diff mbox series

[10/18] ppp: Use openssl for the DES instead of the libcrypt / glibc

Message ID 06c361481025023e6ad962759e5968bd9c19c0b7.1533595822.git.raj.khem@gmail.com
State Superseded
Headers show
Series Update to glibc 2.28 | expand

Commit Message

Khem Raj Aug. 6, 2018, 10:57 p.m. UTC
Signed-off-by: Khem Raj <raj.khem@gmail.com>

---
 .../ppp/ppp/ppp-2.4.7-DES-openssl.patch       | 84 +++++++++++++++++++
 meta/recipes-connectivity/ppp/ppp_2.4.7.bb    |  5 +-
 2 files changed, 87 insertions(+), 2 deletions(-)
 create mode 100644 meta/recipes-connectivity/ppp/ppp/ppp-2.4.7-DES-openssl.patch

-- 
2.18.0

-- 
_______________________________________________
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

Comments

Ross Burton Aug. 8, 2018, 10:39 a.m. UTC | #1
Why not use libxcrypt?

Ross

On 6 August 2018 at 23:57, Khem Raj <raj.khem@gmail.com> wrote:
> Signed-off-by: Khem Raj <raj.khem@gmail.com>

> ---

>  .../ppp/ppp/ppp-2.4.7-DES-openssl.patch       | 84 +++++++++++++++++++

>  meta/recipes-connectivity/ppp/ppp_2.4.7.bb    |  5 +-

>  2 files changed, 87 insertions(+), 2 deletions(-)

>  create mode 100644 meta/recipes-connectivity/ppp/ppp/ppp-2.4.7-DES-openssl.patch

>

> diff --git a/meta/recipes-connectivity/ppp/ppp/ppp-2.4.7-DES-openssl.patch b/meta/recipes-connectivity/ppp/ppp/ppp-2.4.7-DES-openssl.patch

> new file mode 100644

> index 0000000000..e53f240543

> --- /dev/null

> +++ b/meta/recipes-connectivity/ppp/ppp/ppp-2.4.7-DES-openssl.patch

> @@ -0,0 +1,84 @@

> +Used openssl for the DES instead of the libcrypt / glibc

> +

> +Upstream-Status: Pending

> +

> +Signed-off-by: Khem Raj <raj.khem@gmail.com>

> +

> +Index: ppp-2.4.7/pppd/Makefile.linux

> +===================================================================

> +--- ppp-2.4.7.orig/pppd/Makefile.linux

> ++++ ppp-2.4.7/pppd/Makefile.linux

> +@@ -38,7 +38,7 @@ LIBS =

> + # Uncomment the next 2 lines to include support for Microsoft's

> + # MS-CHAP authentication protocol.  Also, edit plugins/radius/Makefile.linux.

> + CHAPMS=y

> +-USE_CRYPT=y

> ++#USE_CRYPT=y

> + # Don't use MSLANMAN unless you really know what you're doing.

> + #MSLANMAN=y

> + # Uncomment the next line to include support for MPPE.  CHAPMS (above) must

> +@@ -132,7 +132,7 @@ endif

> +

> + ifdef NEEDDES

> + ifndef USE_CRYPT

> +-LIBS     += -ldes $(LIBS)

> ++LIBS     += -lcrypto

> + else

> + CFLAGS   += -DUSE_CRYPT=1

> + endif

> +Index: ppp-2.4.7/pppd/pppcrypt.c

> +===================================================================

> +--- ppp-2.4.7.orig/pppd/pppcrypt.c

> ++++ ppp-2.4.7/pppd/pppcrypt.c

> +@@ -64,7 +64,7 @@ u_char *des_key;     /* OUT 64 bit DES key w

> +       des_key[7] = Get7Bits(key, 49);

> +

> + #ifndef USE_CRYPT

> +-      des_set_odd_parity((des_cblock *)des_key);

> ++      DES_set_odd_parity((DES_cblock *)des_key);

> + #endif

> + }

> +

> +@@ -158,25 +158,25 @@ u_char *clear;   /* OUT 8 octets */

> + }

> +

> + #else /* USE_CRYPT */

> +-static des_key_schedule       key_schedule;

> ++static DES_key_schedule       key_schedule;

> +

> + bool

> + DesSetkey(key)

> + u_char *key;

> + {

> +-      des_cblock des_key;

> ++      DES_cblock des_key;

> +       MakeKey(key, des_key);

> +-      des_set_key(&des_key, key_schedule);

> ++      DES_set_key(&des_key, &key_schedule);

> +       return (1);

> + }

> +

> + bool

> +-DesEncrypt(clear, key, cipher)

> ++DesEncrypt(clear, cipher)

> + u_char *clear;        /* IN  8 octets */

> + u_char *cipher;       /* OUT 8 octets */

> + {

> +-      des_ecb_encrypt((des_cblock *)clear, (des_cblock *)cipher,

> +-          key_schedule, 1);

> ++      DES_ecb_encrypt((DES_cblock *)clear, (DES_cblock *)cipher,

> ++          &key_schedule, 1);

> +       return (1);

> + }

> +

> +@@ -185,8 +185,8 @@ DesDecrypt(cipher, clear)

> + u_char *cipher;       /* IN  8 octets */

> + u_char *clear;        /* OUT 8 octets */

> + {

> +-      des_ecb_encrypt((des_cblock *)cipher, (des_cblock *)clear,

> +-          key_schedule, 0);

> ++      DES_ecb_encrypt((DES_cblock *)cipher, (DES_cblock *)clear,

> ++          &key_schedule, 0);

> +       return (1);

> + }

> +

> diff --git a/meta/recipes-connectivity/ppp/ppp_2.4.7.bb b/meta/recipes-connectivity/ppp/ppp_2.4.7.bb

> index a1bb7d71c1..f4646bd693 100644

> --- a/meta/recipes-connectivity/ppp/ppp_2.4.7.bb

> +++ b/meta/recipes-connectivity/ppp/ppp_2.4.7.bb

> @@ -4,7 +4,7 @@ the Point-to-Point Protocol (PPP) on Linux and Solaris systems."

>  SECTION = "console/network"

>  HOMEPAGE = "http://samba.org/ppp/"

>  BUGTRACKER = "http://ppp.samba.org/cgi-bin/ppp-bugs"

> -DEPENDS = "libpcap"

> +DEPENDS = "libpcap openssl"

>  LICENSE = "BSD & GPLv2+ & LGPLv2+ & PD"

>  LIC_FILES_CHKSUM = "file://pppd/ccp.c;beginline=1;endline=29;md5=e2c43fe6e81ff77d87dc9c290a424dea \

>                      file://pppd/plugins/passprompt.c;beginline=1;endline=10;md5=3bcbcdbf0e369c9a3e0b8c8275b065d8 \

> @@ -32,6 +32,7 @@ SRC_URI = "https://download.samba.org/pub/${BPN}/${BP}.tar.gz \

>             file://fix-CVE-2015-3310.patch \

>             file://0001-pppoe-include-netinet-in.h-before-linux-in.h.patch \

>             file://0001-ppp-Remove-unneeded-include.patch \

> +           file://ppp-2.4.7-DES-openssl.patch \

>  "

>

>  SRC_URI_append_libc-musl = "\

> @@ -49,7 +50,7 @@ EXTRA_OECONF = "--disable-strip"

>  # Package Makefile computes CFLAGS, referencing COPTS.

>  # Typically hard-coded to '-O2 -g' in the Makefile's.

>  #

> -EXTRA_OEMAKE += ' COPTS="${CFLAGS} -I${S}/include"'

> +EXTRA_OEMAKE += ' COPTS="${CFLAGS} -I${STAGING_INCDIR}/openssl -I${S}/include"'

>

>  do_configure () {

>         oe_runconf

> --

> 2.18.0

>

> --

> _______________________________________________

> Openembedded-core mailing list

> Openembedded-core@lists.openembedded.org

> http://lists.openembedded.org/mailman/listinfo/openembedded-core

-- 
_______________________________________________
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
Khem Raj Aug. 8, 2018, 3:01 p.m. UTC | #2
Does it provide DES implementation I am not sure but if it does then it
might be another option

On Wed, Aug 8, 2018 at 3:40 AM Burton, Ross <ross.burton@intel.com> wrote:

> Why not use libxcrypt?

>

> Ross

>

> On 6 August 2018 at 23:57, Khem Raj <raj.khem@gmail.com> wrote:

> > Signed-off-by: Khem Raj <raj.khem@gmail.com>

> > ---

> >  .../ppp/ppp/ppp-2.4.7-DES-openssl.patch       | 84 +++++++++++++++++++

> >  meta/recipes-connectivity/ppp/ppp_2.4.7.bb    |  5 +-

> >  2 files changed, 87 insertions(+), 2 deletions(-)

> >  create mode 100644

> meta/recipes-connectivity/ppp/ppp/ppp-2.4.7-DES-openssl.patch

> >

> > diff --git

> a/meta/recipes-connectivity/ppp/ppp/ppp-2.4.7-DES-openssl.patch

> b/meta/recipes-connectivity/ppp/ppp/ppp-2.4.7-DES-openssl.patch

> > new file mode 100644

> > index 0000000000..e53f240543

> > --- /dev/null

> > +++ b/meta/recipes-connectivity/ppp/ppp/ppp-2.4.7-DES-openssl.patch

> > @@ -0,0 +1,84 @@

> > +Used openssl for the DES instead of the libcrypt / glibc

> > +

> > +Upstream-Status: Pending

> > +

> > +Signed-off-by: Khem Raj <raj.khem@gmail.com>

> > +

> > +Index: ppp-2.4.7/pppd/Makefile.linux

> > +===================================================================

> > +--- ppp-2.4.7.orig/pppd/Makefile.linux

> > ++++ ppp-2.4.7/pppd/Makefile.linux

> > +@@ -38,7 +38,7 @@ LIBS =

> > + # Uncomment the next 2 lines to include support for Microsoft's

> > + # MS-CHAP authentication protocol.  Also, edit

> plugins/radius/Makefile.linux.

> > + CHAPMS=y

> > +-USE_CRYPT=y

> > ++#USE_CRYPT=y

> > + # Don't use MSLANMAN unless you really know what you're doing.

> > + #MSLANMAN=y

> > + # Uncomment the next line to include support for MPPE.  CHAPMS (above)

> must

> > +@@ -132,7 +132,7 @@ endif

> > +

> > + ifdef NEEDDES

> > + ifndef USE_CRYPT

> > +-LIBS     += -ldes $(LIBS)

> > ++LIBS     += -lcrypto

> > + else

> > + CFLAGS   += -DUSE_CRYPT=1

> > + endif

> > +Index: ppp-2.4.7/pppd/pppcrypt.c

> > +===================================================================

> > +--- ppp-2.4.7.orig/pppd/pppcrypt.c

> > ++++ ppp-2.4.7/pppd/pppcrypt.c

> > +@@ -64,7 +64,7 @@ u_char *des_key;     /* OUT 64 bit DES key w

> > +       des_key[7] = Get7Bits(key, 49);

> > +

> > + #ifndef USE_CRYPT

> > +-      des_set_odd_parity((des_cblock *)des_key);

> > ++      DES_set_odd_parity((DES_cblock *)des_key);

> > + #endif

> > + }

> > +

> > +@@ -158,25 +158,25 @@ u_char *clear;   /* OUT 8 octets */

> > + }

> > +

> > + #else /* USE_CRYPT */

> > +-static des_key_schedule       key_schedule;

> > ++static DES_key_schedule       key_schedule;

> > +

> > + bool

> > + DesSetkey(key)

> > + u_char *key;

> > + {

> > +-      des_cblock des_key;

> > ++      DES_cblock des_key;

> > +       MakeKey(key, des_key);

> > +-      des_set_key(&des_key, key_schedule);

> > ++      DES_set_key(&des_key, &key_schedule);

> > +       return (1);

> > + }

> > +

> > + bool

> > +-DesEncrypt(clear, key, cipher)

> > ++DesEncrypt(clear, cipher)

> > + u_char *clear;        /* IN  8 octets */

> > + u_char *cipher;       /* OUT 8 octets */

> > + {

> > +-      des_ecb_encrypt((des_cblock *)clear, (des_cblock *)cipher,

> > +-          key_schedule, 1);

> > ++      DES_ecb_encrypt((DES_cblock *)clear, (DES_cblock *)cipher,

> > ++          &key_schedule, 1);

> > +       return (1);

> > + }

> > +

> > +@@ -185,8 +185,8 @@ DesDecrypt(cipher, clear)

> > + u_char *cipher;       /* IN  8 octets */

> > + u_char *clear;        /* OUT 8 octets */

> > + {

> > +-      des_ecb_encrypt((des_cblock *)cipher, (des_cblock *)clear,

> > +-          key_schedule, 0);

> > ++      DES_ecb_encrypt((DES_cblock *)cipher, (DES_cblock *)clear,

> > ++          &key_schedule, 0);

> > +       return (1);

> > + }

> > +

> > diff --git a/meta/recipes-connectivity/ppp/ppp_2.4.7.bb

> b/meta/recipes-connectivity/ppp/ppp_2.4.7.bb

> > index a1bb7d71c1..f4646bd693 100644

> > --- a/meta/recipes-connectivity/ppp/ppp_2.4.7.bb

> > +++ b/meta/recipes-connectivity/ppp/ppp_2.4.7.bb

> > @@ -4,7 +4,7 @@ the Point-to-Point Protocol (PPP) on Linux and Solaris

> systems."

> >  SECTION = "console/network"

> >  HOMEPAGE = "http://samba.org/ppp/"

> >  BUGTRACKER = "http://ppp.samba.org/cgi-bin/ppp-bugs"

> > -DEPENDS = "libpcap"

> > +DEPENDS = "libpcap openssl"

> >  LICENSE = "BSD & GPLv2+ & LGPLv2+ & PD"

> >  LIC_FILES_CHKSUM =

> "file://pppd/ccp.c;beginline=1;endline=29;md5=e2c43fe6e81ff77d87dc9c290a424dea

> \

> >

> file://pppd/plugins/passprompt.c;beginline=1;endline=10;md5=3bcbcdbf0e369c9a3e0b8c8275b065d8

> \

> > @@ -32,6 +32,7 @@ SRC_URI = "

> https://download.samba.org/pub/${BPN}/${BP}.tar.gz \

> >             file://fix-CVE-2015-3310.patch \

> >

>  file://0001-pppoe-include-netinet-in.h-before-linux-in.h.patch \

> >             file://0001-ppp-Remove-unneeded-include.patch \

> > +           file://ppp-2.4.7-DES-openssl.patch \

> >  "

> >

> >  SRC_URI_append_libc-musl = "\

> > @@ -49,7 +50,7 @@ EXTRA_OECONF = "--disable-strip"

> >  # Package Makefile computes CFLAGS, referencing COPTS.

> >  # Typically hard-coded to '-O2 -g' in the Makefile's.

> >  #

> > -EXTRA_OEMAKE += ' COPTS="${CFLAGS} -I${S}/include"'

> > +EXTRA_OEMAKE += ' COPTS="${CFLAGS} -I${STAGING_INCDIR}/openssl

> -I${S}/include"'

> >

> >  do_configure () {

> >         oe_runconf

> > --

> > 2.18.0

> >

> > --

> > _______________________________________________

> > Openembedded-core mailing list

> > Openembedded-core@lists.openembedded.org

> > http://lists.openembedded.org/mailman/listinfo/openembedded-core

>
<div><div dir="auto">Does it provide DES implementation I am not sure but if it does then it might be another option </div></div><div><br><div class="gmail_quote"><div dir="ltr">On Wed, Aug 8, 2018 at 3:40 AM Burton, Ross &lt;<a href="mailto:ross.burton@intel.com">ross.burton@intel.com</a>&gt; wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Why not use libxcrypt?<br>
<br>
Ross<br>
<br>
On 6 August 2018 at 23:57, Khem Raj &lt;<a href="mailto:raj.khem@gmail.com" target="_blank">raj.khem@gmail.com</a>&gt; wrote:<br>
&gt; Signed-off-by: Khem Raj &lt;<a href="mailto:raj.khem@gmail.com" target="_blank">raj.khem@gmail.com</a>&gt;<br>
&gt; ---<br>
&gt;  .../ppp/ppp/ppp-2.4.7-DES-openssl.patch       | 84 +++++++++++++++++++<br>
&gt;  meta/recipes-connectivity/ppp/<a href="http://ppp_2.4.7.bb" rel="noreferrer" target="_blank">ppp_2.4.7.bb</a>    |  5 +-<br>
&gt;  2 files changed, 87 insertions(+), 2 deletions(-)<br>
&gt;  create mode 100644 meta/recipes-connectivity/ppp/ppp/ppp-2.4.7-DES-openssl.patch<br>
&gt;<br>
&gt; diff --git a/meta/recipes-connectivity/ppp/ppp/ppp-2.4.7-DES-openssl.patch b/meta/recipes-connectivity/ppp/ppp/ppp-2.4.7-DES-openssl.patch<br>
&gt; new file mode 100644<br>
&gt; index 0000000000..e53f240543<br>
&gt; --- /dev/null<br>
&gt; +++ b/meta/recipes-connectivity/ppp/ppp/ppp-2.4.7-DES-openssl.patch<br>
&gt; @@ -0,0 +1,84 @@<br>
&gt; +Used openssl for the DES instead of the libcrypt / glibc<br>
&gt; +<br>
&gt; +Upstream-Status: Pending<br>
&gt; +<br>
&gt; +Signed-off-by: Khem Raj &lt;<a href="mailto:raj.khem@gmail.com" target="_blank">raj.khem@gmail.com</a>&gt;<br>
&gt; +<br>
&gt; +Index: ppp-2.4.7/pppd/Makefile.linux<br>
&gt; +===================================================================<br>
&gt; +--- ppp-2.4.7.orig/pppd/Makefile.linux<br>
&gt; ++++ ppp-2.4.7/pppd/Makefile.linux<br>
&gt; +@@ -38,7 +38,7 @@ LIBS =<br>
&gt; + # Uncomment the next 2 lines to include support for Microsoft&#39;s<br>
&gt; + # MS-CHAP authentication protocol.  Also, edit plugins/radius/Makefile.linux.<br>
&gt; + CHAPMS=y<br>
&gt; +-USE_CRYPT=y<br>
&gt; ++#USE_CRYPT=y<br>
&gt; + # Don&#39;t use MSLANMAN unless you really know what you&#39;re doing.<br>
&gt; + #MSLANMAN=y<br>
&gt; + # Uncomment the next line to include support for MPPE.  CHAPMS (above) must<br>
&gt; +@@ -132,7 +132,7 @@ endif<br>
&gt; +<br>
&gt; + ifdef NEEDDES<br>
&gt; + ifndef USE_CRYPT<br>
&gt; +-LIBS     += -ldes $(LIBS)<br>
&gt; ++LIBS     += -lcrypto<br>
&gt; + else<br>
&gt; + CFLAGS   += -DUSE_CRYPT=1<br>
&gt; + endif<br>
&gt; +Index: ppp-2.4.7/pppd/pppcrypt.c<br>
&gt; +===================================================================<br>
&gt; +--- ppp-2.4.7.orig/pppd/pppcrypt.c<br>
&gt; ++++ ppp-2.4.7/pppd/pppcrypt.c<br>
&gt; +@@ -64,7 +64,7 @@ u_char *des_key;     /* OUT 64 bit DES key w<br>
&gt; +       des_key[7] = Get7Bits(key, 49);<br>
&gt; +<br>
&gt; + #ifndef USE_CRYPT<br>
&gt; +-      des_set_odd_parity((des_cblock *)des_key);<br>
&gt; ++      DES_set_odd_parity((DES_cblock *)des_key);<br>
&gt; + #endif<br>
&gt; + }<br>
&gt; +<br>
&gt; +@@ -158,25 +158,25 @@ u_char *clear;   /* OUT 8 octets */<br>
&gt; + }<br>
&gt; +<br>
&gt; + #else /* USE_CRYPT */<br>
&gt; +-static des_key_schedule       key_schedule;<br>
&gt; ++static DES_key_schedule       key_schedule;<br>
&gt; +<br>
&gt; + bool<br>
&gt; + DesSetkey(key)<br>
&gt; + u_char *key;<br>
&gt; + {<br>
&gt; +-      des_cblock des_key;<br>
&gt; ++      DES_cblock des_key;<br>
&gt; +       MakeKey(key, des_key);<br>
&gt; +-      des_set_key(&amp;des_key, key_schedule);<br>
&gt; ++      DES_set_key(&amp;des_key, &amp;key_schedule);<br>
&gt; +       return (1);<br>
&gt; + }<br>
&gt; +<br>
&gt; + bool<br>
&gt; +-DesEncrypt(clear, key, cipher)<br>
&gt; ++DesEncrypt(clear, cipher)<br>
&gt; + u_char *clear;        /* IN  8 octets */<br>
&gt; + u_char *cipher;       /* OUT 8 octets */<br>
&gt; + {<br>
&gt; +-      des_ecb_encrypt((des_cblock *)clear, (des_cblock *)cipher,<br>
&gt; +-          key_schedule, 1);<br>
&gt; ++      DES_ecb_encrypt((DES_cblock *)clear, (DES_cblock *)cipher,<br>
&gt; ++          &amp;key_schedule, 1);<br>
&gt; +       return (1);<br>
&gt; + }<br>
&gt; +<br>
&gt; +@@ -185,8 +185,8 @@ DesDecrypt(cipher, clear)<br>
&gt; + u_char *cipher;       /* IN  8 octets */<br>
&gt; + u_char *clear;        /* OUT 8 octets */<br>
&gt; + {<br>
&gt; +-      des_ecb_encrypt((des_cblock *)cipher, (des_cblock *)clear,<br>
&gt; +-          key_schedule, 0);<br>
&gt; ++      DES_ecb_encrypt((DES_cblock *)cipher, (DES_cblock *)clear,<br>
&gt; ++          &amp;key_schedule, 0);<br>
&gt; +       return (1);<br>
&gt; + }<br>
&gt; +<br>
&gt; diff --git a/meta/recipes-connectivity/ppp/<a href="http://ppp_2.4.7.bb" rel="noreferrer" target="_blank">ppp_2.4.7.bb</a> b/meta/recipes-connectivity/ppp/<a href="http://ppp_2.4.7.bb" rel="noreferrer" target="_blank">ppp_2.4.7.bb</a><br>
&gt; index a1bb7d71c1..f4646bd693 100644<br>
&gt; --- a/meta/recipes-connectivity/ppp/<a href="http://ppp_2.4.7.bb" rel="noreferrer" target="_blank">ppp_2.4.7.bb</a><br>
&gt; +++ b/meta/recipes-connectivity/ppp/<a href="http://ppp_2.4.7.bb" rel="noreferrer" target="_blank">ppp_2.4.7.bb</a><br>
&gt; @@ -4,7 +4,7 @@ the Point-to-Point Protocol (PPP) on Linux and Solaris systems.&quot;<br>
&gt;  SECTION = &quot;console/network&quot;<br>
&gt;  HOMEPAGE = &quot;<a href="http://samba.org/ppp/" rel="noreferrer" target="_blank">http://samba.org/ppp/</a>&quot;<br>
&gt;  BUGTRACKER = &quot;<a href="http://ppp.samba.org/cgi-bin/ppp-bugs" rel="noreferrer" target="_blank">http://ppp.samba.org/cgi-bin/ppp-bugs</a>&quot;<br>
&gt; -DEPENDS = &quot;libpcap&quot;<br>
&gt; +DEPENDS = &quot;libpcap openssl&quot;<br>
&gt;  LICENSE = &quot;BSD &amp; GPLv2+ &amp; LGPLv2+ &amp; PD&quot;<br>
&gt;  LIC_FILES_CHKSUM = &quot;file://pppd/ccp.c;beginline=1;endline=29;md5=e2c43fe6e81ff77d87dc9c290a424dea \<br>
&gt;                      file://pppd/plugins/passprompt.c;beginline=1;endline=10;md5=3bcbcdbf0e369c9a3e0b8c8275b065d8 \<br>
&gt; @@ -32,6 +32,7 @@ SRC_URI = &quot;<a href="https://download.samba.org/pub/$%7BBPN%7D/$%7BBP%7D.tar.gz" rel="noreferrer" target="_blank">https://download.samba.org/pub/${BPN}/${BP}.tar.gz</a> \<br>
&gt;             file://fix-CVE-2015-3310.patch \<br>
&gt;             file://0001-pppoe-include-netinet-in.h-before-linux-in.h.patch \<br>
&gt;             file://0001-ppp-Remove-unneeded-include.patch \<br>
&gt; +           file://ppp-2.4.7-DES-openssl.patch \<br>
&gt;  &quot;<br>
&gt;<br>
&gt;  SRC_URI_append_libc-musl = &quot;\<br>
&gt; @@ -49,7 +50,7 @@ EXTRA_OECONF = &quot;--disable-strip&quot;<br>
&gt;  # Package Makefile computes CFLAGS, referencing COPTS.<br>
&gt;  # Typically hard-coded to &#39;-O2 -g&#39; in the Makefile&#39;s.<br>
&gt;  #<br>
&gt; -EXTRA_OEMAKE += &#39; COPTS=&quot;${CFLAGS} -I${S}/include&quot;&#39;<br>
&gt; +EXTRA_OEMAKE += &#39; COPTS=&quot;${CFLAGS} -I${STAGING_INCDIR}/openssl -I${S}/include&quot;&#39;<br>
&gt;<br>
&gt;  do_configure () {<br>
&gt;         oe_runconf<br>
&gt; --<br>
&gt; 2.18.0<br>
&gt;<br>
&gt; --<br>
&gt; _______________________________________________<br>
&gt; Openembedded-core mailing list<br>
&gt; <a href="mailto:Openembedded-core@lists.openembedded.org" target="_blank">Openembedded-core@lists.openembedded.org</a><br>
&gt; <a href="http://lists.openembedded.org/mailman/listinfo/openembedded-core" rel="noreferrer" target="_blank">http://lists.openembedded.org/mailman/listinfo/openembedded-core</a><br>
</blockquote></div></div>
-- 
_______________________________________________
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
Ross Burton Aug. 8, 2018, 3:14 p.m. UTC | #3
My understanding is that libxcrypt was basically the crypto pieces
ripped out of glibc, but the github page lists DES as an implemented
algorithm.

Ross

On 8 August 2018 at 16:01, Khem Raj <raj.khem@gmail.com> wrote:
> Does it provide DES implementation I am not sure but if it does then it

> might be another option

>

> On Wed, Aug 8, 2018 at 3:40 AM Burton, Ross <ross.burton@intel.com> wrote:

>>

>> Why not use libxcrypt?

>>

>> Ross

>>

>> On 6 August 2018 at 23:57, Khem Raj <raj.khem@gmail.com> wrote:

>> > Signed-off-by: Khem Raj <raj.khem@gmail.com>

>> > ---

>> >  .../ppp/ppp/ppp-2.4.7-DES-openssl.patch       | 84 +++++++++++++++++++

>> >  meta/recipes-connectivity/ppp/ppp_2.4.7.bb    |  5 +-

>> >  2 files changed, 87 insertions(+), 2 deletions(-)

>> >  create mode 100644

>> > meta/recipes-connectivity/ppp/ppp/ppp-2.4.7-DES-openssl.patch

>> >

>> > diff --git

>> > a/meta/recipes-connectivity/ppp/ppp/ppp-2.4.7-DES-openssl.patch

>> > b/meta/recipes-connectivity/ppp/ppp/ppp-2.4.7-DES-openssl.patch

>> > new file mode 100644

>> > index 0000000000..e53f240543

>> > --- /dev/null

>> > +++ b/meta/recipes-connectivity/ppp/ppp/ppp-2.4.7-DES-openssl.patch

>> > @@ -0,0 +1,84 @@

>> > +Used openssl for the DES instead of the libcrypt / glibc

>> > +

>> > +Upstream-Status: Pending

>> > +

>> > +Signed-off-by: Khem Raj <raj.khem@gmail.com>

>> > +

>> > +Index: ppp-2.4.7/pppd/Makefile.linux

>> > +===================================================================

>> > +--- ppp-2.4.7.orig/pppd/Makefile.linux

>> > ++++ ppp-2.4.7/pppd/Makefile.linux

>> > +@@ -38,7 +38,7 @@ LIBS =

>> > + # Uncomment the next 2 lines to include support for Microsoft's

>> > + # MS-CHAP authentication protocol.  Also, edit

>> > plugins/radius/Makefile.linux.

>> > + CHAPMS=y

>> > +-USE_CRYPT=y

>> > ++#USE_CRYPT=y

>> > + # Don't use MSLANMAN unless you really know what you're doing.

>> > + #MSLANMAN=y

>> > + # Uncomment the next line to include support for MPPE.  CHAPMS (above)

>> > must

>> > +@@ -132,7 +132,7 @@ endif

>> > +

>> > + ifdef NEEDDES

>> > + ifndef USE_CRYPT

>> > +-LIBS     += -ldes $(LIBS)

>> > ++LIBS     += -lcrypto

>> > + else

>> > + CFLAGS   += -DUSE_CRYPT=1

>> > + endif

>> > +Index: ppp-2.4.7/pppd/pppcrypt.c

>> > +===================================================================

>> > +--- ppp-2.4.7.orig/pppd/pppcrypt.c

>> > ++++ ppp-2.4.7/pppd/pppcrypt.c

>> > +@@ -64,7 +64,7 @@ u_char *des_key;     /* OUT 64 bit DES key w

>> > +       des_key[7] = Get7Bits(key, 49);

>> > +

>> > + #ifndef USE_CRYPT

>> > +-      des_set_odd_parity((des_cblock *)des_key);

>> > ++      DES_set_odd_parity((DES_cblock *)des_key);

>> > + #endif

>> > + }

>> > +

>> > +@@ -158,25 +158,25 @@ u_char *clear;   /* OUT 8 octets */

>> > + }

>> > +

>> > + #else /* USE_CRYPT */

>> > +-static des_key_schedule       key_schedule;

>> > ++static DES_key_schedule       key_schedule;

>> > +

>> > + bool

>> > + DesSetkey(key)

>> > + u_char *key;

>> > + {

>> > +-      des_cblock des_key;

>> > ++      DES_cblock des_key;

>> > +       MakeKey(key, des_key);

>> > +-      des_set_key(&des_key, key_schedule);

>> > ++      DES_set_key(&des_key, &key_schedule);

>> > +       return (1);

>> > + }

>> > +

>> > + bool

>> > +-DesEncrypt(clear, key, cipher)

>> > ++DesEncrypt(clear, cipher)

>> > + u_char *clear;        /* IN  8 octets */

>> > + u_char *cipher;       /* OUT 8 octets */

>> > + {

>> > +-      des_ecb_encrypt((des_cblock *)clear, (des_cblock *)cipher,

>> > +-          key_schedule, 1);

>> > ++      DES_ecb_encrypt((DES_cblock *)clear, (DES_cblock *)cipher,

>> > ++          &key_schedule, 1);

>> > +       return (1);

>> > + }

>> > +

>> > +@@ -185,8 +185,8 @@ DesDecrypt(cipher, clear)

>> > + u_char *cipher;       /* IN  8 octets */

>> > + u_char *clear;        /* OUT 8 octets */

>> > + {

>> > +-      des_ecb_encrypt((des_cblock *)cipher, (des_cblock *)clear,

>> > +-          key_schedule, 0);

>> > ++      DES_ecb_encrypt((DES_cblock *)cipher, (DES_cblock *)clear,

>> > ++          &key_schedule, 0);

>> > +       return (1);

>> > + }

>> > +

>> > diff --git a/meta/recipes-connectivity/ppp/ppp_2.4.7.bb

>> > b/meta/recipes-connectivity/ppp/ppp_2.4.7.bb

>> > index a1bb7d71c1..f4646bd693 100644

>> > --- a/meta/recipes-connectivity/ppp/ppp_2.4.7.bb

>> > +++ b/meta/recipes-connectivity/ppp/ppp_2.4.7.bb

>> > @@ -4,7 +4,7 @@ the Point-to-Point Protocol (PPP) on Linux and Solaris

>> > systems."

>> >  SECTION = "console/network"

>> >  HOMEPAGE = "http://samba.org/ppp/"

>> >  BUGTRACKER = "http://ppp.samba.org/cgi-bin/ppp-bugs"

>> > -DEPENDS = "libpcap"

>> > +DEPENDS = "libpcap openssl"

>> >  LICENSE = "BSD & GPLv2+ & LGPLv2+ & PD"

>> >  LIC_FILES_CHKSUM =

>> > "file://pppd/ccp.c;beginline=1;endline=29;md5=e2c43fe6e81ff77d87dc9c290a424dea

>> > \

>> >

>> > file://pppd/plugins/passprompt.c;beginline=1;endline=10;md5=3bcbcdbf0e369c9a3e0b8c8275b065d8

>> > \

>> > @@ -32,6 +32,7 @@ SRC_URI =

>> > "https://download.samba.org/pub/${BPN}/${BP}.tar.gz \

>> >             file://fix-CVE-2015-3310.patch \

>> >

>> > file://0001-pppoe-include-netinet-in.h-before-linux-in.h.patch \

>> >             file://0001-ppp-Remove-unneeded-include.patch \

>> > +           file://ppp-2.4.7-DES-openssl.patch \

>> >  "

>> >

>> >  SRC_URI_append_libc-musl = "\

>> > @@ -49,7 +50,7 @@ EXTRA_OECONF = "--disable-strip"

>> >  # Package Makefile computes CFLAGS, referencing COPTS.

>> >  # Typically hard-coded to '-O2 -g' in the Makefile's.

>> >  #

>> > -EXTRA_OEMAKE += ' COPTS="${CFLAGS} -I${S}/include"'

>> > +EXTRA_OEMAKE += ' COPTS="${CFLAGS} -I${STAGING_INCDIR}/openssl

>> > -I${S}/include"'

>> >

>> >  do_configure () {

>> >         oe_runconf

>> > --

>> > 2.18.0

>> >

>> > --

>> > _______________________________________________

>> > Openembedded-core mailing list

>> > Openembedded-core@lists.openembedded.org

>> > http://lists.openembedded.org/mailman/listinfo/openembedded-core

-- 
_______________________________________________
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
Khem Raj Aug. 8, 2018, 5 p.m. UTC | #4
Looking a bit more I see that ppp upstream has switched to using
openssl as well see
https://github.com/paulusmack/ppp/commit/3c7b86229f7bd2600d74db14b1fe5b3896be3875

so we are inline

secondly, using libxcrypt would either mean that we enable obsolete
APIs to support existing functionality in ppp. I would not like to do
that, infact eventually I would suggest to even disable weak hashes as
we move along.
This also would mean at one point we have to switch back to whatever
upstream ppp is doing when we upgrade ppp.This will be throw away
work.


On Wed, Aug 8, 2018 at 8:15 AM Burton, Ross <ross.burton@intel.com> wrote:
>

> My understanding is that libxcrypt was basically the crypto pieces

> ripped out of glibc, but the github page lists DES as an implemented

> algorithm.

>

> Ross

>

> On 8 August 2018 at 16:01, Khem Raj <raj.khem@gmail.com> wrote:

> > Does it provide DES implementation I am not sure but if it does then it

> > might be another option

> >

> > On Wed, Aug 8, 2018 at 3:40 AM Burton, Ross <ross.burton@intel.com> wrote:

> >>

> >> Why not use libxcrypt?

> >>

> >> Ross

> >>

> >> On 6 August 2018 at 23:57, Khem Raj <raj.khem@gmail.com> wrote:

> >> > Signed-off-by: Khem Raj <raj.khem@gmail.com>

> >> > ---

> >> >  .../ppp/ppp/ppp-2.4.7-DES-openssl.patch       | 84 +++++++++++++++++++

> >> >  meta/recipes-connectivity/ppp/ppp_2.4.7.bb    |  5 +-

> >> >  2 files changed, 87 insertions(+), 2 deletions(-)

> >> >  create mode 100644

> >> > meta/recipes-connectivity/ppp/ppp/ppp-2.4.7-DES-openssl.patch

> >> >

> >> > diff --git

> >> > a/meta/recipes-connectivity/ppp/ppp/ppp-2.4.7-DES-openssl.patch

> >> > b/meta/recipes-connectivity/ppp/ppp/ppp-2.4.7-DES-openssl.patch

> >> > new file mode 100644

> >> > index 0000000000..e53f240543

> >> > --- /dev/null

> >> > +++ b/meta/recipes-connectivity/ppp/ppp/ppp-2.4.7-DES-openssl.patch

> >> > @@ -0,0 +1,84 @@

> >> > +Used openssl for the DES instead of the libcrypt / glibc

> >> > +

> >> > +Upstream-Status: Pending

> >> > +

> >> > +Signed-off-by: Khem Raj <raj.khem@gmail.com>

> >> > +

> >> > +Index: ppp-2.4.7/pppd/Makefile.linux

> >> > +===================================================================

> >> > +--- ppp-2.4.7.orig/pppd/Makefile.linux

> >> > ++++ ppp-2.4.7/pppd/Makefile.linux

> >> > +@@ -38,7 +38,7 @@ LIBS =

> >> > + # Uncomment the next 2 lines to include support for Microsoft's

> >> > + # MS-CHAP authentication protocol.  Also, edit

> >> > plugins/radius/Makefile.linux.

> >> > + CHAPMS=y

> >> > +-USE_CRYPT=y

> >> > ++#USE_CRYPT=y

> >> > + # Don't use MSLANMAN unless you really know what you're doing.

> >> > + #MSLANMAN=y

> >> > + # Uncomment the next line to include support for MPPE.  CHAPMS (above)

> >> > must

> >> > +@@ -132,7 +132,7 @@ endif

> >> > +

> >> > + ifdef NEEDDES

> >> > + ifndef USE_CRYPT

> >> > +-LIBS     += -ldes $(LIBS)

> >> > ++LIBS     += -lcrypto

> >> > + else

> >> > + CFLAGS   += -DUSE_CRYPT=1

> >> > + endif

> >> > +Index: ppp-2.4.7/pppd/pppcrypt.c

> >> > +===================================================================

> >> > +--- ppp-2.4.7.orig/pppd/pppcrypt.c

> >> > ++++ ppp-2.4.7/pppd/pppcrypt.c

> >> > +@@ -64,7 +64,7 @@ u_char *des_key;     /* OUT 64 bit DES key w

> >> > +       des_key[7] = Get7Bits(key, 49);

> >> > +

> >> > + #ifndef USE_CRYPT

> >> > +-      des_set_odd_parity((des_cblock *)des_key);

> >> > ++      DES_set_odd_parity((DES_cblock *)des_key);

> >> > + #endif

> >> > + }

> >> > +

> >> > +@@ -158,25 +158,25 @@ u_char *clear;   /* OUT 8 octets */

> >> > + }

> >> > +

> >> > + #else /* USE_CRYPT */

> >> > +-static des_key_schedule       key_schedule;

> >> > ++static DES_key_schedule       key_schedule;

> >> > +

> >> > + bool

> >> > + DesSetkey(key)

> >> > + u_char *key;

> >> > + {

> >> > +-      des_cblock des_key;

> >> > ++      DES_cblock des_key;

> >> > +       MakeKey(key, des_key);

> >> > +-      des_set_key(&des_key, key_schedule);

> >> > ++      DES_set_key(&des_key, &key_schedule);

> >> > +       return (1);

> >> > + }

> >> > +

> >> > + bool

> >> > +-DesEncrypt(clear, key, cipher)

> >> > ++DesEncrypt(clear, cipher)

> >> > + u_char *clear;        /* IN  8 octets */

> >> > + u_char *cipher;       /* OUT 8 octets */

> >> > + {

> >> > +-      des_ecb_encrypt((des_cblock *)clear, (des_cblock *)cipher,

> >> > +-          key_schedule, 1);

> >> > ++      DES_ecb_encrypt((DES_cblock *)clear, (DES_cblock *)cipher,

> >> > ++          &key_schedule, 1);

> >> > +       return (1);

> >> > + }

> >> > +

> >> > +@@ -185,8 +185,8 @@ DesDecrypt(cipher, clear)

> >> > + u_char *cipher;       /* IN  8 octets */

> >> > + u_char *clear;        /* OUT 8 octets */

> >> > + {

> >> > +-      des_ecb_encrypt((des_cblock *)cipher, (des_cblock *)clear,

> >> > +-          key_schedule, 0);

> >> > ++      DES_ecb_encrypt((DES_cblock *)cipher, (DES_cblock *)clear,

> >> > ++          &key_schedule, 0);

> >> > +       return (1);

> >> > + }

> >> > +

> >> > diff --git a/meta/recipes-connectivity/ppp/ppp_2.4.7.bb

> >> > b/meta/recipes-connectivity/ppp/ppp_2.4.7.bb

> >> > index a1bb7d71c1..f4646bd693 100644

> >> > --- a/meta/recipes-connectivity/ppp/ppp_2.4.7.bb

> >> > +++ b/meta/recipes-connectivity/ppp/ppp_2.4.7.bb

> >> > @@ -4,7 +4,7 @@ the Point-to-Point Protocol (PPP) on Linux and Solaris

> >> > systems."

> >> >  SECTION = "console/network"

> >> >  HOMEPAGE = "http://samba.org/ppp/"

> >> >  BUGTRACKER = "http://ppp.samba.org/cgi-bin/ppp-bugs"

> >> > -DEPENDS = "libpcap"

> >> > +DEPENDS = "libpcap openssl"

> >> >  LICENSE = "BSD & GPLv2+ & LGPLv2+ & PD"

> >> >  LIC_FILES_CHKSUM =

> >> > "file://pppd/ccp.c;beginline=1;endline=29;md5=e2c43fe6e81ff77d87dc9c290a424dea

> >> > \

> >> >

> >> > file://pppd/plugins/passprompt.c;beginline=1;endline=10;md5=3bcbcdbf0e369c9a3e0b8c8275b065d8

> >> > \

> >> > @@ -32,6 +32,7 @@ SRC_URI =

> >> > "https://download.samba.org/pub/${BPN}/${BP}.tar.gz \

> >> >             file://fix-CVE-2015-3310.patch \

> >> >

> >> > file://0001-pppoe-include-netinet-in.h-before-linux-in.h.patch \

> >> >             file://0001-ppp-Remove-unneeded-include.patch \

> >> > +           file://ppp-2.4.7-DES-openssl.patch \

> >> >  "

> >> >

> >> >  SRC_URI_append_libc-musl = "\

> >> > @@ -49,7 +50,7 @@ EXTRA_OECONF = "--disable-strip"

> >> >  # Package Makefile computes CFLAGS, referencing COPTS.

> >> >  # Typically hard-coded to '-O2 -g' in the Makefile's.

> >> >  #

> >> > -EXTRA_OEMAKE += ' COPTS="${CFLAGS} -I${S}/include"'

> >> > +EXTRA_OEMAKE += ' COPTS="${CFLAGS} -I${STAGING_INCDIR}/openssl

> >> > -I${S}/include"'

> >> >

> >> >  do_configure () {

> >> >         oe_runconf

> >> > --

> >> > 2.18.0

> >> >

> >> > --

> >> > _______________________________________________

> >> > Openembedded-core mailing list

> >> > Openembedded-core@lists.openembedded.org

> >> > http://lists.openembedded.org/mailman/listinfo/openembedded-core

-- 
_______________________________________________
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core
diff mbox series

Patch

diff --git a/meta/recipes-connectivity/ppp/ppp/ppp-2.4.7-DES-openssl.patch b/meta/recipes-connectivity/ppp/ppp/ppp-2.4.7-DES-openssl.patch
new file mode 100644
index 0000000000..e53f240543
--- /dev/null
+++ b/meta/recipes-connectivity/ppp/ppp/ppp-2.4.7-DES-openssl.patch
@@ -0,0 +1,84 @@ 
+Used openssl for the DES instead of the libcrypt / glibc
+
+Upstream-Status: Pending
+
+Signed-off-by: Khem Raj <raj.khem@gmail.com>
+
+Index: ppp-2.4.7/pppd/Makefile.linux
+===================================================================
+--- ppp-2.4.7.orig/pppd/Makefile.linux
++++ ppp-2.4.7/pppd/Makefile.linux
+@@ -38,7 +38,7 @@ LIBS =
+ # Uncomment the next 2 lines to include support for Microsoft's
+ # MS-CHAP authentication protocol.  Also, edit plugins/radius/Makefile.linux.
+ CHAPMS=y
+-USE_CRYPT=y
++#USE_CRYPT=y
+ # Don't use MSLANMAN unless you really know what you're doing.
+ #MSLANMAN=y
+ # Uncomment the next line to include support for MPPE.  CHAPMS (above) must
+@@ -132,7 +132,7 @@ endif
+ 
+ ifdef NEEDDES
+ ifndef USE_CRYPT
+-LIBS     += -ldes $(LIBS)
++LIBS     += -lcrypto
+ else
+ CFLAGS   += -DUSE_CRYPT=1
+ endif
+Index: ppp-2.4.7/pppd/pppcrypt.c
+===================================================================
+--- ppp-2.4.7.orig/pppd/pppcrypt.c
++++ ppp-2.4.7/pppd/pppcrypt.c
+@@ -64,7 +64,7 @@ u_char *des_key;	/* OUT 64 bit DES key w
+ 	des_key[7] = Get7Bits(key, 49);
+ 
+ #ifndef USE_CRYPT
+-	des_set_odd_parity((des_cblock *)des_key);
++	DES_set_odd_parity((DES_cblock *)des_key);
+ #endif
+ }
+ 
+@@ -158,25 +158,25 @@ u_char *clear;	/* OUT 8 octets */
+ }
+ 
+ #else /* USE_CRYPT */
+-static des_key_schedule	key_schedule;
++static DES_key_schedule	key_schedule;
+ 
+ bool
+ DesSetkey(key)
+ u_char *key;
+ {
+-	des_cblock des_key;
++	DES_cblock des_key;
+ 	MakeKey(key, des_key);
+-	des_set_key(&des_key, key_schedule);
++	DES_set_key(&des_key, &key_schedule);
+ 	return (1);
+ }
+ 
+ bool
+-DesEncrypt(clear, key, cipher)
++DesEncrypt(clear, cipher)
+ u_char *clear;	/* IN  8 octets */
+ u_char *cipher;	/* OUT 8 octets */
+ {
+-	des_ecb_encrypt((des_cblock *)clear, (des_cblock *)cipher,
+-	    key_schedule, 1);
++	DES_ecb_encrypt((DES_cblock *)clear, (DES_cblock *)cipher,
++	    &key_schedule, 1);
+ 	return (1);
+ }
+ 
+@@ -185,8 +185,8 @@ DesDecrypt(cipher, clear)
+ u_char *cipher;	/* IN  8 octets */
+ u_char *clear;	/* OUT 8 octets */
+ {
+-	des_ecb_encrypt((des_cblock *)cipher, (des_cblock *)clear,
+-	    key_schedule, 0);
++	DES_ecb_encrypt((DES_cblock *)cipher, (DES_cblock *)clear,
++	    &key_schedule, 0);
+ 	return (1);
+ }
+ 
diff --git a/meta/recipes-connectivity/ppp/ppp_2.4.7.bb b/meta/recipes-connectivity/ppp/ppp_2.4.7.bb
index a1bb7d71c1..f4646bd693 100644
--- a/meta/recipes-connectivity/ppp/ppp_2.4.7.bb
+++ b/meta/recipes-connectivity/ppp/ppp_2.4.7.bb
@@ -4,7 +4,7 @@  the Point-to-Point Protocol (PPP) on Linux and Solaris systems."
 SECTION = "console/network"
 HOMEPAGE = "http://samba.org/ppp/"
 BUGTRACKER = "http://ppp.samba.org/cgi-bin/ppp-bugs"
-DEPENDS = "libpcap"
+DEPENDS = "libpcap openssl"
 LICENSE = "BSD & GPLv2+ & LGPLv2+ & PD"
 LIC_FILES_CHKSUM = "file://pppd/ccp.c;beginline=1;endline=29;md5=e2c43fe6e81ff77d87dc9c290a424dea \
                     file://pppd/plugins/passprompt.c;beginline=1;endline=10;md5=3bcbcdbf0e369c9a3e0b8c8275b065d8 \
@@ -32,6 +32,7 @@  SRC_URI = "https://download.samba.org/pub/${BPN}/${BP}.tar.gz \
            file://fix-CVE-2015-3310.patch \
            file://0001-pppoe-include-netinet-in.h-before-linux-in.h.patch \
            file://0001-ppp-Remove-unneeded-include.patch \
+           file://ppp-2.4.7-DES-openssl.patch \
 "
 
 SRC_URI_append_libc-musl = "\
@@ -49,7 +50,7 @@  EXTRA_OECONF = "--disable-strip"
 # Package Makefile computes CFLAGS, referencing COPTS.
 # Typically hard-coded to '-O2 -g' in the Makefile's.
 #
-EXTRA_OEMAKE += ' COPTS="${CFLAGS} -I${S}/include"'
+EXTRA_OEMAKE += ' COPTS="${CFLAGS} -I${STAGING_INCDIR}/openssl -I${S}/include"'
 
 do_configure () {
 	oe_runconf