aboutsummaryrefslogtreecommitdiffstats
path: root/testing
diff options
context:
space:
mode:
authorWilliam Pitcock <nenolod@dereferenced.org>2018-10-24 18:43:38 -0500
committerWilliam Pitcock <nenolod@dereferenced.org>2018-10-24 18:44:53 -0500
commit6966c8e0302819c69535751bc8d52d7d7d4c9627 (patch)
tree5ad4f328cff40e756010197a0547beaa08d4576f /testing
parent49f656ed06ba914f117dc609c955b946ea36a044 (diff)
downloadaports-6966c8e0302819c69535751bc8d52d7d7d4c9627.tar.gz
aports-6966c8e0302819c69535751bc8d52d7d7d4c9627.tar.bz2
aports-6966c8e0302819c69535751bc8d52d7d7d4c9627.tar.xz
testing/libtls-standalone: port to openssl 1.1.0 API
Diffstat (limited to 'testing')
-rw-r--r--testing/libtls-standalone/APKBUILD20
-rw-r--r--testing/libtls-standalone/openssl-1.1.0-asn1-string.patch31
-rw-r--r--testing/libtls-standalone/openssl-1.1.0-bio-method.patch107
-rw-r--r--testing/libtls-standalone/openssl-1.1.0-verify-param.patch50
-rw-r--r--testing/libtls-standalone/openssl-1.1.0-x509-object.patch40
-rw-r--r--testing/libtls-standalone/tls_compat.c24
-rw-r--r--testing/libtls-standalone/tls_compat.h6
7 files changed, 253 insertions, 25 deletions
diff --git a/testing/libtls-standalone/APKBUILD b/testing/libtls-standalone/APKBUILD
index 8719a73eda..7ebaa47976 100644
--- a/testing/libtls-standalone/APKBUILD
+++ b/testing/libtls-standalone/APKBUILD
@@ -2,7 +2,7 @@
pkgname=libtls-standalone
pkgver=2.7.4
_namever=${pkgname}${pkgver%.*}
-pkgrel=0
+pkgrel=1
pkgdesc="libtls extricated from libressl sources"
url="http://www.libressl.org/"
arch="all"
@@ -17,6 +17,10 @@ source="https://ftp.openbsd.org/pub/OpenBSD/libressl/libressl-$pkgver.tar.gz
tls_compat.h
test_program.c
libtls-ciphers.patch
+ openssl-1.1.0-bio-method.patch
+ openssl-1.1.0-verify-param.patch
+ openssl-1.1.0-asn1-string.patch
+ openssl-1.1.0-x509-object.patch
"
libressl_src="$srcdir/libressl-$pkgver"
builddir="$srcdir"
@@ -27,6 +31,10 @@ prepare() {
cd "$libressl_src"
patch -p1 < "$srcdir"/libtls-ciphers.patch
+ patch -p1 < "$srcdir"/openssl-1.1.0-bio-method.patch
+ patch -p1 < "$srcdir"/openssl-1.1.0-verify-param.patch
+ patch -p1 < "$srcdir"/openssl-1.1.0-asn1-string.patch
+ patch -p1 < "$srcdir"/openssl-1.1.0-x509-object.patch
}
build() {
@@ -49,7 +57,11 @@ package() {
sha512sums="1cd82a1bff4f655251b5feb0c850f4164e0fd548e4b404407370f74dcc75c205f42efc7787a157eecac84cbbe46af48cb63f46b3fef75f4a0a9ea19a5863a691 libressl-2.7.4.tar.gz
28e08af50fbcb286d413a2df2b063ee90675561c1501d24d33e17c142b85f404a27c4954644d65e367c925981e514dcaad6d311c768162cd02f3eea0db15d14d Makefile
-b08c24948c18ba85472693f429dc8c7732aeebdea447e9e57a5be19b8c37d18dec0775159236b8b07bd1e40b57e9dc632b838c5d40d96d631f24d713ccd1ae1f tls_compat.c
-c73352962a76ca5cba571f4b8b4decaff86849c737893523198b696ab808934a10df9dc42c4cece7640e007dcc1b4f5778cdf04b498fec5c058a4c9a2206c749 tls_compat.h
+be8216d08a6992ca65a8e3f1e010645833899465090179f269a62de5fcfe2711d463fe1aa57e408492648878fa2ee53377c4509ef48a2aafe3f267cce73e9209 tls_compat.c
+0b8fca899e1f7b51979d69458be23c77c1b7f265ed60de76cf5cfb9eb5742111cf50813bd35384831301523a6a0562a20acf1aec22dc0d9ad653271d45ede915 tls_compat.h
71d36fe25c95a0a45497e3f699b01dddcaae9053dd1b1e2419df94272c47024cf6516c51c902129201061601b04a72551904b15a332a4cf53358983b5db73618 test_program.c
-21a0f62eb76bb7737ebc3fe96de844831a237e09ff46886267c3d1ec4612a5a5de4534e84b2548c640b0f6d19c414d22d6c495b03bee6b437cfa171aa82c3198 libtls-ciphers.patch"
+8da41dc7f3a3e94c7c26c20b88e649eeaa556064c6b45deb4604fb0b5738109344bf2d9e5c37dc963634db1761370aa5ed4dfe085cae2a21e74535b5b98f4a43 libtls-ciphers.patch
+90244db67d2f5a2b4679cd4b905f6e58105e20e5a4648dd0781dee3f3d1ce87350eee9683f2e6e554949a390ee45d2247e7588e75668e82feb68213178905d3d openssl-1.1.0-bio-method.patch
+b0c6c0b32d6ea30b7161ae75e36b8102b3c00268723dec15464318bae8f77a386dba9ef0537d47018b385b16f57132b5c893e494b8853d51b638b4d270e1f9d6 openssl-1.1.0-verify-param.patch
+e0b7ce674269714cd63f628c332ed3420086c973f6e763a9a5d57991738370759d437b59edff5349ce4213725588f58e196c479b372a702833fcae75da9d71a1 openssl-1.1.0-asn1-string.patch
+7d88088240f78dc3656e71d67f2222b4562bbcfacfaac77e7d8d3ace50ae7f02fac15cea0df2d9990b8d30f6cfd0b4ffd92ea97191181f0b00b1d34c050ef130 openssl-1.1.0-x509-object.patch"
diff --git a/testing/libtls-standalone/openssl-1.1.0-asn1-string.patch b/testing/libtls-standalone/openssl-1.1.0-asn1-string.patch
new file mode 100644
index 0000000000..258ba60a5d
--- /dev/null
+++ b/testing/libtls-standalone/openssl-1.1.0-asn1-string.patch
@@ -0,0 +1,31 @@
+--- libressl-2.7.4.orig/tls/tls_verify.c
++++ libressl-2.7.4/tls/tls_verify.c
+@@ -126,12 +126,12 @@
+ continue;
+
+ if (type == GEN_DNS) {
+- unsigned char *data;
++ const unsigned char *data;
+ int format, len;
+
+ format = ASN1_STRING_type(altname->d.dNSName);
+ if (format == V_ASN1_IA5STRING) {
+- data = ASN1_STRING_data(altname->d.dNSName);
++ data = ASN1_STRING_get0_data(altname->d.dNSName);
+ len = ASN1_STRING_length(altname->d.dNSName);
+
+ if (len < 0 || (size_t)len != strlen(data)) {
+@@ -171,11 +171,11 @@
+ }
+
+ } else if (type == GEN_IPADD) {
+- unsigned char *data;
++ const unsigned char *data;
+ int datalen;
+
+ datalen = ASN1_STRING_length(altname->d.iPAddress);
+- data = ASN1_STRING_data(altname->d.iPAddress);
++ data = ASN1_STRING_get0_data(altname->d.iPAddress);
+
+ if (datalen < 0) {
+ tls_set_errorx(ctx,
diff --git a/testing/libtls-standalone/openssl-1.1.0-bio-method.patch b/testing/libtls-standalone/openssl-1.1.0-bio-method.patch
new file mode 100644
index 0000000000..4f4290c3ce
--- /dev/null
+++ b/testing/libtls-standalone/openssl-1.1.0-bio-method.patch
@@ -0,0 +1,107 @@
+--- libressl-2.7.4.orig/tls/tls_bio_cb.c
++++ libressl-2.7.4/tls/tls_bio_cb.c
+@@ -18,6 +18,7 @@
+ #include <fcntl.h>
+ #include <stdlib.h>
+ #include <unistd.h>
++#include <assert.h>
+
+ #include <openssl/bio.h>
+
+@@ -29,19 +30,36 @@
+ static int bio_cb_puts(BIO *bio, const char *str);
+ static long bio_cb_ctrl(BIO *bio, int cmd, long num, void *ptr);
+
+-static BIO_METHOD bio_cb_method = {
+- .type = BIO_TYPE_MEM,
+- .name = "libtls_callbacks",
+- .bwrite = bio_cb_write,
+- .bread = bio_cb_read,
+- .bputs = bio_cb_puts,
+- .ctrl = bio_cb_ctrl,
+-};
++static pthread_once_t bio_cb_init_once = PTHREAD_ONCE_INIT;
+
++static BIO_METHOD *bio_cb_method = NULL;
++
++static void
++bio_s_cb_init(void)
++{
++ BIO_METHOD *method;
++
++ method = BIO_meth_new(BIO_TYPE_MEM, "libtls_callbacks");
++ assert(method != NULL);
++
++ BIO_meth_set_read(method, bio_cb_read);
++ BIO_meth_set_write(method, bio_cb_write);
++ BIO_meth_set_puts(method, bio_cb_puts);
++ BIO_meth_set_ctrl(method, bio_cb_ctrl);
++
++ bio_cb_method = method;
++}
++
+ static BIO_METHOD *
+ bio_s_cb(void)
+ {
+- return (&bio_cb_method);
++ if (bio_cb_method != NULL) {
++ return bio_cb_method;
++ }
++
++ (void) pthread_once(&bio_cb_init_once, bio_s_cb_init);
++
++ return bio_cb_method;
+ }
+
+ static int
+@@ -57,10 +75,10 @@
+
+ switch (cmd) {
+ case BIO_CTRL_GET_CLOSE:
+- ret = (long)bio->shutdown;
++ ret = (long) BIO_get_shutdown(bio);
+ break;
+ case BIO_CTRL_SET_CLOSE:
+- bio->shutdown = (int)num;
++ BIO_set_shutdown(bio, (int) num);
+ break;
+ case BIO_CTRL_DUP:
+ case BIO_CTRL_FLUSH:
+@@ -69,7 +87,7 @@
+ case BIO_CTRL_GET:
+ case BIO_CTRL_SET:
+ default:
+- ret = BIO_ctrl(bio->next_bio, cmd, num, ptr);
++ ret = BIO_ctrl(BIO_next(bio), cmd, num, ptr);
+ }
+
+ return (ret);
+@@ -78,7 +96,7 @@
+ static int
+ bio_cb_write(BIO *bio, const char *buf, int num)
+ {
+- struct tls *ctx = bio->ptr;
++ struct tls *ctx = BIO_get_data(bio);
+ int rv;
+
+ BIO_clear_retry_flags(bio);
+@@ -96,7 +114,7 @@
+ static int
+ bio_cb_read(BIO *bio, char *buf, int size)
+ {
+- struct tls *ctx = bio->ptr;
++ struct tls *ctx = BIO_get_data(bio);
+ int rv;
+
+ BIO_clear_retry_flags(bio);
+@@ -131,8 +149,8 @@
+ tls_set_errorx(ctx, "failed to create callback i/o");
+ goto err;
+ }
+- bio->ptr = ctx;
+- bio->init = 1;
++ BIO_set_data(bio, ctx);
++ BIO_set_init(bio, 1);
+
+ SSL_set_bio(ctx->ssl_conn, bio, bio);
+
diff --git a/testing/libtls-standalone/openssl-1.1.0-verify-param.patch b/testing/libtls-standalone/openssl-1.1.0-verify-param.patch
new file mode 100644
index 0000000000..ef3f948e02
--- /dev/null
+++ b/testing/libtls-standalone/openssl-1.1.0-verify-param.patch
@@ -0,0 +1,50 @@
+--- libressl-2.7.4.orig/tls/tls.c
++++ libressl-2.7.4/tls/tls.c
+@@ -438,8 +438,16 @@
+ }
+
+ if (ctx->config->verify_time == 0) {
+- X509_VERIFY_PARAM_set_flags(ssl_ctx->param,
+- X509_V_FLAG_NO_CHECK_TIME);
++ X509_VERIFY_PARAM *param = X509_VERIFY_PARAM_new();
++
++ if (param == NULL) {
++ goto err;
++ }
++
++ X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_NO_CHECK_TIME);
++ SSL_CTX_set1_param(ssl_ctx, param);
++
++ X509_VERIFY_PARAM_free(param);
+ }
+
+ /* Disable any form of session caching by default */
+@@ -487,6 +495,7 @@
+ STACK_OF(X509_INFO) *xis = NULL;
+ X509_STORE *store;
+ X509_INFO *xi;
++ X509_VERIFY_PARAM *param;
+ BIO *bio = NULL;
+ int rv = -1;
+ int i;
+@@ -548,8 +557,19 @@
+ }
+ xi->crl = NULL;
+ }
+- X509_VERIFY_PARAM_set_flags(store->param,
++
++ param = X509_VERIFY_PARAM_new();
++
++ if (param == NULL) {
++ goto err;
++ }
++
++ X509_VERIFY_PARAM_set_flags(param,
+ X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL);
++
++ X509_STORE_set1_param(store, param);
++
++ X509_VERIFY_PARAM_free(param);
+ }
+
+ done:
diff --git a/testing/libtls-standalone/openssl-1.1.0-x509-object.patch b/testing/libtls-standalone/openssl-1.1.0-x509-object.patch
new file mode 100644
index 0000000000..e90903252f
--- /dev/null
+++ b/testing/libtls-standalone/openssl-1.1.0-x509-object.patch
@@ -0,0 +1,40 @@
+--- libressl-2.7.4.orig/tls/tls_ocsp.c
++++ libressl-2.7.4/tls/tls_ocsp.c
+@@ -127,8 +127,8 @@
+ {
+ X509_NAME *issuer_name;
+ X509 *issuer;
+- X509_STORE_CTX storectx;
+- X509_OBJECT tmpobj;
++ X509_STORE_CTX *storectx;
++ X509_OBJECT *tmpobj;
+ OCSP_CERTID *cid = NULL;
+ X509_STORE *store;
+
+@@ -143,14 +143,20 @@
+
+ if ((store = SSL_CTX_get_cert_store(ssl_ctx)) == NULL)
+ return NULL;
+- if (X509_STORE_CTX_init(&storectx, store, main_cert, extra_certs) != 1)
++ if ((storectx = X509_STORE_CTX_new()) == NULL)
+ return NULL;
+- if (X509_STORE_get_by_subject(&storectx, X509_LU_X509, issuer_name,
+- &tmpobj) == 1) {
+- cid = OCSP_cert_to_id(NULL, main_cert, tmpobj.data.x509);
+- X509_OBJECT_free_contents(&tmpobj);
++ if (X509_STORE_CTX_init(storectx, store, main_cert, extra_certs) != 1)
++ goto err;
++ if ((tmpobj = X509_OBJECT_new()) == NULL)
++ goto err;
++ if (X509_STORE_get_by_subject(storectx, X509_LU_X509, issuer_name,
++ tmpobj) == 1) {
++ cid = OCSP_cert_to_id(NULL, main_cert, X509_OBJECT_get0_X509(tmpobj));
++ X509_OBJECT_free(tmpobj);
+ }
+- X509_STORE_CTX_cleanup(&storectx);
++
++ err:
++ X509_STORE_CTX_cleanup(storectx);
+ return cid;
+ }
+
diff --git a/testing/libtls-standalone/tls_compat.c b/testing/libtls-standalone/tls_compat.c
index aeff845237..2d184e4020 100644
--- a/testing/libtls-standalone/tls_compat.c
+++ b/testing/libtls-standalone/tls_compat.c
@@ -132,14 +132,14 @@ SSL_CTX_use_certificate_chain_mem(SSL_CTX *ctx, char *buf, off_t len)
x = ca = NULL;
if ((in = BIO_new_mem_buf(buf, len)) == NULL) {
- SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE, ERR_R_BUF_LIB);
+ SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, ERR_R_BUF_LIB);
goto end;
}
if ((x = PEM_read_bio_X509(in, NULL,
- ctx->default_passwd_callback,
- ctx->default_passwd_callback_userdata)) == NULL) {
- SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE, ERR_R_PEM_LIB);
+ SSL_CTX_get_default_passwd_cb(ctx),
+ SSL_CTX_get_default_passwd_cb_userdata(ctx))) == NULL) {
+ SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, ERR_R_PEM_LIB);
goto end;
}
@@ -149,15 +149,11 @@ SSL_CTX_use_certificate_chain_mem(SSL_CTX *ctx, char *buf, off_t len)
/* If we could set up our certificate, now proceed to
* the CA certificates.
*/
-
- if (ctx->extra_certs != NULL) {
- sk_X509_pop_free(ctx->extra_certs, X509_free);
- ctx->extra_certs = NULL;
- }
+ SSL_CTX_clear_extra_chain_certs(ctx);
while ((ca = PEM_read_bio_X509(in, NULL,
- ctx->default_passwd_callback,
- ctx->default_passwd_callback_userdata)) != NULL) {
+ SSL_CTX_get_default_passwd_cb(ctx),
+ SSL_CTX_get_default_passwd_cb_userdata(ctx))) != NULL) {
if (!SSL_CTX_add_extra_chain_cert(ctx, ca))
goto end;
@@ -296,12 +292,6 @@ ASN1_time_parse(const char *bytes, size_t len, struct tm *tm, int mode)
return (type);
}
-int
-SSL_CTX_set1_groups(SSL_CTX *ctx, int *glist, int glistlen)
-{
- return 1;
-}
-
/* $OpenBSD: a_time_tm.c,v 1.14 2017/08/28 17:42:47 jsing Exp $ */
/*
* Copyright (c) 2015 Bob Beck <beck@openbsd.org>
diff --git a/testing/libtls-standalone/tls_compat.h b/testing/libtls-standalone/tls_compat.h
index 6f91171cf8..8e4629e35a 100644
--- a/testing/libtls-standalone/tls_compat.h
+++ b/testing/libtls-standalone/tls_compat.h
@@ -1,3 +1,5 @@
+#include <string.h>
+
#include <openssl/opensslv.h>
#include <openssl/x509_vfy.h>
@@ -18,8 +20,4 @@ int ASN1_time_parse(const char *bytes, size_t len, struct tm *tm, int mode);
int SSL_CTX_use_certificate_chain_mem(SSL_CTX *, char *buf, off_t);
-int SSL_CTX_set1_groups(SSL_CTX *ctx, int *glist, int glistlen);
-
-#define SSL_CTX_set_dh_auto(...)
-
#endif