Commit Graph

853 Commits

Author SHA1 Message Date
christos
cb9321f06d use intptr_t not U_LONG to cast from a pointer to an int. 2005-11-28 19:08:30 +00:00
christos
bfae00e6c7 use explicitly sized types for U_LLONG U_LONG and LONG; otherwise bn
breaks on 64 bit platforms. The "LONG" openssl wants is really a 32 bit int.
2005-11-28 19:07:42 +00:00
christos
ea39e380db Adjust to the new openssl 2005-11-26 02:32:58 +00:00
christos
b1d8541f7b Add casts. 2005-11-25 22:28:31 +00:00
christos
859fae516a change back to match the openssl original prototype. 2005-11-25 22:22:44 +00:00
christos
c4bfa0c238 XXX: This file does not really belong here.
Add ENGINESDIR define
2005-11-25 20:35:41 +00:00
christos
50a9cbc98b Resolve conflicts:
1. Instead of trying to cleanup the ugly ifdefs, we leave them alone so that
   there are going to be fewer conflicts in the future.
2. Where we make changes to override things #ifdef __NetBSD__ around them
   so that it is clear what we are changing. This is still missing in some
   places, notably in opensslconf.h because it would make things messier.
2005-11-25 19:14:11 +00:00
christos
8dc8acfeef from http://www.openssl.org/source 2005-11-25 03:02:45 +00:00
wiz
11cf64bdd7 New sentence, new line. Remove trailing whitespace.
Mark up paths with .Pa.
2005-11-24 20:23:02 +00:00
manu
7fc03cd9fa Merge ipsec-tools 0.6.3 import 2005-11-21 14:20:29 +00:00
manu
6e7df3c68b From Yves-Alexis Perez: use sysdep_sa_len to make it compile on Linux 2005-11-21 14:20:28 +00:00
manu
c263eb3142 Merge ipsec-tools 0.6.3 import 2005-11-21 14:20:28 +00:00
manu
fdc9ad890d Import IPsec-tools 0.6.3. This fixes several bugs, including bugs that
caused DoS.
2005-11-21 14:11:59 +00:00
manu
982fc9c517 Merge ipsec-tools 0.6.2 import. 2005-10-14 14:01:34 +00:00
manu
a37873eef0 Import ipsec-tools-0.6.2. Here is the ChangeLog since 0.6.1 (most of them
have already been pulled up in NetBSD CVS)
---------------------------------------------

        0.6.2 released

2005-10-14  Yvan Vanhullebus  <vanhu@netasq.com>

        * src/racoon/ipsec_doi.c: don't allow NULL or empty FQDNs or
          USER_FQDNs (problem reported by Bernhard Suttner).

---------------------------------------------

        0.6.2.beta3 released

2005-09-05   Emmanuel Dreyfus  <manu@netbsd.org>

        From Andreas Hasenack <ahasenack@terra.com.br>
        * configure.ac: More build fixes for Linux

---------------------------------------------

        0.6.2.beta2 released

2005-09-04  Emmanuel Dreyfus  <manu@netbsd.org>

        From Wilfried Weissmann
        * src/libipsec/policy_parse.y src/racoon/{ipsec_doi.c|oakley.c}
          src/racoon/{sockmisc.c|sockmisc.h}: build fixes

---------------------------------------------

        0.6.2.beta1 released

2005-09-03  Emmanuel Dreyfus  <manu@netbsd.org>

        From Francis Dupont <Francis.Dupont@enst-bretagne.fr>
        * src/libipsec/pfkey.c src/racoon/pfkey.c: Cope with extensions

2005-08-26  Emmanuel Dreyfus  <manu@netbsd.org>

        * src/racoon/cfparse.y: handle xauth_login correctly
        * src/racoon/isakmp.c: catch internal error
        * src/raccon/isakmp_agg.c: fix racoon as Xauth client
        * src/raccon/{isakmp_agg.c|isakmp_base.c}: Proposal safety checks
        * src/racoon/evt.c: Fix memory leak when event queue overflows

2005-08-23  Emmanuel Dreyfus  <manu@netbsd.org>

        * src/racoon/{isakmp_agg.c|isakmp_ident.c|isakmp_base.c}: Correctly
          initialize NAT-T VID to avoid freeing unallocated stuff.

2005-08-21  Emmanuel Dreyfus  <manu@netbsd.org>

        From Matthias Scheler <matthias.scheler@tadpole.com>
        * src/racoon/{isakmp_cfg.c|racoon.conf.5}: enable the use of
          ISAKMP mode config without Xauth.

2005-09-16  Yvan Vanhullebus  <vanhu@free.fr>

        * src/racoon/policy.c: Do not parse all sptree in inssp() if we
          don't use Policies priority.

2005-08-15  Emmanuel Dreyfus  <manu@netbsd.org>

        From: Thomas Klausner <wiz@netbsd.org>
        src/setkey/setkey.8: Drop trailing spaces
2005-10-14 13:21:42 +00:00
gendalia
decff3d730 Add a preprocessor symbol so we can distinguish fixed openssl
from the vanilla openssl.  Thanks <jlam>.
2005-10-11 21:17:17 +00:00
gendalia
ed304be38e fix openssl 2.0 rollback, CAN-2005-2969
approved by: agc
2005-10-11 18:07:40 +00:00
rpaulo
e3886d37ea Add "openssl_" to man page references if they are available.
Fixes part of PR security/13953. Fixing the rest of the PR requires
adding more man pages.
2005-10-05 23:47:30 +00:00
manu
c557aaf18f Fix bug when using hybrid auth in client mode
make xauth_login work again
add safety checks
2005-09-26 16:24:57 +00:00
christos
e83e36d896 fix spelling from Liam Foy. 2005-09-24 22:45:51 +00:00
christos
b9301b48d0 fix typos. 2005-09-24 17:34:17 +00:00
christos
2192079ea8 use get*_r() 2005-09-24 14:40:59 +00:00
christos
54a773e9d7 Can we please stop using caddr_t? 2005-09-24 14:40:39 +00:00
wiz
e904ea2e97 Drop trailing whitespace. 2005-09-23 19:58:28 +00:00
manu
7e2e2c16ff Correctly initialize NAT-T VID to avoid freeing unallocated space 2005-09-23 14:22:27 +00:00
tron
3cc3e3c7a3 Correct documentation about Mode Config. It now works without XAuth, too.
Patch supplied by Emmanuel Dreyfus on the "ipsec-tools" mailing list.
2005-09-21 15:06:22 +00:00
tron
dc5127a31e Make "Mode Config" work if XAuth is not used. 2005-09-21 12:46:08 +00:00
christos
a6040f634b PR/13738: Johan Danielsson: ssh doesn't look at $HOME 2005-09-18 18:39:05 +00:00
christos
5391e24af6 Make -D behave like -L (obey GatewayPorts). Before it defaulted to listen
to wildcard which is not secure.
2005-09-18 18:27:28 +00:00
christos
218a95c0f2 Document that -D takes bind_address. 2005-09-18 16:22:35 +00:00
wiz
e6f32f6f02 Drop trailing whitespace. 2005-09-15 08:42:09 +00:00
christos
5db1262f0e PR/31261: Mark Davies: ssh invokes xauth with bogus argument 2005-09-09 12:24:37 +00:00
christos
453555bc8b PR/31243: Mark Davies: sshd uses pipes rather than socketpairs, making bash
not execute .bashrc. Since socketpairs work on all NetBSD systems, make it
the default.
2005-09-09 12:20:12 +00:00
elad
8f1a245ebd Use default_md = sha1 in ``req'' section too, so we don't fallback to MD5.
Noted by smb@.
2005-09-01 21:35:25 +00:00
elad
98e0d8f19f SHA1 is a better default than MD5.
Discussed with Steven M. Bellovin.
Closes PR/30395.
2005-08-27 12:32:15 +00:00
manu
0b97cbeb71 Update to ipsec-tools 0.6.1 2005-08-20 00:57:06 +00:00
manu
96ae7759c9 Import ipsec-tools 0.6.1 2005-08-20 00:40:43 +00:00
wiz
c8f5575b45 End sentence with a dot. 2005-08-14 09:25:08 +00:00
wiz
c91d1d213a Drop trailing whitespace. 2005-08-07 11:19:35 +00:00
manu
111c13fe24 Resolve conflicts caused by recent ipsec-tools-0.6.1rc1 import by prefering
the newer software. Some useful local change might have been overwritten,
we'll take care of this soon.
2005-08-07 09:38:45 +00:00
manu
df08b9e74a Update ipsec-tools to 0.6.1rc1
Most of the changes since 0.6b4 have already been committed to the NetBSD
tree. This upgrade fixes some IPcomp and NAT-T related problems that were
left unadressed in the NetBSD tree.
2005-08-07 08:46:11 +00:00
christos
1a191ad79e PR/29862: Denis Lagno: sshd segfaults with long keys
The problem was that the rsa fips validation code did not allocate long
enough buffers, so it was trashing the stack.
2005-07-30 00:38:40 +00:00
he
182dc837b5 Move a variable declaration to the variable declaration section of
the enclosing block from within the middle of active code, so that
this compiles with older gcc.  Fixes build problem for vax.
2005-07-14 11:26:57 +00:00
manu
b0602a2f44 Add safety checks for informational messages 2005-07-12 21:33:01 +00:00
tron
50c09443b0 Backout botched patch, approved by Emmanuel Dreyfus. 2005-07-12 19:17:37 +00:00
manu
132d72e25b Add SHA2 support 2005-07-12 16:49:52 +00:00
manu
7736ad81cf Add comments on how to use the hook scripts without NAT-T 2005-07-12 16:33:27 +00:00
manu
ecb971f5f8 Don't wipe out IKE ports for SA update as it breaks things: the SA is taken
from an existing SA and already has matching IKE ports.
2005-07-12 16:24:29 +00:00
manu
91b9c188b3 Add support for alrogithms with non OpenSSL default key sizes 2005-07-12 14:51:07 +00:00
manu
e0dd78cfbd Don't use adminport when it is disabled 2005-07-12 14:15:39 +00:00