Commit Graph

1622 Commits

Author SHA1 Message Date
vanhu
a3d9e80f96 fixed address check in rmconf_match_type(), just check address with wildcard port 2009-08-19 13:54:07 +00:00
tteras
95f3bd08bb Have an enum for rmconf_match_type() return values to make the code a bit
more readable.
2009-08-19 12:20:02 +00:00
vanhu
e2ffc89458 typo: algoritym -> algorithm 2009-08-18 08:21:12 +00:00
dyoung
40ca2d34bc Delete trailing whitespace. 2009-08-17 22:58:28 +00:00
vanhu
eb15fbb554 do not use SADB_X_NAT_T_NEW_MAPPING to check system support for NAT-T, as at least FreeBSD doesn't have this define anymore 2009-08-17 13:52:14 +00:00
vanhu
82dd0659f2 include stddef.h so we have a chance to get the system offsetof if present 2009-08-17 12:00:53 +00:00
vanhu
c2c64af1e8 removed a self include 2009-08-17 11:59:10 +00:00
christos
13492ada53 This code is really broken. It allocates struct sockaddr on the stack
and expects to work with IPV6. Tell the hints that we only want IPV4
for now, so that we don't try to bind to an IPV6 address as returned
by getaddrinfo, and then we bash in V4 in the family!
jeez
2009-08-15 01:25:54 +00:00
christos
e70d1f0896 don't try to free a buffer that came from the arguments, make a copy instead.
This can happen if we specify --port
2009-08-15 01:03:03 +00:00
vanhu
0667dd70bd fixed a potential DoS in oakley_do_decrypt(), reported by Orange Labs 2009-08-13 09:18:28 +00:00
tteras
ea830abf58 Don't print EAGAIN error from pfkey_handler(), it can occur normally
under some code paths and is not a hard error in any case.
2009-08-10 08:22:13 +00:00
tteras
c2919dd501 From Paul Wenau: Check fgets return value in setkey to make gcc happy. 2009-08-06 04:44:43 +00:00
christos
bb8cb2851b resolve conflicts 2009-08-05 18:38:21 +00:00
christos
86adef1b84 import 20090805 snapshot. 2009-08-05 18:31:57 +00:00
tteras
4180506456 From Paul Wernau: Fix transport mode per-port security associations that
got broke during NAT-T fixes.
2009-08-05 13:16:01 +00:00
joerg
15895248c1 Use OpenSSL's SHA256 support directly. 2009-08-03 20:56:25 +00:00
mrg
03f1126058 set SSHDIST to the new location. HI CHRISTOS! 2009-07-21 00:47:23 +00:00
christos
e97383ebc1 Don't lets this linger around forever. Causes hidden bugs. 2009-07-20 22:55:47 +00:00
christos
d7ed66ca45 make tests compile! 2009-07-20 20:41:05 +00:00
christos
71cfba1556 ssh has moved (a long time ago) 2009-07-20 17:39:01 +00:00
christos
75efea6592 bump libcrypto and friends; OpenSSL abi change: do_cipher last argument
changed from u_int to size_t. Affects _LP64 only.
2009-07-20 17:30:52 +00:00
christos
35bdca4d17 use the proper libcrypto 2009-07-20 15:48:16 +00:00
christos
58e8878cb5 use the proper libcrypto 2009-07-20 15:43:51 +00:00
christos
9610bc301c make sha256/512 binary compatible with the libc version which we now use. 2009-07-20 15:34:49 +00:00
christos
c9c3cfbcf5 catch up with openssl's abi change. do_cipher length changed from u_int to
size_t.
2009-07-20 15:33:44 +00:00
christos
22505a154a add openssl 2009-07-19 23:44:20 +00:00
christos
e3aebf9996 new openssl 2009-07-19 23:43:46 +00:00
christos
2e69c03e37 openssl moved 2009-07-19 23:34:00 +00:00
christos
75534b786a Add one more generated file and install in /usr/bin 2009-07-19 23:33:34 +00:00
christos
49d46fa3c8 - add build glue
- apply our changes
2009-07-19 23:30:37 +00:00
christos
a89c9211e5 import new openssl snapshot 2009-07-19 23:01:17 +00:00
apb
87c0c2be33 Add missing va_start before varargs processing.
Part of PR 41255 from Kurt Lidl.
2009-07-14 20:54:25 +00:00
tteras
aab4a00722 From Arnaud Ebalard: Fix possible usage of uninitialized local variable
(not sure if any code path triggers this, but this makes compiler happy).
2009-07-07 12:25:22 +00:00
agc
51e16c73a5 Move the null file checks for sign/verify/encrypt/decrypt down into the
library itself. Update the regression test script to add some tests.
2009-07-07 01:13:07 +00:00
agc
1eddadf4f7 Add two more items to the TODO list 2009-07-07 01:12:06 +00:00
spz
1513d3badc fix break for non-64bit systems due to non-applying macro resp variable
having crept in with the last patch.
ok martin, compile tested mbalmer and martin
2009-07-05 11:35:53 +00:00
tonnerre
a75354f443 Fix various vulnerabilities in OpenSSL which have not previously been
addressed: CVE-2009-1377, CVE-2009-1378, CVE-2009-1379, CVE-2009-1386
and CVE-2009-1387.

Changes deal mostly with size checking of various elements and fixes
to various error paths.
2009-07-04 19:52:10 +00:00
tteras
3d0db58d61 Get rid of the evil CMPSADDR macro. Trac #295. 2009-07-03 06:41:46 +00:00
tteras
edd4f79009 From Yvan Vanhullebus: Use SADB_X_EXT_NAT_T_* consistently for passing the
NAT-T port information. This might break compatibility with some kernels,
but as discussed this is the proper way to pass NAT-T ports and the broken
kernels need to be fixed.
2009-07-03 06:40:10 +00:00
agc
0ff3383f59 Check that a filename has been given, where one has required. Fixes a bug
reported by Mark Kirby.
2009-06-30 18:54:20 +00:00
tonnerre
f7384c4a6a Add special handling for CBC cipher modes to make them appear less favorable
than CTR modes. Also, in order to avoid creating oracles unnecessarily,
change behavior in various situations from "Drop connection" to "Ignore
packets up to 256kB". This affects CBC mode ciphers only.

Patch from OpenBSD.
2009-06-29 22:52:13 +00:00
tteras
a8d702d9b1 Fix a call to null pointer: in some cases, the unmonitor_fd can be called
from another fd's callback. That could lead to still have callback pending
after unmonitoring the fd resulting in a call to null pointer.
This is fixed by making unmonitor_fd now clear the pending fd_set too.
Bug was introduced by my commit in 2008-12-23.
2009-06-24 11:28:48 +00:00
christos
f48c7833ea PR/41628: Jukka Salmi: OpenSSL's c_rehash can't find openssl binary 2009-06-23 14:08:02 +00:00
martin
14c9b3749d Actually use the new (non-shortcut) functions for SHA224 2009-06-16 11:15:29 +00:00
joerg
a44a031cb3 Don't take short cuts and use the SHA224 functions to compute SHA224.
At least for Final it makes a difference in some situation.
2009-06-14 14:18:35 +00:00
agc
f72138f83a Don't complain if $HOME/.gnupg does not exist (and using --homedir).
Don't require a userid to be set in the gpg.conf file - it can be set
on the command line when it's needed (for signing and encryption, the
other operations in netpgp(1) will take the userid from the
signed/encrypted file).

Add tests for the lack of a default userid in the config file.
2009-06-13 05:25:08 +00:00
agc
d1923dbd04 add 3 more niggles (from Luke)
check whether a callback function is needed
2009-06-12 04:12:25 +00:00
agc
b655c49f3f Update to version 1.99.12
CHANGES 1.99.11 -> 1.99.12

+ only prompt for the passphrase for the secret key if the secret key is
  protected by a passphrase
+ portability fix for Mac OS X
2009-06-11 17:05:17 +00:00
agc
6808773a84 Remove workaround not needed any more. 2009-06-11 06:45:11 +00:00
agc
7478ab55e5 + only prompt for the passphrase for the secret key if the secret key is
protected by a passphrase
2009-06-11 04:57:51 +00:00