pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/security/racoon2 Buck Rogers in the 25th century: make...
details: https://anonhg.NetBSD.org/pkgsrc/rev/da3678a2d321
branches: trunk
changeset: 381077:da3678a2d321
user: christos <christos%pkgsrc.org@localhost>
date: Tue May 29 01:22:50 2018 +0000
description:
Buck Rogers in the 25th century: make this compile again.
diffstat:
security/racoon2/Makefile | 4 +-
security/racoon2/distinfo | 25 +-
security/racoon2/patches/patch-iked_crypto__impl.h | 15 +
security/racoon2/patches/patch-iked_crypto__openssl.c | 714 +++++++++++++++++
security/racoon2/patches/patch-iked_ike__conf.c | 36 +
security/racoon2/patches/patch-iked_ikev1_ikev1.c | 24 +
security/racoon2/patches/patch-iked_ikev1_ipsec__doi.c | 48 +
security/racoon2/patches/patch-iked_ikev1_oakley.c | 91 ++
security/racoon2/patches/patch-iked_ikev1_pfkey.c | 71 +
security/racoon2/patches/patch-iked_ikev2.c | 78 +
security/racoon2/patches/patch-iked_ikev2__child.c | 26 +
security/racoon2/patches/patch-iked_ikev2__notify.c | 24 +
security/racoon2/patches/patch-kinkd-crypto__openssl.c | 117 ++
security/racoon2/patches/patch-kinkd-ipsec__doi.c | 34 +
security/racoon2/patches/patch-kinkd_bbkk__heimdal.c | 310 +++++++
security/racoon2/patches/patch-kinkd_isakmp__quick.c | 61 +
security/racoon2/patches/patch-kinkd_session.c | 15 +
security/racoon2/patches/patch-lib_cftoken.l | 18 +-
security/racoon2/patches/patch-lib_if__spmd.c | 68 +
security/racoon2/patches/patch-spmd_fqdn__query.c | 29 +
security/racoon2/patches/patch-spmd_main.c | 21 +
security/racoon2/patches/patch-spmd_shell.c | 61 +
security/racoon2/patches/patch-spmd_spmd__pfkey.c | 22 +
security/racoon2/patches/patch-spmd_spmdctl.c | 366 ++++++++
24 files changed, 2265 insertions(+), 13 deletions(-)
diffs (truncated from 2405 to 300 lines):
diff -r efc86d1fd4c5 -r da3678a2d321 security/racoon2/Makefile
--- a/security/racoon2/Makefile Tue May 29 00:45:19 2018 +0000
+++ b/security/racoon2/Makefile Tue May 29 01:22:50 2018 +0000
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.11 2016/07/09 06:38:56 wiz Exp $
+# $NetBSD: Makefile,v 1.12 2018/05/29 01:22:50 christos Exp $
#
DISTNAME= racoon2-20100526a
-PKGREVISION= 9
+PKGREVISION= 10
CATEGORIES= security net
MASTER_SITES= ftp://ftp.racoon2.wide.ad.jp/pub/racoon2/
EXTRACT_SUFX= .tgz
diff -r efc86d1fd4c5 -r da3678a2d321 security/racoon2/distinfo
--- a/security/racoon2/distinfo Tue May 29 00:45:19 2018 +0000
+++ b/security/racoon2/distinfo Tue May 29 01:22:50 2018 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.5 2015/11/04 01:18:07 agc Exp $
+$NetBSD: distinfo,v 1.6 2018/05/29 01:22:50 christos Exp $
SHA1 (racoon2-20100526a.tgz) = 268429af8a031dbbc279580cf98ea18331f0e2d9
RMD160 (racoon2-20100526a.tgz) = 014cdcf78cc82ab21235a21491850cdcd1f883bf
@@ -9,7 +9,28 @@
SHA1 (patch-ac) = 081a2d3d694d4c20cf1fa2d9718577577280288e
SHA1 (patch-ad) = 0d04dc7027c100de6bc04db00eddb30a12fd8715
SHA1 (patch-ae) = 937cf84a2b6f1e8f8d288703a0556faf500bab95
+SHA1 (patch-iked_crypto__impl.h) = e6b274258eb7428cbd01cefc33ae85e001260542
+SHA1 (patch-iked_crypto__openssl.c) = 0a013e5aa5ce9747da61b8095440a16ee78de4e9
+SHA1 (patch-iked_ike__conf.c) = 82e09465e69b082abb12b3fead16eae8a7bc103b
+SHA1 (patch-iked_ikev1_ikev1.c) = ce9b22b2be12bc4cd5fa0e171cbd39c0d88d5406
+SHA1 (patch-iked_ikev1_ipsec__doi.c) = 3673d0643359eb8a68bbd867e941e1a1aae02b01
+SHA1 (patch-iked_ikev1_oakley.c) = 8823a898ec8190d177d3eda8d6c474040b08d2a1
+SHA1 (patch-iked_ikev1_pfkey.c) = 064df06b876504b611008a8a20b44266a83c5789
+SHA1 (patch-iked_ikev2.c) = 857805c92e3c78ec5f05a9068acbba03e91030b3
+SHA1 (patch-iked_ikev2__child.c) = f7f268f3e7666a3e23efd3b71c4474eeb9f8a046
+SHA1 (patch-iked_ikev2__notify.c) = 688d5b46451912b00dbf1500e7ff66f4290d7d8a
+SHA1 (patch-kinkd-crypto__openssl.c) = 4acd36a5462d3296a53966f85fb39e8888650d5a
+SHA1 (patch-kinkd-ipsec__doi.c) = f72d62de7dce9e02d4de77162926491fef3761d1
+SHA1 (patch-kinkd_bbkk__heimdal.c) = 55a4e8121df28272d2838376823bc85ec108d93f
+SHA1 (patch-kinkd_isakmp__quick.c) = 1b177838621336bfabf0416d9fc09d6e581b8c05
+SHA1 (patch-kinkd_session.c) = 6b2ec8329d0fda0b850116c21bda2a4d06634f0d
SHA1 (patch-lib_cfparse.y) = 9e0b8ec9c09c315edde171103b97a8c403ba748e
SHA1 (patch-lib_cfsetup.c) = 70c2409bc69ff85cef6d2e2b4e222e12537c323e
-SHA1 (patch-lib_cftoken.l) = 1cbae5bd9199e204d12d5a5216521a21e55a84dc
+SHA1 (patch-lib_cftoken.l) = cbda1153f7fd34713248d3d7d188a50b27d9ddcd
SHA1 (patch-lib_if__pfkeyv2.c) = 9eb969ff0f289bc7c4aa1fa234c221b4d70d1da7
+SHA1 (patch-lib_if__spmd.c) = 0b5e5412afb826f502c040153ca5b0e50ad3d682
+SHA1 (patch-spmd_fqdn__query.c) = d44af49981bfc503fe097a40a0448215ff2367d8
+SHA1 (patch-spmd_main.c) = 7ee34b1a5b18d938806f490abe2d8cdf25caa426
+SHA1 (patch-spmd_shell.c) = 37a52cb9062fd44e0d358c7ae1605481a3604f71
+SHA1 (patch-spmd_spmd__pfkey.c) = 2bf3e70f41a779989d63d7099b2e7031a7441a27
+SHA1 (patch-spmd_spmdctl.c) = 26cd17a8b9932bbc5af8aa5d476eb0a5fad8e323
diff -r efc86d1fd4c5 -r da3678a2d321 security/racoon2/patches/patch-iked_crypto__impl.h
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/security/racoon2/patches/patch-iked_crypto__impl.h Tue May 29 01:22:50 2018 +0000
@@ -0,0 +1,15 @@
+$NetBSD: patch-iked_crypto__impl.h,v 1.1 2018/05/29 01:22:50 christos Exp $
+
+Make unmodified argument const
+
+--- iked/crypto_impl.h 2010-02-01 05:30:51.000000000 -0500
++++ iked/crypto_impl.h 2018-05-28 16:44:16.016528535 -0400
+@@ -246,7 +246,7 @@
+ extern int eay_revbnl (rc_vchar_t *);
+ #include <openssl/bn.h>
+ extern int eay_v2bn (BIGNUM **, rc_vchar_t *);
+-extern int eay_bn2v (rc_vchar_t **, BIGNUM *);
++extern int eay_bn2v (rc_vchar_t **, const BIGNUM *);
+
+ extern const char *eay_version (void);
+
diff -r efc86d1fd4c5 -r da3678a2d321 security/racoon2/patches/patch-iked_crypto__openssl.c
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/security/racoon2/patches/patch-iked_crypto__openssl.c Tue May 29 01:22:50 2018 +0000
@@ -0,0 +1,714 @@
+$NetBSD: patch-iked_crypto__openssl.c,v 1.1 2018/05/29 01:22:50 christos Exp $
+
+Adjust for openssl-1.1
+
+--- iked/crypto_openssl.c 2010-02-01 05:30:51.000000000 -0500
++++ iked/crypto_openssl.c 2018-05-28 17:08:27.806906241 -0400
+@@ -324,16 +324,17 @@
+ {
+ char buf[256];
+ int log_tag;
++ int ctx_error, ctx_error_depth;
+
+ if (!ok) {
+- X509_NAME_oneline(X509_get_subject_name(ctx->current_cert),
+- buf, 256);
++ X509_NAME_oneline(X509_get_subject_name(
++ X509_STORE_CTX_get0_cert(ctx)), buf, 256);
+ /*
+ * since we are just checking the certificates, it is
+ * ok if they are self signed. But we should still warn
+ * the user.
+ */
+- switch (ctx->error) {
++ switch (ctx_error = X509_STORE_CTX_get_error(ctx)) {
+ case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
+ #if OPENSSL_VERSION_NUMBER >= 0x00905100L
+ case X509_V_ERR_INVALID_CA:
+@@ -347,16 +348,17 @@
+ default:
+ log_tag = PLOG_PROTOERR;
+ }
++ ctx_error_depth = X509_STORE_CTX_get_error_depth(ctx);
+ #ifndef EAYDEBUG
+ plog(log_tag, PLOGLOC, NULL,
+ "%s(%d) at depth:%d SubjectName:%s\n",
+- X509_verify_cert_error_string(ctx->error),
+- ctx->error, ctx->error_depth, buf);
++ X509_verify_cert_error_string(ctx_error),
++ ctx_error, ctx_error_depth, buf);
+ #else
+ printf("%d: %s(%d) at depth:%d SubjectName:%s\n",
+ log_tag,
+- X509_verify_cert_error_string(ctx->error),
+- ctx->error, ctx->error_depth, buf);
++ X509_verify_cert_error_string(ctx_error),
++ ctx_error, ctx_error_depth, buf);
+ #endif
+ }
+ ERR_clear_error();
+@@ -991,6 +993,7 @@
+ BPP_const unsigned char *bp;
+ rc_vchar_t *sig = NULL;
+ int len;
++ RSA *rsa;
+ int pad = RSA_PKCS1_PADDING;
+
+ bp = (unsigned char *)privkey->v;
+@@ -1002,14 +1005,15 @@
+ /* XXX: to be handled EVP_dss() */
+ /* XXX: Where can I get such parameters ? From my cert ? */
+
+- len = RSA_size(evp->pkey.rsa);
++ rsa = EVP_PKEY_get0_RSA(evp);
++ len = RSA_size(rsa);
+
+ sig = rc_vmalloc(len);
+ if (sig == NULL)
+ return NULL;
+
+ len = RSA_private_encrypt(src->l, (unsigned char *)src->v,
+- (unsigned char *)sig->v, evp->pkey.rsa, pad);
++ (unsigned char *)sig->v, rsa, pad);
+ EVP_PKEY_free(evp);
+ if (len == 0 || (size_t)len != sig->l) {
+ rc_vfree(sig);
+@@ -1028,6 +1032,7 @@
+ BPP_const unsigned char *bp;
+ rc_vchar_t *xbuf = NULL;
+ int pad = RSA_PKCS1_PADDING;
++ RSA *rsa;
+ int len = 0;
+ int error;
+
+@@ -1040,7 +1045,8 @@
+ return -1;
+ }
+
+- len = RSA_size(evp->pkey.rsa);
++ rsa = EVP_PKEY_get0_RSA(evp);
++ len = RSA_size(rsa);
+
+ xbuf = rc_vmalloc(len);
+ if (xbuf == NULL) {
+@@ -1053,7 +1059,7 @@
+ }
+
+ len = RSA_public_decrypt(sig->l, (unsigned char *)sig->v,
+- (unsigned char *)xbuf->v, evp->pkey.rsa, pad);
++ (unsigned char *)xbuf->v, rsa, pad);
+ #ifndef EAYDEBUG
+ if (len == 0 || (size_t)len != src->l)
+ plog(PLOG_PROTOERR, PLOGLOC, NULL, "%s\n", eay_strerror());
+@@ -1089,7 +1095,8 @@
+ rc_vchar_t *sig = 0;
+ unsigned int siglen;
+ const EVP_MD *md;
+- EVP_MD_CTX ctx;
++ EVP_MD_CTX *ctx = NULL;
++ RSA *rsa;
+
+ bp = (unsigned char *)privkey->v;
+ /* convert private key from vmbuf to internal data */
+@@ -1100,7 +1107,8 @@
+ goto fail;
+ }
+
+- len = RSA_size(pkey->pkey.rsa);
++ rsa = EVP_PKEY_get0_RSA(pkey);
++ len = RSA_size(rsa);
+ sig = rc_vmalloc(len);
+ if (sig == NULL) {
+ plog(PLOG_INTERR, PLOGLOC, NULL, "failed allocating memory\n");
+@@ -1114,27 +1122,33 @@
+ "failed to find digest algorithm %s\n", hash_type);
+ goto fail;
+ }
+- EVP_MD_CTX_init(&ctx);
+- EVP_SignInit(&ctx, md);
+- EVP_SignUpdate(&ctx, octets->v, octets->l);
+- if (EVP_SignFinal(&ctx, (unsigned char *)sig->v, &siglen, pkey) <= 0) {
++ ctx = EVP_MD_CTX_new();
++ if (!ctx) {
++ plog(PLOG_INTERR, PLOGLOC, NULL,
++ "failed to allocate context\n");
++ goto fail;
++ }
++ EVP_SignInit(ctx, md);
++ EVP_SignUpdate(ctx, octets->v, octets->l);
++ if (EVP_SignFinal(ctx, (unsigned char *)sig->v, &siglen, pkey) <= 0) {
+ plog(PLOG_INTERR, PLOGLOC, NULL,
+ "RSA_sign failed: %s\n", eay_strerror());
+- EVP_MD_CTX_cleanup(&ctx);
+ goto fail;
+ }
+- EVP_MD_CTX_cleanup(&ctx);
+ if (sig->l != siglen) {
+ plog(PLOG_INTERR, PLOGLOC, NULL,
+ "unexpected signature length %d\n", siglen);
+ goto fail;
+ }
++ EVP_MD_CTX_free(ctx);
+ EVP_PKEY_free(pkey);
+ return sig;
+
+ fail:
+ if (sig)
+ rc_vfree(sig);
++ if (ctx)
++ EVP_MD_CTX_free(ctx);
+ if (pkey)
+ EVP_PKEY_free(pkey);
+ return 0;
+@@ -1154,7 +1168,7 @@
+ EVP_PKEY *pkey;
+ BPP_const unsigned char *bp;
+ const EVP_MD *md;
+- EVP_MD_CTX ctx;
++ EVP_MD_CTX *ctx = NULL;
+
+ bp = (unsigned char *)pubkey->v;
+ pkey = d2i_PUBKEY(NULL, &bp, pubkey->l);
+@@ -1163,7 +1177,7 @@
+ "failed obtaining public key: %s\n", eay_strerror());
+ goto fail;
+ }
+- if (pkey->type != EVP_PKEY_RSA) {
++ if (EVP_PKEY_id(pkey) != EVP_PKEY_RSA) {
+ plog(PLOG_PROTOERR, PLOGLOC, NULL,
+ "public key is not for RSA\n");
+ goto fail;
+@@ -1175,23 +1189,29 @@
+ "failed to find the algorithm engine for %s\n", hash_type);
+ goto fail;
+ }
+- EVP_MD_CTX_init(&ctx);
+- EVP_VerifyInit(&ctx, md);
+- EVP_VerifyUpdate(&ctx, octets->v, octets->l);
+- if (EVP_VerifyFinal(&ctx, (unsigned char *)sig->v, sig->l, pkey) <= 0) {
++ ctx = EVP_MD_CTX_new();
++ if (!ctx) {
++ plog(PLOG_INTERR, PLOGLOC, NULL,
++ "failed to allocate context\n");
++ goto fail;
++ }
++ EVP_VerifyInit(ctx, md);
++ EVP_VerifyUpdate(ctx, octets->v, octets->l);
++ if (EVP_VerifyFinal(ctx, (unsigned char *)sig->v, sig->l, pkey) <= 0) {
+ plog(PLOG_PROTOERR, PLOGLOC, NULL,
+ "RSA_verify failed: %s\n", eay_strerror());
+- EVP_MD_CTX_cleanup(&ctx);
+ goto fail;
+ }
+- EVP_MD_CTX_cleanup(&ctx);
+
++ EVP_MD_CTX_free(ctx);
+ EVP_PKEY_free(pkey);
+ return 0;
+
+ fail:
+ if (pkey)
+ EVP_PKEY_free(pkey);
++ if (ctx)
++ EVP_MD_CTX_free(ctx);
+ return -1;
+ }
+
+@@ -1204,7 +1224,8 @@
+ EVP_PKEY *pkey;
+ BPP_const unsigned char *bp;
+ const EVP_MD *md;
+- EVP_MD_CTX ctx;
++ EVP_MD_CTX *ctx = NULL;
++ DSA *dsa;
+ int len;
Home |
Main Index |
Thread Index |
Old Index