rebuild with OpenSSL 1.1.0

libarchive-3.2.1-openssl-1.1.patch

@@ -0,0 +1,365 @@
+diff -up libarchive-3.2.1/libarchive/archive_cryptor.c.openssl-1.1 libarchive-3.2.1/libarchive/archive_cryptor.c
+--- libarchive-3.2.1/libarchive/archive_cryptor.c.openssl-1.1	2016-04-24 23:57:10.000000000 +0200
++++ libarchive-3.2.1/libarchive/archive_cryptor.c	2016-10-11 16:18:16.979989705 +0200
+@@ -302,6 +302,7 @@ aes_ctr_release(archive_crypto_ctx *ctx)
+ static int
+ aes_ctr_init(archive_crypto_ctx *ctx, const uint8_t *key, size_t key_len)
+ {
++	ctx->ctx = EVP_CIPHER_CTX_new();
+ 
+ 	switch (key_len) {
+ 	case 16: ctx->type = EVP_aes_128_ecb(); break;
+@@ -314,7 +315,7 @@ aes_ctr_init(archive_crypto_ctx *ctx, co
+ 	memcpy(ctx->key, key, key_len);
+ 	memset(ctx->nonce, 0, sizeof(ctx->nonce));
+ 	ctx->encr_pos = AES_BLOCK_SIZE;
+-	EVP_CIPHER_CTX_init(&ctx->ctx);
++	EVP_CIPHER_CTX_init(ctx->ctx);
+ 	return 0;
+ }
+ 
+@@ -324,10 +325,10 @@ aes_ctr_encrypt_counter(archive_crypto_c
+ 	int outl = 0;
+ 	int r;
+ 
+-	r = EVP_EncryptInit_ex(&ctx->ctx, ctx->type, NULL, ctx->key, NULL);
++	r = EVP_EncryptInit_ex(ctx->ctx, ctx->type, NULL, ctx->key, NULL);
+ 	if (r == 0)
+ 		return -1;
+-	r = EVP_EncryptUpdate(&ctx->ctx, ctx->encr_buf, &outl, ctx->nonce,
++	r = EVP_EncryptUpdate(ctx->ctx, ctx->encr_buf, &outl, ctx->nonce,
+ 	    AES_BLOCK_SIZE);
+ 	if (r == 0 || outl != AES_BLOCK_SIZE)
+ 		return -1;
+@@ -337,7 +338,7 @@ aes_ctr_encrypt_counter(archive_crypto_c
+ static int
+ aes_ctr_release(archive_crypto_ctx *ctx)
+ {
+-	EVP_CIPHER_CTX_cleanup(&ctx->ctx);
++	EVP_CIPHER_CTX_free(ctx->ctx);
+ 	memset(ctx->key, 0, ctx->key_len);
+ 	memset(ctx->nonce, 0, sizeof(ctx->nonce));
+ 	return 0;
+diff -up libarchive-3.2.1/libarchive/archive_cryptor_private.h.openssl-1.1 libarchive-3.2.1/libarchive/archive_cryptor_private.h
+--- libarchive-3.2.1/libarchive/archive_cryptor_private.h.openssl-1.1	2016-04-24 23:56:47.000000000 +0200
++++ libarchive-3.2.1/libarchive/archive_cryptor_private.h	2016-10-11 16:18:16.979989705 +0200
+@@ -104,7 +104,7 @@ typedef struct {
+ #define AES_MAX_KEY_SIZE 32
+ 
+ typedef struct {
+-	EVP_CIPHER_CTX	ctx;
++	EVP_CIPHER_CTX	*ctx;
+ 	const EVP_CIPHER *type;
+ 	uint8_t		key[AES_MAX_KEY_SIZE];
+ 	unsigned	key_len;
+diff -up libarchive-3.2.1/libarchive/archive_digest.c.openssl-1.1 libarchive-3.2.1/libarchive/archive_digest.c
+--- libarchive-3.2.1/libarchive/archive_digest.c.openssl-1.1	2015-09-05 06:24:18.000000000 +0200
++++ libarchive-3.2.1/libarchive/archive_digest.c	2016-10-11 16:31:25.785624324 +0200
+@@ -207,7 +207,9 @@ __archive_nettle_md5final(archive_md5_ct
+ static int
+ __archive_openssl_md5init(archive_md5_ctx *ctx)
+ {
+-  EVP_DigestInit(ctx, EVP_md5());
++  if ((*ctx = EVP_MD_CTX_new()) == NULL)
++	return (ARCHIVE_FAILED);
++  EVP_DigestInit(*ctx, EVP_md5());
+   return (ARCHIVE_OK);
+ }
+ 
+@@ -215,7 +217,7 @@ static int
+ __archive_openssl_md5update(archive_md5_ctx *ctx, const void *indata,
+     size_t insize)
+ {
+-  EVP_DigestUpdate(ctx, indata, insize);
++  EVP_DigestUpdate(*ctx, indata, insize);
+   return (ARCHIVE_OK);
+ }
+ 
+@@ -226,8 +228,11 @@ __archive_openssl_md5final(archive_md5_c
+    * this is meant to cope with that. Real fix is probably to fix
+    * archive_write_set_format_xar.c
+    */
+-  if (ctx->digest)
+-    EVP_DigestFinal(ctx, md, NULL);
++  if (*ctx) {
++    EVP_DigestFinal(*ctx, md, NULL);
++    EVP_MD_CTX_free(*ctx);
++    *ctx = NULL;
++  }
+   return (ARCHIVE_OK);
+ }
+ 
+@@ -359,7 +364,9 @@ __archive_nettle_ripemd160final(archive_
+ static int
+ __archive_openssl_ripemd160init(archive_rmd160_ctx *ctx)
+ {
+-  EVP_DigestInit(ctx, EVP_ripemd160());
++  if ((*ctx = EVP_MD_CTX_new()) == NULL)
++	return (ARCHIVE_FAILED);
++  EVP_DigestInit(*ctx, EVP_ripemd160());
+   return (ARCHIVE_OK);
+ }
+ 
+@@ -367,14 +374,18 @@ static int
+ __archive_openssl_ripemd160update(archive_rmd160_ctx *ctx, const void *indata,
+     size_t insize)
+ {
+-  EVP_DigestUpdate(ctx, indata, insize);
++  EVP_DigestUpdate(*ctx, indata, insize);
+   return (ARCHIVE_OK);
+ }
+ 
+ static int
+ __archive_openssl_ripemd160final(archive_rmd160_ctx *ctx, void *md)
+ {
+-  EVP_DigestFinal(ctx, md, NULL);
++  if (*ctx) {
++    EVP_DigestFinal(*ctx, md, NULL);
++    EVP_MD_CTX_free(*ctx);
++    *ctx = NULL;
++  }
+   return (ARCHIVE_OK);
+ }
+ 
+@@ -509,7 +520,9 @@ __archive_nettle_sha1final(archive_sha1_
+ static int
+ __archive_openssl_sha1init(archive_sha1_ctx *ctx)
+ {
+-  EVP_DigestInit(ctx, EVP_sha1());
++  if ((*ctx = EVP_MD_CTX_new()) == NULL)
++	return (ARCHIVE_FAILED);
++  EVP_DigestInit(*ctx, EVP_sha1());
+   return (ARCHIVE_OK);
+ }
+ 
+@@ -517,7 +530,7 @@ static int
+ __archive_openssl_sha1update(archive_sha1_ctx *ctx, const void *indata,
+     size_t insize)
+ {
+-  EVP_DigestUpdate(ctx, indata, insize);
++  EVP_DigestUpdate(*ctx, indata, insize);
+   return (ARCHIVE_OK);
+ }
+ 
+@@ -528,8 +541,11 @@ __archive_openssl_sha1final(archive_sha1
+    * this is meant to cope with that. Real fix is probably to fix
+    * archive_write_set_format_xar.c
+    */
+-  if (ctx->digest)
+-    EVP_DigestFinal(ctx, md, NULL);
++  if (*ctx) {
++    EVP_DigestFinal(*ctx, md, NULL);
++    EVP_MD_CTX_free(*ctx);
++    *ctx = NULL;
++  }
+   return (ARCHIVE_OK);
+ }
+ 
+@@ -733,7 +749,9 @@ __archive_nettle_sha256final(archive_sha
+ static int
+ __archive_openssl_sha256init(archive_sha256_ctx *ctx)
+ {
+-  EVP_DigestInit(ctx, EVP_sha256());
++  if ((*ctx = EVP_MD_CTX_new()) == NULL)
++	return (ARCHIVE_FAILED);
++  EVP_DigestInit(*ctx, EVP_sha256());
+   return (ARCHIVE_OK);
+ }
+ 
+@@ -741,14 +759,18 @@ static int
+ __archive_openssl_sha256update(archive_sha256_ctx *ctx, const void *indata,
+     size_t insize)
+ {
+-  EVP_DigestUpdate(ctx, indata, insize);
++  EVP_DigestUpdate(*ctx, indata, insize);
+   return (ARCHIVE_OK);
+ }
+ 
+ static int
+ __archive_openssl_sha256final(archive_sha256_ctx *ctx, void *md)
+ {
+-  EVP_DigestFinal(ctx, md, NULL);
++  if (*ctx) {
++    EVP_DigestFinal(*ctx, md, NULL);
++    EVP_MD_CTX_free(*ctx);
++    *ctx = NULL;
++  }
+   return (ARCHIVE_OK);
+ }
+ 
+@@ -928,7 +950,9 @@ __archive_nettle_sha384final(archive_sha
+ static int
+ __archive_openssl_sha384init(archive_sha384_ctx *ctx)
+ {
+-  EVP_DigestInit(ctx, EVP_sha384());
++  if ((*ctx = EVP_MD_CTX_new()) == NULL)
++	return (ARCHIVE_FAILED);
++  EVP_DigestInit(*ctx, EVP_sha384());
+   return (ARCHIVE_OK);
+ }
+ 
+@@ -936,14 +960,18 @@ static int
+ __archive_openssl_sha384update(archive_sha384_ctx *ctx, const void *indata,
+     size_t insize)
+ {
+-  EVP_DigestUpdate(ctx, indata, insize);
++  EVP_DigestUpdate(*ctx, indata, insize);
+   return (ARCHIVE_OK);
+ }
+ 
+ static int
+ __archive_openssl_sha384final(archive_sha384_ctx *ctx, void *md)
+ {
+-  EVP_DigestFinal(ctx, md, NULL);
++  if (*ctx) {
++    EVP_DigestFinal(*ctx, md, NULL);
++    EVP_MD_CTX_free(*ctx);
++    *ctx = NULL;
++  }
+   return (ARCHIVE_OK);
+ }
+ 
+@@ -1147,7 +1175,9 @@ __archive_nettle_sha512final(archive_sha
+ static int
+ __archive_openssl_sha512init(archive_sha512_ctx *ctx)
+ {
+-  EVP_DigestInit(ctx, EVP_sha512());
++  if ((*ctx = EVP_MD_CTX_new()) == NULL)
++	return (ARCHIVE_FAILED);
++  EVP_DigestInit(*ctx, EVP_sha512());
+   return (ARCHIVE_OK);
+ }
+ 
+@@ -1155,14 +1185,18 @@ static int
+ __archive_openssl_sha512update(archive_sha512_ctx *ctx, const void *indata,
+     size_t insize)
+ {
+-  EVP_DigestUpdate(ctx, indata, insize);
++  EVP_DigestUpdate(*ctx, indata, insize);
+   return (ARCHIVE_OK);
+ }
+ 
+ static int
+ __archive_openssl_sha512final(archive_sha512_ctx *ctx, void *md)
+ {
+-  EVP_DigestFinal(ctx, md, NULL);
++  if (*ctx) {
++    EVP_DigestFinal(*ctx, md, NULL);
++    EVP_MD_CTX_free(*ctx);
++    *ctx = NULL;
++  }
+   return (ARCHIVE_OK);
+ }
+ 
+diff -up libarchive-3.2.1/libarchive/archive_digest_private.h.openssl-1.1 libarchive-3.2.1/libarchive/archive_digest_private.h
+--- libarchive-3.2.1/libarchive/archive_digest_private.h.openssl-1.1	2015-09-05 06:24:18.000000000 +0200
++++ libarchive-3.2.1/libarchive/archive_digest_private.h	2016-10-11 16:20:24.348996576 +0200
+@@ -161,7 +161,7 @@ typedef CC_MD5_CTX archive_md5_ctx;
+ #elif defined(ARCHIVE_CRYPTO_MD5_NETTLE)
+ typedef struct md5_ctx archive_md5_ctx;
+ #elif defined(ARCHIVE_CRYPTO_MD5_OPENSSL)
+-typedef EVP_MD_CTX archive_md5_ctx;
++typedef EVP_MD_CTX *archive_md5_ctx;
+ #elif defined(ARCHIVE_CRYPTO_MD5_WIN)
+ typedef Digest_CTX archive_md5_ctx;
+ #else
+@@ -175,7 +175,7 @@ typedef RIPEMD160_CTX archive_rmd160_ctx
+ #elif defined(ARCHIVE_CRYPTO_RMD160_NETTLE)
+ typedef struct ripemd160_ctx archive_rmd160_ctx;
+ #elif defined(ARCHIVE_CRYPTO_RMD160_OPENSSL)
+-typedef EVP_MD_CTX archive_rmd160_ctx;
++typedef EVP_MD_CTX *archive_rmd160_ctx;
+ #else
+ typedef unsigned char archive_rmd160_ctx;
+ #endif
+@@ -189,7 +189,7 @@ typedef CC_SHA1_CTX archive_sha1_ctx;
+ #elif defined(ARCHIVE_CRYPTO_SHA1_NETTLE)
+ typedef struct sha1_ctx archive_sha1_ctx;
+ #elif defined(ARCHIVE_CRYPTO_SHA1_OPENSSL)
+-typedef EVP_MD_CTX archive_sha1_ctx;
++typedef EVP_MD_CTX *archive_sha1_ctx;
+ #elif defined(ARCHIVE_CRYPTO_SHA1_WIN)
+ typedef Digest_CTX archive_sha1_ctx;
+ #else
+@@ -209,7 +209,7 @@ typedef CC_SHA256_CTX archive_sha256_ctx
+ #elif defined(ARCHIVE_CRYPTO_SHA256_NETTLE)
+ typedef struct sha256_ctx archive_sha256_ctx;
+ #elif defined(ARCHIVE_CRYPTO_SHA256_OPENSSL)
+-typedef EVP_MD_CTX archive_sha256_ctx;
++typedef EVP_MD_CTX *archive_sha256_ctx;
+ #elif defined(ARCHIVE_CRYPTO_SHA256_WIN)
+ typedef Digest_CTX archive_sha256_ctx;
+ #else
+@@ -227,7 +227,7 @@ typedef CC_SHA512_CTX archive_sha384_ctx
+ #elif defined(ARCHIVE_CRYPTO_SHA384_NETTLE)
+ typedef struct sha384_ctx archive_sha384_ctx;
+ #elif defined(ARCHIVE_CRYPTO_SHA384_OPENSSL)
+-typedef EVP_MD_CTX archive_sha384_ctx;
++typedef EVP_MD_CTX *archive_sha384_ctx;
+ #elif defined(ARCHIVE_CRYPTO_SHA384_WIN)
+ typedef Digest_CTX archive_sha384_ctx;
+ #else
+@@ -247,7 +247,7 @@ typedef CC_SHA512_CTX archive_sha512_ctx
+ #elif defined(ARCHIVE_CRYPTO_SHA512_NETTLE)
+ typedef struct sha512_ctx archive_sha512_ctx;
+ #elif defined(ARCHIVE_CRYPTO_SHA512_OPENSSL)
+-typedef EVP_MD_CTX archive_sha512_ctx;
++typedef EVP_MD_CTX *archive_sha512_ctx;
+ #elif defined(ARCHIVE_CRYPTO_SHA512_WIN)
+ typedef Digest_CTX archive_sha512_ctx;
+ #else
+diff -up libarchive-3.2.1/libarchive/archive_hmac.c.openssl-1.1 libarchive-3.2.1/libarchive/archive_hmac.c
+--- libarchive-3.2.1/libarchive/archive_hmac.c.openssl-1.1	2016-04-24 23:57:03.000000000 +0200
++++ libarchive-3.2.1/libarchive/archive_hmac.c	2016-10-11 16:25:54.074787000 +0200
+@@ -176,8 +176,10 @@ __hmac_sha1_cleanup(archive_hmac_sha1_ct
+ static int
+ __hmac_sha1_init(archive_hmac_sha1_ctx *ctx, const uint8_t *key, size_t key_len)
+ {
+-	HMAC_CTX_init(ctx);
+-	HMAC_Init(ctx, key, key_len, EVP_sha1());
++	*ctx = HMAC_CTX_new();
++	if (*ctx == NULL)
++		return -1;
++	HMAC_Init_ex(*ctx, key, key_len, EVP_sha1(), NULL);
+ 	return 0;
+ }
+ 
+@@ -185,22 +187,22 @@ static void
+ __hmac_sha1_update(archive_hmac_sha1_ctx *ctx, const uint8_t *data,
+     size_t data_len)
+ {
+-	HMAC_Update(ctx, data, data_len);
++	HMAC_Update(*ctx, data, data_len);
+ }
+ 
+ static void
+ __hmac_sha1_final(archive_hmac_sha1_ctx *ctx, uint8_t *out, size_t *out_len)
+ {
+ 	unsigned int len = (unsigned int)*out_len;
+-	HMAC_Final(ctx, out, &len);
++	HMAC_Final(*ctx, out, &len);
+ 	*out_len = len;
+ }
+ 
+ static void
+ __hmac_sha1_cleanup(archive_hmac_sha1_ctx *ctx)
+ {
+-	HMAC_CTX_cleanup(ctx);
+-	memset(ctx, 0, sizeof(*ctx));
++	HMAC_CTX_free(*ctx);
++	*ctx = NULL;
+ }
+ 
+ #else
+diff -up libarchive-3.2.1/libarchive/archive_hmac_private.h.openssl-1.1 libarchive-3.2.1/libarchive/archive_hmac_private.h
+--- libarchive-3.2.1/libarchive/archive_hmac_private.h.openssl-1.1	2016-04-24 23:56:55.000000000 +0200
++++ libarchive-3.2.1/libarchive/archive_hmac_private.h	2016-10-11 16:18:16.979989705 +0200
+@@ -72,7 +72,7 @@ typedef	struct hmac_sha1_ctx archive_hma
+ #elif defined(HAVE_LIBCRYPTO)
+ #include <openssl/hmac.h>
+ 
+-typedef	HMAC_CTX archive_hmac_sha1_ctx;
++typedef	HMAC_CTX* archive_hmac_sha1_ctx;
+ 
+ #else
+ 

libarchive.spec

@@ -1,6 +1,6 @@
 Name:           libarchive
 Version:        3.2.1
-Release:        4%{?dist}
+Release:        5%{?dist}
 Summary:        A library for handling streaming archive formats
 
 License:        BSD
@@ -13,6 +13,8 @@ Patch0:         RHBZ#1378669.patch
 Patch1:         RHBZ#1378668.patch
 # stack based buffer overflow in bsdtar_expand_char (util.c)
 Patch2:         RHBZ#1378666.patch
+# Make it build with OpenSSL 1.1.0
+Patch3:         libarchive-3.2.1-openssl-1.1.patch
 
 BuildRequires:  bison
 BuildRequires:  sharutils
@@ -218,6 +220,9 @@ run_testsuite
 
 
 %changelog
+* Tue Oct 11 2016 Tomáš Mráz <tmraz@redhat.com> - 3.2.1-5
+- rebuild with OpenSSL 1.1.0
+
 * Mon Sep 26 2016 Tomas Repik <trepik@redhat.com> - 3.2.1-4
 - fix some stack and heap overflows
 - resolves (rhbz#1378669, rhbz#1378668, rhbz#1378666)