Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 22 Jan 2000 18:46:28 -0800 (PST)
From:      Kris Kennaway <kris@hub.freebsd.org>
To:        ports@freebsd.org
Subject:   USA_OPENSSL
Message-ID:  <Pine.BSF.4.21.0001221840430.86781-100000@hub.freebsd.org>

next in thread | raw e-mail | index | archive | help
Attached is a prototype patch for bsd.port.mk to teach it about the
various possible versions of openssl. Note that it doesn't quite work: I
can't figure out why CFLAGS and OPENSSL_RSAREF aren't being set early
enough that they're visible to makefiles (e.g. the updated pipsecd port,
patch appended). I haven't tested this thoroughly on all of the
combinations of variables, so I might have screwed up :-)

This is kind of messy because of all the possibilities which exist, so if
anyone can think of improvements I'm all ears :-)

Kris

Index: ../../Mk/bsd.port.mk
===================================================================
RCS file: /home/ncvs/ports/Mk/bsd.port.mk,v
retrieving revision 1.326
diff -u -r1.326 bsd.port.mk
--- ../../Mk/bsd.port.mk	2000/01/21 11:08:06	1.326
+++ ../../Mk/bsd.port.mk	2000/01/23 02:32:07
@@ -653,6 +653,38 @@
 MAKE_ENV+=		CC=${CC} CXX=${CXX}
 .endif
 
+.if defined(USE_OPENSSL)
+.if ${OSVERSION} >= 400014 && exists(/usr/lib/libcrypto.so)
+.if ${USE_OPENSSL} == RSA
+_HASRSA= "`/usr/bin/nm /usr/lib/libcrypto.a | ${GREP} RSA_free`"
+.if empty(_HASRSA)
+.BEGIN:
+	@${ECHO} ">>> This port requires RSA crypto, which is not present in your"
+	@${ECHO} ">>> version of OpenSSL. Please see Chapter XX in the FAQ for"
+	@${ECHO} ">>> a description of the problem and alternative solutions."
+	@${FALSE}
+.elif defined(USA_RESIDENT) && ${USA_RESIDENT} == YES
+LIB_DEPENDS+=	rsaref.2:${PORTSDIR}/security/rsaref
+# We set this so ports can decide whether or not to link against librsaref
+# and libRSAglue
+OPENSSL_RSAREF=	YES
+.endif
+.endif
+OPENSSLBASE=	/usr
+OPENSSLDIR=		/etc/ssl
+# OpenSSL in the base system doesn't include IDEA for patent reasons.
+CFLAGS+=		-DNO_IDEA
+.else
+LIB_DEPENDS+=	crypto.1:${PORTSDIR}/security/openssl
+OPENSSLBASE=	${LOCALBASE}
+OPENSSLDIR=		${LOCALBASE}/openssl
+.endif
+OPENSSLLIB=		${OPENSSLBASE}/lib
+OPENSSLINC=		${OPENSSLBASE}/include
+MAKE_ENV+=		OPENSSLLIB=${OPENSSLLIB} OPENSSLINC=${OPENSSLINC} \
+				OPENSSLBASE=${OPENSSLBASE} OPENSSLDIR=${OPENSSLDIR}
+.endif
+
 .if defined(REQUIRES_MOTIF)
 LIB_DEPENDS+=		Xpm.4:${PORTSDIR}/graphics/xpm
 .if defined(PARALLEL_PACKAGE_BUILD)

Index: Makefile
===================================================================
RCS file: /home/ncvs/ports/net/pipsecd/Makefile,v
retrieving revision 1.6
diff -u -r1.6 Makefile
--- Makefile	1999/11/07 22:25:37	1.6
+++ Makefile	2000/01/23 02:44:23
@@ -14,9 +14,14 @@
 
 MAINTAINER=	patrick@mindstep.com
 
-LIB_DEPENDS=	crypto.1:${PORTSDIR}/security/openssl
+USE_OPENSSL=	RSA
 
 ALL_TARGET=	pipsecd
+
+.if defined(OPENSSL_RSAREF)
+OPTLIB=		-L${OPENSSLLIB} -L${LOCALBASE} -lRSAglue -lrsaref
+MAKE_ENV+=	OPTLIB="${OPTLIB}"
+.endif
 
 .include <bsd.port.pre.mk>
 
Index: patches/patch-aa
===================================================================
RCS file: /home/ncvs/ports/net/pipsecd/patches/patch-aa,v
retrieving revision 1.3
diff -u -r1.3 patch-aa
--- patches/patch-aa	1999/12/02 04:55:45	1.3
+++ patches/patch-aa	2000/01/23 02:12:52
@@ -1,27 +1,30 @@
---- Makefile.orig	Thu Sep 16 17:44:50 1999
-+++ Makefile	Thu Oct 14 10:27:50 1999
-@@ -6,10 +6,13 @@
+--- Makefile.orig	Thu Sep 16 14:44:50 1999
++++ Makefile	Sat Jan 22 18:12:45 2000
+@@ -6,23 +6,26 @@
  CLEANFILES=	*.core *.o pipsecd
  
  # Where your OpenSSL includes are located
 -INCDIR=/usr/local/ssl/include
-+INCDIR=-I$(PREFIX)/include/openssl -I$(PREFIX)/include
++INCDIR=-I$(OPENSSLINC)/openssl -I$(PREFIX)/include
  
  # Where your libcrypto is located
 -LIBDIR=/usr/local/ssl/lib
-+LIBDIR=-L$(PREFIX)/lib
++LIBDIR=-L$(OPENSSLLIB)/lib
 +
 +# Misc defines
 +DEFINES=-DFILE_PREFIX=\"$(PREFIX)\"
  
  # Optional: use FreeBSD's libmd
- #OPTLIB += -lmd
-@@ -19,10 +22,10 @@
+-#OPTLIB += -lmd
++OPTLIB += -lmd
+ #OPTDEF += -DUSE_SYSTEM_HASH
+ 
+ # Optional: use ethertap device under Linux instead of userlink
  #OPTDEF += -DUSE_ETHERTAP
  
  pipsecd:	tunip.c defs.h
 -	gcc -Wall -I$(INCDIR) -g $(OPTDEF) -o pipsecd tunip.c -L$(LIBDIR) $(OPTLIB) -lcrypto
-+	gcc -Wall $(INCDIR) -g $(OPTDEF) -o pipsecd tunip.c $(LIBDIR) $(OPTLIB) -lcrypto -lRSAglue -lrsaref $(DEFINES)
++	$(CC) -Wall $(INCDIR) -g $(CFLAGS) $(OPTDEF) -o pipsecd tunip.c $(LIBDIR) $(OPTLIB) -lcrypto $(DEFINES)
  
  install: pipsecd
 -	install pipsecd /usr/local/sbin/
Index: patches/patch-ab
===================================================================
RCS file: /home/ncvs/ports/net/pipsecd/patches/patch-ab,v
retrieving revision 1.1.1.1
diff -u -r1.1.1.1 patch-ab
--- patches/patch-ab	1999/08/16 22:14:42	1.1.1.1
+++ patches/patch-ab	2000/01/23 02:04:13
@@ -1,6 +1,12 @@
---- tunip.c.orig	Mon Aug 16 11:54:50 1999
-+++ tunip.c	Mon Aug 16 12:27:07 1999
-@@ -57,8 +57,8 @@
+--- tunip.c.orig	Tue Sep 21 15:20:40 1999
++++ tunip.c	Sat Jan 22 18:02:55 2000
+@@ -54,12 +54,14 @@
+ #include <blowfish.h>
+ #include <cast.h>
+ #include <des.h>
++#ifndef NO_IDEA
+ #include <idea.h>
++#endif
  
  #include "defs.h"
  
@@ -10,4 +16,66 @@
 +#define _PATH_STARTUP           FILE_PREFIX "/etc/ipsec/startup"
  #define _PATH_DEV_RANDOM	"/dev/random"
  
- #define MAX_HEADER	64
+ #ifdef USE_ETHERTAP
+@@ -131,7 +133,9 @@
+ 	des_key_schedule k3;
+     } des3;
+     CAST_KEY cast;
++#ifndef NO_IDEA
+     IDEA_KEY_SCHEDULE idea;
++#endif
+ } crypt_key;
+ 
+ typedef struct crypt_method {
+@@ -304,12 +308,14 @@
+ void cast_cbc_decrypt(unsigned char *iv, crypt_key *dk,
+ 		      unsigned char *ct, unsigned int len);
+ int cast_setkey(unsigned char *b, unsigned int len, crypt_key *k);
++#ifndef NO_IDEA
+ void my_idea_cbc_encrypt(unsigned char *iv, crypt_key *ek,
+ 			 unsigned char *t, unsigned int len);
+ void my_idea_cbc_decrypt(unsigned char *iv, crypt_key *dk,
+ 			 unsigned char *ct, unsigned int len);
+ int my_idea_set_encrypt_key(unsigned char *b, unsigned int len, crypt_key *k);
+ int my_idea_set_decrypt_key(unsigned char *b, unsigned int len, crypt_key *k);
++#endif
+ void my_des_cbc_encrypt(unsigned char *iv, crypt_key *ek,
+ 			unsigned char *t, unsigned int len);
+ void my_des_cbc_decrypt(unsigned char *iv, crypt_key *dk,
+@@ -379,14 +385,20 @@
+ 
+ hash_method_t *hash_list = &hash_ripemd160;
+ 
++#ifndef NO_IDEA
+ crypt_method_t crypt_idea = {
+     NULL,
+     "idea_cbc", 8, 8,
+     my_idea_cbc_encrypt, my_idea_cbc_decrypt,
+     my_idea_set_encrypt_key, my_idea_set_decrypt_key
+ };
++#endif
+ crypt_method_t crypt_cast = {
++#ifndef NO_IDEA
+     &crypt_idea,
++#else
++    NULL,
++#endif
+     "cast_cbc", 8, 8,
+     cast_cbc_encrypt, cast_cbc_decrypt,
+     cast_setkey, cast_setkey
+@@ -1974,6 +1986,7 @@
+     return 0;
+ }
+ 
++#ifndef NO_IDEA
+ void my_idea_cbc_encrypt(unsigned char *iv, crypt_key *ek,
+ 			 unsigned char *t, unsigned int len)
+ {
+@@ -2002,6 +2015,7 @@
+     idea_set_decrypt_key(&k->idea, &k->idea);
+     return 0;
+ }
++#endif
+ 
+ void my_des_cbc_encrypt(unsigned char *iv, crypt_key *ek,
+ 			unsigned char *t, unsigned int len)



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0001221840430.86781-100000>