Remove obsolete OpenSSL hacks for IDEA crypto.
We have some hacks in the ports tree to detect or to unconditionally disable IDEA crypto support. These hacks existed because OpenSSL in FreeBSD 9.3 and earlier was shipped without IDEA support by default but we were allowed to enable it via WITH_IDEA src.conf(5) option. https://www.freebsd.org/cgi/man.cgi?query=src.conf&manpath=FreeBSD+9.3-RELEASE Therefore, we had to implement some hacks to support three different cases, i.e., a) 9.3 and earlier without IDEA crypto (default), b) 9.3 and earlier with IDEA crypto (via WITH_IDEA src.conf option), and c) 10.0 and later with unconditional IDEA support. Now we can safely remove them because 9.3 and earlier is no longer supported. PR: 218233 Exp-Run by: antoine Approved by: antoine (portmgr)
This commit is contained in:
parent
f3c259369b
commit
56cab9fcdb
Notes:
svn2git
2021-03-31 03:12:20 +00:00
svn path=/head/; revision=437668
@ -64,24 +64,6 @@ check-depends::
|
||||
@${FALSE}
|
||||
. endif
|
||||
|
||||
# OpenSSL in the base system may not include IDEA for patent licensing reasons.
|
||||
. if defined(MAKE_IDEA) && !defined(OPENSSL_IDEA)
|
||||
OPENSSL_IDEA= ${MAKE_IDEA}
|
||||
. else
|
||||
OPENSSL_IDEA?= NO
|
||||
. endif
|
||||
|
||||
. if ${OPENSSL_IDEA} == "NO"
|
||||
# XXX This is a hack to work around the fact that /etc/make.conf clobbers
|
||||
# our CFLAGS. It might not be enough for all future ports.
|
||||
. if defined(HAS_CONFIGURE)
|
||||
CFLAGS+= -DNO_IDEA
|
||||
. else
|
||||
OPENSSL_CFLAGS+= -DNO_IDEA
|
||||
. endif
|
||||
MAKE_ARGS+= OPENSSL_CFLAGS="${OPENSSL_CFLAGS}"
|
||||
. endif
|
||||
|
||||
.else # ${SSL_DEFAULT} != base
|
||||
|
||||
OPENSSLBASE= ${LOCALBASE}
|
||||
|
@ -3,7 +3,7 @@
|
||||
|
||||
PORTNAME= pipsecd
|
||||
PORTVERSION= 19991014
|
||||
PORTREVISION= 3
|
||||
PORTREVISION= 4
|
||||
CATEGORIES= net security
|
||||
MASTER_SITES= http://perso.telecom-paristech.fr/~beyssac/pipsec/ \
|
||||
http://www.komquats.com/distfiles/
|
||||
|
@ -9,13 +9,7 @@
|
||||
#include <netinet/in_systm.h>
|
||||
#include <netinet/in.h>
|
||||
#include <netinet/ip.h>
|
||||
@@ -54,12 +56,14 @@
|
||||
#include <blowfish.h>
|
||||
#include <cast.h>
|
||||
#include <des.h>
|
||||
+#ifndef NO_IDEA
|
||||
#include <idea.h>
|
||||
+#endif
|
||||
@@ -58,8 +60,8 @@
|
||||
|
||||
#include "defs.h"
|
||||
|
||||
@ -26,7 +20,7 @@
|
||||
#define _PATH_DEV_RANDOM "/dev/random"
|
||||
|
||||
#ifdef USE_ETHERTAP
|
||||
@@ -100,6 +104,7 @@ struct ethtap_header ethtap;
|
||||
@@ -100,6 +102,7 @@ struct ethtap_header ethtap;
|
||||
#endif
|
||||
|
||||
unsigned char buf[MAX_HEADER+MAX_PACKET];
|
||||
@ -34,7 +28,7 @@
|
||||
|
||||
typedef union {
|
||||
MD5_CTX md5;
|
||||
@@ -124,14 +129,16 @@ typedef struct hash_method {
|
||||
@@ -124,11 +127,11 @@ typedef struct hash_method {
|
||||
|
||||
typedef union {
|
||||
BF_KEY bf;
|
||||
@ -49,49 +43,8 @@
|
||||
+ DES_key_schedule k3;
|
||||
} des3;
|
||||
CAST_KEY cast;
|
||||
+#ifndef NO_IDEA
|
||||
IDEA_KEY_SCHEDULE idea;
|
||||
+#endif
|
||||
} crypt_key;
|
||||
|
||||
typedef struct crypt_method {
|
||||
@@ -304,12 +311,14 @@ void cast_cbc_encrypt(unsigned char *iv,
|
||||
void cast_cbc_decrypt(unsigned char *iv, crypt_key *dk,
|
||||
unsigned char *ct, unsigned int len);
|
||||
int cast_setkey(unsigned char *b, unsigned int len, crypt_key *k);
|
||||
+#ifndef NO_IDEA
|
||||
void my_idea_cbc_encrypt(unsigned char *iv, crypt_key *ek,
|
||||
unsigned char *t, unsigned int len);
|
||||
void my_idea_cbc_decrypt(unsigned char *iv, crypt_key *dk,
|
||||
unsigned char *ct, unsigned int len);
|
||||
int my_idea_set_encrypt_key(unsigned char *b, unsigned int len, crypt_key *k);
|
||||
int my_idea_set_decrypt_key(unsigned char *b, unsigned int len, crypt_key *k);
|
||||
+#endif
|
||||
void my_des_cbc_encrypt(unsigned char *iv, crypt_key *ek,
|
||||
unsigned char *t, unsigned int len);
|
||||
void my_des_cbc_decrypt(unsigned char *iv, crypt_key *dk,
|
||||
@@ -379,14 +388,20 @@ hash_method_t hash_ripemd160 = {
|
||||
|
||||
hash_method_t *hash_list = &hash_ripemd160;
|
||||
|
||||
+#ifndef NO_IDEA
|
||||
crypt_method_t crypt_idea = {
|
||||
NULL,
|
||||
"idea_cbc", 8, 8,
|
||||
my_idea_cbc_encrypt, my_idea_cbc_decrypt,
|
||||
my_idea_set_encrypt_key, my_idea_set_decrypt_key
|
||||
};
|
||||
+#endif
|
||||
crypt_method_t crypt_cast = {
|
||||
+#ifndef NO_IDEA
|
||||
&crypt_idea,
|
||||
+#else
|
||||
+ NULL,
|
||||
+#endif
|
||||
"cast_cbc", 8, 8,
|
||||
cast_cbc_encrypt, cast_cbc_decrypt,
|
||||
cast_setkey, cast_setkey
|
||||
@@ -704,13 +719,22 @@ void tun_new(struct tun_method *this,
|
||||
@@ -704,13 +707,22 @@ void tun_new(struct tun_method *this,
|
||||
*/
|
||||
int tun_send_ip(struct tun_method *this, struct encap_method *encap, int fd)
|
||||
{
|
||||
@ -115,7 +68,7 @@
|
||||
sent = write(fd, encap->buf, encap->buflen);
|
||||
if (sent != encap->buflen)
|
||||
syslog(LOG_ERR, "truncated in: %d -> %d\n", encap->buflen, sent);
|
||||
@@ -1120,6 +1144,7 @@ void config_read(FILE *cf)
|
||||
@@ -1120,6 +1132,7 @@ void config_read(FILE *cf)
|
||||
}
|
||||
} else if (strcmp(arg, "if") == 0) {
|
||||
int fd;
|
||||
@ -123,7 +76,7 @@
|
||||
struct sa_desc *local_sa, *remote_sa;
|
||||
struct peer_desc *peer;
|
||||
|
||||
@@ -1128,6 +1153,7 @@ void config_read(FILE *cf)
|
||||
@@ -1128,6 +1141,7 @@ void config_read(FILE *cf)
|
||||
perror(arg);
|
||||
continue;
|
||||
}
|
||||
@ -131,20 +84,7 @@
|
||||
|
||||
local_sa = NULL;
|
||||
remote_sa = NULL;
|
||||
@@ -1974,6 +2000,7 @@ int cast_setkey(unsigned char *b, unsign
|
||||
return 0;
|
||||
}
|
||||
|
||||
+#ifndef NO_IDEA
|
||||
void my_idea_cbc_encrypt(unsigned char *iv, crypt_key *ek,
|
||||
unsigned char *t, unsigned int len)
|
||||
{
|
||||
@@ -2002,11 +2029,12 @@ int my_idea_set_decrypt_key(unsigned cha
|
||||
idea_set_decrypt_key(&k->idea, &k->idea);
|
||||
return 0;
|
||||
}
|
||||
+#endif
|
||||
|
||||
@@ -2006,7 +2020,7 @@ int my_idea_set_decrypt_key(unsigned cha
|
||||
void my_des_cbc_encrypt(unsigned char *iv, crypt_key *ek,
|
||||
unsigned char *t, unsigned int len)
|
||||
{
|
||||
@ -153,7 +93,7 @@
|
||||
}
|
||||
|
||||
void my_des_cbc_decrypt(unsigned char *iv, crypt_key *dk,
|
||||
@@ -2018,7 +2046,7 @@ void my_des_cbc_decrypt(unsigned char *i
|
||||
@@ -2018,7 +2032,7 @@ void my_des_cbc_decrypt(unsigned char *i
|
||||
for (i = 0; i < len; i++) printf(" %02x", ct[i]);
|
||||
printf("\n");
|
||||
#endif
|
||||
@ -162,7 +102,7 @@
|
||||
#if 0
|
||||
printf("%d bytes after decrypt\n", len);
|
||||
for (i = 0; i < len; i++) printf(" %02x", ct[i]);
|
||||
@@ -2029,23 +2057,23 @@ void my_des_cbc_decrypt(unsigned char *i
|
||||
@@ -2029,23 +2043,23 @@ void my_des_cbc_decrypt(unsigned char *i
|
||||
int my_des_setkey(unsigned char *b, unsigned int len, crypt_key *k)
|
||||
{
|
||||
if (len == 8)
|
||||
@ -191,7 +131,7 @@
|
||||
iv, DES_DECRYPT);
|
||||
}
|
||||
|
||||
@@ -2054,11 +2082,11 @@ int my_des3_setkey(unsigned char *b, uns
|
||||
@@ -2054,11 +2068,11 @@ int my_des3_setkey(unsigned char *b, uns
|
||||
if (len != 24)
|
||||
return -1;
|
||||
|
||||
@ -206,7 +146,7 @@
|
||||
return -1;
|
||||
|
||||
return 0;
|
||||
@@ -2081,6 +2109,11 @@ int null_setkey(unsigned char *b, unsign
|
||||
@@ -2081,6 +2095,11 @@ int null_setkey(unsigned char *b, unsign
|
||||
return 0;
|
||||
}
|
||||
|
||||
@ -218,7 +158,7 @@
|
||||
int main(int argc, char **argv)
|
||||
{
|
||||
time_t t;
|
||||
@@ -2088,9 +2121,14 @@ int main(int argc, char **argv)
|
||||
@@ -2088,9 +2107,14 @@ int main(int argc, char **argv)
|
||||
int pack, i;
|
||||
struct sockaddr_in from;
|
||||
struct stat sb;
|
||||
@ -233,7 +173,7 @@
|
||||
openlog ("pipsecd", LOG_PID, LOG_DAEMON);
|
||||
syslog (LOG_NOTICE, "pipsecd starting");
|
||||
|
||||
@@ -2113,7 +2151,21 @@ int main(int argc, char **argv)
|
||||
@@ -2113,7 +2137,21 @@ int main(int argc, char **argv)
|
||||
if (encap_icmp_new(&encap_meth[ENCAP_ICMP], IPPROTO_ICMP) == -1)
|
||||
exit(1);
|
||||
|
||||
@ -256,7 +196,7 @@
|
||||
if (f == NULL) {
|
||||
perror("configuration file");
|
||||
exit(1);
|
||||
@@ -2123,8 +2175,8 @@ int main(int argc, char **argv)
|
||||
@@ -2123,8 +2161,8 @@ int main(int argc, char **argv)
|
||||
fclose(f);
|
||||
|
||||
/* Execute startup script, if any */
|
||||
|
@ -18,8 +18,5 @@ INSTALL_TARGET= install-strip
|
||||
CPPFLAGS+= -I${OPENSSLINC}
|
||||
CFLAGS+= -I${OPENSSLINC} -Wno-error
|
||||
LDFLAGS+= -L${OPENSSLLIB}
|
||||
.if !exists(${OPENSSLINC}/openssl/idea.h)
|
||||
CFLAGS+= -DOPENSSL_NO_IDEA
|
||||
.endif
|
||||
|
||||
.include <bsd.port.post.mk>
|
||||
|
@ -3,7 +3,7 @@
|
||||
|
||||
PORTNAME= pow
|
||||
PORTVERSION= 0.7
|
||||
PORTREVISION= 1
|
||||
PORTREVISION= 2
|
||||
CATEGORIES= security python
|
||||
MASTER_SITES= SF/${PORTNAME}/POW/POW-${PORTVERSION}
|
||||
PKGNAMEPREFIX= ${PYTHON_PKGNAMEPREFIX}
|
||||
@ -26,7 +26,7 @@ post-patch:
|
||||
@${REINPLACE_CMD} -e 's|licence|license|' ${WRKSRC}/setup.py
|
||||
|
||||
do-build:
|
||||
cd ${WRKSRC} && ${PYTHON_CMD} ${PYSETUP} build_ext -D NO_IDEA -D NO_RC5_32_12_16 ${PYDISTUTILS_BUILD_TARGET}
|
||||
cd ${WRKSRC} && ${PYTHON_CMD} ${PYSETUP} build_ext -D NO_RC5_32_12_16 ${PYDISTUTILS_BUILD_TARGET}
|
||||
|
||||
post-install:
|
||||
@${STRIP_CMD} ${STAGEDIR}${PYTHONPREFIX_SITELIBDIR}/POW/_POW.so
|
||||
|
Loading…
Reference in New Issue
Block a user