Package Details: openssl-chacha20 1.0.2.k-1

Git Clone URL: https://aur.archlinux.org/openssl-chacha20.git (read-only)
Package Base: openssl-chacha20
Description: The Open Source toolkit for Secure Sockets Layer and Transport Layer Security with Chacha20 cipher
Upstream URL: https://www.openssl.org
Licenses: custom:BSD
Conflicts: openssl
Provides: openssl=1.0.2.k
Submitter: mys_721tx
Maintainer: mys_721tx
Last Packager: mys_721tx
Votes: 6
Popularity: 0.019036
First Submitted: 2015-04-16 05:11
Last Updated: 2017-01-30 15:27

Dependencies (2)

Required by (1000)

Sources (6)

Latest Comments

mys_721tx commented on 2016-11-21 12:09

It is not affected according to Cloudflare: https://github.com/cloudflare/sslconfig/issues/52

ghen commented on 2016-11-21 10:35

Can this package be patched for CVE-2016-7054?
See https://www.openssl.org/news/secadv/20161110.txt

YumeMichi commented on 2016-09-28 07:13

Patch for OpenSSL 1.0.2i:
https://github.com/travislee8964/sslconfig/commit/ce9037bc42b1bb07dd74ed6cec5eae0b176281ff

muefra00 commented on 2016-09-22 21:11

My proposed update to the 'PKGFILE' and 'openssl__chacha20_poly1305_draft_and_rfc_ossl102g.patch' files: https://pastebin.com/raw/kCuMDJd7

Disclaimer: I have not done any testing outside of the automatic tests that are included and making sure that I can connect to my server.

How to use (of course you should have a look at the patch file before you apply it):
wget https://aur.archlinux.org/cgit/aur.git/snapshot/openssl-chacha20.tar.gz
tar -xvf openssl-chacha20.tar.gz
cd openssl-chacha20
wget https://pastebin.com/raw/kCuMDJd7
patch -p1 -i kCuMDJd7
makepkg

mys_721tx commented on 2016-09-22 19:52

The patch doesn't work for 1.0.2i. I'm waiting Cloudflare to update it.

lulingar commented on 2016-03-21 23:31

I have modified slightly the PKGBUILD to be able to build this on an armv7h platform, including the cryptodev engine, as follows:

build() {
cd $srcdir/$_pkgname-$_ver

if [ "${CARCH}" == 'x86_64' ]; then
openssltarget='linux-x86_64'
optflags='enable-ec_nistp_64_gcc_128'
elif [ "${CARCH}" == 'i686' ]; then
openssltarget='linux-elf'
optflags=''
elif [ "${CARCH}" == 'arm' -o "${CARCH}" == 'armv6h' -o "${CARCH}" == 'armv7h' ]; then
openssltarget='linux-armv4'
optflags=''
elif [ "${CARCH}" == 'aarch64' ]; then
openssltarget='linux-aarch64'
optflags=''
fi

# mark stack as non-executable: http://bugs.archlinux.org/task/12434
./Configure --prefix=/usr --openssldir=/etc/ssl --libdir=lib \
-DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS -DHASH_MAX_LEN=64 shared threads zlib enable-md2 \
shared no-ssl3-method ${optflags} \
"${openssltarget}" \
"-Wa,--noexecstack ${CPPFLAGS} ${CFLAGS} ${LDFLAGS}"

make depend
make
}


But the build fails as shown in [*]. Anybody know what the issue is?

[*]
gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS -DHASH_MAX_LEN=64 -Wa,--noexecstack -D_FORTIFY_SOURCE=2 -march=armv7-a -mfloat-ab
i=hard -mfpu=vfpv3-d16 -O2 -pipe -fstack-protector --param=ssp-buffer-size=4 -Wl,-O1,--sort-common,--as-needed,-z,relro -O3 -Wall -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DBSAES_ASM -DGHASH_ASM -D_FORTIFY_SOURCE=2 -c -o
e_chacha20poly1305.o e_chacha20poly1305.c
e_chacha20poly1305.c: In function 'EVP_chacha20_poly1305_cipher':
e_chacha20poly1305.c:82:57: error: 'EVP_CHACHA20_POLY1305_CTX {aka struct <anonymous>}' has no member named 'poly_state'
#define poly_update(c,i,l) CRYPTO_poly1305_update(&c->poly_state,i,l)
^
e_chacha20poly1305.c:228:9: note: in expansion of macro 'poly_update'
poly_update(aead_ctx, in, inl);
^
e_chacha20poly1305.c:82:57: error: 'EVP_CHACHA20_POLY1305_CTX {aka struct <anonymous>}' has no member named 'poly_state'
#define poly_update(c,i,l) CRYPTO_poly1305_update(&c->poly_state,i,l)
^
e_chacha20poly1305.c:261:9: note: in expansion of macro 'poly_update'
poly_update(aead_ctx, out, inl);
^
e_chacha20poly1305.c:82:57: error: 'EVP_CHACHA20_POLY1305_CTX {aka struct <anonymous>}' has no member named 'poly_state'
#define poly_update(c,i,l) CRYPTO_poly1305_update(&c->poly_state,i,l)
^
e_chacha20poly1305.c:273:13: note: in expansion of macro 'poly_update'
poly_update(aead_ctx, zero, todo);
^
e_chacha20poly1305.c:82:57: error: 'EVP_CHACHA20_POLY1305_CTX {aka struct <anonymous>}' has no member named 'poly_state'
#define poly_update(c,i,l) CRYPTO_poly1305_update(&c->poly_state,i,l)
^
e_chacha20poly1305.c:276:9: note: in expansion of macro 'poly_update'
poly_update(aead_ctx, (uint8_t*)&aead_ctx->aad_l, sizeof(uint64_t));
^
e_chacha20poly1305.c:82:57: error: 'EVP_CHACHA20_POLY1305_CTX {aka struct <anonymous>}' has no member named 'poly_state'
#define poly_update(c,i,l) CRYPTO_poly1305_update(&c->poly_state,i,l)

jskier commented on 2016-03-03 17:22

@4679kun, appears to work, thanks.

4679kun commented on 2016-03-03 13:51

https://github.com/cloudflare/sslconfig/files/153850/openssl__chacha20_poly1305_1_0_2g.patch.zip
try this

mys_721tx commented on 2016-03-01 02:54

Let's wait for the OpenSSL release later today.

hotaru commented on 2016-03-01 02:53

there's an updated version of the cloudflare patch that supports the newer RFC versions of the chacha20-poly1305 cipher suites: https://github.com/cloudflare/sslconfig/blob/master/patches/openssl__chacha20_poly1305_draft_and_rfc_ossl102f.patch

All comments