Date: Sun, 17 Mar 2019 11:28:18 +0000 (UTC) From: Hiroki Sato <hrs@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r496045 - in head/net-mgmt/send: . files Message-ID: <201903171128.x2HBSIX1007145@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: hrs Date: Sun Mar 17 11:28:18 2019 New Revision: 496045 URL: https://svnweb.freebsd.org/changeset/ports/496045 Log: Fix build with OpenSSL 1.1.x. Added: head/net-mgmt/send/files/patch-include-pkixip_ext.h (contents, props changed) head/net-mgmt/send/files/patch-libs-libcga-cga_keyutils.c (contents, props changed) head/net-mgmt/send/files/patch-libs-libcga-cga_mt.c (contents, props changed) head/net-mgmt/send/files/patch-libs-libpkixipext-asn1.c (contents, props changed) head/net-mgmt/send/files/patch-libs-libpkixipext-pkixip_ext_gram.y (contents, props changed) head/net-mgmt/send/files/patch-libs-libpkixipext-util.c (contents, props changed) head/net-mgmt/send/files/patch-libs-libpkixipext-ver.c (contents, props changed) head/net-mgmt/send/files/patch-libs-libpkixipext-x509.c (contents, props changed) head/net-mgmt/send/files/patch-sendd-cert.c (contents, props changed) head/net-mgmt/send/files/patch-sendd-cpa.c (contents, props changed) head/net-mgmt/send/files/patch-sendd-openssl.c (contents, props changed) head/net-mgmt/send/files/patch-sendd-sig_rfc3971.c (contents, props changed) head/net-mgmt/send/files/patch-sendd-snd_proto.h (contents, props changed) Modified: head/net-mgmt/send/Makefile head/net-mgmt/send/distinfo head/net-mgmt/send/files/patch-Makefile.install head/net-mgmt/send/files/patch-include-cga_keyutils.h head/net-mgmt/send/files/patch-include-pkixip_ext_asn.h head/net-mgmt/send/files/patch-libs-Makefile.lib.common head/net-mgmt/send/files/patch-sendd-Makefile head/net-mgmt/send/files/patch-sendd-os-Makefile Modified: head/net-mgmt/send/Makefile ============================================================================== --- head/net-mgmt/send/Makefile Sun Mar 17 10:46:05 2019 (r496044) +++ head/net-mgmt/send/Makefile Sun Mar 17 11:28:18 2019 (r496045) @@ -3,10 +3,9 @@ PORTNAME= send PORTVERSION= 0.3 +DISTVERSIONPREFIX= v PORTREVISION= 2 CATEGORIES= net-mgmt ipv6 -MASTER_SITES= LOCAL/hrs -DISTNAME= ${PORTNAME}_${PORTVERSION} MAINTAINER= hrs@FreeBSD.org COMMENT= Secure Neighbor Discovery implementation for IPv6 @@ -17,7 +16,11 @@ LICENSE_FILE= ${WRKSRC}/LICENSE LIB_DEPENDS= libdnet.so:net/libdnet USES= gmake readline ssl +USE_GITHUB= yes +GH_ACCOUNT= hrs-allbsd +GH_PROJECT= send USE_RC_SUBR= sendd + SUB_FILES= pkg-message PORTDOCS= README UserGuide.pdf MAKE_JOBS_UNSAFE=yes Modified: head/net-mgmt/send/distinfo ============================================================================== --- head/net-mgmt/send/distinfo Sun Mar 17 10:46:05 2019 (r496044) +++ head/net-mgmt/send/distinfo Sun Mar 17 11:28:18 2019 (r496045) @@ -1,2 +1,3 @@ -SHA256 (send_0.3.tar.gz) = abe217c24f8f711124da74eb24342ee27a195e8102bed3e60d426607532ff76b -SIZE (send_0.3.tar.gz) = 1272983 +TIMESTAMP = 1551288169 +SHA256 (hrs-allbsd-send-v0.3_GH0.tar.gz) = 527542b24fa2009e0cc99a85fd423215782ced69c427454727172745c7fbae92 +SIZE (hrs-allbsd-send-v0.3_GH0.tar.gz) = 1313559 Modified: head/net-mgmt/send/files/patch-Makefile.install ============================================================================== --- head/net-mgmt/send/files/patch-Makefile.install Sun Mar 17 10:46:05 2019 (r496044) +++ head/net-mgmt/send/files/patch-Makefile.install Sun Mar 17 11:28:18 2019 (r496045) @@ -1,5 +1,5 @@ ---- Makefile.install.orig 2010-08-28 17:58:05.000000000 +0900 -+++ Makefile.install 2014-08-20 04:27:44.000000000 +0900 +--- Makefile.install.orig 2019-02-27 16:25:45 UTC ++++ Makefile.install @@ -1,9 +1,9 @@ -INSSBIN= $(PREFIXSBIN)/$(PROG) +INSSBIN= $(DESTDIR)$(PREFIXSBIN)/$(PROG) Modified: head/net-mgmt/send/files/patch-include-cga_keyutils.h ============================================================================== --- head/net-mgmt/send/files/patch-include-cga_keyutils.h Sun Mar 17 10:46:05 2019 (r496044) +++ head/net-mgmt/send/files/patch-include-cga_keyutils.h Sun Mar 17 11:28:18 2019 (r496045) @@ -1,5 +1,5 @@ ---- include/cga_keyutils.h.orig 2010-08-28 17:58:02.000000000 +0900 -+++ include/cga_keyutils.h 2014-08-30 01:53:41.000000000 +0900 +--- include/cga_keyutils.h.orig 2019-02-27 16:25:45 UTC ++++ include/cga_keyutils.h @@ -36,6 +36,9 @@ #include <openssl/x509.h> #include <openssl/evp.h> Added: head/net-mgmt/send/files/patch-include-pkixip_ext.h ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/net-mgmt/send/files/patch-include-pkixip_ext.h Sun Mar 17 11:28:18 2019 (r496045) @@ -0,0 +1,33 @@ +--- include/pkixip_ext.h.orig 2019-02-27 16:25:45 UTC ++++ include/pkixip_ext.h +@@ -47,14 +47,30 @@ struct pkixip_config { + char *certfile; + }; + ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + extern int pkixip_aor_cmp(const char * const *, const char * const *); + extern int pkixip_ipf_cmp(const char * const *, const char * const *); ++#else ++extern int pkixip_aor_cmp(const IPAddressOrRange * const *, ++ const IPAddressOrRange * const *); ++extern int pkixip_ipf_cmp(const IPAddressFamily * const *, ++ const IPAddressFamily * const *); ++#endif + + extern int pkixip_add2stores_cert(X509 *); + extern int pkixip_add2stores_file(const char *); ++ ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + extern int pkixip_add_store(int *, int (*cmp)(X509_OBJECT **, X509_OBJECT **)); ++#else ++extern int pkixip_add_store(int *, int (*cmp)(const X509_OBJECT * const *, const X509_OBJECT * const *)); ++#endif + extern void *pkixip_find_cert(void *, int); ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + extern STACK *pkixip_get_mychain(void); ++#else ++extern STACK_OF(X509_OBJECT) *pkixip_get_mychain(void); ++#endif + extern X509_STORE_CTX *pkixip_get_store_ctx(void); + extern int pkixip_has_ext(X509 *x); + extern X509 *pkixip_load_cert(const char *); Modified: head/net-mgmt/send/files/patch-include-pkixip_ext_asn.h ============================================================================== --- head/net-mgmt/send/files/patch-include-pkixip_ext_asn.h Sun Mar 17 10:46:05 2019 (r496044) +++ head/net-mgmt/send/files/patch-include-pkixip_ext_asn.h Sun Mar 17 11:28:18 2019 (r496045) @@ -1,4 +1,4 @@ ---- include/pkixip_ext_asn.h.orig 2010-08-28 08:58:02 UTC +--- include/pkixip_ext_asn.h.orig 2019-02-27 16:25:45 UTC +++ include/pkixip_ext_asn.h @@ -33,7 +33,12 @@ #ifndef _PKIXIP_EXT_ASN_H @@ -31,4 +31,3 @@ #define IP_AOR_PREFIX 0 #define IP_AOR_RANGE 1 - Modified: head/net-mgmt/send/files/patch-libs-Makefile.lib.common ============================================================================== --- head/net-mgmt/send/files/patch-libs-Makefile.lib.common Sun Mar 17 10:46:05 2019 (r496044) +++ head/net-mgmt/send/files/patch-libs-Makefile.lib.common Sun Mar 17 11:28:18 2019 (r496045) @@ -1,5 +1,5 @@ ---- libs/Makefile.lib.common.orig 2014-08-20 04:21:08.000000000 +0900 -+++ libs/Makefile.lib.common 2014-08-20 04:21:27.000000000 +0900 +--- libs/Makefile.lib.common.orig 2019-02-27 16:25:45 UTC ++++ libs/Makefile.lib.common @@ -1,5 +1,5 @@ -CFLAGS += -Wall -O3 Added: head/net-mgmt/send/files/patch-libs-libcga-cga_keyutils.c ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/net-mgmt/send/files/patch-libs-libcga-cga_keyutils.c Sun Mar 17 11:28:18 2019 (r496045) @@ -0,0 +1,19 @@ +--- libs/libcga/cga_keyutils.c.orig 2019-02-27 16:25:45 UTC ++++ libs/libcga/cga_keyutils.c +@@ -45,6 +45,7 @@ + #include <pthread.h> + #include <openssl/err.h> + #include <openssl/pem.h> ++#include <openssl/x509.h> + + #include "config.h" + #include <applog.h> +@@ -80,7 +81,7 @@ cga_load_cert(cga_ctx_t *cga, const char *f) + goto fail; + } + +- k = X509_PUBKEY_get(x->cert_info->key); ++ k = X509_PUBKEY_get(X509_get_X509_PUBKEY(x)); + + if (cga->key && cga->free_key) { + free(cga->key); Added: head/net-mgmt/send/files/patch-libs-libcga-cga_mt.c ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/net-mgmt/send/files/patch-libs-libcga-cga_mt.c Sun Mar 17 11:28:18 2019 (r496045) @@ -0,0 +1,54 @@ +--- libs/libcga/cga_mt.c.orig 2019-02-27 16:25:45 UTC ++++ libs/libcga/cga_mt.c +@@ -77,10 +77,10 @@ SPIN(void) + static int + add_mod(uint8_t *m, uint32_t s) + { +- BIGNUM bn[1], *bnp; ++ BIGNUM *bn, *bnp; + int blen; + +- BN_init(bn); ++ bn = BN_new(); + if ((bnp = BN_bin2bn(m, CGA_MODLEN, bn)) == NULL) { + ssl_err(__FUNCTION__, "BN_bin2bin failed"); + return (-1); +@@ -88,6 +88,7 @@ add_mod(uint8_t *m, uint32_t s) + BN_add_word(bnp, s); + blen = BN_num_bytes(bnp); + BN_bn2bin(bnp, m + (CGA_MODLEN - blen)); ++ BN_free(bn); + + return (0); + } +@@ -177,12 +178,16 @@ done: + static void + opssec(struct timeval *start, uint8_t *startmod) + { +- BIGNUM sm[1], em[1], ops[1], t[1], dv[1]; ++ BIGNUM *sm, *em, *ops, *t, *dv; + BN_CTX *bc; + struct timeval tv[1]; + char *dec; + +- BN_init(sm); BN_init(em); BN_init(ops); BN_init(t); BN_init(dv); ++ sm = BN_new(); ++ em = BN_new(); ++ ops = BN_new(); ++ t = BN_new(); ++ dv = BN_new(); + BN_bin2bn(startmod, CGA_MODLEN, sm); + BN_bin2bn(state->mod, CGA_MODLEN, em); + BN_sub(ops, em, sm); +@@ -210,6 +215,11 @@ opssec(struct timeval *start, uint8_t *startmod) + + OPENSSL_free(dec); + BN_CTX_free(bc); ++ BN_free(sm); ++ BN_free(em); ++ BN_free(ops); ++ BN_free(t); ++ BN_free(dv); + } + + void Added: head/net-mgmt/send/files/patch-libs-libpkixipext-asn1.c ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/net-mgmt/send/files/patch-libs-libpkixipext-asn1.c Sun Mar 17 11:28:18 2019 (r496045) @@ -0,0 +1,25 @@ +--- libs/libpkixipext/asn1.c.orig 2019-02-27 16:25:45 UTC ++++ libs/libpkixipext/asn1.c +@@ -187,9 +187,8 @@ i2v_IPAddressChoice(X509V3_EXT_METHOD *method, IPAddre + break; + case IPA_CHOICE_AOR: + X509V3_add_value(" Prefix or Range", NULL, &extlist); +- for (i = 0; i < sk_num(ipc->u.addressesOrRanges); i++) { +- aor = (IPAddressOrRange *) +- sk_value(ipc->u.addressesOrRanges, i); ++ for (i = 0; i < sk_IPAddressOrRange_num(ipc->u.addressesOrRanges); i++) { ++ aor = sk_IPAddressOrRange_value(ipc->u.addressesOrRanges, i); + i2v_IPAddressOrRange(method, aor, extlist, af); + } + break; +@@ -265,8 +264,8 @@ i2v_IPAddrBlocks(X509V3_EXT_METHOD *method, IPAddrBloc + return (NULL); + } + +- for (i = 0; i < sk_num(ipb); i++) { +- ipf = (IPAddressFamily *)sk_value(ipb, i); ++ for (i = 0; i < sk_IPAddressFamily_num(ipb); i++) { ++ ipf = sk_IPAddressFamily_value(ipb, i); + i2v_IPAddressFamily(method, ipf, extlist); + } + Added: head/net-mgmt/send/files/patch-libs-libpkixipext-pkixip_ext_gram.y ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/net-mgmt/send/files/patch-libs-libpkixipext-pkixip_ext_gram.y Sun Mar 17 11:28:18 2019 (r496045) @@ -0,0 +1,31 @@ +--- libs/libpkixipext/pkixip_ext_gram.y.orig 2019-02-27 16:25:45 UTC ++++ libs/libpkixipext/pkixip_ext_gram.y +@@ -350,7 +350,7 @@ new_aor(void) + + if (!ipc->u.addressesOrRanges && + !(ipc->u.addressesOrRanges = +- sk_new(pkixip_aor_cmp))) { ++ sk_IPAddressOrRange_new(pkixip_aor_cmp))) { + applog(LOG_CRIT, "no memory"); + return (-1); + } +@@ -361,7 +361,7 @@ new_aor(void) + applog(LOG_CRIT, "%s: no memory", __FUNCTION__); + return (-1); + } +- if (!sk_push(ipc->u.addressesOrRanges, (char *)aor)) { ++ if (!sk_IPAddressOrRange_push(ipc->u.addressesOrRanges, (char *)aor)) { + applog(LOG_CRIT, "sk_push() failed"); + return (-1); + } +@@ -459,8 +459,8 @@ af_already_exists(void) + int i; + IPAddressFamily *e_ipf; + +- for (i = 0; i < sk_num(parse_ipb); i++) { +- e_ipf = (IPAddressFamily *)sk_value(parse_ipb, i); ++ for (i = 0; i < sk_IPAddressFamily_num(parse_ipb); i++) { ++ e_ipf = sk_IPAddressFamily_value(parse_ipb, i); + if (af_match(ipf, e_ipf)) { + return (1); + } Added: head/net-mgmt/send/files/patch-libs-libpkixipext-util.c ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/net-mgmt/send/files/patch-libs-libpkixipext-util.c Sun Mar 17 11:28:18 2019 (r496045) @@ -0,0 +1,30 @@ +--- libs/libpkixipext/util.c.orig 2019-02-27 16:25:45 UTC ++++ libs/libpkixipext/util.c +@@ -37,8 +37,13 @@ + #include "config.h" + #include "pkixip_ext_asn.h" + ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + int + pkixip_aor_cmp(const char * const *a1, const char * const *a2) ++#else ++int ++pkixip_aor_cmp(const IPAddressOrRange * const *a1, const IPAddressOrRange * const *a2) ++#endif + { + int by1, by2, bi1, bi2, bytes, bits; + uint8_t *d1, *d2, x1, x2, mask; +@@ -119,8 +124,13 @@ pkixip_aor_cmp(const char * const *a1, const char * co + return (0); + } + ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + int + pkixip_ipf_cmp(const char * const *a1, const char * const *a2) ++#else ++int ++pkixip_ipf_cmp(const IPAddressFamily * const *a1, const IPAddressFamily * const *a2) ++#endif + { + IPAddressFamily *ipf1 = (IPAddressFamily *)*a1; + IPAddressFamily *ipf2 = (IPAddressFamily *)*a2; Added: head/net-mgmt/send/files/patch-libs-libpkixipext-ver.c ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/net-mgmt/send/files/patch-libs-libpkixipext-ver.c Sun Mar 17 11:28:18 2019 (r496045) @@ -0,0 +1,240 @@ +--- libs/libpkixipext/ver.c.orig 2019-02-27 16:25:45 UTC ++++ libs/libpkixipext/ver.c +@@ -101,11 +101,15 @@ static int + in_range(ASN1_BIT_STRING *min1, ASN1_BIT_STRING *max1, ASN1_BIT_STRING *min2, + ASN1_BIT_STRING *max2, int af) + { +- BIGNUM bpmin[1], bpmax[1], bmin[1], bmax[1]; +- int alen, len, bits; ++ BIGNUM *bpmin, *bpmax, *bmin, *bmax; ++ int alen, len, bits, ret; + uint8_t mask, buf[sizeof (struct in6_addr)]; + +- BN_init(bpmin); BN_init(bpmax); BN_init(bmin); BN_init(bmax); ++ bpmin = BN_new(); ++ bpmax = BN_new(); ++ bmin = BN_new(); ++ bmax = BN_new(); ++ ret = 0; + switch (af) { + case AF_INET: + alen = sizeof (struct in_addr); +@@ -115,14 +119,14 @@ in_range(ASN1_BIT_STRING *min1, ASN1_BIT_STRING *max1, + break; + default: + DBG(&dbg_ver, "Unsupported AF"); +- return (0); ++ goto end; + } + + len = min1->length < alen ? min1->length : alen; + memset(buf, 0, sizeof (buf)); + memcpy(buf, min1->data, len); + if (!BN_bin2bn(buf, alen, bpmin)) { +- return (0); ++ goto end; + } + + len = max1->length < alen ? max1->length : alen; +@@ -135,14 +139,14 @@ in_range(ASN1_BIT_STRING *min1, ASN1_BIT_STRING *max1, + buf[len - 1] |= mask; + } + if (!BN_bin2bn(buf, alen, bpmax)) { +- return (0); ++ goto end; + } + + len = min2->length < alen ? min2->length : alen; + memset(buf, 0, sizeof (buf)); + memcpy(buf, min2->data, len); + if (!BN_bin2bn(buf, alen, bmin)) { +- return (0); ++ goto end; + } + + len = max2->length < alen ? max2->length : alen; +@@ -155,18 +159,24 @@ in_range(ASN1_BIT_STRING *min1, ASN1_BIT_STRING *max1, + buf[len - 1] |= mask; + } + if (!BN_bin2bn(buf, alen, bmax)) { +- return (0); ++ goto end; + } + + /* bmin <= bpmin <= bpmax <= bmax. We already know bpmin <= bpmax */ + if (BN_cmp(bmin, bpmin) == 1) { +- return (0); ++ goto end; + } + if (BN_cmp(bpmax, bmax) == 1) { +- return (0); ++ goto end; + } ++ ret = 1; ++end: ++ BN_free(bpmin); ++ BN_free(bpmax); ++ BN_free(bmin); ++ BN_free(bmax); + +- return (1); ++ return (ret); + } + + static int +@@ -247,16 +257,14 @@ af_cmp(IPAddressFamily *ipf1, IPAddressFamily *ipf2) + } + + DBG(&dbg_ver, "Pre-cmp ipc AOR count: %d", +- sk_num(ipc1->u.addressesOrRanges)); ++ sk_IPAddressOrRange_num(ipc1->u.addressesOrRanges)); + +- for (i = 0; i < sk_num(ipc1->u.addressesOrRanges); i++) { +- aor1 = +- (IPAddressOrRange *)sk_value(ipc1->u.addressesOrRanges, i); +- for (j = 0; j < sk_num(ipc2->u.addressesOrRanges); j++) { +- aor2 = (IPAddressOrRange *) +- sk_value(ipc2->u.addressesOrRanges, j); ++ for (i = 0; i < sk_IPAddressOrRange_num(ipc1->u.addressesOrRanges); i++) { ++ aor1 = sk_IPAddressOrRange_value(ipc1->u.addressesOrRanges, i); ++ for (j = 0; j < sk_IPAddressOrRange_num(ipc2->u.addressesOrRanges); j++) { ++ aor2 = sk_IPAddressOrRange_value(ipc2->u.addressesOrRanges, j); + if (aor_match(aor1, aor2, af) == 0) { +- sk_delete(ipc1->u.addressesOrRanges, i--); ++ sk_IPAddressOrRange_delete(ipc1->u.addressesOrRanges, i--); + IPAddressOrRange_free(aor1); + break; + } +@@ -264,9 +272,9 @@ af_cmp(IPAddressFamily *ipf1, IPAddressFamily *ipf2) + } + + DBG(&dbg_ver, "Post-cmp ipc AOR count: %d", +- sk_num(ipc1->u.addressesOrRanges)); ++ sk_IPAddressOrRange_num(ipc1->u.addressesOrRanges)); + +- if (sk_num(ipc1->u.addressesOrRanges) == 0) { ++ if (sk_IPAddressOrRange_num(ipc1->u.addressesOrRanges) == 0) { + return (0); + } + +@@ -307,7 +315,7 @@ verify_ipext_cert(X509_STORE_CTX *ctx, int idx, X509 * + IPAddressFamily *ipf1, *ipf2; + int i, j, inherit = 0; + +- DBG(&dbg_ver, "vipb stack cnt: %d idx: %d", sk_num(vipb), idx); ++ DBG(&dbg_ver, "vipb stack cnt: %d idx: %d", sk_IPAddressFamily_num(vipb), idx); + + ipb = X509_get_ext_d2i(x, pkix_ip_ext_method.ext_nid, NULL, NULL); + if (!ipb) { +@@ -315,18 +323,18 @@ verify_ipext_cert(X509_STORE_CTX *ctx, int idx, X509 * + return (-1); + } + +- for (i = 0; i < sk_num(vipb); i++) { +- ipf1 = (IPAddressFamily *)sk_value(vipb, i); ++ for (i = 0; i < sk_IPAddressFamily_num(vipb); i++) { ++ ipf1 = sk_IPAddressFamily_value(vipb, i); + + /* Ignore inherits in vipb */ + if (is_inherit(ipf1)) { +- sk_delete(vipb, i--); ++ sk_IPAddressFamily_delete(vipb, i--); + IPAddressFamily_free(ipf1); + continue; + } + +- for (j = 0; j < sk_num(ipb); j++) { +- ipf2 = (IPAddressFamily *)sk_value(ipb, j); ++ for (j = 0; j < sk_IPAddressFamily_num(ipb); j++) { ++ ipf2 = sk_IPAddressFamily_value(ipb, j); + if (af_match(ipf1, ipf2)) { + /* + * Inherits in ipb need to be checked +@@ -338,7 +346,7 @@ verify_ipext_cert(X509_STORE_CTX *ctx, int idx, X509 * + } + + if (af_cmp(ipf1, ipf2) == 0) { +- sk_delete(vipb, i--); ++ sk_IPAddressFamily_delete(vipb, i--); + IPAddressFamily_free(ipf1); + break; + } +@@ -346,18 +354,18 @@ verify_ipext_cert(X509_STORE_CTX *ctx, int idx, X509 * + } + } + +- if (!inherit || (++idx) == sk_num(ctx->chain)) { ++ if (!inherit || (++idx) == sk_num(X509_STORE_CTX_get_chain(ctx))) { + /* end of the line */ + goto done; + } +- x = (X509 *)sk_value(ctx->chain, idx); ++ x = (X509 *)sk_value(X509_STORE_CTX_get_chain(ctx), idx); + verify_ipext_cert(ctx, idx, x, vipb); + + done: + IPAddrBlocks_free(ipb); + + /* If the vipb stack is now empty all ipf's matched */ +- if (sk_num(vipb) != 0) { ++ if (sk_IPAddressFamily_num(vipb) != 0) { + return (-1); + } + +@@ -376,13 +384,13 @@ verify_ipext(X509_STORE_CTX *ctx, IPAddrBlocks *vipb) + i2v_IPAddrBlocks(NULL, vipb, NULL), 8, 1); + #endif + +- if (sk_num(vipb) == 0) { ++ if (sk_IPAddressFamily_num(vipb) == 0) { + DBG(&dbg_ver, "IPAddrBlock empty; rejecting"); + return (-1); + } + +- for (i = 0; i < sk_num(ctx->chain); i++) { +- x = (X509 *)sk_value(ctx->chain, i); ++ for (i = 0; i < sk_num(X509_STORE_CTX_get_chain(ctx)); i++) { ++ x = (X509 *)sk_value(X509_STORE_CTX_get_chain(ctx), i); + + DBG(&dbg_ver, "%s", + X509_NAME_oneline(X509_get_subject_name(x), nbuf, +@@ -391,7 +399,7 @@ verify_ipext(X509_STORE_CTX *ctx, IPAddrBlocks *vipb) + if (verify_ipext_cert(ctx, i, x, vipb) < 0) { + return (-1); + } +- if (sk_num(vipb) == 0) { ++ if (sk_IPAddressFamily_num(vipb) == 0) { + break; + } + } +@@ -408,9 +416,9 @@ verify_ipext_chain(X509_STORE_CTX *ctx) + + DBG(&dbg_ver, "Verifying IP Exts in the certificate chain"); + +- for (i = 1; i < sk_num(ctx->chain); i++) { +- vx = (X509 *)sk_value(ctx->chain, i - 1); +- x = (X509 *)sk_value(ctx->chain, i); ++ for (i = 1; i < sk_num(X509_STORE_CTX_get_chain(ctx)); i++) { ++ vx = (X509 *)sk_value(X509_STORE_CTX_get_chain(ctx), i - 1); ++ x = (X509 *)sk_value(X509_STORE_CTX_get_chain(ctx), i); + + DBG(&dbg_ver, "%s", + X509_NAME_oneline(X509_get_subject_name(vx), nbuf, +@@ -446,7 +454,7 @@ pkixip_verify_cb(int ok, X509_STORE_CTX *ctx) + X509_NAME_oneline(X509_get_subject_name(x), nbuf, sizeof (nbuf)); + #endif + if (!ok) { +- if (ctx->error == X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION) { ++ if (X509_STORE_CTX_get_error(ctx) == X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION) { + /* + * OpenSSL doesn't explicitly support PKIX IP Ext, + * so it throws this error when it encounters the +@@ -458,7 +466,7 @@ pkixip_verify_cb(int ok, X509_STORE_CTX *ctx) + } else { + DBG(&dbg_ver, "Not OK at %s", nbuf); + DBG(&dbg_ver, "%s", +- X509_verify_cert_error_string(ctx->error)); ++ X509_verify_cert_error_string(X509_STORE_CTX_get_error(ctx))); + } + } else { + DBG(&dbg_ver, "OK at %s", nbuf); Added: head/net-mgmt/send/files/patch-libs-libpkixipext-x509.c ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/net-mgmt/send/files/patch-libs-libpkixipext-x509.c Sun Mar 17 11:28:18 2019 (r496045) @@ -0,0 +1,310 @@ +--- libs/libpkixipext/x509.c.orig 2019-02-27 16:25:45 UTC ++++ libs/libpkixipext/x509.c +@@ -57,34 +57,54 @@ static char nbuf[1024]; + extern int pkixip_verify_cb(int, X509_STORE_CTX *); + + X509V3_EXT_METHOD pkix_ip_ext_method = { +- ext_flags : X509V3_EXT_MULTILINE, +- it : ASN1_ITEM_ref(IPAddrBlocks), +- i2v : (X509V3_EXT_I2V)i2v_IPAddrBlocks, ++ .ext_flags = X509V3_EXT_MULTILINE, ++ .it = ASN1_ITEM_ref(IPAddrBlocks), ++ .i2v = (X509V3_EXT_I2V)i2v_IPAddrBlocks, + }; + ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + static STACK *stores[PKIXIP_MAX_STORES]; ++#else ++static STACK_OF(X509_OBJECT) *stores[PKIXIP_MAX_STORES]; ++#endif + static X509_STORE_CTX *ctx_bysubj; + static int next_store = 1; + static void *(*wrap_store_cert)(X509 *x); + static void (*trustanchor_cb)(X509 *x); + pthread_mutex_t stores_lock = PTHREAD_MUTEX_INITIALIZER; + ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + static STACK *mychain; ++#else ++static STACK_OF(X509_OBJECT) *mychain; ++#endif + ++#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#define X509_OBJECT_get_type(a) ((a)->type) ++#define X509_OBJECT_get0_X509(a) ((a)->data.x509) ++#define X509_OBJECT_get0_X509_CRL(a) ((a)->data.crl) ++#define X509_STORE_get0_objects(a) ((a)->objs) ++#define X509_STORE_CTX_get0_chain(a) ((a)->chain) ++#endif + /* Lifted from openssl x509_lu.c */ ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + static int + x509_object_cmp(X509_OBJECT **a, X509_OBJECT **b) ++#else ++static int ++x509_object_cmp(const X509_OBJECT * const *a, const X509_OBJECT * const *b) ++#endif + { + int ret; + +- ret=((*a)->type - (*b)->type); ++ ret=(X509_OBJECT_get_type(*a) - X509_OBJECT_get_type(*b)); + if (ret) return ret; +- switch ((*a)->type) { ++ switch (X509_OBJECT_get_type(*a)) { + case X509_LU_X509: +- ret=X509_subject_name_cmp((*a)->data.x509,(*b)->data.x509); ++ ret=X509_subject_name_cmp(X509_OBJECT_get0_X509(*a),X509_OBJECT_get0_X509(*b)); + break; + case X509_LU_CRL: +- ret=X509_CRL_cmp((*a)->data.crl,(*b)->data.crl); ++ ret=X509_CRL_cmp(X509_OBJECT_get0_X509_CRL(*a),X509_OBJECT_get0_X509_CRL(*b)); + break; + default: + /* abort(); */ +@@ -243,7 +263,11 @@ pkixip_load_pkey(const char *f) + return (pkey); + } + ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + static STACK * ++#else ++static STACK_OF(X509_OBJECT) * ++#endif + pkixip_get_store(int handle) + { + if (handle >= PKIXIP_MAX_STORES || handle < 0) { +@@ -257,7 +281,11 @@ pkixip_get_store(int handle) + void + pkixip_walk_store(int (*cb)(X509 *, void *), void *cookie, int handle) + { ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + STACK *objs; ++#else ++ STACK_OF(X509_OBJECT) *objs; ++#endif + int i; + X509_OBJECT *xo; + +@@ -266,12 +294,16 @@ pkixip_walk_store(int (*cb)(X509 *, void *), void *coo + goto done; + } + ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + for (i = 0; i < sk_num(objs); i++) { ++#else ++ for (i = 0; i < sk_X509_OBJECT_num(objs); i++) { ++#endif + xo = sk_X509_OBJECT_value(objs, i); +- if (xo->type != X509_LU_X509) { ++ if (X509_OBJECT_get_type(xo) != X509_LU_X509) { + continue; + } +- if (!cb(xo->data.x509, cookie)) { ++ if (!cb(X509_OBJECT_get0_X509(xo), cookie)) { + break; + } + } +@@ -282,7 +314,11 @@ done: + void * + pkixip_find_cert(void *k, int handle) + { ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + STACK *store; ++#else ++ STACK_OF(X509_OBJECT) *store; ++#endif + int i; + void *r = NULL; + +@@ -291,11 +327,19 @@ pkixip_find_cert(void *k, int handle) + goto done; + } + ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + if ((i = sk_find(store, k)) < 0) { ++#else ++ if ((i = sk_X509_OBJECT_find(store, k)) < 0) { ++#endif + goto done; + } + ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + r = sk_value(store, i); ++#else ++ r = sk_X509_OBJECT_value(store, i); ++#endif + + done: + pthread_mutex_unlock(&stores_lock); +@@ -304,8 +348,13 @@ done: + + /* Caller must hold stores_lock */ + static int ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + pkixip_do_add_store(int handle, int (*cmp)(X509_OBJECT **, X509_OBJECT **), + STACK *objs) ++#else ++pkixip_do_add_store(int handle, int (*cmp)(const X509_OBJECT * const *, X509_OBJECT * const *), ++ STACK_OF(X509_OBJECT) *objs) ++#endif + { + if (objs == NULL && (objs = sk_X509_OBJECT_new(cmp)) == NULL) { + applog(LOG_CRIT, "no memory"); +@@ -316,8 +365,13 @@ pkixip_do_add_store(int handle, int (*cmp)(X509_OBJECT + return (0); + } + ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + int + pkixip_add_store(int *handle, int (*cmp)(X509_OBJECT **, X509_OBJECT **)) ++#else ++int ++pkixip_add_store(int *handle, int (*cmp)(const X509_OBJECT * const *, const X509_OBJECT * const *)) ++#endif + { + int r = 0; + +@@ -369,7 +423,7 @@ pkixip_get_store_ctx(void) + } + + pthread_mutex_lock(&stores_lock); +- if (pkixip_do_add_store(PKIXIP_STORE_BYSUBJ, x509_object_cmp, st->objs) ++ if (pkixip_do_add_store(PKIXIP_STORE_BYSUBJ, x509_object_cmp, X509_STORE_get0_objects(st)) + < 0) { + X509_STORE_free(st); + X509_STORE_CTX_free(ctx_bysubj); +@@ -396,17 +450,24 @@ pkixip_store_ctx_light_cleanup(X509_STORE_CTX *ctx) + { + // X509_STORE_CTX_cleanup(ctx); + +- if (ctx->chain != NULL) { +- sk_X509_pop_free(ctx->chain, noop_free); ++ if (X509_STORE_CTX_get0_chain(ctx) != NULL) { ++ sk_X509_pop_free(X509_STORE_CTX_get0_chain(ctx), noop_free); ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + ctx->chain=NULL; ++#endif + } ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509_STORE_CTX, ctx, + &(ctx->ex_data)); + memset(&ctx->ex_data,0,sizeof(CRYPTO_EX_DATA)); ++#else ++ CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509_STORE_CTX, ctx, ++ X509_STORE_CTX_get_app_data(ctx)); ++#endif + + #if 0 +- while (sk_num(ctx->chain) > 0) { +- sk_pop(ctx->chain); ++ while (sk_num(X509_STORE_CTX_get0_chain(ctx)) > 0) { ++ sk_pop(X509_STORE_CTX_get0_chain(ctx)); + } + #endif + } +@@ -445,10 +506,19 @@ pkixip_add2stores_cert(X509 *x) + int i, r = 0; + X509_STORE_CTX *ctx; + void *wrapper; ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + X509_OBJECT o[1]; ++#else ++ X509_OBJECT *o; + +- if ((ctx = pkixip_get_store_ctx()) == NULL) { ++ o = X509_OBJECT_new(); ++ if (o == NULL) + return (-1); ++#endif ++ ++ if ((ctx = pkixip_get_store_ctx()) == NULL) { ++ r = -1; ++ goto done2; + } + + pthread_mutex_lock(&stores_lock); +@@ -459,7 +529,11 @@ pkixip_add2stores_cert(X509 *x) + goto done; + } + ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + if (X509_STORE_add_cert(ctx->ctx, x) != 1) { ++#else ++ if (X509_STORE_add_cert(X509_STORE_CTX_get0_store(ctx), x) != 1) { ++#endif + pkixip_ssl_err(__FUNCTION__, "X509_STORE_add_cert() failed"); + r = -1; + goto done; +@@ -467,7 +541,8 @@ pkixip_add2stores_cert(X509 *x) + + if (wrap_store_cert) { + if ((wrapper = wrap_store_cert(x)) == NULL) { +- return (-1); ++ r = -1; ++ goto done2; + } + } else { + wrapper = x; +@@ -475,7 +550,11 @@ pkixip_add2stores_cert(X509 *x) + + for (i = 1; i < PKIXIP_MAX_STORES; i++) { + if (stores[i]) { ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + sk_push(stores[i], wrapper); ++#else ++ sk_X509_OBJECT_push(stores[i], wrapper); ++#endif + } + } + +@@ -484,6 +563,10 @@ pkixip_add2stores_cert(X509 *x) + + done: + pthread_mutex_unlock(&stores_lock); ++done2: ++#if OPENSSL_VERSION_NUMBER < 0x10100000L ++ free(o); ++#endif + return (r); + } + +@@ -523,14 +606,26 @@ pkixip_my_chain_init(X509 *mycert) + } + + if (mychain != NULL) { ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + sk_free(mychain); ++#else ++ sk_X509_OBJECT_free(mychain); ++#endif + } ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + if ((mychain = sk_dup(ctx->chain)) == NULL) { ++#else ++ if ((mychain = sk_X509_OBJECT_dup(X509_STORE_CTX_get0_chain(ctx))) == NULL) { ++#endif + APPLOG_NOMEM(); + r = -1; + goto done; + } ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + sk_set_cmp_func(mychain, x509_bysubj_cmp); ++#else ++ sk_X509_OBJECT_set_cmp_func(mychain, x509_bysubj_cmp); ++#endif + DBG(&dbg_x509, "mychain verified and set"); + + done: +@@ -538,7 +633,11 @@ done: + return (r); + } + ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + STACK * ++#else ++STACK_OF(X509_OBJECT) * ++#endif + pkixip_get_mychain(void) + { + return (mychain); Modified: head/net-mgmt/send/files/patch-sendd-Makefile ============================================================================== --- head/net-mgmt/send/files/patch-sendd-Makefile Sun Mar 17 10:46:05 2019 (r496044) +++ head/net-mgmt/send/files/patch-sendd-Makefile Sun Mar 17 11:28:18 2019 (r496045) @@ -1,6 +1,6 @@ ---- sendd/Makefile.orig 2014-08-20 04:19:01.000000000 +0900 -+++ sendd/Makefile 2014-08-20 04:19:39.000000000 +0900 -@@ -6,8 +6,8 @@ +--- sendd/Makefile.orig 2019-02-27 16:25:45 UTC ++++ sendd/Makefile +@@ -6,8 +6,8 @@ OBJS= addr.o cert.o cga.o config.o cpa.o cps.o ctl.o n sendd.o sigmeth.o sig_rfc3971.o INC= sendd_local.h snd_proto.h snd_config.h Added: head/net-mgmt/send/files/patch-sendd-cert.c ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/net-mgmt/send/files/patch-sendd-cert.c Sun Mar 17 11:28:18 2019 (r496045) @@ -0,0 +1,14 @@ +--- sendd/cert.c.orig 2019-02-27 16:25:45 UTC ++++ sendd/cert.c +@@ -73,7 +73,11 @@ get_pubkeyhash(X509 *x, uint8_t *buf) + EVP_PKEY *k; + int dlen; + ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + k = X509_PUBKEY_get(x->cert_info->key); ++#else ++ k = X509_get_pubkey(x); ++#endif + if ((der = cga_key2der(k, &dlen)) == NULL) { + return (-1); + } Added: head/net-mgmt/send/files/patch-sendd-cpa.c ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/net-mgmt/send/files/patch-sendd-cpa.c Sun Mar 17 11:28:18 2019 (r496045) @@ -0,0 +1,63 @@ +--- sendd/cpa.c.orig 2019-02-27 16:25:45 UTC ++++ sendd/cpa.c +@@ -183,22 +183,23 @@ next: + } + + static int +-can_handle_cps(uint8_t *ops, int len, STACK *chain, X509 **x) ++can_handle_cps(uint8_t *ops, int len, STACK_OF(X509_OBJECT) *chain, X509 **x) + { + int i, j, r = 0; + X509_NAME *dn; +- X509 x509_s; +- X509_CINF cinf_s; +- STACK *dchain; ++ X509 *x509_s; ++ STACK_OF(X509_OBJECT) *dchain; + STACK_OF(X509_NAME) *dns; + + *x = NULL; +- ++ x509_s = X509_new(); ++ if (x509_s == NULL) ++ return (1); + if ((dns = snd_get_trustanchors_from_opts(ops, len)) == NULL) { + return (1); + } +- if (sk_num(dns) == 0) { +- sk_free(dns); ++ if (sk_X509_NAME_num(dns) == 0) { ++ sk_X509_NAME_free(dns); + return (1); + } + +@@ -209,24 +210,22 @@ can_handle_cps(uint8_t *ops, int len, STACK *chain, X5 + * sorting (triggered by sk_find), and we need to chain order + * preserved so we can send out the certs in correct order. + */ +- if ((dchain = sk_dup(chain)) == NULL) { ++ if ((dchain = sk_X509_OBJECT_dup(chain)) == NULL) { + applog(LOG_CRIT, "%s: no memory", __FUNCTION__); + goto done; + } +- x509_s.cert_info= &cinf_s; +- +- for (i = 0; i < sk_num(dns); i++) { ++ for (i = 0; i < sk_X509_num(dns); i++) { + dn = sk_X509_NAME_value(dns, i); +- cinf_s.subject=dn; ++ X509_set_subject_name(x509_s, dn); + +- if ((j = sk_X509_find(dchain, &x509_s)) >= 0) { ++ if ((j = sk_X509_NAME_find(dchain, x509_s)) >= 0) { + r = 1; + *x = sk_X509_value(dchain, j); + DBG(dbg, "found"); + break; + } + } +- sk_free(dchain); ++ sk_X509_OBJECT_free(dchain); + + done: + sk_X509_NAME_pop_free(dns, X509_NAME_free); Added: head/net-mgmt/send/files/patch-sendd-openssl.c ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/net-mgmt/send/files/patch-sendd-openssl.c Sun Mar 17 11:28:18 2019 (r496045) @@ -0,0 +1,42 @@ +--- sendd/openssl.c.orig 2019-02-27 16:25:45 UTC ++++ sendd/openssl.c +@@ -57,6 +57,11 @@ struct dlog_desc dbg_cryptox = { + }; + #endif + ++#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#define X509_OBJECT_new(a) calloc(1, sizeof(X509_OBJECT)) ++#define X509_OBJECT_get0_X509(a) ((a)->data.x509) ++#endif ++ + static char nbuf[1024]; /* for displaying X509_NAMEs */ + + static pthread_mutex_t *lock_cs; +@@ -216,12 +221,17 @@ snd_have_chain(void *a) + X509_STORE_CTX *ctx = pkixip_get_store_ctx(); + X509 *tx = a; + X509_NAME *subj, *iss; +- X509_OBJECT obj[1]; ++ X509_OBJECT *obj; + + if (ctx == NULL) { + DBG(&dbg_snd, "pkixip_get_store() failed"); + return (0); + } ++ obj = X509_OBJECT_new(); ++ if (obj == NULL) { ++ DBG(&dbg_snd, "pkixip_get_store() X509_OBJECT() failed"); ++ return (0); ++ } + + for (;;) { + subj = X509_get_subject_name(tx); +@@ -234,7 +244,7 @@ snd_have_chain(void *a) + X509_NAME_oneline(iss, nbuf, sizeof (nbuf))); + return (0); + } +- tx = obj->data.x509; ++ tx = X509_OBJECT_get0_X509(obj); + } + + return (1); Modified: head/net-mgmt/send/files/patch-sendd-os-Makefile ============================================================================== --- head/net-mgmt/send/files/patch-sendd-os-Makefile Sun Mar 17 10:46:05 2019 (r496044) +++ head/net-mgmt/send/files/patch-sendd-os-Makefile Sun Mar 17 11:28:18 2019 (r496045) @@ -1,10 +1,11 @@ ---- sendd/os/Makefile.orig 2010-08-28 17:58:04.000000000 +0900 -+++ sendd/os/Makefile 2014-08-20 04:33:33.000000000 +0900 +--- sendd/os/Makefile.orig 2019-02-27 16:25:45 UTC ++++ sendd/os/Makefile @@ -1,13 +1,5 @@ OBJS += os/addr.o os/snd_freebsd.o os-linux/rand.o -CPPFLAGS += -I/usr/local/include -- ++CPPFLAGS += -I${LOCALBASE}/include + -OSLIBS= -L/usr/local/lib -l$(DNET) - -OSEXTRA= os/sendd *** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201903171128.x2HBSIX1007145>