diff options
Diffstat (limited to 'security')
| -rw-r--r-- | security/openssl-beta/Makefile | 3 | ||||
| -rw-r--r-- | security/openssl-beta/files/patch-security | 77 | ||||
| -rw-r--r-- | security/openssl/Makefile | 3 | ||||
| -rw-r--r-- | security/openssl/files/patch-security | 77 |
4 files changed, 158 insertions, 2 deletions
diff --git a/security/openssl-beta/Makefile b/security/openssl-beta/Makefile index a51c5b8bf24b..66166c5e351e 100644 --- a/security/openssl-beta/Makefile +++ b/security/openssl-beta/Makefile @@ -10,6 +10,7 @@ PORTNAME= openssl PORTREVISION!= date -v-1d +%Y%m%d .else PORTVERSION= 0.9.7a +PORTREVISION= 1 .endif CATEGORIES= security devel .ifdef OPENSSL_SNAPSHOT @@ -37,6 +38,7 @@ COMMENT= SSL and crypto library NOPRECIOUSMAKEVARS= Too many _MLINKS for fetch NO_LATEST_LINK= yes +USE_PERL5_BUILD= yes MAN1= CA.pl.1 asn1parse.1 ca.1 ciphers.1 crl.1 crl2pkcs7.1 dgst.1 dhparam.1 \ dsa.1 dsaparam.1 enc.1 gendsa.1 genrsa.1 nseq.1 ocsp.1 openssl.1 \ @@ -836,7 +838,6 @@ MAKE_ARGS+= WHOLE_ARCHIVE_FLAG=-Bforcearchive MAKE_ARGS+= WHOLE_ARCHIVE_FLAG=--whole-archive .endif -USE_PERL5= yes .if defined(NOSHARED) PLIST_SUB+= SHARED="@comment " .else diff --git a/security/openssl-beta/files/patch-security b/security/openssl-beta/files/patch-security new file mode 100644 index 000000000000..4e3eefb36688 --- /dev/null +++ b/security/openssl-beta/files/patch-security @@ -0,0 +1,77 @@ +Index: crypto/rsa/rsa_eay.c +=================================================================== +RCS file: /e/openssl/cvs/openssl/crypto/rsa/rsa_eay.c,v +retrieving revision 1.28.2.3 +diff -u -r1.28.2.3 rsa_eay.c +--- crypto/rsa/rsa_eay.c 30 Jan 2003 17:37:46 -0000 1.28.2.3 ++++ crypto/rsa/rsa_eay.c 16 Mar 2003 10:34:13 -0000 +@@ -195,6 +195,25 @@ + return(r); + } + ++static int rsa_eay_blinding(RSA *rsa, BN_CTX *ctx) ++ { ++ int ret = 1; ++ CRYPTO_w_lock(CRYPTO_LOCK_RSA); ++ /* Check again inside the lock - the macro's check is racey */ ++ if(rsa->blinding == NULL) ++ ret = RSA_blinding_on(rsa, ctx); ++ CRYPTO_w_unlock(CRYPTO_LOCK_RSA); ++ return ret; ++ } ++ ++#define BLINDING_HELPER(rsa, ctx, err_instr) \ ++ do { \ ++ if(((rsa)->flags & RSA_FLAG_BLINDING) && \ ++ ((rsa)->blinding == NULL) && \ ++ !rsa_eay_blinding(rsa, ctx)) \ ++ err_instr \ ++ } while(0) ++ + /* signing */ + static int RSA_eay_private_encrypt(int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, int padding) +@@ -239,8 +258,8 @@ + goto err; + } + +- if ((rsa->flags & RSA_FLAG_BLINDING) && (rsa->blinding == NULL)) +- RSA_blinding_on(rsa,ctx); ++ BLINDING_HELPER(rsa, ctx, goto err;); ++ + if (rsa->flags & RSA_FLAG_BLINDING) + if (!BN_BLINDING_convert(&f,rsa->blinding,ctx)) goto err; + +@@ -318,8 +337,8 @@ + goto err; + } + +- if ((rsa->flags & RSA_FLAG_BLINDING) && (rsa->blinding == NULL)) +- RSA_blinding_on(rsa,ctx); ++ BLINDING_HELPER(rsa, ctx, goto err;); ++ + if (rsa->flags & RSA_FLAG_BLINDING) + if (!BN_BLINDING_convert(&f,rsa->blinding,ctx)) goto err; + +Index: crypto/rsa/rsa_lib.c +=================================================================== +RCS file: /e/openssl/cvs/openssl/crypto/rsa/rsa_lib.c,v +retrieving revision 1.30.2.2 +diff -u -r1.30.2.2 rsa_lib.c +--- crypto/rsa/rsa_lib.c 30 Jan 2003 17:37:46 -0000 1.30.2.2 ++++ crypto/rsa/rsa_lib.c 16 Mar 2003 10:34:13 -0000 +@@ -72,7 +72,13 @@ + + RSA *RSA_new(void) + { +- return(RSA_new_method(NULL)); ++ RSA *r=RSA_new_method(NULL); ++ ++#ifndef OPENSSL_NO_FORCE_RSA_BLINDING ++ r->flags|=RSA_FLAG_BLINDING; ++#endif ++ ++ return r; + } + + void RSA_set_default_method(const RSA_METHOD *meth) diff --git a/security/openssl/Makefile b/security/openssl/Makefile index 36ea03466332..1a4cd8577ae7 100644 --- a/security/openssl/Makefile +++ b/security/openssl/Makefile @@ -7,6 +7,7 @@ PORTNAME= openssl PORTVERSION= 0.9.7a +PORTREVISION= 1 CATEGORIES= security devel MASTER_SITES= http://www.openssl.org/source/ \ ftp://ftp.openssl.org/source/ \ @@ -22,6 +23,7 @@ COMMENT= SSL and crypto library MAKE_ENV+= MANPREFIX=${MANPREFIX} NOPRECIOUSMAKEVARS= Too many _MLINKS for fetch +USE_PERL5_BUILD= yes MAN1= CA.pl.1 asn1parse.1 ca.1 ciphers.1 crl.1 crl2pkcs7.1 dgst.1 dhparam.1 \ dsa.1 dsaparam.1 enc.1 gendsa.1 genrsa.1 nseq.1 ocsp.1 openssl.1 \ @@ -821,7 +823,6 @@ MAKE_ARGS+= WHOLE_ARCHIVE_FLAG=-Bforcearchive MAKE_ARGS+= WHOLE_ARCHIVE_FLAG=--whole-archive .endif -USE_PERL5= yes .if defined(NOSHARED) PLIST_SUB+= SHARED="@comment " .else diff --git a/security/openssl/files/patch-security b/security/openssl/files/patch-security new file mode 100644 index 000000000000..4e3eefb36688 --- /dev/null +++ b/security/openssl/files/patch-security @@ -0,0 +1,77 @@ +Index: crypto/rsa/rsa_eay.c +=================================================================== +RCS file: /e/openssl/cvs/openssl/crypto/rsa/rsa_eay.c,v +retrieving revision 1.28.2.3 +diff -u -r1.28.2.3 rsa_eay.c +--- crypto/rsa/rsa_eay.c 30 Jan 2003 17:37:46 -0000 1.28.2.3 ++++ crypto/rsa/rsa_eay.c 16 Mar 2003 10:34:13 -0000 +@@ -195,6 +195,25 @@ + return(r); + } + ++static int rsa_eay_blinding(RSA *rsa, BN_CTX *ctx) ++ { ++ int ret = 1; ++ CRYPTO_w_lock(CRYPTO_LOCK_RSA); ++ /* Check again inside the lock - the macro's check is racey */ ++ if(rsa->blinding == NULL) ++ ret = RSA_blinding_on(rsa, ctx); ++ CRYPTO_w_unlock(CRYPTO_LOCK_RSA); ++ return ret; ++ } ++ ++#define BLINDING_HELPER(rsa, ctx, err_instr) \ ++ do { \ ++ if(((rsa)->flags & RSA_FLAG_BLINDING) && \ ++ ((rsa)->blinding == NULL) && \ ++ !rsa_eay_blinding(rsa, ctx)) \ ++ err_instr \ ++ } while(0) ++ + /* signing */ + static int RSA_eay_private_encrypt(int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, int padding) +@@ -239,8 +258,8 @@ + goto err; + } + +- if ((rsa->flags & RSA_FLAG_BLINDING) && (rsa->blinding == NULL)) +- RSA_blinding_on(rsa,ctx); ++ BLINDING_HELPER(rsa, ctx, goto err;); ++ + if (rsa->flags & RSA_FLAG_BLINDING) + if (!BN_BLINDING_convert(&f,rsa->blinding,ctx)) goto err; + +@@ -318,8 +337,8 @@ + goto err; + } + +- if ((rsa->flags & RSA_FLAG_BLINDING) && (rsa->blinding == NULL)) +- RSA_blinding_on(rsa,ctx); ++ BLINDING_HELPER(rsa, ctx, goto err;); ++ + if (rsa->flags & RSA_FLAG_BLINDING) + if (!BN_BLINDING_convert(&f,rsa->blinding,ctx)) goto err; + +Index: crypto/rsa/rsa_lib.c +=================================================================== +RCS file: /e/openssl/cvs/openssl/crypto/rsa/rsa_lib.c,v +retrieving revision 1.30.2.2 +diff -u -r1.30.2.2 rsa_lib.c +--- crypto/rsa/rsa_lib.c 30 Jan 2003 17:37:46 -0000 1.30.2.2 ++++ crypto/rsa/rsa_lib.c 16 Mar 2003 10:34:13 -0000 +@@ -72,7 +72,13 @@ + + RSA *RSA_new(void) + { +- return(RSA_new_method(NULL)); ++ RSA *r=RSA_new_method(NULL); ++ ++#ifndef OPENSSL_NO_FORCE_RSA_BLINDING ++ r->flags|=RSA_FLAG_BLINDING; ++#endif ++ ++ return r; + } + + void RSA_set_default_method(const RSA_METHOD *meth) |