- Unbreak the build against contemporary versions of OpenSSL
- Hook provided test suite to our framework, respect CFLAGS
This commit is contained in:
parent
1c2c1553a1
commit
53e017295e
Notes:
svn2git
2021-03-31 03:12:20 +00:00
svn path=/head/; revision=547967
@ -12,13 +12,13 @@ COMMENT= High performance DNS/DNSSEC zone validator
|
||||
|
||||
LICENSE= BSD2CLAUSE
|
||||
|
||||
BROKEN_SSL= openssl
|
||||
|
||||
LIB_DEPENDS= libJudy.so:devel/judy
|
||||
TEST_DEPENDS= p5-Test-Command-Simple>=0:devel/p5-Test-Command-Simple
|
||||
|
||||
USES= ssl
|
||||
|
||||
ALL_TARGET=
|
||||
ALL_TARGET= ${PORTNAME}
|
||||
TEST_TARGET= test
|
||||
|
||||
PLIST_FILES= bin/${PORTNAME} \
|
||||
man/man1/${PORTNAME}.1.gz
|
||||
@ -26,22 +26,12 @@ PLIST_FILES= bin/${PORTNAME} \
|
||||
PORTDOCS= Changes README installation.mdwn notes.mdwn \
|
||||
technical-notes.mdwn todo.mdwn usage.mdwn
|
||||
|
||||
MAKE_ARGS+= INCPATH=-I${LOCALBASE}/include
|
||||
MAKE_ARGS+= EXTRALPATH=-L${LOCALBASE}/lib
|
||||
|
||||
OPTIONS_DEFINE= DOCS
|
||||
|
||||
.include <bsd.port.pre.mk>
|
||||
|
||||
.if ${SSL_DEFAULT} == base
|
||||
BROKEN_FreeBSD_12= field has incomplete type 'EVP_MD_CTX' (aka 'struct evp_md_ctx_st')
|
||||
BROKEN_FreeBSD_13= field has incomplete type 'EVP_MD_CTX' (aka 'struct evp_md_ctx_st')
|
||||
.endif
|
||||
|
||||
do-install:
|
||||
${INSTALL_PROGRAM} ${WRKSRC}/${PORTNAME} ${STAGEDIR}${PREFIX}/bin
|
||||
${INSTALL_DATA} ${WRKSRC}/*.1 ${STAGEDIR}${MAN1PREFIX}/man/man1/
|
||||
@${MKDIR} ${STAGEDIR}${DOCSDIR}
|
||||
@${INSTALL_DATA} ${PORTDOCS:S,^,${WRKSRC}/,} ${STAGEDIR}${DOCSDIR}/
|
||||
|
||||
.include <bsd.port.post.mk>
|
||||
.include <bsd.port.mk>
|
||||
|
13
dns/validns/files/patch-Makefile
Normal file
13
dns/validns/files/patch-Makefile
Normal file
@ -0,0 +1,13 @@
|
||||
--- Makefile.orig 2014-02-11 20:08:39 UTC
|
||||
+++ Makefile
|
||||
@@ -1,7 +1,7 @@
|
||||
# The following options seem to work fine on Linux, FreeBSD, and Darwin
|
||||
-OPTIMIZE=-O2 -g
|
||||
-CFLAGS=-Wall -Werror -pthread -fno-strict-aliasing
|
||||
-INCPATH=-I/usr/local/include -I/opt/local/include -I/usr/local/ssl/include
|
||||
+#OPTIMIZE=-O2 -g
|
||||
+CFLAGS+=-Wall -Wno-unused-function -Werror -pthread
|
||||
+INCPATH=-I$(LOCALBASE)/include -I$(OPENSSLINC)
|
||||
CC?=cc
|
||||
|
||||
# These additional options work on Solaris/gcc to which I have an access
|
22
dns/validns/files/patch-dnskey.c
Normal file
22
dns/validns/files/patch-dnskey.c
Normal file
@ -0,0 +1,22 @@
|
||||
--- dnskey.c.orig 2014-02-11 20:45:11 UTC
|
||||
+++ dnskey.c
|
||||
@@ -165,11 +165,17 @@ int dnskey_build_pkey(struct rr_dnskey *rr)
|
||||
if (l < e_bytes) /* public key is too short */
|
||||
goto done;
|
||||
|
||||
- rsa->e = BN_bin2bn(pk, e_bytes, NULL);
|
||||
+ BIGNUM *e = BN_bin2bn(pk, e_bytes, NULL);
|
||||
pk += e_bytes;
|
||||
l -= e_bytes;
|
||||
+ BIGNUM *n = BN_bin2bn(pk, l, NULL);
|
||||
|
||||
- rsa->n = BN_bin2bn(pk, l, NULL);
|
||||
+#if OPENSSL_VERSION_NUMBER < 0x10100005L
|
||||
+ rsa->e = e;
|
||||
+ rsa->n = n;
|
||||
+#else
|
||||
+ RSA_set0_key(rsa, n, e, NULL);
|
||||
+#endif
|
||||
|
||||
pkey = EVP_PKEY_new();
|
||||
if (!pkey)
|
52
dns/validns/files/patch-nsec3checks.c
Normal file
52
dns/validns/files/patch-nsec3checks.c
Normal file
@ -0,0 +1,52 @@
|
||||
--- nsec3checks.c.orig 2014-02-11 20:46:07 UTC
|
||||
+++ nsec3checks.c
|
||||
@@ -28,7 +28,7 @@
|
||||
static struct binary_data name2hash(char *name, struct rr *param)
|
||||
{
|
||||
struct rr_nsec3param *p = (struct rr_nsec3param *)param;
|
||||
- EVP_MD_CTX ctx;
|
||||
+ EVP_MD_CTX *ctx;
|
||||
unsigned char md0[EVP_MAX_MD_SIZE];
|
||||
unsigned char md1[EVP_MAX_MD_SIZE];
|
||||
unsigned char *md[2];
|
||||
@@ -45,26 +45,28 @@ static struct binary_data name2hash(char *name, struct
|
||||
|
||||
/* XXX Maybe use Init_ex and Final_ex for speed? */
|
||||
|
||||
- EVP_MD_CTX_init(&ctx);
|
||||
- if (EVP_DigestInit(&ctx, EVP_sha1()) != 1)
|
||||
- return r;
|
||||
- digest_size = EVP_MD_CTX_size(&ctx);
|
||||
- EVP_DigestUpdate(&ctx, wire_name.data, wire_name.length);
|
||||
- EVP_DigestUpdate(&ctx, p->salt.data, p->salt.length);
|
||||
- EVP_DigestFinal(&ctx, md[mdi], NULL);
|
||||
+ ctx = EVP_MD_CTX_create();
|
||||
+ if (EVP_DigestInit(ctx, EVP_sha1()) != 1)
|
||||
+ goto out;
|
||||
+ digest_size = EVP_MD_CTX_size(ctx);
|
||||
+ EVP_DigestUpdate(ctx, wire_name.data, wire_name.length);
|
||||
+ EVP_DigestUpdate(ctx, p->salt.data, p->salt.length);
|
||||
+ EVP_DigestFinal(ctx, md[mdi], NULL);
|
||||
|
||||
for (i = 0; i < p->iterations; i++) {
|
||||
- if (EVP_DigestInit(&ctx, EVP_sha1()) != 1)
|
||||
- return r;
|
||||
- EVP_DigestUpdate(&ctx, md[mdi], digest_size);
|
||||
+ if (EVP_DigestInit(ctx, EVP_sha1()) != 1)
|
||||
+ goto out;
|
||||
+ EVP_DigestUpdate(ctx, md[mdi], digest_size);
|
||||
mdi = (mdi + 1) % 2;
|
||||
- EVP_DigestUpdate(&ctx, p->salt.data, p->salt.length);
|
||||
- EVP_DigestFinal(&ctx, md[mdi], NULL);
|
||||
+ EVP_DigestUpdate(ctx, p->salt.data, p->salt.length);
|
||||
+ EVP_DigestFinal(ctx, md[mdi], NULL);
|
||||
}
|
||||
|
||||
r.length = digest_size;
|
||||
r.data = getmem(digest_size);
|
||||
memcpy(r.data, md[mdi], digest_size);
|
||||
+ out:
|
||||
+ EVP_MD_CTX_destroy(ctx);
|
||||
return r;
|
||||
}
|
||||
|
85
dns/validns/files/patch-rrsig.c
Normal file
85
dns/validns/files/patch-rrsig.c
Normal file
@ -0,0 +1,85 @@
|
||||
--- rrsig.c.orig 2014-02-11 20:45:39 UTC
|
||||
+++ rrsig.c
|
||||
@@ -26,7 +26,7 @@
|
||||
struct verification_data
|
||||
{
|
||||
struct verification_data *next;
|
||||
- EVP_MD_CTX ctx;
|
||||
+ EVP_MD_CTX *ctx;
|
||||
struct rr_dnskey *key;
|
||||
struct rr_rrsig *rr;
|
||||
int ok;
|
||||
@@ -180,7 +180,8 @@ void *verification_thread(void *dummy)
|
||||
if (d) {
|
||||
int r;
|
||||
d->next = NULL;
|
||||
- r = EVP_VerifyFinal(&d->ctx, (unsigned char *)d->rr->signature.data, d->rr->signature.length, d->key->pkey);
|
||||
+ r = EVP_VerifyFinal(d->ctx, (unsigned char *)d->rr->signature.data, d->rr->signature.length, d->key->pkey);
|
||||
+ EVP_MD_CTX_destroy(d->ctx);
|
||||
if (r == 1) {
|
||||
d->ok = 1;
|
||||
} else {
|
||||
@@ -232,7 +233,8 @@ static void schedule_verification(struct verification_
|
||||
} else {
|
||||
int r;
|
||||
G.stats.signatures_verified++;
|
||||
- r = EVP_VerifyFinal(&d->ctx, (unsigned char *)d->rr->signature.data, d->rr->signature.length, d->key->pkey);
|
||||
+ r = EVP_VerifyFinal(d->ctx, (unsigned char *)d->rr->signature.data, d->rr->signature.length, d->key->pkey);
|
||||
+ EVP_MD_CTX_destroy(d->ctx);
|
||||
if (r == 1) {
|
||||
d->ok = 1;
|
||||
} else {
|
||||
@@ -250,21 +252,21 @@ static int verify_signature(struct verification_data *
|
||||
struct rr *signed_rr;
|
||||
int i;
|
||||
|
||||
- EVP_MD_CTX_init(&d->ctx);
|
||||
+ d->ctx = EVP_MD_CTX_create();
|
||||
switch (d->rr->algorithm) {
|
||||
case ALG_DSA:
|
||||
case ALG_RSASHA1:
|
||||
case ALG_DSA_NSEC3_SHA1:
|
||||
case ALG_RSASHA1_NSEC3_SHA1:
|
||||
- if (EVP_VerifyInit(&d->ctx, EVP_sha1()) != 1)
|
||||
+ if (EVP_VerifyInit(d->ctx, EVP_sha1()) != 1)
|
||||
return 0;
|
||||
break;
|
||||
case ALG_RSASHA256:
|
||||
- if (EVP_VerifyInit(&d->ctx, EVP_sha256()) != 1)
|
||||
+ if (EVP_VerifyInit(d->ctx, EVP_sha256()) != 1)
|
||||
return 0;
|
||||
break;
|
||||
case ALG_RSASHA512:
|
||||
- if (EVP_VerifyInit(&d->ctx, EVP_sha512()) != 1)
|
||||
+ if (EVP_VerifyInit(d->ctx, EVP_sha512()) != 1)
|
||||
return 0;
|
||||
break;
|
||||
default:
|
||||
@@ -274,7 +276,7 @@ static int verify_signature(struct verification_data *
|
||||
chunk = rrsig_wirerdata_ex(&d->rr->rr, 0);
|
||||
if (chunk.length < 0)
|
||||
return 0;
|
||||
- EVP_VerifyUpdate(&d->ctx, chunk.data, chunk.length);
|
||||
+ EVP_VerifyUpdate(d->ctx, chunk.data, chunk.length);
|
||||
|
||||
set = getmem_temp(sizeof(*set) * signed_set->count);
|
||||
|
||||
@@ -294,12 +296,12 @@ static int verify_signature(struct verification_data *
|
||||
chunk = name2wire_name(signed_set->named_rr->name);
|
||||
if (chunk.length < 0)
|
||||
return 0;
|
||||
- EVP_VerifyUpdate(&d->ctx, chunk.data, chunk.length);
|
||||
- b2 = htons(set[i].rr->rdtype); EVP_VerifyUpdate(&d->ctx, &b2, 2);
|
||||
- b2 = htons(1); /* class IN */ EVP_VerifyUpdate(&d->ctx, &b2, 2);
|
||||
- b4 = htonl(set[i].rr->ttl); EVP_VerifyUpdate(&d->ctx, &b4, 4);
|
||||
- b2 = htons(set[i].wired.length); EVP_VerifyUpdate(&d->ctx, &b2, 2);
|
||||
- EVP_VerifyUpdate(&d->ctx, set[i].wired.data, set[i].wired.length);
|
||||
+ EVP_VerifyUpdate(d->ctx, chunk.data, chunk.length);
|
||||
+ b2 = htons(set[i].rr->rdtype); EVP_VerifyUpdate(d->ctx, &b2, 2);
|
||||
+ b2 = htons(1); /* class IN */ EVP_VerifyUpdate(d->ctx, &b2, 2);
|
||||
+ b4 = htonl(set[i].rr->ttl); EVP_VerifyUpdate(d->ctx, &b4, 4);
|
||||
+ b2 = htons(set[i].wired.length); EVP_VerifyUpdate(d->ctx, &b2, 2);
|
||||
+ EVP_VerifyUpdate(d->ctx, set[i].wired.data, set[i].wired.length);
|
||||
}
|
||||
|
||||
schedule_verification(d);
|
Loading…
Reference in New Issue
Block a user