From owner-svn-ports-all@freebsd.org Sat Oct 13 20:15:45 2018 Return-Path: Delivered-To: svn-ports-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 0857410D466C; Sat, 13 Oct 2018 20:15:45 +0000 (UTC) (envelope-from dbaio@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id AF97C88C5C; Sat, 13 Oct 2018 20:15:44 +0000 (UTC) (envelope-from dbaio@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id A650C13BF2; Sat, 13 Oct 2018 20:15:44 +0000 (UTC) (envelope-from dbaio@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w9DKFic4085834; Sat, 13 Oct 2018 20:15:44 GMT (envelope-from dbaio@FreeBSD.org) Received: (from dbaio@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id w9DKFiv5085833; Sat, 13 Oct 2018 20:15:44 GMT (envelope-from dbaio@FreeBSD.org) Message-Id: <201810132015.w9DKFiv5085833@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: dbaio set sender to dbaio@FreeBSD.org using -f From: "Danilo G. Baio" Date: Sat, 13 Oct 2018 20:15:44 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r482008 - head/security/medusa/files X-SVN-Group: ports-head X-SVN-Commit-Author: dbaio X-SVN-Commit-Paths: head/security/medusa/files X-SVN-Commit-Revision: 482008 X-SVN-Commit-Repository: ports MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-all@freebsd.org X-Mailman-Version: 2.1.27 Precedence: list List-Id: SVN commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 13 Oct 2018 20:15:45 -0000 Author: dbaio Date: Sat Oct 13 20:15:44 2018 New Revision: 482008 URL: https://svnweb.freebsd.org/changeset/ports/482008 Log: security/medusa: Fix build with OpenSSL 1.1.x PR: 232209 Submitted by: Nathan Obtained from: debian Added: head/security/medusa/files/ head/security/medusa/files/patch-openssl-1.1.x (contents, props changed) Added: head/security/medusa/files/patch-openssl-1.1.x ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/medusa/files/patch-openssl-1.1.x Sat Oct 13 20:15:44 2018 (r482008) @@ -0,0 +1,153 @@ +From 349ef7f0c24b627c6dbba8bcd5b47173806473a2 Mon Sep 17 00:00:00 2001 +From: jmk-foofus +Origin: https://github.com/jmk-foofus/medusa/commit/349ef7f0c24b627c6dbba8bcd5b47173806473a2 +Date: Tue, 1 Nov 2016 16:26:12 -0500 +Subject: [PATCH] Update to support newer versions of OpenSSL. + +--- + config.h.in | 6 ++++++ + configure | 13 ++++++++++--- + configure.ac | 2 +- + src/medusa-net.c | 9 +++++---- + src/medusa-thread-ssl.c | 10 +++++++--- + src/medusa.h | 4 ++++ + src/modsrc/vnc.c | 12 +++++++++--- + 7 files changed, 42 insertions(+), 14 deletions(-) + +--- config.h.in ++++ config.h.in +@@ -82,6 +82,12 @@ + /* Define to 1 if you have the header file. */ + #undef HAVE_MEMORY_H + ++/* Define to 1 if you have the header file. */ ++#undef HAVE_OPENSSL_CRYPTO_H ++ ++/* Define to 1 if you have the header file. */ ++#undef HAVE_OPENSSL_SSL_H ++ + /* Define to 1 if you have the header file. */ + #undef HAVE_STDINT_H + +--- src/medusa-net.c ++++ src/medusa-net.c +@@ -327,7 +327,9 @@ RSA *sslTempRSACallback(SSL * ssl __attr + RSA *rsa = NULL; + + if (rsa == NULL) +- rsa = RSA_generate_key(512, RSA_F4, NULL, NULL); ++ /* https://openssl.org/docs/manmaster/crypto/RSA_generate_key.html */ ++ RSA_generate_key_ex(rsa, 512, (BIGNUM*) RSA_F4, NULL); ++ + return rsa; + } + +@@ -347,12 +349,12 @@ int medusaConnectSSLInternal(sConnectPar + the server demands. The module can override this by setting nSSLVersion. */ + + /* Debian's OpenSSL has SSLv2 support disabled. */ +-#ifndef OPENSSL_NO_SSL2 ++#if !defined(OPENSSL_NO_SSL2) && (OPENSSL_VERSION_NUMBER < 0x10100005L) + if (pParams->nSSLVersion == 2) + sslContext = SSL_CTX_new(SSLv2_client_method()); + else + #endif +-#ifndef OPENSSL_NO_SSL3 ++#if !defined(OPENSSL_NO_SSL3) && (OPENSSL_VERSION_NUMBER < 0x10100005L) + if (pParams->nSSLVersion == 3) + sslContext = SSL_CTX_new(SSLv3_client_method()); + else +@@ -378,7 +380,6 @@ int medusaConnectSSLInternal(sConnectPar + + // we set the default verifiers and dont care for the results + SSL_CTX_set_default_verify_paths(sslContext); +- SSL_CTX_set_tmp_rsa_callback(sslContext, sslTempRSACallback); + SSL_CTX_set_verify(sslContext, SSL_VERIFY_NONE, NULL); + + if ((hSocket < 0) && ((hSocket = medusaConnect(pParams)) < 0)) +--- src/medusa-thread-ssl.c ++++ src/medusa-thread-ssl.c +@@ -13,7 +13,11 @@ + + #include "medusa.h" + +-#ifdef HAVE_LIBSSL ++/* In OpenSSL <= 1.0.2, an application had to set locking callbacks to use ++ OpenSSL in a multi-threaded environment. OpenSSL 1.1.0 now finds pthreads ++ or Windows threads, so nothing special is necessary. ++*/ ++#if defined(HAVE_LIBSSL) && (OPENSSL_VERSION_NUMBER < 0x10100005L) + static pthread_mutex_t *lockarray; + + #include +@@ -79,7 +83,7 @@ void init_locks_gnutls(void) + + void init_crypto_locks(void) + { +-#ifdef HAVE_LIBSSL ++#if defined(HAVE_LIBSSL) && (OPENSSL_VERSION_NUMBER < 0x10100005L) + init_locks_openssl(); + #endif + +@@ -90,7 +94,7 @@ void init_crypto_locks(void) + + void kill_crypto_locks(void) + { +-#ifdef HAVE_LIBSSL ++#if defined(HAVE_LIBSSL) && (OPENSSL_VERSION_NUMBER < 0x10100005L) + kill_locks_openssl(); + #endif + } +--- src/medusa.h ++++ src/medusa.h +@@ -44,6 +44,10 @@ + #include + #endif + ++#ifdef HAVE_LIBSSL ++ #include ++#endif ++ + #define PROGRAM "Medusa" + #ifndef VERSION + #define VERSION "1.0" +--- src/modsrc/vnc.c ++++ src/modsrc/vnc.c +@@ -811,7 +811,10 @@ int sendAuthMSLogin(int hSocket, _VNC_DA + + /* create and populate DH structure */ + dh_struct = DH_new(); +- ++ ++#if OPENSSL_VERSION_NUMBER >= 0x10100005L ++ DH_set0_pqg(dh_struct, (BIGNUM*) &p, (BIGNUM*) &client_priv, (BIGNUM*) &g); ++#else + dh_struct->g = BN_new(); + BN_set_word(dh_struct->g, g); + +@@ -820,12 +823,11 @@ int sendAuthMSLogin(int hSocket, _VNC_DA + + dh_struct->priv_key = BN_new(); + BN_set_word(dh_struct->priv_key, client_priv); ++#endif + + if (DH_generate_key(dh_struct) == 0) + writeError(ERR_ERROR, "[%s] Failed to generate key", MODULE_NAME); + +- writeError(ERR_DEBUG_MODULE, "[%s] Client DH private key: %s public key: %s", MODULE_NAME, BN_bn2hex(dh_struct->priv_key), BN_bn2hex(dh_struct->pub_key)); +- + DH_check(dh_struct, &dh_error); + if (dh_error & DH_CHECK_P_NOT_SAFE_PRIME) + writeError(ERR_DEBUG_MODULE, "[%s] Failed to create DH structure: DH_CHECK_P_NOT_SAFE_PRIME", MODULE_NAME); +@@ -835,7 +837,11 @@ int sendAuthMSLogin(int hSocket, _VNC_DA + writeError(ERR_DEBUG_MODULE, "[%s] Failed to create DH structure: DH_UNABLE_TO_CHECK_GENERATOR", MODULE_NAME); + + /* convert client public key into proper format for sending */ ++#if OPENSSL_VERSION_NUMBER >= 0x10100005L ++ DH_set0_key(dh_struct, (BIGNUM*) &client_pub, (BIGNUM*) &client_priv); ++#else + int64ToBytes(BN_get_word(dh_struct->pub_key), client_pub); ++#endif + + /* generate shared secret using private DH key and server's public key */ + server_pub = BN_new();