[arch-commits] Commit in openssh/trunk (openssl-1.1.0.patch)
Gaëtan Bisson
bisson at archlinux.org
Fri Mar 23 20:26:47 UTC 2018
Date: Friday, March 23, 2018 @ 20:26:46
Author: bisson
Revision: 319875
add function names
Modified:
openssh/trunk/openssl-1.1.0.patch
---------------------+
openssl-1.1.0.patch | 302 +++++++++++++++++++++++++-------------------------
1 file changed, 151 insertions(+), 151 deletions(-)
Modified: openssl-1.1.0.patch
===================================================================
--- openssl-1.1.0.patch 2018-03-23 19:46:45 UTC (rev 319874)
+++ openssl-1.1.0.patch 2018-03-23 20:26:46 UTC (rev 319875)
@@ -1,7 +1,7 @@
-diff -Naur old/auth-pam.c new/auth-pam.c
---- old/auth-pam.c 2018-02-22 20:00:52.000000000 -1000
-+++ new/auth-pam.c 2018-03-22 09:28:01.384146852 -1000
-@@ -128,6 +128,10 @@
+diff -aurp old/auth-pam.c new/auth-pam.c
+--- old/auth-pam.c 2018-03-22 16:21:14.000000000 -1000
++++ new/auth-pam.c 2018-03-23 10:05:03.886621278 -1000
+@@ -128,6 +128,10 @@ extern u_int utmp_len;
typedef pthread_t sp_pthread_t;
#else
typedef pid_t sp_pthread_t;
@@ -12,10 +12,10 @@
#endif
struct pam_ctxt {
-diff -Naur old/cipher.c new/cipher.c
---- old/cipher.c 2018-02-22 20:00:52.000000000 -1000
-+++ new/cipher.c 2018-03-22 09:28:01.385146886 -1000
-@@ -297,7 +297,10 @@
+diff -aurp old/cipher.c new/cipher.c
+--- old/cipher.c 2018-03-22 16:21:14.000000000 -1000
++++ new/cipher.c 2018-03-23 10:05:03.886621278 -1000
+@@ -297,7 +297,10 @@ cipher_init(struct sshcipher_ctx **ccp,
goto out;
}
}
@@ -27,7 +27,7 @@
ret = SSH_ERR_LIBCRYPTO_ERROR;
goto out;
}
-@@ -483,7 +486,7 @@
+@@ -483,7 +486,7 @@ cipher_get_keyiv(struct sshcipher_ctx *c
len, iv))
return SSH_ERR_LIBCRYPTO_ERROR;
} else
@@ -36,7 +36,7 @@
#endif
return 0;
}
-@@ -517,14 +520,19 @@
+@@ -517,14 +520,19 @@ cipher_set_keyiv(struct sshcipher_ctx *c
EVP_CTRL_GCM_SET_IV_FIXED, -1, (void *)iv))
return SSH_ERR_LIBCRYPTO_ERROR;
} else
@@ -59,9 +59,9 @@
#endif
int
-diff -Naur old/cipher.h new/cipher.h
---- old/cipher.h 2018-02-22 20:00:52.000000000 -1000
-+++ new/cipher.h 2018-03-22 09:28:01.385146886 -1000
+diff -aurp old/cipher.h new/cipher.h
+--- old/cipher.h 2018-03-22 16:21:14.000000000 -1000
++++ new/cipher.h 2018-03-23 10:05:03.886621278 -1000
@@ -46,7 +46,18 @@
#define CIPHER_DECRYPT 0
@@ -81,10 +81,10 @@
const struct sshcipher *cipher_by_name(const char *);
const char *cipher_warning_message(const struct sshcipher_ctx *);
-diff -Naur old/configure new/configure
---- old/configure 2018-02-23 03:30:10.000000000 -1000
-+++ new/configure 2018-03-22 09:28:01.391147093 -1000
-@@ -12847,7 +12847,6 @@
+diff -aurp old/configure new/configure
+--- old/configure 2018-03-23 03:30:17.000000000 -1000
++++ new/configure 2018-03-23 10:05:03.888621444 -1000
+@@ -13076,7 +13076,6 @@ if ac_fn_c_try_run "$LINENO"; then :
100*) ;; # 1.0.x
200*) ;; # LibreSSL
*)
@@ -92,10 +92,10 @@
;;
esac
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ssl_library_ver" >&5
-diff -Naur old/dh.c new/dh.c
---- old/dh.c 2018-02-22 20:00:52.000000000 -1000
-+++ new/dh.c 2018-03-22 09:28:01.392147128 -1000
-@@ -211,14 +211,15 @@
+diff -aurp old/dh.c new/dh.c
+--- old/dh.c 2018-03-22 16:21:14.000000000 -1000
++++ new/dh.c 2018-03-23 10:05:03.888621444 -1000
+@@ -211,14 +211,15 @@ choose_dh(int min, int wantbits, int max
/* diffie-hellman-groupN-sha1 */
int
@@ -113,7 +113,7 @@
logit("invalid public DH value: negative");
return 0;
}
-@@ -231,7 +232,8 @@
+@@ -231,7 +232,8 @@ dh_pub_is_valid(DH *dh, BIGNUM *dh_pub)
error("%s: BN_new failed", __func__);
return 0;
}
@@ -123,7 +123,7 @@
BN_cmp(dh_pub, tmp) != -1) { /* pub_exp > p-2 */
BN_clear_free(tmp);
logit("invalid public DH value: >= p-1");
-@@ -242,14 +244,14 @@
+@@ -242,14 +244,14 @@ dh_pub_is_valid(DH *dh, BIGNUM *dh_pub)
for (i = 0; i <= n; i++)
if (BN_is_bit_set(dh_pub, i))
bits_set++;
@@ -140,7 +140,7 @@
return 0;
}
return 1;
-@@ -259,9 +261,13 @@
+@@ -259,9 +261,13 @@ int
dh_gen_key(DH *dh, int need)
{
int pbits;
@@ -156,7 +156,7 @@
need > INT_MAX / 2 || 2 * need > pbits)
return SSH_ERR_INVALID_ARGUMENT;
if (need < 256)
-@@ -270,10 +276,13 @@
+@@ -270,10 +276,13 @@ dh_gen_key(DH *dh, int need)
* Pollard Rho, Big step/Little Step attacks are O(sqrt(n)),
* so double requested need here.
*/
@@ -174,7 +174,7 @@
return SSH_ERR_LIBCRYPTO_ERROR;
}
return 0;
-@@ -282,16 +291,27 @@
+@@ -282,16 +291,27 @@ dh_gen_key(DH *dh, int need)
DH *
dh_new_group_asc(const char *gen, const char *modulus)
{
@@ -209,7 +209,7 @@
}
/*
-@@ -306,8 +326,8 @@
+@@ -306,8 +326,8 @@ dh_new_group(BIGNUM *gen, BIGNUM *modulu
if ((dh = DH_new()) == NULL)
return NULL;
@@ -220,10 +220,10 @@
return (dh);
}
-diff -Naur old/dh.h new/dh.h
---- old/dh.h 2018-02-22 20:00:52.000000000 -1000
-+++ new/dh.h 2018-03-22 09:28:01.399147369 -1000
-@@ -42,7 +42,7 @@
+diff -aurp old/dh.h new/dh.h
+--- old/dh.h 2018-03-22 16:21:14.000000000 -1000
++++ new/dh.h 2018-03-23 10:05:03.889621527 -1000
+@@ -42,7 +42,7 @@ DH *dh_new_group18(void);
DH *dh_new_group_fallback(int);
int dh_gen_key(DH *, int);
@@ -232,9 +232,9 @@
u_int dh_estimate(int);
-diff -Naur old/digest-openssl.c new/digest-openssl.c
---- old/digest-openssl.c 2018-02-22 20:00:52.000000000 -1000
-+++ new/digest-openssl.c 2018-03-22 09:28:01.399147369 -1000
+diff -aurp old/digest-openssl.c new/digest-openssl.c
+--- old/digest-openssl.c 2018-03-22 16:21:14.000000000 -1000
++++ new/digest-openssl.c 2018-03-23 10:05:03.889621527 -1000
@@ -43,7 +43,7 @@
struct ssh_digest_ctx {
@@ -244,7 +244,7 @@
};
struct ssh_digest {
-@@ -106,20 +106,21 @@
+@@ -106,20 +106,21 @@ ssh_digest_bytes(int alg)
size_t
ssh_digest_blocksize(struct ssh_digest_ctx *ctx)
{
@@ -270,7 +270,7 @@
free(ret);
return NULL;
}
-@@ -132,7 +133,7 @@
+@@ -132,7 +133,7 @@ ssh_digest_copy_state(struct ssh_digest_
if (from->alg != to->alg)
return SSH_ERR_INVALID_ARGUMENT;
/* we have bcopy-style order while openssl has memcpy-style */
@@ -279,7 +279,7 @@
return SSH_ERR_LIBCRYPTO_ERROR;
return 0;
}
-@@ -140,7 +141,7 @@
+@@ -140,7 +141,7 @@ ssh_digest_copy_state(struct ssh_digest_
int
ssh_digest_update(struct ssh_digest_ctx *ctx, const void *m, size_t mlen)
{
@@ -288,7 +288,7 @@
return SSH_ERR_LIBCRYPTO_ERROR;
return 0;
}
-@@ -161,7 +162,7 @@
+@@ -161,7 +162,7 @@ ssh_digest_final(struct ssh_digest_ctx *
return SSH_ERR_INVALID_ARGUMENT;
if (dlen < digest->digest_len) /* No truncation allowed */
return SSH_ERR_INVALID_ARGUMENT;
@@ -297,7 +297,7 @@
return SSH_ERR_LIBCRYPTO_ERROR;
if (l != digest->digest_len) /* sanity */
return SSH_ERR_INTERNAL_ERROR;
-@@ -172,7 +173,7 @@
+@@ -172,7 +173,7 @@ void
ssh_digest_free(struct ssh_digest_ctx *ctx)
{
if (ctx != NULL) {
@@ -306,10 +306,10 @@
explicit_bzero(ctx, sizeof(*ctx));
free(ctx);
}
-diff -Naur old/kexdhc.c new/kexdhc.c
---- old/kexdhc.c 2018-02-22 20:00:52.000000000 -1000
-+++ new/kexdhc.c 2018-03-22 09:28:01.399147369 -1000
-@@ -81,11 +81,16 @@
+diff -aurp old/kexdhc.c new/kexdhc.c
+--- old/kexdhc.c 2018-03-22 16:21:14.000000000 -1000
++++ new/kexdhc.c 2018-03-23 10:05:03.889621527 -1000
+@@ -81,11 +81,16 @@ kexdh_client(struct ssh *ssh)
goto out;
}
debug("sending SSH2_MSG_KEXDH_INIT");
@@ -329,7 +329,7 @@
#ifdef DEBUG_KEXDH
DHparams_print_fp(stderr, kex->dh);
fprintf(stderr, "pub= ");
-@@ -169,6 +174,9 @@
+@@ -169,6 +174,9 @@ input_kex_dh(int type, u_int32_t seq, st
/* calc and verify H */
hashlen = sizeof(hash);
@@ -339,7 +339,7 @@
if ((r = kex_dh_hash(
kex->hash_alg,
kex->client_version_string,
-@@ -176,11 +184,13 @@
+@@ -176,11 +184,13 @@ input_kex_dh(int type, u_int32_t seq, st
sshbuf_ptr(kex->my), sshbuf_len(kex->my),
sshbuf_ptr(kex->peer), sshbuf_len(kex->peer),
server_host_key_blob, sbloblen,
@@ -355,10 +355,10 @@
if ((r = sshkey_verify(server_host_key, signature, slen, hash, hashlen,
kex->hostkey_alg, ssh->compat)) != 0)
-diff -Naur old/kexdhs.c new/kexdhs.c
---- old/kexdhs.c 2018-02-22 20:00:52.000000000 -1000
-+++ new/kexdhs.c 2018-03-22 09:28:01.400147404 -1000
-@@ -87,6 +87,10 @@
+diff -aurp old/kexdhs.c new/kexdhs.c
+--- old/kexdhs.c 2018-03-22 16:21:14.000000000 -1000
++++ new/kexdhs.c 2018-03-23 10:05:03.889621527 -1000
+@@ -87,6 +87,10 @@ kexdh_server(struct ssh *ssh)
ssh_dispatch_set(ssh, SSH2_MSG_KEXDH_INIT, &input_kex_dh_init);
r = 0;
out:
@@ -369,7 +369,7 @@
return r;
}
-@@ -163,6 +167,9 @@
+@@ -163,6 +167,9 @@ input_kex_dh_init(int type, u_int32_t se
goto out;
/* calc H */
hashlen = sizeof(hash);
@@ -379,7 +379,7 @@
if ((r = kex_dh_hash(
kex->hash_alg,
kex->client_version_string,
-@@ -171,10 +178,12 @@
+@@ -171,10 +178,12 @@ input_kex_dh_init(int type, u_int32_t se
sshbuf_ptr(kex->my), sshbuf_len(kex->my),
server_host_key_blob, sbloblen,
dh_client_pub,
@@ -394,7 +394,7 @@
/* save session id := H */
if (kex->session_id == NULL) {
-@@ -195,12 +204,17 @@
+@@ -195,12 +204,17 @@ input_kex_dh_init(int type, u_int32_t se
/* destroy_sensitive_data(); */
/* send server hostkey, DH pubkey 'f' and singed H */
@@ -414,10 +414,10 @@
if ((r = kex_derive_keys_bn(ssh, hash, hashlen, shared_secret)) == 0)
r = kex_send_newkeys(ssh);
-diff -Naur old/kexgexc.c new/kexgexc.c
---- old/kexgexc.c 2018-02-22 20:00:52.000000000 -1000
-+++ new/kexgexc.c 2018-03-22 09:31:08.089451598 -1000
-@@ -118,11 +118,17 @@
+diff -aurp old/kexgexc.c new/kexgexc.c
+--- old/kexgexc.c 2018-03-22 16:21:14.000000000 -1000
++++ new/kexgexc.c 2018-03-23 10:05:03.889621527 -1000
+@@ -118,11 +118,17 @@ input_kex_dh_gex_group(int type, u_int32
p = g = NULL; /* belong to kex->dh now */
/* generate and send 'e', client DH public key */
@@ -439,7 +439,7 @@
debug("SSH2_MSG_KEX_DH_GEX_INIT sent");
#ifdef DEBUG_KEXDH
DHparams_print_fp(stderr, kex->dh);
-@@ -136,6 +142,8 @@
+@@ -136,6 +142,8 @@ input_kex_dh_gex_group(int type, u_int32
out:
BN_clear_free(p);
BN_clear_free(g);
@@ -448,7 +448,7 @@
return r;
}
-@@ -212,6 +220,10 @@
+@@ -212,6 +220,10 @@ input_kex_dh_gex_reply(int type, u_int32
/* calc and verify H */
hashlen = sizeof(hash);
@@ -459,7 +459,7 @@
if ((r = kexgex_hash(
kex->hash_alg,
kex->client_version_string,
-@@ -220,12 +232,14 @@
+@@ -220,12 +232,14 @@ input_kex_dh_gex_reply(int type, u_int32
sshbuf_ptr(kex->peer), sshbuf_len(kex->peer),
server_host_key_blob, sbloblen,
kex->min, kex->nbits, kex->max,
@@ -477,10 +477,10 @@
if ((r = sshkey_verify(server_host_key, signature, slen, hash,
hashlen, kex->hostkey_alg, ssh->compat)) != 0)
-diff -Naur old/kexgexs.c new/kexgexs.c
---- old/kexgexs.c 2018-02-22 20:00:52.000000000 -1000
-+++ new/kexgexs.c 2018-03-22 09:28:01.491150543 -1000
-@@ -101,11 +101,16 @@
+diff -aurp old/kexgexs.c new/kexgexs.c
+--- old/kexgexs.c 2018-03-22 16:21:14.000000000 -1000
++++ new/kexgexs.c 2018-03-23 10:05:03.889621527 -1000
+@@ -101,11 +101,16 @@ input_kex_dh_gex_request(int type, u_int
goto out;
}
debug("SSH2_MSG_KEX_DH_GEX_GROUP sent");
@@ -500,7 +500,7 @@
/* Compute our exchange value in parallel with the client */
if ((r = dh_gen_key(kex->dh, kex->we_need * 8)) != 0)
-@@ -115,6 +120,10 @@
+@@ -115,6 +120,10 @@ input_kex_dh_gex_request(int type, u_int
ssh_dispatch_set(ssh, SSH2_MSG_KEX_DH_GEX_INIT, &input_kex_dh_gex_init);
r = 0;
out:
@@ -511,7 +511,7 @@
return r;
}
-@@ -191,6 +200,10 @@
+@@ -191,6 +200,10 @@ input_kex_dh_gex_init(int type, u_int32_
goto out;
/* calc H */
hashlen = sizeof(hash);
@@ -522,7 +522,7 @@
if ((r = kexgex_hash(
kex->hash_alg,
kex->client_version_string,
-@@ -199,12 +212,14 @@
+@@ -199,12 +212,14 @@ input_kex_dh_gex_init(int type, u_int32_
sshbuf_ptr(kex->my), sshbuf_len(kex->my),
server_host_key_blob, sbloblen,
kex->min, kex->nbits, kex->max,
@@ -540,7 +540,7 @@
/* save session id := H */
if (kex->session_id == NULL) {
-@@ -225,12 +240,17 @@
+@@ -225,12 +240,17 @@ input_kex_dh_gex_init(int type, u_int32_
/* destroy_sensitive_data(); */
/* send server hostkey, DH pubkey 'f' and singed H */
@@ -560,10 +560,10 @@
if ((r = kex_derive_keys_bn(ssh, hash, hashlen, shared_secret)) == 0)
r = kex_send_newkeys(ssh);
-diff -Naur old/monitor.c new/monitor.c
---- old/monitor.c 2018-02-22 20:00:52.000000000 -1000
-+++ new/monitor.c 2018-03-22 09:28:01.492150578 -1000
-@@ -590,10 +590,12 @@
+diff -aurp old/monitor.c new/monitor.c
+--- old/monitor.c 2018-03-22 16:21:14.000000000 -1000
++++ new/monitor.c 2018-03-23 10:05:03.890621610 -1000
+@@ -595,10 +595,12 @@ mm_answer_moduli(int sock, Buffer *m)
buffer_put_char(m, 0);
return (0);
} else {
@@ -578,10 +578,10 @@
DH_free(dh);
}
-diff -Naur old/openbsd-compat/openssl-compat.c new/openbsd-compat/openssl-compat.c
---- old/openbsd-compat/openssl-compat.c 2018-02-22 20:00:52.000000000 -1000
-+++ new/openbsd-compat/openssl-compat.c 2018-03-22 09:28:01.492150578 -1000
-@@ -75,7 +75,6 @@
+diff -aurp old/openbsd-compat/openssl-compat.c new/openbsd-compat/openssl-compat.c
+--- old/openbsd-compat/openssl-compat.c 2018-03-22 16:21:14.000000000 -1000
++++ new/openbsd-compat/openssl-compat.c 2018-03-23 10:05:03.890621610 -1000
+@@ -75,7 +75,6 @@ ssh_OpenSSL_add_all_algorithms(void)
/* Enable use of crypto hardware */
ENGINE_load_builtin_engines();
ENGINE_register_all_complete();
@@ -589,10 +589,10 @@
}
#endif
-diff -Naur old/regress/unittests/sshkey/test_file.c new/regress/unittests/sshkey/test_file.c
---- old/regress/unittests/sshkey/test_file.c 2018-02-22 20:00:52.000000000 -1000
-+++ new/regress/unittests/sshkey/test_file.c 2018-03-22 09:28:01.492150578 -1000
-@@ -60,9 +60,14 @@
+diff -aurp old/regress/unittests/sshkey/test_file.c new/regress/unittests/sshkey/test_file.c
+--- old/regress/unittests/sshkey/test_file.c 2018-03-22 16:21:14.000000000 -1000
++++ new/regress/unittests/sshkey/test_file.c 2018-03-23 10:05:03.890621610 -1000
+@@ -60,9 +60,14 @@ sshkey_file_tests(void)
a = load_bignum("rsa_1.param.n");
b = load_bignum("rsa_1.param.p");
c = load_bignum("rsa_1.param.q");
@@ -610,7 +610,7 @@
BN_free(a);
BN_free(b);
BN_free(c);
-@@ -151,9 +156,14 @@
+@@ -151,9 +156,14 @@ sshkey_file_tests(void)
a = load_bignum("dsa_1.param.g");
b = load_bignum("dsa_1.param.priv");
c = load_bignum("dsa_1.param.pub");
@@ -628,10 +628,10 @@
BN_free(a);
BN_free(b);
BN_free(c);
-diff -Naur old/regress/unittests/sshkey/test_sshkey.c new/regress/unittests/sshkey/test_sshkey.c
---- old/regress/unittests/sshkey/test_sshkey.c 2018-02-22 20:00:52.000000000 -1000
-+++ new/regress/unittests/sshkey/test_sshkey.c 2018-03-22 09:28:01.493150612 -1000
-@@ -197,9 +197,14 @@
+diff -aurp old/regress/unittests/sshkey/test_sshkey.c new/regress/unittests/sshkey/test_sshkey.c
+--- old/regress/unittests/sshkey/test_sshkey.c 2018-03-22 16:21:14.000000000 -1000
++++ new/regress/unittests/sshkey/test_sshkey.c 2018-03-23 10:05:03.890621610 -1000
+@@ -197,9 +197,14 @@ sshkey_tests(void)
k1 = sshkey_new(KEY_RSA);
ASSERT_PTR_NE(k1, NULL);
ASSERT_PTR_NE(k1->rsa, NULL);
@@ -649,7 +649,7 @@
sshkey_free(k1);
TEST_DONE();
-@@ -207,8 +212,13 @@
+@@ -207,8 +212,13 @@ sshkey_tests(void)
k1 = sshkey_new(KEY_DSA);
ASSERT_PTR_NE(k1, NULL);
ASSERT_PTR_NE(k1->dsa, NULL);
@@ -665,7 +665,7 @@
sshkey_free(k1);
TEST_DONE();
-@@ -234,9 +244,14 @@
+@@ -234,9 +244,14 @@ sshkey_tests(void)
k1 = sshkey_new_private(KEY_RSA);
ASSERT_PTR_NE(k1, NULL);
ASSERT_PTR_NE(k1->rsa, NULL);
@@ -683,7 +683,7 @@
ASSERT_INT_EQ(sshkey_add_private(k1), 0);
sshkey_free(k1);
TEST_DONE();
-@@ -245,8 +260,13 @@
+@@ -245,8 +260,13 @@ sshkey_tests(void)
k1 = sshkey_new_private(KEY_DSA);
ASSERT_PTR_NE(k1, NULL);
ASSERT_PTR_NE(k1->dsa, NULL);
@@ -699,7 +699,7 @@
ASSERT_INT_EQ(sshkey_add_private(k1), 0);
sshkey_free(k1);
TEST_DONE();
-@@ -285,18 +305,28 @@
+@@ -285,18 +305,28 @@ sshkey_tests(void)
ASSERT_INT_EQ(sshkey_generate(KEY_RSA, 1024, &kr), 0);
ASSERT_PTR_NE(kr, NULL);
ASSERT_PTR_NE(kr->rsa, NULL);
@@ -734,7 +734,7 @@
TEST_DONE();
#ifdef OPENSSL_HAS_ECC
-@@ -323,9 +353,14 @@
+@@ -323,9 +353,14 @@ sshkey_tests(void)
ASSERT_PTR_NE(kr, k1);
ASSERT_INT_EQ(k1->type, KEY_RSA);
ASSERT_PTR_NE(k1->rsa, NULL);
@@ -752,7 +752,7 @@
TEST_DONE();
TEST_START("equal KEY_RSA/demoted KEY_RSA");
-@@ -339,8 +374,13 @@
+@@ -339,8 +374,13 @@ sshkey_tests(void)
ASSERT_PTR_NE(kd, k1);
ASSERT_INT_EQ(k1->type, KEY_DSA);
ASSERT_PTR_NE(k1->dsa, NULL);
@@ -768,10 +768,10 @@
TEST_DONE();
TEST_START("equal KEY_DSA/demoted KEY_DSA");
-diff -Naur old/ssh-dss.c new/ssh-dss.c
---- old/ssh-dss.c 2018-02-22 20:00:52.000000000 -1000
-+++ new/ssh-dss.c 2018-03-22 09:28:01.493150612 -1000
-@@ -53,6 +53,7 @@
+diff -aurp old/ssh-dss.c new/ssh-dss.c
+--- old/ssh-dss.c 2018-03-22 16:21:14.000000000 -1000
++++ new/ssh-dss.c 2018-03-23 10:05:03.891621693 -1000
+@@ -53,6 +53,7 @@ ssh_dss_sign(const struct sshkey *key, u
DSA_SIG *sig = NULL;
u_char digest[SSH_DIGEST_MAX_LENGTH], sigblob[SIGBLOB_LEN];
size_t rlen, slen, len, dlen = ssh_digest_bytes(SSH_DIGEST_SHA1);
@@ -779,7 +779,7 @@
struct sshbuf *b = NULL;
int ret = SSH_ERR_INVALID_ARGUMENT;
-@@ -76,15 +77,16 @@
+@@ -76,15 +77,16 @@ ssh_dss_sign(const struct sshkey *key, u
goto out;
}
@@ -800,7 +800,7 @@
if ((b = sshbuf_new()) == NULL) {
ret = SSH_ERR_ALLOC_FAIL;
-@@ -154,17 +156,26 @@
+@@ -154,17 +156,26 @@ ssh_dss_verify(const struct sshkey *key,
}
/* parse signature */
@@ -831,10 +831,10 @@
/* sha1 the data */
if ((ret = ssh_digest_memory(SSH_DIGEST_SHA1, data, datalen,
-diff -Naur old/ssh-ecdsa.c new/ssh-ecdsa.c
---- old/ssh-ecdsa.c 2018-02-22 20:00:52.000000000 -1000
-+++ new/ssh-ecdsa.c 2018-03-22 09:28:01.493150612 -1000
-@@ -80,9 +80,14 @@
+diff -aurp old/ssh-ecdsa.c new/ssh-ecdsa.c
+--- old/ssh-ecdsa.c 2018-03-22 16:21:14.000000000 -1000
++++ new/ssh-ecdsa.c 2018-03-23 10:05:03.891621693 -1000
+@@ -80,9 +80,14 @@ ssh_ecdsa_sign(const struct sshkey *key,
ret = SSH_ERR_ALLOC_FAIL;
goto out;
}
@@ -851,7 +851,7 @@
if ((ret = sshbuf_put_cstring(b, sshkey_ssh_name_plain(key))) != 0 ||
(ret = sshbuf_put_stringb(b, bb)) != 0)
goto out;
-@@ -150,11 +155,27 @@
+@@ -150,11 +155,27 @@ ssh_ecdsa_verify(const struct sshkey *ke
ret = SSH_ERR_ALLOC_FAIL;
goto out;
}
@@ -881,10 +881,10 @@
if (sshbuf_len(sigbuf) != 0) {
ret = SSH_ERR_UNEXPECTED_TRAILING_DATA;
goto out;
-diff -Naur old/ssh-keygen.c new/ssh-keygen.c
---- old/ssh-keygen.c 2018-02-22 20:00:52.000000000 -1000
-+++ new/ssh-keygen.c 2018-03-22 09:28:01.494150647 -1000
-@@ -489,11 +489,33 @@
+diff -aurp old/ssh-keygen.c new/ssh-keygen.c
+--- old/ssh-keygen.c 2018-03-22 16:21:14.000000000 -1000
++++ new/ssh-keygen.c 2018-03-23 10:05:03.891621693 -1000
+@@ -493,11 +493,33 @@ do_convert_private_ssh2_from_blob(u_char
switch (key->type) {
case KEY_DSA:
@@ -923,7 +923,7 @@
break;
case KEY_RSA:
if ((r = sshbuf_get_u8(b, &e1)) != 0 ||
-@@ -510,16 +532,52 @@
+@@ -514,16 +536,52 @@ do_convert_private_ssh2_from_blob(u_char
e += e3;
debug("e %lx", e);
}
@@ -982,7 +982,7 @@
if ((r = ssh_rsa_generate_additional_parameters(key)) != 0)
fatal("generate RSA parameters failed: %s", ssh_err(r));
break;
-@@ -629,7 +687,7 @@
+@@ -633,7 +691,7 @@ do_convert_from_pkcs8(struct sshkey **k,
identity_file);
}
fclose(fp);
@@ -991,7 +991,7 @@
case EVP_PKEY_RSA:
if ((*k = sshkey_new(KEY_UNSPEC)) == NULL)
fatal("sshkey_new failed");
-@@ -653,7 +711,7 @@
+@@ -657,7 +715,7 @@ do_convert_from_pkcs8(struct sshkey **k,
#endif
default:
fatal("%s: unsupported pubkey type %d", __func__,
@@ -1000,10 +1000,10 @@
}
EVP_PKEY_free(pubkey);
return;
-diff -Naur old/ssh-pkcs11-client.c new/ssh-pkcs11-client.c
---- old/ssh-pkcs11-client.c 2018-02-22 20:00:52.000000000 -1000
-+++ new/ssh-pkcs11-client.c 2018-03-22 09:28:01.495150681 -1000
-@@ -144,12 +144,13 @@
+diff -aurp old/ssh-pkcs11-client.c new/ssh-pkcs11-client.c
+--- old/ssh-pkcs11-client.c 2018-03-22 16:21:14.000000000 -1000
++++ new/ssh-pkcs11-client.c 2018-03-23 10:05:03.892621777 -1000
+@@ -144,12 +144,13 @@ pkcs11_rsa_private_encrypt(int flen, con
static int
wrap_key(RSA *rsa)
{
@@ -1022,10 +1022,10 @@
return (0);
}
-diff -Naur old/ssh-pkcs11.c new/ssh-pkcs11.c
---- old/ssh-pkcs11.c 2018-02-22 20:00:52.000000000 -1000
-+++ new/ssh-pkcs11.c 2018-03-22 09:33:03.209227196 -1000
-@@ -67,7 +67,7 @@
+diff -aurp old/ssh-pkcs11.c new/ssh-pkcs11.c
+--- old/ssh-pkcs11.c 2018-03-22 16:21:14.000000000 -1000
++++ new/ssh-pkcs11.c 2018-03-23 10:05:03.892621777 -1000
+@@ -67,7 +67,7 @@ struct pkcs11_key {
struct pkcs11_provider *provider;
CK_ULONG slotidx;
int (*orig_finish)(RSA *rsa);
@@ -1034,7 +1034,7 @@
char *keyid;
int keyid_len;
};
-@@ -326,13 +326,15 @@
+@@ -326,13 +326,15 @@ pkcs11_rsa_wrap(struct pkcs11_provider *
k11->keyid = xmalloc(k11->keyid_len);
memcpy(k11->keyid, keyid_attrib->pValue, k11->keyid_len);
}
@@ -1057,7 +1057,7 @@
RSA_set_app_data(rsa, k11);
return (0);
}
-@@ -512,10 +514,19 @@
+@@ -512,10 +514,19 @@ pkcs11_fetch_keys_filter(struct pkcs11_p
if ((rsa = RSA_new()) == NULL) {
error("RSA_new failed");
} else {
@@ -1081,7 +1081,7 @@
}
} else {
cp = attribs[2].pValue;
-@@ -525,16 +536,19 @@
+@@ -525,16 +536,19 @@ pkcs11_fetch_keys_filter(struct pkcs11_p
== NULL) {
error("d2i_X509 failed");
} else if ((evp = X509_get_pubkey(x509)) == NULL ||
@@ -1105,7 +1105,7 @@
pkcs11_rsa_wrap(p, slotidx, &attribs[0], rsa) == 0) {
if ((key = sshkey_new(KEY_UNSPEC)) == NULL)
fatal("sshkey_new failed");
-@@ -554,6 +568,7 @@
+@@ -554,6 +568,7 @@ pkcs11_fetch_keys_filter(struct pkcs11_p
} else if (rsa) {
RSA_free(rsa);
}
@@ -1113,10 +1113,10 @@
for (i = 0; i < 3; i++)
free(attribs[i].pValue);
}
-diff -Naur old/ssh-rsa.c new/ssh-rsa.c
---- old/ssh-rsa.c 2018-02-22 20:00:52.000000000 -1000
-+++ new/ssh-rsa.c 2018-03-22 10:32:52.129946056 -1000
-@@ -84,7 +84,6 @@
+diff -aurp old/ssh-rsa.c new/ssh-rsa.c
+--- old/ssh-rsa.c 2018-03-22 16:21:14.000000000 -1000
++++ new/ssh-rsa.c 2018-03-23 10:05:03.892621777 -1000
+@@ -84,7 +84,6 @@ ssh_rsa_generate_additional_parameters(s
{
BIGNUM *aux = NULL;
BN_CTX *ctx = NULL;
@@ -1124,7 +1124,7 @@
int r;
if (key == NULL || key->rsa == NULL ||
-@@ -99,16 +98,27 @@
+@@ -99,16 +98,27 @@ ssh_rsa_generate_additional_parameters(s
}
BN_set_flags(aux, BN_FLG_CONSTTIME);
@@ -1159,7 +1159,7 @@
r = 0;
out:
BN_clear_free(aux);
-@@ -139,7 +149,7 @@
+@@ -139,7 +149,7 @@ ssh_rsa_sign(const struct sshkey *key, u
if (key == NULL || key->rsa == NULL || hash_alg == -1 ||
sshkey_type_plain(key->type) != KEY_RSA)
return SSH_ERR_INVALID_ARGUMENT;
@@ -1168,7 +1168,7 @@
return SSH_ERR_KEY_LENGTH;
slen = RSA_size(key->rsa);
if (slen <= 0 || slen > SSHBUF_MAX_BIGNUM)
-@@ -211,7 +221,7 @@
+@@ -211,7 +221,7 @@ ssh_rsa_verify(const struct sshkey *key,
sshkey_type_plain(key->type) != KEY_RSA ||
sig == NULL || siglen == 0)
return SSH_ERR_INVALID_ARGUMENT;
@@ -1177,10 +1177,10 @@
return SSH_ERR_KEY_LENGTH;
if ((b = sshbuf_from(sig, siglen)) == NULL)
-diff -Naur old/sshkey.c new/sshkey.c
---- old/sshkey.c 2018-02-22 20:00:52.000000000 -1000
-+++ new/sshkey.c 2018-03-22 09:47:09.515312078 -1000
-@@ -264,10 +264,18 @@
+diff -aurp old/sshkey.c new/sshkey.c
+--- old/sshkey.c 2018-03-22 16:21:14.000000000 -1000
++++ new/sshkey.c 2018-03-23 10:05:03.893621860 -1000
+@@ -274,10 +274,18 @@ sshkey_size(const struct sshkey *k)
#ifdef WITH_OPENSSL
case KEY_RSA:
case KEY_RSA_CERT:
@@ -1200,7 +1200,7 @@
case KEY_ECDSA:
case KEY_ECDSA_CERT:
return sshkey_curve_nid_to_bits(k->ecdsa_nid);
-@@ -465,26 +473,53 @@
+@@ -482,26 +490,53 @@ sshkey_new(int type)
#ifdef WITH_OPENSSL
case KEY_RSA:
case KEY_RSA_CERT:
@@ -1260,7 +1260,7 @@
k->dsa = dsa;
break;
case KEY_ECDSA:
-@@ -520,6 +555,51 @@
+@@ -539,6 +574,51 @@ sshkey_add_private(struct sshkey *k)
#ifdef WITH_OPENSSL
case KEY_RSA:
case KEY_RSA_CERT:
@@ -1312,7 +1312,7 @@
#define bn_maybe_alloc_failed(p) (p == NULL && (p = BN_new()) == NULL)
if (bn_maybe_alloc_failed(k->rsa->d) ||
bn_maybe_alloc_failed(k->rsa->iqmp) ||
-@@ -528,13 +608,28 @@
+@@ -547,13 +627,28 @@ sshkey_add_private(struct sshkey *k)
bn_maybe_alloc_failed(k->rsa->dmq1) ||
bn_maybe_alloc_failed(k->rsa->dmp1))
return SSH_ERR_ALLOC_FAIL;
@@ -1341,7 +1341,7 @@
case KEY_ECDSA:
case KEY_ECDSA_CERT:
/* Cannot do anything until we know the group */
-@@ -642,16 +737,34 @@
+@@ -677,16 +772,34 @@ sshkey_equal_public(const struct sshkey
#ifdef WITH_OPENSSL
case KEY_RSA_CERT:
case KEY_RSA:
@@ -1384,7 +1384,7 @@
# ifdef OPENSSL_HAS_ECC
case KEY_ECDSA_CERT:
case KEY_ECDSA:
-@@ -729,12 +842,17 @@
+@@ -775,12 +888,17 @@ to_blob_buf(const struct sshkey *key, st
case KEY_DSA:
if (key->dsa == NULL)
return SSH_ERR_INVALID_ARGUMENT;
@@ -1406,7 +1406,7 @@
break;
# ifdef OPENSSL_HAS_ECC
case KEY_ECDSA:
-@@ -750,10 +868,14 @@
+@@ -796,10 +914,14 @@ to_blob_buf(const struct sshkey *key, st
case KEY_RSA:
if (key->rsa == NULL)
return SSH_ERR_INVALID_ARGUMENT;
@@ -1423,7 +1423,7 @@
break;
#endif /* WITH_OPENSSL */
case KEY_ED25519:
-@@ -1622,13 +1744,32 @@
+@@ -1740,13 +1862,32 @@ sshkey_from_private(const struct sshkey
case KEY_DSA_CERT:
if ((n = sshkey_new(k->type)) == NULL)
return SSH_ERR_ALLOC_FAIL;
@@ -1460,7 +1460,7 @@
break;
# ifdef OPENSSL_HAS_ECC
case KEY_ECDSA:
-@@ -1652,11 +1793,23 @@
+@@ -1770,11 +1911,23 @@ sshkey_from_private(const struct sshkey
case KEY_RSA_CERT:
if ((n = sshkey_new(k->type)) == NULL)
return SSH_ERR_ALLOC_FAIL;
@@ -1486,7 +1486,7 @@
break;
#endif /* WITH_OPENSSL */
case KEY_ED25519:
-@@ -1854,12 +2007,27 @@
+@@ -1995,12 +2148,27 @@ sshkey_from_blob_internal(struct sshbuf
ret = SSH_ERR_ALLOC_FAIL;
goto out;
}
@@ -1517,7 +1517,7 @@
ret = SSH_ERR_KEY_LENGTH;
goto out;
}
-@@ -1879,13 +2047,36 @@
+@@ -2020,13 +2188,36 @@ sshkey_from_blob_internal(struct sshbuf
ret = SSH_ERR_ALLOC_FAIL;
goto out;
}
@@ -1558,7 +1558,7 @@
#ifdef DEBUG_PK
DSA_print_fp(stderr, key->dsa, 8);
#endif
-@@ -2143,26 +2334,63 @@
+@@ -2327,26 +2518,63 @@ sshkey_demote(const struct sshkey *k, st
goto fail;
/* FALLTHROUGH */
case KEY_RSA:
@@ -1630,7 +1630,7 @@
break;
case KEY_ECDSA_CERT:
if ((ret = sshkey_cert_copy(k, pk)) != 0)
-@@ -2284,11 +2512,17 @@
+@@ -2496,11 +2724,17 @@ sshkey_certify_custom(struct sshkey *k,
switch (k->type) {
#ifdef WITH_OPENSSL
case KEY_DSA_CERT:
@@ -1652,7 +1652,7 @@
break;
# ifdef OPENSSL_HAS_ECC
case KEY_ECDSA_CERT:
-@@ -2301,9 +2535,15 @@
+@@ -2513,9 +2747,15 @@ sshkey_certify_custom(struct sshkey *k,
break;
# endif /* OPENSSL_HAS_ECC */
case KEY_RSA_CERT:
@@ -1670,7 +1670,7 @@
break;
#endif /* WITH_OPENSSL */
case KEY_ED25519_CERT:
-@@ -2477,42 +2717,67 @@
+@@ -2702,42 +2942,67 @@ sshkey_private_serialize_opt(const struc
switch (key->type) {
#ifdef WITH_OPENSSL
case KEY_RSA:
@@ -1754,7 +1754,7 @@
break;
# ifdef OPENSSL_HAS_ECC
case KEY_ECDSA:
-@@ -2588,18 +2853,61 @@
+@@ -2851,18 +3116,61 @@ sshkey_private_deserialize(struct sshbuf
r = SSH_ERR_ALLOC_FAIL;
goto out;
}
@@ -1823,7 +1823,7 @@
break;
# ifdef OPENSSL_HAS_ECC
case KEY_ECDSA:
-@@ -2658,29 +2966,104 @@
+@@ -2921,29 +3229,104 @@ sshkey_private_deserialize(struct sshbuf
r = SSH_ERR_ALLOC_FAIL;
goto out;
}
@@ -1942,7 +1942,7 @@
r = SSH_ERR_KEY_LENGTH;
goto out;
}
-@@ -3390,7 +3773,6 @@
+@@ -3707,7 +4090,6 @@ translate_libcrypto_error(unsigned long
switch (pem_reason) {
case EVP_R_BAD_DECRYPT:
return SSH_ERR_KEY_WRONG_PASSPHRASE;
@@ -1950,7 +1950,7 @@
case EVP_R_DECODE_ERROR:
#ifdef EVP_R_PRIVATE_KEY_DECODE_ERROR
case EVP_R_PRIVATE_KEY_DECODE_ERROR:
-@@ -3455,7 +3837,7 @@
+@@ -3772,7 +4154,7 @@ sshkey_parse_private_pem_fileblob(struct
r = convert_libcrypto_error();
goto out;
}
@@ -1959,7 +1959,7 @@
(type == KEY_UNSPEC || type == KEY_RSA)) {
if ((prv = sshkey_new(KEY_UNSPEC)) == NULL) {
r = SSH_ERR_ALLOC_FAIL;
-@@ -3470,11 +3852,11 @@
+@@ -3787,11 +4169,11 @@ sshkey_parse_private_pem_fileblob(struct
r = SSH_ERR_LIBCRYPTO_ERROR;
goto out;
}
@@ -1973,7 +1973,7 @@
(type == KEY_UNSPEC || type == KEY_DSA)) {
if ((prv = sshkey_new(KEY_UNSPEC)) == NULL) {
r = SSH_ERR_ALLOC_FAIL;
-@@ -3486,7 +3868,7 @@
+@@ -3803,7 +4185,7 @@ sshkey_parse_private_pem_fileblob(struct
DSA_print_fp(stderr, prv->dsa, 8);
#endif
#ifdef OPENSSL_HAS_ECC
More information about the arch-commits
mailing list