Blame SOURCES/bacula-use-crypto-from-openssl.patch

151342
Author: Vaclav Dolezal <vdolezal@redhat.com>
151342
Date:   Mon Aug 12 14:51:39 2019 +0200
151342
151342
    Use functions from OpenSSL for HMAC, MD5 and random bytes
151342
151342
diff -up bacula-11.0.1/src/dird/dird_conf.c.orig bacula-11.0.1/src/dird/dird_conf.c
151342
--- bacula-11.0.1/src/dird/dird_conf.c.orig	2021-02-05 22:23:44.000000000 +0100
151342
+++ bacula-11.0.1/src/dird/dird_conf.c	2022-02-11 19:43:38.870718113 +0100
151342
@@ -43,6 +43,10 @@
151342
 #include "bacula.h"
151342
 #include "dird.h"
151342
 
151342
+#if HAVE_OPENSSL
151342
+# include <openssl/evp.h>
151342
+#endif
151342
+
151342
 /* Define the first and last resource ID record
151342
  * types. Note, these should be unique for each
151342
  * daemon though not a requirement.
151342
@@ -1783,6 +1787,11 @@ void free_resource(RES *rres, int type)
151342
          free(res->res_fs.exclude_items);
151342
       }
151342
       res->res_fs.num_excludes = 0;
151342
+#if HAVE_OPENSSL
151342
+      EVP_MD_CTX_free(res->res_fs.md5c);
151342
+      res->res_fs.md5c = NULL;
151342
+      res->res_fs.have_MD5 = false;
151342
+#endif
151342
       break;
151342
    case R_POOL:
151342
       if (res->res_pool.pool_type) {
151342
diff -up bacula-11.0.1/src/dird/dird_conf.h.orig bacula-11.0.1/src/dird/dird_conf.h
151342
--- bacula-11.0.1/src/dird/dird_conf.h.orig	2021-02-05 22:23:44.000000000 +0100
151342
+++ bacula-11.0.1/src/dird/dird_conf.h	2022-02-11 19:43:38.870718113 +0100
151342
@@ -25,6 +25,10 @@
151342
 
151342
 /* NOTE:  #includes at the end of this file */
151342
 
151342
+#if HAVE_OPENSSL
151342
+# include <openssl/evp.h>
151342
+#endif
151342
+
151342
 /*
151342
  * Resource codes -- they must be sequential for indexing
151342
  */
151342
@@ -608,7 +612,11 @@ public:
151342
    INCEXE **exclude_items;
151342
    int32_t num_excludes;
151342
    bool have_MD5;                     /* set if MD5 initialized */
151342
+#if HAVE_OPENSSL
151342
+   EVP_MD_CTX *md5c;                  /* MD5 of include/exclude */
151342
+#else
151342
    struct MD5Context md5c;            /* MD5 of include/exclude */
151342
+#endif
151342
    char MD5[30];                      /* base 64 representation of MD5 */
151342
    bool ignore_fs_changes;            /* Don't force Full if FS changed */
151342
    bool enable_vss;                   /* Enable Volume Shadow Copy */
151342
diff -up bacula-11.0.1/src/dird/inc_conf.c.orig bacula-11.0.1/src/dird/inc_conf.c
151342
--- bacula-11.0.1/src/dird/inc_conf.c.orig	2021-02-05 22:23:44.000000000 +0100
151342
+++ bacula-11.0.1/src/dird/inc_conf.c	2022-02-11 19:43:38.870718113 +0100
151342
@@ -32,6 +32,10 @@
151342
 #include <regex.h>
151342
 #endif
151342
 
151342
+#if HAVE_OPENSSL
151342
+# include <openssl/evp.h>
151342
+#endif
151342
+
151342
 /* Forward referenced subroutines */
151342
 
151342
 void store_inc(LEX *lc, RES_ITEM *item, int index, int pass);
151342
@@ -390,7 +394,17 @@ static void store_newinc(LEX *lc, RES_IT
151342
    bool options;
151342
 
151342
    if (!res_all.res_fs.have_MD5) {
151342
+#if HAVE_OPENSSL
151342
+      res_all.res_fs.md5c = EVP_MD_CTX_new();
151342
+      if (!res_all.res_fs.md5c
151342
+         || !EVP_DigestInit_ex(res_all.res_fs.md5c, EVP_md5(), NULL)
151342
+      ) {
151342
+         Emsg1(M_ERROR_TERM, 0, "MD5 computation failed: %s\n",
151342
+               ERR_reason_error_string(ERR_peek_last_error()));
151342
+      }
151342
+#else
151342
       MD5Init(&res_all.res_fs.md5c);
151342
+#endif
151342
       res_all.res_fs.have_MD5 = true;
151342
    }
151342
    bmemset(&res_incexe, 0, sizeof(INCEXE));
151342
@@ -656,7 +670,13 @@ static void store_fname(LEX *lc, RES_ITE
151342
          }
151342
       case T_QUOTED_STRING:
151342
          if (res_all.res_fs.have_MD5) {
151342
+#if HAVE_OPENSSL
151342
+            if (!EVP_DigestUpdate(res_all.res_fs.md5c, (void *)lc->str, (size_t) lc->str_len))
151342
+               Emsg1(M_ERROR_TERM, 0, "MD5 computation failed: %s\n",
151342
+                     ERR_reason_error_string(ERR_peek_last_error()));
151342
+#else
151342
             MD5Update(&res_all.res_fs.md5c, (unsigned char *)lc->str, lc->str_len);
151342
+#endif
151342
          }
151342
          incexe = &res_incexe;
151342
          if (incexe->name_list.size() == 0) {
151342
@@ -699,7 +719,13 @@ static void store_plugin_name(LEX *lc, R
151342
          }
151342
       case T_QUOTED_STRING:
151342
          if (res_all.res_fs.have_MD5) {
151342
+#if HAVE_OPENSSL
151342
+            if (!EVP_DigestUpdate(res_all.res_fs.md5c, (void *)lc->str, (size_t) lc->str_len))
151342
+               Emsg1(M_ERROR_TERM, 0, "MD5 computation failed: %s\n",
151342
+                     ERR_reason_error_string(ERR_peek_last_error()));
151342
+#else
151342
             MD5Update(&res_all.res_fs.md5c, (unsigned char *)lc->str, lc->str_len);
151342
+#endif
151342
          }
151342
          incexe = &res_incexe;
151342
          if (incexe->plugin_list.size() == 0) {
151342
diff -up bacula-11.0.1/src/dird/job.c.orig bacula-11.0.1/src/dird/job.c
151342
--- bacula-11.0.1/src/dird/job.c.orig	2021-02-05 22:23:44.000000000 +0100
151342
+++ bacula-11.0.1/src/dird/job.c	2022-02-11 19:43:38.871718095 +0100
151342
@@ -27,6 +27,10 @@
151342
 #include "bacula.h"
151342
 #include "dird.h"
151342
 
151342
+#if HAVE_OPENSSL
151342
+# include <openssl/evp.h>
151342
+#endif
151342
+
151342
 /* Forward referenced subroutines */
151342
 static void *job_thread(void *arg);
151342
 static void job_monitor_watchdog(watchdog_t *self);
151342
@@ -1342,10 +1346,27 @@ bool get_or_create_fileset_record(JCR *j
151342
    memset(&fsr, 0, sizeof(FILESET_DBR));
151342
    bstrncpy(fsr.FileSet, jcr->fileset->hdr.name, sizeof(fsr.FileSet));
151342
    if (jcr->fileset->have_MD5) {
151342
+#if HAVE_OPENSSL
151342
+      EVP_MD_CTX *mdctx = EVP_MD_CTX_new();
151342
+      if (!mdctx)
151342
+         Emsg1(M_ERROR_TERM, 0, "MD5 computation failed: %s\n",
151342
+               ERR_reason_error_string(ERR_peek_last_error()));
151342
+#else
151342
       struct MD5Context md5c;
151342
+#endif
151342
       unsigned char digest[MD5HashSize];
151342
+#if HAVE_OPENSSL
151342
+      if (!EVP_MD_CTX_copy_ex(mdctx, jcr->fileset->md5c)
151342
+         || !EVP_DigestFinal_ex(mdctx, digest, NULL)
151342
+      ) {
151342
+         Emsg1(M_ERROR_TERM, 0, "MD5 computation failed: %s\n",
151342
+               ERR_reason_error_string(ERR_peek_last_error()));
151342
+      }
151342
+      EVP_MD_CTX_free(mdctx);
151342
+#else
151342
       memcpy(&md5c, &jcr->fileset->md5c, sizeof(md5c));
151342
       MD5Final(digest, &md5c);
151342
+#endif
151342
       /*
151342
        * Keep the flag (last arg) set to false otherwise old FileSets will
151342
        * get new MD5 sums and the user will get Full backups on everything
151342
diff -up bacula-11.0.1/src/lib/hmac.c.orig bacula-11.0.1/src/lib/hmac.c
151342
--- bacula-11.0.1/src/lib/hmac.c.orig	2021-02-05 22:23:44.000000000 +0100
151342
+++ bacula-11.0.1/src/lib/hmac.c	2022-02-11 19:43:38.871718095 +0100
151342
@@ -26,6 +26,10 @@
151342
  */
151342
 #include "bacula.h"
151342
 
151342
+#if HAVE_OPENSSL
151342
+# include <openssl/hmac.h>
151342
+#endif
151342
+
151342
 #define PAD_LEN 64           /* PAD length */
151342
 #define SIG_LEN MD5HashSize  /* MD5 digest length */
151342
 
151342
@@ -36,6 +40,19 @@ hmac_md5(
151342
     uint8_t*  key,             /* pointer to authentication key */
151342
     int   key_len,             /* length of authentication key */
151342
     uint8_t  *hmac)            /* returned hmac-md5 */
151342
+#if HAVE_OPENSSL
151342
+{
151342
+    if (!HMAC(
151342
+        EVP_md5(),
151342
+        key, key_len,
151342
+        text, text_len,
151342
+        hmac, NULL
151342
+    )) {
151342
+        Emsg0(M_ERROR_TERM, 0, "HMAC computation failed\n");
151342
+    }
151342
+
151342
+}
151342
+#else
151342
 {
151342
    MD5Context md5c;
151342
    uint8_t k_ipad[PAD_LEN];    /* inner padding - key XORd with ipad */
151342
@@ -90,6 +107,7 @@ hmac_md5(
151342
    MD5Update(&md5c, hmac, SIG_LEN);   /* hash inner hash */
151342
    MD5Final(hmac, &md5c);             /* store results */
151342
 }
151342
+#endif
151342
 /*
151342
 Test Vectors (Trailing '\0' of a character string not included in test):
151342
 
151342
diff -up bacula-11.0.1/src/lib/parse_conf.c.orig bacula-11.0.1/src/lib/parse_conf.c
151342
--- bacula-11.0.1/src/lib/parse_conf.c.orig	2021-02-05 22:23:44.000000000 +0100
151342
+++ bacula-11.0.1/src/lib/parse_conf.c	2022-02-11 19:43:38.871718095 +0100
151342
@@ -59,6 +59,10 @@
151342
 #define MAX_PATH  1024
151342
 #endif
151342
 
151342
+#if HAVE_OPENSSL
151342
+# include <openssl/evp.h>
151342
+#endif
151342
+
151342
 /*
151342
  * Define the Union of all the common resource structure definitions.
151342
  */
151342
@@ -588,7 +592,11 @@ void store_dir(LEX *lc, RES_ITEM *item,
151342
 void store_password(LEX *lc, RES_ITEM *item, int index, int pass)
151342
 {
151342
    unsigned int i, j;
151342
+#if HAVE_OPENSSL
151342
+   EVP_MD_CTX *mdctx = NULL;
151342
+#else
151342
    struct MD5Context md5c;
151342
+#endif
151342
    unsigned char digest[CRYPTO_DIGEST_MD5_SIZE];
151342
    char sig[100];
151342
 
151342
@@ -598,9 +606,21 @@ void store_password(LEX *lc, RES_ITEM *i
151342
    } else {
151342
       lex_get_token(lc, T_STRING);
151342
       if (pass == 1) {
151342
+#if HAVE_OPENSSL
151342
+         mdctx = EVP_MD_CTX_new();
151342
+         if (!mdctx
151342
+            || !EVP_DigestInit_ex(mdctx, EVP_md5(), NULL)
151342
+            || !EVP_DigestUpdate(mdctx, (const void *) lc->str, (size_t) lc->str_len)
151342
+            || !EVP_DigestFinal_ex(mdctx, digest, NULL)
151342
+         ) {
151342
+            Emsg1(M_ERROR_TERM, 0, "MD5 computation failed: %s\n",
151342
+                  ERR_reason_error_string(ERR_peek_last_error()));
151342
+         }
151342
+#else
151342
          MD5Init(&md5c);
151342
          MD5Update(&md5c, (unsigned char *) (lc->str), lc->str_len);
151342
          MD5Final(digest, &md5c);
151342
+#endif
151342
          for (i = j = 0; i < sizeof(digest); i++) {
151342
             sprintf(&sig[j], "%02x", digest[i]);
151342
             j += 2;
151342
diff -up bacula-11.0.1/src/lib/util.c.orig bacula-11.0.1/src/lib/util.c
151342
--- bacula-11.0.1/src/lib/util.c.orig	2021-02-05 22:23:44.000000000 +0100
151342
+++ bacula-11.0.1/src/lib/util.c	2022-02-11 19:43:38.872718077 +0100
151342
@@ -707,6 +707,35 @@ int do_shell_expansion(char *name, int n
151342
     from SpeakFreely by John Walker */
151342
 
151342
 void make_session_key(char *key, char *seed, int mode)
151342
+#if HAVE_OPENSSL
151342
+{
151342
+   int j, k;
151342
+   unsigned char buf[16];
151342
+
151342
+   (void) seed;
151342
+
151342
+   if (!RAND_bytes(buf, sizeof(buf)))
151342
+       Emsg1(M_ERROR_TERM, 0, "Random bytes generation failed: %s\n",
151342
+             ERR_reason_error_string(ERR_peek_last_error()));
151342
+
151342
+   if (mode) {
151342
+     for (j = k = 0; j < 16; j++) {
151342
+        unsigned char rb = buf[j];
151342
+
151342
+#define Rad16(x) ((x) + 'A')
151342
+        key[k++] = Rad16((rb >> 4) & 0xF);
151342
+        key[k++] = Rad16(rb & 0xF);
151342
+#undef Rad16
151342
+        if (j & 1) {
151342
+           key[k++] = '-';
151342
+        }
151342
+     }
151342
+     key[--k] = 0;
151342
+   } else {
151342
+      memcpy(key, buf, sizeof(buf));
151342
+   }
151342
+}
151342
+#else
151342
 {
151342
    int j, k;
151342
    struct MD5Context md5c;
151342
@@ -790,6 +819,7 @@ void make_session_key(char *key, char *s
151342
    }
151342
 }
151342
 #undef nextrand
151342
+#endif
151342
 
151342
 void encode_session_key(char *encode, char *session, char *key, int maxlen)
151342
 {