aa9b8479a9
From Rainer Weikusat <rweikusat@mobileactivedefense.com>: Enhance splitnet
...
environment variable string value generation.
2012-01-10 12:07:30 +00:00
59bb0b8307
Bump date for previous.
2012-01-09 15:41:21 +00:00
4fa381bcb2
allow setkey(8) set and display the ESP fragment size in the NAT-T case,
...
userland part of PR kern/44952 by Wolfgang Stukenbrock, just changed
the "frag" option name to "esp_frag", for consistency to the existing
option of similar effect in racoon(8)
2012-01-09 15:25:13 +00:00
8d8e2b7310
Bump date for previous.
2012-01-04 16:30:50 +00:00
8fd6dadaf8
include <netipsec/ipsec.h> rather than <netinet6/ipsec.h> from userland
...
where possible, for consistency and compatibility to FreeBSD
(exception: KAME specific statistics gathering in netstat(1) and systat(1))
2012-01-04 16:09:40 +00:00
3712f81ced
-consistently use "char *" for the compiled policy buffer in the
...
ipsec_*_policy() functions, as it was documented and used by clients
-remove "ipsec_policy_t" which was undocumented and only present
in the KAME version of the ipsec.h header
-misc cleanup of historical artefacts, and to remove unnecessary
differences between KAME ans FAST_IPSEC
2012-01-04 15:55:35 +00:00
2713c54c73
From Rainer Weikusat <rweikusat@mobileactivedefense.com>: Fix one byte too
...
short memory allocation in isakmp_unity.c:splitnet_list_2str().
2012-01-01 17:31:42 +00:00
11e30c248c
From Wolfgang Schmieder <wolfgang@die-schmieders.de>: Fix default NAT-T
...
port for listen { isakmp_natt } config directive.
2012-01-01 16:14:11 +00:00
40d768bf75
From Wolfgang Schmieder <wolfgang@die-schmieders.de>: Fix various typos in
...
comments and log messages. Fix default port used in copy_ph1addresses().
2012-01-01 15:57:31 +00:00
dbe8969919
Fix myaddr_getsport() to return -1 if no suitable address is found. This is
...
used in pfkey.c:pk_recvacquire() to check if IKE negotiation should be
started or not.
2012-01-01 15:54:51 +00:00
838cfe4724
Fix the previous commit.
2012-01-01 15:44:06 +00:00
b448c51c51
From Wolfgang Schmieder <wolfgang@die-schmieders.de>: Fix memory leaks from
...
configuration reading code, and clean up error handling.
2012-01-01 15:29:28 +00:00
0a7daa593d
fixed some crashes in LIST_FOREACH where current element could be removed during the loop
2011-11-17 14:41:55 +00:00
3efedf2ce7
Bump date for new tls option.
2011-11-15 19:15:58 +00:00
c7d190f034
From Vincent Bernat <bernat@luffy.cx>: TLS support for LDAP
2011-11-15 13:51:23 +00:00
84d53e8c5d
From Marcelo Leitner <mleitner@redhat.com>: do not shrink pfkey socket
...
buffers (if system default is larger than what we want as minimum)
2011-11-14 13:24:04 +00:00
a09a6d0cd5
From Rainer Weikusat <rweikusat@mobileactivedefense.com>: Release unused
...
phase2 of passive remotes after acquire.
2011-10-11 14:50:15 +00:00
4c2f40f96a
From Wolfgang Schmieder <wolfgang.schmieder@honeywell.com>: setup phase1
...
port properly.
2011-10-11 14:37:17 +00:00
cbb586e05f
Allow inherited remote blocks without additional remote statements to
...
be specified in a simpler way. patch by Roman Hoog Antink <rha@open.ch>
2011-08-19 05:36:47 +00:00
cd00f2949d
Have privilege separation child process exit if the parent exits.
2011-08-12 05:21:50 +00:00
b9e08c16fb
replace questionable pointer games which could cause reads of
...
uninitialized memory, from Wolfgang Stukenbrock per PR bin/44951
2011-05-27 18:00:21 +00:00
0a8dabda40
pull in AES-GCM/GMAC support from OpenBSD
...
This is still somewhat experimental. Tested between 2 similar boxes
so far. There is much potential for performance improvement. For now,
I've changed the gmac code to accept any data alignment, as the "char *"
pointer suggests. As the code is practically used, 32-bit alignment
can be assumed, at the cost of data copies. I don't know whether
bytewise access or copies are worse performance-wise. For efficient
implementations using SSE2 instructions on x86, even stricter
alignment requirements might arise.
2011-05-26 21:50:02 +00:00
e20f01d499
Bump date for previous.
2011-05-24 08:54:40 +00:00
fed8f3aa3c
update draft-ipsec-* -> RFC
...
clarify a sentence
2011-05-23 16:00:07 +00:00
45d5b08c5f
fix prototype.
2011-05-15 17:13:23 +00:00
2337f22d7b
fixed a memory leak in oakley_append_rmconf_cr() while generating plist. patch by Roman Hoog Antink <rha@open.ch>
2011-03-17 14:42:58 +00:00
949304356c
free name later, to avoid a memory use after free in oakley_check_certid(). also give iph1->remote to some plog() calls. patch by Roman Hoog Antink <rha@open.ch>
2011-03-17 14:39:06 +00:00
ebfca0c74d
fixed a memory leak in oakley_check_certid(). patch by Roman Hoog Antink <rha@open.ch>
2011-03-17 14:35:24 +00:00
5279815e7c
directly call isakmp_ph1delete() instead of scheduling isakmp_ph1delete_stub(), as it is useless an can lead to memory access after free
2011-03-15 13:20:14 +00:00
4e499ee605
Explicitly compare return value of cmpsaddr() against a return value
...
define to make it more obvious what is the intended action. One more
return value is also added, to fix comparison of security policy
descriptors. Namely, getsp() should not allow wildcard matching (as the
comment says, it does exact matching) - otherwise we get problems when
kernel has generic policy with no ports, and a second similar policy with
ports.
2011-03-14 17:18:12 +00:00
fd67cc6416
avoid some memory leaks / free memory access when reloading conf and have inherited config. patch from Roman Hoog Antink <rha@open.ch>
2011-03-14 15:50:36 +00:00
ba228a2812
removed an useless comment
2011-03-14 14:54:07 +00:00
7683f452c1
check if we got RMCONF_ERR_MULTIPLE from getrmconf_by_ph1() in revalidate_ph1tree_rmconf()
2011-03-14 09:19:23 +00:00
ffa3b61f55
directly delete a ph1 in remove_ph1-) instead of scheduling it, to avoid (completely ?) a race condition when reloading configuration
2011-03-11 14:30:07 +00:00
349228b78c
Quiet a gcc warning when strict-aliasing checks are enabled. Reported by
...
Stephen Clark.
2011-03-06 08:28:10 +00:00
65023b30e4
flush sainfo list when closing session. patch by Roman Hoog Antink <rha@open.ch>
2011-03-02 15:09:16 +00:00
7e1e999bc0
free rsa structures when deleting a struct rmconf. patch by Roman Hoog Antink <rha@open.ch>
2011-03-02 15:04:01 +00:00
78c9c4b8d1
free spspec when deleting a rmconf struct. patch by Roman Hoog Antink <rha@open.ch>
2011-03-02 14:58:27 +00:00
82409028c9
fixed some memory leaks in remoteconf. patch by Roman Hoog Antink <rha@open.ch>
2011-03-02 14:52:32 +00:00
ff2e315ab3
fixed some memory leaks during configuration parsing. patch by Roman Hoog Antink <rha@open.ch>
2011-03-02 14:49:21 +00:00
acd79fcecf
plog text fixes, patch from M E Andersson <debian@gisladisker.se>
2011-03-01 14:33:58 +00:00
3b9e5ba27f
reset yyerrorcount before doing parse stuff. patch by Roman Hoog Antink <rha@open.ch>
2011-03-01 14:14:50 +00:00
004dc7976f
From Roman Hoog Antink <rha@open.ch>: Fix memory leak when using plain RSA
...
key authentication.
2011-02-20 17:32:02 +00:00
093488593b
From Mats E Andersson <debian@gisladisker.se>: Fix fprintf format specifier
...
usage from previous patch.
2011-02-11 10:07:19 +00:00
1f21513187
From Mats Erik Andersson <debian@gisladisker.se>: Implement importing of
...
RSA keys from PEM files.
2011-02-10 11:20:08 +00:00
6615d57c07
From M E Andersson <debian@gisladisker.se>: Fix parsing of restricted RSA
...
key addresses.
2011-02-10 11:17:17 +00:00
bfe163c1a3
store ph1id in an u_int32_t instead of a (signed)int. Patch from Christophe Carre
2011-02-02 15:21:34 +00:00
2ee6d137de
From Roman Hoog Antink <rha@open.ch>: Clean up sainfo reloading: rename
...
the functions, and remove unneeded global variable.
2011-01-28 13:02:34 +00:00
5d9b9d50e9
From Roman Hoog Antink <rha@open.ch>: Clean up rmconf reloading: rename
...
the functions, and remove unneeded global variable.
2011-01-28 13:00:14 +00:00
c54595ebf5
From Roman Hoog Antink <rha@open.ch>: Log remote IP address if available
...
(slightly modified by tteras)
2011-01-28 12:51:40 +00:00
tteras