Date: Sat, 22 Jan 2000 18:46:28 -0800 (PST) From: Kris Kennaway <kris@hub.freebsd.org> To: ports@freebsd.org Subject: USA_OPENSSL Message-ID: <Pine.BSF.4.21.0001221840430.86781-100000@hub.freebsd.org>
next in thread | raw e-mail | index | archive | help
Attached is a prototype patch for bsd.port.mk to teach it about the
various possible versions of openssl. Note that it doesn't quite work: I
can't figure out why CFLAGS and OPENSSL_RSAREF aren't being set early
enough that they're visible to makefiles (e.g. the updated pipsecd port,
patch appended). I haven't tested this thoroughly on all of the
combinations of variables, so I might have screwed up :-)
This is kind of messy because of all the possibilities which exist, so if
anyone can think of improvements I'm all ears :-)
Kris
Index: ../../Mk/bsd.port.mk
===================================================================
RCS file: /home/ncvs/ports/Mk/bsd.port.mk,v
retrieving revision 1.326
diff -u -r1.326 bsd.port.mk
--- ../../Mk/bsd.port.mk 2000/01/21 11:08:06 1.326
+++ ../../Mk/bsd.port.mk 2000/01/23 02:32:07
@@ -653,6 +653,38 @@
MAKE_ENV+= CC=${CC} CXX=${CXX}
.endif
+.if defined(USE_OPENSSL)
+.if ${OSVERSION} >= 400014 && exists(/usr/lib/libcrypto.so)
+.if ${USE_OPENSSL} == RSA
+_HASRSA= "`/usr/bin/nm /usr/lib/libcrypto.a | ${GREP} RSA_free`"
+.if empty(_HASRSA)
+.BEGIN:
+ @${ECHO} ">>> This port requires RSA crypto, which is not present in your"
+ @${ECHO} ">>> version of OpenSSL. Please see Chapter XX in the FAQ for"
+ @${ECHO} ">>> a description of the problem and alternative solutions."
+ @${FALSE}
+.elif defined(USA_RESIDENT) && ${USA_RESIDENT} == YES
+LIB_DEPENDS+= rsaref.2:${PORTSDIR}/security/rsaref
+# We set this so ports can decide whether or not to link against librsaref
+# and libRSAglue
+OPENSSL_RSAREF= YES
+.endif
+.endif
+OPENSSLBASE= /usr
+OPENSSLDIR= /etc/ssl
+# OpenSSL in the base system doesn't include IDEA for patent reasons.
+CFLAGS+= -DNO_IDEA
+.else
+LIB_DEPENDS+= crypto.1:${PORTSDIR}/security/openssl
+OPENSSLBASE= ${LOCALBASE}
+OPENSSLDIR= ${LOCALBASE}/openssl
+.endif
+OPENSSLLIB= ${OPENSSLBASE}/lib
+OPENSSLINC= ${OPENSSLBASE}/include
+MAKE_ENV+= OPENSSLLIB=${OPENSSLLIB} OPENSSLINC=${OPENSSLINC} \
+ OPENSSLBASE=${OPENSSLBASE} OPENSSLDIR=${OPENSSLDIR}
+.endif
+
.if defined(REQUIRES_MOTIF)
LIB_DEPENDS+= Xpm.4:${PORTSDIR}/graphics/xpm
.if defined(PARALLEL_PACKAGE_BUILD)
Index: Makefile
===================================================================
RCS file: /home/ncvs/ports/net/pipsecd/Makefile,v
retrieving revision 1.6
diff -u -r1.6 Makefile
--- Makefile 1999/11/07 22:25:37 1.6
+++ Makefile 2000/01/23 02:44:23
@@ -14,9 +14,14 @@
MAINTAINER= patrick@mindstep.com
-LIB_DEPENDS= crypto.1:${PORTSDIR}/security/openssl
+USE_OPENSSL= RSA
ALL_TARGET= pipsecd
+
+.if defined(OPENSSL_RSAREF)
+OPTLIB= -L${OPENSSLLIB} -L${LOCALBASE} -lRSAglue -lrsaref
+MAKE_ENV+= OPTLIB="${OPTLIB}"
+.endif
.include <bsd.port.pre.mk>
Index: patches/patch-aa
===================================================================
RCS file: /home/ncvs/ports/net/pipsecd/patches/patch-aa,v
retrieving revision 1.3
diff -u -r1.3 patch-aa
--- patches/patch-aa 1999/12/02 04:55:45 1.3
+++ patches/patch-aa 2000/01/23 02:12:52
@@ -1,27 +1,30 @@
---- Makefile.orig Thu Sep 16 17:44:50 1999
-+++ Makefile Thu Oct 14 10:27:50 1999
-@@ -6,10 +6,13 @@
+--- Makefile.orig Thu Sep 16 14:44:50 1999
++++ Makefile Sat Jan 22 18:12:45 2000
+@@ -6,23 +6,26 @@
CLEANFILES= *.core *.o pipsecd
# Where your OpenSSL includes are located
-INCDIR=/usr/local/ssl/include
-+INCDIR=-I$(PREFIX)/include/openssl -I$(PREFIX)/include
++INCDIR=-I$(OPENSSLINC)/openssl -I$(PREFIX)/include
# Where your libcrypto is located
-LIBDIR=/usr/local/ssl/lib
-+LIBDIR=-L$(PREFIX)/lib
++LIBDIR=-L$(OPENSSLLIB)/lib
+
+# Misc defines
+DEFINES=-DFILE_PREFIX=\"$(PREFIX)\"
# Optional: use FreeBSD's libmd
- #OPTLIB += -lmd
-@@ -19,10 +22,10 @@
+-#OPTLIB += -lmd
++OPTLIB += -lmd
+ #OPTDEF += -DUSE_SYSTEM_HASH
+
+ # Optional: use ethertap device under Linux instead of userlink
#OPTDEF += -DUSE_ETHERTAP
pipsecd: tunip.c defs.h
- gcc -Wall -I$(INCDIR) -g $(OPTDEF) -o pipsecd tunip.c -L$(LIBDIR) $(OPTLIB) -lcrypto
-+ gcc -Wall $(INCDIR) -g $(OPTDEF) -o pipsecd tunip.c $(LIBDIR) $(OPTLIB) -lcrypto -lRSAglue -lrsaref $(DEFINES)
++ $(CC) -Wall $(INCDIR) -g $(CFLAGS) $(OPTDEF) -o pipsecd tunip.c $(LIBDIR) $(OPTLIB) -lcrypto $(DEFINES)
install: pipsecd
- install pipsecd /usr/local/sbin/
Index: patches/patch-ab
===================================================================
RCS file: /home/ncvs/ports/net/pipsecd/patches/patch-ab,v
retrieving revision 1.1.1.1
diff -u -r1.1.1.1 patch-ab
--- patches/patch-ab 1999/08/16 22:14:42 1.1.1.1
+++ patches/patch-ab 2000/01/23 02:04:13
@@ -1,6 +1,12 @@
---- tunip.c.orig Mon Aug 16 11:54:50 1999
-+++ tunip.c Mon Aug 16 12:27:07 1999
-@@ -57,8 +57,8 @@
+--- tunip.c.orig Tue Sep 21 15:20:40 1999
++++ tunip.c Sat Jan 22 18:02:55 2000
+@@ -54,12 +54,14 @@
+ #include <blowfish.h>
+ #include <cast.h>
+ #include <des.h>
++#ifndef NO_IDEA
+ #include <idea.h>
++#endif
#include "defs.h"
@@ -10,4 +16,66 @@
+#define _PATH_STARTUP FILE_PREFIX "/etc/ipsec/startup"
#define _PATH_DEV_RANDOM "/dev/random"
- #define MAX_HEADER 64
+ #ifdef USE_ETHERTAP
+@@ -131,7 +133,9 @@
+ des_key_schedule k3;
+ } des3;
+ CAST_KEY cast;
++#ifndef NO_IDEA
+ IDEA_KEY_SCHEDULE idea;
++#endif
+ } crypt_key;
+
+ typedef struct crypt_method {
+@@ -304,12 +308,14 @@
+ void cast_cbc_decrypt(unsigned char *iv, crypt_key *dk,
+ unsigned char *ct, unsigned int len);
+ int cast_setkey(unsigned char *b, unsigned int len, crypt_key *k);
++#ifndef NO_IDEA
+ void my_idea_cbc_encrypt(unsigned char *iv, crypt_key *ek,
+ unsigned char *t, unsigned int len);
+ void my_idea_cbc_decrypt(unsigned char *iv, crypt_key *dk,
+ unsigned char *ct, unsigned int len);
+ int my_idea_set_encrypt_key(unsigned char *b, unsigned int len, crypt_key *k);
+ int my_idea_set_decrypt_key(unsigned char *b, unsigned int len, crypt_key *k);
++#endif
+ void my_des_cbc_encrypt(unsigned char *iv, crypt_key *ek,
+ unsigned char *t, unsigned int len);
+ void my_des_cbc_decrypt(unsigned char *iv, crypt_key *dk,
+@@ -379,14 +385,20 @@
+
+ hash_method_t *hash_list = &hash_ripemd160;
+
++#ifndef NO_IDEA
+ crypt_method_t crypt_idea = {
+ NULL,
+ "idea_cbc", 8, 8,
+ my_idea_cbc_encrypt, my_idea_cbc_decrypt,
+ my_idea_set_encrypt_key, my_idea_set_decrypt_key
+ };
++#endif
+ crypt_method_t crypt_cast = {
++#ifndef NO_IDEA
+ &crypt_idea,
++#else
++ NULL,
++#endif
+ "cast_cbc", 8, 8,
+ cast_cbc_encrypt, cast_cbc_decrypt,
+ cast_setkey, cast_setkey
+@@ -1974,6 +1986,7 @@
+ return 0;
+ }
+
++#ifndef NO_IDEA
+ void my_idea_cbc_encrypt(unsigned char *iv, crypt_key *ek,
+ unsigned char *t, unsigned int len)
+ {
+@@ -2002,6 +2015,7 @@
+ idea_set_decrypt_key(&k->idea, &k->idea);
+ return 0;
+ }
++#endif
+
+ void my_des_cbc_encrypt(unsigned char *iv, crypt_key *ek,
+ unsigned char *t, unsigned int len)
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0001221840430.86781-100000>