[6/8] ppp: Use openssl for the DES instead of the libcrypt / glibc

Submitted by Khem Raj on Aug. 8, 2018, 5:04 p.m. | Patch ID: 153564

Details

Message ID 311591ab337eaa74854a45f9906984c777e386db.1533747698.git.raj.khem@gmail.com
State New
Headers show

Commit Message

Khem Raj Aug. 8, 2018, 5:04 p.m.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
---
 .../ppp/ppp/ppp-2.4.7-DES-openssl.patch       | 84 +++++++++++++++++++
 meta/recipes-connectivity/ppp/ppp_2.4.7.bb    |  5 +-
 2 files changed, 87 insertions(+), 2 deletions(-)
 create mode 100644 meta/recipes-connectivity/ppp/ppp/ppp-2.4.7-DES-openssl.patch

Patch hide | download patch | download mbox

diff --git a/meta/recipes-connectivity/ppp/ppp/ppp-2.4.7-DES-openssl.patch b/meta/recipes-connectivity/ppp/ppp/ppp-2.4.7-DES-openssl.patch
new file mode 100644
index 0000000000..e53f240543
--- /dev/null
+++ b/meta/recipes-connectivity/ppp/ppp/ppp-2.4.7-DES-openssl.patch
@@ -0,0 +1,84 @@ 
+Used openssl for the DES instead of the libcrypt / glibc
+
+Upstream-Status: Pending
+
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+
+Index: ppp-2.4.7/pppd/Makefile.linux
+===================================================================
+--- ppp-2.4.7.orig/pppd/Makefile.linux
++++ ppp-2.4.7/pppd/Makefile.linux
+@@ -38,7 +38,7 @@ LIBS =
+ # Uncomment the next 2 lines to include support for Microsoft's
+ # MS-CHAP authentication protocol.  Also, edit plugins/radius/Makefile.linux.
+ CHAPMS=y
+-USE_CRYPT=y
++#USE_CRYPT=y
+ # Don't use MSLANMAN unless you really know what you're doing.
+ #MSLANMAN=y
+ # Uncomment the next line to include support for MPPE.  CHAPMS (above) must
+@@ -132,7 +132,7 @@ endif
+ 
+ ifdef NEEDDES
+ ifndef USE_CRYPT
+-LIBS     += -ldes $(LIBS)
++LIBS     += -lcrypto
+ else
+ CFLAGS   += -DUSE_CRYPT=1
+ endif
+Index: ppp-2.4.7/pppd/pppcrypt.c
+===================================================================
+--- ppp-2.4.7.orig/pppd/pppcrypt.c
++++ ppp-2.4.7/pppd/pppcrypt.c
+@@ -64,7 +64,7 @@ u_char *des_key;	/* OUT 64 bit DES key w
+ 	des_key[7] = Get7Bits(key, 49);
+ 
+ #ifndef USE_CRYPT
+-	des_set_odd_parity((des_cblock *)des_key);
++	DES_set_odd_parity((DES_cblock *)des_key);
+ #endif
+ }
+ 
+@@ -158,25 +158,25 @@ u_char *clear;	/* OUT 8 octets */
+ }
+ 
+ #else /* USE_CRYPT */
+-static des_key_schedule	key_schedule;
++static DES_key_schedule	key_schedule;
+ 
+ bool
+ DesSetkey(key)
+ u_char *key;
+ {
+-	des_cblock des_key;
++	DES_cblock des_key;
+ 	MakeKey(key, des_key);
+-	des_set_key(&des_key, key_schedule);
++	DES_set_key(&des_key, &key_schedule);
+ 	return (1);
+ }
+ 
+ bool
+-DesEncrypt(clear, key, cipher)
++DesEncrypt(clear, cipher)
+ u_char *clear;	/* IN  8 octets */
+ u_char *cipher;	/* OUT 8 octets */
+ {
+-	des_ecb_encrypt((des_cblock *)clear, (des_cblock *)cipher,
+-	    key_schedule, 1);
++	DES_ecb_encrypt((DES_cblock *)clear, (DES_cblock *)cipher,
++	    &key_schedule, 1);
+ 	return (1);
+ }
+ 
+@@ -185,8 +185,8 @@ DesDecrypt(cipher, clear)
+ u_char *cipher;	/* IN  8 octets */
+ u_char *clear;	/* OUT 8 octets */
+ {
+-	des_ecb_encrypt((des_cblock *)cipher, (des_cblock *)clear,
+-	    key_schedule, 0);
++	DES_ecb_encrypt((DES_cblock *)cipher, (DES_cblock *)clear,
++	    &key_schedule, 0);
+ 	return (1);
+ }
+ 
diff --git a/meta/recipes-connectivity/ppp/ppp_2.4.7.bb b/meta/recipes-connectivity/ppp/ppp_2.4.7.bb
index a1bb7d71c1..f4646bd693 100644
--- a/meta/recipes-connectivity/ppp/ppp_2.4.7.bb
+++ b/meta/recipes-connectivity/ppp/ppp_2.4.7.bb
@@ -4,7 +4,7 @@  the Point-to-Point Protocol (PPP) on Linux and Solaris systems."
 SECTION = "console/network"
 HOMEPAGE = "http://samba.org/ppp/"
 BUGTRACKER = "http://ppp.samba.org/cgi-bin/ppp-bugs"
-DEPENDS = "libpcap"
+DEPENDS = "libpcap openssl"
 LICENSE = "BSD & GPLv2+ & LGPLv2+ & PD"
 LIC_FILES_CHKSUM = "file://pppd/ccp.c;beginline=1;endline=29;md5=e2c43fe6e81ff77d87dc9c290a424dea \
                     file://pppd/plugins/passprompt.c;beginline=1;endline=10;md5=3bcbcdbf0e369c9a3e0b8c8275b065d8 \
@@ -32,6 +32,7 @@  SRC_URI = "https://download.samba.org/pub/${BPN}/${BP}.tar.gz \
            file://fix-CVE-2015-3310.patch \
            file://0001-pppoe-include-netinet-in.h-before-linux-in.h.patch \
            file://0001-ppp-Remove-unneeded-include.patch \
+           file://ppp-2.4.7-DES-openssl.patch \
 "
 
 SRC_URI_append_libc-musl = "\
@@ -49,7 +50,7 @@  EXTRA_OECONF = "--disable-strip"
 # Package Makefile computes CFLAGS, referencing COPTS.
 # Typically hard-coded to '-O2 -g' in the Makefile's.
 #
-EXTRA_OEMAKE += ' COPTS="${CFLAGS} -I${S}/include"'
+EXTRA_OEMAKE += ' COPTS="${CFLAGS} -I${STAGING_INCDIR}/openssl -I${S}/include"'
 
 do_configure () {
 	oe_runconf

Comments

Ross Burton Aug. 8, 2018, 8:11 p.m.
Is it possible to backport the patch from upstream so when they do
make a new release, devtool doesn't report conflicts but will just
delete the patch?

Ross

On 8 August 2018 at 18:04, Khem Raj <raj.khem@gmail.com> wrote:
> Signed-off-by: Khem Raj <raj.khem@gmail.com>
> ---
>  .../ppp/ppp/ppp-2.4.7-DES-openssl.patch       | 84 +++++++++++++++++++
>  meta/recipes-connectivity/ppp/ppp_2.4.7.bb    |  5 +-
>  2 files changed, 87 insertions(+), 2 deletions(-)
>  create mode 100644 meta/recipes-connectivity/ppp/ppp/ppp-2.4.7-DES-openssl.patch
>
> diff --git a/meta/recipes-connectivity/ppp/ppp/ppp-2.4.7-DES-openssl.patch b/meta/recipes-connectivity/ppp/ppp/ppp-2.4.7-DES-openssl.patch
> new file mode 100644
> index 0000000000..e53f240543
> --- /dev/null
> +++ b/meta/recipes-connectivity/ppp/ppp/ppp-2.4.7-DES-openssl.patch
> @@ -0,0 +1,84 @@
> +Used openssl for the DES instead of the libcrypt / glibc
> +
> +Upstream-Status: Pending
> +
> +Signed-off-by: Khem Raj <raj.khem@gmail.com>
> +
> +Index: ppp-2.4.7/pppd/Makefile.linux
> +===================================================================
> +--- ppp-2.4.7.orig/pppd/Makefile.linux
> ++++ ppp-2.4.7/pppd/Makefile.linux
> +@@ -38,7 +38,7 @@ LIBS =
> + # Uncomment the next 2 lines to include support for Microsoft's
> + # MS-CHAP authentication protocol.  Also, edit plugins/radius/Makefile.linux.
> + CHAPMS=y
> +-USE_CRYPT=y
> ++#USE_CRYPT=y
> + # Don't use MSLANMAN unless you really know what you're doing.
> + #MSLANMAN=y
> + # Uncomment the next line to include support for MPPE.  CHAPMS (above) must
> +@@ -132,7 +132,7 @@ endif
> +
> + ifdef NEEDDES
> + ifndef USE_CRYPT
> +-LIBS     += -ldes $(LIBS)
> ++LIBS     += -lcrypto
> + else
> + CFLAGS   += -DUSE_CRYPT=1
> + endif
> +Index: ppp-2.4.7/pppd/pppcrypt.c
> +===================================================================
> +--- ppp-2.4.7.orig/pppd/pppcrypt.c
> ++++ ppp-2.4.7/pppd/pppcrypt.c
> +@@ -64,7 +64,7 @@ u_char *des_key;     /* OUT 64 bit DES key w
> +       des_key[7] = Get7Bits(key, 49);
> +
> + #ifndef USE_CRYPT
> +-      des_set_odd_parity((des_cblock *)des_key);
> ++      DES_set_odd_parity((DES_cblock *)des_key);
> + #endif
> + }
> +
> +@@ -158,25 +158,25 @@ u_char *clear;   /* OUT 8 octets */
> + }
> +
> + #else /* USE_CRYPT */
> +-static des_key_schedule       key_schedule;
> ++static DES_key_schedule       key_schedule;
> +
> + bool
> + DesSetkey(key)
> + u_char *key;
> + {
> +-      des_cblock des_key;
> ++      DES_cblock des_key;
> +       MakeKey(key, des_key);
> +-      des_set_key(&des_key, key_schedule);
> ++      DES_set_key(&des_key, &key_schedule);
> +       return (1);
> + }
> +
> + bool
> +-DesEncrypt(clear, key, cipher)
> ++DesEncrypt(clear, cipher)
> + u_char *clear;        /* IN  8 octets */
> + u_char *cipher;       /* OUT 8 octets */
> + {
> +-      des_ecb_encrypt((des_cblock *)clear, (des_cblock *)cipher,
> +-          key_schedule, 1);
> ++      DES_ecb_encrypt((DES_cblock *)clear, (DES_cblock *)cipher,
> ++          &key_schedule, 1);
> +       return (1);
> + }
> +
> +@@ -185,8 +185,8 @@ DesDecrypt(cipher, clear)
> + u_char *cipher;       /* IN  8 octets */
> + u_char *clear;        /* OUT 8 octets */
> + {
> +-      des_ecb_encrypt((des_cblock *)cipher, (des_cblock *)clear,
> +-          key_schedule, 0);
> ++      DES_ecb_encrypt((DES_cblock *)cipher, (DES_cblock *)clear,
> ++          &key_schedule, 0);
> +       return (1);
> + }
> +
> diff --git a/meta/recipes-connectivity/ppp/ppp_2.4.7.bb b/meta/recipes-connectivity/ppp/ppp_2.4.7.bb
> index a1bb7d71c1..f4646bd693 100644
> --- a/meta/recipes-connectivity/ppp/ppp_2.4.7.bb
> +++ b/meta/recipes-connectivity/ppp/ppp_2.4.7.bb
> @@ -4,7 +4,7 @@ the Point-to-Point Protocol (PPP) on Linux and Solaris systems."
>  SECTION = "console/network"
>  HOMEPAGE = "http://samba.org/ppp/"
>  BUGTRACKER = "http://ppp.samba.org/cgi-bin/ppp-bugs"
> -DEPENDS = "libpcap"
> +DEPENDS = "libpcap openssl"
>  LICENSE = "BSD & GPLv2+ & LGPLv2+ & PD"
>  LIC_FILES_CHKSUM = "file://pppd/ccp.c;beginline=1;endline=29;md5=e2c43fe6e81ff77d87dc9c290a424dea \
>                      file://pppd/plugins/passprompt.c;beginline=1;endline=10;md5=3bcbcdbf0e369c9a3e0b8c8275b065d8 \
> @@ -32,6 +32,7 @@ SRC_URI = "https://download.samba.org/pub/${BPN}/${BP}.tar.gz \
>             file://fix-CVE-2015-3310.patch \
>             file://0001-pppoe-include-netinet-in.h-before-linux-in.h.patch \
>             file://0001-ppp-Remove-unneeded-include.patch \
> +           file://ppp-2.4.7-DES-openssl.patch \
>  "
>
>  SRC_URI_append_libc-musl = "\
> @@ -49,7 +50,7 @@ EXTRA_OECONF = "--disable-strip"
>  # Package Makefile computes CFLAGS, referencing COPTS.
>  # Typically hard-coded to '-O2 -g' in the Makefile's.
>  #
> -EXTRA_OEMAKE += ' COPTS="${CFLAGS} -I${S}/include"'
> +EXTRA_OEMAKE += ' COPTS="${CFLAGS} -I${STAGING_INCDIR}/openssl -I${S}/include"'
>
>  do_configure () {
>         oe_runconf
> --
> 2.18.0
>
> --
> _______________________________________________
> Openembedded-core mailing list
> Openembedded-core@lists.openembedded.org
> http://lists.openembedded.org/mailman/listinfo/openembedded-core
Khem Raj Aug. 8, 2018, 9:33 p.m.
It is same patch with one change for controlling  include paths

On Wed, Aug 8, 2018 at 1:11 PM Burton, Ross <ross.burton@intel.com> wrote:

> Is it possible to backport the patch from upstream so when they do
> make a new release, devtool doesn't report conflicts but will just
> delete the patch?
>
> Ross
>
> On 8 August 2018 at 18:04, Khem Raj <raj.khem@gmail.com> wrote:
> > Signed-off-by: Khem Raj <raj.khem@gmail.com>
> > ---
> >  .../ppp/ppp/ppp-2.4.7-DES-openssl.patch       | 84 +++++++++++++++++++
> >  meta/recipes-connectivity/ppp/ppp_2.4.7.bb    |  5 +-
> >  2 files changed, 87 insertions(+), 2 deletions(-)
> >  create mode 100644
> meta/recipes-connectivity/ppp/ppp/ppp-2.4.7-DES-openssl.patch
> >
> > diff --git
> a/meta/recipes-connectivity/ppp/ppp/ppp-2.4.7-DES-openssl.patch
> b/meta/recipes-connectivity/ppp/ppp/ppp-2.4.7-DES-openssl.patch
> > new file mode 100644
> > index 0000000000..e53f240543
> > --- /dev/null
> > +++ b/meta/recipes-connectivity/ppp/ppp/ppp-2.4.7-DES-openssl.patch
> > @@ -0,0 +1,84 @@
> > +Used openssl for the DES instead of the libcrypt / glibc
> > +
> > +Upstream-Status: Pending
> > +
> > +Signed-off-by: Khem Raj <raj.khem@gmail.com>
> > +
> > +Index: ppp-2.4.7/pppd/Makefile.linux
> > +===================================================================
> > +--- ppp-2.4.7.orig/pppd/Makefile.linux
> > ++++ ppp-2.4.7/pppd/Makefile.linux
> > +@@ -38,7 +38,7 @@ LIBS =
> > + # Uncomment the next 2 lines to include support for Microsoft's
> > + # MS-CHAP authentication protocol.  Also, edit
> plugins/radius/Makefile.linux.
> > + CHAPMS=y
> > +-USE_CRYPT=y
> > ++#USE_CRYPT=y
> > + # Don't use MSLANMAN unless you really know what you're doing.
> > + #MSLANMAN=y
> > + # Uncomment the next line to include support for MPPE.  CHAPMS (above)
> must
> > +@@ -132,7 +132,7 @@ endif
> > +
> > + ifdef NEEDDES
> > + ifndef USE_CRYPT
> > +-LIBS     += -ldes $(LIBS)
> > ++LIBS     += -lcrypto
> > + else
> > + CFLAGS   += -DUSE_CRYPT=1
> > + endif
> > +Index: ppp-2.4.7/pppd/pppcrypt.c
> > +===================================================================
> > +--- ppp-2.4.7.orig/pppd/pppcrypt.c
> > ++++ ppp-2.4.7/pppd/pppcrypt.c
> > +@@ -64,7 +64,7 @@ u_char *des_key;     /* OUT 64 bit DES key w
> > +       des_key[7] = Get7Bits(key, 49);
> > +
> > + #ifndef USE_CRYPT
> > +-      des_set_odd_parity((des_cblock *)des_key);
> > ++      DES_set_odd_parity((DES_cblock *)des_key);
> > + #endif
> > + }
> > +
> > +@@ -158,25 +158,25 @@ u_char *clear;   /* OUT 8 octets */
> > + }
> > +
> > + #else /* USE_CRYPT */
> > +-static des_key_schedule       key_schedule;
> > ++static DES_key_schedule       key_schedule;
> > +
> > + bool
> > + DesSetkey(key)
> > + u_char *key;
> > + {
> > +-      des_cblock des_key;
> > ++      DES_cblock des_key;
> > +       MakeKey(key, des_key);
> > +-      des_set_key(&des_key, key_schedule);
> > ++      DES_set_key(&des_key, &key_schedule);
> > +       return (1);
> > + }
> > +
> > + bool
> > +-DesEncrypt(clear, key, cipher)
> > ++DesEncrypt(clear, cipher)
> > + u_char *clear;        /* IN  8 octets */
> > + u_char *cipher;       /* OUT 8 octets */
> > + {
> > +-      des_ecb_encrypt((des_cblock *)clear, (des_cblock *)cipher,
> > +-          key_schedule, 1);
> > ++      DES_ecb_encrypt((DES_cblock *)clear, (DES_cblock *)cipher,
> > ++          &key_schedule, 1);
> > +       return (1);
> > + }
> > +
> > +@@ -185,8 +185,8 @@ DesDecrypt(cipher, clear)
> > + u_char *cipher;       /* IN  8 octets */
> > + u_char *clear;        /* OUT 8 octets */
> > + {
> > +-      des_ecb_encrypt((des_cblock *)cipher, (des_cblock *)clear,
> > +-          key_schedule, 0);
> > ++      DES_ecb_encrypt((DES_cblock *)cipher, (DES_cblock *)clear,
> > ++          &key_schedule, 0);
> > +       return (1);
> > + }
> > +
> > diff --git a/meta/recipes-connectivity/ppp/ppp_2.4.7.bb
> b/meta/recipes-connectivity/ppp/ppp_2.4.7.bb
> > index a1bb7d71c1..f4646bd693 100644
> > --- a/meta/recipes-connectivity/ppp/ppp_2.4.7.bb
> > +++ b/meta/recipes-connectivity/ppp/ppp_2.4.7.bb
> > @@ -4,7 +4,7 @@ the Point-to-Point Protocol (PPP) on Linux and Solaris
> systems."
> >  SECTION = "console/network"
> >  HOMEPAGE = "http://samba.org/ppp/"
> >  BUGTRACKER = "http://ppp.samba.org/cgi-bin/ppp-bugs"
> > -DEPENDS = "libpcap"
> > +DEPENDS = "libpcap openssl"
> >  LICENSE = "BSD & GPLv2+ & LGPLv2+ & PD"
> >  LIC_FILES_CHKSUM =
> "file://pppd/ccp.c;beginline=1;endline=29;md5=e2c43fe6e81ff77d87dc9c290a424dea
> \
> >
> file://pppd/plugins/passprompt.c;beginline=1;endline=10;md5=3bcbcdbf0e369c9a3e0b8c8275b065d8
> \
> > @@ -32,6 +32,7 @@ SRC_URI = "
> https://download.samba.org/pub/${BPN}/${BP}.tar.gz \
> >             file://fix-CVE-2015-3310.patch \
> >
>  file://0001-pppoe-include-netinet-in.h-before-linux-in.h.patch \
> >             file://0001-ppp-Remove-unneeded-include.patch \
> > +           file://ppp-2.4.7-DES-openssl.patch \
> >  "
> >
> >  SRC_URI_append_libc-musl = "\
> > @@ -49,7 +50,7 @@ EXTRA_OECONF = "--disable-strip"
> >  # Package Makefile computes CFLAGS, referencing COPTS.
> >  # Typically hard-coded to '-O2 -g' in the Makefile's.
> >  #
> > -EXTRA_OEMAKE += ' COPTS="${CFLAGS} -I${S}/include"'
> > +EXTRA_OEMAKE += ' COPTS="${CFLAGS} -I${STAGING_INCDIR}/openssl
> -I${S}/include"'
> >
> >  do_configure () {
> >         oe_runconf
> > --
> > 2.18.0
> >
> > --
> > _______________________________________________
> > Openembedded-core mailing list
> > Openembedded-core@lists.openembedded.org
> > http://lists.openembedded.org/mailman/listinfo/openembedded-core
>