Aren
/
NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
153,607 Commits 606 Branches 0 Tags 3.1 GiB
Commit Graph

1010 Commits

Author SHA1 Message Date
christos 387e0d89ab ftp www.openssl.org 2006-06-03 01:43:51 +00:00
christos b8b11c345a ftp www.openssl.org 2006-06-03 01:39:48 +00:00
oster 4f500646a9 Add a missing ')' to fix the example code. Already fixed in openssl upstream. 2006-05-24 16:44:34 +00:00
christos d46617757a XXX: GCC uninitialized variable 2006-05-14 02:40:03 +00:00
christos b943fcf792 XXX: GCC uninitialized variables 2006-05-14 02:17:32 +00:00
mrg f8418c0954 use socklen_t where appropriate. 2006-05-11 11:54:14 +00:00
mrg 54e9f4ccbc wait_until_can_do_something() wants u_int * for it's 4th argument. 2006-05-11 09:27:06 +00:00
mrg 965a873335 avoid lvalue casts. 2006-05-11 00:05:45 +00:00
mrg 4d2c417597 quell GCC 4.1 uninitialised variable warnings. 
XXX: we should audit the tree for which old ones are no longer needed
after getting the older compilers out of the tree..
 2006-05-11 00:04:07 +00:00
mrg 084c052803 quell GCC 4.1 uninitialised variable warnings. 
XXX: we should audit the tree for which old ones are no longer needed
after getting the older compilers out of the tree..
 2006-05-10 21:53:14 +00:00
mrg 0c37c63edc change (mostly) int to socklen_t. GCC 4 doesn't like that int and 
socklen_t are different signness.
 2006-05-09 20:18:05 +00:00
tsutsui 4cd8515cfc Add a NetBSD RCS ID. 2006-04-15 13:43:11 +00:00
wiz 83620ded04 Remove references to KerberosIV. 2006-03-23 19:58:03 +00:00
elad 504a2dd02c Pull in from djm@OpenBSD: 
remove IV support from the CRC attack detector, OpenSSH has never used
it - it only applied to IDEA-CFB, which we don't support.

Thanks to deraadt@OpenBSD for looking into this one.
 2006-03-22 23:04:39 +00:00
christos e13746b11b Fix krb4 compilation (although krb4 is removed, this leaves the code compiling) 2006-03-21 00:01:29 +00:00
elad dc4926056e plug leak, coverity cid 2014. 2006-03-20 16:42:34 +00:00
elad 204152ace9 plug leak, coverity cid 2027. 2006-03-20 16:41:46 +00:00
elad 04b503af06 plug leaks, coverity cids 2030, 2031. 2006-03-20 16:40:25 +00:00
elad 3a008ccc30 plug leak, coverity cid 2019. 2006-03-20 16:39:05 +00:00
elad 9266948705 plug leaks, coverity cids 2012, 2013. 2006-03-20 16:36:31 +00:00
elad 14c3ee98a9 fix null deref, coverity cid 953. 2006-03-20 16:31:45 +00:00
christos 85e611dd01 Goodbye KerberosIV 2006-03-20 04:03:10 +00:00
christos 1db63daa9d fix compilation after des.h change. The countdown to krb4 has started. 2006-03-20 02:18:59 +00:00
christos e4547e1148 Coverity CID 1904: Don't leak memory on error. 2006-03-19 22:49:59 +00:00
christos a09bebd7da Don't forget to free reply on failure. 2006-03-19 22:45:03 +00:00
christos 5ebcdaa51a Add casts to compile again. 2006-03-19 21:45:33 +00:00
christos 4ea32734dc Make this compile again, before I nuke it from orbit. 2006-03-19 21:01:17 +00:00
elad 2ff3564ba8 fix memory leak, coverity cid 2032. 2006-03-19 16:48:36 +00:00
elad 0a2d3f7a19 fix memory leaks, coverity cid 2016. 2006-03-19 16:47:09 +00:00
elad f6bc7e7627 fix memory leaks, coverity cids 2028, 2029. 2006-03-19 16:40:32 +00:00
elad 2741a951b4 fix fd leak, coverity cid 2015. 2006-03-19 16:33:26 +00:00
elad be71d6bbfd fix null deref, coverity cid 1341. 2006-03-19 16:29:43 +00:00
elad 8a41610291 fix null deref, coverity cid 1339. 2006-03-19 16:23:19 +00:00
elad 28788b89c7 fix null deref, coverity cid 1340. 2006-03-19 16:20:47 +00:00
christos d5b9c02e8c add a semi colon. 2006-03-19 08:00:19 +00:00
christos 4fcb2eb6de Coveriry CID 1998: Fix memory leak. 2006-03-18 22:17:48 +00:00
elad 6c6e841e30 Don't dereference NULL pointer, found by Coverity, CID 954. 2006-03-18 21:09:57 +00:00
dan ccd53bd92b reform a loop to be prettier and appease coverity CID 2618 2006-03-18 10:41:24 +00:00
jnemeth 79787ff03b Fix Coverity run 5, issue 2021 -- memory leak. 
Approved by christos@.
 2006-03-18 10:22:46 +00:00
jnemeth 1f89beeb43 Fix Coverity run 5, issue 1966 -- memory leak 
Approved by christos@.
 2006-03-18 10:19:09 +00:00
is 2de2502171 Make sure the right error is reported later, if all socket() calls fail. 
If we close the invalid sock, we'll report EBADF later in that case.
 2006-03-01 15:39:00 +00:00
is 6aece482c0 On non-fatal errors (identified: EPROTONOTSUPPORT), don't output the 
error message unless debugging - the error for the last address tried
will be shown anyway, and earlier errors without context are only confusing
the user.
 2006-03-01 15:18:09 +00:00
christos dd8ccf5b99 Add a namespace.h to rename the most conflict inducing names from libssh. 
Idea from thorpej.
 2006-02-13 16:49:33 +00:00
he e245f48109 The sig_atomic_t type is not guaranteed to be printf-compatible 
with %d, so cast to int before printing it.
 2006-02-08 23:08:13 +00:00
christos 55c58b142d bring in new file needed from the portable openssh. 2006-02-04 22:32:54 +00:00
christos fab0e5bf66 resolve conflicts 2006-02-04 22:32:13 +00:00
christos c7a1af8c71 From ftp.openbsd.org. 2006-02-04 22:22:31 +00:00
elad ef2fdd1d7f qsieve(6) -> qsieve(1) 2006-01-24 19:16:53 +00:00
wiz 7e91ac6596 Sort SEE ALSO. 2006-01-22 00:33:27 +00:00
elad 7db6fc6be2 xref qsieve(6). 2006-01-19 23:31:09 +00:00
manu 7f50c0a531 make software behave as the documentation advertise for INTERNAL_NETMASK4. 
Keep the old INTERNAL_MASK4 to avoid breaking backward compatibility.
 2006-01-07 23:51:50 +00:00
christos aa419ec271 enable cryptodev. 2005-12-31 00:08:34 +00:00
christos e1a76ccb7e netbsd has issetugid() 2005-12-31 00:07:26 +00:00
jmc 06b42f5e66 Redo previous rework to generate yacc/lex output again and remove generated 
copies from the import as they don't compile clean across all archs.
 2005-12-16 16:25:07 +00:00
martin 07c3097258 Allow archs to override BF_PTR 2005-12-13 09:50:52 +00:00
martin 3804e42335 Back out bn/bn.h rev. 1.9: 
> use explicitly sized types for U_LLONG U_LONG and LONG; otherwise bn
> breaks on 64 bit platforms. The "LONG" openssl wants is really a 32 bit int.

Instead define SIXTY_FOUR_BIT_LONG where apropriate.
Regression tests still pass on sparc64 and i386. Furthermore this allows
us to finaly close PR 28935 (thanks to christos for removing the local
hacks on last import).
 2005-12-12 19:50:26 +00:00
manu a5b1c92448 Add NAT ports to SAD in setkey so that NAT SAD entries generated by 
racoon can be removed by hand.
 2005-12-04 20:46:40 +00:00
christos cb9321f06d use intptr_t not U_LONG to cast from a pointer to an int. 2005-11-28 19:08:30 +00:00
christos bfae00e6c7 use explicitly sized types for U_LLONG U_LONG and LONG; otherwise bn 
breaks on 64 bit platforms. The "LONG" openssl wants is really a 32 bit int.
 2005-11-28 19:07:42 +00:00
christos ea39e380db Adjust to the new openssl 2005-11-26 02:32:58 +00:00
christos b1d8541f7b Add casts. 2005-11-25 22:28:31 +00:00
christos 859fae516a change back to match the openssl original prototype. 2005-11-25 22:22:44 +00:00
christos c4bfa0c238 XXX: This file does not really belong here. 
Add ENGINESDIR define
 2005-11-25 20:35:41 +00:00
christos 50a9cbc98b Resolve conflicts: 
1. Instead of trying to cleanup the ugly ifdefs, we leave them alone so that
   there are going to be fewer conflicts in the future.
2. Where we make changes to override things #ifdef __NetBSD__ around them
   so that it is clear what we are changing. This is still missing in some
   places, notably in opensslconf.h because it would make things messier.
 2005-11-25 19:14:11 +00:00
christos 8dc8acfeef from http://www.openssl.org/source 2005-11-25 03:02:45 +00:00
wiz 11cf64bdd7 New sentence, new line. Remove trailing whitespace. 
Mark up paths with .Pa.
 2005-11-24 20:23:02 +00:00
manu 7fc03cd9fa Merge ipsec-tools 0.6.3 import 2005-11-21 14:20:29 +00:00
manu 6e7df3c68b From Yves-Alexis Perez: use sysdep_sa_len to make it compile on Linux 2005-11-21 14:20:28 +00:00
manu c263eb3142 Merge ipsec-tools 0.6.3 import 2005-11-21 14:20:28 +00:00
manu fdc9ad890d Import IPsec-tools 0.6.3. This fixes several bugs, including bugs that 
caused DoS.
 2005-11-21 14:11:59 +00:00
manu 982fc9c517 Merge ipsec-tools 0.6.2 import. 2005-10-14 14:01:34 +00:00
manu a37873eef0 Import ipsec-tools-0.6.2. Here is the ChangeLog since 0.6.1 (most of them 
have already been pulled up in NetBSD CVS)
---------------------------------------------

        0.6.2 released

2005-10-14  Yvan Vanhullebus  <vanhu@netasq.com>

        * src/racoon/ipsec_doi.c: don't allow NULL or empty FQDNs or
          USER_FQDNs (problem reported by Bernhard Suttner).

---------------------------------------------

        0.6.2.beta3 released

2005-09-05   Emmanuel Dreyfus  <manu@netbsd.org>

        From Andreas Hasenack <ahasenack@terra.com.br>
        * configure.ac: More build fixes for Linux

---------------------------------------------

        0.6.2.beta2 released

2005-09-04  Emmanuel Dreyfus  <manu@netbsd.org>

        From Wilfried Weissmann
        * src/libipsec/policy_parse.y src/racoon/{ipsec_doi.c|oakley.c}
          src/racoon/{sockmisc.c|sockmisc.h}: build fixes

---------------------------------------------

        0.6.2.beta1 released

2005-09-03  Emmanuel Dreyfus  <manu@netbsd.org>

        From Francis Dupont <Francis.Dupont@enst-bretagne.fr>
        * src/libipsec/pfkey.c src/racoon/pfkey.c: Cope with extensions

2005-08-26  Emmanuel Dreyfus  <manu@netbsd.org>

        * src/racoon/cfparse.y: handle xauth_login correctly
        * src/racoon/isakmp.c: catch internal error
        * src/raccon/isakmp_agg.c: fix racoon as Xauth client
        * src/raccon/{isakmp_agg.c|isakmp_base.c}: Proposal safety checks
        * src/racoon/evt.c: Fix memory leak when event queue overflows

2005-08-23  Emmanuel Dreyfus  <manu@netbsd.org>

        * src/racoon/{isakmp_agg.c|isakmp_ident.c|isakmp_base.c}: Correctly
          initialize NAT-T VID to avoid freeing unallocated stuff.

2005-08-21  Emmanuel Dreyfus  <manu@netbsd.org>

        From Matthias Scheler <matthias.scheler@tadpole.com>
        * src/racoon/{isakmp_cfg.c|racoon.conf.5}: enable the use of
          ISAKMP mode config without Xauth.

2005-09-16  Yvan Vanhullebus  <vanhu@free.fr>

        * src/racoon/policy.c: Do not parse all sptree in inssp() if we
          don't use Policies priority.

2005-08-15  Emmanuel Dreyfus  <manu@netbsd.org>

        From: Thomas Klausner <wiz@netbsd.org>
        src/setkey/setkey.8: Drop trailing spaces
 2005-10-14 13:21:42 +00:00
gendalia decff3d730 Add a preprocessor symbol so we can distinguish fixed openssl 
from the vanilla openssl.  Thanks <jlam>.
 2005-10-11 21:17:17 +00:00
gendalia ed304be38e fix openssl 2.0 rollback, CAN-2005-2969 
approved by: agc
 2005-10-11 18:07:40 +00:00
rpaulo e3886d37ea Add "openssl_" to man page references if they are available. 
Fixes part of PR security/13953. Fixing the rest of the PR requires
adding more man pages.
 2005-10-05 23:47:30 +00:00
manu c557aaf18f Fix bug when using hybrid auth in client mode 
make xauth_login work again
add safety checks
 2005-09-26 16:24:57 +00:00
christos e83e36d896 fix spelling from Liam Foy. 2005-09-24 22:45:51 +00:00
christos b9301b48d0 fix typos. 2005-09-24 17:34:17 +00:00
christos 2192079ea8 use get*_r() 2005-09-24 14:40:59 +00:00
christos 54a773e9d7 Can we please stop using caddr_t? 2005-09-24 14:40:39 +00:00
wiz e904ea2e97 Drop trailing whitespace. 2005-09-23 19:58:28 +00:00
manu 7e2e2c16ff Correctly initialize NAT-T VID to avoid freeing unallocated space 2005-09-23 14:22:27 +00:00
tron 3cc3e3c7a3 Correct documentation about Mode Config. It now works without XAuth, too. 
Patch supplied by Emmanuel Dreyfus on the "ipsec-tools" mailing list.
 2005-09-21 15:06:22 +00:00
tron dc5127a31e Make "Mode Config" work if XAuth is not used. 2005-09-21 12:46:08 +00:00
christos a6040f634b PR/13738: Johan Danielsson: ssh doesn't look at $HOME 2005-09-18 18:39:05 +00:00
christos 5391e24af6 Make -D behave like -L (obey GatewayPorts). Before it defaulted to listen 
to wildcard which is not secure.
 2005-09-18 18:27:28 +00:00
christos 218a95c0f2 Document that -D takes bind_address. 2005-09-18 16:22:35 +00:00
wiz e6f32f6f02 Drop trailing whitespace. 2005-09-15 08:42:09 +00:00
christos 5db1262f0e PR/31261: Mark Davies: ssh invokes xauth with bogus argument 2005-09-09 12:24:37 +00:00
christos 453555bc8b PR/31243: Mark Davies: sshd uses pipes rather than socketpairs, making bash 
not execute .bashrc. Since socketpairs work on all NetBSD systems, make it
the default.
 2005-09-09 12:20:12 +00:00
elad 8f1a245ebd Use default_md = sha1 in ``req'' section too, so we don't fallback to MD5. 
Noted by smb@.
 2005-09-01 21:35:25 +00:00
elad 98e0d8f19f SHA1 is a better default than MD5. 
Discussed with Steven M. Bellovin.
Closes PR/30395.
 2005-08-27 12:32:15 +00:00
manu 0b97cbeb71 Update to ipsec-tools 0.6.1 2005-08-20 00:57:06 +00:00
manu 96ae7759c9 Import ipsec-tools 0.6.1 2005-08-20 00:40:43 +00:00
wiz c8f5575b45 End sentence with a dot. 2005-08-14 09:25:08 +00:00
wiz c91d1d213a Drop trailing whitespace. 2005-08-07 11:19:35 +00:00
manu 111c13fe24 Resolve conflicts caused by recent ipsec-tools-0.6.1rc1 import by prefering 
the newer software. Some useful local change might have been overwritten,
we'll take care of this soon.
 2005-08-07 09:38:45 +00:00
manu df08b9e74a Update ipsec-tools to 0.6.1rc1 
Most of the changes since 0.6b4 have already been committed to the NetBSD
tree. This upgrade fixes some IPcomp and NAT-T related problems that were
left unadressed in the NetBSD tree.
 2005-08-07 08:46:11 +00:00
christos 1a191ad79e PR/29862: Denis Lagno: sshd segfaults with long keys 
The problem was that the rsa fips validation code did not allocate long
enough buffers, so it was trashing the stack.
 2005-07-30 00:38:40 +00:00
he 182dc837b5 Move a variable declaration to the variable declaration section of 
the enclosing block from within the middle of active code, so that
this compiles with older gcc.  Fixes build problem for vax.
 2005-07-14 11:26:57 +00:00
manu b0602a2f44 Add safety checks for informational messages 2005-07-12 21:33:01 +00:00
tron 50c09443b0 Backout botched patch, approved by Emmanuel Dreyfus. 2005-07-12 19:17:37 +00:00
manu 132d72e25b Add SHA2 support 2005-07-12 16:49:52 +00:00
manu 7736ad81cf Add comments on how to use the hook scripts without NAT-T 2005-07-12 16:33:27 +00:00
manu ecb971f5f8 Don't wipe out IKE ports for SA update as it breaks things: the SA is taken 
from an existing SA and already has matching IKE ports.
 2005-07-12 16:24:29 +00:00
manu 91b9c188b3 Add support for alrogithms with non OpenSSL default key sizes 2005-07-12 14:51:07 +00:00
manu e0dd78cfbd Don't use adminport when it is disabled 2005-07-12 14:15:39 +00:00
manu 4c94bccce3 Set IKE ports to 0 in SA when NAT-T is not in use. This fixes problems 
when NAT-T is disabled
 2005-07-12 14:14:46 +00:00
manu 929f80643d Safety checks on informational messages 2005-07-12 14:13:10 +00:00
manu 8bc1e3c0ac pkcs7 support 2005-07-12 14:12:20 +00:00
tron d3544c4e45 Document that "aes" can be used for IKE and ESP encryption. 2005-07-07 12:34:17 +00:00
christos eb8e3b9ad4 Add proper casts. Fix a problem where (uint32_t < ~0). Cast both ~0's to 
u_int, since this is what the author intended.
 2005-06-28 16:12:41 +00:00
christos ca496ece2e - Add lint comments 
- Fix bad casts.
- Comment out unused variables.
 2005-06-28 16:04:54 +00:00
christos a1625e9ee8 Fix an error I introduced in the previous commit. The length could be 0. 
Also parenthesize an expression properly.
 2005-06-28 16:03:09 +00:00
christos 444efb36db deal with casting/caddr_t stupidity. It is not 1980 anymore and people should 
start using void *, instead of caddr_t.
 2005-06-27 03:19:45 +00:00
christos 983e538712 Collect externs into one file instead of duplicating them everywhere. 2005-06-26 23:49:31 +00:00
christos dd8cdde018 Fix compiler warnings. 2005-06-26 23:34:26 +00:00
christos fba8d9ce60 Fix some of the pointer abuse, and add some const. Not done yet. 2005-06-26 21:14:08 +00:00
manu dd3259cec0 NAT-T fix: We treat null ports in SPD as wildcard so that IKE ports 
are used instead. This was done on phase 2 initiation from the kernel
(acquire message), but not on phase 2 initiation retries when the
phase 2 had been queued  for a phase 1.
 2005-06-22 21:28:18 +00:00
manu 13ca728372 Consume NAT-T packets that have already been seen through MSG_PEEK 2005-06-15 07:29:20 +00:00
chs 7bbdd188e1 appease gcc -Wuninitialized on hp700. 2005-06-05 19:08:28 +00:00
manu 6ec5a5a9b7 Fix Xauth login with PAM authentication 2005-06-04 22:09:27 +00:00
manu 2c39301c40 Endianness bug fix 2005-06-04 21:55:05 +00:00
manu 311dff8be0 Missing 0th element in rm_idtype2doi array 2005-06-03 22:27:06 +00:00
lukem d687f4502c appease gcc -Wuninitialized 2005-06-02 04:59:17 +00:00
lukem 936a4cd73f Don't attempt to close a random file descriptor upon error. 
Detected with gcc -Wuninitialized.
 2005-06-02 04:57:33 +00:00
lukem 08ef6270ca appease gcc -Wuninitialized 2005-06-02 04:56:14 +00:00
lukem 89f4d29f7d Appease gcc -Wuninitialized, in a similar method used elsewhere in the 
same function.
 2005-06-02 04:43:45 +00:00
lukem 6e3cdc676d appease gcc -Wuninitialized 2005-06-01 12:07:00 +00:00
wiz 8bf012821a Drop trailing whitespace. 2005-05-25 16:57:39 +00:00
wiz bf77c4e4b3 Drop trailing whitespace and a grammar fix. 2005-05-25 10:09:36 +00:00
manu bd592e6e99 Really delete phase 1 on Xauth failure 2005-05-20 07:34:47 +00:00
manu 48fade8581 Fix NAT-T plus IPcomp 2005-05-20 01:28:13 +00:00
manu c6660c31c6 Fix parse bug in IPsec policies 2005-05-20 00:57:33 +00:00
manu 2e090d4afb When altering the lifetime, don't modify to configured proposal, duplicate 
it instead.
 2005-05-20 00:54:55 +00:00
christos 137ea645ec PR/30198: Lubomir Sedlacik: The forwarding listening host is optional; don't 
try to free it.
 2005-05-18 16:11:11 +00:00
manu 6add206c2f - Fix a double free 
- For acquire messages, when NAT-T is in use, consider null port as a
  wildcard and use IKE port
 2005-05-13 14:09:44 +00:00
manu a5a80e2b4d Update sample config file to higher security settings 2005-05-10 10:22:03 +00:00
manu aed94b2d22 Add two Cisco extensions for pushing PFS group and save password 
setting throug ISAKMP mode config
 2005-05-10 09:54:43 +00:00
manu db7c068992 proposal_check fixes: 
- fix claim behavior in phase 1
- also check lifebyte
 2005-05-10 09:23:36 +00:00
lukem 56b6919254 Remove a stale #endif, and add one missing at EOF. 
Noticed by code inspection and confirming by diffing against the vendor source.
The previous code compiled, but it certainly wouldn't have DTRT ...
 2005-05-08 23:30:46 +00:00
christos 0a3fafc305 Update PAM from the "portable openssh" 4.0p1 2005-05-08 21:15:04 +00:00
he 8d29e11e90 Add a prototype for getph2bysaddr(), fixes build problem for isakmp.c. 2005-05-08 14:14:18 +00:00
manu 873e8e21a9 More NAT-T fixes for the situation where racoon acts as a VPN client 
Flush SA and generated SP on DPD timeout and deletion payloads
 2005-05-08 08:57:26 +00:00
manu 63a609062e From Manisha Malla <mmanisha@novell.com>: 
fix unsigned int checked for being negative
 2005-05-04 17:23:10 +00:00
manu 8bf053b3f3 on phase 2 acquire, lookup phase 2 by (src, dst, policy id) so that 
multiple SA can be used in transport mode

While I'm there, patch ipsec-tools ChangeLog to reflect the changes we
took from ipsec-tools-0_6-branch
 2005-05-03 21:08:47 +00:00
uwe f3b48582e5 return statements in void functions make lint very confused. 2005-04-27 22:38:56 +00:00
manu 10802677c9 Bug fixes from the ipsec-tools 0.6 branch: 
- Fix NAT-T problems that prevented multiple peers behind the same NAT
  to talk to the same machine outside the NAT. This also require kernel
  fixes (already committed eralier)
- Fix a LP64 bug
- Fix NAT-T RFC conformance bugs (missing non ESP marker in packets)
- Add a -p option to setkey to display ports that could be used for ESP
  over UDP when printing policies
 2005-04-27 05:19:49 +00:00
matt d627c3edde Don't emit struct units [] anymore. emit a struct units * const foo and 
in the C file initialize that to the static list.
 2005-04-25 17:20:51 +00:00
matt 5ac7f26c22 Emit headers with #include <parse_units.h> so that struct units is defined 
so that extern struct units <foo> will not cause errors with gcc4.x
 2005-04-25 01:25:25 +00:00