svn commit: r568724 - in head/security/ike: . files
Alexey Dokuchaev
danfe at FreeBSD.org
Thu Mar 18 08:49:44 UTC 2021
Author: danfe
Date: Thu Mar 18 08:49:41 2021
New Revision: 568724
URL: https://svnweb.freebsd.org/changeset/ports/568724
Log:
- Unbreak the build against modern OpenSSL versions
- Remove useless line from the port description
Added:
head/security/ike/files/patch-source_iked_crypto.cpp (contents, props changed)
head/security/ike/files/patch-source_iked_ike.cpp (contents, props changed)
head/security/ike/files/patch-source_iked_ike.exch.config.cpp (contents, props changed)
head/security/ike/files/patch-source_iked_ike.exch.inform.cpp (contents, props changed)
head/security/ike/files/patch-source_iked_ike.exch.phase1.cpp (contents, props changed)
head/security/ike/files/patch-source_iked_ike.exch.phase2.cpp (contents, props changed)
head/security/ike/files/patch-source_iked_ike.idb.exch.cpp (contents, props changed)
head/security/ike/files/patch-source_iked_ike.idb.phase1.cpp (contents, props changed)
head/security/ike/files/patch-source_iked_ike.idb.phase2.cpp (contents, props changed)
head/security/ike/files/patch-source_iked_ike.keyfile.cpp (contents, props changed)
head/security/ike/files/patch-source_libike_manager.file.cpp (contents, props changed)
Modified:
head/security/ike/Makefile
head/security/ike/pkg-descr
Modified: head/security/ike/Makefile
==============================================================================
--- head/security/ike/Makefile Thu Mar 18 08:28:55 2021 (r568723)
+++ head/security/ike/Makefile Thu Mar 18 08:49:41 2021 (r568724)
@@ -36,13 +36,6 @@ LDAP_USE= OPENLDAP=yes
LDAP_CMAKE_ON= -DLDAP=YES
NATT_CMAKE_ON= -DNATT=YES
-.include <bsd.port.pre.mk>
-
-.if ${SSL_DEFAULT} == base
-BROKEN_FreeBSD_12= variable has incomplete type 'EVP_CIPHER_CTX' (aka 'evp_cipher_ctx_st')
-BROKEN_FreeBSD_13= variable has incomplete type 'EVP_CIPHER_CTX' (aka 'evp_cipher_ctx_st')
-.endif
-
post-install:
@if ! ${SYSCTL} -a | ${GREP} -q ipsec; then \
${ECHO_MSG} "===> -------------------------------------------------------------------------"; \
@@ -58,4 +51,6 @@ post-install-NATT-on:
@${ECHO_MSG} "===> options IPSEC_NAT_T"
@${ECHO_MSG} "===> -------------------------------------------------------------------------"
-.include <bsd.port.post.mk>
+.include <bsd.port.mk>
+
+PATCH_ARGS+= -l
Added: head/security/ike/files/patch-source_iked_crypto.cpp
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/security/ike/files/patch-source_iked_crypto.cpp Thu Mar 18 08:49:41 2021 (r568724)
@@ -0,0 +1,100 @@
+--- source/iked/crypto.cpp.orig 2012-12-11 06:56:33 UTC
++++ source/iked/crypto.cpp
+@@ -376,10 +376,6 @@ bool dh_init( long group, DH ** dh_data, long * dh_siz
+ if( dh == NULL )
+ return false;
+
+- dh->p = NULL;
+- dh->g = NULL;
+- dh->length = 0;
+-
+ //
+ // set p ( prime ) value
+ //
+@@ -387,49 +383,50 @@ bool dh_init( long group, DH ** dh_data, long * dh_siz
+ unsigned char * p_data = NULL;
+ size_t p_size = 0;
+
+- dh->p = BN_new();
+- if( dh->p == NULL )
++ BIGNUM *p = BN_new();
++ BIGNUM *g = BN_new();
++ if( p == NULL || g == NULL )
+ goto dh_failed;
+
+ switch( group )
+ {
+ case 1:
+- if( !BN_bin2bn( group1, sizeof( group1 ), dh->p ) )
++ if( !BN_bin2bn( group1, sizeof( group1 ), p ) )
+ goto dh_failed;
+ break;
+
+ case 2:
+- if( !BN_bin2bn( group2, sizeof( group2 ), dh->p ) )
++ if( !BN_bin2bn( group2, sizeof( group2 ), p ) )
+ goto dh_failed;
+ break;
+
+ case 5:
+- if( !BN_bin2bn( group5, sizeof( group5 ), dh->p ) )
++ if( !BN_bin2bn( group5, sizeof( group5 ), p ) )
+ goto dh_failed;
+ break;
+
+ case 14:
+- if( !BN_bin2bn( group14, sizeof( group14 ), dh->p ) )
++ if( !BN_bin2bn( group14, sizeof( group14 ), p ) )
+ goto dh_failed;
+ break;
+
+ case 15:
+- if( !BN_bin2bn( group15, sizeof( group15 ), dh->p ) )
++ if( !BN_bin2bn( group15, sizeof( group15 ), p ) )
+ goto dh_failed;
+ break;
+
+ case 16:
+- if( !BN_bin2bn( group16, sizeof( group16 ), dh->p ) )
++ if( !BN_bin2bn( group16, sizeof( group16 ), p ) )
+ goto dh_failed;
+ break;
+
+ case 17:
+- if( !BN_bin2bn( group17, sizeof( group17 ), dh->p ) )
++ if( !BN_bin2bn( group17, sizeof( group17 ), p ) )
+ goto dh_failed;
+ break;
+
+ case 18:
+- if( !BN_bin2bn( group18, sizeof( group18 ), dh->p ) )
++ if( !BN_bin2bn( group18, sizeof( group18 ), p ) )
+ goto dh_failed;
+ break;
+
+@@ -441,13 +438,11 @@ bool dh_init( long group, DH ** dh_data, long * dh_siz
+ // set g ( generator ) value
+ //
+
+- dh->g = BN_new();
+- if( dh->g == NULL )
++ if( !BN_set_word( g, 2 ) )
+ goto dh_failed;
+
+- if( !BN_set_word( dh->g, 2 ) )
+- goto dh_failed;
+-
++ DH_set0_pqg(dh, p, NULL, g);
++
+ //
+ // generate private and public DH values
+ //
+@@ -456,7 +451,7 @@ bool dh_init( long group, DH ** dh_data, long * dh_siz
+ goto dh_failed;
+
+ *dh_data = dh;
+- *dh_size = BN_num_bytes( dh->p );
++ *dh_size = BN_num_bytes( DH_get0_p( dh ) );
+
+ return true;
+
Added: head/security/ike/files/patch-source_iked_ike.cpp
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/security/ike/files/patch-source_iked_ike.cpp Thu Mar 18 08:49:41 2021 (r568724)
@@ -0,0 +1,90 @@
+--- source/iked/ike.cpp.orig 2009-02-12 02:35:43 UTC
++++ source/iked/ike.cpp
+@@ -391,11 +391,11 @@ long _IKED::packet_ike_decrypt( IDB_PH1 * sa, PACKET_I
+ // init cipher key and iv
+ //
+
+- EVP_CIPHER_CTX ctx_cipher;
+- EVP_CIPHER_CTX_init( &ctx_cipher );
++ EVP_CIPHER_CTX *ctx_cipher;
++ ctx_cipher = EVP_CIPHER_CTX_new();
+
+ EVP_CipherInit_ex(
+- &ctx_cipher,
++ ctx_cipher,
+ sa->evp_cipher,
+ NULL,
+ NULL,
+@@ -403,11 +403,11 @@ long _IKED::packet_ike_decrypt( IDB_PH1 * sa, PACKET_I
+ 0 );
+
+ EVP_CIPHER_CTX_set_key_length(
+- &ctx_cipher,
++ ctx_cipher,
+ ( int ) sa->key.size() );
+
+ EVP_CipherInit_ex(
+- &ctx_cipher,
++ ctx_cipher,
+ NULL,
+ NULL,
+ sa->key.buff(),
+@@ -419,12 +419,12 @@ long _IKED::packet_ike_decrypt( IDB_PH1 * sa, PACKET_I
+ //
+
+ EVP_Cipher(
+- &ctx_cipher,
++ ctx_cipher,
+ data + sizeof( IKE_HEADER ),
+ data + sizeof( IKE_HEADER ),
+ ( int ) size - sizeof( IKE_HEADER ) );
+
+- EVP_CIPHER_CTX_cleanup( &ctx_cipher );
++ EVP_CIPHER_CTX_free( ctx_cipher );
+
+ log.bin(
+ LLOG_DEBUG,
+@@ -595,11 +595,11 @@ long _IKED::packet_ike_encrypt( IDB_PH1 * sa, PACKET_I
+ // encrypt all but header
+ //
+
+- EVP_CIPHER_CTX ctx_cipher;
+- EVP_CIPHER_CTX_init( &ctx_cipher );
++ EVP_CIPHER_CTX *ctx_cipher;
++ ctx_cipher = EVP_CIPHER_CTX_new();
+
+ EVP_CipherInit_ex(
+- &ctx_cipher,
++ ctx_cipher,
+ sa->evp_cipher,
+ NULL,
+ NULL,
+@@ -607,11 +607,11 @@ long _IKED::packet_ike_encrypt( IDB_PH1 * sa, PACKET_I
+ 1 );
+
+ EVP_CIPHER_CTX_set_key_length(
+- &ctx_cipher,
++ ctx_cipher,
+ ( int ) sa->key.size() );
+
+ EVP_CipherInit_ex(
+- &ctx_cipher,
++ ctx_cipher,
+ NULL,
+ NULL,
+ sa->key.buff(),
+@@ -619,12 +619,12 @@ long _IKED::packet_ike_encrypt( IDB_PH1 * sa, PACKET_I
+ 1 );
+
+ EVP_Cipher(
+- &ctx_cipher,
++ ctx_cipher,
+ data + sizeof( IKE_HEADER ),
+ data + sizeof( IKE_HEADER ),
+ ( int ) size - sizeof( IKE_HEADER ) );
+
+- EVP_CIPHER_CTX_cleanup( &ctx_cipher );
++ EVP_CIPHER_CTX_free( ctx_cipher );
+
+ //
+ // store cipher iv data
Added: head/security/ike/files/patch-source_iked_ike.exch.config.cpp
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/security/ike/files/patch-source_iked_ike.exch.config.cpp Thu Mar 18 08:49:41 2021 (r568724)
@@ -0,0 +1,48 @@
+--- source/iked/ike.exch.config.cpp.orig 2013-04-07 16:28:06 UTC
++++ source/iked/ike.exch.config.cpp
+@@ -2481,15 +2481,15 @@ long _IKED::config_chk_hash( IDB_PH1 * ph1, IDB_CFG *
+ BDATA hash_c;
+ hash_c.size( ph1->hash_size );
+
+- HMAC_CTX ctx_prf;
+- HMAC_CTX_init( &ctx_prf );
++ HMAC_CTX *ctx_prf;
++ ctx_prf = HMAC_CTX_new();
+
+- HMAC_Init_ex( &ctx_prf, ph1->skeyid_a.buff(), ( int ) ph1->skeyid_a.size(), ph1->evp_hash, NULL );
+- HMAC_Update( &ctx_prf, ( unsigned char * ) &msgid, 4 );
+- HMAC_Update( &ctx_prf, cfg->hda.buff(), cfg->hda.size() );
+- HMAC_Final( &ctx_prf, hash_c.buff(), NULL );
++ HMAC_Init_ex( ctx_prf, ph1->skeyid_a.buff(), ( int ) ph1->skeyid_a.size(), ph1->evp_hash, NULL );
++ HMAC_Update( ctx_prf, ( unsigned char * ) &msgid, 4 );
++ HMAC_Update( ctx_prf, cfg->hda.buff(), cfg->hda.size() );
++ HMAC_Final( ctx_prf, hash_c.buff(), NULL );
+
+- HMAC_CTX_cleanup( &ctx_prf );
++ HMAC_CTX_free( ctx_prf );
+
+ log.bin(
+ LLOG_DEBUG,
+@@ -2543,15 +2543,15 @@ long _IKED::config_message_send( IDB_PH1 * ph1, IDB_CF
+ // create message authentication hash
+ //
+
+- HMAC_CTX ctx_prf;
+- HMAC_CTX_init( &ctx_prf );
++ HMAC_CTX *ctx_prf;
++ ctx_prf = HMAC_CTX_new();
+
+- HMAC_Init_ex( &ctx_prf, ph1->skeyid_a.buff(), ( int ) ph1->skeyid_a.size(), ph1->evp_hash, NULL );
+- HMAC_Update( &ctx_prf, ( unsigned char * ) &cfg->msgid, sizeof( cfg->msgid ) );
+- HMAC_Update( &ctx_prf, packet.buff() + beg, end - beg );
+- HMAC_Final( &ctx_prf, hash.buff(), 0 );
++ HMAC_Init_ex( ctx_prf, ph1->skeyid_a.buff(), ( int ) ph1->skeyid_a.size(), ph1->evp_hash, NULL );
++ HMAC_Update( ctx_prf, ( unsigned char * ) &cfg->msgid, sizeof( cfg->msgid ) );
++ HMAC_Update( ctx_prf, packet.buff() + beg, end - beg );
++ HMAC_Final( ctx_prf, hash.buff(), 0 );
+
+- HMAC_CTX_cleanup( &ctx_prf );
++ HMAC_CTX_free( ctx_prf );
+
+ memcpy( packet.buff() + off + 4, hash.buff(), hash.size() );
+
Added: head/security/ike/files/patch-source_iked_ike.exch.inform.cpp
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/security/ike/files/patch-source_iked_ike.exch.inform.cpp Thu Mar 18 08:49:41 2021 (r568724)
@@ -0,0 +1,48 @@
+--- source/iked/ike.exch.inform.cpp.orig 2010-12-02 16:06:10 UTC
++++ source/iked/ike.exch.inform.cpp
+@@ -399,15 +399,15 @@ long _IKED::inform_chk_hash( IDB_PH1 * ph1, IDB_XCH *
+ BDATA hash_c;
+ hash_c.size( ph1->hash_size );
+
+- HMAC_CTX ctx_prf;
+- HMAC_CTX_init( &ctx_prf );
++ HMAC_CTX *ctx_prf;
++ ctx_prf = HMAC_CTX_new();
+
+- HMAC_Init_ex( &ctx_prf, ph1->skeyid_a.buff(), ( int ) ph1->skeyid_a.size(), ph1->evp_hash, NULL );
+- HMAC_Update( &ctx_prf, ( unsigned char * ) &inform->msgid, 4 );
+- HMAC_Update( &ctx_prf, inform->hda.buff(), inform->hda.size() );
+- HMAC_Final( &ctx_prf, hash_c.buff(), NULL );
++ HMAC_Init_ex( ctx_prf, ph1->skeyid_a.buff(), ( int ) ph1->skeyid_a.size(), ph1->evp_hash, NULL );
++ HMAC_Update( ctx_prf, ( unsigned char * ) &inform->msgid, 4 );
++ HMAC_Update( ctx_prf, inform->hda.buff(), inform->hda.size() );
++ HMAC_Final( ctx_prf, hash_c.buff(), NULL );
+
+- HMAC_CTX_cleanup( &ctx_prf );
++ HMAC_CTX_free( ctx_prf );
+
+ log.bin(
+ LLOG_DEBUG,
+@@ -439,15 +439,15 @@ long _IKED::inform_gen_hash( IDB_PH1 * ph1, IDB_XCH *
+ {
+ inform->hash_l.size( ph1->hash_size );
+
+- HMAC_CTX ctx_prf;
+- HMAC_CTX_init( &ctx_prf );
++ HMAC_CTX *ctx_prf;
++ ctx_prf = HMAC_CTX_new();
+
+- HMAC_Init_ex( &ctx_prf, ph1->skeyid_a.buff(), ( int ) ph1->skeyid_a.size(), ph1->evp_hash, NULL );
+- HMAC_Update( &ctx_prf, ( unsigned char * ) &inform->msgid, sizeof( inform->msgid ) );
+- HMAC_Update( &ctx_prf, inform->hda.buff(), inform->hda.size() );
+- HMAC_Final( &ctx_prf, inform->hash_l.buff(), 0 );
++ HMAC_Init_ex( ctx_prf, ph1->skeyid_a.buff(), ( int ) ph1->skeyid_a.size(), ph1->evp_hash, NULL );
++ HMAC_Update( ctx_prf, ( unsigned char * ) &inform->msgid, sizeof( inform->msgid ) );
++ HMAC_Update( ctx_prf, inform->hda.buff(), inform->hda.size() );
++ HMAC_Final( ctx_prf, inform->hash_l.buff(), 0 );
+
+- HMAC_CTX_cleanup( &ctx_prf );
++ HMAC_CTX_free( ctx_prf );
+
+ log.bin(
+ LLOG_DEBUG,
Added: head/security/ike/files/patch-source_iked_ike.exch.phase1.cpp
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/security/ike/files/patch-source_iked_ike.exch.phase1.cpp Thu Mar 18 08:49:41 2021 (r568724)
@@ -0,0 +1,347 @@
+--- source/iked/ike.exch.phase1.cpp.orig 2012-02-08 05:09:35 UTC
++++ source/iked/ike.exch.phase1.cpp
+@@ -1044,14 +1044,14 @@ long _IKED::process_phase1_send( IDB_PH1 * ph1 )
+ BDATA psk_hash;
+ psk_hash.size( ph1->hash_size );
+
+- HMAC_CTX ctx_prf;
+- HMAC_CTX_init( &ctx_prf );
++ HMAC_CTX *ctx_prf;
++ ctx_prf = HMAC_CTX_new();
+
+- HMAC_Init_ex( &ctx_prf, ph1->skeyid.buff(), ( int ) ph1->skeyid.size(), ph1->evp_hash, NULL );
+- HMAC_Update( &ctx_prf, ph1->tunnel->peer->psk.buff(), ph1->tunnel->peer->psk.size() );
+- HMAC_Final( &ctx_prf, psk_hash.buff(), NULL );
++ HMAC_Init_ex( ctx_prf, ph1->skeyid.buff(), ( int ) ph1->skeyid.size(), ph1->evp_hash, NULL );
++ HMAC_Update( ctx_prf, ph1->tunnel->peer->psk.buff(), ph1->tunnel->peer->psk.size() );
++ HMAC_Final( ctx_prf, psk_hash.buff(), NULL );
+
+- HMAC_CTX_cleanup( &ctx_prf );
++ HMAC_CTX_free( ctx_prf );
+
+ //
+ // add the notification payload
+@@ -1557,7 +1557,7 @@ long _IKED::phase1_gen_keys( IDB_PH1 * ph1 )
+ {
+ BDATA prv;
+ prv.size( ph1->dh_size );
+- BN_bn2bin( ph1->dh->priv_key, prv.buff() );
++ BN_bn2bin( DH_get0_priv_key( ph1->dh ), prv.buff() );
+
+ log.bin(
+ LLOG_DECODE,
+@@ -1656,25 +1656,25 @@ long _IKED::phase1_gen_keys( IDB_PH1 * ph1 )
+ case XAUTH_AUTH_INIT_PSK:
+ case XAUTH_AUTH_RESP_PSK:
+ {
+- HMAC_CTX ctx_prf;
+- HMAC_CTX_init( &ctx_prf );
++ HMAC_CTX *ctx_prf;
++ ctx_prf = HMAC_CTX_new();
+
+- HMAC_Init_ex( &ctx_prf, ph1->tunnel->peer->psk.buff(), ( int ) ph1->tunnel->peer->psk.size(), ph1->evp_hash, NULL );
++ HMAC_Init_ex( ctx_prf, ph1->tunnel->peer->psk.buff(), ( int ) ph1->tunnel->peer->psk.size(), ph1->evp_hash, NULL );
+
+ if( ph1->initiator )
+ {
+- HMAC_Update( &ctx_prf, ph1->nonce_l.buff(), ph1->nonce_l.size() );
+- HMAC_Update( &ctx_prf, ph1->nonce_r.buff(), ph1->nonce_r.size() );
++ HMAC_Update( ctx_prf, ph1->nonce_l.buff(), ph1->nonce_l.size() );
++ HMAC_Update( ctx_prf, ph1->nonce_r.buff(), ph1->nonce_r.size() );
+ }
+ else
+ {
+- HMAC_Update( &ctx_prf, ph1->nonce_r.buff(), ph1->nonce_r.size() );
+- HMAC_Update( &ctx_prf, ph1->nonce_l.buff(), ph1->nonce_l.size() );
++ HMAC_Update( ctx_prf, ph1->nonce_r.buff(), ph1->nonce_r.size() );
++ HMAC_Update( ctx_prf, ph1->nonce_l.buff(), ph1->nonce_l.size() );
+ }
+
+- HMAC_Final( &ctx_prf, skeyid_data, NULL );
++ HMAC_Final( ctx_prf, skeyid_data, NULL );
+
+- HMAC_CTX_cleanup( &ctx_prf );
++ HMAC_CTX_free( ctx_prf );
+
+ break;
+ }
+@@ -1704,14 +1704,14 @@ long _IKED::phase1_gen_keys( IDB_PH1 * ph1 )
+ nonce.add( ph1->nonce_l );
+ }
+
+- HMAC_CTX ctx_prf;
+- HMAC_CTX_init( &ctx_prf );
++ HMAC_CTX *ctx_prf;
++ ctx_prf = HMAC_CTX_new();
+
+- HMAC_Init_ex( &ctx_prf, nonce.buff(), ( int ) nonce.size(), ph1->evp_hash, NULL );
+- HMAC_Update( &ctx_prf, shared.buff(), shared.size() );
+- HMAC_Final( &ctx_prf, skeyid_data, NULL );
++ HMAC_Init_ex( ctx_prf, nonce.buff(), ( int ) nonce.size(), ph1->evp_hash, NULL );
++ HMAC_Update( ctx_prf, shared.buff(), shared.size() );
++ HMAC_Final( ctx_prf, skeyid_data, NULL );
+
+- HMAC_CTX_cleanup( &ctx_prf );
++ HMAC_CTX_free( ctx_prf );
+
+ break;
+ }
+@@ -1730,15 +1730,15 @@ long _IKED::phase1_gen_keys( IDB_PH1 * ph1 )
+ // compute SKEYID_d
+ //
+
+- HMAC_CTX ctx_prf;
+- HMAC_CTX_init( &ctx_prf );
++ HMAC_CTX *ctx_prf;
++ ctx_prf = HMAC_CTX_new();
+
+- HMAC_Init_ex( &ctx_prf, ph1->skeyid.buff(), ( int ) ph1->skeyid.size(), ph1->evp_hash, NULL );
+- HMAC_Update( &ctx_prf, shared.buff(), shared.size() );
+- HMAC_Update( &ctx_prf, ph1->cookies.i, ISAKMP_COOKIE_SIZE );
+- HMAC_Update( &ctx_prf, ph1->cookies.r, ISAKMP_COOKIE_SIZE );
+- HMAC_Update( &ctx_prf, ( unsigned char * ) "\0", 1 );
+- HMAC_Final( &ctx_prf, skeyid_data, NULL );
++ HMAC_Init_ex( ctx_prf, ph1->skeyid.buff(), ( int ) ph1->skeyid.size(), ph1->evp_hash, NULL );
++ HMAC_Update( ctx_prf, shared.buff(), shared.size() );
++ HMAC_Update( ctx_prf, ph1->cookies.i, ISAKMP_COOKIE_SIZE );
++ HMAC_Update( ctx_prf, ph1->cookies.r, ISAKMP_COOKIE_SIZE );
++ HMAC_Update( ctx_prf, ( unsigned char * ) "\0", 1 );
++ HMAC_Final( ctx_prf, skeyid_data, NULL );
+
+ ph1->skeyid_d.set( skeyid_data, skeyid_size );
+
+@@ -1753,13 +1753,13 @@ long _IKED::phase1_gen_keys( IDB_PH1 * ph1 )
+ // compute SKEYID_a
+ //
+
+- HMAC_Init_ex( &ctx_prf, ph1->skeyid.buff(), ( int ) ph1->skeyid.size(), ph1->evp_hash, NULL );
+- HMAC_Update( &ctx_prf, skeyid_data, skeyid_size );
+- HMAC_Update( &ctx_prf, shared.buff(), shared.size() );
+- HMAC_Update( &ctx_prf, ph1->cookies.i, ISAKMP_COOKIE_SIZE );
+- HMAC_Update( &ctx_prf, ph1->cookies.r, ISAKMP_COOKIE_SIZE );
+- HMAC_Update( &ctx_prf, ( unsigned char * ) "\1", 1 );
+- HMAC_Final( &ctx_prf, skeyid_data, NULL );
++ HMAC_Init_ex( ctx_prf, ph1->skeyid.buff(), ( int ) ph1->skeyid.size(), ph1->evp_hash, NULL );
++ HMAC_Update( ctx_prf, skeyid_data, skeyid_size );
++ HMAC_Update( ctx_prf, shared.buff(), shared.size() );
++ HMAC_Update( ctx_prf, ph1->cookies.i, ISAKMP_COOKIE_SIZE );
++ HMAC_Update( ctx_prf, ph1->cookies.r, ISAKMP_COOKIE_SIZE );
++ HMAC_Update( ctx_prf, ( unsigned char * ) "\1", 1 );
++ HMAC_Final( ctx_prf, skeyid_data, NULL );
+
+ ph1->skeyid_a.set( skeyid_data, skeyid_size );
+
+@@ -1774,13 +1774,13 @@ long _IKED::phase1_gen_keys( IDB_PH1 * ph1 )
+ // compute SKEYID_e
+ //
+
+- HMAC_Init_ex( &ctx_prf, ph1->skeyid.buff(), ( int ) ph1->skeyid.size(), ph1->evp_hash, NULL );
+- HMAC_Update( &ctx_prf, skeyid_data, skeyid_size );
+- HMAC_Update( &ctx_prf, shared.buff(), shared.size() );
+- HMAC_Update( &ctx_prf, ph1->cookies.i, ISAKMP_COOKIE_SIZE );
+- HMAC_Update( &ctx_prf, ph1->cookies.r, ISAKMP_COOKIE_SIZE );
+- HMAC_Update( &ctx_prf, ( unsigned char * ) "\2", 1 );
+- HMAC_Final( &ctx_prf, skeyid_data, NULL );
++ HMAC_Init_ex( ctx_prf, ph1->skeyid.buff(), ( int ) ph1->skeyid.size(), ph1->evp_hash, NULL );
++ HMAC_Update( ctx_prf, skeyid_data, skeyid_size );
++ HMAC_Update( ctx_prf, shared.buff(), shared.size() );
++ HMAC_Update( ctx_prf, ph1->cookies.i, ISAKMP_COOKIE_SIZE );
++ HMAC_Update( ctx_prf, ph1->cookies.r, ISAKMP_COOKIE_SIZE );
++ HMAC_Update( ctx_prf, ( unsigned char * ) "\2", 1 );
++ HMAC_Final( ctx_prf, skeyid_data, NULL );
+
+ ph1->skeyid_e.set( skeyid_data, skeyid_size );
+
+@@ -1821,15 +1821,15 @@ long _IKED::phase1_gen_keys( IDB_PH1 * ph1 )
+
+ // create extended key data
+
+- HMAC_Init_ex( &ctx_prf, skeyid_data, skeyid_size, ph1->evp_hash, NULL );
+- HMAC_Update( &ctx_prf, ( unsigned char * ) "\0", 1 );
+- HMAC_Final( &ctx_prf, key_data, NULL );
++ HMAC_Init_ex( ctx_prf, skeyid_data, skeyid_size, ph1->evp_hash, NULL );
++ HMAC_Update( ctx_prf, ( unsigned char * ) "\0", 1 );
++ HMAC_Final( ctx_prf, key_data, NULL );
+
+ for( long size = skeyid_size; size < key_size; size += skeyid_size )
+ {
+- HMAC_Init_ex( &ctx_prf, skeyid_data, skeyid_size, ph1->evp_hash, NULL );
+- HMAC_Update( &ctx_prf, key_data + size - skeyid_size, skeyid_size );
+- HMAC_Final( &ctx_prf, key_data + size, NULL );
++ HMAC_Init_ex( ctx_prf, skeyid_data, skeyid_size, ph1->evp_hash, NULL );
++ HMAC_Update( ctx_prf, key_data + size - skeyid_size, skeyid_size );
++ HMAC_Final( ctx_prf, key_data + size, NULL );
+ }
+ }
+ else
+@@ -1839,7 +1839,7 @@ long _IKED::phase1_gen_keys( IDB_PH1 * ph1 )
+ memcpy( key_data, skeyid_data, key_size );
+ }
+
+- HMAC_CTX_cleanup( &ctx_prf );
++ HMAC_CTX_free( ctx_prf );
+
+ if( proposal->ciph_kl )
+ key_size = ( proposal->ciph_kl + 7 ) / 8;
+@@ -1860,22 +1860,23 @@ long _IKED::phase1_gen_keys( IDB_PH1 * ph1 )
+ unsigned char iv_data[ HMAC_MAX_MD_CBLOCK ];
+ unsigned long iv_size = EVP_CIPHER_iv_length( ph1->evp_cipher );
+
+- EVP_MD_CTX ctx_hash;
+- EVP_DigestInit( &ctx_hash, ph1->evp_hash );
++ EVP_MD_CTX *ctx_hash;
++ ctx_hash = EVP_MD_CTX_new();
++ EVP_DigestInit( ctx_hash, ph1->evp_hash );
+
+ if( ph1->initiator )
+ {
+- EVP_DigestUpdate( &ctx_hash, ph1->xl.buff(), ph1->xl.size() );
+- EVP_DigestUpdate( &ctx_hash, ph1->xr.buff(), ph1->xr.size() );
++ EVP_DigestUpdate( ctx_hash, ph1->xl.buff(), ph1->xl.size() );
++ EVP_DigestUpdate( ctx_hash, ph1->xr.buff(), ph1->xr.size() );
+ }
+ else
+ {
+- EVP_DigestUpdate( &ctx_hash, ph1->xr.buff(), ph1->xr.size() );
+- EVP_DigestUpdate( &ctx_hash, ph1->xl.buff(), ph1->xl.size() );
++ EVP_DigestUpdate( ctx_hash, ph1->xr.buff(), ph1->xr.size() );
++ EVP_DigestUpdate( ctx_hash, ph1->xl.buff(), ph1->xl.size() );
+ }
+
+- EVP_DigestFinal( &ctx_hash, iv_data, NULL );
+- EVP_MD_CTX_cleanup( &ctx_hash );
++ EVP_DigestFinal( ctx_hash, iv_data, NULL );
++ EVP_MD_CTX_free( ctx_hash );
+
+ ph1->iv.set( iv_data, iv_size );
+
+@@ -1903,29 +1904,29 @@ long _IKED::phase1_gen_hash_i( IDB_PH1 * sa, BDATA & h
+
+ hash.size( sa->hash_size );
+
+- HMAC_CTX ctx_prf;
+- HMAC_CTX_init( &ctx_prf );
++ HMAC_CTX *ctx_prf;
++ ctx_prf = HMAC_CTX_new();
+
+- HMAC_Init_ex( &ctx_prf, sa->skeyid.buff(), ( int ) sa->skeyid.size(), sa->evp_hash, NULL );
++ HMAC_Init_ex( ctx_prf, sa->skeyid.buff(), ( int ) sa->skeyid.size(), sa->evp_hash, NULL );
+
+ if( sa->initiator )
+ {
+- HMAC_Update( &ctx_prf, sa->xl.buff(), sa->xl.size() );
+- HMAC_Update( &ctx_prf, sa->xr.buff(), sa->xr.size() );
++ HMAC_Update( ctx_prf, sa->xl.buff(), sa->xl.size() );
++ HMAC_Update( ctx_prf, sa->xr.buff(), sa->xr.size() );
+ }
+ else
+ {
+- HMAC_Update( &ctx_prf, sa->xr.buff(), sa->xr.size() );
+- HMAC_Update( &ctx_prf, sa->xl.buff(), sa->xl.size() );
++ HMAC_Update( ctx_prf, sa->xr.buff(), sa->xr.size() );
++ HMAC_Update( ctx_prf, sa->xl.buff(), sa->xl.size() );
+ }
+
+- HMAC_Update( &ctx_prf, sa->cookies.i, ISAKMP_COOKIE_SIZE );
+- HMAC_Update( &ctx_prf, sa->cookies.r, ISAKMP_COOKIE_SIZE );
+- HMAC_Update( &ctx_prf, sa->hda.buff(), sa->hda.size() );
+- HMAC_Update( &ctx_prf, sa->idi.buff(), sa->idi.size() );
+- HMAC_Final( &ctx_prf, hash.buff(), NULL );
++ HMAC_Update( ctx_prf, sa->cookies.i, ISAKMP_COOKIE_SIZE );
++ HMAC_Update( ctx_prf, sa->cookies.r, ISAKMP_COOKIE_SIZE );
++ HMAC_Update( ctx_prf, sa->hda.buff(), sa->hda.size() );
++ HMAC_Update( ctx_prf, sa->idi.buff(), sa->idi.size() );
++ HMAC_Final( ctx_prf, hash.buff(), NULL );
+
+- HMAC_CTX_cleanup( &ctx_prf );
++ HMAC_CTX_free( ctx_prf );
+
+ log.bin(
+ LLOG_DEBUG,
+@@ -1945,29 +1946,29 @@ long _IKED::phase1_gen_hash_r( IDB_PH1 * sa, BDATA & h
+
+ hash.size( sa->hash_size );
+
+- HMAC_CTX ctx_prf;
+- HMAC_CTX_init( &ctx_prf );
++ HMAC_CTX *ctx_prf;
++ ctx_prf = HMAC_CTX_new();
+
+- HMAC_Init_ex( &ctx_prf, sa->skeyid.buff(), ( int ) sa->skeyid.size(), sa->evp_hash, NULL );
++ HMAC_Init_ex( ctx_prf, sa->skeyid.buff(), ( int ) sa->skeyid.size(), sa->evp_hash, NULL );
+
+ if( sa->initiator )
+ {
+- HMAC_Update( &ctx_prf, sa->xr.buff(), sa->xr.size() );
+- HMAC_Update( &ctx_prf, sa->xl.buff(), sa->xl.size() );
++ HMAC_Update( ctx_prf, sa->xr.buff(), sa->xr.size() );
++ HMAC_Update( ctx_prf, sa->xl.buff(), sa->xl.size() );
+ }
+ else
+ {
+- HMAC_Update( &ctx_prf, sa->xl.buff(), sa->xl.size() );
+- HMAC_Update( &ctx_prf, sa->xr.buff(), sa->xr.size() );
++ HMAC_Update( ctx_prf, sa->xl.buff(), sa->xl.size() );
++ HMAC_Update( ctx_prf, sa->xr.buff(), sa->xr.size() );
+ }
+
+- HMAC_Update( &ctx_prf, sa->cookies.r, ISAKMP_COOKIE_SIZE );
+- HMAC_Update( &ctx_prf, sa->cookies.i, ISAKMP_COOKIE_SIZE );
+- HMAC_Update( &ctx_prf, sa->hda.buff(), sa->hda.size() );
+- HMAC_Update( &ctx_prf, sa->idr.buff(), sa->idr.size() );
+- HMAC_Final( &ctx_prf, hash.buff(), NULL );
++ HMAC_Update( ctx_prf, sa->cookies.r, ISAKMP_COOKIE_SIZE );
++ HMAC_Update( ctx_prf, sa->cookies.i, ISAKMP_COOKIE_SIZE );
++ HMAC_Update( ctx_prf, sa->hda.buff(), sa->hda.size() );
++ HMAC_Update( ctx_prf, sa->idr.buff(), sa->idr.size() );
++ HMAC_Final( ctx_prf, hash.buff(), NULL );
+
+- HMAC_CTX_cleanup( &ctx_prf );
++ HMAC_CTX_free( ctx_prf );
+
+ log.bin(
+ LLOG_DEBUG,
+@@ -2569,14 +2570,14 @@ long _IKED::phase1_gen_natd( IDB_PH1 * ph1 )
+ // hash for remote address
+ //
+
+- EVP_MD_CTX ctx_hash;
+- EVP_DigestInit( &ctx_hash, ph1->evp_hash );
+- EVP_DigestUpdate( &ctx_hash, ph1->cookies.i, ISAKMP_COOKIE_SIZE );
+- EVP_DigestUpdate( &ctx_hash, ph1->cookies.r, ISAKMP_COOKIE_SIZE );
+- EVP_DigestUpdate( &ctx_hash, &ph1->tunnel->saddr_r.saddr4.sin_addr.s_addr, 4 );
+- EVP_DigestUpdate( &ctx_hash, &ph1->tunnel->saddr_r.saddr4.sin_port, 2 );
+- EVP_DigestFinal( &ctx_hash, natd.buff(), NULL );
+- EVP_MD_CTX_cleanup( &ctx_hash );
++ EVP_MD_CTX *ctx_hash;
++ ctx_hash = EVP_MD_CTX_new();
++ EVP_DigestInit( ctx_hash, ph1->evp_hash );
++ EVP_DigestUpdate( ctx_hash, ph1->cookies.i, ISAKMP_COOKIE_SIZE );
++ EVP_DigestUpdate( ctx_hash, ph1->cookies.r, ISAKMP_COOKIE_SIZE );
++ EVP_DigestUpdate( ctx_hash, &ph1->tunnel->saddr_r.saddr4.sin_addr.s_addr, 4 );
++ EVP_DigestUpdate( ctx_hash, &ph1->tunnel->saddr_r.saddr4.sin_port, 2 );
++ EVP_DigestFinal( ctx_hash, natd.buff(), NULL );
+
+ ph1->natd_hash_l.add( natd );
+
+@@ -2585,13 +2586,13 @@ long _IKED::phase1_gen_natd( IDB_PH1 * ph1 )
+ // hash for local address
+ //
+
+- EVP_DigestInit( &ctx_hash, ph1->evp_hash );
+- EVP_DigestUpdate( &ctx_hash, ph1->cookies.i, ISAKMP_COOKIE_SIZE );
+- EVP_DigestUpdate( &ctx_hash, ph1->cookies.r, ISAKMP_COOKIE_SIZE );
+- EVP_DigestUpdate( &ctx_hash, &ph1->tunnel->saddr_l.saddr4.sin_addr.s_addr, 4 );
+- EVP_DigestUpdate( &ctx_hash, &ph1->tunnel->saddr_l.saddr4.sin_port, 2 );
+- EVP_DigestFinal( &ctx_hash, natd.buff(), NULL );
+- EVP_MD_CTX_cleanup( &ctx_hash );
++ EVP_DigestInit( ctx_hash, ph1->evp_hash );
++ EVP_DigestUpdate( ctx_hash, ph1->cookies.i, ISAKMP_COOKIE_SIZE );
++ EVP_DigestUpdate( ctx_hash, ph1->cookies.r, ISAKMP_COOKIE_SIZE );
++ EVP_DigestUpdate( ctx_hash, &ph1->tunnel->saddr_l.saddr4.sin_addr.s_addr, 4 );
++ EVP_DigestUpdate( ctx_hash, &ph1->tunnel->saddr_l.saddr4.sin_port, 2 );
++ EVP_DigestFinal( ctx_hash, natd.buff(), NULL );
++ EVP_MD_CTX_free( ctx_hash );
+
+ ph1->natd_hash_l.add( natd );
+
Added: head/security/ike/files/patch-source_iked_ike.exch.phase2.cpp
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/security/ike/files/patch-source_iked_ike.exch.phase2.cpp Thu Mar 18 08:49:41 2021 (r568724)
@@ -0,0 +1,153 @@
+--- source/iked/ike.exch.phase2.cpp.orig 2010-12-22 21:35:36 UTC
++++ source/iked/ike.exch.phase2.cpp
+@@ -1008,14 +1008,14 @@ long _IKED::phase2_gen_hash_i( IDB_PH1 * ph1, IDB_PH2
+
+ hash.size( ph1->hash_size );
+
+- HMAC_CTX ctx_prf;
+- HMAC_CTX_init( &ctx_prf );
++ HMAC_CTX *ctx_prf;
++ ctx_prf = HMAC_CTX_new();
+
+- HMAC_Init_ex( &ctx_prf, ph1->skeyid_a.buff(), ( int ) ph1->skeyid_a.size(), ph1->evp_hash, NULL );
+- HMAC_Update( &ctx_prf, input.buff(), input.size() );
+- HMAC_Final( &ctx_prf, hash.buff(), NULL );
++ HMAC_Init_ex( ctx_prf, ph1->skeyid_a.buff(), ( int ) ph1->skeyid_a.size(), ph1->evp_hash, NULL );
++ HMAC_Update( ctx_prf, input.buff(), input.size() );
++ HMAC_Final( ctx_prf, hash.buff(), NULL );
+
+- HMAC_CTX_cleanup( &ctx_prf );
++ HMAC_CTX_free( ctx_prf );
+
+ log.bin(
+ LLOG_DEBUG,
+@@ -1048,14 +1048,14 @@ long _IKED::phase2_gen_hash_r( IDB_PH1 * ph1, IDB_PH2
+
+ hash.size( ph1->hash_size );
+
+- HMAC_CTX ctx_prf;
+- HMAC_CTX_init( &ctx_prf );
++ HMAC_CTX *ctx_prf;
++ ctx_prf = HMAC_CTX_new();
+
+- HMAC_Init_ex( &ctx_prf, ph1->skeyid_a.buff(), ( int ) ph1->skeyid_a.size(), ph1->evp_hash, NULL );
+- HMAC_Update( &ctx_prf, input.buff(), input.size() );
+- HMAC_Final( &ctx_prf, hash.buff(), NULL );
++ HMAC_Init_ex( ctx_prf, ph1->skeyid_a.buff(), ( int ) ph1->skeyid_a.size(), ph1->evp_hash, NULL );
++ HMAC_Update( ctx_prf, input.buff(), input.size() );
++ HMAC_Final( ctx_prf, hash.buff(), NULL );
+
+- HMAC_CTX_cleanup( &ctx_prf );
++ HMAC_CTX_free( ctx_prf );
+
+ log.bin(
+ LLOG_DEBUG,
+@@ -1093,14 +1093,14 @@ long _IKED::phase2_gen_hash_p( IDB_PH1 * ph1, IDB_PH2
+
+ hash.size( ph1->hash_size );
+
+- HMAC_CTX ctx_prf;
+- HMAC_CTX_init( &ctx_prf );
++ HMAC_CTX *ctx_prf;
++ ctx_prf = HMAC_CTX_new();
+
+- HMAC_Init_ex( &ctx_prf, ph1->skeyid_a.buff(), ( int ) ph1->skeyid_a.size(), ph1->evp_hash, NULL );
+- HMAC_Update( &ctx_prf, input.buff(), input.size() );
+- HMAC_Final( &ctx_prf, hash.buff(), 0 );
++ HMAC_Init_ex( ctx_prf, ph1->skeyid_a.buff(), ( int ) ph1->skeyid_a.size(), ph1->evp_hash, NULL );
++ HMAC_Update( ctx_prf, input.buff(), input.size() );
++ HMAC_Final( ctx_prf, hash.buff(), 0 );
+
+- HMAC_CTX_cleanup( &ctx_prf );
++ HMAC_CTX_free( ctx_prf );
+
+ log.bin(
+ LLOG_DEBUG,
+@@ -1555,7 +1555,7 @@ long _IKED::phase2_gen_keys( IDB_PH1 * ph1, IDB_PH2 *
+ {
+ BDATA prv;
+ prv.size( ph2->dh_size );
+- BN_bn2bin( ph2->dh->priv_key, prv.buff() );
++ BN_bn2bin( DH_get0_priv_key( ph2->dh ), prv.buff() );
+
+ log.bin(
+ LLOG_DECODE,
+@@ -1817,56 +1817,56 @@ long _IKED::phase2_gen_keys( IDB_PH1 * ph1, IDB_PH2 *
+ // K3 = prf( SKEYID_d, K2 | [ g(qm)^xy | ] protocol | SPI | Ni_b | Nr_b )
+ //
+
+- HMAC_CTX ctx_prf;
+- HMAC_CTX_init( &ctx_prf );
++ HMAC_CTX *ctx_prf;
++ ctx_prf = HMAC_CTX_new();
+
+- HMAC_Init_ex( &ctx_prf, ph1->skeyid_d.buff(), ( int ) ph1->skeyid_d.size(), ph1->evp_hash, NULL );
++ HMAC_Init_ex( ctx_prf, ph1->skeyid_d.buff(), ( int ) ph1->skeyid_d.size(), ph1->evp_hash, NULL );
+
+ if( ph2->dhgr_id )
+- HMAC_Update( &ctx_prf, shared.buff(), shared.size() );
++ HMAC_Update( ctx_prf, shared.buff(), shared.size() );
+
+- HMAC_Update( &ctx_prf, ( unsigned char * ) &proposal->proto, 1 );
+- HMAC_Update( &ctx_prf, ( unsigned char * ) &proposal->spi, 4 );
++ HMAC_Update( ctx_prf, ( unsigned char * ) &proposal->proto, 1 );
++ HMAC_Update( ctx_prf, ( unsigned char * ) &proposal->spi, 4 );
+
+ if( ph2->initiator )
+ {
+- HMAC_Update( &ctx_prf, ph2->nonce_l.buff(), ph2->nonce_l.size() );
+- HMAC_Update( &ctx_prf, ph2->nonce_r.buff(), ph2->nonce_r.size() );
++ HMAC_Update( ctx_prf, ph2->nonce_l.buff(), ph2->nonce_l.size() );
++ HMAC_Update( ctx_prf, ph2->nonce_r.buff(), ph2->nonce_r.size() );
+ }
+ else
+ {
+- HMAC_Update( &ctx_prf, ph2->nonce_r.buff(), ph2->nonce_r.size() );
+- HMAC_Update( &ctx_prf, ph2->nonce_l.buff(), ph2->nonce_l.size() );
++ HMAC_Update( ctx_prf, ph2->nonce_r.buff(), ph2->nonce_r.size() );
++ HMAC_Update( ctx_prf, ph2->nonce_l.buff(), ph2->nonce_l.size() );
+ }
+
+- HMAC_Final( &ctx_prf, key_data, NULL );
++ HMAC_Final( ctx_prf, key_data, NULL );
+
+ for( long size = skeyid_size; size < key_size; size += skeyid_size )
+ {
+- HMAC_Init_ex( &ctx_prf, ph1->skeyid_d.buff(), ( int ) ph1->skeyid_d.size(), ph1->evp_hash, NULL );
+- HMAC_Update( &ctx_prf, key_data + size - skeyid_size, skeyid_size );
++ HMAC_Init_ex( ctx_prf, ph1->skeyid_d.buff(), ( int ) ph1->skeyid_d.size(), ph1->evp_hash, NULL );
++ HMAC_Update( ctx_prf, key_data + size - skeyid_size, skeyid_size );
+
+ if( ph2->dhgr_id )
+- HMAC_Update( &ctx_prf, shared.buff(), shared.size() );
++ HMAC_Update( ctx_prf, shared.buff(), shared.size() );
+
+- HMAC_Update( &ctx_prf, ( unsigned char * ) &proposal->proto, 1 );
+- HMAC_Update( &ctx_prf, ( unsigned char * ) &proposal->spi, 4 );
++ HMAC_Update( ctx_prf, ( unsigned char * ) &proposal->proto, 1 );
++ HMAC_Update( ctx_prf, ( unsigned char * ) &proposal->spi, 4 );
+
+ if( ph2->initiator )
+ {
+- HMAC_Update( &ctx_prf, ph2->nonce_l.buff(), ph2->nonce_l.size() );
+- HMAC_Update( &ctx_prf, ph2->nonce_r.buff(), ph2->nonce_r.size() );
++ HMAC_Update( ctx_prf, ph2->nonce_l.buff(), ph2->nonce_l.size() );
++ HMAC_Update( ctx_prf, ph2->nonce_r.buff(), ph2->nonce_r.size() );
+ }
+ else
+ {
+- HMAC_Update( &ctx_prf, ph2->nonce_r.buff(), ph2->nonce_r.size() );
+- HMAC_Update( &ctx_prf, ph2->nonce_l.buff(), ph2->nonce_l.size() );
++ HMAC_Update( ctx_prf, ph2->nonce_r.buff(), ph2->nonce_r.size() );
++ HMAC_Update( ctx_prf, ph2->nonce_l.buff(), ph2->nonce_l.size() );
+ }
+
+- HMAC_Final( &ctx_prf, key_data + size, 0 );
++ HMAC_Final( ctx_prf, key_data + size, 0 );
+ }
+
+- HMAC_CTX_cleanup( &ctx_prf );
++ HMAC_CTX_free( ctx_prf );
+
+ //
+ // separate encrypt and auth key data
Added: head/security/ike/files/patch-source_iked_ike.idb.exch.cpp
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/security/ike/files/patch-source_iked_ike.idb.exch.cpp Thu Mar 18 08:49:41 2021 (r568724)
@@ -0,0 +1,22 @@
+--- source/iked/ike.idb.exch.cpp.orig 2011-01-15 22:09:32 UTC
++++ source/iked/ike.idb.exch.cpp
+@@ -134,12 +134,13 @@ bool _IDB_XCH::new_msgiv( IDB_PH1 * ph1 )
+ unsigned char iv_data[ EVP_MAX_MD_SIZE ];
+ unsigned long iv_size = EVP_CIPHER_iv_length( ph1->evp_cipher );
+
+- EVP_MD_CTX ctx_hash;
+- EVP_DigestInit( &ctx_hash, ph1->evp_hash );
+- EVP_DigestUpdate( &ctx_hash, ph1->iv.buff(), ph1->iv.size() );
+- EVP_DigestUpdate( &ctx_hash, &msgid, 4 );
+- EVP_DigestFinal( &ctx_hash, iv_data, NULL );
+- EVP_MD_CTX_cleanup( &ctx_hash );
++ EVP_MD_CTX *ctx_hash;
++ ctx_hash = EVP_MD_CTX_new();
++ EVP_DigestInit( ctx_hash, ph1->evp_hash );
++ EVP_DigestUpdate( ctx_hash, ph1->iv.buff(), ph1->iv.size() );
++ EVP_DigestUpdate( ctx_hash, &msgid, 4 );
++ EVP_DigestFinal( ctx_hash, iv_data, NULL );
++ EVP_MD_CTX_free( ctx_hash );
+
+ iv.set( iv_data, iv_size );
+
Added: head/security/ike/files/patch-source_iked_ike.idb.phase1.cpp
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/security/ike/files/patch-source_iked_ike.idb.phase1.cpp Thu Mar 18 08:49:41 2021 (r568724)
@@ -0,0 +1,11 @@
+--- source/iked/ike.idb.phase1.cpp.orig 2011-02-01 07:21:32 UTC
++++ source/iked/ike.idb.phase1.cpp
+@@ -676,7 +676,7 @@ bool _IDB_PH1::setup_dhgrp( IKE_PROPOSAL * proposal )
+ }
+
+ xl.size( dh_size );
+- long result = BN_bn2bin( dh->pub_key, xl.buff() );
++ long result = BN_bn2bin( DH_get0_pub_key( dh ), xl.buff() );
+
+ //
+ // fixup public buffer alignment
Added: head/security/ike/files/patch-source_iked_ike.idb.phase2.cpp
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/security/ike/files/patch-source_iked_ike.idb.phase2.cpp Thu Mar 18 08:49:41 2021 (r568724)
@@ -0,0 +1,11 @@
+--- source/iked/ike.idb.phase2.cpp.orig 2012-11-19 23:28:52 UTC
++++ source/iked/ike.idb.phase2.cpp
+@@ -438,7 +438,7 @@ bool _IDB_PH2::setup_dhgrp()
+ }
+
+ xl.size( dh_size );
+- long result = BN_bn2bin( dh->pub_key, xl.buff() );
++ long result = BN_bn2bin( DH_get0_pub_key( dh ), xl.buff() );
+
+ //
+ // fixup public buffer alignment
Added: head/security/ike/files/patch-source_iked_ike.keyfile.cpp
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/security/ike/files/patch-source_iked_ike.keyfile.cpp Thu Mar 18 08:49:41 2021 (r568724)
@@ -0,0 +1,82 @@
+--- source/iked/ike.keyfile.cpp.orig 2012-12-15 22:14:32 UTC
++++ source/iked/ike.keyfile.cpp
+@@ -663,15 +663,19 @@ static int verify_cb( int ok, X509_STORE_CTX * store_c
+ {
+ long ll = LLOG_ERROR;
+ char name[ 512 ];
++ int error, error_depth;
+
+- X509_NAME * x509_name = X509_get_subject_name( store_ctx->current_cert );
++ X509_NAME * x509_name = X509_get_subject_name( X509_STORE_CTX_get_current_cert(store_ctx) );
+
+ X509_NAME_oneline(
+ x509_name,
+ name,
+ 512 );
++
++ error = X509_STORE_CTX_get_error(store_ctx);
++ error_depth = X509_STORE_CTX_get_error_depth(store_ctx);
+
+- switch( store_ctx->error )
++ switch( error )
+ {
+ case X509_V_ERR_UNABLE_TO_GET_CRL:
+ ok = 1;
+@@ -683,9 +687,9 @@ static int verify_cb( int ok, X509_STORE_CTX * store_c
+ ll,
+ "ii : %s(%d) at depth:%d\n"
+ "ii : subject :%s\n",
+- X509_verify_cert_error_string( store_ctx->error ),
+- store_ctx->error,
+- store_ctx->error_depth,
++ X509_verify_cert_error_string( error ),
++ error,
++ error_depth,
+ name );
+ }
+
+@@ -857,7 +861,7 @@ bool prvkey_rsa_load_pem( BDATA & prvkey, FILE * fp, B
+ if( evp_pkey == NULL )
+ return false;
+
+- bool converted = prvkey_rsa_2_bdata( prvkey, evp_pkey->pkey.rsa );
++ bool converted = prvkey_rsa_2_bdata( prvkey, EVP_PKEY_get0_RSA(evp_pkey) );
+ EVP_PKEY_free( evp_pkey );
+
+ return converted;
+@@ -883,7 +887,7 @@ bool prvkey_rsa_load_p12( BDATA & prvkey, FILE * fp, B
+ if( evp_pkey == NULL )
+ return false;
+
+- bool converted = prvkey_rsa_2_bdata( prvkey, evp_pkey->pkey.rsa );
++ bool converted = prvkey_rsa_2_bdata( prvkey, EVP_PKEY_get0_RSA(evp_pkey) );
+ EVP_PKEY_free( evp_pkey );
+
+ return converted;
+@@ -939,7 +943,7 @@ bool prvkey_rsa_load_pem( BDATA & prvkey, BDATA & inpu
+ if( evp_pkey == NULL )
+ return false;
+
+- bool converted = prvkey_rsa_2_bdata( prvkey, evp_pkey->pkey.rsa );
++ bool converted = prvkey_rsa_2_bdata( prvkey, EVP_PKEY_get0_RSA(evp_pkey) );
+ EVP_PKEY_free( evp_pkey );
+
+ return converted;
+@@ -976,7 +980,7 @@ bool prvkey_rsa_load_p12( BDATA & prvkey, BDATA & inpu
+ if( evp_pkey == NULL )
+ return false;
+
+- bool converted = prvkey_rsa_2_bdata( prvkey, evp_pkey->pkey.rsa );
++ bool converted = prvkey_rsa_2_bdata( prvkey, EVP_PKEY_get0_RSA(evp_pkey) );
+ EVP_PKEY_free( evp_pkey );
+
+ return converted;
+@@ -1010,7 +1014,7 @@ bool _IKED::pubkey_rsa_read( BDATA & cert, BDATA & pub
+ if( evp_pkey == NULL )
+ return false;
+
+- bool result = pubkey_rsa_2_bdata( pubkey, evp_pkey->pkey.rsa );
++ bool result = pubkey_rsa_2_bdata( pubkey, EVP_PKEY_get0_RSA(evp_pkey) );
+
+ EVP_PKEY_free( evp_pkey );
+
Added: head/security/ike/files/patch-source_libike_manager.file.cpp
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/security/ike/files/patch-source_libike_manager.file.cpp Thu Mar 18 08:49:41 2021 (r568724)
@@ -0,0 +1,26 @@
+--- source/libike/manager.file.cpp.orig 2011-02-06 16:40:00 UTC
++++ source/libike/manager.file.cpp
+@@ -679,11 +679,11 @@ bool _CONFIG_MANAGER::file_pcf_load( CONFIG & config,
+ BDATA pwd;
+ data.get( pwd );
+
+- EVP_CIPHER_CTX ctx_cipher;
+- EVP_CIPHER_CTX_init( &ctx_cipher );
++ EVP_CIPHER_CTX *ctx_cipher;
++ ctx_cipher = EVP_CIPHER_CTX_new();
+
+ EVP_CipherInit_ex(
+- &ctx_cipher,
++ ctx_cipher,
+ EVP_des_ede3_cbc(),
+ NULL,
+ key,
+@@ -691,7 +691,7 @@ bool _CONFIG_MANAGER::file_pcf_load( CONFIG & config,
+ 0 );
+
+ EVP_Cipher(
+- &ctx_cipher,
++ ctx_cipher,
+ pwd.buff(),
+ pwd.buff(),
+ ( unsigned int ) pwd.size() );
Modified: head/security/ike/pkg-descr
==============================================================================
--- head/security/ike/pkg-descr Thu Mar 18 08:28:55 2021 (r568723)
+++ head/security/ike/pkg-descr Thu Mar 18 08:49:41 2021 (r568724)
@@ -5,6 +5,4 @@ running the ipsec-tools racoon daemon. The latest vers
high level of compatibility with Cisco, Juniper, Zywall, Fortigate
and many other commercial IPsec VPN gateways.
*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
More information about the svn-ports-head
mailing list