diff options
author | Dmitry Kharitonov | 2019-01-22 00:08:52 +0500 |
---|---|---|
committer | Dmitry Kharitonov | 2019-01-22 00:08:52 +0500 |
commit | 8cdd074de1a62d36d18d2fe7a2fb139417a59f64 (patch) | |
tree | 579e9c57f4daa648b46dccaed657aec571461e88 | |
parent | 846fb901e9fa7548effd09a604f9e68386a818fd (diff) | |
download | aur-8cdd074de1a62d36d18d2fe7a2fb139417a59f64.tar.gz |
Switched to openssl 1.1; removed unset LDFLAGS; polished the PKGBUILD
-rw-r--r-- | .SRCINFO | 12 | ||||
-rw-r--r-- | PKGBUILD | 35 | ||||
-rw-r--r-- | openssl-1.0.patch | 11 | ||||
-rw-r--r-- | openssl-1.1.patch | 279 |
4 files changed, 303 insertions, 34 deletions
@@ -1,7 +1,7 @@ pkgbase = peervpn pkgdesc = An open source peer-to-peer VPN pkgver = 0.044 - pkgrel = 3 + pkgrel = 4 url = http://www.peervpn.net arch = i686 arch = x86_64 @@ -10,14 +10,14 @@ pkgbase = peervpn arch = armv7h arch = aarch64 license = GPL3 - depends = openssl-1.0 + depends = openssl backup = etc/peervpn/peervpn.conf source = http://www.peervpn.net/files/peervpn-0-044.tar.gz source = peervpn@.service - source = openssl-1.0.patch - sha1sums = 91b237943370aec2cadcc74d4c725e8f19aca15a - sha1sums = SKIP - sha1sums = SKIP + source = openssl-1.1.patch + sha256sums = 4402d5ce956d95ff85b8aeb455d984b9eb9c2e6a058d2580c8e90da12fed8392 + sha256sums = 9acf8c1e69817e2eaf2f8b1f2ee61419d3b6bc9684b643bfccb9c0440d01dc8b + sha256sums = 09f25292ac6ed183306d2b6ccffe218744baf7e80457b5a091903c301dcef26a pkgname = peervpn @@ -6,36 +6,37 @@ pkgname=peervpn pkgver=0.044 _pkgver=${pkgver//./-} -pkgrel=3 +pkgrel=4 pkgdesc="An open source peer-to-peer VPN" url="http://www.peervpn.net" arch=('i686' 'x86_64' 'armv5tel' 'armv6l' 'armv7h' 'aarch64') license=('GPL3') -depends=('openssl-1.0') +depends=('openssl') backup=('etc/peervpn/peervpn.conf') source=("http://www.peervpn.net/files/peervpn-${_pkgver}.tar.gz" - 'peervpn@.service' - 'openssl-1.0.patch') + "peervpn@.service" + "openssl-1.1.patch") +sha256sums=('4402d5ce956d95ff85b8aeb455d984b9eb9c2e6a058d2580c8e90da12fed8392' + '9acf8c1e69817e2eaf2f8b1f2ee61419d3b6bc9684b643bfccb9c0440d01dc8b' + '09f25292ac6ed183306d2b6ccffe218744baf7e80457b5a091903c301dcef26a') prepare() { - cd "$pkgname-${_pkgver}" - patch -N -p1 -i ../openssl-1.0.patch + cd "$pkgname-${_pkgver}/libp2psec" + patch -p1 < "${srcdir}/openssl-1.1.patch" } build() { - cd "$pkgname-${_pkgver}" - ln -s ../peervpn@.service . - unset LDFLAGS - make + cd "$pkgname-${_pkgver}" + ln -sfn ../peervpn@.service . + #unset LDFLAGS + make } package() { - cd "$pkgname-${_pkgver}" - install -Dm0600 peervpn.conf "$pkgdir/etc/peervpn/peervpn.conf" - install -Dm0775 peervpn "$pkgdir/usr/bin/peervpn" - install -Dm0644 peervpn@.service "$pkgdir/usr/lib/systemd/system/peervpn@.service" + cd "$pkgname-${_pkgver}" + install -Dm0600 peervpn.conf "$pkgdir/etc/peervpn/peervpn.conf" + install -Dm0775 peervpn "$pkgdir/usr/bin/peervpn" + install -Dm0644 peervpn@.service "$pkgdir/usr/lib/systemd/system/peervpn@.service" } -sha1sums=('91b237943370aec2cadcc74d4c725e8f19aca15a' - SKIP - SKIP) + diff --git a/openssl-1.0.patch b/openssl-1.0.patch deleted file mode 100644 index 5b6868bbe621..000000000000 --- a/openssl-1.0.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- a/Makefile 2017-06-28 04:16:06.670811840 +0100 -+++ b/Makefile 2017-06-28 04:13:47.405943014 +0100 -@@ -1,5 +1,5 @@ --CFLAGS+=-O2 --LIBS+=-lcrypto -lz -+CFLAGS+=-O2 -I/usr/include/openssl-1.0 -+LIBS+=-L/usr/lib/openssl-1.0 -lcrypto -lz - - all: peervpn - peervpn: peervpn.o - diff --git a/openssl-1.1.patch b/openssl-1.1.patch new file mode 100644 index 000000000000..502647699386 --- /dev/null +++ b/openssl-1.1.patch @@ -0,0 +1,279 @@ +From: Elias Werberich <elias@werberich.de> +Date: Thu, 16 Mar 2017 11:00:22 +0100 +Subject: [PATCH] src: Add support for OpenSSL 1.1.0 and higher + +With OpenSSL 1.1.0 and higher API changes were introduced so some +structures have become opaque which makes direct access impossible. In +order to support builds with newer OpenSSL versions, PeerVPN has to be +patched to access needed data of these structures indirectly. + +More information can be found at https://www.openssl.org/news/cl110.txt + +Signed-off-by: Elias Werberich <elias@werberich.de> +--- + src/libp2psec/crypto.c | 87 +++++++++++++++++++++++++++++++++++++++++++++++++- + src/libp2psec/dh.c | 16 ++++++++++ + 2 files changed, 102 insertions(+), 1 deletion(-) + +diff --git a/libp2psec/crypto.c b/libp2psec/crypto.c +index d499963..802f8aa 100644 +--- libp2psec/crypto.c ++++ libp2psec/crypto.c +@@ -47,9 +47,15 @@ + + // cipher context storage + struct s_crypto { ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + EVP_CIPHER_CTX enc_ctx; + EVP_CIPHER_CTX dec_ctx; + HMAC_CTX hmac_ctx; ++#else ++ EVP_CIPHER_CTX *enc_ctx; ++ EVP_CIPHER_CTX *dec_ctx; ++ HMAC_CTX *hmac_ctx; ++#endif + }; + + +@@ -169,44 +175,77 @@ static int cryptoSetKeys(struct s_crypto *ctxs, const int count, const unsigned + const EVP_MD *out_md = EVP_sha256(); + const EVP_CIPHER *out_cipher = EVP_aes_256_cbc(); + const int key_size = EVP_CIPHER_key_length(out_cipher); +- HMAC_CTX hmac_ctx; + int16_t i; + unsigned char in[2]; + int j,k; + + // setup hmac as the pseudorandom function ++#if OPENSSL_VERSION_NUMBER < 0x10100000L ++ HMAC_CTX hmac_ctx; + HMAC_CTX_init(&hmac_ctx); ++#else ++ HMAC_CTX *hmac_ctx = HMAC_CTX_new(); ++#endif + + // calculate seed key ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + HMAC_Init_ex(&hmac_ctx, nonce_buf, nonce_len, keygen_md, NULL); + HMAC_Update(&hmac_ctx, secret_buf, secret_len); + HMAC_Final(&hmac_ctx, seed_key, (unsigned int *)&seed_key_len); ++#else ++ HMAC_Init_ex(hmac_ctx, nonce_buf, nonce_len, keygen_md, NULL); ++ HMAC_Update(hmac_ctx, secret_buf, secret_len); ++ HMAC_Final(hmac_ctx, seed_key, (unsigned int *)&seed_key_len); ++#endif + + // calculate derived keys ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + HMAC_Init_ex(&hmac_ctx, seed_key, seed_key_len, keygen_md, NULL); + HMAC_Update(&hmac_ctx, nonce_buf, nonce_len); + HMAC_Final(&hmac_ctx, cur_key, (unsigned int *)&cur_key_len); ++#else ++ HMAC_Init_ex(hmac_ctx, seed_key, seed_key_len, keygen_md, NULL); ++ HMAC_Update(hmac_ctx, nonce_buf, nonce_len); ++ HMAC_Final(hmac_ctx, cur_key, (unsigned int *)&cur_key_len); ++#endif + i = 0; + j = 0; + k = 0; + while(k < count) { + // calculate next key + utilWriteInt16(in, i); ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + HMAC_Init_ex(&hmac_ctx, NULL, -1, NULL, NULL); + HMAC_Update(&hmac_ctx, cur_key, cur_key_len); + HMAC_Update(&hmac_ctx, nonce_buf, nonce_len); + HMAC_Update(&hmac_ctx, in, 2); + HMAC_Final(&hmac_ctx, cur_key, (unsigned int *)&cur_key_len); ++#else ++ HMAC_Init_ex(hmac_ctx, NULL, -1, NULL, NULL); ++ HMAC_Update(hmac_ctx, cur_key, cur_key_len); ++ HMAC_Update(hmac_ctx, nonce_buf, nonce_len); ++ HMAC_Update(hmac_ctx, in, 2); ++ HMAC_Final(hmac_ctx, cur_key, (unsigned int *)&cur_key_len); ++#endif + if(cur_key_len < key_size) return 0; // check if key is long enough + switch(j) { + case 1: + // save this key as the decryption and encryption key ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + if(!EVP_EncryptInit_ex(&ctxs[k].enc_ctx, out_cipher, NULL, cur_key, NULL)) return 0; + if(!EVP_DecryptInit_ex(&ctxs[k].dec_ctx, out_cipher, NULL, cur_key, NULL)) return 0; ++#else ++ if(!EVP_EncryptInit_ex(ctxs[k].enc_ctx, out_cipher, NULL, cur_key, NULL)) return 0; ++ if(!EVP_DecryptInit_ex(ctxs[k].dec_ctx, out_cipher, NULL, cur_key, NULL)) return 0; ++#endif + break; + case 2: + // save this key as the hmac key ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + HMAC_Init_ex(&ctxs[k].hmac_ctx, cur_key, cur_key_len, out_md, NULL); ++#else ++ HMAC_Init_ex(ctxs[k].hmac_ctx, cur_key, cur_key_len, out_md, NULL); ++#endif + break; + default: + // throw this key away +@@ -221,7 +260,11 @@ static int cryptoSetKeys(struct s_crypto *ctxs, const int count, const unsigned + } + + // clean up ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + HMAC_CTX_cleanup(&hmac_ctx); ++#else ++ HMAC_CTX_free(hmac_ctx); ++#endif + return 1; + } + +@@ -241,9 +284,15 @@ static void cryptoDestroy(struct s_crypto *ctxs, const int count) { + int i; + cryptoSetKeysRandom(ctxs, count); + for(i=0; i<count; i++) { ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + HMAC_CTX_cleanup(&ctxs[i].hmac_ctx); + EVP_CIPHER_CTX_cleanup(&ctxs[i].dec_ctx); + EVP_CIPHER_CTX_cleanup(&ctxs[i].enc_ctx); ++#else ++ HMAC_CTX_free(ctxs[i].hmac_ctx); ++ EVP_CIPHER_CTX_free(ctxs[i].dec_ctx); ++ EVP_CIPHER_CTX_free(ctxs[i].enc_ctx); ++#endif + } + } + +@@ -252,9 +301,15 @@ static void cryptoDestroy(struct s_crypto *ctxs, const int count) { + static int cryptoCreate(struct s_crypto *ctxs, const int count) { + int i; + for(i=0; i<count; i++) { ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + EVP_CIPHER_CTX_init(&ctxs[i].enc_ctx); + EVP_CIPHER_CTX_init(&ctxs[i].dec_ctx); + HMAC_CTX_init(&ctxs[i].hmac_ctx); ++#else ++ ctxs[i].enc_ctx = EVP_CIPHER_CTX_new(); ++ ctxs[i].dec_ctx = EVP_CIPHER_CTX_new(); ++ ctxs[i].hmac_ctx = HMAC_CTX_new(); ++#endif + } + if(cryptoSetKeysRandom(ctxs, count)) { + return 1; +@@ -270,9 +325,15 @@ static int cryptoCreate(struct s_crypto *ctxs, const int count) { + static int cryptoHMAC(struct s_crypto *ctx, unsigned char *hmac_buf, const int hmac_len, const unsigned char *in_buf, const int in_len) { + unsigned char hmac[EVP_MAX_MD_SIZE]; + int len; ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + HMAC_Init_ex(&ctx->hmac_ctx, NULL, -1, NULL, NULL); + HMAC_Update(&ctx->hmac_ctx, in_buf, in_len); + HMAC_Final(&ctx->hmac_ctx, hmac, (unsigned int *)&len); ++#else ++ HMAC_Init_ex(ctx->hmac_ctx, NULL, -1, NULL, NULL); ++ HMAC_Update(ctx->hmac_ctx, in_buf, in_len); ++ HMAC_Final(ctx->hmac_ctx, hmac, (unsigned int *)&len); ++#endif + if(len < hmac_len) return 0; + memcpy(hmac_buf, hmac, hmac_len); + return 1; +@@ -302,9 +363,15 @@ static int cryptoSetSessionKeys(struct s_crypto *session_ctx, struct s_crypto *c + if(!cryptoHMAC(md_keygen_ctx, hmac_key, key_size, nonce, nonce_len)) return 0; + + // set the keys ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + if(!EVP_EncryptInit_ex(&session_ctx->enc_ctx, st_cipher.cipher, NULL, cipher_key, NULL)) return 0; + if(!EVP_DecryptInit_ex(&session_ctx->dec_ctx, st_cipher.cipher, NULL, cipher_key, NULL)) return 0; + HMAC_Init_ex(&session_ctx->hmac_ctx, hmac_key, key_size, st_md.md, NULL); ++#else ++ if(!EVP_EncryptInit_ex(session_ctx->enc_ctx, st_cipher.cipher, NULL, cipher_key, NULL)) return 0; ++ if(!EVP_DecryptInit_ex(session_ctx->dec_ctx, st_cipher.cipher, NULL, cipher_key, NULL)) return 0; ++ HMAC_Init_ex(session_ctx->hmac_ctx, hmac_key, key_size, st_md.md, NULL); ++#endif + + return 1; + } +@@ -326,10 +393,19 @@ static int cryptoEnc(struct s_crypto *ctx, unsigned char *enc_buf, const int enc + cryptoRand(iv, iv_len); + memcpy(&enc_buf[hmac_len], iv, iv_len); + ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + if(!EVP_EncryptInit_ex(&ctx->enc_ctx, NULL, NULL, NULL, iv)) { return 0; } + if(!EVP_EncryptUpdate(&ctx->enc_ctx, &enc_buf[(hdr_len)], &len, dec_buf, dec_len)) { return 0; } ++#else ++ if(!EVP_EncryptInit_ex(ctx->enc_ctx, NULL, NULL, NULL, iv)) { return 0; } ++ if(!EVP_EncryptUpdate(ctx->enc_ctx, &enc_buf[(hdr_len)], &len, dec_buf, dec_len)) { return 0; } ++#endif + cr_len = len; ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + if(!EVP_EncryptFinal(&ctx->enc_ctx, &enc_buf[(hdr_len + cr_len)], &len)) { return 0; } ++#else ++ if(!EVP_EncryptFinal(ctx->enc_ctx, &enc_buf[(hdr_len + cr_len)], &len)) { return 0; } ++#endif + cr_len += len; + + if(!cryptoHMAC(ctx, hmac, hmac_len, &enc_buf[hmac_len], (iv_len + cr_len))) { return 0; } +@@ -357,10 +433,19 @@ static int cryptoDec(struct s_crypto *ctx, unsigned char *dec_buf, const int dec + memset(iv, 0, crypto_MAXIVSIZE); + memcpy(iv, &enc_buf[hmac_len], iv_len); + ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + if(!EVP_DecryptInit_ex(&ctx->dec_ctx, NULL, NULL, NULL, iv)) { return 0; } + if(!EVP_DecryptUpdate(&ctx->dec_ctx, dec_buf, &len, &enc_buf[hdr_len], (enc_len - hdr_len))) { return 0; } ++#else ++ if(!EVP_DecryptInit_ex(ctx->dec_ctx, NULL, NULL, NULL, iv)) { return 0; } ++ if(!EVP_DecryptUpdate(ctx->dec_ctx, dec_buf, &len, &enc_buf[hdr_len], (enc_len - hdr_len))) { return 0; } ++#endif + cr_len = len; ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + if(!EVP_DecryptFinal(&ctx->dec_ctx, &dec_buf[cr_len], &len)) { return 0; } ++#else ++ if(!EVP_DecryptFinal(ctx->dec_ctx, &dec_buf[cr_len], &len)) { return 0; } ++#endif + cr_len += len; + + return cr_len; +diff --git a/libp2psec/dh.c b/libp2psec/dh.c +index d66f1b9..b77b680 100644 +--- libp2psec/dh.c ++++ libp2psec/dh.c +@@ -81,10 +81,18 @@ CXzWzPkElg5L22pMUCPfYxo10HKoUHmSYwIBAg==\n\ + + // Generate a key. + static int dhGenKey(struct s_dh_state *dhstate) { ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + BIGNUM *bn; ++#else ++ const BIGNUM *bn; ++#endif + int bn_size; + if(DH_generate_key(dhstate->dh)) { ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + bn = dhstate->dh->pub_key; ++#else ++ DH_get0_key(dhstate->dh, &bn, NULL); ++#endif + bn_size = BN_num_bytes(bn); + if((bn_size > dh_MINSIZE) && (bn_size < dh_MAXSIZE)) { + BN_bn2bin(bn, dhstate->pubkey); +@@ -152,13 +160,21 @@ static int dhGetPubkey(unsigned char *buf, const int buf_size, const struct s_dh + // Generate symmetric keys. Returns 1 if succesful. + static int dhGenCryptoKeys(struct s_crypto *ctx, const int ctx_count, const struct s_dh_state *dhstate, const unsigned char *peerkey, const int peerkey_len, const unsigned char *nonce, const int nonce_len) { + BIGNUM *bn = dhstate->bn; ++#if OPENSSL_VERSION_NUMBER >= 0x10100000L ++ const BIGNUM *bndh; ++#endif + DH *dh = dhstate->dh; + int ret = 0; + int maxsize = DH_size(dh); + unsigned char secret[maxsize]; + int size; + BN_bin2bn(peerkey, peerkey_len, bn); ++#if OPENSSL_VERSION_NUMBER < 0x10100000L + if(BN_ucmp(bn, dh->pub_key) != 0) { ++#else ++ DH_get0_key(dh, &bndh, NULL); ++ if(BN_ucmp(bn, bndh) != 0) { ++#endif + size = DH_compute_key(secret, bn, dh); + if(size > 0) { + ret = cryptoSetKeys(ctx, ctx_count, secret, size, nonce, nonce_len); +-- +2.12.2 |