You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
379 lines
11 KiB
379 lines
11 KiB
From 6f23daea4391c2db8bc27d2e4cb42eac02368822 Mon Sep 17 00:00:00 2001
|
|
From: Brad King <brad.king@kitware.com>
|
|
Date: Thu, 17 Nov 2016 15:44:44 -0500
|
|
Subject: [PATCH] libarchive: Add support for building with OpenSSL 1.1
|
|
|
|
OpenSSL 1.1 made some CTX structures opaque. Port our code to use the
|
|
structures only through pointers via OpenSSL 1.1 APIs. Use our adaption
|
|
layer to make this work with OpenSSL 1.0 and below.
|
|
|
|
Patch-by: Tomas Mraz <tmraz@redhat.com>
|
|
Patch-from: https://bugzilla.redhat.com/1383744
|
|
---
|
|
Utilities/cmlibarchive/libarchive/archive_cryptor.c | 9 +++++----
|
|
Utilities/cmlibarchive/libarchive/archive_cryptor_private.h | 2 +-
|
|
Utilities/cmlibarchive/libarchive/archive_digest.c | 74 ++++++++++++++++++++++++++++++++++++++++++++++++++++++--------------------
|
|
Utilities/cmlibarchive/libarchive/archive_digest_private.h | 12 ++++++------
|
|
Utilities/cmlibarchive/libarchive/archive_hmac.c | 14 ++++++++------
|
|
Utilities/cmlibarchive/libarchive/archive_hmac_private.h | 2 +-
|
|
6 files changed, 75 insertions(+), 38 deletions(-)
|
|
|
|
--- a/Utilities/cmlibarchive/libarchive/archive_cryptor.c
|
|
+++ b/Utilities/cmlibarchive/libarchive/archive_cryptor.c
|
|
@@ -302,6 +302,7 @@ aes_ctr_release(archive_crypto_ctx *ctx)
|
|
static int
|
|
aes_ctr_init(archive_crypto_ctx *ctx, const uint8_t *key, size_t key_len)
|
|
{
|
|
+ ctx->ctx = EVP_CIPHER_CTX_new();
|
|
|
|
switch (key_len) {
|
|
case 16: ctx->type = EVP_aes_128_ecb(); break;
|
|
@@ -314,7 +315,7 @@ aes_ctr_init(archive_crypto_ctx *ctx, co
|
|
memcpy(ctx->key, key, key_len);
|
|
memset(ctx->nonce, 0, sizeof(ctx->nonce));
|
|
ctx->encr_pos = AES_BLOCK_SIZE;
|
|
- EVP_CIPHER_CTX_init(&ctx->ctx);
|
|
+ EVP_CIPHER_CTX_init(ctx->ctx);
|
|
return 0;
|
|
}
|
|
|
|
@@ -324,10 +325,10 @@ aes_ctr_encrypt_counter(archive_crypto_c
|
|
int outl = 0;
|
|
int r;
|
|
|
|
- r = EVP_EncryptInit_ex(&ctx->ctx, ctx->type, NULL, ctx->key, NULL);
|
|
+ r = EVP_EncryptInit_ex(ctx->ctx, ctx->type, NULL, ctx->key, NULL);
|
|
if (r == 0)
|
|
return -1;
|
|
- r = EVP_EncryptUpdate(&ctx->ctx, ctx->encr_buf, &outl, ctx->nonce,
|
|
+ r = EVP_EncryptUpdate(ctx->ctx, ctx->encr_buf, &outl, ctx->nonce,
|
|
AES_BLOCK_SIZE);
|
|
if (r == 0 || outl != AES_BLOCK_SIZE)
|
|
return -1;
|
|
@@ -337,7 +338,7 @@ aes_ctr_encrypt_counter(archive_crypto_c
|
|
static int
|
|
aes_ctr_release(archive_crypto_ctx *ctx)
|
|
{
|
|
- EVP_CIPHER_CTX_cleanup(&ctx->ctx);
|
|
+ EVP_CIPHER_CTX_free(ctx->ctx);
|
|
memset(ctx->key, 0, ctx->key_len);
|
|
memset(ctx->nonce, 0, sizeof(ctx->nonce));
|
|
return 0;
|
|
--- a/Utilities/cmlibarchive/libarchive/archive_cryptor_private.h
|
|
+++ b/Utilities/cmlibarchive/libarchive/archive_cryptor_private.h
|
|
@@ -104,7 +104,7 @@ typedef struct {
|
|
#define AES_MAX_KEY_SIZE 32
|
|
|
|
typedef struct {
|
|
- EVP_CIPHER_CTX ctx;
|
|
+ EVP_CIPHER_CTX *ctx;
|
|
const EVP_CIPHER *type;
|
|
uint8_t key[AES_MAX_KEY_SIZE];
|
|
unsigned key_len;
|
|
--- a/Utilities/cmlibarchive/libarchive/archive_digest.c
|
|
+++ b/Utilities/cmlibarchive/libarchive/archive_digest.c
|
|
@@ -207,7 +207,9 @@ __archive_nettle_md5final(archive_md5_ct
|
|
static int
|
|
__archive_openssl_md5init(archive_md5_ctx *ctx)
|
|
{
|
|
- EVP_DigestInit(ctx, EVP_md5());
|
|
+ if ((*ctx = EVP_MD_CTX_new()) == NULL)
|
|
+ return (ARCHIVE_FAILED);
|
|
+ EVP_DigestInit(*ctx, EVP_md5());
|
|
return (ARCHIVE_OK);
|
|
}
|
|
|
|
@@ -215,7 +217,7 @@ static int
|
|
__archive_openssl_md5update(archive_md5_ctx *ctx, const void *indata,
|
|
size_t insize)
|
|
{
|
|
- EVP_DigestUpdate(ctx, indata, insize);
|
|
+ EVP_DigestUpdate(*ctx, indata, insize);
|
|
return (ARCHIVE_OK);
|
|
}
|
|
|
|
@@ -226,8 +228,11 @@ __archive_openssl_md5final(archive_md5_c
|
|
* this is meant to cope with that. Real fix is probably to fix
|
|
* archive_write_set_format_xar.c
|
|
*/
|
|
- if (ctx->digest)
|
|
- EVP_DigestFinal(ctx, md, NULL);
|
|
+ if (*ctx) {
|
|
+ EVP_DigestFinal(*ctx, md, NULL);
|
|
+ EVP_MD_CTX_free(*ctx);
|
|
+ *ctx = NULL;
|
|
+ }
|
|
return (ARCHIVE_OK);
|
|
}
|
|
|
|
@@ -359,7 +364,9 @@ __archive_nettle_ripemd160final(archive_
|
|
static int
|
|
__archive_openssl_ripemd160init(archive_rmd160_ctx *ctx)
|
|
{
|
|
- EVP_DigestInit(ctx, EVP_ripemd160());
|
|
+ if ((*ctx = EVP_MD_CTX_new()) == NULL)
|
|
+ return (ARCHIVE_FAILED);
|
|
+ EVP_DigestInit(*ctx, EVP_ripemd160());
|
|
return (ARCHIVE_OK);
|
|
}
|
|
|
|
@@ -367,14 +374,18 @@ static int
|
|
__archive_openssl_ripemd160update(archive_rmd160_ctx *ctx, const void *indata,
|
|
size_t insize)
|
|
{
|
|
- EVP_DigestUpdate(ctx, indata, insize);
|
|
+ EVP_DigestUpdate(*ctx, indata, insize);
|
|
return (ARCHIVE_OK);
|
|
}
|
|
|
|
static int
|
|
__archive_openssl_ripemd160final(archive_rmd160_ctx *ctx, void *md)
|
|
{
|
|
- EVP_DigestFinal(ctx, md, NULL);
|
|
+ if (*ctx) {
|
|
+ EVP_DigestFinal(*ctx, md, NULL);
|
|
+ EVP_MD_CTX_free(*ctx);
|
|
+ *ctx = NULL;
|
|
+ }
|
|
return (ARCHIVE_OK);
|
|
}
|
|
|
|
@@ -509,7 +520,9 @@ __archive_nettle_sha1final(archive_sha1_
|
|
static int
|
|
__archive_openssl_sha1init(archive_sha1_ctx *ctx)
|
|
{
|
|
- EVP_DigestInit(ctx, EVP_sha1());
|
|
+ if ((*ctx = EVP_MD_CTX_new()) == NULL)
|
|
+ return (ARCHIVE_FAILED);
|
|
+ EVP_DigestInit(*ctx, EVP_sha1());
|
|
return (ARCHIVE_OK);
|
|
}
|
|
|
|
@@ -517,7 +530,7 @@ static int
|
|
__archive_openssl_sha1update(archive_sha1_ctx *ctx, const void *indata,
|
|
size_t insize)
|
|
{
|
|
- EVP_DigestUpdate(ctx, indata, insize);
|
|
+ EVP_DigestUpdate(*ctx, indata, insize);
|
|
return (ARCHIVE_OK);
|
|
}
|
|
|
|
@@ -528,8 +541,11 @@ __archive_openssl_sha1final(archive_sha1
|
|
* this is meant to cope with that. Real fix is probably to fix
|
|
* archive_write_set_format_xar.c
|
|
*/
|
|
- if (ctx->digest)
|
|
- EVP_DigestFinal(ctx, md, NULL);
|
|
+ if (*ctx) {
|
|
+ EVP_DigestFinal(*ctx, md, NULL);
|
|
+ EVP_MD_CTX_free(*ctx);
|
|
+ *ctx = NULL;
|
|
+ }
|
|
return (ARCHIVE_OK);
|
|
}
|
|
|
|
@@ -733,7 +749,9 @@ __archive_nettle_sha256final(archive_sha
|
|
static int
|
|
__archive_openssl_sha256init(archive_sha256_ctx *ctx)
|
|
{
|
|
- EVP_DigestInit(ctx, EVP_sha256());
|
|
+ if ((*ctx = EVP_MD_CTX_new()) == NULL)
|
|
+ return (ARCHIVE_FAILED);
|
|
+ EVP_DigestInit(*ctx, EVP_sha256());
|
|
return (ARCHIVE_OK);
|
|
}
|
|
|
|
@@ -741,14 +759,18 @@ static int
|
|
__archive_openssl_sha256update(archive_sha256_ctx *ctx, const void *indata,
|
|
size_t insize)
|
|
{
|
|
- EVP_DigestUpdate(ctx, indata, insize);
|
|
+ EVP_DigestUpdate(*ctx, indata, insize);
|
|
return (ARCHIVE_OK);
|
|
}
|
|
|
|
static int
|
|
__archive_openssl_sha256final(archive_sha256_ctx *ctx, void *md)
|
|
{
|
|
- EVP_DigestFinal(ctx, md, NULL);
|
|
+ if (*ctx) {
|
|
+ EVP_DigestFinal(*ctx, md, NULL);
|
|
+ EVP_MD_CTX_free(*ctx);
|
|
+ *ctx = NULL;
|
|
+ }
|
|
return (ARCHIVE_OK);
|
|
}
|
|
|
|
@@ -928,7 +950,9 @@ __archive_nettle_sha384final(archive_sha
|
|
static int
|
|
__archive_openssl_sha384init(archive_sha384_ctx *ctx)
|
|
{
|
|
- EVP_DigestInit(ctx, EVP_sha384());
|
|
+ if ((*ctx = EVP_MD_CTX_new()) == NULL)
|
|
+ return (ARCHIVE_FAILED);
|
|
+ EVP_DigestInit(*ctx, EVP_sha384());
|
|
return (ARCHIVE_OK);
|
|
}
|
|
|
|
@@ -936,14 +960,18 @@ static int
|
|
__archive_openssl_sha384update(archive_sha384_ctx *ctx, const void *indata,
|
|
size_t insize)
|
|
{
|
|
- EVP_DigestUpdate(ctx, indata, insize);
|
|
+ EVP_DigestUpdate(*ctx, indata, insize);
|
|
return (ARCHIVE_OK);
|
|
}
|
|
|
|
static int
|
|
__archive_openssl_sha384final(archive_sha384_ctx *ctx, void *md)
|
|
{
|
|
- EVP_DigestFinal(ctx, md, NULL);
|
|
+ if (*ctx) {
|
|
+ EVP_DigestFinal(*ctx, md, NULL);
|
|
+ EVP_MD_CTX_free(*ctx);
|
|
+ *ctx = NULL;
|
|
+ }
|
|
return (ARCHIVE_OK);
|
|
}
|
|
|
|
@@ -1147,7 +1175,9 @@ __archive_nettle_sha512final(archive_sha
|
|
static int
|
|
__archive_openssl_sha512init(archive_sha512_ctx *ctx)
|
|
{
|
|
- EVP_DigestInit(ctx, EVP_sha512());
|
|
+ if ((*ctx = EVP_MD_CTX_new()) == NULL)
|
|
+ return (ARCHIVE_FAILED);
|
|
+ EVP_DigestInit(*ctx, EVP_sha512());
|
|
return (ARCHIVE_OK);
|
|
}
|
|
|
|
@@ -1155,14 +1185,18 @@ static int
|
|
__archive_openssl_sha512update(archive_sha512_ctx *ctx, const void *indata,
|
|
size_t insize)
|
|
{
|
|
- EVP_DigestUpdate(ctx, indata, insize);
|
|
+ EVP_DigestUpdate(*ctx, indata, insize);
|
|
return (ARCHIVE_OK);
|
|
}
|
|
|
|
static int
|
|
__archive_openssl_sha512final(archive_sha512_ctx *ctx, void *md)
|
|
{
|
|
- EVP_DigestFinal(ctx, md, NULL);
|
|
+ if (*ctx) {
|
|
+ EVP_DigestFinal(*ctx, md, NULL);
|
|
+ EVP_MD_CTX_free(*ctx);
|
|
+ *ctx = NULL;
|
|
+ }
|
|
return (ARCHIVE_OK);
|
|
}
|
|
|
|
--- a/Utilities/cmlibarchive/libarchive/archive_digest_private.h
|
|
+++ b/Utilities/cmlibarchive/libarchive/archive_digest_private.h
|
|
@@ -161,7 +161,7 @@ typedef CC_MD5_CTX archive_md5_ctx;
|
|
#elif defined(ARCHIVE_CRYPTO_MD5_NETTLE)
|
|
typedef struct md5_ctx archive_md5_ctx;
|
|
#elif defined(ARCHIVE_CRYPTO_MD5_OPENSSL)
|
|
-typedef EVP_MD_CTX archive_md5_ctx;
|
|
+typedef EVP_MD_CTX *archive_md5_ctx;
|
|
#elif defined(ARCHIVE_CRYPTO_MD5_WIN)
|
|
typedef Digest_CTX archive_md5_ctx;
|
|
#else
|
|
@@ -175,7 +175,7 @@ typedef RIPEMD160_CTX archive_rmd160_ctx
|
|
#elif defined(ARCHIVE_CRYPTO_RMD160_NETTLE)
|
|
typedef struct ripemd160_ctx archive_rmd160_ctx;
|
|
#elif defined(ARCHIVE_CRYPTO_RMD160_OPENSSL)
|
|
-typedef EVP_MD_CTX archive_rmd160_ctx;
|
|
+typedef EVP_MD_CTX *archive_rmd160_ctx;
|
|
#else
|
|
typedef unsigned char archive_rmd160_ctx;
|
|
#endif
|
|
@@ -189,7 +189,7 @@ typedef CC_SHA1_CTX archive_sha1_ctx;
|
|
#elif defined(ARCHIVE_CRYPTO_SHA1_NETTLE)
|
|
typedef struct sha1_ctx archive_sha1_ctx;
|
|
#elif defined(ARCHIVE_CRYPTO_SHA1_OPENSSL)
|
|
-typedef EVP_MD_CTX archive_sha1_ctx;
|
|
+typedef EVP_MD_CTX *archive_sha1_ctx;
|
|
#elif defined(ARCHIVE_CRYPTO_SHA1_WIN)
|
|
typedef Digest_CTX archive_sha1_ctx;
|
|
#else
|
|
@@ -209,7 +209,7 @@ typedef CC_SHA256_CTX archive_sha256_ctx
|
|
#elif defined(ARCHIVE_CRYPTO_SHA256_NETTLE)
|
|
typedef struct sha256_ctx archive_sha256_ctx;
|
|
#elif defined(ARCHIVE_CRYPTO_SHA256_OPENSSL)
|
|
-typedef EVP_MD_CTX archive_sha256_ctx;
|
|
+typedef EVP_MD_CTX *archive_sha256_ctx;
|
|
#elif defined(ARCHIVE_CRYPTO_SHA256_WIN)
|
|
typedef Digest_CTX archive_sha256_ctx;
|
|
#else
|
|
@@ -227,7 +227,7 @@ typedef CC_SHA512_CTX archive_sha384_ctx
|
|
#elif defined(ARCHIVE_CRYPTO_SHA384_NETTLE)
|
|
typedef struct sha384_ctx archive_sha384_ctx;
|
|
#elif defined(ARCHIVE_CRYPTO_SHA384_OPENSSL)
|
|
-typedef EVP_MD_CTX archive_sha384_ctx;
|
|
+typedef EVP_MD_CTX *archive_sha384_ctx;
|
|
#elif defined(ARCHIVE_CRYPTO_SHA384_WIN)
|
|
typedef Digest_CTX archive_sha384_ctx;
|
|
#else
|
|
@@ -247,7 +247,7 @@ typedef CC_SHA512_CTX archive_sha512_ctx
|
|
#elif defined(ARCHIVE_CRYPTO_SHA512_NETTLE)
|
|
typedef struct sha512_ctx archive_sha512_ctx;
|
|
#elif defined(ARCHIVE_CRYPTO_SHA512_OPENSSL)
|
|
-typedef EVP_MD_CTX archive_sha512_ctx;
|
|
+typedef EVP_MD_CTX *archive_sha512_ctx;
|
|
#elif defined(ARCHIVE_CRYPTO_SHA512_WIN)
|
|
typedef Digest_CTX archive_sha512_ctx;
|
|
#else
|
|
--- a/Utilities/cmlibarchive/libarchive/archive_hmac.c
|
|
+++ b/Utilities/cmlibarchive/libarchive/archive_hmac.c
|
|
@@ -176,8 +176,10 @@ __hmac_sha1_cleanup(archive_hmac_sha1_ct
|
|
static int
|
|
__hmac_sha1_init(archive_hmac_sha1_ctx *ctx, const uint8_t *key, size_t key_len)
|
|
{
|
|
- HMAC_CTX_init(ctx);
|
|
- HMAC_Init(ctx, key, key_len, EVP_sha1());
|
|
+ *ctx = HMAC_CTX_new();
|
|
+ if (*ctx == NULL)
|
|
+ return -1;
|
|
+ HMAC_Init_ex(*ctx, key, key_len, EVP_sha1(), NULL);
|
|
return 0;
|
|
}
|
|
|
|
@@ -185,22 +187,22 @@ static void
|
|
__hmac_sha1_update(archive_hmac_sha1_ctx *ctx, const uint8_t *data,
|
|
size_t data_len)
|
|
{
|
|
- HMAC_Update(ctx, data, data_len);
|
|
+ HMAC_Update(*ctx, data, data_len);
|
|
}
|
|
|
|
static void
|
|
__hmac_sha1_final(archive_hmac_sha1_ctx *ctx, uint8_t *out, size_t *out_len)
|
|
{
|
|
unsigned int len = (unsigned int)*out_len;
|
|
- HMAC_Final(ctx, out, &len);
|
|
+ HMAC_Final(*ctx, out, &len);
|
|
*out_len = len;
|
|
}
|
|
|
|
static void
|
|
__hmac_sha1_cleanup(archive_hmac_sha1_ctx *ctx)
|
|
{
|
|
- HMAC_CTX_cleanup(ctx);
|
|
- memset(ctx, 0, sizeof(*ctx));
|
|
+ HMAC_CTX_free(*ctx);
|
|
+ *ctx = NULL;
|
|
}
|
|
|
|
#else
|
|
--- a/Utilities/cmlibarchive/libarchive/archive_hmac_private.h
|
|
+++ b/Utilities/cmlibarchive/libarchive/archive_hmac_private.h
|
|
@@ -72,7 +72,7 @@ typedef struct hmac_sha1_ctx archive_hma
|
|
#elif defined(HAVE_LIBCRYPTO)
|
|
#include "archive_openssl_hmac_private.h"
|
|
|
|
-typedef HMAC_CTX archive_hmac_sha1_ctx;
|
|
+typedef HMAC_CTX* archive_hmac_sha1_ctx;
|
|
|
|
#else
|
|
|
|
|