Aren
/
NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
144,408 Commits 606 Branches 0 Tags 3.1 GiB
Commit Graph

857 Commits

Author SHA1 Message Date
elad 98e0d8f19f SHA1 is a better default than MD5. 
Discussed with Steven M. Bellovin.
Closes PR/30395.
 2005-08-27 12:32:15 +00:00
manu 0b97cbeb71 Update to ipsec-tools 0.6.1 2005-08-20 00:57:06 +00:00
manu 96ae7759c9 Import ipsec-tools 0.6.1 2005-08-20 00:40:43 +00:00
wiz c8f5575b45 End sentence with a dot. 2005-08-14 09:25:08 +00:00
wiz c91d1d213a Drop trailing whitespace. 2005-08-07 11:19:35 +00:00
manu 111c13fe24 Resolve conflicts caused by recent ipsec-tools-0.6.1rc1 import by prefering 
the newer software. Some useful local change might have been overwritten,
we'll take care of this soon.
 2005-08-07 09:38:45 +00:00
manu df08b9e74a Update ipsec-tools to 0.6.1rc1 
Most of the changes since 0.6b4 have already been committed to the NetBSD
tree. This upgrade fixes some IPcomp and NAT-T related problems that were
left unadressed in the NetBSD tree.
 2005-08-07 08:46:11 +00:00
christos 1a191ad79e PR/29862: Denis Lagno: sshd segfaults with long keys 
The problem was that the rsa fips validation code did not allocate long
enough buffers, so it was trashing the stack.
 2005-07-30 00:38:40 +00:00
he 182dc837b5 Move a variable declaration to the variable declaration section of 
the enclosing block from within the middle of active code, so that
this compiles with older gcc.  Fixes build problem for vax.
 2005-07-14 11:26:57 +00:00
manu b0602a2f44 Add safety checks for informational messages 2005-07-12 21:33:01 +00:00
tron 50c09443b0 Backout botched patch, approved by Emmanuel Dreyfus. 2005-07-12 19:17:37 +00:00
manu 132d72e25b Add SHA2 support 2005-07-12 16:49:52 +00:00
manu 7736ad81cf Add comments on how to use the hook scripts without NAT-T 2005-07-12 16:33:27 +00:00
manu ecb971f5f8 Don't wipe out IKE ports for SA update as it breaks things: the SA is taken 
from an existing SA and already has matching IKE ports.
 2005-07-12 16:24:29 +00:00
manu 91b9c188b3 Add support for alrogithms with non OpenSSL default key sizes 2005-07-12 14:51:07 +00:00
manu e0dd78cfbd Don't use adminport when it is disabled 2005-07-12 14:15:39 +00:00
manu 4c94bccce3 Set IKE ports to 0 in SA when NAT-T is not in use. This fixes problems 
when NAT-T is disabled
 2005-07-12 14:14:46 +00:00
manu 929f80643d Safety checks on informational messages 2005-07-12 14:13:10 +00:00
manu 8bc1e3c0ac pkcs7 support 2005-07-12 14:12:20 +00:00
tron d3544c4e45 Document that "aes" can be used for IKE and ESP encryption. 2005-07-07 12:34:17 +00:00
christos eb8e3b9ad4 Add proper casts. Fix a problem where (uint32_t < ~0). Cast both ~0's to 
u_int, since this is what the author intended.
 2005-06-28 16:12:41 +00:00
christos ca496ece2e - Add lint comments 
- Fix bad casts.
- Comment out unused variables.
 2005-06-28 16:04:54 +00:00
christos a1625e9ee8 Fix an error I introduced in the previous commit. The length could be 0. 
Also parenthesize an expression properly.
 2005-06-28 16:03:09 +00:00
christos 444efb36db deal with casting/caddr_t stupidity. It is not 1980 anymore and people should 
start using void *, instead of caddr_t.
 2005-06-27 03:19:45 +00:00
christos 983e538712 Collect externs into one file instead of duplicating them everywhere. 2005-06-26 23:49:31 +00:00
christos dd8cdde018 Fix compiler warnings. 2005-06-26 23:34:26 +00:00
christos fba8d9ce60 Fix some of the pointer abuse, and add some const. Not done yet. 2005-06-26 21:14:08 +00:00
manu dd3259cec0 NAT-T fix: We treat null ports in SPD as wildcard so that IKE ports 
are used instead. This was done on phase 2 initiation from the kernel
(acquire message), but not on phase 2 initiation retries when the
phase 2 had been queued  for a phase 1.
 2005-06-22 21:28:18 +00:00
manu 13ca728372 Consume NAT-T packets that have already been seen through MSG_PEEK 2005-06-15 07:29:20 +00:00
chs 7bbdd188e1 appease gcc -Wuninitialized on hp700. 2005-06-05 19:08:28 +00:00
manu 6ec5a5a9b7 Fix Xauth login with PAM authentication 2005-06-04 22:09:27 +00:00
manu 2c39301c40 Endianness bug fix 2005-06-04 21:55:05 +00:00
manu 311dff8be0 Missing 0th element in rm_idtype2doi array 2005-06-03 22:27:06 +00:00
lukem d687f4502c appease gcc -Wuninitialized 2005-06-02 04:59:17 +00:00
lukem 936a4cd73f Don't attempt to close a random file descriptor upon error. 
Detected with gcc -Wuninitialized.
 2005-06-02 04:57:33 +00:00
lukem 08ef6270ca appease gcc -Wuninitialized 2005-06-02 04:56:14 +00:00
lukem 89f4d29f7d Appease gcc -Wuninitialized, in a similar method used elsewhere in the 
same function.
 2005-06-02 04:43:45 +00:00
lukem 6e3cdc676d appease gcc -Wuninitialized 2005-06-01 12:07:00 +00:00
wiz 8bf012821a Drop trailing whitespace. 2005-05-25 16:57:39 +00:00
wiz bf77c4e4b3 Drop trailing whitespace and a grammar fix. 2005-05-25 10:09:36 +00:00
manu bd592e6e99 Really delete phase 1 on Xauth failure 2005-05-20 07:34:47 +00:00
manu 48fade8581 Fix NAT-T plus IPcomp 2005-05-20 01:28:13 +00:00
manu c6660c31c6 Fix parse bug in IPsec policies 2005-05-20 00:57:33 +00:00
manu 2e090d4afb When altering the lifetime, don't modify to configured proposal, duplicate 
it instead.
 2005-05-20 00:54:55 +00:00
christos 137ea645ec PR/30198: Lubomir Sedlacik: The forwarding listening host is optional; don't 
try to free it.
 2005-05-18 16:11:11 +00:00
manu 6add206c2f - Fix a double free 
- For acquire messages, when NAT-T is in use, consider null port as a
  wildcard and use IKE port
 2005-05-13 14:09:44 +00:00
manu a5a80e2b4d Update sample config file to higher security settings 2005-05-10 10:22:03 +00:00
manu aed94b2d22 Add two Cisco extensions for pushing PFS group and save password 
setting throug ISAKMP mode config
 2005-05-10 09:54:43 +00:00
manu db7c068992 proposal_check fixes: 
- fix claim behavior in phase 1
- also check lifebyte
 2005-05-10 09:23:36 +00:00
lukem 56b6919254 Remove a stale #endif, and add one missing at EOF. 
Noticed by code inspection and confirming by diffing against the vendor source.
The previous code compiled, but it certainly wouldn't have DTRT ...
 2005-05-08 23:30:46 +00:00
christos 0a3fafc305 Update PAM from the "portable openssh" 4.0p1 2005-05-08 21:15:04 +00:00
he 8d29e11e90 Add a prototype for getph2bysaddr(), fixes build problem for isakmp.c. 2005-05-08 14:14:18 +00:00
manu 873e8e21a9 More NAT-T fixes for the situation where racoon acts as a VPN client 
Flush SA and generated SP on DPD timeout and deletion payloads
 2005-05-08 08:57:26 +00:00
manu 63a609062e From Manisha Malla <mmanisha@novell.com>: 
fix unsigned int checked for being negative
 2005-05-04 17:23:10 +00:00
manu 8bf053b3f3 on phase 2 acquire, lookup phase 2 by (src, dst, policy id) so that 
multiple SA can be used in transport mode

While I'm there, patch ipsec-tools ChangeLog to reflect the changes we
took from ipsec-tools-0_6-branch
 2005-05-03 21:08:47 +00:00
uwe f3b48582e5 return statements in void functions make lint very confused. 2005-04-27 22:38:56 +00:00
manu 10802677c9 Bug fixes from the ipsec-tools 0.6 branch: 
- Fix NAT-T problems that prevented multiple peers behind the same NAT
  to talk to the same machine outside the NAT. This also require kernel
  fixes (already committed eralier)
- Fix a LP64 bug
- Fix NAT-T RFC conformance bugs (missing non ESP marker in packets)
- Add a -p option to setkey to display ports that could be used for ESP
  over UDP when printing policies
 2005-04-27 05:19:49 +00:00
matt d627c3edde Don't emit struct units [] anymore. emit a struct units * const foo and 
in the C file initialize that to the static list.
 2005-04-25 17:20:51 +00:00
matt 5ac7f26c22 Emit headers with #include <parse_units.h> so that struct units is defined 
so that extern struct units <foo> will not cause errors with gcc4.x
 2005-04-25 01:25:25 +00:00
kleink 14fc3b7ba8 Fix printf format/argument mismatch. 2005-04-24 13:31:01 +00:00
christos a8090b3963 add back moduli 2005-04-23 21:12:47 +00:00
christos 31ed567522 resolve conflicts. 2005-04-23 19:31:14 +00:00
christos ed314b4eb0 from www.openssl.org 2005-04-23 19:10:56 +00:00
christos 0df7655544 bring back files that this update removed. 2005-04-23 16:55:03 +00:00
christos 8471a3b7da resolve conflicts. 2005-04-23 16:53:28 +00:00
christos 70917d9a4b Import OpenSSH 4.0 from ftp.openbsd.org 2005-04-23 16:28:01 +00:00
manu 6845962b31 Fix simple DES support (security problems for racoon to racoon setups) 
Fix broken generated policies flush
 2005-04-19 19:42:08 +00:00
christos 97b2d3b1c8 check for pwd != NULL in getpwnam_r. From John Nemeth. 2005-04-19 12:55:31 +00:00
manu d3e5d568cd Fix SA lifebyte check 2005-04-18 11:15:01 +00:00
wiz e35111eeee Some more minor changes, ok manu@. 2005-04-17 01:03:46 +00:00
wiz 1390e25dcf Some more English improvements after feedback from manu@; more formatting. 2005-04-15 13:23:58 +00:00
wiz 6e35cd769e Improve English in comments. 2005-04-15 11:10:32 +00:00
wiz 0f822df19c Improve english, improve formatting, sort options. 2005-04-15 10:58:11 +00:00
wiz c0259e4629 Grammar fixes & improvements. 2005-04-14 11:47:26 +00:00
wiz 57066c3ab7 Grammar improvements. 2005-04-14 11:41:53 +00:00
wiz 097b641d74 kerberos -> Kerberos. 2005-04-14 11:35:08 +00:00
wiz 1b303684c3 Fix typo. 2005-04-14 11:34:37 +00:00
wiz 6b53ca1794 all SA -> all SAs. 2005-04-14 10:31:35 +00:00
wiz 6e903fbf59 New sentence, new line; some other dot fixes found during line breaking. 2005-04-14 10:30:28 +00:00
wiz 1131da3fb1 Use capitalized spelling of NetBSD. 2005-04-14 10:26:40 +00:00
wiz 6e8a3f159a Add LIBRARY section. 2005-04-14 10:25:58 +00:00
wiz 863b095e57 Punctuation nits. 2005-04-14 10:24:43 +00:00
wiz 0fb9995f39 Use Bq instead of []. 2005-04-14 10:24:18 +00:00
wiz 75b3bff7ae Punctuation nits. 2005-04-14 10:23:38 +00:00
wiz dd317f6217 Use .In for header files. 2005-04-14 10:22:11 +00:00
wiz 9e8d46e23b No dot at end of SEE ALSO; Xr fixes. 2005-04-14 10:21:22 +00:00
wiz 9582558bf7 Mostly punctuation nits; break line after Xr arguments. 2005-04-14 10:20:01 +00:00
wiz 954b6abb72 Fix Dd and Dt arguments; fix two more typos; add comma in SEE ALSO; 
format author with An/Aq.
 2005-04-14 10:15:58 +00:00
wiz 2299aab679 We want .Os without argument. 2005-04-14 10:13:10 +00:00
wiz f6b271af05 Add missing .Os. 2005-04-14 10:13:03 +00:00
wiz 472d87499c Uncomment xref to racoonctl. 2005-04-14 10:11:32 +00:00
wiz acc79b78a6 hexa-decimal -> hexadecimal. 2005-04-14 10:07:35 +00:00
wiz db0843b173 Add an article, and 2nd -> second. 2005-04-14 10:07:10 +00:00
wiz f7c1b62f03 Use Xr for chroot. 2005-04-14 10:06:32 +00:00
wiz d0e3ae6a43 oakley -> Oakley. 2005-04-14 10:05:45 +00:00
wiz caf942511e aspell 2005-04-14 10:04:17 +00:00
wiz 2ea3f3fa43 Drop trailing whitespace. 2005-04-14 09:47:12 +00:00
wiz 03a7a7234a New sentence, new line. Remove Os argument (we are not KAME). 
NetBSD -> Nx. Use Sx for section cross-references.
 2005-04-13 23:12:01 +00:00
wiz 6cd6ff42d8 Drop trailing whitespace. 2005-04-13 23:09:35 +00:00
manu 5a6c417352 Resurrect TCP-MD5 support. This fixes bin/29915 2005-04-10 21:20:55 +00:00