cpet/openbsd-ports
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

- backport a patch from upstream to avoid a conflict between OpenSSL and

Browse Source 
internal implementations of MD5. Fixes SSL problems with some clients.

From Brad
This commit is contained in:
sthen 2011-04-25 09:39:36 +00:00
parent 681b996612
commit 5262fc0208
5 changed files with 132 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
www/lighttpd/Makefile
View File

@ -1,11 +1,11 @@
# $OpenBSD: Makefile,v 1.83 2011/04/15 21:43:14 sthen Exp $
# $OpenBSD: Makefile,v 1.84 2011/04/25 09:39:36 sthen Exp $
SHARED_ONLY= Yes
COMMENT= secure, fast, compliant, and very flexible web-server
DISTNAME= lighttpd-1.4.28
REVISION= 3
REVISION= 4
CATEGORIES= www net
MASTER_SITES= http://download.lighttpd.net/lighttpd/releases-1.4.x/

84
www/lighttpd/patches/patch-src_md5_c Normal file
View File

@ -0,0 +1,84 @@
$OpenBSD: patch-src_md5_c,v 1.1 2011/04/25 09:39:36 sthen Exp $
http://redmine.lighttpd.net/issues/2269
--- src/md5.c.orig Sun Apr 24 22:03:40 2011
+++ src/md5.c Sun Apr 24 22:07:52 2011
@@ -52,7 +52,7 @@ documentation and/or software.
#define S43 15
#define S44 21
-static void MD5Transform (UINT4 [4], const unsigned char [64]);
+static void li_MD5Transform (UINT4 [4], const unsigned char [64]);
static void Encode (unsigned char *, UINT4 *, unsigned int);
static void Decode (UINT4 *, const unsigned char *, unsigned int);
@@ -110,8 +110,8 @@ Rotation is separate from addition to prevent recomput
/* MD5 initialization. Begins an MD5 operation, writing a new context.
*/
-void MD5_Init (context)
-MD5_CTX *context; /* context */
+void li_MD5_Init (context)
+li_MD5_CTX *context; /* context */
{
context->count[0] = context->count[1] = 0;
/* Load magic initialization constants.
@@ -126,8 +126,8 @@ MD5_CTX *context;
operation, processing another message block, and updating the
context.
*/
-void MD5_Update (context, _input, inputLen)
-MD5_CTX *context; /* context */
+void li_MD5_Update (context, _input, inputLen)
+li_MD5_CTX *context; /* context */
const void *_input; /* input block */
unsigned int inputLen; /* length of input block */
{
@@ -151,10 +151,10 @@ unsigned int inputLen; /* length o
if (inputLen >= partLen) {
MD5_memcpy
((POINTER)&context->buffer[ndx], (POINTER)input, partLen);
- MD5Transform (context->state, context->buffer);
+ li_MD5Transform (context->state, context->buffer);
for (i = partLen; i + 63 < inputLen; i += 64)
- MD5Transform (context->state, &input[i]);
+ li_MD5Transform (context->state, &input[i]);
ndx = 0;
}
@@ -170,9 +170,9 @@ unsigned int inputLen; /* length o
/* MD5 finalization. Ends an MD5 message-digest operation, writing the
the message digest and zeroizing the context.
*/
-void MD5_Final (digest, context)
+void li_MD5_Final (digest, context)
unsigned char digest[16]; /* message digest */
-MD5_CTX *context; /* context */
+li_MD5_CTX *context; /* context */
{
unsigned char bits[8];
unsigned int ndx, padLen;
@@ -184,10 +184,10 @@ MD5_CTX *context;
*/
ndx = (unsigned int)((context->count[0] >> 3) & 0x3f);
padLen = (ndx < 56) ? (56 - ndx) : (120 - ndx);
- MD5_Update (context, PADDING, padLen);
+ li_MD5_Update (context, PADDING, padLen);
/* Append length (before padding) */
- MD5_Update (context, bits, 8);
+ li_MD5_Update (context, bits, 8);
/* Store state in digest */
Encode (digest, context->state, 16);
@@ -199,7 +199,7 @@ MD5_CTX *context;
/* MD5 basic transformation. Transforms state based on block.
*/
-static void MD5Transform (state, block)
+static void li_MD5Transform (state, block)
UINT4 state[4];
const unsigned char block[64];
{

20
www/lighttpd/patches/patch-src_md5_h Normal file
View File

@ -0,0 +1,20 @@
$OpenBSD: patch-src_md5_h,v 1.1 2011/04/25 09:39:36 sthen Exp $
http://redmine.lighttpd.net/issues/2269
--- src/md5.h.orig Sun Apr 24 22:03:58 2011
+++ src/md5.h Sun Apr 24 22:05:09 2011
@@ -39,9 +39,8 @@ typedef struct {
UINT4 state[4]; /* state (ABCD) */
UINT4 count[2]; /* number of bits, modulo 2^64 (lsb first) */
unsigned char buffer[64]; /* input buffer */
-} MD5_CTX;
+} li_MD5_CTX;
-void MD5_Init (MD5_CTX *);
-void MD5_Update (MD5_CTX *, const void *, unsigned int);
-void MD5_Final (unsigned char [16], MD5_CTX *);
-
+void li_MD5_Init (li_MD5_CTX *);
+void li_MD5_Update (li_MD5_CTX *, const void *, unsigned int);
+void li_MD5_Final (unsigned char [16], li_MD5_CTX *);

25
www/lighttpd/patches/patch-src_network_c
View File

@ -1,20 +1,22 @@
$OpenBSD: patch-src_network_c,v 1.2 2011/03/20 13:42:53 sthen Exp $
$OpenBSD: patch-src_network_c,v 1.3 2011/04/25 09:39:36 sthen Exp $
http://redmine.lighttpd.net/issues/2269
--- src/network.c.orig Mon Mar 14 21:24:13 2011
+++ src/network.c Mon Mar 14 21:24:17 2011
@@ -479,6 +479,52 @@ int network_init(server *srv) {
--- src/network.c.orig Tue Aug 17 05:04:38 2010
+++ src/network.c Sun Apr 24 22:29:51 2011
@@ -479,6 +479,55 @@ int network_init(server *srv) {
size_t i;
network_backend_t backend;
+ DH *dh;
+ BIO *bio;
+#if OPENSSL_VERSION_NUMBER >= 0x0090800fL
+ EC_KEY *ecdh;
+ int nid;
+#endif
+
+#ifdef USE_OPENSSL
+ DH *dh;
+ BIO *bio;
+
+ /* 1024-bit MODP Group with 160-bit prime order subgroup (RFC5114)
+ * -----BEGIN DH PARAMETERS-----
+ * MIIBDAKBgQCxC4+WoIDgHd6S3l6uXVTsUsmfvPsGo8aaap3KUtI7YWBz4oZ1oj0Y
@ -26,7 +28,7 @@ http://redmine.lighttpd.net/issues/2269
+ * -----END DH PARAMETERS-----
+ */
+
+ static unsigned char dh1024_p[]={
+ static const unsigned char dh1024_p[]={
+ 0xB1,0x0B,0x8F,0x96,0xA0,0x80,0xE0,0x1D,0xDE,0x92,0xDE,0x5E,
+ 0xAE,0x5D,0x54,0xEC,0x52,0xC9,0x9F,0xBC,0xFB,0x06,0xA3,0xC6,
+ 0x9A,0x6A,0x9D,0xCA,0x52,0xD2,0x3B,0x61,0x60,0x73,0xE2,0x86,
@ -40,7 +42,7 @@ http://redmine.lighttpd.net/issues/2269
+ 0xDF,0x1F,0xB2,0xBC,0x2E,0x4A,0x43,0x71,
+ };
+
+ static unsigned char dh1024_g[]={
+ static const unsigned char dh1024_g[]={
+ 0xA4,0xD1,0xCB,0xD5,0xC3,0xFD,0x34,0x12,0x67,0x65,0xA4,0x42,
+ 0xEF,0xB9,0x99,0x05,0xF8,0x10,0x4D,0xD2,0x58,0xAC,0x50,0x7F,
+ 0xD6,0x40,0x6C,0xFF,0x14,0x26,0x6D,0x31,0x26,0x6F,0xEA,0x1E,
@ -53,11 +55,12 @@ http://redmine.lighttpd.net/issues/2269
+ 0x18,0xD0,0x8B,0xC8,0x85,0x8F,0x4D,0xCE,0xF9,0x7C,0x2A,0x24,
+ 0x85,0x5E,0x6E,0xEB,0x22,0xB3,0xB2,0xE5,
+ };
+#endif
+
struct nb_map {
network_backend_t nb;
const char *name;
@@ -521,6 +567,7 @@ int network_init(server *srv) {
@@ -521,6 +570,7 @@ int network_init(server *srv) {
if (srv->ssl_is_init == 0) {
SSL_load_error_strings();
SSL_library_init();
@ -65,7 +68,7 @@ http://redmine.lighttpd.net/issues/2269
srv->ssl_is_init = 1;
if (0 == RAND_status()) {
@@ -545,6 +592,15 @@ int network_init(server *srv) {
@@ -545,6 +595,15 @@ int network_init(server *srv) {
}
}
@ -81,7 +84,7 @@ http://redmine.lighttpd.net/issues/2269
if (!buffer_is_empty(s->ssl_cipher_list)) {
/* Disable support for low encryption ciphers */
if (SSL_CTX_set_cipher_list(s->ssl_ctx, s->ssl_cipher_list->ptr) != 1) {
@@ -553,6 +609,65 @@ int network_init(server *srv) {
@@ -553,6 +612,65 @@ int network_init(server *srv) {
return -1;
}
}

15
www/lighttpd/patches/patch-src_server_c
View File

@ -1,6 +1,6 @@
$OpenBSD: patch-src_server_c,v 1.8 2010/08/18 11:16:55 sthen Exp $
--- src/server.c.orig Sat Aug 7 07:00:16 2010
+++ src/server.c Sun Aug 8 22:18:55 2010
$OpenBSD: patch-src_server_c,v 1.9 2011/04/25 09:39:36 sthen Exp $
--- src/server.c.orig Tue Aug 17 05:04:38 2010
+++ src/server.c Sun Apr 24 22:28:50 2011
@@ -211,7 +211,7 @@ static server *server_init(void) {
srv->mtime_cache[i].str = buffer_init();
}
@ -10,3 +10,12 @@ $OpenBSD: patch-src_server_c,v 1.8 2010/08/18 11:16:55 sthen Exp $
&& 1 == fread(srv->entropy, sizeof(srv->entropy), 1, frandom)) {
unsigned int e;
memcpy(&e, srv->entropy, sizeof(e) < sizeof(srv->entropy) ? sizeof(e) : sizeof(srv->entropy));
@@ -306,6 +306,8 @@ static void server_free(server *srv) {
buffer_free(s->ssl_pemfile);
buffer_free(s->ssl_ca_file);
buffer_free(s->ssl_cipher_list);
+ buffer_free(s->ssl_dh_file);
+ buffer_free(s->ssl_ec_curve);
buffer_free(s->error_handler);
buffer_free(s->errorfile_prefix);
array_free(s->mimetypes);