src - OpenBSD base system

Age	Commit message (Collapse)	Author
2005-01-29	some knf and space killing, no binary change.	Hans-Joerg Hoexer

2005-01-29	Handle some pointers more carefully. From pat@ some while ago.	Hans-Joerg Hoexer
	ok ho@
2005-01-05	kill whitespace;	Jason McIntyre

2005-01-05	Discourage using aggressive mode.	Hans-Joerg Hoexer
	ok and some help ho@
2004-12-28	proper portable C; ok hshoexer	Theo de Raadt

2004-12-28	Correctly determine length of rsa key passed by the kernel to userland. Found	Hans-Joerg Hoexer
	and fix provided by Stefan Miltchev. Again, many thanks! Slightly different fix. ok ho@
2004-12-27	Fix broken pointer arithmetic when receiving a RSA key from the kernel. Found	Hans-Joerg Hoexer
	and fix provided by Stefan Miltchev. Thanks! ok otto@
2004-12-22	Fix parenthesis mismatch, from Stefan Miltchev. Thanks!	Hans-Joerg Hoexer
	While around, zap some spaces ok markus@
2004-12-14	Reword comment a bit for clarity. hshoexer@ ok.	Hakan Olsson

2004-12-14	Allow the Address, Network, or Netmask values of the <IPsec-ID> to be	Ryan Thomas McBride
	specified with an interface name (in which case the first address is used) or the keyword 'default' (in which case the address is selected based on the default route). eg: [roadwarrior-ip] ID-type= IPV4_ADDR Address= default ok ho@ hshoexer@
2004-12-13	make sure the isakmpd_s has id_r/s set; ok hshoexer, ho	Markus Friedl

2004-12-10	check msg->isakmp_sa != NULL before the transport gets updated; ok hshoexer	Markus Friedl

2004-12-08	1. allow up to DPD_RETRANS_MAX retransmitted R_U_THERE messages.	Markus Friedl
	2. reset dpd_failcount when switching to DPD_TIMER_NORMAL. 3. ignore DPD timeouts on SAs that are marked SA_FLAG_REPLACED. ok hshoexer, ho
2004-12-08	NAT/T: replace the isakmpd SA transport with the transport from the	Markus Friedl
	message (only during phase 1). this avoids DPD messages to the 'wrong' port. ok hshoexer
2004-12-06	RFC2409 mandates min and max nonce lengths. hshoexer@ ok.	Hakan Olsson

2004-11-29	Spell precede correctly.	Jonathan Gray
	'looks fine' millert@, krw@. ok jmc@
2004-11-18	use hash and not hmac to calculate NAT-D payloads. Also add NAT-D payload for	Hans-Joerg Hoexer
	the destination address first. Remove support for obsolete V1 NAT-T. This fixes interoperability problems with non-openbsd isakmpd implementations. "looks good" ho@, ok markus@ for hash/hmac testing by various people (thanks!)
2004-11-10	Use ${STATIC} rather than -static (dont hardcode). ok miod@	Dale Rahn

2004-11-08	rename char array realpath to pathreal to avoid naming conflict with	Hans-Joerg Hoexer
	realpath(3); makes lint a bit happier ok ho@
2004-11-08	more monitor cleanup:	Hans-Joerg Hoexer
	remove dead code, some debug messages, prototype monitor_close() to void. ok ho@
2004-11-08	no const for sysdep_sa_len (not yet), slipped in during previous commit...	Hans-Joerg Hoexer

2004-11-08	monitor cleanup: honor const, added missing inlcude, missing typecast (makes	Hans-Joerg Hoexer
	lint happy) ok ho@
2004-11-08	make lint happy and honor const.	Hans-Joerg Hoexer
	ok ho@
2004-10-20	fix potential memleaks & small cleanup. found by patrick latifi, thanks!	Hans-Joerg Hoexer
	ok ho
2004-10-08	pull in some changes from libc arc4random (only relevant for non-OpenBSD	Hans-Joerg Hoexer
	systems): ansify, discard first 256 output bytes, make key schedule more arc4 stream ciper like. ok djm ho
2004-10-01	add some missing $, ok djm@ 'That looks fine to me' millert@	Jonathan Gray

2004-09-24	Don't process NAT-T keepalives. Noted by Kamel Messaoudi. hshoexer@ ok	Hakan Olsson

2004-09-20	compile cleanly with -Wsign-compare	Hans-Joerg Hoexer
	ok ho
2004-09-20	Remove __func__	Hans-Joerg Hoexer
	ok ho deraadt
2004-09-17	avoid signal race.	Hans-Joerg Hoexer
	ok ho@ otto@
2004-09-17	Missing #ifdefs.	Hakan Olsson

2004-09-17	#include <stdlib.h> for srandom().	Hakan Olsson

2004-09-17	Permit next payload type NAT-OA. Noted by Kamel Messaoudi.	Hakan Olsson

2004-08-23	We need to set sa->initiator before checking if the newly created SA	Hakan Olsson
	replaces an old one, or the id_i/id_r check will mismatch. Previous behaviour was mostly harmless, but wasted some resources (until normal SA expiration). hshoexer@ "haven't tried, but think it's ok"
2004-08-23	Default enable DPD (Dead Peer Detection) support. hshoexer@ ok	Hakan Olsson

2004-08-23	Indent nit.	Hakan Olsson

2004-08-17	check for msg->isakmpg_sa being NULL before referencing	Hans-Joerg Hoexer
	ok ho@
2004-08-14	When using -K (keynote disabled), check peers' proposal against isakmpd.conf.	Hans-Joerg Hoexer
	ok ho@ henning@
2004-08-13	extra check for no message case; ok markus, deraadt, hshoexer, henning	Damien Miller

2004-08-12	Fix compiler warning on alpha.	Hans-Joerg Hoexer
	Noted by and ok ho@
2004-08-12	Avoid memleak on error (Linux/KAME). Found by Benjamin Pineau.	Hakan Olsson

2004-08-10	spacing	Theo de Raadt

2004-08-10	Better implementation of the Dead Peer Detection protocol, RFC 3706.	Hakan Olsson
	hshoexer@ ok.
2004-08-10	Linux has AES (and DES). From Benjamin Pineau.	Hakan Olsson

2004-08-10	If opening /dev/arandom fails, try /dev/random. Suggested by Benjamin Pineau.	Hakan Olsson

2004-08-08	spacing	Theo de Raadt

2004-08-03	Rewrite the transport reference count code to avoid leaks.	Hakan Olsson
	hshoexer@ ok.
2004-08-02	Do not expire unestablished phase 2 SAs on SIGHUP.	Hans-Joerg Hoexer
	ok ho@
2004-08-02	Missed to add virtual.c here. Noted by Benjamin Pineau.	Hakan Olsson

2004-07-30	Style.	Hakan Olsson