NEW: security/polarssl

classic Classic list List threaded Threaded
9 messages Options
Reply | Threaded
Open this post in threaded view
|

NEW: security/polarssl

Joachim Schipper-2
Please find attached a port for the PolarSSL SSL library. From
pkg/DESCR-lib:

"PolarSSL makes it trivially easy for developers to include cryptographic
and SSL/TLS capabilities in their (embedded) products, facilitating this
functionality with a minimal coding footprint.
 
PolarSSL offers an SSL library with an intuitive API and readable source
code, so you can actually understand what the code does. Also the
PolarSSL modules are as loosely coupled as possible and written in the
portable C language. This allows you to use the parts you need, without
having to include the total library."

Comments, criticisms and improvements welcome; thanks for taking the
time to look at it!

                Joachim

P.S. This submission is not intended to be a commentary on
Heartbleed/OpenSSL/OpenTLS; I just wanted to run some software that
relies on PolarSSL on OpenBSD, and figured I'd share.

polarssl.tgz (4K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: NEW: security/polarssl

Stuart Henderson-6
On 2014/04/17 08:49, Joachim Schipper wrote:

> Please find attached a port for the PolarSSL SSL library. From
> pkg/DESCR-lib:
>
> "PolarSSL makes it trivially easy for developers to include cryptographic
> and SSL/TLS capabilities in their (embedded) products, facilitating this
> functionality with a minimal coding footprint.
>  
> PolarSSL offers an SSL library with an intuitive API and readable source
> code, so you can actually understand what the code does. Also the
> PolarSSL modules are as loosely coupled as possible and written in the
> portable C language. This allows you to use the parts you need, without
> having to include the total library."
>
> Comments, criticisms and improvements welcome; thanks for taking the
> time to look at it!
>
> Joachim
>
> P.S. This submission is not intended to be a commentary on
> Heartbleed/OpenSSL/OpenTLS; I just wanted to run some software that
> relies on PolarSSL on OpenBSD, and figured I'd share.
Comments with your version from reading:

- remove the last 2 PERMIT_*
- use EXTRACT_SUFX=-gpl.tgz instead of DISTFILES
- should use the cmake build as that's the primary/maintained one upstream
- shlib handling isn't right
- I don't think the subpackages are necessary

I was looking at this too as it has some OpenSSL interop tests
which it would be useful for us to be able to run.  I've attached what
I have so far for this, but it's not ready yet; it only builds a static
library, tests hang, and I think most if not all of the programs
installed should go to examples/ or bin/polarssl/ something..


polarssl-wip.tgz (2K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: NEW: security/polarssl

Florian Obser-2
On Thu, Apr 17, 2014 at 11:01:06AM +0100, Stuart Henderson wrote:
> I was looking at this too as it has some OpenSSL interop tests
> which it would be useful for us to be able to run.  I've attached what
> I have so far for this, but it's not ready yet; it only builds a static
> library, tests hang, and I think most if not all of the programs
> installed should go to examples/ or bin/polarssl/ something..
 
With Joachim's arc4random_buf patches the tests no longer hang.

mpi_mul_hlp() doesn't work to well on sparc64 though:

[florian@sparc64:/usr/ports/mystuff/security/polarssl]$ make test
===>  Regression tests for polarssl-1.3.6
[1/1] cd /usr/ports/pobj/polarssl-1.3.6/build-sparc64 && /usr/local/bin/ctest --force-new-ctest-process
FAILED: cd /usr/ports/pobj/polarssl-1.3.6/build-sparc64 && /usr/local/bin/ctest --force-new-ctest-process
Test project /usr/ports/pobj/polarssl-1.3.6/build-sparc64
      Start  1: aes.ecb-suite
 1/52 Test  #1: aes.ecb-suite ....................   Passed    0.03 sec
      Start  2: aes.cbc-suite
 2/52 Test  #2: aes.cbc-suite ....................   Passed    0.02 sec
      Start  3: aes.cfb-suite
 3/52 Test  #3: aes.cfb-suite ....................   Passed    0.03 sec
      Start  4: aes.rest-suite
 4/52 Test  #4: aes.rest-suite ...................   Passed    0.08 sec
      Start  5: arc4-suite
 5/52 Test  #5: arc4-suite .......................   Passed    0.02 sec
      Start  6: base64-suite
 6/52 Test  #6: base64-suite .....................   Passed    0.02 sec
      Start  7: blowfish-suite
 7/52 Test  #7: blowfish-suite ...................   Passed    0.04 sec
      Start  8: camellia-suite
 8/52 Test  #8: camellia-suite ...................   Passed    0.02 sec
      Start  9: cipher.aes-suite
 9/52 Test  #9: cipher.aes-suite .................   Passed    0.03 sec
      Start 10: cipher.arc4-suite
10/52 Test #10: cipher.arc4-suite ................   Passed    0.02 sec
      Start 11: cipher.blowfish-suite
11/52 Test #11: cipher.blowfish-suite ............   Passed    0.07 sec
      Start 12: cipher.camellia-suite
12/52 Test #12: cipher.camellia-suite ............   Passed    0.03 sec
      Start 13: cipher.des-suite
13/52 Test #13: cipher.des-suite .................   Passed    0.03 sec
      Start 14: cipher.gcm-suite
14/52 Test #14: cipher.gcm-suite .................   Passed    0.03 sec
      Start 15: cipher.null-suite
15/52 Test #15: cipher.null-suite ................   Passed    0.02 sec
      Start 16: cipher.padding-suite
16/52 Test #16: cipher.padding-suite .............   Passed    0.02 sec
      Start 17: ctr_drbg-suite
17/52 Test #17: ctr_drbg-suite ...................   Passed    0.04 sec
      Start 18: debug-suite
18/52 Test #18: debug-suite ......................   Passed    0.03 sec
      Start 19: des-suite
19/52 Test #19: des-suite ........................   Passed    0.10 sec
      Start 20: dhm-suite
20/52 Test #20: dhm-suite ........................***Exception: SegFault  0.04 sec
      Start 21: ecp-suite
21/52 Test #21: ecp-suite ........................***Exception: SegFault  0.04 sec
      Start 22: ecdh-suite
22/52 Test #22: ecdh-suite .......................***Exception: SegFault  0.04 sec
      Start 23: ecdsa-suite
23/52 Test #23: ecdsa-suite ......................***Exception: SegFault  0.03 sec
      Start 24: error-suite
24/52 Test #24: error-suite ......................   Passed    0.02 sec
      Start 25: gcm.aes128_en-suite
25/52 Test #25: gcm.aes128_en-suite ..............   Passed    0.03 sec
      Start 26: gcm.aes192_en-suite
26/52 Test #26: gcm.aes192_en-suite ..............   Passed    0.03 sec
      Start 27: gcm.aes256_en-suite
27/52 Test #27: gcm.aes256_en-suite ..............   Passed    0.04 sec
      Start 28: gcm.aes128_de-suite
28/52 Test #28: gcm.aes128_de-suite ..............   Passed    0.03 sec
      Start 29: gcm.aes192_de-suite
29/52 Test #29: gcm.aes192_de-suite ..............   Passed    0.03 sec
      Start 30: gcm.aes256_de-suite
30/52 Test #30: gcm.aes256_de-suite ..............   Passed    0.03 sec
      Start 31: gcm.camellia-suite
31/52 Test #31: gcm.camellia-suite ...............   Passed    0.02 sec
      Start 32: hmac_drbg.misc-suite
32/52 Test #32: hmac_drbg.misc-suite .............   Passed    0.06 sec
      Start 33: hmac_drbg.no_reseed-suite
33/52 Test #33: hmac_drbg.no_reseed-suite ........   Passed    0.14 sec
      Start 34: hmac_drbg.nopr-suite
34/52 Test #34: hmac_drbg.nopr-suite .............   Passed    0.10 sec
      Start 35: hmac_drbg.pr-suite
35/52 Test #35: hmac_drbg.pr-suite ...............   Passed    0.09 sec
      Start 36: hmac_shax-suite
36/52 Test #36: hmac_shax-suite ..................   Passed    0.03 sec
      Start 37: md-suite
37/52 Test #37: md-suite .........................   Passed    0.07 sec
      Start 38: mdx-suite
38/52 Test #38: mdx-suite ........................   Passed    0.04 sec
      Start 39: mpi-suite
39/52 Test #39: mpi-suite ........................***Exception: SegFault  0.04 sec
      Start 40: pbkdf2-suite
40/52 Test #40: pbkdf2-suite .....................   Passed    0.09 sec
      Start 41: pem-suite
41/52 Test #41: pem-suite ........................   Passed    0.02 sec
      Start 42: pkcs1_v21-suite
42/52 Test #42: pkcs1_v21-suite ..................***Exception: SegFault  0.04 sec
      Start 43: pkcs5-suite
43/52 Test #43: pkcs5-suite ......................   Passed    0.09 sec
      Start 44: pk-suite
44/52 Test #44: pk-suite .........................***Exception: SegFault  0.04 sec
      Start 45: pkparse-suite
45/52 Test #45: pkparse-suite ....................***Exception: SegFault  0.05 sec
      Start 46: pkwrite-suite
46/52 Test #46: pkwrite-suite ....................***Exception: SegFault  0.04 sec
      Start 47: shax-suite
47/52 Test #47: shax-suite .......................   Passed    0.11 sec
      Start 48: rsa-suite
48/52 Test #48: rsa-suite ........................***Exception: SegFault  0.04 sec
      Start 49: version-suite
49/52 Test #49: version-suite ....................   Passed    0.02 sec
      Start 50: xtea-suite
50/52 Test #50: xtea-suite .......................   Passed    0.02 sec
      Start 51: x509parse-suite
51/52 Test #51: x509parse-suite ..................***Exception: SegFault  0.05 sec
      Start 52: x509write-suite
52/52 Test #52: x509write-suite ..................***Exception: SegFault  0.05 sec

77% tests passed, 12 tests failed out of 52

Total Test time (real) =   2.39 sec

The following tests FAILED:
         20 - dhm-suite (SEGFAULT)
         21 - ecp-suite (SEGFAULT)
         22 - ecdh-suite (SEGFAULT)
         23 - ecdsa-suite (SEGFAULT)
         39 - mpi-suite (SEGFAULT)
         42 - pkcs1_v21-suite (SEGFAULT)
         44 - pk-suite (SEGFAULT)
         45 - pkparse-suite (SEGFAULT)
         46 - pkwrite-suite (SEGFAULT)
         48 - rsa-suite (SEGFAULT)
         51 - x509parse-suite (SEGFAULT)
         52 - x509write-suite (SEGFAULT)
Errors while running CTest
ninja: build stopped: subcommand failed.
*** Error 1 in . (/usr/ports/devel/cmake/cmake.port.mk:41 'do-test': @cd /usr/ports/pobj/polarssl-1.3.6/build-sparc64 && exec /usr/bin/env -...)
*** Error 1 in . (/usr/ports/infrastructure/mk/bsd.port.mk:2714 '/usr/ports/pobj/polarssl-1.3.6/build-sparc64/.test_done')
*** Error 1 in /usr/ports/mystuff/security/polarssl (/usr/ports/infrastructure/mk/bsd.port.mk:2419 'test')
ry/bignum.c                                                                   <

gdb -batch -x /home/florian/gdb.cmd test_suite_dhm test_suite_dhm.core
Core was generated by `test_suite_dhm'.
Program terminated with signal 10, Bus error.
#0  mpi_mul_hlp (i=0, s=0x245603c0b4, d=0x245603c2a4, b=10)
    at /usr/ports/pobj/polarssl-1.3.6/polarssl-1.3.6/library/bignum.c:1120
1120        *d += c; c = ( *d < c ); d++;
#0  mpi_mul_hlp (i=0, s=0x245603c0b4, d=0x245603c2a4, b=10)
    at /usr/ports/pobj/polarssl-1.3.6/polarssl-1.3.6/library/bignum.c:1120
#1  0x0000002252b07208 in mpi_mul_mpi (X=0xfffffffffffbb990,
    A=0xfffffffffffbbba0, B=0xfffffffffffbb8b0)
    at /usr/ports/pobj/polarssl-1.3.6/polarssl-1.3.6/library/bignum.c:1151
#2  0x0000002252b072b0 in mpi_mul_int (X=0xfffffffffffbb990,
    A=0xfffffffffffbbba0, b=10)
    at /usr/ports/pobj/polarssl-1.3.6/polarssl-1.3.6/library/bignum.c:1175
#3  0x0000002252b093a4 in mpi_read_string (X=0xfffffffffffbbba0, radix=10,
    s=0xfffffffffffbd01f "23")
    at /usr/ports/pobj/polarssl-1.3.6/polarssl-1.3.6/library/bignum.c:436
#4  0x0000002252b04828 in test_suite_dhm_do_dhm (radix_P=10, input_P=)
    at tests/test_suite_dhm.c:363
#5  0x0000002252b052bc in dispatch_test (cnt=) at tests/test_suite_dhm.c:494
#6  0x0000002252b056f4 in main () at tests/test_suite_dhm.c:688

==================================================

gdb -batch -x /home/florian/gdb.cmd test_suite_ecdh test_suite_ecdh.core
Core was generated by `test_suite_ecdh'.
Program terminated with signal 10, Bus error.
#0  mpi_mul_hlp (i=0, s=0x5127012d94, d=0x533518205c, b=511487955924736632)
    at /usr/ports/pobj/polarssl-1.3.6/polarssl-1.3.6/library/bignum.c:1120
1120        *d += c; c = ( *d < c ); d++;
#0  mpi_mul_hlp (i=0, s=0x5127012d94, d=0x533518205c, b=511487955924736632)
    at /usr/ports/pobj/polarssl-1.3.6/polarssl-1.3.6/library/bignum.c:1120
#1  0x0000005126f07748 in mpi_mul_mpi (X=0xfffffffffffc4f78,
    A=0xfffffffffffc5468, B=0xfffffffffffc5468)
    at /usr/ports/pobj/polarssl-1.3.6/polarssl-1.3.6/library/bignum.c:1151
#2  0x0000005126f0ac2c in ecp_check_pubkey (grp=0xfffffffffffc5400,
    pt=0xfffffffffffc5450)
    at /usr/ports/pobj/polarssl-1.3.6/polarssl-1.3.6/library/ecp.c:1696
#3  0x0000005126f0cfd8 in ecp_mul (grp=0xfffffffffffc5400,
    R=0xfffffffffffc5588, m=0xfffffffffffc5618, P=0xfffffffffffc5450,
    f_rng=0x5126f04820 <rnd_pseudo_rand>, p_rng=0xfffffffffffc54f8)
    at /usr/ports/pobj/polarssl-1.3.6/polarssl-1.3.6/library/ecp.c:1658
#4  0x0000005126f0db08 in ecp_gen_keypair (grp=0xfffffffffffc5400,
    d=0xfffffffffffc5618, Q=0xfffffffffffc5588,
    f_rng=0x5126f04820 <rnd_pseudo_rand>, p_rng=0xfffffffffffc54f8)
    at /usr/ports/pobj/polarssl-1.3.6/polarssl-1.3.6/library/ecp.c:1866
#5  0x0000005126f04aac in test_suite_ecdh_primitive_random (id=)
    at tests/test_suite_ecdh.c:372
#6  0x0000005126f05724 in dispatch_test (cnt=) at tests/test_suite_ecdh.c:574
#7  0x0000005126f05c34 in main () at tests/test_suite_ecdh.c:774

==================================================

gdb -batch -x /home/florian/gdb.cmd test_suite_ecdsa test_suite_ecdsa.core
Core was generated by `test_suite_ecdsa'.
Program terminated with signal 10, Bus error.
#0  mpi_mul_hlp (i=0, s=0x1db8e2730c, d=0x1fc85ce49c, b=511487955924736632)
    at /usr/ports/pobj/polarssl-1.3.6/polarssl-1.3.6/library/bignum.c:1120
1120        *d += c; c = ( *d < c ); d++;
#0  mpi_mul_hlp (i=0, s=0x1db8e2730c, d=0x1fc85ce49c, b=511487955924736632)
    at /usr/ports/pobj/polarssl-1.3.6/polarssl-1.3.6/library/bignum.c:1120
#1  0x0000001db8d0ae68 in mpi_mul_mpi (X=0xfffffffffffdc7c8,
    A=0xfffffffffffdccc8, B=0xfffffffffffdccc8)
    at /usr/ports/pobj/polarssl-1.3.6/polarssl-1.3.6/library/bignum.c:1151
#2  0x0000001db8d0e34c in ecp_check_pubkey (grp=0xfffffffffffdcc60,
    pt=0xfffffffffffdccb0)
    at /usr/ports/pobj/polarssl-1.3.6/polarssl-1.3.6/library/ecp.c:1696
#3  0x0000001db8d106f8 in ecp_mul (grp=0xfffffffffffdcc60,
    R=0xfffffffffffdcda0, m=0xfffffffffffdce18, P=0xfffffffffffdccb0,
    f_rng=0x1db8d07620 <rnd_pseudo_rand>, p_rng=0xfffffffffffdcd58)
    at /usr/ports/pobj/polarssl-1.3.6/polarssl-1.3.6/library/ecp.c:1658
#4  0x0000001db8d11228 in ecp_gen_keypair (grp=0xfffffffffffdcc60,
    d=0xfffffffffffdce18, Q=0xfffffffffffdcda0,
    f_rng=0x1db8d07620 <rnd_pseudo_rand>, p_rng=0xfffffffffffdcd58)
    at /usr/ports/pobj/polarssl-1.3.6/polarssl-1.3.6/library/ecp.c:1866
#5  0x0000001db8d0874c in test_suite_ecdsa_prim_random (id=)
    at tests/test_suite_ecdsa.c:409
#6  0x0000001db8d08c84 in dispatch_test (cnt=) at tests/test_suite_ecdsa.c:695
#7  0x0000001db8d09354 in main () at tests/test_suite_ecdsa.c:949

==================================================

gdb -batch -x /home/florian/gdb.cmd test_suite_ecp test_suite_ecp.core
Core was generated by `test_suite_ecp'.
Program terminated with signal 10, Bus error.
#0  mpi_mul_hlp (i=0, s=0x800d5ee054, d=0x800d5ee234, b=10)
    at /usr/ports/pobj/polarssl-1.3.6/polarssl-1.3.6/library/bignum.c:1120
1120        *d += c; c = ( *d < c ); d++;
#0  mpi_mul_hlp (i=0, s=0x800d5ee054, d=0x800d5ee234, b=10)
    at /usr/ports/pobj/polarssl-1.3.6/polarssl-1.3.6/library/bignum.c:1120
#1  0x0000007e0a80b8e8 in mpi_mul_mpi (X=0xfffffffffffca5b0,
    A=0xfffffffffffca778, B=0xfffffffffffca4d0)
    at /usr/ports/pobj/polarssl-1.3.6/polarssl-1.3.6/library/bignum.c:1151
#2  0x0000007e0a80b990 in mpi_mul_int (X=0xfffffffffffca5b0,
    A=0xfffffffffffca778, b=10)
    at /usr/ports/pobj/polarssl-1.3.6/polarssl-1.3.6/library/bignum.c:1175
#3  0x0000007e0a80da84 in mpi_read_string (X=0xfffffffffffca778, radix=10,
    s=0x7e0a9165e8 "47")
    at /usr/ports/pobj/polarssl-1.3.6/polarssl-1.3.6/library/bignum.c:436
#4  0x0000007e0a811e18 in ecp_group_read_string (grp=0xfffffffffffca770,
    radix=10, p=0x7e0a9165e8 "47", b=0x7e0a9165f0 "4", gx=0x7e0a9165f8 "17",
    gy=0x7e0a916600 "42", n=0x7e0a916608 "13")
    at /usr/ports/pobj/polarssl-1.3.6/polarssl-1.3.6/library/ecp.c:581
#5  0x0000007e0a8081fc in test_suite_ecp_small_add (a_zero=1,
    x_a=0xfffffffffffcad11 "", y_a=0xfffffffffffcad14 "", b_zero=1,
    x_b=0xfffffffffffcad19 "", y_b=0xfffffffffffcad1c "", c_zero=1, x_c=0,
    y_c=0) at tests/test_suite_ecp.c:457
#6  0x0000007e0a808d2c in dispatch_test (cnt=) at tests/test_suite_ecp.c:1191
#7  0x0000007e0a809dd4 in main () at tests/test_suite_ecp.c:1766

==================================================

gdb -batch -x /home/florian/gdb.cmd test_suite_mpi test_suite_mpi.core
Core was generated by `test_suite_mpi'.
Program terminated with signal 10, Bus error.
#0  mpi_mul_hlp (i=0, s=0x4669bc0e4, d=0x4669bc2b4, b=10)
    at /usr/ports/pobj/polarssl-1.3.6/polarssl-1.3.6/library/bignum.c:1120
1120        *d += c; c = ( *d < c ); d++;
#0  mpi_mul_hlp (i=0, s=0x4669bc0e4, d=0x4669bc2b4, b=10)
    at /usr/ports/pobj/polarssl-1.3.6/polarssl-1.3.6/library/bignum.c:1120
#1  0x0000000259f0c008 in mpi_mul_mpi (X=0xfffffffffffc3e80,
    A=0xfffffffffffc3f60, B=0xfffffffffffc3da0)
    at /usr/ports/pobj/polarssl-1.3.6/polarssl-1.3.6/library/bignum.c:1151
#2  0x0000000259f0c0b0 in mpi_mul_int (X=0xfffffffffffc3e80,
    A=0xfffffffffffc3f60, b=10)
    at /usr/ports/pobj/polarssl-1.3.6/polarssl-1.3.6/library/bignum.c:1175
#3  0x0000000259f0e1a4 in mpi_read_string (X=0xfffffffffffc3f60, radix=10,
    s=0xfffffffffffc475a "128")
    at /usr/ports/pobj/polarssl-1.3.6/polarssl-1.3.6/library/bignum.c:436
#4  0x0000000259f07970 in test_suite_mpi_read_write_string (radix_X=10,
    input_X=0xfffffffffffc475a "128", radix_A=10,
    input_A=0xfffffffffffc4763 "128", output_size=100, result_read=0,
    result_write=0) at tests/test_suite_mpi.c:414
#5  0x0000000259f08200 in dispatch_test (cnt=) at tests/test_suite_mpi.c:1146
#6  0x0000000259f0a4f4 in main () at tests/test_suite_mpi.c:2322

==================================================

gdb -batch -x /home/florian/gdb.cmd test_suite_pk test_suite_pk.core
Core was generated by `test_suite_pk'.
Program terminated with signal 10, Bus error.
#0  mpi_mul_hlp (i=0, s=0x79baef2994, d=0x79beb8e094, b=345400893593270602)
    at /usr/ports/pobj/polarssl-1.3.6/polarssl-1.3.6/library/bignum.c:1120
1120        *d += c; c = ( *d < c ); d++;
#0  mpi_mul_hlp (i=0, s=0x79baef2994, d=0x79beb8e094, b=345400893593270602)
    at /usr/ports/pobj/polarssl-1.3.6/polarssl-1.3.6/library/bignum.c:1120
#1  0x00000077b730e948 in mpi_mul_mpi (X=0xfffffffffffd5020,
    A=0xfffffffffffd5050, B=0xfffffffffffd4ee0)
    at /usr/ports/pobj/polarssl-1.3.6/polarssl-1.3.6/library/bignum.c:1151
#2  0x00000077b730e9f0 in mpi_mul_int (X=0xfffffffffffd5020,
    A=0xfffffffffffd5050, b=345400893593270602)
    at /usr/ports/pobj/polarssl-1.3.6/polarssl-1.3.6/library/bignum.c:1175
#3  0x00000077b730f4bc in mpi_div_mpi (Q=0x0, R=0xfffffffffffd5e68,
    A=0xfffffffffffd5e68, B=0xfffffffffffd6088)
    at /usr/ports/pobj/polarssl-1.3.6/polarssl-1.3.6/library/bignum.c:1315
#4  0x00000077b730f6b4 in mpi_mod_mpi (R=0xfffffffffffd5e68,
    A=0xfffffffffffd5e68, B=0xfffffffffffd6088)
    at /usr/ports/pobj/polarssl-1.3.6/polarssl-1.3.6/library/bignum.c:1378
#5  0x00000077b7310130 in mpi_exp_mod (X=0xfffffffffffd5f60,
    A=0xfffffffffffd5f60, E=0xfffffffffffd5f90, N=0xfffffffffffd6088,
    _RR=0xfffffffffffd5f48)
    at /usr/ports/pobj/polarssl-1.3.6/polarssl-1.3.6/library/bignum.c:1574
#6  0x00000077b73103cc in mpi_miller_rabin (X=0xfffffffffffd6088,
    f_rng=0x77b730a720 <rnd_std_rand>, p_rng=0x0)
    at /usr/ports/pobj/polarssl-1.3.6/polarssl-1.3.6/library/bignum.c:1994
#7  0x00000077b73105c8 in mpi_is_prime (X=0x79c16f2458,
    f_rng=0x77b730a720 <rnd_std_rand>, p_rng=0x0)
    at /usr/ports/pobj/polarssl-1.3.6/polarssl-1.3.6/library/bignum.c:2058
#8  0x00000077b731093c in mpi_gen_prime (X=0x79c16f2458, nbits=256, dh_flag=0,
    f_rng=0x77b730a720 <rnd_std_rand>, p_rng=0x0)
    at /usr/ports/pobj/polarssl-1.3.6/polarssl-1.3.6/library/bignum.c:2090
#9  0x00000077b73210e0 in rsa_gen_key (ctx=0x79c16f2400,
    f_rng=0x77b730a720 <rnd_std_rand>, p_rng=0x0, nbits=512, exponent=3)
    at /usr/ports/pobj/polarssl-1.3.6/polarssl-1.3.6/library/rsa.c:103
#10 0x00000077b730bab8 in test_suite_pk_utils (type=1, size=512, len=64,
    name=0xfffffffffffd6771 "RSA") at tests/test_suite_pk.c:451
#11 0x00000077b730c364 in dispatch_test (cnt=) at tests/test_suite_pk.c:857
#12 0x00000077b730ce34 in main () at tests/test_suite_pk.c:1212

==================================================

gdb -batch -x /home/florian/gdb.cmd test_suite_pkcs1_v21 test_suite_pkcs1.core
Core was generated by `test_suite_pkcs1'.
Program terminated with signal 10, Bus error.
#0  mpi_mul_hlp (i=0, s=0x91d4c29644, d=0x91cea10e44, b=6676306710156792596)
    at /usr/ports/pobj/polarssl-1.3.6/polarssl-1.3.6/library/bignum.c:1120
1120        *d += c; c = ( *d < c ); d++;
#0  mpi_mul_hlp (i=0, s=0x91d4c29644, d=0x91cea10e44, b=6676306710156792596)
    at /usr/ports/pobj/polarssl-1.3.6/polarssl-1.3.6/library/bignum.c:1120
#1  0x0000008fca50b148 in mpi_mul_mpi (X=0xffffffffffff3530,
    A=0xffffffffffff3560, B=0xffffffffffff33f0)
    at /usr/ports/pobj/polarssl-1.3.6/polarssl-1.3.6/library/bignum.c:1151
#2  0x0000008fca50b1f0 in mpi_mul_int (X=0xffffffffffff3530,
    A=0xffffffffffff3560, b=6676306710156792596)
    at /usr/ports/pobj/polarssl-1.3.6/polarssl-1.3.6/library/bignum.c:1175
#3  0x0000008fca50bcbc in mpi_div_mpi (Q=0x0, R=0xffffffffffff4378,
    A=0xffffffffffff4378, B=0xffffffffffff4718)
    at /usr/ports/pobj/polarssl-1.3.6/polarssl-1.3.6/library/bignum.c:1315
#4  0x0000008fca50beb4 in mpi_mod_mpi (R=0xffffffffffff4378,
    A=0xffffffffffff4378, B=0xffffffffffff4718)
    at /usr/ports/pobj/polarssl-1.3.6/polarssl-1.3.6/library/bignum.c:1378
#5  0x0000008fca50c930 in mpi_exp_mod (X=0xffffffffffff4458,
    A=0xffffffffffff4458, E=0xffffffffffff4730, N=0xffffffffffff4718,
    _RR=0xffffffffffff47d8)
    at /usr/ports/pobj/polarssl-1.3.6/polarssl-1.3.6/library/bignum.c:1574
#6  0x0000008fca5142bc in rsa_public (ctx=0xffffffffffff4708, input=)
    at /usr/ports/pobj/polarssl-1.3.6/polarssl-1.3.6/library/rsa.c:261
#7  0x0000008fca515920 in rsa_rsaes_oaep_encrypt (ctx=0xffffffffffff4708,
    f_rng=0x8fca507fe0 <rnd_buffer_rand>, p_rng=0xffffffffffff4858, mode=0,
    label=0x0, label_len=0, ilen=)
    at /usr/ports/pobj/polarssl-1.3.6/polarssl-1.3.6/library/rsa.c:550
#8  0x0000008fca5159c4 in rsa_pkcs1_encrypt (ctx=0xffffffffffff4708,
    f_rng=0x8fca507fe0 <rnd_buffer_rand>, p_rng=0xffffffffffff4858, mode=0,
    ilen=16, input=0xffffffffffff5420 "�6�\225i�2�Ƞ[�\220�,I",
    output=0xffffffffffff5038 "")
    at /usr/ports/pobj/polarssl-1.3.6/polarssl-1.3.6/library/rsa.c:639
#9  0x0000008fca508794 in test_suite_pkcs1_rsaes_oaep_encrypt (mod=)
    at tests/test_suite_pkcs1_v21.c:395
#10 0x0000008fca508ecc in dispatch_test (cnt=)
    at tests/test_suite_pkcs1_v21.c:611
#11 0x0000008fca509634 in main () at tests/test_suite_pkcs1_v21.c:890

==================================================

gdb -batch -x /home/florian/gdb.cmd test_suite_pkparse test_suite_pkpar.core
Core was generated by `test_suite_pkpar'.
Program terminated with signal 10, Bus error.
#0  mpi_mul_hlp (i=0, s=0x5259a1ad04, d=0x52510b9464, b=5031858120624701440)
    at /usr/ports/pobj/polarssl-1.3.6/polarssl-1.3.6/library/bignum.c:1120
1120        *d += c; c = ( *d < c ); d++;
#0  mpi_mul_hlp (i=0, s=0x5259a1ad04, d=0x52510b9464, b=5031858120624701440)
    at /usr/ports/pobj/polarssl-1.3.6/polarssl-1.3.6/library/bignum.c:1120
#1  0x000000504f71e228 in mpi_mul_mpi (X=0xfffffffffffc04f0,
    A=0xfffffffffffc0520, B=0xfffffffffffc03b0)
    at /usr/ports/pobj/polarssl-1.3.6/polarssl-1.3.6/library/bignum.c:1151
#2  0x000000504f71e2d0 in mpi_mul_int (X=0xfffffffffffc04f0,
    A=0xfffffffffffc0520, b=5031858120624701440)
    at /usr/ports/pobj/polarssl-1.3.6/polarssl-1.3.6/library/bignum.c:1175
#3  0x000000504f71ed9c in mpi_div_mpi (Q=0xfffffffffffc06a8,
    R=0xfffffffffffc0690, A=0xfffffffffffc0708, B=0xfffffffffffc06c0)
    at /usr/ports/pobj/polarssl-1.3.6/polarssl-1.3.6/library/bignum.c:1315
#4  0x000000504f719194 in rsa_check_privkey (ctx=0x5259a1da00)
    at /usr/ports/pobj/polarssl-1.3.6/polarssl-1.3.6/library/rsa.c:204
#5  0x000000504f716368 in pk_parse_key_pkcs1_der (rsa=0x5259a1da00, key=)
    at /usr/ports/pobj/polarssl-1.3.6/polarssl-1.3.6/library/pkparse.c:695
#6  0x000000504f716bec in pk_parse_key (pk=0xfffffffffffc0ad0,
    key=0x5253839800 "-----BEGIN RSA PRIVATE KEY-----\nProc-Type: 4,ENCRYPTED\nDEK-Info: DES-EDE3-CBC,A8A95B05D5B7206B\n\n9Qd9GeArejl1GDVh2lLV1bHt0cPtfbh5h/5zVpAVaFpqtSPMrElp50Rntn9et+JA\n7VOyboR+Iy2t/HU4WvA687k3Bppe9GwKHjHhtl/"...,
    keylen=1751, pwd=0xfffffffffffc0e7f "PolarSSLTest", pwdlen=12)
    at /usr/ports/pobj/polarssl-1.3.6/polarssl-1.3.6/library/pkparse.c:1055
#7  0x000000504f71732c in pk_parse_keyfile (ctx=0xfffffffffffc0ad0, path=)
    at /usr/ports/pobj/polarssl-1.3.6/polarssl-1.3.6/library/pkparse.c:120
#8  0x000000504f70d944 in test_suite_pk_parse_keyfile_rsa (
    key_file=0xfffffffffffc0e66 "data_files/test-ca.key", password=)
    at tests/test_suite_pkparse.c:384
#9  0x000000504f70dd54 in dispatch_test (cnt=)
    at tests/test_suite_pkparse.c:714
#10 0x000000504f70e2f4 in main () at tests/test_suite_pkparse.c:966

==================================================

gdb -batch -x /home/florian/gdb.cmd test_suite_pkwrite test_suite_pkwri.core
Core was generated by `test_suite_pkwri'.
Program terminated with signal 10, Bus error.
#0  mpi_mul_hlp (i=0, s=0xdf8f141cec, d=0xdf8fa7e81c, b=634973310310714138)
    at /usr/ports/pobj/polarssl-1.3.6/polarssl-1.3.6/library/bignum.c:1120
1120        *d += c; c = ( *d < c ); d++;
#0  mpi_mul_hlp (i=0, s=0xdf8f141cec, d=0xdf8fa7e81c, b=634973310310714138)
    at /usr/ports/pobj/polarssl-1.3.6/polarssl-1.3.6/library/bignum.c:1120
#1  0x000000dd89f181a8 in mpi_mul_mpi (X=0xffffffffffff2f08, A=0xdf8d014528,
    B=0xdf8d014528)
    at /usr/ports/pobj/polarssl-1.3.6/polarssl-1.3.6/library/bignum.c:1151
#2  0x000000dd89f1b68c in ecp_check_pubkey (grp=0xdf8d014400, pt=0xdf8d014510)
    at /usr/ports/pobj/polarssl-1.3.6/polarssl-1.3.6/library/ecp.c:1696
#3  0x000000dd89f0f234 in pk_get_ecpubkey (p=0xffffffffffff31c8,
    end=0xdf8f142e4b "", key=0xdf8d014400)
    at /usr/ports/pobj/polarssl-1.3.6/polarssl-1.3.6/library/pkparse.c:475
#4  0x000000dd89f0fe70 in pk_parse_subpubkey (p=0xffffffffffff31c8,
    end=0xdf8f142e4b "", pk=0xffffffffffff3368)
    at /usr/ports/pobj/polarssl-1.3.6/polarssl-1.3.6/library/pkparse.c:609
#5  0x000000dd89f0ff9c in pk_parse_public_key (ctx=0xffffffffffff3368,
    key=0xdf8f142e00 "0I0\023\006\a*\206H�=\002\001\006\b*\206H�=\003\001\001\0032", keylen=75)
    at /usr/ports/pobj/polarssl-1.3.6/polarssl-1.3.6/library/pkparse.c:1230
#6  0x000000dd89f10110 in pk_parse_public_keyfile (ctx=0xffffffffffff3368,
    path=)
    at /usr/ports/pobj/polarssl-1.3.6/polarssl-1.3.6/library/pkparse.c:141
#7  0x000000dd89f0d414 in test_suite_pk_write_pubkey_check (
    key_file=0xffffffffffff5e07 "data_files/ec_pub.pem")
    at tests/test_suite_pkwrite.c:352
#8  0x000000dd89f0d648 in dispatch_test (cnt=)
    at tests/test_suite_pkwrite.c:462
#9  0x000000dd89f0da34 in main () at tests/test_suite_pkwrite.c:629

==================================================

gdb -batch -x /home/florian/gdb.cmd test_suite_rsa test_suite_rsa.core
Core was generated by `test_suite_rsa'.
Program terminated with signal 10, Bus error.
#0  mpi_mul_hlp (i=0, s=0x5908a11844, d=0x5905a54444, b=2398933851426340655)
    at /usr/ports/pobj/polarssl-1.3.6/polarssl-1.3.6/library/bignum.c:1120
1120        *d += c; c = ( *d < c ); d++;
#0  mpi_mul_hlp (i=0, s=0x5908a11844, d=0x5905a54444, b=2398933851426340655)
    at /usr/ports/pobj/polarssl-1.3.6/polarssl-1.3.6/library/bignum.c:1120
#1  0x00000056fcc0f9e8 in mpi_mul_mpi (X=0xfffffffffffd0130,
    A=0xfffffffffffd0160, B=0xfffffffffffcfff0)
    at /usr/ports/pobj/polarssl-1.3.6/polarssl-1.3.6/library/bignum.c:1151
#2  0x00000056fcc0fa90 in mpi_mul_int (X=0xfffffffffffd0130,
    A=0xfffffffffffd0160, b=2398933851426340655)
    at /usr/ports/pobj/polarssl-1.3.6/polarssl-1.3.6/library/bignum.c:1175
#3  0x00000056fcc1055c in mpi_div_mpi (Q=0x0, R=0xfffffffffffd0f78,
    A=0xfffffffffffd0f78, B=0xfffffffffffd1460)
    at /usr/ports/pobj/polarssl-1.3.6/polarssl-1.3.6/library/bignum.c:1315
#4  0x00000056fcc10754 in mpi_mod_mpi (R=0xfffffffffffd0f78,
    A=0xfffffffffffd0f78, B=0xfffffffffffd1460)
    at /usr/ports/pobj/polarssl-1.3.6/polarssl-1.3.6/library/bignum.c:1378
#5  0x00000056fcc111d0 in mpi_exp_mod (X=0xfffffffffffd1058,
    A=0xfffffffffffd1058, E=0xfffffffffffd1478, N=0xfffffffffffd1460,
    _RR=0xfffffffffffd1520)
    at /usr/ports/pobj/polarssl-1.3.6/polarssl-1.3.6/library/bignum.c:1574
#6  0x00000056fcc19f5c in rsa_public (ctx=0xfffffffffffd1450, input=)
    at /usr/ports/pobj/polarssl-1.3.6/polarssl-1.3.6/library/rsa.c:261
#7  0x00000056fcc1a3d8 in rsa_rsassa_pkcs1_v15_verify (ctx=0xfffffffffffd1450,
    f_rng=) at /usr/ports/pobj/polarssl-1.3.6/polarssl-1.3.6/library/rsa.c:1234
#8  0x00000056fcc0bc58 in test_suite_rsa_pkcs1_verify (
    message_hex_string=0xfffffffffffd25a2 "d6248c3e96b1a7e5fea978870fcc4c9786b4e5156e16b7faef4557d667f730b8bc4c784ef00c624df5309513c3a5de8ca94c2152e0459618666d3148092562ebc256ffca45b27fd2d63c68bd5e0a0aefbe496e9e63838a361b1db6fc272464f191490bf9"..., padding_mode=) at tests/test_suite_rsa.c:505
#9  0x00000056fcc0ca34 in dispatch_test (cnt=) at tests/test_suite_rsa.c:1154
#10 0x00000056fcc0ded4 in main () at tests/test_suite_rsa.c:1714

==================================================

gdb -batch -x /home/florian/gdb.cmd test_suite_x509parse test_suite_x509p.core
Core was generated by `test_suite_x509p'.
Program terminated with signal 10, Bus error.
#0  mpi_mul_hlp (i=0, s=0xfb371bc4ac, d=0xfb37eea29c, b=4934815707813388036)
    at /usr/ports/pobj/polarssl-1.3.6/polarssl-1.3.6/library/bignum.c:1120
1120        *d += c; c = ( *d < c ); d++;
#0  mpi_mul_hlp (i=0, s=0xfb371bc4ac, d=0xfb37eea29c, b=4934815707813388036)
    at /usr/ports/pobj/polarssl-1.3.6/polarssl-1.3.6/library/bignum.c:1120
#1  0x000000f92ab189e8 in mpi_mul_mpi (X=0xfffffffffffceb98, A=0xfb37063328,
    B=0xfb37063328)
    at /usr/ports/pobj/polarssl-1.3.6/polarssl-1.3.6/library/bignum.c:1151
#2  0x000000f92ab34f4c in ecp_check_pubkey (grp=0xfb37063200, pt=0xfb37063310)
    at /usr/ports/pobj/polarssl-1.3.6/polarssl-1.3.6/library/ecp.c:1696
#3  0x000000f92ab20b94 in pk_get_ecpubkey (p=0xfffffffffffceec8,
    end=0xfb37eec4fd "�\201\2220\201\2170\t\006\003U\035\023\004\0020",
    key=0xfb37063200)
    at /usr/ports/pobj/polarssl-1.3.6/polarssl-1.3.6/library/pkparse.c:475
#4  0x000000f92ab217d0 in pk_parse_subpubkey (p=0xfffffffffffceec8,
    end=0xfb37eec4fd "�\201\2220\201\2170\t\006\003U\035\023\004\0020",
    pk=0xfffffffffffcf2a8)
    at /usr/ports/pobj/polarssl-1.3.6/polarssl-1.3.6/library/pkparse.c:609
#5  0x000000f92ab15180 in x509_crt_parse_der (chain=0xfffffffffffcf170, buf=)
    at /usr/ports/pobj/polarssl-1.3.6/polarssl-1.3.6/library/x509_crt.c:673
#6  0x000000f92ab15960 in x509_crt_parse (chain=0xfffffffffffcf170,
    buf=0xfb37eedfcd "", buflen=0)
    at /usr/ports/pobj/polarssl-1.3.6/polarssl-1.3.6/library/x509_crt.c:889
#7  0x000000f92ab15a10 in x509_crt_parse_file (chain=0xfffffffffffcf170, path=)
    at /usr/ports/pobj/polarssl-1.3.6/polarssl-1.3.6/library/x509_crt.c:934
#8  0x000000f92ab0ff18 in test_suite_x509_cert_info (
    crt_file=0xfffffffffffcff20 "data_files/server3.crt",
    result_str=0xfffffffffffcff39 "cert. version     : 3\nserial number     : 0D\nissuer name       : C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name      : C=NL, O=PolarSSL, CN=localhost\nissued  on        : 2013-08-09 09:17:03\nexpire"...) at tests/test_suite_x509parse.c:975
#9  0x000000f92ab115a8 in dispatch_test (cnt=)
    at tests/test_suite_x509parse.c:1466
#10 0x000000f92ab12114 in main () at tests/test_suite_x509parse.c:1957

==================================================

gdb -batch -x /home/florian/gdb.cmd test_suite_x509write test_suite_x509w.core
Core was generated by `test_suite_x509w'.
Program terminated with signal 10, Bus error.
#0  mpi_mul_hlp (i=0, s=0x17d7100b04, d=0x17d66ee664, b=5916299654043009024)
    at /usr/ports/pobj/polarssl-1.3.6/polarssl-1.3.6/library/bignum.c:1120
1120        *d += c; c = ( *d < c ); d++;
#0  mpi_mul_hlp (i=0, s=0x17d7100b04, d=0x17d66ee664, b=5916299654043009024)
    at /usr/ports/pobj/polarssl-1.3.6/polarssl-1.3.6/library/bignum.c:1120
#1  0x00000015cb911548 in mpi_mul_mpi (X=0xfffffffffffb9ab0,
    A=0xfffffffffffb9ae0, B=0xfffffffffffb9970)
    at /usr/ports/pobj/polarssl-1.3.6/polarssl-1.3.6/library/bignum.c:1151
#2  0x00000015cb9115f0 in mpi_mul_int (X=0xfffffffffffb9ab0,
    A=0xfffffffffffb9ae0, b=5916299654043009024)
    at /usr/ports/pobj/polarssl-1.3.6/polarssl-1.3.6/library/bignum.c:1175
#3  0x00000015cb9120bc in mpi_div_mpi (Q=0xfffffffffffb9c68,
    R=0xfffffffffffb9c50, A=0xfffffffffffb9cc8, B=0xfffffffffffb9c80)
    at /usr/ports/pobj/polarssl-1.3.6/polarssl-1.3.6/library/bignum.c:1315
#4  0x00000015cb918474 in rsa_check_privkey (ctx=0x17d7102c00)
    at /usr/ports/pobj/polarssl-1.3.6/polarssl-1.3.6/library/rsa.c:204
#5  0x00000015cb915648 in pk_parse_key_pkcs1_der (rsa=0x17d7102c00, key=)
    at /usr/ports/pobj/polarssl-1.3.6/polarssl-1.3.6/library/pkparse.c:695
#6  0x00000015cb915ecc in pk_parse_key (pk=0xfffffffffffba0f8,
    key=0x17d0e58000 "-----BEGIN RSA PRIVATE KEY-----\nMIIEogIBAAKCAQEAqQIfPUBq1VVTi/027oJlLhVhXom/uOhFkNvuiBZS0/FDUEeW\nEllkh2v9K+BG+XO+3c+S4ZFb7Wagb4kpeUWA0INq1UFDd185fAkER4KwVzlw7aPs\nFRkeqDMIR8EFQqn9TMO0390GH00QUUBncxMPQP"...,
    keylen=1675, pwd=0x0, pwdlen=0)
    at /usr/ports/pobj/polarssl-1.3.6/polarssl-1.3.6/library/pkparse.c:1055
#7  0x00000015cb916648 in pk_parse_keyfile (ctx=0xfffffffffffba0f8, path=)
    at /usr/ports/pobj/polarssl-1.3.6/polarssl-1.3.6/library/pkparse.c:118
#8  0x00000015cb90ecf0 in test_suite_x509_csr_check (
    key_file=0xfffffffffffbc460 "data_files/server1.key",
    cert_req_check_file=0xfffffffffffbc479 "data_files/server1.req.sha1",
    md_type=4, key_usage=0, cert_type=0) at tests/test_suite_x509write.c:504
#9  0x00000015cb90f4b4 in dispatch_test (cnt=)
    at tests/test_suite_x509write.c:747
#10 0x00000015cb90fa34 in main () at tests/test_suite_x509write.c:948

==================================================

--
I'm not entirely sure you are real.

Reply | Threaded
Open this post in threaded view
|

Re: NEW: security/polarssl

David Coppa
In reply to this post by Stuart Henderson-6
On Thu, 17 Apr 2014, Stuart Henderson wrote:

> I was looking at this too as it has some OpenSSL interop tests
> which it would be useful for us to be able to run.  I've attached what
> I have so far for this, but it's not ready yet; it only builds a static
> library

Here's a fix to build the shared library.

Ciao,
David

polarssl-shared_libs.tgz (1K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: NEW: security/polarssl

Stuart Henderson-6
In reply to this post by Joachim Schipper-2
Pulling some things together;

- pull across Joachim's rand fixes
- rename binaries, similar to diff from benoit@ but with less patching
of CMakefiles
- enable shared libs on arch where they're supported (similar to
diff from dcoppa@)
- BROKEN-sparc64 as reported by florian@

This is in good shape to go in. OK to import?



polarssl.tgz (3K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: NEW: security/polarssl

David Coppa
On Fri, Apr 18, 2014 at 1:24 PM, Stuart Henderson <[hidden email]> wrote:

> Pulling some things together;
>
> - pull across Joachim's rand fixes
> - rename binaries, similar to diff from benoit@ but with less patching
> of CMakefiles
> - enable shared libs on arch where they're supported (similar to
> diff from dcoppa@)
> - BROKEN-sparc64 as reported by florian@
>
> This is in good shape to go in. OK to import?

looks fine.
ok dcoppa@

Ciao,
David

Reply | Threaded
Open this post in threaded view
|

Re: NEW: security/polarssl

Joachim Schipper-2
In reply to this post by Stuart Henderson-6
On Fri, Apr 18, 2014 at 12:24:16PM +0100, Stuart Henderson wrote:

> Pulling some things together;
>
> - pull across Joachim's rand fixes
> - rename binaries, similar to diff from benoit@ but with less patching
> of CMakefiles
> - enable shared libs on arch where they're supported (similar to
> diff from dcoppa@)
> - BROKEN-sparc64 as reported by florian@
>
> This is in good shape to go in. OK to import?

I agree that this is, qua port, just fine; but I'd be happier to see the
sample programs a bit further out of the way - polarssl_aescrypt2 looks
fine, but actually encrypts in the very weak ECB mode.

Compare my MULTI_PACKAGES and pkg/SECURITY. Admittedly, I've been
spooked by the quality of the 1.2.x samples, and the 1.3 samples are
_much_ better. I still wouldn't want to rely on them, though...

That said, I'm neither the MAINTAINER nor likely to burn myself, so do
as you wish. ;-)

                Joachim

Reply | Threaded
Open this post in threaded view
|

Re: NEW: security/polarssl

Stuart Henderson-6
On 2014/04/18 17:45, Joachim Schipper wrote:

> On Fri, Apr 18, 2014 at 12:24:16PM +0100, Stuart Henderson wrote:
> > Pulling some things together;
> >
> > - pull across Joachim's rand fixes
> > - rename binaries, similar to diff from benoit@ but with less patching
> > of CMakefiles
> > - enable shared libs on arch where they're supported (similar to
> > diff from dcoppa@)
> > - BROKEN-sparc64 as reported by florian@
> >
> > This is in good shape to go in. OK to import?
>
> I agree that this is, qua port, just fine; but I'd be happier to see the
> sample programs a bit further out of the way - polarssl_aescrypt2 looks
> fine, but actually encrypts in the very weak ECB mode.
>
> Compare my MULTI_PACKAGES and pkg/SECURITY. Admittedly, I've been
> spooked by the quality of the 1.2.x samples, and the 1.3 samples are
> _much_ better. I still wouldn't want to rely on them, though...
>
> That said, I'm neither the MAINTAINER nor likely to burn myself, so do
> as you wish. ;-)
>
> Joachim
>

How's this?  We don't use pkg/SECURITY files any more (and they weren't
installed anyway, so not visible to package users).


Index: Makefile
===================================================================
RCS file: /cvs/ports/security/polarssl/Makefile,v
retrieving revision 1.1.1.1
diff -u -p -r1.1.1.1 Makefile
--- Makefile 18 Apr 2014 11:37:02 -0000 1.1.1.1
+++ Makefile 18 Apr 2014 16:03:54 -0000
@@ -5,6 +5,7 @@ BROKEN-sparc64= problems with mpi_mul_hl
 COMMENT= SSL library with an intuitive API and readable source code
 
 DISTNAME= polarssl-1.3.6
+REVISION= 0
 EXTRACT_SUFX= -gpl.tgz
 
 SHARED_LIBS += polarssl                  0.0 # 1.3
@@ -33,6 +34,9 @@ post-install:
  ${INSTALL_DATA_DIR} ${PREFIX}/share/doc/polarssl
  cd ${WRKSRC}; ${INSTALL_DATA} README.rst ChangeLog \
     ${PREFIX}/share/doc/polarssl
- find ${PREFIX}/bin -type f -execdir mv {} polarssl_{} \;
+ mv ${PREFIX}/bin ${PREFIX}/share/examples/polarssl
+ (echo "These programs are useful code samples for a crypto expert, but";\
+ echo "should not be relied upon by the normal end-user.") \
+ > ${PREFIX}/share/examples/polarssl/readme.txt
 
 .include <bsd.port.mk>
Index: pkg/PLIST
===================================================================
RCS file: /cvs/ports/security/polarssl/pkg/PLIST,v
retrieving revision 1.1.1.1
diff -u -p -r1.1.1.1 PLIST
--- pkg/PLIST 18 Apr 2014 11:37:02 -0000 1.1.1.1
+++ pkg/PLIST 18 Apr 2014 16:03:54 -0000
@@ -1,47 +1,4 @@
 @comment $OpenBSD: PLIST,v 1.1.1.1 2014/04/18 11:37:02 sthen Exp $
-@bin bin/polarssl_aescrypt2
-@bin bin/polarssl_benchmark
-@bin bin/polarssl_cert_app
-@bin bin/polarssl_cert_req
-@bin bin/polarssl_cert_write
-@bin bin/polarssl_crl_app
-@bin bin/polarssl_crypt_and_hash
-@bin bin/polarssl_dh_client
-@bin bin/polarssl_dh_genprime
-@bin bin/polarssl_dh_server
-@bin bin/polarssl_gen_entropy
-@bin bin/polarssl_gen_key
-@bin bin/polarssl_gen_random_ctr_drbg
-@bin bin/polarssl_gen_random_havege
-@bin bin/polarssl_generic_sum
-@bin bin/polarssl_hello
-@bin bin/polarssl_key_app
-@bin bin/polarssl_md5sum
-@bin bin/polarssl_mpi_demo
-@bin bin/polarssl_o_p_test
-@bin bin/polarssl_pem2der
-@bin bin/polarssl_pk_decrypt
-@bin bin/polarssl_pk_encrypt
-@bin bin/polarssl_pk_sign
-@bin bin/polarssl_pk_verify
-@bin bin/polarssl_req_app
-@bin bin/polarssl_rsa_decrypt
-@bin bin/polarssl_rsa_encrypt
-@bin bin/polarssl_rsa_genkey
-@bin bin/polarssl_rsa_sign
-@bin bin/polarssl_rsa_verify
-@bin bin/polarssl_selftest
-@bin bin/polarssl_sha1sum
-@bin bin/polarssl_sha2sum
-@bin bin/polarssl_ssl_cert_test
-@bin bin/polarssl_ssl_client1
-@bin bin/polarssl_ssl_client2
-@bin bin/polarssl_ssl_fork_server
-@bin bin/polarssl_ssl_mail_client
-@bin bin/polarssl_ssl_pthread_server
-@bin bin/polarssl_ssl_server
-@bin bin/polarssl_ssl_test
-@bin bin/polarssl_strerror
 include/polarssl/
 include/polarssl/aes.h
 include/polarssl/aesni.h
@@ -111,3 +68,48 @@ lib/libpolarssl.a
 share/doc/polarssl/
 share/doc/polarssl/ChangeLog
 share/doc/polarssl/README.rst
+share/examples/polarssl/
+@bin share/examples/polarssl/aescrypt2
+@bin share/examples/polarssl/benchmark
+@bin share/examples/polarssl/cert_app
+@bin share/examples/polarssl/cert_req
+@bin share/examples/polarssl/cert_write
+@bin share/examples/polarssl/crl_app
+@bin share/examples/polarssl/crypt_and_hash
+@bin share/examples/polarssl/dh_client
+@bin share/examples/polarssl/dh_genprime
+@bin share/examples/polarssl/dh_server
+@bin share/examples/polarssl/gen_entropy
+@bin share/examples/polarssl/gen_key
+@bin share/examples/polarssl/gen_random_ctr_drbg
+@bin share/examples/polarssl/gen_random_havege
+@bin share/examples/polarssl/generic_sum
+@bin share/examples/polarssl/hello
+@bin share/examples/polarssl/key_app
+@bin share/examples/polarssl/md5sum
+@bin share/examples/polarssl/mpi_demo
+@bin share/examples/polarssl/o_p_test
+@bin share/examples/polarssl/pem2der
+@bin share/examples/polarssl/pk_decrypt
+@bin share/examples/polarssl/pk_encrypt
+@bin share/examples/polarssl/pk_sign
+@bin share/examples/polarssl/pk_verify
+share/examples/polarssl/readme.txt
+@bin share/examples/polarssl/req_app
+@bin share/examples/polarssl/rsa_decrypt
+@bin share/examples/polarssl/rsa_encrypt
+@bin share/examples/polarssl/rsa_genkey
+@bin share/examples/polarssl/rsa_sign
+@bin share/examples/polarssl/rsa_verify
+@bin share/examples/polarssl/selftest
+@bin share/examples/polarssl/sha1sum
+@bin share/examples/polarssl/sha2sum
+@bin share/examples/polarssl/ssl_cert_test
+@bin share/examples/polarssl/ssl_client1
+@bin share/examples/polarssl/ssl_client2
+@bin share/examples/polarssl/ssl_fork_server
+@bin share/examples/polarssl/ssl_mail_client
+@bin share/examples/polarssl/ssl_pthread_server
+@bin share/examples/polarssl/ssl_server
+@bin share/examples/polarssl/ssl_test
+@bin share/examples/polarssl/strerror

Reply | Threaded
Open this post in threaded view
|

Re: NEW: security/polarssl

Joachim Schipper-2
On Fri, Apr 18, 2014 at 05:06:47PM +0100, Stuart Henderson wrote:

> On 2014/04/18 17:45, Joachim Schipper wrote:
> > On Fri, Apr 18, 2014 at 12:24:16PM +0100, Stuart Henderson wrote:
> > > Pulling some things together;
> > >
> > > - pull across Joachim's rand fixes
> > > - rename binaries, similar to diff from benoit@ but with less patching
> > > of CMakefiles
> > > - enable shared libs on arch where they're supported (similar to
> > > diff from dcoppa@)
> > > - BROKEN-sparc64 as reported by florian@
> > >
> > > This is in good shape to go in. OK to import?
> >
> > I agree that this is, qua port, just fine; but I'd be happier to see the
> > sample programs a bit further out of the way - polarssl_aescrypt2 looks
> > fine, but actually encrypts in the very weak ECB mode.
> >
> > Compare my MULTI_PACKAGES and pkg/SECURITY. Admittedly, I've been
> > spooked by the quality of the 1.2.x samples, and the 1.3 samples are
> > _much_ better. I still wouldn't want to rely on them, though...
>
> How's this?  We don't use pkg/SECURITY files any more (and they weren't
> installed anyway, so not visible to package users).

Yes, that looks fine to me (and builds, etc.) You might consider
README.txt or ReadMe.txt instead of readme.txt; those names sort before
the rest of the programs in the "C" locale. But I'm happy either way.

(I haven't kept up with OpenBSD lately. I'll try to find more time.)

                Joachim

--- Makefile.orig Fri Apr 18 18:37:08 2014
+++ Makefile Fri Apr 18 18:37:14 2014
@@ -37,6 +37,6 @@
  mv ${PREFIX}/bin ${PREFIX}/share/examples/polarssl
  (echo "These programs are useful code samples for a crypto expert, but";\
  echo "should not be relied upon by the normal end-user.") \
- > ${PREFIX}/share/examples/polarssl/readme.txt
+ > ${PREFIX}/share/examples/polarssl/README.txt
 
 .include <bsd.port.mk>