Module Name: src
Committed By: christos
Date: Sat Mar 8 16:39:09 UTC 2025
Modified Files:
src/crypto/dist/ipsec-tools/src/racoon: admin.c admin.h algorithm.c
algorithm.h backupsa.c cfparse.y cftoken.l crypto_openssl.c
getcertsbyname.c grabmyaddr.c handler.c ipsec_doi.c isakmp.c
isakmp_cfg.c isakmp_cfg.h isakmp_frag.c isakmp_var.h localconf.c
misc.c misc.h oakley.c plainrsa-gen.c plog.c plog.h privsep.c
prsa_par.y remoteconf.c remoteconf.h schedule.h sockmisc.c
strnames.c strnames.h vendorid.c
Log Message:
more cleanups (const related, format strings)
To generate a diff of this commit:
cvs rdiff -u -r1.42 -r1.43 src/crypto/dist/ipsec-tools/src/racoon/admin.c
cvs rdiff -u -r1.9 -r1.10 src/crypto/dist/ipsec-tools/src/racoon/admin.h \
src/crypto/dist/ipsec-tools/src/racoon/prsa_par.y \
src/crypto/dist/ipsec-tools/src/racoon/schedule.h
cvs rdiff -u -r1.11 -r1.12 src/crypto/dist/ipsec-tools/src/racoon/algorithm.c \
src/crypto/dist/ipsec-tools/src/racoon/isakmp_frag.c \
src/crypto/dist/ipsec-tools/src/racoon/localconf.c
cvs rdiff -u -r1.7 -r1.8 src/crypto/dist/ipsec-tools/src/racoon/algorithm.h \
src/crypto/dist/ipsec-tools/src/racoon/isakmp_cfg.h \
src/crypto/dist/ipsec-tools/src/racoon/misc.c \
src/crypto/dist/ipsec-tools/src/racoon/misc.h \
src/crypto/dist/ipsec-tools/src/racoon/plainrsa-gen.c
cvs rdiff -u -r1.12 -r1.13 src/crypto/dist/ipsec-tools/src/racoon/backupsa.c \
src/crypto/dist/ipsec-tools/src/racoon/strnames.c
cvs rdiff -u -r1.54 -r1.55 src/crypto/dist/ipsec-tools/src/racoon/cfparse.y
cvs rdiff -u -r1.29 -r1.30 src/crypto/dist/ipsec-tools/src/racoon/cftoken.l \
src/crypto/dist/ipsec-tools/src/racoon/oakley.c
cvs rdiff -u -r1.30 -r1.31 \
src/crypto/dist/ipsec-tools/src/racoon/crypto_openssl.c \
src/crypto/dist/ipsec-tools/src/racoon/isakmp_cfg.c
cvs rdiff -u -r1.5 -r1.6 \
src/crypto/dist/ipsec-tools/src/racoon/getcertsbyname.c \
src/crypto/dist/ipsec-tools/src/racoon/strnames.h
cvs rdiff -u -r1.41 -r1.42 \
src/crypto/dist/ipsec-tools/src/racoon/grabmyaddr.c
cvs rdiff -u -r1.43 -r1.44 src/crypto/dist/ipsec-tools/src/racoon/handler.c
cvs rdiff -u -r1.53 -r1.54 src/crypto/dist/ipsec-tools/src/racoon/ipsec_doi.c
cvs rdiff -u -r1.80 -r1.81 src/crypto/dist/ipsec-tools/src/racoon/isakmp.c
cvs rdiff -u -r1.19 -r1.20 \
src/crypto/dist/ipsec-tools/src/racoon/isakmp_var.h
cvs rdiff -u -r1.8 -r1.9 src/crypto/dist/ipsec-tools/src/racoon/plog.c
cvs rdiff -u -r1.6 -r1.7 src/crypto/dist/ipsec-tools/src/racoon/plog.h
cvs rdiff -u -r1.27 -r1.28 src/crypto/dist/ipsec-tools/src/racoon/privsep.c
cvs rdiff -u -r1.31 -r1.32 \
src/crypto/dist/ipsec-tools/src/racoon/remoteconf.c
cvs rdiff -u -r1.17 -r1.18 \
src/crypto/dist/ipsec-tools/src/racoon/remoteconf.h
cvs rdiff -u -r1.20 -r1.21 src/crypto/dist/ipsec-tools/src/racoon/sockmisc.c
cvs rdiff -u -r1.10 -r1.11 src/crypto/dist/ipsec-tools/src/racoon/vendorid.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/crypto/dist/ipsec-tools/src/racoon/admin.c
diff -u src/crypto/dist/ipsec-tools/src/racoon/admin.c:1.42 src/crypto/dist/ipsec-tools/src/racoon/admin.c:1.43
--- src/crypto/dist/ipsec-tools/src/racoon/admin.c:1.42 Fri Mar 7 10:55:28 2025
+++ src/crypto/dist/ipsec-tools/src/racoon/admin.c Sat Mar 8 11:39:08 2025
@@ -1,4 +1,4 @@
-/* $NetBSD: admin.c,v 1.42 2025/03/07 15:55:28 christos Exp $ */
+/* $NetBSD: admin.c,v 1.43 2025/03/08 16:39:08 christos Exp $ */
/* Id: admin.c,v 1.25 2006/04/06 14:31:04 manubsd Exp */
@@ -87,7 +87,7 @@
#include "gcmalloc.h"
#ifdef ENABLE_ADMINPORT
-char *adminsock_path = ADMINSOCK_PATH;
+const char *adminsock_path = ADMINSOCK_PATH;
uid_t adminsock_owner = 0;
gid_t adminsock_group = 0;
mode_t adminsock_mode = 0600;
@@ -128,7 +128,7 @@ admin_handler(void *ctx __unused, int fd
}
/* sanity check */
- if (len < sizeof(com)) {
+ if (len < (ssize_t)sizeof(com)) {
plog(LLV_ERROR, LOCATION, NULL,
"invalid header length of admin command\n");
goto end;
@@ -757,7 +757,7 @@ admin_init(void)
}
int
-admin_close()
+admin_close(void)
{
unmonitor_fd(lcconf->sock_admin);
close(lcconf->sock_admin);
Index: src/crypto/dist/ipsec-tools/src/racoon/admin.h
diff -u src/crypto/dist/ipsec-tools/src/racoon/admin.h:1.9 src/crypto/dist/ipsec-tools/src/racoon/admin.h:1.10
--- src/crypto/dist/ipsec-tools/src/racoon/admin.h:1.9 Fri Mar 7 10:55:28 2025
+++ src/crypto/dist/ipsec-tools/src/racoon/admin.h Sat Mar 8 11:39:08 2025
@@ -1,4 +1,4 @@
-/* $NetBSD: admin.h,v 1.9 2025/03/07 15:55:28 christos Exp $ */
+/* $NetBSD: admin.h,v 1.10 2025/03/08 16:39:08 christos Exp $ */
/* Id: admin.h,v 1.11 2005/06/19 22:37:47 manubsd Exp */
@@ -36,7 +36,7 @@
#define ADMINSOCK_PATH ADMINPORTDIR "/racoon.sock"
-extern char *adminsock_path;
+extern const char *adminsock_path;
extern uid_t adminsock_owner;
extern gid_t adminsock_group;
extern mode_t adminsock_mode;
Index: src/crypto/dist/ipsec-tools/src/racoon/prsa_par.y
diff -u src/crypto/dist/ipsec-tools/src/racoon/prsa_par.y:1.9 src/crypto/dist/ipsec-tools/src/racoon/prsa_par.y:1.10
--- src/crypto/dist/ipsec-tools/src/racoon/prsa_par.y:1.9 Fri Mar 7 10:55:29 2025
+++ src/crypto/dist/ipsec-tools/src/racoon/prsa_par.y Sat Mar 8 11:39:08 2025
@@ -1,4 +1,4 @@
-/* $NetBSD: prsa_par.y,v 1.9 2025/03/07 15:55:29 christos Exp $ */
+/* $NetBSD: prsa_par.y,v 1.10 2025/03/08 16:39:08 christos Exp $ */
/* Id: prsa_par.y,v 1.3 2004/11/08 12:04:23 ludvigm Exp */
@@ -113,7 +113,7 @@ prsaerror(const char *s, ...)
va_end(ap);
}
-void
+static void
prsawarning(const char *s, ...)
{
char fmt[512];
Index: src/crypto/dist/ipsec-tools/src/racoon/schedule.h
diff -u src/crypto/dist/ipsec-tools/src/racoon/schedule.h:1.9 src/crypto/dist/ipsec-tools/src/racoon/schedule.h:1.10
--- src/crypto/dist/ipsec-tools/src/racoon/schedule.h:1.9 Fri Mar 7 10:55:29 2025
+++ src/crypto/dist/ipsec-tools/src/racoon/schedule.h Sat Mar 8 11:39:08 2025
@@ -1,4 +1,4 @@
-/* $NetBSD: schedule.h,v 1.9 2025/03/07 15:55:29 christos Exp $ */
+/* $NetBSD: schedule.h,v 1.10 2025/03/08 16:39:08 christos Exp $ */
/* Id: schedule.h,v 1.5 2006/05/03 21:53:42 vanhu Exp */
@@ -61,7 +61,7 @@
#ifndef container_of
#define container_of(ptr, type, member) ({ \
const typeof( ((type *)0)->member ) *__mptr = (ptr); \
- (type *)( (char *)__mptr - offsetof(type,member) );})
+ (type *)( (char *)(intptr_t)__mptr - offsetof(type,member) );})
#endif
@@ -75,7 +75,7 @@ struct sched {
long id; /* for debug */
};
-#define SCHED_INITIALIZER() { NULL, }
+#define SCHED_INITIALIZER() { .func = NULL, }
struct scheddump {
time_t xtime;
Index: src/crypto/dist/ipsec-tools/src/racoon/algorithm.c
diff -u src/crypto/dist/ipsec-tools/src/racoon/algorithm.c:1.11 src/crypto/dist/ipsec-tools/src/racoon/algorithm.c:1.12
--- src/crypto/dist/ipsec-tools/src/racoon/algorithm.c:1.11 Fri Mar 7 10:55:28 2025
+++ src/crypto/dist/ipsec-tools/src/racoon/algorithm.c Sat Mar 8 11:39:08 2025
@@ -1,4 +1,4 @@
-/* $NetBSD: algorithm.c,v 1.11 2025/03/07 15:55:28 christos Exp $ */
+/* $NetBSD: algorithm.c,v 1.12 2025/03/08 16:39:08 christos Exp $ */
/* Id: algorithm.c,v 1.15 2006/05/23 20:23:09 manubsd Exp */
@@ -301,9 +301,8 @@ static struct dh_algorithm *alg_oakley_d
static struct hash_algorithm *
alg_oakley_hashdef(int doi)
{
- int i;
- for (i = 0; i < ARRAYLEN(oakley_hashdef); i++)
+ for (size_t i = 0; i < ARRAYLEN(oakley_hashdef); i++)
if (doi == oakley_hashdef[i].doi) {
plog(LLV_DEBUG, LOCATION, NULL, "hash(%s)\n",
oakley_hashdef[i].name);
@@ -327,9 +326,9 @@ alg_oakley_hashdef_ok(int doi)
int
alg_oakley_hashdef_doi(int type)
{
- int i, res = -1;
+ int res = -1;
- for (i = 0; i < ARRAYLEN(oakley_hashdef); i++)
+ for (size_t i = 0; i < ARRAYLEN(oakley_hashdef); i++)
if (type == oakley_hashdef[i].type) {
res = oakley_hashdef[i].doi;
break;
@@ -377,9 +376,8 @@ alg_oakley_hashdef_one(int doi, vchar_t
static struct hmac_algorithm *
alg_oakley_hmacdef(int doi)
{
- int i;
- for (i = 0; i < ARRAYLEN(oakley_hmacdef); i++)
+ for (size_t i = 0; i < ARRAYLEN(oakley_hmacdef); i++)
if (doi == oakley_hmacdef[i].doi) {
plog(LLV_DEBUG, LOCATION, NULL, "hmac(%s)\n",
oakley_hmacdef[i].name);
@@ -391,9 +389,9 @@ alg_oakley_hmacdef(int doi)
int
alg_oakley_hmacdef_doi(int type)
{
- int i, res = -1;
+ int res = -1;
- for (i = 0; i < ARRAYLEN(oakley_hmacdef); i++)
+ for (size_t i = 0; i < ARRAYLEN(oakley_hmacdef); i++)
if (type == oakley_hmacdef[i].type) {
res = oakley_hmacdef[i].doi;
break;
@@ -433,9 +431,8 @@ alg_oakley_hmacdef_one(int doi, vchar_t
static struct enc_algorithm *
alg_oakley_encdef(int doi)
{
- int i;
- for (i = 0; i < ARRAYLEN(oakley_encdef); i++)
+ for (size_t i = 0; i < ARRAYLEN(oakley_encdef); i++)
if (doi == oakley_encdef[i].doi) {
plog(LLV_DEBUG, LOCATION, NULL, "encryption(%s)\n",
oakley_encdef[i].name);
@@ -459,9 +456,9 @@ alg_oakley_encdef_ok(int doi)
int
alg_oakley_encdef_doi(int type)
{
- int i, res = -1;
+ int res = -1;
- for (i = 0; i < ARRAYLEN(oakley_encdef); i++)
+ for (size_t i = 0; i < ARRAYLEN(oakley_encdef); i++)
if (type == oakley_encdef[i].type) {
res = oakley_encdef[i].doi;
break;
@@ -563,9 +560,8 @@ alg_oakley_encdef_encrypt(int doi, vchar
static struct enc_algorithm *
alg_ipsec_encdef(int doi)
{
- int i;
- for (i = 0; i < ARRAYLEN(ipsec_encdef); i++)
+ for (size_t i = 0; i < ARRAYLEN(ipsec_encdef); i++)
if (doi == ipsec_encdef[i].doi) {
plog(LLV_DEBUG, LOCATION, NULL, "encryption(%s)\n",
ipsec_encdef[i].name);
@@ -577,9 +573,9 @@ alg_ipsec_encdef(int doi)
int
alg_ipsec_encdef_doi(int type)
{
- int i, res = -1;
+ int res = -1;
- for (i = 0; i < ARRAYLEN(ipsec_encdef); i++)
+ for (size_t i = 0; i < ARRAYLEN(ipsec_encdef); i++)
if (type == ipsec_encdef[i].type) {
res = ipsec_encdef[i].doi;
break;
@@ -603,9 +599,8 @@ alg_ipsec_encdef_keylen(int doi, int len
static struct hmac_algorithm *
alg_ipsec_hmacdef(int doi)
{
- int i;
- for (i = 0; i < ARRAYLEN(ipsec_hmacdef); i++)
+ for (size_t i = 0; i < ARRAYLEN(ipsec_hmacdef); i++)
if (doi == ipsec_hmacdef[i].doi) {
plog(LLV_DEBUG, LOCATION, NULL, "hmac(%s)\n",
ipsec_hmacdef[i].name);
@@ -617,9 +612,9 @@ alg_ipsec_hmacdef(int doi)
int
alg_ipsec_hmacdef_doi(int type)
{
- int i, res = -1;
+ int res = -1;
- for (i = 0; i < ARRAYLEN(ipsec_hmacdef); i++)
+ for (size_t i = 0; i < ARRAYLEN(ipsec_hmacdef); i++)
if (type == ipsec_hmacdef[i].type) {
res = ipsec_hmacdef[i].doi;
break;
@@ -643,9 +638,9 @@ alg_ipsec_hmacdef_hashlen(int doi)
int
alg_ipsec_compdef_doi(int type)
{
- int i, res = -1;
+ int res = -1;
- for (i = 0; i < ARRAYLEN(ipsec_compdef); i++)
+ for (size_t i = 0; i < ARRAYLEN(ipsec_compdef); i++)
if (type == ipsec_compdef[i].type) {
res = ipsec_compdef[i].doi;
break;
@@ -657,9 +652,8 @@ alg_ipsec_compdef_doi(int type)
static struct dh_algorithm *
alg_oakley_dhdef(int doi)
{
- int i;
- for (i = 0; i < ARRAYLEN(oakley_dhdef); i++)
+ for (size_t i = 0; i < ARRAYLEN(oakley_dhdef); i++)
if (doi == oakley_dhdef[i].doi) {
plog(LLV_DEBUG, LOCATION, NULL, "hmac(%s)\n",
oakley_dhdef[i].name);
@@ -683,9 +677,9 @@ alg_oakley_dhdef_ok(int doi)
int
alg_oakley_dhdef_doi(int type)
{
- int i, res = -1;
+ int res = -1;
- for (i = 0; i < ARRAYLEN(oakley_dhdef); i++)
+ for (size_t i = 0; i < ARRAYLEN(oakley_dhdef); i++)
if (type == oakley_dhdef[i].type) {
res = oakley_dhdef[i].doi;
break;
@@ -720,9 +714,9 @@ alg_oakley_dhdef_name(int doi)
int
alg_oakley_authdef_doi(int type)
{
- int i, res = -1;
+ int res = -1;
- for (i = 0; i < ARRAYLEN(oakley_authdef); i++)
+ for (size_t i = 0; i < ARRAYLEN(oakley_authdef); i++)
if (type == oakley_authdef[i].type) {
res = oakley_authdef[i].doi;
break;
@@ -733,9 +727,8 @@ alg_oakley_authdef_doi(int type)
const char *
alg_oakley_authdef_name(int doi)
{
- int i;
- for (i = 0; i < ARRAYLEN(oakley_authdef); i++)
+ for (size_t i = 0; i < ARRAYLEN(oakley_authdef); i++)
if (doi == oakley_authdef[i].doi) {
return oakley_authdef[i].name;
}
Index: src/crypto/dist/ipsec-tools/src/racoon/isakmp_frag.c
diff -u src/crypto/dist/ipsec-tools/src/racoon/isakmp_frag.c:1.11 src/crypto/dist/ipsec-tools/src/racoon/isakmp_frag.c:1.12
--- src/crypto/dist/ipsec-tools/src/racoon/isakmp_frag.c:1.11 Fri Mar 7 10:55:29 2025
+++ src/crypto/dist/ipsec-tools/src/racoon/isakmp_frag.c Sat Mar 8 11:39:08 2025
@@ -1,4 +1,4 @@
-/* $NetBSD: isakmp_frag.c,v 1.11 2025/03/07 15:55:29 christos Exp $ */
+/* $NetBSD: isakmp_frag.c,v 1.12 2025/03/08 16:39:08 christos Exp $ */
/* Id: isakmp_frag.c,v 1.4 2004/11/13 17:31:36 manubsd Exp */
@@ -315,7 +315,7 @@ isakmp_frag_extract(struct ph1handle *ip
return 0;
out:
- plog(LLV_ERROR, LOCATION, NULL, m);
+ plog(LLV_ERROR, LOCATION, NULL, "%s", m);
racoon_free(item);
vfree(buf);
return -1;
Index: src/crypto/dist/ipsec-tools/src/racoon/localconf.c
diff -u src/crypto/dist/ipsec-tools/src/racoon/localconf.c:1.11 src/crypto/dist/ipsec-tools/src/racoon/localconf.c:1.12
--- src/crypto/dist/ipsec-tools/src/racoon/localconf.c:1.11 Fri Mar 7 10:55:29 2025
+++ src/crypto/dist/ipsec-tools/src/racoon/localconf.c Sat Mar 8 11:39:08 2025
@@ -1,4 +1,4 @@
-/* $NetBSD: localconf.c,v 1.11 2025/03/07 15:55:29 christos Exp $ */
+/* $NetBSD: localconf.c,v 1.12 2025/03/08 16:39:08 christos Exp $ */
/* $KAME: localconf.c,v 1.33 2001/08/09 07:32:19 sakane Exp $ */
@@ -80,7 +80,7 @@ initlcconf()
}
setdefault();
- lcconf->racoon_conf = LC_DEFAULT_CF;
+ lcconf->racoon_conf = __UNCONST(LC_DEFAULT_CF);
}
void
@@ -232,8 +232,8 @@ getpsk(const char *str, const int len)
continue;
/* search the end of 1st string. */
- for (p = buf; *p != '\0' && !isspace((int)*p); p++)
- ;
+ for (p = buf; *p != '\0' && !isspace((unsigned char)*p); p++)
+ continue;
if (*p == '\0')
continue; /* no 2nd parameter */
*p = '\0';
Index: src/crypto/dist/ipsec-tools/src/racoon/algorithm.h
diff -u src/crypto/dist/ipsec-tools/src/racoon/algorithm.h:1.7 src/crypto/dist/ipsec-tools/src/racoon/algorithm.h:1.8
--- src/crypto/dist/ipsec-tools/src/racoon/algorithm.h:1.7 Fri Mar 7 10:55:28 2025
+++ src/crypto/dist/ipsec-tools/src/racoon/algorithm.h Sat Mar 8 11:39:08 2025
@@ -1,4 +1,4 @@
-/* $NetBSD: algorithm.h,v 1.7 2025/03/07 15:55:28 christos Exp $ */
+/* $NetBSD: algorithm.h,v 1.8 2025/03/08 16:39:08 christos Exp $ */
/* Id: algorithm.h,v 1.10 2005/04/09 16:25:23 manubsd Exp */
@@ -128,7 +128,7 @@ enum algtype {
};
struct hmac_algorithm {
- char *name;
+ const char *name;
int type;
int doi;
caddr_t (*init)(vchar_t *);
@@ -139,7 +139,7 @@ struct hmac_algorithm {
};
struct hash_algorithm {
- char *name;
+ const char *name;
int type;
int doi;
caddr_t (*init)(void);
@@ -150,7 +150,7 @@ struct hash_algorithm {
};
struct enc_algorithm {
- char *name;
+ const char *name;
int type;
int doi;
int blocklen;
@@ -162,7 +162,7 @@ struct enc_algorithm {
/* dh group */
struct dh_algorithm {
- char *name;
+ const char *name;
int type;
int doi;
struct dhgroup *dhgroup;
@@ -170,7 +170,7 @@ struct dh_algorithm {
/* ipcomp, auth meth, dh group */
struct misc_algorithm {
- char *name;
+ const char *name;
int type;
int doi;
};
Index: src/crypto/dist/ipsec-tools/src/racoon/isakmp_cfg.h
diff -u src/crypto/dist/ipsec-tools/src/racoon/isakmp_cfg.h:1.7 src/crypto/dist/ipsec-tools/src/racoon/isakmp_cfg.h:1.8
--- src/crypto/dist/ipsec-tools/src/racoon/isakmp_cfg.h:1.7 Fri Mar 7 10:55:29 2025
+++ src/crypto/dist/ipsec-tools/src/racoon/isakmp_cfg.h Sat Mar 8 11:39:08 2025
@@ -1,4 +1,4 @@
-/* $NetBSD: isakmp_cfg.h,v 1.7 2025/03/07 15:55:29 christos Exp $ */
+/* $NetBSD: isakmp_cfg.h,v 1.8 2025/03/08 16:39:08 christos Exp $ */
/* $KAME$ */
@@ -196,8 +196,8 @@ void isakmp_cfg_rmstate(struct ph1handle
struct isakmp_cfg_state *isakmp_cfg_mkstate(void);
vchar_t *isakmp_cfg_copy(struct ph1handle *, struct isakmp_data *);
vchar_t *isakmp_cfg_short(struct ph1handle *, struct isakmp_data *, int);
-vchar_t *isakmp_cfg_varlen(struct ph1handle *, struct isakmp_data *, char *, size_t);
-vchar_t *isakmp_cfg_string(struct ph1handle *, struct isakmp_data *, char *);
+vchar_t *isakmp_cfg_varlen(struct ph1handle *, struct isakmp_data *, const char *, size_t);
+vchar_t *isakmp_cfg_string(struct ph1handle *, struct isakmp_data *, const char *);
int isakmp_cfg_getconfig(struct ph1handle *);
int isakmp_cfg_setenv(struct ph1handle *, char ***, int *);
Index: src/crypto/dist/ipsec-tools/src/racoon/misc.c
diff -u src/crypto/dist/ipsec-tools/src/racoon/misc.c:1.7 src/crypto/dist/ipsec-tools/src/racoon/misc.c:1.8
--- src/crypto/dist/ipsec-tools/src/racoon/misc.c:1.7 Sat May 19 16:40:40 2018
+++ src/crypto/dist/ipsec-tools/src/racoon/misc.c Sat Mar 8 11:39:08 2025
@@ -1,4 +1,4 @@
-/* $NetBSD: misc.c,v 1.7 2018/05/19 20:40:40 maxv Exp $ */
+/* $NetBSD: misc.c,v 1.8 2025/03/08 16:39:08 christos Exp $ */
/* $KAME: misc.c,v 1.23 2001/08/16 14:37:29 itojun Exp $ */
@@ -68,7 +68,7 @@ racoon_hexdump(void *buf0, size_t len)
return 0;
}
-char *
+const char *
bit2str(int n, int bl)
{
#define MAXBITLEN 128
Index: src/crypto/dist/ipsec-tools/src/racoon/misc.h
diff -u src/crypto/dist/ipsec-tools/src/racoon/misc.h:1.7 src/crypto/dist/ipsec-tools/src/racoon/misc.h:1.8
--- src/crypto/dist/ipsec-tools/src/racoon/misc.h:1.7 Fri Mar 7 10:55:29 2025
+++ src/crypto/dist/ipsec-tools/src/racoon/misc.h Sat Mar 8 11:39:08 2025
@@ -1,4 +1,4 @@
-/* $NetBSD: misc.h,v 1.7 2025/03/07 15:55:29 christos Exp $ */
+/* $NetBSD: misc.h,v 1.8 2025/03/08 16:39:08 christos Exp $ */
/* Id: misc.h,v 1.9 2006/04/06 14:00:06 manubsd Exp */
@@ -43,7 +43,7 @@
#endif
extern int racoon_hexdump(void *, size_t);
-extern char *bit2str(int, int);
+extern const char *bit2str(int, int);
extern void *get_newbuf(void *, size_t);
extern const char *debug_location(const char *, int, const char *);
extern int getfsize(char *);
Index: src/crypto/dist/ipsec-tools/src/racoon/plainrsa-gen.c
diff -u src/crypto/dist/ipsec-tools/src/racoon/plainrsa-gen.c:1.7 src/crypto/dist/ipsec-tools/src/racoon/plainrsa-gen.c:1.8
--- src/crypto/dist/ipsec-tools/src/racoon/plainrsa-gen.c:1.7 Sun Jan 23 09:35:45 2022
+++ src/crypto/dist/ipsec-tools/src/racoon/plainrsa-gen.c Sat Mar 8 11:39:08 2025
@@ -1,4 +1,4 @@
-/* $NetBSD: plainrsa-gen.c,v 1.7 2022/01/23 14:35:45 christos Exp $ */
+/* $NetBSD: plainrsa-gen.c,v 1.8 2025/03/08 16:39:08 christos Exp $ */
/* Id: plainrsa-gen.c,v 1.6 2005/04/21 09:08:40 monas Exp */
/*
@@ -65,8 +65,8 @@
#define DEFAULT_PUBEXP RSA_F4
-void
-usage (char *argv0)
+static void
+usage(char *argv0)
{
fprintf(stderr, "Plain RSA key generator, part of %s\n", TOP_PACKAGE_STRING);
fprintf(stderr, "By Michal Ludvig (http://www.logix.cz/michal)\n");
@@ -74,7 +74,7 @@ usage (char *argv0)
fprintf(stderr, "Usage: %s [options]\n", argv0);
fprintf(stderr, "\n");
fprintf(stderr, " -b bits Generate <bits> long RSA key (default=1024)\n");
- fprintf(stderr, " -e pubexp Public exponent to use (default=%#x)\n", DEFAULT_PUBEXP);
+ fprintf(stderr, " -e pubexp Public exponent to use (default=%#lx)\n", DEFAULT_PUBEXP);
fprintf(stderr, " -f filename Filename to store the key to (default=stdout)\n");
fprintf(stderr, " -i filename Input source for format conversion\n");
fprintf(stderr, " -h Help\n");
@@ -86,12 +86,11 @@ usage (char *argv0)
/*
* See RFC 2065, section 3.5 for details about the output format.
*/
-vchar_t *
+static vchar_t *
mix_b64_pubkey(const RSA *key)
{
char *binbuf;
long binlen, ret;
- vchar_t *res;
binlen = 1 + BN_num_bytes(RSA_get0_e(key)) + BN_num_bytes(RSA_get0_n(key));
binbuf = malloc(binlen);
@@ -107,20 +106,18 @@ mix_b64_pubkey(const RSA *key)
return base64_encode(binbuf, binlen);
}
-char *
+static char *
lowercase(char *input)
{
- char *ptr = input;
- while (*ptr) {
+ for (char *ptr = input; *ptr; ptr++) {
if (*ptr >= 'A' && *ptr <= 'F')
*ptr -= 'A' - 'a';
- *ptr++;
}
return input;
}
-int
+static int
print_rsa_key(FILE *fp, const RSA *key)
{
vchar_t *pubkey64 = NULL;
@@ -149,7 +146,7 @@ print_rsa_key(FILE *fp, const RSA *key)
return 0;
}
-int
+static int
print_public_rsa_key(FILE *fp, const RSA *key)
{
vchar_t *pubkey64 = NULL;
@@ -166,11 +163,11 @@ print_public_rsa_key(FILE *fp, const RSA
return 0;
}
-int
+static int
convert_rsa_key(FILE *fpout, FILE *fpin)
{
int ret;
- RSA *key = NULL;
+ RSA *key;
key = PEM_read_RSAPrivateKey(fpin, NULL, NULL, NULL);
if (key) {
@@ -201,7 +198,7 @@ convert_rsa_key(FILE *fpout, FILE *fpin)
return -1;
}
-int
+static int
gen_rsa_key(FILE *fp, size_t bits, unsigned long exp)
{
int ret;
@@ -229,7 +226,6 @@ main (int argc, char *argv[])
FILE *fp = stdout, *fpin = NULL;
size_t bits = 1024;
unsigned int pubexp = DEFAULT_PUBEXP;
- struct stat st;
extern char *optarg;
extern int optind;
int c, fd = -1, fdin = -1;
Index: src/crypto/dist/ipsec-tools/src/racoon/backupsa.c
diff -u src/crypto/dist/ipsec-tools/src/racoon/backupsa.c:1.12 src/crypto/dist/ipsec-tools/src/racoon/backupsa.c:1.13
--- src/crypto/dist/ipsec-tools/src/racoon/backupsa.c:1.12 Fri Mar 7 10:55:28 2025
+++ src/crypto/dist/ipsec-tools/src/racoon/backupsa.c Sat Mar 8 11:39:08 2025
@@ -1,4 +1,4 @@
-/* $NetBSD: backupsa.c,v 1.12 2025/03/07 15:55:28 christos Exp $ */
+/* $NetBSD: backupsa.c,v 1.13 2025/03/08 16:39:08 christos Exp $ */
/* $KAME: backupsa.c,v 1.16 2001/12/31 20:13:40 thorpej Exp $ */
@@ -77,8 +77,8 @@
* e_type e_keylen a_type a_keylen flags \
* l_alloc l_bytes l_addtime l_usetime seq keymat
*/
-static char *format = "%b %d %T %Y"; /* time format */
-static char *strmon[12] = {
+#define FORMAT "%b %d %T %Y" /* time format */
+static const char *strmon[12] = {
"Jan", "Feb", "Mar", "Apr", "May", "Jun",
"Jul", "Aug", "Sep", "Oct", "Nov", "Dec"
};
@@ -104,7 +104,7 @@ backupsa_to_file(struct pfkey_send_sa_ar
t = time(NULL);
tm = localtime(&t);
- l = strftime(p, len, format, tm);
+ l = strftime(p, len, FORMAT, tm);
p += l;
len -= l;
if (len < 0)
@@ -193,7 +193,7 @@ err:
}
int
-backupsa_from_file()
+backupsa_from_file(void)
{
FILE *fp;
char buf[512];
@@ -334,7 +334,7 @@ next:
}
int
-backupsa_clean()
+backupsa_clean(void)
{
FILE *fp;
@@ -356,12 +356,12 @@ backupsa_clean()
/*
* convert fixed string into the tm structure.
* The fixed string is like 'Nov 24 18:22:48 1986'.
- * static char *format = "%b %d %T %Y";
*/
static char *
str2tmx(char *p, struct tm *tm)
{
- int i, len;
+ int len;
+ size_t i;
/* Month */
for (i = 0; i < sizeof(strmon)/sizeof(strmon[0]); i++) {
Index: src/crypto/dist/ipsec-tools/src/racoon/strnames.c
diff -u src/crypto/dist/ipsec-tools/src/racoon/strnames.c:1.12 src/crypto/dist/ipsec-tools/src/racoon/strnames.c:1.13
--- src/crypto/dist/ipsec-tools/src/racoon/strnames.c:1.12 Fri Mar 7 10:55:30 2025
+++ src/crypto/dist/ipsec-tools/src/racoon/strnames.c Sat Mar 8 11:39:08 2025
@@ -1,4 +1,4 @@
-/* $NetBSD: strnames.c,v 1.12 2025/03/07 15:55:30 christos Exp $ */
+/* $NetBSD: strnames.c,v 1.13 2025/03/08 16:39:08 christos Exp $ */
/* $KAME: strnames.c,v 1.25 2003/11/13 10:53:26 itojun Exp $ */
@@ -68,11 +68,11 @@
struct ksmap {
int key;
- char *str;
- char *(*f)(int);
+ const char *str;
+ const char *(*f)(int);
};
-char *
+const char *
num2str(int n)
{
static char buf[20];
@@ -83,7 +83,7 @@ num2str(int n)
}
/* isakmp.h */
-char *
+const char *
s_isakmp_state(int t, int d, int s)
{
switch (t) {
@@ -211,7 +211,7 @@ static struct ksmap name_isakmp_certtype
{ ISAKMP_CERT_X509ATTR, "X.509 Certificate Attribute", NULL },
};
-char *
+const char *
s_isakmp_certtype(int k)
{
int i;
@@ -234,7 +234,7 @@ static struct ksmap name_isakmp_etype[]
{ ISAKMP_ETYPE_ACKINFO, "Acknowledged Informational", NULL },
};
-char *
+const char *
s_isakmp_etype(int k)
{
int i;
@@ -287,7 +287,7 @@ static struct ksmap name_isakmp_notify_m
{ ISAKMP_LOG_RETRY_LIMIT_REACHED, "RETRY-LIMIT-REACHED", NULL },
};
-char *
+const char *
s_isakmp_notify_msg(int k)
{
int i;
@@ -322,7 +322,7 @@ static struct ksmap name_isakmp_nptype[]
{ ISAKMP_NPTYPE_FRAG, "ike frag", NULL },
};
-char *
+const char *
s_isakmp_nptype(int k)
{
int i;
@@ -373,7 +373,7 @@ static struct ksmap name_isakmp_cfg_type
{ UNITY_DDNS_HOSTNAME, "UNITY_DDNS_HOSTNAME", NULL },
};
-char *
+const char *
s_isakmp_cfg_type(int k)
{
int i;
@@ -391,7 +391,7 @@ static struct ksmap name_isakmp_cfg_ptyp
{ ISAKMP_CFG_REPLY, "mode config REPLY", NULL },
};
-char *
+const char *
s_isakmp_cfg_ptype(int k)
{
int i;
@@ -411,7 +411,7 @@ static struct ksmap name_ipsecdoi_proto[
{ IPSECDOI_PROTO_IPCOMP, "IPCOMP", s_ipsecdoi_trns_ipcomp },
};
-char *
+const char *
s_ipsecdoi_proto(int k)
{
int i;
@@ -425,7 +425,7 @@ static struct ksmap name_ipsecdoi_trns_i
{ IPSECDOI_KEY_IKE, "IKE", NULL },
};
-char *
+const char *
s_ipsecdoi_trns_isakmp(int k)
{
int i;
@@ -444,7 +444,7 @@ static struct ksmap name_ipsecdoi_trns_a
{ IPSECDOI_AH_SHA512, "SHA512", NULL },
};
-char *
+const char *
s_ipsecdoi_trns_ah(int k)
{
int i;
@@ -472,7 +472,7 @@ static struct ksmap name_ipsecdoi_trns_e
{ IPSECDOI_ESP_CAMELLIA, "CAMELLIA", NULL },
};
-char *
+const char *
s_ipsecdoi_trns_esp(int k)
{
int i;
@@ -488,7 +488,7 @@ static struct ksmap name_ipsecdoi_trns_i
{ IPSECDOI_IPCOMP_LZS, "LZS", NULL},
};
-char *
+const char *
s_ipsecdoi_trns_ipcomp(int k)
{
int i;
@@ -498,7 +498,7 @@ s_ipsecdoi_trns_ipcomp(int k)
return num2str(k);
}
-char *
+const char *
s_ipsecdoi_trns(int proto, int trns)
{
int i;
@@ -521,7 +521,7 @@ static struct ksmap name_attr_ipsec[] =
{ IPSECDOI_ATTR_COMP_PRIVALG, "Compression Private Algorithm", NULL },
};
-char *
+const char *
s_ipsecdoi_attr(int k)
{
int i;
@@ -536,7 +536,7 @@ static struct ksmap name_attr_ipsec_ltyp
{ IPSECDOI_ATTR_SA_LD_TYPE_KB, "kilobytes", NULL },
};
-char *
+const char *
s_ipsecdoi_ltype(int k)
{
int i;
@@ -556,7 +556,7 @@ static struct ksmap name_attr_ipsec_encm
{ IPSECDOI_ATTR_ENC_MODE_UDPTRNS_DRAFT, "UDP-Transport", NULL },
};
-char *
+const char *
s_ipsecdoi_encmode(int k)
{
int i;
@@ -577,7 +577,7 @@ static struct ksmap name_attr_ipsec_auth
{ IPSECDOI_ATTR_AUTH_NONE, "non_auth", NULL },
};
-char *
+const char *
s_ipsecdoi_auth(int k)
{
int i;
@@ -587,7 +587,7 @@ s_ipsecdoi_auth(int k)
return num2str(k);
}
-char *
+const char *
s_ipsecdoi_attr_v(int type, int val)
{
int i;
@@ -612,7 +612,7 @@ static struct ksmap name_ipsecdoi_ident[
{ IPSECDOI_ID_KEY_ID, "KEY_ID", NULL },
};
-char *
+const char *
s_ipsecdoi_ident(int k)
{
int i;
@@ -644,7 +644,7 @@ static struct ksmap name_oakley_attr[] =
{ OAKLEY_ATTR_GSS_ID, "GSS-API endpoint name",NULL },
};
-char *
+const char *
s_oakley_attr(int k)
{
int i;
@@ -664,7 +664,7 @@ static struct ksmap name_attr_isakmp_enc
{ OAKLEY_ATTR_ENC_ALG_AES, "AES-CBC", NULL },
};
-char *
+const char *
s_attr_isakmp_enc(int k)
{
int i;
@@ -683,7 +683,7 @@ static struct ksmap name_attr_isakmp_has
{ OAKLEY_ATTR_HASH_ALG_SHA2_512,"SHA512", NULL },
};
-char *
+const char *
s_attr_isakmp_hash(int k)
{
int i;
@@ -716,7 +716,7 @@ static struct ksmap name_attr_isakmp_met
#endif
};
-char *
+const char *
s_oakley_attr_method(int k)
{
int i;
@@ -739,7 +739,7 @@ static struct ksmap name_attr_isakmp_des
{ OAKLEY_ATTR_GRP_DESC_MODP8192, "8192-bit MODP group", NULL },
};
-char *
+const char *
s_attr_isakmp_desc(int k)
{
int i;
@@ -755,7 +755,7 @@ static struct ksmap name_attr_isakmp_gro
{ OAKLEY_ATTR_GRP_TYPE_EC2N, "EC2N", NULL },
};
-char *
+const char *
s_attr_isakmp_group(int k)
{
int i;
@@ -770,7 +770,7 @@ static struct ksmap name_attr_isakmp_lty
{ OAKLEY_ATTR_SA_LD_TYPE_KB, "kilobytes", NULL },
};
-char *
+const char *
s_attr_isakmp_ltype(int k)
{
int i;
@@ -780,7 +780,7 @@ s_attr_isakmp_ltype(int k)
return num2str(k);
}
-char *
+const char *
s_oakley_attr_v(int type, int val)
{
int i;
@@ -797,7 +797,7 @@ static struct ksmap name_ipsec_level[] =
{ IPSEC_LEVEL_UNIQUE, "unique", NULL },
};
-char *
+const char *
s_ipsec_level(int k)
{
int i;
@@ -817,7 +817,7 @@ static struct ksmap name_algclass[] = {
{ algclass_isakmp_ameth, "isakmp auth method", s_oakley_attr_method },
};
-char *
+const char *
s_algclass(int k)
{
int i;
@@ -827,7 +827,7 @@ s_algclass(int k)
return num2str(k);
}
-char *
+const char *
s_algtype(int class, int n)
{
int i;
@@ -870,7 +870,7 @@ static struct ksmap name_pfkey_type[] =
#endif
};
-char *
+const char *
s_pfkey_type(int k)
{
int i;
@@ -891,7 +891,7 @@ static struct ksmap name_pfkey_satype[]
{ SADB_X_SATYPE_IPCOMP, "IPCOMP", NULL },
};
-char *
+const char *
s_pfkey_satype(int k)
{
int i;
@@ -909,7 +909,7 @@ static struct ksmap name_direction[] = {
#endif
};
-char *
+const char *
s_direction(int k)
{
int i;
@@ -919,7 +919,7 @@ s_direction(int k)
return num2str(k);
}
-char *
+const char *
s_proto(int k)
{
switch (k) {
@@ -938,7 +938,7 @@ s_proto(int k)
return num2str(k);
}
-char *
+const char *
s_doi(int k)
{
switch (k) {
@@ -949,8 +949,8 @@ s_doi(int k)
}
}
-char *
-s_etype (int k)
+const char *
+s_etype(int k)
{
switch (k) {
case ISAKMP_ETYPE_NONE:
@@ -976,8 +976,8 @@ s_etype (int k)
}
}
-char *
-s_idtype (int k)
+const char *
+s_idtype(int k)
{
switch (k) {
case IDTYPE_FQDN:
@@ -995,8 +995,8 @@ s_idtype (int k)
}
}
-char *
-s_switch (int k)
+const char *
+s_switch(int k)
{
switch (k) {
case FALSE:
Index: src/crypto/dist/ipsec-tools/src/racoon/cfparse.y
diff -u src/crypto/dist/ipsec-tools/src/racoon/cfparse.y:1.54 src/crypto/dist/ipsec-tools/src/racoon/cfparse.y:1.55
--- src/crypto/dist/ipsec-tools/src/racoon/cfparse.y:1.54 Fri Mar 7 10:55:28 2025
+++ src/crypto/dist/ipsec-tools/src/racoon/cfparse.y Sat Mar 8 11:39:08 2025
@@ -1,4 +1,4 @@
-/* $NetBSD: cfparse.y,v 1.54 2025/03/07 15:55:28 christos Exp $ */
+/* $NetBSD: cfparse.y,v 1.55 2025/03/08 16:39:08 christos Exp $ */
/* Id: cfparse.y,v 1.66 2006/08/22 18:17:17 manubsd Exp */
@@ -244,11 +244,21 @@ static int process_rmconf(void)
}
/* some frequently used warning texts */
+#ifndef ENABLE_HYBRID
static const char error_message_hybrid_config_not_configured[] = "racoon not configured with --enable-hybrid\n";
+#endif
+#ifndef HAVE_LIBLDAP
static const char error_message_ldap_config_not_configured[] = "racoon not configured with --with-libldap\n";
+#endif
+#ifndef ENABLE_ADMINPORT
static const char error_message_admin_port_not_compiled_in[] = "admin port support not compiled in\n";
+#endif
+#ifndef ENABLE_NATT
static const char error_message_natt_not_compiled_in[] = "NAT-T support not compiled in\n";
+#endif
+#ifndef ENABLE_DPD
static const char error_message_dpd_not_compiled_in[] = "DPD support not compiled in\n";
+#endif
/* macros for aborting the parsing with freeing up allocated memory */
#define ABORT_CLEANUP {delrmconf(cur_rmconf); delsainfo(cur_sainfo); YYABORT;}
@@ -1546,7 +1556,7 @@ sainfo_id
return -1;
}
$$ = ipsecdoi_sockaddr2id(saddr,
- $3 == ~0 ? (sizeof(struct in_addr) << 3): $3,
+ $3 == ~0u ? (sizeof(struct in_addr) << 3): $3,
$5);
break;
#ifdef INET6
@@ -1557,7 +1567,7 @@ sainfo_id
return -1;
}
$$ = ipsecdoi_sockaddr2id(saddr,
- $3 == ~0 ? (sizeof(struct in6_addr) << 3): $3,
+ $3 == ~0u ? (sizeof(struct in6_addr) << 3): $3,
$5);
break;
#endif
@@ -2429,7 +2439,7 @@ dh_group_num
: ALGORITHMTYPE
{
$$ = algtype2doi(algclass_isakmp_dh, $1);
- if ($$ == -1) {
+ if ($$ == (unsigned)-1) {
yyerror("must be DH group\n");
ABORT();
}
@@ -2605,7 +2615,7 @@ unittype_byte
%%
static struct secprotospec *
-newspspec()
+newspspec(void)
{
struct secprotospec *new;
@@ -2631,9 +2641,7 @@ newspspec()
* insert into head of list.
*/
static void
-insspspec(rmconf, spspec)
- struct remoteconf *rmconf;
- struct secprotospec *spspec;
+insspspec(struct remoteconf *rmconf, struct secprotospec *spspec)
{
if (rmconf->spspec != NULL)
rmconf->spspec->prev = spspec;
@@ -2675,8 +2683,7 @@ dupspspec(struct secprotospec *spspec)
* copy the whole list
*/
void
-dupspspec_list(dst, src)
- struct remoteconf *dst, *src;
+dupspspec_list(struct remoteconf *dst, struct remoteconf *src)
{
struct secprotospec *p, *new, *last;
@@ -2700,8 +2707,7 @@ dupspspec_list(dst, src)
* delete the whole list
*/
void
-flushspspec(rmconf)
- struct remoteconf *rmconf;
+flushspspec(struct remoteconf *rmconf)
{
struct secprotospec *p;
@@ -2722,8 +2728,7 @@ flushspspec(rmconf)
/* set final acceptable proposal */
static int
-set_isakmp_proposal(rmconf)
- struct remoteconf *rmconf;
+set_isakmp_proposal(struct remoteconf *rmconf)
{
struct secprotospec *s;
int prop_no = 1;
@@ -2804,7 +2809,7 @@ set_isakmp_proposal(rmconf)
}
static void
-clean_tmpalgtype()
+clean_tmpalgtype(void)
{
int i;
for (i = 0; i < MAXALGCLASS; i++)
@@ -2812,17 +2817,9 @@ clean_tmpalgtype()
}
static int
-expand_isakmpspec(prop_no, trns_no, types,
- class, last, lifetime, lifebyte, encklen, vendorid, gssid,
- rmconf)
- int prop_no, trns_no;
- int *types, class, last;
- time_t lifetime;
- int lifebyte;
- int encklen;
- int vendorid;
- char *gssid;
- struct remoteconf *rmconf;
+expand_isakmpspec(int prop_no, int trns_no, int *types, int class, int last,
+ time_t lifetime, int lifebyte, int encklen, int vendorid, char *gssid,
+ struct remoteconf *rmconf)
{
struct isakmpsa *new;
@@ -2909,8 +2906,7 @@ expand_isakmpspec(prop_no, trns_no, type
* That is defined RFC2407.
*/
static int
-fix_lifebyte(t)
- unsigned long t;
+fix_lifebyte(unsigned long t)
{
if (t < 1024) {
yyerror("byte size should be more than 1024B.");
@@ -2922,7 +2918,7 @@ fix_lifebyte(t)
#endif
int
-cfparse()
+cfparse(void)
{
int error;
@@ -2964,7 +2960,7 @@ cfparse()
}
int
-cfreparse()
+cfreparse(void)
{
flushph2();
flushph1();
@@ -2976,11 +2972,7 @@ cfreparse()
#ifdef ENABLE_ADMINPORT
static void
-adminsock_conf(path, owner, group, mode_dec)
- vchar_t *path;
- vchar_t *owner;
- vchar_t *group;
- int mode_dec;
+adminsock_conf(vchar_t *path, vchar_t *owner, vchar_t *group, int mode_dec)
{
struct passwd *pw = NULL;
struct group *gr = NULL;
Index: src/crypto/dist/ipsec-tools/src/racoon/cftoken.l
diff -u src/crypto/dist/ipsec-tools/src/racoon/cftoken.l:1.29 src/crypto/dist/ipsec-tools/src/racoon/cftoken.l:1.30
--- src/crypto/dist/ipsec-tools/src/racoon/cftoken.l:1.29 Wed Nov 25 13:11:00 2020
+++ src/crypto/dist/ipsec-tools/src/racoon/cftoken.l Sat Mar 8 11:39:08 2025
@@ -1,4 +1,4 @@
-/* $NetBSD: cftoken.l,v 1.29 2020/11/25 18:11:00 bouyer Exp $ */
+/* $NetBSD: cftoken.l,v 1.30 2025/03/08 16:39:08 christos Exp $ */
/* Id: cftoken.l,v 1.53 2006/08/22 18:17:17 manubsd Exp */
@@ -99,7 +99,7 @@ static struct include_stack {
YY_BUFFER_STATE prevstate;
int lineno;
glob_t matches;
- int matchon;
+ size_t matchon;
} incstack[MAX_INCLUDE_DEPTH];
static int incstackp = 0;
@@ -718,8 +718,7 @@ yywarn(const char *s, ...)
}
int
-yycf_switch_buffer(path)
- char *path;
+yycf_switch_buffer(char *path)
{
char *filepath = NULL;
@@ -760,8 +759,7 @@ yycf_switch_buffer(path)
}
int
-yycf_set_buffer(path)
- char *path;
+yycf_set_buffer(char *path)
{
yyin = fopen(path, "r");
if (yyin == NULL) {
@@ -787,7 +785,7 @@ yycf_set_buffer(path)
}
void
-yycf_init_buffer()
+yycf_init_buffer(void)
{
int i;
@@ -797,7 +795,7 @@ yycf_init_buffer()
}
void
-yycf_clean_buffer()
+yycf_clean_buffer(void)
{
int i;
Index: src/crypto/dist/ipsec-tools/src/racoon/oakley.c
diff -u src/crypto/dist/ipsec-tools/src/racoon/oakley.c:1.29 src/crypto/dist/ipsec-tools/src/racoon/oakley.c:1.30
--- src/crypto/dist/ipsec-tools/src/racoon/oakley.c:1.29 Fri Mar 7 10:55:29 2025
+++ src/crypto/dist/ipsec-tools/src/racoon/oakley.c Sat Mar 8 11:39:08 2025
@@ -1,4 +1,4 @@
-/* $NetBSD: oakley.c,v 1.29 2025/03/07 15:55:29 christos Exp $ */
+/* $NetBSD: oakley.c,v 1.30 2025/03/08 16:39:08 christos Exp $ */
/* Id: oakley.c,v 1.32 2006/05/26 12:19:46 manubsd Exp */
@@ -1322,6 +1322,7 @@ oakley_validate_auth(struct ph1handle *i
case OAKLEY_ATTR_AUTH_METHOD_XAUTH_DSSSIG_I:
case OAKLEY_ATTR_AUTH_METHOD_XAUTH_DSSSIG_R:
no_verify_needed = 0;
+ __attribute__((__fallthrough__));
/*FALLTHROUGH*/
#endif
case OAKLEY_ATTR_AUTH_METHOD_DSSSIG:
Index: src/crypto/dist/ipsec-tools/src/racoon/crypto_openssl.c
diff -u src/crypto/dist/ipsec-tools/src/racoon/crypto_openssl.c:1.30 src/crypto/dist/ipsec-tools/src/racoon/crypto_openssl.c:1.31
--- src/crypto/dist/ipsec-tools/src/racoon/crypto_openssl.c:1.30 Fri Mar 7 10:55:28 2025
+++ src/crypto/dist/ipsec-tools/src/racoon/crypto_openssl.c Sat Mar 8 11:39:08 2025
@@ -1,4 +1,4 @@
-/* $NetBSD: crypto_openssl.c,v 1.30 2025/03/07 15:55:28 christos Exp $ */
+/* $NetBSD: crypto_openssl.c,v 1.31 2025/03/08 16:39:08 christos Exp $ */
/* Id: crypto_openssl.c,v 1.47 2006/05/06 20:42:09 manubsd Exp */
@@ -2400,7 +2400,7 @@ base64_encode(char *in, long inlen)
bio = BIO_push(b64, bio);
BIO_write(bio, in, inlen);
- BIO_flush(bio);
+ (void)BIO_flush(bio);
plen = BIO_get_mem_data(bio, &ptr);
res = vmalloc(plen+1);
@@ -2420,7 +2420,7 @@ out:
static RSA *
binbuf_pubkey2rsa(vchar_t *binbuf)
{
- BIGNUM *exp, *mod;
+ BIGNUM *exp = NULL, *mod;
RSA *rsa_pub = NULL;
if (binbuf->v[0] > binbuf->l - 1) {
Index: src/crypto/dist/ipsec-tools/src/racoon/isakmp_cfg.c
diff -u src/crypto/dist/ipsec-tools/src/racoon/isakmp_cfg.c:1.30 src/crypto/dist/ipsec-tools/src/racoon/isakmp_cfg.c:1.31
--- src/crypto/dist/ipsec-tools/src/racoon/isakmp_cfg.c:1.30 Fri Mar 7 10:55:29 2025
+++ src/crypto/dist/ipsec-tools/src/racoon/isakmp_cfg.c Sat Mar 8 11:39:08 2025
@@ -1,4 +1,4 @@
-/* $NetBSD: isakmp_cfg.c,v 1.30 2025/03/07 15:55:29 christos Exp $ */
+/* $NetBSD: isakmp_cfg.c,v 1.31 2025/03/08 16:39:08 christos Exp $ */
/* Id: isakmp_cfg.c,v 1.55 2006/08/22 18:17:17 manubsd Exp */
@@ -962,7 +962,7 @@ isakmp_cfg_short(struct ph1handle *iph1
/*ARGSUSED*/
vchar_t *
isakmp_cfg_varlen(struct ph1handle *iph1 __unused, struct isakmp_data *attr,
- char *string, size_t len)
+ const char *string, size_t len)
{
vchar_t *buffer;
struct isakmp_data *new;
@@ -989,7 +989,7 @@ isakmp_cfg_varlen(struct ph1handle *iph1
vchar_t *
isakmp_cfg_string(struct ph1handle *iph1, struct isakmp_data *attr,
- char *string)
+ const char *string)
{
size_t len = strlen(string);
return isakmp_cfg_varlen(iph1, attr, string, len);
@@ -1771,7 +1771,7 @@ isakmp_cfg_iplist_to_str(char *dest, int
else
l = sizeof(struct in_addr);
memcpy(&tmp, addr, l);
- addr += l;
+ addr = (char *)addr + l;
if((uint32_t)tmp.addr4.s_addr == 0)
break;
@@ -2013,7 +2013,7 @@ isakmp_cfg_resize_pool(int size)
if (isakmp_cfg_config.port_pool[i].used) {
plog(LLV_ERROR, LOCATION, NULL,
"resize pool from %zu to %d impossible "
- "port %d is in use\n",
+ "port %zu is in use\n",
isakmp_cfg_config.pool_size, size, i);
size = i;
break;
Index: src/crypto/dist/ipsec-tools/src/racoon/getcertsbyname.c
diff -u src/crypto/dist/ipsec-tools/src/racoon/getcertsbyname.c:1.5 src/crypto/dist/ipsec-tools/src/racoon/getcertsbyname.c:1.6
--- src/crypto/dist/ipsec-tools/src/racoon/getcertsbyname.c:1.5 Fri Mar 7 10:55:29 2025
+++ src/crypto/dist/ipsec-tools/src/racoon/getcertsbyname.c Sat Mar 8 11:39:08 2025
@@ -1,4 +1,4 @@
-/* $NetBSD: getcertsbyname.c,v 1.5 2025/03/07 15:55:29 christos Exp $ */
+/* $NetBSD: getcertsbyname.c,v 1.6 2025/03/08 16:39:08 christos Exp $ */
/* $KAME: getcertsbyname.c,v 1.7 2001/11/16 04:12:59 sakane Exp $ */
@@ -265,6 +265,7 @@ getcertsbyname(char *name, struct certin
cp += len;
GETSHORT(qtype, cp); /* QTYPE */
GETSHORT(qclass, cp); /* QCLASS */
+ (void)qclass;
/* answer section */
while (ancount-- && cp < eom) {
Index: src/crypto/dist/ipsec-tools/src/racoon/strnames.h
diff -u src/crypto/dist/ipsec-tools/src/racoon/strnames.h:1.5 src/crypto/dist/ipsec-tools/src/racoon/strnames.h:1.6
--- src/crypto/dist/ipsec-tools/src/racoon/strnames.h:1.5 Fri Mar 7 10:55:30 2025
+++ src/crypto/dist/ipsec-tools/src/racoon/strnames.h Sat Mar 8 11:39:08 2025
@@ -1,4 +1,4 @@
-/* $NetBSD: strnames.h,v 1.5 2025/03/07 15:55:30 christos Exp $ */
+/* $NetBSD: strnames.h,v 1.6 2025/03/08 16:39:08 christos Exp $ */
/* Id: strnames.h,v 1.7 2005/04/18 10:04:26 manubsd Exp */
@@ -34,47 +34,47 @@
#ifndef _STRNAMES_H
#define _STRNAMES_H
-extern char *num2str(int n);
+extern const char *num2str(int n);
-extern char *s_isakmp_state(int, int, int);
-extern char *s_isakmp_certtype(int);
-extern char *s_isakmp_etype(int);
-extern char *s_isakmp_notify_msg(int);
-extern char *s_isakmp_nptype(int);
-extern char *s_ipsecdoi_proto(int);
-extern char *s_ipsecdoi_trns_isakmp(int);
-extern char *s_ipsecdoi_trns_ah(int);
-extern char *s_ipsecdoi_trns_esp(int);
-extern char *s_ipsecdoi_trns_ipcomp(int);
-extern char *s_ipsecdoi_trns(int, int);
-extern char *s_ipsecdoi_attr(int);
-extern char *s_ipsecdoi_ltype(int);
-extern char *s_ipsecdoi_encmode(int);
-extern char *s_ipsecdoi_auth(int);
-extern char *s_ipsecdoi_attr_v(int, int);
-extern char *s_ipsecdoi_ident(int);
-extern char *s_oakley_attr(int);
-extern char *s_attr_isakmp_enc(int);
-extern char *s_attr_isakmp_hash(int);
-extern char *s_oakley_attr_method(int);
-extern char *s_attr_isakmp_desc(int);
-extern char *s_attr_isakmp_group(int);
-extern char *s_attr_isakmp_ltype(int);
-extern char *s_oakley_attr_v(int, int);
-extern char *s_ipsec_level(int);
-extern char *s_algclass(int);
-extern char *s_algtype(int, int);
-extern char *s_pfkey_type(int);
-extern char *s_pfkey_satype(int);
-extern char *s_direction(int);
-extern char *s_proto(int);
-extern char *s_doi(int);
-extern char *s_etype(int);
-extern char *s_idtype(int);
-extern char *s_switch(int);
+extern const char *s_isakmp_state(int, int, int);
+extern const char *s_isakmp_certtype(int);
+extern const char *s_isakmp_etype(int);
+extern const char *s_isakmp_notify_msg(int);
+extern const char *s_isakmp_nptype(int);
+extern const char *s_ipsecdoi_proto(int);
+extern const char *s_ipsecdoi_trns_isakmp(int);
+extern const char *s_ipsecdoi_trns_ah(int);
+extern const char *s_ipsecdoi_trns_esp(int);
+extern const char *s_ipsecdoi_trns_ipcomp(int);
+extern const char *s_ipsecdoi_trns(int, int);
+extern const char *s_ipsecdoi_attr(int);
+extern const char *s_ipsecdoi_ltype(int);
+extern const char *s_ipsecdoi_encmode(int);
+extern const char *s_ipsecdoi_auth(int);
+extern const char *s_ipsecdoi_attr_v(int, int);
+extern const char *s_ipsecdoi_ident(int);
+extern const char *s_oakley_attr(int);
+extern const char *s_attr_isakmp_enc(int);
+extern const char *s_attr_isakmp_hash(int);
+extern const char *s_oakley_attr_method(int);
+extern const char *s_attr_isakmp_desc(int);
+extern const char *s_attr_isakmp_group(int);
+extern const char *s_attr_isakmp_ltype(int);
+extern const char *s_oakley_attr_v(int, int);
+extern const char *s_ipsec_level(int);
+extern const char *s_algclass(int);
+extern const char *s_algtype(int, int);
+extern const char *s_pfkey_type(int);
+extern const char *s_pfkey_satype(int);
+extern const char *s_direction(int);
+extern const char *s_proto(int);
+extern const char *s_doi(int);
+extern const char *s_etype(int);
+extern const char *s_idtype(int);
+extern const char *s_switch(int);
#ifdef ENABLE_HYBRID
-extern char *s_isakmp_cfg_type(int);
-extern char *s_isakmp_cfg_ptype(int);
+extern const char *s_isakmp_cfg_type(int);
+extern const char *s_isakmp_cfg_ptype(int);
#endif
#endif /* _STRNAMES_H */
Index: src/crypto/dist/ipsec-tools/src/racoon/grabmyaddr.c
diff -u src/crypto/dist/ipsec-tools/src/racoon/grabmyaddr.c:1.41 src/crypto/dist/ipsec-tools/src/racoon/grabmyaddr.c:1.42
--- src/crypto/dist/ipsec-tools/src/racoon/grabmyaddr.c:1.41 Fri Mar 7 10:55:29 2025
+++ src/crypto/dist/ipsec-tools/src/racoon/grabmyaddr.c Sat Mar 8 11:39:08 2025
@@ -1,4 +1,4 @@
-/* $NetBSD: grabmyaddr.c,v 1.41 2025/03/07 15:55:29 christos Exp $ */
+/* $NetBSD: grabmyaddr.c,v 1.42 2025/03/08 16:39:08 christos Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
* Copyright (C) 2008 Timo Teras <[email protected]>.
@@ -797,7 +797,7 @@ kernel_receive(void *ctx __unused, int f
if (rtm->rtm_msglen != len) {
plog(LLV_WARNING, LOCATION, NULL,
- "kernel_receive: rtm->rtm_msglen %d, len %d, type %d\n",
+ "kernel_receive: rtm->rtm_msglen %d, len %zd, type %d\n",
rtm->rtm_msglen, len, rtm->rtm_type);
return FALSE;
}
Index: src/crypto/dist/ipsec-tools/src/racoon/handler.c
diff -u src/crypto/dist/ipsec-tools/src/racoon/handler.c:1.43 src/crypto/dist/ipsec-tools/src/racoon/handler.c:1.44
--- src/crypto/dist/ipsec-tools/src/racoon/handler.c:1.43 Fri Mar 7 10:55:29 2025
+++ src/crypto/dist/ipsec-tools/src/racoon/handler.c Sat Mar 8 11:39:08 2025
@@ -1,4 +1,4 @@
-/* $NetBSD: handler.c,v 1.43 2025/03/07 15:55:29 christos Exp $ */
+/* $NetBSD: handler.c,v 1.44 2025/03/08 16:39:08 christos Exp $ */
/* Id: handler.c,v 1.28 2006/05/26 12:17:29 manubsd Exp */
@@ -1186,7 +1186,7 @@ exclude_cfg_addr(const struct sockaddr *
if ((p->mode_cfg != NULL) &&
(p->mode_cfg->flags & ISAKMP_CFG_GOT_ADDR4) &&
(addr->sa_family == AF_INET)) {
- sin = (struct sockaddr_in *)addr;
+ sin = (const struct sockaddr_in *)addr;
if (sin->sin_addr.s_addr == p->mode_cfg->addr4.s_addr)
return 0;
}
Index: src/crypto/dist/ipsec-tools/src/racoon/ipsec_doi.c
diff -u src/crypto/dist/ipsec-tools/src/racoon/ipsec_doi.c:1.53 src/crypto/dist/ipsec-tools/src/racoon/ipsec_doi.c:1.54
--- src/crypto/dist/ipsec-tools/src/racoon/ipsec_doi.c:1.53 Fri Mar 7 10:55:29 2025
+++ src/crypto/dist/ipsec-tools/src/racoon/ipsec_doi.c Sat Mar 8 11:39:08 2025
@@ -1,4 +1,4 @@
-/* $NetBSD: ipsec_doi.c,v 1.53 2025/03/07 15:55:29 christos Exp $ */
+/* $NetBSD: ipsec_doi.c,v 1.54 2025/03/08 16:39:08 christos Exp $ */
/* Id: ipsec_doi.c,v 1.55 2006/08/17 09:20:41 vanhu Exp */
@@ -2799,7 +2799,7 @@ setph1attr(struct isakmpsa *sa, caddr_t
goto gssid_done;
}
odst = dst;
- rv = iconv(cd, (__iconv_const char **)&src,
+ rv = iconv(cd, (__iconv_const char **)(intptr_t)&src,
&srcleft, &dst, &dstleft);
if (rv != 0) {
if (rv == (size_t)-1) {
@@ -4452,11 +4452,11 @@ ipsecdoi_t2satrns(struct isakmp_pl_t *t,
switch (type) {
case IPSECDOI_ATTR_SA_LD_TYPE:
{
- int type = ntohs(d->lorv);
- switch (type) {
+ int xtype = ntohs(d->lorv);
+ switch (xtype) {
case IPSECDOI_ATTR_SA_LD_TYPE_SEC:
case IPSECDOI_ATTR_SA_LD_TYPE_KB:
- life_t = type;
+ life_t = xtype;
break;
default:
plog(LLV_WARNING, LOCATION, NULL,
Index: src/crypto/dist/ipsec-tools/src/racoon/isakmp.c
diff -u src/crypto/dist/ipsec-tools/src/racoon/isakmp.c:1.80 src/crypto/dist/ipsec-tools/src/racoon/isakmp.c:1.81
--- src/crypto/dist/ipsec-tools/src/racoon/isakmp.c:1.80 Fri Mar 7 10:55:29 2025
+++ src/crypto/dist/ipsec-tools/src/racoon/isakmp.c Sat Mar 8 11:39:08 2025
@@ -1,4 +1,4 @@
-/* $NetBSD: isakmp.c,v 1.80 2025/03/07 15:55:29 christos Exp $ */
+/* $NetBSD: isakmp.c,v 1.81 2025/03/08 16:39:08 christos Exp $ */
/* Id: isakmp.c,v 1.74 2006/05/07 21:32:59 manubsd Exp */
@@ -272,8 +272,8 @@ isakmp_handler(void *ctx __unused, int s
/* check isakmp header length, as well as sanity of header length */
if (len < sizeof(isakmp) || ntohl(isakmp.len) < sizeof(isakmp)) {
plog(LLV_ERROR, LOCATION, (struct sockaddr *)&remote,
- "packet shorter than isakmp header size (%u, %u, %zu)\n",
- len, ntohl(isakmp.len), sizeof(isakmp));
+ "packet shorter than isakmp header size (%zu, %u, %zu)\n",
+ len, ntohl(isakmp.len), sizeof(isakmp));
/* dummy receive */
if ((len = recvfrom(so_isakmp, (char *)&isakmp, sizeof(isakmp),
0, (struct sockaddr *)&remote, &remote_len)) < 0) {
@@ -325,7 +325,7 @@ isakmp_handler(void *ctx __unused, int s
if ((buf = vmalloc(len - extralen)) == NULL) {
plog(LLV_ERROR, LOCATION, NULL,
- "failed to allocate reading buffer (%u Bytes)\n",
+ "failed to allocate reading buffer (%zu Bytes)\n",
(len - extralen));
goto end;
}
@@ -336,14 +336,14 @@ isakmp_handler(void *ctx __unused, int s
if (len != buf->l) {
plog(LLV_ERROR, LOCATION, (struct sockaddr *)&remote,
- "received invalid length (%d != %zu), why ?\n",
+ "received invalid length (%zd != %zu), why ?\n",
len, buf->l);
goto end;
}
plog(LLV_DEBUG, LOCATION, NULL, "===\n");
plog(LLV_DEBUG, LOCATION, NULL,
- "%d bytes message received %s\n",
+ "%zd bytes message received %s\n",
len, saddr2str_fromto("from %s to %s",
(struct sockaddr *)&remote,
(struct sockaddr *)&local));
@@ -1662,7 +1662,7 @@ isakmp_open(struct sockaddr *addr, int u
pktinfo = IPV6_RECVDSTADDR;
#endif
if (setsockopt(fd, IPPROTO_IPV6, pktinfo,
- (const void *) &yes, sizeof(yes)) < 0) {
+ &yes, sizeof(yes)) < 0) {
plog(LLV_ERROR, LOCATION, NULL,
"setsockopt IPV6_RECVDSTADDR (%d):%s\n",
pktinfo, strerror(errno));
@@ -1671,7 +1671,7 @@ isakmp_open(struct sockaddr *addr, int u
#ifdef IPV6_USE_MIN_MTU
if (setsockopt(fd, IPPROTO_IPV6, IPV6_USE_MIN_MTU,
- (void *) &yes, sizeof(yes)) < 0) {
+ &yes, sizeof(yes)) < 0) {
plog(LLV_ERROR, LOCATION, NULL,
"setsockopt IPV6_USE_MIN_MTU (%s)\n",
strerror(errno));
@@ -1688,7 +1688,7 @@ isakmp_open(struct sockaddr *addr, int u
#else
SO_REUSEPORT,
#endif
- (void *) &yes, sizeof(yes)) < 0) {
+ &yes, sizeof(yes)) < 0) {
plog(LLV_ERROR, LOCATION, NULL,
"failed to set REUSE flag on %s (%s).\n",
saddr2str(addr), strerror(errno));
@@ -3095,7 +3095,7 @@ out:
}
int
-script_env_append(char ***envp, int *envc, char *name, char *value)
+script_env_append(char ***envp, int *envc, const char *name, char *value)
{
char *envitem;
char **newenvp;
@@ -3132,7 +3132,7 @@ script_exec(char *script, int name, char
char *argv[] = { NULL, NULL, NULL };
argv[0] = script;
- argv[1] = script_names[name];
+ argv[1] = __UNCONST(script_names[name]);
argv[2] = NULL;
switch (fork()) {
Index: src/crypto/dist/ipsec-tools/src/racoon/isakmp_var.h
diff -u src/crypto/dist/ipsec-tools/src/racoon/isakmp_var.h:1.19 src/crypto/dist/ipsec-tools/src/racoon/isakmp_var.h:1.20
--- src/crypto/dist/ipsec-tools/src/racoon/isakmp_var.h:1.19 Fri Mar 7 10:55:29 2025
+++ src/crypto/dist/ipsec-tools/src/racoon/isakmp_var.h Sat Mar 8 11:39:08 2025
@@ -1,4 +1,4 @@
-/* $NetBSD: isakmp_var.h,v 1.19 2025/03/07 15:55:29 christos Exp $ */
+/* $NetBSD: isakmp_var.h,v 1.20 2025/03/08 16:39:08 christos Exp $ */
/* Id: isakmp_var.h,v 1.12 2005/05/07 14:45:31 manubsd Exp */
@@ -129,7 +129,7 @@ extern int copy_ph1addresses( struct ph1
extern void log_ph1established(const struct ph1handle *);
extern void script_hook(struct ph1handle *, int);
-extern int script_env_append(char ***, int *, char *, char *);
+extern int script_env_append(char ***, int *, const char *, char *);
extern int script_exec(char *, int, char * const *);
void purge_remote(struct ph1handle *);
Index: src/crypto/dist/ipsec-tools/src/racoon/plog.c
diff -u src/crypto/dist/ipsec-tools/src/racoon/plog.c:1.8 src/crypto/dist/ipsec-tools/src/racoon/plog.c:1.9
--- src/crypto/dist/ipsec-tools/src/racoon/plog.c:1.8 Fri Mar 7 10:55:29 2025
+++ src/crypto/dist/ipsec-tools/src/racoon/plog.c Sat Mar 8 11:39:08 2025
@@ -1,4 +1,4 @@
-/* $NetBSD: plog.c,v 1.8 2025/03/07 15:55:29 christos Exp $ */
+/* $NetBSD: plog.c,v 1.9 2025/03/08 16:39:08 christos Exp $ */
/* Id: plog.c,v 1.11 2006/06/20 09:57:31 vanhu Exp */
@@ -82,7 +82,7 @@ static char *logfile = NULL;
static char *plog_common(int, const char *, const char *, struct sockaddr *);
static struct plogtags {
- char *name;
+ const char *name;
int priority;
} ptab[] = {
{ "(not defined)", 0, },
@@ -200,7 +200,7 @@ plogv(int pri, const char *func, struct
}
void
-plogdump(int pri, void *data, size_t len)
+plogdump(int pri, const void *data, size_t len)
{
caddr_t buf;
size_t buflen;
@@ -225,7 +225,7 @@ plogdump(int pri, void *data, size_t len
if (j % 4 == 0)
buf[i++] = ' ';
snprintf(&buf[i], buflen - i, "%02x",
- ((unsigned char *)data)[j] & 0xff);
+ ((const unsigned char *)data)[j] & 0xff);
i += 2;
j++;
}
Index: src/crypto/dist/ipsec-tools/src/racoon/plog.h
diff -u src/crypto/dist/ipsec-tools/src/racoon/plog.h:1.6 src/crypto/dist/ipsec-tools/src/racoon/plog.h:1.7
--- src/crypto/dist/ipsec-tools/src/racoon/plog.h:1.6 Fri Mar 7 10:55:29 2025
+++ src/crypto/dist/ipsec-tools/src/racoon/plog.h Sat Mar 8 11:39:08 2025
@@ -1,4 +1,4 @@
-/* $NetBSD: plog.h,v 1.6 2025/03/07 15:55:29 christos Exp $ */
+/* $NetBSD: plog.h,v 1.7 2025/03/08 16:39:08 christos Exp $ */
/* Id: plog.h,v 1.7 2006/06/20 09:57:31 vanhu Exp */
@@ -73,7 +73,7 @@ extern void _plog(int, const char *, str
__attribute__ ((__format__ (__printf__, 4, 5)));
extern void plogv(int, const char *, struct sockaddr *,
const char *, va_list);
-extern void plogdump(int, void *, size_t);
+extern void plogdump(int, const void *, size_t);
extern void ploginit(void);
extern void plogset(char *);
Index: src/crypto/dist/ipsec-tools/src/racoon/privsep.c
diff -u src/crypto/dist/ipsec-tools/src/racoon/privsep.c:1.27 src/crypto/dist/ipsec-tools/src/racoon/privsep.c:1.28
--- src/crypto/dist/ipsec-tools/src/racoon/privsep.c:1.27 Fri Mar 7 10:55:29 2025
+++ src/crypto/dist/ipsec-tools/src/racoon/privsep.c Sat Mar 8 11:39:08 2025
@@ -1,4 +1,4 @@
-/* $NetBSD: privsep.c,v 1.27 2025/03/07 15:55:29 christos Exp $ */
+/* $NetBSD: privsep.c,v 1.28 2025/03/08 16:39:08 christos Exp $ */
/* Id: privsep.c,v 1.15 2005/08/08 11:23:44 vanhu Exp */
@@ -73,7 +73,7 @@ static int privsep_sock[2] = { -1, -1 };
static int privsep_recv(int, struct privsep_com_msg **, size_t *);
static int privsep_send(int, struct privsep_com_msg *, size_t);
-static int safety_check(struct privsep_com_msg *, int i);
+static int safety_check(struct privsep_com_msg *, int);
static int port_check(int);
static int unsafe_env(char *const *);
static int unknown_name(int);
@@ -416,7 +416,7 @@ privsep_init(void)
char **envp = NULL;
int envc = 0;
int count = 0;
- int i;
+ int j;
/*
* First count the bufs, and make sure strings
@@ -474,8 +474,8 @@ privsep_init(void)
}
memcpy((char *)&name, bufs[count++], sizeof(name));
- for (i = 0; combuf->bufs.buflen[count]; count++)
- envp[i++] = bufs[count];
+ for (j = 0; combuf->bufs.buflen[count]; count++)
+ envp[j++] = bufs[count];
count++; /* void */
@@ -1446,8 +1446,8 @@ static int
unsafe_env(char *const *envp)
{
char *const *e;
- char *const *be;
- char *const bad_env[] = { "PATH=", "LD_LIBRARY_PATH=", "IFS=", NULL };
+ const char *const *be;
+ const char *const bad_env[] = { "PATH=", "LD_LIBRARY_PATH=", "IFS=", NULL };
for (e = envp; *e; e++) {
for (be = bad_env; *be; be++) {
@@ -1553,7 +1553,7 @@ send_fd(int s, int fd)
struct iovec iov;
int *fdptr;
- iov.iov_base = " ";
+ iov.iov_base = __UNCONST(" ");
iov.iov_len = 1;
if (sizeof(cmsbuf) < CMSG_SPACE(sizeof(fd))) {
Index: src/crypto/dist/ipsec-tools/src/racoon/remoteconf.c
diff -u src/crypto/dist/ipsec-tools/src/racoon/remoteconf.c:1.31 src/crypto/dist/ipsec-tools/src/racoon/remoteconf.c:1.32
--- src/crypto/dist/ipsec-tools/src/racoon/remoteconf.c:1.31 Fri Mar 7 10:55:29 2025
+++ src/crypto/dist/ipsec-tools/src/racoon/remoteconf.c Sat Mar 8 11:39:08 2025
@@ -1,4 +1,4 @@
-/* $NetBSD: remoteconf.c,v 1.31 2025/03/07 15:55:29 christos Exp $ */
+/* $NetBSD: remoteconf.c,v 1.32 2025/03/08 16:39:08 christos Exp $ */
/* Id: remoteconf.c,v 1.38 2006/05/06 15:52:44 manubsd Exp */
@@ -86,7 +86,7 @@ static remoteconf_tailq_head_t rmtree, r
/*
* Script hook names and script hook paths
*/
-char *script_names[SCRIPT_MAX + 1] = {
+const char *script_names[SCRIPT_MAX + 1] = {
"phase1_up", "phase1_down", "phase1_dead" };
/*%%%*/
Index: src/crypto/dist/ipsec-tools/src/racoon/remoteconf.h
diff -u src/crypto/dist/ipsec-tools/src/racoon/remoteconf.h:1.17 src/crypto/dist/ipsec-tools/src/racoon/remoteconf.h:1.18
--- src/crypto/dist/ipsec-tools/src/racoon/remoteconf.h:1.17 Fri Mar 7 10:55:29 2025
+++ src/crypto/dist/ipsec-tools/src/racoon/remoteconf.h Sat Mar 8 11:39:08 2025
@@ -1,4 +1,4 @@
-/* $NetBSD: remoteconf.h,v 1.17 2025/03/07 15:55:29 christos Exp $ */
+/* $NetBSD: remoteconf.h,v 1.18 2025/03/08 16:39:08 christos Exp $ */
/* Id: remoteconf.h,v 1.26 2006/05/06 15:52:44 manubsd Exp */
@@ -82,7 +82,7 @@ struct rmconf_cert {
#define SCRIPT_PHASE1_DOWN 1
#define SCRIPT_PHASE1_DEAD 2
#define SCRIPT_MAX 2
-extern char *script_names[SCRIPT_MAX + 1];
+extern const char *script_names[SCRIPT_MAX + 1];
struct remoteconf {
char *name; /* remote configuration name */
Index: src/crypto/dist/ipsec-tools/src/racoon/sockmisc.c
diff -u src/crypto/dist/ipsec-tools/src/racoon/sockmisc.c:1.20 src/crypto/dist/ipsec-tools/src/racoon/sockmisc.c:1.21
--- src/crypto/dist/ipsec-tools/src/racoon/sockmisc.c:1.20 Fri Mar 7 10:55:29 2025
+++ src/crypto/dist/ipsec-tools/src/racoon/sockmisc.c Sat Mar 8 11:39:08 2025
@@ -1,4 +1,4 @@
-/* $NetBSD: sockmisc.c,v 1.20 2025/03/07 15:55:29 christos Exp $ */
+/* $NetBSD: sockmisc.c,v 1.21 2025/03/08 16:39:08 christos Exp $ */
/* Id: sockmisc.c,v 1.24 2006/05/07 21:32:59 manubsd Exp */
@@ -88,7 +88,7 @@ const int niflags = 0;
int
cmpsaddr(const struct sockaddr *addr1, const struct sockaddr *addr2)
{
- caddr_t sa1, sa2;
+ const void *sa1, *sa2;
u_short port1 = IPSEC_PORT_ANY;
u_short port2 = IPSEC_PORT_ANY;
@@ -106,23 +106,23 @@ cmpsaddr(const struct sockaddr *addr1, c
case AF_UNSPEC:
break;
case AF_INET:
- sa1 = (caddr_t)&((struct sockaddr_in *)addr1)->sin_addr;
- sa2 = (caddr_t)&((struct sockaddr_in *)addr2)->sin_addr;
- port1 = ((struct sockaddr_in *)addr1)->sin_port;
- port2 = ((struct sockaddr_in *)addr2)->sin_port;
+ sa1 = &((const struct sockaddr_in *)addr1)->sin_addr;
+ sa2 = &((const struct sockaddr_in *)addr2)->sin_addr;
+ port1 = ((const struct sockaddr_in *)addr1)->sin_port;
+ port2 = ((const struct sockaddr_in *)addr2)->sin_port;
if (memcmp(sa1, sa2, sizeof(struct in_addr)) != 0)
return CMPSADDR_MISMATCH;
break;
#ifdef INET6
case AF_INET6:
- sa1 = (caddr_t)&((struct sockaddr_in6 *)addr1)->sin6_addr;
- sa2 = (caddr_t)&((struct sockaddr_in6 *)addr2)->sin6_addr;
- port1 = ((struct sockaddr_in6 *)addr1)->sin6_port;
- port2 = ((struct sockaddr_in6 *)addr2)->sin6_port;
+ sa1 = &((const struct sockaddr_in6 *)addr1)->sin6_addr;
+ sa2 = &((const struct sockaddr_in6 *)addr2)->sin6_addr;
+ port1 = ((const struct sockaddr_in6 *)addr1)->sin6_port;
+ port2 = ((const struct sockaddr_in6 *)addr2)->sin6_port;
if (memcmp(sa1, sa2, sizeof(struct in6_addr)) != 0)
return CMPSADDR_MISMATCH;
- if (((struct sockaddr_in6 *)addr1)->sin6_scope_id !=
- ((struct sockaddr_in6 *)addr2)->sin6_scope_id)
+ if (((const struct sockaddr_in6 *)addr1)->sin6_scope_id !=
+ ((const struct sockaddr_in6 *)addr2)->sin6_scope_id)
return CMPSADDR_MISMATCH;
break;
#endif
@@ -392,7 +392,7 @@ sendfromto(int s, const void *buf, size_
memset(&m, 0, sizeof(m));
m.msg_name = (caddr_t)&dst6;
m.msg_namelen = sizeof(dst6);
- iov[0].iov_base = (char *)buf;
+ iov[0].iov_base = __UNCONST(buf);
iov[0].iov_len = buflen;
m.msg_iov = iov;
m.msg_iovlen = 1;
@@ -426,11 +426,11 @@ sendfromto(int s, const void *buf, size_
return -1;
}
plog(LLV_DEBUG, LOCATION, NULL,
- "%d times of %d bytes message will be sent "
+ "%d times of %zd bytes message will be sent "
"to %s\n",
i + 1, len, saddr2str(dst));
}
- plogdump(LLV_DEBUG, (char *)buf, buflen);
+ plogdump(LLV_DEBUG, buf, buflen);
return len;
}
@@ -565,11 +565,11 @@ sendfromto(int s, const void *buf, size_
return len;
}
plog(LLV_DEBUG, LOCATION, NULL,
- "%d times of %d bytes message will be sent "
+ "%d times of %zd bytes message will be sent "
"to %s\n",
i + 1, len, saddr2str(dst));
}
- plogdump(LLV_DEBUG, (char *)buf, buflen);
+ plogdump(LLV_DEBUG, buf, buflen);
if (needclose)
close(sendsock);
@@ -584,7 +584,7 @@ setsockopt_bypass(int so, int family)
{
int level;
char *buf;
- char *policy;
+ const char *policy;
switch (family) {
case AF_INET:
@@ -929,10 +929,10 @@ extract_port (const struct sockaddr *add
case AF_UNSPEC:
break;
case AF_INET:
- port = ((struct sockaddr_in *)addr)->sin_port;
+ port = ((const struct sockaddr_in *)addr)->sin_port;
break;
case AF_INET6:
- port = ((struct sockaddr_in6 *)addr)->sin6_port;
+ port = ((const struct sockaddr_in6 *)addr)->sin6_port;
break;
default:
plog(LLV_ERROR, LOCATION, NULL, "unknown AF: %u\n", addr->sa_family);
Index: src/crypto/dist/ipsec-tools/src/racoon/vendorid.c
diff -u src/crypto/dist/ipsec-tools/src/racoon/vendorid.c:1.10 src/crypto/dist/ipsec-tools/src/racoon/vendorid.c:1.11
--- src/crypto/dist/ipsec-tools/src/racoon/vendorid.c:1.10 Fri Mar 7 10:55:30 2025
+++ src/crypto/dist/ipsec-tools/src/racoon/vendorid.c Sat Mar 8 11:39:08 2025
@@ -1,4 +1,4 @@
-/* $NetBSD: vendorid.c,v 1.10 2025/03/07 15:55:30 christos Exp $ */
+/* $NetBSD: vendorid.c,v 1.11 2025/03/08 16:39:08 christos Exp $ */
/* Id: vendorid.c,v 1.10 2006/02/22 16:10:21 vanhu Exp */
@@ -65,28 +65,28 @@
#endif
static struct vendor_id all_vendor_ids[] = {
-{ VENDORID_IPSEC_TOOLS, "IPSec-Tools" },
-{ VENDORID_GSSAPI_LONG, "A GSS-API Authentication Method for IKE" },
-{ VENDORID_GSSAPI , "GSSAPI" },
-{ VENDORID_MS_NT5 , "MS NT5 ISAKMPOAKLEY" },
-{ VENDORID_NATT_00 , "draft-ietf-ipsec-nat-t-ike-00" },
-{ VENDORID_NATT_01 , "draft-ietf-ipsec-nat-t-ike-01" },
-{ VENDORID_NATT_02 , "draft-ietf-ipsec-nat-t-ike-02" },
-{ VENDORID_NATT_02_N , "draft-ietf-ipsec-nat-t-ike-02\n" },
-{ VENDORID_NATT_03 , "draft-ietf-ipsec-nat-t-ike-03" },
-{ VENDORID_NATT_04 , "draft-ietf-ipsec-nat-t-ike-04" },
-{ VENDORID_NATT_05 , "draft-ietf-ipsec-nat-t-ike-05" },
-{ VENDORID_NATT_06 , "draft-ietf-ipsec-nat-t-ike-06" },
-{ VENDORID_NATT_07 , "draft-ietf-ipsec-nat-t-ike-07" },
-{ VENDORID_NATT_08 , "draft-ietf-ipsec-nat-t-ike-08" },
-{ VENDORID_NATT_RFC , "RFC 3947" },
-{ VENDORID_XAUTH , "draft-ietf-ipsra-isakmp-xauth-06.txt" },
-{ VENDORID_UNITY , "CISCO-UNITY" },
-{ VENDORID_FRAG , "FRAGMENTATION" },
+{ VENDORID_IPSEC_TOOLS, "IPSec-Tools", NULL },
+{ VENDORID_GSSAPI_LONG, "A GSS-API Authentication Method for IKE", NULL },
+{ VENDORID_GSSAPI , "GSSAPI", NULL },
+{ VENDORID_MS_NT5 , "MS NT5 ISAKMPOAKLEY", NULL },
+{ VENDORID_NATT_00 , "draft-ietf-ipsec-nat-t-ike-00", NULL },
+{ VENDORID_NATT_01 , "draft-ietf-ipsec-nat-t-ike-01", NULL },
+{ VENDORID_NATT_02 , "draft-ietf-ipsec-nat-t-ike-02", NULL },
+{ VENDORID_NATT_02_N , "draft-ietf-ipsec-nat-t-ike-02\n", NULL },
+{ VENDORID_NATT_03 , "draft-ietf-ipsec-nat-t-ike-03", NULL },
+{ VENDORID_NATT_04 , "draft-ietf-ipsec-nat-t-ike-04", NULL },
+{ VENDORID_NATT_05 , "draft-ietf-ipsec-nat-t-ike-05", NULL },
+{ VENDORID_NATT_06 , "draft-ietf-ipsec-nat-t-ike-06", NULL },
+{ VENDORID_NATT_07 , "draft-ietf-ipsec-nat-t-ike-07", NULL },
+{ VENDORID_NATT_08 , "draft-ietf-ipsec-nat-t-ike-08", NULL },
+{ VENDORID_NATT_RFC , "RFC 3947", NULL },
+{ VENDORID_XAUTH , "draft-ietf-ipsra-isakmp-xauth-06.txt", NULL },
+{ VENDORID_UNITY , "CISCO-UNITY", NULL },
+{ VENDORID_FRAG , "FRAGMENTATION", NULL },
/* Just a readable string for DPD ... */
-{ VENDORID_DPD , "DPD" },
+{ VENDORID_DPD , "DPD", NULL },
/* Other known Vendor IDs */
-{ VENDORID_KAME , "KAME/racoon" },
+{ VENDORID_KAME , "KAME/racoon", NULL },
};
#define NUMVENDORIDS (sizeof(all_vendor_ids)/sizeof(all_vendor_ids[0]))
@@ -162,7 +162,7 @@ compute_vendorids (void)
continue;
}
- vid.v = (char *) all_vendor_ids[i].string;
+ vid.v = (char *)(intptr_t)all_vendor_ids[i].string;
vid.l = strlen(vid.v);
all_vendor_ids[i].hash = eay_md5_one(&vid);
