diff options
author | Christoph Gysin | 2017-09-26 00:43:46 +0300 |
---|---|---|
committer | Christoph Gysin | 2017-09-28 00:06:26 +0300 |
commit | e16f2ceaa9b2d92c8b47caa38f79cdcba61eb040 (patch) | |
tree | 2b551a030a456a0f7870f1d45dc10b388aad0405 | |
parent | 956d60e16def68258336b74820fbf87a97913068 (diff) | |
download | aur-e16f2ceaa9b2d92c8b47caa38f79cdcba61eb040.tar.gz |
build gssapi against openssl-1.1
-rw-r--r-- | .SRCINFO | 4 | ||||
-rw-r--r-- | PKGBUILD | 7 | ||||
-rw-r--r-- | gssapi-openssl-1.1.0.patch | 178 |
3 files changed, 186 insertions, 3 deletions
@@ -1,5 +1,5 @@ # Generated by mksrcinfo v8 -# Wed Sep 27 13:00:00 UTC 2017 +# Wed Sep 27 13:05:00 UTC 2017 pkgbase = openssh-gssapi pkgdesc = Free version of the SSH connectivity tools pkgver = 7.5p1 @@ -31,6 +31,7 @@ pkgbase = openssh-gssapi source = openssl-1.1.0.patch source = get_canonical_hostname.patch source = gssapi.patch + source = gssapi-openssl-1.1.0.patch sha1sums = 5e8f185d00afb4f4f89801e9b0f8b9cee9d87ebd sha1sums = SKIP sha1sums = cc1ceec606c98c7407e7ac21ade23aed81e31405 @@ -42,6 +43,7 @@ pkgbase = openssh-gssapi sha1sums = 6d9ea19bb4fa2e4b5f14cad331f36bfbdaafd067 sha1sums = 16a3dc0ddcffbcfb7b166dc5839cee6536597c8e sha1sums = 1f835864ef2a64d919e57c8337f711a1b9442af4 + sha1sums = 445edf93cd3f66294d6465a95ee32437ac1d4c56 pkgname = openssh-gssapi @@ -28,7 +28,8 @@ source=("https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/${_pkgname}-${pkgv 'sshd.pam' 'openssl-1.1.0.patch' 'get_canonical_hostname.patch' - 'gssapi.patch') + 'gssapi.patch' + 'gssapi-openssl-1.1.0.patch') sha1sums=('5e8f185d00afb4f4f89801e9b0f8b9cee9d87ebd' 'SKIP' 'cc1ceec606c98c7407e7ac21ade23aed81e31405' @@ -39,7 +40,8 @@ sha1sums=('5e8f185d00afb4f4f89801e9b0f8b9cee9d87ebd' 'd93dca5ebda4610ff7647187f8928a3de28703f3' '6d9ea19bb4fa2e4b5f14cad331f36bfbdaafd067' '16a3dc0ddcffbcfb7b166dc5839cee6536597c8e' - '1f835864ef2a64d919e57c8337f711a1b9442af4') + '1f835864ef2a64d919e57c8337f711a1b9442af4' + '445edf93cd3f66294d6465a95ee32437ac1d4c56') backup=('etc/ssh/ssh_config' 'etc/ssh/sshd_config' 'etc/pam.d/sshd') @@ -52,6 +54,7 @@ prepare() { # GSSAPI patches patch -Np1 -i ../get_canonical_hostname.patch patch -Np1 -i ../gssapi.patch + patch -Np1 -i ../gssapi-openssl-1.1.0.patch } build() { diff --git a/gssapi-openssl-1.1.0.patch b/gssapi-openssl-1.1.0.patch new file mode 100644 index 000000000000..31981f1f19b5 --- /dev/null +++ b/gssapi-openssl-1.1.0.patch @@ -0,0 +1,178 @@ +commit 62325de6d29b58db4e2c5d1c63547714d774e625 +Author: Christoph Gysin <christoph.gysin@gmail.com> +Date: Tue Sep 26 20:01:13 2017 +0300 + + gssapi openssl-1.1 + +diff --git a/gss-genr.c b/gss-genr.c +index 0a929bc..a091200 100644 +--- a/gss-genr.c ++++ b/gss-genr.c +@@ -98,7 +98,7 @@ ssh_gssapi_kex_mechs(gss_OID_set gss_supported, ssh_gssapi_check_fn *check, + u_char digest[EVP_MAX_MD_SIZE]; + char deroid[2]; + const EVP_MD *evp_md = EVP_md5(); +- EVP_MD_CTX md; ++ EVP_MD_CTX *md = EVP_MD_CTX_new(); + + if (gss_enc2oid != NULL) { + for (i = 0; gss_enc2oid[i].encoded != NULL; i++) +@@ -119,12 +119,12 @@ ssh_gssapi_kex_mechs(gss_OID_set gss_supported, ssh_gssapi_check_fn *check, + deroid[0] = SSH_GSS_OIDTYPE; + deroid[1] = gss_supported->elements[i].length; + +- EVP_DigestInit(&md, evp_md); +- EVP_DigestUpdate(&md, deroid, 2); +- EVP_DigestUpdate(&md, ++ EVP_DigestInit(md, evp_md); ++ EVP_DigestUpdate(md, deroid, 2); ++ EVP_DigestUpdate(md, + gss_supported->elements[i].elements, + gss_supported->elements[i].length); +- EVP_DigestFinal(&md, digest, NULL); ++ EVP_DigestFinal(md, digest, NULL); + + encoded = xmalloc(EVP_MD_size(evp_md) * 2); + enclen = __b64_ntop(digest, EVP_MD_size(evp_md), +@@ -164,6 +164,8 @@ ssh_gssapi_kex_mechs(gss_OID_set gss_supported, ssh_gssapi_check_fn *check, + mechs = NULL; + } + ++ EVP_MD_CTX_free(md); ++ + return (mechs); + } + +diff --git a/kexgssc.c b/kexgssc.c +index 4708fd0..172b14a 100644 +--- a/kexgssc.c ++++ b/kexgssc.c +@@ -56,8 +56,9 @@ kexgss_client(struct ssh *ssh) { + DH *dh; + BIGNUM *dh_server_pub = NULL; + BIGNUM *shared_secret = NULL; +- BIGNUM *p = NULL; +- BIGNUM *g = NULL; ++ const BIGNUM *p = NULL; ++ const BIGNUM *g = NULL; ++ const BIGNUM *pub_key = NULL; + u_char *kbuf; + u_char *serverhostkey = NULL; + u_char *empty = ""; +@@ -167,7 +168,8 @@ kexgss_client(struct ssh *ssh) { + packet_start(SSH2_MSG_KEXGSS_INIT); + packet_put_string(send_tok.value, + send_tok.length); +- packet_put_bignum2(dh->pub_key); ++ DH_get0_key(dh, &pub_key, NULL); ++ packet_put_bignum2(pub_key); + first = 0; + } else { + packet_start(SSH2_MSG_KEXGSS_CONTINUE); +@@ -269,6 +271,7 @@ kexgss_client(struct ssh *ssh) { + switch (ssh->kex->kex_type) { + case KEX_GSS_GRP1_SHA1: + case KEX_GSS_GRP14_SHA1: ++ DH_get0_key(dh, &pub_key, NULL); + kex_dh_hash( + ssh->kex->hash_alg, + ssh->kex->client_version_string, +@@ -276,13 +279,15 @@ kexgss_client(struct ssh *ssh) { + buffer_ptr(ssh->kex->my), buffer_len(ssh->kex->my), + buffer_ptr(ssh->kex->peer), buffer_len(ssh->kex->peer), + (serverhostkey ? serverhostkey : empty), slen, +- dh->pub_key, /* e */ ++ pub_key, /* e */ + dh_server_pub, /* f */ + shared_secret, /* K */ + hash, &hashlen + ); + break; + case KEX_GSS_GEX_SHA1: ++ DH_get0_pqg(dh, &p, NULL, &g); ++ DH_get0_key(dh, &pub_key, NULL); + kexgex_hash( + ssh->kex->hash_alg, + ssh->kex->client_version_string, +@@ -291,8 +296,8 @@ kexgss_client(struct ssh *ssh) { + buffer_ptr(ssh->kex->peer), buffer_len(ssh->kex->peer), + (serverhostkey ? serverhostkey : empty), slen, + min, nbits, max, +- dh->p, dh->g, +- dh->pub_key, ++ p, g, ++ pub_key, + dh_server_pub, + shared_secret, + hash, &hashlen +diff --git a/kexgsss.c b/kexgsss.c +index cfb8680..922c4ec 100644 +--- a/kexgsss.c ++++ b/kexgsss.c +@@ -70,6 +70,9 @@ kexgss_server(struct ssh *ssh) + int min = -1, max = -1, nbits = -1; + BIGNUM *shared_secret = NULL; + BIGNUM *dh_client_pub = NULL; ++ const BIGNUM *p = NULL; ++ const BIGNUM *g = NULL; ++ const BIGNUM *pub_key = NULL; + int type = 0; + gss_OID oid; + char *mechs; +@@ -121,8 +124,9 @@ kexgss_server(struct ssh *ssh) + packet_disconnect("Protocol error: no matching group found"); + + packet_start(SSH2_MSG_KEXGSS_GROUP); +- packet_put_bignum2(dh->p); +- packet_put_bignum2(dh->g); ++ DH_get0_pqg(dh, &p, NULL, &g); ++ packet_put_bignum2(p); ++ packet_put_bignum2(g); + packet_send(); + + packet_write_wait(); +@@ -218,6 +222,7 @@ kexgss_server(struct ssh *ssh) + switch (ssh->kex->kex_type) { + case KEX_GSS_GRP1_SHA1: + case KEX_GSS_GRP14_SHA1: ++ DH_get0_key(dh, &pub_key, NULL); + kex_dh_hash( + ssh->kex->hash_alg, + ssh->kex->client_version_string, +@@ -225,11 +230,13 @@ kexgss_server(struct ssh *ssh) + buffer_ptr(ssh->kex->peer), buffer_len(ssh->kex->peer), + buffer_ptr(ssh->kex->my), buffer_len(ssh->kex->my), + NULL, 0, /* Change this if we start sending host keys */ +- dh_client_pub, dh->pub_key, shared_secret, ++ dh_client_pub, pub_key, shared_secret, + hash, &hashlen + ); + break; + case KEX_GSS_GEX_SHA1: ++ DH_get0_pqg(dh, &p, NULL, &g); ++ DH_get0_key(dh, &pub_key, NULL); + kexgex_hash( + ssh->kex->hash_alg, + ssh->kex->client_version_string, ssh->kex->server_version_string, +@@ -237,9 +244,9 @@ kexgss_server(struct ssh *ssh) + buffer_ptr(ssh->kex->my), buffer_len(ssh->kex->my), + NULL, 0, + min, nbits, max, +- dh->p, dh->g, ++ p, g, + dh_client_pub, +- dh->pub_key, ++ pub_key, + shared_secret, + hash, &hashlen + ); +@@ -263,7 +270,8 @@ kexgss_server(struct ssh *ssh) + fatal("Couldn't get MIC"); + + packet_start(SSH2_MSG_KEXGSS_COMPLETE); +- packet_put_bignum2(dh->pub_key); ++ DH_get0_key(dh, &pub_key, NULL); ++ packet_put_bignum2(pub_key); + packet_put_string(msg_tok.value,msg_tok.length); + + if (send_tok.length != 0) { |