Index: head/security/medusa/files/patch-openssl-1.1.x =================================================================== --- head/security/medusa/files/patch-openssl-1.1.x (nonexistent) +++ head/security/medusa/files/patch-openssl-1.1.x (revision 482008) @@ -0,0 +1,153 @@ +From 349ef7f0c24b627c6dbba8bcd5b47173806473a2 Mon Sep 17 00:00:00 2001 +From: jmk-foofus +Origin: https://github.com/jmk-foofus/medusa/commit/349ef7f0c24b627c6dbba8bcd5b47173806473a2 +Date: Tue, 1 Nov 2016 16:26:12 -0500 +Subject: [PATCH] Update to support newer versions of OpenSSL. + +--- + config.h.in | 6 ++++++ + configure | 13 ++++++++++--- + configure.ac | 2 +- + src/medusa-net.c | 9 +++++---- + src/medusa-thread-ssl.c | 10 +++++++--- + src/medusa.h | 4 ++++ + src/modsrc/vnc.c | 12 +++++++++--- + 7 files changed, 42 insertions(+), 14 deletions(-) + +--- config.h.in ++++ config.h.in +@@ -82,6 +82,12 @@ + /* Define to 1 if you have the header file. */ + #undef HAVE_MEMORY_H + ++/* Define to 1 if you have the header file. */ ++#undef HAVE_OPENSSL_CRYPTO_H ++ ++/* Define to 1 if you have the header file. */ ++#undef HAVE_OPENSSL_SSL_H ++ + /* Define to 1 if you have the header file. */ + #undef HAVE_STDINT_H + +--- src/medusa-net.c ++++ src/medusa-net.c +@@ -327,7 +327,9 @@ RSA *sslTempRSACallback(SSL * ssl __attr + RSA *rsa = NULL; + + if (rsa == NULL) +- rsa = RSA_generate_key(512, RSA_F4, NULL, NULL); ++ /* https://openssl.org/docs/manmaster/crypto/RSA_generate_key.html */ ++ RSA_generate_key_ex(rsa, 512, (BIGNUM*) RSA_F4, NULL); ++ + return rsa; + } + +@@ -347,12 +349,12 @@ int medusaConnectSSLInternal(sConnectPar + the server demands. The module can override this by setting nSSLVersion. */ + + /* Debian's OpenSSL has SSLv2 support disabled. */ +-#ifndef OPENSSL_NO_SSL2 ++#if !defined(OPENSSL_NO_SSL2) && (OPENSSL_VERSION_NUMBER < 0x10100005L) + if (pParams->nSSLVersion == 2) + sslContext = SSL_CTX_new(SSLv2_client_method()); + else + #endif +-#ifndef OPENSSL_NO_SSL3 ++#if !defined(OPENSSL_NO_SSL3) && (OPENSSL_VERSION_NUMBER < 0x10100005L) + if (pParams->nSSLVersion == 3) + sslContext = SSL_CTX_new(SSLv3_client_method()); + else +@@ -378,7 +380,6 @@ int medusaConnectSSLInternal(sConnectPar + + // we set the default verifiers and dont care for the results + SSL_CTX_set_default_verify_paths(sslContext); +- SSL_CTX_set_tmp_rsa_callback(sslContext, sslTempRSACallback); + SSL_CTX_set_verify(sslContext, SSL_VERIFY_NONE, NULL); + + if ((hSocket < 0) && ((hSocket = medusaConnect(pParams)) < 0)) +--- src/medusa-thread-ssl.c ++++ src/medusa-thread-ssl.c +@@ -13,7 +13,11 @@ + + #include "medusa.h" + +-#ifdef HAVE_LIBSSL ++/* In OpenSSL <= 1.0.2, an application had to set locking callbacks to use ++ OpenSSL in a multi-threaded environment. OpenSSL 1.1.0 now finds pthreads ++ or Windows threads, so nothing special is necessary. ++*/ ++#if defined(HAVE_LIBSSL) && (OPENSSL_VERSION_NUMBER < 0x10100005L) + static pthread_mutex_t *lockarray; + + #include +@@ -79,7 +83,7 @@ void init_locks_gnutls(void) + + void init_crypto_locks(void) + { +-#ifdef HAVE_LIBSSL ++#if defined(HAVE_LIBSSL) && (OPENSSL_VERSION_NUMBER < 0x10100005L) + init_locks_openssl(); + #endif + +@@ -90,7 +94,7 @@ void init_crypto_locks(void) + + void kill_crypto_locks(void) + { +-#ifdef HAVE_LIBSSL ++#if defined(HAVE_LIBSSL) && (OPENSSL_VERSION_NUMBER < 0x10100005L) + kill_locks_openssl(); + #endif + } +--- src/medusa.h ++++ src/medusa.h +@@ -44,6 +44,10 @@ + #include + #endif + ++#ifdef HAVE_LIBSSL ++ #include ++#endif ++ + #define PROGRAM "Medusa" + #ifndef VERSION + #define VERSION "1.0" +--- src/modsrc/vnc.c ++++ src/modsrc/vnc.c +@@ -811,7 +811,10 @@ int sendAuthMSLogin(int hSocket, _VNC_DA + + /* create and populate DH structure */ + dh_struct = DH_new(); +- ++ ++#if OPENSSL_VERSION_NUMBER >= 0x10100005L ++ DH_set0_pqg(dh_struct, (BIGNUM*) &p, (BIGNUM*) &client_priv, (BIGNUM*) &g); ++#else + dh_struct->g = BN_new(); + BN_set_word(dh_struct->g, g); + +@@ -820,12 +823,11 @@ int sendAuthMSLogin(int hSocket, _VNC_DA + + dh_struct->priv_key = BN_new(); + BN_set_word(dh_struct->priv_key, client_priv); ++#endif + + if (DH_generate_key(dh_struct) == 0) + writeError(ERR_ERROR, "[%s] Failed to generate key", MODULE_NAME); + +- writeError(ERR_DEBUG_MODULE, "[%s] Client DH private key: %s public key: %s", MODULE_NAME, BN_bn2hex(dh_struct->priv_key), BN_bn2hex(dh_struct->pub_key)); +- + DH_check(dh_struct, &dh_error); + if (dh_error & DH_CHECK_P_NOT_SAFE_PRIME) + writeError(ERR_DEBUG_MODULE, "[%s] Failed to create DH structure: DH_CHECK_P_NOT_SAFE_PRIME", MODULE_NAME); +@@ -835,7 +837,11 @@ int sendAuthMSLogin(int hSocket, _VNC_DA + writeError(ERR_DEBUG_MODULE, "[%s] Failed to create DH structure: DH_UNABLE_TO_CHECK_GENERATOR", MODULE_NAME); + + /* convert client public key into proper format for sending */ ++#if OPENSSL_VERSION_NUMBER >= 0x10100005L ++ DH_set0_key(dh_struct, (BIGNUM*) &client_pub, (BIGNUM*) &client_priv); ++#else + int64ToBytes(BN_get_word(dh_struct->pub_key), client_pub); ++#endif + + /* generate shared secret using private DH key and server's public key */ + server_pub = BN_new(); Property changes on: head/security/medusa/files/patch-openssl-1.1.x ___________________________________________________________________ Added: fbsd:nokeywords ## -0,0 +1 ## +yes \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property