PageRenderTime 106ms CodeModel.GetById 25ms RepoModel.GetById 1ms app.codeStats 0ms

/meta-oe/recipes-extended/pam/pam-ssh-agent-auth/0002-Check-against-the-correct-OPENSSL_VERSION_NUMBER.patch

https://gitlab.com/oryx/meta-openembedded
Patch | 365 lines | 353 code | 12 blank | 0 comment | 0 complexity | 63f01b165b5918086bf247cd28774d41 MD5 | raw file
  1. From b2ee29809a54e16567323d8fbac2d652ee58c692 Mon Sep 17 00:00:00 2001
  2. From: Khem Raj <raj.khem@gmail.com>
  3. Date: Fri, 1 Feb 2019 22:45:19 -0800
  4. Subject: [PATCH] Check against the correct OPENSSL_VERSION_NUMBER
  5. From: Guido Falsi <mad@madpilot.net>
  6. https://sources.debian.org/src/pam-ssh-agent-auth/0.10.3-3/debian/patches/openssl-1.1.1-2.patch/
  7. Upstream-Status: Pending
  8. Signed-off-by: Khem Raj <raj.khem@gmail.com>
  9. ---
  10. authfd.c | 12 ++++++------
  11. bufbn.c | 2 +-
  12. key.c | 36 ++++++++++++++++++------------------
  13. ssh-dss.c | 10 +++++-----
  14. ssh-ecdsa.c | 8 ++++----
  15. ssh-rsa.c | 4 ++--
  16. 6 files changed, 36 insertions(+), 36 deletions(-)
  17. diff --git a/authfd.c b/authfd.c
  18. index f91514d..4c6cec8 100644
  19. --- a/authfd.c
  20. +++ b/authfd.c
  21. @@ -367,7 +367,7 @@ ssh_get_next_identity(AuthenticationConnection *auth, char **comment, int versio
  22. case 1:
  23. key = pamsshagentauth_key_new(KEY_RSA1);
  24. bits = pamsshagentauth_buffer_get_int(&auth->identities);
  25. -#if OPENSSL_VERSION_NUMBER < 0x10100000L
  26. +#if OPENSSL_VERSION_NUMBER < 0x10100005L
  27. pamsshagentauth_buffer_get_bignum(&auth->identities, key->rsa->e);
  28. pamsshagentauth_buffer_get_bignum(&auth->identities, key->rsa->n);
  29. *comment = pamsshagentauth_buffer_get_string(&auth->identities, NULL);
  30. @@ -427,7 +427,7 @@ ssh_decrypt_challenge(AuthenticationConnection *auth,
  31. }
  32. pamsshagentauth_buffer_init(&buffer);
  33. pamsshagentauth_buffer_put_char(&buffer, SSH_AGENTC_RSA_CHALLENGE);
  34. -#if OPENSSL_VERSION_NUMBER < 0x10100000L
  35. +#if OPENSSL_VERSION_NUMBER < 0x10100005L
  36. pamsshagentauth_buffer_put_int(&buffer, BN_num_bits(key->rsa->n));
  37. pamsshagentauth_buffer_put_bignum(&buffer, key->rsa->e);
  38. pamsshagentauth_buffer_put_bignum(&buffer, key->rsa->n);
  39. @@ -512,7 +512,7 @@ ssh_agent_sign(AuthenticationConnection *auth,
  40. static void
  41. ssh_encode_identity_rsa1(Buffer *b, RSA *key, const char *comment)
  42. {
  43. -#if OPENSSL_VERSION_NUMBER < 0x10100000L
  44. +#if OPENSSL_VERSION_NUMBER < 0x10100005L
  45. pamsshagentauth_buffer_put_int(b, BN_num_bits(key->n));
  46. pamsshagentauth_buffer_put_bignum(b, key->n);
  47. pamsshagentauth_buffer_put_bignum(b, key->e);
  48. @@ -540,7 +540,7 @@ ssh_encode_identity_ssh2(Buffer *b, Key *key, const char *comment)
  49. pamsshagentauth_buffer_put_cstring(b, key_ssh_name(key));
  50. switch (key->type) {
  51. case KEY_RSA:
  52. -#if OPENSSL_VERSION_NUMBER < 0x10100000L
  53. +#if OPENSSL_VERSION_NUMBER < 0x10100005L
  54. pamsshagentauth_buffer_put_bignum2(b, key->rsa->n);
  55. pamsshagentauth_buffer_put_bignum2(b, key->rsa->e);
  56. pamsshagentauth_buffer_put_bignum2(b, key->rsa->d);
  57. @@ -557,7 +557,7 @@ ssh_encode_identity_ssh2(Buffer *b, Key *key, const char *comment)
  58. #endif
  59. break;
  60. case KEY_DSA:
  61. -#if OPENSSL_VERSION_NUMBER < 0x10100000L
  62. +#if OPENSSL_VERSION_NUMBER < 0x10100005L
  63. pamsshagentauth_buffer_put_bignum2(b, key->dsa->p);
  64. pamsshagentauth_buffer_put_bignum2(b, key->dsa->q);
  65. pamsshagentauth_buffer_put_bignum2(b, key->dsa->g);
  66. @@ -649,7 +649,7 @@ ssh_remove_identity(AuthenticationConnection *auth, Key *key)
  67. if (key->type == KEY_RSA1) {
  68. pamsshagentauth_buffer_put_char(&msg, SSH_AGENTC_REMOVE_RSA_IDENTITY);
  69. -#if OPENSSL_VERSION_NUMBER < 0x10100000L
  70. +#if OPENSSL_VERSION_NUMBER < 0x10100005L
  71. pamsshagentauth_buffer_put_int(&msg, BN_num_bits(key->rsa->n));
  72. pamsshagentauth_buffer_put_bignum(&msg, key->rsa->e);
  73. pamsshagentauth_buffer_put_bignum(&msg, key->rsa->n);
  74. diff --git a/bufbn.c b/bufbn.c
  75. index 4ecedc1..b4754cc 100644
  76. --- a/bufbn.c
  77. +++ b/bufbn.c
  78. @@ -151,7 +151,7 @@ pamsshagentauth_buffer_put_bignum2_ret(Buffer *buffer, const BIGNUM *value)
  79. pamsshagentauth_buffer_put_int(buffer, 0);
  80. return 0;
  81. }
  82. -#if OPENSSL_VERSION_NUMBER < 0x10100000L
  83. +#if OPENSSL_VERSION_NUMBER < 0x10100005L
  84. if (value->neg) {
  85. #else
  86. if (BN_is_negative(value)) {
  87. diff --git a/key.c b/key.c
  88. index aedbbb5..dcc5fc8 100644
  89. --- a/key.c
  90. +++ b/key.c
  91. @@ -77,7 +77,7 @@ pamsshagentauth_key_new(int type)
  92. case KEY_RSA:
  93. if ((rsa = RSA_new()) == NULL)
  94. pamsshagentauth_fatal("key_new: RSA_new failed");
  95. -#if OPENSSL_VERSION_NUMBER < 0x10100000L
  96. +#if OPENSSL_VERSION_NUMBER < 0x10100005L
  97. if ((rsa->n = BN_new()) == NULL)
  98. pamsshagentauth_fatal("key_new: BN_new failed");
  99. if ((rsa->e = BN_new()) == NULL)
  100. @@ -91,7 +91,7 @@ pamsshagentauth_key_new(int type)
  101. case KEY_DSA:
  102. if ((dsa = DSA_new()) == NULL)
  103. pamsshagentauth_fatal("key_new: DSA_new failed");
  104. -#if OPENSSL_VERSION_NUMBER < 0x10100000L
  105. +#if OPENSSL_VERSION_NUMBER < 0x10100005L
  106. if ((dsa->p = BN_new()) == NULL)
  107. pamsshagentauth_fatal("key_new: BN_new failed");
  108. if ((dsa->q = BN_new()) == NULL)
  109. @@ -130,7 +130,7 @@ pamsshagentauth_key_new_private(int type)
  110. switch (k->type) {
  111. case KEY_RSA1:
  112. case KEY_RSA:
  113. -#if OPENSSL_VERSION_NUMBER < 0x10100000L
  114. +#if OPENSSL_VERSION_NUMBER < 0x10100005L
  115. if ((k->rsa->d = BN_new()) == NULL)
  116. pamsshagentauth_fatal("key_new_private: BN_new failed");
  117. if ((k->rsa->iqmp = BN_new()) == NULL)
  118. @@ -153,7 +153,7 @@ pamsshagentauth_key_new_private(int type)
  119. #endif
  120. break;
  121. case KEY_DSA:
  122. -#if OPENSSL_VERSION_NUMBER < 0x10100000L
  123. +#if OPENSSL_VERSION_NUMBER < 0x10100005L
  124. if ((k->dsa->priv_key = BN_new()) == NULL)
  125. pamsshagentauth_fatal("key_new_private: BN_new failed");
  126. #else
  127. @@ -162,7 +162,7 @@ pamsshagentauth_key_new_private(int type)
  128. #endif
  129. break;
  130. case KEY_ECDSA:
  131. -#if OPENSSL_VERSION_NUMBER < 0x10100000L
  132. +#if OPENSSL_VERSION_NUMBER < 0x10100005L
  133. if (EC_KEY_set_private_key(k->ecdsa, BN_new()) != 1)
  134. pamsshagentauth_fatal("key_new_private: EC_KEY_set_private_key failed");
  135. #else
  136. @@ -224,7 +224,7 @@ pamsshagentauth_key_equal(const Key *a, const Key *b)
  137. case KEY_RSA1:
  138. case KEY_RSA:
  139. return a->rsa != NULL && b->rsa != NULL &&
  140. -#if OPENSSL_VERSION_NUMBER < 0x10100000L
  141. +#if OPENSSL_VERSION_NUMBER < 0x10100005L
  142. BN_cmp(a->rsa->e, b->rsa->e) == 0 &&
  143. BN_cmp(a->rsa->n, b->rsa->n) == 0;
  144. #else
  145. @@ -233,7 +233,7 @@ pamsshagentauth_key_equal(const Key *a, const Key *b)
  146. #endif
  147. case KEY_DSA:
  148. return a->dsa != NULL && b->dsa != NULL &&
  149. -#if OPENSSL_VERSION_NUMBER < 0x10100000L
  150. +#if OPENSSL_VERSION_NUMBER < 0x10100005L
  151. BN_cmp(a->dsa->p, b->dsa->p) == 0 &&
  152. BN_cmp(a->dsa->q, b->dsa->q) == 0 &&
  153. BN_cmp(a->dsa->g, b->dsa->g) == 0 &&
  154. @@ -293,7 +293,7 @@ pamsshagentauth_key_fingerprint_raw(const Key *k, enum fp_type dgst_type,
  155. }
  156. switch (k->type) {
  157. case KEY_RSA1:
  158. -#if OPENSSL_VERSION_NUMBER < 0x10100000L
  159. +#if OPENSSL_VERSION_NUMBER < 0x10100005L
  160. nlen = BN_num_bytes(k->rsa->n);
  161. elen = BN_num_bytes(k->rsa->e);
  162. len = nlen + elen;
  163. @@ -510,7 +510,7 @@ pamsshagentauth_key_read(Key *ret, char **cpp)
  164. return -1;
  165. *cpp = cp;
  166. /* Get public exponent, public modulus. */
  167. -#if OPENSSL_VERSION_NUMBER < 0x10100000L
  168. +#if OPENSSL_VERSION_NUMBER < 0x10100005L
  169. if (!read_bignum(cpp, ret->rsa->e))
  170. return -1;
  171. if (!read_bignum(cpp, ret->rsa->n))
  172. @@ -643,7 +643,7 @@ pamsshagentauth_key_write(const Key *key, FILE *f)
  173. if (key->type == KEY_RSA1 && key->rsa != NULL) {
  174. /* size of modulus 'n' */
  175. -#if OPENSSL_VERSION_NUMBER < 0x10100000L
  176. +#if OPENSSL_VERSION_NUMBER < 0x10100005L
  177. bits = BN_num_bits(key->rsa->n);
  178. fprintf(f, "%u", bits);
  179. if (write_bignum(f, key->rsa->e) &&
  180. @@ -742,7 +742,7 @@ pamsshagentauth_key_size(const Key *k)
  181. {
  182. switch (k->type) {
  183. case KEY_RSA1:
  184. -#if OPENSSL_VERSION_NUMBER < 0x10100000L
  185. +#if OPENSSL_VERSION_NUMBER < 0x10100005L
  186. case KEY_RSA:
  187. return BN_num_bits(k->rsa->n);
  188. case KEY_DSA:
  189. @@ -843,7 +843,7 @@ pamsshagentauth_key_from_private(const Key *k)
  190. switch (k->type) {
  191. case KEY_DSA:
  192. n = pamsshagentauth_key_new(k->type);
  193. -#if OPENSSL_VERSION_NUMBER < 0x10100000L
  194. +#if OPENSSL_VERSION_NUMBER < 0x10100005L
  195. if ((BN_copy(n->dsa->p, k->dsa->p) == NULL) ||
  196. (BN_copy(n->dsa->q, k->dsa->q) == NULL) ||
  197. (BN_copy(n->dsa->g, k->dsa->g) == NULL) ||
  198. @@ -859,7 +859,7 @@ pamsshagentauth_key_from_private(const Key *k)
  199. case KEY_RSA:
  200. case KEY_RSA1:
  201. n = pamsshagentauth_key_new(k->type);
  202. -#if OPENSSL_VERSION_NUMBER < 0x10100000L
  203. +#if OPENSSL_VERSION_NUMBER < 0x10100005L
  204. if ((BN_copy(n->rsa->n, k->rsa->n) == NULL) ||
  205. (BN_copy(n->rsa->e, k->rsa->e) == NULL))
  206. #else
  207. @@ -967,7 +967,7 @@ pamsshagentauth_key_from_blob(const u_char *blob, u_int blen)
  208. switch (type) {
  209. case KEY_RSA:
  210. key = pamsshagentauth_key_new(type);
  211. -#if OPENSSL_VERSION_NUMBER < 0x10100000L
  212. +#if OPENSSL_VERSION_NUMBER < 0x10100005L
  213. if (pamsshagentauth_buffer_get_bignum2_ret(&b, key->rsa->e) == -1 ||
  214. pamsshagentauth_buffer_get_bignum2_ret(&b, key->rsa->n) == -1) {
  215. #else
  216. @@ -985,7 +985,7 @@ pamsshagentauth_key_from_blob(const u_char *blob, u_int blen)
  217. break;
  218. case KEY_DSA:
  219. key = pamsshagentauth_key_new(type);
  220. -#if OPENSSL_VERSION_NUMBER < 0x10100000L
  221. +#if OPENSSL_VERSION_NUMBER < 0x10100005L
  222. if (pamsshagentauth_buffer_get_bignum2_ret(&b, key->dsa->p) == -1 ||
  223. pamsshagentauth_buffer_get_bignum2_ret(&b, key->dsa->q) == -1 ||
  224. pamsshagentauth_buffer_get_bignum2_ret(&b, key->dsa->g) == -1 ||
  225. @@ -1113,7 +1113,7 @@ pamsshagentauth_key_to_blob(const Key *key, u_char **blobp, u_int *lenp)
  226. }
  227. pamsshagentauth_buffer_init(&b);
  228. switch (key->type) {
  229. -#if OPENSSL_VERSION_NUMBER < 0x10100000L
  230. +#if OPENSSL_VERSION_NUMBER < 0x10100005L
  231. case KEY_DSA:
  232. pamsshagentauth_buffer_put_cstring(&b, key_ssh_name(key));
  233. pamsshagentauth_buffer_put_bignum2(&b, key->dsa->p);
  234. @@ -1251,7 +1251,7 @@ pamsshagentauth_key_demote(const Key *k)
  235. case KEY_RSA:
  236. if ((pk->rsa = RSA_new()) == NULL)
  237. pamsshagentauth_fatal("key_demote: RSA_new failed");
  238. -#if OPENSSL_VERSION_NUMBER < 0x10100000L
  239. +#if OPENSSL_VERSION_NUMBER < 0x10100005L
  240. if ((pk->rsa->e = BN_dup(k->rsa->e)) == NULL)
  241. pamsshagentauth_fatal("key_demote: BN_dup failed");
  242. if ((pk->rsa->n = BN_dup(k->rsa->n)) == NULL)
  243. @@ -1264,7 +1264,7 @@ pamsshagentauth_key_demote(const Key *k)
  244. case KEY_DSA:
  245. if ((pk->dsa = DSA_new()) == NULL)
  246. pamsshagentauth_fatal("key_demote: DSA_new failed");
  247. -#if OPENSSL_VERSION_NUMBER < 0x10100000L
  248. +#if OPENSSL_VERSION_NUMBER < 0x10100005L
  249. if ((pk->dsa->p = BN_dup(k->dsa->p)) == NULL)
  250. pamsshagentauth_fatal("key_demote: BN_dup failed");
  251. if ((pk->dsa->q = BN_dup(k->dsa->q)) == NULL)
  252. diff --git a/ssh-dss.c b/ssh-dss.c
  253. index 1051ae2..9b96274 100644
  254. --- a/ssh-dss.c
  255. +++ b/ssh-dss.c
  256. @@ -52,7 +52,7 @@ ssh_dss_sign(const Key *key, u_char **sigp, u_int *lenp,
  257. u_char digest[EVP_MAX_MD_SIZE], sigblob[SIGBLOB_LEN];
  258. u_int rlen, slen, len, dlen;
  259. Buffer b;
  260. -#if OPENSSL_VERSION_NUMBER >= 0x10100000L
  261. +#if OPENSSL_VERSION_NUMBER >= 0x10100005L
  262. const BIGNUM *r, *s;
  263. #endif
  264. @@ -74,7 +74,7 @@ ssh_dss_sign(const Key *key, u_char **sigp, u_int *lenp,
  265. return -1;
  266. }
  267. -#if OPENSSL_VERSION_NUMBER < 0x10100000L
  268. +#if OPENSSL_VERSION_NUMBER < 0x10100005L
  269. rlen = BN_num_bytes(sig->r);
  270. slen = BN_num_bytes(sig->s);
  271. #else
  272. @@ -88,7 +88,7 @@ ssh_dss_sign(const Key *key, u_char **sigp, u_int *lenp,
  273. return -1;
  274. }
  275. memset(sigblob, 0, SIGBLOB_LEN);
  276. -#if OPENSSL_VERSION_NUMBER < 0x10100000L
  277. +#if OPENSSL_VERSION_NUMBER < 0x10100005L
  278. BN_bn2bin(sig->r, sigblob+ SIGBLOB_LEN - INTBLOB_LEN - rlen);
  279. BN_bn2bin(sig->s, sigblob+ SIGBLOB_LEN - slen);
  280. #else
  281. @@ -131,7 +131,7 @@ ssh_dss_verify(const Key *key, const u_char *signature, u_int signaturelen,
  282. u_int len, dlen;
  283. int rlen, ret;
  284. Buffer b;
  285. -#if OPENSSL_VERSION_NUMBER >= 0x10100000L
  286. +#if OPENSSL_VERSION_NUMBER >= 0x10100005L
  287. BIGNUM *r, *s;
  288. #endif
  289. @@ -176,7 +176,7 @@ ssh_dss_verify(const Key *key, const u_char *signature, u_int signaturelen,
  290. /* parse signature */
  291. if ((sig = DSA_SIG_new()) == NULL)
  292. pamsshagentauth_fatal("ssh_dss_verify: DSA_SIG_new failed");
  293. -#if OPENSSL_VERSION_NUMBER < 0x10100000L
  294. +#if OPENSSL_VERSION_NUMBER < 0x10100005L
  295. if ((sig->r = BN_new()) == NULL)
  296. pamsshagentauth_fatal("ssh_dss_verify: BN_new failed");
  297. if ((sig->s = BN_new()) == NULL)
  298. diff --git a/ssh-ecdsa.c b/ssh-ecdsa.c
  299. index c213959..5b13b30 100644
  300. --- a/ssh-ecdsa.c
  301. +++ b/ssh-ecdsa.c
  302. @@ -45,7 +45,7 @@ ssh_ecdsa_sign(const Key *key, u_char **sigp, u_int *lenp,
  303. u_char digest[EVP_MAX_MD_SIZE];
  304. u_int len, dlen;
  305. Buffer b, bb;
  306. -#if OPENSSL_VERSION_NUMBER >= 0x10100000L
  307. +#if OPENSSL_VERSION_NUMBER >= 0x10100005L
  308. BIGNUM *r, *s;
  309. #endif
  310. @@ -69,7 +69,7 @@ ssh_ecdsa_sign(const Key *key, u_char **sigp, u_int *lenp,
  311. }
  312. pamsshagentauth_buffer_init(&bb);
  313. -#if OPENSSL_VERSION_NUMBER < 0x10100000L
  314. +#if OPENSSL_VERSION_NUMBER < 0x10100005L
  315. if (pamsshagentauth_buffer_get_bignum2_ret(&bb, sig->r) == -1 ||
  316. pamsshagentauth_buffer_get_bignum2_ret(&bb, sig->s) == -1) {
  317. #else
  318. @@ -110,7 +110,7 @@ ssh_ecdsa_verify(const Key *key, const u_char *signature, u_int signaturelen,
  319. u_int len, dlen;
  320. int rlen, ret;
  321. Buffer b;
  322. -#if OPENSSL_VERSION_NUMBER >= 0x10100000L
  323. +#if OPENSSL_VERSION_NUMBER >= 0x10100005L
  324. BIGNUM *r, *s;
  325. #endif
  326. @@ -141,7 +141,7 @@ ssh_ecdsa_verify(const Key *key, const u_char *signature, u_int signaturelen,
  327. pamsshagentauth_buffer_init(&b);
  328. pamsshagentauth_buffer_append(&b, sigblob, len);
  329. -#if OPENSSL_VERSION_NUMBER < 0x10100000L
  330. +#if OPENSSL_VERSION_NUMBER < 0x10100005L
  331. if ((pamsshagentauth_buffer_get_bignum2_ret(&b, sig->r) == -1) ||
  332. (pamsshagentauth_buffer_get_bignum2_ret(&b, sig->s) == -1))
  333. #else
  334. diff --git a/ssh-rsa.c b/ssh-rsa.c
  335. index 9d74eb6..35f2e36 100644
  336. --- a/ssh-rsa.c
  337. +++ b/ssh-rsa.c
  338. @@ -119,13 +119,13 @@ ssh_rsa_verify(const Key *key, const u_char *signature, u_int signaturelen,
  339. pamsshagentauth_logerror("ssh_rsa_verify: no RSA key");
  340. return -1;
  341. }
  342. -#if OPENSSL_VERSION_NUMBER < 0x10100000L
  343. +#if OPENSSL_VERSION_NUMBER < 0x10100005L
  344. if (BN_num_bits(key->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) {
  345. #else
  346. if (BN_num_bits(RSA_get0_n(key->rsa)) < SSH_RSA_MINIMUM_MODULUS_SIZE) {
  347. #endif
  348. pamsshagentauth_logerror("ssh_rsa_verify: RSA modulus too small: %d < minimum %d bits",
  349. -#if OPENSSL_VERSION_NUMBER < 0x10100000L
  350. +#if OPENSSL_VERSION_NUMBER < 0x10100005L
  351. BN_num_bits(key->rsa->n), SSH_RSA_MINIMUM_MODULUS_SIZE);
  352. #else
  353. BN_num_bits(RSA_get0_n(key->rsa)), SSH_RSA_MINIMUM_MODULUS_SIZE);