pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/security/racoon2 Buck Rogers in the 25th century: make...



details:   https://anonhg.NetBSD.org/pkgsrc/rev/da3678a2d321
branches:  trunk
changeset: 381077:da3678a2d321
user:      christos <christos%pkgsrc.org@localhost>
date:      Tue May 29 01:22:50 2018 +0000

description:
Buck Rogers in the 25th century: make this compile again.

diffstat:

 security/racoon2/Makefile                              |    4 +-
 security/racoon2/distinfo                              |   25 +-
 security/racoon2/patches/patch-iked_crypto__impl.h     |   15 +
 security/racoon2/patches/patch-iked_crypto__openssl.c  |  714 +++++++++++++++++
 security/racoon2/patches/patch-iked_ike__conf.c        |   36 +
 security/racoon2/patches/patch-iked_ikev1_ikev1.c      |   24 +
 security/racoon2/patches/patch-iked_ikev1_ipsec__doi.c |   48 +
 security/racoon2/patches/patch-iked_ikev1_oakley.c     |   91 ++
 security/racoon2/patches/patch-iked_ikev1_pfkey.c      |   71 +
 security/racoon2/patches/patch-iked_ikev2.c            |   78 +
 security/racoon2/patches/patch-iked_ikev2__child.c     |   26 +
 security/racoon2/patches/patch-iked_ikev2__notify.c    |   24 +
 security/racoon2/patches/patch-kinkd-crypto__openssl.c |  117 ++
 security/racoon2/patches/patch-kinkd-ipsec__doi.c      |   34 +
 security/racoon2/patches/patch-kinkd_bbkk__heimdal.c   |  310 +++++++
 security/racoon2/patches/patch-kinkd_isakmp__quick.c   |   61 +
 security/racoon2/patches/patch-kinkd_session.c         |   15 +
 security/racoon2/patches/patch-lib_cftoken.l           |   18 +-
 security/racoon2/patches/patch-lib_if__spmd.c          |   68 +
 security/racoon2/patches/patch-spmd_fqdn__query.c      |   29 +
 security/racoon2/patches/patch-spmd_main.c             |   21 +
 security/racoon2/patches/patch-spmd_shell.c            |   61 +
 security/racoon2/patches/patch-spmd_spmd__pfkey.c      |   22 +
 security/racoon2/patches/patch-spmd_spmdctl.c          |  366 ++++++++
 24 files changed, 2265 insertions(+), 13 deletions(-)

diffs (truncated from 2405 to 300 lines):

diff -r efc86d1fd4c5 -r da3678a2d321 security/racoon2/Makefile
--- a/security/racoon2/Makefile Tue May 29 00:45:19 2018 +0000
+++ b/security/racoon2/Makefile Tue May 29 01:22:50 2018 +0000
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.11 2016/07/09 06:38:56 wiz Exp $
+# $NetBSD: Makefile,v 1.12 2018/05/29 01:22:50 christos Exp $
 #
 
 DISTNAME=              racoon2-20100526a
-PKGREVISION=           9
+PKGREVISION=           10
 CATEGORIES=            security net
 MASTER_SITES=          ftp://ftp.racoon2.wide.ad.jp/pub/racoon2/
 EXTRACT_SUFX=          .tgz
diff -r efc86d1fd4c5 -r da3678a2d321 security/racoon2/distinfo
--- a/security/racoon2/distinfo Tue May 29 00:45:19 2018 +0000
+++ b/security/racoon2/distinfo Tue May 29 01:22:50 2018 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.5 2015/11/04 01:18:07 agc Exp $
+$NetBSD: distinfo,v 1.6 2018/05/29 01:22:50 christos Exp $
 
 SHA1 (racoon2-20100526a.tgz) = 268429af8a031dbbc279580cf98ea18331f0e2d9
 RMD160 (racoon2-20100526a.tgz) = 014cdcf78cc82ab21235a21491850cdcd1f883bf
@@ -9,7 +9,28 @@
 SHA1 (patch-ac) = 081a2d3d694d4c20cf1fa2d9718577577280288e
 SHA1 (patch-ad) = 0d04dc7027c100de6bc04db00eddb30a12fd8715
 SHA1 (patch-ae) = 937cf84a2b6f1e8f8d288703a0556faf500bab95
+SHA1 (patch-iked_crypto__impl.h) = e6b274258eb7428cbd01cefc33ae85e001260542
+SHA1 (patch-iked_crypto__openssl.c) = 0a013e5aa5ce9747da61b8095440a16ee78de4e9
+SHA1 (patch-iked_ike__conf.c) = 82e09465e69b082abb12b3fead16eae8a7bc103b
+SHA1 (patch-iked_ikev1_ikev1.c) = ce9b22b2be12bc4cd5fa0e171cbd39c0d88d5406
+SHA1 (patch-iked_ikev1_ipsec__doi.c) = 3673d0643359eb8a68bbd867e941e1a1aae02b01
+SHA1 (patch-iked_ikev1_oakley.c) = 8823a898ec8190d177d3eda8d6c474040b08d2a1
+SHA1 (patch-iked_ikev1_pfkey.c) = 064df06b876504b611008a8a20b44266a83c5789
+SHA1 (patch-iked_ikev2.c) = 857805c92e3c78ec5f05a9068acbba03e91030b3
+SHA1 (patch-iked_ikev2__child.c) = f7f268f3e7666a3e23efd3b71c4474eeb9f8a046
+SHA1 (patch-iked_ikev2__notify.c) = 688d5b46451912b00dbf1500e7ff66f4290d7d8a
+SHA1 (patch-kinkd-crypto__openssl.c) = 4acd36a5462d3296a53966f85fb39e8888650d5a
+SHA1 (patch-kinkd-ipsec__doi.c) = f72d62de7dce9e02d4de77162926491fef3761d1
+SHA1 (patch-kinkd_bbkk__heimdal.c) = 55a4e8121df28272d2838376823bc85ec108d93f
+SHA1 (patch-kinkd_isakmp__quick.c) = 1b177838621336bfabf0416d9fc09d6e581b8c05
+SHA1 (patch-kinkd_session.c) = 6b2ec8329d0fda0b850116c21bda2a4d06634f0d
 SHA1 (patch-lib_cfparse.y) = 9e0b8ec9c09c315edde171103b97a8c403ba748e
 SHA1 (patch-lib_cfsetup.c) = 70c2409bc69ff85cef6d2e2b4e222e12537c323e
-SHA1 (patch-lib_cftoken.l) = 1cbae5bd9199e204d12d5a5216521a21e55a84dc
+SHA1 (patch-lib_cftoken.l) = cbda1153f7fd34713248d3d7d188a50b27d9ddcd
 SHA1 (patch-lib_if__pfkeyv2.c) = 9eb969ff0f289bc7c4aa1fa234c221b4d70d1da7
+SHA1 (patch-lib_if__spmd.c) = 0b5e5412afb826f502c040153ca5b0e50ad3d682
+SHA1 (patch-spmd_fqdn__query.c) = d44af49981bfc503fe097a40a0448215ff2367d8
+SHA1 (patch-spmd_main.c) = 7ee34b1a5b18d938806f490abe2d8cdf25caa426
+SHA1 (patch-spmd_shell.c) = 37a52cb9062fd44e0d358c7ae1605481a3604f71
+SHA1 (patch-spmd_spmd__pfkey.c) = 2bf3e70f41a779989d63d7099b2e7031a7441a27
+SHA1 (patch-spmd_spmdctl.c) = 26cd17a8b9932bbc5af8aa5d476eb0a5fad8e323
diff -r efc86d1fd4c5 -r da3678a2d321 security/racoon2/patches/patch-iked_crypto__impl.h
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/security/racoon2/patches/patch-iked_crypto__impl.h        Tue May 29 01:22:50 2018 +0000
@@ -0,0 +1,15 @@
+$NetBSD: patch-iked_crypto__impl.h,v 1.1 2018/05/29 01:22:50 christos Exp $
+
+Make unmodified argument const
+
+--- iked/crypto_impl.h 2010-02-01 05:30:51.000000000 -0500
++++ iked/crypto_impl.h 2018-05-28 16:44:16.016528535 -0400
+@@ -246,7 +246,7 @@
+ extern int eay_revbnl (rc_vchar_t *);
+ #include <openssl/bn.h>
+ extern int eay_v2bn (BIGNUM **, rc_vchar_t *);
+-extern int eay_bn2v (rc_vchar_t **, BIGNUM *);
++extern int eay_bn2v (rc_vchar_t **, const BIGNUM *);
+ 
+ extern const char *eay_version (void);
+ 
diff -r efc86d1fd4c5 -r da3678a2d321 security/racoon2/patches/patch-iked_crypto__openssl.c
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/security/racoon2/patches/patch-iked_crypto__openssl.c     Tue May 29 01:22:50 2018 +0000
@@ -0,0 +1,714 @@
+$NetBSD: patch-iked_crypto__openssl.c,v 1.1 2018/05/29 01:22:50 christos Exp $
+
+Adjust for openssl-1.1
+
+--- iked/crypto_openssl.c      2010-02-01 05:30:51.000000000 -0500
++++ iked/crypto_openssl.c      2018-05-28 17:08:27.806906241 -0400
+@@ -324,16 +324,17 @@
+ {
+       char buf[256];
+       int log_tag;
++      int ctx_error, ctx_error_depth;
+ 
+       if (!ok) {
+-              X509_NAME_oneline(X509_get_subject_name(ctx->current_cert),
+-                                buf, 256);
++              X509_NAME_oneline(X509_get_subject_name(
++                  X509_STORE_CTX_get0_cert(ctx)), buf, 256);
+               /*
+                * since we are just checking the certificates, it is
+                * ok if they are self signed. But we should still warn
+                * the user.
+                */
+-              switch (ctx->error) {
++              switch (ctx_error = X509_STORE_CTX_get_error(ctx)) {
+               case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
+ #if OPENSSL_VERSION_NUMBER >= 0x00905100L
+               case X509_V_ERR_INVALID_CA:
+@@ -347,16 +348,17 @@
+               default:
+                       log_tag = PLOG_PROTOERR;
+               }
++              ctx_error_depth = X509_STORE_CTX_get_error_depth(ctx);
+ #ifndef EAYDEBUG
+               plog(log_tag, PLOGLOC, NULL,
+                    "%s(%d) at depth:%d SubjectName:%s\n",
+-                   X509_verify_cert_error_string(ctx->error),
+-                   ctx->error, ctx->error_depth, buf);
++                   X509_verify_cert_error_string(ctx_error),
++                   ctx_error, ctx_error_depth, buf);
+ #else
+               printf("%d: %s(%d) at depth:%d SubjectName:%s\n",
+                      log_tag,
+-                     X509_verify_cert_error_string(ctx->error),
+-                     ctx->error, ctx->error_depth, buf);
++                     X509_verify_cert_error_string(ctx_error),
++                     ctx_error, ctx_error_depth, buf);
+ #endif
+       }
+       ERR_clear_error();
+@@ -991,6 +993,7 @@
+       BPP_const unsigned char *bp;
+       rc_vchar_t *sig = NULL;
+       int len;
++      RSA *rsa;
+       int pad = RSA_PKCS1_PADDING;
+ 
+       bp = (unsigned char *)privkey->v;
+@@ -1002,14 +1005,15 @@
+       /* XXX: to be handled EVP_dss() */
+       /* XXX: Where can I get such parameters ?  From my cert ? */
+ 
+-      len = RSA_size(evp->pkey.rsa);
++      rsa = EVP_PKEY_get0_RSA(evp);
++      len = RSA_size(rsa);
+ 
+       sig = rc_vmalloc(len);
+       if (sig == NULL)
+               return NULL;
+ 
+       len = RSA_private_encrypt(src->l, (unsigned char *)src->v,
+-                                (unsigned char *)sig->v, evp->pkey.rsa, pad);
++                                (unsigned char *)sig->v, rsa, pad);
+       EVP_PKEY_free(evp);
+       if (len == 0 || (size_t)len != sig->l) {
+               rc_vfree(sig);
+@@ -1028,6 +1032,7 @@
+       BPP_const unsigned char *bp;
+       rc_vchar_t *xbuf = NULL;
+       int pad = RSA_PKCS1_PADDING;
++      RSA *rsa;
+       int len = 0;
+       int error;
+ 
+@@ -1040,7 +1045,8 @@
+               return -1;
+       }
+ 
+-      len = RSA_size(evp->pkey.rsa);
++      rsa = EVP_PKEY_get0_RSA(evp);
++      len = RSA_size(rsa);
+ 
+       xbuf = rc_vmalloc(len);
+       if (xbuf == NULL) {
+@@ -1053,7 +1059,7 @@
+       }
+ 
+       len = RSA_public_decrypt(sig->l, (unsigned char *)sig->v,
+-                               (unsigned char *)xbuf->v, evp->pkey.rsa, pad);
++                               (unsigned char *)xbuf->v, rsa, pad);
+ #ifndef EAYDEBUG
+       if (len == 0 || (size_t)len != src->l)
+               plog(PLOG_PROTOERR, PLOGLOC, NULL, "%s\n", eay_strerror());
+@@ -1089,7 +1095,8 @@
+       rc_vchar_t *sig = 0;
+       unsigned int siglen;
+       const EVP_MD *md;
+-      EVP_MD_CTX ctx;
++      EVP_MD_CTX *ctx = NULL;
++      RSA *rsa;
+ 
+       bp = (unsigned char *)privkey->v;
+       /* convert private key from vmbuf to internal data */
+@@ -1100,7 +1107,8 @@
+               goto fail;
+       }
+ 
+-      len = RSA_size(pkey->pkey.rsa);
++      rsa = EVP_PKEY_get0_RSA(pkey);
++      len = RSA_size(rsa);
+       sig = rc_vmalloc(len);
+       if (sig == NULL) {
+               plog(PLOG_INTERR, PLOGLOC, NULL, "failed allocating memory\n");
+@@ -1114,27 +1122,33 @@
+                    "failed to find digest algorithm %s\n", hash_type);
+               goto fail;
+       }
+-      EVP_MD_CTX_init(&ctx);
+-      EVP_SignInit(&ctx, md);
+-      EVP_SignUpdate(&ctx, octets->v, octets->l);
+-      if (EVP_SignFinal(&ctx, (unsigned char *)sig->v, &siglen, pkey) <= 0) {
++      ctx = EVP_MD_CTX_new();
++      if (!ctx) {
++              plog(PLOG_INTERR, PLOGLOC, NULL,
++                   "failed to allocate context\n");
++              goto fail;
++      }
++      EVP_SignInit(ctx, md);
++      EVP_SignUpdate(ctx, octets->v, octets->l);
++      if (EVP_SignFinal(ctx, (unsigned char *)sig->v, &siglen, pkey) <= 0) {
+               plog(PLOG_INTERR, PLOGLOC, NULL,
+                    "RSA_sign failed: %s\n", eay_strerror());
+-              EVP_MD_CTX_cleanup(&ctx);
+               goto fail;
+       }
+-      EVP_MD_CTX_cleanup(&ctx);
+       if (sig->l != siglen) {
+               plog(PLOG_INTERR, PLOGLOC, NULL,
+                    "unexpected signature length %d\n", siglen);
+               goto fail;
+       }
++      EVP_MD_CTX_free(ctx);
+       EVP_PKEY_free(pkey);
+       return sig;
+ 
+       fail:
+       if (sig)
+               rc_vfree(sig);
++      if (ctx)
++              EVP_MD_CTX_free(ctx);
+       if (pkey)
+               EVP_PKEY_free(pkey);
+       return 0;
+@@ -1154,7 +1168,7 @@
+       EVP_PKEY *pkey;
+       BPP_const unsigned char *bp;
+       const EVP_MD *md;
+-      EVP_MD_CTX ctx;
++      EVP_MD_CTX *ctx = NULL;
+ 
+       bp = (unsigned char *)pubkey->v;
+       pkey = d2i_PUBKEY(NULL, &bp, pubkey->l);
+@@ -1163,7 +1177,7 @@
+                    "failed obtaining public key: %s\n", eay_strerror());
+               goto fail;
+       }
+-      if (pkey->type != EVP_PKEY_RSA) {
++      if (EVP_PKEY_id(pkey) != EVP_PKEY_RSA) {
+               plog(PLOG_PROTOERR, PLOGLOC, NULL,
+                    "public key is not for RSA\n");
+               goto fail;
+@@ -1175,23 +1189,29 @@
+                    "failed to find the algorithm engine for %s\n", hash_type);
+               goto fail;
+       }
+-      EVP_MD_CTX_init(&ctx);
+-      EVP_VerifyInit(&ctx, md);
+-      EVP_VerifyUpdate(&ctx, octets->v, octets->l);
+-      if (EVP_VerifyFinal(&ctx, (unsigned char *)sig->v, sig->l, pkey) <= 0) {
++      ctx = EVP_MD_CTX_new();
++      if (!ctx) {
++              plog(PLOG_INTERR, PLOGLOC, NULL,
++                   "failed to allocate context\n");
++              goto fail;
++      }
++      EVP_VerifyInit(ctx, md);
++      EVP_VerifyUpdate(ctx, octets->v, octets->l);
++      if (EVP_VerifyFinal(ctx, (unsigned char *)sig->v, sig->l, pkey) <= 0) {
+               plog(PLOG_PROTOERR, PLOGLOC, NULL,
+                    "RSA_verify failed: %s\n", eay_strerror());
+-              EVP_MD_CTX_cleanup(&ctx);
+               goto fail;
+       }
+-      EVP_MD_CTX_cleanup(&ctx);
+ 
++      EVP_MD_CTX_free(ctx);
+       EVP_PKEY_free(pkey);
+       return 0;
+ 
+       fail:
+       if (pkey)
+               EVP_PKEY_free(pkey);
++      if (ctx)
++              EVP_MD_CTX_free(ctx);
+       return -1;
+ }
+ 
+@@ -1204,7 +1224,8 @@
+       EVP_PKEY *pkey;
+       BPP_const unsigned char *bp;
+       const EVP_MD *md;
+-      EVP_MD_CTX ctx;
++      EVP_MD_CTX *ctx = NULL;
++      DSA *dsa;
+       int len;



Home | Main Index | Thread Index | Old Index