openssh: fixes issues with some openssl options
This adds a couple of patches when setting some openssl options: * ECDSA code in openssh-compat.h and libressl-api-compat.c needs to be be guarded by OPENSSL_HAS_ECC; otherwise, it will not build with openssl compiled without ECC support. * Fix openssl version number in openbsd-compat/openssl-compat.c which failed to compile --with-ssl-engine; this option is used when CONFIG_OPENSSL_ENGINE_CRYPTO=y Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com> Signed-off-by: Peter Wagner <tripolar@gmx.at>
This commit is contained in:
parent
414df31c74
commit
08c5f7cfab
|
@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
|
|||
|
||||
PKG_NAME:=openssh
|
||||
PKG_VERSION:=7.9p1
|
||||
PKG_RELEASE:=1
|
||||
PKG_RELEASE:=2
|
||||
|
||||
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
|
||||
PKG_SOURCE_URL:=https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/ \
|
||||
|
@ -23,7 +23,6 @@ PKG_LICENSE_FILES:=LICENCE
|
|||
|
||||
PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(BUILD_VARIANT)/$(PKG_NAME)-$(PKG_VERSION)
|
||||
PKG_REMOVE_FILES:=
|
||||
PKG_FIXUP:=autoreconf
|
||||
|
||||
include $(INCLUDE_DIR)/package.mk
|
||||
|
||||
|
|
|
@ -0,0 +1,70 @@
|
|||
From 91b777c7064d9d91a1433a42b0bb31592388d1b4 Mon Sep 17 00:00:00 2001
|
||||
From: Eneas U de Queiroz <cote2004-github@yahoo.com>
|
||||
Date: Tue, 9 Oct 2018 16:17:42 -0300
|
||||
Subject: [PATCH] fix compilation with openssl built without ECC
|
||||
|
||||
ECDSA code in openssh-compat.h and libressl-api-compat.c needs to be
|
||||
guarded by OPENSSL_HAS_ECC
|
||||
|
||||
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
|
||||
|
||||
diff --git a/openbsd-compat/libressl-api-compat.c b/openbsd-compat/libressl-api-compat.c
|
||||
index de3e64a6..ae00ff59 100644
|
||||
--- a/openbsd-compat/libressl-api-compat.c
|
||||
+++ b/openbsd-compat/libressl-api-compat.c
|
||||
@@ -152,7 +152,9 @@
|
||||
#include <openssl/dsa.h>
|
||||
#include <openssl/rsa.h>
|
||||
#include <openssl/evp.h>
|
||||
+#ifdef OPENSSL_HAS_ECC
|
||||
#include <openssl/ecdsa.h>
|
||||
+#endif
|
||||
#include <openssl/dh.h>
|
||||
|
||||
#ifndef HAVE_DSA_GET0_PQG
|
||||
@@ -417,6 +419,7 @@ DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s)
|
||||
}
|
||||
#endif /* HAVE_DSA_SIG_SET0 */
|
||||
|
||||
+#ifdef OPENSSL_HAS_ECC
|
||||
#ifndef HAVE_ECDSA_SIG_GET0
|
||||
void
|
||||
ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps)
|
||||
@@ -442,6 +445,7 @@ ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s)
|
||||
return 1;
|
||||
}
|
||||
#endif /* HAVE_ECDSA_SIG_SET0 */
|
||||
+#endif /* OPENSSL_HAS_ECC */
|
||||
|
||||
#ifndef HAVE_DH_GET0_PQG
|
||||
void
|
||||
diff --git a/openbsd-compat/openssl-compat.h b/openbsd-compat/openssl-compat.h
|
||||
index 9e0264c0..6a525f28 100644
|
||||
--- a/openbsd-compat/openssl-compat.h
|
||||
+++ b/openbsd-compat/openssl-compat.h
|
||||
@@ -24,7 +24,9 @@
|
||||
#include <openssl/evp.h>
|
||||
#include <openssl/rsa.h>
|
||||
#include <openssl/dsa.h>
|
||||
+#ifdef OPENSSL_HAS_ECC
|
||||
#include <openssl/ecdsa.h>
|
||||
+#endif
|
||||
#include <openssl/dh.h>
|
||||
|
||||
int ssh_compatible_openssl(long, long);
|
||||
@@ -161,6 +163,7 @@ void DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps);
|
||||
int DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s);
|
||||
#endif /* DSA_SIG_SET0 */
|
||||
|
||||
+#ifdef OPENSSL_HAS_ECC
|
||||
#ifndef HAVE_ECDSA_SIG_GET0
|
||||
void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps);
|
||||
#endif /* HAVE_ECDSA_SIG_GET0 */
|
||||
@@ -168,6 +171,7 @@ void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps);
|
||||
#ifndef HAVE_ECDSA_SIG_SET0
|
||||
int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s);
|
||||
#endif /* HAVE_ECDSA_SIG_SET0 */
|
||||
+#endif /* OPENSSL_HAS_ECC */
|
||||
|
||||
#ifndef HAVE_DH_GET0_PQG
|
||||
void DH_get0_pqg(const DH *dh, const BIGNUM **p, const BIGNUM **q,
|
|
@ -0,0 +1,20 @@
|
|||
From edfc2e18ef069ba600c8f4632ce1e3dc94a0669a Mon Sep 17 00:00:00 2001
|
||||
From: Eneas U de Queiroz <cote2004-github@yahoo.com>
|
||||
Date: Fri, 19 Oct 2018 10:04:24 -0300
|
||||
Subject: [PATCH 2/2] Fix OPENSSL_init_crypto call for openssl < 1.1
|
||||
|
||||
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
|
||||
|
||||
diff --git a/openbsd-compat/openssl-compat.c b/openbsd-compat/openssl-compat.c
|
||||
index 8b4a3627..590b66d1 100644
|
||||
--- a/openbsd-compat/openssl-compat.c
|
||||
+++ b/openbsd-compat/openssl-compat.c
|
||||
@@ -76,7 +76,7 @@ ssh_OpenSSL_add_all_algorithms(void)
|
||||
ENGINE_load_builtin_engines();
|
||||
ENGINE_register_all_complete();
|
||||
|
||||
-#if OPENSSL_VERSION_NUMBER < 0x10001000L
|
||||
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
OPENSSL_config(NULL);
|
||||
#else
|
||||
OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS |
|
Loading…
Reference in New Issue