pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/security/validns validns: fix building with openssl 1.1



details:   https://anonhg.NetBSD.org/pkgsrc/rev/89db54bce4ef
branches:  trunk
changeset: 450044:89db54bce4ef
user:      nia <nia%pkgsrc.org@localhost>
date:      Sat Apr 10 08:16:09 2021 +0000

description:
validns: fix building with openssl 1.1

diffstat:

 security/validns/Makefile                    |   4 +-
 security/validns/distinfo                    |   7 +-
 security/validns/patches/patch-Makefile      |  10 +-
 security/validns/patches/patch-dnskey.c      |  26 ++++++++
 security/validns/patches/patch-nsec3checks.c |  56 +++++++++++++++++
 security/validns/patches/patch-rrsig.c       |  89 ++++++++++++++++++++++++++++
 6 files changed, 183 insertions(+), 9 deletions(-)

diffs (243 lines):

diff -r 35f93d215857 -r 89db54bce4ef security/validns/Makefile
--- a/security/validns/Makefile Sat Apr 10 00:40:25 2021 +0000
+++ b/security/validns/Makefile Sat Apr 10 08:16:09 2021 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.18 2020/04/24 11:41:38 nia Exp $
+# $NetBSD: Makefile,v 1.19 2021/04/10 08:16:09 nia Exp $
 #
 
 DISTNAME=      validns-0.8
@@ -11,8 +11,6 @@
 COMMENT=       Validns, a high performance DNS/DNSSEC zone validator
 LICENSE=       2-clause-bsd
 
-BROKEN=                "Fails to build with OpenSSL 1.1"
-
 # Depends on perl for make tests
 
 #BUILD_DEPENDS+=       p5-Test-Command-Simple-[0-9]*:../../devel/p5-Test-Command-Simple
diff -r 35f93d215857 -r 89db54bce4ef security/validns/distinfo
--- a/security/validns/distinfo Sat Apr 10 00:40:25 2021 +0000
+++ b/security/validns/distinfo Sat Apr 10 08:16:09 2021 +0000
@@ -1,8 +1,11 @@
-$NetBSD: distinfo,v 1.8 2017/03/23 17:06:59 joerg Exp $
+$NetBSD: distinfo,v 1.9 2021/04/10 08:16:09 nia Exp $
 
 SHA1 (validns-0.8.tar.gz) = 1d9a233a1111a983d44ff6ccfb93d9308f12e90c
 RMD160 (validns-0.8.tar.gz) = 74204348e4478379f14eda129a8f045981e03829
 SHA512 (validns-0.8.tar.gz) = 2443bb8a7373f27d41ab3be1a92b61696d05b74afa42c19db54f6e999e4a634499faa44a5feefd3bc515bc677a8ef0a076092cf13316eff6d1cc504ff9702038
 Size (validns-0.8.tar.gz) = 190325 bytes
-SHA1 (patch-Makefile) = 638dc179f7f272873fabc7d7b46e2beb140e43bc
+SHA1 (patch-Makefile) = 7a83efee8f0771750aa2aac8f90bfafc8405cd2d
 SHA1 (patch-carp.c) = bbb750d013b751ca7994e32244c8865f8687ff1b
+SHA1 (patch-dnskey.c) = 7fa29ab6d53342b4686ac9906ec0c2b452620577
+SHA1 (patch-nsec3checks.c) = 39269b8d86bca7ff7ed04e380fa1516f9937dbda
+SHA1 (patch-rrsig.c) = a4e4be3b08d1aa4040b2f76cc6746d3cb878e1f8
diff -r 35f93d215857 -r 89db54bce4ef security/validns/patches/patch-Makefile
--- a/security/validns/patches/patch-Makefile   Sat Apr 10 00:40:25 2021 +0000
+++ b/security/validns/patches/patch-Makefile   Sat Apr 10 08:16:09 2021 +0000
@@ -1,15 +1,17 @@
-$NetBSD: patch-Makefile,v 1.6 2014/02/17 08:18:08 pettai Exp $
+$NetBSD: patch-Makefile,v 1.7 2021/04/10 08:16:09 nia Exp $
 
-Add (PKG_)PREFIX support
+- Honor CFLAGS.
+- Add (PKG_)PREFIX support.
 
 --- Makefile.orig      2014-02-11 20:08:39.000000000 +0000
 +++ Makefile
 @@ -1,7 +1,7 @@
  # The following options seem to work fine on Linux, FreeBSD, and Darwin
- OPTIMIZE=-O2 -g
+-OPTIMIZE=-O2 -g
 -CFLAGS=-Wall -Werror -pthread -fno-strict-aliasing
 -INCPATH=-I/usr/local/include -I/opt/local/include -I/usr/local/ssl/include
-+CFLAGS=-Wall -pthread -fno-strict-aliasing
++OPTIMIZE=
++CFLAGS+=-Wall -pthread -fno-strict-aliasing
 +INCPATH=-I/usr/include -I${PREFIX}/include
  CC?=cc
  
diff -r 35f93d215857 -r 89db54bce4ef security/validns/patches/patch-dnskey.c
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/security/validns/patches/patch-dnskey.c   Sat Apr 10 08:16:09 2021 +0000
@@ -0,0 +1,26 @@
+$NetBSD: patch-dnskey.c,v 1.1 2021/04/10 08:16:09 nia Exp $
+
+Fix building with OpenSSL 1.1. From FreeBSD Ports.
+
+--- dnskey.c.orig      2014-02-11 20:45:11.000000000 +0000
++++ dnskey.c
+@@ -165,11 +165,17 @@ int dnskey_build_pkey(struct rr_dnskey *
+               if (l < e_bytes) /* public key is too short */
+                       goto done;
+ 
+-              rsa->e = BN_bin2bn(pk, e_bytes, NULL);
++              BIGNUM *e = BN_bin2bn(pk, e_bytes, NULL);
+               pk += e_bytes;
+               l -= e_bytes;
++              BIGNUM *n = BN_bin2bn(pk, l, NULL);
+ 
+-              rsa->n = BN_bin2bn(pk, l, NULL);
++#if OPENSSL_VERSION_NUMBER < 0x10100005L
++              rsa->e = e;
++              rsa->n = n;
++#else
++              RSA_set0_key(rsa, n, e, NULL);
++#endif
+ 
+               pkey = EVP_PKEY_new();
+               if (!pkey)
diff -r 35f93d215857 -r 89db54bce4ef security/validns/patches/patch-nsec3checks.c
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/security/validns/patches/patch-nsec3checks.c      Sat Apr 10 08:16:09 2021 +0000
@@ -0,0 +1,56 @@
+$NetBSD: patch-nsec3checks.c,v 1.1 2021/04/10 08:16:09 nia Exp $
+
+Fix building with OpenSSL 1.1. From FreeBSD Ports.
+
+--- nsec3checks.c.orig 2014-02-11 20:46:07.000000000 +0000
++++ nsec3checks.c
+@@ -28,7 +28,7 @@
+ static struct binary_data name2hash(char *name, struct rr *param)
+ {
+     struct rr_nsec3param *p = (struct rr_nsec3param *)param;
+-      EVP_MD_CTX ctx;
++      EVP_MD_CTX *ctx;
+       unsigned char md0[EVP_MAX_MD_SIZE];
+       unsigned char md1[EVP_MAX_MD_SIZE];
+       unsigned char *md[2];
+@@ -45,26 +45,28 @@ static struct binary_data name2hash(char
+ 
+       /* XXX Maybe use Init_ex and Final_ex for speed? */
+ 
+-      EVP_MD_CTX_init(&ctx);
+-      if (EVP_DigestInit(&ctx, EVP_sha1()) != 1)
+-              return r;
+-      digest_size = EVP_MD_CTX_size(&ctx);
+-      EVP_DigestUpdate(&ctx, wire_name.data, wire_name.length);
+-      EVP_DigestUpdate(&ctx, p->salt.data, p->salt.length);
+-      EVP_DigestFinal(&ctx, md[mdi], NULL);
++      ctx = EVP_MD_CTX_create();
++      if (EVP_DigestInit(ctx, EVP_sha1()) != 1)
++              goto out;
++      digest_size = EVP_MD_CTX_size(ctx);
++      EVP_DigestUpdate(ctx, wire_name.data, wire_name.length);
++      EVP_DigestUpdate(ctx, p->salt.data, p->salt.length);
++      EVP_DigestFinal(ctx, md[mdi], NULL);
+ 
+       for (i = 0; i < p->iterations; i++) {
+-              if (EVP_DigestInit(&ctx, EVP_sha1()) != 1)
+-                      return r;
+-              EVP_DigestUpdate(&ctx, md[mdi], digest_size);
++              if (EVP_DigestInit(ctx, EVP_sha1()) != 1)
++                      goto out;
++              EVP_DigestUpdate(ctx, md[mdi], digest_size);
+               mdi = (mdi + 1) % 2;
+-              EVP_DigestUpdate(&ctx, p->salt.data, p->salt.length);
+-              EVP_DigestFinal(&ctx, md[mdi], NULL);
++              EVP_DigestUpdate(ctx, p->salt.data, p->salt.length);
++              EVP_DigestFinal(ctx, md[mdi], NULL);
+       }
+ 
+       r.length = digest_size;
+       r.data = getmem(digest_size);
+       memcpy(r.data, md[mdi], digest_size);
++ out:
++      EVP_MD_CTX_destroy(ctx);
+       return r;
+ }
+ 
diff -r 35f93d215857 -r 89db54bce4ef security/validns/patches/patch-rrsig.c
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/security/validns/patches/patch-rrsig.c    Sat Apr 10 08:16:09 2021 +0000
@@ -0,0 +1,89 @@
+$NetBSD: patch-rrsig.c,v 1.1 2021/04/10 08:16:09 nia Exp $
+
+Fix building with OpenSSL 1.1. From FreeBSD Ports.
+
+--- rrsig.c.orig       2014-02-11 20:45:39.000000000 +0000
++++ rrsig.c
+@@ -26,7 +26,7 @@
+ struct verification_data
+ {
+       struct verification_data *next;
+-      EVP_MD_CTX ctx;
++      EVP_MD_CTX *ctx;
+       struct rr_dnskey *key;
+       struct rr_rrsig *rr;
+       int ok;
+@@ -180,7 +180,8 @@ void *verification_thread(void *dummy)
+               if (d) {
+                       int r;
+                       d->next = NULL;
+-                      r = EVP_VerifyFinal(&d->ctx, (unsigned char *)d->rr->signature.data, d->rr->signature.length, d->key->pkey);
++                      r = EVP_VerifyFinal(d->ctx, (unsigned char *)d->rr->signature.data, d->rr->signature.length, d->key->pkey);
++                      EVP_MD_CTX_destroy(d->ctx);
+                       if (r == 1) {
+                               d->ok = 1;
+                       } else {
+@@ -232,7 +233,8 @@ static void schedule_verification(struct
+       } else {
+               int r;
+               G.stats.signatures_verified++;
+-              r = EVP_VerifyFinal(&d->ctx, (unsigned char *)d->rr->signature.data, d->rr->signature.length, d->key->pkey);
++              r = EVP_VerifyFinal(d->ctx, (unsigned char *)d->rr->signature.data, d->rr->signature.length, d->key->pkey);
++              EVP_MD_CTX_destroy(d->ctx);
+               if (r == 1) {
+                       d->ok = 1;
+               } else {
+@@ -250,21 +252,21 @@ static int verify_signature(struct verif
+       struct rr *signed_rr;
+       int i;
+ 
+-      EVP_MD_CTX_init(&d->ctx);
++      d->ctx = EVP_MD_CTX_create();
+       switch (d->rr->algorithm) {
+       case ALG_DSA:
+       case ALG_RSASHA1:
+       case ALG_DSA_NSEC3_SHA1:
+       case ALG_RSASHA1_NSEC3_SHA1:
+-              if (EVP_VerifyInit(&d->ctx, EVP_sha1()) != 1)
++              if (EVP_VerifyInit(d->ctx, EVP_sha1()) != 1)
+                       return 0;
+               break;
+       case ALG_RSASHA256:
+-              if (EVP_VerifyInit(&d->ctx, EVP_sha256()) != 1)
++              if (EVP_VerifyInit(d->ctx, EVP_sha256()) != 1)
+                       return 0;
+               break;
+       case ALG_RSASHA512:
+-              if (EVP_VerifyInit(&d->ctx, EVP_sha512()) != 1)
++              if (EVP_VerifyInit(d->ctx, EVP_sha512()) != 1)
+                       return 0;
+               break;
+       default:
+@@ -274,7 +276,7 @@ static int verify_signature(struct verif
+       chunk = rrsig_wirerdata_ex(&d->rr->rr, 0);
+       if (chunk.length < 0)
+               return 0;
+-      EVP_VerifyUpdate(&d->ctx, chunk.data, chunk.length);
++      EVP_VerifyUpdate(d->ctx, chunk.data, chunk.length);
+ 
+       set = getmem_temp(sizeof(*set) * signed_set->count);
+ 
+@@ -294,12 +296,12 @@ static int verify_signature(struct verif
+               chunk = name2wire_name(signed_set->named_rr->name);
+               if (chunk.length < 0)
+                       return 0;
+-              EVP_VerifyUpdate(&d->ctx, chunk.data, chunk.length);
+-              b2 = htons(set[i].rr->rdtype);    EVP_VerifyUpdate(&d->ctx, &b2, 2);
+-              b2 = htons(1);  /* class IN */   EVP_VerifyUpdate(&d->ctx, &b2, 2);
+-              b4 = htonl(set[i].rr->ttl);       EVP_VerifyUpdate(&d->ctx, &b4, 4);
+-              b2 = htons(set[i].wired.length); EVP_VerifyUpdate(&d->ctx, &b2, 2);
+-              EVP_VerifyUpdate(&d->ctx, set[i].wired.data, set[i].wired.length);
++              EVP_VerifyUpdate(d->ctx, chunk.data, chunk.length);
++              b2 = htons(set[i].rr->rdtype);    EVP_VerifyUpdate(d->ctx, &b2, 2);
++              b2 = htons(1);  /* class IN */   EVP_VerifyUpdate(d->ctx, &b2, 2);
++              b4 = htonl(set[i].rr->ttl);       EVP_VerifyUpdate(d->ctx, &b4, 4);
++              b2 = htons(set[i].wired.length); EVP_VerifyUpdate(d->ctx, &b2, 2);
++              EVP_VerifyUpdate(d->ctx, set[i].wired.data, set[i].wired.length);
+       }
+ 
+       schedule_verification(d);



Home | Main Index | Thread Index | Old Index