diff options
| author | christos <christos@pkgsrc.org> | 2018-07-01 15:47:17 +0000 |
|---|---|---|
| committer | christos <christos@pkgsrc.org> | 2018-07-01 15:47:17 +0000 |
| commit | 592d5fcc76f3c12bb6560944f1ecd42e9a538dc0 (patch) | |
| tree | 8a4e0ed48ac6b026219ab6229627efc34c865e97 /security | |
| parent | 97ea959557d9bc6f964d39c045e5da6ffb488052 (diff) | |
| download | pkgsrc-592d5fcc76f3c12bb6560944f1ecd42e9a538dc0.tar.gz | |
switch to using github as upstream, and enable nat-t
(all patches have been included in the github version)
Diffstat (limited to 'security')
32 files changed, 17 insertions, 2467 deletions
diff --git a/security/racoon2/Makefile b/security/racoon2/Makefile index d486ada4cc1..31601118aed 100644 --- a/security/racoon2/Makefile +++ b/security/racoon2/Makefile @@ -1,11 +1,17 @@ -# $NetBSD: Makefile,v 1.12 2018/05/29 01:22:50 christos Exp $ +# $NetBSD: Makefile,v 1.13 2018/07/01 15:47:17 christos Exp $ # -DISTNAME= racoon2-20100526a -PKGREVISION= 10 CATEGORIES= security net -MASTER_SITES= ftp://ftp.racoon2.wide.ad.jp/pub/racoon2/ -EXTRACT_SUFX= .tgz +#DISTNAME= racoon2-20100526a +#PKGREVISION= 10 +#MASTER_SITES= ftp://ftp.racoon2.wide.ad.jp/pub/racoon2/ +#EXTRACT_SUFX= .tgz + +DISTNAME= racoon2 +PKGNAME= racoon2-20180701 +MASTER_SITES= ${MASTER_SITE_GITHUB:=zoulasc/} +GITHUB_PROJECT= racoon2 +GITHUB_TAG= b2a193fc9875d1fb89c0a51690745379bc135fcf MAINTAINER= kamada@nanohz.org HOMEPAGE= http://www.racoon2.wide.ad.jp/ @@ -55,7 +61,7 @@ CONF_FILES_PERMS+= ${EGDIR}/racoon2.conf ${PKG_SYSCONFDIR}/racoon2.conf \ ${REAL_ROOT_USER} ${REAL_ROOT_GROUP} 600 CONF_FILES_PERMS+= ${EGDIR}/vals.conf ${PKG_SYSCONFDIR}/vals.conf \ ${REAL_ROOT_USER} ${REAL_ROOT_GROUP} 600 -CONFIGURE_ARGS+= --sysconfdir=${PKG_SYSCONFDIR} +CONFIGURE_ARGS+= --sysconfdir=${PKG_SYSCONFDIR} --enable-natt MAKE_DIRS_PERMS+= ${VARBASE}/run/racoon2 ${REAL_ROOT_USER} ${REAL_ROOT_GROUP} 0700 diff --git a/security/racoon2/distinfo b/security/racoon2/distinfo index 7afb5d6501f..76e19026ac3 100644 --- a/security/racoon2/distinfo +++ b/security/racoon2/distinfo @@ -1,36 +1,6 @@ -$NetBSD: distinfo,v 1.6 2018/05/29 01:22:50 christos Exp $ +$NetBSD: distinfo,v 1.7 2018/07/01 15:47:17 christos Exp $ -SHA1 (racoon2-20100526a.tgz) = 268429af8a031dbbc279580cf98ea18331f0e2d9 -RMD160 (racoon2-20100526a.tgz) = 014cdcf78cc82ab21235a21491850cdcd1f883bf -SHA512 (racoon2-20100526a.tgz) = 0a75fe0338c5747e3ecd7d68e28adc6d4a66ad2d33210d3d027de72bad6712068a92506caaaf8f6c6f81b204db9be2a1779cb3b1bb8bd75445210cfa746eb88a -Size (racoon2-20100526a.tgz) = 1017077 bytes -SHA1 (patch-aa) = e3bc810f72dac266bec992f0430572b00768cc22 -SHA1 (patch-ab) = eb6d901108ebcca90571851817137b4b3f3c594b -SHA1 (patch-ac) = 081a2d3d694d4c20cf1fa2d9718577577280288e -SHA1 (patch-ad) = 0d04dc7027c100de6bc04db00eddb30a12fd8715 -SHA1 (patch-ae) = 937cf84a2b6f1e8f8d288703a0556faf500bab95 -SHA1 (patch-iked_crypto__impl.h) = e6b274258eb7428cbd01cefc33ae85e001260542 -SHA1 (patch-iked_crypto__openssl.c) = 0a013e5aa5ce9747da61b8095440a16ee78de4e9 -SHA1 (patch-iked_ike__conf.c) = 82e09465e69b082abb12b3fead16eae8a7bc103b -SHA1 (patch-iked_ikev1_ikev1.c) = ce9b22b2be12bc4cd5fa0e171cbd39c0d88d5406 -SHA1 (patch-iked_ikev1_ipsec__doi.c) = 3673d0643359eb8a68bbd867e941e1a1aae02b01 -SHA1 (patch-iked_ikev1_oakley.c) = 8823a898ec8190d177d3eda8d6c474040b08d2a1 -SHA1 (patch-iked_ikev1_pfkey.c) = 064df06b876504b611008a8a20b44266a83c5789 -SHA1 (patch-iked_ikev2.c) = 857805c92e3c78ec5f05a9068acbba03e91030b3 -SHA1 (patch-iked_ikev2__child.c) = f7f268f3e7666a3e23efd3b71c4474eeb9f8a046 -SHA1 (patch-iked_ikev2__notify.c) = 688d5b46451912b00dbf1500e7ff66f4290d7d8a -SHA1 (patch-kinkd-crypto__openssl.c) = 4acd36a5462d3296a53966f85fb39e8888650d5a -SHA1 (patch-kinkd-ipsec__doi.c) = f72d62de7dce9e02d4de77162926491fef3761d1 -SHA1 (patch-kinkd_bbkk__heimdal.c) = 55a4e8121df28272d2838376823bc85ec108d93f -SHA1 (patch-kinkd_isakmp__quick.c) = 1b177838621336bfabf0416d9fc09d6e581b8c05 -SHA1 (patch-kinkd_session.c) = 6b2ec8329d0fda0b850116c21bda2a4d06634f0d -SHA1 (patch-lib_cfparse.y) = 9e0b8ec9c09c315edde171103b97a8c403ba748e -SHA1 (patch-lib_cfsetup.c) = 70c2409bc69ff85cef6d2e2b4e222e12537c323e -SHA1 (patch-lib_cftoken.l) = cbda1153f7fd34713248d3d7d188a50b27d9ddcd -SHA1 (patch-lib_if__pfkeyv2.c) = 9eb969ff0f289bc7c4aa1fa234c221b4d70d1da7 -SHA1 (patch-lib_if__spmd.c) = 0b5e5412afb826f502c040153ca5b0e50ad3d682 -SHA1 (patch-spmd_fqdn__query.c) = d44af49981bfc503fe097a40a0448215ff2367d8 -SHA1 (patch-spmd_main.c) = 7ee34b1a5b18d938806f490abe2d8cdf25caa426 -SHA1 (patch-spmd_shell.c) = 37a52cb9062fd44e0d358c7ae1605481a3604f71 -SHA1 (patch-spmd_spmd__pfkey.c) = 2bf3e70f41a779989d63d7099b2e7031a7441a27 -SHA1 (patch-spmd_spmdctl.c) = 26cd17a8b9932bbc5af8aa5d476eb0a5fad8e323 +SHA1 (racoon2-b2a193fc9875d1fb89c0a51690745379bc135fcf.tar.gz) = 5f36bf656682f794d933584485296c2556500536 +RMD160 (racoon2-b2a193fc9875d1fb89c0a51690745379bc135fcf.tar.gz) = ad6c26b5a2f818bc38989bf687f4a623b995c0df +SHA512 (racoon2-b2a193fc9875d1fb89c0a51690745379bc135fcf.tar.gz) = b3dcbe43f7f2454f0befd4434a9335df6063e4468924d8c6ab22c960dc45802c7733f0e8720b2674666fbe953309668221352ee25c6bb1ffaafc7eab4666ce49 +Size (racoon2-b2a193fc9875d1fb89c0a51690745379bc135fcf.tar.gz) = 1144364 bytes diff --git a/security/racoon2/patches/patch-aa b/security/racoon2/patches/patch-aa deleted file mode 100644 index b3cff2be348..00000000000 --- a/security/racoon2/patches/patch-aa +++ /dev/null @@ -1,16 +0,0 @@ -$NetBSD: patch-aa,v 1.1.1.1 2012/01/11 20:08:39 drochner Exp $ - -Don't mess up user's configuration files. - ---- samples/Makefile.in.orig 2007-12-27 10:08:52.000000000 +0900 -+++ samples/Makefile.in 2007-12-27 10:08:52.000000000 +0900 -@@ -11,8 +11,7 @@ - # empty - all: - --install: all install-startup-@startup_scripts@ install-samples install-hook -- $(INSTALL) -d -o 0 -g 0 -m 700 /var/run/racoon2 -+install: all install-startup-@startup_scripts@ - - install-samples: - $(INSTALL) -d $(sysconfdir) diff --git a/security/racoon2/patches/patch-ab b/security/racoon2/patches/patch-ab deleted file mode 100644 index f52304519e7..00000000000 --- a/security/racoon2/patches/patch-ab +++ /dev/null @@ -1,22 +0,0 @@ -$NetBSD: patch-ab,v 1.1.1.1 2012/01/11 20:08:39 drochner Exp $ - -This should be done when installing the package (Makefile when -"make install" or PLIST when "pkg_add"). - ---- pskgen/Makefile.in.orig 2007-12-12 07:12:22.000000000 +0000 -+++ pskgen/Makefile.in -@@ -17,11 +17,9 @@ PROG=pskgen - all: - - install: all -- $(INSTALL) -d $(sbindir) -- $(INSTALL_SCRIPT) $(PROG) $(sbindir) -- $(INSTALL_DATA) $(PROG).8 $(mandir)/man8 -- $(INSTALL) -d $(prefix)/etc/racoon2 -- sh ./autogen.spmd.pwd -+ $(INSTALL) -d $(DESTDIR)$(sbindir) -+ $(INSTALL_SCRIPT) $(PROG) $(DESTDIR)$(sbindir) -+ $(INSTALL_DATA) $(PROG).8 $(DESTDIR)$(mandir)/man8 - - depend: - diff --git a/security/racoon2/patches/patch-ac b/security/racoon2/patches/patch-ac deleted file mode 100644 index 9fb253ac671..00000000000 --- a/security/racoon2/patches/patch-ac +++ /dev/null @@ -1,21 +0,0 @@ -$NetBSD: patch-ac,v 1.1.1.1 2012/01/11 20:08:39 drochner Exp $ - ---- spmd/Makefile.in.orig 2006-06-23 10:21:59.000000000 +0000 -+++ spmd/Makefile.in -@@ -38,11 +38,11 @@ spmdctl: spmdctl.o ../lib/libracoon.a - spmdctl.o: spmd_internal.h - - install: all -- $(INSTALL_DIR) $(sbindir) -- $(INSTALL_PROGRAM) $(DAEMON) $(sbindir) -- $(INSTALL_PROGRAM) $(COMMAND) $(sbindir) -- $(INSTALL_DIR) $(man8dir) -- $(INSTALL_DATA) $(MANFILES) $(man8dir) -+ $(INSTALL_DIR) $(DESTDIR)$(sbindir) -+ $(INSTALL_PROGRAM) $(DAEMON) $(DESTDIR)$(sbindir) -+ $(INSTALL_PROGRAM) $(COMMAND) $(DESTDIR)$(sbindir) -+ $(INSTALL_DIR) $(DESTDIR)$(man8dir) -+ $(INSTALL_DATA) $(MANFILES) $(DESTDIR)$(man8dir) - - clean: - -rm -f $(TARGET) *.o $(COMMAND) diff --git a/security/racoon2/patches/patch-ad b/security/racoon2/patches/patch-ad deleted file mode 100644 index 802f575d2ce..00000000000 --- a/security/racoon2/patches/patch-ad +++ /dev/null @@ -1,25 +0,0 @@ -$NetBSD: patch-ad,v 1.1.1.1 2012/01/11 20:08:39 drochner Exp $ - ---- iked/Makefile.in.orig 2009-03-27 07:24:26.000000000 +0000 -+++ iked/Makefile.in -@@ -66,16 +66,16 @@ all: $(PROG) $(TESTPROG) - install: install-prog install-doc - - install-prog: $(PROG) -- $(INSTALL) -d $(sbindir) -- $(INSTALL_PROGRAM) $(PROG) $(sbindir) -+ $(INSTALL) -d $(DESTDIR)$(sbindir) -+ $(INSTALL_PROGRAM) $(PROG) $(DESTDIR)$(sbindir) - - install-doc: -- $(INSTALL) -d $(mandir)/man8 -+ $(INSTALL) -d $(DESTDIR)$(mandir)/man8 - # not friendly with -n :-( - sysconfdir="$$(echo '$(sysconfdir)' | sed 's/%/\\\%/g')"; \ - for f in $(MAN); do \ - sed -e s%\@sysconfdir\@%"$$sysconfdir"%g < $$f > $${f}.tmp; \ -- $(INSTALL_DATA) $${f}.tmp $(mandir)/man$${f##*.}/$$f; \ -+ $(INSTALL_DATA) $${f}.tmp $(DESTDIR)$(mandir)/man$${f##*.}/$$f; \ - rm $${f}.tmp; \ - done - diff --git a/security/racoon2/patches/patch-ae b/security/racoon2/patches/patch-ae deleted file mode 100644 index 4b9568d79c4..00000000000 --- a/security/racoon2/patches/patch-ae +++ /dev/null @@ -1,23 +0,0 @@ -$NetBSD: patch-ae,v 1.1.1.1 2012/01/11 20:08:39 drochner Exp $ - ---- kinkd/Makefile.in.orig 2010-05-07 18:42:30.000000000 +0000 -+++ kinkd/Makefile.in -@@ -49,14 +49,14 @@ $(PROG): ../lib/libracoon.a - ../lib/libracoon.a: # check its timestamp only when there is. - - install: all -- $(INSTALL) -d $(sbindir) -- $(INSTALL_PROGRAM) $(PROG) $(sbindir) -- $(INSTALL) -d $(mandir)/man8 -+ $(INSTALL) -d $(DESTDIR)$(sbindir) -+ $(INSTALL_PROGRAM) $(PROG) $(DESTDIR)$(sbindir) -+ $(INSTALL) -d $(DESTDIR)$(mandir)/man8 - # not friendly with -n :-( - sysconfdir="$$(echo '$(sysconfdir)' | sed 's/%/\\\%/g')"; \ - for f in $(MAN); do \ - sed -e s%\@sysconfdir\@%"$$sysconfdir"%g < $$f > $${f}.tmp; \ -- $(INSTALL_DATA) $${f}.tmp $(mandir)/man$${f##*.}/$$f; \ -+ $(INSTALL_DATA) $${f}.tmp $(DESTDIR)$(mandir)/man$${f##*.}/$$f; \ - rm $${f}.tmp; \ - done - diff --git a/security/racoon2/patches/patch-iked_crypto__impl.h b/security/racoon2/patches/patch-iked_crypto__impl.h deleted file mode 100644 index 906828c5da7..00000000000 --- a/security/racoon2/patches/patch-iked_crypto__impl.h +++ /dev/null @@ -1,15 +0,0 @@ -$NetBSD: patch-iked_crypto__impl.h,v 1.1 2018/05/29 01:22:50 christos Exp $ - -Make unmodified argument const - ---- iked/crypto_impl.h 2010-02-01 05:30:51.000000000 -0500 -+++ iked/crypto_impl.h 2018-05-28 16:44:16.016528535 -0400 -@@ -246,7 +246,7 @@ - extern int eay_revbnl (rc_vchar_t *); - #include <openssl/bn.h> - extern int eay_v2bn (BIGNUM **, rc_vchar_t *); --extern int eay_bn2v (rc_vchar_t **, BIGNUM *); -+extern int eay_bn2v (rc_vchar_t **, const BIGNUM *); - - extern const char *eay_version (void); - diff --git a/security/racoon2/patches/patch-iked_crypto__openssl.c b/security/racoon2/patches/patch-iked_crypto__openssl.c deleted file mode 100644 index 13fa5acad37..00000000000 --- a/security/racoon2/patches/patch-iked_crypto__openssl.c +++ /dev/null @@ -1,714 +0,0 @@ -$NetBSD: patch-iked_crypto__openssl.c,v 1.1 2018/05/29 01:22:50 christos Exp $ - -Adjust for openssl-1.1 - ---- iked/crypto_openssl.c 2010-02-01 05:30:51.000000000 -0500 -+++ iked/crypto_openssl.c 2018-05-28 17:08:27.806906241 -0400 -@@ -324,16 +324,17 @@ - { - char buf[256]; - int log_tag; -+ int ctx_error, ctx_error_depth; - - if (!ok) { -- X509_NAME_oneline(X509_get_subject_name(ctx->current_cert), -- buf, 256); -+ X509_NAME_oneline(X509_get_subject_name( -+ X509_STORE_CTX_get0_cert(ctx)), buf, 256); - /* - * since we are just checking the certificates, it is - * ok if they are self signed. But we should still warn - * the user. - */ -- switch (ctx->error) { -+ switch (ctx_error = X509_STORE_CTX_get_error(ctx)) { - case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT: - #if OPENSSL_VERSION_NUMBER >= 0x00905100L - case X509_V_ERR_INVALID_CA: -@@ -347,16 +348,17 @@ - default: - log_tag = PLOG_PROTOERR; - } -+ ctx_error_depth = X509_STORE_CTX_get_error_depth(ctx); - #ifndef EAYDEBUG - plog(log_tag, PLOGLOC, NULL, - "%s(%d) at depth:%d SubjectName:%s\n", -- X509_verify_cert_error_string(ctx->error), -- ctx->error, ctx->error_depth, buf); -+ X509_verify_cert_error_string(ctx_error), -+ ctx_error, ctx_error_depth, buf); - #else - printf("%d: %s(%d) at depth:%d SubjectName:%s\n", - log_tag, -- X509_verify_cert_error_string(ctx->error), -- ctx->error, ctx->error_depth, buf); -+ X509_verify_cert_error_string(ctx_error), -+ ctx_error, ctx_error_depth, buf); - #endif - } - ERR_clear_error(); -@@ -991,6 +993,7 @@ - BPP_const unsigned char *bp; - rc_vchar_t *sig = NULL; - int len; -+ RSA *rsa; - int pad = RSA_PKCS1_PADDING; - - bp = (unsigned char *)privkey->v; -@@ -1002,14 +1005,15 @@ - /* XXX: to be handled EVP_dss() */ - /* XXX: Where can I get such parameters ? From my cert ? */ - -- len = RSA_size(evp->pkey.rsa); -+ rsa = EVP_PKEY_get0_RSA(evp); -+ len = RSA_size(rsa); - - sig = rc_vmalloc(len); - if (sig == NULL) - return NULL; - - len = RSA_private_encrypt(src->l, (unsigned char *)src->v, -- (unsigned char *)sig->v, evp->pkey.rsa, pad); -+ (unsigned char *)sig->v, rsa, pad); - EVP_PKEY_free(evp); - if (len == 0 || (size_t)len != sig->l) { - rc_vfree(sig); -@@ -1028,6 +1032,7 @@ - BPP_const unsigned char *bp; - rc_vchar_t *xbuf = NULL; - int pad = RSA_PKCS1_PADDING; -+ RSA *rsa; - int len = 0; - int error; - -@@ -1040,7 +1045,8 @@ - return -1; - } - -- len = RSA_size(evp->pkey.rsa); -+ rsa = EVP_PKEY_get0_RSA(evp); -+ len = RSA_size(rsa); - - xbuf = rc_vmalloc(len); - if (xbuf == NULL) { -@@ -1053,7 +1059,7 @@ - } - - len = RSA_public_decrypt(sig->l, (unsigned char *)sig->v, -- (unsigned char *)xbuf->v, evp->pkey.rsa, pad); -+ (unsigned char *)xbuf->v, rsa, pad); - #ifndef EAYDEBUG - if (len == 0 || (size_t)len != src->l) - plog(PLOG_PROTOERR, PLOGLOC, NULL, "%s\n", eay_strerror()); -@@ -1089,7 +1095,8 @@ - rc_vchar_t *sig = 0; - unsigned int siglen; - const EVP_MD *md; -- EVP_MD_CTX ctx; -+ EVP_MD_CTX *ctx = NULL; -+ RSA *rsa; - - bp = (unsigned char *)privkey->v; - /* convert private key from vmbuf to internal data */ -@@ -1100,7 +1107,8 @@ - goto fail; - } - -- len = RSA_size(pkey->pkey.rsa); -+ rsa = EVP_PKEY_get0_RSA(pkey); -+ len = RSA_size(rsa); - sig = rc_vmalloc(len); - if (sig == NULL) { - plog(PLOG_INTERR, PLOGLOC, NULL, "failed allocating memory\n"); -@@ -1114,27 +1122,33 @@ - "failed to find digest algorithm %s\n", hash_type); - goto fail; - } -- EVP_MD_CTX_init(&ctx); -- EVP_SignInit(&ctx, md); -- EVP_SignUpdate(&ctx, octets->v, octets->l); -- if (EVP_SignFinal(&ctx, (unsigned char *)sig->v, &siglen, pkey) <= 0) { -+ ctx = EVP_MD_CTX_new(); -+ if (!ctx) { -+ plog(PLOG_INTERR, PLOGLOC, NULL, -+ "failed to allocate context\n"); -+ goto fail; -+ } -+ EVP_SignInit(ctx, md); -+ EVP_SignUpdate(ctx, octets->v, octets->l); -+ if (EVP_SignFinal(ctx, (unsigned char *)sig->v, &siglen, pkey) <= 0) { - plog(PLOG_INTERR, PLOGLOC, NULL, - "RSA_sign failed: %s\n", eay_strerror()); -- EVP_MD_CTX_cleanup(&ctx); - goto fail; - } -- EVP_MD_CTX_cleanup(&ctx); - if (sig->l != siglen) { - plog(PLOG_INTERR, PLOGLOC, NULL, - "unexpected signature length %d\n", siglen); - goto fail; - } -+ EVP_MD_CTX_free(ctx); - EVP_PKEY_free(pkey); - return sig; - - fail: - if (sig) - rc_vfree(sig); -+ if (ctx) -+ EVP_MD_CTX_free(ctx); - if (pkey) - EVP_PKEY_free(pkey); - return 0; -@@ -1154,7 +1168,7 @@ - EVP_PKEY *pkey; - BPP_const unsigned char *bp; - const EVP_MD *md; -- EVP_MD_CTX ctx; -+ EVP_MD_CTX *ctx = NULL; - - bp = (unsigned char *)pubkey->v; - pkey = d2i_PUBKEY(NULL, &bp, pubkey->l); -@@ -1163,7 +1177,7 @@ - "failed obtaining public key: %s\n", eay_strerror()); - goto fail; - } -- if (pkey->type != EVP_PKEY_RSA) { -+ if (EVP_PKEY_id(pkey) != EVP_PKEY_RSA) { - plog(PLOG_PROTOERR, PLOGLOC, NULL, - "public key is not for RSA\n"); - goto fail; -@@ -1175,23 +1189,29 @@ - "failed to find the algorithm engine for %s\n", hash_type); - goto fail; - } -- EVP_MD_CTX_init(&ctx); -- EVP_VerifyInit(&ctx, md); -- EVP_VerifyUpdate(&ctx, octets->v, octets->l); -- if (EVP_VerifyFinal(&ctx, (unsigned char *)sig->v, sig->l, pkey) <= 0) { -+ ctx = EVP_MD_CTX_new(); -+ if (!ctx) { -+ plog(PLOG_INTERR, PLOGLOC, NULL, -+ "failed to allocate context\n"); -+ goto fail; -+ } -+ EVP_VerifyInit(ctx, md); -+ EVP_VerifyUpdate(ctx, octets->v, octets->l); -+ if (EVP_VerifyFinal(ctx, (unsigned char *)sig->v, sig->l, pkey) <= 0) { - plog(PLOG_PROTOERR, PLOGLOC, NULL, - "RSA_verify failed: %s\n", eay_strerror()); -- EVP_MD_CTX_cleanup(&ctx); - goto fail; - } -- EVP_MD_CTX_cleanup(&ctx); - -+ EVP_MD_CTX_free(ctx); - EVP_PKEY_free(pkey); - return 0; - - fail: - if (pkey) - EVP_PKEY_free(pkey); -+ if (ctx) -+ EVP_MD_CTX_free(ctx); - return -1; - } - -@@ -1204,7 +1224,8 @@ - EVP_PKEY *pkey; - BPP_const unsigned char *bp; - const EVP_MD *md; -- EVP_MD_CTX ctx; -+ EVP_MD_CTX *ctx = NULL; -+ DSA *dsa; - int len; - rc_vchar_t *sig = 0; - unsigned int siglen; -@@ -1217,24 +1238,33 @@ - goto fail; - } - -- len = DSA_size(pkey->pkey.dsa); -+ dsa = EVP_PKEY_get0_DSA(pkey); -+ len = DSA_size(dsa); - sig = rc_vmalloc(len); - if (sig == NULL) { - plog(PLOG_INTERR, PLOGLOC, NULL, "failed allocating memory\n"); - goto fail; - } - -+#if 0 - md = EVP_dss1(); -- EVP_MD_CTX_init(&ctx); -- EVP_SignInit(&ctx, md); -- EVP_SignUpdate(&ctx, octets->v, octets->l); -- if (EVP_SignFinal(&ctx, (unsigned char *)sig->v, &siglen, pkey) <= 0) { -+#else -+ md = NULL; -+ goto fail; -+#endif -+ ctx = EVP_MD_CTX_new(); -+ if (!ctx) { -+ plog(PLOG_INTERR, PLOGLOC, NULL, -+ "failed to allocate context\n"); -+ goto fail; -+ } -+ EVP_SignInit(ctx, md); -+ EVP_SignUpdate(ctx, octets->v, octets->l); -+ if (EVP_SignFinal(ctx, (unsigned char *)sig->v, &siglen, pkey) <= 0) { - plog(PLOG_INTERR, PLOGLOC, NULL, - "DSS sign failed: %s\n", eay_strerror()); -- EVP_MD_CTX_cleanup(&ctx); - goto fail; - } -- EVP_MD_CTX_cleanup(&ctx); - - if (siglen > sig->l) { - plog(PLOG_INTERR, PLOGLOC, NULL, -@@ -1245,6 +1275,7 @@ - if (siglen < sig->l) - sig = rc_vrealloc(sig, siglen); - EVP_PKEY_free(pkey); -+ EVP_MD_CTX_free(ctx); - return sig; - - fail: -@@ -1252,6 +1283,8 @@ - rc_vfree(sig); - if (pkey) - EVP_PKEY_free(pkey); -+ if (ctx) -+ EVP_MD_CTX_free(ctx); - return 0; - } - -@@ -1265,7 +1298,7 @@ - EVP_PKEY *pkey; - BPP_const unsigned char *bp; - const EVP_MD *md; -- EVP_MD_CTX ctx; -+ EVP_MD_CTX *ctx = NULL; - - bp = (unsigned char *)pubkey->v; - pkey = d2i_PUBKEY(NULL, &bp, pubkey->l); -@@ -1274,30 +1307,40 @@ - "failed obtaining public key: %s\n", eay_strerror()); - goto fail; - } -- if (pkey->type != EVP_PKEY_DSA) { -+ if (EVP_PKEY_id(pkey) != EVP_PKEY_DSA) { - plog(PLOG_PROTOERR, PLOGLOC, NULL, - "public key is not for DSS\n"); - goto fail; - } - -+#if 0 - md = EVP_dss1(); -- EVP_MD_CTX_init(&ctx); -- EVP_VerifyInit(&ctx, md); -- EVP_VerifyUpdate(&ctx, octets->v, octets->l); -- if (EVP_VerifyFinal(&ctx, (unsigned char *)sig->v, sig->l, pkey) <= 0) { -+#else -+ md = NULL; -+ goto fail; -+#endif -+ ctx = EVP_MD_CTX_new(); -+ if (!ctx) { -+ plog(PLOG_INTERR, PLOGLOC, NULL, -+ "failed to allocate context\n"); -+ goto fail; -+ } -+ EVP_VerifyInit(ctx, md); -+ EVP_VerifyUpdate(ctx, octets->v, octets->l); -+ if (EVP_VerifyFinal(ctx, (unsigned char *)sig->v, sig->l, pkey) <= 0) { - plog(PLOG_PROTOERR, PLOGLOC, NULL, - "DSS verify failed: %s\n", eay_strerror()); -- EVP_MD_CTX_cleanup(&ctx); - goto fail; - } -- EVP_MD_CTX_cleanup(&ctx); -- -+ EVP_MD_CTX_free(ctx); - EVP_PKEY_free(pkey); - return 0; - - fail: - if (pkey) - EVP_PKEY_free(pkey); -+ if (ctx) -+ EVP_MD_CTX_free(ctx); - return -1; - } - -@@ -1345,7 +1388,7 @@ - evp_encrypt(const EVP_CIPHER *ciph, rc_vchar_t *data, rc_vchar_t *key, rc_vchar_t *iv) - { - rc_vchar_t *res; -- EVP_CIPHER_CTX ctx; -+ EVP_CIPHER_CTX *ctx = NULL; - int outl; - - if (!iv || iv->l < (size_t)EVP_CIPHER_block_size(ciph)) -@@ -1355,12 +1398,17 @@ - if ((res = rc_vmalloc(data->l)) == NULL) - return NULL; - -- EVP_CIPHER_CTX_init(&ctx); -- if (!EVP_EncryptInit(&ctx, ciph, (unsigned char *)key->v, (unsigned char *)iv->v)) -+ ctx = EVP_CIPHER_CTX_new(); -+ if (!ctx) { -+ plog(PLOG_INTERR, PLOGLOC, NULL, -+ "failed to allocate context\n"); -+ goto fail; -+ } -+ if (!EVP_EncryptInit(ctx, ciph, (unsigned char *)key->v, (unsigned char *)iv->v)) - goto fail; -- if (!EVP_CIPHER_CTX_set_padding(&ctx, 0)) -+ if (!EVP_CIPHER_CTX_set_padding(ctx, 0)) - goto fail; -- if (!EVP_EncryptUpdate(&ctx, (unsigned char *)res->v, &outl, (unsigned char *)data->v, -+ if (!EVP_EncryptUpdate(ctx, (unsigned char *)res->v, &outl, (unsigned char *)data->v, - data->l)) - goto fail; - if ((size_t)outl != data->l) { -@@ -1369,16 +1417,17 @@ - outl, (unsigned long)data->l); - goto fail; - } -- if (!EVP_EncryptFinal(&ctx, NULL, &outl)) -+ if (!EVP_EncryptFinal(ctx, NULL, &outl)) - goto fail; - -- EVP_CIPHER_CTX_cleanup(&ctx); -+ EVP_CIPHER_CTX_free(ctx); - return res; - - fail: - if (res) - rc_vfree(res); -- EVP_CIPHER_CTX_cleanup(&ctx); -+ if (ctx) -+ EVP_CIPHER_CTX_free(ctx); - return NULL; - } - -@@ -1386,7 +1435,7 @@ - evp_decrypt(const EVP_CIPHER *ciph, rc_vchar_t *data, rc_vchar_t *key, rc_vchar_t *iv) - { - rc_vchar_t *res; -- EVP_CIPHER_CTX ctx; -+ EVP_CIPHER_CTX *ctx = NULL; - int outl; - - if (!iv || iv->l < (size_t)EVP_CIPHER_block_size(ciph)) -@@ -1396,12 +1445,17 @@ - if ((res = rc_vmalloc(data->l)) == NULL) - return NULL; - -- EVP_CIPHER_CTX_init(&ctx); -- if (!EVP_DecryptInit(&ctx, ciph, (unsigned char *)key->v, (unsigned char *)iv->v)) -+ ctx = EVP_CIPHER_CTX_new(); -+ if (!ctx) { -+ plog(PLOG_INTERR, PLOGLOC, NULL, -+ "failed to allocate context\n"); -+ goto fail; -+ } -+ if (!EVP_DecryptInit(ctx, ciph, (unsigned char *)key->v, (unsigned char *)iv->v)) - goto fail; -- if (!EVP_CIPHER_CTX_set_padding(&ctx, 0)) -+ if (!EVP_CIPHER_CTX_set_padding(ctx, 0)) - goto fail; -- if (!EVP_DecryptUpdate(&ctx, (unsigned char *)res->v, &outl, (unsigned char *)data->v, -+ if (!EVP_DecryptUpdate(ctx, (unsigned char *)res->v, &outl, (unsigned char *)data->v, - data->l)) - goto fail; - if ((size_t)outl != data->l) { -@@ -1410,15 +1464,16 @@ - outl, (unsigned long)data->l); - goto fail; - } -- if (!EVP_DecryptFinal(&ctx, NULL, &outl)) -+ if (!EVP_DecryptFinal(ctx, NULL, &outl)) - goto fail; -- EVP_CIPHER_CTX_cleanup(&ctx); -+ EVP_CIPHER_CTX_free(ctx); - return res; - - fail: - if (res) - rc_vfree(res); -- EVP_CIPHER_CTX_cleanup(&ctx); -+ if (ctx) -+ EVP_CIPHER_CTX_cleanup(ctx); - return NULL; - } - -@@ -1963,45 +2018,55 @@ - * are used as the nonce value in the counter block. - */ - -- uint8_t *nonce; -- union { -- uint8_t bytes[AES_BLOCK_SIZE]; -- struct aes_ctrblk { -- uint32_t nonce; -- uint8_t iv[AES_CTR_IV_SIZE]; -- uint32_t block_counter; -- } fields; -- } ctrblk; -- uint8_t ecount_buf[AES_BLOCK_SIZE]; -- AES_KEY k; -- unsigned int num; -- rc_vchar_t *resultbuf; -+ int len; -+ rc_vchar_t *resultbuf = NULL; -+ EVP_CIPHER_CTX *ctx = NULL; - - /* - * if (data->l > AES_BLOCK_SIZE * UINT32_MAX) return 0; - */ - -- if (iv->l != AES_CTR_IV_SIZE) -- return 0; -- nonce = (unsigned char *)key->v + key->l - AES_CTR_NONCE_SIZE; -- if (AES_set_encrypt_key((unsigned char *)key->v, -- (key->l - AES_CTR_NONCE_SIZE) << 3, &k) < 0) -+ if (iv->l != AES_CTR_IV_SIZE) { -+ plog(PLOG_INTERR, PLOGLOC, 0, "bad iv size"); - return 0; -+ } -+ -+ ctx = EVP_CIPHER_CTX_new(); -+ if (ctx == NULL) { -+ plog(PLOG_INTERR, PLOGLOC, 0, "EVP_CIPHER_CTX_new failed"); -+ goto fail; -+ } -+ -+ if (!EVP_EncryptInit_ex(ctx, EVP_aes_128_ctr(), NULL, (unsigned char *)key->v, (unsigned char *)iv->v)) { -+ plog(PLOG_INTERR, PLOGLOC, 0, "EVP_EncryptInit_ex failed"); -+ goto fail; -+ } - - resultbuf = rc_vmalloc(data->l); -- if (!resultbuf) -- return 0; -+ if (!resultbuf) { -+ plog(PLOG_INTERR, PLOGLOC, 0, "allocate resultbuf failed"); -+ goto fail; -+ } - -- memcpy(&ctrblk.fields.nonce, nonce, AES_CTR_NONCE_SIZE); -- memcpy(&ctrblk.fields.iv[0], iv->v, AES_CTR_IV_SIZE); -- ctrblk.fields.block_counter = htonl(1); -- -- num = 0; -- AES_ctr128_encrypt((unsigned char *)data->v, -- (unsigned char *)resultbuf->v, data->l, &k, -- &ctrblk.bytes[0], ecount_buf, &num); -+ if (!EVP_EncryptUpdate(ctx, (unsigned char *)resultbuf->v, &len, (unsigned char *)data->v, data->l)) { -+ plog(PLOG_INTERR, PLOGLOC, 0, "EVP_EncryptUpdate failed"); -+ goto fail; -+ } - -+ if (!EVP_EncryptFinal_ex(ctx, (unsigned char *)resultbuf->v + len, &len)) { -+ plog(PLOG_INTERR, PLOGLOC, 0, "EVP_EncryptFinal_ex failed"); -+ goto fail; -+ } -+ -+ EVP_CIPHER_CTX_free(ctx); - return resultbuf; -+ -+fail: -+ EVP_CIPHER_CTX_free(ctx); -+ if (resultbuf) -+ rc_free(resultbuf); -+ -+ return NULL; - } - - /* for ipsec part */ -@@ -2038,14 +2103,9 @@ - static caddr_t - eay_hmac_init(rc_vchar_t *key, const EVP_MD *md) - { -- HMAC_CTX *c = racoon_malloc(sizeof(*c)); -+ HMAC_CTX *c = HMAC_CTX_new(); - --#if OPENSSL_VERSION_NUMBER < 0x0090700fL -- HMAC_Init(c, key->v, key->l, md); --#else -- HMAC_CTX_init(c); - HMAC_Init_ex(c, key->v, key->l, md, NULL); --#endif - - return (caddr_t)c; - } -@@ -2053,12 +2113,7 @@ - void - eay_hmac_dispose(HMAC_CTX *c) - { --#if OPENSSL_VERSION_NUMBER < 0x0090700fL -- HMAC_cleanup(c); --#else -- HMAC_CTX_cleanup(c); --#endif -- (void)racoon_free(c); -+ HMAC_CTX_free(c); - } - - #ifdef WITH_SHA2 -@@ -2972,15 +3027,16 @@ - eay_random_uint32(void) - { - uint32_t value; -- (void)RAND_pseudo_bytes((uint8_t *)&value, sizeof(value)); -+ (void)RAND_bytes((uint8_t *)&value, sizeof(value)); - return value; - } - - /* DH */ - int --eay_dh_generate(rc_vchar_t *prime, uint32_t g, unsigned int publen, rc_vchar_t **pub, rc_vchar_t **priv) -+eay_dh_generate(rc_vchar_t *prime, uint32_t gg, unsigned int publen, rc_vchar_t **pub, rc_vchar_t **priv) - { -- BIGNUM *p = NULL; -+ BIGNUM *p = NULL, *g = NULL; -+ const BIGNUM *pub_key, *priv_key; - DH *dh = NULL; - int error = -1; - -@@ -2991,25 +3047,27 @@ - - if ((dh = DH_new()) == NULL) - goto end; -- dh->p = p; -- p = NULL; /* p is now part of dh structure */ -- dh->g = NULL; -- if ((dh->g = BN_new()) == NULL) -+ if ((g = BN_new()) == NULL) - goto end; -- if (!BN_set_word(dh->g, g)) -+ if (!BN_set_word(g, gg)) - goto end; - -+ if (!DH_set0_pqg(dh, p, NULL, g)) -+ goto end; -+ g = p = NULL; -+ - if (publen != 0) -- dh->length = publen; -+ DH_set_length(dh, publen); - - /* generate public and private number */ - if (!DH_generate_key(dh)) - goto end; - -+ DH_get0_key(dh, &pub_key, &priv_key); - /* copy results to buffers */ -- if (eay_bn2v(pub, dh->pub_key) < 0) -+ if (eay_bn2v(pub, pub_key) < 0) - goto end; -- if (eay_bn2v(priv, dh->priv_key) < 0) { -+ if (eay_bn2v(priv, priv_key) < 0) { - rc_vfree(*pub); - goto end; - } -@@ -3019,44 +3077,57 @@ - end: - if (dh != NULL) - DH_free(dh); -- if (p != 0) -+ if (p != NULL) - BN_free(p); -+ if (g != NULL) -+ BN_free(g); - return (error); - } - - int --eay_dh_compute (rc_vchar_t *prime, uint32_t g, rc_vchar_t *pub, -+eay_dh_compute (rc_vchar_t *prime, uint32_t gg, rc_vchar_t *pub, - rc_vchar_t *priv, rc_vchar_t *pub2, rc_vchar_t **key) - { -- BIGNUM *dh_pub = NULL; -+ BIGNUM *dh_pub = NULL, *p = NULL, *g = NULL, -+ *pub_key = NULL, *priv_key = NULL; - DH *dh = NULL; - int l; - unsigned char *v = NULL; - int error = -1; - -- /* make public number to compute */ -- if (eay_v2bn(&dh_pub, pub2) < 0) -- goto end; -- - /* make DH structure */ - if ((dh = DH_new()) == NULL) - goto end; -- if (eay_v2bn(&dh->p, prime) < 0) -+ -+ if (eay_v2bn(&p, prime) < 0) -+ goto end; -+ if ((g = BN_new()) == NULL) - goto end; -- if (eay_v2bn(&dh->pub_key, pub) < 0) -+ if (!BN_set_word(g, gg)) - goto end; -- if (eay_v2bn(&dh->priv_key, priv) < 0) -+ if (!DH_set0_pqg(dh, p, NULL, g)) - goto end; -- dh->length = pub2->l * 8; -+ p = NULL; -+ g = NULL; - -- dh->g = NULL; -- if ((dh->g = BN_new()) == NULL) -+ if (eay_v2bn(&pub_key, pub) < 0) - goto end; -- if (!BN_set_word(dh->g, g)) -+ if (eay_v2bn(&priv_key, priv) < 0) - goto end; -+ if (!DH_set0_key(dh, pub_key, priv_key)) -+ goto end; -+ pub_key = NULL; -+ priv_key = NULL; -+ -+ DH_set_length(dh, pub2->l * 8); - - if ((v = racoon_calloc(prime->l, sizeof(unsigned char))) == NULL) - goto end; -+ -+ /* make public number to compute */ -+ if (eay_v2bn(&dh_pub, pub2) < 0) -+ goto end; -+ - if ((l = DH_compute_key(v, dh_pub, dh)) == -1) - goto end; - memcpy((*key)->v + (prime->l - l), v, l); -@@ -3066,6 +3137,14 @@ - end: - if (dh_pub != NULL) - BN_free(dh_pub); -+ if (pub_key != NULL) -+ BN_free(pub_key); -+ if (priv_key != NULL) -+ BN_free(priv_key); -+ if (p != NULL) -+ BN_free(p); -+ if (g != NULL) -+ BN_free(g); - if (dh != NULL) - DH_free(dh); - if (v != NULL) -@@ -3083,9 +3162,9 @@ - } - - int --eay_bn2v(rc_vchar_t **var, BIGNUM *bn) -+eay_bn2v(rc_vchar_t **var, const BIGNUM *bn) - { -- *var = rc_vmalloc(bn->top * BN_BYTES); -+ *var = rc_vmalloc(BN_num_bytes(bn)); - if (*var == NULL) - return (-1); - diff --git a/security/racoon2/patches/patch-iked_ike__conf.c b/security/racoon2/patches/patch-iked_ike__conf.c deleted file mode 100644 index 9930dcf1156..00000000000 --- a/security/racoon2/patches/patch-iked_ike__conf.c +++ /dev/null @@ -1,36 +0,0 @@ -$NetBSD: patch-iked_ike__conf.c,v 1.1 2018/05/29 01:22:50 christos Exp $ - -Comment out impossible case (switch is enum) - ---- iked/ike_conf.c.orig 2009-07-28 01:32:40.000000000 -0400 -+++ iked/ike_conf.c 2018-05-28 19:48:04.934126933 -0400 -@@ -4025,12 +4025,14 @@ - SA_CONF(comp_alg, sa, comp_alg, 0); - - switch (sa_protocol) { -+#if 0 - case 0: - ++*err; - plog(PLOG_INTERR, PLOGLOC, 0, - "sa %s does not have sa_protocol field\n", - sa_index); - break; -+#endif - case RCT_SATYPE_ESP: - if (!enc_alg) { - ++*err; -@@ -4226,12 +4228,14 @@ - if (!action) - POLICY_DEFAULT(action, action, 0); - switch (action) { -+#if 0 - case 0: - ++error; - plog(PLOG_INTERR, PLOGLOC, 0, - "policy %s lacks action field\n", - rc_vmem2str(policy->pl_index)); - continue; -+#endif - case RCT_ACT_AUTO_IPSEC: - break; - default: diff --git a/security/racoon2/patches/patch-iked_ikev1_ikev1.c b/security/racoon2/patches/patch-iked_ikev1_ikev1.c deleted file mode 100644 index b4be22d2be5..00000000000 --- a/security/racoon2/patches/patch-iked_ikev1_ikev1.c +++ /dev/null @@ -1,24 +0,0 @@ -$NetBSD: patch-iked_ikev1_ikev1.c,v 1.1 2018/05/29 01:22:50 christos Exp $ - -Remove unused - ---- iked/ikev1/ikev1.c.orig 2008-07-07 05:36:08.000000000 -0400 -+++ iked/ikev1/ikev1.c 2018-05-28 19:50:20.088751812 -0400 -@@ -1457,8 +1457,6 @@ - #define IKEV1_DEFAULT_RETRY_CHECKPH1 30 - - if (!iph1) { -- struct sched *sc; -- - if (isakmp_ph1begin_i(rm_info, iph2->dst, iph2->src) < 0) { - plog(PLOG_INTERR, PLOGLOC, 0, - "failed to initiate phase 1 negotiation for %s\n", -@@ -1467,7 +1465,7 @@ - goto fail; - } - iph2->retry_checkph1 = IKEV1_DEFAULT_RETRY_CHECKPH1; -- sc = sched_new(1, isakmp_chkph1there_stub, iph2); -+ sched_new(1, isakmp_chkph1there_stub, iph2); - plog(PLOG_INFO, PLOGLOC, 0, - "IPsec-SA request for %s queued " - "since no phase1 found\n", diff --git a/security/racoon2/patches/patch-iked_ikev1_ipsec__doi.c b/security/racoon2/patches/patch-iked_ikev1_ipsec__doi.c deleted file mode 100644 index 5a8c4aa493b..00000000000 --- a/security/racoon2/patches/patch-iked_ikev1_ipsec__doi.c +++ /dev/null @@ -1,48 +0,0 @@ -$NetBSD: patch-iked_ikev1_ipsec__doi.c,v 1.1 2018/05/29 01:22:50 christos Exp $ - -Fix memset argument -Fix unused - ---- iked/ikev1/ipsec_doi.c.orig 2008-07-07 05:36:08.000000000 -0400 -+++ iked/ikev1/ipsec_doi.c 2018-05-28 21:19:12.197533568 -0400 -@@ -220,7 +220,9 @@ - rc_vchar_t *newsa; - struct isakmpsa *sa, tsa; - struct prop_pair *s, *p; -+#if 0 - int prophlen; -+#endif - int i; - - if (iph1->approval) { -@@ -232,8 +234,10 @@ - if (pair[i] == NULL) - continue; - for (s = pair[i]; s; s = s->next) { -+#if 0 - prophlen = sizeof(struct isakmp_pl_p) - + s->prop->spi_size; -+#endif - /* compare proposal and select one */ - for (p = s; p; p = p->tnext) { - sa = get_ph1approvalx(p, iph1->proposal, -@@ -254,8 +258,10 @@ - if (pair[i] == NULL) - continue; - for (s = pair[i]; s; s = s->next) { -+#if 0 - prophlen = sizeof(struct isakmp_pl_p) - + s->prop->spi_size; -+#endif - for (p = s; p; p = p->tnext) { - print_ph1mismatched(p, - iph1->proposal); -@@ -1238,7 +1244,7 @@ - "failed to get buffer.\n"); - return NULL; - } -- memset(pair, 0, sizeof(pair)); -+ memset(pair, 0, sizeof(*pair)); - - bp = (caddr_t)(sab + 1); - tlen = sa->l - sizeof(*sab); diff --git a/security/racoon2/patches/patch-iked_ikev1_oakley.c b/security/racoon2/patches/patch-iked_ikev1_oakley.c deleted file mode 100644 index 1c2b417e330..00000000000 --- a/security/racoon2/patches/patch-iked_ikev1_oakley.c +++ /dev/null @@ -1,91 +0,0 @@ -$NetBSD: patch-iked_ikev1_oakley.c,v 1.1 2018/05/29 01:22:50 christos Exp $ - -Remove unused variables - ---- iked/ikev1/oakley.c.orig 2008-07-07 05:36:08.000000000 -0400 -+++ iked/ikev1/oakley.c 2018-05-28 19:39:44.411098687 -0400 -@@ -585,7 +585,6 @@ - { - rc_vchar_t *buf = 0, *res = 0; - int len; -- int error = -1; - - /* create buffer */ - len = 1 + sizeof(uint32_t) + body->l; -@@ -610,8 +609,6 @@ - if (res == NULL) - goto end; - -- error = 0; -- - plog(PLOG_DEBUG, PLOGLOC, NULL, "HASH computed:\n"); - plogdump(PLOG_DEBUG, PLOGLOC, 0, res->v, res->l); - -@@ -637,7 +634,6 @@ - rc_vchar_t *buf = NULL, *res = NULL; - char *p; - int len; -- int error = -1; - - /* create buffer */ - len = sizeof(uint32_t) + body->l; -@@ -663,8 +659,6 @@ - if (res == NULL) - goto end; - -- error = 0; -- - plog(PLOG_DEBUG, PLOGLOC, NULL, "HASH computed:\n"); - plogdump(PLOG_DEBUG, PLOGLOC, 0, res->v, res->l); - -@@ -687,7 +681,6 @@ - rc_vchar_t *buf = NULL, *res = NULL, *bp; - char *p, *bp2; - int len, bl; -- int error = -1; - #ifdef HAVE_GSSAPI - rc_vchar_t *gsstokens = NULL; - #endif -@@ -780,8 +773,6 @@ - if (res == NULL) - goto end; - -- error = 0; -- - plog(PLOG_DEBUG, PLOGLOC, NULL, "HASH (%s) computed:\n", - iph1->side == INITIATOR ? "init" : "resp"); - plogdump(PLOG_DEBUG, PLOGLOC, 0, res->v, res->l); -@@ -811,7 +802,6 @@ - rc_vchar_t *hash = NULL; /* for signature mode */ - char *p; - int len; -- int error = -1; - - /* sanity check */ - if (iph1->etype != ISAKMP_ETYPE_BASE) { -@@ -925,8 +915,6 @@ - if (res == NULL) - goto end; - -- error = 0; -- - plog(PLOG_DEBUG, PLOGLOC, NULL, "HASH_I computed:\n"); - plogdump(PLOG_DEBUG, PLOGLOC, 0, res->v, res->l); - -@@ -950,7 +938,6 @@ - rc_vchar_t *hash = NULL; - char *p; - int len; -- int error = -1; - - /* sanity check */ - if (iph1->etype != ISAKMP_ETYPE_BASE) { -@@ -1049,8 +1036,6 @@ - if (res == NULL) - goto end; - -- error = 0; -- - plog(PLOG_DEBUG, PLOGLOC, NULL, "HASH computed:\n"); - plogdump(PLOG_DEBUG, PLOGLOC, 0, res->v, res->l); - diff --git a/security/racoon2/patches/patch-iked_ikev1_pfkey.c b/security/racoon2/patches/patch-iked_ikev1_pfkey.c deleted file mode 100644 index 3b51f009b90..00000000000 --- a/security/racoon2/patches/patch-iked_ikev1_pfkey.c +++ /dev/null @@ -1,71 +0,0 @@ -$NetBSD: patch-iked_ikev1_pfkey.c,v 1.1 2018/05/29 01:22:50 christos Exp $ - -Fix unused - ---- iked/ikev1/pfkey.c.orig 2008-04-01 06:39:13.000000000 -0400 -+++ iked/ikev1/pfkey.c 2018-05-28 19:55:26.598592949 -0400 -@@ -562,7 +562,9 @@ - unsigned int satype, mode; - struct saprop *pp; - struct saproto *pr; -+#ifdef notyet - uint32_t minspi, maxspi; -+#endif - #if 0 - int proxy = 0; - #endif -@@ -613,13 +615,15 @@ - } - /* this works around a bug in Linux kernel where it - * allocates 4 byte spi's for IPCOMP */ -- else if (satype == SADB_X_SATYPE_IPCOMP) { -+#ifdef notyet -+ if (satype == SADB_X_SATYPE_IPCOMP) { - minspi = 0x100; - maxspi = 0xffff; - } else { - minspi = 0; - maxspi = 0; - } -+#endif - mode = ipsecdoi2rc_mode(pr->encmode); - if (mode == 0) { - plog(PLOG_INTERR, PLOGLOC, NULL, -@@ -635,8 +639,10 @@ - param.pref_dst = 0; - param.satype = satype; - param.samode = mode; -- /* param.minspi = minspi; */ -- /* param.maxspi = maxspi; */ -+#ifdef notyet -+ param.minspi = minspi; -+ param.maxspi = maxspi; -+#endif - param.reqid = pr->reqid_in; - param.seq = iph2->seq; - if (iph2->sadb_request.method->getspi(¶m)) { -@@ -747,7 +753,9 @@ - unsigned int e_keylen, a_keylen, flags; - int satype, mode; - struct rcpfk_msg param; -+#if 0 - unsigned int wsize = 4; /* XXX static size of window */ -+#endif - - /* sanity check */ - if (iph2->approval == NULL) { -@@ -773,10 +781,13 @@ - plog(PLOG_PROTOERR, PLOGLOC, 0, - "invalid proto_id %d\n", pr->proto_id); - return -1; -- } else if (satype == RCT_SATYPE_IPCOMP) { -+ } -+#if 0 -+ if (satype == RCT_SATYPE_IPCOMP) { - /* IPCOMP has no replay window */ - wsize = 0; - } -+#endif - mode = ipsecdoi2rc_mode(pr->encmode); - if (mode == 0) { - plog(PLOG_PROTOERR, PLOGLOC, 0, diff --git a/security/racoon2/patches/patch-iked_ikev2.c b/security/racoon2/patches/patch-iked_ikev2.c deleted file mode 100644 index 031bda1ea81..00000000000 --- a/security/racoon2/patches/patch-iked_ikev2.c +++ /dev/null @@ -1,78 +0,0 @@ -$NetBSD: patch-iked_ikev2.c,v 1.1 2018/05/29 01:22:50 christos Exp $ - -Remove unused - ---- iked/ikev2.c.orig 2010-02-01 05:30:51.000000000 -0500 -+++ iked/ikev2.c 2018-05-28 19:59:33.332024762 -0400 -@@ -1945,8 +1945,6 @@ - struct ikev2_payload_header *p; - int type; - struct ikev2_payload_header *id_i = 0; -- struct ikev2_payload_header *cert = 0; -- struct ikev2_payload_header *certreq = 0; - struct ikev2_payload_header *id_r = 0; - struct ikev2payl_auth *auth = 0; - struct ikev2_payload_header *sa_i2 = 0; -@@ -2010,10 +2008,8 @@ - * accept up to four X.509 certificates in support of authentication, - */ - #endif -- cert = p; - break; - case IKEV2_PAYLOAD_CERTREQ: -- certreq = p; - break; - case IKEV2_PAYLOAD_ID_R: - if (id_r) -@@ -2639,7 +2635,6 @@ - int type; - struct ikev2_payload_header *p; - struct ikev2_payload_header *id_r = 0; -- struct ikev2_payload_header *cert = 0; - struct ikev2payl_auth *auth = 0; - struct ikev2_payload_header *sa_r2 = 0; - struct ikev2_payload_header *ts_i = 0; -@@ -2669,7 +2664,6 @@ - * accept up to four X.509 certificates in support of authentication, - */ - #endif -- cert = p; - break; - case IKEV2_PAYLOAD_AUTH: - if (auth) -@@ -2791,7 +2785,6 @@ - int type; - struct ikev2_payload_header *p; - struct ikev2_payload_header *cfg = 0; -- struct ikev2_payload_header *id_r = 0; - struct ikev2_payload_header *sa_r2 = 0; - struct ikev2_payload_header *ts_i = 0; - struct ikev2_payload_header *ts_r = 0; -@@ -2834,7 +2827,6 @@ - case IKEV2_PAYLOAD_ENCRYPTED: - break; - case IKEV2_PAYLOAD_ID_R: -- id_r = p; - break; - case IKEV2_PAYLOAD_SA: - sa_r2 = p; -@@ -4541,7 +4533,9 @@ - int i; - uint32_t spi; - struct ikev2_child_sa *child_sa; -+#if 0 - struct rcf_policy *policy; -+#endif - - d = (struct ikev2payl_delete *)p; - protocol_id = d->dh.protocol_id; -@@ -4641,7 +4635,9 @@ - break; - } - -+#if 0 - policy = child_sa->selector->pl; -+#endif - - /* (draft-17) - * If by chance both ends of a set diff --git a/security/racoon2/patches/patch-iked_ikev2__child.c b/security/racoon2/patches/patch-iked_ikev2__child.c deleted file mode 100644 index a85fd9e375c..00000000000 --- a/security/racoon2/patches/patch-iked_ikev2__child.c +++ /dev/null @@ -1,26 +0,0 @@ -$NetBSD: patch-iked_ikev2__child.c,v 1.1 2018/05/29 01:22:50 christos Exp $ - -Comment out unused - ---- iked/ikev2_child.c.orig 2008-09-10 04:30:58.000000000 -0400 -+++ iked/ikev2_child.c 2018-05-28 20:02:17.518182437 -0400 -@@ -1373,7 +1373,9 @@ - struct prop_pair *matching_proposal = 0; - struct prop_pair *matching_my_proposal = 0; - struct prop_pair **new_my_proposal_list = 0; -+#ifdef notyet - rc_vchar_t *g_ir; -+#endif - int err = 0; - - /* update IPsec SA with received parameter */ -@@ -1451,8 +1453,8 @@ - use_transport_mode ? "transport" : "tunnel")); - } - -- g_ir = 0; - #ifdef notyet -+ g_ir = 0; - /* if (ke_i && ke_r) g_ir = g^i^r */ - #endif - diff --git a/security/racoon2/patches/patch-iked_ikev2__notify.c b/security/racoon2/patches/patch-iked_ikev2__notify.c deleted file mode 100644 index 21669cbe4f1..00000000000 --- a/security/racoon2/patches/patch-iked_ikev2__notify.c +++ /dev/null @@ -1,24 +0,0 @@ -$NetBSD: patch-iked_ikev2__notify.c,v 1.1 2018/05/29 01:22:50 christos Exp $ - -Fix unused - ---- iked/ikev2_notify.c.orig 2008-02-06 03:09:00.000000000 -0500 -+++ iked/ikev2_notify.c 2018-05-28 20:05:41.431368140 -0400 -@@ -281,12 +281,16 @@ - struct ikev2_child_param *child_param, - int *http_cert_lookup_supported) - { -- struct ikev2_header *ikehdr; - struct ikev2payl_notify *notify; -+#ifdef notyet -+ struct ikev2_header *ikehdr; - uint32_t message_id; -+#endif - -+#ifdef notyet - ikehdr = (struct ikev2_header *)msg->v; - message_id = get_uint32(&ikehdr->message_id); -+#endif - notify = (struct ikev2payl_notify *)payload; - - switch (get_notify_type(notify)) { diff --git a/security/racoon2/patches/patch-kinkd-crypto__openssl.c b/security/racoon2/patches/patch-kinkd-crypto__openssl.c deleted file mode 100644 index ee029c2bc47..00000000000 --- a/security/racoon2/patches/patch-kinkd-crypto__openssl.c +++ /dev/null @@ -1,117 +0,0 @@ -$NetBSD: patch-kinkd-crypto__openssl.c,v 1.1 2018/05/29 01:22:50 christos Exp $ - -Fix signness issues - ---- kinkd/crypto_openssl.c.orig 2008-02-07 05:12:28.000000000 -0500 -+++ kinkd/crypto_openssl.c 2018-05-28 19:32:47.287261308 -0400 -@@ -239,7 +239,7 @@ - rc_vchar_t *res; - AES_KEY k; - -- if (AES_set_encrypt_key(key->v, key->l << 3, &k) < 0) -+ if (AES_set_encrypt_key((unsigned char *)key->v, key->l << 3, &k) < 0) - return NULL; - /* allocate buffer for result */ - if ((res = rc_vmalloc(data->l)) == NULL) { -@@ -247,7 +247,7 @@ - EXITREQ_NOMEM(); - return NULL; - } -- AES_cbc_encrypt(data->v, res->v, data->l, &k, iv->v, AES_ENCRYPT); -+ AES_cbc_encrypt((unsigned char *)data->v, (unsigned char *)res->v, data->l, &k, (unsigned char *)iv->v, AES_ENCRYPT); - - return res; - } -@@ -258,7 +258,7 @@ - rc_vchar_t *res; - AES_KEY k; - -- if (AES_set_decrypt_key(key->v, key->l << 3, &k) < 0) -+ if (AES_set_decrypt_key((unsigned char *)key->v, key->l << 3, &k) < 0) - return NULL; - /* allocate buffer for result */ - if ((res = rc_vmalloc(data->l)) == NULL) { -@@ -266,7 +266,7 @@ - EXITREQ_NOMEM(); - return NULL; - } -- AES_cbc_encrypt(data->v, res->v, data->l, &k, iv->v, AES_DECRYPT); -+ AES_cbc_encrypt((unsigned char *)data->v, (unsigned char *)res->v, data->l, &k, (unsigned char *)iv->v, AES_DECRYPT); - - return res; - } -@@ -291,7 +291,7 @@ - rc_vchar_t *res; - AES_KEY k; - -- if (AES_set_encrypt_key(key->v, key->l << 3, &k) < 0) -+ if (AES_set_encrypt_key((unsigned char *)key->v, key->l << 3, &k) < 0) - return NULL; - /* allocate buffer for result */ - if ((res = rc_vmalloc(data->l)) == NULL) { -@@ -299,7 +299,7 @@ - EXITREQ_NOMEM(); - return NULL; - } -- AES_cts_encrypt(data->v, res->v, data->l, &k, iv->v, AES_ENCRYPT); -+ AES_cts_encrypt((unsigned char *)data->v, (unsigned char *)res->v, data->l, &k, (unsigned char *)iv->v, AES_ENCRYPT); - - return res; - } -@@ -310,7 +310,7 @@ - rc_vchar_t *res; - AES_KEY k; - -- if (AES_set_decrypt_key(key->v, key->l << 3, &k) < 0) -+ if (AES_set_decrypt_key((unsigned char *)key->v, key->l << 3, &k) < 0) - return NULL; - /* allocate buffer for result */ - if ((res = rc_vmalloc(data->l)) == NULL) { -@@ -318,7 +318,7 @@ - EXITREQ_NOMEM(); - return NULL; - } -- AES_cts_encrypt(data->v, res->v, data->l, &k, iv->v, AES_DECRYPT); -+ AES_cts_encrypt((unsigned char *)data->v, (unsigned char *)res->v, data->l, &k, (unsigned char *)iv->v, AES_DECRYPT); - - return res; - } -@@ -348,17 +348,17 @@ - memcpy(lastblk, ivec, AES_BLOCK_SIZE); - for (i = 0; i < fraglen; i++) - lastblk[i] ^= (in + cbclen + AES_BLOCK_SIZE)[i]; -- AES_encrypt(lastblk, out + cbclen, key); -+ AES_encrypt((unsigned char *)lastblk, out + cbclen, key); - } else { - /* Decrypt the last plainblock. */ -- AES_decrypt(in + cbclen, lastblk, key); -+ AES_decrypt(in + cbclen, (unsigned char *)lastblk, key); - for (i = 0; i < fraglen; i++) - (out + cbclen + AES_BLOCK_SIZE)[i] = - lastblk[i] ^ (in + cbclen + AES_BLOCK_SIZE)[i]; - - /* Decrypt the second last block. */ - memcpy(lastblk, in + cbclen + AES_BLOCK_SIZE, fraglen); -- AES_decrypt(lastblk, out + cbclen, key); -+ AES_decrypt((unsigned char *)lastblk, out + cbclen, key); - if (cbclen == 0) - for (i = 0; i < AES_BLOCK_SIZE; i++) - (out + cbclen)[i] ^= ivec[i]; -@@ -738,7 +738,7 @@ - if ((res = rc_vmalloc(SHA_DIGEST_LENGTH)) == 0) - return(0); - -- SHA1_Final(res->v, (SHA_CTX *)c); -+ SHA1_Final((unsigned char *)res->v, (SHA_CTX *)c); - (void)free(c); - - return(res); -@@ -792,7 +792,7 @@ - if ((res = rc_vmalloc(MD5_DIGEST_LENGTH)) == 0) - return(0); - -- MD5_Final(res->v, (MD5_CTX *)c); -+ MD5_Final((unsigned char *)res->v, (MD5_CTX *)c); - (void)free(c); - - return(res); diff --git a/security/racoon2/patches/patch-kinkd-ipsec__doi.c b/security/racoon2/patches/patch-kinkd-ipsec__doi.c deleted file mode 100644 index d42a45529da..00000000000 --- a/security/racoon2/patches/patch-kinkd-ipsec__doi.c +++ /dev/null @@ -1,34 +0,0 @@ -$NetBSD: patch-kinkd-ipsec__doi.c,v 1.1 2018/05/29 01:22:50 christos Exp $ - -Fix wrong memset -Fix pointer signness - ---- kinkd/ipsec_doi.c.orig 2018-05-28 19:34:49.793231430 -0400 -+++ kinkd/ipsec_doi.c 2018-05-28 19:35:27.322259892 -0400 -@@ -654,7 +654,7 @@ - "failed to get buffer.\n"); - return NULL; - } -- memset(pair, 0, sizeof(pair)); -+ memset(pair, 0, sizeof(*pair)); - - bp = (caddr_t)(sab + 1); - tlen = sa->l - sizeof(*sab); -@@ -2034,7 +2034,7 @@ - - /* set prefix */ - if (len2) { -- unsigned char *p = new->v + sizeof(struct ipsecdoi_id_b) + len1; -+ unsigned char *p = (unsigned char *)new->v + sizeof(struct ipsecdoi_id_b) + len1; - unsigned int bits = prefixlen; - - while (bits >= 8) { -@@ -2141,7 +2141,7 @@ - plen = 0; - max = alen <<3; - -- p = buf->v -+ p = (unsigned char *)buf->v - + sizeof(struct ipsecdoi_id_b) - + alen; - diff --git a/security/racoon2/patches/patch-kinkd_bbkk__heimdal.c b/security/racoon2/patches/patch-kinkd_bbkk__heimdal.c deleted file mode 100644 index 954b0776c3b..00000000000 --- a/security/racoon2/patches/patch-kinkd_bbkk__heimdal.c +++ /dev/null @@ -1,310 +0,0 @@ -$NetBSD: patch-kinkd_bbkk__heimdal.c,v 1.1 2018/05/29 01:22:50 christos Exp $ - -Avoid deprecated API's -Include private header since we are using private functions -Fix function calls with missing args - ---- kinkd/bbkk_heimdal.c.orig 2007-08-03 01:42:24.000000000 -0400 -+++ kinkd/bbkk_heimdal.c 2018-05-28 21:07:22.720866945 -0400 -@@ -40,6 +40,10 @@ - #include <string.h> - #if defined(HAVE_KRB5_KRB5_H) - # include <krb5/krb5.h> -+# include <openssl/evp.h> -+typedef void *krb5_pk_init_ctx; -+# include <krb5/pkinit_asn1.h> -+# include <krb5/krb5-private.h> - #else - # include <krb5.h> - #endif -@@ -147,7 +151,7 @@ - if (DEBUG_KRB5() && cause != NULL) - kinkd_log(KLLV_DEBUG, - "bbkk: %s: %s\n", -- cause, krb5_get_err_text(con->context, ret)); -+ cause, krb5_get_error_message(con->context, ret)); - if (con->rcache != NULL) - krb5_rc_close(con->context, con->rcache); - if (con->ccache != NULL) -@@ -185,7 +189,7 @@ - { - krb5_error_code ret; - krb5_principal principal; -- krb5_get_init_creds_opt opt; -+ krb5_get_init_creds_opt *opt; - krb5_creds cred; - krb5_keytab kt; - krb5_deltat start_time = 0; -@@ -198,7 +202,7 @@ - if (DEBUG_KRB5()) - kinkd_log(KLLV_DEBUG, - "bbkk: krb5_parse_name: %s\n", -- krb5_get_err_text(con->context, ret)); -+ krb5_get_error_message(con->context, ret)); - return ret; - } - ret = krb5_kt_default(con->context, &kt); -@@ -206,25 +210,26 @@ - if (DEBUG_KRB5()) - kinkd_log(KLLV_DEBUG, - "bbkk: krb5_kt_default: %s\n", -- krb5_get_err_text(con->context, ret)); -+ krb5_get_error_message(con->context, ret)); - krb5_free_principal(con->context, principal); - return ret; - } - - memset(&cred, 0, sizeof(cred)); -- krb5_get_init_creds_opt_init(&opt); -+ krb5_get_init_creds_opt_alloc(con->context, &opt); - krb5_get_init_creds_opt_set_default_flags(con->context, "kinit", -- principal->realm, &opt); /* XXX may not be kinit... */ -+ principal->realm, opt); /* XXX may not be kinit... */ - - ret = krb5_get_init_creds_keytab(con->context, &cred, principal, kt, -- start_time, NULL /* server */, &opt); -+ start_time, NULL /* server */, opt); - krb5_kt_close(con->context, kt); - krb5_free_principal(con->context, principal); -+ krb5_get_init_creds_opt_free(con->context, opt); - if (ret != 0) { - if (DEBUG_KRB5()) - kinkd_log(KLLV_DEBUG, - "bbkk: krb5_get_init_creds_keytab: %s\n", -- krb5_get_err_text(con->context, ret)); -+ krb5_get_error_message(con->context, ret)); - return ret; - } - -@@ -236,10 +241,10 @@ - if (DEBUG_KRB5()) - kinkd_log(KLLV_DEBUG, - "bbkk: krb5_cc_store_cred: %s\n", -- krb5_get_err_text(con->context, ret)); -+ krb5_get_error_message(con->context, ret)); - return ret; - } -- krb5_free_creds_contents(con->context, &cred); -+ krb5_free_cred_contents(con->context, &cred); - - return 0; - } -@@ -261,7 +266,7 @@ - if (DEBUG_KRB5()) - kinkd_log(KLLV_DEBUG, - "bbkk: krb5_parse_name: %s\n", -- krb5_get_err_text(con->context, ret)); -+ krb5_get_error_message(con->context, ret)); - return ret; - } - ret = krb5_parse_name(con->context, cprinc_str, &client); -@@ -269,7 +274,7 @@ - if (DEBUG_KRB5()) - kinkd_log(KLLV_DEBUG, - "bbkk: krb5_parse_name: %s\n", -- krb5_get_err_text(con->context, ret)); -+ krb5_get_error_message(con->context, ret)); - krb5_free_principal(con->context, server); - return ret; - } -@@ -292,7 +297,7 @@ - if (DEBUG_KRB5()) - kinkd_log(KLLV_DEBUG, - "bbkk: krb5_cc_remove_cred: %s\n", -- krb5_get_err_text(con->context, ret)); -+ krb5_get_error_message(con->context, ret)); - krb5_free_principal(con->context, client); - krb5_free_principal(con->context, server); - return ret; -@@ -311,7 +316,7 @@ - if (DEBUG_KRB5()) - kinkd_log(KLLV_DEBUG, - "bbkk: krb5_get_credentials: %s\n", -- krb5_get_err_text(con->context, ret)); -+ krb5_get_error_message(con->context, ret)); - return ret; - } - *cred = (void *)out_cred; -@@ -354,7 +359,7 @@ - if (DEBUG_KRB5()) - kinkd_log(KLLV_DEBUG, - "bbkk: krb5_copy_creds_contents: %s\n", -- krb5_get_err_text(con->context, ret)); -+ krb5_get_error_message(con->context, ret)); - goto cleanup; - } - int_auth_con = NULL; -@@ -364,12 +369,12 @@ - */ - ret = krb5_mk_req_extended(con->context, &int_auth_con, - AP_OPTS_MUTUAL_REQUIRED, NULL /* in_data */, &cred_copy, &ap_req); -- krb5_free_creds_contents(con->context, &cred_copy); -+ krb5_free_cred_contents(con->context, &cred_copy); - if (ret != 0) { - if (DEBUG_KRB5()) - kinkd_log(KLLV_DEBUG, - "bbkk: krb5_mk_req_extended: %s\n", -- krb5_get_err_text(con->context, ret)); -+ krb5_get_error_message(con->context, ret)); - goto cleanup; - } - -@@ -414,7 +419,7 @@ - if (DEBUG_KRB5()) - kinkd_log(KLLV_DEBUG, - "bbkk: krb5_rd_rep: %s\n", -- krb5_get_err_text(con->context, ret)); -+ krb5_get_error_message(con->context, ret)); - return ret; - } - -@@ -462,7 +467,7 @@ - if (ret != 0) { - kinkd_log(KLLV_SYSERR, - "krb5e_force_get_key: (%d) %s\n", -- ret, krb5_get_err_text(con->context, ret)); -+ ret, krb5_get_error_message(con->context, ret)); - krb5_auth_con_free(con->context, auth_context); - return ret; - } -@@ -470,7 +475,7 @@ - if (DEBUG_KRB5()) - kinkd_log(KLLV_DEBUG, - "bbkk: krb5_rd_req: (%d)%s\n", -- saveret, krb5_get_err_text(con->context, saveret)); -+ saveret, krb5_get_error_message(con->context, saveret)); - krb5_auth_con_free(con->context, auth_context); - return saveret; - } -@@ -492,7 +497,7 @@ - if (DEBUG_KRB5()) - kinkd_log(KLLV_DEBUG, - "bbkk: krb5_rc_store: %s\n", -- krb5_get_err_text(con->context, ret)); -+ krb5_get_error_message(con->context, ret)); - if (ticket != NULL) - krb5_free_ticket(con->context, ticket); - krb5_auth_con_free(con->context, auth_context); -@@ -507,7 +512,7 @@ - if (DEBUG_KRB5()) - kinkd_log(KLLV_DEBUG, - "bbkk: krb5_mk_rep: %s\n", -- krb5_get_err_text(con->context, ret)); -+ krb5_get_error_message(con->context, ret)); - /* - * XXX Heimdal-0.6.x - * Heimdal-0.6.x frees only ticket contents, not containter; -@@ -536,7 +541,7 @@ - if (DEBUG_KRB5()) - kinkd_log(KLLV_DEBUG, - "bbkk: krb5_rd_req: (%d)%s\n", -- saveret, krb5_get_err_text(con->context, saveret)); -+ saveret, krb5_get_error_message(con->context, saveret)); - if (ticket != NULL) - krb5_free_ticket(con->context, ticket); - return saveret; -@@ -584,7 +589,7 @@ - time_t ctime, *ctimep; - int cusec, *cusecp; - -- e_text = krb5_get_err_text(con->context, ecode); -+ e_text = krb5_get_error_message(con->context, ecode); - if (ecode < KRB5KDC_ERR_NONE || KRB5_ERR_RCSID <= ecode) { - kinkd_log(KLLV_SYSWARN, - "non protocol errror (%d), use GENERIC\n", ecode); -@@ -609,7 +614,7 @@ - if (DEBUG_KRB5()) - kinkd_log(KLLV_DEBUG, - "bbkk: krb5_mk_error: %s\n", -- krb5_get_err_text(con->context, ret)); -+ krb5_get_error_message(con->context, ret)); - return ret; - } - -@@ -635,7 +640,7 @@ - if (DEBUG_KRB5()) - kinkd_log(KLLV_DEBUG, - "bbkk: krb5_rd_error: %s\n", -- krb5_get_err_text(con->context, ret)); -+ krb5_get_error_message(con->context, ret)); - return ret; - } - -@@ -926,7 +931,7 @@ - if (con == NULL) - return "Failed in initialization, so no message is available"; - else -- return krb5_get_err_text(con->context, ecode); -+ return krb5_get_error_message(con->context, ecode); - } - - -@@ -951,7 +956,7 @@ - keyblock = NULL; - - if ((t = (krb5_ticket *)malloc(sizeof(*t))) == NULL) { -- krb5_clear_error_string(context); -+ krb5_clear_error_message(context); - return ENOMEM; - } - *t = t0; -@@ -966,14 +971,14 @@ - principalname2krb5_principal(&server, - ap_req.ticket.sname, ap_req.ticket.realm); - #else -- _krb5_principalname2krb5_principal(&server, -+ _krb5_principalname2krb5_principal(context, &server, - ap_req.ticket.sname, ap_req.ticket.realm); - #endif - - if (ap_req.ap_options.use_session_key && ac->keyblock == NULL) { -- krb5_set_error_string(context, "krb5_rd_req: user to user " -- "auth without session key given"); - ret = KRB5KRB_AP_ERR_NOKEY; -+ krb5_set_error_message(context, ret, -+ "krb5_rd_req: user to user auth without session key given"); - goto fail; - } - -@@ -1009,6 +1014,13 @@ - } - - /* decrypt ticket */ -+#if 1 -+ ret = krb5_decrypt_ticket(context, &ap_req.ticket, -+ ac->keyblock != NULL ? ac->keyblock : keyblock, -+ &t->ticket, 0); -+ if (ret != 0) -+ goto fail; -+#else - { - krb5_data plain; - size_t len; -@@ -1030,6 +1042,7 @@ - if (ret != 0) - goto fail; - } -+#endif - - /* get keyblock from ticket */ - if (ac->keyblock != NULL) { -@@ -1039,6 +1052,11 @@ - krb5_copy_keyblock(context, &t->ticket.key, &ac->keyblock); - - /* handle authenticator */ -+#if 1 -+ ret = krb5_auth_con_getauthenticator(context, ac, &ac->authenticator); -+ if (ret != 0) -+ goto fail; -+#else - { - krb5_data plain; - size_t len; -@@ -1059,6 +1077,7 @@ - if (ret != 0) - goto fail; - } -+#endif - if (ac->authenticator->seq_number) - krb5_auth_con_setremoteseqnumber(context, ac, - *ac->authenticator->seq_number); diff --git a/security/racoon2/patches/patch-kinkd_isakmp__quick.c b/security/racoon2/patches/patch-kinkd_isakmp__quick.c deleted file mode 100644 index b920fa08579..00000000000 --- a/security/racoon2/patches/patch-kinkd_isakmp__quick.c +++ /dev/null @@ -1,61 +0,0 @@ -$NetBSD: patch-kinkd_isakmp__quick.c,v 1.1 2018/05/29 01:22:50 christos Exp $ - -Fix unused - ---- kinkd/isakmp_quick.c.orig 2009-09-04 15:59:33.000000000 -0400 -+++ kinkd/isakmp_quick.c 2018-05-28 21:12:13.401432933 -0400 -@@ -191,9 +191,11 @@ - } - - if (iph2->id_p) { -+#if 0 - uint8_t dummy_plen; - uint16_t dummy_ulproto; - int ret; -+#endif - - plog(LLV_DEBUG, LOCATION, NULL, "received IDci2:"); - plogdump(LLV_DEBUG, iph2->id_p->v, iph2->id_p->l); -@@ -212,9 +214,11 @@ - #endif - } - if (iph2->id) { -+#if 0 - uint8_t dummy_plen; - uint16_t dummy_ulproto; - int ret; -+#endif - - plog(LLV_DEBUG, LOCATION, NULL, "received IDcr2:"); - plogdump(LLV_DEBUG, iph2->id->v, iph2->id->l); -@@ -258,7 +262,9 @@ - { - rc_vchar_t *pbuf = NULL; /* for payload parsing */ - struct isakmp_parse_t *pa; -+#if 0 - int f_id; -+#endif - int error = ISAKMP_INTERNAL_ERROR; - - /* -@@ -290,7 +296,9 @@ - * parse the payloads. - */ - iph2->sa_ret = NULL; -+#if 0 - f_id = 0; /* flag to use checking ID */ -+#endif - for (; pa->type; pa++) { - - switch (pa->type) { -@@ -319,9 +327,9 @@ - - case ISAKMP_NPTYPE_ID: - { -+#if 0 /* ID payloads are not supported yet. */ - rc_vchar_t *vp; - --#if 0 /* ID payloads are not supported yet. */ - /* check ID value */ - if (f_id == 0) { - /* for IDci */ diff --git a/security/racoon2/patches/patch-kinkd_session.c b/security/racoon2/patches/patch-kinkd_session.c deleted file mode 100644 index b80cf99c307..00000000000 --- a/security/racoon2/patches/patch-kinkd_session.c +++ /dev/null @@ -1,15 +0,0 @@ -$NetBSD: patch-kinkd_session.c,v 1.1 2018/05/29 01:22:50 christos Exp $ - -Fix pointer to integer cast - ---- kinkd/session.c.orig 2006-08-11 16:44:34.000000000 -0400 -+++ kinkd/session.c 2018-05-28 21:09:41.263580997 -0400 -@@ -290,7 +290,7 @@ - { - int signo; - -- signo = (int)arg; -+ signo = (int)(intptr_t)arg; - - switch (signo) { - case SIGHUP: diff --git a/security/racoon2/patches/patch-lib_cfparse.y b/security/racoon2/patches/patch-lib_cfparse.y deleted file mode 100644 index 6e9de377878..00000000000 --- a/security/racoon2/patches/patch-lib_cfparse.y +++ /dev/null @@ -1,15 +0,0 @@ -$NetBSD: patch-lib_cfparse.y,v 1.1 2013/03/29 13:52:45 joerg Exp $ - -Fix type mismatch to avoid compilation error. - ---- lib/cfparse.y.orig 2009-02-02 17:49:18.000000000 +0900 -+++ lib/cfparse.y 2013-03-29 21:31:04.000000000 +0900 -@@ -1712,7 +1712,7 @@ - int n; - char *bp; - struct cf_list *new; -- rcf_t type; -+ rc_type type; - - n = strtoll(str, &bp, 10); - diff --git a/security/racoon2/patches/patch-lib_cfsetup.c b/security/racoon2/patches/patch-lib_cfsetup.c deleted file mode 100644 index d63a8a35f08..00000000000 --- a/security/racoon2/patches/patch-lib_cfsetup.c +++ /dev/null @@ -1,23 +0,0 @@ -$NetBSD: patch-lib_cfsetup.c,v 1.1 2012/12/15 08:10:59 marino Exp $ - -Fix "error: variable 'va' set but not used" errors on gcc4.6+ - ---- lib/cfsetup.c.orig 2008-11-13 05:59:53.000000000 +0000 -+++ lib/cfsetup.c -@@ -3026,7 +3026,6 @@ rcf_fix_addrlist(struct cf_list *head, s - { - struct rc_addrlist *new_head = 0, *new = 0, **lastap; - struct cf_list *n, *m; -- rc_vchar_t va; - struct rc_addrlist *al = 0; - char port[10]; - int nport; -@@ -3060,8 +3059,6 @@ rcf_fix_addrlist(struct cf_list *head, s - "at %d in %s\n", m->lineno, m->file); - goto err; - } -- va.l = strlen(n->d.str); -- va.v = n->d.str; - error = rcs_getaddrlist(n->d.str, port, RCT_ADDR_FQDN, &al); - if (error) { - plog(PLOG_INTERR, PLOGLOC, NULL, diff --git a/security/racoon2/patches/patch-lib_cftoken.l b/security/racoon2/patches/patch-lib_cftoken.l deleted file mode 100644 index fb85e105dc3..00000000000 --- a/security/racoon2/patches/patch-lib_cftoken.l +++ /dev/null @@ -1,24 +0,0 @@ -$NetBSD: patch-lib_cftoken.l,v 1.2 2018/05/29 01:22:50 christos Exp $ - -Fixes for modern flex - ---- lib/cftoken.l.orig 2018-05-28 17:21:27.733726555 -0400 -+++ lib/cftoken.l 2018-05-28 17:21:57.559009640 -0400 -@@ -53,7 +53,7 @@ - extern int yyget_lineno (void); - extern FILE *yyget_in (void); - extern FILE *yyget_out (void); --extern int yyget_leng (void); -+extern yy_size_t yyget_leng (void); - extern char *yyget_text (void); - extern void yyset_lineno (int); - extern void yyset_in (FILE *); -@@ -76,7 +76,7 @@ - #define YYDEBUG 1 - #define DP \ - if (cf_debug) { \ -- fprintf(CF_ERRDEV, "%s:%d:%d[%s] len=%d\n", \ -+ fprintf(CF_ERRDEV, "%s:%d:%d[%s] len=%zu\n", \ - rcf_istk[rcf_istkp].path, rcf_istk[rcf_istkp].lineno, \ - yy_start, yytext, yyleng); \ - } diff --git a/security/racoon2/patches/patch-lib_if__pfkeyv2.c b/security/racoon2/patches/patch-lib_if__pfkeyv2.c deleted file mode 100644 index 234b42b2152..00000000000 --- a/security/racoon2/patches/patch-lib_if__pfkeyv2.c +++ /dev/null @@ -1,26 +0,0 @@ -$NetBSD: patch-lib_if__pfkeyv2.c,v 1.1 2012/12/15 08:10:59 marino Exp $ - -Fix "error: variable 'keytype' set but not used" errors on gcc4.6+ - ---- lib/if_pfkeyv2.c.orig 2008-04-25 06:02:56.000000000 +0000 -+++ lib/if_pfkeyv2.c -@@ -1139,19 +1139,16 @@ rcpfk_set_sadbkey(rc_vchar_t **msg, stru - { - rc_vchar_t *buf; - struct sadb_key *p; -- int keytype; - size_t keylen; - caddr_t key; - int len, prevlen, extlen; - - switch (type) { - case SADB_EXT_KEY_AUTH: -- keytype = rct2pfk_authtype(rc->authtype); - key = rc->authkey; - keylen = rc->authkeylen; - break; - case SADB_EXT_KEY_ENCRYPT: -- keytype = rct2pfk_enctype(rc->enctype); - key = rc->enckey; - keylen = rc->enckeylen; - break; diff --git a/security/racoon2/patches/patch-lib_if__spmd.c b/security/racoon2/patches/patch-lib_if__spmd.c deleted file mode 100644 index f5bf3d57304..00000000000 --- a/security/racoon2/patches/patch-lib_if__spmd.c +++ /dev/null @@ -1,68 +0,0 @@ -$NetBSD: patch-lib_if__spmd.c,v 1.1 2018/05/29 01:22:50 christos Exp $ - -Adjust for OpenSSL v1.1 - ---- lib/if_spmd.c.orig 2008-03-27 06:05:42.000000000 -0400 -+++ lib/if_spmd.c 2018-05-28 13:31:19.367838157 -0400 -@@ -1100,7 +1100,7 @@ - spmd_if_login_response(struct spmd_cid *pci) - { - unsigned char md[EVP_MAX_MD_SIZE]; -- EVP_MD_CTX ctx; -+ EVP_MD_CTX *ctx; - size_t hash_len; - unsigned int md_len; - int error, used, i; -@@ -1108,28 +1108,33 @@ - - error = -1; - -- EVP_MD_CTX_init(&ctx); -- if (!EVP_DigestInit_ex(&ctx, SPMD_DIGEST_ALG, SPMD_EVP_ENGINE)) { -+ ctx = EVP_MD_CTX_new(); -+ if (ctx == NULL) { -+ plog(PLOG_INTERR, PLOGLOC, NULL, -+ "failed to allocate Message Digest context\n"); -+ goto fail_early; -+ } -+ if (!EVP_DigestInit_ex(ctx, SPMD_DIGEST_ALG, SPMD_EVP_ENGINE)) { - plog(PLOG_INTERR, PLOGLOC, NULL, - "failed to initilize Message Digest function\n"); - goto fail_early; - } -- if (!EVP_DigestUpdate(&ctx, pci->challenge, strlen(pci->challenge))) { -+ if (!EVP_DigestUpdate(ctx, pci->challenge, strlen(pci->challenge))) { - plog(PLOG_INTERR, PLOGLOC, NULL, - "failed to hash Challenge\n"); - goto fail; - } -- if (!EVP_DigestUpdate(&ctx, pci->password, strlen(pci->password))) { -+ if (!EVP_DigestUpdate(ctx, pci->password, strlen(pci->password))) { - plog(PLOG_INTERR, PLOGLOC, NULL, - "failed to hash Password\n"); - goto fail; - } -- if (sizeof(md) < EVP_MD_CTX_size(&ctx)) { -+ if (sizeof(md) < EVP_MD_CTX_size(ctx)) { - plog(PLOG_INTERR, PLOGLOC, NULL, - "Message Digest buffer is not enough\n"); - goto fail; - } -- if (!EVP_DigestFinal_ex(&ctx, md, &md_len)) { -+ if (!EVP_DigestFinal_ex(ctx, md, &md_len)) { - plog(PLOG_INTERR, PLOGLOC, NULL, - "failed to get Message Digest value\n"); - goto fail; -@@ -1154,11 +1159,7 @@ - - error = 0; - fail: -- if (!EVP_MD_CTX_cleanup(&ctx)) { -- plog(PLOG_INTERR, PLOGLOC, NULL, -- "failed to cleanup Message Digest context\n"); -- error = -1; /* error again */ -- } -+ EVP_MD_CTX_free(ctx); - fail_early: - return error; - } diff --git a/security/racoon2/patches/patch-spmd_fqdn__query.c b/security/racoon2/patches/patch-spmd_fqdn__query.c deleted file mode 100644 index e5e3d184b34..00000000000 --- a/security/racoon2/patches/patch-spmd_fqdn__query.c +++ /dev/null @@ -1,29 +0,0 @@ -$NetBSD: patch-spmd_fqdn__query.c,v 1.1 2018/05/29 01:22:50 christos Exp $ - -Fix unused - ---- spmd/fqdn_query.c.orig 2007-07-25 08:22:18.000000000 -0400 -+++ spmd/fqdn_query.c 2018-05-28 19:43:35.179657737 -0400 -@@ -163,10 +163,9 @@ - fqdn_query_response(struct task *t) - { - char data[MAX_UDP_DNS_SIZE]; -- int ret; - - /* just discard */ -- ret = recvfrom(t->fd, data, sizeof(data), t->flags, t->sa, &(t->salen)); -+ (void)recvfrom(t->fd, data, sizeof(data), t->flags, t->sa, &(t->salen)); - - spmd_free(t->sa); - close(t->fd); -@@ -178,9 +177,8 @@ - fqdn_query_send(struct task *t) - { - struct task *newt = NULL; -- int ret=0; - -- ret = sendto(t->fd, t->msg, t->len, t->flags, t->sa, t->salen); -+ (void)sendto(t->fd, t->msg, t->len, t->flags, t->sa, t->salen); - - newt = task_alloc(0); - newt->fd = t->fd; diff --git a/security/racoon2/patches/patch-spmd_main.c b/security/racoon2/patches/patch-spmd_main.c deleted file mode 100644 index 97227fcc148..00000000000 --- a/security/racoon2/patches/patch-spmd_main.c +++ /dev/null @@ -1,21 +0,0 @@ -$NetBSD: patch-spmd_main.c,v 1.1 2018/05/29 01:22:50 christos Exp $ - -Fix unused variable - ---- spmd/main.c.orig 2008-07-11 18:35:46.000000000 -0400 -+++ spmd/main.c 2018-05-28 19:26:45.583066490 -0400 -@@ -378,11 +378,12 @@ - do_daemon(void) - { - pid_t pid; -- int en; - - openlog("spmd", LOG_PID, LOG_DAEMON); - if (daemon(0, 0) < 0) { -- en = errno; -+#ifdef __linux__ /* glibc specific ? */ -+ int en = errno; -+#endif - perror("daemon()"); - #ifdef __linux__ /* glibc specific ? */ - if (en == 0) { diff --git a/security/racoon2/patches/patch-spmd_shell.c b/security/racoon2/patches/patch-spmd_shell.c deleted file mode 100644 index 36eb04becd3..00000000000 --- a/security/racoon2/patches/patch-spmd_shell.c +++ /dev/null @@ -1,61 +0,0 @@ -$NetBSD: patch-spmd_shell.c,v 1.1 2018/05/29 01:22:50 christos Exp $ - -Fix for OpenSSL 1.1 - ---- spmd/shell.c 2008-01-25 01:13:01.000000000 -0500 -+++ spmd/shell.c 2018-05-28 13:54:05.166565802 -0400 -@@ -655,7 +655,7 @@ - char *p; - int i; - const EVP_MD *m; -- EVP_MD_CTX ctx; -+ EVP_MD_CTX *ctx; - unsigned char digest[EVP_MAX_MD_SIZE]; - unsigned int digest_len; - -@@ -693,27 +693,27 @@ - } - } - #endif -- EVP_MD_CTX_init(&ctx); -- if (!EVP_DigestInit_ex(&ctx, m, SPMD_EVP_ENGINE)) { -- SPMD_PLOG(SPMD_L_INTERR, "Failed to initilize Message Digest function"); -+ ctx = EVP_MD_CTX_new(); -+ if (ctx == NULL) { -+ SPMD_PLOG(SPMD_L_INTERR, "Failed to allocate Message Digest context"); - goto fin; - } -- if (!EVP_DigestUpdate(&ctx, seed, seed_len)) { -+ if (!EVP_DigestInit_ex(ctx, m, SPMD_EVP_ENGINE)) { -+ SPMD_PLOG(SPMD_L_INTERR, "Failed to initialize Message Digest function"); -+ goto fin; -+ } -+ if (!EVP_DigestUpdate(ctx, seed, seed_len)) { - SPMD_PLOG(SPMD_L_INTERR, "Failed to hash Seed"); - goto fin; - } -- if (!EVP_DigestFinal_ex(&ctx, digest, &digest_len)) { -+ if (!EVP_DigestFinal_ex(ctx, digest, &digest_len)) { - SPMD_PLOG(SPMD_L_INTERR, "Failed to get Message Digest value"); - goto fin; - } -- if (digest_len != EVP_MD_CTX_size(&ctx)) { -+ if (digest_len != EVP_MD_CTX_size(ctx)) { - SPMD_PLOG(SPMD_L_INTERR, "Message Digest length is not enough"); - goto fin; - } -- if (!EVP_MD_CTX_cleanup(&ctx)) { -- SPMD_PLOG(SPMD_L_INTERR, "Failed to cleanup Message Digest context"); -- goto fin; -- } - - challenge_len = digest_len*2+1; - challenge = spmd_calloc(challenge_len); -@@ -729,6 +729,7 @@ - } - - fin: -+ EVP_MD_CTX_free(ctx); - spmd_free(seed); - just_fin: - return challenge; diff --git a/security/racoon2/patches/patch-spmd_spmd__pfkey.c b/security/racoon2/patches/patch-spmd_spmd__pfkey.c deleted file mode 100644 index 117a729cae2..00000000000 --- a/security/racoon2/patches/patch-spmd_spmd__pfkey.c +++ /dev/null @@ -1,22 +0,0 @@ -$NetBSD: patch-spmd_spmd__pfkey.c,v 1.1 2018/05/29 01:22:50 christos Exp $ - -Remove unused. - ---- spmd/spmd_pfkey.c.orig 2008-07-11 18:35:46.000000000 -0400 -+++ spmd/spmd_pfkey.c 2018-05-28 19:45:26.942125292 -0400 -@@ -326,7 +326,6 @@ - spmd_nonfqdn_sp_add(struct rcf_selector *sl) - { - struct rcf_policy *pl = NULL; -- struct rcf_ipsec *ips = NULL; - struct rc_addrlist *al = NULL; - struct rc_addrlist *ipal = NULL; - struct rc_addrlist *ipal_tmp = NULL; -@@ -373,7 +372,6 @@ - if (!sl->pl->ips) { - return -1; - } -- ips = sl->pl->ips; - - /* check rcf_ipsec{} sa_* set or NULL */ - if (set_satype(sl, rc)<0) { diff --git a/security/racoon2/patches/patch-spmd_spmdctl.c b/security/racoon2/patches/patch-spmd_spmdctl.c deleted file mode 100644 index 5708867c1c6..00000000000 --- a/security/racoon2/patches/patch-spmd_spmdctl.c +++ /dev/null @@ -1,366 +0,0 @@ -$NetBSD: patch-spmd_spmdctl.c,v 1.1 2018/05/29 01:22:50 christos Exp $ - -- Fix inefficient snprintfs, and detect errors. -- Fix wrong memset length - -*** spmd/spmdctl.c.orig Sun Mar 28 21:52:00 2010 ---- spmd/spmdctl.c Mon May 28 14:17:08 2018 -*************** -*** 38,43 **** ---- 38,44 ---- - #include <netdb.h> - #include <netinet/tcp.h> - #include <signal.h> -+ #include <stdarg.h> - #include <errno.h> - #include "spmd_includes.h" - #include "spmd_internal.h" -*************** -*** 154,159 **** ---- 155,176 ---- - return len; - } - -+ static ssize_t __attribute__((__format__(__printf__, 2, 3))) -+ sc_writestr(int fd, const char *fmt, ...) -+ { -+ char buf[2048]; -+ va_list ap; -+ va_start(ap, fmt); -+ int len = vsnprintf(buf, sizeof(buf), fmt, ap); -+ va_end(ap); -+ if (len == -1) { -+ perror("sc_writestr"); -+ return -1; -+ } -+ -+ return sc_writemsg(fd, buf, (size_t)len); -+ } -+ - static int - sc_getline(int fd, char *buf, int len) - { -*************** -*** 247,253 **** - sc_parse_alloc_sp_entry(const char *str, struct sp_entry *pre) - { - char *ap, *cp; -! size_t slid_len=0, len=0; - struct sp_entry *sd=NULL; - - sd = malloc(sizeof(*sd)); ---- 264,270 ---- - sc_parse_alloc_sp_entry(const char *str, struct sp_entry *pre) - { - char *ap, *cp; -! size_t slid_len=0; - struct sp_entry *sd=NULL; - - sd = malloc(sizeof(*sd)); -*************** -*** 261,267 **** - sd->sa_dst = (struct sockaddr *)&sd->ss_sa_dst; - - if (str) { -- len = strlen(str); - ap = (char *)str; - cp = strpbrk(ap, " "); - if (!cp) { ---- 278,283 ---- -*************** -*** 575,581 **** - sc_setup_pfkey(struct rcpfk_msg *rc) - { - -! memset(rc, 0, sizeof(rc)); - memset(&pfkey_cbs, 0, sizeof(pfkey_cbs)); - pfkey_cbs.cb_spddump = &sc_spddump_cb; - ---- 591,597 ---- - sc_setup_pfkey(struct rcpfk_msg *rc) - { - -! memset(rc, 0, sizeof(*rc)); - memset(&pfkey_cbs, 0, sizeof(pfkey_cbs)); - pfkey_cbs.cb_spddump = &sc_spddump_cb; - -*************** -*** 657,665 **** - sc_policy(int s, char *selector_index, uint64_t lifetime, sa_mode_t samode, - const char *sp_src, const char *sp_dst, const char *sa_src, const char *sa_dst, int flag) - { -- char wbuf[BUFSIZ]; - char rbuf[BUFSIZ]; -- int w; - char sl[512]; /* XXX */ - char lt[32]; - int ps; ---- 673,679 ---- -*************** -*** 669,697 **** - - if (flag == TYPE_POLICY_ADD) { - if (samode == SA_MODE_TRANSPORT) { - snprintf(sl, sizeof(sl), "%s", selector_index); - snprintf(lt, sizeof(lt), "%" PRIu64, lifetime); -! snprintf(wbuf, sizeof(wbuf), "POLICY ADD %s %s TRANSPORT %s %s\r\n", -! sl, lt, sp_src, sp_dst); -! w= sc_writemsg(s, wbuf, strlen(wbuf)); -! } -! else if (samode == SA_MODE_TUNNEL) { -! return -1; -! snprintf(sl, sizeof(sl), "%s", selector_index); -! snprintf(lt, sizeof(lt), "%" PRIu64, lifetime); -! snprintf(wbuf, sizeof(wbuf), "POLICY ADD %s %s TUNNEL %s %s %s %s\r\n", -! sl, lt, sp_src, sp_dst, sa_src, sa_dst); -! w= sc_writemsg(s, wbuf, strlen(wbuf)); - } else { - return -1; - } - } else if (flag == TYPE_POLICY_DEL) { -! snprintf(sl, sizeof(sl), "%s", selector_index); -! snprintf(wbuf, sizeof(wbuf), "POLICY DELETE %s\r\n", sl); -! w= sc_writemsg(s, wbuf, strlen(wbuf)); - } else if (flag == TYPE_POLICY_DUMP) { -! snprintf(wbuf, sizeof(wbuf), "POLICY DUMP\r\n"); -! w= sc_writemsg(s, wbuf, strlen(wbuf)); - goto dump; - } else { - return -1; ---- 683,710 ---- - - if (flag == TYPE_POLICY_ADD) { - if (samode == SA_MODE_TRANSPORT) { -+ if (sc_writestr(s, -+ "POLICY ADD %s %" PRIu64 " TRANSPORT %s %s\r\n", -+ selector_index, lifetime, sp_src, sp_dst) < 0) -+ return -1; -+ } else if (samode == SA_MODE_TUNNEL) { - snprintf(sl, sizeof(sl), "%s", selector_index); - snprintf(lt, sizeof(lt), "%" PRIu64, lifetime); -! if (sc_writestr(s, -! "POLICY ADD %s %" PRIu64 " TUNNEL %s %s %s %s\r\n", -! selector_index, lifetime, sp_src, sp_dst, sa_src, -! sa_dst) < 0) -! return -1; -! - } else { - return -1; - } - } else if (flag == TYPE_POLICY_DEL) { -! if (sc_writestr(s, "POLICY DELETE %s\r\n", selector_index) < 0) -! return -1; - } else if (flag == TYPE_POLICY_DUMP) { -! if (sc_writestr(s, "POLICY DUMP\r\n") < 0) -! return -1; - goto dump; - } else { - return -1; -*************** -*** 752,768 **** - sc_migrate(int s, char *selector_index, const char *src0, const char *dst0, - const char *src, const char *dst) - { -- char wbuf[BUFSIZ]; - char rbuf[BUFSIZ]; -- int w; -- char sl[512]; /* XXX */ -- -- snprintf(sl, sizeof(sl), "%s", selector_index); -- snprintf(wbuf, sizeof(wbuf), -- "MIGRATE %s %s %s %s %s\r\n", -- sl, src0, dst0, src, dst); -- w = sc_writemsg(s, wbuf, strlen(wbuf)); - - if (sc_getline(s, rbuf, sizeof(rbuf)) < 0) { - fprintf(stderr, "can't get response from spmd\n"); - return -1; ---- 765,775 ---- - sc_migrate(int s, char *selector_index, const char *src0, const char *dst0, - const char *src, const char *dst) - { - char rbuf[BUFSIZ]; - -+ if (sc_writestr(s, "MIGRATE %s %s %s %s %s\r\n", -+ selector_index, src0, dst0, src, dst) < 0) -+ return -1; - if (sc_getline(s, rbuf, sizeof(rbuf)) < 0) { - fprintf(stderr, "can't get response from spmd\n"); - return -1; -*************** -*** 777,786 **** - static int - sc_status(int s) - { -- int w; - char rbuf[512]; - -! w = sc_writemsg(s, "STAT\r\n", strlen("STAT\r\n")); - while ( sc_getline(s, rbuf, sizeof(rbuf)) > 0) { - if (rbuf[0] != '2') - return -1; ---- 784,793 ---- - static int - sc_status(int s) - { - char rbuf[512]; - -! if (sc_writestr(s, "STAT\r\n") < 0) -! return -1; - while ( sc_getline(s, rbuf, sizeof(rbuf)) > 0) { - if (rbuf[0] != '2') - return -1; -*************** -*** 795,803 **** - static int - sc_ns(int s, char *addr, int flag) - { -- int w; - char rbuf[512]; -- char wbuf[512]; - char naddr[NI_MAXHOST]; - int match=0; - ---- 802,808 ---- -*************** -*** 811,817 **** - - - if (flag == TYPE_NS_ADD) { -! w = sc_writemsg(s, "NS LIST\r\n", strlen("NS LIST\r\n")); - while ( sc_getline(s, rbuf, sizeof(rbuf)) > 0) { - if (rbuf[0] != '2') - return -1; ---- 816,823 ---- - - - if (flag == TYPE_NS_ADD) { -! if (sc_writestr(s, "NS LIST\r\n") < 0) -! return -1; - while ( sc_getline(s, rbuf, sizeof(rbuf)) > 0) { - if (rbuf[0] != '2') - return -1; -*************** -*** 823,838 **** - } - - if (match) { -! snprintf(wbuf, sizeof(wbuf), "NS CHANGE %s\r\n", naddr); -! w= sc_writemsg(s, wbuf, strlen(wbuf)); - } else { -! snprintf(wbuf, sizeof(wbuf), "NS ADD %s\r\n", naddr); -! w= sc_writemsg(s, wbuf, strlen(wbuf)); - } - return 0; - } else if (flag == TYPE_NS_DEL) { - int lines=0; -! w = sc_writemsg(s, "NS LIST\r\n", strlen("NS LIST\r\n")); - while ( sc_getline(s, rbuf, sizeof(rbuf)) > 0) { - if (rbuf[0] != '2') - return -1; ---- 829,845 ---- - } - - if (match) { -! if (sc_writestr(s, "NS CHANGE %s\r\n", naddr) < 0) -! return -1; - } else { -! if (sc_writestr(s, "NS ADD %s\r\n", naddr) < 0) -! return -1; - } - return 0; - } else if (flag == TYPE_NS_DEL) { - int lines=0; -! if (sc_writestr(s, "NS LIST\r\n") < 0) -! return -1; - while ( sc_getline(s, rbuf, sizeof(rbuf)) > 0) { - if (rbuf[0] != '2') - return -1; -*************** -*** 845,856 **** - } - - if (match && lines >1) { -! snprintf(wbuf, sizeof(wbuf), "NS DELETE %s\r\n", naddr); -! w= sc_writemsg(s, wbuf, strlen(wbuf)); - } - return 0; - } else if (flag == TYPE_NS_LST) { -! sc_writemsg(s, "NS LIST\r\n", strlen("NS LIST\r\n")); - while ( sc_getline(s, rbuf, sizeof(rbuf)) > 0) { - if (rbuf[0] != '2') - return -1; ---- 852,864 ---- - } - - if (match && lines >1) { -! if (sc_writestr(s, "NS DELETE %s\r\n", naddr) < 0) -! return -1; - } - return 0; - } else if (flag == TYPE_NS_LST) { -! if (sc_writestr(s, "NS LIST\r\n") < 0) -! return -1; - while ( sc_getline(s, rbuf, sizeof(rbuf)) > 0) { - if (rbuf[0] != '2') - return -1; -*************** -*** 977,983 **** - { - char rbuf[512]; - char wbuf[512]; -! int r,w; - int s = -1; - struct rc_addrlist *rcl_top = NULL, *rcl; - struct sockaddr *sa; ---- 985,991 ---- - { - char rbuf[512]; - char wbuf[512]; -! int r; - int s = -1; - struct rc_addrlist *rcl_top = NULL, *rcl; - struct sockaddr *sa; -*************** -*** 1111,1118 **** - fprintf(stdout, "hash=%s\n", cid.hash); - } - -! snprintf(wbuf, sizeof(wbuf), "LOGIN %s\r\n", cid.hash); -! w = sc_writemsg(s, wbuf, strlen(wbuf)); - r = sc_getline(s, rbuf, sizeof(rbuf)); - if (r<0) { - perror("LOGIN:read"); ---- 1119,1126 ---- - fprintf(stdout, "hash=%s\n", cid.hash); - } - -! if (sc_writestr(s, "LOGIN %s\r\n", cid.hash) < 0) -! exit(EXIT_FAILURE); - r = sc_getline(s, rbuf, sizeof(rbuf)); - if (r<0) { - perror("LOGIN:read"); -*************** -*** 1134,1142 **** - sc_quit(int s) - { - char rbuf[512]; -! int r,w; - -! w = sc_writemsg(s, "QUIT\r\n", strlen("QUIT\r\n")); - r = sc_getline(s, rbuf, sizeof(rbuf)); - if (r<0) { - perror("QUIT:read"); ---- 1142,1153 ---- - sc_quit(int s) - { - char rbuf[512]; -! int r; - -! if (sc_writestr(s, "QUIT\r\n")) { -! close(s); -! return -1; -! } - r = sc_getline(s, rbuf, sizeof(rbuf)); - if (r<0) { - perror("QUIT:read"); |