2 files changed, 79 insertions, 1 deletions

diff --git a/security/openssl/Makefile b/security/openssl/Makefile
index 36ea03466332..1a4cd8577ae7 100644
--- a/security/openssl/Makefile
+++ b/security/openssl/Makefile
@@ -7,6 +7,7 @@
 
 PORTNAME=	openssl
 PORTVERSION=	0.9.7a
+PORTREVISION=	1
 CATEGORIES=	security devel
 MASTER_SITES=	http://www.openssl.org/source/ \
 		ftp://ftp.openssl.org/source/ \
@@ -22,6 +23,7 @@ COMMENT=	SSL and crypto library
 
 MAKE_ENV+=	MANPREFIX=${MANPREFIX}
 NOPRECIOUSMAKEVARS=	Too many _MLINKS for fetch
+USE_PERL5_BUILD=	yes
 
 MAN1=	CA.pl.1 asn1parse.1 ca.1 ciphers.1 crl.1 crl2pkcs7.1 dgst.1 dhparam.1 \
 	dsa.1 dsaparam.1 enc.1 gendsa.1 genrsa.1 nseq.1 ocsp.1 openssl.1 \
@@ -821,7 +823,6 @@ MAKE_ARGS+=	WHOLE_ARCHIVE_FLAG=-Bforcearchive
 MAKE_ARGS+=	WHOLE_ARCHIVE_FLAG=--whole-archive
 .endif
 
-USE_PERL5=	yes
 .if defined(NOSHARED)
 PLIST_SUB+=	SHARED="@comment "
 .else
diff --git a/security/openssl/files/patch-security b/security/openssl/files/patch-security
new file mode 100644
index 000000000000..4e3eefb36688
--- /dev/null
+++ b/security/openssl/files/patch-security
@@ -0,0 +1,77 @@
+Index: crypto/rsa/rsa_eay.c
+===================================================================
+RCS file: /e/openssl/cvs/openssl/crypto/rsa/rsa_eay.c,v
+retrieving revision 1.28.2.3
+diff -u -r1.28.2.3 rsa_eay.c
+--- crypto/rsa/rsa_eay.c	30 Jan 2003 17:37:46 -0000	1.28.2.3
++++ crypto/rsa/rsa_eay.c	16 Mar 2003 10:34:13 -0000
+@@ -195,6 +195,25 @@
+ 	return(r);
+ 	}
+ 
++static int rsa_eay_blinding(RSA *rsa, BN_CTX *ctx)
++	{
++	int ret = 1;
++	CRYPTO_w_lock(CRYPTO_LOCK_RSA);
++	/* Check again inside the lock - the macro's check is racey */
++	if(rsa->blinding == NULL)
++		ret = RSA_blinding_on(rsa, ctx);
++	CRYPTO_w_unlock(CRYPTO_LOCK_RSA);
++	return ret;
++	}
++
++#define BLINDING_HELPER(rsa, ctx, err_instr) \
++	do { \
++		if(((rsa)->flags & RSA_FLAG_BLINDING) && \
++				((rsa)->blinding == NULL) && \
++				!rsa_eay_blinding(rsa, ctx)) \
++			err_instr \
++	} while(0)
++
+ /* signing */
+ static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
+ 	     unsigned char *to, RSA *rsa, int padding)
+@@ -239,8 +258,8 @@
+ 		goto err;
+ 		}
+ 
+-	if ((rsa->flags & RSA_FLAG_BLINDING) && (rsa->blinding == NULL))
+-		RSA_blinding_on(rsa,ctx);
++	BLINDING_HELPER(rsa, ctx, goto err;);
++
+ 	if (rsa->flags & RSA_FLAG_BLINDING)
+ 		if (!BN_BLINDING_convert(&f,rsa->blinding,ctx)) goto err;
+ 
+@@ -318,8 +337,8 @@
+ 		goto err;
+ 		}
+ 
+-	if ((rsa->flags & RSA_FLAG_BLINDING) && (rsa->blinding == NULL))
+-		RSA_blinding_on(rsa,ctx);
++	BLINDING_HELPER(rsa, ctx, goto err;);
++
+ 	if (rsa->flags & RSA_FLAG_BLINDING)
+ 		if (!BN_BLINDING_convert(&f,rsa->blinding,ctx)) goto err;
+ 
+Index: crypto/rsa/rsa_lib.c
+===================================================================
+RCS file: /e/openssl/cvs/openssl/crypto/rsa/rsa_lib.c,v
+retrieving revision 1.30.2.2
+diff -u -r1.30.2.2 rsa_lib.c
+--- crypto/rsa/rsa_lib.c	30 Jan 2003 17:37:46 -0000	1.30.2.2
++++ crypto/rsa/rsa_lib.c	16 Mar 2003 10:34:13 -0000
+@@ -72,7 +72,13 @@
+ 
+ RSA *RSA_new(void)
+ 	{
+-	return(RSA_new_method(NULL));
++	RSA *r=RSA_new_method(NULL);
++
++#ifndef OPENSSL_NO_FORCE_RSA_BLINDING
++	r->flags|=RSA_FLAG_BLINDING;
++#endif
++
++	return r;
+ 	}
+ 
+ void RSA_set_default_method(const RSA_METHOD *meth)