SecBSD's official ports repository

2023-08-16 22:26:55 +00:00 · 2023-08-16 22:26:55 +00:00 · 2c0afcbbf3
commit 2c0afcbbf3
64331 changed files with 5339189 additions and 0 deletions
--- a/www/h2o/patches/patch-deps_neverbleed_neverbleed_c
+++ b/www/h2o/patches/patch-deps_neverbleed_neverbleed_c
@ -0,0 +1,84 @@
+Fix build with opaque RSA{,_METHOD} in LibreSSL 3.5. The relevant OpenSSL API
+has been available since LibreSSL 2.9. ECDSA support is thus also available.
+Instead of using ENGINE, use RSA_METHOD and ECDSA_METHOD.
+
+Index: deps/neverbleed/neverbleed.c
+--- deps/neverbleed/neverbleed.c.orig
+++ deps/neverbleed/neverbleed.c
+@@ -45,7 +45,7 @@
+ #endif
+ #include "neverbleed.h"
+ 
+-#if (!defined(LIBRESSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x1010000fL)
+#if ((!defined(LIBRESSL_VERSION_NUMBER) || LIBRESSL_VERSION_NUMBER >= 0x2090000fL) && OPENSSL_VERSION_NUMBER >= 0x1010000fL)
+ #define OPENSSL_1_1_API 1
+ #else
+ #define OPENSSL_1_1_API 0
+@@ -683,7 +683,16 @@ static EVP_PKEY *create_pkey(neverbleed_t *nb, size_t 
+     exdata->nb = nb;
+     exdata->key_index = key_index;
+ 
+#ifdef OPENSSL_NO_ENGINE
+    rsa = RSA_new();
+    if (!rsa) {
+        fprintf(stderr, "no memory\n");
+        abort();
+    }
+    RSA_set_method(rsa, nb->rsa_method);
+#else
+     rsa = RSA_new_method(nb->engine);
+#endif
+     RSA_set_ex_data(rsa, 0, exdata);
+     if (BN_hex2bn(&e, ebuf) == 0) {
+         fprintf(stderr, "failed to parse e:%s\n", ebuf);
+@@ -838,7 +847,16 @@ static EVP_PKEY *ecdsa_create_pkey(neverbleed_t *nb, s
+     exdata->nb = nb;
+     exdata->key_index = key_index;
+ 
+#ifdef OPENSSL_NO_ENGINE
+    ec_key = EC_KEY_new();
+    if (!ec_key) {
+        fprintf(stderr, "no memory\n");
+        abort();
+    }
+    EC_KEY_set_method(ec_key, nb->ecdsa_method);
+#else
+     ec_key = EC_KEY_new_method(nb->engine);
+#endif
+     EC_KEY_set_ex_data(ec_key, 0, exdata);
+ 
+     ec_group = EC_GROUP_new_by_curve_name(curve_name);
+@@ -1486,6 +1504,13 @@ int neverbleed_init(neverbleed_t *nb, char *errbuf)
+     pipe_fds[0] = -1;
+ 
+     /* setup engine */
+#ifdef OPENSSL_NO_ENGINE
+    nb->rsa_method = rsa_method;
+    nb->ecdsa_method = NULL;
+#if OPENSSL_1_1_API
+    nb->ecdsa_method = ecdsa_method;
+#endif
+#else
+     if ((nb->engine = ENGINE_new()) == NULL || !ENGINE_set_id(nb->engine, "neverbleed") ||
+         !ENGINE_set_name(nb->engine, "privilege separation software engine") || !ENGINE_set_RSA(nb->engine, rsa_method)
+ #if OPENSSL_1_1_API
+@@ -1496,6 +1521,7 @@ int neverbleed_init(neverbleed_t *nb, char *errbuf)
+         goto Fail;
+     }
+     ENGINE_add(nb->engine);
+#endif
+ 
+     /* setup thread key */
+     pthread_key_create(&nb->thread_key, dispose_thread_data);
+@@ -1513,9 +1539,11 @@ Fail:
+     }
+     if (listen_fd != -1)
+         close(listen_fd);
+#ifndef OPENSSL_NO_ENGINE
+     if (nb->engine != NULL) {
+         ENGINE_free(nb->engine);
+         nb->engine = NULL;
+     }
+#endif
+     return -1;
+ }