<pre style='margin:0'>
Christopher Nielsen (mascguy) pushed a commit to branch master
in repository macports-ports.
</pre>
<p><a href="https://github.com/macports/macports-ports/commit/63929a13056e05033354004e8cfca010103723bf">https://github.com/macports/macports-ports/commit/63929a13056e05033354004e8cfca010103723bf</a></p>
<pre style="white-space: pre; background: #F8F8F8">The following commit(s) were added to refs/heads/master by this push:
<span style='display:block; white-space:pre;color:#404040;'> new 63929a13056 privoxy: Add variant ecc to use Elliptic Curve Keys
</span>63929a13056 is described below
<span style='display:block; white-space:pre;color:#808000;'>commit 63929a13056e05033354004e8cfca010103723bf
</span>Author: Steven Thomas Smith <s.t.smith@ieee.org>
AuthorDate: Sat Nov 20 10:34:53 2021 -0500
<span style='display:block; white-space:pre;color:#404040;'> privoxy: Add variant ecc to use Elliptic Curve Keys
</span>---
www/privoxy/Portfile | 12 ++++-
www/privoxy/files/patch-openssl.c.diff | 78 +++++++++++++++++++++++++++++++
www/privoxy/files/patch-ssl_common.h.diff | 27 +++++++++++
3 files changed, 116 insertions(+), 1 deletion(-)
<span style='display:block; white-space:pre;color:#808080;'>diff --git a/www/privoxy/Portfile b/www/privoxy/Portfile
</span><span style='display:block; white-space:pre;color:#808080;'>index f6428e19d33..434f705e0a8 100644
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>--- a/www/privoxy/Portfile
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>+++ b/www/privoxy/Portfile
</span><span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -6,7 +6,7 @@ PortGroup perl5 1.0
</span>
name privoxy
version 3.0.32
<span style='display:block; white-space:pre;background:#ffe0e0;'>-revision 7
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+revision 8
</span> categories www security net
platforms darwin
license GPL-2
<span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -475,6 +475,16 @@ certificate authority (CA). As sudo:
</span> "
}
<span style='display:block; white-space:pre;background:#e0ffe0;'>+variant ecc \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ requires https_inspection \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ description {Use Elliptic Curve Keys for HTTPS Inspection.} {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # diff -NaurdwB ./privoxy-orig/openssl.c ./privoxy-new/openssl.c | sed -E -e 's/\.\/privoxy-(orig|new)\//\.\//' > ~/Downloads/patch-openssl.c.diff
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ # diff -NaurdwB ./privoxy-orig/ssl_common.h ./privoxy-new/ssl_common.h | sed -E -e 's/\.\/privoxy-(orig|new)\//\.\//' > ~/Downloads/patch-ssl_common.h.diff
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ patchfiles-append \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ patch-openssl.c.diff \
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ patch-ssl_common.h.diff
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+}
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span> default_variants-append \
+https_inspection
<span style='display:block; white-space:pre;color:#808080;'>diff --git a/www/privoxy/files/patch-openssl.c.diff b/www/privoxy/files/patch-openssl.c.diff
</span>new file mode 100644
<span style='display:block; white-space:pre;color:#808080;'>index 00000000000..d6074029bc1
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>--- /dev/null
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>+++ b/www/privoxy/files/patch-openssl.c.diff
</span><span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -0,0 +1,78 @@
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+--- ./openssl.c 2021-11-20 08:43:13.000000000 -0500
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++++ ./openssl.c 2021-11-20 08:51:13.000000000 -0500
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+@@ -500,6 +500,9 @@
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ case EVP_PKEY_DSA:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ret = BIO_printf(bio, "\n%-" BC "s: %d bits", "DSA key size", EVP_PKEY_bits(pkey));
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ break;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ case EVP_PKEY_EC:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ ret = BIO_printf(bio, "\n%-" BC "s: %d bits", "EC key size", EVP_PKEY_bits(pkey));
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ break;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ default:
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ret = BIO_printf(bio, "\n%-" BC "s: %d bits", "non-RSA/DSA key size", EVP_PKEY_bits(pkey));
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ break;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+@@ -1476,8 +1479,11 @@
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ int ret = 0;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ char* key_file_path;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++#ifndef USE_EVP_PKEY_EC
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ BIGNUM *exp;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ RSA *rsa;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++#else /* #ifndef USE_EVP_PKEY_EC */
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++#endif
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ EVP_PKEY *key;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ key_file_path = make_certs_path(csp->config->certificate_directory,
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+@@ -1496,6 +1502,7 @@
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ return 0;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++#ifndef USE_EVP_PKEY_EC
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ exp = BN_new();
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ rsa = RSA_new();
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ key = EVP_PKEY_new();
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+@@ -1528,7 +1535,18 @@
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ret = -1;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ goto exit;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+-
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++#else /* #ifndef USE_EVP_PKEY_EC */
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ /*
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ * https://www.openssl.org/docs/manmaster/man7/EVP_PKEY-EC.html
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ */
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ key = EVP_EC_gen(EC_GROUP_NAME);
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ if (key == NULL)
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ log_ssl_errors(LOG_LEVEL_ERROR, "EC key generation error");
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ ret = -1;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ goto exit;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++#endif
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ /*
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ * Exporting private key into file
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ */
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+@@ -1544,6 +1562,7 @@
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ /*
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ * Freeing used variables
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ */
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++#ifndef USE_EVP_PKEY_EC
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ if (exp)
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ BN_free(exp);
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+@@ -1552,6 +1571,8 @@
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ RSA_free(rsa);
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++#else /* #ifndef USE_EVP_PKEY_EC */
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++#endif
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ if (key)
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ EVP_PKEY_free(key);
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+@@ -1856,7 +1877,7 @@
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ subject_name = X509_NAME_new();
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ if (!subject_name)
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ {
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+- log_ssl_errors(LOG_LEVEL_ERROR, "RSA key memory allocation failure");
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ log_ssl_errors(LOG_LEVEL_ERROR, "OpenSSL key memory allocation failure");
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ ret = -1;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ goto exit;
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ }
</span><span style='display:block; white-space:pre;color:#808080;'>diff --git a/www/privoxy/files/patch-ssl_common.h.diff b/www/privoxy/files/patch-ssl_common.h.diff
</span>new file mode 100644
<span style='display:block; white-space:pre;color:#808080;'>index 00000000000..9233330b76d
</span><span style='display:block; white-space:pre;background:#ffe0e0;'>--- /dev/null
</span><span style='display:block; white-space:pre;background:#e0e0ff;'>+++ b/www/privoxy/files/patch-ssl_common.h.diff
</span><span style='display:block; white-space:pre;background:#e0e0e0;'>@@ -0,0 +1,27 @@
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+--- ./ssl_common.h 2021-11-20 08:43:20.000000000 -0500
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++++ ./ssl_common.h 2021-11-20 08:48:53.000000000 -0500
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+@@ -32,8 +32,24 @@
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ #include "project.h"
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++/*
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ * Use ECC, i.e. OpenSSL EVP_PKEY_EC; otherwise use EVP_PKEY_RSA
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ */
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++#define USE_EVP_PKEY_EC
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++/*
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ * Use EVP_PKEY_RSA by default
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ */
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++#ifndef USE_EVP_PKEY_EC
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ #define RSA_KEY_PUBLIC_EXPONENT 65537 /* Public exponent for RSA private key generating */
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ #define RSA_KEYSIZE 2048 /* Size of generated RSA keys */
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++#else
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++/*
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ * See <openssl/obj_mac.h>
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++ */
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++#define EC_GROUP_NAME SN_secp384r1 /* EC group name */
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++#endif
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>++
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ #define ERROR_BUF_SIZE 1024 /* Size of buffer for error messages */
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ #define INVALID_CERT_INFO_BUF_SIZE 2048 /* Size of buffer for message with information about reason of certificate invalidity. Data after the end of buffer will not be saved */
</span><span style='display:block; white-space:pre;background:#e0ffe0;'>+ #define KEY_FILE_TYPE ".pem"
</span></pre><pre style='margin:0'>
</pre>