From: Jo-Philipp Wich Date: Thu, 1 Dec 2016 14:27:07 +0000 (+0100) Subject: tools: cmake: import another upstream commit for OpenSSL backwards compatibility X-Git-Url: http://git.cdn.openwrt.org/?a=commitdiff_plain;h=83697ec389ceaae3e93413c9309e93e816f5c6c6;p=openwrt%2Fstaging%2Fblogic.git tools: cmake: import another upstream commit for OpenSSL backwards compatibility Signed-off-by: Jo-Philipp Wich --- diff --git a/tools/cmake/patches/130-upstream-libarchive-openssl-compat-headers.patch b/tools/cmake/patches/130-upstream-libarchive-openssl-compat-headers.patch new file mode 100644 index 000000000000..fba874584350 --- /dev/null +++ b/tools/cmake/patches/130-upstream-libarchive-openssl-compat-headers.patch @@ -0,0 +1,190 @@ +From 7d433206cf7de8f28aa2d169ed25cd401fcfc413 Mon Sep 17 00:00:00 2001 +From: Brad King +Date: Thu, 17 Nov 2016 15:26:41 -0500 +Subject: [PATCH] libarchive: Add headers to adapt between OpenSSL 1.1 and older versions + +Add private forwarding headers for `openssl/{evp,hmac}.h` to give us a +central place to add adaptation code to work across multiple +incompatible OpenSSL versions. Provide compatibility implementations of +some OpenSSL 1.1 APIs when using older OpenSSL versions. +--- + Utilities/cmlibarchive/libarchive/CMakeLists.txt | 2 ++ + Utilities/cmlibarchive/libarchive/archive_cryptor_private.h | 2 +- + Utilities/cmlibarchive/libarchive/archive_digest_private.h | 2 +- + Utilities/cmlibarchive/libarchive/archive_hmac_private.h | 2 +- + Utilities/cmlibarchive/libarchive/archive_openssl_evp_private.h | 51 +++++++++++++++++++++++++++++++++++++++++++++++++++ + Utilities/cmlibarchive/libarchive/archive_openssl_hmac_private.h | 52 ++++++++++++++++++++++++++++++++++++++++++++++++++++ + 6 files changed, 108 insertions(+), 3 deletions(-) + create mode 100644 Utilities/cmlibarchive/libarchive/archive_openssl_evp_private.h + create mode 100644 Utilities/cmlibarchive/libarchive/archive_openssl_hmac_private.h + +diff --git a/Utilities/cmlibarchive/libarchive/CMakeLists.txt b/Utilities/cmlibarchive/libarchive/CMakeLists.txt +index 4eeb5e3..eaa7b20 100644 +--- a/Utilities/cmlibarchive/libarchive/CMakeLists.txt ++++ b/Utilities/cmlibarchive/libarchive/CMakeLists.txt +@@ -38,6 +38,8 @@ SET(libarchive_SOURCES + archive_hmac.c + archive_hmac_private.h + archive_match.c ++ archive_openssl_evp_private.h ++ archive_openssl_hmac_private.h + archive_options.c + archive_options_private.h + archive_pack_dev.h +diff --git a/Utilities/cmlibarchive/libarchive/archive_cryptor_private.h b/Utilities/cmlibarchive/libarchive/archive_cryptor_private.h +index 37eaad3..1c1a8c0 100644 +--- a/Utilities/cmlibarchive/libarchive/archive_cryptor_private.h ++++ b/Utilities/cmlibarchive/libarchive/archive_cryptor_private.h +@@ -99,7 +99,7 @@ typedef struct { + } archive_crypto_ctx; + + #elif defined(HAVE_LIBCRYPTO) +-#include ++#include "archive_openssl_evp_private.h" + #define AES_BLOCK_SIZE 16 + #define AES_MAX_KEY_SIZE 32 + +diff --git a/Utilities/cmlibarchive/libarchive/archive_digest_private.h b/Utilities/cmlibarchive/libarchive/archive_digest_private.h +index 77fad58..00697ae 100644 +--- a/Utilities/cmlibarchive/libarchive/archive_digest_private.h ++++ b/Utilities/cmlibarchive/libarchive/archive_digest_private.h +@@ -134,7 +134,7 @@ + defined(ARCHIVE_CRYPTO_SHA384_OPENSSL) ||\ + defined(ARCHIVE_CRYPTO_SHA512_OPENSSL) + #define ARCHIVE_CRYPTO_OPENSSL 1 +-#include ++#include "archive_openssl_evp_private.h" + #endif + + /* Windows crypto headers */ +diff --git a/Utilities/cmlibarchive/libarchive/archive_hmac_private.h b/Utilities/cmlibarchive/libarchive/archive_hmac_private.h +index 64de743..f36d694 100644 +--- a/Utilities/cmlibarchive/libarchive/archive_hmac_private.h ++++ b/Utilities/cmlibarchive/libarchive/archive_hmac_private.h +@@ -70,7 +70,7 @@ typedef struct { + typedef struct hmac_sha1_ctx archive_hmac_sha1_ctx; + + #elif defined(HAVE_LIBCRYPTO) +-#include ++#include "archive_openssl_hmac_private.h" + + typedef HMAC_CTX archive_hmac_sha1_ctx; + +diff --git a/Utilities/cmlibarchive/libarchive/archive_openssl_evp_private.h b/Utilities/cmlibarchive/libarchive/archive_openssl_evp_private.h +new file mode 100644 +index 0000000..0e97e27 +--- /dev/null ++++ b/Utilities/cmlibarchive/libarchive/archive_openssl_evp_private.h +@@ -0,0 +1,51 @@ ++/*- ++ * Copyright (c) 2003-2007 Tim Kientzle ++ * All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR ++ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES ++ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. ++ * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT, ++ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, ++ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY ++ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT ++ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF ++ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ++ */ ++#ifndef ARCHIVE_OPENSSL_EVP_PRIVATE_H_INCLUDED ++#define ARCHIVE_OPENSSL_EVP_PRIVATE_H_INCLUDED ++ ++#include ++#include ++ ++#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#include /* malloc, free */ ++#include /* memset */ ++static inline EVP_MD_CTX *EVP_MD_CTX_new(void) ++{ ++ EVP_MD_CTX *ctx = (EVP_MD_CTX *)malloc(sizeof(EVP_MD_CTX)); ++ if (ctx != NULL) { ++ memset(ctx, 0, sizeof(*ctx)); ++ } ++ return ctx; ++} ++ ++static inline void EVP_MD_CTX_free(EVP_MD_CTX *ctx) ++{ ++ EVP_MD_CTX_cleanup(ctx); ++ memset(ctx, 0, sizeof(*ctx)); ++ free(ctx); ++} ++#endif ++ ++#endif +diff --git a/Utilities/cmlibarchive/libarchive/archive_openssl_hmac_private.h b/Utilities/cmlibarchive/libarchive/archive_openssl_hmac_private.h +new file mode 100644 +index 0000000..d4ae0d1 +--- /dev/null ++++ b/Utilities/cmlibarchive/libarchive/archive_openssl_hmac_private.h +@@ -0,0 +1,52 @@ ++/*- ++ * Copyright (c) 2003-2007 Tim Kientzle ++ * All rights reserved. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) ``AS IS'' AND ANY EXPRESS OR ++ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES ++ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. ++ * IN NO EVENT SHALL THE AUTHOR(S) BE LIABLE FOR ANY DIRECT, INDIRECT, ++ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, ++ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY ++ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT ++ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF ++ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ++ */ ++#ifndef ARCHIVE_OPENSSL_HMAC_PRIVATE_H_INCLUDED ++#define ARCHIVE_OPENSSL_HMAC_PRIVATE_H_INCLUDED ++ ++#include ++#include ++ ++#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#include /* malloc, free */ ++#include /* memset */ ++static inline HMAC_CTX *HMAC_CTX_new(void) ++{ ++ HMAC_CTX *ctx = (HMAC_CTX *)malloc(sizeof(HMAC_CTX)); ++ if (ctx != NULL) { ++ memset(ctx, 0, sizeof(*ctx)); ++ HMAC_CTX_init(ctx); ++ } ++ return ctx; ++} ++ ++static inline void HMAC_CTX_free(HMAC_CTX *ctx) ++{ ++ HMAC_CTX_cleanup(ctx); ++ memset(ctx, 0, sizeof(*ctx)); ++ free(ctx); ++} ++#endif ++ ++#endif +-- +libgit2 0.24.0 + diff --git a/tools/cmake/patches/130-upstrem-openssl-1.1-compat.patch b/tools/cmake/patches/130-upstrem-openssl-1.1-compat.patch deleted file mode 100644 index 0ef17a250e68..000000000000 --- a/tools/cmake/patches/130-upstrem-openssl-1.1-compat.patch +++ /dev/null @@ -1,379 +0,0 @@ -From 6f23daea4391c2db8bc27d2e4cb42eac02368822 Mon Sep 17 00:00:00 2001 -From: Brad King -Date: Thu, 17 Nov 2016 15:44:44 -0500 -Subject: [PATCH] libarchive: Add support for building with OpenSSL 1.1 - -OpenSSL 1.1 made some CTX structures opaque. Port our code to use the -structures only through pointers via OpenSSL 1.1 APIs. Use our adaption -layer to make this work with OpenSSL 1.0 and below. - -Patch-by: Tomas Mraz -Patch-from: https://bugzilla.redhat.com/1383744 ---- - Utilities/cmlibarchive/libarchive/archive_cryptor.c | 9 +++++---- - Utilities/cmlibarchive/libarchive/archive_cryptor_private.h | 2 +- - Utilities/cmlibarchive/libarchive/archive_digest.c | 74 ++++++++++++++++++++++++++++++++++++++++++++++++++++++-------------------- - Utilities/cmlibarchive/libarchive/archive_digest_private.h | 12 ++++++------ - Utilities/cmlibarchive/libarchive/archive_hmac.c | 14 ++++++++------ - Utilities/cmlibarchive/libarchive/archive_hmac_private.h | 2 +- - 6 files changed, 75 insertions(+), 38 deletions(-) - ---- a/Utilities/cmlibarchive/libarchive/archive_cryptor.c -+++ b/Utilities/cmlibarchive/libarchive/archive_cryptor.c -@@ -302,6 +302,7 @@ aes_ctr_release(archive_crypto_ctx *ctx) - static int - aes_ctr_init(archive_crypto_ctx *ctx, const uint8_t *key, size_t key_len) - { -+ ctx->ctx = EVP_CIPHER_CTX_new(); - - switch (key_len) { - case 16: ctx->type = EVP_aes_128_ecb(); break; -@@ -314,7 +315,7 @@ aes_ctr_init(archive_crypto_ctx *ctx, co - memcpy(ctx->key, key, key_len); - memset(ctx->nonce, 0, sizeof(ctx->nonce)); - ctx->encr_pos = AES_BLOCK_SIZE; -- EVP_CIPHER_CTX_init(&ctx->ctx); -+ EVP_CIPHER_CTX_init(ctx->ctx); - return 0; - } - -@@ -324,10 +325,10 @@ aes_ctr_encrypt_counter(archive_crypto_c - int outl = 0; - int r; - -- r = EVP_EncryptInit_ex(&ctx->ctx, ctx->type, NULL, ctx->key, NULL); -+ r = EVP_EncryptInit_ex(ctx->ctx, ctx->type, NULL, ctx->key, NULL); - if (r == 0) - return -1; -- r = EVP_EncryptUpdate(&ctx->ctx, ctx->encr_buf, &outl, ctx->nonce, -+ r = EVP_EncryptUpdate(ctx->ctx, ctx->encr_buf, &outl, ctx->nonce, - AES_BLOCK_SIZE); - if (r == 0 || outl != AES_BLOCK_SIZE) - return -1; -@@ -337,7 +338,7 @@ aes_ctr_encrypt_counter(archive_crypto_c - static int - aes_ctr_release(archive_crypto_ctx *ctx) - { -- EVP_CIPHER_CTX_cleanup(&ctx->ctx); -+ EVP_CIPHER_CTX_free(ctx->ctx); - memset(ctx->key, 0, ctx->key_len); - memset(ctx->nonce, 0, sizeof(ctx->nonce)); - return 0; ---- a/Utilities/cmlibarchive/libarchive/archive_cryptor_private.h -+++ b/Utilities/cmlibarchive/libarchive/archive_cryptor_private.h -@@ -104,7 +104,7 @@ typedef struct { - #define AES_MAX_KEY_SIZE 32 - - typedef struct { -- EVP_CIPHER_CTX ctx; -+ EVP_CIPHER_CTX *ctx; - const EVP_CIPHER *type; - uint8_t key[AES_MAX_KEY_SIZE]; - unsigned key_len; ---- a/Utilities/cmlibarchive/libarchive/archive_digest.c -+++ b/Utilities/cmlibarchive/libarchive/archive_digest.c -@@ -207,7 +207,9 @@ __archive_nettle_md5final(archive_md5_ct - static int - __archive_openssl_md5init(archive_md5_ctx *ctx) - { -- EVP_DigestInit(ctx, EVP_md5()); -+ if ((*ctx = EVP_MD_CTX_new()) == NULL) -+ return (ARCHIVE_FAILED); -+ EVP_DigestInit(*ctx, EVP_md5()); - return (ARCHIVE_OK); - } - -@@ -215,7 +217,7 @@ static int - __archive_openssl_md5update(archive_md5_ctx *ctx, const void *indata, - size_t insize) - { -- EVP_DigestUpdate(ctx, indata, insize); -+ EVP_DigestUpdate(*ctx, indata, insize); - return (ARCHIVE_OK); - } - -@@ -226,8 +228,11 @@ __archive_openssl_md5final(archive_md5_c - * this is meant to cope with that. Real fix is probably to fix - * archive_write_set_format_xar.c - */ -- if (ctx->digest) -- EVP_DigestFinal(ctx, md, NULL); -+ if (*ctx) { -+ EVP_DigestFinal(*ctx, md, NULL); -+ EVP_MD_CTX_free(*ctx); -+ *ctx = NULL; -+ } - return (ARCHIVE_OK); - } - -@@ -359,7 +364,9 @@ __archive_nettle_ripemd160final(archive_ - static int - __archive_openssl_ripemd160init(archive_rmd160_ctx *ctx) - { -- EVP_DigestInit(ctx, EVP_ripemd160()); -+ if ((*ctx = EVP_MD_CTX_new()) == NULL) -+ return (ARCHIVE_FAILED); -+ EVP_DigestInit(*ctx, EVP_ripemd160()); - return (ARCHIVE_OK); - } - -@@ -367,14 +374,18 @@ static int - __archive_openssl_ripemd160update(archive_rmd160_ctx *ctx, const void *indata, - size_t insize) - { -- EVP_DigestUpdate(ctx, indata, insize); -+ EVP_DigestUpdate(*ctx, indata, insize); - return (ARCHIVE_OK); - } - - static int - __archive_openssl_ripemd160final(archive_rmd160_ctx *ctx, void *md) - { -- EVP_DigestFinal(ctx, md, NULL); -+ if (*ctx) { -+ EVP_DigestFinal(*ctx, md, NULL); -+ EVP_MD_CTX_free(*ctx); -+ *ctx = NULL; -+ } - return (ARCHIVE_OK); - } - -@@ -509,7 +520,9 @@ __archive_nettle_sha1final(archive_sha1_ - static int - __archive_openssl_sha1init(archive_sha1_ctx *ctx) - { -- EVP_DigestInit(ctx, EVP_sha1()); -+ if ((*ctx = EVP_MD_CTX_new()) == NULL) -+ return (ARCHIVE_FAILED); -+ EVP_DigestInit(*ctx, EVP_sha1()); - return (ARCHIVE_OK); - } - -@@ -517,7 +530,7 @@ static int - __archive_openssl_sha1update(archive_sha1_ctx *ctx, const void *indata, - size_t insize) - { -- EVP_DigestUpdate(ctx, indata, insize); -+ EVP_DigestUpdate(*ctx, indata, insize); - return (ARCHIVE_OK); - } - -@@ -528,8 +541,11 @@ __archive_openssl_sha1final(archive_sha1 - * this is meant to cope with that. Real fix is probably to fix - * archive_write_set_format_xar.c - */ -- if (ctx->digest) -- EVP_DigestFinal(ctx, md, NULL); -+ if (*ctx) { -+ EVP_DigestFinal(*ctx, md, NULL); -+ EVP_MD_CTX_free(*ctx); -+ *ctx = NULL; -+ } - return (ARCHIVE_OK); - } - -@@ -733,7 +749,9 @@ __archive_nettle_sha256final(archive_sha - static int - __archive_openssl_sha256init(archive_sha256_ctx *ctx) - { -- EVP_DigestInit(ctx, EVP_sha256()); -+ if ((*ctx = EVP_MD_CTX_new()) == NULL) -+ return (ARCHIVE_FAILED); -+ EVP_DigestInit(*ctx, EVP_sha256()); - return (ARCHIVE_OK); - } - -@@ -741,14 +759,18 @@ static int - __archive_openssl_sha256update(archive_sha256_ctx *ctx, const void *indata, - size_t insize) - { -- EVP_DigestUpdate(ctx, indata, insize); -+ EVP_DigestUpdate(*ctx, indata, insize); - return (ARCHIVE_OK); - } - - static int - __archive_openssl_sha256final(archive_sha256_ctx *ctx, void *md) - { -- EVP_DigestFinal(ctx, md, NULL); -+ if (*ctx) { -+ EVP_DigestFinal(*ctx, md, NULL); -+ EVP_MD_CTX_free(*ctx); -+ *ctx = NULL; -+ } - return (ARCHIVE_OK); - } - -@@ -928,7 +950,9 @@ __archive_nettle_sha384final(archive_sha - static int - __archive_openssl_sha384init(archive_sha384_ctx *ctx) - { -- EVP_DigestInit(ctx, EVP_sha384()); -+ if ((*ctx = EVP_MD_CTX_new()) == NULL) -+ return (ARCHIVE_FAILED); -+ EVP_DigestInit(*ctx, EVP_sha384()); - return (ARCHIVE_OK); - } - -@@ -936,14 +960,18 @@ static int - __archive_openssl_sha384update(archive_sha384_ctx *ctx, const void *indata, - size_t insize) - { -- EVP_DigestUpdate(ctx, indata, insize); -+ EVP_DigestUpdate(*ctx, indata, insize); - return (ARCHIVE_OK); - } - - static int - __archive_openssl_sha384final(archive_sha384_ctx *ctx, void *md) - { -- EVP_DigestFinal(ctx, md, NULL); -+ if (*ctx) { -+ EVP_DigestFinal(*ctx, md, NULL); -+ EVP_MD_CTX_free(*ctx); -+ *ctx = NULL; -+ } - return (ARCHIVE_OK); - } - -@@ -1147,7 +1175,9 @@ __archive_nettle_sha512final(archive_sha - static int - __archive_openssl_sha512init(archive_sha512_ctx *ctx) - { -- EVP_DigestInit(ctx, EVP_sha512()); -+ if ((*ctx = EVP_MD_CTX_new()) == NULL) -+ return (ARCHIVE_FAILED); -+ EVP_DigestInit(*ctx, EVP_sha512()); - return (ARCHIVE_OK); - } - -@@ -1155,14 +1185,18 @@ static int - __archive_openssl_sha512update(archive_sha512_ctx *ctx, const void *indata, - size_t insize) - { -- EVP_DigestUpdate(ctx, indata, insize); -+ EVP_DigestUpdate(*ctx, indata, insize); - return (ARCHIVE_OK); - } - - static int - __archive_openssl_sha512final(archive_sha512_ctx *ctx, void *md) - { -- EVP_DigestFinal(ctx, md, NULL); -+ if (*ctx) { -+ EVP_DigestFinal(*ctx, md, NULL); -+ EVP_MD_CTX_free(*ctx); -+ *ctx = NULL; -+ } - return (ARCHIVE_OK); - } - ---- a/Utilities/cmlibarchive/libarchive/archive_digest_private.h -+++ b/Utilities/cmlibarchive/libarchive/archive_digest_private.h -@@ -161,7 +161,7 @@ typedef CC_MD5_CTX archive_md5_ctx; - #elif defined(ARCHIVE_CRYPTO_MD5_NETTLE) - typedef struct md5_ctx archive_md5_ctx; - #elif defined(ARCHIVE_CRYPTO_MD5_OPENSSL) --typedef EVP_MD_CTX archive_md5_ctx; -+typedef EVP_MD_CTX *archive_md5_ctx; - #elif defined(ARCHIVE_CRYPTO_MD5_WIN) - typedef Digest_CTX archive_md5_ctx; - #else -@@ -175,7 +175,7 @@ typedef RIPEMD160_CTX archive_rmd160_ctx - #elif defined(ARCHIVE_CRYPTO_RMD160_NETTLE) - typedef struct ripemd160_ctx archive_rmd160_ctx; - #elif defined(ARCHIVE_CRYPTO_RMD160_OPENSSL) --typedef EVP_MD_CTX archive_rmd160_ctx; -+typedef EVP_MD_CTX *archive_rmd160_ctx; - #else - typedef unsigned char archive_rmd160_ctx; - #endif -@@ -189,7 +189,7 @@ typedef CC_SHA1_CTX archive_sha1_ctx; - #elif defined(ARCHIVE_CRYPTO_SHA1_NETTLE) - typedef struct sha1_ctx archive_sha1_ctx; - #elif defined(ARCHIVE_CRYPTO_SHA1_OPENSSL) --typedef EVP_MD_CTX archive_sha1_ctx; -+typedef EVP_MD_CTX *archive_sha1_ctx; - #elif defined(ARCHIVE_CRYPTO_SHA1_WIN) - typedef Digest_CTX archive_sha1_ctx; - #else -@@ -209,7 +209,7 @@ typedef CC_SHA256_CTX archive_sha256_ctx - #elif defined(ARCHIVE_CRYPTO_SHA256_NETTLE) - typedef struct sha256_ctx archive_sha256_ctx; - #elif defined(ARCHIVE_CRYPTO_SHA256_OPENSSL) --typedef EVP_MD_CTX archive_sha256_ctx; -+typedef EVP_MD_CTX *archive_sha256_ctx; - #elif defined(ARCHIVE_CRYPTO_SHA256_WIN) - typedef Digest_CTX archive_sha256_ctx; - #else -@@ -227,7 +227,7 @@ typedef CC_SHA512_CTX archive_sha384_ctx - #elif defined(ARCHIVE_CRYPTO_SHA384_NETTLE) - typedef struct sha384_ctx archive_sha384_ctx; - #elif defined(ARCHIVE_CRYPTO_SHA384_OPENSSL) --typedef EVP_MD_CTX archive_sha384_ctx; -+typedef EVP_MD_CTX *archive_sha384_ctx; - #elif defined(ARCHIVE_CRYPTO_SHA384_WIN) - typedef Digest_CTX archive_sha384_ctx; - #else -@@ -247,7 +247,7 @@ typedef CC_SHA512_CTX archive_sha512_ctx - #elif defined(ARCHIVE_CRYPTO_SHA512_NETTLE) - typedef struct sha512_ctx archive_sha512_ctx; - #elif defined(ARCHIVE_CRYPTO_SHA512_OPENSSL) --typedef EVP_MD_CTX archive_sha512_ctx; -+typedef EVP_MD_CTX *archive_sha512_ctx; - #elif defined(ARCHIVE_CRYPTO_SHA512_WIN) - typedef Digest_CTX archive_sha512_ctx; - #else ---- a/Utilities/cmlibarchive/libarchive/archive_hmac.c -+++ b/Utilities/cmlibarchive/libarchive/archive_hmac.c -@@ -176,8 +176,10 @@ __hmac_sha1_cleanup(archive_hmac_sha1_ct - static int - __hmac_sha1_init(archive_hmac_sha1_ctx *ctx, const uint8_t *key, size_t key_len) - { -- HMAC_CTX_init(ctx); -- HMAC_Init(ctx, key, key_len, EVP_sha1()); -+ *ctx = HMAC_CTX_new(); -+ if (*ctx == NULL) -+ return -1; -+ HMAC_Init_ex(*ctx, key, key_len, EVP_sha1(), NULL); - return 0; - } - -@@ -185,22 +187,22 @@ static void - __hmac_sha1_update(archive_hmac_sha1_ctx *ctx, const uint8_t *data, - size_t data_len) - { -- HMAC_Update(ctx, data, data_len); -+ HMAC_Update(*ctx, data, data_len); - } - - static void - __hmac_sha1_final(archive_hmac_sha1_ctx *ctx, uint8_t *out, size_t *out_len) - { - unsigned int len = (unsigned int)*out_len; -- HMAC_Final(ctx, out, &len); -+ HMAC_Final(*ctx, out, &len); - *out_len = len; - } - - static void - __hmac_sha1_cleanup(archive_hmac_sha1_ctx *ctx) - { -- HMAC_CTX_cleanup(ctx); -- memset(ctx, 0, sizeof(*ctx)); -+ HMAC_CTX_free(*ctx); -+ *ctx = NULL; - } - - #else ---- a/Utilities/cmlibarchive/libarchive/archive_hmac_private.h -+++ b/Utilities/cmlibarchive/libarchive/archive_hmac_private.h -@@ -72,7 +72,7 @@ typedef struct hmac_sha1_ctx archive_hma - #elif defined(HAVE_LIBCRYPTO) - #include - --typedef HMAC_CTX archive_hmac_sha1_ctx; -+typedef HMAC_CTX* archive_hmac_sha1_ctx; - - #else - diff --git a/tools/cmake/patches/140-upstream-libarchive-openssl-1.1.x-support.patch b/tools/cmake/patches/140-upstream-libarchive-openssl-1.1.x-support.patch new file mode 100644 index 000000000000..de0490248bb7 --- /dev/null +++ b/tools/cmake/patches/140-upstream-libarchive-openssl-1.1.x-support.patch @@ -0,0 +1,379 @@ +From 6f23daea4391c2db8bc27d2e4cb42eac02368822 Mon Sep 17 00:00:00 2001 +From: Brad King +Date: Thu, 17 Nov 2016 15:44:44 -0500 +Subject: [PATCH] libarchive: Add support for building with OpenSSL 1.1 + +OpenSSL 1.1 made some CTX structures opaque. Port our code to use the +structures only through pointers via OpenSSL 1.1 APIs. Use our adaption +layer to make this work with OpenSSL 1.0 and below. + +Patch-by: Tomas Mraz +Patch-from: https://bugzilla.redhat.com/1383744 +--- + Utilities/cmlibarchive/libarchive/archive_cryptor.c | 9 +++++---- + Utilities/cmlibarchive/libarchive/archive_cryptor_private.h | 2 +- + Utilities/cmlibarchive/libarchive/archive_digest.c | 74 ++++++++++++++++++++++++++++++++++++++++++++++++++++++-------------------- + Utilities/cmlibarchive/libarchive/archive_digest_private.h | 12 ++++++------ + Utilities/cmlibarchive/libarchive/archive_hmac.c | 14 ++++++++------ + Utilities/cmlibarchive/libarchive/archive_hmac_private.h | 2 +- + 6 files changed, 75 insertions(+), 38 deletions(-) + +--- a/Utilities/cmlibarchive/libarchive/archive_cryptor.c ++++ b/Utilities/cmlibarchive/libarchive/archive_cryptor.c +@@ -302,6 +302,7 @@ aes_ctr_release(archive_crypto_ctx *ctx) + static int + aes_ctr_init(archive_crypto_ctx *ctx, const uint8_t *key, size_t key_len) + { ++ ctx->ctx = EVP_CIPHER_CTX_new(); + + switch (key_len) { + case 16: ctx->type = EVP_aes_128_ecb(); break; +@@ -314,7 +315,7 @@ aes_ctr_init(archive_crypto_ctx *ctx, co + memcpy(ctx->key, key, key_len); + memset(ctx->nonce, 0, sizeof(ctx->nonce)); + ctx->encr_pos = AES_BLOCK_SIZE; +- EVP_CIPHER_CTX_init(&ctx->ctx); ++ EVP_CIPHER_CTX_init(ctx->ctx); + return 0; + } + +@@ -324,10 +325,10 @@ aes_ctr_encrypt_counter(archive_crypto_c + int outl = 0; + int r; + +- r = EVP_EncryptInit_ex(&ctx->ctx, ctx->type, NULL, ctx->key, NULL); ++ r = EVP_EncryptInit_ex(ctx->ctx, ctx->type, NULL, ctx->key, NULL); + if (r == 0) + return -1; +- r = EVP_EncryptUpdate(&ctx->ctx, ctx->encr_buf, &outl, ctx->nonce, ++ r = EVP_EncryptUpdate(ctx->ctx, ctx->encr_buf, &outl, ctx->nonce, + AES_BLOCK_SIZE); + if (r == 0 || outl != AES_BLOCK_SIZE) + return -1; +@@ -337,7 +338,7 @@ aes_ctr_encrypt_counter(archive_crypto_c + static int + aes_ctr_release(archive_crypto_ctx *ctx) + { +- EVP_CIPHER_CTX_cleanup(&ctx->ctx); ++ EVP_CIPHER_CTX_free(ctx->ctx); + memset(ctx->key, 0, ctx->key_len); + memset(ctx->nonce, 0, sizeof(ctx->nonce)); + return 0; +--- a/Utilities/cmlibarchive/libarchive/archive_cryptor_private.h ++++ b/Utilities/cmlibarchive/libarchive/archive_cryptor_private.h +@@ -104,7 +104,7 @@ typedef struct { + #define AES_MAX_KEY_SIZE 32 + + typedef struct { +- EVP_CIPHER_CTX ctx; ++ EVP_CIPHER_CTX *ctx; + const EVP_CIPHER *type; + uint8_t key[AES_MAX_KEY_SIZE]; + unsigned key_len; +--- a/Utilities/cmlibarchive/libarchive/archive_digest.c ++++ b/Utilities/cmlibarchive/libarchive/archive_digest.c +@@ -207,7 +207,9 @@ __archive_nettle_md5final(archive_md5_ct + static int + __archive_openssl_md5init(archive_md5_ctx *ctx) + { +- EVP_DigestInit(ctx, EVP_md5()); ++ if ((*ctx = EVP_MD_CTX_new()) == NULL) ++ return (ARCHIVE_FAILED); ++ EVP_DigestInit(*ctx, EVP_md5()); + return (ARCHIVE_OK); + } + +@@ -215,7 +217,7 @@ static int + __archive_openssl_md5update(archive_md5_ctx *ctx, const void *indata, + size_t insize) + { +- EVP_DigestUpdate(ctx, indata, insize); ++ EVP_DigestUpdate(*ctx, indata, insize); + return (ARCHIVE_OK); + } + +@@ -226,8 +228,11 @@ __archive_openssl_md5final(archive_md5_c + * this is meant to cope with that. Real fix is probably to fix + * archive_write_set_format_xar.c + */ +- if (ctx->digest) +- EVP_DigestFinal(ctx, md, NULL); ++ if (*ctx) { ++ EVP_DigestFinal(*ctx, md, NULL); ++ EVP_MD_CTX_free(*ctx); ++ *ctx = NULL; ++ } + return (ARCHIVE_OK); + } + +@@ -359,7 +364,9 @@ __archive_nettle_ripemd160final(archive_ + static int + __archive_openssl_ripemd160init(archive_rmd160_ctx *ctx) + { +- EVP_DigestInit(ctx, EVP_ripemd160()); ++ if ((*ctx = EVP_MD_CTX_new()) == NULL) ++ return (ARCHIVE_FAILED); ++ EVP_DigestInit(*ctx, EVP_ripemd160()); + return (ARCHIVE_OK); + } + +@@ -367,14 +374,18 @@ static int + __archive_openssl_ripemd160update(archive_rmd160_ctx *ctx, const void *indata, + size_t insize) + { +- EVP_DigestUpdate(ctx, indata, insize); ++ EVP_DigestUpdate(*ctx, indata, insize); + return (ARCHIVE_OK); + } + + static int + __archive_openssl_ripemd160final(archive_rmd160_ctx *ctx, void *md) + { +- EVP_DigestFinal(ctx, md, NULL); ++ if (*ctx) { ++ EVP_DigestFinal(*ctx, md, NULL); ++ EVP_MD_CTX_free(*ctx); ++ *ctx = NULL; ++ } + return (ARCHIVE_OK); + } + +@@ -509,7 +520,9 @@ __archive_nettle_sha1final(archive_sha1_ + static int + __archive_openssl_sha1init(archive_sha1_ctx *ctx) + { +- EVP_DigestInit(ctx, EVP_sha1()); ++ if ((*ctx = EVP_MD_CTX_new()) == NULL) ++ return (ARCHIVE_FAILED); ++ EVP_DigestInit(*ctx, EVP_sha1()); + return (ARCHIVE_OK); + } + +@@ -517,7 +530,7 @@ static int + __archive_openssl_sha1update(archive_sha1_ctx *ctx, const void *indata, + size_t insize) + { +- EVP_DigestUpdate(ctx, indata, insize); ++ EVP_DigestUpdate(*ctx, indata, insize); + return (ARCHIVE_OK); + } + +@@ -528,8 +541,11 @@ __archive_openssl_sha1final(archive_sha1 + * this is meant to cope with that. Real fix is probably to fix + * archive_write_set_format_xar.c + */ +- if (ctx->digest) +- EVP_DigestFinal(ctx, md, NULL); ++ if (*ctx) { ++ EVP_DigestFinal(*ctx, md, NULL); ++ EVP_MD_CTX_free(*ctx); ++ *ctx = NULL; ++ } + return (ARCHIVE_OK); + } + +@@ -733,7 +749,9 @@ __archive_nettle_sha256final(archive_sha + static int + __archive_openssl_sha256init(archive_sha256_ctx *ctx) + { +- EVP_DigestInit(ctx, EVP_sha256()); ++ if ((*ctx = EVP_MD_CTX_new()) == NULL) ++ return (ARCHIVE_FAILED); ++ EVP_DigestInit(*ctx, EVP_sha256()); + return (ARCHIVE_OK); + } + +@@ -741,14 +759,18 @@ static int + __archive_openssl_sha256update(archive_sha256_ctx *ctx, const void *indata, + size_t insize) + { +- EVP_DigestUpdate(ctx, indata, insize); ++ EVP_DigestUpdate(*ctx, indata, insize); + return (ARCHIVE_OK); + } + + static int + __archive_openssl_sha256final(archive_sha256_ctx *ctx, void *md) + { +- EVP_DigestFinal(ctx, md, NULL); ++ if (*ctx) { ++ EVP_DigestFinal(*ctx, md, NULL); ++ EVP_MD_CTX_free(*ctx); ++ *ctx = NULL; ++ } + return (ARCHIVE_OK); + } + +@@ -928,7 +950,9 @@ __archive_nettle_sha384final(archive_sha + static int + __archive_openssl_sha384init(archive_sha384_ctx *ctx) + { +- EVP_DigestInit(ctx, EVP_sha384()); ++ if ((*ctx = EVP_MD_CTX_new()) == NULL) ++ return (ARCHIVE_FAILED); ++ EVP_DigestInit(*ctx, EVP_sha384()); + return (ARCHIVE_OK); + } + +@@ -936,14 +960,18 @@ static int + __archive_openssl_sha384update(archive_sha384_ctx *ctx, const void *indata, + size_t insize) + { +- EVP_DigestUpdate(ctx, indata, insize); ++ EVP_DigestUpdate(*ctx, indata, insize); + return (ARCHIVE_OK); + } + + static int + __archive_openssl_sha384final(archive_sha384_ctx *ctx, void *md) + { +- EVP_DigestFinal(ctx, md, NULL); ++ if (*ctx) { ++ EVP_DigestFinal(*ctx, md, NULL); ++ EVP_MD_CTX_free(*ctx); ++ *ctx = NULL; ++ } + return (ARCHIVE_OK); + } + +@@ -1147,7 +1175,9 @@ __archive_nettle_sha512final(archive_sha + static int + __archive_openssl_sha512init(archive_sha512_ctx *ctx) + { +- EVP_DigestInit(ctx, EVP_sha512()); ++ if ((*ctx = EVP_MD_CTX_new()) == NULL) ++ return (ARCHIVE_FAILED); ++ EVP_DigestInit(*ctx, EVP_sha512()); + return (ARCHIVE_OK); + } + +@@ -1155,14 +1185,18 @@ static int + __archive_openssl_sha512update(archive_sha512_ctx *ctx, const void *indata, + size_t insize) + { +- EVP_DigestUpdate(ctx, indata, insize); ++ EVP_DigestUpdate(*ctx, indata, insize); + return (ARCHIVE_OK); + } + + static int + __archive_openssl_sha512final(archive_sha512_ctx *ctx, void *md) + { +- EVP_DigestFinal(ctx, md, NULL); ++ if (*ctx) { ++ EVP_DigestFinal(*ctx, md, NULL); ++ EVP_MD_CTX_free(*ctx); ++ *ctx = NULL; ++ } + return (ARCHIVE_OK); + } + +--- a/Utilities/cmlibarchive/libarchive/archive_digest_private.h ++++ b/Utilities/cmlibarchive/libarchive/archive_digest_private.h +@@ -161,7 +161,7 @@ typedef CC_MD5_CTX archive_md5_ctx; + #elif defined(ARCHIVE_CRYPTO_MD5_NETTLE) + typedef struct md5_ctx archive_md5_ctx; + #elif defined(ARCHIVE_CRYPTO_MD5_OPENSSL) +-typedef EVP_MD_CTX archive_md5_ctx; ++typedef EVP_MD_CTX *archive_md5_ctx; + #elif defined(ARCHIVE_CRYPTO_MD5_WIN) + typedef Digest_CTX archive_md5_ctx; + #else +@@ -175,7 +175,7 @@ typedef RIPEMD160_CTX archive_rmd160_ctx + #elif defined(ARCHIVE_CRYPTO_RMD160_NETTLE) + typedef struct ripemd160_ctx archive_rmd160_ctx; + #elif defined(ARCHIVE_CRYPTO_RMD160_OPENSSL) +-typedef EVP_MD_CTX archive_rmd160_ctx; ++typedef EVP_MD_CTX *archive_rmd160_ctx; + #else + typedef unsigned char archive_rmd160_ctx; + #endif +@@ -189,7 +189,7 @@ typedef CC_SHA1_CTX archive_sha1_ctx; + #elif defined(ARCHIVE_CRYPTO_SHA1_NETTLE) + typedef struct sha1_ctx archive_sha1_ctx; + #elif defined(ARCHIVE_CRYPTO_SHA1_OPENSSL) +-typedef EVP_MD_CTX archive_sha1_ctx; ++typedef EVP_MD_CTX *archive_sha1_ctx; + #elif defined(ARCHIVE_CRYPTO_SHA1_WIN) + typedef Digest_CTX archive_sha1_ctx; + #else +@@ -209,7 +209,7 @@ typedef CC_SHA256_CTX archive_sha256_ctx + #elif defined(ARCHIVE_CRYPTO_SHA256_NETTLE) + typedef struct sha256_ctx archive_sha256_ctx; + #elif defined(ARCHIVE_CRYPTO_SHA256_OPENSSL) +-typedef EVP_MD_CTX archive_sha256_ctx; ++typedef EVP_MD_CTX *archive_sha256_ctx; + #elif defined(ARCHIVE_CRYPTO_SHA256_WIN) + typedef Digest_CTX archive_sha256_ctx; + #else +@@ -227,7 +227,7 @@ typedef CC_SHA512_CTX archive_sha384_ctx + #elif defined(ARCHIVE_CRYPTO_SHA384_NETTLE) + typedef struct sha384_ctx archive_sha384_ctx; + #elif defined(ARCHIVE_CRYPTO_SHA384_OPENSSL) +-typedef EVP_MD_CTX archive_sha384_ctx; ++typedef EVP_MD_CTX *archive_sha384_ctx; + #elif defined(ARCHIVE_CRYPTO_SHA384_WIN) + typedef Digest_CTX archive_sha384_ctx; + #else +@@ -247,7 +247,7 @@ typedef CC_SHA512_CTX archive_sha512_ctx + #elif defined(ARCHIVE_CRYPTO_SHA512_NETTLE) + typedef struct sha512_ctx archive_sha512_ctx; + #elif defined(ARCHIVE_CRYPTO_SHA512_OPENSSL) +-typedef EVP_MD_CTX archive_sha512_ctx; ++typedef EVP_MD_CTX *archive_sha512_ctx; + #elif defined(ARCHIVE_CRYPTO_SHA512_WIN) + typedef Digest_CTX archive_sha512_ctx; + #else +--- a/Utilities/cmlibarchive/libarchive/archive_hmac.c ++++ b/Utilities/cmlibarchive/libarchive/archive_hmac.c +@@ -176,8 +176,10 @@ __hmac_sha1_cleanup(archive_hmac_sha1_ct + static int + __hmac_sha1_init(archive_hmac_sha1_ctx *ctx, const uint8_t *key, size_t key_len) + { +- HMAC_CTX_init(ctx); +- HMAC_Init(ctx, key, key_len, EVP_sha1()); ++ *ctx = HMAC_CTX_new(); ++ if (*ctx == NULL) ++ return -1; ++ HMAC_Init_ex(*ctx, key, key_len, EVP_sha1(), NULL); + return 0; + } + +@@ -185,22 +187,22 @@ static void + __hmac_sha1_update(archive_hmac_sha1_ctx *ctx, const uint8_t *data, + size_t data_len) + { +- HMAC_Update(ctx, data, data_len); ++ HMAC_Update(*ctx, data, data_len); + } + + static void + __hmac_sha1_final(archive_hmac_sha1_ctx *ctx, uint8_t *out, size_t *out_len) + { + unsigned int len = (unsigned int)*out_len; +- HMAC_Final(ctx, out, &len); ++ HMAC_Final(*ctx, out, &len); + *out_len = len; + } + + static void + __hmac_sha1_cleanup(archive_hmac_sha1_ctx *ctx) + { +- HMAC_CTX_cleanup(ctx); +- memset(ctx, 0, sizeof(*ctx)); ++ HMAC_CTX_free(*ctx); ++ *ctx = NULL; + } + + #else +--- a/Utilities/cmlibarchive/libarchive/archive_hmac_private.h ++++ b/Utilities/cmlibarchive/libarchive/archive_hmac_private.h +@@ -72,7 +72,7 @@ typedef struct hmac_sha1_ctx archive_hma + #elif defined(HAVE_LIBCRYPTO) + #include "archive_openssl_hmac_private.h" + +-typedef HMAC_CTX archive_hmac_sha1_ctx; ++typedef HMAC_CTX* archive_hmac_sha1_ctx; + + #else +