From owner-freebsd-ports Sat Jan 22 18:46:32 2000 Delivered-To: freebsd-ports@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 758) id 56F3514D78; Sat, 22 Jan 2000 18:46:28 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by hub.freebsd.org (Postfix) with ESMTP id 4B5AC1CD5FF for ; Sat, 22 Jan 2000 18:46:28 -0800 (PST) (envelope-from kris@hub.freebsd.org) Date: Sat, 22 Jan 2000 18:46:28 -0800 (PST) From: Kris Kennaway To: ports@freebsd.org Subject: USA_OPENSSL Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-ports@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Attached is a prototype patch for bsd.port.mk to teach it about the various possible versions of openssl. Note that it doesn't quite work: I can't figure out why CFLAGS and OPENSSL_RSAREF aren't being set early enough that they're visible to makefiles (e.g. the updated pipsecd port, patch appended). I haven't tested this thoroughly on all of the combinations of variables, so I might have screwed up :-) This is kind of messy because of all the possibilities which exist, so if anyone can think of improvements I'm all ears :-) Kris Index: ../../Mk/bsd.port.mk =================================================================== RCS file: /home/ncvs/ports/Mk/bsd.port.mk,v retrieving revision 1.326 diff -u -r1.326 bsd.port.mk --- ../../Mk/bsd.port.mk 2000/01/21 11:08:06 1.326 +++ ../../Mk/bsd.port.mk 2000/01/23 02:32:07 @@ -653,6 +653,38 @@ MAKE_ENV+= CC=${CC} CXX=${CXX} .endif +.if defined(USE_OPENSSL) +.if ${OSVERSION} >= 400014 && exists(/usr/lib/libcrypto.so) +.if ${USE_OPENSSL} == RSA +_HASRSA= "`/usr/bin/nm /usr/lib/libcrypto.a | ${GREP} RSA_free`" +.if empty(_HASRSA) +.BEGIN: + @${ECHO} ">>> This port requires RSA crypto, which is not present in your" + @${ECHO} ">>> version of OpenSSL. Please see Chapter XX in the FAQ for" + @${ECHO} ">>> a description of the problem and alternative solutions." + @${FALSE} +.elif defined(USA_RESIDENT) && ${USA_RESIDENT} == YES +LIB_DEPENDS+= rsaref.2:${PORTSDIR}/security/rsaref +# We set this so ports can decide whether or not to link against librsaref +# and libRSAglue +OPENSSL_RSAREF= YES +.endif +.endif +OPENSSLBASE= /usr +OPENSSLDIR= /etc/ssl +# OpenSSL in the base system doesn't include IDEA for patent reasons. +CFLAGS+= -DNO_IDEA +.else +LIB_DEPENDS+= crypto.1:${PORTSDIR}/security/openssl +OPENSSLBASE= ${LOCALBASE} +OPENSSLDIR= ${LOCALBASE}/openssl +.endif +OPENSSLLIB= ${OPENSSLBASE}/lib +OPENSSLINC= ${OPENSSLBASE}/include +MAKE_ENV+= OPENSSLLIB=${OPENSSLLIB} OPENSSLINC=${OPENSSLINC} \ + OPENSSLBASE=${OPENSSLBASE} OPENSSLDIR=${OPENSSLDIR} +.endif + .if defined(REQUIRES_MOTIF) LIB_DEPENDS+= Xpm.4:${PORTSDIR}/graphics/xpm .if defined(PARALLEL_PACKAGE_BUILD) Index: Makefile =================================================================== RCS file: /home/ncvs/ports/net/pipsecd/Makefile,v retrieving revision 1.6 diff -u -r1.6 Makefile --- Makefile 1999/11/07 22:25:37 1.6 +++ Makefile 2000/01/23 02:44:23 @@ -14,9 +14,14 @@ MAINTAINER= patrick@mindstep.com -LIB_DEPENDS= crypto.1:${PORTSDIR}/security/openssl +USE_OPENSSL= RSA ALL_TARGET= pipsecd + +.if defined(OPENSSL_RSAREF) +OPTLIB= -L${OPENSSLLIB} -L${LOCALBASE} -lRSAglue -lrsaref +MAKE_ENV+= OPTLIB="${OPTLIB}" +.endif .include Index: patches/patch-aa =================================================================== RCS file: /home/ncvs/ports/net/pipsecd/patches/patch-aa,v retrieving revision 1.3 diff -u -r1.3 patch-aa --- patches/patch-aa 1999/12/02 04:55:45 1.3 +++ patches/patch-aa 2000/01/23 02:12:52 @@ -1,27 +1,30 @@ ---- Makefile.orig Thu Sep 16 17:44:50 1999 -+++ Makefile Thu Oct 14 10:27:50 1999 -@@ -6,10 +6,13 @@ +--- Makefile.orig Thu Sep 16 14:44:50 1999 ++++ Makefile Sat Jan 22 18:12:45 2000 +@@ -6,23 +6,26 @@ CLEANFILES= *.core *.o pipsecd # Where your OpenSSL includes are located -INCDIR=/usr/local/ssl/include -+INCDIR=-I$(PREFIX)/include/openssl -I$(PREFIX)/include ++INCDIR=-I$(OPENSSLINC)/openssl -I$(PREFIX)/include # Where your libcrypto is located -LIBDIR=/usr/local/ssl/lib -+LIBDIR=-L$(PREFIX)/lib ++LIBDIR=-L$(OPENSSLLIB)/lib + +# Misc defines +DEFINES=-DFILE_PREFIX=\"$(PREFIX)\" # Optional: use FreeBSD's libmd - #OPTLIB += -lmd -@@ -19,10 +22,10 @@ +-#OPTLIB += -lmd ++OPTLIB += -lmd + #OPTDEF += -DUSE_SYSTEM_HASH + + # Optional: use ethertap device under Linux instead of userlink #OPTDEF += -DUSE_ETHERTAP pipsecd: tunip.c defs.h - gcc -Wall -I$(INCDIR) -g $(OPTDEF) -o pipsecd tunip.c -L$(LIBDIR) $(OPTLIB) -lcrypto -+ gcc -Wall $(INCDIR) -g $(OPTDEF) -o pipsecd tunip.c $(LIBDIR) $(OPTLIB) -lcrypto -lRSAglue -lrsaref $(DEFINES) ++ $(CC) -Wall $(INCDIR) -g $(CFLAGS) $(OPTDEF) -o pipsecd tunip.c $(LIBDIR) $(OPTLIB) -lcrypto $(DEFINES) install: pipsecd - install pipsecd /usr/local/sbin/ Index: patches/patch-ab =================================================================== RCS file: /home/ncvs/ports/net/pipsecd/patches/patch-ab,v retrieving revision 1.1.1.1 diff -u -r1.1.1.1 patch-ab --- patches/patch-ab 1999/08/16 22:14:42 1.1.1.1 +++ patches/patch-ab 2000/01/23 02:04:13 @@ -1,6 +1,12 @@ ---- tunip.c.orig Mon Aug 16 11:54:50 1999 -+++ tunip.c Mon Aug 16 12:27:07 1999 -@@ -57,8 +57,8 @@ +--- tunip.c.orig Tue Sep 21 15:20:40 1999 ++++ tunip.c Sat Jan 22 18:02:55 2000 +@@ -54,12 +54,14 @@ + #include + #include + #include ++#ifndef NO_IDEA + #include ++#endif #include "defs.h" @@ -10,4 +16,66 @@ +#define _PATH_STARTUP FILE_PREFIX "/etc/ipsec/startup" #define _PATH_DEV_RANDOM "/dev/random" - #define MAX_HEADER 64 + #ifdef USE_ETHERTAP +@@ -131,7 +133,9 @@ + des_key_schedule k3; + } des3; + CAST_KEY cast; ++#ifndef NO_IDEA + IDEA_KEY_SCHEDULE idea; ++#endif + } crypt_key; + + typedef struct crypt_method { +@@ -304,12 +308,14 @@ + void cast_cbc_decrypt(unsigned char *iv, crypt_key *dk, + unsigned char *ct, unsigned int len); + int cast_setkey(unsigned char *b, unsigned int len, crypt_key *k); ++#ifndef NO_IDEA + void my_idea_cbc_encrypt(unsigned char *iv, crypt_key *ek, + unsigned char *t, unsigned int len); + void my_idea_cbc_decrypt(unsigned char *iv, crypt_key *dk, + unsigned char *ct, unsigned int len); + int my_idea_set_encrypt_key(unsigned char *b, unsigned int len, crypt_key *k); + int my_idea_set_decrypt_key(unsigned char *b, unsigned int len, crypt_key *k); ++#endif + void my_des_cbc_encrypt(unsigned char *iv, crypt_key *ek, + unsigned char *t, unsigned int len); + void my_des_cbc_decrypt(unsigned char *iv, crypt_key *dk, +@@ -379,14 +385,20 @@ + + hash_method_t *hash_list = &hash_ripemd160; + ++#ifndef NO_IDEA + crypt_method_t crypt_idea = { + NULL, + "idea_cbc", 8, 8, + my_idea_cbc_encrypt, my_idea_cbc_decrypt, + my_idea_set_encrypt_key, my_idea_set_decrypt_key + }; ++#endif + crypt_method_t crypt_cast = { ++#ifndef NO_IDEA + &crypt_idea, ++#else ++ NULL, ++#endif + "cast_cbc", 8, 8, + cast_cbc_encrypt, cast_cbc_decrypt, + cast_setkey, cast_setkey +@@ -1974,6 +1986,7 @@ + return 0; + } + ++#ifndef NO_IDEA + void my_idea_cbc_encrypt(unsigned char *iv, crypt_key *ek, + unsigned char *t, unsigned int len) + { +@@ -2002,6 +2015,7 @@ + idea_set_decrypt_key(&k->idea, &k->idea); + return 0; + } ++#endif + + void my_des_cbc_encrypt(unsigned char *iv, crypt_key *ek, + unsigned char *t, unsigned int len) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message