Aren
/
NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
184,021 Commits 606 Branches 0 Tags 3.1 GiB
Commit Graph

1629 Commits

Author SHA1 Message Date
tls be6d3543e4 Remove -I line for no longer extant directory. The OpenSSL libraries 
built here, unsurprisingly enough, still build and work exactly the
same.
 2009-09-23 04:02:28 +00:00
tteras ff2c7b7d5c From Tomas Mraz: Fix gssapi error checking. 2009-09-18 10:31:11 +00:00
tteras 63bcd231eb When rekeying phase2 use phase1 used to negotiate phase2 as a hint to 
select the phase1 for rekeying the new phase2.
 2009-09-03 09:29:07 +00:00
tteras ae0beb16dc Check nat_traversal configuration from remote configuration candidates 
when acting as responder. Enable NAT-T if any of the remote candidates
have NAT-T enabled.
 2009-09-01 12:22:09 +00:00
tteras 5e74d5d98f Change remote conf matching level to matching score. This way one can 
override anonymous certificate block config with more exact "inhereted"
IP specific block.
 2009-09-01 09:49:59 +00:00
tteras 43e6802298 From Maik Broemme: export ISAKMP SA identity as REMOTE_ID for phase1 up 
script (trac #313).
 2009-09-01 09:24:21 +00:00
vanhu b7f72d1283 fixed typo: algoriym -> algorithm 2009-08-24 09:33:03 +00:00
vanhu a3d9e80f96 fixed address check in rmconf_match_type(), just check address with wildcard port 2009-08-19 13:54:07 +00:00
tteras 95f3bd08bb Have an enum for rmconf_match_type() return values to make the code a bit 
more readable.
 2009-08-19 12:20:02 +00:00
vanhu e2ffc89458 typo: algoritym -> algorithm 2009-08-18 08:21:12 +00:00
dyoung 40ca2d34bc Delete trailing whitespace. 2009-08-17 22:58:28 +00:00
vanhu eb15fbb554 do not use SADB_X_NAT_T_NEW_MAPPING to check system support for NAT-T, as at least FreeBSD doesn't have this define anymore 2009-08-17 13:52:14 +00:00
vanhu 82dd0659f2 include stddef.h so we have a chance to get the system offsetof if present 2009-08-17 12:00:53 +00:00
vanhu c2c64af1e8 removed a self include 2009-08-17 11:59:10 +00:00
christos 13492ada53 This code is really broken. It allocates struct sockaddr on the stack 
and expects to work with IPV6. Tell the hints that we only want IPV4
for now, so that we don't try to bind to an IPV6 address as returned
by getaddrinfo, and then we bash in V4 in the family!
jeez
 2009-08-15 01:25:54 +00:00
christos e70d1f0896 don't try to free a buffer that came from the arguments, make a copy instead. 
This can happen if we specify --port
 2009-08-15 01:03:03 +00:00
vanhu 0667dd70bd fixed a potential DoS in oakley_do_decrypt(), reported by Orange Labs 2009-08-13 09:18:28 +00:00
tteras ea830abf58 Don't print EAGAIN error from pfkey_handler(), it can occur normally 
under some code paths and is not a hard error in any case.
 2009-08-10 08:22:13 +00:00
tteras c2919dd501 From Paul Wenau: Check fgets return value in setkey to make gcc happy. 2009-08-06 04:44:43 +00:00
christos bb8cb2851b resolve conflicts 2009-08-05 18:38:21 +00:00
christos 86adef1b84 import 20090805 snapshot. 2009-08-05 18:31:57 +00:00
tteras 4180506456 From Paul Wernau: Fix transport mode per-port security associations that 
got broke during NAT-T fixes.
 2009-08-05 13:16:01 +00:00
joerg 15895248c1 Use OpenSSL's SHA256 support directly. 2009-08-03 20:56:25 +00:00
mrg 03f1126058 set SSHDIST to the new location. HI CHRISTOS! 2009-07-21 00:47:23 +00:00
christos e97383ebc1 Don't lets this linger around forever. Causes hidden bugs. 2009-07-20 22:55:47 +00:00
christos d7ed66ca45 make tests compile! 2009-07-20 20:41:05 +00:00
christos 71cfba1556 ssh has moved (a long time ago) 2009-07-20 17:39:01 +00:00
christos 75efea6592 bump libcrypto and friends; OpenSSL abi change: do_cipher last argument 
changed from u_int to size_t. Affects _LP64 only.
 2009-07-20 17:30:52 +00:00
christos 35bdca4d17 use the proper libcrypto 2009-07-20 15:48:16 +00:00
christos 58e8878cb5 use the proper libcrypto 2009-07-20 15:43:51 +00:00
christos 9610bc301c make sha256/512 binary compatible with the libc version which we now use. 2009-07-20 15:34:49 +00:00
christos c9c3cfbcf5 catch up with openssl's abi change. do_cipher length changed from u_int to 
size_t.
 2009-07-20 15:33:44 +00:00
christos 22505a154a add openssl 2009-07-19 23:44:20 +00:00
christos e3aebf9996 new openssl 2009-07-19 23:43:46 +00:00
christos 2e69c03e37 openssl moved 2009-07-19 23:34:00 +00:00
christos 75534b786a Add one more generated file and install in /usr/bin 2009-07-19 23:33:34 +00:00
christos 49d46fa3c8 - add build glue 
- apply our changes
 2009-07-19 23:30:37 +00:00
christos a89c9211e5 import new openssl snapshot 2009-07-19 23:01:17 +00:00
apb 87c0c2be33 Add missing va_start before varargs processing. 
Part of PR 41255 from Kurt Lidl.
 2009-07-14 20:54:25 +00:00
tteras aab4a00722 From Arnaud Ebalard: Fix possible usage of uninitialized local variable 
(not sure if any code path triggers this, but this makes compiler happy).
 2009-07-07 12:25:22 +00:00
agc 51e16c73a5 Move the null file checks for sign/verify/encrypt/decrypt down into the 
library itself. Update the regression test script to add some tests.
 2009-07-07 01:13:07 +00:00
agc 1eddadf4f7 Add two more items to the TODO list 2009-07-07 01:12:06 +00:00
spz 1513d3badc fix break for non-64bit systems due to non-applying macro resp variable 
having crept in with the last patch.
ok martin, compile tested mbalmer and martin
 2009-07-05 11:35:53 +00:00
tonnerre a75354f443 Fix various vulnerabilities in OpenSSL which have not previously been 
addressed: CVE-2009-1377, CVE-2009-1378, CVE-2009-1379, CVE-2009-1386
and CVE-2009-1387.

Changes deal mostly with size checking of various elements and fixes
to various error paths.
 2009-07-04 19:52:10 +00:00
tteras 3d0db58d61 Get rid of the evil CMPSADDR macro. Trac #295. 2009-07-03 06:41:46 +00:00
tteras edd4f79009 From Yvan Vanhullebus: Use SADB_X_EXT_NAT_T_* consistently for passing the 
NAT-T port information. This might break compatibility with some kernels,
but as discussed this is the proper way to pass NAT-T ports and the broken
kernels need to be fixed.
 2009-07-03 06:40:10 +00:00
agc 0ff3383f59 Check that a filename has been given, where one has required. Fixes a bug 
reported by Mark Kirby.
 2009-06-30 18:54:20 +00:00
tonnerre f7384c4a6a Add special handling for CBC cipher modes to make them appear less favorable 
than CTR modes. Also, in order to avoid creating oracles unnecessarily,
change behavior in various situations from "Drop connection" to "Ignore
packets up to 256kB". This affects CBC mode ciphers only.

Patch from OpenBSD.
 2009-06-29 22:52:13 +00:00
tteras a8d702d9b1 Fix a call to null pointer: in some cases, the unmonitor_fd can be called 
from another fd's callback. That could lead to still have callback pending
after unmonitoring the fd resulting in a call to null pointer.
This is fixed by making unmonitor_fd now clear the pending fd_set too.
Bug was introduced by my commit in 2008-12-23.
 2009-06-24 11:28:48 +00:00
christos f48c7833ea PR/41628: Jukka Salmi: OpenSSL's c_rehash can't find openssl binary 2009-06-23 14:08:02 +00:00