Aren
/
NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
182,887 Commits 606 Branches 0 Tags 3.1 GiB
Commit Graph

1612 Commits

Author SHA1 Message Date
tteras ea830abf58 Don't print EAGAIN error from pfkey_handler(), it can occur normally 
under some code paths and is not a hard error in any case.
 2009-08-10 08:22:13 +00:00
tteras c2919dd501 From Paul Wenau: Check fgets return value in setkey to make gcc happy. 2009-08-06 04:44:43 +00:00
christos bb8cb2851b resolve conflicts 2009-08-05 18:38:21 +00:00
christos 86adef1b84 import 20090805 snapshot. 2009-08-05 18:31:57 +00:00
tteras 4180506456 From Paul Wernau: Fix transport mode per-port security associations that 
got broke during NAT-T fixes.
 2009-08-05 13:16:01 +00:00
joerg 15895248c1 Use OpenSSL's SHA256 support directly. 2009-08-03 20:56:25 +00:00
mrg 03f1126058 set SSHDIST to the new location. HI CHRISTOS! 2009-07-21 00:47:23 +00:00
christos e97383ebc1 Don't lets this linger around forever. Causes hidden bugs. 2009-07-20 22:55:47 +00:00
christos d7ed66ca45 make tests compile! 2009-07-20 20:41:05 +00:00
christos 71cfba1556 ssh has moved (a long time ago) 2009-07-20 17:39:01 +00:00
christos 75efea6592 bump libcrypto and friends; OpenSSL abi change: do_cipher last argument 
changed from u_int to size_t. Affects _LP64 only.
 2009-07-20 17:30:52 +00:00
christos 35bdca4d17 use the proper libcrypto 2009-07-20 15:48:16 +00:00
christos 58e8878cb5 use the proper libcrypto 2009-07-20 15:43:51 +00:00
christos 9610bc301c make sha256/512 binary compatible with the libc version which we now use. 2009-07-20 15:34:49 +00:00
christos c9c3cfbcf5 catch up with openssl's abi change. do_cipher length changed from u_int to 
size_t.
 2009-07-20 15:33:44 +00:00
christos 22505a154a add openssl 2009-07-19 23:44:20 +00:00
christos e3aebf9996 new openssl 2009-07-19 23:43:46 +00:00
christos 2e69c03e37 openssl moved 2009-07-19 23:34:00 +00:00
christos 75534b786a Add one more generated file and install in /usr/bin 2009-07-19 23:33:34 +00:00
christos 49d46fa3c8 - add build glue 
- apply our changes
 2009-07-19 23:30:37 +00:00
christos a89c9211e5 import new openssl snapshot 2009-07-19 23:01:17 +00:00
apb 87c0c2be33 Add missing va_start before varargs processing. 
Part of PR 41255 from Kurt Lidl.
 2009-07-14 20:54:25 +00:00
tteras aab4a00722 From Arnaud Ebalard: Fix possible usage of uninitialized local variable 
(not sure if any code path triggers this, but this makes compiler happy).
 2009-07-07 12:25:22 +00:00
agc 51e16c73a5 Move the null file checks for sign/verify/encrypt/decrypt down into the 
library itself. Update the regression test script to add some tests.
 2009-07-07 01:13:07 +00:00
agc 1eddadf4f7 Add two more items to the TODO list 2009-07-07 01:12:06 +00:00
spz 1513d3badc fix break for non-64bit systems due to non-applying macro resp variable 
having crept in with the last patch.
ok martin, compile tested mbalmer and martin
 2009-07-05 11:35:53 +00:00
tonnerre a75354f443 Fix various vulnerabilities in OpenSSL which have not previously been 
addressed: CVE-2009-1377, CVE-2009-1378, CVE-2009-1379, CVE-2009-1386
and CVE-2009-1387.

Changes deal mostly with size checking of various elements and fixes
to various error paths.
 2009-07-04 19:52:10 +00:00
tteras 3d0db58d61 Get rid of the evil CMPSADDR macro. Trac #295. 2009-07-03 06:41:46 +00:00
tteras edd4f79009 From Yvan Vanhullebus: Use SADB_X_EXT_NAT_T_* consistently for passing the 
NAT-T port information. This might break compatibility with some kernels,
but as discussed this is the proper way to pass NAT-T ports and the broken
kernels need to be fixed.
 2009-07-03 06:40:10 +00:00
agc 0ff3383f59 Check that a filename has been given, where one has required. Fixes a bug 
reported by Mark Kirby.
 2009-06-30 18:54:20 +00:00
tonnerre f7384c4a6a Add special handling for CBC cipher modes to make them appear less favorable 
than CTR modes. Also, in order to avoid creating oracles unnecessarily,
change behavior in various situations from "Drop connection" to "Ignore
packets up to 256kB". This affects CBC mode ciphers only.

Patch from OpenBSD.
 2009-06-29 22:52:13 +00:00
tteras a8d702d9b1 Fix a call to null pointer: in some cases, the unmonitor_fd can be called 
from another fd's callback. That could lead to still have callback pending
after unmonitoring the fd resulting in a call to null pointer.
This is fixed by making unmonitor_fd now clear the pending fd_set too.
Bug was introduced by my commit in 2008-12-23.
 2009-06-24 11:28:48 +00:00
christos f48c7833ea PR/41628: Jukka Salmi: OpenSSL's c_rehash can't find openssl binary 2009-06-23 14:08:02 +00:00
martin 14c9b3749d Actually use the new (non-shortcut) functions for SHA224 2009-06-16 11:15:29 +00:00
joerg a44a031cb3 Don't take short cuts and use the SHA224 functions to compute SHA224. 
At least for Final it makes a difference in some situation.
 2009-06-14 14:18:35 +00:00
agc f72138f83a Don't complain if $HOME/.gnupg does not exist (and using --homedir). 
Don't require a userid to be set in the gpg.conf file - it can be set
on the command line when it's needed (for signing and encryption, the
other operations in netpgp(1) will take the userid from the
signed/encrypted file).

Add tests for the lack of a default userid in the config file.
 2009-06-13 05:25:08 +00:00
agc d1923dbd04 add 3 more niggles (from Luke) 
check whether a callback function is needed
 2009-06-12 04:12:25 +00:00
agc b655c49f3f Update to version 1.99.12 
CHANGES 1.99.11 -> 1.99.12

+ only prompt for the passphrase for the secret key if the secret key is
  protected by a passphrase
+ portability fix for Mac OS X
 2009-06-11 17:05:17 +00:00
agc 6808773a84 Remove workaround not needed any more. 2009-06-11 06:45:11 +00:00
agc 7478ab55e5 + only prompt for the passphrase for the secret key if the secret key is 
protected by a passphrase
 2009-06-11 04:57:51 +00:00
lukem 0a833e378f Use grep to search for specific error messages rather than expecting 
the entire command stderr to never change.
 2009-06-11 02:55:35 +00:00
lukem 87ffa43d9a Run the "diff of expected output" in a separate AT_CHECK instead of 
using the 'run-if-pass' section; this correctly detects failure.
 2009-06-11 02:48:20 +00:00
lukem b042093ed7 (ab)use --pass-fd to avoid the passphrase prompt 2009-06-11 02:36:38 +00:00
lukem efcb034d7c Use AT_TESTED 
Modify the PATH to the build dir instead of hardcoding NETPGP* vars.
 2009-06-11 02:28:50 +00:00
lukem 99f0a62f6e two items I want and/or am working on with Al. 2009-06-11 01:17:43 +00:00
agc 9b75345600 CHANGES 1.99.10 -> 1.99.11 
+ address keys array from 0 with unsigned indices
+ print results to io->res stream - default to stderr, and set using
	netpgp_setvar(..., "results", filename)
+ __ops_keyid()'s third arg was always the size of the keyid array - no need
  to pass it
+ get rid of the excessive type-checking in packet-show-cast.h, which wasn't
  necessary, and fold all the show routines into packet-show.c
+ introduce a generic __ops_new() and use it for some structure allocation
 2009-06-11 01:12:42 +00:00
agc 380fd10dc6 Add netpgpkeys to the programs to build, and list the keys in the current 
keyring as another test.
 2009-06-10 16:38:21 +00:00
agc 14f8874ae5 Update userland programs to be able to use the "results" file 2009-06-10 16:37:41 +00:00
agc 01f9a2cc5c Add a separate res output stream for results, and print results to it. 
This is settable from userlevel by using
	netpgp_setvar(..., "results", filename)
 2009-06-10 16:36:23 +00:00
njoly 260e7036e1 Make _PATH_XAUTH use X11BASE prefix again, instead of hard-coded 
"/usr/X11R6".
 2009-06-10 16:14:29 +00:00