Date: Tue, 30 Oct 2018 17:26:25 +0100 From: Tobias Kortkamp <tobik@FreeBSD.org> To: Dima Panov <fluffy@FreeBSD.org>, ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: Re: svn commit: r483489 - in head/security/botan110: . files Message-ID: <1540916785.3580039.1559829120.58808FBB@webmail.messagingengine.com> In-Reply-To: <201810301400.w9UE0VQ6067291@repo.freebsd.org> References: <201810301400.w9UE0VQ6067291@repo.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Oct 30, 2018, at 15:00, Dima Panov wrote: > Author: fluffy > Date: Tue Oct 30 14:00:31 2018 > New Revision: 483489 > URL: https://svnweb.freebsd.org/changeset/ports/483489 > > Log: > - Update to 1.10.7 release [1] > - While here, add unofficial OpenSSL 1.1.x API support [2, based on] > > PR: 222971 [1], 229030 [2] > Submitted by: Ralf van der Enden [1], Nathan Dowens [2] > Reported by: brnrd [2] > Approved by: maintainer > MFH: 2018Q4 > > Added: > head/security/botan110/files/extra-patch-openssl11 (contents, props changed) > Modified: > head/security/botan110/Makefile > head/security/botan110/distinfo > > Modified: head/security/botan110/Makefile > ============================================================================== > --- head/security/botan110/Makefile Tue Oct 30 13:30:16 2018 (r483488) > +++ head/security/botan110/Makefile Tue Oct 30 14:00:31 2018 (r483489) > @@ -2,8 +2,7 @@ > # $FreeBSD$ > > PORTNAME= botan > -PORTVERSION= 1.10.13 > -PORTREVISION= 9 > +DISTVERSION= 1.10.17 > CATEGORIES= security > MASTER_SITES= http://botan.randombit.net/releases/ > PKGNAMESUFFIX= 110 > @@ -16,13 +15,11 @@ LICENSE= BSD2CLAUSE > LICENSE_FILE= ${WRKSRC}/doc/license.txt > > BROKEN_aarch64= Fails to configure: unknown or unidentifiable processor > arm64 > -BROKEN_SSL= openssl-devel > -BROKEN_SSL_REASON_openssl-devel= error: variable has incomplete type > 'EVP_MD_CTX' (aka 'struct evp_md_ctx_st') > > OPTIONS_DEFINE= SSL GMP DOCS > OPTIONS_DEFAULT= SSL GMP > > -USES= compiler gmake python:build tar:tgz > +USES= compiler gmake python:build shebangfix tar:tgz > HAS_CONFIGURE= yes > CONFIGURE_SCRIPT= configure.py > CONFIGURE_ARGS= --prefix=${PREFIX} --cc ${CHOSEN_COMPILER_TYPE} \ > @@ -30,7 +27,8 @@ CONFIGURE_ARGS= --prefix=${PREFIX} --cc ${CHOSEN_COMPI > MAKE_ARGS= CXX="${CXX}" LIB_OPT="${CXXFLAGS}" > USE_LDCONFIG= yes > PLIST_FILES= bin/botan-config-1.10 lib/libbotan-1.10.a lib/ > libbotan-1.10.so lib/libbotan-1.10.so.1 \ > - lib/libbotan-1.10.so.1.13 libdata/pkgconfig/botan-1.10.pc > + lib/libbotan-1.10.so.1.17 libdata/pkgconfig/botan-1.10.pc > +SHEBANG_FILES= configure.py > > DOCSDIR= ${PREFIX}/share/doc/${PORTNAME}-${PORTVERSION} > PORTDOCS= * > @@ -41,6 +39,12 @@ SSL_CONFIGURE_WITH= openssl > GMP_USES= localbase:ldflags > GMP_LIB_DEPENDS= libgmp.so:math/gmp > GMP_CONFIGURE_WITH= gnump > + > +.include <bsd.port.pre.mk> If bsd.port.pre.mk is included, bsd.port.post.mk *must* be used later, not bsd.port.mk. /!\ botan110-1.10.17: Makefile errors /!\ you cannot include bsd.port[.pre].mk twice > + > +.if (${OPSYS} == FreeBSD && ${OSVERSION} > 1200084) || $ > {SSL_DEFAULT:Mopenssl111} || ${SSL_DEFAULT:M*-devel} > +EXTRA_PATCHES+= ${FILESDIR}/extra-patch-openssl11 > +.endif > > post-patch: > @${REINPLACE_CMD} -e "s|#!/usr/bin/env python|#!${PYTHON_CMD}|" \ > > Modified: head/security/botan110/distinfo > ============================================================================== > --- head/security/botan110/distinfo Tue Oct 30 13:30:16 2018 (r483488) > +++ head/security/botan110/distinfo Tue Oct 30 14:00:31 2018 (r483489) > @@ -1,3 +1,3 @@ > -TIMESTAMP = 1465867941 > -SHA256 (Botan-1.10.13.tgz) = > 23ec973d4b4a4fe04f490d409e08ac5638afe3aa09acd7f520daaff38ba19b90 > -SIZE (Botan-1.10.13.tgz) = 2710181 > +TIMESTAMP = 1507819766 > +SHA256 (Botan-1.10.17.tgz) = > 6847ffb64b8d2f939dccfecc17bd2c80385d08f7621e2c56d3a335118e823613 > +SIZE (Botan-1.10.17.tgz) = 2706678 > > Added: head/security/botan110/files/extra-patch-openssl11 > ============================================================================== > --- /dev/null 00:00:00 1970 (empty, because file is newly added) > +++ head/security/botan110/files/extra-patch-openssl11 Tue Oct 30 > 14:00:31 2018 (r483489) > @@ -0,0 +1,257 @@ > +--- src/engine/openssl/ossl_bc.cpp.orig 2018-10-15 00:16:53 UTC > ++++ src/engine/openssl/ossl_bc.cpp > +@@ -8,10 +8,6 @@ > + #include <botan/internal/openssl_engine.h> > + #include <openssl/evp.h> > + > +-#if OPENSSL_VERSION_NUMBER >= 0x10100000 > +- #error "OpenSSL 1.1 API not supported in Botan 1.10, upgrade to 2.x" > +-#endif > +- > + namespace Botan { > + > + namespace { > +@@ -44,7 +40,7 @@ > + size_t block_sz; > + Key_Length_Specification cipher_key_spec; > + std::string cipher_name; > +- mutable EVP_CIPHER_CTX encrypt, decrypt; > ++ mutable EVP_CIPHER_CTX *encrypt, *decrypt; > + }; This is broken and botan will hopefully crash at runtime. There is never any memory allocated for encrypt or decrypt (via EVP_CIPHER_CTX_new or EVP_CIPHER_CTX_create). > + > + /* > +@@ -59,14 +55,14 @@ > + if(EVP_CIPHER_mode(algo) != EVP_CIPH_ECB_MODE) > + throw Invalid_Argument("EVP_BlockCipher: Non-ECB EVP was passed > in"); > + > +- EVP_CIPHER_CTX_init(&encrypt); > +- EVP_CIPHER_CTX_init(&decrypt); > ++ EVP_CIPHER_CTX_init(encrypt); > ++ EVP_CIPHER_CTX_init(decrypt); > + > +- EVP_EncryptInit_ex(&encrypt, algo, 0, 0, 0); > +- EVP_DecryptInit_ex(&decrypt, algo, 0, 0, 0); > ++ EVP_EncryptInit_ex(encrypt, algo, 0, 0, 0); > ++ EVP_DecryptInit_ex(decrypt, algo, 0, 0, 0); > + > +- EVP_CIPHER_CTX_set_padding(&encrypt, 0); > +- EVP_CIPHER_CTX_set_padding(&decrypt, 0); > ++ EVP_CIPHER_CTX_set_padding(encrypt, 0); > ++ EVP_CIPHER_CTX_set_padding(decrypt, 0); > + } > + > + /* > +@@ -83,14 +79,14 @@ > + if(EVP_CIPHER_mode(algo) != EVP_CIPH_ECB_MODE) > + throw Invalid_Argument("EVP_BlockCipher: Non-ECB EVP was passed > in"); > + > +- EVP_CIPHER_CTX_init(&encrypt); > +- EVP_CIPHER_CTX_init(&decrypt); > ++ EVP_CIPHER_CTX_init(encrypt); > ++ EVP_CIPHER_CTX_init(decrypt); > + > +- EVP_EncryptInit_ex(&encrypt, algo, 0, 0, 0); > +- EVP_DecryptInit_ex(&decrypt, algo, 0, 0, 0); > ++ EVP_EncryptInit_ex(encrypt, algo, 0, 0, 0); > ++ EVP_DecryptInit_ex(decrypt, algo, 0, 0, 0); > + > +- EVP_CIPHER_CTX_set_padding(&encrypt, 0); > +- EVP_CIPHER_CTX_set_padding(&decrypt, 0); > ++ EVP_CIPHER_CTX_set_padding(encrypt, 0); > ++ EVP_CIPHER_CTX_set_padding(decrypt, 0); > + } > + > + /* > +@@ -98,8 +94,8 @@ > + */ > + EVP_BlockCipher::~EVP_BlockCipher() > + { > +- EVP_CIPHER_CTX_cleanup(&encrypt); > +- EVP_CIPHER_CTX_cleanup(&decrypt); > ++ EVP_CIPHER_CTX_cleanup(encrypt); > ++ EVP_CIPHER_CTX_cleanup(decrypt); > + } > + > + /* > +@@ -109,7 +105,7 @@ > + size_t blocks) const > + { > + int out_len = 0; > +- EVP_EncryptUpdate(&encrypt, out, &out_len, in, blocks * block_sz); > ++ EVP_EncryptUpdate(encrypt, out, &out_len, in, blocks * block_sz); > + } > + > + /* > +@@ -119,7 +115,7 @@ > + size_t blocks) const > + { > + int out_len = 0; > +- EVP_DecryptUpdate(&decrypt, out, &out_len, in, blocks * block_sz); > ++ EVP_DecryptUpdate(decrypt, out, &out_len, in, blocks * block_sz); > + } > + > + /* > +@@ -134,19 +130,19 @@ > + full_key += std::make_pair(key, 8); > + } > + else > +- if(EVP_CIPHER_CTX_set_key_length(&encrypt, length) == 0 || > +- EVP_CIPHER_CTX_set_key_length(&decrypt, length) == 0) > ++ if(EVP_CIPHER_CTX_set_key_length(encrypt, length) == 0 || > ++ EVP_CIPHER_CTX_set_key_length(decrypt, length) == 0) > + throw Invalid_Argument("EVP_BlockCipher: Bad key length for " > + > + cipher_name); > + > + if(cipher_name == "RC2") > + { > +- EVP_CIPHER_CTX_ctrl(&encrypt, EVP_CTRL_SET_RC2_KEY_BITS, > length*8, 0); > +- EVP_CIPHER_CTX_ctrl(&decrypt, EVP_CTRL_SET_RC2_KEY_BITS, > length*8, 0); > ++ EVP_CIPHER_CTX_ctrl(encrypt, EVP_CTRL_SET_RC2_KEY_BITS, > length*8, 0); > ++ EVP_CIPHER_CTX_ctrl(decrypt, EVP_CTRL_SET_RC2_KEY_BITS, > length*8, 0); > + } > + > +- EVP_EncryptInit_ex(&encrypt, 0, 0, full_key.begin(), 0); > +- EVP_DecryptInit_ex(&decrypt, 0, 0, full_key.begin(), 0); > ++ EVP_EncryptInit_ex(encrypt, 0, 0, full_key.begin(), 0); > ++ EVP_DecryptInit_ex(decrypt, 0, 0, full_key.begin(), 0); > + } > + > + /* > +@@ -154,7 +150,7 @@ > + */ > + BlockCipher* EVP_BlockCipher::clone() const > + { > +- return new EVP_BlockCipher(EVP_CIPHER_CTX_cipher(&encrypt), > ++ return new EVP_BlockCipher(EVP_CIPHER_CTX_cipher(encrypt), > + cipher_name, > + cipher_key_spec.minimum_keylength(), > + cipher_key_spec.maximum_keylength(), > +@@ -166,16 +162,16 @@ > + */ > + void EVP_BlockCipher::clear() > + { > +- const EVP_CIPHER* algo = EVP_CIPHER_CTX_cipher(&encrypt); > ++ const EVP_CIPHER* algo = EVP_CIPHER_CTX_cipher(encrypt); > + > +- EVP_CIPHER_CTX_cleanup(&encrypt); > +- EVP_CIPHER_CTX_cleanup(&decrypt); > +- EVP_CIPHER_CTX_init(&encrypt); > +- EVP_CIPHER_CTX_init(&decrypt); > +- EVP_EncryptInit_ex(&encrypt, algo, 0, 0, 0); > +- EVP_DecryptInit_ex(&decrypt, algo, 0, 0, 0); > +- EVP_CIPHER_CTX_set_padding(&encrypt, 0); > +- EVP_CIPHER_CTX_set_padding(&decrypt, 0); > ++ EVP_CIPHER_CTX_cleanup(encrypt); > ++ EVP_CIPHER_CTX_cleanup(decrypt); > ++ EVP_CIPHER_CTX_init(encrypt); > ++ EVP_CIPHER_CTX_init(decrypt); > ++ EVP_EncryptInit_ex(encrypt, algo, 0, 0, 0); > ++ EVP_DecryptInit_ex(decrypt, algo, 0, 0, 0); > ++ EVP_CIPHER_CTX_set_padding(encrypt, 0); > ++ EVP_CIPHER_CTX_set_padding(decrypt, 0); > + } > + > + } > +--- src/engine/openssl/ossl_md.cpp.orig 2018-10-15 00:26:19 UTC > ++++ src/engine/openssl/ossl_md.cpp > +@@ -8,10 +8,6 @@ > + #include <botan/internal/openssl_engine.h> > + #include <openssl/evp.h> > + > +-#if OPENSSL_VERSION_NUMBER >= 0x10100000 > +- #error "OpenSSL 1.1 API not supported in Botan 1.10, upgrade to 2.x" > +-#endif > +- > + namespace Botan { > + > + namespace { > +@@ -28,12 +24,12 @@ > + > + size_t output_length() const > + { > +- return EVP_MD_size(EVP_MD_CTX_md(&md)); > ++ return EVP_MD_size(EVP_MD_CTX_md(md)); > + } > + > + size_t hash_block_size() const > + { > +- return EVP_MD_block_size(EVP_MD_CTX_md(&md)); > ++ return EVP_MD_block_size(EVP_MD_CTX_md(md)); > + } > + > + EVP_HashFunction(const EVP_MD*, const std::string&); > +@@ -44,7 +40,7 @@ > + > + size_t block_size; > + std::string algo_name; > +- EVP_MD_CTX md; > ++ EVP_MD_CTX *md; > + }; Same as above. No memory is allocated for md via EVP_MD_CTX_new or EVP_MD_CTX_create. Did botan's test suite pass after these changes? > + > + /* > +@@ -52,7 +48,7 @@ > + */ > + void EVP_HashFunction::add_data(const byte input[], size_t length) > + { > +- EVP_DigestUpdate(&md, input, length); > ++ EVP_DigestUpdate(md, input, length); > + } > + > + /* > +@@ -60,9 +56,9 @@ > + */ > + void EVP_HashFunction::final_result(byte output[]) > + { > +- EVP_DigestFinal_ex(&md, output, 0); > +- const EVP_MD* algo = EVP_MD_CTX_md(&md); > +- EVP_DigestInit_ex(&md, algo, 0); > ++ EVP_DigestFinal_ex(md, output, 0); > ++ const EVP_MD* algo = EVP_MD_CTX_md(md); > ++ EVP_DigestInit_ex(md, algo, 0); > + } > + > + /* > +@@ -70,8 +66,8 @@ > + */ > + void EVP_HashFunction::clear() > + { > +- const EVP_MD* algo = EVP_MD_CTX_md(&md); > +- EVP_DigestInit_ex(&md, algo, 0); > ++ const EVP_MD* algo = EVP_MD_CTX_md(md); > ++ EVP_DigestInit_ex(md, algo, 0); > + } > + > + /* > +@@ -79,7 +75,7 @@ > + */ > + HashFunction* EVP_HashFunction::clone() const > + { > +- const EVP_MD* algo = EVP_MD_CTX_md(&md); > ++ const EVP_MD* algo = EVP_MD_CTX_md(md); > + return new EVP_HashFunction(algo, name()); > + } > + > +@@ -90,8 +86,8 @@ > + const std::string& name) : > + algo_name(name) > + { > +- EVP_MD_CTX_init(&md); > +- EVP_DigestInit_ex(&md, algo, 0); > ++ EVP_MD_CTX_init(md); > ++ EVP_DigestInit_ex(md, algo, 0); > + } > + > + /* > +@@ -99,7 +95,11 @@ > + */ > + EVP_HashFunction::~EVP_HashFunction() > + { > +- EVP_MD_CTX_cleanup(&md); > ++#if OPENSSL_VERSION_NUMBER >= 0x10100000 > ++ EVP_MD_CTX_free(md); > ++#else > ++ EVP_MD_CTX_cleanup(md); > ++#endif > + } > + > + } >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1540916785.3580039.1559829120.58808FBB>