From owner-svn-ports-all@freebsd.org Sun Nov 18 14:53:03 2018 Return-Path: Delivered-To: svn-ports-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 551B91104288; Sun, 18 Nov 2018 14:53:03 +0000 (UTC) (envelope-from kevans@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 0628080D05; Sun, 18 Nov 2018 14:53:03 +0000 (UTC) (envelope-from kevans@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id DB18D14D66; Sun, 18 Nov 2018 14:53:02 +0000 (UTC) (envelope-from kevans@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id wAIEr2ID035715; Sun, 18 Nov 2018 14:53:02 GMT (envelope-from kevans@FreeBSD.org) Received: (from kevans@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id wAIEr0W5035701; Sun, 18 Nov 2018 14:53:00 GMT (envelope-from kevans@FreeBSD.org) Message-Id: <201811181453.wAIEr0W5035701@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: kevans set sender to kevans@FreeBSD.org using -f From: Kyle Evans Date: Sun, 18 Nov 2018 14:53:00 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r485226 - in head/net/freerdp1: . files X-SVN-Group: ports-head X-SVN-Commit-Author: kevans X-SVN-Commit-Paths: in head/net/freerdp1: . files X-SVN-Commit-Revision: 485226 X-SVN-Commit-Repository: ports MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: 0628080D05 X-Spamd-Result: default: False [0.20 / 15.00]; local_wl_from(0.00)[FreeBSD.org]; NEURAL_SPAM_SHORT(0.20)[0.205,0] X-Rspamd-Server: mx1.freebsd.org X-BeenThere: svn-ports-all@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 18 Nov 2018 14:53:03 -0000 Author: kevans (src committer) Date: Sun Nov 18 14:53:00 2018 New Revision: 485226 URL: https://svnweb.freebsd.org/changeset/ports/485226 Log: net/freerdp1: Fix build with OpenSSL 1.1 Patch taken partially from upstream with some minor refactoring because the patch from upstream was fairly far off from where this version of FreeRDP is at. Built with: Poudriere (11.2 and 13.0-CURRENT) Tested with: OpenSSL 1.0.2 (11.2, base) Tested with: OpenSSL 1.1.1 (11.2, security/openssl111) PR: 233014 Approved by: ultima (ports), myself (maintainer) MFH: 2018Q4 (OpenSSL build fix) Added: head/net/freerdp1/files/patch-git_1b5f5747 (contents, props changed) head/net/freerdp1/files/patch-include_freerdp_crypto_crypto.h (contents, props changed) head/net/freerdp1/files/patch-libfreerdp_common_assistance.c (contents, props changed) head/net/freerdp1/files/patch-libfreerdp_core_certificate.c (contents, props changed) head/net/freerdp1/files/patch-libfreerdp_core_tcp.c (contents, props changed) head/net/freerdp1/files/patch-libfreerdp_core_transport.c (contents, props changed) head/net/freerdp1/files/patch-libfreerdp_crypto_CMakeLists.txt (contents, props changed) head/net/freerdp1/files/patch-libfreerdp_crypto_crypto.c (contents, props changed) head/net/freerdp1/files/patch-libfreerdp_crypto_opensslcompat.c (contents, props changed) head/net/freerdp1/files/patch-libfreerdp_crypto_opensslcompat.h (contents, props changed) head/net/freerdp1/files/patch-libfreerdp_crypto_tls.c (contents, props changed) head/net/freerdp1/files/patch-winpr_libwinpr_crypto_crypto.c (contents, props changed) head/net/freerdp1/files/patch-winpr_libwinpr_crypto_crypto.h (contents, props changed) head/net/freerdp1/files/patch-winpr_libwinpr_sspi_NTLM_ntlm.c (contents, props changed) head/net/freerdp1/files/patch-winpr_libwinpr_sspi_NTLM_ntlm__compute.c (contents, props changed) head/net/freerdp1/files/patch-winpr_tools_makecert_makecert.c (contents, props changed) Modified: head/net/freerdp1/Makefile Modified: head/net/freerdp1/Makefile ============================================================================== --- head/net/freerdp1/Makefile Sun Nov 18 14:14:15 2018 (r485225) +++ head/net/freerdp1/Makefile Sun Nov 18 14:53:00 2018 (r485226) @@ -3,7 +3,7 @@ PORTNAME= freerdp PORTVERSION= 1.2.0 -PORTREVISION= 13 +PORTREVISION= 14 CATEGORIES= net comms ipv6 PKGNAMESUFFIX= 1 Added: head/net/freerdp1/files/patch-git_1b5f5747 ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/net/freerdp1/files/patch-git_1b5f5747 Sun Nov 18 14:53:00 2018 (r485226) @@ -0,0 +1,30 @@ +--- winpr/libwinpr/bcrypt/CMakeLists.txt.orig 2014-09-11 22:46:32 UTC ++++ winpr/libwinpr/bcrypt/CMakeLists.txt +@@ -17,8 +17,3 @@ + + winpr_module_add(bcrypt.c) + +-winpr_include_directory_add( +- ${OPENSSL_INCLUDE_DIR} +- ${ZLIB_INCLUDE_DIRS}) +- +-winpr_library_add(${ZLIB_LIBRARIES}) +--- winpr/libwinpr/crypto/CMakeLists.txt.orig 2014-09-11 22:46:32 UTC ++++ winpr/libwinpr/crypto/CMakeLists.txt +@@ -20,6 +20,16 @@ winpr_module_add( + crypto.h + cert.c) + ++if(OPENSSL_FOUND) ++ winpr_include_directory_add(${OPENSSL_INCLUDE_DIR}) ++ winpr_library_add(${OPENSSL_LIBRARIES}) ++endif() ++ ++if(MBEDTLS_FOUND) ++ winpr_include_directory_add(${MBEDTLS_INCLUDE_DIR}) ++ winpr_library_add(${MBEDTLS_LIBRARIES}) ++endif() ++ + if(WIN32) + winpr_library_add(crypt32) + endif() Added: head/net/freerdp1/files/patch-include_freerdp_crypto_crypto.h ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/net/freerdp1/files/patch-include_freerdp_crypto_crypto.h Sun Nov 18 14:53:00 2018 (r485226) @@ -0,0 +1,23 @@ +--- include/freerdp/crypto/crypto.h.orig 2018-11-06 02:55:10 UTC ++++ include/freerdp/crypto/crypto.h +@@ -61,12 +61,20 @@ struct crypto_rc4_struct + + struct crypto_des3_struct + { ++#if OPENSSL_VERSION_NUMBER >= 0x1010000fL ++ EVP_CIPHER_CTX *des3_ctx; ++#else + EVP_CIPHER_CTX des3_ctx; ++#endif + }; + + struct crypto_hmac_struct + { ++#if OPENSSL_VERSION_NUMBER >= 0x1010000fL ++ HMAC_CTX *hmac_ctx; ++#else + HMAC_CTX hmac_ctx; ++#endif + }; + + struct crypto_cert_struct Added: head/net/freerdp1/files/patch-libfreerdp_common_assistance.c ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/net/freerdp1/files/patch-libfreerdp_common_assistance.c Sun Nov 18 14:53:00 2018 (r485226) @@ -0,0 +1,156 @@ +--- libfreerdp/common/assistance.c.orig 2018-11-06 05:10:45 UTC ++++ libfreerdp/common/assistance.c +@@ -478,7 +478,11 @@ BYTE* freerdp_assistance_encrypt_pass_stub(const char* + int cbPassStubW; + int EncryptedSize; + BYTE PasswordHash[16]; ++#if OPENSSL_VERSION_NUMBER >= 0x1010000fL ++ EVP_CIPHER_CTX *rc4Ctx; ++#else + EVP_CIPHER_CTX rc4Ctx; ++#endif + BYTE *pbIn, *pbOut; + int cbOut, cbIn, cbFinal; + WCHAR* PasswordW = NULL; +@@ -516,9 +520,16 @@ BYTE* freerdp_assistance_encrypt_pass_stub(const char* + *((UINT32*) pbIn) = cbPassStubW; + CopyMemory(&pbIn[4], PassStubW, cbPassStubW); + ++#if OPENSSL_VERSION_NUMBER >= 0x1010000fL ++ rc4Ctx = EVP_CIPHER_CTX_new(); ++ EVP_CIPHER_CTX_init(rc4Ctx); ++ ++ status = EVP_EncryptInit_ex(rc4Ctx, EVP_rc4(), NULL, NULL, NULL); ++#else + EVP_CIPHER_CTX_init(&rc4Ctx); + + status = EVP_EncryptInit_ex(&rc4Ctx, EVP_rc4(), NULL, NULL, NULL); ++#endif + + if (!status) + { +@@ -526,7 +537,11 @@ BYTE* freerdp_assistance_encrypt_pass_stub(const char* + return NULL; + } + ++#if OPENSSL_VERSION_NUMBER >= 0x1010000fL ++ status = EVP_EncryptInit_ex(rc4Ctx, NULL, NULL, PasswordHash, NULL); ++#else + status = EVP_EncryptInit_ex(&rc4Ctx, NULL, NULL, PasswordHash, NULL); ++#endif + + if (!status) + { +@@ -537,7 +552,11 @@ BYTE* freerdp_assistance_encrypt_pass_stub(const char* + cbOut = cbFinal = 0; + cbIn = EncryptedSize; + ++#if OPENSSL_VERSION_NUMBER >= 0x1010000fL ++ status = EVP_EncryptUpdate(rc4Ctx, pbOut, &cbOut, pbIn, cbIn); ++#else + status = EVP_EncryptUpdate(&rc4Ctx, pbOut, &cbOut, pbIn, cbIn); ++#endif + + if (!status) + { +@@ -545,7 +564,11 @@ BYTE* freerdp_assistance_encrypt_pass_stub(const char* + return NULL; + } + ++#if OPENSSL_VERSION_NUMBER >= 0x1010000fL ++ status = EVP_EncryptFinal_ex(rc4Ctx, pbOut + cbOut, &cbFinal); ++#else + status = EVP_EncryptFinal_ex(&rc4Ctx, pbOut + cbOut, &cbFinal); ++#endif + + if (!status) + { +@@ -553,7 +576,11 @@ BYTE* freerdp_assistance_encrypt_pass_stub(const char* + return NULL; + } + ++#if OPENSSL_VERSION_NUMBER >= 0x1010000fL ++ EVP_CIPHER_CTX_free(rc4Ctx); ++#else + EVP_CIPHER_CTX_cleanup(&rc4Ctx); ++#endif + + free(pbIn); + free(PasswordW); +@@ -571,7 +598,11 @@ int freerdp_assistance_decrypt2(rdpAssistanceFile* fil + int cbPasswordW; + int cchOutW = 0; + WCHAR* pbOutW = NULL; ++#if OPENSSL_VERSION_NUMBER >= 0x1010000fL ++ EVP_CIPHER_CTX *aesDec; ++#else + EVP_CIPHER_CTX aesDec; ++#endif + WCHAR* PasswordW = NULL; + BYTE *pbIn, *pbOut; + int cbOut, cbIn, cbFinal; +@@ -598,17 +629,31 @@ int freerdp_assistance_decrypt2(rdpAssistanceFile* fil + + ZeroMemory(InitializationVector, sizeof(InitializationVector)); + ++#if OPENSSL_VERSION_NUMBER >= 0x1010000fL ++ aesDec = EVP_CIPHER_CTX_new(); ++ EVP_CIPHER_CTX_init(aesDec); ++ ++ status = EVP_DecryptInit_ex(aesDec, EVP_aes_128_cbc(), NULL, NULL, NULL); ++#else + EVP_CIPHER_CTX_init(&aesDec); + + status = EVP_DecryptInit_ex(&aesDec, EVP_aes_128_cbc(), NULL, NULL, NULL); ++#endif + + if (status != 1) + return -1; + ++#if OPENSSL_VERSION_NUMBER >= 0x1010000fL ++ EVP_CIPHER_CTX_set_key_length(aesDec, (128 / 8)); ++ EVP_CIPHER_CTX_set_padding(aesDec, 0); ++ ++ status = EVP_DecryptInit_ex(aesDec, EVP_aes_128_cbc(), NULL, DerivedKey, InitializationVector); ++#else + EVP_CIPHER_CTX_set_key_length(&aesDec, (128 / 8)); + EVP_CIPHER_CTX_set_padding(&aesDec, 0); + + status = EVP_DecryptInit_ex(&aesDec, EVP_aes_128_cbc(), NULL, DerivedKey, InitializationVector); ++#endif + + if (status != 1) + return -1; +@@ -621,12 +666,20 @@ int freerdp_assistance_decrypt2(rdpAssistanceFile* fil + if (!pbOut) + return -1; + ++#if OPENSSL_VERSION_NUMBER >= 0x1010000fL ++ status = EVP_DecryptUpdate(aesDec, pbOut, &cbOut, pbIn, cbIn); ++#else + status = EVP_DecryptUpdate(&aesDec, pbOut, &cbOut, pbIn, cbIn); ++#endif + + if (status != 1) + return -1; + ++#if OPENSSL_VERSION_NUMBER >= 0x1010000fL ++ status = EVP_DecryptFinal_ex(aesDec, pbOut + cbOut, &cbFinal); ++#else + status = EVP_DecryptFinal_ex(&aesDec, pbOut + cbOut, &cbFinal); ++#endif + + if (status != 1) + { +@@ -634,7 +687,11 @@ int freerdp_assistance_decrypt2(rdpAssistanceFile* fil + return -1; + } + ++#if OPENSSL_VERSION_NUMBER >= 0x1010000fL ++ EVP_CIPHER_CTX_free(aesDec); ++#else + EVP_CIPHER_CTX_cleanup(&aesDec); ++#endif + + cbOut += cbFinal; + cbFinal = 0; Added: head/net/freerdp1/files/patch-libfreerdp_core_certificate.c ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/net/freerdp1/files/patch-libfreerdp_core_certificate.c Sun Nov 18 14:53:00 2018 (r485226) @@ -0,0 +1,59 @@ +--- libfreerdp/core/certificate.c.orig 2014-09-11 22:46:32 UTC ++++ libfreerdp/core/certificate.c +@@ -32,6 +32,7 @@ + #include + + #include "certificate.h" ++#include "../crypto/opensslcompat.h" + + #define TAG "com.freerdp.core" + +@@ -652,6 +653,9 @@ rdpRsaKey* key_new(const char* keyfile) + FILE* fp; + RSA* rsa; + rdpRsaKey* key; ++ const BIGNUM *rsa_e = NULL; ++ const BIGNUM *rsa_n = NULL; ++ const BIGNUM *rsa_d = NULL; + key = (rdpRsaKey*)calloc(1, sizeof(rdpRsaKey)); + + if (!key) +@@ -692,31 +696,31 @@ rdpRsaKey* key_new(const char* keyfile) + ERR_print_errors_fp(stderr); + goto out_free_rsa; + } +- +- if (BN_num_bytes(rsa->e) > 4) ++ RSA_get0_key(rsa, &rsa_n, &rsa_e, &rsa_d); ++ if (BN_num_bytes(rsa_e) > 4) + { + DEBUG_WARN("%s: RSA public exponent too large in %s\n", __FUNCTION__, keyfile); + goto out_free_rsa; + } + +- key->ModulusLength = BN_num_bytes(rsa->n); ++ key->ModulusLength = BN_num_bytes(rsa_n); + key->Modulus = (BYTE*)malloc(key->ModulusLength); + + if (!key->Modulus) + goto out_free_rsa; + +- BN_bn2bin(rsa->n, key->Modulus); ++ BN_bn2bin(rsa_n, key->Modulus); + crypto_reverse(key->Modulus, key->ModulusLength); +- key->PrivateExponentLength = BN_num_bytes(rsa->d); ++ key->PrivateExponentLength = BN_num_bytes(rsa_d); + key->PrivateExponent = (BYTE*)malloc(key->PrivateExponentLength); + + if (!key->PrivateExponent) + goto out_free_modulus; + +- BN_bn2bin(rsa->d, key->PrivateExponent); ++ BN_bn2bin(rsa_d, key->PrivateExponent); + crypto_reverse(key->PrivateExponent, key->PrivateExponentLength); + memset(key->exponent, 0, sizeof(key->exponent)); +- BN_bn2bin(rsa->e, key->exponent + sizeof(key->exponent) - BN_num_bytes(rsa->e)); ++ BN_bn2bin(rsa_e, key->exponent + sizeof(key->exponent) - BN_num_bytes(rsa_e)); + crypto_reverse(key->exponent, sizeof(key->exponent)); + RSA_free(rsa); + return key; Added: head/net/freerdp1/files/patch-libfreerdp_core_tcp.c ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/net/freerdp1/files/patch-libfreerdp_core_tcp.c Sun Nov 18 14:53:00 2018 (r485226) @@ -0,0 +1,338 @@ +--- libfreerdp/core/tcp.c.orig 2014-09-11 22:46:32 UTC ++++ libfreerdp/core/tcp.c +@@ -71,6 +71,7 @@ + #include + + #include "tcp.h" ++#include "../crypto/opensslcompat.h" + + /* Simple Socket BIO */ + +@@ -86,13 +87,14 @@ static int transport_bio_simple_write(BIO* bio, const + { + int error; + int status = 0; ++ int socket = (int)BIO_get_data(bio); + + if (!buf) + return 0; + + BIO_clear_flags(bio, BIO_FLAGS_WRITE); + +- status = _send((SOCKET) bio->num, buf, size, 0); ++ status = _send(socket, buf, size, 0); + + if (status <= 0) + { +@@ -116,13 +118,14 @@ static int transport_bio_simple_read(BIO* bio, char* b + { + int error; + int status = 0; ++ int socket = (int)BIO_get_data(bio); + + if (!buf) + return 0; + + BIO_clear_flags(bio, BIO_FLAGS_READ); + +- status = _recv((SOCKET) bio->num, buf, size, 0); ++ status = _recv(socket, buf, size, 0); + if (status > 0) + return status; + +@@ -160,6 +163,7 @@ static int transport_bio_simple_gets(BIO* bio, char* s + static long transport_bio_simple_ctrl(BIO* bio, int cmd, long arg1, void* arg2) + { + int status = -1; ++ int socket = (int)BIO_get_data(bio); + + switch (cmd) + { +@@ -167,29 +171,29 @@ static long transport_bio_simple_ctrl(BIO* bio, int cm + if (arg2) + { + transport_bio_simple_free(bio); +- bio->flags = BIO_FLAGS_SHOULD_RETRY; +- bio->num = *((int*) arg2); +- bio->shutdown = (int) arg1; +- bio->init = 1; ++ BIO_set_flags(bio, BIO_FLAGS_SHOULD_RETRY); ++ BIO_set_data(bio, *((int *) arg2)); ++ BIO_set_shutdown(bio, (int) arg1); ++ BIO_set_init(bio, 1); + status = 1; + } + break; + + case BIO_C_GET_FD: +- if (bio->init) ++ if (BIO_get_init(bio)) + { + if (arg2) +- *((int*) arg2) = bio->num; +- status = bio->num; ++ *((int*) arg2) = socket; ++ status = socket; + } + break; + + case BIO_CTRL_GET_CLOSE: +- status = bio->shutdown; ++ status = BIO_get_shutdown(bio); + break; + + case BIO_CTRL_SET_CLOSE: +- bio->shutdown = (int) arg1; ++ BIO_set_shutdown(bio, (int) arg1); + status = 1; + break; + +@@ -211,47 +215,49 @@ static long transport_bio_simple_ctrl(BIO* bio, int cm + + static int transport_bio_simple_new(BIO* bio) + { +- bio->init = 0; +- bio->num = 0; +- bio->ptr = NULL; +- bio->flags = BIO_FLAGS_SHOULD_RETRY; ++ ++ BIO_set_init(bio, 0); ++ BIO_set_data(bio, 0); ++ BIO_set_flags(bio, BIO_FLAGS_SHOULD_RETRY); + return 1; + } + + static int transport_bio_simple_free(BIO* bio) + { ++ int socket = (int)BIO_get_data(bio); + if (!bio) + return 0; + +- if (bio->shutdown) ++ if (BIO_get_shutdown(bio)) + { +- if (bio->init) +- closesocket((SOCKET) bio->num); ++ if (BIO_get_init(bio)) ++ closesocket(socket); + +- bio->init = 0; +- bio->flags = 0; ++ BIO_set_init(bio, 0); ++ BIO_set_flags(bio, 0); ++ BIO_set_data(bio, 0); + } + + return 1; + } + +-static BIO_METHOD transport_bio_simple_socket_methods = +-{ +- BIO_TYPE_SIMPLE, +- "SimpleSocket", +- transport_bio_simple_write, +- transport_bio_simple_read, +- transport_bio_simple_puts, +- transport_bio_simple_gets, +- transport_bio_simple_ctrl, +- transport_bio_simple_new, +- transport_bio_simple_free, +- NULL, +-}; +- + BIO_METHOD* BIO_s_simple_socket(void) + { +- return &transport_bio_simple_socket_methods; ++ static BIO_METHOD* bio_methods = NULL; ++ ++ if (bio_methods == NULL) ++ { ++ if (!(bio_methods = BIO_meth_new(BIO_TYPE_SIMPLE, "SimpleSocket"))) ++ return NULL; ++ BIO_meth_set_write(bio_methods, transport_bio_simple_write); ++ BIO_meth_set_read(bio_methods, transport_bio_simple_read); ++ BIO_meth_set_puts(bio_methods, transport_bio_simple_puts); ++ BIO_meth_set_gets(bio_methods, transport_bio_simple_gets); ++ BIO_meth_set_ctrl(bio_methods, transport_bio_simple_ctrl); ++ BIO_meth_set_create(bio_methods, transport_bio_simple_new); ++ BIO_meth_set_destroy(bio_methods, transport_bio_simple_free); ++ } ++ return bio_methods; + } + + /* Buffered Socket BIO */ +@@ -264,7 +270,8 @@ long transport_bio_buffered_callback(BIO* bio, int mod + static int transport_bio_buffered_write(BIO* bio, const char* buf, int num) + { + int status, ret; +- rdpTcp* tcp = (rdpTcp*) bio->ptr; ++ rdpTcp* tcp = (rdpTcp*) BIO_get_data(bio); ++ BIO *next_bio = NULL; + int nchunks, committedBytes, i; + DataChunk chunks[2]; + +@@ -283,23 +290,24 @@ static int transport_bio_buffered_write(BIO* bio, cons + + committedBytes = 0; + nchunks = ringbuffer_peek(&tcp->xmitBuffer, chunks, ringbuffer_used(&tcp->xmitBuffer)); ++ next_bio = BIO_next(bio); + + for (i = 0; i < nchunks; i++) + { + while (chunks[i].size) + { +- status = BIO_write(bio->next_bio, chunks[i].data, chunks[i].size); ++ status = BIO_write(next_bio, chunks[i].data, chunks[i].size); + + if (status <= 0) + { +- if (!BIO_should_retry(bio->next_bio)) ++ if (!BIO_should_retry(next_bio)) + { + BIO_clear_flags(bio, BIO_FLAGS_SHOULD_RETRY); + ret = -1; /* fatal error */ + goto out; + } + +- if (BIO_should_write(bio->next_bio)) ++ if (BIO_should_write(next_bio)) + { + BIO_set_flags(bio, BIO_FLAGS_WRITE); + tcp->writeBlocked = TRUE; +@@ -321,16 +329,17 @@ out: + static int transport_bio_buffered_read(BIO* bio, char* buf, int size) + { + int status; +- rdpTcp* tcp = (rdpTcp*) bio->ptr; ++ rdpTcp* tcp = (rdpTcp*) BIO_get_data(bio); ++ BIO* next_bio = BIO_next(bio); + + tcp->readBlocked = FALSE; + BIO_clear_flags(bio, BIO_FLAGS_READ); + +- status = BIO_read(bio->next_bio, buf, size); ++ status = BIO_read(next_bio, buf, size); + + if (status <= 0) + { +- if (!BIO_should_retry(bio->next_bio)) ++ if (!BIO_should_retry(next_bio)) + { + BIO_clear_flags(bio, BIO_FLAGS_SHOULD_RETRY); + goto out; +@@ -338,7 +347,7 @@ static int transport_bio_buffered_read(BIO* bio, char* + + BIO_set_flags(bio, BIO_FLAGS_SHOULD_RETRY); + +- if (BIO_should_read(bio->next_bio)) ++ if (BIO_should_read(next_bio)) + { + BIO_set_flags(bio, BIO_FLAGS_READ); + tcp->readBlocked = TRUE; +@@ -362,7 +371,7 @@ static int transport_bio_buffered_gets(BIO* bio, char* + + static long transport_bio_buffered_ctrl(BIO* bio, int cmd, long arg1, void* arg2) + { +- rdpTcp* tcp = (rdpTcp*) bio->ptr; ++ rdpTcp* tcp = (rdpTcp*) BIO_get_data(bio); + + switch (cmd) + { +@@ -376,7 +385,7 @@ static long transport_bio_buffered_ctrl(BIO* bio, int + return 0; + + default: +- return BIO_ctrl(bio->next_bio, cmd, arg1, arg2); ++ return BIO_ctrl(BIO_next(bio), cmd, arg1, arg2); + } + + return 0; +@@ -384,10 +393,9 @@ static long transport_bio_buffered_ctrl(BIO* bio, int + + static int transport_bio_buffered_new(BIO* bio) + { +- bio->init = 1; +- bio->num = 0; +- bio->ptr = NULL; +- bio->flags = BIO_FLAGS_SHOULD_RETRY; ++ BIO_set_init(bio, 1); ++ BIO_set_data(bio, 0); ++ BIO_set_flags(bio, BIO_FLAGS_SHOULD_RETRY); + return 1; + } + +@@ -396,29 +404,28 @@ static int transport_bio_buffered_free(BIO* bio) + return 1; + } + +-static BIO_METHOD transport_bio_buffered_socket_methods = +-{ +- BIO_TYPE_BUFFERED, +- "BufferedSocket", +- transport_bio_buffered_write, +- transport_bio_buffered_read, +- transport_bio_buffered_puts, +- transport_bio_buffered_gets, +- transport_bio_buffered_ctrl, +- transport_bio_buffered_new, +- transport_bio_buffered_free, +- NULL, +-}; +- + BIO_METHOD* BIO_s_buffered_socket(void) + { +- return &transport_bio_buffered_socket_methods; ++ static BIO_METHOD* bio_methods = NULL; ++ if (bio_methods == NULL) ++ { ++ if (!(bio_methods = BIO_meth_new(BIO_TYPE_BUFFERED, "BufferedSocket"))) ++ return NULL; ++ BIO_meth_set_write(bio_methods, transport_bio_buffered_write); ++ BIO_meth_set_read(bio_methods, transport_bio_buffered_read); ++ BIO_meth_set_puts(bio_methods, transport_bio_buffered_puts); ++ BIO_meth_set_gets(bio_methods, transport_bio_buffered_gets); ++ BIO_meth_set_ctrl(bio_methods, transport_bio_buffered_ctrl); ++ BIO_meth_set_create(bio_methods, transport_bio_buffered_new); ++ BIO_meth_set_destroy(bio_methods, transport_bio_buffered_free); ++ } ++ return bio_methods; + } + + BOOL transport_bio_buffered_drain(BIO *bio) + { + int status; +- rdpTcp* tcp = (rdpTcp*) bio->ptr; ++ rdpTcp* tcp = (rdpTcp*) BIO_get_data(bio); + + if (!ringbuffer_used(&tcp->xmitBuffer)) + return 1; +@@ -527,7 +534,10 @@ BOOL tcp_connect(rdpTcp* tcp, const char* hostname, in + if (!tcp->socketBio) + return FALSE; + +- if (BIO_set_conn_hostname(tcp->socketBio, hostname) < 0 || BIO_set_conn_int_port(tcp->socketBio, &port) < 0) ++ char strport[10]; ++ /* XXX HACK */ ++ snprintf(strport, 10, "%d", port); ++ if (BIO_set_conn_hostname(tcp->socketBio, hostname) < 0 || BIO_set_conn_port(tcp->socketBio, strport) < 0) + return FALSE; + + BIO_set_nbio(tcp->socketBio, 1); +@@ -620,7 +630,7 @@ BOOL tcp_connect(rdpTcp* tcp, const char* hostname, in + if (!tcp->bufferedBio) + return FALSE; + +- tcp->bufferedBio->ptr = tcp; ++ BIO_set_data(tcp->bufferedBio, tcp); + + tcp->bufferedBio = BIO_push(tcp->bufferedBio, tcp->socketBio); + +@@ -771,7 +781,7 @@ int tcp_attach(rdpTcp* tcp, int sockfd) + if (!tcp->bufferedBio) + return FALSE; + +- tcp->bufferedBio->ptr = tcp; ++ BIO_set_data(tcp->bufferedBio, tcp); + + tcp->bufferedBio = BIO_push(tcp->bufferedBio, tcp->socketBio); + } Added: head/net/freerdp1/files/patch-libfreerdp_core_transport.c ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/net/freerdp1/files/patch-libfreerdp_core_transport.c Sun Nov 18 14:53:00 2018 (r485226) @@ -0,0 +1,92 @@ +--- libfreerdp/core/transport.c.orig 2014-09-11 22:46:32 UTC ++++ libfreerdp/core/transport.c +@@ -54,6 +54,7 @@ + #include "fastpath.h" + #include "transport.h" + #include "rdp.h" ++#include "../crypto/opensslcompat.h" + + #define TAG FREERDP_TAG("core") + +@@ -122,7 +123,7 @@ static int transport_bio_tsg_write(BIO* bio, const cha + { + int status; + rdpTsg* tsg; +- tsg = (rdpTsg*) bio->ptr; ++ tsg = (rdpTsg*) BIO_get_data(bio); + BIO_clear_flags(bio, BIO_FLAGS_WRITE); + status = tsg_write(tsg, (BYTE*) buf, num); + +@@ -142,9 +143,9 @@ static int transport_bio_tsg_read(BIO* bio, char* buf, + { + int status; + rdpTsg* tsg; +- tsg = (rdpTsg*) bio->ptr; ++ tsg = (rdpTsg*) BIO_get_data(bio); + BIO_clear_flags(bio, BIO_FLAGS_READ); +- status = tsg_read(bio->ptr, (BYTE*) buf, size); ++ status = tsg_read(tsg, (BYTE*) buf, size); + + if (status < 0) + { +@@ -180,10 +181,9 @@ static long transport_bio_tsg_ctrl(BIO* bio, int cmd, + + static int transport_bio_tsg_new(BIO* bio) + { +- bio->init = 1; +- bio->num = 0; +- bio->ptr = NULL; +- bio->flags = BIO_FLAGS_SHOULD_RETRY; ++ BIO_set_init(bio, 1); ++ BIO_set_data(bio, 0); ++ BIO_set_flags(bio, BIO_FLAGS_SHOULD_RETRY); + return 1; + } + +@@ -194,23 +194,22 @@ static int transport_bio_tsg_free(BIO* bio) + + #define BIO_TYPE_TSG 65 + +-static BIO_METHOD transport_bio_tsg_methods = +-{ +- BIO_TYPE_TSG, +- "TSGateway", +- transport_bio_tsg_write, +- transport_bio_tsg_read, +- transport_bio_tsg_puts, +- transport_bio_tsg_gets, +- transport_bio_tsg_ctrl, +- transport_bio_tsg_new, +- transport_bio_tsg_free, +- NULL, +-}; +- + BIO_METHOD* BIO_s_tsg(void) + { +- return &transport_bio_tsg_methods; ++ static BIO_METHOD* bio_methods = NULL; ++ if (bio_methods == NULL) ++ { ++ if (!(bio_methods = BIO_meth_new(BIO_TYPE_TSG, "TSGateway"))) ++ return NULL; ++ BIO_meth_set_write(bio_methods, transport_bio_tsg_write); ++ BIO_meth_set_read(bio_methods, transport_bio_tsg_read); ++ BIO_meth_set_puts(bio_methods, transport_bio_tsg_puts); ++ BIO_meth_set_gets(bio_methods, transport_bio_tsg_gets); ++ BIO_meth_set_ctrl(bio_methods, transport_bio_tsg_ctrl); ++ BIO_meth_set_create(bio_methods, transport_bio_tsg_new); ++ BIO_meth_set_destroy(bio_methods, transport_bio_tsg_free); ++ } ++ return bio_methods; + } + + BOOL transport_connect_tls(rdpTransport* transport) +@@ -426,7 +425,7 @@ BOOL transport_tsg_connect(rdpTransport* transport, co + return FALSE; + + transport->frontBio = BIO_new(BIO_s_tsg()); +- transport->frontBio->ptr = tsg; ++ BIO_set_data(transport->frontBio, tsg); + return TRUE; + } + Added: head/net/freerdp1/files/patch-libfreerdp_crypto_CMakeLists.txt ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/net/freerdp1/files/patch-libfreerdp_crypto_CMakeLists.txt Sun Nov 18 14:53:00 2018 (r485226) @@ -0,0 +1,12 @@ +--- libfreerdp/crypto/CMakeLists.txt.orig 2018-11-15 22:43:06 UTC ++++ libfreerdp/crypto/CMakeLists.txt +@@ -26,7 +26,8 @@ freerdp_module_add( + base64.c + certificate.c + crypto.c +- tls.c) ++ tls.c ++ opensslcompat.c) + + freerdp_include_directory_add(${OPENSSL_INCLUDE_DIR}) + freerdp_include_directory_add(${ZLIB_INCLUDE_DIRS}) Added: head/net/freerdp1/files/patch-libfreerdp_crypto_crypto.c ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/net/freerdp1/files/patch-libfreerdp_crypto_crypto.c Sun Nov 18 14:53:00 2018 (r485226) @@ -0,0 +1,189 @@ +--- libfreerdp/crypto/crypto.c.orig 2018-11-06 02:56:44 UTC ++++ libfreerdp/crypto/crypto.c +@@ -92,9 +92,16 @@ CryptoDes3 crypto_des3_encrypt_init(const BYTE* key, c + if (!des3) + return NULL; + ++#if OPENSSL_VERSION_NUMBER >= 0x1010000fL ++ des3->des3_ctx = EVP_CIPHER_CTX_new(); ++ EVP_CIPHER_CTX_init(des3->des3_ctx); ++ EVP_EncryptInit_ex(des3->des3_ctx, EVP_des_ede3_cbc(), NULL, key, ivec); ++ EVP_CIPHER_CTX_set_padding(des3->des3_ctx, 0); ++#else + EVP_CIPHER_CTX_init(&des3->des3_ctx); + EVP_EncryptInit_ex(&des3->des3_ctx, EVP_des_ede3_cbc(), NULL, key, ivec); + EVP_CIPHER_CTX_set_padding(&des3->des3_ctx, 0); ++#endif + return des3; + } + +@@ -103,23 +110,37 @@ CryptoDes3 crypto_des3_decrypt_init(const BYTE* key, c + CryptoDes3 des3 = malloc(sizeof(*des3)); + if (!des3) + return NULL; +- ++#if OPENSSL_VERSION_NUMBER >= 0x1010000fL ++ des3->des3_ctx = EVP_CIPHER_CTX_new(); ++ EVP_CIPHER_CTX_init(des3->des3_ctx); ++ EVP_DecryptInit_ex(des3->des3_ctx, EVP_des_ede3_cbc(), NULL, key, ivec); ++ EVP_CIPHER_CTX_set_padding(des3->des3_ctx, 0); ++#else + EVP_CIPHER_CTX_init(&des3->des3_ctx); + EVP_DecryptInit_ex(&des3->des3_ctx, EVP_des_ede3_cbc(), NULL, key, ivec); + EVP_CIPHER_CTX_set_padding(&des3->des3_ctx, 0); ++#endif + return des3; + } + + void crypto_des3_encrypt(CryptoDes3 des3, UINT32 length, const BYTE* in_data, BYTE* out_data) + { + int len; ++#if OPENSSL_VERSION_NUMBER >= 0x1010000fL ++ EVP_EncryptUpdate(des3->des3_ctx, out_data, &len, in_data, length); ++#else + EVP_EncryptUpdate(&des3->des3_ctx, out_data, &len, in_data, length); ++#endif + } + + void crypto_des3_decrypt(CryptoDes3 des3, UINT32 length, const BYTE* in_data, BYTE* out_data) + { + int len; ++#if OPENSSL_VERSION_NUMBER >= 0x1010000fL ++ EVP_DecryptUpdate(des3->des3_ctx, out_data, &len, in_data, length); ++#else + EVP_DecryptUpdate(&des3->des3_ctx, out_data, &len, in_data, length); ++#endif + + if (length != len) + abort(); /* TODO */ +@@ -129,7 +150,12 @@ void crypto_des3_free(CryptoDes3 des3) + { + if (des3 == NULL) + return; ++#if OPENSSL_VERSION_NUMBER >= 0x1010000fL ++ EVP_CIPHER_CTX_cleanup(des3->des3_ctx); ++ EVP_CIPHER_CTX_free(des3->des3_ctx); ++#else + EVP_CIPHER_CTX_cleanup(&des3->des3_ctx); ++#endif + free(des3); + } + +@@ -139,28 +165,48 @@ CryptoHmac crypto_hmac_new(void) + if (!hmac) + return NULL; + ++#if OPENSSL_VERSION_NUMBER >= 0x1010000fL ++ hmac->hmac_ctx = HMAC_CTX_new(); ++#else + HMAC_CTX_init(&hmac->hmac_ctx); ++#endif + return hmac; + } + + void crypto_hmac_sha1_init(CryptoHmac hmac, const BYTE* data, UINT32 length) + { ++#if OPENSSL_VERSION_NUMBER >= 0x1010000fL ++ HMAC_Init_ex(hmac->hmac_ctx, data, length, EVP_sha1(), NULL); ++#else + HMAC_Init_ex(&hmac->hmac_ctx, data, length, EVP_sha1(), NULL); ++#endif + } + + void crypto_hmac_md5_init(CryptoHmac hmac, const BYTE* data, UINT32 length) + { ++#if OPENSSL_VERSION_NUMBER >= 0x1010000fL ++ HMAC_Init_ex(hmac->hmac_ctx, data, length, EVP_md5(), NULL); ++#else + HMAC_Init_ex(&hmac->hmac_ctx, data, length, EVP_md5(), NULL); ++#endif + } + + void crypto_hmac_update(CryptoHmac hmac, const BYTE* data, UINT32 length) + { ++#if OPENSSL_VERSION_NUMBER >= 0x1010000fL ++ HMAC_Update(hmac->hmac_ctx, data, length); ++#else + HMAC_Update(&hmac->hmac_ctx, data, length); ++#endif + } + + void crypto_hmac_final(CryptoHmac hmac, BYTE* out_data, UINT32 length) + { ++#if OPENSSL_VERSION_NUMBER >= 0x1010000fL ++ HMAC_Final(hmac->hmac_ctx, out_data, &length); ++#else + HMAC_Final(&hmac->hmac_ctx, out_data, &length); ++#endif + } + + void crypto_hmac_free(CryptoHmac hmac) +@@ -168,7 +214,11 @@ void crypto_hmac_free(CryptoHmac hmac) + if (hmac == NULL) + return; + ++#if OPENSSL_VERSION_NUMBER >= 0x1010000fL ++ HMAC_CTX_free(hmac->hmac_ctx); ++#else + HMAC_CTX_cleanup(&hmac->hmac_ctx); ++#endif + free(hmac); + } + +@@ -236,7 +286,11 @@ static int crypto_rsa_common(const BYTE* input, int le + BYTE* input_reverse; + BYTE* modulus_reverse; + BYTE* exponent_reverse; ++#if OPENSSL_VERSION_NUMBER >= 0x1010000fL ++ BIGNUM *mod, *exp, *x, *y; ++#else + BIGNUM mod, exp, x, y; ++#endif + + input_reverse = (BYTE*) malloc(2 * key_length + exponent_size); + if (!input_reverse) +@@ -254,6 +308,18 @@ static int crypto_rsa_common(const BYTE* input, int le + ctx = BN_CTX_new(); + if (!ctx) + goto out_free_input_reverse; ++#if OPENSSL_VERSION_NUMBER >= 0x1010000fL ++ mod = BN_new(); ++ exp = BN_new(); ++ x = BN_new(); ++ y = BN_new(); ++ ++ BN_bin2bn(modulus_reverse, key_length, mod); ++ BN_bin2bn(exponent_reverse, exponent_size, exp); ++ BN_bin2bn(input_reverse, length, x); ++ BN_mod_exp(y, x, exp, mod, ctx); ++ output_length = BN_bn2bin(y, output); ++#else + BN_init(&mod); + BN_init(&exp); + BN_init(&x); +@@ -263,17 +329,24 @@ static int crypto_rsa_common(const BYTE* input, int le + BN_bin2bn(exponent_reverse, exponent_size, &exp); + BN_bin2bn(input_reverse, length, &x); + BN_mod_exp(&y, &x, &exp, &mod, ctx); +- + output_length = BN_bn2bin(&y, output); ++#endif + crypto_reverse(output, output_length); + + if (output_length < (int) key_length) + memset(output + output_length, 0, key_length - output_length); + ++#if OPENSSL_VERSION_NUMBER >= 0x1010000fL ++ BN_free(y); ++ BN_clear_free(x); ++ BN_free(exp); ++ BN_free(mod); ++#else + BN_free(&y); + BN_clear_free(&x); + BN_free(&exp); + BN_free(&mod); ++#endif + BN_CTX_free(ctx); + + out_free_input_reverse: Added: head/net/freerdp1/files/patch-libfreerdp_crypto_opensslcompat.c ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/net/freerdp1/files/patch-libfreerdp_crypto_opensslcompat.c Sun Nov 18 14:53:00 2018 (r485226) @@ -0,0 +1,47 @@ +--- libfreerdp/crypto/opensslcompat.c.orig 2018-11-15 22:42:44 UTC ++++ libfreerdp/crypto/opensslcompat.c +@@ -0,0 +1,44 @@ ++/** ++ * FreeRDP: A Remote Desktop Protocol Implementation ++ * OpenSSL Compatibility ++ * ++ * Copyright (C) 2016 Norbert Federa ++ * ++ * Licensed under the Apache License, Version 2.0 (the "License"); ++ * you may not use this file except in compliance with the License. ++ * You may obtain a copy of the License at ++ * ++ * http://www.apache.org/licenses/LICENSE-2.0 ++ * ++ * Unless required by applicable law or agreed to in writing, software ++ * distributed under the License is distributed on an "AS IS" BASIS, ++ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. ++ * See the License for the specific language governing permissions and ++ * limitations under the License. ++ */ ++ ++#include "opensslcompat.h" ++ ++#if OPENSSL_VERSION_NUMBER < 0x10100000L ++ ++BIO_METHOD* BIO_meth_new(int type, const char* name) ++{ ++ BIO_METHOD* m; ++ if (!(m = calloc(1, sizeof(BIO_METHOD)))) ++ return NULL; ++ m->type = type; ++ m->name = name; ++ return m; ++} ++ ++void RSA_get0_key(const RSA* r, const BIGNUM** n, const BIGNUM** e, const BIGNUM** d) ++{ ++ if (n != NULL) ++ *n = r->n; ++ if (e != NULL) ++ *e = r->e; ++ if (d != NULL) ++ *d = r->d; ++} ++ ++#endif /* OPENSSL < 1.1.0 */ Added: head/net/freerdp1/files/patch-libfreerdp_crypto_opensslcompat.h ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/net/freerdp1/files/patch-libfreerdp_crypto_opensslcompat.h Sun Nov 18 14:53:00 2018 (r485226) @@ -0,0 +1,64 @@ +--- libfreerdp/crypto/opensslcompat.h.orig 2018-11-15 22:42:46 UTC ++++ libfreerdp/crypto/opensslcompat.h +@@ -0,0 +1,61 @@ ++/** ++ * FreeRDP: A Remote Desktop Protocol Implementation ++ * OpenSSL Compatibility ++ * ++ * Copyright (C) 2016 Norbert Federa ++ * ++ * Licensed under the Apache License, Version 2.0 (the "License"); ++ * you may not use this file except in compliance with the License. ++ * You may obtain a copy of the License at ++ * *** DIFF OUTPUT TRUNCATED AT 1000 LINES ***