pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/security/fressh Check openssl version and use new DES ...
details: https://anonhg.NetBSD.org/pkgsrc/rev/7504463d97ea
branches: trunk
changeset: 461766:7504463d97ea
user: jmc <jmc%pkgsrc.org@localhost>
date: Sun Sep 21 08:35:51 2003 +0000
description:
Check openssl version and use new DES api if >= 0.9.7. Allows build to
work on -current again. Bump PKGREVISION
diffstat:
security/fressh/Makefile | 3 +-
security/fressh/distinfo | 5 +-
security/fressh/patches/patch-ac | 36 ++++
security/fressh/patches/patch-ad | 307 +++++++++++++++++++++++++++++++++++++++
security/fressh/patches/patch-ae | 23 ++
5 files changed, 372 insertions(+), 2 deletions(-)
diffs (truncated from 404 to 300 lines):
diff -r 73a566d402e7 -r 7504463d97ea security/fressh/Makefile
--- a/security/fressh/Makefile Sun Sep 21 08:02:59 2003 +0000
+++ b/security/fressh/Makefile Sun Sep 21 08:35:51 2003 +0000
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.7 2003/07/21 17:20:09 martti Exp $
+# $NetBSD: Makefile,v 1.8 2003/09/21 08:35:51 jmc Exp $
DISTNAME= fressh-0.8.1
+PKGREVISION= 1
CATEGORIES= security
MASTER_SITES= http://www.fressh.org/
EXTRACT_SUFX= .tar.bz2
diff -r 73a566d402e7 -r 7504463d97ea security/fressh/distinfo
--- a/security/fressh/distinfo Sun Sep 21 08:02:59 2003 +0000
+++ b/security/fressh/distinfo Sun Sep 21 08:35:51 2003 +0000
@@ -1,6 +1,9 @@
-$NetBSD: distinfo,v 1.3 2002/05/20 15:22:00 wiz Exp $
+$NetBSD: distinfo,v 1.4 2003/09/21 08:35:52 jmc Exp $
SHA1 (fressh-0.8.1.tar.bz2) = 4dd0a6d4240337b4726a6a68b17878a45974cf82
Size (fressh-0.8.1.tar.bz2) = 110390 bytes
SHA1 (patch-aa) = 0b65db8177ffb81084412f9716f73e92920d559c
SHA1 (patch-ab) = 3cb31fda120a57fa3ff0aaaabba1cbb5923bd686
+SHA1 (patch-ac) = 71477043d47a8e85c7dd0bc1e41b33f18be2a268
+SHA1 (patch-ad) = db398df2db517e49c5df4c04e863ddc2b99052ce
+SHA1 (patch-ae) = d4fe3fc48edf751e9c79a843dee80bef53fa301e
diff -r 73a566d402e7 -r 7504463d97ea security/fressh/patches/patch-ac
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/security/fressh/patches/patch-ac Sun Sep 21 08:35:51 2003 +0000
@@ -0,0 +1,36 @@
+$NetBSD: patch-ac,v 1.1 2003/09/21 08:35:53 jmc Exp $
+
+--- crypto/ssh_3des.h.orig 2003-09-21 03:04:38.000000000 +0000
++++ crypto/ssh_3des.h 2003-09-21 03:05:29.000000000 +0000
+@@ -16,6 +16,7 @@
+ #ifndef _SSH_3DES_H
+ #define _SSH_3DES_H
+
++#include "openssl/opensslv.h"
+ #include "openssl/des.h"
+ #include "openssl/hmac.h"
+
+@@ -24,13 +25,23 @@
+ struct ssh_cipher;
+
+ typedef struct {
++#if OPENSSL_VERSION_NUMBER >= 0x0090702fL
++ DES_key_schedule des_ks[3];
++ DES_cblock des_ivec[6]; /* Two directions, same key! */
++#else
+ des_key_schedule des_ks[3];
+ des_cblock des_ivec[6]; /* Two directions, same key! */
++#endif
+ } ssh_3des_t;
+
+ typedef struct {
++#if OPENSSL_VERSION_NUMBER >= 0x0090702fL
++ DES_key_schedule des_ks[6];
++ DES_cblock des_ivec[2];
++#else
+ des_key_schedule des_ks[6];
+ des_cblock des_ivec[2];
++#endif
+ u_int8_t mac_key[2][16];
+ } ssh_des3_t;
+
diff -r 73a566d402e7 -r 7504463d97ea security/fressh/patches/patch-ad
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/security/fressh/patches/patch-ad Sun Sep 21 08:35:51 2003 +0000
@@ -0,0 +1,307 @@
+$NetBSD: patch-ad,v 1.1 2003/09/21 08:35:54 jmc Exp $
+
+--- crypto/ssh_crypto_openssl.c.orig 2003-09-21 03:06:28.000000000 +0000
++++ crypto/ssh_crypto_openssl.c 2003-09-21 03:26:42.000000000 +0000
+@@ -50,7 +50,11 @@
+ #include <openssl/opensslv.h>
+
+ #if OPENSSL_VERSION_NUMBER >= 0x00903000L
++#if OPENSSL_VERSION_NUMBER >= 0x0090702fL
++#define TO_CBLOCK(x) ((DES_cblock *)(x))
++#else
+ #define TO_CBLOCK(x) ((des_cblock *)(x))
++#endif
+ #else
+ #define TO_CBLOCK(x) (x)
+ #endif
+@@ -431,7 +435,11 @@
+ FUNC_DECL(ssh_des_initialize);
+
+ int err;
++#if OPENSSL_VERSION_NUMBER >= 0x0090702fL
++ DES_cblock key;
++#else
+ des_cblock key;
++#endif
+ ssh_des_t *key_data;
+
+ if (klen < 8) {
+@@ -444,12 +452,21 @@
+ if (key_data == NULL)
+ return NULL;
+
++#if OPENSSL_VERSION_NUMBER >= 0x0090702fL
++ memcpy(key, session_key, sizeof(DES_cblock));
++ DES_set_odd_parity(TO_CBLOCK(key));
++ if (!DES_is_weak_key(TO_CBLOCK(key)))
++ (void) DES_set_key(TO_CBLOCK(key), &key_data->des_ks);
++ else
++ err = 1;
++#else
+ memcpy(key, session_key, sizeof(des_cblock));
+ des_set_odd_parity(TO_CBLOCK(key));
+ if (!des_is_weak_key(TO_CBLOCK(key)))
+ (void) des_set_key(TO_CBLOCK(key), key_data->des_ks);
+ else
+ err = 1;
++#endif
+
+ memset(key_data->des_ivec[0], 0, sizeof(key_data->des_ivec[0]));
+ memset(key_data->des_ivec[1], 0, sizeof(key_data->des_ivec[1]));
+@@ -477,8 +494,13 @@
+ ssh_des_t *key_data)
+ {
+
++#if OPENSSL_VERSION_NUMBER >= 0x0090702fL
++ DES_ncbc_encrypt(clear, enc, length, &key_data->des_ks,
++ TO_CBLOCK(key_data->des_ivec[0]), DES_ENCRYPT);
++#else
+ des_ncbc_encrypt(clear, enc, length, key_data->des_ks,
+ TO_CBLOCK(key_data->des_ivec[0]), DES_ENCRYPT);
++#endif
+ }
+
+ void
+@@ -486,8 +508,13 @@
+ ssh_des_t *key_data)
+ {
+
++#if OPENSSL_VERSION_NUMBER >= 0x0090702fL
++ DES_ncbc_encrypt(enc, clear, length, &key_data->des_ks,
++ TO_CBLOCK(key_data->des_ivec[1]), DES_DECRYPT);
++#else
+ des_ncbc_encrypt(enc, clear, length, key_data->des_ks,
+ TO_CBLOCK(key_data->des_ivec[1]), DES_DECRYPT);
++#endif
+ }
+ #endif /* WITH_CIPHER_DES */
+
+@@ -528,7 +555,11 @@
+ FUNC_DECL(ssh_3des_initialize);
+
+ int i, j;
++#if OPENSSL_VERSION_NUMBER >= 0x0090702fL
++ DES_cblock key[3];
++#else
+ des_cblock key[3];
++#endif
+ ssh_3des_t *key_data;
+
+ if (klen < 16) {
+@@ -540,6 +571,22 @@
+ return NULL;
+
+ for (i = j = 0; i < 3; i++) {
++#if OPENSSL_VERSION_NUMBER >= 0x0090702fL
++ memcpy(key[i], session_key + j, sizeof(DES_cblock));
++ DES_set_odd_parity(TO_CBLOCK(key[i]));
++ if (DES_is_weak_key(TO_CBLOCK(key[i])))
++ break;
++ (void) DES_set_key(TO_CBLOCK(key[i]), &key_data->des_ks[i]);
++ /*
++ * when keying from a passphrase (after md5) we will run
++ * out of keying material after two keys, so be *very*
++ * general about how big we expect the keying material
++ * to be.
++ */
++ j += sizeof(DES_cblock);
++ if (j + sizeof(DES_cblock) > klen)
++ j = 0;
++#else
+ memcpy(key[i], session_key + j, sizeof(des_cblock));
+ des_set_odd_parity(TO_CBLOCK(key[i]));
+ if (des_is_weak_key(TO_CBLOCK(key[i])))
+@@ -554,6 +601,7 @@
+ j += sizeof(des_cblock);
+ if (j + sizeof(des_cblock) > klen)
+ j = 0;
++#endif
+ }
+
+ memset(key_data->des_ivec[0], 0, sizeof(key_data->des_ivec[0]));
+@@ -588,7 +636,11 @@
+ FUNC_DECL(ssh_des3_initialize);
+
+ int i;
++#if OPENSSL_VERSION_NUMBER >= 0x0090702fL
++ DES_cblock key;
++#else
+ des_cblock key;
++#endif
+ ssh_des3_t *key_data;
+ u_int8_t key1ofb[24] = {
+ 0x10, 0x23, 0x66, 0x20, 0x10, 0x1d, 0xb7, 0x37,
+@@ -655,6 +707,17 @@
+
+ temp = key1ofb;
+ for (i = 0; i < 3; i++) {
++#if OPENSSL_VERSION_NUMBER >= 0x0090702fL
++ memcpy(&key, temp, sizeof(DES_cblock));
++ DES_set_odd_parity(TO_CBLOCK(&key));
++ if (DES_is_weak_key(TO_CBLOCK(&key)))
++ weak++;
++ (void) DES_set_key(TO_CBLOCK(&key),
++ &key_data->des_ks[i]);
++ temp += sizeof(DES_cblock);
++ }
++ memset(&key, 0, sizeof(DES_cblock));
++#else
+ memcpy(&key, temp, sizeof(des_cblock));
+ des_set_odd_parity(TO_CBLOCK(&key));
+ if (des_is_weak_key(TO_CBLOCK(&key)))
+@@ -664,10 +727,22 @@
+ temp += sizeof(des_cblock);
+ }
+ memset(&key, 0, sizeof(des_cblock));
++#endif
+ memset(key1ofb, 0, 24);
+
+ temp = key2ofb;
+ for (i = 3; i < 6; i++) {
++#if OPENSSL_VERSION_NUMBER >= 0x0090702fL
++ memcpy(&key, temp, sizeof(DES_cblock));
++ DES_set_odd_parity(TO_CBLOCK(&key));
++ if (DES_is_weak_key(TO_CBLOCK(&key)))
++ weak++;
++ (void) DES_set_key(TO_CBLOCK(&key),
++ &key_data->des_ks[i]);
++ temp += sizeof(DES_cblock);
++ }
++ memset(&key, 0, sizeof(DES_cblock));
++#else
+ memcpy(&key, temp, sizeof(des_cblock));
+ des_set_odd_parity(TO_CBLOCK(&key));
+ if (des_is_weak_key(TO_CBLOCK(&key)))
+@@ -677,6 +752,7 @@
+ temp += sizeof(des_cblock);
+ }
+ memset(&key, 0, sizeof(des_cblock));
++#endif
+ memset(key2ofb, 0, 24);
+ break;
+ case SSH_ROLE_CLIENT:
+@@ -688,6 +764,17 @@
+
+ temp = key2ofb;
+ for (i = 0; i < 3; i++) {
++#if OPENSSL_VERSION_NUMBER >= 0x0090702fL
++ memcpy(&key, temp, sizeof(DES_cblock));
++ DES_set_odd_parity(TO_CBLOCK(&key));
++ if (DES_is_weak_key(TO_CBLOCK(&key)))
++ weak++;
++ (void) DES_set_key(TO_CBLOCK(&key),
++ &key_data->des_ks[i]);
++ temp += sizeof(DES_cblock);
++ }
++ memset(&key, 0, sizeof(DES_cblock));
++#else
+ memcpy(&key, temp, sizeof(des_cblock));
+ des_set_odd_parity(TO_CBLOCK(&key));
+ if (des_is_weak_key(TO_CBLOCK(&key)))
+@@ -697,10 +784,22 @@
+ temp += sizeof(des_cblock);
+ }
+ memset(&key, 0, sizeof(des_cblock));
++#endif
+ memset(key2ofb, 0, 24);
+
+ temp = key1ofb;
+ for (i = 3; i < 6; i++) {
++#if OPENSSL_VERSION_NUMBER >= 0x0090702fL
++ memcpy(&key, temp, sizeof(DES_cblock));
++ DES_set_odd_parity(TO_CBLOCK(&key));
++ if (DES_is_weak_key(TO_CBLOCK(&key)))
++ weak++;
++ (void) DES_set_key(TO_CBLOCK(&key),
++ &key_data->des_ks[i]);
++ temp += sizeof(DES_cblock);
++ }
++ memset(&key, 0, sizeof(DES_cblock));
++#else
+ memcpy(&key, temp, sizeof(des_cblock));
+ des_set_odd_parity(TO_CBLOCK(&key));
+ if (des_is_weak_key(TO_CBLOCK(&key)))
+@@ -710,6 +809,7 @@
+ temp += sizeof(des_cblock);
+ }
+ memset(&key, 0, sizeof(des_cblock));
++#endif
+ memset(key1ofb, 0, 24);
+ break;
Home |
Main Index |
Thread Index |
Old Index