- Unbreak the build against modern OpenSSL versions and also on 64-bit

architectures by using explicit 32-bit `int' types instead of `long' which length is not constant (machine/compiler-dependent) - Don't patch and then sed(1)-patch the Makefile, just pass the needed header files and library paths via MAKE_ARGS - Install documentation in the dedicated DOCS option helper target - Convert two-line pkg-plist into PLIST_FILES and PORTDOCS - Provide fallback distfile download locations Tested on: i386, amd64
author: Alexey Dokuchaev <danfe@FreeBSD.org> 2021-03-19 02:16:30 +0000
committer: Alexey Dokuchaev <danfe@FreeBSD.org> 2021-03-19 02:16:30 +0000
commit: 4c46219141a8c1a121bf792c0431fcd9ccd3b726 (patch)
tree: d0ba6e2effcc613d144c46949baa73aaae9083bd /security/pvk
parent: ee849710c52d13ecd4c872ccb2c5e6d6b987027d (diff)
download: ports-4c46219141a8c1a121bf792c0431fcd9ccd3b726.tar.gz
ports-4c46219141a8c1a121bf792c0431fcd9ccd3b726.zip
6 files changed, 305 insertions, 36 deletions
diff --git a/security/pvk/Makefile b/security/pvk/Makefile
index 774eefa4cf3b..e9526e685d32 100644
--- a/security/pvk/Makefile
+++ b/security/pvk/Makefile
@@ -3,8 +3,11 @@
 
 PORTNAME=	pvk
 PORTVERSION=	20070406
+PORTREVISION=	1
 CATEGORIES=	security
-MASTER_SITES=	http://www.drh-consultancy.demon.co.uk/
+MASTER_SITES=	http://www.drh-consultancy.demon.co.uk/ \
+		http://vault.101011010.xyz/distfiles/ \
+		http://freebsd.nsu.ru/distfiles/
 DISTNAME=	pvksrc
 EXTRACT_SUFX=	.tgz.bin
 
@@ -12,25 +15,20 @@ MAINTAINER=	sobomax@FreeBSD.org
 COMMENT=	Tool to convert a RSA key in PEM format into a PVK file and vice versa
 
 USES=		ssl
-CFLAGS+=	-I${OPENSSLINC}
-LDFLAGS+=	-L${OPENSSLLIB}
+MAKE_ARGS=	SSLINC=${OPENSSLINC} SSLLIB=${OPENSSLLIB}
 
 NO_WRKSUBDIR=	yes
 
-.include <bsd.port.pre.mk>
+PLIST_FILES=	bin/pvk
+PORTDOCS=	README
 
-.if ${SSL_DEFAULT} == base
-BROKEN_FreeBSD_12=	variable has incomplete type 'EVP_MD_CTX' (aka 'struct evp_md_ctx_st')
-BROKEN_FreeBSD_13=	variable has incomplete type 'EVP_MD_CTX' (aka 'struct evp_md_ctx_st')
-.endif
-
-post-patch:
-	${REINPLACE_CMD} -e 's|\(-lcrypto\)|$$(LDFLAGS) \1|g' \
-		${WRKSRC}/Makefile
+OPTIONS_DEFINE=	DOCS
 
 do-install:
 	${INSTALL_PROGRAM} ${WRKSRC}/pvk ${STAGEDIR}${PREFIX}/bin
-	${MKDIR} ${STAGEDIR}${DOCSDIR}
+
+do-install-DOCS-on:
+	@${MKDIR} ${STAGEDIR}${DOCSDIR}
 	${INSTALL_DATA} ${WRKSRC}/README ${STAGEDIR}${DOCSDIR}
 
-.include <bsd.port.post.mk>
+.include <bsd.port.mk>
diff --git a/security/pvk/files/patch-Makefile b/security/pvk/files/patch-Makefile
deleted file mode 100644
index a3f5331167c8..000000000000
--- a/security/pvk/files/patch-Makefile
+++ /dev/null
@@ -1,20 +0,0 @@
---- Makefile.orig
-+++ Makefile
-@@ -4,7 +4,7 @@
- SSLINC=/usr/local/ssl/include
- SSLLIB=/usr/local/ssl/lib
- 
--CFLAGS=-Wall -I$(SSLINC)
-+CFLAGS+=-Wall
- 
- all: pvk
- 
-@@ -13,7 +13,7 @@
- $(OBJS): pvk.h
- 
- pvk: $(OBJS) pvk.o pvk.h
--	$(CC) $(CFLAGS) -o pvk pvk.o $(OBJS) -L$(SSLLIB) -lcrypto
-+	$(CC) $(CFLAGS) -o pvk pvk.o $(OBJS) -lcrypto
- 
- errors:
- 	perl $(TOP)/util/mkerr.pl -nostatic -conf pvk.ec -write *.c
diff --git a/security/pvk/files/patch-pvk.h b/security/pvk/files/patch-pvk.h
new file mode 100644
index 000000000000..96e5446997f0
--- /dev/null
+++ b/security/pvk/files/patch-pvk.h
@@ -0,0 +1,37 @@
+--- pvk.h.orig	2001-04-10 12:00:08 UTC
++++ pvk.h
+@@ -77,18 +77,18 @@ extern "C" {
+ /* PVK file information */
+ 
+ typedef struct {
+-long magic;
+-long res;
+-long keytype;
+-long crypt;
+-long saltlen;
+-long keylen;
++int32_t magic;
++int32_t res;
++int32_t keytype;
++int32_t crypt;
++int32_t saltlen;
++int32_t keylen;
+ int encr;
+ unsigned char *salt;
+ unsigned char btype;
+ unsigned char version;
+ unsigned short reserved;
+-unsigned long keyalg;
++uint32_t keyalg;
+ unsigned char *key;
+ } PVK_DAT;
+ 
+@@ -116,7 +116,7 @@ RSA *pvk2rsa (PVK_DAT *pvk);
+ int pvk_read(BIO *in, PVK_DAT *pvk);
+ int pvk_write(BIO *out, PVK_DAT *pvk);
+ int pvk_encrypt (PVK_DAT *pvk, char *pass, int encr);
+-int rsa2pvk (RSA *rsa, PVK_DAT *pvk, unsigned long alg);
++int rsa2pvk (RSA *rsa, PVK_DAT *pvk, uint32_t alg);
+ 
+ /* BEGIN ERROR CODES */
+ /* The following lines are auto generated by the script mkerr.pl. Any changes
diff --git a/security/pvk/files/patch-pvkread.c b/security/pvk/files/patch-pvkread.c
new file mode 100644
index 000000000000..0283f357b06f
--- /dev/null
+++ b/security/pvk/files/patch-pvkread.c
@@ -0,0 +1,137 @@
+--- pvkread.c.orig	2000-07-03 00:02:30 UTC
++++ pvkread.c
+@@ -64,10 +64,10 @@
+ #include "pvk.h"
+ 
+ static int read_word(BIO *in, unsigned short *dat);
+-static int read_dword(BIO *in, unsigned long *dat);
+-static unsigned long get_dword(unsigned char **p);
++static int read_dword(BIO *in, uint32_t *dat);
++static uint32_t get_dword(unsigned char **p);
+ static BIGNUM *lend2BN(unsigned char **nptr, int len);
+-static int scan_magic(BIO *in, unsigned long *magic);
++static int scan_magic(BIO *in, uint32_t *magic);
+ 
+ static int read_word(BIO *in, unsigned short *dat)
+ {
+@@ -77,7 +77,7 @@ static int read_word(BIO *in, unsigned short *dat)
+ 	return 1;
+ }
+ 
+-static int read_dword(BIO *in, unsigned long *dat)
++static int read_dword(BIO *in, uint32_t *dat)
+ {
+ 	unsigned char buf[4];
+ 	if (BIO_read(in, buf, 4) != 4) return 0;
+@@ -85,9 +85,9 @@ static int read_dword(BIO *in, unsigned long *dat)
+ 	return 1;
+ }
+ 
+-static unsigned long get_dword(unsigned char **p)
++static uint32_t get_dword(unsigned char **p)
+ {
+-	unsigned long ret;
++	uint32_t ret;
+ 	unsigned char *buf;
+ 	buf = *p;
+ 	ret = buf[0] + (buf[1] << 8) + (buf[2] << 16) + (buf[3] << 24);
+@@ -95,7 +95,7 @@ static unsigned long get_dword(unsigned char **p)
+ 	return ret;
+ }
+ 
+-static int scan_magic(BIO *in, unsigned long *magic)
++static int scan_magic(BIO *in, uint32_t *magic)
+ {
+ 	int i;
+ 	char dummy[4];
+@@ -157,8 +157,8 @@ int pvk_read(BIO *in, PVK_DAT *pvk)
+ 
+ int pvk_decrypt(PVK_DAT *pvk, char *pass)
+ {
+-	EVP_MD_CTX ctx;
+-	EVP_CIPHER_CTX cctx;
++	EVP_MD_CTX *ctx;
++	EVP_CIPHER_CTX *cctx;
+ 	unsigned char *buf;
+ 	unsigned char tmpkey[EVP_MAX_KEY_LENGTH];
+ 	int outlen;
+@@ -171,18 +171,21 @@ int pvk_decrypt(PVK_DAT *pvk, char *pass)
+ 		PVKerr(PVK_F_PVK_DECRYPT,ERR_R_MALLOC_FAILURE);
+ 		return 0;
+ 	}
+-	EVP_DigestInit(&ctx, EVP_sha1());
+-	EVP_DigestUpdate(&ctx, pvk->salt, pvk->saltlen);
+-	EVP_DigestUpdate(&ctx, pass, strlen(pass));
+-	EVP_DigestFinal(&ctx, tmpkey, NULL);
+-        EVP_DecryptInit(&cctx, EVP_rc4(), tmpkey, NULL);
+-	EVP_DecryptUpdate(&cctx, buf, &outlen, pvk->key, pvk->keylen);
++	ctx = EVP_MD_CTX_new();
++	EVP_DigestInit(ctx, EVP_sha1());
++	EVP_DigestUpdate(ctx, pvk->salt, pvk->saltlen);
++	EVP_DigestUpdate(ctx, pass, strlen(pass));
++	EVP_DigestFinal(ctx, tmpkey, NULL);
++	EVP_MD_CTX_free(ctx);
++	cctx = EVP_CIPHER_CTX_new();
++	EVP_DecryptInit(cctx, EVP_rc4(), tmpkey, NULL);
++	EVP_DecryptUpdate(cctx, buf, &outlen, pvk->key, pvk->keylen);
+ 	if(strncmp(buf, "RSA2", 4)) {
+                 /* Didn't work: try weak encryption */
+                 memset(tmpkey+5, 0, 11);
+-                EVP_DecryptFinal(&cctx, buf + outlen, &outlen);
+-                EVP_DecryptInit(&cctx, EVP_rc4(), tmpkey, NULL);
+-                EVP_DecryptUpdate(&cctx, buf, &outlen, pvk->key, pvk->keylen);
++                EVP_DecryptFinal(cctx, buf + outlen, &outlen);
++                EVP_DecryptInit(cctx, EVP_rc4(), tmpkey, NULL);
++                EVP_DecryptUpdate(cctx, buf, &outlen, pvk->key, pvk->keylen);
+                 if(strncmp(buf, "RSA2", 4)) {
+ 			PVKerr(PVK_F_PVK_DECRYPT,PVK_R_DECRYPT_ERROR);
+                         OPENSSL_free(buf);
+@@ -190,7 +193,8 @@ int pvk_decrypt(PVK_DAT *pvk, char *pass)
+                 } else pvk->encr = PVK_WEAK;
+         } else pvk->encr = PVK_STRONG;
+ 	/* Not needed but do it to cleanup */
+-	EVP_DecryptFinal(&cctx, buf + outlen, &outlen);
++	EVP_DecryptFinal(cctx, buf + outlen, &outlen);
++	EVP_CIPHER_CTX_free(cctx);
+ 	OPENSSL_free(pvk->key);
+ 	pvk->key = buf;
+         memset(tmpkey, 0, EVP_MAX_KEY_LENGTH);
+@@ -203,6 +207,7 @@ RSA *pvk2rsa (PVK_DAT *pvk)
+ 	RSA *rsa;
+ 	unsigned char *keytmp;
+ 	int pubexp, keylen, pvklen;
++	BIGNUM *e, *n, *p, *q, *dmp1, *dmq1, *iqmp, *d;
+ 	rsa = RSA_new();
+ 	if (!rsa) return NULL;
+ 	keytmp = pvk->key + 4;
+@@ -216,15 +221,21 @@ RSA *pvk2rsa (PVK_DAT *pvk)
+ 
+  	if (pvklen < ((keylen/2)* 9)) goto err;
+ 
+-	if(!(rsa->e = BN_new ())) goto err;
+-	BN_set_word (rsa->e, pubexp);
+-	if(!(rsa->n = lend2BN (&keytmp, keylen))) goto err;
+-	if(!(rsa->p = lend2BN (&keytmp, keylen/2))) goto err;
+-	if(!(rsa->q = lend2BN (&keytmp, keylen/2))) goto err;
+-	if(!(rsa->dmp1 = lend2BN (&keytmp, keylen/2))) goto err;
+-	if(!(rsa->dmq1 = lend2BN (&keytmp, keylen/2))) goto err;
+-	if(!(rsa->iqmp = lend2BN (&keytmp, keylen/2))) goto err;
+-	if(!(rsa->d = lend2BN (&keytmp, keylen))) goto err;
++	if (!(e = BN_new())) goto err;
++	BN_set_word (e, pubexp);
++
++	if(!(n = lend2BN (&keytmp, keylen))) goto err;
++	if(!(p = lend2BN (&keytmp, keylen/2))) goto err;
++	if(!(q = lend2BN (&keytmp, keylen/2))) goto err;
++	if(!(dmp1 = lend2BN (&keytmp, keylen/2))) goto err;
++	if(!(dmq1 = lend2BN (&keytmp, keylen/2))) goto err;
++	if(!(iqmp = lend2BN (&keytmp, keylen/2))) goto err;
++	if(!(d = lend2BN (&keytmp, keylen))) goto err;
++
++	RSA_set0_key(rsa, n, e, d);
++	RSA_set0_factors(rsa, p, q);
++	RSA_set0_crt_params(rsa, dmp1, dmq1, iqmp);
++
+ 	return rsa;
+ 	err:
+ 	PVKerr(PVK_F_PVK2RSA,PVK_R_INVALID_PRIVATE_KEY_FORMAT);
diff --git a/security/pvk/files/patch-pvkwrite.c b/security/pvk/files/patch-pvkwrite.c
new file mode 100644
index 000000000000..308c9680627c
--- /dev/null
+++ b/security/pvk/files/patch-pvkwrite.c
@@ -0,0 +1,119 @@
+--- pvkwrite.c.orig	2000-07-03 00:02:30 UTC
++++ pvkwrite.c
+@@ -73,7 +73,7 @@ static int write_word(BIO *out, unsigned short dat)
+ 	return 1;
+ }
+ 
+-static int write_dword(BIO *out, unsigned long dat)
++static int write_dword(BIO *out, uint32_t dat)
+ {
+ 	unsigned char buf[4];
+ 	buf[0] = dat & 0xff;
+@@ -84,7 +84,7 @@ static int write_dword(BIO *out, unsigned long dat)
+ 	return 1;
+ }
+ 
+-static void put_dword(unsigned char **p, unsigned long dat)
++static void put_dword(unsigned char **p, uint32_t dat)
+ {
+ 	unsigned char *buf;
+ 	buf = *p;
+@@ -125,8 +125,8 @@ int pvk_write(BIO *out, PVK_DAT *pvk)
+ 
+ int pvk_encrypt(PVK_DAT *pvk, char *pass, int encr)
+ {
+-	EVP_MD_CTX ctx;
+-	EVP_CIPHER_CTX cctx;
++	EVP_MD_CTX *ctx;
++	EVP_CIPHER_CTX *cctx;
+ 	unsigned char *buf;
+ 	unsigned char tmpkey[EVP_MAX_KEY_LENGTH];
+ 	int outlen;
+@@ -141,17 +141,21 @@ int pvk_encrypt(PVK_DAT *pvk, char *pass, int encr)
+ 		PVKerr(PVK_F_PVK_ENCRYPT,ERR_R_MALLOC_FAILURE);
+ 		return 0;
+ 	}
+-	EVP_DigestInit(&ctx, EVP_sha1());
+-	EVP_DigestUpdate(&ctx, pvk->salt, pvk->saltlen);
+-	EVP_DigestUpdate(&ctx, pass, strlen(pass));
+-	EVP_DigestFinal(&ctx, tmpkey, NULL);
++	ctx = EVP_MD_CTX_new();
++	EVP_DigestInit(ctx, EVP_sha1());
++	EVP_DigestUpdate(ctx, pvk->salt, pvk->saltlen);
++	EVP_DigestUpdate(ctx, pass, strlen(pass));
++	EVP_DigestFinal(ctx, tmpkey, NULL);
++	EVP_MD_CTX_free(ctx);
+ 
+         if(encr == PVK_WEAK) memset(tmpkey + 5, 0, 11);
+ 
+-	EVP_EncryptInit(&cctx, EVP_rc4(), tmpkey, NULL);
+-	EVP_EncryptUpdate(&cctx, buf, &outlen, pvk->key, pvk->keylen);
++	cctx = EVP_CIPHER_CTX_new();
++	EVP_EncryptInit(cctx, EVP_rc4(), tmpkey, NULL);
++	EVP_EncryptUpdate(cctx, buf, &outlen, pvk->key, pvk->keylen);
+ 	/* Not needed but do it to cleanup */
+-	EVP_EncryptFinal(&cctx, buf + outlen, &outlen);
++	EVP_EncryptFinal(cctx, buf + outlen, &outlen);
++	EVP_CIPHER_CTX_free(cctx);
+ 	OPENSSL_free(pvk->key);
+ 	pvk->key = buf;
+         pvk->crypt = 1;
+@@ -161,7 +165,7 @@ int pvk_encrypt(PVK_DAT *pvk, char *pass, int encr)
+ }
+ 
+ /* Convert bignum to little endian format */ 
+-static int BN2lend (BIGNUM *num, unsigned char *p)
++static int BN2lend (const BIGNUM *num, unsigned char *p)
+ {
+ 	int nbyte, i;
+ 	unsigned char c;
+@@ -178,7 +182,7 @@ static int BN2lend (BIGNUM *num, unsigned char *p)
+ 
+ /* Convert RSA key into PVK structure */
+ 
+-int rsa2pvk(RSA *rsa, PVK_DAT *pvk, unsigned long alg)
++int rsa2pvk(RSA *rsa, PVK_DAT *pvk, uint32_t alg)
+ {
+ 	int numbytes;
+ 	unsigned char *p;
+@@ -202,7 +206,7 @@ int rsa2pvk(RSA *rsa, PVK_DAT *pvk, unsigned long alg)
+         else if(pvk->keyalg == RSA_SIG) pvk->keytype = PVK_SIG;
+ 
+ 	/* Set up a private key blob */
+-	numbytes = BN_num_bytes (rsa->n);
++	numbytes = BN_num_bytes (RSA_get0_n(rsa));
+ 	/* Allocate enough room for blob */
+ 	if (!(pvk->key = calloc(1, 12 + numbytes * 5))) {
+ 		PVKerr(PVK_F_RSA2PVK,ERR_R_MALLOC_FAILURE);
+@@ -216,23 +220,23 @@ int rsa2pvk(RSA *rsa, PVK_DAT *pvk, unsigned long alg)
+ 	p+= 4;
+ 
+ 	put_dword(&p, numbytes << 3);	/* Number of bits */
+-	put_dword(&p, BN_get_word(rsa->e)); /* Public exponent */
++	put_dword(&p, BN_get_word(RSA_get0_e(rsa))); /* Public exponent */
+ 
+ 	/* Convert each element */
+ 
+-	BN2lend (rsa->n, p);
++	BN2lend (RSA_get0_n(rsa), p);
+ 	p += numbytes;
+-	BN2lend (rsa->p, p);
++	BN2lend (RSA_get0_p(rsa), p);
+ 	p += numbytes/2;
+-	BN2lend (rsa->q, p);
++	BN2lend (RSA_get0_q(rsa), p);
+ 	p += numbytes/2;
+-	BN2lend (rsa->dmp1, p);
++	BN2lend (RSA_get0_dmp1(rsa), p);
+ 	p += numbytes/2;
+-	BN2lend (rsa->dmq1, p);
++	BN2lend (RSA_get0_dmq1(rsa), p);
+ 	p += numbytes/2;
+-	BN2lend (rsa->iqmp,p);
++	BN2lend (RSA_get0_iqmp(rsa), p);
+ 	p += numbytes/2;
+-	BN2lend (rsa->d, p);
++	BN2lend (RSA_get0_d(rsa), p);
+ 	p += numbytes;
+ 	pvk->keylen = p - pvk->key + 8;
+ 	RAND_seed(pvk->key, pvk->keylen);
diff --git a/security/pvk/pkg-plist b/security/pvk/pkg-plist
deleted file mode 100644
index 9c2392135a7d..000000000000
--- a/security/pvk/pkg-plist
+++ /dev/null
@@ -1,2 +0,0 @@
-bin/pvk
-share/doc/pvk/README
author	Alexey Dokuchaev <danfe@FreeBSD.org>	2021-03-19 02:16:30 +0000
committer	Alexey Dokuchaev <danfe@FreeBSD.org>	2021-03-19 02:16:30 +0000
commit	4c46219141a8c1a121bf792c0431fcd9ccd3b726 (patch)
tree	d0ba6e2effcc613d144c46949baa73aaae9083bd /security/pvk
parent	ee849710c52d13ecd4c872ccb2c5e6d6b987027d (diff)
download	ports-4c46219141a8c1a121bf792c0431fcd9ccd3b726.tar.gz ports-4c46219141a8c1a121bf792c0431fcd9ccd3b726.zip