openwrt/packages
1
0
Fork 0
mirror of https://github.com/coolsnowwolf/packages.git synced 2025-05-01 00:50:23 +08:00
Code Issues Packages Projects Releases Wiki Activity

chaosvpn: bump version

Browse Source
This commit is contained in:
LEAN-ESX 2019-12-15 02:25:02 -08:00
parent 39b1cb6668
commit da24354376
3 changed files with 200 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
net/chaosvpn/Makefile
View File

@ -9,16 +9,12 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=chaosvpn
PKG_REV:=2eb24810b5aa0b2d56f21562e52927020dc3090a
PKG_VERSION:=2014-01-24
PKG_RELEASE=1
PKG_VERSION:=2.19
PKG_RELEASE:=2
PKG_SOURCE_PROTO:=git
PKG_SOURCE_URL:=https://github.com/ryd/chaosvpn.git
PKG_SOURCE_VERSION:=$(PKG_REV)
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_REV).tar.gz
PKG_MIRROR_HASH:=da987a95cb33af730c2b08ceec3af29a61e523625479c7e8b978fad881abbb53
PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION)
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/ryd/chaosvpn/tar.gz/v$(PKG_VERSION)?
PKG_HASH:=53625d131140529e88d8a14c34cc4d8d5d0134292d90f4ae55e9df29d3232828
PKG_LICENSE:=Apache-2.0
PKG_MAINTAINER:=Norbert Summer <git@o-g.at>
@ -49,7 +45,6 @@ define Package/chaosvpn/install
$(INSTALL_BIN) $(PKG_BUILD_DIR)/chaosvpn $(1)/usr/sbin/
$(INSTALL_BIN) ./files/chaosvpn.init $(1)/etc/init.d/chaosvpn
$(INSTALL_BIN) ./files/chaosvpn.hotplug $(1)/etc/hotplug.d/iface/40-chaosvpn
sed -i -e 's/"\/sbin\/ip /"\/usr\/sbin\/ip /' $(PKG_BUILD_DIR)/chaosvpn.conf
$(INSTALL_CONF) $(PKG_BUILD_DIR)/chaosvpn.conf $(1)/etc/tinc/chaosvpn.conf
endef

148
net/chaosvpn/patches/0001-OpenSSL-1.1.0-compile-fix.patch Normal file
View File

@ -0,0 +1,148 @@
From c842faae63b562acc7d989a9cdc815def9ee2ed6 Mon Sep 17 00:00:00 2001
From: Sven-Haegar Koch <haegar@sdinet.de>
Date: Wed, 2 Nov 2016 23:08:24 +0100
Subject: [PATCH] OpenSSL 1.1.0 compile fix.
---
crypto.c | 53 +++++++++++++++++++++++++++++++++++------------------
1 file changed, 35 insertions(+), 18 deletions(-)
diff --git a/crypto.c b/crypto.c
index e476611..e8b72d3 100644
--- a/crypto.c
+++ b/crypto.c
@@ -46,6 +46,10 @@ openssl dgst \
*/
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#define EVP_PKEY_get0_RSA(a) ((a)->pkey.rsa)
+#endif
+
EVP_PKEY *
crypto_load_key(const char *key, const bool is_private)
{
@@ -80,7 +84,7 @@ crypto_rsa_verify_signature(struct string *databuffer, struct string *signature,
{
int err;
bool retval;
- EVP_MD_CTX md_ctx;
+ EVP_MD_CTX *md_ctx;
EVP_PKEY *pkey;
/* load public key into openssl structure */
@@ -89,15 +93,22 @@ crypto_rsa_verify_signature(struct string *databuffer, struct string *signature,
log_err("crypto_verify_signature: key loading failed\n");
return false;
}
-
+
+ md_ctx = EVP_MD_CTX_create();
+ if (!md_ctx) {
+ log_err("crypto_verify_signature: md_ctx alloc failed\n");
+ return false;
+ }
+
/* Verify the signature */
- if (EVP_VerifyInit(&md_ctx, EVP_sha512()) != 1) {
+ if (EVP_VerifyInit(md_ctx, EVP_sha512()) != 1) {
log_err("crypto_verify_signature: libcrypto verify init failed\n");
+ EVP_MD_CTX_destroy(md_ctx);
EVP_PKEY_free(pkey);
return false;
}
- EVP_VerifyUpdate(&md_ctx, string_get(databuffer), string_length(databuffer));
- err = EVP_VerifyFinal(&md_ctx, (unsigned char*)string_get(signature), string_length(signature), pkey);
+ EVP_VerifyUpdate(md_ctx, string_get(databuffer), string_length(databuffer));
+ err = EVP_VerifyFinal(md_ctx, (unsigned char*)string_get(signature), string_length(signature), pkey);
EVP_PKEY_free(pkey);
if (err != 1) {
@@ -110,7 +121,7 @@ crypto_rsa_verify_signature(struct string *databuffer, struct string *signature,
retval = true;
bailout_ctx_cleanup:
- EVP_MD_CTX_cleanup(&md_ctx);
+ EVP_MD_CTX_destroy(md_ctx);
//log_info("Signature Verified Ok.\n");
return retval;
@@ -146,7 +157,7 @@ crypto_rsa_decrypt(struct string *ciphertext, const char *privkey, struct string
len = RSA_private_decrypt(string_length(ciphertext),
(unsigned char*)string_get(ciphertext),
(unsigned char*)string_get(decrypted),
- pkey->pkey.rsa,
+ EVP_PKEY_get0_RSA(pkey),
RSA_PKCS1_OAEP_PADDING);
if (len >= 0) {
/* TODO: need cleaner way: */
@@ -167,28 +178,33 @@ bool
crypto_aes_decrypt(struct string *ciphertext, struct string *aes_key, struct string *aes_iv, struct string *decrypted)
{
bool retval = false;
- EVP_CIPHER_CTX ctx;
+ EVP_CIPHER_CTX *ctx;
int decryptspace;
int decryptdone;
- EVP_CIPHER_CTX_init(&ctx);
- if (!EVP_DecryptInit_ex(&ctx, EVP_aes_256_cbc(), NULL,
+ ctx = EVP_CIPHER_CTX_new();
+ if (!ctx) {
+ log_err("crypto_aes_decrypt: ctx alloc failed\n");
+ goto bail_out;
+ }
+
+ if (!EVP_DecryptInit_ex(ctx, EVP_aes_256_cbc(), NULL,
(unsigned char *)string_get(aes_key),
(unsigned char *)string_get(aes_iv))) {
log_err("crypto_aes_decrypt: init failed\n");
ERR_print_errors_fp(stderr);
goto bail_out;
}
- EVP_CIPHER_CTX_set_padding(&ctx, 1);
+ EVP_CIPHER_CTX_set_padding(ctx, 1);
- if (string_length(aes_key) != EVP_CIPHER_CTX_key_length(&ctx)) {
+ if (string_length(aes_key) != EVP_CIPHER_CTX_key_length(ctx)) {
log_err("crypto_aes_decrypt: invalid key size (%" PRIuPTR " vs expected %d)\n",
- string_length(aes_key), EVP_CIPHER_CTX_key_length(&ctx));
+ string_length(aes_key), EVP_CIPHER_CTX_key_length(ctx));
goto bail_out;
}
- if (string_length(aes_iv) != EVP_CIPHER_CTX_iv_length(&ctx)) {
+ if (string_length(aes_iv) != EVP_CIPHER_CTX_iv_length(ctx)) {
log_err("crypto_aes_decrypt: invalid iv size (%" PRIuPTR " vs expected %d)\n",
- string_length(aes_iv), EVP_CIPHER_CTX_iv_length(&ctx));
+ string_length(aes_iv), EVP_CIPHER_CTX_iv_length(ctx));
goto bail_out;
}
@@ -201,7 +217,7 @@ crypto_aes_decrypt(struct string *ciphertext, struct string *aes_key, struct str
goto bail_out;
}
- if (EVP_DecryptUpdate(&ctx, (unsigned char*)string_get(decrypted),
+ if (EVP_DecryptUpdate(ctx, (unsigned char*)string_get(decrypted),
&decryptdone, (unsigned char*)string_get(ciphertext),
string_length(ciphertext))) {
/* TODO: need cleaner way: */
@@ -212,7 +228,7 @@ crypto_aes_decrypt(struct string *ciphertext, struct string *aes_key, struct str
goto bail_out;
}
- if (EVP_DecryptFinal_ex(&ctx,
+ if (EVP_DecryptFinal_ex(ctx,
(unsigned char*)string_get(decrypted)+string_length(decrypted),
&decryptdone)) {
/* TODO: need cleaner way: */
@@ -226,7 +242,8 @@ crypto_aes_decrypt(struct string *ciphertext, struct string *aes_key, struct str
retval = true;
bail_out:
- EVP_CIPHER_CTX_cleanup(&ctx);
+ if (ctx)
+ EVP_CIPHER_CTX_free(ctx);
return retval;
}

47
net/chaosvpn/patches/010-openssl-deprecated.patch Normal file
View File

@ -0,0 +1,47 @@
--- a/crypto.c
+++ b/crypto.c
@@ -14,6 +14,12 @@
#include <openssl/pem.h>
#include <openssl/ssl.h>
+#ifndef OPENSSL_VERSION
+#define OPENSSL_VERSION SSLEAY_VERSION
+#define OpenSSL_version(x) SSLeay_version(x)
+#define OpenSSL_version_num SSLeay
+#endif
+
/*
This checks data in a struct string against a signature in a second
@@ -250,14 +256,18 @@ bail_out:
void
crypto_init(void)
{
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
/* Just load the crypto library error strings, not SSL */
ERR_load_crypto_strings();
+#endif
}
void
crypto_finish(void)
{
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
ERR_free_strings();
+#endif
}
void
@@ -268,10 +278,10 @@ crypto_warn_openssl_version_changed(void)
* OpenSSL library used.
* Output a warning if not.
*/
- if (SSLeay() != OPENSSL_VERSION_NUMBER) {
+ if (OpenSSL_version_num() != OPENSSL_VERSION_NUMBER) {
log_info("Note: compiled using OpenSSL version '%s' headers, but linked to "
"OpenSSL version '%s' library",
OPENSSL_VERSION_TEXT,
- SSLeay_version(SSLEAY_VERSION));
+ OpenSSL_version(OPENSSL_VERSION));
}
}