openssh: fixes issues with some openssl options

This adds a couple of patches when setting some openssl options: * ECDSA code in openssh-compat.h and libressl-api-compat.c needs to be be guarded by OPENSSL_HAS_ECC; otherwise, it will not build with openssl compiled without ECC support. * Fix openssl version number in openbsd-compat/openssl-compat.c which failed to compile --with-ssl-engine; this option is used when CONFIG_OPENSSL_ENGINE_CRYPTO=y Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com> Signed-off-by: Peter Wagner <tripolar@gmx.at>
2018-10-20 14:06:20 +02:00 · 2018-10-20 14:06:20 +02:00 · 08c5f7cfab
parent 414df31c74
commit 08c5f7cfab
3 changed files with 91 additions and 2 deletions
--- a/net/openssh/Makefile
+++ b/net/openssh/Makefile
@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk

 PKG_NAME:=openssh
 PKG_VERSION:=7.9p1
-PKG_RELEASE:=1
+PKG_RELEASE:=2

 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/ \
@ -23,7 +23,6 @@ PKG_LICENSE_FILES:=LICENCE

 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(BUILD_VARIANT)/$(PKG_NAME)-$(PKG_VERSION)
 PKG_REMOVE_FILES:=
-PKG_FIXUP:=autoreconf

 include $(INCLUDE_DIR)/package.mk

--- a/net/openssh/patches/0001-fix-compilation-with-openssl-built-without-ECC.patch
+++ b/net/openssh/patches/0001-fix-compilation-with-openssl-built-without-ECC.patch
@ -0,0 +1,70 @@
+From 91b777c7064d9d91a1433a42b0bb31592388d1b4 Mon Sep 17 00:00:00 2001
+From: Eneas U de Queiroz <cote2004-github@yahoo.com>
+Date: Tue, 9 Oct 2018 16:17:42 -0300
+Subject: [PATCH] fix compilation with openssl built without ECC
+
+ECDSA code in openssh-compat.h and libressl-api-compat.c needs to be
+guarded by OPENSSL_HAS_ECC
+
+Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
+
+diff --git a/openbsd-compat/libressl-api-compat.c b/openbsd-compat/libressl-api-compat.c
+index de3e64a6..ae00ff59 100644
+--- a/openbsd-compat/libressl-api-compat.c
+++ b/openbsd-compat/libressl-api-compat.c
+@@ -152,7 +152,9 @@
+ #include <openssl/dsa.h>
+ #include <openssl/rsa.h>
+ #include <openssl/evp.h>
+#ifdef OPENSSL_HAS_ECC
+ #include <openssl/ecdsa.h>
+#endif
+ #include <openssl/dh.h>
+ 
+ #ifndef HAVE_DSA_GET0_PQG
+@@ -417,6 +419,7 @@ DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s)
+ }
+ #endif /* HAVE_DSA_SIG_SET0 */
+ 
+#ifdef OPENSSL_HAS_ECC
+ #ifndef HAVE_ECDSA_SIG_GET0
+ void
+ ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps)
+@@ -442,6 +445,7 @@ ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s)
+ 	return 1;
+ }
+ #endif /* HAVE_ECDSA_SIG_SET0 */
+#endif /* OPENSSL_HAS_ECC */
+ 
+ #ifndef HAVE_DH_GET0_PQG
+ void
+diff --git a/openbsd-compat/openssl-compat.h b/openbsd-compat/openssl-compat.h
+index 9e0264c0..6a525f28 100644
+--- a/openbsd-compat/openssl-compat.h
+++ b/openbsd-compat/openssl-compat.h
+@@ -24,7 +24,9 @@
+ #include <openssl/evp.h>
+ #include <openssl/rsa.h>
+ #include <openssl/dsa.h>
+#ifdef OPENSSL_HAS_ECC
+ #include <openssl/ecdsa.h>
+#endif
+ #include <openssl/dh.h>
+ 
+ int ssh_compatible_openssl(long, long);
+@@ -161,6 +163,7 @@ void DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps);
+ int DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s);
+ #endif /* DSA_SIG_SET0 */
+ 
+#ifdef OPENSSL_HAS_ECC
+ #ifndef HAVE_ECDSA_SIG_GET0
+ void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps);
+ #endif /* HAVE_ECDSA_SIG_GET0 */
+@@ -168,6 +171,7 @@ void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps);
+ #ifndef HAVE_ECDSA_SIG_SET0
+ int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s);
+ #endif /* HAVE_ECDSA_SIG_SET0 */
+#endif /* OPENSSL_HAS_ECC */
+ 
+ #ifndef HAVE_DH_GET0_PQG
+ void DH_get0_pqg(const DH *dh, const BIGNUM **p, const BIGNUM **q,
--- a/net/openssh/patches/0002-Fix-OPENSSL_init_crypto-call-for-openssl-1.1.patch
+++ b/net/openssh/patches/0002-Fix-OPENSSL_init_crypto-call-for-openssl-1.1.patch
@ -0,0 +1,20 @@
+From edfc2e18ef069ba600c8f4632ce1e3dc94a0669a Mon Sep 17 00:00:00 2001
+From: Eneas U de Queiroz <cote2004-github@yahoo.com>
+Date: Fri, 19 Oct 2018 10:04:24 -0300
+Subject: [PATCH 2/2] Fix OPENSSL_init_crypto call for openssl < 1.1
+
+Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
+
+diff --git a/openbsd-compat/openssl-compat.c b/openbsd-compat/openssl-compat.c
+index 8b4a3627..590b66d1 100644
+--- a/openbsd-compat/openssl-compat.c
+++ b/openbsd-compat/openssl-compat.c
+@@ -76,7 +76,7 @@ ssh_OpenSSL_add_all_algorithms(void)
+ 	ENGINE_load_builtin_engines();
+ 	ENGINE_register_all_complete();
+ 
+-#if OPENSSL_VERSION_NUMBER < 0x10001000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ 	OPENSSL_config(NULL);
+ #else
+ 	OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS |