svn commit: r483489 - in head/security/botan110: . files
Tobias Kortkamp
tobik at FreeBSD.org
Tue Oct 30 16:26:26 UTC 2018
On Tue, Oct 30, 2018, at 15:00, Dima Panov wrote:
> Author: fluffy
> Date: Tue Oct 30 14:00:31 2018
> New Revision: 483489
> URL: https://svnweb.freebsd.org/changeset/ports/483489
>
> Log:
> - Update to 1.10.7 release [1]
> - While here, add unofficial OpenSSL 1.1.x API support [2, based on]
>
> PR: 222971 [1], 229030 [2]
> Submitted by: Ralf van der Enden [1], Nathan Dowens [2]
> Reported by: brnrd [2]
> Approved by: maintainer
> MFH: 2018Q4
>
> Added:
> head/security/botan110/files/extra-patch-openssl11 (contents, props changed)
> Modified:
> head/security/botan110/Makefile
> head/security/botan110/distinfo
>
> Modified: head/security/botan110/Makefile
> ==============================================================================
> --- head/security/botan110/Makefile Tue Oct 30 13:30:16 2018 (r483488)
> +++ head/security/botan110/Makefile Tue Oct 30 14:00:31 2018 (r483489)
> @@ -2,8 +2,7 @@
> # $FreeBSD$
>
> PORTNAME= botan
> -PORTVERSION= 1.10.13
> -PORTREVISION= 9
> +DISTVERSION= 1.10.17
> CATEGORIES= security
> MASTER_SITES= http://botan.randombit.net/releases/
> PKGNAMESUFFIX= 110
> @@ -16,13 +15,11 @@ LICENSE= BSD2CLAUSE
> LICENSE_FILE= ${WRKSRC}/doc/license.txt
>
> BROKEN_aarch64= Fails to configure: unknown or unidentifiable processor
> arm64
> -BROKEN_SSL= openssl-devel
> -BROKEN_SSL_REASON_openssl-devel= error: variable has incomplete type
> 'EVP_MD_CTX' (aka 'struct evp_md_ctx_st')
>
> OPTIONS_DEFINE= SSL GMP DOCS
> OPTIONS_DEFAULT= SSL GMP
>
> -USES= compiler gmake python:build tar:tgz
> +USES= compiler gmake python:build shebangfix tar:tgz
> HAS_CONFIGURE= yes
> CONFIGURE_SCRIPT= configure.py
> CONFIGURE_ARGS= --prefix=${PREFIX} --cc ${CHOSEN_COMPILER_TYPE} \
> @@ -30,7 +27,8 @@ CONFIGURE_ARGS= --prefix=${PREFIX} --cc ${CHOSEN_COMPI
> MAKE_ARGS= CXX="${CXX}" LIB_OPT="${CXXFLAGS}"
> USE_LDCONFIG= yes
> PLIST_FILES= bin/botan-config-1.10 lib/libbotan-1.10.a lib/
> libbotan-1.10.so lib/libbotan-1.10.so.1 \
> - lib/libbotan-1.10.so.1.13 libdata/pkgconfig/botan-1.10.pc
> + lib/libbotan-1.10.so.1.17 libdata/pkgconfig/botan-1.10.pc
> +SHEBANG_FILES= configure.py
>
> DOCSDIR= ${PREFIX}/share/doc/${PORTNAME}-${PORTVERSION}
> PORTDOCS= *
> @@ -41,6 +39,12 @@ SSL_CONFIGURE_WITH= openssl
> GMP_USES= localbase:ldflags
> GMP_LIB_DEPENDS= libgmp.so:math/gmp
> GMP_CONFIGURE_WITH= gnump
> +
> +.include <bsd.port.pre.mk>
If bsd.port.pre.mk is included, bsd.port.post.mk *must* be used
later, not bsd.port.mk.
/!\ botan110-1.10.17: Makefile errors /!\
you cannot include bsd.port[.pre].mk twice
> +
> +.if (${OPSYS} == FreeBSD && ${OSVERSION} > 1200084) || $
> {SSL_DEFAULT:Mopenssl111} || ${SSL_DEFAULT:M*-devel}
> +EXTRA_PATCHES+= ${FILESDIR}/extra-patch-openssl11
> +.endif
>
> post-patch:
> @${REINPLACE_CMD} -e "s|#!/usr/bin/env python|#!${PYTHON_CMD}|" \
>
> Modified: head/security/botan110/distinfo
> ==============================================================================
> --- head/security/botan110/distinfo Tue Oct 30 13:30:16 2018 (r483488)
> +++ head/security/botan110/distinfo Tue Oct 30 14:00:31 2018 (r483489)
> @@ -1,3 +1,3 @@
> -TIMESTAMP = 1465867941
> -SHA256 (Botan-1.10.13.tgz) =
> 23ec973d4b4a4fe04f490d409e08ac5638afe3aa09acd7f520daaff38ba19b90
> -SIZE (Botan-1.10.13.tgz) = 2710181
> +TIMESTAMP = 1507819766
> +SHA256 (Botan-1.10.17.tgz) =
> 6847ffb64b8d2f939dccfecc17bd2c80385d08f7621e2c56d3a335118e823613
> +SIZE (Botan-1.10.17.tgz) = 2706678
>
> Added: head/security/botan110/files/extra-patch-openssl11
> ==============================================================================
> --- /dev/null 00:00:00 1970 (empty, because file is newly added)
> +++ head/security/botan110/files/extra-patch-openssl11 Tue Oct 30
> 14:00:31 2018 (r483489)
> @@ -0,0 +1,257 @@
> +--- src/engine/openssl/ossl_bc.cpp.orig 2018-10-15 00:16:53 UTC
> ++++ src/engine/openssl/ossl_bc.cpp
> +@@ -8,10 +8,6 @@
> + #include <botan/internal/openssl_engine.h>
> + #include <openssl/evp.h>
> +
> +-#if OPENSSL_VERSION_NUMBER >= 0x10100000
> +- #error "OpenSSL 1.1 API not supported in Botan 1.10, upgrade to 2.x"
> +-#endif
> +-
> + namespace Botan {
> +
> + namespace {
> +@@ -44,7 +40,7 @@
> + size_t block_sz;
> + Key_Length_Specification cipher_key_spec;
> + std::string cipher_name;
> +- mutable EVP_CIPHER_CTX encrypt, decrypt;
> ++ mutable EVP_CIPHER_CTX *encrypt, *decrypt;
> + };
This is broken and botan will hopefully crash at runtime. There
is never any memory allocated for encrypt or decrypt (via
EVP_CIPHER_CTX_new or EVP_CIPHER_CTX_create).
> +
> + /*
> +@@ -59,14 +55,14 @@
> + if(EVP_CIPHER_mode(algo) != EVP_CIPH_ECB_MODE)
> + throw Invalid_Argument("EVP_BlockCipher: Non-ECB EVP was passed
> in");
> +
> +- EVP_CIPHER_CTX_init(&encrypt);
> +- EVP_CIPHER_CTX_init(&decrypt);
> ++ EVP_CIPHER_CTX_init(encrypt);
> ++ EVP_CIPHER_CTX_init(decrypt);
> +
> +- EVP_EncryptInit_ex(&encrypt, algo, 0, 0, 0);
> +- EVP_DecryptInit_ex(&decrypt, algo, 0, 0, 0);
> ++ EVP_EncryptInit_ex(encrypt, algo, 0, 0, 0);
> ++ EVP_DecryptInit_ex(decrypt, algo, 0, 0, 0);
> +
> +- EVP_CIPHER_CTX_set_padding(&encrypt, 0);
> +- EVP_CIPHER_CTX_set_padding(&decrypt, 0);
> ++ EVP_CIPHER_CTX_set_padding(encrypt, 0);
> ++ EVP_CIPHER_CTX_set_padding(decrypt, 0);
> + }
> +
> + /*
> +@@ -83,14 +79,14 @@
> + if(EVP_CIPHER_mode(algo) != EVP_CIPH_ECB_MODE)
> + throw Invalid_Argument("EVP_BlockCipher: Non-ECB EVP was passed
> in");
> +
> +- EVP_CIPHER_CTX_init(&encrypt);
> +- EVP_CIPHER_CTX_init(&decrypt);
> ++ EVP_CIPHER_CTX_init(encrypt);
> ++ EVP_CIPHER_CTX_init(decrypt);
> +
> +- EVP_EncryptInit_ex(&encrypt, algo, 0, 0, 0);
> +- EVP_DecryptInit_ex(&decrypt, algo, 0, 0, 0);
> ++ EVP_EncryptInit_ex(encrypt, algo, 0, 0, 0);
> ++ EVP_DecryptInit_ex(decrypt, algo, 0, 0, 0);
> +
> +- EVP_CIPHER_CTX_set_padding(&encrypt, 0);
> +- EVP_CIPHER_CTX_set_padding(&decrypt, 0);
> ++ EVP_CIPHER_CTX_set_padding(encrypt, 0);
> ++ EVP_CIPHER_CTX_set_padding(decrypt, 0);
> + }
> +
> + /*
> +@@ -98,8 +94,8 @@
> + */
> + EVP_BlockCipher::~EVP_BlockCipher()
> + {
> +- EVP_CIPHER_CTX_cleanup(&encrypt);
> +- EVP_CIPHER_CTX_cleanup(&decrypt);
> ++ EVP_CIPHER_CTX_cleanup(encrypt);
> ++ EVP_CIPHER_CTX_cleanup(decrypt);
> + }
> +
> + /*
> +@@ -109,7 +105,7 @@
> + size_t blocks) const
> + {
> + int out_len = 0;
> +- EVP_EncryptUpdate(&encrypt, out, &out_len, in, blocks * block_sz);
> ++ EVP_EncryptUpdate(encrypt, out, &out_len, in, blocks * block_sz);
> + }
> +
> + /*
> +@@ -119,7 +115,7 @@
> + size_t blocks) const
> + {
> + int out_len = 0;
> +- EVP_DecryptUpdate(&decrypt, out, &out_len, in, blocks * block_sz);
> ++ EVP_DecryptUpdate(decrypt, out, &out_len, in, blocks * block_sz);
> + }
> +
> + /*
> +@@ -134,19 +130,19 @@
> + full_key += std::make_pair(key, 8);
> + }
> + else
> +- if(EVP_CIPHER_CTX_set_key_length(&encrypt, length) == 0 ||
> +- EVP_CIPHER_CTX_set_key_length(&decrypt, length) == 0)
> ++ if(EVP_CIPHER_CTX_set_key_length(encrypt, length) == 0 ||
> ++ EVP_CIPHER_CTX_set_key_length(decrypt, length) == 0)
> + throw Invalid_Argument("EVP_BlockCipher: Bad key length for "
> +
> + cipher_name);
> +
> + if(cipher_name == "RC2")
> + {
> +- EVP_CIPHER_CTX_ctrl(&encrypt, EVP_CTRL_SET_RC2_KEY_BITS,
> length*8, 0);
> +- EVP_CIPHER_CTX_ctrl(&decrypt, EVP_CTRL_SET_RC2_KEY_BITS,
> length*8, 0);
> ++ EVP_CIPHER_CTX_ctrl(encrypt, EVP_CTRL_SET_RC2_KEY_BITS,
> length*8, 0);
> ++ EVP_CIPHER_CTX_ctrl(decrypt, EVP_CTRL_SET_RC2_KEY_BITS,
> length*8, 0);
> + }
> +
> +- EVP_EncryptInit_ex(&encrypt, 0, 0, full_key.begin(), 0);
> +- EVP_DecryptInit_ex(&decrypt, 0, 0, full_key.begin(), 0);
> ++ EVP_EncryptInit_ex(encrypt, 0, 0, full_key.begin(), 0);
> ++ EVP_DecryptInit_ex(decrypt, 0, 0, full_key.begin(), 0);
> + }
> +
> + /*
> +@@ -154,7 +150,7 @@
> + */
> + BlockCipher* EVP_BlockCipher::clone() const
> + {
> +- return new EVP_BlockCipher(EVP_CIPHER_CTX_cipher(&encrypt),
> ++ return new EVP_BlockCipher(EVP_CIPHER_CTX_cipher(encrypt),
> + cipher_name,
> + cipher_key_spec.minimum_keylength(),
> + cipher_key_spec.maximum_keylength(),
> +@@ -166,16 +162,16 @@
> + */
> + void EVP_BlockCipher::clear()
> + {
> +- const EVP_CIPHER* algo = EVP_CIPHER_CTX_cipher(&encrypt);
> ++ const EVP_CIPHER* algo = EVP_CIPHER_CTX_cipher(encrypt);
> +
> +- EVP_CIPHER_CTX_cleanup(&encrypt);
> +- EVP_CIPHER_CTX_cleanup(&decrypt);
> +- EVP_CIPHER_CTX_init(&encrypt);
> +- EVP_CIPHER_CTX_init(&decrypt);
> +- EVP_EncryptInit_ex(&encrypt, algo, 0, 0, 0);
> +- EVP_DecryptInit_ex(&decrypt, algo, 0, 0, 0);
> +- EVP_CIPHER_CTX_set_padding(&encrypt, 0);
> +- EVP_CIPHER_CTX_set_padding(&decrypt, 0);
> ++ EVP_CIPHER_CTX_cleanup(encrypt);
> ++ EVP_CIPHER_CTX_cleanup(decrypt);
> ++ EVP_CIPHER_CTX_init(encrypt);
> ++ EVP_CIPHER_CTX_init(decrypt);
> ++ EVP_EncryptInit_ex(encrypt, algo, 0, 0, 0);
> ++ EVP_DecryptInit_ex(decrypt, algo, 0, 0, 0);
> ++ EVP_CIPHER_CTX_set_padding(encrypt, 0);
> ++ EVP_CIPHER_CTX_set_padding(decrypt, 0);
> + }
> +
> + }
> +--- src/engine/openssl/ossl_md.cpp.orig 2018-10-15 00:26:19 UTC
> ++++ src/engine/openssl/ossl_md.cpp
> +@@ -8,10 +8,6 @@
> + #include <botan/internal/openssl_engine.h>
> + #include <openssl/evp.h>
> +
> +-#if OPENSSL_VERSION_NUMBER >= 0x10100000
> +- #error "OpenSSL 1.1 API not supported in Botan 1.10, upgrade to 2.x"
> +-#endif
> +-
> + namespace Botan {
> +
> + namespace {
> +@@ -28,12 +24,12 @@
> +
> + size_t output_length() const
> + {
> +- return EVP_MD_size(EVP_MD_CTX_md(&md));
> ++ return EVP_MD_size(EVP_MD_CTX_md(md));
> + }
> +
> + size_t hash_block_size() const
> + {
> +- return EVP_MD_block_size(EVP_MD_CTX_md(&md));
> ++ return EVP_MD_block_size(EVP_MD_CTX_md(md));
> + }
> +
> + EVP_HashFunction(const EVP_MD*, const std::string&);
> +@@ -44,7 +40,7 @@
> +
> + size_t block_size;
> + std::string algo_name;
> +- EVP_MD_CTX md;
> ++ EVP_MD_CTX *md;
> + };
Same as above. No memory is allocated for md via EVP_MD_CTX_new
or EVP_MD_CTX_create. Did botan's test suite pass after these changes?
> +
> + /*
> +@@ -52,7 +48,7 @@
> + */
> + void EVP_HashFunction::add_data(const byte input[], size_t length)
> + {
> +- EVP_DigestUpdate(&md, input, length);
> ++ EVP_DigestUpdate(md, input, length);
> + }
> +
> + /*
> +@@ -60,9 +56,9 @@
> + */
> + void EVP_HashFunction::final_result(byte output[])
> + {
> +- EVP_DigestFinal_ex(&md, output, 0);
> +- const EVP_MD* algo = EVP_MD_CTX_md(&md);
> +- EVP_DigestInit_ex(&md, algo, 0);
> ++ EVP_DigestFinal_ex(md, output, 0);
> ++ const EVP_MD* algo = EVP_MD_CTX_md(md);
> ++ EVP_DigestInit_ex(md, algo, 0);
> + }
> +
> + /*
> +@@ -70,8 +66,8 @@
> + */
> + void EVP_HashFunction::clear()
> + {
> +- const EVP_MD* algo = EVP_MD_CTX_md(&md);
> +- EVP_DigestInit_ex(&md, algo, 0);
> ++ const EVP_MD* algo = EVP_MD_CTX_md(md);
> ++ EVP_DigestInit_ex(md, algo, 0);
> + }
> +
> + /*
> +@@ -79,7 +75,7 @@
> + */
> + HashFunction* EVP_HashFunction::clone() const
> + {
> +- const EVP_MD* algo = EVP_MD_CTX_md(&md);
> ++ const EVP_MD* algo = EVP_MD_CTX_md(md);
> + return new EVP_HashFunction(algo, name());
> + }
> +
> +@@ -90,8 +86,8 @@
> + const std::string& name) :
> + algo_name(name)
> + {
> +- EVP_MD_CTX_init(&md);
> +- EVP_DigestInit_ex(&md, algo, 0);
> ++ EVP_MD_CTX_init(md);
> ++ EVP_DigestInit_ex(md, algo, 0);
> + }
> +
> + /*
> +@@ -99,7 +95,11 @@
> + */
> + EVP_HashFunction::~EVP_HashFunction()
> + {
> +- EVP_MD_CTX_cleanup(&md);
> ++#if OPENSSL_VERSION_NUMBER >= 0x10100000
> ++ EVP_MD_CTX_free(md);
> ++#else
> ++ EVP_MD_CTX_cleanup(md);
> ++#endif
> + }
> +
> + }
>
More information about the svn-ports-head
mailing list