[arch-commits] Commit in boinc/trunk (PKGBUILD boinc-openssl-1.1.patch)
Felix Yan
felixonmars at archlinux.org
Fri Nov 24 15:05:26 UTC 2017
Date: Friday, November 24, 2017 @ 15:05:25
Author: felixonmars
Revision: 268343
upgpkg: boinc 7.8.4-1
Modified:
boinc/trunk/PKGBUILD
Deleted:
boinc/trunk/boinc-openssl-1.1.patch
-------------------------+
PKGBUILD | 67 ++--
boinc-openssl-1.1.patch | 737 ----------------------------------------------
2 files changed, 35 insertions(+), 769 deletions(-)
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2017-11-24 14:45:46 UTC (rev 268342)
+++ PKGBUILD 2017-11-24 15:05:25 UTC (rev 268343)
@@ -5,45 +5,48 @@
pkgbase=boinc
pkgname=(boinc boinc-nox)
-pkgver=7.6.33
-_tag="client_release/7.6/$pkgver"
-pkgrel=5
+pkgver=7.8.4
+_tag="client_release/7.8/$pkgver"
+pkgrel=1
arch=('x86_64')
url="http://boinc.berkeley.edu/"
license=('LGPL')
-makedepends=('libxslt' 'perl-xml-sax' 'git' 'libxss' 'libnotify' 'wxgtk3' 'webkit2gtk' 'sqlite3'
- 'curl' 'inetutils' 'libxmu' 'freeglut' 'glu' 'mesa')
+makedepends=('libxslt' 'perl-xml-sax' 'libxss' 'libnotify' 'wxgtk3' 'webkit2gtk' 'sqlite3' 'curl'
+ 'inetutils' 'libxmu' 'freeglut' 'glu' 'mesa')
install=$pkgbase.install
options=('!staticlibs')
-source=("git+https://github.com/BOINC/boinc.git#tag=$_tag"
- boinc.bash
- boinc.desktop
- boinc.service
- boinc.sysusers
- boinc-AM_CONDITIONAL.patch
- boinc-openssl-1.1.patch)
-md5sums=('SKIP'
- '4d00e1aa4090a3f51feb20f5a541b9ee'
- 'db62de2f08117e6379a3c613b58fa7ff'
- '3d5cbab785cc8b004661b17c65883fd5'
- '240f952d38c5814cc3d8cd1668fe2154'
- 'e27047518dec54d4db38816487a28661'
- '2148b1eb9ea12fb8927198072e616417')
+source=("$pkgbase-$pkgver.tar.gz::https://github.com/BOINC/boinc/archive/$_tag.tar.gz"
+ https://github.com/BOINC/boinc/commit/e86f29e7fbc78faff6c9b9c8356ffe59049c116f.patch
+ boinc.bash
+ boinc.desktop
+ boinc.service
+ boinc.sysusers
+ boinc-AM_CONDITIONAL.patch)
+sha512sums=('d888f6c1586b57cdad7c4c783b2e58ae3bc3da8d0183eaacfe43f9798519e65129324222e6190a8ee1f00be2dfd31ee54fe2a88ef77950506e29552ce32de8aa'
+ '565ac560d4ea1c82f238153c47d076d63eb2d839cba10de9fb7c86c8b89b9994f807347a564c3e05d75231019e259c3afc399b203eb0bd83ac2572db54c4e56f'
+ 'dec4bb6e571c2d99e1f57295149399eee03a8ec41b07ec3f7f197b910d246dcd6a5eb880301c9cd3a039d8c5aa6b07babf6ab4cae5f242c419c8cd71f56b90f5'
+ 'b3fcd703a6f683d246242543c2f7b5fcfe403cb95b7786f1418b24c3dfb7c54c6b8c4816c0e9ae56b5ee4e4cae63f153ec522b04bf02f4f835dd90ac0e0ae204'
+ '395343369cc02da33a0d61bdc45fd8812f4f881a2efbb684b07f8d727d1896ef558c875d42e93e7743004e1efe6226361b53c0ea1cb1e8323ec605caa833774e'
+ '85804d7e6b7e07f06e93e8c42507f5cd0b9415257d6ac7421603a2b6084699d847ae9720c1cf9e9793b750dfb768375116843b988b287ee7c66c1374e18f7934'
+ 'a16615dd439f0110246193f5f8a146fc260eb5caa0c680a96c0fff6dfd993ed60661f8794e93c60b385da5bb329582de05a84def0d4d7087741e7da6e5d3fdb1')
prepare() {
- cd $pkgbase
- patch -Np1 -i "$srcdir"/boinc-AM_CONDITIONAL.patch
- # Fix build with openssl 1.1
- patch -p1 -i ../boinc-openssl-1.1.patch
+ mv boinc-client_release-*-$pkgver $pkgbase-$pkgver
+
+ cd $pkgbase-$pkgver
+ # patch -Np1 -i "$srcdir"/boinc-AM_CONDITIONAL.patch
# Build with gtk3
- sed -i 's/^PKG_CHECK_MODULES(\[GTK2\], \[gtk+-2.0\])$/PKG_CHECK_MODULES([GTK3], [gtk+-3.0])/' configure.ac
+ # sed -i 's/^PKG_CHECK_MODULES(\[GTK2\], \[gtk+-2.0\])$/PKG_CHECK_MODULES([GTK3], [gtk+-3.0])/' configure.ac
- cp -r "$srcdir"/${pkgbase}{,-nox}
+ # https://github.com/BOINC/boinc/pull/2092
+ patch -p1 -i ../e86f29e7fbc78faff6c9b9c8356ffe59049c116f.patch
+ cp -r "$srcdir"/$pkgbase-$pkgver{,-nox}
+
./_autosetup
# Prepare boinc-nox
- cd "$srcdir"/$pkgbase-nox
+ cd "$srcdir"/$pkgbase-$pkgver-nox
# Don't force xss
sed -i 's/^ enable_xss="yes"$/ enable_xss="no"/' configure.ac
./_autosetup
@@ -50,7 +53,7 @@
}
build() {
- cd "$srcdir"/$pkgbase
+ cd "$srcdir"/$pkgbase-$pkgver
LDFLAGS='-lX11' ./configure \
--prefix=/usr \
--enable-libraries \
@@ -68,7 +71,7 @@
make
# Build boinc-nox
- cd "$srcdir"/$pkgbase-nox
+ cd "$srcdir"/$pkgbase-$pkgver-nox
PKG_CONFIG=/usr/bin/pkg-config ./configure \
--prefix=/usr \
--enable-libraries \
@@ -89,7 +92,7 @@
pkgdesc="Berkeley Open Infrastructure for Network Computing for desktop"
depends=("libxss" "libnotify" "wxgtk3" "webkit2gtk" "curl" "sqlite3")
- cd $pkgbase
+ cd $pkgbase-$pkgver
make DESTDIR="$pkgdir" install
@@ -103,10 +106,10 @@
install -Dm644 "${srcdir}/$pkgbase.bash" "${pkgdir}/usr/share/bash-completion/completions/$pkgbase"
#install .desktop File
- install -Dm644 "${srcdir}/${pkgbase}.desktop" "${pkgdir}/usr/share/applications/${pkgbase}.desktop"
+ install -Dm644 "${srcdir}/$pkgbase.desktop" "${pkgdir}/usr/share/applications/$pkgbase.desktop"
#install icons
- install -Dm644 "${srcdir}/${pkgbase}/packages/generic/sea/boincmgr.48x48.png" "${pkgdir}/usr/share/pixmaps/$pkgbase.png"
+ install -Dm644 "${srcdir}/$pkgbase-$pkgver/packages/generic/sea/boincmgr.48x48.png" "${pkgdir}/usr/share/pixmaps/$pkgbase.png"
#remove initscripts stuff
rm -rf "$pkgdir/etc"
@@ -118,7 +121,7 @@
provides=("boinc")
conflicts=("boinc")
- cd $pkgbase-nox
+ cd $pkgbase-$pkgver-nox
make DESTDIR="$pkgdir" install
Deleted: boinc-openssl-1.1.patch
===================================================================
--- boinc-openssl-1.1.patch 2017-11-24 14:45:46 UTC (rev 268342)
+++ boinc-openssl-1.1.patch 2017-11-24 15:05:25 UTC (rev 268343)
@@ -1,737 +0,0 @@
-From e965ea2e32d467e6937f206c96270cabd381df6e Mon Sep 17 00:00:00 2001
-From: Christian Beer <christian.beer at aei.mpg.de>
-Date: Mon, 27 Jun 2016 18:26:27 +0200
-Subject: [PATCH 1/5] Lib: build against openSSL 1.1.0
-
-The upcoming OpenSSL version introduces some API changes (https://wiki.openssl.org/index.php/1.1_API_Changes). In BOINC mainly code related to RSA keys is affected for now.
-
-Contributed by: Gianfranco Costamagna
----
- lib/crypt.cpp | 115 ++++++++++++++++++++++++++++++++++++++++++++++++++++-
- lib/crypt.h | 5 +++
- lib/crypt_prog.cpp | 12 ++++++
- 3 files changed, 131 insertions(+), 1 deletion(-)
-
-diff --git a/lib/crypt.cpp b/lib/crypt.cpp
-index 192bbc2..cd6f04a 100644
---- a/lib/crypt.cpp
-+++ b/lib/crypt.cpp
-@@ -453,7 +453,7 @@ int read_key_file(const char* keyfile, R_RSA_PRIVATE_KEY& key) {
- return 0;
- }
-
--static void bn_to_bin(BIGNUM* bn, unsigned char* bin, int n) {
-+static void bn_to_bin(const BIGNUM* bn, unsigned char* bin, int n) {
- memset(bin, 0, n);
- int m = BN_num_bytes(bn);
- BN_bn2bin(bn, bin+n-m);
-@@ -463,11 +463,38 @@ void openssl_to_keys(
- RSA* rp, int nbits, R_RSA_PRIVATE_KEY& priv, R_RSA_PUBLIC_KEY& pub
- ) {
- pub.bits = nbits;
-+#ifdef HAVE_OPAQUE_RSA_DSA_DH
-+ BIGNUM *n;
-+ BIGNUM *e;
-+ BIGNUM *d;
-+ BIGNUM *p;
-+ BIGNUM *q;
-+ BIGNUM *dmp1;
-+ BIGNUM *dmq1;
-+ BIGNUM *iqmp;
-+ RSA_get0_key(rp, &n, &e, &d);
-+ RSA_get0_factors(rp, &p, &q);
-+ RSA_get0_crt_params(rp, &dmp1, &dmq1, &iqmp);
-+
-+ bn_to_bin(n, pub.modulus, sizeof(pub.modulus));
-+ bn_to_bin(e, pub.exponent, sizeof(pub.exponent));
-+#else
- bn_to_bin(rp->n, pub.modulus, sizeof(pub.modulus));
- bn_to_bin(rp->e, pub.exponent, sizeof(pub.exponent));
-+#endif
-
- memset(&priv, 0, sizeof(priv));
- priv.bits = nbits;
-+#ifdef HAVE_OPAQUE_RSA_DSA_DH
-+ bn_to_bin(n, priv.modulus, sizeof(priv.modulus));
-+ bn_to_bin(e, priv.publicExponent, sizeof(priv.publicExponent));
-+ bn_to_bin(d, priv.exponent, sizeof(priv.exponent));
-+ bn_to_bin(p, priv.prime[0], sizeof(priv.prime[0]));
-+ bn_to_bin(q, priv.prime[1], sizeof(priv.prime[1]));
-+ bn_to_bin(dmp1, priv.primeExponent[0], sizeof(priv.primeExponent[0]));
-+ bn_to_bin(dmq1, priv.primeExponent[1], sizeof(priv.primeExponent[1]));
-+ bn_to_bin(iqmp, priv.coefficient, sizeof(priv.coefficient));
-+#else
- bn_to_bin(rp->n, priv.modulus, sizeof(priv.modulus));
- bn_to_bin(rp->e, priv.publicExponent, sizeof(priv.publicExponent));
- bn_to_bin(rp->d, priv.exponent, sizeof(priv.exponent));
-@@ -476,9 +503,32 @@ void openssl_to_keys(
- bn_to_bin(rp->dmp1, priv.primeExponent[0], sizeof(priv.primeExponent[0]));
- bn_to_bin(rp->dmq1, priv.primeExponent[1], sizeof(priv.primeExponent[1]));
- bn_to_bin(rp->iqmp, priv.coefficient, sizeof(priv.coefficient));
-+#endif
- }
-
- void private_to_openssl(R_RSA_PRIVATE_KEY& priv, RSA* rp) {
-+#ifdef HAVE_OPAQUE_RSA_DSA_DH
-+ BIGNUM *n;
-+ BIGNUM *e;
-+ BIGNUM *d;
-+ BIGNUM *p;
-+ BIGNUM *q;
-+ BIGNUM *dmp1;
-+ BIGNUM *dmq1;
-+ BIGNUM *iqmp;
-+
-+ n = BN_bin2bn(priv.modulus, sizeof(priv.modulus), 0);
-+ e = BN_bin2bn(priv.publicExponent, sizeof(priv.publicExponent), 0);
-+ d = BN_bin2bn(priv.exponent, sizeof(priv.exponent), 0);
-+ p = BN_bin2bn(priv.prime[0], sizeof(priv.prime[0]), 0);
-+ q = BN_bin2bn(priv.prime[1], sizeof(priv.prime[1]), 0);
-+ dmp1 = BN_bin2bn(priv.primeExponent[0], sizeof(priv.primeExponent[0]), 0);
-+ dmq1 = BN_bin2bn(priv.primeExponent[1], sizeof(priv.primeExponent[1]), 0);
-+ iqmp = BN_bin2bn(priv.coefficient, sizeof(priv.coefficient), 0);
-+ RSA_set0_key(rp, n, e, d);
-+ RSA_set0_factors(rp, p, q);
-+ RSA_set0_crt_params(rp, dmp1, dmq1, iqmp);
-+#else
- rp->n = BN_bin2bn(priv.modulus, sizeof(priv.modulus), 0);
- rp->e = BN_bin2bn(priv.publicExponent, sizeof(priv.publicExponent), 0);
- rp->d = BN_bin2bn(priv.exponent, sizeof(priv.exponent), 0);
-@@ -487,11 +537,22 @@ void private_to_openssl(R_RSA_PRIVATE_KEY& priv, RSA* rp) {
- rp->dmp1 = BN_bin2bn(priv.primeExponent[0], sizeof(priv.primeExponent[0]), 0);
- rp->dmq1 = BN_bin2bn(priv.primeExponent[1], sizeof(priv.primeExponent[1]), 0);
- rp->iqmp = BN_bin2bn(priv.coefficient, sizeof(priv.coefficient), 0);
-+#endif
- }
-
- void public_to_openssl(R_RSA_PUBLIC_KEY& pub, RSA* rp) {
-+#ifdef HAVE_OPAQUE_RSA_DSA_DH
-+ BIGNUM *n;
-+ BIGNUM *e;
-+ BIGNUM *d;
-+ n = BN_bin2bn(pub.modulus, sizeof(pub.modulus), 0);
-+ e = BN_bin2bn(pub.exponent, sizeof(pub.exponent), 0);
-+ // d??? FIXME
-+ RSA_set0_key(rp, n, e, d);
-+#else
- rp->n = BN_bin2bn(pub.modulus, sizeof(pub.modulus), 0);
- rp->e = BN_bin2bn(pub.exponent, sizeof(pub.exponent), 0);
-+#endif
- }
-
- static int _bn2bin(BIGNUM *from, unsigned char *to, int max) {
-@@ -507,6 +568,38 @@ static int _bn2bin(BIGNUM *from, unsigned char *to, int max) {
- }
-
- int openssl_to_private(RSA *from, R_RSA_PRIVATE_KEY *to) {
-+#ifdef HAVE_OPAQUE_RSA_DSA_DH
-+ BIGNUM *n;
-+ BIGNUM *e;
-+ BIGNUM *d;
-+ BIGNUM *p;
-+ BIGNUM *q;
-+ BIGNUM *dmp1;
-+ BIGNUM *dmq1;
-+ BIGNUM *iqmp;
-+
-+ RSA_get0_key(from, &n, &e, &d);
-+ RSA_get0_factors(from, &p, &q);
-+ RSA_get0_crt_params(from, &dmp1, &dmq1, &iqmp);
-+
-+ to->bits = BN_num_bits(n);
-+ if (!_bn2bin(n,to->modulus,MAX_RSA_MODULUS_LEN))
-+ return(0);
-+ if (!_bn2bin(e,to->publicExponent,MAX_RSA_MODULUS_LEN))
-+ return(0);
-+ if (!_bn2bin(d,to->exponent,MAX_RSA_MODULUS_LEN))
-+ return(0);
-+ if (!_bn2bin(p,to->prime[0],MAX_RSA_PRIME_LEN))
-+ return(0);
-+ if (!_bn2bin(q,to->prime[1],MAX_RSA_PRIME_LEN))
-+ return(0);
-+ if (!_bn2bin(dmp1,to->primeExponent[0],MAX_RSA_PRIME_LEN))
-+ return(0);
-+ if (!_bn2bin(dmq1,to->primeExponent[1],MAX_RSA_PRIME_LEN))
-+ return(0);
-+ if (!_bn2bin(iqmp,to->coefficient,MAX_RSA_PRIME_LEN))
-+ return(0);
-+#else
- to->bits = BN_num_bits(from->n);
- if (!_bn2bin(from->n,to->modulus,MAX_RSA_MODULUS_LEN))
- return(0);
-@@ -524,6 +617,7 @@ int openssl_to_private(RSA *from, R_RSA_PRIVATE_KEY *to) {
- return(0);
- if (!_bn2bin(from->iqmp,to->coefficient,MAX_RSA_PRIME_LEN))
- return(0);
-+#endif
- return 1;
- }
-
-@@ -569,7 +663,11 @@ int check_validity_of_cert(
- BIO_vfree(bio);
- return 0;
- }
-+#ifdef HAVE_OPAQUE_EVP_PKEY
-+ if (EVP_PKEY_id(pubKey) == EVP_PKEY_RSA) {
-+#else
- if (pubKey->type == EVP_PKEY_RSA) {
-+#endif
- BN_CTX *c = BN_CTX_new();
- if (!c) {
- X509_free(cert);
-@@ -577,18 +675,33 @@ int check_validity_of_cert(
- BIO_vfree(bio);
- return 0;
- }
-+#ifdef HAVE_OPAQUE_RSA_DSA_DH
-+ RSA *rsa;
-+ rsa = EVP_PKEY_get0_RSA(pubKey);
-+ if (!RSA_blinding_on(rsa, c)) {
-+#else
- if (!RSA_blinding_on(pubKey->pkey.rsa, c)) {
-+#endif
- X509_free(cert);
- EVP_PKEY_free(pubKey);
- BIO_vfree(bio);
- BN_CTX_free(c);
- return 0;
- }
-+#ifdef HAVE_OPAQUE_RSA_DSA_DH
-+ retval = RSA_verify(NID_md5, md5_md, MD5_DIGEST_LENGTH, sfileMsg, sfsize, rsa);
-+ RSA_blinding_off(rsa);
-+#else
- retval = RSA_verify(NID_md5, md5_md, MD5_DIGEST_LENGTH, sfileMsg, sfsize, pubKey->pkey.rsa);
- RSA_blinding_off(pubKey->pkey.rsa);
-+#endif
- BN_CTX_free(c);
- }
-+#ifdef HAVE_OPAQUE_EVP_PKEY
-+ if (EVP_PKEY_id(pubKey) == EVP_PKEY_DSA) {
-+#else
- if (pubKey->type == EVP_PKEY_DSA) {
-+#endif
- fprintf(stderr,
- "%s: ERROR: DSA keys are not supported.\n",
- time_to_string(dtime())
-diff --git a/lib/crypt.h b/lib/crypt.h
-index 022bd2a..33c62a8 100644
---- a/lib/crypt.h
-+++ b/lib/crypt.h
-@@ -26,6 +26,11 @@
-
- #include <openssl/rsa.h>
-
-+#if (OPENSSL_VERSION_NUMBER >= 0x10100000L) /* OpenSSL 1.1.0+ */
-+#define HAVE_OPAQUE_EVP_PKEY 1 /* since 1.1.0 -pre3 */
-+#define HAVE_OPAQUE_RSA_DSA_DH 1 /* since 1.1.0 -pre5 */
-+#endif
-+
- #define MAX_RSA_MODULUS_BITS 1024
- #define MAX_RSA_MODULUS_LEN ((MAX_RSA_MODULUS_BITS + 7) / 8)
- #define MAX_RSA_PRIME_BITS ((MAX_RSA_MODULUS_BITS + 1) / 2)
-diff --git a/lib/crypt_prog.cpp b/lib/crypt_prog.cpp
-index 2a1eb5d..3bc2d53 100644
---- a/lib/crypt_prog.cpp
-+++ b/lib/crypt_prog.cpp
-@@ -125,7 +125,11 @@ int main(int argc, char** argv) {
- unsigned char signature_buf[256], buf[256], buf2[256];
- FILE *f, *fpriv, *fpub;
- char cbuf[256];
-+#ifdef HAVE_OPAQUE_RSA_DSA_DH
-+ RSA *rsa_key;
-+#else
- RSA rsa_key;
-+#endif
- RSA *rsa_key_;
- BIO *bio_out=NULL;
- BIO *bio_err=NULL;
-@@ -330,7 +334,11 @@ int main(int argc, char** argv) {
- retval = scan_key_hex(fpriv, (KEY*)&private_key, sizeof(private_key));
- fclose(fpriv);
- if (retval) die("scan_key_hex\n");
-+#ifdef HAVE_OPAQUE_RSA_DSA_DH
-+ private_to_openssl(private_key, rsa_key);
-+#else
- private_to_openssl(private_key, &rsa_key);
-+#endif
-
- //i = PEM_write_bio_RSAPrivateKey(bio_out, &rsa_key,
- // enc, NULL, 0, pass_cb, NULL);
-@@ -340,7 +348,11 @@ int main(int argc, char** argv) {
- // NULL, NULL, 0, pass_cb, NULL);
- fpriv = fopen(argv[5], "w+");
- if (!fpriv) die("fopen");
-+#ifdef HAVE_OPAQUE_RSA_DSA_DH
-+ PEM_write_RSAPrivateKey(fpriv, rsa_key, NULL, NULL, 0, 0, NULL);
-+#else
- PEM_write_RSAPrivateKey(fpriv, &rsa_key, NULL, NULL, 0, 0, NULL);
-+#endif
- fclose(fpriv);
- //if (i == 0) {
- // ERR_print_errors(bio_err);
-diff --git a/lib/crypt.cpp b/lib/crypt.cpp
-index cd6f04a..30db6d8 100644
---- a/lib/crypt.cpp
-+++ b/lib/crypt.cpp
-@@ -464,14 +464,14 @@ void openssl_to_keys(
- ) {
- pub.bits = nbits;
- #ifdef HAVE_OPAQUE_RSA_DSA_DH
-- BIGNUM *n;
-- BIGNUM *e;
-- BIGNUM *d;
-- BIGNUM *p;
-- BIGNUM *q;
-- BIGNUM *dmp1;
-- BIGNUM *dmq1;
-- BIGNUM *iqmp;
-+ const BIGNUM *n;
-+ const BIGNUM *e;
-+ const BIGNUM *d;
-+ const BIGNUM *p;
-+ const BIGNUM *q;
-+ const BIGNUM *dmp1;
-+ const BIGNUM *dmq1;
-+ const BIGNUM *iqmp;
- RSA_get0_key(rp, &n, &e, &d);
- RSA_get0_factors(rp, &p, &q);
- RSA_get0_crt_params(rp, &dmp1, &dmq1, &iqmp);
-@@ -544,18 +544,16 @@ void public_to_openssl(R_RSA_PUBLIC_KEY& pub, RSA* rp) {
- #ifdef HAVE_OPAQUE_RSA_DSA_DH
- BIGNUM *n;
- BIGNUM *e;
-- BIGNUM *d;
- n = BN_bin2bn(pub.modulus, sizeof(pub.modulus), 0);
- e = BN_bin2bn(pub.exponent, sizeof(pub.exponent), 0);
-- // d??? FIXME
-- RSA_set0_key(rp, n, e, d);
-+ RSA_set0_key(rp, n, e, NULL);
- #else
- rp->n = BN_bin2bn(pub.modulus, sizeof(pub.modulus), 0);
- rp->e = BN_bin2bn(pub.exponent, sizeof(pub.exponent), 0);
- #endif
- }
-
--static int _bn2bin(BIGNUM *from, unsigned char *to, int max) {
-+static int _bn2bin(const BIGNUM *from, unsigned char *to, int max) {
- int i;
- i=BN_num_bytes(from);
- if (i > max) {
-@@ -569,14 +567,14 @@ static int _bn2bin(BIGNUM *from, unsigned char *to, int max) {
-
- int openssl_to_private(RSA *from, R_RSA_PRIVATE_KEY *to) {
- #ifdef HAVE_OPAQUE_RSA_DSA_DH
-- BIGNUM *n;
-- BIGNUM *e;
-- BIGNUM *d;
-- BIGNUM *p;
-- BIGNUM *q;
-- BIGNUM *dmp1;
-- BIGNUM *dmq1;
-- BIGNUM *iqmp;
-+ const BIGNUM *n;
-+ const BIGNUM *e;
-+ const BIGNUM *d;
-+ const BIGNUM *p;
-+ const BIGNUM *q;
-+ const BIGNUM *dmp1;
-+ const BIGNUM *dmq1;
-+ const BIGNUM *iqmp;
-
- RSA_get0_key(from, &n, &e, &d);
- RSA_get0_factors(from, &p, &q);
-diff --git a/lib/crypt_prog.cpp b/lib/crypt_prog.cpp
-index 3bc2d53..88d9f2d 100644
---- a/lib/crypt_prog.cpp
-+++ b/lib/crypt_prog.cpp
-@@ -126,7 +126,7 @@ int main(int argc, char** argv) {
- FILE *f, *fpriv, *fpub;
- char cbuf[256];
- #ifdef HAVE_OPAQUE_RSA_DSA_DH
-- RSA *rsa_key;
-+ RSA *rsa_key = RSA_new();
- #else
- RSA rsa_key;
- #endif
-@@ -136,6 +136,7 @@ int main(int argc, char** argv) {
- char *certpath;
- bool b2o=false; // boinc key to openssl key ?
- bool kpriv=false; // private key ?
-+ BIGNUM *e;
-
- if (argc == 1) {
- usage();
-@@ -150,7 +151,16 @@ int main(int argc, char** argv) {
- n = atoi(argv[2]);
-
- srand(random_int());
-- RSA* rp = RSA_generate_key(n, 65537, 0, 0);
-+ e = BN_new();
-+ retval = BN_set_word(e, (unsigned long)65537);
-+ if (retval != 1) {
-+ die("BN_set_word");
-+ }
-+ RSA *rp = RSA_new();
-+ retval = RSA_generate_key_ex(rp, n, e, NULL);
-+ if (retval != 1) {
-+ die("RSA_generate_key_ex");
-+ }
- openssl_to_keys(rp, n, private_key, public_key);
- fpriv = fopen(argv[3], "w");
- if (!fpriv) die("fopen");
-diff --git a/lib/crypt.cpp b/lib/crypt.cpp
-index 30db6d8..cb1f49c 100644
---- a/lib/crypt.cpp
-+++ b/lib/crypt.cpp
-@@ -554,15 +554,15 @@ void public_to_openssl(R_RSA_PUBLIC_KEY& pub, RSA* rp) {
- }
-
- static int _bn2bin(const BIGNUM *from, unsigned char *to, int max) {
-- int i;
-- i=BN_num_bytes(from);
-- if (i > max) {
-- return(0);
-- }
-- memset(to,0,(unsigned int)max);
-- if (!BN_bn2bin(from,&(to[max-i])))
-- return(0);
-- return(1);
-+ int i;
-+ i=BN_num_bytes(from);
-+ if (i > max) {
-+ return(0);
-+ }
-+ memset(to,0,(unsigned int)max);
-+ if (!BN_bn2bin(from,&(to[max-i])))
-+ return(0);
-+ return(1);
- }
-
- int openssl_to_private(RSA *from, R_RSA_PRIVATE_KEY *to) {
-@@ -598,23 +598,23 @@ int openssl_to_private(RSA *from, R_RSA_PRIVATE_KEY *to) {
- if (!_bn2bin(iqmp,to->coefficient,MAX_RSA_PRIME_LEN))
- return(0);
- #else
-- to->bits = BN_num_bits(from->n);
-- if (!_bn2bin(from->n,to->modulus,MAX_RSA_MODULUS_LEN))
-- return(0);
-- if (!_bn2bin(from->e,to->publicExponent,MAX_RSA_MODULUS_LEN))
-- return(0);
-- if (!_bn2bin(from->d,to->exponent,MAX_RSA_MODULUS_LEN))
-- return(0);
-- if (!_bn2bin(from->p,to->prime[0],MAX_RSA_PRIME_LEN))
-- return(0);
-- if (!_bn2bin(from->q,to->prime[1],MAX_RSA_PRIME_LEN))
-- return(0);
-- if (!_bn2bin(from->dmp1,to->primeExponent[0],MAX_RSA_PRIME_LEN))
-- return(0);
-- if (!_bn2bin(from->dmq1,to->primeExponent[1],MAX_RSA_PRIME_LEN))
-- return(0);
-- if (!_bn2bin(from->iqmp,to->coefficient,MAX_RSA_PRIME_LEN))
-- return(0);
-+ to->bits = BN_num_bits(from->n);
-+ if (!_bn2bin(from->n,to->modulus,MAX_RSA_MODULUS_LEN))
-+ return(0);
-+ if (!_bn2bin(from->e,to->publicExponent,MAX_RSA_MODULUS_LEN))
-+ return(0);
-+ if (!_bn2bin(from->d,to->exponent,MAX_RSA_MODULUS_LEN))
-+ return(0);
-+ if (!_bn2bin(from->p,to->prime[0],MAX_RSA_PRIME_LEN))
-+ return(0);
-+ if (!_bn2bin(from->q,to->prime[1],MAX_RSA_PRIME_LEN))
-+ return(0);
-+ if (!_bn2bin(from->dmp1,to->primeExponent[0],MAX_RSA_PRIME_LEN))
-+ return(0);
-+ if (!_bn2bin(from->dmq1,to->primeExponent[1],MAX_RSA_PRIME_LEN))
-+ return(0);
-+ if (!_bn2bin(from->iqmp,to->coefficient,MAX_RSA_PRIME_LEN))
-+ return(0);
- #endif
- return 1;
- }
-@@ -634,8 +634,8 @@ int check_validity_of_cert(
- bio = BIO_new(BIO_s_file());
- BIO_read_filename(bio, cFile);
- if (NULL == (cert = PEM_read_bio_X509(bio, NULL, 0, NULL))) {
-- BIO_vfree(bio);
-- return 0;
-+ BIO_vfree(bio);
-+ return 0;
- }
- // verify certificate
- store = X509_STORE_new();
-@@ -668,32 +668,32 @@ int check_validity_of_cert(
- #endif
- BN_CTX *c = BN_CTX_new();
- if (!c) {
-- X509_free(cert);
-- EVP_PKEY_free(pubKey);
-- BIO_vfree(bio);
-- return 0;
-- }
-+ X509_free(cert);
-+ EVP_PKEY_free(pubKey);
-+ BIO_vfree(bio);
-+ return 0;
-+ }
- #ifdef HAVE_OPAQUE_RSA_DSA_DH
- RSA *rsa;
- rsa = EVP_PKEY_get0_RSA(pubKey);
- if (!RSA_blinding_on(rsa, c)) {
- #else
-- if (!RSA_blinding_on(pubKey->pkey.rsa, c)) {
-+ if (!RSA_blinding_on(pubKey->pkey.rsa, c)) {
- #endif
-- X509_free(cert);
-- EVP_PKEY_free(pubKey);
-- BIO_vfree(bio);
-- BN_CTX_free(c);
-- return 0;
-- }
-+ X509_free(cert);
-+ EVP_PKEY_free(pubKey);
-+ BIO_vfree(bio);
-+ BN_CTX_free(c);
-+ return 0;
-+ }
- #ifdef HAVE_OPAQUE_RSA_DSA_DH
- retval = RSA_verify(NID_md5, md5_md, MD5_DIGEST_LENGTH, sfileMsg, sfsize, rsa);
- RSA_blinding_off(rsa);
- #else
-- retval = RSA_verify(NID_md5, md5_md, MD5_DIGEST_LENGTH, sfileMsg, sfsize, pubKey->pkey.rsa);
-- RSA_blinding_off(pubKey->pkey.rsa);
-+ retval = RSA_verify(NID_md5, md5_md, MD5_DIGEST_LENGTH, sfileMsg, sfsize, pubKey->pkey.rsa);
-+ RSA_blinding_off(pubKey->pkey.rsa);
- #endif
-- BN_CTX_free(c);
-+ BN_CTX_free(c);
- }
- #ifdef HAVE_OPAQUE_EVP_PKEY
- if (EVP_PKEY_id(pubKey) == EVP_PKEY_DSA) {
-@@ -730,7 +730,7 @@ char *check_validity(
- if (!of) return NULL;
- MD5_Init(&md5CTX);
- while (0 != (rbytes = (int)fread(rbuf, 1, sizeof(rbuf), of))) {
-- MD5_Update(&md5CTX, rbuf, rbytes);
-+ MD5_Update(&md5CTX, rbuf, rbytes);
- }
- MD5_Final(md5_md, &md5CTX);
- fclose(of);
-@@ -740,12 +740,12 @@ char *check_validity(
- char file[MAXPATHLEN];
- while (!dir_scan(file, dir, sizeof(file))) {
- char fpath[MAXPATHLEN];
-- snprintf(fpath, sizeof(fpath), "%s/%s", certPath, file);
-+ snprintf(fpath, sizeof(fpath), "%s/%s", certPath, file);
- // TODO : replace '128'
-- if (check_validity_of_cert(fpath, md5_md, signature, 128, caPath)) {
-- dir_close(dir);
-- return strdup(fpath);
-- }
-+ if (check_validity_of_cert(fpath, md5_md, signature, 128, caPath)) {
-+ dir_close(dir);
-+ return strdup(fpath);
-+ }
- }
-
- dir_close(dir);
-@@ -778,7 +778,7 @@ int cert_verify_file(
- if (!of) return false;
- MD5_Init(&md5CTX);
- while (0 != (rbytes = (int)fread(rbuf, 1, sizeof(rbuf), of))) {
-- MD5_Update(&md5CTX, rbuf, rbytes);
-+ MD5_Update(&md5CTX, rbuf, rbytes);
- }
- MD5_Final(md5_md, &md5CTX);
- fclose(of);
-@@ -805,10 +805,10 @@ int cert_verify_file(
- bio = BIO_new(BIO_s_file());
- BIO_read_filename(bio, fbuf);
- if (NULL == (cert = PEM_read_bio_X509(bio, NULL, 0, NULL))) {
-- BIO_vfree(bio);
-+ BIO_vfree(bio);
- printf("Cannot read certificate ('%s')\n", fbuf);
- file_counter++;
-- continue;
-+ continue;
- }
- fflush(stdout);
- subj = X509_get_subject_name(cert);
-@@ -816,7 +816,7 @@ int cert_verify_file(
- // ???
- //X509_NAME_free(subj);
- X509_free(cert);
-- BIO_vfree(bio);
-+ BIO_vfree(bio);
- if (strcmp(buf, signatures->signatures.at(i).subject)) {
- printf("Subject does not match ('%s' <-> '%s')\n", buf, signatures->signatures.at(i).subject);
- file_counter++;
-diff --git a/lib/crypt_prog.cpp b/lib/crypt_prog.cpp
-index 88d9f2d..7174afc 100644
---- a/lib/crypt_prog.cpp
-+++ b/lib/crypt_prog.cpp
-@@ -62,23 +62,23 @@ void die(const char* p) {
-
- void usage() {
- fprintf(stderr,
-- "Usage: crypt_prog options\n\n"
-- "Options:\n\n"
-- "-genkey n private_keyfile public_keyfile\n"
-- " create an n-bit key pair\n"
-- "-sign file private_keyfile\n"
-- " create a signature for a given file, write to stdout\n"
-- "-sign_string string private_keyfile\n"
-- " create a signature for a given string\n"
-- "-verify file signature_file public_keyfile\n"
-- " verify a signature\n"
-- "-test_crypt private_keyfile public_keyfile\n"
-- " test encrypt/decrypt functions\n"
-- "-conkey o2b/b20 priv/pub input_file output_file\n"
-- " convert keys between BOINC and OpenSSL format\n"
-- "-cert_verify file signature certificate_dir\n"
-- " verify a signature using a directory of certificates\n"
-- );
-+ "Usage: crypt_prog options\n\n"
-+ "Options:\n\n"
-+ "-genkey n private_keyfile public_keyfile\n"
-+ " create an n-bit key pair\n"
-+ "-sign file private_keyfile\n"
-+ " create a signature for a given file, write to stdout\n"
-+ "-sign_string string private_keyfile\n"
-+ " create a signature for a given string\n"
-+ "-verify file signature_file public_keyfile\n"
-+ " verify a signature\n"
-+ "-test_crypt private_keyfile public_keyfile\n"
-+ " test encrypt/decrypt functions\n"
-+ "-conkey o2b/b20 priv/pub input_file output_file\n"
-+ " convert keys between BOINC and OpenSSL format\n"
-+ "-cert_verify file signature certificate_dir\n"
-+ " verify a signature using a directory of certificates\n"
-+ );
- }
-
- unsigned int random_int() {
-@@ -93,7 +93,7 @@ unsigned int random_int() {
- die("Can't load ADVAPI32.DLL");
- }
- BOOLEAN (APIENTRY *pfn)(void*, ULONG) =
-- (BOOLEAN (APIENTRY *)(void*,ULONG))GetProcAddress(hLib,"SystemFunction036");
-+ (BOOLEAN (APIENTRY *)(void*,ULONG))GetProcAddress(hLib,"SystemFunction036");
- if (pfn) {
- char buff[32];
- ULONG ulCbBuff = sizeof(buff);
-@@ -131,7 +131,7 @@ int main(int argc, char** argv) {
- RSA rsa_key;
- #endif
- RSA *rsa_key_;
-- BIO *bio_out=NULL;
-+ BIO *bio_out=NULL;
- BIO *bio_err=NULL;
- char *certpath;
- bool b2o=false; // boinc key to openssl key ?
-@@ -214,8 +214,8 @@ int main(int argc, char** argv) {
- retval = md5_file(argv[2], md5_buf, size);
- if (retval) die("md5_file");
- retval = check_file_signature(
-- md5_buf, public_key, signature, is_valid
-- );
-+ md5_buf, public_key, signature, is_valid
-+ );
- if (retval) die("check_file_signature");
- if (is_valid) {
- printf("file is valid\n");
-@@ -262,9 +262,9 @@ int main(int argc, char** argv) {
- printf("siganture verified using certificate '%s'.\n\n", certpath);
- free(certpath);
- }
-- // this converts, but an executable signed with sign_executable,
-- // and signature converted to OpenSSL format cannot be verified with
-- // OpenSSL
-+ // this converts, but an executable signed with sign_executable,
-+ // and signature converted to OpenSSL format cannot be verified with
-+ // OpenSSL
- } else if (!strcmp(argv[1], "-convsig")) {
- if (argc < 5) {
- usage();
-@@ -320,18 +320,18 @@ int main(int argc, char** argv) {
- die("either 'pub' or 'priv' must be defined for -convkey\n");
- }
- OpenSSL_add_all_algorithms();
-- ERR_load_crypto_strings();
-- ENGINE_load_builtin_engines();
-- if (bio_err == NULL) {
-- bio_err = BIO_new_fp(stdout, BIO_NOCLOSE);
-+ ERR_load_crypto_strings();
-+ ENGINE_load_builtin_engines();
-+ if (bio_err == NULL) {
-+ bio_err = BIO_new_fp(stdout, BIO_NOCLOSE);
- }
- //enc=EVP_get_cipherbyname("des");
- //if (enc == NULL)
- // die("could not get cypher.\n");
- // no encription yet.
- bio_out=BIO_new(BIO_s_file());
-- if (BIO_write_filename(bio_out,argv[5]) <= 0) {
-- perror(argv[5]);
-+ if (BIO_write_filename(bio_out,argv[5]) <= 0) {
-+ perror(argv[5]);
- die("could not create output file.\n");
- }
- if (b2o) {
-@@ -351,11 +351,11 @@ int main(int argc, char** argv) {
- #endif
-
- //i = PEM_write_bio_RSAPrivateKey(bio_out, &rsa_key,
-- // enc, NULL, 0, pass_cb, NULL);
-- // no encryption yet.
--
-+ // enc, NULL, 0, pass_cb, NULL);
-+ // no encryption yet.
-+
- //i = PEM_write_bio_RSAPrivateKey(bio_out, &rsa_key,
-- // NULL, NULL, 0, pass_cb, NULL);
-+ // NULL, NULL, 0, pass_cb, NULL);
- fpriv = fopen(argv[5], "w+");
- if (!fpriv) die("fopen");
- #ifdef HAVE_OPAQUE_RSA_DSA_DH
-@@ -364,10 +364,10 @@ int main(int argc, char** argv) {
- PEM_write_RSAPrivateKey(fpriv, &rsa_key, NULL, NULL, 0, 0, NULL);
- #endif
- fclose(fpriv);
-- //if (i == 0) {
-+ //if (i == 0) {
- // ERR_print_errors(bio_err);
- // die("could not write key file.\n");
-- //}
-+ //}
- } else {
- fpub = fopen(argv[4], "r");
- if (!fpub) {
-@@ -381,11 +381,11 @@ int main(int argc, char** argv) {
- die("fopen");
- }
- public_to_openssl(public_key, rsa_key_);
-- i = PEM_write_RSA_PUBKEY(fpub, rsa_key_);
-- if (i == 0) {
-+ i = PEM_write_RSA_PUBKEY(fpub, rsa_key_);
-+ if (i == 0) {
- ERR_print_errors(bio_err);
- die("could not write key file.\n");
-- }
-+ }
- fclose(fpub);
- }
- } else {
-diff --git a/lib/crypt_prog.cpp b/lib/crypt_prog.cpp
-index 7174afc..8cfffc2 100644
---- a/lib/crypt_prog.cpp
-+++ b/lib/crypt_prog.cpp
-@@ -74,7 +74,7 @@ void usage() {
- " verify a signature\n"
- "-test_crypt private_keyfile public_keyfile\n"
- " test encrypt/decrypt functions\n"
-- "-conkey o2b/b20 priv/pub input_file output_file\n"
-+ "-convkey o2b/b2o priv/pub input_file output_file\n"
- " convert keys between BOINC and OpenSSL format\n"
- "-cert_verify file signature certificate_dir\n"
- " verify a signature using a directory of certificates\n"
More information about the arch-commits
mailing list