Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/net-misc/stunnel/files/stunnel-4.04-blinding.patch
diff options
context:
space:
mode:
Diffstat (limited to 'net-misc/stunnel/files/stunnel-4.04-blinding.patch')
-rw-r--r--net-misc/stunnel/files/stunnel-4.04-blinding.patch91
1 files changed, 91 insertions, 0 deletions
diff --git a/net-misc/stunnel/files/stunnel-4.04-blinding.patch b/net-misc/stunnel/files/stunnel-4.04-blinding.patch
new file mode 100644
index 000000000000..44edbd388005
--- /dev/null
+++ b/net-misc/stunnel/files/stunnel-4.04-blinding.patch
@@ -0,0 +1,91 @@
+diff -cr stunnel-4.04/src/client.c stunnel-4.04.new/src/client.c
+*** stunnel-4.04/src/client.c Wed Jan 1 11:04:39 2003
+--- stunnel-4.04.new/src/client.c Fri Mar 21 09:21:38 2003
+***************
+*** 234,239 ****
+--- 234,246 ----
+ sslerror("SSL_new");
+ return -1;
+ }
++
++ /* Set blinding iff it's not built into our OpenSSL version */
++ #if SSLEAY_VERSION_NUMBER <= 0x0090701fL
++ set_rsa_blinding(c->ssl);
++ #endif
++
++
+ #if SSLEAY_VERSION_NUMBER >= 0x0922
+ SSL_set_session_id_context(c->ssl, sid_ctx, strlen(sid_ctx));
+ #endif
+***************
+*** 913,917 ****
+--- 920,957 ----
+ if(setsockopt(fd, SOL_SOCKET, SO_LINGER, (void *)&l, sizeof(l)))
+ log_error(LOG_DEBUG, get_last_socket_error(), txt);
+ }
++
++
++ int set_rsa_blinding(SSL *ssl) {
++ #ifndef NO_RSA
++
++ /* Turn on blinding iff using RSA */
++
++ RSA *rsa;
++ EVP_PKEY *pkey;
++
++ if ( (pkey = SSL_get_privatekey(ssl)) ) {
++ if ( (rsa = EVP_PKEY_get1_RSA(pkey)) ) {
++ if ( RSA_blinding_on(rsa,NULL) ) {
++ log(LOG_DEBUG, "RSA blinding enabled");
++ } else {
++ log(LOG_ERR, "Unable to set RSA blinding");
++ sslerror("RSA_blinding_on");
++ exit(1);
++ }
++ /* EVP_PKEY_get1_RSA ups the count for rsa - free extra */
++ RSA_free(rsa);
++ } else {
++ log(LOG_DEBUG, "Private key is not RSA, no blinding needed");
++ }
++ } else {
++ log(LOG_ERR, "Unable to get access to the SSL private key.");
++ sslerror("SSL_get_privatekey");
++ exit(1);
++ }
++ #endif
++ return(1);
++ }
++
+
+ /* End of client.c */
+diff -cr stunnel-4.04/src/prototypes.h stunnel-4.04.new/src/prototypes.h
+*** stunnel-4.04/src/prototypes.h Thu Mar 20 11:55:05 2003
+--- stunnel-4.04.new/src/prototypes.h Thu Mar 20 11:55:31 2003
+***************
+*** 242,247 ****
+--- 242,248 ----
+
+ void *alloc_client_session(LOCAL_OPTIONS *, int, int);
+ void *client(void *);
++ int set_rsa_blinding(SSL *);
+
+ /**************************************** Prototype for protocol.c */
+
+diff -cr stunnel-4.04/src/ssl.c stunnel-4.04.new/src/ssl.c
+*** stunnel-4.04/src/ssl.c Wed Jan 1 06:07:08 2003
+--- stunnel-4.04.new/src/ssl.c Fri Mar 21 09:18:28 2003
+***************
+*** 367,372 ****
+--- 367,378 ----
+ result=RSA_generate_key(keylen, RSA_F4, NULL);
+ #endif
+ log(LOG_DEBUG, "Temporary RSA key created");
++
++ /* Set blinding iff it's not built into our OpenSSL version */
++ #if SSLEAY_VERSION_NUMBER <= 0x0090701fL
++ RSA_blinding_on(result,NULL);
++ #endif
++
+ return result;
+ }
+