summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRene Mayrhofer <rene@mayrhofer.eu.org>2008-03-30 09:39:52 +0000
committerRene Mayrhofer <rene@mayrhofer.eu.org>2008-03-30 09:39:52 +0000
commit4104e846623c505035bffe94c9bae00f7c3adbc3 (patch)
tree6ed8ed28fb769e4ac0d5d60eaf1abe7770e95180
parent711207a17e89ef3aed0ad59fe91f754284c76344 (diff)
downloadvyos-strongswan-4104e846623c505035bffe94c9bae00f7c3adbc3.tar.gz
vyos-strongswan-4104e846623c505035bffe94c9bae00f7c3adbc3.zip
- Apply patch to make it work with libpkcs11.
-rw-r--r--debian/changelog4
-rw-r--r--debian/patches/00list1
-rw-r--r--debian/patches/strongswan-openssl-conflict.dpatch29
3 files changed, 34 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog
index 508b3d8e9..b81342a34 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -3,6 +3,10 @@ strongswan (4.1.11-1) unstable; urgency=low
* New upstream release.
* DBUS support now interacts with network-manager, so need to build-depend
on network-manager-dev.
+ * Add patch to rename internal AES_cbc_encrypt function and thus avoid
+ conflict with the openssl function.
+ Closes: #470721: pluto segfaults when using pkcs11 library linked with
+ OpenSSL
-- Rene Mayrhofer <rmayr@debian.org> Sun, 30 Mar 2008 10:35:16 +0200
diff --git a/debian/patches/00list b/debian/patches/00list
index e69de29bb..d59f0d038 100644
--- a/debian/patches/00list
+++ b/debian/patches/00list
@@ -0,0 +1 @@
+strongswan-openssl-conflict.dpatch
diff --git a/debian/patches/strongswan-openssl-conflict.dpatch b/debian/patches/strongswan-openssl-conflict.dpatch
new file mode 100644
index 000000000..a26e080bb
--- /dev/null
+++ b/debian/patches/strongswan-openssl-conflict.dpatch
@@ -0,0 +1,29 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## strongswan-openssl-conflict.dpatch by David Smith <davidsmith@acm.org>
+## adapted to dpatch format by Rene Mayrhofer
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: Rename AES_cbc_encrypt to ss_AES_cbc_encrypt to not conflict
+## DP: with OpenSSL's function when using opencryptoki's TPM token.
+
+@DPATCH@
+
+--- a/src/libcrypto/libaes/aes_cbc.c
++++ b/src/libcrypto/libaes/aes_cbc.c
+@@ -10,4 +10,4 @@ int AES_set_key(aes_context *aes_ctx, const u_int8_t *key, int keysize) {
+ aes_set_key(aes_ctx, key, keysize, 0);
+ return 1;
+ }
+-CBC_IMPL_BLK16(AES_cbc_encrypt, aes_context, u_int8_t *, aes_encrypt, aes_decrypt);
++CBC_IMPL_BLK16(ss_AES_cbc_encrypt, aes_context, u_int8_t *, aes_encrypt, aes_decrypt);
+--- a/src/pluto/alg/ike_alg_aes.c
++++ b/src/pluto/alg/ike_alg_aes.c
+@@ -34,7 +34,7 @@ do_aes(u_int8_t *buf, size_t buf_len, u_int8_t *key, size_t key_size, u_int8_t *
+ memcpy(new_iv=iv_bak, (char*) buf + buf_len - AES_CBC_BLOCK_SIZE
+ , AES_CBC_BLOCK_SIZE);
+
+- AES_cbc_encrypt(&aes_ctx, buf, buf, buf_len, iv, enc);
++ ss_AES_cbc_encrypt(&aes_ctx, buf, buf, buf_len, iv, enc);
+
+ if (enc)
+ new_iv = (char*) buf + buf_len-AES_CBC_BLOCK_SIZE;