mirror of
https://git.FreeBSD.org/ports.git
synced 2024-12-24 04:33:24 +00:00
Fix build with OpenSSL 1.1.x.
This commit is contained in:
parent
bdb1eb0601
commit
a27ed4e6a9
Notes:
svn2git
2021-03-31 03:12:20 +00:00
svn path=/head/; revision=496045
@ -3,10 +3,9 @@
|
||||
|
||||
PORTNAME= send
|
||||
PORTVERSION= 0.3
|
||||
DISTVERSIONPREFIX= v
|
||||
PORTREVISION= 2
|
||||
CATEGORIES= net-mgmt ipv6
|
||||
MASTER_SITES= LOCAL/hrs
|
||||
DISTNAME= ${PORTNAME}_${PORTVERSION}
|
||||
|
||||
MAINTAINER= hrs@FreeBSD.org
|
||||
COMMENT= Secure Neighbor Discovery implementation for IPv6
|
||||
@ -17,7 +16,11 @@ LICENSE_FILE= ${WRKSRC}/LICENSE
|
||||
LIB_DEPENDS= libdnet.so:net/libdnet
|
||||
|
||||
USES= gmake readline ssl
|
||||
USE_GITHUB= yes
|
||||
GH_ACCOUNT= hrs-allbsd
|
||||
GH_PROJECT= send
|
||||
USE_RC_SUBR= sendd
|
||||
|
||||
SUB_FILES= pkg-message
|
||||
PORTDOCS= README UserGuide.pdf
|
||||
MAKE_JOBS_UNSAFE=yes
|
||||
|
@ -1,2 +1,3 @@
|
||||
SHA256 (send_0.3.tar.gz) = abe217c24f8f711124da74eb24342ee27a195e8102bed3e60d426607532ff76b
|
||||
SIZE (send_0.3.tar.gz) = 1272983
|
||||
TIMESTAMP = 1551288169
|
||||
SHA256 (hrs-allbsd-send-v0.3_GH0.tar.gz) = 527542b24fa2009e0cc99a85fd423215782ced69c427454727172745c7fbae92
|
||||
SIZE (hrs-allbsd-send-v0.3_GH0.tar.gz) = 1313559
|
||||
|
@ -1,5 +1,5 @@
|
||||
--- Makefile.install.orig 2010-08-28 17:58:05.000000000 +0900
|
||||
+++ Makefile.install 2014-08-20 04:27:44.000000000 +0900
|
||||
--- Makefile.install.orig 2019-02-27 16:25:45 UTC
|
||||
+++ Makefile.install
|
||||
@@ -1,9 +1,9 @@
|
||||
-INSSBIN= $(PREFIXSBIN)/$(PROG)
|
||||
+INSSBIN= $(DESTDIR)$(PREFIXSBIN)/$(PROG)
|
||||
|
@ -1,5 +1,5 @@
|
||||
--- include/cga_keyutils.h.orig 2010-08-28 17:58:02.000000000 +0900
|
||||
+++ include/cga_keyutils.h 2014-08-30 01:53:41.000000000 +0900
|
||||
--- include/cga_keyutils.h.orig 2019-02-27 16:25:45 UTC
|
||||
+++ include/cga_keyutils.h
|
||||
@@ -36,6 +36,9 @@
|
||||
#include <openssl/x509.h>
|
||||
#include <openssl/evp.h>
|
||||
|
33
net-mgmt/send/files/patch-include-pkixip_ext.h
Normal file
33
net-mgmt/send/files/patch-include-pkixip_ext.h
Normal file
@ -0,0 +1,33 @@
|
||||
--- include/pkixip_ext.h.orig 2019-02-27 16:25:45 UTC
|
||||
+++ include/pkixip_ext.h
|
||||
@@ -47,14 +47,30 @@ struct pkixip_config {
|
||||
char *certfile;
|
||||
};
|
||||
|
||||
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
extern int pkixip_aor_cmp(const char * const *, const char * const *);
|
||||
extern int pkixip_ipf_cmp(const char * const *, const char * const *);
|
||||
+#else
|
||||
+extern int pkixip_aor_cmp(const IPAddressOrRange * const *,
|
||||
+ const IPAddressOrRange * const *);
|
||||
+extern int pkixip_ipf_cmp(const IPAddressFamily * const *,
|
||||
+ const IPAddressFamily * const *);
|
||||
+#endif
|
||||
|
||||
extern int pkixip_add2stores_cert(X509 *);
|
||||
extern int pkixip_add2stores_file(const char *);
|
||||
+
|
||||
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
extern int pkixip_add_store(int *, int (*cmp)(X509_OBJECT **, X509_OBJECT **));
|
||||
+#else
|
||||
+extern int pkixip_add_store(int *, int (*cmp)(const X509_OBJECT * const *, const X509_OBJECT * const *));
|
||||
+#endif
|
||||
extern void *pkixip_find_cert(void *, int);
|
||||
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
extern STACK *pkixip_get_mychain(void);
|
||||
+#else
|
||||
+extern STACK_OF(X509_OBJECT) *pkixip_get_mychain(void);
|
||||
+#endif
|
||||
extern X509_STORE_CTX *pkixip_get_store_ctx(void);
|
||||
extern int pkixip_has_ext(X509 *x);
|
||||
extern X509 *pkixip_load_cert(const char *);
|
@ -1,4 +1,4 @@
|
||||
--- include/pkixip_ext_asn.h.orig 2010-08-28 08:58:02 UTC
|
||||
--- include/pkixip_ext_asn.h.orig 2019-02-27 16:25:45 UTC
|
||||
+++ include/pkixip_ext_asn.h
|
||||
@@ -33,7 +33,12 @@
|
||||
#ifndef _PKIXIP_EXT_ASN_H
|
||||
@ -31,4 +31,3 @@
|
||||
|
||||
#define IP_AOR_PREFIX 0
|
||||
#define IP_AOR_RANGE 1
|
||||
|
||||
|
@ -1,5 +1,5 @@
|
||||
--- libs/Makefile.lib.common.orig 2014-08-20 04:21:08.000000000 +0900
|
||||
+++ libs/Makefile.lib.common 2014-08-20 04:21:27.000000000 +0900
|
||||
--- libs/Makefile.lib.common.orig 2019-02-27 16:25:45 UTC
|
||||
+++ libs/Makefile.lib.common
|
||||
@@ -1,5 +1,5 @@
|
||||
|
||||
-CFLAGS += -Wall -O3
|
||||
|
19
net-mgmt/send/files/patch-libs-libcga-cga_keyutils.c
Normal file
19
net-mgmt/send/files/patch-libs-libcga-cga_keyutils.c
Normal file
@ -0,0 +1,19 @@
|
||||
--- libs/libcga/cga_keyutils.c.orig 2019-02-27 16:25:45 UTC
|
||||
+++ libs/libcga/cga_keyutils.c
|
||||
@@ -45,6 +45,7 @@
|
||||
#include <pthread.h>
|
||||
#include <openssl/err.h>
|
||||
#include <openssl/pem.h>
|
||||
+#include <openssl/x509.h>
|
||||
|
||||
#include "config.h"
|
||||
#include <applog.h>
|
||||
@@ -80,7 +81,7 @@ cga_load_cert(cga_ctx_t *cga, const char *f)
|
||||
goto fail;
|
||||
}
|
||||
|
||||
- k = X509_PUBKEY_get(x->cert_info->key);
|
||||
+ k = X509_PUBKEY_get(X509_get_X509_PUBKEY(x));
|
||||
|
||||
if (cga->key && cga->free_key) {
|
||||
free(cga->key);
|
54
net-mgmt/send/files/patch-libs-libcga-cga_mt.c
Normal file
54
net-mgmt/send/files/patch-libs-libcga-cga_mt.c
Normal file
@ -0,0 +1,54 @@
|
||||
--- libs/libcga/cga_mt.c.orig 2019-02-27 16:25:45 UTC
|
||||
+++ libs/libcga/cga_mt.c
|
||||
@@ -77,10 +77,10 @@ SPIN(void)
|
||||
static int
|
||||
add_mod(uint8_t *m, uint32_t s)
|
||||
{
|
||||
- BIGNUM bn[1], *bnp;
|
||||
+ BIGNUM *bn, *bnp;
|
||||
int blen;
|
||||
|
||||
- BN_init(bn);
|
||||
+ bn = BN_new();
|
||||
if ((bnp = BN_bin2bn(m, CGA_MODLEN, bn)) == NULL) {
|
||||
ssl_err(__FUNCTION__, "BN_bin2bin failed");
|
||||
return (-1);
|
||||
@@ -88,6 +88,7 @@ add_mod(uint8_t *m, uint32_t s)
|
||||
BN_add_word(bnp, s);
|
||||
blen = BN_num_bytes(bnp);
|
||||
BN_bn2bin(bnp, m + (CGA_MODLEN - blen));
|
||||
+ BN_free(bn);
|
||||
|
||||
return (0);
|
||||
}
|
||||
@@ -177,12 +178,16 @@ done:
|
||||
static void
|
||||
opssec(struct timeval *start, uint8_t *startmod)
|
||||
{
|
||||
- BIGNUM sm[1], em[1], ops[1], t[1], dv[1];
|
||||
+ BIGNUM *sm, *em, *ops, *t, *dv;
|
||||
BN_CTX *bc;
|
||||
struct timeval tv[1];
|
||||
char *dec;
|
||||
|
||||
- BN_init(sm); BN_init(em); BN_init(ops); BN_init(t); BN_init(dv);
|
||||
+ sm = BN_new();
|
||||
+ em = BN_new();
|
||||
+ ops = BN_new();
|
||||
+ t = BN_new();
|
||||
+ dv = BN_new();
|
||||
BN_bin2bn(startmod, CGA_MODLEN, sm);
|
||||
BN_bin2bn(state->mod, CGA_MODLEN, em);
|
||||
BN_sub(ops, em, sm);
|
||||
@@ -210,6 +215,11 @@ opssec(struct timeval *start, uint8_t *startmod)
|
||||
|
||||
OPENSSL_free(dec);
|
||||
BN_CTX_free(bc);
|
||||
+ BN_free(sm);
|
||||
+ BN_free(em);
|
||||
+ BN_free(ops);
|
||||
+ BN_free(t);
|
||||
+ BN_free(dv);
|
||||
}
|
||||
|
||||
void
|
25
net-mgmt/send/files/patch-libs-libpkixipext-asn1.c
Normal file
25
net-mgmt/send/files/patch-libs-libpkixipext-asn1.c
Normal file
@ -0,0 +1,25 @@
|
||||
--- libs/libpkixipext/asn1.c.orig 2019-02-27 16:25:45 UTC
|
||||
+++ libs/libpkixipext/asn1.c
|
||||
@@ -187,9 +187,8 @@ i2v_IPAddressChoice(X509V3_EXT_METHOD *method, IPAddre
|
||||
break;
|
||||
case IPA_CHOICE_AOR:
|
||||
X509V3_add_value(" Prefix or Range", NULL, &extlist);
|
||||
- for (i = 0; i < sk_num(ipc->u.addressesOrRanges); i++) {
|
||||
- aor = (IPAddressOrRange *)
|
||||
- sk_value(ipc->u.addressesOrRanges, i);
|
||||
+ for (i = 0; i < sk_IPAddressOrRange_num(ipc->u.addressesOrRanges); i++) {
|
||||
+ aor = sk_IPAddressOrRange_value(ipc->u.addressesOrRanges, i);
|
||||
i2v_IPAddressOrRange(method, aor, extlist, af);
|
||||
}
|
||||
break;
|
||||
@@ -265,8 +264,8 @@ i2v_IPAddrBlocks(X509V3_EXT_METHOD *method, IPAddrBloc
|
||||
return (NULL);
|
||||
}
|
||||
|
||||
- for (i = 0; i < sk_num(ipb); i++) {
|
||||
- ipf = (IPAddressFamily *)sk_value(ipb, i);
|
||||
+ for (i = 0; i < sk_IPAddressFamily_num(ipb); i++) {
|
||||
+ ipf = sk_IPAddressFamily_value(ipb, i);
|
||||
i2v_IPAddressFamily(method, ipf, extlist);
|
||||
}
|
||||
|
@ -0,0 +1,31 @@
|
||||
--- libs/libpkixipext/pkixip_ext_gram.y.orig 2019-02-27 16:25:45 UTC
|
||||
+++ libs/libpkixipext/pkixip_ext_gram.y
|
||||
@@ -350,7 +350,7 @@ new_aor(void)
|
||||
|
||||
if (!ipc->u.addressesOrRanges &&
|
||||
!(ipc->u.addressesOrRanges =
|
||||
- sk_new(pkixip_aor_cmp))) {
|
||||
+ sk_IPAddressOrRange_new(pkixip_aor_cmp))) {
|
||||
applog(LOG_CRIT, "no memory");
|
||||
return (-1);
|
||||
}
|
||||
@@ -361,7 +361,7 @@ new_aor(void)
|
||||
applog(LOG_CRIT, "%s: no memory", __FUNCTION__);
|
||||
return (-1);
|
||||
}
|
||||
- if (!sk_push(ipc->u.addressesOrRanges, (char *)aor)) {
|
||||
+ if (!sk_IPAddressOrRange_push(ipc->u.addressesOrRanges, (char *)aor)) {
|
||||
applog(LOG_CRIT, "sk_push() failed");
|
||||
return (-1);
|
||||
}
|
||||
@@ -459,8 +459,8 @@ af_already_exists(void)
|
||||
int i;
|
||||
IPAddressFamily *e_ipf;
|
||||
|
||||
- for (i = 0; i < sk_num(parse_ipb); i++) {
|
||||
- e_ipf = (IPAddressFamily *)sk_value(parse_ipb, i);
|
||||
+ for (i = 0; i < sk_IPAddressFamily_num(parse_ipb); i++) {
|
||||
+ e_ipf = sk_IPAddressFamily_value(parse_ipb, i);
|
||||
if (af_match(ipf, e_ipf)) {
|
||||
return (1);
|
||||
}
|
30
net-mgmt/send/files/patch-libs-libpkixipext-util.c
Normal file
30
net-mgmt/send/files/patch-libs-libpkixipext-util.c
Normal file
@ -0,0 +1,30 @@
|
||||
--- libs/libpkixipext/util.c.orig 2019-02-27 16:25:45 UTC
|
||||
+++ libs/libpkixipext/util.c
|
||||
@@ -37,8 +37,13 @@
|
||||
#include "config.h"
|
||||
#include "pkixip_ext_asn.h"
|
||||
|
||||
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
int
|
||||
pkixip_aor_cmp(const char * const *a1, const char * const *a2)
|
||||
+#else
|
||||
+int
|
||||
+pkixip_aor_cmp(const IPAddressOrRange * const *a1, const IPAddressOrRange * const *a2)
|
||||
+#endif
|
||||
{
|
||||
int by1, by2, bi1, bi2, bytes, bits;
|
||||
uint8_t *d1, *d2, x1, x2, mask;
|
||||
@@ -119,8 +124,13 @@ pkixip_aor_cmp(const char * const *a1, const char * co
|
||||
return (0);
|
||||
}
|
||||
|
||||
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
int
|
||||
pkixip_ipf_cmp(const char * const *a1, const char * const *a2)
|
||||
+#else
|
||||
+int
|
||||
+pkixip_ipf_cmp(const IPAddressFamily * const *a1, const IPAddressFamily * const *a2)
|
||||
+#endif
|
||||
{
|
||||
IPAddressFamily *ipf1 = (IPAddressFamily *)*a1;
|
||||
IPAddressFamily *ipf2 = (IPAddressFamily *)*a2;
|
240
net-mgmt/send/files/patch-libs-libpkixipext-ver.c
Normal file
240
net-mgmt/send/files/patch-libs-libpkixipext-ver.c
Normal file
@ -0,0 +1,240 @@
|
||||
--- libs/libpkixipext/ver.c.orig 2019-02-27 16:25:45 UTC
|
||||
+++ libs/libpkixipext/ver.c
|
||||
@@ -101,11 +101,15 @@ static int
|
||||
in_range(ASN1_BIT_STRING *min1, ASN1_BIT_STRING *max1, ASN1_BIT_STRING *min2,
|
||||
ASN1_BIT_STRING *max2, int af)
|
||||
{
|
||||
- BIGNUM bpmin[1], bpmax[1], bmin[1], bmax[1];
|
||||
- int alen, len, bits;
|
||||
+ BIGNUM *bpmin, *bpmax, *bmin, *bmax;
|
||||
+ int alen, len, bits, ret;
|
||||
uint8_t mask, buf[sizeof (struct in6_addr)];
|
||||
|
||||
- BN_init(bpmin); BN_init(bpmax); BN_init(bmin); BN_init(bmax);
|
||||
+ bpmin = BN_new();
|
||||
+ bpmax = BN_new();
|
||||
+ bmin = BN_new();
|
||||
+ bmax = BN_new();
|
||||
+ ret = 0;
|
||||
switch (af) {
|
||||
case AF_INET:
|
||||
alen = sizeof (struct in_addr);
|
||||
@@ -115,14 +119,14 @@ in_range(ASN1_BIT_STRING *min1, ASN1_BIT_STRING *max1,
|
||||
break;
|
||||
default:
|
||||
DBG(&dbg_ver, "Unsupported AF");
|
||||
- return (0);
|
||||
+ goto end;
|
||||
}
|
||||
|
||||
len = min1->length < alen ? min1->length : alen;
|
||||
memset(buf, 0, sizeof (buf));
|
||||
memcpy(buf, min1->data, len);
|
||||
if (!BN_bin2bn(buf, alen, bpmin)) {
|
||||
- return (0);
|
||||
+ goto end;
|
||||
}
|
||||
|
||||
len = max1->length < alen ? max1->length : alen;
|
||||
@@ -135,14 +139,14 @@ in_range(ASN1_BIT_STRING *min1, ASN1_BIT_STRING *max1,
|
||||
buf[len - 1] |= mask;
|
||||
}
|
||||
if (!BN_bin2bn(buf, alen, bpmax)) {
|
||||
- return (0);
|
||||
+ goto end;
|
||||
}
|
||||
|
||||
len = min2->length < alen ? min2->length : alen;
|
||||
memset(buf, 0, sizeof (buf));
|
||||
memcpy(buf, min2->data, len);
|
||||
if (!BN_bin2bn(buf, alen, bmin)) {
|
||||
- return (0);
|
||||
+ goto end;
|
||||
}
|
||||
|
||||
len = max2->length < alen ? max2->length : alen;
|
||||
@@ -155,18 +159,24 @@ in_range(ASN1_BIT_STRING *min1, ASN1_BIT_STRING *max1,
|
||||
buf[len - 1] |= mask;
|
||||
}
|
||||
if (!BN_bin2bn(buf, alen, bmax)) {
|
||||
- return (0);
|
||||
+ goto end;
|
||||
}
|
||||
|
||||
/* bmin <= bpmin <= bpmax <= bmax. We already know bpmin <= bpmax */
|
||||
if (BN_cmp(bmin, bpmin) == 1) {
|
||||
- return (0);
|
||||
+ goto end;
|
||||
}
|
||||
if (BN_cmp(bpmax, bmax) == 1) {
|
||||
- return (0);
|
||||
+ goto end;
|
||||
}
|
||||
+ ret = 1;
|
||||
+end:
|
||||
+ BN_free(bpmin);
|
||||
+ BN_free(bpmax);
|
||||
+ BN_free(bmin);
|
||||
+ BN_free(bmax);
|
||||
|
||||
- return (1);
|
||||
+ return (ret);
|
||||
}
|
||||
|
||||
static int
|
||||
@@ -247,16 +257,14 @@ af_cmp(IPAddressFamily *ipf1, IPAddressFamily *ipf2)
|
||||
}
|
||||
|
||||
DBG(&dbg_ver, "Pre-cmp ipc AOR count: %d",
|
||||
- sk_num(ipc1->u.addressesOrRanges));
|
||||
+ sk_IPAddressOrRange_num(ipc1->u.addressesOrRanges));
|
||||
|
||||
- for (i = 0; i < sk_num(ipc1->u.addressesOrRanges); i++) {
|
||||
- aor1 =
|
||||
- (IPAddressOrRange *)sk_value(ipc1->u.addressesOrRanges, i);
|
||||
- for (j = 0; j < sk_num(ipc2->u.addressesOrRanges); j++) {
|
||||
- aor2 = (IPAddressOrRange *)
|
||||
- sk_value(ipc2->u.addressesOrRanges, j);
|
||||
+ for (i = 0; i < sk_IPAddressOrRange_num(ipc1->u.addressesOrRanges); i++) {
|
||||
+ aor1 = sk_IPAddressOrRange_value(ipc1->u.addressesOrRanges, i);
|
||||
+ for (j = 0; j < sk_IPAddressOrRange_num(ipc2->u.addressesOrRanges); j++) {
|
||||
+ aor2 = sk_IPAddressOrRange_value(ipc2->u.addressesOrRanges, j);
|
||||
if (aor_match(aor1, aor2, af) == 0) {
|
||||
- sk_delete(ipc1->u.addressesOrRanges, i--);
|
||||
+ sk_IPAddressOrRange_delete(ipc1->u.addressesOrRanges, i--);
|
||||
IPAddressOrRange_free(aor1);
|
||||
break;
|
||||
}
|
||||
@@ -264,9 +272,9 @@ af_cmp(IPAddressFamily *ipf1, IPAddressFamily *ipf2)
|
||||
}
|
||||
|
||||
DBG(&dbg_ver, "Post-cmp ipc AOR count: %d",
|
||||
- sk_num(ipc1->u.addressesOrRanges));
|
||||
+ sk_IPAddressOrRange_num(ipc1->u.addressesOrRanges));
|
||||
|
||||
- if (sk_num(ipc1->u.addressesOrRanges) == 0) {
|
||||
+ if (sk_IPAddressOrRange_num(ipc1->u.addressesOrRanges) == 0) {
|
||||
return (0);
|
||||
}
|
||||
|
||||
@@ -307,7 +315,7 @@ verify_ipext_cert(X509_STORE_CTX *ctx, int idx, X509 *
|
||||
IPAddressFamily *ipf1, *ipf2;
|
||||
int i, j, inherit = 0;
|
||||
|
||||
- DBG(&dbg_ver, "vipb stack cnt: %d idx: %d", sk_num(vipb), idx);
|
||||
+ DBG(&dbg_ver, "vipb stack cnt: %d idx: %d", sk_IPAddressFamily_num(vipb), idx);
|
||||
|
||||
ipb = X509_get_ext_d2i(x, pkix_ip_ext_method.ext_nid, NULL, NULL);
|
||||
if (!ipb) {
|
||||
@@ -315,18 +323,18 @@ verify_ipext_cert(X509_STORE_CTX *ctx, int idx, X509 *
|
||||
return (-1);
|
||||
}
|
||||
|
||||
- for (i = 0; i < sk_num(vipb); i++) {
|
||||
- ipf1 = (IPAddressFamily *)sk_value(vipb, i);
|
||||
+ for (i = 0; i < sk_IPAddressFamily_num(vipb); i++) {
|
||||
+ ipf1 = sk_IPAddressFamily_value(vipb, i);
|
||||
|
||||
/* Ignore inherits in vipb */
|
||||
if (is_inherit(ipf1)) {
|
||||
- sk_delete(vipb, i--);
|
||||
+ sk_IPAddressFamily_delete(vipb, i--);
|
||||
IPAddressFamily_free(ipf1);
|
||||
continue;
|
||||
}
|
||||
|
||||
- for (j = 0; j < sk_num(ipb); j++) {
|
||||
- ipf2 = (IPAddressFamily *)sk_value(ipb, j);
|
||||
+ for (j = 0; j < sk_IPAddressFamily_num(ipb); j++) {
|
||||
+ ipf2 = sk_IPAddressFamily_value(ipb, j);
|
||||
if (af_match(ipf1, ipf2)) {
|
||||
/*
|
||||
* Inherits in ipb need to be checked
|
||||
@@ -338,7 +346,7 @@ verify_ipext_cert(X509_STORE_CTX *ctx, int idx, X509 *
|
||||
}
|
||||
|
||||
if (af_cmp(ipf1, ipf2) == 0) {
|
||||
- sk_delete(vipb, i--);
|
||||
+ sk_IPAddressFamily_delete(vipb, i--);
|
||||
IPAddressFamily_free(ipf1);
|
||||
break;
|
||||
}
|
||||
@@ -346,18 +354,18 @@ verify_ipext_cert(X509_STORE_CTX *ctx, int idx, X509 *
|
||||
}
|
||||
}
|
||||
|
||||
- if (!inherit || (++idx) == sk_num(ctx->chain)) {
|
||||
+ if (!inherit || (++idx) == sk_num(X509_STORE_CTX_get_chain(ctx))) {
|
||||
/* end of the line */
|
||||
goto done;
|
||||
}
|
||||
- x = (X509 *)sk_value(ctx->chain, idx);
|
||||
+ x = (X509 *)sk_value(X509_STORE_CTX_get_chain(ctx), idx);
|
||||
verify_ipext_cert(ctx, idx, x, vipb);
|
||||
|
||||
done:
|
||||
IPAddrBlocks_free(ipb);
|
||||
|
||||
/* If the vipb stack is now empty all ipf's matched */
|
||||
- if (sk_num(vipb) != 0) {
|
||||
+ if (sk_IPAddressFamily_num(vipb) != 0) {
|
||||
return (-1);
|
||||
}
|
||||
|
||||
@@ -376,13 +384,13 @@ verify_ipext(X509_STORE_CTX *ctx, IPAddrBlocks *vipb)
|
||||
i2v_IPAddrBlocks(NULL, vipb, NULL), 8, 1);
|
||||
#endif
|
||||
|
||||
- if (sk_num(vipb) == 0) {
|
||||
+ if (sk_IPAddressFamily_num(vipb) == 0) {
|
||||
DBG(&dbg_ver, "IPAddrBlock empty; rejecting");
|
||||
return (-1);
|
||||
}
|
||||
|
||||
- for (i = 0; i < sk_num(ctx->chain); i++) {
|
||||
- x = (X509 *)sk_value(ctx->chain, i);
|
||||
+ for (i = 0; i < sk_num(X509_STORE_CTX_get_chain(ctx)); i++) {
|
||||
+ x = (X509 *)sk_value(X509_STORE_CTX_get_chain(ctx), i);
|
||||
|
||||
DBG(&dbg_ver, "%s",
|
||||
X509_NAME_oneline(X509_get_subject_name(x), nbuf,
|
||||
@@ -391,7 +399,7 @@ verify_ipext(X509_STORE_CTX *ctx, IPAddrBlocks *vipb)
|
||||
if (verify_ipext_cert(ctx, i, x, vipb) < 0) {
|
||||
return (-1);
|
||||
}
|
||||
- if (sk_num(vipb) == 0) {
|
||||
+ if (sk_IPAddressFamily_num(vipb) == 0) {
|
||||
break;
|
||||
}
|
||||
}
|
||||
@@ -408,9 +416,9 @@ verify_ipext_chain(X509_STORE_CTX *ctx)
|
||||
|
||||
DBG(&dbg_ver, "Verifying IP Exts in the certificate chain");
|
||||
|
||||
- for (i = 1; i < sk_num(ctx->chain); i++) {
|
||||
- vx = (X509 *)sk_value(ctx->chain, i - 1);
|
||||
- x = (X509 *)sk_value(ctx->chain, i);
|
||||
+ for (i = 1; i < sk_num(X509_STORE_CTX_get_chain(ctx)); i++) {
|
||||
+ vx = (X509 *)sk_value(X509_STORE_CTX_get_chain(ctx), i - 1);
|
||||
+ x = (X509 *)sk_value(X509_STORE_CTX_get_chain(ctx), i);
|
||||
|
||||
DBG(&dbg_ver, "%s",
|
||||
X509_NAME_oneline(X509_get_subject_name(vx), nbuf,
|
||||
@@ -446,7 +454,7 @@ pkixip_verify_cb(int ok, X509_STORE_CTX *ctx)
|
||||
X509_NAME_oneline(X509_get_subject_name(x), nbuf, sizeof (nbuf));
|
||||
#endif
|
||||
if (!ok) {
|
||||
- if (ctx->error == X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION) {
|
||||
+ if (X509_STORE_CTX_get_error(ctx) == X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION) {
|
||||
/*
|
||||
* OpenSSL doesn't explicitly support PKIX IP Ext,
|
||||
* so it throws this error when it encounters the
|
||||
@@ -458,7 +466,7 @@ pkixip_verify_cb(int ok, X509_STORE_CTX *ctx)
|
||||
} else {
|
||||
DBG(&dbg_ver, "Not OK at %s", nbuf);
|
||||
DBG(&dbg_ver, "%s",
|
||||
- X509_verify_cert_error_string(ctx->error));
|
||||
+ X509_verify_cert_error_string(X509_STORE_CTX_get_error(ctx)));
|
||||
}
|
||||
} else {
|
||||
DBG(&dbg_ver, "OK at %s", nbuf);
|
310
net-mgmt/send/files/patch-libs-libpkixipext-x509.c
Normal file
310
net-mgmt/send/files/patch-libs-libpkixipext-x509.c
Normal file
@ -0,0 +1,310 @@
|
||||
--- libs/libpkixipext/x509.c.orig 2019-02-27 16:25:45 UTC
|
||||
+++ libs/libpkixipext/x509.c
|
||||
@@ -57,34 +57,54 @@ static char nbuf[1024];
|
||||
extern int pkixip_verify_cb(int, X509_STORE_CTX *);
|
||||
|
||||
X509V3_EXT_METHOD pkix_ip_ext_method = {
|
||||
- ext_flags : X509V3_EXT_MULTILINE,
|
||||
- it : ASN1_ITEM_ref(IPAddrBlocks),
|
||||
- i2v : (X509V3_EXT_I2V)i2v_IPAddrBlocks,
|
||||
+ .ext_flags = X509V3_EXT_MULTILINE,
|
||||
+ .it = ASN1_ITEM_ref(IPAddrBlocks),
|
||||
+ .i2v = (X509V3_EXT_I2V)i2v_IPAddrBlocks,
|
||||
};
|
||||
|
||||
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
static STACK *stores[PKIXIP_MAX_STORES];
|
||||
+#else
|
||||
+static STACK_OF(X509_OBJECT) *stores[PKIXIP_MAX_STORES];
|
||||
+#endif
|
||||
static X509_STORE_CTX *ctx_bysubj;
|
||||
static int next_store = 1;
|
||||
static void *(*wrap_store_cert)(X509 *x);
|
||||
static void (*trustanchor_cb)(X509 *x);
|
||||
pthread_mutex_t stores_lock = PTHREAD_MUTEX_INITIALIZER;
|
||||
|
||||
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
static STACK *mychain;
|
||||
+#else
|
||||
+static STACK_OF(X509_OBJECT) *mychain;
|
||||
+#endif
|
||||
|
||||
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
+#define X509_OBJECT_get_type(a) ((a)->type)
|
||||
+#define X509_OBJECT_get0_X509(a) ((a)->data.x509)
|
||||
+#define X509_OBJECT_get0_X509_CRL(a) ((a)->data.crl)
|
||||
+#define X509_STORE_get0_objects(a) ((a)->objs)
|
||||
+#define X509_STORE_CTX_get0_chain(a) ((a)->chain)
|
||||
+#endif
|
||||
/* Lifted from openssl x509_lu.c */
|
||||
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
static int
|
||||
x509_object_cmp(X509_OBJECT **a, X509_OBJECT **b)
|
||||
+#else
|
||||
+static int
|
||||
+x509_object_cmp(const X509_OBJECT * const *a, const X509_OBJECT * const *b)
|
||||
+#endif
|
||||
{
|
||||
int ret;
|
||||
|
||||
- ret=((*a)->type - (*b)->type);
|
||||
+ ret=(X509_OBJECT_get_type(*a) - X509_OBJECT_get_type(*b));
|
||||
if (ret) return ret;
|
||||
- switch ((*a)->type) {
|
||||
+ switch (X509_OBJECT_get_type(*a)) {
|
||||
case X509_LU_X509:
|
||||
- ret=X509_subject_name_cmp((*a)->data.x509,(*b)->data.x509);
|
||||
+ ret=X509_subject_name_cmp(X509_OBJECT_get0_X509(*a),X509_OBJECT_get0_X509(*b));
|
||||
break;
|
||||
case X509_LU_CRL:
|
||||
- ret=X509_CRL_cmp((*a)->data.crl,(*b)->data.crl);
|
||||
+ ret=X509_CRL_cmp(X509_OBJECT_get0_X509_CRL(*a),X509_OBJECT_get0_X509_CRL(*b));
|
||||
break;
|
||||
default:
|
||||
/* abort(); */
|
||||
@@ -243,7 +263,11 @@ pkixip_load_pkey(const char *f)
|
||||
return (pkey);
|
||||
}
|
||||
|
||||
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
static STACK *
|
||||
+#else
|
||||
+static STACK_OF(X509_OBJECT) *
|
||||
+#endif
|
||||
pkixip_get_store(int handle)
|
||||
{
|
||||
if (handle >= PKIXIP_MAX_STORES || handle < 0) {
|
||||
@@ -257,7 +281,11 @@ pkixip_get_store(int handle)
|
||||
void
|
||||
pkixip_walk_store(int (*cb)(X509 *, void *), void *cookie, int handle)
|
||||
{
|
||||
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
STACK *objs;
|
||||
+#else
|
||||
+ STACK_OF(X509_OBJECT) *objs;
|
||||
+#endif
|
||||
int i;
|
||||
X509_OBJECT *xo;
|
||||
|
||||
@@ -266,12 +294,16 @@ pkixip_walk_store(int (*cb)(X509 *, void *), void *coo
|
||||
goto done;
|
||||
}
|
||||
|
||||
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
for (i = 0; i < sk_num(objs); i++) {
|
||||
+#else
|
||||
+ for (i = 0; i < sk_X509_OBJECT_num(objs); i++) {
|
||||
+#endif
|
||||
xo = sk_X509_OBJECT_value(objs, i);
|
||||
- if (xo->type != X509_LU_X509) {
|
||||
+ if (X509_OBJECT_get_type(xo) != X509_LU_X509) {
|
||||
continue;
|
||||
}
|
||||
- if (!cb(xo->data.x509, cookie)) {
|
||||
+ if (!cb(X509_OBJECT_get0_X509(xo), cookie)) {
|
||||
break;
|
||||
}
|
||||
}
|
||||
@@ -282,7 +314,11 @@ done:
|
||||
void *
|
||||
pkixip_find_cert(void *k, int handle)
|
||||
{
|
||||
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
STACK *store;
|
||||
+#else
|
||||
+ STACK_OF(X509_OBJECT) *store;
|
||||
+#endif
|
||||
int i;
|
||||
void *r = NULL;
|
||||
|
||||
@@ -291,11 +327,19 @@ pkixip_find_cert(void *k, int handle)
|
||||
goto done;
|
||||
}
|
||||
|
||||
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
if ((i = sk_find(store, k)) < 0) {
|
||||
+#else
|
||||
+ if ((i = sk_X509_OBJECT_find(store, k)) < 0) {
|
||||
+#endif
|
||||
goto done;
|
||||
}
|
||||
|
||||
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
r = sk_value(store, i);
|
||||
+#else
|
||||
+ r = sk_X509_OBJECT_value(store, i);
|
||||
+#endif
|
||||
|
||||
done:
|
||||
pthread_mutex_unlock(&stores_lock);
|
||||
@@ -304,8 +348,13 @@ done:
|
||||
|
||||
/* Caller must hold stores_lock */
|
||||
static int
|
||||
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
pkixip_do_add_store(int handle, int (*cmp)(X509_OBJECT **, X509_OBJECT **),
|
||||
STACK *objs)
|
||||
+#else
|
||||
+pkixip_do_add_store(int handle, int (*cmp)(const X509_OBJECT * const *, X509_OBJECT * const *),
|
||||
+ STACK_OF(X509_OBJECT) *objs)
|
||||
+#endif
|
||||
{
|
||||
if (objs == NULL && (objs = sk_X509_OBJECT_new(cmp)) == NULL) {
|
||||
applog(LOG_CRIT, "no memory");
|
||||
@@ -316,8 +365,13 @@ pkixip_do_add_store(int handle, int (*cmp)(X509_OBJECT
|
||||
return (0);
|
||||
}
|
||||
|
||||
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
int
|
||||
pkixip_add_store(int *handle, int (*cmp)(X509_OBJECT **, X509_OBJECT **))
|
||||
+#else
|
||||
+int
|
||||
+pkixip_add_store(int *handle, int (*cmp)(const X509_OBJECT * const *, const X509_OBJECT * const *))
|
||||
+#endif
|
||||
{
|
||||
int r = 0;
|
||||
|
||||
@@ -369,7 +423,7 @@ pkixip_get_store_ctx(void)
|
||||
}
|
||||
|
||||
pthread_mutex_lock(&stores_lock);
|
||||
- if (pkixip_do_add_store(PKIXIP_STORE_BYSUBJ, x509_object_cmp, st->objs)
|
||||
+ if (pkixip_do_add_store(PKIXIP_STORE_BYSUBJ, x509_object_cmp, X509_STORE_get0_objects(st))
|
||||
< 0) {
|
||||
X509_STORE_free(st);
|
||||
X509_STORE_CTX_free(ctx_bysubj);
|
||||
@@ -396,17 +450,24 @@ pkixip_store_ctx_light_cleanup(X509_STORE_CTX *ctx)
|
||||
{
|
||||
// X509_STORE_CTX_cleanup(ctx);
|
||||
|
||||
- if (ctx->chain != NULL) {
|
||||
- sk_X509_pop_free(ctx->chain, noop_free);
|
||||
+ if (X509_STORE_CTX_get0_chain(ctx) != NULL) {
|
||||
+ sk_X509_pop_free(X509_STORE_CTX_get0_chain(ctx), noop_free);
|
||||
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
ctx->chain=NULL;
|
||||
+#endif
|
||||
}
|
||||
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509_STORE_CTX, ctx,
|
||||
&(ctx->ex_data));
|
||||
memset(&ctx->ex_data,0,sizeof(CRYPTO_EX_DATA));
|
||||
+#else
|
||||
+ CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509_STORE_CTX, ctx,
|
||||
+ X509_STORE_CTX_get_app_data(ctx));
|
||||
+#endif
|
||||
|
||||
#if 0
|
||||
- while (sk_num(ctx->chain) > 0) {
|
||||
- sk_pop(ctx->chain);
|
||||
+ while (sk_num(X509_STORE_CTX_get0_chain(ctx)) > 0) {
|
||||
+ sk_pop(X509_STORE_CTX_get0_chain(ctx));
|
||||
}
|
||||
#endif
|
||||
}
|
||||
@@ -445,10 +506,19 @@ pkixip_add2stores_cert(X509 *x)
|
||||
int i, r = 0;
|
||||
X509_STORE_CTX *ctx;
|
||||
void *wrapper;
|
||||
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
X509_OBJECT o[1];
|
||||
+#else
|
||||
+ X509_OBJECT *o;
|
||||
|
||||
- if ((ctx = pkixip_get_store_ctx()) == NULL) {
|
||||
+ o = X509_OBJECT_new();
|
||||
+ if (o == NULL)
|
||||
return (-1);
|
||||
+#endif
|
||||
+
|
||||
+ if ((ctx = pkixip_get_store_ctx()) == NULL) {
|
||||
+ r = -1;
|
||||
+ goto done2;
|
||||
}
|
||||
|
||||
pthread_mutex_lock(&stores_lock);
|
||||
@@ -459,7 +529,11 @@ pkixip_add2stores_cert(X509 *x)
|
||||
goto done;
|
||||
}
|
||||
|
||||
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
if (X509_STORE_add_cert(ctx->ctx, x) != 1) {
|
||||
+#else
|
||||
+ if (X509_STORE_add_cert(X509_STORE_CTX_get0_store(ctx), x) != 1) {
|
||||
+#endif
|
||||
pkixip_ssl_err(__FUNCTION__, "X509_STORE_add_cert() failed");
|
||||
r = -1;
|
||||
goto done;
|
||||
@@ -467,7 +541,8 @@ pkixip_add2stores_cert(X509 *x)
|
||||
|
||||
if (wrap_store_cert) {
|
||||
if ((wrapper = wrap_store_cert(x)) == NULL) {
|
||||
- return (-1);
|
||||
+ r = -1;
|
||||
+ goto done2;
|
||||
}
|
||||
} else {
|
||||
wrapper = x;
|
||||
@@ -475,7 +550,11 @@ pkixip_add2stores_cert(X509 *x)
|
||||
|
||||
for (i = 1; i < PKIXIP_MAX_STORES; i++) {
|
||||
if (stores[i]) {
|
||||
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
sk_push(stores[i], wrapper);
|
||||
+#else
|
||||
+ sk_X509_OBJECT_push(stores[i], wrapper);
|
||||
+#endif
|
||||
}
|
||||
}
|
||||
|
||||
@@ -484,6 +563,10 @@ pkixip_add2stores_cert(X509 *x)
|
||||
|
||||
done:
|
||||
pthread_mutex_unlock(&stores_lock);
|
||||
+done2:
|
||||
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
+ free(o);
|
||||
+#endif
|
||||
return (r);
|
||||
}
|
||||
|
||||
@@ -523,14 +606,26 @@ pkixip_my_chain_init(X509 *mycert)
|
||||
}
|
||||
|
||||
if (mychain != NULL) {
|
||||
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
sk_free(mychain);
|
||||
+#else
|
||||
+ sk_X509_OBJECT_free(mychain);
|
||||
+#endif
|
||||
}
|
||||
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
if ((mychain = sk_dup(ctx->chain)) == NULL) {
|
||||
+#else
|
||||
+ if ((mychain = sk_X509_OBJECT_dup(X509_STORE_CTX_get0_chain(ctx))) == NULL) {
|
||||
+#endif
|
||||
APPLOG_NOMEM();
|
||||
r = -1;
|
||||
goto done;
|
||||
}
|
||||
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
sk_set_cmp_func(mychain, x509_bysubj_cmp);
|
||||
+#else
|
||||
+ sk_X509_OBJECT_set_cmp_func(mychain, x509_bysubj_cmp);
|
||||
+#endif
|
||||
DBG(&dbg_x509, "mychain verified and set");
|
||||
|
||||
done:
|
||||
@@ -538,7 +633,11 @@ done:
|
||||
return (r);
|
||||
}
|
||||
|
||||
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
STACK *
|
||||
+#else
|
||||
+STACK_OF(X509_OBJECT) *
|
||||
+#endif
|
||||
pkixip_get_mychain(void)
|
||||
{
|
||||
return (mychain);
|
@ -1,6 +1,6 @@
|
||||
--- sendd/Makefile.orig 2014-08-20 04:19:01.000000000 +0900
|
||||
+++ sendd/Makefile 2014-08-20 04:19:39.000000000 +0900
|
||||
@@ -6,8 +6,8 @@
|
||||
--- sendd/Makefile.orig 2019-02-27 16:25:45 UTC
|
||||
+++ sendd/Makefile
|
||||
@@ -6,8 +6,8 @@ OBJS= addr.o cert.o cga.o config.o cpa.o cps.o ctl.o n
|
||||
sendd.o sigmeth.o sig_rfc3971.o
|
||||
INC= sendd_local.h snd_proto.h snd_config.h
|
||||
|
||||
|
14
net-mgmt/send/files/patch-sendd-cert.c
Normal file
14
net-mgmt/send/files/patch-sendd-cert.c
Normal file
@ -0,0 +1,14 @@
|
||||
--- sendd/cert.c.orig 2019-02-27 16:25:45 UTC
|
||||
+++ sendd/cert.c
|
||||
@@ -73,7 +73,11 @@ get_pubkeyhash(X509 *x, uint8_t *buf)
|
||||
EVP_PKEY *k;
|
||||
int dlen;
|
||||
|
||||
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
k = X509_PUBKEY_get(x->cert_info->key);
|
||||
+#else
|
||||
+ k = X509_get_pubkey(x);
|
||||
+#endif
|
||||
if ((der = cga_key2der(k, &dlen)) == NULL) {
|
||||
return (-1);
|
||||
}
|
63
net-mgmt/send/files/patch-sendd-cpa.c
Normal file
63
net-mgmt/send/files/patch-sendd-cpa.c
Normal file
@ -0,0 +1,63 @@
|
||||
--- sendd/cpa.c.orig 2019-02-27 16:25:45 UTC
|
||||
+++ sendd/cpa.c
|
||||
@@ -183,22 +183,23 @@ next:
|
||||
}
|
||||
|
||||
static int
|
||||
-can_handle_cps(uint8_t *ops, int len, STACK *chain, X509 **x)
|
||||
+can_handle_cps(uint8_t *ops, int len, STACK_OF(X509_OBJECT) *chain, X509 **x)
|
||||
{
|
||||
int i, j, r = 0;
|
||||
X509_NAME *dn;
|
||||
- X509 x509_s;
|
||||
- X509_CINF cinf_s;
|
||||
- STACK *dchain;
|
||||
+ X509 *x509_s;
|
||||
+ STACK_OF(X509_OBJECT) *dchain;
|
||||
STACK_OF(X509_NAME) *dns;
|
||||
|
||||
*x = NULL;
|
||||
-
|
||||
+ x509_s = X509_new();
|
||||
+ if (x509_s == NULL)
|
||||
+ return (1);
|
||||
if ((dns = snd_get_trustanchors_from_opts(ops, len)) == NULL) {
|
||||
return (1);
|
||||
}
|
||||
- if (sk_num(dns) == 0) {
|
||||
- sk_free(dns);
|
||||
+ if (sk_X509_NAME_num(dns) == 0) {
|
||||
+ sk_X509_NAME_free(dns);
|
||||
return (1);
|
||||
}
|
||||
|
||||
@@ -209,24 +210,22 @@ can_handle_cps(uint8_t *ops, int len, STACK *chain, X5
|
||||
* sorting (triggered by sk_find), and we need to chain order
|
||||
* preserved so we can send out the certs in correct order.
|
||||
*/
|
||||
- if ((dchain = sk_dup(chain)) == NULL) {
|
||||
+ if ((dchain = sk_X509_OBJECT_dup(chain)) == NULL) {
|
||||
applog(LOG_CRIT, "%s: no memory", __FUNCTION__);
|
||||
goto done;
|
||||
}
|
||||
- x509_s.cert_info= &cinf_s;
|
||||
-
|
||||
- for (i = 0; i < sk_num(dns); i++) {
|
||||
+ for (i = 0; i < sk_X509_num(dns); i++) {
|
||||
dn = sk_X509_NAME_value(dns, i);
|
||||
- cinf_s.subject=dn;
|
||||
+ X509_set_subject_name(x509_s, dn);
|
||||
|
||||
- if ((j = sk_X509_find(dchain, &x509_s)) >= 0) {
|
||||
+ if ((j = sk_X509_NAME_find(dchain, x509_s)) >= 0) {
|
||||
r = 1;
|
||||
*x = sk_X509_value(dchain, j);
|
||||
DBG(dbg, "found");
|
||||
break;
|
||||
}
|
||||
}
|
||||
- sk_free(dchain);
|
||||
+ sk_X509_OBJECT_free(dchain);
|
||||
|
||||
done:
|
||||
sk_X509_NAME_pop_free(dns, X509_NAME_free);
|
42
net-mgmt/send/files/patch-sendd-openssl.c
Normal file
42
net-mgmt/send/files/patch-sendd-openssl.c
Normal file
@ -0,0 +1,42 @@
|
||||
--- sendd/openssl.c.orig 2019-02-27 16:25:45 UTC
|
||||
+++ sendd/openssl.c
|
||||
@@ -57,6 +57,11 @@ struct dlog_desc dbg_cryptox = {
|
||||
};
|
||||
#endif
|
||||
|
||||
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
+#define X509_OBJECT_new(a) calloc(1, sizeof(X509_OBJECT))
|
||||
+#define X509_OBJECT_get0_X509(a) ((a)->data.x509)
|
||||
+#endif
|
||||
+
|
||||
static char nbuf[1024]; /* for displaying X509_NAMEs */
|
||||
|
||||
static pthread_mutex_t *lock_cs;
|
||||
@@ -216,12 +221,17 @@ snd_have_chain(void *a)
|
||||
X509_STORE_CTX *ctx = pkixip_get_store_ctx();
|
||||
X509 *tx = a;
|
||||
X509_NAME *subj, *iss;
|
||||
- X509_OBJECT obj[1];
|
||||
+ X509_OBJECT *obj;
|
||||
|
||||
if (ctx == NULL) {
|
||||
DBG(&dbg_snd, "pkixip_get_store() failed");
|
||||
return (0);
|
||||
}
|
||||
+ obj = X509_OBJECT_new();
|
||||
+ if (obj == NULL) {
|
||||
+ DBG(&dbg_snd, "pkixip_get_store() X509_OBJECT() failed");
|
||||
+ return (0);
|
||||
+ }
|
||||
|
||||
for (;;) {
|
||||
subj = X509_get_subject_name(tx);
|
||||
@@ -234,7 +244,7 @@ snd_have_chain(void *a)
|
||||
X509_NAME_oneline(iss, nbuf, sizeof (nbuf)));
|
||||
return (0);
|
||||
}
|
||||
- tx = obj->data.x509;
|
||||
+ tx = X509_OBJECT_get0_X509(obj);
|
||||
}
|
||||
|
||||
return (1);
|
@ -1,10 +1,11 @@
|
||||
--- sendd/os/Makefile.orig 2010-08-28 17:58:04.000000000 +0900
|
||||
+++ sendd/os/Makefile 2014-08-20 04:33:33.000000000 +0900
|
||||
--- sendd/os/Makefile.orig 2019-02-27 16:25:45 UTC
|
||||
+++ sendd/os/Makefile
|
||||
@@ -1,13 +1,5 @@
|
||||
|
||||
OBJS += os/addr.o os/snd_freebsd.o os-linux/rand.o
|
||||
-CPPFLAGS += -I/usr/local/include
|
||||
-
|
||||
+CPPFLAGS += -I${LOCALBASE}/include
|
||||
|
||||
-OSLIBS= -L/usr/local/lib -l$(DNET)
|
||||
-
|
||||
-OSEXTRA= os/sendd
|
||||
@ -13,6 +14,5 @@
|
||||
-
|
||||
-/usr/local/etc/rc.d/%: os/%
|
||||
- install $< $@
|
||||
+CPPFLAGS += -I${LOCALBASE}/include
|
||||
|
||||
-
|
||||
+OSLIBS= -L${LOCALBASE}/lib -l$(DNET)
|
||||
|
112
net-mgmt/send/files/patch-sendd-sig_rfc3971.c
Normal file
112
net-mgmt/send/files/patch-sendd-sig_rfc3971.c
Normal file
@ -0,0 +1,112 @@
|
||||
--- sendd/sig_rfc3971.c.orig 2019-02-27 16:25:45 UTC
|
||||
+++ sendd/sig_rfc3971.c
|
||||
@@ -49,6 +49,11 @@
|
||||
extern struct dlog_desc dbg_cryptox;
|
||||
#endif
|
||||
|
||||
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
+#define EVP_MD_CTX_new(x) calloc(1, sizeof(EVP_MD_CTX))
|
||||
+#define EVP_MD_CTX_free(x) free(x)
|
||||
+#endif
|
||||
+
|
||||
static void *
|
||||
load_privkey(const char *f)
|
||||
{
|
||||
@@ -84,7 +89,7 @@ free_privkey(void *k)
|
||||
static uint8_t *
|
||||
sign(struct iovec *iov, int iovlen, int *slen, void *priv /* EVP_PKEY */)
|
||||
{
|
||||
- EVP_MD_CTX ctx[1];
|
||||
+ EVP_MD_CTX *ctx;
|
||||
uint8_t *sig = NULL;
|
||||
DEFINE_TIMESTAMP_VARS();
|
||||
int i;
|
||||
@@ -93,9 +98,15 @@ sign(struct iovec *iov, int iovlen, int *slen, void *p
|
||||
DBG(&dbg_snd, "private key not set");
|
||||
return (NULL);
|
||||
}
|
||||
+ ctx = EVP_MD_CTX_new();
|
||||
+ if (ctx == NULL) {
|
||||
+ DBG(&dbg_snd, "EVP_MD_CTX_new() failed");
|
||||
+ return (NULL);
|
||||
+ }
|
||||
|
||||
if ((*slen = EVP_PKEY_size(priv)) == 0) {
|
||||
DBG(&dbg_snd, "EVP_PKEY_size() returned 0");
|
||||
+ EVP_MD_CTX_free(ctx);
|
||||
return (NULL);
|
||||
}
|
||||
|
||||
@@ -104,6 +115,7 @@ sign(struct iovec *iov, int iovlen, int *slen, void *p
|
||||
EVP_MD_CTX_init(ctx);
|
||||
if (EVP_SignInit(ctx, EVP_sha1()) != 1) {
|
||||
snd_ssl_err(__FUNCTION__, "EVP_SignInit: ");
|
||||
+ EVP_MD_CTX_free(ctx);
|
||||
return (NULL);
|
||||
}
|
||||
|
||||
@@ -136,7 +148,10 @@ sign(struct iovec *iov, int iovlen, int *slen, void *p
|
||||
DBG_HEXDUMP(&dbg_cryptox, "sig:", sig, *slen);
|
||||
|
||||
done:
|
||||
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
EVP_MD_CTX_cleanup(ctx);
|
||||
+#endif
|
||||
+ EVP_MD_CTX_free(ctx);
|
||||
return (sig);
|
||||
}
|
||||
|
||||
@@ -144,7 +159,7 @@ static int
|
||||
ver(struct iovec *iov, int iovlen, uint8_t *key, int klen, uint8_t *sig,
|
||||
int slen)
|
||||
{
|
||||
- EVP_MD_CTX ctx[1];
|
||||
+ EVP_MD_CTX *ctx;
|
||||
EVP_PKEY *pub;
|
||||
int rv = -1;
|
||||
int i, real_slen, min_bits;
|
||||
@@ -157,11 +172,17 @@ ver(struct iovec *iov, int iovlen, uint8_t *key, int k
|
||||
DBG(&dbg_snd, "could not d2i key");
|
||||
return (-1);
|
||||
}
|
||||
+ ctx = EVP_MD_CTX_new();
|
||||
+ if (ctx == NULL) {
|
||||
+ DBG(&dbg_snd, "EVP_MD_CTX_new() failed");
|
||||
+ return (NULL);
|
||||
+ }
|
||||
|
||||
min_bits = snd_conf_get_int(snd_min_key_bits);
|
||||
if (EVP_PKEY_bits(pub) < min_bits) {
|
||||
DBG(&dbg_snd, "Peer key too weak: %d bits (configured "
|
||||
"minimum: %d)", EVP_PKEY_bits(pub), min_bits);
|
||||
+ EVP_MD_CTX_free(ctx);
|
||||
return (-1);
|
||||
}
|
||||
|
||||
@@ -171,6 +192,7 @@ ver(struct iovec *iov, int iovlen, uint8_t *key, int k
|
||||
} else if (real_slen > slen) {
|
||||
DBG(&dbg_snd, "real sig len (%d) > given sig len (%d)",
|
||||
real_slen, slen);
|
||||
+ EVP_MD_CTX_free(ctx);
|
||||
return (-1);
|
||||
}
|
||||
TIMESTAMP_START();
|
||||
@@ -178,6 +200,7 @@ ver(struct iovec *iov, int iovlen, uint8_t *key, int k
|
||||
EVP_MD_CTX_init(ctx);
|
||||
if (EVP_VerifyInit(ctx, EVP_sha1()) != 1) {
|
||||
snd_ssl_err(__FUNCTION__, "EVP_VerifyInit: ");
|
||||
+ EVP_MD_CTX_free(ctx);
|
||||
return (-1);
|
||||
}
|
||||
|
||||
@@ -204,7 +227,10 @@ ver(struct iovec *iov, int iovlen, uint8_t *key, int k
|
||||
TIMESTAMP_END("rfc3971");
|
||||
|
||||
done:
|
||||
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
||||
EVP_MD_CTX_cleanup(ctx);
|
||||
+#endif
|
||||
+ EVP_MD_CTX_free(ctx);
|
||||
return (rv);
|
||||
}
|
||||
|
18
net-mgmt/send/files/patch-sendd-snd_proto.h
Normal file
18
net-mgmt/send/files/patch-sendd-snd_proto.h
Normal file
@ -0,0 +1,18 @@
|
||||
--- sendd/snd_proto.h.orig 2019-02-27 16:25:45 UTC
|
||||
+++ sendd/snd_proto.h
|
||||
@@ -41,11 +41,15 @@
|
||||
#define ND_OPT_CGA 11
|
||||
#define ND_OPT_SIG 12
|
||||
#define ND_OPT_TIMESTAMP 13
|
||||
+#ifndef ND_OPT_NONCE
|
||||
#define ND_OPT_NONCE 14
|
||||
+#endif
|
||||
#define ND_OPT_TRUST_ANCHOR 15
|
||||
#define ND_OPT_CERTIFICATE 16
|
||||
|
||||
+#ifndef ND_OPT_MAX
|
||||
#define ND_OPT_MAX ND_OPT_CERTIFICATE
|
||||
+#endif
|
||||
|
||||
#define NDISC_OPT_SPACE(len) (((len)+2+7)&~7)
|
||||
|
Loading…
Reference in New Issue
Block a user