head 1.11; access; symbols pkgsrc-2013Q2:1.11.0.42 pkgsrc-2013Q2-base:1.11 pkgsrc-2012Q4:1.11.0.40 pkgsrc-2012Q4-base:1.11 pkgsrc-2011Q4:1.11.0.38 pkgsrc-2011Q4-base:1.11 pkgsrc-2011Q2:1.11.0.36 pkgsrc-2011Q2-base:1.11 pkgsrc-2009Q4:1.11.0.34 pkgsrc-2009Q4-base:1.11 pkgsrc-2008Q4:1.11.0.32 pkgsrc-2008Q4-base:1.11 pkgsrc-2008Q3:1.11.0.30 pkgsrc-2008Q3-base:1.11 cube-native-xorg:1.11.0.28 cube-native-xorg-base:1.11 pkgsrc-2008Q2:1.11.0.26 pkgsrc-2008Q2-base:1.11 pkgsrc-2008Q1:1.11.0.24 pkgsrc-2008Q1-base:1.11 pkgsrc-2007Q4:1.11.0.22 pkgsrc-2007Q4-base:1.11 pkgsrc-2007Q3:1.11.0.20 pkgsrc-2007Q3-base:1.11 pkgsrc-2007Q2:1.11.0.18 pkgsrc-2007Q2-base:1.11 pkgsrc-2007Q1:1.11.0.16 pkgsrc-2007Q1-base:1.11 pkgsrc-2006Q4:1.11.0.14 pkgsrc-2006Q4-base:1.11 pkgsrc-2006Q3:1.11.0.12 pkgsrc-2006Q3-base:1.11 pkgsrc-2006Q2:1.11.0.10 pkgsrc-2006Q2-base:1.11 pkgsrc-2006Q1:1.11.0.8 pkgsrc-2006Q1-base:1.11 pkgsrc-2005Q4:1.11.0.6 pkgsrc-2005Q4-base:1.11 pkgsrc-2005Q3:1.11.0.4 pkgsrc-2005Q3-base:1.11 pkgsrc-2005Q2:1.11.0.2 pkgsrc-2005Q2-base:1.11 pkgsrc-2005Q1:1.10.0.20 pkgsrc-2005Q1-base:1.10 pkgsrc-2004Q4:1.10.0.18 pkgsrc-2004Q4-base:1.10 pkgsrc-2004Q3:1.10.0.16 pkgsrc-2004Q3-base:1.10 pkgsrc-2004Q2:1.10.0.14 pkgsrc-2004Q2-base:1.10 pkgsrc-2004Q1:1.10.0.12 pkgsrc-2004Q1-base:1.10 pkgsrc-2003Q4:1.10.0.10 pkgsrc-2003Q4-base:1.10 netbsd-1-6-1:1.10.0.6 netbsd-1-6-1-base:1.10 netbsd-1-6:1.10.0.8 netbsd-1-6-RELEASE-base:1.10 pkgviews:1.10.0.4 pkgviews-base:1.10 buildlink2:1.10.0.2 buildlink2-base:1.10 netbsd-1-5-PATCH003:1.9; locks; strict; comment @# @; 1.11 date 2005.04.21.10.23.09; author itojun; state dead; branches; next 1.10; 1.10 date 2002.05.07.09.03.57; author itojun; state Exp; branches; next 1.9; 1.9 date 2001.08.02.12.44.18; author itojun; state Exp; branches; next 1.8; 1.8 date 2001.02.18.16.00.15; author itojun; state dead; branches; next 1.7; 1.7 date 2000.12.12.08.16.00; author itojun; state Exp; branches; next 1.6; 1.6 date 2000.11.06.09.00.47; author itojun; state dead; branches; next 1.5; 1.5 date 2000.11.06.08.52.09; author itojun; state Exp; branches; next 1.4; 1.4 date 2000.10.04.00.31.49; author itojun; state dead; branches; next 1.3; 1.3 date 2000.09.24.17.28.25; author itojun; state Exp; branches; next 1.2; 1.2 date 2000.09.12.12.51.28; author itojun; state dead; branches; next 1.1; 1.1 date 2000.08.04.00.25.06; author thorpej; state Exp; branches; next ; desc @@ 1.11 log @racoon development have stopped. use security/ipsec-tools. @ text @$NetBSD: patch-ae,v 1.10 2002/05/07 09:03:57 itojun Exp $ make it compile on 1.5.x --- ../libipsec/key_debug.c- Thu Aug 2 21:38:17 2001 +++ ../libipsec/key_debug.c Thu Aug 2 21:38:44 2001 @@@@ -392,9 +392,8 @@@@ printf("sadb_x_sa2{ mode=%u reqid=%u\n", sa2->sadb_x_sa2_mode, sa2->sadb_x_sa2_reqid); - printf(" reserved1=%u reserved2=%u sequence=%u }\n", - sa2->sadb_x_sa2_reserved1, sa2->sadb_x_sa2_reserved2, - sa2->sadb_x_sa2_sequence); + printf(" reserved1=%u reserved2=%u }\n", + sa2->sadb_x_sa2_reserved1, sa2->sadb_x_sa2_reserved2); return; } @ 1.10 log @fix arg to plogv(). @ text @d1 1 a1 1 $NetBSD: patch-ae,v 1.9 2001/08/02 12:44:18 itojun Exp $ @ 1.9 log @make it at least compile on netbsd151 systems. kernel API diffs should be wrapped by configure.in scripts, however, we don't use them for libipsec part. @ text @d1 3 a3 1 $NetBSD$ @ 1.8 log @upgrade: 20001211a -> 20010215a key changes: -B flag, DH shared secret length handling fix, logging level fix, gssapi support (not enabled, may not work on plain 1.5 due to issue in kerberos library) @ text @d1 1 a1 1 $NetBSD: patch-ae,v 1.7 2000/12/12 08:16:00 itojun Exp $ d3 3 a5 3 --- isakmp.c- Tue Dec 12 17:04:48 2000 +++ isakmp.c Tue Dec 12 17:04:52 2000 @@@@ -184,2 +184,3 @@@@ d7 7 a13 5 +#if 0 /*MSG_PEEK does not return total length*/ /* check bogus length */ @@@@ -196,2 +197,3 @@@@ } +#endif d15 2 @ 1.7 log @remove bogus bound-check. need revisit (DoS issue is not re-introduced). sync with kame @ text @d1 1 a1 1 $NetBSD$ @ 1.6 log @upgrade to 20001106a. - validate initial contact better. - more fine-grained control over pre-shared key configuration. - cert fixes. @ text @d1 1 a1 1 $NetBSD: patch-ae,v 1.5 2000/11/06 08:52:09 itojun Exp $ d3 3 a5 10 Index: random.c =================================================================== RCS file: /cvsroot/kame/kame/kame/kame/racoon/random.c,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- random.c 2000/10/06 13:11:39 1.4 +++ random.c 2000/11/06 08:43:17 1.5 @@@@ -60,6 +60,7 @@@@ long v; d7 5 a11 4 read(fd, &v, sizeof(v)); + v &= ((~0UL) >> 1); return v; } @ 1.5 log @do not return negative value from internal random() function. from shigeru@@iij.ad.jp. sync with KAME. @ text @d1 1 a1 1 $NetBSD$ @ 1.4 log @upgrade to 10/4 snapshot. - disable idea/rc5 in phase 1 by default - use official DOI # for AES (= rijndael) - be more careful about parsing variable-length packet content - have __attribute__((__packed__)), be friendly with align-picky arch (confirmed to be working on i386, sh3 and alpha) @ text @d1 1 a1 1 $NetBSD: patch-ae,v 1.3 2000/09/24 17:28:25 itojun Exp $ d3 1 a3 1 Index: session.c d5 8 a12 6 RCS file: /cvsroot/kame/kame/kame/kame/racoon/session.c,v retrieving revision 1.13 diff -u -r1.13 session.c --- session.c 2000/09/22 18:35:53 1.13 +++ session.c 2000/09/24 17:25:49 @@@@ -112,8 +112,10 @@@@ d14 3 a16 40 FD_ZERO(&mask0); +#ifdef ENABLE_ADMINPORT FD_SET(lcconf->sock_admin, &mask0); nfds = (nfds > lcconf->sock_admin ? nfds : lcconf->sock_admin); +#endif FD_SET(lcconf->sock_pfkey, &mask0); nfds = (nfds > lcconf->sock_pfkey ? nfds : lcconf->sock_pfkey); FD_SET(lcconf->rtsock, &mask0); @@@@ -157,8 +159,10 @@@@ /*NOTREACHED*/ } +#ifdef ENABLE_ADMINPORT if (FD_ISSET(lcconf->sock_admin, &rfds)) admin_handler(); +#endif for (p = lcconf->myaddrs; p; p = p->next) { if (!p->addr) @@@@ -185,9 +189,11 @@@@ FD_ZERO(&mask0); nfds = 0; +#ifdef ENABLE_ADMINPORT FD_SET(lcconf->sock_admin, &mask0); nfds = (nfds > lcconf->sock_admin ? nfds : lcconf->sock_admin); +#endif FD_SET(lcconf->sock_pfkey, &mask0); nfds = (nfds > lcconf->sock_pfkey ? nfds : lcconf->sock_pfkey); @@@@ -364,7 +370,9 @@@@ { isakmp_close(); pfkey_close(lcconf->sock_pfkey); +#ifdef ENABLE_ADMINPORT (void)admin_close(); +#endif return 0; @ 1.3 log @disable admin port better (KAME session.c 1.13 -> 1.14) @ text @d1 1 a1 1 $NetBSD$ @ 1.2 log @upgrade racoon to 2000/9/12. certificate improvements. bug fix in policy matching. make pfs/policy matching strictness configurable. other logs can be found at http://www.kame.net/dev/cvsweb.cgi/kame/CHANGELOG. @ text @d1 53 a53 37 $NetBSD: patch-ae,v 1.1 2000/08/04 00:25:06 thorpej Exp $ --- cfparse.y.orig Thu Aug 3 16:14:39 2000 +++ cfparse.y Thu Aug 3 16:19:14 2000 @@@@ -1107,6 +1107,7 @@@@ | ALGORITHM_CLASS ALGORITHMTYPE keylength EOS { int doi; + int defklen; doi = algtype2doi($1, $2); if (doi == -1) { @@@@ -1116,9 +1117,22 @@@@ switch ($1) { case algclass_isakmp_enc: prhead->spspec->algclass[algclass_isakmp_enc] = doi; - if (check_keylen($1, $2, $3) == -1) - return -1; - prhead->spspec->encklen = $3; + defklen = default_keylen($1, $2); + if (defklen == 0) { + if ($3) { + yyerror("keylen not allowed"); + return -1; + } + } else { + if ($3 && check_keylen($1, $2, $3) < 0) { + yyerror("invalid keylen %d", $3); + return -1; + } + } + if ($3) + prhead->spspec->encklen = $3; + else + prhead->spspec->encklen = defklen; break; case algclass_isakmp_hash: prhead->spspec->algclass[algclass_isakmp_hash] = doi; @ 1.1 log @Fix a bug where the parser would fail if a keylength was not explicitly specified in a Phase-1 proposal statement. Patch sent to sakane@@kame.net. @ text @d1 1 a1 1 $NetBSD$ @