From 4104e846623c505035bffe94c9bae00f7c3adbc3 Mon Sep 17 00:00:00 2001 From: Rene Mayrhofer Date: Sun, 30 Mar 2008 09:39:52 +0000 Subject: - Apply patch to make it work with libpkcs11. --- debian/changelog | 4 ++++ debian/patches/00list | 1 + debian/patches/strongswan-openssl-conflict.dpatch | 29 +++++++++++++++++++++++ 3 files changed, 34 insertions(+) create mode 100644 debian/patches/strongswan-openssl-conflict.dpatch (limited to 'debian') diff --git a/debian/changelog b/debian/changelog index 508b3d8e9..b81342a34 100644 --- a/debian/changelog +++ b/debian/changelog @@ -3,6 +3,10 @@ strongswan (4.1.11-1) unstable; urgency=low * New upstream release. * DBUS support now interacts with network-manager, so need to build-depend on network-manager-dev. + * Add patch to rename internal AES_cbc_encrypt function and thus avoid + conflict with the openssl function. + Closes: #470721: pluto segfaults when using pkcs11 library linked with + OpenSSL -- Rene Mayrhofer Sun, 30 Mar 2008 10:35:16 +0200 diff --git a/debian/patches/00list b/debian/patches/00list index e69de29bb..d59f0d038 100644 --- a/debian/patches/00list +++ b/debian/patches/00list @@ -0,0 +1 @@ +strongswan-openssl-conflict.dpatch diff --git a/debian/patches/strongswan-openssl-conflict.dpatch b/debian/patches/strongswan-openssl-conflict.dpatch new file mode 100644 index 000000000..a26e080bb --- /dev/null +++ b/debian/patches/strongswan-openssl-conflict.dpatch @@ -0,0 +1,29 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## strongswan-openssl-conflict.dpatch by David Smith +## adapted to dpatch format by Rene Mayrhofer +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Rename AES_cbc_encrypt to ss_AES_cbc_encrypt to not conflict +## DP: with OpenSSL's function when using opencryptoki's TPM token. + +@DPATCH@ + +--- a/src/libcrypto/libaes/aes_cbc.c ++++ b/src/libcrypto/libaes/aes_cbc.c +@@ -10,4 +10,4 @@ int AES_set_key(aes_context *aes_ctx, const u_int8_t *key, int keysize) { + aes_set_key(aes_ctx, key, keysize, 0); + return 1; + } +-CBC_IMPL_BLK16(AES_cbc_encrypt, aes_context, u_int8_t *, aes_encrypt, aes_decrypt); ++CBC_IMPL_BLK16(ss_AES_cbc_encrypt, aes_context, u_int8_t *, aes_encrypt, aes_decrypt); +--- a/src/pluto/alg/ike_alg_aes.c ++++ b/src/pluto/alg/ike_alg_aes.c +@@ -34,7 +34,7 @@ do_aes(u_int8_t *buf, size_t buf_len, u_int8_t *key, size_t key_size, u_int8_t * + memcpy(new_iv=iv_bak, (char*) buf + buf_len - AES_CBC_BLOCK_SIZE + , AES_CBC_BLOCK_SIZE); + +- AES_cbc_encrypt(&aes_ctx, buf, buf, buf_len, iv, enc); ++ ss_AES_cbc_encrypt(&aes_ctx, buf, buf, buf_len, iv, enc); + + if (enc) + new_iv = (char*) buf + buf_len-AES_CBC_BLOCK_SIZE; -- cgit v1.2.3