From owner-svn-ports-all@freebsd.org  Tue Sep  8 07:31:00 2020
Return-Path: <owner-svn-ports-all@freebsd.org>
Delivered-To: svn-ports-all@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id E6FE53E63C4;
 Tue,  8 Sep 2020 07:31:00 +0000 (UTC)
 (envelope-from danfe@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org
 [IPv6:2610:1c1:1:606c::19:3])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
 client-signature RSA-PSS (4096 bits) client-digest SHA256)
 (Client CN "mxrelay.nyi.freebsd.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 4Blxdw5fcSz4NGX;
 Tue,  8 Sep 2020 07:31:00 +0000 (UTC)
 (envelope-from danfe@FreeBSD.org)
Received: from repo.freebsd.org (repo.freebsd.org
 [IPv6:2610:1c1:1:6068::e6a:0])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id A6B11CC43;
 Tue,  8 Sep 2020 07:31:00 +0000 (UTC)
 (envelope-from danfe@FreeBSD.org)
Received: from repo.freebsd.org ([127.0.1.37])
 by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 0887V0QN069565;
 Tue, 8 Sep 2020 07:31:00 GMT (envelope-from danfe@FreeBSD.org)
Received: (from danfe@localhost)
 by repo.freebsd.org (8.15.2/8.15.2/Submit) id 0887Uxmq069554;
 Tue, 8 Sep 2020 07:30:59 GMT (envelope-from danfe@FreeBSD.org)
Message-Id: <202009080730.0887Uxmq069554@repo.freebsd.org>
X-Authentication-Warning: repo.freebsd.org: danfe set sender to
 danfe@FreeBSD.org using -f
From: Alexey Dokuchaev <danfe@FreeBSD.org>
Date: Tue, 8 Sep 2020 07:30:59 +0000 (UTC)
To: ports-committers@freebsd.org, svn-ports-all@freebsd.org,
 svn-ports-head@freebsd.org
Subject: svn commit: r547967 - in head/dns/validns: . files
X-SVN-Group: ports-head
X-SVN-Commit-Author: danfe
X-SVN-Commit-Paths: in head/dns/validns: . files
X-SVN-Commit-Revision: 547967
X-SVN-Commit-Repository: ports
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-ports-all@freebsd.org
X-Mailman-Version: 2.1.33
Precedence: list
List-Id: SVN commit messages for the ports tree <svn-ports-all.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/svn-ports-all>,
 <mailto:svn-ports-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-ports-all/>
List-Post: <mailto:svn-ports-all@freebsd.org>
List-Help: <mailto:svn-ports-all-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/svn-ports-all>,
 <mailto:svn-ports-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 08 Sep 2020 07:31:01 -0000

Author: danfe
Date: Tue Sep  8 07:30:59 2020
New Revision: 547967
URL: https://svnweb.freebsd.org/changeset/ports/547967

Log:
  - Unbreak the build against contemporary versions of OpenSSL
  - Hook provided test suite to our framework, respect CFLAGS

Added:
  head/dns/validns/files/
  head/dns/validns/files/patch-Makefile   (contents, props changed)
  head/dns/validns/files/patch-dnskey.c   (contents, props changed)
  head/dns/validns/files/patch-nsec3checks.c   (contents, props changed)
  head/dns/validns/files/patch-rrsig.c   (contents, props changed)
Modified:
  head/dns/validns/Makefile

Modified: head/dns/validns/Makefile
==============================================================================
--- head/dns/validns/Makefile	Tue Sep  8 07:16:45 2020	(r547966)
+++ head/dns/validns/Makefile	Tue Sep  8 07:30:59 2020	(r547967)
@@ -12,13 +12,13 @@ COMMENT=	High performance DNS/DNSSEC zone validator
 
 LICENSE=	BSD2CLAUSE
 
-BROKEN_SSL=	openssl
-
 LIB_DEPENDS=	libJudy.so:devel/judy
+TEST_DEPENDS=	p5-Test-Command-Simple>=0:devel/p5-Test-Command-Simple
 
 USES=		ssl
 
-ALL_TARGET=
+ALL_TARGET=	${PORTNAME}
+TEST_TARGET=	test
 
 PLIST_FILES=	bin/${PORTNAME} \
 		man/man1/${PORTNAME}.1.gz
@@ -26,22 +26,12 @@ PLIST_FILES=	bin/${PORTNAME} \
 PORTDOCS=	Changes README installation.mdwn notes.mdwn \
 		technical-notes.mdwn todo.mdwn usage.mdwn
 
-MAKE_ARGS+=	INCPATH=-I${LOCALBASE}/include
-MAKE_ARGS+=	EXTRALPATH=-L${LOCALBASE}/lib
-
 OPTIONS_DEFINE=	DOCS
 
-.include <bsd.port.pre.mk>
-
-.if ${SSL_DEFAULT} == base
-BROKEN_FreeBSD_12=	field has incomplete type 'EVP_MD_CTX' (aka 'struct evp_md_ctx_st')
-BROKEN_FreeBSD_13=	field has incomplete type 'EVP_MD_CTX' (aka 'struct evp_md_ctx_st')
-.endif
-
 do-install:
 	${INSTALL_PROGRAM} ${WRKSRC}/${PORTNAME} ${STAGEDIR}${PREFIX}/bin
 	${INSTALL_DATA} ${WRKSRC}/*.1 ${STAGEDIR}${MAN1PREFIX}/man/man1/
 	@${MKDIR} ${STAGEDIR}${DOCSDIR}
 	@${INSTALL_DATA} ${PORTDOCS:S,^,${WRKSRC}/,} ${STAGEDIR}${DOCSDIR}/
 
-.include <bsd.port.post.mk>
+.include <bsd.port.mk>

Added: head/dns/validns/files/patch-Makefile
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/dns/validns/files/patch-Makefile	Tue Sep  8 07:30:59 2020	(r547967)
@@ -0,0 +1,13 @@
+--- Makefile.orig	2014-02-11 20:08:39 UTC
++++ Makefile
+@@ -1,7 +1,7 @@
+ # The following options seem to work fine on Linux, FreeBSD, and Darwin
+-OPTIMIZE=-O2 -g
+-CFLAGS=-Wall -Werror -pthread -fno-strict-aliasing
+-INCPATH=-I/usr/local/include -I/opt/local/include -I/usr/local/ssl/include
++#OPTIMIZE=-O2 -g
++CFLAGS+=-Wall -Wno-unused-function -Werror -pthread
++INCPATH=-I$(LOCALBASE)/include -I$(OPENSSLINC)
+ CC?=cc
+ 
+ # These additional options work on Solaris/gcc to which I have an access

Added: head/dns/validns/files/patch-dnskey.c
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/dns/validns/files/patch-dnskey.c	Tue Sep  8 07:30:59 2020	(r547967)
@@ -0,0 +1,22 @@
+--- dnskey.c.orig	2014-02-11 20:45:11 UTC
++++ dnskey.c
+@@ -165,11 +165,17 @@ int dnskey_build_pkey(struct rr_dnskey *rr)
+ 		if (l < e_bytes) /* public key is too short */
+ 			goto done;
+ 
+-		rsa->e = BN_bin2bn(pk, e_bytes, NULL);
++		BIGNUM *e = BN_bin2bn(pk, e_bytes, NULL);
+ 		pk += e_bytes;
+ 		l -= e_bytes;
++		BIGNUM *n = BN_bin2bn(pk, l, NULL);
+ 
+-		rsa->n = BN_bin2bn(pk, l, NULL);
++#if OPENSSL_VERSION_NUMBER < 0x10100005L
++		rsa->e = e;
++		rsa->n = n;
++#else
++		RSA_set0_key(rsa, n, e, NULL);
++#endif
+ 
+ 		pkey = EVP_PKEY_new();
+ 		if (!pkey)

Added: head/dns/validns/files/patch-nsec3checks.c
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/dns/validns/files/patch-nsec3checks.c	Tue Sep  8 07:30:59 2020	(r547967)
@@ -0,0 +1,52 @@
+--- nsec3checks.c.orig	2014-02-11 20:46:07 UTC
++++ nsec3checks.c
+@@ -28,7 +28,7 @@
+ static struct binary_data name2hash(char *name, struct rr *param)
+ {
+     struct rr_nsec3param *p = (struct rr_nsec3param *)param;
+-	EVP_MD_CTX ctx;
++	EVP_MD_CTX *ctx;
+ 	unsigned char md0[EVP_MAX_MD_SIZE];
+ 	unsigned char md1[EVP_MAX_MD_SIZE];
+ 	unsigned char *md[2];
+@@ -45,26 +45,28 @@ static struct binary_data name2hash(char *name, struct
+ 
+ 	/* XXX Maybe use Init_ex and Final_ex for speed? */
+ 
+-	EVP_MD_CTX_init(&ctx);
+-	if (EVP_DigestInit(&ctx, EVP_sha1()) != 1)
+-		return r;
+-	digest_size = EVP_MD_CTX_size(&ctx);
+-	EVP_DigestUpdate(&ctx, wire_name.data, wire_name.length);
+-	EVP_DigestUpdate(&ctx, p->salt.data, p->salt.length);
+-	EVP_DigestFinal(&ctx, md[mdi], NULL);
++	ctx = EVP_MD_CTX_create();
++	if (EVP_DigestInit(ctx, EVP_sha1()) != 1)
++		goto out;
++	digest_size = EVP_MD_CTX_size(ctx);
++	EVP_DigestUpdate(ctx, wire_name.data, wire_name.length);
++	EVP_DigestUpdate(ctx, p->salt.data, p->salt.length);
++	EVP_DigestFinal(ctx, md[mdi], NULL);
+ 
+ 	for (i = 0; i < p->iterations; i++) {
+-		if (EVP_DigestInit(&ctx, EVP_sha1()) != 1)
+-			return r;
+-		EVP_DigestUpdate(&ctx, md[mdi], digest_size);
++		if (EVP_DigestInit(ctx, EVP_sha1()) != 1)
++			goto out;
++		EVP_DigestUpdate(ctx, md[mdi], digest_size);
+ 		mdi = (mdi + 1) % 2;
+-		EVP_DigestUpdate(&ctx, p->salt.data, p->salt.length);
+-		EVP_DigestFinal(&ctx, md[mdi], NULL);
++		EVP_DigestUpdate(ctx, p->salt.data, p->salt.length);
++		EVP_DigestFinal(ctx, md[mdi], NULL);
+ 	}
+ 
+ 	r.length = digest_size;
+ 	r.data = getmem(digest_size);
+ 	memcpy(r.data, md[mdi], digest_size);
++ out:
++	EVP_MD_CTX_destroy(ctx);
+ 	return r;
+ }
+ 

Added: head/dns/validns/files/patch-rrsig.c
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/dns/validns/files/patch-rrsig.c	Tue Sep  8 07:30:59 2020	(r547967)
@@ -0,0 +1,85 @@
+--- rrsig.c.orig	2014-02-11 20:45:39 UTC
++++ rrsig.c
+@@ -26,7 +26,7 @@
+ struct verification_data
+ {
+ 	struct verification_data *next;
+-	EVP_MD_CTX ctx;
++	EVP_MD_CTX *ctx;
+ 	struct rr_dnskey *key;
+ 	struct rr_rrsig *rr;
+ 	int ok;
+@@ -180,7 +180,8 @@ void *verification_thread(void *dummy)
+ 		if (d) {
+ 			int r;
+ 			d->next = NULL;
+-			r = EVP_VerifyFinal(&d->ctx, (unsigned char *)d->rr->signature.data, d->rr->signature.length, d->key->pkey);
++			r = EVP_VerifyFinal(d->ctx, (unsigned char *)d->rr->signature.data, d->rr->signature.length, d->key->pkey);
++			EVP_MD_CTX_destroy(d->ctx);
+ 			if (r == 1) {
+ 				d->ok = 1;
+ 			} else {
+@@ -232,7 +233,8 @@ static void schedule_verification(struct verification_
+ 	} else {
+ 		int r;
+ 		G.stats.signatures_verified++;
+-		r = EVP_VerifyFinal(&d->ctx, (unsigned char *)d->rr->signature.data, d->rr->signature.length, d->key->pkey);
++		r = EVP_VerifyFinal(d->ctx, (unsigned char *)d->rr->signature.data, d->rr->signature.length, d->key->pkey);
++		EVP_MD_CTX_destroy(d->ctx);
+ 		if (r == 1) {
+ 			d->ok = 1;
+ 		} else {
+@@ -250,21 +252,21 @@ static int verify_signature(struct verification_data *
+ 	struct rr *signed_rr;
+ 	int i;
+ 
+-	EVP_MD_CTX_init(&d->ctx);
++	d->ctx = EVP_MD_CTX_create();
+ 	switch (d->rr->algorithm) {
+ 	case ALG_DSA:
+ 	case ALG_RSASHA1:
+ 	case ALG_DSA_NSEC3_SHA1:
+ 	case ALG_RSASHA1_NSEC3_SHA1:
+-		if (EVP_VerifyInit(&d->ctx, EVP_sha1()) != 1)
++		if (EVP_VerifyInit(d->ctx, EVP_sha1()) != 1)
+ 			return 0;
+ 		break;
+ 	case ALG_RSASHA256:
+-		if (EVP_VerifyInit(&d->ctx, EVP_sha256()) != 1)
++		if (EVP_VerifyInit(d->ctx, EVP_sha256()) != 1)
+ 			return 0;
+ 		break;
+ 	case ALG_RSASHA512:
+-		if (EVP_VerifyInit(&d->ctx, EVP_sha512()) != 1)
++		if (EVP_VerifyInit(d->ctx, EVP_sha512()) != 1)
+ 			return 0;
+ 		break;
+ 	default:
+@@ -274,7 +276,7 @@ static int verify_signature(struct verification_data *
+ 	chunk = rrsig_wirerdata_ex(&d->rr->rr, 0);
+ 	if (chunk.length < 0)
+ 		return 0;
+-	EVP_VerifyUpdate(&d->ctx, chunk.data, chunk.length);
++	EVP_VerifyUpdate(d->ctx, chunk.data, chunk.length);
+ 
+ 	set = getmem_temp(sizeof(*set) * signed_set->count);
+ 
+@@ -294,12 +296,12 @@ static int verify_signature(struct verification_data *
+ 		chunk = name2wire_name(signed_set->named_rr->name);
+ 		if (chunk.length < 0)
+ 			return 0;
+-		EVP_VerifyUpdate(&d->ctx, chunk.data, chunk.length);
+-		b2 = htons(set[i].rr->rdtype);    EVP_VerifyUpdate(&d->ctx, &b2, 2);
+-		b2 = htons(1);  /* class IN */   EVP_VerifyUpdate(&d->ctx, &b2, 2);
+-		b4 = htonl(set[i].rr->ttl);       EVP_VerifyUpdate(&d->ctx, &b4, 4);
+-		b2 = htons(set[i].wired.length); EVP_VerifyUpdate(&d->ctx, &b2, 2);
+-		EVP_VerifyUpdate(&d->ctx, set[i].wired.data, set[i].wired.length);
++		EVP_VerifyUpdate(d->ctx, chunk.data, chunk.length);
++		b2 = htons(set[i].rr->rdtype);    EVP_VerifyUpdate(d->ctx, &b2, 2);
++		b2 = htons(1);  /* class IN */   EVP_VerifyUpdate(d->ctx, &b2, 2);
++		b4 = htonl(set[i].rr->ttl);       EVP_VerifyUpdate(d->ctx, &b4, 4);
++		b2 = htons(set[i].wired.length); EVP_VerifyUpdate(d->ctx, &b2, 2);
++		EVP_VerifyUpdate(d->ctx, set[i].wired.data, set[i].wired.length);
+ 	}
+ 
+ 	schedule_verification(d);