diff options
author | Mark Felder <feld@FreeBSD.org> | 2020-10-27 22:09:43 +0000 |
---|---|---|
committer | Mark Felder <feld@FreeBSD.org> | 2020-10-27 22:09:43 +0000 |
commit | b97da18e65f2288fae431bf52b23698e6ec03dff (patch) | |
tree | 521ab1237fff82803d013fea6d97a14727e257e8 /security | |
parent | 6840b9833bfdb1e495714446a7bc0de9e165cf25 (diff) | |
download | ports-b97da18e65f2288fae431bf52b23698e6ec03dff.tar.gz ports-b97da18e65f2288fae431bf52b23698e6ec03dff.zip |
MFH: r553502
security/titus: Support OpenSSL 1.1.0+
Backported patch fixes builds on FreeBSD 12 and 13
Approved by: ports-secteam (blanket)
Notes
Notes:
svn path=/branches/2020Q4/; revision=553503
Diffstat (limited to 'security')
-rw-r--r-- | security/titus/Makefile | 7 | ||||
-rw-r--r-- | security/titus/files/patch-dh.cpp | 15 | ||||
-rw-r--r-- | security/titus/files/patch-rsa__client.cpp | 50 |
3 files changed, 66 insertions, 6 deletions
diff --git a/security/titus/Makefile b/security/titus/Makefile index 36d7f0546e7a..1a54c754db72 100644 --- a/security/titus/Makefile +++ b/security/titus/Makefile @@ -3,7 +3,7 @@ PORTNAME= titus PORTVERSION= 0.3 -PORTREVISION= 5 +PORTREVISION= 6 CATEGORIES= security MAINTAINER= feld@FreeBSD.org @@ -26,11 +26,6 @@ LDFLAGS+= -L${OPENSSLLIB} .include <bsd.port.pre.mk> -.if ${SSL_DEFAULT} == base -BROKEN_FreeBSD_12= member access into incomplete type 'dh_st' -BROKEN_FreeBSD_13= member access into incomplete type 'dh_st' -.endif - post-patch: ${REINPLACE_CMD} 's|/var/lib/titus/empty|/var/empty|' ${WRKSRC}/titus.conf.example diff --git a/security/titus/files/patch-dh.cpp b/security/titus/files/patch-dh.cpp new file mode 100644 index 000000000000..4b373f50bea3 --- /dev/null +++ b/security/titus/files/patch-dh.cpp @@ -0,0 +1,15 @@ +--- dh.cpp.orig 2015-11-28 22:51:00 UTC ++++ dh.cpp +@@ -148,11 +148,7 @@ openssl_unique_ptr<DH> make_dh (const unsigned char* p + throw Openssl_error(ERR_get_error()); + } + +- if ((dh->p = BN_bin2bn(prime, prime_len, NULL)) == NULL) { +- throw Openssl_error(ERR_get_error()); +- } +- +- if ((dh->g = BN_bin2bn(generator, generator_len, NULL)) == NULL) { ++ if (!DH_set0_pqg(dh.get(), BN_bin2bn(prime, prime_len, NULL), NULL, BN_bin2bn(generator, generator_len, NULL))) { + throw Openssl_error(ERR_get_error()); + } + diff --git a/security/titus/files/patch-rsa__client.cpp b/security/titus/files/patch-rsa__client.cpp new file mode 100644 index 000000000000..5d14a7b98870 --- /dev/null +++ b/security/titus/files/patch-rsa__client.cpp @@ -0,0 +1,50 @@ +--- rsa_client.cpp.orig 2015-11-28 22:51:00 UTC ++++ rsa_client.cpp +@@ -85,7 +85,7 @@ int Rsa_client::rsa_private_encrypt (int flen, const u + int Rsa_client::rsa_finish (RSA* rsa) + { + delete reinterpret_cast<Rsa_client_data*>(RSA_get_app_data(rsa)); +- if (const auto default_finish = RSA_get_default_method()->finish) { ++ if (const auto default_finish = RSA_meth_get_finish(RSA_get_default_method())) { + return (*default_finish)(rsa); + } else { + return 1; +@@ -94,14 +94,14 @@ int Rsa_client::rsa_finish (RSA* rsa) + + const RSA_METHOD* Rsa_client::get_rsa_method () + { +- static RSA_METHOD ops; +- if (!ops.rsa_priv_enc) { +- ops = *RSA_get_default_method(); +- ops.rsa_priv_enc = rsa_private_encrypt; +- ops.rsa_priv_dec = rsa_private_decrypt; +- ops.finish = rsa_finish; ++ static RSA_METHOD* ops = NULL; ++ if (ops == NULL) { ++ ops = RSA_meth_dup(RSA_get_default_method()); ++ RSA_meth_set_priv_enc(ops, rsa_private_encrypt); ++ RSA_meth_set_priv_dec(ops, rsa_private_decrypt); ++ RSA_meth_set_finish(ops, rsa_finish); + } +- return &ops; ++ return ops; + } + + openssl_unique_ptr<EVP_PKEY> Rsa_client::load_private_key (uintptr_t key_id, RSA* public_rsa) +@@ -111,12 +111,10 @@ openssl_unique_ptr<EVP_PKEY> Rsa_client::load_private_ + throw Openssl_error(ERR_get_error()); + } + +- rsa->n = BN_dup(public_rsa->n); +- if (!rsa->n) { +- throw Openssl_error(ERR_get_error()); +- } +- rsa->e = BN_dup(public_rsa->e); +- if (!rsa->e) { ++ const BIGNUM* n; ++ const BIGNUM* e; ++ RSA_get0_key(public_rsa, &n, &e, NULL); ++ if (!RSA_set0_key(rsa.get(), BN_dup(n), BN_dup(e), NULL)) { + throw Openssl_error(ERR_get_error()); + } + |