summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--meta-networking/recipes-support/ipsec-tools/ipsec-tools/0001-ipsec-tools-add-openssl-1.1-support.patch1086
-rw-r--r--meta-networking/recipes-support/ipsec-tools/ipsec-tools_0.8.2.bb3
2 files changed, 1088 insertions, 1 deletions
diff --git a/meta-networking/recipes-support/ipsec-tools/ipsec-tools/0001-ipsec-tools-add-openssl-1.1-support.patch b/meta-networking/recipes-support/ipsec-tools/ipsec-tools/0001-ipsec-tools-add-openssl-1.1-support.patch
new file mode 100644
index 0000000000..228274436a
--- /dev/null
+++ b/meta-networking/recipes-support/ipsec-tools/ipsec-tools/0001-ipsec-tools-add-openssl-1.1-support.patch
@@ -0,0 +1,1086 @@
1From b572350a922187d43dd4629c3b43e19979fae3ef Mon Sep 17 00:00:00 2001
2From: Eneas U de Queiroz <cote2004-github@yahoo.com>
3Date: Tue, 25 Sep 2018 15:30:04 +0800
4Subject: [PATCH] ipsec-tools: add openssl 1.1 support
5
6To: equeiroz@troianet.com.br
7
8This patch updates the calls to openssl 1.1 API, and adds a
9compatibility layer so it compiles with (at least) openssl 1.0.2, I
10haven't tested it with lower versions, but all that's needed is to edit
11the openssl_compat.* files and add the missing functions there--they're
12usually trivial.
13
14Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
15
16Upstream-Status: Submitted [https://sourceforge.net/p/ipsec-tools/mailman/message/36327963/]
17https://github.com/openwrt/packages/blob/master/net/ipsec-tools/patches/015-openssl-1.1.patch
18
19Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
20---
21 src/racoon/Makefile.am | 10 +--
22 src/racoon/algorithm.c | 6 +-
23 src/racoon/crypto_openssl.c | 197 +++++++++++++++++++++-------------------
24 src/racoon/crypto_openssl.h | 2 +-
25 src/racoon/eaytest.c | 7 +-
26 src/racoon/ipsec_doi.c | 2 +-
27 src/racoon/openssl_compat.c | 213 ++++++++++++++++++++++++++++++++++++++++++++
28 src/racoon/openssl_compat.h | 45 ++++++++++
29 src/racoon/plainrsa-gen.c | 41 +++++----
30 src/racoon/prsa_par.y | 28 ++++--
31 src/racoon/rsalist.c | 5 +-
32 11 files changed, 430 insertions(+), 126 deletions(-)
33 create mode 100644 src/racoon/openssl_compat.c
34 create mode 100644 src/racoon/openssl_compat.h
35
36diff --git a/src/racoon/Makefile.am b/src/racoon/Makefile.am
37index 0662957..272b009 100644
38--- a/src/racoon/Makefile.am
39+++ b/src/racoon/Makefile.am
40@@ -4,7 +4,7 @@ sbin_PROGRAMS = racoon racoonctl plainrsa-gen
41 noinst_PROGRAMS = eaytest
42 include_racoon_HEADERS = racoonctl.h var.h vmbuf.h misc.h gcmalloc.h admin.h \
43 schedule.h sockmisc.h isakmp_var.h isakmp.h isakmp_xauth.h \
44- isakmp_cfg.h isakmp_unity.h ipsec_doi.h evt.h
45+ isakmp_cfg.h isakmp_unity.h ipsec_doi.h evt.h openssl_compat.h
46 lib_LTLIBRARIES = libracoon.la
47
48 adminsockdir=${localstatedir}/racoon
49@@ -32,7 +32,7 @@ racoon_SOURCES = \
50 gssapi.c dnssec.c getcertsbyname.c privsep.c \
51 pfkey.c admin.c evt.c ipsec_doi.c oakley.c grabmyaddr.c vendorid.c \
52 policy.c localconf.c remoteconf.c crypto_openssl.c algorithm.c \
53- proposal.c sainfo.c strnames.c \
54+ openssl_compat.c proposal.c sainfo.c strnames.c \
55 plog.c logger.c schedule.c str2val.c \
56 safefile.c backupsa.c genlist.c rsalist.c \
57 cftoken.l cfparse.y prsa_tok.l prsa_par.y
58@@ -51,12 +51,12 @@ libracoon_la_SOURCES = kmpstat.c vmbuf.c sockmisc.c misc.c
59 libracoon_la_CFLAGS = -DNOUSE_PRIVSEP $(AM_CFLAGS)
60
61 plainrsa_gen_SOURCES = plainrsa-gen.c plog.c \
62- crypto_openssl.c logger.c
63+ crypto_openssl.c logger.c openssl_compat.c
64 EXTRA_plainrsa_gen_SOURCES = $(MISSING_ALGOS)
65 plainrsa_gen_LDADD = $(CRYPTOBJS) vmbuf.o misc.o
66 plainrsa_gen_DEPENDENCIES = $(CRYPTOBJS) vmbuf.o misc.o
67
68-eaytest_SOURCES = eaytest.c plog.c logger.c
69+eaytest_SOURCES = eaytest.c plog.c logger.c openssl_compat.c
70 EXTRA_eaytest_SOURCES = missing/crypto/sha2/sha2.c
71 eaytest_LDADD = crypto_openssl_test.o vmbuf.o str2val.o misc_noplog.o \
72 $(CRYPTOBJS)
73@@ -75,7 +75,7 @@ noinst_HEADERS = \
74 debugrm.h isakmp.h misc.h sainfo.h \
75 dhgroup.h isakmp_agg.h netdb_dnssec.h schedule.h \
76 isakmp_cfg.h isakmp_xauth.h isakmp_unity.h isakmp_frag.h \
77- throttle.h privsep.h \
78+ throttle.h privsep.h openssl_compat.h \
79 cfparse_proto.h cftoken_proto.h genlist.h rsalist.h \
80 missing/crypto/sha2/sha2.h missing/crypto/rijndael/rijndael_local.h \
81 missing/crypto/rijndael/rijndael-api-fst.h \
82diff --git a/src/racoon/algorithm.c b/src/racoon/algorithm.c
83index 3fd50f6..66c874b 100644
84--- a/src/racoon/algorithm.c
85+++ b/src/racoon/algorithm.c
86@@ -128,7 +128,7 @@ static struct enc_algorithm oakley_encdef[] = {
87 { "aes", algtype_aes, OAKLEY_ATTR_ENC_ALG_AES, 16,
88 eay_aes_encrypt, eay_aes_decrypt,
89 eay_aes_weakkey, eay_aes_keylen, },
90-#ifdef HAVE_OPENSSL_CAMELLIA_H
91+#if defined(HAVE_OPENSSL_CAMELLIA_H) && ! defined(OPENSSL_NO_CAMELLIA)
92 { "camellia", algtype_camellia, OAKLEY_ATTR_ENC_ALG_CAMELLIA, 16,
93 eay_camellia_encrypt, eay_camellia_decrypt,
94 eay_camellia_weakkey, eay_camellia_keylen, },
95@@ -168,7 +168,7 @@ static struct enc_algorithm ipsec_encdef[] = {
96 { "twofish", algtype_twofish, IPSECDOI_ESP_TWOFISH, 16,
97 NULL, NULL,
98 NULL, eay_twofish_keylen, },
99-#ifdef HAVE_OPENSSL_IDEA_H
100+#if defined(HAVE_OPENSSL_IDEA_H) && ! defined(OPENSSL_NO_IDEA)
101 { "3idea", algtype_3idea, IPSECDOI_ESP_3IDEA, 8,
102 NULL, NULL,
103 NULL, NULL, },
104@@ -179,7 +179,7 @@ static struct enc_algorithm ipsec_encdef[] = {
105 { "rc4", algtype_rc4, IPSECDOI_ESP_RC4, 8,
106 NULL, NULL,
107 NULL, NULL, },
108-#ifdef HAVE_OPENSSL_CAMELLIA_H
109+#if defined(HAVE_OPENSSL_CAMELLIA_H) && ! defined(OPENSSL_NO_CAMELLIA)
110 { "camellia", algtype_camellia, IPSECDOI_ESP_CAMELLIA, 16,
111 NULL, NULL,
112 NULL, eay_camellia_keylen, },
113diff --git a/src/racoon/crypto_openssl.c b/src/racoon/crypto_openssl.c
114index 55b076a..8fb358f 100644
115--- a/src/racoon/crypto_openssl.c
116+++ b/src/racoon/crypto_openssl.c
117@@ -90,6 +90,7 @@
118 #endif
119 #endif
120 #include "plog.h"
121+#include "openssl_compat.h"
122
123 #define USE_NEW_DES_API
124
125@@ -316,9 +317,12 @@ eay_cmp_asn1dn(n1, n2)
126 i = idx+1;
127 goto end;
128 }
129- if ((ea->value->length == 1 && ea->value->data[0] == '*') ||
130- (eb->value->length == 1 && eb->value->data[0] == '*')) {
131- if (OBJ_cmp(ea->object,eb->object)) {
132+ ASN1_STRING *sa = X509_NAME_ENTRY_get_data(ea);
133+ ASN1_STRING *sb = X509_NAME_ENTRY_get_data(eb);
134+ if ((ASN1_STRING_length(sa) == 1 && ASN1_STRING_get0_data(sa)[0] == '*') ||
135+ (ASN1_STRING_length(sb) == 1 && ASN1_STRING_get0_data(sb)[0] == '*')) {
136+ if (OBJ_cmp(X509_NAME_ENTRY_get_object(ea),
137+ X509_NAME_ENTRY_get_object(eb))) {
138 i = idx+1;
139 goto end;
140 }
141@@ -430,7 +434,7 @@ cb_check_cert_local(ok, ctx)
142
143 if (!ok) {
144 X509_NAME_oneline(
145- X509_get_subject_name(ctx->current_cert),
146+ X509_get_subject_name(X509_STORE_CTX_get_current_cert(ctx)),
147 buf,
148 256);
149 /*
150@@ -438,7 +442,8 @@ cb_check_cert_local(ok, ctx)
151 * ok if they are self signed. But we should still warn
152 * the user.
153 */
154- switch (ctx->error) {
155+ int ctx_error = X509_STORE_CTX_get_error(ctx);
156+ switch (ctx_error) {
157 case X509_V_ERR_CERT_HAS_EXPIRED:
158 case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
159 case X509_V_ERR_INVALID_CA:
160@@ -453,9 +458,9 @@ cb_check_cert_local(ok, ctx)
161 }
162 plog(log_tag, LOCATION, NULL,
163 "%s(%d) at depth:%d SubjectName:%s\n",
164- X509_verify_cert_error_string(ctx->error),
165- ctx->error,
166- ctx->error_depth,
167+ X509_verify_cert_error_string(ctx_error),
168+ ctx_error,
169+ X509_STORE_CTX_get_error_depth(ctx),
170 buf);
171 }
172 ERR_clear_error();
173@@ -477,10 +482,11 @@ cb_check_cert_remote(ok, ctx)
174
175 if (!ok) {
176 X509_NAME_oneline(
177- X509_get_subject_name(ctx->current_cert),
178+ X509_get_subject_name(X509_STORE_CTX_get_current_cert(ctx)),
179 buf,
180 256);
181- switch (ctx->error) {
182+ int ctx_error=X509_STORE_CTX_get_error(ctx);
183+ switch (ctx_error) {
184 case X509_V_ERR_UNABLE_TO_GET_CRL:
185 ok = 1;
186 log_tag = LLV_WARNING;
187@@ -490,9 +496,9 @@ cb_check_cert_remote(ok, ctx)
188 }
189 plog(log_tag, LOCATION, NULL,
190 "%s(%d) at depth:%d SubjectName:%s\n",
191- X509_verify_cert_error_string(ctx->error),
192- ctx->error,
193- ctx->error_depth,
194+ X509_verify_cert_error_string(ctx_error),
195+ ctx_error,
196+ X509_STORE_CTX_get_error_depth(ctx),
197 buf);
198 }
199 ERR_clear_error();
200@@ -516,14 +522,15 @@ eay_get_x509asn1subjectname(cert)
201 if (x509 == NULL)
202 goto error;
203
204+ X509_NAME *subject_name = X509_get_subject_name(x509);
205 /* get the length of the name */
206- len = i2d_X509_NAME(x509->cert_info->subject, NULL);
207+ len = i2d_X509_NAME(subject_name, NULL);
208 name = vmalloc(len);
209 if (!name)
210 goto error;
211 /* get the name */
212 bp = (unsigned char *) name->v;
213- len = i2d_X509_NAME(x509->cert_info->subject, &bp);
214+ len = i2d_X509_NAME(subject_name, &bp);
215
216 X509_free(x509);
217
218@@ -661,15 +668,16 @@ eay_get_x509asn1issuername(cert)
219 if (x509 == NULL)
220 goto error;
221
222+ X509_NAME *issuer_name = X509_get_issuer_name(x509);
223 /* get the length of the name */
224- len = i2d_X509_NAME(x509->cert_info->issuer, NULL);
225+ len = i2d_X509_NAME(issuer_name, NULL);
226 name = vmalloc(len);
227 if (name == NULL)
228 goto error;
229
230 /* get the name */
231 bp = (unsigned char *) name->v;
232- len = i2d_X509_NAME(x509->cert_info->issuer, &bp);
233+ len = i2d_X509_NAME(issuer_name, &bp);
234
235 X509_free(x509);
236
237@@ -850,7 +858,7 @@ eay_check_x509sign(source, sig, cert)
238 return -1;
239 }
240
241- res = eay_rsa_verify(source, sig, evp->pkey.rsa);
242+ res = eay_rsa_verify(source, sig, EVP_PKEY_get0_RSA(evp));
243
244 EVP_PKEY_free(evp);
245 X509_free(x509);
246@@ -992,7 +1000,7 @@ eay_get_x509sign(src, privkey)
247 if (evp == NULL)
248 return NULL;
249
250- sig = eay_rsa_sign(src, evp->pkey.rsa);
251+ sig = eay_rsa_sign(src, EVP_PKEY_get0_RSA(evp));
252
253 EVP_PKEY_free(evp);
254
255@@ -1079,7 +1087,11 @@ eay_strerror()
256 int line, flags;
257 unsigned long es;
258
259+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
260+ es = 0; /* even when allowed by OPENSSL_API_COMPAT, it is defined as 0 */
261+#else
262 es = CRYPTO_thread_id();
263+#endif
264
265 while ((l = ERR_get_error_line_data(&file, &line, &data, &flags)) != 0){
266 n = snprintf(ebuf + len, sizeof(ebuf) - len,
267@@ -1100,7 +1112,7 @@ vchar_t *
268 evp_crypt(vchar_t *data, vchar_t *key, vchar_t *iv, const EVP_CIPHER *e, int enc)
269 {
270 vchar_t *res;
271- EVP_CIPHER_CTX ctx;
272+ EVP_CIPHER_CTX *ctx;
273
274 if (!e)
275 return NULL;
276@@ -1111,7 +1123,7 @@ evp_crypt(vchar_t *data, vchar_t *key, vchar_t *iv, const EVP_CIPHER *e, int enc
277 if ((res = vmalloc(data->l)) == NULL)
278 return NULL;
279
280- EVP_CIPHER_CTX_init(&ctx);
281+ ctx = EVP_CIPHER_CTX_new();
282
283 switch(EVP_CIPHER_nid(e)){
284 case NID_bf_cbc:
285@@ -1125,54 +1137,41 @@ evp_crypt(vchar_t *data, vchar_t *key, vchar_t *iv, const EVP_CIPHER *e, int enc
286 /* XXX: can we do that also for algos with a fixed key size ?
287 */
288 /* init context without key/iv
289- */
290- if (!EVP_CipherInit(&ctx, e, NULL, NULL, enc))
291- {
292- OpenSSL_BUG();
293- vfree(res);
294- return NULL;
295- }
296+ */
297+ if (!EVP_CipherInit(ctx, e, NULL, NULL, enc))
298+ goto out;
299
300- /* update key size
301- */
302- if (!EVP_CIPHER_CTX_set_key_length(&ctx, key->l))
303- {
304- OpenSSL_BUG();
305- vfree(res);
306- return NULL;
307- }
308-
309- /* finalize context init with desired key size
310- */
311- if (!EVP_CipherInit(&ctx, NULL, (u_char *) key->v,
312+ /* update key size
313+ */
314+ if (!EVP_CIPHER_CTX_set_key_length(ctx, key->l))
315+ goto out;
316+
317+ /* finalize context init with desired key size
318+ */
319+ if (!EVP_CipherInit(ctx, NULL, (u_char *) key->v,
320 (u_char *) iv->v, enc))
321- {
322- OpenSSL_BUG();
323- vfree(res);
324- return NULL;
325- }
326+ goto out;
327 break;
328 default:
329- if (!EVP_CipherInit(&ctx, e, (u_char *) key->v,
330- (u_char *) iv->v, enc)) {
331- OpenSSL_BUG();
332- vfree(res);
333- return NULL;
334- }
335+ if (!EVP_CipherInit(ctx, e, (u_char *) key->v,
336+ (u_char *) iv->v, enc))
337+ goto out;
338 }
339
340 /* disable openssl padding */
341- EVP_CIPHER_CTX_set_padding(&ctx, 0);
342+ EVP_CIPHER_CTX_set_padding(ctx, 0);
343
344- if (!EVP_Cipher(&ctx, (u_char *) res->v, (u_char *) data->v, data->l)) {
345- OpenSSL_BUG();
346- vfree(res);
347- return NULL;
348- }
349+ if (!EVP_Cipher(ctx, (u_char *) res->v, (u_char *) data->v, data->l))
350+ goto out;
351
352- EVP_CIPHER_CTX_cleanup(&ctx);
353+ EVP_CIPHER_CTX_free(ctx);
354
355 return res;
356+out:
357+ EVP_CIPHER_CTX_free(ctx);
358+ OpenSSL_BUG();
359+ vfree(res);
360+ return NULL;
361 }
362
363 int
364@@ -1230,7 +1229,7 @@ eay_des_keylen(len)
365 return evp_keylen(len, EVP_des_cbc());
366 }
367
368-#ifdef HAVE_OPENSSL_IDEA_H
369+#if defined(HAVE_OPENSSL_IDEA_H) && ! defined(OPENSSL_NO_IDEA)
370 /*
371 * IDEA-CBC
372 */
373@@ -1587,7 +1586,7 @@ eay_aes_keylen(len)
374 return len;
375 }
376
377-#if defined(HAVE_OPENSSL_CAMELLIA_H)
378+#if defined(HAVE_OPENSSL_CAMELLIA_H) && ! defined(OPENSSL_NO_CAMELLIA)
379 /*
380 * CAMELLIA-CBC
381 */
382@@ -1680,9 +1679,9 @@ eay_hmac_init(key, md)
383 vchar_t *key;
384 const EVP_MD *md;
385 {
386- HMAC_CTX *c = racoon_malloc(sizeof(*c));
387+ HMAC_CTX *c = HMAC_CTX_new();
388
389- HMAC_Init(c, key->v, key->l, md);
390+ HMAC_Init_ex(c, key->v, key->l, md, NULL);
391
392 return (caddr_t)c;
393 }
394@@ -1761,8 +1760,7 @@ eay_hmacsha2_512_final(c)
395
396 HMAC_Final((HMAC_CTX *)c, (unsigned char *) res->v, &l);
397 res->l = l;
398- HMAC_cleanup((HMAC_CTX *)c);
399- (void)racoon_free(c);
400+ HMAC_CTX_free((HMAC_CTX *)c);
401
402 if (SHA512_DIGEST_LENGTH != res->l) {
403 plog(LLV_ERROR, LOCATION, NULL,
404@@ -1811,8 +1809,7 @@ eay_hmacsha2_384_final(c)
405
406 HMAC_Final((HMAC_CTX *)c, (unsigned char *) res->v, &l);
407 res->l = l;
408- HMAC_cleanup((HMAC_CTX *)c);
409- (void)racoon_free(c);
410+ HMAC_CTX_free((HMAC_CTX *)c);
411
412 if (SHA384_DIGEST_LENGTH != res->l) {
413 plog(LLV_ERROR, LOCATION, NULL,
414@@ -1861,8 +1858,7 @@ eay_hmacsha2_256_final(c)
415
416 HMAC_Final((HMAC_CTX *)c, (unsigned char *) res->v, &l);
417 res->l = l;
418- HMAC_cleanup((HMAC_CTX *)c);
419- (void)racoon_free(c);
420+ HMAC_CTX_free((HMAC_CTX *)c);
421
422 if (SHA256_DIGEST_LENGTH != res->l) {
423 plog(LLV_ERROR, LOCATION, NULL,
424@@ -1912,8 +1908,7 @@ eay_hmacsha1_final(c)
425
426 HMAC_Final((HMAC_CTX *)c, (unsigned char *) res->v, &l);
427 res->l = l;
428- HMAC_cleanup((HMAC_CTX *)c);
429- (void)racoon_free(c);
430+ HMAC_CTX_free((HMAC_CTX *)c);
431
432 if (SHA_DIGEST_LENGTH != res->l) {
433 plog(LLV_ERROR, LOCATION, NULL,
434@@ -1962,8 +1957,7 @@ eay_hmacmd5_final(c)
435
436 HMAC_Final((HMAC_CTX *)c, (unsigned char *) res->v, &l);
437 res->l = l;
438- HMAC_cleanup((HMAC_CTX *)c);
439- (void)racoon_free(c);
440+ HMAC_CTX_free((HMAC_CTX *)c);
441
442 if (MD5_DIGEST_LENGTH != res->l) {
443 plog(LLV_ERROR, LOCATION, NULL,
444@@ -2266,6 +2260,7 @@ eay_dh_generate(prime, g, publen, pub, priv)
445 u_int32_t g;
446 {
447 BIGNUM *p = NULL;
448+ BIGNUM *BNg = NULL;
449 DH *dh = NULL;
450 int error = -1;
451
452@@ -2276,25 +2271,28 @@ eay_dh_generate(prime, g, publen, pub, priv)
453
454 if ((dh = DH_new()) == NULL)
455 goto end;
456- dh->p = p;
457- p = NULL; /* p is now part of dh structure */
458- dh->g = NULL;
459- if ((dh->g = BN_new()) == NULL)
460+ if ((BNg = BN_new()) == NULL)
461 goto end;
462- if (!BN_set_word(dh->g, g))
463+ if (!BN_set_word(BNg, g))
464 goto end;
465+ if (! DH_set0_pqg(dh, p, NULL, BNg))
466+ goto end;
467+ BNg = NULL;
468+ p = NULL; /* p is now part of dh structure */
469
470 if (publen != 0)
471- dh->length = publen;
472+ DH_set_length(dh, publen);
473
474 /* generate public and private number */
475 if (!DH_generate_key(dh))
476 goto end;
477
478 /* copy results to buffers */
479- if (eay_bn2v(pub, dh->pub_key) < 0)
480+ BIGNUM *pub_key, *priv_key;
481+ DH_get0_key(dh, (const BIGNUM**) &pub_key, (const BIGNUM**) &priv_key);
482+ if (eay_bn2v(pub, pub_key) < 0)
483 goto end;
484- if (eay_bn2v(priv, dh->priv_key) < 0) {
485+ if (eay_bn2v(priv, priv_key) < 0) {
486 vfree(*pub);
487 goto end;
488 }
489@@ -2306,6 +2304,8 @@ end:
490 DH_free(dh);
491 if (p != 0)
492 BN_free(p);
493+ if (BNg != 0)
494+ BN_free(BNg);
495 return(error);
496 }
497
498@@ -2319,6 +2319,10 @@ eay_dh_compute(prime, g, pub, priv, pub2, key)
499 int l;
500 unsigned char *v = NULL;
501 int error = -1;
502+ BIGNUM *p = BN_new();
503+ BIGNUM *BNg = BN_new();
504+ BIGNUM *pub_key = BN_new();
505+ BIGNUM *priv_key = BN_new();
506
507 /* make public number to compute */
508 if (eay_v2bn(&dh_pub, pub2) < 0)
509@@ -2327,19 +2331,21 @@ eay_dh_compute(prime, g, pub, priv, pub2, key)
510 /* make DH structure */
511 if ((dh = DH_new()) == NULL)
512 goto end;
513- if (eay_v2bn(&dh->p, prime) < 0)
514+ if (p == NULL || BNg == NULL || pub_key == NULL || priv_key == NULL)
515 goto end;
516- if (eay_v2bn(&dh->pub_key, pub) < 0)
517+
518+ if (eay_v2bn(&p, prime) < 0)
519 goto end;
520- if (eay_v2bn(&dh->priv_key, priv) < 0)
521+ if (eay_v2bn(&pub_key, pub) < 0)
522 goto end;
523- dh->length = pub2->l * 8;
524-
525- dh->g = NULL;
526- if ((dh->g = BN_new()) == NULL)
527+ if (eay_v2bn(&priv_key, priv) < 0)
528 goto end;
529- if (!BN_set_word(dh->g, g))
530+ if (!BN_set_word(BNg, g))
531 goto end;
532+ DH_set0_key(dh, pub_key, priv_key);
533+ DH_set_length(dh, pub2->l * 8);
534+ DH_set0_pqg(dh, p, NULL, BNg);
535+ pub_key = priv_key = p = BNg = NULL;
536
537 if ((v = racoon_calloc(prime->l, sizeof(u_char))) == NULL)
538 goto end;
539@@ -2350,6 +2356,14 @@ eay_dh_compute(prime, g, pub, priv, pub2, key)
540 error = 0;
541
542 end:
543+ if (p != NULL)
544+ BN_free(p);
545+ if (BNg != NULL)
546+ BN_free(BNg);
547+ if (pub_key != NULL)
548+ BN_free(pub_key);
549+ if (priv_key != NULL)
550+ BN_free(priv_key);
551 if (dh_pub != NULL)
552 BN_free(dh_pub);
553 if (dh != NULL)
554@@ -2400,12 +2414,14 @@ eay_bn2v(var, bn)
555 void
556 eay_init()
557 {
558+#if OPENSSL_VERSION_NUMBER < 0x10100000L
559 OpenSSL_add_all_algorithms();
560 ERR_load_crypto_strings();
561 #ifdef HAVE_OPENSSL_ENGINE_H
562 ENGINE_load_builtin_engines();
563 ENGINE_register_all_complete();
564 #endif
565+#endif
566 }
567
568 vchar_t *
569@@ -2504,8 +2520,7 @@ binbuf_pubkey2rsa(vchar_t *binbuf)
570 goto out;
571 }
572
573- rsa_pub->n = mod;
574- rsa_pub->e = exp;
575+ RSA_set0_key(rsa_pub, mod, exp, NULL);
576
577 out:
578 return rsa_pub;
579@@ -2582,5 +2597,5 @@ eay_random()
580 const char *
581 eay_version()
582 {
583- return SSLeay_version(SSLEAY_VERSION);
584+ return OpenSSL_version(OPENSSL_VERSION);
585 }
586diff --git a/src/racoon/crypto_openssl.h b/src/racoon/crypto_openssl.h
587index 66fac73..ee5b765 100644
588--- a/src/racoon/crypto_openssl.h
589+++ b/src/racoon/crypto_openssl.h
590@@ -124,7 +124,7 @@ extern vchar_t *eay_aes_decrypt __P((vchar_t *, vchar_t *, vchar_t *));
591 extern int eay_aes_weakkey __P((vchar_t *));
592 extern int eay_aes_keylen __P((int));
593
594-#if defined(HAVE_OPENSSL_CAMELLIA_H)
595+#if defined(HAVE_OPENSSL_CAMELLIA_H) && ! defined(OPENSSL_NO_CAMELLIA)
596 /* Camellia */
597 extern vchar_t *eay_camellia_encrypt __P((vchar_t *, vchar_t *, vchar_t *));
598 extern vchar_t *eay_camellia_decrypt __P((vchar_t *, vchar_t *, vchar_t *));
599diff --git a/src/racoon/eaytest.c b/src/racoon/eaytest.c
600index d609e4f..d2d20da 100644
601--- a/src/racoon/eaytest.c
602+++ b/src/racoon/eaytest.c
603@@ -62,6 +62,7 @@
604 #include "dhgroup.h"
605 #include "crypto_openssl.h"
606 #include "gnuc.h"
607+#include "openssl_compat.h"
608
609 #include "package_version.h"
610
611@@ -103,7 +104,7 @@ rsa_verify_with_pubkey(src, sig, pubkey_txt)
612 printf ("PEM_read_PUBKEY(): %s\n", eay_strerror());
613 return -1;
614 }
615- error = eay_check_rsasign(src, sig, evp->pkey.rsa);
616+ error = eay_check_rsasign(src, sig, EVP_PKEY_get0_RSA(evp));
617
618 return error;
619 }
620@@ -698,7 +699,7 @@ ciphertest(ac, av)
621 eay_cast_encrypt, eay_cast_decrypt) < 0)
622 return -1;
623
624-#ifdef HAVE_OPENSSL_IDEA_H
625+#if defined(HAVE_OPENSSL_IDEA_H) && ! defined(OPENSSL_NO_IDEA)
626 if (ciphertest_1 ("IDEA",
627 &data, 8,
628 &key, key.l,
629@@ -715,7 +716,7 @@ ciphertest(ac, av)
630 eay_rc5_encrypt, eay_rc5_decrypt) < 0)
631 return -1;
632 #endif
633-#if defined(HAVE_OPENSSL_CAMELLIA_H)
634+#if defined(HAVE_OPENSSL_CAMELLIA_H) && ! defined(OPENSSL_NO_CAMELLIA)
635 if (ciphertest_1 ("CAMELLIA",
636 &data, 16,
637 &key, key.l,
638diff --git a/src/racoon/ipsec_doi.c b/src/racoon/ipsec_doi.c
639index 08e4325..7b1604d 100644
640--- a/src/racoon/ipsec_doi.c
641+++ b/src/racoon/ipsec_doi.c
642@@ -715,7 +715,7 @@ out:
643 /* key length must not be specified on some algorithms */
644 if (keylen) {
645 if (sa->enctype == OAKLEY_ATTR_ENC_ALG_DES
646-#ifdef HAVE_OPENSSL_IDEA_H
647+#if defined(HAVE_OPENSSL_IDEA_H) && ! defined(OPENSSL_NO_IDEA)
648 || sa->enctype == OAKLEY_ATTR_ENC_ALG_IDEA
649 #endif
650 || sa->enctype == OAKLEY_ATTR_ENC_ALG_3DES) {
651diff --git a/src/racoon/openssl_compat.c b/src/racoon/openssl_compat.c
652new file mode 100644
653index 0000000..864b5fb
654--- /dev/null
655+++ b/src/racoon/openssl_compat.c
656@@ -0,0 +1,213 @@
657+/*
658+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
659+ *
660+ * Licensed under the OpenSSL license (the "License"). You may not use
661+ * this file except in compliance with the License. You can obtain a copy
662+ * in the file LICENSE in the source distribution or at
663+ * https://www.openssl.org/source/license.html
664+ */
665+
666+#include "openssl_compat.h"
667+
668+#if OPENSSL_VERSION_NUMBER < 0x10100000L
669+
670+#include <string.h>
671+
672+static void *OPENSSL_zalloc(size_t num)
673+{
674+ void *ret = OPENSSL_malloc(num);
675+
676+ if (ret != NULL)
677+ memset(ret, 0, num);
678+ return ret;
679+}
680+
681+int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d)
682+{
683+ /* If the fields n and e in r are NULL, the corresponding input
684+ * parameters MUST be non-NULL for n and e. d may be
685+ * left NULL (in case only the public key is used).
686+ */
687+ if ((r->n == NULL && n == NULL)
688+ || (r->e == NULL && e == NULL))
689+ return 0;
690+
691+ if (n != NULL) {
692+ BN_free(r->n);
693+ r->n = n;
694+ }
695+ if (e != NULL) {
696+ BN_free(r->e);
697+ r->e = e;
698+ }
699+ if (d != NULL) {
700+ BN_free(r->d);
701+ r->d = d;
702+ }
703+
704+ return 1;
705+}
706+
707+int RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q)
708+{
709+ /* If the fields p and q in r are NULL, the corresponding input
710+ * parameters MUST be non-NULL.
711+ */
712+ if ((r->p == NULL && p == NULL)
713+ || (r->q == NULL && q == NULL))
714+ return 0;
715+
716+ if (p != NULL) {
717+ BN_free(r->p);
718+ r->p = p;
719+ }
720+ if (q != NULL) {
721+ BN_free(r->q);
722+ r->q = q;
723+ }
724+
725+ return 1;
726+}
727+
728+int RSA_set0_crt_params(RSA *r, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp)
729+{
730+ /* If the fields dmp1, dmq1 and iqmp in r are NULL, the corresponding input
731+ * parameters MUST be non-NULL.
732+ */
733+ if ((r->dmp1 == NULL && dmp1 == NULL)
734+ || (r->dmq1 == NULL && dmq1 == NULL)
735+ || (r->iqmp == NULL && iqmp == NULL))
736+ return 0;
737+
738+ if (dmp1 != NULL) {
739+ BN_free(r->dmp1);
740+ r->dmp1 = dmp1;
741+ }
742+ if (dmq1 != NULL) {
743+ BN_free(r->dmq1);
744+ r->dmq1 = dmq1;
745+ }
746+ if (iqmp != NULL) {
747+ BN_free(r->iqmp);
748+ r->iqmp = iqmp;
749+ }
750+
751+ return 1;
752+}
753+
754+void RSA_get0_key(const RSA *r,
755+ const BIGNUM **n, const BIGNUM **e, const BIGNUM **d)
756+{
757+ if (n != NULL)
758+ *n = r->n;
759+ if (e != NULL)
760+ *e = r->e;
761+ if (d != NULL)
762+ *d = r->d;
763+}
764+
765+void RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q)
766+{
767+ if (p != NULL)
768+ *p = r->p;
769+ if (q != NULL)
770+ *q = r->q;
771+}
772+
773+void RSA_get0_crt_params(const RSA *r,
774+ const BIGNUM **dmp1, const BIGNUM **dmq1,
775+ const BIGNUM **iqmp)
776+{
777+ if (dmp1 != NULL)
778+ *dmp1 = r->dmp1;
779+ if (dmq1 != NULL)
780+ *dmq1 = r->dmq1;
781+ if (iqmp != NULL)
782+ *iqmp = r->iqmp;
783+}
784+
785+int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g)
786+{
787+ /* If the fields p and g in d are NULL, the corresponding input
788+ * parameters MUST be non-NULL. q may remain NULL.
789+ */
790+ if ((dh->p == NULL && p == NULL)
791+ || (dh->g == NULL && g == NULL))
792+ return 0;
793+
794+ if (p != NULL) {
795+ BN_free(dh->p);
796+ dh->p = p;
797+ }
798+ if (q != NULL) {
799+ BN_free(dh->q);
800+ dh->q = q;
801+ }
802+ if (g != NULL) {
803+ BN_free(dh->g);
804+ dh->g = g;
805+ }
806+
807+ if (q != NULL) {
808+ dh->length = BN_num_bits(q);
809+ }
810+
811+ return 1;
812+}
813+
814+void DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key)
815+{
816+ if (pub_key != NULL)
817+ *pub_key = dh->pub_key;
818+ if (priv_key != NULL)
819+ *priv_key = dh->priv_key;
820+}
821+
822+int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key)
823+{
824+ /* If the field pub_key in dh is NULL, the corresponding input
825+ * parameters MUST be non-NULL. The priv_key field may
826+ * be left NULL.
827+ */
828+ if (dh->pub_key == NULL && pub_key == NULL)
829+ return 0;
830+
831+ if (pub_key != NULL) {
832+ BN_free(dh->pub_key);
833+ dh->pub_key = pub_key;
834+ }
835+ if (priv_key != NULL) {
836+ BN_free(dh->priv_key);
837+ dh->priv_key = priv_key;
838+ }
839+
840+ return 1;
841+}
842+
843+int DH_set_length(DH *dh, long length)
844+{
845+ dh->length = length;
846+ return 1;
847+}
848+
849+HMAC_CTX *HMAC_CTX_new(void)
850+{
851+ return OPENSSL_zalloc(sizeof(HMAC_CTX));
852+}
853+
854+void HMAC_CTX_free(HMAC_CTX *ctx)
855+{
856+ HMAC_CTX_cleanup(ctx);
857+ OPENSSL_free(ctx);
858+}
859+
860+RSA *EVP_PKEY_get0_RSA(EVP_PKEY *pkey)
861+{
862+ if (pkey->type != EVP_PKEY_RSA) {
863+ return NULL;
864+ }
865+ return pkey->pkey.rsa;
866+}
867+
868+
869+#endif /* OPENSSL_VERSION_NUMBER */
870diff --git a/src/racoon/openssl_compat.h b/src/racoon/openssl_compat.h
871new file mode 100644
872index 0000000..9e152c2
873--- /dev/null
874+++ b/src/racoon/openssl_compat.h
875@@ -0,0 +1,45 @@
876+#ifndef OPENSSL_COMPAT_H
877+#define OPENSSL_COMPAT_H
878+
879+#include <openssl/opensslv.h>
880+#if OPENSSL_VERSION_NUMBER < 0x10100000L
881+
882+#include <openssl/rsa.h>
883+#include <openssl/dh.h>
884+#include <openssl/evp.h>
885+#include <openssl/hmac.h>
886+
887+int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d);
888+int RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q);
889+int RSA_set0_crt_params(RSA *r, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp);
890+void RSA_get0_key(const RSA *r, const BIGNUM **n, const BIGNUM **e, const BIGNUM **d);
891+void RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q);
892+void RSA_get0_crt_params(const RSA *r, const BIGNUM **dmp1, const BIGNUM **dmq1, const BIGNUM **iqmp);
893+
894+int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g);
895+void DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key);
896+int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key);
897+int DH_set_length(DH *dh, long length);
898+
899+HMAC_CTX *HMAC_CTX_new(void);
900+void HMAC_CTX_free(HMAC_CTX* ctx);
901+
902+RSA *EVP_PKEY_get0_RSA(EVP_PKEY *pkey);
903+
904+#define ASN1_STRING_length(s) s->length
905+#define ASN1_STRING_get0_data(s) s->data
906+
907+#define X509_get_subject_name(x) x->cert_info->subject
908+#define X509_get_issuer_name(x) x->cert_info->issuer
909+#define X509_NAME_ENTRY_get_data(n) n->value
910+#define X509_NAME_ENTRY_get_object(n) n->object
911+#define X509_STORE_CTX_get_current_cert(ctx) ctx->current_cert
912+#define X509_STORE_CTX_get_error(ctx) ctx->error
913+#define X509_STORE_CTX_get_error_depth(ctx) ctx->error_depth
914+
915+#define OPENSSL_VERSION SSLEAY_VERSION
916+#define OpenSSL_version SSLeay_version
917+
918+#endif /* OPENSSL_VERSION_NUMBER */
919+
920+#endif /* OPENSSL_COMPAT_H */
921diff --git a/src/racoon/plainrsa-gen.c b/src/racoon/plainrsa-gen.c
922index cad1861..b949b08 100644
923--- a/src/racoon/plainrsa-gen.c
924+++ b/src/racoon/plainrsa-gen.c
925@@ -60,6 +60,7 @@
926 #include "vmbuf.h"
927 #include "plog.h"
928 #include "crypto_openssl.h"
929+#include "openssl_compat.h"
930
931 #include "package_version.h"
932
933@@ -90,12 +91,14 @@ mix_b64_pubkey(const RSA *key)
934 char *binbuf;
935 long binlen, ret;
936 vchar_t *res;
937-
938- binlen = 1 + BN_num_bytes(key->e) + BN_num_bytes(key->n);
939+ const BIGNUM *e, *n;
940+
941+ RSA_get0_key(key, &n, &e, NULL);
942+ binlen = 1 + BN_num_bytes(e) + BN_num_bytes(n);
943 binbuf = malloc(binlen);
944 memset(binbuf, 0, binlen);
945- binbuf[0] = BN_bn2bin(key->e, (unsigned char *) &binbuf[1]);
946- ret = BN_bn2bin(key->n, (unsigned char *) (&binbuf[binbuf[0] + 1]));
947+ binbuf[0] = BN_bn2bin(e, (unsigned char *) &binbuf[1]);
948+ ret = BN_bn2bin(n, (unsigned char *) (&binbuf[binbuf[0] + 1]));
949 if (1 + binbuf[0] + ret != binlen) {
950 plog(LLV_ERROR, LOCATION, NULL,
951 "Pubkey generation failed. This is really strange...\n");
952@@ -131,16 +134,20 @@ print_rsa_key(FILE *fp, const RSA *key)
953
954 fprintf(fp, "# : PUB 0s%s\n", pubkey64->v);
955 fprintf(fp, ": RSA\t{\n");
956- fprintf(fp, "\t# RSA %d bits\n", BN_num_bits(key->n));
957+ const BIGNUM *n, *e, *d, *p, *q, *dmp1, *dmq1, *iqmp;
958+ RSA_get0_key(key, &n, &e, &d);
959+ RSA_get0_factors(key, &p, &q);
960+ RSA_get0_crt_params(key, &dmp1, &dmq1, &iqmp);
961+ fprintf(fp, "\t# RSA %d bits\n", BN_num_bits(n));
962 fprintf(fp, "\t# pubkey=0s%s\n", pubkey64->v);
963- fprintf(fp, "\tModulus: 0x%s\n", lowercase(BN_bn2hex(key->n)));
964- fprintf(fp, "\tPublicExponent: 0x%s\n", lowercase(BN_bn2hex(key->e)));
965- fprintf(fp, "\tPrivateExponent: 0x%s\n", lowercase(BN_bn2hex(key->d)));
966- fprintf(fp, "\tPrime1: 0x%s\n", lowercase(BN_bn2hex(key->p)));
967- fprintf(fp, "\tPrime2: 0x%s\n", lowercase(BN_bn2hex(key->q)));
968- fprintf(fp, "\tExponent1: 0x%s\n", lowercase(BN_bn2hex(key->dmp1)));
969- fprintf(fp, "\tExponent2: 0x%s\n", lowercase(BN_bn2hex(key->dmq1)));
970- fprintf(fp, "\tCoefficient: 0x%s\n", lowercase(BN_bn2hex(key->iqmp)));
971+ fprintf(fp, "\tModulus: 0x%s\n", lowercase(BN_bn2hex(n)));
972+ fprintf(fp, "\tPublicExponent: 0x%s\n", lowercase(BN_bn2hex(e)));
973+ fprintf(fp, "\tPrivateExponent: 0x%s\n", lowercase(BN_bn2hex(d)));
974+ fprintf(fp, "\tPrime1: 0x%s\n", lowercase(BN_bn2hex(p)));
975+ fprintf(fp, "\tPrime2: 0x%s\n", lowercase(BN_bn2hex(q)));
976+ fprintf(fp, "\tExponent1: 0x%s\n", lowercase(BN_bn2hex(dmp1)));
977+ fprintf(fp, "\tExponent2: 0x%s\n", lowercase(BN_bn2hex(dmq1)));
978+ fprintf(fp, "\tCoefficient: 0x%s\n", lowercase(BN_bn2hex(iqmp)));
979 fprintf(fp, " }\n");
980
981 vfree(pubkey64);
982@@ -203,11 +210,13 @@ int
983 gen_rsa_key(FILE *fp, size_t bits, unsigned long exp)
984 {
985 int ret;
986- RSA *key;
987+ RSA *key = RSA_new();
988+ BIGNUM *e = BN_new();
989
990- key = RSA_generate_key(bits, exp, NULL, NULL);
991- if (!key) {
992+ BN_set_word(e, exp);
993+ if (! RSA_generate_key_ex(key, bits, e, NULL)) {
994 fprintf(stderr, "RSA_generate_key(): %s\n", eay_strerror());
995+ RSA_free(key);
996 return -1;
997 }
998
999diff --git a/src/racoon/prsa_par.y b/src/racoon/prsa_par.y
1000index 1987e4d..27ce4c6 100644
1001--- a/src/racoon/prsa_par.y
1002+++ b/src/racoon/prsa_par.y
1003@@ -68,6 +68,7 @@
1004 #include "isakmp_var.h"
1005 #include "handler.h"
1006 #include "crypto_openssl.h"
1007+#include "openssl_compat.h"
1008 #include "sockmisc.h"
1009 #include "rsalist.h"
1010
1011@@ -85,7 +86,18 @@ char *prsa_cur_fname = NULL;
1012 struct genlist *prsa_cur_list = NULL;
1013 enum rsa_key_type prsa_cur_type = RSA_TYPE_ANY;
1014
1015-static RSA *rsa_cur;
1016+struct my_rsa_st {
1017+ BIGNUM *n;
1018+ BIGNUM *e;
1019+ BIGNUM *d;
1020+ BIGNUM *p;
1021+ BIGNUM *q;
1022+ BIGNUM *dmp1;
1023+ BIGNUM *dmq1;
1024+ BIGNUM *iqmp;
1025+};
1026+
1027+static struct my_rsa_st *rsa_cur;
1028
1029 void
1030 prsaerror(const char *s, ...)
1031@@ -201,8 +213,12 @@ rsa_statement:
1032 rsa_cur->iqmp = NULL;
1033 }
1034 }
1035- $$ = rsa_cur;
1036- rsa_cur = RSA_new();
1037+ RSA * rsa_tmp = RSA_new();
1038+ RSA_set0_key(rsa_tmp, rsa_cur->n, rsa_cur->e, rsa_cur->d);
1039+ RSA_set0_factors(rsa_tmp, rsa_cur->p, rsa_cur->q);
1040+ RSA_set0_crt_params(rsa_tmp, rsa_cur->dmp1, rsa_cur->dmq1, rsa_cur->iqmp);
1041+ $$ = rsa_tmp;
1042+ memset(rsa_cur, 0, sizeof(struct my_rsa_st));
1043 }
1044 | TAG_PUB BASE64
1045 {
1046@@ -351,10 +367,12 @@ prsa_parse_file(struct genlist *list, char *fname, enum rsa_key_type type)
1047 prsa_cur_fname = fname;
1048 prsa_cur_list = list;
1049 prsa_cur_type = type;
1050- rsa_cur = RSA_new();
1051+ rsa_cur = malloc(sizeof(struct my_rsa_st));
1052+ memset(rsa_cur, 0, sizeof(struct my_rsa_st));
1053 ret = prsaparse();
1054 if (rsa_cur) {
1055- RSA_free(rsa_cur);
1056+ memset(rsa_cur, 0, sizeof(struct my_rsa_st));
1057+ free(rsa_cur);
1058 rsa_cur = NULL;
1059 }
1060 fclose (fp);
1061diff --git a/src/racoon/rsalist.c b/src/racoon/rsalist.c
1062index f152c82..96e8363 100644
1063--- a/src/racoon/rsalist.c
1064+++ b/src/racoon/rsalist.c
1065@@ -52,6 +52,7 @@
1066 #include "genlist.h"
1067 #include "remoteconf.h"
1068 #include "crypto_openssl.h"
1069+#include "openssl_compat.h"
1070
1071 #ifndef LIST_FIRST
1072 #define LIST_FIRST(head) ((head)->lh_first)
1073@@ -98,7 +99,9 @@ rsa_key_dup(struct rsa_key *key)
1074 return NULL;
1075
1076 if (key->rsa) {
1077- new->rsa = key->rsa->d != NULL ? RSAPrivateKey_dup(key->rsa) : RSAPublicKey_dup(key->rsa);
1078+ const BIGNUM *d;
1079+ RSA_get0_key(key->rsa, NULL, NULL, &d);
1080+ new->rsa = (d != NULL ? RSAPrivateKey_dup(key->rsa) : RSAPublicKey_dup(key->rsa));
1081 if (new->rsa == NULL)
1082 goto dup_error;
1083 }
1084--
10852.7.4
1086
diff --git a/meta-networking/recipes-support/ipsec-tools/ipsec-tools_0.8.2.bb b/meta-networking/recipes-support/ipsec-tools/ipsec-tools_0.8.2.bb
index 37d7def8f4..a6d473b594 100644
--- a/meta-networking/recipes-support/ipsec-tools/ipsec-tools_0.8.2.bb
+++ b/meta-networking/recipes-support/ipsec-tools/ipsec-tools_0.8.2.bb
@@ -5,7 +5,7 @@ SECTION = "net"
5LICENSE = "BSD" 5LICENSE = "BSD"
6LIC_FILES_CHKSUM = "file://src/libipsec/pfkey.c;beginline=6;endline=31;md5=bc9b7ff40beff19fe6bc6aef26bd2b24" 6LIC_FILES_CHKSUM = "file://src/libipsec/pfkey.c;beginline=6;endline=31;md5=bc9b7ff40beff19fe6bc6aef26bd2b24"
7 7
8DEPENDS = "virtual/kernel openssl10 readline flex-native bison-native" 8DEPENDS = "virtual/kernel openssl readline flex-native bison-native"
9 9
10PACKAGE_ARCH = "${MACHINE_ARCH}" 10PACKAGE_ARCH = "${MACHINE_ARCH}"
11 11
@@ -26,6 +26,7 @@ SRC_URI = "http://ftp.netbsd.org/pub/NetBSD/misc/ipsec-tools/0.8/ipsec-tools-${P
26 file://0002-cfparse-clear-memory-equal-to-size-of-array.patch \ 26 file://0002-cfparse-clear-memory-equal-to-size-of-array.patch \
27 file://fix-CVE-2016-10396.patch \ 27 file://fix-CVE-2016-10396.patch \
28 file://0001-Disable-gcc8-specific-warnings.patch \ 28 file://0001-Disable-gcc8-specific-warnings.patch \
29 file://0001-ipsec-tools-add-openssl-1.1-support.patch \
29 " 30 "
30SRC_URI[md5sum] = "d53ec14a0a3ece64e09e5e34b3350b41" 31SRC_URI[md5sum] = "d53ec14a0a3ece64e09e5e34b3350b41"
31SRC_URI[sha256sum] = "8eb6b38716e2f3a8a72f1f549c9444c2bc28d52c9536792690564c74fe722f2d" 32SRC_URI[sha256sum] = "8eb6b38716e2f3a8a72f1f549c9444c2bc28d52c9536792690564c74fe722f2d"
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2025-10-27 13:44:45 +0000