upgrade isakmpd, add security fix

[openwrt.git] / package / isakmpd / patches / 030-openssl_hashes.patch

diff --git a/package/isakmpd/patches/030-openssl_hashes.patch b/package/isakmpd/patches/030-openssl_hashes.patch
new file mode 100644 (file)
index 0000000..680db86
--- /dev/null
+++ b/package/isakmpd/patches/030-openssl_hashes.patch
@@ -0,0 +1,154 @@
+diff -urN isakmpd/GNUmakefile isakmpd.new/GNUmakefile
+--- isakmpd/GNUmakefile        2006-09-01 19:29:05.000000000 +0200
++++ isakmpd.new/GNUmakefile    2006-09-01 19:29:28.000000000 +0200
+@@ -75,13 +75,14 @@
+               isakmp_fld.c isakmp_fld.h
+ MAN=          isakmpd.8 isakmpd.conf.5 isakmpd.policy.5
+ 
+-CFLAGS+=      -O2 ${DEBUG} -Wall -DNEED_SYSDEP_APP \
++CFLAGS+=      ${DEBUG} -Wall -DNEED_SYSDEP_APP \
+               -I${.CURDIR} -I${.CURDIR}/sysdep/${OS} -I. \
+ 
+ # Different debugging & profiling suggestions
+ 
+ # Include symbolic debugging info
+ DEBUG=                -g
++CFLAGS+=      -g
+ 
+ # Do execution time profiles
+ #CFLAGS+=     -pg
+@@ -172,6 +173,14 @@
+ CFLAGS+=        -DUSE_RAWKEY
+ endif
+ 
++ifdef USE_OPENSSL_MD5
++CFLAGS+=      -DUSE_OPENSSL_MD5
++endif
++
++ifdef USE_OPENSSL_SHA1
++CFLAGS+=      -DUSE_OPENSSL_SHA1
++endif
++
+ SRCS+=                ${IPSEC_SRCS} ${X509} ${POLICY} ${EC} ${AGGRESSIVE} ${DNSSEC} \
+               $(ISAKMP_CFG)
+ CFLAGS+=      ${IPSEC_CFLAGS}
+diff -urN isakmpd/sysdep/common/libsysdep/GNUmakefile isakmpd.new/sysdep/common/libsysdep/GNUmakefile
+--- isakmpd/sysdep/common/libsysdep/GNUmakefile        2003-06-03 16:52:06.000000000 +0200
++++ isakmpd.new/sysdep/common/libsysdep/GNUmakefile    2006-09-01 19:29:28.000000000 +0200
+@@ -31,10 +31,18 @@
+ .CURDIR:=     $(shell pwd)
+ 
+ LIB=          sysdep
+-SRCS=         arc4random.c blowfish.c cast.c md5.c sha1.c strlcat.c strlcpy.c
++SRCS=         arc4random.c blowfish.c cast.c strlcat.c strlcpy.c
+ NOMAN=
+ CFLAGS+=      -I${.CURDIR}/.. -I/usr/include/machine
+ 
++ifeq (,$(findstring USE_OPENSSL_MD5,$(CFLAGS)))
++SRCS+=md5.c
++endif
++
++ifeq (,$(findstring USE_OPENSSL_SHA1,$(CFLAGS)))
++SRCS+=sha1.c
++endif
++
+ lib${LIB}.a: ${SRCS:%.c=%.o}
+       ar cq $@ ${SRCS:%.c=%.o}
+ 
+diff -urN isakmpd/sysdep/common/libsysdep/md5.c isakmpd.new/sysdep/common/libsysdep/md5.c
+--- isakmpd/sysdep/common/libsysdep/md5.c      2002-06-14 23:34:58.000000000 +0200
++++ isakmpd.new/sysdep/common/libsysdep/md5.c  2006-09-01 19:29:28.000000000 +0200
+@@ -5,6 +5,8 @@
+  * changes to accommodate it in the kernel by ji.
+  */
+ 
++#ifndef USE_OPENSSL_MD5
++
+ /* MD5C.C - RSA Data Security, Inc., MD5 message-digest algorithm
+  */
+ 
+@@ -390,3 +392,4 @@
+ #endif
+ #endif
+ 
++#endif /* USE_OPENSSL_MD5 */
+diff -urN isakmpd/sysdep/common/libsysdep/sha1.c isakmpd.new/sysdep/common/libsysdep/sha1.c
+--- isakmpd/sysdep/common/libsysdep/sha1.c     2001-01-28 23:38:48.000000000 +0100
++++ isakmpd.new/sysdep/common/libsysdep/sha1.c 2006-09-01 19:29:28.000000000 +0200
+@@ -1,5 +1,7 @@
+ /*    $OpenBSD: sha1.c,v 1.2 2001/01/28 22:38:48 niklas Exp $ */
+ 
++#ifndef USE_OPENSSL_SHA1
++
+ /*
+ SHA-1 in C
+ By Steve Reid <steve@edmweb.com>
+@@ -171,3 +173,5 @@
+     SHA1Transform(context->state, context->buffer);
+ #endif
+ }
++
++#endif /* USE_OPENSSL_SHA1 */
+diff -urN isakmpd/sysdep/common/md5.h isakmpd.new/sysdep/common/md5.h
+--- isakmpd/sysdep/common/md5.h        2001-01-28 23:38:47.000000000 +0100
++++ isakmpd.new/sysdep/common/md5.h    2006-09-01 19:29:28.000000000 +0200
+@@ -1,5 +1,15 @@
+ /*    $OpenBSD: md5.h,v 1.2 2001/01/28 22:38:47 niklas Exp $  */
+ 
++#ifdef USE_OPENSSL_MD5
++
++#include <openssl/md5.h>
++
++#define MD5Init               MD5_Init
++#define       MD5Update       MD5_Update
++#define       MD5Final        MD5_Final
++
++#else /* USE_OPENSSL_MD5 */
++
+ /* GLOBAL.H - RSAREF types and constants
+  */
+ 
+@@ -71,3 +81,5 @@
+ void MD5Final PROTO_LIST ((unsigned char [16], MD5_CTX *));
+ 
+ #define _MD5_H_
++
++#endif        /* USE_OPENSSL_MD5 */
+diff -urN isakmpd/sysdep/common/sha1.h isakmpd.new/sysdep/common/sha1.h
+--- isakmpd/sysdep/common/sha1.h       2001-01-28 23:38:47.000000000 +0100
++++ isakmpd.new/sysdep/common/sha1.h   2006-09-01 19:29:28.000000000 +0200
+@@ -1,5 +1,16 @@
+ /*    $OpenBSD: sha1.h,v 1.2 2001/01/28 22:38:47 niklas Exp $ */
+ 
++#ifdef USE_OPENSSL_SHA1
++
++#include <openssl/sha.h>
++
++typedef SHA_CTX SHA1_CTX;
++#define       SHA1Init        SHA1_Init
++#define       SHA1Update      SHA1_Update
++#define       SHA1Final       SHA1_Final
++
++#else /* USE_OPENSSL_SHA1 */
++
+ /*
+ SHA-1 in C
+ By Steve Reid <steve@edmweb.com>
+@@ -16,3 +27,5 @@
+ void SHA1Init(SHA1_CTX* context);
+ void SHA1Update(SHA1_CTX* context, unsigned char* data, unsigned int len);
+ void SHA1Final(unsigned char digest[20], SHA1_CTX* context);
++
++#endif        /* USE_OPENSSL_SHA1 */
+diff -urN isakmpd/sysdep/linux/GNUmakefile.sysdep isakmpd.new/sysdep/linux/GNUmakefile.sysdep
+--- isakmpd/sysdep/linux/GNUmakefile.sysdep    2006-09-01 19:29:05.000000000 +0200
++++ isakmpd.new/sysdep/linux/GNUmakefile.sysdep        2006-09-01 19:29:29.000000000 +0200
+@@ -48,6 +48,8 @@
+ USE_LIBCRYPO= defined
+ HAVE_DLOPEN=  defined
+ USE_KEYNOTE=  defined
++USE_OPENSSL_MD5=      defined
++USE_OPENSSL_SHA1=     defined
+ 
+ # hack libsysdep.a dependenc
+ ${LIBSYSDEPDIR}/.depend ${LIBSYSDEP}: