openwrt/packages
1
0
Fork 0
mirror of https://github.com/coolsnowwolf/packages.git synced 2025-05-02 09:49:42 +08:00
Code Issues Packages Projects Releases Wiki Activity

strongswan: update to 5.9.13 (#740)

Browse Source
This commit is contained in:
Frank-pv 2023-12-21 18:20:17 +08:00 committed by GitHub
parent a6bbc6b2f8
commit 00242d67b9
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 206 additions and 121 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
net/strongswan/Makefile
View File

@ -8,12 +8,12 @@
include $(TOPDIR)/rules.mk include $(TOPDIR)/rules.mk
PKG_NAME:=strongswan PKG_NAME:=strongswan
PKG_VERSION:=5.9.5 PKG_VERSION:=5.9.13
PKG_RELEASE:=$(AUTORELEASE) PKG_RELEASE:=$(AUTORELEASE)
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
PKG_SOURCE_URL:=https://download.strongswan.org/ https://download2.strongswan.org/ PKG_SOURCE_URL:=https://download.strongswan.org/ https://download2.strongswan.org/
PKG_HASH:=983e4ef4a4c6c9d69f5fe6707c7fe0b2b9a9291943bbf4e008faab6bf91c0bdd PKG_HASH:=56e30effb578fd9426d8457e3b76c8c3728cd8a5589594b55649b2719308ba55
PKG_LICENSE:=GPL-2.0-or-later PKG_LICENSE:=GPL-2.0-or-later
PKG_MAINTAINER:=Philip Prindeville <philipp@redfish-solutions.com>, Noel Kuntze <noel.kuntze@thermi.consulting> PKG_MAINTAINER:=Philip Prindeville <philipp@redfish-solutions.com>, Noel Kuntze <noel.kuntze@thermi.consulting>
PKG_CPE_ID:=cpe:/a:strongswan:strongswan PKG_CPE_ID:=cpe:/a:strongswan:strongswan

251
net/strongswan/files/swanctl.init
View File

@ -63,9 +63,12 @@ file_reset() {
xappend() { xappend() {
local file="$1" local file="$1"
shift local indent="$2"
shift 2
echo "$@" >> "$file" for cmd in "$@"; do
echo "$indent$cmd" >> "$file"
done
} }
swan_reset() { swan_reset() {
@ -77,23 +80,23 @@ swan_xappend() {
} }
swan_xappend0() { swan_xappend0() {
swan_xappend "$@" swan_xappend "" "$@"
} }
swan_xappend1() { swan_xappend1() {
swan_xappend " ""$@" swan_xappend " " "$@"
} }
swan_xappend2() { swan_xappend2() {
swan_xappend " ""$@" swan_xappend " " "$@"
} }
swan_xappend3() { swan_xappend3() {
swan_xappend " ""$@" swan_xappend " " "$@"
} }
swan_xappend4() { swan_xappend4() {
swan_xappend " ""$@" swan_xappend " " "$@"
} }
swanctl_reset() { swanctl_reset() {
@ -105,23 +108,23 @@ swanctl_xappend() {
} }
swanctl_xappend0() { swanctl_xappend0() {
swanctl_xappend "$@" swanctl_xappend "" "$@"
} }
swanctl_xappend1() { swanctl_xappend1() {
swanctl_xappend " ""$@" swanctl_xappend " " "$@"
} }
swanctl_xappend2() { swanctl_xappend2() {
swanctl_xappend " ""$@" swanctl_xappend " " "$@"
} }
swanctl_xappend3() { swanctl_xappend3() {
swanctl_xappend " ""$@" swanctl_xappend " " "$@"
} }
swanctl_xappend4() { swanctl_xappend4() {
swanctl_xappend " ""$@" swanctl_xappend " " "$@"
} }
warning() { warning() {
@ -151,14 +154,16 @@ is_aead() {
return 1 return 1
} }
add_esp_proposal() { config_esp_proposal() {
local conf="$1"
local encryption_algorithm local encryption_algorithm
local hash_algorithm local hash_algorithm
local dh_group local dh_group
config_get encryption_algorithm "$1" encryption_algorithm config_get encryption_algorithm "$conf" encryption_algorithm
config_get hash_algorithm "$1" hash_algorithm config_get hash_algorithm "$conf" hash_algorithm
config_get dh_group "$1" dh_group config_get dh_group "$conf" dh_group
# check for AEAD and clobber hash_algorithm if set # check for AEAD and clobber hash_algorithm if set
if is_aead "$encryption_algorithm" && [ -n "$hash_algorithm" ]; then if is_aead "$encryption_algorithm" && [ -n "$hash_algorithm" ]; then
@ -170,27 +175,29 @@ add_esp_proposal() {
crypto="${crypto:+${crypto},}${encryption_algorithm}${hash_algorithm:+-${hash_algorithm}}${dh_group:+-${dh_group}}" crypto="${crypto:+${crypto},}${encryption_algorithm}${hash_algorithm:+-${hash_algorithm}}${dh_group:+-${dh_group}}"
} }
parse_esp_proposal() { iter_esp_proposal() {
local conf="$1" local conf="$1"
local var="$2" local var="$2"
local crypto="" local crypto=""
config_list_foreach "$conf" crypto_proposal add_esp_proposal config_list_foreach "$conf" crypto_proposal config_esp_proposal
export -n "$var=$crypto" export -n "$var=$crypto"
} }
add_ike_proposal() { config_ike_proposal() {
local conf="$1"
local encryption_algorithm local encryption_algorithm
local hash_algorithm local hash_algorithm
local dh_group local dh_group
local prf_algorithm local prf_algorithm
config_get encryption_algorithm "$1" encryption_algorithm config_get encryption_algorithm "$conf" encryption_algorithm
config_get hash_algorithm "$1" hash_algorithm config_get hash_algorithm "$conf" hash_algorithm
config_get dh_group "$1" dh_group config_get dh_group "$conf" dh_group
config_get prf_algorithm "$1" prf_algorithm config_get prf_algorithm "$conf" prf_algorithm
# check for AEAD and clobber hash_algorithm if set # check for AEAD and clobber hash_algorithm if set
if is_aead "$encryption_algorithm" && [ -n "$hash_algorithm" ]; then if is_aead "$encryption_algorithm" && [ -n "$hash_algorithm" ]; then
@ -202,20 +209,20 @@ add_ike_proposal() {
crypto="${crypto:+${crypto},}${encryption_algorithm}${hash_algorithm:+-${hash_algorithm}}${prf_algorithm:+-${prf_algorithm}}${dh_group:+-${dh_group}}" crypto="${crypto:+${crypto},}${encryption_algorithm}${hash_algorithm:+-${hash_algorithm}}${prf_algorithm:+-${prf_algorithm}}${dh_group:+-${dh_group}}"
} }
parse_ike_proposal() { iter_ike_proposal() {
local conf="$1" local conf="$1"
local var="$2" local var="$2"
local crypto="" local crypto=""
config_list_foreach "$conf" crypto_proposal add_ike_proposal config_list_foreach "$conf" crypto_proposal config_ike_proposal
export -n "$var=$crypto" export -n "$var=$crypto"
} }
config_child() { config_child() {
# Generic ipsec conn section shared by tunnel and transport # Generic ipsec conn section shared by tunnel and transport
local config_name="$1" local conf="$1"
local mode="$2" local mode="$2"
local hw_offload local hw_offload
@ -233,26 +240,36 @@ config_child() {
local startaction local startaction
local if_id local if_id
local rekeytime local rekeytime
local rekeybytes
local lifebytes
local rekeypackets
local lifepackets
local replay_window
config_get startaction "$1" startaction "route" config_get startaction "$conf" startaction "route"
config_get local_nat "$1" local_nat "" config_get local_nat "$conf" local_nat ""
config_get updown "$1" updown "" config_get updown "$conf" updown ""
config_get firewall "$1" firewall "" config_get firewall "$conf" firewall ""
config_get lifetime "$1" lifetime "" config_get lifetime "$conf" lifetime ""
config_get dpdaction "$1" dpdaction "none" config_get dpdaction "$conf" dpdaction "none"
config_get closeaction "$1" closeaction "none" config_get closeaction "$conf" closeaction "none"
config_get if_id "$1" if_id "" config_get if_id "$conf" if_id ""
config_get rekeytime "$1" rekeytime "" config_get rekeytime "$conf" rekeytime ""
config_get_bool ipcomp "$1" ipcomp 0 config_get_bool ipcomp "$conf" ipcomp 0
config_get interface "$1" interface "" config_get interface "$conf" interface ""
config_get hw_offload "$1" hw_offload "" config_get hw_offload "$conf" hw_offload ""
config_get priority "$1" priority "" config_get priority "$conf" priority ""
config_get rekeybytes "$conf" rekeybytes ""
config_get lifebytes "$conf" lifebytes ""
config_get rekeypackets "$conf" rekeypackets ""
config_get lifepackets "$conf" lifepackets ""
config_get replay_window "$conf" replay_window ""
config_list_foreach "$1" local_subnet append_var local_subnet "," config_list_foreach "$conf" local_subnet append_var local_subnet ","
config_list_foreach "$1" remote_subnet append_var remote_subnet "," config_list_foreach "$conf" remote_subnet append_var remote_subnet ","
local esp_proposal local esp_proposal
parse_esp_proposal "$1" esp_proposal iter_esp_proposal "$conf" esp_proposal
# translate from ipsec to swanctl # translate from ipsec to swanctl
case "$startaction" in case "$startaction" in
@ -318,16 +335,16 @@ config_child() {
[ -n "$local_nat" ] && local_subnet="$local_nat" [ -n "$local_nat" ] && local_subnet="$local_nat"
swanctl_xappend3 "$config_name {" swanctl_xappend3 "$conf {"
[ -n "$local_subnet" ] && swanctl_xappend4 "local_ts = $local_subnet" [ -n "$local_subnet" ] && swanctl_xappend4 "local_ts = $local_subnet"
[ -n "$remote_subnet" ] && swanctl_xappend4 "remote_ts = $remote_subnet" [ -n "$remote_subnet" ] && swanctl_xappend4 "remote_ts = $remote_subnet"
[ -n "$hw_offload" ] && swanctl_append4 "hw_offload = $hw_offload" [ -n "$hw_offload" ] && swanctl_xappend4 "hw_offload = $hw_offload"
[ $ipcomp -eq 1 ] && swanctl_xappend4 "ipcomp = 1" [ $ipcomp -eq 1 ] && swanctl_xappend4 "ipcomp = 1"
[ -n "$interface" ] && swanctl_append4 "interface = $interface" [ -n "$interface" ] && swanctl_xappend4 "interface = $interface"
[ -n "$priority" ] && swanctl_append4 "priority = $priority" [ -n "$priority" ] && swanctl_xappend4 "priority = $priority"
[ -n "$if_id" ] && { swanctl_xappend4 "if_id_in = $if_id" ; swanctl_xappend4 "if_id_out = $if_id" ; } [ -n "$if_id" ] && swanctl_xappend4 "if_id_in = $if_id" "if_id_out = $if_id"
[ -n "$startaction" -a "$startaction" != "none" ] && swanctl_xappend4 "start_action = $startaction" [ -n "$startaction" -a "$startaction" != "none" ] && swanctl_xappend4 "start_action = $startaction"
[ -n "$closeaction" -a "$closeaction" != "none" ] && swanctl_xappend4 "close_action = $closeaction" [ -n "$closeaction" -a "$closeaction" != "none" ] && swanctl_xappend4 "close_action = $closeaction"
swanctl_xappend4 "esp_proposals = $esp_proposal" swanctl_xappend4 "esp_proposals = $esp_proposal"
@ -339,10 +356,23 @@ config_child() {
swanctl_xappend4 "life_time = $(seconds2time $(((110 * $(time2seconds $rekeytime)) / 100)))" swanctl_xappend4 "life_time = $(seconds2time $(((110 * $(time2seconds $rekeytime)) / 100)))"
fi fi
[ -n "$rekeytime" ] && swanctl_xappend4 "rekey_time = $rekeytime" [ -n "$rekeytime" ] && swanctl_xappend4 "rekey_time = $rekeytime"
if [ -n "$lifebytes" ]; then
swanctl_xappend4 "life_bytes = $lifebytes"
elif [ -n "$rekeybytes" ]; then
swanctl_xappend4 "life_bytes = $(((110 * rekeybytes) / 100))"
fi
[ -n "$rekeybytes" ] && swanctl_xappend4 "rekey_bytes = $rekeybytes"
if [ -n "$lifepackets" ]; then
swanctl_xappend4 "life_packets = $lifepackets"
elif [ -n "$rekeypackets" ]; then
swanctl_xappend4 "life_packets = $(((110 * rekeypackets) / 100))"
fi
[ -n "$rekeypackets" ] && swanctl_xappend4 "rekey_packets = $rekeypackets"
[ -n "$inactivity" ] && swanctl_xappend4 "inactivity = $inactivity" [ -n "$inactivity" ] && swanctl_xappend4 "inactivity = $inactivity"
[ -n "$updown" ] && swanctl_xappend4 "updown = $updown" [ -n "$updown" ] && swanctl_xappend4 "updown = $updown"
[ -n "$dpdaction" ] && swanctl_xappend4 "dpd_action = $dpdaction" [ -n "$dpdaction" ] && swanctl_xappend4 "dpd_action = $dpdaction"
[ -n "$replay_window" ] && swanctl_xappend4 "replay_window = $replay_window"
swanctl_xappend3 "}" swanctl_xappend3 "}"
} }
@ -355,12 +385,47 @@ config_transport() {
config_child "$1" "transport" config_child "$1" "transport"
} }
config_connection() { config_pool() {
local config_name="$1" local conf="$1"
local addrs
local dns
local nbns
local dhcp
local netmask
local server
local subnet
local split_include
local split_exclude
config_get addrs "$conf" addrs
config_list_foreach "$conf" dns append_var dns ","
config_list_foreach "$conf" nbns append_var nbns ","
config_list_foreach "$conf" dhcp append_var dhcp ","
config_list_foreach "$conf" netmask append_var netmask ","
config_list_foreach "$conf" server append_var server ","
config_list_foreach "$conf" subnet append_var subnet ","
config_list_foreach "$conf" split_include append_var split_include ","
config_list_foreach "$conf" split_exclude append_var split_exclude ","
swanctl_xappend1 "$conf {"
[ -n "$addrs" ] && swanctl_xappend2 "addrs = $addrs"
[ -n "$dns" ] && swanctl_xappend2 "dns = $dns"
[ -n "$nbns" ] && swanctl_xappend2 "nbns = $nbns"
[ -n "$dhcp" ] && swanctl_xappend2 "dhcp = $dhcp"
[ -n "$netmask" ] && swanctl_xappend2 "netmask = $netmask"
[ -n "$server" ] && swanctl_xappend2 "server = $server"
[ -n "$subnet" ] && swanctl_xappend2 "subnet = $subnet"
[ -n "$split_include" ] && swanctl_xappend2 "split_include = $split_include"
[ -n "$split_exclude" ] && swanctl_xappend2 "split_exclude = $split_exclude"
swanctl_xappend1 "}"
}
config_remote() {
local conf="$1"
local enabled local enabled
local gateway local gateway
local local_gateway
local local_sourceip local local_sourceip
local local_ip local local_ip
local remote_gateway local remote_gateway
@ -376,29 +441,33 @@ config_connection() {
local local_key local local_key
local ca_cert local ca_cert
local rekeytime local rekeytime
local remote_ca_certs
local pools
config_get_bool enabled "$1" enabled 0 config_get_bool enabled "$conf" enabled 0
[ $enabled -eq 0 ] && return [ $enabled -eq 0 ] && return
config_get gateway "$1" gateway config_get gateway "$conf" gateway
config_get pre_shared_key "$1" pre_shared_key config_get pre_shared_key "$conf" pre_shared_key
config_get auth_method "$1" authentication_method config_get auth_method "$conf" authentication_method
config_get local_identifier "$1" local_identifier "" config_get local_identifier "$conf" local_identifier ""
config_get remote_identifier "$1" remote_identifier "" config_get remote_identifier "$conf" remote_identifier ""
config_get local_ip "$1" local_ip "%any" config_get local_ip "$conf" local_ip "%any"
config_get keyingtries "$1" keyingtries "3" config_get keyingtries "$conf" keyingtries "3"
config_get dpddelay "$1" dpddelay "30s" config_get dpddelay "$conf" dpddelay "30s"
config_get inactivity "$1" inactivity config_get inactivity "$conf" inactivity
config_get keyexchange "$1" keyexchange "ikev2" config_get keyexchange "$conf" keyexchange "ikev2"
config_get fragmentation "$1" fragmentation "yes" config_get fragmentation "$conf" fragmentation "yes"
config_get_bool mobike "$1" mobike 1 config_get_bool mobike "$conf" mobike 1
config_get local_cert "$1" local_cert "" config_get local_cert "$conf" local_cert ""
config_get local_key "$1" local_key "" config_get local_key "$conf" local_key ""
config_get ca_cert "$1" ca_cert "" config_get ca_cert "$conf" ca_cert ""
config_get rekeytime "$1" rekeytime config_get rekeytime "$conf" rekeytime
config_get overtime "$1" overtime config_get overtime "$conf" overtime
config_list_foreach "$1" local_sourceip append_var local_sourceip "," config_list_foreach "$conf" local_sourceip append_var local_sourceip ","
config_list_foreach "$conf" remote_ca_certs append_var remote_ca_certs ","
config_list_foreach "$conf" pools append_var pools ","
case "$fragmentation" in case "$fragmentation" in
0) 0)
@ -416,10 +485,6 @@ config_connection() {
[ "$gateway" = "any" ] && remote_gateway="%any" || remote_gateway="$gateway" [ "$gateway" = "any" ] && remote_gateway="%any" || remote_gateway="$gateway"
local ipdest
[ "$remote_gateway" = "%any" ] && ipdest="1.1.1.1" || ipdest="$remote_gateway"
local_gateway=`ip -o route get $ipdest | awk '/ src / { gsub(/^.* src /,""); gsub(/ .*$/, ""); print $0}'`
if [ -n "$local_key" ]; then if [ -n "$local_key" ]; then
[ "$(dirname "$local_key")" != "." ] && \ [ "$(dirname "$local_key")" != "." ] && \
fatal "local_key $local_key can't be pathname" fatal "local_key $local_key can't be pathname"
@ -428,7 +493,7 @@ config_connection() {
fi fi
local ike_proposal local ike_proposal
parse_ike_proposal "$1" ike_proposal iter_ike_proposal "$conf" ike_proposal
[ -n "$firewall" ] && fatal "Firewall not supported" [ -n "$firewall" ] && fatal "Firewall not supported"
@ -448,14 +513,15 @@ config_connection() {
fi fi
fi fi
swanctl_xappend0 "# config for $config_name" swanctl_xappend0 "# config for $conf"
swanctl_xappend0 "connections {" swanctl_xappend0 "connections {"
swanctl_xappend1 "$config_name {" swanctl_xappend1 "$conf {"
swanctl_xappend2 "local_addrs = $local_ip" swanctl_xappend2 "local_addrs = $local_ip"
swanctl_xappend2 "remote_addrs = $remote_gateway" swanctl_xappend2 "remote_addrs = $remote_gateway"
[ -n "$local_sourceip" ] && swanctl_xappend2 "vips = $local_sourceip" [ -n "$local_sourceip" ] && swanctl_xappend2 "vips = $local_sourceip"
[ -n "$fragmentation" ] && swanctl_xappend2 "fragmentation = $fragmentation" [ -n "$fragmentation" ] && swanctl_xappend2 "fragmentation = $fragmentation"
[ -n "$pools" ] && swanctl_xappend2 "pools = $pools"
swanctl_xappend2 "local {" swanctl_xappend2 "local {"
swanctl_xappend3 "auth = $auth_method" swanctl_xappend3 "auth = $auth_method"
@ -468,13 +534,14 @@ config_connection() {
swanctl_xappend2 "remote {" swanctl_xappend2 "remote {"
swanctl_xappend3 "auth = $auth_method" swanctl_xappend3 "auth = $auth_method"
[ -n "$remote_identifier" ] && swanctl_xappend3 "id = \"$remote_identifier\"" [ -n "$remote_identifier" ] && swanctl_xappend3 "id = \"$remote_identifier\""
[ -n "$remote_ca_certs" ] && swanctl_xappend3 "cacerts = \"$remote_ca_certs\""
swanctl_xappend2 "}" swanctl_xappend2 "}"
swanctl_xappend2 "children {" swanctl_xappend2 "children {"
config_list_foreach "$1" tunnel config_tunnel config_list_foreach "$conf" tunnel config_tunnel
config_list_foreach "$1" transport config_transport config_list_foreach "$conf" transport config_transport
swanctl_xappend2 "}" swanctl_xappend2 "}"
@ -514,7 +581,7 @@ config_connection() {
if [ -n "$ca_cert" ]; then if [ -n "$ca_cert" ]; then
swanctl_xappend0 "authorities {" swanctl_xappend0 "authorities {"
swanctl_xappend1 "$config_name {" swanctl_xappend1 "$conf {"
swanctl_xappend2 "cacert = $ca_cert" swanctl_xappend2 "cacert = $ca_cert"
swanctl_xappend1 "}" swanctl_xappend1 "}"
swanctl_xappend0 "}" swanctl_xappend0 "}"
@ -524,12 +591,12 @@ config_connection() {
swanctl_xappend0 "" swanctl_xappend0 ""
swanctl_xappend0 "secrets {" swanctl_xappend0 "secrets {"
swanctl_xappend1 "ike {" swanctl_xappend1 "ike-$conf {"
swanctl_xappend2 "secret = $pre_shared_key" swanctl_xappend2 "secret = $pre_shared_key"
if [ -n "$local_id" ]; then if [ -n "$local_identifier" ]; then
swanctl_xappend2 "id1 = $local_id" swanctl_xappend2 "id1 = $local_identifier"
if [ -n "$remote_id" ]; then if [ -n "$remote_identifier" ]; then
swanctl_xappend2 "id2 = $remote_id" swanctl_xappend2 "id2 = $remote_identifier"
fi fi
fi fi
swanctl_xappend1 "}" swanctl_xappend1 "}"
@ -538,6 +605,10 @@ config_connection() {
fatal "AuthenticationMode $auth_mode not supported" fatal "AuthenticationMode $auth_mode not supported"
fi fi
swanctl_xappend0 "pools {"
config_list_foreach "$conf" pools config_pool
swanctl_xappend0 "}"
swanctl_xappend0 "" swanctl_xappend0 ""
} }
@ -546,18 +617,20 @@ do_preamble() {
} }
config_ipsec() { config_ipsec() {
local conf="$1"
local rtinstall_enabled local rtinstall_enabled
local routing_table local routing_table
local routing_table_id local routing_table_id
local interface local interface
local interface_list local interface_list
config_get debug "$1" debug 0 config_get debug "$conf" debug 0
config_get_bool rtinstall_enabled "$1" rtinstall_enabled 1 config_get_bool rtinstall_enabled "$conf" rtinstall_enabled 1
[ $rtinstall_enabled -eq 1 ] && install_routes=yes || install_routes=no [ $rtinstall_enabled -eq 1 ] && install_routes=yes || install_routes=no
# prepare extra charon config option ignore_routing_tables # prepare extra charon config option ignore_routing_tables
for routing_table in $(config_get "$1" "ignore_routing_tables"); do for routing_table in $(config_get "$conf" "ignore_routing_tables"); do
if [ "$routing_table" -ge 0 ] 2>/dev/null; then if [ "$routing_table" -ge 0 ] 2>/dev/null; then
routing_table_id=$routing_table routing_table_id=$routing_table
else else
@ -567,7 +640,7 @@ config_ipsec() {
[ -n "$routing_table_id" ] && append routing_tables_ignored "$routing_table_id" [ -n "$routing_table_id" ] && append routing_tables_ignored "$routing_table_id"
done done
config_list_foreach "$1" interface append_var interface_list config_list_foreach "$conf" interface append_var interface_list
if [ -z "$interface_list" ]; then if [ -z "$interface_list" ]; then
WAIT_FOR_INTF=0 WAIT_FOR_INTF=0
@ -610,7 +683,7 @@ prepare_env() {
config_load ipsec config_load ipsec
config_foreach config_ipsec ipsec config_foreach config_ipsec ipsec
config_foreach config_connection remote config_foreach config_remote remote
do_postamble do_postamble
} }

8
net/strongswan/patches/0900-src-Patch-for-building-with-musl-on-openwrt-taken-ve.patch
View File

@ -16,7 +16,7 @@ Subject: [PATCH 900/904] src: Patch for building with musl on openwrt (taken
--- a/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c --- a/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c
+++ b/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c +++ b/src/libcharon/plugins/kernel_netlink/kernel_netlink_ipsec.c
@@ -40,6 +40,7 @@ @@ -41,6 +41,7 @@
*/ */
#define _GNU_SOURCE #define _GNU_SOURCE
@ -37,7 +37,7 @@ Subject: [PATCH 900/904] src: Patch for building with musl on openwrt (taken
#include <linux/netlink.h> #include <linux/netlink.h>
--- a/src/libcharon/plugins/kernel_netlink/kernel_netlink_shared.c --- a/src/libcharon/plugins/kernel_netlink/kernel_netlink_shared.c
+++ b/src/libcharon/plugins/kernel_netlink/kernel_netlink_shared.c +++ b/src/libcharon/plugins/kernel_netlink/kernel_netlink_shared.c
@@ -39,6 +39,8 @@ @@ -37,6 +37,8 @@
* THE SOFTWARE. * THE SOFTWARE.
*/ */
@ -48,7 +48,7 @@ Subject: [PATCH 900/904] src: Patch for building with musl on openwrt (taken
#include <linux/rtnetlink.h> #include <linux/rtnetlink.h>
--- a/src/libstrongswan/library.h --- a/src/libstrongswan/library.h
+++ b/src/libstrongswan/library.h +++ b/src/libstrongswan/library.h
@@ -119,6 +119,7 @@ @@ -121,6 +121,7 @@
#include "utils/leak_detective.h" #include "utils/leak_detective.h"
#include "plugins/plugin_loader.h" #include "plugins/plugin_loader.h"
#include "settings/settings.h" #include "settings/settings.h"
@ -99,7 +99,7 @@ Subject: [PATCH 900/904] src: Patch for building with musl on openwrt (taken
+#undef encrypt +#undef encrypt
--- a/src/libstrongswan/plugins/bliss/bliss_huffman.c --- a/src/libstrongswan/plugins/bliss/bliss_huffman.c
+++ b/src/libstrongswan/plugins/bliss/bliss_huffman.c +++ b/src/libstrongswan/plugins/bliss/bliss_huffman.c
@@ -17,6 +17,8 @@ @@ -18,6 +18,8 @@
#include "bliss_param_set.h" #include "bliss_param_set.h"
#include <library.h> #include <library.h>

4
net/strongswan/patches/0901-uci-verbatim-patch-from-openwrt-package-sources.patch
View File

@ -9,7 +9,7 @@ Subject: [PATCH 901/904] uci: verbatim patch from openwrt package sources
--- a/src/libcharon/plugins/uci/uci_parser.c --- a/src/libcharon/plugins/uci/uci_parser.c
+++ b/src/libcharon/plugins/uci/uci_parser.c +++ b/src/libcharon/plugins/uci/uci_parser.c
@@ -75,7 +75,7 @@ METHOD(enumerator_t, section_enumerator_ @@ -76,7 +76,7 @@ METHOD(enumerator_t, section_enumerator_
if (uci_lookup(this->ctx, &element, this->package, if (uci_lookup(this->ctx, &element, this->package,
this->current->name, "name") == UCI_OK) this->current->name, "name") == UCI_OK)
{ /* use "name" attribute as config name if available ... */ { /* use "name" attribute as config name if available ... */
@ -18,7 +18,7 @@ Subject: [PATCH 901/904] uci: verbatim patch from openwrt package sources
} }
else else
{ /* ... or the section name becomes config name */ { /* ... or the section name becomes config name */
@@ -90,7 +90,7 @@ METHOD(enumerator_t, section_enumerator_ @@ -91,7 +91,7 @@ METHOD(enumerator_t, section_enumerator_
if (value && uci_lookup(this->ctx, &element, this->package, if (value && uci_lookup(this->ctx, &element, this->package,
this->current->name, this->keywords[i]) == UCI_OK) this->current->name, this->keywords[i]) == UCI_OK)
{ {

48
net/strongswan/patches/0904-gmpdh-Plugin-that-implements-gmp-DH-functions-in-an-.patch
View File

@ -18,23 +18,23 @@ Subject: [PATCH 904/904] gmpdh: Plugin that implements gmp DH functions in an
--- a/configure.ac --- a/configure.ac
+++ b/configure.ac +++ b/configure.ac
@@ -146,6 +146,7 @@ ARG_DISBL_SET([fips-prf], [disable @@ -147,6 +147,7 @@ ARG_DISBL_SET([fips-prf], [disable
ARG_ENABL_SET([gcm], [enables the GCM AEAD wrapper crypto plugin.]) ARG_DISBL_SET([gcm], [disable the GCM AEAD wrapper crypto plugin.])
ARG_ENABL_SET([gcrypt], [enables the libgcrypt plugin.]) ARG_ENABL_SET([gcrypt], [enables the libgcrypt plugin.])
ARG_DISBL_SET([gmp], [disable GNU MP (libgmp) based crypto implementation plugin.]) ARG_DISBL_SET([gmp], [disable GNU MP (libgmp) based crypto implementation plugin.])
+ARG_DISBL_SET([gmpdh], [disable GNU MP (libgmp) based static-linked crypto DH minimal implementation plugin.]) +ARG_DISBL_SET([gmpdh], [disable GNU MP (libgmp) based static-linked crypto DH minimal implementation plugin.])
ARG_DISBL_SET([curve25519], [disable Curve25519 Diffie-Hellman plugin.]) ARG_DISBL_SET([curve25519], [disable Curve25519 Diffie-Hellman plugin.])
ARG_DISBL_SET([hmac], [disable HMAC crypto implementation plugin.]) ARG_DISBL_SET([hmac], [disable HMAC crypto implementation plugin.])
ARG_ENABL_SET([md4], [enable MD4 software implementation plugin.]) ARG_DISBL_SET([kdf], [disable KDF (prf+) implementation plugin.])
@@ -1487,6 +1488,7 @@ ADD_PLUGIN([botan], [s ch @@ -1574,6 +1575,7 @@ ADD_PLUGIN([pkcs8], [s ch
ADD_PLUGIN([af-alg], [s charon scepclient pki scripts medsrv attest nm cmd aikgen]) ADD_PLUGIN([af-alg], [s charon pki scripts medsrv attest nm cmd aikgen])
ADD_PLUGIN([fips-prf], [s charon nm cmd]) ADD_PLUGIN([fips-prf], [s charon nm cmd])
ADD_PLUGIN([gmp], [s charon scepclient pki scripts manager medsrv attest nm cmd aikgen fuzz]) ADD_PLUGIN([gmp], [s charon pki scripts manager medsrv attest nm cmd aikgen fuzz])
+ADD_PLUGIN([gmpdh], [s charon scepclient pki scripts manager medsrv attest nm cmd aikgen]) +ADD_PLUGIN([gmpdh], [s charon pki scripts manager medsrv attest nm cmd aikgen])
ADD_PLUGIN([curve25519], [s charon pki scripts nm cmd]) ADD_PLUGIN([curve25519], [s charon pki scripts nm cmd])
ADD_PLUGIN([agent], [s charon nm cmd]) ADD_PLUGIN([agent], [s charon nm cmd])
ADD_PLUGIN([keychain], [s charon cmd]) ADD_PLUGIN([keychain], [s charon cmd])
@@ -1628,6 +1630,7 @@ AM_CONDITIONAL(USE_SHA3, test x$sha3 = x @@ -1716,6 +1718,7 @@ AM_CONDITIONAL(USE_SHA3, test x$sha3 = x
AM_CONDITIONAL(USE_MGF1, test x$mgf1 = xtrue) AM_CONDITIONAL(USE_MGF1, test x$mgf1 = xtrue)
AM_CONDITIONAL(USE_FIPS_PRF, test x$fips_prf = xtrue) AM_CONDITIONAL(USE_FIPS_PRF, test x$fips_prf = xtrue)
AM_CONDITIONAL(USE_GMP, test x$gmp = xtrue) AM_CONDITIONAL(USE_GMP, test x$gmp = xtrue)
@ -42,7 +42,7 @@ Subject: [PATCH 904/904] gmpdh: Plugin that implements gmp DH functions in an
AM_CONDITIONAL(USE_CURVE25519, test x$curve25519 = xtrue) AM_CONDITIONAL(USE_CURVE25519, test x$curve25519 = xtrue)
AM_CONDITIONAL(USE_RDRAND, test x$rdrand = xtrue) AM_CONDITIONAL(USE_RDRAND, test x$rdrand = xtrue)
AM_CONDITIONAL(USE_AESNI, test x$aesni = xtrue) AM_CONDITIONAL(USE_AESNI, test x$aesni = xtrue)
@@ -1905,6 +1908,7 @@ AC_CONFIG_FILES([ @@ -1996,6 +1999,7 @@ AC_CONFIG_FILES([
src/libstrongswan/plugins/mgf1/Makefile src/libstrongswan/plugins/mgf1/Makefile
src/libstrongswan/plugins/fips_prf/Makefile src/libstrongswan/plugins/fips_prf/Makefile
src/libstrongswan/plugins/gmp/Makefile src/libstrongswan/plugins/gmp/Makefile
@ -52,7 +52,7 @@ Subject: [PATCH 904/904] gmpdh: Plugin that implements gmp DH functions in an
src/libstrongswan/plugins/aesni/Makefile src/libstrongswan/plugins/aesni/Makefile
--- a/src/libstrongswan/Makefile.am --- a/src/libstrongswan/Makefile.am
+++ b/src/libstrongswan/Makefile.am +++ b/src/libstrongswan/Makefile.am
@@ -348,6 +348,13 @@ if MONOLITHIC @@ -357,6 +357,13 @@ if MONOLITHIC
endif endif
endif endif
@ -135,31 +135,31 @@ Subject: [PATCH 904/904] gmpdh: Plugin that implements gmp DH functions in an
+{ +{
+ static plugin_feature_t f[] = { + static plugin_feature_t f[] = {
+ /* DH groups */ + /* DH groups */
+ PLUGIN_REGISTER(DH, gmp_diffie_hellman_create), + PLUGIN_REGISTER(KE, gmp_diffie_hellman_create),
+ PLUGIN_PROVIDE(DH, MODP_2048_BIT), + PLUGIN_PROVIDE(KE, MODP_2048_BIT),
+ PLUGIN_DEPENDS(RNG, RNG_STRONG), + PLUGIN_DEPENDS(RNG, RNG_STRONG),
+ PLUGIN_PROVIDE(DH, MODP_2048_224), + PLUGIN_PROVIDE(KE, MODP_2048_224),
+ PLUGIN_DEPENDS(RNG, RNG_STRONG), + PLUGIN_DEPENDS(RNG, RNG_STRONG),
+ PLUGIN_PROVIDE(DH, MODP_2048_256), + PLUGIN_PROVIDE(KE, MODP_2048_256),
+ PLUGIN_DEPENDS(RNG, RNG_STRONG), + PLUGIN_DEPENDS(RNG, RNG_STRONG),
+ PLUGIN_PROVIDE(DH, MODP_1536_BIT), + PLUGIN_PROVIDE(KE, MODP_1536_BIT),
+ PLUGIN_DEPENDS(RNG, RNG_STRONG), + PLUGIN_DEPENDS(RNG, RNG_STRONG),
+ PLUGIN_PROVIDE(DH, MODP_3072_BIT), + PLUGIN_PROVIDE(KE, MODP_3072_BIT),
+ PLUGIN_DEPENDS(RNG, RNG_STRONG), + PLUGIN_DEPENDS(RNG, RNG_STRONG),
+ PLUGIN_PROVIDE(DH, MODP_4096_BIT), + PLUGIN_PROVIDE(KE, MODP_4096_BIT),
+ PLUGIN_DEPENDS(RNG, RNG_STRONG), + PLUGIN_DEPENDS(RNG, RNG_STRONG),
+ PLUGIN_PROVIDE(DH, MODP_6144_BIT), + PLUGIN_PROVIDE(KE, MODP_6144_BIT),
+ PLUGIN_DEPENDS(RNG, RNG_STRONG), + PLUGIN_DEPENDS(RNG, RNG_STRONG),
+ PLUGIN_PROVIDE(DH, MODP_8192_BIT), + PLUGIN_PROVIDE(KE, MODP_8192_BIT),
+ PLUGIN_DEPENDS(RNG, RNG_STRONG), + PLUGIN_DEPENDS(RNG, RNG_STRONG),
+ PLUGIN_PROVIDE(DH, MODP_1024_BIT), + PLUGIN_PROVIDE(KE, MODP_1024_BIT),
+ PLUGIN_DEPENDS(RNG, RNG_STRONG), + PLUGIN_DEPENDS(RNG, RNG_STRONG),
+ PLUGIN_PROVIDE(DH, MODP_1024_160), + PLUGIN_PROVIDE(KE, MODP_1024_160),
+ PLUGIN_DEPENDS(RNG, RNG_STRONG), + PLUGIN_DEPENDS(RNG, RNG_STRONG),
+ PLUGIN_PROVIDE(DH, MODP_768_BIT), + PLUGIN_PROVIDE(KE, MODP_768_BIT),
+ PLUGIN_DEPENDS(RNG, RNG_STRONG), + PLUGIN_DEPENDS(RNG, RNG_STRONG),
+ PLUGIN_REGISTER(DH, gmp_diffie_hellman_create_custom), + PLUGIN_REGISTER(KE, gmp_diffie_hellman_create_custom),
+ PLUGIN_PROVIDE(DH, MODP_CUSTOM), + PLUGIN_PROVIDE(KE, MODP_CUSTOM),
+ PLUGIN_DEPENDS(RNG, RNG_STRONG), + PLUGIN_DEPENDS(RNG, RNG_STRONG),
+ }; + };
+ *features = f; + *features = f;

12
net/strongswan/patches/0905-undef-wolfssl-RNG.patch Normal file
View File

@ -0,0 +1,12 @@
--- a/src/libstrongswan/plugins/wolfssl/wolfssl_plugin.c
+++ b/src/libstrongswan/plugins/wolfssl/wolfssl_plugin.c
@@ -50,6 +50,9 @@
#ifndef FIPS_MODE
#define FIPS_MODE 0
#endif
+#ifdef RNG
+#undef RNG
+#endif
typedef struct private_wolfssl_plugin_t private_wolfssl_plugin_t;