Package Details: openssl-chacha20 1.1.0.f-1

Git Clone URL: https://aur.archlinux.org/openssl-chacha20.git (read-only)
Package Base: openssl-chacha20
Description: The Open Source toolkit for Secure Sockets Layer and Transport Layer Security with Chacha20 cipher
Upstream URL: https://www.openssl.org
Licenses: custom:BSD
Conflicts: openssl
Provides: openssl=1.1.0.f
Submitter: mys_721tx
Maintainer: mys_721tx
Last Packager: mys_721tx
Votes: 7
Popularity: 0.196928
First Submitted: 2015-04-16 05:11
Last Updated: 2017-05-26 18:45

Dependencies (2)

Required by (1000)

Sources (4)

Pinned Comments

system commented on 2017-04-26 12:09

If you upgraded your system without switching back to core/openssl (now using openssl 1.1), then pacman and other tools will complain about the missing files libssl.so.1.1 and libcrypto.so.1.1 and won't work. Just get these files from another arch system and drop them in /usr/lib to restore functionality and perform "pacman --force -S openssl" to install the vanilla arch openssl package.

Latest Comments

ghen commented on 2017-04-26 12:55

So, since openssl 1.1.0, which already supports chacha20 ciphers, the only difference with this package is that it only negotiates chacha20 ciphers if the client actually prefers it? Is this a behaviour that will be merged upstream, or is it still a 3rd party patch?

system commented on 2017-04-26 12:09

If you upgraded your system without switching back to core/openssl (now using openssl 1.1), then pacman and other tools will complain about the missing files libssl.so.1.1 and libcrypto.so.1.1 and won't work. Just get these files from another arch system and drop them in /usr/lib to restore functionality and perform "pacman --force -S openssl" to install the vanilla arch openssl package.

mys_721tx commented on 2016-11-21 12:09

It is not affected according to Cloudflare: https://github.com/cloudflare/sslconfig/issues/52

ghen commented on 2016-11-21 10:35

Can this package be patched for CVE-2016-7054?
See https://www.openssl.org/news/secadv/20161110.txt

YumeMichi commented on 2016-09-28 07:13

Patch for OpenSSL 1.0.2i:
https://github.com/travislee8964/sslconfig/commit/ce9037bc42b1bb07dd74ed6cec5eae0b176281ff

muefra00 commented on 2016-09-22 21:11

My proposed update to the 'PKGFILE' and 'openssl__chacha20_poly1305_draft_and_rfc_ossl102g.patch' files: https://pastebin.com/raw/kCuMDJd7

Disclaimer: I have not done any testing outside of the automatic tests that are included and making sure that I can connect to my server.

How to use (of course you should have a look at the patch file before you apply it):
wget https://aur.archlinux.org/cgit/aur.git/snapshot/openssl-chacha20.tar.gz
tar -xvf openssl-chacha20.tar.gz
cd openssl-chacha20
wget https://pastebin.com/raw/kCuMDJd7
patch -p1 -i kCuMDJd7
makepkg

mys_721tx commented on 2016-09-22 19:52

The patch doesn't work for 1.0.2i. I'm waiting Cloudflare to update it.

lulingar commented on 2016-03-21 23:31

I have modified slightly the PKGBUILD to be able to build this on an armv7h platform, including the cryptodev engine, as follows:

build() {
cd $srcdir/$_pkgname-$_ver

if [ "${CARCH}" == 'x86_64' ]; then
openssltarget='linux-x86_64'
optflags='enable-ec_nistp_64_gcc_128'
elif [ "${CARCH}" == 'i686' ]; then
openssltarget='linux-elf'
optflags=''
elif [ "${CARCH}" == 'arm' -o "${CARCH}" == 'armv6h' -o "${CARCH}" == 'armv7h' ]; then
openssltarget='linux-armv4'
optflags=''
elif [ "${CARCH}" == 'aarch64' ]; then
openssltarget='linux-aarch64'
optflags=''
fi

# mark stack as non-executable: http://bugs.archlinux.org/task/12434
./Configure --prefix=/usr --openssldir=/etc/ssl --libdir=lib \
-DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS -DHASH_MAX_LEN=64 shared threads zlib enable-md2 \
shared no-ssl3-method ${optflags} \
"${openssltarget}" \
"-Wa,--noexecstack ${CPPFLAGS} ${CFLAGS} ${LDFLAGS}"

make depend
make
}


But the build fails as shown in [*]. Anybody know what the issue is?

[*]
gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS -DHASH_MAX_LEN=64 -Wa,--noexecstack -D_FORTIFY_SOURCE=2 -march=armv7-a -mfloat-ab
i=hard -mfpu=vfpv3-d16 -O2 -pipe -fstack-protector --param=ssp-buffer-size=4 -Wl,-O1,--sort-common,--as-needed,-z,relro -O3 -Wall -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DBSAES_ASM -DGHASH_ASM -D_FORTIFY_SOURCE=2 -c -o
e_chacha20poly1305.o e_chacha20poly1305.c
e_chacha20poly1305.c: In function 'EVP_chacha20_poly1305_cipher':
e_chacha20poly1305.c:82:57: error: 'EVP_CHACHA20_POLY1305_CTX {aka struct <anonymous>}' has no member named 'poly_state'
#define poly_update(c,i,l) CRYPTO_poly1305_update(&c->poly_state,i,l)
^
e_chacha20poly1305.c:228:9: note: in expansion of macro 'poly_update'
poly_update(aead_ctx, in, inl);
^
e_chacha20poly1305.c:82:57: error: 'EVP_CHACHA20_POLY1305_CTX {aka struct <anonymous>}' has no member named 'poly_state'
#define poly_update(c,i,l) CRYPTO_poly1305_update(&c->poly_state,i,l)
^
e_chacha20poly1305.c:261:9: note: in expansion of macro 'poly_update'
poly_update(aead_ctx, out, inl);
^
e_chacha20poly1305.c:82:57: error: 'EVP_CHACHA20_POLY1305_CTX {aka struct <anonymous>}' has no member named 'poly_state'
#define poly_update(c,i,l) CRYPTO_poly1305_update(&c->poly_state,i,l)
^
e_chacha20poly1305.c:273:13: note: in expansion of macro 'poly_update'
poly_update(aead_ctx, zero, todo);
^
e_chacha20poly1305.c:82:57: error: 'EVP_CHACHA20_POLY1305_CTX {aka struct <anonymous>}' has no member named 'poly_state'
#define poly_update(c,i,l) CRYPTO_poly1305_update(&c->poly_state,i,l)
^
e_chacha20poly1305.c:276:9: note: in expansion of macro 'poly_update'
poly_update(aead_ctx, (uint8_t*)&aead_ctx->aad_l, sizeof(uint64_t));
^
e_chacha20poly1305.c:82:57: error: 'EVP_CHACHA20_POLY1305_CTX {aka struct <anonymous>}' has no member named 'poly_state'
#define poly_update(c,i,l) CRYPTO_poly1305_update(&c->poly_state,i,l)

jskier commented on 2016-03-03 17:22

@4679kun, appears to work, thanks.

4679kun commented on 2016-03-03 13:51

https://github.com/cloudflare/sslconfig/files/153850/openssl__chacha20_poly1305_1_0_2g.patch.zip
try this

All comments