Attachment #182091 for bug #212149

Line 0 Link Here

(-)security/strongswan/files/patch-src_libstrongswan_plugins_openssl_Makefile.am (+10 lines)
	1	--- src/libstrongswan/plugins/openssl/Makefile.am.orig 2017-04-25 20:14:01 UTC
	2	+++ src/libstrongswan/plugins/openssl/Makefile.am
	3	@@ -13,6 +13,7 @@ endif
	4
	5	libstrongswan_openssl_la_SOURCES = \
	6	openssl_plugin.h openssl_plugin.c \
	7	+ openssl_compat.h openssl_compat.c \
	8	openssl_util.c openssl_util.h \
	9	openssl_crypter.c openssl_crypter.h \
	10	openssl_hasher.c openssl_hasher.h \




--- src/libstrongswan/plugins/openssl/Makefile.in.orig	2017-03-27 10:51:40 UTC
+++ src/libstrongswan/plugins/openssl/Makefile.in
@@ -139,13 +139,14 @@ LTLIBRARIES = $(noinst_LTLIBRARIES) $(pl
 am__DEPENDENCIES_1 =
 libstrongswan_openssl_la_DEPENDENCIES = $(am__DEPENDENCIES_1)
 am_libstrongswan_openssl_la_OBJECTS = openssl_plugin.lo \
-	openssl_util.lo openssl_crypter.lo openssl_hasher.lo \
-	openssl_sha1_prf.lo openssl_diffie_hellman.lo \
-	openssl_rsa_private_key.lo openssl_rsa_public_key.lo \
-	openssl_ec_diffie_hellman.lo openssl_ec_private_key.lo \
-	openssl_ec_public_key.lo openssl_x509.lo openssl_crl.lo \
-	openssl_pkcs7.lo openssl_pkcs12.lo openssl_rng.lo \
-	openssl_hmac.lo openssl_gcm.lo
+	openssl_compat.lo openssl_util.lo openssl_crypter.lo \
+	openssl_hasher.lo openssl_sha1_prf.lo \
+	openssl_diffie_hellman.lo openssl_rsa_private_key.lo \
+	openssl_rsa_public_key.lo openssl_ec_diffie_hellman.lo \
+	openssl_ec_private_key.lo openssl_ec_public_key.lo \
+	openssl_x509.lo openssl_crl.lo openssl_pkcs7.lo \
+	openssl_pkcs12.lo openssl_rng.lo openssl_hmac.lo \
+	openssl_gcm.lo
 libstrongswan_openssl_la_OBJECTS =  \
 	$(am_libstrongswan_openssl_la_OBJECTS)
 AM_V_lt = $(am__v_lt_@AM_V@)
@@ -420,7 +421,6 @@ random_device = @random_device@
 resolv_conf = @resolv_conf@
 routing_table = @routing_table@
 routing_table_prio = @routing_table_prio@
-runstatedir = @runstatedir@
 s_plugins = @s_plugins@
 sbindir = @sbindir@
 scepclient_plugins = @scepclient_plugins@
@@ -462,6 +462,7 @@ AM_CFLAGS = \
 @MONOLITHIC_FALSE@plugin_LTLIBRARIES = libstrongswan-openssl.la
 libstrongswan_openssl_la_SOURCES = \
 	openssl_plugin.h openssl_plugin.c \
+	openssl_compat.h openssl_compat.c \
 	openssl_util.c openssl_util.h \
 	openssl_crypter.c openssl_crypter.h \
 	openssl_hasher.c openssl_hasher.h \
@@ -571,6 +572,7 @@ mostlyclean-compile:
 distclean-compile:
 	-rm -f *.tab.c
 
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/openssl_compat.Plo@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/openssl_crl.Plo@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/openssl_crypter.Plo@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/openssl_diffie_hellman.Plo@am__quote@




--- src/libstrongswan/plugins/openssl/openssl_compat.c.orig	2017-04-25 20:15:52 UTC
+++ src/libstrongswan/plugins/openssl/openssl_compat.c
@@ -0,0 +1,419 @@
+/*
+ * Copyright (C) 2008-2016 Tobias Brunner
+ * Copyright (C) 2008 Martin Willi
+ * HSR Hochschule fuer Technik Rapperswil
+ * Copyright (C) 2017 Bernard Spil
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+#include "openssl_compat.h"
+
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+
+#include <string.h>
+#include <openssl/engine.h>
+#include <openssl/hmac.h>
+
+static void *OPENSSL_zalloc(size_t num)
+{
+   void *ret = OPENSSL_malloc(num);
+
+   if (ret != NULL)
+       memset(ret, 0, num);
+   return ret;
+}
+
+int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d)
+{
+   /* If the fields n and e in r are NULL, the corresponding input
+    * parameters MUST be non-NULL for n and e.  d may be
+    * left NULL (in case only the public key is used).
+    */
+   if ((r->n == NULL && n == NULL)
+       || (r->e == NULL && e == NULL))
+       return 0;
+
+   if (n != NULL) {
+       BN_free(r->n);
+       r->n = n;
+   }
+   if (e != NULL) {
+       BN_free(r->e);
+       r->e = e;
+   }
+   if (d != NULL) {
+       BN_free(r->d);
+       r->d = d;
+   }
+
+   return 1;
+}
+
+int RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q)
+{
+   /* If the fields p and q in r are NULL, the corresponding input
+    * parameters MUST be non-NULL.
+    */
+   if ((r->p == NULL && p == NULL)
+       || (r->q == NULL && q == NULL))
+       return 0;
+
+   if (p != NULL) {
+       BN_free(r->p);
+       r->p = p;
+   }
+   if (q != NULL) {
+       BN_free(r->q);
+       r->q = q;
+   }
+
+   return 1;
+}
+
+int RSA_set0_crt_params(RSA *r, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp)
+{
+   /* If the fields dmp1, dmq1 and iqmp in r are NULL, the corresponding input
+    * parameters MUST be non-NULL.
+    */
+   if ((r->dmp1 == NULL && dmp1 == NULL)
+       || (r->dmq1 == NULL && dmq1 == NULL)
+       || (r->iqmp == NULL && iqmp == NULL))
+       return 0;
+
+   if (dmp1 != NULL) {
+       BN_free(r->dmp1);
+       r->dmp1 = dmp1;
+   }
+   if (dmq1 != NULL) {
+       BN_free(r->dmq1);
+       r->dmq1 = dmq1;
+   }
+   if (iqmp != NULL) {
+       BN_free(r->iqmp);
+       r->iqmp = iqmp;
+   }
+
+   return 1;
+}
+
+void RSA_get0_key(const RSA *r,
+                 const BIGNUM **n, const BIGNUM **e, const BIGNUM **d)
+{
+   if (n != NULL)
+       *n = r->n;
+   if (e != NULL)
+       *e = r->e;
+   if (d != NULL)
+       *d = r->d;
+}
+
+void RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q)
+{
+   if (p != NULL)
+       *p = r->p;
+   if (q != NULL)
+       *q = r->q;
+}
+
+void RSA_get0_crt_params(const RSA *r,
+                        const BIGNUM **dmp1, const BIGNUM **dmq1,
+                        const BIGNUM **iqmp)
+{
+   if (dmp1 != NULL)
+       *dmp1 = r->dmp1;
+   if (dmq1 != NULL)
+       *dmq1 = r->dmq1;
+   if (iqmp != NULL)
+       *iqmp = r->iqmp;
+}
+
+void DSA_get0_pqg(const DSA *d,
+                 const BIGNUM **p, const BIGNUM **q, const BIGNUM **g)
+{
+   if (p != NULL)
+       *p = d->p;
+   if (q != NULL)
+       *q = d->q;
+   if (g != NULL)
+       *g = d->g;
+}
+
+int DSA_set0_pqg(DSA *d, BIGNUM *p, BIGNUM *q, BIGNUM *g)
+{
+   /* If the fields p, q and g in d are NULL, the corresponding input
+    * parameters MUST be non-NULL.
+    */
+   if ((d->p == NULL && p == NULL)
+       || (d->q == NULL && q == NULL)
+       || (d->g == NULL && g == NULL))
+       return 0;
+
+   if (p != NULL) {
+       BN_free(d->p);
+       d->p = p;
+   }
+   if (q != NULL) {
+       BN_free(d->q);
+       d->q = q;
+   }
+   if (g != NULL) {
+       BN_free(d->g);
+       d->g = g;
+   }
+
+   return 1;
+}
+
+void DSA_get0_key(const DSA *d,
+                 const BIGNUM **pub_key, const BIGNUM **priv_key)
+{
+   if (pub_key != NULL)
+       *pub_key = d->pub_key;
+   if (priv_key != NULL)
+       *priv_key = d->priv_key;
+}
+
+int DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key)
+{
+   /* If the field pub_key in d is NULL, the corresponding input
+    * parameters MUST be non-NULL.  The priv_key field may
+    * be left NULL.
+    */
+   if (d->pub_key == NULL && pub_key == NULL)
+       return 0;
+
+   if (pub_key != NULL) {
+       BN_free(d->pub_key);
+       d->pub_key = pub_key;
+   }
+   if (priv_key != NULL) {
+       BN_free(d->priv_key);
+       d->priv_key = priv_key;
+   }
+
+   return 1;
+}
+
+void DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps)
+{
+   if (pr != NULL)
+       *pr = sig->r;
+   if (ps != NULL)
+       *ps = sig->s;
+}
+
+int DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s)
+{
+   if (r == NULL || s == NULL)
+       return 0;
+   BN_clear_free(sig->r);
+   BN_clear_free(sig->s);
+   sig->r = r;
+   sig->s = s;
+   return 1;
+}
+
+void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps)
+{
+   if (pr != NULL)
+       *pr = sig->r;
+   if (ps != NULL)
+       *ps = sig->s;
+}
+
+int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s)
+{
+   if (r == NULL || s == NULL)
+       return 0;
+   BN_clear_free(sig->r);
+   BN_clear_free(sig->s);
+   sig->r = r;
+   sig->s = s;
+   return 1;
+}
+
+void DH_get0_pqg(const DH *dh,
+                const BIGNUM **p, const BIGNUM **q, const BIGNUM **g)
+{
+   if (p != NULL)
+       *p = dh->p;
+   if (q != NULL)
+       *q = dh->q;
+   if (g != NULL)
+       *g = dh->g;
+}
+
+int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g)
+{
+   /* If the fields p and g in d are NULL, the corresponding input
+    * parameters MUST be non-NULL.  q may remain NULL.
+    */
+   if ((dh->p == NULL && p == NULL)
+       || (dh->g == NULL && g == NULL))
+       return 0;
+
+   if (p != NULL) {
+       BN_free(dh->p);
+       dh->p = p;
+   }
+   if (q != NULL) {
+       BN_free(dh->q);
+       dh->q = q;
+   }
+   if (g != NULL) {
+       BN_free(dh->g);
+       dh->g = g;
+   }
+
+   if (q != NULL) {
+       dh->length = BN_num_bits(q);
+   }
+
+   return 1;
+}
+
+void DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key)
+{
+   if (pub_key != NULL)
+       *pub_key = dh->pub_key;
+   if (priv_key != NULL)
+       *priv_key = dh->priv_key;
+}
+
+int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key)
+{
+   /* If the field pub_key in dh is NULL, the corresponding input
+    * parameters MUST be non-NULL.  The priv_key field may
+    * be left NULL.
+    */
+   if (dh->pub_key == NULL && pub_key == NULL)
+       return 0;
+
+   if (pub_key != NULL) {
+       BN_free(dh->pub_key);
+       dh->pub_key = pub_key;
+   }
+   if (priv_key != NULL) {
+       BN_free(dh->priv_key);
+       dh->priv_key = priv_key;
+   }
+
+   return 1;
+}
+
+int DH_set_length(DH *dh, long length)
+{
+   dh->length = length;
+   return 1;
+}
+
+const unsigned char *EVP_CIPHER_CTX_iv(const EVP_CIPHER_CTX *ctx)
+{
+   return ctx->iv;
+}
+
+unsigned char *EVP_CIPHER_CTX_iv_noconst(EVP_CIPHER_CTX *ctx)
+{
+   return ctx->iv;
+}
+
+EVP_MD_CTX *EVP_MD_CTX_new(void)
+{
+   return OPENSSL_zalloc(sizeof(EVP_MD_CTX));
+}
+
+void EVP_MD_CTX_free(EVP_MD_CTX *ctx)
+{
+   EVP_MD_CTX_cleanup(ctx);
+   OPENSSL_free(ctx);
+}
+
+RSA_METHOD *RSA_meth_dup(const RSA_METHOD *meth)
+{
+   RSA_METHOD *ret;
+
+   ret = OPENSSL_malloc(sizeof(RSA_METHOD));
+
+   if (ret != NULL) {
+       memcpy(ret, meth, sizeof(*meth));
+       ret->name = OPENSSL_strdup(meth->name);
+       if (ret->name == NULL) {
+           OPENSSL_free(ret);
+           return NULL;
+       }
+   }
+
+   return ret;
+}
+
+int RSA_meth_set1_name(RSA_METHOD *meth, const char *name)
+{
+   char *tmpname;
+
+   tmpname = OPENSSL_strdup(name);
+   if (tmpname == NULL) {
+       return 0;
+   }
+
+   OPENSSL_free((char *)meth->name);
+   meth->name = tmpname;
+
+   return 1;
+}
+
+int RSA_meth_set_priv_enc(RSA_METHOD *meth,
+                         int (*priv_enc) (int flen, const unsigned char *from,
+                                          unsigned char *to, RSA *rsa,
+                                          int padding))
+{
+   meth->rsa_priv_enc = priv_enc;
+   return 1;
+}
+
+int RSA_meth_set_priv_dec(RSA_METHOD *meth,
+                         int (*priv_dec) (int flen, const unsigned char *from,
+                                          unsigned char *to, RSA *rsa,
+                                          int padding))
+{
+   meth->rsa_priv_dec = priv_dec;
+   return 1;
+}
+
+int RSA_meth_set_finish(RSA_METHOD *meth, int (*finish) (RSA *rsa))
+{
+   meth->finish = finish;
+   return 1;
+}
+
+void RSA_meth_free(RSA_METHOD *meth)
+{
+   if (meth != NULL) {
+       OPENSSL_free((char *)meth->name);
+       OPENSSL_free(meth);
+   }
+}
+
+int RSA_bits(const RSA *r)
+{
+   return (BN_num_bits(r->n));
+}
+
+RSA *EVP_PKEY_get0_RSA(EVP_PKEY *pkey)
+{
+   if (pkey->type != EVP_PKEY_RSA) {
+       return NULL;
+   }
+   return pkey->pkey.rsa;
+}
+
+#endif
+




--- src/libstrongswan/plugins/openssl/openssl_compat.h.orig	2017-04-25 19:29:46 UTC
+++ src/libstrongswan/plugins/openssl/openssl_compat.h
@@ -0,0 +1,38 @@
+/*
+ * Copyright (C) 2008 Tobias Brunner
+ * Hochschule fuer Technik Rapperswil
+ * Copyright (C) 2017 Bernard Spil
+ * FreeBSD project
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License as published by the
+ * Free Software Foundation; either version 2 of the License, or (at your
+ * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
+ * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * for more details.
+ */
+
+/**
+ * @defgroup openssl_p openssl
+ * @ingroup plugins
+ *
+ * @defgroup openssl_conf openssl_conf
+ * @{ @ingroup openssl_p
+ */
+
+#ifndef OPENSSL_COMPAT_H_
+#define OPENSSL_COMPAT_H_
+
+#include <openssl/opensslv.h>
+#include <openssl/opensslfeatures.h>
+#include <openssl/opensslconf.h>
+
+#ifdef LIBRESSL_VERSION_NUMBER
+#undef OPENSSL_VERSION_NUMBER
+#define OPENSSL_VERSION_NUMBER 0x1000107fL
+#endif /* LIBRESSL_VERSION_NUMBER */
+
+#endif /** OPENSSL_COMPAT_H_ @}*/

Line 0 Link Here

(-)security/strongswan/files/patch-src_libstrongswan_plugins_openssl_openssl__gcm.c (+11 lines)
	1	--- src/libstrongswan/plugins/openssl/openssl_gcm.c.orig 2016-10-11 15:18:22 UTC
	2	+++ src/libstrongswan/plugins/openssl/openssl_gcm.c
	3	@@ -13,7 +13,7 @@
	4	* for more details.
	5	*/
	6
	7	-#include <openssl/opensslv.h>
	8	+#include "openssl_compat.h"
	9
	10	#if OPENSSL_VERSION_NUMBER >= 0x1000100fL
	11

Line 0 Link Here

(-)security/strongswan/files/patch-src_libstrongswan_plugins_openssl_openssl__hmac.c (+11 lines)
	1	--- src/libstrongswan/plugins/openssl/openssl_hmac.c.orig 2016-06-30 14:20:10 UTC
	2	+++ src/libstrongswan/plugins/openssl/openssl_hmac.c
	3	@@ -35,7 +35,7 @@
	4	* THE SOFTWARE.
	5	*/
	6
	7	-#include <openssl/opensslconf.h>
	8	+#include "openssl_compat.h"
	9
	10	#ifndef OPENSSL_NO_HMAC
	11




--- src/libstrongswan/plugins/openssl/openssl_plugin.c.orig	2016-10-08 12:17:09 UTC
+++ src/libstrongswan/plugins/openssl/openssl_plugin.c
@@ -20,6 +20,10 @@
 #include <threading/mutex.h>
 #include <threading/thread_value.h>
 
+#ifdef LIBRESSL_VERSION_NUMBER
+#define OPENSSL_VERSION_NUMBER 0x1000107fL
+#endif
+
 #include <openssl/err.h>
 #include <openssl/evp.h>
 #include <openssl/conf.h>
@@ -52,6 +56,7 @@
 #define FIPS_MODE 0
 #endif
 
+
 typedef struct private_openssl_plugin_t private_openssl_plugin_t;
 
 /**
@@ -623,7 +628,7 @@ plugin_t *openssl_plugin_create()
 		},
 	);
 

Line 0 Link Here

(-)security/strongswan/files/patch-src_libstrongswan_plugins_openssl_openssl__sha1__prf.c (+11 lines)
	1	--- src/libstrongswan/plugins/openssl/openssl_sha1_prf.c.orig 2016-04-22 20:01:35 UTC
	2	+++ src/libstrongswan/plugins/openssl/openssl_sha1_prf.c
	3	@@ -13,7 +13,7 @@
	4	* for more details.
	5	*/
	6
	7	-#include <openssl/opensslconf.h>
	8	+#include "openssl_compat.h"
	9
	10	#ifndef OPENSSL_NO_SHA1
	11

Line 0 Link Here

(-)security/strongswan/files/patch-src_libstrongswan_plugins_openssl_openssl__util.h (+10 lines)
	1	--- src/libstrongswan/plugins/openssl/openssl_util.h.orig 2017-04-25 20:09:51 UTC
	2	+++ src/libstrongswan/plugins/openssl/openssl_util.h
	3	@@ -28,6 +28,7 @@
	4	# undef X509_NAME
	5	#endif
	6
	7	+#include "openssl_compat.h"
	8	#include <openssl/bn.h>
	9	#include <openssl/asn1.h>
	10

Return to bug 212149