diff --git a/net/chaosvpn/Makefile b/net/chaosvpn/Makefile index 9035ade8f..dc906920c 100644 --- a/net/chaosvpn/Makefile +++ b/net/chaosvpn/Makefile @@ -11,7 +11,7 @@ PKG_NAME:=chaosvpn PKG_REV:=2eb24810b5aa0b2d56f21562e52927020dc3090a PKG_VERSION:=2014-01-24 -PKG_RELEASE=1 +PKG_RELEASE=2 PKG_SOURCE_PROTO:=git PKG_SOURCE_URL:=https://github.com/ryd/chaosvpn.git diff --git a/net/chaosvpn/patches/0001-OpenSSL-1.1.0-compile-fix.patch b/net/chaosvpn/patches/0001-OpenSSL-1.1.0-compile-fix.patch new file mode 100644 index 000000000..44a644dd9 --- /dev/null +++ b/net/chaosvpn/patches/0001-OpenSSL-1.1.0-compile-fix.patch @@ -0,0 +1,148 @@ +From c842faae63b562acc7d989a9cdc815def9ee2ed6 Mon Sep 17 00:00:00 2001 +From: Sven-Haegar Koch +Date: Wed, 2 Nov 2016 23:08:24 +0100 +Subject: [PATCH] OpenSSL 1.1.0 compile fix. + +--- + crypto.c | 53 +++++++++++++++++++++++++++++++++++------------------ + 1 file changed, 35 insertions(+), 18 deletions(-) + +diff --git a/crypto.c b/crypto.c +index e476611..e8b72d3 100644 +--- a/crypto.c ++++ b/crypto.c +@@ -46,6 +46,10 @@ openssl dgst \ + + */ + ++#if OPENSSL_VERSION_NUMBER < 0x10100000L ++#define EVP_PKEY_get0_RSA(a) ((a)->pkey.rsa) ++#endif ++ + EVP_PKEY * + crypto_load_key(const char *key, const bool is_private) + { +@@ -80,7 +84,7 @@ crypto_rsa_verify_signature(struct string *databuffer, struct string *signature, + { + int err; + bool retval; +- EVP_MD_CTX md_ctx; ++ EVP_MD_CTX *md_ctx; + EVP_PKEY *pkey; + + /* load public key into openssl structure */ +@@ -89,15 +93,22 @@ crypto_rsa_verify_signature(struct string *databuffer, struct string *signature, + log_err("crypto_verify_signature: key loading failed\n"); + return false; + } +- ++ ++ md_ctx = EVP_MD_CTX_create(); ++ if (!md_ctx) { ++ log_err("crypto_verify_signature: md_ctx alloc failed\n"); ++ return false; ++ } ++ + /* Verify the signature */ +- if (EVP_VerifyInit(&md_ctx, EVP_sha512()) != 1) { ++ if (EVP_VerifyInit(md_ctx, EVP_sha512()) != 1) { + log_err("crypto_verify_signature: libcrypto verify init failed\n"); ++ EVP_MD_CTX_destroy(md_ctx); + EVP_PKEY_free(pkey); + return false; + } +- EVP_VerifyUpdate(&md_ctx, string_get(databuffer), string_length(databuffer)); +- err = EVP_VerifyFinal(&md_ctx, (unsigned char*)string_get(signature), string_length(signature), pkey); ++ EVP_VerifyUpdate(md_ctx, string_get(databuffer), string_length(databuffer)); ++ err = EVP_VerifyFinal(md_ctx, (unsigned char*)string_get(signature), string_length(signature), pkey); + EVP_PKEY_free(pkey); + + if (err != 1) { +@@ -110,7 +121,7 @@ crypto_rsa_verify_signature(struct string *databuffer, struct string *signature, + retval = true; + + bailout_ctx_cleanup: +- EVP_MD_CTX_cleanup(&md_ctx); ++ EVP_MD_CTX_destroy(md_ctx); + + //log_info("Signature Verified Ok.\n"); + return retval; +@@ -146,7 +157,7 @@ crypto_rsa_decrypt(struct string *ciphertext, const char *privkey, struct string + len = RSA_private_decrypt(string_length(ciphertext), + (unsigned char*)string_get(ciphertext), + (unsigned char*)string_get(decrypted), +- pkey->pkey.rsa, ++ EVP_PKEY_get0_RSA(pkey), + RSA_PKCS1_OAEP_PADDING); + if (len >= 0) { + /* TODO: need cleaner way: */ +@@ -167,28 +178,33 @@ bool + crypto_aes_decrypt(struct string *ciphertext, struct string *aes_key, struct string *aes_iv, struct string *decrypted) + { + bool retval = false; +- EVP_CIPHER_CTX ctx; ++ EVP_CIPHER_CTX *ctx; + int decryptspace; + int decryptdone; + +- EVP_CIPHER_CTX_init(&ctx); +- if (!EVP_DecryptInit_ex(&ctx, EVP_aes_256_cbc(), NULL, ++ ctx = EVP_CIPHER_CTX_new(); ++ if (!ctx) { ++ log_err("crypto_aes_decrypt: ctx alloc failed\n"); ++ goto bail_out; ++ } ++ ++ if (!EVP_DecryptInit_ex(ctx, EVP_aes_256_cbc(), NULL, + (unsigned char *)string_get(aes_key), + (unsigned char *)string_get(aes_iv))) { + log_err("crypto_aes_decrypt: init failed\n"); + ERR_print_errors_fp(stderr); + goto bail_out; + } +- EVP_CIPHER_CTX_set_padding(&ctx, 1); ++ EVP_CIPHER_CTX_set_padding(ctx, 1); + +- if (string_length(aes_key) != EVP_CIPHER_CTX_key_length(&ctx)) { ++ if (string_length(aes_key) != EVP_CIPHER_CTX_key_length(ctx)) { + log_err("crypto_aes_decrypt: invalid key size (%" PRIuPTR " vs expected %d)\n", +- string_length(aes_key), EVP_CIPHER_CTX_key_length(&ctx)); ++ string_length(aes_key), EVP_CIPHER_CTX_key_length(ctx)); + goto bail_out; + } +- if (string_length(aes_iv) != EVP_CIPHER_CTX_iv_length(&ctx)) { ++ if (string_length(aes_iv) != EVP_CIPHER_CTX_iv_length(ctx)) { + log_err("crypto_aes_decrypt: invalid iv size (%" PRIuPTR " vs expected %d)\n", +- string_length(aes_iv), EVP_CIPHER_CTX_iv_length(&ctx)); ++ string_length(aes_iv), EVP_CIPHER_CTX_iv_length(ctx)); + goto bail_out; + } + +@@ -201,7 +217,7 @@ crypto_aes_decrypt(struct string *ciphertext, struct string *aes_key, struct str + goto bail_out; + } + +- if (EVP_DecryptUpdate(&ctx, (unsigned char*)string_get(decrypted), ++ if (EVP_DecryptUpdate(ctx, (unsigned char*)string_get(decrypted), + &decryptdone, (unsigned char*)string_get(ciphertext), + string_length(ciphertext))) { + /* TODO: need cleaner way: */ +@@ -212,7 +228,7 @@ crypto_aes_decrypt(struct string *ciphertext, struct string *aes_key, struct str + goto bail_out; + } + +- if (EVP_DecryptFinal_ex(&ctx, ++ if (EVP_DecryptFinal_ex(ctx, + (unsigned char*)string_get(decrypted)+string_length(decrypted), + &decryptdone)) { + /* TODO: need cleaner way: */ +@@ -226,7 +242,8 @@ crypto_aes_decrypt(struct string *ciphertext, struct string *aes_key, struct str + retval = true; + + bail_out: +- EVP_CIPHER_CTX_cleanup(&ctx); ++ if (ctx) ++ EVP_CIPHER_CTX_free(ctx); + return retval; + } +