aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--security/openssl-beta/Makefile3
-rw-r--r--security/openssl-beta/files/patch-ab2
-rw-r--r--security/openssl-beta/pkg-plist30
-rw-r--r--security/openssl/Makefile11
-rw-r--r--security/openssl/files/patch-ab2
-rw-r--r--security/openssl/files/patch-rnd_keys33
-rw-r--r--security/openssl/files/rnd_keys.c444
-rw-r--r--security/openssl/pkg-plist30
8 files changed, 521 insertions, 34 deletions
diff --git a/security/openssl-beta/Makefile b/security/openssl-beta/Makefile
index 8a10ffd6fa71..d99c09ecec89 100644
--- a/security/openssl-beta/Makefile
+++ b/security/openssl-beta/Makefile
@@ -43,13 +43,14 @@ SHLIBVER= 2
OPENSSLDIR= /etc/ssl
MANPREFIX= ${PREFIX}/openssl
PLIST_SUB+= MANDIR=""
+PLIST_SUB+= NOBASE="@comment "
.else
OPENSSLDIR= ${PREFIX}/openssl
MANPREFIX= ${PREFIX}
PLIST_SUB+= MANDIR="@comment "
+PLIST_SUB+= NOBASE=""
.endif
-MANPREFIX= ${PREFIX}
MAKE_ENV+= MANPREFIX=${MANPREFIX}
NO_LATEST_LINK= yes
diff --git a/security/openssl-beta/files/patch-ab b/security/openssl-beta/files/patch-ab
index 826485fc8a82..c5bd5f73382a 100644
--- a/security/openssl-beta/files/patch-ab
+++ b/security/openssl-beta/files/patch-ab
@@ -5,7 +5,7 @@
MAKE= make -f Makefile.ssl
-MANDIR=$(OPENSSLDIR)/man
-+MANDIR?=$(MANPREFIX)/man
++MANDIR=$(MANPREFIX)/man
MAN1=1
MAN3=3
SHELL=/bin/sh
diff --git a/security/openssl-beta/pkg-plist b/security/openssl-beta/pkg-plist
index 68dc29bc826a..4b0155c500ce 100644
--- a/security/openssl-beta/pkg-plist
+++ b/security/openssl-beta/pkg-plist
@@ -71,24 +71,24 @@ lib/libcrypto.a
lib/libssl.a
%%SHARED%%lib/libssl.so
%%SHARED%%lib/libssl.so.%%SHLIBVER%%
-openssl/misc/CA.pl
-openssl/misc/CA.sh
-openssl/misc/c_hash
-openssl/misc/c_info
-openssl/misc/c_issuer
-openssl/misc/c_name
-openssl/misc/der_chop
-openssl/openssl.cnf.sample
+%%NOBASE%%openssl/misc/CA.pl
+%%NOBASE%%openssl/misc/CA.sh
+%%NOBASE%%openssl/misc/c_hash
+%%NOBASE%%openssl/misc/c_info
+%%NOBASE%%openssl/misc/c_issuer
+%%NOBASE%%openssl/misc/c_name
+%%NOBASE%%openssl/misc/der_chop
+%%NOBASE%%openssl/openssl.cnf.sample
%%PORTDOCS%%share/doc/openssl/openssl.txt
@dirrm include/openssl
-@dirrm openssl/certs
-@dirrm openssl/lib
+%%NOBASE%%@dirrm openssl/certs
+%%NOBASE%%@dirrm openssl/lib
%%MANDIR%%@dirrm openssl/man/man1
%%MANDIR%%@dirrm openssl/man/man3
%%MANDIR%%@dirrm openssl/man/man5
-%%MANDIR%%@dirrm openssl/man/man7
-%%MANDIR%%@dirrm openssl/man
-@dirrm openssl/misc
-@dirrm openssl/private
-@dirrm openssl
+%%MANDIR%%@dirrm openssl/man/man7
+%%MANDIR%%@dirrm openssl/man
+%%NOBASE%%@dirrm openssl/misc
+%%NOBASE%%@dirrm openssl/private
+%%NOBASE%%@dirrm openssl
%%PORTDOCS%%@dirrm share/doc/openssl
diff --git a/security/openssl/Makefile b/security/openssl/Makefile
index 2738786de6c7..21e465f60bff 100644
--- a/security/openssl/Makefile
+++ b/security/openssl/Makefile
@@ -7,6 +7,7 @@
PORTNAME= openssl
PORTVERSION= 0.9.6g
+PORTREVISION= 1
CATEGORIES= security devel
MASTER_SITES= http://www.openssl.org/source/ \
ftp://ftp.openssl.org/source/ \
@@ -46,13 +47,14 @@ SHLIBVER= 2
OPENSSLDIR= /etc/ssl
MANPREFIX= ${PREFIX}/openssl
PLIST_SUB+= MANDIR=""
+PLIST_SUB+= NOBASE="@comment "
.else
OPENSSLDIR= ${PREFIX}/openssl
MANPREFIX= ${PREFIX}
PLIST_SUB+= MANDIR="@comment "
+PLIST_SUB+= NOBASE=""
.endif
-MANPREFIX= ${PREFIX}
MAKE_ENV+= MANPREFIX=${MANPREFIX}
MAN1= CA.pl.1 asn1parse.1 ca.1 ciphers.1 crl.1 crl2pkcs7.1 dgst.1 \
@@ -135,6 +137,13 @@ EXTRACONFIGURE= 386
.endif
do-configure:
+.if exists(/usr/src/crypto/openssl/crypto/des/rnd_keys.c)
+ ${CP} /usr/src/crypto/openssl/crypto/des/rnd_keys.c \
+ ${WRKSRC}/crypto/des/rnd_keys.c
+.else
+ ${CP} ${FILESDIR}/rnd_keys.c \
+ ${WRKSRC}/crypto/des/rnd_keys.c
+.endif
@cd ${WRKSRC} \
&& ${SETENV} CC="${CC}" CFLAGS="${CFLAGS}" PERL="${PERL}" \
./config --prefix=${PREFIX} --openssldir=${OPENSSLDIR} \
diff --git a/security/openssl/files/patch-ab b/security/openssl/files/patch-ab
index 826485fc8a82..c5bd5f73382a 100644
--- a/security/openssl/files/patch-ab
+++ b/security/openssl/files/patch-ab
@@ -5,7 +5,7 @@
MAKE= make -f Makefile.ssl
-MANDIR=$(OPENSSLDIR)/man
-+MANDIR?=$(MANPREFIX)/man
++MANDIR=$(MANPREFIX)/man
MAN1=1
MAN3=3
SHELL=/bin/sh
diff --git a/security/openssl/files/patch-rnd_keys b/security/openssl/files/patch-rnd_keys
new file mode 100644
index 000000000000..20d38b47ce7b
--- /dev/null
+++ b/security/openssl/files/patch-rnd_keys
@@ -0,0 +1,33 @@
+--- crypto/des/Makefile.ssl.bak Thu Oct 17 10:21:30 2002
++++ crypto/des/Makefile.ssl Thu Oct 17 10:31:20 2002
+@@ -32,14 +32,14 @@
+ fcrypt.c ofb64enc.c ofb_enc.c pcbc_enc.c \
+ qud_cksm.c rand_key.c read_pwd.c rpc_enc.c set_key.c \
+ des_enc.c fcrypt_b.c read2pwd.c \
+- xcbc_enc.c \
++ xcbc_enc.c rnd_keys.c \
+ str2key.c cfb64ede.c ofb64ede.c ede_cbcm_enc.c
+
+ LIBOBJ= set_key.o ecb_enc.o cbc_enc.o \
+ ecb3_enc.o cfb64enc.o cfb64ede.o cfb_enc.o ofb64ede.o \
+ enc_read.o enc_writ.o ofb64enc.o \
+ ofb_enc.o str2key.o pcbc_enc.o qud_cksm.o rand_key.o \
+- ${DES_ENC} read2pwd.o \
++ ${DES_ENC} read2pwd.o rnd_keys.o \
+ fcrypt.o xcbc_enc.o read_pwd.o rpc_enc.o cbc_cksm.o \
+ ede_cbcm_enc.o
+
+--- crypto/des/des.h.bak Thu Oct 17 10:25:47 2002
++++ crypto/des/des.h Thu Oct 17 10:30:00 2002
+@@ -200,6 +200,11 @@
+ DES_LONG des_quad_cksum(const unsigned char *input,des_cblock output[],
+ long length,int out_count,des_cblock *seed);
+ void des_random_seed(des_cblock *key);
++
++int des_new_random_key(des_cblock *key);
++void des_init_random_number_generator(des_cblock *seed);
++void des_rand_data(unsigned char *data, int size);
++
+ int des_random_key(des_cblock *ret);
+ int des_read_password(des_cblock *key,const char *prompt,int verify);
+ int des_read_2passwords(des_cblock *key1,des_cblock *key2,
diff --git a/security/openssl/files/rnd_keys.c b/security/openssl/files/rnd_keys.c
new file mode 100644
index 000000000000..454ceb43ae7d
--- /dev/null
+++ b/security/openssl/files/rnd_keys.c
@@ -0,0 +1,444 @@
+/*
+ * Copyright (c) 1995, 1996, 1997, 1999 Kungliga Tekniska Högskolan
+ * (Royal Institute of Technology, Stockholm, Sweden).
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * This product includes software developed by the Kungliga Tekniska
+ * Högskolan and its contributors.
+ *
+ * 4. Neither the name of the Institute nor the names of its contributors
+ * may be used to endorse or promote products derived from this software
+ * without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * $Id$
+ * $FreeBSD: /tmp/pcvs/ports/security/openssl/files/Attic/rnd_keys.c,v 1.1 2002-10-25 20:41:47 dinoex Exp $
+ */
+
+#include <openssl/des.h>
+#include <sys/types.h>
+#include <sys/wait.h>
+#include <sys/time.h>
+#include <sys/resource.h>
+#include <fcntl.h>
+#include <signal.h>
+#include <string.h>
+#include <time.h>
+#include <unistd.h>
+
+#ifndef RETSIGTYPE
+#define RETSIGTYPE void
+#define SIGRETURN(x) return
+#else
+#define SIGRETURN(x) return (RETSIGTYPE)(x)
+#endif
+
+/*
+ * Generate "random" data by checksumming a file.
+ *
+ * Returns -1 if there were any problems with permissions or I/O
+ * errors.
+ */
+static
+int
+sumFile (const char *name, int len, void *res)
+{
+ u_int32_t sum[2];
+ u_int32_t buf[1024*2];
+ int fd, i;
+
+ fd = open (name, 0);
+ if (fd < 0)
+ return -1;
+
+ while (len > 0)
+ {
+ int n = read(fd, buf, sizeof(buf));
+ if (n < 0)
+ {
+ close(fd);
+ return n;
+ }
+ for (i = 0; i < (n/sizeof(buf[0])); i++)
+ {
+ sum[0] += buf[i];
+ i++;
+ sum[1] += buf[i];
+ }
+ len -= n;
+ }
+ close (fd);
+ memcpy (res, &sum, sizeof(sum));
+ return 0;
+}
+
+/*
+ * Create a sequence of random 64 bit blocks.
+ * The sequence is indexed with a long long and
+ * based on an initial des key used as a seed.
+ */
+static des_key_schedule sequence_seed;
+static u_int32_t sequence_index[2];
+
+/*
+ * Random number generator based on ideas from truerand in cryptolib
+ * as described on page 424 in Applied Cryptography 2 ed. by Bruce
+ * Schneier.
+ */
+
+static volatile int counter;
+static volatile unsigned char *gdata; /* Global data */
+static volatile int igdata; /* Index into global data */
+static int gsize;
+
+#if !defined(WIN32) && !defined(__EMX__) && !defined(__OS2__) && !defined(__CYGWIN32__)
+/* Visual C++ 4.0 (Windows95/NT) */
+
+static
+RETSIGTYPE
+sigALRM(int sig)
+{
+ if (igdata < gsize)
+ gdata[igdata++] ^= counter & 0xff;
+
+#ifndef HAVE_SIGACTION
+ signal(SIGALRM, sigALRM); /* Reinstall SysV signal handler */
+#endif
+ SIGRETURN(0);
+}
+
+#endif
+
+#if !defined(HAVE_RANDOM) && defined(HAVE_RAND)
+#ifndef srandom
+#define srandom srand
+#endif
+#ifndef random
+#define random rand
+#endif
+#endif
+
+static void
+des_not_rand_data(unsigned char *data, int size)
+{
+ int i;
+
+ srandom (time (NULL));
+
+ for(i = 0; i < size; ++i)
+ data[i] ^= random() % 0x100;
+}
+
+#if !defined(WIN32) && !defined(__EMX__) && !defined(__OS2__) && !defined(__CYGWIN32__)
+
+#ifndef HAVE_SETITIMER
+static void
+pacemaker(struct timeval *tv)
+{
+ fd_set fds;
+ pid_t pid;
+ pid = getppid();
+ while(1){
+ FD_ZERO(&fds);
+ FD_SET(0, &fds);
+ select(1, &fds, NULL, NULL, tv);
+ kill(pid, SIGALRM);
+ }
+}
+#endif
+
+#ifdef HAVE_SIGACTION
+/* XXX ugly hack, should perhaps use function from roken */
+static RETSIGTYPE
+(*fake_signal(int sig, RETSIGTYPE (*f)(int)))(int)
+{
+ struct sigaction sa, osa;
+ sa.sa_handler = f;
+ sa.sa_flags = 0;
+ sigemptyset(&sa.sa_mask);
+ sigaction(sig, &sa, &osa);
+ return osa.sa_handler;
+}
+#define signal(S, F) fake_signal((S), (F))
+#endif
+
+/*
+ * Generate size bytes of "random" data using timed interrupts.
+ * It takes about 40ms/byte random data.
+ * It's not neccessary to be root to run it.
+ */
+void
+des_rand_data(unsigned char *data, int size)
+{
+ struct itimerval tv;
+#ifdef HAVE_SETITIMER
+ struct itimerval otv;
+#endif
+ RETSIGTYPE (*osa)(int);
+ int i, j;
+#ifndef HAVE_SETITIMER
+ RETSIGTYPE (*ochld)(int);
+ pid_t pid;
+#endif
+ char *rnd_devices[] = {"/dev/random",
+ "/dev/srandom",
+ "/dev/urandom",
+ NULL};
+ char **p;
+
+ for(p = rnd_devices; *p; p++) {
+ int fd = open(*p, O_RDONLY | O_NDELAY);
+
+ if(fd >= 0 && read(fd, data, size) == size) {
+ close(fd);
+ return;
+ }
+ close(fd);
+ }
+
+ /* Paranoia? Initialize data from /dev/mem if we can read it. */
+ if (size >= 8)
+ sumFile("/dev/mem", (1024*1024*2), data);
+
+ gdata = data;
+ gsize = size;
+ igdata = 0;
+
+ osa = signal(SIGALRM, sigALRM);
+
+ /* Start timer */
+ tv.it_value.tv_sec = 0;
+ tv.it_value.tv_usec = 10 * 1000; /* 10 ms */
+ tv.it_interval = tv.it_value;
+#ifdef HAVE_SETITIMER
+ setitimer(ITIMER_REAL, &tv, &otv);
+#else
+ ochld = signal(SIGCHLD, SIG_IGN);
+ pid = fork();
+ if(pid == -1){
+ signal(SIGCHLD, ochld != SIG_ERR ? ochld : SIG_DFL);
+ des_not_rand_data(data, size);
+ return;
+ }
+ if(pid == 0)
+ pacemaker(&tv.it_interval);
+#endif
+
+ for(i = 0; i < 4; i++) {
+ for (igdata = 0; igdata < size;) /* igdata++ in sigALRM */
+ counter++;
+ for (j = 0; j < size; j++) /* Only use 2 bits each lap */
+ gdata[j] = (gdata[j]>>2) | (gdata[j]<<6);
+ }
+#ifdef HAVE_SETITIMER
+ setitimer(ITIMER_REAL, &otv, 0);
+#else
+ kill(pid, SIGKILL);
+ while(waitpid(pid, NULL, 0) != pid);
+ signal(SIGCHLD, ochld != SIG_ERR ? ochld : SIG_DFL);
+#endif
+ signal(SIGALRM, osa != SIG_ERR ? osa : SIG_DFL);
+}
+#else
+void
+des_rand_data(unsigned char *p, int s)
+{
+ des_not_rand_data (p, s);
+}
+#endif
+
+void
+des_generate_random_block(des_cblock *block)
+{
+ des_rand_data((unsigned char *)block, sizeof(*block));
+}
+
+/*
+ * Generate a "random" DES key.
+ */
+void
+des_rand_data_key(des_cblock *key)
+{
+ unsigned char data[8];
+ des_key_schedule sched;
+ do {
+ des_rand_data(data, sizeof(data));
+ des_rand_data((unsigned char*)key, sizeof(des_cblock));
+ des_set_odd_parity(key);
+ des_key_sched(key, sched);
+ des_ecb_encrypt(&data, key, sched, DES_ENCRYPT);
+ memset(&data, 0, sizeof(data));
+ memset(&sched, 0, sizeof(sched));
+ des_set_odd_parity(key);
+ } while(des_is_weak_key(key));
+}
+
+/*
+ * Generate "random" data by checksumming /dev/mem
+ *
+ * It's neccessary to be root to run it. Returns -1 if there were any
+ * problems with permissions.
+ */
+int
+des_mem_rand8(unsigned char *data)
+{
+ return 1;
+}
+
+/*
+ * In case the generator does not get initialized use this as fallback.
+ */
+static int initialized;
+
+static void
+do_initialize(void)
+{
+ des_cblock default_seed;
+ do {
+ des_generate_random_block(&default_seed);
+ des_set_odd_parity(&default_seed);
+ } while (des_is_weak_key(&default_seed));
+ des_init_random_number_generator(&default_seed);
+}
+
+#define zero_long_long(ll) do { ll[0] = ll[1] = 0; } while (0)
+
+#define incr_long_long(ll) do { if (++ll[0] == 0) ++ll[1]; } while (0)
+
+#define set_sequence_number(ll) \
+memcpy((char *)sequence_index, (ll), sizeof(sequence_index));
+
+/*
+ * Set the sequnce number to this value (a long long).
+ */
+void
+des_set_sequence_number(unsigned char *ll)
+{
+ set_sequence_number(ll);
+}
+
+/*
+ * Set the generator seed and reset the sequence number to 0.
+ */
+void
+des_set_random_generator_seed(des_cblock *seed)
+{
+ des_key_sched(seed, sequence_seed);
+ zero_long_long(sequence_index);
+ initialized = 1;
+}
+
+/*
+ * Generate a sequence of random des keys
+ * using the random block sequence, fixup
+ * parity and skip weak keys.
+ */
+int
+des_new_random_key(des_cblock *key)
+{
+ if (!initialized)
+ do_initialize();
+
+ do {
+ des_ecb_encrypt((des_cblock *) sequence_index,
+ key,
+ sequence_seed,
+ DES_ENCRYPT);
+ incr_long_long(sequence_index);
+ /* random key must have odd parity and not be weak */
+ des_set_odd_parity(key);
+ } while (des_is_weak_key(key));
+ return(0);
+}
+
+/*
+ * des_init_random_number_generator:
+ *
+ * Initialize the sequence of random 64 bit blocks. The input seed
+ * can be a secret key since it should be well hidden and is also not
+ * kept.
+ *
+ */
+void
+des_init_random_number_generator(des_cblock *seed)
+{
+ struct timeval now;
+ des_cblock uniq;
+ des_cblock new_key;
+
+ gettimeofday(&now, (struct timezone *)0);
+ des_generate_random_block(&uniq);
+
+ /* Pick a unique random key from the shared sequence. */
+ des_set_random_generator_seed(seed);
+ set_sequence_number((unsigned char *)&uniq);
+ des_new_random_key(&new_key);
+
+ /* Select a new nonshared sequence, */
+ des_set_random_generator_seed(&new_key);
+
+ /* and use the current time to pick a key for the new sequence. */
+ set_sequence_number((unsigned char *)&now);
+ des_new_random_key(&new_key);
+ des_set_random_generator_seed(&new_key);
+}
+
+#ifdef TESTRUN
+int
+main()
+{
+ unsigned char data[8];
+ int i;
+
+ while (1)
+ {
+ if (sumFile("/dev/mem", (1024*1024*8), data) != 0)
+ { perror("sumFile"); exit(1); }
+ for (i = 0; i < 8; i++)
+ printf("%02x", data[i]);
+ printf("\n");
+ }
+}
+#endif
+
+#ifdef TESTRUN2
+int
+main()
+{
+ des_cblock data;
+ int i;
+
+ while (1)
+ {
+ do_initialize();
+ des_random_key(data);
+ for (i = 0; i < 8; i++)
+ printf("%02x", data[i]);
+ printf("\n");
+ }
+}
+#endif
diff --git a/security/openssl/pkg-plist b/security/openssl/pkg-plist
index 385a25866930..286b1e53c129 100644
--- a/security/openssl/pkg-plist
+++ b/security/openssl/pkg-plist
@@ -62,24 +62,24 @@ lib/libcrypto.a
lib/libssl.a
%%SHARED%%lib/libssl.so
%%SHARED%%lib/libssl.so.%%SHLIBVER%%
-openssl/misc/CA.pl
-openssl/misc/CA.sh
-openssl/misc/c_hash
-openssl/misc/c_info
-openssl/misc/c_issuer
-openssl/misc/c_name
-openssl/misc/der_chop
-openssl/openssl.cnf.sample
+%%NOBASE%%openssl/misc/CA.pl
+%%NOBASE%%openssl/misc/CA.sh
+%%NOBASE%%openssl/misc/c_hash
+%%NOBASE%%openssl/misc/c_info
+%%NOBASE%%openssl/misc/c_issuer
+%%NOBASE%%openssl/misc/c_name
+%%NOBASE%%openssl/misc/der_chop
+%%NOBASE%%openssl/openssl.cnf.sample
%%PORTDOCS%%share/doc/openssl/openssl.txt
@dirrm include/openssl
-@dirrm openssl/certs
-@dirrm openssl/lib
+%%NOBASE%%@dirrm openssl/certs
+%%NOBASE%%@dirrm openssl/lib
%%MANDIR%%@dirrm openssl/man/man1
%%MANDIR%%@dirrm openssl/man/man3
%%MANDIR%%@dirrm openssl/man/man5
-%%MANDIR%%@dirrm openssl/man/man7
-%%MANDIR%%@dirrm openssl/man
-@dirrm openssl/misc
-@dirrm openssl/private
-@dirrm openssl
+%%MANDIR%%@dirrm openssl/man/man7
+%%MANDIR%%@dirrm openssl/man
+%%NOBASE%%@dirrm openssl/misc
+%%NOBASE%%@dirrm openssl/private
+%%NOBASE%%@dirrm openssl
%%PORTDOCS%%@dirrm share/doc/openssl