Package Details: openssl-chacha20 1.0.2.k-1

Git Clone URL: https://aur-dev.archlinux.org/openssl-chacha20.git (read-only)
Package Base: openssl-chacha20
Description: The Open Source toolkit for Secure Sockets Layer and Transport Layer Security with Chacha20 cipher
Upstream URL: https://www.openssl.org
Licenses: custom:BSD
Conflicts: openssl
Provides: openssl=1.0.2.k
Submitter: mys_721tx
Maintainer: mys_721tx
Last Packager: mys_721tx
Votes: 6
Popularity: 0.027570
First Submitted: 2015-04-16 05:11
Last Updated: 2017-01-30 15:27

Dependencies (2)

Required by (1000)

Sources (6)

Latest Comments

mys_721tx commented on 2016-11-21 12:09

It is not affected according to Cloudflare: https://github.com/cloudflare/sslconfig/issues/52

ghen commented on 2016-11-21 10:35

Can this package be patched for CVE-2016-7054?
See https://www.openssl.org/news/secadv/20161110.txt

YumeMichi commented on 2016-09-28 07:13

Patch for OpenSSL 1.0.2i:
https://github.com/travislee8964/sslconfig/commit/ce9037bc42b1bb07dd74ed6cec5eae0b176281ff

muefra00 commented on 2016-09-22 21:11

My proposed update to the 'PKGFILE' and 'openssl__chacha20_poly1305_draft_and_rfc_ossl102g.patch' files: https://pastebin.com/raw/kCuMDJd7

Disclaimer: I have not done any testing outside of the automatic tests that are included and making sure that I can connect to my server.

How to use (of course you should have a look at the patch file before you apply it):
wget https://aur.archlinux.org/cgit/aur.git/snapshot/openssl-chacha20.tar.gz
tar -xvf openssl-chacha20.tar.gz
cd openssl-chacha20
wget https://pastebin.com/raw/kCuMDJd7
patch -p1 -i kCuMDJd7
makepkg

mys_721tx commented on 2016-09-22 19:52

The patch doesn't work for 1.0.2i. I'm waiting Cloudflare to update it.

lulingar commented on 2016-03-21 23:31

I have modified slightly the PKGBUILD to be able to build this on an armv7h platform, including the cryptodev engine, as follows:

build() {
cd $srcdir/$_pkgname-$_ver

if [ "${CARCH}" == 'x86_64' ]; then
openssltarget='linux-x86_64'
optflags='enable-ec_nistp_64_gcc_128'
elif [ "${CARCH}" == 'i686' ]; then
openssltarget='linux-elf'
optflags=''
elif [ "${CARCH}" == 'arm' -o "${CARCH}" == 'armv6h' -o "${CARCH}" == 'armv7h' ]; then
openssltarget='linux-armv4'
optflags=''
elif [ "${CARCH}" == 'aarch64' ]; then
openssltarget='linux-aarch64'
optflags=''
fi

# mark stack as non-executable: http://bugs.archlinux.org/task/12434
./Configure --prefix=/usr --openssldir=/etc/ssl --libdir=lib \
-DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS -DHASH_MAX_LEN=64 shared threads zlib enable-md2 \
shared no-ssl3-method ${optflags} \
"${openssltarget}" \
"-Wa,--noexecstack ${CPPFLAGS} ${CFLAGS} ${LDFLAGS}"

make depend
make
}


But the build fails as shown in [*]. Anybody know what the issue is?

[*]
gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -DHAVE_CRYPTODEV -DUSE_CRYPTODEV_DIGESTS -DHASH_MAX_LEN=64 -Wa,--noexecstack -D_FORTIFY_SOURCE=2 -march=armv7-a -mfloat-ab
i=hard -mfpu=vfpv3-d16 -O2 -pipe -fstack-protector --param=ssp-buffer-size=4 -Wl,-O1,--sort-common,--as-needed,-z,relro -O3 -Wall -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DAES_ASM -DBSAES_ASM -DGHASH_ASM -D_FORTIFY_SOURCE=2 -c -o
e_chacha20poly1305.o e_chacha20poly1305.c
e_chacha20poly1305.c: In function 'EVP_chacha20_poly1305_cipher':
e_chacha20poly1305.c:82:57: error: 'EVP_CHACHA20_POLY1305_CTX {aka struct <anonymous>}' has no member named 'poly_state'
#define poly_update(c,i,l) CRYPTO_poly1305_update(&c->poly_state,i,l)
^
e_chacha20poly1305.c:228:9: note: in expansion of macro 'poly_update'
poly_update(aead_ctx, in, inl);
^
e_chacha20poly1305.c:82:57: error: 'EVP_CHACHA20_POLY1305_CTX {aka struct <anonymous>}' has no member named 'poly_state'
#define poly_update(c,i,l) CRYPTO_poly1305_update(&c->poly_state,i,l)
^
e_chacha20poly1305.c:261:9: note: in expansion of macro 'poly_update'
poly_update(aead_ctx, out, inl);
^
e_chacha20poly1305.c:82:57: error: 'EVP_CHACHA20_POLY1305_CTX {aka struct <anonymous>}' has no member named 'poly_state'
#define poly_update(c,i,l) CRYPTO_poly1305_update(&c->poly_state,i,l)
^
e_chacha20poly1305.c:273:13: note: in expansion of macro 'poly_update'
poly_update(aead_ctx, zero, todo);
^
e_chacha20poly1305.c:82:57: error: 'EVP_CHACHA20_POLY1305_CTX {aka struct <anonymous>}' has no member named 'poly_state'
#define poly_update(c,i,l) CRYPTO_poly1305_update(&c->poly_state,i,l)
^
e_chacha20poly1305.c:276:9: note: in expansion of macro 'poly_update'
poly_update(aead_ctx, (uint8_t*)&aead_ctx->aad_l, sizeof(uint64_t));
^
e_chacha20poly1305.c:82:57: error: 'EVP_CHACHA20_POLY1305_CTX {aka struct <anonymous>}' has no member named 'poly_state'
#define poly_update(c,i,l) CRYPTO_poly1305_update(&c->poly_state,i,l)

jskier commented on 2016-03-03 17:22

@4679kun, appears to work, thanks.

4679kun commented on 2016-03-03 13:51

https://github.com/cloudflare/sslconfig/files/153850/openssl__chacha20_poly1305_1_0_2g.patch.zip
try this

mys_721tx commented on 2016-03-01 02:54

Let's wait for the OpenSSL release later today.

hotaru commented on 2016-03-01 02:53

there's an updated version of the cloudflare patch that supports the newer RFC versions of the chacha20-poly1305 cipher suites: https://github.com/cloudflare/sslconfig/blob/master/patches/openssl__chacha20_poly1305_draft_and_rfc_ossl102f.patch

colundrum commented on 2016-02-04 07:48

Sorry for the delay. The entire log is available : https://gist.github.com/colundrum/db397ff3306486f2e703
Thanks

mys_721tx commented on 2016-02-01 19:09

I don't think I can replicate the problem. My last two builds have passed the test. Can you post your config.log etc. somewhere?

colundrum commented on 2016-01-30 06:23

I've an issue at the test of ChaCha20 and Poly1305 :

../util/shlib_wrap.sh ./chapolytest
ChaCha20 test #0
ChaCha20 test #1
ChaCha20 test #2
ChaCha20 test #3
ChaCha20 test #4
Poly1305 test #0
Makefile:366 : la recette pour la cible « test_chapoly » a échouée
make[1]: *** [test_chapoly] Instruction non permise (core dump créé)
make[1] : on quitte le répertoire « /tmp/yaourt-tmp-florent/aur-openssl-chacha20/src/openssl-1.0.2f/test »
Makefile:462 : la recette pour la cible « tests » a échouée
make: *** [tests] Erreur 2

nly commented on 2015-12-04 19:25

Please consider changing the comment in the PKGBUILD to reflect the move back to Cloudflares patch.

ghen commented on 2015-12-03 21:03

And now the same after the new CLIENTHELLOTEST as well. Building 1.0.2e + chacha20.

ghen commented on 2015-08-11 07:42

The conflict is just in test/Makefile, you need to merge CHAPOLYTEST after the new VERIFYEXTRATEST, that's all. Builds fine for me.

mys_721tx commented on 2015-07-14 00:49

The ChaCha20 patch no longer work with OpenSSL 1.0.2d. Cloudflare has some tickets opened for this issue.

hotaru commented on 2015-05-04 07:24

i just noticed, it should be:
provides=("openssl=${pkgver}")

instead of:
provides=('openssl=${pkgver}')

that's why $provides looks very strange...

mys_721tx commented on 2015-04-21 00:10

Chrome is currently the only browser supporting ChaCha20, the flag probably would be fine. Since OpneSSL devs are working on a ChaCha implementation. I except this package to be a temporary workaround.

hotaru commented on 2015-04-20 23:59

does anyone really want the weird "Skip ChaCha unless top client priority" (aka "unconditionally override SSLHonorCipherOrder/ssl_prefer_server_ciphers") thing? right now i'm using customizepkg-patching to remove it on my server (and also make it build on ARM: http://pastebin.com/jbiwDPSa), but it might make sense to remove that bit of weirdness from the patch if no one really wants it.

hotaru commented on 2015-04-17 20:49

you could do 'provides=("openssl=1.0.2.a")', but then you'd have to update the version number in two places whenever there's a new version.

mys_721tx commented on 2015-04-17 15:38

$_pkgname problem is fixed, although $provides looks very strange now.

hotaru commented on 2015-04-17 15:28

same problem in build(), and it should probably be 'provides=("openssl=${pkgver}")'

hotaru commented on 2015-04-17 14:58

prepare() fails because "$srcdir/$pkgname-$_ver" doesn't exist. it should probably be "$srcdir/$_pkgname-$_ver" instead.