libssh: Fix compile without OpenSSL deprecated APIs
Backported several patches from version 0.8 to fix this. Signed-off-by: Rosen Penev <rosenp@gmail.com>
This commit is contained in:
parent
52575dbc10
commit
7bc5aba1df
|
@ -12,7 +12,7 @@ PKG_MAINTAINER:=Mislav Novakovic <mislav.novakovic@sartura.hr>
|
|||
|
||||
PKG_NAME:=libssh
|
||||
PKG_VERSION:=0.7.6
|
||||
PKG_RELEASE:=1
|
||||
PKG_RELEASE:=2
|
||||
|
||||
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
|
||||
PKG_SOURCE_URL:=https://www.libssh.org/files/0.7/
|
||||
|
|
|
@ -0,0 +1,83 @@
|
|||
From a8523d83c242c6f71dbf69fab0ca91d768e78f05 Mon Sep 17 00:00:00 2001
|
||||
From: Andreas Schneider <asn@cryptomilk.org>
|
||||
Date: Sun, 6 Nov 2016 12:07:32 +0100
|
||||
Subject: [PATCH] threads: Use new API call for OpenSSL CRYPTO THREADID
|
||||
|
||||
BUG: https://red.libssh.org/issues/222
|
||||
|
||||
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
|
||||
---
|
||||
ConfigureChecks.cmake | 4 ++++
|
||||
config.h.cmake | 3 +++
|
||||
src/threads.c | 19 +++++++++++++++++--
|
||||
3 files changed, 24 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/ConfigureChecks.cmake b/ConfigureChecks.cmake
|
||||
index 0a53c5b1..43179d8f 100644
|
||||
--- a/ConfigureChecks.cmake
|
||||
+++ b/ConfigureChecks.cmake
|
||||
@@ -95,6 +95,10 @@ if (OPENSSL_FOUND)
|
||||
set(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR})
|
||||
set(CMAKE_REQUIRED_LIBRARIES ${OPENSSL_CRYPTO_LIBRARY})
|
||||
check_function_exists(CRYPTO_ctr128_encrypt HAVE_OPENSSL_CRYPTO_CTR128_ENCRYPT)
|
||||
+
|
||||
+ set(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR})
|
||||
+ set(CMAKE_REQUIRED_LIBRARIES ${OPENSSL_CRYPTO_LIBRARY})
|
||||
+ check_function_exists(CRYPTO_THREADID_set_callback HAVE_OPENSSL_CRYPTO_THREADID_SET_CALLBACK)
|
||||
endif()
|
||||
|
||||
if (CMAKE_HAVE_PTHREAD_H)
|
||||
diff --git a/config.h.cmake b/config.h.cmake
|
||||
index 3e7f7939..b87fea5c 100644
|
||||
--- a/config.h.cmake
|
||||
+++ b/config.h.cmake
|
||||
@@ -79,6 +79,9 @@
|
||||
/* Define to 1 if you have the `CRYPTO_ctr128_encrypt' function. */
|
||||
#cmakedefine HAVE_OPENSSL_CRYPTO_CTR128_ENCRYPT 1
|
||||
|
||||
+/* Define to 1 if you have the `CRYPTO_THREADID_set_callback' function. */
|
||||
+#cmakedefine HAVE_OPENSSL_CRYPTO_THREADID_SET_CALLBACK 1
|
||||
+
|
||||
/* Define to 1 if you have the `snprintf' function. */
|
||||
#cmakedefine HAVE_SNPRINTF 1
|
||||
|
||||
diff --git a/src/threads.c b/src/threads.c
|
||||
index 7f3a304e..062c3b84 100644
|
||||
--- a/src/threads.c
|
||||
+++ b/src/threads.c
|
||||
@@ -116,6 +116,15 @@ static void libcrypto_lock_callback(int mode, int i, const char *file, int line)
|
||||
}
|
||||
}
|
||||
|
||||
+#ifdef HAVE_OPENSSL_CRYPTO_THREADID_SET_CALLBACK
|
||||
+static void libcrypto_THREADID_callback(CRYPTO_THREADID *id)
|
||||
+{
|
||||
+ unsigned long thread_id = (*user_callbacks->thread_id)();
|
||||
+
|
||||
+ CRYPTO_THREADID_set_numeric(id, thread_id);
|
||||
+}
|
||||
+#endif /* HAVE_OPENSSL_CRYPTO_THREADID_SET_CALLBACK */
|
||||
+
|
||||
static int libcrypto_thread_init(void){
|
||||
int n=CRYPTO_num_locks();
|
||||
int i;
|
||||
@@ -127,8 +136,14 @@ static int libcrypto_thread_init(void){
|
||||
for (i=0;i<n;++i){
|
||||
user_callbacks->mutex_init(&libcrypto_mutexes[i]);
|
||||
}
|
||||
- CRYPTO_set_id_callback(user_callbacks->thread_id);
|
||||
- CRYPTO_set_locking_callback(libcrypto_lock_callback);
|
||||
+
|
||||
+#ifdef HAVE_OPENSSL_CRYPTO_THREADID_SET_CALLBACK
|
||||
+ CRYPTO_THREADID_set_callback(libcrypto_THREADID_callback);
|
||||
+#else
|
||||
+ CRYPTO_set_id_callback(user_callbacks->thread_id);
|
||||
+#endif
|
||||
+
|
||||
+ CRYPTO_set_locking_callback(libcrypto_lock_callback);
|
||||
|
||||
return SSH_OK;
|
||||
}
|
||||
--
|
||||
2.19.1
|
||||
|
|
@ -21,7 +21,7 @@
|
|||
|
||||
set(PACKAGE ${APPLICATION_NAME})
|
||||
set(VERSION ${APPLICATION_VERSION})
|
||||
@@ -272,6 +271,8 @@ if (WITH_GSSAPI AND NOT GSSAPI_FOUND)
|
||||
@@ -276,6 +275,8 @@ if (WITH_GSSAPI AND NOT GSSAPI_FOUND)
|
||||
endif (WITH_GSSAPI AND NOT GSSAPI_FOUND)
|
||||
|
||||
# ENDIAN
|
||||
|
|
|
@ -0,0 +1,43 @@
|
|||
From 8d5cf617d53d0545a0d141abf94396c28ca7e736 Mon Sep 17 00:00:00 2001
|
||||
From: Andreas Schneider <asn@cryptomilk.org>
|
||||
Date: Sun, 29 Oct 2017 16:06:14 +0100
|
||||
Subject: [PATCH] pki_crypto: Don't use deprecated function with newer
|
||||
OpenSSL
|
||||
|
||||
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
|
||||
---
|
||||
src/pki_crypto.c | 13 +++++++++++++
|
||||
1 file changed, 13 insertions(+)
|
||||
|
||||
diff --git a/src/pki_crypto.c b/src/pki_crypto.c
|
||||
index 9e27436c..34d6e81c 100644
|
||||
--- a/src/pki_crypto.c
|
||||
+++ b/src/pki_crypto.c
|
||||
@@ -451,11 +451,24 @@ int pki_key_generate_rsa(ssh_key key, int parameter){
|
||||
|
||||
int pki_key_generate_dss(ssh_key key, int parameter){
|
||||
int rc;
|
||||
+#if OPENSSL_VERSION_NUMBER > 0x10100000L
|
||||
+ rc = DSA_generate_parameters_ex(key->dsa,
|
||||
+ parameter,
|
||||
+ NULL, /* seed */
|
||||
+ 0, /* seed_len */
|
||||
+ NULL, /* counter_ret */
|
||||
+ NULL, /* h_ret */
|
||||
+ NULL); /* cb */
|
||||
+ if (rc != 1) {
|
||||
+ return SSH_ERROR;
|
||||
+ }
|
||||
+#else
|
||||
key->dsa = DSA_generate_parameters(parameter, NULL, 0, NULL, NULL,
|
||||
NULL, NULL);
|
||||
if(key->dsa == NULL){
|
||||
return SSH_ERROR;
|
||||
}
|
||||
+#endif
|
||||
rc = DSA_generate_key(key->dsa);
|
||||
if (rc != 1){
|
||||
DSA_free(key->dsa);
|
||||
--
|
||||
2.19.1
|
||||
|
|
@ -0,0 +1,29 @@
|
|||
From ab67e42d6a0529f5fb81ee86049bf10abe99f839 Mon Sep 17 00:00:00 2001
|
||||
From: Jakub Jelen <jjelen@redhat.com>
|
||||
Date: Tue, 7 Nov 2017 09:38:40 +0100
|
||||
Subject: [PATCH] pki_crypto: Avoid segfault with OpenSSL 1.1.0
|
||||
|
||||
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
|
||||
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
|
||||
---
|
||||
src/pki_crypto.c | 4 ++++
|
||||
1 file changed, 4 insertions(+)
|
||||
|
||||
diff --git a/src/pki_crypto.c b/src/pki_crypto.c
|
||||
index 34d6e81c..30f49a81 100644
|
||||
--- a/src/pki_crypto.c
|
||||
+++ b/src/pki_crypto.c
|
||||
@@ -452,6 +452,10 @@ int pki_key_generate_rsa(ssh_key key, int parameter){
|
||||
int pki_key_generate_dss(ssh_key key, int parameter){
|
||||
int rc;
|
||||
#if OPENSSL_VERSION_NUMBER > 0x10100000L
|
||||
+ key->dsa = DSA_new();
|
||||
+ if (!key->dsa) {
|
||||
+ return SSH_ERROR;
|
||||
+ }
|
||||
rc = DSA_generate_parameters_ex(key->dsa,
|
||||
parameter,
|
||||
NULL, /* seed */
|
||||
--
|
||||
2.19.1
|
||||
|
|
@ -0,0 +1,36 @@
|
|||
From c39f7578765859d7416e4140c92d034c8cae3341 Mon Sep 17 00:00:00 2001
|
||||
From: Jakub Jelen <jjelen@redhat.com>
|
||||
Date: Wed, 8 Nov 2017 15:35:08 +0100
|
||||
Subject: [PATCH] pki_crypto: Avoid potential memory leak
|
||||
|
||||
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
|
||||
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
|
||||
---
|
||||
src/pki_crypto.c | 4 +++-
|
||||
1 file changed, 3 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/pki_crypto.c b/src/pki_crypto.c
|
||||
index 30f49a81..d9f7753a 100644
|
||||
--- a/src/pki_crypto.c
|
||||
+++ b/src/pki_crypto.c
|
||||
@@ -453,7 +453,7 @@ int pki_key_generate_dss(ssh_key key, int parameter){
|
||||
int rc;
|
||||
#if OPENSSL_VERSION_NUMBER > 0x10100000L
|
||||
key->dsa = DSA_new();
|
||||
- if (!key->dsa) {
|
||||
+ if (key->dsa == NULL) {
|
||||
return SSH_ERROR;
|
||||
}
|
||||
rc = DSA_generate_parameters_ex(key->dsa,
|
||||
@@ -464,6 +464,8 @@ int pki_key_generate_dss(ssh_key key, int parameter){
|
||||
NULL, /* h_ret */
|
||||
NULL); /* cb */
|
||||
if (rc != 1) {
|
||||
+ DSA_free(key->dsa);
|
||||
+ key->dsa = NULL;
|
||||
return SSH_ERROR;
|
||||
}
|
||||
#else
|
||||
--
|
||||
2.19.1
|
||||
|
|
@ -0,0 +1,65 @@
|
|||
From 8349ff1ec3d001aa85cc94a9004509cca8ebf036 Mon Sep 17 00:00:00 2001
|
||||
From: Rosen Penev <rosenp@gmail.com>
|
||||
Date: Wed, 7 Nov 2018 17:17:53 -0800
|
||||
Subject: [PATCH] crypto: Fix compilation for OpenSSL without deprecated
|
||||
APIs
|
||||
|
||||
Added missing bn.h include.
|
||||
|
||||
Made engine.h include conditional, otherwise it would fail.
|
||||
|
||||
DSA_generate_parameters was deprecated long before 1.1.0.
|
||||
|
||||
Signed-off-by: Rosen Penev <rosenp@gmail.com>
|
||||
---
|
||||
src/libcrypto-compat.c | 5 ++++-
|
||||
src/libcrypto-compat.h | 1 +
|
||||
src/pki_crypto.c | 2 +-
|
||||
3 files changed, 6 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/src/libcrypto-compat.c b/src/libcrypto-compat.c
|
||||
index 4b1f36a5..b8b4f11a 100644
|
||||
--- a/src/libcrypto-compat.c
|
||||
+++ b/src/libcrypto-compat.c
|
||||
@@ -8,9 +8,12 @@
|
||||
*/
|
||||
|
||||
#include <string.h>
|
||||
-#include <openssl/engine.h>
|
||||
#include "libcrypto-compat.h"
|
||||
|
||||
+#ifndef OPENSSL_NO_ENGINE
|
||||
+#include <openssl/engine.h>
|
||||
+#endif
|
||||
+
|
||||
static void *OPENSSL_zalloc(size_t num)
|
||||
{
|
||||
void *ret = OPENSSL_malloc(num);
|
||||
diff --git a/src/libcrypto-compat.h b/src/libcrypto-compat.h
|
||||
index 21542c65..00e4f2a3 100644
|
||||
--- a/src/libcrypto-compat.h
|
||||
+++ b/src/libcrypto-compat.h
|
||||
@@ -10,6 +10,7 @@
|
||||
#include <openssl/dh.h>
|
||||
#include <openssl/evp.h>
|
||||
#include <openssl/hmac.h>
|
||||
+#include <openssl/bn.h>
|
||||
|
||||
int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d);
|
||||
int RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q);
|
||||
diff --git a/src/pki_crypto.c b/src/pki_crypto.c
|
||||
index d9f7753a..c1aac409 100644
|
||||
--- a/src/pki_crypto.c
|
||||
+++ b/src/pki_crypto.c
|
||||
@@ -451,7 +451,7 @@ int pki_key_generate_rsa(ssh_key key, int parameter){
|
||||
|
||||
int pki_key_generate_dss(ssh_key key, int parameter){
|
||||
int rc;
|
||||
-#if OPENSSL_VERSION_NUMBER > 0x10100000L
|
||||
+#if OPENSSL_VERSION_NUMBER > 0x00908000L
|
||||
key->dsa = DSA_new();
|
||||
if (key->dsa == NULL) {
|
||||
return SSH_ERROR;
|
||||
--
|
||||
2.19.1
|
||||
|
Loading…
Reference in New Issue