Attachment #196646 for bug #230978

View | Details | Raw Unified | Return to bug 230978
Collapse All | Expand All

Lines 3-12 Link Here

(-)zxid/Makefile (-1 / +2 lines)
3		3
4	PORTNAME= zxid	4	PORTNAME= zxid
5	PORTVERSION= 1.42	5	PORTVERSION= 1.42
		6	PORTREVISION= 1
6	CATEGORIES= security www	7	CATEGORIES= security www
7	MASTER_SITES= http://zxid.org/	8	MASTER_SITES= http://zxid.org/
8		9
9	MAINTAINER= ports@FreeBSD.org	10	MAINTAINER= admins@perceptyx.com
10	COMMENT= Open Source IdM for the Masses - SAML SSO	11	COMMENT= Open Source IdM for the Masses - SAML SSO
11		12
12	LICENSE= E2ETA	13	LICENSE= E2ETA




--- errmac.h.orig	2016-02-29 00:16:50 UTC
+++ errmac.h
@@ -483,9 +483,17 @@ extern FILE* errmac_debug_log;    /* Def
 #define DD_XML_BLOB(cf, lk, len, xml) /* Documentative */
 
 int hexdmp(const char* msg, const void* p, int len, int max);
+#if __FreeBSD__
+int hexdump_zxid(const char* msg, const void* p, const void* lim, int max);
+#else 
 int hexdump(const char* msg, const void* p, const void* lim, int max);
+#endif
 
+#if __FreeBSD__
+#define HEXDUMP(msg, p, lim, max) if ((errmac_debug&ERRMAC_DEBUG_MASK) > 1) hexdump_zxid((msg), (p), (lim), (max))
+#else 
 #define HEXDUMP(msg, p, lim, max) if ((errmac_debug&ERRMAC_DEBUG_MASK) > 1) hexdump((msg), (p), (lim), (max))
+#endif
 #define DHEXDUMP(msg, p, lim, max) /* Disabled hex dump */
 
 #define DUMP_CORE() ASSERT(0)





--- zxsig.c.orig	2016-02-29 00:16:50 UTC
+++ zxsig.c
@@ -887,8 +887,13 @@ int zx_report_openssl_err(const char* lo
 #endif
 
   D("%s: len=%d data(%.*s)", lk, len, len, data);
+#if __FreeBSD__
+  D("%s: data above %d", lk, hexdump_zxid("data: ", data, data+len, 4096));
+  D("%s: digest above %d", lk, hexdump_zxid("digest: ", mdbuf, mdbuf+mdlen, 64));
+#else
   D("%s: data above %d", lk, hexdump("data: ", data, data+len, 4096));
   D("%s: digest above %d", lk, hexdump("digest: ", mdbuf, mdbuf+mdlen, 64));
+#endif
 
   if (!priv_key) {
     ERR(priv_key_missing_msg, geteuid(), getegid());
@@ -906,7 +911,11 @@ int zx_report_openssl_err(const char* lo
     if (RSA_sign(EVP_MD_type(evp_digest), mdbuf, mdlen, (unsigned char*)*sig, (unsigned int*)&len, rsa)) {
       DD("data = %s, SHA1 sig = %s, siglen = %d", data, *sig, len);
       D("RSA siglen = %d", len);
+#if __FreeBSD__
+      D("%s: sig above %d", lk, hexdump_zxid("sig: ", *sig, *sig+len, 1024));
+#else
       D("%s: sig above %d", lk, hexdump("sig: ", *sig, *sig+len, 1024));
+#endif
       return len;
     }
 #else
@@ -1042,9 +1051,15 @@ int zxsig_verify_data(int len, char* dat
   else if (!strcmp(mdalg, "SHA512")) { SHA512((unsigned char*)data, len, mdbuf); nid = NID_sha512; }
   else { SHA1((unsigned char*)data, len, mdbuf); nid = NID_sha1; }
 #endif
+#if __FreeBSD__
+  D("%s: vfy data len=%d above %d", lk, len, hexdump_zxid("data: ", data, data+len, 8192));
+  D("%s: vfy sig above %d",  lk, hexdump_zxid("sig: ",  sig,  sig+siglen, 8192));
+  D("%s: vfy md above %d", lk, hexdump_zxid("md: ", mdbuf, mdbuf+64, 64));
+#else
   D("%s: vfy data len=%d above %d", lk, len, hexdump("data: ", data, data+len, 8192));
   D("%s: vfy sig above %d",  lk, hexdump("sig: ",  sig,  sig+siglen, 8192));
   D("%s: vfy md above %d", lk, hexdump("md: ", mdbuf, mdbuf+64, 64));
+#endif
   
   evp_pubk = X509_get_pubkey(cert);
   if (!evp_pubk) {
@@ -1080,7 +1095,11 @@ int zxsig_verify_data(int len, char* dat
     if (!verdict) {
       ERR("RSA signature verify in %s data failed. Perhaps you have bad or no certificate(%p) len=%d data=%p siglen=%d sig=%p", lk, cert, len, data, siglen, sig);
       zx_report_openssl_err(lk);
+#if __FreeBSD__
+      D("RSA_vfy(%s) bad sig above %d",  lk, hexdump_zxid("sig: ",  sig,  sig+siglen, 4096));
+#else
       D("RSA_vfy(%s) bad sig above %d",  lk, hexdump("sig: ",  sig,  sig+siglen, 4096));
+#endif
       return ZXSIG_VFY_FAIL;
     } else {
       D("RSA verify OK %d", verdict);
@@ -1115,7 +1134,11 @@ int zxsig_verify_data(int len, char* dat
     if (!verdict) {
       ERR("DSA signature verify in %s data failed. Perhaps you have bad or no certificate(%p) len=%d data=%p siglen=%d sig=%p", lk, cert, len, data, siglen, sig);
       zx_report_openssl_err(lk);
+#if __FreeBSD__
+      D("DSA_vfy(%s) sig above %d",  lk, hexdump_zxid("sig: ",  sig,  sig+siglen, 4096));
+#else
       D("DSA_vfy(%s) sig above %d",  lk, hexdump("sig: ",  sig,  sig+siglen, 4096));
+#endif
       return ZXSIG_VFY_FAIL;
     } else {
       D("DSA verify OK %d", verdict);





--- zxutil.c.orig	2018-08-06 01:37:42 UTC
+++ zxutil.c
@@ -681,7 +681,7 @@ linkrest:
 /*() Output a hexdump to stderr. Used for debugging purposes. */
 
 /* Called by: */
-int hexdump(const char* msg, const void* data, const void* lim, int max)
+int hexdump_zxid(const char* msg, const void* data, const void* lim, int max)
 {
   int i;
   const char* p = (const char*)data;
@@ -720,7 +720,7 @@ int hexdump(const char* msg, const void*
 
 /* Called by:  zx_get_symkey, zx_raw_cipher2 x4, zxbus_verify_receipt x2, zxsig_validate x19 */
 int hexdmp(const char* msg, const void* p, int len, int max) {
-  return hexdump(msg, p, p+len, max);
+  return hexdump_zxid(msg, p, p+len, max);
 }
 
 /*


Return to bug 230978

Line 0 Link Here

(-)zxid/files/patch-errmac.h (+21 lines)
	1	--- errmac.h.orig 2016-02-29 00:16:50 UTC
	2	+++ errmac.h
	3	@@ -483,9 +483,17 @@ extern FILE* errmac_debug_log; /* Def
	4	#define DD_XML_BLOB(cf, lk, len, xml) /* Documentative */
	5
	6	int hexdmp(const char* msg, const void* p, int len, int max);
	7	+#if __FreeBSD__
	8	+int hexdump_zxid(const char* msg, const void* p, const void* lim, int max);
	9	+#else
	10	int hexdump(const char* msg, const void* p, const void* lim, int max);
	11	+#endif
	12
	13	+#if __FreeBSD__
	14	+#define HEXDUMP(msg, p, lim, max) if ((errmac_debug&ERRMAC_DEBUG_MASK) > 1) hexdump_zxid((msg), (p), (lim), (max))
	15	+#else
	16	#define HEXDUMP(msg, p, lim, max) if ((errmac_debug&ERRMAC_DEBUG_MASK) > 1) hexdump((msg), (p), (lim), (max))
	17	+#endif
	18	#define DHEXDUMP(msg, p, lim, max) /* Disabled hex dump */
	19
	20	#define DUMP_CORE() ASSERT(0)
	21

Line 0 Link Here

(-)zxid/files/patch-zxsig.c (+69 lines)
		1	--- zxsig.c.orig 2016-02-29 00:16:50 UTC
		2	+++ zxsig.c
		3	@@ -887,8 +887,13 @@ int zx_report_openssl_err(const char* lo
		4	#endif
		5
		6	D("%s: len=%d data(%.*s)", lk, len, len, data);
		7	+#if __FreeBSD__
		8	+ D("%s: data above %d", lk, hexdump_zxid("data: ", data, data+len, 4096));
		9	+ D("%s: digest above %d", lk, hexdump_zxid("digest: ", mdbuf, mdbuf+mdlen, 64));
		10	+#else
		11	D("%s: data above %d", lk, hexdump("data: ", data, data+len, 4096));
		12	D("%s: digest above %d", lk, hexdump("digest: ", mdbuf, mdbuf+mdlen, 64));
		13	+#endif
		14
		15	if (!priv_key) {
		16	ERR(priv_key_missing_msg, geteuid(), getegid());
		17	@@ -906,7 +911,11 @@ int zx_report_openssl_err(const char* lo
		18	if (RSA_sign(EVP_MD_type(evp_digest), mdbuf, mdlen, (unsigned char)sig, (unsigned int*)&len, rsa)) {
		19	DD("data = %s, SHA1 sig = %s, siglen = %d", data, *sig, len);
		20	D("RSA siglen = %d", len);
		21	+#if __FreeBSD__
		22	+ D("%s: sig above %d", lk, hexdump_zxid("sig: ", sig, sig+len, 1024));
		23	+#else
		24	D("%s: sig above %d", lk, hexdump("sig: ", sig, sig+len, 1024));
		25	+#endif
		26	return len;
		27	}
		28	#else
		29	@@ -1042,9 +1051,15 @@ int zxsig_verify_data(int len, char* dat
		30	else if (!strcmp(mdalg, "SHA512")) { SHA512((unsigned char*)data, len, mdbuf); nid = NID_sha512; }
		31	else { SHA1((unsigned char*)data, len, mdbuf); nid = NID_sha1; }
		32	#endif
		33	+#if __FreeBSD__
		34	+ D("%s: vfy data len=%d above %d", lk, len, hexdump_zxid("data: ", data, data+len, 8192));
		35	+ D("%s: vfy sig above %d", lk, hexdump_zxid("sig: ", sig, sig+siglen, 8192));
		36	+ D("%s: vfy md above %d", lk, hexdump_zxid("md: ", mdbuf, mdbuf+64, 64));
		37	+#else
		38	D("%s: vfy data len=%d above %d", lk, len, hexdump("data: ", data, data+len, 8192));
		39	D("%s: vfy sig above %d", lk, hexdump("sig: ", sig, sig+siglen, 8192));
		40	D("%s: vfy md above %d", lk, hexdump("md: ", mdbuf, mdbuf+64, 64));
		41	+#endif
		42
		43	evp_pubk = X509_get_pubkey(cert);
		44	if (!evp_pubk) {
		45	@@ -1080,7 +1095,11 @@ int zxsig_verify_data(int len, char* dat
		46	if (!verdict) {
		47	ERR("RSA signature verify in %s data failed. Perhaps you have bad or no certificate(%p) len=%d data=%p siglen=%d sig=%p", lk, cert, len, data, siglen, sig);
		48	zx_report_openssl_err(lk);
		49	+#if __FreeBSD__
		50	+ D("RSA_vfy(%s) bad sig above %d", lk, hexdump_zxid("sig: ", sig, sig+siglen, 4096));
		51	+#else
		52	D("RSA_vfy(%s) bad sig above %d", lk, hexdump("sig: ", sig, sig+siglen, 4096));
		53	+#endif
		54	return ZXSIG_VFY_FAIL;
		55	} else {
		56	D("RSA verify OK %d", verdict);
		57	@@ -1115,7 +1134,11 @@ int zxsig_verify_data(int len, char* dat
		58	if (!verdict) {
		59	ERR("DSA signature verify in %s data failed. Perhaps you have bad or no certificate(%p) len=%d data=%p siglen=%d sig=%p", lk, cert, len, data, siglen, sig);
		60	zx_report_openssl_err(lk);
		61	+#if __FreeBSD__
		62	+ D("DSA_vfy(%s) sig above %d", lk, hexdump_zxid("sig: ", sig, sig+siglen, 4096));
		63	+#else
		64	D("DSA_vfy(%s) sig above %d", lk, hexdump("sig: ", sig, sig+siglen, 4096));
65	+#endif
66	return ZXSIG_VFY_FAIL;
67	} else {
68	D("DSA verify OK %d", verdict);
69

Line 0 Link Here

(-)zxid/files/patch-zxutil.c (+21 lines)
	1	--- zxutil.c.orig 2018-08-06 01:37:42 UTC
	2	+++ zxutil.c
	3	@@ -681,7 +681,7 @@ linkrest:
	4	/() Output a hexdump to stderr. Used for debugging purposes. /
	5
	6	/* Called by: */
	7	-int hexdump(const char* msg, const void* data, const void* lim, int max)
	8	+int hexdump_zxid(const char* msg, const void* data, const void* lim, int max)
	9	{
	10	int i;
	11	const char* p = (const char*)data;
	12	@@ -720,7 +720,7 @@ int hexdump(const char* msg, const void*
	13
	14	/* Called by: zx_get_symkey, zx_raw_cipher2 x4, zxbus_verify_receipt x2, zxsig_validate x19 */
	15	int hexdmp(const char* msg, const void* p, int len, int max) {
	16	- return hexdump(msg, p, p+len, max);
	17	+ return hexdump_zxid(msg, p, p+len, max);
	18	}
	19
	20	/*
	21