Date: Sun, 19 Apr 2015 14:33:53 +0000 (UTC) From: Johan van Selst <johans@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r384291 - head/security/tlswrap/files Message-ID: <201504191433.t3JEXrcu036639@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: johans Date: Sun Apr 19 14:33:53 2015 New Revision: 384291 URL: https://svnweb.freebsd.org/changeset/ports/384291 Log: security/tlswrap unconditionally relies on RAND_egd which makes building fail with LibreSSL which has removed EGD. FreeBSD does not require EGD at all, /dev/random has been available since FreeBSD 4.2 This patch checks for the existence of RAND_egd in libcrypto and disables the code using egd when it is not available. The default build remains unchanged PR: 198767 Submitted by: Bernard Spil <spil.oss@gmail.com> Added: head/security/tlswrap/files/ head/security/tlswrap/files/patch-conf.h.in (contents, props changed) head/security/tlswrap/files/patch-configure (contents, props changed) head/security/tlswrap/files/patch-configure.in (contents, props changed) head/security/tlswrap/files/patch-tls.c (contents, props changed) Added: head/security/tlswrap/files/patch-conf.h.in ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/tlswrap/files/patch-conf.h.in Sun Apr 19 14:33:53 2015 (r384291) @@ -0,0 +1,12 @@ +--- conf.h.in.orig 2015-04-19 16:22:45.000000000 +0200 ++++ conf.h.in 2015-04-19 16:22:41.000000000 +0200 +@@ -45,6 +45,9 @@ + /* Define to 1 if you have the `RAND_status' function. */ + #undef HAVE_RAND_STATUS + ++/* Define to 1 if you have the `RAND_egd' function. */ ++#undef HAVE_RAND_EGD ++ + /* Define to 1 if you have the `setproctitle' function. */ + #undef HAVE_SETPROCTITLE + Added: head/security/tlswrap/files/patch-configure ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/tlswrap/files/patch-configure Sun Apr 19 14:33:53 2015 (r384291) @@ -0,0 +1,81 @@ +--- configure.orig 2006-11-25 19:52:04.000000000 +0100 ++++ configure 2015-04-19 15:53:43.000000000 +0200 +@@ -4519,6 +4519,78 @@ _ACEOF + fi + done + ++echo "$as_me:$LINENO: checking for RAND_egd in -lcrypto" >&5 ++echo $ECHO_N "checking for RAND_egd in -lcrypto... $ECHO_C" >&6 ++if test "${ac_cv_lib_crypto_RAND_egd+set}" = set; then ++ echo $ECHO_N "(cached) $ECHO_C" >&6 ++else ++ ac_check_lib_save_LIBS=$LIBS ++LIBS="-lcrypto $LIBS" ++cat >conftest.$ac_ext <<_ACEOF ++/* confdefs.h. */ ++_ACEOF ++cat confdefs.h >>conftest.$ac_ext ++cat >>conftest.$ac_ext <<_ACEOF ++/* end confdefs.h. */ ++ ++/* Override any gcc2 internal prototype to avoid an error. */ ++#ifdef __cplusplus ++extern "C" ++#endif ++/* We use char because int might match the return type of a gcc2 ++ builtin and then its argument prototype would still apply. */ ++char RAND_egd (); ++int ++main () ++{ ++RAND_egd (); ++ ; ++ return 0; ++} ++_ACEOF ++rm -f conftest.$ac_objext conftest$ac_exeext ++if { (eval echo "$as_me:$LINENO: \"$ac_link\"") >&5 ++ (eval $ac_link) 2>conftest.er1 ++ ac_status=$? ++ grep -v '^ *+' conftest.er1 >conftest.err ++ rm -f conftest.er1 ++ cat conftest.err >&5 ++ echo "$as_me:$LINENO: \$? = $ac_status" >&5 ++ (exit $ac_status); } && ++ { ac_try='test -z "$ac_c_werror_flag" ++ || test ! -s conftest.err' ++ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 ++ (eval $ac_try) 2>&5 ++ ac_status=$? ++ echo "$as_me:$LINENO: \$? = $ac_status" >&5 ++ (exit $ac_status); }; } && ++ { ac_try='test -s conftest$ac_exeext' ++ { (eval echo "$as_me:$LINENO: \"$ac_try\"") >&5 ++ (eval $ac_try) 2>&5 ++ ac_status=$? ++ echo "$as_me:$LINENO: \$? = $ac_status" >&5 ++ (exit $ac_status); }; }; then ++ ac_cv_lib_crypto_RAND_egd=yes ++else ++ echo "$as_me: failed program was:" >&5 ++sed 's/^/| /' conftest.$ac_ext >&5 ++ ++ac_cv_lib_crypto_RAND_egd=no ++fi ++rm -f conftest.err conftest.$ac_objext \ ++ conftest$ac_exeext conftest.$ac_ext ++LIBS=$ac_check_lib_save_LIBS ++fi ++echo "$as_me:$LINENO: result: $ac_cv_lib_crypto_RAND_egd" >&5 ++echo "${ECHO_T}$ac_cv_lib_crypto_RAND_egd" >&6 ++if test $ac_cv_lib_crypto_RAND_egd = yes; then ++ ++cat >>confdefs.h <<\_ACEOF ++#define HAVE_RAND_EGD 1 ++_ACEOF ++ ++fi ++ + + ac_config_files="$ac_config_files Makefile" + cat >confcache <<\_ACEOF Added: head/security/tlswrap/files/patch-configure.in ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/tlswrap/files/patch-configure.in Sun Apr 19 14:33:53 2015 (r384291) @@ -0,0 +1,9 @@ +--- configure.in.orig 2015-04-19 16:17:12.000000000 +0200 ++++ configure.in 2015-04-19 16:17:24.000000000 +0200 +@@ -113,5 +113,6 @@ esac + dnl Checks for library functions. + AC_FUNC_MEMCMP + AC_CHECK_FUNCS(getopt pidfile inet_aton RAND_status errx strlcpy daemon getnameinfo setproctitle) ++AC_CHECK_LIB(crypto, RAND_egd, AC_DEFINE(HAVE_RAND_EGD, 1, [Define if the libcrypto has RAND_egd])) + AC_SUBST(INCLUDES) + AC_OUTPUT(Makefile) Added: head/security/tlswrap/files/patch-tls.c ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/security/tlswrap/files/patch-tls.c Sun Apr 19 14:33:53 2015 (r384291) @@ -0,0 +1,15 @@ +--- tls.c.orig 2006-11-25 19:52:08.000000000 +0100 ++++ tls.c 2015-04-19 15:53:43.000000000 +0200 +@@ -73,10 +73,12 @@ void tls_init(char *egd_sock) { + printf("egd_sock is %s\n", egd_sock); + #ifdef HAVE_RAND_STATUS + if (RAND_status() != 1) { ++#ifdef HAVE_RAND_EGD + if ( RAND_egd(egd_sock) == -1 ) { + fprintf(stderr, "egd_sock is %s\n", egd_sock); + sys_err("RAND_egd failed\n"); + } ++#endif + if (RAND_status() != 1) + sys_err("ssl_init: System without /dev/urandom, PRNG seeding must be done manually.\r\n"); + }
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201504191433.t3JEXrcu036639>