From owner-svn-ports-head@freebsd.org Fri Mar 19 02:16:31 2021 Return-Path: Delivered-To: svn-ports-head@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 9DA165B4034; Fri, 19 Mar 2021 02:16:31 +0000 (UTC) (envelope-from danfe@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4F1nZR45Shz3L9f; Fri, 19 Mar 2021 02:16:31 +0000 (UTC) (envelope-from danfe@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 74D215084; Fri, 19 Mar 2021 02:16:31 +0000 (UTC) (envelope-from danfe@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 12J2GVH9001969; Fri, 19 Mar 2021 02:16:31 GMT (envelope-from danfe@FreeBSD.org) Received: (from danfe@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id 12J2GUEM001966; Fri, 19 Mar 2021 02:16:30 GMT (envelope-from danfe@FreeBSD.org) Message-Id: <202103190216.12J2GUEM001966@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: danfe set sender to danfe@FreeBSD.org using -f From: Alexey Dokuchaev Date: Fri, 19 Mar 2021 02:16:30 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r568770 - in head/security/pvk: . files X-SVN-Group: ports-head X-SVN-Commit-Author: danfe X-SVN-Commit-Paths: in head/security/pvk: . files X-SVN-Commit-Revision: 568770 X-SVN-Commit-Repository: ports MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-head@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: SVN commit messages for the ports tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 19 Mar 2021 02:16:31 -0000 Author: danfe Date: Fri Mar 19 02:16:30 2021 New Revision: 568770 URL: https://svnweb.freebsd.org/changeset/ports/568770 Log: - Unbreak the build against modern OpenSSL versions and also on 64-bit architectures by using explicit 32-bit `int' types instead of `long' which length is not constant (machine/compiler-dependent) - Don't patch and then sed(1)-patch the Makefile, just pass the needed header files and library paths via MAKE_ARGS - Install documentation in the dedicated DOCS option helper target - Convert two-line pkg-plist into PLIST_FILES and PORTDOCS - Provide fallback distfile download locations Tested on: i386, amd64 Added: head/security/pvk/files/patch-pvk.h (contents, props changed) head/security/pvk/files/patch-pvkread.c (contents, props changed) head/security/pvk/files/patch-pvkwrite.c (contents, props changed) Deleted: head/security/pvk/files/patch-Makefile head/security/pvk/pkg-plist Modified: head/security/pvk/Makefile Modified: head/security/pvk/Makefile ============================================================================== --- head/security/pvk/Makefile Fri Mar 19 02:04:26 2021 (r568769) +++ head/security/pvk/Makefile Fri Mar 19 02:16:30 2021 (r568770) @@ -3,8 +3,11 @@ PORTNAME= pvk PORTVERSION= 20070406 +PORTREVISION= 1 CATEGORIES= security -MASTER_SITES= http://www.drh-consultancy.demon.co.uk/ +MASTER_SITES= http://www.drh-consultancy.demon.co.uk/ \ + http://vault.101011010.xyz/distfiles/ \ + http://freebsd.nsu.ru/distfiles/ DISTNAME= pvksrc EXTRACT_SUFX= .tgz.bin @@ -12,25 +15,20 @@ MAINTAINER= sobomax@FreeBSD.org COMMENT= Tool to convert a RSA key in PEM format into a PVK file and vice versa USES= ssl -CFLAGS+= -I${OPENSSLINC} -LDFLAGS+= -L${OPENSSLLIB} +MAKE_ARGS= SSLINC=${OPENSSLINC} SSLLIB=${OPENSSLLIB} NO_WRKSUBDIR= yes -.include +PLIST_FILES= bin/pvk +PORTDOCS= README -.if ${SSL_DEFAULT} == base -BROKEN_FreeBSD_12= variable has incomplete type 'EVP_MD_CTX' (aka 'struct evp_md_ctx_st') -BROKEN_FreeBSD_13= variable has incomplete type 'EVP_MD_CTX' (aka 'struct evp_md_ctx_st') -.endif +OPTIONS_DEFINE= DOCS -post-patch: - ${REINPLACE_CMD} -e 's|\(-lcrypto\)|$$(LDFLAGS) \1|g' \ - ${WRKSRC}/Makefile - do-install: ${INSTALL_PROGRAM} ${WRKSRC}/pvk ${STAGEDIR}${PREFIX}/bin - ${MKDIR} ${STAGEDIR}${DOCSDIR} + +do-install-DOCS-on: + @${MKDIR} ${STAGEDIR}${DOCSDIR} ${INSTALL_DATA} ${WRKSRC}/README ${STAGEDIR}${DOCSDIR} -.include +.include Added: head/security/pvk/files/patch-pvk.h ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/pvk/files/patch-pvk.h Fri Mar 19 02:16:30 2021 (r568770) @@ -0,0 +1,37 @@ +--- pvk.h.orig 2001-04-10 12:00:08 UTC ++++ pvk.h +@@ -77,18 +77,18 @@ extern "C" { + /* PVK file information */ + + typedef struct { +-long magic; +-long res; +-long keytype; +-long crypt; +-long saltlen; +-long keylen; ++int32_t magic; ++int32_t res; ++int32_t keytype; ++int32_t crypt; ++int32_t saltlen; ++int32_t keylen; + int encr; + unsigned char *salt; + unsigned char btype; + unsigned char version; + unsigned short reserved; +-unsigned long keyalg; ++uint32_t keyalg; + unsigned char *key; + } PVK_DAT; + +@@ -116,7 +116,7 @@ RSA *pvk2rsa (PVK_DAT *pvk); + int pvk_read(BIO *in, PVK_DAT *pvk); + int pvk_write(BIO *out, PVK_DAT *pvk); + int pvk_encrypt (PVK_DAT *pvk, char *pass, int encr); +-int rsa2pvk (RSA *rsa, PVK_DAT *pvk, unsigned long alg); ++int rsa2pvk (RSA *rsa, PVK_DAT *pvk, uint32_t alg); + + /* BEGIN ERROR CODES */ + /* The following lines are auto generated by the script mkerr.pl. Any changes Added: head/security/pvk/files/patch-pvkread.c ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/pvk/files/patch-pvkread.c Fri Mar 19 02:16:30 2021 (r568770) @@ -0,0 +1,137 @@ +--- pvkread.c.orig 2000-07-03 00:02:30 UTC ++++ pvkread.c +@@ -64,10 +64,10 @@ + #include "pvk.h" + + static int read_word(BIO *in, unsigned short *dat); +-static int read_dword(BIO *in, unsigned long *dat); +-static unsigned long get_dword(unsigned char **p); ++static int read_dword(BIO *in, uint32_t *dat); ++static uint32_t get_dword(unsigned char **p); + static BIGNUM *lend2BN(unsigned char **nptr, int len); +-static int scan_magic(BIO *in, unsigned long *magic); ++static int scan_magic(BIO *in, uint32_t *magic); + + static int read_word(BIO *in, unsigned short *dat) + { +@@ -77,7 +77,7 @@ static int read_word(BIO *in, unsigned short *dat) + return 1; + } + +-static int read_dword(BIO *in, unsigned long *dat) ++static int read_dword(BIO *in, uint32_t *dat) + { + unsigned char buf[4]; + if (BIO_read(in, buf, 4) != 4) return 0; +@@ -85,9 +85,9 @@ static int read_dword(BIO *in, unsigned long *dat) + return 1; + } + +-static unsigned long get_dword(unsigned char **p) ++static uint32_t get_dword(unsigned char **p) + { +- unsigned long ret; ++ uint32_t ret; + unsigned char *buf; + buf = *p; + ret = buf[0] + (buf[1] << 8) + (buf[2] << 16) + (buf[3] << 24); +@@ -95,7 +95,7 @@ static unsigned long get_dword(unsigned char **p) + return ret; + } + +-static int scan_magic(BIO *in, unsigned long *magic) ++static int scan_magic(BIO *in, uint32_t *magic) + { + int i; + char dummy[4]; +@@ -157,8 +157,8 @@ int pvk_read(BIO *in, PVK_DAT *pvk) + + int pvk_decrypt(PVK_DAT *pvk, char *pass) + { +- EVP_MD_CTX ctx; +- EVP_CIPHER_CTX cctx; ++ EVP_MD_CTX *ctx; ++ EVP_CIPHER_CTX *cctx; + unsigned char *buf; + unsigned char tmpkey[EVP_MAX_KEY_LENGTH]; + int outlen; +@@ -171,18 +171,21 @@ int pvk_decrypt(PVK_DAT *pvk, char *pass) + PVKerr(PVK_F_PVK_DECRYPT,ERR_R_MALLOC_FAILURE); + return 0; + } +- EVP_DigestInit(&ctx, EVP_sha1()); +- EVP_DigestUpdate(&ctx, pvk->salt, pvk->saltlen); +- EVP_DigestUpdate(&ctx, pass, strlen(pass)); +- EVP_DigestFinal(&ctx, tmpkey, NULL); +- EVP_DecryptInit(&cctx, EVP_rc4(), tmpkey, NULL); +- EVP_DecryptUpdate(&cctx, buf, &outlen, pvk->key, pvk->keylen); ++ ctx = EVP_MD_CTX_new(); ++ EVP_DigestInit(ctx, EVP_sha1()); ++ EVP_DigestUpdate(ctx, pvk->salt, pvk->saltlen); ++ EVP_DigestUpdate(ctx, pass, strlen(pass)); ++ EVP_DigestFinal(ctx, tmpkey, NULL); ++ EVP_MD_CTX_free(ctx); ++ cctx = EVP_CIPHER_CTX_new(); ++ EVP_DecryptInit(cctx, EVP_rc4(), tmpkey, NULL); ++ EVP_DecryptUpdate(cctx, buf, &outlen, pvk->key, pvk->keylen); + if(strncmp(buf, "RSA2", 4)) { + /* Didn't work: try weak encryption */ + memset(tmpkey+5, 0, 11); +- EVP_DecryptFinal(&cctx, buf + outlen, &outlen); +- EVP_DecryptInit(&cctx, EVP_rc4(), tmpkey, NULL); +- EVP_DecryptUpdate(&cctx, buf, &outlen, pvk->key, pvk->keylen); ++ EVP_DecryptFinal(cctx, buf + outlen, &outlen); ++ EVP_DecryptInit(cctx, EVP_rc4(), tmpkey, NULL); ++ EVP_DecryptUpdate(cctx, buf, &outlen, pvk->key, pvk->keylen); + if(strncmp(buf, "RSA2", 4)) { + PVKerr(PVK_F_PVK_DECRYPT,PVK_R_DECRYPT_ERROR); + OPENSSL_free(buf); +@@ -190,7 +193,8 @@ int pvk_decrypt(PVK_DAT *pvk, char *pass) + } else pvk->encr = PVK_WEAK; + } else pvk->encr = PVK_STRONG; + /* Not needed but do it to cleanup */ +- EVP_DecryptFinal(&cctx, buf + outlen, &outlen); ++ EVP_DecryptFinal(cctx, buf + outlen, &outlen); ++ EVP_CIPHER_CTX_free(cctx); + OPENSSL_free(pvk->key); + pvk->key = buf; + memset(tmpkey, 0, EVP_MAX_KEY_LENGTH); +@@ -203,6 +207,7 @@ RSA *pvk2rsa (PVK_DAT *pvk) + RSA *rsa; + unsigned char *keytmp; + int pubexp, keylen, pvklen; ++ BIGNUM *e, *n, *p, *q, *dmp1, *dmq1, *iqmp, *d; + rsa = RSA_new(); + if (!rsa) return NULL; + keytmp = pvk->key + 4; +@@ -216,15 +221,21 @@ RSA *pvk2rsa (PVK_DAT *pvk) + + if (pvklen < ((keylen/2)* 9)) goto err; + +- if(!(rsa->e = BN_new ())) goto err; +- BN_set_word (rsa->e, pubexp); +- if(!(rsa->n = lend2BN (&keytmp, keylen))) goto err; +- if(!(rsa->p = lend2BN (&keytmp, keylen/2))) goto err; +- if(!(rsa->q = lend2BN (&keytmp, keylen/2))) goto err; +- if(!(rsa->dmp1 = lend2BN (&keytmp, keylen/2))) goto err; +- if(!(rsa->dmq1 = lend2BN (&keytmp, keylen/2))) goto err; +- if(!(rsa->iqmp = lend2BN (&keytmp, keylen/2))) goto err; +- if(!(rsa->d = lend2BN (&keytmp, keylen))) goto err; ++ if (!(e = BN_new())) goto err; ++ BN_set_word (e, pubexp); ++ ++ if(!(n = lend2BN (&keytmp, keylen))) goto err; ++ if(!(p = lend2BN (&keytmp, keylen/2))) goto err; ++ if(!(q = lend2BN (&keytmp, keylen/2))) goto err; ++ if(!(dmp1 = lend2BN (&keytmp, keylen/2))) goto err; ++ if(!(dmq1 = lend2BN (&keytmp, keylen/2))) goto err; ++ if(!(iqmp = lend2BN (&keytmp, keylen/2))) goto err; ++ if(!(d = lend2BN (&keytmp, keylen))) goto err; ++ ++ RSA_set0_key(rsa, n, e, d); ++ RSA_set0_factors(rsa, p, q); ++ RSA_set0_crt_params(rsa, dmp1, dmq1, iqmp); ++ + return rsa; + err: + PVKerr(PVK_F_PVK2RSA,PVK_R_INVALID_PRIVATE_KEY_FORMAT); Added: head/security/pvk/files/patch-pvkwrite.c ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/pvk/files/patch-pvkwrite.c Fri Mar 19 02:16:30 2021 (r568770) @@ -0,0 +1,119 @@ +--- pvkwrite.c.orig 2000-07-03 00:02:30 UTC ++++ pvkwrite.c +@@ -73,7 +73,7 @@ static int write_word(BIO *out, unsigned short dat) + return 1; + } + +-static int write_dword(BIO *out, unsigned long dat) ++static int write_dword(BIO *out, uint32_t dat) + { + unsigned char buf[4]; + buf[0] = dat & 0xff; +@@ -84,7 +84,7 @@ static int write_dword(BIO *out, unsigned long dat) + return 1; + } + +-static void put_dword(unsigned char **p, unsigned long dat) ++static void put_dword(unsigned char **p, uint32_t dat) + { + unsigned char *buf; + buf = *p; +@@ -125,8 +125,8 @@ int pvk_write(BIO *out, PVK_DAT *pvk) + + int pvk_encrypt(PVK_DAT *pvk, char *pass, int encr) + { +- EVP_MD_CTX ctx; +- EVP_CIPHER_CTX cctx; ++ EVP_MD_CTX *ctx; ++ EVP_CIPHER_CTX *cctx; + unsigned char *buf; + unsigned char tmpkey[EVP_MAX_KEY_LENGTH]; + int outlen; +@@ -141,17 +141,21 @@ int pvk_encrypt(PVK_DAT *pvk, char *pass, int encr) + PVKerr(PVK_F_PVK_ENCRYPT,ERR_R_MALLOC_FAILURE); + return 0; + } +- EVP_DigestInit(&ctx, EVP_sha1()); +- EVP_DigestUpdate(&ctx, pvk->salt, pvk->saltlen); +- EVP_DigestUpdate(&ctx, pass, strlen(pass)); +- EVP_DigestFinal(&ctx, tmpkey, NULL); ++ ctx = EVP_MD_CTX_new(); ++ EVP_DigestInit(ctx, EVP_sha1()); ++ EVP_DigestUpdate(ctx, pvk->salt, pvk->saltlen); ++ EVP_DigestUpdate(ctx, pass, strlen(pass)); ++ EVP_DigestFinal(ctx, tmpkey, NULL); ++ EVP_MD_CTX_free(ctx); + + if(encr == PVK_WEAK) memset(tmpkey + 5, 0, 11); + +- EVP_EncryptInit(&cctx, EVP_rc4(), tmpkey, NULL); +- EVP_EncryptUpdate(&cctx, buf, &outlen, pvk->key, pvk->keylen); ++ cctx = EVP_CIPHER_CTX_new(); ++ EVP_EncryptInit(cctx, EVP_rc4(), tmpkey, NULL); ++ EVP_EncryptUpdate(cctx, buf, &outlen, pvk->key, pvk->keylen); + /* Not needed but do it to cleanup */ +- EVP_EncryptFinal(&cctx, buf + outlen, &outlen); ++ EVP_EncryptFinal(cctx, buf + outlen, &outlen); ++ EVP_CIPHER_CTX_free(cctx); + OPENSSL_free(pvk->key); + pvk->key = buf; + pvk->crypt = 1; +@@ -161,7 +165,7 @@ int pvk_encrypt(PVK_DAT *pvk, char *pass, int encr) + } + + /* Convert bignum to little endian format */ +-static int BN2lend (BIGNUM *num, unsigned char *p) ++static int BN2lend (const BIGNUM *num, unsigned char *p) + { + int nbyte, i; + unsigned char c; +@@ -178,7 +182,7 @@ static int BN2lend (BIGNUM *num, unsigned char *p) + + /* Convert RSA key into PVK structure */ + +-int rsa2pvk(RSA *rsa, PVK_DAT *pvk, unsigned long alg) ++int rsa2pvk(RSA *rsa, PVK_DAT *pvk, uint32_t alg) + { + int numbytes; + unsigned char *p; +@@ -202,7 +206,7 @@ int rsa2pvk(RSA *rsa, PVK_DAT *pvk, unsigned long alg) + else if(pvk->keyalg == RSA_SIG) pvk->keytype = PVK_SIG; + + /* Set up a private key blob */ +- numbytes = BN_num_bytes (rsa->n); ++ numbytes = BN_num_bytes (RSA_get0_n(rsa)); + /* Allocate enough room for blob */ + if (!(pvk->key = calloc(1, 12 + numbytes * 5))) { + PVKerr(PVK_F_RSA2PVK,ERR_R_MALLOC_FAILURE); +@@ -216,23 +220,23 @@ int rsa2pvk(RSA *rsa, PVK_DAT *pvk, unsigned long alg) + p+= 4; + + put_dword(&p, numbytes << 3); /* Number of bits */ +- put_dword(&p, BN_get_word(rsa->e)); /* Public exponent */ ++ put_dword(&p, BN_get_word(RSA_get0_e(rsa))); /* Public exponent */ + + /* Convert each element */ + +- BN2lend (rsa->n, p); ++ BN2lend (RSA_get0_n(rsa), p); + p += numbytes; +- BN2lend (rsa->p, p); ++ BN2lend (RSA_get0_p(rsa), p); + p += numbytes/2; +- BN2lend (rsa->q, p); ++ BN2lend (RSA_get0_q(rsa), p); + p += numbytes/2; +- BN2lend (rsa->dmp1, p); ++ BN2lend (RSA_get0_dmp1(rsa), p); + p += numbytes/2; +- BN2lend (rsa->dmq1, p); ++ BN2lend (RSA_get0_dmq1(rsa), p); + p += numbytes/2; +- BN2lend (rsa->iqmp,p); ++ BN2lend (RSA_get0_iqmp(rsa), p); + p += numbytes/2; +- BN2lend (rsa->d, p); ++ BN2lend (RSA_get0_d(rsa), p); + p += numbytes; + pvk->keylen = p - pvk->key + 8; + RAND_seed(pvk->key, pvk->keylen);