openwrtv4/openwrt/package/isakmpd/patches/030-openssl_hashes.patch
Felix Fietkau ebea7120f4 upgrade isakmpd, add security fix
SVN-Revision: 4768
2006-09-07 12:40:03 +00:00

154 lines
4.4 KiB
Diff

diff -urN isakmpd/GNUmakefile isakmpd.new/GNUmakefile
--- isakmpd/GNUmakefile 2006-09-01 19:29:05.000000000 +0200
+++ isakmpd.new/GNUmakefile 2006-09-01 19:29:28.000000000 +0200
@@ -75,13 +75,14 @@
isakmp_fld.c isakmp_fld.h
MAN= isakmpd.8 isakmpd.conf.5 isakmpd.policy.5
-CFLAGS+= -O2 ${DEBUG} -Wall -DNEED_SYSDEP_APP \
+CFLAGS+= ${DEBUG} -Wall -DNEED_SYSDEP_APP \
-I${.CURDIR} -I${.CURDIR}/sysdep/${OS} -I. \
# Different debugging & profiling suggestions
# Include symbolic debugging info
DEBUG= -g
+CFLAGS+= -g
# Do execution time profiles
#CFLAGS+= -pg
@@ -172,6 +173,14 @@
CFLAGS+= -DUSE_RAWKEY
endif
+ifdef USE_OPENSSL_MD5
+CFLAGS+= -DUSE_OPENSSL_MD5
+endif
+
+ifdef USE_OPENSSL_SHA1
+CFLAGS+= -DUSE_OPENSSL_SHA1
+endif
+
SRCS+= ${IPSEC_SRCS} ${X509} ${POLICY} ${EC} ${AGGRESSIVE} ${DNSSEC} \
$(ISAKMP_CFG)
CFLAGS+= ${IPSEC_CFLAGS}
diff -urN isakmpd/sysdep/common/libsysdep/GNUmakefile isakmpd.new/sysdep/common/libsysdep/GNUmakefile
--- isakmpd/sysdep/common/libsysdep/GNUmakefile 2003-06-03 16:52:06.000000000 +0200
+++ isakmpd.new/sysdep/common/libsysdep/GNUmakefile 2006-09-01 19:29:28.000000000 +0200
@@ -31,10 +31,18 @@
.CURDIR:= $(shell pwd)
LIB= sysdep
-SRCS= arc4random.c blowfish.c cast.c md5.c sha1.c strlcat.c strlcpy.c
+SRCS= arc4random.c blowfish.c cast.c strlcat.c strlcpy.c
NOMAN=
CFLAGS+= -I${.CURDIR}/.. -I/usr/include/machine
+ifeq (,$(findstring USE_OPENSSL_MD5,$(CFLAGS)))
+SRCS+=md5.c
+endif
+
+ifeq (,$(findstring USE_OPENSSL_SHA1,$(CFLAGS)))
+SRCS+=sha1.c
+endif
+
lib${LIB}.a: ${SRCS:%.c=%.o}
ar cq $@ ${SRCS:%.c=%.o}
diff -urN isakmpd/sysdep/common/libsysdep/md5.c isakmpd.new/sysdep/common/libsysdep/md5.c
--- isakmpd/sysdep/common/libsysdep/md5.c 2002-06-14 23:34:58.000000000 +0200
+++ isakmpd.new/sysdep/common/libsysdep/md5.c 2006-09-01 19:29:28.000000000 +0200
@@ -5,6 +5,8 @@
* changes to accommodate it in the kernel by ji.
*/
+#ifndef USE_OPENSSL_MD5
+
/* MD5C.C - RSA Data Security, Inc., MD5 message-digest algorithm
*/
@@ -390,3 +392,4 @@
#endif
#endif
+#endif /* USE_OPENSSL_MD5 */
diff -urN isakmpd/sysdep/common/libsysdep/sha1.c isakmpd.new/sysdep/common/libsysdep/sha1.c
--- isakmpd/sysdep/common/libsysdep/sha1.c 2001-01-28 23:38:48.000000000 +0100
+++ isakmpd.new/sysdep/common/libsysdep/sha1.c 2006-09-01 19:29:28.000000000 +0200
@@ -1,5 +1,7 @@
/* $OpenBSD: sha1.c,v 1.2 2001/01/28 22:38:48 niklas Exp $ */
+#ifndef USE_OPENSSL_SHA1
+
/*
SHA-1 in C
By Steve Reid <steve@edmweb.com>
@@ -171,3 +173,5 @@
SHA1Transform(context->state, context->buffer);
#endif
}
+
+#endif /* USE_OPENSSL_SHA1 */
diff -urN isakmpd/sysdep/common/md5.h isakmpd.new/sysdep/common/md5.h
--- isakmpd/sysdep/common/md5.h 2001-01-28 23:38:47.000000000 +0100
+++ isakmpd.new/sysdep/common/md5.h 2006-09-01 19:29:28.000000000 +0200
@@ -1,5 +1,15 @@
/* $OpenBSD: md5.h,v 1.2 2001/01/28 22:38:47 niklas Exp $ */
+#ifdef USE_OPENSSL_MD5
+
+#include <openssl/md5.h>
+
+#define MD5Init MD5_Init
+#define MD5Update MD5_Update
+#define MD5Final MD5_Final
+
+#else /* USE_OPENSSL_MD5 */
+
/* GLOBAL.H - RSAREF types and constants
*/
@@ -71,3 +81,5 @@
void MD5Final PROTO_LIST ((unsigned char [16], MD5_CTX *));
#define _MD5_H_
+
+#endif /* USE_OPENSSL_MD5 */
diff -urN isakmpd/sysdep/common/sha1.h isakmpd.new/sysdep/common/sha1.h
--- isakmpd/sysdep/common/sha1.h 2001-01-28 23:38:47.000000000 +0100
+++ isakmpd.new/sysdep/common/sha1.h 2006-09-01 19:29:28.000000000 +0200
@@ -1,5 +1,16 @@
/* $OpenBSD: sha1.h,v 1.2 2001/01/28 22:38:47 niklas Exp $ */
+#ifdef USE_OPENSSL_SHA1
+
+#include <openssl/sha.h>
+
+typedef SHA_CTX SHA1_CTX;
+#define SHA1Init SHA1_Init
+#define SHA1Update SHA1_Update
+#define SHA1Final SHA1_Final
+
+#else /* USE_OPENSSL_SHA1 */
+
/*
SHA-1 in C
By Steve Reid <steve@edmweb.com>
@@ -16,3 +27,5 @@
void SHA1Init(SHA1_CTX* context);
void SHA1Update(SHA1_CTX* context, unsigned char* data, unsigned int len);
void SHA1Final(unsigned char digest[20], SHA1_CTX* context);
+
+#endif /* USE_OPENSSL_SHA1 */
diff -urN isakmpd/sysdep/linux/GNUmakefile.sysdep isakmpd.new/sysdep/linux/GNUmakefile.sysdep
--- isakmpd/sysdep/linux/GNUmakefile.sysdep 2006-09-01 19:29:05.000000000 +0200
+++ isakmpd.new/sysdep/linux/GNUmakefile.sysdep 2006-09-01 19:29:29.000000000 +0200
@@ -48,6 +48,8 @@
USE_LIBCRYPO= defined
HAVE_DLOPEN= defined
USE_KEYNOTE= defined
+USE_OPENSSL_MD5= defined
+USE_OPENSSL_SHA1= defined
# hack libsysdep.a dependenc
${LIBSYSDEPDIR}/.depend ${LIBSYSDEP}: