Aren/NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
182,271 Commits 606 Branches 0 Tags 3.1 GiB
22505a154a
Commit Graph

1597 Commits

Author SHA1 Message Date
yamt
cdc5fc06ff restore INETD_SUPPORT. PR/40722. 2009-04-09 06:34:34 +00:00
drochner
fb693f55f7 apply patches from upstream CVS to fix 3 security problems: 
-ASN1 printing crash (CVE-2009-0590)
-Incorrect Error Checking During CMS verification (CVE-2009-0591)
-Invalid ASN1 clearing check (CVE-2009-0789)
 2009-03-27 10:41:29 +00:00
perry
4bfc10355c add missing commas to .Dd fix, pointed out by wiz 2009-03-22 14:29:34 +00:00
perry
c8a35b6227 OpenBSD uses a custom CVS hack to handle Dd fields ($Mdocdate$) which 
we don't have. Replace ".Dd $Mdocdate" with ".Dd Month Day Year" so
that the date comes out right when man pages get built. This will
doubtless need hand conflict resolution whenever these pages are
re-imported.

Note that it would be interesting to have some similar facility for
NetBSD, but I don't think a custom rcs keyword is the right thing --
maybe we can teach groff to parse $Date$
 2009-03-21 00:15:52 +00:00
tteras
0c68acc1de From Arnaud Ebalard: Fix couple of problems with previous commit. 2009-03-13 04:49:16 +00:00
he
976380d183 When casting to/from a pointer to an integral type (a bad practice, 
if you ask me), you need to cast via intptr_t for portability.
 2009-03-12 23:05:27 +00:00
wiz
2df943f931 New sentence, new line. Avoid marking up punctuation. 2009-03-12 15:18:57 +00:00
wiz
0d4480d10a Bump date for previous. Sort options to establish-sa. 
Stop using Xo/Xc.
 2009-03-12 14:01:09 +00:00
tteras
983cc8fecf Support multiple anonymous remotes and decide remoteconf based on identity, 
received certificates and other information. General code clean up.
 2009-03-12 10:57:26 +00:00
joerg
997634fe14 Fix preamble to match order set out by mdoc(7). Discussed with wiz. 2009-03-09 19:24:26 +00:00
tteras
e3372d2f8f setkey: fix deleteall in Linux 
Linux requires SADB_DELETE message to have SPI. So send
a SADB_DELETE message for each matching SA. Trac #284.

From: Gabriel Somlo <somlo@cmu.edu>
 2009-03-06 11:45:03 +00:00
he
64be3821eb This program also uses the following libs: -lcrypto -lz -lbz2. 
Add them explicitly so that this program links for sun2 as well.
 2009-02-23 08:25:07 +00:00
agc
88ba3068b1 Use one struct for both zlib and bzip2 decompression. 2009-02-22 16:29:33 +00:00
agc
7bc38e3159 Use pointers to traverse some arrays, and make the code a bit more 
readable.
 2009-02-20 02:47:54 +00:00
agc
5d3eeabad1 Be a bit less zealous when copying memory, so that we don't copy beyond 
th end of the buffer, and provoke a core dump.
 2009-02-20 02:45:43 +00:00
christos
ce563f1b55 CID 4960: Plug memory leak. 2009-02-18 20:10:23 +00:00
uebayasi
aa58ef4867 Revert previous for now. The hidden intent was to rewrite duplicate rules 
of ${TOOL_COMPILE_ET} seen in lib/*/Makefile, using make(1) suffix rule.
But I have not figured out the best way yet.

(The reason why I want to rewrite them is to strip absolute paths embedded in
/usr/include/krb5/*.h.)
 2009-02-18 01:18:57 +00:00
dogcow
0d280a6b94 sig_atomic_t is long on alpha (?!); use %ld and cast to long. 2009-02-17 05:28:32 +00:00
uebayasi
5b1f280b89 To name output files, replace only suffix part exactly. 2009-02-17 05:24:14 +00:00
christos
79290a1b6f remove extra args. 2009-02-16 22:50:17 +00:00
christos
9341d6b102 put back deleted files 2009-02-16 20:55:22 +00:00
christos
abbe9cc1c0 merge changes 2009-02-16 20:53:54 +00:00
tteras
b1ab726a1a From Paul Moore: Fix a heap corruption bug (yacc return non-null terminated 
buffer and sprintf writes over bounds).
 2009-02-16 18:36:21 +00:00
christos
9d3c9d9c55 from ftp.openbsd.org 2009-02-16 17:14:22 +00:00
jmmv
44d668a632 Fix build; need to constify the return value of a function. 2009-02-13 22:01:05 +00:00
lukem
d237abe695 fix -Wsign-compare issues 2009-02-12 10:43:41 +00:00
vanhu
3723c0b8cf trac#301: fixed IPsec SAs flush in purge_remote() when NAT-T enabled but no NAT-T on tunnel 2009-02-11 15:18:59 +00:00
agc
00be53a929 Remove argument names from function prototypes in header files. 2009-02-07 07:00:01 +00:00
agc
fd38df44a9 Be a bit more consistent with the naming scheme (and a bit less verbose). 2009-02-07 05:57:39 +00:00
agc
47eb47e6b3 The catch-all header file also includes version.h now, in case we want 
to display the version number of the openpgpsdk library.
 2009-02-07 05:37:57 +00:00
agc
6aef23c4e0 Re-order header file inclusion order to be alphabetic. 
Print out the version number of the openpgpsdk library when showing the
version string.

Parse the existing ~/.gnupg/gpg.conf to get the default user id, if any.

Use the actual size of the arrays in snprintf(), rather than a size which
may or may not be accurate.

Get rid of an unused 8K array on the stack - it's not needed.
 2009-02-07 05:36:51 +00:00
agc
02ebfd8cdc Minor cosmetic change - no functional difference. 2009-02-07 05:32:27 +00:00
agc
852e7a06c8 Be a bit less rigid when re-allocating memory - don't just keep doubling 
the size we've allocated; instead, if the current size is more than 8 MiB,
then add 1 MiB on; current behaviour remains unchanged for re-allocations
less than 8 MiB.
 2009-02-07 05:31:28 +00:00
agc
c62065c7b1 Check the characters we're given when trying to decide whether it's a 
key id, or a user id/name.
 2009-02-07 05:28:55 +00:00
agc
eab6d9dfa6 Only use O_BINARY if it's defined (rather than the vague WIN32 definition 
test).

Minor cosmetic changes
 2009-02-07 05:26:19 +00:00
agc
203a89fce5 Fix a bug which prevented files signed with an RSA public key from being 
decrypted.
 2009-02-06 06:36:03 +00:00
agc
80a7466337 No need to define our own ops_boolean_t, ops_true and ops_false when 
there are perfectly good values like bool, true and false waiting to
be used in <stdbool.h>
 2009-02-05 06:03:49 +00:00
agc
dda6c6990e When signing or encrypting files, allow the userid to be specified using 
the (8 or 16) character keyid.

One more thing off the TODO list.
 2009-02-05 01:42:39 +00:00
tteras
ee2923bc73 From: Phil Sutter. Fix script environment variables with IPv6 addresses. 2009-02-03 20:21:45 +00:00
agc
57ef716bf6 Document the --version switch to print out the version information from 
the libopenpgpsdk(3) library
 2009-02-02 20:24:36 +00:00
agc
c350af2e45 Document the function to get the version information for the openpgpsdk 
library.
 2009-02-02 20:21:26 +00:00
agc
40cade5517 Add a --version command to the openpgp utility, and document it. The 
version is grabbed from the openpgpsdk library.

Make openpgp just include the one catch-all openpgpsdk header file.
 2009-02-02 20:13:59 +00:00
agc
fed46fd602 Remove a block of text, which wiz had commented out - it was not meant to 
be.
 2009-01-31 16:00:18 +00:00
wiz
127b1b6933 mdoclint cleanup: 
remove trailing whitespace and a few nits.
 2009-01-31 14:16:34 +00:00
wiz
8edb63eafb Add all options to SYNOPSIS. 
Sort option descriptions.
Describe --passphrase, while it still is supported.
Use more markup.
Comment out block of text that didn't make sense to me in the context.
Punctuation improvements.
 2009-01-31 14:14:10 +00:00
agc
fce523c3f5 Get rid of 3 static functions which performed the same operation on 3 
different arrays, and replace them with a function which takes the array
and size as arguments. No functional change.
 2009-01-31 02:33:22 +00:00
agc
aa5adc9663 Cosmetic change to surround the argument to sizeof in (brackets). No 
functional change.
 2009-01-31 01:44:31 +00:00
agc
d2d3b6f70a Get rid of all occurrences of ops_mallocz(), since all it did was allocate 
zeroed storage, and calloc(3) seems to do that just fine.
 2009-01-31 01:20:32 +00:00
agc
f058249f4f Add a manual page for the openpgpsdk library - very bare bones right now, 
all contributions gratefully received.

Also add a convenience header file, which includes the other necessary
openpgpsdk header files - this means that

#include <openpgpsdk/openpgpsdk.h>

will get all the necessary definitions and declarations.
 2009-01-31 00:48:18 +00:00
wiz
22e63019c0 mdoclint cleanup: 
Sort sections.
Make HTML-ready.
Add RCS Id.
Fix section and man page names.
 2009-01-30 22:59:37 +00:00
agc
c804754594 Make source match the documentation (I thought I'd committed these yesterday, 
but it seems not).

Bump default number of bits from 1024 to 2048.

Add --armor as a synonym for --armour, and prepare for the great spelling war
of 2009.
 2009-01-30 21:39:42 +00:00
agc
990ca9e392 Mac OS X has a CommonDigest wrapper around openssl - use this if necessary. 2009-01-30 04:16:15 +00:00
agc
467d65ac1a Add a manual page for openpgp.1 (all contributions welcome, it's incomplete 
right now).

Explain the reason for the WARNS=0 directive in openpgp(1)'s Makefile.
 2009-01-30 04:14:19 +00:00
agc
00bc87c557 Run all the sources through indent. 
Always print fingerprint information for keys when listing them.

Always display the publick key algorithm used (because of a bug, the
algorithm name was being ignored, rather than printed out).
 2009-01-29 05:14:44 +00:00
martin
b9c66cb587 avoid comment inside comment 2009-01-28 19:03:10 +00:00
agc
fff13c1447 Fix problem in build reported by Paul Goyette 2009-01-28 17:27:35 +00:00
agc
06a360215d Move to /* ... */ style of comments in this code - facilitates running 
indent on the code.
 2009-01-28 16:54:20 +00:00
agc
8da84dc021 Abstract away all the %zu uses, and use a symbolic constant for them. 
With thanks to uwe for the information to make this portable.

Expose the ops_memory_t structure, since we're now using it outside
its own source file.

Various cosmetic changes, mainly for debugging purposes.
 2009-01-28 01:29:15 +00:00
agc
ff02cd3e84 Use some symbolic constants where possible - take some of the magic out 
of this.

Make the --list-keys command work again.
 2009-01-28 01:24:49 +00:00
tnn
c7c8fe9828 Fix previous. That should of course be %zu. 2009-01-27 17:15:26 +00:00
tnn
b7888d42fa use %zd for size_t 2009-01-27 15:34:39 +00:00
agc
ed31bb989a The existing code has problems verifying a signed file which is more 
than 8192 bytes long, as the callback data simply assigns any data it
receives to a buffer, and then calls the hash function on that buffer
when EOF is reached.

Use an inefficient temporary workaround for this by holding the memory
in a temporary buffer in the callback argument structure.
 2009-01-27 02:25:13 +00:00
tteras
98b638ac57 Argument parsing needs lcconf initialized. 2009-01-26 18:13:06 +00:00
veego
1ac066df3f Print size_t values using %zu printf format, not %ld 
Thanks to Havard (and Matt Thomas) for pointing that out.
 2009-01-25 13:38:17 +00:00
he
80506ca579 As Matt Thomas points out, %zu, not %zd, is the correct format 
for size_t, since it's unsigned.
 2009-01-25 13:31:58 +00:00
lukem
525b9d1b49 sign-compare fixes 2009-01-25 10:13:18 +00:00
agc
ccc9f1a9af Make this compile after the last lint corrections 2009-01-25 01:49:20 +00:00
christos
1449463f65 try to fix the mess of headers: 
- including each other
- calling non types _t
- doing forward enum declarations
- trailing , in enum
- some lint annotations
 2009-01-24 19:55:33 +00:00
christos
eb0c1ab347 small cleanups: 
1. lint annotations
2. some size_t
3. remove silly breaks
 2009-01-24 19:42:20 +00:00
he
6568aa2748 No, our openssl _encrypt routines do not take a *size_t as the 6th 
argument, they take an *int, and those are not necessarily compatible.
Papering that over with a cast just gets us a warning that
de-referencing a type-punned pointer will break strict-aliasing
rules, which is turned into an error by our WARNS setting.

Instead, change the "num" field in _opt_crypt_t from size_t to int, and
get rid of the now-redundant casts.
 2009-01-24 12:51:11 +00:00
he
99bb07565a Print size_t values using %zd printf format, not %d. 2009-01-24 12:07:44 +00:00
wiz
58b2161948 Sort options in usage. 2009-01-24 10:43:47 +00:00
wiz
a8e14ecee0 Sort options. New sentence, new line. 2009-01-24 10:43:38 +00:00
wiz
86a90d6c4e Sort options. 2009-01-24 10:42:31 +00:00
agc
df41ea2ee2 Add the build glue and sets information for the libopenpgpsdk library, and 
the openpgp binary.
 2009-01-24 01:15:24 +00:00
agc
ea48522368 Forgot a file in big commit from yesterday: 
when matching userid, cheecck if the given userid has a '@' in it.
If so, treat it as an email address, and search for a case-insensitivee
match for the text in between '<' and '>' delimiters.

Otherwise, look for a case insensitive match on the full name.
 2009-01-23 17:30:52 +00:00
tteras
e9d216a40d Update usage and manpage for racoonctl. 2009-01-23 11:44:08 +00:00
tteras
c6d64c37e0 Racoon -v to print version and compilation information. Update usage 
message.
 2009-01-23 11:28:27 +00:00
tteras
1f949d3b6c Update NEWS with major changes since 0.7 release. 2009-01-23 09:40:56 +00:00
tteras
731a29e03b Fix monotonic scheduler change, to not refresh 'now' before exit. Otherwise 
we can return negative timeout after spending time handling other events.
 2009-01-23 09:10:13 +00:00
tteras
7bc9f9e4ee From Arnaud Ebalard: 
Handle reception of MIGRATE message during Phase 1 and Phase 2 negotiation.
Also corrects some debugging statements.
 2009-01-23 08:32:58 +00:00
tteras
b9ba86c968 From Arnaud Ebalard: 
On the responder (for instance), there is a need to not only migrate local
and remote addresses of Phase 1 that match previous addresses but also
the local and remote addresses of a Phase 1 *associated* with a migrated
Phase 2. For instance, we have that need when receiving the first
MIGRATE/KMADDRESS message because the old addresses are still the HoA and
the address of the HA (while the peer has contacted us using the CoA and
we have negotiated this address as src attribute in Phase 2). The patch
fixes that by having migrate_ph1_ike_addresses() called from
migrate_ph2_ike_addresses() callback.
 2009-01-23 08:29:34 +00:00
tteras
54bcc916f5 From Arnaud Ebalard: Set phase2 spid when acting as responder. 2009-01-23 08:27:24 +00:00
tteras
5d5e4e2fa3 Detect if monotonic system clock is available, and use it for relative 
time measurements to avoid complite hang if time jumps backwards.
 2009-01-23 08:25:06 +00:00
tteras
49c6438a45 Fix authentication method ambiguity by internally using unique ID and 
setting/interpreting the wire format based on received vendor ID:s. Fixes
trac #280.
 2009-01-23 08:23:51 +00:00
tteras
69697b4655 Introduce vendorid bitmask that can be used otherwhere to detect peer 
capabilities.
 2009-01-23 08:06:56 +00:00
tteras
2b7d4cd554 Remove "fastquit" configure option and make it the default behaviour. The 
previous normal behaviour is buggy, as after flush kernel can immediately
create larval SA:s which would prevent exit.
 2009-01-23 08:05:58 +00:00
agc
0306a7c61f Massive overhaul of openpgp.c, the driver program for the openpgpsdk 
library.

A good signature verification now shows the filename, time of signing,
and the public keys of the signatories.

Made the interface much more standard by using any argv components after
the options have been parsed to indicate files, rather than a single
--file=filename long option.

Get rid of all assert() calls in the program - dumping core when an
argument is missing is a trifle uncompromising.

When matching userids, if the given userid contains a '@' character,
consider all characters from the rightmost '<' to the terminating
'>' of the file-based userid to be an email address. If there's no
'@' character, consider the given name as a real name, and match
from the start of the file-based userid. All comparisons are done
using case-insensitive searching. I'll consider implementing regexp
matching when enough chocolate bribes are received.

Rework the internals to call a major internal function, rather than doing
everything in main().

Run the results of all this through indent, since the current sources
bear little resemblance to what went before.
 2009-01-23 06:07:18 +00:00
agc
d0750f9b83 Convert another commented out printf() to a debugging statement 2009-01-22 01:46:51 +00:00
agc
29726fdfea When reading a keyring, often the failure of the initial limited_read_mpi() 
when parsing a DSA signature means that we've reached the end of the keyring,
so only print out the annoying error message if we're debugging.
 2009-01-22 01:45:59 +00:00
agc
c785cc907d If the user hasn't passed the pass phrase in as a command line argument 
(not such a great idea), use getpass() to get the passphrase.

Various debugging additions.

When verifying files, print out the file name which was verified, and exit
with either EXIT_FAILURE or EXIT_SUCCESS, depending upon the verification
result. This still needs to be reworked to print out the signatory to the
file, and the date of signing.
 2009-01-22 01:43:35 +00:00
agc
d26c2431dd Don't rely on a convenience macro when expanding a macro definition. 2009-01-22 01:01:47 +00:00
agc
dba5f8d52a When listing keys, if a key ring has been specified, list the keys in 
that key ring.  If no key ring has been specified, list the keys in
the default public key ring, rather than dying with a usage message.
Matches gpg behaviour, and stops openpgp violating the POLA.
 2009-01-22 00:59:12 +00:00
agc
da7f9470ea Convert commented out printf() statements into proper debugging statements 2009-01-22 00:56:13 +00:00
agc
67c903aedc Add more debugging information 2009-01-22 00:55:15 +00:00
lukem
0e88dfdc76 do the PRINTOBJDIR dance to find the (potentially uninstalled) library 
in ../lib  (just like we do many other apps)
 2009-01-22 00:22:20 +00:00
lukem
9b100d5b4e don't need LDADD here; LIBDPLIBS does the right thing 2009-01-22 00:20:58 +00:00
lukem
87e4630751 descend into lib first 2009-01-22 00:13:19 +00:00
lukem
b8a38f2310 update paths 2009-01-22 00:01:52 +00:00
agc
b3b80bc7d6 Fix a typo when printing the type of trust 2009-01-21 22:29:04 +00:00
agc
bbfe341047 gmtime(3) returns a pointer to a struct tm with a month value in the 
range [0,11], so add 1 to this to get a useful value for human
interpretation.
 2009-01-21 20:17:14 +00:00
agc
1dbcf9a927 Avoid leaking storage in one function. 
Set USE_FORT to yes, and fix the fallout.
 2009-01-21 15:35:00 +00:00
agc
c80363d779 WARNS=4 (w00t, no changes necessary) 2009-01-21 07:08:10 +00:00
agc
644e4c1f7f Build the openpgpsdk library with WARNS=3 2009-01-21 05:48:56 +00:00
agc
1cf88afccb Fix WARNS=2 warnings (shadow vars again), but don't switch WARNS=2 on for 
the application, since WARNS=2 includes fatal warnings when linking, and we
get a warning about IDEA being a patented algorithm.
 2009-01-21 03:37:12 +00:00
agc
6dfd9b1804 WARNS=2 for the library build 2009-01-21 03:32:08 +00:00
agc
5bc2794550 WARNS=2 (mainly shadow variable declarations) 2009-01-21 03:31:22 +00:00
agc
2626a640dd Previously debugging information seems to have been output by editing a 
static variable and recompiling. Make this a bit more dynamic, adding a
--debug "filename" argument to the application, and by using a filename-
based debug framework to replicate previous behavior. Multiple filenames
can be provided.

In addition, add more debugging information by printing out the human
values of signature type and key algorithm when parsing packets.
 2009-01-21 01:32:54 +00:00
agc
84ce5f6759 Restore the exit semantics of the original. If success, the exit code is 
EXIT_SUCCESS. If failure, exit code is EXIT_FAILURE. (Duh). If an error
has occurred, use an exit code of 2.
 2009-01-21 01:27:55 +00:00
agc
4442e07493 Add the dependent libs to the openpgpsdk library itself, rather than making 
any program that uses the library specifically add them.

Install header files in the appropriate place
 2009-01-20 19:48:23 +00:00
agc
f6ab492fbf Use EXIT_* error codes rather than numeric constants 2009-01-20 19:46:08 +00:00
agc
35a399083a Get rid of a file that's not used 2009-01-20 19:44:42 +00:00
agc
c86c75ce57 Add a subdir Makefile to descend into openpgpsdk 2009-01-20 19:42:56 +00:00
agc
68d230573c The openpgp application breaks its own abstraction rules by including a 
header file that is meant to be local, so that it can access the content
type of a packet. This change uses an accessor function to find the packet
content type.
 2009-01-20 16:58:09 +00:00
tteras
2b68c3a06a Autogenerate ChangeLog from NetBSD CVS. Put sourceforge.net changes to 
ChangeLog.old.
 2009-01-20 14:36:07 +00:00
agc
0055cf2b60 Add a reachover framework for the openpgp application as well. 2009-01-20 07:50:54 +00:00
agc
d4beb7925c Remove duplicated functions 2009-01-20 07:35:26 +00:00
agc
e4f17bf621 Also make shared lib 2009-01-20 07:34:42 +00:00
agc
cba3672b08 Add a README file, derived form external/src/README, to describe the contents 
of the tree rotted at this directory.
 2009-01-20 07:15:30 +00:00
agc
5e633613d2 Make this compile (WARNS=1) on NetBSD. 
Add reachover library Makefile for the external framework.
 2009-01-20 07:12:16 +00:00
agc
9b993b5409 Missed this when removing old sources. 2009-01-20 06:49:14 +00:00
agc
5c077856b5 Second initial import of openpgpsdk v0.9 into the external section of 
the crypto sources, per conversation with core.

License is 3-clause BSD.

        An OpenPGP library implementation (RSA and partial DSA), conformant
        with RFC4880 "OpenPGP Message Format".

        RSA Key Generation
            * S2K Usage: ENCRYPTED_AND_HASHED
            * S2K Specifier: SALTED
            * Symmetric algorithm: CAST5

        RSA Encryption
            * Generates "Symmetrically Encrypted Integrity Protected
              Data" packets (required by RFC)
            * Hash: SHA1 (required by RFC)
            * Symmetric Algorithm: CAST5 (hard-coded)
            * Uses compression
            * Optional ASCII armouring

        RSA Decryption
            * Symmetric Algorithm: CAST5, AES, AES256, 3DES
            * Optional Compression: ZIP, ZLIB, BZIP2
            * Optional ASCII armouring

        RSA Signature
            * Armoured, unarmoured or clearsigned
            * Hash algorithm: SHA1

        RSA Verification
            * Armoured, unarmoured or clearsigned
            * V3 or V4 signatures
            * Hash algorithms: SHA1, SHA256, SHA384, SHA512, SHA224

        DSA Signature
            * Armoured, unarmoured or clearsigned
            * Hash algorithms: SHA1

        DSA Verification
            * Armoured, unarmoured or clearsigned
            * V3 or V4 signatures
            * Hash algorithms: SHA1, SHA256, SHA384, SHA512, SHA224
 2009-01-20 06:43:54 +00:00
agc
32a7726202 Remove the botched import of the openpgpsdk sources. "They'll be back" 2009-01-20 06:36:37 +00:00
agc
ca2dba9441 Make the library compile with WARNS=1 2009-01-12 23:00:00 +00:00
agc
4ca3d4e421 Initial import of openpgpsdk v0.9 into the external section of the crypto 
sources, per conversation with core.

License is 3-clause BSD.

	An OpenPGP library implementation (RSA and partial DSA), conformant
	with RFC4880 "OpenPGP Message Format".

	RSA Key Generation
	    * S2K Usage: ENCRYPTED_AND_HASHED
	    * S2K Specifier: SALTED
	    * Symmetric algorithm: CAST5

	RSA Encryption
	    * Generates "Symmetrically Encrypted Integrity Protected
	      Data" packets (required by RFC)
	    * Hash: SHA1 (required by RFC)
	    * Symmetric Algorithm: CAST5 (hard-coded)
	    * Uses compression
	    * Optional ASCII armouring

	RSA Decryption
	    * Symmetric Algorithm: CAST5, AES, AES256, 3DES
	    * Optional Compression: ZIP, ZLIB, BZIP2
	    * Optional ASCII armouring

	RSA Signature
	    * Armoured, unarmoured or clearsigned
	    * Hash algorithm: SHA1

	RSA Verification
	    * Armoured, unarmoured or clearsigned
	    * V3 or V4 signatures
	    * Hash algorithms: SHA1, SHA256, SHA384, SHA512, SHA224

	DSA Signature
	    * Armoured, unarmoured or clearsigned
	    * Hash algorithms: SHA1

	DSA Verification
	    * Armoured, unarmoured or clearsigned
	    * V3 or V4 signatures
	    * Hash algorithms: SHA1, SHA256, SHA384, SHA512, SHA224
 2009-01-12 22:55:41 +00:00
wiz
67cbe60826 Make ready for HTML output. 
Use proper escape for backslash ('\e').
 2009-01-10 21:58:38 +00:00
tteras
f7557f766d From Cyrus Rahman: 
Accept RFC2253 compliant escaped special characters for asn1dn identifier.
 2009-01-10 19:08:40 +00:00
tteras
a0b1dc6be0 Fix a CPPLAGS typo to CPPFLAGS which was intended 2009-01-09 06:31:38 +00:00
tteras
9df0ec5c7e Fix a CPPLAGS type to CPPFLAGS which was intended 2009-01-09 06:31:37 +00:00
christos
10c9b70baa Correct error checking for DSA and ECDSA keys (from FreeBSD) 2009-01-07 23:05:07 +00:00
tteras
b264308e87 Remove obsolete configuration options, fix radius configuration block and 
add GRE as recognized protocol.
 2009-01-05 06:03:58 +00:00
tteras
328859aef7 Do not use counting in signal handling as it was unsafe by not using 
atomic functions (post increment is not necessarily atomic).
Instead reap all children on SIGCHLD as that was the only signal needing
signal counting.
 2009-01-05 06:00:27 +00:00
tteras
a3c1a92d23 schedular() call can now modify fd mask so make the working copy just 
before calling select(); otherwise it can contain bad file descriptors
 2008-12-30 15:50:24 +00:00
mlelstv
e5b90a2fc2 support icmp codes. Fixes PR 39056. 2008-12-29 12:54:33 +00:00
christos
aa3382cd31 remove sin{6,}_len linux does not have it. From Timo Teras. 2008-12-24 20:20:52 +00:00
christos
6c532322d2 I was wrong. addr is actually set. 2008-12-24 19:05:48 +00:00
christos
16b17fbeab - make this compile by zeroing out the whole structure not just bogus fields. 
- set length field of sockets appropriately.
- mark bogus no-op code (I don't understand what the author intended here).
 2008-12-24 15:25:44 +00:00
wiz
c1e7a459ca Bump date for identity configuration option removal. 2008-12-23 19:28:18 +00:00
tteras
535280aca9 Remove the obsoleted global identity configuration option. 2008-12-23 14:04:42 +00:00
tteras
bd378f6dda rewrite local address detection 
make some functions static that arr not needed globally
rework how fd_set is construction for the main loop select()
 2008-12-23 14:03:12 +00:00
tteras
182f0b93be From Arnaud Ebalard: 
Delete larval ph2handles when expire with hard lifetime received
 2008-12-18 07:20:25 +00:00
tteras
50a2f2e6d0 Update README 2008-12-16 06:48:38 +00:00
tteras
b2b7434a10 Fix transport mode address selection in acquire handling. 
Some earlier fixes got lost on 2008-12-05 commit.
 2008-12-16 06:08:46 +00:00
vanhu
a75f34b133 Fixed compilation on FreeBSD (RTM_IFINFO and RTM_OIFINFO stuff) 2008-12-11 15:45:24 +00:00
vanhu
cffd15164d Fixed compilation when DPD support is disabled 2008-12-11 15:33:59 +00:00
bad
f140528153 Document my fix to src/racoon/privsep.c for the SIG_IGN typo on 2008-12-04. 2008-12-09 23:28:08 +00:00
tteras
dae665ff27 Do not cache pfkey sockets: it might cause to not handle some pfkey events 
when select() has marked pfkey socket readable, but a timer callback first
calls pfkey_dump_sadb().
 2008-12-08 06:00:53 +00:00
tteras
02f2a72861 From Arnaud Ebalard: 
Improved Mobile IPv6 support per draft-ebalard-mext-pfkey-enhanced-migrate.
 2008-12-05 06:02:20 +00:00
bad
3ef91ecea8 Fix typo in previous and use SIG_IGN as I intended. 2008-12-04 22:30:26 +00:00
tteras
22b0737f30 Explicitly ignore SIGPIPE. Default action on Linux is terminate. 2008-12-02 07:41:43 +00:00
wiz
659c30f2ba Remove empty line. Fix typo. New sentence, new line. 2008-11-28 22:37:44 +00:00
vanhu
0b0a39b9f9 ModeConfig fixes 2008-11-27 15:04:34 +00:00
vanhu
3a74e20575 Set up a default value for Mode Config Pool size if pool address specified but pool size not specified 2008-11-27 15:04:21 +00:00
vanhu
054e0e851d Fixed pool resizing 2008-11-27 15:04:16 +00:00
tteras
f863fa40c3 From Arnaud Ebalard: 
Remove MAXNESTEDSA weirdness. It's probably meant for bundle support which
is not done. When someone actually writes bundle support, the nested SA
stuff would probably be reworked too anyway.
 2008-11-27 11:08:48 +00:00
tteras
1c6c2a3356 From: Matthew Krenzer 
Ability to set pfkey socket buffer size via configuration file directive.
(Indentation and minor fixes by me.)
 2008-11-27 10:53:48 +00:00
bad
e564489300 Document my changes from 2008-11-08 and today. 2008-11-25 22:39:20 +00:00
bad
f798cbf18b Avoid using MSG_NOSIGNAL as it is not available everywhere. 
Ignore SIGPIPE instead.
 2008-11-25 22:38:31 +00:00
bad
d9c51cbeae Ignore unspecified and looback addresses. Ignoring unspecified addresses 
prevents racoon from trying to bind to the wildcard address and specific
addresses simultaneously after e.g. dhclient has changed an interface's
address to 0.0.0.0.
 2008-11-25 22:00:15 +00:00
bad
e7c2314bc8 RTM_DELETE and RTM_IFINFO don't carry info for added or deleted addresses. 
Ignore them silently.
 2008-11-25 21:54:05 +00:00
bad
6db1040de3 Ignoring an unsuitable address is not an error. Therefore log it as 
informational.
Make it clear from the log message that a route message is not interesting.
 2008-11-25 21:50:47 +00:00
bad
220cbdde75 Use insmyaddr() instead of open coding it. 2008-11-25 21:46:12 +00:00
bad
b8d42d186b Do not return erroneously from isakmp_open() when setting IPV6_USE_MIN_MTU 
fails.
 2008-11-25 21:42:36 +00:00
bad
667107700d Keep myaddr.sock at -1 when no socket is opened. 2008-11-25 21:37:11 +00:00
bad
96020e15cb Preserve owner and permissions of original /etc/resolv.conf. 
Ensure that new /etc/resolv.conf isn't group or world writable.
 2008-11-08 13:41:09 +00:00
bad
447613dc6a Print and check INTERNAL_NETMASK4. 2008-11-08 13:38:46 +00:00
bad
aabe06ab2f Make the handling of NAT-T SPD entries automatic. 2008-11-08 13:36:35 +00:00
bad
5a8370eefd Ensure that the determination of the default gateway and the corresponding 
interface don't get confused by multiple, possibly non-IPv4  default routes.
Bring the NetBSD case of deleting the VPN routes and address in line with
the Linux case and delete the address after deleting the VPN routes.
 2008-11-08 13:31:23 +00:00
wiz
a4814aed6a The escape sequence for a backslash is "\e". 2008-11-07 16:51:27 +00:00
reed
a455765d91 Use line continuation for an example. It was too wide for my output 
so was cropped.

Already shared upstream and was told (in September) will be in next
major release.
 2008-11-07 15:50:38 +00:00
vanhu
33dafe234f fixed delsainfo() to avoid a crash when iddst's value is SAINFO_CLIENTADDR 2008-11-06 14:12:28 +00:00
tteras
66f152db75 Add ChangeLog entry about S.P.Zeidler's commit. Fix my name in one place. 2008-11-01 06:55:10 +00:00
spz
334414e667 Changes to ipsecdoi_id2str(): 
struct sockaddr -> struct sockaddr_storage fixes a stack overflow

For non-linklocal addresses the value in 'scope' is garbage and gets
set to zero instead.
 2008-10-29 18:49:45 +00:00
tteras
0c1f013cc5 Fix commit dates to reflect reality. 2008-10-28 19:03:27 +00:00
hubertf
11236c9878 Make sshd find the xauth program, even with the new /usr/X11R7. 
OK'd by christos@
 2008-10-27 08:27:04 +00:00
tteras
ed890caaae From Arnaud Ebalard: 
Add missing return to error path
 2008-10-27 06:27:05 +00:00
tteras
3ff331469e From Francis Dupont (sent by Arnaud Ebalard): 
recognize RTM_IFANNOUNCE
 2008-10-27 06:24:27 +00:00
tteras
a06fc42a2e From Arnaud Ebalard: 
Fix indentation issues for readability
 2008-10-27 06:21:29 +00:00
tteras
b186d55b63 From Arnaud Ebalard: 
initfds() needs to be called only if monitored file descriptor numbers
have changed
 2008-10-27 06:18:08 +00:00
tteras
38962f77a8 From Arnaud Ebalard: 
Remove duplicate declaration
 2008-10-27 06:14:04 +00:00
adrianp
1e802db977 Pull in a fix from the OpenSSL CVS: 
http://cvs.openssl.org/filediff?f=openssl/crypto/x509/x509_att.c&v1=1.14&v2=1.15
This should fix PR #39767 opened by Wolfgang Solfrank
 2008-10-25 12:11:47 +00:00
tteras
ede27c75ad From Krzysztof Piotr Oledzki <olel@ans.pl>: 
Revert parts of 2008-08-06 commit; the problem those changes address are
already handled in a sensible way by Cyrus Rahman's patch from 2008-03-06.
 2008-10-23 10:56:10 +00:00
apb
96230fab84 Use ${TOOL_AWK} instead of ${AWK} or plain "awk" in make commands. 
Pass AWK=${TOOL_AWK:Q} to shell scripts that use awk.
 2008-10-19 22:05:19 +00:00
tteras
ab610e81be Fix a spelling mistake in changelog 2008-10-09 16:44:31 +00:00
tteras
52d4b7db25 From Arnaud Ebalard: remove unnecessary unbindph12() call which is now done in remph2() 2008-10-09 15:53:12 +00:00
tteras
c724d51982 From Arnoud Ebalard <arno@natisbad.org>: 
remove unnecessary unbindph12() call which is now done also in remph2()
 2008-10-09 15:53:11 +00:00
vanhu
105e5049b7 Fixed resending mechanism to have non-ESP marker for retransmitted packets 2008-09-25 09:34:13 +00:00
wiz
e829b0a440 New sentence, new line. 2008-09-19 17:33:24 +00:00
tteras
d1a09d5477 Implement ISAKMP SA rekeying configurable with rekey {on|off|force} option 
in remote conf.
 2008-09-19 11:14:49 +00:00
tteras
fbf62026bb Change struct sched to be allocated be the caller to avoid some memory 
allocations. Optimize scheduling algorithm to not scan all entries in
the main loop.
 2008-09-19 11:01:08 +00:00
christos
7a75c9a543 PR/39233: Taylor R Campbeel: OpenSSH fails to initialize tun(4) tunnels 
correctly.
 2008-09-17 15:45:50 +00:00
vanhu
b383a5b3e4 Fixed port match in purge_ipsec_spi() when NAT-T enabled and trying to purge non NAT-T SAs 2008-09-17 12:39:07 +00:00
vanhu
954f7757c0 Some calls to set_port() were not correctly updated in the previous commit 2008-09-09 11:50:42 +00:00
vanhu
a20b313ea8 From Tomas Mraz: Duplicate addresses in pk_sendxxx functions, as they may be altered for NAT-T stuff. 2008-09-03 16:08:26 +00:00
vanhu
4ead39ef24 Duplicate addresses in pk_sendxxx functions, as they may be altered for NAT-T stuff 2008-09-03 16:08:25 +00:00
tteras
dbd3f137ba - Fix reloading of SPD (Linux satype check, handling of SPD dump responses) 
- Remove some spurious error log message from extract_port()
 2008-09-03 09:57:28 +00:00
lukem
b926b61a73 Comment out __RCSID; this is a host tool and we don't need the Id in the binary. 
Fixes cross-build issue on RHEL5-like Linux.

Arguably we shouldn't even #include <config.h> because that's been created
for the NetBSD target and not the (possibly non-NetBSD) host system,
but that hasn't caused problems so far so I'll leave it for now.
 2008-09-03 07:10:55 +00:00
gmcgarry
dc1f2ff2f9 Eliminate gcc-specific feature of empty structures. 2008-08-29 00:31:37 +00:00
gmcgarry
f3a85cb801 Eliminate superfluous semicolon. 2008-08-29 00:31:00 +00:00
gmcgarry
b4e2d1afdf Eliminate gcc-specific feature of unnamed structures added recently. 2008-08-29 00:30:15 +00:00