4kJW1tOeDtuIsHmgicumTlKYebhPvgo695sumDr+3yOd/5uF/7YyQjsbLhL+
 xukhPD4g6KUEk3lbT91rEvPp0aulY8ZLkYd1IY0O5eJWE0d9laYOvs2F5/ZBftvd
 9CD7lc1Df+KLnKvbywif9AfJkugP4Twypgo8WEyXAuQGZw4Nx+av3E2yYWLrW4g6
 nVSzTAr5DMqBQgoJvK8LfXyybCsa6/gqJEgU+fsfZ2ucQrFn29CY5iqCuRRcxH19
 vq2fsduJ/0w1cTCM6nVTm5EaSBcCAER0B/g0OU9cFZ3sqLUkYgiB/qwWAKg5yKv9
 BQys6/HGytbxYXi75vp9XL2k+FAkgeTCmrfIs9grPXHXZULltomeVEl7bHr2YD8T
 +0/2CMoyusQmMN87n1DvCX9KGa4AzAfgPvUEvimWK2nwjd4u4vIvh3TMBu3qeaa3
 a2Tc0GeXcjLHmSER98y7gRlOaz/rnNvH+8wOX6gPy8pGPnr5/+vGeWrw1h+Vxau2
 w90G4/gGW7FAog7WpDxZNPG8YLiH3hBgISXo1OXertkTXOKl8ytmn21zbMKYBanW
 CJ7QMsBGrYXSQrnBtCFqzSwKsEcOSOkASQh9A0YWceTrF2MpoSFsEBqXHxcheoeQ
 DbdAjCIjHcU=
 =ZkW1
 -----END PGP SIGNATURE-----
--- a/dd_rescue-openssl11.patch
+++ b/dd_rescue-openssl11.patch
@ -1,440 +0,0 @@
 Index: dd_rescue-1.99.7/aes_ossl.c
 ===================================================================
 --- dd_rescue-1.99.7.orig/aes_ossl.c
 +++ dd_rescue-1.99.7/aes_ossl.c
@@ -17,15 +17,17 @@
 void AES_OSSL_Bits_EKey_Expand(const EVP_CIPHER *cipher, const unsigned char* userkey, unsigned char *ctx)
 {
 -	EVP_CIPHER_CTX *evpctx = (EVP_CIPHER_CTX*)ctx;
 -	EVP_CIPHER_CTX_init(evpctx);
 -	EVP_EncryptInit_ex(evpctx, cipher, NULL, userkey, NULL);
 +	EVP_CIPHER_CTX **evpctx = (EVP_CIPHER_CTX**)ctx;
 +	evpctx[0] = EVP_CIPHER_CTX_new();						\
 +	EVP_CIPHER_CTX_init(evpctx[0]);
 +	EVP_EncryptInit_ex(evpctx[0], cipher, NULL, userkey, NULL);
 }
 void AES_OSSL_Bits_DKey_Expand(const EVP_CIPHER *cipher, const unsigned char* userkey, unsigned char *ctx)
 {
 -	EVP_CIPHER_CTX *evpctx = (EVP_CIPHER_CTX*)ctx;
 -	EVP_CIPHER_CTX_init(evpctx);
 -	EVP_DecryptInit_ex(evpctx, cipher, NULL, userkey, NULL);
 +	EVP_CIPHER_CTX **evpctx = (EVP_CIPHER_CTX**)ctx;
 +	evpctx[0] = EVP_CIPHER_CTX_new();						\
 +	EVP_CIPHER_CTX_init(evpctx[0]);
 +	EVP_DecryptInit_ex(evpctx[0], cipher, NULL, userkey, NULL);
 }
@@ -48,28 +50,27 @@ int AES_OSSL_##BITCHAIN##_Encrypt(const
 				ssize_t len, ssize_t *flen)			\
 {								\
 	int olen, elen, ores;					\
 -	EVP_CIPHER_CTX *evpctx = (EVP_CIPHER_CTX*)ctx;		\
 -	EVP_EncryptInit(evpctx, NULL, NULL, NULL);		\
 -	EVP_CIPHER_CTX_set_padding(evpctx, DOPAD? pad: 0);	\
 +	EVP_CIPHER_CTX **evpctx = (EVP_CIPHER_CTX**)ctx;	\
 +	EVP_CIPHER_CTX_set_padding(evpctx[0], DOPAD? pad: 0);	\
 	if (IV) {						\
 -		memcpy(evpctx->oiv, iv, 16); memcpy(evpctx->iv, iv, 16);	\
 +		memcpy(EVP_CIPHER_CTX_original_iv(evpctx[0]), iv, 16); memcpy(EVP_CIPHER_CTX_iv_noconst(evpctx[0]), iv, 16);	\
 	}							\
        	if (DOPAD && !pad && (len&15)) {			\
 -		ores = EVP_EncryptUpdate(evpctx, out, &olen, in, len-(len&15));	\
 +		ores = EVP_EncryptUpdate(evpctx[0], out, &olen, in, len-(len&15));	\
 		assert(ores);					\
 		uchar ibf[16];					\
 		memcpy(ibf, in+olen, len&15);			\
 		memset(ibf+(len&15), 0, 16-(len&15));		\
 -		ores = EVP_EncryptUpdate(evpctx, out+olen, &elen, ibf, 16);	\
 +		ores = EVP_EncryptUpdate(evpctx[0], out+olen, &elen, ibf, 16);	\
 		memset(ibf, 0, len&15);				\
 		asm("":::"memory");				\
 		assert(ores);					\
 	} else {								\
 		if (DOPAD && !(len%15) && pad == PAD_ASNEEDED)	\
 -			EVP_CIPHER_CTX_set_padding(evpctx, 0);	\
 -		ores = EVP_EncryptUpdate(evpctx, out, &olen, in, len);		\
 +			EVP_CIPHER_CTX_set_padding(evpctx[0], 0);	\
 +		ores = EVP_EncryptUpdate(evpctx[0], out, &olen, in, len);		\
 		assert(ores);					\
 -		ores = EVP_EncryptFinal(evpctx, out+olen, &elen);\
 +		ores = EVP_EncryptFinal(evpctx[0], out+olen, &elen);\
 		assert(ores);					\
 		if (0 && elen && (len&15)) olen -= 16;		\
 	}							\
@@ -80,7 +81,7 @@ int AES_OSSL_##BITCHAIN##_Encrypt(const
 		fprintf(stderr, "Encryption length mismatch %i+%i != %zi\n",	\
 			olen, elen, len);			\
 	if (IV)							\
 -		memcpy(iv, evpctx->iv, 16);			\
 +		memcpy(iv, EVP_CIPHER_CTX_iv(evpctx[0]), 16);			\
 	return (DOPAD && (pad == PAD_ALWAYS || (len&15)))? 16-(len&15): 0;	\
 };								\
 int AES_OSSL_##BITCHAIN##_Decrypt(const unsigned char* ctx, unsigned int rounds,\
@@ -90,49 +91,48 @@ int AES_OSSL_##BITCHAIN##_Decrypt(const
 {								\
 	int olen, elen = 0, ores;				\
 	int ilen = (len&15)? len+15-(len&15): len;		\
 -	EVP_CIPHER_CTX *evpctx = (EVP_CIPHER_CTX*)ctx;		\
 -	EVP_DecryptInit(evpctx, NULL, NULL, NULL);		\
 -	EVP_CIPHER_CTX_set_padding(evpctx, DOPAD && pad != PAD_ASNEEDED?pad:0);	\
 +	EVP_CIPHER_CTX **evpctx = (EVP_CIPHER_CTX**)ctx;	\
 +	EVP_CIPHER_CTX_set_padding(evpctx[0], DOPAD && pad != PAD_ASNEEDED?pad:0);	\
 	if (IV) {						\
 -		memcpy(evpctx->oiv, iv, 16); memcpy(evpctx->iv, iv, 16);	\
 +		memcpy(EVP_CIPHER_CTX_original_iv(evpctx[0]), iv, 16); memcpy(EVP_CIPHER_CTX_iv_noconst(evpctx[0]), iv, 16);	\
 	}							\
 	if (DOPAD && pad == PAD_ASNEEDED) {			\
 		int olen1;					\
 		uchar buf[16];					\
 -		ores = EVP_DecryptUpdate(evpctx, out, &olen, in, ilen-16);	\
 +		ores = EVP_DecryptUpdate(evpctx[0], out, &olen, in, ilen-16);	\
 		assert(ores);					\
 -		EVP_CIPHER_CTX ctx2;				\
 -		memcpy(&ctx2, evpctx, sizeof(ctx2));		\
 +		EVP_CIPHER_CTX *ctx2 = EVP_CIPHER_CTX_new();	\
 +		EVP_CIPHER_CTX_copy(ctx2, evpctx[0]);		\
 		/* Save piece that gets overwritten */		\
 		if (in == out)					\
 			memcpy(buf, out+olen, 16);		\
 -		EVP_CIPHER_CTX_set_padding(evpctx, 1);		\
 -		ores = EVP_DecryptUpdate(evpctx, out+olen, &olen1, in+ilen-16, 16);	\
 +		EVP_CIPHER_CTX_set_padding(evpctx[0], 1);		\
 +		ores = EVP_DecryptUpdate(evpctx[0], out+olen, &olen1, in+ilen-16, 16);	\
 		assert(ores); assert(!olen1);			\
 -		ores = EVP_DecryptFinal(evpctx, out+olen, &elen);		\
 +		ores = EVP_DecryptFinal(evpctx[0], out+olen, &elen);		\
 		if (!ores) {					\
 -			memcpy(evpctx, &ctx2, sizeof(ctx2));	\
 +			EVP_CIPHER_CTX_copy(evpctx[0], ctx2);	\
 			if (in == out)				\
 				memcpy(out+olen, buf, 16);	\
 -			ores = EVP_DecryptUpdate(evpctx, out+olen, &olen1, in+ilen-16, 16);	\
 +			ores = EVP_DecryptUpdate(evpctx[0], out+olen, &olen1, in+ilen-16, 16);	\
 			assert(ores); assert(olen1 == 16);	\
 			olen += olen1;				\
 -			ores = EVP_DecryptFinal(evpctx, out+olen, &elen);	\
 +			ores = EVP_DecryptFinal(evpctx[0], out+olen, &elen);	\
 			assert(ores);				\
 		}						\
 -		memset(&ctx2, 0, sizeof(ctx2));			\
 +		EVP_CIPHER_CTX_free(ctx2);			\
 		asm("":::"memory");				\
 	} else {						\
 -		ores = EVP_DecryptUpdate(evpctx, out, &olen, in, ilen);	\
 +		ores = EVP_DecryptUpdate(evpctx[0], out, &olen, in, ilen);	\
 		assert(ores);					\
 -		ores = EVP_DecryptFinal(evpctx, out+olen, &elen);	\
 +		ores = EVP_DecryptFinal(evpctx[0], out+olen, &elen);	\
 	}							\
 	if (DOPAD && pad) {					\
 		*flen = olen + elen;				\
 	} else							\
 		*flen = len;					\
 	if (IV)							\
 -		memcpy(iv, evpctx->iv, 16);			\
 +		memcpy(iv, EVP_CIPHER_CTX_iv(evpctx[0]), 16);	\
 	if (DOPAD && pad == PAD_ASNEEDED)			\
 		return (elen? 16-elen: 1);			\
 	return ores - 1;					\
@@ -140,8 +140,8 @@ int AES_OSSL_##BITCHAIN##_Decrypt(const
 void AES_OSSL_Release(unsigned char *ctx, unsigned int rounds)
 {
 -	EVP_CIPHER_CTX *evpctx = (EVP_CIPHER_CTX*)ctx;
 -	EVP_CIPHER_CTX_cleanup(evpctx);
 +	EVP_CIPHER_CTX **evpctx = (EVP_CIPHER_CTX**)ctx;
 +	EVP_CIPHER_CTX_cleanup(evpctx[0]);
 }
 AES_OSSL_KEY_EX(128, AES_128_ROUNDS, ecb);
@@ -180,37 +180,41 @@ AES_OSSL_CRYPT(256_CTR, 1, 0);
 void AES_OSSL_Bits_EKey_ExpandX2(const EVP_CIPHER *cipher, const unsigned char* userkey, unsigned char *ctx, unsigned int bits)
 {
 -	EVP_CIPHER_CTX *evpctx = (EVP_CIPHER_CTX*)ctx;
 -	EVP_CIPHER_CTX_init(evpctx);
 -	EVP_EncryptInit_ex(evpctx, cipher, NULL, userkey, NULL);
 -	//EVP_CIPHER_CTX_set_padding(evpctx, 0);
 +	EVP_CIPHER_CTX **evpctx = (EVP_CIPHER_CTX**)ctx;
 +	evpctx[0] = EVP_CIPHER_CTX_new();						\
 +	evpctx[1] = EVP_CIPHER_CTX_new();						\
 +	EVP_CIPHER_CTX_init(evpctx[0]);
 +	EVP_EncryptInit_ex(evpctx[0], cipher, NULL, userkey, NULL);
 +	//EVP_CIPHER_CTX_set_padding(evpctx[0], 0);
 	hash_t hv;
 	sha256_init(&hv);
 	sha256_calc(userkey, bits/8, bits/8, &hv);
 	uchar usrkey2[32];
 	sha256_beout(usrkey2, &hv);
 	sha256_init(&hv);
 -	EVP_CIPHER_CTX_init(evpctx+1);
 -	EVP_EncryptInit_ex(evpctx+1, cipher, NULL, usrkey2, NULL);
 +	EVP_CIPHER_CTX_init(evpctx[1]);
 +	EVP_EncryptInit_ex(evpctx[1], cipher, NULL, usrkey2, NULL);
 	//EVP_CIPHER_CTX_set_padding(evpctx+1, 0);
 	memset(usrkey2, 0, 32);
 	asm("":::"memory");
 }
 void AES_OSSL_Bits_DKey_ExpandX2(const EVP_CIPHER *cipher, const unsigned char* userkey, unsigned char *ctx, unsigned int bits)
 {
 -	EVP_CIPHER_CTX *evpctx = (EVP_CIPHER_CTX*)ctx;
 -	EVP_CIPHER_CTX_init(evpctx);
 -	EVP_DecryptInit_ex(evpctx, cipher, NULL, userkey, NULL);
 -	//EVP_CIPHER_CTX_set_padding(evpctx, 0);
 +	EVP_CIPHER_CTX **evpctx = (EVP_CIPHER_CTX**)ctx;
 +	evpctx[0] = EVP_CIPHER_CTX_new();						\
 +	evpctx[1] = EVP_CIPHER_CTX_new();						\
 +	EVP_CIPHER_CTX_init(evpctx[0]);
 +	EVP_DecryptInit_ex(evpctx[0], cipher, NULL, userkey, NULL);
 +	//EVP_CIPHER_CTX_set_padding(evpctx[0], 0);
 	hash_t hv;
 	sha256_init(&hv);
 	sha256_calc(userkey, bits/8, bits/8, &hv);
 	uchar usrkey2[32];
 	sha256_beout(usrkey2, &hv);
 	sha256_init(&hv);
 -	EVP_CIPHER_CTX_init(evpctx+1);
 -	EVP_DecryptInit_ex(evpctx+1, cipher, NULL, usrkey2, NULL);
 -	//EVP_CIPHER_CTX_set_padding(evpctx+1, 0);
 +	EVP_CIPHER_CTX_init(evpctx[1]);
 +	EVP_DecryptInit_ex(evpctx[1], cipher, NULL, usrkey2, NULL);
 +	//EVP_CIPHER_CTX_set_padding(evpctx[1], 0);
 	memset(usrkey2, 0, 32);
 	asm("":::"memory");
 }
@@ -235,40 +239,40 @@ int  AES_OSSL_##BITCHAIN##_EncryptX2(con
 	       			ssize_t len, ssize_t *flen)				\
 {								\
 	int olen, elen, ores;					\
 -	EVP_CIPHER_CTX *evpctx = (EVP_CIPHER_CTX*)ctx;		\
 -	EVP_EncryptInit(evpctx, NULL, NULL, NULL);		\
 -	EVP_EncryptInit(evpctx+1, NULL, NULL, NULL);		\
 -	EVP_CIPHER_CTX_set_padding(evpctx, pad);		\
 -	EVP_CIPHER_CTX_set_padding(evpctx+1, 0);		\
 +	EVP_CIPHER_CTX **evpctx = (EVP_CIPHER_CTX**)ctx;	\
 +	EVP_EncryptInit(evpctx[0], NULL, NULL, NULL);		\
 +	EVP_EncryptInit(evpctx[1], NULL, NULL, NULL);		\
 +	EVP_CIPHER_CTX_set_padding(evpctx[0], pad);		\
 +	EVP_CIPHER_CTX_set_padding(evpctx[1], 0);		\
 	if (IV) {						\
 -		memcpy(evpctx->oiv, iv, 16); memcpy(evpctx->iv, iv, 16);		\
 -		memcpy((evpctx+1)->oiv, iv, 16); memcpy((evpctx+1)->iv, iv, 16);	\
 +		memcpy(EVP_CIPHER_CTX_original_iv(evpctx[0]), iv, 16); memcpy(EVP_CIPHER_CTX_iv_noconst(evpctx[0]), iv, 16);		\
 +		memcpy(EVP_CIPHER_CTX_original_iv(evpctx[1]), iv, 16); memcpy(EVP_CIPHER_CTX_iv_noconst(evpctx[1]), iv, 16);	\
 	}							\
        	if (!pad && (len&15)) {					\
 -		ores = EVP_EncryptUpdate(evpctx, out, &olen, in, len-(len&15));		\
 +		ores = EVP_EncryptUpdate(evpctx[0], out, &olen, in, len-(len&15));		\
 		assert(ores);					\
 		uchar ibf[16];					\
 		memcpy(ibf, in+olen, len&15);			\
 		memset(ibf+(len&15), 0, 16-(len&15));		\
 -		ores = EVP_EncryptUpdate(evpctx, out+olen, &elen, ibf, 16);		\
 +		ores = EVP_EncryptUpdate(evpctx[0], out+olen, &elen, ibf, 16);		\
 		memset(ibf, 0, len&15);				\
 		asm("":::"memory");				\
 		assert(ores);					\
 	} else {						\
 -		ores = EVP_EncryptUpdate(evpctx, out, &olen, in, len);	\
 +		ores = EVP_EncryptUpdate(evpctx[0], out, &olen, in, len);	\
 		assert(ores);					\
 -		ores = EVP_EncryptFinal(evpctx, out+olen, &elen);	\
 +		ores = EVP_EncryptFinal(evpctx[0], out+olen, &elen);	\
 		assert(ores);					\
 	}							\
 -	ores = EVP_EncryptUpdate(evpctx+1, out, &olen, out, olen+elen);	\
 +	ores = EVP_EncryptUpdate(evpctx[1], out, &olen, out, olen+elen);	\
 	assert(ores);						\
 -	ores = EVP_EncryptFinal(evpctx+1, out+olen, &elen);	\
 +	ores = EVP_EncryptFinal(evpctx[1], out+olen, &elen);	\
 	assert(ores);						\
 	*flen = olen+elen;					\
 	if (pad == PAD_ASNEEDED && !(len&15))			\
 		*flen -= 16;					\
 	if (IV)							\
 -		memcpy(iv, evpctx->iv, 16);			\
 +		memcpy(iv, EVP_CIPHER_CTX_iv(evpctx[0]), 16);	\
 	return (pad == PAD_ALWAYS || (len&15))? 16-(len&15): 0;	\
 };								\
 int  AES_OSSL_##BITCHAIN##_DecryptX2(const unsigned char* ctx, unsigned int rounds,	\
@@ -278,54 +282,52 @@ int  AES_OSSL_##BITCHAIN##_DecryptX2(con
 {								\
 	int olen, elen, ores;					\
 	int rlen = (len&15)? len+16-(len&15): len;		\
 -	EVP_CIPHER_CTX *evpctx = (EVP_CIPHER_CTX*)ctx;		\
 -	EVP_DecryptInit(evpctx+1, NULL, NULL, NULL);		\
 -	EVP_DecryptInit(evpctx, NULL, NULL, NULL);		\
 -	EVP_CIPHER_CTX_set_padding(evpctx+1, 0);		\
 -	EVP_CIPHER_CTX_set_padding(evpctx, pad==PAD_ASNEEDED? 0: pad);	\
 +	EVP_CIPHER_CTX **evpctx = (EVP_CIPHER_CTX**)ctx;	\
 +	EVP_CIPHER_CTX_set_padding(evpctx[1], 0);		\
 +	EVP_CIPHER_CTX_set_padding(evpctx[0], pad==PAD_ASNEEDED? 0: pad);	\
 	if (IV) {						\
 -		memcpy((evpctx+1)->oiv, iv, 16); memcpy((evpctx+1)->iv, iv, 16);	\
 -		memcpy(evpctx->oiv, iv, 16); memcpy(evpctx->iv, iv, 16);		\
 +		memcpy(EVP_CIPHER_CTX_original_iv(evpctx[1]), iv, 16); memcpy(EVP_CIPHER_CTX_iv_noconst(evpctx[1]), iv, 16);	\
 +		memcpy(EVP_CIPHER_CTX_original_iv(evpctx[0]), iv, 16); memcpy(EVP_CIPHER_CTX_iv_noconst(evpctx[0]), iv, 16);	\
 	}							\
 -	ores = EVP_DecryptUpdate(evpctx+1, out, &olen, in, rlen);		\
 +	ores = EVP_DecryptUpdate(evpctx[1], out, &olen, in, rlen);		\
 	assert(ores);						\
 -	ores = EVP_DecryptFinal(evpctx+1, out+olen, &elen);	\
 +	ores = EVP_DecryptFinal(evpctx[1], out+olen, &elen);	\
 	assert(ores);						\
 	if (pad == PAD_ASNEEDED) {				\
 		int ilen = olen, olen1;				\
 		uchar buf[16];					\
 -		ores = EVP_DecryptUpdate(evpctx, out, &olen, out, ilen-16);	\
 +		ores = EVP_DecryptUpdate(evpctx[0], out, &olen, out, ilen-16);	\
 		assert(ores); assert(olen == ilen-16);		\
 		/* Save piece that gets overwritten */		\
 		memcpy(buf, out+olen, 16);			\
 -		EVP_CIPHER_CTX ctx2;				\
 -		memcpy(&ctx2, evpctx, sizeof(ctx2));		\
 -		EVP_CIPHER_CTX_set_padding(evpctx, 1);		\
 -		ores = EVP_DecryptUpdate(evpctx, out+olen, &olen1, out+ilen-16, 16);	\
 +		EVP_CIPHER_CTX *ctx2 = EVP_CIPHER_CTX_new();	\
 +		EVP_CIPHER_CTX_copy(ctx2, evpctx[0]);		\
 +		EVP_CIPHER_CTX_set_padding(evpctx[0], 1);	\
 +		ores = EVP_DecryptUpdate(evpctx[0], out+olen, &olen1, out+ilen-16, 16);	\
 		assert(ores); assert(!olen1);			\
 -		ores = EVP_DecryptFinal(evpctx, out+olen, &elen);		\
 +		ores = EVP_DecryptFinal(evpctx[0], out+olen, &elen);		\
 		if (!ores) {					\
 -			memcpy(evpctx, &ctx2, sizeof(ctx2));	\
 +			EVP_CIPHER_CTX_copy(evpctx[0], ctx2);	\
 			memcpy(out+olen, buf, 16);		\
 -			ores = EVP_DecryptUpdate(evpctx, out+olen, &olen1, out+ilen-16, 16);	\
 +			ores = EVP_DecryptUpdate(evpctx[0], out+olen, &olen1, out+ilen-16, 16);	\
 			assert(ores); assert(olen1 == 16);	\
 			olen += olen1;				\
 -			ores = EVP_DecryptFinal(evpctx, out+olen, &elen);	\
 +			ores = EVP_DecryptFinal(evpctx[0], out+olen, &elen);	\
 			assert(ores);				\
 		}						\
 -		memset(&ctx2, 0, sizeof(ctx2));			\
 +		EVP_CIPHER_CTX_free(ctx2);			\
 		asm("":::"memory");				\
 	} else {						\
 -		ores = EVP_DecryptUpdate(evpctx, out, &olen, out, olen+elen);	\
 -		assert(ores);						\
 -		ores = EVP_DecryptFinal(evpctx, out+olen, &elen);	\
 +		ores = EVP_DecryptUpdate(evpctx[0], out, &olen, out, olen+elen);	\
 +		assert(ores);					\
 +		ores = EVP_DecryptFinal(evpctx[0], out+olen, &elen);	\
 	}							\
 	if (pad)						\
 		*flen = olen+elen;				\
 	else							\
 		*flen = len;					\
 	if (IV)							\
 -		memcpy(iv, evpctx->iv, 16);			\
 +		memcpy(iv, EVP_CIPHER_CTX_iv(evpctx[0]), 16);	\
 	if (pad == PAD_ASNEEDED)				\
 		return (elen? 16-elen: 1);			\
 	return ores - 1;					\
@@ -333,9 +335,10 @@ int  AES_OSSL_##BITCHAIN##_DecryptX2(con
 void AES_OSSL_ReleaseX2(unsigned char *ctx, unsigned int rounds)
 {
 -	EVP_CIPHER_CTX *evpctx = (EVP_CIPHER_CTX*)ctx;
 -	EVP_CIPHER_CTX_cleanup(evpctx);
 -	EVP_CIPHER_CTX_cleanup(evpctx+1);
 +	EVP_CIPHER_CTX **evpctx = (EVP_CIPHER_CTX**)ctx;
 +	EVP_CIPHER_CTX_cleanup(evpctx[0]);
 +	EVP_CIPHER_CTX_cleanup(evpctx[1]);
 +	/* FIXME: free ? */
 }
 AES_OSSL_KEY_EX2(128, AES_128_ROUNDS, ecb);
@@ -365,22 +368,22 @@ AES_OSSL_CRYPT2(256_ECB, 0);
 void AES_OSSL_Blk_EncryptX2(const unsigned char *ctx, unsigned int rounds,
 			    const unsigned char *in, unsigned char *out)			
 {
 -	EVP_CIPHER_CTX *evpctx = (EVP_CIPHER_CTX*)ctx;
 +	EVP_CIPHER_CTX **evpctx = (EVP_CIPHER_CTX**)ctx;
 	int olen;
 	uchar blk[16];
 -	EVP_EncryptUpdate(evpctx, blk, &olen, in, 16);
 -	EVP_EncryptUpdate(evpctx+1, out, &olen, blk, olen);
 +	EVP_EncryptUpdate(evpctx[0], blk, &olen, in, 16);
 +	EVP_EncryptUpdate(evpctx[1], out, &olen, blk, olen);
 	memset(blk, 0, 16);
 	asm("":::"memory");
 }
 void AES_OSSL_Blk_DecryptX2(const unsigned char *ctx, unsigned int rounds,
 			    const unsigned char *in, unsigned char *out)			
 {
 -	EVP_CIPHER_CTX *evpctx = (EVP_CIPHER_CTX*)ctx;
 +	EVP_CIPHER_CTX **evpctx = (EVP_CIPHER_CTX**)ctx;
 	int olen;
 	uchar blk[16];
 -	EVP_DecryptUpdate(evpctx+1, blk, &olen, in, 16);
 -	EVP_DecryptUpdate(evpctx, out, &olen, blk, olen);
 +	EVP_DecryptUpdate(evpctx[1], blk, &olen, in, 16);
 +	EVP_DecryptUpdate(evpctx[0], out, &olen, blk, olen);
 	memset(blk, 0, 16);
 	asm("":::"memory");
 }
@@ -392,11 +395,11 @@ int  AES_OSSL_##BITS##_CBC_EncryptX2(con
 				     const unsigned char* in, unsigned char *out,	\
 	       			     ssize_t len, ssize_t *olen)			\
 {											\
 -	EVP_CIPHER_CTX *evpctx = (EVP_CIPHER_CTX*)ctx;					\
 -	EVP_EncryptInit(evpctx, NULL, NULL, NULL);					\
 -	EVP_EncryptInit(evpctx+1, NULL, NULL, NULL);					\
 -	EVP_CIPHER_CTX_set_padding(evpctx, 0);						\
 -	EVP_CIPHER_CTX_set_padding(evpctx+1, 0);					\
 +	EVP_CIPHER_CTX **evpctx = (EVP_CIPHER_CTX**)ctx;				\
 +	EVP_EncryptInit(evpctx[0], NULL, NULL, NULL);					\
 +	EVP_EncryptInit(evpctx[1], NULL, NULL, NULL);					\
 +	EVP_CIPHER_CTX_set_padding(evpctx[0], 0);					\
 +	EVP_CIPHER_CTX_set_padding(evpctx[1], 0);					\
 	return AES_Gen_CBC_Enc(AES_OSSL_Blk_EncryptX2, ctx, rounds, iv, pad, in, out, len, olen);	\
 };											\
 int  AES_OSSL_##BITS##_CBC_DecryptX2(const unsigned char *ctx, unsigned int rounds,	\
@@ -404,11 +407,9 @@ int  AES_OSSL_##BITS##_CBC_DecryptX2(con
 				     const unsigned char* in, unsigned char *out,	\
 	       			     ssize_t len, ssize_t *olen)			\
 {											\
 -	EVP_CIPHER_CTX *evpctx = (EVP_CIPHER_CTX*)ctx;					\
 -	EVP_DecryptInit(evpctx+1, NULL, NULL, NULL);					\
 -	EVP_DecryptInit(evpctx, NULL, NULL, NULL);					\
 -	EVP_CIPHER_CTX_set_padding(evpctx+1, 0);					\
 -	EVP_CIPHER_CTX_set_padding(evpctx, 0);						\
 +	EVP_CIPHER_CTX **evpctx = (EVP_CIPHER_CTX**)ctx;				\
 +	EVP_CIPHER_CTX_set_padding(evpctx[1], 0);					\
 +	EVP_CIPHER_CTX_set_padding(evpctx[0], 0);					\
 	return AES_Gen_CBC_Dec(AES_OSSL_Blk_DecryptX2, ctx, rounds, iv, pad, in, out, len, olen);	\
 }
@@ -424,11 +425,11 @@ int  AES_OSSL_##BITS##_CTR_CryptX2(const
 	       			     ssize_t len, ssize_t *olen)			\
 {											\
 	*olen = len;									\
 -	EVP_CIPHER_CTX *evpctx = (EVP_CIPHER_CTX*)ctx;					\
 -	EVP_EncryptInit(evpctx, NULL, NULL, NULL);					\
 -	EVP_EncryptInit(evpctx+1, NULL, NULL, NULL);					\
 -	EVP_CIPHER_CTX_set_padding(evpctx, 0);						\
 -	EVP_CIPHER_CTX_set_padding(evpctx+1, 0);					\
 +	EVP_CIPHER_CTX **evpctx = (EVP_CIPHER_CTX**)ctx;				\
 +	EVP_EncryptInit(evpctx[0], NULL, NULL, NULL);					\
 +	EVP_EncryptInit(evpctx[1], NULL, NULL, NULL);					\
 +	EVP_CIPHER_CTX_set_padding(evpctx[0], 0);					\
 +	EVP_CIPHER_CTX_set_padding(evpctx[1], 0);					\
 	return AES_Gen_CTR_Crypt(AES_OSSL_Blk_EncryptX2, ctx, rounds, iv, in, out, len);\
 }
@@ -437,8 +438,8 @@ AES_OSSL_DECL_CTR_X2(192);
 AES_OSSL_DECL_CTR_X2(256);
 -#define EVP_CTX_SZ sizeof(EVP_CIPHER_CTX)
 -#define EVP_CTX_SZX2 2*sizeof(EVP_CIPHER_CTX)
 +#define EVP_CTX_SZ sizeof(EVP_CIPHER_CTX*)
 +#define EVP_CTX_SZX2 2*sizeof(EVP_CIPHER_CTX*)
 ciph_desc_t AES_OSSL_Methods[] = {
 				 {"AES128-ECB"  , 128, 10, 16, EVP_CTX_SZ, &aes_stream_ecb,
--- a/dd_rescue.changes
+++ b/dd_rescue.changes
@ -1,3 +1,14 @@
 -------------------------------------------------------------------
 Sun Dec  3 22:11:29 CET 2017 - kurt@garloff.de
 - Update to 1.99.8:
  * Support openssl-1.1 (patch from Marcus Meissner)
  * cryptalgo->recycle to reuse crypto context (neeeded for openssl)
  * Fix memleak in test_aes
  * Use test_aes in check target to ensure all algorithms work
  * Use std probe mech in test_aes, so we don't fail with SIGILL
  * Fix build without openssl
 -------------------------------------------------------------------
 Wed Nov 29 17:25:01 UTC 2017 - meissner@suse.com
--- a/dd_rescue.spec
+++ b/dd_rescue.spec
@ -17,7 +17,7 @@
 Name:           dd_rescue
-Version:        1.99.7
+Version:        1.99.8
 Release:        0
 Summary:        Data copying in the presence of I/O Errors
 License:        GPL-2.0 or GPL-3.0
@ -27,14 +27,15 @@ Source0:        http://garloff.de/kurt/linux/ddrescue/%{name}-%{version}.tar.bz2
 Source1:        http://garloff.de/kurt/linux/ddrescue/%{name}-%{version}.tar.bz2.asc
 Source2:        %{name}.keyring
 Source99:       %{name}.changes
 Patch0:         dd_rescue-openssl11.patch
 BuildRequires:  autoconf
 BuildRequires:  libattr-devel
 %if 0%{?is_opensuse}
 BuildRequires:  libfallocate-devel
 %endif
 BuildRequires:  lzo-devel
 %if 0%{?suse_version} >= 1200
 BuildRequires:  lzop
 %endif
 BuildRequires:  pkgconfig
 BuildRequires:  python
 Requires:       bc
@ -46,7 +47,8 @@ Recommends:     libfallocate0
 Provides:       ddrescue = %{version}
 Obsoletes:      ddrescue < %{version}
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
-BuildRequires:  pkgconfig(libcrypto)
+#BuildRequires:  pkgconfig(libcrypto)
 BuildRequires:	libopenssl-devel
 %description
 dd_rescue helps when nothing else can: your disk has crashed and you
@ -111,9 +113,6 @@ data to the decompressor; the plugin is still young and might expose bugs.
 %prep
 %setup -q
 if pkg-config --atleast-version=1.1.0 libssl; then
 %patch0 -p1
 fi
 # Remove build time references so build-compare can do its work
 FAKE_BUILDTIME=$(LC_ALL=C date -u -r %{SOURCE99} '+%%H:%%M')