ports/122187: [patch] ipsec-tools failed build on FreeBSD 7.0 when RC5 is ON

Dmitry A Grigorovich odip at bionet.nsc.ru
Fri Mar 28 11:40:02 UTC 2008 

>Number:         122187
>Category:       ports
>Synopsis:       [patch] ipsec-tools failed build on FreeBSD 7.0 when RC5 is ON
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          update
>Submitter-Id:   current-users
>Arrival-Date:   Fri Mar 28 11:40:01 UTC 2008
>Closed-Date:
>Last-Modified:
>Originator:     Dmitry A Grigorovich
>Release:        FreeBSD 7.0-RELEASE i386
>Organization:
ICiG SB RAS, Novisibirsk, Russia
>Environment:
System: FreeBSD elf.bionet.nsc.ru 7.0-RELEASE FreeBSD 7.0-RELEASE #0

>Description:

On FreeBSD 7.0 try to build security/ipsec-tools with option RC5 is ON

root at elf# cd /usr/ports/security/ipsec-tools
root at elf# make showconfig
===> The following configuration options are available for ipsec-tools-0.7:
     DEBUG=on "enable Debug support"
     IPV6=on "enable IPV6 support"
     ADMINPORT=on "enable Admin port"
     STATS=on "enable Statistics logging function"
     DPD=on "enable Dead Peer Detection"
     NATT=off "enable NAT-Traversal (kernel-patch required)"
     NATTF=off "require NAT-Traversal (fail without kernel-patch)"
     FRAG=on "enable IKE fragmentation payload support"
     HYBRID=on "enable Hybrid Mode-cfg and Xauth support"
     PAM=on "enable PAM authentication"
     GSSAPI=off "enable GSS-API authentication"
     RADIUS=off "enable Radius authentication"
     SAUNSPEC=off "enable Unspecified SA mode"
     RC5=on "enable RC5 encryption (patented)"
     IDEA=on "enable IDEA encryption (patented)"
===> Use 'make config' to modify these settings
root at elf# make build
...
cc -DHAVE_CONFIG_H -I. -I../.. -I./../libipsec   -I./../../src/racoon/missing -D_GNU_SOURCE  -DSYSCONFDIR=\"/usr/local/etc/racoon\"  -DADMINPORTDIR=\"/var/db/racoon\" -pipe -march=pentiumpro -g  -Wall -Werror -Wno-unused -DEAYDEBUG -o crypto_openssl_test.o -c ./crypto_openssl.c
cc1: warnings being treated as errors
./crypto_openssl.c: In function 'eay_rc5_encrypt':
./crypto_openssl.c:1394: warning: pointer targets in passing argument 3 of 'RC5_32_set_key' differ in signedness
./crypto_openssl.c:1402: warning: pointer targets in passing argument 1 of 'RC5_32_cbc_encrypt' differ in signedness
./crypto_openssl.c:1402: warning: pointer targets in passing argument 2 of 'RC5_32_cbc_encrypt' differ in signedness
./crypto_openssl.c:1402: warning: pointer targets in passing argument 5 of 'RC5_32_cbc_encrypt' differ in signedness
./crypto_openssl.c: In function 'eay_rc5_decrypt':
./crypto_openssl.c:1415: warning: pointer targets in passing argument 3 of 'RC5_32_set_key' differ in signedness
./crypto_openssl.c:1423: warning: pointer targets in passing argument 1 of 'RC5_32_cbc_encrypt' differ in signedness
./crypto_openssl.c:1423: warning: pointer targets in passing argument 2 of 'RC5_32_cbc_encrypt' differ in signedness
./crypto_openssl.c:1423: warning: pointer targets in passing argument 5 of 'RC5_32_cbc_encrypt' differ in signedness
*** Error code 1

Stop in /usr/ports/security/ipsec-tools/work/ipsec-tools-0.7/src/racoon.
*** Error code 1

Stop in /usr/ports/security/ipsec-tools/work/ipsec-tools-0.7/src.
*** Error code 1

Stop in /usr/ports/security/ipsec-tools/work/ipsec-tools-0.7.
*** Error code 1

Stop in /usr/ports/security/ipsec-tools/work/ipsec-tools-0.7.
*** Error code 1

Stop in /usr/ports/security/ipsec-tools.
*** Error code 1

Stop in /usr/ports/security/ipsec-tools.

==============================

On FreeBSD 6.3 bulding with same settings is OK

>How-To-Repeat:

See above !

>Fix:

Add following patch to /usr/ports/security/ipsec-tools/files/
Rebuild security/ipsec-tools

--- patch-crypto_openssl.c begins here ---
--- src/racoon/crypto_openssl.c.orig	2006-12-18 16:18:10.000000000 +0600
+++ src/racoon/crypto_openssl.c	2008-03-28 16:36:05.000000000 +0600
@@ -1391,15 +1391,15 @@
 	RC5_32_KEY ks;
 
 	/* in RFC 2451, there is information about the number of round. */
-	RC5_32_set_key(&ks, key->l, key->v, 16);
+	RC5_32_set_key(&ks, key->l, (unsigned char*)key->v, 16);
 
 	/* allocate buffer for result */
 	if ((res = vmalloc(data->l)) == NULL)
 		return NULL;
 
 	/* decryption data */
-	RC5_32_cbc_encrypt(data->v, res->v, data->l,
-		&ks, iv->v, RC5_ENCRYPT);
+	RC5_32_cbc_encrypt( (unsigned char*)data->v, (unsigned char*)res->v, data->l,
+		&ks, (unsigned char*)iv->v, RC5_ENCRYPT);
 
 	return res;
 }
@@ -1412,15 +1412,15 @@
 	RC5_32_KEY ks;
 
 	/* in RFC 2451, there is information about the number of round. */
-	RC5_32_set_key(&ks, key->l, key->v, 16);
+	RC5_32_set_key(&ks, key->l, (unsigned char*)key->v, 16);
 
 	/* allocate buffer for result */
 	if ((res = vmalloc(data->l)) == NULL)
 		return NULL;
 
 	/* decryption data */
-	RC5_32_cbc_encrypt(data->v, res->v, data->l,
-		&ks, iv->v, RC5_DECRYPT);
+	RC5_32_cbc_encrypt( (unsigned char*)data->v, (unsigned char*)res->v, data->l,
+		&ks, (unsigned char*)iv->v, RC5_DECRYPT);
 
 	return res;
 }
--- patch-crypto_openssl.c ends here ---


>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-ports-bugs mailing list