Accepting request 503777 from home:dmolkentin:branches:Archiving
- Compile with OpenSSL 1.1 (bsc#1042637) - add patches: * dump-0.4b46-openssl-1.1.patch OBS-URL: https://build.opensuse.org/request/show/503777 OBS-URL: https://build.opensuse.org/package/show/Archiving/dump?expand=0&rev=21
This commit is contained in:
parent
a7b44b498a
commit
91a220157c
91
dump-0.4b46-openssl-1.1.patch
Normal file
91
dump-0.4b46-openssl-1.1.patch
Normal file
@ -0,0 +1,91 @@
|
||||
Index: dump-0.4b46/common/transformation_ssl.c
|
||||
===================================================================
|
||||
--- dump-0.4b46.orig/common/transformation_ssl.c
|
||||
+++ dump-0.4b46/common/transformation_ssl.c
|
||||
@@ -215,7 +215,10 @@ generateIV(Transformation *xform, unsign
|
||||
/* to be exposed to any attacker anyway. */
|
||||
*saltlen = 16;
|
||||
if (xform->enc == 1) {
|
||||
- RAND_pseudo_bytes(salt, *saltlen);
|
||||
+ if (!RAND_bytes(salt, *saltlen) != 1) {
|
||||
+ /* PRNG not sufficiently seeded */
|
||||
+ return -1;
|
||||
+ }
|
||||
}
|
||||
memcpy(ivbuffer, salt, 16);
|
||||
|
||||
@@ -274,7 +277,7 @@ ssl_compress(Transformation *xform, stru
|
||||
digestlen = sizeof(digest);
|
||||
|
||||
/* generate salt, put it in header */
|
||||
- generateIV(xform, salt, &saltlen, iv, &ivlen);
|
||||
+ generateIV(xform, salt, &saltlen, iv, &ivlen); /* TODO: check return value */
|
||||
memcpy(tpbin->buf, salt, saltlen);
|
||||
|
||||
/* compress the buffer first - increase the entropy */
|
||||
@@ -351,7 +354,7 @@ ssl_decompress(Transformation *xform, st
|
||||
|
||||
// how to know salt length?
|
||||
memcpy(salt, src, saltlen);
|
||||
- generateIV(xform, salt, &saltlen, iv, &ivlen);
|
||||
+ generateIV(xform, salt, &saltlen, iv, &ivlen); /* TODO: check return value */
|
||||
|
||||
EVP_DecryptInit_ex(xform->state.ssl.dataCtx, xform->state.ssl.cipher, xform->state.ssl.engine, NULL, NULL);
|
||||
//EVP_CIPHER_CTX_set_key_length(&ctx, 8);
|
||||
@@ -515,7 +518,7 @@ Transformation
|
||||
//EVP_CIPHER_CTX_rand_key(ctx, t->state.ssl.key);
|
||||
//EVP_CIPHER_CTX_cleanup(ctx);
|
||||
//EVP_CIPHER_CTX_free(ctx);
|
||||
- RAND_bytes(t->state.ssl.key, t->state.ssl.cipher->key_len);
|
||||
+ RAND_bytes(t->state.ssl.key, EVP_CIPHER_key_length(t->state.ssl.cipher));
|
||||
} else {
|
||||
// how do we get keys?
|
||||
}
|
||||
Index: dump-0.4b46/rmt/cipher.c
|
||||
===================================================================
|
||||
--- dump-0.4b46.orig/rmt/cipher.c
|
||||
+++ dump-0.4b46/rmt/cipher.c
|
||||
@@ -23,7 +23,7 @@
|
||||
char *
|
||||
cipher(char *buf, int buflen, int do_encrypt)
|
||||
{
|
||||
- static EVP_CIPHER_CTX ctx;
|
||||
+ EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
|
||||
static char *out = NULL; /* return value, grown as necessary */
|
||||
static int outlen = 0;
|
||||
static int init = 0, which, blocksize;
|
||||
@@ -71,13 +71,13 @@ cipher(char *buf, int buflen, int do_enc
|
||||
}
|
||||
EVP_BytesToKey(cipher, EVP_md5(), NULL,
|
||||
buf, strlen(buf), 1, key, iv);
|
||||
- EVP_CIPHER_CTX_init(&ctx);
|
||||
- EVP_CipherInit_ex(&ctx, cipher, NULL, key, iv, do_encrypt);
|
||||
- EVP_CIPHER_CTX_set_padding(&ctx, 0); // -nopad
|
||||
+ EVP_CIPHER_CTX_init(ctx);
|
||||
+ EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, do_encrypt);
|
||||
+ EVP_CIPHER_CTX_set_padding(ctx, 0); // -nopad
|
||||
OPENSSL_cleanse(buf, sizeof buf);
|
||||
OPENSSL_cleanse(key, sizeof key);
|
||||
OPENSSL_cleanse(iv, sizeof iv);
|
||||
- blocksize = EVP_CIPHER_CTX_block_size(&ctx);
|
||||
+ blocksize = EVP_CIPHER_CTX_block_size(ctx);
|
||||
which = do_encrypt;
|
||||
init = 1;
|
||||
}
|
||||
@@ -95,7 +95,7 @@ cipher(char *buf, int buflen, int do_enc
|
||||
outlen = (buflen+blocksize) * 2;
|
||||
out = realloc(out, outlen);
|
||||
}
|
||||
- if (!EVP_CipherUpdate(&ctx, out, &n, buf, buflen)) {
|
||||
+ if (!EVP_CipherUpdate(ctx, out, &n, buf, buflen)) {
|
||||
syslog(LOG_ERR, "EVP_CipherUpdate failed");
|
||||
errno = EINVAL;
|
||||
return NULL;
|
||||
@@ -106,6 +106,7 @@ cipher(char *buf, int buflen, int do_enc
|
||||
return NULL;
|
||||
}
|
||||
// assert(ctx->buf_len == 0);
|
||||
+ EVP_CIPHER_CTX_free(ctx);
|
||||
return out;
|
||||
}
|
||||
|
@ -1,3 +1,10 @@
|
||||
-------------------------------------------------------------------
|
||||
Thu Jun 15 09:12:51 UTC 2017 - daniel.molkentin@suse.com
|
||||
|
||||
- Compile with OpenSSL 1.1 (bsc#1042637)
|
||||
- add patches:
|
||||
* dump-0.4b46-openssl-1.1.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Mar 27 11:43:24 UTC 2017 - mpluskal@suse.com
|
||||
|
||||
|
@ -36,6 +36,8 @@ Patch4: %{name}-0.4b43-fix-bashisms.patch
|
||||
# PATCH-FIX-UPSTREAM dump-0.4b46-lzo-no-return.patch svalx@svalx.net -- fixing rpmlint
|
||||
# no-return-in-nonvoid-function error in dump
|
||||
Patch5: %{name}-0.4b46-lzo-no-return.patch
|
||||
# PATCH-FIX-SUSE dump-0.4b46-pathnames.patch daniel.molkentin@suse.com -- openssl 1.1 support
|
||||
Patch6: %{name}-0.4b46-openssl-1.1.patch
|
||||
BuildRequires: autoconf
|
||||
BuildRequires: automake
|
||||
BuildRequires: e2fsprogs-devel
|
||||
@ -76,6 +78,7 @@ cp %{SOURCE1} rmt/
|
||||
%patch3
|
||||
%patch4 -p1
|
||||
%patch5 -p1
|
||||
%patch6 -p1
|
||||
|
||||
%build
|
||||
autoreconf -fiv
|
||||
|
Loading…
Reference in New Issue
Block a user