diff options
author | brnrd <brnrd@FreeBSD.org> | 2017-03-27 02:55:21 +0800 |
---|---|---|
committer | brnrd <brnrd@FreeBSD.org> | 2017-03-27 02:55:21 +0800 |
commit | bae0970fa81453700d58d777b16ddc33d1ebea7f (patch) | |
tree | 65d87cff037c2e792781a95b99022d9b5434eda2 /security | |
parent | ce60774a8e25608874fb2bbd7ccbe731bfd7edda (diff) | |
download | freebsd-ports-gnome-bae0970fa81453700d58d777b16ddc33d1ebea7f.tar.gz freebsd-ports-gnome-bae0970fa81453700d58d777b16ddc33d1ebea7f.tar.zst freebsd-ports-gnome-bae0970fa81453700d58d777b16ddc33d1ebea7f.zip |
security/libp11: Fix build with LibreSSL
- Fix-up OPENSSL_VERSION_NUMBER checks
PR: 217006
Approved by: maintainer timeout
Diffstat (limited to 'security')
-rw-r--r-- | security/libp11/files/patch-examples_auth.c | 11 | ||||
-rw-r--r-- | security/libp11/files/patch-examples_decrypt.c | 29 | ||||
-rw-r--r-- | security/libp11/files/patch-src_eng__back.c | 56 | ||||
-rw-r--r-- | security/libp11/files/patch-src_libp11-int.h | 20 | ||||
-rw-r--r-- | security/libp11/files/patch-src_libp11.h | 11 | ||||
-rw-r--r-- | security/libp11/files/patch-src_p11__ec.c | 109 | ||||
-rw-r--r-- | security/libp11/files/patch-src_p11__key.c | 47 | ||||
-rw-r--r-- | security/libp11/files/patch-src_p11__misc.c | 11 | ||||
-rw-r--r-- | security/libp11/files/patch-src_p11__rsa.c | 65 |
9 files changed, 359 insertions, 0 deletions
diff --git a/security/libp11/files/patch-examples_auth.c b/security/libp11/files/patch-examples_auth.c new file mode 100644 index 000000000000..92903995c5e2 --- /dev/null +++ b/security/libp11/files/patch-examples_auth.c @@ -0,0 +1,11 @@ +--- examples/auth.c.orig 2017-01-26 21:19:45 UTC ++++ examples/auth.c +@@ -212,7 +212,7 @@ int main(int argc, char *argv[]) + + /* now verify the result */ + rc = RSA_verify(NID_sha1, random, RANDOM_SIZE, +-#if OPENSSL_VERSION_NUMBER >= 0x10100003L ++#if OPENSSL_VERSION_NUMBER >= 0x10100003L && !defined(LIBRESSL_VERSION_NUMBER) + signature, siglen, EVP_PKEY_get0_RSA(pubkey)); + #else + signature, siglen, pubkey->pkey.rsa); diff --git a/security/libp11/files/patch-examples_decrypt.c b/security/libp11/files/patch-examples_decrypt.c new file mode 100644 index 000000000000..df9601bd7da1 --- /dev/null +++ b/security/libp11/files/patch-examples_decrypt.c @@ -0,0 +1,29 @@ +--- examples/decrypt.c.orig 2017-01-26 21:19:45 UTC ++++ examples/decrypt.c +@@ -131,7 +131,7 @@ int main(int argc, char *argv[]) + } + + /* allocate destination buffer */ +-#if OPENSSL_VERSION_NUMBER >= 0x10100003L ++#if OPENSSL_VERSION_NUMBER >= 0x10100003L && !defined(LIBRESSL_VERSION_NUMBER) + encrypted = OPENSSL_malloc(RSA_size(EVP_PKEY_get0_RSA(pubkey))); + #else + encrypted = OPENSSL_malloc(RSA_size(pubkey->pkey.rsa)); +@@ -143,7 +143,7 @@ int main(int argc, char *argv[]) + + /* use public key for encryption */ + len = RSA_public_encrypt(RANDOM_SIZE, random, encrypted, +-#if OPENSSL_VERSION_NUMBER >= 0x10100003L ++#if OPENSSL_VERSION_NUMBER >= 0x10100003L && !defined(LIBRESSL_VERSION_NUMBER) + EVP_PKEY_get0_RSA(pubkey), + #else + pubkey->pkey.rsa, +@@ -200,7 +200,7 @@ loggedin: + } + + /* allocate space for decrypted data */ +-#if OPENSSL_VERSION_NUMBER >= 0x10100003L ++#if OPENSSL_VERSION_NUMBER >= 0x10100003L && !defined(LIBRESSL_VERSION_NUMBER) + decrypted = OPENSSL_malloc(RSA_size(EVP_PKEY_get0_RSA(pubkey))); + #else + decrypted = OPENSSL_malloc(RSA_size(pubkey->pkey.rsa)); diff --git a/security/libp11/files/patch-src_eng__back.c b/security/libp11/files/patch-src_eng__back.c new file mode 100644 index 000000000000..e8245dc48698 --- /dev/null +++ b/security/libp11/files/patch-src_eng__back.c @@ -0,0 +1,56 @@ +--- src/eng_back.c.orig 2017-01-26 21:19:45 UTC ++++ src/eng_back.c +@@ -49,7 +49,7 @@ struct st_engine_ctx { + char *init_args; + + /* Engine initialization mutex */ +-#if OPENSSL_VERSION_NUMBER >= 0x10100004L ++#if OPENSSL_VERSION_NUMBER >= 0x10100004L && !defined(LIBRESSL_VERSION_NUMBER) + CRYPTO_RWLOCK *rwlock; + #else + int rwlock; +@@ -206,7 +206,7 @@ ENGINE_CTX *ctx_new() + #endif + } + +-#if OPENSSL_VERSION_NUMBER >= 0x10100004L ++#if OPENSSL_VERSION_NUMBER >= 0x10100004L && !defined(LIBRESSL_VERSION_NUMBER) + ctx->rwlock = CRYPTO_THREAD_lock_new(); + #else + ctx->rwlock = CRYPTO_get_dynlock_create_callback() ? +@@ -224,7 +224,7 @@ int ctx_destroy(ENGINE_CTX *ctx) + ctx_destroy_pin(ctx); + OPENSSL_free(ctx->module); + OPENSSL_free(ctx->init_args); +-#if OPENSSL_VERSION_NUMBER >= 0x10100004L ++#if OPENSSL_VERSION_NUMBER >= 0x10100004L && !defined(LIBRESSL_VERSION_NUMBER) + CRYPTO_THREAD_lock_free(ctx->rwlock); + #else + if (ctx->rwlock) +@@ -274,7 +274,7 @@ static void ctx_init_libp11_unlocked(ENG + + static int ctx_init_libp11(ENGINE_CTX *ctx) + { +-#if OPENSSL_VERSION_NUMBER >= 0x10100004L ++#if OPENSSL_VERSION_NUMBER >= 0x10100004L && !defined(LIBRESSL_VERSION_NUMBER) + CRYPTO_THREAD_write_lock(ctx->rwlock); + #else + if (ctx->rwlock) +@@ -282,7 +282,7 @@ static int ctx_init_libp11(ENGINE_CTX *c + #endif + if (ctx->pkcs11_ctx == NULL || ctx->slot_list == NULL) + ctx_init_libp11_unlocked(ctx); +-#if OPENSSL_VERSION_NUMBER >= 0x10100004L ++#if OPENSSL_VERSION_NUMBER >= 0x10100004L && !defined(LIBRESSL_VERSION_NUMBER) + CRYPTO_THREAD_unlock(ctx->rwlock); + #else + if (ctx->rwlock) +@@ -302,7 +302,7 @@ int ctx_init(ENGINE_CTX *ctx) + /* Only attempt initialization when dynamic locks are unavailable. + * This likely also indicates a single-threaded application, + * so temporarily unlocking CRYPTO_LOCK_ENGINE should be safe. */ +-#if OPENSSL_VERSION_NUMBER < 0x10100004L ++#if OPENSSL_VERSION_NUMBER < 0x10100004L && !defined(LIBRESSL_VERSION_NUMBER) + if (CRYPTO_get_dynlock_create_callback() == NULL || + CRYPTO_get_dynlock_lock_callback() == NULL || + CRYPTO_get_dynlock_destroy_callback() == NULL) { diff --git a/security/libp11/files/patch-src_libp11-int.h b/security/libp11/files/patch-src_libp11-int.h new file mode 100644 index 000000000000..4117b42bc7bb --- /dev/null +++ b/security/libp11/files/patch-src_libp11-int.h @@ -0,0 +1,20 @@ +--- src/libp11-int.h.orig 2017-01-26 21:19:45 UTC ++++ src/libp11-int.h +@@ -32,7 +32,7 @@ + extern void *C_LoadModule(const char *name, CK_FUNCTION_LIST_PTR_PTR); + extern CK_RV C_UnloadModule(void *module); + +-#if OPENSSL_VERSION_NUMBER < 0x10100004L ++#if OPENSSL_VERSION_NUMBER < 0x10100004L || defined(LIBRESSL_VERSION_NUMBER) + typedef int PKCS11_RWLOCK; + #else + typedef CRYPTO_RWLOCK *PKCS11_RWLOCK; +@@ -144,7 +144,7 @@ typedef struct pkcs11_cert_private { + #define PKCS11_DUP(s) \ + pkcs11_strdup((char *) s, sizeof(s)) + +-#if OPENSSL_VERSION_NUMBER < 0x10100004L ++#if OPENSSL_VERSION_NUMBER < 0x10100004L || defined(LIBRESSL_VERSION_NUMBER) + /* Emulate the OpenSSL 1.1 locking API for older OpenSSL versions */ + int CRYPTO_THREAD_lock_new(); + void CRYPTO_THREAD_lock_free(int); diff --git a/security/libp11/files/patch-src_libp11.h b/security/libp11/files/patch-src_libp11.h new file mode 100644 index 000000000000..741ef6b15aac --- /dev/null +++ b/security/libp11/files/patch-src_libp11.h @@ -0,0 +1,11 @@ +--- src/libp11.h.orig 2017-01-26 21:19:45 UTC ++++ src/libp11.h +@@ -370,7 +370,7 @@ extern int PKCS11_generate_random(PKCS11 + */ + RSA_METHOD *PKCS11_get_rsa_method(void); + /* Also define unsupported methods to retain backward compatibility */ +-#if OPENSSL_VERSION_NUMBER >= 0x10100002L ++#if OPENSSL_VERSION_NUMBER >= 0x10100002L && !defined(LIBRESSL_VERSION_NUMBER) + EC_KEY_METHOD *PKCS11_get_ec_key_method(void); + void *PKCS11_get_ecdsa_method(void); + void *PKCS11_get_ecdh_method(void); diff --git a/security/libp11/files/patch-src_p11__ec.c b/security/libp11/files/patch-src_p11__ec.c new file mode 100644 index 000000000000..ac985f600307 --- /dev/null +++ b/security/libp11/files/patch-src_p11__ec.c @@ -0,0 +1,109 @@ +--- src/p11_ec.c.orig 2017-01-26 21:19:45 UTC ++++ src/p11_ec.c +@@ -37,7 +37,7 @@ + #include <openssl/ecdh.h> + #endif + +-#if OPENSSL_VERSION_NUMBER >= 0x10100004L ++#if OPENSSL_VERSION_NUMBER >= 0x10100004L && !defined(LIBRESSL_VERSION_NUMBER) + typedef int (*compute_key_fn)(unsigned char **, size_t *, + const EC_POINT *, const EC_KEY *); + #else +@@ -73,7 +73,7 @@ struct ecdsa_method { + + #endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */ + +-#if OPENSSL_VERSION_NUMBER < 0x10002000L ++#if OPENSSL_VERSION_NUMBER < 0x10002000L || defined(LIBRESSL_VERSION_NUMBER) + + /* Define missing functions */ + +@@ -104,7 +104,7 @@ void ECDSA_METHOD_set_sign(ECDSA_METHOD + + /********** Missing ECDH_METHOD functions for OpenSSL < 1.1.0 */ + +-#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) + + /* ecdh_method maintains unchanged layout between 0.9.8 and 1.0.2 */ + +@@ -156,7 +156,7 @@ static void alloc_ec_ex_index() + { + if (ec_ex_index == 0) { + while (ec_ex_index == 0) /* Workaround for OpenSSL RT3710 */ +-#if OPENSSL_VERSION_NUMBER >= 0x10100002L ++#if OPENSSL_VERSION_NUMBER >= 0x10100002L && !defined(LIBRESSL_VERSION_NUMBER) + ec_ex_index = EC_KEY_get_ex_new_index(0, "libp11 ec_key", + NULL, NULL, NULL); + #else +@@ -265,7 +265,7 @@ static EVP_PKEY *pkcs11_get_evp_key_ec(P + EVP_PKEY_set1_EC_KEY(pk, ec); /* Also increments the ec ref count */ + + if (key->isPrivate) { +-#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) + EC_KEY_set_method(ec, PKCS11_get_ec_key_method()); + #else + ECDSA_set_method(ec, PKCS11_get_ecdsa_method()); +@@ -275,7 +275,7 @@ static EVP_PKEY *pkcs11_get_evp_key_ec(P + /* TODO: Retrieve the ECDSA private key object attributes instead, + * unless the key has the "sensitive" attribute set */ + +-#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) + EC_KEY_set_ex_data(ec, ec_ex_index, key); + #else + ECDSA_set_ex_data(ec, ec_ex_index, key); +@@ -345,14 +345,14 @@ static ECDSA_SIG *pkcs11_ecdsa_sign_sig( + (void)kinv; /* Precomputed values are not used for PKCS#11 */ + (void)rp; /* Precomputed values are not used for PKCS#11 */ + +-#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) + key = (PKCS11_KEY *)EC_KEY_get_ex_data(ec, ec_ex_index); + #else + key = (PKCS11_KEY *)ECDSA_get_ex_data(ec, ec_ex_index); + #endif + if (key == NULL) { + sign_sig_fn orig_sign_sig; +-#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) + const EC_KEY_METHOD *meth = EC_KEY_OpenSSL(); + EC_KEY_METHOD_get_sign((EC_KEY_METHOD *)meth, + NULL, NULL, &orig_sign_sig); +@@ -385,7 +385,7 @@ static ECDSA_SIG *pkcs11_ecdsa_sign_sig( + sig = ECDSA_SIG_new(); + if (sig == NULL) + return NULL; +-#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) + ECDSA_SIG_set0(sig, r, s); + #else + BN_free(sig->r); +@@ -515,7 +515,7 @@ static int pkcs11_ecdh_derive(unsigned c + return 0; + } + +-#if OPENSSL_VERSION_NUMBER >= 0x10100004L ++#if OPENSSL_VERSION_NUMBER >= 0x10100004L && !defined(LIBRESSL_VERSION_NUMBER) + + /** + * ECDH key derivation method (replaces ossl_ecdh_compute_key) +@@ -578,7 +578,7 @@ static int pkcs11_ec_ckey(void *out, siz + size_t buflen; + int rv; + +-#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) + key = (PKCS11_KEY *)EC_KEY_get_ex_data(ecdh, ec_ex_index); + #else + key = (PKCS11_KEY *)ECDSA_get_ex_data((EC_KEY *)ecdh, ec_ex_index); +@@ -623,7 +623,7 @@ static int pkcs11_ec_ckey(void *out, siz + /* New way to allocate an ECDSA_METOD object */ + /* OpenSSL 1.1 has single method EC_KEY_METHOD for ECDSA and ECDH */ + +-#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) + + EC_KEY_METHOD *PKCS11_get_ec_key_method(void) + { diff --git a/security/libp11/files/patch-src_p11__key.c b/security/libp11/files/patch-src_p11__key.c new file mode 100644 index 000000000000..c9d65cf061b1 --- /dev/null +++ b/security/libp11/files/patch-src_p11__key.c @@ -0,0 +1,47 @@ +--- src/p11_key.c.orig 2017-01-26 21:19:45 UTC ++++ src/p11_key.c +@@ -138,7 +138,7 @@ int pkcs11_generate_key(PKCS11_TOKEN *to + EVP_PKEY *pk; + RSA *rsa; + BIO *err; +-#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) + BIGNUM *exp = NULL; + BN_GENCB *gencb = NULL; + #endif +@@ -151,7 +151,7 @@ int pkcs11_generate_key(PKCS11_TOKEN *to + + err = BIO_new_fp(stderr, BIO_NOCLOSE); + +-#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) + exp = BN_new(); + rsa = RSA_new(); + gencb = BN_GENCB_new(); +@@ -247,7 +247,7 @@ static int pkcs11_store_key(PKCS11_TOKEN + pkcs11_addattr_bool(attrs + n++, CKA_VERIFY, TRUE); + pkcs11_addattr_bool(attrs + n++, CKA_WRAP, TRUE); + } +-#if OPENSSL_VERSION_NUMBER >= 0x10100003L ++#if OPENSSL_VERSION_NUMBER >= 0x10100003L && !defined(LIBRESSL_VERSION_NUMBER) + if (EVP_PKEY_base_id(pk) == EVP_PKEY_RSA) { + RSA *rsa = EVP_PKEY_get1_RSA(pk); + #else +@@ -255,7 +255,7 @@ static int pkcs11_store_key(PKCS11_TOKEN + RSA *rsa = pk->pkey.rsa; + #endif + pkcs11_addattr_int(attrs + n++, CKA_KEY_TYPE, CKK_RSA); +-#if OPENSSL_VERSION_NUMBER >= 0x10100005L ++#if OPENSSL_VERSION_NUMBER >= 0x10100005L && !defined(LIBRESSL_VERSION_NUMBER) + RSA_get0_key(rsa, &rsa_n, &rsa_e, &rsa_d); + RSA_get0_factors(rsa, &rsa_p, &rsa_q); + #else +@@ -325,7 +325,7 @@ EVP_PKEY *pkcs11_get_key(PKCS11_KEY *key + fprintf(stderr, "Missing CKA_ALWAYS_AUTHENTICATE attribute\n"); + } + } +-#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER) + EVP_PKEY_up_ref(key->evp_key); + #else + CRYPTO_add(&key->evp_key->references, 1, CRYPTO_LOCK_EVP_PKEY); diff --git a/security/libp11/files/patch-src_p11__misc.c b/security/libp11/files/patch-src_p11__misc.c new file mode 100644 index 000000000000..92bd9e32101d --- /dev/null +++ b/security/libp11/files/patch-src_p11__misc.c @@ -0,0 +1,11 @@ +--- src/p11_misc.c.orig 2017-02-11 19:26:33 UTC ++++ src/p11_misc.c +@@ -43,7 +43,7 @@ char *pkcs11_strdup(char *mem, size_t si + * CRYPTO dynlock wrappers: 0 is an invalid dynamic lock ID + */ + +-#if OPENSSL_VERSION_NUMBER < 0x10100004L ++#if OPENSSL_VERSION_NUMBER < 0x10100004L || defined(LIBRESSL_VERSION_NUMBER) + + int CRYPTO_THREAD_lock_new() + { diff --git a/security/libp11/files/patch-src_p11__rsa.c b/security/libp11/files/patch-src_p11__rsa.c new file mode 100644 index 000000000000..d3e4867c4918 --- /dev/null +++ b/security/libp11/files/patch-src_p11__rsa.c @@ -0,0 +1,65 @@ +--- src/p11_rsa.c.orig 2017-01-26 21:19:45 UTC ++++ src/p11_rsa.c +@@ -29,7 +29,7 @@ + + static int rsa_ex_index = 0; + +-#if OPENSSL_VERSION_NUMBER < 0x10100003L ++#if OPENSSL_VERSION_NUMBER < 0x10100003L || defined(LIBRESSL_VERSION_NUMBER) + #define EVP_PKEY_get0_RSA(key) ((key)->pkey.rsa) + #endif + +@@ -226,7 +226,7 @@ failure: + return NULL; + + success: +-#if OPENSSL_VERSION_NUMBER >= 0x10100005L ++#if OPENSSL_VERSION_NUMBER >= 0x10100005L && !defined(LIBRESSL_VERSION_NUMBER) + RSA_set0_key(rsa, rsa_n, rsa_e, NULL); + #else + rsa->n=rsa_n; +@@ -275,7 +275,7 @@ int pkcs11_get_key_modulus(PKCS11_KEY *k + + if (rsa == NULL) + return 0; +-#if OPENSSL_VERSION_NUMBER >= 0x10100005L ++#if OPENSSL_VERSION_NUMBER >= 0x10100005L && !defined(LIBRESSL_VERSION_NUMBER) + RSA_get0_key(rsa, &rsa_n, NULL, NULL); + #else + rsa_n=rsa->n; +@@ -292,7 +292,7 @@ int pkcs11_get_key_exponent(PKCS11_KEY * + + if (rsa == NULL) + return 0; +-#if OPENSSL_VERSION_NUMBER >= 0x10100005L ++#if OPENSSL_VERSION_NUMBER >= 0x10100005L && !defined(LIBRESSL_VERSION_NUMBER) + RSA_get0_key(rsa, NULL, &rsa_e, NULL); + #else + rsa_e=rsa->e; +@@ -310,7 +310,7 @@ int pkcs11_get_key_size(PKCS11_KEY *key) + return RSA_size(rsa); + } + +-#if OPENSSL_VERSION_NUMBER < 0x10100005L ++#if OPENSSL_VERSION_NUMBER < 0x10100005L || defined(LIBRESSL_VERSION_NUMBER) + + int (*RSA_meth_get_priv_enc(const RSA_METHOD *meth)) + (int flen, const unsigned char *from, +@@ -374,7 +374,7 @@ static void alloc_rsa_ex_index() + static void free_rsa_ex_index() + { + /* CRYPTO_free_ex_index requires OpenSSL version >= 1.1.0-pre1 */ +-#if OPENSSL_VERSION_NUMBER >= 0x10100001L ++#if OPENSSL_VERSION_NUMBER >= 0x10100001L && !defined(LIBRESSL_VERSION_NUMBER) + if (rsa_ex_index > 0) { + CRYPTO_free_ex_index(CRYPTO_EX_INDEX_RSA, rsa_ex_index); + rsa_ex_index = 0; +@@ -382,7 +382,7 @@ static void free_rsa_ex_index() + #endif + } + +-#if OPENSSL_VERSION_NUMBER < 0x10100005L ++#if OPENSSL_VERSION_NUMBER < 0x10100005L || defined(LIBRESSL_VERSION_NUMBER) + + static RSA_METHOD *RSA_meth_dup(const RSA_METHOD *meth) + { |