[Git][debian-proftpd-team/proftpd][master] [skip ci] Patches: Issue #1445 & Issue #1448.
Hilmar Preuße (@hilmar-guest)
gitlab at salsa.debian.org
Tue May 24 10:46:50 BST 2022
Hilmar Preuße pushed to branch master at Debian ProFTPD Team / proftpd
Commits:
63216d19 by Hilmar Preusse at 2022-05-24T11:46:25+02:00
[skip ci] Patches: Issue #1445 & Issue #1448.
- - - - -
4 changed files:
- debian/changelog
- + debian/patches/0d932cf9c39071d3c053b811e9ca5f6c9823fe6e.diff
- debian/patches/series
- + debian/patches/upstream_1450.diff
Changes:
=====================================
debian/changelog
=====================================
@@ -1,6 +1,9 @@
proftpd-dfsg (1.3.7d+dfsg-2) UNRELEASED; urgency=medium
* debian/copyright: use spaces rather than tabs to start continuation lines.
+ * Patch for Issue 1448 - Ensure that mod_sftp algorithms work properly with
+ OpenSSL 3.x.
+ * Backport of fix for Issue #1445 to the 1.3.7 branch.
-- Hilmar Preusse <hille42 at web.de> Wed, 11 May 2022 23:35:53 +0200
=====================================
debian/patches/0d932cf9c39071d3c053b811e9ca5f6c9823fe6e.diff
=====================================
@@ -0,0 +1,32 @@
+From 0d932cf9c39071d3c053b811e9ca5f6c9823fe6e Mon Sep 17 00:00:00 2001
+From: TJ Saunders <tj at castaglia.org>
+Date: Sat, 14 May 2022 05:45:30 -0700
+Subject: [PATCH] Backport of fix for Issue #1445 to the 1.3.7 branch.
+
+---
+ contrib/mod_ban.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/contrib/mod_ban.c b/contrib/mod_ban.c
+index 25f4625e32..3d3a088b1c 100644
+--- a/contrib/mod_ban.c
++++ b/contrib/mod_ban.c
+@@ -1,6 +1,6 @@
+ /*
+ * ProFTPD: mod_ban -- a module implementing ban lists using the Controls API
+- * Copyright (c) 2004-2020 TJ Saunders
++ * Copyright (c) 2004-2022 TJ Saunders
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+@@ -3163,8 +3163,8 @@ static void ban_anonrejectpasswords_ev(const void *event_data,
+
+ static void ban_badprotocol_ev(const void *event_data, void *user_data) {
+
+- /* For this event, event_data is the client. */
+- conn_t *c = (conn_t *) event_data;
++ /* For this event, event_data is the bad command in question. */
++ conn_t *c = session.c;
+ const char *ipstr;
+
+ /* user_data is a template of the ban event entry. */
=====================================
debian/patches/series
=====================================
@@ -24,3 +24,5 @@ spelling_error_in_contrib_mod_tls.c
#upstream_1346
#upstream_long_AuthGroupFile_lines
#bug_4467
+0d932cf9c39071d3c053b811e9ca5f6c9823fe6e.diff
+upstream_1450.diff
=====================================
debian/patches/upstream_1450.diff
=====================================
@@ -0,0 +1,557 @@
+From 8aa39b27d8fd6ada556b51c4547a504956474078 Mon Sep 17 00:00:00 2001
+From: TJ Saunders <tj at castaglia.org>
+Date: Mon, 9 May 2022 17:49:08 -0700
+Subject: [PATCH] Issue #1448: Backporting the mod_sftp/OpenSSL 3.x fixes to
+ the 1.3.7 branch.
+
+---
+ NEWS | 4 ++
+ RELEASE_NOTES | 6 ++
+ contrib/mod_sftp/cipher.c | 79 ++++++++++++++++++---
+ contrib/mod_sftp/configure | 123 +++++++++++++++++++++++++++++++++
+ contrib/mod_sftp/configure.in | 74 +++++++++++++++++++-
+ contrib/mod_sftp/crypto.c | 14 +++-
+ contrib/mod_sftp/keys.c | 4 +-
+ contrib/mod_sftp/mod_sftp.c | 20 +++++-
+ contrib/mod_sftp/mod_sftp.h.in | 14 +++-
+ 9 files changed, 324 insertions(+), 14 deletions(-)
+
+diff --git a/NEWS b/NEWS
+index 52d4b58c94..6cf27d97ff 100644
+--- a/NEWS
++++ b/NEWS
+@@ -15,6 +15,10 @@
+ where `N' is the issue number.
+ -----------------------------------------------------------------------------
+
++1.3.7e
++--------------------------------
++- Issue 1448 - Ensure that mod_sftp algorithms work properly with OpenSSL 3.x.
++
+ 1.3.7d - Released 23-Apr-2022
+ --------------------------------
+ - Issue 1321 - Crash with long lines in AuthGroupFile due to large realloc(3).
+diff --git a/RELEASE_NOTES b/RELEASE_NOTES
+index 7c274a01f6..ea583ca079 100644
+--- a/RELEASE_NOTES
++++ b/RELEASE_NOTES
+@@ -6,6 +6,12 @@ This file contains a description of the major changes to ProFTPD for the
+ releases. More information on these changes can be found in the NEWS and
+ ChangeLog files.
+
++1.3.7e
++---------
++
++ + Ensure that mod_sftp algorithms work properly when OpenSSL 3.x is used.
++
++
+ 1.3.7d
+ ---------
+
+diff --git a/contrib/mod_sftp/cipher.c b/contrib/mod_sftp/cipher.c
+index 77c79e0672..57d4c2f996 100644
+--- a/contrib/mod_sftp/cipher.c
++++ b/contrib/mod_sftp/cipher.c
+@@ -1,6 +1,6 @@
+ /*
+ * ProFTPD - mod_sftp ciphers
+- * Copyright (c) 2008-2020 TJ Saunders
++ * Copyright (c) 2008-2022 TJ Saunders
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+@@ -192,14 +192,40 @@ static int set_cipher_iv(struct sftp_cipher *cipher, const EVP_MD *hash,
+ }
+
+ ctx = EVP_MD_CTX_create();
+- EVP_DigestInit(ctx, hash);
++ if (EVP_DigestInit(ctx, hash) != 1) {
++ (void) pr_log_writefile(sftp_logfd, MOD_SFTP_VERSION,
++ "unable to initialize MD context for '%s': %s", EVP_MD_name(hash),
++ sftp_crypto_get_errors());
++ free(iv);
++ errno = EINVAL;
++ return -1;
++ }
++
+ if (sftp_interop_supports_feature(SFTP_SSH2_FEAT_CIPHER_USE_K)) {
+ EVP_DigestUpdate(ctx, k, klen);
+ }
+- EVP_DigestUpdate(ctx, h, hlen);
++
++ if (EVP_DigestUpdate(ctx, h, hlen) != 1) {
++ (void) pr_log_writefile(sftp_logfd, MOD_SFTP_VERSION,
++ "unable to update MD context for '%s': %s", EVP_MD_name(hash),
++ sftp_crypto_get_errors());
++ free(iv);
++ errno = EINVAL;
++ return -1;
++ }
++
+ EVP_DigestUpdate(ctx, letter, sizeof(char));
+ EVP_DigestUpdate(ctx, (char *) id, id_len);
+- EVP_DigestFinal(ctx, iv, &iv_len);
++
++ if (EVP_DigestFinal(ctx, iv, &iv_len) != 1) {
++ (void) pr_log_writefile(sftp_logfd, MOD_SFTP_VERSION,
++ "unable to finish MD context for '%s': %s", EVP_MD_name(hash),
++ sftp_crypto_get_errors());
++ free(iv);
++ errno = EINVAL;
++ return -1;
++ }
++
+ EVP_MD_CTX_destroy(ctx);
+
+ /* If we need more, keep hashing, as per RFC, until we have enough
+@@ -264,12 +290,37 @@ static int set_cipher_key(struct sftp_cipher *cipher, const EVP_MD *hash,
+ }
+
+ ctx = EVP_MD_CTX_create();
+- EVP_DigestInit(ctx, hash);
+- EVP_DigestUpdate(ctx, k, klen);
++ if (EVP_DigestInit(ctx, hash) != 1) {
++ (void) pr_log_writefile(sftp_logfd, MOD_SFTP_VERSION,
++ "unable to initialize MD context for '%s': %s", EVP_MD_name(hash),
++ sftp_crypto_get_errors());
++ free(key);
++ errno = EINVAL;
++ return -1;
++ }
++
++ if (EVP_DigestUpdate(ctx, k, klen) != 1) {
++ (void) pr_log_writefile(sftp_logfd, MOD_SFTP_VERSION,
++ "unable to update MD context for '%s': %s", EVP_MD_name(hash),
++ sftp_crypto_get_errors());
++ free(key);
++ errno = EINVAL;
++ return -1;
++ }
++
+ EVP_DigestUpdate(ctx, h, hlen);
+ EVP_DigestUpdate(ctx, letter, sizeof(char));
+ EVP_DigestUpdate(ctx, (char *) id, id_len);
+- EVP_DigestFinal(ctx, key, &key_len);
++
++ if (EVP_DigestFinal(ctx, key, &key_len) != 1) {
++ (void) pr_log_writefile(sftp_logfd, MOD_SFTP_VERSION,
++ "unable to finish MD context for '%s': %s", EVP_MD_name(hash),
++ sftp_crypto_get_errors());
++ free(key);
++ errno = EINVAL;
++ return -1;
++ }
++
+ EVP_MD_CTX_destroy(ctx);
+
+ pr_trace_msg(trace_channel, 19, "hashed data to produce key (%lu bytes)",
+@@ -507,7 +558,19 @@ int sftp_cipher_set_read_key(pool *p, const EVP_MD *hash, const BIGNUM *k,
+ }
+
+ pr_memscrub(ptr, bufsz);
+- sftp_cipher_set_block_size(EVP_CIPHER_block_size(cipher->cipher));
++
++ if (strcmp(cipher->algo, "aes128-ctr") == 0 ||
++ strcmp(cipher->algo, "aes192-ctr") == 0 ||
++ strcmp(cipher->algo, "aes256-ctr") == 0) {
++ /* For some reason, OpenSSL returns 8 for the AES block size (even
++ * though the AES block size is 16, per RFC 5647), but OpenSSH wants 16.
++ */
++ sftp_cipher_set_block_size(16);
++
++ } else {
++ sftp_cipher_set_block_size(EVP_CIPHER_block_size(cipher->cipher));
++ }
++
+ return 0;
+ }
+
+diff --git a/contrib/mod_sftp/configure b/contrib/mod_sftp/configure
+index f0cd88d445..0907fdbd14 100755
+--- a/contrib/mod_sftp/configure
++++ b/contrib/mod_sftp/configure
+@@ -3865,6 +3865,88 @@ $as_echo "no" >&6; }
+ LIBS="$saved_libs"
+
+
++fi
++rm -f core conftest.err conftest.$ac_objext \
++ conftest$ac_exeext conftest.$ac_ext
++
++LIBS=`echo "$LIBS" | sed -e 's/-lsupp//g'`;
++LIBS="-lcrypto $LIBS"
++
++{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether OpenSSL supports EVP_aes_128_ctr" >&5
++$as_echo_n "checking whether OpenSSL supports EVP_aes_128_ctr... " >&6; }
++cat confdefs.h - <<_ACEOF >conftest.$ac_ext
++/* end confdefs.h. */
++
++ #include <openssl/evp.h>
++
++int
++main ()
++{
++
++ EVP_CIPHER *cipher;
++ cipher = EVP_aes_128_ctr();
++
++ ;
++ return 0;
++}
++_ACEOF
++if ac_fn_c_try_link "$LINENO"; then :
++
++ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
++$as_echo "yes" >&6; }
++
++$as_echo "#define HAVE_EVP_AES_128_CTR_OPENSSL 1" >>confdefs.h
++
++ LIBS="$saved_libs"
++
++else
++
++ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
++$as_echo "no" >&6; }
++ LIBS="$saved_libs"
++
++
++fi
++rm -f core conftest.err conftest.$ac_objext \
++ conftest$ac_exeext conftest.$ac_ext
++
++LIBS=`echo "$LIBS" | sed -e 's/-lsupp//g'`;
++LIBS="-lcrypto $LIBS"
++
++{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether OpenSSL supports EVP_aes_192_ctr" >&5
++$as_echo_n "checking whether OpenSSL supports EVP_aes_192_ctr... " >&6; }
++cat confdefs.h - <<_ACEOF >conftest.$ac_ext
++/* end confdefs.h. */
++
++ #include <openssl/evp.h>
++
++int
++main ()
++{
++
++ EVP_CIPHER *cipher;
++ cipher = EVP_aes_192_ctr();
++
++ ;
++ return 0;
++}
++_ACEOF
++if ac_fn_c_try_link "$LINENO"; then :
++
++ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
++$as_echo "yes" >&6; }
++
++$as_echo "#define HAVE_EVP_AES_192_CTR_OPENSSL 1" >>confdefs.h
++
++ LIBS="$saved_libs"
++
++else
++
++ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
++$as_echo "no" >&6; }
++ LIBS="$saved_libs"
++
++
+ fi
+ rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+@@ -3906,6 +3988,47 @@ $as_echo "no" >&6; }
+ LIBS="$saved_libs"
+
+
++fi
++rm -f core conftest.err conftest.$ac_objext \
++ conftest$ac_exeext conftest.$ac_ext
++
++LIBS=`echo "$LIBS" | sed -e 's/-lsupp//g'`;
++LIBS="-lcrypto $LIBS"
++
++{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether OpenSSL supports OSSL_PROVIDER_load" >&5
++$as_echo_n "checking whether OpenSSL supports OSSL_PROVIDER_load... " >&6; }
++cat confdefs.h - <<_ACEOF >conftest.$ac_ext
++/* end confdefs.h. */
++
++ #include <openssl/provider.h>
++
++int
++main ()
++{
++
++ OSSL_PROVIDER *provider;
++ provider = OSSL_PROVIDER_load(NULL, "default");
++
++ ;
++ return 0;
++}
++_ACEOF
++if ac_fn_c_try_link "$LINENO"; then :
++
++ { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
++$as_echo "yes" >&6; }
++
++$as_echo "#define HAVE_OSSL_PROVIDER_LOAD_OPENSSL 1" >>confdefs.h
++
++ LIBS="$saved_libs"
++
++else
++
++ { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
++$as_echo "no" >&6; }
++ LIBS="$saved_libs"
++
++
+ fi
+ rm -f core conftest.err conftest.$ac_objext \
+ conftest$ac_exeext conftest.$ac_ext
+diff --git a/contrib/mod_sftp/configure.in b/contrib/mod_sftp/configure.in
+index b45d434fec..690efef3da 100644
+--- a/contrib/mod_sftp/configure.in
++++ b/contrib/mod_sftp/configure.in
+@@ -1,5 +1,5 @@
+ dnl ProFTPD - mod_sftp
+-dnl Copyright (c) 2012-2019 TJ Saunders <tj at castaglia.org>
++dnl Copyright (c) 2012-2022 TJ Saunders <tj at castaglia.org>
+ dnl
+ dnl This program is free software; you can redistribute it and/or modify
+ dnl it under the terms of the GNU General Public License as published by
+@@ -206,6 +206,54 @@ dnl Splice out -lsupp, since that library hasn't been built yet
+ LIBS=`echo "$LIBS" | sed -e 's/-lsupp//g'`;
+ LIBS="-lcrypto $LIBS"
+
++AC_MSG_CHECKING([whether OpenSSL supports EVP_aes_128_ctr])
++AC_TRY_LINK(
++ [
++ #include <openssl/evp.h>
++ ],
++ [
++ EVP_CIPHER *cipher;
++ cipher = EVP_aes_128_ctr();
++ ],
++ [
++ AC_MSG_RESULT(yes)
++ AC_DEFINE(HAVE_EVP_AES_128_CTR_OPENSSL, 1, [OpenSSL supports EVP_aes_128_ctr])
++ LIBS="$saved_libs"
++ ],
++ [
++ AC_MSG_RESULT(no)
++ LIBS="$saved_libs"
++ ]
++)
++
++dnl Splice out -lsupp, since that library hasn't been built yet
++LIBS=`echo "$LIBS" | sed -e 's/-lsupp//g'`;
++LIBS="-lcrypto $LIBS"
++
++AC_MSG_CHECKING([whether OpenSSL supports EVP_aes_192_ctr])
++AC_TRY_LINK(
++ [
++ #include <openssl/evp.h>
++ ],
++ [
++ EVP_CIPHER *cipher;
++ cipher = EVP_aes_192_ctr();
++ ],
++ [
++ AC_MSG_RESULT(yes)
++ AC_DEFINE(HAVE_EVP_AES_192_CTR_OPENSSL, 1, [OpenSSL supports EVP_aes_192_ctr])
++ LIBS="$saved_libs"
++ ],
++ [
++ AC_MSG_RESULT(no)
++ LIBS="$saved_libs"
++ ]
++)
++
++dnl Splice out -lsupp, since that library hasn't been built yet
++LIBS=`echo "$LIBS" | sed -e 's/-lsupp//g'`;
++LIBS="-lcrypto $LIBS"
++
+ AC_MSG_CHECKING([whether OpenSSL supports EVP_aes_256_ctr])
+ AC_TRY_LINK(
+ [
+@@ -226,6 +274,30 @@ AC_TRY_LINK(
+ ]
+ )
+
++dnl Splice out -lsupp, since that library hasn't been built yet
++LIBS=`echo "$LIBS" | sed -e 's/-lsupp//g'`;
++LIBS="-lcrypto $LIBS"
++
++AC_MSG_CHECKING([whether OpenSSL supports OSSL_PROVIDER_load])
++AC_TRY_LINK(
++ [
++ #include <openssl/provider.h>
++ ],
++ [
++ OSSL_PROVIDER *provider;
++ provider = OSSL_PROVIDER_load(NULL, "default");
++ ],
++ [
++ AC_MSG_RESULT(yes)
++ AC_DEFINE(HAVE_OSSL_PROVIDER_LOAD_OPENSSL, 1, [OpenSSL supports OSSL_PROVIDER_load])
++ LIBS="$saved_libs"
++ ],
++ [
++ AC_MSG_RESULT(no)
++ LIBS="$saved_libs"
++ ]
++)
++
+ LIBS="$saved_libs"
+
+ INCLUDES="$ac_build_addl_includes"
+diff --git a/contrib/mod_sftp/crypto.c b/contrib/mod_sftp/crypto.c
+index e9d776bcde..3ff94d4b3e 100644
+--- a/contrib/mod_sftp/crypto.c
++++ b/contrib/mod_sftp/crypto.c
+@@ -1,6 +1,6 @@
+ /*
+ * ProFTPD - mod_sftp OpenSSL interface
+- * Copyright (c) 2008-2017 TJ Saunders
++ * Copyright (c) 2008-2022 TJ Saunders
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+@@ -983,13 +983,25 @@ const EVP_CIPHER *sftp_crypto_get_cipher(const char *name, size_t *key_len,
+ # endif /* !OPENSSL_NO_DES */
+
+ } else if (strncmp(name, "aes256-ctr", 11) == 0) {
++# if defined(HAVE_EVP_AES_256_CTR_OPENSSL)
++ cipher = EVP_aes_256_ctr();
++# else
+ cipher = get_aes_ctr_cipher(32);
++# endif /* HAVE_EVP_AES_256_CTR_OPENSSL */
+
+ } else if (strncmp(name, "aes192-ctr", 11) == 0) {
++# if defined(HAVE_EVP_AES_192_CTR_OPENSSL)
++ cipher = EVP_aes_192_ctr();
++# else
+ cipher = get_aes_ctr_cipher(24);
++# endif /* HAVE_EVP_AES_192_CTR_OPENSSL */
+
+ } else if (strncmp(name, "aes128-ctr", 11) == 0) {
++# if defined(HAVE_EVP_AES_128_CTR_OPENSSL)
++ cipher = EVP_aes_128_ctr();
++# else
+ cipher = get_aes_ctr_cipher(16);
++# endif /* HAVE_EVP_AES_128_CTR_OPENSSL */
+ #endif /* OpenSSL older than 0.9.7 */
+
+ } else {
+diff --git a/contrib/mod_sftp/keys.c b/contrib/mod_sftp/keys.c
+index c6b88cf4de..54f19321db 100644
+--- a/contrib/mod_sftp/keys.c
++++ b/contrib/mod_sftp/keys.c
+@@ -1,6 +1,6 @@
+ /*
+ * ProFTPD - mod_sftp key mgmt (keys)
+- * Copyright (c) 2008-2021 TJ Saunders
++ * Copyright (c) 2008-2022 TJ Saunders
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+@@ -2903,7 +2903,7 @@ static int decrypt_openssh_data(pool *p, const char *path,
+ * trailing AEAD bytes. Need to fix that in the future.
+ */
+
+- if (EVP_Cipher(cipher_ctx, buf, encrypted_data, encrypted_len) != 1) {
++ if (EVP_Cipher(cipher_ctx, buf, encrypted_data, encrypted_len) < 0) {
+ /* This might happen due to a wrong/bad passphrase. */
+ pr_trace_msg(trace_channel, 3,
+ "error decrypting %s data for key: %s", cipher->algo,
+diff --git a/contrib/mod_sftp/mod_sftp.c b/contrib/mod_sftp/mod_sftp.c
+index b84b1a77b6..f53407e88e 100644
+--- a/contrib/mod_sftp/mod_sftp.c
++++ b/contrib/mod_sftp/mod_sftp.c
+@@ -1,6 +1,6 @@
+ /*
+ * ProFTPD - mod_sftp
+- * Copyright (c) 2008-2020 TJ Saunders
++ * Copyright (c) 2008-2022 TJ Saunders
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+@@ -72,6 +72,10 @@ static const char *sftp_server_version = SFTP_ID_DEFAULT_STRING;
+ #define SFTP_HOSTKEY_FL_CLEAR_ECDSA_KEY 0x004
+ #define SFTP_HOSTKEY_FL_CLEAR_ED25519_KEY 0x008
+
++#if defined(HAVE_OSSL_PROVIDER_LOAD_OPENSSL)
++static OSSL_PROVIDER *legacy_provider = NULL;
++#endif /* HAVE_OSSL_PROVIDER_LOAD_OPENSSL */
++
+ static const char *trace_channel = "ssh2";
+
+ static int sftp_have_authenticated(cmd_rec *cmd) {
+@@ -1881,6 +1885,13 @@ static void sftp_shutdown_ev(const void *event_data, void *user_data) {
+ /* Clean up the OpenSSL stuff. */
+ sftp_crypto_free(0);
+
++#if defined(HAVE_OSSL_PROVIDER_LOAD_OPENSSL)
++ if (legacy_provider != NULL) {
++ OSSL_PROVIDER_unload(legacy_provider);
++ legacy_provider = NULL;
++ }
++#endif /* HAVE_OSSL_PROVIDER_LOAD_OPENSSL */
++
+ destroy_pool(sftp_pool);
+ sftp_pool = NULL;
+
+@@ -2035,6 +2046,13 @@ static int sftp_init(void) {
+ }
+ #endif /* HAVE_SODIUM_H */
+
++#if defined(HAVE_OSSL_PROVIDER_LOAD_OPENSSL)
++ /* Load the "legacy" OpenSSL algorithm provider, for those SSH algorithms
++ * that require support of algorithms that OpenSSL deemed "legacy".
++ */
++ legacy_provider = OSSL_PROVIDER_load(NULL, "legacy");
++#endif /* HAVE_OSSL_PROVIDER_LOAD_OPENSSL */
++
+ sftp_keystore_init();
+ sftp_cipher_init();
+ sftp_mac_init();
+diff --git a/contrib/mod_sftp/mod_sftp.h.in b/contrib/mod_sftp/mod_sftp.h.in
+index 065981c313..9af590e8e3 100644
+--- a/contrib/mod_sftp/mod_sftp.h.in
++++ b/contrib/mod_sftp/mod_sftp.h.in
+@@ -1,6 +1,6 @@
+ /*
+ * ProFTPD - mod_sftp
+- * Copyright (c) 2008-2020 TJ Saunders
++ * Copyright (c) 2008-2022 TJ Saunders
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+@@ -49,9 +49,18 @@
+ /* Define if you have OpenSSL with crippled AES support. */
+ #undef HAVE_AES_CRIPPLED_OPENSSL
+
++/* Define if you have OpenSSL with EVP_aes_128_ctr support. */
++#undef HAVE_EVP_AES_128_CTR_OPENSSL
++
++/* Define if you have OpenSSL with EVP_aes_192_ctr support. */
++#undef HAVE_EVP_AES_192_CTR_OPENSSL
++
+ /* Define if you have OpenSSL with EVP_aes_256_ctr support. */
+ #undef HAVE_EVP_AES_256_CTR_OPENSSL
+
++/* Define if you have OpenSSL with OSSL_PROVIDER_load support. */
++#undef HAVE_OSSL_PROVIDER_LOAD_OPENSSL
++
+ /* Define if you have OpenSSL with SHA256 support. */
+ #undef HAVE_SHA256_OPENSSL
+
+@@ -93,6 +102,9 @@
+ # include <openssl/ec.h>
+ # include <openssl/ecdh.h>
+ #endif /* PR_USE_OPENSSL_ECC */
++#if defined(HAVE_OSSL_PROVIDER_LOAD_OPENSSL)
++# include <openssl/provider.h>
++#endif /* HAVE_OSSL_PROVIDER_LOAD_OPENSSL */
+
+ /* Define if you have the LibreSSL library. */
+ #if defined(LIBRESSL_VERSION_NUMBER)
View it on GitLab: https://salsa.debian.org/debian-proftpd-team/proftpd/-/commit/63216d19dba01081e9b0cecef9841c5d748bc2b5
--
View it on GitLab: https://salsa.debian.org/debian-proftpd-team/proftpd/-/commit/63216d19dba01081e9b0cecef9841c5d748bc2b5
You're receiving this email because of your account on salsa.debian.org.
More information about the Pkg-proftpd-maintainers
mailing list