From 3c78b49ab5fe4bde6c0c97f83c85c9220fae2b5c Mon Sep 17 00:00:00 2001
From: Eneas U de Queiroz <cote2004-github@yahoo.com>
Date: Fri, 25 May 2018 09:24:27 -0300
Subject: [PATCH 1/2] chaosvpn: add compatibility with openssl 1.1

This patch has been merged upstream.

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
---
 net/chaosvpn/Makefile                         |   2 +-
 .../0001-OpenSSL-1.1.0-compile-fix.patch      | 148 ++++++++++++++++++
 2 files changed, 149 insertions(+), 1 deletion(-)
 create mode 100644 net/chaosvpn/patches/0001-OpenSSL-1.1.0-compile-fix.patch

diff --git a/net/chaosvpn/Makefile b/net/chaosvpn/Makefile
index 9035ade8f..dc906920c 100644
--- a/net/chaosvpn/Makefile
+++ b/net/chaosvpn/Makefile
@@ -11,7 +11,7 @@ PKG_NAME:=chaosvpn
 
 PKG_REV:=2eb24810b5aa0b2d56f21562e52927020dc3090a
 PKG_VERSION:=2014-01-24
-PKG_RELEASE=1
+PKG_RELEASE=2
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://github.com/ryd/chaosvpn.git
diff --git a/net/chaosvpn/patches/0001-OpenSSL-1.1.0-compile-fix.patch b/net/chaosvpn/patches/0001-OpenSSL-1.1.0-compile-fix.patch
new file mode 100644
index 000000000..44a644dd9
--- /dev/null
+++ b/net/chaosvpn/patches/0001-OpenSSL-1.1.0-compile-fix.patch
@@ -0,0 +1,148 @@
+From c842faae63b562acc7d989a9cdc815def9ee2ed6 Mon Sep 17 00:00:00 2001
+From: Sven-Haegar Koch <haegar@sdinet.de>
+Date: Wed, 2 Nov 2016 23:08:24 +0100
+Subject: [PATCH] OpenSSL 1.1.0 compile fix.
+
+---
+ crypto.c | 53 +++++++++++++++++++++++++++++++++++------------------
+ 1 file changed, 35 insertions(+), 18 deletions(-)
+
+diff --git a/crypto.c b/crypto.c
+index e476611..e8b72d3 100644
+--- a/crypto.c
++++ b/crypto.c
+@@ -46,6 +46,10 @@ openssl dgst \
+ 
+ */
+ 
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#define EVP_PKEY_get0_RSA(a) ((a)->pkey.rsa)
++#endif
++
+ EVP_PKEY *
+ crypto_load_key(const char *key, const bool is_private)
+ {
+@@ -80,7 +84,7 @@ crypto_rsa_verify_signature(struct string *databuffer, struct string *signature,
+ {
+ 	int err;
+ 	bool retval;
+-	EVP_MD_CTX md_ctx;
++	EVP_MD_CTX *md_ctx;
+ 	EVP_PKEY *pkey;
+ 
+ 	/* load public key into openssl structure */
+@@ -89,15 +93,22 @@ crypto_rsa_verify_signature(struct string *databuffer, struct string *signature,
+             log_err("crypto_verify_signature: key loading failed\n");
+             return false;
+         }
+-        
++
++        md_ctx = EVP_MD_CTX_create();
++        if (!md_ctx) {
++            log_err("crypto_verify_signature: md_ctx alloc failed\n");
++            return false;
++        }
++
+         /* Verify the signature */
+-        if (EVP_VerifyInit(&md_ctx, EVP_sha512()) != 1) {
++        if (EVP_VerifyInit(md_ctx, EVP_sha512()) != 1) {
+             log_err("crypto_verify_signature: libcrypto verify init failed\n");
++            EVP_MD_CTX_destroy(md_ctx);
+             EVP_PKEY_free(pkey);
+             return false;
+         }
+-        EVP_VerifyUpdate(&md_ctx, string_get(databuffer), string_length(databuffer));
+-        err = EVP_VerifyFinal(&md_ctx, (unsigned char*)string_get(signature), string_length(signature), pkey);
++        EVP_VerifyUpdate(md_ctx, string_get(databuffer), string_length(databuffer));
++        err = EVP_VerifyFinal(md_ctx, (unsigned char*)string_get(signature), string_length(signature), pkey);
+         EVP_PKEY_free(pkey);
+         
+         if (err != 1) {
+@@ -110,7 +121,7 @@ crypto_rsa_verify_signature(struct string *databuffer, struct string *signature,
+         retval = true;
+ 
+ bailout_ctx_cleanup:
+-        EVP_MD_CTX_cleanup(&md_ctx);
++        EVP_MD_CTX_destroy(md_ctx);
+ 
+         //log_info("Signature Verified Ok.\n");
+ 	return retval;
+@@ -146,7 +157,7 @@ crypto_rsa_decrypt(struct string *ciphertext, const char *privkey, struct string
+         len = RSA_private_decrypt(string_length(ciphertext),
+             (unsigned char*)string_get(ciphertext),
+             (unsigned char*)string_get(decrypted),
+-            pkey->pkey.rsa,
++            EVP_PKEY_get0_RSA(pkey),
+             RSA_PKCS1_OAEP_PADDING);
+         if (len >= 0) {
+             /* TODO: need cleaner way: */
+@@ -167,28 +178,33 @@ bool
+ crypto_aes_decrypt(struct string *ciphertext, struct string *aes_key, struct string *aes_iv, struct string *decrypted)
+ {
+     bool retval = false;
+-    EVP_CIPHER_CTX ctx;
++    EVP_CIPHER_CTX *ctx;
+     int decryptspace;
+     int decryptdone;
+ 
+-    EVP_CIPHER_CTX_init(&ctx);
+-    if (!EVP_DecryptInit_ex(&ctx, EVP_aes_256_cbc(), NULL,
++    ctx = EVP_CIPHER_CTX_new();
++    if (!ctx) {
++        log_err("crypto_aes_decrypt: ctx alloc failed\n");
++        goto bail_out;
++    }
++
++    if (!EVP_DecryptInit_ex(ctx, EVP_aes_256_cbc(), NULL,
+         (unsigned char *)string_get(aes_key),
+         (unsigned char *)string_get(aes_iv))) {
+         log_err("crypto_aes_decrypt: init failed\n");
+         ERR_print_errors_fp(stderr);
+         goto bail_out;
+     }
+-    EVP_CIPHER_CTX_set_padding(&ctx, 1);
++    EVP_CIPHER_CTX_set_padding(ctx, 1);
+     
+-    if (string_length(aes_key) != EVP_CIPHER_CTX_key_length(&ctx)) {
++    if (string_length(aes_key) != EVP_CIPHER_CTX_key_length(ctx)) {
+         log_err("crypto_aes_decrypt: invalid key size (%" PRIuPTR " vs expected %d)\n",
+-                string_length(aes_key), EVP_CIPHER_CTX_key_length(&ctx));
++                string_length(aes_key), EVP_CIPHER_CTX_key_length(ctx));
+         goto bail_out;
+     }
+-    if (string_length(aes_iv) != EVP_CIPHER_CTX_iv_length(&ctx)) {
++    if (string_length(aes_iv) != EVP_CIPHER_CTX_iv_length(ctx)) {
+         log_err("crypto_aes_decrypt: invalid iv size (%" PRIuPTR " vs expected %d)\n",
+-                string_length(aes_iv), EVP_CIPHER_CTX_iv_length(&ctx));
++                string_length(aes_iv), EVP_CIPHER_CTX_iv_length(ctx));
+         goto bail_out;
+     }
+ 
+@@ -201,7 +217,7 @@ crypto_aes_decrypt(struct string *ciphertext, struct string *aes_key, struct str
+         goto bail_out;
+     }
+     
+-    if (EVP_DecryptUpdate(&ctx, (unsigned char*)string_get(decrypted),
++    if (EVP_DecryptUpdate(ctx, (unsigned char*)string_get(decrypted),
+             &decryptdone, (unsigned char*)string_get(ciphertext),
+             string_length(ciphertext))) {
+         /* TODO: need cleaner way: */
+@@ -212,7 +228,7 @@ crypto_aes_decrypt(struct string *ciphertext, struct string *aes_key, struct str
+         goto bail_out;
+     }
+     
+-    if (EVP_DecryptFinal_ex(&ctx,
++    if (EVP_DecryptFinal_ex(ctx,
+             (unsigned char*)string_get(decrypted)+string_length(decrypted),
+             &decryptdone)) {
+         /* TODO: need cleaner way: */
+@@ -226,7 +242,8 @@ crypto_aes_decrypt(struct string *ciphertext, struct string *aes_key, struct str
+     retval = true;
+ 
+ bail_out:
+-    EVP_CIPHER_CTX_cleanup(&ctx);
++    if (ctx)
++        EVP_CIPHER_CTX_free(ctx);
+     return retval;
+ }
+ 

From 59563c7040d7bac89b84ac6a7dde08ae8c193d1e Mon Sep 17 00:00:00 2001
From: Eneas U de Queiroz <cote2004-github@yahoo.com>
Date: Mon, 4 Jun 2018 15:16:24 -0300
Subject: [PATCH 2/2] chaosvpn: changed 'ip' program location to /sbin/ip

This was previously set to /usr/sbin/ip.

Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
---
 net/chaosvpn/Makefile | 1 -
 1 file changed, 1 deletion(-)

diff --git a/net/chaosvpn/Makefile b/net/chaosvpn/Makefile
index dc906920c..a98564555 100644
--- a/net/chaosvpn/Makefile
+++ b/net/chaosvpn/Makefile
@@ -49,7 +49,6 @@ define Package/chaosvpn/install
 		$(INSTALL_BIN) $(PKG_BUILD_DIR)/chaosvpn $(1)/usr/sbin/
 		$(INSTALL_BIN) ./files/chaosvpn.init $(1)/etc/init.d/chaosvpn
 		$(INSTALL_BIN) ./files/chaosvpn.hotplug $(1)/etc/hotplug.d/iface/40-chaosvpn
-		sed  -i -e 's/"\/sbin\/ip /"\/usr\/sbin\/ip /' $(PKG_BUILD_DIR)/chaosvpn.conf
 		$(INSTALL_CONF) $(PKG_BUILD_DIR)/chaosvpn.conf $(1)/etc/tinc/chaosvpn.conf
 endef