Remove obsolete OpenSSL hacks for IDEA crypto.

We have some hacks in the ports tree to detect or to unconditionally disable
IDEA crypto support.  These hacks existed because OpenSSL in FreeBSD 9.3 and
earlier was shipped without IDEA support by default but we were allowed to
enable it via WITH_IDEA src.conf(5) option.

https://www.freebsd.org/cgi/man.cgi?query=src.conf&manpath=FreeBSD+9.3-RELEASE

Therefore, we had to implement some hacks to support three different cases,
i.e., a) 9.3 and earlier without IDEA crypto (default), b) 9.3 and earlier
with IDEA crypto (via WITH_IDEA src.conf option), and c) 10.0 and later with
unconditional IDEA support.  Now we can safely remove them because 9.3 and
earlier is no longer supported.

PR:		218233
Exp-Run by:	antoine
Approved by:	antoine (portmgr)
This commit is contained in:
Jung-uk Kim 2017-04-03 17:33:48 +00:00
parent f3c259369b
commit 56cab9fcdb
Notes: svn2git 2021-03-31 03:12:20 +00:00
svn path=/head/; revision=437668
5 changed files with 17 additions and 98 deletions

View File

@ -64,24 +64,6 @@ check-depends::
@${FALSE}
. endif
# OpenSSL in the base system may not include IDEA for patent licensing reasons.
. if defined(MAKE_IDEA) && !defined(OPENSSL_IDEA)
OPENSSL_IDEA= ${MAKE_IDEA}
. else
OPENSSL_IDEA?= NO
. endif
. if ${OPENSSL_IDEA} == "NO"
# XXX This is a hack to work around the fact that /etc/make.conf clobbers
# our CFLAGS. It might not be enough for all future ports.
. if defined(HAS_CONFIGURE)
CFLAGS+= -DNO_IDEA
. else
OPENSSL_CFLAGS+= -DNO_IDEA
. endif
MAKE_ARGS+= OPENSSL_CFLAGS="${OPENSSL_CFLAGS}"
. endif
.else # ${SSL_DEFAULT} != base
OPENSSLBASE= ${LOCALBASE}

View File

@ -3,7 +3,7 @@
PORTNAME= pipsecd
PORTVERSION= 19991014
PORTREVISION= 3
PORTREVISION= 4
CATEGORIES= net security
MASTER_SITES= http://perso.telecom-paristech.fr/~beyssac/pipsec/ \
http://www.komquats.com/distfiles/

View File

@ -9,13 +9,7 @@
#include <netinet/in_systm.h>
#include <netinet/in.h>
#include <netinet/ip.h>
@@ -54,12 +56,14 @@
#include <blowfish.h>
#include <cast.h>
#include <des.h>
+#ifndef NO_IDEA
#include <idea.h>
+#endif
@@ -58,8 +60,8 @@
#include "defs.h"
@ -26,7 +20,7 @@
#define _PATH_DEV_RANDOM "/dev/random"
#ifdef USE_ETHERTAP
@@ -100,6 +104,7 @@ struct ethtap_header ethtap;
@@ -100,6 +102,7 @@ struct ethtap_header ethtap;
#endif
unsigned char buf[MAX_HEADER+MAX_PACKET];
@ -34,7 +28,7 @@
typedef union {
MD5_CTX md5;
@@ -124,14 +129,16 @@ typedef struct hash_method {
@@ -124,11 +127,11 @@ typedef struct hash_method {
typedef union {
BF_KEY bf;
@ -49,49 +43,8 @@
+ DES_key_schedule k3;
} des3;
CAST_KEY cast;
+#ifndef NO_IDEA
IDEA_KEY_SCHEDULE idea;
+#endif
} crypt_key;
typedef struct crypt_method {
@@ -304,12 +311,14 @@ void cast_cbc_encrypt(unsigned char *iv,
void cast_cbc_decrypt(unsigned char *iv, crypt_key *dk,
unsigned char *ct, unsigned int len);
int cast_setkey(unsigned char *b, unsigned int len, crypt_key *k);
+#ifndef NO_IDEA
void my_idea_cbc_encrypt(unsigned char *iv, crypt_key *ek,
unsigned char *t, unsigned int len);
void my_idea_cbc_decrypt(unsigned char *iv, crypt_key *dk,
unsigned char *ct, unsigned int len);
int my_idea_set_encrypt_key(unsigned char *b, unsigned int len, crypt_key *k);
int my_idea_set_decrypt_key(unsigned char *b, unsigned int len, crypt_key *k);
+#endif
void my_des_cbc_encrypt(unsigned char *iv, crypt_key *ek,
unsigned char *t, unsigned int len);
void my_des_cbc_decrypt(unsigned char *iv, crypt_key *dk,
@@ -379,14 +388,20 @@ hash_method_t hash_ripemd160 = {
hash_method_t *hash_list = &hash_ripemd160;
+#ifndef NO_IDEA
crypt_method_t crypt_idea = {
NULL,
"idea_cbc", 8, 8,
my_idea_cbc_encrypt, my_idea_cbc_decrypt,
my_idea_set_encrypt_key, my_idea_set_decrypt_key
};
+#endif
crypt_method_t crypt_cast = {
+#ifndef NO_IDEA
&crypt_idea,
+#else
+ NULL,
+#endif
"cast_cbc", 8, 8,
cast_cbc_encrypt, cast_cbc_decrypt,
cast_setkey, cast_setkey
@@ -704,13 +719,22 @@ void tun_new(struct tun_method *this,
@@ -704,13 +707,22 @@ void tun_new(struct tun_method *this,
*/
int tun_send_ip(struct tun_method *this, struct encap_method *encap, int fd)
{
@ -115,7 +68,7 @@
sent = write(fd, encap->buf, encap->buflen);
if (sent != encap->buflen)
syslog(LOG_ERR, "truncated in: %d -> %d\n", encap->buflen, sent);
@@ -1120,6 +1144,7 @@ void config_read(FILE *cf)
@@ -1120,6 +1132,7 @@ void config_read(FILE *cf)
}
} else if (strcmp(arg, "if") == 0) {
int fd;
@ -123,7 +76,7 @@
struct sa_desc *local_sa, *remote_sa;
struct peer_desc *peer;
@@ -1128,6 +1153,7 @@ void config_read(FILE *cf)
@@ -1128,6 +1141,7 @@ void config_read(FILE *cf)
perror(arg);
continue;
}
@ -131,20 +84,7 @@
local_sa = NULL;
remote_sa = NULL;
@@ -1974,6 +2000,7 @@ int cast_setkey(unsigned char *b, unsign
return 0;
}
+#ifndef NO_IDEA
void my_idea_cbc_encrypt(unsigned char *iv, crypt_key *ek,
unsigned char *t, unsigned int len)
{
@@ -2002,11 +2029,12 @@ int my_idea_set_decrypt_key(unsigned cha
idea_set_decrypt_key(&k->idea, &k->idea);
return 0;
}
+#endif
@@ -2006,7 +2020,7 @@ int my_idea_set_decrypt_key(unsigned cha
void my_des_cbc_encrypt(unsigned char *iv, crypt_key *ek,
unsigned char *t, unsigned int len)
{
@ -153,7 +93,7 @@
}
void my_des_cbc_decrypt(unsigned char *iv, crypt_key *dk,
@@ -2018,7 +2046,7 @@ void my_des_cbc_decrypt(unsigned char *i
@@ -2018,7 +2032,7 @@ void my_des_cbc_decrypt(unsigned char *i
for (i = 0; i < len; i++) printf(" %02x", ct[i]);
printf("\n");
#endif
@ -162,7 +102,7 @@
#if 0
printf("%d bytes after decrypt\n", len);
for (i = 0; i < len; i++) printf(" %02x", ct[i]);
@@ -2029,23 +2057,23 @@ void my_des_cbc_decrypt(unsigned char *i
@@ -2029,23 +2043,23 @@ void my_des_cbc_decrypt(unsigned char *i
int my_des_setkey(unsigned char *b, unsigned int len, crypt_key *k)
{
if (len == 8)
@ -191,7 +131,7 @@
iv, DES_DECRYPT);
}
@@ -2054,11 +2082,11 @@ int my_des3_setkey(unsigned char *b, uns
@@ -2054,11 +2068,11 @@ int my_des3_setkey(unsigned char *b, uns
if (len != 24)
return -1;
@ -206,7 +146,7 @@
return -1;
return 0;
@@ -2081,6 +2109,11 @@ int null_setkey(unsigned char *b, unsign
@@ -2081,6 +2095,11 @@ int null_setkey(unsigned char *b, unsign
return 0;
}
@ -218,7 +158,7 @@
int main(int argc, char **argv)
{
time_t t;
@@ -2088,9 +2121,14 @@ int main(int argc, char **argv)
@@ -2088,9 +2107,14 @@ int main(int argc, char **argv)
int pack, i;
struct sockaddr_in from;
struct stat sb;
@ -233,7 +173,7 @@
openlog ("pipsecd", LOG_PID, LOG_DAEMON);
syslog (LOG_NOTICE, "pipsecd starting");
@@ -2113,7 +2151,21 @@ int main(int argc, char **argv)
@@ -2113,7 +2137,21 @@ int main(int argc, char **argv)
if (encap_icmp_new(&encap_meth[ENCAP_ICMP], IPPROTO_ICMP) == -1)
exit(1);
@ -256,7 +196,7 @@
if (f == NULL) {
perror("configuration file");
exit(1);
@@ -2123,8 +2175,8 @@ int main(int argc, char **argv)
@@ -2123,8 +2161,8 @@ int main(int argc, char **argv)
fclose(f);
/* Execute startup script, if any */

View File

@ -18,8 +18,5 @@ INSTALL_TARGET= install-strip
CPPFLAGS+= -I${OPENSSLINC}
CFLAGS+= -I${OPENSSLINC} -Wno-error
LDFLAGS+= -L${OPENSSLLIB}
.if !exists(${OPENSSLINC}/openssl/idea.h)
CFLAGS+= -DOPENSSL_NO_IDEA
.endif
.include <bsd.port.post.mk>

View File

@ -3,7 +3,7 @@
PORTNAME= pow
PORTVERSION= 0.7
PORTREVISION= 1
PORTREVISION= 2
CATEGORIES= security python
MASTER_SITES= SF/${PORTNAME}/POW/POW-${PORTVERSION}
PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX}
@ -26,7 +26,7 @@ post-patch:
@${REINPLACE_CMD} -e 's|licence|license|' ${WRKSRC}/setup.py
do-build:
cd ${WRKSRC} && ${PYTHON_CMD} ${PYSETUP} build_ext -D NO_IDEA -D NO_RC5_32_12_16 ${PYDISTUTILS_BUILD_TARGET}
cd ${WRKSRC} && ${PYTHON_CMD} ${PYSETUP} build_ext -D NO_RC5_32_12_16 ${PYDISTUTILS_BUILD_TARGET}
post-install:
@${STRIP_CMD} ${STAGEDIR}${PYTHONPREFIX_SITELIBDIR}/POW/_POW.so