1 |
commit: 875f94f85a365c3fd22f07fe22634afb49e9febd |
2 |
Author: Craig Andrews <candrews <AT> gentoo <DOT> org> |
3 |
AuthorDate: Mon Dec 3 20:12:50 2018 +0000 |
4 |
Commit: Craig Andrews <candrews <AT> gentoo <DOT> org> |
5 |
CommitDate: Tue Dec 18 03:08:52 2018 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=875f94f8 |
7 |
|
8 |
net-libs/wvstreams: OpenSSL 1.1 compatibility |
9 |
|
10 |
Also removed unused versionator inherit |
11 |
|
12 |
Closes: https://bugs.gentoo.org/614810 |
13 |
Package-Manager: Portage-2.3.52, Repoman-2.3.12 |
14 |
Signed-off-by: Craig Andrews <candrews <AT> gentoo.org> |
15 |
|
16 |
.../files/wvstreams-4.6.1-openssl-1.1.patch | 555 +++++++++++++++++++++ |
17 |
net-libs/wvstreams/wvstreams-4.6.1-r6.ebuild | 96 ++++ |
18 |
net-libs/wvstreams/wvstreams-99999.ebuild | 2 +- |
19 |
3 files changed, 652 insertions(+), 1 deletion(-) |
20 |
|
21 |
diff --git a/net-libs/wvstreams/files/wvstreams-4.6.1-openssl-1.1.patch b/net-libs/wvstreams/files/wvstreams-4.6.1-openssl-1.1.patch |
22 |
new file mode 100644 |
23 |
index 00000000000..88d854e2755 |
24 |
--- /dev/null |
25 |
+++ b/net-libs/wvstreams/files/wvstreams-4.6.1-openssl-1.1.patch |
26 |
@@ -0,0 +1,555 @@ |
27 |
+From 5506a74e1b033776ad441b4554716cdcfa88fe03 Mon Sep 17 00:00:00 2001 |
28 |
+From: Reiner Herrmann <reiner@××××××××.de> |
29 |
+Date: Sat, 28 Jul 2018 23:26:17 +0200 |
30 |
+Subject: [PATCH] Port to OpenSSL 1.1 |
31 |
+ |
32 |
+--- |
33 |
+ crypto/wvcrl.cc | 38 +++++++++++++------------------------- |
34 |
+ crypto/wvdiffiehellman.cc | 30 +++++++++++++++++++----------- |
35 |
+ crypto/wvdigest.cc | 16 ++++++++-------- |
36 |
+ crypto/wvocsp.cc | 35 +++++++++-------------------------- |
37 |
+ crypto/wvx509.cc | 31 ++++++++++++++++--------------- |
38 |
+ crypto/wvx509mgr.cc | 27 ++++++++++++++++----------- |
39 |
+ include/wvdiffiehellman.h | 2 +- |
40 |
+ include/wvdigest.h | 14 ++++++-------- |
41 |
+ include/wvtripledes.h | 10 +++++----- |
42 |
+ 9 files changed, 93 insertions(+), 110 deletions(-) |
43 |
+ |
44 |
+diff --git a/crypto/wvcrl.cc b/crypto/wvcrl.cc |
45 |
+index fa00c760..880ad85d 100644 |
46 |
+--- a/crypto/wvcrl.cc |
47 |
++++ b/crypto/wvcrl.cc |
48 |
+@@ -357,31 +357,19 @@ bool WvCRL::isrevoked(WvStringParm serial_number) const |
49 |
+ ASN1_INTEGER *serial = serial_to_int(serial_number); |
50 |
+ if (serial) |
51 |
+ { |
52 |
+- X509_REVOKED mayberevoked; |
53 |
+- mayberevoked.serialNumber = serial; |
54 |
+- if (crl->crl->revoked) |
55 |
+- { |
56 |
+- int idx = sk_X509_REVOKED_find(crl->crl->revoked, |
57 |
+- &mayberevoked); |
58 |
+- ASN1_INTEGER_free(serial); |
59 |
+- if (idx >= 0) |
60 |
+- { |
61 |
+- debug("Certificate is revoked.\n"); |
62 |
+- return true; |
63 |
+- } |
64 |
+- else |
65 |
+- { |
66 |
+- debug("Certificate is not revoked.\n"); |
67 |
+- return false; |
68 |
+- } |
69 |
+- } |
70 |
+- else |
71 |
+- { |
72 |
+- ASN1_INTEGER_free(serial); |
73 |
+- debug("CRL does not have revoked list.\n"); |
74 |
+- return false; |
75 |
+- } |
76 |
+- |
77 |
++ X509_REVOKED *revoked_entry = NULL; |
78 |
++ int idx = X509_CRL_get0_by_serial(crl, &revoked_entry, serial); |
79 |
++ ASN1_INTEGER_free(serial); |
80 |
++ if (idx >= 1 || revoked_entry) |
81 |
++ { |
82 |
++ debug("Certificate is revoked.\n"); |
83 |
++ return true; |
84 |
++ } |
85 |
++ else |
86 |
++ { |
87 |
++ debug("Certificate is not revoked.\n"); |
88 |
++ return false; |
89 |
++ } |
90 |
+ } |
91 |
+ else |
92 |
+ debug(WvLog::Warning, "Can't convert serial number to ASN1 format. " |
93 |
+diff --git a/crypto/wvdiffiehellman.cc b/crypto/wvdiffiehellman.cc |
94 |
+index 7c0bf329..15cd1040 100644 |
95 |
+--- a/crypto/wvdiffiehellman.cc |
96 |
++++ b/crypto/wvdiffiehellman.cc |
97 |
+@@ -39,24 +39,25 @@ WvDiffieHellman::WvDiffieHellman(const unsigned char *_key, int _keylen, |
98 |
+ { |
99 |
+ int problems; |
100 |
+ int check; |
101 |
+- { |
102 |
++ |
103 |
+ info = DH_new(); |
104 |
+- info->p = BN_bin2bn(_key, _keylen, NULL); |
105 |
++ BIGNUM *p = BN_bin2bn(_key, _keylen, NULL); |
106 |
+ // info->p->top = 0; |
107 |
+ // info->p->dmax = _keylen * 8 / BN_BITS2; |
108 |
+ // info->p->neg = 0; |
109 |
+ // info->p->flags = 0; |
110 |
+ |
111 |
+- info->g = BN_new(); |
112 |
+- BN_set_word(info->g, generator); |
113 |
++ BIGNUM *g = BN_new(); |
114 |
++ BN_set_word(g, generator); |
115 |
+ // info->g->d = &generator; |
116 |
+ // info->g->top = 0; |
117 |
+ // info->g->dmax = 1; |
118 |
+ // info->g->neg = 0; |
119 |
+ // info->g->flags = 0; |
120 |
+- } |
121 |
+ |
122 |
+- check = BN_mod_word(info->p, 24); |
123 |
++ DH_set0_pqg(info, p, NULL, g); |
124 |
++ |
125 |
++ check = BN_mod_word(p, 24); |
126 |
+ DH_check(info, &problems); |
127 |
+ if (problems & DH_CHECK_P_NOT_PRIME) |
128 |
+ log(WvLog::Error, "Using a composite number for authentication.\n"); |
129 |
+@@ -64,7 +65,7 @@ WvDiffieHellman::WvDiffieHellman(const unsigned char *_key, int _keylen, |
130 |
+ log(WvLog::Error,"Using an unsafe prime number for authentication.\n"); |
131 |
+ if (problems & DH_NOT_SUITABLE_GENERATOR) |
132 |
+ log(WvLog::Error, "Can you just use 2 instead of %s (%s)!!\n", |
133 |
+- BN_bn2hex(info->g), check); |
134 |
++ BN_bn2hex(g), check); |
135 |
+ if (problems & DH_UNABLE_TO_CHECK_GENERATOR) |
136 |
+ log(WvLog::Notice, "Using a strange argument for diffie-hellman.\n"); |
137 |
+ DH_generate_key(info); |
138 |
+@@ -72,18 +73,23 @@ WvDiffieHellman::WvDiffieHellman(const unsigned char *_key, int _keylen, |
139 |
+ |
140 |
+ int WvDiffieHellman::pub_key_len() |
141 |
+ { |
142 |
+- return BN_num_bytes(info->pub_key); |
143 |
++ const BIGNUM *pub_key = NULL; |
144 |
++ DH_get0_key(info, &pub_key, NULL); |
145 |
++ return BN_num_bytes(pub_key); |
146 |
+ } |
147 |
+ |
148 |
+ int WvDiffieHellman::get_public_value(WvBuf &outbuf, int len) |
149 |
+ { |
150 |
+- int key_len = BN_num_bytes(info->pub_key); |
151 |
++ const BIGNUM *pub_key = NULL; |
152 |
++ DH_get0_key(info, &pub_key, NULL); |
153 |
++ |
154 |
++ int key_len = BN_num_bytes(pub_key); |
155 |
+ if (key_len < len) |
156 |
+ len = key_len; |
157 |
+ |
158 |
+ // alloca is stack allocated, don't free it. |
159 |
+ unsigned char *foo = (unsigned char*)alloca(key_len); |
160 |
+- BN_bn2bin(info->pub_key, foo); |
161 |
++ BN_bn2bin(pub_key, foo); |
162 |
+ outbuf.put(foo, len); |
163 |
+ |
164 |
+ return len; |
165 |
+@@ -91,8 +97,10 @@ int WvDiffieHellman::get_public_value(WvBuf &outbuf, int len) |
166 |
+ |
167 |
+ bool WvDiffieHellman::create_secret(WvBuf &inbuf, size_t in_len, WvBuf& outbuf) |
168 |
+ { |
169 |
++ const BIGNUM *pub_key = NULL; |
170 |
++ DH_get0_key(info, &pub_key, NULL); |
171 |
+ unsigned char *foo = (unsigned char *)alloca(DH_size(info)); |
172 |
+- log("My public value\n%s\nYour public value\n%s\n",BN_bn2hex(info->pub_key), |
173 |
++ log("My public value\n%s\nYour public value\n%s\n",BN_bn2hex(pub_key), |
174 |
+ hexdump_buffer(inbuf.peek(0, in_len), in_len, false)); |
175 |
+ int len = DH_compute_key (foo, BN_bin2bn(inbuf.get(in_len), in_len, NULL), |
176 |
+ info); |
177 |
+diff --git a/crypto/wvdigest.cc b/crypto/wvdigest.cc |
178 |
+index 150edeea..73ebb5d4 100644 |
179 |
+--- a/crypto/wvdigest.cc |
180 |
++++ b/crypto/wvdigest.cc |
181 |
+@@ -13,10 +13,10 @@ |
182 |
+ |
183 |
+ /***** WvEVPMDDigest *****/ |
184 |
+ |
185 |
+-WvEVPMDDigest::WvEVPMDDigest(const env_md_st *_evpmd) : |
186 |
++WvEVPMDDigest::WvEVPMDDigest(const EVP_MD*_evpmd) : |
187 |
+ evpmd(_evpmd), active(false) |
188 |
+ { |
189 |
+- evpctx = new EVP_MD_CTX; |
190 |
++ evpctx = EVP_MD_CTX_new(); |
191 |
+ _reset(); |
192 |
+ } |
193 |
+ |
194 |
+@@ -24,7 +24,7 @@ WvEVPMDDigest::WvEVPMDDigest(const env_md_st *_evpmd) : |
195 |
+ WvEVPMDDigest::~WvEVPMDDigest() |
196 |
+ { |
197 |
+ cleanup(); |
198 |
+- delete evpctx; |
199 |
++ EVP_MD_CTX_free(evpctx); |
200 |
+ } |
201 |
+ |
202 |
+ |
203 |
+@@ -60,7 +60,7 @@ bool WvEVPMDDigest::_reset() |
204 |
+ // the typecast is necessary for API compatibility with different |
205 |
+ // versions of openssl. None of them *actually* change the contents of |
206 |
+ // the pointer. |
207 |
+- EVP_DigestInit(evpctx, (env_md_st *)evpmd); |
208 |
++ EVP_DigestInit(evpctx, evpmd); |
209 |
+ active = true; |
210 |
+ return true; |
211 |
+ } |
212 |
+@@ -79,7 +79,7 @@ void WvEVPMDDigest::cleanup() |
213 |
+ |
214 |
+ size_t WvEVPMDDigest::digestsize() const |
215 |
+ { |
216 |
+- return EVP_MD_size((env_md_st *)evpmd); |
217 |
++ return EVP_MD_size(evpmd); |
218 |
+ } |
219 |
+ |
220 |
+ |
221 |
+@@ -104,14 +104,14 @@ WvHMACDigest::WvHMACDigest(WvEVPMDDigest *_digest, |
222 |
+ { |
223 |
+ key = new unsigned char[keysize]; |
224 |
+ memcpy(key, _key, keysize); |
225 |
+- hmacctx = new HMAC_CTX; |
226 |
++ hmacctx = HMAC_CTX_new(); |
227 |
+ _reset(); |
228 |
+ } |
229 |
+ |
230 |
+ WvHMACDigest::~WvHMACDigest() |
231 |
+ { |
232 |
+ cleanup(); |
233 |
+- delete hmacctx; |
234 |
++ HMAC_CTX_free(hmacctx); |
235 |
+ deletev key; |
236 |
+ delete digest; |
237 |
+ } |
238 |
+@@ -145,7 +145,7 @@ bool WvHMACDigest::_finish(WvBuf &outbuf) |
239 |
+ bool WvHMACDigest::_reset() |
240 |
+ { |
241 |
+ cleanup(); |
242 |
+- HMAC_Init(hmacctx, key, keysize, (env_md_st *)digest->getevpmd()); |
243 |
++ HMAC_Init(hmacctx, key, keysize, digest->getevpmd()); |
244 |
+ active = true; |
245 |
+ return true; |
246 |
+ } |
247 |
+diff --git a/crypto/wvocsp.cc b/crypto/wvocsp.cc |
248 |
+index ddb2de49..7d5da072 100644 |
249 |
+--- a/crypto/wvocsp.cc |
250 |
++++ b/crypto/wvocsp.cc |
251 |
+@@ -118,9 +118,10 @@ bool WvOCSPResp::check_nonce(const WvOCSPReq &req) const |
252 |
+ |
253 |
+ bool WvOCSPResp::signedbycert(const WvX509 &cert) const |
254 |
+ { |
255 |
+- EVP_PKEY *skey = X509_get_pubkey(cert.cert); |
256 |
+- int i = OCSP_BASICRESP_verify(bs, skey, 0); |
257 |
+- EVP_PKEY_free(skey); |
258 |
++ STACK_OF(X509) *sk = sk_X509_new_null(); |
259 |
++ sk_X509_push(sk, cert.cert); |
260 |
++ int i = OCSP_basic_verify(bs, sk, NULL, OCSP_NOVERIFY); |
261 |
++ sk_X509_free(sk); |
262 |
+ |
263 |
+ if(i > 0) |
264 |
+ return true; |
265 |
+@@ -131,33 +132,15 @@ bool WvOCSPResp::signedbycert(const WvX509 &cert) const |
266 |
+ |
267 |
+ WvX509 WvOCSPResp::get_signing_cert() const |
268 |
+ { |
269 |
+- if (!bs || !sk_X509_num(bs->certs)) |
270 |
++ const STACK_OF(X509) *certs = OCSP_resp_get0_certs(bs); |
271 |
++ if (!bs || !sk_X509_num(certs)) |
272 |
+ return WvX509(); |
273 |
+ |
274 |
+- // note: the following bit of code is taken almost verbatim from |
275 |
+- // ocsp_vfy.c in OpenSSL 0.9.8. Copyright and attribution should |
276 |
+- // properly belong to them |
277 |
+- |
278 |
+- OCSP_RESPID *id = bs->tbsResponseData->responderId; |
279 |
+- |
280 |
+- if (id->type == V_OCSP_RESPID_NAME) |
281 |
+- { |
282 |
+- X509 *x = X509_find_by_subject(bs->certs, id->value.byName); |
283 |
+- if (x) |
284 |
+- return WvX509(X509_dup(x)); |
285 |
++ X509 *signer = NULL; |
286 |
++ if (OCSP_resp_get0_signer(bs, &signer, NULL) == 1) { |
287 |
++ return WvX509(X509_dup(signer)); |
288 |
+ } |
289 |
+ |
290 |
+- if (id->value.byKey->length != SHA_DIGEST_LENGTH) return NULL; |
291 |
+- unsigned char tmphash[SHA_DIGEST_LENGTH]; |
292 |
+- unsigned char *keyhash = id->value.byKey->data; |
293 |
+- for (int i = 0; i < sk_X509_num(bs->certs); i++) |
294 |
+- { |
295 |
+- X509 *x = sk_X509_value(bs->certs, i); |
296 |
+- X509_pubkey_digest(x, EVP_sha1(), tmphash, NULL); |
297 |
+- if(!memcmp(keyhash, tmphash, SHA_DIGEST_LENGTH)) |
298 |
+- return WvX509(X509_dup(x)); |
299 |
+- } |
300 |
+- |
301 |
+ return WvX509(); |
302 |
+ } |
303 |
+ |
304 |
+diff --git a/crypto/wvx509.cc b/crypto/wvx509.cc |
305 |
+index 93dae06f..eed6c18e 100644 |
306 |
+--- a/crypto/wvx509.cc |
307 |
++++ b/crypto/wvx509.cc |
308 |
+@@ -974,7 +974,7 @@ static void add_aia(WvStringParm type, WvString identifier, |
309 |
+ sk_ACCESS_DESCRIPTION_push(ainfo, acc); |
310 |
+ acc->method = OBJ_txt2obj(type.cstr(), 0); |
311 |
+ acc->location->type = GEN_URI; |
312 |
+- acc->location->d.ia5 = M_ASN1_IA5STRING_new(); |
313 |
++ acc->location->d.ia5 = ASN1_IA5STRING_new(); |
314 |
+ unsigned char *cident |
315 |
+ = reinterpret_cast<unsigned char *>(identifier.edit()); |
316 |
+ ASN1_STRING_set(acc->location->d.ia5, cident, identifier.len()); |
317 |
+@@ -1059,7 +1059,7 @@ void WvX509::set_crl_urls(WvStringList &urls) |
318 |
+ GENERAL_NAMES *uris = GENERAL_NAMES_new(); |
319 |
+ GENERAL_NAME *uri = GENERAL_NAME_new(); |
320 |
+ uri->type = GEN_URI; |
321 |
+- uri->d.ia5 = M_ASN1_IA5STRING_new(); |
322 |
++ uri->d.ia5 = ASN1_IA5STRING_new(); |
323 |
+ unsigned char *cident |
324 |
+ = reinterpret_cast<unsigned char *>(i().edit()); |
325 |
+ ASN1_STRING_set(uri->d.ia5, cident, i().len()); |
326 |
+@@ -1158,10 +1158,15 @@ WvString WvX509::get_extension(int nid) const |
327 |
+ if (ext) |
328 |
+ { |
329 |
++#if OPENSSL_VERSION_NUMBER >= 0x10000000L |
330 |
++ const X509V3_EXT_METHOD *method = X509V3_EXT_get(ext); |
331 |
++#else |
332 |
+ X509V3_EXT_METHOD *method = X509V3_EXT_get(ext); |
333 |
++#endif |
334 |
++ ASN1_OCTET_STRING *ext_data_str = X509_EXTENSION_get_data(ext); |
335 |
+ if (!method) |
336 |
+ { |
337 |
+ WvDynBuf buf; |
338 |
+- buf.put(ext->value->data, ext->value->length); |
339 |
++ buf.put(ext_data_str->data, ext_data_str->length); |
340 |
+ retval = buf.getstr(); |
341 |
+ } |
342 |
+ else |
343 |
+@@ -1172,21 +1173,21 @@ WvString WvX509::get_extension(int nid) const |
344 |
+ // even though it's const (at least as of version 0.9.8e). |
345 |
+ // gah. |
346 |
+ #if OPENSSL_VERSION_NUMBER >= 0x0090800fL |
347 |
+- const unsigned char * ext_value_data = ext->value->data; |
348 |
++ const unsigned char * ext_value_data = ext_data_str->data; |
349 |
+ #else |
350 |
+ unsigned char *ext_value_data = ext->value->data; |
351 |
+ #endif |
352 |
+ if (method->it) |
353 |
+ { |
354 |
+ ext_data = ASN1_item_d2i(NULL, &ext_value_data, |
355 |
+- ext->value->length, |
356 |
++ ext_data_str->length, |
357 |
+ ASN1_ITEM_ptr(method->it)); |
358 |
+ TRACE("Applied generic conversion!\n"); |
359 |
+ } |
360 |
+ else |
361 |
+ { |
362 |
+ ext_data = method->d2i(NULL, &ext_value_data, |
363 |
+- ext->value->length); |
364 |
++ ext_data_str->length); |
365 |
+ TRACE("Applied method specific conversion!\n"); |
366 |
+ } |
367 |
+ |
368 |
+@@ -1321,13 +1322,13 @@ bool WvX509::verify(WvBuf &original, WvStringParm signature) const |
369 |
+ return false; |
370 |
+ |
371 |
+ /* Verify the signature */ |
372 |
+- EVP_MD_CTX sig_ctx; |
373 |
+- EVP_VerifyInit(&sig_ctx, EVP_sha1()); |
374 |
+- EVP_VerifyUpdate(&sig_ctx, original.peek(0, original.used()), |
375 |
++ EVP_MD_CTX *sig_ctx = EVP_MD_CTX_new(); |
376 |
++ EVP_VerifyInit(sig_ctx, EVP_sha1()); |
377 |
++ EVP_VerifyUpdate(sig_ctx, original.peek(0, original.used()), |
378 |
+ original.used()); |
379 |
+- int sig_err = EVP_VerifyFinal(&sig_ctx, sig_buf, sig_size, pk); |
380 |
++ int sig_err = EVP_VerifyFinal(sig_ctx, sig_buf, sig_size, pk); |
381 |
+ EVP_PKEY_free(pk); |
382 |
+- EVP_MD_CTX_cleanup(&sig_ctx); // Again, not my fault... |
383 |
++ EVP_MD_CTX_free(sig_ctx); // Again, not my fault... |
384 |
+ if (sig_err != 1) |
385 |
+ { |
386 |
+ debug("Verify failed!\n"); |
387 |
+@@ -1446,19 +1447,19 @@ void WvX509::set_ski() |
388 |
+ { |
389 |
+ CHECK_CERT_EXISTS_SET("ski"); |
390 |
+ |
391 |
+- ASN1_OCTET_STRING *oct = M_ASN1_OCTET_STRING_new(); |
392 |
+- ASN1_BIT_STRING *pk = cert->cert_info->key->public_key; |
393 |
++ ASN1_OCTET_STRING *oct = ASN1_OCTET_STRING_new(); |
394 |
++ ASN1_BIT_STRING *pk = X509_get0_pubkey_bitstr(cert); |
395 |
+ unsigned char pkey_dig[EVP_MAX_MD_SIZE]; |
396 |
+ unsigned int diglen; |
397 |
+ |
398 |
+ EVP_Digest(pk->data, pk->length, pkey_dig, &diglen, EVP_sha1(), NULL); |
399 |
+ |
400 |
+- M_ASN1_OCTET_STRING_set(oct, pkey_dig, diglen); |
401 |
++ ASN1_OCTET_STRING_set(oct, pkey_dig, diglen); |
402 |
+ X509_EXTENSION *ext = X509V3_EXT_i2d(NID_subject_key_identifier, 0, |
403 |
+ oct); |
404 |
+ X509_add_ext(cert, ext, -1); |
405 |
+ X509_EXTENSION_free(ext); |
406 |
+- M_ASN1_OCTET_STRING_free(oct); |
407 |
++ ASN1_OCTET_STRING_free(oct); |
408 |
+ } |
409 |
+ |
410 |
+ |
411 |
+diff --git a/crypto/wvx509mgr.cc b/crypto/wvx509mgr.cc |
412 |
+index f249eeca..156d3a49 100644 |
413 |
+--- a/crypto/wvx509mgr.cc |
414 |
++++ b/crypto/wvx509mgr.cc |
415 |
+@@ -350,6 +350,8 @@ bool WvX509Mgr::signcert(WvX509 &unsignedcert) const |
416 |
+ return false; |
417 |
+ } |
418 |
+ |
419 |
++ uint32_t ex_flags = X509_get_extension_flags(cert); |
420 |
++ uint32_t ex_kusage = X509_get_key_usage(cert); |
421 |
+ if (cert == unsignedcert.cert) |
422 |
+ { |
423 |
+ debug("Self Signing!\n"); |
424 |
+@@ -362,8 +364,8 @@ bool WvX509Mgr::signcert(WvX509 &unsignedcert) const |
425 |
+ return false; |
426 |
+ } |
427 |
+ #endif |
428 |
+- else if (!((cert->ex_flags & EXFLAG_KUSAGE) && |
429 |
+- (cert->ex_kusage & KU_KEY_CERT_SIGN))) |
430 |
++ else if (!((ex_flags & EXFLAG_KUSAGE) && |
431 |
++ (ex_kusage & KU_KEY_CERT_SIGN))) |
432 |
+ { |
433 |
+ debug("This Certificate is not allowed to sign certificates!\n"); |
434 |
+ return false; |
435 |
+@@ -390,6 +392,8 @@ bool WvX509Mgr::signcert(WvX509 &unsignedcert) const |
436 |
+ |
437 |
+ bool WvX509Mgr::signcrl(WvCRL &crl) const |
438 |
+ { |
439 |
++ uint32_t ex_flags = X509_get_extension_flags(cert); |
440 |
++ uint32_t ex_kusage = X509_get_key_usage(cert); |
441 |
+ if (!isok() || !crl.isok()) |
442 |
+ { |
443 |
+ debug(WvLog::Warning, "Asked to sign CRL, but certificate or CRL (or " |
444 |
+@@ -403,12 +407,12 @@ bool WvX509Mgr::signcrl(WvCRL &crl) const |
445 |
+ "CRLs!\n"); |
446 |
+ return false; |
447 |
+ } |
448 |
+- else if (!((cert->ex_flags & EXFLAG_KUSAGE) && |
449 |
+- (cert->ex_kusage & KU_CRL_SIGN))) |
450 |
++ else if (!((ex_flags & EXFLAG_KUSAGE) && |
451 |
++ (ex_kusage & KU_CRL_SIGN))) |
452 |
+ { |
453 |
+ debug("Certificate not allowed to sign CRLs! (%s %s)\n", |
454 |
+- (cert->ex_flags & EXFLAG_KUSAGE), |
455 |
+- (cert->ex_kusage & KU_CRL_SIGN)); |
456 |
++ (ex_flags & EXFLAG_KUSAGE), |
457 |
++ (ex_kusage & KU_CRL_SIGN)); |
458 |
+ return false; |
459 |
+ } |
460 |
+ #endif |
461 |
+@@ -454,7 +458,6 @@ WvString WvX509Mgr::sign(WvBuf &data) const |
462 |
+ { |
463 |
+ assert(rsa); |
464 |
+ |
465 |
+- EVP_MD_CTX sig_ctx; |
466 |
+ unsigned char sig_buf[4096]; |
467 |
+ |
468 |
+ EVP_PKEY *pk = EVP_PKEY_new(); |
469 |
+@@ -467,20 +470,22 @@ WvString WvX509Mgr::sign(WvBuf &data) const |
470 |
+ return WvString::null; |
471 |
+ } |
472 |
+ |
473 |
+- EVP_SignInit(&sig_ctx, EVP_sha1()); |
474 |
+- EVP_SignUpdate(&sig_ctx, data.peek(0, data.used()), data.used()); |
475 |
++ EVP_MD_CTX *sig_ctx = EVP_MD_CTX_new(); |
476 |
++ EVP_SignInit(sig_ctx, EVP_sha1()); |
477 |
++ EVP_SignUpdate(sig_ctx, data.peek(0, data.used()), data.used()); |
478 |
+ unsigned int sig_len = sizeof(sig_buf); |
479 |
+- int sig_err = EVP_SignFinal(&sig_ctx, sig_buf, |
480 |
++ int sig_err = EVP_SignFinal(sig_ctx, sig_buf, |
481 |
+ &sig_len, pk); |
482 |
+ if (sig_err != 1) |
483 |
+ { |
484 |
+ debug("Error while signing.\n"); |
485 |
+ EVP_PKEY_free(pk); |
486 |
++ EVP_MD_CTX_free(sig_ctx); |
487 |
+ return WvString::null; |
488 |
+ } |
489 |
+ |
490 |
+ EVP_PKEY_free(pk); |
491 |
+- EVP_MD_CTX_cleanup(&sig_ctx); // this isn't my fault :// |
492 |
++ EVP_MD_CTX_free(sig_ctx); // this isn't my fault :// |
493 |
+ WvDynBuf buf; |
494 |
+ buf.put(sig_buf, sig_len); |
495 |
+ debug("Signature size: %s\n", buf.used()); |
496 |
+diff --git a/include/wvdiffiehellman.h b/include/wvdiffiehellman.h |
497 |
+index af75ffa9..a2d001f8 100644 |
498 |
+--- a/include/wvdiffiehellman.h |
499 |
++++ b/include/wvdiffiehellman.h |
500 |
+@@ -27,7 +27,7 @@ class WvDiffieHellman |
501 |
+ bool create_secret(WvBuf &inbuf, size_t in_len, WvBuf& outbuf); |
502 |
+ |
503 |
+ protected: |
504 |
+- struct dh_st *info; |
505 |
++ DH *info; |
506 |
+ BN_ULONG generator; |
507 |
+ |
508 |
+ private: |
509 |
+diff --git a/include/wvdigest.h b/include/wvdigest.h |
510 |
+index fdc39bd6..f2eed401 100644 |
511 |
+--- a/include/wvdigest.h |
512 |
++++ b/include/wvdigest.h |
513 |
+@@ -9,10 +9,8 @@ |
514 |
+ |
515 |
+ #include "wvencoder.h" |
516 |
+ #include <stdint.h> |
517 |
++#include <openssl/evp.h> |
518 |
+ |
519 |
+-struct env_md_st; |
520 |
+-struct env_md_ctx_st; |
521 |
+-struct hmac_ctx_st; |
522 |
+ |
523 |
+ /** |
524 |
+ * Superclass for all message digests. |
525 |
+@@ -45,8 +43,8 @@ class WvDigest : public WvEncoder |
526 |
+ class WvEVPMDDigest : public WvDigest |
527 |
+ { |
528 |
+ friend class WvHMACDigest; |
529 |
+- const env_md_st *evpmd; |
530 |
+- env_md_ctx_st *evpctx; |
531 |
++ const EVP_MD *evpmd; |
532 |
++ EVP_MD_CTX *evpctx; |
533 |
+ bool active; |
534 |
+ |
535 |
+ public: |
536 |
+@@ -54,13 +52,13 @@ class WvEVPMDDigest : public WvDigest |
537 |
+ virtual size_t digestsize() const; |
538 |
+ |
539 |
+ protected: |
540 |
+- WvEVPMDDigest(const env_md_st *_evpmd); |
541 |
++ WvEVPMDDigest(const EVP_MD *_evpmd); |
542 |
+ virtual bool _encode(WvBuf &inbuf, WvBuf &outbuf, |
543 |
+ bool flush); // consumes input |
544 |
+ virtual bool _finish(WvBuf &outbuf); // outputs digest |
545 |
+ virtual bool _reset(); // supported: resets digest value |
546 |
+ |
547 |
+- const env_md_st *getevpmd() |
548 |
++ const EVP_MD *getevpmd() |
549 |
+ { return evpmd; } |
550 |
+ |
551 |
+ private: |
552 |
+@@ -104,7 +102,7 @@ class WvHMACDigest : public WvDigest |
553 |
+ WvEVPMDDigest *digest; |
554 |
+ unsigned char *key; |
555 |
+ size_t keysize; |
556 |
+- hmac_ctx_st *hmacctx; |
557 |
++ HMAC_CTX *hmacctx; |
558 |
+ bool active; |
559 |
+ |
560 |
+ public: |
561 |
+diff --git a/include/wvtripledes.h b/include/wvtripledes.h |
562 |
+index 185fe8a9..a442e7a0 100644 |
563 |
+--- a/include/wvtripledes.h |
564 |
++++ b/include/wvtripledes.h |
565 |
+@@ -70,11 +70,11 @@ class WvTripleDESEncoder : public WvCryptoEncoder |
566 |
+ |
567 |
+ private: |
568 |
+ Mode mode; |
569 |
+- des_cblock key; |
570 |
+- des_key_schedule deskey1; |
571 |
+- des_key_schedule deskey2; |
572 |
+- des_key_schedule deskey3; |
573 |
+- des_cblock ivec; // initialization vector |
574 |
++ DES_cblock key; |
575 |
++ DES_key_schedule deskey1; |
576 |
++ DES_key_schedule deskey2; |
577 |
++ DES_key_schedule deskey3; |
578 |
++ DES_cblock ivec; // initialization vector |
579 |
+ int ivecoff; // current offset into initvec |
580 |
+ }; |
581 |
+ |
582 |
|
583 |
diff --git a/net-libs/wvstreams/wvstreams-4.6.1-r6.ebuild b/net-libs/wvstreams/wvstreams-4.6.1-r6.ebuild |
584 |
new file mode 100644 |
585 |
index 00000000000..91012087a9a |
586 |
--- /dev/null |
587 |
+++ b/net-libs/wvstreams/wvstreams-4.6.1-r6.ebuild |
588 |
@@ -0,0 +1,96 @@ |
589 |
+# Copyright 1999-2018 Gentoo Authors |
590 |
+# Distributed under the terms of the GNU General Public License v2 |
591 |
+ |
592 |
+EAPI=6 |
593 |
+inherit autotools eutils flag-o-matic toolchain-funcs |
594 |
+ |
595 |
+DESCRIPTION="A network programming library in C++" |
596 |
+HOMEPAGE="http://alumnit.ca/wiki/?WvStreams" |
597 |
+SRC_URI="https://wvstreams.googlecode.com/files/${P}.tar.gz" |
598 |
+ |
599 |
+LICENSE="GPL-2" |
600 |
+SLOT="0" |
601 |
+KEYWORDS="~alpha ~amd64 ~hppa ~ppc ~sparc ~x86" |
602 |
+IUSE="pam doc +ssl +dbus debug boost" |
603 |
+ |
604 |
+#Tests fail if openssl is not compiled with -DPURIFY. Gentoo's isn't. FAIL! |
605 |
+RESTRICT="test" |
606 |
+ |
607 |
+#QA Fail: xplc is compiled as a part of wvstreams. |
608 |
+#It'll take a larger patching effort to get it extracted, since upstream integrated it |
609 |
+#more tightly this time. Probably for the better since upstream xplc seems dead. |
610 |
+ |
611 |
+RDEPEND=" |
612 |
+ dev-libs/openssl:0= |
613 |
+ sys-libs/readline:0= |
614 |
+ sys-libs/zlib |
615 |
+ dbus? ( >=sys-apps/dbus-1.4.20 ) |
616 |
+ pam? ( virtual/pam ) |
617 |
+" |
618 |
+DEPEND=" |
619 |
+ ${RDEPEND} |
620 |
+ virtual/pkgconfig |
621 |
+ doc? ( app-doc/doxygen ) |
622 |
+ boost? ( >=dev-libs/boost-1.34.1:= ) |
623 |
+" |
624 |
+DOCS="ChangeLog README*" |
625 |
+PATCHES=( |
626 |
+ "${FILESDIR}"/${P}-autoconf.patch |
627 |
+ "${FILESDIR}"/${P}-fix-c++14.patch |
628 |
+ "${FILESDIR}"/${P}-gcc47.patch |
629 |
+ "${FILESDIR}"/${P}-glibc212.patch |
630 |
+ "${FILESDIR}"/${P}-parallel-make.patch |
631 |
+ "${FILESDIR}"/${P}-_DEFAULT_SOURCE.patch |
632 |
+ "${FILESDIR}"/${P}-2048-bytes-should-be-enough-right-question-mark.patch |
633 |
+ "${FILESDIR}"/${P}-openssl-1.1.patch |
634 |
+) |
635 |
+ |
636 |
+src_prepare() { |
637 |
+ default |
638 |
+ |
639 |
+ eautoreconf |
640 |
+} |
641 |
+ |
642 |
+src_configure() { |
643 |
+ append-flags -fno-strict-aliasing |
644 |
+ append-flags -fno-tree-dce -fno-optimize-sibling-calls #421375 |
645 |
+ |
646 |
+ tc-export AR CXX |
647 |
+ |
648 |
+ use boost && export ac_cv_header_tr1_functional=no |
649 |
+ |
650 |
+ econf \ |
651 |
+ $(use_enable debug) \ |
652 |
+ $(use_with dbus) \ |
653 |
+ $(use_with pam) \ |
654 |
+ --cache-file="${T}"/config.cache \ |
655 |
+ --disable-optimization \ |
656 |
+ --localstatedir=/var \ |
657 |
+ --with-openssl \ |
658 |
+ --with-zlib \ |
659 |
+ --without-qt \ |
660 |
+ --without-tcl \ |
661 |
+ --without-valgrind |
662 |
+} |
663 |
+ |
664 |
+src_compile() { |
665 |
+ default |
666 |
+ |
667 |
+ if use doc; then |
668 |
+ doxygen || die |
669 |
+ fi |
670 |
+} |
671 |
+ |
672 |
+src_test() { |
673 |
+ emake test |
674 |
+} |
675 |
+ |
676 |
+src_install() { |
677 |
+ default |
678 |
+ |
679 |
+ if use doc; then |
680 |
+ #the list of files is too big for dohtml -r Docs/doxy-html/* |
681 |
+ docinto html |
682 |
+ dodoc -r Docs/doxy-html/* |
683 |
+ fi |
684 |
+} |
685 |
|
686 |
diff --git a/net-libs/wvstreams/wvstreams-99999.ebuild b/net-libs/wvstreams/wvstreams-99999.ebuild |
687 |
index 8665f2087f9..4181ca4eaeb 100644 |
688 |
--- a/net-libs/wvstreams/wvstreams-99999.ebuild |
689 |
+++ b/net-libs/wvstreams/wvstreams-99999.ebuild |
690 |
@@ -15,7 +15,7 @@ KEYWORDS="" |
691 |
IUSE="+dbus debug doc pam static-libs +zlib" |
692 |
|
693 |
RDEPEND=" |
694 |
- <dev-libs/openssl-1.1:0= |
695 |
+ dev-libs/openssl:0= |
696 |
sys-libs/readline:0= |
697 |
sys-libs/zlib |
698 |
dbus? ( >=sys-apps/dbus-1.4.20 ) |