[packages/ipsec-tools] - rediff patch
baggins
baggins at pld-linux.org
Wed Oct 6 23:10:28 CEST 2021
commit 1d7d76bb412a322ad337ef25c2c2bed16172662a
Author: Jan Rękorajski <baggins at pld-linux.org>
Date: Wed Oct 6 23:10:18 2021 +0200
- rediff patch
ipsec-tools-openssl-1.1.patch | 633 +++++++++++++++++++++---------------------
1 file changed, 312 insertions(+), 321 deletions(-)
---
diff --git a/ipsec-tools-openssl-1.1.patch b/ipsec-tools-openssl-1.1.patch
index 8bfa0fd..177cbd7 100644
--- a/ipsec-tools-openssl-1.1.patch
+++ b/ipsec-tools-openssl-1.1.patch
@@ -2,47 +2,84 @@ raw from https://sources.debian.org/data/main/i/ipsec-tools/1:0.8.2+20140711-12/
Index: pkg-ipsec-tools/src/racoon/eaytest.c
===================================================================
---- pkg-ipsec-tools.orig/src/racoon/eaytest.c
-+++ pkg-ipsec-tools/src/racoon/eaytest.c
-@@ -62,6 +62,7 @@
- #include "dhgroup.h"
- #include "crypto_openssl.h"
- #include "gnuc.h"
-+#include "openssl_compat.h"
+diff -urNp -x '*.orig' ipsec-tools-0.8.2.org/src/racoon/Makefile.am ipsec-tools-0.8.2/src/racoon/Makefile.am
+--- ipsec-tools-0.8.2.org/src/racoon/Makefile.am 2021-10-06 23:09:26.548708630 +0200
++++ ipsec-tools-0.8.2/src/racoon/Makefile.am 2021-10-06 23:09:26.688706745 +0200
+@@ -4,7 +4,7 @@ sbin_PROGRAMS = racoon racoonctl plainrs
+ noinst_PROGRAMS = eaytest
+ include_racoon_HEADERS = racoonctl.h var.h vmbuf.h misc.h gcmalloc.h admin.h \
+ schedule.h sockmisc.h isakmp_var.h isakmp.h isakmp_xauth.h \
+- isakmp_cfg.h isakmp_unity.h ipsec_doi.h evt.h
++ isakmp_cfg.h isakmp_unity.h ipsec_doi.h evt.h openssl_compat.h
+ lib_LTLIBRARIES = libracoon.la
- #include "package_version.h"
+ adminsockdir=${localstatedir}/racoon
+@@ -32,7 +32,7 @@ racoon_SOURCES = \
+ gssapi.c dnssec.c getcertsbyname.c privsep.c \
+ pfkey.c admin.c evt.c ipsec_doi.c oakley.c grabmyaddr.c vendorid.c \
+ policy.c localconf.c remoteconf.c crypto_openssl.c algorithm.c \
+- proposal.c sainfo.c strnames.c \
++ openssl_compat.c proposal.c sainfo.c strnames.c \
+ plog.c logger.c schedule.c str2val.c \
+ safefile.c backupsa.c genlist.c rsalist.c \
+ cftoken.l cfparse.y prsa_tok.l prsa_par.y
+@@ -52,12 +52,12 @@ libracoon_la_CFLAGS = -DNOUSE_PRIVSEP $(
+ libracoon_la_LIBADD = ../libipsec/libipsec.la
-@@ -103,7 +104,7 @@ rsa_verify_with_pubkey(src, sig, pubkey_
- printf ("PEM_read_PUBKEY(): %s\n", eay_strerror());
- return -1;
- }
-- error = eay_check_rsasign(src, sig, evp->pkey.rsa);
-+ error = eay_check_rsasign(src, sig, EVP_PKEY_get0_RSA(evp));
+ plainrsa_gen_SOURCES = plainrsa-gen.c plog.c \
+- crypto_openssl.c logger.c
++ crypto_openssl.c logger.c openssl_compat.c
+ EXTRA_plainrsa_gen_SOURCES = $(MISSING_ALGOS)
+ plainrsa_gen_LDADD = $(CRYPTOBJS) vmbuf.o misc.o
+ plainrsa_gen_DEPENDENCIES = $(CRYPTOBJS) vmbuf.o misc.o
- return error;
- }
-@@ -698,7 +699,7 @@ ciphertest(ac, av)
- eay_cast_encrypt, eay_cast_decrypt) < 0)
- return -1;
-
+-eaytest_SOURCES = eaytest.c plog.c logger.c
++eaytest_SOURCES = eaytest.c plog.c logger.c openssl_compat.c
+ EXTRA_eaytest_SOURCES = missing/crypto/sha2/sha2.c
+ eaytest_LDADD = crypto_openssl_test.o vmbuf.o str2val.o misc_noplog.o \
+ $(CRYPTOBJS)
+@@ -76,7 +76,7 @@ noinst_HEADERS = \
+ debugrm.h isakmp.h misc.h sainfo.h \
+ dhgroup.h isakmp_agg.h netdb_dnssec.h schedule.h \
+ isakmp_cfg.h isakmp_xauth.h isakmp_unity.h isakmp_frag.h \
+- throttle.h privsep.h \
++ throttle.h privsep.h openssl_compat.h \
+ cfparse_proto.h cftoken_proto.h genlist.h rsalist.h \
+ missing/crypto/sha2/sha2.h missing/crypto/rijndael/rijndael_local.h \
+ missing/crypto/rijndael/rijndael-api-fst.h \
+diff -urNp -x '*.orig' ipsec-tools-0.8.2.org/src/racoon/algorithm.c ipsec-tools-0.8.2/src/racoon/algorithm.c
+--- ipsec-tools-0.8.2.org/src/racoon/algorithm.c 2006-10-06 14:02:27.000000000 +0200
++++ ipsec-tools-0.8.2/src/racoon/algorithm.c 2021-10-06 23:09:26.688706745 +0200
+@@ -128,7 +128,7 @@ static struct enc_algorithm oakley_encde
+ { "aes", algtype_aes, OAKLEY_ATTR_ENC_ALG_AES, 16,
+ eay_aes_encrypt, eay_aes_decrypt,
+ eay_aes_weakkey, eay_aes_keylen, },
+-#ifdef HAVE_OPENSSL_CAMELLIA_H
++#if defined(HAVE_OPENSSL_CAMELLIA_H) && ! defined(OPENSSL_NO_CAMELLIA)
+ { "camellia", algtype_camellia, OAKLEY_ATTR_ENC_ALG_CAMELLIA, 16,
+ eay_camellia_encrypt, eay_camellia_decrypt,
+ eay_camellia_weakkey, eay_camellia_keylen, },
+@@ -168,7 +168,7 @@ static struct enc_algorithm ipsec_encdef
+ { "twofish", algtype_twofish, IPSECDOI_ESP_TWOFISH, 16,
+ NULL, NULL,
+ NULL, eay_twofish_keylen, },
-#ifdef HAVE_OPENSSL_IDEA_H
+#if defined(HAVE_OPENSSL_IDEA_H) && ! defined(OPENSSL_NO_IDEA)
- if (ciphertest_1 ("IDEA",
- &data, 8,
- &key, key.l,
-@@ -715,7 +716,7 @@ ciphertest(ac, av)
- eay_rc5_encrypt, eay_rc5_decrypt) < 0)
- return -1;
- #endif
--#if defined(HAVE_OPENSSL_CAMELLIA_H)
+ { "3idea", algtype_3idea, IPSECDOI_ESP_3IDEA, 8,
+ NULL, NULL,
+ NULL, NULL, },
+@@ -179,7 +179,7 @@ static struct enc_algorithm ipsec_encdef
+ { "rc4", algtype_rc4, IPSECDOI_ESP_RC4, 8,
+ NULL, NULL,
+ NULL, NULL, },
+-#ifdef HAVE_OPENSSL_CAMELLIA_H
+#if defined(HAVE_OPENSSL_CAMELLIA_H) && ! defined(OPENSSL_NO_CAMELLIA)
- if (ciphertest_1 ("CAMELLIA",
- &data, 16,
- &key, key.l,
-Index: pkg-ipsec-tools/src/racoon/crypto_openssl.c
-===================================================================
---- pkg-ipsec-tools.orig/src/racoon/crypto_openssl.c
-+++ pkg-ipsec-tools/src/racoon/crypto_openssl.c
+ { "camellia", algtype_camellia, IPSECDOI_ESP_CAMELLIA, 16,
+ NULL, NULL,
+ NULL, eay_camellia_keylen, },
+diff -urNp -x '*.orig' ipsec-tools-0.8.2.org/src/racoon/crypto_openssl.c ipsec-tools-0.8.2/src/racoon/crypto_openssl.c
+--- ipsec-tools-0.8.2.org/src/racoon/crypto_openssl.c 2012-12-24 15:50:39.000000000 +0100
++++ ipsec-tools-0.8.2/src/racoon/crypto_openssl.c 2021-10-06 23:09:26.688706745 +0200
@@ -90,6 +90,7 @@
#endif
#endif
@@ -51,7 +88,7 @@ Index: pkg-ipsec-tools/src/racoon/crypto_openssl.c
#define USE_NEW_DES_API
-@@ -318,9 +319,12 @@ eay_cmp_asn1dn(n1, n2)
+@@ -316,9 +317,12 @@ eay_cmp_asn1dn(n1, n2)
i = idx+1;
goto end;
}
@@ -67,7 +104,7 @@ Index: pkg-ipsec-tools/src/racoon/crypto_openssl.c
i = idx+1;
goto end;
}
-@@ -432,7 +436,7 @@ cb_check_cert_local(ok, ctx)
+@@ -430,7 +434,7 @@ cb_check_cert_local(ok, ctx)
if (!ok) {
X509_NAME_oneline(
@@ -76,7 +113,7 @@ Index: pkg-ipsec-tools/src/racoon/crypto_openssl.c
buf,
256);
/*
-@@ -440,7 +444,8 @@ cb_check_cert_local(ok, ctx)
+@@ -438,7 +442,8 @@ cb_check_cert_local(ok, ctx)
* ok if they are self signed. But we should still warn
* the user.
*/
@@ -86,7 +123,7 @@ Index: pkg-ipsec-tools/src/racoon/crypto_openssl.c
case X509_V_ERR_CERT_HAS_EXPIRED:
case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
case X509_V_ERR_INVALID_CA:
-@@ -455,9 +460,9 @@ cb_check_cert_local(ok, ctx)
+@@ -453,9 +458,9 @@ cb_check_cert_local(ok, ctx)
}
plog(log_tag, LOCATION, NULL,
"%s(%d) at depth:%d SubjectName:%s\n",
@@ -99,7 +136,7 @@ Index: pkg-ipsec-tools/src/racoon/crypto_openssl.c
buf);
}
ERR_clear_error();
-@@ -479,10 +484,11 @@ cb_check_cert_remote(ok, ctx)
+@@ -477,10 +482,11 @@ cb_check_cert_remote(ok, ctx)
if (!ok) {
X509_NAME_oneline(
@@ -113,7 +150,7 @@ Index: pkg-ipsec-tools/src/racoon/crypto_openssl.c
case X509_V_ERR_UNABLE_TO_GET_CRL:
ok = 1;
log_tag = LLV_WARNING;
-@@ -492,9 +498,9 @@ cb_check_cert_remote(ok, ctx)
+@@ -490,9 +496,9 @@ cb_check_cert_remote(ok, ctx)
}
plog(log_tag, LOCATION, NULL,
"%s(%d) at depth:%d SubjectName:%s\n",
@@ -126,7 +163,7 @@ Index: pkg-ipsec-tools/src/racoon/crypto_openssl.c
buf);
}
ERR_clear_error();
-@@ -518,14 +524,15 @@ eay_get_x509asn1subjectname(cert)
+@@ -516,14 +522,15 @@ eay_get_x509asn1subjectname(cert)
if (x509 == NULL)
goto error;
@@ -144,7 +181,7 @@ Index: pkg-ipsec-tools/src/racoon/crypto_openssl.c
X509_free(x509);
-@@ -684,15 +691,16 @@ eay_get_x509asn1issuername(cert)
+@@ -661,15 +668,16 @@ eay_get_x509asn1issuername(cert)
if (x509 == NULL)
goto error;
@@ -163,7 +200,7 @@ Index: pkg-ipsec-tools/src/racoon/crypto_openssl.c
X509_free(x509);
-@@ -873,7 +881,7 @@ eay_check_x509sign(source, sig, cert)
+@@ -850,7 +858,7 @@ eay_check_x509sign(source, sig, cert)
return -1;
}
@@ -172,7 +209,7 @@ Index: pkg-ipsec-tools/src/racoon/crypto_openssl.c
EVP_PKEY_free(evp);
X509_free(x509);
-@@ -1015,7 +1023,7 @@ eay_get_x509sign(src, privkey)
+@@ -992,7 +1000,7 @@ eay_get_x509sign(src, privkey)
if (evp == NULL)
return NULL;
@@ -181,7 +218,7 @@ Index: pkg-ipsec-tools/src/racoon/crypto_openssl.c
EVP_PKEY_free(evp);
-@@ -1102,7 +1110,11 @@ eay_strerror()
+@@ -1079,7 +1087,11 @@ eay_strerror()
int line, flags;
unsigned long es;
@@ -193,7 +230,7 @@ Index: pkg-ipsec-tools/src/racoon/crypto_openssl.c
while ((l = ERR_get_error_line_data(&file, &line, &data, &flags)) != 0){
n = snprintf(ebuf + len, sizeof(ebuf) - len,
-@@ -1123,7 +1135,7 @@ vchar_t *
+@@ -1100,7 +1112,7 @@ vchar_t *
evp_crypt(vchar_t *data, vchar_t *key, vchar_t *iv, const EVP_CIPHER *e, int enc)
{
vchar_t *res;
@@ -202,7 +239,7 @@ Index: pkg-ipsec-tools/src/racoon/crypto_openssl.c
if (!e)
return NULL;
-@@ -1134,7 +1146,7 @@ evp_crypt(vchar_t *data, vchar_t *key, v
+@@ -1111,7 +1123,7 @@ evp_crypt(vchar_t *data, vchar_t *key, v
if ((res = vmalloc(data->l)) == NULL)
return NULL;
@@ -211,7 +248,7 @@ Index: pkg-ipsec-tools/src/racoon/crypto_openssl.c
switch(EVP_CIPHER_nid(e)){
case NID_bf_cbc:
-@@ -1148,54 +1160,41 @@ evp_crypt(vchar_t *data, vchar_t *key, v
+@@ -1125,54 +1137,41 @@ evp_crypt(vchar_t *data, vchar_t *key, v
/* XXX: can we do that also for algos with a fixed key size ?
*/
/* init context without key/iv
@@ -290,7 +327,7 @@ Index: pkg-ipsec-tools/src/racoon/crypto_openssl.c
}
int
-@@ -1253,7 +1252,7 @@ eay_des_keylen(len)
+@@ -1230,7 +1229,7 @@ eay_des_keylen(len)
return evp_keylen(len, EVP_des_cbc());
}
@@ -299,7 +336,7 @@ Index: pkg-ipsec-tools/src/racoon/crypto_openssl.c
/*
* IDEA-CBC
*/
-@@ -1610,7 +1609,7 @@ eay_aes_keylen(len)
+@@ -1587,7 +1586,7 @@ eay_aes_keylen(len)
return len;
}
@@ -308,7 +345,7 @@ Index: pkg-ipsec-tools/src/racoon/crypto_openssl.c
/*
* CAMELLIA-CBC
*/
-@@ -1703,9 +1702,9 @@ eay_hmac_init(key, md)
+@@ -1680,9 +1679,9 @@ eay_hmac_init(key, md)
vchar_t *key;
const EVP_MD *md;
{
@@ -320,7 +357,7 @@ Index: pkg-ipsec-tools/src/racoon/crypto_openssl.c
return (caddr_t)c;
}
-@@ -1784,8 +1783,7 @@ eay_hmacsha2_512_final(c)
+@@ -1761,8 +1760,7 @@ eay_hmacsha2_512_final(c)
HMAC_Final((HMAC_CTX *)c, (unsigned char *) res->v, &l);
res->l = l;
@@ -330,7 +367,7 @@ Index: pkg-ipsec-tools/src/racoon/crypto_openssl.c
if (SHA512_DIGEST_LENGTH != res->l) {
plog(LLV_ERROR, LOCATION, NULL,
-@@ -1834,8 +1832,7 @@ eay_hmacsha2_384_final(c)
+@@ -1811,8 +1809,7 @@ eay_hmacsha2_384_final(c)
HMAC_Final((HMAC_CTX *)c, (unsigned char *) res->v, &l);
res->l = l;
@@ -340,7 +377,7 @@ Index: pkg-ipsec-tools/src/racoon/crypto_openssl.c
if (SHA384_DIGEST_LENGTH != res->l) {
plog(LLV_ERROR, LOCATION, NULL,
-@@ -1884,8 +1881,7 @@ eay_hmacsha2_256_final(c)
+@@ -1861,8 +1858,7 @@ eay_hmacsha2_256_final(c)
HMAC_Final((HMAC_CTX *)c, (unsigned char *) res->v, &l);
res->l = l;
@@ -350,7 +387,7 @@ Index: pkg-ipsec-tools/src/racoon/crypto_openssl.c
if (SHA256_DIGEST_LENGTH != res->l) {
plog(LLV_ERROR, LOCATION, NULL,
-@@ -1935,8 +1931,7 @@ eay_hmacsha1_final(c)
+@@ -1912,8 +1908,7 @@ eay_hmacsha1_final(c)
HMAC_Final((HMAC_CTX *)c, (unsigned char *) res->v, &l);
res->l = l;
@@ -360,7 +397,7 @@ Index: pkg-ipsec-tools/src/racoon/crypto_openssl.c
if (SHA_DIGEST_LENGTH != res->l) {
plog(LLV_ERROR, LOCATION, NULL,
-@@ -1985,8 +1980,7 @@ eay_hmacmd5_final(c)
+@@ -1962,8 +1957,7 @@ eay_hmacmd5_final(c)
HMAC_Final((HMAC_CTX *)c, (unsigned char *) res->v, &l);
res->l = l;
@@ -370,7 +407,7 @@ Index: pkg-ipsec-tools/src/racoon/crypto_openssl.c
if (MD5_DIGEST_LENGTH != res->l) {
plog(LLV_ERROR, LOCATION, NULL,
-@@ -2289,6 +2283,7 @@ eay_dh_generate(prime, g, publen, pub, p
+@@ -2266,6 +2260,7 @@ eay_dh_generate(prime, g, publen, pub, p
u_int32_t g;
{
BIGNUM *p = NULL;
@@ -378,7 +415,7 @@ Index: pkg-ipsec-tools/src/racoon/crypto_openssl.c
DH *dh = NULL;
int error = -1;
-@@ -2299,25 +2294,28 @@ eay_dh_generate(prime, g, publen, pub, p
+@@ -2276,25 +2271,28 @@ eay_dh_generate(prime, g, publen, pub, p
if ((dh = DH_new()) == NULL)
goto end;
@@ -415,7 +452,7 @@ Index: pkg-ipsec-tools/src/racoon/crypto_openssl.c
vfree(*pub);
goto end;
}
-@@ -2329,6 +2327,8 @@ end:
+@@ -2306,6 +2304,8 @@ end:
DH_free(dh);
if (p != 0)
BN_free(p);
@@ -424,7 +461,7 @@ Index: pkg-ipsec-tools/src/racoon/crypto_openssl.c
return(error);
}
-@@ -2350,19 +2350,26 @@ eay_dh_compute(prime, g, pub, priv, pub2
+@@ -2327,19 +2327,26 @@ eay_dh_compute(prime, g, pub, priv, pub2
/* make DH structure */
if ((dh = DH_new()) == NULL)
goto end;
@@ -459,7 +496,7 @@ Index: pkg-ipsec-tools/src/racoon/crypto_openssl.c
if ((v = racoon_calloc(prime->l, sizeof(u_char))) == NULL)
goto end;
-@@ -2373,6 +2380,14 @@ eay_dh_compute(prime, g, pub, priv, pub2
+@@ -2350,6 +2357,14 @@ eay_dh_compute(prime, g, pub, priv, pub2
error = 0;
end:
@@ -474,7 +511,7 @@ Index: pkg-ipsec-tools/src/racoon/crypto_openssl.c
if (dh_pub != NULL)
BN_free(dh_pub);
if (dh != NULL)
-@@ -2423,12 +2438,14 @@ eay_bn2v(var, bn)
+@@ -2400,12 +2415,14 @@ eay_bn2v(var, bn)
void
eay_init()
{
@@ -489,7 +526,7 @@ Index: pkg-ipsec-tools/src/racoon/crypto_openssl.c
}
vchar_t *
-@@ -2527,8 +2544,7 @@ binbuf_pubkey2rsa(vchar_t *binbuf)
+@@ -2504,8 +2521,7 @@ binbuf_pubkey2rsa(vchar_t *binbuf)
goto out;
}
@@ -499,48 +536,16 @@ Index: pkg-ipsec-tools/src/racoon/crypto_openssl.c
out:
return rsa_pub;
-@@ -2605,5 +2621,5 @@ eay_random()
+@@ -2582,5 +2598,5 @@ eay_random()
const char *
eay_version()
{
- return SSLeay_version(SSLEAY_VERSION);
+ return OpenSSL_version(OPENSSL_VERSION);
}
-Index: pkg-ipsec-tools/src/racoon/algorithm.c
-===================================================================
---- pkg-ipsec-tools.orig/src/racoon/algorithm.c
-+++ pkg-ipsec-tools/src/racoon/algorithm.c
-@@ -128,7 +128,7 @@ static struct enc_algorithm oakley_encde
- { "aes", algtype_aes, OAKLEY_ATTR_ENC_ALG_AES, 16,
- eay_aes_encrypt, eay_aes_decrypt,
- eay_aes_weakkey, eay_aes_keylen, },
--#ifdef HAVE_OPENSSL_CAMELLIA_H
-+#if defined(HAVE_OPENSSL_CAMELLIA_H) && ! defined(OPENSSL_NO_CAMELLIA)
- { "camellia", algtype_camellia, OAKLEY_ATTR_ENC_ALG_CAMELLIA, 16,
- eay_camellia_encrypt, eay_camellia_decrypt,
- eay_camellia_weakkey, eay_camellia_keylen, },
-@@ -168,7 +168,7 @@ static struct enc_algorithm ipsec_encdef
- { "twofish", algtype_twofish, IPSECDOI_ESP_TWOFISH, 16,
- NULL, NULL,
- NULL, eay_twofish_keylen, },
--#ifdef HAVE_OPENSSL_IDEA_H
-+#if defined(HAVE_OPENSSL_IDEA_H) && ! defined(OPENSSL_NO_IDEA)
- { "3idea", algtype_3idea, IPSECDOI_ESP_3IDEA, 8,
- NULL, NULL,
- NULL, NULL, },
-@@ -179,7 +179,7 @@ static struct enc_algorithm ipsec_encdef
- { "rc4", algtype_rc4, IPSECDOI_ESP_RC4, 8,
- NULL, NULL,
- NULL, NULL, },
--#ifdef HAVE_OPENSSL_CAMELLIA_H
-+#if defined(HAVE_OPENSSL_CAMELLIA_H) && ! defined(OPENSSL_NO_CAMELLIA)
- { "camellia", algtype_camellia, IPSECDOI_ESP_CAMELLIA, 16,
- NULL, NULL,
- NULL, eay_camellia_keylen, },
-Index: pkg-ipsec-tools/src/racoon/crypto_openssl.h
-===================================================================
---- pkg-ipsec-tools.orig/src/racoon/crypto_openssl.h
-+++ pkg-ipsec-tools/src/racoon/crypto_openssl.h
+diff -urNp -x '*.orig' ipsec-tools-0.8.2.org/src/racoon/crypto_openssl.h ipsec-tools-0.8.2/src/racoon/crypto_openssl.h
+--- ipsec-tools-0.8.2.org/src/racoon/crypto_openssl.h 2009-08-17 13:59:10.000000000 +0200
++++ ipsec-tools-0.8.2/src/racoon/crypto_openssl.h 2021-10-06 23:09:26.688706745 +0200
@@ -124,7 +124,7 @@ extern vchar_t *eay_aes_decrypt __P((vch
extern int eay_aes_weakkey __P((vchar_t *));
extern int eay_aes_keylen __P((int));
@@ -550,10 +555,47 @@ Index: pkg-ipsec-tools/src/racoon/crypto_openssl.h
/* Camellia */
extern vchar_t *eay_camellia_encrypt __P((vchar_t *, vchar_t *, vchar_t *));
extern vchar_t *eay_camellia_decrypt __P((vchar_t *, vchar_t *, vchar_t *));
-Index: pkg-ipsec-tools/src/racoon/ipsec_doi.c
-===================================================================
---- pkg-ipsec-tools.orig/src/racoon/ipsec_doi.c
-+++ pkg-ipsec-tools/src/racoon/ipsec_doi.c
+diff -urNp -x '*.orig' ipsec-tools-0.8.2.org/src/racoon/eaytest.c ipsec-tools-0.8.2/src/racoon/eaytest.c
+--- ipsec-tools-0.8.2.org/src/racoon/eaytest.c 2010-01-18 00:02:48.000000000 +0100
++++ ipsec-tools-0.8.2/src/racoon/eaytest.c 2021-10-06 23:09:26.688706745 +0200
+@@ -62,6 +62,7 @@
+ #include "dhgroup.h"
+ #include "crypto_openssl.h"
+ #include "gnuc.h"
++#include "openssl_compat.h"
+
+ #include "package_version.h"
+
+@@ -103,7 +104,7 @@ rsa_verify_with_pubkey(src, sig, pubkey_
+ printf ("PEM_read_PUBKEY(): %s\n", eay_strerror());
+ return -1;
+ }
+- error = eay_check_rsasign(src, sig, evp->pkey.rsa);
++ error = eay_check_rsasign(src, sig, EVP_PKEY_get0_RSA(evp));
+
+ return error;
+ }
+@@ -698,7 +699,7 @@ ciphertest(ac, av)
+ eay_cast_encrypt, eay_cast_decrypt) < 0)
+ return -1;
+
+-#ifdef HAVE_OPENSSL_IDEA_H
++#if defined(HAVE_OPENSSL_IDEA_H) && ! defined(OPENSSL_NO_IDEA)
+ if (ciphertest_1 ("IDEA",
+ &data, 8,
+ &key, key.l,
+@@ -715,7 +716,7 @@ ciphertest(ac, av)
+ eay_rc5_encrypt, eay_rc5_decrypt) < 0)
+ return -1;
+ #endif
+-#if defined(HAVE_OPENSSL_CAMELLIA_H)
++#if defined(HAVE_OPENSSL_CAMELLIA_H) && ! defined(OPENSSL_NO_CAMELLIA)
+ if (ciphertest_1 ("CAMELLIA",
+ &data, 16,
+ &key, key.l,
+diff -urNp -x '*.orig' ipsec-tools-0.8.2.org/src/racoon/ipsec_doi.c ipsec-tools-0.8.2/src/racoon/ipsec_doi.c
+--- ipsec-tools-0.8.2.org/src/racoon/ipsec_doi.c 2013-06-18 07:40:36.000000000 +0200
++++ ipsec-tools-0.8.2/src/racoon/ipsec_doi.c 2021-10-06 23:09:26.688706745 +0200
@@ -715,7 +715,7 @@ out:
/* key length must not be specified on some algorithms */
if (keylen) {
@@ -563,219 +605,9 @@ Index: pkg-ipsec-tools/src/racoon/ipsec_doi.c
|| sa->enctype == OAKLEY_ATTR_ENC_ALG_IDEA
#endif
|| sa->enctype == OAKLEY_ATTR_ENC_ALG_3DES) {
-Index: pkg-ipsec-tools/src/racoon/plainrsa-gen.c
-===================================================================
---- pkg-ipsec-tools.orig/src/racoon/plainrsa-gen.c
-+++ pkg-ipsec-tools/src/racoon/plainrsa-gen.c
-@@ -60,6 +60,7 @@
- #include "vmbuf.h"
- #include "plog.h"
- #include "crypto_openssl.h"
-+#include "openssl_compat.h"
-
- #include "package_version.h"
-
-@@ -90,12 +91,14 @@ mix_b64_pubkey(const RSA *key)
- char *binbuf;
- long binlen, ret;
- vchar_t *res;
--
-- binlen = 1 + BN_num_bytes(key->e) + BN_num_bytes(key->n);
-+ const BIGNUM *e, *n;
-+
-+ RSA_get0_key(key, &n, &e, NULL);
-+ binlen = 1 + BN_num_bytes(e) + BN_num_bytes(n);
- binbuf = malloc(binlen);
- memset(binbuf, 0, binlen);
-- binbuf[0] = BN_bn2bin(key->e, (unsigned char *) &binbuf[1]);
-- ret = BN_bn2bin(key->n, (unsigned char *) (&binbuf[binbuf[0] + 1]));
-+ binbuf[0] = BN_bn2bin(e, (unsigned char *) &binbuf[1]);
-+ ret = BN_bn2bin(n, (unsigned char *) (&binbuf[binbuf[0] + 1]));
- if (1 + binbuf[0] + ret != binlen) {
- plog(LLV_ERROR, LOCATION, NULL,
- "Pubkey generation failed. This is really strange...\n");
-@@ -131,16 +134,20 @@ print_rsa_key(FILE *fp, const RSA *key)
-
- fprintf(fp, "# : PUB 0s%s\n", pubkey64->v);
- fprintf(fp, ": RSA\t{\n");
-- fprintf(fp, "\t# RSA %d bits\n", BN_num_bits(key->n));
-+ const BIGNUM *n, *e, *d, *p, *q, *dmp1, *dmq1, *iqmp;
-+ RSA_get0_key(key, &n, &e, &d);
-+ RSA_get0_factors(key, &p, &q);
-+ RSA_get0_crt_params(key, &dmp1, &dmq1, &iqmp);
-+ fprintf(fp, "\t# RSA %d bits\n", BN_num_bits(n));
- fprintf(fp, "\t# pubkey=0s%s\n", pubkey64->v);
-- fprintf(fp, "\tModulus: 0x%s\n", lowercase(BN_bn2hex(key->n)));
-- fprintf(fp, "\tPublicExponent: 0x%s\n", lowercase(BN_bn2hex(key->e)));
-- fprintf(fp, "\tPrivateExponent: 0x%s\n", lowercase(BN_bn2hex(key->d)));
-- fprintf(fp, "\tPrime1: 0x%s\n", lowercase(BN_bn2hex(key->p)));
-- fprintf(fp, "\tPrime2: 0x%s\n", lowercase(BN_bn2hex(key->q)));
-- fprintf(fp, "\tExponent1: 0x%s\n", lowercase(BN_bn2hex(key->dmp1)));
-- fprintf(fp, "\tExponent2: 0x%s\n", lowercase(BN_bn2hex(key->dmq1)));
-- fprintf(fp, "\tCoefficient: 0x%s\n", lowercase(BN_bn2hex(key->iqmp)));
-+ fprintf(fp, "\tModulus: 0x%s\n", lowercase(BN_bn2hex(n)));
-+ fprintf(fp, "\tPublicExponent: 0x%s\n", lowercase(BN_bn2hex(e)));
-+ fprintf(fp, "\tPrivateExponent: 0x%s\n", lowercase(BN_bn2hex(d)));
-+ fprintf(fp, "\tPrime1: 0x%s\n", lowercase(BN_bn2hex(p)));
-+ fprintf(fp, "\tPrime2: 0x%s\n", lowercase(BN_bn2hex(q)));
-+ fprintf(fp, "\tExponent1: 0x%s\n", lowercase(BN_bn2hex(dmp1)));
-+ fprintf(fp, "\tExponent2: 0x%s\n", lowercase(BN_bn2hex(dmq1)));
-+ fprintf(fp, "\tCoefficient: 0x%s\n", lowercase(BN_bn2hex(iqmp)));
- fprintf(fp, " }\n");
-
- vfree(pubkey64);
-@@ -203,11 +210,13 @@ int
- gen_rsa_key(FILE *fp, size_t bits, unsigned long exp)
- {
- int ret;
-- RSA *key;
-+ RSA *key = RSA_new();
-+ BIGNUM *e = BN_new();
-
-- key = RSA_generate_key(bits, exp, NULL, NULL);
-- if (!key) {
-+ BN_set_word(e, exp);
-+ if (! RSA_generate_key_ex(key, bits, e, NULL)) {
- fprintf(stderr, "RSA_generate_key(): %s\n", eay_strerror());
-+ RSA_free(key);
- return -1;
- }
-
-Index: pkg-ipsec-tools/src/racoon/prsa_par.y
-===================================================================
---- pkg-ipsec-tools.orig/src/racoon/prsa_par.y
-+++ pkg-ipsec-tools/src/racoon/prsa_par.y
-@@ -68,6 +68,7 @@
- #include "isakmp_var.h"
- #include "handler.h"
- #include "crypto_openssl.h"
-+#include "openssl_compat.h"
- #include "sockmisc.h"
- #include "rsalist.h"
-
-@@ -85,7 +86,18 @@ char *prsa_cur_fname = NULL;
- struct genlist *prsa_cur_list = NULL;
- enum rsa_key_type prsa_cur_type = RSA_TYPE_ANY;
-
--static RSA *rsa_cur;
-+struct my_rsa_st {
-+ BIGNUM *n;
-+ BIGNUM *e;
-+ BIGNUM *d;
-+ BIGNUM *p;
-+ BIGNUM *q;
-+ BIGNUM *dmp1;
-+ BIGNUM *dmq1;
-+ BIGNUM *iqmp;
-+};
-+
-+static struct my_rsa_st *rsa_cur;
-
- void
- prsaerror(const char *s, ...)
-@@ -201,8 +213,12 @@ rsa_statement:
- rsa_cur->iqmp = NULL;
- }
- }
-- $$ = rsa_cur;
-- rsa_cur = RSA_new();
-+ RSA * rsa_tmp = RSA_new();
-+ RSA_set0_key(rsa_tmp, rsa_cur->n, rsa_cur->e, rsa_cur->d);
-+ RSA_set0_factors(rsa_tmp, rsa_cur->p, rsa_cur->q);
-+ RSA_set0_crt_params(rsa_tmp, rsa_cur->dmp1, rsa_cur->dmq1, rsa_cur->iqmp);
-+ $$ = rsa_tmp;
-+ memset(rsa_cur, 0, sizeof(struct my_rsa_st));
- }
- | TAG_PUB BASE64
- {
-@@ -351,10 +367,12 @@ prsa_parse_file(struct genlist *list, ch
- prsa_cur_fname = fname;
- prsa_cur_list = list;
- prsa_cur_type = type;
-- rsa_cur = RSA_new();
-+ rsa_cur = malloc(sizeof(struct my_rsa_st));
-+ memset(rsa_cur, 0, sizeof(struct my_rsa_st));
- ret = prsaparse();
- if (rsa_cur) {
-- RSA_free(rsa_cur);
-+ memset(rsa_cur, 0, sizeof(struct my_rsa_st));
-+ free(rsa_cur);
- rsa_cur = NULL;
- }
- fclose (fp);
-Index: pkg-ipsec-tools/src/racoon/rsalist.c
-===================================================================
---- pkg-ipsec-tools.orig/src/racoon/rsalist.c
-+++ pkg-ipsec-tools/src/racoon/rsalist.c
-@@ -52,6 +52,7 @@
- #include "genlist.h"
- #include "remoteconf.h"
- #include "crypto_openssl.h"
-+#include "openssl_compat.h"
-
- #ifndef LIST_FIRST
- #define LIST_FIRST(head) ((head)->lh_first)
-@@ -98,7 +99,9 @@ rsa_key_dup(struct rsa_key *key)
- return NULL;
-
- if (key->rsa) {
-- new->rsa = key->rsa->d != NULL ? RSAPrivateKey_dup(key->rsa) : RSAPublicKey_dup(key->rsa);
-+ const BIGNUM *d;
-+ RSA_get0_key(key->rsa, NULL, NULL, &d);
-+ new->rsa = (d != NULL ? RSAPrivateKey_dup(key->rsa) : RSAPublicKey_dup(key->rsa));
- if (new->rsa == NULL)
- goto dup_error;
- }
-Index: pkg-ipsec-tools/src/racoon/Makefile.am
-===================================================================
---- pkg-ipsec-tools.orig/src/racoon/Makefile.am
-+++ pkg-ipsec-tools/src/racoon/Makefile.am
-@@ -4,7 +4,7 @@ sbin_PROGRAMS = racoon racoonctl plainrs
- noinst_PROGRAMS = eaytest
- include_racoon_HEADERS = racoonctl.h var.h vmbuf.h misc.h gcmalloc.h admin.h \
- schedule.h sockmisc.h isakmp_var.h isakmp.h isakmp_xauth.h \
-- isakmp_cfg.h isakmp_unity.h ipsec_doi.h evt.h
-+ isakmp_cfg.h isakmp_unity.h ipsec_doi.h evt.h openssl_compat.h
- lib_LTLIBRARIES = libracoon.la
-
- adminsockdir=${localstatedir}/racoon
-@@ -32,7 +32,7 @@ racoon_SOURCES = \
- gssapi.c dnssec.c getcertsbyname.c privsep.c \
- pfkey.c admin.c evt.c ipsec_doi.c oakley.c grabmyaddr.c vendorid.c \
- policy.c localconf.c remoteconf.c crypto_openssl.c algorithm.c \
-- proposal.c sainfo.c strnames.c \
-+ openssl_compat.c proposal.c sainfo.c strnames.c \
- plog.c logger.c schedule.c str2val.c \
- safefile.c backupsa.c genlist.c rsalist.c \
- cftoken.l cfparse.y prsa_tok.l prsa_par.y
-@@ -51,12 +51,12 @@ libracoon_la_SOURCES = kmpstat.c vmbuf.c
- libracoon_la_CFLAGS = -DNOUSE_PRIVSEP $(AM_CFLAGS)
-
- plainrsa_gen_SOURCES = plainrsa-gen.c plog.c \
-- crypto_openssl.c logger.c
-+ crypto_openssl.c logger.c openssl_compat.c
- EXTRA_plainrsa_gen_SOURCES = $(MISSING_ALGOS)
- plainrsa_gen_LDADD = $(CRYPTOBJS) vmbuf.o misc.o
- plainrsa_gen_DEPENDENCIES = $(CRYPTOBJS) vmbuf.o misc.o
-
--eaytest_SOURCES = eaytest.c plog.c logger.c
-+eaytest_SOURCES = eaytest.c plog.c logger.c openssl_compat.c
- EXTRA_eaytest_SOURCES = missing/crypto/sha2/sha2.c
- eaytest_LDADD = crypto_openssl_test.o vmbuf.o str2val.o misc_noplog.o \
- $(CRYPTOBJS)
-@@ -75,7 +75,7 @@ noinst_HEADERS = \
- debugrm.h isakmp.h misc.h sainfo.h \
- dhgroup.h isakmp_agg.h netdb_dnssec.h schedule.h \
- isakmp_cfg.h isakmp_xauth.h isakmp_unity.h isakmp_frag.h \
-- throttle.h privsep.h \
-+ throttle.h privsep.h openssl_compat.h \
- cfparse_proto.h cftoken_proto.h genlist.h rsalist.h \
- missing/crypto/sha2/sha2.h missing/crypto/rijndael/rijndael_local.h \
- missing/crypto/rijndael/rijndael-api-fst.h \
-Index: pkg-ipsec-tools/src/racoon/openssl_compat.c
-===================================================================
---- /dev/null
-+++ pkg-ipsec-tools/src/racoon/openssl_compat.c
+diff -urNp -x '*.orig' ipsec-tools-0.8.2.org/src/racoon/openssl_compat.c ipsec-tools-0.8.2/src/racoon/openssl_compat.c
+--- ipsec-tools-0.8.2.org/src/racoon/openssl_compat.c 1970-01-01 01:00:00.000000000 +0100
++++ ipsec-tools-0.8.2/src/racoon/openssl_compat.c 2021-10-06 23:09:26.688706745 +0200
@@ -0,0 +1,213 @@
+/*
+ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
@@ -990,10 +822,9 @@ Index: pkg-ipsec-tools/src/racoon/openssl_compat.c
+
+
+#endif /* OPENSSL_VERSION_NUMBER */
-Index: pkg-ipsec-tools/src/racoon/openssl_compat.h
-===================================================================
---- /dev/null
-+++ pkg-ipsec-tools/src/racoon/openssl_compat.h
+diff -urNp -x '*.orig' ipsec-tools-0.8.2.org/src/racoon/openssl_compat.h ipsec-tools-0.8.2/src/racoon/openssl_compat.h
+--- ipsec-tools-0.8.2.org/src/racoon/openssl_compat.h 1970-01-01 01:00:00.000000000 +0100
++++ ipsec-tools-0.8.2/src/racoon/openssl_compat.h 2021-10-06 23:09:26.688706745 +0200
@@ -0,0 +1,45 @@
+#ifndef OPENSSL_COMPAT_H
+#define OPENSSL_COMPAT_H
@@ -1040,3 +871,163 @@ Index: pkg-ipsec-tools/src/racoon/openssl_compat.h
+#endif /* OPENSSL_VERSION_NUMBER */
+
+#endif /* OPENSSL_COMPAT_H */
+diff -urNp -x '*.orig' ipsec-tools-0.8.2.org/src/racoon/plainrsa-gen.c ipsec-tools-0.8.2/src/racoon/plainrsa-gen.c
+--- ipsec-tools-0.8.2.org/src/racoon/plainrsa-gen.c 2011-02-11 11:07:19.000000000 +0100
++++ ipsec-tools-0.8.2/src/racoon/plainrsa-gen.c 2021-10-06 23:09:26.688706745 +0200
+@@ -60,6 +60,7 @@
+ #include "vmbuf.h"
+ #include "plog.h"
+ #include "crypto_openssl.h"
++#include "openssl_compat.h"
+
+ #include "package_version.h"
+
+@@ -90,12 +91,14 @@ mix_b64_pubkey(const RSA *key)
+ char *binbuf;
+ long binlen, ret;
+ vchar_t *res;
+-
+- binlen = 1 + BN_num_bytes(key->e) + BN_num_bytes(key->n);
++ const BIGNUM *e, *n;
++
++ RSA_get0_key(key, &n, &e, NULL);
++ binlen = 1 + BN_num_bytes(e) + BN_num_bytes(n);
+ binbuf = malloc(binlen);
+ memset(binbuf, 0, binlen);
+- binbuf[0] = BN_bn2bin(key->e, (unsigned char *) &binbuf[1]);
+- ret = BN_bn2bin(key->n, (unsigned char *) (&binbuf[binbuf[0] + 1]));
++ binbuf[0] = BN_bn2bin(e, (unsigned char *) &binbuf[1]);
++ ret = BN_bn2bin(n, (unsigned char *) (&binbuf[binbuf[0] + 1]));
+ if (1 + binbuf[0] + ret != binlen) {
+ plog(LLV_ERROR, LOCATION, NULL,
+ "Pubkey generation failed. This is really strange...\n");
+@@ -131,16 +134,20 @@ print_rsa_key(FILE *fp, const RSA *key)
+
+ fprintf(fp, "# : PUB 0s%s\n", pubkey64->v);
+ fprintf(fp, ": RSA\t{\n");
+- fprintf(fp, "\t# RSA %d bits\n", BN_num_bits(key->n));
++ const BIGNUM *n, *e, *d, *p, *q, *dmp1, *dmq1, *iqmp;
++ RSA_get0_key(key, &n, &e, &d);
++ RSA_get0_factors(key, &p, &q);
++ RSA_get0_crt_params(key, &dmp1, &dmq1, &iqmp);
++ fprintf(fp, "\t# RSA %d bits\n", BN_num_bits(n));
+ fprintf(fp, "\t# pubkey=0s%s\n", pubkey64->v);
+- fprintf(fp, "\tModulus: 0x%s\n", lowercase(BN_bn2hex(key->n)));
+- fprintf(fp, "\tPublicExponent: 0x%s\n", lowercase(BN_bn2hex(key->e)));
+- fprintf(fp, "\tPrivateExponent: 0x%s\n", lowercase(BN_bn2hex(key->d)));
+- fprintf(fp, "\tPrime1: 0x%s\n", lowercase(BN_bn2hex(key->p)));
+- fprintf(fp, "\tPrime2: 0x%s\n", lowercase(BN_bn2hex(key->q)));
+- fprintf(fp, "\tExponent1: 0x%s\n", lowercase(BN_bn2hex(key->dmp1)));
+- fprintf(fp, "\tExponent2: 0x%s\n", lowercase(BN_bn2hex(key->dmq1)));
+- fprintf(fp, "\tCoefficient: 0x%s\n", lowercase(BN_bn2hex(key->iqmp)));
++ fprintf(fp, "\tModulus: 0x%s\n", lowercase(BN_bn2hex(n)));
++ fprintf(fp, "\tPublicExponent: 0x%s\n", lowercase(BN_bn2hex(e)));
++ fprintf(fp, "\tPrivateExponent: 0x%s\n", lowercase(BN_bn2hex(d)));
++ fprintf(fp, "\tPrime1: 0x%s\n", lowercase(BN_bn2hex(p)));
++ fprintf(fp, "\tPrime2: 0x%s\n", lowercase(BN_bn2hex(q)));
++ fprintf(fp, "\tExponent1: 0x%s\n", lowercase(BN_bn2hex(dmp1)));
++ fprintf(fp, "\tExponent2: 0x%s\n", lowercase(BN_bn2hex(dmq1)));
++ fprintf(fp, "\tCoefficient: 0x%s\n", lowercase(BN_bn2hex(iqmp)));
+ fprintf(fp, " }\n");
+
+ vfree(pubkey64);
+@@ -203,11 +210,13 @@ int
+ gen_rsa_key(FILE *fp, size_t bits, unsigned long exp)
+ {
+ int ret;
+- RSA *key;
++ RSA *key = RSA_new();
++ BIGNUM *e = BN_new();
+
+- key = RSA_generate_key(bits, exp, NULL, NULL);
+- if (!key) {
++ BN_set_word(e, exp);
++ if (! RSA_generate_key_ex(key, bits, e, NULL)) {
+ fprintf(stderr, "RSA_generate_key(): %s\n", eay_strerror());
++ RSA_free(key);
+ return -1;
+ }
+
+diff -urNp -x '*.orig' ipsec-tools-0.8.2.org/src/racoon/prsa_par.y ipsec-tools-0.8.2/src/racoon/prsa_par.y
+--- ipsec-tools-0.8.2.org/src/racoon/prsa_par.y 2011-03-02 15:49:21.000000000 +0100
++++ ipsec-tools-0.8.2/src/racoon/prsa_par.y 2021-10-06 23:09:26.688706745 +0200
+@@ -68,6 +68,7 @@
+ #include "isakmp_var.h"
+ #include "handler.h"
+ #include "crypto_openssl.h"
++#include "openssl_compat.h"
+ #include "sockmisc.h"
+ #include "rsalist.h"
+
+@@ -85,7 +86,18 @@ char *prsa_cur_fname = NULL;
+ struct genlist *prsa_cur_list = NULL;
+ enum rsa_key_type prsa_cur_type = RSA_TYPE_ANY;
+
+-static RSA *rsa_cur;
++struct my_rsa_st {
++ BIGNUM *n;
++ BIGNUM *e;
++ BIGNUM *d;
++ BIGNUM *p;
++ BIGNUM *q;
++ BIGNUM *dmp1;
++ BIGNUM *dmq1;
++ BIGNUM *iqmp;
++};
++
++static struct my_rsa_st *rsa_cur;
+
+ void
+ prsaerror(const char *s, ...)
+@@ -201,8 +213,12 @@ rsa_statement:
+ rsa_cur->iqmp = NULL;
+ }
+ }
+- $$ = rsa_cur;
+- rsa_cur = RSA_new();
++ RSA * rsa_tmp = RSA_new();
++ RSA_set0_key(rsa_tmp, rsa_cur->n, rsa_cur->e, rsa_cur->d);
++ RSA_set0_factors(rsa_tmp, rsa_cur->p, rsa_cur->q);
++ RSA_set0_crt_params(rsa_tmp, rsa_cur->dmp1, rsa_cur->dmq1, rsa_cur->iqmp);
++ $$ = rsa_tmp;
++ memset(rsa_cur, 0, sizeof(struct my_rsa_st));
+ }
+ | TAG_PUB BASE64
+ {
+@@ -351,10 +367,12 @@ prsa_parse_file(struct genlist *list, ch
+ prsa_cur_fname = fname;
+ prsa_cur_list = list;
+ prsa_cur_type = type;
+- rsa_cur = RSA_new();
++ rsa_cur = malloc(sizeof(struct my_rsa_st));
++ memset(rsa_cur, 0, sizeof(struct my_rsa_st));
+ ret = prsaparse();
+ if (rsa_cur) {
+- RSA_free(rsa_cur);
++ memset(rsa_cur, 0, sizeof(struct my_rsa_st));
++ free(rsa_cur);
+ rsa_cur = NULL;
+ }
+ fclose (fp);
+diff -urNp -x '*.orig' ipsec-tools-0.8.2.org/src/racoon/rsalist.c ipsec-tools-0.8.2/src/racoon/rsalist.c
+--- ipsec-tools-0.8.2.org/src/racoon/rsalist.c 2011-03-14 16:50:36.000000000 +0100
++++ ipsec-tools-0.8.2/src/racoon/rsalist.c 2021-10-06 23:09:26.688706745 +0200
+@@ -52,6 +52,7 @@
+ #include "genlist.h"
+ #include "remoteconf.h"
+ #include "crypto_openssl.h"
++#include "openssl_compat.h"
+
+ #ifndef LIST_FIRST
+ #define LIST_FIRST(head) ((head)->lh_first)
+@@ -98,7 +99,9 @@ rsa_key_dup(struct rsa_key *key)
+ return NULL;
+
+ if (key->rsa) {
+- new->rsa = key->rsa->d != NULL ? RSAPrivateKey_dup(key->rsa) : RSAPublicKey_dup(key->rsa);
++ const BIGNUM *d;
++ RSA_get0_key(key->rsa, NULL, NULL, &d);
++ new->rsa = (d != NULL ? RSAPrivateKey_dup(key->rsa) : RSAPublicKey_dup(key->rsa));
+ if (new->rsa == NULL)
+ goto dup_error;
+ }
================================================================
---- gitweb:
http://git.pld-linux.org/gitweb.cgi/packages/ipsec-tools.git/commitdiff/1d7d76bb412a322ad337ef25c2c2bed16172662a
More information about the pld-cvs-commit
mailing list