[libssh2] Don't try to use openssl's AES-CTR functions

Paul Howarth pghmcfc at fedoraproject.org
Sun Mar 18 14:54:35 UTC 2012 

commit 1d6da849c359c48dda5b70b7c518d59ddc4f7de0
Author: Paul Howarth <paul at city-fan.org>
Date:   Sun Mar 18 14:53:07 2012 +0000

    Don't try to use openssl's AES-CTR functions
    
    The code supporting openssl's AES-CTR functions does not currently work:
    (http://www.libssh2.org/mail/libssh2-devel-archive-2012-03/0111.shtml)

 libssh2-1.4.0-f4f229.patch |   60 ++++++++++++++++++++++++++++++++++++++++++++
 libssh2.spec               |   10 ++++++-
 2 files changed, 69 insertions(+), 1 deletions(-)
---
diff --git a/libssh2-1.4.0-f4f229.patch b/libssh2-1.4.0-f4f229.patch
new file mode 100644
index 0000000..d413f3f
--- /dev/null
+++ b/libssh2-1.4.0-f4f229.patch
@@ -0,0 +1,60 @@
+From f4f2298ef3635acd031cc2ee0e71026cdcda5864 Mon Sep 17 00:00:00 2001
+From: Paul Howarth <paul at city-fan.org>
+Date: Sun, 18 Mar 2012 12:07:27 +0000
+Subject: [PATCH] aes: the init function fails when OpenSSL has AES support
+
+The internal init function only worked fine when the configure script
+didn't detect the OpenSSL AES_CTR function!
+
+Bug: http://www.libssh2.org/mail/libssh2-devel-archive-2012-03/0111.shtml
+Reported by: Paul Howarth
+---
+ src/openssl.c |    4 +++-
+ src/openssl.h |    6 ------
+ 2 files changed, 3 insertions(+), 7 deletions(-)
+
+diff --git a/src/openssl.c b/src/openssl.c
+index 40818c0..481982c 100644
+--- a/src/openssl.c
++++ b/src/openssl.c
+@@ -201,7 +201,7 @@ _libssh2_cipher_crypt(_libssh2_cipher_ctx * ctx,
+     return ret == 1 ? 0 : 1;
+ }
+ 
+-#if LIBSSH2_AES_CTR && !defined(HAVE_EVP_AES_128_CTR)
++#if LIBSSH2_AES_CTR
+ 
+ #include <openssl/aes.h>
+ #include <openssl/evp.h>
+@@ -362,6 +362,8 @@ void _libssh2_init_aes_ctr(void)
+     _libssh2_EVP_aes_256_ctr();
+ }
+ 
++#else
++void _libssh2_init_aes_ctr(void) {}
+ #endif /* LIBSSH2_AES_CTR */
+ 
+ /* TODO: Optionally call a passphrase callback specified by the
+diff --git a/src/openssl.h b/src/openssl.h
+index a196184..6d2aeed 100644
+--- a/src/openssl.h
++++ b/src/openssl.h
+@@ -148,15 +148,9 @@ void libssh2_md5(const unsigned char *message, unsigned long len, unsigned char
+ #define _libssh2_cipher_aes256 EVP_aes_256_cbc
+ #define _libssh2_cipher_aes192 EVP_aes_192_cbc
+ #define _libssh2_cipher_aes128 EVP_aes_128_cbc
+-#ifdef HAVE_EVP_AES_128_CTR
+-#define _libssh2_cipher_aes128ctr EVP_aes_128_ctr
+-#define _libssh2_cipher_aes192ctr EVP_aes_192_ctr
+-#define _libssh2_cipher_aes256ctr EVP_aes_256_ctr
+-#else
+ #define _libssh2_cipher_aes128ctr _libssh2_EVP_aes_128_ctr
+ #define _libssh2_cipher_aes192ctr _libssh2_EVP_aes_192_ctr
+ #define _libssh2_cipher_aes256ctr _libssh2_EVP_aes_256_ctr
+-#endif
+ #define _libssh2_cipher_blowfish EVP_bf_cbc
+ #define _libssh2_cipher_arcfour EVP_rc4
+ #define _libssh2_cipher_cast5 EVP_cast5_cbc
+-- 
+1.7.7.6
+
diff --git a/libssh2.spec b/libssh2.spec
index 7627806..85700bf 100644
--- a/libssh2.spec
+++ b/libssh2.spec
@@ -9,7 +9,7 @@
 
 Name:		libssh2
 Version:	1.4.0
-Release:	2%{?dist}
+Release:	3%{?dist}
 Summary:	A library implementing the SSH2 protocol
 Group:		System Environment/Libraries
 License:	BSD
@@ -18,6 +18,7 @@ Source0:	http://libssh2.org/download/libssh2-%{version}.tar.gz
 Patch0:		libssh2-1.2.9-utf8.patch
 Patch1:		libssh2-1.4.0-c4a0e0.patch
 Patch2:		libssh2-1.4.0-cc4f9d.patch
+Patch3:		libssh2-1.4.0-f4f229.patch
 BuildRoot:	%{_tmppath}/%{name}-%{version}-%{release}-root-%(id -nu)
 BuildRequires:	openssl-devel
 BuildRequires:	zlib-devel
@@ -74,6 +75,9 @@ developing applications that use libssh2.
 # (upstream patch, #804156)
 %patch2 -p1
 
+# Don't try to use openssl's AES-CTR functions (upstream patch)
+%patch3 -p1
+
 # Make sshd transition appropriately if building in an SELinux environment
 chcon $(/usr/sbin/matchpathcon -n /etc/rc.d/init.d/sshd) tests/ssh2.sh || :
 chcon -R $(/usr/sbin/matchpathcon -n /etc) tests/etc || :
@@ -135,6 +139,10 @@ rm -rf %{buildroot}
 %{_libdir}/pkgconfig/libssh2.pc
 
 %changelog
+* Sun Mar 18 2012 Paul Howarth <paul at city-fan.org> 1.4.0-3
+- Don't try to use openssl's AES-CTR functions
+  (http://www.libssh2.org/mail/libssh2-devel-archive-2012-03/0111.shtml)
+
 * Fri Mar 16 2012 Paul Howarth <paul at city-fan.org> 1.4.0-2
 - fix libssh2 failing key re-exchange when write channel is saturated (#804156)
 - drop %%defattr, redundant since rpm 4.4

More information about the scm-commits mailing list