Bug#859718: Please review patches for ssldump
Sebastian Andrzej Siewior
sebastian at breakpoint.cc
Fri Dec 15 20:41:09 UTC 2017
On 2017-12-14 01:58:25 [+0100], Hilko Bengen wrote:
> Control: tag -1 patch
>
> I have prepared patches for ssldump to
>
> (1) recognize OpenSSL 1.1 at configure time
>Index: ssldump/configure.in
>===================================================================
>--- ssldump.orig/configure.in
>+++ ssldump/configure.in
>@@ -187,8 +187,13 @@ if test "$ac_use_openssl" != "false"; th
> save_LDFLAGS=$LDFLAGS
> LIBS="-lssl -lcrypto $LIBS"
> LDFLAGS="-L$dir $LDFLAGS"
>- AC_TRY_LINK_FUNC(SSL_load_error_strings,ac_linked_libssl="true",
>- ac_linked_libssl="false");
>+ AC_TRY_LINK([
>+ #define OPENSSL_API_COMPAT 0x10000000L
you should not define this.
>+ #include <openssl/ssl.h>
>+ ],
>+ [SSL_load_error_strings()],
>+ ac_linked_libssl="true",
>+ ac_linked_libssl="false");
> AC_TRY_LINK_FUNC(RC4_set_key,ac_linked_libcrypto="true",
> ac_linked_libcrypto="false");
> if test "$ac_linked_libssl" != "false" -a \
> (2) deal with API changes
>Index: ssldump/ssl/ssl_rec.c
>===================================================================
>--- ssldump.orig/ssl/ssl_rec.c
>+++ ssldump/ssl/ssl_rec.c
>@@ -116,7 +116,7 @@ int ssl_create_rec_decoder(dp,cs,mk,sk,i
> dec->cs=cs;
> if(r=r_data_create(&dec->mac_key,mk,cs->dig_len))
> ABORT(r);
>- if(!(dec->evp=(EVP_CIPHER_CTX *)malloc(sizeof(EVP_CIPHER_CTX))))
>+ if(!(dec->evp=EVP_CIPHER_CTX_new()))
the counter part uses probably free() but should use
EVP_CIPHER_CTX_free() instead.
> ABORT(R_NO_MEMORY);
> EVP_CIPHER_CTX_init(dec->evp);
> EVP_CipherInit(dec->evp,ciph,sk,iv,0);
>@@ -228,35 +228,35 @@ static int tls_check_mac(d,ct,ver,data,d
> UINT4 datalen;
> UCHAR *mac;
> {
>- HMAC_CTX hm;
>+ HMAC_CTX *hm = HMAC_CTX_new();
`hm' can now be null. I assume that upstream would love if it would
still compile against 1.0.2 (which lacks HMAC_CTX_new()).
from the remaining part, nothing stands out.
> Cheers,
> -Hilko
>
Sebastian
More information about the Pkg-security-team
mailing list