From owner-svn-ports-all@freebsd.org Fri Jan 29 22:11:12 2021 Return-Path: Delivered-To: svn-ports-all@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 28DA04FAC90; Fri, 29 Jan 2021 22:11:12 +0000 (UTC) (envelope-from fox@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4DSBPX0fGkz4Tsk; Fri, 29 Jan 2021 22:11:12 +0000 (UTC) (envelope-from fox@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 092F8237E; Fri, 29 Jan 2021 22:11:12 +0000 (UTC) (envelope-from fox@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 10TMBB0G063705; Fri, 29 Jan 2021 22:11:11 GMT (envelope-from fox@FreeBSD.org) Received: (from fox@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id 10TMBBCt063703; Fri, 29 Jan 2021 22:11:11 GMT (envelope-from fox@FreeBSD.org) Message-Id: <202101292211.10TMBBCt063703@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: fox set sender to fox@FreeBSD.org using -f From: Santhosh Raju Date: Fri, 29 Jan 2021 22:11:11 +0000 (UTC) To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r563255 - in head/security/wolfssl: . files X-SVN-Group: ports-head X-SVN-Commit-Author: fox X-SVN-Commit-Paths: in head/security/wolfssl: . files X-SVN-Commit-Revision: 563255 X-SVN-Commit-Repository: ports MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-ports-all@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: SVN commit messages for the ports tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 29 Jan 2021 22:11:12 -0000 Author: fox Date: Fri Jan 29 22:11:11 2021 New Revision: 563255 URL: https://svnweb.freebsd.org/changeset/ports/563255 Log: security/wolfssl: Add DEBUG option and enable more features. - Set --enable-opensslall which is needed for wolfSSL_X509_NAME_print_ex() and friends. - Set --enable-certgen to allow certificate generation. - Define WOLFSSL_ALT_NAMES so one can generate certificates with the Subject Alternative Name extension. - Set --enable-sessioncerts to allow to inspect certificates with wolfSSL_get_peer_cert_chain(). - Set --enable-des3 so one can load PBES2-3DES-CBC-encoded keys. Additionally a patch to prevent memory leaks is included. PR: 252829 Submitted by: Fabian Keil Reported by: Fabian Keil Approved by: fox (maintainer) Added: head/security/wolfssl/files/ head/security/wolfssl/files/patch-src-ssl.c (contents, props changed) Modified: head/security/wolfssl/Makefile Modified: head/security/wolfssl/Makefile ============================================================================== --- head/security/wolfssl/Makefile Fri Jan 29 21:59:39 2021 (r563254) +++ head/security/wolfssl/Makefile Fri Jan 29 22:11:11 2021 (r563255) @@ -2,9 +2,11 @@ PORTNAME= wolfssl PORTVERSION= 4.6.0 +PORTREVISION= 1 CATEGORIES= security devel MASTER_SITES= https://www.wolfssl.com/ \ LOCAL/fox + MAINTAINER= fox@FreeBSD.org COMMENT= Embedded SSL C-Library @@ -16,14 +18,18 @@ USE_LDCONFIG= yes GNU_CONFIGURE= yes CONFIGURE_ARGS= --disable-dependency-tracking \ + --enable-certgen \ + --enable-des3 \ --enable-dh \ --enable-dsa \ --enable-dtls \ --enable-ecc \ --enable-ipv6 \ --enable-keygen \ + --enable-opensslall \ --enable-opensslextra \ --enable-ripemd \ + --enable-sessioncerts \ --enable-sha512 \ --enable-shared \ --enable-sni \ @@ -32,9 +38,12 @@ CONFIGURE_ARGS= --disable-dependency-tracking \ --enable-tls13 \ --enable-tls13-draft18 TEST_TARGET= check +CFLAGS+= -DWOLFSSL_ALT_NAMES PORTDOCS= * -OPTIONS_DEFINE= DOCS +OPTIONS_DEFINE= DEBUG DOCS +DEBUG_CONFIGURE_ON= --enable-debug + post-configure: @${REINPLACE_CMD} \ -e 's|$${prefix}/cyassl/include|$${prefix}/include/cyassl|' \ @@ -42,7 +51,7 @@ post-configure: -e '/^pkgconfigdir/s|(libdir)|&data|' \ ${WRKSRC}/Makefile -post-install: +post-install-DEBUG-off: @${STRIP_CMD} ${STAGEDIR}${PREFIX}/lib/libwolfssl.so .include Added: head/security/wolfssl/files/patch-src-ssl.c ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/wolfssl/files/patch-src-ssl.c Fri Jan 29 22:11:11 2021 (r563255) @@ -0,0 +1,31 @@ +From 0aead8cb868003a5dff2e81d6a7ffd7579652610 Mon Sep 17 00:00:00 2001 +From: Fabian Keil +Date: Sun, 17 Jan 2021 11:21:59 +0100 +Subject: [PATCH] wolfSSL_CertManagerFree(): free refMutex + +Fixes memory leaks like: + ==323== 96 bytes in 1 blocks are definitely lost in loss record 3 of 4 + ==323== at 0x4C291E1: calloc (in /usr/local/lib/valgrind/vgpreload_memcheck-amd64-freebsd.so) + ==323== by 0x585495F: pthread_mutex_init (in /lib/libthr.so.3) + ==323== by 0x4E7B5E8: wc_InitMutex (wc_port.c:1071) + ==323== by 0x4F09540: wolfSSL_CertManagerNew_ex (ssl.c:3596) + ==323== by 0x4EC6A81: InitSSL_Ctx (internal.c:1752) + ==323== by 0x4F0441E: wolfSSL_CTX_new_ex (ssl.c:394) + ==323== by 0x4F04658: wolfSSL_CTX_new (ssl.c:436) + ==323== by 0x400AA2: main (wolfssl-ctx-leak.c:9) + +This is a partial cherry-pick of upstream commit +9598c037168b73ce2f by Tesfa Mael. +--- src/ssl.c.orig 2020-12-23 02:15:20 UTC ++++ src/ssl.c +@@ -3663,7 +3663,9 @@ void wolfSSL_CertManagerFree(WOLFSSL_CERT_MANAGER* cm) + FreeTrustedPeerTable(cm->tpTable, TP_TABLE_SIZE, cm->heap); + wc_FreeMutex(&cm->tpLock); + #endif +- ++ if (wc_FreeMutex(&cm->refMutex) != 0) { ++ WOLFSSL_MSG("Couldn't free refMutex mutex"); ++ } + XFREE(cm, cm->heap, DYNAMIC_TYPE_CERT_MANAGER); + } + }