From 70b82ae359a5538711e103b0e8dfb92654296644 Mon Sep 17 00:00:00 2001
From: V3n3RiX <venerix@redcorelinux.org>
Date: Sat, 27 Oct 2018 12:48:57 +0100
Subject: gentoo resync : 27.10.2018

---
 .../openssh/files/openssh-7.9_p1-X509-glue.patch   |  6 +-
 .../files/openssh-7.9_p1-hpn-openssl-1.1.patch     | 91 ++++++++++++++++++++++
 .../files/openssh-7.9_p1-include-stdlib.patch      | 48 ++++++++++++
 .../openssh-7.9_p1-openssl-1.0.2-compat.patch      |  4 +-
 4 files changed, 144 insertions(+), 5 deletions(-)
 create mode 100644 net-misc/openssh/files/openssh-7.9_p1-hpn-openssl-1.1.patch
 create mode 100644 net-misc/openssh/files/openssh-7.9_p1-include-stdlib.patch

(limited to 'net-misc/openssh/files')

diff --git a/net-misc/openssh/files/openssh-7.9_p1-X509-glue.patch b/net-misc/openssh/files/openssh-7.9_p1-X509-glue.patch
index e1d63ecc8aef..1f1ec4a4d773 100644
--- a/net-misc/openssh/files/openssh-7.9_p1-X509-glue.patch
+++ b/net-misc/openssh/files/openssh-7.9_p1-X509-glue.patch
@@ -1,11 +1,11 @@
---- a/openssh-7.9p1+x509-11.5.diff	2018-10-19 11:41:13.791285390 -0700
-+++ b/openssh-7.9p1+x509-11.5.diff	2018-10-19 11:45:42.584694215 -0700
+--- a/openssh-7.9p1+x509-11.5.diff	2018-10-23 16:21:22.580154353 -0700
++++ b/openssh-7.9p1+x509-11.5.diff	2018-10-23 16:22:39.600652048 -0700
 @@ -44045,7 +44045,7 @@
   	ENGINE_register_all_complete();
  +#endif
   
 --#if OPENSSL_VERSION_NUMBER < 0x10001000L
-+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++-#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
  +	/* OPENSSL_config will load buildin engines and engines
  +	 * specified in configuration file, i.e. method call
  +	 * ENGINE_load_builtin_engines. Latter is only for
diff --git a/net-misc/openssh/files/openssh-7.9_p1-hpn-openssl-1.1.patch b/net-misc/openssh/files/openssh-7.9_p1-hpn-openssl-1.1.patch
new file mode 100644
index 000000000000..78b754532740
--- /dev/null
+++ b/net-misc/openssh/files/openssh-7.9_p1-hpn-openssl-1.1.patch
@@ -0,0 +1,91 @@
+--- openssh-7.9p1.orig/cipher-ctr-mt.c	2018-10-24 20:48:00.909255466 -0000
++++ openssh-7.9p1/cipher-ctr-mt.c	2018-10-24 20:48:17.378155144 -0000
+@@ -46,7 +46,7 @@
+
+ /*-------------------- TUNABLES --------------------*/
+ /* maximum number of threads and queues */
+-#define MAX_THREADS      32
++#define MAX_THREADS      32
+ #define MAX_NUMKQ        (MAX_THREADS * 2)
+
+ /* Number of pregen threads to use */
+@@ -435,7 +435,7 @@
+ 		destp.u += AES_BLOCK_SIZE;
+ 		srcp.u += AES_BLOCK_SIZE;
+ 		len -= AES_BLOCK_SIZE;
+-		ssh_ctr_inc(ctx->iv, AES_BLOCK_SIZE);
++		ssh_ctr_inc(c->aes_counter, AES_BLOCK_SIZE);
+
+ 		/* Increment read index, switch queues on rollover */
+ 		if ((ridx = (ridx + 1) % KQLEN) == 0) {
+@@ -481,8 +481,6 @@
+ 	/* get the number of cores in the system */
+ 	/* if it's not linux it currently defaults to 2 */
+ 	/* divide by 2 to get threads for each direction (MODE_IN||MODE_OUT) */
+-	/* NB: assigning a float to an int discards the remainder which is */
+-	/* acceptable (and wanted) in this case */
+ #ifdef __linux__
+ 	cipher_threads = sysconf(_SC_NPROCESSORS_ONLN) / 2;
+ #endif /*__linux__*/
+@@ -551,16 +550,16 @@
+ 	}
+
+ 	if (iv != NULL) {
+-		memcpy(ctx->iv, iv, AES_BLOCK_SIZE);
++		memcpy(c->aes_counter, iv, AES_BLOCK_SIZE);
+ 		c->state |= HAVE_IV;
+ 	}
+
+ 	if (c->state == (HAVE_KEY | HAVE_IV)) {
+ 		/* Clear queues */
+-		memcpy(c->q[0].ctr, ctx->iv, AES_BLOCK_SIZE);
++		memcpy(c->q[0].ctr, c->aes_counter, AES_BLOCK_SIZE);
+ 		c->q[0].qstate = KQINIT;
+ 		for (i = 1; i < numkq; i++) {
+-			memcpy(c->q[i].ctr, ctx->iv, AES_BLOCK_SIZE);
++			memcpy(c->q[i].ctr, c->aes_counter, AES_BLOCK_SIZE);
+ 			ssh_ctr_add(c->q[i].ctr, i * KQLEN, AES_BLOCK_SIZE);
+ 			c->q[i].qstate = KQEMPTY;
+ 		}
+@@ -644,8 +643,22 @@
+ const EVP_CIPHER *
+ evp_aes_ctr_mt(void)
+ {
++# if OPENSSL_VERSION_NUMBER >= 0x10100000UL && !defined(LIBRESSL_VERSION_NUMBER)
++	static EVP_CIPHER *aes_ctr;
++	aes_ctr = EVP_CIPHER_meth_new(NID_undef, 16/*block*/, 16/*key*/);
++	EVP_CIPHER_meth_set_iv_length(aes_ctr, AES_BLOCK_SIZE);
++	EVP_CIPHER_meth_set_init(aes_ctr, ssh_aes_ctr_init);
++	EVP_CIPHER_meth_set_cleanup(aes_ctr, ssh_aes_ctr_cleanup);
++	EVP_CIPHER_meth_set_do_cipher(aes_ctr, ssh_aes_ctr);
++#  ifndef SSH_OLD_EVP
++	EVP_CIPHER_meth_set_flags(aes_ctr, EVP_CIPH_CBC_MODE
++				      | EVP_CIPH_VARIABLE_LENGTH
++				      | EVP_CIPH_ALWAYS_CALL_INIT
++				      | EVP_CIPH_CUSTOM_IV);
++#  endif /*SSH_OLD_EVP*/
++	return (aes_ctr);
++# else /*earlier version of openssl*/
+ 	static EVP_CIPHER aes_ctr;
+-
+ 	memset(&aes_ctr, 0, sizeof(EVP_CIPHER));
+ 	aes_ctr.nid = NID_undef;
+ 	aes_ctr.block_size = AES_BLOCK_SIZE;
+@@ -654,11 +667,12 @@
+ 	aes_ctr.init = ssh_aes_ctr_init;
+ 	aes_ctr.cleanup = ssh_aes_ctr_cleanup;
+ 	aes_ctr.do_cipher = ssh_aes_ctr;
+-#ifndef SSH_OLD_EVP
+-	aes_ctr.flags = EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH |
+-	    EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CUSTOM_IV;
+-#endif
+-	return &aes_ctr;
++#  ifndef SSH_OLD_EVP
++        aes_ctr.flags = EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH |
++		EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CUSTOM_IV;
++#  endif /*SSH_OLD_EVP*/
++        return &aes_ctr;
++# endif /*OPENSSH_VERSION_NUMBER*/
+ }
+
+ #endif /* defined(WITH_OPENSSL) */
diff --git a/net-misc/openssh/files/openssh-7.9_p1-include-stdlib.patch b/net-misc/openssh/files/openssh-7.9_p1-include-stdlib.patch
new file mode 100644
index 000000000000..c5697c2b8bd1
--- /dev/null
+++ b/net-misc/openssh/files/openssh-7.9_p1-include-stdlib.patch
@@ -0,0 +1,48 @@
+diff --git a/auth-options.c b/auth-options.c
+index b05d6d6f..d1f42f04 100644
+--- a/auth-options.c
++++ b/auth-options.c
+@@ -26,6 +26,7 @@
+ #include <stdarg.h>
+ #include <ctype.h>
+ #include <limits.h>
++#include <stdlib.h>
+ 
+ #include "openbsd-compat/sys-queue.h"
+ 
+diff --git a/hmac.c b/hmac.c
+index 1c879640..a29f32c5 100644
+--- a/hmac.c
++++ b/hmac.c
+@@ -19,6 +19,7 @@
+ 
+ #include <sys/types.h>
+ #include <string.h>
++#include <stdlib.h>
+ 
+ #include "sshbuf.h"
+ #include "digest.h"
+diff --git a/krl.c b/krl.c
+index 8e2d5d5d..c32e147a 100644
+--- a/krl.c
++++ b/krl.c
+@@ -28,6 +28,7 @@
+ #include <string.h>
+ #include <time.h>
+ #include <unistd.h>
++#include <stdlib.h>
+ 
+ #include "sshbuf.h"
+ #include "ssherr.h"
+diff --git a/mac.c b/mac.c
+index 51dc11d7..3d11eba6 100644
+--- a/mac.c
++++ b/mac.c
+@@ -29,6 +29,7 @@
+ 
+ #include <string.h>
+ #include <stdio.h>
++#include <stdlib.h>
+ 
+ #include "digest.h"
+ #include "hmac.h"
diff --git a/net-misc/openssh/files/openssh-7.9_p1-openssl-1.0.2-compat.patch b/net-misc/openssh/files/openssh-7.9_p1-openssl-1.0.2-compat.patch
index 9fc6d0a9dcec..c1c310e8f14a 100644
--- a/net-misc/openssh/files/openssh-7.9_p1-openssl-1.0.2-compat.patch
+++ b/net-misc/openssh/files/openssh-7.9_p1-openssl-1.0.2-compat.patch
@@ -5,9 +5,9 @@ index 8b4a3627..590b66d1 100644
 @@ -76,7 +76,7 @@ ssh_OpenSSL_add_all_algorithms(void)
  	ENGINE_load_builtin_engines();
  	ENGINE_register_all_complete();
- 
+
 -#if OPENSSL_VERSION_NUMBER < 0x10001000L
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
  	OPENSSL_config(NULL);
  #else
  	OPENSSL_init_crypto(OPENSSL_INIT_ADD_ALL_CIPHERS |
-- 
cgit v1.2.3