pool/libssh
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Updating link to change in openSUSE:Factory/libssh revision 49.0

Browse Source 
OBS-URL: https://build.opensuse.org/package/show/devel:libraries:c_c++/libssh?expand=0&rev=1894a1811f71c058d092d824d427ae9d
This commit is contained in:
OBS User buildservice-autocommit 2018-10-01 07:04:20 +00:00 committed by Git OBS Bridge
parent 0725c05bc2
commit e7298ce946
17 changed files with 154 additions and 1484 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

71
0001-cmake-Use-configure-check-for-CRYPTO_ctr128_encrypt.patch
View File

@ -1,71 +0,0 @@
From 3daf1760a18c091159338fc9077fa71bfbd726a1 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@cryptomilk.org>
Date: Sun, 6 Nov 2016 15:43:31 +0100
Subject: [PATCH] cmake: Use configure check for CRYPTO_ctr128_encrypt
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
---
ConfigureChecks.cmake | 4 ++++
config.h.cmake | 3 +++
src/libcrypto.c | 6 +++---
3 files changed, 10 insertions(+), 3 deletions(-)
Index: libssh-0.7.5/ConfigureChecks.cmake
===================================================================
--- libssh-0.7.5.orig/ConfigureChecks.cmake 2017-09-15 11:35:09.493600110 +0200
+++ libssh-0.7.5/ConfigureChecks.cmake 2017-09-15 11:35:09.505600299 +0200
@@ -95,6 +95,10 @@ if (OPENSSL_FOUND)
set(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR})
set(CMAKE_REQUIRED_LIBRARIES ${OPENSSL_CRYPTO_LIBRARY})
check_function_exists(CRYPTO_THREADID_set_callback HAVE_OPENSSL_CRYPTO_THREADID_SET_CALLBACK)
+
+ set(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR})
+ set(CMAKE_REQUIRED_LIBRARIES ${OPENSSL_CRYPTO_LIBRARY})
+ check_function_exists(CRYPTO_ctr128_encrypt HAVE_OPENSSL_CRYPTO_CTR128_ENCRYPT)
endif()
if (CMAKE_HAVE_PTHREAD_H)
Index: libssh-0.7.5/config.h.cmake
===================================================================
--- libssh-0.7.5.orig/config.h.cmake 2017-09-15 11:35:09.493600110 +0200
+++ libssh-0.7.5/config.h.cmake 2017-09-15 11:35:09.505600299 +0200
@@ -79,6 +79,9 @@
/* Define to 1 if you have the `CRYPTO_THREADID_set_callback' function. */
#cmakedefine HAVE_OPENSSL_CRYPTO_THREADID_SET_CALLBACK 1
+/* Define to 1 if you have the `CRYPTO_ctr128_encrypt' function. */
+#cmakedefine HAVE_OPENSSL_CRYPTO_CTR128_ENCRYPT 1
+
/* Define to 1 if you have the `snprintf' function. */
#cmakedefine HAVE_SNPRINTF 1
Index: libssh-0.7.5/src/libcrypto.c
===================================================================
--- libssh-0.7.5.orig/src/libcrypto.c 2017-09-15 11:35:09.473599793 +0200
+++ libssh-0.7.5/src/libcrypto.c 2017-09-15 11:35:09.505600299 +0200
@@ -41,6 +41,8 @@
#include <openssl/dsa.h>
#include <openssl/rsa.h>
#include <openssl/hmac.h>
+#include <openssl/evp.h>
+#include <openssl/modes.h>
#include <openssl/opensslv.h>
#include <openssl/rand.h>
#include "libcrypto-compat.h"
@@ -458,11 +460,12 @@ static void aes_ctr128_encrypt(struct ss
* Same for num, which is being used to store the current offset in blocksize in CTR
* function.
*/
-# if OPENSSL_VERSION_NUMBER >= 0x10100000L
- CRYPTO_ctr128_encrypt(in, out, len, &cipher->aes_key->key, cipher->aes_key->IV, tmp_buffer, &num, (block128_f)AES_encrypt);
-# else
+#ifdef HAVE_OPENSSL_CRYPTO_CTR128_ENCRYPT
+ CRYPTO_ctr128_encrypt(in, out, len, cipher->key, cipher->IV, tmp_buffer, &num, (block128_f)AES_encrypt);
+#else
+
AES_ctr128_encrypt(in, out, len, cipher->key, cipher->IV, tmp_buffer, &num);
-# endif /* OPENSSL_VERSION_NUMBER >= 0x10100000L */
+#endif /* HAVE_OPENSSL_CRYPTO_CTR128_ENCRYPT */
}
#endif /* BROKEN_AES_CTR */
#endif /* HAS_AES */

32
0001-config-Bugfix-Dont-skip-unseen-opcodes.patch
View File

@ -1,32 +0,0 @@
From 5333be5988c3789e7011598995f4df90d50d84d0 Mon Sep 17 00:00:00 2001
From: "Artyom V. Poptsov" <poptsov.artyom@gmail.com>
Date: Sun, 4 Jun 2017 11:54:55 +0300
Subject: config: Bugfix: Don't skip unseen opcodes
libssh fails to read the configuration from a config file due to a
wrong check in 'ssh_config_parse_line' procedure in 'config.c'; it's
effectively skipping every opcode (and therefore every option) from
the file. The change fixes that behaviour.
Signed-off-by: Artyom V. Poptsov <poptsov.artyom@gmail.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
---
src/config.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/config.c b/src/config.c
index 6478fc5f..519926e7 100644
--- a/src/config.c
+++ b/src/config.c
@@ -219,7 +219,7 @@ static int ssh_config_parse_line(ssh_session session, const char *line,
opcode = ssh_config_get_opcode(keyword);
if (*parsing == 1 && opcode != SOC_HOST) {
- if (seen[opcode] == 0) {
+ if (seen[opcode] != 0) {
return 0;
}
seen[opcode] = 1;
--
cgit v1.1

40
0001-disable-timeout-test-on-slow-buildsystems.patch
View File

@ -1,8 +1,8 @@
Index: libssh-0.7.5/tests/unittests/torture_misc.c
Index: libssh-0.8.2/tests/unittests/torture_misc.c
===================================================================
--- libssh-0.7.5.orig/tests/unittests/torture_misc.c
+++ libssh-0.7.5/tests/unittests/torture_misc.c
@@ -180,11 +180,13 @@ static void torture_timeout_elapsed(void
--- libssh-0.8.2.orig/tests/unittests/torture_misc.c 2018-08-30 08:12:50.355846083 +0200
+++ libssh-0.8.2/tests/unittests/torture_misc.c 2018-08-30 08:12:54.831889573 +0200
@@ -197,11 +197,13 @@ static void torture_timeout_elapsed(void
(void) state;
ssh_timestamp_init(&ts);
usleep(50000);
@ -16,7 +16,7 @@ Index: libssh-0.7.5/tests/unittests/torture_misc.c
}
static void torture_timeout_update(void **state){
@@ -192,11 +194,13 @@ static void torture_timeout_update(void
@@ -209,11 +211,13 @@ static void torture_timeout_update(void
(void) state;
ssh_timestamp_init(&ts);
usleep(50000);
@ -29,27 +29,23 @@ Index: libssh-0.7.5/tests/unittests/torture_misc.c
+#endif /* SLOW_TEST_SYSTEM */
}
int torture_run_tests(void) {
Index: libssh-0.7.5/DefineOptions.cmake
static void torture_ssh_analyze_banner(void **state) {
Index: libssh-0.8.2/DefineOptions.cmake
===================================================================
--- libssh-0.7.5.orig/DefineOptions.cmake
+++ libssh-0.7.5/DefineOptions.cmake
@@ -14,6 +14,8 @@ option(WITH_CLIENT_TESTING "Build with c
option(WITH_BENCHMARKS "Build benchmarks tools" OFF)
option(WITH_EXAMPLES "Build examples" ON)
option(WITH_NACL "Build with libnacl (curve25519" ON)
--- libssh-0.8.2.orig/DefineOptions.cmake 2018-08-30 08:12:50.355846083 +0200
+++ libssh-0.8.2/DefineOptions.cmake 2018-08-30 08:13:25.020182668 +0200
@@ -20,6 +20,7 @@ option(WITH_SYMBOL_VERSIONING "Build wit
option(WITH_ABI_BREAK "Allow ABI break" OFF)
option(FUZZ_TESTING "Build with fuzzer for the server" OFF)
option(PICKY_DEVELOPER "Build with picky developer flags" OFF)
+option(SLOW_TEST_SYSTEM "Disable tests that fail on slow systems" OFF)
+
if (WITH_ZLIB)
set(WITH_LIBZ ON)
else (WITH_ZLIB)
@@ -30,4 +32,9 @@ endif (WITH_TESTING)
if (WITH_NACL)
set(WITH_NACL ON)
-endif (WITH_NACL)
\ No newline at end of file
+endif (WITH_NACL)
@@ -46,3 +47,8 @@ endif (WITH_NACL)
if (WITH_ABI_BREAK)
set(WITH_SYMBOL_VERSIONING ON)
endif (WITH_ABI_BREAK)
+
+if (SLOW_TEST_SYSTEM)
+ set (SLOW_TEST_SYSTEM ON)

421
0001-libcrypto-Introduce-a-libcrypto-compat-file.patch
View File

@ -1,421 +0,0 @@
From b6cfde8987d201e3cee942d3368e18545d6c28fb Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Wed, 2 Nov 2016 16:38:09 +0100
Subject: [PATCH] libcrypto: Introduce a libcrypto compat file
This is for OpenSSL 1.1.0 support.
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
---
src/CMakeLists.txt | 1 +
src/libcrypto-compat.c | 335 +++++++++++++++++++++++++++++++++++++++++++++++++
src/libcrypto-compat.h | 42 +++++++
3 files changed, 378 insertions(+)
create mode 100644 src/libcrypto-compat.c
create mode 100644 src/libcrypto-compat.h
diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt
index ab9f1843..3c22dfac 100644
--- a/src/CMakeLists.txt
+++ b/src/CMakeLists.txt
@@ -126,6 +126,7 @@ set(libssh_SRCS
known_hosts.c
legacy.c
libcrypto.c
+ libcrypto-compat.c
log.c
match.c
messages.c
diff --git a/src/libcrypto-compat.c b/src/libcrypto-compat.c
new file mode 100644
index 00000000..1f27dd5f
--- /dev/null
+++ b/src/libcrypto-compat.c
@@ -0,0 +1,335 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/opensslv.h>
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+
+#include <string.h>
+#include <openssl/engine.h>
+#include "libcrypto-compat.h"
+
+static void *OPENSSL_zalloc(size_t num)
+{
+ void *ret = OPENSSL_malloc(num);
+
+ if (ret != NULL)
+ memset(ret, 0, num);
+ return ret;
+}
+
+int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d)
+{
+ /* If the fields n and e in r are NULL, the corresponding input
+ * parameters MUST be non-NULL for n and e. d may be
+ * left NULL (in case only the public key is used).
+ */
+ if ((r->n == NULL && n == NULL)
+ || (r->e == NULL && e == NULL))
+ return 0;
+
+ if (n != NULL) {
+ BN_free(r->n);
+ r->n = n;
+ }
+ if (e != NULL) {
+ BN_free(r->e);
+ r->e = e;
+ }
+ if (d != NULL) {
+ BN_free(r->d);
+ r->d = d;
+ }
+
+ return 1;
+}
+
+int RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q)
+{
+ /* If the fields p and q in r are NULL, the corresponding input
+ * parameters MUST be non-NULL.
+ */
+ if ((r->p == NULL && p == NULL)
+ || (r->q == NULL && q == NULL))
+ return 0;
+
+ if (p != NULL) {
+ BN_free(r->p);
+ r->p = p;
+ }
+ if (q != NULL) {
+ BN_free(r->q);
+ r->q = q;
+ }
+
+ return 1;
+}
+
+int RSA_set0_crt_params(RSA *r, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp)
+{
+ /* If the fields dmp1, dmq1 and iqmp in r are NULL, the corresponding input
+ * parameters MUST be non-NULL.
+ */
+ if ((r->dmp1 == NULL && dmp1 == NULL)
+ || (r->dmq1 == NULL && dmq1 == NULL)
+ || (r->iqmp == NULL && iqmp == NULL))
+ return 0;
+
+ if (dmp1 != NULL) {
+ BN_free(r->dmp1);
+ r->dmp1 = dmp1;
+ }
+ if (dmq1 != NULL) {
+ BN_free(r->dmq1);
+ r->dmq1 = dmq1;
+ }
+ if (iqmp != NULL) {
+ BN_free(r->iqmp);
+ r->iqmp = iqmp;
+ }
+
+ return 1;
+}
+
+void RSA_get0_key(const RSA *r,
+ const BIGNUM **n, const BIGNUM **e, const BIGNUM **d)
+{
+ if (n != NULL)
+ *n = r->n;
+ if (e != NULL)
+ *e = r->e;
+ if (d != NULL)
+ *d = r->d;
+}
+
+void RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q)
+{
+ if (p != NULL)
+ *p = r->p;
+ if (q != NULL)
+ *q = r->q;
+}
+
+void RSA_get0_crt_params(const RSA *r,
+ const BIGNUM **dmp1, const BIGNUM **dmq1,
+ const BIGNUM **iqmp)
+{
+ if (dmp1 != NULL)
+ *dmp1 = r->dmp1;
+ if (dmq1 != NULL)
+ *dmq1 = r->dmq1;
+ if (iqmp != NULL)
+ *iqmp = r->iqmp;
+}
+
+void DSA_get0_pqg(const DSA *d,
+ const BIGNUM **p, const BIGNUM **q, const BIGNUM **g)
+{
+ if (p != NULL)
+ *p = d->p;
+ if (q != NULL)
+ *q = d->q;
+ if (g != NULL)
+ *g = d->g;
+}
+
+int DSA_set0_pqg(DSA *d, BIGNUM *p, BIGNUM *q, BIGNUM *g)
+{
+ /* If the fields p, q and g in d are NULL, the corresponding input
+ * parameters MUST be non-NULL.
+ */
+ if ((d->p == NULL && p == NULL)
+ || (d->q == NULL && q == NULL)
+ || (d->g == NULL && g == NULL))
+ return 0;
+
+ if (p != NULL) {
+ BN_free(d->p);
+ d->p = p;
+ }
+ if (q != NULL) {
+ BN_free(d->q);
+ d->q = q;
+ }
+ if (g != NULL) {
+ BN_free(d->g);
+ d->g = g;
+ }
+
+ return 1;
+}
+
+void DSA_get0_key(const DSA *d,
+ const BIGNUM **pub_key, const BIGNUM **priv_key)
+{
+ if (pub_key != NULL)
+ *pub_key = d->pub_key;
+ if (priv_key != NULL)
+ *priv_key = d->priv_key;
+}
+
+int DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key)
+{
+ /* If the field pub_key in d is NULL, the corresponding input
+ * parameters MUST be non-NULL. The priv_key field may
+ * be left NULL.
+ */
+ if (d->pub_key == NULL && pub_key == NULL)
+ return 0;
+
+ if (pub_key != NULL) {
+ BN_free(d->pub_key);
+ d->pub_key = pub_key;
+ }
+ if (priv_key != NULL) {
+ BN_free(d->priv_key);
+ d->priv_key = priv_key;
+ }
+
+ return 1;
+}
+
+void DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps)
+{
+ if (pr != NULL)
+ *pr = sig->r;
+ if (ps != NULL)
+ *ps = sig->s;
+}
+
+int DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s)
+{
+ if (r == NULL || s == NULL)
+ return 0;
+ BN_clear_free(sig->r);
+ BN_clear_free(sig->s);
+ sig->r = r;
+ sig->s = s;
+ return 1;
+}
+
+void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps)
+{
+ if (pr != NULL)
+ *pr = sig->r;
+ if (ps != NULL)
+ *ps = sig->s;
+}
+
+int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s)
+{
+ if (r == NULL || s == NULL)
+ return 0;
+ BN_clear_free(sig->r);
+ BN_clear_free(sig->s);
+ sig->r = r;
+ sig->s = s;
+ return 1;
+}
+
+EVP_MD_CTX *EVP_MD_CTX_new(void)
+{
+ return OPENSSL_zalloc(sizeof(EVP_MD_CTX));
+}
+
+static void OPENSSL_clear_free(void *str, size_t num)
+{
+ if (str == NULL)
+ return;
+ if (num)
+ OPENSSL_cleanse(str, num);
+ OPENSSL_free(str);
+}
+
+/* This call frees resources associated with the context */
+int EVP_MD_CTX_reset(EVP_MD_CTX *ctx)
+{
+ if (ctx == NULL)
+ return 1;
+
+ /*
+ * Don't assume ctx->md_data was cleaned in EVP_Digest_Final, because
+ * sometimes only copies of the context are ever finalised.
+ */
+ if (ctx->digest && ctx->digest->cleanup
+ && !EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_CLEANED))
+ ctx->digest->cleanup(ctx);
+ if (ctx->digest && ctx->digest->ctx_size && ctx->md_data
+ && !EVP_MD_CTX_test_flags(ctx, EVP_MD_CTX_FLAG_REUSE)) {
+ OPENSSL_clear_free(ctx->md_data, ctx->digest->ctx_size);
+ }
+ EVP_PKEY_CTX_free(ctx->pctx);
+#ifndef OPENSSL_NO_ENGINE
+ ENGINE_finish(ctx->engine);
+#endif
+ OPENSSL_cleanse(ctx, sizeof(*ctx));
+
+ return 1;
+}
+
+void EVP_MD_CTX_free(EVP_MD_CTX *ctx)
+{
+ EVP_MD_CTX_reset(ctx);
+ OPENSSL_free(ctx);
+}
+
+HMAC_CTX *HMAC_CTX_new(void)
+{
+ HMAC_CTX *ctx = OPENSSL_zalloc(sizeof(HMAC_CTX));
+
+ if (ctx != NULL) {
+ if (!HMAC_CTX_reset(ctx)) {
+ HMAC_CTX_free(ctx);
+ return NULL;
+ }
+ }
+ return ctx;
+}
+
+static void hmac_ctx_cleanup(HMAC_CTX *ctx)
+{
+ EVP_MD_CTX_reset(&ctx->i_ctx);
+ EVP_MD_CTX_reset(&ctx->o_ctx);
+ EVP_MD_CTX_reset(&ctx->md_ctx);
+ ctx->md = NULL;
+ ctx->key_length = 0;
+ OPENSSL_cleanse(ctx->key, sizeof(ctx->key));
+}
+
+void HMAC_CTX_free(HMAC_CTX *ctx)
+{
+ if (ctx != NULL) {
+ hmac_ctx_cleanup(ctx);
+ EVP_MD_CTX_free(&ctx->i_ctx);
+ EVP_MD_CTX_free(&ctx->o_ctx);
+ EVP_MD_CTX_free(&ctx->md_ctx);
+ OPENSSL_free(ctx);
+ }
+}
+
+int HMAC_CTX_reset(HMAC_CTX *ctx)
+{
+ HMAC_CTX_init(ctx);
+ return 1;
+}
+
+EVP_CIPHER_CTX *EVP_CIPHER_CTX_new(void)
+{
+ return OPENSSL_zalloc(sizeof(EVP_CIPHER_CTX));
+}
+
+void EVP_CIPHER_CTX_free(EVP_CIPHER_CTX *ctx)
+{
+ /* EVP_CIPHER_CTX_reset(ctx); alias */
+ EVP_CIPHER_CTX_init(ctx);
+ OPENSSL_free(ctx);
+}
+
+#else
+typedef int iso_c_forbids_an_empty_source_file;
+#endif /* OPENSSL_VERSION_NUMBER */
diff --git a/src/libcrypto-compat.h b/src/libcrypto-compat.h
new file mode 100644
index 00000000..21542c65
--- /dev/null
+++ b/src/libcrypto-compat.h
@@ -0,0 +1,42 @@
+#ifndef LIBCRYPTO_COMPAT_H
+#define LIBCRYPTO_COMPAT_H
+
+#include <openssl/opensslv.h>
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+
+#include <openssl/rsa.h>
+#include <openssl/dsa.h>
+#include <openssl/ecdsa.h>
+#include <openssl/dh.h>
+#include <openssl/evp.h>
+#include <openssl/hmac.h>
+
+int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d);
+int RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q);
+int RSA_set0_crt_params(RSA *r, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp);
+void RSA_get0_key(const RSA *r, const BIGNUM **n, const BIGNUM **e, const BIGNUM **d);
+void RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q);
+void RSA_get0_crt_params(const RSA *r, const BIGNUM **dmp1, const BIGNUM **dmq1, const BIGNUM **iqmp);
+
+void DSA_get0_pqg(const DSA *d, const BIGNUM **p, const BIGNUM **q, const BIGNUM **g);
+int DSA_set0_pqg(DSA *d, BIGNUM *p, BIGNUM *q, BIGNUM *g);
+void DSA_get0_key(const DSA *d, const BIGNUM **pub_key, const BIGNUM **priv_key);
+int DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key);
+
+void DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps);
+int DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s);
+
+void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps);
+int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s);
+
+int EVP_MD_CTX_reset(EVP_MD_CTX *ctx);
+EVP_MD_CTX *EVP_MD_CTX_new(void);
+void EVP_MD_CTX_free(EVP_MD_CTX *ctx);
+
+HMAC_CTX *HMAC_CTX_new(void);
+int HMAC_CTX_reset(HMAC_CTX *ctx);
+void HMAC_CTX_free(HMAC_CTX *ctx);
+
+#endif /* OPENSSL_VERSION_NUMBER */
+
+#endif /* LIBCRYPTO_COMPAT_H */
--
2.13.5

29
0001-libcrypto-Remove-AES_ctr128_encrypt.patch
View File

@ -1,29 +0,0 @@
From d73f665edddfaa8f5a51e4c294d205f6e60a5854 Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Wed, 2 Nov 2016 16:20:46 +0100
Subject: [PATCH] libcrypto: Remove AES_ctr128_encrypt()
This is for OpenSSL 1.1.0.
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
---
src/libcrypto.c | 4 ++++
1 file changed, 4 insertions(+)
Index: libssh-0.7.5/src/libcrypto.c
===================================================================
--- libssh-0.7.5.orig/src/libcrypto.c 2017-08-22 09:33:23.362303166 +0200
+++ libssh-0.7.5/src/libcrypto.c 2017-08-22 09:34:19.763181332 +0200
@@ -455,7 +455,11 @@ static void aes_ctr128_encrypt(struct ss
* Same for num, which is being used to store the current offset in blocksize in CTR
* function.
*/
+# if OPENSSL_VERSION_NUMBER >= 0x10100000L
+ CRYPTO_ctr128_encrypt(in, out, len, &cipher->aes_key->key, cipher->aes_key->IV, tmp_buffer, &num, (block128_f)AES_encrypt);
+# else
AES_ctr128_encrypt(in, out, len, cipher->key, cipher->IV, tmp_buffer, &num);
+# endif /* OPENSSL_VERSION_NUMBER >= 0x10100000L */
}
#endif /* BROKEN_AES_CTR */
#endif /* HAS_AES */

29
0001-libcrypto-Use-a-pointer-for-EVP_CIPHER_CTX.patch
View File

@ -1,29 +0,0 @@
From 5d2e9ee66efb6bae9941987cc09a98867ae9ba6d Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Sat, 5 Nov 2016 16:54:02 +0100
Subject: [PATCH] libcrypto: Use a pointer for EVP_CIPHER_CTX
This has been made opaque and it needs to be a pointer.
This is for OpenSSL 1.1.0 support.
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
---
include/libssh/crypto.h | 2 +-
src/libcrypto.c | 23 ++++++++++++++---------
src/wrapper.c | 3 +++
3 files changed, 18 insertions(+), 10 deletions(-)
Index: libssh-0.7.5/src/libcrypto.c
===================================================================
--- libssh-0.7.5.orig/src/libcrypto.c 2017-09-15 11:28:54.851673060 +0200
+++ libssh-0.7.5/src/libcrypto.c 2017-09-15 11:28:56.863704697 +0200
@@ -43,6 +43,7 @@
#include <openssl/hmac.h>
#include <openssl/opensslv.h>
#include <openssl/rand.h>
+#include "libcrypto-compat.h"
#ifdef HAVE_OPENSSL_AES_H
#define HAS_AES

45
0001-libcrypto-Use-a-pointer-for-EVP_MD_CTX.patch
View File

@ -1,45 +0,0 @@
From 607c671f67de2443e39ef571122c0c0e0d150e3a Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Sat, 5 Nov 2016 16:52:41 +0100
Subject: [PATCH] libcrypto: Use a pointer for EVP_MD_CTX
This is for OpenSSL 1.1.0 support.
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
---
src/libcrypto.c | 11 ++++++-----
1 file changed, 6 insertions(+), 5 deletions(-)
diff --git a/src/libcrypto.c b/src/libcrypto.c
index 64c92eaa..622b4470 100644
--- a/src/libcrypto.c
+++ b/src/libcrypto.c
@@ -135,18 +135,19 @@ static const EVP_MD *nid_to_evpmd(int nid)
void evp(int nid, unsigned char *digest, int len, unsigned char *hash, unsigned int *hlen)
{
const EVP_MD *evp_md = nid_to_evpmd(nid);
- EVP_MD_CTX md;
+ EVP_MD_CTX *md = EVP_MD_CTX_new();
- EVP_DigestInit(&md, evp_md);
- EVP_DigestUpdate(&md, digest, len);
- EVP_DigestFinal(&md, hash, hlen);
+ EVP_DigestInit(md, evp_md);
+ EVP_DigestUpdate(md, digest, len);
+ EVP_DigestFinal(md, hash, hlen);
+ EVP_MD_CTX_free(md);
}
EVPCTX evp_init(int nid)
{
const EVP_MD *evp_md = nid_to_evpmd(nid);
- EVPCTX ctx = malloc(sizeof(EVP_MD_CTX));
+ EVPCTX ctx = EVP_MD_CTX_new();
if (ctx == NULL) {
return NULL;
}
--
2.13.5

70
0001-libcrypto-Use-newer-API-for-HMAC.patch
View File

@ -1,70 +0,0 @@
From cf1e808e2ffa1f26644fb5d2cb82a919f323deba Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Sat, 5 Nov 2016 16:51:05 +0100
Subject: [PATCH] libcrypto: Use newer API for HMAC
This is for OpenSSL 1.1.0 support.
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
---
src/libcrypto.c | 17 +++++++++--------
1 file changed, 9 insertions(+), 8 deletions(-)
diff --git a/src/libcrypto.c b/src/libcrypto.c
index 19065bd6..64c92eaa 100644
--- a/src/libcrypto.c
+++ b/src/libcrypto.c
@@ -378,32 +378,33 @@ void ssh_mac_final(unsigned char *md, ssh_mac_ctx ctx) {
HMACCTX hmac_init(const void *key, int len, enum ssh_hmac_e type) {
HMACCTX ctx = NULL;
- ctx = malloc(sizeof(*ctx));
+ ctx = HMAC_CTX_new();
if (ctx == NULL) {
return NULL;
}
#ifndef OLD_CRYPTO
- HMAC_CTX_init(ctx); // openssl 0.9.7 requires it.
+ HMAC_CTX_reset(ctx); // openssl 0.9.7 requires it.
#endif
switch(type) {
case SSH_HMAC_SHA1:
- HMAC_Init(ctx, key, len, EVP_sha1());
+ HMAC_Init_ex(ctx, key, len, EVP_sha1(), NULL);
break;
case SSH_HMAC_SHA256:
- HMAC_Init(ctx, key, len, EVP_sha256());
+ HMAC_Init_ex(ctx, key, len, EVP_sha256(), NULL);
break;
case SSH_HMAC_SHA384:
- HMAC_Init(ctx, key, len, EVP_sha384());
+ HMAC_Init_ex(ctx, key, len, EVP_sha384(), NULL);
break;
case SSH_HMAC_SHA512:
- HMAC_Init(ctx, key, len, EVP_sha512());
+ HMAC_Init_ex(ctx, key, len, EVP_sha512(), NULL);
break;
case SSH_HMAC_MD5:
- HMAC_Init(ctx, key, len, EVP_md5());
+ HMAC_Init_ex(ctx, key, len, EVP_md5(), NULL);
break;
default:
+ HMAC_CTX_free(ctx);
SAFE_FREE(ctx);
ctx = NULL;
}
@@ -419,7 +420,7 @@ void hmac_final(HMACCTX ctx, unsigned char *hashmacbuf, unsigned int *len) {
HMAC_Final(ctx,hashmacbuf,len);
#ifndef OLD_CRYPTO
- HMAC_CTX_cleanup(ctx);
+ HMAC_CTX_reset(ctx);
#else
HMAC_cleanup(ctx);
#endif
--
2.13.5

601
0001-pki_crypto-Use-getters-and-setters-for-opaque-keys-a.patch
View File

@ -1,601 +0,0 @@
From 3341f49a49a07cbce003e487ef24a2042e800f01 Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Wed, 2 Nov 2016 17:02:58 +0100
Subject: [PATCH] pki_crypto: Use getters and setters for opaque keys and
signatures
This is for OpenSSL 1.1.0 support.
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
---
src/pki_crypto.c | 295 ++++++++++++++++++++++++++++++++++++++-----------------
1 file changed, 203 insertions(+), 92 deletions(-)
Index: libssh-0.7.5/src/pki_crypto.c
===================================================================
--- libssh-0.7.5.orig/src/pki_crypto.c 2017-09-15 10:23:38.677834792 +0200
+++ libssh-0.7.5/src/pki_crypto.c 2017-09-15 10:25:38.983736682 +0200
@@ -31,6 +31,7 @@
#include <openssl/dsa.h>
#include <openssl/err.h>
#include <openssl/rsa.h>
+#include "libcrypto-compat.h"
#ifdef HAVE_OPENSSL_EC_H
#include <openssl/ec.h>
@@ -230,7 +231,10 @@ ssh_key pki_key_dup(const ssh_key key, i
}
switch (key->type) {
- case SSH_KEYTYPE_DSS:
+ case SSH_KEYTYPE_DSS: {
+ const BIGNUM *p = NULL, *q = NULL, *g = NULL,
+ *pub_key = NULL, *priv_key = NULL;
+ BIGNUM *np, *nq, *ng, *npub_key, *npriv_key;
new->dsa = DSA_new();
if (new->dsa == NULL) {
goto fail;
@@ -243,36 +247,54 @@ ssh_key pki_key_dup(const ssh_key key, i
* pub_key = public key y = g^x
* priv_key = private key x
*/
- new->dsa->p = BN_dup(key->dsa->p);
- if (new->dsa->p == NULL) {
+ DSA_get0_pqg(key->dsa, &p, &q, &g);
+ np = BN_dup(p);
+ nq = BN_dup(q);
+ ng = BN_dup(g);
+ if (np == NULL || nq == NULL || ng == NULL) {
+ BN_free(np);
+ BN_free(nq);
+ BN_free(ng);
goto fail;
}
- new->dsa->q = BN_dup(key->dsa->q);
- if (new->dsa->q == NULL) {
+ rc = DSA_set0_pqg(new->dsa, np, nq, ng);
+ if (rc == 0) {
+ BN_free(np);
+ BN_free(nq);
+ BN_free(ng);
goto fail;
}
- new->dsa->g = BN_dup(key->dsa->g);
- if (new->dsa->g == NULL) {
+ DSA_get0_key(key->dsa, &pub_key, &priv_key);
+ npub_key = BN_dup(pub_key);
+ if (npub_key == NULL) {
goto fail;
}
- new->dsa->pub_key = BN_dup(key->dsa->pub_key);
- if (new->dsa->pub_key == NULL) {
+ rc = DSA_set0_key(new->dsa, npub_key, NULL);
+ if (rc == 0) {
goto fail;
}
if (!demote && (key->flags & SSH_KEY_FLAG_PRIVATE)) {
- new->dsa->priv_key = BN_dup(key->dsa->priv_key);
- if (new->dsa->priv_key == NULL) {
+ npriv_key = BN_dup(priv_key);
+ if (npriv_key == NULL) {
+ goto fail;
+ }
+
+ rc = DSA_set0_key(new->dsa, NULL, npriv_key);
+ if (rc == 0) {
goto fail;
}
}
break;
+ }
case SSH_KEYTYPE_RSA:
- case SSH_KEYTYPE_RSA1:
+ case SSH_KEYTYPE_RSA1: {
+ const BIGNUM *n = NULL, *e = NULL, *d = NULL;
+ BIGNUM *nn, *ne, *nd;
new->rsa = RSA_new();
if (new->rsa == NULL) {
goto fail;
@@ -288,62 +310,82 @@ ssh_key pki_key_dup(const ssh_key key, i
* dmq1 = d mod (q-1)
* iqmp = q^-1 mod p
*/
- new->rsa->n = BN_dup(key->rsa->n);
- if (new->rsa->n == NULL) {
+ RSA_get0_key(key->rsa, &n, &e, &d);
+ nn = BN_dup(n);
+ ne = BN_dup(e);
+ if (nn == NULL || ne == NULL) {
+ BN_free(nn);
+ BN_free(ne);
goto fail;
}
- new->rsa->e = BN_dup(key->rsa->e);
- if (new->rsa->e == NULL) {
+ rc = RSA_set0_key(new->rsa, nn, ne, NULL);
+ if (rc == 0) {
+ BN_free(nn);
+ BN_free(ne);
goto fail;
}
if (!demote && (key->flags & SSH_KEY_FLAG_PRIVATE)) {
- new->rsa->d = BN_dup(key->rsa->d);
- if (new->rsa->d == NULL) {
+ const BIGNUM *p = NULL, *q = NULL, *dmp1 = NULL,
+ *dmq1 = NULL, *iqmp = NULL;
+ BIGNUM *np, *nq, *ndmp1, *ndmq1, *niqmp;
+
+ nd = BN_dup(d);
+ if (nd == NULL) {
+ goto fail;
+ }
+
+ rc = RSA_set0_key(new->rsa, NULL, NULL, nd);
+ if (rc == 0) {
goto fail;
}
/* p, q, dmp1, dmq1 and iqmp may be NULL in private keys, but the
* RSA operations are much faster when these values are available.
*/
- if (key->rsa->p != NULL) {
- new->rsa->p = BN_dup(key->rsa->p);
- if (new->rsa->p == NULL) {
+ RSA_get0_factors(key->rsa, &p, &q);
+ if (p != NULL && q != NULL) { /* need to set both of them */
+ np = BN_dup(p);
+ nq = BN_dup(q);
+ if (np == NULL || nq == NULL) {
+ BN_free(np);
+ BN_free(nq);
goto fail;
}
- }
- if (key->rsa->q != NULL) {
- new->rsa->q = BN_dup(key->rsa->q);
- if (new->rsa->q == NULL) {
+ rc = RSA_set0_factors(new->rsa, np, nq);
+ if (rc == 0) {
+ BN_free(np);
+ BN_free(nq);
goto fail;
}
}
- if (key->rsa->dmp1 != NULL) {
- new->rsa->dmp1 = BN_dup(key->rsa->dmp1);
- if (new->rsa->dmp1 == NULL) {
+ RSA_get0_crt_params(key->rsa, &dmp1, &dmq1, &iqmp);
+ if (dmp1 != NULL || dmq1 != NULL || iqmp != NULL) {
+ ndmp1 = BN_dup(dmp1);
+ ndmq1 = BN_dup(dmq1);
+ niqmp = BN_dup(iqmp);
+ if (ndmp1 == NULL || ndmq1 == NULL || niqmp == NULL) {
+ BN_free(ndmp1);
+ BN_free(ndmq1);
+ BN_free(niqmp);
goto fail;
}
- }
- if (key->rsa->dmq1 != NULL) {
- new->rsa->dmq1 = BN_dup(key->rsa->dmq1);
- if (new->rsa->dmq1 == NULL) {
- goto fail;
- }
- }
-
- if (key->rsa->iqmp != NULL) {
- new->rsa->iqmp = BN_dup(key->rsa->iqmp);
- if (new->rsa->iqmp == NULL) {
+ rc = RSA_set0_crt_params(new->rsa, ndmp1, ndmq1, niqmp);
+ if (rc == 0) {
+ BN_free(ndmp1);
+ BN_free(ndmq1);
+ BN_free(niqmp);
goto fail;
}
}
}
break;
+ }
case SSH_KEYTYPE_ECDSA:
#ifdef HAVE_OPENSSL_ECC
new->ecdsa_nid = key->ecdsa_nid;
@@ -466,51 +508,64 @@ int pki_key_compare(const ssh_key k1,
enum ssh_keycmp_e what)
{
switch (k1->type) {
- case SSH_KEYTYPE_DSS:
+ case SSH_KEYTYPE_DSS: {
+ const BIGNUM *p1, *p2, *q1, *q2, *g1, *g2,
+ *pub_key1, *pub_key2, *priv_key1, *priv_key2;
if (DSA_size(k1->dsa) != DSA_size(k2->dsa)) {
return 1;
}
- if (bignum_cmp(k1->dsa->p, k2->dsa->p) != 0) {
+ DSA_get0_pqg(k1->dsa, &p1, &q1, &g1);
+ DSA_get0_pqg(k2->dsa, &p2, &q2, &g2);
+ if (bignum_cmp(p1, p2) != 0) {
return 1;
}
- if (bignum_cmp(k1->dsa->q, k2->dsa->q) != 0) {
+ if (bignum_cmp(q1, q2) != 0) {
return 1;
}
- if (bignum_cmp(k1->dsa->g, k2->dsa->g) != 0) {
+ if (bignum_cmp(g1, g2) != 0) {
return 1;
}
- if (bignum_cmp(k1->dsa->pub_key, k2->dsa->pub_key) != 0) {
+ DSA_get0_key(k1->dsa, &pub_key1, &priv_key1);
+ DSA_get0_key(k2->dsa, &pub_key2, &priv_key2);
+ if (bignum_cmp(pub_key1, pub_key2) != 0) {
return 1;
}
if (what == SSH_KEY_CMP_PRIVATE) {
- if (bignum_cmp(k1->dsa->priv_key, k2->dsa->priv_key) != 0) {
+ if (bignum_cmp(priv_key1, priv_key2) != 0) {
return 1;
}
}
break;
+ }
case SSH_KEYTYPE_RSA:
- case SSH_KEYTYPE_RSA1:
+ case SSH_KEYTYPE_RSA1: {
+ const BIGNUM *e1, *e2, *n1, *n2, *p1, *p2, *q1, *q2;
if (RSA_size(k1->rsa) != RSA_size(k2->rsa)) {
return 1;
}
- if (bignum_cmp(k1->rsa->e, k2->rsa->e) != 0) {
+ RSA_get0_key(k1->rsa, &n1, &e1, NULL);
+ RSA_get0_key(k2->rsa, &n2, &e2, NULL);
+ if (bignum_cmp(e1, e2) != 0) {
return 1;
}
- if (bignum_cmp(k1->rsa->n, k2->rsa->n) != 0) {
+ if (bignum_cmp(n1, n2) != 0) {
return 1;
}
if (what == SSH_KEY_CMP_PRIVATE) {
- if (bignum_cmp(k1->rsa->p, k2->rsa->p) != 0) {
+ RSA_get0_factors(k1->rsa, &p1, &q1);
+ RSA_get0_factors(k2->rsa, &p2, &q2);
+ if (bignum_cmp(p1, p2) != 0) {
return 1;
}
- if (bignum_cmp(k1->rsa->q, k2->rsa->q) != 0) {
+ if (bignum_cmp(q1, q2) != 0) {
return 1;
}
}
break;
+ }
case SSH_KEYTYPE_ECDSA:
#ifdef HAVE_OPENSSL_ECC
{
@@ -819,43 +874,65 @@ int pki_pubkey_build_dss(ssh_key key,
ssh_string q,
ssh_string g,
ssh_string pubkey) {
+ int rc;
+ BIGNUM *bp, *bq, *bg, *bpub_key;
+
key->dsa = DSA_new();
if (key->dsa == NULL) {
return SSH_ERROR;
}
- key->dsa->p = make_string_bn(p);
- key->dsa->q = make_string_bn(q);
- key->dsa->g = make_string_bn(g);
- key->dsa->pub_key = make_string_bn(pubkey);
- if (key->dsa->p == NULL ||
- key->dsa->q == NULL ||
- key->dsa->g == NULL ||
- key->dsa->pub_key == NULL) {
- DSA_free(key->dsa);
- return SSH_ERROR;
+ bp = make_string_bn(p);
+ bq = make_string_bn(q);
+ bg = make_string_bn(g);
+ bpub_key = make_string_bn(pubkey);
+ if (bp == NULL || bq == NULL ||
+ bg == NULL || bpub_key == NULL) {
+ goto fail;
+ }
+
+ rc = DSA_set0_pqg(key->dsa, bp, bq, bg);
+ if (rc == 0) {
+ goto fail;
+ }
+
+ rc = DSA_set0_key(key->dsa, bpub_key, NULL);
+ if (rc == 0) {
+ goto fail;
}
return SSH_OK;
+fail:
+ DSA_free(key->dsa);
+ return SSH_ERROR;
}
int pki_pubkey_build_rsa(ssh_key key,
ssh_string e,
ssh_string n) {
+ int rc;
+ BIGNUM *be, *bn;
+
key->rsa = RSA_new();
if (key->rsa == NULL) {
return SSH_ERROR;
}
- key->rsa->e = make_string_bn(e);
- key->rsa->n = make_string_bn(n);
- if (key->rsa->e == NULL ||
- key->rsa->n == NULL) {
- RSA_free(key->rsa);
- return SSH_ERROR;
+ be = make_string_bn(e);
+ bn = make_string_bn(n);
+ if (be == NULL || bn == NULL) {
+ goto fail;
+ }
+
+ rc = RSA_set0_key(key->rsa, bn, be, NULL);
+ if (rc == 0) {
+ goto fail;
}
return SSH_OK;
+fail:
+ RSA_free(key->rsa);
+ return SSH_ERROR;
}
ssh_string pki_publickey_to_blob(const ssh_key key)
@@ -889,23 +966,26 @@ ssh_string pki_publickey_to_blob(const s
}
switch (key->type) {
- case SSH_KEYTYPE_DSS:
- p = make_bignum_string(key->dsa->p);
+ case SSH_KEYTYPE_DSS: {
+ const BIGNUM *bp, *bq, *bg, *bpub_key;
+ DSA_get0_pqg(key->dsa, &bp, &bq, &bg);
+ p = make_bignum_string((BIGNUM *)bp);
if (p == NULL) {
goto fail;
}
- q = make_bignum_string(key->dsa->q);
+ q = make_bignum_string((BIGNUM *)bq);
if (q == NULL) {
goto fail;
}
- g = make_bignum_string(key->dsa->g);
+ g = make_bignum_string((BIGNUM *)bg);
if (g == NULL) {
goto fail;
}
- n = make_bignum_string(key->dsa->pub_key);
+ DSA_get0_key(key->dsa, &bpub_key, NULL);
+ n = make_bignum_string((BIGNUM *)bpub_key);
if (n == NULL) {
goto fail;
}
@@ -937,14 +1017,17 @@ ssh_string pki_publickey_to_blob(const s
n = NULL;
break;
+ }
case SSH_KEYTYPE_RSA:
- case SSH_KEYTYPE_RSA1:
- e = make_bignum_string(key->rsa->e);
+ case SSH_KEYTYPE_RSA1: {
+ const BIGNUM *be, *bn;
+ RSA_get0_key(key->rsa, &bn, &be, NULL);
+ e = make_bignum_string((BIGNUM *)be);
if (e == NULL) {
goto fail;
}
- n = make_bignum_string(key->rsa->n);
+ n = make_bignum_string((BIGNUM *)bn);
if (n == NULL) {
goto fail;
}
@@ -964,6 +1047,7 @@ ssh_string pki_publickey_to_blob(const s
n = NULL;
break;
+ }
case SSH_KEYTYPE_ECDSA:
#ifdef HAVE_OPENSSL_ECC
rc = ssh_buffer_reinit(buffer);
@@ -1065,13 +1149,15 @@ int pki_export_pubkey_rsa1(const ssh_key
char *e;
char *n;
int rsa_size = RSA_size(key->rsa);
+ const BIGNUM *be, *bn;
- e = bignum_bn2dec(key->rsa->e);
+ RSA_get0_key(key->rsa, &bn, &be, NULL);
+ e = bignum_bn2dec(be);
if (e == NULL) {
return SSH_ERROR;
}
- n = bignum_bn2dec(key->rsa->n);
+ n = bignum_bn2dec(bn);
if (n == NULL) {
OPENSSL_free(e);
return SSH_ERROR;
@@ -1136,6 +1222,7 @@ static ssh_string pki_dsa_signature_to_b
{
char buffer[40] = { 0 };
ssh_string sig_blob = NULL;
+ const BIGNUM *pr, *ps;
ssh_string r;
int r_len, r_offset_in, r_offset_out;
@@ -1143,12 +1230,13 @@ static ssh_string pki_dsa_signature_to_b
ssh_string s;
int s_len, s_offset_in, s_offset_out;
- r = make_bignum_string(sig->dsa_sig->r);
+ DSA_SIG_get0(sig->dsa_sig, &pr, &ps);
+ r = make_bignum_string((BIGNUM *)pr);
if (r == NULL) {
return NULL;
}
- s = make_bignum_string(sig->dsa_sig->s);
+ s = make_bignum_string((BIGNUM *)ps);
if (s == NULL) {
ssh_string_free(r);
return NULL;
@@ -1201,13 +1289,15 @@ ssh_string pki_signature_to_blob(const s
ssh_string s;
ssh_buffer b;
int rc;
+ const BIGNUM *pr, *ps;
b = ssh_buffer_new();
if (b == NULL) {
return NULL;
}
- r = make_bignum_string(sig->ecdsa_sig->r);
+ ECDSA_SIG_get0(sig->ecdsa_sig, &pr, &ps);
+ r = make_bignum_string((BIGNUM *)pr);
if (r == NULL) {
ssh_buffer_free(b);
return NULL;
@@ -1219,7 +1309,7 @@ ssh_string pki_signature_to_blob(const s
return NULL;
}
- s = make_bignum_string(sig->ecdsa_sig->s);
+ s = make_bignum_string((BIGNUM *)ps);
if (s == NULL) {
ssh_buffer_free(b);
return NULL;
@@ -1324,6 +1414,7 @@ ssh_signature pki_signature_from_blob(co
ssh_string s;
size_t len;
int rc;
+ BIGNUM *pr = NULL, *ps = NULL;
sig = ssh_signature_new();
if (sig == NULL) {
@@ -1363,9 +1454,9 @@ ssh_signature pki_signature_from_blob(co
}
ssh_string_fill(r, ssh_string_data(sig_blob), 20);
- sig->dsa_sig->r = make_string_bn(r);
+ pr = make_string_bn(r);
ssh_string_free(r);
- if (sig->dsa_sig->r == NULL) {
+ if (pr == NULL) {
ssh_signature_free(sig);
return NULL;
}
@@ -1377,9 +1468,15 @@ ssh_signature pki_signature_from_blob(co
}
ssh_string_fill(s, (char *)ssh_string_data(sig_blob) + 20, 20);
- sig->dsa_sig->s = make_string_bn(s);
+ ps = make_string_bn(s);
ssh_string_free(s);
- if (sig->dsa_sig->s == NULL) {
+ if (ps == NULL) {
+ ssh_signature_free(sig);
+ return NULL;
+ }
+
+ rc = DSA_SIG_set0(sig->dsa_sig, pr, ps);
+ if (rc == 0) {
ssh_signature_free(sig);
return NULL;
}
@@ -1427,10 +1524,10 @@ ssh_signature pki_signature_from_blob(co
ssh_print_hexa("r", ssh_string_data(r), ssh_string_len(r));
#endif
- make_string_bn_inplace(r, sig->ecdsa_sig->r);
+ pr = make_string_bn(r);
ssh_string_burn(r);
ssh_string_free(r);
- if (sig->ecdsa_sig->r == NULL) {
+ if (pr == NULL) {
ssh_buffer_free(b);
ssh_signature_free(sig);
return NULL;
@@ -1448,10 +1545,16 @@ ssh_signature pki_signature_from_blob(co
ssh_print_hexa("s", ssh_string_data(s), ssh_string_len(s));
#endif
- make_string_bn_inplace(s, sig->ecdsa_sig->s);
+ ps = make_string_bn(s);
ssh_string_burn(s);
ssh_string_free(s);
- if (sig->ecdsa_sig->s == NULL) {
+ if (ps == NULL) {
+ ssh_signature_free(sig);
+ return NULL;
+ }
+
+ rc = ECDSA_SIG_set0(sig->ecdsa_sig, pr, ps);
+ if (rc == 0) {
ssh_signature_free(sig);
return NULL;
}
@@ -1578,8 +1681,12 @@ ssh_signature pki_do_sign(const ssh_key
}
#ifdef DEBUG_CRYPTO
- ssh_print_bignum("r", sig->dsa_sig->r);
- ssh_print_bignum("s", sig->dsa_sig->s);
+ {
+ const BIGNUM *pr, *ps;
+ DSA_SIG_get0(sig->dsa_sig, &pr, &ps);
+ ssh_print_bignum("r", (BIGNUM *) pr);
+ ssh_print_bignum("s", (BIGNUM *) ps);
+ }
#endif
break;
@@ -1601,8 +1708,12 @@ ssh_signature pki_do_sign(const ssh_key
}
# ifdef DEBUG_CRYPTO
- ssh_print_bignum("r", sig->ecdsa_sig->r);
- ssh_print_bignum("s", sig->ecdsa_sig->s);
+ {
+ const BIGNUM *pr, *ps;
+ ECDSA_SIG_get0(sig->ecdsa_sig, &pr, &ps);
+ ssh_print_bignum("r", (BIGNUM *) pr);
+ ssh_print_bignum("s", (BIGNUM *) ps);
+ }
# endif /* DEBUG_CRYPTO */
break;

80
0001-threads-Use-new-API-call-for-OpenSSL-CRYPTO-THREADID.patch
View File

@ -1,80 +0,0 @@
From 2dff359a331c5c9aab2435c470596b0fee7a502a Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@cryptomilk.org>
Date: Sun, 6 Nov 2016 12:07:32 +0100
Subject: [PATCH] threads: Use new API call for OpenSSL CRYPTO THREADID
BUG: https://red.libssh.org/issues/222
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
---
ConfigureChecks.cmake | 3 +++
config.h.cmake | 3 +++
src/threads.c | 19 +++++++++++++++++--
3 files changed, 23 insertions(+), 2 deletions(-)
Index: libssh-0.7.5/ConfigureChecks.cmake
===================================================================
--- libssh-0.7.5.orig/ConfigureChecks.cmake 2017-08-22 09:52:57.756607716 +0200
+++ libssh-0.7.5/ConfigureChecks.cmake 2017-08-22 09:53:16.480897731 +0200
@@ -91,6 +91,10 @@ if (OPENSSL_FOUND)
set(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR})
check_include_file(openssl/ecdsa.h HAVE_OPENSSL_ECDSA_H)
+
+ set(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR})
+ set(CMAKE_REQUIRED_LIBRARIES ${OPENSSL_CRYPTO_LIBRARY})
+ check_function_exists(CRYPTO_THREADID_set_callback HAVE_OPENSSL_CRYPTO_THREADID_SET_CALLBACK)
endif()
if (CMAKE_HAVE_PTHREAD_H)
Index: libssh-0.7.5/config.h.cmake
===================================================================
--- libssh-0.7.5.orig/config.h.cmake 2017-08-22 09:52:41.940362760 +0200
+++ libssh-0.7.5/config.h.cmake 2017-08-22 09:52:57.756607716 +0200
@@ -76,6 +76,9 @@
/*************************** FUNCTIONS ***************************/
+/* Define to 1 if you have the `CRYPTO_THREADID_set_callback' function. */
+#cmakedefine HAVE_OPENSSL_CRYPTO_THREADID_SET_CALLBACK 1
+
/* Define to 1 if you have the `snprintf' function. */
#cmakedefine HAVE_SNPRINTF 1
Index: libssh-0.7.5/src/threads.c
===================================================================
--- libssh-0.7.5.orig/src/threads.c 2017-08-22 09:52:41.944362821 +0200
+++ libssh-0.7.5/src/threads.c 2017-08-22 09:52:57.756607716 +0200
@@ -116,6 +116,15 @@ static void libcrypto_lock_callback(int
}
}
+#ifdef HAVE_OPENSSL_CRYPTO_THREADID_SET_CALLBACK
+static void libcrypto_THREADID_callback(CRYPTO_THREADID *id)
+{
+ unsigned long thread_id = (*user_callbacks->thread_id)();
+
+ CRYPTO_THREADID_set_numeric(id, thread_id);
+}
+#endif /* HAVE_OPENSSL_CRYPTO_THREADID_SET_CALLBACK */
+
static int libcrypto_thread_init(void){
int n=CRYPTO_num_locks();
int i;
@@ -127,8 +136,14 @@ static int libcrypto_thread_init(void){
for (i=0;i<n;++i){
user_callbacks->mutex_init(&libcrypto_mutexes[i]);
}
- CRYPTO_set_id_callback(user_callbacks->thread_id);
- CRYPTO_set_locking_callback(libcrypto_lock_callback);
+
+#ifdef HAVE_OPENSSL_CRYPTO_THREADID_SET_CALLBACK
+ CRYPTO_THREADID_set_callback(libcrypto_THREADID_callback);
+#else
+ CRYPTO_set_id_callback(user_callbacks->thread_id);
+#endif
+
+ CRYPTO_set_locking_callback(libcrypto_lock_callback);
return SSH_OK;
}

16
libssh-0.7.5.tar.asc
View File

@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEjf9T4Y8qvI2PPJIjfuD8TcwBTj0FAljvjLwACgkQfuD8TcwB
Tj1QFQ/+L44oVeYqw7LM8kRRaC7aaMnk5BOew3yGM8EJRB5duHeGAplIhcrAKB99
w1J15/w9B4+LI2NipkBSF3bukXT2HpPLr+uSVwo0pN/jx8EKJ6iK67+uIyLEDvTI
sfqFXrkE/0OQMWoIWLmNPsyZIQ7W+a3iuswhPOpV/oHLnoiGbjYzioJHoV+HaDWt
PKBiHEl/zOCGKF+z7/OZTgsdeEfJ8V5zBJtvcs2VN+jGDt0BOnal55dVo1TCeW6P
wkvNHPpBOydKLOe/RONINdIJWBwmWPOY+FqINqKSIpyOR9oRrvR6xLfn8l21Rz4G
6LZnOQY576G2xds9xnXKQ2viti0c3mhm5bnllfXf8Mtkpougb9772xLWdZjlsP1m
H12ApruuTd4LDniPceY8xVMWo4jLqmz4YdD7O7ql1StTmxgHVRVSUUceftfNd0F1
8OhTRO3ncG7lFXowPsYPhfcdwopGXlJszuuaiOUCfGo37vzGe03/vUiVGGRqNqPY
ToKbNe8VRG3oLyD/u9wcTOaY5MC2Noym/ABCr5DjC7mwHf4dKABq893SMOibZLg1
cPE/MjRD52yi2gR8WbHyjQRG9Xi0v1YUyBPeiaWnccvUWND4GiWjkABVzl22g24W
XZMygDuNxavtw0kRozwpD2Fbj76TFVG5p/9cJXLdGJ4NfrseJT0=
=Y+Av
-----END PGP SIGNATURE-----

3
libssh-0.7.5.tar.xz
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:54e86dd5dc20e5367e58f3caab337ce37675f863f80df85b6b1614966a337095
size 351632

3
libssh-0.8.3.tar.xz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:302f31f606f2368cd3ce77d7a69f7464c18eae176e73e59102e0524401bd29d0
size 422244

16
libssh-0.8.3.tar.xz.asc Normal file
View File

@ -0,0 +1,16 @@
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEjf9T4Y8qvI2PPJIjfuD8TcwBTj0FAlukpGkACgkQfuD8TcwB
Tj3qsA//bPS3hYBbKIChg1+o2s/lAbkjV6mv5LR9gyTljjUAikFNf/AN/yrNLD/H
0sAAD8S2Mj5t4+daUronpX9IJPZtimFB3WoBl+S9J9ybyzpgsspTNv0KZt/O9Vt+
QamOYkMXDtDcqUCHxIzURKiIc6ATsobiUx6EhWOSa8fFsnW6golCJtHzHi5fKsPF
x92J5gZ4jUehZJEiX/LmqFCblLK5qV8g/F+TauWg9jL5m0SNuR0gfDxi3VNV+yeG
gCtneHNrg/Jq9PwI71dIAQ+EDxYARBrLRe7zNSJgZHNuHttyVZaObgO/tFGzAwfj
g+9cuBTHvkKbgM0CodT9ftmdXU8Gt2/3yugfP/FSHUKCy9YgOM5Yo+T8lhAw3Pnt
5ZienZztJwBabui7rWeebhaBSFNuaFUhp1V5HOBT1YjKWlr3yqSGs2PmYYA7Ioeq
ulcyUsNZFXj7hALCxhyBfcwz+USWBpjuxZz5gK5uXbwWcxZUkiRTCXprKiN8jUn/
1/wteO4inm3dpKM3oMuxsk6c64JZnbXkD9vPEP7Fv48nPVVcqs+jk5RPK7iOBUgd
bglc6F05cnUzFz78Lj/FIgEqdYV/vGtxxpwOCRPBDhDWvjbDltN7GkcKQ7ItNd9L
UpMir12LL1Lo32IWxH457dKSCut2/+wGGLcXjUMMhhs/6UDqerg=
=uDol
-----END PGP SIGNATURE-----

81
libssh.changes
View File

@ -1,3 +1,84 @@
-------------------------------------------------------------------
Fri Sep 21 08:32:56 UTC 2018 - Andreas Schneider <asn@cryptomilk.org>
- Update to version 0.8.3
* Added support for rsa-sha2
* Added support to parse private keys in openssh container format
(other than ed25519)
* Added support for diffie-hellman-group18-sha512 and
diffie-hellman-group16-sha512
* Added ssh_get_fingerprint_hash()
* Added ssh_pki_export_privkey_base64()
* Added support for Match keyword in config file
* Improved performance and reduced memory footprint for sftp
* Fixed ecdsa publickey auth
* Fixed reading a closed channel
* Added support to announce posix-rename@openssh.com and
hardlink@openssh.com in the sftp server
- Removed patch: 0001-poll-Fix-size-types-in-ssh_event_free.patch
-------------------------------------------------------------------
Thu Aug 30 06:00:24 UTC 2018 - Andreas Schneider <asn@cryptomilk.org>
- Update to version 0.8.2
* Added sha256 fingerprints for pubkeys
* Improved compiler flag detection
* Fixed race condition in reading sftp messages
* Fixed doxygen generation and added modern style
* Fixed library initialization on Windows
* Fixed __bounded__ attribute detection
* Fixed a bug in the options parser
* Fixed documentation for new knwon_hosts API
- Added patch: 0001-poll-Fix-size-types-in-ssh_event_free.patch
* Fix compiler warning on SLE12
-------------------------------------------------------------------
Mon Aug 27 09:25:49 UTC 2018 - vcizek@suse.com
- Add missing zlib-devel dependency which was previously pulled in
by libopenssl-devel
-------------------------------------------------------------------
Tue Aug 14 13:34:19 UTC 2018 - asn@cryptomilk.org
- Remove the libssh_threads.so symlink
-------------------------------------------------------------------
Mon Aug 13 20:26:03 UTC 2018 - asn@cryptomilk.org
- Update to version 0.8.1
* Fixed version number in the header
* Fixed version number in pkg-config and cmake config
* Fixed library initialization
* Fixed attribute detection
-------------------------------------------------------------------
Fri Aug 10 12:01:17 UTC 2018 - asn@cryptomilk.org
- Update to version 0.8.0
* Removed support for deprecated SSHv1 protocol
* Added new connector API for clients
* Added new known_hosts parsing API
* Added support for OpenSSL 1.1
* Added support for chacha20-poly1305 cipher
* Added crypto backend for mbedtls crypto library
* Added ECDSA support with gcrypt backend
* Added advanced client and server testing using cwrap.org
* Added support for curve25519-sha256 alias
* Added support for global known_hosts file
* Added support for symbol versioning
* Improved ssh_config parsing
* Improved threading support
- Removed 0001-libcrypto-Remove-AES_ctr128_encrypt.patch
- Removed 0001-libcrypto-Introduce-a-libcrypto-compat-file.patch
- Removed 0001-libcrypto-Use-newer-API-for-HMAC.patch
- Removed 0001-libcrypto-Use-a-pointer-for-EVP_MD_CTX.patch
- Removed 0001-libcrypto-Use-a-pointer-for-EVP_CIPHER_CTX.patch
- Removed 0001-pki_crypto-Use-getters-and-setters-for-opaque-keys-a.patch
- Removed 0001-threads-Use-new-API-call-for-OpenSSL-CRYPTO-THREADID.patch
- Removed 0001-cmake-Use-configure-check-for-CRYPTO_ctr128_encrypt.patch
- Removed 0001-config-Bugfix-Dont-skip-unseen-opcodes.patch
-------------------------------------------------------------------
Fri Mar 9 14:12:28 UTC 2018 - jmcdonough@suse.com

BIN
libssh.keyring
View File

Binary file not shown.

101
libssh.spec
View File

@ -12,35 +12,29 @@
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via http://bugs.opensuse.org/
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
%if 0%{?suse_version} >= 1500 || 0%{?sle_version} >= 150000
%bcond_without docs
%else
# We need cmake >= 3.9 to build docs
%bcond_with docs
%endif
Name: libssh
Version: 0.7.5
Version: 0.8.3
Release: 0
Summary: The SSH library
License: LGPL-2.1+
License: LGPL-2.1-or-later
Group: Development/Libraries/C and C++
Url: https://www.libssh.org
# Dynamic number: https://red.libssh.org/projects/libssh/files
Source0: https://red.libssh.org/attachments/download/218/%{name}-%{version}.tar.xz
Source1: https://red.libssh.org/attachments/download/217/%{name}-%{version}.tar.asc
Source2: https://cryptomilk.org/0xCC014E3D-asn@cryptomilk.org-gpg_key.asc#/%{name}.keyring
URL: https://www.libssh.org
Source0: https://www.libssh.org/files/0.8/%{name}-%{version}.tar.xz
Source1: https://www.libssh.org/files/0.8/%{name}-%{version}.tar.xz.asc
Source2: https://cryptomilk.org/gpgkey-8DFF53E18F2ABC8D8F3C92237EE0FC4DCC014E3D.gpg#/%{name}.keyring
Source99: baselibs.conf
# PATCH-FIX-UPSTREAM Upstream patches for OpenSSL 1.1 compatibility (will appear in 0.8 release)
Patch0: 0001-libcrypto-Remove-AES_ctr128_encrypt.patch
Patch1: 0001-libcrypto-Introduce-a-libcrypto-compat-file.patch
Patch2: 0001-libcrypto-Use-newer-API-for-HMAC.patch
Patch3: 0001-libcrypto-Use-a-pointer-for-EVP_MD_CTX.patch
Patch4: 0001-libcrypto-Use-a-pointer-for-EVP_CIPHER_CTX.patch
Patch5: 0001-pki_crypto-Use-getters-and-setters-for-opaque-keys-a.patch
Patch6: 0001-threads-Use-new-API-call-for-OpenSSL-CRYPTO-THREADID.patch
Patch7: 0001-cmake-Use-configure-check-for-CRYPTO_ctr128_encrypt.patch
# END of OpenSSL 1.1 support patches
# PATCH-FIX-UPSTREAM Fix parsing of config files (boo#1067782)
Patch10: 0001-config-Bugfix-Dont-skip-unseen-opcodes.patch
Patch11: 0001-disable-timeout-test-on-slow-buildsystems.patch
Patch0: 0001-disable-timeout-test-on-slow-buildsystems.patch
BuildRequires: cmake
BuildRequires: doxygen
BuildRequires: gcc-c++
@ -49,31 +43,27 @@ BuildRequires: libcmocka-devel
BuildRequires: openssl-devel
BuildRequires: pkgconfig
BuildRequires: xz
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildRequires: zlib-devel
%description
An SSH implementation in the form of a library. With libssh, you can
remotely execute programs, transfer files, use a secure and
transparent tunnel for your remote programs. It supports SFTP as
well.
An SSH implementation in the form of a library. With libssh, you can remotely
execute programs, transfer files, use a secure and transparent tunnel for your
remote programs. It supports SFTP as well.
This package provides libssh from http://www.libssh.org that should not
be confused with libssh2 available from http://www.libssh2.org (libssh2
package)
This package provides libssh from https://www.libssh.org that should not be
confused with libssh2 available from https://www.libssh2.org (libssh2 package)
%package -n libssh4
Summary: SSH library
Group: System/Libraries
%description -n libssh4
An SSH implementation in the form of a library. With libssh, you can
remotely execute programs, transfer files, use a secure and
transparent tunnel for your remote programs. It supports SFTP as
well.
An SSH implementation in the form of a library. With libssh, you can remotely
execute programs, transfer files, use a secure and transparent tunnel for your
remote programs. It supports SFTP as well.
This package provides libssh from http://www.libssh.org that should not
be confused with libssh2 available from http://www.libssh2.org (libssh2
package)
This package provides libssh from https://www.libssh.org that should not be
confused with libssh2 available from https://www.libssh2.org (libssh2 package)
%package devel
Summary: SSH library development headers
@ -84,25 +74,17 @@ Requires: libssh4 = %{version}
%description devel
Development headers for the SSH library.
%if %{with docs}
%package devel-doc
Summary: SSH library API documentation
Group: Documentation/HTML
%description devel-doc
Documentation for libssh development.
%endif # with docs
%prep
%setup -q
%patch0 -p1
%patch1 -p1
%patch2 -p1
%patch3 -p1
%patch4 -p1
%patch5 -p1
%patch6 -p1
%patch7 -p1
%patch10 -p1
%patch11 -p1
%autosetup -p1
%build
@ -114,52 +96,41 @@ Documentation for libssh development.
%cmake \
-DCMAKE_C_FLAGS:STRING="%{optflags} -DOPENSSL_LOAD_CONF" \
-DWITH_CLIENT_TESTING="OFF" \
-DWITH_TESTING="ON" \
-DUNIT_TESTING="ON" \
-DWITH_GSSAPI=ON \
-DWITH_BENCHMARKS="OFF" \
-DWITH_EXAMPLES="OFF" \
-DSLOW_TEST_SYSTEM=%{slow_test_system}
make %{?_smp_mflags}
make %{?_smp_mflags} doc
%if %{with docs}
make %{?_smp_mflags} docs
%endif # with docs
%install
%cmake_install
# remove the static libs, we don't want them installed, needed by tests
rm -rf %{buildroot}%{_libdir}/*.a
%check
cd build
make %{?_smp_mflags} test || {
cat Testing/Temporary/LastTest.log;
exit 1;
}
ctest --output-on-failure
%post -n libssh4 -p /sbin/ldconfig
%postun -n libssh4 -p /sbin/ldconfig
%files -n libssh4
%defattr(-,root,root)
%doc AUTHORS README ChangeLog
%{_libdir}/libssh.so.*
%{_libdir}/libssh_threads.so.*
%files devel
%defattr(-,root,root)
%{_includedir}/libssh
%{_libdir}/libssh.so
%{_libdir}/libssh_threads.so
%{_libdir}/pkgconfig/libssh.pc
%{_libdir}/pkgconfig/libssh_threads.pc
%dir %{_libdir}/cmake/libssh
%{_libdir}/cmake/libssh/libssh-config.cmake
%{_libdir}/cmake/libssh/libssh-config-version.cmake
%if %{with docs}
%files devel-doc
%defattr(-,root,root)
%doc build/doc/html
%endif # with docs
%changelog