From owner-freebsd-current Sun Feb 20 19:45:57 2000 Delivered-To: freebsd-current@freebsd.org Received: from zippy.cdrom.com (zippy.cdrom.com [204.216.27.228]) by hub.freebsd.org (Postfix) with ESMTP id 7500937BC16 for ; Sun, 20 Feb 2000 19:45:51 -0800 (PST) (envelope-from jkh@zippy.cdrom.com) Received: from zippy.cdrom.com (jkh@localhost [127.0.0.1]) by zippy.cdrom.com (8.9.3/8.9.3) with ESMTP id TAA61407 for ; Sun, 20 Feb 2000 19:45:39 -0800 (PST) (envelope-from jkh@zippy.cdrom.com) To: freebsd-current@FreeBSD.ORG Subject: A potential fix [was Re: openssl in -current] In-reply-to: Your message of "Sun, 20 Feb 2000 18:06:17 PST." <19347.951098777@zippy.cdrom.com> Date: Sun, 20 Feb 2000 19:45:38 -0800 Message-ID: <61404.951104738@zippy.cdrom.com> From: "Jordan K. Hubbard" Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG OK, I've dinked around with this some more and I think I might have at least a partial solution to this whole mess (it still doesn't make openssl actually useful to us, it just makes it less annoying :). First, apply the following patch: Index: Makefile =================================================================== RCS file: /home/ncvs/src/secure/lib/librsaglue/Makefile,v retrieving revision 1.1 diff -u -u -r1.1 Makefile --- Makefile 2000/01/20 07:24:40 1.1 +++ Makefile 2000/02/21 03:01:09 @@ -11,7 +11,7 @@ CFLAGS+= -I${.OBJDIR} # rsaref -SRCS+= rsar_err.c rsaref.c +SRCS+= rsar_err.c rsaref.c rsaref_stubs.c HDRS= asn1/asn1.h asn1/asn1_mac.h bio/bio.h bf/blowfish.h bn/bn.h \ buffer/buffer.h cast/cast.h comp/comp.h conf/conf.h crypto.h \ Then stick the code below in /usr/src/crypto/openssl/rsaref/rsaref_stubs.c and rebuild/install from /usr/src/secure/lib/librsaglue. If you then proceed to /usr/ports/security/openssh and make this change: Index: Makefile =================================================================== RCS file: /home/ncvs/ports/security/openssh/Makefile,v retrieving revision 1.45 diff -u -u -r1.45 Makefile --- Makefile 2000/02/16 04:52:59 1.45 +++ Makefile 2000/02/21 03:30:44 @@ -31,7 +31,7 @@ :pserver:anoncvs@anoncvs1.usa.openbsd.org:/cvs CRYPTOLIBS= -L${OPENSSLLIB} -lcrypto .if defined(OPENSSL_RSAREF) -CRYPTOLIBS+= -lRSAglue -L${LOCALBASE}/lib -lrsaref +CRYPTOLIBS+= -lRSAglue .endif # Here, MANDIR is concetenated to DESTDIR which all forms the man install dir... MAKE_ENV+= DESTDIR=${PREFIX} MANDIR=/man/man CRYPTOLIBS="${CRYPTOLIBS}" You'll create an ssh which either whines at you for having no librsaref.so or, if you do have one, will load and use it seamlessly. - Jordan /* * $FreeBSD$ * * Copyright (c) 2000 * Jordan Hubbard. All rights reserved. * * Stub functions for RSA code. If you link with this code, you will * get a full set of weak symbol references to the rsaref library * functions which are required by openssl. These can then be occluded * by the real rsaref library by implicitly linking with it or, failing * that, these stub functions will attempt to dlopen() the appropriate * rsaref library if it can be found in the library search path. * * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer, * verbatim and that no modifications are made prior to this * point in the file. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY JORDAN HUBBARD ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL JORDAN HUBBARD OR HIS PETS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, LIFE OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * */ #ifndef NO_RSA #include #include #define RSA_SHLIB "librsaref.so" /* be more exact if you need to */ #define VERBOSE_STUBS /* undef if you don't want missing rsaref reported */ static void * getsym(const char *sym) { static void *rsalib; static int whined; void *ret = NULL; if (!rsalib) rsalib = dlopen(RSA_SHLIB, RTLD_LAZY); if (rsalib) ret = dlsym(rsalib, sym); #ifdef VERBOSE_STUBS if (!ret && !whined) { fprintf(stderr, "** %s: Unable to find an rsaref shared library (%s).\n", sym, RSA_SHLIB); fprintf(stderr, "** Install an RSA package on your system and run this program again\n", RSA_SHLIB); whined = 1; } #endif return ret; } #pragma weak RSAPrivateDecrypt=RSAPrivateDecrypt_stub int RSAPrivateDecrypt_stub(unsigned char *output, unsigned int *outlen, unsigned char *input, int inputlen, void *RSAkey) { static int (*sym)(unsigned char *, unsigned int *, unsigned char *, int, void *); if (sym || (sym = getsym("RSAPrivateDecrypt"))) return sym(output, outlen, input, inputlen, RSAkey); return 0; } #pragma weak RSAPrivateEncrypt=RSAPrivateEncrypt_stub int RSAPrivateEncrypt_stub(unsigned char *output, unsigned int *outlen, unsigned char *input, int inputlen, void *RSAkey) { static int (*sym)(unsigned char *, unsigned int *, unsigned char *, int, void *); if (sym || (sym = getsym("RSAPrivateEncrypt"))) return sym(output, outlen, input, inputlen, RSAkey); return 0; } #pragma weak RSAPublicDecrypt=RSAPublicDecrypt_stub int RSAPublicDecrypt_stub(unsigned char *output, unsigned int *outlen, unsigned char *input, int inputlen, void *RSAkey) { static int (*sym)(unsigned char *, unsigned int *, unsigned char *, int, void *); if (sym || (sym = getsym("RSAPublicDecrypt"))) return sym(output, outlen, input, inputlen, RSAkey); return 0; } #pragma weak RSAPublicEncrypt=RSAPublicEncrypt_stub int RSAPublicEncrypt_stub(unsigned char *output, unsigned int *outlen, unsigned char *input, int inputlen, void *RSAkey, void *randomStruct) { static int (*sym)(unsigned char *, unsigned int *, unsigned char *, int, void *, void *); if (sym || (sym = getsym("RSAPublicEncrypt"))) return sym(output, outlen, input, inputlen, RSAkey, randomStruct); return 0; } #pragma weak R_GetRandomBytesNeeded=R_GetRandomBytesNeeded_stub int R_GetRandomBytesNeeded_stub(unsigned int *bytesNeeded, void *randomStruct) { static int (*sym)(unsigned int *, void *); if (sym || (sym = getsym("R_GetRandomBytesNeeded"))) return sym(bytesNeeded, randomStruct); return 0; } #pragma weak R_RandomFinal=R_RandomFinal_stub void R_RandomFinal_stub(void *randomStruct) { static void (*sym)(void *); if (sym || (sym = getsym("R_RandomFinal"))) sym(randomStruct); } #pragma weak R_RandomInit=R_RandomInit_stub int R_RandomInit_stub(void *randomStruct) { static int (*sym)(void *); if (sym || (sym = getsym("R_RandomInit"))) sym(randomStruct); } #pragma weak R_RandomUpdate=R_RandomUpdate_stub int R_RandomUpdate_stub(void *randomStruct, unsigned char *block, unsigned int blockLen) { static int (*sym)(void *, unsigned char *, unsigned int); if (sym || (sym = getsym("R_RandomUpdate"))) sym(randomStruct, block, blockLen); } #endif /* NO_RSA */ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message