[Bug 212149] security/strongswan: Runtime failures with LibreSSL

bugzilla-noreply at freebsd.org bugzilla-noreply at freebsd.org
Tue Apr 25 20:32:51 UTC 2017 

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=212149

Bernard Spil <brnrd at freebsd.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
 Attachment #181970|maintainer-approval?        |
              Flags|                            |
 Attachment #181970|0                           |1
        is obsolete|                            |
 Attachment #182090|                            |maintainer-approval?
              Flags|                            |

--- Comment #19 from Bernard Spil <brnrd at freebsd.org> ---
Created attachment 182090
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=182090&action=edit
svn diff for security/strongswan

strongSwan makes a bit of a mess of the OpenSSL includes.

Files checking OPENSSL_VERSION_NUMBER
openssl_crl.c
openssl_diffie_hellman.c
openssl_ec_private_key.c
openssl_ec_public_key.c
openssl_gcm.c
openssl_hmac.c
openssl_pkcs7.c
openssl_plugin.c
openssl_plugin.c.orig
openssl_rsa_private_key.c
openssl_rsa_public_key.c
openssl_sha1_prf.c
openssl_util.c
openssl_x509.c
cp -p 
Apart from _gcm and _pkcs7 these don't include opensslv.h. Most get
OPENSSL_VERSION_NUMBER defined through
include openssl_util.h 
   -> <openssl/bn.h>
      -> <openssl/crypto.h> 
         -> <openssl/opensslv.h>

Files NOT including openssl_util.h get OPENSSL_VERSION_NUMBER defined through
openssl_gcm.c -> opensslv.h
openssl_hmac.c NONE
openssl_sha1_prf.c NONE
It is entirely possible that the path is different in OpenSSL.

I've created new files
openssl_compat.h
openssl_compat.c
Modified all files checking OPENSSL_VERSION and not including openssl_util.h to
add include openssl_compat.h
Modified openssl_util.h to include openssl_compat.h
Added openssl_compat.h and openssl_compat.c to Makefile.am (and ran automake)

Please find a patch to test attached. I've created an account on strongswan.org
but that's pending moderator approval.

Dewayne, Franco, can you test this patch?

-- 
You are receiving this mail because:
You are the assignee for the bug.

More information about the freebsd-ports-bugs mailing list