pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/security/netpgp netpgp: Unbreak with OpenSSL 1.1, most...
details: https://anonhg.NetBSD.org/pkgsrc/rev/c0aa24effb2b
branches: trunk
changeset: 428127:c0aa24effb2b
user: nia <nia%pkgsrc.org@localhost>
date: Sat Apr 25 12:07:47 2020 +0000
description:
netpgp: Unbreak with OpenSSL 1.1, mostly by grabbing changes from netbsd src
diffstat:
security/netpgp/Makefile | 8 +-
security/netpgp/distinfo | 5 +-
security/netpgp/patches/patch-src_lib_openssl__crypto.c | 417 ++++++++++++++++
security/netpgp/patches/patch-src_lib_signature.c | 31 +-
4 files changed, 453 insertions(+), 8 deletions(-)
diffs (truncated from 510 to 300 lines):
diff -r 80cace4f9f22 -r c0aa24effb2b security/netpgp/Makefile
--- a/security/netpgp/Makefile Sat Apr 25 11:50:03 2020 +0000
+++ b/security/netpgp/Makefile Sat Apr 25 12:07:47 2020 +0000
@@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.32 2020/04/24 11:41:37 nia Exp $
+# $NetBSD: Makefile,v 1.33 2020/04/25 12:07:47 nia Exp $
DISTNAME= netpgp-20140220
-PKGREVISION= 8
+PKGREVISION= 9
CATEGORIES= security
MASTER_SITES= ${MASTER_SITE_LOCAL}
@@ -10,13 +10,13 @@
COMMENT= PGP signing, verification, encryption and decryption program
LICENSE= modified-bsd
-BROKEN= "Fails to build with OpenSSL 1.1"
-
GNU_CONFIGURE= yes
USE_LIBTOOL= yes
CONFIGURE_ARGS+= --with-openssl=${BUILDLINK_PREFIX.openssl}
+BUILDLINK_TRANSFORM+= rm:-Werror
+
.include "../../archivers/bzip2/buildlink3.mk"
.include "../../devel/zlib/buildlink3.mk"
.include "../../security/openssl/buildlink3.mk"
diff -r 80cace4f9f22 -r c0aa24effb2b security/netpgp/distinfo
--- a/security/netpgp/distinfo Sat Apr 25 11:50:03 2020 +0000
+++ b/security/netpgp/distinfo Sat Apr 25 12:07:47 2020 +0000
@@ -1,10 +1,11 @@
-$NetBSD: distinfo,v 1.23 2018/03/15 20:21:52 khorben Exp $
+$NetBSD: distinfo,v 1.24 2020/04/25 12:07:47 nia Exp $
SHA1 (netpgp-20140220.tar.gz) = 815418cbae5d02a1385cd7947618303e5aa06d5c
RMD160 (netpgp-20140220.tar.gz) = 970f55292852d5dbfde3eb17a5fefd6a7c820c4e
SHA512 (netpgp-20140220.tar.gz) = ec6cfa0131cd50aee273b81cd64f448258121d7e9c8d4914be39ba59b5c28149bced3866c57f521167480da04b60d9d9bd2b228319dc8baa31328fb7c37e6b96
Size (netpgp-20140220.tar.gz) = 1521820 bytes
SHA1 (patch-src_lib_keyring.c) = b924af4877aaab98e542425b5d9427830ddd5b75
+SHA1 (patch-src_lib_openssl__crypto.c) = a401593d88efa10aa53426aaa989012ab6f4d4c9
SHA1 (patch-src_lib_reader.c) = 2ebaddebbc2f6f42f7391933ebfef39e3a73a367
-SHA1 (patch-src_lib_signature.c) = 7e1c71b5df48bba1d5213ec5ea946db9ed1ba8d4
+SHA1 (patch-src_lib_signature.c) = dd7156d862e2d102d8338c32f50d59ee200fd0db
SHA1 (patch-src_netpgp_netpgp.1) = a9b2345ced1d80ee14a4e100181fa34121543509
diff -r 80cace4f9f22 -r c0aa24effb2b security/netpgp/patches/patch-src_lib_openssl__crypto.c
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/security/netpgp/patches/patch-src_lib_openssl__crypto.c Sat Apr 25 12:07:47 2020 +0000
@@ -0,0 +1,417 @@
+$NetBSD: patch-src_lib_openssl__crypto.c,v 1.1 2020/04/25 12:07:47 nia Exp $
+
+Sync with NetBSD src to fix build with OpenSSL 1.1.
+
+--- src/lib/openssl_crypto.c.orig 2020-04-25 11:54:50.243962468 +0000
++++ src/lib/openssl_crypto.c
+@@ -88,18 +88,144 @@ __COPYRIGHT("@(#) Copyright (c) 2009 The
+ #include "netpgpdigest.h"
+ #include "packet.h"
+
++static void
++takeRSA(const RSA *orsa, pgp_rsa_pubkey_t *pk, pgp_rsa_seckey_t *sk)
++{
++ const BIGNUM *n, *e, *d, *q, *p;
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++ RSA_get0_key(orsa, &n, &e, &d);
++ RSA_get0_factors(orsa, &q, &p);
++#else
++ n = orsa->n;
++ e = orsa->e;
++ d = orsa->d;
++ p = orsa->p;
++ q = orsa->q;
++#endif
++ if (sk) {
++ sk->d = BN_dup(d);
++ sk->p = BN_dup(p);
++ sk->q = BN_dup(q);
++ }
++ if (pk) {
++ pk->n = BN_dup(n);
++ pk->e = BN_dup(e);
++ }
++}
+
+-static void
+-test_seckey(const pgp_seckey_t *seckey)
++static RSA *
++makeRSA(const pgp_rsa_pubkey_t *pubkey, const pgp_rsa_seckey_t *seckey)
++{
++ BIGNUM *n, *e, *d, *p, *q;
++ RSA *orsa;
++
++ orsa = RSA_new();
++ n = BN_dup(pubkey->n);
++ e = BN_dup(pubkey->e);
++
++ if (seckey) {
++ d = BN_dup(seckey->d);
++ p = BN_dup(seckey->p);
++ q = BN_dup(seckey->q);
++ } else {
++ d = p = q = NULL;
++ }
++
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++ RSA_set0_key(orsa, n, e, d);
++ RSA_set0_factors(orsa, p, q);
++#else
++ BN_free(orsa->n);
++ BN_free(orsa->e);
++ orsa->n = n;
++ orsa->e = e;
++ if (d) {
++ BN_free(orsa->d);
++ orsa->d = d;
++ }
++ if (p) {
++ BN_free(orsa->p);
++ orsa->p = p;
++ }
++ if (q) {
++ BN_free(orsa->q);
++ orsa->q = q;
++ }
++#endif
++ return orsa;
++}
++
++static DSA_SIG *
++makeDSA_SIG(const pgp_dsa_sig_t *sig)
++{
++ DSA_SIG *osig;
++ BIGNUM *r, *s;
++
++ osig = DSA_SIG_new();
++ r = BN_dup(sig->r);
++ s = BN_dup(sig->s);
++
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++ DSA_SIG_set0(osig, r, s);
++#else
++ BN_free(osig->r);
++ BN_free(osig->s);
++ osig->r = r;
++ osig->s = s;
++#endif
++
++ return osig;
++}
++
++static DSA *
++makeDSA(const pgp_dsa_pubkey_t *dsa, const pgp_dsa_seckey_t *secdsa)
+ {
+- RSA *test = RSA_new();
++ DSA *odsa;
++ BIGNUM *p, *q, *g, *y, *x;
+
+- test->n = BN_dup(seckey->pubkey.key.rsa.n);
+- test->e = BN_dup(seckey->pubkey.key.rsa.e);
++ odsa = DSA_new();
+
+- test->d = BN_dup(seckey->key.rsa.d);
+- test->p = BN_dup(seckey->key.rsa.p);
+- test->q = BN_dup(seckey->key.rsa.q);
++ p = BN_dup(dsa->p);
++ q = BN_dup(dsa->q);
++ g = BN_dup(dsa->g);
++ y = BN_dup(dsa->y);
++ x = secdsa ? secdsa->x : NULL;
++
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++ DSA_set0_key(odsa, y, x);
++#else
++ BN_free(odsa->p);
++ BN_free(odsa->q);
++ BN_free(odsa->g);
++ BN_free(odsa->pub_key);
++ odsa->p = p;
++ odsa->q = q;
++ odsa->g = g;
++ odsa->pub_key = y;
++ if (x) {
++ BN_free(odsa->priv_key);
++ odsa->priv_key = x;
++ }
++#endif
++ return odsa;
++}
++
++static void
++takeDSA(const DSA *odsa, pgp_dsa_seckey_t *sk)
++{
++ const BIGNUM *x;
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++ DSA_get0_key(odsa, NULL, &x);
++#else
++ x = odsa->priv_key;
++#endif
++ sk->x = BN_dup(x);
++}
++
++static void
++test_seckey(const pgp_seckey_t *seckey)
++{
++ RSA *test = makeRSA(&seckey->pubkey.key.rsa, &seckey->key.rsa);
+
+ if (RSA_check_key(test) != 1) {
+ (void) fprintf(stderr,
+@@ -434,25 +560,15 @@ pgp_dsa_verify(const uint8_t *hash, size
+ const pgp_dsa_pubkey_t *dsa)
+ {
+ unsigned qlen;
+- DSA_SIG *osig;
+- DSA *odsa;
++ DSA_SIG *osig = makeDSA_SIG(sig);
++ DSA *odsa = makeDSA(dsa, NULL);
+ int ret;
+
+- osig = DSA_SIG_new();
+- osig->r = sig->r;
+- osig->s = sig->s;
+-
+- odsa = DSA_new();
+- odsa->p = dsa->p;
+- odsa->q = dsa->q;
+- odsa->g = dsa->g;
+- odsa->pub_key = dsa->y;
+-
+ if (pgp_get_debug_level(__FILE__)) {
+ hexdump(stderr, "input hash", hash, hash_length);
+- (void) fprintf(stderr, "Q=%d\n", BN_num_bytes(odsa->q));
++ (void) fprintf(stderr, "Q=%d\n", BN_num_bytes(dsa->q));
+ }
+- if ((qlen = (unsigned)BN_num_bytes(odsa->q)) < hash_length) {
++ if ((qlen = (unsigned)BN_num_bytes(dsa->q)) < hash_length) {
+ hash_length = qlen;
+ }
+ ret = DSA_do_verify(hash, (int)hash_length, osig, odsa);
+@@ -464,10 +580,7 @@ pgp_dsa_verify(const uint8_t *hash, size
+ return 0;
+ }
+
+- odsa->p = odsa->q = odsa->g = odsa->pub_key = NULL;
+ DSA_free(odsa);
+-
+- osig->r = osig->s = NULL;
+ DSA_SIG_free(osig);
+
+ return (unsigned)ret;
+@@ -488,19 +601,14 @@ pgp_rsa_public_decrypt(uint8_t *out,
+ size_t length,
+ const pgp_rsa_pubkey_t *pubkey)
+ {
+- RSA *orsa;
+- int n;
+-
+- orsa = RSA_new();
+- orsa->n = pubkey->n;
+- orsa->e = pubkey->e;
++ RSA *orsa = makeRSA(pubkey, NULL);
++ int ret;
+
+- n = RSA_public_decrypt((int)length, in, out, orsa, RSA_NO_PADDING);
++ ret = RSA_public_decrypt((int)length, in, out, orsa, RSA_NO_PADDING);
+
+- orsa->n = orsa->e = NULL;
+ RSA_free(orsa);
+
+- return n;
++ return ret;
+ }
+
+ /**
+@@ -520,21 +628,10 @@ pgp_rsa_private_encrypt(uint8_t *out,
+ const pgp_rsa_seckey_t *seckey,
+ const pgp_rsa_pubkey_t *pubkey)
+ {
+- RSA *orsa;
+- int n;
++ RSA *orsa = makeRSA(pubkey, seckey);
++ int ret;
+
+- orsa = RSA_new();
+- orsa->n = BN_dup(pubkey->n);
+- orsa->d = seckey->d;
+- orsa->p = seckey->q; /* p and q are round the other way in openssl */
+- orsa->q = seckey->p;
+-
+- /* debug */
+- orsa->e = BN_dup(pubkey->e);
+- /* If this isn't set, it's very likely that the programmer hasn't */
+- /* decrypted the secret key. RSA_check_key segfaults in that case. */
+- /* Use pgp_decrypt_seckey() to do that. */
+- if (orsa->d == NULL) {
++ if (seckey->d == NULL) {
+ (void) fprintf(stderr, "orsa is not set\n");
+ return 0;
+ }
+@@ -544,12 +641,11 @@ pgp_rsa_private_encrypt(uint8_t *out,
Home |
Main Index |
Thread Index |
Old Index