rpms/openssh
7
0
Fork 1
Code Issues Pull Requests Releases Activity

Address issues of another PR#48 review

Browse Source
This commit is contained in:
Jakub Jelen 2017-10-18 14:48:25 +02:00
parent c08aa4b8b1
commit e0e7ed914b
1 changed files with 19 additions and 163 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

182
openssh-7.3p1-openssl-1.1.0.patch
View File

@ -156,7 +156,7 @@ diff -up openssh/dh.c.openssl openssh/dh.c
dh_new_group_asc(const char *gen, const char *modulus)
{
DH *dh;
+ BIGNUM *p, *g;
+ BIGNUM *p = NULL, *g = NULL;
- if ((dh = DH_new()) == NULL)
- return NULL;
@ -225,7 +225,7 @@ diff -up openssh/digest-openssl.c.openssl openssh/digest-openssl.c
}
struct ssh_digest_ctx *
@@ -118,8 +118,9 @@ ssh_digest_start(int alg)
@@ -118,8 +118,10 @@ ssh_digest_start(int alg)
if (digest == NULL || ((ret = calloc(1, sizeof(*ret))) == NULL))
return NULL;
ret->alg = alg;
@ -234,6 +234,7 @@ diff -up openssh/digest-openssl.c.openssl openssh/digest-openssl.c
+ ret->mdctx = EVP_MD_CTX_new();
+ if (ret->mdctx == NULL ||
+ EVP_DigestInit_ex(ret->mdctx, digest->mdfunc(), NULL) != 1) {
+ EVP_MD_CTX_free(ret->mdctx);
free(ret);
return NULL;
}
@ -730,7 +731,7 @@ diff -up openssh/kexgsss.c.openssl openssh/kexgsss.c
diff -up openssh/libcrypto-compat.c.openssl openssh/libcrypto-compat.c
--- openssh/libcrypto-compat.c.openssl 2017-09-26 13:19:31.798249703 +0200
+++ openssh/libcrypto-compat.c 2017-09-26 13:19:31.798249703 +0200
@@ -0,0 +1,546 @@
@@ -0,0 +1,428 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
@ -1013,27 +1014,6 @@ diff -up openssh/libcrypto-compat.c.openssl openssh/libcrypto-compat.c
+ *priv_key = dh->priv_key;
+}
+
+int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key)
+{
+ /* If the field pub_key in dh is NULL, the corresponding input
+ * parameters MUST be non-NULL. The priv_key field may
+ * be left NULL.
+ */
+ if (dh->pub_key == NULL && pub_key == NULL)
+ return 0;
+
+ if (pub_key != NULL) {
+ BN_free(dh->pub_key);
+ dh->pub_key = pub_key;
+ }
+ if (priv_key != NULL) {
+ BN_free(dh->priv_key);
+ dh->priv_key = priv_key;
+ }
+
+ return 1;
+}
+
+int DH_set_length(DH *dh, long length)
+{
+ dh->length = length;
@ -1179,108 +1159,11 @@ diff -up openssh/libcrypto-compat.c.openssl openssh/libcrypto-compat.c
+ return pkey->pkey.rsa;
+}
+
+EVP_CIPHER *EVP_CIPHER_meth_new(int cipher_type, int block_size, int key_len)
+{
+ EVP_CIPHER *cipher = OPENSSL_zalloc(sizeof(EVP_CIPHER));
+
+ if (cipher != NULL) {
+ cipher->nid = cipher_type;
+ cipher->block_size = block_size;
+ cipher->key_len = key_len;
+ }
+ return cipher;
+}
+
+void EVP_CIPHER_meth_free(EVP_CIPHER *cipher)
+{
+ OPENSSL_free(cipher);
+}
+
+int EVP_CIPHER_meth_set_iv_length(EVP_CIPHER *cipher, int iv_len)
+{
+ cipher->iv_len = iv_len;
+ return 1;
+}
+
+int EVP_CIPHER_meth_set_flags(EVP_CIPHER *cipher, unsigned long flags)
+{
+ cipher->flags = flags;
+ return 1;
+}
+
+int EVP_CIPHER_meth_set_init(EVP_CIPHER *cipher,
+ int (*init) (EVP_CIPHER_CTX *ctx,
+ const unsigned char *key,
+ const unsigned char *iv,
+ int enc))
+{
+ cipher->init = init;
+ return 1;
+}
+
+int EVP_CIPHER_meth_set_do_cipher(EVP_CIPHER *cipher,
+ int (*do_cipher) (EVP_CIPHER_CTX *ctx,
+ unsigned char *out,
+ const unsigned char *in,
+ size_t inl))
+{
+ cipher->do_cipher = do_cipher;
+ return 1;
+}
+
+int EVP_CIPHER_meth_set_cleanup(EVP_CIPHER *cipher,
+ int (*cleanup) (EVP_CIPHER_CTX *))
+{
+ cipher->cleanup = cleanup;
+ return 1;
+}
+
+int EVP_CIPHER_meth_set_ctrl(EVP_CIPHER *cipher,
+ int (*ctrl) (EVP_CIPHER_CTX *, int type,
+ int arg, void *ptr))
+{
+ cipher->ctrl = ctrl;
+ return 1;
+}
+
+int (*EVP_CIPHER_meth_get_init(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *ctx,
+ const unsigned char *key,
+ const unsigned char *iv,
+ int enc)
+{
+ return cipher->init;
+}
+
+int (*EVP_CIPHER_meth_get_do_cipher(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *ctx,
+ unsigned char *out,
+ const unsigned char *in,
+ size_t inl)
+{
+ return cipher->do_cipher;
+}
+
+int (*EVP_CIPHER_meth_get_cleanup(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *)
+{
+ return cipher->cleanup;
+}
+
+int (*EVP_CIPHER_meth_get_ctrl(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *,
+ int type, int arg,
+ void *ptr)
+{
+ return cipher->ctrl;
+}
+
+int EVP_CIPHER_CTX_encrypting(const EVP_CIPHER_CTX *ctx)
+{
+ return ctx->encrypt;
+}
+
+#endif /* OPENSSL_VERSION_NUMBER */
diff -up openssh/libcrypto-compat.h.openssl openssh/libcrypto-compat.h
--- openssh/libcrypto-compat.h.openssl 2017-09-26 13:19:31.798249703 +0200
+++ openssh/libcrypto-compat.h 2017-09-26 13:19:31.798249703 +0200
@@ -0,0 +1,98 @@
@@ -0,0 +1,59 @@
+#ifndef LIBCRYPTO_COMPAT_H
+#define LIBCRYPTO_COMPAT_H
+
@ -1313,7 +1196,6 @@ diff -up openssh/libcrypto-compat.h.openssl openssh/libcrypto-compat.h
+void DH_get0_pqg(const DH *dh, const BIGNUM **p, const BIGNUM **q, const BIGNUM **g);
+int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g);
+void DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key);
+int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key);
+int DH_set_length(DH *dh, long length);
+
+const unsigned char *EVP_CIPHER_CTX_iv(const EVP_CIPHER_CTX *ctx);
@ -1337,44 +1219,6 @@ diff -up openssh/libcrypto-compat.h.openssl openssh/libcrypto-compat.h
+
+RSA *EVP_PKEY_get0_RSA(EVP_PKEY *pkey);
+
+EVP_CIPHER *EVP_CIPHER_meth_new(int cipher_type, int block_size, int key_len);
+void EVP_CIPHER_meth_free(EVP_CIPHER *cipher);
+
+int EVP_CIPHER_meth_set_iv_length(EVP_CIPHER *cipher, int iv_len);
+int EVP_CIPHER_meth_set_flags(EVP_CIPHER *cipher, unsigned long flags);
+int EVP_CIPHER_meth_set_init(EVP_CIPHER *cipher,
+ int (*init) (EVP_CIPHER_CTX *ctx,
+ const unsigned char *key,
+ const unsigned char *iv,
+ int enc));
+int EVP_CIPHER_meth_set_do_cipher(EVP_CIPHER *cipher,
+ int (*do_cipher) (EVP_CIPHER_CTX *ctx,
+ unsigned char *out,
+ const unsigned char *in,
+ size_t inl));
+int EVP_CIPHER_meth_set_cleanup(EVP_CIPHER *cipher,
+ int (*cleanup) (EVP_CIPHER_CTX *));
+int EVP_CIPHER_meth_set_ctrl(EVP_CIPHER *cipher,
+ int (*ctrl) (EVP_CIPHER_CTX *, int type,
+ int arg, void *ptr));
+
+int (*EVP_CIPHER_meth_get_init(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *ctx,
+ const unsigned char *key,
+ const unsigned char *iv,
+ int enc);
+int (*EVP_CIPHER_meth_get_do_cipher(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *ctx,
+ unsigned char *out,
+ const unsigned char *in,
+ size_t inl);
+int (*EVP_CIPHER_meth_get_cleanup(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *);
+int (*EVP_CIPHER_meth_get_ctrl(const EVP_CIPHER *cipher))(EVP_CIPHER_CTX *,
+ int type, int arg,
+ void *ptr);
+
+#define EVP_CIPHER_CTX_reset(c) EVP_CIPHER_CTX_init(c)
+
+int EVP_CIPHER_CTX_encrypting(const EVP_CIPHER_CTX *ctx);
+
+#endif /* OPENSSL_VERSION_NUMBER */
+
+#endif /* LIBCRYPTO_COMPAT_H */
@ -2652,7 +2496,7 @@ diff -up openssh/sshkey.h.openssl openssh/sshkey.h
diff -up openssh/ssh-pkcs11-client.c.openssl openssh/ssh-pkcs11-client.c
--- openssh/ssh-pkcs11-client.c.openssl 2017-09-19 06:26:43.000000000 +0200
+++ openssh/ssh-pkcs11-client.c 2017-09-26 13:19:31.803249734 +0200
@@ -143,12 +143,14 @@ pkcs11_rsa_private_encrypt(int flen, con
@@ -143,12 +143,16 @@ pkcs11_rsa_private_encrypt(int flen, con
static int
wrap_key(RSA *rsa)
{
@ -2665,6 +2509,8 @@ diff -up openssh/ssh-pkcs11-client.c.openssl openssh/ssh-pkcs11-client.c
- RSA_set_method(rsa, &helper_rsa);
+ if (helper_rsa == NULL) {
+ helper_rsa = RSA_meth_dup(RSA_get_default_method());
+ if (helper_rsa == NULL)
+ error("RSA_meth_dup failed");
+ RSA_meth_set1_name(helper_rsa, "ssh-pkcs11-helper");
+ RSA_meth_set_priv_enc(helper_rsa, pkcs11_rsa_private_encrypt);
+ }
@ -2684,6 +2530,14 @@ diff -up openssh/ssh-pkcs11.c.openssl openssh/ssh-pkcs11.c
char *keyid;
int keyid_len;
};
@@ -183,6 +183,7 @@ pkcs11_rsa_finish(RSA *rsa)
if (k11->provider)
pkcs11_provider_unref(k11->provider);
free(k11->keyid);
+ RSA_meth_free(k11->rsa_method);
free(k11);
}
return (rv);
@@ -326,13 +326,21 @@ pkcs11_rsa_wrap(struct pkcs11_provider *
k11->keyid = xmalloc(k11->keyid_len);
memcpy(k11->keyid, keyid_attrib->pValue, k11->keyid_len);
@ -2721,7 +2575,7 @@ diff -up openssh/ssh-pkcs11.c.openssl openssh/ssh-pkcs11.c
f = p->function_list;
session = p->slotinfo[slotidx].session;
@@ -512,10 +521,14 @@ pkcs11_fetch_keys_filter(struct pkcs11_p
@@ -512,10 +521,16 @@ pkcs11_fetch_keys_filter(struct pkcs11_p
if ((rsa = RSA_new()) == NULL) {
error("RSA_new failed");
} else {
@ -2733,6 +2587,8 @@ diff -up openssh/ssh-pkcs11.c.openssl openssh/ssh-pkcs11.c
- rsa->e = BN_bin2bn(attribs[2].pValue,
+ rsa_e = BN_bin2bn(attribs[2].pValue,
attribs[2].ulValueLen, NULL);
+ if (rsa_n == NULL || rsa_e == NULL)
+ error("BN_bin2bn failed");
+ if (RSA_set0_key(rsa, rsa_n, rsa_e, NULL) == 0)
+ error("RSA_set0_key failed");
}