Browse Source

Merge pull request #6128 from cotequeiroz/chaosvpn_openssl-1.1

chaosvpn: add compatibility with openssl 1.1
lilik-openwrt-22.03
Hannu Nyman 7 years ago
committed by GitHub
parent
commit
f837e8c4c7
No known key found for this signature in database GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 149 additions and 2 deletions
  1. +1
    -2
      net/chaosvpn/Makefile
  2. +148
    -0
      net/chaosvpn/patches/0001-OpenSSL-1.1.0-compile-fix.patch

+ 1
- 2
net/chaosvpn/Makefile View File

@ -11,7 +11,7 @@ PKG_NAME:=chaosvpn
PKG_REV:=2eb24810b5aa0b2d56f21562e52927020dc3090a
PKG_VERSION:=2014-01-24
PKG_RELEASE=1
PKG_RELEASE=2
PKG_SOURCE_PROTO:=git
PKG_SOURCE_URL:=https://github.com/ryd/chaosvpn.git
@ -49,7 +49,6 @@ define Package/chaosvpn/install
$(INSTALL_BIN) $(PKG_BUILD_DIR)/chaosvpn $(1)/usr/sbin/
$(INSTALL_BIN) ./files/chaosvpn.init $(1)/etc/init.d/chaosvpn
$(INSTALL_BIN) ./files/chaosvpn.hotplug $(1)/etc/hotplug.d/iface/40-chaosvpn
sed -i -e 's/"\/sbin\/ip /"\/usr\/sbin\/ip /' $(PKG_BUILD_DIR)/chaosvpn.conf
$(INSTALL_CONF) $(PKG_BUILD_DIR)/chaosvpn.conf $(1)/etc/tinc/chaosvpn.conf
endef


+ 148
- 0
net/chaosvpn/patches/0001-OpenSSL-1.1.0-compile-fix.patch View File

@ -0,0 +1,148 @@
From c842faae63b562acc7d989a9cdc815def9ee2ed6 Mon Sep 17 00:00:00 2001
From: Sven-Haegar Koch <haegar@sdinet.de>
Date: Wed, 2 Nov 2016 23:08:24 +0100
Subject: [PATCH] OpenSSL 1.1.0 compile fix.
---
crypto.c | 53 +++++++++++++++++++++++++++++++++++------------------
1 file changed, 35 insertions(+), 18 deletions(-)
diff --git a/crypto.c b/crypto.c
index e476611..e8b72d3 100644
--- a/crypto.c
+++ b/crypto.c
@@ -46,6 +46,10 @@ openssl dgst \
*/
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#define EVP_PKEY_get0_RSA(a) ((a)->pkey.rsa)
+#endif
+
EVP_PKEY *
crypto_load_key(const char *key, const bool is_private)
{
@@ -80,7 +84,7 @@ crypto_rsa_verify_signature(struct string *databuffer, struct string *signature,
{
int err;
bool retval;
- EVP_MD_CTX md_ctx;
+ EVP_MD_CTX *md_ctx;
EVP_PKEY *pkey;
/* load public key into openssl structure */
@@ -89,15 +93,22 @@ crypto_rsa_verify_signature(struct string *databuffer, struct string *signature,
log_err("crypto_verify_signature: key loading failed\n");
return false;
}
-
+
+ md_ctx = EVP_MD_CTX_create();
+ if (!md_ctx) {
+ log_err("crypto_verify_signature: md_ctx alloc failed\n");
+ return false;
+ }
+
/* Verify the signature */
- if (EVP_VerifyInit(&md_ctx, EVP_sha512()) != 1) {
+ if (EVP_VerifyInit(md_ctx, EVP_sha512()) != 1) {
log_err("crypto_verify_signature: libcrypto verify init failed\n");
+ EVP_MD_CTX_destroy(md_ctx);
EVP_PKEY_free(pkey);
return false;
}
- EVP_VerifyUpdate(&md_ctx, string_get(databuffer), string_length(databuffer));
- err = EVP_VerifyFinal(&md_ctx, (unsigned char*)string_get(signature), string_length(signature), pkey);
+ EVP_VerifyUpdate(md_ctx, string_get(databuffer), string_length(databuffer));
+ err = EVP_VerifyFinal(md_ctx, (unsigned char*)string_get(signature), string_length(signature), pkey);
EVP_PKEY_free(pkey);
if (err != 1) {
@@ -110,7 +121,7 @@ crypto_rsa_verify_signature(struct string *databuffer, struct string *signature,
retval = true;
bailout_ctx_cleanup:
- EVP_MD_CTX_cleanup(&md_ctx);
+ EVP_MD_CTX_destroy(md_ctx);
//log_info("Signature Verified Ok.\n");
return retval;
@@ -146,7 +157,7 @@ crypto_rsa_decrypt(struct string *ciphertext, const char *privkey, struct string
len = RSA_private_decrypt(string_length(ciphertext),
(unsigned char*)string_get(ciphertext),
(unsigned char*)string_get(decrypted),
- pkey->pkey.rsa,
+ EVP_PKEY_get0_RSA(pkey),
RSA_PKCS1_OAEP_PADDING);
if (len >= 0) {
/* TODO: need cleaner way: */
@@ -167,28 +178,33 @@ bool
crypto_aes_decrypt(struct string *ciphertext, struct string *aes_key, struct string *aes_iv, struct string *decrypted)
{
bool retval = false;
- EVP_CIPHER_CTX ctx;
+ EVP_CIPHER_CTX *ctx;
int decryptspace;
int decryptdone;
- EVP_CIPHER_CTX_init(&ctx);
- if (!EVP_DecryptInit_ex(&ctx, EVP_aes_256_cbc(), NULL,
+ ctx = EVP_CIPHER_CTX_new();
+ if (!ctx) {
+ log_err("crypto_aes_decrypt: ctx alloc failed\n");
+ goto bail_out;
+ }
+
+ if (!EVP_DecryptInit_ex(ctx, EVP_aes_256_cbc(), NULL,
(unsigned char *)string_get(aes_key),
(unsigned char *)string_get(aes_iv))) {
log_err("crypto_aes_decrypt: init failed\n");
ERR_print_errors_fp(stderr);
goto bail_out;
}
- EVP_CIPHER_CTX_set_padding(&ctx, 1);
+ EVP_CIPHER_CTX_set_padding(ctx, 1);
- if (string_length(aes_key) != EVP_CIPHER_CTX_key_length(&ctx)) {
+ if (string_length(aes_key) != EVP_CIPHER_CTX_key_length(ctx)) {
log_err("crypto_aes_decrypt: invalid key size (%" PRIuPTR " vs expected %d)\n",
- string_length(aes_key), EVP_CIPHER_CTX_key_length(&ctx));
+ string_length(aes_key), EVP_CIPHER_CTX_key_length(ctx));
goto bail_out;
}
- if (string_length(aes_iv) != EVP_CIPHER_CTX_iv_length(&ctx)) {
+ if (string_length(aes_iv) != EVP_CIPHER_CTX_iv_length(ctx)) {
log_err("crypto_aes_decrypt: invalid iv size (%" PRIuPTR " vs expected %d)\n",
- string_length(aes_iv), EVP_CIPHER_CTX_iv_length(&ctx));
+ string_length(aes_iv), EVP_CIPHER_CTX_iv_length(ctx));
goto bail_out;
}
@@ -201,7 +217,7 @@ crypto_aes_decrypt(struct string *ciphertext, struct string *aes_key, struct str
goto bail_out;
}
- if (EVP_DecryptUpdate(&ctx, (unsigned char*)string_get(decrypted),
+ if (EVP_DecryptUpdate(ctx, (unsigned char*)string_get(decrypted),
&decryptdone, (unsigned char*)string_get(ciphertext),
string_length(ciphertext))) {
/* TODO: need cleaner way: */
@@ -212,7 +228,7 @@ crypto_aes_decrypt(struct string *ciphertext, struct string *aes_key, struct str
goto bail_out;
}
- if (EVP_DecryptFinal_ex(&ctx,
+ if (EVP_DecryptFinal_ex(ctx,
(unsigned char*)string_get(decrypted)+string_length(decrypted),
&decryptdone)) {
/* TODO: need cleaner way: */
@@ -226,7 +242,8 @@ crypto_aes_decrypt(struct string *ciphertext, struct string *aes_key, struct str
retval = true;
bail_out:
- EVP_CIPHER_CTX_cleanup(&ctx);
+ if (ctx)
+ EVP_CIPHER_CTX_free(ctx);
return retval;
}

Loading…
Cancel
Save