Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/app-arch/dump/files
diff options
context:
space:
mode:
Diffstat (limited to 'app-arch/dump/files')
-rw-r--r--app-arch/dump/files/dump-0.4.46-openssl11.patch91
1 files changed, 91 insertions, 0 deletions
diff --git a/app-arch/dump/files/dump-0.4.46-openssl11.patch b/app-arch/dump/files/dump-0.4.46-openssl11.patch
new file mode 100644
index 000000000000..db18e8190f5c
--- /dev/null
+++ b/app-arch/dump/files/dump-0.4.46-openssl11.patch
@@ -0,0 +1,91 @@
+Index: dump-0.4b46/common/transformation_ssl.c
+===================================================================
+--- dump-0.4b46.orig/common/transformation_ssl.c
++++ dump-0.4b46/common/transformation_ssl.c
+@@ -215,7 +215,10 @@ generateIV(Transformation *xform, unsign
+ /* to be exposed to any attacker anyway. */
+ *saltlen = 16;
+ if (xform->enc == 1) {
+- RAND_pseudo_bytes(salt, *saltlen);
++ if (!RAND_bytes(salt, *saltlen) != 1) {
++ /* PRNG not sufficiently seeded */
++ return -1;
++ }
+ }
+ memcpy(ivbuffer, salt, 16);
+
+@@ -274,7 +277,7 @@ ssl_compress(Transformation *xform, stru
+ digestlen = sizeof(digest);
+
+ /* generate salt, put it in header */
+- generateIV(xform, salt, &saltlen, iv, &ivlen);
++ generateIV(xform, salt, &saltlen, iv, &ivlen); /* TODO: check return value */
+ memcpy(tpbin->buf, salt, saltlen);
+
+ /* compress the buffer first - increase the entropy */
+@@ -351,7 +354,7 @@ ssl_decompress(Transformation *xform, st
+
+ // how to know salt length?
+ memcpy(salt, src, saltlen);
+- generateIV(xform, salt, &saltlen, iv, &ivlen);
++ generateIV(xform, salt, &saltlen, iv, &ivlen); /* TODO: check return value */
+
+ EVP_DecryptInit_ex(xform->state.ssl.dataCtx, xform->state.ssl.cipher, xform->state.ssl.engine, NULL, NULL);
+ //EVP_CIPHER_CTX_set_key_length(&ctx, 8);
+@@ -515,7 +518,7 @@ Transformation
+ //EVP_CIPHER_CTX_rand_key(ctx, t->state.ssl.key);
+ //EVP_CIPHER_CTX_cleanup(ctx);
+ //EVP_CIPHER_CTX_free(ctx);
+- RAND_bytes(t->state.ssl.key, t->state.ssl.cipher->key_len);
++ RAND_bytes(t->state.ssl.key, EVP_CIPHER_key_length(t->state.ssl.cipher));
+ } else {
+ // how do we get keys?
+ }
+Index: dump-0.4b46/rmt/cipher.c
+===================================================================
+--- dump-0.4b46.orig/rmt/cipher.c
++++ dump-0.4b46/rmt/cipher.c
+@@ -23,7 +23,7 @@
+ char *
+ cipher(char *buf, int buflen, int do_encrypt)
+ {
+- static EVP_CIPHER_CTX ctx;
++ EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
+ static char *out = NULL; /* return value, grown as necessary */
+ static int outlen = 0;
+ static int init = 0, which, blocksize;
+@@ -71,13 +71,13 @@ cipher(char *buf, int buflen, int do_enc
+ }
+ EVP_BytesToKey(cipher, EVP_md5(), NULL,
+ buf, strlen(buf), 1, key, iv);
+- EVP_CIPHER_CTX_init(&ctx);
+- EVP_CipherInit_ex(&ctx, cipher, NULL, key, iv, do_encrypt);
+- EVP_CIPHER_CTX_set_padding(&ctx, 0); // -nopad
++ EVP_CIPHER_CTX_init(ctx);
++ EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, do_encrypt);
++ EVP_CIPHER_CTX_set_padding(ctx, 0); // -nopad
+ OPENSSL_cleanse(buf, sizeof buf);
+ OPENSSL_cleanse(key, sizeof key);
+ OPENSSL_cleanse(iv, sizeof iv);
+- blocksize = EVP_CIPHER_CTX_block_size(&ctx);
++ blocksize = EVP_CIPHER_CTX_block_size(ctx);
+ which = do_encrypt;
+ init = 1;
+ }
+@@ -95,7 +95,7 @@ cipher(char *buf, int buflen, int do_enc
+ outlen = (buflen+blocksize) * 2;
+ out = realloc(out, outlen);
+ }
+- if (!EVP_CipherUpdate(&ctx, out, &n, buf, buflen)) {
++ if (!EVP_CipherUpdate(ctx, out, &n, buf, buflen)) {
+ syslog(LOG_ERR, "EVP_CipherUpdate failed");
+ errno = EINVAL;
+ return NULL;
+@@ -106,6 +106,7 @@ cipher(char *buf, int buflen, int do_enc
+ return NULL;
+ }
+ // assert(ctx->buf_len == 0);
++ EVP_CIPHER_CTX_free(ctx);
+ return out;
+ }
+