* [meta-oe][PATCH 1/4] pam-ssh-agent-auth: Port to work with openssl 1.1.x
@ 2019-02-03 15:06 Khem Raj
2019-02-03 15:06 ` [meta-multimedia][PATCH 2/4] rtmpdump: Switch to using GNU TLS instead of openssl10 Khem Raj
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: Khem Raj @ 2019-02-03 15:06 UTC (permalink / raw)
To: openembedded-devel
Signed-off-by: Khem Raj <raj.khem@gmail.com>
---
.../0001-Adapt-to-OpenSSL-1.1.1.patch | 879 ++++++++++++++++++
...t-the-correct-OPENSSL_VERSION_NUMBER.patch | 365 ++++++++
.../pam/pam-ssh-agent-auth_0.10.3.bb | 7 +-
3 files changed, 1249 insertions(+), 2 deletions(-)
create mode 100644 meta-oe/recipes-extended/pam/pam-ssh-agent-auth/0001-Adapt-to-OpenSSL-1.1.1.patch
create mode 100644 meta-oe/recipes-extended/pam/pam-ssh-agent-auth/0002-Check-against-the-correct-OPENSSL_VERSION_NUMBER.patch
diff --git a/meta-oe/recipes-extended/pam/pam-ssh-agent-auth/0001-Adapt-to-OpenSSL-1.1.1.patch b/meta-oe/recipes-extended/pam/pam-ssh-agent-auth/0001-Adapt-to-OpenSSL-1.1.1.patch
new file mode 100644
index 0000000000..2d75a18f15
--- /dev/null
+++ b/meta-oe/recipes-extended/pam/pam-ssh-agent-auth/0001-Adapt-to-OpenSSL-1.1.1.patch
@@ -0,0 +1,879 @@
+From 37e233307a79a9250962dcf77b7c7e27a02a1a35 Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Fri, 1 Feb 2019 22:44:10 -0800
+Subject: [PATCH] Adapt to OpenSSL 1.1.1
+
+From: Guido Falsi <mad@madpilot.net>
+https://sources.debian.org/src/pam-ssh-agent-auth/0.10.3-3/debian/patches/openssl-1.1.1-1.patch/
+
+Upstream-Status: Pending
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ authfd.c | 50 ++++++++++++++++++++
+ bufbn.c | 4 ++
+ cipher.h | 6 ++-
+ kex.h | 9 +++-
+ key.c | 133 ++++++++++++++++++++++++++++++++++++++++++++++++++--
+ ssh-dss.c | 51 ++++++++++++++++----
+ ssh-ecdsa.c | 40 ++++++++++++----
+ ssh-rsa.c | 22 +++++++--
+ 8 files changed, 287 insertions(+), 28 deletions(-)
+
+diff --git a/authfd.c b/authfd.c
+index 212e06b..f91514d 100644
+--- a/authfd.c
++++ b/authfd.c
+@@ -367,6 +367,7 @@ ssh_get_next_identity(AuthenticationConnection *auth, char **comment, int versio
+ case 1:
+ key = pamsshagentauth_key_new(KEY_RSA1);
+ bits = pamsshagentauth_buffer_get_int(&auth->identities);
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ pamsshagentauth_buffer_get_bignum(&auth->identities, key->rsa->e);
+ pamsshagentauth_buffer_get_bignum(&auth->identities, key->rsa->n);
+ *comment = pamsshagentauth_buffer_get_string(&auth->identities, NULL);
+@@ -374,6 +375,15 @@ ssh_get_next_identity(AuthenticationConnection *auth, char **comment, int versio
+ if (keybits < 0 || bits != (u_int)keybits)
+ pamsshagentauth_logit("Warning: identity keysize mismatch: actual %d, announced %u",
+ BN_num_bits(key->rsa->n), bits);
++#else
++ pamsshagentauth_buffer_get_bignum(&auth->identities, RSA_get0_e(key->rsa));
++ pamsshagentauth_buffer_get_bignum(&auth->identities, RSA_get0_n(key->rsa));
++ *comment = pamsshagentauth_buffer_get_string(&auth->identities, NULL);
++ keybits = BN_num_bits(RSA_get0_n(key->rsa));
++ if (keybits < 0 || bits != (u_int)keybits)
++ pamsshagentauth_logit("Warning: identity keysize mismatch: actual %d, announced %u",
++ BN_num_bits(RSA_get0_n(key->rsa)), bits);
++#endif
+ break;
+ case 2:
+ blob = pamsshagentauth_buffer_get_string(&auth->identities, &blen);
+@@ -417,9 +427,15 @@ ssh_decrypt_challenge(AuthenticationConnection *auth,
+ }
+ pamsshagentauth_buffer_init(&buffer);
+ pamsshagentauth_buffer_put_char(&buffer, SSH_AGENTC_RSA_CHALLENGE);
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ pamsshagentauth_buffer_put_int(&buffer, BN_num_bits(key->rsa->n));
+ pamsshagentauth_buffer_put_bignum(&buffer, key->rsa->e);
+ pamsshagentauth_buffer_put_bignum(&buffer, key->rsa->n);
++#else
++ pamsshagentauth_buffer_put_int(&buffer, BN_num_bits(RSA_get0_n(key->rsa)));
++ pamsshagentauth_buffer_put_bignum(&buffer, RSA_get0_e(key->rsa));
++ pamsshagentauth_buffer_put_bignum(&buffer, RSA_get0_n(key->rsa));
++#endif
+ pamsshagentauth_buffer_put_bignum(&buffer, challenge);
+ pamsshagentauth_buffer_append(&buffer, session_id, 16);
+ pamsshagentauth_buffer_put_int(&buffer, response_type);
+@@ -496,6 +512,7 @@ ssh_agent_sign(AuthenticationConnection *auth,
+ static void
+ ssh_encode_identity_rsa1(Buffer *b, RSA *key, const char *comment)
+ {
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ pamsshagentauth_buffer_put_int(b, BN_num_bits(key->n));
+ pamsshagentauth_buffer_put_bignum(b, key->n);
+ pamsshagentauth_buffer_put_bignum(b, key->e);
+@@ -504,6 +521,16 @@ ssh_encode_identity_rsa1(Buffer *b, RSA *key, const char *comment)
+ pamsshagentauth_buffer_put_bignum(b, key->iqmp); /* ssh key->u */
+ pamsshagentauth_buffer_put_bignum(b, key->q); /* ssh key->p, SSL key->q */
+ pamsshagentauth_buffer_put_bignum(b, key->p); /* ssh key->q, SSL key->p */
++#else
++ pamsshagentauth_buffer_put_int(b, BN_num_bits(RSA_get0_n(key)));
++ pamsshagentauth_buffer_put_bignum(b, RSA_get0_n(key));
++ pamsshagentauth_buffer_put_bignum(b, RSA_get0_e(key));
++ pamsshagentauth_buffer_put_bignum(b, RSA_get0_d(key));
++ /* To keep within the protocol: p < q for ssh. in SSL p > q */
++ pamsshagentauth_buffer_put_bignum(b, RSA_get0_iqmp(key)); /* ssh key->u */
++ pamsshagentauth_buffer_put_bignum(b, RSA_get0_q(key)); /* ssh key->p, SSL key->q */
++ pamsshagentauth_buffer_put_bignum(b, RSA_get0_p(key)); /* ssh key->q, SSL key->p */
++#endif
+ pamsshagentauth_buffer_put_cstring(b, comment);
+ }
+
+@@ -513,19 +540,36 @@ ssh_encode_identity_ssh2(Buffer *b, Key *key, const char *comment)
+ pamsshagentauth_buffer_put_cstring(b, key_ssh_name(key));
+ switch (key->type) {
+ case KEY_RSA:
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ pamsshagentauth_buffer_put_bignum2(b, key->rsa->n);
+ pamsshagentauth_buffer_put_bignum2(b, key->rsa->e);
+ pamsshagentauth_buffer_put_bignum2(b, key->rsa->d);
+ pamsshagentauth_buffer_put_bignum2(b, key->rsa->iqmp);
+ pamsshagentauth_buffer_put_bignum2(b, key->rsa->p);
+ pamsshagentauth_buffer_put_bignum2(b, key->rsa->q);
++#else
++ pamsshagentauth_buffer_put_bignum2(b, RSA_get0_n(key->rsa));
++ pamsshagentauth_buffer_put_bignum2(b, RSA_get0_e(key->rsa));
++ pamsshagentauth_buffer_put_bignum2(b, RSA_get0_d(key->rsa));
++ pamsshagentauth_buffer_put_bignum2(b, RSA_get0_iqmp(key->rsa));
++ pamsshagentauth_buffer_put_bignum2(b, RSA_get0_p(key->rsa));
++ pamsshagentauth_buffer_put_bignum2(b, RSA_get0_q(key->rsa));
++#endif
+ break;
+ case KEY_DSA:
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ pamsshagentauth_buffer_put_bignum2(b, key->dsa->p);
+ pamsshagentauth_buffer_put_bignum2(b, key->dsa->q);
+ pamsshagentauth_buffer_put_bignum2(b, key->dsa->g);
+ pamsshagentauth_buffer_put_bignum2(b, key->dsa->pub_key);
+ pamsshagentauth_buffer_put_bignum2(b, key->dsa->priv_key);
++#else
++ pamsshagentauth_buffer_put_bignum2(b, DSA_get0_p(key->dsa));
++ pamsshagentauth_buffer_put_bignum2(b, DSA_get0_q(key->dsa));
++ pamsshagentauth_buffer_put_bignum2(b, DSA_get0_g(key->dsa));
++ pamsshagentauth_buffer_put_bignum2(b, DSA_get0_pub_key(key->dsa));
++ pamsshagentauth_buffer_put_bignum2(b, DSA_get0_priv_key(key->dsa));
++#endif
+ break;
+ }
+ pamsshagentauth_buffer_put_cstring(b, comment);
+@@ -605,9 +649,15 @@ ssh_remove_identity(AuthenticationConnection *auth, Key *key)
+
+ if (key->type == KEY_RSA1) {
+ pamsshagentauth_buffer_put_char(&msg, SSH_AGENTC_REMOVE_RSA_IDENTITY);
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ pamsshagentauth_buffer_put_int(&msg, BN_num_bits(key->rsa->n));
+ pamsshagentauth_buffer_put_bignum(&msg, key->rsa->e);
+ pamsshagentauth_buffer_put_bignum(&msg, key->rsa->n);
++#else
++ pamsshagentauth_buffer_put_int(&msg, BN_num_bits(RSA_get0_n(key->rsa)));
++ pamsshagentauth_buffer_put_bignum(&msg, RSA_get0_e(key->rsa));
++ pamsshagentauth_buffer_put_bignum(&msg, RSA_get0_n(key->rsa));
++#endif
+ } else if (key->type == KEY_DSA || key->type == KEY_RSA) {
+ pamsshagentauth_key_to_blob(key, &blob, &blen);
+ pamsshagentauth_buffer_put_char(&msg, SSH2_AGENTC_REMOVE_IDENTITY);
+diff --git a/bufbn.c b/bufbn.c
+index 6a49c73..4ecedc1 100644
+--- a/bufbn.c
++++ b/bufbn.c
+@@ -151,7 +151,11 @@ pamsshagentauth_buffer_put_bignum2_ret(Buffer *buffer, const BIGNUM *value)
+ pamsshagentauth_buffer_put_int(buffer, 0);
+ return 0;
+ }
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ if (value->neg) {
++#else
++ if (BN_is_negative(value)) {
++#endif
+ pamsshagentauth_logerror("buffer_put_bignum2_ret: negative numbers not supported");
+ return (-1);
+ }
+diff --git a/cipher.h b/cipher.h
+index 49bbc16..64f59ca 100644
+--- a/cipher.h
++++ b/cipher.h
+@@ -59,15 +59,18 @@
+ #define CIPHER_DECRYPT 0
+
+ typedef struct Cipher Cipher;
+-typedef struct CipherContext CipherContext;
++// typedef struct CipherContext CipherContext;
+
+ struct Cipher;
++/*
+ struct CipherContext {
+ int plaintext;
+ EVP_CIPHER_CTX evp;
+ Cipher *cipher;
+ };
++*/
+
++/*
+ u_int cipher_mask_ssh1(int);
+ Cipher *cipher_by_name(const char *);
+ Cipher *cipher_by_number(int);
+@@ -88,4 +91,5 @@ void cipher_set_keyiv(CipherContext *, u_char *);
+ int cipher_get_keyiv_len(const CipherContext *);
+ int cipher_get_keycontext(const CipherContext *, u_char *);
+ void cipher_set_keycontext(CipherContext *, u_char *);
++*/
+ #endif /* CIPHER_H */
+diff --git a/kex.h b/kex.h
+index 8e29c90..81ca57d 100644
+--- a/kex.h
++++ b/kex.h
+@@ -70,7 +70,7 @@ enum kex_exchange {
+ #define KEX_INIT_SENT 0x0001
+
+ typedef struct Kex Kex;
+-typedef struct Mac Mac;
++// typedef struct Mac Mac;
+ typedef struct Comp Comp;
+ typedef struct Enc Enc;
+ typedef struct Newkeys Newkeys;
+@@ -84,6 +84,7 @@ struct Enc {
+ u_char *key;
+ u_char *iv;
+ };
++/*
+ struct Mac {
+ char *name;
+ int enabled;
+@@ -95,11 +96,13 @@ struct Mac {
+ HMAC_CTX evp_ctx;
+ struct umac_ctx *umac_ctx;
+ };
++*/
+ struct Comp {
+ int type;
+ int enabled;
+ char *name;
+ };
++/*
+ struct Newkeys {
+ Enc enc;
+ Mac mac;
+@@ -126,7 +129,9 @@ struct Kex {
+ int (*host_key_index)(Key *);
+ void (*kex[KEX_MAX])(Kex *);
+ };
++*/
+
++/*
+ Kex *kex_setup(char *[PROPOSAL_MAX]);
+ void kex_finish(Kex *);
+
+@@ -152,6 +157,8 @@ kexgex_hash(const EVP_MD *, char *, char *, char *, int, char *,
+ void
+ derive_ssh1_session_id(BIGNUM *, BIGNUM *, u_int8_t[8], u_int8_t[16]);
+
++*/
++
+ #if defined(DEBUG_KEX) || defined(DEBUG_KEXDH)
+ void dump_digest(char *, u_char *, int);
+ #endif
+diff --git a/key.c b/key.c
+index 107a442..aedbbb5 100644
+--- a/key.c
++++ b/key.c
+@@ -77,15 +77,21 @@ pamsshagentauth_key_new(int type)
+ case KEY_RSA:
+ if ((rsa = RSA_new()) == NULL)
+ pamsshagentauth_fatal("key_new: RSA_new failed");
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ if ((rsa->n = BN_new()) == NULL)
+ pamsshagentauth_fatal("key_new: BN_new failed");
+ if ((rsa->e = BN_new()) == NULL)
+ pamsshagentauth_fatal("key_new: BN_new failed");
++#else
++ if (RSA_set0_key(rsa, BN_new(), BN_new(), NULL) != 1)
++ pamsshagentauth_fatal("key_new: RSA_set0_key failed");
++#endif
+ k->rsa = rsa;
+ break;
+ case KEY_DSA:
+ if ((dsa = DSA_new()) == NULL)
+ pamsshagentauth_fatal("key_new: DSA_new failed");
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ if ((dsa->p = BN_new()) == NULL)
+ pamsshagentauth_fatal("key_new: BN_new failed");
+ if ((dsa->q = BN_new()) == NULL)
+@@ -94,6 +100,12 @@ pamsshagentauth_key_new(int type)
+ pamsshagentauth_fatal("key_new: BN_new failed");
+ if ((dsa->pub_key = BN_new()) == NULL)
+ pamsshagentauth_fatal("key_new: BN_new failed");
++#else
++ if (DSA_set0_pqg(dsa, BN_new(), BN_new(), BN_new()) != 1)
++ pamsshagentauth_fatal("key_new: DSA_set0_pqg failed");
++ if (DSA_set0_key(dsa, BN_new(), NULL) != 1)
++ pamsshagentauth_fatal("key_new: DSA_set0_key failed");
++#endif
+ k->dsa = dsa;
+ break;
+ case KEY_ECDSA:
+@@ -118,6 +130,7 @@ pamsshagentauth_key_new_private(int type)
+ switch (k->type) {
+ case KEY_RSA1:
+ case KEY_RSA:
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ if ((k->rsa->d = BN_new()) == NULL)
+ pamsshagentauth_fatal("key_new_private: BN_new failed");
+ if ((k->rsa->iqmp = BN_new()) == NULL)
+@@ -130,14 +143,30 @@ pamsshagentauth_key_new_private(int type)
+ pamsshagentauth_fatal("key_new_private: BN_new failed");
+ if ((k->rsa->dmp1 = BN_new()) == NULL)
+ pamsshagentauth_fatal("key_new_private: BN_new failed");
++#else
++ if (RSA_set0_key(k->rsa, NULL, NULL, BN_new()) != 1)
++ pamsshagentauth_fatal("key_new: RSA_set0_key failed");
++ if (RSA_set0_crt_params(k->rsa, BN_new(), BN_new(), BN_new()) != 1)
++ pamsshagentauth_fatal("key_new: RSA_set0_crt_params failed");
++ if (RSA_set0_factors(k->rsa, BN_new(), BN_new()) != 1)
++ pamsshagentauth_fatal("key_new: RSA_set0_factors failed");
++#endif
+ break;
+ case KEY_DSA:
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ if ((k->dsa->priv_key = BN_new()) == NULL)
+ pamsshagentauth_fatal("key_new_private: BN_new failed");
++#else
++ if (DSA_set0_key(k->dsa, NULL, BN_new()) != 1)
++ pamsshagentauth_fatal("key_new_private: DSA_set0_key failed");
++#endif
+ break;
+ case KEY_ECDSA:
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ if (EC_KEY_set_private_key(k->ecdsa, BN_new()) != 1)
+ pamsshagentauth_fatal("key_new_private: EC_KEY_set_private_key failed");
++#else
++#endif
+ break;
+ case KEY_ED25519:
+ RAND_bytes(k->ed25519->sk, sizeof(k->ed25519->sk));
+@@ -195,14 +224,26 @@ pamsshagentauth_key_equal(const Key *a, const Key *b)
+ case KEY_RSA1:
+ case KEY_RSA:
+ return a->rsa != NULL && b->rsa != NULL &&
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ BN_cmp(a->rsa->e, b->rsa->e) == 0 &&
+ BN_cmp(a->rsa->n, b->rsa->n) == 0;
++#else
++ BN_cmp(RSA_get0_e(a->rsa), RSA_get0_e(b->rsa)) == 0 &&
++ BN_cmp(RSA_get0_n(a->rsa), RSA_get0_n(b->rsa)) == 0;
++#endif
+ case KEY_DSA:
+ return a->dsa != NULL && b->dsa != NULL &&
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ BN_cmp(a->dsa->p, b->dsa->p) == 0 &&
+ BN_cmp(a->dsa->q, b->dsa->q) == 0 &&
+ BN_cmp(a->dsa->g, b->dsa->g) == 0 &&
+ BN_cmp(a->dsa->pub_key, b->dsa->pub_key) == 0;
++#else
++ BN_cmp(DSA_get0_p(a->dsa), DSA_get0_p(b->dsa)) == 0 &&
++ BN_cmp(DSA_get0_q(a->dsa), DSA_get0_q(b->dsa)) == 0 &&
++ BN_cmp(DSA_get0_g(a->dsa), DSA_get0_g(b->dsa)) == 0 &&
++ BN_cmp(DSA_get0_pub_key(a->dsa), DSA_get0_pub_key(b->dsa)) == 0;
++#endif
+ case KEY_ECDSA:
+ return a->ecdsa != NULL && b->ecdsa != NULL &&
+ EC_KEY_check_key(a->ecdsa) == 1 &&
+@@ -231,7 +272,7 @@ pamsshagentauth_key_fingerprint_raw(const Key *k, enum fp_type dgst_type,
+ u_int *dgst_raw_length)
+ {
+ const EVP_MD *md = NULL;
+- EVP_MD_CTX ctx;
++ EVP_MD_CTX *ctx;
+ u_char *blob = NULL;
+ u_char *retval = NULL;
+ u_int len = 0;
+@@ -252,12 +293,21 @@ pamsshagentauth_key_fingerprint_raw(const Key *k, enum fp_type dgst_type,
+ }
+ switch (k->type) {
+ case KEY_RSA1:
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ nlen = BN_num_bytes(k->rsa->n);
+ elen = BN_num_bytes(k->rsa->e);
+ len = nlen + elen;
+ blob = pamsshagentauth_xmalloc(len);
+ BN_bn2bin(k->rsa->n, blob);
+ BN_bn2bin(k->rsa->e, blob + nlen);
++#else
++ nlen = BN_num_bytes(RSA_get0_n(k->rsa));
++ elen = BN_num_bytes(RSA_get0_e(k->rsa));
++ len = nlen + elen;
++ blob = pamsshagentauth_xmalloc(len);
++ BN_bn2bin(RSA_get0_n(k->rsa), blob);
++ BN_bn2bin(RSA_get0_e(k->rsa), blob + nlen);
++#endif
+ break;
+ case KEY_DSA:
+ case KEY_ECDSA:
+@@ -273,11 +323,14 @@ pamsshagentauth_key_fingerprint_raw(const Key *k, enum fp_type dgst_type,
+ }
+ if (blob != NULL) {
+ retval = pamsshagentauth_xmalloc(EVP_MAX_MD_SIZE);
+- EVP_DigestInit(&ctx, md);
+- EVP_DigestUpdate(&ctx, blob, len);
+- EVP_DigestFinal(&ctx, retval, dgst_raw_length);
++ /* XXX Errors from EVP_* functions are not hadled */
++ ctx = EVP_MD_CTX_create();
++ EVP_DigestInit(ctx, md);
++ EVP_DigestUpdate(ctx, blob, len);
++ EVP_DigestFinal(ctx, retval, dgst_raw_length);
+ memset(blob, 0, len);
+ pamsshagentauth_xfree(blob);
++ EVP_MD_CTX_destroy(ctx);
+ } else {
+ pamsshagentauth_fatal("key_fingerprint_raw: blob is null");
+ }
+@@ -457,10 +510,17 @@ pamsshagentauth_key_read(Key *ret, char **cpp)
+ return -1;
+ *cpp = cp;
+ /* Get public exponent, public modulus. */
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ if (!read_bignum(cpp, ret->rsa->e))
+ return -1;
+ if (!read_bignum(cpp, ret->rsa->n))
+ return -1;
++#else
++ if (!read_bignum(cpp, RSA_get0_e(ret->rsa)))
++ return -1;
++ if (!read_bignum(cpp, RSA_get0_n(ret->rsa)))
++ return -1;
++#endif
+ success = 1;
+ break;
+ case KEY_UNSPEC:
+@@ -583,10 +643,17 @@ pamsshagentauth_key_write(const Key *key, FILE *f)
+
+ if (key->type == KEY_RSA1 && key->rsa != NULL) {
+ /* size of modulus 'n' */
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ bits = BN_num_bits(key->rsa->n);
+ fprintf(f, "%u", bits);
+ if (write_bignum(f, key->rsa->e) &&
+ write_bignum(f, key->rsa->n)) {
++#else
++ bits = BN_num_bits(RSA_get0_n(key->rsa));
++ fprintf(f, "%u", bits);
++ if (write_bignum(f, RSA_get0_e(key->rsa)) &&
++ write_bignum(f, RSA_get0_n(key->rsa))) {
++#endif
+ success = 1;
+ } else {
+ pamsshagentauth_logerror("key_write: failed for RSA key");
+@@ -675,10 +742,17 @@ pamsshagentauth_key_size(const Key *k)
+ {
+ switch (k->type) {
+ case KEY_RSA1:
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ case KEY_RSA:
+ return BN_num_bits(k->rsa->n);
+ case KEY_DSA:
+ return BN_num_bits(k->dsa->p);
++#else
++ case KEY_RSA:
++ return BN_num_bits(RSA_get0_n(k->rsa));
++ case KEY_DSA:
++ return BN_num_bits(DSA_get0_p(k->dsa));
++#endif
+ case KEY_ECDSA:
+ {
+ int nid = EC_GROUP_get_curve_name(EC_KEY_get0_group(k->ecdsa));
+@@ -769,17 +843,29 @@ pamsshagentauth_key_from_private(const Key *k)
+ switch (k->type) {
+ case KEY_DSA:
+ n = pamsshagentauth_key_new(k->type);
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ if ((BN_copy(n->dsa->p, k->dsa->p) == NULL) ||
+ (BN_copy(n->dsa->q, k->dsa->q) == NULL) ||
+ (BN_copy(n->dsa->g, k->dsa->g) == NULL) ||
+ (BN_copy(n->dsa->pub_key, k->dsa->pub_key) == NULL))
++#else
++ if ((BN_copy(DSA_get0_p(n->dsa), DSA_get0_p(k->dsa)) == NULL) ||
++ (BN_copy(DSA_get0_q(n->dsa), DSA_get0_q(k->dsa)) == NULL) ||
++ (BN_copy(DSA_get0_g(n->dsa), DSA_get0_g(k->dsa)) == NULL) ||
++ (BN_copy(DSA_get0_pub_key(n->dsa), DSA_get0_pub_key(k->dsa)) == NULL))
++#endif
+ pamsshagentauth_fatal("key_from_private: BN_copy failed");
+ break;
+ case KEY_RSA:
+ case KEY_RSA1:
+ n = pamsshagentauth_key_new(k->type);
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ if ((BN_copy(n->rsa->n, k->rsa->n) == NULL) ||
+ (BN_copy(n->rsa->e, k->rsa->e) == NULL))
++#else
++ if ((BN_copy(RSA_get0_n(n->rsa), RSA_get0_n(k->rsa)) == NULL) ||
++ (BN_copy(RSA_get0_e(n->rsa), RSA_get0_e(k->rsa)) == NULL))
++#endif
+ pamsshagentauth_fatal("key_from_private: BN_copy failed");
+ break;
+ case KEY_ECDSA:
+@@ -881,8 +967,13 @@ pamsshagentauth_key_from_blob(const u_char *blob, u_int blen)
+ switch (type) {
+ case KEY_RSA:
+ key = pamsshagentauth_key_new(type);
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ if (pamsshagentauth_buffer_get_bignum2_ret(&b, key->rsa->e) == -1 ||
+ pamsshagentauth_buffer_get_bignum2_ret(&b, key->rsa->n) == -1) {
++#else
++ if (pamsshagentauth_buffer_get_bignum2_ret(&b, RSA_get0_e(key->rsa)) == -1 ||
++ pamsshagentauth_buffer_get_bignum2_ret(&b, RSA_get0_n(key->rsa)) == -1) {
++#endif
+ pamsshagentauth_logerror("key_from_blob: can't read rsa key");
+ pamsshagentauth_key_free(key);
+ key = NULL;
+@@ -894,10 +985,17 @@ pamsshagentauth_key_from_blob(const u_char *blob, u_int blen)
+ break;
+ case KEY_DSA:
+ key = pamsshagentauth_key_new(type);
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ if (pamsshagentauth_buffer_get_bignum2_ret(&b, key->dsa->p) == -1 ||
+ pamsshagentauth_buffer_get_bignum2_ret(&b, key->dsa->q) == -1 ||
+ pamsshagentauth_buffer_get_bignum2_ret(&b, key->dsa->g) == -1 ||
+ pamsshagentauth_buffer_get_bignum2_ret(&b, key->dsa->pub_key) == -1) {
++#else
++ if (pamsshagentauth_buffer_get_bignum2_ret(&b, DSA_get0_p(key->dsa)) == -1 ||
++ pamsshagentauth_buffer_get_bignum2_ret(&b, DSA_get0_q(key->dsa)) == -1 ||
++ pamsshagentauth_buffer_get_bignum2_ret(&b, DSA_get0_g(key->dsa)) == -1 ||
++ pamsshagentauth_buffer_get_bignum2_ret(&b, DSA_get0_pub_key(key->dsa)) == -1) {
++#endif
+ pamsshagentauth_logerror("key_from_blob: can't read dsa key");
+ pamsshagentauth_key_free(key);
+ key = NULL;
+@@ -1015,6 +1113,7 @@ pamsshagentauth_key_to_blob(const Key *key, u_char **blobp, u_int *lenp)
+ }
+ pamsshagentauth_buffer_init(&b);
+ switch (key->type) {
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ case KEY_DSA:
+ pamsshagentauth_buffer_put_cstring(&b, key_ssh_name(key));
+ pamsshagentauth_buffer_put_bignum2(&b, key->dsa->p);
+@@ -1027,6 +1126,20 @@ pamsshagentauth_key_to_blob(const Key *key, u_char **blobp, u_int *lenp)
+ pamsshagentauth_buffer_put_bignum2(&b, key->rsa->e);
+ pamsshagentauth_buffer_put_bignum2(&b, key->rsa->n);
+ break;
++#else
++ case KEY_DSA:
++ pamsshagentauth_buffer_put_cstring(&b, key_ssh_name(key));
++ pamsshagentauth_buffer_put_bignum2(&b, DSA_get0_p(key->dsa));
++ pamsshagentauth_buffer_put_bignum2(&b, DSA_get0_q(key->dsa));
++ pamsshagentauth_buffer_put_bignum2(&b, DSA_get0_g(key->dsa));
++ pamsshagentauth_buffer_put_bignum2(&b, DSA_get0_pub_key(key->dsa));
++ break;
++ case KEY_RSA:
++ pamsshagentauth_buffer_put_cstring(&b, key_ssh_name(key));
++ pamsshagentauth_buffer_put_bignum2(&b, RSA_get0_e(key->rsa));
++ pamsshagentauth_buffer_put_bignum2(&b, RSA_get0_n(key->rsa));
++ break;
++#endif
+ case KEY_ECDSA:
+ {
+ size_t l = 0;
+@@ -1138,14 +1251,20 @@ pamsshagentauth_key_demote(const Key *k)
+ case KEY_RSA:
+ if ((pk->rsa = RSA_new()) == NULL)
+ pamsshagentauth_fatal("key_demote: RSA_new failed");
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ if ((pk->rsa->e = BN_dup(k->rsa->e)) == NULL)
+ pamsshagentauth_fatal("key_demote: BN_dup failed");
+ if ((pk->rsa->n = BN_dup(k->rsa->n)) == NULL)
+ pamsshagentauth_fatal("key_demote: BN_dup failed");
++#else
++ if (RSA_set0_key(pk->rsa, BN_dup(RSA_get0_n(k->rsa)), BN_dup(RSA_get0_e(k->rsa)), NULL) != 1)
++ pamsshagentauth_fatal("key_demote: RSA_set0_key failed");
++#endif
+ break;
+ case KEY_DSA:
+ if ((pk->dsa = DSA_new()) == NULL)
+ pamsshagentauth_fatal("key_demote: DSA_new failed");
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ if ((pk->dsa->p = BN_dup(k->dsa->p)) == NULL)
+ pamsshagentauth_fatal("key_demote: BN_dup failed");
+ if ((pk->dsa->q = BN_dup(k->dsa->q)) == NULL)
+@@ -1154,6 +1273,12 @@ pamsshagentauth_key_demote(const Key *k)
+ pamsshagentauth_fatal("key_demote: BN_dup failed");
+ if ((pk->dsa->pub_key = BN_dup(k->dsa->pub_key)) == NULL)
+ pamsshagentauth_fatal("key_demote: BN_dup failed");
++#else
++ if (DSA_set0_pqg(pk->dsa, BN_dup(DSA_get0_p(k->dsa)), BN_dup(DSA_get0_q(k->dsa)), BN_dup(DSA_get0_g(k->dsa))) != 1)
++ pamsshagentauth_fatal("key_demote: DSA_set0_pqg failed");
++ if (DSA_set0_key(pk->dsa, BN_dup(DSA_get0_pub_key(k->dsa)), NULL) != 1)
++ pamsshagentauth_fatal("key_demote: DSA_set0_key failed");
++#endif
+ break;
+ case KEY_ECDSA:
+ pamsshagentauth_fatal("key_demote: implement me");
+diff --git a/ssh-dss.c b/ssh-dss.c
+index 9fdaa5d..1051ae2 100644
+--- a/ssh-dss.c
++++ b/ssh-dss.c
+@@ -48,37 +48,53 @@ ssh_dss_sign(const Key *key, u_char **sigp, u_int *lenp,
+ {
+ DSA_SIG *sig;
+ const EVP_MD *evp_md = EVP_sha1();
+- EVP_MD_CTX md;
++ EVP_MD_CTX *md;
+ u_char digest[EVP_MAX_MD_SIZE], sigblob[SIGBLOB_LEN];
+ u_int rlen, slen, len, dlen;
+ Buffer b;
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++ const BIGNUM *r, *s;
++#endif
+
+ if (key == NULL || key->type != KEY_DSA || key->dsa == NULL) {
+ pamsshagentauth_logerror("ssh_dss_sign: no DSA key");
+ return -1;
+ }
+- EVP_DigestInit(&md, evp_md);
+- EVP_DigestUpdate(&md, data, datalen);
+- EVP_DigestFinal(&md, digest, &dlen);
++ md = EVP_MD_CTX_create();
++ EVP_DigestInit(md, evp_md);
++ EVP_DigestUpdate(md, data, datalen);
++ EVP_DigestFinal(md, digest, &dlen);
+
+ sig = DSA_do_sign(digest, dlen, key->dsa);
+ memset(digest, 'd', sizeof(digest));
++ EVP_MD_CTX_destroy(md);
+
+ if (sig == NULL) {
+ pamsshagentauth_logerror("ssh_dss_sign: sign failed");
+ return -1;
+ }
+
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ rlen = BN_num_bytes(sig->r);
+ slen = BN_num_bytes(sig->s);
++#else
++ DSA_SIG_get0((const DSA_SIG *)sig, (const BIGNUM **)r, (const BIGNUM **)s);
++ rlen = BN_num_bytes(r);
++ slen = BN_num_bytes(s);
++#endif
+ if (rlen > INTBLOB_LEN || slen > INTBLOB_LEN) {
+ pamsshagentauth_logerror("bad sig size %u %u", rlen, slen);
+ DSA_SIG_free(sig);
+ return -1;
+ }
+ memset(sigblob, 0, SIGBLOB_LEN);
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ BN_bn2bin(sig->r, sigblob+ SIGBLOB_LEN - INTBLOB_LEN - rlen);
+ BN_bn2bin(sig->s, sigblob+ SIGBLOB_LEN - slen);
++#else
++ BN_bn2bin(r, sigblob+ SIGBLOB_LEN - INTBLOB_LEN - rlen);
++ BN_bn2bin(s, sigblob+ SIGBLOB_LEN - slen);
++#endif
+ DSA_SIG_free(sig);
+
+ if (datafellows & SSH_BUG_SIGBLOB) {
+@@ -110,11 +126,14 @@ ssh_dss_verify(const Key *key, const u_char *signature, u_int signaturelen,
+ {
+ DSA_SIG *sig;
+ const EVP_MD *evp_md = EVP_sha1();
+- EVP_MD_CTX md;
++ EVP_MD_CTX *md;
+ u_char digest[EVP_MAX_MD_SIZE], *sigblob;
+ u_int len, dlen;
+ int rlen, ret;
+ Buffer b;
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++ BIGNUM *r, *s;
++#endif
+
+ if (key == NULL || key->type != KEY_DSA || key->dsa == NULL) {
+ pamsshagentauth_logerror("ssh_dss_verify: no DSA key");
+@@ -157,6 +176,7 @@ ssh_dss_verify(const Key *key, const u_char *signature, u_int signaturelen,
+ /* parse signature */
+ if ((sig = DSA_SIG_new()) == NULL)
+ pamsshagentauth_fatal("ssh_dss_verify: DSA_SIG_new failed");
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ if ((sig->r = BN_new()) == NULL)
+ pamsshagentauth_fatal("ssh_dss_verify: BN_new failed");
+ if ((sig->s = BN_new()) == NULL)
+@@ -164,18 +184,33 @@ ssh_dss_verify(const Key *key, const u_char *signature, u_int signaturelen,
+ if ((BN_bin2bn(sigblob, INTBLOB_LEN, sig->r) == NULL) ||
+ (BN_bin2bn(sigblob+ INTBLOB_LEN, INTBLOB_LEN, sig->s) == NULL))
+ pamsshagentauth_fatal("ssh_dss_verify: BN_bin2bn failed");
++#else
++ if ((r = BN_new()) == NULL)
++ pamsshagentauth_fatal("ssh_dss_verify: BN_new failed");
++ if ((s = BN_new()) == NULL)
++ pamsshagentauth_fatal("ssh_dss_verify: BN_new failed");
++ if (DSA_SIG_set0(sig, r, s) != 1)
++ pamsshagentauth_fatal("ssh_dss_verify: DSA_SIG_set0 failed");
++ if ((BN_bin2bn(sigblob, INTBLOB_LEN, r) == NULL) ||
++ (BN_bin2bn(sigblob+ INTBLOB_LEN, INTBLOB_LEN, s) == NULL))
++ pamsshagentauth_fatal("ssh_dss_verify: BN_bin2bn failed");
++ if (DSA_SIG_set0(sig, r, s) != 1)
++ pamsshagentauth_fatal("ssh_dss_verify: DSA_SIG_set0 failed");
++#endif
+
+ /* clean up */
+ memset(sigblob, 0, len);
+ pamsshagentauth_xfree(sigblob);
+
+ /* sha1 the data */
+- EVP_DigestInit(&md, evp_md);
+- EVP_DigestUpdate(&md, data, datalen);
+- EVP_DigestFinal(&md, digest, &dlen);
++ md = EVP_MD_CTX_create();
++ EVP_DigestInit(md, evp_md);
++ EVP_DigestUpdate(md, data, datalen);
++ EVP_DigestFinal(md, digest, &dlen);
+
+ ret = DSA_do_verify(digest, dlen, sig, key->dsa);
+ memset(digest, 'd', sizeof(digest));
++ EVP_MD_CTX_destroy(md);
+
+ DSA_SIG_free(sig);
+
+diff --git a/ssh-ecdsa.c b/ssh-ecdsa.c
+index efa0f3d..c213959 100644
+--- a/ssh-ecdsa.c
++++ b/ssh-ecdsa.c
+@@ -41,22 +41,27 @@ ssh_ecdsa_sign(const Key *key, u_char **sigp, u_int *lenp,
+ {
+ ECDSA_SIG *sig;
+ const EVP_MD *evp_md = evp_from_key(key);
+- EVP_MD_CTX md;
++ EVP_MD_CTX *md;
+ u_char digest[EVP_MAX_MD_SIZE];
+ u_int len, dlen;
+ Buffer b, bb;
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++ BIGNUM *r, *s;
++#endif
+
+ if (key == NULL || key->type != KEY_ECDSA || key->ecdsa == NULL) {
+ pamsshagentauth_logerror("ssh_ecdsa_sign: no ECDSA key");
+ return -1;
+ }
+
+- EVP_DigestInit(&md, evp_md);
+- EVP_DigestUpdate(&md, data, datalen);
+- EVP_DigestFinal(&md, digest, &dlen);
++ md = EVP_MD_CTX_create();
++ EVP_DigestInit(md, evp_md);
++ EVP_DigestUpdate(md, data, datalen);
++ EVP_DigestFinal(md, digest, &dlen);
+
+ sig = ECDSA_do_sign(digest, dlen, key->ecdsa);
+ memset(digest, 'd', sizeof(digest));
++ EVP_MD_CTX_destroy(md);
+
+ if (sig == NULL) {
+ pamsshagentauth_logerror("ssh_ecdsa_sign: sign failed");
+@@ -64,8 +69,14 @@ ssh_ecdsa_sign(const Key *key, u_char **sigp, u_int *lenp,
+ }
+
+ pamsshagentauth_buffer_init(&bb);
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ if (pamsshagentauth_buffer_get_bignum2_ret(&bb, sig->r) == -1 ||
+ pamsshagentauth_buffer_get_bignum2_ret(&bb, sig->s) == -1) {
++#else
++ DSA_SIG_get0(sig, &r, &s);
++ if (pamsshagentauth_buffer_get_bignum2_ret(&bb, r) == -1 ||
++ pamsshagentauth_buffer_get_bignum2_ret(&bb, s) == -1) {
++#endif
+ pamsshagentauth_logerror("couldn't serialize signature");
+ ECDSA_SIG_free(sig);
+ return -1;
+@@ -94,11 +105,14 @@ ssh_ecdsa_verify(const Key *key, const u_char *signature, u_int signaturelen,
+ {
+ ECDSA_SIG *sig;
+ const EVP_MD *evp_md = evp_from_key(key);
+- EVP_MD_CTX md;
++ EVP_MD_CTX *md;
+ u_char digest[EVP_MAX_MD_SIZE], *sigblob;
+ u_int len, dlen;
+ int rlen, ret;
+ Buffer b;
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++ BIGNUM *r, *s;
++#endif
+
+ if (key == NULL || key->type != KEY_ECDSA || key->ecdsa == NULL) {
+ pamsshagentauth_logerror("ssh_ecdsa_sign: no ECDSA key");
+@@ -127,8 +141,14 @@ ssh_ecdsa_verify(const Key *key, const u_char *signature, u_int signaturelen,
+
+ pamsshagentauth_buffer_init(&b);
+ pamsshagentauth_buffer_append(&b, sigblob, len);
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ if ((pamsshagentauth_buffer_get_bignum2_ret(&b, sig->r) == -1) ||
+ (pamsshagentauth_buffer_get_bignum2_ret(&b, sig->s) == -1))
++#else
++ DSA_SIG_get0(sig, &r, &s);
++ if ((pamsshagentauth_buffer_get_bignum2_ret(&b, r) == -1) ||
++ (pamsshagentauth_buffer_get_bignum2_ret(&b, s) == -1))
++#endif
+ pamsshagentauth_fatal("ssh_ecdsa_verify:"
+ "pamsshagentauth_buffer_get_bignum2_ret failed");
+
+@@ -137,16 +157,18 @@ ssh_ecdsa_verify(const Key *key, const u_char *signature, u_int signaturelen,
+ pamsshagentauth_xfree(sigblob);
+
+ /* sha256 the data */
+- EVP_DigestInit(&md, evp_md);
+- EVP_DigestUpdate(&md, data, datalen);
+- EVP_DigestFinal(&md, digest, &dlen);
++ md = EVP_MD_CTX_create();
++ EVP_DigestInit(md, evp_md);
++ EVP_DigestUpdate(md, data, datalen);
++ EVP_DigestFinal(md, digest, &dlen);
+
+ ret = ECDSA_do_verify(digest, dlen, sig, key->ecdsa);
+ memset(digest, 'd', sizeof(digest));
++ EVP_MD_CTX_destroy(md);
+
+ ECDSA_SIG_free(sig);
+
+ pamsshagentauth_verbose("ssh_ecdsa_verify: signature %s",
+ ret == 1 ? "correct" : ret == 0 ? "incorrect" : "error");
+ return ret;
+-}
+\ No newline at end of file
++}
+diff --git a/ssh-rsa.c b/ssh-rsa.c
+index d05844b..9d74eb6 100644
+--- a/ssh-rsa.c
++++ b/ssh-rsa.c
+@@ -40,7 +40,7 @@ ssh_rsa_sign(const Key *key, u_char **sigp, u_int *lenp,
+ const u_char *data, u_int datalen)
+ {
+ const EVP_MD *evp_md;
+- EVP_MD_CTX md;
++ EVP_MD_CTX *md;
+ u_char digest[EVP_MAX_MD_SIZE], *sig;
+ u_int slen, dlen, len;
+ int ok, nid;
+@@ -55,6 +55,7 @@ ssh_rsa_sign(const Key *key, u_char **sigp, u_int *lenp,
+ pamsshagentauth_logerror("ssh_rsa_sign: EVP_get_digestbynid %d failed", nid);
+ return -1;
+ }
++ md = EVP_MD_CTX_create();
+ EVP_DigestInit(&md, evp_md);
+ EVP_DigestUpdate(&md, data, datalen);
+ EVP_DigestFinal(&md, digest, &dlen);
+@@ -64,6 +65,7 @@ ssh_rsa_sign(const Key *key, u_char **sigp, u_int *lenp,
+
+ ok = RSA_sign(nid, digest, dlen, sig, &len, key->rsa);
+ memset(digest, 'd', sizeof(digest));
++ EVP_MD_CTX_destroy(md);
+
+ if (ok != 1) {
+ int ecode = ERR_get_error();
+@@ -107,7 +109,7 @@ ssh_rsa_verify(const Key *key, const u_char *signature, u_int signaturelen,
+ {
+ Buffer b;
+ const EVP_MD *evp_md;
+- EVP_MD_CTX md;
++ EVP_MD_CTX *md;
+ char *ktype;
+ u_char digest[EVP_MAX_MD_SIZE], *sigblob;
+ u_int len, dlen, modlen;
+@@ -117,9 +119,17 @@ ssh_rsa_verify(const Key *key, const u_char *signature, u_int signaturelen,
+ pamsshagentauth_logerror("ssh_rsa_verify: no RSA key");
+ return -1;
+ }
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ if (BN_num_bits(key->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) {
++#else
++ if (BN_num_bits(RSA_get0_n(key->rsa)) < SSH_RSA_MINIMUM_MODULUS_SIZE) {
++#endif
+ pamsshagentauth_logerror("ssh_rsa_verify: RSA modulus too small: %d < minimum %d bits",
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ BN_num_bits(key->rsa->n), SSH_RSA_MINIMUM_MODULUS_SIZE);
++#else
++ BN_num_bits(RSA_get0_n(key->rsa)), SSH_RSA_MINIMUM_MODULUS_SIZE);
++#endif
+ return -1;
+ }
+ pamsshagentauth_buffer_init(&b);
+@@ -161,12 +171,14 @@ ssh_rsa_verify(const Key *key, const u_char *signature, u_int signaturelen,
+ pamsshagentauth_xfree(sigblob);
+ return -1;
+ }
+- EVP_DigestInit(&md, evp_md);
+- EVP_DigestUpdate(&md, data, datalen);
+- EVP_DigestFinal(&md, digest, &dlen);
++ md = EVP_MD_CTX_create();
++ EVP_DigestInit(md, evp_md);
++ EVP_DigestUpdate(md, data, datalen);
++ EVP_DigestFinal(md, digest, &dlen);
+
+ ret = openssh_RSA_verify(nid, digest, dlen, sigblob, len, key->rsa);
+ memset(digest, 'd', sizeof(digest));
++ EVP_MD_CTX_destroy(md);
+ memset(sigblob, 's', len);
+ pamsshagentauth_xfree(sigblob);
+ pamsshagentauth_verbose("ssh_rsa_verify: signature %scorrect", (ret==0) ? "in" : "");
diff --git a/meta-oe/recipes-extended/pam/pam-ssh-agent-auth/0002-Check-against-the-correct-OPENSSL_VERSION_NUMBER.patch b/meta-oe/recipes-extended/pam/pam-ssh-agent-auth/0002-Check-against-the-correct-OPENSSL_VERSION_NUMBER.patch
new file mode 100644
index 0000000000..b03b43fb1d
--- /dev/null
+++ b/meta-oe/recipes-extended/pam/pam-ssh-agent-auth/0002-Check-against-the-correct-OPENSSL_VERSION_NUMBER.patch
@@ -0,0 +1,365 @@
+From b2ee29809a54e16567323d8fbac2d652ee58c692 Mon Sep 17 00:00:00 2001
+From: Khem Raj <raj.khem@gmail.com>
+Date: Fri, 1 Feb 2019 22:45:19 -0800
+Subject: [PATCH] Check against the correct OPENSSL_VERSION_NUMBER
+
+From: Guido Falsi <mad@madpilot.net>
+https://sources.debian.org/src/pam-ssh-agent-auth/0.10.3-3/debian/patches/openssl-1.1.1-2.patch/
+
+Upstream-Status: Pending
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+---
+ authfd.c | 12 ++++++------
+ bufbn.c | 2 +-
+ key.c | 36 ++++++++++++++++++------------------
+ ssh-dss.c | 10 +++++-----
+ ssh-ecdsa.c | 8 ++++----
+ ssh-rsa.c | 4 ++--
+ 6 files changed, 36 insertions(+), 36 deletions(-)
+
+diff --git a/authfd.c b/authfd.c
+index f91514d..4c6cec8 100644
+--- a/authfd.c
++++ b/authfd.c
+@@ -367,7 +367,7 @@ ssh_get_next_identity(AuthenticationConnection *auth, char **comment, int versio
+ case 1:
+ key = pamsshagentauth_key_new(KEY_RSA1);
+ bits = pamsshagentauth_buffer_get_int(&auth->identities);
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100005L
+ pamsshagentauth_buffer_get_bignum(&auth->identities, key->rsa->e);
+ pamsshagentauth_buffer_get_bignum(&auth->identities, key->rsa->n);
+ *comment = pamsshagentauth_buffer_get_string(&auth->identities, NULL);
+@@ -427,7 +427,7 @@ ssh_decrypt_challenge(AuthenticationConnection *auth,
+ }
+ pamsshagentauth_buffer_init(&buffer);
+ pamsshagentauth_buffer_put_char(&buffer, SSH_AGENTC_RSA_CHALLENGE);
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100005L
+ pamsshagentauth_buffer_put_int(&buffer, BN_num_bits(key->rsa->n));
+ pamsshagentauth_buffer_put_bignum(&buffer, key->rsa->e);
+ pamsshagentauth_buffer_put_bignum(&buffer, key->rsa->n);
+@@ -512,7 +512,7 @@ ssh_agent_sign(AuthenticationConnection *auth,
+ static void
+ ssh_encode_identity_rsa1(Buffer *b, RSA *key, const char *comment)
+ {
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100005L
+ pamsshagentauth_buffer_put_int(b, BN_num_bits(key->n));
+ pamsshagentauth_buffer_put_bignum(b, key->n);
+ pamsshagentauth_buffer_put_bignum(b, key->e);
+@@ -540,7 +540,7 @@ ssh_encode_identity_ssh2(Buffer *b, Key *key, const char *comment)
+ pamsshagentauth_buffer_put_cstring(b, key_ssh_name(key));
+ switch (key->type) {
+ case KEY_RSA:
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100005L
+ pamsshagentauth_buffer_put_bignum2(b, key->rsa->n);
+ pamsshagentauth_buffer_put_bignum2(b, key->rsa->e);
+ pamsshagentauth_buffer_put_bignum2(b, key->rsa->d);
+@@ -557,7 +557,7 @@ ssh_encode_identity_ssh2(Buffer *b, Key *key, const char *comment)
+ #endif
+ break;
+ case KEY_DSA:
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100005L
+ pamsshagentauth_buffer_put_bignum2(b, key->dsa->p);
+ pamsshagentauth_buffer_put_bignum2(b, key->dsa->q);
+ pamsshagentauth_buffer_put_bignum2(b, key->dsa->g);
+@@ -649,7 +649,7 @@ ssh_remove_identity(AuthenticationConnection *auth, Key *key)
+
+ if (key->type == KEY_RSA1) {
+ pamsshagentauth_buffer_put_char(&msg, SSH_AGENTC_REMOVE_RSA_IDENTITY);
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100005L
+ pamsshagentauth_buffer_put_int(&msg, BN_num_bits(key->rsa->n));
+ pamsshagentauth_buffer_put_bignum(&msg, key->rsa->e);
+ pamsshagentauth_buffer_put_bignum(&msg, key->rsa->n);
+diff --git a/bufbn.c b/bufbn.c
+index 4ecedc1..b4754cc 100644
+--- a/bufbn.c
++++ b/bufbn.c
+@@ -151,7 +151,7 @@ pamsshagentauth_buffer_put_bignum2_ret(Buffer *buffer, const BIGNUM *value)
+ pamsshagentauth_buffer_put_int(buffer, 0);
+ return 0;
+ }
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100005L
+ if (value->neg) {
+ #else
+ if (BN_is_negative(value)) {
+diff --git a/key.c b/key.c
+index aedbbb5..dcc5fc8 100644
+--- a/key.c
++++ b/key.c
+@@ -77,7 +77,7 @@ pamsshagentauth_key_new(int type)
+ case KEY_RSA:
+ if ((rsa = RSA_new()) == NULL)
+ pamsshagentauth_fatal("key_new: RSA_new failed");
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100005L
+ if ((rsa->n = BN_new()) == NULL)
+ pamsshagentauth_fatal("key_new: BN_new failed");
+ if ((rsa->e = BN_new()) == NULL)
+@@ -91,7 +91,7 @@ pamsshagentauth_key_new(int type)
+ case KEY_DSA:
+ if ((dsa = DSA_new()) == NULL)
+ pamsshagentauth_fatal("key_new: DSA_new failed");
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100005L
+ if ((dsa->p = BN_new()) == NULL)
+ pamsshagentauth_fatal("key_new: BN_new failed");
+ if ((dsa->q = BN_new()) == NULL)
+@@ -130,7 +130,7 @@ pamsshagentauth_key_new_private(int type)
+ switch (k->type) {
+ case KEY_RSA1:
+ case KEY_RSA:
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100005L
+ if ((k->rsa->d = BN_new()) == NULL)
+ pamsshagentauth_fatal("key_new_private: BN_new failed");
+ if ((k->rsa->iqmp = BN_new()) == NULL)
+@@ -153,7 +153,7 @@ pamsshagentauth_key_new_private(int type)
+ #endif
+ break;
+ case KEY_DSA:
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100005L
+ if ((k->dsa->priv_key = BN_new()) == NULL)
+ pamsshagentauth_fatal("key_new_private: BN_new failed");
+ #else
+@@ -162,7 +162,7 @@ pamsshagentauth_key_new_private(int type)
+ #endif
+ break;
+ case KEY_ECDSA:
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100005L
+ if (EC_KEY_set_private_key(k->ecdsa, BN_new()) != 1)
+ pamsshagentauth_fatal("key_new_private: EC_KEY_set_private_key failed");
+ #else
+@@ -224,7 +224,7 @@ pamsshagentauth_key_equal(const Key *a, const Key *b)
+ case KEY_RSA1:
+ case KEY_RSA:
+ return a->rsa != NULL && b->rsa != NULL &&
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100005L
+ BN_cmp(a->rsa->e, b->rsa->e) == 0 &&
+ BN_cmp(a->rsa->n, b->rsa->n) == 0;
+ #else
+@@ -233,7 +233,7 @@ pamsshagentauth_key_equal(const Key *a, const Key *b)
+ #endif
+ case KEY_DSA:
+ return a->dsa != NULL && b->dsa != NULL &&
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100005L
+ BN_cmp(a->dsa->p, b->dsa->p) == 0 &&
+ BN_cmp(a->dsa->q, b->dsa->q) == 0 &&
+ BN_cmp(a->dsa->g, b->dsa->g) == 0 &&
+@@ -293,7 +293,7 @@ pamsshagentauth_key_fingerprint_raw(const Key *k, enum fp_type dgst_type,
+ }
+ switch (k->type) {
+ case KEY_RSA1:
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100005L
+ nlen = BN_num_bytes(k->rsa->n);
+ elen = BN_num_bytes(k->rsa->e);
+ len = nlen + elen;
+@@ -510,7 +510,7 @@ pamsshagentauth_key_read(Key *ret, char **cpp)
+ return -1;
+ *cpp = cp;
+ /* Get public exponent, public modulus. */
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100005L
+ if (!read_bignum(cpp, ret->rsa->e))
+ return -1;
+ if (!read_bignum(cpp, ret->rsa->n))
+@@ -643,7 +643,7 @@ pamsshagentauth_key_write(const Key *key, FILE *f)
+
+ if (key->type == KEY_RSA1 && key->rsa != NULL) {
+ /* size of modulus 'n' */
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100005L
+ bits = BN_num_bits(key->rsa->n);
+ fprintf(f, "%u", bits);
+ if (write_bignum(f, key->rsa->e) &&
+@@ -742,7 +742,7 @@ pamsshagentauth_key_size(const Key *k)
+ {
+ switch (k->type) {
+ case KEY_RSA1:
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100005L
+ case KEY_RSA:
+ return BN_num_bits(k->rsa->n);
+ case KEY_DSA:
+@@ -843,7 +843,7 @@ pamsshagentauth_key_from_private(const Key *k)
+ switch (k->type) {
+ case KEY_DSA:
+ n = pamsshagentauth_key_new(k->type);
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100005L
+ if ((BN_copy(n->dsa->p, k->dsa->p) == NULL) ||
+ (BN_copy(n->dsa->q, k->dsa->q) == NULL) ||
+ (BN_copy(n->dsa->g, k->dsa->g) == NULL) ||
+@@ -859,7 +859,7 @@ pamsshagentauth_key_from_private(const Key *k)
+ case KEY_RSA:
+ case KEY_RSA1:
+ n = pamsshagentauth_key_new(k->type);
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100005L
+ if ((BN_copy(n->rsa->n, k->rsa->n) == NULL) ||
+ (BN_copy(n->rsa->e, k->rsa->e) == NULL))
+ #else
+@@ -967,7 +967,7 @@ pamsshagentauth_key_from_blob(const u_char *blob, u_int blen)
+ switch (type) {
+ case KEY_RSA:
+ key = pamsshagentauth_key_new(type);
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100005L
+ if (pamsshagentauth_buffer_get_bignum2_ret(&b, key->rsa->e) == -1 ||
+ pamsshagentauth_buffer_get_bignum2_ret(&b, key->rsa->n) == -1) {
+ #else
+@@ -985,7 +985,7 @@ pamsshagentauth_key_from_blob(const u_char *blob, u_int blen)
+ break;
+ case KEY_DSA:
+ key = pamsshagentauth_key_new(type);
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100005L
+ if (pamsshagentauth_buffer_get_bignum2_ret(&b, key->dsa->p) == -1 ||
+ pamsshagentauth_buffer_get_bignum2_ret(&b, key->dsa->q) == -1 ||
+ pamsshagentauth_buffer_get_bignum2_ret(&b, key->dsa->g) == -1 ||
+@@ -1113,7 +1113,7 @@ pamsshagentauth_key_to_blob(const Key *key, u_char **blobp, u_int *lenp)
+ }
+ pamsshagentauth_buffer_init(&b);
+ switch (key->type) {
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100005L
+ case KEY_DSA:
+ pamsshagentauth_buffer_put_cstring(&b, key_ssh_name(key));
+ pamsshagentauth_buffer_put_bignum2(&b, key->dsa->p);
+@@ -1251,7 +1251,7 @@ pamsshagentauth_key_demote(const Key *k)
+ case KEY_RSA:
+ if ((pk->rsa = RSA_new()) == NULL)
+ pamsshagentauth_fatal("key_demote: RSA_new failed");
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100005L
+ if ((pk->rsa->e = BN_dup(k->rsa->e)) == NULL)
+ pamsshagentauth_fatal("key_demote: BN_dup failed");
+ if ((pk->rsa->n = BN_dup(k->rsa->n)) == NULL)
+@@ -1264,7 +1264,7 @@ pamsshagentauth_key_demote(const Key *k)
+ case KEY_DSA:
+ if ((pk->dsa = DSA_new()) == NULL)
+ pamsshagentauth_fatal("key_demote: DSA_new failed");
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100005L
+ if ((pk->dsa->p = BN_dup(k->dsa->p)) == NULL)
+ pamsshagentauth_fatal("key_demote: BN_dup failed");
+ if ((pk->dsa->q = BN_dup(k->dsa->q)) == NULL)
+diff --git a/ssh-dss.c b/ssh-dss.c
+index 1051ae2..9b96274 100644
+--- a/ssh-dss.c
++++ b/ssh-dss.c
+@@ -52,7 +52,7 @@ ssh_dss_sign(const Key *key, u_char **sigp, u_int *lenp,
+ u_char digest[EVP_MAX_MD_SIZE], sigblob[SIGBLOB_LEN];
+ u_int rlen, slen, len, dlen;
+ Buffer b;
+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++#if OPENSSL_VERSION_NUMBER >= 0x10100005L
+ const BIGNUM *r, *s;
+ #endif
+
+@@ -74,7 +74,7 @@ ssh_dss_sign(const Key *key, u_char **sigp, u_int *lenp,
+ return -1;
+ }
+
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100005L
+ rlen = BN_num_bytes(sig->r);
+ slen = BN_num_bytes(sig->s);
+ #else
+@@ -88,7 +88,7 @@ ssh_dss_sign(const Key *key, u_char **sigp, u_int *lenp,
+ return -1;
+ }
+ memset(sigblob, 0, SIGBLOB_LEN);
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100005L
+ BN_bn2bin(sig->r, sigblob+ SIGBLOB_LEN - INTBLOB_LEN - rlen);
+ BN_bn2bin(sig->s, sigblob+ SIGBLOB_LEN - slen);
+ #else
+@@ -131,7 +131,7 @@ ssh_dss_verify(const Key *key, const u_char *signature, u_int signaturelen,
+ u_int len, dlen;
+ int rlen, ret;
+ Buffer b;
+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++#if OPENSSL_VERSION_NUMBER >= 0x10100005L
+ BIGNUM *r, *s;
+ #endif
+
+@@ -176,7 +176,7 @@ ssh_dss_verify(const Key *key, const u_char *signature, u_int signaturelen,
+ /* parse signature */
+ if ((sig = DSA_SIG_new()) == NULL)
+ pamsshagentauth_fatal("ssh_dss_verify: DSA_SIG_new failed");
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100005L
+ if ((sig->r = BN_new()) == NULL)
+ pamsshagentauth_fatal("ssh_dss_verify: BN_new failed");
+ if ((sig->s = BN_new()) == NULL)
+diff --git a/ssh-ecdsa.c b/ssh-ecdsa.c
+index c213959..5b13b30 100644
+--- a/ssh-ecdsa.c
++++ b/ssh-ecdsa.c
+@@ -45,7 +45,7 @@ ssh_ecdsa_sign(const Key *key, u_char **sigp, u_int *lenp,
+ u_char digest[EVP_MAX_MD_SIZE];
+ u_int len, dlen;
+ Buffer b, bb;
+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++#if OPENSSL_VERSION_NUMBER >= 0x10100005L
+ BIGNUM *r, *s;
+ #endif
+
+@@ -69,7 +69,7 @@ ssh_ecdsa_sign(const Key *key, u_char **sigp, u_int *lenp,
+ }
+
+ pamsshagentauth_buffer_init(&bb);
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100005L
+ if (pamsshagentauth_buffer_get_bignum2_ret(&bb, sig->r) == -1 ||
+ pamsshagentauth_buffer_get_bignum2_ret(&bb, sig->s) == -1) {
+ #else
+@@ -110,7 +110,7 @@ ssh_ecdsa_verify(const Key *key, const u_char *signature, u_int signaturelen,
+ u_int len, dlen;
+ int rlen, ret;
+ Buffer b;
+-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++#if OPENSSL_VERSION_NUMBER >= 0x10100005L
+ BIGNUM *r, *s;
+ #endif
+
+@@ -141,7 +141,7 @@ ssh_ecdsa_verify(const Key *key, const u_char *signature, u_int signaturelen,
+
+ pamsshagentauth_buffer_init(&b);
+ pamsshagentauth_buffer_append(&b, sigblob, len);
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100005L
+ if ((pamsshagentauth_buffer_get_bignum2_ret(&b, sig->r) == -1) ||
+ (pamsshagentauth_buffer_get_bignum2_ret(&b, sig->s) == -1))
+ #else
+diff --git a/ssh-rsa.c b/ssh-rsa.c
+index 9d74eb6..35f2e36 100644
+--- a/ssh-rsa.c
++++ b/ssh-rsa.c
+@@ -119,13 +119,13 @@ ssh_rsa_verify(const Key *key, const u_char *signature, u_int signaturelen,
+ pamsshagentauth_logerror("ssh_rsa_verify: no RSA key");
+ return -1;
+ }
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100005L
+ if (BN_num_bits(key->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) {
+ #else
+ if (BN_num_bits(RSA_get0_n(key->rsa)) < SSH_RSA_MINIMUM_MODULUS_SIZE) {
+ #endif
+ pamsshagentauth_logerror("ssh_rsa_verify: RSA modulus too small: %d < minimum %d bits",
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100005L
+ BN_num_bits(key->rsa->n), SSH_RSA_MINIMUM_MODULUS_SIZE);
+ #else
+ BN_num_bits(RSA_get0_n(key->rsa)), SSH_RSA_MINIMUM_MODULUS_SIZE);
diff --git a/meta-oe/recipes-extended/pam/pam-ssh-agent-auth_0.10.3.bb b/meta-oe/recipes-extended/pam/pam-ssh-agent-auth_0.10.3.bb
index 2a461fc11a..ac7fa4bbf7 100644
--- a/meta-oe/recipes-extended/pam/pam-ssh-agent-auth_0.10.3.bb
+++ b/meta-oe/recipes-extended/pam/pam-ssh-agent-auth_0.10.3.bb
@@ -7,11 +7,14 @@ LIC_FILES_CHKSUM = "file://LICENSE.OpenSSL;md5=8ab01146141ded59b75f8ba7811ed05a
file://OPENSSH_LICENSE;md5=7ae09218173be1643c998a4b71027f9b \
"
-SRC_URI = "http://sourceforge.net/projects/pamsshagentauth/files/pam_ssh_agent_auth/v${PV}/pam_ssh_agent_auth-${PV}.tar.bz2"
+SRC_URI = "http://sourceforge.net/projects/pamsshagentauth/files/pam_ssh_agent_auth/v${PV}/pam_ssh_agent_auth-${PV}.tar.bz2 \
+ file://0001-Adapt-to-OpenSSL-1.1.1.patch \
+ file://0002-Check-against-the-correct-OPENSSL_VERSION_NUMBER.patch \
+ "
SRC_URI[md5sum] = "8dbe90ab3625e545036333e6f51ccf1d"
SRC_URI[sha256sum] = "3c53d358d6eaed1b211239df017c27c6f9970995d14102ae67bae16d4f47a763"
-DEPENDS += "libpam openssl10"
+DEPENDS += "libpam openssl"
inherit distro_features_check
REQUIRED_DISTRO_FEATURES = "pam"
--
2.20.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [meta-multimedia][PATCH 2/4] rtmpdump: Switch to using GNU TLS instead of openssl10
2019-02-03 15:06 [meta-oe][PATCH 1/4] pam-ssh-agent-auth: Port to work with openssl 1.1.x Khem Raj
@ 2019-02-03 15:06 ` Khem Raj
2019-02-03 15:06 ` [meta-filesystems][PATCH 3/4] owfs: Inherit systemd Khem Raj
2019-02-03 15:06 ` [meta-multimedia][PATCH 4/4] oscam: Update to latest svn revision 11491 Khem Raj
2 siblings, 0 replies; 4+ messages in thread
From: Khem Raj @ 2019-02-03 15:06 UTC (permalink / raw)
To: openembedded-devel
Signed-off-by: Khem Raj <raj.khem@gmail.com>
---
meta-multimedia/recipes-multimedia/rtmpdump/rtmpdump_2.4.bb | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/meta-multimedia/recipes-multimedia/rtmpdump/rtmpdump_2.4.bb b/meta-multimedia/recipes-multimedia/rtmpdump/rtmpdump_2.4.bb
index a72b0d651e..5f78be4f51 100644
--- a/meta-multimedia/recipes-multimedia/rtmpdump/rtmpdump_2.4.bb
+++ b/meta-multimedia/recipes-multimedia/rtmpdump/rtmpdump_2.4.bb
@@ -5,7 +5,7 @@ HOMEPAGE = "http://rtmpdump.mplayerhq.hu/"
LICENSE = "GPLv2"
LIC_FILES_CHKSUM = "file://COPYING;md5=751419260aa954499f7abaabaa882bbe"
-DEPENDS = "openssl10 zlib"
+DEPENDS = "gnutls zlib"
SRCREV = "fa8646daeb19dfd12c181f7d19de708d623704c0"
SRC_URI = " \
@@ -18,5 +18,5 @@ inherit autotools-brokensep
EXTRA_OEMAKE = " \
CC='${CC}' LD='${LD} ${STAGING_LIBDIR}' XCFLAGS='${CFLAGS}' XLDFLAGS='${LDFLAGS}' \
- SYS=posix INC=-I=/usr/include DESTDIR=${D} \
+ SYS=posix INC=-I=/usr/include DESTDIR=${D} CRYPTO=GNUTLS \
prefix=${prefix} libdir=${libdir} incdir=${includedir}/librtmp bindir=${bindir} mandir=${mandir}"
--
2.20.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [meta-filesystems][PATCH 3/4] owfs: Inherit systemd
2019-02-03 15:06 [meta-oe][PATCH 1/4] pam-ssh-agent-auth: Port to work with openssl 1.1.x Khem Raj
2019-02-03 15:06 ` [meta-multimedia][PATCH 2/4] rtmpdump: Switch to using GNU TLS instead of openssl10 Khem Raj
@ 2019-02-03 15:06 ` Khem Raj
2019-02-03 15:06 ` [meta-multimedia][PATCH 4/4] oscam: Update to latest svn revision 11491 Khem Raj
2 siblings, 0 replies; 4+ messages in thread
From: Khem Raj @ 2019-02-03 15:06 UTC (permalink / raw)
To: openembedded-devel
Fix
ERROR: QA Issue: owfs: Files/directories were installed but not shipped in any package:
/lib
/lib/systemd
/lib/systemd/system
/lib/systemd/system/owfs.service
/lib/systemd/system/owftpd.service
/lib/systemd/system/owhttpd.service
/lib/systemd/system/owserver.service
/lib/systemd/system/owserver.socket
Signed-off-by: Khem Raj <raj.khem@gmail.com>
---
meta-filesystems/recipes-filesystems/owfs/owfs_3.2p2.bb | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/meta-filesystems/recipes-filesystems/owfs/owfs_3.2p2.bb b/meta-filesystems/recipes-filesystems/owfs/owfs_3.2p2.bb
index 50865cccda..326ce0aea8 100644
--- a/meta-filesystems/recipes-filesystems/owfs/owfs_3.2p2.bb
+++ b/meta-filesystems/recipes-filesystems/owfs/owfs_3.2p2.bb
@@ -18,7 +18,7 @@ SRC_URI = "git://github.com/owfs/owfs \
S = "${WORKDIR}/git"
-inherit autotools-brokensep update-rc.d pkgconfig
+inherit autotools-brokensep update-rc.d pkgconfig systemd
EXTRA_OECONF = " \
--with-fuseinclude=${STAGING_INCDIR} \
--
2.20.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [meta-multimedia][PATCH 4/4] oscam: Update to latest svn revision 11491
2019-02-03 15:06 [meta-oe][PATCH 1/4] pam-ssh-agent-auth: Port to work with openssl 1.1.x Khem Raj
2019-02-03 15:06 ` [meta-multimedia][PATCH 2/4] rtmpdump: Switch to using GNU TLS instead of openssl10 Khem Raj
2019-02-03 15:06 ` [meta-filesystems][PATCH 3/4] owfs: Inherit systemd Khem Raj
@ 2019-02-03 15:06 ` Khem Raj
2 siblings, 0 replies; 4+ messages in thread
From: Khem Raj @ 2019-02-03 15:06 UTC (permalink / raw)
To: openembedded-devel
Supports openssl 1.1.x
Drop upstreamed patch
Signed-off-by: Khem Raj <raj.khem@gmail.com>
---
...macros.h-for-major-minor-definitions.patch | 26 -------------------
.../recipes-dvb/oscam/oscam_svn.bb | 5 ++--
2 files changed, 2 insertions(+), 29 deletions(-)
delete mode 100644 meta-multimedia/recipes-dvb/oscam/oscam/0001-include-sys-sysmacros.h-for-major-minor-definitions.patch
diff --git a/meta-multimedia/recipes-dvb/oscam/oscam/0001-include-sys-sysmacros.h-for-major-minor-definitions.patch b/meta-multimedia/recipes-dvb/oscam/oscam/0001-include-sys-sysmacros.h-for-major-minor-definitions.patch
deleted file mode 100644
index d3d89e333b..0000000000
--- a/meta-multimedia/recipes-dvb/oscam/oscam/0001-include-sys-sysmacros.h-for-major-minor-definitions.patch
+++ /dev/null
@@ -1,26 +0,0 @@
-From a372fe467495a674ad6244b67e83dfbfa8455f51 Mon Sep 17 00:00:00 2001
-From: Khem Raj <raj.khem@gmail.com>
-Date: Sat, 11 Aug 2018 13:54:32 -0700
-Subject: [PATCH] include sys/sysmacros.h for major/minor definitions
-
-csctapi/ifd_db2com.c:27: undefined reference to `minor'
-collect2: error: ld returned 1 exit status
-
-Upstream-Status: Pending
-Signed-off-by: Khem Raj <raj.khem@gmail.com>
----
- globals.h | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/globals.h b/globals.h
-index bd12244..9e10225 100644
---- a/globals.h
-+++ b/globals.h
-@@ -36,6 +36,7 @@
- #include <termios.h>
- #include <inttypes.h>
- #include <sys/utsname.h>
-+#include <sys/sysmacros.h>
-
- /*
- * The following hack is taken from Linux: include/linux/kconfig.h
diff --git a/meta-multimedia/recipes-dvb/oscam/oscam_svn.bb b/meta-multimedia/recipes-dvb/oscam/oscam_svn.bb
index a8aec113cd..5acdd7ebc7 100644
--- a/meta-multimedia/recipes-dvb/oscam/oscam_svn.bb
+++ b/meta-multimedia/recipes-dvb/oscam/oscam_svn.bb
@@ -4,12 +4,11 @@ HOMEPAGE = "http://www.streamboard.tv/oscam/"
LICENSE = "GPLv3"
LIC_FILES_CHKSUM = "file://COPYING;md5=d32239bcb673463ab874e80d47fae504"
-DEPENDS = "libusb1 openssl10 pcsc-lite"
+DEPENDS = "libusb1 openssl pcsc-lite"
SRC_URI = "svn://www.streamboard.tv/svn/oscam;module=trunk;protocol=http \
- file://0001-include-sys-sysmacros.h-for-major-minor-definitions.patch \
"
-SRCREV = "11431"
+SRCREV = "11491"
PV = "1.10+${SRCPV}"
S = "${WORKDIR}/trunk"
--
2.20.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
end of thread, other threads:[~2019-02-03 15:06 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-02-03 15:06 [meta-oe][PATCH 1/4] pam-ssh-agent-auth: Port to work with openssl 1.1.x Khem Raj
2019-02-03 15:06 ` [meta-multimedia][PATCH 2/4] rtmpdump: Switch to using GNU TLS instead of openssl10 Khem Raj
2019-02-03 15:06 ` [meta-filesystems][PATCH 3/4] owfs: Inherit systemd Khem Raj
2019-02-03 15:06 ` [meta-multimedia][PATCH 4/4] oscam: Update to latest svn revision 11491 Khem Raj
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.