| 1 |
commit: 5b085b63dd4fd0a5ef43144ca3f23bb2cf88a4d1 |
| 2 |
Author: Craig Andrews <candrews <AT> gentoo <DOT> org> |
| 3 |
AuthorDate: Fri Nov 2 16:46:01 2018 +0000 |
| 4 |
Commit: Robin H. Johnson <robbat2 <AT> gentoo <DOT> org> |
| 5 |
CommitDate: Fri Nov 2 19:50:53 2018 +0000 |
| 6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5b085b63 |
| 7 |
|
| 8 |
sys-auth/pam_ssh_agent_auth: 0.10.3 version bump |
| 9 |
|
| 10 |
Include OpenSSL 1.1.1 support patch |
| 11 |
Add -9999 live ebuild |
| 12 |
Update metadata to reference github project site |
| 13 |
|
| 14 |
Closes: https://bugs.gentoo.org/669758 |
| 15 |
Signed-off-by: Craig Andrews <candrews <AT> gentoo.org> |
| 16 |
Package-Manager: Portage-2.3.51, Repoman-2.3.11 |
| 17 |
(cherry picked from commit 1bd6acd801306f1dadb54637f1e838c0c6dad6a5) |
| 18 |
Signed-off-by: Robin H. Johnson <robbat2 <AT> gentoo.org> |
| 19 |
|
| 20 |
sys-auth/pam_ssh_agent_auth/Manifest | 1 + |
| 21 |
.../pam_ssh_agent_auth-0.10.3-openssl-1.1.1.patch | 1244 ++++++++++++++++++++ |
| 22 |
sys-auth/pam_ssh_agent_auth/metadata.xml | 1 + |
| 23 |
.../pam_ssh_agent_auth-0.10.3.ebuild | 51 + |
| 24 |
.../pam_ssh_agent_auth-9999.ebuild | 48 + |
| 25 |
5 files changed, 1345 insertions(+) |
| 26 |
|
| 27 |
diff --git a/sys-auth/pam_ssh_agent_auth/Manifest b/sys-auth/pam_ssh_agent_auth/Manifest |
| 28 |
index 10e261a8104..1b1fdc46d1c 100644 |
| 29 |
--- a/sys-auth/pam_ssh_agent_auth/Manifest |
| 30 |
+++ b/sys-auth/pam_ssh_agent_auth/Manifest |
| 31 |
@@ -1,4 +1,5 @@ |
| 32 |
DIST pam_ssh_agent_auth-0.10.2.tar.bz2 246412 BLAKE2B 3adf2bcc76559733f997744c95c660c67010b124db6e811559625a2ad7cbc7339d43d22dd5144135ae36ab90fdeb3c80c887e3157241936ceeb6026c8aa298fe SHA512 b4b9bc4486d873f236f7c54874c996e24f344f889dfda3beadb12b97cbb89078028a103a4a7175cd919fb0a12fd5bcefef50420510ae5eff9252e494e0124b38 |
| 33 |
+DIST pam_ssh_agent_auth-0.10.3.tar.bz2 1066393 BLAKE2B 07b113d05e09f770d63dbea813ea644199d2b103f9c6d7e5960bfad37cb181ce5a5f111f72e0274c0335e4c217ccd19bd53d61af23f8bc6aff14c1995fc4edc9 SHA512 d75062c4e46b0b011f46aed9704a99049995fea8b5115ff7ee26dad7e93cbcf54a8af7efc6b521109d77dc03c6f5284574d2e1b84c6829cec25610f24fb4bd66 |
| 34 |
DIST pam_ssh_agent_auth-0.9.2.tar.bz2 237156 BLAKE2B b9d09920e10b454ea739e44c38daba6a509fbd4a96f01e26a82e0a8c58b696806b1f3ea95d53c10b55ed01e5804dfb687dd4545b87d85fa4f6a474548c3666d5 SHA512 e710a4dff315c8d79c5d5edc4ebe1629a8fc6d09651813fd4792a2021e7c2d5768d6b7e8539801e31b947cc30817f32375d751fc396707fc4f257df4f33cd408 |
| 35 |
DIST pam_ssh_agent_auth-0.9.3.tar.bz2 239596 BLAKE2B 7be6af1c78457e082d34f5df406fccf74fbda48d1fe87be0592b927ea296b6db3cf1f9a58bcdd61c50556ffc53c16276dc87e5970d9caa0e51fb520e0473240b SHA512 c2304dcf623858339b5fd77bcf64e9c980a3ee241384b9125d64ba6ab9539a65eacbd3576b31a94bb390e4c089e702f9df2963119250b773bd8be872ae63a050 |
| 36 |
DIST pam_ssh_agent_auth-0.9.4.tar.bz2 239250 BLAKE2B fee1e009a5374126db0b0df9f05436521e215933ed2eabdcd1983e6372fc7160c6a6c53d07b9ddc7bdd8b9529a27c7da4ef35aad2c80ea1ef2f895f3fb237135 SHA512 3d469e85bf7c49dcf9345c63678ebe050db4d15447592bc337bfc762f2337f92cebd7e840fc12d7be94acf1aa47b0272efe2c1688888ecd8f9daf63549520792 |
| 37 |
|
| 38 |
diff --git a/sys-auth/pam_ssh_agent_auth/files/pam_ssh_agent_auth-0.10.3-openssl-1.1.1.patch b/sys-auth/pam_ssh_agent_auth/files/pam_ssh_agent_auth-0.10.3-openssl-1.1.1.patch |
| 39 |
new file mode 100644 |
| 40 |
index 00000000000..a422cd5e479 |
| 41 |
--- /dev/null |
| 42 |
+++ b/sys-auth/pam_ssh_agent_auth/files/pam_ssh_agent_auth-0.10.3-openssl-1.1.1.patch |
| 43 |
@@ -0,0 +1,1244 @@ |
| 44 |
+From eef90424a0545b7b0125dfaf5e3cef3c5248ada0 Mon Sep 17 00:00:00 2001 |
| 45 |
+From: Guido Falsi <mad@××××××××.net> |
| 46 |
+Date: Sat, 20 Oct 2018 14:29:43 +0200 |
| 47 |
+Subject: [PATCH 1/2] Adapt to OpenSSL 1.1.1. |
| 48 |
+ |
| 49 |
+The FreeBSD operating system is migrating to OpenSSL 1.1.1 and I have created this set of patches to make pam_ssh_agent_auth compile with it. |
| 50 |
+ |
| 51 |
+The patch comments out some parts of include files which are not actually used and reference now opaque OpenSSL internals. |
| 52 |
+ |
| 53 |
+I also have migrated the source files to use accessors to use the OpenSSL objects. |
| 54 |
+ |
| 55 |
+The patch works on FreeBSD head (will be 12.0) but the --without-openssl-header-check argument is required in configure there. |
| 56 |
+--- |
| 57 |
+ authfd.c | 50 ++++++++++++++++++++ |
| 58 |
+ bufbn.c | 4 ++ |
| 59 |
+ cipher.h | 6 ++- |
| 60 |
+ kex.h | 9 +++- |
| 61 |
+ key.c | 133 ++++++++++++++++++++++++++++++++++++++++++++++++++-- |
| 62 |
+ ssh-dss.c | 51 ++++++++++++++++---- |
| 63 |
+ ssh-ecdsa.c | 40 ++++++++++++---- |
| 64 |
+ ssh-rsa.c | 22 +++++++-- |
| 65 |
+ 8 files changed, 287 insertions(+), 28 deletions(-) |
| 66 |
+ |
| 67 |
+diff --git a/authfd.c b/authfd.c |
| 68 |
+index 7b96921..35f8de1 100644 |
| 69 |
+--- a/authfd.c |
| 70 |
++++ b/authfd.c |
| 71 |
+@@ -372,6 +372,7 @@ ssh_get_next_identity(AuthenticationConnection *auth, char **comment, int versio |
| 72 |
+ case 1: |
| 73 |
+ key = pamsshagentauth_key_new(KEY_RSA1); |
| 74 |
+ bits = pamsshagentauth_buffer_get_int(&auth->identities); |
| 75 |
++#if OPENSSL_VERSION_NUMBER < 0x10100000L |
| 76 |
+ pamsshagentauth_buffer_get_bignum(&auth->identities, key->rsa->e); |
| 77 |
+ pamsshagentauth_buffer_get_bignum(&auth->identities, key->rsa->n); |
| 78 |
+ *comment = pamsshagentauth_buffer_get_string(&auth->identities, NULL); |
| 79 |
+@@ -379,6 +380,15 @@ ssh_get_next_identity(AuthenticationConnection *auth, char **comment, int versio |
| 80 |
+ if (keybits < 0 || bits != (u_int)keybits) |
| 81 |
+ pamsshagentauth_logit("Warning: identity keysize mismatch: actual %d, announced %u", |
| 82 |
+ BN_num_bits(key->rsa->n), bits); |
| 83 |
++#else |
| 84 |
++ pamsshagentauth_buffer_get_bignum(&auth->identities, RSA_get0_e(key->rsa)); |
| 85 |
++ pamsshagentauth_buffer_get_bignum(&auth->identities, RSA_get0_n(key->rsa)); |
| 86 |
++ *comment = pamsshagentauth_buffer_get_string(&auth->identities, NULL); |
| 87 |
++ keybits = BN_num_bits(RSA_get0_n(key->rsa)); |
| 88 |
++ if (keybits < 0 || bits != (u_int)keybits) |
| 89 |
++ pamsshagentauth_logit("Warning: identity keysize mismatch: actual %d, announced %u", |
| 90 |
++ BN_num_bits(RSA_get0_n(key->rsa)), bits); |
| 91 |
++#endif |
| 92 |
+ break; |
| 93 |
+ case 2: |
| 94 |
+ blob = pamsshagentauth_buffer_get_string(&auth->identities, &blen); |
| 95 |
+@@ -422,9 +432,15 @@ ssh_decrypt_challenge(AuthenticationConnection *auth, |
| 96 |
+ } |
| 97 |
+ pamsshagentauth_buffer_init(&buffer); |
| 98 |
+ pamsshagentauth_buffer_put_char(&buffer, SSH_AGENTC_RSA_CHALLENGE); |
| 99 |
++#if OPENSSL_VERSION_NUMBER < 0x10100000L |
| 100 |
+ pamsshagentauth_buffer_put_int(&buffer, BN_num_bits(key->rsa->n)); |
| 101 |
+ pamsshagentauth_buffer_put_bignum(&buffer, key->rsa->e); |
| 102 |
+ pamsshagentauth_buffer_put_bignum(&buffer, key->rsa->n); |
| 103 |
++#else |
| 104 |
++ pamsshagentauth_buffer_put_int(&buffer, BN_num_bits(RSA_get0_n(key->rsa))); |
| 105 |
++ pamsshagentauth_buffer_put_bignum(&buffer, RSA_get0_e(key->rsa)); |
| 106 |
++ pamsshagentauth_buffer_put_bignum(&buffer, RSA_get0_n(key->rsa)); |
| 107 |
++#endif |
| 108 |
+ pamsshagentauth_buffer_put_bignum(&buffer, challenge); |
| 109 |
+ pamsshagentauth_buffer_append(&buffer, session_id, 16); |
| 110 |
+ pamsshagentauth_buffer_put_int(&buffer, response_type); |
| 111 |
+@@ -501,6 +517,7 @@ ssh_agent_sign(AuthenticationConnection *auth, |
| 112 |
+ static void |
| 113 |
+ ssh_encode_identity_rsa1(Buffer *b, RSA *key, const char *comment) |
| 114 |
+ { |
| 115 |
++#if OPENSSL_VERSION_NUMBER < 0x10100000L |
| 116 |
+ pamsshagentauth_buffer_put_int(b, BN_num_bits(key->n)); |
| 117 |
+ pamsshagentauth_buffer_put_bignum(b, key->n); |
| 118 |
+ pamsshagentauth_buffer_put_bignum(b, key->e); |
| 119 |
+@@ -509,6 +526,16 @@ ssh_encode_identity_rsa1(Buffer *b, RSA *key, const char *comment) |
| 120 |
+ pamsshagentauth_buffer_put_bignum(b, key->iqmp); /* ssh key->u */ |
| 121 |
+ pamsshagentauth_buffer_put_bignum(b, key->q); /* ssh key->p, SSL key->q */ |
| 122 |
+ pamsshagentauth_buffer_put_bignum(b, key->p); /* ssh key->q, SSL key->p */ |
| 123 |
++#else |
| 124 |
++ pamsshagentauth_buffer_put_int(b, BN_num_bits(RSA_get0_n(key))); |
| 125 |
++ pamsshagentauth_buffer_put_bignum(b, RSA_get0_n(key)); |
| 126 |
++ pamsshagentauth_buffer_put_bignum(b, RSA_get0_e(key)); |
| 127 |
++ pamsshagentauth_buffer_put_bignum(b, RSA_get0_d(key)); |
| 128 |
++ /* To keep within the protocol: p < q for ssh. in SSL p > q */ |
| 129 |
++ pamsshagentauth_buffer_put_bignum(b, RSA_get0_iqmp(key)); /* ssh key->u */ |
| 130 |
++ pamsshagentauth_buffer_put_bignum(b, RSA_get0_q(key)); /* ssh key->p, SSL key->q */ |
| 131 |
++ pamsshagentauth_buffer_put_bignum(b, RSA_get0_p(key)); /* ssh key->q, SSL key->p */ |
| 132 |
++#endif |
| 133 |
+ pamsshagentauth_buffer_put_cstring(b, comment); |
| 134 |
+ } |
| 135 |
+ |
| 136 |
+@@ -518,19 +545,36 @@ ssh_encode_identity_ssh2(Buffer *b, Key *key, const char *comment) |
| 137 |
+ pamsshagentauth_buffer_put_cstring(b, key_ssh_name(key)); |
| 138 |
+ switch (key->type) { |
| 139 |
+ case KEY_RSA: |
| 140 |
++#if OPENSSL_VERSION_NUMBER < 0x10100000L |
| 141 |
+ pamsshagentauth_buffer_put_bignum2(b, key->rsa->n); |
| 142 |
+ pamsshagentauth_buffer_put_bignum2(b, key->rsa->e); |
| 143 |
+ pamsshagentauth_buffer_put_bignum2(b, key->rsa->d); |
| 144 |
+ pamsshagentauth_buffer_put_bignum2(b, key->rsa->iqmp); |
| 145 |
+ pamsshagentauth_buffer_put_bignum2(b, key->rsa->p); |
| 146 |
+ pamsshagentauth_buffer_put_bignum2(b, key->rsa->q); |
| 147 |
++#else |
| 148 |
++ pamsshagentauth_buffer_put_bignum2(b, RSA_get0_n(key->rsa)); |
| 149 |
++ pamsshagentauth_buffer_put_bignum2(b, RSA_get0_e(key->rsa)); |
| 150 |
++ pamsshagentauth_buffer_put_bignum2(b, RSA_get0_d(key->rsa)); |
| 151 |
++ pamsshagentauth_buffer_put_bignum2(b, RSA_get0_iqmp(key->rsa)); |
| 152 |
++ pamsshagentauth_buffer_put_bignum2(b, RSA_get0_p(key->rsa)); |
| 153 |
++ pamsshagentauth_buffer_put_bignum2(b, RSA_get0_q(key->rsa)); |
| 154 |
++#endif |
| 155 |
+ break; |
| 156 |
+ case KEY_DSA: |
| 157 |
++#if OPENSSL_VERSION_NUMBER < 0x10100000L |
| 158 |
+ pamsshagentauth_buffer_put_bignum2(b, key->dsa->p); |
| 159 |
+ pamsshagentauth_buffer_put_bignum2(b, key->dsa->q); |
| 160 |
+ pamsshagentauth_buffer_put_bignum2(b, key->dsa->g); |
| 161 |
+ pamsshagentauth_buffer_put_bignum2(b, key->dsa->pub_key); |
| 162 |
+ pamsshagentauth_buffer_put_bignum2(b, key->dsa->priv_key); |
| 163 |
++#else |
| 164 |
++ pamsshagentauth_buffer_put_bignum2(b, DSA_get0_p(key->dsa)); |
| 165 |
++ pamsshagentauth_buffer_put_bignum2(b, DSA_get0_q(key->dsa)); |
| 166 |
++ pamsshagentauth_buffer_put_bignum2(b, DSA_get0_g(key->dsa)); |
| 167 |
++ pamsshagentauth_buffer_put_bignum2(b, DSA_get0_pub_key(key->dsa)); |
| 168 |
++ pamsshagentauth_buffer_put_bignum2(b, DSA_get0_priv_key(key->dsa)); |
| 169 |
++#endif |
| 170 |
+ break; |
| 171 |
+ } |
| 172 |
+ pamsshagentauth_buffer_put_cstring(b, comment); |
| 173 |
+@@ -610,9 +654,15 @@ ssh_remove_identity(AuthenticationConnection *auth, Key *key) |
| 174 |
+ |
| 175 |
+ if (key->type == KEY_RSA1) { |
| 176 |
+ pamsshagentauth_buffer_put_char(&msg, SSH_AGENTC_REMOVE_RSA_IDENTITY); |
| 177 |
++#if OPENSSL_VERSION_NUMBER < 0x10100000L |
| 178 |
+ pamsshagentauth_buffer_put_int(&msg, BN_num_bits(key->rsa->n)); |
| 179 |
+ pamsshagentauth_buffer_put_bignum(&msg, key->rsa->e); |
| 180 |
+ pamsshagentauth_buffer_put_bignum(&msg, key->rsa->n); |
| 181 |
++#else |
| 182 |
++ pamsshagentauth_buffer_put_int(&msg, BN_num_bits(RSA_get0_n(key->rsa))); |
| 183 |
++ pamsshagentauth_buffer_put_bignum(&msg, RSA_get0_e(key->rsa)); |
| 184 |
++ pamsshagentauth_buffer_put_bignum(&msg, RSA_get0_n(key->rsa)); |
| 185 |
++#endif |
| 186 |
+ } else if (key->type == KEY_DSA || key->type == KEY_RSA) { |
| 187 |
+ pamsshagentauth_key_to_blob(key, &blob, &blen); |
| 188 |
+ pamsshagentauth_buffer_put_char(&msg, SSH2_AGENTC_REMOVE_IDENTITY); |
| 189 |
+diff --git a/bufbn.c b/bufbn.c |
| 190 |
+index 6a49c73..4ecedc1 100644 |
| 191 |
+--- a/bufbn.c |
| 192 |
++++ b/bufbn.c |
| 193 |
+@@ -151,7 +151,11 @@ pamsshagentauth_buffer_put_bignum2_ret(Buffer *buffer, const BIGNUM *value) |
| 194 |
+ pamsshagentauth_buffer_put_int(buffer, 0); |
| 195 |
+ return 0; |
| 196 |
+ } |
| 197 |
++#if OPENSSL_VERSION_NUMBER < 0x10100000L |
| 198 |
+ if (value->neg) { |
| 199 |
++#else |
| 200 |
++ if (BN_is_negative(value)) { |
| 201 |
++#endif |
| 202 |
+ pamsshagentauth_logerror("buffer_put_bignum2_ret: negative numbers not supported"); |
| 203 |
+ return (-1); |
| 204 |
+ } |
| 205 |
+diff --git a/cipher.h b/cipher.h |
| 206 |
+index 49bbc16..64f59ca 100644 |
| 207 |
+--- a/cipher.h |
| 208 |
++++ b/cipher.h |
| 209 |
+@@ -59,15 +59,18 @@ |
| 210 |
+ #define CIPHER_DECRYPT 0 |
| 211 |
+ |
| 212 |
+ typedef struct Cipher Cipher; |
| 213 |
+-typedef struct CipherContext CipherContext; |
| 214 |
++// typedef struct CipherContext CipherContext; |
| 215 |
+ |
| 216 |
+ struct Cipher; |
| 217 |
++/* |
| 218 |
+ struct CipherContext { |
| 219 |
+ int plaintext; |
| 220 |
+ EVP_CIPHER_CTX evp; |
| 221 |
+ Cipher *cipher; |
| 222 |
+ }; |
| 223 |
++*/ |
| 224 |
+ |
| 225 |
++/* |
| 226 |
+ u_int cipher_mask_ssh1(int); |
| 227 |
+ Cipher *cipher_by_name(const char *); |
| 228 |
+ Cipher *cipher_by_number(int); |
| 229 |
+@@ -88,4 +91,5 @@ void cipher_set_keyiv(CipherContext *, u_char *); |
| 230 |
+ int cipher_get_keyiv_len(const CipherContext *); |
| 231 |
+ int cipher_get_keycontext(const CipherContext *, u_char *); |
| 232 |
+ void cipher_set_keycontext(CipherContext *, u_char *); |
| 233 |
++*/ |
| 234 |
+ #endif /* CIPHER_H */ |
| 235 |
+diff --git a/kex.h b/kex.h |
| 236 |
+index 8e29c90..81ca57d 100644 |
| 237 |
+--- a/kex.h |
| 238 |
++++ b/kex.h |
| 239 |
+@@ -70,7 +70,7 @@ enum kex_exchange { |
| 240 |
+ #define KEX_INIT_SENT 0x0001 |
| 241 |
+ |
| 242 |
+ typedef struct Kex Kex; |
| 243 |
+-typedef struct Mac Mac; |
| 244 |
++// typedef struct Mac Mac; |
| 245 |
+ typedef struct Comp Comp; |
| 246 |
+ typedef struct Enc Enc; |
| 247 |
+ typedef struct Newkeys Newkeys; |
| 248 |
+@@ -84,6 +84,7 @@ struct Enc { |
| 249 |
+ u_char *key; |
| 250 |
+ u_char *iv; |
| 251 |
+ }; |
| 252 |
++/* |
| 253 |
+ struct Mac { |
| 254 |
+ char *name; |
| 255 |
+ int enabled; |
| 256 |
+@@ -95,11 +96,13 @@ struct Mac { |
| 257 |
+ HMAC_CTX evp_ctx; |
| 258 |
+ struct umac_ctx *umac_ctx; |
| 259 |
+ }; |
| 260 |
++*/ |
| 261 |
+ struct Comp { |
| 262 |
+ int type; |
| 263 |
+ int enabled; |
| 264 |
+ char *name; |
| 265 |
+ }; |
| 266 |
++/* |
| 267 |
+ struct Newkeys { |
| 268 |
+ Enc enc; |
| 269 |
+ Mac mac; |
| 270 |
+@@ -126,7 +129,9 @@ struct Kex { |
| 271 |
+ int (*host_key_index)(Key *); |
| 272 |
+ void (*kex[KEX_MAX])(Kex *); |
| 273 |
+ }; |
| 274 |
++*/ |
| 275 |
+ |
| 276 |
++/* |
| 277 |
+ Kex *kex_setup(char *[PROPOSAL_MAX]); |
| 278 |
+ void kex_finish(Kex *); |
| 279 |
+ |
| 280 |
+@@ -152,6 +157,8 @@ kexgex_hash(const EVP_MD *, char *, char *, char *, int, char *, |
| 281 |
+ void |
| 282 |
+ derive_ssh1_session_id(BIGNUM *, BIGNUM *, u_int8_t[8], u_int8_t[16]); |
| 283 |
+ |
| 284 |
++*/ |
| 285 |
++ |
| 286 |
+ #if defined(DEBUG_KEX) || defined(DEBUG_KEXDH) |
| 287 |
+ void dump_digest(char *, u_char *, int); |
| 288 |
+ #endif |
| 289 |
+diff --git a/key.c b/key.c |
| 290 |
+index 107a442..aedbbb5 100644 |
| 291 |
+--- a/key.c |
| 292 |
++++ b/key.c |
| 293 |
+@@ -77,15 +77,21 @@ pamsshagentauth_key_new(int type) |
| 294 |
+ case KEY_RSA: |
| 295 |
+ if ((rsa = RSA_new()) == NULL) |
| 296 |
+ pamsshagentauth_fatal("key_new: RSA_new failed"); |
| 297 |
++#if OPENSSL_VERSION_NUMBER < 0x10100000L |
| 298 |
+ if ((rsa->n = BN_new()) == NULL) |
| 299 |
+ pamsshagentauth_fatal("key_new: BN_new failed"); |
| 300 |
+ if ((rsa->e = BN_new()) == NULL) |
| 301 |
+ pamsshagentauth_fatal("key_new: BN_new failed"); |
| 302 |
++#else |
| 303 |
++ if (RSA_set0_key(rsa, BN_new(), BN_new(), NULL) != 1) |
| 304 |
++ pamsshagentauth_fatal("key_new: RSA_set0_key failed"); |
| 305 |
++#endif |
| 306 |
+ k->rsa = rsa; |
| 307 |
+ break; |
| 308 |
+ case KEY_DSA: |
| 309 |
+ if ((dsa = DSA_new()) == NULL) |
| 310 |
+ pamsshagentauth_fatal("key_new: DSA_new failed"); |
| 311 |
++#if OPENSSL_VERSION_NUMBER < 0x10100000L |
| 312 |
+ if ((dsa->p = BN_new()) == NULL) |
| 313 |
+ pamsshagentauth_fatal("key_new: BN_new failed"); |
| 314 |
+ if ((dsa->q = BN_new()) == NULL) |
| 315 |
+@@ -94,6 +100,12 @@ pamsshagentauth_key_new(int type) |
| 316 |
+ pamsshagentauth_fatal("key_new: BN_new failed"); |
| 317 |
+ if ((dsa->pub_key = BN_new()) == NULL) |
| 318 |
+ pamsshagentauth_fatal("key_new: BN_new failed"); |
| 319 |
++#else |
| 320 |
++ if (DSA_set0_pqg(dsa, BN_new(), BN_new(), BN_new()) != 1) |
| 321 |
++ pamsshagentauth_fatal("key_new: DSA_set0_pqg failed"); |
| 322 |
++ if (DSA_set0_key(dsa, BN_new(), NULL) != 1) |
| 323 |
++ pamsshagentauth_fatal("key_new: DSA_set0_key failed"); |
| 324 |
++#endif |
| 325 |
+ k->dsa = dsa; |
| 326 |
+ break; |
| 327 |
+ case KEY_ECDSA: |
| 328 |
+@@ -118,6 +130,7 @@ pamsshagentauth_key_new_private(int type) |
| 329 |
+ switch (k->type) { |
| 330 |
+ case KEY_RSA1: |
| 331 |
+ case KEY_RSA: |
| 332 |
++#if OPENSSL_VERSION_NUMBER < 0x10100000L |
| 333 |
+ if ((k->rsa->d = BN_new()) == NULL) |
| 334 |
+ pamsshagentauth_fatal("key_new_private: BN_new failed"); |
| 335 |
+ if ((k->rsa->iqmp = BN_new()) == NULL) |
| 336 |
+@@ -130,14 +143,30 @@ pamsshagentauth_key_new_private(int type) |
| 337 |
+ pamsshagentauth_fatal("key_new_private: BN_new failed"); |
| 338 |
+ if ((k->rsa->dmp1 = BN_new()) == NULL) |
| 339 |
+ pamsshagentauth_fatal("key_new_private: BN_new failed"); |
| 340 |
++#else |
| 341 |
++ if (RSA_set0_key(k->rsa, NULL, NULL, BN_new()) != 1) |
| 342 |
++ pamsshagentauth_fatal("key_new: RSA_set0_key failed"); |
| 343 |
++ if (RSA_set0_crt_params(k->rsa, BN_new(), BN_new(), BN_new()) != 1) |
| 344 |
++ pamsshagentauth_fatal("key_new: RSA_set0_crt_params failed"); |
| 345 |
++ if (RSA_set0_factors(k->rsa, BN_new(), BN_new()) != 1) |
| 346 |
++ pamsshagentauth_fatal("key_new: RSA_set0_factors failed"); |
| 347 |
++#endif |
| 348 |
+ break; |
| 349 |
+ case KEY_DSA: |
| 350 |
++#if OPENSSL_VERSION_NUMBER < 0x10100000L |
| 351 |
+ if ((k->dsa->priv_key = BN_new()) == NULL) |
| 352 |
+ pamsshagentauth_fatal("key_new_private: BN_new failed"); |
| 353 |
++#else |
| 354 |
++ if (DSA_set0_key(k->dsa, NULL, BN_new()) != 1) |
| 355 |
++ pamsshagentauth_fatal("key_new_private: DSA_set0_key failed"); |
| 356 |
++#endif |
| 357 |
+ break; |
| 358 |
+ case KEY_ECDSA: |
| 359 |
++#if OPENSSL_VERSION_NUMBER < 0x10100000L |
| 360 |
+ if (EC_KEY_set_private_key(k->ecdsa, BN_new()) != 1) |
| 361 |
+ pamsshagentauth_fatal("key_new_private: EC_KEY_set_private_key failed"); |
| 362 |
++#else |
| 363 |
++#endif |
| 364 |
+ break; |
| 365 |
+ case KEY_ED25519: |
| 366 |
+ RAND_bytes(k->ed25519->sk, sizeof(k->ed25519->sk)); |
| 367 |
+@@ -195,14 +224,26 @@ pamsshagentauth_key_equal(const Key *a, const Key *b) |
| 368 |
+ case KEY_RSA1: |
| 369 |
+ case KEY_RSA: |
| 370 |
+ return a->rsa != NULL && b->rsa != NULL && |
| 371 |
++#if OPENSSL_VERSION_NUMBER < 0x10100000L |
| 372 |
+ BN_cmp(a->rsa->e, b->rsa->e) == 0 && |
| 373 |
+ BN_cmp(a->rsa->n, b->rsa->n) == 0; |
| 374 |
++#else |
| 375 |
++ BN_cmp(RSA_get0_e(a->rsa), RSA_get0_e(b->rsa)) == 0 && |
| 376 |
++ BN_cmp(RSA_get0_n(a->rsa), RSA_get0_n(b->rsa)) == 0; |
| 377 |
++#endif |
| 378 |
+ case KEY_DSA: |
| 379 |
+ return a->dsa != NULL && b->dsa != NULL && |
| 380 |
++#if OPENSSL_VERSION_NUMBER < 0x10100000L |
| 381 |
+ BN_cmp(a->dsa->p, b->dsa->p) == 0 && |
| 382 |
+ BN_cmp(a->dsa->q, b->dsa->q) == 0 && |
| 383 |
+ BN_cmp(a->dsa->g, b->dsa->g) == 0 && |
| 384 |
+ BN_cmp(a->dsa->pub_key, b->dsa->pub_key) == 0; |
| 385 |
++#else |
| 386 |
++ BN_cmp(DSA_get0_p(a->dsa), DSA_get0_p(b->dsa)) == 0 && |
| 387 |
++ BN_cmp(DSA_get0_q(a->dsa), DSA_get0_q(b->dsa)) == 0 && |
| 388 |
++ BN_cmp(DSA_get0_g(a->dsa), DSA_get0_g(b->dsa)) == 0 && |
| 389 |
++ BN_cmp(DSA_get0_pub_key(a->dsa), DSA_get0_pub_key(b->dsa)) == 0; |
| 390 |
++#endif |
| 391 |
+ case KEY_ECDSA: |
| 392 |
+ return a->ecdsa != NULL && b->ecdsa != NULL && |
| 393 |
+ EC_KEY_check_key(a->ecdsa) == 1 && |
| 394 |
+@@ -231,7 +272,7 @@ pamsshagentauth_key_fingerprint_raw(const Key *k, enum fp_type dgst_type, |
| 395 |
+ u_int *dgst_raw_length) |
| 396 |
+ { |
| 397 |
+ const EVP_MD *md = NULL; |
| 398 |
+- EVP_MD_CTX ctx; |
| 399 |
++ EVP_MD_CTX *ctx; |
| 400 |
+ u_char *blob = NULL; |
| 401 |
+ u_char *retval = NULL; |
| 402 |
+ u_int len = 0; |
| 403 |
+@@ -252,12 +293,21 @@ pamsshagentauth_key_fingerprint_raw(const Key *k, enum fp_type dgst_type, |
| 404 |
+ } |
| 405 |
+ switch (k->type) { |
| 406 |
+ case KEY_RSA1: |
| 407 |
++#if OPENSSL_VERSION_NUMBER < 0x10100000L |
| 408 |
+ nlen = BN_num_bytes(k->rsa->n); |
| 409 |
+ elen = BN_num_bytes(k->rsa->e); |
| 410 |
+ len = nlen + elen; |
| 411 |
+ blob = pamsshagentauth_xmalloc(len); |
| 412 |
+ BN_bn2bin(k->rsa->n, blob); |
| 413 |
+ BN_bn2bin(k->rsa->e, blob + nlen); |
| 414 |
++#else |
| 415 |
++ nlen = BN_num_bytes(RSA_get0_n(k->rsa)); |
| 416 |
++ elen = BN_num_bytes(RSA_get0_e(k->rsa)); |
| 417 |
++ len = nlen + elen; |
| 418 |
++ blob = pamsshagentauth_xmalloc(len); |
| 419 |
++ BN_bn2bin(RSA_get0_n(k->rsa), blob); |
| 420 |
++ BN_bn2bin(RSA_get0_e(k->rsa), blob + nlen); |
| 421 |
++#endif |
| 422 |
+ break; |
| 423 |
+ case KEY_DSA: |
| 424 |
+ case KEY_ECDSA: |
| 425 |
+@@ -273,11 +323,14 @@ pamsshagentauth_key_fingerprint_raw(const Key *k, enum fp_type dgst_type, |
| 426 |
+ } |
| 427 |
+ if (blob != NULL) { |
| 428 |
+ retval = pamsshagentauth_xmalloc(EVP_MAX_MD_SIZE); |
| 429 |
+- EVP_DigestInit(&ctx, md); |
| 430 |
+- EVP_DigestUpdate(&ctx, blob, len); |
| 431 |
+- EVP_DigestFinal(&ctx, retval, dgst_raw_length); |
| 432 |
++ /* XXX Errors from EVP_* functions are not hadled */ |
| 433 |
++ ctx = EVP_MD_CTX_create(); |
| 434 |
++ EVP_DigestInit(ctx, md); |
| 435 |
++ EVP_DigestUpdate(ctx, blob, len); |
| 436 |
++ EVP_DigestFinal(ctx, retval, dgst_raw_length); |
| 437 |
+ memset(blob, 0, len); |
| 438 |
+ pamsshagentauth_xfree(blob); |
| 439 |
++ EVP_MD_CTX_destroy(ctx); |
| 440 |
+ } else { |
| 441 |
+ pamsshagentauth_fatal("key_fingerprint_raw: blob is null"); |
| 442 |
+ } |
| 443 |
+@@ -457,10 +510,17 @@ pamsshagentauth_key_read(Key *ret, char **cpp) |
| 444 |
+ return -1; |
| 445 |
+ *cpp = cp; |
| 446 |
+ /* Get public exponent, public modulus. */ |
| 447 |
++#if OPENSSL_VERSION_NUMBER < 0x10100000L |
| 448 |
+ if (!read_bignum(cpp, ret->rsa->e)) |
| 449 |
+ return -1; |
| 450 |
+ if (!read_bignum(cpp, ret->rsa->n)) |
| 451 |
+ return -1; |
| 452 |
++#else |
| 453 |
++ if (!read_bignum(cpp, RSA_get0_e(ret->rsa))) |
| 454 |
++ return -1; |
| 455 |
++ if (!read_bignum(cpp, RSA_get0_n(ret->rsa))) |
| 456 |
++ return -1; |
| 457 |
++#endif |
| 458 |
+ success = 1; |
| 459 |
+ break; |
| 460 |
+ case KEY_UNSPEC: |
| 461 |
+@@ -583,10 +643,17 @@ pamsshagentauth_key_write(const Key *key, FILE *f) |
| 462 |
+ |
| 463 |
+ if (key->type == KEY_RSA1 && key->rsa != NULL) { |
| 464 |
+ /* size of modulus 'n' */ |
| 465 |
++#if OPENSSL_VERSION_NUMBER < 0x10100000L |
| 466 |
+ bits = BN_num_bits(key->rsa->n); |
| 467 |
+ fprintf(f, "%u", bits); |
| 468 |
+ if (write_bignum(f, key->rsa->e) && |
| 469 |
+ write_bignum(f, key->rsa->n)) { |
| 470 |
++#else |
| 471 |
++ bits = BN_num_bits(RSA_get0_n(key->rsa)); |
| 472 |
++ fprintf(f, "%u", bits); |
| 473 |
++ if (write_bignum(f, RSA_get0_e(key->rsa)) && |
| 474 |
++ write_bignum(f, RSA_get0_n(key->rsa))) { |
| 475 |
++#endif |
| 476 |
+ success = 1; |
| 477 |
+ } else { |
| 478 |
+ pamsshagentauth_logerror("key_write: failed for RSA key"); |
| 479 |
+@@ -675,10 +742,17 @@ pamsshagentauth_key_size(const Key *k) |
| 480 |
+ { |
| 481 |
+ switch (k->type) { |
| 482 |
+ case KEY_RSA1: |
| 483 |
++#if OPENSSL_VERSION_NUMBER < 0x10100000L |
| 484 |
+ case KEY_RSA: |
| 485 |
+ return BN_num_bits(k->rsa->n); |
| 486 |
+ case KEY_DSA: |
| 487 |
+ return BN_num_bits(k->dsa->p); |
| 488 |
++#else |
| 489 |
++ case KEY_RSA: |
| 490 |
++ return BN_num_bits(RSA_get0_n(k->rsa)); |
| 491 |
++ case KEY_DSA: |
| 492 |
++ return BN_num_bits(DSA_get0_p(k->dsa)); |
| 493 |
++#endif |
| 494 |
+ case KEY_ECDSA: |
| 495 |
+ { |
| 496 |
+ int nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(k->ecdsa)); |
| 497 |
+@@ -769,17 +843,29 @@ pamsshagentauth_key_from_private(const Key *k) |
| 498 |
+ switch (k->type) { |
| 499 |
+ case KEY_DSA: |
| 500 |
+ n = pamsshagentauth_key_new(k->type); |
| 501 |
++#if OPENSSL_VERSION_NUMBER < 0x10100000L |
| 502 |
+ if ((BN_copy(n->dsa->p, k->dsa->p) == NULL) || |
| 503 |
+ (BN_copy(n->dsa->q, k->dsa->q) == NULL) || |
| 504 |
+ (BN_copy(n->dsa->g, k->dsa->g) == NULL) || |
| 505 |
+ (BN_copy(n->dsa->pub_key, k->dsa->pub_key) == NULL)) |
| 506 |
++#else |
| 507 |
++ if ((BN_copy(DSA_get0_p(n->dsa), DSA_get0_p(k->dsa)) == NULL) || |
| 508 |
++ (BN_copy(DSA_get0_q(n->dsa), DSA_get0_q(k->dsa)) == NULL) || |
| 509 |
++ (BN_copy(DSA_get0_g(n->dsa), DSA_get0_g(k->dsa)) == NULL) || |
| 510 |
++ (BN_copy(DSA_get0_pub_key(n->dsa), DSA_get0_pub_key(k->dsa)) == NULL)) |
| 511 |
++#endif |
| 512 |
+ pamsshagentauth_fatal("key_from_private: BN_copy failed"); |
| 513 |
+ break; |
| 514 |
+ case KEY_RSA: |
| 515 |
+ case KEY_RSA1: |
| 516 |
+ n = pamsshagentauth_key_new(k->type); |
| 517 |
++#if OPENSSL_VERSION_NUMBER < 0x10100000L |
| 518 |
+ if ((BN_copy(n->rsa->n, k->rsa->n) == NULL) || |
| 519 |
+ (BN_copy(n->rsa->e, k->rsa->e) == NULL)) |
| 520 |
++#else |
| 521 |
++ if ((BN_copy(RSA_get0_n(n->rsa), RSA_get0_n(k->rsa)) == NULL) || |
| 522 |
++ (BN_copy(RSA_get0_e(n->rsa), RSA_get0_e(k->rsa)) == NULL)) |
| 523 |
++#endif |
| 524 |
+ pamsshagentauth_fatal("key_from_private: BN_copy failed"); |
| 525 |
+ break; |
| 526 |
+ case KEY_ECDSA: |
| 527 |
+@@ -881,8 +967,13 @@ pamsshagentauth_key_from_blob(const u_char *blob, u_int blen) |
| 528 |
+ switch (type) { |
| 529 |
+ case KEY_RSA: |
| 530 |
+ key = pamsshagentauth_key_new(type); |
| 531 |
++#if OPENSSL_VERSION_NUMBER < 0x10100000L |
| 532 |
+ if (pamsshagentauth_buffer_get_bignum2_ret(&b, key->rsa->e) == -1 || |
| 533 |
+ pamsshagentauth_buffer_get_bignum2_ret(&b, key->rsa->n) == -1) { |
| 534 |
++#else |
| 535 |
++ if (pamsshagentauth_buffer_get_bignum2_ret(&b, RSA_get0_e(key->rsa)) == -1 || |
| 536 |
++ pamsshagentauth_buffer_get_bignum2_ret(&b, RSA_get0_n(key->rsa)) == -1) { |
| 537 |
++#endif |
| 538 |
+ pamsshagentauth_logerror("key_from_blob: can't read rsa key"); |
| 539 |
+ pamsshagentauth_key_free(key); |
| 540 |
+ key = NULL; |
| 541 |
+@@ -894,10 +985,17 @@ pamsshagentauth_key_from_blob(const u_char *blob, u_int blen) |
| 542 |
+ break; |
| 543 |
+ case KEY_DSA: |
| 544 |
+ key = pamsshagentauth_key_new(type); |
| 545 |
++#if OPENSSL_VERSION_NUMBER < 0x10100000L |
| 546 |
+ if (pamsshagentauth_buffer_get_bignum2_ret(&b, key->dsa->p) == -1 || |
| 547 |
+ pamsshagentauth_buffer_get_bignum2_ret(&b, key->dsa->q) == -1 || |
| 548 |
+ pamsshagentauth_buffer_get_bignum2_ret(&b, key->dsa->g) == -1 || |
| 549 |
+ pamsshagentauth_buffer_get_bignum2_ret(&b, key->dsa->pub_key) == -1) { |
| 550 |
++#else |
| 551 |
++ if (pamsshagentauth_buffer_get_bignum2_ret(&b, DSA_get0_p(key->dsa)) == -1 || |
| 552 |
++ pamsshagentauth_buffer_get_bignum2_ret(&b, DSA_get0_q(key->dsa)) == -1 || |
| 553 |
++ pamsshagentauth_buffer_get_bignum2_ret(&b, DSA_get0_g(key->dsa)) == -1 || |
| 554 |
++ pamsshagentauth_buffer_get_bignum2_ret(&b, DSA_get0_pub_key(key->dsa)) == -1) { |
| 555 |
++#endif |
| 556 |
+ pamsshagentauth_logerror("key_from_blob: can't read dsa key"); |
| 557 |
+ pamsshagentauth_key_free(key); |
| 558 |
+ key = NULL; |
| 559 |
+@@ -1015,6 +1113,7 @@ pamsshagentauth_key_to_blob(const Key *key, u_char **blobp, u_int *lenp) |
| 560 |
+ } |
| 561 |
+ pamsshagentauth_buffer_init(&b); |
| 562 |
+ switch (key->type) { |
| 563 |
++#if OPENSSL_VERSION_NUMBER < 0x10100000L |
| 564 |
+ case KEY_DSA: |
| 565 |
+ pamsshagentauth_buffer_put_cstring(&b, key_ssh_name(key)); |
| 566 |
+ pamsshagentauth_buffer_put_bignum2(&b, key->dsa->p); |
| 567 |
+@@ -1027,6 +1126,20 @@ pamsshagentauth_key_to_blob(const Key *key, u_char **blobp, u_int *lenp) |
| 568 |
+ pamsshagentauth_buffer_put_bignum2(&b, key->rsa->e); |
| 569 |
+ pamsshagentauth_buffer_put_bignum2(&b, key->rsa->n); |
| 570 |
+ break; |
| 571 |
++#else |
| 572 |
++ case KEY_DSA: |
| 573 |
++ pamsshagentauth_buffer_put_cstring(&b, key_ssh_name(key)); |
| 574 |
++ pamsshagentauth_buffer_put_bignum2(&b, DSA_get0_p(key->dsa)); |
| 575 |
++ pamsshagentauth_buffer_put_bignum2(&b, DSA_get0_q(key->dsa)); |
| 576 |
++ pamsshagentauth_buffer_put_bignum2(&b, DSA_get0_g(key->dsa)); |
| 577 |
++ pamsshagentauth_buffer_put_bignum2(&b, DSA_get0_pub_key(key->dsa)); |
| 578 |
++ break; |
| 579 |
++ case KEY_RSA: |
| 580 |
++ pamsshagentauth_buffer_put_cstring(&b, key_ssh_name(key)); |
| 581 |
++ pamsshagentauth_buffer_put_bignum2(&b, RSA_get0_e(key->rsa)); |
| 582 |
++ pamsshagentauth_buffer_put_bignum2(&b, RSA_get0_n(key->rsa)); |
| 583 |
++ break; |
| 584 |
++#endif |
| 585 |
+ case KEY_ECDSA: |
| 586 |
+ { |
| 587 |
+ size_t l = 0; |
| 588 |
+@@ -1138,14 +1251,20 @@ pamsshagentauth_key_demote(const Key *k) |
| 589 |
+ case KEY_RSA: |
| 590 |
+ if ((pk->rsa = RSA_new()) == NULL) |
| 591 |
+ pamsshagentauth_fatal("key_demote: RSA_new failed"); |
| 592 |
++#if OPENSSL_VERSION_NUMBER < 0x10100000L |
| 593 |
+ if ((pk->rsa->e = BN_dup(k->rsa->e)) == NULL) |
| 594 |
+ pamsshagentauth_fatal("key_demote: BN_dup failed"); |
| 595 |
+ if ((pk->rsa->n = BN_dup(k->rsa->n)) == NULL) |
| 596 |
+ pamsshagentauth_fatal("key_demote: BN_dup failed"); |
| 597 |
++#else |
| 598 |
++ if (RSA_set0_key(pk->rsa, BN_dup(RSA_get0_n(k->rsa)), BN_dup(RSA_get0_e(k->rsa)), NULL) != 1) |
| 599 |
++ pamsshagentauth_fatal("key_demote: RSA_set0_key failed"); |
| 600 |
++#endif |
| 601 |
+ break; |
| 602 |
+ case KEY_DSA: |
| 603 |
+ if ((pk->dsa = DSA_new()) == NULL) |
| 604 |
+ pamsshagentauth_fatal("key_demote: DSA_new failed"); |
| 605 |
++#if OPENSSL_VERSION_NUMBER < 0x10100000L |
| 606 |
+ if ((pk->dsa->p = BN_dup(k->dsa->p)) == NULL) |
| 607 |
+ pamsshagentauth_fatal("key_demote: BN_dup failed"); |
| 608 |
+ if ((pk->dsa->q = BN_dup(k->dsa->q)) == NULL) |
| 609 |
+@@ -1154,6 +1273,12 @@ pamsshagentauth_key_demote(const Key *k) |
| 610 |
+ pamsshagentauth_fatal("key_demote: BN_dup failed"); |
| 611 |
+ if ((pk->dsa->pub_key = BN_dup(k->dsa->pub_key)) == NULL) |
| 612 |
+ pamsshagentauth_fatal("key_demote: BN_dup failed"); |
| 613 |
++#else |
| 614 |
++ if (DSA_set0_pqg(pk->dsa, BN_dup(DSA_get0_p(k->dsa)), BN_dup(DSA_get0_q(k->dsa)), BN_dup(DSA_get0_g(k->dsa))) != 1) |
| 615 |
++ pamsshagentauth_fatal("key_demote: DSA_set0_pqg failed"); |
| 616 |
++ if (DSA_set0_key(pk->dsa, BN_dup(DSA_get0_pub_key(k->dsa)), NULL) != 1) |
| 617 |
++ pamsshagentauth_fatal("key_demote: DSA_set0_key failed"); |
| 618 |
++#endif |
| 619 |
+ break; |
| 620 |
+ case KEY_ECDSA: |
| 621 |
+ pamsshagentauth_fatal("key_demote: implement me"); |
| 622 |
+diff --git a/ssh-dss.c b/ssh-dss.c |
| 623 |
+index 9fdaa5d..1051ae2 100644 |
| 624 |
+--- a/ssh-dss.c |
| 625 |
++++ b/ssh-dss.c |
| 626 |
+@@ -48,37 +48,53 @@ ssh_dss_sign(const Key *key, u_char **sigp, u_int *lenp, |
| 627 |
+ { |
| 628 |
+ DSA_SIG *sig; |
| 629 |
+ const EVP_MD *evp_md = EVP_sha1(); |
| 630 |
+- EVP_MD_CTX md; |
| 631 |
++ EVP_MD_CTX *md; |
| 632 |
+ u_char digest[EVP_MAX_MD_SIZE], sigblob[SIGBLOB_LEN]; |
| 633 |
+ u_int rlen, slen, len, dlen; |
| 634 |
+ Buffer b; |
| 635 |
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L |
| 636 |
++ const BIGNUM *r, *s; |
| 637 |
++#endif |
| 638 |
+ |
| 639 |
+ if (key == NULL || key->type != KEY_DSA || key->dsa == NULL) { |
| 640 |
+ pamsshagentauth_logerror("ssh_dss_sign: no DSA key"); |
| 641 |
+ return -1; |
| 642 |
+ } |
| 643 |
+- EVP_DigestInit(&md, evp_md); |
| 644 |
+- EVP_DigestUpdate(&md, data, datalen); |
| 645 |
+- EVP_DigestFinal(&md, digest, &dlen); |
| 646 |
++ md = EVP_MD_CTX_create(); |
| 647 |
++ EVP_DigestInit(md, evp_md); |
| 648 |
++ EVP_DigestUpdate(md, data, datalen); |
| 649 |
++ EVP_DigestFinal(md, digest, &dlen); |
| 650 |
+ |
| 651 |
+ sig = DSA_do_sign(digest, dlen, key->dsa); |
| 652 |
+ memset(digest, 'd', sizeof(digest)); |
| 653 |
++ EVP_MD_CTX_destroy(md); |
| 654 |
+ |
| 655 |
+ if (sig == NULL) { |
| 656 |
+ pamsshagentauth_logerror("ssh_dss_sign: sign failed"); |
| 657 |
+ return -1; |
| 658 |
+ } |
| 659 |
+ |
| 660 |
++#if OPENSSL_VERSION_NUMBER < 0x10100000L |
| 661 |
+ rlen = BN_num_bytes(sig->r); |
| 662 |
+ slen = BN_num_bytes(sig->s); |
| 663 |
++#else |
| 664 |
++ DSA_SIG_get0((const DSA_SIG *)sig, (const BIGNUM **)r, (const BIGNUM **)s); |
| 665 |
++ rlen = BN_num_bytes(r); |
| 666 |
++ slen = BN_num_bytes(s); |
| 667 |
++#endif |
| 668 |
+ if (rlen > INTBLOB_LEN || slen > INTBLOB_LEN) { |
| 669 |
+ pamsshagentauth_logerror("bad sig size %u %u", rlen, slen); |
| 670 |
+ DSA_SIG_free(sig); |
| 671 |
+ return -1; |
| 672 |
+ } |
| 673 |
+ memset(sigblob, 0, SIGBLOB_LEN); |
| 674 |
++#if OPENSSL_VERSION_NUMBER < 0x10100000L |
| 675 |
+ BN_bn2bin(sig->r, sigblob+ SIGBLOB_LEN - INTBLOB_LEN - rlen); |
| 676 |
+ BN_bn2bin(sig->s, sigblob+ SIGBLOB_LEN - slen); |
| 677 |
++#else |
| 678 |
++ BN_bn2bin(r, sigblob+ SIGBLOB_LEN - INTBLOB_LEN - rlen); |
| 679 |
++ BN_bn2bin(s, sigblob+ SIGBLOB_LEN - slen); |
| 680 |
++#endif |
| 681 |
+ DSA_SIG_free(sig); |
| 682 |
+ |
| 683 |
+ if (datafellows & SSH_BUG_SIGBLOB) { |
| 684 |
+@@ -110,11 +126,14 @@ ssh_dss_verify(const Key *key, const u_char *signature, u_int signaturelen, |
| 685 |
+ { |
| 686 |
+ DSA_SIG *sig; |
| 687 |
+ const EVP_MD *evp_md = EVP_sha1(); |
| 688 |
+- EVP_MD_CTX md; |
| 689 |
++ EVP_MD_CTX *md; |
| 690 |
+ u_char digest[EVP_MAX_MD_SIZE], *sigblob; |
| 691 |
+ u_int len, dlen; |
| 692 |
+ int rlen, ret; |
| 693 |
+ Buffer b; |
| 694 |
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L |
| 695 |
++ BIGNUM *r, *s; |
| 696 |
++#endif |
| 697 |
+ |
| 698 |
+ if (key == NULL || key->type != KEY_DSA || key->dsa == NULL) { |
| 699 |
+ pamsshagentauth_logerror("ssh_dss_verify: no DSA key"); |
| 700 |
+@@ -157,6 +176,7 @@ ssh_dss_verify(const Key *key, const u_char *signature, u_int signaturelen, |
| 701 |
+ /* parse signature */ |
| 702 |
+ if ((sig = DSA_SIG_new()) == NULL) |
| 703 |
+ pamsshagentauth_fatal("ssh_dss_verify: DSA_SIG_new failed"); |
| 704 |
++#if OPENSSL_VERSION_NUMBER < 0x10100000L |
| 705 |
+ if ((sig->r = BN_new()) == NULL) |
| 706 |
+ pamsshagentauth_fatal("ssh_dss_verify: BN_new failed"); |
| 707 |
+ if ((sig->s = BN_new()) == NULL) |
| 708 |
+@@ -164,18 +184,33 @@ ssh_dss_verify(const Key *key, const u_char *signature, u_int signaturelen, |
| 709 |
+ if ((BN_bin2bn(sigblob, INTBLOB_LEN, sig->r) == NULL) || |
| 710 |
+ (BN_bin2bn(sigblob+ INTBLOB_LEN, INTBLOB_LEN, sig->s) == NULL)) |
| 711 |
+ pamsshagentauth_fatal("ssh_dss_verify: BN_bin2bn failed"); |
| 712 |
++#else |
| 713 |
++ if ((r = BN_new()) == NULL) |
| 714 |
++ pamsshagentauth_fatal("ssh_dss_verify: BN_new failed"); |
| 715 |
++ if ((s = BN_new()) == NULL) |
| 716 |
++ pamsshagentauth_fatal("ssh_dss_verify: BN_new failed"); |
| 717 |
++ if (DSA_SIG_set0(sig, r, s) != 1) |
| 718 |
++ pamsshagentauth_fatal("ssh_dss_verify: DSA_SIG_set0 failed"); |
| 719 |
++ if ((BN_bin2bn(sigblob, INTBLOB_LEN, r) == NULL) || |
| 720 |
++ (BN_bin2bn(sigblob+ INTBLOB_LEN, INTBLOB_LEN, s) == NULL)) |
| 721 |
++ pamsshagentauth_fatal("ssh_dss_verify: BN_bin2bn failed"); |
| 722 |
++ if (DSA_SIG_set0(sig, r, s) != 1) |
| 723 |
++ pamsshagentauth_fatal("ssh_dss_verify: DSA_SIG_set0 failed"); |
| 724 |
++#endif |
| 725 |
+ |
| 726 |
+ /* clean up */ |
| 727 |
+ memset(sigblob, 0, len); |
| 728 |
+ pamsshagentauth_xfree(sigblob); |
| 729 |
+ |
| 730 |
+ /* sha1 the data */ |
| 731 |
+- EVP_DigestInit(&md, evp_md); |
| 732 |
+- EVP_DigestUpdate(&md, data, datalen); |
| 733 |
+- EVP_DigestFinal(&md, digest, &dlen); |
| 734 |
++ md = EVP_MD_CTX_create(); |
| 735 |
++ EVP_DigestInit(md, evp_md); |
| 736 |
++ EVP_DigestUpdate(md, data, datalen); |
| 737 |
++ EVP_DigestFinal(md, digest, &dlen); |
| 738 |
+ |
| 739 |
+ ret = DSA_do_verify(digest, dlen, sig, key->dsa); |
| 740 |
+ memset(digest, 'd', sizeof(digest)); |
| 741 |
++ EVP_MD_CTX_destroy(md); |
| 742 |
+ |
| 743 |
+ DSA_SIG_free(sig); |
| 744 |
+ |
| 745 |
+diff --git a/ssh-ecdsa.c b/ssh-ecdsa.c |
| 746 |
+index efa0f3d..c213959 100644 |
| 747 |
+--- a/ssh-ecdsa.c |
| 748 |
++++ b/ssh-ecdsa.c |
| 749 |
+@@ -41,22 +41,27 @@ ssh_ecdsa_sign(const Key *key, u_char **sigp, u_int *lenp, |
| 750 |
+ { |
| 751 |
+ ECDSA_SIG *sig; |
| 752 |
+ const EVP_MD *evp_md = evp_from_key(key); |
| 753 |
+- EVP_MD_CTX md; |
| 754 |
++ EVP_MD_CTX *md; |
| 755 |
+ u_char digest[EVP_MAX_MD_SIZE]; |
| 756 |
+ u_int len, dlen; |
| 757 |
+ Buffer b, bb; |
| 758 |
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L |
| 759 |
++ BIGNUM *r, *s; |
| 760 |
++#endif |
| 761 |
+ |
| 762 |
+ if (key == NULL || key->type != KEY_ECDSA || key->ecdsa == NULL) { |
| 763 |
+ pamsshagentauth_logerror("ssh_ecdsa_sign: no ECDSA key"); |
| 764 |
+ return -1; |
| 765 |
+ } |
| 766 |
+ |
| 767 |
+- EVP_DigestInit(&md, evp_md); |
| 768 |
+- EVP_DigestUpdate(&md, data, datalen); |
| 769 |
+- EVP_DigestFinal(&md, digest, &dlen); |
| 770 |
++ md = EVP_MD_CTX_create(); |
| 771 |
++ EVP_DigestInit(md, evp_md); |
| 772 |
++ EVP_DigestUpdate(md, data, datalen); |
| 773 |
++ EVP_DigestFinal(md, digest, &dlen); |
| 774 |
+ |
| 775 |
+ sig = ECDSA_do_sign(digest, dlen, key->ecdsa); |
| 776 |
+ memset(digest, 'd', sizeof(digest)); |
| 777 |
++ EVP_MD_CTX_destroy(md); |
| 778 |
+ |
| 779 |
+ if (sig == NULL) { |
| 780 |
+ pamsshagentauth_logerror("ssh_ecdsa_sign: sign failed"); |
| 781 |
+@@ -64,8 +69,14 @@ ssh_ecdsa_sign(const Key *key, u_char **sigp, u_int *lenp, |
| 782 |
+ } |
| 783 |
+ |
| 784 |
+ pamsshagentauth_buffer_init(&bb); |
| 785 |
++#if OPENSSL_VERSION_NUMBER < 0x10100000L |
| 786 |
+ if (pamsshagentauth_buffer_get_bignum2_ret(&bb, sig->r) == -1 || |
| 787 |
+ pamsshagentauth_buffer_get_bignum2_ret(&bb, sig->s) == -1) { |
| 788 |
++#else |
| 789 |
++ DSA_SIG_get0(sig, &r, &s); |
| 790 |
++ if (pamsshagentauth_buffer_get_bignum2_ret(&bb, r) == -1 || |
| 791 |
++ pamsshagentauth_buffer_get_bignum2_ret(&bb, s) == -1) { |
| 792 |
++#endif |
| 793 |
+ pamsshagentauth_logerror("couldn't serialize signature"); |
| 794 |
+ ECDSA_SIG_free(sig); |
| 795 |
+ return -1; |
| 796 |
+@@ -94,11 +105,14 @@ ssh_ecdsa_verify(const Key *key, const u_char *signature, u_int signaturelen, |
| 797 |
+ { |
| 798 |
+ ECDSA_SIG *sig; |
| 799 |
+ const EVP_MD *evp_md = evp_from_key(key); |
| 800 |
+- EVP_MD_CTX md; |
| 801 |
++ EVP_MD_CTX *md; |
| 802 |
+ u_char digest[EVP_MAX_MD_SIZE], *sigblob; |
| 803 |
+ u_int len, dlen; |
| 804 |
+ int rlen, ret; |
| 805 |
+ Buffer b; |
| 806 |
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L |
| 807 |
++ BIGNUM *r, *s; |
| 808 |
++#endif |
| 809 |
+ |
| 810 |
+ if (key == NULL || key->type != KEY_ECDSA || key->ecdsa == NULL) { |
| 811 |
+ pamsshagentauth_logerror("ssh_ecdsa_sign: no ECDSA key"); |
| 812 |
+@@ -127,8 +141,14 @@ ssh_ecdsa_verify(const Key *key, const u_char *signature, u_int signaturelen, |
| 813 |
+ |
| 814 |
+ pamsshagentauth_buffer_init(&b); |
| 815 |
+ pamsshagentauth_buffer_append(&b, sigblob, len); |
| 816 |
++#if OPENSSL_VERSION_NUMBER < 0x10100000L |
| 817 |
+ if ((pamsshagentauth_buffer_get_bignum2_ret(&b, sig->r) == -1) || |
| 818 |
+ (pamsshagentauth_buffer_get_bignum2_ret(&b, sig->s) == -1)) |
| 819 |
++#else |
| 820 |
++ DSA_SIG_get0(sig, &r, &s); |
| 821 |
++ if ((pamsshagentauth_buffer_get_bignum2_ret(&b, r) == -1) || |
| 822 |
++ (pamsshagentauth_buffer_get_bignum2_ret(&b, s) == -1)) |
| 823 |
++#endif |
| 824 |
+ pamsshagentauth_fatal("ssh_ecdsa_verify:" |
| 825 |
+ "pamsshagentauth_buffer_get_bignum2_ret failed"); |
| 826 |
+ |
| 827 |
+@@ -137,16 +157,18 @@ ssh_ecdsa_verify(const Key *key, const u_char *signature, u_int signaturelen, |
| 828 |
+ pamsshagentauth_xfree(sigblob); |
| 829 |
+ |
| 830 |
+ /* sha256 the data */ |
| 831 |
+- EVP_DigestInit(&md, evp_md); |
| 832 |
+- EVP_DigestUpdate(&md, data, datalen); |
| 833 |
+- EVP_DigestFinal(&md, digest, &dlen); |
| 834 |
++ md = EVP_MD_CTX_create(); |
| 835 |
++ EVP_DigestInit(md, evp_md); |
| 836 |
++ EVP_DigestUpdate(md, data, datalen); |
| 837 |
++ EVP_DigestFinal(md, digest, &dlen); |
| 838 |
+ |
| 839 |
+ ret = ECDSA_do_verify(digest, dlen, sig, key->ecdsa); |
| 840 |
+ memset(digest, 'd', sizeof(digest)); |
| 841 |
++ EVP_MD_CTX_destroy(md); |
| 842 |
+ |
| 843 |
+ ECDSA_SIG_free(sig); |
| 844 |
+ |
| 845 |
+ pamsshagentauth_verbose("ssh_ecdsa_verify: signature %s", |
| 846 |
+ ret == 1 ? "correct" : ret == 0 ? "incorrect" : "error"); |
| 847 |
+ return ret; |
| 848 |
+-} |
| 849 |
+\ No newline at end of file |
| 850 |
++} |
| 851 |
+diff --git a/ssh-rsa.c b/ssh-rsa.c |
| 852 |
+index d05844b..9d74eb6 100644 |
| 853 |
+--- a/ssh-rsa.c |
| 854 |
++++ b/ssh-rsa.c |
| 855 |
+@@ -40,7 +40,7 @@ ssh_rsa_sign(const Key *key, u_char **sigp, u_int *lenp, |
| 856 |
+ const u_char *data, u_int datalen) |
| 857 |
+ { |
| 858 |
+ const EVP_MD *evp_md; |
| 859 |
+- EVP_MD_CTX md; |
| 860 |
++ EVP_MD_CTX *md; |
| 861 |
+ u_char digest[EVP_MAX_MD_SIZE], *sig; |
| 862 |
+ u_int slen, dlen, len; |
| 863 |
+ int ok, nid; |
| 864 |
+@@ -55,6 +55,7 @@ ssh_rsa_sign(const Key *key, u_char **sigp, u_int *lenp, |
| 865 |
+ pamsshagentauth_logerror("ssh_rsa_sign: EVP_get_digestbynid %d failed", nid); |
| 866 |
+ return -1; |
| 867 |
+ } |
| 868 |
++ md = EVP_MD_CTX_create(); |
| 869 |
+ EVP_DigestInit(&md, evp_md); |
| 870 |
+ EVP_DigestUpdate(&md, data, datalen); |
| 871 |
+ EVP_DigestFinal(&md, digest, &dlen); |
| 872 |
+@@ -64,6 +65,7 @@ ssh_rsa_sign(const Key *key, u_char **sigp, u_int *lenp, |
| 873 |
+ |
| 874 |
+ ok = RSA_sign(nid, digest, dlen, sig, &len, key->rsa); |
| 875 |
+ memset(digest, 'd', sizeof(digest)); |
| 876 |
++ EVP_MD_CTX_destroy(md); |
| 877 |
+ |
| 878 |
+ if (ok != 1) { |
| 879 |
+ int ecode = ERR_get_error(); |
| 880 |
+@@ -107,7 +109,7 @@ ssh_rsa_verify(const Key *key, const u_char *signature, u_int signaturelen, |
| 881 |
+ { |
| 882 |
+ Buffer b; |
| 883 |
+ const EVP_MD *evp_md; |
| 884 |
+- EVP_MD_CTX md; |
| 885 |
++ EVP_MD_CTX *md; |
| 886 |
+ char *ktype; |
| 887 |
+ u_char digest[EVP_MAX_MD_SIZE], *sigblob; |
| 888 |
+ u_int len, dlen, modlen; |
| 889 |
+@@ -117,9 +119,17 @@ ssh_rsa_verify(const Key *key, const u_char *signature, u_int signaturelen, |
| 890 |
+ pamsshagentauth_logerror("ssh_rsa_verify: no RSA key"); |
| 891 |
+ return -1; |
| 892 |
+ } |
| 893 |
++#if OPENSSL_VERSION_NUMBER < 0x10100000L |
| 894 |
+ if (BN_num_bits(key->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) { |
| 895 |
++#else |
| 896 |
++ if (BN_num_bits(RSA_get0_n(key->rsa)) < SSH_RSA_MINIMUM_MODULUS_SIZE) { |
| 897 |
++#endif |
| 898 |
+ pamsshagentauth_logerror("ssh_rsa_verify: RSA modulus too small: %d < minimum %d bits", |
| 899 |
++#if OPENSSL_VERSION_NUMBER < 0x10100000L |
| 900 |
+ BN_num_bits(key->rsa->n), SSH_RSA_MINIMUM_MODULUS_SIZE); |
| 901 |
++#else |
| 902 |
++ BN_num_bits(RSA_get0_n(key->rsa)), SSH_RSA_MINIMUM_MODULUS_SIZE); |
| 903 |
++#endif |
| 904 |
+ return -1; |
| 905 |
+ } |
| 906 |
+ pamsshagentauth_buffer_init(&b); |
| 907 |
+@@ -161,12 +171,14 @@ ssh_rsa_verify(const Key *key, const u_char *signature, u_int signaturelen, |
| 908 |
+ pamsshagentauth_xfree(sigblob); |
| 909 |
+ return -1; |
| 910 |
+ } |
| 911 |
+- EVP_DigestInit(&md, evp_md); |
| 912 |
+- EVP_DigestUpdate(&md, data, datalen); |
| 913 |
+- EVP_DigestFinal(&md, digest, &dlen); |
| 914 |
++ md = EVP_MD_CTX_create(); |
| 915 |
++ EVP_DigestInit(md, evp_md); |
| 916 |
++ EVP_DigestUpdate(md, data, datalen); |
| 917 |
++ EVP_DigestFinal(md, digest, &dlen); |
| 918 |
+ |
| 919 |
+ ret = openssh_RSA_verify(nid, digest, dlen, sigblob, len, key->rsa); |
| 920 |
+ memset(digest, 'd', sizeof(digest)); |
| 921 |
++ EVP_MD_CTX_destroy(md); |
| 922 |
+ memset(sigblob, 's', len); |
| 923 |
+ pamsshagentauth_xfree(sigblob); |
| 924 |
+ pamsshagentauth_verbose("ssh_rsa_verify: signature %scorrect", (ret==0) ? "in" : ""); |
| 925 |
+ |
| 926 |
+From 4dc87369134f215378042ec4d971a4fe48d1a02b Mon Sep 17 00:00:00 2001 |
| 927 |
+From: Guido Falsi <mad@××××××××.net> |
| 928 |
+Date: Wed, 24 Oct 2018 20:36:15 +0200 |
| 929 |
+Subject: [PATCH 2/2] Check against the correct OPENSSL_VERSION_NUMBER |
| 930 |
+ |
| 931 |
+Alexey Dokuchaev (a fellow FreeBSD developer) pointed out to me the opaque structures were introduced in 1.1.0-pre |
| 932 |
+5, so the correct OPENSSL_VERSION_NUMBER to discriminate is 0x10100005L. |
| 933 |
+--- |
| 934 |
+ authfd.c | 12 ++++++------ |
| 935 |
+ bufbn.c | 2 +- |
| 936 |
+ key.c | 36 ++++++++++++++++++------------------ |
| 937 |
+ ssh-dss.c | 10 +++++----- |
| 938 |
+ ssh-ecdsa.c | 8 ++++---- |
| 939 |
+ ssh-rsa.c | 4 ++-- |
| 940 |
+ 6 files changed, 36 insertions(+), 36 deletions(-) |
| 941 |
+ |
| 942 |
+diff --git a/authfd.c b/authfd.c |
| 943 |
+index 35f8de1..01d1d89 100644 |
| 944 |
+--- a/authfd.c |
| 945 |
++++ b/authfd.c |
| 946 |
+@@ -372,7 +372,7 @@ ssh_get_next_identity(AuthenticationConnection *auth, char **comment, int versio |
| 947 |
+ case 1: |
| 948 |
+ key = pamsshagentauth_key_new(KEY_RSA1); |
| 949 |
+ bits = pamsshagentauth_buffer_get_int(&auth->identities); |
| 950 |
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L |
| 951 |
++#if OPENSSL_VERSION_NUMBER < 0x10100005L |
| 952 |
+ pamsshagentauth_buffer_get_bignum(&auth->identities, key->rsa->e); |
| 953 |
+ pamsshagentauth_buffer_get_bignum(&auth->identities, key->rsa->n); |
| 954 |
+ *comment = pamsshagentauth_buffer_get_string(&auth->identities, NULL); |
| 955 |
+@@ -432,7 +432,7 @@ ssh_decrypt_challenge(AuthenticationConnection *auth, |
| 956 |
+ } |
| 957 |
+ pamsshagentauth_buffer_init(&buffer); |
| 958 |
+ pamsshagentauth_buffer_put_char(&buffer, SSH_AGENTC_RSA_CHALLENGE); |
| 959 |
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L |
| 960 |
++#if OPENSSL_VERSION_NUMBER < 0x10100005L |
| 961 |
+ pamsshagentauth_buffer_put_int(&buffer, BN_num_bits(key->rsa->n)); |
| 962 |
+ pamsshagentauth_buffer_put_bignum(&buffer, key->rsa->e); |
| 963 |
+ pamsshagentauth_buffer_put_bignum(&buffer, key->rsa->n); |
| 964 |
+@@ -517,7 +517,7 @@ ssh_agent_sign(AuthenticationConnection *auth, |
| 965 |
+ static void |
| 966 |
+ ssh_encode_identity_rsa1(Buffer *b, RSA *key, const char *comment) |
| 967 |
+ { |
| 968 |
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L |
| 969 |
++#if OPENSSL_VERSION_NUMBER < 0x10100005L |
| 970 |
+ pamsshagentauth_buffer_put_int(b, BN_num_bits(key->n)); |
| 971 |
+ pamsshagentauth_buffer_put_bignum(b, key->n); |
| 972 |
+ pamsshagentauth_buffer_put_bignum(b, key->e); |
| 973 |
+@@ -545,7 +545,7 @@ ssh_encode_identity_ssh2(Buffer *b, Key *key, const char *comment) |
| 974 |
+ pamsshagentauth_buffer_put_cstring(b, key_ssh_name(key)); |
| 975 |
+ switch (key->type) { |
| 976 |
+ case KEY_RSA: |
| 977 |
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L |
| 978 |
++#if OPENSSL_VERSION_NUMBER < 0x10100005L |
| 979 |
+ pamsshagentauth_buffer_put_bignum2(b, key->rsa->n); |
| 980 |
+ pamsshagentauth_buffer_put_bignum2(b, key->rsa->e); |
| 981 |
+ pamsshagentauth_buffer_put_bignum2(b, key->rsa->d); |
| 982 |
+@@ -562,7 +562,7 @@ ssh_encode_identity_ssh2(Buffer *b, Key *key, const char *comment) |
| 983 |
+ #endif |
| 984 |
+ break; |
| 985 |
+ case KEY_DSA: |
| 986 |
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L |
| 987 |
++#if OPENSSL_VERSION_NUMBER < 0x10100005L |
| 988 |
+ pamsshagentauth_buffer_put_bignum2(b, key->dsa->p); |
| 989 |
+ pamsshagentauth_buffer_put_bignum2(b, key->dsa->q); |
| 990 |
+ pamsshagentauth_buffer_put_bignum2(b, key->dsa->g); |
| 991 |
+@@ -654,7 +654,7 @@ ssh_remove_identity(AuthenticationConnection *auth, Key *key) |
| 992 |
+ |
| 993 |
+ if (key->type == KEY_RSA1) { |
| 994 |
+ pamsshagentauth_buffer_put_char(&msg, SSH_AGENTC_REMOVE_RSA_IDENTITY); |
| 995 |
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L |
| 996 |
++#if OPENSSL_VERSION_NUMBER < 0x10100005L |
| 997 |
+ pamsshagentauth_buffer_put_int(&msg, BN_num_bits(key->rsa->n)); |
| 998 |
+ pamsshagentauth_buffer_put_bignum(&msg, key->rsa->e); |
| 999 |
+ pamsshagentauth_buffer_put_bignum(&msg, key->rsa->n); |
| 1000 |
+diff --git a/bufbn.c b/bufbn.c |
| 1001 |
+index 4ecedc1..b4754cc 100644 |
| 1002 |
+--- a/bufbn.c |
| 1003 |
++++ b/bufbn.c |
| 1004 |
+@@ -151,7 +151,7 @@ pamsshagentauth_buffer_put_bignum2_ret(Buffer *buffer, const BIGNUM *value) |
| 1005 |
+ pamsshagentauth_buffer_put_int(buffer, 0); |
| 1006 |
+ return 0; |
| 1007 |
+ } |
| 1008 |
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L |
| 1009 |
++#if OPENSSL_VERSION_NUMBER < 0x10100005L |
| 1010 |
+ if (value->neg) { |
| 1011 |
+ #else |
| 1012 |
+ if (BN_is_negative(value)) { |
| 1013 |
+diff --git a/key.c b/key.c |
| 1014 |
+index aedbbb5..dcc5fc8 100644 |
| 1015 |
+--- a/key.c |
| 1016 |
++++ b/key.c |
| 1017 |
+@@ -77,7 +77,7 @@ pamsshagentauth_key_new(int type) |
| 1018 |
+ case KEY_RSA: |
| 1019 |
+ if ((rsa = RSA_new()) == NULL) |
| 1020 |
+ pamsshagentauth_fatal("key_new: RSA_new failed"); |
| 1021 |
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L |
| 1022 |
++#if OPENSSL_VERSION_NUMBER < 0x10100005L |
| 1023 |
+ if ((rsa->n = BN_new()) == NULL) |
| 1024 |
+ pamsshagentauth_fatal("key_new: BN_new failed"); |
| 1025 |
+ if ((rsa->e = BN_new()) == NULL) |
| 1026 |
+@@ -91,7 +91,7 @@ pamsshagentauth_key_new(int type) |
| 1027 |
+ case KEY_DSA: |
| 1028 |
+ if ((dsa = DSA_new()) == NULL) |
| 1029 |
+ pamsshagentauth_fatal("key_new: DSA_new failed"); |
| 1030 |
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L |
| 1031 |
++#if OPENSSL_VERSION_NUMBER < 0x10100005L |
| 1032 |
+ if ((dsa->p = BN_new()) == NULL) |
| 1033 |
+ pamsshagentauth_fatal("key_new: BN_new failed"); |
| 1034 |
+ if ((dsa->q = BN_new()) == NULL) |
| 1035 |
+@@ -130,7 +130,7 @@ pamsshagentauth_key_new_private(int type) |
| 1036 |
+ switch (k->type) { |
| 1037 |
+ case KEY_RSA1: |
| 1038 |
+ case KEY_RSA: |
| 1039 |
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L |
| 1040 |
++#if OPENSSL_VERSION_NUMBER < 0x10100005L |
| 1041 |
+ if ((k->rsa->d = BN_new()) == NULL) |
| 1042 |
+ pamsshagentauth_fatal("key_new_private: BN_new failed"); |
| 1043 |
+ if ((k->rsa->iqmp = BN_new()) == NULL) |
| 1044 |
+@@ -153,7 +153,7 @@ pamsshagentauth_key_new_private(int type) |
| 1045 |
+ #endif |
| 1046 |
+ break; |
| 1047 |
+ case KEY_DSA: |
| 1048 |
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L |
| 1049 |
++#if OPENSSL_VERSION_NUMBER < 0x10100005L |
| 1050 |
+ if ((k->dsa->priv_key = BN_new()) == NULL) |
| 1051 |
+ pamsshagentauth_fatal("key_new_private: BN_new failed"); |
| 1052 |
+ #else |
| 1053 |
+@@ -162,7 +162,7 @@ pamsshagentauth_key_new_private(int type) |
| 1054 |
+ #endif |
| 1055 |
+ break; |
| 1056 |
+ case KEY_ECDSA: |
| 1057 |
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L |
| 1058 |
++#if OPENSSL_VERSION_NUMBER < 0x10100005L |
| 1059 |
+ if (EC_KEY_set_private_key(k->ecdsa, BN_new()) != 1) |
| 1060 |
+ pamsshagentauth_fatal("key_new_private: EC_KEY_set_private_key failed"); |
| 1061 |
+ #else |
| 1062 |
+@@ -224,7 +224,7 @@ pamsshagentauth_key_equal(const Key *a, const Key *b) |
| 1063 |
+ case KEY_RSA1: |
| 1064 |
+ case KEY_RSA: |
| 1065 |
+ return a->rsa != NULL && b->rsa != NULL && |
| 1066 |
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L |
| 1067 |
++#if OPENSSL_VERSION_NUMBER < 0x10100005L |
| 1068 |
+ BN_cmp(a->rsa->e, b->rsa->e) == 0 && |
| 1069 |
+ BN_cmp(a->rsa->n, b->rsa->n) == 0; |
| 1070 |
+ #else |
| 1071 |
+@@ -233,7 +233,7 @@ pamsshagentauth_key_equal(const Key *a, const Key *b) |
| 1072 |
+ #endif |
| 1073 |
+ case KEY_DSA: |
| 1074 |
+ return a->dsa != NULL && b->dsa != NULL && |
| 1075 |
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L |
| 1076 |
++#if OPENSSL_VERSION_NUMBER < 0x10100005L |
| 1077 |
+ BN_cmp(a->dsa->p, b->dsa->p) == 0 && |
| 1078 |
+ BN_cmp(a->dsa->q, b->dsa->q) == 0 && |
| 1079 |
+ BN_cmp(a->dsa->g, b->dsa->g) == 0 && |
| 1080 |
+@@ -293,7 +293,7 @@ pamsshagentauth_key_fingerprint_raw(const Key *k, enum fp_type dgst_type, |
| 1081 |
+ } |
| 1082 |
+ switch (k->type) { |
| 1083 |
+ case KEY_RSA1: |
| 1084 |
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L |
| 1085 |
++#if OPENSSL_VERSION_NUMBER < 0x10100005L |
| 1086 |
+ nlen = BN_num_bytes(k->rsa->n); |
| 1087 |
+ elen = BN_num_bytes(k->rsa->e); |
| 1088 |
+ len = nlen + elen; |
| 1089 |
+@@ -510,7 +510,7 @@ pamsshagentauth_key_read(Key *ret, char **cpp) |
| 1090 |
+ return -1; |
| 1091 |
+ *cpp = cp; |
| 1092 |
+ /* Get public exponent, public modulus. */ |
| 1093 |
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L |
| 1094 |
++#if OPENSSL_VERSION_NUMBER < 0x10100005L |
| 1095 |
+ if (!read_bignum(cpp, ret->rsa->e)) |
| 1096 |
+ return -1; |
| 1097 |
+ if (!read_bignum(cpp, ret->rsa->n)) |
| 1098 |
+@@ -643,7 +643,7 @@ pamsshagentauth_key_write(const Key *key, FILE *f) |
| 1099 |
+ |
| 1100 |
+ if (key->type == KEY_RSA1 && key->rsa != NULL) { |
| 1101 |
+ /* size of modulus 'n' */ |
| 1102 |
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L |
| 1103 |
++#if OPENSSL_VERSION_NUMBER < 0x10100005L |
| 1104 |
+ bits = BN_num_bits(key->rsa->n); |
| 1105 |
+ fprintf(f, "%u", bits); |
| 1106 |
+ if (write_bignum(f, key->rsa->e) && |
| 1107 |
+@@ -742,7 +742,7 @@ pamsshagentauth_key_size(const Key *k) |
| 1108 |
+ { |
| 1109 |
+ switch (k->type) { |
| 1110 |
+ case KEY_RSA1: |
| 1111 |
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L |
| 1112 |
++#if OPENSSL_VERSION_NUMBER < 0x10100005L |
| 1113 |
+ case KEY_RSA: |
| 1114 |
+ return BN_num_bits(k->rsa->n); |
| 1115 |
+ case KEY_DSA: |
| 1116 |
+@@ -843,7 +843,7 @@ pamsshagentauth_key_from_private(const Key *k) |
| 1117 |
+ switch (k->type) { |
| 1118 |
+ case KEY_DSA: |
| 1119 |
+ n = pamsshagentauth_key_new(k->type); |
| 1120 |
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L |
| 1121 |
++#if OPENSSL_VERSION_NUMBER < 0x10100005L |
| 1122 |
+ if ((BN_copy(n->dsa->p, k->dsa->p) == NULL) || |
| 1123 |
+ (BN_copy(n->dsa->q, k->dsa->q) == NULL) || |
| 1124 |
+ (BN_copy(n->dsa->g, k->dsa->g) == NULL) || |
| 1125 |
+@@ -859,7 +859,7 @@ pamsshagentauth_key_from_private(const Key *k) |
| 1126 |
+ case KEY_RSA: |
| 1127 |
+ case KEY_RSA1: |
| 1128 |
+ n = pamsshagentauth_key_new(k->type); |
| 1129 |
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L |
| 1130 |
++#if OPENSSL_VERSION_NUMBER < 0x10100005L |
| 1131 |
+ if ((BN_copy(n->rsa->n, k->rsa->n) == NULL) || |
| 1132 |
+ (BN_copy(n->rsa->e, k->rsa->e) == NULL)) |
| 1133 |
+ #else |
| 1134 |
+@@ -967,7 +967,7 @@ pamsshagentauth_key_from_blob(const u_char *blob, u_int blen) |
| 1135 |
+ switch (type) { |
| 1136 |
+ case KEY_RSA: |
| 1137 |
+ key = pamsshagentauth_key_new(type); |
| 1138 |
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L |
| 1139 |
++#if OPENSSL_VERSION_NUMBER < 0x10100005L |
| 1140 |
+ if (pamsshagentauth_buffer_get_bignum2_ret(&b, key->rsa->e) == -1 || |
| 1141 |
+ pamsshagentauth_buffer_get_bignum2_ret(&b, key->rsa->n) == -1) { |
| 1142 |
+ #else |
| 1143 |
+@@ -985,7 +985,7 @@ pamsshagentauth_key_from_blob(const u_char *blob, u_int blen) |
| 1144 |
+ break; |
| 1145 |
+ case KEY_DSA: |
| 1146 |
+ key = pamsshagentauth_key_new(type); |
| 1147 |
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L |
| 1148 |
++#if OPENSSL_VERSION_NUMBER < 0x10100005L |
| 1149 |
+ if (pamsshagentauth_buffer_get_bignum2_ret(&b, key->dsa->p) == -1 || |
| 1150 |
+ pamsshagentauth_buffer_get_bignum2_ret(&b, key->dsa->q) == -1 || |
| 1151 |
+ pamsshagentauth_buffer_get_bignum2_ret(&b, key->dsa->g) == -1 || |
| 1152 |
+@@ -1113,7 +1113,7 @@ pamsshagentauth_key_to_blob(const Key *key, u_char **blobp, u_int *lenp) |
| 1153 |
+ } |
| 1154 |
+ pamsshagentauth_buffer_init(&b); |
| 1155 |
+ switch (key->type) { |
| 1156 |
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L |
| 1157 |
++#if OPENSSL_VERSION_NUMBER < 0x10100005L |
| 1158 |
+ case KEY_DSA: |
| 1159 |
+ pamsshagentauth_buffer_put_cstring(&b, key_ssh_name(key)); |
| 1160 |
+ pamsshagentauth_buffer_put_bignum2(&b, key->dsa->p); |
| 1161 |
+@@ -1251,7 +1251,7 @@ pamsshagentauth_key_demote(const Key *k) |
| 1162 |
+ case KEY_RSA: |
| 1163 |
+ if ((pk->rsa = RSA_new()) == NULL) |
| 1164 |
+ pamsshagentauth_fatal("key_demote: RSA_new failed"); |
| 1165 |
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L |
| 1166 |
++#if OPENSSL_VERSION_NUMBER < 0x10100005L |
| 1167 |
+ if ((pk->rsa->e = BN_dup(k->rsa->e)) == NULL) |
| 1168 |
+ pamsshagentauth_fatal("key_demote: BN_dup failed"); |
| 1169 |
+ if ((pk->rsa->n = BN_dup(k->rsa->n)) == NULL) |
| 1170 |
+@@ -1264,7 +1264,7 @@ pamsshagentauth_key_demote(const Key *k) |
| 1171 |
+ case KEY_DSA: |
| 1172 |
+ if ((pk->dsa = DSA_new()) == NULL) |
| 1173 |
+ pamsshagentauth_fatal("key_demote: DSA_new failed"); |
| 1174 |
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L |
| 1175 |
++#if OPENSSL_VERSION_NUMBER < 0x10100005L |
| 1176 |
+ if ((pk->dsa->p = BN_dup(k->dsa->p)) == NULL) |
| 1177 |
+ pamsshagentauth_fatal("key_demote: BN_dup failed"); |
| 1178 |
+ if ((pk->dsa->q = BN_dup(k->dsa->q)) == NULL) |
| 1179 |
+diff --git a/ssh-dss.c b/ssh-dss.c |
| 1180 |
+index 1051ae2..9b96274 100644 |
| 1181 |
+--- a/ssh-dss.c |
| 1182 |
++++ b/ssh-dss.c |
| 1183 |
+@@ -52,7 +52,7 @@ ssh_dss_sign(const Key *key, u_char **sigp, u_int *lenp, |
| 1184 |
+ u_char digest[EVP_MAX_MD_SIZE], sigblob[SIGBLOB_LEN]; |
| 1185 |
+ u_int rlen, slen, len, dlen; |
| 1186 |
+ Buffer b; |
| 1187 |
+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L |
| 1188 |
++#if OPENSSL_VERSION_NUMBER >= 0x10100005L |
| 1189 |
+ const BIGNUM *r, *s; |
| 1190 |
+ #endif |
| 1191 |
+ |
| 1192 |
+@@ -74,7 +74,7 @@ ssh_dss_sign(const Key *key, u_char **sigp, u_int *lenp, |
| 1193 |
+ return -1; |
| 1194 |
+ } |
| 1195 |
+ |
| 1196 |
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L |
| 1197 |
++#if OPENSSL_VERSION_NUMBER < 0x10100005L |
| 1198 |
+ rlen = BN_num_bytes(sig->r); |
| 1199 |
+ slen = BN_num_bytes(sig->s); |
| 1200 |
+ #else |
| 1201 |
+@@ -88,7 +88,7 @@ ssh_dss_sign(const Key *key, u_char **sigp, u_int *lenp, |
| 1202 |
+ return -1; |
| 1203 |
+ } |
| 1204 |
+ memset(sigblob, 0, SIGBLOB_LEN); |
| 1205 |
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L |
| 1206 |
++#if OPENSSL_VERSION_NUMBER < 0x10100005L |
| 1207 |
+ BN_bn2bin(sig->r, sigblob+ SIGBLOB_LEN - INTBLOB_LEN - rlen); |
| 1208 |
+ BN_bn2bin(sig->s, sigblob+ SIGBLOB_LEN - slen); |
| 1209 |
+ #else |
| 1210 |
+@@ -131,7 +131,7 @@ ssh_dss_verify(const Key *key, const u_char *signature, u_int signaturelen, |
| 1211 |
+ u_int len, dlen; |
| 1212 |
+ int rlen, ret; |
| 1213 |
+ Buffer b; |
| 1214 |
+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L |
| 1215 |
++#if OPENSSL_VERSION_NUMBER >= 0x10100005L |
| 1216 |
+ BIGNUM *r, *s; |
| 1217 |
+ #endif |
| 1218 |
+ |
| 1219 |
+@@ -176,7 +176,7 @@ ssh_dss_verify(const Key *key, const u_char *signature, u_int signaturelen, |
| 1220 |
+ /* parse signature */ |
| 1221 |
+ if ((sig = DSA_SIG_new()) == NULL) |
| 1222 |
+ pamsshagentauth_fatal("ssh_dss_verify: DSA_SIG_new failed"); |
| 1223 |
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L |
| 1224 |
++#if OPENSSL_VERSION_NUMBER < 0x10100005L |
| 1225 |
+ if ((sig->r = BN_new()) == NULL) |
| 1226 |
+ pamsshagentauth_fatal("ssh_dss_verify: BN_new failed"); |
| 1227 |
+ if ((sig->s = BN_new()) == NULL) |
| 1228 |
+diff --git a/ssh-ecdsa.c b/ssh-ecdsa.c |
| 1229 |
+index c213959..5b13b30 100644 |
| 1230 |
+--- a/ssh-ecdsa.c |
| 1231 |
++++ b/ssh-ecdsa.c |
| 1232 |
+@@ -45,7 +45,7 @@ ssh_ecdsa_sign(const Key *key, u_char **sigp, u_int *lenp, |
| 1233 |
+ u_char digest[EVP_MAX_MD_SIZE]; |
| 1234 |
+ u_int len, dlen; |
| 1235 |
+ Buffer b, bb; |
| 1236 |
+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L |
| 1237 |
++#if OPENSSL_VERSION_NUMBER >= 0x10100005L |
| 1238 |
+ BIGNUM *r, *s; |
| 1239 |
+ #endif |
| 1240 |
+ |
| 1241 |
+@@ -69,7 +69,7 @@ ssh_ecdsa_sign(const Key *key, u_char **sigp, u_int *lenp, |
| 1242 |
+ } |
| 1243 |
+ |
| 1244 |
+ pamsshagentauth_buffer_init(&bb); |
| 1245 |
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L |
| 1246 |
++#if OPENSSL_VERSION_NUMBER < 0x10100005L |
| 1247 |
+ if (pamsshagentauth_buffer_get_bignum2_ret(&bb, sig->r) == -1 || |
| 1248 |
+ pamsshagentauth_buffer_get_bignum2_ret(&bb, sig->s) == -1) { |
| 1249 |
+ #else |
| 1250 |
+@@ -110,7 +110,7 @@ ssh_ecdsa_verify(const Key *key, const u_char *signature, u_int signaturelen, |
| 1251 |
+ u_int len, dlen; |
| 1252 |
+ int rlen, ret; |
| 1253 |
+ Buffer b; |
| 1254 |
+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L |
| 1255 |
++#if OPENSSL_VERSION_NUMBER >= 0x10100005L |
| 1256 |
+ BIGNUM *r, *s; |
| 1257 |
+ #endif |
| 1258 |
+ |
| 1259 |
+@@ -141,7 +141,7 @@ ssh_ecdsa_verify(const Key *key, const u_char *signature, u_int signaturelen, |
| 1260 |
+ |
| 1261 |
+ pamsshagentauth_buffer_init(&b); |
| 1262 |
+ pamsshagentauth_buffer_append(&b, sigblob, len); |
| 1263 |
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L |
| 1264 |
++#if OPENSSL_VERSION_NUMBER < 0x10100005L |
| 1265 |
+ if ((pamsshagentauth_buffer_get_bignum2_ret(&b, sig->r) == -1) || |
| 1266 |
+ (pamsshagentauth_buffer_get_bignum2_ret(&b, sig->s) == -1)) |
| 1267 |
+ #else |
| 1268 |
+diff --git a/ssh-rsa.c b/ssh-rsa.c |
| 1269 |
+index 9d74eb6..35f2e36 100644 |
| 1270 |
+--- a/ssh-rsa.c |
| 1271 |
++++ b/ssh-rsa.c |
| 1272 |
+@@ -119,13 +119,13 @@ ssh_rsa_verify(const Key *key, const u_char *signature, u_int signaturelen, |
| 1273 |
+ pamsshagentauth_logerror("ssh_rsa_verify: no RSA key"); |
| 1274 |
+ return -1; |
| 1275 |
+ } |
| 1276 |
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L |
| 1277 |
++#if OPENSSL_VERSION_NUMBER < 0x10100005L |
| 1278 |
+ if (BN_num_bits(key->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) { |
| 1279 |
+ #else |
| 1280 |
+ if (BN_num_bits(RSA_get0_n(key->rsa)) < SSH_RSA_MINIMUM_MODULUS_SIZE) { |
| 1281 |
+ #endif |
| 1282 |
+ pamsshagentauth_logerror("ssh_rsa_verify: RSA modulus too small: %d < minimum %d bits", |
| 1283 |
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L |
| 1284 |
++#if OPENSSL_VERSION_NUMBER < 0x10100005L |
| 1285 |
+ BN_num_bits(key->rsa->n), SSH_RSA_MINIMUM_MODULUS_SIZE); |
| 1286 |
+ #else |
| 1287 |
+ BN_num_bits(RSA_get0_n(key->rsa)), SSH_RSA_MINIMUM_MODULUS_SIZE); |
| 1288 |
|
| 1289 |
diff --git a/sys-auth/pam_ssh_agent_auth/metadata.xml b/sys-auth/pam_ssh_agent_auth/metadata.xml |
| 1290 |
index b2c4b0002ee..cbaa4da90d4 100644 |
| 1291 |
--- a/sys-auth/pam_ssh_agent_auth/metadata.xml |
| 1292 |
+++ b/sys-auth/pam_ssh_agent_auth/metadata.xml |
| 1293 |
@@ -6,5 +6,6 @@ |
| 1294 |
</maintainer> |
| 1295 |
<upstream> |
| 1296 |
<remote-id type="sourceforge">pamsshagentauth</remote-id> |
| 1297 |
+ <remote-id type="github">jbeverly/pam_ssh_agent_auth</remote-id> |
| 1298 |
</upstream> |
| 1299 |
</pkgmetadata> |
| 1300 |
|
| 1301 |
diff --git a/sys-auth/pam_ssh_agent_auth/pam_ssh_agent_auth-0.10.3.ebuild b/sys-auth/pam_ssh_agent_auth/pam_ssh_agent_auth-0.10.3.ebuild |
| 1302 |
new file mode 100644 |
| 1303 |
index 00000000000..8afccd4a986 |
| 1304 |
--- /dev/null |
| 1305 |
+++ b/sys-auth/pam_ssh_agent_auth/pam_ssh_agent_auth-0.10.3.ebuild |
| 1306 |
@@ -0,0 +1,51 @@ |
| 1307 |
+# Copyright 1999-2018 Gentoo Authors |
| 1308 |
+# Distributed under the terms of the GNU General Public License v2 |
| 1309 |
+ |
| 1310 |
+EAPI=7 |
| 1311 |
+ |
| 1312 |
+inherit pam |
| 1313 |
+ |
| 1314 |
+DESCRIPTION="Simple module to authenticate users against their ssh-agent keys" |
| 1315 |
+HOMEPAGE="http://pamsshagentauth.sourceforge.net" |
| 1316 |
+ |
| 1317 |
+if [[ ${PV} == *9999 ]] ; then |
| 1318 |
+ EGIT_REPO_URI="https://github.com/jbeverly/${PN}.git" |
| 1319 |
+ inherit git-r3 |
| 1320 |
+else |
| 1321 |
+ SRC_URI="mirror://sourceforge/pamsshagentauth/${PN}/v${PV}/${P}.tar.bz2" |
| 1322 |
+ KEYWORDS="~amd64 ~arm ~x86" |
| 1323 |
+fi |
| 1324 |
+ |
| 1325 |
+LICENSE="MIT" |
| 1326 |
+SLOT="0" |
| 1327 |
+IUSE="" |
| 1328 |
+ |
| 1329 |
+PATCHES=( |
| 1330 |
+ "${FILESDIR}/${P}-openssl-1.1.1.patch" |
| 1331 |
+) |
| 1332 |
+DEPEND="virtual/pam |
| 1333 |
+ dev-libs/openssl:0=" |
| 1334 |
+ |
| 1335 |
+RDEPEND="${DEPEND} |
| 1336 |
+ virtual/ssh" |
| 1337 |
+ |
| 1338 |
+# needed for pod2man |
| 1339 |
+DEPEND="${DEPEND} |
| 1340 |
+ dev-lang/perl" |
| 1341 |
+ |
| 1342 |
+src_configure() { |
| 1343 |
+ pammod_hide_symbols |
| 1344 |
+ |
| 1345 |
+ econf \ |
| 1346 |
+ --without-openssl-header-check \ |
| 1347 |
+ --libexecdir="$(getpam_mod_dir)" |
| 1348 |
+} |
| 1349 |
+ |
| 1350 |
+src_install() { |
| 1351 |
+ # Don't use emake install as it makes it harder to have proper |
| 1352 |
+ # install paths. |
| 1353 |
+ dopammod pam_ssh_agent_auth.so |
| 1354 |
+ doman pam_ssh_agent_auth.8 |
| 1355 |
+ |
| 1356 |
+ dodoc CONTRIBUTORS |
| 1357 |
+} |
| 1358 |
|
| 1359 |
diff --git a/sys-auth/pam_ssh_agent_auth/pam_ssh_agent_auth-9999.ebuild b/sys-auth/pam_ssh_agent_auth/pam_ssh_agent_auth-9999.ebuild |
| 1360 |
new file mode 100644 |
| 1361 |
index 00000000000..2b877364229 |
| 1362 |
--- /dev/null |
| 1363 |
+++ b/sys-auth/pam_ssh_agent_auth/pam_ssh_agent_auth-9999.ebuild |
| 1364 |
@@ -0,0 +1,48 @@ |
| 1365 |
+# Copyright 1999-2018 Gentoo Authors |
| 1366 |
+# Distributed under the terms of the GNU General Public License v2 |
| 1367 |
+ |
| 1368 |
+EAPI=7 |
| 1369 |
+ |
| 1370 |
+inherit pam |
| 1371 |
+ |
| 1372 |
+DESCRIPTION="Simple module to authenticate users against their ssh-agent keys" |
| 1373 |
+HOMEPAGE="http://pamsshagentauth.sourceforge.net" |
| 1374 |
+ |
| 1375 |
+if [[ ${PV} == *9999 ]] ; then |
| 1376 |
+ EGIT_REPO_URI="https://github.com/jbeverly/${PN}.git" |
| 1377 |
+ inherit git-r3 |
| 1378 |
+else |
| 1379 |
+ SRC_URI="mirror://sourceforge/pamsshagentauth/${PN}/v${PV}/${P}.tar.bz2" |
| 1380 |
+ KEYWORDS="~amd64 ~arm ~x86" |
| 1381 |
+fi |
| 1382 |
+ |
| 1383 |
+LICENSE="MIT" |
| 1384 |
+SLOT="0" |
| 1385 |
+IUSE="" |
| 1386 |
+ |
| 1387 |
+DEPEND="virtual/pam |
| 1388 |
+ dev-libs/openssl:0=" |
| 1389 |
+ |
| 1390 |
+RDEPEND="${DEPEND} |
| 1391 |
+ virtual/ssh" |
| 1392 |
+ |
| 1393 |
+# needed for pod2man |
| 1394 |
+DEPEND="${DEPEND} |
| 1395 |
+ dev-lang/perl" |
| 1396 |
+ |
| 1397 |
+src_configure() { |
| 1398 |
+ pammod_hide_symbols |
| 1399 |
+ |
| 1400 |
+ econf \ |
| 1401 |
+ --without-openssl-header-check \ |
| 1402 |
+ --libexecdir="$(getpam_mod_dir)" |
| 1403 |
+} |
| 1404 |
+ |
| 1405 |
+src_install() { |
| 1406 |
+ # Don't use emake install as it makes it harder to have proper |
| 1407 |
+ # install paths. |
| 1408 |
+ dopammod pam_ssh_agent_auth.so |
| 1409 |
+ doman pam_ssh_agent_auth.8 |
| 1410 |
+ |
| 1411 |
+ dodoc CONTRIBUTORS |
| 1412 |
+} |
Archives