strongswan: update to 6.0.4

package/strongswan/Makefile

@@ -4,9 +4,9 @@
 include $(ADK_TOPDIR)/rules.mk
 
 PKG_NAME:=		strongswan
-PKG_VERSION:=		5.9.5
+PKG_VERSION:=		6.0.4
 PKG_RELEASE:=		1
-PKG_HASH:=		6db028c9033dfd7cab578ca7e4b0075922cffec7af8bffc7d67cac67f348a5be
+PKG_HASH:=		7e1e7be46393477f908d82968162d409a28c47c1ba7d60e17122670a129a79f8
 PKG_DESCR:=		ipsec based vpn software
 PKG_SECTION:=		net/security
 PKG_KDEPENDS:=		net-key inet-esp xfrm-user inet-xfrm-mode-transport
@@ -17,7 +17,10 @@ PKG_SITES:=		http://download.strongswan.org/
 
 DISTFILES:=		${PKG_NAME}-${PKG_VERSION}.tar.gz
 
-PKG_CHOICES_STRONGSWAN:=WITH_LIBRESSL WITH_GNUTLS WITH_GMP
+PKG_CHOICES_STRONGSWAN:=WITH_OPENSSL WITH_LIBRESSL WITH_GNUTLS WITH_GMP
+PKGCD_WITH_OPENSSL:=	use openssl for crypto
+PKGCS_WITH_OPENSSL:=	libopenssl
+PKGCB_WITH_OPENSSL:=	openssl
 PKGCD_WITH_GMP:=	use gmp for crypto
 PKGCS_WITH_GMP:=	libgmp
 PKGCB_WITH_GMP:=	gmp
@@ -32,6 +35,11 @@ include $(ADK_TOPDIR)/mk/package.mk
 
 $(eval $(call PKG_template,STRONGSWAN,strongswan,$(PKG_VERSION)-${PKG_RELEASE},${PKG_DEPENDS},${PKG_DESCR},${PKG_SECTION}))
 
+ifeq (${ADK_PACKAGE_STRONGSWAN_WITH_OPENSSL},y)
+CONFIGURE_ARGS+=	--enable-openssl \
+			--disable-gcrypt \
+			--disable-gmp
+endif
 ifeq (${ADK_PACKAGE_STRONGSWAN_WITH_LIBRESSL},y)
 CONFIGURE_ARGS+=	--enable-openssl \
 			--disable-gcrypt \
@@ -66,7 +74,7 @@ strongswan-install:
 	$(CP) $(WRKINST)/etc/* $(IDIR_STRONGSWAN)/etc
 	$(CP) $(WRKINST)/usr/libexec/ipsec/* \
 		$(IDIR_STRONGSWAN)/usr/libexec/ipsec
-	$(INSTALL_BIN) $(WRKINST)/usr/sbin/ipsec \
+	$(INSTALL_BIN) $(WRKINST)/usr/sbin/swanctl \
 		$(IDIR_STRONGSWAN)/usr/sbin
 	$(CP) $(WRKINST)/usr/lib/ipsec/libvici*.so* \
 		$(IDIR_STRONGSWAN)/usr/lib/ipsec/

package/strongswan/patches/patch-src_libstrongswan_plugins_openssl_openssl_ed_private_key_c

@@ -1,11 +0,0 @@
---- strongswan-5.8.1.orig/src/libstrongswan/plugins/openssl/openssl_ed_private_key.c	2018-12-14 16:48:24.000000000 +0100
-+++ strongswan-5.8.1/src/libstrongswan/plugins/openssl/openssl_ed_private_key.c	2019-10-08 02:03:21.911114313 +0200
-@@ -15,7 +15,7 @@
- 
- #include <openssl/evp.h>
- 
--#if OPENSSL_VERSION_NUMBER >= 0x1010100fL && !defined(OPENSSL_NO_EC)
-+#if OPENSSL_VERSION_NUMBER >= 0x1010100fL && !defined(OPENSSL_NO_EC) && !defined(LIBRESSL_VERSION_NUMBER)
- 
- #include "openssl_ed_private_key.h"
- 

package/strongswan/patches/patch-src_libstrongswan_plugins_openssl_openssl_ed_public_key_c

@@ -1,11 +0,0 @@
---- strongswan-5.8.1.orig/src/libstrongswan/plugins/openssl/openssl_ed_public_key.c	2018-12-14 16:48:24.000000000 +0100
-+++ strongswan-5.8.1/src/libstrongswan/plugins/openssl/openssl_ed_public_key.c	2019-10-08 02:04:00.045557843 +0200
-@@ -15,7 +15,7 @@
- 
- #include <openssl/evp.h>
- 
--#if OPENSSL_VERSION_NUMBER >= 0x1010100fL && !defined(OPENSSL_NO_EC)
-+#if OPENSSL_VERSION_NUMBER >= 0x1010100fL && !defined(OPENSSL_NO_EC) && !defined(LIBRESSL_VERSION_NUMBER)
- 
- #include <openssl/x509.h>
- 

package/strongswan/patches/patch-src_libstrongswan_plugins_openssl_openssl_plugin_c

@@ -1,29 +0,0 @@
---- strongswan-5.9.5.orig/src/libstrongswan/plugins/openssl/openssl_plugin.c	2022-01-08 12:54:02.000000000 +0100
-+++ strongswan-5.9.5/src/libstrongswan/plugins/openssl/openssl_plugin.c	2022-03-21 16:41:08.736944525 +0100
-@@ -329,7 +329,7 @@ static private_key_t *openssl_private_ke
- 				case EVP_PKEY_EC:
- 					return openssl_ec_private_key_create(key, FALSE);
- #endif
--#if OPENSSL_VERSION_NUMBER >= 0x1010100fL && !defined(OPENSSL_NO_EC)
-+#if OPENSSL_VERSION_NUMBER >= 0x1010100fL && !defined(OPENSSL_NO_EC) && !defined(LIBRESSL_VERSION_NUMBER)
- 				case EVP_PKEY_ED25519:
- 				case EVP_PKEY_ED448:
- 					return openssl_ed_private_key_create(key, FALSE);
-@@ -481,7 +481,7 @@ static private_key_t *openssl_private_ke
- 		case EVP_PKEY_EC:
- 			return openssl_ec_private_key_create(key, TRUE);
- #endif
--#if OPENSSL_VERSION_NUMBER >= 0x1010100fL && !defined(OPENSSL_NO_EC)
-+#if OPENSSL_VERSION_NUMBER >= 0x1010100fL && !defined(OPENSSL_NO_EC) && !defined(LIBRESSL_VERSION_NUMBER)
- 		case EVP_PKEY_ED25519:
- 		case EVP_PKEY_ED448:
- 			return openssl_ed_private_key_create(key, TRUE);
-@@ -980,7 +980,7 @@ plugin_t *openssl_plugin_create()
- 		},
- 	);
- 
--#if OPENSSL_VERSION_NUMBER >= 0x10100000L
-+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
- 	/* note that we can't call OPENSSL_cleanup() when the plugin is destroyed
- 	 * as we couldn't initialize the library again afterwards */
- 	OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG |

package/strongswan/patches/patch-src_libstrongswan_plugins_openssl_openssl_plugin_c.orig

@@ -1,29 +0,0 @@
---- strongswan-5.8.1.orig/src/libstrongswan/plugins/openssl/openssl_plugin.c	2019-08-27 15:26:53.000000000 +0200
-+++ strongswan-5.8.1/src/libstrongswan/plugins/openssl/openssl_plugin.c	2019-10-08 02:05:20.954742229 +0200
-@@ -310,7 +310,7 @@ static private_key_t *openssl_private_ke
- 				case EVP_PKEY_EC:
- 					return openssl_ec_private_key_create(key, FALSE);
- #endif
--#if OPENSSL_VERSION_NUMBER >= 0x1010100fL && !defined(OPENSSL_NO_EC)
-+#if OPENSSL_VERSION_NUMBER >= 0x1010100fL && !defined(OPENSSL_NO_EC) && !defined(LIBRESSL_VERSION_NUMBER)
- 				case EVP_PKEY_ED25519:
- 				case EVP_PKEY_ED448:
- 					return openssl_ed_private_key_create(key, FALSE);
-@@ -462,7 +462,7 @@ static private_key_t *openssl_private_ke
- 		case EVP_PKEY_EC:
- 			return openssl_ec_private_key_create(key, TRUE);
- #endif
--#if OPENSSL_VERSION_NUMBER >= 0x1010100fL && !defined(OPENSSL_NO_EC)
-+#if OPENSSL_VERSION_NUMBER >= 0x1010100fL && !defined(OPENSSL_NO_EC) && !defined(LIBRESSL_VERSION_NUMBER)
- 		case EVP_PKEY_ED25519:
- 		case EVP_PKEY_ED448:
- 			return openssl_ed_private_key_create(key, TRUE);
-@@ -814,7 +814,7 @@ plugin_t *openssl_plugin_create()
- 		},
- 	);
- 
--#if OPENSSL_VERSION_NUMBER >= 0x10100000L
-+#if OPENSSL_VERSION_NUMBER >= 0x10100000L && !defined(LIBRESSL_VERSION_NUMBER)
- 	/* note that we can't call OPENSSL_cleanup() when the plugin is destroyed
- 	 * as we couldn't initialize the library again afterwards */
- 	OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG |

package/strongswan/patches/patch-src_libstrongswan_plugins_openssl_openssl_rsa_private_key_c

@@ -1,11 +0,0 @@
---- strongswan-5.9.5.orig/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c	2021-12-29 12:08:27.000000000 +0100
-+++ strongswan-5.9.5/src/libstrongswan/plugins/openssl/openssl_rsa_private_key.c	2022-03-21 16:48:57.605794714 +0100
-@@ -280,7 +280,7 @@ METHOD(private_key_t, sign, bool,
- 			return build_emsa_pkcs1_signature(this, NID_sha384, data, signature);
- 		case SIGN_RSA_EMSA_PKCS1_SHA2_512:
- 			return build_emsa_pkcs1_signature(this, NID_sha512, data, signature);
--#if OPENSSL_VERSION_NUMBER >= 0x1010100fL && !defined(OPENSSL_NO_SHA3)
-+#if OPENSSL_VERSION_NUMBER >= 0x1010100fL && !defined(OPENSSL_NO_SHA3) && !defined(LIBRESSL_VERSION_NUMBER)
- 		case SIGN_RSA_EMSA_PKCS1_SHA3_224:
- 			return build_emsa_pkcs1_signature(this, NID_sha3_224, data, signature);
- 		case SIGN_RSA_EMSA_PKCS1_SHA3_256:

package/strongswan/patches/patch-src_libstrongswan_plugins_openssl_openssl_rsa_public_key_c

@@ -1,11 +0,0 @@
---- strongswan-5.9.5.orig/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c	2021-12-29 12:08:27.000000000 +0100
-+++ strongswan-5.9.5/src/libstrongswan/plugins/openssl/openssl_rsa_public_key.c	2022-03-21 16:49:30.581005593 +0100
-@@ -281,7 +281,7 @@ METHOD(public_key_t, verify, bool,
- 			return verify_emsa_pkcs1_signature(this, NID_sha384, data, signature);
- 		case SIGN_RSA_EMSA_PKCS1_SHA2_512:
- 			return verify_emsa_pkcs1_signature(this, NID_sha512, data, signature);
--#if OPENSSL_VERSION_NUMBER >= 0x1010100fL && !defined(OPENSSL_NO_SHA3)
-+#if OPENSSL_VERSION_NUMBER >= 0x1010100fL && !defined(OPENSSL_NO_SHA3) && !defined(LIBRESSL_VERSION_NUMBER)
- 		case SIGN_RSA_EMSA_PKCS1_SHA3_224:
- 			return verify_emsa_pkcs1_signature(this, NID_sha3_224, data, signature);
- 		case SIGN_RSA_EMSA_PKCS1_SHA3_256:

package/strongswan/patches/patch-src_libstrongswan_plugins_openssl_openssl_x_diffie_hellman_c

@@ -1,11 +0,0 @@
---- strongswan-5.9.5.orig/src/libstrongswan/plugins/openssl/openssl_x_diffie_hellman.c	2022-01-08 12:54:02.000000000 +0100
-+++ strongswan-5.9.5/src/libstrongswan/plugins/openssl/openssl_x_diffie_hellman.c	2022-03-21 16:41:08.744944336 +0100
-@@ -17,7 +17,7 @@
- 
- /* basic support for X25519 was added with 1.1.0a, but we require features (e.g.
-  * to load the keys) that were only added with 1.1.1 */
--#if OPENSSL_VERSION_NUMBER >= 0x1010100fL && !defined(OPENSSL_NO_ECDH)
-+#if OPENSSL_VERSION_NUMBER >= 0x1010100fL && !defined(OPENSSL_NO_ECDH) && !defined(LIBRESSL_VERSION_NUMBER)
- 
- #include "openssl_x_diffie_hellman.h"
- #include "openssl_util.h"