Aren
/
NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
201,578 Commits 606 Branches 0 Tags 3.1 GiB
Commit Graph

1511 Commits

Author SHA1 Message Date
drochner b9e08c16fb replace questionable pointer games which could cause reads of 
uninitialized memory, from Wolfgang Stukenbrock per PR bin/44951
 2011-05-27 18:00:21 +00:00
drochner 0a8dabda40 pull in AES-GCM/GMAC support from OpenBSD 
This is still somewhat experimental. Tested between 2 similar boxes
so far. There is much potential for performance improvement. For now,
I've changed the gmac code to accept any data alignment, as the "char *"
pointer suggests. As the code is practically used, 32-bit alignment
can be assumed, at the cost of data copies. I don't know whether
bytewise access or copies are worse performance-wise. For efficient
implementations using SSE2 instructions on x86, even stricter
alignment requirements might arise.
 2011-05-26 21:50:02 +00:00
wiz e20f01d499 Bump date for previous. 2011-05-24 08:54:40 +00:00
drochner fed8f3aa3c update draft-ipsec-* -> RFC 
clarify a sentence
 2011-05-23 16:00:07 +00:00
christos 45d5b08c5f fix prototype. 2011-05-15 17:13:23 +00:00
wiz ce5b3bb1f9 Heimdal is not an OS. 2011-04-28 14:04:02 +00:00
njoly 6f070d3570 Add missing quotes. 2011-03-21 15:04:18 +00:00
vanhu 2337f22d7b fixed a memory leak in oakley_append_rmconf_cr() while generating plist. patch by Roman Hoog Antink <rha@open.ch> 2011-03-17 14:42:58 +00:00
vanhu 949304356c free name later, to avoid a memory use after free in oakley_check_certid(). also give iph1->remote to some plog() calls. patch by Roman Hoog Antink <rha@open.ch> 2011-03-17 14:39:06 +00:00
vanhu ebfca0c74d fixed a memory leak in oakley_check_certid(). patch by Roman Hoog Antink <rha@open.ch> 2011-03-17 14:35:24 +00:00
vanhu 5279815e7c directly call isakmp_ph1delete() instead of scheduling isakmp_ph1delete_stub(), as it is useless an can lead to memory access after free 2011-03-15 13:20:14 +00:00
tteras 4e499ee605 Explicitly compare return value of cmpsaddr() against a return value 
define to make it more obvious what is the intended action. One more
return value is also added, to fix comparison of security policy
descriptors. Namely, getsp() should not allow wildcard matching (as the
comment says, it does exact matching) - otherwise we get problems when
kernel has generic policy with no ports, and a second similar policy with
ports.
 2011-03-14 17:18:12 +00:00
vanhu fd67cc6416 avoid some memory leaks / free memory access when reloading conf and have inherited config. patch from Roman Hoog Antink <rha@open.ch> 2011-03-14 15:50:36 +00:00
vanhu ba228a2812 removed an useless comment 2011-03-14 14:54:07 +00:00
njoly a5664dbb36 Fix Kerberos prefix in xrefs (krb55 -> krb5). 2011-03-14 12:31:13 +00:00
vanhu 7683f452c1 check if we got RMCONF_ERR_MULTIPLE from getrmconf_by_ph1() in revalidate_ph1tree_rmconf() 2011-03-14 09:19:23 +00:00
njoly c35f59108f Fix compile_et section (3 -> 1). 2011-03-11 15:33:22 +00:00
vanhu ffa3b61f55 directly delete a ph1 in remove_ph1-) instead of scheduling it, to avoid (completely ?) a race condition when reloading configuration 2011-03-11 14:30:07 +00:00
tteras 349228b78c Quiet a gcc warning when strict-aliasing checks are enabled. Reported by 
Stephen Clark.
 2011-03-06 08:28:10 +00:00
vanhu 65023b30e4 flush sainfo list when closing session. patch by Roman Hoog Antink <rha@open.ch> 2011-03-02 15:09:16 +00:00
vanhu 7e1e999bc0 free rsa structures when deleting a struct rmconf. patch by Roman Hoog Antink <rha@open.ch> 2011-03-02 15:04:01 +00:00
vanhu 78c9c4b8d1 free spspec when deleting a rmconf struct. patch by Roman Hoog Antink <rha@open.ch> 2011-03-02 14:58:27 +00:00
vanhu 82409028c9 fixed some memory leaks in remoteconf. patch by Roman Hoog Antink <rha@open.ch> 2011-03-02 14:52:32 +00:00
vanhu ff2e315ab3 fixed some memory leaks during configuration parsing. patch by Roman Hoog Antink <rha@open.ch> 2011-03-02 14:49:21 +00:00
vanhu acd79fcecf plog text fixes, patch from M E Andersson <debian@gisladisker.se> 2011-03-01 14:33:58 +00:00
vanhu 3b9e5ba27f reset yyerrorcount before doing parse stuff. patch by Roman Hoog Antink <rha@open.ch> 2011-03-01 14:14:50 +00:00
tteras 004dc7976f From Roman Hoog Antink <rha@open.ch>: Fix memory leak when using plain RSA 
key authentication.
 2011-02-20 17:32:02 +00:00
tteras 093488593b From Mats E Andersson <debian@gisladisker.se>: Fix fprintf format specifier 
usage from previous patch.
 2011-02-11 10:07:19 +00:00
tteras 1f21513187 From Mats Erik Andersson <debian@gisladisker.se>: Implement importing of 
RSA keys from PEM files.
 2011-02-10 11:20:08 +00:00
tteras 6615d57c07 From M E Andersson <debian@gisladisker.se>: Fix parsing of restricted RSA 
key addresses.
 2011-02-10 11:17:17 +00:00
vanhu bfe163c1a3 store ph1id in an u_int32_t instead of a (signed)int. Patch from Christophe Carre 2011-02-02 15:21:34 +00:00
dholland dd4195805d fix grammar in the same sentence as the previous patch, noted by jdc 2011-01-31 09:57:29 +00:00
dholland 5d365068fe typo fix, from Ryo HAYASAKA in PR 44495. 2011-01-31 06:05:54 +00:00
jnemeth 0af302156e PR/44482 - Ryo HAYASAKA -- typo 2011-01-29 04:00:19 +00:00
tteras 2ee6d137de From Roman Hoog Antink <rha@open.ch>: Clean up sainfo reloading: rename 
the functions, and remove unneeded global variable.
 2011-01-28 13:02:34 +00:00
tteras 5d9b9d50e9 From Roman Hoog Antink <rha@open.ch>: Clean up rmconf reloading: rename 
the functions, and remove unneeded global variable.
 2011-01-28 13:00:14 +00:00
tteras c54595ebf5 From Roman Hoog Antink <rha@open.ch>: Log remote IP address if available 
(slightly modified by tteras)
 2011-01-28 12:51:40 +00:00
wiz ba222fd491 Fix typo in Nd. From Ryo HAYASAKA in PR 44462. 2011-01-26 09:56:51 +00:00
tteras 79764be6dd From Roman Hoog Antink <rha@open.ch>: Fixes a null pointer dereference 
that might occur after removing peers from the config and then reloading.
 2011-01-22 07:38:51 +00:00
vanhu 4d9d52d8fa fixed a typo, it will now compile when KMADDRESS is defined. reported by Roman Hoog Antink (rha (at) open.ch) 2011-01-20 16:08:35 +00:00
tteras 785cabdaf2 From Roman Hoog Antink <rha@open.ch>: Fix config reload to not delete 
too many phase 2 handles, because wrong chain field is used when
enumerating the handles.
 2010-12-28 06:00:18 +00:00
gdt f1cf9a1e3b When encountering a certificate where "ID mismatched with ASN1 
SubjectName", and verify_identifier is off, don't raise an error.
This makes the behavior match the man page.

Patch sent for review long ago:
  http://mail-index.netbsd.org/tech-security/2006/03/24/0000.html
with no negative feedback received to date.
 2010-12-16 16:59:05 +00:00
tteras 566286569e From Roman Hoog Antink <rha@open.ch>: Fix possible null derefence. 2010-12-14 17:57:31 +00:00
tteras 0303048b1e Use separate SA addresses for phase2's created by admin command. The 
phase2 startup overwrites src/dst with ISAKMP ports if they are zero
and we don't want that to happen for the SA ports.
 2010-12-08 07:38:35 +00:00
joerg 0d0af5032c ANSIfy 2010-12-08 01:55:12 +00:00
joerg 6536213d9e Don't format an error and pass it down as format string again. 2010-12-08 01:45:57 +00:00
joerg 75ccf94c1f Remove useless conditional. 2010-12-07 22:08:27 +00:00
tteras 1246e1db41 Fix spacing and improve wording in some log messages. 2010-12-07 14:28:12 +00:00
tteras b3dca9dae4 Recognize direction for Linux per-socket policies. 2010-12-03 15:01:11 +00:00
tteras 7d13a088be Support GRE key as upper layer protocol specifier (will be supported in 
Linux kernel 2.6.38).
 2010-12-03 14:32:52 +00:00