forked from pool/strongswan
Accepting request 768830 from home:iznogood:branches:network:vpn
- Drop upstream fixed patches: * strongswan_modprobe_syslog.patch * strongswan_fipsfilter.patch * 0006-fix-compilation-error-by-adding-stdint.h.patch OBS-URL: https://build.opensuse.org/request/show/768830 OBS-URL: https://build.opensuse.org/package/show/network:vpn/strongswan?expand=0&rev=119
This commit is contained in:
parent
152d7b558c
commit
2811ed33c6
@ -1,30 +0,0 @@
|
|||||||
From 831a9ea232f128c13c36066a704f6ccafa335244 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Nirmoy Das <ndas@suse.de>
|
|
||||||
Date: Tue, 5 Sep 2017 11:17:16 +0200
|
|
||||||
Subject: [PATCH] fix compilation error by adding stdint.h
|
|
||||||
MIME-Version: 1.0
|
|
||||||
Content-Type: text/plain; charset=UTF-8
|
|
||||||
Content-Transfer-Encoding: 8bit
|
|
||||||
|
|
||||||
error:
|
|
||||||
utils/utils/memory.h:99:15: error: ‘uintptr_t’ undeclared (first use in this function); did you mean ‘__intptr_t’?
|
|
||||||
for (i = 0; (uintptr_t)&c[i] % sizeof(long) && i < n; i++)
|
|
||||||
^~~~~~~~~
|
|
||||||
__intptr_t
|
|
||||||
---
|
|
||||||
src/libstrongswan/utils/utils/memory.h | 2 ++
|
|
||||||
1 file changed, 2 insertions(+)
|
|
||||||
|
|
||||||
Index: strongswan-5.6.2/src/libstrongswan/utils/utils/memory.h
|
|
||||||
===================================================================
|
|
||||||
--- strongswan-5.6.2.orig/src/libstrongswan/utils/utils/memory.h 2017-08-14 08:48:41.000000000 +0200
|
|
||||||
+++ strongswan-5.6.2/src/libstrongswan/utils/utils/memory.h 2018-04-17 16:53:57.590335103 +0200
|
|
||||||
@@ -22,6 +22,8 @@
|
|
||||||
#ifndef MEMORY_H_
|
|
||||||
#define MEMORY_H_
|
|
||||||
|
|
||||||
+#include <stdint.h>
|
|
||||||
+
|
|
||||||
/**
|
|
||||||
* Helper function that compares two binary blobs for equality
|
|
||||||
*/
|
|
@ -1,3 +1,11 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Thu Jan 30 13:43:50 UTC 2020 - Bjørn Lie <bjorn.lie@gmail.com>
|
||||||
|
|
||||||
|
- Drop upstream fixed patches:
|
||||||
|
* strongswan_modprobe_syslog.patch
|
||||||
|
* strongswan_fipsfilter.patch
|
||||||
|
* 0006-fix-compilation-error-by-adding-stdint.h.patch
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Sun Jan 26 08:54:01 UTC 2020 - Jan Engelhardt <jengelh@inai.de>
|
Sun Jan 26 08:54:01 UTC 2020 - Jan Engelhardt <jengelh@inai.de>
|
||||||
|
|
||||||
|
@ -75,17 +75,12 @@ Source5: %{name}.keyring
|
|||||||
Source6: fipscheck.sh.in
|
Source6: fipscheck.sh.in
|
||||||
Source7: fips-enforce.conf
|
Source7: fips-enforce.conf
|
||||||
%endif
|
%endif
|
||||||
# Needs rebase
|
|
||||||
Patch1: %{name}_modprobe_syslog.patch
|
|
||||||
Patch2: %{name}_ipsec_service.patch
|
Patch2: %{name}_ipsec_service.patch
|
||||||
%if %{with fipscheck}
|
%if %{with fipscheck}
|
||||||
Patch3: %{name}_fipscheck.patch
|
Patch3: %{name}_fipscheck.patch
|
||||||
# Patch4 needs rebase, file it patches no longer exists in tarball.
|
|
||||||
Patch4: %{name}_fipsfilter.patch
|
|
||||||
%endif
|
%endif
|
||||||
Patch5: 0005-ikev1-Don-t-retransmit-Aggressive-Mode-response.patch
|
Patch5: 0005-ikev1-Don-t-retransmit-Aggressive-Mode-response.patch
|
||||||
# Needs rebase
|
|
||||||
Patch6: 0006-fix-compilation-error-by-adding-stdint.h.patch
|
|
||||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||||
BuildRequires: bison
|
BuildRequires: bison
|
||||||
BuildRequires: curl-devel
|
BuildRequires: curl-devel
|
||||||
@ -257,17 +252,11 @@ and the load testing plugin for IKEv2 daemon.
|
|||||||
|
|
||||||
%prep
|
%prep
|
||||||
%setup -q -n %{name}-%{upstream_version}
|
%setup -q -n %{name}-%{upstream_version}
|
||||||
# Needs rebase, file it patches no longer exists.
|
|
||||||
#patch1 -p1
|
|
||||||
%patch2 -p1
|
%patch2 -p1
|
||||||
%if %{with fipscheck}
|
%if %{with fipscheck}
|
||||||
%patch3 -p1
|
%patch3 -p1
|
||||||
# Needs rebase, file it patches no longer exists.
|
|
||||||
#patch4 -p1
|
|
||||||
%endif
|
%endif
|
||||||
%patch5 -p1
|
%patch5 -p1
|
||||||
# Needs rebase.
|
|
||||||
#patch6 -p1
|
|
||||||
sed -e 's|@libexecdir@|%_libexecdir|g' \
|
sed -e 's|@libexecdir@|%_libexecdir|g' \
|
||||||
< %{_sourcedir}/strongswan.init.in \
|
< %{_sourcedir}/strongswan.init.in \
|
||||||
> strongswan.init
|
> strongswan.init
|
||||||
|
@ -1,283 +0,0 @@
|
|||||||
From 8f3f1bd6907df8221a93c849ed4b43474444e13b Mon Sep 17 00:00:00 2001
|
|
||||||
From: Marius Tomaschewski <mt@suse.de>
|
|
||||||
Date: Mon, 5 Jan 2015 14:57:39 +0100
|
|
||||||
Subject: [PATCH] strongswan: filter algorithms for fips mode
|
|
||||||
|
|
||||||
References: fate#316931,bnc#856322
|
|
||||||
|
|
||||||
From 818cd5f1b6455237a82f385b60a2513cdd9c5eef Mon Sep 17 00:00:00 2001
|
|
||||||
From: Nirmoy Das <ndas@suse.de>
|
|
||||||
Date: Mon, 17 Jul 2017 15:15:14 +0200
|
|
||||||
Subject: [PATCH] strongswan_fipsfilter
|
|
||||||
|
|
||||||
---
|
|
||||||
src/libcharon/config/proposal.c | 184 +++++++++++++++++++++++++++++++++++-----
|
|
||||||
1 file changed, 165 insertions(+), 19 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/src/libcharon/config/proposal.c b/src/libcharon/config/proposal.c
|
|
||||||
index 6c71f78..0640140 100644
|
|
||||||
--- a/src/libcharon/config/proposal.c
|
|
||||||
+++ b/src/libcharon/config/proposal.c
|
|
||||||
@@ -27,6 +27,11 @@
|
|
||||||
#include <crypto/prfs/prf.h>
|
|
||||||
#include <crypto/crypters/crypter.h>
|
|
||||||
#include <crypto/signers/signer.h>
|
|
||||||
+#include <sys/types.h>
|
|
||||||
+#include <sys/stat.h>
|
|
||||||
+#include <fcntl.h>
|
|
||||||
+#include <unistd.h>
|
|
||||||
+#include <errno.h>
|
|
||||||
|
|
||||||
ENUM(protocol_id_names, PROTO_NONE, PROTO_IPCOMP,
|
|
||||||
"PROTO_NONE",
|
|
||||||
@@ -190,6 +195,122 @@ METHOD(proposal_t, strip_dh, void,
|
|
||||||
enumerator->destroy(enumerator);
|
|
||||||
}
|
|
||||||
|
|
||||||
+static bool kernel_fips_enabled(void)
|
|
||||||
+{
|
|
||||||
+ char buf[1] = { '\0' };
|
|
||||||
+ int fd;
|
|
||||||
+
|
|
||||||
+ fd = open("/proc/sys/crypto/fips_enabled", O_RDONLY);
|
|
||||||
+ if (fd >= 0) {
|
|
||||||
+ while (read(fd, buf, sizeof(buf)) < 0 && errno == EINTR);
|
|
||||||
+ close(fd);
|
|
||||||
+ }
|
|
||||||
+ return buf[0] == '1';
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+static bool fips_enabled(void)
|
|
||||||
+{
|
|
||||||
+ static int enabled = -1;
|
|
||||||
+ if (enabled == -1)
|
|
||||||
+ enabled = kernel_fips_enabled();
|
|
||||||
+ return enabled;
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+static bool fips_filter(protocol_id_t protocol, transform_type_t type, u_int16_t alg)
|
|
||||||
+{
|
|
||||||
+ switch (protocol)
|
|
||||||
+ {
|
|
||||||
+ case PROTO_IKE:
|
|
||||||
+ case PROTO_ESP:
|
|
||||||
+ case PROTO_AH:
|
|
||||||
+ break;
|
|
||||||
+ default:
|
|
||||||
+ /* not applicable protocol */
|
|
||||||
+ return TRUE;
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ switch (type)
|
|
||||||
+ {
|
|
||||||
+ case ENCRYPTION_ALGORITHM:
|
|
||||||
+ switch (alg)
|
|
||||||
+ {
|
|
||||||
+ /* crypter */
|
|
||||||
+ case ENCR_3DES:
|
|
||||||
+ case ENCR_AES_CBC:
|
|
||||||
+ case ENCR_AES_CTR:
|
|
||||||
+ /* aead */
|
|
||||||
+ case ENCR_AES_GCM_ICV8:
|
|
||||||
+ case ENCR_AES_GCM_ICV12:
|
|
||||||
+ case ENCR_AES_GCM_ICV16:
|
|
||||||
+ case ENCR_AES_CCM_ICV8:
|
|
||||||
+ case ENCR_AES_CCM_ICV12:
|
|
||||||
+ case ENCR_AES_CCM_ICV16:
|
|
||||||
+ return TRUE;
|
|
||||||
+ default:
|
|
||||||
+ break;
|
|
||||||
+ }
|
|
||||||
+ break;
|
|
||||||
+ case INTEGRITY_ALGORITHM:
|
|
||||||
+ switch (alg)
|
|
||||||
+ {
|
|
||||||
+ case AUTH_HMAC_SHA1_96:
|
|
||||||
+ case AUTH_HMAC_SHA1_160:
|
|
||||||
+ case AUTH_HMAC_SHA2_256_96:
|
|
||||||
+ case AUTH_HMAC_SHA2_256_128:
|
|
||||||
+ case AUTH_HMAC_SHA2_384_192:
|
|
||||||
+ case AUTH_HMAC_SHA2_512_256:
|
|
||||||
+ case AUTH_AES_CMAC_96:
|
|
||||||
+ return TRUE;
|
|
||||||
+ default:
|
|
||||||
+ break;
|
|
||||||
+ }
|
|
||||||
+ break;
|
|
||||||
+ case PSEUDO_RANDOM_FUNCTION:
|
|
||||||
+ switch (alg)
|
|
||||||
+ {
|
|
||||||
+ case PRF_HMAC_SHA1:
|
|
||||||
+ case PRF_HMAC_SHA2_256:
|
|
||||||
+ case PRF_HMAC_SHA2_384:
|
|
||||||
+ case PRF_HMAC_SHA2_512:
|
|
||||||
+ case PRF_AES128_CMAC:
|
|
||||||
+ return TRUE;
|
|
||||||
+ default:
|
|
||||||
+ break;
|
|
||||||
+ }
|
|
||||||
+ break;
|
|
||||||
+ case DIFFIE_HELLMAN_GROUP:
|
|
||||||
+ switch (alg)
|
|
||||||
+ {
|
|
||||||
+ case MODP_2048_BIT:
|
|
||||||
+ case MODP_3072_BIT:
|
|
||||||
+ case MODP_4096_BIT:
|
|
||||||
+ case MODP_8192_BIT:
|
|
||||||
+ case MODP_2048_224:
|
|
||||||
+ case MODP_2048_256:
|
|
||||||
+ case ECP_224_BIT:
|
|
||||||
+ case ECP_256_BIT:
|
|
||||||
+ case ECP_384_BIT:
|
|
||||||
+ case ECP_521_BIT:
|
|
||||||
+ return TRUE;
|
|
||||||
+ default:
|
|
||||||
+ break;
|
|
||||||
+ }
|
|
||||||
+ break;
|
|
||||||
+ case EXTENDED_SEQUENCE_NUMBERS:
|
|
||||||
+ switch (alg)
|
|
||||||
+ {
|
|
||||||
+ case EXT_SEQ_NUMBERS:
|
|
||||||
+ case NO_EXT_SEQ_NUMBERS:
|
|
||||||
+ return TRUE;
|
|
||||||
+ default:
|
|
||||||
+ break;
|
|
||||||
+ }
|
|
||||||
+ default:
|
|
||||||
+ break;
|
|
||||||
+ }
|
|
||||||
+ return !fips_enabled();
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
/**
|
|
||||||
* Select a matching proposal from this and other, insert into selected.
|
|
||||||
*/
|
|
||||||
@@ -611,6 +732,11 @@ static bool add_string_algo(private_proposal_t *this, const char *alg)
|
|
||||||
return FALSE;
|
|
||||||
}
|
|
||||||
|
|
||||||
+ if (!fips_filter(this->protocol, token->type, token->algorithm))
|
|
||||||
+ {
|
|
||||||
+ DBG1(DBG_CFG, "algorithm '%s' not permitted in fips mode", alg);
|
|
||||||
+ return FALSE;
|
|
||||||
+ }
|
|
||||||
add_algorithm(this, token->type, token->algorithm, token->keysize);
|
|
||||||
|
|
||||||
return TRUE;
|
|
||||||
@@ -753,6 +879,9 @@ static bool proposal_add_supported_ike(private_proposal_t *this, bool aead)
|
|
||||||
enumerator = lib->crypto->create_aead_enumerator(lib->crypto);
|
|
||||||
while (enumerator->enumerate(enumerator, &encryption, &plugin_name))
|
|
||||||
{
|
|
||||||
+ if (!fips_filter(PROTO_IKE, ENCRYPTION_ALGORITHM, encryption))
|
|
||||||
+ continue;
|
|
||||||
+
|
|
||||||
switch (encryption)
|
|
||||||
{
|
|
||||||
case ENCR_AES_GCM_ICV16:
|
|
||||||
@@ -806,6 +935,9 @@ static bool proposal_add_supported_ike(private_proposal_t *this, bool aead)
|
|
||||||
enumerator = lib->crypto->create_crypter_enumerator(lib->crypto);
|
|
||||||
while (enumerator->enumerate(enumerator, &encryption, &plugin_name))
|
|
||||||
{
|
|
||||||
+ if (!fips_filter(PROTO_IKE, ENCRYPTION_ALGORITHM, encryption))
|
|
||||||
+ continue;
|
|
||||||
+
|
|
||||||
switch (encryption)
|
|
||||||
{
|
|
||||||
case ENCR_AES_CBC:
|
|
||||||
@@ -850,6 +982,9 @@ static bool proposal_add_supported_ike(private_proposal_t *this, bool aead)
|
|
||||||
enumerator = lib->crypto->create_signer_enumerator(lib->crypto);
|
|
||||||
while (enumerator->enumerate(enumerator, &integrity, &plugin_name))
|
|
||||||
{
|
|
||||||
+ if (!fips_filter(PROTO_IKE, INTEGRITY_ALGORITHM, integrity))
|
|
||||||
+ continue;
|
|
||||||
+
|
|
||||||
switch (integrity)
|
|
||||||
{
|
|
||||||
case AUTH_HMAC_SHA2_256_128:
|
|
||||||
@@ -905,6 +1040,9 @@ static bool proposal_add_supported_ike(private_proposal_t *this, bool aead)
|
|
||||||
enumerator = lib->crypto->create_prf_enumerator(lib->crypto);
|
|
||||||
while (enumerator->enumerate(enumerator, &prf, &plugin_name))
|
|
||||||
{
|
|
||||||
+ if (!fips_filter(PROTO_IKE, PSEUDO_RANDOM_FUNCTION, prf))
|
|
||||||
+ continue;
|
|
||||||
+
|
|
||||||
switch (prf)
|
|
||||||
{
|
|
||||||
case PRF_HMAC_SHA1:
|
|
||||||
@@ -964,6 +1102,9 @@ static bool proposal_add_supported_ike(private_proposal_t *this, bool aead)
|
|
||||||
enumerator = lib->crypto->create_dh_enumerator(lib->crypto);
|
|
||||||
while (enumerator->enumerate(enumerator, &group, &plugin_name))
|
|
||||||
{
|
|
||||||
+ if (!fips_filter(PROTO_IKE, DIFFIE_HELLMAN_GROUP, group))
|
|
||||||
+ continue;
|
|
||||||
+
|
|
||||||
switch (group)
|
|
||||||
{
|
|
||||||
case MODP_NULL:
|
|
||||||
@@ -1004,6 +1145,10 @@ proposal_t *proposal_create_default(protocol_id_t protocol)
|
|
||||||
{
|
|
||||||
private_proposal_t *this = (private_proposal_t*)proposal_create(protocol, 0);
|
|
||||||
|
|
||||||
+#define fips_add_algorithm(this, type, alg, len) \
|
|
||||||
+ if (fips_filter(this->protocol, type, alg)) \
|
|
||||||
+ add_algorithm(this, type, alg, len);
|
|
||||||
+
|
|
||||||
switch (protocol)
|
|
||||||
{
|
|
||||||
case PROTO_IKE:
|
|
||||||
@@ -1014,31 +1159,32 @@ proposal_t *proposal_create_default(protocol_id_t protocol)
|
|
||||||
}
|
|
||||||
break;
|
|
||||||
case PROTO_ESP:
|
|
||||||
- add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 128);
|
|
||||||
- add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 192);
|
|
||||||
- add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 256);
|
|
||||||
- add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_3DES, 0);
|
|
||||||
- add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 256);
|
|
||||||
- add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_128, 0);
|
|
||||||
- add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_384_192, 0);
|
|
||||||
- add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_512_256, 0);
|
|
||||||
- add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0);
|
|
||||||
- add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_AES_XCBC_96, 0);
|
|
||||||
- add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 0);
|
|
||||||
- add_algorithm(this, EXTENDED_SEQUENCE_NUMBERS, NO_EXT_SEQ_NUMBERS, 0);
|
|
||||||
+ fips_add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 128);
|
|
||||||
+ fips_add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 192);
|
|
||||||
+ fips_add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_AES_CBC, 256);
|
|
||||||
+ fips_add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_3DES, 0);
|
|
||||||
+ fips_add_algorithm(this, ENCRYPTION_ALGORITHM, ENCR_BLOWFISH, 256);
|
|
||||||
+ fips_add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_128, 0);
|
|
||||||
+ fips_add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_384_192, 0);
|
|
||||||
+ fips_add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_512_256, 0);
|
|
||||||
+ fips_add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0);
|
|
||||||
+ fips_add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_AES_XCBC_96, 0);
|
|
||||||
+ fips_add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 0);
|
|
||||||
+ fips_add_algorithm(this, EXTENDED_SEQUENCE_NUMBERS, NO_EXT_SEQ_NUMBERS, 0);
|
|
||||||
break;
|
|
||||||
case PROTO_AH:
|
|
||||||
- add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_128, 0);
|
|
||||||
- add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_384_192, 0);
|
|
||||||
- add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_512_256, 0);
|
|
||||||
- add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0);
|
|
||||||
- add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_AES_XCBC_96, 0);
|
|
||||||
- add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 0);
|
|
||||||
- add_algorithm(this, EXTENDED_SEQUENCE_NUMBERS, NO_EXT_SEQ_NUMBERS, 0);
|
|
||||||
+ fips_add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_256_128, 0);
|
|
||||||
+ fips_add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_384_192, 0);
|
|
||||||
+ fips_add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA2_512_256, 0);
|
|
||||||
+ fips_add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_SHA1_96, 0);
|
|
||||||
+ fips_add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_AES_XCBC_96, 0);
|
|
||||||
+ fips_add_algorithm(this, INTEGRITY_ALGORITHM, AUTH_HMAC_MD5_96, 0);
|
|
||||||
+ fips_add_algorithm(this, EXTENDED_SEQUENCE_NUMBERS, NO_EXT_SEQ_NUMBERS, 0);
|
|
||||||
break;
|
|
||||||
default:
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
+#undef fips_add_algorithm
|
|
||||||
return &this->public;
|
|
||||||
}
|
|
||||||
|
|
||||||
--
|
|
||||||
2.13.2
|
|
||||||
|
|
@ -1,56 +0,0 @@
|
|||||||
Index: strongswan-5.6.2/src/starter/klips.c
|
|
||||||
===================================================================
|
|
||||||
--- strongswan-5.6.2.orig/src/starter/klips.c 2016-04-22 22:01:35.000000000 +0200
|
|
||||||
+++ strongswan-5.6.2/src/starter/klips.c 2018-04-17 16:53:57.534334655 +0200
|
|
||||||
@@ -30,7 +30,7 @@ bool starter_klips_init(void)
|
|
||||||
/* ipsec module makes the pf_key proc interface visible */
|
|
||||||
if (stat(PROC_MODULES, &stb) == 0)
|
|
||||||
{
|
|
||||||
- ignore_result(system("modprobe -qv ipsec"));
|
|
||||||
+ ignore_result(system("modprobe -s ipsec"));
|
|
||||||
}
|
|
||||||
|
|
||||||
/* now test again */
|
|
||||||
@@ -42,9 +42,9 @@ bool starter_klips_init(void)
|
|
||||||
}
|
|
||||||
|
|
||||||
/* load crypto algorithm modules */
|
|
||||||
- ignore_result(system("modprobe -qv ipsec_aes"));
|
|
||||||
- ignore_result(system("modprobe -qv ipsec_blowfish"));
|
|
||||||
- ignore_result(system("modprobe -qv ipsec_sha2"));
|
|
||||||
+ ignore_result(system("modprobe -s ipsec_aes"));
|
|
||||||
+ ignore_result(system("modprobe -s ipsec_blowfish"));
|
|
||||||
+ ignore_result(system("modprobe -s ipsec_sha2"));
|
|
||||||
|
|
||||||
DBG2(DBG_APP, "found KLIPS IPsec stack");
|
|
||||||
return TRUE;
|
|
||||||
Index: strongswan-5.6.2/src/starter/netkey.c
|
|
||||||
===================================================================
|
|
||||||
--- strongswan-5.6.2.orig/src/starter/netkey.c 2016-04-22 22:01:35.000000000 +0200
|
|
||||||
+++ strongswan-5.6.2/src/starter/netkey.c 2018-04-17 16:53:57.534334655 +0200
|
|
||||||
@@ -30,7 +30,7 @@ bool starter_netkey_init(void)
|
|
||||||
/* af_key module makes the netkey proc interface visible */
|
|
||||||
if (stat(PROC_MODULES, &stb) == 0)
|
|
||||||
{
|
|
||||||
- ignore_result(system("modprobe -qv af_key"));
|
|
||||||
+ ignore_result(system("modprobe -s af_key"));
|
|
||||||
}
|
|
||||||
|
|
||||||
/* now test again */
|
|
||||||
@@ -44,11 +44,11 @@ bool starter_netkey_init(void)
|
|
||||||
/* make sure that all required IPsec modules are loaded */
|
|
||||||
if (stat(PROC_MODULES, &stb) == 0)
|
|
||||||
{
|
|
||||||
- ignore_result(system("modprobe -qv ah4"));
|
|
||||||
- ignore_result(system("modprobe -qv esp4"));
|
|
||||||
- ignore_result(system("modprobe -qv ipcomp"));
|
|
||||||
- ignore_result(system("modprobe -qv xfrm4_tunnel"));
|
|
||||||
- ignore_result(system("modprobe -qv xfrm_user"));
|
|
||||||
+ ignore_result(system("modprobe -s ah4"));
|
|
||||||
+ ignore_result(system("modprobe -s esp4"));
|
|
||||||
+ ignore_result(system("modprobe -s ipcomp"));
|
|
||||||
+ ignore_result(system("modprobe -s xfrm4_tunnel"));
|
|
||||||
+ ignore_result(system("modprobe -s xfrm_user"));
|
|
||||||
}
|
|
||||||
|
|
||||||
DBG2(DBG_APP, "found netkey IPsec stack");
|
|
Loading…
Reference in New Issue
Block a user