1
0
mirror of https://git.FreeBSD.org/ports.git synced 2024-12-17 03:25:46 +00:00

- fix "exited on signal 11" when dhparams file is missing.

PR:		226431
This commit is contained in:
Dirk Meyer 2018-03-08 13:49:32 +00:00
parent 7ec04ccefd
commit 1cbf69f22e
Notes: svn2git 2021-03-31 03:12:20 +00:00
svn path=/head/; revision=463887
2 changed files with 24 additions and 41 deletions

View File

@ -2,7 +2,7 @@
PORTNAME= sendmail
PORTVERSION= 8.15.2
PORTREVISION= 8
PORTREVISION= 9
CATEGORIES= mail ipv6
MASTER_SITES= ftp://ftp.sendmail.org/pub/sendmail/
PKGNAMESUFFIX?= ${TLS_SUFFIX}${SASL_SUFFIX}${LDAP_SUFFIX}${BDB_SUFFIX}${PKGNAMESUFFIX2}

View File

@ -10,7 +10,7 @@
# ifndef HASURANDOMDEV
# include <openssl/rand.h>
# endif /* ! HASURANDOMDEV */
@@ -44,6 +47,22 @@ static bool tls_safe_f __P((char *, long
@@ -44,6 +47,23 @@ static bool tls_safe_f __P((char *, long
static int tls_verify_log __P((int, X509_STORE_CTX *, const char *));
# if !NO_DH
@ -24,7 +24,8 @@
+ BIGNUM *g;
+{
+ dh->p=p;
+ dh->q=q;
+ if (q != NULL)
+ dh->q=q;
+ dh->g=g;
+ return 1; /* success */
+}
@ -33,7 +34,7 @@
static DH *get_dh512 __P((void));
static unsigned char dh512_p[] =
@@ -64,13 +83,21 @@ static DH *
@@ -64,13 +84,19 @@ static DH *
get_dh512()
{
DH *dh = NULL;
@ -45,8 +46,8 @@
- dh->g = BN_bin2bn(dh512_g, sizeof(dh512_g), NULL);
- if ((dh->p == NULL) || (dh->g == NULL))
- return NULL;
+ dhp_bn=BN_bin2bn(dh512_p, sizeof(dh512_p), NULL);
+ dhg_bn=BN_bin2bn(dh512_g, sizeof(dh512_g), NULL);
+ dhp_bn = BN_bin2bn(dh512_p, sizeof(dh512_p), NULL);
+ dhg_bn = BN_bin2bn(dh512_g, sizeof(dh512_g), NULL);
+ if ((dhp_bn == NULL) || (dhg_bn == NULL) || !DH_set0_pqg(dh, dhp_bn, NULL, dhg_bn))
+ {
+ DH_free(dh);
@ -54,12 +55,10 @@
+ BN_free(dhg_bn);
+ return(NULL);
+ }
+ BN_free(dhp_bn);
+ BN_free(dhg_bn);
return dh;
}
@@ -117,16 +144,21 @@ get_dh2048()
@@ -117,14 +143,17 @@ get_dh2048()
};
static unsigned char dh2048_g[]={ 0x02, };
DH *dh;
@ -70,8 +69,8 @@
- dh->p=BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL);
- dh->g=BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL);
- if ((dh->p == NULL) || (dh->g == NULL))
+ dhp_bn=BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL);
+ dhg_bn=BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL);
+ dhp_bn = BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL);
+ dhg_bn = BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL);
+ if ((dhp_bn == NULL) || (dhg_bn == NULL) || !DH_set0_pqg(dh, dhp_bn, NULL, dhg_bn))
{
DH_free(dh);
@ -79,12 +78,8 @@
+ BN_free(dhg_bn);
return(NULL);
}
+ BN_free(dhp_bn);
+ BN_free(dhg_bn);
return(dh);
}
# endif /* !NO_DH */
@@ -708,6 +740,44 @@ load_certkey(ssl, srv, certfile, keyfile
@@ -708,6 +737,32 @@ load_certkey(ssl, srv, certfile, keyfile
static char server_session_id_context[] = "sendmail8";
@ -94,34 +89,22 @@
+ int num;
+ unsigned long e;
+{
+ RSA *rsa;
+ RSA *rsa = NULL;
+ BIGNUM *bn_rsa_r4;
+ int rc;
+
+ rsa = RSA_new();
+ if (rsa == NULL)
+ {
+ if (LogLevel > 0)
+ sm_syslog(LOG_ERR, NOQID,
+ "STARTTLS=server, tmp_rsa_key: RSA_new failed!");
+ return NULL;
+ }
+ bn_rsa_r4 = BN_new();
+ rc = BN_set_word(bn_rsa_r4, RSA_F4);
+ if (rc == 0)
+ if ((bn_rsa_r4 != NULL) && BN_set_word(bn_rsa_r4, RSA_F4) && (rsa = RSA_new()) != NULL)
+ {
+ if (LogLevel > 0)
+ sm_syslog(LOG_ERR, NOQID,
+ "STARTTLS=server, tmp_rsa_key: BN_set_word failed!");
+ RSA_free(rsa);
+ if (!RSA_generate_key_ex(rsa, RSA_KEYLENGTH, bn_rsa_r4, NULL))
+ {
+ RSA_free(rsa);
+ rsa = NULL;
+ }
+ return NULL;
+ }
+ rc = RSA_generate_key_ex(rsa, RSA_KEYLENGTH, bn_rsa_r4, NULL);
+ BN_free(bn_rsa_r4);
+ if (rc != 0)
+ {
+ RSA_free(rsa);
+ return NULL;
+ }
+ return rsa;
+}
+# endif /* !TLS_NO_RSA */
@ -129,7 +112,7 @@
/* 0.9.8a and b have a problem with SSL_OP_TLS_BLOCK_PADDING_BUG */
#if (OPENSSL_VERSION_NUMBER >= 0x0090800fL)
# define SM_SSL_OP_TLS_BLOCK_PADDING_BUG 1
@@ -926,7 +996,7 @@ inittls(ctx, req, options, srv, certfile
@@ -926,7 +981,7 @@ inittls(ctx, req, options, srv, certfile
{
/* get a pointer to the current certificate validation store */
store = SSL_CTX_get_cert_store(*ctx); /* does not fail */
@ -138,7 +121,7 @@
if (crl_file != NULL)
{
if (BIO_read_filename(crl_file, CRLFile) >= 0)
@@ -1003,8 +1073,7 @@ inittls(ctx, req, options, srv, certfile
@@ -1003,8 +1058,7 @@ inittls(ctx, req, options, srv, certfile
if (bitset(TLS_I_RSA_TMP, req)
# if SM_CONF_SHM
&& ShmId != SM_SHM_NO_ID &&
@ -148,7 +131,7 @@
# else /* SM_CONF_SHM */
&& 0 /* no shared memory: no need to generate key now */
# endif /* SM_CONF_SHM */
@@ -1209,9 +1278,10 @@ inittls(ctx, req, options, srv, certfile
@@ -1209,9 +1263,10 @@ inittls(ctx, req, options, srv, certfile
if (tTd(96, 2))
sm_dprintf("inittls: Generating %d bit DH parameters\n", bits);
@ -161,7 +144,7 @@
dh = DSA_dup_DH(dsa);
DSA_free(dsa);
}
@@ -1744,7 +1814,7 @@ tmp_rsa_key(s, export, keylength)
@@ -1744,7 +1799,7 @@ tmp_rsa_key(s, export, keylength)
if (rsa_tmp != NULL)
RSA_free(rsa_tmp);
@ -170,7 +153,7 @@
if (rsa_tmp == NULL)
{
if (LogLevel > 0)
@@ -1971,9 +2041,9 @@ x509_verify_cb(ok, ctx)
@@ -1971,9 +2026,9 @@ x509_verify_cb(ok, ctx)
{
if (LogLevel > 13)
tls_verify_log(ok, ctx, "x509");