LILiK
/
openwrt-packages-dist
5
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
7097 Commits
1 Branch
46 MiB
Tree: d66d54d222
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'd66d54d222'
${ noResults }
openwrt-packages-dist/net/socat/patches/110-drop_egd_sslv3_support....

184 lines
6.8 KiB
Raw Normal View History

net/socat: Update to 1.7.3.1 and fix SSL Update to 1.7.3.1 Fix SSL builds Source: http://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/net/socat/patches/#dirlist Signed-off-by: Daniel Engberg <daniel.engberg.lists@pyret.net>
8 years ago
 
  1. --- a/sslcls.c

  2. +++ b/sslcls.c

  3. @@ -55,6 +55,7 @@ const SSL_METHOD *sycSSLv2_server_method

  4.  }
  5.  #endif
  6.  
  7. +#ifdef HAVE_SSLv3_client_method

  8.  const SSL_METHOD *sycSSLv3_client_method(void) {
  9.     const SSL_METHOD *result;
  10.     Debug("SSLv3_client_method()");
  11. @@ -62,7 +63,9 @@ const SSL_METHOD *sycSSLv3_client_method

  12.     Debug1("SSLv3_client_method() -> %p", result);
  13.     return result;
  14.  }
  15. +#endif

  16.  
  17. +#ifdef HAVE_SSLv3_server_method

  18.  const SSL_METHOD *sycSSLv3_server_method(void) {
  19.     const SSL_METHOD *result;
  20.     Debug("SSLv3_server_method()");
  21. @@ -70,6 +73,7 @@ const SSL_METHOD *sycSSLv3_server_method

  22.     Debug1("SSLv3_server_method() -> %p", result);
  23.     return result;
  24.  }
  25. +#endif

  26.  
  27.  const SSL_METHOD *sycSSLv23_client_method(void) {
  28.     const SSL_METHOD *result;
  29. @@ -331,14 +335,6 @@ void sycSSL_free(SSL *ssl) {

  30.     return;
  31.  }
  32.  
  33. -int sycRAND_egd(const char *path) {

  34. -   int result;

  35. -   Debug1("RAND_egd(\"%s\")", path);

  36. -   result = RAND_egd(path);

  37. -   Debug1("RAND_egd() -> %d", result);

  38. -   return result;

  39. -}

  40. -

  41.  DH *sycPEM_read_bio_DHparams(BIO *bp, DH **x, pem_password_cb *cb, void *u) {
  42.     DH *result;
  43.     Debug4("PEM_read_bio_DHparams(%p, %p, %p, %p)",
  44. @@ -375,7 +371,7 @@ int sycFIPS_mode_set(int onoff) {

  45.  }
  46.  #endif /* WITH_FIPS */
  47.  
  48. -#if OPENSSL_VERSION_NUMBER >= 0x00908000L

  49. +#if (OPENSSL_VERSION_NUMBER >= 0x00908000L) && !defined(OPENSSL_NO_COMP)

  50.  const COMP_METHOD *sycSSL_get_current_compression(SSL *ssl) {
  51.     const COMP_METHOD *result;
  52.     Debug1("SSL_get_current_compression(%p)", ssl);
  53. --- a/sslcls.h

  54. +++ b/sslcls.h

  55. @@ -47,7 +47,6 @@ X509 *sycSSL_get_peer_certificate(SSL *s

  56.  int sycSSL_shutdown(SSL *ssl);
  57.  void sycSSL_CTX_free(SSL_CTX *ctx);
  58.  void sycSSL_free(SSL *ssl);
  59. -int sycRAND_egd(const char *path);

  60.  
  61.  DH *sycPEM_read_bio_DHparams(BIO *bp, DH **x, pem_password_cb *cb, void *u);
  62.  
  63. @@ -55,7 +54,7 @@ BIO *sycBIO_new_file(const char *filenam

  64.  
  65.  int sycFIPS_mode_set(int onoff);
  66.  
  67. -#if OPENSSL_VERSION_NUMBER >= 0x00908000L

  68. +#if (OPENSSL_VERSION_NUMBER >= 0x00908000L) && !defined(OPENSSL_NO_COMP)

  69.  const COMP_METHOD *sycSSL_get_current_compression(SSL *ssl);
  70.  const COMP_METHOD *sycSSL_get_current_expansion(SSL *ssl);
  71.  const char *sycSSL_COMP_get_name(const COMP_METHOD *comp);
  72. @@ -98,7 +97,6 @@ const char *sycSSL_COMP_get_name(const C

  73.  #define sycSSL_shutdown(s) SSL_shutdown(s)
  74.  #define sycSSL_CTX_free(c) SSL_CTX_free(c)
  75.  #define sycSSL_free(s) SSL_free(s)
  76. -#define sycRAND_egd(p) RAND_egd(p)

  77.  
  78.  #define sycPEM_read_bio_DHparams(b,x,p,u) PEM_read_bio_DHparams(b,x,p,u)
  79.  
  80. --- a/test.sh

  81. +++ b/test.sh

  82. @@ -576,9 +576,6 @@ filloptionvalues() {

  83.      *,dh,*) OPTS=$(echo "$OPTS" |sed "s/,dh,/,dh=/tmp/hugo,/g");;
  84.      esac
  85.      case "$OPTS" in
  86. -    *,egd,*) OPTS=$(echo "$OPTS" |sed "s/,egd,/,egd=/tmp/hugo,/g");;

  87. -    esac

  88. -    case "$OPTS" in

  89.      *,compress,*) OPTS=$(echo "$OPTS" |sed "s/,compress,/,compress=none,/g");;
  90.      esac
  91.      # PROXY
  92. --- a/xio-openssl.c

  93. +++ b/xio-openssl.c

  94. @@ -108,7 +108,6 @@ const struct optdesc opt_openssl_key

  95.  const struct optdesc opt_openssl_dhparam     = { "openssl-dhparam",     "dh",    OPT_OPENSSL_DHPARAM,     GROUP_OPENSSL, PH_SPEC, TYPE_FILENAME, OFUNC_SPEC };
  96.  const struct optdesc opt_openssl_cafile      = { "openssl-cafile",     "cafile", OPT_OPENSSL_CAFILE,      GROUP_OPENSSL, PH_SPEC, TYPE_FILENAME, OFUNC_SPEC };
  97.  const struct optdesc opt_openssl_capath      = { "openssl-capath",     "capath", OPT_OPENSSL_CAPATH,      GROUP_OPENSSL, PH_SPEC, TYPE_FILENAME, OFUNC_SPEC };
  98. -const struct optdesc opt_openssl_egd         = { "openssl-egd",        "egd",    OPT_OPENSSL_EGD,         GROUP_OPENSSL, PH_SPEC, TYPE_FILENAME, OFUNC_SPEC };

  99.  const struct optdesc opt_openssl_pseudo      = { "openssl-pseudo",     "pseudo", OPT_OPENSSL_PSEUDO,      GROUP_OPENSSL, PH_SPEC, TYPE_BOOL,     OFUNC_SPEC };
  100.  #if OPENSSL_VERSION_NUMBER >= 0x00908000L
  101.  const struct optdesc opt_openssl_compress    = { "openssl-compress",   "compress", OPT_OPENSSL_COMPRESS,  GROUP_OPENSSL, PH_SPEC, TYPE_STRING,   OFUNC_SPEC };
  102. @@ -147,7 +146,7 @@ int xio_reset_fips_mode(void) {

  103.  static void openssl_conn_loginfo(SSL *ssl) {
  104.     Notice1("SSL connection using %s", SSL_get_cipher(ssl));
  105.  
  106. -#if OPENSSL_VERSION_NUMBER >= 0x00908000L

  107. +#if (OPENSSL_VERSION_NUMBER >= 0x00908000L) && !defined(OPENSSL_NO_COMP)

  108.     {
  109.        const COMP_METHOD *comp, *expansion;
  110.  
  111. @@ -722,7 +721,6 @@ int

  112.     char *opt_dhparam = NULL;	/* file name of DH params */
  113.     char *opt_cafile = NULL;	/* certificate authority file */
  114.     char *opt_capath = NULL;	/* certificate authority directory */
  115. -   char *opt_egd = NULL;	/* entropy gathering daemon socket path */

  116.  #if OPENSSL_VERSION_NUMBER >= 0x00908000L
  117.     char *opt_compress = NULL;	/* compression method */
  118.  #endif
  119. @@ -741,7 +739,6 @@ int

  120.     retropt_string(opts, OPT_OPENSSL_CAPATH, &opt_capath);
  121.     retropt_string(opts, OPT_OPENSSL_KEY, &opt_key);
  122.     retropt_string(opts, OPT_OPENSSL_DHPARAM, &opt_dhparam);
  123. -   retropt_string(opts, OPT_OPENSSL_EGD, &opt_egd);

  124.     retropt_bool(opts,OPT_OPENSSL_PSEUDO, &opt_pseudo);
  125.  #if OPENSSL_VERSION_NUMBER >= 0x00908000L
  126.     retropt_string(opts, OPT_OPENSSL_COMPRESS, &opt_compress);
  127. @@ -877,10 +874,6 @@ int

  128.        }
  129.     }
  130.  
  131. -   if (opt_egd) {

  132. -      sycRAND_egd(opt_egd);

  133. -   }

  134. -

  135.     if (opt_pseudo) {
  136.        long int randdata;
  137.        /* initialize libc random from actual microseconds */
  138. @@ -1105,7 +1098,7 @@ static int openssl_SSL_ERROR_SSL(int lev

  139.        if (e == ((ERR_LIB_RAND<<24)|
  140.  		(RAND_F_SSLEAY_RAND_BYTES<<12)|
  141.  		(RAND_R_PRNG_NOT_SEEDED)) /*0x24064064*/) {
  142. -	 Error("too few entropy; use options \"egd\" or \"pseudo\"");

  143. +	 Error("too few entropy; use option \"pseudo\"");

  144.  	 stat = STAT_NORETRY;
  145.        } else {
  146.  	 Msg2(level, "%s(): %s", funcname, ERR_error_string(e, buf));
  147. --- a/xio-openssl.h

  148. +++ b/xio-openssl.h

  149. @@ -21,7 +21,6 @@ extern const struct optdesc opt_openssl_

  150.  extern const struct optdesc opt_openssl_dhparam;
  151.  extern const struct optdesc opt_openssl_cafile;
  152.  extern const struct optdesc opt_openssl_capath;
  153. -extern const struct optdesc opt_openssl_egd;

  154.  extern const struct optdesc opt_openssl_pseudo;
  155.  #if OPENSSL_VERSION_NUMBER >= 0x00908000L
  156.  extern const struct optdesc opt_openssl_compress;
  157. --- a/xioopts.c

  158. +++ b/xioopts.c

  159. @@ -412,7 +412,6 @@ const struct optname optionnames[] = {

  160.  #ifdef ECHOPRT
  161.  	IF_TERMIOS("echoprt",	&opt_echoprt)
  162.  #endif
  163. -	IF_OPENSSL("egd",	&opt_openssl_egd)

  164.  	IF_ANY    ("end-close",	&opt_end_close)
  165.  	IF_TERMIOS("eof",	&opt_veof)
  166.  	IF_TERMIOS("eol",	&opt_veol)
  167. @@ -1102,7 +1101,6 @@ const struct optname optionnames[] = {

  168.  	IF_OPENSSL("openssl-compress",	&opt_openssl_compress)
  169.  #endif
  170.  	IF_OPENSSL("openssl-dhparam",	&opt_openssl_dhparam)
  171. -	IF_OPENSSL("openssl-egd",	&opt_openssl_egd)

  172.  #if WITH_FIPS
  173.  	IF_OPENSSL("openssl-fips",	&opt_openssl_fips)
  174.  #endif
  175. --- a/xioopts.h

  176. +++ b/xioopts.h

  177. @@ -478,7 +478,6 @@ enum e_optcode {

  178.     OPT_OPENSSL_COMPRESS,
  179.  #endif
  180.     OPT_OPENSSL_DHPARAM,
  181. -   OPT_OPENSSL_EGD,

  182.     OPT_OPENSSL_FIPS,
  183.     OPT_OPENSSL_KEY,
  184.     OPT_OPENSSL_METHOD,