Buck Rogers in the 25th century: make this compile again.
This commit is contained in:
parent
3913cbb593
commit
aa7ee0c9ec
24 changed files with 2265 additions and 13 deletions
|
@ -1,8 +1,8 @@
|
|||
# $NetBSD: Makefile,v 1.11 2016/07/09 06:38:56 wiz Exp $
|
||||
# $NetBSD: Makefile,v 1.12 2018/05/29 01:22:50 christos Exp $
|
||||
#
|
||||
|
||||
DISTNAME= racoon2-20100526a
|
||||
PKGREVISION= 9
|
||||
PKGREVISION= 10
|
||||
CATEGORIES= security net
|
||||
MASTER_SITES= ftp://ftp.racoon2.wide.ad.jp/pub/racoon2/
|
||||
EXTRACT_SUFX= .tgz
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
$NetBSD: distinfo,v 1.5 2015/11/04 01:18:07 agc Exp $
|
||||
$NetBSD: distinfo,v 1.6 2018/05/29 01:22:50 christos Exp $
|
||||
|
||||
SHA1 (racoon2-20100526a.tgz) = 268429af8a031dbbc279580cf98ea18331f0e2d9
|
||||
RMD160 (racoon2-20100526a.tgz) = 014cdcf78cc82ab21235a21491850cdcd1f883bf
|
||||
|
@ -9,7 +9,28 @@ SHA1 (patch-ab) = eb6d901108ebcca90571851817137b4b3f3c594b
|
|||
SHA1 (patch-ac) = 081a2d3d694d4c20cf1fa2d9718577577280288e
|
||||
SHA1 (patch-ad) = 0d04dc7027c100de6bc04db00eddb30a12fd8715
|
||||
SHA1 (patch-ae) = 937cf84a2b6f1e8f8d288703a0556faf500bab95
|
||||
SHA1 (patch-iked_crypto__impl.h) = e6b274258eb7428cbd01cefc33ae85e001260542
|
||||
SHA1 (patch-iked_crypto__openssl.c) = 0a013e5aa5ce9747da61b8095440a16ee78de4e9
|
||||
SHA1 (patch-iked_ike__conf.c) = 82e09465e69b082abb12b3fead16eae8a7bc103b
|
||||
SHA1 (patch-iked_ikev1_ikev1.c) = ce9b22b2be12bc4cd5fa0e171cbd39c0d88d5406
|
||||
SHA1 (patch-iked_ikev1_ipsec__doi.c) = 3673d0643359eb8a68bbd867e941e1a1aae02b01
|
||||
SHA1 (patch-iked_ikev1_oakley.c) = 8823a898ec8190d177d3eda8d6c474040b08d2a1
|
||||
SHA1 (patch-iked_ikev1_pfkey.c) = 064df06b876504b611008a8a20b44266a83c5789
|
||||
SHA1 (patch-iked_ikev2.c) = 857805c92e3c78ec5f05a9068acbba03e91030b3
|
||||
SHA1 (patch-iked_ikev2__child.c) = f7f268f3e7666a3e23efd3b71c4474eeb9f8a046
|
||||
SHA1 (patch-iked_ikev2__notify.c) = 688d5b46451912b00dbf1500e7ff66f4290d7d8a
|
||||
SHA1 (patch-kinkd-crypto__openssl.c) = 4acd36a5462d3296a53966f85fb39e8888650d5a
|
||||
SHA1 (patch-kinkd-ipsec__doi.c) = f72d62de7dce9e02d4de77162926491fef3761d1
|
||||
SHA1 (patch-kinkd_bbkk__heimdal.c) = 55a4e8121df28272d2838376823bc85ec108d93f
|
||||
SHA1 (patch-kinkd_isakmp__quick.c) = 1b177838621336bfabf0416d9fc09d6e581b8c05
|
||||
SHA1 (patch-kinkd_session.c) = 6b2ec8329d0fda0b850116c21bda2a4d06634f0d
|
||||
SHA1 (patch-lib_cfparse.y) = 9e0b8ec9c09c315edde171103b97a8c403ba748e
|
||||
SHA1 (patch-lib_cfsetup.c) = 70c2409bc69ff85cef6d2e2b4e222e12537c323e
|
||||
SHA1 (patch-lib_cftoken.l) = 1cbae5bd9199e204d12d5a5216521a21e55a84dc
|
||||
SHA1 (patch-lib_cftoken.l) = cbda1153f7fd34713248d3d7d188a50b27d9ddcd
|
||||
SHA1 (patch-lib_if__pfkeyv2.c) = 9eb969ff0f289bc7c4aa1fa234c221b4d70d1da7
|
||||
SHA1 (patch-lib_if__spmd.c) = 0b5e5412afb826f502c040153ca5b0e50ad3d682
|
||||
SHA1 (patch-spmd_fqdn__query.c) = d44af49981bfc503fe097a40a0448215ff2367d8
|
||||
SHA1 (patch-spmd_main.c) = 7ee34b1a5b18d938806f490abe2d8cdf25caa426
|
||||
SHA1 (patch-spmd_shell.c) = 37a52cb9062fd44e0d358c7ae1605481a3604f71
|
||||
SHA1 (patch-spmd_spmd__pfkey.c) = 2bf3e70f41a779989d63d7099b2e7031a7441a27
|
||||
SHA1 (patch-spmd_spmdctl.c) = 26cd17a8b9932bbc5af8aa5d476eb0a5fad8e323
|
||||
|
|
15
security/racoon2/patches/patch-iked_crypto__impl.h
Normal file
15
security/racoon2/patches/patch-iked_crypto__impl.h
Normal file
|
@ -0,0 +1,15 @@
|
|||
$NetBSD: patch-iked_crypto__impl.h,v 1.1 2018/05/29 01:22:50 christos Exp $
|
||||
|
||||
Make unmodified argument const
|
||||
|
||||
--- iked/crypto_impl.h 2010-02-01 05:30:51.000000000 -0500
|
||||
+++ iked/crypto_impl.h 2018-05-28 16:44:16.016528535 -0400
|
||||
@@ -246,7 +246,7 @@
|
||||
extern int eay_revbnl (rc_vchar_t *);
|
||||
#include <openssl/bn.h>
|
||||
extern int eay_v2bn (BIGNUM **, rc_vchar_t *);
|
||||
-extern int eay_bn2v (rc_vchar_t **, BIGNUM *);
|
||||
+extern int eay_bn2v (rc_vchar_t **, const BIGNUM *);
|
||||
|
||||
extern const char *eay_version (void);
|
||||
|
714
security/racoon2/patches/patch-iked_crypto__openssl.c
Normal file
714
security/racoon2/patches/patch-iked_crypto__openssl.c
Normal file
|
@ -0,0 +1,714 @@
|
|||
$NetBSD: patch-iked_crypto__openssl.c,v 1.1 2018/05/29 01:22:50 christos Exp $
|
||||
|
||||
Adjust for openssl-1.1
|
||||
|
||||
--- iked/crypto_openssl.c 2010-02-01 05:30:51.000000000 -0500
|
||||
+++ iked/crypto_openssl.c 2018-05-28 17:08:27.806906241 -0400
|
||||
@@ -324,16 +324,17 @@
|
||||
{
|
||||
char buf[256];
|
||||
int log_tag;
|
||||
+ int ctx_error, ctx_error_depth;
|
||||
|
||||
if (!ok) {
|
||||
- X509_NAME_oneline(X509_get_subject_name(ctx->current_cert),
|
||||
- buf, 256);
|
||||
+ X509_NAME_oneline(X509_get_subject_name(
|
||||
+ X509_STORE_CTX_get0_cert(ctx)), buf, 256);
|
||||
/*
|
||||
* since we are just checking the certificates, it is
|
||||
* ok if they are self signed. But we should still warn
|
||||
* the user.
|
||||
*/
|
||||
- switch (ctx->error) {
|
||||
+ switch (ctx_error = X509_STORE_CTX_get_error(ctx)) {
|
||||
case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
|
||||
#if OPENSSL_VERSION_NUMBER >= 0x00905100L
|
||||
case X509_V_ERR_INVALID_CA:
|
||||
@@ -347,16 +348,17 @@
|
||||
default:
|
||||
log_tag = PLOG_PROTOERR;
|
||||
}
|
||||
+ ctx_error_depth = X509_STORE_CTX_get_error_depth(ctx);
|
||||
#ifndef EAYDEBUG
|
||||
plog(log_tag, PLOGLOC, NULL,
|
||||
"%s(%d) at depth:%d SubjectName:%s\n",
|
||||
- X509_verify_cert_error_string(ctx->error),
|
||||
- ctx->error, ctx->error_depth, buf);
|
||||
+ X509_verify_cert_error_string(ctx_error),
|
||||
+ ctx_error, ctx_error_depth, buf);
|
||||
#else
|
||||
printf("%d: %s(%d) at depth:%d SubjectName:%s\n",
|
||||
log_tag,
|
||||
- X509_verify_cert_error_string(ctx->error),
|
||||
- ctx->error, ctx->error_depth, buf);
|
||||
+ X509_verify_cert_error_string(ctx_error),
|
||||
+ ctx_error, ctx_error_depth, buf);
|
||||
#endif
|
||||
}
|
||||
ERR_clear_error();
|
||||
@@ -991,6 +993,7 @@
|
||||
BPP_const unsigned char *bp;
|
||||
rc_vchar_t *sig = NULL;
|
||||
int len;
|
||||
+ RSA *rsa;
|
||||
int pad = RSA_PKCS1_PADDING;
|
||||
|
||||
bp = (unsigned char *)privkey->v;
|
||||
@@ -1002,14 +1005,15 @@
|
||||
/* XXX: to be handled EVP_dss() */
|
||||
/* XXX: Where can I get such parameters ? From my cert ? */
|
||||
|
||||
- len = RSA_size(evp->pkey.rsa);
|
||||
+ rsa = EVP_PKEY_get0_RSA(evp);
|
||||
+ len = RSA_size(rsa);
|
||||
|
||||
sig = rc_vmalloc(len);
|
||||
if (sig == NULL)
|
||||
return NULL;
|
||||
|
||||
len = RSA_private_encrypt(src->l, (unsigned char *)src->v,
|
||||
- (unsigned char *)sig->v, evp->pkey.rsa, pad);
|
||||
+ (unsigned char *)sig->v, rsa, pad);
|
||||
EVP_PKEY_free(evp);
|
||||
if (len == 0 || (size_t)len != sig->l) {
|
||||
rc_vfree(sig);
|
||||
@@ -1028,6 +1032,7 @@
|
||||
BPP_const unsigned char *bp;
|
||||
rc_vchar_t *xbuf = NULL;
|
||||
int pad = RSA_PKCS1_PADDING;
|
||||
+ RSA *rsa;
|
||||
int len = 0;
|
||||
int error;
|
||||
|
||||
@@ -1040,7 +1045,8 @@
|
||||
return -1;
|
||||
}
|
||||
|
||||
- len = RSA_size(evp->pkey.rsa);
|
||||
+ rsa = EVP_PKEY_get0_RSA(evp);
|
||||
+ len = RSA_size(rsa);
|
||||
|
||||
xbuf = rc_vmalloc(len);
|
||||
if (xbuf == NULL) {
|
||||
@@ -1053,7 +1059,7 @@
|
||||
}
|
||||
|
||||
len = RSA_public_decrypt(sig->l, (unsigned char *)sig->v,
|
||||
- (unsigned char *)xbuf->v, evp->pkey.rsa, pad);
|
||||
+ (unsigned char *)xbuf->v, rsa, pad);
|
||||
#ifndef EAYDEBUG
|
||||
if (len == 0 || (size_t)len != src->l)
|
||||
plog(PLOG_PROTOERR, PLOGLOC, NULL, "%s\n", eay_strerror());
|
||||
@@ -1089,7 +1095,8 @@
|
||||
rc_vchar_t *sig = 0;
|
||||
unsigned int siglen;
|
||||
const EVP_MD *md;
|
||||
- EVP_MD_CTX ctx;
|
||||
+ EVP_MD_CTX *ctx = NULL;
|
||||
+ RSA *rsa;
|
||||
|
||||
bp = (unsigned char *)privkey->v;
|
||||
/* convert private key from vmbuf to internal data */
|
||||
@@ -1100,7 +1107,8 @@
|
||||
goto fail;
|
||||
}
|
||||
|
||||
- len = RSA_size(pkey->pkey.rsa);
|
||||
+ rsa = EVP_PKEY_get0_RSA(pkey);
|
||||
+ len = RSA_size(rsa);
|
||||
sig = rc_vmalloc(len);
|
||||
if (sig == NULL) {
|
||||
plog(PLOG_INTERR, PLOGLOC, NULL, "failed allocating memory\n");
|
||||
@@ -1114,27 +1122,33 @@
|
||||
"failed to find digest algorithm %s\n", hash_type);
|
||||
goto fail;
|
||||
}
|
||||
- EVP_MD_CTX_init(&ctx);
|
||||
- EVP_SignInit(&ctx, md);
|
||||
- EVP_SignUpdate(&ctx, octets->v, octets->l);
|
||||
- if (EVP_SignFinal(&ctx, (unsigned char *)sig->v, &siglen, pkey) <= 0) {
|
||||
+ ctx = EVP_MD_CTX_new();
|
||||
+ if (!ctx) {
|
||||
+ plog(PLOG_INTERR, PLOGLOC, NULL,
|
||||
+ "failed to allocate context\n");
|
||||
+ goto fail;
|
||||
+ }
|
||||
+ EVP_SignInit(ctx, md);
|
||||
+ EVP_SignUpdate(ctx, octets->v, octets->l);
|
||||
+ if (EVP_SignFinal(ctx, (unsigned char *)sig->v, &siglen, pkey) <= 0) {
|
||||
plog(PLOG_INTERR, PLOGLOC, NULL,
|
||||
"RSA_sign failed: %s\n", eay_strerror());
|
||||
- EVP_MD_CTX_cleanup(&ctx);
|
||||
goto fail;
|
||||
}
|
||||
- EVP_MD_CTX_cleanup(&ctx);
|
||||
if (sig->l != siglen) {
|
||||
plog(PLOG_INTERR, PLOGLOC, NULL,
|
||||
"unexpected signature length %d\n", siglen);
|
||||
goto fail;
|
||||
}
|
||||
+ EVP_MD_CTX_free(ctx);
|
||||
EVP_PKEY_free(pkey);
|
||||
return sig;
|
||||
|
||||
fail:
|
||||
if (sig)
|
||||
rc_vfree(sig);
|
||||
+ if (ctx)
|
||||
+ EVP_MD_CTX_free(ctx);
|
||||
if (pkey)
|
||||
EVP_PKEY_free(pkey);
|
||||
return 0;
|
||||
@@ -1154,7 +1168,7 @@
|
||||
EVP_PKEY *pkey;
|
||||
BPP_const unsigned char *bp;
|
||||
const EVP_MD *md;
|
||||
- EVP_MD_CTX ctx;
|
||||
+ EVP_MD_CTX *ctx = NULL;
|
||||
|
||||
bp = (unsigned char *)pubkey->v;
|
||||
pkey = d2i_PUBKEY(NULL, &bp, pubkey->l);
|
||||
@@ -1163,7 +1177,7 @@
|
||||
"failed obtaining public key: %s\n", eay_strerror());
|
||||
goto fail;
|
||||
}
|
||||
- if (pkey->type != EVP_PKEY_RSA) {
|
||||
+ if (EVP_PKEY_id(pkey) != EVP_PKEY_RSA) {
|
||||
plog(PLOG_PROTOERR, PLOGLOC, NULL,
|
||||
"public key is not for RSA\n");
|
||||
goto fail;
|
||||
@@ -1175,23 +1189,29 @@
|
||||
"failed to find the algorithm engine for %s\n", hash_type);
|
||||
goto fail;
|
||||
}
|
||||
- EVP_MD_CTX_init(&ctx);
|
||||
- EVP_VerifyInit(&ctx, md);
|
||||
- EVP_VerifyUpdate(&ctx, octets->v, octets->l);
|
||||
- if (EVP_VerifyFinal(&ctx, (unsigned char *)sig->v, sig->l, pkey) <= 0) {
|
||||
+ ctx = EVP_MD_CTX_new();
|
||||
+ if (!ctx) {
|
||||
+ plog(PLOG_INTERR, PLOGLOC, NULL,
|
||||
+ "failed to allocate context\n");
|
||||
+ goto fail;
|
||||
+ }
|
||||
+ EVP_VerifyInit(ctx, md);
|
||||
+ EVP_VerifyUpdate(ctx, octets->v, octets->l);
|
||||
+ if (EVP_VerifyFinal(ctx, (unsigned char *)sig->v, sig->l, pkey) <= 0) {
|
||||
plog(PLOG_PROTOERR, PLOGLOC, NULL,
|
||||
"RSA_verify failed: %s\n", eay_strerror());
|
||||
- EVP_MD_CTX_cleanup(&ctx);
|
||||
goto fail;
|
||||
}
|
||||
- EVP_MD_CTX_cleanup(&ctx);
|
||||
|
||||
+ EVP_MD_CTX_free(ctx);
|
||||
EVP_PKEY_free(pkey);
|
||||
return 0;
|
||||
|
||||
fail:
|
||||
if (pkey)
|
||||
EVP_PKEY_free(pkey);
|
||||
+ if (ctx)
|
||||
+ EVP_MD_CTX_free(ctx);
|
||||
return -1;
|
||||
}
|
||||
|
||||
@@ -1204,7 +1224,8 @@
|
||||
EVP_PKEY *pkey;
|
||||
BPP_const unsigned char *bp;
|
||||
const EVP_MD *md;
|
||||
- EVP_MD_CTX ctx;
|
||||
+ EVP_MD_CTX *ctx = NULL;
|
||||
+ DSA *dsa;
|
||||
int len;
|
||||
rc_vchar_t *sig = 0;
|
||||
unsigned int siglen;
|
||||
@@ -1217,24 +1238,33 @@
|
||||
goto fail;
|
||||
}
|
||||
|
||||
- len = DSA_size(pkey->pkey.dsa);
|
||||
+ dsa = EVP_PKEY_get0_DSA(pkey);
|
||||
+ len = DSA_size(dsa);
|
||||
sig = rc_vmalloc(len);
|
||||
if (sig == NULL) {
|
||||
plog(PLOG_INTERR, PLOGLOC, NULL, "failed allocating memory\n");
|
||||
goto fail;
|
||||
}
|
||||
|
||||
+#if 0
|
||||
md = EVP_dss1();
|
||||
- EVP_MD_CTX_init(&ctx);
|
||||
- EVP_SignInit(&ctx, md);
|
||||
- EVP_SignUpdate(&ctx, octets->v, octets->l);
|
||||
- if (EVP_SignFinal(&ctx, (unsigned char *)sig->v, &siglen, pkey) <= 0) {
|
||||
+#else
|
||||
+ md = NULL;
|
||||
+ goto fail;
|
||||
+#endif
|
||||
+ ctx = EVP_MD_CTX_new();
|
||||
+ if (!ctx) {
|
||||
+ plog(PLOG_INTERR, PLOGLOC, NULL,
|
||||
+ "failed to allocate context\n");
|
||||
+ goto fail;
|
||||
+ }
|
||||
+ EVP_SignInit(ctx, md);
|
||||
+ EVP_SignUpdate(ctx, octets->v, octets->l);
|
||||
+ if (EVP_SignFinal(ctx, (unsigned char *)sig->v, &siglen, pkey) <= 0) {
|
||||
plog(PLOG_INTERR, PLOGLOC, NULL,
|
||||
"DSS sign failed: %s\n", eay_strerror());
|
||||
- EVP_MD_CTX_cleanup(&ctx);
|
||||
goto fail;
|
||||
}
|
||||
- EVP_MD_CTX_cleanup(&ctx);
|
||||
|
||||
if (siglen > sig->l) {
|
||||
plog(PLOG_INTERR, PLOGLOC, NULL,
|
||||
@@ -1245,6 +1275,7 @@
|
||||
if (siglen < sig->l)
|
||||
sig = rc_vrealloc(sig, siglen);
|
||||
EVP_PKEY_free(pkey);
|
||||
+ EVP_MD_CTX_free(ctx);
|
||||
return sig;
|
||||
|
||||
fail:
|
||||
@@ -1252,6 +1283,8 @@
|
||||
rc_vfree(sig);
|
||||
if (pkey)
|
||||
EVP_PKEY_free(pkey);
|
||||
+ if (ctx)
|
||||
+ EVP_MD_CTX_free(ctx);
|
||||
return 0;
|
||||
}
|
||||
|
||||
@@ -1265,7 +1298,7 @@
|
||||
EVP_PKEY *pkey;
|
||||
BPP_const unsigned char *bp;
|
||||
const EVP_MD *md;
|
||||
- EVP_MD_CTX ctx;
|
||||
+ EVP_MD_CTX *ctx = NULL;
|
||||
|
||||
bp = (unsigned char *)pubkey->v;
|
||||
pkey = d2i_PUBKEY(NULL, &bp, pubkey->l);
|
||||
@@ -1274,30 +1307,40 @@
|
||||
"failed obtaining public key: %s\n", eay_strerror());
|
||||
goto fail;
|
||||
}
|
||||
- if (pkey->type != EVP_PKEY_DSA) {
|
||||
+ if (EVP_PKEY_id(pkey) != EVP_PKEY_DSA) {
|
||||
plog(PLOG_PROTOERR, PLOGLOC, NULL,
|
||||
"public key is not for DSS\n");
|
||||
goto fail;
|
||||
}
|
||||
|
||||
+#if 0
|
||||
md = EVP_dss1();
|
||||
- EVP_MD_CTX_init(&ctx);
|
||||
- EVP_VerifyInit(&ctx, md);
|
||||
- EVP_VerifyUpdate(&ctx, octets->v, octets->l);
|
||||
- if (EVP_VerifyFinal(&ctx, (unsigned char *)sig->v, sig->l, pkey) <= 0) {
|
||||
+#else
|
||||
+ md = NULL;
|
||||
+ goto fail;
|
||||
+#endif
|
||||
+ ctx = EVP_MD_CTX_new();
|
||||
+ if (!ctx) {
|
||||
+ plog(PLOG_INTERR, PLOGLOC, NULL,
|
||||
+ "failed to allocate context\n");
|
||||
+ goto fail;
|
||||
+ }
|
||||
+ EVP_VerifyInit(ctx, md);
|
||||
+ EVP_VerifyUpdate(ctx, octets->v, octets->l);
|
||||
+ if (EVP_VerifyFinal(ctx, (unsigned char *)sig->v, sig->l, pkey) <= 0) {
|
||||
plog(PLOG_PROTOERR, PLOGLOC, NULL,
|
||||
"DSS verify failed: %s\n", eay_strerror());
|
||||
- EVP_MD_CTX_cleanup(&ctx);
|
||||
goto fail;
|
||||
}
|
||||
- EVP_MD_CTX_cleanup(&ctx);
|
||||
-
|
||||
+ EVP_MD_CTX_free(ctx);
|
||||
EVP_PKEY_free(pkey);
|
||||
return 0;
|
||||
|
||||
fail:
|
||||
if (pkey)
|
||||
EVP_PKEY_free(pkey);
|
||||
+ if (ctx)
|
||||
+ EVP_MD_CTX_free(ctx);
|
||||
return -1;
|
||||
}
|
||||
|
||||
@@ -1345,7 +1388,7 @@
|
||||
evp_encrypt(const EVP_CIPHER *ciph, rc_vchar_t *data, rc_vchar_t *key, rc_vchar_t *iv)
|
||||
{
|
||||
rc_vchar_t *res;
|
||||
- EVP_CIPHER_CTX ctx;
|
||||
+ EVP_CIPHER_CTX *ctx = NULL;
|
||||
int outl;
|
||||
|
||||
if (!iv || iv->l < (size_t)EVP_CIPHER_block_size(ciph))
|
||||
@@ -1355,12 +1398,17 @@
|
||||
if ((res = rc_vmalloc(data->l)) == NULL)
|
||||
return NULL;
|
||||
|
||||
- EVP_CIPHER_CTX_init(&ctx);
|
||||
- if (!EVP_EncryptInit(&ctx, ciph, (unsigned char *)key->v, (unsigned char *)iv->v))
|
||||
+ ctx = EVP_CIPHER_CTX_new();
|
||||
+ if (!ctx) {
|
||||
+ plog(PLOG_INTERR, PLOGLOC, NULL,
|
||||
+ "failed to allocate context\n");
|
||||
+ goto fail;
|
||||
+ }
|
||||
+ if (!EVP_EncryptInit(ctx, ciph, (unsigned char *)key->v, (unsigned char *)iv->v))
|
||||
goto fail;
|
||||
- if (!EVP_CIPHER_CTX_set_padding(&ctx, 0))
|
||||
+ if (!EVP_CIPHER_CTX_set_padding(ctx, 0))
|
||||
goto fail;
|
||||
- if (!EVP_EncryptUpdate(&ctx, (unsigned char *)res->v, &outl, (unsigned char *)data->v,
|
||||
+ if (!EVP_EncryptUpdate(ctx, (unsigned char *)res->v, &outl, (unsigned char *)data->v,
|
||||
data->l))
|
||||
goto fail;
|
||||
if ((size_t)outl != data->l) {
|
||||
@@ -1369,16 +1417,17 @@
|
||||
outl, (unsigned long)data->l);
|
||||
goto fail;
|
||||
}
|
||||
- if (!EVP_EncryptFinal(&ctx, NULL, &outl))
|
||||
+ if (!EVP_EncryptFinal(ctx, NULL, &outl))
|
||||
goto fail;
|
||||
|
||||
- EVP_CIPHER_CTX_cleanup(&ctx);
|
||||
+ EVP_CIPHER_CTX_free(ctx);
|
||||
return res;
|
||||
|
||||
fail:
|
||||
if (res)
|
||||
rc_vfree(res);
|
||||
- EVP_CIPHER_CTX_cleanup(&ctx);
|
||||
+ if (ctx)
|
||||
+ EVP_CIPHER_CTX_free(ctx);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
@@ -1386,7 +1435,7 @@
|
||||
evp_decrypt(const EVP_CIPHER *ciph, rc_vchar_t *data, rc_vchar_t *key, rc_vchar_t *iv)
|
||||
{
|
||||
rc_vchar_t *res;
|
||||
- EVP_CIPHER_CTX ctx;
|
||||
+ EVP_CIPHER_CTX *ctx = NULL;
|
||||
int outl;
|
||||
|
||||
if (!iv || iv->l < (size_t)EVP_CIPHER_block_size(ciph))
|
||||
@@ -1396,12 +1445,17 @@
|
||||
if ((res = rc_vmalloc(data->l)) == NULL)
|
||||
return NULL;
|
||||
|
||||
- EVP_CIPHER_CTX_init(&ctx);
|
||||
- if (!EVP_DecryptInit(&ctx, ciph, (unsigned char *)key->v, (unsigned char *)iv->v))
|
||||
+ ctx = EVP_CIPHER_CTX_new();
|
||||
+ if (!ctx) {
|
||||
+ plog(PLOG_INTERR, PLOGLOC, NULL,
|
||||
+ "failed to allocate context\n");
|
||||
+ goto fail;
|
||||
+ }
|
||||
+ if (!EVP_DecryptInit(ctx, ciph, (unsigned char *)key->v, (unsigned char *)iv->v))
|
||||
goto fail;
|
||||
- if (!EVP_CIPHER_CTX_set_padding(&ctx, 0))
|
||||
+ if (!EVP_CIPHER_CTX_set_padding(ctx, 0))
|
||||
goto fail;
|
||||
- if (!EVP_DecryptUpdate(&ctx, (unsigned char *)res->v, &outl, (unsigned char *)data->v,
|
||||
+ if (!EVP_DecryptUpdate(ctx, (unsigned char *)res->v, &outl, (unsigned char *)data->v,
|
||||
data->l))
|
||||
goto fail;
|
||||
if ((size_t)outl != data->l) {
|
||||
@@ -1410,15 +1464,16 @@
|
||||
outl, (unsigned long)data->l);
|
||||
goto fail;
|
||||
}
|
||||
- if (!EVP_DecryptFinal(&ctx, NULL, &outl))
|
||||
+ if (!EVP_DecryptFinal(ctx, NULL, &outl))
|
||||
goto fail;
|
||||
- EVP_CIPHER_CTX_cleanup(&ctx);
|
||||
+ EVP_CIPHER_CTX_free(ctx);
|
||||
return res;
|
||||
|
||||
fail:
|
||||
if (res)
|
||||
rc_vfree(res);
|
||||
- EVP_CIPHER_CTX_cleanup(&ctx);
|
||||
+ if (ctx)
|
||||
+ EVP_CIPHER_CTX_cleanup(ctx);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
@@ -1963,45 +2018,55 @@
|
||||
* are used as the nonce value in the counter block.
|
||||
*/
|
||||
|
||||
- uint8_t *nonce;
|
||||
- union {
|
||||
- uint8_t bytes[AES_BLOCK_SIZE];
|
||||
- struct aes_ctrblk {
|
||||
- uint32_t nonce;
|
||||
- uint8_t iv[AES_CTR_IV_SIZE];
|
||||
- uint32_t block_counter;
|
||||
- } fields;
|
||||
- } ctrblk;
|
||||
- uint8_t ecount_buf[AES_BLOCK_SIZE];
|
||||
- AES_KEY k;
|
||||
- unsigned int num;
|
||||
- rc_vchar_t *resultbuf;
|
||||
+ int len;
|
||||
+ rc_vchar_t *resultbuf = NULL;
|
||||
+ EVP_CIPHER_CTX *ctx = NULL;
|
||||
|
||||
/*
|
||||
* if (data->l > AES_BLOCK_SIZE * UINT32_MAX) return 0;
|
||||
*/
|
||||
|
||||
- if (iv->l != AES_CTR_IV_SIZE)
|
||||
- return 0;
|
||||
- nonce = (unsigned char *)key->v + key->l - AES_CTR_NONCE_SIZE;
|
||||
- if (AES_set_encrypt_key((unsigned char *)key->v,
|
||||
- (key->l - AES_CTR_NONCE_SIZE) << 3, &k) < 0)
|
||||
+ if (iv->l != AES_CTR_IV_SIZE) {
|
||||
+ plog(PLOG_INTERR, PLOGLOC, 0, "bad iv size");
|
||||
return 0;
|
||||
+ }
|
||||
+
|
||||
+ ctx = EVP_CIPHER_CTX_new();
|
||||
+ if (ctx == NULL) {
|
||||
+ plog(PLOG_INTERR, PLOGLOC, 0, "EVP_CIPHER_CTX_new failed");
|
||||
+ goto fail;
|
||||
+ }
|
||||
+
|
||||
+ if (!EVP_EncryptInit_ex(ctx, EVP_aes_128_ctr(), NULL, (unsigned char *)key->v, (unsigned char *)iv->v)) {
|
||||
+ plog(PLOG_INTERR, PLOGLOC, 0, "EVP_EncryptInit_ex failed");
|
||||
+ goto fail;
|
||||
+ }
|
||||
|
||||
resultbuf = rc_vmalloc(data->l);
|
||||
- if (!resultbuf)
|
||||
- return 0;
|
||||
+ if (!resultbuf) {
|
||||
+ plog(PLOG_INTERR, PLOGLOC, 0, "allocate resultbuf failed");
|
||||
+ goto fail;
|
||||
+ }
|
||||
|
||||
- memcpy(&ctrblk.fields.nonce, nonce, AES_CTR_NONCE_SIZE);
|
||||
- memcpy(&ctrblk.fields.iv[0], iv->v, AES_CTR_IV_SIZE);
|
||||
- ctrblk.fields.block_counter = htonl(1);
|
||||
-
|
||||
- num = 0;
|
||||
- AES_ctr128_encrypt((unsigned char *)data->v,
|
||||
- (unsigned char *)resultbuf->v, data->l, &k,
|
||||
- &ctrblk.bytes[0], ecount_buf, &num);
|
||||
+ if (!EVP_EncryptUpdate(ctx, (unsigned char *)resultbuf->v, &len, (unsigned char *)data->v, data->l)) {
|
||||
+ plog(PLOG_INTERR, PLOGLOC, 0, "EVP_EncryptUpdate failed");
|
||||
+ goto fail;
|
||||
+ }
|
||||
|
||||
+ if (!EVP_EncryptFinal_ex(ctx, (unsigned char *)resultbuf->v + len, &len)) {
|
||||
+ plog(PLOG_INTERR, PLOGLOC, 0, "EVP_EncryptFinal_ex failed");
|
||||
+ goto fail;
|
||||
+ }
|
||||
+
|
||||
+ EVP_CIPHER_CTX_free(ctx);
|
||||
return resultbuf;
|
||||
+
|
||||
+fail:
|
||||
+ EVP_CIPHER_CTX_free(ctx);
|
||||
+ if (resultbuf)
|
||||
+ rc_free(resultbuf);
|
||||
+
|
||||
+ return NULL;
|
||||
}
|
||||
|
||||
/* for ipsec part */
|
||||
@@ -2038,14 +2103,9 @@
|
||||
static caddr_t
|
||||
eay_hmac_init(rc_vchar_t *key, const EVP_MD *md)
|
||||
{
|
||||
- HMAC_CTX *c = racoon_malloc(sizeof(*c));
|
||||
+ HMAC_CTX *c = HMAC_CTX_new();
|
||||
|
||||
-#if OPENSSL_VERSION_NUMBER < 0x0090700fL
|
||||
- HMAC_Init(c, key->v, key->l, md);
|
||||
-#else
|
||||
- HMAC_CTX_init(c);
|
||||
HMAC_Init_ex(c, key->v, key->l, md, NULL);
|
||||
-#endif
|
||||
|
||||
return (caddr_t)c;
|
||||
}
|
||||
@@ -2053,12 +2113,7 @@
|
||||
void
|
||||
eay_hmac_dispose(HMAC_CTX *c)
|
||||
{
|
||||
-#if OPENSSL_VERSION_NUMBER < 0x0090700fL
|
||||
- HMAC_cleanup(c);
|
||||
-#else
|
||||
- HMAC_CTX_cleanup(c);
|
||||
-#endif
|
||||
- (void)racoon_free(c);
|
||||
+ HMAC_CTX_free(c);
|
||||
}
|
||||
|
||||
#ifdef WITH_SHA2
|
||||
@@ -2972,15 +3027,16 @@
|
||||
eay_random_uint32(void)
|
||||
{
|
||||
uint32_t value;
|
||||
- (void)RAND_pseudo_bytes((uint8_t *)&value, sizeof(value));
|
||||
+ (void)RAND_bytes((uint8_t *)&value, sizeof(value));
|
||||
return value;
|
||||
}
|
||||
|
||||
/* DH */
|
||||
int
|
||||
-eay_dh_generate(rc_vchar_t *prime, uint32_t g, unsigned int publen, rc_vchar_t **pub, rc_vchar_t **priv)
|
||||
+eay_dh_generate(rc_vchar_t *prime, uint32_t gg, unsigned int publen, rc_vchar_t **pub, rc_vchar_t **priv)
|
||||
{
|
||||
- BIGNUM *p = NULL;
|
||||
+ BIGNUM *p = NULL, *g = NULL;
|
||||
+ const BIGNUM *pub_key, *priv_key;
|
||||
DH *dh = NULL;
|
||||
int error = -1;
|
||||
|
||||
@@ -2991,25 +3047,27 @@
|
||||
|
||||
if ((dh = DH_new()) == NULL)
|
||||
goto end;
|
||||
- dh->p = p;
|
||||
- p = NULL; /* p is now part of dh structure */
|
||||
- dh->g = NULL;
|
||||
- if ((dh->g = BN_new()) == NULL)
|
||||
+ if ((g = BN_new()) == NULL)
|
||||
goto end;
|
||||
- if (!BN_set_word(dh->g, g))
|
||||
+ if (!BN_set_word(g, gg))
|
||||
goto end;
|
||||
|
||||
+ if (!DH_set0_pqg(dh, p, NULL, g))
|
||||
+ goto end;
|
||||
+ g = p = NULL;
|
||||
+
|
||||
if (publen != 0)
|
||||
- dh->length = publen;
|
||||
+ DH_set_length(dh, publen);
|
||||
|
||||
/* generate public and private number */
|
||||
if (!DH_generate_key(dh))
|
||||
goto end;
|
||||
|
||||
+ DH_get0_key(dh, &pub_key, &priv_key);
|
||||
/* copy results to buffers */
|
||||
- if (eay_bn2v(pub, dh->pub_key) < 0)
|
||||
+ if (eay_bn2v(pub, pub_key) < 0)
|
||||
goto end;
|
||||
- if (eay_bn2v(priv, dh->priv_key) < 0) {
|
||||
+ if (eay_bn2v(priv, priv_key) < 0) {
|
||||
rc_vfree(*pub);
|
||||
goto end;
|
||||
}
|
||||
@@ -3019,44 +3077,57 @@
|
||||
end:
|
||||
if (dh != NULL)
|
||||
DH_free(dh);
|
||||
- if (p != 0)
|
||||
+ if (p != NULL)
|
||||
BN_free(p);
|
||||
+ if (g != NULL)
|
||||
+ BN_free(g);
|
||||
return (error);
|
||||
}
|
||||
|
||||
int
|
||||
-eay_dh_compute (rc_vchar_t *prime, uint32_t g, rc_vchar_t *pub,
|
||||
+eay_dh_compute (rc_vchar_t *prime, uint32_t gg, rc_vchar_t *pub,
|
||||
rc_vchar_t *priv, rc_vchar_t *pub2, rc_vchar_t **key)
|
||||
{
|
||||
- BIGNUM *dh_pub = NULL;
|
||||
+ BIGNUM *dh_pub = NULL, *p = NULL, *g = NULL,
|
||||
+ *pub_key = NULL, *priv_key = NULL;
|
||||
DH *dh = NULL;
|
||||
int l;
|
||||
unsigned char *v = NULL;
|
||||
int error = -1;
|
||||
|
||||
- /* make public number to compute */
|
||||
- if (eay_v2bn(&dh_pub, pub2) < 0)
|
||||
- goto end;
|
||||
-
|
||||
/* make DH structure */
|
||||
if ((dh = DH_new()) == NULL)
|
||||
goto end;
|
||||
- if (eay_v2bn(&dh->p, prime) < 0)
|
||||
+
|
||||
+ if (eay_v2bn(&p, prime) < 0)
|
||||
+ goto end;
|
||||
+ if ((g = BN_new()) == NULL)
|
||||
goto end;
|
||||
- if (eay_v2bn(&dh->pub_key, pub) < 0)
|
||||
+ if (!BN_set_word(g, gg))
|
||||
goto end;
|
||||
- if (eay_v2bn(&dh->priv_key, priv) < 0)
|
||||
+ if (!DH_set0_pqg(dh, p, NULL, g))
|
||||
goto end;
|
||||
- dh->length = pub2->l * 8;
|
||||
+ p = NULL;
|
||||
+ g = NULL;
|
||||
|
||||
- dh->g = NULL;
|
||||
- if ((dh->g = BN_new()) == NULL)
|
||||
+ if (eay_v2bn(&pub_key, pub) < 0)
|
||||
goto end;
|
||||
- if (!BN_set_word(dh->g, g))
|
||||
+ if (eay_v2bn(&priv_key, priv) < 0)
|
||||
goto end;
|
||||
+ if (!DH_set0_key(dh, pub_key, priv_key))
|
||||
+ goto end;
|
||||
+ pub_key = NULL;
|
||||
+ priv_key = NULL;
|
||||
+
|
||||
+ DH_set_length(dh, pub2->l * 8);
|
||||
|
||||
if ((v = racoon_calloc(prime->l, sizeof(unsigned char))) == NULL)
|
||||
goto end;
|
||||
+
|
||||
+ /* make public number to compute */
|
||||
+ if (eay_v2bn(&dh_pub, pub2) < 0)
|
||||
+ goto end;
|
||||
+
|
||||
if ((l = DH_compute_key(v, dh_pub, dh)) == -1)
|
||||
goto end;
|
||||
memcpy((*key)->v + (prime->l - l), v, l);
|
||||
@@ -3066,6 +3137,14 @@
|
||||
end:
|
||||
if (dh_pub != NULL)
|
||||
BN_free(dh_pub);
|
||||
+ if (pub_key != NULL)
|
||||
+ BN_free(pub_key);
|
||||
+ if (priv_key != NULL)
|
||||
+ BN_free(priv_key);
|
||||
+ if (p != NULL)
|
||||
+ BN_free(p);
|
||||
+ if (g != NULL)
|
||||
+ BN_free(g);
|
||||
if (dh != NULL)
|
||||
DH_free(dh);
|
||||
if (v != NULL)
|
||||
@@ -3083,9 +3162,9 @@
|
||||
}
|
||||
|
||||
int
|
||||
-eay_bn2v(rc_vchar_t **var, BIGNUM *bn)
|
||||
+eay_bn2v(rc_vchar_t **var, const BIGNUM *bn)
|
||||
{
|
||||
- *var = rc_vmalloc(bn->top * BN_BYTES);
|
||||
+ *var = rc_vmalloc(BN_num_bytes(bn));
|
||||
if (*var == NULL)
|
||||
return (-1);
|
||||
|
36
security/racoon2/patches/patch-iked_ike__conf.c
Normal file
36
security/racoon2/patches/patch-iked_ike__conf.c
Normal file
|
@ -0,0 +1,36 @@
|
|||
$NetBSD: patch-iked_ike__conf.c,v 1.1 2018/05/29 01:22:50 christos Exp $
|
||||
|
||||
Comment out impossible case (switch is enum)
|
||||
|
||||
--- iked/ike_conf.c.orig 2009-07-28 01:32:40.000000000 -0400
|
||||
+++ iked/ike_conf.c 2018-05-28 19:48:04.934126933 -0400
|
||||
@@ -4025,12 +4025,14 @@
|
||||
SA_CONF(comp_alg, sa, comp_alg, 0);
|
||||
|
||||
switch (sa_protocol) {
|
||||
+#if 0
|
||||
case 0:
|
||||
++*err;
|
||||
plog(PLOG_INTERR, PLOGLOC, 0,
|
||||
"sa %s does not have sa_protocol field\n",
|
||||
sa_index);
|
||||
break;
|
||||
+#endif
|
||||
case RCT_SATYPE_ESP:
|
||||
if (!enc_alg) {
|
||||
++*err;
|
||||
@@ -4226,12 +4228,14 @@
|
||||
if (!action)
|
||||
POLICY_DEFAULT(action, action, 0);
|
||||
switch (action) {
|
||||
+#if 0
|
||||
case 0:
|
||||
++error;
|
||||
plog(PLOG_INTERR, PLOGLOC, 0,
|
||||
"policy %s lacks action field\n",
|
||||
rc_vmem2str(policy->pl_index));
|
||||
continue;
|
||||
+#endif
|
||||
case RCT_ACT_AUTO_IPSEC:
|
||||
break;
|
||||
default:
|
24
security/racoon2/patches/patch-iked_ikev1_ikev1.c
Normal file
24
security/racoon2/patches/patch-iked_ikev1_ikev1.c
Normal file
|
@ -0,0 +1,24 @@
|
|||
$NetBSD: patch-iked_ikev1_ikev1.c,v 1.1 2018/05/29 01:22:50 christos Exp $
|
||||
|
||||
Remove unused
|
||||
|
||||
--- iked/ikev1/ikev1.c.orig 2008-07-07 05:36:08.000000000 -0400
|
||||
+++ iked/ikev1/ikev1.c 2018-05-28 19:50:20.088751812 -0400
|
||||
@@ -1457,8 +1457,6 @@
|
||||
#define IKEV1_DEFAULT_RETRY_CHECKPH1 30
|
||||
|
||||
if (!iph1) {
|
||||
- struct sched *sc;
|
||||
-
|
||||
if (isakmp_ph1begin_i(rm_info, iph2->dst, iph2->src) < 0) {
|
||||
plog(PLOG_INTERR, PLOGLOC, 0,
|
||||
"failed to initiate phase 1 negotiation for %s\n",
|
||||
@@ -1467,7 +1465,7 @@
|
||||
goto fail;
|
||||
}
|
||||
iph2->retry_checkph1 = IKEV1_DEFAULT_RETRY_CHECKPH1;
|
||||
- sc = sched_new(1, isakmp_chkph1there_stub, iph2);
|
||||
+ sched_new(1, isakmp_chkph1there_stub, iph2);
|
||||
plog(PLOG_INFO, PLOGLOC, 0,
|
||||
"IPsec-SA request for %s queued "
|
||||
"since no phase1 found\n",
|
48
security/racoon2/patches/patch-iked_ikev1_ipsec__doi.c
Normal file
48
security/racoon2/patches/patch-iked_ikev1_ipsec__doi.c
Normal file
|
@ -0,0 +1,48 @@
|
|||
$NetBSD: patch-iked_ikev1_ipsec__doi.c,v 1.1 2018/05/29 01:22:50 christos Exp $
|
||||
|
||||
Fix memset argument
|
||||
Fix unused
|
||||
|
||||
--- iked/ikev1/ipsec_doi.c.orig 2008-07-07 05:36:08.000000000 -0400
|
||||
+++ iked/ikev1/ipsec_doi.c 2018-05-28 21:19:12.197533568 -0400
|
||||
@@ -220,7 +220,9 @@
|
||||
rc_vchar_t *newsa;
|
||||
struct isakmpsa *sa, tsa;
|
||||
struct prop_pair *s, *p;
|
||||
+#if 0
|
||||
int prophlen;
|
||||
+#endif
|
||||
int i;
|
||||
|
||||
if (iph1->approval) {
|
||||
@@ -232,8 +234,10 @@
|
||||
if (pair[i] == NULL)
|
||||
continue;
|
||||
for (s = pair[i]; s; s = s->next) {
|
||||
+#if 0
|
||||
prophlen = sizeof(struct isakmp_pl_p)
|
||||
+ s->prop->spi_size;
|
||||
+#endif
|
||||
/* compare proposal and select one */
|
||||
for (p = s; p; p = p->tnext) {
|
||||
sa = get_ph1approvalx(p, iph1->proposal,
|
||||
@@ -254,8 +258,10 @@
|
||||
if (pair[i] == NULL)
|
||||
continue;
|
||||
for (s = pair[i]; s; s = s->next) {
|
||||
+#if 0
|
||||
prophlen = sizeof(struct isakmp_pl_p)
|
||||
+ s->prop->spi_size;
|
||||
+#endif
|
||||
for (p = s; p; p = p->tnext) {
|
||||
print_ph1mismatched(p,
|
||||
iph1->proposal);
|
||||
@@ -1238,7 +1244,7 @@
|
||||
"failed to get buffer.\n");
|
||||
return NULL;
|
||||
}
|
||||
- memset(pair, 0, sizeof(pair));
|
||||
+ memset(pair, 0, sizeof(*pair));
|
||||
|
||||
bp = (caddr_t)(sab + 1);
|
||||
tlen = sa->l - sizeof(*sab);
|
91
security/racoon2/patches/patch-iked_ikev1_oakley.c
Normal file
91
security/racoon2/patches/patch-iked_ikev1_oakley.c
Normal file
|
@ -0,0 +1,91 @@
|
|||
$NetBSD: patch-iked_ikev1_oakley.c,v 1.1 2018/05/29 01:22:50 christos Exp $
|
||||
|
||||
Remove unused variables
|
||||
|
||||
--- iked/ikev1/oakley.c.orig 2008-07-07 05:36:08.000000000 -0400
|
||||
+++ iked/ikev1/oakley.c 2018-05-28 19:39:44.411098687 -0400
|
||||
@@ -585,7 +585,6 @@
|
||||
{
|
||||
rc_vchar_t *buf = 0, *res = 0;
|
||||
int len;
|
||||
- int error = -1;
|
||||
|
||||
/* create buffer */
|
||||
len = 1 + sizeof(uint32_t) + body->l;
|
||||
@@ -610,8 +609,6 @@
|
||||
if (res == NULL)
|
||||
goto end;
|
||||
|
||||
- error = 0;
|
||||
-
|
||||
plog(PLOG_DEBUG, PLOGLOC, NULL, "HASH computed:\n");
|
||||
plogdump(PLOG_DEBUG, PLOGLOC, 0, res->v, res->l);
|
||||
|
||||
@@ -637,7 +634,6 @@
|
||||
rc_vchar_t *buf = NULL, *res = NULL;
|
||||
char *p;
|
||||
int len;
|
||||
- int error = -1;
|
||||
|
||||
/* create buffer */
|
||||
len = sizeof(uint32_t) + body->l;
|
||||
@@ -663,8 +659,6 @@
|
||||
if (res == NULL)
|
||||
goto end;
|
||||
|
||||
- error = 0;
|
||||
-
|
||||
plog(PLOG_DEBUG, PLOGLOC, NULL, "HASH computed:\n");
|
||||
plogdump(PLOG_DEBUG, PLOGLOC, 0, res->v, res->l);
|
||||
|
||||
@@ -687,7 +681,6 @@
|
||||
rc_vchar_t *buf = NULL, *res = NULL, *bp;
|
||||
char *p, *bp2;
|
||||
int len, bl;
|
||||
- int error = -1;
|
||||
#ifdef HAVE_GSSAPI
|
||||
rc_vchar_t *gsstokens = NULL;
|
||||
#endif
|
||||
@@ -780,8 +773,6 @@
|
||||
if (res == NULL)
|
||||
goto end;
|
||||
|
||||
- error = 0;
|
||||
-
|
||||
plog(PLOG_DEBUG, PLOGLOC, NULL, "HASH (%s) computed:\n",
|
||||
iph1->side == INITIATOR ? "init" : "resp");
|
||||
plogdump(PLOG_DEBUG, PLOGLOC, 0, res->v, res->l);
|
||||
@@ -811,7 +802,6 @@
|
||||
rc_vchar_t *hash = NULL; /* for signature mode */
|
||||
char *p;
|
||||
int len;
|
||||
- int error = -1;
|
||||
|
||||
/* sanity check */
|
||||
if (iph1->etype != ISAKMP_ETYPE_BASE) {
|
||||
@@ -925,8 +915,6 @@
|
||||
if (res == NULL)
|
||||
goto end;
|
||||
|
||||
- error = 0;
|
||||
-
|
||||
plog(PLOG_DEBUG, PLOGLOC, NULL, "HASH_I computed:\n");
|
||||
plogdump(PLOG_DEBUG, PLOGLOC, 0, res->v, res->l);
|
||||
|
||||
@@ -950,7 +938,6 @@
|
||||
rc_vchar_t *hash = NULL;
|
||||
char *p;
|
||||
int len;
|
||||
- int error = -1;
|
||||
|
||||
/* sanity check */
|
||||
if (iph1->etype != ISAKMP_ETYPE_BASE) {
|
||||
@@ -1049,8 +1036,6 @@
|
||||
if (res == NULL)
|
||||
goto end;
|
||||
|
||||
- error = 0;
|
||||
-
|
||||
plog(PLOG_DEBUG, PLOGLOC, NULL, "HASH computed:\n");
|
||||
plogdump(PLOG_DEBUG, PLOGLOC, 0, res->v, res->l);
|
||||
|
71
security/racoon2/patches/patch-iked_ikev1_pfkey.c
Normal file
71
security/racoon2/patches/patch-iked_ikev1_pfkey.c
Normal file
|
@ -0,0 +1,71 @@
|
|||
$NetBSD: patch-iked_ikev1_pfkey.c,v 1.1 2018/05/29 01:22:50 christos Exp $
|
||||
|
||||
Fix unused
|
||||
|
||||
--- iked/ikev1/pfkey.c.orig 2008-04-01 06:39:13.000000000 -0400
|
||||
+++ iked/ikev1/pfkey.c 2018-05-28 19:55:26.598592949 -0400
|
||||
@@ -562,7 +562,9 @@
|
||||
unsigned int satype, mode;
|
||||
struct saprop *pp;
|
||||
struct saproto *pr;
|
||||
+#ifdef notyet
|
||||
uint32_t minspi, maxspi;
|
||||
+#endif
|
||||
#if 0
|
||||
int proxy = 0;
|
||||
#endif
|
||||
@@ -613,13 +615,15 @@
|
||||
}
|
||||
/* this works around a bug in Linux kernel where it
|
||||
* allocates 4 byte spi's for IPCOMP */
|
||||
- else if (satype == SADB_X_SATYPE_IPCOMP) {
|
||||
+#ifdef notyet
|
||||
+ if (satype == SADB_X_SATYPE_IPCOMP) {
|
||||
minspi = 0x100;
|
||||
maxspi = 0xffff;
|
||||
} else {
|
||||
minspi = 0;
|
||||
maxspi = 0;
|
||||
}
|
||||
+#endif
|
||||
mode = ipsecdoi2rc_mode(pr->encmode);
|
||||
if (mode == 0) {
|
||||
plog(PLOG_INTERR, PLOGLOC, NULL,
|
||||
@@ -635,8 +639,10 @@
|
||||
param.pref_dst = 0;
|
||||
param.satype = satype;
|
||||
param.samode = mode;
|
||||
- /* param.minspi = minspi; */
|
||||
- /* param.maxspi = maxspi; */
|
||||
+#ifdef notyet
|
||||
+ param.minspi = minspi;
|
||||
+ param.maxspi = maxspi;
|
||||
+#endif
|
||||
param.reqid = pr->reqid_in;
|
||||
param.seq = iph2->seq;
|
||||
if (iph2->sadb_request.method->getspi(¶m)) {
|
||||
@@ -747,7 +753,9 @@
|
||||
unsigned int e_keylen, a_keylen, flags;
|
||||
int satype, mode;
|
||||
struct rcpfk_msg param;
|
||||
+#if 0
|
||||
unsigned int wsize = 4; /* XXX static size of window */
|
||||
+#endif
|
||||
|
||||
/* sanity check */
|
||||
if (iph2->approval == NULL) {
|
||||
@@ -773,10 +781,13 @@
|
||||
plog(PLOG_PROTOERR, PLOGLOC, 0,
|
||||
"invalid proto_id %d\n", pr->proto_id);
|
||||
return -1;
|
||||
- } else if (satype == RCT_SATYPE_IPCOMP) {
|
||||
+ }
|
||||
+#if 0
|
||||
+ if (satype == RCT_SATYPE_IPCOMP) {
|
||||
/* IPCOMP has no replay window */
|
||||
wsize = 0;
|
||||
}
|
||||
+#endif
|
||||
mode = ipsecdoi2rc_mode(pr->encmode);
|
||||
if (mode == 0) {
|
||||
plog(PLOG_PROTOERR, PLOGLOC, 0,
|
78
security/racoon2/patches/patch-iked_ikev2.c
Normal file
78
security/racoon2/patches/patch-iked_ikev2.c
Normal file
|
@ -0,0 +1,78 @@
|
|||
$NetBSD: patch-iked_ikev2.c,v 1.1 2018/05/29 01:22:50 christos Exp $
|
||||
|
||||
Remove unused
|
||||
|
||||
--- iked/ikev2.c.orig 2010-02-01 05:30:51.000000000 -0500
|
||||
+++ iked/ikev2.c 2018-05-28 19:59:33.332024762 -0400
|
||||
@@ -1945,8 +1945,6 @@
|
||||
struct ikev2_payload_header *p;
|
||||
int type;
|
||||
struct ikev2_payload_header *id_i = 0;
|
||||
- struct ikev2_payload_header *cert = 0;
|
||||
- struct ikev2_payload_header *certreq = 0;
|
||||
struct ikev2_payload_header *id_r = 0;
|
||||
struct ikev2payl_auth *auth = 0;
|
||||
struct ikev2_payload_header *sa_i2 = 0;
|
||||
@@ -2010,10 +2008,8 @@
|
||||
* accept up to four X.509 certificates in support of authentication,
|
||||
*/
|
||||
#endif
|
||||
- cert = p;
|
||||
break;
|
||||
case IKEV2_PAYLOAD_CERTREQ:
|
||||
- certreq = p;
|
||||
break;
|
||||
case IKEV2_PAYLOAD_ID_R:
|
||||
if (id_r)
|
||||
@@ -2639,7 +2635,6 @@
|
||||
int type;
|
||||
struct ikev2_payload_header *p;
|
||||
struct ikev2_payload_header *id_r = 0;
|
||||
- struct ikev2_payload_header *cert = 0;
|
||||
struct ikev2payl_auth *auth = 0;
|
||||
struct ikev2_payload_header *sa_r2 = 0;
|
||||
struct ikev2_payload_header *ts_i = 0;
|
||||
@@ -2669,7 +2664,6 @@
|
||||
* accept up to four X.509 certificates in support of authentication,
|
||||
*/
|
||||
#endif
|
||||
- cert = p;
|
||||
break;
|
||||
case IKEV2_PAYLOAD_AUTH:
|
||||
if (auth)
|
||||
@@ -2791,7 +2785,6 @@
|
||||
int type;
|
||||
struct ikev2_payload_header *p;
|
||||
struct ikev2_payload_header *cfg = 0;
|
||||
- struct ikev2_payload_header *id_r = 0;
|
||||
struct ikev2_payload_header *sa_r2 = 0;
|
||||
struct ikev2_payload_header *ts_i = 0;
|
||||
struct ikev2_payload_header *ts_r = 0;
|
||||
@@ -2834,7 +2827,6 @@
|
||||
case IKEV2_PAYLOAD_ENCRYPTED:
|
||||
break;
|
||||
case IKEV2_PAYLOAD_ID_R:
|
||||
- id_r = p;
|
||||
break;
|
||||
case IKEV2_PAYLOAD_SA:
|
||||
sa_r2 = p;
|
||||
@@ -4541,7 +4533,9 @@
|
||||
int i;
|
||||
uint32_t spi;
|
||||
struct ikev2_child_sa *child_sa;
|
||||
+#if 0
|
||||
struct rcf_policy *policy;
|
||||
+#endif
|
||||
|
||||
d = (struct ikev2payl_delete *)p;
|
||||
protocol_id = d->dh.protocol_id;
|
||||
@@ -4641,7 +4635,9 @@
|
||||
break;
|
||||
}
|
||||
|
||||
+#if 0
|
||||
policy = child_sa->selector->pl;
|
||||
+#endif
|
||||
|
||||
/* (draft-17)
|
||||
* If by chance both ends of a set
|
26
security/racoon2/patches/patch-iked_ikev2__child.c
Normal file
26
security/racoon2/patches/patch-iked_ikev2__child.c
Normal file
|
@ -0,0 +1,26 @@
|
|||
$NetBSD: patch-iked_ikev2__child.c,v 1.1 2018/05/29 01:22:50 christos Exp $
|
||||
|
||||
Comment out unused
|
||||
|
||||
--- iked/ikev2_child.c.orig 2008-09-10 04:30:58.000000000 -0400
|
||||
+++ iked/ikev2_child.c 2018-05-28 20:02:17.518182437 -0400
|
||||
@@ -1373,7 +1373,9 @@
|
||||
struct prop_pair *matching_proposal = 0;
|
||||
struct prop_pair *matching_my_proposal = 0;
|
||||
struct prop_pair **new_my_proposal_list = 0;
|
||||
+#ifdef notyet
|
||||
rc_vchar_t *g_ir;
|
||||
+#endif
|
||||
int err = 0;
|
||||
|
||||
/* update IPsec SA with received parameter */
|
||||
@@ -1451,8 +1453,8 @@
|
||||
use_transport_mode ? "transport" : "tunnel"));
|
||||
}
|
||||
|
||||
- g_ir = 0;
|
||||
#ifdef notyet
|
||||
+ g_ir = 0;
|
||||
/* if (ke_i && ke_r) g_ir = g^i^r */
|
||||
#endif
|
||||
|
24
security/racoon2/patches/patch-iked_ikev2__notify.c
Normal file
24
security/racoon2/patches/patch-iked_ikev2__notify.c
Normal file
|
@ -0,0 +1,24 @@
|
|||
$NetBSD: patch-iked_ikev2__notify.c,v 1.1 2018/05/29 01:22:50 christos Exp $
|
||||
|
||||
Fix unused
|
||||
|
||||
--- iked/ikev2_notify.c.orig 2008-02-06 03:09:00.000000000 -0500
|
||||
+++ iked/ikev2_notify.c 2018-05-28 20:05:41.431368140 -0400
|
||||
@@ -281,12 +281,16 @@
|
||||
struct ikev2_child_param *child_param,
|
||||
int *http_cert_lookup_supported)
|
||||
{
|
||||
- struct ikev2_header *ikehdr;
|
||||
struct ikev2payl_notify *notify;
|
||||
+#ifdef notyet
|
||||
+ struct ikev2_header *ikehdr;
|
||||
uint32_t message_id;
|
||||
+#endif
|
||||
|
||||
+#ifdef notyet
|
||||
ikehdr = (struct ikev2_header *)msg->v;
|
||||
message_id = get_uint32(&ikehdr->message_id);
|
||||
+#endif
|
||||
notify = (struct ikev2payl_notify *)payload;
|
||||
|
||||
switch (get_notify_type(notify)) {
|
117
security/racoon2/patches/patch-kinkd-crypto__openssl.c
Normal file
117
security/racoon2/patches/patch-kinkd-crypto__openssl.c
Normal file
|
@ -0,0 +1,117 @@
|
|||
$NetBSD: patch-kinkd-crypto__openssl.c,v 1.1 2018/05/29 01:22:50 christos Exp $
|
||||
|
||||
Fix signness issues
|
||||
|
||||
--- kinkd/crypto_openssl.c.orig 2008-02-07 05:12:28.000000000 -0500
|
||||
+++ kinkd/crypto_openssl.c 2018-05-28 19:32:47.287261308 -0400
|
||||
@@ -239,7 +239,7 @@
|
||||
rc_vchar_t *res;
|
||||
AES_KEY k;
|
||||
|
||||
- if (AES_set_encrypt_key(key->v, key->l << 3, &k) < 0)
|
||||
+ if (AES_set_encrypt_key((unsigned char *)key->v, key->l << 3, &k) < 0)
|
||||
return NULL;
|
||||
/* allocate buffer for result */
|
||||
if ((res = rc_vmalloc(data->l)) == NULL) {
|
||||
@@ -247,7 +247,7 @@
|
||||
EXITREQ_NOMEM();
|
||||
return NULL;
|
||||
}
|
||||
- AES_cbc_encrypt(data->v, res->v, data->l, &k, iv->v, AES_ENCRYPT);
|
||||
+ AES_cbc_encrypt((unsigned char *)data->v, (unsigned char *)res->v, data->l, &k, (unsigned char *)iv->v, AES_ENCRYPT);
|
||||
|
||||
return res;
|
||||
}
|
||||
@@ -258,7 +258,7 @@
|
||||
rc_vchar_t *res;
|
||||
AES_KEY k;
|
||||
|
||||
- if (AES_set_decrypt_key(key->v, key->l << 3, &k) < 0)
|
||||
+ if (AES_set_decrypt_key((unsigned char *)key->v, key->l << 3, &k) < 0)
|
||||
return NULL;
|
||||
/* allocate buffer for result */
|
||||
if ((res = rc_vmalloc(data->l)) == NULL) {
|
||||
@@ -266,7 +266,7 @@
|
||||
EXITREQ_NOMEM();
|
||||
return NULL;
|
||||
}
|
||||
- AES_cbc_encrypt(data->v, res->v, data->l, &k, iv->v, AES_DECRYPT);
|
||||
+ AES_cbc_encrypt((unsigned char *)data->v, (unsigned char *)res->v, data->l, &k, (unsigned char *)iv->v, AES_DECRYPT);
|
||||
|
||||
return res;
|
||||
}
|
||||
@@ -291,7 +291,7 @@
|
||||
rc_vchar_t *res;
|
||||
AES_KEY k;
|
||||
|
||||
- if (AES_set_encrypt_key(key->v, key->l << 3, &k) < 0)
|
||||
+ if (AES_set_encrypt_key((unsigned char *)key->v, key->l << 3, &k) < 0)
|
||||
return NULL;
|
||||
/* allocate buffer for result */
|
||||
if ((res = rc_vmalloc(data->l)) == NULL) {
|
||||
@@ -299,7 +299,7 @@
|
||||
EXITREQ_NOMEM();
|
||||
return NULL;
|
||||
}
|
||||
- AES_cts_encrypt(data->v, res->v, data->l, &k, iv->v, AES_ENCRYPT);
|
||||
+ AES_cts_encrypt((unsigned char *)data->v, (unsigned char *)res->v, data->l, &k, (unsigned char *)iv->v, AES_ENCRYPT);
|
||||
|
||||
return res;
|
||||
}
|
||||
@@ -310,7 +310,7 @@
|
||||
rc_vchar_t *res;
|
||||
AES_KEY k;
|
||||
|
||||
- if (AES_set_decrypt_key(key->v, key->l << 3, &k) < 0)
|
||||
+ if (AES_set_decrypt_key((unsigned char *)key->v, key->l << 3, &k) < 0)
|
||||
return NULL;
|
||||
/* allocate buffer for result */
|
||||
if ((res = rc_vmalloc(data->l)) == NULL) {
|
||||
@@ -318,7 +318,7 @@
|
||||
EXITREQ_NOMEM();
|
||||
return NULL;
|
||||
}
|
||||
- AES_cts_encrypt(data->v, res->v, data->l, &k, iv->v, AES_DECRYPT);
|
||||
+ AES_cts_encrypt((unsigned char *)data->v, (unsigned char *)res->v, data->l, &k, (unsigned char *)iv->v, AES_DECRYPT);
|
||||
|
||||
return res;
|
||||
}
|
||||
@@ -348,17 +348,17 @@
|
||||
memcpy(lastblk, ivec, AES_BLOCK_SIZE);
|
||||
for (i = 0; i < fraglen; i++)
|
||||
lastblk[i] ^= (in + cbclen + AES_BLOCK_SIZE)[i];
|
||||
- AES_encrypt(lastblk, out + cbclen, key);
|
||||
+ AES_encrypt((unsigned char *)lastblk, out + cbclen, key);
|
||||
} else {
|
||||
/* Decrypt the last plainblock. */
|
||||
- AES_decrypt(in + cbclen, lastblk, key);
|
||||
+ AES_decrypt(in + cbclen, (unsigned char *)lastblk, key);
|
||||
for (i = 0; i < fraglen; i++)
|
||||
(out + cbclen + AES_BLOCK_SIZE)[i] =
|
||||
lastblk[i] ^ (in + cbclen + AES_BLOCK_SIZE)[i];
|
||||
|
||||
/* Decrypt the second last block. */
|
||||
memcpy(lastblk, in + cbclen + AES_BLOCK_SIZE, fraglen);
|
||||
- AES_decrypt(lastblk, out + cbclen, key);
|
||||
+ AES_decrypt((unsigned char *)lastblk, out + cbclen, key);
|
||||
if (cbclen == 0)
|
||||
for (i = 0; i < AES_BLOCK_SIZE; i++)
|
||||
(out + cbclen)[i] ^= ivec[i];
|
||||
@@ -738,7 +738,7 @@
|
||||
if ((res = rc_vmalloc(SHA_DIGEST_LENGTH)) == 0)
|
||||
return(0);
|
||||
|
||||
- SHA1_Final(res->v, (SHA_CTX *)c);
|
||||
+ SHA1_Final((unsigned char *)res->v, (SHA_CTX *)c);
|
||||
(void)free(c);
|
||||
|
||||
return(res);
|
||||
@@ -792,7 +792,7 @@
|
||||
if ((res = rc_vmalloc(MD5_DIGEST_LENGTH)) == 0)
|
||||
return(0);
|
||||
|
||||
- MD5_Final(res->v, (MD5_CTX *)c);
|
||||
+ MD5_Final((unsigned char *)res->v, (MD5_CTX *)c);
|
||||
(void)free(c);
|
||||
|
||||
return(res);
|
34
security/racoon2/patches/patch-kinkd-ipsec__doi.c
Normal file
34
security/racoon2/patches/patch-kinkd-ipsec__doi.c
Normal file
|
@ -0,0 +1,34 @@
|
|||
$NetBSD: patch-kinkd-ipsec__doi.c,v 1.1 2018/05/29 01:22:50 christos Exp $
|
||||
|
||||
Fix wrong memset
|
||||
Fix pointer signness
|
||||
|
||||
--- kinkd/ipsec_doi.c.orig 2018-05-28 19:34:49.793231430 -0400
|
||||
+++ kinkd/ipsec_doi.c 2018-05-28 19:35:27.322259892 -0400
|
||||
@@ -654,7 +654,7 @@
|
||||
"failed to get buffer.\n");
|
||||
return NULL;
|
||||
}
|
||||
- memset(pair, 0, sizeof(pair));
|
||||
+ memset(pair, 0, sizeof(*pair));
|
||||
|
||||
bp = (caddr_t)(sab + 1);
|
||||
tlen = sa->l - sizeof(*sab);
|
||||
@@ -2034,7 +2034,7 @@
|
||||
|
||||
/* set prefix */
|
||||
if (len2) {
|
||||
- unsigned char *p = new->v + sizeof(struct ipsecdoi_id_b) + len1;
|
||||
+ unsigned char *p = (unsigned char *)new->v + sizeof(struct ipsecdoi_id_b) + len1;
|
||||
unsigned int bits = prefixlen;
|
||||
|
||||
while (bits >= 8) {
|
||||
@@ -2141,7 +2141,7 @@
|
||||
plen = 0;
|
||||
max = alen <<3;
|
||||
|
||||
- p = buf->v
|
||||
+ p = (unsigned char *)buf->v
|
||||
+ sizeof(struct ipsecdoi_id_b)
|
||||
+ alen;
|
||||
|
310
security/racoon2/patches/patch-kinkd_bbkk__heimdal.c
Normal file
310
security/racoon2/patches/patch-kinkd_bbkk__heimdal.c
Normal file
|
@ -0,0 +1,310 @@
|
|||
$NetBSD: patch-kinkd_bbkk__heimdal.c,v 1.1 2018/05/29 01:22:50 christos Exp $
|
||||
|
||||
Avoid deprecated API's
|
||||
Include private header since we are using private functions
|
||||
Fix function calls with missing args
|
||||
|
||||
--- kinkd/bbkk_heimdal.c.orig 2007-08-03 01:42:24.000000000 -0400
|
||||
+++ kinkd/bbkk_heimdal.c 2018-05-28 21:07:22.720866945 -0400
|
||||
@@ -40,6 +40,10 @@
|
||||
#include <string.h>
|
||||
#if defined(HAVE_KRB5_KRB5_H)
|
||||
# include <krb5/krb5.h>
|
||||
+# include <openssl/evp.h>
|
||||
+typedef void *krb5_pk_init_ctx;
|
||||
+# include <krb5/pkinit_asn1.h>
|
||||
+# include <krb5/krb5-private.h>
|
||||
#else
|
||||
# include <krb5.h>
|
||||
#endif
|
||||
@@ -147,7 +151,7 @@
|
||||
if (DEBUG_KRB5() && cause != NULL)
|
||||
kinkd_log(KLLV_DEBUG,
|
||||
"bbkk: %s: %s\n",
|
||||
- cause, krb5_get_err_text(con->context, ret));
|
||||
+ cause, krb5_get_error_message(con->context, ret));
|
||||
if (con->rcache != NULL)
|
||||
krb5_rc_close(con->context, con->rcache);
|
||||
if (con->ccache != NULL)
|
||||
@@ -185,7 +189,7 @@
|
||||
{
|
||||
krb5_error_code ret;
|
||||
krb5_principal principal;
|
||||
- krb5_get_init_creds_opt opt;
|
||||
+ krb5_get_init_creds_opt *opt;
|
||||
krb5_creds cred;
|
||||
krb5_keytab kt;
|
||||
krb5_deltat start_time = 0;
|
||||
@@ -198,7 +202,7 @@
|
||||
if (DEBUG_KRB5())
|
||||
kinkd_log(KLLV_DEBUG,
|
||||
"bbkk: krb5_parse_name: %s\n",
|
||||
- krb5_get_err_text(con->context, ret));
|
||||
+ krb5_get_error_message(con->context, ret));
|
||||
return ret;
|
||||
}
|
||||
ret = krb5_kt_default(con->context, &kt);
|
||||
@@ -206,25 +210,26 @@
|
||||
if (DEBUG_KRB5())
|
||||
kinkd_log(KLLV_DEBUG,
|
||||
"bbkk: krb5_kt_default: %s\n",
|
||||
- krb5_get_err_text(con->context, ret));
|
||||
+ krb5_get_error_message(con->context, ret));
|
||||
krb5_free_principal(con->context, principal);
|
||||
return ret;
|
||||
}
|
||||
|
||||
memset(&cred, 0, sizeof(cred));
|
||||
- krb5_get_init_creds_opt_init(&opt);
|
||||
+ krb5_get_init_creds_opt_alloc(con->context, &opt);
|
||||
krb5_get_init_creds_opt_set_default_flags(con->context, "kinit",
|
||||
- principal->realm, &opt); /* XXX may not be kinit... */
|
||||
+ principal->realm, opt); /* XXX may not be kinit... */
|
||||
|
||||
ret = krb5_get_init_creds_keytab(con->context, &cred, principal, kt,
|
||||
- start_time, NULL /* server */, &opt);
|
||||
+ start_time, NULL /* server */, opt);
|
||||
krb5_kt_close(con->context, kt);
|
||||
krb5_free_principal(con->context, principal);
|
||||
+ krb5_get_init_creds_opt_free(con->context, opt);
|
||||
if (ret != 0) {
|
||||
if (DEBUG_KRB5())
|
||||
kinkd_log(KLLV_DEBUG,
|
||||
"bbkk: krb5_get_init_creds_keytab: %s\n",
|
||||
- krb5_get_err_text(con->context, ret));
|
||||
+ krb5_get_error_message(con->context, ret));
|
||||
return ret;
|
||||
}
|
||||
|
||||
@@ -236,10 +241,10 @@
|
||||
if (DEBUG_KRB5())
|
||||
kinkd_log(KLLV_DEBUG,
|
||||
"bbkk: krb5_cc_store_cred: %s\n",
|
||||
- krb5_get_err_text(con->context, ret));
|
||||
+ krb5_get_error_message(con->context, ret));
|
||||
return ret;
|
||||
}
|
||||
- krb5_free_creds_contents(con->context, &cred);
|
||||
+ krb5_free_cred_contents(con->context, &cred);
|
||||
|
||||
return 0;
|
||||
}
|
||||
@@ -261,7 +266,7 @@
|
||||
if (DEBUG_KRB5())
|
||||
kinkd_log(KLLV_DEBUG,
|
||||
"bbkk: krb5_parse_name: %s\n",
|
||||
- krb5_get_err_text(con->context, ret));
|
||||
+ krb5_get_error_message(con->context, ret));
|
||||
return ret;
|
||||
}
|
||||
ret = krb5_parse_name(con->context, cprinc_str, &client);
|
||||
@@ -269,7 +274,7 @@
|
||||
if (DEBUG_KRB5())
|
||||
kinkd_log(KLLV_DEBUG,
|
||||
"bbkk: krb5_parse_name: %s\n",
|
||||
- krb5_get_err_text(con->context, ret));
|
||||
+ krb5_get_error_message(con->context, ret));
|
||||
krb5_free_principal(con->context, server);
|
||||
return ret;
|
||||
}
|
||||
@@ -292,7 +297,7 @@
|
||||
if (DEBUG_KRB5())
|
||||
kinkd_log(KLLV_DEBUG,
|
||||
"bbkk: krb5_cc_remove_cred: %s\n",
|
||||
- krb5_get_err_text(con->context, ret));
|
||||
+ krb5_get_error_message(con->context, ret));
|
||||
krb5_free_principal(con->context, client);
|
||||
krb5_free_principal(con->context, server);
|
||||
return ret;
|
||||
@@ -311,7 +316,7 @@
|
||||
if (DEBUG_KRB5())
|
||||
kinkd_log(KLLV_DEBUG,
|
||||
"bbkk: krb5_get_credentials: %s\n",
|
||||
- krb5_get_err_text(con->context, ret));
|
||||
+ krb5_get_error_message(con->context, ret));
|
||||
return ret;
|
||||
}
|
||||
*cred = (void *)out_cred;
|
||||
@@ -354,7 +359,7 @@
|
||||
if (DEBUG_KRB5())
|
||||
kinkd_log(KLLV_DEBUG,
|
||||
"bbkk: krb5_copy_creds_contents: %s\n",
|
||||
- krb5_get_err_text(con->context, ret));
|
||||
+ krb5_get_error_message(con->context, ret));
|
||||
goto cleanup;
|
||||
}
|
||||
int_auth_con = NULL;
|
||||
@@ -364,12 +369,12 @@
|
||||
*/
|
||||
ret = krb5_mk_req_extended(con->context, &int_auth_con,
|
||||
AP_OPTS_MUTUAL_REQUIRED, NULL /* in_data */, &cred_copy, &ap_req);
|
||||
- krb5_free_creds_contents(con->context, &cred_copy);
|
||||
+ krb5_free_cred_contents(con->context, &cred_copy);
|
||||
if (ret != 0) {
|
||||
if (DEBUG_KRB5())
|
||||
kinkd_log(KLLV_DEBUG,
|
||||
"bbkk: krb5_mk_req_extended: %s\n",
|
||||
- krb5_get_err_text(con->context, ret));
|
||||
+ krb5_get_error_message(con->context, ret));
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
@@ -414,7 +419,7 @@
|
||||
if (DEBUG_KRB5())
|
||||
kinkd_log(KLLV_DEBUG,
|
||||
"bbkk: krb5_rd_rep: %s\n",
|
||||
- krb5_get_err_text(con->context, ret));
|
||||
+ krb5_get_error_message(con->context, ret));
|
||||
return ret;
|
||||
}
|
||||
|
||||
@@ -462,7 +467,7 @@
|
||||
if (ret != 0) {
|
||||
kinkd_log(KLLV_SYSERR,
|
||||
"krb5e_force_get_key: (%d) %s\n",
|
||||
- ret, krb5_get_err_text(con->context, ret));
|
||||
+ ret, krb5_get_error_message(con->context, ret));
|
||||
krb5_auth_con_free(con->context, auth_context);
|
||||
return ret;
|
||||
}
|
||||
@@ -470,7 +475,7 @@
|
||||
if (DEBUG_KRB5())
|
||||
kinkd_log(KLLV_DEBUG,
|
||||
"bbkk: krb5_rd_req: (%d)%s\n",
|
||||
- saveret, krb5_get_err_text(con->context, saveret));
|
||||
+ saveret, krb5_get_error_message(con->context, saveret));
|
||||
krb5_auth_con_free(con->context, auth_context);
|
||||
return saveret;
|
||||
}
|
||||
@@ -492,7 +497,7 @@
|
||||
if (DEBUG_KRB5())
|
||||
kinkd_log(KLLV_DEBUG,
|
||||
"bbkk: krb5_rc_store: %s\n",
|
||||
- krb5_get_err_text(con->context, ret));
|
||||
+ krb5_get_error_message(con->context, ret));
|
||||
if (ticket != NULL)
|
||||
krb5_free_ticket(con->context, ticket);
|
||||
krb5_auth_con_free(con->context, auth_context);
|
||||
@@ -507,7 +512,7 @@
|
||||
if (DEBUG_KRB5())
|
||||
kinkd_log(KLLV_DEBUG,
|
||||
"bbkk: krb5_mk_rep: %s\n",
|
||||
- krb5_get_err_text(con->context, ret));
|
||||
+ krb5_get_error_message(con->context, ret));
|
||||
/*
|
||||
* XXX Heimdal-0.6.x
|
||||
* Heimdal-0.6.x frees only ticket contents, not containter;
|
||||
@@ -536,7 +541,7 @@
|
||||
if (DEBUG_KRB5())
|
||||
kinkd_log(KLLV_DEBUG,
|
||||
"bbkk: krb5_rd_req: (%d)%s\n",
|
||||
- saveret, krb5_get_err_text(con->context, saveret));
|
||||
+ saveret, krb5_get_error_message(con->context, saveret));
|
||||
if (ticket != NULL)
|
||||
krb5_free_ticket(con->context, ticket);
|
||||
return saveret;
|
||||
@@ -584,7 +589,7 @@
|
||||
time_t ctime, *ctimep;
|
||||
int cusec, *cusecp;
|
||||
|
||||
- e_text = krb5_get_err_text(con->context, ecode);
|
||||
+ e_text = krb5_get_error_message(con->context, ecode);
|
||||
if (ecode < KRB5KDC_ERR_NONE || KRB5_ERR_RCSID <= ecode) {
|
||||
kinkd_log(KLLV_SYSWARN,
|
||||
"non protocol errror (%d), use GENERIC\n", ecode);
|
||||
@@ -609,7 +614,7 @@
|
||||
if (DEBUG_KRB5())
|
||||
kinkd_log(KLLV_DEBUG,
|
||||
"bbkk: krb5_mk_error: %s\n",
|
||||
- krb5_get_err_text(con->context, ret));
|
||||
+ krb5_get_error_message(con->context, ret));
|
||||
return ret;
|
||||
}
|
||||
|
||||
@@ -635,7 +640,7 @@
|
||||
if (DEBUG_KRB5())
|
||||
kinkd_log(KLLV_DEBUG,
|
||||
"bbkk: krb5_rd_error: %s\n",
|
||||
- krb5_get_err_text(con->context, ret));
|
||||
+ krb5_get_error_message(con->context, ret));
|
||||
return ret;
|
||||
}
|
||||
|
||||
@@ -926,7 +931,7 @@
|
||||
if (con == NULL)
|
||||
return "Failed in initialization, so no message is available";
|
||||
else
|
||||
- return krb5_get_err_text(con->context, ecode);
|
||||
+ return krb5_get_error_message(con->context, ecode);
|
||||
}
|
||||
|
||||
|
||||
@@ -951,7 +956,7 @@
|
||||
keyblock = NULL;
|
||||
|
||||
if ((t = (krb5_ticket *)malloc(sizeof(*t))) == NULL) {
|
||||
- krb5_clear_error_string(context);
|
||||
+ krb5_clear_error_message(context);
|
||||
return ENOMEM;
|
||||
}
|
||||
*t = t0;
|
||||
@@ -966,14 +971,14 @@
|
||||
principalname2krb5_principal(&server,
|
||||
ap_req.ticket.sname, ap_req.ticket.realm);
|
||||
#else
|
||||
- _krb5_principalname2krb5_principal(&server,
|
||||
+ _krb5_principalname2krb5_principal(context, &server,
|
||||
ap_req.ticket.sname, ap_req.ticket.realm);
|
||||
#endif
|
||||
|
||||
if (ap_req.ap_options.use_session_key && ac->keyblock == NULL) {
|
||||
- krb5_set_error_string(context, "krb5_rd_req: user to user "
|
||||
- "auth without session key given");
|
||||
ret = KRB5KRB_AP_ERR_NOKEY;
|
||||
+ krb5_set_error_message(context, ret,
|
||||
+ "krb5_rd_req: user to user auth without session key given");
|
||||
goto fail;
|
||||
}
|
||||
|
||||
@@ -1009,6 +1014,13 @@
|
||||
}
|
||||
|
||||
/* decrypt ticket */
|
||||
+#if 1
|
||||
+ ret = krb5_decrypt_ticket(context, &ap_req.ticket,
|
||||
+ ac->keyblock != NULL ? ac->keyblock : keyblock,
|
||||
+ &t->ticket, 0);
|
||||
+ if (ret != 0)
|
||||
+ goto fail;
|
||||
+#else
|
||||
{
|
||||
krb5_data plain;
|
||||
size_t len;
|
||||
@@ -1030,6 +1042,7 @@
|
||||
if (ret != 0)
|
||||
goto fail;
|
||||
}
|
||||
+#endif
|
||||
|
||||
/* get keyblock from ticket */
|
||||
if (ac->keyblock != NULL) {
|
||||
@@ -1039,6 +1052,11 @@
|
||||
krb5_copy_keyblock(context, &t->ticket.key, &ac->keyblock);
|
||||
|
||||
/* handle authenticator */
|
||||
+#if 1
|
||||
+ ret = krb5_auth_con_getauthenticator(context, ac, &ac->authenticator);
|
||||
+ if (ret != 0)
|
||||
+ goto fail;
|
||||
+#else
|
||||
{
|
||||
krb5_data plain;
|
||||
size_t len;
|
||||
@@ -1059,6 +1077,7 @@
|
||||
if (ret != 0)
|
||||
goto fail;
|
||||
}
|
||||
+#endif
|
||||
if (ac->authenticator->seq_number)
|
||||
krb5_auth_con_setremoteseqnumber(context, ac,
|
||||
*ac->authenticator->seq_number);
|
61
security/racoon2/patches/patch-kinkd_isakmp__quick.c
Normal file
61
security/racoon2/patches/patch-kinkd_isakmp__quick.c
Normal file
|
@ -0,0 +1,61 @@
|
|||
$NetBSD: patch-kinkd_isakmp__quick.c,v 1.1 2018/05/29 01:22:50 christos Exp $
|
||||
|
||||
Fix unused
|
||||
|
||||
--- kinkd/isakmp_quick.c.orig 2009-09-04 15:59:33.000000000 -0400
|
||||
+++ kinkd/isakmp_quick.c 2018-05-28 21:12:13.401432933 -0400
|
||||
@@ -191,9 +191,11 @@
|
||||
}
|
||||
|
||||
if (iph2->id_p) {
|
||||
+#if 0
|
||||
uint8_t dummy_plen;
|
||||
uint16_t dummy_ulproto;
|
||||
int ret;
|
||||
+#endif
|
||||
|
||||
plog(LLV_DEBUG, LOCATION, NULL, "received IDci2:");
|
||||
plogdump(LLV_DEBUG, iph2->id_p->v, iph2->id_p->l);
|
||||
@@ -212,9 +214,11 @@
|
||||
#endif
|
||||
}
|
||||
if (iph2->id) {
|
||||
+#if 0
|
||||
uint8_t dummy_plen;
|
||||
uint16_t dummy_ulproto;
|
||||
int ret;
|
||||
+#endif
|
||||
|
||||
plog(LLV_DEBUG, LOCATION, NULL, "received IDcr2:");
|
||||
plogdump(LLV_DEBUG, iph2->id->v, iph2->id->l);
|
||||
@@ -258,7 +262,9 @@
|
||||
{
|
||||
rc_vchar_t *pbuf = NULL; /* for payload parsing */
|
||||
struct isakmp_parse_t *pa;
|
||||
+#if 0
|
||||
int f_id;
|
||||
+#endif
|
||||
int error = ISAKMP_INTERNAL_ERROR;
|
||||
|
||||
/*
|
||||
@@ -290,7 +296,9 @@
|
||||
* parse the payloads.
|
||||
*/
|
||||
iph2->sa_ret = NULL;
|
||||
+#if 0
|
||||
f_id = 0; /* flag to use checking ID */
|
||||
+#endif
|
||||
for (; pa->type; pa++) {
|
||||
|
||||
switch (pa->type) {
|
||||
@@ -319,9 +327,9 @@
|
||||
|
||||
case ISAKMP_NPTYPE_ID:
|
||||
{
|
||||
+#if 0 /* ID payloads are not supported yet. */
|
||||
rc_vchar_t *vp;
|
||||
|
||||
-#if 0 /* ID payloads are not supported yet. */
|
||||
/* check ID value */
|
||||
if (f_id == 0) {
|
||||
/* for IDci */
|
15
security/racoon2/patches/patch-kinkd_session.c
Normal file
15
security/racoon2/patches/patch-kinkd_session.c
Normal file
|
@ -0,0 +1,15 @@
|
|||
$NetBSD: patch-kinkd_session.c,v 1.1 2018/05/29 01:22:50 christos Exp $
|
||||
|
||||
Fix pointer to integer cast
|
||||
|
||||
--- kinkd/session.c.orig 2006-08-11 16:44:34.000000000 -0400
|
||||
+++ kinkd/session.c 2018-05-28 21:09:41.263580997 -0400
|
||||
@@ -290,7 +290,7 @@
|
||||
{
|
||||
int signo;
|
||||
|
||||
- signo = (int)arg;
|
||||
+ signo = (int)(intptr_t)arg;
|
||||
|
||||
switch (signo) {
|
||||
case SIGHUP:
|
|
@ -1,24 +1,24 @@
|
|||
$NetBSD: patch-lib_cftoken.l,v 1.1 2013/10/10 00:09:38 joerg Exp $
|
||||
$NetBSD: patch-lib_cftoken.l,v 1.2 2018/05/29 01:22:50 christos Exp $
|
||||
|
||||
--- lib/cftoken.l.orig 2013-10-09 23:00:24.000000000 +0000
|
||||
+++ lib/cftoken.l
|
||||
@@ -53,7 +53,6 @@
|
||||
Fixes for modern flex
|
||||
|
||||
--- lib/cftoken.l.orig 2018-05-28 17:21:27.733726555 -0400
|
||||
+++ lib/cftoken.l 2018-05-28 17:21:57.559009640 -0400
|
||||
@@ -53,7 +53,7 @@
|
||||
extern int yyget_lineno (void);
|
||||
extern FILE *yyget_in (void);
|
||||
extern FILE *yyget_out (void);
|
||||
-extern int yyget_leng (void);
|
||||
+extern yy_size_t yyget_leng (void);
|
||||
extern char *yyget_text (void);
|
||||
extern void yyset_lineno (int);
|
||||
extern void yyset_in (FILE *);
|
||||
@@ -76,9 +75,9 @@ static char rcf_linebuf[CF_LINEBUFSIZE];
|
||||
@@ -76,7 +76,7 @@
|
||||
#define YYDEBUG 1
|
||||
#define DP \
|
||||
if (cf_debug) { \
|
||||
- fprintf(CF_ERRDEV, "%s:%d:%d[%s] len=%d\n", \
|
||||
+ fprintf(CF_ERRDEV, "%s:%d:%d[%s] len=%zu\n", \
|
||||
rcf_istk[rcf_istkp].path, rcf_istk[rcf_istkp].lineno, \
|
||||
- yy_start, yytext, yyleng); \
|
||||
+ yy_start, yytext, (size_t)yyleng); \
|
||||
yy_start, yytext, yyleng); \
|
||||
}
|
||||
#else
|
||||
#define DP
|
||||
|
|
68
security/racoon2/patches/patch-lib_if__spmd.c
Normal file
68
security/racoon2/patches/patch-lib_if__spmd.c
Normal file
|
@ -0,0 +1,68 @@
|
|||
$NetBSD: patch-lib_if__spmd.c,v 1.1 2018/05/29 01:22:50 christos Exp $
|
||||
|
||||
Adjust for OpenSSL v1.1
|
||||
|
||||
--- lib/if_spmd.c.orig 2008-03-27 06:05:42.000000000 -0400
|
||||
+++ lib/if_spmd.c 2018-05-28 13:31:19.367838157 -0400
|
||||
@@ -1100,7 +1100,7 @@
|
||||
spmd_if_login_response(struct spmd_cid *pci)
|
||||
{
|
||||
unsigned char md[EVP_MAX_MD_SIZE];
|
||||
- EVP_MD_CTX ctx;
|
||||
+ EVP_MD_CTX *ctx;
|
||||
size_t hash_len;
|
||||
unsigned int md_len;
|
||||
int error, used, i;
|
||||
@@ -1108,28 +1108,33 @@
|
||||
|
||||
error = -1;
|
||||
|
||||
- EVP_MD_CTX_init(&ctx);
|
||||
- if (!EVP_DigestInit_ex(&ctx, SPMD_DIGEST_ALG, SPMD_EVP_ENGINE)) {
|
||||
+ ctx = EVP_MD_CTX_new();
|
||||
+ if (ctx == NULL) {
|
||||
+ plog(PLOG_INTERR, PLOGLOC, NULL,
|
||||
+ "failed to allocate Message Digest context\n");
|
||||
+ goto fail_early;
|
||||
+ }
|
||||
+ if (!EVP_DigestInit_ex(ctx, SPMD_DIGEST_ALG, SPMD_EVP_ENGINE)) {
|
||||
plog(PLOG_INTERR, PLOGLOC, NULL,
|
||||
"failed to initilize Message Digest function\n");
|
||||
goto fail_early;
|
||||
}
|
||||
- if (!EVP_DigestUpdate(&ctx, pci->challenge, strlen(pci->challenge))) {
|
||||
+ if (!EVP_DigestUpdate(ctx, pci->challenge, strlen(pci->challenge))) {
|
||||
plog(PLOG_INTERR, PLOGLOC, NULL,
|
||||
"failed to hash Challenge\n");
|
||||
goto fail;
|
||||
}
|
||||
- if (!EVP_DigestUpdate(&ctx, pci->password, strlen(pci->password))) {
|
||||
+ if (!EVP_DigestUpdate(ctx, pci->password, strlen(pci->password))) {
|
||||
plog(PLOG_INTERR, PLOGLOC, NULL,
|
||||
"failed to hash Password\n");
|
||||
goto fail;
|
||||
}
|
||||
- if (sizeof(md) < EVP_MD_CTX_size(&ctx)) {
|
||||
+ if (sizeof(md) < EVP_MD_CTX_size(ctx)) {
|
||||
plog(PLOG_INTERR, PLOGLOC, NULL,
|
||||
"Message Digest buffer is not enough\n");
|
||||
goto fail;
|
||||
}
|
||||
- if (!EVP_DigestFinal_ex(&ctx, md, &md_len)) {
|
||||
+ if (!EVP_DigestFinal_ex(ctx, md, &md_len)) {
|
||||
plog(PLOG_INTERR, PLOGLOC, NULL,
|
||||
"failed to get Message Digest value\n");
|
||||
goto fail;
|
||||
@@ -1154,11 +1159,7 @@
|
||||
|
||||
error = 0;
|
||||
fail:
|
||||
- if (!EVP_MD_CTX_cleanup(&ctx)) {
|
||||
- plog(PLOG_INTERR, PLOGLOC, NULL,
|
||||
- "failed to cleanup Message Digest context\n");
|
||||
- error = -1; /* error again */
|
||||
- }
|
||||
+ EVP_MD_CTX_free(ctx);
|
||||
fail_early:
|
||||
return error;
|
||||
}
|
29
security/racoon2/patches/patch-spmd_fqdn__query.c
Normal file
29
security/racoon2/patches/patch-spmd_fqdn__query.c
Normal file
|
@ -0,0 +1,29 @@
|
|||
$NetBSD: patch-spmd_fqdn__query.c,v 1.1 2018/05/29 01:22:50 christos Exp $
|
||||
|
||||
Fix unused
|
||||
|
||||
--- spmd/fqdn_query.c.orig 2007-07-25 08:22:18.000000000 -0400
|
||||
+++ spmd/fqdn_query.c 2018-05-28 19:43:35.179657737 -0400
|
||||
@@ -163,10 +163,9 @@
|
||||
fqdn_query_response(struct task *t)
|
||||
{
|
||||
char data[MAX_UDP_DNS_SIZE];
|
||||
- int ret;
|
||||
|
||||
/* just discard */
|
||||
- ret = recvfrom(t->fd, data, sizeof(data), t->flags, t->sa, &(t->salen));
|
||||
+ (void)recvfrom(t->fd, data, sizeof(data), t->flags, t->sa, &(t->salen));
|
||||
|
||||
spmd_free(t->sa);
|
||||
close(t->fd);
|
||||
@@ -178,9 +177,8 @@
|
||||
fqdn_query_send(struct task *t)
|
||||
{
|
||||
struct task *newt = NULL;
|
||||
- int ret=0;
|
||||
|
||||
- ret = sendto(t->fd, t->msg, t->len, t->flags, t->sa, t->salen);
|
||||
+ (void)sendto(t->fd, t->msg, t->len, t->flags, t->sa, t->salen);
|
||||
|
||||
newt = task_alloc(0);
|
||||
newt->fd = t->fd;
|
21
security/racoon2/patches/patch-spmd_main.c
Normal file
21
security/racoon2/patches/patch-spmd_main.c
Normal file
|
@ -0,0 +1,21 @@
|
|||
$NetBSD: patch-spmd_main.c,v 1.1 2018/05/29 01:22:50 christos Exp $
|
||||
|
||||
Fix unused variable
|
||||
|
||||
--- spmd/main.c.orig 2008-07-11 18:35:46.000000000 -0400
|
||||
+++ spmd/main.c 2018-05-28 19:26:45.583066490 -0400
|
||||
@@ -378,11 +378,12 @@
|
||||
do_daemon(void)
|
||||
{
|
||||
pid_t pid;
|
||||
- int en;
|
||||
|
||||
openlog("spmd", LOG_PID, LOG_DAEMON);
|
||||
if (daemon(0, 0) < 0) {
|
||||
- en = errno;
|
||||
+#ifdef __linux__ /* glibc specific ? */
|
||||
+ int en = errno;
|
||||
+#endif
|
||||
perror("daemon()");
|
||||
#ifdef __linux__ /* glibc specific ? */
|
||||
if (en == 0) {
|
61
security/racoon2/patches/patch-spmd_shell.c
Normal file
61
security/racoon2/patches/patch-spmd_shell.c
Normal file
|
@ -0,0 +1,61 @@
|
|||
$NetBSD: patch-spmd_shell.c,v 1.1 2018/05/29 01:22:50 christos Exp $
|
||||
|
||||
Fix for OpenSSL 1.1
|
||||
|
||||
--- spmd/shell.c 2008-01-25 01:13:01.000000000 -0500
|
||||
+++ spmd/shell.c 2018-05-28 13:54:05.166565802 -0400
|
||||
@@ -655,7 +655,7 @@
|
||||
char *p;
|
||||
int i;
|
||||
const EVP_MD *m;
|
||||
- EVP_MD_CTX ctx;
|
||||
+ EVP_MD_CTX *ctx;
|
||||
unsigned char digest[EVP_MAX_MD_SIZE];
|
||||
unsigned int digest_len;
|
||||
|
||||
@@ -693,27 +693,27 @@
|
||||
}
|
||||
}
|
||||
#endif
|
||||
- EVP_MD_CTX_init(&ctx);
|
||||
- if (!EVP_DigestInit_ex(&ctx, m, SPMD_EVP_ENGINE)) {
|
||||
- SPMD_PLOG(SPMD_L_INTERR, "Failed to initilize Message Digest function");
|
||||
+ ctx = EVP_MD_CTX_new();
|
||||
+ if (ctx == NULL) {
|
||||
+ SPMD_PLOG(SPMD_L_INTERR, "Failed to allocate Message Digest context");
|
||||
goto fin;
|
||||
}
|
||||
- if (!EVP_DigestUpdate(&ctx, seed, seed_len)) {
|
||||
+ if (!EVP_DigestInit_ex(ctx, m, SPMD_EVP_ENGINE)) {
|
||||
+ SPMD_PLOG(SPMD_L_INTERR, "Failed to initialize Message Digest function");
|
||||
+ goto fin;
|
||||
+ }
|
||||
+ if (!EVP_DigestUpdate(ctx, seed, seed_len)) {
|
||||
SPMD_PLOG(SPMD_L_INTERR, "Failed to hash Seed");
|
||||
goto fin;
|
||||
}
|
||||
- if (!EVP_DigestFinal_ex(&ctx, digest, &digest_len)) {
|
||||
+ if (!EVP_DigestFinal_ex(ctx, digest, &digest_len)) {
|
||||
SPMD_PLOG(SPMD_L_INTERR, "Failed to get Message Digest value");
|
||||
goto fin;
|
||||
}
|
||||
- if (digest_len != EVP_MD_CTX_size(&ctx)) {
|
||||
+ if (digest_len != EVP_MD_CTX_size(ctx)) {
|
||||
SPMD_PLOG(SPMD_L_INTERR, "Message Digest length is not enough");
|
||||
goto fin;
|
||||
}
|
||||
- if (!EVP_MD_CTX_cleanup(&ctx)) {
|
||||
- SPMD_PLOG(SPMD_L_INTERR, "Failed to cleanup Message Digest context");
|
||||
- goto fin;
|
||||
- }
|
||||
|
||||
challenge_len = digest_len*2+1;
|
||||
challenge = spmd_calloc(challenge_len);
|
||||
@@ -729,6 +729,7 @@
|
||||
}
|
||||
|
||||
fin:
|
||||
+ EVP_MD_CTX_free(ctx);
|
||||
spmd_free(seed);
|
||||
just_fin:
|
||||
return challenge;
|
22
security/racoon2/patches/patch-spmd_spmd__pfkey.c
Normal file
22
security/racoon2/patches/patch-spmd_spmd__pfkey.c
Normal file
|
@ -0,0 +1,22 @@
|
|||
$NetBSD: patch-spmd_spmd__pfkey.c,v 1.1 2018/05/29 01:22:50 christos Exp $
|
||||
|
||||
Remove unused.
|
||||
|
||||
--- spmd/spmd_pfkey.c.orig 2008-07-11 18:35:46.000000000 -0400
|
||||
+++ spmd/spmd_pfkey.c 2018-05-28 19:45:26.942125292 -0400
|
||||
@@ -326,7 +326,6 @@
|
||||
spmd_nonfqdn_sp_add(struct rcf_selector *sl)
|
||||
{
|
||||
struct rcf_policy *pl = NULL;
|
||||
- struct rcf_ipsec *ips = NULL;
|
||||
struct rc_addrlist *al = NULL;
|
||||
struct rc_addrlist *ipal = NULL;
|
||||
struct rc_addrlist *ipal_tmp = NULL;
|
||||
@@ -373,7 +372,6 @@
|
||||
if (!sl->pl->ips) {
|
||||
return -1;
|
||||
}
|
||||
- ips = sl->pl->ips;
|
||||
|
||||
/* check rcf_ipsec{} sa_* set or NULL */
|
||||
if (set_satype(sl, rc)<0) {
|
366
security/racoon2/patches/patch-spmd_spmdctl.c
Normal file
366
security/racoon2/patches/patch-spmd_spmdctl.c
Normal file
|
@ -0,0 +1,366 @@
|
|||
$NetBSD: patch-spmd_spmdctl.c,v 1.1 2018/05/29 01:22:50 christos Exp $
|
||||
|
||||
- Fix inefficient snprintfs, and detect errors.
|
||||
- Fix wrong memset length
|
||||
|
||||
*** spmd/spmdctl.c.orig Sun Mar 28 21:52:00 2010
|
||||
--- spmd/spmdctl.c Mon May 28 14:17:08 2018
|
||||
***************
|
||||
*** 38,43 ****
|
||||
--- 38,44 ----
|
||||
#include <netdb.h>
|
||||
#include <netinet/tcp.h>
|
||||
#include <signal.h>
|
||||
+ #include <stdarg.h>
|
||||
#include <errno.h>
|
||||
#include "spmd_includes.h"
|
||||
#include "spmd_internal.h"
|
||||
***************
|
||||
*** 154,159 ****
|
||||
--- 155,176 ----
|
||||
return len;
|
||||
}
|
||||
|
||||
+ static ssize_t __attribute__((__format__(__printf__, 2, 3)))
|
||||
+ sc_writestr(int fd, const char *fmt, ...)
|
||||
+ {
|
||||
+ char buf[2048];
|
||||
+ va_list ap;
|
||||
+ va_start(ap, fmt);
|
||||
+ int len = vsnprintf(buf, sizeof(buf), fmt, ap);
|
||||
+ va_end(ap);
|
||||
+ if (len == -1) {
|
||||
+ perror("sc_writestr");
|
||||
+ return -1;
|
||||
+ }
|
||||
+
|
||||
+ return sc_writemsg(fd, buf, (size_t)len);
|
||||
+ }
|
||||
+
|
||||
static int
|
||||
sc_getline(int fd, char *buf, int len)
|
||||
{
|
||||
***************
|
||||
*** 247,253 ****
|
||||
sc_parse_alloc_sp_entry(const char *str, struct sp_entry *pre)
|
||||
{
|
||||
char *ap, *cp;
|
||||
! size_t slid_len=0, len=0;
|
||||
struct sp_entry *sd=NULL;
|
||||
|
||||
sd = malloc(sizeof(*sd));
|
||||
--- 264,270 ----
|
||||
sc_parse_alloc_sp_entry(const char *str, struct sp_entry *pre)
|
||||
{
|
||||
char *ap, *cp;
|
||||
! size_t slid_len=0;
|
||||
struct sp_entry *sd=NULL;
|
||||
|
||||
sd = malloc(sizeof(*sd));
|
||||
***************
|
||||
*** 261,267 ****
|
||||
sd->sa_dst = (struct sockaddr *)&sd->ss_sa_dst;
|
||||
|
||||
if (str) {
|
||||
- len = strlen(str);
|
||||
ap = (char *)str;
|
||||
cp = strpbrk(ap, " ");
|
||||
if (!cp) {
|
||||
--- 278,283 ----
|
||||
***************
|
||||
*** 575,581 ****
|
||||
sc_setup_pfkey(struct rcpfk_msg *rc)
|
||||
{
|
||||
|
||||
! memset(rc, 0, sizeof(rc));
|
||||
memset(&pfkey_cbs, 0, sizeof(pfkey_cbs));
|
||||
pfkey_cbs.cb_spddump = &sc_spddump_cb;
|
||||
|
||||
--- 591,597 ----
|
||||
sc_setup_pfkey(struct rcpfk_msg *rc)
|
||||
{
|
||||
|
||||
! memset(rc, 0, sizeof(*rc));
|
||||
memset(&pfkey_cbs, 0, sizeof(pfkey_cbs));
|
||||
pfkey_cbs.cb_spddump = &sc_spddump_cb;
|
||||
|
||||
***************
|
||||
*** 657,665 ****
|
||||
sc_policy(int s, char *selector_index, uint64_t lifetime, sa_mode_t samode,
|
||||
const char *sp_src, const char *sp_dst, const char *sa_src, const char *sa_dst, int flag)
|
||||
{
|
||||
- char wbuf[BUFSIZ];
|
||||
char rbuf[BUFSIZ];
|
||||
- int w;
|
||||
char sl[512]; /* XXX */
|
||||
char lt[32];
|
||||
int ps;
|
||||
--- 673,679 ----
|
||||
***************
|
||||
*** 669,697 ****
|
||||
|
||||
if (flag == TYPE_POLICY_ADD) {
|
||||
if (samode == SA_MODE_TRANSPORT) {
|
||||
snprintf(sl, sizeof(sl), "%s", selector_index);
|
||||
snprintf(lt, sizeof(lt), "%" PRIu64, lifetime);
|
||||
! snprintf(wbuf, sizeof(wbuf), "POLICY ADD %s %s TRANSPORT %s %s\r\n",
|
||||
! sl, lt, sp_src, sp_dst);
|
||||
! w= sc_writemsg(s, wbuf, strlen(wbuf));
|
||||
! }
|
||||
! else if (samode == SA_MODE_TUNNEL) {
|
||||
! return -1;
|
||||
! snprintf(sl, sizeof(sl), "%s", selector_index);
|
||||
! snprintf(lt, sizeof(lt), "%" PRIu64, lifetime);
|
||||
! snprintf(wbuf, sizeof(wbuf), "POLICY ADD %s %s TUNNEL %s %s %s %s\r\n",
|
||||
! sl, lt, sp_src, sp_dst, sa_src, sa_dst);
|
||||
! w= sc_writemsg(s, wbuf, strlen(wbuf));
|
||||
} else {
|
||||
return -1;
|
||||
}
|
||||
} else if (flag == TYPE_POLICY_DEL) {
|
||||
! snprintf(sl, sizeof(sl), "%s", selector_index);
|
||||
! snprintf(wbuf, sizeof(wbuf), "POLICY DELETE %s\r\n", sl);
|
||||
! w= sc_writemsg(s, wbuf, strlen(wbuf));
|
||||
} else if (flag == TYPE_POLICY_DUMP) {
|
||||
! snprintf(wbuf, sizeof(wbuf), "POLICY DUMP\r\n");
|
||||
! w= sc_writemsg(s, wbuf, strlen(wbuf));
|
||||
goto dump;
|
||||
} else {
|
||||
return -1;
|
||||
--- 683,710 ----
|
||||
|
||||
if (flag == TYPE_POLICY_ADD) {
|
||||
if (samode == SA_MODE_TRANSPORT) {
|
||||
+ if (sc_writestr(s,
|
||||
+ "POLICY ADD %s %" PRIu64 " TRANSPORT %s %s\r\n",
|
||||
+ selector_index, lifetime, sp_src, sp_dst) < 0)
|
||||
+ return -1;
|
||||
+ } else if (samode == SA_MODE_TUNNEL) {
|
||||
snprintf(sl, sizeof(sl), "%s", selector_index);
|
||||
snprintf(lt, sizeof(lt), "%" PRIu64, lifetime);
|
||||
! if (sc_writestr(s,
|
||||
! "POLICY ADD %s %" PRIu64 " TUNNEL %s %s %s %s\r\n",
|
||||
! selector_index, lifetime, sp_src, sp_dst, sa_src,
|
||||
! sa_dst) < 0)
|
||||
! return -1;
|
||||
!
|
||||
} else {
|
||||
return -1;
|
||||
}
|
||||
} else if (flag == TYPE_POLICY_DEL) {
|
||||
! if (sc_writestr(s, "POLICY DELETE %s\r\n", selector_index) < 0)
|
||||
! return -1;
|
||||
} else if (flag == TYPE_POLICY_DUMP) {
|
||||
! if (sc_writestr(s, "POLICY DUMP\r\n") < 0)
|
||||
! return -1;
|
||||
goto dump;
|
||||
} else {
|
||||
return -1;
|
||||
***************
|
||||
*** 752,768 ****
|
||||
sc_migrate(int s, char *selector_index, const char *src0, const char *dst0,
|
||||
const char *src, const char *dst)
|
||||
{
|
||||
- char wbuf[BUFSIZ];
|
||||
char rbuf[BUFSIZ];
|
||||
- int w;
|
||||
- char sl[512]; /* XXX */
|
||||
-
|
||||
- snprintf(sl, sizeof(sl), "%s", selector_index);
|
||||
- snprintf(wbuf, sizeof(wbuf),
|
||||
- "MIGRATE %s %s %s %s %s\r\n",
|
||||
- sl, src0, dst0, src, dst);
|
||||
- w = sc_writemsg(s, wbuf, strlen(wbuf));
|
||||
|
||||
if (sc_getline(s, rbuf, sizeof(rbuf)) < 0) {
|
||||
fprintf(stderr, "can't get response from spmd\n");
|
||||
return -1;
|
||||
--- 765,775 ----
|
||||
sc_migrate(int s, char *selector_index, const char *src0, const char *dst0,
|
||||
const char *src, const char *dst)
|
||||
{
|
||||
char rbuf[BUFSIZ];
|
||||
|
||||
+ if (sc_writestr(s, "MIGRATE %s %s %s %s %s\r\n",
|
||||
+ selector_index, src0, dst0, src, dst) < 0)
|
||||
+ return -1;
|
||||
if (sc_getline(s, rbuf, sizeof(rbuf)) < 0) {
|
||||
fprintf(stderr, "can't get response from spmd\n");
|
||||
return -1;
|
||||
***************
|
||||
*** 777,786 ****
|
||||
static int
|
||||
sc_status(int s)
|
||||
{
|
||||
- int w;
|
||||
char rbuf[512];
|
||||
|
||||
! w = sc_writemsg(s, "STAT\r\n", strlen("STAT\r\n"));
|
||||
while ( sc_getline(s, rbuf, sizeof(rbuf)) > 0) {
|
||||
if (rbuf[0] != '2')
|
||||
return -1;
|
||||
--- 784,793 ----
|
||||
static int
|
||||
sc_status(int s)
|
||||
{
|
||||
char rbuf[512];
|
||||
|
||||
! if (sc_writestr(s, "STAT\r\n") < 0)
|
||||
! return -1;
|
||||
while ( sc_getline(s, rbuf, sizeof(rbuf)) > 0) {
|
||||
if (rbuf[0] != '2')
|
||||
return -1;
|
||||
***************
|
||||
*** 795,803 ****
|
||||
static int
|
||||
sc_ns(int s, char *addr, int flag)
|
||||
{
|
||||
- int w;
|
||||
char rbuf[512];
|
||||
- char wbuf[512];
|
||||
char naddr[NI_MAXHOST];
|
||||
int match=0;
|
||||
|
||||
--- 802,808 ----
|
||||
***************
|
||||
*** 811,817 ****
|
||||
|
||||
|
||||
if (flag == TYPE_NS_ADD) {
|
||||
! w = sc_writemsg(s, "NS LIST\r\n", strlen("NS LIST\r\n"));
|
||||
while ( sc_getline(s, rbuf, sizeof(rbuf)) > 0) {
|
||||
if (rbuf[0] != '2')
|
||||
return -1;
|
||||
--- 816,823 ----
|
||||
|
||||
|
||||
if (flag == TYPE_NS_ADD) {
|
||||
! if (sc_writestr(s, "NS LIST\r\n") < 0)
|
||||
! return -1;
|
||||
while ( sc_getline(s, rbuf, sizeof(rbuf)) > 0) {
|
||||
if (rbuf[0] != '2')
|
||||
return -1;
|
||||
***************
|
||||
*** 823,838 ****
|
||||
}
|
||||
|
||||
if (match) {
|
||||
! snprintf(wbuf, sizeof(wbuf), "NS CHANGE %s\r\n", naddr);
|
||||
! w= sc_writemsg(s, wbuf, strlen(wbuf));
|
||||
} else {
|
||||
! snprintf(wbuf, sizeof(wbuf), "NS ADD %s\r\n", naddr);
|
||||
! w= sc_writemsg(s, wbuf, strlen(wbuf));
|
||||
}
|
||||
return 0;
|
||||
} else if (flag == TYPE_NS_DEL) {
|
||||
int lines=0;
|
||||
! w = sc_writemsg(s, "NS LIST\r\n", strlen("NS LIST\r\n"));
|
||||
while ( sc_getline(s, rbuf, sizeof(rbuf)) > 0) {
|
||||
if (rbuf[0] != '2')
|
||||
return -1;
|
||||
--- 829,845 ----
|
||||
}
|
||||
|
||||
if (match) {
|
||||
! if (sc_writestr(s, "NS CHANGE %s\r\n", naddr) < 0)
|
||||
! return -1;
|
||||
} else {
|
||||
! if (sc_writestr(s, "NS ADD %s\r\n", naddr) < 0)
|
||||
! return -1;
|
||||
}
|
||||
return 0;
|
||||
} else if (flag == TYPE_NS_DEL) {
|
||||
int lines=0;
|
||||
! if (sc_writestr(s, "NS LIST\r\n") < 0)
|
||||
! return -1;
|
||||
while ( sc_getline(s, rbuf, sizeof(rbuf)) > 0) {
|
||||
if (rbuf[0] != '2')
|
||||
return -1;
|
||||
***************
|
||||
*** 845,856 ****
|
||||
}
|
||||
|
||||
if (match && lines >1) {
|
||||
! snprintf(wbuf, sizeof(wbuf), "NS DELETE %s\r\n", naddr);
|
||||
! w= sc_writemsg(s, wbuf, strlen(wbuf));
|
||||
}
|
||||
return 0;
|
||||
} else if (flag == TYPE_NS_LST) {
|
||||
! sc_writemsg(s, "NS LIST\r\n", strlen("NS LIST\r\n"));
|
||||
while ( sc_getline(s, rbuf, sizeof(rbuf)) > 0) {
|
||||
if (rbuf[0] != '2')
|
||||
return -1;
|
||||
--- 852,864 ----
|
||||
}
|
||||
|
||||
if (match && lines >1) {
|
||||
! if (sc_writestr(s, "NS DELETE %s\r\n", naddr) < 0)
|
||||
! return -1;
|
||||
}
|
||||
return 0;
|
||||
} else if (flag == TYPE_NS_LST) {
|
||||
! if (sc_writestr(s, "NS LIST\r\n") < 0)
|
||||
! return -1;
|
||||
while ( sc_getline(s, rbuf, sizeof(rbuf)) > 0) {
|
||||
if (rbuf[0] != '2')
|
||||
return -1;
|
||||
***************
|
||||
*** 977,983 ****
|
||||
{
|
||||
char rbuf[512];
|
||||
char wbuf[512];
|
||||
! int r,w;
|
||||
int s = -1;
|
||||
struct rc_addrlist *rcl_top = NULL, *rcl;
|
||||
struct sockaddr *sa;
|
||||
--- 985,991 ----
|
||||
{
|
||||
char rbuf[512];
|
||||
char wbuf[512];
|
||||
! int r;
|
||||
int s = -1;
|
||||
struct rc_addrlist *rcl_top = NULL, *rcl;
|
||||
struct sockaddr *sa;
|
||||
***************
|
||||
*** 1111,1118 ****
|
||||
fprintf(stdout, "hash=%s\n", cid.hash);
|
||||
}
|
||||
|
||||
! snprintf(wbuf, sizeof(wbuf), "LOGIN %s\r\n", cid.hash);
|
||||
! w = sc_writemsg(s, wbuf, strlen(wbuf));
|
||||
r = sc_getline(s, rbuf, sizeof(rbuf));
|
||||
if (r<0) {
|
||||
perror("LOGIN:read");
|
||||
--- 1119,1126 ----
|
||||
fprintf(stdout, "hash=%s\n", cid.hash);
|
||||
}
|
||||
|
||||
! if (sc_writestr(s, "LOGIN %s\r\n", cid.hash) < 0)
|
||||
! exit(EXIT_FAILURE);
|
||||
r = sc_getline(s, rbuf, sizeof(rbuf));
|
||||
if (r<0) {
|
||||
perror("LOGIN:read");
|
||||
***************
|
||||
*** 1134,1142 ****
|
||||
sc_quit(int s)
|
||||
{
|
||||
char rbuf[512];
|
||||
! int r,w;
|
||||
|
||||
! w = sc_writemsg(s, "QUIT\r\n", strlen("QUIT\r\n"));
|
||||
r = sc_getline(s, rbuf, sizeof(rbuf));
|
||||
if (r<0) {
|
||||
perror("QUIT:read");
|
||||
--- 1142,1153 ----
|
||||
sc_quit(int s)
|
||||
{
|
||||
char rbuf[512];
|
||||
! int r;
|
||||
|
||||
! if (sc_writestr(s, "QUIT\r\n")) {
|
||||
! close(s);
|
||||
! return -1;
|
||||
! }
|
||||
r = sc_getline(s, rbuf, sizeof(rbuf));
|
||||
if (r<0) {
|
||||
perror("QUIT:read");
|
Loading…
Reference in a new issue