svn commit: r568770 - in head/security/pvk: . files
Alexey Dokuchaev
danfe at FreeBSD.org
Fri Mar 19 02:16:31 UTC 2021
Author: danfe
Date: Fri Mar 19 02:16:30 2021
New Revision: 568770
URL: https://svnweb.freebsd.org/changeset/ports/568770
Log:
- Unbreak the build against modern OpenSSL versions and also on 64-bit
architectures by using explicit 32-bit `int' types instead of `long'
which length is not constant (machine/compiler-dependent)
- Don't patch and then sed(1)-patch the Makefile, just pass the needed
header files and library paths via MAKE_ARGS
- Install documentation in the dedicated DOCS option helper target
- Convert two-line pkg-plist into PLIST_FILES and PORTDOCS
- Provide fallback distfile download locations
Tested on: i386, amd64
Added:
head/security/pvk/files/patch-pvk.h (contents, props changed)
head/security/pvk/files/patch-pvkread.c (contents, props changed)
head/security/pvk/files/patch-pvkwrite.c (contents, props changed)
Deleted:
head/security/pvk/files/patch-Makefile
head/security/pvk/pkg-plist
Modified:
head/security/pvk/Makefile
Modified: head/security/pvk/Makefile
==============================================================================
--- head/security/pvk/Makefile Fri Mar 19 02:04:26 2021 (r568769)
+++ head/security/pvk/Makefile Fri Mar 19 02:16:30 2021 (r568770)
@@ -3,8 +3,11 @@
PORTNAME= pvk
PORTVERSION= 20070406
+PORTREVISION= 1
CATEGORIES= security
-MASTER_SITES= http://www.drh-consultancy.demon.co.uk/
+MASTER_SITES= http://www.drh-consultancy.demon.co.uk/ \
+ http://vault.101011010.xyz/distfiles/ \
+ http://freebsd.nsu.ru/distfiles/
DISTNAME= pvksrc
EXTRACT_SUFX= .tgz.bin
@@ -12,25 +15,20 @@ MAINTAINER= sobomax at FreeBSD.org
COMMENT= Tool to convert a RSA key in PEM format into a PVK file and vice versa
USES= ssl
-CFLAGS+= -I${OPENSSLINC}
-LDFLAGS+= -L${OPENSSLLIB}
+MAKE_ARGS= SSLINC=${OPENSSLINC} SSLLIB=${OPENSSLLIB}
NO_WRKSUBDIR= yes
-.include <bsd.port.pre.mk>
+PLIST_FILES= bin/pvk
+PORTDOCS= README
-.if ${SSL_DEFAULT} == base
-BROKEN_FreeBSD_12= variable has incomplete type 'EVP_MD_CTX' (aka 'struct evp_md_ctx_st')
-BROKEN_FreeBSD_13= variable has incomplete type 'EVP_MD_CTX' (aka 'struct evp_md_ctx_st')
-.endif
+OPTIONS_DEFINE= DOCS
-post-patch:
- ${REINPLACE_CMD} -e 's|\(-lcrypto\)|$$(LDFLAGS) \1|g' \
- ${WRKSRC}/Makefile
-
do-install:
${INSTALL_PROGRAM} ${WRKSRC}/pvk ${STAGEDIR}${PREFIX}/bin
- ${MKDIR} ${STAGEDIR}${DOCSDIR}
+
+do-install-DOCS-on:
+ @${MKDIR} ${STAGEDIR}${DOCSDIR}
${INSTALL_DATA} ${WRKSRC}/README ${STAGEDIR}${DOCSDIR}
-.include <bsd.port.post.mk>
+.include <bsd.port.mk>
Added: head/security/pvk/files/patch-pvk.h
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/security/pvk/files/patch-pvk.h Fri Mar 19 02:16:30 2021 (r568770)
@@ -0,0 +1,37 @@
+--- pvk.h.orig 2001-04-10 12:00:08 UTC
++++ pvk.h
+@@ -77,18 +77,18 @@ extern "C" {
+ /* PVK file information */
+
+ typedef struct {
+-long magic;
+-long res;
+-long keytype;
+-long crypt;
+-long saltlen;
+-long keylen;
++int32_t magic;
++int32_t res;
++int32_t keytype;
++int32_t crypt;
++int32_t saltlen;
++int32_t keylen;
+ int encr;
+ unsigned char *salt;
+ unsigned char btype;
+ unsigned char version;
+ unsigned short reserved;
+-unsigned long keyalg;
++uint32_t keyalg;
+ unsigned char *key;
+ } PVK_DAT;
+
+@@ -116,7 +116,7 @@ RSA *pvk2rsa (PVK_DAT *pvk);
+ int pvk_read(BIO *in, PVK_DAT *pvk);
+ int pvk_write(BIO *out, PVK_DAT *pvk);
+ int pvk_encrypt (PVK_DAT *pvk, char *pass, int encr);
+-int rsa2pvk (RSA *rsa, PVK_DAT *pvk, unsigned long alg);
++int rsa2pvk (RSA *rsa, PVK_DAT *pvk, uint32_t alg);
+
+ /* BEGIN ERROR CODES */
+ /* The following lines are auto generated by the script mkerr.pl. Any changes
Added: head/security/pvk/files/patch-pvkread.c
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/security/pvk/files/patch-pvkread.c Fri Mar 19 02:16:30 2021 (r568770)
@@ -0,0 +1,137 @@
+--- pvkread.c.orig 2000-07-03 00:02:30 UTC
++++ pvkread.c
+@@ -64,10 +64,10 @@
+ #include "pvk.h"
+
+ static int read_word(BIO *in, unsigned short *dat);
+-static int read_dword(BIO *in, unsigned long *dat);
+-static unsigned long get_dword(unsigned char **p);
++static int read_dword(BIO *in, uint32_t *dat);
++static uint32_t get_dword(unsigned char **p);
+ static BIGNUM *lend2BN(unsigned char **nptr, int len);
+-static int scan_magic(BIO *in, unsigned long *magic);
++static int scan_magic(BIO *in, uint32_t *magic);
+
+ static int read_word(BIO *in, unsigned short *dat)
+ {
+@@ -77,7 +77,7 @@ static int read_word(BIO *in, unsigned short *dat)
+ return 1;
+ }
+
+-static int read_dword(BIO *in, unsigned long *dat)
++static int read_dword(BIO *in, uint32_t *dat)
+ {
+ unsigned char buf[4];
+ if (BIO_read(in, buf, 4) != 4) return 0;
+@@ -85,9 +85,9 @@ static int read_dword(BIO *in, unsigned long *dat)
+ return 1;
+ }
+
+-static unsigned long get_dword(unsigned char **p)
++static uint32_t get_dword(unsigned char **p)
+ {
+- unsigned long ret;
++ uint32_t ret;
+ unsigned char *buf;
+ buf = *p;
+ ret = buf[0] + (buf[1] << 8) + (buf[2] << 16) + (buf[3] << 24);
+@@ -95,7 +95,7 @@ static unsigned long get_dword(unsigned char **p)
+ return ret;
+ }
+
+-static int scan_magic(BIO *in, unsigned long *magic)
++static int scan_magic(BIO *in, uint32_t *magic)
+ {
+ int i;
+ char dummy[4];
+@@ -157,8 +157,8 @@ int pvk_read(BIO *in, PVK_DAT *pvk)
+
+ int pvk_decrypt(PVK_DAT *pvk, char *pass)
+ {
+- EVP_MD_CTX ctx;
+- EVP_CIPHER_CTX cctx;
++ EVP_MD_CTX *ctx;
++ EVP_CIPHER_CTX *cctx;
+ unsigned char *buf;
+ unsigned char tmpkey[EVP_MAX_KEY_LENGTH];
+ int outlen;
+@@ -171,18 +171,21 @@ int pvk_decrypt(PVK_DAT *pvk, char *pass)
+ PVKerr(PVK_F_PVK_DECRYPT,ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+- EVP_DigestInit(&ctx, EVP_sha1());
+- EVP_DigestUpdate(&ctx, pvk->salt, pvk->saltlen);
+- EVP_DigestUpdate(&ctx, pass, strlen(pass));
+- EVP_DigestFinal(&ctx, tmpkey, NULL);
+- EVP_DecryptInit(&cctx, EVP_rc4(), tmpkey, NULL);
+- EVP_DecryptUpdate(&cctx, buf, &outlen, pvk->key, pvk->keylen);
++ ctx = EVP_MD_CTX_new();
++ EVP_DigestInit(ctx, EVP_sha1());
++ EVP_DigestUpdate(ctx, pvk->salt, pvk->saltlen);
++ EVP_DigestUpdate(ctx, pass, strlen(pass));
++ EVP_DigestFinal(ctx, tmpkey, NULL);
++ EVP_MD_CTX_free(ctx);
++ cctx = EVP_CIPHER_CTX_new();
++ EVP_DecryptInit(cctx, EVP_rc4(), tmpkey, NULL);
++ EVP_DecryptUpdate(cctx, buf, &outlen, pvk->key, pvk->keylen);
+ if(strncmp(buf, "RSA2", 4)) {
+ /* Didn't work: try weak encryption */
+ memset(tmpkey+5, 0, 11);
+- EVP_DecryptFinal(&cctx, buf + outlen, &outlen);
+- EVP_DecryptInit(&cctx, EVP_rc4(), tmpkey, NULL);
+- EVP_DecryptUpdate(&cctx, buf, &outlen, pvk->key, pvk->keylen);
++ EVP_DecryptFinal(cctx, buf + outlen, &outlen);
++ EVP_DecryptInit(cctx, EVP_rc4(), tmpkey, NULL);
++ EVP_DecryptUpdate(cctx, buf, &outlen, pvk->key, pvk->keylen);
+ if(strncmp(buf, "RSA2", 4)) {
+ PVKerr(PVK_F_PVK_DECRYPT,PVK_R_DECRYPT_ERROR);
+ OPENSSL_free(buf);
+@@ -190,7 +193,8 @@ int pvk_decrypt(PVK_DAT *pvk, char *pass)
+ } else pvk->encr = PVK_WEAK;
+ } else pvk->encr = PVK_STRONG;
+ /* Not needed but do it to cleanup */
+- EVP_DecryptFinal(&cctx, buf + outlen, &outlen);
++ EVP_DecryptFinal(cctx, buf + outlen, &outlen);
++ EVP_CIPHER_CTX_free(cctx);
+ OPENSSL_free(pvk->key);
+ pvk->key = buf;
+ memset(tmpkey, 0, EVP_MAX_KEY_LENGTH);
+@@ -203,6 +207,7 @@ RSA *pvk2rsa (PVK_DAT *pvk)
+ RSA *rsa;
+ unsigned char *keytmp;
+ int pubexp, keylen, pvklen;
++ BIGNUM *e, *n, *p, *q, *dmp1, *dmq1, *iqmp, *d;
+ rsa = RSA_new();
+ if (!rsa) return NULL;
+ keytmp = pvk->key + 4;
+@@ -216,15 +221,21 @@ RSA *pvk2rsa (PVK_DAT *pvk)
+
+ if (pvklen < ((keylen/2)* 9)) goto err;
+
+- if(!(rsa->e = BN_new ())) goto err;
+- BN_set_word (rsa->e, pubexp);
+- if(!(rsa->n = lend2BN (&keytmp, keylen))) goto err;
+- if(!(rsa->p = lend2BN (&keytmp, keylen/2))) goto err;
+- if(!(rsa->q = lend2BN (&keytmp, keylen/2))) goto err;
+- if(!(rsa->dmp1 = lend2BN (&keytmp, keylen/2))) goto err;
+- if(!(rsa->dmq1 = lend2BN (&keytmp, keylen/2))) goto err;
+- if(!(rsa->iqmp = lend2BN (&keytmp, keylen/2))) goto err;
+- if(!(rsa->d = lend2BN (&keytmp, keylen))) goto err;
++ if (!(e = BN_new())) goto err;
++ BN_set_word (e, pubexp);
++
++ if(!(n = lend2BN (&keytmp, keylen))) goto err;
++ if(!(p = lend2BN (&keytmp, keylen/2))) goto err;
++ if(!(q = lend2BN (&keytmp, keylen/2))) goto err;
++ if(!(dmp1 = lend2BN (&keytmp, keylen/2))) goto err;
++ if(!(dmq1 = lend2BN (&keytmp, keylen/2))) goto err;
++ if(!(iqmp = lend2BN (&keytmp, keylen/2))) goto err;
++ if(!(d = lend2BN (&keytmp, keylen))) goto err;
++
++ RSA_set0_key(rsa, n, e, d);
++ RSA_set0_factors(rsa, p, q);
++ RSA_set0_crt_params(rsa, dmp1, dmq1, iqmp);
++
+ return rsa;
+ err:
+ PVKerr(PVK_F_PVK2RSA,PVK_R_INVALID_PRIVATE_KEY_FORMAT);
Added: head/security/pvk/files/patch-pvkwrite.c
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/security/pvk/files/patch-pvkwrite.c Fri Mar 19 02:16:30 2021 (r568770)
@@ -0,0 +1,119 @@
+--- pvkwrite.c.orig 2000-07-03 00:02:30 UTC
++++ pvkwrite.c
+@@ -73,7 +73,7 @@ static int write_word(BIO *out, unsigned short dat)
+ return 1;
+ }
+
+-static int write_dword(BIO *out, unsigned long dat)
++static int write_dword(BIO *out, uint32_t dat)
+ {
+ unsigned char buf[4];
+ buf[0] = dat & 0xff;
+@@ -84,7 +84,7 @@ static int write_dword(BIO *out, unsigned long dat)
+ return 1;
+ }
+
+-static void put_dword(unsigned char **p, unsigned long dat)
++static void put_dword(unsigned char **p, uint32_t dat)
+ {
+ unsigned char *buf;
+ buf = *p;
+@@ -125,8 +125,8 @@ int pvk_write(BIO *out, PVK_DAT *pvk)
+
+ int pvk_encrypt(PVK_DAT *pvk, char *pass, int encr)
+ {
+- EVP_MD_CTX ctx;
+- EVP_CIPHER_CTX cctx;
++ EVP_MD_CTX *ctx;
++ EVP_CIPHER_CTX *cctx;
+ unsigned char *buf;
+ unsigned char tmpkey[EVP_MAX_KEY_LENGTH];
+ int outlen;
+@@ -141,17 +141,21 @@ int pvk_encrypt(PVK_DAT *pvk, char *pass, int encr)
+ PVKerr(PVK_F_PVK_ENCRYPT,ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+- EVP_DigestInit(&ctx, EVP_sha1());
+- EVP_DigestUpdate(&ctx, pvk->salt, pvk->saltlen);
+- EVP_DigestUpdate(&ctx, pass, strlen(pass));
+- EVP_DigestFinal(&ctx, tmpkey, NULL);
++ ctx = EVP_MD_CTX_new();
++ EVP_DigestInit(ctx, EVP_sha1());
++ EVP_DigestUpdate(ctx, pvk->salt, pvk->saltlen);
++ EVP_DigestUpdate(ctx, pass, strlen(pass));
++ EVP_DigestFinal(ctx, tmpkey, NULL);
++ EVP_MD_CTX_free(ctx);
+
+ if(encr == PVK_WEAK) memset(tmpkey + 5, 0, 11);
+
+- EVP_EncryptInit(&cctx, EVP_rc4(), tmpkey, NULL);
+- EVP_EncryptUpdate(&cctx, buf, &outlen, pvk->key, pvk->keylen);
++ cctx = EVP_CIPHER_CTX_new();
++ EVP_EncryptInit(cctx, EVP_rc4(), tmpkey, NULL);
++ EVP_EncryptUpdate(cctx, buf, &outlen, pvk->key, pvk->keylen);
+ /* Not needed but do it to cleanup */
+- EVP_EncryptFinal(&cctx, buf + outlen, &outlen);
++ EVP_EncryptFinal(cctx, buf + outlen, &outlen);
++ EVP_CIPHER_CTX_free(cctx);
+ OPENSSL_free(pvk->key);
+ pvk->key = buf;
+ pvk->crypt = 1;
+@@ -161,7 +165,7 @@ int pvk_encrypt(PVK_DAT *pvk, char *pass, int encr)
+ }
+
+ /* Convert bignum to little endian format */
+-static int BN2lend (BIGNUM *num, unsigned char *p)
++static int BN2lend (const BIGNUM *num, unsigned char *p)
+ {
+ int nbyte, i;
+ unsigned char c;
+@@ -178,7 +182,7 @@ static int BN2lend (BIGNUM *num, unsigned char *p)
+
+ /* Convert RSA key into PVK structure */
+
+-int rsa2pvk(RSA *rsa, PVK_DAT *pvk, unsigned long alg)
++int rsa2pvk(RSA *rsa, PVK_DAT *pvk, uint32_t alg)
+ {
+ int numbytes;
+ unsigned char *p;
+@@ -202,7 +206,7 @@ int rsa2pvk(RSA *rsa, PVK_DAT *pvk, unsigned long alg)
+ else if(pvk->keyalg == RSA_SIG) pvk->keytype = PVK_SIG;
+
+ /* Set up a private key blob */
+- numbytes = BN_num_bytes (rsa->n);
++ numbytes = BN_num_bytes (RSA_get0_n(rsa));
+ /* Allocate enough room for blob */
+ if (!(pvk->key = calloc(1, 12 + numbytes * 5))) {
+ PVKerr(PVK_F_RSA2PVK,ERR_R_MALLOC_FAILURE);
+@@ -216,23 +220,23 @@ int rsa2pvk(RSA *rsa, PVK_DAT *pvk, unsigned long alg)
+ p+= 4;
+
+ put_dword(&p, numbytes << 3); /* Number of bits */
+- put_dword(&p, BN_get_word(rsa->e)); /* Public exponent */
++ put_dword(&p, BN_get_word(RSA_get0_e(rsa))); /* Public exponent */
+
+ /* Convert each element */
+
+- BN2lend (rsa->n, p);
++ BN2lend (RSA_get0_n(rsa), p);
+ p += numbytes;
+- BN2lend (rsa->p, p);
++ BN2lend (RSA_get0_p(rsa), p);
+ p += numbytes/2;
+- BN2lend (rsa->q, p);
++ BN2lend (RSA_get0_q(rsa), p);
+ p += numbytes/2;
+- BN2lend (rsa->dmp1, p);
++ BN2lend (RSA_get0_dmp1(rsa), p);
+ p += numbytes/2;
+- BN2lend (rsa->dmq1, p);
++ BN2lend (RSA_get0_dmq1(rsa), p);
+ p += numbytes/2;
+- BN2lend (rsa->iqmp,p);
++ BN2lend (RSA_get0_iqmp(rsa), p);
+ p += numbytes/2;
+- BN2lend (rsa->d, p);
++ BN2lend (RSA_get0_d(rsa), p);
+ p += numbytes;
+ pvk->keylen = p - pvk->key + 8;
+ RAND_seed(pvk->key, pvk->keylen);
More information about the svn-ports-all
mailing list