Gitiles
Code Review Sign In
gerrit.openbmc.org / openbmc / openbmc / 193236933b0f4ab91b1625b64e2187e2db4e0e8f / . / meta-openembedded / meta-oe / recipes-extended / pam / pam-ssh-agent-auth / 0002-Check-against-the-correct-OPENSSL_VERSION_NUMBER.patch
blob: b03b43fb1d444476747210931d4930386bf0a402 [file] [log] [blame]
Brad Bishop19323692019-04-05 15:28:33 -0400[diff] [blame^]1From b2ee29809a54e16567323d8fbac2d652ee58c692 Mon Sep 17 00:00:00 2001
2From: Khem Raj <raj.khem@gmail.com>
3Date: Fri, 1 Feb 2019 22:45:19 -0800
4Subject: [PATCH] Check against the correct OPENSSL_VERSION_NUMBER
5
6From: Guido Falsi <mad@madpilot.net>
7https://sources.debian.org/src/pam-ssh-agent-auth/0.10.3-3/debian/patches/openssl-1.1.1-2.patch/
8
9Upstream-Status: Pending
10Signed-off-by: Khem Raj <raj.khem@gmail.com>
11---
12 authfd.c | 12 ++++++------
13 bufbn.c | 2 +-
14 key.c | 36 ++++++++++++++++++------------------
15 ssh-dss.c | 10 +++++-----
16 ssh-ecdsa.c | 8 ++++----
17 ssh-rsa.c | 4 ++--
18 6 files changed, 36 insertions(+), 36 deletions(-)
19
20diff --git a/authfd.c b/authfd.c
21index f91514d..4c6cec8 100644
22--- a/authfd.c
23+++ b/authfd.c
24@@ -367,7 +367,7 @@ ssh_get_next_identity(AuthenticationConnection *auth, char **comment, int versio
25 case 1:
26 key = pamsshagentauth_key_new(KEY_RSA1);
27 bits = pamsshagentauth_buffer_get_int(&auth->identities);
28-#if OPENSSL_VERSION_NUMBER < 0x10100000L
29+#if OPENSSL_VERSION_NUMBER < 0x10100005L
30 pamsshagentauth_buffer_get_bignum(&auth->identities, key->rsa->e);
31 pamsshagentauth_buffer_get_bignum(&auth->identities, key->rsa->n);
32 *comment = pamsshagentauth_buffer_get_string(&auth->identities, NULL);
33@@ -427,7 +427,7 @@ ssh_decrypt_challenge(AuthenticationConnection *auth,
34 }
35 pamsshagentauth_buffer_init(&buffer);
36 pamsshagentauth_buffer_put_char(&buffer, SSH_AGENTC_RSA_CHALLENGE);
37-#if OPENSSL_VERSION_NUMBER < 0x10100000L
38+#if OPENSSL_VERSION_NUMBER < 0x10100005L
39 pamsshagentauth_buffer_put_int(&buffer, BN_num_bits(key->rsa->n));
40 pamsshagentauth_buffer_put_bignum(&buffer, key->rsa->e);
41 pamsshagentauth_buffer_put_bignum(&buffer, key->rsa->n);
42@@ -512,7 +512,7 @@ ssh_agent_sign(AuthenticationConnection *auth,
43 static void
44 ssh_encode_identity_rsa1(Buffer *b, RSA *key, const char *comment)
45 {
46-#if OPENSSL_VERSION_NUMBER < 0x10100000L
47+#if OPENSSL_VERSION_NUMBER < 0x10100005L
48 pamsshagentauth_buffer_put_int(b, BN_num_bits(key->n));
49 pamsshagentauth_buffer_put_bignum(b, key->n);
50 pamsshagentauth_buffer_put_bignum(b, key->e);
51@@ -540,7 +540,7 @@ ssh_encode_identity_ssh2(Buffer *b, Key *key, const char *comment)
52 pamsshagentauth_buffer_put_cstring(b, key_ssh_name(key));
53 switch (key->type) {
54 case KEY_RSA:
55-#if OPENSSL_VERSION_NUMBER < 0x10100000L
56+#if OPENSSL_VERSION_NUMBER < 0x10100005L
57 pamsshagentauth_buffer_put_bignum2(b, key->rsa->n);
58 pamsshagentauth_buffer_put_bignum2(b, key->rsa->e);
59 pamsshagentauth_buffer_put_bignum2(b, key->rsa->d);
60@@ -557,7 +557,7 @@ ssh_encode_identity_ssh2(Buffer *b, Key *key, const char *comment)
61 #endif
62 break;
63 case KEY_DSA:
64-#if OPENSSL_VERSION_NUMBER < 0x10100000L
65+#if OPENSSL_VERSION_NUMBER < 0x10100005L
66 pamsshagentauth_buffer_put_bignum2(b, key->dsa->p);
67 pamsshagentauth_buffer_put_bignum2(b, key->dsa->q);
68 pamsshagentauth_buffer_put_bignum2(b, key->dsa->g);
69@@ -649,7 +649,7 @@ ssh_remove_identity(AuthenticationConnection *auth, Key *key)
70
71 if (key->type == KEY_RSA1) {
72 pamsshagentauth_buffer_put_char(&msg, SSH_AGENTC_REMOVE_RSA_IDENTITY);
73-#if OPENSSL_VERSION_NUMBER < 0x10100000L
74+#if OPENSSL_VERSION_NUMBER < 0x10100005L
75 pamsshagentauth_buffer_put_int(&msg, BN_num_bits(key->rsa->n));
76 pamsshagentauth_buffer_put_bignum(&msg, key->rsa->e);
77 pamsshagentauth_buffer_put_bignum(&msg, key->rsa->n);
78diff --git a/bufbn.c b/bufbn.c
79index 4ecedc1..b4754cc 100644
80--- a/bufbn.c
81+++ b/bufbn.c
82@@ -151,7 +151,7 @@ pamsshagentauth_buffer_put_bignum2_ret(Buffer *buffer, const BIGNUM *value)
83 pamsshagentauth_buffer_put_int(buffer, 0);
84 return 0;
85 }
86-#if OPENSSL_VERSION_NUMBER < 0x10100000L
87+#if OPENSSL_VERSION_NUMBER < 0x10100005L
88 if (value->neg) {
89 #else
90 if (BN_is_negative(value)) {
91diff --git a/key.c b/key.c
92index aedbbb5..dcc5fc8 100644
93--- a/key.c
94+++ b/key.c
95@@ -77,7 +77,7 @@ pamsshagentauth_key_new(int type)
96 case KEY_RSA:
97 if ((rsa = RSA_new()) == NULL)
98 pamsshagentauth_fatal("key_new: RSA_new failed");
99-#if OPENSSL_VERSION_NUMBER < 0x10100000L
100+#if OPENSSL_VERSION_NUMBER < 0x10100005L
101 if ((rsa->n = BN_new()) == NULL)
102 pamsshagentauth_fatal("key_new: BN_new failed");
103 if ((rsa->e = BN_new()) == NULL)
104@@ -91,7 +91,7 @@ pamsshagentauth_key_new(int type)
105 case KEY_DSA:
106 if ((dsa = DSA_new()) == NULL)
107 pamsshagentauth_fatal("key_new: DSA_new failed");
108-#if OPENSSL_VERSION_NUMBER < 0x10100000L
109+#if OPENSSL_VERSION_NUMBER < 0x10100005L
110 if ((dsa->p = BN_new()) == NULL)
111 pamsshagentauth_fatal("key_new: BN_new failed");
112 if ((dsa->q = BN_new()) == NULL)
113@@ -130,7 +130,7 @@ pamsshagentauth_key_new_private(int type)
114 switch (k->type) {
115 case KEY_RSA1:
116 case KEY_RSA:
117-#if OPENSSL_VERSION_NUMBER < 0x10100000L
118+#if OPENSSL_VERSION_NUMBER < 0x10100005L
119 if ((k->rsa->d = BN_new()) == NULL)
120 pamsshagentauth_fatal("key_new_private: BN_new failed");
121 if ((k->rsa->iqmp = BN_new()) == NULL)
122@@ -153,7 +153,7 @@ pamsshagentauth_key_new_private(int type)
123 #endif
124 break;
125 case KEY_DSA:
126-#if OPENSSL_VERSION_NUMBER < 0x10100000L
127+#if OPENSSL_VERSION_NUMBER < 0x10100005L
128 if ((k->dsa->priv_key = BN_new()) == NULL)
129 pamsshagentauth_fatal("key_new_private: BN_new failed");
130 #else
131@@ -162,7 +162,7 @@ pamsshagentauth_key_new_private(int type)
132 #endif
133 break;
134 case KEY_ECDSA:
135-#if OPENSSL_VERSION_NUMBER < 0x10100000L
136+#if OPENSSL_VERSION_NUMBER < 0x10100005L
137 if (EC_KEY_set_private_key(k->ecdsa, BN_new()) != 1)
138 pamsshagentauth_fatal("key_new_private: EC_KEY_set_private_key failed");
139 #else
140@@ -224,7 +224,7 @@ pamsshagentauth_key_equal(const Key *a, const Key *b)
141 case KEY_RSA1:
142 case KEY_RSA:
143 return a->rsa != NULL && b->rsa != NULL &&
144-#if OPENSSL_VERSION_NUMBER < 0x10100000L
145+#if OPENSSL_VERSION_NUMBER < 0x10100005L
146 BN_cmp(a->rsa->e, b->rsa->e) == 0 &&
147 BN_cmp(a->rsa->n, b->rsa->n) == 0;
148 #else
149@@ -233,7 +233,7 @@ pamsshagentauth_key_equal(const Key *a, const Key *b)
150 #endif
151 case KEY_DSA:
152 return a->dsa != NULL && b->dsa != NULL &&
153-#if OPENSSL_VERSION_NUMBER < 0x10100000L
154+#if OPENSSL_VERSION_NUMBER < 0x10100005L
155 BN_cmp(a->dsa->p, b->dsa->p) == 0 &&
156 BN_cmp(a->dsa->q, b->dsa->q) == 0 &&
157 BN_cmp(a->dsa->g, b->dsa->g) == 0 &&
158@@ -293,7 +293,7 @@ pamsshagentauth_key_fingerprint_raw(const Key *k, enum fp_type dgst_type,
159 }
160 switch (k->type) {
161 case KEY_RSA1:
162-#if OPENSSL_VERSION_NUMBER < 0x10100000L
163+#if OPENSSL_VERSION_NUMBER < 0x10100005L
164 nlen = BN_num_bytes(k->rsa->n);
165 elen = BN_num_bytes(k->rsa->e);
166 len = nlen + elen;
167@@ -510,7 +510,7 @@ pamsshagentauth_key_read(Key *ret, char **cpp)
168 return -1;
169 *cpp = cp;
170 /* Get public exponent, public modulus. */
171-#if OPENSSL_VERSION_NUMBER < 0x10100000L
172+#if OPENSSL_VERSION_NUMBER < 0x10100005L
173 if (!read_bignum(cpp, ret->rsa->e))
174 return -1;
175 if (!read_bignum(cpp, ret->rsa->n))
176@@ -643,7 +643,7 @@ pamsshagentauth_key_write(const Key *key, FILE *f)
177
178 if (key->type == KEY_RSA1 && key->rsa != NULL) {
179 /* size of modulus 'n' */
180-#if OPENSSL_VERSION_NUMBER < 0x10100000L
181+#if OPENSSL_VERSION_NUMBER < 0x10100005L
182 bits = BN_num_bits(key->rsa->n);
183 fprintf(f, "%u", bits);
184 if (write_bignum(f, key->rsa->e) &&
185@@ -742,7 +742,7 @@ pamsshagentauth_key_size(const Key *k)
186 {
187 switch (k->type) {
188 case KEY_RSA1:
189-#if OPENSSL_VERSION_NUMBER < 0x10100000L
190+#if OPENSSL_VERSION_NUMBER < 0x10100005L
191 case KEY_RSA:
192 return BN_num_bits(k->rsa->n);
193 case KEY_DSA:
194@@ -843,7 +843,7 @@ pamsshagentauth_key_from_private(const Key *k)
195 switch (k->type) {
196 case KEY_DSA:
197 n = pamsshagentauth_key_new(k->type);
198-#if OPENSSL_VERSION_NUMBER < 0x10100000L
199+#if OPENSSL_VERSION_NUMBER < 0x10100005L
200 if ((BN_copy(n->dsa->p, k->dsa->p) == NULL) ||
201 (BN_copy(n->dsa->q, k->dsa->q) == NULL) ||
202 (BN_copy(n->dsa->g, k->dsa->g) == NULL) ||
203@@ -859,7 +859,7 @@ pamsshagentauth_key_from_private(const Key *k)
204 case KEY_RSA:
205 case KEY_RSA1:
206 n = pamsshagentauth_key_new(k->type);
207-#if OPENSSL_VERSION_NUMBER < 0x10100000L
208+#if OPENSSL_VERSION_NUMBER < 0x10100005L
209 if ((BN_copy(n->rsa->n, k->rsa->n) == NULL) ||
210 (BN_copy(n->rsa->e, k->rsa->e) == NULL))
211 #else
212@@ -967,7 +967,7 @@ pamsshagentauth_key_from_blob(const u_char *blob, u_int blen)
213 switch (type) {
214 case KEY_RSA:
215 key = pamsshagentauth_key_new(type);
216-#if OPENSSL_VERSION_NUMBER < 0x10100000L
217+#if OPENSSL_VERSION_NUMBER < 0x10100005L
218 if (pamsshagentauth_buffer_get_bignum2_ret(&b, key->rsa->e) == -1 ||
219 pamsshagentauth_buffer_get_bignum2_ret(&b, key->rsa->n) == -1) {
220 #else
221@@ -985,7 +985,7 @@ pamsshagentauth_key_from_blob(const u_char *blob, u_int blen)
222 break;
223 case KEY_DSA:
224 key = pamsshagentauth_key_new(type);
225-#if OPENSSL_VERSION_NUMBER < 0x10100000L
226+#if OPENSSL_VERSION_NUMBER < 0x10100005L
227 if (pamsshagentauth_buffer_get_bignum2_ret(&b, key->dsa->p) == -1 ||
228 pamsshagentauth_buffer_get_bignum2_ret(&b, key->dsa->q) == -1 ||
229 pamsshagentauth_buffer_get_bignum2_ret(&b, key->dsa->g) == -1 ||
230@@ -1113,7 +1113,7 @@ pamsshagentauth_key_to_blob(const Key *key, u_char **blobp, u_int *lenp)
231 }
232 pamsshagentauth_buffer_init(&b);
233 switch (key->type) {
234-#if OPENSSL_VERSION_NUMBER < 0x10100000L
235+#if OPENSSL_VERSION_NUMBER < 0x10100005L
236 case KEY_DSA:
237 pamsshagentauth_buffer_put_cstring(&b, key_ssh_name(key));
238 pamsshagentauth_buffer_put_bignum2(&b, key->dsa->p);
239@@ -1251,7 +1251,7 @@ pamsshagentauth_key_demote(const Key *k)
240 case KEY_RSA:
241 if ((pk->rsa = RSA_new()) == NULL)
242 pamsshagentauth_fatal("key_demote: RSA_new failed");
243-#if OPENSSL_VERSION_NUMBER < 0x10100000L
244+#if OPENSSL_VERSION_NUMBER < 0x10100005L
245 if ((pk->rsa->e = BN_dup(k->rsa->e)) == NULL)
246 pamsshagentauth_fatal("key_demote: BN_dup failed");
247 if ((pk->rsa->n = BN_dup(k->rsa->n)) == NULL)
248@@ -1264,7 +1264,7 @@ pamsshagentauth_key_demote(const Key *k)
249 case KEY_DSA:
250 if ((pk->dsa = DSA_new()) == NULL)
251 pamsshagentauth_fatal("key_demote: DSA_new failed");
252-#if OPENSSL_VERSION_NUMBER < 0x10100000L
253+#if OPENSSL_VERSION_NUMBER < 0x10100005L
254 if ((pk->dsa->p = BN_dup(k->dsa->p)) == NULL)
255 pamsshagentauth_fatal("key_demote: BN_dup failed");
256 if ((pk->dsa->q = BN_dup(k->dsa->q)) == NULL)
257diff --git a/ssh-dss.c b/ssh-dss.c
258index 1051ae2..9b96274 100644
259--- a/ssh-dss.c
260+++ b/ssh-dss.c
261@@ -52,7 +52,7 @@ ssh_dss_sign(const Key *key, u_char **sigp, u_int *lenp,
262 u_char digest[EVP_MAX_MD_SIZE], sigblob[SIGBLOB_LEN];
263 u_int rlen, slen, len, dlen;
264 Buffer b;
265-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
266+#if OPENSSL_VERSION_NUMBER >= 0x10100005L
267 const BIGNUM *r, *s;
268 #endif
269
270@@ -74,7 +74,7 @@ ssh_dss_sign(const Key *key, u_char **sigp, u_int *lenp,
271 return -1;
272 }
273
274-#if OPENSSL_VERSION_NUMBER < 0x10100000L
275+#if OPENSSL_VERSION_NUMBER < 0x10100005L
276 rlen = BN_num_bytes(sig->r);
277 slen = BN_num_bytes(sig->s);
278 #else
279@@ -88,7 +88,7 @@ ssh_dss_sign(const Key *key, u_char **sigp, u_int *lenp,
280 return -1;
281 }
282 memset(sigblob, 0, SIGBLOB_LEN);
283-#if OPENSSL_VERSION_NUMBER < 0x10100000L
284+#if OPENSSL_VERSION_NUMBER < 0x10100005L
285 BN_bn2bin(sig->r, sigblob+ SIGBLOB_LEN - INTBLOB_LEN - rlen);
286 BN_bn2bin(sig->s, sigblob+ SIGBLOB_LEN - slen);
287 #else
288@@ -131,7 +131,7 @@ ssh_dss_verify(const Key *key, const u_char *signature, u_int signaturelen,
289 u_int len, dlen;
290 int rlen, ret;
291 Buffer b;
292-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
293+#if OPENSSL_VERSION_NUMBER >= 0x10100005L
294 BIGNUM *r, *s;
295 #endif
296
297@@ -176,7 +176,7 @@ ssh_dss_verify(const Key *key, const u_char *signature, u_int signaturelen,
298 /* parse signature */
299 if ((sig = DSA_SIG_new()) == NULL)
300 pamsshagentauth_fatal("ssh_dss_verify: DSA_SIG_new failed");
301-#if OPENSSL_VERSION_NUMBER < 0x10100000L
302+#if OPENSSL_VERSION_NUMBER < 0x10100005L
303 if ((sig->r = BN_new()) == NULL)
304 pamsshagentauth_fatal("ssh_dss_verify: BN_new failed");
305 if ((sig->s = BN_new()) == NULL)
306diff --git a/ssh-ecdsa.c b/ssh-ecdsa.c
307index c213959..5b13b30 100644
308--- a/ssh-ecdsa.c
309+++ b/ssh-ecdsa.c
310@@ -45,7 +45,7 @@ ssh_ecdsa_sign(const Key *key, u_char **sigp, u_int *lenp,
311 u_char digest[EVP_MAX_MD_SIZE];
312 u_int len, dlen;
313 Buffer b, bb;
314-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
315+#if OPENSSL_VERSION_NUMBER >= 0x10100005L
316 BIGNUM *r, *s;
317 #endif
318
319@@ -69,7 +69,7 @@ ssh_ecdsa_sign(const Key *key, u_char **sigp, u_int *lenp,
320 }
321
322 pamsshagentauth_buffer_init(&bb);
323-#if OPENSSL_VERSION_NUMBER < 0x10100000L
324+#if OPENSSL_VERSION_NUMBER < 0x10100005L
325 if (pamsshagentauth_buffer_get_bignum2_ret(&bb, sig->r) == -1 ||
326 pamsshagentauth_buffer_get_bignum2_ret(&bb, sig->s) == -1) {
327 #else
328@@ -110,7 +110,7 @@ ssh_ecdsa_verify(const Key *key, const u_char *signature, u_int signaturelen,
329 u_int len, dlen;
330 int rlen, ret;
331 Buffer b;
332-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
333+#if OPENSSL_VERSION_NUMBER >= 0x10100005L
334 BIGNUM *r, *s;
335 #endif
336
337@@ -141,7 +141,7 @@ ssh_ecdsa_verify(const Key *key, const u_char *signature, u_int signaturelen,
338
339 pamsshagentauth_buffer_init(&b);
340 pamsshagentauth_buffer_append(&b, sigblob, len);
341-#if OPENSSL_VERSION_NUMBER < 0x10100000L
342+#if OPENSSL_VERSION_NUMBER < 0x10100005L
343 if ((pamsshagentauth_buffer_get_bignum2_ret(&b, sig->r) == -1) ||
344 (pamsshagentauth_buffer_get_bignum2_ret(&b, sig->s) == -1))
345 #else
346diff --git a/ssh-rsa.c b/ssh-rsa.c
347index 9d74eb6..35f2e36 100644
348--- a/ssh-rsa.c
349+++ b/ssh-rsa.c
350@@ -119,13 +119,13 @@ ssh_rsa_verify(const Key *key, const u_char *signature, u_int signaturelen,
351 pamsshagentauth_logerror("ssh_rsa_verify: no RSA key");
352 return -1;
353 }
354-#if OPENSSL_VERSION_NUMBER < 0x10100000L
355+#if OPENSSL_VERSION_NUMBER < 0x10100005L
356 if (BN_num_bits(key->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) {
357 #else
358 if (BN_num_bits(RSA_get0_n(key->rsa)) < SSH_RSA_MINIMUM_MODULUS_SIZE) {
359 #endif
360 pamsshagentauth_logerror("ssh_rsa_verify: RSA modulus too small: %d < minimum %d bits",
361-#if OPENSSL_VERSION_NUMBER < 0x10100000L
362+#if OPENSSL_VERSION_NUMBER < 0x10100005L
363 BN_num_bits(key->rsa->n), SSH_RSA_MINIMUM_MODULUS_SIZE);
364 #else
365 BN_num_bits(RSA_get0_n(key->rsa)), SSH_RSA_MINIMUM_MODULUS_SIZE);