diff options
| author | Peter Wagner <tripolar@gmx.at> | 2018-10-20 14:06:20 +0200 |
|---|---|---|
| committer | Peter Wagner <tripolar@gmx.at> | 2018-10-20 14:06:20 +0200 |
| commit | 08c5f7cfabf6f01890b11905dd12661d7a33a9b6 (patch) | |
| tree | 873f88bcbcf9c9f372d5f72e19947604909b105d | |
| parent | 414df31c74b28c6ac33d27434f0fdf85adbddfc0 (diff) | |
openssh: fixes issues with some openssl options
This adds a couple of patches when setting some openssl options:
* ECDSA code in openssh-compat.h and libressl-api-compat.c needs to be
be guarded by OPENSSL_HAS_ECC; otherwise, it will not build with
openssl compiled without ECC support.
* Fix openssl version number in openbsd-compat/openssl-compat.c which
failed to compile --with-ssl-engine; this option is used when
CONFIG_OPENSSL_ENGINE_CRYPTO=y
Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
Signed-off-by: Peter Wagner <tripolar@gmx.at>
3 files changed, 91 insertions, 2 deletions
diff --git a/net/openssh/Makefile b/net/openssh/Makefile index ae567d464..09063abaa 100644 --- a/net/openssh/Makefile +++ b/net/openssh/Makefile @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=openssh PKG_VERSION:=7.9p1 -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/ \ @@ -23,7 +23,6 @@ PKG_LICENSE_FILES:=LICENCE PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(BUILD_VARIANT)/$(PKG_NAME)-$(PKG_VERSION) PKG_REMOVE_FILES:= -PKG_FIXUP:=autoreconf include $(INCLUDE_DIR)/package.mk diff --git a/net/openssh/patches/0001-fix-compilation-with-openssl-built-without-ECC.patch b/net/openssh/patches/0001-fix-compilation-with-openssl-built-without-ECC.patch new file mode 100644 index 000000000..e430dfef2 --- /dev/null +++ b/net/openssh/patches/0001-fix-compilation-with-openssl-built-without-ECC.patch @@ -0,0 +1,70 @@ +From 91b777c7064d9d91a1433a42b0bb31592388d1b4 Mon Sep 17 00:00:00 2001 +From: Eneas U de Queiroz <cote2004-github@yahoo.com> +Date: Tue, 9 Oct 2018 16:17:42 -0300 +Subject: [PATCH] fix compilation with openssl built without ECC + +ECDSA code in openssh-compat.h and libressl-api-compat.c needs to be +guarded by OPENSSL_HAS_ECC + +Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com> + +diff --git a/openbsd-compat/libressl-api-compat.c b/openbsd-compat/libressl-api-compat.c +index de3e64a6..ae00ff59 100644 +--- a/openbsd-compat/libressl-api-compat.c ++++ b/openbsd-compat/libressl-api-compat.c +@@ -152,7 +152,9 @@ + #include <openssl/dsa.h> + #include <openssl/rsa.h> + #include <openssl/evp.h> ++#ifdef OPENSSL_HAS_ECC + #include <openssl/ecdsa.h> ++#endif + #include <openssl/dh.h> + + #ifndef HAVE_DSA_GET0_PQG +@@ -417,6 +419,7 @@ DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s) + } + #endif /* HAVE_DSA_SIG_SET0 */ + ++#ifdef OPENSSL_HAS_ECC + #ifndef HAVE_ECDSA_SIG_GET0 + void + ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps) +@@ -442,6 +445,7 @@ ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s) + return 1; + } + #endif /* HAVE_ECDSA_SIG_SET0 */ ++#endif /* OPENSSL_HAS_ECC */ + + #ifndef HAVE_DH_GET0_PQG + void +diff --git a/openbsd-compat/openssl-compat.h b/openbsd-compat/openssl-compat.h +index 9e0264c0..6a525f28 100644 +--- a/openbsd-compat/openssl-compat.h ++++ b/openbsd-compat/openssl-compat.h +@@ -24,7 +24,9 @@ + #include <openssl/evp.h> + #include <openssl/rsa.h> + #include <openssl/dsa.h> ++#ifdef OPENSSL_HAS_ECC + #include <openssl/ecdsa.h> ++#endif + #include <openssl/dh.h> + + int ssh_compatible_openssl(long, long); +@@ -161,6 +163,7 @@ void DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps); + int DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s); + #endif /* DSA_SIG_SET0 */ + ++#ifdef OPENSSL_HAS_ECC + #ifndef HAVE_ECDSA_SIG_GET0 + void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps); + #endif /* HAVE_ECDSA_SIG_GET0 */ +@@ -168,6 +171,7 @@ void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps); + #ifndef HAVE_ECDSA_SIG_SET0 + int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s); + #endif /* HAVE_ECDSA_SIG_SET0 */ ++#endif /* OPENSSL_HAS_ECC */ + + #ifndef HAVE_DH_GET0_PQG + void DH_get0_pqg(const DH *dh, const BIGNUM **p, const BIGNUM **q, diff --git a/net/openssh/patches/0002-Fix-OPENSSL_init_crypto-call-for-openssl-1.1.patch b/net/openssh/patches/0002-Fix-OPENSSL_init_crypto-call-for-openssl-1.1.patch new file mode 100644 index 000000000..7c1e15d51 --- /dev/null +++ b/net/openssh/patches/0002-Fix-OPENSSL_init_crypto-call-for-openssl-1.1.patch @@ -0,0 +1,20 @@ +From edfc2e18ef069ba600c8f4632ce1e3dc94a0669a Mon Sep 17 00:00:00 2001 +From: Eneas U de Queiroz <cote2004-github@yahoo.com> +Date: Fri, 19 Oct 2018 10:04:24 -0300 +Subject: [PATCH 2/2] Fix OPENSSL_init_crypto call for openssl < 1.1 + +Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com> + +diff --git a/openbsd-compat/openssl-compat.c b/openbsd-compat/openssl-compat.c +index 8b4a3627..590b66d1 100644 +--- a/openbsd-compat/openssl-compat.c ++++ b/openbsd-compat/openssl-compat.c +@@ -76,7 +76,7 @@ ssh_OpenSSL_add_all_algorithms(void) + ENGINE_load_builtin_engines(); + ENGINE_register_all_complete(); + +-#if OPENSSL_VERSION_NUMBER < 0x10001000L ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + OPENSSL_config(NULL); + #else + OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS | |