diff options
author | Rene Mayrhofer <rene@mayrhofer.eu.org> | 2008-03-30 09:39:52 +0000 |
---|---|---|
committer | Rene Mayrhofer <rene@mayrhofer.eu.org> | 2008-03-30 09:39:52 +0000 |
commit | 4104e846623c505035bffe94c9bae00f7c3adbc3 (patch) | |
tree | 6ed8ed28fb769e4ac0d5d60eaf1abe7770e95180 | |
parent | 711207a17e89ef3aed0ad59fe91f754284c76344 (diff) | |
download | vyos-strongswan-4104e846623c505035bffe94c9bae00f7c3adbc3.tar.gz vyos-strongswan-4104e846623c505035bffe94c9bae00f7c3adbc3.zip |
- Apply patch to make it work with libpkcs11.
-rw-r--r-- | debian/changelog | 4 | ||||
-rw-r--r-- | debian/patches/00list | 1 | ||||
-rw-r--r-- | debian/patches/strongswan-openssl-conflict.dpatch | 29 |
3 files changed, 34 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog index 508b3d8e9..b81342a34 100644 --- a/debian/changelog +++ b/debian/changelog @@ -3,6 +3,10 @@ strongswan (4.1.11-1) unstable; urgency=low * New upstream release. * DBUS support now interacts with network-manager, so need to build-depend on network-manager-dev. + * Add patch to rename internal AES_cbc_encrypt function and thus avoid + conflict with the openssl function. + Closes: #470721: pluto segfaults when using pkcs11 library linked with + OpenSSL -- Rene Mayrhofer <rmayr@debian.org> Sun, 30 Mar 2008 10:35:16 +0200 diff --git a/debian/patches/00list b/debian/patches/00list index e69de29bb..d59f0d038 100644 --- a/debian/patches/00list +++ b/debian/patches/00list @@ -0,0 +1 @@ +strongswan-openssl-conflict.dpatch diff --git a/debian/patches/strongswan-openssl-conflict.dpatch b/debian/patches/strongswan-openssl-conflict.dpatch new file mode 100644 index 000000000..a26e080bb --- /dev/null +++ b/debian/patches/strongswan-openssl-conflict.dpatch @@ -0,0 +1,29 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## strongswan-openssl-conflict.dpatch by David Smith <davidsmith@acm.org> +## adapted to dpatch format by Rene Mayrhofer +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Rename AES_cbc_encrypt to ss_AES_cbc_encrypt to not conflict +## DP: with OpenSSL's function when using opencryptoki's TPM token. + +@DPATCH@ + +--- a/src/libcrypto/libaes/aes_cbc.c ++++ b/src/libcrypto/libaes/aes_cbc.c +@@ -10,4 +10,4 @@ int AES_set_key(aes_context *aes_ctx, const u_int8_t *key, int keysize) { + aes_set_key(aes_ctx, key, keysize, 0); + return 1; + } +-CBC_IMPL_BLK16(AES_cbc_encrypt, aes_context, u_int8_t *, aes_encrypt, aes_decrypt); ++CBC_IMPL_BLK16(ss_AES_cbc_encrypt, aes_context, u_int8_t *, aes_encrypt, aes_decrypt); +--- a/src/pluto/alg/ike_alg_aes.c ++++ b/src/pluto/alg/ike_alg_aes.c +@@ -34,7 +34,7 @@ do_aes(u_int8_t *buf, size_t buf_len, u_int8_t *key, size_t key_size, u_int8_t * + memcpy(new_iv=iv_bak, (char*) buf + buf_len - AES_CBC_BLOCK_SIZE + , AES_CBC_BLOCK_SIZE); + +- AES_cbc_encrypt(&aes_ctx, buf, buf, buf_len, iv, enc); ++ ss_AES_cbc_encrypt(&aes_ctx, buf, buf, buf_len, iv, enc); + + if (enc) + new_iv = (char*) buf + buf_len-AES_CBC_BLOCK_SIZE; |