1From b2ee29809a54e16567323d8fbac2d652ee58c692 Mon Sep 17 00:00:00 2001 2From: Khem Raj <raj.khem@gmail.com> 3Date: Fri, 1 Feb 2019 22:45:19 -0800 4Subject: [PATCH] Check against the correct OPENSSL_VERSION_NUMBER 5 6From: Guido Falsi <mad@madpilot.net> 7https://sources.debian.org/src/pam-ssh-agent-auth/0.10.3-3/debian/patches/openssl-1.1.1-2.patch/ 8 9Upstream-Status: Pending 10Signed-off-by: Khem Raj <raj.khem@gmail.com> 11--- 12 authfd.c | 12 ++++++------ 13 bufbn.c | 2 +- 14 key.c | 36 ++++++++++++++++++------------------ 15 ssh-dss.c | 10 +++++----- 16 ssh-ecdsa.c | 8 ++++---- 17 ssh-rsa.c | 4 ++-- 18 6 files changed, 36 insertions(+), 36 deletions(-) 19 20diff --git a/authfd.c b/authfd.c 21index f91514d..4c6cec8 100644 22--- a/authfd.c 23+++ b/authfd.c 24@@ -367,7 +367,7 @@ ssh_get_next_identity(AuthenticationConnection *auth, char **comment, int versio 25 case 1: 26 key = pamsshagentauth_key_new(KEY_RSA1); 27 bits = pamsshagentauth_buffer_get_int(&auth->identities); 28-#if OPENSSL_VERSION_NUMBER < 0x10100000L 29+#if OPENSSL_VERSION_NUMBER < 0x10100005L 30 pamsshagentauth_buffer_get_bignum(&auth->identities, key->rsa->e); 31 pamsshagentauth_buffer_get_bignum(&auth->identities, key->rsa->n); 32 *comment = pamsshagentauth_buffer_get_string(&auth->identities, NULL); 33@@ -427,7 +427,7 @@ ssh_decrypt_challenge(AuthenticationConnection *auth, 34 } 35 pamsshagentauth_buffer_init(&buffer); 36 pamsshagentauth_buffer_put_char(&buffer, SSH_AGENTC_RSA_CHALLENGE); 37-#if OPENSSL_VERSION_NUMBER < 0x10100000L 38+#if OPENSSL_VERSION_NUMBER < 0x10100005L 39 pamsshagentauth_buffer_put_int(&buffer, BN_num_bits(key->rsa->n)); 40 pamsshagentauth_buffer_put_bignum(&buffer, key->rsa->e); 41 pamsshagentauth_buffer_put_bignum(&buffer, key->rsa->n); 42@@ -512,7 +512,7 @@ ssh_agent_sign(AuthenticationConnection *auth, 43 static void 44 ssh_encode_identity_rsa1(Buffer *b, RSA *key, const char *comment) 45 { 46-#if OPENSSL_VERSION_NUMBER < 0x10100000L 47+#if OPENSSL_VERSION_NUMBER < 0x10100005L 48 pamsshagentauth_buffer_put_int(b, BN_num_bits(key->n)); 49 pamsshagentauth_buffer_put_bignum(b, key->n); 50 pamsshagentauth_buffer_put_bignum(b, key->e); 51@@ -540,7 +540,7 @@ ssh_encode_identity_ssh2(Buffer *b, Key *key, const char *comment) 52 pamsshagentauth_buffer_put_cstring(b, key_ssh_name(key)); 53 switch (key->type) { 54 case KEY_RSA: 55-#if OPENSSL_VERSION_NUMBER < 0x10100000L 56+#if OPENSSL_VERSION_NUMBER < 0x10100005L 57 pamsshagentauth_buffer_put_bignum2(b, key->rsa->n); 58 pamsshagentauth_buffer_put_bignum2(b, key->rsa->e); 59 pamsshagentauth_buffer_put_bignum2(b, key->rsa->d); 60@@ -557,7 +557,7 @@ ssh_encode_identity_ssh2(Buffer *b, Key *key, const char *comment) 61 #endif 62 break; 63 case KEY_DSA: 64-#if OPENSSL_VERSION_NUMBER < 0x10100000L 65+#if OPENSSL_VERSION_NUMBER < 0x10100005L 66 pamsshagentauth_buffer_put_bignum2(b, key->dsa->p); 67 pamsshagentauth_buffer_put_bignum2(b, key->dsa->q); 68 pamsshagentauth_buffer_put_bignum2(b, key->dsa->g); 69@@ -649,7 +649,7 @@ ssh_remove_identity(AuthenticationConnection *auth, Key *key) 70 71 if (key->type == KEY_RSA1) { 72 pamsshagentauth_buffer_put_char(&msg, SSH_AGENTC_REMOVE_RSA_IDENTITY); 73-#if OPENSSL_VERSION_NUMBER < 0x10100000L 74+#if OPENSSL_VERSION_NUMBER < 0x10100005L 75 pamsshagentauth_buffer_put_int(&msg, BN_num_bits(key->rsa->n)); 76 pamsshagentauth_buffer_put_bignum(&msg, key->rsa->e); 77 pamsshagentauth_buffer_put_bignum(&msg, key->rsa->n); 78diff --git a/bufbn.c b/bufbn.c 79index 4ecedc1..b4754cc 100644 80--- a/bufbn.c 81+++ b/bufbn.c 82@@ -151,7 +151,7 @@ pamsshagentauth_buffer_put_bignum2_ret(Buffer *buffer, const BIGNUM *value) 83 pamsshagentauth_buffer_put_int(buffer, 0); 84 return 0; 85 } 86-#if OPENSSL_VERSION_NUMBER < 0x10100000L 87+#if OPENSSL_VERSION_NUMBER < 0x10100005L 88 if (value->neg) { 89 #else 90 if (BN_is_negative(value)) { 91diff --git a/key.c b/key.c 92index aedbbb5..dcc5fc8 100644 93--- a/key.c 94+++ b/key.c 95@@ -77,7 +77,7 @@ pamsshagentauth_key_new(int type) 96 case KEY_RSA: 97 if ((rsa = RSA_new()) == NULL) 98 pamsshagentauth_fatal("key_new: RSA_new failed"); 99-#if OPENSSL_VERSION_NUMBER < 0x10100000L 100+#if OPENSSL_VERSION_NUMBER < 0x10100005L 101 if ((rsa->n = BN_new()) == NULL) 102 pamsshagentauth_fatal("key_new: BN_new failed"); 103 if ((rsa->e = BN_new()) == NULL) 104@@ -91,7 +91,7 @@ pamsshagentauth_key_new(int type) 105 case KEY_DSA: 106 if ((dsa = DSA_new()) == NULL) 107 pamsshagentauth_fatal("key_new: DSA_new failed"); 108-#if OPENSSL_VERSION_NUMBER < 0x10100000L 109+#if OPENSSL_VERSION_NUMBER < 0x10100005L 110 if ((dsa->p = BN_new()) == NULL) 111 pamsshagentauth_fatal("key_new: BN_new failed"); 112 if ((dsa->q = BN_new()) == NULL) 113@@ -130,7 +130,7 @@ pamsshagentauth_key_new_private(int type) 114 switch (k->type) { 115 case KEY_RSA1: 116 case KEY_RSA: 117-#if OPENSSL_VERSION_NUMBER < 0x10100000L 118+#if OPENSSL_VERSION_NUMBER < 0x10100005L 119 if ((k->rsa->d = BN_new()) == NULL) 120 pamsshagentauth_fatal("key_new_private: BN_new failed"); 121 if ((k->rsa->iqmp = BN_new()) == NULL) 122@@ -153,7 +153,7 @@ pamsshagentauth_key_new_private(int type) 123 #endif 124 break; 125 case KEY_DSA: 126-#if OPENSSL_VERSION_NUMBER < 0x10100000L 127+#if OPENSSL_VERSION_NUMBER < 0x10100005L 128 if ((k->dsa->priv_key = BN_new()) == NULL) 129 pamsshagentauth_fatal("key_new_private: BN_new failed"); 130 #else 131@@ -162,7 +162,7 @@ pamsshagentauth_key_new_private(int type) 132 #endif 133 break; 134 case KEY_ECDSA: 135-#if OPENSSL_VERSION_NUMBER < 0x10100000L 136+#if OPENSSL_VERSION_NUMBER < 0x10100005L 137 if (EC_KEY_set_private_key(k->ecdsa, BN_new()) != 1) 138 pamsshagentauth_fatal("key_new_private: EC_KEY_set_private_key failed"); 139 #else 140@@ -224,7 +224,7 @@ pamsshagentauth_key_equal(const Key *a, const Key *b) 141 case KEY_RSA1: 142 case KEY_RSA: 143 return a->rsa != NULL && b->rsa != NULL && 144-#if OPENSSL_VERSION_NUMBER < 0x10100000L 145+#if OPENSSL_VERSION_NUMBER < 0x10100005L 146 BN_cmp(a->rsa->e, b->rsa->e) == 0 && 147 BN_cmp(a->rsa->n, b->rsa->n) == 0; 148 #else 149@@ -233,7 +233,7 @@ pamsshagentauth_key_equal(const Key *a, const Key *b) 150 #endif 151 case KEY_DSA: 152 return a->dsa != NULL && b->dsa != NULL && 153-#if OPENSSL_VERSION_NUMBER < 0x10100000L 154+#if OPENSSL_VERSION_NUMBER < 0x10100005L 155 BN_cmp(a->dsa->p, b->dsa->p) == 0 && 156 BN_cmp(a->dsa->q, b->dsa->q) == 0 && 157 BN_cmp(a->dsa->g, b->dsa->g) == 0 && 158@@ -293,7 +293,7 @@ pamsshagentauth_key_fingerprint_raw(const Key *k, enum fp_type dgst_type, 159 } 160 switch (k->type) { 161 case KEY_RSA1: 162-#if OPENSSL_VERSION_NUMBER < 0x10100000L 163+#if OPENSSL_VERSION_NUMBER < 0x10100005L 164 nlen = BN_num_bytes(k->rsa->n); 165 elen = BN_num_bytes(k->rsa->e); 166 len = nlen + elen; 167@@ -510,7 +510,7 @@ pamsshagentauth_key_read(Key *ret, char **cpp) 168 return -1; 169 *cpp = cp; 170 /* Get public exponent, public modulus. */ 171-#if OPENSSL_VERSION_NUMBER < 0x10100000L 172+#if OPENSSL_VERSION_NUMBER < 0x10100005L 173 if (!read_bignum(cpp, ret->rsa->e)) 174 return -1; 175 if (!read_bignum(cpp, ret->rsa->n)) 176@@ -643,7 +643,7 @@ pamsshagentauth_key_write(const Key *key, FILE *f) 177 178 if (key->type == KEY_RSA1 && key->rsa != NULL) { 179 /* size of modulus 'n' */ 180-#if OPENSSL_VERSION_NUMBER < 0x10100000L 181+#if OPENSSL_VERSION_NUMBER < 0x10100005L 182 bits = BN_num_bits(key->rsa->n); 183 fprintf(f, "%u", bits); 184 if (write_bignum(f, key->rsa->e) && 185@@ -742,7 +742,7 @@ pamsshagentauth_key_size(const Key *k) 186 { 187 switch (k->type) { 188 case KEY_RSA1: 189-#if OPENSSL_VERSION_NUMBER < 0x10100000L 190+#if OPENSSL_VERSION_NUMBER < 0x10100005L 191 case KEY_RSA: 192 return BN_num_bits(k->rsa->n); 193 case KEY_DSA: 194@@ -843,7 +843,7 @@ pamsshagentauth_key_from_private(const Key *k) 195 switch (k->type) { 196 case KEY_DSA: 197 n = pamsshagentauth_key_new(k->type); 198-#if OPENSSL_VERSION_NUMBER < 0x10100000L 199+#if OPENSSL_VERSION_NUMBER < 0x10100005L 200 if ((BN_copy(n->dsa->p, k->dsa->p) == NULL) || 201 (BN_copy(n->dsa->q, k->dsa->q) == NULL) || 202 (BN_copy(n->dsa->g, k->dsa->g) == NULL) || 203@@ -859,7 +859,7 @@ pamsshagentauth_key_from_private(const Key *k) 204 case KEY_RSA: 205 case KEY_RSA1: 206 n = pamsshagentauth_key_new(k->type); 207-#if OPENSSL_VERSION_NUMBER < 0x10100000L 208+#if OPENSSL_VERSION_NUMBER < 0x10100005L 209 if ((BN_copy(n->rsa->n, k->rsa->n) == NULL) || 210 (BN_copy(n->rsa->e, k->rsa->e) == NULL)) 211 #else 212@@ -967,7 +967,7 @@ pamsshagentauth_key_from_blob(const u_char *blob, u_int blen) 213 switch (type) { 214 case KEY_RSA: 215 key = pamsshagentauth_key_new(type); 216-#if OPENSSL_VERSION_NUMBER < 0x10100000L 217+#if OPENSSL_VERSION_NUMBER < 0x10100005L 218 if (pamsshagentauth_buffer_get_bignum2_ret(&b, key->rsa->e) == -1 || 219 pamsshagentauth_buffer_get_bignum2_ret(&b, key->rsa->n) == -1) { 220 #else 221@@ -985,7 +985,7 @@ pamsshagentauth_key_from_blob(const u_char *blob, u_int blen) 222 break; 223 case KEY_DSA: 224 key = pamsshagentauth_key_new(type); 225-#if OPENSSL_VERSION_NUMBER < 0x10100000L 226+#if OPENSSL_VERSION_NUMBER < 0x10100005L 227 if (pamsshagentauth_buffer_get_bignum2_ret(&b, key->dsa->p) == -1 || 228 pamsshagentauth_buffer_get_bignum2_ret(&b, key->dsa->q) == -1 || 229 pamsshagentauth_buffer_get_bignum2_ret(&b, key->dsa->g) == -1 || 230@@ -1113,7 +1113,7 @@ pamsshagentauth_key_to_blob(const Key *key, u_char **blobp, u_int *lenp) 231 } 232 pamsshagentauth_buffer_init(&b); 233 switch (key->type) { 234-#if OPENSSL_VERSION_NUMBER < 0x10100000L 235+#if OPENSSL_VERSION_NUMBER < 0x10100005L 236 case KEY_DSA: 237 pamsshagentauth_buffer_put_cstring(&b, key_ssh_name(key)); 238 pamsshagentauth_buffer_put_bignum2(&b, key->dsa->p); 239@@ -1251,7 +1251,7 @@ pamsshagentauth_key_demote(const Key *k) 240 case KEY_RSA: 241 if ((pk->rsa = RSA_new()) == NULL) 242 pamsshagentauth_fatal("key_demote: RSA_new failed"); 243-#if OPENSSL_VERSION_NUMBER < 0x10100000L 244+#if OPENSSL_VERSION_NUMBER < 0x10100005L 245 if ((pk->rsa->e = BN_dup(k->rsa->e)) == NULL) 246 pamsshagentauth_fatal("key_demote: BN_dup failed"); 247 if ((pk->rsa->n = BN_dup(k->rsa->n)) == NULL) 248@@ -1264,7 +1264,7 @@ pamsshagentauth_key_demote(const Key *k) 249 case KEY_DSA: 250 if ((pk->dsa = DSA_new()) == NULL) 251 pamsshagentauth_fatal("key_demote: DSA_new failed"); 252-#if OPENSSL_VERSION_NUMBER < 0x10100000L 253+#if OPENSSL_VERSION_NUMBER < 0x10100005L 254 if ((pk->dsa->p = BN_dup(k->dsa->p)) == NULL) 255 pamsshagentauth_fatal("key_demote: BN_dup failed"); 256 if ((pk->dsa->q = BN_dup(k->dsa->q)) == NULL) 257diff --git a/ssh-dss.c b/ssh-dss.c 258index 1051ae2..9b96274 100644 259--- a/ssh-dss.c 260+++ b/ssh-dss.c 261@@ -52,7 +52,7 @@ ssh_dss_sign(const Key *key, u_char **sigp, u_int *lenp, 262 u_char digest[EVP_MAX_MD_SIZE], sigblob[SIGBLOB_LEN]; 263 u_int rlen, slen, len, dlen; 264 Buffer b; 265-#if OPENSSL_VERSION_NUMBER >= 0x10100000L 266+#if OPENSSL_VERSION_NUMBER >= 0x10100005L 267 const BIGNUM *r, *s; 268 #endif 269 270@@ -74,7 +74,7 @@ ssh_dss_sign(const Key *key, u_char **sigp, u_int *lenp, 271 return -1; 272 } 273 274-#if OPENSSL_VERSION_NUMBER < 0x10100000L 275+#if OPENSSL_VERSION_NUMBER < 0x10100005L 276 rlen = BN_num_bytes(sig->r); 277 slen = BN_num_bytes(sig->s); 278 #else 279@@ -88,7 +88,7 @@ ssh_dss_sign(const Key *key, u_char **sigp, u_int *lenp, 280 return -1; 281 } 282 memset(sigblob, 0, SIGBLOB_LEN); 283-#if OPENSSL_VERSION_NUMBER < 0x10100000L 284+#if OPENSSL_VERSION_NUMBER < 0x10100005L 285 BN_bn2bin(sig->r, sigblob+ SIGBLOB_LEN - INTBLOB_LEN - rlen); 286 BN_bn2bin(sig->s, sigblob+ SIGBLOB_LEN - slen); 287 #else 288@@ -131,7 +131,7 @@ ssh_dss_verify(const Key *key, const u_char *signature, u_int signaturelen, 289 u_int len, dlen; 290 int rlen, ret; 291 Buffer b; 292-#if OPENSSL_VERSION_NUMBER >= 0x10100000L 293+#if OPENSSL_VERSION_NUMBER >= 0x10100005L 294 BIGNUM *r, *s; 295 #endif 296 297@@ -176,7 +176,7 @@ ssh_dss_verify(const Key *key, const u_char *signature, u_int signaturelen, 298 /* parse signature */ 299 if ((sig = DSA_SIG_new()) == NULL) 300 pamsshagentauth_fatal("ssh_dss_verify: DSA_SIG_new failed"); 301-#if OPENSSL_VERSION_NUMBER < 0x10100000L 302+#if OPENSSL_VERSION_NUMBER < 0x10100005L 303 if ((sig->r = BN_new()) == NULL) 304 pamsshagentauth_fatal("ssh_dss_verify: BN_new failed"); 305 if ((sig->s = BN_new()) == NULL) 306diff --git a/ssh-ecdsa.c b/ssh-ecdsa.c 307index c213959..5b13b30 100644 308--- a/ssh-ecdsa.c 309+++ b/ssh-ecdsa.c 310@@ -45,7 +45,7 @@ ssh_ecdsa_sign(const Key *key, u_char **sigp, u_int *lenp, 311 u_char digest[EVP_MAX_MD_SIZE]; 312 u_int len, dlen; 313 Buffer b, bb; 314-#if OPENSSL_VERSION_NUMBER >= 0x10100000L 315+#if OPENSSL_VERSION_NUMBER >= 0x10100005L 316 BIGNUM *r, *s; 317 #endif 318 319@@ -69,7 +69,7 @@ ssh_ecdsa_sign(const Key *key, u_char **sigp, u_int *lenp, 320 } 321 322 pamsshagentauth_buffer_init(&bb); 323-#if OPENSSL_VERSION_NUMBER < 0x10100000L 324+#if OPENSSL_VERSION_NUMBER < 0x10100005L 325 if (pamsshagentauth_buffer_get_bignum2_ret(&bb, sig->r) == -1 || 326 pamsshagentauth_buffer_get_bignum2_ret(&bb, sig->s) == -1) { 327 #else 328@@ -110,7 +110,7 @@ ssh_ecdsa_verify(const Key *key, const u_char *signature, u_int signaturelen, 329 u_int len, dlen; 330 int rlen, ret; 331 Buffer b; 332-#if OPENSSL_VERSION_NUMBER >= 0x10100000L 333+#if OPENSSL_VERSION_NUMBER >= 0x10100005L 334 BIGNUM *r, *s; 335 #endif 336 337@@ -141,7 +141,7 @@ ssh_ecdsa_verify(const Key *key, const u_char *signature, u_int signaturelen, 338 339 pamsshagentauth_buffer_init(&b); 340 pamsshagentauth_buffer_append(&b, sigblob, len); 341-#if OPENSSL_VERSION_NUMBER < 0x10100000L 342+#if OPENSSL_VERSION_NUMBER < 0x10100005L 343 if ((pamsshagentauth_buffer_get_bignum2_ret(&b, sig->r) == -1) || 344 (pamsshagentauth_buffer_get_bignum2_ret(&b, sig->s) == -1)) 345 #else 346diff --git a/ssh-rsa.c b/ssh-rsa.c 347index 9d74eb6..35f2e36 100644 348--- a/ssh-rsa.c 349+++ b/ssh-rsa.c 350@@ -119,13 +119,13 @@ ssh_rsa_verify(const Key *key, const u_char *signature, u_int signaturelen, 351 pamsshagentauth_logerror("ssh_rsa_verify: no RSA key"); 352 return -1; 353 } 354-#if OPENSSL_VERSION_NUMBER < 0x10100000L 355+#if OPENSSL_VERSION_NUMBER < 0x10100005L 356 if (BN_num_bits(key->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) { 357 #else 358 if (BN_num_bits(RSA_get0_n(key->rsa)) < SSH_RSA_MINIMUM_MODULUS_SIZE) { 359 #endif 360 pamsshagentauth_logerror("ssh_rsa_verify: RSA modulus too small: %d < minimum %d bits", 361-#if OPENSSL_VERSION_NUMBER < 0x10100000L 362+#if OPENSSL_VERSION_NUMBER < 0x10100005L 363 BN_num_bits(key->rsa->n), SSH_RSA_MINIMUM_MODULUS_SIZE); 364 #else 365 BN_num_bits(RSA_get0_n(key->rsa)), SSH_RSA_MINIMUM_MODULUS_SIZE); 366