Site Navigation

Date:      Sun, 20 Feb 2000 19:45:38 -0800
From:      "Jordan K. Hubbard" <jkh@zippy.cdrom.com>
To:        freebsd-current@FreeBSD.ORG
Subject:   A potential fix [was Re: openssl in -current]
Message-ID:  <61404.951104738@zippy.cdrom.com>
In-Reply-To: Your message of "Sun, 20 Feb 2000 18:06:17 PST." <19347.951098777@zippy.cdrom.com> 

---

next in thread | previous in thread | raw e-mail | index | archive | help

---

OK, I've dinked around with this some more and I think I might have at
least a partial solution to this whole mess (it still doesn't make
openssl actually useful to us, it just makes it less annoying :).

First, apply the following patch:

Index: Makefile
===================================================================
RCS file: /home/ncvs/src/secure/lib/librsaglue/Makefile,v
retrieving revision 1.1
diff -u -u -r1.1 Makefile
--- Makefile	2000/01/20 07:24:40	1.1
+++ Makefile	2000/02/21 03:01:09
@@ -11,7 +11,7 @@
 CFLAGS+=	-I${.OBJDIR}
 
 # rsaref
-SRCS+=	rsar_err.c rsaref.c
+SRCS+=	rsar_err.c rsaref.c rsaref_stubs.c
 
 HDRS=	asn1/asn1.h asn1/asn1_mac.h bio/bio.h bf/blowfish.h bn/bn.h \
 	buffer/buffer.h cast/cast.h comp/comp.h conf/conf.h crypto.h \

Then stick the code below in /usr/src/crypto/openssl/rsaref/rsaref_stubs.c
and rebuild/install from /usr/src/secure/lib/librsaglue.  If you
then proceed to /usr/ports/security/openssh and make this change:

Index: Makefile
===================================================================
RCS file: /home/ncvs/ports/security/openssh/Makefile,v
retrieving revision 1.45
diff -u -u -r1.45 Makefile
--- Makefile	2000/02/16 04:52:59	1.45
+++ Makefile	2000/02/21 03:30:44
@@ -31,7 +31,7 @@
 		:pserver:anoncvs@anoncvs1.usa.openbsd.org:/cvs
 CRYPTOLIBS=	-L${OPENSSLLIB} -lcrypto
 .if defined(OPENSSL_RSAREF)
-CRYPTOLIBS+=	-lRSAglue -L${LOCALBASE}/lib -lrsaref
+CRYPTOLIBS+=	-lRSAglue
 .endif
 # Here, MANDIR is concetenated to DESTDIR which all forms the man install dir...
 MAKE_ENV+=	DESTDIR=${PREFIX} MANDIR=/man/man CRYPTOLIBS="${CRYPTOLIBS}"

You'll create an ssh which either whines at you for having no librsaref.so
or, if you do have one, will load and use it seamlessly.

- Jordan


/*
 * $FreeBSD$
 *
 * Copyright (c) 2000
 *	Jordan Hubbard.  All rights reserved.
 *
 * Stub functions for RSA code.  If you link with this code, you will
 * get a full set of weak symbol references to the rsaref library
 * functions which are required by openssl.  These can then be occluded
 * by the real rsaref library by implicitly linking with it or, failing
 * that, these stub functions will attempt to dlopen() the appropriate
 * rsaref library if it can be found in the library search path.
 *
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer,
 *    verbatim and that no modifications are made prior to this
 *    point in the file.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 *
 * THIS SOFTWARE IS PROVIDED BY JORDAN HUBBARD ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL JORDAN HUBBARD OR HIS PETS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, LIFE OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 *
 */

#ifndef NO_RSA
#include <dlfcn.h>
#include <stdio.h>

#define RSA_SHLIB	"librsaref.so"	/* be more exact if you need to */
#define VERBOSE_STUBS	/* undef if you don't want missing rsaref reported */

static void *
getsym(const char *sym)
{
    static void *rsalib;
    static int whined;
    void *ret = NULL;

    if (!rsalib)
	rsalib = dlopen(RSA_SHLIB, RTLD_LAZY);
    if (rsalib)
	ret = dlsym(rsalib, sym);
#ifdef VERBOSE_STUBS
     if (!ret && !whined) {
	fprintf(stderr, "** %s: Unable to find an rsaref shared library (%s).\n", sym, RSA_SHLIB);
	fprintf(stderr, "** Install an RSA package on your system and run this program again\n", RSA_SHLIB);
	whined = 1;
     }
#endif
     return ret;
}

#pragma weak RSAPrivateDecrypt=RSAPrivateDecrypt_stub
int
RSAPrivateDecrypt_stub(unsigned char *output, unsigned int *outlen,
    unsigned char *input, int inputlen, void *RSAkey)
{
    static int (*sym)(unsigned char *, unsigned int *, unsigned char *, int, void *);

    if (sym || (sym = getsym("RSAPrivateDecrypt")))
	return sym(output, outlen, input, inputlen, RSAkey);
    return 0;
}

#pragma weak RSAPrivateEncrypt=RSAPrivateEncrypt_stub
int
RSAPrivateEncrypt_stub(unsigned char *output, unsigned int *outlen,
    unsigned char *input, int inputlen, void *RSAkey)
{
    static int (*sym)(unsigned char *, unsigned int *, unsigned char *, int, void *);

    if (sym || (sym = getsym("RSAPrivateEncrypt")))
	return sym(output, outlen, input, inputlen, RSAkey);
    return 0;
}

#pragma weak RSAPublicDecrypt=RSAPublicDecrypt_stub
int
RSAPublicDecrypt_stub(unsigned char *output, unsigned int *outlen,
    unsigned char *input, int inputlen, void *RSAkey)
{
    static int (*sym)(unsigned char *, unsigned int *, unsigned char *, int, void *);

    if (sym || (sym = getsym("RSAPublicDecrypt")))
	return sym(output, outlen, input, inputlen, RSAkey);
    return 0;
}

#pragma weak RSAPublicEncrypt=RSAPublicEncrypt_stub
int
RSAPublicEncrypt_stub(unsigned char *output, unsigned int *outlen,
    unsigned char *input, int inputlen, void *RSAkey, void *randomStruct)
{
    static int (*sym)(unsigned char *, unsigned int *, unsigned char *, int,
	void *, void *);

    if (sym || (sym = getsym("RSAPublicEncrypt")))
	return sym(output, outlen, input, inputlen, RSAkey, randomStruct);
    return 0;
}

#pragma weak R_GetRandomBytesNeeded=R_GetRandomBytesNeeded_stub
int
R_GetRandomBytesNeeded_stub(unsigned int *bytesNeeded, void *randomStruct) 
{
    static int (*sym)(unsigned int *, void *);

    if (sym || (sym = getsym("R_GetRandomBytesNeeded")))
	return sym(bytesNeeded, randomStruct);
    return 0;
}

#pragma weak R_RandomFinal=R_RandomFinal_stub
void
R_RandomFinal_stub(void *randomStruct)
{
    static void (*sym)(void *);

    if (sym || (sym = getsym("R_RandomFinal")))
	sym(randomStruct);
}

#pragma weak R_RandomInit=R_RandomInit_stub
int
R_RandomInit_stub(void *randomStruct)
{
    static int (*sym)(void *);

    if (sym || (sym = getsym("R_RandomInit")))
	sym(randomStruct);
}

#pragma weak R_RandomUpdate=R_RandomUpdate_stub
int
R_RandomUpdate_stub(void *randomStruct,
    unsigned char *block, unsigned int blockLen) 
{
    static int (*sym)(void *, unsigned char *, unsigned int);

    if (sym || (sym = getsym("R_RandomUpdate")))
	sym(randomStruct, block, blockLen);
}

#endif	/* NO_RSA */


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?61404.951104738>

Legal Notices | © 1995-2025 The FreeBSD Project. All rights reserved.

Contact