From 7bc5aba1dfc4e32e05df165e704b416b614e7004 Mon Sep 17 00:00:00 2001
From: Rosen Penev <rosenp@gmail.com>
Date: Tue, 6 Nov 2018 12:14:57 -0800
Subject: [PATCH] libssh: Fix compile without OpenSSL deprecated APIs

Backported several patches from version 0.8 to fix this.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
---
 libs/libssh/Makefile                          |  2 +-
 ...API-call-for-OpenSSL-CRYPTO-THREADID.patch | 83 +++++++++++++++++++
 libs/libssh/patches/001-compile.patch         |  2 +-
 ...-use-deprecated-function-with-newer-.patch | 43 ++++++++++
 ...to-Avoid-segfault-with-OpenSSL-1.1.0.patch | 29 +++++++
 ...i_crypto-Avoid-potential-memory-leak.patch | 36 ++++++++
 ...lation-for-OpenSSL-without-deprecate.patch | 65 +++++++++++++++
 7 files changed, 258 insertions(+), 2 deletions(-)
 create mode 100644 libs/libssh/patches/0009-threads-Use-new-API-call-for-OpenSSL-CRYPTO-THREADID.patch
 create mode 100644 libs/libssh/patches/0010-pki_crypto-Don-t-use-deprecated-function-with-newer-.patch
 create mode 100644 libs/libssh/patches/0011-pki_crypto-Avoid-segfault-with-OpenSSL-1.1.0.patch
 create mode 100644 libs/libssh/patches/0012-pki_crypto-Avoid-potential-memory-leak.patch
 create mode 100644 libs/libssh/patches/0013-crypto-Fix-compilation-for-OpenSSL-without-deprecate.patch

diff --git a/libs/libssh/Makefile b/libs/libssh/Makefile
index 6ffb70045..babc08973 100644
--- a/libs/libssh/Makefile
+++ b/libs/libssh/Makefile
@@ -12,7 +12,7 @@ PKG_MAINTAINER:=Mislav Novakovic <mislav.novakovic@sartura.hr>
 
 PKG_NAME:=libssh
 PKG_VERSION:=0.7.6
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
 PKG_SOURCE_URL:=https://www.libssh.org/files/0.7/
diff --git a/libs/libssh/patches/0009-threads-Use-new-API-call-for-OpenSSL-CRYPTO-THREADID.patch b/libs/libssh/patches/0009-threads-Use-new-API-call-for-OpenSSL-CRYPTO-THREADID.patch
new file mode 100644
index 000000000..e56a6c602
--- /dev/null
+++ b/libs/libssh/patches/0009-threads-Use-new-API-call-for-OpenSSL-CRYPTO-THREADID.patch
@@ -0,0 +1,83 @@
+From a8523d83c242c6f71dbf69fab0ca91d768e78f05 Mon Sep 17 00:00:00 2001
+From: Andreas Schneider <asn@cryptomilk.org>
+Date: Sun, 6 Nov 2016 12:07:32 +0100
+Subject: [PATCH] threads: Use new API call for OpenSSL CRYPTO THREADID
+
+BUG: https://red.libssh.org/issues/222
+
+Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
+---
+ ConfigureChecks.cmake |  4 ++++
+ config.h.cmake        |  3 +++
+ src/threads.c         | 19 +++++++++++++++++--
+ 3 files changed, 24 insertions(+), 2 deletions(-)
+
+diff --git a/ConfigureChecks.cmake b/ConfigureChecks.cmake
+index 0a53c5b1..43179d8f 100644
+--- a/ConfigureChecks.cmake
++++ b/ConfigureChecks.cmake
+@@ -95,6 +95,10 @@ if (OPENSSL_FOUND)
+     set(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR})
+     set(CMAKE_REQUIRED_LIBRARIES ${OPENSSL_CRYPTO_LIBRARY})
+     check_function_exists(CRYPTO_ctr128_encrypt HAVE_OPENSSL_CRYPTO_CTR128_ENCRYPT)
++
++    set(CMAKE_REQUIRED_INCLUDES ${OPENSSL_INCLUDE_DIR})
++    set(CMAKE_REQUIRED_LIBRARIES ${OPENSSL_CRYPTO_LIBRARY})
++    check_function_exists(CRYPTO_THREADID_set_callback HAVE_OPENSSL_CRYPTO_THREADID_SET_CALLBACK)
+ endif()
+ 
+ if (CMAKE_HAVE_PTHREAD_H)
+diff --git a/config.h.cmake b/config.h.cmake
+index 3e7f7939..b87fea5c 100644
+--- a/config.h.cmake
++++ b/config.h.cmake
+@@ -79,6 +79,9 @@
+ /* Define to 1 if you have the `CRYPTO_ctr128_encrypt' function. */
+ #cmakedefine HAVE_OPENSSL_CRYPTO_CTR128_ENCRYPT 1
+ 
++/* Define to 1 if you have the `CRYPTO_THREADID_set_callback' function. */
++#cmakedefine HAVE_OPENSSL_CRYPTO_THREADID_SET_CALLBACK 1
++
+ /* Define to 1 if you have the `snprintf' function. */
+ #cmakedefine HAVE_SNPRINTF 1
+ 
+diff --git a/src/threads.c b/src/threads.c
+index 7f3a304e..062c3b84 100644
+--- a/src/threads.c
++++ b/src/threads.c
+@@ -116,6 +116,15 @@ static void libcrypto_lock_callback(int mode, int i, const char *file, int line)
+ 	}
+ }
+ 
++#ifdef HAVE_OPENSSL_CRYPTO_THREADID_SET_CALLBACK
++static void libcrypto_THREADID_callback(CRYPTO_THREADID *id)
++{
++    unsigned long thread_id = (*user_callbacks->thread_id)();
++
++    CRYPTO_THREADID_set_numeric(id, thread_id);
++}
++#endif /* HAVE_OPENSSL_CRYPTO_THREADID_SET_CALLBACK */
++
+ static int libcrypto_thread_init(void){
+ 	int n=CRYPTO_num_locks();
+ 	int i;
+@@ -127,8 +136,14 @@ static int libcrypto_thread_init(void){
+ 	for (i=0;i<n;++i){
+ 		user_callbacks->mutex_init(&libcrypto_mutexes[i]);
+ 	}
+-  CRYPTO_set_id_callback(user_callbacks->thread_id);
+-	CRYPTO_set_locking_callback(libcrypto_lock_callback);
++
++#ifdef HAVE_OPENSSL_CRYPTO_THREADID_SET_CALLBACK
++    CRYPTO_THREADID_set_callback(libcrypto_THREADID_callback);
++#else
++    CRYPTO_set_id_callback(user_callbacks->thread_id);
++#endif
++
++    CRYPTO_set_locking_callback(libcrypto_lock_callback);
+ 
+ 	return SSH_OK;
+ }
+-- 
+2.19.1
+
diff --git a/libs/libssh/patches/001-compile.patch b/libs/libssh/patches/001-compile.patch
index c89179247..b186bb421 100644
--- a/libs/libssh/patches/001-compile.patch
+++ b/libs/libssh/patches/001-compile.patch
@@ -21,7 +21,7 @@
  
  set(PACKAGE ${APPLICATION_NAME})
  set(VERSION ${APPLICATION_VERSION})
-@@ -272,6 +271,8 @@ if (WITH_GSSAPI AND NOT GSSAPI_FOUND)
+@@ -276,6 +275,8 @@ if (WITH_GSSAPI AND NOT GSSAPI_FOUND)
  endif (WITH_GSSAPI AND NOT GSSAPI_FOUND)
  
  # ENDIAN
diff --git a/libs/libssh/patches/0010-pki_crypto-Don-t-use-deprecated-function-with-newer-.patch b/libs/libssh/patches/0010-pki_crypto-Don-t-use-deprecated-function-with-newer-.patch
new file mode 100644
index 000000000..68d2e4fd3
--- /dev/null
+++ b/libs/libssh/patches/0010-pki_crypto-Don-t-use-deprecated-function-with-newer-.patch
@@ -0,0 +1,43 @@
+From 8d5cf617d53d0545a0d141abf94396c28ca7e736 Mon Sep 17 00:00:00 2001
+From: Andreas Schneider <asn@cryptomilk.org>
+Date: Sun, 29 Oct 2017 16:06:14 +0100
+Subject: [PATCH] pki_crypto: Don't use deprecated function with newer
+ OpenSSL
+
+Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
+---
+ src/pki_crypto.c | 13 +++++++++++++
+ 1 file changed, 13 insertions(+)
+
+diff --git a/src/pki_crypto.c b/src/pki_crypto.c
+index 9e27436c..34d6e81c 100644
+--- a/src/pki_crypto.c
++++ b/src/pki_crypto.c
+@@ -451,11 +451,24 @@ int pki_key_generate_rsa(ssh_key key, int parameter){
+ 
+ int pki_key_generate_dss(ssh_key key, int parameter){
+     int rc;
++#if OPENSSL_VERSION_NUMBER > 0x10100000L
++    rc = DSA_generate_parameters_ex(key->dsa,
++                                    parameter,
++                                    NULL,  /* seed */
++                                    0,     /* seed_len */
++                                    NULL,  /* counter_ret */
++                                    NULL,  /* h_ret */
++                                    NULL); /* cb */
++    if (rc != 1) {
++        return SSH_ERROR;
++    }
++#else
+     key->dsa = DSA_generate_parameters(parameter, NULL, 0, NULL, NULL,
+             NULL, NULL);
+     if(key->dsa == NULL){
+         return SSH_ERROR;
+     }
++#endif
+     rc = DSA_generate_key(key->dsa);
+     if (rc != 1){
+         DSA_free(key->dsa);
+-- 
+2.19.1
+
diff --git a/libs/libssh/patches/0011-pki_crypto-Avoid-segfault-with-OpenSSL-1.1.0.patch b/libs/libssh/patches/0011-pki_crypto-Avoid-segfault-with-OpenSSL-1.1.0.patch
new file mode 100644
index 000000000..9329eaef3
--- /dev/null
+++ b/libs/libssh/patches/0011-pki_crypto-Avoid-segfault-with-OpenSSL-1.1.0.patch
@@ -0,0 +1,29 @@
+From ab67e42d6a0529f5fb81ee86049bf10abe99f839 Mon Sep 17 00:00:00 2001
+From: Jakub Jelen <jjelen@redhat.com>
+Date: Tue, 7 Nov 2017 09:38:40 +0100
+Subject: [PATCH] pki_crypto: Avoid segfault with OpenSSL 1.1.0
+
+Signed-off-by: Jakub Jelen <jjelen@redhat.com>
+Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
+---
+ src/pki_crypto.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/src/pki_crypto.c b/src/pki_crypto.c
+index 34d6e81c..30f49a81 100644
+--- a/src/pki_crypto.c
++++ b/src/pki_crypto.c
+@@ -452,6 +452,10 @@ int pki_key_generate_rsa(ssh_key key, int parameter){
+ int pki_key_generate_dss(ssh_key key, int parameter){
+     int rc;
+ #if OPENSSL_VERSION_NUMBER > 0x10100000L
++    key->dsa = DSA_new();
++    if (!key->dsa) {
++        return SSH_ERROR;
++    }
+     rc = DSA_generate_parameters_ex(key->dsa,
+                                     parameter,
+                                     NULL,  /* seed */
+-- 
+2.19.1
+
diff --git a/libs/libssh/patches/0012-pki_crypto-Avoid-potential-memory-leak.patch b/libs/libssh/patches/0012-pki_crypto-Avoid-potential-memory-leak.patch
new file mode 100644
index 000000000..d587276a2
--- /dev/null
+++ b/libs/libssh/patches/0012-pki_crypto-Avoid-potential-memory-leak.patch
@@ -0,0 +1,36 @@
+From c39f7578765859d7416e4140c92d034c8cae3341 Mon Sep 17 00:00:00 2001
+From: Jakub Jelen <jjelen@redhat.com>
+Date: Wed, 8 Nov 2017 15:35:08 +0100
+Subject: [PATCH] pki_crypto: Avoid potential memory leak
+
+Signed-off-by: Jakub Jelen <jjelen@redhat.com>
+Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
+---
+ src/pki_crypto.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/src/pki_crypto.c b/src/pki_crypto.c
+index 30f49a81..d9f7753a 100644
+--- a/src/pki_crypto.c
++++ b/src/pki_crypto.c
+@@ -453,7 +453,7 @@ int pki_key_generate_dss(ssh_key key, int parameter){
+     int rc;
+ #if OPENSSL_VERSION_NUMBER > 0x10100000L
+     key->dsa = DSA_new();
+-    if (!key->dsa) {
++    if (key->dsa == NULL) {
+         return SSH_ERROR;
+     }
+     rc = DSA_generate_parameters_ex(key->dsa,
+@@ -464,6 +464,8 @@ int pki_key_generate_dss(ssh_key key, int parameter){
+                                     NULL,  /* h_ret */
+                                     NULL); /* cb */
+     if (rc != 1) {
++        DSA_free(key->dsa);
++        key->dsa = NULL;
+         return SSH_ERROR;
+     }
+ #else
+-- 
+2.19.1
+
diff --git a/libs/libssh/patches/0013-crypto-Fix-compilation-for-OpenSSL-without-deprecate.patch b/libs/libssh/patches/0013-crypto-Fix-compilation-for-OpenSSL-without-deprecate.patch
new file mode 100644
index 000000000..9892c8c5b
--- /dev/null
+++ b/libs/libssh/patches/0013-crypto-Fix-compilation-for-OpenSSL-without-deprecate.patch
@@ -0,0 +1,65 @@
+From 8349ff1ec3d001aa85cc94a9004509cca8ebf036 Mon Sep 17 00:00:00 2001
+From: Rosen Penev <rosenp@gmail.com>
+Date: Wed, 7 Nov 2018 17:17:53 -0800
+Subject: [PATCH] crypto: Fix compilation for OpenSSL without deprecated
+ APIs
+
+Added missing bn.h include.
+
+Made engine.h include conditional, otherwise it would fail.
+
+DSA_generate_parameters was deprecated long before 1.1.0.
+
+Signed-off-by: Rosen Penev <rosenp@gmail.com>
+---
+ src/libcrypto-compat.c | 5 ++++-
+ src/libcrypto-compat.h | 1 +
+ src/pki_crypto.c       | 2 +-
+ 3 files changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/src/libcrypto-compat.c b/src/libcrypto-compat.c
+index 4b1f36a5..b8b4f11a 100644
+--- a/src/libcrypto-compat.c
++++ b/src/libcrypto-compat.c
+@@ -8,9 +8,12 @@
+  */
+ 
+ #include <string.h>
+-#include <openssl/engine.h>
+ #include "libcrypto-compat.h"
+ 
++#ifndef OPENSSL_NO_ENGINE
++#include <openssl/engine.h>
++#endif
++
+ static void *OPENSSL_zalloc(size_t num)
+ {
+     void *ret = OPENSSL_malloc(num);
+diff --git a/src/libcrypto-compat.h b/src/libcrypto-compat.h
+index 21542c65..00e4f2a3 100644
+--- a/src/libcrypto-compat.h
++++ b/src/libcrypto-compat.h
+@@ -10,6 +10,7 @@
+ #include <openssl/dh.h>
+ #include <openssl/evp.h>
+ #include <openssl/hmac.h>
++#include <openssl/bn.h>
+ 
+ int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d);
+ int RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q);
+diff --git a/src/pki_crypto.c b/src/pki_crypto.c
+index d9f7753a..c1aac409 100644
+--- a/src/pki_crypto.c
++++ b/src/pki_crypto.c
+@@ -451,7 +451,7 @@ int pki_key_generate_rsa(ssh_key key, int parameter){
+ 
+ int pki_key_generate_dss(ssh_key key, int parameter){
+     int rc;
+-#if OPENSSL_VERSION_NUMBER > 0x10100000L
++#if OPENSSL_VERSION_NUMBER > 0x00908000L
+     key->dsa = DSA_new();
+     if (key->dsa == NULL) {
+         return SSH_ERROR;
+-- 
+2.19.1
+