aboutsummaryrefslogtreecommitdiff
path: root/security
diff options
context:
space:
mode:
authorOlli Hauer <ohauer@FreeBSD.org>2016-09-02 17:21:28 +0000
committerOlli Hauer <ohauer@FreeBSD.org>2016-09-02 17:21:28 +0000
commit90be07c84d0686089307f10a7fed1eed7980f35f (patch)
treee5119abe12da88e8567702ea3f23c2c4f9c616e4 /security
parenta08371a4c3586c2fbd1659f4ba29dc122ad77d6b (diff)
downloadports-90be07c84d0686089307f10a7fed1eed7980f35f.tar.gz
ports-90be07c84d0686089307f10a7fed1eed7980f35f.zip
Notes
Diffstat (limited to 'security')
-rw-r--r--security/nmap/files/patch-ncat_ncat__ssl.c29
-rw-r--r--security/nmap/files/patch-ncat_test_test-wildcard.c11
-rw-r--r--security/nmap/files/patch-nping_Crypto.cc38
-rw-r--r--security/nmap/files/patch-nse__openssl.cc47
-rw-r--r--security/nmap/files/patch-nse__ssl__cert.cc29
5 files changed, 154 insertions, 0 deletions
diff --git a/security/nmap/files/patch-ncat_ncat__ssl.c b/security/nmap/files/patch-ncat_ncat__ssl.c
new file mode 100644
index 000000000000..db7b5f4366e3
--- /dev/null
+++ b/security/nmap/files/patch-ncat_ncat__ssl.c
@@ -0,0 +1,29 @@
+--- ncat/ncat_ssl.c.orig 2016-08-01 09:34:56 UTC
++++ ncat/ncat_ssl.c
+@@ -315,7 +315,7 @@ static int cert_match_dnsname(X509 *cert
+
+ /* We must copy this address into a temporary variable because ASN1_item_d2i
+ increments it. We don't want it to corrupt ext->value->data. */
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ data = ext->value->data;
+ #else
+ ASN1_OCTET_STRING* asn1_str = X509_EXTENSION_get_data(ext);
+@@ -328,7 +328,7 @@ static int cert_match_dnsname(X509 *cert
+ presence of null bytes. */
+ #if (OPENSSL_VERSION_NUMBER > 0x00907000L)
+ if (method->it != NULL) {
+- #if OPENSSL_VERSION_NUMBER < 0x10100000L
++ #if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ gen_names = (STACK_OF(GENERAL_NAME) *) ASN1_item_d2i(NULL,
+ (const unsigned char **) &data,
+ ext->value->length, ASN1_ITEM_ptr(method->it));
+@@ -339,7 +339,7 @@ static int cert_match_dnsname(X509 *cert
+ asn1_str_a->length, ASN1_ITEM_ptr(method->it));
+ #endif
+ } else {
+- #if OPENSSL_VERSION_NUMBER < 0x10100000L
++ #if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ gen_names = (STACK_OF(GENERAL_NAME) *) method->d2i(NULL,
+ (const unsigned char **) &data,
+ ext->value->length);
diff --git a/security/nmap/files/patch-ncat_test_test-wildcard.c b/security/nmap/files/patch-ncat_test_test-wildcard.c
new file mode 100644
index 000000000000..517575df7d7a
--- /dev/null
+++ b/security/nmap/files/patch-ncat_test_test-wildcard.c
@@ -0,0 +1,11 @@
+--- ncat/test/test-wildcard.c.orig 2016-08-01 09:34:56 UTC
++++ ncat/test/test-wildcard.c
+@@ -253,7 +253,7 @@ static int set_dNSNames(X509 *cert, cons
+ if (gen_name == NULL)
+ goto stack_err;
+ gen_name->type = GEN_DNS;
+- #if OPENSSL_VERSION_NUMBER < 0x10100000L
++ #if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ gen_name->d.dNSName = M_ASN1_IA5STRING_new();
+ #else
+ gen_name->d.dNSName = ASN1_IA5STRING_new();
diff --git a/security/nmap/files/patch-nping_Crypto.cc b/security/nmap/files/patch-nping_Crypto.cc
new file mode 100644
index 000000000000..1094a929eb16
--- /dev/null
+++ b/security/nmap/files/patch-nping_Crypto.cc
@@ -0,0 +1,38 @@
+--- nping/Crypto.cc.orig 2016-08-01 09:34:56 UTC
++++ nping/Crypto.cc
+@@ -178,7 +178,7 @@ int Crypto::aes128_cbc_encrypt(u8 *inbuf
+ #ifdef HAVE_OPENSSL
+ if( o.doCrypto() ){
+ int flen=0, flen2=0;
+- #if OPENSSL_VERSION_NUMBER < 0x10100000L
++ #if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ EVP_CIPHER_CTX ctx;
+ EVP_CIPHER_CTX_init(&ctx);
+ EVP_CIPHER_CTX_set_padding(&ctx, 0);
+@@ -231,7 +231,7 @@ int Crypto::aes128_cbc_decrypt(u8 *inbuf
+ #ifdef HAVE_OPENSSL
+ if( o.doCrypto() ){
+ int flen1=0, flen2=0;
+- #if OPENSSL_VERSION_NUMBER < 0x10100000L
++ #if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ EVP_CIPHER_CTX ctx;
+ EVP_CIPHER_CTX_init(&ctx);
+ EVP_CIPHER_CTX_set_padding(&ctx, 0);
+@@ -286,7 +286,7 @@ int Crypto::aes128_cbc_decrypt(u8 *inbuf
+ //ERR_free_strings();
+ //ERR_pop_to_mark();
+ }
+- #if OPENSSL_VERSION_NUMBER < 0x10100000L
++ #if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ EVP_CIPHER_CTX_cleanup(&ctx);
+ #else
+ EVP_CIPHER_CTX_reset(ctx);
+@@ -327,7 +327,7 @@ u8 *Crypto::deriveKey(const u8 *from, si
+ static u8 hash[MAX(SHA256_HASH_LEN, EVP_MAX_MD_SIZE)];
+ static u8 next[MAX(SHA256_HASH_LEN, EVP_MAX_MD_SIZE)];
+ unsigned int lastlen;
+- #if OPENSSL_VERSION_NUMBER < 0x10100000L
++ #if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ EVP_MD_CTX ctx;
+ EVP_MD_CTX_init(&ctx);
+
diff --git a/security/nmap/files/patch-nse__openssl.cc b/security/nmap/files/patch-nse__openssl.cc
new file mode 100644
index 000000000000..b652b7f38a94
--- /dev/null
+++ b/security/nmap/files/patch-nse__openssl.cc
@@ -0,0 +1,47 @@
+--- nse_openssl.cc.orig 2016-08-01 09:34:56 UTC
++++ nse_openssl.cc
+@@ -281,7 +281,7 @@ static int l_digest(lua_State *L) /*
+ const unsigned char *msg = (unsigned char *) luaL_checklstring( L, 2, &msg_len );
+ unsigned char digest[EVP_MAX_MD_SIZE];
+ const EVP_MD * evp_md;
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ EVP_MD_CTX mdctx;
+ #else
+ EVP_MD_CTX *mdctx = EVP_MD_CTX_new();
+@@ -291,7 +291,7 @@ static int l_digest(lua_State *L) /*
+
+ if (!evp_md) return luaL_error( L, "Unknown digest algorithm: %s", algorithm );
+
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ EVP_MD_CTX_init(&mdctx);
+ if (!(
+ EVP_DigestInit_ex( &mdctx, evp_md, NULL ) &&
+@@ -394,7 +394,7 @@ static int l_encrypt(lua_State *L) /** e
+ if (iv[0] == '\0')
+ iv = NULL;
+
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ EVP_CIPHER_CTX cipher_ctx;
+ EVP_CIPHER_CTX_init( &cipher_ctx );
+
+@@ -496,7 +496,7 @@ static int l_decrypt(lua_State *L) /** d
+ if (iv[0] == '\0')
+ iv = NULL;
+
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ EVP_CIPHER_CTX cipher_ctx;
+ EVP_CIPHER_CTX_init( &cipher_ctx );
+
+@@ -684,7 +684,7 @@ static const struct luaL_Reg openssllib[
+ LUALIB_API int luaopen_openssl(lua_State *L) {
+
+ OpenSSL_add_all_algorithms();
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ ERR_load_crypto_strings();
+ #else
+ /* This is now deprecated in OpenSSL 1.1.0 _ No explicit initialisation
diff --git a/security/nmap/files/patch-nse__ssl__cert.cc b/security/nmap/files/patch-nse__ssl__cert.cc
new file mode 100644
index 000000000000..97c43d3ccb23
--- /dev/null
+++ b/security/nmap/files/patch-nse__ssl__cert.cc
@@ -0,0 +1,29 @@
+--- nse_ssl_cert.cc.orig 2016-08-30 16:07:08 UTC
++++ nse_ssl_cert.cc
+@@ -528,7 +528,7 @@ static int parse_ssl_cert(lua_State *L,
+ lua_setfield(L, -2, "subject");
+ }
+
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ const char *sig_algo = OBJ_nid2ln(OBJ_obj2nid(cert->sig_alg->algorithm));
+ #else
+ const char *sig_algo = OBJ_nid2ln(X509_get_signature_nid(cert));
+@@ -555,7 +555,7 @@ static int parse_ssl_cert(lua_State *L,
+ return 2;
+ }
+ lua_newtable(L);
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ pkey_type = EVP_PKEY_type(pubkey->type);
+ #else
+ pkey_type = EVP_PKEY_base_id(pubkey);
+@@ -572,7 +572,7 @@ static int parse_ssl_cert(lua_State *L,
+ bignum_data_t * data = (bignum_data_t *) lua_newuserdata( L, sizeof(bignum_data_t));
+ luaL_getmetatable( L, "BIGNUM" );
+ lua_setmetatable( L, -2 );
+- #if OPENSSL_VERSION_NUMBER < 0x10100000L
++ #if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ data->bn = rsa->e;
+ #elif OPENSSL_VERSION_NUMBER < 0x10100006L
+ BIGNUM *n, *e, *d;