diff options
| author | Rene Ladan <rene@FreeBSD.org> | 2018-12-31 21:37:58 +0800 |
|---|---|---|
| committer | Rene Ladan <rene@FreeBSD.org> | 2018-12-31 21:37:58 +0800 |
| commit | d1a5353b9cccb568b52fb525175941ad0b8a0345 (patch) | |
| tree | 25abb8f5b9cdfd31fb9d446791a87606bf77ff0b /net | |
| parent | d460c1a711a6e1319160cba021ecc281f1e4fc70 (diff) | |
| download | freebsd-ports-gnome-d1a5353b9cccb568b52fb525175941ad0b8a0345.tar.gz freebsd-ports-gnome-d1a5353b9cccb568b52fb525175941ad0b8a0345.tar.zst freebsd-ports-gnome-d1a5353b9cccb568b52fb525175941ad0b8a0345.zip | |
Remove expired ports:
2018-12-31 net/libsrtp: Superseded by libsrtp2
2018-12-31 x11-toolkits/wlc: Deprecated upstream
2018-12-31 japanese/spamassassin: does not build
2018-12-31 www/spdylay: SPDY is deprecated, use HTTP/2 instead
2018-12-31 www/moodle33: Upstream no longer maintained
2018-12-31 security/krb5-114: EOL twelve months after release of krb5-1.16
2018-12-31 databases/mongodb32: EOL upstream since September 2018
2018-12-31 databases/mongodb32-tools: EOL upstream since September 2018
2018-12-31 audio/creox: Qt4 has been EOL since december 2015
2018-12-31 audio/terminatorx: Unmaintained, broken too often
2018-12-31 audio/shoutcast: Upstream vendor no longer provides releases
2018-12-31 dns/powerdns-recursor40: FreeBSD 10.3 has reached EoL since 2018-04-30; users should upgrade and use dns/powerdns-recursor instead
2018-12-31 sysutils/ataidle: obsoleted by camcontrol(8)
2018-12-31 sysutils/syslog-ng37: No longer officially supported by Balabit, does not support openssl111
2018-12-31 sysutils/cfengine22: No longeer supported by cfengine.com
2018-12-31 sysutils/syslog-ng36: No longer officially supported by Balabit, does not support openssl111
Diffstat (limited to 'net')
| -rw-r--r-- | net/Makefile | 1 | ||||
| -rw-r--r-- | net/libsrtp/Makefile | 41 | ||||
| -rw-r--r-- | net/libsrtp/distinfo | 3 | ||||
| -rw-r--r-- | net/libsrtp/files/patch-00-84faa63 | 285 | ||||
| -rw-r--r-- | net/libsrtp/files/patch-01-5781341 | 254 | ||||
| -rw-r--r-- | net/libsrtp/files/patch-02-fb95445 | 113 | ||||
| -rw-r--r-- | net/libsrtp/files/patch-03-1acba56 | 83 | ||||
| -rw-r--r-- | net/libsrtp/files/patch-04-0b45423 | 361 | ||||
| -rw-r--r-- | net/libsrtp/files/patch-Makefile.in | 44 | ||||
| -rw-r--r-- | net/libsrtp/files/patch-libsrtp.pc.in | 10 | ||||
| -rw-r--r-- | net/libsrtp/pkg-descr | 5 | ||||
| -rw-r--r-- | net/libsrtp/pkg-plist | 41 |
12 files changed, 0 insertions, 1241 deletions
diff --git a/net/Makefile b/net/Makefile index a98def1a67f5..a6cc3cee8703 100644 --- a/net/Makefile +++ b/net/Makefile @@ -422,7 +422,6 @@ SUBDIR += librsync2 SUBDIR += libsignal SUBDIR += libsocket++ - SUBDIR += libsrtp SUBDIR += libsrtp2 SUBDIR += libstorj SUBDIR += libtnl diff --git a/net/libsrtp/Makefile b/net/libsrtp/Makefile deleted file mode 100644 index f90d3b2306cc..000000000000 --- a/net/libsrtp/Makefile +++ /dev/null @@ -1,41 +0,0 @@ -# Created by: Alexander Brovikov <alexander@brovikov.ru> -# $FreeBSD$ - -PORTNAME= libsrtp -DISTVERSIONPREFIX= v -DISTVERSION= 1.6.0 -PORTREVISION= 2 -CATEGORIES= net - -MAINTAINER= tijl@FreeBSD.org -COMMENT= Secure RTP (SRTP) Reference Implementation - -LICENSE= BSD3CLAUSE -LICENSE_FILE= ${WRKSRC}/LICENSE - -DEPRECATED= Superseded by libsrtp2 -EXPIRATION_DATE=2018-12-31 - -PORTSCOUT= limit:^1\. - -USE_GITHUB= yes -GH_ACCOUNT= cisco - -GNU_CONFIGURE= yes -CONFIGURE_ARGS= --enable-openssl -USES= cpe localbase gmake pathfix pkgconfig ssl -CPE_VENDOR= cisco -USE_LDCONFIG= yes - -ALL_TARGET= all shared_library -TEST_TARGET= runtest -TEST_ENV= LD_LIBRARY_PATH=${WRKSRC} - -.if ! defined(WITH_DEBUG) -CONFIGURE_ARGS+=--disable-debug -.endif - -post-patch: - @${REINPLACE_CMD} '/pkg-config.*openssl/d' ${WRKSRC}/configure - -.include <bsd.port.mk> diff --git a/net/libsrtp/distinfo b/net/libsrtp/distinfo deleted file mode 100644 index 65dad6613528..000000000000 --- a/net/libsrtp/distinfo +++ /dev/null @@ -1,3 +0,0 @@ -TIMESTAMP = 1517320244 -SHA256 (cisco-libsrtp-v1.6.0_GH0.tar.gz) = 1a3e7904354d55e45b3c5c024ec0eab1b8fa76fdbf4dd2ea2625dad2b3c6edde -SIZE (cisco-libsrtp-v1.6.0_GH0.tar.gz) = 1648862 diff --git a/net/libsrtp/files/patch-00-84faa63 b/net/libsrtp/files/patch-00-84faa63 deleted file mode 100644 index 0325bbe91e27..000000000000 --- a/net/libsrtp/files/patch-00-84faa63 +++ /dev/null @@ -1,285 +0,0 @@ -Backport of https://github.com/cisco/libsrtp/commit/84faa631a55235f6138cacda2e7f81980a43d13e - ---- crypto/cipher/aes_gcm_ossl.c.orig 2017-08-01 11:57:38 UTC -+++ crypto/cipher/aes_gcm_ossl.c -@@ -85,8 +85,6 @@ extern cipher_type_t aes_gcm_256_openssl; - err_status_t aes_gcm_openssl_alloc (cipher_t **c, int key_len, int tlen) - { - aes_gcm_ctx_t *gcm; -- int tmp; -- uint8_t *allptr; - - debug_print(mod_aes_gcm, "allocating cipher with key length %d", key_len); - debug_print(mod_aes_gcm, "allocating cipher with tag length %d", tlen); -@@ -105,16 +103,22 @@ err_status_t aes_gcm_openssl_alloc (cipher_t **c, int - } - - /* allocate memory a cipher of type aes_gcm */ -- tmp = sizeof(cipher_t) + sizeof(aes_gcm_ctx_t); -- allptr = crypto_alloc(tmp); -- if (allptr == NULL) { -+ *c = (cipher_t *)crypto_alloc(sizeof(cipher_t)); -+ if (*c == NULL) { - return (err_status_alloc_fail); - } -+ memset(*c, 0x0, sizeof(cipher_t)); - -+ gcm = (aes_gcm_ctx_t *)crypto_alloc(sizeof(aes_gcm_ctx_t)); -+ if (gcm == NULL) { -+ crypto_free(*c); -+ *c = NULL; -+ return (err_status_alloc_fail); -+ } -+ memset(gcm, 0x0, sizeof(aes_gcm_ctx_t)); -+ - /* set pointers */ -- *c = (cipher_t*)allptr; -- (*c)->state = allptr + sizeof(cipher_t); -- gcm = (aes_gcm_ctx_t *)(*c)->state; -+ (*c)->state = gcm; - - /* increment ref_count */ - switch (key_len) { -@@ -122,15 +126,15 @@ err_status_t aes_gcm_openssl_alloc (cipher_t **c, int - (*c)->type = &aes_gcm_128_openssl; - (*c)->algorithm = AES_128_GCM; - aes_gcm_128_openssl.ref_count++; -- ((aes_gcm_ctx_t*)(*c)->state)->key_size = AES_128_KEYSIZE; -- ((aes_gcm_ctx_t*)(*c)->state)->tag_len = tlen; -+ gcm->key_size = AES_128_KEYSIZE; -+ gcm->tag_len = tlen; - break; - case AES_256_GCM_KEYSIZE_WSALT: - (*c)->type = &aes_gcm_256_openssl; - (*c)->algorithm = AES_256_GCM; - aes_gcm_256_openssl.ref_count++; -- ((aes_gcm_ctx_t*)(*c)->state)->key_size = AES_256_KEYSIZE; -- ((aes_gcm_ctx_t*)(*c)->state)->tag_len = tlen; -+ gcm->key_size = AES_256_KEYSIZE; -+ gcm->tag_len = tlen; - break; - } - -@@ -164,10 +168,10 @@ err_status_t aes_gcm_openssl_dealloc (cipher_t *c) - return (err_status_dealloc_fail); - break; - } -+ /* zeroize the key material */ -+ octet_string_set_to_zero((uint8_t*)ctx, sizeof(aes_gcm_ctx_t)); -+ crypto_free(ctx); - } -- -- /* zeroize entire state*/ -- octet_string_set_to_zero((uint8_t*)c, sizeof(cipher_t) + sizeof(aes_gcm_ctx_t)); - - /* free memory */ - crypto_free(c); ---- crypto/cipher/aes_icm.c.orig 2017-08-01 11:57:38 UTC -+++ crypto/cipher/aes_icm.c -@@ -95,8 +95,7 @@ debug_module_t mod_aes_icm = { - err_status_t - aes_icm_alloc_ismacryp(cipher_t **c, int key_len, int forIsmacryp) { - extern cipher_type_t aes_icm; -- uint8_t *pointer; -- int tmp; -+ aes_icm_ctx_t *icm; - - debug_print(mod_aes_icm, - "allocating cipher with key length %d", key_len); -@@ -114,13 +113,23 @@ aes_icm_alloc_ismacryp(cipher_t **c, int key_len, int - return err_status_bad_param; - - /* allocate memory a cipher of type aes_icm */ -- tmp = (sizeof(aes_icm_ctx_t) + sizeof(cipher_t)); -- pointer = (uint8_t*)crypto_alloc(tmp); -- if (pointer == NULL) -+ *c = (cipher_t *)crypto_alloc(sizeof(cipher_t)); -+ if (*c == NULL) - return err_status_alloc_fail; - -+ memset(*c, 0x0, sizeof(cipher_t)); -+ -+ icm = (aes_icm_ctx_t *)crypto_alloc(sizeof(aes_icm_ctx_t)); -+ if (icm == NULL) { -+ crypto_free(*c); -+ return err_status_alloc_fail; -+ } -+ memset(icm, 0x0, sizeof(aes_icm_ctx_t)); -+ - /* set pointers */ -- *c = (cipher_t *)pointer; -+ (*c)->state = icm; -+ (*c)->type = &aes_icm; -+ - switch (key_len) { - case 46: - (*c)->algorithm = AES_256_ICM; -@@ -132,13 +141,12 @@ aes_icm_alloc_ismacryp(cipher_t **c, int key_len, int - (*c)->algorithm = AES_128_ICM; - break; - } -- (*c)->type = &aes_icm; -- (*c)->state = pointer + sizeof(cipher_t); - - /* increment ref_count */ - aes_icm.ref_count++; - - /* set key size */ -+ icm->key_size = key_len; - (*c)->key_len = key_len; - - return err_status_ok; -@@ -151,12 +159,20 @@ err_status_t aes_icm_alloc(cipher_t **c, int key_len, - err_status_t - aes_icm_dealloc(cipher_t *c) { - extern cipher_type_t aes_icm; -+ aes_icm_ctx_t *ctx; - -- /* zeroize entire state*/ -- octet_string_set_to_zero((uint8_t *)c, -- sizeof(aes_icm_ctx_t) + sizeof(cipher_t)); -+ if (c == NULL) { -+ return err_status_bad_param; -+ } - -- /* free memory */ -+ ctx = (aes_icm_ctx_t *)c->state; -+ if (ctx) { -+ /* zeroize the key material */ -+ octet_string_set_to_zero((uint8_t*)ctx, sizeof(aes_icm_ctx_t)); -+ crypto_free(ctx); -+ } -+ -+ /* free the cipher context */ - crypto_free(c); - - /* decrement ref_count */ ---- crypto/cipher/aes_icm_ossl.c.orig 2017-08-01 11:57:38 UTC -+++ crypto/cipher/aes_icm_ossl.c -@@ -115,8 +115,6 @@ extern cipher_type_t aes_icm_256; - err_status_t aes_icm_openssl_alloc (cipher_t **c, int key_len, int tlen) - { - aes_icm_ctx_t *icm; -- int tmp; -- uint8_t *allptr; - - debug_print(mod_aes_icm, "allocating cipher with key length %d", key_len); - -@@ -132,16 +130,22 @@ err_status_t aes_icm_openssl_alloc (cipher_t **c, int - } - - /* allocate memory a cipher of type aes_icm */ -- tmp = sizeof(cipher_t) + sizeof(aes_icm_ctx_t); -- allptr = (uint8_t*)crypto_alloc(tmp); -- if (allptr == NULL) { -+ *c = (cipher_t *)crypto_alloc(sizeof(cipher_t)); -+ if (*c == NULL) { - return err_status_alloc_fail; - } -+ memset(*c, 0x0, sizeof(cipher_t)); - -+ icm = (aes_icm_ctx_t *)crypto_alloc(sizeof(aes_icm_ctx_t)); -+ if (icm == NULL) { -+ crypto_free(*c); -+ *c = NULL; -+ return err_status_alloc_fail; -+ } -+ memset(icm, 0x0, sizeof(aes_icm_ctx_t)); -+ - /* set pointers */ -- *c = (cipher_t*)allptr; -- (*c)->state = allptr + sizeof(cipher_t); -- icm = (aes_icm_ctx_t*)(*c)->state; -+ (*c)->state = icm; - - /* increment ref_count */ - switch (key_len) { -@@ -149,21 +153,21 @@ err_status_t aes_icm_openssl_alloc (cipher_t **c, int - (*c)->algorithm = AES_128_ICM; - (*c)->type = &aes_icm; - aes_icm.ref_count++; -- ((aes_icm_ctx_t*)(*c)->state)->key_size = AES_128_KEYSIZE; -+ icm->key_size = AES_128_KEYSIZE; - break; - #ifndef SRTP_NO_AES192 - case AES_192_KEYSIZE_WSALT: - (*c)->algorithm = AES_192_ICM; - (*c)->type = &aes_icm_192; - aes_icm_192.ref_count++; -- ((aes_icm_ctx_t*)(*c)->state)->key_size = AES_192_KEYSIZE; -+ icm->key_size = AES_192_KEYSIZE; - break; - #endif - case AES_256_KEYSIZE_WSALT: - (*c)->algorithm = AES_256_ICM; - (*c)->type = &aes_icm_256; - aes_icm_256.ref_count++; -- ((aes_icm_ctx_t*)(*c)->state)->key_size = AES_256_KEYSIZE; -+ icm->key_size = AES_256_KEYSIZE; - break; - } - -@@ -209,11 +213,10 @@ err_status_t aes_icm_openssl_dealloc (cipher_t *c) - return err_status_dealloc_fail; - break; - } -+ /* zeroize the key material */ -+ octet_string_set_to_zero((uint8_t*)ctx, sizeof(aes_icm_ctx_t)); -+ crypto_free(ctx); - } -- -- /* zeroize entire state*/ -- octet_string_set_to_zero((uint8_t*)c, -- sizeof(cipher_t) + sizeof(aes_icm_ctx_t)); - - /* free memory */ - crypto_free(c); ---- crypto/cipher/null_cipher.c.orig 2017-08-01 11:57:38 UTC -+++ crypto/cipher/null_cipher.c -@@ -59,21 +59,21 @@ extern debug_module_t mod_cipher; - err_status_t - null_cipher_alloc(cipher_t **c, int key_len, int tlen) { - extern cipher_type_t null_cipher; -- uint8_t *pointer; - - debug_print(mod_cipher, - "allocating cipher with key length %d", key_len); - - /* allocate memory a cipher of type null_cipher */ -- pointer = (uint8_t*)crypto_alloc(sizeof(null_cipher_ctx_t) + sizeof(cipher_t)); -- if (pointer == NULL) -+ *c = (cipher_t *)crypto_alloc(sizeof(cipher_t)); -+ if (*c == NULL) - return err_status_alloc_fail; - -+ memset(*c, 0x0, sizeof(cipher_t)); -+ - /* set pointers */ -- *c = (cipher_t *)pointer; - (*c)->algorithm = NULL_CIPHER; - (*c)->type = &null_cipher; -- (*c)->state = pointer + sizeof(cipher_t); -+ (*c)->state = 0x1; /* The null cipher does not maintain state */ - - /* set key size */ - (*c)->key_len = key_len; -@@ -90,8 +90,7 @@ null_cipher_dealloc(cipher_t *c) { - extern cipher_type_t null_cipher; - - /* zeroize entire state*/ -- octet_string_set_to_zero((uint8_t *)c, -- sizeof(null_cipher_ctx_t) + sizeof(cipher_t)); -+ octet_string_set_to_zero((uint8_t*)c, sizeof(cipher_t)); - - /* free memory of type null_cipher */ - crypto_free(c); ---- crypto/test/cipher_driver.c.orig 2017-08-01 11:57:38 UTC -+++ crypto/test/cipher_driver.c -@@ -58,7 +58,6 @@ - #else - #include "aes_icm.h" - #endif --#include "null_cipher.h" - - #define PRINT_DEBUG 0 - diff --git a/net/libsrtp/files/patch-01-5781341 b/net/libsrtp/files/patch-01-5781341 deleted file mode 100644 index 80dbc3090de4..000000000000 --- a/net/libsrtp/files/patch-01-5781341 +++ /dev/null @@ -1,254 +0,0 @@ -Backport of https://github.com/cisco/libsrtp/commit/5781341d99cd286a1f3d164e0576c2e837a444b7 - ---- crypto/hash/hmac_ossl.c.orig 2017-08-01 11:57:38 UTC -+++ crypto/hash/hmac_ossl.c -@@ -46,11 +46,12 @@ - #include <config.h> - #endif - --#include "hmac.h" -+#include "auth.h" - #include "alloc.h" - #include <openssl/evp.h> -+#include <openssl/hmac.h> - --#define HMAC_KEYLEN_MAX 20 -+#define SHA1_DIGEST_SIZE 20 - - /* the debug module for authentiation */ - -@@ -65,26 +66,18 @@ hmac_alloc (auth_t **a, int key_len, int out_len) - { - extern auth_type_t hmac; - uint8_t *pointer; -- hmac_ctx_t *new_hmac_ctx; -+ HMAC_CTX *new_hmac_ctx; - - debug_print(mod_hmac, "allocating auth func with key length %d", key_len); - debug_print(mod_hmac, " tag length %d", out_len); - -- /* -- * check key length - note that we don't support keys larger -- * than 20 bytes yet -- */ -- if (key_len > HMAC_KEYLEN_MAX) { -- return err_status_bad_param; -- } -- - /* check output length - should be less than 20 bytes */ -- if (out_len > HMAC_KEYLEN_MAX) { -+ if (out_len > SHA1_DIGEST_SIZE) { - return err_status_bad_param; - } - -- /* allocate memory for auth and hmac_ctx_t structures */ -- pointer = (uint8_t*)crypto_alloc(sizeof(hmac_ctx_t) + sizeof(auth_t)); -+ /* allocate memory for auth and HMAC_CTX structures */ -+ pointer = (uint8_t*)crypto_alloc(sizeof(HMAC_CTX) + sizeof(auth_t)); - if (pointer == NULL) { - return err_status_alloc_fail; - } -@@ -96,8 +89,8 @@ hmac_alloc (auth_t **a, int key_len, int out_len) - (*a)->out_len = out_len; - (*a)->key_len = key_len; - (*a)->prefix_len = 0; -- new_hmac_ctx = (hmac_ctx_t*)((*a)->state); -- memset(new_hmac_ctx, 0, sizeof(hmac_ctx_t)); -+ new_hmac_ctx = (HMAC_CTX*)((*a)->state); -+ HMAC_CTX_init(new_hmac_ctx); - - /* increment global count of all hmac uses */ - hmac.ref_count++; -@@ -109,19 +102,15 @@ err_status_t - hmac_dealloc (auth_t *a) - { - extern auth_type_t hmac; -- hmac_ctx_t *hmac_ctx; -+ HMAC_CTX *hmac_ctx; - -- hmac_ctx = (hmac_ctx_t*)a->state; -- if (hmac_ctx->ctx_initialized) { -- EVP_MD_CTX_cleanup(&hmac_ctx->ctx); -- } -- if (hmac_ctx->init_ctx_initialized) { -- EVP_MD_CTX_cleanup(&hmac_ctx->init_ctx); -- } -+ hmac_ctx = (HMAC_CTX*)a->state; - -+ HMAC_CTX_cleanup(hmac_ctx); -+ - /* zeroize entire state*/ - octet_string_set_to_zero((uint8_t*)a, -- sizeof(hmac_ctx_t) + sizeof(auth_t)); -+ sizeof(HMAC_CTX) + sizeof(auth_t)); - - /* free memory */ - crypto_free(a); -@@ -133,113 +122,65 @@ hmac_dealloc (auth_t *a) - } - - err_status_t --hmac_init (hmac_ctx_t *state, const uint8_t *key, int key_len) -+hmac_init (HMAC_CTX *state, const uint8_t *key, int key_len) - { -- int i; -- uint8_t ipad[64]; -+ if (HMAC_Init_ex(state, key, key_len, EVP_sha1(), NULL) == 0) -+ return err_status_auth_fail; - -- /* -- * check key length - note that we don't support keys larger -- * than 20 bytes yet -- */ -- if (key_len > HMAC_KEYLEN_MAX) { -- return err_status_bad_param; -- } -- -- /* -- * set values of ipad and opad by exoring the key into the -- * appropriate constant values -- */ -- for (i = 0; i < key_len; i++) { -- ipad[i] = key[i] ^ 0x36; -- state->opad[i] = key[i] ^ 0x5c; -- } -- /* set the rest of ipad, opad to constant values */ -- for (; i < sizeof(ipad); i++) { -- ipad[i] = 0x36; -- ((uint8_t*)state->opad)[i] = 0x5c; -- } -- -- debug_print(mod_hmac, "ipad: %s", octet_string_hex_string(ipad, sizeof(ipad))); -- -- /* initialize sha1 context */ -- sha1_init(&state->init_ctx); -- state->init_ctx_initialized = 1; -- -- /* hash ipad ^ key */ -- sha1_update(&state->init_ctx, ipad, sizeof(ipad)); -- return (hmac_start(state)); -+ return err_status_ok; - } - - err_status_t --hmac_start (hmac_ctx_t *state) -+hmac_start (HMAC_CTX *state) - { -- if (state->ctx_initialized) { -- EVP_MD_CTX_cleanup(&state->ctx); -- } -- if (!EVP_MD_CTX_copy(&state->ctx, &state->init_ctx)) { -+ if (HMAC_Init_ex(state, NULL, 0, NULL, NULL) == 0) - return err_status_auth_fail; -- } else { -- state->ctx_initialized = 1; -- return err_status_ok; -- } -+ -+ return err_status_ok; - } - - err_status_t --hmac_update (hmac_ctx_t *state, const uint8_t *message, int msg_octets) -+hmac_update (HMAC_CTX *state, const uint8_t *message, int msg_octets) - { - debug_print(mod_hmac, "input: %s", - octet_string_hex_string(message, msg_octets)); - -- /* hash message into sha1 context */ -- sha1_update(&state->ctx, message, msg_octets); -+ if (HMAC_Update(state, message, msg_octets) == 0) -+ return err_status_auth_fail; - - return err_status_ok; - } - - err_status_t --hmac_compute (hmac_ctx_t *state, const void *message, -+hmac_compute (HMAC_CTX *state, const void *message, - int msg_octets, int tag_len, uint8_t *result) - { -- uint32_t hash_value[5]; -- uint32_t H[5]; -+ uint8_t hash_value[SHA1_DIGEST_SIZE]; - int i; -+ unsigned int len; - - /* check tag length, return error if we can't provide the value expected */ -- if (tag_len > HMAC_KEYLEN_MAX) { -+ if (tag_len > SHA1_DIGEST_SIZE) { - return err_status_bad_param; - } - - /* hash message, copy output into H */ -- sha1_update(&state->ctx, message, msg_octets); -- sha1_final(&state->ctx, H); -+ if (HMAC_Update(state, message, msg_octets) == 0) -+ return err_status_auth_fail; - -- /* -- * note that we don't need to debug_print() the input, since the -- * function hmac_update() already did that for us -- */ -- debug_print(mod_hmac, "intermediate state: %s", -- octet_string_hex_string((uint8_t*)H, sizeof(H))); -+ if (HMAC_Final(state, hash_value, &len) == 0) -+ return err_status_auth_fail; - -- /* re-initialize hash context */ -- sha1_init(&state->ctx); -+ if (len < tag_len) -+ return err_status_auth_fail; - -- /* hash opad ^ key */ -- sha1_update(&state->ctx, (uint8_t*)state->opad, sizeof(state->opad)); -- -- /* hash the result of the inner hash */ -- sha1_update(&state->ctx, (uint8_t*)H, sizeof(H)); -- -- /* the result is returned in the array hash_value[] */ -- sha1_final(&state->ctx, hash_value); -- - /* copy hash_value to *result */ - for (i = 0; i < tag_len; i++) { -- result[i] = ((uint8_t*)hash_value)[i]; -+ result[i] = hash_value[i]; - } - - debug_print(mod_hmac, "output: %s", -- octet_string_hex_string((uint8_t*)hash_value, tag_len)); -+ octet_string_hex_string(hash_value, tag_len)); - - return err_status_ok; - } -@@ -248,7 +189,7 @@ hmac_compute (hmac_ctx_t *state, const void *message, - /* begin test case 0 */ - - uint8_t -- hmac_test_case_0_key[HMAC_KEYLEN_MAX] = { -+ hmac_test_case_0_key[SHA1_DIGEST_SIZE] = { - 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, - 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, - 0x0b, 0x0b, 0x0b, 0x0b -@@ -260,7 +201,7 @@ uint8_t - }; - - uint8_t -- hmac_test_case_0_tag[HMAC_KEYLEN_MAX] = { -+ hmac_test_case_0_tag[SHA1_DIGEST_SIZE] = { - 0xb6, 0x17, 0x31, 0x86, 0x55, 0x05, 0x72, 0x64, - 0xe2, 0x8b, 0xc0, 0xb6, 0xfb, 0x37, 0x8c, 0x8e, - 0xf1, 0x46, 0xbe, 0x00 ---- crypto/include/hmac.h.orig 2017-08-01 11:57:38 UTC -+++ crypto/include/hmac.h -@@ -53,10 +53,6 @@ typedef struct { - uint8_t opad[64]; - sha1_ctx_t ctx; - sha1_ctx_t init_ctx; --#ifdef OPENSSL -- int ctx_initialized; -- int init_ctx_initialized; --#endif - } hmac_ctx_t; - - err_status_t diff --git a/net/libsrtp/files/patch-02-fb95445 b/net/libsrtp/files/patch-02-fb95445 deleted file mode 100644 index a739316209b0..000000000000 --- a/net/libsrtp/files/patch-02-fb95445 +++ /dev/null @@ -1,113 +0,0 @@ -Backport of https://github.com/cisco/libsrtp/commit/fb954450198c832c96b4191fcef3a1b9e2d15d8b - ---- crypto/cipher/aes_icm_ossl.c.orig 2018-06-10 20:33:16 UTC -+++ crypto/cipher/aes_icm_ossl.c -@@ -235,6 +235,8 @@ err_status_t aes_icm_openssl_dealloc (cipher_t *c) - */ - err_status_t aes_icm_openssl_context_init (aes_icm_ctx_t *c, const uint8_t *key, int len) - { -+ const EVP_CIPHER *evp; -+ - /* - * set counter and initial values to 'offset' value, being careful not to - * go past the end of the key buffer -@@ -252,30 +254,35 @@ err_status_t aes_icm_openssl_context_init (aes_icm_ctx - c->offset.v8[SALT_SIZE] = c->offset.v8[SALT_SIZE + 1] = 0; - c->counter.v8[SALT_SIZE] = c->counter.v8[SALT_SIZE + 1] = 0; - -- /* copy key to be used later when CiscoSSL crypto context is created */ -- v128_copy_octet_string((v128_t*)&c->key, key); -+ debug_print(mod_aes_icm, "key: %s", octet_string_hex_string(key, c->key_size)); -+ debug_print(mod_aes_icm, "offset: %s", v128_hex_string(&c->offset)); - -- /* if the key is greater than 16 bytes, copy the second -- * half. Note, we treat AES-192 and AES-256 the same here -- * for simplicity. The storage location receiving the -- * key is statically allocated to handle a full 32 byte key -- * regardless of the cipher in use. -- */ -- if (c->key_size == AES_256_KEYSIZE -+ EVP_CIPHER_CTX_init(&c->ctx); -+ -+ switch (c->key_size) { -+ case AES_256_KEYSIZE: -+ evp = EVP_aes_256_ctr(); -+ break; - #ifndef SRTP_NO_AES192 -- || c->key_size == AES_192_KEYSIZE -+ case AES_192_KEYSIZE: -+ evp = EVP_aes_192_ctr(); -+ break; - #endif -- ) { -- debug_print(mod_aes_icm, "Copying last 16 bytes of key: %s", -- v128_hex_string((v128_t*)(key + AES_128_KEYSIZE))); -- v128_copy_octet_string(((v128_t*)(&c->key.v8)) + 1, key + AES_128_KEYSIZE); -+ case AES_128_KEYSIZE: -+ evp = EVP_aes_128_ctr(); -+ break; -+ default: -+ return err_status_bad_param; -+ break; - } - -- debug_print(mod_aes_icm, "key: %s", v128_hex_string((v128_t*)&c->key)); -- debug_print(mod_aes_icm, "offset: %s", v128_hex_string(&c->offset)); -+ if (!EVP_EncryptInit_ex(&c->ctx, evp, -+ NULL, key, NULL)) { -+ return err_status_fail; -+ } else { -+ return err_status_ok; -+ } - -- EVP_CIPHER_CTX_cleanup(&c->ctx); -- - return err_status_ok; - } - -@@ -286,7 +293,6 @@ err_status_t aes_icm_openssl_context_init (aes_icm_ctx - */ - err_status_t aes_icm_openssl_set_iv (aes_icm_ctx_t *c, void *iv, int dir) - { -- const EVP_CIPHER *evp; - v128_t nonce; - - /* set nonce (for alignment) */ -@@ -298,25 +304,8 @@ err_status_t aes_icm_openssl_set_iv (aes_icm_ctx_t *c, - - debug_print(mod_aes_icm, "set_counter: %s", v128_hex_string(&c->counter)); - -- switch (c->key_size) { -- case AES_256_KEYSIZE: -- evp = EVP_aes_256_ctr(); -- break; --#ifndef SRTP_NO_AES192 -- case AES_192_KEYSIZE: -- evp = EVP_aes_192_ctr(); -- break; --#endif -- case AES_128_KEYSIZE: -- evp = EVP_aes_128_ctr(); -- break; -- default: -- return err_status_bad_param; -- break; -- } -- -- if (!EVP_EncryptInit_ex(&c->ctx, evp, -- NULL, c->key.v8, c->counter.v8)) { -+ if (!EVP_EncryptInit_ex(&c->ctx, NULL, -+ NULL, NULL, c->counter.v8)) { - return err_status_fail; - } else { - return err_status_ok; ---- crypto/include/aes_icm_ossl.h.orig 2017-08-01 11:57:38 UTC -+++ crypto/include/aes_icm_ossl.h -@@ -70,7 +70,6 @@ - typedef struct { - v128_t counter; /* holds the counter value */ - v128_t offset; /* initial offset value */ -- v256_t key; - int key_size; - EVP_CIPHER_CTX ctx; - } aes_icm_ctx_t; diff --git a/net/libsrtp/files/patch-03-1acba56 b/net/libsrtp/files/patch-03-1acba56 deleted file mode 100644 index 342453baa05c..000000000000 --- a/net/libsrtp/files/patch-03-1acba56 +++ /dev/null @@ -1,83 +0,0 @@ -Backport of https://github.com/cisco/libsrtp/commit/1acba569915d8124b627a29dd5e3500332618eac - ---- crypto/cipher/aes_gcm_ossl.c.orig 2018-06-10 18:51:02 UTC -+++ crypto/cipher/aes_gcm_ossl.c -@@ -187,22 +187,28 @@ err_status_t aes_gcm_openssl_dealloc (cipher_t *c) - */ - err_status_t aes_gcm_openssl_context_init (aes_gcm_ctx_t *c, const uint8_t *key) - { -+ const EVP_CIPHER *evp; -+ - c->dir = direction_any; - -- /* copy key to be used later when CiscoSSL crypto context is created */ -- v128_copy_octet_string((v128_t*)&c->key, key); -+ debug_print(mod_aes_gcm, "key: %s", octet_string_hex_string(key, c->key_size)); - -- if (c->key_size == AES_256_KEYSIZE) { -- debug_print(mod_aes_gcm, "Copying last 16 bytes of key: %s", -- v128_hex_string((v128_t*)(key + AES_128_KEYSIZE))); -- v128_copy_octet_string(((v128_t*)(&c->key.v8)) + 1, -- key + AES_128_KEYSIZE); -+ switch (c->key_size) { -+ case AES_256_KEYSIZE: -+ evp = EVP_aes_256_gcm(); -+ break; -+ case AES_128_KEYSIZE: -+ evp = EVP_aes_128_gcm(); -+ break; -+ default: -+ return (err_status_bad_param); -+ break; - } - -- debug_print(mod_aes_gcm, "key: %s", v128_hex_string((v128_t*)&c->key)); -+ if (!EVP_CipherInit_ex(&c->ctx, evp, NULL, key, NULL, 0)) { -+ return (err_status_init_fail); -+ } - -- EVP_CIPHER_CTX_cleanup(&c->ctx); -- - return (err_status_ok); - } - -@@ -214,8 +220,6 @@ err_status_t aes_gcm_openssl_context_init (aes_gcm_ctx - err_status_t aes_gcm_openssl_set_iv (aes_gcm_ctx_t *c, void *iv, - int direction) - { -- const EVP_CIPHER *evp; -- - if (direction != direction_encrypt && direction != direction_decrypt) { - return (err_status_bad_param); - } -@@ -223,19 +227,7 @@ err_status_t aes_gcm_openssl_set_iv (aes_gcm_ctx_t *c, - - debug_print(mod_aes_gcm, "setting iv: %s", v128_hex_string(iv)); - -- switch (c->key_size) { -- case AES_256_KEYSIZE: -- evp = EVP_aes_256_gcm(); -- break; -- case AES_128_KEYSIZE: -- evp = EVP_aes_128_gcm(); -- break; -- default: -- return (err_status_bad_param); -- break; -- } -- -- if (!EVP_CipherInit_ex(&c->ctx, evp, NULL, (const unsigned char*)&c->key.v8, -+ if (!EVP_CipherInit_ex(&c->ctx, NULL, NULL, NULL, - NULL, (c->dir == direction_encrypt ? 1 : 0))) { - return (err_status_init_fail); - } ---- crypto/include/aes_gcm_ossl.h.orig 2017-08-01 11:57:38 UTC -+++ crypto/include/aes_gcm_ossl.h -@@ -52,7 +52,6 @@ - #include <openssl/aes.h> - - typedef struct { -- v256_t key; - int key_size; - int tag_len; - EVP_CIPHER_CTX ctx; diff --git a/net/libsrtp/files/patch-04-0b45423 b/net/libsrtp/files/patch-04-0b45423 deleted file mode 100644 index 5e7975e5fd32..000000000000 --- a/net/libsrtp/files/patch-04-0b45423 +++ /dev/null @@ -1,361 +0,0 @@ -Backport of https://github.com/cisco/libsrtp/commit/0b45423678ddc46d702f3a51614f20bfbd112ddd - ---- crypto/cipher/aes_gcm_ossl.c.orig 2018-06-11 07:46:09 UTC -+++ crypto/cipher/aes_gcm_ossl.c -@@ -117,6 +117,14 @@ err_status_t aes_gcm_openssl_alloc (cipher_t **c, int - } - memset(gcm, 0x0, sizeof(aes_gcm_ctx_t)); - -+ gcm->ctx = EVP_CIPHER_CTX_new(); -+ if (gcm->ctx == NULL) { -+ crypto_free(gcm); -+ crypto_free(*c); -+ *c = NULL; -+ return err_status_alloc_fail; -+ } -+ - /* set pointers */ - (*c)->state = gcm; - -@@ -140,7 +148,6 @@ err_status_t aes_gcm_openssl_alloc (cipher_t **c, int - - /* set key size */ - (*c)->key_len = key_len; -- EVP_CIPHER_CTX_init(&gcm->ctx); - - return (err_status_ok); - } -@@ -155,7 +162,7 @@ err_status_t aes_gcm_openssl_dealloc (cipher_t *c) - - ctx = (aes_gcm_ctx_t*)c->state; - if (ctx) { -- EVP_CIPHER_CTX_cleanup(&ctx->ctx); -+ EVP_CIPHER_CTX_free(ctx->ctx); - /* decrement ref_count for the appropriate engine */ - switch (ctx->key_size) { - case AES_256_KEYSIZE: -@@ -205,7 +212,7 @@ err_status_t aes_gcm_openssl_context_init (aes_gcm_ctx - break; - } - -- if (!EVP_CipherInit_ex(&c->ctx, evp, NULL, key, NULL, 0)) { -+ if (!EVP_CipherInit_ex(c->ctx, evp, NULL, key, NULL, 0)) { - return (err_status_init_fail); - } - -@@ -227,19 +234,19 @@ err_status_t aes_gcm_openssl_set_iv (aes_gcm_ctx_t *c, - - debug_print(mod_aes_gcm, "setting iv: %s", v128_hex_string(iv)); - -- if (!EVP_CipherInit_ex(&c->ctx, NULL, NULL, NULL, -+ if (!EVP_CipherInit_ex(c->ctx, NULL, NULL, NULL, - NULL, (c->dir == direction_encrypt ? 1 : 0))) { - return (err_status_init_fail); - } - - /* set IV len and the IV value, the followiong 3 calls are required */ -- if (!EVP_CIPHER_CTX_ctrl(&c->ctx, EVP_CTRL_GCM_SET_IVLEN, 12, 0)) { -+ if (!EVP_CIPHER_CTX_ctrl(c->ctx, EVP_CTRL_GCM_SET_IVLEN, 12, 0)) { - return (err_status_init_fail); - } -- if (!EVP_CIPHER_CTX_ctrl(&c->ctx, EVP_CTRL_GCM_SET_IV_FIXED, -1, iv)) { -+ if (!EVP_CIPHER_CTX_ctrl(c->ctx, EVP_CTRL_GCM_SET_IV_FIXED, -1, iv)) { - return (err_status_init_fail); - } -- if (!EVP_CIPHER_CTX_ctrl(&c->ctx, EVP_CTRL_GCM_IV_GEN, 0, iv)) { -+ if (!EVP_CIPHER_CTX_ctrl(c->ctx, EVP_CTRL_GCM_IV_GEN, 0, iv)) { - return (err_status_init_fail); - } - -@@ -263,9 +270,9 @@ err_status_t aes_gcm_openssl_set_aad (aes_gcm_ctx_t *c - * Set dummy tag, OpenSSL requires the Tag to be set before - * processing AAD - */ -- EVP_CIPHER_CTX_ctrl(&c->ctx, EVP_CTRL_GCM_SET_TAG, c->tag_len, aad); -+ EVP_CIPHER_CTX_ctrl(c->ctx, EVP_CTRL_GCM_SET_TAG, c->tag_len, aad); - -- rv = EVP_Cipher(&c->ctx, NULL, aad, aad_len); -+ rv = EVP_Cipher(c->ctx, NULL, aad, aad_len); - if (rv != aad_len) { - return (err_status_algo_fail); - } else { -@@ -291,7 +298,7 @@ err_status_t aes_gcm_openssl_encrypt (aes_gcm_ctx_t *c - /* - * Encrypt the data - */ -- EVP_Cipher(&c->ctx, buf, buf, *enc_len); -+ EVP_Cipher(c->ctx, buf, buf, *enc_len); - - return (err_status_ok); - } -@@ -313,12 +320,12 @@ err_status_t aes_gcm_openssl_get_tag (aes_gcm_ctx_t *c - /* - * Calculate the tag - */ -- EVP_Cipher(&c->ctx, NULL, NULL, 0); -+ EVP_Cipher(c->ctx, NULL, NULL, 0); - - /* - * Retreive the tag - */ -- EVP_CIPHER_CTX_ctrl(&c->ctx, EVP_CTRL_GCM_GET_TAG, c->tag_len, buf); -+ EVP_CIPHER_CTX_ctrl(c->ctx, EVP_CTRL_GCM_GET_TAG, c->tag_len, buf); - - /* - * Increase encryption length by desired tag size -@@ -347,14 +354,14 @@ err_status_t aes_gcm_openssl_decrypt (aes_gcm_ctx_t *c - /* - * Set the tag before decrypting - */ -- EVP_CIPHER_CTX_ctrl(&c->ctx, EVP_CTRL_GCM_SET_TAG, c->tag_len, -+ EVP_CIPHER_CTX_ctrl(c->ctx, EVP_CTRL_GCM_SET_TAG, c->tag_len, - buf + (*enc_len - c->tag_len)); -- EVP_Cipher(&c->ctx, buf, buf, *enc_len - c->tag_len); -+ EVP_Cipher(c->ctx, buf, buf, *enc_len - c->tag_len); - - /* - * Check the tag - */ -- if (EVP_Cipher(&c->ctx, NULL, NULL, 0)) { -+ if (EVP_Cipher(c->ctx, NULL, NULL, 0)) { - return (err_status_auth_fail); - } - ---- crypto/cipher/aes_icm_ossl.c.orig 2018-06-11 07:46:00 UTC -+++ crypto/cipher/aes_icm_ossl.c -@@ -144,6 +144,14 @@ err_status_t aes_icm_openssl_alloc (cipher_t **c, int - } - memset(icm, 0x0, sizeof(aes_icm_ctx_t)); - -+ icm->ctx = EVP_CIPHER_CTX_new(); -+ if (icm->ctx == NULL) { -+ crypto_free(icm); -+ crypto_free(*c); -+ *c = NULL; -+ return err_status_alloc_fail; -+ } -+ - /* set pointers */ - (*c)->state = icm; - -@@ -173,7 +181,6 @@ err_status_t aes_icm_openssl_alloc (cipher_t **c, int - - /* set key size */ - (*c)->key_len = key_len; -- EVP_CIPHER_CTX_init(&icm->ctx); - - return err_status_ok; - } -@@ -195,7 +202,7 @@ err_status_t aes_icm_openssl_dealloc (cipher_t *c) - */ - ctx = (aes_icm_ctx_t*)c->state; - if (ctx != NULL) { -- EVP_CIPHER_CTX_cleanup(&ctx->ctx); -+ EVP_CIPHER_CTX_free(ctx->ctx); - /* decrement ref_count for the appropriate engine */ - switch (ctx->key_size) { - case AES_256_KEYSIZE: -@@ -257,8 +264,6 @@ err_status_t aes_icm_openssl_context_init (aes_icm_ctx - debug_print(mod_aes_icm, "key: %s", octet_string_hex_string(key, c->key_size)); - debug_print(mod_aes_icm, "offset: %s", v128_hex_string(&c->offset)); - -- EVP_CIPHER_CTX_init(&c->ctx); -- - switch (c->key_size) { - case AES_256_KEYSIZE: - evp = EVP_aes_256_ctr(); -@@ -276,7 +281,7 @@ err_status_t aes_icm_openssl_context_init (aes_icm_ctx - break; - } - -- if (!EVP_EncryptInit_ex(&c->ctx, evp, -+ if (!EVP_EncryptInit_ex(c->ctx, evp, - NULL, key, NULL)) { - return err_status_fail; - } else { -@@ -304,7 +309,7 @@ err_status_t aes_icm_openssl_set_iv (aes_icm_ctx_t *c, - - debug_print(mod_aes_icm, "set_counter: %s", v128_hex_string(&c->counter)); - -- if (!EVP_EncryptInit_ex(&c->ctx, NULL, -+ if (!EVP_EncryptInit_ex(c->ctx, NULL, - NULL, NULL, c->counter.v8)) { - return err_status_fail; - } else { -@@ -326,12 +331,12 @@ err_status_t aes_icm_openssl_encrypt (aes_icm_ctx_t *c - - debug_print(mod_aes_icm, "rs0: %s", v128_hex_string(&c->counter)); - -- if (!EVP_EncryptUpdate(&c->ctx, buf, &len, buf, *enc_len)) { -+ if (!EVP_EncryptUpdate(c->ctx, buf, &len, buf, *enc_len)) { - return err_status_cipher_fail; - } - *enc_len = len; - -- if (!EVP_EncryptFinal_ex(&c->ctx, buf, &len)) { -+ if (!EVP_EncryptFinal_ex(c->ctx, buf, &len)) { - return err_status_cipher_fail; - } - *enc_len += len; ---- crypto/hash/hmac_ossl.c.orig 2018-06-11 07:45:39 UTC -+++ crypto/hash/hmac_ossl.c -@@ -65,8 +65,6 @@ err_status_t - hmac_alloc (auth_t **a, int key_len, int out_len) - { - extern auth_type_t hmac; -- uint8_t *pointer; -- HMAC_CTX *new_hmac_ctx; - - debug_print(mod_hmac, "allocating auth func with key length %d", key_len); - debug_print(mod_hmac, " tag length %d", out_len); -@@ -76,21 +74,43 @@ hmac_alloc (auth_t **a, int key_len, int out_len) - return err_status_bad_param; - } - -- /* allocate memory for auth and HMAC_CTX structures */ -- pointer = (uint8_t*)crypto_alloc(sizeof(HMAC_CTX) + sizeof(auth_t)); -- if (pointer == NULL) { -+/* OpenSSL 1.1.0 made HMAC_CTX an opaque structure, which must be allocated -+ using HMAC_CTX_new. But this function doesn't exist in OpenSSL 1.0.x. */ -+#if OPENSSL_VERSION_NUMBER < 0x10100000L -+ { -+ /* allocate memory for auth and HMAC_CTX structures */ -+ uint8_t* pointer; -+ HMAC_CTX *new_hmac_ctx; -+ pointer = (uint8_t*)crypto_alloc(sizeof(HMAC_CTX) + sizeof(auth_t)); -+ if (pointer == NULL) { -+ return err_status_alloc_fail; -+ } -+ *a = (auth_t*)pointer; -+ (*a)->state = pointer + sizeof(auth_t); -+ new_hmac_ctx = (HMAC_CTX*)((*a)->state); -+ -+ HMAC_CTX_init(new_hmac_ctx); -+ } -+ -+#else -+ *a = (auth_t*)crypto_alloc(sizeof(auth_t)); -+ if (*a == NULL) { - return err_status_alloc_fail; - } - -+ (*a)->state = HMAC_CTX_new(); -+ if ((*a)->state == NULL) { -+ crypto_free(*a); -+ *a = NULL; -+ return err_status_alloc_fail; -+ } -+#endif -+ - /* set pointers */ -- *a = (auth_t*)pointer; - (*a)->type = &hmac; -- (*a)->state = pointer + sizeof(auth_t); - (*a)->out_len = out_len; - (*a)->key_len = key_len; - (*a)->prefix_len = 0; -- new_hmac_ctx = (HMAC_CTX*)((*a)->state); -- HMAC_CTX_init(new_hmac_ctx); - - /* increment global count of all hmac uses */ - hmac.ref_count++; -@@ -106,11 +126,19 @@ hmac_dealloc (auth_t *a) - - hmac_ctx = (HMAC_CTX*)a->state; - -+#if OPENSSL_VERSION_NUMBER < 0x10100000L - HMAC_CTX_cleanup(hmac_ctx); - - /* zeroize entire state*/ - octet_string_set_to_zero((uint8_t*)a, - sizeof(HMAC_CTX) + sizeof(auth_t)); -+ -+#else -+ HMAC_CTX_free(hmac_ctx); -+ -+ /* zeroize entire state*/ -+ octet_string_set_to_zero((uint8_t*)a, sizeof(auth_t)); -+#endif - - /* free memory */ - crypto_free(a); ---- crypto/include/aes_gcm_ossl.h.orig 2018-06-11 07:46:09 UTC -+++ crypto/include/aes_gcm_ossl.h -@@ -54,7 +54,7 @@ - typedef struct { - int key_size; - int tag_len; -- EVP_CIPHER_CTX ctx; -+ EVP_CIPHER_CTX* ctx; - cipher_direction_t dir; - } aes_gcm_ctx_t; - ---- crypto/include/aes_icm_ossl.h.orig 2018-06-11 07:46:00 UTC -+++ crypto/include/aes_icm_ossl.h -@@ -71,7 +71,7 @@ typedef struct { - v128_t counter; /* holds the counter value */ - v128_t offset; /* initial offset value */ - int key_size; -- EVP_CIPHER_CTX ctx; -+ EVP_CIPHER_CTX* ctx; - } aes_icm_ctx_t; - - err_status_t aes_icm_openssl_set_iv(aes_icm_ctx_t *c, void *iv, int dir); ---- crypto/include/sha1.h.orig 2017-08-01 11:57:38 UTC -+++ crypto/include/sha1.h -@@ -56,8 +56,6 @@ - #include <openssl/evp.h> - #include <stdint.h> - --typedef EVP_MD_CTX sha1_ctx_t; -- - /* - * sha1_init(&ctx) initializes the SHA1 context ctx - * -@@ -72,6 +70,12 @@ typedef EVP_MD_CTX sha1_ctx_t; - * - */ - -+/* OpenSSL 1.1.0 made EVP_MD_CTX an opaque structure, which must be allocated -+ using EVP_MD_CTX_new. But this function doesn't exist in OpenSSL 1.0.x. */ -+#if OPENSSL_VERSION_NUMBER < 0x10100000L -+ -+typedef EVP_MD_CTX sha1_ctx_t; -+ - static inline void sha1_init (sha1_ctx_t *ctx) - { - EVP_MD_CTX_init(ctx); -@@ -88,7 +92,33 @@ static inline void sha1_final (sha1_ctx_t *ctx, uint32 - unsigned int len = 0; - - EVP_DigestFinal(ctx, (unsigned char*)output, &len); -+ EVP_MD_CTX_cleanup(ctx); - } -+ -+#else -+ -+typedef EVP_MD_CTX* sha1_ctx_t; -+ -+static inline void sha1_init (sha1_ctx_t *ctx) -+{ -+ *ctx = EVP_MD_CTX_new(); -+ EVP_DigestInit(*ctx, EVP_sha1()); -+} -+ -+static inline void sha1_update (sha1_ctx_t *ctx, const uint8_t *M, int octets_in_msg) -+{ -+ EVP_DigestUpdate(*ctx, M, octets_in_msg); -+} -+ -+static inline void sha1_final (sha1_ctx_t *ctx, uint32_t *output) -+{ -+ unsigned int len = 0; -+ -+ EVP_DigestFinal(*ctx, (unsigned char*)output, &len); -+ EVP_MD_CTX_free(*ctx); -+} -+#endif -+ - #else - #include "datatypes.h" - diff --git a/net/libsrtp/files/patch-Makefile.in b/net/libsrtp/files/patch-Makefile.in deleted file mode 100644 index f52d1b156d79..000000000000 --- a/net/libsrtp/files/patch-Makefile.in +++ /dev/null @@ -1,44 +0,0 @@ ---- Makefile.in 2015-03-11 14:02:12 UTC -+++ Makefile.in 2015-04-14 17:56:33 -0400 -@@ -44,7 +44,7 @@ - CC = @CC@ - INCDIR = -Icrypto/include -I$(srcdir)/include -I$(srcdir)/crypto/include - DEFS = @DEFS@ --CPPFLAGS= -fPIC @CPPFLAGS@ -+CPPFLAGS= @CPPFLAGS@ - CFLAGS = @CFLAGS@ - LIBS = @LIBS@ - LDFLAGS = -L. @LDFLAGS@ -@@ -84,12 +84,11 @@ - endif - - SHAREDLIBVERSION = 1 --ifeq (linux,$(findstring linux,@host@)) - SHAREDLIB_DIR = $(libdir) - SHAREDLIB_LDFLAGS = -shared -Wl,-soname,$@ - SHAREDLIBSUFFIXNOVER = so - SHAREDLIBSUFFIX = $(SHAREDLIBSUFFIXNOVER).$(SHAREDLIBVERSION) --else ifeq (mingw,$(findstring mingw,@host@)) -+ifeq (mingw,$(findstring mingw,@host@)) - SHAREDLIB_DIR = $(bindir) - SHAREDLIB_LDFLAGS = -shared -Wl,--out-implib,libsrtp.dll.a - SHAREDLIBVERSION = -@@ -108,6 +107,9 @@ - %.o: %.c - $(COMPILE) -c $< -o $@ - -+%.So: %.c -+ $(COMPILE) -DPIC -fPIC -c $< -o $@ -+ - %$(EXE): %.c - $(COMPILE) $(LDFLAGS) $< -o $@ $(SRTPLIB) $(LIBS) - -@@ -143,7 +145,7 @@ - ar cr libsrtp.a $^ - $(RANLIB) libsrtp.a - --libsrtp.$(SHAREDLIBSUFFIX): $(srtpobj) $(cryptobj) $(gdoi) -+libsrtp.$(SHAREDLIBSUFFIX): $(srtpobj:.o=.So) $(cryptobj:.o=.So) $(gdoi:.o=.So) - $(CC) -shared -o $@ $(SHAREDLIB_LDFLAGS) \ - $^ $(LDFLAGS) $(LIBS) - if [ -n "$(SHAREDLIBVERSION)" ]; then \ diff --git a/net/libsrtp/files/patch-libsrtp.pc.in b/net/libsrtp/files/patch-libsrtp.pc.in deleted file mode 100644 index 2b44f02ce08e..000000000000 --- a/net/libsrtp/files/patch-libsrtp.pc.in +++ /dev/null @@ -1,10 +0,0 @@ ---- libsrtp.pc.in.orig 2014-12-30 16:27:06 UTC -+++ libsrtp.pc.in -@@ -7,5 +7,6 @@ Name: @PACKAGE_NAME@ - Version: @PACKAGE_VERSION@ - Description: Library for SRTP (Secure Realtime Transport Protocol) - --Libs: -L${libdir} -lsrtp @LIBS@ -+Libs: -L${libdir} -lsrtp -+Libs.private: -lcrypto - Cflags: -I${includedir} diff --git a/net/libsrtp/pkg-descr b/net/libsrtp/pkg-descr deleted file mode 100644 index 3edb51cd5bde..000000000000 --- a/net/libsrtp/pkg-descr +++ /dev/null @@ -1,5 +0,0 @@ -This package provides an implementation of the Secure Real-time -Transport Protocol (SRTP), the Universal Security Transform (UST), -and a supporting cryptographic kernel. - -WWW: https://github.com/cisco/libsrtp diff --git a/net/libsrtp/pkg-plist b/net/libsrtp/pkg-plist deleted file mode 100644 index e0f3d0050d52..000000000000 --- a/net/libsrtp/pkg-plist +++ /dev/null @@ -1,41 +0,0 @@ -include/srtp/aes.h -include/srtp/aes_cbc.h -include/srtp/aes_gcm_ossl.h -include/srtp/aes_icm.h -include/srtp/aes_icm_ossl.h -include/srtp/alloc.h -include/srtp/auth.h -include/srtp/cipher.h -include/srtp/config.h -include/srtp/crypto.h -include/srtp/crypto_kernel.h -include/srtp/crypto_math.h -include/srtp/crypto_types.h -include/srtp/cryptoalg.h -include/srtp/datatypes.h -include/srtp/ekt.h -include/srtp/err.h -include/srtp/getopt_s.h -include/srtp/gf2_8.h -include/srtp/hmac.h -include/srtp/integers.h -include/srtp/kernel_compat.h -include/srtp/key.h -include/srtp/null_auth.h -include/srtp/null_cipher.h -include/srtp/prng.h -include/srtp/rand_source.h -include/srtp/rdb.h -include/srtp/rdbx.h -include/srtp/rtp.h -include/srtp/rtp_priv.h -include/srtp/sha1.h -include/srtp/srtp.h -include/srtp/srtp_priv.h -include/srtp/stat.h -include/srtp/ut_sim.h -include/srtp/xfm.h -lib/libsrtp.a -lib/libsrtp.so -lib/libsrtp.so.1 -libdata/pkgconfig/libsrtp.pc |