Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 24 Oct 2018 18:38:58 +0000 (UTC)
From:      Guido Falsi <madpilot@FreeBSD.org>
To:        ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org
Subject:   svn commit: r482933 - head/security/pam_ssh_agent_auth/files
Message-ID:  <201810241838.w9OIcwWn030958@repo.freebsd.org>

Next in thread | Raw E-Mail | Index | Archive | Help
Author: madpilot
Date: Wed Oct 24 18:38:57 2018
New Revision: 482933
URL: https://svnweb.freebsd.org/changeset/ports/482933

Log:
  Check against the correct OPENSSL_VERSION_NUMBER.
  
  Reported by:	danfe
  MFH:		2018Q4

Modified:
  head/security/pam_ssh_agent_auth/files/patch-OpenSSL-1.1.1

Modified: head/security/pam_ssh_agent_auth/files/patch-OpenSSL-1.1.1
==============================================================================
--- head/security/pam_ssh_agent_auth/files/patch-OpenSSL-1.1.1	Wed Oct 24 18:36:59 2018	(r482932)
+++ head/security/pam_ssh_agent_auth/files/patch-OpenSSL-1.1.1	Wed Oct 24 18:38:57 2018	(r482933)
@@ -4,7 +4,7 @@
  	case 1:
  		key = pamsshagentauth_key_new(KEY_RSA1);
  		bits = pamsshagentauth_buffer_get_int(&auth->identities);
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100005L
  		pamsshagentauth_buffer_get_bignum(&auth->identities, key->rsa->e);
  		pamsshagentauth_buffer_get_bignum(&auth->identities, key->rsa->n);
  		*comment = pamsshagentauth_buffer_get_string(&auth->identities, NULL);
@@ -28,7 +28,7 @@
  	}
  	pamsshagentauth_buffer_init(&buffer);
  	pamsshagentauth_buffer_put_char(&buffer, SSH_AGENTC_RSA_CHALLENGE);
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100005L
  	pamsshagentauth_buffer_put_int(&buffer, BN_num_bits(key->rsa->n));
  	pamsshagentauth_buffer_put_bignum(&buffer, key->rsa->e);
  	pamsshagentauth_buffer_put_bignum(&buffer, key->rsa->n);
@@ -44,7 +44,7 @@
  static void
  ssh_encode_identity_rsa1(Buffer *b, RSA *key, const char *comment)
  {
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100005L
  	pamsshagentauth_buffer_put_int(b, BN_num_bits(key->n));
  	pamsshagentauth_buffer_put_bignum(b, key->n);
  	pamsshagentauth_buffer_put_bignum(b, key->e);
@@ -69,7 +69,7 @@
  	pamsshagentauth_buffer_put_cstring(b, key_ssh_name(key));
  	switch (key->type) {
  	case KEY_RSA:
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100005L
  		pamsshagentauth_buffer_put_bignum2(b, key->rsa->n);
  		pamsshagentauth_buffer_put_bignum2(b, key->rsa->e);
  		pamsshagentauth_buffer_put_bignum2(b, key->rsa->d);
@@ -86,7 +86,7 @@
 +#endif
  		break;
  	case KEY_DSA:
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100005L
  		pamsshagentauth_buffer_put_bignum2(b, key->dsa->p);
  		pamsshagentauth_buffer_put_bignum2(b, key->dsa->q);
  		pamsshagentauth_buffer_put_bignum2(b, key->dsa->g);
@@ -106,7 +106,7 @@
  
  	if (key->type == KEY_RSA1) {
  		pamsshagentauth_buffer_put_char(&msg, SSH_AGENTC_REMOVE_RSA_IDENTITY);
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100005L
  		pamsshagentauth_buffer_put_int(&msg, BN_num_bits(key->rsa->n));
  		pamsshagentauth_buffer_put_bignum(&msg, key->rsa->e);
  		pamsshagentauth_buffer_put_bignum(&msg, key->rsa->n);
@@ -124,7 +124,7 @@
  		pamsshagentauth_buffer_put_int(buffer, 0);
  		return 0;
  	}
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100005L
  	if (value->neg) {
 +#else
 +	if (BN_is_negative(value)) {
@@ -218,7 +218,7 @@
  	case KEY_RSA:
  		if ((rsa = RSA_new()) == NULL)
  			pamsshagentauth_fatal("key_new: RSA_new failed");
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100005L
  		if ((rsa->n = BN_new()) == NULL)
  			pamsshagentauth_fatal("key_new: BN_new failed");
  		if ((rsa->e = BN_new()) == NULL)
@@ -232,7 +232,7 @@
  	case KEY_DSA:
  		if ((dsa = DSA_new()) == NULL)
  			pamsshagentauth_fatal("key_new: DSA_new failed");
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100005L
  		if ((dsa->p = BN_new()) == NULL)
  			pamsshagentauth_fatal("key_new: BN_new failed");
  		if ((dsa->q = BN_new()) == NULL)
@@ -253,7 +253,7 @@
  	switch (k->type) {
  	case KEY_RSA1:
  	case KEY_RSA:
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100005L
  		if ((k->rsa->d = BN_new()) == NULL)
  			pamsshagentauth_fatal("key_new_private: BN_new failed");
  		if ((k->rsa->iqmp = BN_new()) == NULL)
@@ -271,7 +271,7 @@
 +#endif
  		break;
  	case KEY_DSA:
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100005L
  		if ((k->dsa->priv_key = BN_new()) == NULL)
  			pamsshagentauth_fatal("key_new_private: BN_new failed");
 +#else
@@ -280,7 +280,7 @@
 +#endif
  		break;
  	case KEY_ECDSA:
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100005L
  		if (EC_KEY_set_private_key(k->ecdsa, BN_new()) != 1)
  			pamsshagentauth_fatal("key_new_private: EC_KEY_set_private_key failed");
 +#else
@@ -292,7 +292,7 @@
  	case KEY_RSA1:
  	case KEY_RSA:
  		return a->rsa != NULL && b->rsa != NULL &&
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100005L
  		    BN_cmp(a->rsa->e, b->rsa->e) == 0 &&
  		    BN_cmp(a->rsa->n, b->rsa->n) == 0;
 +#else
@@ -301,7 +301,7 @@
 +#endif
  	case KEY_DSA:
  		return a->dsa != NULL && b->dsa != NULL &&
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100005L
  		    BN_cmp(a->dsa->p, b->dsa->p) == 0 &&
  		    BN_cmp(a->dsa->q, b->dsa->q) == 0 &&
  		    BN_cmp(a->dsa->g, b->dsa->g) == 0 &&
@@ -328,7 +328,7 @@
  	}
  	switch (k->type) {
  	case KEY_RSA1:
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100005L
  		nlen = BN_num_bytes(k->rsa->n);
  		elen = BN_num_bytes(k->rsa->e);
  		len = nlen + elen;
@@ -368,7 +368,7 @@
  			return -1;
  		*cpp = cp;
  		/* Get public exponent, public modulus. */
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100005L
  		if (!read_bignum(cpp, ret->rsa->e))
  			return -1;
  		if (!read_bignum(cpp, ret->rsa->n))
@@ -386,7 +386,7 @@
  
  	if (key->type == KEY_RSA1 && key->rsa != NULL) {
  		/* size of modulus 'n' */
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100005L
  		bits = BN_num_bits(key->rsa->n);
  		fprintf(f, "%u", bits);
  		if (write_bignum(f, key->rsa->e) &&
@@ -404,7 +404,7 @@
  {
  	switch (k->type) {
  	case KEY_RSA1:
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100005L
  	case KEY_RSA:
  		return BN_num_bits(k->rsa->n);
  	case KEY_DSA:
@@ -422,7 +422,7 @@
  	switch (k->type) {
  	case KEY_DSA:
  		n = pamsshagentauth_key_new(k->type);
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100005L
  		if ((BN_copy(n->dsa->p, k->dsa->p) == NULL) ||
  		    (BN_copy(n->dsa->q, k->dsa->q) == NULL) ||
  		    (BN_copy(n->dsa->g, k->dsa->g) == NULL) ||
@@ -438,7 +438,7 @@
  	case KEY_RSA:
  	case KEY_RSA1:
  		n = pamsshagentauth_key_new(k->type);
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100005L
  		if ((BN_copy(n->rsa->n, k->rsa->n) == NULL) ||
  		    (BN_copy(n->rsa->e, k->rsa->e) == NULL))
 +#else
@@ -452,7 +452,7 @@
  	switch (type) {
  	case KEY_RSA:
  		key = pamsshagentauth_key_new(type);
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100005L
  		if (pamsshagentauth_buffer_get_bignum2_ret(&b, key->rsa->e) == -1 ||
  		    pamsshagentauth_buffer_get_bignum2_ret(&b, key->rsa->n) == -1) {
 +#else
@@ -466,7 +466,7 @@
  		break;
  	case KEY_DSA:
  		key = pamsshagentauth_key_new(type);
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100005L
  		if (pamsshagentauth_buffer_get_bignum2_ret(&b, key->dsa->p) == -1 ||
  		    pamsshagentauth_buffer_get_bignum2_ret(&b, key->dsa->q) == -1 ||
  		    pamsshagentauth_buffer_get_bignum2_ret(&b, key->dsa->g) == -1 ||
@@ -484,7 +484,7 @@
  	}
  	pamsshagentauth_buffer_init(&b);
  	switch (key->type) {
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100005L
  	case KEY_DSA:
  		pamsshagentauth_buffer_put_cstring(&b, key_ssh_name(key));
  		pamsshagentauth_buffer_put_bignum2(&b, key->dsa->p);
@@ -513,7 +513,7 @@
  	case KEY_RSA:
  		if ((pk->rsa = RSA_new()) == NULL)
  			pamsshagentauth_fatal("key_demote: RSA_new failed");
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100005L
  		if ((pk->rsa->e = BN_dup(k->rsa->e)) == NULL)
  			pamsshagentauth_fatal("key_demote: BN_dup failed");
  		if ((pk->rsa->n = BN_dup(k->rsa->n)) == NULL)
@@ -526,7 +526,7 @@
  	case KEY_DSA:
  		if ((pk->dsa = DSA_new()) == NULL)
  			pamsshagentauth_fatal("key_demote: DSA_new failed");
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100005L
  		if ((pk->dsa->p = BN_dup(k->dsa->p)) == NULL)
  			pamsshagentauth_fatal("key_demote: BN_dup failed");
  		if ((pk->dsa->q = BN_dup(k->dsa->q)) == NULL)
@@ -554,7 +554,7 @@
  	u_char digest[EVP_MAX_MD_SIZE], sigblob[SIGBLOB_LEN];
  	u_int rlen, slen, len, dlen;
  	Buffer b;
-+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++#if OPENSSL_VERSION_NUMBER >= 0x10100005L
 +	const BIGNUM *r, *s;
 +#endif
  
@@ -579,7 +579,7 @@
  		return -1;
  	}
  
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100005L
  	rlen = BN_num_bytes(sig->r);
  	slen = BN_num_bytes(sig->s);
 +#else
@@ -593,7 +593,7 @@
  		return -1;
  	}
  	memset(sigblob, 0, SIGBLOB_LEN);
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100005L
  	BN_bn2bin(sig->r, sigblob+ SIGBLOB_LEN - INTBLOB_LEN - rlen);
  	BN_bn2bin(sig->s, sigblob+ SIGBLOB_LEN - slen);
 +#else
@@ -613,7 +613,7 @@
  	u_int len, dlen;
  	int rlen, ret;
  	Buffer b;
-+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++#if OPENSSL_VERSION_NUMBER >= 0x10100005L
 +	BIGNUM *r, *s;
 +#endif
  
@@ -623,7 +623,7 @@
  	/* parse signature */
  	if ((sig = DSA_SIG_new()) == NULL)
  		pamsshagentauth_fatal("ssh_dss_verify: DSA_SIG_new failed");
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100005L
  	if ((sig->r = BN_new()) == NULL)
  		pamsshagentauth_fatal("ssh_dss_verify: BN_new failed");
  	if ((sig->s = BN_new()) == NULL)
@@ -675,7 +675,7 @@
      u_char digest[EVP_MAX_MD_SIZE];
      u_int len, dlen;
      Buffer b, bb;
-+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++#if OPENSSL_VERSION_NUMBER >= 0x10100005L
 +	BIGNUM *r, *s;
 +#endif
  
@@ -702,7 +702,7 @@
      }
  
      pamsshagentauth_buffer_init(&bb);
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100005L
      if (pamsshagentauth_buffer_get_bignum2_ret(&bb, sig->r) == -1 ||
          pamsshagentauth_buffer_get_bignum2_ret(&bb, sig->s) == -1) {
 +#else
@@ -723,7 +723,7 @@
      u_int len, dlen;
      int rlen, ret;
      Buffer b;
-+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++#if OPENSSL_VERSION_NUMBER >= 0x10100005L
 +	BIGNUM *r, *s;
 +#endif
  
@@ -733,7 +733,7 @@
  
      pamsshagentauth_buffer_init(&b);
      pamsshagentauth_buffer_append(&b, sigblob, len);
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100005L
      if ((pamsshagentauth_buffer_get_bignum2_ret(&b, sig->r) == -1) ||
          (pamsshagentauth_buffer_get_bignum2_ret(&b, sig->s) == -1))
 +#else
@@ -808,13 +808,13 @@
  		pamsshagentauth_logerror("ssh_rsa_verify: no RSA key");
  		return -1;
  	}
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100005L
  	if (BN_num_bits(key->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) {
 +#else
 +	if (BN_num_bits(RSA_get0_n(key->rsa)) < SSH_RSA_MINIMUM_MODULUS_SIZE) {
 +#endif
  		pamsshagentauth_logerror("ssh_rsa_verify: RSA modulus too small: %d < minimum %d bits",
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100005L
  		    BN_num_bits(key->rsa->n), SSH_RSA_MINIMUM_MODULUS_SIZE);
 +#else
 +		    BN_num_bits(RSA_get0_n(key->rsa)), SSH_RSA_MINIMUM_MODULUS_SIZE);



Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?201810241838.w9OIcwWn030958>