add openssl 1.0

2026-04-10 02:21:15 +02:00 · 2019-12-26 17:21:14 +00:00
parent 8c1d45705b
commit 0c52d19811
11 changed files with 2060 additions and 0 deletions
--- a/crypto/openssl10/Makefile
+++ b/crypto/openssl10/Makefile
@@ -0,0 +1,76 @@
+# Created by: Dirk Froemberg <dirk@FreeBSD.org>
+# $FreeBSD: head/security/openssl/Makefile 520514 2019-12-20 15:06:52Z brnrd $
+
+PORTNAME=	openssl
+PORTVERSION=	1.0.2u
+CATEGORIES=	security devel
+MASTER_SITES=	http://www.openssl.org/source/ \
+		ftp://ftp.cert.dfn.de/pub/tools/net/openssl/source/
+DIST_SUBDIR=	${PORTNAME}-${DISTVERSION:C/[a-z]$//}
+PKGNAMESUFFIX=	10
+
+MAINTAINER=	brnrd@FreeBSD.org
+COMMENT=	SSL and crypto library
+
+CFLAGS+= -Werror -Qunused-arguments
+
+CONFIGURE_ARGS+= no-gmp 
+CONFIGURE_ARGS+= no-asm 
+CONFIGURE_ARGS+= enable-ec_nistp_64_gcc_128 
+CONFIGURE_ARGS+= enable-md2 
+CONFIGURE_ARGS+= no-padlock 
+CONFIGURE_ARGS+= enable-rc5 
+CONFIGURE_ARGS+= enable-rfc3779 
+CONFIGURE_ARGS+= sctp 
+CONFIGURE_ARGS+= shared 
+CONFIGURE_ARGS+= enable-ssl2 
+CONFIGURE_ARGS+= enable-ssl3 
+CONFIGURE_ARGS+= threads 
+CONFIGURE_ARGS+= zlib 
+CONFIGURE_ARGS+= zlib-dynamic
+
+post-patch:
+	${REINPLACE_CMD} -e 's|m4 -B 8192|m4|g' \
+		${WRKSRC}/crypto/des/Makefile
+	${REINPLACE_CMD} -e 's|SHLIB_VERSION_NUMBER "1.0.0"|SHLIB_VERSION_NUMBER "${OPENSSL_SHLIBVER}"|' \
+		${WRKSRC}/crypto/opensslv.h
+	${REINPLACE_CMD} -e 's|\^GNU ld|GNU|' ${WRKSRC}/Makefile.shared
+
+#post-patch-MAN3-off:
+#	${GREP} -L openssl_manual_section ${WRKSRC}/doc/crypto/*.pod | ${XARGS} ${RM}
+#	${REINPLACE_CMD} -e 's|pod doc/ssl/\*\.pod|pod|' ${WRKSRC}/Makefile.org
+
+
+PREFIX=${LOCALBASE}/openssl10
+OPENSSLDIR= ${PREFIX}/etc/ssl
+
+OPENSSL_SHLIBVER=10
+
+do-configure:
+	${REINPLACE_CMD} -e "s|options 386|options|" ${WRKSRC}/config
+	cd ${WRKSRC} \
+	&& ${SETENV} CC="${CC}" FREEBSDCC="${CC}" CFLAGS="${CFLAGS}" PERL="${PERL}" \
+	./config --prefix=${PREFIX} --openssldir=${OPENSSLDIR}\
+		--install_prefix=${STAGEDIR} \
+		-L${PREFIX}/lib ${CONFIGURE_ARGS}
+
+post-configure:
+	${REINPLACE_CMD} \
+		-e 's|^MANDIR=.*$$|MANDIR=$$(PREFIX)/man|' \
+		-e 's|LIBVERSION=[^ ]* |LIBVERSION=${OPENSSL_SHLIBVER} |' \
+		${WRKSRC}/Makefile
+
+post-install:
+	${INSTALL} ${WRKSRC}/libssl.so.10 ${STAGEDIR}${PREFIX}/lib/
+	${INSTALL} ${WRKSRC}/libcrypto.so.10 ${STAGEDIR}${PREFIX}/lib/
+
+#post-install-SHARED-on:
+#	${STRIP_CMD} ${STAGEDIR}${PREFIX}/bin/openssl \
+#	${STAGEDIR}${PREFIX}/lib/lib*.so.${OPENSSL_SHLIBVER} \
+#	${STAGEDIR}${PREFIX}/lib/engines/lib*.so
+
+#post-install-DOCS-on:
+#	${MKDIR} ${STAGEDIR}${DOCSDIR}
+#	${INSTALL_DATA} ${WRKSRC}/doc/openssl.txt ${STAGEDIR}${DOCSDIR}/
+
+.include <bsd.port.mk>
--- a/crypto/openssl10/distinfo
+++ b/crypto/openssl10/distinfo
@@ -0,0 +1,11 @@
+TIMESTAMP = 1576850209
+SHA256 (openssl-1.0.2/openssl-1.0.2u.tar.gz) = ecd0c6ffb493dd06707d38b14bb4d8c2288bb7033735606569d8f90f89669d16
+SIZE (openssl-1.0.2/openssl-1.0.2u.tar.gz) = 5355412
+SHA256 (openssl-1.0.2/1001-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch) = 2eddcb7ab342285cb637ce6b6be143cca835f449f35dd9bb8c7b9167ba2117a7
+SIZE (openssl-1.0.2/1001-crypto-hmac-support-EVP_MD_CTX_FLAG_ONESHOT-and-set-.patch) = 3717
+SHA256 (openssl-1.0.2/1002-backport-changes-from-upstream-padlock-module.patch) = aee88a24622ce9d71e38deeb874e58435dcf8ff5690f56194f0e4a00fb09b260
+SIZE (openssl-1.0.2/1002-backport-changes-from-upstream-padlock-module.patch) = 5770
+SHA256 (openssl-1.0.2/1003-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch) = c10b8aaf56a4f4f79ca195fc587e0bb533f643e777d7a3e6fb0350399a6060ea
+SIZE (openssl-1.0.2/1003-engines-e_padlock-implement-sha1-sha224-sha256-accel.patch) = 20935
+SHA256 (openssl-1.0.2/1004-crypto-engine-autoload-padlock-dynamic-engine.patch) = 97eb4411d0fc0890e94bc7c2d682f68b71135da782af769ca73914b37da2b1fd
+SIZE (openssl-1.0.2/1004-crypto-engine-autoload-padlock-dynamic-engine.patch) = 832
--- a/crypto/openssl10/files/extra-patch-test_testssl
+++ b/crypto/openssl10/files/extra-patch-test_testssl
@@ -0,0 +1,15 @@
+Disable SSLv3 test when built without SSL3 option disabled
+
+ - Test for weak DH fails when enabled
+
+--- test/testssl.orig	2017-04-27 12:23:44 UTC
+++ test/testssl
+@@ -160,7 +160,7 @@ test_cipher() {
+ }
+ set -x
+ echo "Testing ciphersuites"
+-for protocol in TLSv1.2 SSLv3; do
+for protocol in TLSv1.2; do
+   echo "Testing ciphersuites for $protocol"
+   for cipher in `../util/shlib_wrap.sh ../apps/openssl ciphers "RSA+$protocol" | tr ':' ' '`; do
+     test_cipher $cipher $protocol
--- a/crypto/openssl10/files/patch-Configure
+++ b/crypto/openssl10/files/patch-Configure
@@ -0,0 +1,45 @@
+--- Configure.orig	2015-06-11 15:50:11.000000000 +0200
+++ Configure	2015-06-12 16:20:39.000000000 +0200
+@@ -467,19 +467,20 @@
+ "android-mips","gcc:-mandroid -I\$(ANDROID_DEV)/include -B\$(ANDROID_DEV)/lib -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${mips32_asm}:o32:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ 
+ #### *BSD [do see comment about ${BSDthreads} above!]
+-"BSD-generic32","gcc:-O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+-"BSD-x86",	"gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+-"BSD-x86-elf",	"gcc:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+-"debug-BSD-x86-elf",	"gcc:-DL_ENDIAN -O3 -Wall -g::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+-"BSD-sparcv8",	"gcc:-DB_ENDIAN -O3 -mcpu=v8 -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL:${sparcv8_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"BSD-generic32","$ENV{'FREEBSDCC'}:-O3 -fomit-frame-pointer -Wall $ENV{'CFLAGS'}::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIBVER)",
+"BSD-x86",	"$ENV{'FREEBSDCC'}:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall $ENV{'CFLAGS'}::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_asm}:a.out:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIBVER)",
+"BSD-x86-elf",	"$ENV{'FREEBSDCC'}:-DL_ENDIAN -O3 -fomit-frame-pointer -Wall $ENV{'CFLAGS'}::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIBVER)",
+"debug-BSD-x86-elf",	"$ENV{'FREEBSDCC'}:-DL_ENDIAN -O3 -Wall -g $ENV{'CFLAGS'}::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIBVER)",
+"BSD-sparcv8", "$ENV{'FREEBSDCC'}:-DB_ENDIAN -O3 -mcpu=v8 -Wall $ENV{'CFLAGS'}::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL:${sparcv8_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIBVER)",
+ 
+-"BSD-generic64","gcc:-O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"BSD-generic64","$ENV{'FREEBSDCC'}:-O3 -Wall $ENV{'CFLAGS'}::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIBVER)",
+ # -DMD32_REG_T=int doesn't actually belong in sparc64 target, it
+ # simply *happens* to work around a compiler bug in gcc 3.3.3,
+ # triggered by RIPEMD160 code.
+-"BSD-sparc64",	"gcc:-DB_ENDIAN -O3 -DMD32_REG_T=int -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC2 BF_PTR:${sparcv9_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+-"BSD-ia64",	"gcc:-DL_ENDIAN -O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+-"BSD-x86_64",	"cc:-DL_ENDIAN -O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"BSD-sparc64",	"$ENV{'FREEBSDCC'}:-DB_ENDIAN -O3 -DMD32_REG_T=int -Wall $ENV{'CFLAGS'}::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC2 BF_PTR:${sparcv9_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIBVER)",
+"BSD-ia64",	"$ENV{'FREEBSDCC'}:-DL_ENDIAN -O3 -Wall $ENV{'CFLAGS'}::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_INT:${ia64_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIBVER)",
+"BSD-x86_64",	"$ENV{'FREEBSDCC'}:-DL_ENDIAN -O3 -Wall $ENV{'CFLAGS'}::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:elf:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIBVER)",
+"BSD-alpha",	"$ENV{'FREEBSDCC'}:-DL_ENDIAN -O -Wall $ENV{'CFLAGS'}::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_RISC1:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIBVER)",
+ 
+ "bsdi-elf-gcc",     "gcc:-DPERL5 -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall::(unknown)::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+ 
+@@ -2019,10 +2020,12 @@
+ 	if ( $perl =~ m@^/@) {
+ 	    &dofile("tools/c_rehash",$perl,'^#!/', '#!%s','^my \$dir;$', 'my $dir = "' . $openssldir . '";', '^my \$prefix;$', 'my $prefix = "' . $prefix . '";');
+ 	    &dofile("apps/CA.pl",$perl,'^#!/', '#!%s');
+	    &dofile("apps/tsget",$perl,'^#!/', '#!%s');
+ 	} else {
+ 	    # No path for Perl known ...
+ 	    &dofile("tools/c_rehash",'/usr/local/bin/perl','^#!/', '#!%s','^my \$dir;$', 'my $dir = "' . $openssldir . '";',  '^my \$prefix;$', 'my $prefix = "' . $prefix . '";');
+ 	    &dofile("apps/CA.pl",'/usr/local/bin/perl','^#!/', '#!%s');
+	    &dofile("apps/tsget",'/usr/local/bin/perl',,'^#!/', '#!%s');
+ 	}
+ 	if ($depflags ne $default_depflags && !$make_depend) {
+ 		print <<EOF;
--- a/crypto/openssl10/files/patch-Makefile
+++ b/crypto/openssl10/files/patch-Makefile
@@ -0,0 +1,11 @@
+--- apps/Makefile.orig	Tue Aug 10 11:09:07 2004
+++ apps/Makefile	Tue Oct 26 07:00:51 2004
+@@ -112,7 +112,7 @@
+ 	 done
+ 	@cp openssl.cnf $(INSTALL_PREFIX)$(OPENSSLDIR)/openssl.cnf.new; \
+ 	chmod 644 $(INSTALL_PREFIX)$(OPENSSLDIR)/openssl.cnf.new; \
+-	mv -f  $(INSTALL_PREFIX)$(OPENSSLDIR)/openssl.cnf.new $(INSTALL_PREFIX)$(OPENSSLDIR)/openssl.cnf
+	mv -f  $(INSTALL_PREFIX)$(OPENSSLDIR)/openssl.cnf.new $(INSTALL_PREFIX)$(OPENSSLDIR)/openssl.cnf.sample
+ 
+ tags:
+ 	ctags $(SRC)
--- a/crypto/openssl10/files/patch-RFC-5705
+++ b/crypto/openssl10/files/patch-RFC-5705
@@ -0,0 +1,38 @@
+--- ssl/ssl.h	6 Jan 2010 17:37:38 -0000	1.221.2.24
+++ ssl/ssl.h	17 Jun 2010 12:25:35 -0000
+@@ -1806,6 +1806,10 @@
+ /* Pre-shared secret session resumption functions */
+ int SSL_set_session_secret_cb(SSL *s, tls_session_secret_cb_fn tls_session_secret_cb, void *arg);
+ 
+void SSL_tls1_key_exporter(SSL *s, unsigned char *label, int label_len,
+                           unsigned char *context, int context_len,
+                           unsigned char *out, int olen);
+
+ /* BEGIN ERROR CODES */
+ /* The following lines are auto generated by the script mkerr.pl. Any changes
+  * made after this point may be overwritten when the script is next run.
+
+--- ssl/t1_enc.c.orig	2015-01-22 15:58:32.000000000 +0100
+++ ssl/t1_enc.c	2015-03-10 07:21:12.000000000 +0100
+@@ -1261,6 +1261,21 @@
+     return (rv);
+ }
+ 
+void SSL_tls1_key_exporter(SSL *s, unsigned char *label, int label_len,
+                           unsigned char *context, int context_len,
+                           unsigned char *out, int olen)
+	{
+	unsigned char tmp[olen];
+	
+	tls1_PRF(s->s3->tmp.new_cipher->algorithm2,
+			 label, label_len,
+			 s->s3->client_random,SSL3_RANDOM_SIZE,
+			 s->s3->server_random,SSL3_RANDOM_SIZE,
+			 context, context_len, NULL, 0,
+			 s->session->master_key, s->session->master_key_length,
+			 out, tmp, olen);
+	}
+
+ int tls1_alert_code(int code)
+ {
+     switch (code) {
--- a/crypto/openssl10/files/patch-apps_s__client.c
+++ b/crypto/openssl10/files/patch-apps_s__client.c
@@ -0,0 +1,22 @@
+From 4e48c77572a9a96a301e362a3646cd3cc7eca0f9 Mon Sep 17 00:00:00 2001
+From: Carlos Alberto Lopez Perez <clopez@igalia.com>
+Date: Mon, 6 Aug 2012 01:45:51 +0200
+Subject: [PATCH] Fix XMPP code detection on s_client starttls xmpp
+
+ * Some XMPP Servers (OpenFire) use double quotes.
+ * This makes s_client starttls work with this servers.
+ * Tested with OpenFire servers from http://xmpp.net/ ::
+
+     openssl s_client -connect coderollers.com:5222 -starttls xmpp
+--- apps/s_client.c.orig	2017-05-25 12:54:38 UTC
+++ apps/s_client.c
+@@ -1663,7 +1663,8 @@ int MAIN(int argc, char **argv)
+         seen = BIO_read(sbio, mbuf, BUFSIZZ);
+         mbuf[seen] = 0;
+         while (!strstr
+-               (mbuf, "<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'")) {
+               (mbuf, "<starttls xmlns='urn:ietf:params:xml:ns:xmpp-tls'") &&
+		!strstr(mbuf, "<starttls xmlns=\"urn:ietf:params:xml:ns:xmpp-tls\"")) {
+             if (strstr(mbuf, "/stream:features>"))
+                 goto shut;
+             seen = BIO_read(sbio, mbuf, BUFSIZZ);
--- a/crypto/openssl10/files/patch-config
+++ b/crypto/openssl10/files/patch-config
@@ -0,0 +1,19 @@
+--- config.orig	2013-06-16 07:01:13.038797248 -0500
+++ config	2013-06-16 07:01:18.138794838 -0500
+@@ -734,14 +734,8 @@
+   sparc64-*-*bsd*)	OUT="BSD-sparc64" ;;
+   ia64-*-*bsd*)		OUT="BSD-ia64" ;;
+   amd64-*-*bsd*)	OUT="BSD-x86_64" ;;
+-  *86*-*-*bsd*)		# mimic ld behaviour when it's looking for libc...
+-			if [ -L /usr/lib/libc.so ]; then	# [Free|Net]BSD
+-			    libc=/usr/lib/libc.so
+-			else					# OpenBSD
+-			    # ld searches for highest libc.so.* and so do we
+-			    libc=`(ls /usr/lib/libc.so.* /lib/libc.so.* | tail -1) 2>/dev/null`
+-			fi
+-			case "`(file -L $libc) 2>/dev/null`" in
+  *86*-*-*bsd*)	
+			case "`(file -L /bin/sh) 2>/dev/null`" in
+ 			*ELF*)	OUT="BSD-x86-elf" ;;
+ 			*)	OUT="BSD-x86"; options="$options no-sse2" ;;
+ 			esac ;;
--- a/crypto/openssl10/files/pkg-message.in
+++ b/crypto/openssl10/files/pkg-message.in
@@ -0,0 +1,7 @@
+[
+{ type: install
+  message: <<EOM
+Edit %%PREFIX%%/openssl/openssl.cnf to fit your needs.
+EOM
+}
+]
--- a/crypto/openssl10/pkg-descr
+++ b/crypto/openssl10/pkg-descr
@@ -0,0 +1,16 @@
+The OpenSSL Project is a collaborative effort to develop a robust,
+commercial-grade, full-featured, and Open Source toolkit implementing
+the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security
+(TLS v1) protocols with full-strength cryptography world-wide. The
+project is managed by a worldwide community of volunteers that use
+the Internet to communicate, plan, and develop the OpenSSL tookit
+and its related documentation.
+
+OpenSSL is based on the excellent SSLeay library developed by Eric
+A. Young and Tim J. Hudson. The OpenSSL toolkit is licensed under
+an Apache-style licence, which basically means that you are free
+to get and use it for commercial and non-commercial purposes subject
+to some simple license conditions.
+
+WWW: https://www.openssl.org/
+WWW: http://sctp.fh-muenster.de/dtls-patches.html
--- a/crypto/openssl10/pkg-plist
+++ b/crypto/openssl10/pkg-plist