pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: pkgsrc/chat/mumble
Module Name: pkgsrc
Committed By: nia
Date: Thu Mar 21 10:34:10 UTC 2024
Modified Files:
pkgsrc/chat/mumble: Makefile PLIST distinfo
Added Files:
pkgsrc/chat/mumble/patches: patch-src_SelfSignedCertificate.cpp
patch-src_SelfSignedCertificate.h
patch-src_crypto_CryptStateOCB2.cpp
patch-src_crypto_CryptStateOCB2.h
Log Message:
mumble: Update to 1.4.287
Various bug fixes and openssl3 support.
To generate a diff of this commit:
cvs rdiff -u -r1.60 -r1.61 pkgsrc/chat/mumble/Makefile
cvs rdiff -u -r1.5 -r1.6 pkgsrc/chat/mumble/PLIST
cvs rdiff -u -r1.11 -r1.12 pkgsrc/chat/mumble/distinfo
cvs rdiff -u -r0 -r1.1 \
pkgsrc/chat/mumble/patches/patch-src_SelfSignedCertificate.cpp \
pkgsrc/chat/mumble/patches/patch-src_SelfSignedCertificate.h \
pkgsrc/chat/mumble/patches/patch-src_crypto_CryptStateOCB2.cpp \
pkgsrc/chat/mumble/patches/patch-src_crypto_CryptStateOCB2.h
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: pkgsrc/chat/mumble/Makefile
diff -u pkgsrc/chat/mumble/Makefile:1.60 pkgsrc/chat/mumble/Makefile:1.61
--- pkgsrc/chat/mumble/Makefile:1.60 Tue Jan 30 14:21:36 2024
+++ pkgsrc/chat/mumble/Makefile Thu Mar 21 10:34:10 2024
@@ -1,7 +1,6 @@
-# $NetBSD: Makefile,v 1.60 2024/01/30 14:21:36 ryoon Exp $
+# $NetBSD: Makefile,v 1.61 2024/03/21 10:34:10 nia Exp $
-DISTNAME= mumble-1.4.230
-PKGREVISION= 19
+DISTNAME= mumble-1.4.287
CATEGORIES= chat audio
MASTER_SITES= ${MASTER_SITE_GITHUB:=mumble-voip/}
GITHUB_PROJECT= mumble
@@ -27,7 +26,8 @@ USE_CXX_FEATURES+= c++11
LDFLAGS.NetBSD+= -lrt
# Basic sensible stuff for packaging.
-CMAKE_ARGS+= -Dbundled-celt=off
+# Requires 0.7.x, pkgsrc version is too new
+#CMAKE_ARGS+= -Dbundled-celt=off
CMAKE_ARGS+= -Dbundled-opus=off
CMAKE_ARGS+= -Dbundled-speex=off
CMAKE_ARGS+= -Dwarnings-as-errors=off
@@ -59,7 +59,8 @@ CMAKE_ARGS+= -Doss=off
CHECK_PORTABILITY_SKIP+= 3rdparty/opus-src/doc/build_draft.sh
.include "options.mk"
-.include "../../audio/celt/buildlink3.mk"
+# Requires 0.7.x, pkgsrc version is too new
+#.include "../../audio/celt/buildlink3.mk"
.include "../../audio/libopus/buildlink3.mk"
.include "../../audio/libsndfile/buildlink3.mk"
.include "../../audio/speech-dispatcher/buildlink3.mk"
Index: pkgsrc/chat/mumble/PLIST
diff -u pkgsrc/chat/mumble/PLIST:1.5 pkgsrc/chat/mumble/PLIST:1.6
--- pkgsrc/chat/mumble/PLIST:1.5 Fri Apr 1 11:53:28 2022
+++ pkgsrc/chat/mumble/PLIST Thu Mar 21 10:34:10 2024
@@ -1,10 +1,12 @@
-@comment $NetBSD: PLIST,v 1.5 2022/04/01 11:53:28 nia Exp $
+@comment $NetBSD: PLIST,v 1.6 2024/03/21 10:34:10 nia Exp $
bin/mumble
bin/mumble-server
+lib/mumble/libcelt0.so
+lib/mumble/libcelt0.so.0.7.0
+man/man1/mumble-server-user-wrapper.1
+man/man1/mumble-server.1
man/man1/mumble.1
-man/man1/murmur-user-wrapper.1
-man/man1/murmurd.1
-share/applications/org.mumble_voip.mumble.desktop
+share/applications/info.mumble.Mumble.desktop
share/icons/hicolor/256x256/apps/mumble.png
share/icons/hicolor/scalable/apps/mumble.svg
-share/metainfo/org.mumble_voip.mumble.appdata.xml
+share/metainfo/info.mumble.Mumble.appdata.xml
Index: pkgsrc/chat/mumble/distinfo
diff -u pkgsrc/chat/mumble/distinfo:1.11 pkgsrc/chat/mumble/distinfo:1.12
--- pkgsrc/chat/mumble/distinfo:1.11 Sun Apr 10 07:47:22 2022
+++ pkgsrc/chat/mumble/distinfo Thu Mar 21 10:34:10 2024
@@ -1,11 +1,15 @@
-$NetBSD: distinfo,v 1.11 2022/04/10 07:47:22 nia Exp $
+$NetBSD: distinfo,v 1.12 2024/03/21 10:34:10 nia Exp $
-BLAKE2s (mumble-1.4.230.tar.gz) = 71d12d9d94a06a3c57b8b2230040efe3dff77048cbc5c4da11d1762bd5378cc8
-SHA512 (mumble-1.4.230.tar.gz) = 6cffc7a95d88b33876f4093b99266468210f5c14f190fbd2fbe4991bef91a567e55296e7c8c6cc99e19c054853211085cc3cc08109e367e6776afb70766b3a53
-Size (mumble-1.4.230.tar.gz) = 9441667 bytes
+BLAKE2s (mumble-1.4.287.tar.gz) = 3de53d3709cccb51c93c6efa192633e14b9bd48fe7f9c25f7782cbb9c020c86b
+SHA512 (mumble-1.4.287.tar.gz) = 34ed30c18257ba8deae6938009a90147c8bc3a0aca28e69bea7ec0262e8d2cdacb9a840fac7d3dd623a52ef8d5903ed5424b62b483af21d6df6aa9632eae9d82
+Size (mumble-1.4.287.tar.gz) = 9457292 bytes
SHA1 (patch-overlay__gl_init__unix.c) = e8db446ee6b62af5c8e580a3927664c9b52bf4f7
SHA1 (patch-src_HostAddress.cpp) = 34ea0777f76dc236e96b83e43ba486952c676a1c
SHA1 (patch-src_ProcessResolver.cpp) = f75286127d01c2f44308d6483e2af5b5e7bc1304
+SHA1 (patch-src_SelfSignedCertificate.cpp) = bfd3725e4936e00ac2ef6f7071affb8847a767de
+SHA1 (patch-src_SelfSignedCertificate.h) = 5cd0e3637cc282ae3c22ae25c16b6a472f85a405
+SHA1 (patch-src_crypto_CryptStateOCB2.cpp) = 1b088a8c5d4b64f6ac7a76445c56d70b204bf646
+SHA1 (patch-src_crypto_CryptStateOCB2.h) = 7fa2047bf13a397a6cb9cb48c14134ab36d768f4
SHA1 (patch-src_mumble_CMakeLists.txt) = a171b707b8f5c8316f0c0c45bb0f8a38545f0f6a
SHA1 (patch-src_mumble_OSS.cpp) = b0e38bade402998f7c5d0d71090a26fa4a77eb97
SHA1 (patch-src_mumble_ServerHandler.cpp) = 915e05a3e91c78b42181ce6156231be0bae25fa1
Added files:
Index: pkgsrc/chat/mumble/patches/patch-src_SelfSignedCertificate.cpp
diff -u /dev/null pkgsrc/chat/mumble/patches/patch-src_SelfSignedCertificate.cpp:1.1
--- /dev/null Thu Mar 21 10:34:10 2024
+++ pkgsrc/chat/mumble/patches/patch-src_SelfSignedCertificate.cpp Thu Mar 21 10:34:10 2024
@@ -0,0 +1,335 @@
+$NetBSD: patch-src_SelfSignedCertificate.cpp,v 1.1 2024/03/21 10:34:10 nia Exp $
+
+From f4cea62ed95e4967d8591f25e903f5e8fc2e2a30 Mon Sep 17 00:00:00 2001
+From: Terry Geng <terry%terriex.com@localhost>
+Date: Mon, 6 Dec 2021 10:45:11 -0500
+Subject: [PATCH] BUILD(crypto): Migrate to OpenSSL 3.0-compatible API
+
+OpenSSL 3.0 deprecated several low-level APIs and the usage of them
+caused errors/warnings that prevent the binary from being built against
+OpenSSL 3.0.
+Some primitive efforts have been made in #5317 but were incomplete.
+This commit follows https://www.openssl.org/docs/man3.0/man7/migration_guide.html,
+https://code.woboq.org/qt6/qtopcua/src/opcua/x509/qopcuakeypair_openssl.cpp.html,
+and clears all errors/warnings related to the usage of deprecated APIs.
+
+--- src/SelfSignedCertificate.cpp.orig 2022-09-13 17:24:40.000000000 +0000
++++ src/SelfSignedCertificate.cpp
+@@ -5,8 +5,6 @@
+
+ #include "SelfSignedCertificate.h"
+
+-#include <openssl/x509v3.h>
+-
+ #define SSL_STRING(x) QString::fromLatin1(x).toUtf8().data()
+
+ static int add_ext(X509 *crt, int nid, char *value) {
+@@ -28,108 +26,86 @@ static int add_ext(X509 *crt, int nid, c
+ return 1;
+ }
+
+-bool SelfSignedCertificate::generate(CertificateType certificateType, QString clientCertName, QString clientCertEmail,
+- QSslCertificate &qscCert, QSslKey &qskKey) {
+- bool ok = true;
+- X509 *x509 = nullptr;
+- EVP_PKEY *pkey = nullptr;
+- RSA *rsa = nullptr;
+- BIGNUM *e = nullptr;
+- X509_NAME *name = nullptr;
+- ASN1_INTEGER *serialNumber = nullptr;
+- ASN1_TIME *notBefore = nullptr;
+- ASN1_TIME *notAfter = nullptr;
+- QString commonName;
+- bool isServerCert = certificateType == CertificateTypeServerCertificate;
+-
+- if (CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON) == -1) {
+- ok = false;
+- goto out;
++EVP_PKEY *SelfSignedCertificate::generate_rsa_keypair() {
++ EVP_PKEY *pkey = EVP_PKEY_new();
++ if (!pkey) {
++ return nullptr;
+ }
+
+- x509 = X509_new();
+- if (!x509) {
+- ok = false;
+- goto out;
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++ EVP_PKEY_CTX *ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, nullptr);
++ if (!ctx) {
++ return nullptr;
+ }
+-
+- pkey = EVP_PKEY_new();
+- if (!pkey) {
+- ok = false;
+- goto out;
++ if (EVP_PKEY_keygen_init(ctx) <= 0) {
++ return nullptr;
+ }
+-
+- rsa = RSA_new();
++ if (EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, 2048) <= 0) {
++ return nullptr;
++ }
++ if (EVP_PKEY_keygen(ctx, &pkey) <= 0) {
++ return nullptr;
++ }
++ EVP_PKEY_CTX_free(ctx);
++#else
++ RSA *rsa = RSA_new();
++ BIGNUM *e = BN_new();
+ if (!rsa) {
+- ok = false;
+- goto out;
++ return nullptr;
+ }
+-
+- e = BN_new();
+ if (!e) {
+- ok = false;
+- goto out;
++ return nullptr;
+ }
+ if (BN_set_word(e, 65537) == 0) {
+- ok = false;
+- goto out;
++ return nullptr;
+ }
+-
+ if (RSA_generate_key_ex(rsa, 2048, e, nullptr) == 0) {
+- ok = false;
+- goto out;
++ return nullptr;
+ }
+-
+ if (EVP_PKEY_assign_RSA(pkey, rsa) == 0) {
+- ok = false;
+- goto out;
+- }
+-
+- if (X509_set_version(x509, 2) == 0) {
+- ok = false;
+- goto out;
+- }
+-
+- serialNumber = X509_get_serialNumber(x509);
+- if (!serialNumber) {
+- ok = false;
+- goto out;
+- }
+- if (ASN1_INTEGER_set(serialNumber, 1) == 0) {
+- ok = false;
+- goto out;
++ return nullptr;
+ }
++ BN_free(e);
++ RSA_free(rsa);
++#endif
++ return pkey;
++}
+
+- notBefore = X509_get_notBefore(x509);
+- if (!notBefore) {
+- ok = false;
+- goto out;
+- }
+- if (!X509_gmtime_adj(notBefore, 0)) {
+- ok = false;
+- goto out;
++#define CHECK(statement) \
++ if (!(statement)) { \
++ ok = false; \
++ goto out; \
+ }
+
+- notAfter = X509_get_notAfter(x509);
+- if (!notAfter) {
+- ok = false;
+- goto out;
+- }
+- if (!X509_gmtime_adj(notAfter, 60 * 60 * 24 * 365 * 20)) {
+- ok = false;
+- goto out;
+- }
+
+- if (X509_set_pubkey(x509, pkey) == 0) {
+- ok = false;
+- goto out;
+- }
++bool SelfSignedCertificate::generate(CertificateType certificateType, QString clientCertName, QString clientCertEmail,
++ QSslCertificate &qscCert, QSslKey &qskKey) {
++ bool ok = true;
++ EVP_PKEY *pkey = nullptr;
++ X509 *x509 = nullptr;
++ X509_NAME *name = nullptr;
++ ASN1_INTEGER *serialNumber = nullptr;
++ ASN1_TIME *notBefore = nullptr;
++ ASN1_TIME *notAfter = nullptr;
++ QString commonName;
++ bool isServerCert = certificateType == CertificateTypeServerCertificate;
+
+- name = X509_get_subject_name(x509);
+- if (!name) {
+- ok = false;
+- goto out;
+- }
++ // In Qt 5.15, a class was added to wrap up the procedures of generating a self-signed certificate.
++ // See https://doc.qt.io/qt-5/qopcuax509certificatesigningrequest.html.
++ // We should consider migrating to this class after switching to Qt 5.15.
++
++ CHECK(pkey = generate_rsa_keypair());
++
++ CHECK(x509 = X509_new());
++ CHECK(X509_set_version(x509, 2));
++ CHECK(serialNumber = X509_get_serialNumber(x509));
++ CHECK(ASN1_INTEGER_set(serialNumber, 1));
++ CHECK(notBefore = X509_get_notBefore(x509));
++ CHECK(X509_gmtime_adj(notBefore, 0));
++ CHECK(notAfter = X509_get_notAfter(x509));
++ CHECK(X509_gmtime_adj(notAfter, 60 * 60 * 24 * 365 * 20))
++ CHECK(X509_set_pubkey(x509, pkey));
++ CHECK(name = X509_get_subject_name(x509));
+
+ if (isServerCert) {
+ commonName = QLatin1String("Murmur Autogenerated Certificate v2");
+@@ -141,120 +117,63 @@ bool SelfSignedCertificate::generate(Cer
+ }
+ }
+
+- if (X509_NAME_add_entry_by_txt(name, "CN", MBSTRING_UTF8,
+- reinterpret_cast< unsigned char * >(commonName.toUtf8().data()), -1, -1, 0)
+- == 0) {
+- ok = false;
+- goto out;
+- }
++ CHECK(X509_NAME_add_entry_by_txt(name, "CN", MBSTRING_UTF8,
++ reinterpret_cast< unsigned char * >(commonName.toUtf8().data()), -1, -1, 0));
+
+- if (X509_set_issuer_name(x509, name) == 0) {
+- ok = false;
+- goto out;
+- }
++ CHECK(X509_set_issuer_name(x509, name));
+
+- if (add_ext(x509, NID_basic_constraints, SSL_STRING("critical,CA:FALSE")) == 0) {
+- ok = false;
+- goto out;
+- }
++ CHECK(add_ext(x509, NID_basic_constraints, SSL_STRING("critical,CA:FALSE")));
+
+ if (isServerCert) {
+- if (add_ext(x509, NID_ext_key_usage, SSL_STRING("serverAuth,clientAuth")) == 0) {
+- ok = false;
+- goto out;
+- }
++ CHECK(add_ext(x509, NID_ext_key_usage, SSL_STRING("serverAuth,clientAuth")))
+ } else {
+- if (add_ext(x509, NID_ext_key_usage, SSL_STRING("clientAuth")) == 0) {
+- ok = false;
+- goto out;
+- }
++ CHECK(add_ext(x509, NID_ext_key_usage, SSL_STRING("clientAuth")));
+ }
+
+- if (add_ext(x509, NID_subject_key_identifier, SSL_STRING("hash")) == 0) {
+- ok = false;
+- goto out;
+- }
++ CHECK(add_ext(x509, NID_subject_key_identifier, SSL_STRING("hash")));
+
+ if (isServerCert) {
+- if (add_ext(x509, NID_netscape_comment, SSL_STRING("Generated from murmur")) == 0) {
+- ok = false;
+- goto out;
+- }
++ CHECK(add_ext(x509, NID_netscape_comment, SSL_STRING("Generated from murmur")));
+ } else {
+- if (add_ext(x509, NID_netscape_comment, SSL_STRING("Generated by Mumble")) == 0) {
+- ok = false;
+- goto out;
+- }
++ CHECK(add_ext(x509, NID_netscape_comment, SSL_STRING("Generated by Mumble")));
+ }
+
+ if (!isServerCert) {
+ if (!clientCertEmail.trimmed().isEmpty()) {
+- if (add_ext(x509, NID_subject_alt_name,
+- QString::fromLatin1("email:%1").arg(clientCertEmail).toUtf8().data())
+- == 0) {
+- ok = false;
+- goto out;
+- }
++ CHECK(add_ext(x509, NID_subject_alt_name,
++ QString::fromLatin1("email:%1").arg(clientCertEmail).toUtf8().data()));
+ }
+ }
+
+- if (X509_sign(x509, pkey, EVP_sha1()) == 0) {
+- ok = false;
+- goto out;
+- }
++ CHECK(X509_sign(x509, pkey, EVP_sha1()));
+
+ {
+ QByteArray crt;
+ int len = i2d_X509(x509, nullptr);
+- if (len <= 0) {
+- ok = false;
+- goto out;
+- }
++ CHECK(len > 0);
+ crt.resize(len);
+
+ unsigned char *dptr = reinterpret_cast< unsigned char * >(crt.data());
+- if (i2d_X509(x509, &dptr) != len) {
+- ok = false;
+- goto out;
+- }
++ CHECK(i2d_X509(x509, &dptr) == len);
+
+ qscCert = QSslCertificate(crt, QSsl::Der);
+- if (qscCert.isNull()) {
+- ok = false;
+- goto out;
+- }
++ CHECK(!qscCert.isNull());
+ }
+
+ {
+ QByteArray key;
+ int len = i2d_PrivateKey(pkey, nullptr);
+- if (len <= 0) {
+- ok = false;
+- goto out;
+- }
++ CHECK(len > 0);
+ key.resize(len);
+
+ unsigned char *dptr = reinterpret_cast< unsigned char * >(key.data());
+- if (i2d_PrivateKey(pkey, &dptr) != len) {
+- ok = false;
+- goto out;
+- }
++ CHECK(i2d_PrivateKey(pkey, &dptr) == len);
+
+ qskKey = QSslKey(key, QSsl::Rsa, QSsl::Der);
+- if (qskKey.isNull()) {
+- ok = false;
+- goto out;
+- }
++ CHECK(!qskKey.isNull());
+ }
+
+ out:
+- if (e) {
+- BN_free(e);
+- }
+- // We only need to free the pkey pointer,
+- // not the RSA pointer. We have assigned
+- // our RSA key to pkey, and it will be freed
+- // once we free pkey.
+ if (pkey) {
+ EVP_PKEY_free(pkey);
+ }
Index: pkgsrc/chat/mumble/patches/patch-src_SelfSignedCertificate.h
diff -u /dev/null pkgsrc/chat/mumble/patches/patch-src_SelfSignedCertificate.h:1.1
--- /dev/null Thu Mar 21 10:34:10 2024
+++ pkgsrc/chat/mumble/patches/patch-src_SelfSignedCertificate.h Thu Mar 21 10:34:10 2024
@@ -0,0 +1,36 @@
+$NetBSD: patch-src_SelfSignedCertificate.h,v 1.1 2024/03/21 10:34:10 nia Exp $
+
+From f4cea62ed95e4967d8591f25e903f5e8fc2e2a30 Mon Sep 17 00:00:00 2001
+From: Terry Geng <terry%terriex.com@localhost>
+Date: Mon, 6 Dec 2021 10:45:11 -0500
+Subject: [PATCH] BUILD(crypto): Migrate to OpenSSL 3.0-compatible API
+
+OpenSSL 3.0 deprecated several low-level APIs and the usage of them
+caused errors/warnings that prevent the binary from being built against
+OpenSSL 3.0.
+Some primitive efforts have been made in #5317 but were incomplete.
+This commit follows https://www.openssl.org/docs/man3.0/man7/migration_guide.html,
+https://code.woboq.org/qt6/qtopcua/src/opcua/x509/qopcuakeypair_openssl.cpp.html,
+and clears all errors/warnings related to the usage of deprecated APIs.
+
+--- src/SelfSignedCertificate.h.orig 2022-09-13 17:24:40.000000000 +0000
++++ src/SelfSignedCertificate.h
+@@ -6,6 +6,10 @@
+ #ifndef MUMBLE_SELFSIGNEDCERTIFICATE_H_
+ #define MUMBLE_SELFSIGNEDCERTIFICATE_H_
+
++#include <openssl/evp.h>
++#include <openssl/rsa.h>
++#include <openssl/x509v3.h>
++
+ #include <QtCore/QString>
+ #include <QtNetwork/QSslCertificate>
+ #include <QtNetwork/QSslKey>
+@@ -16,6 +20,7 @@ class SelfSignedCertificate {
+ private:
+ static bool generate(CertificateType certificateType, QString clientCertName, QString clientCertEmail,
+ QSslCertificate &qscCert, QSslKey &qskKey);
++ static EVP_PKEY *generate_rsa_keypair();
+
+ public:
+ static bool generateMumbleCertificate(QString name, QString email, QSslCertificate &qscCert, QSslKey &qskKey);
Index: pkgsrc/chat/mumble/patches/patch-src_crypto_CryptStateOCB2.cpp
diff -u /dev/null pkgsrc/chat/mumble/patches/patch-src_crypto_CryptStateOCB2.cpp:1.1
--- /dev/null Thu Mar 21 10:34:10 2024
+++ pkgsrc/chat/mumble/patches/patch-src_crypto_CryptStateOCB2.cpp Thu Mar 21 10:34:10 2024
@@ -0,0 +1,180 @@
+$NetBSD: patch-src_crypto_CryptStateOCB2.cpp,v 1.1 2024/03/21 10:34:10 nia Exp $
+
+From f4cea62ed95e4967d8591f25e903f5e8fc2e2a30 Mon Sep 17 00:00:00 2001
+From: Terry Geng <terry%terriex.com@localhost>
+Date: Mon, 6 Dec 2021 10:45:11 -0500
+Subject: [PATCH] BUILD(crypto): Migrate to OpenSSL 3.0-compatible API
+
+OpenSSL 3.0 deprecated several low-level APIs and the usage of them
+caused errors/warnings that prevent the binary from being built against
+OpenSSL 3.0.
+Some primitive efforts have been made in #5317 but were incomplete.
+This commit follows https://www.openssl.org/docs/man3.0/man7/migration_guide.html,
+https://code.woboq.org/qt6/qtopcua/src/opcua/x509/qopcuakeypair_openssl.cpp.html,
+and clears all errors/warnings related to the usage of deprecated APIs.
+
+--- src/crypto/CryptStateOCB2.cpp.orig 2022-09-13 17:24:40.000000000 +0000
++++ src/crypto/CryptStateOCB2.cpp
+@@ -30,7 +30,9 @@
+ #include <cstring>
+ #include <openssl/rand.h>
+
+-CryptStateOCB2::CryptStateOCB2() : CryptState() {
++CryptStateOCB2::CryptStateOCB2()
++ : CryptState(), enc_ctx_ocb_enc(EVP_CIPHER_CTX_new()), dec_ctx_ocb_enc(EVP_CIPHER_CTX_new()),
++ enc_ctx_ocb_dec(EVP_CIPHER_CTX_new()), dec_ctx_ocb_dec(EVP_CIPHER_CTX_new()) {
+ for (int i = 0; i < 0x100; i++)
+ decrypt_history[i] = 0;
+ memset(raw_key, 0, AES_KEY_SIZE_BYTES);
+@@ -38,6 +40,13 @@ CryptStateOCB2::CryptStateOCB2() : Crypt
+ memset(decrypt_iv, 0, AES_BLOCK_SIZE);
+ }
+
++CryptStateOCB2::~CryptStateOCB2() noexcept {
++ EVP_CIPHER_CTX_free(enc_ctx_ocb_enc);
++ EVP_CIPHER_CTX_free(dec_ctx_ocb_enc);
++ EVP_CIPHER_CTX_free(enc_ctx_ocb_dec);
++ EVP_CIPHER_CTX_free(dec_ctx_ocb_dec);
++}
++
+ bool CryptStateOCB2::isValid() const {
+ return bInit;
+ }
+@@ -46,8 +55,6 @@ void CryptStateOCB2::genKey() {
+ CryptographicRandom::fillBuffer(raw_key, AES_KEY_SIZE_BYTES);
+ CryptographicRandom::fillBuffer(encrypt_iv, AES_BLOCK_SIZE);
+ CryptographicRandom::fillBuffer(decrypt_iv, AES_BLOCK_SIZE);
+- AES_set_encrypt_key(raw_key, AES_KEY_SIZE_BITS, &encrypt_key);
+- AES_set_decrypt_key(raw_key, AES_KEY_SIZE_BITS, &decrypt_key);
+ bInit = true;
+ }
+
+@@ -56,8 +63,6 @@ bool CryptStateOCB2::setKey(const std::s
+ memcpy(raw_key, rkey.data(), AES_KEY_SIZE_BYTES);
+ memcpy(encrypt_iv, eiv.data(), AES_BLOCK_SIZE);
+ memcpy(decrypt_iv, div.data(), AES_BLOCK_SIZE);
+- AES_set_encrypt_key(raw_key, AES_KEY_SIZE_BITS, &encrypt_key);
+- AES_set_decrypt_key(raw_key, AES_KEY_SIZE_BITS, &decrypt_key);
+ bInit = true;
+ return true;
+ }
+@@ -256,10 +261,27 @@ static void inline ZERO(keyblock &block)
+ block[i] = 0;
+ }
+
+-#define AESencrypt(src, dst, key) \
+- AES_encrypt(reinterpret_cast< const unsigned char * >(src), reinterpret_cast< unsigned char * >(dst), key);
+-#define AESdecrypt(src, dst, key) \
+- AES_decrypt(reinterpret_cast< const unsigned char * >(src), reinterpret_cast< unsigned char * >(dst), key);
++#define AESencrypt_ctx(src, dst, key, enc_ctx) \
++ { \
++ int outlen = 0; \
++ EVP_EncryptInit_ex(enc_ctx, EVP_aes_128_ecb(), NULL, key, NULL); \
++ EVP_CIPHER_CTX_set_padding(enc_ctx, 0); \
++ EVP_EncryptUpdate(enc_ctx, reinterpret_cast< unsigned char * >(dst), &outlen, \
++ reinterpret_cast< const unsigned char * >(src), AES_BLOCK_SIZE); \
++ EVP_EncryptFinal_ex(enc_ctx, reinterpret_cast< unsigned char * >((dst) + outlen), &outlen); \
++ }
++#define AESdecrypt_ctx(src, dst, key, dec_ctx) \
++ { \
++ int outlen = 0; \
++ EVP_DecryptInit_ex(dec_ctx, EVP_aes_128_ecb(), NULL, key, NULL); \
++ EVP_CIPHER_CTX_set_padding(dec_ctx, 0); \
++ EVP_DecryptUpdate(dec_ctx, reinterpret_cast< unsigned char * >(dst), &outlen, \
++ reinterpret_cast< const unsigned char * >(src), AES_BLOCK_SIZE); \
++ EVP_DecryptFinal_ex(dec_ctx, reinterpret_cast< unsigned char * >((dst) + outlen), &outlen); \
++ }
++
++#define AESencrypt(src, dst, key) AESencrypt_ctx(src, dst, key, enc_ctx_ocb_enc)
++#define AESdecrypt(src, dst, key) AESdecrypt_ctx(src, dst, key, dec_ctx_ocb_enc)
+
+ bool CryptStateOCB2::ocb_encrypt(const unsigned char *plain, unsigned char *encrypted, unsigned int len,
+ const unsigned char *nonce, unsigned char *tag, bool modifyPlainOnXEXStarAttack) {
+@@ -267,7 +289,7 @@ bool CryptStateOCB2::ocb_encrypt(const u
+ bool success = true;
+
+ // Initialize
+- AESencrypt(nonce, delta, &encrypt_key);
++ AESencrypt(nonce, delta, raw_key);
+ ZERO(checksum);
+
+ while (len > AES_BLOCK_SIZE) {
+@@ -299,7 +321,7 @@ bool CryptStateOCB2::ocb_encrypt(const u
+ if (flipABit) {
+ *reinterpret_cast< unsigned char * >(tmp) ^= 1;
+ }
+- AESencrypt(tmp, tmp, &encrypt_key);
++ AESencrypt(tmp, tmp, raw_key);
+ XOR(reinterpret_cast< subblock * >(encrypted), delta, tmp);
+ XOR(checksum, checksum, reinterpret_cast< const subblock * >(plain));
+ if (flipABit) {
+@@ -315,7 +337,7 @@ bool CryptStateOCB2::ocb_encrypt(const u
+ ZERO(tmp);
+ tmp[BLOCKSIZE - 1] = SWAPPED(len * 8);
+ XOR(tmp, tmp, delta);
+- AESencrypt(tmp, pad, &encrypt_key);
++ AESencrypt(tmp, pad, raw_key);
+ memcpy(tmp, plain, len);
+ memcpy(reinterpret_cast< unsigned char * >(tmp) + len, reinterpret_cast< const unsigned char * >(pad) + len,
+ AES_BLOCK_SIZE - len);
+@@ -325,24 +347,30 @@ bool CryptStateOCB2::ocb_encrypt(const u
+
+ S3(delta);
+ XOR(tmp, delta, checksum);
+- AESencrypt(tmp, tag, &encrypt_key);
++ AESencrypt(tmp, tag, raw_key);
+
+ return success;
+ }
+
++#undef AESencrypt
++#undef AESdecrypt
++
++#define AESencrypt(src, dst, key) AESencrypt_ctx(src, dst, key, enc_ctx_ocb_dec)
++#define AESdecrypt(src, dst, key) AESdecrypt_ctx(src, dst, key, dec_ctx_ocb_dec)
++
+ bool CryptStateOCB2::ocb_decrypt(const unsigned char *encrypted, unsigned char *plain, unsigned int len,
+ const unsigned char *nonce, unsigned char *tag) {
+ keyblock checksum, delta, tmp, pad;
+ bool success = true;
+
+ // Initialize
+- AESencrypt(nonce, delta, &encrypt_key);
++ AESencrypt(nonce, delta, raw_key);
+ ZERO(checksum);
+
+ while (len > AES_BLOCK_SIZE) {
+ S2(delta);
+ XOR(tmp, delta, reinterpret_cast< const subblock * >(encrypted));
+- AESdecrypt(tmp, tmp, &decrypt_key);
++ AESdecrypt(tmp, tmp, raw_key);
+ XOR(reinterpret_cast< subblock * >(plain), delta, tmp);
+ XOR(checksum, checksum, reinterpret_cast< const subblock * >(plain));
+ len -= AES_BLOCK_SIZE;
+@@ -354,7 +382,7 @@ bool CryptStateOCB2::ocb_decrypt(const u
+ ZERO(tmp);
+ tmp[BLOCKSIZE - 1] = SWAPPED(len * 8);
+ XOR(tmp, tmp, delta);
+- AESencrypt(tmp, pad, &encrypt_key);
++ AESencrypt(tmp, pad, raw_key);
+ memset(tmp, 0, AES_BLOCK_SIZE);
+ memcpy(tmp, encrypted, len);
+ XOR(tmp, tmp, pad);
+@@ -372,14 +400,14 @@ bool CryptStateOCB2::ocb_decrypt(const u
+
+ S3(delta);
+ XOR(tmp, delta, checksum);
+- AESencrypt(tmp, tag, &encrypt_key);
++ AESencrypt(tmp, tag, raw_key);
+
+ return success;
+ }
+
++#undef AESencrypt
++#undef AESdecrypt
+ #undef BLOCKSIZE
+ #undef SHIFTBITS
+ #undef SWAPPED
+ #undef HIGHBIT
+-#undef AES_encrypt
+-#undef AES_decrypt
Index: pkgsrc/chat/mumble/patches/patch-src_crypto_CryptStateOCB2.h
diff -u /dev/null pkgsrc/chat/mumble/patches/patch-src_crypto_CryptStateOCB2.h:1.1
--- /dev/null Thu Mar 21 10:34:10 2024
+++ pkgsrc/chat/mumble/patches/patch-src_crypto_CryptStateOCB2.h Thu Mar 21 10:34:10 2024
@@ -0,0 +1,50 @@
+$NetBSD: patch-src_crypto_CryptStateOCB2.h,v 1.1 2024/03/21 10:34:10 nia Exp $
+
+From f4cea62ed95e4967d8591f25e903f5e8fc2e2a30 Mon Sep 17 00:00:00 2001
+From: Terry Geng <terry%terriex.com@localhost>
+Date: Mon, 6 Dec 2021 10:45:11 -0500
+Subject: [PATCH] BUILD(crypto): Migrate to OpenSSL 3.0-compatible API
+
+OpenSSL 3.0 deprecated several low-level APIs and the usage of them
+caused errors/warnings that prevent the binary from being built against
+OpenSSL 3.0.
+Some primitive efforts have been made in #5317 but were incomplete.
+This commit follows https://www.openssl.org/docs/man3.0/man7/migration_guide.html,
+https://code.woboq.org/qt6/qtopcua/src/opcua/x509/qopcuakeypair_openssl.cpp.html,
+and clears all errors/warnings related to the usage of deprecated APIs.
+
+--- src/crypto/CryptStateOCB2.h.orig 2022-09-13 17:24:40.000000000 +0000
++++ src/crypto/CryptStateOCB2.h
+@@ -8,8 +8,9 @@
+
+ #include "CryptState.h"
+
+-#include <openssl/aes.h>
++#include <openssl/evp.h>
+
++#define AES_BLOCK_SIZE 16
+ #define AES_KEY_SIZE_BITS 128
+ #define AES_KEY_SIZE_BYTES (AES_KEY_SIZE_BITS / 8)
+
+@@ -17,7 +18,7 @@
+ class CryptStateOCB2 : public CryptState {
+ public:
+ CryptStateOCB2();
+- ~CryptStateOCB2(){};
++ ~CryptStateOCB2() noexcept override;
+
+ virtual bool isValid() const Q_DECL_OVERRIDE;
+ virtual void genKey() Q_DECL_OVERRIDE;
+@@ -43,8 +44,10 @@ private:
+ unsigned char decrypt_iv[AES_BLOCK_SIZE];
+ unsigned char decrypt_history[0x100];
+
+- AES_KEY encrypt_key;
+- AES_KEY decrypt_key;
++ EVP_CIPHER_CTX *enc_ctx_ocb_enc;
++ EVP_CIPHER_CTX *dec_ctx_ocb_enc;
++ EVP_CIPHER_CTX *enc_ctx_ocb_dec;
++ EVP_CIPHER_CTX *dec_ctx_ocb_dec;
+ };
+
+
Home |
Main Index |
Thread Index |
Old Index