pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/comms/kermit comms/kermit: Adapt patches to openssl 1....
details: https://anonhg.NetBSD.org/pkgsrc/rev/2aae3b5a1909
branches: trunk
changeset: 426930:2aae3b5a1909
user: rhialto <rhialto%pkgsrc.org@localhost>
date: Wed Apr 08 15:22:07 2020 +0000
description:
comms/kermit: Adapt patches to openssl 1.1.1e.
Parts are inspired by the FreeBSD port.
I could not easily find a telnetd with SSL support so I did not really test it.
Without SSL/TLS, it disconnects from NetBSD's telnetd if telnetd is run
with "-a valid" ("Authentication failed: No authentication method
available"); but "telnetd -a none" works.
diffstat:
comms/kermit/Makefile | 4 +-
comms/kermit/patches/patch-ab | 537 +++++++++++++++++++++++++++++++++++-
comms/kermit/patches/patch-ak | 17 +-
comms/kermit/patches/patch-ckuus3.c | 15 +
4 files changed, 560 insertions(+), 13 deletions(-)
diffs (truncated from 639 to 300 lines):
diff -r 6f6ff6848c0d -r 2aae3b5a1909 comms/kermit/Makefile
--- a/comms/kermit/Makefile Wed Apr 08 14:41:33 2020 +0000
+++ b/comms/kermit/Makefile Wed Apr 08 15:22:07 2020 +0000
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.92 2020/01/18 21:48:54 jperkin Exp $
+# $NetBSD: Makefile,v 1.93 2020/04/08 15:22:07 rhialto Exp $
DISTNAME= cku302
PKGNAME= kermit-9.0.302
-PKGREVISION= 11
+PKGREVISION= 12
CATEGORIES= comms
MASTER_SITES= ftp://ftp.kermitproject.org/kermit/archives/
diff -r 6f6ff6848c0d -r 2aae3b5a1909 comms/kermit/patches/patch-ab
--- a/comms/kermit/patches/patch-ab Wed Apr 08 14:41:33 2020 +0000
+++ b/comms/kermit/patches/patch-ab Wed Apr 08 15:22:07 2020 +0000
@@ -1,8 +1,212 @@
-$NetBSD: patch-ab,v 1.7 2014/06/23 22:24:24 christos Exp $
+$NetBSD: patch-ab,v 1.8 2020/04/08 15:22:07 rhialto Exp $
+
+- Update for openssl 1.1.1e.
+- Kermit tries to keep SSL and TLS contexts (since in old openssl, the
+ *v23* methods were not version-flexible enough). Now afer simplification
+ there is lots of duplicate code left over that could be simplified more.
---- ck_ssl.c.orig 2011-07-06 09:03:32.000000000 -0400
-+++ ck_ssl.c 2014-06-23 18:21:25.000000000 -0400
-@@ -1072,7 +1072,7 @@
+--- ck_ssl.c.orig 2011-07-06 15:03:32.000000000 +0200
++++ ck_ssl.c 2020-04-06 16:43:41.323530837 +0200
+@@ -301,7 +301,7 @@
+ break;
+ default:
+ printf("Error %d while verifying certificate.\r\n",
+- ctx->error);
++ error);
+ break;
+ }
+ }
+@@ -804,6 +804,17 @@
+ #define MS_CALLBACK
+ #endif /* MS_CALLBACK */
+
++static BIGNUM *get_RSA_F4()
++{
++ static BIGNUM *bn;
++
++ if (!bn) {
++ bn = BN_new();
++ BN_add_word(bn, RSA_F4);
++ }
++ return bn;
++}
++
+ static RSA MS_CALLBACK *
+ #ifdef CK_ANSIC
+ tmp_rsa_cb(SSL * s, int export, int keylength)
+@@ -822,7 +833,16 @@
+ if (ssl_debug_flag)
+ printf("Generating temporary (%d bit) RSA key...\r\n",keylength);
+
+- rsa_tmp=RSA_generate_key(keylength,RSA_F4,NULL,NULL);
++ rsa_tmp = RSA_new();
++ if (rsa_tmp) {
++ int error = RSA_generate_key_ex(rsa_tmp, keylength, get_RSA_F4(),NULL);
++ if (error) {
++ if (ssl_debug_flag)
++ printf(" error %d", error);
++ RSA_free(rsa_tmp);
++ rsa_tmp = NULL;
++ }
++ }
+
+ if (ssl_debug_flag)
+ printf("\r\n");
+@@ -936,10 +956,26 @@
+
+ if ((dh=DH_new()) == NULL)
+ return(NULL);
++#if OPENSSL_VERSION_NUMBER >= 0x10100005L
++ BIGNUM *p=BN_bin2bn(dh512_p,sizeof(dh512_p),NULL);
++ BIGNUM *g=BN_bin2bn(dh512_g,sizeof(dh512_g),NULL);
++ if ((p == NULL) || (g == NULL)) {
++ BN_free(g);
++ BN_free(p);
++ DH_free(dh);
++ return(NULL);
++ }
++ DH_set0_pqg(dh, p, NULL, g);
++#else
+ dh->p=BN_bin2bn(dh512_p,sizeof(dh512_p),NULL);
+ dh->g=BN_bin2bn(dh512_g,sizeof(dh512_g),NULL);
+- if ((dh->p == NULL) || (dh->g == NULL))
++ if ((dh->p == NULL) || (dh->g == NULL)) {
++ BN_free(dh->g);
++ BN_free(dh->p);
++ DH_free(dh);
+ return(NULL);
++ }
++#endif
+ return(dh);
+ }
+
+@@ -950,10 +986,26 @@
+
+ if ((dh=DH_new()) == NULL)
+ return(NULL);
++#if OPENSSL_VERSION_NUMBER >= 0x10100005L
++ BIGNUM *p=BN_bin2bn(dh768_p,sizeof(dh768_p),NULL);
++ BIGNUM *g=BN_bin2bn(dh768_g,sizeof(dh768_g),NULL);
++ if ((p == NULL) || (g == NULL)) {
++ BN_free(g);
++ BN_free(p);
++ DH_free(dh);
++ return(NULL);
++ }
++ DH_set0_pqg(dh, p, NULL, g);
++#else
+ dh->p=BN_bin2bn(dh768_p,sizeof(dh768_p),NULL);
+ dh->g=BN_bin2bn(dh768_g,sizeof(dh768_g),NULL);
+- if ((dh->p == NULL) || (dh->g == NULL))
++ if ((dh->p == NULL) || (dh->g == NULL)) {
++ BN_free(dh->g);
++ BN_free(dh->p);
++ DH_free(dh);
+ return(NULL);
++ }
++#endif
+ return(dh);
+ }
+
+@@ -964,10 +1016,26 @@
+
+ if ((dh=DH_new()) == NULL)
+ return(NULL);
++#if OPENSSL_VERSION_NUMBER >= 0x10100005L
++ BIGNUM *p=BN_bin2bn(dh1024_p,sizeof(dh1024_p),NULL);
++ BIGNUM *g=BN_bin2bn(dh1024_g,sizeof(dh1024_g),NULL);
++ if ((p == NULL) || (g == NULL)) {
++ BN_free(g);
++ BN_free(p);
++ DH_free(dh);
++ return(NULL);
++ }
++ DH_set0_pqg(dh, p, NULL, g);
++#else
+ dh->p=BN_bin2bn(dh1024_p,sizeof(dh1024_p),NULL);
+ dh->g=BN_bin2bn(dh1024_g,sizeof(dh1024_g),NULL);
+- if ((dh->p == NULL) || (dh->g == NULL))
++ if ((dh->p == NULL) || (dh->g == NULL)) {
++ BN_free(dh->g);
++ BN_free(dh->p);
++ DH_free(dh);
+ return(NULL);
++ }
++#endif
+ return(dh);
+ }
+
+@@ -978,10 +1046,26 @@
+
+ if ((dh=DH_new()) == NULL)
+ return(NULL);
++#if OPENSSL_VERSION_NUMBER >= 0x10100005L
++ BIGNUM *p=BN_bin2bn(dh1536_p,sizeof(dh1536_p),NULL);
++ BIGNUM *g=BN_bin2bn(dh1536_g,sizeof(dh1536_g),NULL);
++ if ((p == NULL) || (g == NULL)) {
++ BN_free(g);
++ BN_free(p);
++ DH_free(dh);
++ return(NULL);
++ }
++ DH_set0_pqg(dh, p, NULL, g);
++#else
+ dh->p=BN_bin2bn(dh1536_p,sizeof(dh1536_p),NULL);
+ dh->g=BN_bin2bn(dh1536_g,sizeof(dh1536_g),NULL);
+- if ((dh->p == NULL) || (dh->g == NULL))
++ if ((dh->p == NULL) || (dh->g == NULL)) {
++ BN_free(dh->g);
++ BN_free(dh->p);
++ DH_free(dh);
+ return(NULL);
++ }
++#endif
+ return(dh);
+ }
+
+@@ -992,10 +1076,26 @@
+
+ if ((dh=DH_new()) == NULL)
+ return(NULL);
++#if OPENSSL_VERSION_NUMBER >= 0x10100005L
++ BIGNUM *p=BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL);
++ BIGNUM *g=BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL);
++ if ((p == NULL) || (g == NULL)) {
++ BN_free(g);
++ BN_free(p);
++ DH_free(dh);
++ return(NULL);
++ }
++ DH_set0_pqg(dh, p, NULL, g);
++#else
+ dh->p=BN_bin2bn(dh2048_p,sizeof(dh2048_p),NULL);
+ dh->g=BN_bin2bn(dh2048_g,sizeof(dh2048_g),NULL);
+- if ((dh->p == NULL) || (dh->g == NULL))
++ if ((dh->p == NULL) || (dh->g == NULL)) {
++ BN_free(dh->g);
++ BN_free(dh->p);
++ DH_free(dh);
+ return(NULL);
++ }
++#endif
+ return(dh);
+ }
+ #endif /* NO_DH */
+@@ -1054,10 +1154,11 @@
+ if (ssl == NULL)
+ return;
+
+- if (ssl->expand == NULL || ssl->expand->meth == NULL)
++ const COMP_METHOD *method = SSL_get_current_compression(ssl);
++ if (method == NULL)
+ printf("Compression: None\r\n");
+ else {
+- printf("Compression: %s\r\n",ssl->expand->meth->name);
++ printf("Compression: %s\r\n",SSL_COMP_get_name(method));
+ }
+ }
+
+@@ -1072,7 +1173,7 @@
#endif /* CK_ANSIC */
{
X509 *peer;
@@ -11,7 +215,309 @@
const char *cipher_list;
char buf[512]="";
-@@ -2877,6 +2877,7 @@
+@@ -1457,13 +1558,23 @@
+
+ #ifdef ZLIB
+ cm = COMP_zlib();
++#if OPENSSL_VERSION_NUMBER >= 0x10100005L
++ if (cm != NULL && COMP_get_type(cm) != NID_undef) {
++#else
+ if (cm != NULL && cm->type != NID_undef) {
++#endif
+ SSL_COMP_add_compression_method(0xe0, cm); /* EAY's ZLIB ID */
+ }
+ #endif /* ZLIB */
++#ifdef NID_rle_compression
+ cm = COMP_rle();
++#if OPENSSL_VERSION_NUMBER >= 0x10100005L
++ if (cm != NULL && COMP_get_type(cm) != NID_undef)
++#else
+ if (cm != NULL && cm->type != NID_undef)
++#endif
+ SSL_COMP_add_compression_method(0xe1, cm); /* EAY's RLE ID */
++#endif /* NID_rle_compression */
+
+ /* Ensure the Random number generator has enough entropy */
+ if ( !RAND_status() ) {
+@@ -1483,8 +1594,12 @@
+ }
+ debug(F110,"ssl_rnd_file",ssl_rnd_file,0);
+
++#ifdef OPENSSL_NO_EGD
++ rc1 = 0;
++#else
+ rc1 = RAND_egd(ssl_rnd_file);
+ debug(F111,"ssl_once_init","RAND_egd()",rc1);
++#endif
+ if ( rc1 <= 0 ) {
+ rc2 = RAND_load_file(ssl_rnd_file, -1);
+ debug(F111,"ssl_once_init","RAND_load_file()",rc1);
+@@ -1579,25 +1694,13 @@
+ /* This can fail because we do not have RSA available */
+ if ( !ssl_ctx ) {
+ debug(F110,"ssl_tn_init","SSLv23_client_method failed",0);
+- ssl_ctx=(SSL_CTX *)SSL_CTX_new(SSLv3_client_method());
+- }
+- if ( !ssl_ctx ) {
+- debug(F110,"ssl_tn_init","SSLv3_client_method failed",0);
+ last_ssl_mode = -1;
+ return(0);
+ }
+-#ifndef COMMENT
+- tls_ctx=(SSL_CTX *)SSL_CTX_new(TLSv1_client_method());
+-#else /* COMMENT */
+ tls_ctx=(SSL_CTX *)SSL_CTX_new(SSLv23_client_method());
+ /* This can fail because we do not have RSA available */
+ if ( !tls_ctx ) {
+ debug(F110,"ssl_tn_init","SSLv23_client_method failed",0);
+- tls_ctx=(SSL_CTX *)SSL_CTX_new(SSLv3_client_method());
+- }
+-#endif /* COMMENT */
+- if ( !tls_ctx ) {
+- debug(F110,"ssl_tn_init","TLSv1_client_method failed",0);
+ last_ssl_mode = -1;
Home |
Main Index |
Thread Index |
Old Index