summaryrefslogtreecommitdiff
path: root/net-misc/openssh/files
diff options
context:
space:
mode:
Diffstat (limited to 'net-misc/openssh/files')
-rw-r--r--net-misc/openssh/files/openssh-7.9_p1-X509-glue.patch6
-rw-r--r--net-misc/openssh/files/openssh-7.9_p1-hpn-openssl-1.1.patch91
-rw-r--r--net-misc/openssh/files/openssh-7.9_p1-include-stdlib.patch48
-rw-r--r--net-misc/openssh/files/openssh-7.9_p1-openssl-1.0.2-compat.patch4
4 files changed, 144 insertions, 5 deletions
diff --git a/net-misc/openssh/files/openssh-7.9_p1-X509-glue.patch b/net-misc/openssh/files/openssh-7.9_p1-X509-glue.patch
index e1d63ecc8aef..1f1ec4a4d773 100644
--- a/net-misc/openssh/files/openssh-7.9_p1-X509-glue.patch
+++ b/net-misc/openssh/files/openssh-7.9_p1-X509-glue.patch
@@ -1,11 +1,11 @@
---- a/openssh-7.9p1+x509-11.5.diff 2018-10-19 11:41:13.791285390 -0700
-+++ b/openssh-7.9p1+x509-11.5.diff 2018-10-19 11:45:42.584694215 -0700
+--- a/openssh-7.9p1+x509-11.5.diff 2018-10-23 16:21:22.580154353 -0700
++++ b/openssh-7.9p1+x509-11.5.diff 2018-10-23 16:22:39.600652048 -0700
@@ -44045,7 +44045,7 @@
ENGINE_register_all_complete();
+#endif
--#if OPENSSL_VERSION_NUMBER < 0x10001000L
-+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ /* OPENSSL_config will load buildin engines and engines
+ * specified in configuration file, i.e. method call
+ * ENGINE_load_builtin_engines. Latter is only for
diff --git a/net-misc/openssh/files/openssh-7.9_p1-hpn-openssl-1.1.patch b/net-misc/openssh/files/openssh-7.9_p1-hpn-openssl-1.1.patch
new file mode 100644
index 000000000000..78b754532740
--- /dev/null
+++ b/net-misc/openssh/files/openssh-7.9_p1-hpn-openssl-1.1.patch
@@ -0,0 +1,91 @@
+--- openssh-7.9p1.orig/cipher-ctr-mt.c 2018-10-24 20:48:00.909255466 -0000
++++ openssh-7.9p1/cipher-ctr-mt.c 2018-10-24 20:48:17.378155144 -0000
+@@ -46,7 +46,7 @@
+
+ /*-------------------- TUNABLES --------------------*/
+ /* maximum number of threads and queues */
+-#define MAX_THREADS 32
++#define MAX_THREADS 32
+ #define MAX_NUMKQ (MAX_THREADS * 2)
+
+ /* Number of pregen threads to use */
+@@ -435,7 +435,7 @@
+ destp.u += AES_BLOCK_SIZE;
+ srcp.u += AES_BLOCK_SIZE;
+ len -= AES_BLOCK_SIZE;
+- ssh_ctr_inc(ctx->iv, AES_BLOCK_SIZE);
++ ssh_ctr_inc(c->aes_counter, AES_BLOCK_SIZE);
+
+ /* Increment read index, switch queues on rollover */
+ if ((ridx = (ridx + 1) % KQLEN) == 0) {
+@@ -481,8 +481,6 @@
+ /* get the number of cores in the system */
+ /* if it's not linux it currently defaults to 2 */
+ /* divide by 2 to get threads for each direction (MODE_IN||MODE_OUT) */
+- /* NB: assigning a float to an int discards the remainder which is */
+- /* acceptable (and wanted) in this case */
+ #ifdef __linux__
+ cipher_threads = sysconf(_SC_NPROCESSORS_ONLN) / 2;
+ #endif /*__linux__*/
+@@ -551,16 +550,16 @@
+ }
+
+ if (iv != NULL) {
+- memcpy(ctx->iv, iv, AES_BLOCK_SIZE);
++ memcpy(c->aes_counter, iv, AES_BLOCK_SIZE);
+ c->state |= HAVE_IV;
+ }
+
+ if (c->state == (HAVE_KEY | HAVE_IV)) {
+ /* Clear queues */
+- memcpy(c->q[0].ctr, ctx->iv, AES_BLOCK_SIZE);
++ memcpy(c->q[0].ctr, c->aes_counter, AES_BLOCK_SIZE);
+ c->q[0].qstate = KQINIT;
+ for (i = 1; i < numkq; i++) {
+- memcpy(c->q[i].ctr, ctx->iv, AES_BLOCK_SIZE);
++ memcpy(c->q[i].ctr, c->aes_counter, AES_BLOCK_SIZE);
+ ssh_ctr_add(c->q[i].ctr, i * KQLEN, AES_BLOCK_SIZE);
+ c->q[i].qstate = KQEMPTY;
+ }
+@@ -644,8 +643,22 @@
+ const EVP_CIPHER *
+ evp_aes_ctr_mt(void)
+ {
++# if OPENSSL_VERSION_NUMBER >= 0x10100000UL && !defined(LIBRESSL_VERSION_NUMBER)
++ static EVP_CIPHER *aes_ctr;
++ aes_ctr = EVP_CIPHER_meth_new(NID_undef, 16/*block*/, 16/*key*/);
++ EVP_CIPHER_meth_set_iv_length(aes_ctr, AES_BLOCK_SIZE);
++ EVP_CIPHER_meth_set_init(aes_ctr, ssh_aes_ctr_init);
++ EVP_CIPHER_meth_set_cleanup(aes_ctr, ssh_aes_ctr_cleanup);
++ EVP_CIPHER_meth_set_do_cipher(aes_ctr, ssh_aes_ctr);
++# ifndef SSH_OLD_EVP
++ EVP_CIPHER_meth_set_flags(aes_ctr, EVP_CIPH_CBC_MODE
++ | EVP_CIPH_VARIABLE_LENGTH
++ | EVP_CIPH_ALWAYS_CALL_INIT
++ | EVP_CIPH_CUSTOM_IV);
++# endif /*SSH_OLD_EVP*/
++ return (aes_ctr);
++# else /*earlier version of openssl*/
+ static EVP_CIPHER aes_ctr;
+-
+ memset(&aes_ctr, 0, sizeof(EVP_CIPHER));
+ aes_ctr.nid = NID_undef;
+ aes_ctr.block_size = AES_BLOCK_SIZE;
+@@ -654,11 +667,12 @@
+ aes_ctr.init = ssh_aes_ctr_init;
+ aes_ctr.cleanup = ssh_aes_ctr_cleanup;
+ aes_ctr.do_cipher = ssh_aes_ctr;
+-#ifndef SSH_OLD_EVP
+- aes_ctr.flags = EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH |
+- EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CUSTOM_IV;
+-#endif
+- return &aes_ctr;
++# ifndef SSH_OLD_EVP
++ aes_ctr.flags = EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH |
++ EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CUSTOM_IV;
++# endif /*SSH_OLD_EVP*/
++ return &aes_ctr;
++# endif /*OPENSSH_VERSION_NUMBER*/
+ }
+
+ #endif /* defined(WITH_OPENSSL) */
diff --git a/net-misc/openssh/files/openssh-7.9_p1-include-stdlib.patch b/net-misc/openssh/files/openssh-7.9_p1-include-stdlib.patch
new file mode 100644
index 000000000000..c5697c2b8bd1
--- /dev/null
+++ b/net-misc/openssh/files/openssh-7.9_p1-include-stdlib.patch
@@ -0,0 +1,48 @@
+diff --git a/auth-options.c b/auth-options.c
+index b05d6d6f..d1f42f04 100644
+--- a/auth-options.c
++++ b/auth-options.c
+@@ -26,6 +26,7 @@
+ #include <stdarg.h>
+ #include <ctype.h>
+ #include <limits.h>
++#include <stdlib.h>
+
+ #include "openbsd-compat/sys-queue.h"
+
+diff --git a/hmac.c b/hmac.c
+index 1c879640..a29f32c5 100644
+--- a/hmac.c
++++ b/hmac.c
+@@ -19,6 +19,7 @@
+
+ #include <sys/types.h>
+ #include <string.h>
++#include <stdlib.h>
+
+ #include "sshbuf.h"
+ #include "digest.h"
+diff --git a/krl.c b/krl.c
+index 8e2d5d5d..c32e147a 100644
+--- a/krl.c
++++ b/krl.c
+@@ -28,6 +28,7 @@
+ #include <string.h>
+ #include <time.h>
+ #include <unistd.h>
++#include <stdlib.h>
+
+ #include "sshbuf.h"
+ #include "ssherr.h"
+diff --git a/mac.c b/mac.c
+index 51dc11d7..3d11eba6 100644
+--- a/mac.c
++++ b/mac.c
+@@ -29,6 +29,7 @@
+
+ #include <string.h>
+ #include <stdio.h>
++#include <stdlib.h>
+
+ #include "digest.h"
+ #include "hmac.h"
diff --git a/net-misc/openssh/files/openssh-7.9_p1-openssl-1.0.2-compat.patch b/net-misc/openssh/files/openssh-7.9_p1-openssl-1.0.2-compat.patch
index 9fc6d0a9dcec..c1c310e8f14a 100644
--- a/net-misc/openssh/files/openssh-7.9_p1-openssl-1.0.2-compat.patch
+++ b/net-misc/openssh/files/openssh-7.9_p1-openssl-1.0.2-compat.patch
@@ -5,9 +5,9 @@ index 8b4a3627..590b66d1 100644
@@ -76,7 +76,7 @@ ssh_OpenSSL_add_all_algorithms(void)
ENGINE_load_builtin_engines();
ENGINE_register_all_complete();
-
+
-#if OPENSSL_VERSION_NUMBER < 0x10001000L
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
OPENSSL_config(NULL);
#else
OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS |
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-10 14:01:43 +0000