![[BACK]](/icons/back.gif){kind=icon}
Up to [local] / src / sbin / isakmpd
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.27 / (download) - annotate - [select for diffs], Fri Mar 31 07:28:46 2023 UTC (14 months, 1 week ago) by tb
Branch: MAIN
CVS Tags: OPENBSD_7_5_BASE,
OPENBSD_7_5,
OPENBSD_7_4_BASE,
OPENBSD_7_4,
HEAD
Changes since 1.26: +5 -1 lines
Diff to previous 1.26 (colored)
Guard use of GROUP_EC2N with #ifndef OPENSSL_NO_EC2M This allows compiling isakmpd with a libcrypto that has binary field support removed. Leave the enum value itself unguarded on claudio's request. ok beck claudio jsing
Revision 1.26 / (download) - annotate - [select for diffs], Tue Mar 28 16:32:42 2023 UTC (14 months, 1 week ago) by tb
Branch: MAIN
Changes since 1.25: +2 -4 lines
Diff to previous 1.25 (colored)
Avoid double free in isakmpd In the unlikely event that EC_KEY_check_key() in ec_init() fails, group->ec would be freed first in ec_init() then in group_free(). Same problem was fixed in iked/dh.c r1.31 (where it originally came from). ok jsg mbuhl
Revision 1.25 / (download) - annotate - [select for diffs], Fri Jan 14 09:19:19 2022 UTC (2 years, 4 months ago) by tb
Branch: MAIN
CVS Tags: OPENBSD_7_3_BASE,
OPENBSD_7_3,
OPENBSD_7_2_BASE,
OPENBSD_7_2,
OPENBSD_7_1_BASE,
OPENBSD_7_1
Changes since 1.24: +2 -2 lines
Diff to previous 1.24 (colored)
isakmpd: convert modp to opaque DH
Revision 1.24 / (download) - annotate - [select for diffs], Tue Nov 30 18:12:44 2021 UTC (2 years, 6 months ago) by tb
Branch: MAIN
Changes since 1.23: +13 -3 lines
Diff to previous 1.23 (colored)
isakmpd: convert modp_init() for opaque DH. ok jsing
Revision 1.23 / (download) - annotate - [select for diffs], Mon Nov 29 06:42:13 2021 UTC (2 years, 6 months ago) by deraadt
Branch: MAIN
Changes since 1.22: +3 -2 lines
Diff to previous 1.22 (colored)
the code in this file has reason to include any sys/*.h header files, let alone sys/param.h, which it uses to get roundup(). make a local copy of the macro, and call it a day.
Revision 1.22 / (download) - annotate - [select for diffs], Thu May 13 14:28:03 2021 UTC (3 years ago) by tb
Branch: MAIN
CVS Tags: OPENBSD_7_0_BASE,
OPENBSD_7_0
Changes since 1.21: +5 -21 lines
Diff to previous 1.21 (colored)
Use field independent versions of {get,set}_coordinates()
ok tobhe
Revision 1.21 / (download) - annotate - [select for diffs], Wed Nov 8 13:33:49 2017 UTC (6 years, 7 months ago) by patrick
Branch: MAIN
CVS Tags: OPENBSD_6_9_BASE,
OPENBSD_6_9,
OPENBSD_6_8_BASE,
OPENBSD_6_8,
OPENBSD_6_7_BASE,
OPENBSD_6_7,
OPENBSD_6_6_BASE,
OPENBSD_6_6,
OPENBSD_6_5_BASE,
OPENBSD_6_5,
OPENBSD_6_4_BASE,
OPENBSD_6_4,
OPENBSD_6_3_BASE,
OPENBSD_6_3
Changes since 1.20: +51 -11 lines
Diff to previous 1.20 (colored)
In the final RFC 5903 the computation for the DH shared secret changed. Instead of the full point, only the X point is included. The member g_xy is always the shared secret but so far its buffer has been allocated using the size of the public points. Since this is a different size now, as the shared secret for EC Groups should only store the x point, we need another member to specify the length of g_xy. Since this is a backwards incompatible change older isakmpds won't be able to negotiate if you use EC groups. Bump the version of our own vendor tag so peers can try to keep compatibility based on the presen- ted tag. This could be used to implement backwards compatibility to older isakmpds. Prompted by and ok mpi@
Revision 1.20 / (download) - annotate - [select for diffs], Wed Jan 4 12:31:01 2017 UTC (7 years, 5 months ago) by mikeb
Branch: MAIN
CVS Tags: OPENBSD_6_2_BASE,
OPENBSD_6_2,
OPENBSD_6_1_BASE,
OPENBSD_6_1
Changes since 1.19: +1 -63 lines
Diff to previous 1.19 (colored)
Remove modular exponential groups specified in RFC5114 Brought up by doug@, ok reyk, djm, doug
Revision 1.19 / (download) - annotate - [select for diffs], Fri Jan 16 06:39:58 2015 UTC (9 years, 4 months ago) by deraadt
Branch: MAIN
CVS Tags: OPENBSD_6_0_BASE,
OPENBSD_6_0,
OPENBSD_5_9_BASE,
OPENBSD_5_9,
OPENBSD_5_8_BASE,
OPENBSD_5_8,
OPENBSD_5_7_BASE,
OPENBSD_5_7
Changes since 1.18: +2 -2 lines
Diff to previous 1.18 (colored)
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
Revision 1.18 / (download) - annotate - [select for diffs], Sun Oct 12 15:57:00 2014 UTC (9 years, 7 months ago) by jsg
Branch: MAIN
Changes since 1.17: +2 -2 lines
Diff to previous 1.17 (colored)
DH_compute_key() returns -1 on error but this was not handled by testing the result with a negation. Ralf Horstmann discovered iked would segfault when connecting from Strongswan on Android because of this and supplied the patch to fix the problem. ok reyk@
Revision 1.17 / (download) - annotate - [select for diffs], Mon Aug 25 14:42:23 2014 UTC (9 years, 9 months ago) by reyk
Branch: MAIN
Changes since 1.16: +37 -5 lines
Diff to previous 1.16 (colored)
Sync dh.[ch] from iked. The files are identical, so any change in either iked or isakmpd should be synced to the other daemon. The previous changes from iked include: plug two memory leaks, verify EC points and add the Brainpool curves. All tests in regress/sbin/isakmpd/dh passed OKAY. ok markus@ mikeb@
Revision 1.16 / (download) - annotate - [select for diffs], Fri Jul 11 10:01:00 2014 UTC (9 years, 11 months ago) by jsg
Branch: MAIN
CVS Tags: OPENBSD_5_6_BASE,
OPENBSD_5_6
Changes since 1.15: +2 -1 lines
Diff to previous 1.15 (colored)
add additional includes required to build with -DOPENSSL_NO_DEPRECATED
Revision 1.15 / (download) - annotate - [select for diffs], Mon Jun 4 09:14:29 2012 UTC (12 years ago) by mikeb
Branch: MAIN
CVS Tags: OPENBSD_5_5_BASE,
OPENBSD_5_5,
OPENBSD_5_4_BASE,
OPENBSD_5_4,
OPENBSD_5_3_BASE,
OPENBSD_5_3,
OPENBSD_5_2_BASE,
OPENBSD_5_2
Changes since 1.14: +10 -4 lines
Diff to previous 1.14 (colored)
Rounding up a number of bytes in a bignum returned by the BN_num_bytes() has implications when dealing with leading zeroes. Prevent an incorrect conversion of the EC point to the binary representation by inferring the X and Y components' lengths from the EC group length and zeroing out the appropriate chunks of the target buffer. From hshoexer@
Revision 1.12.2.1 / (download) - annotate - [select for diffs], Thu Jul 14 14:43:22 2011 UTC (12 years, 10 months ago) by otto
Branch: OPENBSD_4_8
Changes since 1.12: +22 -5 lines
Diff to previous 1.12 (colored) next main 1.13 (colored)
MFC fix for isakmpd intermittent failure to rekey correctly. ok sthen@ -/------------------------ revision 1.14 date: 2011/06/15 10:35:47; author: mikeb; state: Exp; lines: +22 -4 When BN_bn2bin converts a bignum to the binary representation it skips leading zeroes if there are any. To accommodate the difference with the protocol we need to prepend those zeroes ourselves. Fixes PR 6601, tested by Pawel Wieleba, sthen, otto. Huge thanks to Pawel for spending nearly a week testing diffs. ok sthen -/------------------------
Revision 1.13.2.1 / (download) - annotate - [select for diffs], Fri Jul 8 23:40:21 2011 UTC (12 years, 11 months ago) by sthen
Branch: OPENBSD_4_9
Changes since 1.13: +22 -4 lines
Diff to previous 1.13 (colored) next main 1.14 (colored)
MFC fix for isakmpd intermittent failure to rekey correctly. -/------------------------ revision 1.14 date: 2011/06/15 10:35:47; author: mikeb; state: Exp; lines: +22 -4 When BN_bn2bin converts a bignum to the binary representation it skips leading zeroes if there are any. To accommodate the difference with the protocol we need to prepend those zeroes ourselves. Fixes PR 6601, tested by Pawel Wieleba, sthen, otto. Huge thanks to Pawel for spending nearly a week testing diffs. ok sthen -/------------------------
Revision 1.14 / (download) - annotate - [select for diffs], Wed Jun 15 10:35:47 2011 UTC (12 years, 11 months ago) by mikeb
Branch: MAIN
CVS Tags: OPENBSD_5_1_BASE,
OPENBSD_5_1,
OPENBSD_5_0_BASE,
OPENBSD_5_0
Changes since 1.13: +22 -4 lines
Diff to previous 1.13 (colored)
When BN_bn2bin converts a bignum to the binary representation it skips leading zeroes if there are any. To accommodate the difference with the protocol we need to prepend those zeroes ourselves. Fixes PR 6601, tested by Pawel Wieleba, sthen, otto. Huge thanks to Pawel for spending nearly a week testing diffs. ok sthen
Revision 1.13 / (download) - annotate - [select for diffs], Mon Nov 29 22:49:26 2010 UTC (13 years, 6 months ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_4_9_BASE
Branch point for: OPENBSD_4_9
Changes since 1.12: +1 -4 lines
Diff to previous 1.12 (colored)
make key exchange faster by not checking the predefined groups with DH_check() ok mikeb@, djm@
Revision 1.12 / (download) - annotate - [select for diffs], Tue Jun 29 19:50:16 2010 UTC (13 years, 11 months ago) by reyk
Branch: MAIN
CVS Tags: OPENBSD_4_8_BASE
Branch point for: OPENBSD_4_8
Changes since 1.11: +573 -59 lines
Diff to previous 1.11 (colored)
Replace the hand-crafted Diffie-Hellman implementation in isakmpd with the smaller implementation from iked that is using libcrypto instead. This allows to remove a lot of code (which is always good), get rid of some custom crypto code by using libcrypto, theoretically adds support for many new MODP and EC2N/ECP modes (but it is not configurable yet), and allows to share the dh.c/dh.h code in different codebases (it is identical in isakmpd and iked, but could also be used elsewhere). ok deraadt@
Revision 1.11 / (download) - annotate - [select for diffs], Thu May 4 14:37:51 2006 UTC (18 years, 1 month ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_4_7_BASE,
OPENBSD_4_7,
OPENBSD_4_6_BASE,
OPENBSD_4_6,
OPENBSD_4_5_BASE,
OPENBSD_4_5,
OPENBSD_4_4_BASE,
OPENBSD_4_4,
OPENBSD_4_3_BASE,
OPENBSD_4_3,
OPENBSD_4_2_BASE,
OPENBSD_4_2,
OPENBSD_4_1_BASE,
OPENBSD_4_1,
OPENBSD_4_0_BASE,
OPENBSD_4_0
Changes since 1.10: +5 -1 lines
Diff to previous 1.10 (colored)
check for degenerate Diffie-Hellman public exponents; ok markus@ hshoexer@ deraadt@
Revision 1.10 / (download) - annotate - [select for diffs], Fri Apr 8 22:32:09 2005 UTC (19 years, 2 months ago) by cloder
Branch: MAIN
CVS Tags: OPENBSD_3_9_BASE,
OPENBSD_3_9,
OPENBSD_3_8_BASE,
OPENBSD_3_8
Changes since 1.9: +1 -3 lines
Diff to previous 1.9 (colored)
Make deterministic randomness (only ever used for testing) a compile-time option. Reduces chances of somehow setting regrand when it's not supposed to be set. Remove "-r" option from man page. Also xref certpatch(8) while we are in there. And remove some include sysdep.h where it is no longer needed. OK hshoexer
Revision 1.9 / (download) - annotate - [select for diffs], Thu Apr 15 18:39:25 2004 UTC (20 years, 1 month ago) by deraadt
Branch: MAIN
CVS Tags: OPENBSD_3_7_BASE,
OPENBSD_3_7,
OPENBSD_3_6_BASE,
OPENBSD_3_6
Changes since 1.8: +18 -18 lines
Diff to previous 1.8 (colored)
partial move to KNF. More to come. This has happened because there are a raft of source code auditors who are willing to help improve this code only if this is done, and hey, isakmpd does need our standard auditing process. ok ho hshoexer
Revision 1.8 / (download) - annotate - [select for diffs], Tue Jun 3 14:28:16 2003 UTC (21 years ago) by ho
Branch: MAIN
CVS Tags: OPENBSD_3_5_BASE,
OPENBSD_3_5,
OPENBSD_3_4_BASE,
OPENBSD_3_4
Changes since 1.7: +1 -6 lines
Diff to previous 1.7 (colored)
Remove clauses 3 and 4. With approval from Niklas Hallqvist and Niels Provos.
Revision 1.7 / (download) - annotate - [select for diffs], Sun Jun 9 08:13:06 2002 UTC (22 years ago) by todd
Branch: MAIN
CVS Tags: OPENBSD_3_3_BASE,
OPENBSD_3_3,
OPENBSD_3_2_BASE,
OPENBSD_3_2
Changes since 1.6: +2 -2 lines
Diff to previous 1.6 (colored)
rm trailing whitespace
Revision 1.5.6.1 / (download) - annotate - [select for diffs], Tue May 8 12:45:22 2001 UTC (23 years, 1 month ago) by ho
Branch: OPENBSD_2_8
Changes since 1.5: +2 -2 lines
Diff to previous 1.5 (colored) next main 1.6 (colored)
Pull in isakmpd from 2.9 to 2.8 branch.
Revision 1.6 / (download) - annotate - [select for diffs], Mon Apr 9 22:09:51 2001 UTC (23 years, 2 months ago) by ho
Branch: MAIN
CVS Tags: OPENBSD_3_1_BASE,
OPENBSD_3_1,
OPENBSD_3_0_BASE,
OPENBSD_3_0,
OPENBSD_2_9_BASE,
OPENBSD_2_9
Changes since 1.5: +2 -2 lines
Diff to previous 1.5 (colored)
More style fixes...
Revision 1.5 / (download) - annotate - [select for diffs], Mon Apr 19 20:00:24 1999 UTC (25 years, 1 month ago) by niklas
Branch: MAIN
CVS Tags: OPENBSD_2_8_BASE,
OPENBSD_2_7_BASE,
OPENBSD_2_7,
OPENBSD_2_6_BASE,
OPENBSD_2_6
Branch point for: OPENBSD_2_8
Changes since 1.4: +15 -10 lines
Diff to previous 1.4 (colored)
./cookie.c: Merge with EOM 1.20 ./dh.c: Merge with EOM 1.5 ./hash.c: Merge with EOM 1.10 ./math_group.h: Merge with EOM 1.7 Style. alloc error reporting. Math error propagation. Allocate right sizes. 1999 copyrights
Revision 1.4 / (download) - annotate - [select for diffs], Fri Feb 26 03:36:07 1999 UTC (25 years, 3 months ago) by niklas
Branch: MAIN
CVS Tags: OPENBSD_2_5_BASE,
OPENBSD_2_5
Changes since 1.3: +4 -2 lines
Diff to previous 1.3 (colored)
Merge from the Ericsson repository | revision 1.3 | date: 1999/02/25 11:38:51; author: niklas; state: Exp; lines: +3 -1 | include sysdep.h everywhere | ----------------------------
Revision 1.3 / (download) - annotate - [select for diffs], Tue Nov 17 11:10:09 1998 UTC (25 years, 6 months ago) by niklas
Branch: MAIN
Changes since 1.2: +2 -1 lines
Diff to previous 1.2 (colored)
Add RCS Ids from the EOM repository
Revision 1.2 / (download) - annotate - [select for diffs], Sun Nov 15 00:43:52 1998 UTC (25 years, 7 months ago) by niklas
Branch: MAIN
Changes since 1.1: +1 -1 lines
Diff to previous 1.1 (colored)
openBSD RCS IDs
Revision 1.1.1.1 / (download) - annotate - [select for diffs] (vendor branch), Sun Nov 15 00:03:48 1998 UTC (25 years, 7 months ago) by niklas
Branch: NIKLAS
CVS Tags: NIKLAS_981114
Changes since 1.1: +0 -0 lines
Diff to previous 1.1 (colored)
Initial import of isakmpd, an IKE (ISAKMP/Oakley) implementation for the OpenBSD IPSEC stack by me, Niklas Hallqvist and Niels Provos, funded by Ericsson Radio Systems. It is not yet complete or usable in a real scenario but the missing pieces will soon be there. The early commit is for people who wants early access and who are not afraid of looking at source. isakmpd interops with Cisco, Timestep, SSH & Pluto (Linux FreeS/WAN) so far, so it is not that incomplete. It is really mostly configuration that is lacking.
Revision 1.1 / (download) - annotate - [select for diffs], Sun Nov 15 00:03:48 1998 UTC (25 years, 7 months ago) by niklas
Branch: MAIN
Initial revision