bye bye

3 files changed, 0 insertions, 431 deletions

diff --git a/sbin/isakmpd/apps/certpatch/Makefile b/sbin/isakmpd/apps/certpatch/Makefile
deleted file mode 100644
index 4325f9063e0..00000000000
--- a/sbin/isakmpd/apps/certpatch/Makefile
+++ /dev/null
@@ -1,44 +0,0 @@
-#	$OpenBSD: Makefile,v 1.10 2005/04/08 21:09:53 deraadt Exp $
-#	$EOM: Makefile,v 1.6 2000/03/28 21:22:06 ho Exp $
-
-#
-# Copyright (c) 1999 Niels Provos.  All rights reserved.
-# Copyright (c) 2001 Niklas Hallqvist.  All rights reserved.
-#
-# Redistribution and use in source and binary forms, with or without
-# modification, are permitted provided that the following conditions
-# are met:
-# 1. Redistributions of source code must retain the above copyright
-#    notice, this list of conditions and the following disclaimer.
-# 2. Redistributions in binary form must reproduce the above copyright
-#    notice, this list of conditions and the following disclaimer in the
-#    documentation and/or other materials provided with the distribution.
-#
-# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
-# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
-# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
-# IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
-# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
-# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-#
-
-#
-# This code was written under funding by Ericsson Radio Systems.
-#
-
-PROG=		certpatch
-SRCS=		certpatch.c
-BINDIR?=	/usr/sbin
-TOPSRC=		${.CURDIR}/../..
-TOPOBJ!=	cd ${TOPSRC}; printf "all:\n\t@pwd\n" |${MAKE} -f-
-.PATH:		${TOPSRC} ${TOPOBJ}
-CFLAGS+=	-I${TOPSRC} -I${TOPOBJ} -Wall
-LDADD+=		-lcrypto
-DPADD+=		${LIBCRYPTO}
-MAN=		certpatch.8
-
-.include <bsd.prog.mk>
diff --git a/sbin/isakmpd/apps/certpatch/certpatch.8 b/sbin/isakmpd/apps/certpatch/certpatch.8
deleted file mode 100644
index dd7d961fc48..00000000000
--- a/sbin/isakmpd/apps/certpatch/certpatch.8
+++ /dev/null
@@ -1,86 +0,0 @@
-.\" $OpenBSD: certpatch.8,v 1.10 2005/05/05 12:16:00 jmc Exp $
-.\" $EOM: certpatch.8,v 1.5 2000/04/07 22:17:11 niklas Exp $
-.\"
-.\" Copyright (c) 1999 Niklas Hallqvist.  All rights reserved.
-.\" Copyright (c) 1999 Angelos D. Keromytis.  All rights reserved.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\" 1. Redistributions of source code must retain the above copyright
-.\"    notice, this list of conditions and the following disclaimer.
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\"    notice, this list of conditions and the following disclaimer in the
-.\"    documentation and/or other materials provided with the distribution.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
-.\" IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
-.\" OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
-.\" IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
-.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
-.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
-.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
-.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-.\"
-.\" This code was written under funding by Ericsson Radio Systems.
-.\"
-.\" Manual page, using -mandoc macros
-.\"
-.Dd July 18, 1999
-.Dt CERTPATCH 8
-.Os
-.Sh NAME
-.Nm certpatch
-.Nd add subjectAltName identities to X.509 certificates
-.Sh SYNOPSIS
-.Nm certpatch
-.Op Fl t Ar identity-type
-.Fl i
-.Ar identity
-.Fl k
-.Ar signing-key
-.Ar input-certificate output-certificate
-.Sh DESCRIPTION
-.Nm
-alters PEM-encoded X.509 certificates by adding a subjectAltName extension
-containing an identity used by the signature-based authentication schemes
-of the ISAKMP protocol.
-After the addition, the certificate will be signed
-once again with the supplied CA signing key.
-.Pp
-The options are as follows:
-.Bl -tag -width Ds
-.It Fl i Ar identity
-The
-.Fl i
-option takes an argument which is the identity to put into the
-subjectAltName field of the certificate.
-If the identity-type is
-.Li ip ,
-this argument should be an IPv4 address in dotted decimal notation.
-.It Fl k Ar signing-key
-The
-.Fl k
-option specifies the key used for signing the certificate once the
-subjectAltName extension has been added.
-The key is specified by
-the filename where it is stored in PEM format.
-.It Fl t Ar identity-type
-If given, the
-.Fl t
-option specifies the type of the given identity.
-Currently
-.Li ip ,
-.Li fqdn ,
-and
-.Li ufqdn
-are recognized.
-The default is
-.Li ip .
-.El
-.Sh SEE ALSO
-.Xr openssl 1 ,
-.Xr isakmpd 8 ,
-.Xr ssl 8
diff --git a/sbin/isakmpd/apps/certpatch/certpatch.c b/sbin/isakmpd/apps/certpatch/certpatch.c
deleted file mode 100644
index 904198b3d28..00000000000
--- a/sbin/isakmpd/apps/certpatch/certpatch.c
+++ /dev/null
@@ -1,301 +0,0 @@
-/*	$OpenBSD: certpatch.c,v 1.22 2005/04/08 21:51:08 deraadt Exp $	*/
-/*	$EOM: certpatch.c,v 1.11 2000/12/21 14:50:09 ho Exp $	*/
-
-/*
- * Copyright (c) 1999 Niels Provos.  All rights reserved.
- * Copyright (c) 1999, 2000 Angelos D. Keromytis.  All rights reserved.
- * Copyright (c) 2000, 2001 Niklas Hallqvist.  All rights reserved.
- * Copyright (c) 2001 Håkan Olsson.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
- * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
- * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-
-/*
- * This code was written under funding by Ericsson Radio Systems.
- */
-
-/*
- * This program takes a certificate generated by ssleay and a
- * private key. It encodes a new id as subject alt name
- * extension into the certifcate. The result gets written as
- * new certificate that can be used by isakmpd.
- */
-
-#include <sys/param.h>
-#include <sys/types.h>
-#include <sys/mman.h>
-#include <sys/stat.h>
-#include <ctype.h>
-#include <fcntl.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <unistd.h>
-
-#include <sys/socket.h>
-#include <netinet/in.h>
-#include <arpa/inet.h>
-
-#include "sysdep.h"
-
-#ifdef KAME
-#  ifdef CRYPTO
-#    include <openssl/rsa.h>
-#  endif
-#else
-#  include <openssl/rsa.h>
-#endif
-
-#include <openssl/x509.h>
-#include <openssl/pem.h>
-
-#include "conf.h"
-#include "ipsec_num.h"
-#include "log.h"
-#include "math_mp.h"
-#include "x509.h"
-
-#define IDTYPE_IP	"ip"
-#define IDTYPE_FQDN     "fqdn"
-#define IDTYPE_UFQDN    "ufqdn"
-
-void
-usage(void)
-{
-	extern char *__progname;
-
-	fprintf(stderr,
-	    "usage: %s [-t idtype] -i id -k keyfile certin certout\n",
-	    __progname);
-	exit(1);
-}
-
-
-int
-main(int argc, char **argv)
-{
-	EVP_PKEY *pkey_priv;
-	X509 *cert;
-	BIO *file;
-	const EVP_MD *digest;
-	X509_EXTENSION *ex = NULL;
-	ASN1_OCTET_STRING *data = NULL;
-	struct in_addr saddr;
-	unsigned char ipaddr[6], *new_id;
-	char *type = IDTYPE_IP, *keyfile = NULL, *id = NULL;
-	char *certin, *certout;
-	int ch, err;
-
-#if SSLEAY_VERSION_NUMBER >= 0x00904100L
-	unsigned char *p;
-	ASN1_STRING str;
-	int i;
-#endif
-
-
-	/* read command line arguments */
-	while ((ch = getopt (argc, argv, "t:k:i:")) != -1)
-		switch (ch) {
-		case 't':
-			type = optarg;
-			break;
-		case 'k':
-			keyfile = optarg;
-			break;
-		case 'i':
-			id = optarg;
-			break;
-		default:
-			usage();
-		}
-
-	argc -= optind;
-
-	if (argc != 2)
-		usage();
-
-	argv += optind;
-
-	certin = argv[0];
-	certout = argv[1];
-
-	/* Check ID */
-
-	if ((strcasecmp(IDTYPE_IP, type) != 0 &&
-	    strcasecmp(IDTYPE_FQDN, type) != 0 &&
-	    strcasecmp(IDTYPE_UFQDN, type) != 0) || id == NULL) {
-		printf("wrong id type or missing id\n");
-		return (1);
-	}
-
-	/*
-	 * X509_verify will fail, as will all other functions that call
-	 * EVP_get_digest_byname.
-	 */
-	SSLeay_add_all_algorithms();
-
-	/* Use a certificate created by ssleay and add the appr. extension */
-	printf("Reading ssleay created certificate %s and modify it\n",
-	    certin);
-	file = BIO_new(BIO_s_file ());
-	if (BIO_read_filename(file, certin) == -1) {
-		perror("read");
-		return (1);
-	}
-#if SSLEAY_VERSION_NUMBER >= 0x00904100L
-	cert = PEM_read_bio_X509(file, NULL, NULL, NULL);
-#else
-	cert = PEM_read_bio_X509(file, NULL, NULL);
-#endif
-	BIO_free(file);
-	if (cert == NULL) {
-		printf("PEM_read_bio_X509() failed\n");
-		return (1);
-	}
-
-	/* Get the digest for the actual signing */
-	digest = EVP_get_digestbyname(OBJ_nid2sn(OBJ_obj2nid(cert->sig_alg->algorithm)));
-	if (!X509_set_version(cert, 2)) {
-		printf("X509 failed to set version number\n");
-		return (1);
-	}
-
-	if (!strcasecmp(IDTYPE_IP, type)) {
-		if (inet_aton(id, &saddr) == 0) {
-			printf("inet_aton() failed\n");
-			return (1);
-		}
-
-		saddr.s_addr = htonl(saddr.s_addr);
-		ipaddr[0] = 0x87;
-		ipaddr[1] = 0x04;
-		ipaddr[2] = saddr.s_addr >> 24;
-		ipaddr[3] = (saddr.s_addr >> 16) & 0xff;
-		ipaddr[4] = (saddr.s_addr >> 8) & 0xff;
-		ipaddr[5] = saddr.s_addr & 0xff;
-
-#if SSLEAY_VERSION_NUMBER >= 0x00904100L
-		str.length = 6;
-		str.type = V_ASN1_OCTET_STRING;
-		str.data = ipaddr;
-		data = ASN1_OCTET_STRING_new();
-		if (!data) {
-			perror("ASN1_OCTET_STRING_new() failed");
-			return (1);
-		}
-
-		i = i2d_ASN1_OCTET_STRING((ASN1_OCTET_STRING *)&str, NULL);
-		if (!ASN1_STRING_set((ASN1_STRING *)data, NULL, i)) {
-			perror("ASN1_STRING_set() failed");
-			return (1);
-		}
-		p = (unsigned char *)data->data;
-		i2d_ASN1_OCTET_STRING((ASN1_OCTET_STRING *)&str, &p);
-		data->length = i;
-#else
-		data = X509v3_pack_string(NULL, V_ASN1_OCTET_STRING, ipaddr, 6);
-#endif
-	} else if (!strcasecmp(IDTYPE_FQDN, type) || !strcasecmp(IDTYPE_UFQDN, type)) {
-		new_id = malloc(strlen(id) + 2);
-		if (new_id == NULL) {
-			printf("malloc() failed\n");
-			return (1);
-		}
-
-		if (!strcasecmp(IDTYPE_FQDN, type))
-			new_id[0] = 0x82;
-		else
-			new_id[0] = 0x81; /* IDTYPE_UFQDN */
-
-		memcpy(new_id + 2, id, strlen(id));
-		new_id[1] = strlen(id);
-#if SSLEAY_VERSION_NUMBER >= 0x00904100L
-		str.length = strlen(id) + 2;
-		str.type = V_ASN1_OCTET_STRING;
-		str.data = new_id;
-		data = ASN1_OCTET_STRING_new();
-		if (!data) {
-			perror("ASN1_OCTET_STRING_new() failed");
-			return (1);
-		}
-
-		i = i2d_ASN1_OCTET_STRING((ASN1_OCTET_STRING *)&str, NULL);
-		if (!ASN1_STRING_set((ASN1_STRING *)data,NULL, i)) {
-			perror("ASN1_STRING_set() failed");
-			return (1);
-		}
-		p = (unsigned char *)data->data;
-		i2d_ASN1_OCTET_STRING((ASN1_OCTET_STRING *)&str, &p);
-		data->length = i;
-#else
-		data = X509v3_pack_string(NULL, V_ASN1_OCTET_STRING, new_id,
-		    strlen (id) + 2);
-#endif
-		free (new_id);
-	}
-
-	/* XXX This is a hack, how to do better?	*/
-	data->type = 0x30;
-	data->data[0] = 0x30;
-	ex = X509_EXTENSION_create_by_NID(NULL, NID_subject_alt_name, 1, data);
-	if (ex == NULL) {
-		printf("X509_EXTENSION_create()\n");
-		return (1);
-	}
-
-	X509_add_ext(cert, ex, -1);
-
-	file = BIO_new (BIO_s_file());
-	if (BIO_read_filename(file, keyfile) == -1) {
-		perror("open");
-		return (1);
-	}
-#if SSLEAY_VERSION_NUMBER >= 0x00904100L
-	if ((pkey_priv = PEM_read_bio_PrivateKey(file, NULL, NULL, NULL)) == NULL) {
-#else
-	if ((pkey_priv = PEM_read_bio_PrivateKey(file, NULL, NULL)) == NULL) {
-#endif
-		printf("Can not read private key %s\n", keyfile);
-		return (1);
-	}
-	BIO_free(file);
-
-	printf("Creating Signature: PKEY_TYPE = %s: ",
-	    pkey_priv->type == EVP_PKEY_RSA ? "RSA" : "unknown");
-	err = X509_sign(cert, pkey_priv, digest);
-	printf("X509_sign: %d ", err);
-	if (!err)
-		printf("FAILED ");
-	else
-		printf("OKAY ");
-	printf("\n");
-
-	file = BIO_new(BIO_s_file());
-	if (BIO_write_filename(file, certout) == -1) {
-		perror("open");
-		return (1);
-	}
-
-	printf("Writing new certificate to %s\n", certout);
-	PEM_write_bio_X509(file, cert);
-	BIO_free(file);
-	return (0);
-}