From 7ef4836b71fc990c63fbf8027499339c16ba5f90 Mon Sep 17 00:00:00 2001 From: nbd Date: Thu, 7 Sep 2006 12:40:03 +0000 Subject: upgrade isakmpd, add security fix git-svn-id: svn://svn.openwrt.org/openwrt/branches/buildroot-ng/openwrt@4768 3c298f89-4303-0410-b956-a3cf2f4a3e73 --- package/isakmpd/patches/030-openssl_hashes.patch | 154 +++++++++++++++++++++++ 1 file changed, 154 insertions(+) create mode 100644 package/isakmpd/patches/030-openssl_hashes.patch (limited to 'package/isakmpd/patches/030-openssl_hashes.patch') diff --git a/package/isakmpd/patches/030-openssl_hashes.patch b/package/isakmpd/patches/030-openssl_hashes.patch new file mode 100644 index 000000000..680db86a3 --- /dev/null +++ b/package/isakmpd/patches/030-openssl_hashes.patch @@ -0,0 +1,154 @@ +diff -urN isakmpd/GNUmakefile isakmpd.new/GNUmakefile +--- isakmpd/GNUmakefile 2006-09-01 19:29:05.000000000 +0200 ++++ isakmpd.new/GNUmakefile 2006-09-01 19:29:28.000000000 +0200 +@@ -75,13 +75,14 @@ + isakmp_fld.c isakmp_fld.h + MAN= isakmpd.8 isakmpd.conf.5 isakmpd.policy.5 + +-CFLAGS+= -O2 ${DEBUG} -Wall -DNEED_SYSDEP_APP \ ++CFLAGS+= ${DEBUG} -Wall -DNEED_SYSDEP_APP \ + -I${.CURDIR} -I${.CURDIR}/sysdep/${OS} -I. \ + + # Different debugging & profiling suggestions + + # Include symbolic debugging info + DEBUG= -g ++CFLAGS+= -g + + # Do execution time profiles + #CFLAGS+= -pg +@@ -172,6 +173,14 @@ + CFLAGS+= -DUSE_RAWKEY + endif + ++ifdef USE_OPENSSL_MD5 ++CFLAGS+= -DUSE_OPENSSL_MD5 ++endif ++ ++ifdef USE_OPENSSL_SHA1 ++CFLAGS+= -DUSE_OPENSSL_SHA1 ++endif ++ + SRCS+= ${IPSEC_SRCS} ${X509} ${POLICY} ${EC} ${AGGRESSIVE} ${DNSSEC} \ + $(ISAKMP_CFG) + CFLAGS+= ${IPSEC_CFLAGS} +diff -urN isakmpd/sysdep/common/libsysdep/GNUmakefile isakmpd.new/sysdep/common/libsysdep/GNUmakefile +--- isakmpd/sysdep/common/libsysdep/GNUmakefile 2003-06-03 16:52:06.000000000 +0200 ++++ isakmpd.new/sysdep/common/libsysdep/GNUmakefile 2006-09-01 19:29:28.000000000 +0200 +@@ -31,10 +31,18 @@ + .CURDIR:= $(shell pwd) + + LIB= sysdep +-SRCS= arc4random.c blowfish.c cast.c md5.c sha1.c strlcat.c strlcpy.c ++SRCS= arc4random.c blowfish.c cast.c strlcat.c strlcpy.c + NOMAN= + CFLAGS+= -I${.CURDIR}/.. -I/usr/include/machine + ++ifeq (,$(findstring USE_OPENSSL_MD5,$(CFLAGS))) ++SRCS+=md5.c ++endif ++ ++ifeq (,$(findstring USE_OPENSSL_SHA1,$(CFLAGS))) ++SRCS+=sha1.c ++endif ++ + lib${LIB}.a: ${SRCS:%.c=%.o} + ar cq $@ ${SRCS:%.c=%.o} + +diff -urN isakmpd/sysdep/common/libsysdep/md5.c isakmpd.new/sysdep/common/libsysdep/md5.c +--- isakmpd/sysdep/common/libsysdep/md5.c 2002-06-14 23:34:58.000000000 +0200 ++++ isakmpd.new/sysdep/common/libsysdep/md5.c 2006-09-01 19:29:28.000000000 +0200 +@@ -5,6 +5,8 @@ + * changes to accommodate it in the kernel by ji. + */ + ++#ifndef USE_OPENSSL_MD5 ++ + /* MD5C.C - RSA Data Security, Inc., MD5 message-digest algorithm + */ + +@@ -390,3 +392,4 @@ + #endif + #endif + ++#endif /* USE_OPENSSL_MD5 */ +diff -urN isakmpd/sysdep/common/libsysdep/sha1.c isakmpd.new/sysdep/common/libsysdep/sha1.c +--- isakmpd/sysdep/common/libsysdep/sha1.c 2001-01-28 23:38:48.000000000 +0100 ++++ isakmpd.new/sysdep/common/libsysdep/sha1.c 2006-09-01 19:29:28.000000000 +0200 +@@ -1,5 +1,7 @@ + /* $OpenBSD: sha1.c,v 1.2 2001/01/28 22:38:48 niklas Exp $ */ + ++#ifndef USE_OPENSSL_SHA1 ++ + /* + SHA-1 in C + By Steve Reid +@@ -171,3 +173,5 @@ + SHA1Transform(context->state, context->buffer); + #endif + } ++ ++#endif /* USE_OPENSSL_SHA1 */ +diff -urN isakmpd/sysdep/common/md5.h isakmpd.new/sysdep/common/md5.h +--- isakmpd/sysdep/common/md5.h 2001-01-28 23:38:47.000000000 +0100 ++++ isakmpd.new/sysdep/common/md5.h 2006-09-01 19:29:28.000000000 +0200 +@@ -1,5 +1,15 @@ + /* $OpenBSD: md5.h,v 1.2 2001/01/28 22:38:47 niklas Exp $ */ + ++#ifdef USE_OPENSSL_MD5 ++ ++#include ++ ++#define MD5Init MD5_Init ++#define MD5Update MD5_Update ++#define MD5Final MD5_Final ++ ++#else /* USE_OPENSSL_MD5 */ ++ + /* GLOBAL.H - RSAREF types and constants + */ + +@@ -71,3 +81,5 @@ + void MD5Final PROTO_LIST ((unsigned char [16], MD5_CTX *)); + + #define _MD5_H_ ++ ++#endif /* USE_OPENSSL_MD5 */ +diff -urN isakmpd/sysdep/common/sha1.h isakmpd.new/sysdep/common/sha1.h +--- isakmpd/sysdep/common/sha1.h 2001-01-28 23:38:47.000000000 +0100 ++++ isakmpd.new/sysdep/common/sha1.h 2006-09-01 19:29:28.000000000 +0200 +@@ -1,5 +1,16 @@ + /* $OpenBSD: sha1.h,v 1.2 2001/01/28 22:38:47 niklas Exp $ */ + ++#ifdef USE_OPENSSL_SHA1 ++ ++#include ++ ++typedef SHA_CTX SHA1_CTX; ++#define SHA1Init SHA1_Init ++#define SHA1Update SHA1_Update ++#define SHA1Final SHA1_Final ++ ++#else /* USE_OPENSSL_SHA1 */ ++ + /* + SHA-1 in C + By Steve Reid +@@ -16,3 +27,5 @@ + void SHA1Init(SHA1_CTX* context); + void SHA1Update(SHA1_CTX* context, unsigned char* data, unsigned int len); + void SHA1Final(unsigned char digest[20], SHA1_CTX* context); ++ ++#endif /* USE_OPENSSL_SHA1 */ +diff -urN isakmpd/sysdep/linux/GNUmakefile.sysdep isakmpd.new/sysdep/linux/GNUmakefile.sysdep +--- isakmpd/sysdep/linux/GNUmakefile.sysdep 2006-09-01 19:29:05.000000000 +0200 ++++ isakmpd.new/sysdep/linux/GNUmakefile.sysdep 2006-09-01 19:29:29.000000000 +0200 +@@ -48,6 +48,8 @@ + USE_LIBCRYPO= defined + HAVE_DLOPEN= defined + USE_KEYNOTE= defined ++USE_OPENSSL_MD5= defined ++USE_OPENSSL_SHA1= defined + + # hack libsysdep.a dependenc + ${LIBSYSDEPDIR}/.depend ${LIBSYSDEP}: -- cgit v1.2.3