openwrtv4/package/network/services/openvpn/patches/300-upstream-fix-polarssl-mbedtls-builds.patch

From 629baad8f89af261445a2ace03694601f8e476f9 Mon Sep 17 00:00:00 2001
From: Steffan Karger <steffan@karger.me>
Date: Fri, 13 May 2016 08:54:52 +0200
Subject: [PATCH] Fix polarssl / mbedtls builds

Commit 8a399cd3 hardened the OpenSSL default cipher list,
but also introduced a change in shared code that causes
polarssl / mbedtls builds to break when no --tls-cipher is
specified.

This fix is backported code from the master branch.

Signed-off-by: Steffan Karger <steffan@karger.me>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1463122492-701-1-git-send-email-steffan@karger.me>
URL: http://article.gmane.org/gmane.network.openvpn.devel/11647
Signed-off-by: Gert Doering <gert@greenie.muc.de>
---
 src/openvpn/ssl_polarssl.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/openvpn/ssl_polarssl.c b/src/openvpn/ssl_polarssl.c
index 1f58369..9263698 100644
--- a/src/openvpn/ssl_polarssl.c
+++ b/src/openvpn/ssl_polarssl.c
@@ -176,7 +176,12 @@ tls_ctx_restrict_ciphers(struct tls_root_ctx *ctx, const char *ciphers)
 {
   char *tmp_ciphers, *tmp_ciphers_orig, *token;
   int i, cipher_count;
-  int ciphers_len = strlen (ciphers);
+  int ciphers_len;
+
+  if (NULL == ciphers)
+    return; /* Nothing to do */
+
+  ciphers_len = strlen (ciphers);
 
   ASSERT (NULL != ctx);
   ASSERT (0 != ciphers_len);
-- 
2.8.1
openvpn: fix missing cipher list for polarssl in v2.3.11 Upstream OpenSSL hardening work introduced a change in shared code that causes polarssl / mbedtls builds to break when no --tls-cipher is specified. Import the upstream fix commit as patch until the next OpenVPN release gets released and packaged. Reported-by: Sebastian Koch <seb@metafly.info> Signed-off-by: Jo-Philipp Wich <jo@mein.io> 2016-06-28 08:47:22 +00:00			`From 629baad8f89af261445a2ace03694601f8e476f9 Mon Sep 17 00:00:00 2001`
			`From: Steffan Karger <steffan@karger.me>`
			`Date: Fri, 13 May 2016 08:54:52 +0200`
			`Subject: [PATCH] Fix polarssl / mbedtls builds`

			`Commit 8a399cd3 hardened the OpenSSL default cipher list,`
			`but also introduced a change in shared code that causes`
			`polarssl / mbedtls builds to break when no --tls-cipher is`
			`specified.`

			`This fix is backported code from the master branch.`

			`Signed-off-by: Steffan Karger <steffan@karger.me>`
			`Acked-by: Gert Doering <gert@greenie.muc.de>`
			`Message-Id: <1463122492-701-1-git-send-email-steffan@karger.me>`
			`URL: http://article.gmane.org/gmane.network.openvpn.devel/11647`
			`Signed-off-by: Gert Doering <gert@greenie.muc.de>`
			`---`
			`src/openvpn/ssl_polarssl.c \| 7 ++++++-`
			`1 file changed, 6 insertions(+), 1 deletion(-)`

			`diff --git a/src/openvpn/ssl_polarssl.c b/src/openvpn/ssl_polarssl.c`
			`index 1f58369..9263698 100644`
			`--- a/src/openvpn/ssl_polarssl.c`
			`+++ b/src/openvpn/ssl_polarssl.c`
			`@@ -176,7 +176,12 @@ tls_ctx_restrict_ciphers(struct tls_root_ctx ctx, const char ciphers)`
			`{`
			`char tmp_ciphers, tmp_ciphers_orig, *token;`
			`int i, cipher_count;`
			`- int ciphers_len = strlen (ciphers);`
			`+ int ciphers_len;`
			`+`
			`+ if (NULL == ciphers)`
			`+ return; /* Nothing to do */`
			`+`
			`+ ciphers_len = strlen (ciphers);`

			`ASSERT (NULL != ctx);`
			`ASSERT (0 != ciphers_len);`
			`--`
			`2.8.1`